diff --git a/.gitignore b/.gitignore
index b294eef291d0ffa785dbbe790b46a7e1aa972bb5..91cd283077d6620f992b28c1ca75fa3fbd95946d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
-apparmor-*
+apparmor-
cscope.*
binutils/aa-enabled
binutils/aa-enabled.1
@@ -6,15 +6,29 @@ binutils/aa-exec
binutils/aa-exec.1
binutils/aa-features-abi
binutils/aa-features-abi.1
+binutils/aa-load
+binutils/aa-load.8
binutils/aa-status
binutils/aa-status.8
binutils/cJSON.o
binutils/po/*.mo
+changehat/mod_apparmor/.libs
+changehat/mod_apparmor/mod_apparmor.8
+changehat/mod_apparmor/mod_apparmor.8.html
+changehat/mod_apparmor/mod_apparmor.la
+changehat/mod_apparmor/mod_apparmor.lo
+changehat/mod_apparmor/mod_apparmor.slo
+changehat/mod_apparmor/mod_apparmor.so
+changehat/mod_apparmor/pod2htmd.tmp
+changehat/pam_apparmor/get_options.o
+changehat/pam_apparmor/pam_apparmor.o
+changehat/pam_apparmor/pam_apparmor.so
parser/po/*.mo
parser/af_names.h
parser/cap_names.h
parser/generated_cap_names.h
parser/generated_af_names.h
+parser/errnos.h
parser/tst_lib
parser/tst_misc
parser/tst_regex
@@ -26,38 +40,9 @@ parser/parser_version.h
parser/parser_yacc.c
parser/parser_yacc.h
parser/pod2htm*.tmp
-parser/af_rule.o
-parser/af_unix.o
-parser/common_optarg.o
-parser/dbus.o
-parser/default_features.o
-parser/lib.o
-parser/libapparmor_re/aare_rules.o
-parser/libapparmor_re/chfa.o
-parser/libapparmor_re/expr-tree.o
-parser/libapparmor_re/hfa.o
+parser/libapparmor_re/*.o
parser/libapparmor_re/libapparmor_re.a
-parser/libapparmor_re/parse.o
-parser/mount.o
-parser/network.o
-parser/parser_alias.o
-parser/parser_common.o
-parser/parser_include.o
-parser/parser_interface.o
-parser/parser_lex.o
-parser/parser_main.o
-parser/parser_merge.o
-parser/parser_misc.o
-parser/parser_policy.o
-parser/parser_regex.o
-parser/parser_symtab.o
-parser/parser_variable.o
-parser/parser_yacc.o
-parser/policy_cache.o
-parser/profile.o
-parser/ptrace.o
-parser/rule.o
-parser/signal.o
+parser/*.o
parser/*.7
parser/*.5
parser/*.8
@@ -136,6 +121,18 @@ libraries/libapparmor/src/tst_aalogmisc
libraries/libapparmor/src/tst_aalogmisc.log
libraries/libapparmor/src/tst_aalogmisc.o
libraries/libapparmor/src/tst_aalogmisc.trs
+libraries/libapparmor/src/tst_aalogparse_cpp
+libraries/libapparmor/src/tst_aalogparse_cpp.log
+libraries/libapparmor/src/tst_aalogparse_cpp.o
+libraries/libapparmor/src/tst_aalogparse_cpp.trs
+libraries/libapparmor/src/tst_aalogparse_reentrancy
+libraries/libapparmor/src/tst_aalogparse_reentrancy.log
+libraries/libapparmor/src/tst_aalogparse_reentrancy.o
+libraries/libapparmor/src/tst_aalogparse_reentrancy.trs
+libraries/libapparmor/src/tst_aalogparse_oldname
+libraries/libapparmor/src/tst_aalogparse_oldname.log
+libraries/libapparmor/src/tst_aalogparse_oldname.o
+libraries/libapparmor/src/tst_aalogparse_oldname.trs
libraries/libapparmor/src/tst_features
libraries/libapparmor/src/tst_features.log
libraries/libapparmor/src/tst_features.o
@@ -196,7 +193,6 @@ libraries/libapparmor/testsuite/libaalogparse.test/Makefile
libraries/libapparmor/testsuite/libaalogparse.test/Makefile.in
libraries/libapparmor/testsuite/test_multi/out
libraries/libapparmor/testsuite/test_multi_multi-test_multi.o
-changehat/mod_apparmor/.libs
utils/*.8
utils/*.8.html
utils/*.5
@@ -207,6 +203,7 @@ utils/apparmor/*.pyc
utils/apparmor/rule/*.pyc
utils/apparmor.egg-info/
utils/build/
+!utils/emacs/apparmor-mode.el
utils/htmlcov/
utils/test/common_test.pyc
utils/test/.coverage
@@ -235,6 +232,7 @@ tests/regression/apparmor/chgrp
tests/regression/apparmor/chmod
tests/regression/apparmor/chown
tests/regression/apparmor/clone
+tests/regression/apparmor/complain
tests/regression/apparmor/dbus_eavesdrop
tests/regression/apparmor/dbus_message
tests/regression/apparmor/dbus_service
@@ -253,17 +251,23 @@ tests/regression/apparmor/fd_inheritance
tests/regression/apparmor/fd_inheritor
tests/regression/apparmor/fork
tests/regression/apparmor/introspect
+tests/regression/apparmor/io_uring
tests/regression/apparmor/link
tests/regression/apparmor/link_subset
tests/regression/apparmor/mkdir
tests/regression/apparmor/mmap
tests/regression/apparmor/mount
+tests/regression/apparmor/move_mount
tests/regression/apparmor/named_pipe
+tests/regression/apparmor/net_inet_rcv
+tests/regression/apparmor/net_inet_snd
tests/regression/apparmor/net_raw
tests/regression/apparmor/open
tests/regression/apparmor/openat
tests/regression/apparmor/pipe
tests/regression/apparmor/pivot_root
+tests/regression/apparmor/posix_mq_rcv
+tests/regression/apparmor/posix_mq_snd
tests/regression/apparmor/ptrace
tests/regression/apparmor/ptrace_helper
tests/regression/apparmor/pwrite
@@ -287,6 +291,8 @@ tests/regression/apparmor/syscall_setpriority
tests/regression/apparmor/syscall_setscheduler
tests/regression/apparmor/syscall_sysctl
tests/regression/apparmor/sysctl_proc
+tests/regression/apparmor/sysv_mq_rcv
+tests/regression/apparmor/sysv_mq_snd
tests/regression/apparmor/tcp
tests/regression/apparmor/transition
tests/regression/apparmor/unix_fd_client
@@ -294,9 +300,23 @@ tests/regression/apparmor/unix_fd_server
tests/regression/apparmor/unix_socket
tests/regression/apparmor/unix_socket_client
tests/regression/apparmor/unlink
+tests/regression/apparmor/userns
+tests/regression/apparmor/userns_setns
tests/regression/apparmor/uservars.inc
tests/regression/apparmor/xattrs
tests/regression/apparmor/xattrs_profile
tests/regression/apparmor/coredump
**/__pycache__/
*.orig
+
+# Patterns related to spread integration tests
+*.img
+*.iso
+*.lock
+*.log
+*.qcow2
+*.run
+.spread-reuse.yaml
+.spread-reuse.*.yaml
+spread-artifacts/
+spread-logs/
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 91174d41ed8e09e80f178186ac27e5939394557a..393f6c72c607ae9ea0347ae8987242a7e000034c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,25 +4,41 @@ image: ubuntu:latest
# XXX - add a deploy stage to publish man pages, docs, and coverage
# reports
+workflow:
+ rules:
+ - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+ - if: $CI_COMMIT_TAG
+ - if: $CI_COMMIT_BRANCH
+
stages:
- build
- test
+ - spread
-.ubuntu-before_script:
+.ubuntu-common:
before_script:
- - export DEBIAN_FRONTEND=noninteractive
+ # Install build-dependencies by loading the package list from the ubuntu/debian cloud-init profile.
+ - printf '\e[0K%s:%s:%s[collapsed=true]\r\e[0K%s\n' section_start "$(date +%s)" install_deps "Installing dependencies..."
- apt-get update -qq
- - apt-get install --no-install-recommends -y gcc perl liblocale-gettext-perl linux-libc-dev lsb-release make
+ - apt-get install --yes yq make lsb-release
+ - |
+ printf 'include .image-garden.mk\n$(info $(UBUNTU_CLOUD_INIT_USER_DATA_TEMPLATE))\n.PHONY: nothing\nnothing:\n' \
+ | make -f - nothing \
+ | yq '.packages | .[]' \
+ | xargs apt-get install --yes --no-install-recommends
+ - printf '\e[0K%s:%s:%s\r\e[0K\n' section_end "$(date +%s)" install_deps
+ after_script:
+ # Inspect the kernel and lsb-release.
- lsb_release -a
- uname -a
-.install-c-build-deps: &install-c-build-deps
- - apt-get install --no-install-recommends -y build-essential apache2-dev autoconf automake bison dejagnu flex libpam-dev libtool pkg-config python3-all-dev python3-setuptools ruby-dev swig zlib1g-dev
-
build-all:
stage: build
extends:
- - .ubuntu-before_script
+ - .ubuntu-common
+ script:
+ # Run the spread prepare section to build everything.
+ - yq -r '.prepare' <spread.yaml | SPREAD_PATH=. bash -xeu
artifacts:
name: ${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHA}
expire_in: 30 days
@@ -35,39 +51,33 @@ build-all:
- changehat/mod_apparmor/
- changehat/pam_apparmor/
- profiles/
- script:
- - *install-c-build-deps
- - cd libraries/libapparmor && ./autogen.sh && ./configure --with-perl --with-python --prefix=/usr && make && cd ../.. || { cat config.log ; exit 1 ; }
- - make -C parser
- - make -C binutils
- - make -C utils
- - make -C changehat/mod_apparmor
- - make -C changehat/pam_apparmor
- - make -C profiles
test-libapparmor:
stage: test
needs: ["build-all"]
extends:
- - .ubuntu-before_script
+ - .ubuntu-common
script:
- - *install-c-build-deps
+ # This is to touch the built files in the test stage to avoid needless rebuilding
+ - make -C libraries/libapparmor --touch
- make -C libraries/libapparmor check
test-parser:
stage: test
needs: ["build-all"]
extends:
- - .ubuntu-before_script
+ - .ubuntu-common
script:
- - *install-c-build-deps
+ # This is to touch the built files in the test stage to avoid needless rebuilding
+ - make -C parser --touch
+ - make -C parser -j $(nproc) tst_binaries
- make -C parser check
test-binutils:
stage: test
needs: ["build-all"]
extends:
- - .ubuntu-before_script
+ - .ubuntu-common
script:
- make -C binutils check
@@ -75,9 +85,16 @@ test-utils:
stage: test
needs: ["build-all"]
extends:
- - .ubuntu-before_script
+ - .ubuntu-common
script:
- - apt-get install --no-install-recommends -y libc6-dev libjs-jquery libjs-jquery-throttle-debounce libjs-jquery-isonscreen libjs-jquery-tablesorter pyflakes3 python3-coverage python3-notify2 python3-psutil python3-setuptools
+ # This is to touch the built files in the test stage to avoid needless rebuilding
+ - make -C utils --touch
+
+ # TODO: move those to cloud-init list?
+ - printf '\e[0K%s:%s:%s[collapsed=true]\r\e[0K%s\n' section_start "$(date +%s)" install_extra_deps "Installing additional dependencies..."
+ - apt-get install --no-install-recommends -y libc6-dev libjs-jquery libjs-jquery-throttle-debounce libjs-jquery-isonscreen libjs-jquery-tablesorter flake8 python3-coverage python3-notify2 python3-psutil python3-setuptools python3-tk python3-ttkthemes python3-gi
+ - printf '\e[0K%s:%s:%s\r\e[0K\n' section_end "$(date +%s)" install_extra_deps
+
# See apparmor/apparmor#221
- make -C parser/tst gen_dbus
- make -C parser/tst gen_xtrans
@@ -92,31 +109,37 @@ test-mod-apparmor:
stage: test
needs: ["build-all"]
extends:
- - .ubuntu-before_script
+ - .ubuntu-common
script:
+ # This is to touch the built files in the test stage to avoid needless rebuilding
+ - make -C changehat/mod_apparmor --touch
- make -C changehat/mod_apparmor check
test-profiles:
stage: test
needs: ["build-all"]
extends:
- - .ubuntu-before_script
+ - .ubuntu-common
script:
+ # This is to touch the built files in the test stage to avoid needless rebuilding
+ - make -C profiles --touch
- make -C profiles check-parser
- make -C profiles check-abstractions.d
- - make -C profiles check-extras
+ - make -C profiles check-local
shellcheck:
stage: test
needs: []
extends:
- - .ubuntu-before_script
+ - .ubuntu-common
script:
- - apt-get install --no-install-recommends -y file shellcheck xmlstarlet
- - shellcheck --version
- - './tests/bin/shellcheck-tree --format=checkstyle
- | xmlstarlet tr tests/checkstyle2junit.xslt
- > shellcheck.xml'
+ - printf '\e[0K%s:%s:%s[collapsed=true]\r\e[0K%s\n' section_start "$(date +%s)" install_extra_deps "Installing additional dependencies..."
+ - apt-get install --no-install-recommends -y python3-minimal file shellcheck xmlstarlet
+ - printf '\e[0K%s:%s:%s\r\e[0K\n' section_end "$(date +%s)" install_extra_deps
+ - shellcheck --version
+ - "./tests/bin/shellcheck-tree --format=checkstyle
+ | xmlstarlet tr tests/checkstyle2junit.xslt
+ > shellcheck.xml"
artifacts:
when: always
reports:
@@ -137,3 +160,147 @@ include:
variables:
SAST_EXCLUDED_ANALYZERS: "eslint,flawfinder,semgrep,spotbugs"
SAST_BANDIT_EXCLUDED_PATHS: "*/tst/*, */test/*"
+
+coverity:
+ stage: .post
+ extends:
+ - .ubuntu-common
+ script:
+ - printf '\e[0K%s:%s:%s[collapsed=true]\r\e[0K%s\n' section_start "$(date +%s)" install_extra_deps "Installing additional dependencies..."
+ - apt-get install --no-install-recommends -y curl git texlive-latex-recommended
+ - printf '\e[0K%s:%s:%s\r\e[0K\n' section_end "$(date +%s)" install_extra_deps
+ - curl -o /tmp/cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64
+ --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN
+ - tar xfz /tmp/cov-analysis-linux64.tgz
+ - COV_VERSION=$(ls -dt cov-analysis-linux64-* | head -1)
+ - PATH=$PATH:$(pwd)/$COV_VERSION/bin
+ - make coverity
+ - curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
+ --form token=$COVERITY_SCAN_TOKEN --form email=$GITLAB_USER_EMAIL
+ --form file=@$(ls apparmor-*-cov-int.tar.gz) --form version="$(git describe --tags)"
+ --form description="$(git describe --tags) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID"
+ artifacts:
+ paths:
+ - "apparmor-*.tar.gz"
+ rules:
+ - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PROJECT_PATH == "apparmor/apparmor"
+
+.image-garden-x86_64:
+ stage: spread
+ # TODO: use tagged release once container tagging is improved upstream.
+ image: registry.gitlab.com/zygoon/image-garden:latest
+ tags:
+ - linux
+ - x86_64
+ - kvm
+ variables:
+ ARCH: x86_64
+ GARDEN_DL_DIR: dl
+ CACHE_POLICY: pull-push
+ CACHE_COMPRESSION_LEVEL: fastest
+ before_script:
+ # Prepare the image in dry-run mode. This helps in debugging cache misses
+ # when files are not cached correctly by the runner, causing the build section
+ # below to always do hevy-duty work.
+ - printf '\e[0K%s:%s:%s[collapsed=true]\r\e[0K%s\n' section_start "$(date +%s)" prepare_image_dry_run "Prepare image (dry run)"
+ - image-garden make --dry-run --debug "$GARDEN_SYSTEM.$ARCH.run" "$GARDEN_SYSTEM.$ARCH.qcow2" "$GARDEN_SYSTEM.seed.iso" "$GARDEN_SYSTEM.user-data" "$GARDEN_SYSTEM.meta-data"
+ - printf '\e[0K%s:%s:%s\r\e[0K\n' section_end "$(date +%s)" prepare_image_dry_run
+ script:
+ # Prepare the image, for real.
+ - printf '\e[0K%s:%s:%s[collapsed=true]\r\e[0K%s\n' section_start "$(date +%s)" prepare_image "Prepare image"
+ - image-garden make "$GARDEN_SYSTEM.$ARCH.run" "$GARDEN_SYSTEM.$ARCH.qcow2" "$GARDEN_SYSTEM.seed.iso" "$GARDEN_SYSTEM.user-data" "$GARDEN_SYSTEM.meta-data"
+ - printf '\e[0K%s:%s:%s\r\e[0K\n' section_end "$(date +%s)" prepare_image
+ cache:
+ # Cache the base image (pre-customization).
+ - key: image-garden-base-${GARDEN_SYSTEM}.${ARCH}
+ policy: $CACHE_POLICY
+ when: always
+ paths:
+ - $GARDEN_DL_DIR
+ # Those are never mutated so they are safe to share.
+ - efi-code.*.img
+ - efi-vars.*.img
+ # Cache the customized system. This cache depends on .image-garden.mk file
+ # so that any customization updates are immediately acted upon.
+ - key:
+ prefix: image-garden-custom-${GARDEN_SYSTEM}.${ARCH}-
+ files:
+ - .image-garden.mk
+ policy: $CACHE_POLICY
+ when: always
+ paths:
+ - $GARDEN_SYSTEM.*
+ - $GARDEN_SYSTEM.seed.iso
+ - $GARDEN_SYSTEM.meta-data
+ - $GARDEN_SYSTEM.user-data
+
+# This job builds and caches the image that the job below looks at.
+image-ubuntu-cloud-24.04-x86_64:
+ extends: .image-garden-x86_64
+ variables:
+ GARDEN_SYSTEM: ubuntu-cloud-24.04
+ needs: []
+ dependencies: []
+ rules:
+ - if: $CI_COMMIT_TAG
+ - if: $CI_PIPELINE_SOURCE == "merge_request_event" || $CI_COMMIT_BRANCH
+ changes:
+ paths:
+ - .image-garden.mk
+ - .gitlab-ci.yml
+ compare_to: "refs/heads/master"
+
+.spread-x86_64:
+ extends: .image-garden-x86_64
+ variables:
+ # GitLab project identifier of zygoon/spread-dist can be seen on
+ # https://gitlab.com/zygoon/spread-dist, under the three-dot menu on
+ # top-right.
+ SPREAD_GITLAB_PROJECT_ID: "65375371"
+ # Git revision of spread to install.
+ # This must have been built via spread-dist.
+ # TODO: switch to upstream 1.0 release when available.
+ SPREAD_REV: 413817eda7bec07a3885e0717c178b965f8924e1
+ # Run all the tasks for a given system.
+ SPREAD_ARGS: "garden:$GARDEN_SYSTEM:"
+ SPREAD_GOARCH: amd64
+ before_script:
+ # Prepare the image in dry-run mode. This helps in debugging cache misses
+ # when files are not cached correctly by the runner, causing the build section
+ # below to always do hevy-duty work.
+ - printf '\e[0K%s:%s:%s[collapsed=true]\r\e[0K%s\n' section_start "$(date +%s)" prepare_image_dry_run "Prepare image (dry run)"
+ - image-garden make --dry-run --debug "$GARDEN_SYSTEM.$ARCH.run" "$GARDEN_SYSTEM.$ARCH.qcow2" "$GARDEN_SYSTEM.seed.iso" "$GARDEN_SYSTEM.user-data" "$GARDEN_SYSTEM.meta-data"
+ - stat .image-garden.mk "$GARDEN_SYSTEM".* || true
+ - printf '\e[0K%s:%s:%s\r\e[0K\n' section_end "$(date +%s)" prepare_image_dry_run
+ # Install the selected revision of spread.
+ - printf '\e[0K%s:%s:%s[collapsed=true]\r\e[0K%s\n' section_start "$(date +%s)" install_spread "Installing spread..."
+ # Install pre-built spread from https://gitlab.com/zygoon/spread-dist generic package repository.
+ - |
+ curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --location --output spread "${CI_API_V4_URL}/projects/${SPREAD_GITLAB_PROJECT_ID}/packages/generic/spread/${SPREAD_REV}/spread.${SPREAD_GOARCH}"
+ - chmod +x spread
+ - printf '\e[0K%s:%s:%s\r\e[0K\n' section_end "$(date +%s)" install_spread
+ script:
+ - printf '\e[0K%s:%s:%s\r\e[0K%s\n' section_start "$(date +%s)" run_spread "Running spread for $GARDEN_SYSTEM..."
+ # TODO: transform to inject ^...$ to properly select jobs to run.
+ - mkdir -p spread-logs spread-artifacts
+ - ./spread -list $SPREAD_ARGS |
+ split --number=l/"${CI_NODE_INDEX:-1}"/"${CI_NODE_TOTAL:-1}" |
+ xargs --verbose ./spread -v -artifacts ./spread-artifacts -v | tee spread-logs/"$GARDEN_SYSTEM".log
+ - printf '\e[0K%s:%s:%s\r\e[0K\n' section_end "$(date +%s)" run_spread
+ artifacts:
+ paths:
+ - spread-logs
+ - spread-artifacts
+ when: always
+
+spread-ubuntu-cloud-24.04-x86_64:
+ extends: .spread-x86_64
+ variables:
+ GARDEN_SYSTEM: ubuntu-cloud-24.04
+ SPREAD_ARGS: garden:$GARDEN_SYSTEM:tests/regression/ garden:$GARDEN_SYSTEM:tests/profiles/
+ CACHE_POLICY: pull
+ dependencies: []
+ needs:
+ - job: image-ubuntu-cloud-24.04-x86_64
+ optional: true
+ parallel: 4
diff --git a/.image-garden.mk b/.image-garden.mk
new file mode 100644
index 0000000000000000000000000000000000000000..bd12d1a4ff7717eae12dce6f1d0793866bb03377
--- /dev/null
+++ b/.image-garden.mk
@@ -0,0 +1,110 @@
+# This file is read by image-garden when spread is allocating test machines.
+# All the package installation happens through cloud-init profiles defined
+# below.
+
+# This is the cloud-init user-data profile for all Debian systems. Note that it
+# is an extension of the default profile necessary for operation of
+# image-garden.
+define DEBIAN_CLOUD_INIT_USER_DATA_TEMPLATE
+$(CLOUD_INIT_USER_DATA_TEMPLATE)
+packages:
+- apache2-dev
+- attr
+- autoconf
+- autoconf-archive
+- automake
+- bison
+- build-essential
+- dejagnu
+- dosfstools
+- flake8
+- flex
+- fuse-overlayfs
+- gdb
+- gettext
+- libdbus-1-dev
+- libpam0g-dev
+- libtool
+- liburing-dev
+- pkg-config
+- python3-all-dev
+- python3-gi
+- python3-notify2
+- python3-psutil
+- python3-setuptools
+- python3-tk
+- python3-ttkthemes
+- swig
+- toybox
+endef
+
+# Ubuntu shares cloud-init profile with Debian.
+UBUNTU_CLOUD_INIT_USER_DATA_TEMPLATE=$(DEBIAN_CLOUD_INIT_USER_DATA_TEMPLATE)
+
+# This is the cloud-init user-data profile for openSUSE Tumbleweed.
+define OPENSUSE_tumbleweed_CLOUD_INIT_USER_DATA_TEMPLATE
+$(CLOUD_INIT_USER_DATA_TEMPLATE)
+- sed -i -e 's/security=selinux/security=apparmor/g' /etc/default/grub
+- update-bootloader
+packages:
+- apache2-devel
+- attr
+- autoconf
+- autoconf-archive
+- automake
+- bison
+- dbus-1-devel
+- dejagnu
+- dosfstools
+- flex
+- fuse-overlayfs
+- gcc
+- gcc-c++
+- gdb
+- gettext
+- gobject-introspection
+- libtool
+- liburing2-devel
+- make
+- pam-devel
+- pkg-config
+- python3-devel
+- python3-flake8
+- python3-notify2
+- python3-psutil
+- python3-setuptools
+- python3-setuptools
+- python3-tk
+- python311
+- python311-devel
+- swig
+endef
+
+define FEDORA_CLOUD_INIT_USER_DATA_TEMPLATE
+$(CLOUD_INIT_USER_DATA_TEMPLATE)
+packages:
+- attr
+- autoconf
+- autoconf-archive
+- automake
+- bison
+- dbus-devel
+- dejagnu
+- dosfstools
+- flex
+- gdb
+- gettext
+- httpd-devel
+- libstdc++-static
+- libtool
+- liburing-devel
+- pam-devel
+- perl
+- pkg-config
+- python3-devel
+- python3-flake8
+- python3-gobject-base
+- python3-notify2
+- python3-tkinter
+- swig
+endef
diff --git a/Makefile b/Makefile
index 4453500ecdcafc18277244fe0237f3491e7c3e3c..ec570bb34cacca23073c9310c062f19233b3b78c 100644
--- a/Makefile
+++ b/Makefile
@@ -59,7 +59,7 @@ coverity: snapshot
mv $(COVERITY_DIR)/build-log.txt $(COVERITY_DIR)/build-log-python-$(subst /,.,$(dir)).txt ;)
cov-build --dir $(COVERITY_DIR) -- sh -c \
"$(foreach dir, $(filter-out utils profiles tests, $(DIRS)), \
- $(MAKE) -C $(SNAPSHOT_NAME)/$(dir);) "
+ $(MAKE) -j $$(nproc) -C $(SNAPSHOT_NAME)/$(dir);) "
tar -cvzf $(SNAPSHOT_NAME)-$(COVERITY_DIR).tar.gz $(COVERITY_DIR)
.PHONY: export_dir
diff --git a/README.md b/README.md
index b7555f990f727f1a51ec48fe1fe15e72faa6775d..711887d2aad3bfd3371b2cdef60b1f70f4743f8b 100644
--- a/README.md
+++ b/README.md
@@ -181,6 +181,9 @@ $ make check # depends on the parser having been built first
$ make install
```
+Note that the empty local/* profile sniplets no longer get created by default.
+If you want them, run `make local` before running `make check`.
+
[Note that for the parser, binutils, and utils, if you only wish to build/use
some of the locale languages, you can override the default by passing
the LANGS arguments to make; e.g. make all install "LANGS=en_US fr".]
@@ -194,6 +197,33 @@ usage and how to update and add tests. Below is a quick overview of their
location and how to run them.
+Using spread with local virtual machines
+----------------------------------------
+
+It may be convenient to use the spread tool to provision and run the test suite
+in an ephemeral virtual machine. This allows testing in isolation from the
+host, as well as testing across different commonly used distributions and their
+real kernels.
+
+```sh
+sudo apt install git golang whois ovmf genisoimage qemu-utils qemu-system
+go install github.com/snapcore/spread/cmd/spread@latest
+git clone https://gitlab.com/zygoon/image-garden
+make -C image-garden
+sudo make -C image-garden install
+image-garden make ubuntu-cloud-24.10.x86_64.run
+cd $APPARMOR_PATH
+git clean -xdf
+~/go/bin/spread -artifacts ./spread-artifacts -v ubuntu-cloud-24.10
+# or ~/go/bin/spread -v garden:ubuntu-cloud-24.04:tests/regression/apparmor:at_secure
+```
+
+Running the `run_spread.sh` script, with `spread` on `PATH` will run all the
+tests across several supported systems (Debian, Ubuntu and openSUSE).
+
+If you include a `bzImage` file in the root of the repository then that kernel
+will be used in the integration test. Please look at `spread.yaml` for details.
+
Regression tests
----------------
For details on structure and adding tests, see
@@ -351,6 +381,10 @@ The aa-notify tool's Python dependencies can be satisfied by installing the
following packages (Debian package names, other distros may vary):
* python3-notify2
* python3-psutil
+* python3-sqlite (part of the python3.NN-stdlib package)
+* python3-tk
+* python3-ttkthemes
+* python3-gi
Perl is no longer needed since none of the utilities shipped to end users depend
on it anymore.
diff --git a/binutils/Makefile b/binutils/Makefile
index 3f1d001126689c986b9e530c89e57ec9e50ef67e..f97bd6a2b174f0fe3e7db1c09f85b3d0271b53e8 100644
--- a/binutils/Makefile
+++ b/binutils/Makefile
@@ -21,7 +21,7 @@ DESTDIR=/
BINDIR=${DESTDIR}/usr/bin
SBINDIR=${DESTDIR}/usr/sbin
LOCALEDIR=/usr/share/locale
-MANPAGES=aa-enabled.1 aa-exec.1 aa-features-abi.1 aa-status.8
+MANPAGES=aa-enabled.1 aa-exec.1 aa-features-abi.1 aa-load.8 aa-status.8
WARNINGS = -Wall
CPP_WARNINGS =
@@ -48,10 +48,10 @@ endif
# Internationalization support. Define a package and a LOCALEDIR
EXTRA_CFLAGS+=-DPACKAGE=\"${NAME}\" -DLOCALEDIR=\"${LOCALEDIR}\"
-SRCS = aa_enabled.c
+SRCS = aa_enabled.c aa_load.c
HDRS =
BINTOOLS = aa-enabled aa-exec aa-features-abi
-SBINTOOLS = aa-status
+SBINTOOLS = aa-status aa-load
AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
@@ -126,6 +126,9 @@ endif
aa-features-abi: aa_features_abi.c $(LIBAPPARMOR_A)
$(CC) $(LDFLAGS) $(EXTRA_CFLAGS) -o $@ $< $(LIBS) $(AALIB)
+aa-load: aa_load.c $(LIBAPPARMOR_A)
+ $(CC) $(LDFLAGS) $(EXTRA_CFLAGS) -o $@ $< $(LIBS) $(AALIB)
+
aa-enabled: aa_enabled.c $(LIBAPPARMOR_A)
$(CC) $(LDFLAGS) $(EXTRA_CFLAGS) -o $@ $< $(LIBS) $(AALIB)
diff --git a/binutils/aa-enabled.1 b/binutils/aa-enabled.1
deleted file mode 100644
index 2f804ac00581428bf610af04ddfdd6b6eea84d61..0000000000000000000000000000000000000000
--- a/binutils/aa-enabled.1
+++ /dev/null
@@ -1,194 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-ENABLED 1"
-.TH AA-ENABLED 1 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-enabled \- test whether AppArmor is enabled
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-enabled\fR [options]
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBaa-enabled\fR is used to determine if AppArmor is enabled.
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-\&\fBaa-enabled\fR accepts the following arguments:
-.IP "\-h, \-\-help" 4
-.IX Item "-h, --help"
-Display a brief usage guide.
-.IP "\-q, \-\-quiet" 4
-.IX Item "-q, --quiet"
-Do not output anything to stdout. This option is intended to be used by
-scripts that simply want to use the exit code to determine if AppArmor is
-enabled.
-.IP "\-x, \-\-exclusive" 4
-.IX Item "-x, --exclusive"
-Require AppArmor to have exclusive access to shared \s-1LSM\s0 interfaces to
-be considered enabled.
-.SH "EXIT STATUS"
-.IX Header "EXIT STATUS"
-Upon exiting, \fBaa-enabled\fR will set its exit status to the following values:
-.IP "\fB0\fR" 4
-.IX Item "0"
-if AppArmor is enabled.
-.IP "\fB1\fR" 4
-.IX Item "1"
-if AppArmor is not enabled/loaded.
-.IP "\fB2\fR" 4
-.IX Item "2"
-intentionally not used as an \fBaa-enabled\fR exit status.
-.IP "\fB3\fR" 4
-.IX Item "3"
-if the AppArmor control files aren't available under /sys/kernel/security/.
-.IP "\fB4\fR" 4
-.IX Item "4"
-if \fBaa-enabled\fR doesn't have enough privileges to read the apparmor control files.
-.IP "\fB10\fR" 4
-.IX Item "10"
-AppArmor is enabled but does not have access to shared \s-1LSM\s0 interfaces.
-.IP "\fB64\fR" 4
-.IX Item "64"
-if any unexpected error or condition is encountered.
-.SH "BUGS"
-.IX Header "BUGS"
-If you find any bugs, please report them at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa_is_enabled\fR\|(2), and <https://wiki.apparmor.net>.
diff --git a/binutils/aa-exec.1 b/binutils/aa-exec.1
deleted file mode 100644
index e34109359a37bd8a15ac7174a46ceacbc5a5b3e6..0000000000000000000000000000000000000000
--- a/binutils/aa-exec.1
+++ /dev/null
@@ -1,192 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-EXEC 1"
-.TH AA-EXEC 1 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-exec \- confine a program with the specified AppArmor profile
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-exec\fR [options] [\-\-] [\fI<command>\fR ...]
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBaa-exec\fR is used to launch a program confined by the specified profile
-and or namespace. If both a profile and namespace are specified command
-will be confined by profile in the new policy namespace. If only a namespace
-is specified, the profile name of the current confinement will be used. If
-neither a profile or namespace is specified command will be run using
-standard profile attachment (ie. as if run without the aa-exec command).
-.PP
-If the arguments are to be pasted to the \fI<command>\fR being invoked
-by aa-exec then \*(-- should be used to separate aa-exec arguments from the
-command.
- aa-exec \-p profile1 \*(-- ls \-l
-.SH "OPTIONS \fBaa-exec\fP accepts the following arguments:"
-.IX Header "OPTIONS aa-exec accepts the following arguments:"
-.IP "\-p \s-1PROFILE,\s0 \-\-profile=PROFILE" 4
-.IX Item "-p PROFILE, --profile=PROFILE"
-confine \fI<command>\fR with \s-1PROFILE.\s0 If the \s-1PROFILE\s0 is not specified
-use the current profile name (likely unconfined).
-.IP "\-n \s-1NAMESPACE,\s0 \-\-namespace=NAMESPACE" 4
-.IX Item "-n NAMESPACE, --namespace=NAMESPACE"
-use profiles in \s-1NAMESPACE.\s0 This will result in confinement transitioning
-to using the new profile namespace.
-.IP "\-i, \-\-immediate" 4
-.IX Item "-i, --immediate"
-transition to \s-1PROFILE\s0 before doing executing \fI<command>\fR. This
-subjects the running of \fI<command>\fR to the exec transition rules
-of the current profile.
-.IP "\-v, \-\-verbose" 4
-.IX Item "-v, --verbose"
-show commands being performed
-.IP "\-d, \-\-debug" 4
-.IX Item "-d, --debug"
-show commands and error codes
-.IP "\-\-" 4
-Signal the end of options and disables further option processing. Any
-arguments after the \*(-- are treated as arguments of the command. This is
-useful when passing arguments to the \fI<command>\fR being invoked by
-aa-exec.
-.SH "BUGS"
-.IX Header "BUGS"
-If you find any bugs, please report them at
-<https://gitlab.com/apparmor/apparmor/\-/issues>
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBaa\-stack\fR\|(8), \fBaa\-namespace\fR\|(8), \fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa_change_profile\fR\|(3),
-\&\fBaa_change_onexec\fR\|(3) and <https://wiki.apparmor.net>.
diff --git a/binutils/aa-features-abi.1 b/binutils/aa-features-abi.1
deleted file mode 100644
index 7354253b7e09185c5347709fe773988a92be14b3..0000000000000000000000000000000000000000
--- a/binutils/aa-features-abi.1
+++ /dev/null
@@ -1,187 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-FEATURES-ABI 1"
-.TH AA-FEATURES-ABI 1 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-features\-abi \- Extract, validate and manipulate AppArmor feature abis
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-features-abi\fR [\s-1OPTIONS\s0] <\s-1SOURCE\s0> [\s-1OUTPUT OPTIONS\s0]
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBaa-features-abi\fR is used to extract a features abi and output to
-either stdout or a specified file. A \s-1SOURCE_OPTION\s0 must be specified.
-If an output option is not specified the features abi is written to
-stdout.
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-\&\fBaa-features-abi\fR accepts the following arguments:
-.IP "\-h, \-\-help" 4
-.IX Item "-h, --help"
-Display a brief usage guide.
-.IP "\-d, \-\-debug" 4
-.IX Item "-d, --debug"
-show messages with debugging information
-.IP "\-v, \-\-verbose" 4
-.IX Item "-v, --verbose"
-show messages with stats
-.SH "SOURCE"
-.IX Header "SOURCE"
-.IP "\-x, \-\-extract" 4
-.IX Item "-x, --extract"
-Extract the features abi for the kernel
-.IP "\-f \s-1FILE,\s0 \-\-file=FILE" 4
-.IX Item "-f FILE, --file=FILE"
-Load the features abi from \s-1FILE\s0 and send it to \s-1OUTPUT OPTIONS.\s0
-.SH "OUTPUT OPTIONS"
-.IX Header "OUTPUT OPTIONS"
-.IP "\-\-stdout" 4
-.IX Item "--stdout"
-Write the features abi to \fIstdout\fR, this is the default if no output option
-is specified.
-.IP "\-w \s-1FILE,\s0 \-\-write \s-1FILE\s0" 4
-.IX Item "-w FILE, --write FILE"
-Write the features abi to \fI\s-1FILE\s0\fR.
-.SH "BUGS"
-.IX Header "BUGS"
-If you find any bugs, please report them at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa_features\fR\|(3), and <https://wiki.apparmor.net>.
diff --git a/binutils/aa-load.pod b/binutils/aa-load.pod
new file mode 100644
index 0000000000000000000000000000000000000000..098dcb9aaa9f2c758276cd9c9e8cea9b0803bc5a
--- /dev/null
+++ b/binutils/aa-load.pod
@@ -0,0 +1,77 @@
+# This publication is intellectual property of Canonical Ltd. Its contents
+# can be duplicated, either in part or in whole, provided that a copyright
+# label is visibly located on each copy.
+#
+# All information found in this book has been compiled with utmost
+# attention to detail. However, this does not guarantee complete accuracy.
+# Neither Canonical Ltd, the authors, nor the translators shall be held
+# liable for possible errors or the consequences thereof.
+#
+# Many of the software and hardware descriptions cited in this book
+# are registered trademarks. All trade names are subject to copyright
+# restrictions and may be registered trade marks. Canonical Ltd
+# essentially adheres to the manufacturer's spelling.
+#
+# Names of products and trademarks appearing in this book (with or without
+# specific notation) are likewise subject to trademark and trade protection
+# laws and may thus fall under copyright restrictions.
+#
+
+
+=pod
+
+=head1 NAME
+
+aa-load - load precompiled AppArmor policy from cache location(s)
+
+=head1 SYNOPSIS
+
+B<aa-load> [options] (cache file|cache dir|cache base dir)+
+
+=head1 DESCRIPTION
+
+B<aa-load> loads precompiled AppArmor policy from the specified locations.
+
+=head1 OPTIONS
+
+B<aa-load> accepts the following arguments:
+
+=over 4
+
+=item -f, --force
+
+Force B<aa-load> to load a policy even if its abi does not match the kernel abi.
+
+=item -d, --debug
+
+Display debug messages.
+
+=item -v, --verbose
+
+Display progress and error messages.
+
+=item -n, --dry-run
+
+Do not actually load the specified policy/policies into the kernel.
+
+=item -h, --help
+
+Display a brief usage guide.
+
+=back
+
+=head1 EXIT STATUS
+
+Upon exiting, B<aa-load> returns 0 upon success and 1 upon an error loading
+the precompiled policy.
+
+=head1 BUGS
+
+If you find any bugs, please report them at
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
+
+=head1 SEE ALSO
+
+apparmor(7), apparmor.d(5), apparmor_parser(8), and L<https://wiki.apparmor.net>.
+
+=cut
diff --git a/binutils/aa-status.8 b/binutils/aa-status.8
deleted file mode 100644
index 385fdaf5a9ad800fe9853e4dcfd06388ef8330de..0000000000000000000000000000000000000000
--- a/binutils/aa-status.8
+++ /dev/null
@@ -1,241 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-STATUS 8"
-.TH AA-STATUS 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-status \- display various information about the current AppArmor
-policy.
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-status\fR [option]
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBaa-status\fR will report various aspects of the current state of
-AppArmor confinement. By default, it displays the same information as if
-the \fI\-\-verbose\fR argument were given. A sample of what this looks like
-is:
-.PP
-.Vb 8
-\& apparmor module is loaded.
-\& 110 profiles are loaded.
-\& 102 profiles are in enforce mode.
-\& 8 profiles are in complain mode.
-\& Out of 129 processes running:
-\& 13 processes have profiles defined.
-\& 8 processes have profiles in enforce mode.
-\& 5 processes have profiles in complain mode.
-.Ve
-.PP
-Other argument options are provided to report individual aspects, to
-support being used in scripts.
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-\&\fBaa-status\fR accepts only one argument at a time out of:
-.IP "\-\-enabled" 4
-.IX Item "--enabled"
-returns error code if AppArmor is not enabled.
-.IP "\-\-profiled" 4
-.IX Item "--profiled"
-displays the number of loaded AppArmor policies.
-.IP "\-\-enforced" 4
-.IX Item "--enforced"
-displays the number of loaded enforcing AppArmor policies.
-.IP "\-\-complaining" 4
-.IX Item "--complaining"
-displays the number of loaded non-enforcing AppArmor policies.
-.IP "\-\-kill" 4
-.IX Item "--kill"
-displays the number of loaded enforcing AppArmor policies that will kill tasks on policy violations.
-.IP "\-\-special\-unconfined" 4
-.IX Item "--special-unconfined"
-displays the number of loaded non-enforcing AppArmor policies that are in the special unconfined mode.
-.IP "\-\-process\-mixed displays the number of processes confined by profile stacks with profiles in different modes." 4
-.IX Item "--process-mixed displays the number of processes confined by profile stacks with profiles in different modes."
-.PD 0
-.IP "\-\-verbose" 4
-.IX Item "--verbose"
-.PD
-displays multiple data points about loaded AppArmor policy
-set (the default action if no arguments are given).
-.IP "\-\-json" 4
-.IX Item "--json"
-displays multiple data points about loaded AppArmor policy
-set in a \s-1JSON\s0 format, fit for machine consumption.
-.IP "\-\-pretty\-json" 4
-.IX Item "--pretty-json"
-same as \-\-json, formatted to be readable by humans as well
-as by machines.
-.IP "\-\-help" 4
-.IX Item "--help"
-displays a short usage statement.
-.SH "EXIT STATUS"
-.IX Header "EXIT STATUS"
-Upon exiting, \fBaa-status\fR will set its exit status to the
-following values:
-.IP "\fB0\fR" 4
-.IX Item "0"
-if apparmor is enabled and policy is loaded.
-.IP "\fB1\fR" 4
-.IX Item "1"
-if apparmor is not enabled/loaded.
-.IP "\fB2\fR" 4
-.IX Item "2"
-if apparmor is enabled but no policy is loaded.
-.IP "\fB3\fR" 4
-.IX Item "3"
-if the apparmor control files aren't available under /sys/kernel/security/.
-.IP "\fB4\fR" 4
-.IX Item "4"
-if the user running the script doesn't have enough privileges to read
-the apparmor control files.
-.IP "\fB42\fR" 4
-.IX Item "42"
-if an internal error occurred.
-.SH "BUGS"
-.IX Header "BUGS"
-\&\fBaa-status\fR must be run as root to read the state of the loaded
-policy from the apparmor module. It uses the /proc filesystem to determine
-which processes are confined and so is susceptible to race conditions.
-.PP
-If you find any additional bugs, please report them at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), and
-<https://wiki.apparmor.net>.
diff --git a/binutils/aa-status.pod b/binutils/aa-status.pod
index 038b3a3e9bc2606b8a0160c3826d02ca60e0aef3..95af214d51d94510d50a8580b73c5661412465eb 100644
--- a/binutils/aa-status.pod
+++ b/binutils/aa-status.pod
@@ -72,11 +72,18 @@ displays the number of loaded non-enforcing AppArmor policies.
=item --kill
-displays the number of loaded enforcing AppArmor policies that will kill tasks on policy violations.
+displays the number of loaded enforcing AppArmor policies that will
+kill tasks on policy violations.
+
+=item --prompt
+
+displays the number of loaded enforcing AppArmor policies, with
+fallback to userspace mediation.
=item --special-unconfined
-displays the number of loaded non-enforcing AppArmor policies that are in the special unconfined mode.
+displays the number of loaded non-enforcing AppArmor policies that are
+in the special unconfined mode.
=item --process-mixed
displays the number of processes confined by profile stacks with
@@ -97,6 +104,40 @@ set in a JSON format, fit for machine consumption.
same as --json, formatted to be readable by humans as well
as by machines.
+=item --show
+
+what data sets to show information about. Currently I<processes>,
+I<profiles>, I<all> for both processes and profiles. The default is
+I<all>.
+
+=item --count
+
+display only counts for selected information.
+
+=item --filter.mode=filter
+
+Allows specifying a posix regular expression filter that will be
+applied against the displayed processess and profiles apparmor profile
+mode, reducing the output.
+
+=item --filter.profiles=filter
+
+Allows specifying a posix regular expression filter that will be
+applied against the displayed processess and profiles confining
+profile, reducing the output.
+
+=item --filter.pid=filter
+
+Allows specifying a posix regular expression filter that will be
+applied against the displayed processes, so that only processes pids
+matching the expression will be displayed.
+
+=item --filter.exe=filter
+
+Allows specifying a posix regular expression filter that will be
+applied against the displayed processes, so that only processes
+executable name matching the expression will be displayed.
+
=item --help
displays a short usage statement.
@@ -124,7 +165,8 @@ if apparmor is enabled but no policy is loaded.
=item B<3>
-if the apparmor control files aren't available under /sys/kernel/security/.
+if the apparmor control files aren't available under
+/sys/kernel/security/.
=item B<4>
@@ -140,8 +182,9 @@ if an internal error occurred.
=head1 BUGS
B<aa-status> must be run as root to read the state of the loaded
-policy from the apparmor module. It uses the /proc filesystem to determine
-which processes are confined and so is susceptible to race conditions.
+policy from the apparmor module. It uses the /proc filesystem to
+determine which processes are confined and so is susceptible to race
+conditions.
If you find any additional bugs, please report them at
L<https://gitlab.com/apparmor/apparmor/-/issues>.
diff --git a/binutils/aa_load.c b/binutils/aa_load.c
new file mode 100644
index 0000000000000000000000000000000000000000..6133e899a5fe03198f5e497c8e8fad71f1bf3752
--- /dev/null
+++ b/binutils/aa_load.c
@@ -0,0 +1,408 @@
+/*
+ * Copyright (C) 2020 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ */
+
+#define _GNU_SOURCE /* for asprintf() */
+#include <stdio.h>
+#include <errno.h>
+#include <getopt.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <fcntl.h>
+#include <string.h>
+#include <dirent.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <sys/apparmor.h>
+
+#include <libintl.h>
+#define _(s) gettext(s)
+
+/* TODO: implement config locations - value can change */
+#define DEFAULT_CONFIG_LOCATIONS "/etc/apparmor/parser.conf"
+#define DEFAULT_POLICY_LOCATIONS "/var/cache/apparmor:/etc/apparmor.d/cache.d:/etc/apparmor.d/cache"
+#define CACHE_FEATURES_FILE ".features"
+
+bool opt_debug = false;
+bool opt_verbose = false;
+bool opt_dryrun = false;
+bool opt_force = false;
+bool opt_config = false;
+
+#define warning(fmt, args...) _error(_("aa-load: WARN: " fmt "\n"), ## args)
+#define error(fmt, args...) _error(_("aa-load: ERROR: " fmt "\n"), ## args)
+static void _error(const char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ va_end(args);
+}
+
+#define verbose(fmt, args...) _debug(opt_verbose, _(fmt "\n"), ## args)
+#define debug(fmt, args...) _debug(opt_debug, _("aa-load: DEBUG: " fmt "\n"), ## args)
+static void _debug(bool opt_displayit, const char *fmt, ...)
+{
+ va_list args;
+
+ if (!opt_displayit)
+ return;
+
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ va_end(args);
+}
+
+static int have_enough_privilege(const char *command)
+{
+ uid_t uid, euid;
+
+ uid = getuid();
+ euid = geteuid();
+
+ if (uid != 0 && euid != 0) {
+ error("%s: Sorry. You need root privileges to run this program.\n",
+ command);
+ return EPERM;
+ }
+
+ if (uid != 0 && euid == 0) {
+ error("%s: Aborting! You've set this program setuid root.\n"
+ "Anybody who can run this program can update "
+ "your AppArmor profiles.\n", command);
+ exit(EXIT_FAILURE);
+ }
+
+ return 0;
+}
+
+
+static int load_config(const char *file)
+{
+ /* TODO */
+ return ENOENT;
+}
+
+/**
+ * load a single policy cache file to the kernel
+ */
+static int load_policy_file(const char *file)
+{
+ int rc = 0;
+
+ struct aa_kernel_interface *kernel_interface;
+
+ if (aa_kernel_interface_new(&kernel_interface, NULL, NULL)) {
+ rc = -errno;
+ error("Failed to open kernel interface '%s': %m", file);
+ return rc;
+ }
+ if (!opt_dryrun &&
+ aa_kernel_interface_replace_policy_from_file(kernel_interface,
+ AT_FDCWD, file)) {
+ rc = -errno;
+ error("Failed to load policy into kernel '%s': %m", file);
+ }
+ aa_kernel_interface_unref(kernel_interface);
+
+ return rc;
+}
+
+static void validate_features(const char *dir_path)
+{
+ aa_features *kernel_features;
+
+ if (aa_features_new_from_kernel(&kernel_features) == -1) {
+ error("Failed to obtain features: %m");
+ return;
+ }
+
+ if (aa_features_check(AT_FDCWD, dir_path, kernel_features) == -1) {
+ if (errno == ENOENT) {
+ /* features file does not exist
+ * not an issue when loading cache policies from dir
+ */
+ }
+ else if (errno == EEXIST) {
+ warning("Overlay features do not match kernel features");
+ }
+ }
+ aa_features_unref(kernel_features);
+}
+
+/**
+ * load a directory of policy cache files to the kernel
+ * This does not do a subdir search to find the kernel match but
+ * tries to load the dir regardless of whether its features match
+ *
+ * The hierarchy looks like
+ *
+ * dir/
+ * .features
+ * profile1
+ * ...
+ */
+
+static int load_policy_dir(const char *dir_path)
+{
+ DIR *d;
+ struct dirent *dir;
+ int rc = 0;
+ char *file;
+ size_t len;
+
+ validate_features(dir_path);
+
+ d = opendir(dir_path);
+ if (!d) {
+ rc = -errno;
+ error("Failed to open directory '%s': %m", dir_path);
+ return rc;
+ }
+
+ while ((dir = readdir(d)) != NULL) {
+ /* Only check regular files for now */
+ if (dir->d_type == DT_REG) {
+ /* As per POSIX dir->d_name has at most NAME_MAX characters */
+ len = strnlen(dir->d_name, NAME_MAX);
+ /* Ignores .features */
+ if (strncmp(dir->d_name, CACHE_FEATURES_FILE, len) == 0) {
+ continue;
+ }
+ if (asprintf(&file, "%s/%s", dir_path, dir->d_name) == -1) {
+ error("Failure allocating memory");
+ closedir(d);
+ return -1;
+ }
+ load_policy_file(file);
+ free(file);
+ file = NULL;
+ }
+ }
+ closedir(d);
+ return 0;
+}
+
+
+/**
+ * load_hashed_policy - find policy hashed dir and load it
+ *
+ * load/replace all policy from a policy hierarchy directory
+ *
+ * Returns: 0 on success < -errno
+ *
+ * It will find the subdir that matches the kernel and load all
+ * precompiled policy files from it.
+ *
+ * The hierarchy looks something like
+ *
+ * location/
+ * kernel_hash1.0/
+ * .features
+ * profile1
+ * ...
+ * kernel_hash2.0/
+ * .features
+ * profile1
+ * ...
+ */
+static int load_policy_by_hash(const char *location)
+{
+ aa_policy_cache *policy_cache = NULL;
+ int rc;
+
+ if ((rc = aa_policy_cache_new(&policy_cache, NULL, AT_FDCWD, location, 0))) {
+ rc = -errno;
+ error("Failed to open policy cache '%s': %m", location);
+ return rc;
+ }
+
+ if (opt_debug) {
+ /* show hash directory under location that matches the
+ * current kernel
+ */
+ char *cache_loc = aa_policy_cache_dir_path_preview(NULL, AT_FDCWD, location);
+ if (!cache_loc) {
+ rc = -errno;
+ error("Failed to find cache location '%s': %m", location);
+ goto out;
+ }
+ debug("Loading cache from '%s'\n", cache_loc);
+ free(cache_loc);
+ }
+
+ if (!opt_dryrun) {
+ if ((rc = aa_policy_cache_replace_all(policy_cache, NULL)) < 0) {
+ error("Failed to load policy cache '%s': %m", location);
+ } else {
+ verbose("Success - Loaded policy cache '%s'", location);
+ }
+ }
+
+out:
+ aa_policy_cache_unref(policy_cache);
+
+ return rc;
+}
+
+/**
+ * load_arg - calls specific load functions for files and directories
+ *
+ * load/replace all policy files/dir in arg
+ *
+ * Returns: 0 on success, 1 on failure.
+ *
+ * It will load by hash subtree first, and fallback to a cache dir
+ * If not a directory, it will try to load it as a cache file
+ */
+static int load_arg(char *arg)
+{
+ char **location = NULL;
+ int i, n, rc = 0;
+
+
+ /* arg can specify an overlay of multiple cache locations */
+ if ((n = aa_split_overlay_str(arg, &location, 0, true)) == -1) {
+ error("Failed to parse overlay locations: %m");
+ return 1;
+ }
+
+ for (i = 0; i < n; i++) {
+ struct stat st;
+ debug("Trying to open %s", location[i]);
+ if (stat(location[i], &st) == -1) {
+ error("Failed stat of '%s': %m", location[i]);
+ rc = 1;
+ continue;
+ }
+ if (S_ISDIR(st.st_mode)) {
+ /* try hash dir subtree first */
+ if (load_policy_by_hash(location[i]) < 0) {
+ error("Failed load policy by hash '%s': %m", location[i]);
+ rc = 1;
+ }
+ /* fall back to cache dir */
+ if (load_policy_dir(location[i]) < 0) {
+ error("Failed load policy by directory '%s': %m", location[i]);
+ rc = 1;
+ }
+
+ } else if (load_policy_file(location[i]) < 0) {
+ rc = 1;
+ }
+ }
+
+ for (i = 0; i < n; i++)
+ free(location[i]);
+ free(location);
+ return rc;
+}
+
+static void print_usage(const char *command)
+{
+ printf("Usage: %s [OPTIONS] (cache file|cache dir|cache base dir)+\n"
+ "Load precompiled AppArmor policy from cache location(s)\n\n"
+ "Options:\n"
+ " -f, --force load policy even if abi does not match the kernel\n"
+ " -d, --debug display debug messages\n"
+ " -v, --verbose display progress and error messages\n"
+ " -n, --dry-run do everything except actual load\n"
+ " -h, --help this message\n",
+ command);
+}
+
+static const char *short_options = "c:dfvnh";
+struct option long_options[] = {
+ {"config", 1, 0, 'c'},
+ {"debug", 0, 0, 'd'},
+ {"force", 0, 0, 'f'},
+ {"verbose", 0, 0, 'v'},
+ {"dry-run", 0, 0, 'n'},
+ {"help", 0, 0, 'h'},
+ {NULL, 0, 0, 0},
+};
+
+static int process_args(int argc, char **argv)
+{
+ int c, o;
+
+ opterr = 1;
+ while ((c = getopt_long(argc, argv, short_options, long_options, &o)) != -1) {
+ switch(c) {
+ case 0:
+ error("error in argument processing\n");
+ exit(1);
+ break;
+ case 'd':
+ opt_debug = true;
+ break;
+ case 'f':
+ opt_force = true;
+ break;
+ case 'v':
+ opt_verbose = true;
+ break;
+ case 'n':
+ opt_dryrun = true;
+ break;
+ case 'h':
+ print_usage(argv[0]);
+ exit(0);
+ break;
+ case 'c':
+ /* TODO: reserved config location,
+ * act as a bad arg for now, when added update usage
+ */
+ //opt_config = true; uncomment when implemented
+ /* Fall through */
+ default:
+ error("unknown argument: '%s'\n\n", optarg);
+ print_usage(argv[1]);
+ exit(1);
+ break;
+ }
+ }
+
+ return optind;
+}
+
+int main(int argc, char **argv)
+{
+ int i, rc = 0;
+
+ optind = process_args(argc, argv);
+
+ if (!opt_dryrun && have_enough_privilege(argv[0]))
+ return 1;
+
+ /* if no location use the default one */
+ if (optind == argc) {
+ if (!opt_config && load_config(DEFAULT_CONFIG_LOCATIONS) == 0) {
+ verbose("Loaded policy config");
+ }
+ if ((rc = load_arg(DEFAULT_POLICY_LOCATIONS)))
+ verbose("Loading policy from default location '%s'", DEFAULT_POLICY_LOCATIONS);
+ else
+ debug("No policy specified, and no policy config or policy in default locations");
+ }
+ for (i = optind; i < argc; i++) {
+ /* Try to load all policy locations even if one fails
+ * but always return an error if any fail
+ */
+
+ int tmp = load_arg(argv[i]);
+ if (!rc)
+ rc = tmp;
+ }
+
+ return rc;
+}
diff --git a/binutils/aa_status.c b/binutils/aa_status.c
index 092bee55bf13d9f9779b3b59e1b3ec448db52d25..54754d90ce62c676edb0668a2ca8b6f7ce300378 100644
--- a/binutils/aa_status.c
+++ b/binutils/aa_status.c
@@ -7,6 +7,7 @@
*/
#define _GNU_SOURCE /* for asprintf() */
+#include <getopt.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -18,6 +19,7 @@
#include <errno.h>
#include <ctype.h>
#include <dirent.h>
+#include <regex.h>
#include <sys/apparmor.h>
#include <sys/apparmor_private.h>
@@ -40,12 +42,47 @@ static const unsigned char aa_status_json_version[] = "2";
#define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0]))
#define __unused __attribute__ ((__unused__))
+struct filter_set {
+ regex_t mode;
+ regex_t profile;
+ regex_t pid;
+ regex_t exe;
+};
+
+typedef struct {
+ regex_t *mode;
+ regex_t *profile;
+ regex_t *pid;
+ regex_t *exe;
+} filters_t;
+
+static void init_filters(filters_t *filters, struct filter_set *base) {
+ filters->mode = &base->mode;
+ filters->profile = &base->profile;
+ filters->pid = &base->pid;
+ filters->exe = &base->exe;
+};
+
+static void free_filters(filters_t *filters)
+{
+ if (filters->mode)
+ regfree(filters->mode);
+ if (filters->profile)
+ regfree(filters->profile);
+ if (filters->pid)
+ regfree(filters->pid);
+ if (filters->exe)
+ regfree(filters->exe);
+}
+
struct profile {
char *name;
char *status;
};
static void free_profiles(struct profile *profiles, size_t n) {
+ if (!profiles)
+ return;
while (n > 0) {
n--;
free(profiles[n].name);
@@ -62,76 +99,108 @@ struct process {
};
static void free_processes(struct process *processes, size_t n) {
+ if (!processes)
+ return;
while (n > 0) {
n--;
free(processes[n].pid);
free(processes[n].profile);
free(processes[n].exe);
free(processes[n].mode);
- }
+ }
free(processes);
}
-static int verbose = 0;
+#define SHOW_PROFILES 1
+#define SHOW_PROCESSES 2
+
+static int verbose = 1;
+static bool quiet = false;
+int opt_show = SHOW_PROFILES | SHOW_PROCESSES;
+bool opt_json = false;
+bool opt_pretty = false;
+bool opt_count = false;
+const char *opt_mode = ".*";
+const char *opt_profiles = ".*";
+const char *opt_pid = ".*";
+const char *opt_exe = ".*";
+
+const char *profile_statuses[] = {"enforce", "complain", "prompt", "kill", "unconfined"};
+const char *process_statuses[] = {"enforce", "complain", "prompt", "kill", "unconfined", "mixed"};
+
+#define eprintf(...) \
+do { \
+ if (!quiet) \
+ fprintf(stderr, __VA_ARGS__); \
+} while (0)
-#define dprintf(...) \
+#define dprintf(...) \
do { \
- if (verbose) \
+ if (verbose && !opt_json) \
printf(__VA_ARGS__); \
} while (0)
#define dfprintf(...) \
do { \
- if (verbose) \
+ if (verbose && !opt_json) \
fprintf(__VA_ARGS__); \
} while (0)
-static int get_profiles(struct profile **profiles, size_t *n) {
+static int open_profiles(FILE **fp)
+{
autofree char *apparmorfs = NULL;
autofree char *apparmor_profiles = NULL;
struct stat st;
- autofclose FILE *fp = NULL;
- autofree char *line = NULL;
- size_t len = 0;
int ret;
- *profiles = NULL;
- *n = 0;
-
ret = stat("/sys/module/apparmor", &st);
if (ret != 0) {
- dfprintf(stderr, "apparmor not present.\n");
- ret = AA_EXIT_DISABLED;
- goto exit;
- }
+ eprintf("apparmor not present.\n");
+ return AA_EXIT_DISABLED;
+ }
dprintf("apparmor module is loaded.\n");
ret = aa_find_mountpoint(&apparmorfs);
if (ret == -1) {
- dfprintf(stderr, "apparmor filesystem is not mounted.\n");
- ret = AA_EXIT_NO_CONTROL;
- goto exit;
- }
+ eprintf("apparmor filesystem is not mounted.\n");
+ return AA_EXIT_NO_CONTROL;
+ }
apparmor_profiles = malloc(strlen(apparmorfs) + 10); // /profiles\0
if (apparmor_profiles == NULL) {
- ret = AA_EXIT_INTERNAL_ERROR;
- goto exit;
- }
+ return AA_EXIT_INTERNAL_ERROR;
+ }
sprintf(apparmor_profiles, "%s/profiles", apparmorfs);
- fp = fopen(apparmor_profiles, "r");
- if (fp == NULL) {
+ *fp = fopen(apparmor_profiles, "r");
+ if (*fp == NULL) {
if (errno == EACCES) {
- dfprintf(stderr, "You do not have enough privilege to read the profile set.\n");
+ eprintf("You do not have enough privilege to read the profile set.\n");
} else {
- dfprintf(stderr, "Could not open %s: %s", apparmor_profiles, strerror(errno));
+ eprintf("Could not open %s: %s", apparmor_profiles, strerror(errno));
}
- ret = AA_EXIT_NO_PERM;
- goto exit;
+ return AA_EXIT_NO_PERM;
}
+ return 0;
+}
+
+/**
+ * get_profiles - get a listing of profiles on the system
+ * @fp: opened apparmor profiles file
+ * @profiles: return: list of profiles
+ * @n: return: number of elements in @profiles
+ *
+ * Return: 0 on success, shell error on failure
+ */
+static int get_profiles(FILE *fp, struct profile **profiles, size_t *n) {
+ autofree char *line = NULL;
+ size_t len = 0;
+
+ *profiles = NULL;
+ *n = 0;
+
while (getline(&line, &len, fp) != -1) {
struct profile *_profiles;
autofree char *status = NULL;
@@ -139,31 +208,27 @@ static int get_profiles(struct profile **profiles, size_t *n) {
char *tmpname = aa_splitcon(line, &status);
if (!tmpname) {
- dfprintf(stderr, "Error: failed profile name split of '%s'.\n", line);
- ret = AA_EXIT_INTERNAL_ERROR;
+ eprintf("Error: failed profile name split of '%s'.\n", line);
// skip this entry and keep processing
+ // else would be AA_EXIT_INTERNAL_ERROR;
continue;
}
name = strdup(tmpname);
- if (status)
- status = strdup(status);
- // give up if out of memory
- if (name == NULL || status == NULL) {
- free_profiles(*profiles, *n);
- *profiles = NULL;
- *n = 0;
- ret = AA_EXIT_INTERNAL_ERROR;
- break;
+ if (status) {
+ if (strcmp(status, "user") == 0)
+ status = strdup("prompt");
+ else
+ status = strdup(status);
}
+ // give up if out of memory
+ if (name == NULL || status == NULL)
+ goto err;
+
_profiles = realloc(*profiles, (*n + 1) * sizeof(**profiles));
- if (_profiles == NULL) {
- free_profiles(*profiles, *n);
- *profiles = NULL;
- *n = 0;
- ret = AA_EXIT_INTERNAL_ERROR;
- break;
- }
+ if (_profiles == NULL)
+ goto err;
+
// steal name and status
_profiles[*n].name = name;
_profiles[*n].status = status;
@@ -173,8 +238,13 @@ static int get_profiles(struct profile **profiles, size_t *n) {
*profiles = _profiles;
}
-exit:
- return ret == 0 ? (*n > 0 ? AA_EXIT_ENABLED : AA_EXIT_NO_POLICY) : ret;
+ return *n > 0 ? AA_EXIT_ENABLED : AA_EXIT_NO_POLICY;
+
+err:
+ free_profiles(*profiles, *n);
+ *profiles = NULL;
+ *n = 0;
+ return AA_EXIT_INTERNAL_ERROR;
}
static int compare_profiles(const void *a, const void *b) {
@@ -182,9 +252,19 @@ static int compare_profiles(const void *a, const void *b) {
((struct profile *)b)->name);
}
+/**
+ * filter_profiles - create a filtered profile list
+ * @profiles: list of profiles
+ * @n: number of elements in @profiles
+ * @filters: filters to apply
+ * @filtered: return: new list of profiles that match the filter
+ * @nfiltered: return: number of elements in @filtered
+ *
+ * Return: 0 on success, shell error on failure
+ */
static int filter_profiles(struct profile *profiles,
size_t n,
- const char *filter,
+ filters_t *filters,
struct profile **filtered,
size_t *nfiltered)
{
@@ -195,7 +275,9 @@ static int filter_profiles(struct profile *profiles,
*nfiltered = 0;
for (i = 0; i < n; i++) {
- if (filter == NULL || strcmp(profiles[i].status, filter) == 0) {
+ if (regexec(filters->mode, profiles[i].status, 0, NULL, 0) != 0)
+ continue;
+ if (regexec(filters->profile, profiles[i].name, 0, NULL, 0) == 0) {
struct profile *_filtered = realloc(*filtered, (*nfiltered + 1) * sizeof(**filtered));
if (_filtered == NULL) {
free_profiles(*filtered, *nfiltered);
@@ -203,7 +285,7 @@ static int filter_profiles(struct profile *profiles,
*nfiltered = 0;
ret = AA_EXIT_INTERNAL_ERROR;
break;
- }
+ }
_filtered[*nfiltered].name = strdup(profiles[i].name);
_filtered[*nfiltered].status = strdup(profiles[i].status);
*filtered = _filtered;
@@ -216,6 +298,17 @@ static int filter_profiles(struct profile *profiles,
return ret;
}
+/**
+ * get_processes - get a list of processes that are confined
+ * @profiles: list of profiles, used to filter out unconfined processes
+ * @n: number of entries in @procfiles
+ * @processes: return: list of confined processes
+ * @nprocesses: return: number of entries in @processes
+ *
+ * Return: 0 on success, shell exit code on failure
+ *
+ * profiles is used to find prcesses that should be confined but aren't.
+ */
static int get_processes(struct profile *profiles,
size_t n,
struct process **processes,
@@ -232,7 +325,7 @@ static int get_processes(struct profile *profiles,
if (dir == NULL) {
ret = AA_EXIT_INTERNAL_ERROR;
goto exit;
- }
+ }
while ((entry = readdir(dir)) != NULL) {
size_t i;
int rc;
@@ -258,12 +351,15 @@ static int get_processes(struct profile *profiles,
continue;
} else if (rc == -1 ||
asprintf(&exe, "/proc/%s/exe", entry->d_name) == -1) {
- fprintf(stderr, "ERROR: Failed to allocate memory\n");
+ eprintf("ERROR: Failed to allocate memory\n");
ret = AA_EXIT_INTERNAL_ERROR;
goto exit;
} else if (mode) {
/* TODO: make this not needed. Mode can now be autofreed */
- mode = strdup(mode);
+ if (strcmp(mode, "user") == 0)
+ mode = strdup("prompt");
+ else
+ mode = strdup(mode);
}
// get executable - readpath can allocate for us but seems
// to fail in some cases with errno 2 - no such file or
@@ -278,7 +374,7 @@ static int get_processes(struct profile *profiles,
// ensure enough space for NUL terminator
real_exe = calloc(PATH_MAX + 1, sizeof(char));
if (real_exe == NULL) {
- fprintf(stderr, "ERROR: Failed to allocate memory\n");
+ eprintf("ERROR: Failed to allocate memory\n");
ret = AA_EXIT_INTERNAL_ERROR;
goto exit;
}
@@ -293,6 +389,8 @@ static int get_processes(struct profile *profiles,
if (mode == NULL) {
// is unconfined so keep only if this has a
// matching profile. TODO: fix to use attachment
+ // ideally would walk process tree and apply
+ // according to x rules and attachments
for (i = 0; i < n; i++) {
if (strcmp(profiles[i].name, real_exe) == 0) {
profile = strdup(real_exe);
@@ -330,9 +428,19 @@ exit:
return ret;
}
+/**
+ * filter_processes: create a new filtered process list by applying @filter
+ * @processes: list of processes to filter
+ * @n: number of entries in @processes
+ * @filters: regex filters @processes against
+ * @filtered: return: new list of processes matching filter
+ * @nfiltered: number of entries in @filtered
+ *
+ * Return: 0 on success, shell exit value on failure
+ */
static int filter_processes(struct process *processes,
size_t n,
- const char *filter,
+ filters_t *filters,
struct process **filtered,
size_t *nfiltered)
{
@@ -343,7 +451,14 @@ static int filter_processes(struct process *processes,
*nfiltered = 0;
for (i = 0; i < n; i++) {
- if (filter == NULL || strcmp(processes[i].mode, filter) == 0) {
+ if (regexec(filters->mode, processes[i].mode, 0, NULL, 0) != 0)
+ continue;
+ if (regexec(filters->pid, processes[i].pid, 0, NULL, 0) != 0)
+ continue;
+ if (regexec(filters->exe, processes[i].exe, 0, NULL, 0) != 0)
+ continue;
+ if (regexec(filters->profile, processes[i].profile, 0, NULL, 0) == 0)
+ {
struct process *_filtered = realloc(*filtered, (*nfiltered + 1) * sizeof(**filtered));
if (_filtered == NULL) {
free_processes(*filtered, *nfiltered);
@@ -360,165 +475,216 @@ static int filter_processes(struct process *processes,
*nfiltered = *nfiltered + 1;
}
}
+
return ret;
}
/**
- * Returns error code if AppArmor is not enabled
+ * simple_filtered_count - count the number of profiles with mode == filter
+ * @outf: output file destination
+ * @filters: filters to filter profiles on
+ * @profiles: profiles list to filter
+ * @nprofiles: number of entries in @profiles
+ *
+ * Return: 0 on success, else shell error code
*/
-static int simple_filtered_count(const char *filter) {
- size_t n;
- struct profile *profiles;
+static int simple_filtered_count(FILE *outf, filters_t *filters, bool json,
+ struct profile *profiles, size_t nprofiles)
+{
+ struct profile *filtered = NULL;
+ size_t nfiltered;
int ret;
- ret = get_profiles(&profiles, &n);
- if (ret == 0) {
- size_t nfiltered;
- struct profile *filtered = NULL;
- ret = filter_profiles(profiles, n, filter, &filtered, &nfiltered);
- printf("%zd\n", nfiltered);
- free_profiles(filtered, nfiltered);
- }
- free_profiles(profiles, n);
- return ret;
-}
+ ret = filter_profiles(profiles, nprofiles, filters,
+ &filtered, &nfiltered);
-static int simple_filtered_process_count(const char *filter) {
- size_t nprocesses, nprofiles;
- struct profile *profiles = NULL;
- struct process *processes = NULL;
- int ret;
+ if (!json) {
+ fprintf(outf, "%zd\n", nfiltered);
+ } else {
+ fprintf(outf, "\"profile_count\": %zd", nfiltered);
+ }
- ret = get_profiles(&profiles, &nprofiles);
- if (ret != 0)
- return ret;
- ret = get_processes(profiles, nprofiles, &processes, &nprocesses);
- if (ret == 0) {
- size_t nfiltered;
- struct process *filtered = NULL;
- ret = filter_processes(processes, nprocesses, filter, &filtered, &nfiltered);
- printf("%zd\n", nfiltered);
- free_processes(filtered, nfiltered);
- }
- free_profiles(profiles, nprofiles);
- free_processes(processes, nprocesses);
- return ret;
-}
+ free_profiles(filtered, nfiltered);
-static int cmd_enabled(__unused const char *command) {
- int res = aa_is_enabled();
- return res == 1 ? 0 : 1;
+ return ret;
}
+/**
+ * simple_filtered_process_count - count processes with mode == filter
+ * @outf: output file destination
+ * @filters: filters to filter processes on
+ * @processes: process list to filter
+ * @nprocesses: number of entries in @processes
+ *
+ * Return: 0 on success, else shell error code
+ */
+static int simple_filtered_process_count(FILE *outf, filters_t *filters, bool json,
+ struct process *processes, size_t nprocesses) {
+ struct process *filtered = NULL;
+ size_t nfiltered;
+ int ret;
-static int cmd_profiled(__unused const char *command) {
- return simple_filtered_count(NULL);
-}
+ ret = filter_processes(processes, nprocesses, filters, &filtered,
+ &nfiltered);
+ if (!json) {
+ fprintf(outf, "%zd\n", nfiltered);
+ } else {
+ fprintf(outf, "\"process_count\": %zd", nfiltered);
+ }
+
+ free_processes(filtered, nfiltered);
-static int cmd_enforced(__unused const char *command) {
- return simple_filtered_count("enforce");
+ return ret;
}
-static int cmd_complaining(__unused const char *command) {
- return simple_filtered_count("complain");
-}
-static int cmd_kill(__unused const char *command) {
- return simple_filtered_count("kill");
+static int compare_processes_by_profile(const void *a, const void *b) {
+ return strcmp(((struct process *)a)->profile,
+ ((struct process *)b)->profile);
}
-static int cmd_unconfined(__unused const char *command) {
- return simple_filtered_count("unconfined");
+static int compare_processes_by_executable(const void *a, const void *b) {
+ return strcmp(((struct process *)a)->exe,
+ ((struct process *)b)->exe);
}
-static int cmd_process_mixed(__unused const char *command) {
- return simple_filtered_process_count("mixed");
+static void json_header(FILE *outf)
+{
+ fprintf(outf, "{\"version\": \"%s\"", aa_status_json_version);
}
-
-static int compare_processes_by_profile(const void *a, const void *b) {
- return strcmp(((struct process *)a)->profile,
- ((struct process *)b)->profile);
+static void json_seperator(FILE *outf)
+{
+ fprintf(outf, ", ");
}
-static int compare_processes_by_executable(const void *a, const void *b) {
- return strcmp(((struct process *)a)->exe,
- ((struct process *)b)->exe);
+static void json_footer(FILE *outf)
+{
+ fprintf(outf, "}\n");
}
-static int detailed_output(FILE *json) {
- size_t nprofiles = 0, nprocesses = 0;
- struct profile *profiles = NULL;
- struct process *processes = NULL;
- const char *profile_statuses[] = {"enforce", "complain", "kill", "unconfined"};
- const char *process_statuses[] = {"enforce", "complain", "unconfined", "mixed", "kill"};
+/**
+ * detailed_profiles - output a detailed listing of apparmor profile status
+ * @outf: output file
+ * @filters: filters to apply
+ * @json: whether output should be in json format
+ * @profiles: list of profiles to output
+ * @nprofiles: number of profiles in @profiles
+ *
+ * Return: 0 on success, else shell error
+ */
+static int detailed_profiles(FILE *outf, filters_t *filters, bool json,
+ struct profile *profiles, size_t nprofiles) {
int ret;
size_t i;
- int need_finish = 0;
-
- ret = get_profiles(&profiles, &nprofiles);
- if (ret != 0) {
- goto exit;
- }
- ret = get_processes(profiles, nprofiles, &processes, &nprocesses);
- if (ret != 0) {
- dfprintf(stderr, "Failed to get processes: %d....\n", ret);
- goto exit;
- }
if (json) {
- fprintf(json, "{\"version\": \"%s\", \"profiles\": {", aa_status_json_version);
+ fprintf(outf, "\"profiles\": {");
} else {
- dprintf("%zd profiles are loaded.\n", nprofiles);
+ dfprintf(outf, "%zd profiles are loaded.\n", nprofiles);
}
for (i = 0; i < ARRAY_SIZE(profile_statuses); i++) {
size_t nfiltered = 0, j;
struct profile *filtered = NULL;
- ret = filter_profiles(profiles, nprofiles, profile_statuses[i], &filtered, &nfiltered);
+ filters_t subfilters = *filters;
+ regex_t mode_filter;
+
+ if (regexec(filters->mode, profile_statuses[i], 0, NULL, 0) == REG_NOMATCH)
+ /* skip processing for entries that don't match filter*/
+ continue;
+ /* need subfilter as we want to split on matches to specific
+ * status
+ */
+ subfilters.mode = &mode_filter;
+ if (regcomp(&mode_filter, profile_statuses[i], REG_NOSUB) != 0) {
+ eprintf("Error: failed to compile sub filter '%s'\n",
+ profile_statuses[i]);
+ return AA_EXIT_INTERNAL_ERROR;
+ }
+ ret = filter_profiles(profiles, nprofiles, &subfilters, &filtered, &nfiltered);
+ regfree(&mode_filter);
if (ret != 0) {
- goto exit;
+ return ret;
}
if (!json) {
- dprintf("%zd profiles are in %s mode.\n", nfiltered, profile_statuses[i]);
+ dfprintf(outf, "%zd profiles are in %s mode.\n", nfiltered, profile_statuses[i]);
}
for (j = 0; j < nfiltered; j++) {
if (json) {
- fprintf(json, "%s\"%s\": \"%s\"",
+ fprintf(outf, "%s\"%s\": \"%s\"",
i == 0 && j == 0 ? "" : ", ", filtered[j].name, profile_statuses[i]);
} else {
- dprintf(" %s\n", filtered[j].name);
+ dfprintf(outf, " %s\n", filtered[j].name);
}
}
free_profiles(filtered, nfiltered);
}
+ if (json)
+ fprintf(outf, "}");
+
+ return AA_EXIT_ENABLED;
+}
+
+
+/**
+ * detailed_processses - output a detailed listing of apparmor process status
+ * @outf: output file
+ * @filters: filter regexs
+ * @json: whether output should be in json format
+ * @processes: list of processes to output
+ * @nprocesses: number of processes in @processes
+ *
+ * Return: 0 on success, else shell error
+ */
+static int detailed_processes(FILE *outf, filters_t *filters, bool json,
+ struct process *processes, size_t nprocesses) {
+ int ret = 0;
+ size_t i;
+ int need_finish = 0;
+
if (json) {
- fprintf(json, "}, \"processes\": {");
+ fprintf(outf, "\"processes\": {");
} else {
- dprintf("%zd processes have profiles defined.\n", nprocesses);
+ dfprintf(outf, "%zd processes have profiles defined.\n", nprocesses);
}
for (i = 0; i < ARRAY_SIZE(process_statuses); i++) {
size_t nfiltered = 0, j;
struct process *filtered = NULL;
- ret = filter_processes(processes, nprocesses, process_statuses[i], &filtered, &nfiltered);
- if (ret != 0) {
- goto exit;
+ filters_t subfilters = *filters;
+ regex_t mode_filter;
+ if (regexec(filters->mode, process_statuses[i], 0, NULL, 0) == REG_NOMATCH)
+ /* skip processing for entries that don't match filter*/
+ continue;
+ /* need sub_filter as we want to split on matches to specific
+ * status
+ */
+ subfilters.mode = &mode_filter;
+ if (regcomp(&mode_filter, process_statuses[i], REG_NOSUB) != 0) {
+ eprintf("Error: failed to compile sub filter '%s'\n",
+ profile_statuses[i]);
+ return AA_EXIT_INTERNAL_ERROR;
}
+ ret = filter_processes(processes, nprocesses, &subfilters, &filtered, &nfiltered);
+ regfree(&mode_filter);
+ if (ret != 0)
+ goto exit;
+
if (!json) {
if (strcmp(process_statuses[i], "unconfined") == 0) {
- dprintf("%zd processes are unconfined but have a profile defined.\n", nfiltered);
+ dfprintf(outf, "%zd processes are unconfined but have a profile defined.\n", nfiltered);
} else {
- dprintf("%zd processes are in %s mode.\n", nfiltered, process_statuses[i]);
+ dfprintf(outf, "%zd processes are in %s mode.\n", nfiltered, process_statuses[i]);
}
}
if (!json) {
qsort(filtered, nfiltered, sizeof(*filtered), compare_processes_by_profile);
for (j = 0; j < nfiltered; j++) {
- dprintf(" %s (%s) %s\n", filtered[j].exe, filtered[j].pid,
+ dfprintf(outf, " %s (%s) %s\n", filtered[j].exe, filtered[j].pid,
// hide profile name if matches executable
(strcmp(filtered[j].profile, filtered[j].exe) == 0 ?
"" :
@@ -530,10 +696,10 @@ static int detailed_output(FILE *json) {
for (j = 0; j < nfiltered; j++) {
if (j > 0 && strcmp(filtered[j].exe, filtered[j - 1].exe) == 0) {
// same executable
- fprintf(json, ", {\"profile\": \"%s\", \"pid\": \"%s\", \"status\": \"%s\"}",
+ fprintf(outf, ", {\"profile\": \"%s\", \"pid\": \"%s\", \"status\": \"%s\"}",
filtered[j].profile, filtered[j].pid, filtered[j].mode);
} else {
- fprintf(json, "%s\"%s\": [{\"profile\": \"%s\", \"pid\": \"%s\", \"status\": \"%s\"}",
+ fprintf(outf, "%s\"%s\": [{\"profile\": \"%s\", \"pid\": \"%s\", \"status\": \"%s\"}",
// first element will be a unique executable
j == 0 && !need_finish ? "" : "], ",
filtered[j].exe, filtered[j].profile, filtered[j].pid, filtered[j].mode);
@@ -541,136 +707,410 @@ static int detailed_output(FILE *json) {
need_finish = 1;
}
+
}
free_processes(filtered, nfiltered);
}
if (json) {
if (need_finish > 0) {
- fprintf(json, "]");
+ fprintf(outf, "]");
}
- fprintf(json, "}}\n");
+
+ fprintf(outf, "}");
}
exit:
- free_processes(processes, nprocesses);
- free_profiles(profiles, nprofiles);
- return ret == 0 ? (nprofiles > 0 ? AA_EXIT_ENABLED : AA_EXIT_NO_POLICY) : ret;
+ return ret;
}
-static int cmd_json(__unused const char *command) {
- detailed_output(stdout);
+
+static int print_legacy(const char *command)
+{
+ printf("Usage: %s [OPTIONS]\n"
+ "Legacy options and their equivalent command\n"
+ " --profiled --count --profiles\n"
+ " --enforced --count --profiles --mode=enforced\n"
+ " --complaining --count --profiles --mode=complain\n"
+ " --kill --count --profiles --mode=kill\n"
+ " --prompt --count --profiles --mode=prompt\n"
+ " --special-unconfined --count --profiles --mode=unconfined\n"
+ " --process-mixed --count --ps --mode=mixed\n",
+ command);
+
+ exit(0);
return 0;
}
-static int cmd_pretty_json(__unused const char *command) {
- autofree char *buffer = NULL;
- autofree char *pretty = NULL;
- cJSON *json;
- FILE *f; /* no autofclose - want explicit close to sync */
- size_t size;
- int ret;
-
- f = open_memstream(&buffer, &size);
- if (!f) {
- dfprintf(stderr, "Failed to open memstream: %m\n");
- return AA_EXIT_INTERNAL_ERROR;
+static int usage_filters(void)
+{
+ long unsigned int i;
+
+ printf("Usage of filters\n"
+ "Filters are used to reduce the output of information to only\n"
+ "those entries that will match the filter. Filters use posix\n"
+ "regular expression syntax. The possible values for exes that\n"
+ "support filters are below\n\n"
+ " --filter.mode: regular expression to match the profile mode"
+ " modes: enforce, complain, kill, unconfined, mixed\n"
+ " --filter.profiles: regular expression to match displayed profile names\n"
+ " --filter.pid: regular expression to match displayed processes pids\n"
+ " --filter.exe: regular expression to match executable\n"
+ );
+ for (i = 0; i < ARRAY_SIZE(process_statuses); i++) {
+ printf("%s%s", i ? ", " : "", process_statuses[i]);
}
+ printf("\n");
- ret = detailed_output(f);
- fclose(f);
- if (ret)
- return ret;
+ exit(0);
+ return 0;
+}
- json = cJSON_Parse(buffer);
- if (!json) {
- dfprintf(stderr, "Failed to parse json output");
- return AA_EXIT_INTERNAL_ERROR;
- }
+static int print_usage(const char *command, bool error)
+{
+ int status = EXIT_SUCCESS;
- pretty = cJSON_Print(json);
- if (!pretty) {
- dfprintf(stderr, "Failed to print pretty json");
- return AA_EXIT_INTERNAL_ERROR;
+ if (error) {
+ status = EXIT_FAILURE;
}
- fprintf(stdout, "%s\n", pretty);
- return AA_EXIT_ENABLED;
-}
-
-static int cmd_verbose(__unused const char *command) {
- verbose = 1;
- return detailed_output(NULL);
-}
-
-static int print_usage(const char *command)
-{
printf("Usage: %s [OPTIONS]\n"
"Displays various information about the currently loaded AppArmor policy.\n"
+ "Default if no options given\n"
+ " --show=all\n\n"
"OPTIONS (one only):\n"
" --enabled returns error code if AppArmor not enabled\n"
- " --profiled prints the number of loaded policies\n"
- " --enforced prints the number of loaded enforcing policies\n"
- " --complaining prints the number of loaded non-enforcing policies\n"
- " --kill prints the number of loaded enforcing policies that kill tasks on policy violations\n"
- " --special-unconfined prints the number of loaded non-enforcing policies in the special unconfined mode\n"
- " --process-mixed prints the number processes with mixed profile modes\n"
+ " --show=X What information to show. {profiles,processes,all}\n"
+ " --count print the number of entries. Implies --quiet\n"
+ " --filter.mode=filter see filters\n"
+ " --filter.profiles=filter see filters\n"
+ " --filter.pid=filter see filters\n"
+ " --filter.exe=filter see filters\n"
" --json displays multiple data points in machine-readable JSON format\n"
" --pretty-json same data as --json, formatted for human consumption as well\n"
- " --verbose (default) displays multiple data points about loaded policy set\n"
- " --help this message\n",
+ " --verbose (default) displays data points about loaded policy set\n"
+ " --quiet don't output error messages\n"
+ " -h[(legacy|filters)] this message, or info on the specified option\n"
+ " --help[=(legacy|filters)] this message, or info on the specified option\n",
command);
+
+ exit(status);
+
return 0;
}
-struct command {
- const char * const name;
- int (*cmd)(const char *command);
-};
-static struct command commands[] = {
- {"--enabled", cmd_enabled},
- {"--profiled", cmd_profiled},
- {"--enforced", cmd_enforced},
- {"--complaining", cmd_complaining},
- {"--kill", cmd_kill},
- {"--special-unconfined", cmd_unconfined},
- {"--process-mixed", cmd_process_mixed},
- {"--json", cmd_json},
- {"--pretty-json", cmd_pretty_json},
- {"--verbose", cmd_verbose},
- {"-v", cmd_verbose},
- {"--help", print_usage},
- {"-h", print_usage},
-};
+#define ARG_ENABLED 129
+#define ARG_PROFILED 130
+#define ARG_ENFORCED 131
+#define ARG_COMPLAIN 132
+#define ARG_KILL 133
+#define ARG_UNCONFINED 134
+#define ARG_PS_MIXED 135
+#define ARG_JSON 136
+#define ARG_PRETTY 137
+#define ARG_COUNT 138
+#define ARG_SHOW 139
+#define ARG_MODE 140
+#define ARG_PROFILES 141
+#define ARG_PID 142
+#define ARG_EXE 143
+#define ARG_PROMPT 144
+#define ARG_VERBOSE 'v'
+#define ARG_QUIET 'q'
+#define ARG_HELP 'h'
+
+static int parse_args(int argc, char **argv)
+{
+ int opt;
+ struct option long_opts[] = {
+ {"enabled", no_argument, 0, ARG_ENABLED},
+ {"profiled", no_argument, 0, ARG_PROFILED},
+ {"enforced", no_argument, 0, ARG_ENFORCED},
+ {"complaining", no_argument, 0, ARG_COMPLAIN},
+ {"prompt", no_argument, 0, ARG_PROMPT},
+ {"kill", no_argument, 0, ARG_KILL},
+ {"special-unconfined", no_argument, 0, ARG_UNCONFINED},
+ {"process-mixed", no_argument, 0, ARG_PS_MIXED},
+ {"json", no_argument, 0, ARG_JSON},
+ {"pretty-json", no_argument, 0, ARG_PRETTY},
+ {"verbose", no_argument, 0, ARG_VERBOSE},
+ {"quiet", no_argument, 0, ARG_QUIET},
+ {"help", 2, 0, ARG_HELP},
+ {"count", no_argument, 0, ARG_COUNT},
+ {"show", 1, 0, ARG_SHOW},
+ {"filter.profiles", 1, 0, ARG_PROFILES},
+ {"filter.pid", 1, 0, ARG_PID},
+ {"filter.exe", 1, 0, ARG_EXE},
+ {"filter.mode", 1, 0, ARG_MODE},
+ {NULL, 0, 0, 0},
+ };
+
+ // Using exit here is temporary
+ while ((opt = getopt_long(argc, argv, "+vh::", long_opts, NULL)) != -1) {
+ switch (opt) {
+ case ARG_ENABLED:
+ exit(aa_is_enabled() == 1 ? 0 : AA_EXIT_DISABLED);
+ break;
+ case ARG_VERBOSE:
+ verbose = 1;
+ /* default opt_mode */
+ /* default opt_show */
+ break;
+ case ARG_QUIET:
+ quiet = true;
+ break;
+ case ARG_HELP:
+ if (!optarg) {
+ print_usage(argv[0], false);
+ } else if (strcmp(optarg, "legacy") == 0) {
+ print_legacy(argv[0]);
+ } else if (strcmp(optarg, "filters") == 0) {
+ usage_filters();
+ } else {
+ eprintf("Error: Invalid --help option '%s'.\n", optarg);
+ print_usage(argv[0], true);
+ break;
+ }
+ break;
+ case ARG_PROFILED:
+ verbose = false;
+ opt_count = true;
+ opt_show = SHOW_PROFILES;
+ /* default opt_mode */
+ break;
+ case ARG_ENFORCED:
+ verbose = false;
+ opt_count = true;
+ opt_show = SHOW_PROFILES;
+ opt_mode = "enforce";
+ break;
+ case ARG_COMPLAIN:
+ verbose = false;
+ opt_count = true;
+ opt_show = SHOW_PROFILES;
+ opt_mode = "complain";
+ break;
+ case ARG_PROMPT:
+ verbose = false;
+ opt_count = true;
+ opt_show = SHOW_PROFILES;
+ opt_mode = "prompt";
+ break;
+ case ARG_UNCONFINED:
+ verbose = false;
+ opt_count = true;
+ opt_show = SHOW_PROFILES;
+ opt_mode = "unconfined";
+ break;
+ case ARG_KILL:
+ verbose = false;
+ opt_count = true;
+ opt_show = SHOW_PROFILES;
+ opt_mode = "kill";
+ break;
+ case ARG_PS_MIXED:
+ verbose = false;
+ opt_count = true;
+ opt_show = SHOW_PROCESSES;
+ opt_mode = "mixed";
+ break;
+ case ARG_JSON:
+ opt_json = true;
+ /* default opt_show */
+ break;
+ case ARG_PRETTY:
+ opt_pretty = true;
+ opt_json = true;
+ /* default opt_show */
+ break;
+ case ARG_COUNT:
+ opt_count = true;
+ /* default opt_show */
+ break;
+ case ARG_SHOW:
+ if (strcmp(optarg, "all") == 0) {
+ opt_show = SHOW_PROFILES | SHOW_PROCESSES;
+ } else if (strcmp(optarg, "profiles") == 0) {
+ opt_show = SHOW_PROFILES;
+ } else if (strcmp(optarg, "processes") == 0) {
+ opt_show = SHOW_PROCESSES;
+ } else {
+ eprintf("Error: Invalid --show option '%s'.\n", optarg);
+ print_usage(argv[0], true);
+ break;
+ }
+ break;
+ case ARG_PROFILES:
+ opt_profiles = optarg;
+ /* default opt_mode */
+ break;
+ case ARG_PID:
+ opt_pid = optarg;
+ /* default opt_mode */
+ break;
+ case ARG_MODE:
+ opt_mode = optarg;
+ break;
+ case ARG_EXE:
+ opt_exe = optarg;
+ /* default opt_mode */
+ break;
+
+ default:
+ eprintf("Error: Invalid command.\n");
+ print_usage(argv[0], true);
+ break;
+ }
+ }
+
+ return optind;
+}
int main(int argc, char **argv)
{
+ autofree char *buffer = NULL; /* pretty print buffer */
+ size_t buffer_size;
+ autofclose FILE *fp = NULL;
+ size_t nprofiles = 0;
+ struct profile *profiles = NULL;
int ret = EXIT_SUCCESS;
- int _ret;
- int (*cmd)(const char*) = cmd_verbose;
-
- if (argc > 2) {
- dfprintf(stderr, "Error: Too many options.\n");
- cmd = print_usage;
- ret = EXIT_FAILURE;
- } else if (argc == 2) {
- int (*_cmd)(const char*) = NULL;
- size_t i;
- for (i = 0; i < ARRAY_SIZE(commands); i++) {
- if (strcmp(argv[1], commands[i].name) == 0) {
- _cmd = commands[i].cmd;
- break;
- }
+ const char *progname = argv[0];
+ FILE *outf = stdout, *outf_save = NULL;
+ struct filter_set filter_set;
+ filters_t filters;
+
+ if (argc > 1) {
+ int pos = parse_args(argc, argv);
+ if (pos < argc) {
+ eprintf("Error: Unknown options.\n");
+ print_usage(progname, true);
+ }
+ } else {
+ verbose = 1;
+ /* default opt_show */
+ /* default opt_mode */
+ /* default opt_json */
+ }
+
+ init_filters(&filters, &filter_set);
+ if (regcomp(filters.mode, opt_mode, REG_NOSUB) != 0) {
+ eprintf("Error: failed to compile mode filter '%s'\n",
+ opt_mode);
+ return AA_EXIT_INTERNAL_ERROR;
+ }
+ if (regcomp(filters.profile, opt_profiles, REG_NOSUB) != 0) {
+ eprintf("Error: failed to compile profiles filter '%s'\n",
+ opt_profiles);
+ ret = AA_EXIT_INTERNAL_ERROR;
+ goto out;
+ }
+ if (regcomp(filters.pid, opt_pid, REG_NOSUB) != 0) {
+ eprintf("Error: failed to compile ps filter '%s'\n",
+ opt_pid);
+ ret = AA_EXIT_INTERNAL_ERROR;
+ goto out;
+ }
+ if (regcomp(filters.exe, opt_exe, REG_NOSUB) != 0) {
+ eprintf("Error: failed to compile exe filter '%s'\n",
+ opt_exe);
+ ret = AA_EXIT_INTERNAL_ERROR;
+ goto out;
+ }
+
+ /* check apparmor is available and we have permissions */
+ ret = open_profiles(&fp);
+ if (ret != 0)
+ goto out;
+
+ if (opt_pretty) {
+ outf_save = outf;
+ outf = open_memstream(&buffer, &buffer_size);
+ if (!outf) {
+ eprintf("Failed to open memstream: %m\n");
+ return AA_EXIT_INTERNAL_ERROR;
}
- if (_cmd == NULL) {
- dfprintf(stderr, "Error: Invalid command.\n");
- cmd = print_usage;
- ret = EXIT_FAILURE;
+ }
+
+ /* always get policy even if not displayed because getting processes
+ * requires it to filter out unconfined tasks that don't or shouldn't
+ * have policy associated.
+ */
+ ret = get_profiles(fp, &profiles, &nprofiles);
+ if (ret != 0) {
+ eprintf("Failed to get profiles: %d....\n", ret);
+ goto out;
+ }
+
+ if (opt_json)
+ json_header(outf);
+ if (opt_show & SHOW_PROFILES) {
+ if (opt_json)
+ json_seperator(outf);
+ if (opt_count) {
+ ret = simple_filtered_count(outf, &filters, opt_json,
+ profiles, nprofiles);
+ } else {
+ ret = detailed_profiles(outf, &filters, opt_json,
+ profiles, nprofiles);
+ }
+ if (ret != 0)
+ goto out;
+ }
+
+ if (opt_show & SHOW_PROCESSES) {
+ if (opt_json)
+ json_seperator(outf);
+
+ struct process *processes = NULL;
+ size_t nprocesses = 0;
+
+ ret = get_processes(profiles, nprofiles, &processes, &nprocesses);
+ if (ret != 0) {
+ eprintf("Failed to get processes: %d....\n", ret);
+ } else if (opt_count) {
+ ret = simple_filtered_process_count(outf, &filters, opt_json,
+ processes, nprocesses);
} else {
- cmd = _cmd;
+ ret = detailed_processes(outf, &filters, opt_json,
+ processes, nprocesses);
}
+ free_processes(processes, nprocesses);
+
+ if (ret != 0)
+ goto out;
}
- _ret = cmd(argv[0]);
- exit(ret == EXIT_FAILURE ? ret : _ret);
+ if (opt_json)
+ json_footer(outf);
+
+ if (opt_pretty) {
+ autofree char *pretty = NULL;
+ cJSON *json;
+
+ /* explicit close to sync */
+ fclose(outf);
+ outf = outf_save;
+ json = cJSON_Parse(buffer);
+ if (!json) {
+ eprintf("Failed to parse json output");
+ ret = AA_EXIT_INTERNAL_ERROR;
+ goto out;
+ }
+
+ pretty = cJSON_Print(json);
+ if (!pretty) {
+ eprintf("Failed to print pretty json");
+ ret = AA_EXIT_INTERNAL_ERROR;
+ goto out;
+ }
+ fprintf(outf, "%s\n", pretty);
+
+ ret = AA_EXIT_ENABLED;
+ }
+
+out:
+ free_profiles(profiles, nprofiles);
+ free_filters(&filters);
+
+ exit(ret);
}
diff --git a/binutils/po/aa_load.pot b/binutils/po/aa_load.pot
new file mode 100644
index 0000000000000000000000000000000000000000..8196338200389ba7b98576fd3909e2a907020e68
--- /dev/null
+++ b/binutils/po/aa_load.pot
@@ -0,0 +1,34 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR Canonical Ltd
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: apparmor@lists.ubuntu.com\n"
+"POT-Creation-Date: 2025-02-18 07:37-0800\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../aa_load.c:40
+msgid "aa-load: WARN: "
+msgstr ""
+
+#: ../aa_load.c:41
+msgid "aa-load: ERROR: "
+msgstr ""
+
+#: ../aa_load.c:51
+msgid "\n"
+msgstr ""
+
+#: ../aa_load.c:52
+msgid "aa-load: DEBUG: "
+msgstr ""
diff --git a/changehat/mod_apparmor/mod_apparmor.8 b/changehat/mod_apparmor/mod_apparmor.8
deleted file mode 100644
index 142ad3877b8f3224e4cb7222bb2b1fe5c9b2fc47..0000000000000000000000000000000000000000
--- a/changehat/mod_apparmor/mod_apparmor.8
+++ /dev/null
@@ -1,234 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "MOD_APPARMOR 8"
-.TH MOD_APPARMOR 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-mod_apparmor \- fine\-grained AppArmor confinement for Apache
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-An AppArmor profile applies to an executable program; if a portion of
-the program needs different access permissions than other portions,
-the program can \*(L"change hats\*(R" via \fBaa_change_hat\fR\|(2) to a different role,
-also known as a subprofile. The mod_apparmor Apache module uses the
-\&\fBaa_change_hat\fR\|(2) mechanism to offer more fine-grained confinement of dynamic
-elements within Apache such as individual php and perl scripts, while
-still allowing the performance benefits of using mod_php and mod_perl.
-.PP
-To use mod_apparmor with Apache, ensure that mod_apparmor is configured to
-be loaded into Apache, either via a2enmod, yast or manual editing of the
-\&\fBapache2\fR\|(8)/\fBhttpd\fR\|(8) configuration files, and restart Apache. Make sure that
-apparmor is also functioning.
-.PP
-Once mod_apparmor is loaded within Apache, all requests to Apache will
-cause mod_apparmor to attempt to change into a hat that matches the
-ServerName for the server/vhost. If no such hat is found, it will
-first fall back by attempting to change into a hat composed of the
-ServerName-URI (e.g. \*(L"www.example.com\-/app/some.cgi\*(R"). If that hat
-is not found, it will fall back to attempting to use the hat named
-by the \s-1URI\s0 (e.g. \*(L"/app/some.cgi\*(R"). If that hat is not found, it will
-fall back to attempting to use the hat \s-1DEFAULT_URI\s0; if that also does
-not exist, it will fall back to using the global Apache profile. Most
-static web pages can simply make use of the \s-1DEFAULT_URI\s0 hat.
-.PP
-Additionally, before any requests come in to Apache, mod_apparmor
-will attempt to change hat into the \s-1HANDLING_UNTRUSTED_INPUT\s0 hat.
-mod_apparmor will attempt to use this hat while Apache is doing the
-initial parsing of a given http request, before its given to a specific
-handler (like mod_php) for processing.
-.PP
-Because defining hats for every \s-1URI/URL\s0 often becomes tedious, mod_apparmor
-provides the AAHatName and AADefaultHatName Apache configuration options.
-.IP "\fBAAHatName\fR" 4
-.IX Item "AAHatName"
-AAHatName allows you to specify a hat to be used for a given Apache
-<Directory>, <DirectoryMatch>, <Location> or
-<LocationMatch> directive (see the Apache documentation for more
-details). Note that mod_apparmor behavior can become confused if
-<Directory*> and <Location*> directives are intermingled
-and it is recommended to use one type of directive. If the hat specified by
-AAHatName does not exist in the Apache profile, then it falls back to the
-behavior described above.
-.IP "\fBAADefaultHatName\fR" 4
-.IX Item "AADefaultHatName"
-AADefaultHatName allows you to specify a default hat to be used for
-virtual hosts and other Apache server directives, so that you can have
-different defaults for different virtual hosts. This can be overridden
-by the AAHatName directive and is checked for only if there isn't
-a matching AAHatName. The default value of AADefaultHatName is the
-ServerName for the server/vhost configuration. If the AADefaultHatName
-hat does not exist, then it falls back to the behavior described above.
-.SH "URI REQUEST SUMMARY"
-.IX Header "URI REQUEST SUMMARY"
-When profiling with mod_apparmor, it is helpful to keep the following order
-of operations in mind:
-.PP
-On each \s-1URI\s0 request, mod_apparmor will first \fBaa_change_hat\fR\|(2) into
-^HANDLING_UNTRUSTED_INPUT, if it exists.
-.PP
-Then, after performing the initial parsing of the request, mod_apparmor
-will:
-.IP "1." 4
-try to \fBaa_change_hat\fR\|(2) into a matching AAHatName hat if it exists and
-applies, otherwise it will
-.IP "2." 4
-try to \fBaa_change_hat\fR\|(2) into an AADefaultHatName hat, either the
-ServerName (the default) or the configuration value specified by the
-AADefaultHatName directive, for the server/vhost, otherwise it will
-.IP "3." 4
-try to \fBaa_change_hat\fR\|(2) into the ServerName-URI, otherwise it will
-.IP "4." 4
-try to \fBaa_change_hat\fR\|(2) into the \s-1URI\s0 itself, otherwise it will
-.IP "5." 4
-try to \fBaa_change_hat\fR\|(2) into the \s-1DEFAULT_URI\s0 hat, if it exists, otherwise it
-will
-.IP "6." 4
-fall back to the global Apache policy
-.SH "BUGS"
-.IX Header "BUGS"
-\&\fBmod_apparmor()\fR currently only supports apache2, and has only been tested
-with the prefork \s-1MPM\s0 configuration \*(-- threaded configurations of Apache
-may not work correctly. For Apache 2.4 users, you should enable the mpm_prefork
-module.
-.PP
-There are likely other bugs lurking about; if you find any, please report
-them at <https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7), \fBapparmor_parser\fR\|(8), \fBaa_change_hat\fR\|(2) and
-<https://wiki.apparmor.net>.
diff --git a/changehat/mod_apparmor/mod_apparmor.8.html b/changehat/mod_apparmor/mod_apparmor.8.html
deleted file mode 100644
index dc0052364a3e89aeeb23178e787bb138e9818dfb..0000000000000000000000000000000000000000
--- a/changehat/mod_apparmor/mod_apparmor.8.html
+++ /dev/null
@@ -1,110 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>mod_apparmor - fine-grained AppArmor confinement for Apache</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> mod_apparmor - fine-grained AppArmor confinement for Apache</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#URI-REQUEST-SUMMARY">URI REQUEST SUMMARY</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>mod_apparmor - fine-grained AppArmor confinement for Apache</p>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p>An AppArmor profile applies to an executable program; if a portion of the program needs different access permissions than other portions, the program can "change hats" via aa_change_hat(2) to a different role, also known as a subprofile. The mod_apparmor Apache module uses the aa_change_hat(2) mechanism to offer more fine-grained confinement of dynamic elements within Apache such as individual php and perl scripts, while still allowing the performance benefits of using mod_php and mod_perl.</p>
-
-<p>To use mod_apparmor with Apache, ensure that mod_apparmor is configured to be loaded into Apache, either via a2enmod, yast or manual editing of the apache2(8)/httpd(8) configuration files, and restart Apache. Make sure that apparmor is also functioning.</p>
-
-<p>Once mod_apparmor is loaded within Apache, all requests to Apache will cause mod_apparmor to attempt to change into a hat that matches the ServerName for the server/vhost. If no such hat is found, it will first fall back by attempting to change into a hat composed of the ServerName-URI (e.g. "www.example.com-/app/some.cgi"). If that hat is not found, it will fall back to attempting to use the hat named by the URI (e.g. "/app/some.cgi"). If that hat is not found, it will fall back to attempting to use the hat DEFAULT_URI; if that also does not exist, it will fall back to using the global Apache profile. Most static web pages can simply make use of the DEFAULT_URI hat.</p>
-
-<p>Additionally, before any requests come in to Apache, mod_apparmor will attempt to change hat into the HANDLING_UNTRUSTED_INPUT hat. mod_apparmor will attempt to use this hat while Apache is doing the initial parsing of a given http request, before its given to a specific handler (like mod_php) for processing.</p>
-
-<p>Because defining hats for every URI/URL often becomes tedious, mod_apparmor provides the AAHatName and AADefaultHatName Apache configuration options.</p>
-
-<dl>
-
-<dt id="AAHatName"><b>AAHatName</b></dt>
-<dd>
-
-<p>AAHatName allows you to specify a hat to be used for a given Apache <Directory>, <DirectoryMatch>, <Location> or <LocationMatch> directive (see the Apache documentation for more details). Note that mod_apparmor behavior can become confused if <Directory*> and <Location*> directives are intermingled and it is recommended to use one type of directive. If the hat specified by AAHatName does not exist in the Apache profile, then it falls back to the behavior described above.</p>
-
-</dd>
-<dt id="AADefaultHatName"><b>AADefaultHatName</b></dt>
-<dd>
-
-<p>AADefaultHatName allows you to specify a default hat to be used for virtual hosts and other Apache server directives, so that you can have different defaults for different virtual hosts. This can be overridden by the AAHatName directive and is checked for only if there isn't a matching AAHatName. The default value of AADefaultHatName is the ServerName for the server/vhost configuration. If the AADefaultHatName hat does not exist, then it falls back to the behavior described above.</p>
-
-</dd>
-</dl>
-
-<h1 id="URI-REQUEST-SUMMARY">URI REQUEST SUMMARY</h1>
-
-<p>When profiling with mod_apparmor, it is helpful to keep the following order of operations in mind:</p>
-
-<p>On each URI request, mod_apparmor will first aa_change_hat(2) into ^HANDLING_UNTRUSTED_INPUT, if it exists.</p>
-
-<p>Then, after performing the initial parsing of the request, mod_apparmor will:</p>
-
-<ol>
-
-<li><p>try to aa_change_hat(2) into a matching AAHatName hat if it exists and applies, otherwise it will</p>
-
-</li>
-<li><p>try to aa_change_hat(2) into an AADefaultHatName hat, either the ServerName (the default) or the configuration value specified by the AADefaultHatName directive, for the server/vhost, otherwise it will</p>
-
-</li>
-<li><p>try to aa_change_hat(2) into the ServerName-URI, otherwise it will</p>
-
-</li>
-<li><p>try to aa_change_hat(2) into the URI itself, otherwise it will</p>
-
-</li>
-<li><p>try to aa_change_hat(2) into the DEFAULT_URI hat, if it exists, otherwise it will</p>
-
-</li>
-<li><p>fall back to the global Apache policy</p>
-
-</li>
-</ol>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p>mod_apparmor() currently only supports apache2, and has only been tested with the prefork MPM configuration -- threaded configurations of Apache may not work correctly. For Apache 2.4 users, you should enable the mpm_prefork module.</p>
-
-<p>There are likely other bugs lurking about; if you find any, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7), apparmor_parser(8), aa_change_hat(2) and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> mod_apparmor - fine-grained AppArmor confinement for Apache</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/changehat/mod_apparmor/pod2htmd.tmp b/changehat/mod_apparmor/pod2htmd.tmp
deleted file mode 100644
index 61e86d9f1b8a5072b5e67872d7c2f8b1e9a79cee..0000000000000000000000000000000000000000
--- a/changehat/mod_apparmor/pod2htmd.tmp
+++ /dev/null
@@ -1,2 +0,0 @@
-
-.
diff --git a/changehat/pam_apparmor/README b/changehat/pam_apparmor/README
index 8681bbb1dbca97c1394ca2c1e6ccb78aed06ecca..10014a170b4d4b12f410b0fe3646bb6bd17693ab 100644
--- a/changehat/pam_apparmor/README
+++ b/changehat/pam_apparmor/README
@@ -67,10 +67,10 @@ to syslog.
References
----------
Project webpage:
-http://developer.novell.com/wiki/index.php/Novell_AppArmor
+https://apparmor.net/
To provide feedback or ask questions please contact the
-apparmor-dev@forge.novell.com mail list. This is the development list
+apparmor@lists.ubuntu.com mail list. This is the development list
for the AppArmor team.
See also: change_hat(3), and the Linux-PAM online documentation at
diff --git a/changehat/tomcat_apparmor/tomcat_5_0/README.tomcat_apparmor b/changehat/tomcat_apparmor/tomcat_5_0/README.tomcat_apparmor
index dabef00bfc23ab88d9972d1075fad81dc413e029..1e236c199c0854cc9764efffb27066a1739e2233 100644
--- a/changehat/tomcat_apparmor/tomcat_5_0/README.tomcat_apparmor
+++ b/changehat/tomcat_apparmor/tomcat_5_0/README.tomcat_apparmor
@@ -188,10 +188,9 @@ parent context.
8. Feedback/Resources
-----------------
-To provide feedback or ask questions please contact the
-apparmor-dev@forge.novell.com mail list. This is the development list for the
-AppArmor team.
-
-
-
+Project webpage:
+https://apparmor.net/
+To provide feedback or ask questions please contact the
+apparmor@lists.ubuntu.com mail list. This is the development list
+for the AppArmor team.
diff --git a/changehat/tomcat_apparmor/tomcat_5_5/README.tomcat_apparmor b/changehat/tomcat_apparmor/tomcat_5_5/README.tomcat_apparmor
index dabef00bfc23ab88d9972d1075fad81dc413e029..1e236c199c0854cc9764efffb27066a1739e2233 100644
--- a/changehat/tomcat_apparmor/tomcat_5_5/README.tomcat_apparmor
+++ b/changehat/tomcat_apparmor/tomcat_5_5/README.tomcat_apparmor
@@ -188,10 +188,9 @@ parent context.
8. Feedback/Resources
-----------------
-To provide feedback or ask questions please contact the
-apparmor-dev@forge.novell.com mail list. This is the development list for the
-AppArmor team.
-
-
-
+Project webpage:
+https://apparmor.net/
+To provide feedback or ask questions please contact the
+apparmor@lists.ubuntu.com mail list. This is the development list
+for the AppArmor team.
diff --git a/common/.stamp_rev b/common/.stamp_rev
deleted file mode 100644
index 0bb25675216ab00b33c1e3116f65bc0c707fbe96..0000000000000000000000000000000000000000
--- a/common/.stamp_rev
+++ /dev/null
@@ -1 +0,0 @@
-git@gitlab.com:apparmor/apparmor.git master v3.1.7-0-g7279fae3d1e4e9e3
diff --git a/common/Make.rules b/common/Make.rules
index 9e9d213badab138c5cf22c830986d9bd10b041ef..89190cbbade9e9e4f543eaf15a27cba57c8a2e5d 100644
--- a/common/Make.rules
+++ b/common/Make.rules
@@ -35,13 +35,11 @@ VERSION=$(shell cat $(COMMONDIR)/Version)
pathsearch = $(firstword $(wildcard $(addsuffix /$(1),$(subst :, ,$(PATH)))))
map = $(foreach a,$(2),$(call $(1),$(a)))
-AWK:=$(shell which awk)
-ifndef AWK
-$(error awk utility required for build but not available)
-endif
+AWK?=$(or $(shell command -v awk),$(error awk utility required for build but not available))
define nl
+
endef
REPO_VERSION_CMD=[ -x /usr/bin/git ] && /usr/bin/git describe --tags --long --abbrev=16 --match 'v*' 2> /dev/null || awk '{ print $2 }' common/.stamp_rev
diff --git a/common/Version b/common/Version
index 23887f6eba2babacfd3cb0171be2f89c3997a785..c8d1176b5b42e632d3c23f78832207b7e9e7cff5 100644
--- a/common/Version
+++ b/common/Version
@@ -1 +1 @@
-3.1.7
+4.1.0~beta5
diff --git a/debian/apparmor-notify.install b/debian/apparmor-notify.install
index 6bc7583f611eb946094684698d3e95e0f58fba55..433a797807e35eab1c1626c3f47b5fe770d6b72e 100644
--- a/debian/apparmor-notify.install
+++ b/debian/apparmor-notify.install
@@ -1,3 +1,5 @@
utils/aa-notify.desktop /etc/xdg/autostart
usr/sbin/aa-notify /usr/bin/
etc/apparmor/notify.conf /etc/apparmor/
+usr/share/polkit-1/actions/net.apparmor.pkexec.aa-notify.policy
+etc/apparmor/default_unconfined.template
diff --git a/debian/apparmor-profiles.install b/debian/apparmor-profiles.install
index eb275487118651ce84479ca28a240cdd347c3ba1..c7195361aa059cc4a6e9f54922e8747382d79b9a 100644
--- a/debian/apparmor-profiles.install
+++ b/debian/apparmor-profiles.install
@@ -40,9 +40,10 @@ etc/apparmor.d/usr.sbin.nscd
etc/apparmor.d/usr.sbin.smbd
etc/apparmor.d/usr.sbin.smbldap-useradd
etc/apparmor.d/usr.sbin.traceroute
-etc/apparmor.d/zgrep
+etc/apparmor.d/zgrep /usr/share/apparmor/extra-profiles/
usr/share/apparmor/extra-profiles/README
usr/share/apparmor/extra-profiles/bin.netstat
+usr/share/apparmor/extra-profiles/bwrap-userns-restrict
usr/share/apparmor/extra-profiles/etc.cron.daily.logrotate
usr/share/apparmor/extra-profiles/etc.cron.daily.slocate.cron
usr/share/apparmor/extra-profiles/etc.cron.daily.tmpwatch
@@ -53,9 +54,11 @@ usr/share/apparmor/extra-profiles/sbin.portmap
usr/share/apparmor/extra-profiles/sbin.resmgrd
usr/share/apparmor/extra-profiles/sbin.rpc.lockd
usr/share/apparmor/extra-profiles/sbin.rpc.statd
+usr/share/apparmor/extra-profiles/rpcbind
usr/share/apparmor/extra-profiles/usr.NX.bin.nxclient
usr/share/apparmor/extra-profiles/usr.bin.acroread
usr/share/apparmor/extra-profiles/usr.bin.apropos
+usr/share/apparmor/extra-profiles/chromium_browser
usr/share/apparmor/extra-profiles/usr.bin.dumpcap
usr/share/apparmor/extra-profiles/usr.bin.evolution-2.10
usr/share/apparmor/extra-profiles/usr.bin.fam
@@ -75,8 +78,6 @@ usr/share/apparmor/extra-profiles/usr.bin.mlmmj-unsub
usr/share/apparmor/extra-profiles/usr.bin.opera
usr/share/apparmor/extra-profiles/usr.bin.passwd
usr/share/apparmor/extra-profiles/usr.bin.procmail
-usr/share/apparmor/extra-profiles/usr.bin.pyzorsocket
-usr/share/apparmor/extra-profiles/usr.bin.razorsocket
usr/share/apparmor/extra-profiles/usr.bin.skype
usr/share/apparmor/extra-profiles/usr.bin.spamc
usr/share/apparmor/extra-profiles/usr.bin.svnserve
@@ -114,12 +115,13 @@ usr/share/apparmor/extra-profiles/postfix-smtp
usr/share/apparmor/extra-profiles/postfix-smtpd
usr/share/apparmor/extra-profiles/postfix-spawn
usr/share/apparmor/extra-profiles/postfix-tlsmgr
+usr/share/apparmor/extra-profiles/postfix-tlsproxy
usr/share/apparmor/extra-profiles/postfix-trivial-rewrite
usr/share/apparmor/extra-profiles/postfix-verify
usr/share/apparmor/extra-profiles/postfix-virtual
+usr/share/apparmor/extra-profiles/unshare-userns-restrict
usr/share/apparmor/extra-profiles/usr.lib64.GConf.2.gconfd-2
usr/share/apparmor/extra-profiles/usr.sbin.dhcpd
-usr/share/apparmor/extra-profiles/usr.sbin.haproxy
usr/share/apparmor/extra-profiles/usr.sbin.httpd2-prefork
usr/share/apparmor/extra-profiles/usr.sbin.imapd
usr/share/apparmor/extra-profiles/usr.sbin.in.fingerd
@@ -144,3 +146,7 @@ usr/share/apparmor/extra-profiles/usr.sbin.useradd
usr/share/apparmor/extra-profiles/usr.sbin.userdel
usr/share/apparmor/extra-profiles/usr.sbin.vsftpd
usr/share/apparmor/extra-profiles/usr.sbin.xinetd
+usr/share/apparmor/extra-profiles/usr.bin.pyzorsocket
+usr/share/apparmor/extra-profiles/usr.bin.razorsocket
+usr/share/apparmor/extra-profiles/usr.sbin.clamd
+usr/share/apparmor/extra-profiles/usr.sbin.haproxy
diff --git a/debian/apparmor.install b/debian/apparmor.install
index 1e95eb7b1890019f28b8d20335987daaca8034f0..c8b8cb4ca80d98b813339af231d1dde28bf750a8 100644
--- a/debian/apparmor.install
+++ b/debian/apparmor.install
@@ -20,8 +20,105 @@ etc/apparmor.d/tunables/run
etc/apparmor.d/tunables/securityfs
etc/apparmor.d/tunables/share
etc/apparmor.d/tunables/sys
+etc/apparmor.d/tunables/system
etc/apparmor.d/tunables/xdg-user-dirs
etc/apparmor.d/tunables/xdg-user-dirs.d
+etc/apparmor.d/1password
+etc/apparmor.d/Discord
+etc/apparmor.d/MongoDB_Compass
+etc/apparmor.d/QtWebEngineProcess
+etc/apparmor.d/Xorg
+etc/apparmor.d/balena-etcher
+etc/apparmor.d/brave
+etc/apparmor.d/buildah
+etc/apparmor.d/busybox
+etc/apparmor.d/cam
+etc/apparmor.d/ch-checkns
+etc/apparmor.d/ch-run
+etc/apparmor.d/chrome
+etc/apparmor.d/chromium
+etc/apparmor.d/code
+etc/apparmor.d/crun
+etc/apparmor.d/devhelp
+etc/apparmor.d/element-desktop
+etc/apparmor.d/epiphany
+etc/apparmor.d/evolution
+etc/apparmor.d/firefox
+etc/apparmor.d/flatpak
+etc/apparmor.d/foliate
+etc/apparmor.d/geary
+etc/apparmor.d/github-desktop
+etc/apparmor.d/goldendict
+etc/apparmor.d/ipa_verify
+etc/apparmor.d/kchmviewer
+etc/apparmor.d/keybase
+etc/apparmor.d/lc-compliance
+etc/apparmor.d/libcamerify
+etc/apparmor.d/linux-sandbox
+etc/apparmor.d/loupe
+etc/apparmor.d/lxc-attach
+etc/apparmor.d/lxc-create
+etc/apparmor.d/lxc-destroy
+etc/apparmor.d/lxc-execute
+etc/apparmor.d/lxc-stop
+etc/apparmor.d/lxc-unshare
+etc/apparmor.d/lxc-usernsexec
+etc/apparmor.d/mmdebstrap
+etc/apparmor.d/msedge
+etc/apparmor.d/nautilus
+etc/apparmor.d/notepadqq
+etc/apparmor.d/obsidian
+etc/apparmor.d/opam
+etc/apparmor.d/opera
+etc/apparmor.d/pageedit
+etc/apparmor.d/plasmashell
+etc/apparmor.d/podman
+etc/apparmor.d/polypane
+etc/apparmor.d/privacybrowser
+etc/apparmor.d/qcam
+etc/apparmor.d/qmapshack
+etc/apparmor.d/qutebrowser
+etc/apparmor.d/rootlesskit
+etc/apparmor.d/rpm
+etc/apparmor.d/rssguard
+etc/apparmor.d/runc
+etc/apparmor.d/sbuild
+etc/apparmor.d/sbuild-abort
+etc/apparmor.d/sbuild-adduser
+etc/apparmor.d/sbuild-apt
+etc/apparmor.d/sbuild-checkpackages
+etc/apparmor.d/sbuild-clean
+etc/apparmor.d/sbuild-createchroot
+etc/apparmor.d/sbuild-destroychroot
+etc/apparmor.d/sbuild-distupgrade
+etc/apparmor.d/sbuild-hold
+etc/apparmor.d/sbuild-shell
+etc/apparmor.d/sbuild-unhold
+etc/apparmor.d/sbuild-update
+etc/apparmor.d/sbuild-upgrade
+etc/apparmor.d/scide
+etc/apparmor.d/signal-desktop
+etc/apparmor.d/slack
+etc/apparmor.d/slirp4netns
+etc/apparmor.d/steam
+etc/apparmor.d/stress-ng
+etc/apparmor.d/surfshark
+etc/apparmor.d/systemd-coredump
+etc/apparmor.d/toybox
+etc/apparmor.d/transmission
+etc/apparmor.d/trinity
+etc/apparmor.d/tup
+etc/apparmor.d/tuxedo-control-center
+etc/apparmor.d/unix-chkpwd
+etc/apparmor.d/unprivileged_userns
+etc/apparmor.d/userbindmount
+etc/apparmor.d/uwsgi-core
+etc/apparmor.d/vdens
+etc/apparmor.d/virtiofsd
+etc/apparmor.d/vivaldi-bin
+etc/apparmor.d/vpnns
+etc/apparmor.d/wike
+etc/apparmor.d/wpcom
etc/apparmor/parser.conf
parser/aa-teardown /usr/sbin/
parser/apparmor.systemd usr/lib/apparmor/
@@ -30,6 +127,7 @@ usr/lib/apparmor/rc.apparmor.functions
usr/bin/aa-enabled
usr/bin/aa-exec
usr/bin/aa-features-abi
+usr/sbin/aa-load
usr/sbin/aa-remove-unknown
usr/sbin/aa-status
usr/sbin/apparmor_parser
diff --git a/debian/apparmor.manpages b/debian/apparmor.manpages
index 2f03f63a2fc0a473dd4387e3195742d17af22d44..965d9cec51e023585f8231717d42e57a3c537098 100644
--- a/debian/apparmor.manpages
+++ b/debian/apparmor.manpages
@@ -5,6 +5,7 @@ debian/tmp/usr/share/man/man5/apparmor.d.5
debian/tmp/usr/share/man/man5/apparmor.vim.5
debian/tmp/usr/share/man/man7/apparmor.7
debian/tmp/usr/share/man/man7/apparmor_xattrs.7
+debian/tmp/usr/share/man/man8/aa-load.8
debian/tmp/usr/share/man/man8/aa-remove-unknown.8
debian/tmp/usr/share/man/man8/aa-status.8
debian/tmp/usr/share/man/man8/aa-teardown.8
diff --git a/debian/changelog b/debian/changelog
index 2c518c076fd5d4f678c9e3170fab1200eec11c29..9baaa4280ac7f61bda6e532688b715964eaf9b86 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,47 @@
+apparmor (4.1.0~beta5-3) unstable; urgency=medium
+
+ * upstream-mr-1558-avoid-blhc-false-positive.patch: new patch
+ * upstream-mr-1567-fix-riscv64.patch: new patch (Closes: #1099085).
+ Thanks to Bo YU for the patch.
+
+ -- intrigeri <intrigeri@debian.org> Tue, 04 Mar 2025 10:52:41 +0000
+
+apparmor (4.1.0~beta5-2) unstable; urgency=medium
+
+ * Revert "gbp.conf: set debian-branch to debian/experimental"
+ * Add test-only build-dep on net-tools: utils test needs netstat
+
+ -- intrigeri <intrigeri@debian.org> Thu, 20 Feb 2025 20:41:37 +0000
+
+apparmor (4.1.0~beta5-1) unstable; urgency=medium
+
+ * Import new upstream release
+ * gbp.conf: set debian-branch to debian/experimental
+ * debian/watch: track all releases, not only 3.x
+ * Drop backported patches that are now obsolete
+ * Refresh remaining patches
+ * Install aa-load and its man page
+ * Install new profiles and abstractions
+ * Stop installing etc/apparmor.d/local/usr.sbin.apache2, no longer needed;
+ accordingly, remove this obsolete conffile on upgrades
+ * d/control: add build-dependency on autoconf-archive
+ * d/apparmor-notify.install: install etc/apparmor/default_unconfined.template
+ and usr/share/polkit-1/actions/com.ubuntu.pkexec.aa-notify.policy
+ * apparmor-notify: add new dependencies on python3-tk, python3-ttkthemes,
+ and python3-gi
+ * Test libapparmor in override_dh-auto-test before the parser and binutils
+ * Run utils upstream tests during build and add the corresponding
+ build-dependencies annotated with !nocheck
+ * Add new symbols
+ * Remove obsolete Lintian overrides for false positives
+ * put-all-profiles-in-complain-mode.sh: skip profiles that have
+ the unconfined flag
+ * put-all-profiles-in-complain-mode.sh: improve code robustness
+ * put-all-profiles-in-complain-mode.sh, autopkgtests: use consistent
+ 4-spaces indentation
+
+ -- intrigeri <intrigeri@debian.org> Thu, 20 Feb 2025 16:18:31 +0000
+
apparmor (3.1.7-4) unstable; urgency=medium
* Remove obsolete conffile
diff --git a/debian/control b/debian/control
index 2fd34a0297ab01ad01b592b5f5465076afbfea0e..519c590b64316734cd4edad4a46ddecefe5d9b6b 100644
--- a/debian/control
+++ b/debian/control
@@ -5,6 +5,7 @@ Section: admin
Priority: optional
Build-Depends: apache2-dev,
autoconf,
+ autoconf-archive,
automake,
bison,
bzip2,
@@ -14,18 +15,24 @@ Build-Depends: apache2-dev,
dh-apache2,
dh-python,
dh-sequence-python3,
+ flake8 <!nocheck>,
flex,
liblocale-gettext-perl <!nocheck>,
libpython3-all-dev,
libpam-dev,
libtool,
+ net-tools <!nocheck>,
perl <!nocheck>,
pkgconf,
po-debconf,
python3:any,
python3-all:any,
python3-all-dev:any,
+ python3-gi <!nocheck>,
+ python3-notify2 <!nocheck>,
+ python3-psutil <!nocheck>,
python3-setuptools,
+ python3-tk <!nocheck>,
swig
Standards-Version: 4.7.0
Vcs-Browser: https://salsa.debian.org/apparmor-team/apparmor/tree/debian/unstable
@@ -139,6 +146,9 @@ Depends: python3-apparmor,
python3-libapparmor,
python3-notify2,
python3-psutil,
+ python3-tk,
+ python3-ttkthemes,
+ python3-gi,
${misc:Depends},
${python3:Depends}
Description: AppArmor notification system
diff --git a/debian/libapache2-mod-apparmor.install b/debian/libapache2-mod-apparmor.install
index 2ac991ffc723348f7aaf746f594af6c4e4e5774e..a66e9f02d1865cb5de783b39e9c0570af9040f78 100644
--- a/debian/libapache2-mod-apparmor.install
+++ b/debian/libapache2-mod-apparmor.install
@@ -1,2 +1 @@
-etc/apparmor.d/local/usr.sbin.apache2
etc/apparmor.d/usr.sbin.apache2
diff --git a/debian/libapache2-mod-apparmor.maintscript b/debian/libapache2-mod-apparmor.maintscript
new file mode 100644
index 0000000000000000000000000000000000000000..80674a71a754d7d437ac104f8de116a493f24d7f
--- /dev/null
+++ b/debian/libapache2-mod-apparmor.maintscript
@@ -0,0 +1 @@
+rm_conffile /etc/apparmor.d/local/usr.sbin.apache2 4.1.0~beta5-1~
diff --git a/debian/libapparmor1.symbols b/debian/libapparmor1.symbols
index 356fc5affecf77d6be13f9f13bf0ec84d7965fcc..39a14c5af4a3ae65178e91f3c5bafa0065b020cf 100644
--- a/debian/libapparmor1.symbols
+++ b/debian/libapparmor1.symbols
@@ -8,6 +8,7 @@ libapparmor.so.1 libapparmor1 #MINVER#
APPARMOR_2.13@APPARMOR_2.13 2.13
APPARMOR_2.9@APPARMOR_2.9 2.8.94
APPARMOR_3.0@APPARMOR_3.0 3.0.0
+ APPARMOR_3.1@APPARMOR_3.1 3.1.0
IMMUNIX_1.0@IMMUNIX_1.0 2.6~devel
PRIVATE@PRIVATE 2.10
__aa_query_label@APPARMOR_1.1 3.0.4
@@ -24,6 +25,7 @@ libapparmor.so.1 libapparmor1 #MINVER#
aa_change_hatv@APPARMOR_1.1 2.6~devel
aa_change_onexec@APPARMOR_1.1 2.6~devel
aa_change_profile@APPARMOR_1.1 2.6~devel
+ aa_features_check@APPARMOR_3.1 4.0.0~alpha1
aa_features_id@APPARMOR_2.13 2.13
aa_features_is_equal@APPARMOR_2.10 2.10
aa_features_new@APPARMOR_2.10 2.10
@@ -73,6 +75,7 @@ libapparmor.so.1 libapparmor1 #MINVER#
aa_query_label@APPARMOR_2.9 2.8.94
aa_query_link_path@APPARMOR_2.10 2.10
aa_query_link_path_len@APPARMOR_2.10 2.10
+ aa_split_overlay_str@APPARMOR_3.1 4.1.0~beta1
aa_splitcon@APPARMOR_2.10 2.10
aa_stack_onexec@APPARMOR_2.11 2.10.95
aa_stack_profile@APPARMOR_2.11 2.10.95
diff --git a/debian/not-installed b/debian/not-installed
index 22ac524cf5dd2cc9e1ffefbbfca71dc36a470ddc..3ec5e13caec3e9ae0c54cffd6242337d7ee31845 100644
--- a/debian/not-installed
+++ b/debian/not-installed
@@ -20,6 +20,9 @@ usr/share/apparmor/extra-profiles/usr.sbin.mysqld
etc/apparmor.d/tunables/ntpd
etc/apparmor.d/usr.sbin.ntpd
+# Managed by the thunderbird package
+etc/apparmor.d/thunderbird
+
# Not installed on purpose (see #866636)
usr/lib/*/libapparmor.la
diff --git a/debian/patches/debian-only/aa-notify-point-to-Debian-documentation.patch b/debian/patches/debian-only/aa-notify-point-to-Debian-documentation.patch
index 3c36db5c206f712cf1c017fe21e84915b26ef6ce..4a2ec26a47292c7d4476162c50eada318f21795c 100644
--- a/debian/patches/debian-only/aa-notify-point-to-Debian-documentation.patch
+++ b/debian/patches/debian-only/aa-notify-point-to-Debian-documentation.patch
@@ -1,5 +1,5 @@
-From: intrigeri <intrigeri@boum.org>
-Date: Wed, 25 Jul 2018 08:36:00 +0000
+From: intrigeri <intrigeri@riseup.net>
+Date: Wed, 19 Feb 2025 11:02:34 +0000
Subject: aa-notify: point to Debian documentation
Forwarded: not-needed
@@ -9,12 +9,15 @@ Bug-Debian: https://bugs.debian.org/904436
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/utils/notify.conf b/utils/notify.conf
-index 0385483..df3ce6c 100644
+index 1524a45..e428fa8 100644
--- a/utils/notify.conf
+++ b/utils/notify.conf
-@@ -19,4 +19,4 @@ show_notifications="yes"
+@@ -31,7 +31,7 @@ ignore_denied_capability="sudo,su"
# message_body="This is a custom notification message."
# OPTIONAL - custom notification message footer
-# message_footer="For more information visit https://foo.com"
-+message_footer="For more information, visit https://wiki.debian.org/AppArmor"
++message_footer="For more information visit https://wiki.debian.org/AppArmor"
+
+ # OPTIONAL - custom notification filtering
+ # filter.profile=""
diff --git a/debian/patches/debian/etc-writable.patch b/debian/patches/debian/etc-writable.patch
index 89d587ecb31348cc1336ac3d7e34b02c99b44b76..0107b6ff74b78943c446b7c4a49c09623eeeb670 100644
--- a/debian/patches/debian/etc-writable.patch
+++ b/debian/patches/debian/etc-writable.patch
@@ -8,27 +8,23 @@ This is an Ubuntu specific tweak, so no need to forward upstream.
Forwarded: not-needed
Bug-Ubuntu: https://launchpad.net/bugs/1227520
---
- profiles/apparmor.d/abstractions/base | 1 +
- profiles/apparmor.d/abstractions/ubuntu-browsers.d/java | 2 ++
- profiles/apparmor/profiles/extras/firefox | 1 +
+ profiles/apparmor.d/abstractions/base | 1 +
+ profiles/apparmor.d/abstractions/ubuntu-browsers.d/java | 2 ++
+ profiles/apparmor/profiles/extras/firefox | 1 +
3 files changed, 4 insertions(+)
-diff --git a/profiles/apparmor.d/abstractions/base b/profiles/apparmor.d/abstractions/base
-index 0bd7fda..7275fc8 100644
---- a/profiles/apparmor.d/abstractions/base
-+++ b/profiles/apparmor.d/abstractions/base
-@@ -32,6 +32,7 @@
- @{etc_ro}/locale/** r,
+--- apparmor-4.1.0~beta1.orig/profiles/apparmor.d/abstractions/base
++++ apparmor-4.1.0~beta1/profiles/apparmor.d/abstractions/base
+@@ -33,6 +33,7 @@
@{etc_ro}/locale.alias r,
@{etc_ro}/localtime r,
+ @{etc_rw}/localtime r,
+ /etc/writable/localtime r,
/usr/share/locale-bundle/** r,
/usr/share/locale-langpack/** r,
- /usr/share/locale/** r,
-diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
-index 507d62a..ae93c75 100644
---- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
-+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
+ /usr/share/locale/ r,
+--- apparmor-4.1.0~beta1.orig/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
++++ apparmor-4.1.0~beta1/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
@@ -39,6 +39,7 @@
/etc/lsb-release r,
/etc/ssl/certs/java/* r,
@@ -45,15 +41,3 @@ index 507d62a..ae93c75 100644
@{PROC}/@{pid}/ r,
@{PROC}/@{pid}/fd/ r,
-diff --git a/profiles/apparmor/profiles/extras/firefox b/profiles/apparmor/profiles/extras/firefox
-index 051a4b4..f25383a 100644
---- a/profiles/apparmor/profiles/extras/firefox
-+++ b/profiles/apparmor/profiles/extras/firefox
-@@ -40,6 +40,7 @@ profile firefox /usr/lib/firefox{,-[0-9]*}/firefox{,*[^s][^h]} {
- /tmp/.X[0-9]*-lock r,
-
- /etc/timezone r,
-+ /etc/writable/timezone r,
- /etc/wildmidi/wildmidi.cfg r,
-
- # firefox specific
diff --git a/debian/patches/debian/libapparmor-layout-deb.patch b/debian/patches/debian/libapparmor-layout-deb.patch
index 7bc554aec1fb4e04e07533890f086f00cf1f7904..3beecd8c91d92ba64da20e396321a6c4407f9add 100644
--- a/debian/patches/debian/libapparmor-layout-deb.patch
+++ b/debian/patches/debian/libapparmor-layout-deb.patch
@@ -5,14 +5,12 @@ Subject: always install python modules in the proper location when creating
Forwarded: not-needed
---
- libraries/libapparmor/swig/python/Makefile.am | 2 +-
- utils/Makefile | 2 +-
+ libraries/libapparmor/swig/python/Makefile.am | 2 +-
+ utils/Makefile | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
-diff --git a/libraries/libapparmor/swig/python/Makefile.am b/libraries/libapparmor/swig/python/Makefile.am
-index b42ebb1..fd2f265 100644
---- a/libraries/libapparmor/swig/python/Makefile.am
-+++ b/libraries/libapparmor/swig/python/Makefile.am
+--- apparmor-4.1.0~beta1.orig/libraries/libapparmor/swig/python/Makefile.am
++++ apparmor-4.1.0~beta1/libraries/libapparmor/swig/python/Makefile.am
@@ -17,7 +17,7 @@ all-local: libapparmor_wrap.c setup.py
CC="$(CC)" CFLAGS="$(PYTHON_CPPFLAGS) $(CFLAGS) $(EXTRA_WARNINGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(PYTHON_LDFLAGS) $(LDFLAGS)" $(PYTHON) setup.py build
@@ -22,10 +20,8 @@ index b42ebb1..fd2f265 100644
clean-local:
if test -x "$(PYTHON)"; then $(PYTHON) setup.py clean; fi
-diff --git a/utils/Makefile b/utils/Makefile
-index 91a1510..01e06a2 100644
---- a/utils/Makefile
-+++ b/utils/Makefile
+--- apparmor-4.1.0~beta1.orig/utils/Makefile
++++ apparmor-4.1.0~beta1/utils/Makefile
@@ -58,7 +58,7 @@ install: ${MANPAGES} ${HTMLMANPAGES}
$(MAKE) -C po install DESTDIR=${DESTDIR} NAME=${NAME}
$(MAKE) install_manpages DESTDIR=${DESTDIR}
diff --git a/debian/patches/series b/debian/patches/series
index f05e6ddb0c4bc00d816c4ff20db95b00ecded44f..566114623ac432ba8eb578ffa1c25289b8cb9ba2 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,6 +1,5 @@
-upstream-mr-1254-Honor-global-CFLAGS-when-building-Python-library.patch
-upstream-commit-fe6604532f9043aaa81ed2b327c11f4d90fbc605-Python-3.13-support.patch
-upstream-commit-a84bcec4b5600b0fef28bb196e5150874029f58f-fix-ping.patch
+upstream-mr-1558-avoid-blhc-false-positive.patch
+upstream-mr-1567-fix-riscv64.patch
debian/add-debian-integration-to-lighttpd.patch
debian/libapparmor-layout-deb.patch
debian/etc-writable.patch
diff --git a/debian/patches/upstream-commit-a84bcec4b5600b0fef28bb196e5150874029f58f-fix-ping.patch b/debian/patches/upstream-commit-a84bcec4b5600b0fef28bb196e5150874029f58f-fix-ping.patch
deleted file mode 100644
index 865e05c5455a2a03132ee500452e50bb5f68620c..0000000000000000000000000000000000000000
--- a/debian/patches/upstream-commit-a84bcec4b5600b0fef28bb196e5150874029f58f-fix-ping.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From: Christian Boltz <apparmor@cboltz.de>
-Date: Thu, 26 Sep 2024 23:43:29 +0200
-Subject: ping: allow reading /proc/sys/net/ipv6/conf/all/disable_ipv6
-
-Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082190
-
-(cherry picked from commit df4d7cb8dac31d0fc15a74edbb451c14a4b94fca,
- without the test update because test-logprof doesn't exist in 3.x yet)
----
- profiles/apparmor.d/bin.ping | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/profiles/apparmor.d/bin.ping b/profiles/apparmor.d/bin.ping
-index 149b802..2efd37f 100644
---- a/profiles/apparmor.d/bin.ping
-+++ b/profiles/apparmor.d/bin.ping
-@@ -24,6 +24,7 @@ profile ping /{usr/,}bin/{,iputils-}ping {
-
- /{,usr/}bin/{,iputils-}ping mixr,
- /etc/modules.conf r,
-+ @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
-
- # Site-specific additions and overrides. See local/README for details.
- include if exists <local/bin.ping>
diff --git a/debian/patches/upstream-commit-fe6604532f9043aaa81ed2b327c11f4d90fbc605-Python-3.13-support.patch b/debian/patches/upstream-commit-fe6604532f9043aaa81ed2b327c11f4d90fbc605-Python-3.13-support.patch
deleted file mode 100644
index de7fdb571df2374bc0a7bddbea0f930dff4be4a7..0000000000000000000000000000000000000000
--- a/debian/patches/upstream-commit-fe6604532f9043aaa81ed2b327c11f4d90fbc605-Python-3.13-support.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From: Christian Boltz <gitlab2@cboltz.de>
-Date: Thu, 5 Dec 2024 17:36:43 +0000
-Subject: Merge python 3.13 fixes/workarounds
-
-Fixes/workarounds for python 3.13 support.
-
-fail.py: handle missing cgitb - workaround for https://gitlab.com/apparmor/apparmor/-/issues/447
-
-MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1439
-Approved-by: Christian Boltz <apparmor@cboltz.de>
-Merged-by: Christian Boltz <apparmor@cboltz.de>
-
-(cherry picked from commit 5fb91616e3ec1136b2008ab201d8d709ea2dc2f8)
-
-434e34bb fail.py: handle missing cgitb
-
-Co-authored-by: Christian Boltz <apparmor@cboltz.de>
----
- utils/apparmor/fail.py | 25 +++++++++++++++----------
- 1 file changed, 15 insertions(+), 10 deletions(-)
-
-diff --git a/utils/apparmor/fail.py b/utils/apparmor/fail.py
-index ece6efc..a71ceb6 100644
---- a/utils/apparmor/fail.py
-+++ b/utils/apparmor/fail.py
-@@ -8,7 +8,11 @@
- #
- # ------------------------------------------------------------------
-
--import cgitb
-+try:
-+ import cgitb
-+except ImportError:
-+ cgitb = None
-+ pass
- import sys
- import traceback
- from tempfile import NamedTemporaryFile
-@@ -32,20 +36,21 @@ def handle_exception(*exc_info):
- print('', file=sys.stderr)
- error(ex.value)
- else:
-- with NamedTemporaryFile('w', prefix='apparmor-bugreport-', suffix='.txt', delete=False) as file:
-- cgitb_hook = cgitb.Hook(display=1, file=file, format='text', context=10)
-- cgitb_hook.handle(exc_info)
--
-- file.write('Please consider reporting a bug at https://gitlab.com/apparmor/apparmor/-/issues\n')
-- file.write('and attach this file.\n')
-+ if cgitb:
-+ with NamedTemporaryFile('w', prefix='apparmor-bugreport-', suffix='.txt', delete=False) as file:
-+ cgitb_hook = cgitb.Hook(display=1, file=file, format='text', context=10)
-+ cgitb_hook.handle(exc_info)
-+ file.write('Please consider reporting a bug at https://gitlab.com/apparmor/apparmor/-/issues\n')
-+ file.write('and attach this file.\n')
-
- print(''.join(traceback.format_exception(*exc_info)), file=sys.stderr)
-- print('', file=sys.stderr)
- print('An unexpected error occurred!', file=sys.stderr)
- print('', file=sys.stderr)
-- print('For details, see %s' % file.name, file=sys.stderr)
-+ if cgitb:
-+ print('For details, see %s' % file.name, file=sys.stderr)
- print('Please consider reporting a bug at https://gitlab.com/apparmor/apparmor/-/issues', file=sys.stderr)
-- print('and attach this file.', file=sys.stderr)
-+ if cgitb:
-+ print('and attach this file.', file=sys.stderr)
-
-
- def enable_aa_exception_handler():
diff --git a/debian/patches/upstream-mr-1254-Honor-global-CFLAGS-when-building-Python-library.patch b/debian/patches/upstream-mr-1254-Honor-global-CFLAGS-when-building-Python-library.patch
deleted file mode 100644
index 360d83ecc1a4a6b30ebee9eae6b29ff15aa7c776..0000000000000000000000000000000000000000
--- a/debian/patches/upstream-mr-1254-Honor-global-CFLAGS-when-building-Python-library.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: intrigeri <intrigeri@boum.org>
-Date: Thu, 6 Jun 2024 13:36:53 +0000
-Subject: Honor global CFLAGS when building Python library
-
-Similarly to https://gitlab.com/apparmor/apparmor/-/merge_requests/689, use the
-global CFLAGS when building Python library, so we honor extra flags set by
-distributions, such
-as -fstack-protector-strong -fstack-clash-protection -Werror=format-security -fcf-protection.
-
-Spotted by blhc on Debian.
-
-Forwarded: https://gitlab.com/apparmor/apparmor/-/merge_requests/1254
----
- libraries/libapparmor/swig/python/Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libraries/libapparmor/swig/python/Makefile.am b/libraries/libapparmor/swig/python/Makefile.am
-index bf05fe0..b42ebb1 100644
---- a/libraries/libapparmor/swig/python/Makefile.am
-+++ b/libraries/libapparmor/swig/python/Makefile.am
-@@ -14,7 +14,7 @@ MOSTLYCLEANFILES=libapparmor_wrap.c LibAppArmor.py
-
- all-local: libapparmor_wrap.c setup.py
- if test ! -f libapparmor_wrap.c; then cp $(srcdir)/libapparmor_wrap.c . ; fi
-- CC="$(CC)" CFLAGS="$(PYTHON_CPPFLAGS) $(EXTRA_WARNINGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(PYTHON_LDFLAGS) $(LDFLAGS)" $(PYTHON) setup.py build
-+ CC="$(CC)" CFLAGS="$(PYTHON_CPPFLAGS) $(CFLAGS) $(EXTRA_WARNINGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(PYTHON_LDFLAGS) $(LDFLAGS)" $(PYTHON) setup.py build
-
- install-exec-local:
- $(PYTHON) setup.py install --root="/$(DESTDIR)" --prefix="$(prefix)"
diff --git a/debian/patches/upstream-mr-1558-avoid-blhc-false-positive.patch b/debian/patches/upstream-mr-1558-avoid-blhc-false-positive.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4f5ee0df175d83a7371dffe170f14f8b2ed98102
--- /dev/null
+++ b/debian/patches/upstream-mr-1558-avoid-blhc-false-positive.patch
@@ -0,0 +1,24 @@
+From: intrigeri <intrigeri@riseup.net>
+Date: Thu, 20 Feb 2025 22:32:58 +0000
+Subject: Avoid blhc "CPPFLAGS missing" false positive
+
+Similarly to apparmor/apparmor!403, we don't really need to pass these flags
+here, but if we don't, blhc raises a false positive, and I don't want to get
+used to ignoring blhc failures on Debian's GitLab CI.
+---
+ parser/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/parser/Makefile b/parser/Makefile
+index 57a699d..9f97146 100644
+--- a/parser/Makefile
++++ b/parser/Makefile
+@@ -375,7 +375,7 @@ tst_%: parser_%.c parser.h $(filter-out parser_%.o, ${TEST_OBJECTS})
+
+ errnos.h:
+ echo '#include <errno.h>' > dump.c
+- $(CC) -E -dD dump.c | awk '/^#define E/ { printf "{ \"%s\", %s },\n", $$2, $$2 }' > errnos.h
++ $(CC) $(CPPFLAGS) -E -dD dump.c | awk '/^#define E/ { printf "{ \"%s\", %s },\n", $$2, $$2 }' > errnos.h
+ rm -f dump.c
+
+ .SILENT: check
diff --git a/debian/patches/upstream-mr-1567-fix-riscv64.patch b/debian/patches/upstream-mr-1567-fix-riscv64.patch
new file mode 100644
index 0000000000000000000000000000000000000000..182cf07e7c0b02ef5ca8db29dd6d656c8f064690
--- /dev/null
+++ b/debian/patches/upstream-mr-1567-fix-riscv64.patch
@@ -0,0 +1,21 @@
+From: Bo YU <tsu.yubo@gmail.com>
+Date: Tue, 4 Mar 2025 02:18:18 +0000
+Subject: Increase timeout for test_allow_all
+
+---
+ utils/test/test-logprof.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/utils/test/test-logprof.py b/utils/test/test-logprof.py
+index f821798..e820503 100644
+--- a/utils/test/test-logprof.py
++++ b/utils/test/test-logprof.py
+@@ -126,7 +126,7 @@ class TestLogprof(AATest):
+ output = self.process.stdout.readline().decode("utf-8").strip()
+ self.assertEqual(output, line)
+ # give logprof some time to write the updated profile and terminate
+- self.process.wait(timeout=0.3)
++ self.process.wait(timeout=0.6)
+ self.assertEqual(self.process.returncode, 0)
+
+
diff --git a/debian/put-all-profiles-in-complain-mode.sh b/debian/put-all-profiles-in-complain-mode.sh
index edcadeda551c6728b3be3b7a64a58d1ed8ec21de..cb95912f047cc1495425c1220f62565e74f976eb 100644
--- a/debian/put-all-profiles-in-complain-mode.sh
+++ b/debian/put-all-profiles-in-complain-mode.sh
@@ -1,23 +1,35 @@
#!/bin/sh
+set -eu
+
PROFILE_DIR="./etc/apparmor.d"
-for f in ${PROFILE_DIR}/*
-do
- [ ! -f "$f" ] && continue
+for f in "${PROFILE_DIR}"/*; do
+ [ -f "$f" ] || continue
+
+ # put lsb_release and nvidia_modprobe in enforce mode
+ [ "$f" != "${PROFILE_DIR}/nvidia_modprobe" ] || continue
+ [ "$f" != "${PROFILE_DIR}/lsb_release" ] || continue
- # put lsb_release and nvidia_modprobe in enforce mode
- [ "$f" = "${PROFILE_DIR}/nvidia_modprobe" ] && continue
- [ "$f" = "${PROFILE_DIR}/lsb_release" ] && continue
+ if grep -q --extended-regexp 'flags=\(.*\) {' "$f"; then
+ # unconfined profiles don't make sense as complain
+ if grep -q --fixed-strings 'flags=(unconfined)' "$f"; then
+ continue
+ fi
- if egrep -q 'flags=\(.*\) {' "$f"; then
- # Deal with existing flags, but need to account for multiple
- # profiles in one file and not all of them having the same
- # flags.
- grep -q 'flags=(complain)' "$f" && continue
- sed -i -e 's/flags=(\(.*\)) {$/flags=(complain,\1) {/' -e 's/ {$/ flags=(complain) {/' -e 's/) flags=(complain) {/) {/' "$f"
- else
- # No existing flags
- sed -i 's/ {$/ flags=(complain) {/' "$f"
- fi
+ # Deal with existing flags, but need to account for multiple
+ # profiles in one file and not all of them having the same
+ # flags.
+ if grep -q --fixed-strings 'flags=(complain)' "$f"; then
+ continue
+ fi
+ sed -i \
+ -e 's/flags=(\(.*\)) {$/flags=(complain,\1) {/' \
+ -e 's/ {$/ flags=(complain) {/' \
+ -e 's/) flags=(complain) {/) {/' \
+ "$f"
+ else
+ # No existing flags
+ sed -i 's/ {$/ flags=(complain) {/' "$f"
+ fi
done
diff --git a/debian/rules b/debian/rules
index 0a71664c47a8c0cabcec8b7a8c2949ccbb2eea0a..cfef2a6046db210536fcbd986027777808e2f7ef 100755
--- a/debian/rules
+++ b/debian/rules
@@ -59,15 +59,27 @@ endif
override_dh_auto_test:
ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
-ifeq (,$(filter $(DEB_HOST_ARCH_OS), kfreebsd knetbsd hurd ))
- dh_auto_test -Dbinutils -- V=1
- dh_auto_test -Dparser -- V=1
-endif
dh_auto_test -Dlibraries/libapparmor -- V=1
+ # Doesn't make sense to run utils tests without Python version
+ #dh_auto_test -Dutils -- V=1
+
+ # Utils test needs to set PYTHON_VERSIONS and PYTHON
+ # Hacky workaround since utils make check uses a version of pyalldo
+ # and we need to specify a different libapparmor CPython module for each
+ # Also set APPARMOR_NOTIFY to use our Python version
set -e; for py in $(shell py3versions -s) ; do \
PYTHON=/usr/bin/$$py dh_auto_test \
-D libraries/libapparmor.$$py -- PYTHON=/usr/bin/$$py; \
+ LIBAPPARMOR_BASEDIR=../../libraries/libapparmor.$$py\
+ PYTHON_VERSIONS=$$py PYTHON=/usr/bin/$$py\
+ dh_auto_test \
+ -D utils.$$py/ -- LIBAPPARMOR_BASEDIR=../../libraries/libapparmor.$$py\
+ PYTHON_VERSIONS=$$py PYTHON=/usr/bin/$$py;\
done
+ifeq (,$(filter $(DEB_HOST_ARCH_OS), kfreebsd knetbsd hurd ))
+ dh_auto_test -Dbinutils -- V=1
+ dh_auto_test -Dparser -- V=1
+endif
endif
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
index c4cbed7906319a9f3349e4f00c3709b4a134ac9c..34a51e61246b4eb222f8a7be00790b0d2cbdee1a 100644
--- a/debian/source/lintian-overrides
+++ b/debian/source/lintian-overrides
@@ -1,8 +1,3 @@
# We don't build these libraries
apparmor source: package-does-not-install-examples [libraries/libapparmor/swig/perl/examples/]
apparmor source: package-does-not-install-examples [libraries/libapparmor/swig/ruby/examples/]
-# Source is the corresponding .pod file
-apparmor source: source-is-missing [changehat/mod_apparmor/mod_apparmor.8.html]
-apparmor source: source-is-missing [parser/apparmor.d.5.html]
-apparmor source: source-is-missing [parser/apparmor_parser.8.html]
-apparmor source: source-is-missing [utils/aa-unconfined.8.html]
diff --git a/debian/tests/compile-policy b/debian/tests/compile-policy
index 68e335d27a0d6568935b16c45ef2214844400a90..a14b8592beea23eca87e78436e09ded2801d38a8 100755
--- a/debian/tests/compile-policy
+++ b/debian/tests/compile-policy
@@ -38,14 +38,14 @@ PROFILES_NAMES="guestfs-tools \
usr.sbin.named \
usr.sbin.unbound"
-for profile_name in $PROFILES_NAMES ; do
- echo "Testing $profile_name"
- /sbin/apparmor_parser \
- --add \
- --skip-cache \
- --skip-kernel-load \
- --verbose \
- --warn=rule-downgraded \
- --warn=rule-not-enforced \
- "/etc/apparmor.d/$profile_name"
+for profile_name in $PROFILES_NAMES; do
+ echo "Testing $profile_name"
+ /sbin/apparmor_parser \
+ --add \
+ --skip-cache \
+ --skip-kernel-load \
+ --verbose \
+ --warn=rule-downgraded \
+ --warn=rule-not-enforced \
+ "/etc/apparmor.d/$profile_name"
done
diff --git a/debian/tests/test-installed b/debian/tests/test-installed
index 2831f61824d3a2e1f410ebc6068e47e51d135b81..cfc49b9b5174d24d6343656fb4420fd4cf027ff2 100755
--- a/debian/tests/test-installed
+++ b/debian/tests/test-installed
@@ -14,23 +14,23 @@ trap "rm -rf $WORKDIR" 0 INT QUIT ABRT PIPE TERM
cp -a common "$WORKDIR"/
cp -a libraries "$WORKDIR"/
-for dir in $TEST_DIRS ; do
- mkdir -p "$WORKDIR/$(dirname "$dir")"
- cp -a "$SOURCE_DIR/$dir" "$WORKDIR/$dir"
- (
- cd "$WORKDIR/$dir"
- echo "Running tests in $WORKDIR/$dir"
- if [ ! -f Makefile ] ; then
- if [ -x autogen.sh ] ; then
- echo "No Makefile found in $WORKDIR/$dir, running ./autogen.sh"
- ./autogen.sh
- fi
- fi
- if [ ! -f Makefile ] ; then
- echo "No Makefile found in $WORKDIR/$dir, aborting."
- exit 1
- fi
- USE_SYSTEM=1 make tests V=1
- )
- rm -rf "${WORKDIR:?}/$dir"
+for dir in $TEST_DIRS; do
+ mkdir -p "$WORKDIR/$(dirname "$dir")"
+ cp -a "$SOURCE_DIR/$dir" "$WORKDIR/$dir"
+ (
+ cd "$WORKDIR/$dir"
+ echo "Running tests in $WORKDIR/$dir"
+ if [ ! -f Makefile ]; then
+ if [ -x autogen.sh ]; then
+ echo "No Makefile found in $WORKDIR/$dir, running ./autogen.sh"
+ ./autogen.sh
+ fi
+ fi
+ if [ ! -f Makefile ]; then
+ echo "No Makefile found in $WORKDIR/$dir, aborting."
+ exit 1
+ fi
+ USE_SYSTEM=1 make tests V=1
+ )
+ rm -rf "${WORKDIR:?}/$dir"
done
diff --git a/debian/watch b/debian/watch
index c092710928c650344753d5594b04855990bc278e..815190b2bff1c84df8fc9dad1e7eb388562ca4d6 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,4 +1,4 @@
version=4
opts=pgpsigurlmangle=s/$/.asc/ \
https://launchpad.net/apparmor/+download \
-.*/apparmor-(3\.\d+\.\d[^\s/]*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz)
+.*/apparmor-(\d[^\s/]*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz)
diff --git a/documentation/AppArmor_Developer_2-policy_layout_and_encoding.odt b/documentation/AppArmor_Developer_2-policy_layout_and_encoding.odt
index 59d77ca0723897dec407e57348f6f55e7ea9d069..506567cc2bb1a4e862529762f48684132bffa1ab 100644
Binary files a/documentation/AppArmor_Developer_2-policy_layout_and_encoding.odt and b/documentation/AppArmor_Developer_2-policy_layout_and_encoding.odt differ
diff --git a/libraries/libapparmor/Makefile.in b/libraries/libapparmor/Makefile.in
deleted file mode 100644
index 99d6ea6275dccb8a6f1acdff03727f81020e5b7a..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/Makefile.in
+++ /dev/null
@@ -1,833 +0,0 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = .
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/../../common/Version \
- $(top_srcdir)/m4/ac_podchecker.m4 \
- $(top_srcdir)/m4/ac_pod2man.m4 \
- $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
- $(am__configure_deps) $(am__DIST_COMMON)
-am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
- configure.lineno config.status.lineno
-mkinstalldirs = $(install_sh) -d
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-SOURCES =
-DIST_SOURCES =
-RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
- ctags-recursive dvi-recursive html-recursive info-recursive \
- install-data-recursive install-dvi-recursive \
- install-exec-recursive install-html-recursive \
- install-info-recursive install-pdf-recursive \
- install-ps-recursive install-recursive installcheck-recursive \
- installdirs-recursive pdf-recursive ps-recursive \
- tags-recursive uninstall-recursive
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
- distclean-recursive maintainer-clean-recursive
-am__recursive_targets = \
- $(RECURSIVE_TARGETS) \
- $(RECURSIVE_CLEAN_TARGETS) \
- $(am__extra_recursive_targets)
-AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
- cscope distdir distdir-am dist dist-all distcheck
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-DIST_SUBDIRS = $(SUBDIRS)
-am__DIST_COMMON = $(srcdir)/Makefile.in AUTHORS ChangeLog INSTALL NEWS \
- README compile config.guess config.sub install-sh ltmain.sh \
- missing
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-distdir = $(PACKAGE)-$(VERSION)
-top_distdir = $(distdir)
-am__remove_distdir = \
- if test -d "$(distdir)"; then \
- find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
- && rm -rf "$(distdir)" \
- || { sleep 5 && rm -rf "$(distdir)"; }; \
- else :; fi
-am__post_remove_distdir = $(am__remove_distdir)
-am__relativize = \
- dir0=`pwd`; \
- sed_first='s,^\([^/]*\)/.*$$,\1,'; \
- sed_rest='s,^[^/]*/*,,'; \
- sed_last='s,^.*/\([^/]*\)$$,\1,'; \
- sed_butlast='s,/*[^/]*$$,,'; \
- while test -n "$$dir1"; do \
- first=`echo "$$dir1" | sed -e "$$sed_first"`; \
- if test "$$first" != "."; then \
- if test "$$first" = ".."; then \
- dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
- dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
- else \
- first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
- if test "$$first2" = "$$first"; then \
- dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
- else \
- dir2="../$$dir2"; \
- fi; \
- dir0="$$dir0"/"$$first"; \
- fi; \
- fi; \
- dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
- done; \
- reldir="$$dir2"
-DIST_ARCHIVES = $(distdir).tar.gz
-GZIP_ENV = --best
-DIST_TARGETS = dist-gzip
-# Exists only to be overridden by the user if desired.
-AM_DISTCHECK_DVI_TARGET = dvi
-distuninstallcheck_listfiles = find . -type f -print
-am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
- | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
-distcleancheck_listfiles = find . -type f -print
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POD2MAN = @POD2MAN@
-PODCHECKER = @PODCHECKER@
-PYTHON = @PYTHON@
-PYTHON_CONFIG = @PYTHON_CONFIG@
-PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
-PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
-PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RUBY = @RUBY@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-SWIG = @SWIG@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-AUTOMAKE_OPTIONS = foreign 1.4
-NAME = libapparmor
-SRCDIR = src
-SUBDIRS = doc src include swig testsuite
-EXTRA_DIST = AUTHORS ChangeLog COPYING.LGPL INSTALL NEWS README
-all: all-recursive
-
-.SUFFIXES:
-am--refresh: Makefile
- @:
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \
- $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \
- && exit 0; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --foreign Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- echo ' $(SHELL) ./config.status'; \
- $(SHELL) ./config.status;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- $(SHELL) ./config.status --recheck
-
-$(top_srcdir)/configure: $(am__configure_deps)
- $(am__cd) $(srcdir) && $(AUTOCONF)
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
-$(am__aclocal_m4_deps):
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-
-distclean-libtool:
- -rm -f libtool config.lt
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run 'make' without going through this Makefile.
-# To change the values of 'make' variables: instead of editing Makefiles,
-# (1) if the variable is set in 'config.status', edit 'config.status'
-# (which will cause the Makefiles to be regenerated when you run 'make');
-# (2) otherwise, pass the desired values on the 'make' command line.
-$(am__recursive_targets):
- @fail=; \
- if $(am__make_keepgoing); then \
- failcom='fail=yes'; \
- else \
- failcom='exit 1'; \
- fi; \
- dot_seen=no; \
- target=`echo $@ | sed s/-recursive//`; \
- case "$@" in \
- distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
- *) list='$(SUBDIRS)' ;; \
- esac; \
- for subdir in $$list; do \
- echo "Making $$target in $$subdir"; \
- if test "$$subdir" = "."; then \
- dot_seen=yes; \
- local_target="$$target-am"; \
- else \
- local_target="$$target"; \
- fi; \
- ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
- || eval $$failcom; \
- done; \
- if test "$$dot_seen" = "no"; then \
- $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
- fi; test -z "$$fail"
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-recursive
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
- include_option=--etags-include; \
- empty_fix=.; \
- else \
- include_option=--include; \
- empty_fix=; \
- fi; \
- list='$(SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- test ! -f $$subdir/TAGS || \
- set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
- fi; \
- done; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-recursive
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscope: cscope.files
- test ! -s cscope.files \
- || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS)
-clean-cscope:
- -rm -f cscope.files
-cscope.files: clean-cscope cscopelist
-cscopelist: cscopelist-recursive
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
- -rm -f cscope.out cscope.in.out cscope.po.out cscope.files
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- $(am__remove_distdir)
- test -d "$(distdir)" || mkdir "$(distdir)"
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
- @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- $(am__make_dryrun) \
- || test -d "$(distdir)/$$subdir" \
- || $(MKDIR_P) "$(distdir)/$$subdir" \
- || exit 1; \
- dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
- $(am__relativize); \
- new_distdir=$$reldir; \
- dir1=$$subdir; dir2="$(top_distdir)"; \
- $(am__relativize); \
- new_top_distdir=$$reldir; \
- echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
- echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
- ($(am__cd) $$subdir && \
- $(MAKE) $(AM_MAKEFLAGS) \
- top_distdir="$$new_top_distdir" \
- distdir="$$new_distdir" \
- am__remove_distdir=: \
- am__skip_length_check=: \
- am__skip_mode_fix=: \
- distdir) \
- || exit 1; \
- fi; \
- done
- -test -n "$(am__skip_mode_fix)" \
- || find "$(distdir)" -type d ! -perm -755 \
- -exec chmod u+rwx,go+rx {} \; -o \
- ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
- ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
- ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
- || chmod -R a+r "$(distdir)"
-dist-gzip: distdir
- tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
- $(am__post_remove_distdir)
-
-dist-bzip2: distdir
- tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2
- $(am__post_remove_distdir)
-
-dist-lzip: distdir
- tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz
- $(am__post_remove_distdir)
-
-dist-xz: distdir
- tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
- $(am__post_remove_distdir)
-
-dist-zstd: distdir
- tardir=$(distdir) && $(am__tar) | zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst
- $(am__post_remove_distdir)
-
-dist-tarZ: distdir
- @echo WARNING: "Support for distribution archives compressed with" \
- "legacy program 'compress' is deprecated." >&2
- @echo WARNING: "It will be removed altogether in Automake 2.0" >&2
- tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
- $(am__post_remove_distdir)
-
-dist-shar: distdir
- @echo WARNING: "Support for shar distribution archives is" \
- "deprecated." >&2
- @echo WARNING: "It will be removed altogether in Automake 2.0" >&2
- shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
- $(am__post_remove_distdir)
-
-dist-zip: distdir
- -rm -f $(distdir).zip
- zip -rq $(distdir).zip $(distdir)
- $(am__post_remove_distdir)
-
-dist dist-all:
- $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:'
- $(am__post_remove_distdir)
-
-# This target untars the dist file and tries a VPATH configuration. Then
-# it guarantees that the distribution is self-contained by making another
-# tarfile.
-distcheck: dist
- case '$(DIST_ARCHIVES)' in \
- *.tar.gz*) \
- eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
- *.tar.bz2*) \
- bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
- *.tar.lz*) \
- lzip -dc $(distdir).tar.lz | $(am__untar) ;;\
- *.tar.xz*) \
- xz -dc $(distdir).tar.xz | $(am__untar) ;;\
- *.tar.Z*) \
- uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
- *.shar.gz*) \
- eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
- *.zip*) \
- unzip $(distdir).zip ;;\
- *.tar.zst*) \
- zstd -dc $(distdir).tar.zst | $(am__untar) ;;\
- esac
- chmod -R a-w $(distdir)
- chmod u+w $(distdir)
- mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst
- chmod a-w $(distdir)
- test -d $(distdir)/_build || exit 0; \
- dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
- && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
- && am__cwd=`pwd` \
- && $(am__cd) $(distdir)/_build/sub \
- && ../../configure \
- $(AM_DISTCHECK_CONFIGURE_FLAGS) \
- $(DISTCHECK_CONFIGURE_FLAGS) \
- --srcdir=../.. --prefix="$$dc_install_base" \
- && $(MAKE) $(AM_MAKEFLAGS) \
- && $(MAKE) $(AM_MAKEFLAGS) $(AM_DISTCHECK_DVI_TARGET) \
- && $(MAKE) $(AM_MAKEFLAGS) check \
- && $(MAKE) $(AM_MAKEFLAGS) install \
- && $(MAKE) $(AM_MAKEFLAGS) installcheck \
- && $(MAKE) $(AM_MAKEFLAGS) uninstall \
- && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
- distuninstallcheck \
- && chmod -R a-w "$$dc_install_base" \
- && ({ \
- (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
- && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
- && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
- && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
- distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
- } || { rm -rf "$$dc_destdir"; exit 1; }) \
- && rm -rf "$$dc_destdir" \
- && $(MAKE) $(AM_MAKEFLAGS) dist \
- && rm -rf $(DIST_ARCHIVES) \
- && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
- && cd "$$am__cwd" \
- || exit 1
- $(am__post_remove_distdir)
- @(echo "$(distdir) archives ready for distribution: "; \
- list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
- sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
-distuninstallcheck:
- @test -n '$(distuninstallcheck_dir)' || { \
- echo 'ERROR: trying to run $@ with an empty' \
- '$$(distuninstallcheck_dir)' >&2; \
- exit 1; \
- }; \
- $(am__cd) '$(distuninstallcheck_dir)' || { \
- echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \
- exit 1; \
- }; \
- test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \
- || { echo "ERROR: files left after uninstall:" ; \
- if test -n "$(DESTDIR)"; then \
- echo " (check DESTDIR support)"; \
- fi ; \
- $(distuninstallcheck_listfiles) ; \
- exit 1; } >&2
-distcleancheck: distclean
- @if test '$(srcdir)' = . ; then \
- echo "ERROR: distcleancheck can only run from a VPATH build" ; \
- exit 1 ; \
- fi
- @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
- || { echo "ERROR: files left in build directory after distclean:" ; \
- $(distcleancheck_listfiles) ; \
- exit 1; } >&2
-check-am: all-am
-check: check-recursive
-all-am: Makefile
-installdirs: installdirs-recursive
-installdirs-am:
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
- -rm -f $(am__CONFIG_DISTCLEAN_FILES)
- -rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-libtool \
- distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-html-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-
-install-dvi: install-dvi-recursive
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-recursive
-
-install-html-am:
-
-install-info: install-info-recursive
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-pdf-am:
-
-install-ps: install-ps-recursive
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
- -rm -f $(am__CONFIG_DISTCLEAN_FILES)
- -rm -rf $(top_srcdir)/autom4te.cache
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am:
-
-.MAKE: $(am__recursive_targets) install-am install-strip
-
-.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \
- am--refresh check check-am clean clean-cscope clean-generic \
- clean-libtool cscope cscopelist-am ctags ctags-am dist \
- dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \
- dist-xz dist-zip dist-zstd distcheck distclean \
- distclean-generic distclean-libtool distclean-tags \
- distcleancheck distdir distuninstallcheck dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-man install-pdf install-pdf-am \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs installdirs-am maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
- uninstall-am
-
-.PRECIOUS: Makefile
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/libraries/libapparmor/aclocal.m4 b/libraries/libapparmor/aclocal.m4
deleted file mode 100644
index af83c61778994cacd9f6c29a493577e4abdd5b1a..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/aclocal.m4
+++ /dev/null
@@ -1,10857 +0,0 @@
-# generated automatically by aclocal 1.16.5 -*- Autoconf -*-
-
-# Copyright (C) 1996-2021 Free Software Foundation, Inc.
-
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
-m4_ifndef([AC_AUTOCONF_VERSION],
- [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
-m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.71],,
-[m4_warning([this file was generated for autoconf 2.71.
-You have another version of autoconf. It may work, but is not guaranteed to.
-If you have problems, you may need to regenerate the build system entirely.
-To do so, use the procedure documented by the package, typically 'autoreconf'.])])
-
-# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
-#
-# Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
-# Written by Gordon Matzigkeit, 1996
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-m4_define([_LT_COPYING], [dnl
-# Copyright (C) 2014 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions. There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# GNU Libtool is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of of the License, or
-# (at your option) any later version.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program or library that is built
-# using GNU Libtool, you may include this file under the same
-# distribution terms that you use for the rest of that program.
-#
-# GNU Libtool is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-])
-
-# serial 58 LT_INIT
-
-
-# LT_PREREQ(VERSION)
-# ------------------
-# Complain and exit if this libtool version is less that VERSION.
-m4_defun([LT_PREREQ],
-[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1,
- [m4_default([$3],
- [m4_fatal([Libtool version $1 or higher is required],
- 63)])],
- [$2])])
-
-
-# _LT_CHECK_BUILDDIR
-# ------------------
-# Complain if the absolute build directory name contains unusual characters
-m4_defun([_LT_CHECK_BUILDDIR],
-[case `pwd` in
- *\ * | *\ *)
- AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;;
-esac
-])
-
-
-# LT_INIT([OPTIONS])
-# ------------------
-AC_DEFUN([LT_INIT],
-[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK
-AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
-AC_BEFORE([$0], [LT_LANG])dnl
-AC_BEFORE([$0], [LT_OUTPUT])dnl
-AC_BEFORE([$0], [LTDL_INIT])dnl
-m4_require([_LT_CHECK_BUILDDIR])dnl
-
-dnl Autoconf doesn't catch unexpanded LT_ macros by default:
-m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl
-m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl
-dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4
-dnl unless we require an AC_DEFUNed macro:
-AC_REQUIRE([LTOPTIONS_VERSION])dnl
-AC_REQUIRE([LTSUGAR_VERSION])dnl
-AC_REQUIRE([LTVERSION_VERSION])dnl
-AC_REQUIRE([LTOBSOLETE_VERSION])dnl
-m4_require([_LT_PROG_LTMAIN])dnl
-
-_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}])
-
-dnl Parse OPTIONS
-_LT_SET_OPTIONS([$0], [$1])
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS=$ltmain
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-AC_SUBST(LIBTOOL)dnl
-
-_LT_SETUP
-
-# Only expand once:
-m4_define([LT_INIT])
-])# LT_INIT
-
-# Old names:
-AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT])
-AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PROG_LIBTOOL], [])
-dnl AC_DEFUN([AM_PROG_LIBTOOL], [])
-
-
-# _LT_PREPARE_CC_BASENAME
-# -----------------------
-m4_defun([_LT_PREPARE_CC_BASENAME], [
-# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
- for cc_temp in @S|@*""; do
- case $cc_temp in
- compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
- distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
- \-*) ;;
- *) break;;
- esac
- done
- func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-])# _LT_PREPARE_CC_BASENAME
-
-
-# _LT_CC_BASENAME(CC)
-# -------------------
-# It would be clearer to call AC_REQUIREs from _LT_PREPARE_CC_BASENAME,
-# but that macro is also expanded into generated libtool script, which
-# arranges for $SED and $ECHO to be set by different means.
-m4_defun([_LT_CC_BASENAME],
-[m4_require([_LT_PREPARE_CC_BASENAME])dnl
-AC_REQUIRE([_LT_DECL_SED])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-func_cc_basename $1
-cc_basename=$func_cc_basename_result
-])
-
-
-# _LT_FILEUTILS_DEFAULTS
-# ----------------------
-# It is okay to use these file commands and assume they have been set
-# sensibly after 'm4_require([_LT_FILEUTILS_DEFAULTS])'.
-m4_defun([_LT_FILEUTILS_DEFAULTS],
-[: ${CP="cp -f"}
-: ${MV="mv -f"}
-: ${RM="rm -f"}
-])# _LT_FILEUTILS_DEFAULTS
-
-
-# _LT_SETUP
-# ---------
-m4_defun([_LT_SETUP],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-
-_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl
-dnl
-_LT_DECL([], [host_alias], [0], [The host system])dnl
-_LT_DECL([], [host], [0])dnl
-_LT_DECL([], [host_os], [0])dnl
-dnl
-_LT_DECL([], [build_alias], [0], [The build system])dnl
-_LT_DECL([], [build], [0])dnl
-_LT_DECL([], [build_os], [0])dnl
-dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-dnl
-AC_REQUIRE([AC_PROG_LN_S])dnl
-test -z "$LN_S" && LN_S="ln -s"
-_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl
-dnl
-AC_REQUIRE([LT_CMD_MAX_LEN])dnl
-_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl
-_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl
-dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl
-m4_require([_LT_CMD_RELOAD])dnl
-m4_require([_LT_CHECK_MAGIC_METHOD])dnl
-m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl
-m4_require([_LT_CMD_OLD_ARCHIVE])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_WITH_SYSROOT])dnl
-m4_require([_LT_CMD_TRUNCATE])dnl
-
-_LT_CONFIG_LIBTOOL_INIT([
-# See if we are running on zsh, and set the options that allow our
-# commands through without removal of \ escapes INIT.
-if test -n "\${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
-fi
-])
-if test -n "${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
-fi
-
-_LT_CHECK_OBJDIR
-
-m4_require([_LT_TAG_COMPILER])dnl
-
-case $host_os in
-aix3*)
- # AIX sometimes has problems with the GCC collect2 program. For some
- # reason, if we set the COLLECT_NAMES environment variable, the problems
- # vanish in a puff of smoke.
- if test set != "${COLLECT_NAMES+set}"; then
- COLLECT_NAMES=
- export COLLECT_NAMES
- fi
- ;;
-esac
-
-# Global variables:
-ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-old_CC=$CC
-old_CFLAGS=$CFLAGS
-
-# Set sane defaults for various variables
-test -z "$CC" && CC=cc
-test -z "$LTCC" && LTCC=$CC
-test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
-test -z "$LD" && LD=ld
-test -z "$ac_objext" && ac_objext=o
-
-_LT_CC_BASENAME([$compiler])
-
-# Only perform the check for file, if the check method requires it
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-case $deplibs_check_method in
-file_magic*)
- if test "$file_magic_cmd" = '$MAGIC_CMD'; then
- _LT_PATH_MAGIC
- fi
- ;;
-esac
-
-# Use C for the default configuration in the libtool script
-LT_SUPPORTED_TAG([CC])
-_LT_LANG_C_CONFIG
-_LT_LANG_DEFAULT_CONFIG
-_LT_CONFIG_COMMANDS
-])# _LT_SETUP
-
-
-# _LT_PREPARE_SED_QUOTE_VARS
-# --------------------------
-# Define a few sed substitution that help us do robust quoting.
-m4_defun([_LT_PREPARE_SED_QUOTE_VARS],
-[# Backslashify metacharacters that are still active within
-# double-quoted strings.
-sed_quote_subst='s/\([["`$\\]]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\([["`\\]]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to delay expansion of an escaped single quote.
-delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-])
-
-# _LT_PROG_LTMAIN
-# ---------------
-# Note that this code is called both from 'configure', and 'config.status'
-# now that we use AC_CONFIG_COMMANDS to generate libtool. Notably,
-# 'config.status' has no value for ac_aux_dir unless we are using Automake,
-# so we pass a copy along to make sure it has a sensible value anyway.
-m4_defun([_LT_PROG_LTMAIN],
-[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl
-_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir'])
-ltmain=$ac_aux_dir/ltmain.sh
-])# _LT_PROG_LTMAIN
-
-
-
-# So that we can recreate a full libtool script including additional
-# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS
-# in macros and then make a single call at the end using the 'libtool'
-# label.
-
-
-# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS])
-# ----------------------------------------
-# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL_INIT],
-[m4_ifval([$1],
- [m4_append([_LT_OUTPUT_LIBTOOL_INIT],
- [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_INIT])
-
-
-# _LT_CONFIG_LIBTOOL([COMMANDS])
-# ------------------------------
-# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL],
-[m4_ifval([$1],
- [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS],
- [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS])
-
-
-# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS])
-# -----------------------------------------------------
-m4_defun([_LT_CONFIG_SAVE_COMMANDS],
-[_LT_CONFIG_LIBTOOL([$1])
-_LT_CONFIG_LIBTOOL_INIT([$2])
-])
-
-
-# _LT_FORMAT_COMMENT([COMMENT])
-# -----------------------------
-# Add leading comment marks to the start of each line, and a trailing
-# full-stop to the whole comment if one is not present already.
-m4_define([_LT_FORMAT_COMMENT],
-[m4_ifval([$1], [
-m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])],
- [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.])
-)])
-
-
-
-
-
-# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?])
-# -------------------------------------------------------------------
-# CONFIGNAME is the name given to the value in the libtool script.
-# VARNAME is the (base) name used in the configure script.
-# VALUE may be 0, 1 or 2 for a computed quote escaped value based on
-# VARNAME. Any other value will be used directly.
-m4_define([_LT_DECL],
-[lt_if_append_uniq([lt_decl_varnames], [$2], [, ],
- [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name],
- [m4_ifval([$1], [$1], [$2])])
- lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3])
- m4_ifval([$4],
- [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])])
- lt_dict_add_subkey([lt_decl_dict], [$2],
- [tagged?], [m4_ifval([$5], [yes], [no])])])
-])
-
-
-# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION])
-# --------------------------------------------------------
-m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])])
-
-
-# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_tag_varnames],
-[_lt_decl_filter([tagged?], [yes], $@)])
-
-
-# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..])
-# ---------------------------------------------------------
-m4_define([_lt_decl_filter],
-[m4_case([$#],
- [0], [m4_fatal([$0: too few arguments: $#])],
- [1], [m4_fatal([$0: too few arguments: $#: $1])],
- [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)],
- [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)],
- [lt_dict_filter([lt_decl_dict], $@)])[]dnl
-])
-
-
-# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...])
-# --------------------------------------------------
-m4_define([lt_decl_quote_varnames],
-[_lt_decl_filter([value], [1], $@)])
-
-
-# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_dquote_varnames],
-[_lt_decl_filter([value], [2], $@)])
-
-
-# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_varnames_tagged],
-[m4_assert([$# <= 2])dnl
-_$0(m4_quote(m4_default([$1], [[, ]])),
- m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]),
- m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))])
-m4_define([_lt_decl_varnames_tagged],
-[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])])
-
-
-# lt_decl_all_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_all_varnames],
-[_$0(m4_quote(m4_default([$1], [[, ]])),
- m4_if([$2], [],
- m4_quote(lt_decl_varnames),
- m4_quote(m4_shift($@))))[]dnl
-])
-m4_define([_lt_decl_all_varnames],
-[lt_join($@, lt_decl_varnames_tagged([$1],
- lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl
-])
-
-
-# _LT_CONFIG_STATUS_DECLARE([VARNAME])
-# ------------------------------------
-# Quote a variable value, and forward it to 'config.status' so that its
-# declaration there will have the same value as in 'configure'. VARNAME
-# must have a single quote delimited value for this to work.
-m4_define([_LT_CONFIG_STATUS_DECLARE],
-[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`'])
-
-
-# _LT_CONFIG_STATUS_DECLARATIONS
-# ------------------------------
-# We delimit libtool config variables with single quotes, so when
-# we write them to config.status, we have to be sure to quote all
-# embedded single quotes properly. In configure, this macro expands
-# each variable declared with _LT_DECL (and _LT_TAGDECL) into:
-#
-# <var>='`$ECHO "$<var>" | $SED "$delay_single_quote_subst"`'
-m4_defun([_LT_CONFIG_STATUS_DECLARATIONS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames),
- [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAGS
-# ----------------
-# Output comment and list of tags supported by the script
-m4_defun([_LT_LIBTOOL_TAGS],
-[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl
-available_tags='_LT_TAGS'dnl
-])
-
-
-# _LT_LIBTOOL_DECLARE(VARNAME, [TAG])
-# -----------------------------------
-# Extract the dictionary values for VARNAME (optionally with TAG) and
-# expand to a commented shell variable setting:
-#
-# # Some comment about what VAR is for.
-# visible_name=$lt_internal_name
-m4_define([_LT_LIBTOOL_DECLARE],
-[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1],
- [description])))[]dnl
-m4_pushdef([_libtool_name],
- m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl
-m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])),
- [0], [_libtool_name=[$]$1],
- [1], [_libtool_name=$lt_[]$1],
- [2], [_libtool_name=$lt_[]$1],
- [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl
-m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl
-])
-
-
-# _LT_LIBTOOL_CONFIG_VARS
-# -----------------------
-# Produce commented declarations of non-tagged libtool config variables
-# suitable for insertion in the LIBTOOL CONFIG section of the 'libtool'
-# script. Tagged libtool config variables (even for the LIBTOOL CONFIG
-# section) are produced by _LT_LIBTOOL_TAG_VARS.
-m4_defun([_LT_LIBTOOL_CONFIG_VARS],
-[m4_foreach([_lt_var],
- m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)),
- [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAG_VARS(TAG)
-# -------------------------
-m4_define([_LT_LIBTOOL_TAG_VARS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames),
- [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])])
-
-
-# _LT_TAGVAR(VARNAME, [TAGNAME])
-# ------------------------------
-m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])])
-
-
-# _LT_CONFIG_COMMANDS
-# -------------------
-# Send accumulated output to $CONFIG_STATUS. Thanks to the lists of
-# variables for single and double quote escaping we saved from calls
-# to _LT_DECL, we can put quote escaped variables declarations
-# into 'config.status', and then the shell code to quote escape them in
-# for loops in 'config.status'. Finally, any additional code accumulated
-# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded.
-m4_defun([_LT_CONFIG_COMMANDS],
-[AC_PROVIDE_IFELSE([LT_OUTPUT],
- dnl If the libtool generation code has been placed in $CONFIG_LT,
- dnl instead of duplicating it all over again into config.status,
- dnl then we will have config.status run $CONFIG_LT later, so it
- dnl needs to know what name is stored there:
- [AC_CONFIG_COMMANDS([libtool],
- [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])],
- dnl If the libtool generation code is destined for config.status,
- dnl expand the accumulated commands and init code now:
- [AC_CONFIG_COMMANDS([libtool],
- [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])])
-])#_LT_CONFIG_COMMANDS
-
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT],
-[
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-sed_quote_subst='$sed_quote_subst'
-double_quote_subst='$double_quote_subst'
-delay_variable_subst='$delay_variable_subst'
-_LT_CONFIG_STATUS_DECLARATIONS
-LTCC='$LTCC'
-LTCFLAGS='$LTCFLAGS'
-compiler='$compiler_DEFAULT'
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
- eval 'cat <<_LTECHO_EOF
-\$[]1
-_LTECHO_EOF'
-}
-
-# Quote evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_quote_varnames); do
- case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
- *[[\\\\\\\`\\"\\\$]]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
- ;;
- *)
- eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
- ;;
- esac
-done
-
-# Double-quote double-evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_dquote_varnames); do
- case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
- *[[\\\\\\\`\\"\\\$]]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
- ;;
- *)
- eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
- ;;
- esac
-done
-
-_LT_OUTPUT_LIBTOOL_INIT
-])
-
-# _LT_GENERATED_FILE_INIT(FILE, [COMMENT])
-# ------------------------------------
-# Generate a child script FILE with all initialization necessary to
-# reuse the environment learned by the parent script, and make the
-# file executable. If COMMENT is supplied, it is inserted after the
-# '#!' sequence but before initialization text begins. After this
-# macro, additional text can be appended to FILE to form the body of
-# the child script. The macro ends with non-zero status if the
-# file could not be fully written (such as if the disk is full).
-m4_ifdef([AS_INIT_GENERATED],
-[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])],
-[m4_defun([_LT_GENERATED_FILE_INIT],
-[m4_require([AS_PREPARE])]dnl
-[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl
-[lt_write_fail=0
-cat >$1 <<_ASEOF || lt_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-$2
-SHELL=\${CONFIG_SHELL-$SHELL}
-export SHELL
-_ASEOF
-cat >>$1 <<\_ASEOF || lt_write_fail=1
-AS_SHELL_SANITIZE
-_AS_PREPARE
-exec AS_MESSAGE_FD>&1
-_ASEOF
-test 0 = "$lt_write_fail" && chmod +x $1[]dnl
-m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT
-
-# LT_OUTPUT
-# ---------
-# This macro allows early generation of the libtool script (before
-# AC_OUTPUT is called), incase it is used in configure for compilation
-# tests.
-AC_DEFUN([LT_OUTPUT],
-[: ${CONFIG_LT=./config.lt}
-AC_MSG_NOTICE([creating $CONFIG_LT])
-_LT_GENERATED_FILE_INIT(["$CONFIG_LT"],
-[# Run this file to recreate a libtool stub with the current configuration.])
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-lt_cl_silent=false
-exec AS_MESSAGE_LOG_FD>>config.log
-{
- echo
- AS_BOX([Running $as_me.])
-} >&AS_MESSAGE_LOG_FD
-
-lt_cl_help="\
-'$as_me' creates a local libtool stub from the current configuration,
-for use in further configure time tests before the real libtool is
-generated.
-
-Usage: $[0] [[OPTIONS]]
-
- -h, --help print this help, then exit
- -V, --version print version number, then exit
- -q, --quiet do not print progress messages
- -d, --debug don't remove temporary files
-
-Report bugs to <bug-libtool@gnu.org>."
-
-lt_cl_version="\
-m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
-m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
-configured by $[0], generated by m4_PACKAGE_STRING.
-
-Copyright (C) 2011 Free Software Foundation, Inc.
-This config.lt script is free software; the Free Software Foundation
-gives unlimited permision to copy, distribute and modify it."
-
-while test 0 != $[#]
-do
- case $[1] in
- --version | --v* | -V )
- echo "$lt_cl_version"; exit 0 ;;
- --help | --h* | -h )
- echo "$lt_cl_help"; exit 0 ;;
- --debug | --d* | -d )
- debug=: ;;
- --quiet | --q* | --silent | --s* | -q )
- lt_cl_silent=: ;;
-
- -*) AC_MSG_ERROR([unrecognized option: $[1]
-Try '$[0] --help' for more information.]) ;;
-
- *) AC_MSG_ERROR([unrecognized argument: $[1]
-Try '$[0] --help' for more information.]) ;;
- esac
- shift
-done
-
-if $lt_cl_silent; then
- exec AS_MESSAGE_FD>/dev/null
-fi
-_LTEOF
-
-cat >>"$CONFIG_LT" <<_LTEOF
-_LT_OUTPUT_LIBTOOL_COMMANDS_INIT
-_LTEOF
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-AC_MSG_NOTICE([creating $ofile])
-_LT_OUTPUT_LIBTOOL_COMMANDS
-AS_EXIT(0)
-_LTEOF
-chmod +x "$CONFIG_LT"
-
-# configure is writing to config.log, but config.lt does its own redirection,
-# appending to config.log, which fails on DOS, as config.log is still kept
-# open by configure. Here we exec the FD to /dev/null, effectively closing
-# config.log, so it can be properly (re)opened and appended to by config.lt.
-lt_cl_success=:
-test yes = "$silent" &&
- lt_config_lt_args="$lt_config_lt_args --quiet"
-exec AS_MESSAGE_LOG_FD>/dev/null
-$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
-exec AS_MESSAGE_LOG_FD>>config.log
-$lt_cl_success || AS_EXIT(1)
-])# LT_OUTPUT
-
-
-# _LT_CONFIG(TAG)
-# ---------------
-# If TAG is the built-in tag, create an initial libtool script with a
-# default configuration from the untagged config vars. Otherwise add code
-# to config.status for appending the configuration named by TAG from the
-# matching tagged config vars.
-m4_defun([_LT_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_CONFIG_SAVE_COMMANDS([
- m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl
- m4_if(_LT_TAG, [C], [
- # See if we are running on zsh, and set the options that allow our
- # commands through without removal of \ escapes.
- if test -n "${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
- fi
-
- cfgfile=${ofile}T
- trap "$RM \"$cfgfile\"; exit 1" 1 2 15
- $RM "$cfgfile"
-
- cat <<_LT_EOF >> "$cfgfile"
-#! $SHELL
-# Generated automatically by $as_me ($PACKAGE) $VERSION
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-
-# Provide generalized library-building support services.
-# Written by Gordon Matzigkeit, 1996
-
-_LT_COPYING
-_LT_LIBTOOL_TAGS
-
-# Configured defaults for sys_lib_dlsearch_path munging.
-: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
-
-# ### BEGIN LIBTOOL CONFIG
-_LT_LIBTOOL_CONFIG_VARS
-_LT_LIBTOOL_TAG_VARS
-# ### END LIBTOOL CONFIG
-
-_LT_EOF
-
- cat <<'_LT_EOF' >> "$cfgfile"
-
-# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_PREPARE_MUNGE_PATH_LIST
-_LT_PREPARE_CC_BASENAME
-
-# ### END FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_EOF
-
- case $host_os in
- aix3*)
- cat <<\_LT_EOF >> "$cfgfile"
-# AIX sometimes has problems with the GCC collect2 program. For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test set != "${COLLECT_NAMES+set}"; then
- COLLECT_NAMES=
- export COLLECT_NAMES
-fi
-_LT_EOF
- ;;
- esac
-
- _LT_PROG_LTMAIN
-
- # We use sed instead of cat because bash on DJGPP gets confused if
- # if finds mixed CR/LF and LF-only lines. Since sed operates in
- # text mode, it properly converts lines to CR/LF. This bash problem
- # is reportedly fixed, but why not run on old versions too?
- sed '$q' "$ltmain" >> "$cfgfile" \
- || (rm -f "$cfgfile"; exit 1)
-
- mv -f "$cfgfile" "$ofile" ||
- (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
- chmod +x "$ofile"
-],
-[cat <<_LT_EOF >> "$ofile"
-
-dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded
-dnl in a comment (ie after a #).
-# ### BEGIN LIBTOOL TAG CONFIG: $1
-_LT_LIBTOOL_TAG_VARS(_LT_TAG)
-# ### END LIBTOOL TAG CONFIG: $1
-_LT_EOF
-])dnl /m4_if
-],
-[m4_if([$1], [], [
- PACKAGE='$PACKAGE'
- VERSION='$VERSION'
- RM='$RM'
- ofile='$ofile'], [])
-])dnl /_LT_CONFIG_SAVE_COMMANDS
-])# _LT_CONFIG
-
-
-# LT_SUPPORTED_TAG(TAG)
-# ---------------------
-# Trace this macro to discover what tags are supported by the libtool
-# --tag option, using:
-# autoconf --trace 'LT_SUPPORTED_TAG:$1'
-AC_DEFUN([LT_SUPPORTED_TAG], [])
-
-
-# C support is built-in for now
-m4_define([_LT_LANG_C_enabled], [])
-m4_define([_LT_TAGS], [])
-
-
-# LT_LANG(LANG)
-# -------------
-# Enable libtool support for the given language if not already enabled.
-AC_DEFUN([LT_LANG],
-[AC_BEFORE([$0], [LT_OUTPUT])dnl
-m4_case([$1],
- [C], [_LT_LANG(C)],
- [C++], [_LT_LANG(CXX)],
- [Go], [_LT_LANG(GO)],
- [Java], [_LT_LANG(GCJ)],
- [Fortran 77], [_LT_LANG(F77)],
- [Fortran], [_LT_LANG(FC)],
- [Windows Resource], [_LT_LANG(RC)],
- [m4_ifdef([_LT_LANG_]$1[_CONFIG],
- [_LT_LANG($1)],
- [m4_fatal([$0: unsupported language: "$1"])])])dnl
-])# LT_LANG
-
-
-# _LT_LANG(LANGNAME)
-# ------------------
-m4_defun([_LT_LANG],
-[m4_ifdef([_LT_LANG_]$1[_enabled], [],
- [LT_SUPPORTED_TAG([$1])dnl
- m4_append([_LT_TAGS], [$1 ])dnl
- m4_define([_LT_LANG_]$1[_enabled], [])dnl
- _LT_LANG_$1_CONFIG($1)])dnl
-])# _LT_LANG
-
-
-m4_ifndef([AC_PROG_GO], [
-# NOTE: This macro has been submitted for inclusion into #
-# GNU Autoconf as AC_PROG_GO. When it is available in #
-# a released version of Autoconf we should remove this #
-# macro and use it instead. #
-m4_defun([AC_PROG_GO],
-[AC_LANG_PUSH(Go)dnl
-AC_ARG_VAR([GOC], [Go compiler command])dnl
-AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl
-_AC_ARG_VAR_LDFLAGS()dnl
-AC_CHECK_TOOL(GOC, gccgo)
-if test -z "$GOC"; then
- if test -n "$ac_tool_prefix"; then
- AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo])
- fi
-fi
-if test -z "$GOC"; then
- AC_CHECK_PROG(GOC, gccgo, gccgo, false)
-fi
-])#m4_defun
-])#m4_ifndef
-
-
-# _LT_LANG_DEFAULT_CONFIG
-# -----------------------
-m4_defun([_LT_LANG_DEFAULT_CONFIG],
-[AC_PROVIDE_IFELSE([AC_PROG_CXX],
- [LT_LANG(CXX)],
- [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_F77],
- [LT_LANG(F77)],
- [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_FC],
- [LT_LANG(FC)],
- [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])])
-
-dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal
-dnl pulling things in needlessly.
-AC_PROVIDE_IFELSE([AC_PROG_GCJ],
- [LT_LANG(GCJ)],
- [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
- [LT_LANG(GCJ)],
- [AC_PROVIDE_IFELSE([LT_PROG_GCJ],
- [LT_LANG(GCJ)],
- [m4_ifdef([AC_PROG_GCJ],
- [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])])
- m4_ifdef([A][M_PROG_GCJ],
- [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])])
- m4_ifdef([LT_PROG_GCJ],
- [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
-
-AC_PROVIDE_IFELSE([AC_PROG_GO],
- [LT_LANG(GO)],
- [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])])
-
-AC_PROVIDE_IFELSE([LT_PROG_RC],
- [LT_LANG(RC)],
- [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
-])# _LT_LANG_DEFAULT_CONFIG
-
-# Obsolete macros:
-AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)])
-AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)])
-AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)])
-AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)])
-AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_CXX], [])
-dnl AC_DEFUN([AC_LIBTOOL_F77], [])
-dnl AC_DEFUN([AC_LIBTOOL_FC], [])
-dnl AC_DEFUN([AC_LIBTOOL_GCJ], [])
-dnl AC_DEFUN([AC_LIBTOOL_RC], [])
-
-
-# _LT_TAG_COMPILER
-# ----------------
-m4_defun([_LT_TAG_COMPILER],
-[AC_REQUIRE([AC_PROG_CC])dnl
-
-_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl
-_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl
-_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl
-_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-])# _LT_TAG_COMPILER
-
-
-# _LT_COMPILER_BOILERPLATE
-# ------------------------
-# Check for compiler boilerplate output or warnings with
-# the simple compiler test code.
-m4_defun([_LT_COMPILER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$RM conftest*
-])# _LT_COMPILER_BOILERPLATE
-
-
-# _LT_LINKER_BOILERPLATE
-# ----------------------
-# Check for linker boilerplate output or warnings with
-# the simple link test code.
-m4_defun([_LT_LINKER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$RM -r conftest*
-])# _LT_LINKER_BOILERPLATE
-
-# _LT_REQUIRED_DARWIN_CHECKS
-# -------------------------
-m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
- case $host_os in
- rhapsody* | darwin*)
- AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:])
- AC_CHECK_TOOL([NMEDIT], [nmedit], [:])
- AC_CHECK_TOOL([LIPO], [lipo], [:])
- AC_CHECK_TOOL([OTOOL], [otool], [:])
- AC_CHECK_TOOL([OTOOL64], [otool64], [:])
- _LT_DECL([], [DSYMUTIL], [1],
- [Tool to manipulate archived DWARF debug symbol files on Mac OS X])
- _LT_DECL([], [NMEDIT], [1],
- [Tool to change global to local symbols on Mac OS X])
- _LT_DECL([], [LIPO], [1],
- [Tool to manipulate fat objects and archives on Mac OS X])
- _LT_DECL([], [OTOOL], [1],
- [ldd/readelf like tool for Mach-O binaries on Mac OS X])
- _LT_DECL([], [OTOOL64], [1],
- [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4])
-
- AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod],
- [lt_cv_apple_cc_single_mod=no
- if test -z "$LT_MULTI_MODULE"; then
- # By default we will add the -single_module flag. You can override
- # by either setting the environment variable LT_MULTI_MODULE
- # non-empty at configure time, or by adding -multi_module to the
- # link flags.
- rm -rf libconftest.dylib*
- echo "int foo(void){return 1;}" > conftest.c
- echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
--dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD
- $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
- -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
- _lt_result=$?
- # If there is a non-empty error log, and "single_module"
- # appears in it, assume the flag caused a linker warning
- if test -s conftest.err && $GREP single_module conftest.err; then
- cat conftest.err >&AS_MESSAGE_LOG_FD
- # Otherwise, if the output was created with a 0 exit code from
- # the compiler, it worked.
- elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
- lt_cv_apple_cc_single_mod=yes
- else
- cat conftest.err >&AS_MESSAGE_LOG_FD
- fi
- rm -rf libconftest.dylib*
- rm -f conftest.*
- fi])
-
- AC_CACHE_CHECK([for -exported_symbols_list linker flag],
- [lt_cv_ld_exported_symbols_list],
- [lt_cv_ld_exported_symbols_list=no
- save_LDFLAGS=$LDFLAGS
- echo "_main" > conftest.sym
- LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
- [lt_cv_ld_exported_symbols_list=yes],
- [lt_cv_ld_exported_symbols_list=no])
- LDFLAGS=$save_LDFLAGS
- ])
-
- AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load],
- [lt_cv_ld_force_load=no
- cat > conftest.c << _LT_EOF
-int forced_loaded() { return 2;}
-_LT_EOF
- echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
- $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
- echo "$AR cr libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
- $AR cr libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
- echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
- $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
- cat > conftest.c << _LT_EOF
-int main() { return 0;}
-_LT_EOF
- echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD
- $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
- _lt_result=$?
- if test -s conftest.err && $GREP force_load conftest.err; then
- cat conftest.err >&AS_MESSAGE_LOG_FD
- elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
- lt_cv_ld_force_load=yes
- else
- cat conftest.err >&AS_MESSAGE_LOG_FD
- fi
- rm -f conftest.err libconftest.a conftest conftest.c
- rm -rf conftest.dSYM
- ])
- case $host_os in
- rhapsody* | darwin1.[[012]])
- _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
- darwin1.*)
- _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- darwin*) # darwin 5.x on
- # if running on 10.5 or later, the deployment target defaults
- # to the OS version, if on x86, and 10.4, the deployment
- # target defaults to 10.4. Don't you love it?
- case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
- 10.0,*86*-darwin8*|10.0,*-darwin[[912]]*)
- _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
- 10.[[012]][[,.]]*)
- _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- 10.*|11.*)
- _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
- esac
- ;;
- esac
- if test yes = "$lt_cv_apple_cc_single_mod"; then
- _lt_dar_single_mod='$single_module'
- fi
- if test yes = "$lt_cv_ld_exported_symbols_list"; then
- _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
- else
- _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
- fi
- if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
- _lt_dsymutil='~$DSYMUTIL $lib || :'
- else
- _lt_dsymutil=
- fi
- ;;
- esac
-])
-
-
-# _LT_DARWIN_LINKER_FEATURES([TAG])
-# ---------------------------------
-# Checks for linker and compiler features on darwin
-m4_defun([_LT_DARWIN_LINKER_FEATURES],
-[
- m4_require([_LT_REQUIRED_DARWIN_CHECKS])
- _LT_TAGVAR(archive_cmds_need_lc, $1)=no
- _LT_TAGVAR(hardcode_direct, $1)=no
- _LT_TAGVAR(hardcode_automatic, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
- if test yes = "$lt_cv_ld_force_load"; then
- _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
- m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes],
- [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes])
- else
- _LT_TAGVAR(whole_archive_flag_spec, $1)=''
- fi
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- _LT_TAGVAR(allow_undefined_flag, $1)=$_lt_dar_allow_undefined
- case $cc_basename in
- ifort*|nagfor*) _lt_dar_can_shared=yes ;;
- *) _lt_dar_can_shared=$GCC ;;
- esac
- if test yes = "$_lt_dar_can_shared"; then
- output_verbose_link_cmd=func_echo_all
- _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
- _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
- _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
- _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
- m4_if([$1], [CXX],
-[ if test yes != "$lt_cv_apple_cc_single_mod"; then
- _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil"
- _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
- fi
-],[])
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
-])
-
-# _LT_SYS_MODULE_PATH_AIX([TAGNAME])
-# ----------------------------------
-# Links a minimal program and checks the executable
-# for the system default hardcoded library path. In most cases,
-# this is /usr/lib:/lib, but when the MPI compilers are used
-# the location of the communication and MPI libs are included too.
-# If we don't find anything, use the default library path according
-# to the aix ld manual.
-# Store the results from the different compilers for each TAGNAME.
-# Allow to override them for all tags through lt_cv_aix_libpath.
-m4_defun([_LT_SYS_MODULE_PATH_AIX],
-[m4_require([_LT_DECL_SED])dnl
-if test set = "${lt_cv_aix_libpath+set}"; then
- aix_libpath=$lt_cv_aix_libpath
-else
- AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])],
- [AC_LINK_IFELSE([AC_LANG_PROGRAM],[
- lt_aix_libpath_sed='[
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\([^ ]*\) *$/\1/
- p
- }
- }]'
- _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- # Check for a 64-bit object if we didn't find anything.
- if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
- _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- fi],[])
- if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
- _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=/usr/lib:/lib
- fi
- ])
- aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])
-fi
-])# _LT_SYS_MODULE_PATH_AIX
-
-
-# _LT_SHELL_INIT(ARG)
-# -------------------
-m4_define([_LT_SHELL_INIT],
-[m4_divert_text([M4SH-INIT], [$1
-])])# _LT_SHELL_INIT
-
-
-
-# _LT_PROG_ECHO_BACKSLASH
-# -----------------------
-# Find how we can fake an echo command that does not interpret backslash.
-# In particular, with Autoconf 2.60 or later we add some code to the start
-# of the generated configure script that will find a shell with a builtin
-# printf (that we can use as an echo command).
-m4_defun([_LT_PROG_ECHO_BACKSLASH],
-[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-
-AC_MSG_CHECKING([how to print strings])
-# Test print first, because it will be a builtin if present.
-if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
- test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
- ECHO='print -r --'
-elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
- ECHO='printf %s\n'
-else
- # Use this function as a fallback that always works.
- func_fallback_echo ()
- {
- eval 'cat <<_LTECHO_EOF
-$[]1
-_LTECHO_EOF'
- }
- ECHO='func_fallback_echo'
-fi
-
-# func_echo_all arg...
-# Invoke $ECHO with all args, space-separated.
-func_echo_all ()
-{
- $ECHO "$*"
-}
-
-case $ECHO in
- printf*) AC_MSG_RESULT([printf]) ;;
- print*) AC_MSG_RESULT([print -r]) ;;
- *) AC_MSG_RESULT([cat]) ;;
-esac
-
-m4_ifdef([_AS_DETECT_SUGGESTED],
-[_AS_DETECT_SUGGESTED([
- test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || (
- ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
- ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
- ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
- PATH=/empty FPATH=/empty; export PATH FPATH
- test "X`printf %s $ECHO`" = "X$ECHO" \
- || test "X`print -r -- $ECHO`" = "X$ECHO" )])])
-
-_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts])
-_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes])
-])# _LT_PROG_ECHO_BACKSLASH
-
-
-# _LT_WITH_SYSROOT
-# ----------------
-AC_DEFUN([_LT_WITH_SYSROOT],
-[AC_MSG_CHECKING([for sysroot])
-AC_ARG_WITH([sysroot],
-[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@],
- [Search for dependent libraries within DIR (or the compiler's sysroot
- if not specified).])],
-[], [with_sysroot=no])
-
-dnl lt_sysroot will always be passed unquoted. We quote it here
-dnl in case the user passed a directory name.
-lt_sysroot=
-case $with_sysroot in #(
- yes)
- if test yes = "$GCC"; then
- lt_sysroot=`$CC --print-sysroot 2>/dev/null`
- fi
- ;; #(
- /*)
- lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
- ;; #(
- no|'')
- ;; #(
- *)
- AC_MSG_RESULT([$with_sysroot])
- AC_MSG_ERROR([The sysroot must be an absolute path.])
- ;;
-esac
-
- AC_MSG_RESULT([${lt_sysroot:-no}])
-_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl
-[dependent libraries, and where our libraries should be installed.])])
-
-# _LT_ENABLE_LOCK
-# ---------------
-m4_defun([_LT_ENABLE_LOCK],
-[AC_ARG_ENABLE([libtool-lock],
- [AS_HELP_STRING([--disable-libtool-lock],
- [avoid locking (might break parallel builds)])])
-test no = "$enable_libtool_lock" || enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-ia64-*-hpux*)
- # Find out what ABI is being produced by ac_compile, and set mode
- # options accordingly.
- echo 'int i;' > conftest.$ac_ext
- if AC_TRY_EVAL(ac_compile); then
- case `/usr/bin/file conftest.$ac_objext` in
- *ELF-32*)
- HPUX_IA64_MODE=32
- ;;
- *ELF-64*)
- HPUX_IA64_MODE=64
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-*-*-irix6*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
- if AC_TRY_EVAL(ac_compile); then
- if test yes = "$lt_cv_prog_gnu_ld"; then
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- LD="${LD-ld} -melf32bsmip"
- ;;
- *N32*)
- LD="${LD-ld} -melf32bmipn32"
- ;;
- *64-bit*)
- LD="${LD-ld} -melf64bmip"
- ;;
- esac
- else
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- LD="${LD-ld} -32"
- ;;
- *N32*)
- LD="${LD-ld} -n32"
- ;;
- *64-bit*)
- LD="${LD-ld} -64"
- ;;
- esac
- fi
- fi
- rm -rf conftest*
- ;;
-
-mips64*-*linux*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
- if AC_TRY_EVAL(ac_compile); then
- emul=elf
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- emul="${emul}32"
- ;;
- *64-bit*)
- emul="${emul}64"
- ;;
- esac
- case `/usr/bin/file conftest.$ac_objext` in
- *MSB*)
- emul="${emul}btsmip"
- ;;
- *LSB*)
- emul="${emul}ltsmip"
- ;;
- esac
- case `/usr/bin/file conftest.$ac_objext` in
- *N32*)
- emul="${emul}n32"
- ;;
- esac
- LD="${LD-ld} -m $emul"
- fi
- rm -rf conftest*
- ;;
-
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
-s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly. Note that the listed cases only cover the
- # situations where additional linker options are needed (such as when
- # doing 32-bit compilation for a host where ld defaults to 64-bit, or
- # vice versa); the common cases where no linker options are needed do
- # not appear in the list.
- echo 'int i;' > conftest.$ac_ext
- if AC_TRY_EVAL(ac_compile); then
- case `/usr/bin/file conftest.o` in
- *32-bit*)
- case $host in
- x86_64-*kfreebsd*-gnu)
- LD="${LD-ld} -m elf_i386_fbsd"
- ;;
- x86_64-*linux*)
- case `/usr/bin/file conftest.o` in
- *x86-64*)
- LD="${LD-ld} -m elf32_x86_64"
- ;;
- *)
- LD="${LD-ld} -m elf_i386"
- ;;
- esac
- ;;
- powerpc64le-*linux*)
- LD="${LD-ld} -m elf32lppclinux"
- ;;
- powerpc64-*linux*)
- LD="${LD-ld} -m elf32ppclinux"
- ;;
- s390x-*linux*)
- LD="${LD-ld} -m elf_s390"
- ;;
- sparc64-*linux*)
- LD="${LD-ld} -m elf32_sparc"
- ;;
- esac
- ;;
- *64-bit*)
- case $host in
- x86_64-*kfreebsd*-gnu)
- LD="${LD-ld} -m elf_x86_64_fbsd"
- ;;
- x86_64-*linux*)
- LD="${LD-ld} -m elf_x86_64"
- ;;
- powerpcle-*linux*)
- LD="${LD-ld} -m elf64lppc"
- ;;
- powerpc-*linux*)
- LD="${LD-ld} -m elf64ppc"
- ;;
- s390*-*linux*|s390*-*tpf*)
- LD="${LD-ld} -m elf64_s390"
- ;;
- sparc*-*linux*)
- LD="${LD-ld} -m elf64_sparc"
- ;;
- esac
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-
-*-*-sco3.2v5*)
- # On SCO OpenServer 5, we need -belf to get full-featured binaries.
- SAVE_CFLAGS=$CFLAGS
- CFLAGS="$CFLAGS -belf"
- AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
- [AC_LANG_PUSH(C)
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
- AC_LANG_POP])
- if test yes != "$lt_cv_cc_needs_belf"; then
- # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
- CFLAGS=$SAVE_CFLAGS
- fi
- ;;
-*-*solaris*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo 'int i;' > conftest.$ac_ext
- if AC_TRY_EVAL(ac_compile); then
- case `/usr/bin/file conftest.o` in
- *64-bit*)
- case $lt_cv_prog_gnu_ld in
- yes*)
- case $host in
- i?86-*-solaris*|x86_64-*-solaris*)
- LD="${LD-ld} -m elf_x86_64"
- ;;
- sparc*-*-solaris*)
- LD="${LD-ld} -m elf64_sparc"
- ;;
- esac
- # GNU ld 2.21 introduced _sol2 emulations. Use them if available.
- if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
- LD=${LD-ld}_sol2
- fi
- ;;
- *)
- if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
- LD="${LD-ld} -64"
- fi
- ;;
- esac
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-esac
-
-need_locks=$enable_libtool_lock
-])# _LT_ENABLE_LOCK
-
-
-# _LT_PROG_AR
-# -----------
-m4_defun([_LT_PROG_AR],
-[AC_CHECK_TOOLS(AR, [ar], false)
-: ${AR=ar}
-: ${AR_FLAGS=cr}
-_LT_DECL([], [AR], [1], [The archiver])
-_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
-
-AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
- [lt_cv_ar_at_file=no
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM],
- [echo conftest.$ac_objext > conftest.lst
- lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD'
- AC_TRY_EVAL([lt_ar_try])
- if test 0 -eq "$ac_status"; then
- # Ensure the archiver fails upon bogus file names.
- rm -f conftest.$ac_objext libconftest.a
- AC_TRY_EVAL([lt_ar_try])
- if test 0 -ne "$ac_status"; then
- lt_cv_ar_at_file=@
- fi
- fi
- rm -f conftest.* libconftest.a
- ])
- ])
-
-if test no = "$lt_cv_ar_at_file"; then
- archiver_list_spec=
-else
- archiver_list_spec=$lt_cv_ar_at_file
-fi
-_LT_DECL([], [archiver_list_spec], [1],
- [How to feed a file listing to the archiver])
-])# _LT_PROG_AR
-
-
-# _LT_CMD_OLD_ARCHIVE
-# -------------------
-m4_defun([_LT_CMD_OLD_ARCHIVE],
-[_LT_PROG_AR
-
-AC_CHECK_TOOL(STRIP, strip, :)
-test -z "$STRIP" && STRIP=:
-_LT_DECL([], [STRIP], [1], [A symbol stripping program])
-
-AC_CHECK_TOOL(RANLIB, ranlib, :)
-test -z "$RANLIB" && RANLIB=:
-_LT_DECL([], [RANLIB], [1],
- [Commands used to install an old-style archive])
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
- case $host_os in
- bitrig* | openbsd*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
- ;;
- *)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
- ;;
- esac
- old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
-fi
-
-case $host_os in
- darwin*)
- lock_old_archive_extraction=yes ;;
- *)
- lock_old_archive_extraction=no ;;
-esac
-_LT_DECL([], [old_postinstall_cmds], [2])
-_LT_DECL([], [old_postuninstall_cmds], [2])
-_LT_TAGDECL([], [old_archive_cmds], [2],
- [Commands used to build an old-style archive])
-_LT_DECL([], [lock_old_archive_extraction], [0],
- [Whether to use a lock for old archive extraction])
-])# _LT_CMD_OLD_ARCHIVE
-
-
-# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------------------
-# Check whether the given compiler option works
-AC_DEFUN([_LT_COMPILER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
- [$2=no
- m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="$3" ## exclude from sc_useless_quotes_in_assignment
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- # The option is referenced via a variable to avoid confusing sed.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
- (eval "$lt_compile" 2>conftest.err)
- ac_status=$?
- cat conftest.err >&AS_MESSAGE_LOG_FD
- echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
- if (exit $ac_status) && test -s "$ac_outfile"; then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings other than the usual output.
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
- $2=yes
- fi
- fi
- $RM conftest*
-])
-
-if test yes = "[$]$2"; then
- m4_if([$5], , :, [$5])
-else
- m4_if([$6], , :, [$6])
-fi
-])# _LT_COMPILER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [])
-
-
-# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-# [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------
-# Check whether the given linker option works
-AC_DEFUN([_LT_LINKER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
- [$2=no
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS $3"
- echo "$lt_simple_link_test_code" > conftest.$ac_ext
- if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
- # The linker can only warn and ignore the option if not recognized
- # So say no if there are warnings
- if test -s conftest.err; then
- # Append any errors to the config.log.
- cat conftest.err 1>&AS_MESSAGE_LOG_FD
- $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if diff conftest.exp conftest.er2 >/dev/null; then
- $2=yes
- fi
- else
- $2=yes
- fi
- fi
- $RM -r conftest*
- LDFLAGS=$save_LDFLAGS
-])
-
-if test yes = "[$]$2"; then
- m4_if([$4], , :, [$4])
-else
- m4_if([$5], , :, [$5])
-fi
-])# _LT_LINKER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [])
-
-
-# LT_CMD_MAX_LEN
-#---------------
-AC_DEFUN([LT_CMD_MAX_LEN],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-# find the maximum length of command line arguments
-AC_MSG_CHECKING([the maximum length of command line arguments])
-AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
- i=0
- teststring=ABCD
-
- case $build_os in
- msdosdjgpp*)
- # On DJGPP, this test can blow up pretty badly due to problems in libc
- # (any single argument exceeding 2000 bytes causes a buffer overrun
- # during glob expansion). Even if it were fixed, the result of this
- # check would be larger than it should be.
- lt_cv_sys_max_cmd_len=12288; # 12K is about right
- ;;
-
- gnu*)
- # Under GNU Hurd, this test is not required because there is
- # no limit to the length of command line arguments.
- # Libtool will interpret -1 as no limit whatsoever
- lt_cv_sys_max_cmd_len=-1;
- ;;
-
- cygwin* | mingw* | cegcc*)
- # On Win9x/ME, this test blows up -- it succeeds, but takes
- # about 5 minutes as the teststring grows exponentially.
- # Worse, since 9x/ME are not pre-emptively multitasking,
- # you end up with a "frozen" computer, even though with patience
- # the test eventually succeeds (with a max line length of 256k).
- # Instead, let's just punt: use the minimum linelength reported by
- # all of the supported platforms: 8192 (on NT/2K/XP).
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- mint*)
- # On MiNT this can take a long time and run out of memory.
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- amigaos*)
- # On AmigaOS with pdksh, this test takes hours, literally.
- # So we just punt and use a minimum line length of 8192.
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
- # This has been around since 386BSD, at least. Likely further.
- if test -x /sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
- elif test -x /usr/sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
- else
- lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
- fi
- # And add a safety zone
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- ;;
-
- interix*)
- # We know the value 262144 and hardcode it with a safety zone (like BSD)
- lt_cv_sys_max_cmd_len=196608
- ;;
-
- os2*)
- # The test takes a long time on OS/2.
- lt_cv_sys_max_cmd_len=8192
- ;;
-
- osf*)
- # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
- # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
- # nice to cause kernel panics so lets avoid the loop below.
- # First set a reasonable default.
- lt_cv_sys_max_cmd_len=16384
- #
- if test -x /sbin/sysconfig; then
- case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
- *1*) lt_cv_sys_max_cmd_len=-1 ;;
- esac
- fi
- ;;
- sco3.2v5*)
- lt_cv_sys_max_cmd_len=102400
- ;;
- sysv5* | sco5v6* | sysv4.2uw2*)
- kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
- if test -n "$kargmax"; then
- lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'`
- else
- lt_cv_sys_max_cmd_len=32768
- fi
- ;;
- *)
- lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
- if test -n "$lt_cv_sys_max_cmd_len" && \
- test undefined != "$lt_cv_sys_max_cmd_len"; then
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- else
- # Make teststring a little bigger before we do anything with it.
- # a 1K string should be a reasonable start.
- for i in 1 2 3 4 5 6 7 8; do
- teststring=$teststring$teststring
- done
- SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
- # If test is not a shell built-in, we'll probably end up computing a
- # maximum length that is only half of the actual maximum length, but
- # we can't tell.
- while { test X`env echo "$teststring$teststring" 2>/dev/null` \
- = "X$teststring$teststring"; } >/dev/null 2>&1 &&
- test 17 != "$i" # 1/2 MB should be enough
- do
- i=`expr $i + 1`
- teststring=$teststring$teststring
- done
- # Only check the string length outside the loop.
- lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
- teststring=
- # Add a significant safety factor because C++ compilers can tack on
- # massive amounts of additional arguments before passing them to the
- # linker. It appears as though 1/2 is a usable value.
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
- fi
- ;;
- esac
-])
-if test -n "$lt_cv_sys_max_cmd_len"; then
- AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
-else
- AC_MSG_RESULT(none)
-fi
-max_cmd_len=$lt_cv_sys_max_cmd_len
-_LT_DECL([], [max_cmd_len], [0],
- [What is the maximum length of a command?])
-])# LT_CMD_MAX_LEN
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [])
-
-
-# _LT_HEADER_DLFCN
-# ----------------
-m4_defun([_LT_HEADER_DLFCN],
-[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl
-])# _LT_HEADER_DLFCN
-
-
-# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
-# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
-# ----------------------------------------------------------------
-m4_defun([_LT_TRY_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes = "$cross_compiling"; then :
- [$4]
-else
- lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
- lt_status=$lt_dlunknown
- cat > conftest.$ac_ext <<_LT_EOF
-[#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LT_DLGLOBAL RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-# define LT_DLGLOBAL DL_GLOBAL
-# else
-# define LT_DLGLOBAL 0
-# endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
- find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-# ifdef RTLD_LAZY
-# define LT_DLLAZY_OR_NOW RTLD_LAZY
-# else
-# ifdef DL_LAZY
-# define LT_DLLAZY_OR_NOW DL_LAZY
-# else
-# ifdef RTLD_NOW
-# define LT_DLLAZY_OR_NOW RTLD_NOW
-# else
-# ifdef DL_NOW
-# define LT_DLLAZY_OR_NOW DL_NOW
-# else
-# define LT_DLLAZY_OR_NOW 0
-# endif
-# endif
-# endif
-# endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
- correspondingly for the symbols needed. */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
- void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
- int status = $lt_dlunknown;
-
- if (self)
- {
- if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
- else
- {
- if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
- else puts (dlerror ());
- }
- /* dlclose (self); */
- }
- else
- puts (dlerror ());
-
- return status;
-}]
-_LT_EOF
- if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then
- (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
- lt_status=$?
- case x$lt_status in
- x$lt_dlno_uscore) $1 ;;
- x$lt_dlneed_uscore) $2 ;;
- x$lt_dlunknown|x*) $3 ;;
- esac
- else :
- # compilation failed
- $3
- fi
-fi
-rm -fr conftest*
-])# _LT_TRY_DLOPEN_SELF
-
-
-# LT_SYS_DLOPEN_SELF
-# ------------------
-AC_DEFUN([LT_SYS_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes != "$enable_dlopen"; then
- enable_dlopen=unknown
- enable_dlopen_self=unknown
- enable_dlopen_self_static=unknown
-else
- lt_cv_dlopen=no
- lt_cv_dlopen_libs=
-
- case $host_os in
- beos*)
- lt_cv_dlopen=load_add_on
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
- ;;
-
- mingw* | pw32* | cegcc*)
- lt_cv_dlopen=LoadLibrary
- lt_cv_dlopen_libs=
- ;;
-
- cygwin*)
- lt_cv_dlopen=dlopen
- lt_cv_dlopen_libs=
- ;;
-
- darwin*)
- # if libdl is installed we need to link against it
- AC_CHECK_LIB([dl], [dlopen],
- [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[
- lt_cv_dlopen=dyld
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
- ])
- ;;
-
- tpf*)
- # Don't try to run any link tests for TPF. We know it's impossible
- # because TPF is a cross-compiler, and we know how we open DSOs.
- lt_cv_dlopen=dlopen
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=no
- ;;
-
- *)
- AC_CHECK_FUNC([shl_load],
- [lt_cv_dlopen=shl_load],
- [AC_CHECK_LIB([dld], [shl_load],
- [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld],
- [AC_CHECK_FUNC([dlopen],
- [lt_cv_dlopen=dlopen],
- [AC_CHECK_LIB([dl], [dlopen],
- [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],
- [AC_CHECK_LIB([svld], [dlopen],
- [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld],
- [AC_CHECK_LIB([dld], [dld_link],
- [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld])
- ])
- ])
- ])
- ])
- ])
- ;;
- esac
-
- if test no = "$lt_cv_dlopen"; then
- enable_dlopen=no
- else
- enable_dlopen=yes
- fi
-
- case $lt_cv_dlopen in
- dlopen)
- save_CPPFLAGS=$CPPFLAGS
- test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
- save_LDFLAGS=$LDFLAGS
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
- save_LIBS=$LIBS
- LIBS="$lt_cv_dlopen_libs $LIBS"
-
- AC_CACHE_CHECK([whether a program can dlopen itself],
- lt_cv_dlopen_self, [dnl
- _LT_TRY_DLOPEN_SELF(
- lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
- lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
- ])
-
- if test yes = "$lt_cv_dlopen_self"; then
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
- AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
- lt_cv_dlopen_self_static, [dnl
- _LT_TRY_DLOPEN_SELF(
- lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
- lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross)
- ])
- fi
-
- CPPFLAGS=$save_CPPFLAGS
- LDFLAGS=$save_LDFLAGS
- LIBS=$save_LIBS
- ;;
- esac
-
- case $lt_cv_dlopen_self in
- yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
- *) enable_dlopen_self=unknown ;;
- esac
-
- case $lt_cv_dlopen_self_static in
- yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
- *) enable_dlopen_self_static=unknown ;;
- esac
-fi
-_LT_DECL([dlopen_support], [enable_dlopen], [0],
- [Whether dlopen is supported])
-_LT_DECL([dlopen_self], [enable_dlopen_self], [0],
- [Whether dlopen of programs is supported])
-_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0],
- [Whether dlopen of statically linked programs is supported])
-])# LT_SYS_DLOPEN_SELF
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [])
-
-
-# _LT_COMPILER_C_O([TAGNAME])
-# ---------------------------
-# Check to see if options -c and -o are simultaneously supported by compiler.
-# This macro does not hard code the compiler like AC_PROG_CC_C_O.
-m4_defun([_LT_COMPILER_C_O],
-[m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
- [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
- [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
- $RM -r conftest 2>/dev/null
- mkdir conftest
- cd conftest
- mkdir out
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- lt_compiler_flag="-o out/conftest2.$ac_objext"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
- (eval "$lt_compile" 2>out/conftest.err)
- ac_status=$?
- cat out/conftest.err >&AS_MESSAGE_LOG_FD
- echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
- if (exit $ac_status) && test -s out/conftest2.$ac_objext
- then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
- $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
- if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
- _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
- fi
- fi
- chmod u+w . 2>&AS_MESSAGE_LOG_FD
- $RM conftest*
- # SGI C++ compiler will create directory out/ii_files/ for
- # template instantiation
- test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
- $RM out/* && rmdir out
- cd ..
- $RM -r conftest
- $RM conftest*
-])
-_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1],
- [Does compiler simultaneously support -c and -o options?])
-])# _LT_COMPILER_C_O
-
-
-# _LT_COMPILER_FILE_LOCKS([TAGNAME])
-# ----------------------------------
-# Check to see if we can do hard links to lock some files if needed
-m4_defun([_LT_COMPILER_FILE_LOCKS],
-[m4_require([_LT_ENABLE_LOCK])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_COMPILER_C_O([$1])
-
-hard_links=nottested
-if test no = "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" && test no != "$need_locks"; then
- # do not overwrite the value of need_locks provided by the user
- AC_MSG_CHECKING([if we can lock with hard links])
- hard_links=yes
- $RM conftest*
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- touch conftest.a
- ln conftest.a conftest.b 2>&5 || hard_links=no
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- AC_MSG_RESULT([$hard_links])
- if test no = "$hard_links"; then
- AC_MSG_WARN(['$CC' does not support '-c -o', so 'make -j' may be unsafe])
- need_locks=warn
- fi
-else
- need_locks=no
-fi
-_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?])
-])# _LT_COMPILER_FILE_LOCKS
-
-
-# _LT_CHECK_OBJDIR
-# ----------------
-m4_defun([_LT_CHECK_OBJDIR],
-[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
-[rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
- lt_cv_objdir=.libs
-else
- # MS-DOS does not allow filenames that begin with a dot.
- lt_cv_objdir=_libs
-fi
-rmdir .libs 2>/dev/null])
-objdir=$lt_cv_objdir
-_LT_DECL([], [objdir], [0],
- [The name of the directory that contains temporary libtool files])dnl
-m4_pattern_allow([LT_OBJDIR])dnl
-AC_DEFINE_UNQUOTED([LT_OBJDIR], "$lt_cv_objdir/",
- [Define to the sub-directory where libtool stores uninstalled libraries.])
-])# _LT_CHECK_OBJDIR
-
-
-# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME])
-# --------------------------------------
-# Check hardcoding attributes.
-m4_defun([_LT_LINKER_HARDCODE_LIBPATH],
-[AC_MSG_CHECKING([how to hardcode library paths into programs])
-_LT_TAGVAR(hardcode_action, $1)=
-if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" ||
- test -n "$_LT_TAGVAR(runpath_var, $1)" ||
- test yes = "$_LT_TAGVAR(hardcode_automatic, $1)"; then
-
- # We can hardcode non-existent directories.
- if test no != "$_LT_TAGVAR(hardcode_direct, $1)" &&
- # If the only mechanism to avoid hardcoding is shlibpath_var, we
- # have to relink, otherwise we might link with an installed library
- # when we should be linking with a yet-to-be-installed one
- ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" &&
- test no != "$_LT_TAGVAR(hardcode_minus_L, $1)"; then
- # Linking always hardcodes the temporary library directory.
- _LT_TAGVAR(hardcode_action, $1)=relink
- else
- # We can link without hardcoding, and we can hardcode nonexisting dirs.
- _LT_TAGVAR(hardcode_action, $1)=immediate
- fi
-else
- # We cannot hardcode anything, or else we can only hardcode existing
- # directories.
- _LT_TAGVAR(hardcode_action, $1)=unsupported
-fi
-AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)])
-
-if test relink = "$_LT_TAGVAR(hardcode_action, $1)" ||
- test yes = "$_LT_TAGVAR(inherit_rpath, $1)"; then
- # Fast installation is not supported
- enable_fast_install=no
-elif test yes = "$shlibpath_overrides_runpath" ||
- test no = "$enable_shared"; then
- # Fast installation is not necessary
- enable_fast_install=needless
-fi
-_LT_TAGDECL([], [hardcode_action], [0],
- [How to hardcode a shared library path into an executable])
-])# _LT_LINKER_HARDCODE_LIBPATH
-
-
-# _LT_CMD_STRIPLIB
-# ----------------
-m4_defun([_LT_CMD_STRIPLIB],
-[m4_require([_LT_DECL_EGREP])
-striplib=
-old_striplib=
-AC_MSG_CHECKING([whether stripping libraries is possible])
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
- test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
- test -z "$striplib" && striplib="$STRIP --strip-unneeded"
- AC_MSG_RESULT([yes])
-else
-# FIXME - insert some real tests, host_os isn't really good enough
- case $host_os in
- darwin*)
- if test -n "$STRIP"; then
- striplib="$STRIP -x"
- old_striplib="$STRIP -S"
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- fi
- ;;
- *)
- AC_MSG_RESULT([no])
- ;;
- esac
-fi
-_LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
-_LT_DECL([], [striplib], [1])
-])# _LT_CMD_STRIPLIB
-
-
-# _LT_PREPARE_MUNGE_PATH_LIST
-# ---------------------------
-# Make sure func_munge_path_list() is defined correctly.
-m4_defun([_LT_PREPARE_MUNGE_PATH_LIST],
-[[# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-# string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-# string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-# string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-# "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-# VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
- case x@S|@2 in
- x)
- ;;
- *:)
- eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
- ;;
- x:*)
- eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
- ;;
- *::*)
- eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
- eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
- ;;
- *)
- eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
- ;;
- esac
-}
-]])# _LT_PREPARE_PATH_LIST
-
-
-# _LT_SYS_DYNAMIC_LINKER([TAG])
-# -----------------------------
-# PORTME Fill in your ld.so characteristics
-m4_defun([_LT_SYS_DYNAMIC_LINKER],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_OBJDUMP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PREPARE_MUNGE_PATH_LIST])dnl
-AC_MSG_CHECKING([dynamic linker characteristics])
-m4_if([$1],
- [], [
-if test yes = "$GCC"; then
- case $host_os in
- darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
- *) lt_awk_arg='/^libraries:/' ;;
- esac
- case $host_os in
- mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;;
- *) lt_sed_strip_eq='s|=/|/|g' ;;
- esac
- lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
- case $lt_search_path_spec in
- *\;*)
- # if the path contains ";" then we assume it to be the separator
- # otherwise default to the standard path separator (i.e. ":") - it is
- # assumed that no part of a normal pathname contains ";" but that should
- # okay in the real world where ";" in dirpaths is itself problematic.
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
- ;;
- *)
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
- ;;
- esac
- # Ok, now we have the path, separated by spaces, we can step through it
- # and add multilib dir if necessary...
- lt_tmp_lt_search_path_spec=
- lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
- # ...but if some path component already ends with the multilib dir we assume
- # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
- case "$lt_multi_os_dir; $lt_search_path_spec " in
- "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
- lt_multi_os_dir=
- ;;
- esac
- for lt_sys_path in $lt_search_path_spec; do
- if test -d "$lt_sys_path$lt_multi_os_dir"; then
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
- elif test -n "$lt_multi_os_dir"; then
- test -d "$lt_sys_path" && \
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
- fi
- done
- lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
-BEGIN {RS = " "; FS = "/|\n";} {
- lt_foo = "";
- lt_count = 0;
- for (lt_i = NF; lt_i > 0; lt_i--) {
- if ($lt_i != "" && $lt_i != ".") {
- if ($lt_i == "..") {
- lt_count++;
- } else {
- if (lt_count == 0) {
- lt_foo = "/" $lt_i lt_foo;
- } else {
- lt_count--;
- }
- }
- }
- }
- if (lt_foo != "") { lt_freq[[lt_foo]]++; }
- if (lt_freq[[lt_foo]] == 1) { print lt_foo; }
-}'`
- # AWK program above erroneously prepends '/' to C:/dos/paths
- # for these hosts.
- case $host_os in
- mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
- $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;;
- esac
- sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
-else
- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi])
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=.so
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-AC_ARG_VAR([LT_SYS_LIBRARY_PATH],
-[User-defined run-time library search path.])
-
-case $host_os in
-aix3*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
- shlibpath_var=LIBPATH
-
- # AIX 3 has no versioning support, so we append a major version to the name.
- soname_spec='$libname$release$shared_ext$major'
- ;;
-
-aix[[4-9]]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- hardcode_into_libs=yes
- if test ia64 = "$host_cpu"; then
- # AIX 5 supports IA64
- library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- else
- # With GCC up to 2.95.x, collect2 would create an import file
- # for dependence libraries. The import file would start with
- # the line '#! .'. This would cause the generated library to
- # depend on '.', always an invalid library. This was fixed in
- # development snapshots of GCC prior to 3.0.
- case $host_os in
- aix4 | aix4.[[01]] | aix4.[[01]].*)
- if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
- echo ' yes '
- echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
- :
- else
- can_build_shared=no
- fi
- ;;
- esac
- # Using Import Files as archive members, it is possible to support
- # filename-based versioning of shared library archives on AIX. While
- # this would work for both with and without runtime linking, it will
- # prevent static linking of such archives. So we do filename-based
- # shared library versioning with .so extension only, which is used
- # when both runtime linking and shared linking is enabled.
- # Unfortunately, runtime linking may impact performance, so we do
- # not want this to be the default eventually. Also, we use the
- # versioned .so libs for executables only if there is the -brtl
- # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
- # To allow for filename-based versioning support, we need to create
- # libNAME.so.V as an archive file, containing:
- # *) an Import File, referring to the versioned filename of the
- # archive as well as the shared archive member, telling the
- # bitwidth (32 or 64) of that shared object, and providing the
- # list of exported symbols of that shared object, eventually
- # decorated with the 'weak' keyword
- # *) the shared object with the F_LOADONLY flag set, to really avoid
- # it being seen by the linker.
- # At run time we better use the real file rather than another symlink,
- # but for link time we create the symlink libNAME.so -> libNAME.so.V
-
- case $with_aix_soname,$aix_use_runtimelinking in
- # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
- # soname into executable. Probably we can add versioning support to
- # collect2, so additional links can be useful in future.
- aix,yes) # traditional libtool
- dynamic_linker='AIX unversionable lib.so'
- # If using run time linking (on AIX 4.2 or later) use lib<name>.so
- # instead of lib<name>.a to let people know that these are not
- # typical AIX shared libraries.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- ;;
- aix,no) # traditional AIX only
- dynamic_linker='AIX lib.a[(]lib.so.V[)]'
- # We preserve .a as extension for shared libraries through AIX4.2
- # and later when we are not doing run time linking.
- library_names_spec='$libname$release.a $libname.a'
- soname_spec='$libname$release$shared_ext$major'
- ;;
- svr4,*) # full svr4 only
- dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)]"
- library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
- # We do not specify a path in Import Files, so LIBPATH fires.
- shlibpath_overrides_runpath=yes
- ;;
- *,yes) # both, prefer svr4
- dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)], lib.a[(]lib.so.V[)]"
- library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
- # unpreferred sharedlib libNAME.a needs extra handling
- postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
- postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
- # We do not specify a path in Import Files, so LIBPATH fires.
- shlibpath_overrides_runpath=yes
- ;;
- *,no) # both, prefer aix
- dynamic_linker="AIX lib.a[(]lib.so.V[)], lib.so.V[(]$shared_archive_member_spec.o[)]"
- library_names_spec='$libname$release.a $libname.a'
- soname_spec='$libname$release$shared_ext$major'
- # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
- postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
- postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
- ;;
- esac
- shlibpath_var=LIBPATH
- fi
- ;;
-
-amigaos*)
- case $host_cpu in
- powerpc)
- # Since July 2007 AmigaOS4 officially supports .so libraries.
- # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- ;;
- m68k)
- library_names_spec='$libname.ixlibrary $libname.a'
- # Create ${libname}_ixlibrary.a entries in /sys/libs.
- finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
- ;;
- esac
- ;;
-
-beos*)
- library_names_spec='$libname$shared_ext'
- dynamic_linker="$host_os ld.so"
- shlibpath_var=LIBRARY_PATH
- ;;
-
-bsdi[[45]]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
- sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
- # the default ld.so.conf also contains /usr/contrib/lib and
- # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
- # libtool to hard-code these into programs
- ;;
-
-cygwin* | mingw* | pw32* | cegcc*)
- version_type=windows
- shrext_cmds=.dll
- need_version=no
- need_lib_prefix=no
-
- case $GCC,$cc_basename in
- yes,*)
- # gcc
- library_names_spec='$libname.dll.a'
- # DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname~
- chmod a+x \$dldir/$dlname~
- if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
- eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
- fi'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- shlibpath_overrides_runpath=yes
-
- case $host_os in
- cygwin*)
- # Cygwin DLLs use 'cyg' prefix rather than 'lib'
- soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-m4_if([$1], [],[
- sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"])
- ;;
- mingw* | cegcc*)
- # MinGW DLLs use traditional 'lib' prefix
- soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
- ;;
- pw32*)
- # pw32 DLLs use 'pw' prefix rather than 'lib'
- library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
- ;;
- esac
- dynamic_linker='Win32 ld.exe'
- ;;
-
- *,cl*)
- # Native MSVC
- libname_spec='$name'
- soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
- library_names_spec='$libname.dll.lib'
-
- case $build_os in
- mingw*)
- sys_lib_search_path_spec=
- lt_save_ifs=$IFS
- IFS=';'
- for lt_path in $LIB
- do
- IFS=$lt_save_ifs
- # Let DOS variable expansion print the short 8.3 style file name.
- lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
- sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
- done
- IFS=$lt_save_ifs
- # Convert to MSYS style.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
- ;;
- cygwin*)
- # Convert to unix form, then to dos form, then back to unix form
- # but this time dos style (no spaces!) so that the unix form looks
- # like /cygdrive/c/PROGRA~1:/cygdr...
- sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
- sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
- sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- ;;
- *)
- sys_lib_search_path_spec=$LIB
- if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then
- # It is most probably a Windows format PATH.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
- else
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- fi
- # FIXME: find the short name or the path components, as spaces are
- # common. (e.g. "Program Files" -> "PROGRA~1")
- ;;
- esac
-
- # DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- shlibpath_overrides_runpath=yes
- dynamic_linker='Win32 link.exe'
- ;;
-
- *)
- # Assume MSVC wrapper
- library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib'
- dynamic_linker='Win32 ld.exe'
- ;;
- esac
- # FIXME: first we should search . and the directory the executable is in
- shlibpath_var=PATH
- ;;
-
-darwin* | rhapsody*)
- dynamic_linker="$host_os dyld"
- version_type=darwin
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
- soname_spec='$libname$release$major$shared_ext'
- shlibpath_overrides_runpath=yes
- shlibpath_var=DYLD_LIBRARY_PATH
- shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-m4_if([$1], [],[
- sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"])
- sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
- ;;
-
-dgux*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-freebsd* | dragonfly*)
- # DragonFly does not have aout. When/if they implement a new
- # versioning mechanism, adjust this.
- if test -x /usr/bin/objformat; then
- objformat=`/usr/bin/objformat`
- else
- case $host_os in
- freebsd[[23]].*) objformat=aout ;;
- *) objformat=elf ;;
- esac
- fi
- version_type=freebsd-$objformat
- case $version_type in
- freebsd-elf*)
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- need_version=no
- need_lib_prefix=no
- ;;
- freebsd-*)
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- need_version=yes
- ;;
- esac
- shlibpath_var=LD_LIBRARY_PATH
- case $host_os in
- freebsd2.*)
- shlibpath_overrides_runpath=yes
- ;;
- freebsd3.[[01]]* | freebsdelf3.[[01]]*)
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \
- freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1)
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
- *) # from 4.6 on, and DragonFly
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- esac
- ;;
-
-haiku*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- dynamic_linker="$host_os runtime_loader"
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LIBRARY_PATH
- shlibpath_overrides_runpath=no
- sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
- hardcode_into_libs=yes
- ;;
-
-hpux9* | hpux10* | hpux11*)
- # Give a soname corresponding to the major version so that dld.sl refuses to
- # link against other versions.
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- case $host_cpu in
- ia64*)
- shrext_cmds='.so'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.so"
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- if test 32 = "$HPUX_IA64_MODE"; then
- sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
- sys_lib_dlsearch_path_spec=/usr/lib/hpux32
- else
- sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
- sys_lib_dlsearch_path_spec=/usr/lib/hpux64
- fi
- ;;
- hppa*64*)
- shrext_cmds='.sl'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
- *)
- shrext_cmds='.sl'
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=SHLIB_PATH
- shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- ;;
- esac
- # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
- postinstall_cmds='chmod 555 $lib'
- # or fails outright, so override atomically:
- install_override_mode=555
- ;;
-
-interix[[3-9]]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-irix5* | irix6* | nonstopux*)
- case $host_os in
- nonstopux*) version_type=nonstopux ;;
- *)
- if test yes = "$lt_cv_prog_gnu_ld"; then
- version_type=linux # correct to gnu/linux during the next big refactor
- else
- version_type=irix
- fi ;;
- esac
- need_lib_prefix=no
- need_version=no
- soname_spec='$libname$release$shared_ext$major'
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
- case $host_os in
- irix5* | nonstopux*)
- libsuff= shlibsuff=
- ;;
- *)
- case $LD in # libtool.m4 will add one of these switches to LD
- *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
- libsuff= shlibsuff= libmagic=32-bit;;
- *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
- libsuff=32 shlibsuff=N32 libmagic=N32;;
- *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
- libsuff=64 shlibsuff=64 libmagic=64-bit;;
- *) libsuff= shlibsuff= libmagic=never-match;;
- esac
- ;;
- esac
- shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
- sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
- hardcode_into_libs=yes
- ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
- dynamic_linker=no
- ;;
-
-linux*android*)
- version_type=none # Android doesn't support versioned libraries.
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext'
- soname_spec='$libname$release$shared_ext'
- finish_cmds=
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
-
- # This implies no fast_install, which is unacceptable.
- # Some rework will be needed to allow for fast_install
- # before this can be enabled.
- hardcode_into_libs=yes
-
- dynamic_linker='Android linker'
- # Don't embed -rpath directories since the linker doesn't support them.
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
-
- # Some binutils ld are patched to set DT_RUNPATH
- AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath],
- [lt_cv_shlibpath_overrides_runpath=no
- save_LDFLAGS=$LDFLAGS
- save_libdir=$libdir
- eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \
- LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\""
- AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
- [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null],
- [lt_cv_shlibpath_overrides_runpath=yes])])
- LDFLAGS=$save_LDFLAGS
- libdir=$save_libdir
- ])
- shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
-
- # This implies no fast_install, which is unacceptable.
- # Some rework will be needed to allow for fast_install
- # before this can be enabled.
- hardcode_into_libs=yes
-
- # Ideally, we could use ldconfig to report *all* directores which are
- # searched for libraries, however this is still not possible. Aside from not
- # being certain /sbin/ldconfig is available, command
- # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
- # even though it is searched at run-time. Try to do the best guess by
- # appending ld.so.conf contents (and includes) to the search path.
- if test -f /etc/ld.so.conf; then
- lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
- fi
-
- # We used to test for /lib/ld.so.1 and disable shared libraries on
- # powerpc, because MkLinux only supported shared libraries with the
- # GNU dynamic linker. Since this was broken with cross compilers,
- # most powerpc-linux boxes support dynamic linking these days and
- # people can always --disable-shared, the test was removed, and we
- # assume the GNU/Linux dynamic linker is in use.
- dynamic_linker='GNU/Linux ld.so'
- ;;
-
-netbsdelf*-gnu)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- dynamic_linker='NetBSD ld.elf_so'
- ;;
-
-netbsd*)
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- dynamic_linker='NetBSD (a.out) ld.so'
- else
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- dynamic_linker='NetBSD ld.elf_so'
- fi
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
-
-newsos6)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- ;;
-
-*nto* | *qnx*)
- version_type=qnx
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- dynamic_linker='ldqnx.so'
- ;;
-
-openbsd* | bitrig*)
- version_type=sunos
- sys_lib_dlsearch_path_spec=/usr/lib
- need_lib_prefix=no
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- need_version=no
- else
- need_version=yes
- fi
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- ;;
-
-os2*)
- libname_spec='$name'
- version_type=windows
- shrext_cmds=.dll
- need_version=no
- need_lib_prefix=no
- # OS/2 can only load a DLL with a base name of 8 characters or less.
- soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
- v=$($ECHO $release$versuffix | tr -d .-);
- n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
- $ECHO $n$v`$shared_ext'
- library_names_spec='${libname}_dll.$libext'
- dynamic_linker='OS/2 ld.exe'
- shlibpath_var=BEGINLIBPATH
- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname~
- chmod a+x \$dldir/$dlname~
- if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
- eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
- fi'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- ;;
-
-osf3* | osf4* | osf5*)
- version_type=osf
- need_lib_prefix=no
- need_version=no
- soname_spec='$libname$release$shared_ext$major'
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
-
-rdos*)
- dynamic_linker=no
- ;;
-
-solaris*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- # ldd complains unless libraries are executable
- postinstall_cmds='chmod +x $lib'
- ;;
-
-sunos4*)
- version_type=sunos
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- if test yes = "$with_gnu_ld"; then
- need_lib_prefix=no
- fi
- need_version=yes
- ;;
-
-sysv4 | sysv4.3*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- case $host_vendor in
- sni)
- shlibpath_overrides_runpath=no
- need_lib_prefix=no
- runpath_var=LD_RUN_PATH
- ;;
- siemens)
- need_lib_prefix=no
- ;;
- motorola)
- need_lib_prefix=no
- need_version=no
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
- ;;
- esac
- ;;
-
-sysv4*MP*)
- if test -d /usr/nec; then
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
- soname_spec='$libname$shared_ext.$major'
- shlibpath_var=LD_LIBRARY_PATH
- fi
- ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- version_type=sco
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- if test yes = "$with_gnu_ld"; then
- sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
- else
- sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
- case $host_os in
- sco3.2v5*)
- sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
- ;;
- esac
- fi
- sys_lib_dlsearch_path_spec='/usr/lib'
- ;;
-
-tpf*)
- # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-uts4*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-*)
- dynamic_linker=no
- ;;
-esac
-AC_MSG_RESULT([$dynamic_linker])
-test no = "$dynamic_linker" && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test yes = "$GCC"; then
- variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
- sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
-fi
-
-if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
- sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
-fi
-
-# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
-configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
-
-# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
-func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
-
-# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
-configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
-
-_LT_DECL([], [variables_saved_for_relink], [1],
- [Variables whose values should be saved in libtool wrapper scripts and
- restored at link time])
-_LT_DECL([], [need_lib_prefix], [0],
- [Do we need the "lib" prefix for modules?])
-_LT_DECL([], [need_version], [0], [Do we need a version for libraries?])
-_LT_DECL([], [version_type], [0], [Library versioning type])
-_LT_DECL([], [runpath_var], [0], [Shared library runtime path variable])
-_LT_DECL([], [shlibpath_var], [0],[Shared library path variable])
-_LT_DECL([], [shlibpath_overrides_runpath], [0],
- [Is shlibpath searched before the hard-coded library search path?])
-_LT_DECL([], [libname_spec], [1], [Format of library name prefix])
-_LT_DECL([], [library_names_spec], [1],
- [[List of archive names. First name is the real one, the rest are links.
- The last name is the one that the linker finds with -lNAME]])
-_LT_DECL([], [soname_spec], [1],
- [[The coded name of the library, if different from the real name]])
-_LT_DECL([], [install_override_mode], [1],
- [Permission mode override for installation of shared libraries])
-_LT_DECL([], [postinstall_cmds], [2],
- [Command to use after installation of a shared archive])
-_LT_DECL([], [postuninstall_cmds], [2],
- [Command to use after uninstallation of a shared archive])
-_LT_DECL([], [finish_cmds], [2],
- [Commands used to finish a libtool library installation in a directory])
-_LT_DECL([], [finish_eval], [1],
- [[As "finish_cmds", except a single script fragment to be evaled but
- not shown]])
-_LT_DECL([], [hardcode_into_libs], [0],
- [Whether we should hardcode library paths into libraries])
-_LT_DECL([], [sys_lib_search_path_spec], [2],
- [Compile-time system search path for libraries])
-_LT_DECL([sys_lib_dlsearch_path_spec], [configure_time_dlsearch_path], [2],
- [Detected run-time system search path for libraries])
-_LT_DECL([], [configure_time_lt_sys_library_path], [2],
- [Explicit LT_SYS_LIBRARY_PATH set during ./configure time])
-])# _LT_SYS_DYNAMIC_LINKER
-
-
-# _LT_PATH_TOOL_PREFIX(TOOL)
-# --------------------------
-# find a file program that can recognize shared library
-AC_DEFUN([_LT_PATH_TOOL_PREFIX],
-[m4_require([_LT_DECL_EGREP])dnl
-AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
-[case $MAGIC_CMD in
-[[\\/*] | ?:[\\/]*])
- lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
- ;;
-*)
- lt_save_MAGIC_CMD=$MAGIC_CMD
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-dnl $ac_dummy forces splitting on constant user-supplied paths.
-dnl POSIX.2 word splitting is done only on the output of word expansions,
-dnl not every word. This closes a longstanding sh security hole.
- ac_dummy="m4_if([$2], , $PATH, [$2])"
- for ac_dir in $ac_dummy; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/$1"; then
- lt_cv_path_MAGIC_CMD=$ac_dir/"$1"
- if test -n "$file_magic_test_file"; then
- case $deplibs_check_method in
- "file_magic "*)
- file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD=$lt_cv_path_MAGIC_CMD
- if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
- $EGREP "$file_magic_regex" > /dev/null; then
- :
- else
- cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such. This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem. Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
- fi ;;
- esac
- fi
- break
- fi
- done
- IFS=$lt_save_ifs
- MAGIC_CMD=$lt_save_MAGIC_CMD
- ;;
-esac])
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
- AC_MSG_RESULT($MAGIC_CMD)
-else
- AC_MSG_RESULT(no)
-fi
-_LT_DECL([], [MAGIC_CMD], [0],
- [Used to examine libraries when file_magic_cmd begins with "file"])dnl
-])# _LT_PATH_TOOL_PREFIX
-
-# Old name:
-AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], [])
-
-
-# _LT_PATH_MAGIC
-# --------------
-# find a file program that can recognize a shared library
-m4_defun([_LT_PATH_MAGIC],
-[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
-if test -z "$lt_cv_path_MAGIC_CMD"; then
- if test -n "$ac_tool_prefix"; then
- _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
- else
- MAGIC_CMD=:
- fi
-fi
-])# _LT_PATH_MAGIC
-
-
-# LT_PATH_LD
-# ----------
-# find the pathname to the GNU or non-GNU linker
-AC_DEFUN([LT_PATH_LD],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PROG_ECHO_BACKSLASH])dnl
-
-AC_ARG_WITH([gnu-ld],
- [AS_HELP_STRING([--with-gnu-ld],
- [assume the C compiler uses GNU ld @<:@default=no@:>@])],
- [test no = "$withval" || with_gnu_ld=yes],
- [with_gnu_ld=no])dnl
-
-ac_prog=ld
-if test yes = "$GCC"; then
- # Check if gcc -print-prog-name=ld gives a path.
- AC_MSG_CHECKING([for ld used by $CC])
- case $host in
- *-*-mingw*)
- # gcc leaves a trailing carriage return, which upsets mingw
- ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
- *)
- ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
- esac
- case $ac_prog in
- # Accept absolute paths.
- [[\\/]]* | ?:[[\\/]]*)
- re_direlt='/[[^/]][[^/]]*/\.\./'
- # Canonicalize the pathname of ld
- ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
- while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
- ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
- done
- test -z "$LD" && LD=$ac_prog
- ;;
- "")
- # If it fails, then pretend we aren't using GCC.
- ac_prog=ld
- ;;
- *)
- # If it is relative, then search for the first ld in PATH.
- with_gnu_ld=unknown
- ;;
- esac
-elif test yes = "$with_gnu_ld"; then
- AC_MSG_CHECKING([for GNU ld])
-else
- AC_MSG_CHECKING([for non-GNU ld])
-fi
-AC_CACHE_VAL(lt_cv_path_LD,
-[if test -z "$LD"; then
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
- lt_cv_path_LD=$ac_dir/$ac_prog
- # Check to see if the program is GNU ld. I'd rather use --version,
- # but apparently some variants of GNU ld only accept -v.
- # Break only if it was the GNU/non-GNU ld that we prefer.
- case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
- *GNU* | *'with BFD'*)
- test no != "$with_gnu_ld" && break
- ;;
- *)
- test yes != "$with_gnu_ld" && break
- ;;
- esac
- fi
- done
- IFS=$lt_save_ifs
-else
- lt_cv_path_LD=$LD # Let the user override the test with a path.
-fi])
-LD=$lt_cv_path_LD
-if test -n "$LD"; then
- AC_MSG_RESULT($LD)
-else
- AC_MSG_RESULT(no)
-fi
-test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
-_LT_PATH_LD_GNU
-AC_SUBST([LD])
-
-_LT_TAGDECL([], [LD], [1], [The linker used to build libraries])
-])# LT_PATH_LD
-
-# Old names:
-AU_ALIAS([AM_PROG_LD], [LT_PATH_LD])
-AU_ALIAS([AC_PROG_LD], [LT_PATH_LD])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_LD], [])
-dnl AC_DEFUN([AC_PROG_LD], [])
-
-
-# _LT_PATH_LD_GNU
-#- --------------
-m4_defun([_LT_PATH_LD_GNU],
-[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
-[# I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
- lt_cv_prog_gnu_ld=yes
- ;;
-*)
- lt_cv_prog_gnu_ld=no
- ;;
-esac])
-with_gnu_ld=$lt_cv_prog_gnu_ld
-])# _LT_PATH_LD_GNU
-
-
-# _LT_CMD_RELOAD
-# --------------
-# find reload flag for linker
-# -- PORTME Some linkers may need a different reload flag.
-m4_defun([_LT_CMD_RELOAD],
-[AC_CACHE_CHECK([for $LD option to reload object files],
- lt_cv_ld_reload_flag,
- [lt_cv_ld_reload_flag='-r'])
-reload_flag=$lt_cv_ld_reload_flag
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-case $host_os in
- cygwin* | mingw* | pw32* | cegcc*)
- if test yes != "$GCC"; then
- reload_cmds=false
- fi
- ;;
- darwin*)
- if test yes = "$GCC"; then
- reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
- else
- reload_cmds='$LD$reload_flag -o $output$reload_objs'
- fi
- ;;
-esac
-_LT_TAGDECL([], [reload_flag], [1], [How to create reloadable object files])dnl
-_LT_TAGDECL([], [reload_cmds], [2])dnl
-])# _LT_CMD_RELOAD
-
-
-# _LT_PATH_DD
-# -----------
-# find a working dd
-m4_defun([_LT_PATH_DD],
-[AC_CACHE_CHECK([for a working dd], [ac_cv_path_lt_DD],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-: ${lt_DD:=$DD}
-AC_PATH_PROGS_FEATURE_CHECK([lt_DD], [dd],
-[if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
- cmp -s conftest.i conftest.out \
- && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
-fi])
-rm -f conftest.i conftest2.i conftest.out])
-])# _LT_PATH_DD
-
-
-# _LT_CMD_TRUNCATE
-# ----------------
-# find command to truncate a binary pipe
-m4_defun([_LT_CMD_TRUNCATE],
-[m4_require([_LT_PATH_DD])
-AC_CACHE_CHECK([how to truncate binary pipes], [lt_cv_truncate_bin],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-lt_cv_truncate_bin=
-if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
- cmp -s conftest.i conftest.out \
- && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
-fi
-rm -f conftest.i conftest2.i conftest.out
-test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"])
-_LT_DECL([lt_truncate_bin], [lt_cv_truncate_bin], [1],
- [Command to truncate a binary pipe])
-])# _LT_CMD_TRUNCATE
-
-
-# _LT_CHECK_MAGIC_METHOD
-# ----------------------
-# how to check for library dependencies
-# -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_MAGIC_METHOD],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-AC_CACHE_CHECK([how to recognize dependent libraries],
-lt_cv_deplibs_check_method,
-[lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# 'unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# that responds to the $file_magic_cmd with a given extended regex.
-# If you have 'file' or equivalent on your system and you're not sure
-# whether 'pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix[[4-9]]*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-beos*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-bsdi[[45]]*)
- lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
- lt_cv_file_magic_cmd='/usr/bin/file -L'
- lt_cv_file_magic_test_file=/shlib/libc.so
- ;;
-
-cygwin*)
- # func_win32_libid is a shell function defined in ltmain.sh
- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
- lt_cv_file_magic_cmd='func_win32_libid'
- ;;
-
-mingw* | pw32*)
- # Base MSYS/MinGW do not provide the 'file' command needed by
- # func_win32_libid shell function, so use a weaker test based on 'objdump',
- # unless we find 'file', for example because we are cross-compiling.
- if ( file / ) >/dev/null 2>&1; then
- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
- lt_cv_file_magic_cmd='func_win32_libid'
- else
- # Keep this pattern in sync with the one in func_win32_libid.
- lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
- lt_cv_file_magic_cmd='$OBJDUMP -f'
- fi
- ;;
-
-cegcc*)
- # use the weaker test based on 'objdump'. See mingw*.
- lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
- lt_cv_file_magic_cmd='$OBJDUMP -f'
- ;;
-
-darwin* | rhapsody*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-freebsd* | dragonfly*)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
- case $host_cpu in
- i*86 )
- # Not sure whether the presence of OpenBSD here was a mistake.
- # Let's accept both of them until this is cleared up.
- lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
- lt_cv_file_magic_cmd=/usr/bin/file
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
- ;;
- esac
- else
- lt_cv_deplibs_check_method=pass_all
- fi
- ;;
-
-haiku*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-hpux10.20* | hpux11*)
- lt_cv_file_magic_cmd=/usr/bin/file
- case $host_cpu in
- ia64*)
- lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
- lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
- ;;
- hppa*64*)
- [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]']
- lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
- ;;
- *)
- lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library'
- lt_cv_file_magic_test_file=/usr/lib/libc.sl
- ;;
- esac
- ;;
-
-interix[[3-9]]*)
- # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
- lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
- ;;
-
-irix5* | irix6* | nonstopux*)
- case $LD in
- *-32|*"-32 ") libmagic=32-bit;;
- *-n32|*"-n32 ") libmagic=N32;;
- *-64|*"-64 ") libmagic=64-bit;;
- *) libmagic=never-match;;
- esac
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
- lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
- else
- lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
- fi
- ;;
-
-newos6*)
- lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
- lt_cv_file_magic_cmd=/usr/bin/file
- lt_cv_file_magic_test_file=/usr/lib/libnls.so
- ;;
-
-*nto* | *qnx*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-openbsd* | bitrig*)
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
- else
- lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
- fi
- ;;
-
-osf3* | osf4* | osf5*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-rdos*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-solaris*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-sysv4 | sysv4.3*)
- case $host_vendor in
- motorola)
- lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
- ;;
- ncr)
- lt_cv_deplibs_check_method=pass_all
- ;;
- sequent)
- lt_cv_file_magic_cmd='/bin/file'
- lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
- ;;
- sni)
- lt_cv_file_magic_cmd='/bin/file'
- lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
- lt_cv_file_magic_test_file=/lib/libc.so
- ;;
- siemens)
- lt_cv_deplibs_check_method=pass_all
- ;;
- pc)
- lt_cv_deplibs_check_method=pass_all
- ;;
- esac
- ;;
-
-tpf*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-os2*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-esac
-])
-
-file_magic_glob=
-want_nocaseglob=no
-if test "$build" = "$host"; then
- case $host_os in
- mingw* | pw32*)
- if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
- want_nocaseglob=yes
- else
- file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"`
- fi
- ;;
- esac
-fi
-
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-_LT_DECL([], [deplibs_check_method], [1],
- [Method to check whether dependent libraries are shared objects])
-_LT_DECL([], [file_magic_cmd], [1],
- [Command to use when deplibs_check_method = "file_magic"])
-_LT_DECL([], [file_magic_glob], [1],
- [How to find potential files when deplibs_check_method = "file_magic"])
-_LT_DECL([], [want_nocaseglob], [1],
- [Find potential files using nocaseglob when deplibs_check_method = "file_magic"])
-])# _LT_CHECK_MAGIC_METHOD
-
-
-# LT_PATH_NM
-# ----------
-# find the pathname to a BSD- or MS-compatible name lister
-AC_DEFUN([LT_PATH_NM],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM,
-[if test -n "$NM"; then
- # Let the user override the test.
- lt_cv_path_NM=$NM
-else
- lt_nm_to_check=${ac_tool_prefix}nm
- if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
- lt_nm_to_check="$lt_nm_to_check nm"
- fi
- for lt_tmp_nm in $lt_nm_to_check; do
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- tmp_nm=$ac_dir/$lt_tmp_nm
- if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
- # Check to see if the nm accepts a BSD-compat flag.
- # Adding the 'sed 1q' prevents false positives on HP-UX, which says:
- # nm: unknown option "B" ignored
- # Tru64's nm complains that /dev/null is an invalid object file
- # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
- case $build_os in
- mingw*) lt_bad_file=conftest.nm/nofile ;;
- *) lt_bad_file=/dev/null ;;
- esac
- case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
- *$lt_bad_file* | *'Invalid file or object type'*)
- lt_cv_path_NM="$tmp_nm -B"
- break 2
- ;;
- *)
- case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
- */dev/null*)
- lt_cv_path_NM="$tmp_nm -p"
- break 2
- ;;
- *)
- lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
- continue # so that we can try to find one that supports BSD flags
- ;;
- esac
- ;;
- esac
- fi
- done
- IFS=$lt_save_ifs
- done
- : ${lt_cv_path_NM=no}
-fi])
-if test no != "$lt_cv_path_NM"; then
- NM=$lt_cv_path_NM
-else
- # Didn't find any BSD compatible name lister, look for dumpbin.
- if test -n "$DUMPBIN"; then :
- # Let the user override the test.
- else
- AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
- case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
- *COFF*)
- DUMPBIN="$DUMPBIN -symbols -headers"
- ;;
- *)
- DUMPBIN=:
- ;;
- esac
- fi
- AC_SUBST([DUMPBIN])
- if test : != "$DUMPBIN"; then
- NM=$DUMPBIN
- fi
-fi
-test -z "$NM" && NM=nm
-AC_SUBST([NM])
-_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl
-
-AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface],
- [lt_cv_nm_interface="BSD nm"
- echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD)
- (eval "$ac_compile" 2>conftest.err)
- cat conftest.err >&AS_MESSAGE_LOG_FD
- (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD)
- (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
- cat conftest.err >&AS_MESSAGE_LOG_FD
- (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD)
- cat conftest.out >&AS_MESSAGE_LOG_FD
- if $GREP 'External.*some_variable' conftest.out > /dev/null; then
- lt_cv_nm_interface="MS dumpbin"
- fi
- rm -f conftest*])
-])# LT_PATH_NM
-
-# Old names:
-AU_ALIAS([AM_PROG_NM], [LT_PATH_NM])
-AU_ALIAS([AC_PROG_NM], [LT_PATH_NM])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_NM], [])
-dnl AC_DEFUN([AC_PROG_NM], [])
-
-# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-# --------------------------------
-# how to determine the name of the shared library
-# associated with a specific link library.
-# -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-m4_require([_LT_DECL_DLLTOOL])
-AC_CACHE_CHECK([how to associate runtime and link libraries],
-lt_cv_sharedlib_from_linklib_cmd,
-[lt_cv_sharedlib_from_linklib_cmd='unknown'
-
-case $host_os in
-cygwin* | mingw* | pw32* | cegcc*)
- # two different shell functions defined in ltmain.sh;
- # decide which one to use based on capabilities of $DLLTOOL
- case `$DLLTOOL --help 2>&1` in
- *--identify-strict*)
- lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
- ;;
- *)
- lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
- ;;
- esac
- ;;
-*)
- # fallback: assume linklib IS sharedlib
- lt_cv_sharedlib_from_linklib_cmd=$ECHO
- ;;
-esac
-])
-sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
-test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
-
-_LT_DECL([], [sharedlib_from_linklib_cmd], [1],
- [Command to associate shared and link libraries])
-])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-
-
-# _LT_PATH_MANIFEST_TOOL
-# ----------------------
-# locate the manifest tool
-m4_defun([_LT_PATH_MANIFEST_TOOL],
-[AC_CHECK_TOOL(MANIFEST_TOOL, mt, :)
-test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool],
- [lt_cv_path_mainfest_tool=no
- echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD
- $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
- cat conftest.err >&AS_MESSAGE_LOG_FD
- if $GREP 'Manifest Tool' conftest.out > /dev/null; then
- lt_cv_path_mainfest_tool=yes
- fi
- rm -f conftest*])
-if test yes != "$lt_cv_path_mainfest_tool"; then
- MANIFEST_TOOL=:
-fi
-_LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl
-])# _LT_PATH_MANIFEST_TOOL
-
-
-# _LT_DLL_DEF_P([FILE])
-# ---------------------
-# True iff FILE is a Windows DLL '.def' file.
-# Keep in sync with func_dll_def_p in the libtool script
-AC_DEFUN([_LT_DLL_DEF_P],
-[dnl
- test DEF = "`$SED -n dnl
- -e '\''s/^[[ ]]*//'\'' dnl Strip leading whitespace
- -e '\''/^\(;.*\)*$/d'\'' dnl Delete empty lines and comments
- -e '\''s/^\(EXPORTS\|LIBRARY\)\([[ ]].*\)*$/DEF/p'\'' dnl
- -e q dnl Only consider the first "real" line
- $1`" dnl
-])# _LT_DLL_DEF_P
-
-
-# LT_LIB_M
-# --------
-# check for math library
-AC_DEFUN([LT_LIB_M],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-LIBM=
-case $host in
-*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*)
- # These system don't have libm, or don't need it
- ;;
-*-ncr-sysv4.3*)
- AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw)
- AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
- ;;
-*)
- AC_CHECK_LIB(m, cos, LIBM=-lm)
- ;;
-esac
-AC_SUBST([LIBM])
-])# LT_LIB_M
-
-# Old name:
-AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_CHECK_LIBM], [])
-
-
-# _LT_COMPILER_NO_RTTI([TAGNAME])
-# -------------------------------
-m4_defun([_LT_COMPILER_NO_RTTI],
-[m4_require([_LT_TAG_COMPILER])dnl
-
-_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-
-if test yes = "$GCC"; then
- case $cc_basename in
- nvcc*)
- _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;;
- *)
- _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;;
- esac
-
- _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
- lt_cv_prog_compiler_rtti_exceptions,
- [-fno-rtti -fno-exceptions], [],
- [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
-fi
-_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1],
- [Compiler flag to turn off builtin functions])
-])# _LT_COMPILER_NO_RTTI
-
-
-# _LT_CMD_GLOBAL_SYMBOLS
-# ----------------------
-m4_defun([_LT_CMD_GLOBAL_SYMBOLS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_PROG_AWK])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-AC_MSG_CHECKING([command to parse $NM output from $compiler object])
-AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
-[
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix. What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[[BCDEGRST]]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
-
-# Define system-specific variables.
-case $host_os in
-aix*)
- symcode='[[BCDT]]'
- ;;
-cygwin* | mingw* | pw32* | cegcc*)
- symcode='[[ABCDGISTW]]'
- ;;
-hpux*)
- if test ia64 = "$host_cpu"; then
- symcode='[[ABCDEGRST]]'
- fi
- ;;
-irix* | nonstopux*)
- symcode='[[BCDEGRST]]'
- ;;
-osf*)
- symcode='[[BCDEGQRST]]'
- ;;
-solaris*)
- symcode='[[BDRT]]'
- ;;
-sco3.2v5*)
- symcode='[[DT]]'
- ;;
-sysv4.2uw2*)
- symcode='[[DT]]'
- ;;
-sysv5* | sco5v6* | unixware* | OpenUNIX*)
- symcode='[[ABDT]]'
- ;;
-sysv4)
- symcode='[[DFNSTU]]'
- ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-case `$NM -V 2>&1` in
-*GNU* | *'with BFD'*)
- symcode='[[ABCDGIRSTW]]' ;;
-esac
-
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- # Gets list of data symbols to import.
- lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
- # Adjust the below global symbol transforms to fixup imported variables.
- lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
- lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'"
- lt_c_name_lib_hook="\
- -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\
- -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'"
-else
- # Disable hooks by default.
- lt_cv_sys_global_symbol_to_import=
- lt_cdecl_hook=
- lt_c_name_hook=
- lt_c_name_lib_hook=
-fi
-
-# Transform an extracted symbol line into a proper C declaration.
-# Some systems (esp. on ia64) link data and code symbols differently,
-# so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
-$lt_cdecl_hook\
-" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
-$lt_c_name_hook\
-" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'"
-
-# Transform an extracted symbol line into symbol name with lib prefix and
-# symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
-$lt_c_name_lib_hook\
-" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'"
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $build_os in
-mingw*)
- opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
- ;;
-esac
-
-# Try without a prefix underscore, then with it.
-for ac_symprfx in "" "_"; do
-
- # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
- symxfrm="\\1 $ac_symprfx\\2 \\2"
-
- # Write the raw and C identifiers.
- if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- # Fake it for dumpbin and say T for any non-static function,
- # D for any global variable and I for any imported variable.
- # Also find C++ and __fastcall symbols from MSVC++,
- # which start with @ or ?.
- lt_cv_sys_global_symbol_pipe="$AWK ['"\
-" {last_section=section; section=\$ 3};"\
-" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
-" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
-" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
-" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
-" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
-" \$ 0!~/External *\|/{next};"\
-" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
-" {if(hide[section]) next};"\
-" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
-" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
-" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
-" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
-" ' prfx=^$ac_symprfx]"
- else
- lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
- fi
- lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
-
- # Check to see that the pipe works correctly.
- pipe_works=no
-
- rm -f conftest*
- cat > conftest.$ac_ext <<_LT_EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(void);
-void nm_test_func(void){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-_LT_EOF
-
- if AC_TRY_EVAL(ac_compile); then
- # Now try to grab the symbols.
- nlist=conftest.nm
- $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&AS_MESSAGE_LOG_FD
- if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&AS_MESSAGE_LOG_FD && test -s "$nlist"; then
- # Try sorting and uniquifying the output.
- if sort "$nlist" | uniq > "$nlist"T; then
- mv -f "$nlist"T "$nlist"
- else
- rm -f "$nlist"T
- fi
-
- # Make sure that we snagged all the symbols we need.
- if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
- if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
- cat <<_LT_EOF > conftest.$ac_ext
-/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */
-#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
-/* DATA imports from DLLs on WIN32 can't be const, because runtime
- relocations are performed -- see ld's documentation on pseudo-relocs. */
-# define LT@&t@_DLSYM_CONST
-#elif defined __osf__
-/* This system does not cope well with relocations in const data. */
-# define LT@&t@_DLSYM_CONST
-#else
-# define LT@&t@_DLSYM_CONST const
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-_LT_EOF
- # Now generate the symbol file.
- eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
-
- cat <<_LT_EOF >> conftest.$ac_ext
-
-/* The mapping between symbol names and symbols. */
-LT@&t@_DLSYM_CONST struct {
- const char *name;
- void *address;
-}
-lt__PROGRAM__LTX_preloaded_symbols[[]] =
-{
- { "@PROGRAM@", (void *) 0 },
-_LT_EOF
- $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
- cat <<\_LT_EOF >> conftest.$ac_ext
- {0, (void *) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
- return lt__PROGRAM__LTX_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-_LT_EOF
- # Now try linking the two files.
- mv conftest.$ac_objext conftstm.$ac_objext
- lt_globsym_save_LIBS=$LIBS
- lt_globsym_save_CFLAGS=$CFLAGS
- LIBS=conftstm.$ac_objext
- CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
- if AC_TRY_EVAL(ac_link) && test -s conftest$ac_exeext; then
- pipe_works=yes
- fi
- LIBS=$lt_globsym_save_LIBS
- CFLAGS=$lt_globsym_save_CFLAGS
- else
- echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
- fi
- else
- echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
- fi
- else
- echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
- fi
- else
- echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
- cat conftest.$ac_ext >&5
- fi
- rm -rf conftest* conftst*
-
- # Do not use the global_symbol_pipe unless it works.
- if test yes = "$pipe_works"; then
- break
- else
- lt_cv_sys_global_symbol_pipe=
- fi
-done
-])
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
- lt_cv_sys_global_symbol_to_cdecl=
-fi
-if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
- AC_MSG_RESULT(failed)
-else
- AC_MSG_RESULT(ok)
-fi
-
-# Response file support.
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- nm_file_list_spec='@'
-elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then
- nm_file_list_spec='@'
-fi
-
-_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1],
- [Take the output of nm and produce a listing of raw symbols and C names])
-_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1],
- [Transform the output of nm in a proper C declaration])
-_LT_DECL([global_symbol_to_import], [lt_cv_sys_global_symbol_to_import], [1],
- [Transform the output of nm into a list of symbols to manually relocate])
-_LT_DECL([global_symbol_to_c_name_address],
- [lt_cv_sys_global_symbol_to_c_name_address], [1],
- [Transform the output of nm in a C name address pair])
-_LT_DECL([global_symbol_to_c_name_address_lib_prefix],
- [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1],
- [Transform the output of nm in a C name address pair when lib prefix is needed])
-_LT_DECL([nm_interface], [lt_cv_nm_interface], [1],
- [The name lister interface])
-_LT_DECL([], [nm_file_list_spec], [1],
- [Specify filename containing input files for $NM])
-]) # _LT_CMD_GLOBAL_SYMBOLS
-
-
-# _LT_COMPILER_PIC([TAGNAME])
-# ---------------------------
-m4_defun([_LT_COMPILER_PIC],
-[m4_require([_LT_TAG_COMPILER])dnl
-_LT_TAGVAR(lt_prog_compiler_wl, $1)=
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=
-_LT_TAGVAR(lt_prog_compiler_static, $1)=
-
-m4_if([$1], [CXX], [
- # C++ specific cases for pic, static, wl, etc.
- if test yes = "$GXX"; then
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
- case $host_os in
- aix*)
- # All AIX code is PIC.
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- fi
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
- m68k)
- # FIXME: we need at least 68020 code to build shared libraries, but
- # adding the '-m68020' flag to GCC prevents building anything better,
- # like '-m68040'.
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
- ;;
- esac
- ;;
-
- beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
- # PIC is the default for these OSes.
- ;;
- mingw* | cygwin* | os2* | pw32* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- # Although the cygwin gcc ignores -fPIC, still need this for old-style
- # (--disable-auto-import) libraries
- m4_if([$1], [GCJ], [],
- [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
- case $host_os in
- os2*)
- _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
- ;;
- esac
- ;;
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
- ;;
- *djgpp*)
- # DJGPP does not support shared libraries at all
- _LT_TAGVAR(lt_prog_compiler_pic, $1)=
- ;;
- haiku*)
- # PIC is the default for Haiku.
- # The "-static" flag exists, but is broken.
- _LT_TAGVAR(lt_prog_compiler_static, $1)=
- ;;
- interix[[3-9]]*)
- # Interix 3.x gcc -fpic/-fPIC options generate broken code.
- # Instead, we relocate shared libraries at runtime.
- ;;
- sysv4*MP*)
- if test -d /usr/nec; then
- _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
- fi
- ;;
- hpux*)
- # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
- # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
- # sets the default TLS model and affects inlining.
- case $host_cpu in
- hppa*64*)
- ;;
- *)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
- esac
- ;;
- *qnx* | *nto*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
- ;;
- *)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
- esac
- else
- case $host_os in
- aix[[4-9]]*)
- # All AIX code is PIC.
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- else
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
- fi
- ;;
- chorus*)
- case $cc_basename in
- cxch68*)
- # Green Hills C++ Compiler
- # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
- ;;
- esac
- ;;
- mingw* | cygwin* | os2* | pw32* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- m4_if([$1], [GCJ], [],
- [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
- ;;
- dgux*)
- case $cc_basename in
- ec++*)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- ;;
- ghcx*)
- # Green Hills C++ Compiler
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
- ;;
- *)
- ;;
- esac
- ;;
- freebsd* | dragonfly*)
- # FreeBSD uses GNU C++
- ;;
- hpux9* | hpux10* | hpux11*)
- case $cc_basename in
- CC*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
- if test ia64 != "$host_cpu"; then
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
- fi
- ;;
- aCC*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
- case $host_cpu in
- hppa*64*|ia64*)
- # +Z the default
- ;;
- *)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
- ;;
- esac
- ;;
- *)
- ;;
- esac
- ;;
- interix*)
- # This is c89, which is MS Visual C++ (no shared libs)
- # Anyone wants to do a port?
- ;;
- irix5* | irix6* | nonstopux*)
- case $cc_basename in
- CC*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
- # CC pic flag -KPIC is the default.
- ;;
- *)
- ;;
- esac
- ;;
- linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- case $cc_basename in
- KCC*)
- # KAI C++ Compiler
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
- ecpc* )
- # old Intel C++ for x86_64, which still supported -KPIC.
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
- ;;
- icpc* )
- # Intel C++, used to be incompatible with GCC.
- # ICC 10 doesn't accept -KPIC any more.
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
- ;;
- pgCC* | pgcpp*)
- # Portland Group C++ compiler
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
- cxx*)
- # Compaq C++
- # Make sure the PIC flag is empty. It appears that all Alpha
- # Linux and Compaq Tru64 Unix objects are PIC.
- _LT_TAGVAR(lt_prog_compiler_pic, $1)=
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
- ;;
- xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*)
- # IBM XL 8.0, 9.0 on PPC and BlueGene
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
- ;;
- *)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*)
- # Sun C++ 5.9
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
- ;;
- esac
- ;;
- esac
- ;;
- lynxos*)
- ;;
- m88k*)
- ;;
- mvs*)
- case $cc_basename in
- cxx*)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
- ;;
- *)
- ;;
- esac
- ;;
- netbsd* | netbsdelf*-gnu)
- ;;
- *qnx* | *nto*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
- ;;
- osf3* | osf4* | osf5*)
- case $cc_basename in
- KCC*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
- ;;
- RCC*)
- # Rational C++ 2.4.1
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
- ;;
- cxx*)
- # Digital/Compaq C++
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- # Make sure the PIC flag is empty. It appears that all Alpha
- # Linux and Compaq Tru64 Unix objects are PIC.
- _LT_TAGVAR(lt_prog_compiler_pic, $1)=
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
- ;;
- *)
- ;;
- esac
- ;;
- psos*)
- ;;
- solaris*)
- case $cc_basename in
- CC* | sunCC*)
- # Sun C++ 4.2, 5.x and Centerline C++
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
- ;;
- gcx*)
- # Green Hills C++ Compiler
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
- ;;
- *)
- ;;
- esac
- ;;
- sunos4*)
- case $cc_basename in
- CC*)
- # Sun C++ 4.x
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
- lcc*)
- # Lucid
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
- ;;
- *)
- ;;
- esac
- ;;
- sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
- case $cc_basename in
- CC*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
- esac
- ;;
- tandem*)
- case $cc_basename in
- NCC*)
- # NonStop-UX NCC 3.20
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- ;;
- *)
- ;;
- esac
- ;;
- vxworks*)
- ;;
- *)
- _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
- ;;
- esac
- fi
-],
-[
- if test yes = "$GCC"; then
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
- case $host_os in
- aix*)
- # All AIX code is PIC.
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- fi
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
- m68k)
- # FIXME: we need at least 68020 code to build shared libraries, but
- # adding the '-m68020' flag to GCC prevents building anything better,
- # like '-m68040'.
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
- ;;
- esac
- ;;
-
- beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
- # PIC is the default for these OSes.
- ;;
-
- mingw* | cygwin* | pw32* | os2* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- # Although the cygwin gcc ignores -fPIC, still need this for old-style
- # (--disable-auto-import) libraries
- m4_if([$1], [GCJ], [],
- [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
- case $host_os in
- os2*)
- _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
- ;;
- esac
- ;;
-
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
- ;;
-
- haiku*)
- # PIC is the default for Haiku.
- # The "-static" flag exists, but is broken.
- _LT_TAGVAR(lt_prog_compiler_static, $1)=
- ;;
-
- hpux*)
- # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
- # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
- # sets the default TLS model and affects inlining.
- case $host_cpu in
- hppa*64*)
- # +Z the default
- ;;
- *)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
- esac
- ;;
-
- interix[[3-9]]*)
- # Interix 3.x gcc -fpic/-fPIC options generate broken code.
- # Instead, we relocate shared libraries at runtime.
- ;;
-
- msdosdjgpp*)
- # Just because we use GCC doesn't mean we suddenly get shared libraries
- # on systems that don't support them.
- _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
- enable_shared=no
- ;;
-
- *nto* | *qnx*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
- fi
- ;;
-
- *)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- ;;
- esac
-
- case $cc_basename in
- nvcc*) # Cuda Compiler Driver 2.2
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker '
- if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
- _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)"
- fi
- ;;
- esac
- else
- # PORTME Check for flag to pass linker flags through the system compiler.
- case $host_os in
- aix*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- else
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
- fi
- ;;
-
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
- case $cc_basename in
- nagfor*)
- # NAG Fortran compiler
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
- esac
- ;;
-
- mingw* | cygwin* | pw32* | os2* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- m4_if([$1], [GCJ], [],
- [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
- case $host_os in
- os2*)
- _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
- ;;
- esac
- ;;
-
- hpux9* | hpux10* | hpux11*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
- # not for PA HP-UX.
- case $host_cpu in
- hppa*64*|ia64*)
- # +Z the default
- ;;
- *)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
- ;;
- esac
- # Is there a better lt_prog_compiler_static that works with the bundled CC?
- _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
- ;;
-
- irix5* | irix6* | nonstopux*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- # PIC (with -KPIC) is the default.
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
- ;;
-
- linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- case $cc_basename in
- # old Intel for x86_64, which still supported -KPIC.
- ecc*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
- ;;
- # flang / f18. f95 an alias for gfortran or flang on Debian
- flang* | f18* | f95*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
- ;;
- # icc used to be incompatible with GCC.
- # ICC 10 doesn't accept -KPIC any more.
- icc* | ifort*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
- ;;
- # Lahey Fortran 8.1.
- lf95*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='--static'
- ;;
- nagfor*)
- # NAG Fortran compiler
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
- tcc*)
- # Fabrice Bellard et al's Tiny C Compiler
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
- ;;
- pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
- # Portland Group compilers (*not* the Pentium gcc compiler,
- # which looks to be a dead project)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
- ccc*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- # All Alpha code is PIC.
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
- ;;
- xl* | bgxl* | bgf* | mpixl*)
- # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
- ;;
- *)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
- # Sun Fortran 8.3 passes all unrecognized flags to the linker
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- _LT_TAGVAR(lt_prog_compiler_wl, $1)=''
- ;;
- *Sun\ F* | *Sun*Fortran*)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
- ;;
- *Sun\ C*)
- # Sun C 5.9
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- ;;
- *Intel*\ [[CF]]*Compiler*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
- ;;
- *Portland\ Group*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
- esac
- ;;
- esac
- ;;
-
- newsos6)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
-
- *nto* | *qnx*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
- ;;
-
- osf3* | osf4* | osf5*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- # All OSF/1 code is PIC.
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
- ;;
-
- rdos*)
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
- ;;
-
- solaris*)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- case $cc_basename in
- f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
- *)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
- esac
- ;;
-
- sunos4*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
-
- sysv4 | sysv4.2uw2* | sysv4.3*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- fi
- ;;
-
- sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
-
- unicos*)
- _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
- _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
- ;;
-
- uts4*)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
- _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
- ;;
-
- *)
- _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
- ;;
- esac
- fi
-])
-case $host_os in
- # For platforms that do not support PIC, -DPIC is meaningless:
- *djgpp*)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)=
- ;;
- *)
- _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])"
- ;;
-esac
-
-AC_CACHE_CHECK([for $compiler option to produce PIC],
- [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)],
- [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)])
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
- _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works],
- [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)],
- [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [],
- [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in
- "" | " "*) ;;
- *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;;
- esac],
- [_LT_TAGVAR(lt_prog_compiler_pic, $1)=
- _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
-fi
-_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1],
- [Additional compiler flags for building library objects])
-
-_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1],
- [How to pass a linker flag through the compiler])
-#
-# Check to make sure the static flag actually works.
-#
-wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\"
-_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
- _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1),
- $lt_tmp_static_flag,
- [],
- [_LT_TAGVAR(lt_prog_compiler_static, $1)=])
-_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1],
- [Compiler flag to prevent dynamic linking])
-])# _LT_COMPILER_PIC
-
-
-# _LT_LINKER_SHLIBS([TAGNAME])
-# ----------------------------
-# See if the linker supports building shared libraries.
-m4_defun([_LT_LINKER_SHLIBS],
-[AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-m4_if([$1], [CXX], [
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
- _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
- case $host_os in
- aix[[4-9]]*)
- # If we're using GNU nm, then we don't want the "-C" option.
- # -C means demangle to GNU nm, but means don't demangle to AIX nm.
- # Without the "-l" option, or with the "-B" option, AIX nm treats
- # weak defined symbols like other global defined symbols, whereas
- # GNU nm marks them as "W".
- # While the 'weak' keyword is ignored in the Export File, we need
- # it in the Import File for the 'aix-soname' feature, so we have
- # to replace the "-B" option with "-P" for AIX nm.
- if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
- else
- _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
- fi
- ;;
- pw32*)
- _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds
- ;;
- cygwin* | mingw* | cegcc*)
- case $cc_basename in
- cl*)
- _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
- ;;
- *)
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
- _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
- ;;
- esac
- ;;
- linux* | k*bsd*-gnu | gnu*)
- _LT_TAGVAR(link_all_deplibs, $1)=no
- ;;
- *)
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
- ;;
- esac
-], [
- runpath_var=
- _LT_TAGVAR(allow_undefined_flag, $1)=
- _LT_TAGVAR(always_export_symbols, $1)=no
- _LT_TAGVAR(archive_cmds, $1)=
- _LT_TAGVAR(archive_expsym_cmds, $1)=
- _LT_TAGVAR(compiler_needs_object, $1)=no
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
- _LT_TAGVAR(export_dynamic_flag_spec, $1)=
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
- _LT_TAGVAR(hardcode_automatic, $1)=no
- _LT_TAGVAR(hardcode_direct, $1)=no
- _LT_TAGVAR(hardcode_direct_absolute, $1)=no
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
- _LT_TAGVAR(hardcode_libdir_separator, $1)=
- _LT_TAGVAR(hardcode_minus_L, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
- _LT_TAGVAR(inherit_rpath, $1)=no
- _LT_TAGVAR(link_all_deplibs, $1)=unknown
- _LT_TAGVAR(module_cmds, $1)=
- _LT_TAGVAR(module_expsym_cmds, $1)=
- _LT_TAGVAR(old_archive_from_new_cmds, $1)=
- _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)=
- _LT_TAGVAR(thread_safe_flag_spec, $1)=
- _LT_TAGVAR(whole_archive_flag_spec, $1)=
- # include_expsyms should be a list of space-separated symbols to be *always*
- # included in the symbol list
- _LT_TAGVAR(include_expsyms, $1)=
- # exclude_expsyms can be an extended regexp of symbols to exclude
- # it will be wrapped by ' (' and ')$', so one must not match beginning or
- # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
- # as well as any symbol that contains 'd'.
- _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
- # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
- # platforms (ab)use it in PIC code, but their linkers get confused if
- # the symbol is explicitly referenced. Since portable code cannot
- # rely on this symbol name, it's probably fine to never include it in
- # preloaded symbol tables.
- # Exclude shared library initialization/finalization symbols.
-dnl Note also adjust exclude_expsyms for C++ above.
- extract_expsyms_cmds=
-
- case $host_os in
- cygwin* | mingw* | pw32* | cegcc*)
- # FIXME: the MSVC++ port hasn't been tested in a loooong time
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- if test yes != "$GCC"; then
- with_gnu_ld=no
- fi
- ;;
- interix*)
- # we just hope/assume this is gcc and not c89 (= MSVC++)
- with_gnu_ld=yes
- ;;
- openbsd* | bitrig*)
- with_gnu_ld=no
- ;;
- linux* | k*bsd*-gnu | gnu*)
- _LT_TAGVAR(link_all_deplibs, $1)=no
- ;;
- esac
-
- _LT_TAGVAR(ld_shlibs, $1)=yes
-
- # On some targets, GNU ld is compatible enough with the native linker
- # that we're better off using the native interface for both.
- lt_use_gnu_ld_interface=no
- if test yes = "$with_gnu_ld"; then
- case $host_os in
- aix*)
- # The AIX port of GNU ld has always aspired to compatibility
- # with the native linker. However, as the warning in the GNU ld
- # block says, versions before 2.19.5* couldn't really create working
- # shared libraries, regardless of the interface used.
- case `$LD -v 2>&1` in
- *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
- *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;;
- *\ \(GNU\ Binutils\)\ [[3-9]]*) ;;
- *)
- lt_use_gnu_ld_interface=yes
- ;;
- esac
- ;;
- *)
- lt_use_gnu_ld_interface=yes
- ;;
- esac
- fi
-
- if test yes = "$lt_use_gnu_ld_interface"; then
- # If archive_cmds runs LD, not CC, wlarc should be empty
- wlarc='$wl'
-
- # Set some defaults for GNU ld with shared library support. These
- # are reset later if shared libraries are not supported. Putting them
- # here allows them to be overridden if necessary.
- runpath_var=LD_RUN_PATH
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
- # ancient GNU ld didn't support --whole-archive et. al.
- if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
- _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
- else
- _LT_TAGVAR(whole_archive_flag_spec, $1)=
- fi
- supports_anon_versioning=no
- case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
- *GNU\ gold*) supports_anon_versioning=yes ;;
- *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
- *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
- *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
- *\ 2.11.*) ;; # other 2.11 versions
- *) supports_anon_versioning=yes ;;
- esac
-
- # See if GNU ld supports shared libraries.
- case $host_os in
- aix[[3-9]]*)
- # On AIX/PPC, the GNU linker is very broken
- if test ia64 != "$host_cpu"; then
- _LT_TAGVAR(ld_shlibs, $1)=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.19, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support. If you
-*** really care for shared libraries, you may want to install binutils
-*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
-*** You will then need to restart the configuration process.
-
-_LT_EOF
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)=''
- ;;
- m68k)
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- ;;
- esac
- ;;
-
- beos*)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
- # support --undefined. This deserves some investigation. FIXME
- _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
- # as there is no search path for DLLs.
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- _LT_TAGVAR(always_export_symbols, $1)=no
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
- _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
-
- if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- # If the export-symbols file already is a .def file, use it as
- # is; otherwise, prepend EXPORTS...
- _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
- cp $export_symbols $output_objdir/$soname.def;
- else
- echo EXPORTS > $output_objdir/$soname.def;
- cat $export_symbols >> $output_objdir/$soname.def;
- fi~
- $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
-
- haiku*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- ;;
-
- os2*)
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- shrext_cmds=.dll
- _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- prefix_cmds="$SED"~
- if test EXPORTS = "`$SED 1q $export_symbols`"; then
- prefix_cmds="$prefix_cmds -e 1d";
- fi~
- prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
- cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
- ;;
-
- interix[[3-9]]*)
- _LT_TAGVAR(hardcode_direct, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
- # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
- # Instead, shared libraries are loaded at an image base (0x10000000 by
- # default) and relocated if they conflict, which is a slow very memory
- # consuming and fragmenting process. To avoid this, we pick a random,
- # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
- # time. Moving up from 0x10000000 also allows more sbrk(2) space.
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- ;;
-
- gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
- tmp_diet=no
- if test linux-dietlibc = "$host_os"; then
- case $cc_basename in
- diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
- esac
- fi
- if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
- && test no = "$tmp_diet"
- then
- tmp_addflag=' $pic_flag'
- tmp_sharedflag='-shared'
- case $cc_basename,$host_cpu in
- pgcc*) # Portland Group C compiler
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- tmp_addflag=' $pic_flag'
- ;;
- pgf77* | pgf90* | pgf95* | pgfortran*)
- # Portland Group f77 and f90 compilers
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- tmp_addflag=' $pic_flag -Mnomain' ;;
- ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
- tmp_addflag=' -i_dynamic' ;;
- efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
- tmp_addflag=' -i_dynamic -nofor_main' ;;
- ifc* | ifort*) # Intel Fortran compiler
- tmp_addflag=' -nofor_main' ;;
- lf95*) # Lahey Fortran 8.1
- _LT_TAGVAR(whole_archive_flag_spec, $1)=
- tmp_sharedflag='--shared' ;;
- nagfor*) # NAGFOR 5.3
- tmp_sharedflag='-Wl,-shared' ;;
- xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below)
- tmp_sharedflag='-qmkshrobj'
- tmp_addflag= ;;
- nvcc*) # Cuda Compiler Driver 2.2
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- _LT_TAGVAR(compiler_needs_object, $1)=yes
- ;;
- esac
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*) # Sun C 5.9
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- _LT_TAGVAR(compiler_needs_object, $1)=yes
- tmp_sharedflag='-G' ;;
- *Sun\ F*) # Sun Fortran 8.3
- tmp_sharedflag='-G' ;;
- esac
- _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-
- if test yes = "$supports_anon_versioning"; then
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
- fi
-
- case $cc_basename in
- tcc*)
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic'
- ;;
- xlf* | bgf* | bgxlf* | mpixlf*)
- # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
- _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
- if test yes = "$supports_anon_versioning"; then
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
- fi
- ;;
- esac
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
-
- netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
- wlarc=
- else
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- fi
- ;;
-
- solaris*)
- if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
- _LT_TAGVAR(ld_shlibs, $1)=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems. Therefore, libtool
-*** is disabling shared libraries support. We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer. Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
- elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
-
- sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
- case `$LD -v 2>&1` in
- *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
- _LT_TAGVAR(ld_shlibs, $1)=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
-*** reliably create shared libraries on SCO systems. Therefore, libtool
-*** is disabling shared libraries support. We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
- ;;
- *)
- # For security reasons, it is highly recommended that you always
- # use absolute paths for naming shared libraries, and exclude the
- # DT_RUNPATH tag from executables and libraries. But doing so
- # requires that you compile everything twice, which is a pain.
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
- esac
- ;;
-
- sunos4*)
- _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- wlarc=
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- *)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
- esac
-
- if test no = "$_LT_TAGVAR(ld_shlibs, $1)"; then
- runpath_var=
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
- _LT_TAGVAR(export_dynamic_flag_spec, $1)=
- _LT_TAGVAR(whole_archive_flag_spec, $1)=
- fi
- else
- # PORTME fill in a description of your system's linker (not GNU ld)
- case $host_os in
- aix3*)
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- _LT_TAGVAR(always_export_symbols, $1)=yes
- _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
- # Note: this linker hardcodes the directories in LIBPATH if there
- # are no directories specified by -L.
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
- # Neither direct hardcoding nor static linking is supported with a
- # broken collect2.
- _LT_TAGVAR(hardcode_direct, $1)=unsupported
- fi
- ;;
-
- aix[[4-9]]*)
- if test ia64 = "$host_cpu"; then
- # On IA64, the linker does run time linking by default, so we don't
- # have to do anything special.
- aix_use_runtimelinking=no
- exp_sym_flag='-Bexport'
- no_entry_flag=
- else
- # If we're using GNU nm, then we don't want the "-C" option.
- # -C means demangle to GNU nm, but means don't demangle to AIX nm.
- # Without the "-l" option, or with the "-B" option, AIX nm treats
- # weak defined symbols like other global defined symbols, whereas
- # GNU nm marks them as "W".
- # While the 'weak' keyword is ignored in the Export File, we need
- # it in the Import File for the 'aix-soname' feature, so we have
- # to replace the "-B" option with "-P" for AIX nm.
- if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
- else
- _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
- fi
- aix_use_runtimelinking=no
-
- # Test if we are trying to use run time linking or normal
- # AIX style linking. If -brtl is somewhere in LDFLAGS, we
- # have runtime linking enabled, and use it for executables.
- # For shared libraries, we enable/disable runtime linking
- # depending on the kind of the shared library created -
- # when "with_aix_soname,aix_use_runtimelinking" is:
- # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables
- # "aix,yes" lib.so shared, rtl:yes, for executables
- # lib.a static archive
- # "both,no" lib.so.V(shr.o) shared, rtl:yes
- # lib.a(lib.so.V) shared, rtl:no, for executables
- # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a(lib.so.V) shared, rtl:no
- # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a static archive
- case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
- for ld_flag in $LDFLAGS; do
- if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
- aix_use_runtimelinking=yes
- break
- fi
- done
- if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
- # With aix-soname=svr4, we create the lib.so.V shared archives only,
- # so we don't have lib.a shared libs to link our executables.
- # We have to force runtime linking in this case.
- aix_use_runtimelinking=yes
- LDFLAGS="$LDFLAGS -Wl,-brtl"
- fi
- ;;
- esac
-
- exp_sym_flag='-bexport'
- no_entry_flag='-bnoentry'
- fi
-
- # When large executables or shared objects are built, AIX ld can
- # have problems creating the table of contents. If linking a library
- # or program results in "error TOC overflow" add -mminimal-toc to
- # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
- # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
- _LT_TAGVAR(archive_cmds, $1)=''
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
- _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
- case $with_aix_soname,$aix_use_runtimelinking in
- aix,*) ;; # traditional, no import file
- svr4,* | *,yes) # use import file
- # The Import File defines what to hardcode.
- _LT_TAGVAR(hardcode_direct, $1)=no
- _LT_TAGVAR(hardcode_direct_absolute, $1)=no
- ;;
- esac
-
- if test yes = "$GCC"; then
- case $host_os in aix4.[[012]]|aix4.[[012]].*)
- # We only want to do this on AIX 4.2 and lower, the check
- # below for broken collect2 doesn't work under 4.3+
- collect2name=`$CC -print-prog-name=collect2`
- if test -f "$collect2name" &&
- strings "$collect2name" | $GREP resolve_lib_name >/dev/null
- then
- # We have reworked collect2
- :
- else
- # We have old collect2
- _LT_TAGVAR(hardcode_direct, $1)=unsupported
- # It fails to find uninstalled libraries when the uninstalled
- # path is not listed in the libpath. Setting hardcode_minus_L
- # to unsupported forces relinking
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=
- fi
- ;;
- esac
- shared_flag='-shared'
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag="$shared_flag "'$wl-G'
- fi
- # Need to ensure runtime linking is disabled for the traditional
- # shared library, or the linker may eventually find shared libraries
- # /with/ Import File - we do not want to mix them.
- shared_flag_aix='-shared'
- shared_flag_svr4='-shared $wl-G'
- else
- # not using gcc
- if test ia64 = "$host_cpu"; then
- # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
- # chokes on -Wl,-G. The following line is correct:
- shared_flag='-G'
- else
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag='$wl-G'
- else
- shared_flag='$wl-bM:SRE'
- fi
- shared_flag_aix='$wl-bM:SRE'
- shared_flag_svr4='$wl-G'
- fi
- fi
-
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
- # It seems that -bexpall does not export symbols beginning with
- # underscore (_), so it is better to generate a list of symbols to export.
- _LT_TAGVAR(always_export_symbols, $1)=yes
- if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
- # Warning - without using the other runtime loading flags (-brtl),
- # -berok will link without error, but may produce a broken library.
- _LT_TAGVAR(allow_undefined_flag, $1)='-berok'
- # Determine the default libpath from the value encoded in an
- # empty executable.
- _LT_SYS_MODULE_PATH_AIX([$1])
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
- else
- if test ia64 = "$host_cpu"; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
- _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
- _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
- else
- # Determine the default libpath from the value encoded in an
- # empty executable.
- _LT_SYS_MODULE_PATH_AIX([$1])
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
- # Warning - without using the other run time loading flags,
- # -berok will link without error, but may produce a broken library.
- _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
- _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
- if test yes = "$with_gnu_ld"; then
- # We only use this code for GNU lds that support --whole-archive.
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
- else
- # Exported symbols can be pulled into shared objects from archives
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
- fi
- _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
- _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
- # -brtl affects multiple linker settings, -berok does not and is overridden later
- compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
- if test svr4 != "$with_aix_soname"; then
- # This is similar to how AIX traditionally builds its shared libraries.
- _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
- fi
- if test aix != "$with_aix_soname"; then
- _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
- else
- # used by -dlpreopen to get the symbols
- _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir'
- fi
- _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
- fi
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)=''
- ;;
- m68k)
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- ;;
- esac
- ;;
-
- bsdi[[45]]*)
- _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- # hardcode_libdir_flag_spec is actually meaningless, as there is
- # no search path for DLLs.
- case $cc_basename in
- cl*)
- # Native MSVC
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- _LT_TAGVAR(always_export_symbols, $1)=yes
- _LT_TAGVAR(file_list_spec, $1)='@'
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=.dll
- # FIXME: Setting linknames here is a bad hack.
- _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
- _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
- cp "$export_symbols" "$output_objdir/$soname.def";
- echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
- else
- $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
- fi~
- $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
- linknames='
- # The linker will not automatically build a static lib if we build a DLL.
- # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
- _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
- _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
- # Don't use ranlib
- _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
- _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
- lt_tool_outputfile="@TOOL_OUTPUT@"~
- case $lt_outputfile in
- *.exe|*.EXE) ;;
- *)
- lt_outputfile=$lt_outputfile.exe
- lt_tool_outputfile=$lt_tool_outputfile.exe
- ;;
- esac~
- if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
- $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
- $RM "$lt_outputfile.manifest";
- fi'
- ;;
- *)
- # Assume MSVC wrapper
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=.dll
- # FIXME: Setting linknames here is a bad hack.
- _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
- # The linker will automatically build a .lib file if we build a DLL.
- _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
- # FIXME: Should let the user specify the lib program.
- _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs'
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
- ;;
- esac
- ;;
-
- darwin* | rhapsody*)
- _LT_DARWIN_LINKER_FEATURES($1)
- ;;
-
- dgux*)
- _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
- # support. Future versions do this automatically, but an explicit c++rt0.o
- # does not break anything, and helps significantly (at the cost of a little
- # extra space).
- freebsd2.2*)
- _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- # Unfortunately, older versions of FreeBSD 2 do not have this feature.
- freebsd2.*)
- _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
- freebsd* | dragonfly*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- hpux9*)
- if test yes = "$GCC"; then
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- else
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- fi
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
- _LT_TAGVAR(hardcode_direct, $1)=yes
-
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
- ;;
-
- hpux10*)
- if test yes,no = "$GCC,$with_gnu_ld"; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
- else
- _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
- fi
- if test no = "$with_gnu_ld"; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- fi
- ;;
-
- hpux11*)
- if test yes,no = "$GCC,$with_gnu_ld"; then
- case $host_cpu in
- hppa*64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- ia64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- else
- case $host_cpu in
- hppa*64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- ia64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
- m4_if($1, [], [
- # Older versions of the 11.00 compiler do not understand -b yet
- # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
- _LT_LINKER_OPTION([if $CC understands -b],
- _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b],
- [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'],
- [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])],
- [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'])
- ;;
- esac
- fi
- if test no = "$with_gnu_ld"; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
- case $host_cpu in
- hppa*64*|ia64*)
- _LT_TAGVAR(hardcode_direct, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
- *)
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- ;;
- esac
- fi
- ;;
-
- irix5* | irix6* | nonstopux*)
- if test yes = "$GCC"; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- # Try to use the -exported_symbol ld option, if it does not
- # work, assume that -exports_file does not work either and
- # implicitly export all symbols.
- # This should be the same for all languages, so no per-tag cache variable.
- AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol],
- [lt_cv_irix_exported_symbol],
- [save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
- AC_LINK_IFELSE(
- [AC_LANG_SOURCE(
- [AC_LANG_CASE([C], [[int foo (void) { return 0; }]],
- [C++], [[int foo (void) { return 0; }]],
- [Fortran 77], [[
- subroutine foo
- end]],
- [Fortran], [[
- subroutine foo
- end]])])],
- [lt_cv_irix_exported_symbol=yes],
- [lt_cv_irix_exported_symbol=no])
- LDFLAGS=$save_LDFLAGS])
- if test yes = "$lt_cv_irix_exported_symbol"; then
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
- fi
- _LT_TAGVAR(link_all_deplibs, $1)=no
- else
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
- fi
- _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
- _LT_TAGVAR(inherit_rpath, $1)=yes
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- ;;
-
- linux*)
- case $cc_basename in
- tcc*)
- # Fabrice Bellard et al's Tiny C Compiler
- _LT_TAGVAR(ld_shlibs, $1)=yes
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- ;;
-
- netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
- else
- _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
- fi
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- newsos6)
- _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- *nto* | *qnx*)
- ;;
-
- openbsd* | bitrig*)
- if test -f /usr/libexec/ld.so; then
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
- else
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
- fi
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
-
- os2*)
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- shrext_cmds=.dll
- _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- prefix_cmds="$SED"~
- if test EXPORTS = "`$SED 1q $export_symbols`"; then
- prefix_cmds="$prefix_cmds -e 1d";
- fi~
- prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
- cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
- ;;
-
- osf3*)
- if test yes = "$GCC"; then
- _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- else
- _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- fi
- _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
- ;;
-
- osf4* | osf5*) # as osf3* with the addition of -msym flag
- if test yes = "$GCC"; then
- _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- else
- _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
- $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
-
- # Both c and cxx compiler support -rpath directly
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
- fi
- _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
- ;;
-
- solaris*)
- _LT_TAGVAR(no_undefined_flag, $1)=' -z defs'
- if test yes = "$GCC"; then
- wlarc='$wl'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
- else
- case `$CC -V 2>&1` in
- *"Compilers 5.0"*)
- wlarc=''
- _LT_TAGVAR(archive_cmds, $1)='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
- ;;
- *)
- wlarc='$wl'
- _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
- ;;
- esac
- fi
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- case $host_os in
- solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
- *)
- # The compiler driver will combine and reorder linker options,
- # but understands '-z linker_flag'. GCC discards it without '$wl',
- # but is careful enough not to reorder.
- # Supported since Solaris 2.6 (maybe 2.5.1?)
- if test yes = "$GCC"; then
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
- else
- _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
- fi
- ;;
- esac
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- ;;
-
- sunos4*)
- if test sequent = "$host_vendor"; then
- # Use $CC to link under sequent, because it throws in some extra .o
- # files that make .init and .fini sections work.
- _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
- fi
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- sysv4)
- case $host_vendor in
- sni)
- _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true???
- ;;
- siemens)
- ## LD is ld it makes a PLAMLIB
- ## CC just makes a GrossModule.
- _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
- _LT_TAGVAR(hardcode_direct, $1)=no
- ;;
- motorola)
- _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
- ;;
- esac
- runpath_var='LD_RUN_PATH'
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- sysv4.3*)
- _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- runpath_var=LD_RUN_PATH
- hardcode_runpath_var=yes
- _LT_TAGVAR(ld_shlibs, $1)=yes
- fi
- ;;
-
- sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
- _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
- _LT_TAGVAR(archive_cmds_need_lc, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- runpath_var='LD_RUN_PATH'
-
- if test yes = "$GCC"; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- fi
- ;;
-
- sysv5* | sco3.2v5* | sco5v6*)
- # Note: We CANNOT use -z defs as we might desire, because we do not
- # link with -lc, and that would cause any symbols used from libc to
- # always be unresolved, which means just about no library would
- # ever link correctly. If we're not using GNU ld we use -z text
- # though, which does catch some bad symbols but isn't as heavy-handed
- # as -z defs.
- _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
- _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
- _LT_TAGVAR(archive_cmds_need_lc, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
- runpath_var='LD_RUN_PATH'
-
- if test yes = "$GCC"; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- fi
- ;;
-
- uts4*)
- _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
-
- *)
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- esac
-
- if test sni = "$host_vendor"; then
- case $host in
- sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Blargedynsym'
- ;;
- esac
- fi
- fi
-])
-AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
-test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
-_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld
-
-_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl
-_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl
-_LT_DECL([], [extract_expsyms_cmds], [2],
- [The commands to extract the exported symbol list from a shared archive])
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in
-x|xyes)
- # Assume -lc should be added
- _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-
- if test yes,yes = "$GCC,$enable_shared"; then
- case $_LT_TAGVAR(archive_cmds, $1) in
- *'~'*)
- # FIXME: we may have to deal with multi-command sequences.
- ;;
- '$CC '*)
- # Test whether the compiler implicitly links with -lc since on some
- # systems, -lgcc has to come before -lc. If gcc already passes -lc
- # to ld, don't add -lc before -lgcc.
- AC_CACHE_CHECK([whether -lc should be explicitly linked in],
- [lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1),
- [$RM conftest*
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
- soname=conftest
- lib=conftest
- libobjs=conftest.$ac_objext
- deplibs=
- wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1)
- pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1)
- compiler_flags=-v
- linker_flags=-v
- verstring=
- output_objdir=.
- libname=conftest
- lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1)
- _LT_TAGVAR(allow_undefined_flag, $1)=
- if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1)
- then
- lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no
- else
- lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes
- fi
- _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
- else
- cat conftest.err 1>&5
- fi
- $RM conftest*
- ])
- _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)
- ;;
- esac
- fi
- ;;
-esac
-
-_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0],
- [Whether or not to add -lc for building shared libraries])
-_LT_TAGDECL([allow_libtool_libs_with_static_runtimes],
- [enable_shared_with_static_runtimes], [0],
- [Whether or not to disallow shared libs when runtime libs are static])
-_LT_TAGDECL([], [export_dynamic_flag_spec], [1],
- [Compiler flag to allow reflexive dlopens])
-_LT_TAGDECL([], [whole_archive_flag_spec], [1],
- [Compiler flag to generate shared objects directly from archives])
-_LT_TAGDECL([], [compiler_needs_object], [1],
- [Whether the compiler copes with passing no objects directly])
-_LT_TAGDECL([], [old_archive_from_new_cmds], [2],
- [Create an old-style archive from a shared archive])
-_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2],
- [Create a temporary old-style archive to link instead of a shared archive])
-_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive])
-_LT_TAGDECL([], [archive_expsym_cmds], [2])
-_LT_TAGDECL([], [module_cmds], [2],
- [Commands used to build a loadable module if different from building
- a shared archive.])
-_LT_TAGDECL([], [module_expsym_cmds], [2])
-_LT_TAGDECL([], [with_gnu_ld], [1],
- [Whether we are building with GNU ld or not])
-_LT_TAGDECL([], [allow_undefined_flag], [1],
- [Flag that allows shared libraries with undefined symbols to be built])
-_LT_TAGDECL([], [no_undefined_flag], [1],
- [Flag that enforces no undefined symbols])
-_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
- [Flag to hardcode $libdir into a binary during linking.
- This must work even if $libdir does not exist])
-_LT_TAGDECL([], [hardcode_libdir_separator], [1],
- [Whether we need a single "-rpath" flag with a separated argument])
-_LT_TAGDECL([], [hardcode_direct], [0],
- [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
- DIR into the resulting binary])
-_LT_TAGDECL([], [hardcode_direct_absolute], [0],
- [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
- DIR into the resulting binary and the resulting library dependency is
- "absolute", i.e impossible to change by setting $shlibpath_var if the
- library is relocated])
-_LT_TAGDECL([], [hardcode_minus_L], [0],
- [Set to "yes" if using the -LDIR flag during linking hardcodes DIR
- into the resulting binary])
-_LT_TAGDECL([], [hardcode_shlibpath_var], [0],
- [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
- into the resulting binary])
-_LT_TAGDECL([], [hardcode_automatic], [0],
- [Set to "yes" if building a shared library automatically hardcodes DIR
- into the library and all subsequent libraries and executables linked
- against it])
-_LT_TAGDECL([], [inherit_rpath], [0],
- [Set to yes if linker adds runtime paths of dependent libraries
- to runtime path list])
-_LT_TAGDECL([], [link_all_deplibs], [0],
- [Whether libtool must link a program against all its dependency libraries])
-_LT_TAGDECL([], [always_export_symbols], [0],
- [Set to "yes" if exported symbols are required])
-_LT_TAGDECL([], [export_symbols_cmds], [2],
- [The commands to list exported symbols])
-_LT_TAGDECL([], [exclude_expsyms], [1],
- [Symbols that should not be listed in the preloaded symbols])
-_LT_TAGDECL([], [include_expsyms], [1],
- [Symbols that must always be exported])
-_LT_TAGDECL([], [prelink_cmds], [2],
- [Commands necessary for linking programs (against libraries) with templates])
-_LT_TAGDECL([], [postlink_cmds], [2],
- [Commands necessary for finishing linking programs])
-_LT_TAGDECL([], [file_list_spec], [1],
- [Specify filename containing input files])
-dnl FIXME: Not yet implemented
-dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1],
-dnl [Compiler flag to generate thread safe objects])
-])# _LT_LINKER_SHLIBS
-
-
-# _LT_LANG_C_CONFIG([TAG])
-# ------------------------
-# Ensure that the configuration variables for a C compiler are suitably
-# defined. These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_C_CONFIG],
-[m4_require([_LT_DECL_EGREP])dnl
-lt_save_CC=$CC
-AC_LANG_PUSH(C)
-
-# Source file extension for C test sources.
-ac_ext=c
-
-# Object file extension for compiled C test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}'
-
-_LT_TAG_COMPILER
-# Save the default compiler, since it gets overwritten when the other
-# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
-compiler_DEFAULT=$CC
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-if test -n "$compiler"; then
- _LT_COMPILER_NO_RTTI($1)
- _LT_COMPILER_PIC($1)
- _LT_COMPILER_C_O($1)
- _LT_COMPILER_FILE_LOCKS($1)
- _LT_LINKER_SHLIBS($1)
- _LT_SYS_DYNAMIC_LINKER($1)
- _LT_LINKER_HARDCODE_LIBPATH($1)
- LT_SYS_DLOPEN_SELF
- _LT_CMD_STRIPLIB
-
- # Report what library types will actually be built
- AC_MSG_CHECKING([if libtool supports shared libraries])
- AC_MSG_RESULT([$can_build_shared])
-
- AC_MSG_CHECKING([whether to build shared libraries])
- test no = "$can_build_shared" && enable_shared=no
-
- # On AIX, shared libraries and static libraries use the same namespace, and
- # are all built from PIC.
- case $host_os in
- aix3*)
- test yes = "$enable_shared" && enable_static=no
- if test -n "$RANLIB"; then
- archive_cmds="$archive_cmds~\$RANLIB \$lib"
- postinstall_cmds='$RANLIB $lib'
- fi
- ;;
-
- aix[[4-9]]*)
- if test ia64 != "$host_cpu"; then
- case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
- yes,aix,yes) ;; # shared object as lib.so file only
- yes,svr4,*) ;; # shared object as lib.so archive member only
- yes,*) enable_static=no ;; # shared object in lib.a archive as well
- esac
- fi
- ;;
- esac
- AC_MSG_RESULT([$enable_shared])
-
- AC_MSG_CHECKING([whether to build static libraries])
- # Make sure either enable_shared or enable_static is yes.
- test yes = "$enable_shared" || enable_static=yes
- AC_MSG_RESULT([$enable_static])
-
- _LT_CONFIG($1)
-fi
-AC_LANG_POP
-CC=$lt_save_CC
-])# _LT_LANG_C_CONFIG
-
-
-# _LT_LANG_CXX_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a C++ compiler are suitably
-# defined. These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_CXX_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-if test -n "$CXX" && ( test no != "$CXX" &&
- ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) ||
- (test g++ != "$CXX"))); then
- AC_PROG_CXXCPP
-else
- _lt_caught_CXX_error=yes
-fi
-
-AC_LANG_PUSH(C++)
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(compiler_needs_object, $1)=no
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for C++ test sources.
-ac_ext=cpp
-
-# Object file extension for compiled C++ test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the CXX compiler isn't working. Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_caught_CXX_error"; then
- # Code to be used in simple compile tests
- lt_simple_compile_test_code="int some_variable = 0;"
-
- # Code to be used in simple link tests
- lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }'
-
- # ltmain only uses $CC for tagged configurations so make sure $CC is set.
- _LT_TAG_COMPILER
-
- # save warnings/boilerplate of simple test code
- _LT_COMPILER_BOILERPLATE
- _LT_LINKER_BOILERPLATE
-
- # Allow CC to be a program name with arguments.
- lt_save_CC=$CC
- lt_save_CFLAGS=$CFLAGS
- lt_save_LD=$LD
- lt_save_GCC=$GCC
- GCC=$GXX
- lt_save_with_gnu_ld=$with_gnu_ld
- lt_save_path_LD=$lt_cv_path_LD
- if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
- lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
- else
- $as_unset lt_cv_prog_gnu_ld
- fi
- if test -n "${lt_cv_path_LDCXX+set}"; then
- lt_cv_path_LD=$lt_cv_path_LDCXX
- else
- $as_unset lt_cv_path_LD
- fi
- test -z "${LDCXX+set}" || LD=$LDCXX
- CC=${CXX-"c++"}
- CFLAGS=$CXXFLAGS
- compiler=$CC
- _LT_TAGVAR(compiler, $1)=$CC
- _LT_CC_BASENAME([$compiler])
-
- if test -n "$compiler"; then
- # We don't want -fno-exception when compiling C++ code, so set the
- # no_builtin_flag separately
- if test yes = "$GXX"; then
- _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
- else
- _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
- fi
-
- if test yes = "$GXX"; then
- # Set up default GNU C++ configuration
-
- LT_PATH_LD
-
- # Check if GNU C++ uses GNU ld as the underlying linker, since the
- # archiving commands below assume that GNU ld is being used.
- if test yes = "$with_gnu_ld"; then
- _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
- # If archive_cmds runs LD, not CC, wlarc should be empty
- # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
- # investigate it a little bit more. (MM)
- wlarc='$wl'
-
- # ancient GNU ld didn't support --whole-archive et. al.
- if eval "`$CC -print-prog-name=ld` --help 2>&1" |
- $GREP 'no-whole-archive' > /dev/null; then
- _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
- else
- _LT_TAGVAR(whole_archive_flag_spec, $1)=
- fi
- else
- with_gnu_ld=no
- wlarc=
-
- # A generic and very simple default shared library creation
- # command for GNU C++ for the case where it uses the native
- # linker, instead of GNU ld. If possible, this setting should
- # overridden to take advantage of the native linker features on
- # the platform it is being used on.
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
- fi
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
-
- else
- GXX=no
- with_gnu_ld=no
- wlarc=
- fi
-
- # PORTME: fill in a description of your system's C++ link characteristics
- AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
- _LT_TAGVAR(ld_shlibs, $1)=yes
- case $host_os in
- aix3*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- aix[[4-9]]*)
- if test ia64 = "$host_cpu"; then
- # On IA64, the linker does run time linking by default, so we don't
- # have to do anything special.
- aix_use_runtimelinking=no
- exp_sym_flag='-Bexport'
- no_entry_flag=
- else
- aix_use_runtimelinking=no
-
- # Test if we are trying to use run time linking or normal
- # AIX style linking. If -brtl is somewhere in LDFLAGS, we
- # have runtime linking enabled, and use it for executables.
- # For shared libraries, we enable/disable runtime linking
- # depending on the kind of the shared library created -
- # when "with_aix_soname,aix_use_runtimelinking" is:
- # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables
- # "aix,yes" lib.so shared, rtl:yes, for executables
- # lib.a static archive
- # "both,no" lib.so.V(shr.o) shared, rtl:yes
- # lib.a(lib.so.V) shared, rtl:no, for executables
- # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a(lib.so.V) shared, rtl:no
- # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a static archive
- case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
- for ld_flag in $LDFLAGS; do
- case $ld_flag in
- *-brtl*)
- aix_use_runtimelinking=yes
- break
- ;;
- esac
- done
- if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
- # With aix-soname=svr4, we create the lib.so.V shared archives only,
- # so we don't have lib.a shared libs to link our executables.
- # We have to force runtime linking in this case.
- aix_use_runtimelinking=yes
- LDFLAGS="$LDFLAGS -Wl,-brtl"
- fi
- ;;
- esac
-
- exp_sym_flag='-bexport'
- no_entry_flag='-bnoentry'
- fi
-
- # When large executables or shared objects are built, AIX ld can
- # have problems creating the table of contents. If linking a library
- # or program results in "error TOC overflow" add -mminimal-toc to
- # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
- # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
- _LT_TAGVAR(archive_cmds, $1)=''
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
- _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
- case $with_aix_soname,$aix_use_runtimelinking in
- aix,*) ;; # no import file
- svr4,* | *,yes) # use import file
- # The Import File defines what to hardcode.
- _LT_TAGVAR(hardcode_direct, $1)=no
- _LT_TAGVAR(hardcode_direct_absolute, $1)=no
- ;;
- esac
-
- if test yes = "$GXX"; then
- case $host_os in aix4.[[012]]|aix4.[[012]].*)
- # We only want to do this on AIX 4.2 and lower, the check
- # below for broken collect2 doesn't work under 4.3+
- collect2name=`$CC -print-prog-name=collect2`
- if test -f "$collect2name" &&
- strings "$collect2name" | $GREP resolve_lib_name >/dev/null
- then
- # We have reworked collect2
- :
- else
- # We have old collect2
- _LT_TAGVAR(hardcode_direct, $1)=unsupported
- # It fails to find uninstalled libraries when the uninstalled
- # path is not listed in the libpath. Setting hardcode_minus_L
- # to unsupported forces relinking
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=
- fi
- esac
- shared_flag='-shared'
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag=$shared_flag' $wl-G'
- fi
- # Need to ensure runtime linking is disabled for the traditional
- # shared library, or the linker may eventually find shared libraries
- # /with/ Import File - we do not want to mix them.
- shared_flag_aix='-shared'
- shared_flag_svr4='-shared $wl-G'
- else
- # not using gcc
- if test ia64 = "$host_cpu"; then
- # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
- # chokes on -Wl,-G. The following line is correct:
- shared_flag='-G'
- else
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag='$wl-G'
- else
- shared_flag='$wl-bM:SRE'
- fi
- shared_flag_aix='$wl-bM:SRE'
- shared_flag_svr4='$wl-G'
- fi
- fi
-
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
- # It seems that -bexpall does not export symbols beginning with
- # underscore (_), so it is better to generate a list of symbols to
- # export.
- _LT_TAGVAR(always_export_symbols, $1)=yes
- if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
- # Warning - without using the other runtime loading flags (-brtl),
- # -berok will link without error, but may produce a broken library.
- # The "-G" linker flag allows undefined symbols.
- _LT_TAGVAR(no_undefined_flag, $1)='-bernotok'
- # Determine the default libpath from the value encoded in an empty
- # executable.
- _LT_SYS_MODULE_PATH_AIX([$1])
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
- else
- if test ia64 = "$host_cpu"; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
- _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
- _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
- else
- # Determine the default libpath from the value encoded in an
- # empty executable.
- _LT_SYS_MODULE_PATH_AIX([$1])
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
- # Warning - without using the other run time loading flags,
- # -berok will link without error, but may produce a broken library.
- _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
- _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
- if test yes = "$with_gnu_ld"; then
- # We only use this code for GNU lds that support --whole-archive.
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
- else
- # Exported symbols can be pulled into shared objects from archives
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
- fi
- _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
- _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
- # -brtl affects multiple linker settings, -berok does not and is overridden later
- compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
- if test svr4 != "$with_aix_soname"; then
- # This is similar to how AIX traditionally builds its shared
- # libraries. Need -bnortl late, we may have -brtl in LDFLAGS.
- _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
- fi
- if test aix != "$with_aix_soname"; then
- _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
- else
- # used by -dlpreopen to get the symbols
- _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV $output_objdir/$realname.d/$soname $output_objdir'
- fi
- _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
- fi
- fi
- ;;
-
- beos*)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
- # support --undefined. This deserves some investigation. FIXME
- _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
-
- chorus*)
- case $cc_basename in
- *)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- esac
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- case $GXX,$cc_basename in
- ,cl* | no,cl*)
- # Native MSVC
- # hardcode_libdir_flag_spec is actually meaningless, as there is
- # no search path for DLLs.
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- _LT_TAGVAR(always_export_symbols, $1)=yes
- _LT_TAGVAR(file_list_spec, $1)='@'
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=.dll
- # FIXME: Setting linknames here is a bad hack.
- _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
- _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
- cp "$export_symbols" "$output_objdir/$soname.def";
- echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
- else
- $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
- fi~
- $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
- linknames='
- # The linker will not automatically build a static lib if we build a DLL.
- # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
- # Don't use ranlib
- _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
- _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
- lt_tool_outputfile="@TOOL_OUTPUT@"~
- case $lt_outputfile in
- *.exe|*.EXE) ;;
- *)
- lt_outputfile=$lt_outputfile.exe
- lt_tool_outputfile=$lt_tool_outputfile.exe
- ;;
- esac~
- func_to_tool_file "$lt_outputfile"~
- if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
- $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
- $RM "$lt_outputfile.manifest";
- fi'
- ;;
- *)
- # g++
- # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
- # as there is no search path for DLLs.
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- _LT_TAGVAR(always_export_symbols, $1)=no
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-
- if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- # If the export-symbols file already is a .def file, use it as
- # is; otherwise, prepend EXPORTS...
- _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
- cp $export_symbols $output_objdir/$soname.def;
- else
- echo EXPORTS > $output_objdir/$soname.def;
- cat $export_symbols >> $output_objdir/$soname.def;
- fi~
- $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
- esac
- ;;
- darwin* | rhapsody*)
- _LT_DARWIN_LINKER_FEATURES($1)
- ;;
-
- os2*)
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
- _LT_TAGVAR(hardcode_minus_L, $1)=yes
- _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
- shrext_cmds=.dll
- _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- prefix_cmds="$SED"~
- if test EXPORTS = "`$SED 1q $export_symbols`"; then
- prefix_cmds="$prefix_cmds -e 1d";
- fi~
- prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
- cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
- _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
- ;;
-
- dgux*)
- case $cc_basename in
- ec++*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- ghcx*)
- # Green Hills C++ Compiler
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- *)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- esac
- ;;
-
- freebsd2.*)
- # C++ shared libraries reported to be fairly broken before
- # switch to ELF
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
-
- freebsd-elf*)
- _LT_TAGVAR(archive_cmds_need_lc, $1)=no
- ;;
-
- freebsd* | dragonfly*)
- # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
- # conventions
- _LT_TAGVAR(ld_shlibs, $1)=yes
- ;;
-
- haiku*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- ;;
-
- hpux9*)
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
- # but as the default
- # location of the library.
-
- case $cc_basename in
- CC*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- aCC*)
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- #
- # There doesn't appear to be a way to prevent this compiler from
- # explicitly linking system object files so we need to strip them
- # from the output so that they don't get included in the library
- # dependencies.
- output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
- ;;
- *)
- if test yes = "$GXX"; then
- _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- else
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
- esac
- ;;
-
- hpux10*|hpux11*)
- if test no = "$with_gnu_ld"; then
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
- case $host_cpu in
- hppa*64*|ia64*)
- ;;
- *)
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
- ;;
- esac
- fi
- case $host_cpu in
- hppa*64*|ia64*)
- _LT_TAGVAR(hardcode_direct, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- ;;
- *)
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
- _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
- # but as the default
- # location of the library.
- ;;
- esac
-
- case $cc_basename in
- CC*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- aCC*)
- case $host_cpu in
- hppa*64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- ia64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- *)
- _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- esac
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- #
- # There doesn't appear to be a way to prevent this compiler from
- # explicitly linking system object files so we need to strip them
- # from the output so that they don't get included in the library
- # dependencies.
- output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
- ;;
- *)
- if test yes = "$GXX"; then
- if test no = "$with_gnu_ld"; then
- case $host_cpu in
- hppa*64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- ia64*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- *)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- ;;
- esac
- fi
- else
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
- esac
- ;;
-
- interix[[3-9]]*)
- _LT_TAGVAR(hardcode_direct, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
- # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
- # Instead, shared libraries are loaded at an image base (0x10000000 by
- # default) and relocated if they conflict, which is a slow very memory
- # consuming and fragmenting process. To avoid this, we pick a random,
- # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
- # time. Moving up from 0x10000000 also allows more sbrk(2) space.
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- ;;
- irix5* | irix6*)
- case $cc_basename in
- CC*)
- # SGI C++
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-
- # Archives containing C++ object files must be created using
- # "CC -ar", where "CC" is the IRIX C++ compiler. This is
- # necessary to make sure instantiated templates are included
- # in the archive.
- _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
- ;;
- *)
- if test yes = "$GXX"; then
- if test no = "$with_gnu_ld"; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- else
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib'
- fi
- fi
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- ;;
- esac
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
- _LT_TAGVAR(inherit_rpath, $1)=yes
- ;;
-
- linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- case $cc_basename in
- KCC*)
- # Kuck and Associates, Inc. (KAI) C++ Compiler
-
- # KCC will only create a shared library if the output file
- # ends with ".so" (or ".sl" for HP-UX), so rename the library
- # to its proper name (with version) after linking.
- _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib'
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- #
- # There doesn't appear to be a way to prevent this compiler from
- # explicitly linking system object files so we need to strip them
- # from the output so that they don't get included in the library
- # dependencies.
- output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
- # Archives containing C++ object files must be created using
- # "CC -Bstatic", where "CC" is the KAI C++ compiler.
- _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
- ;;
- icpc* | ecpc* )
- # Intel C++
- with_gnu_ld=yes
- # version 8.0 and above of icpc choke on multiply defined symbols
- # if we add $predep_objects and $postdep_objects, however 7.1 and
- # earlier do not add the objects themselves.
- case `$CC -V 2>&1` in
- *"Version 7."*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- ;;
- *) # Version 8.0 or newer
- tmp_idyn=
- case $host_cpu in
- ia64*) tmp_idyn=' -i_dynamic';;
- esac
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- ;;
- esac
- _LT_TAGVAR(archive_cmds_need_lc, $1)=no
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
- ;;
- pgCC* | pgcpp*)
- # Portland Group C++ compiler
- case `$CC -V` in
- *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*)
- _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
- rm -rf $tpldir~
- $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
- compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
- _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
- rm -rf $tpldir~
- $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
- $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
- $RANLIB $oldlib'
- _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
- rm -rf $tpldir~
- $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
- rm -rf $tpldir~
- $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
- $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- ;;
- *) # Version 6 and above use weak symbols
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- ;;
- esac
-
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl--rpath $wl$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- ;;
- cxx*)
- # Compaq C++
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib $wl-retain-symbols-file $wl$export_symbols'
-
- runpath_var=LD_RUN_PATH
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- #
- # There doesn't appear to be a way to prevent this compiler from
- # explicitly linking system object files so we need to strip them
- # from the output so that they don't get included in the library
- # dependencies.
- output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed'
- ;;
- xl* | mpixl* | bgxl*)
- # IBM XL 8.0 on PPC, with GNU ld
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
- _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- if test yes = "$supports_anon_versioning"; then
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
- fi
- ;;
- *)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*)
- # Sun C++ 5.9
- _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
- _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- _LT_TAGVAR(compiler_needs_object, $1)=yes
-
- # Not sure whether something based on
- # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
- # would be better.
- output_verbose_link_cmd='func_echo_all'
-
- # Archives containing C++ object files must be created using
- # "CC -xar", where "CC" is the Sun C++ compiler. This is
- # necessary to make sure instantiated templates are included
- # in the archive.
- _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
- ;;
- esac
- ;;
- esac
- ;;
-
- lynxos*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
-
- m88k*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
-
- mvs*)
- case $cc_basename in
- cxx*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- *)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- esac
- ;;
-
- netbsd*)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
- wlarc=
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- fi
- # Workaround some broken pre-1.5 toolchains
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
- ;;
-
- *nto* | *qnx*)
- _LT_TAGVAR(ld_shlibs, $1)=yes
- ;;
-
- openbsd* | bitrig*)
- if test -f /usr/libexec/ld.so; then
- _LT_TAGVAR(hardcode_direct, $1)=yes
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
- if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib'
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
- _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
- fi
- output_verbose_link_cmd=func_echo_all
- else
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
-
- osf3* | osf4* | osf5*)
- case $cc_basename in
- KCC*)
- # Kuck and Associates, Inc. (KAI) C++ Compiler
-
- # KCC will only create a shared library if the output file
- # ends with ".so" (or ".sl" for HP-UX), so rename the library
- # to its proper name (with version) after linking.
- _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
- # Archives containing C++ object files must be created using
- # the KAI C++ compiler.
- case $host in
- osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;;
- *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;;
- esac
- ;;
- RCC*)
- # Rational C++ 2.4.1
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- cxx*)
- case $host in
- osf3*)
- _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- ;;
- *)
- _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
- echo "-hidden">> $lib.exp~
- $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~
- $RM $lib.exp'
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
- ;;
- esac
-
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- #
- # There doesn't appear to be a way to prevent this compiler from
- # explicitly linking system object files so we need to strip them
- # from the output so that they don't get included in the library
- # dependencies.
- output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
- ;;
- *)
- if test yes,no = "$GXX,$with_gnu_ld"; then
- _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
- case $host in
- osf3*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- ;;
- *)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- ;;
- esac
-
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
-
- else
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- fi
- ;;
- esac
- ;;
-
- psos*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
-
- sunos4*)
- case $cc_basename in
- CC*)
- # Sun C++ 4.x
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- lcc*)
- # Lucid
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- *)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- esac
- ;;
-
- solaris*)
- case $cc_basename in
- CC* | sunCC*)
- # Sun C++ 4.2, 5.x and Centerline C++
- _LT_TAGVAR(archive_cmds_need_lc,$1)=yes
- _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
- _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- case $host_os in
- solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
- *)
- # The compiler driver will combine and reorder linker options,
- # but understands '-z linker_flag'.
- # Supported since Solaris 2.6 (maybe 2.5.1?)
- _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
- ;;
- esac
- _LT_TAGVAR(link_all_deplibs, $1)=yes
-
- output_verbose_link_cmd='func_echo_all'
-
- # Archives containing C++ object files must be created using
- # "CC -xar", where "CC" is the Sun C++ compiler. This is
- # necessary to make sure instantiated templates are included
- # in the archive.
- _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
- ;;
- gcx*)
- # Green Hills C++ Compiler
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-
- # The C++ compiler must be used to create the archive.
- _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
- ;;
- *)
- # GNU C++ compiler with Solaris linker
- if test yes,no = "$GXX,$with_gnu_ld"; then
- _LT_TAGVAR(no_undefined_flag, $1)=' $wl-z ${wl}defs'
- if $CC --version | $GREP -v '^2\.7' > /dev/null; then
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
- else
- # g++ 2.7 appears to require '-G' NOT '-shared' on this
- # platform.
- _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
- _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
- # Commands to make compiler produce verbose output that lists
- # what "hidden" libraries, object files and flags are used when
- # linking a shared library.
- output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
- fi
-
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
- case $host_os in
- solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
- *)
- _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
- ;;
- esac
- fi
- ;;
- esac
- ;;
-
- sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
- _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
- _LT_TAGVAR(archive_cmds_need_lc, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- runpath_var='LD_RUN_PATH'
-
- case $cc_basename in
- CC*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- ;;
-
- sysv5* | sco3.2v5* | sco5v6*)
- # Note: We CANNOT use -z defs as we might desire, because we do not
- # link with -lc, and that would cause any symbols used from libc to
- # always be unresolved, which means just about no library would
- # ever link correctly. If we're not using GNU ld we use -z text
- # though, which does catch some bad symbols but isn't as heavy-handed
- # as -z defs.
- _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
- _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
- _LT_TAGVAR(archive_cmds_need_lc, $1)=no
- _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
- _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
- _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
- _LT_TAGVAR(link_all_deplibs, $1)=yes
- _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
- runpath_var='LD_RUN_PATH'
-
- case $cc_basename in
- CC*)
- _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~
- '"$_LT_TAGVAR(old_archive_cmds, $1)"
- _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~
- '"$_LT_TAGVAR(reload_cmds, $1)"
- ;;
- *)
- _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- ;;
-
- tandem*)
- case $cc_basename in
- NCC*)
- # NonStop-UX NCC 3.20
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- *)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- esac
- ;;
-
- vxworks*)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
-
- *)
- # FIXME: insert proper C++ library support
- _LT_TAGVAR(ld_shlibs, $1)=no
- ;;
- esac
-
- AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
- test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
- _LT_TAGVAR(GCC, $1)=$GXX
- _LT_TAGVAR(LD, $1)=$LD
-
- ## CAVEAT EMPTOR:
- ## There is no encapsulation within the following macros, do not change
- ## the running order or otherwise move them around unless you know exactly
- ## what you are doing...
- _LT_SYS_HIDDEN_LIBDEPS($1)
- _LT_COMPILER_PIC($1)
- _LT_COMPILER_C_O($1)
- _LT_COMPILER_FILE_LOCKS($1)
- _LT_LINKER_SHLIBS($1)
- _LT_SYS_DYNAMIC_LINKER($1)
- _LT_LINKER_HARDCODE_LIBPATH($1)
-
- _LT_CONFIG($1)
- fi # test -n "$compiler"
-
- CC=$lt_save_CC
- CFLAGS=$lt_save_CFLAGS
- LDCXX=$LD
- LD=$lt_save_LD
- GCC=$lt_save_GCC
- with_gnu_ld=$lt_save_with_gnu_ld
- lt_cv_path_LDCXX=$lt_cv_path_LD
- lt_cv_path_LD=$lt_save_path_LD
- lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
- lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
-fi # test yes != "$_lt_caught_CXX_error"
-
-AC_LANG_POP
-])# _LT_LANG_CXX_CONFIG
-
-
-# _LT_FUNC_STRIPNAME_CNF
-# ----------------------
-# func_stripname_cnf prefix suffix name
-# strip PREFIX and SUFFIX off of NAME.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-#
-# This function is identical to the (non-XSI) version of func_stripname,
-# except this one can be used by m4 code that may be executed by configure,
-# rather than the libtool script.
-m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl
-AC_REQUIRE([_LT_DECL_SED])
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])
-func_stripname_cnf ()
-{
- case @S|@2 in
- .*) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%\\\\@S|@2\$%%"`;;
- *) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%@S|@2\$%%"`;;
- esac
-} # func_stripname_cnf
-])# _LT_FUNC_STRIPNAME_CNF
-
-
-# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME])
-# ---------------------------------
-# Figure out "hidden" library dependencies from verbose
-# compiler output when linking a shared library.
-# Parse the compiler output and extract the necessary
-# objects, libraries and library flags.
-m4_defun([_LT_SYS_HIDDEN_LIBDEPS],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl
-# Dependencies to place before and after the object being linked:
-_LT_TAGVAR(predep_objects, $1)=
-_LT_TAGVAR(postdep_objects, $1)=
-_LT_TAGVAR(predeps, $1)=
-_LT_TAGVAR(postdeps, $1)=
-_LT_TAGVAR(compiler_lib_search_path, $1)=
-
-dnl we can't use the lt_simple_compile_test_code here,
-dnl because it contains code intended for an executable,
-dnl not a library. It's possible we should let each
-dnl tag define a new lt_????_link_test_code variable,
-dnl but it's only used here...
-m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF
-int a;
-void foo (void) { a = 0; }
-_LT_EOF
-], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF
-class Foo
-{
-public:
- Foo (void) { a = 0; }
-private:
- int a;
-};
-_LT_EOF
-], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF
- subroutine foo
- implicit none
- integer*4 a
- a=0
- return
- end
-_LT_EOF
-], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF
- subroutine foo
- implicit none
- integer a
- a=0
- return
- end
-_LT_EOF
-], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF
-public class foo {
- private int a;
- public void bar (void) {
- a = 0;
- }
-};
-_LT_EOF
-], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF
-package foo
-func foo() {
-}
-_LT_EOF
-])
-
-_lt_libdeps_save_CFLAGS=$CFLAGS
-case "$CC $CFLAGS " in #(
-*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;;
-*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;;
-*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;;
-esac
-
-dnl Parse the compiler output and extract the necessary
-dnl objects, libraries and library flags.
-if AC_TRY_EVAL(ac_compile); then
- # Parse the compiler output and extract the necessary
- # objects, libraries and library flags.
-
- # Sentinel used to keep track of whether or not we are before
- # the conftest object file.
- pre_test_object_deps_done=no
-
- for p in `eval "$output_verbose_link_cmd"`; do
- case $prev$p in
-
- -L* | -R* | -l*)
- # Some compilers place space between "-{L,R}" and the path.
- # Remove the space.
- if test x-L = "$p" ||
- test x-R = "$p"; then
- prev=$p
- continue
- fi
-
- # Expand the sysroot to ease extracting the directories later.
- if test -z "$prev"; then
- case $p in
- -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;;
- -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;;
- -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;;
- esac
- fi
- case $p in
- =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;;
- esac
- if test no = "$pre_test_object_deps_done"; then
- case $prev in
- -L | -R)
- # Internal compiler library paths should come after those
- # provided the user. The postdeps already come after the
- # user supplied libs so there is no need to process them.
- if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then
- _LT_TAGVAR(compiler_lib_search_path, $1)=$prev$p
- else
- _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} $prev$p"
- fi
- ;;
- # The "-l" case would never come before the object being
- # linked, so don't bother handling this case.
- esac
- else
- if test -z "$_LT_TAGVAR(postdeps, $1)"; then
- _LT_TAGVAR(postdeps, $1)=$prev$p
- else
- _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} $prev$p"
- fi
- fi
- prev=
- ;;
-
- *.lto.$objext) ;; # Ignore GCC LTO objects
- *.$objext)
- # This assumes that the test object file only shows up
- # once in the compiler output.
- if test "$p" = "conftest.$objext"; then
- pre_test_object_deps_done=yes
- continue
- fi
-
- if test no = "$pre_test_object_deps_done"; then
- if test -z "$_LT_TAGVAR(predep_objects, $1)"; then
- _LT_TAGVAR(predep_objects, $1)=$p
- else
- _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p"
- fi
- else
- if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then
- _LT_TAGVAR(postdep_objects, $1)=$p
- else
- _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p"
- fi
- fi
- ;;
-
- *) ;; # Ignore the rest.
-
- esac
- done
-
- # Clean up.
- rm -f a.out a.exe
-else
- echo "libtool.m4: error: problem compiling $1 test program"
-fi
-
-$RM -f confest.$objext
-CFLAGS=$_lt_libdeps_save_CFLAGS
-
-# PORTME: override above test on systems where it is broken
-m4_if([$1], [CXX],
-[case $host_os in
-interix[[3-9]]*)
- # Interix 3.5 installs completely hosed .la files for C++, so rather than
- # hack all around it, let's just trust "g++" to DTRT.
- _LT_TAGVAR(predep_objects,$1)=
- _LT_TAGVAR(postdep_objects,$1)=
- _LT_TAGVAR(postdeps,$1)=
- ;;
-esac
-])
-
-case " $_LT_TAGVAR(postdeps, $1) " in
-*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;;
-esac
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=
-if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | $SED -e 's! -L! !g' -e 's!^ !!'`
-fi
-_LT_TAGDECL([], [compiler_lib_search_dirs], [1],
- [The directories searched by this compiler when creating a shared library])
-_LT_TAGDECL([], [predep_objects], [1],
- [Dependencies to place before and after the objects being linked to
- create a shared library])
-_LT_TAGDECL([], [postdep_objects], [1])
-_LT_TAGDECL([], [predeps], [1])
-_LT_TAGDECL([], [postdeps], [1])
-_LT_TAGDECL([], [compiler_lib_search_path], [1],
- [The library search path used internally by the compiler when linking
- a shared library])
-])# _LT_SYS_HIDDEN_LIBDEPS
-
-
-# _LT_LANG_F77_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a Fortran 77 compiler are
-# suitably defined. These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_F77_CONFIG],
-[AC_LANG_PUSH(Fortran 77)
-if test -z "$F77" || test no = "$F77"; then
- _lt_disable_F77=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for f77 test sources.
-ac_ext=f
-
-# Object file extension for compiled f77 test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the F77 compiler isn't working. Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_F77"; then
- # Code to be used in simple compile tests
- lt_simple_compile_test_code="\
- subroutine t
- return
- end
-"
-
- # Code to be used in simple link tests
- lt_simple_link_test_code="\
- program t
- end
-"
-
- # ltmain only uses $CC for tagged configurations so make sure $CC is set.
- _LT_TAG_COMPILER
-
- # save warnings/boilerplate of simple test code
- _LT_COMPILER_BOILERPLATE
- _LT_LINKER_BOILERPLATE
-
- # Allow CC to be a program name with arguments.
- lt_save_CC=$CC
- lt_save_GCC=$GCC
- lt_save_CFLAGS=$CFLAGS
- CC=${F77-"f77"}
- CFLAGS=$FFLAGS
- compiler=$CC
- _LT_TAGVAR(compiler, $1)=$CC
- _LT_CC_BASENAME([$compiler])
- GCC=$G77
- if test -n "$compiler"; then
- AC_MSG_CHECKING([if libtool supports shared libraries])
- AC_MSG_RESULT([$can_build_shared])
-
- AC_MSG_CHECKING([whether to build shared libraries])
- test no = "$can_build_shared" && enable_shared=no
-
- # On AIX, shared libraries and static libraries use the same namespace, and
- # are all built from PIC.
- case $host_os in
- aix3*)
- test yes = "$enable_shared" && enable_static=no
- if test -n "$RANLIB"; then
- archive_cmds="$archive_cmds~\$RANLIB \$lib"
- postinstall_cmds='$RANLIB $lib'
- fi
- ;;
- aix[[4-9]]*)
- if test ia64 != "$host_cpu"; then
- case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
- yes,aix,yes) ;; # shared object as lib.so file only
- yes,svr4,*) ;; # shared object as lib.so archive member only
- yes,*) enable_static=no ;; # shared object in lib.a archive as well
- esac
- fi
- ;;
- esac
- AC_MSG_RESULT([$enable_shared])
-
- AC_MSG_CHECKING([whether to build static libraries])
- # Make sure either enable_shared or enable_static is yes.
- test yes = "$enable_shared" || enable_static=yes
- AC_MSG_RESULT([$enable_static])
-
- _LT_TAGVAR(GCC, $1)=$G77
- _LT_TAGVAR(LD, $1)=$LD
-
- ## CAVEAT EMPTOR:
- ## There is no encapsulation within the following macros, do not change
- ## the running order or otherwise move them around unless you know exactly
- ## what you are doing...
- _LT_COMPILER_PIC($1)
- _LT_COMPILER_C_O($1)
- _LT_COMPILER_FILE_LOCKS($1)
- _LT_LINKER_SHLIBS($1)
- _LT_SYS_DYNAMIC_LINKER($1)
- _LT_LINKER_HARDCODE_LIBPATH($1)
-
- _LT_CONFIG($1)
- fi # test -n "$compiler"
-
- GCC=$lt_save_GCC
- CC=$lt_save_CC
- CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_F77"
-
-AC_LANG_POP
-])# _LT_LANG_F77_CONFIG
-
-
-# _LT_LANG_FC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for a Fortran compiler are
-# suitably defined. These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_FC_CONFIG],
-[AC_LANG_PUSH(Fortran)
-
-if test -z "$FC" || test no = "$FC"; then
- _lt_disable_FC=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for fc test sources.
-ac_ext=${ac_fc_srcext-f}
-
-# Object file extension for compiled fc test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the FC compiler isn't working. Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_FC"; then
- # Code to be used in simple compile tests
- lt_simple_compile_test_code="\
- subroutine t
- return
- end
-"
-
- # Code to be used in simple link tests
- lt_simple_link_test_code="\
- program t
- end
-"
-
- # ltmain only uses $CC for tagged configurations so make sure $CC is set.
- _LT_TAG_COMPILER
-
- # save warnings/boilerplate of simple test code
- _LT_COMPILER_BOILERPLATE
- _LT_LINKER_BOILERPLATE
-
- # Allow CC to be a program name with arguments.
- lt_save_CC=$CC
- lt_save_GCC=$GCC
- lt_save_CFLAGS=$CFLAGS
- CC=${FC-"f95"}
- CFLAGS=$FCFLAGS
- compiler=$CC
- GCC=$ac_cv_fc_compiler_gnu
-
- _LT_TAGVAR(compiler, $1)=$CC
- _LT_CC_BASENAME([$compiler])
-
- if test -n "$compiler"; then
- AC_MSG_CHECKING([if libtool supports shared libraries])
- AC_MSG_RESULT([$can_build_shared])
-
- AC_MSG_CHECKING([whether to build shared libraries])
- test no = "$can_build_shared" && enable_shared=no
-
- # On AIX, shared libraries and static libraries use the same namespace, and
- # are all built from PIC.
- case $host_os in
- aix3*)
- test yes = "$enable_shared" && enable_static=no
- if test -n "$RANLIB"; then
- archive_cmds="$archive_cmds~\$RANLIB \$lib"
- postinstall_cmds='$RANLIB $lib'
- fi
- ;;
- aix[[4-9]]*)
- if test ia64 != "$host_cpu"; then
- case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
- yes,aix,yes) ;; # shared object as lib.so file only
- yes,svr4,*) ;; # shared object as lib.so archive member only
- yes,*) enable_static=no ;; # shared object in lib.a archive as well
- esac
- fi
- ;;
- esac
- AC_MSG_RESULT([$enable_shared])
-
- AC_MSG_CHECKING([whether to build static libraries])
- # Make sure either enable_shared or enable_static is yes.
- test yes = "$enable_shared" || enable_static=yes
- AC_MSG_RESULT([$enable_static])
-
- _LT_TAGVAR(GCC, $1)=$ac_cv_fc_compiler_gnu
- _LT_TAGVAR(LD, $1)=$LD
-
- ## CAVEAT EMPTOR:
- ## There is no encapsulation within the following macros, do not change
- ## the running order or otherwise move them around unless you know exactly
- ## what you are doing...
- _LT_SYS_HIDDEN_LIBDEPS($1)
- _LT_COMPILER_PIC($1)
- _LT_COMPILER_C_O($1)
- _LT_COMPILER_FILE_LOCKS($1)
- _LT_LINKER_SHLIBS($1)
- _LT_SYS_DYNAMIC_LINKER($1)
- _LT_LINKER_HARDCODE_LIBPATH($1)
-
- _LT_CONFIG($1)
- fi # test -n "$compiler"
-
- GCC=$lt_save_GCC
- CC=$lt_save_CC
- CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_FC"
-
-AC_LANG_POP
-])# _LT_LANG_FC_CONFIG
-
-
-# _LT_LANG_GCJ_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Java Compiler compiler
-# are suitably defined. These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GCJ_CONFIG],
-[AC_REQUIRE([LT_PROG_GCJ])dnl
-AC_LANG_SAVE
-
-# Source file extension for Java test sources.
-ac_ext=java
-
-# Object file extension for compiled Java test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="class foo {}"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GCJ-"gcj"}
-CFLAGS=$GCJFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# GCJ did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-if test -n "$compiler"; then
- _LT_COMPILER_NO_RTTI($1)
- _LT_COMPILER_PIC($1)
- _LT_COMPILER_C_O($1)
- _LT_COMPILER_FILE_LOCKS($1)
- _LT_LINKER_SHLIBS($1)
- _LT_LINKER_HARDCODE_LIBPATH($1)
-
- _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GCJ_CONFIG
-
-
-# _LT_LANG_GO_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Go compiler
-# are suitably defined. These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GO_CONFIG],
-[AC_REQUIRE([LT_PROG_GO])dnl
-AC_LANG_SAVE
-
-# Source file extension for Go test sources.
-ac_ext=go
-
-# Object file extension for compiled Go test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="package main; func main() { }"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='package main; func main() { }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GOC-"gccgo"}
-CFLAGS=$GOFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# Go did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-if test -n "$compiler"; then
- _LT_COMPILER_NO_RTTI($1)
- _LT_COMPILER_PIC($1)
- _LT_COMPILER_C_O($1)
- _LT_COMPILER_FILE_LOCKS($1)
- _LT_LINKER_SHLIBS($1)
- _LT_LINKER_HARDCODE_LIBPATH($1)
-
- _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GO_CONFIG
-
-
-# _LT_LANG_RC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for the Windows resource compiler
-# are suitably defined. These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_RC_CONFIG],
-[AC_REQUIRE([LT_PROG_RC])dnl
-AC_LANG_SAVE
-
-# Source file extension for RC test sources.
-ac_ext=rc
-
-# Object file extension for compiled RC test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }'
-
-# Code to be used in simple link tests
-lt_simple_link_test_code=$lt_simple_compile_test_code
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=
-CC=${RC-"windres"}
-CFLAGS=
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_CC_BASENAME([$compiler])
-_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-
-if test -n "$compiler"; then
- :
- _LT_CONFIG($1)
-fi
-
-GCC=$lt_save_GCC
-AC_LANG_RESTORE
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_RC_CONFIG
-
-
-# LT_PROG_GCJ
-# -----------
-AC_DEFUN([LT_PROG_GCJ],
-[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
- [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ],
- [AC_CHECK_TOOL(GCJ, gcj,)
- test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2"
- AC_SUBST(GCJFLAGS)])])[]dnl
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
-
-
-# LT_PROG_GO
-# ----------
-AC_DEFUN([LT_PROG_GO],
-[AC_CHECK_TOOL(GOC, gccgo,)
-])
-
-
-# LT_PROG_RC
-# ----------
-AC_DEFUN([LT_PROG_RC],
-[AC_CHECK_TOOL(RC, windres,)
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_RC], [])
-
-
-# _LT_DECL_EGREP
-# --------------
-# If we don't have a new enough Autoconf to choose the best grep
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_EGREP],
-[AC_REQUIRE([AC_PROG_EGREP])dnl
-AC_REQUIRE([AC_PROG_FGREP])dnl
-test -z "$GREP" && GREP=grep
-_LT_DECL([], [GREP], [1], [A grep program that handles long lines])
-_LT_DECL([], [EGREP], [1], [An ERE matcher])
-_LT_DECL([], [FGREP], [1], [A literal string matcher])
-dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too
-AC_SUBST([GREP])
-])
-
-
-# _LT_DECL_OBJDUMP
-# --------------
-# If we don't have a new enough Autoconf to choose the best objdump
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_OBJDUMP],
-[AC_CHECK_TOOL(OBJDUMP, objdump, false)
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper])
-AC_SUBST([OBJDUMP])
-])
-
-# _LT_DECL_DLLTOOL
-# ----------------
-# Ensure DLLTOOL variable is set.
-m4_defun([_LT_DECL_DLLTOOL],
-[AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])
-AC_SUBST([DLLTOOL])
-])
-
-# _LT_DECL_SED
-# ------------
-# Check for a fully-functional sed program, that truncates
-# as few characters as possible. Prefer GNU sed if found.
-m4_defun([_LT_DECL_SED],
-[AC_PROG_SED
-test -z "$SED" && SED=sed
-Xsed="$SED -e 1s/^X//"
-_LT_DECL([], [SED], [1], [A sed program that does not truncate output])
-_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"],
- [Sed that helps us avoid accidentally triggering echo(1) options like -n])
-])# _LT_DECL_SED
-
-m4_ifndef([AC_PROG_SED], [
-# NOTE: This macro has been submitted for inclusion into #
-# GNU Autoconf as AC_PROG_SED. When it is available in #
-# a released version of Autoconf we should remove this #
-# macro and use it instead. #
-
-m4_defun([AC_PROG_SED],
-[AC_MSG_CHECKING([for a sed that does not truncate output])
-AC_CACHE_VAL(lt_cv_path_SED,
-[# Loop through the user's path and test for sed and gsed.
-# Then use that list of sed's as ones to test for truncation.
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for lt_ac_prog in sed gsed; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
- lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
- fi
- done
- done
-done
-IFS=$as_save_IFS
-lt_ac_max=0
-lt_ac_count=0
-# Add /usr/xpg4/bin/sed as it is typically found on Solaris
-# along with /bin/sed that truncates output.
-for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
- test ! -f "$lt_ac_sed" && continue
- cat /dev/null > conftest.in
- lt_ac_count=0
- echo $ECHO_N "0123456789$ECHO_C" >conftest.in
- # Check for GNU sed and select it if it is found.
- if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
- lt_cv_path_SED=$lt_ac_sed
- break
- fi
- while true; do
- cat conftest.in conftest.in >conftest.tmp
- mv conftest.tmp conftest.in
- cp conftest.in conftest.nl
- echo >>conftest.nl
- $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
- cmp -s conftest.out conftest.nl || break
- # 10000 chars as input seems more than enough
- test 10 -lt "$lt_ac_count" && break
- lt_ac_count=`expr $lt_ac_count + 1`
- if test "$lt_ac_count" -gt "$lt_ac_max"; then
- lt_ac_max=$lt_ac_count
- lt_cv_path_SED=$lt_ac_sed
- fi
- done
-done
-])
-SED=$lt_cv_path_SED
-AC_SUBST([SED])
-AC_MSG_RESULT([$SED])
-])#AC_PROG_SED
-])#m4_ifndef
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_SED], [])
-
-
-# _LT_CHECK_SHELL_FEATURES
-# ------------------------
-# Find out whether the shell is Bourne or XSI compatible,
-# or has some other useful features.
-m4_defun([_LT_CHECK_SHELL_FEATURES],
-[if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
- lt_unset=unset
-else
- lt_unset=false
-fi
-_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl
-
-# test EBCDIC or ASCII
-case `echo X|tr X '\101'` in
- A) # ASCII based system
- # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
- lt_SP2NL='tr \040 \012'
- lt_NL2SP='tr \015\012 \040\040'
- ;;
- *) # EBCDIC based system
- lt_SP2NL='tr \100 \n'
- lt_NL2SP='tr \r\n \100\100'
- ;;
-esac
-_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl
-_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl
-])# _LT_CHECK_SHELL_FEATURES
-
-
-# _LT_PATH_CONVERSION_FUNCTIONS
-# -----------------------------
-# Determine what file name conversion functions should be used by
-# func_to_host_file (and, implicitly, by func_to_host_path). These are needed
-# for certain cross-compile configurations and native mingw.
-m4_defun([_LT_PATH_CONVERSION_FUNCTIONS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_MSG_CHECKING([how to convert $build file names to $host format])
-AC_CACHE_VAL(lt_cv_to_host_file_cmd,
-[case $host in
- *-*-mingw* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
- ;;
- *-*-cygwin* )
- lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
- ;;
- * ) # otherwise, assume *nix
- lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
- ;;
- esac
- ;;
- *-*-cygwin* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
- ;;
- *-*-cygwin* )
- lt_cv_to_host_file_cmd=func_convert_file_noop
- ;;
- * ) # otherwise, assume *nix
- lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
- ;;
- esac
- ;;
- * ) # unhandled hosts (and "normal" native builds)
- lt_cv_to_host_file_cmd=func_convert_file_noop
- ;;
-esac
-])
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-AC_MSG_RESULT([$lt_cv_to_host_file_cmd])
-_LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd],
- [0], [convert $build file names to $host format])dnl
-
-AC_MSG_CHECKING([how to convert $build file names to toolchain format])
-AC_CACHE_VAL(lt_cv_to_tool_file_cmd,
-[#assume ordinary cross tools, or native build.
-lt_cv_to_tool_file_cmd=func_convert_file_noop
-case $host in
- *-*-mingw* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
- ;;
- esac
- ;;
-esac
-])
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-AC_MSG_RESULT([$lt_cv_to_tool_file_cmd])
-_LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd],
- [0], [convert $build files to toolchain format])dnl
-])# _LT_PATH_CONVERSION_FUNCTIONS
-
-# Helper functions for option handling. -*- Autoconf -*-
-#
-# Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
-# Foundation, Inc.
-# Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 8 ltoptions.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
-
-
-# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME)
-# ------------------------------------------
-m4_define([_LT_MANGLE_OPTION],
-[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])])
-
-
-# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME)
-# ---------------------------------------
-# Set option OPTION-NAME for macro MACRO-NAME, and if there is a
-# matching handler defined, dispatch to it. Other OPTION-NAMEs are
-# saved as a flag.
-m4_define([_LT_SET_OPTION],
-[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
-m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
- _LT_MANGLE_DEFUN([$1], [$2]),
- [m4_warning([Unknown $1 option '$2'])])[]dnl
-])
-
-
-# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET])
-# ------------------------------------------------------------
-# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
-m4_define([_LT_IF_OPTION],
-[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])])
-
-
-# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET)
-# -------------------------------------------------------
-# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME
-# are set.
-m4_define([_LT_UNLESS_OPTIONS],
-[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
- [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option),
- [m4_define([$0_found])])])[]dnl
-m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3
-])[]dnl
-])
-
-
-# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST)
-# ----------------------------------------
-# OPTION-LIST is a space-separated list of Libtool options associated
-# with MACRO-NAME. If any OPTION has a matching handler declared with
-# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about
-# the unknown option and exit.
-m4_defun([_LT_SET_OPTIONS],
-[# Set options
-m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
- [_LT_SET_OPTION([$1], _LT_Option)])
-
-m4_if([$1],[LT_INIT],[
- dnl
- dnl Simply set some default values (i.e off) if boolean options were not
- dnl specified:
- _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no
- ])
- _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no
- ])
- dnl
- dnl If no reference was made to various pairs of opposing options, then
- dnl we run the default mode handler for the pair. For example, if neither
- dnl 'shared' nor 'disable-shared' was passed, we enable building of shared
- dnl archives by default:
- _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
- _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
- _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
- _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
- [_LT_ENABLE_FAST_INSTALL])
- _LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4],
- [_LT_WITH_AIX_SONAME([aix])])
- ])
-])# _LT_SET_OPTIONS
-
-
-
-# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME)
-# -----------------------------------------
-m4_define([_LT_MANGLE_DEFUN],
-[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])])
-
-
-# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE)
-# -----------------------------------------------
-m4_define([LT_OPTION_DEFINE],
-[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl
-])# LT_OPTION_DEFINE
-
-
-# dlopen
-# ------
-LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes
-])
-
-AU_DEFUN([AC_LIBTOOL_DLOPEN],
-[_LT_SET_OPTION([LT_INIT], [dlopen])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'dlopen' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], [])
-
-
-# win32-dll
-# ---------
-# Declare package support for building win32 dll's.
-LT_OPTION_DEFINE([LT_INIT], [win32-dll],
-[enable_win32_dll=yes
-
-case $host in
-*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*)
- AC_CHECK_TOOL(AS, as, false)
- AC_CHECK_TOOL(DLLTOOL, dlltool, false)
- AC_CHECK_TOOL(OBJDUMP, objdump, false)
- ;;
-esac
-
-test -z "$AS" && AS=as
-_LT_DECL([], [AS], [1], [Assembler program])dnl
-
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl
-
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl
-])# win32-dll
-
-AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-_LT_SET_OPTION([LT_INIT], [win32-dll])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'win32-dll' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
-
-
-# _LT_ENABLE_SHARED([DEFAULT])
-# ----------------------------
-# implement the --enable-shared flag, and supports the 'shared' and
-# 'disable-shared' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_SHARED],
-[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([shared],
- [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
- [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])],
- [p=${PACKAGE-default}
- case $enableval in
- yes) enable_shared=yes ;;
- no) enable_shared=no ;;
- *)
- enable_shared=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_shared=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac],
- [enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
-
- _LT_DECL([build_libtool_libs], [enable_shared], [0],
- [Whether or not to build shared libraries])
-])# _LT_ENABLE_SHARED
-
-LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared])
-])
-
-AC_DEFUN([AC_DISABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], [disable-shared])
-])
-
-AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
-AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_SHARED], [])
-dnl AC_DEFUN([AM_DISABLE_SHARED], [])
-
-
-
-# _LT_ENABLE_STATIC([DEFAULT])
-# ----------------------------
-# implement the --enable-static flag, and support the 'static' and
-# 'disable-static' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_STATIC],
-[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([static],
- [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@],
- [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])],
- [p=${PACKAGE-default}
- case $enableval in
- yes) enable_static=yes ;;
- no) enable_static=no ;;
- *)
- enable_static=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_static=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac],
- [enable_static=]_LT_ENABLE_STATIC_DEFAULT)
-
- _LT_DECL([build_old_libs], [enable_static], [0],
- [Whether or not to build static libraries])
-])# _LT_ENABLE_STATIC
-
-LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
-])
-
-AC_DEFUN([AC_DISABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], [disable-static])
-])
-
-AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
-AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_STATIC], [])
-dnl AC_DEFUN([AM_DISABLE_STATIC], [])
-
-
-
-# _LT_ENABLE_FAST_INSTALL([DEFAULT])
-# ----------------------------------
-# implement the --enable-fast-install flag, and support the 'fast-install'
-# and 'disable-fast-install' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'. If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_FAST_INSTALL],
-[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([fast-install],
- [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
- [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
- [p=${PACKAGE-default}
- case $enableval in
- yes) enable_fast_install=yes ;;
- no) enable_fast_install=no ;;
- *)
- enable_fast_install=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_fast_install=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac],
- [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
-
-_LT_DECL([fast_install], [enable_fast_install], [0],
- [Whether or not to optimize for fast installation])dnl
-])# _LT_ENABLE_FAST_INSTALL
-
-LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])])
-
-# Old names:
-AU_DEFUN([AC_ENABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'fast-install' option into LT_INIT's first parameter.])
-])
-
-AU_DEFUN([AC_DISABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'disable-fast-install' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
-dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
-
-
-# _LT_WITH_AIX_SONAME([DEFAULT])
-# ----------------------------------
-# implement the --with-aix-soname flag, and support the `aix-soname=aix'
-# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT
-# is either `aix', `both' or `svr4'. If omitted, it defaults to `aix'.
-m4_define([_LT_WITH_AIX_SONAME],
-[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl
-shared_archive_member_spec=
-case $host,$enable_shared in
-power*-*-aix[[5-9]]*,yes)
- AC_MSG_CHECKING([which variant of shared library versioning to provide])
- AC_ARG_WITH([aix-soname],
- [AS_HELP_STRING([--with-aix-soname=aix|svr4|both],
- [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])],
- [case $withval in
- aix|svr4|both)
- ;;
- *)
- AC_MSG_ERROR([Unknown argument to --with-aix-soname])
- ;;
- esac
- lt_cv_with_aix_soname=$with_aix_soname],
- [AC_CACHE_VAL([lt_cv_with_aix_soname],
- [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT)
- with_aix_soname=$lt_cv_with_aix_soname])
- AC_MSG_RESULT([$with_aix_soname])
- if test aix != "$with_aix_soname"; then
- # For the AIX way of multilib, we name the shared archive member
- # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
- # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
- # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
- # the AIX toolchain works better with OBJECT_MODE set (default 32).
- if test 64 = "${OBJECT_MODE-32}"; then
- shared_archive_member_spec=shr_64
- else
- shared_archive_member_spec=shr
- fi
- fi
- ;;
-*)
- with_aix_soname=aix
- ;;
-esac
-
-_LT_DECL([], [shared_archive_member_spec], [0],
- [Shared archive member basename, for filename based shared library versioning on AIX])dnl
-])# _LT_WITH_AIX_SONAME
-
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])])
-
-
-# _LT_WITH_PIC([MODE])
-# --------------------
-# implement the --with-pic flag, and support the 'pic-only' and 'no-pic'
-# LT_INIT options.
-# MODE is either 'yes' or 'no'. If omitted, it defaults to 'both'.
-m4_define([_LT_WITH_PIC],
-[AC_ARG_WITH([pic],
- [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
- [try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
- [lt_p=${PACKAGE-default}
- case $withval in
- yes|no) pic_mode=$withval ;;
- *)
- pic_mode=default
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for lt_pkg in $withval; do
- IFS=$lt_save_ifs
- if test "X$lt_pkg" = "X$lt_p"; then
- pic_mode=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac],
- [pic_mode=m4_default([$1], [default])])
-
-_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
-])# _LT_WITH_PIC
-
-LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])])
-
-# Old name:
-AU_DEFUN([AC_LIBTOOL_PICMODE],
-[_LT_SET_OPTION([LT_INIT], [pic-only])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'pic-only' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_PICMODE], [])
-
-
-m4_define([_LTDL_MODE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive],
- [m4_define([_LTDL_MODE], [nonrecursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [recursive],
- [m4_define([_LTDL_MODE], [recursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [subproject],
- [m4_define([_LTDL_MODE], [subproject])])
-
-m4_define([_LTDL_TYPE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [installable],
- [m4_define([_LTDL_TYPE], [installable])])
-LT_OPTION_DEFINE([LTDL_INIT], [convenience],
- [m4_define([_LTDL_TYPE], [convenience])])
-
-# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*-
-#
-# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
-# Foundation, Inc.
-# Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 6 ltsugar.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
-
-
-# lt_join(SEP, ARG1, [ARG2...])
-# -----------------------------
-# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their
-# associated separator.
-# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier
-# versions in m4sugar had bugs.
-m4_define([lt_join],
-[m4_if([$#], [1], [],
- [$#], [2], [[$2]],
- [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])])
-m4_define([_lt_join],
-[m4_if([$#$2], [2], [],
- [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])])
-
-
-# lt_car(LIST)
-# lt_cdr(LIST)
-# ------------
-# Manipulate m4 lists.
-# These macros are necessary as long as will still need to support
-# Autoconf-2.59, which quotes differently.
-m4_define([lt_car], [[$1]])
-m4_define([lt_cdr],
-[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
- [$#], 1, [],
- [m4_dquote(m4_shift($@))])])
-m4_define([lt_unquote], $1)
-
-
-# lt_append(MACRO-NAME, STRING, [SEPARATOR])
-# ------------------------------------------
-# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'.
-# Note that neither SEPARATOR nor STRING are expanded; they are appended
-# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
-# No SEPARATOR is output if MACRO-NAME was previously undefined (different
-# than defined and empty).
-#
-# This macro is needed until we can rely on Autoconf 2.62, since earlier
-# versions of m4sugar mistakenly expanded SEPARATOR but not STRING.
-m4_define([lt_append],
-[m4_define([$1],
- m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])])
-
-
-
-# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...])
-# ----------------------------------------------------------
-# Produce a SEP delimited list of all paired combinations of elements of
-# PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list
-# has the form PREFIXmINFIXSUFFIXn.
-# Needed until we can rely on m4_combine added in Autoconf 2.62.
-m4_define([lt_combine],
-[m4_if(m4_eval([$# > 3]), [1],
- [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
-[[m4_foreach([_Lt_prefix], [$2],
- [m4_foreach([_Lt_suffix],
- ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
- [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
-
-
-# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
-# -----------------------------------------------------------------------
-# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
-# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
-m4_define([lt_if_append_uniq],
-[m4_ifdef([$1],
- [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1],
- [lt_append([$1], [$2], [$3])$4],
- [$5])],
- [lt_append([$1], [$2], [$3])$4])])
-
-
-# lt_dict_add(DICT, KEY, VALUE)
-# -----------------------------
-m4_define([lt_dict_add],
-[m4_define([$1($2)], [$3])])
-
-
-# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE)
-# --------------------------------------------
-m4_define([lt_dict_add_subkey],
-[m4_define([$1($2:$3)], [$4])])
-
-
-# lt_dict_fetch(DICT, KEY, [SUBKEY])
-# ----------------------------------
-m4_define([lt_dict_fetch],
-[m4_ifval([$3],
- m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]),
- m4_ifdef([$1($2)], [m4_defn([$1($2)])]))])
-
-
-# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE])
-# -----------------------------------------------------------------
-m4_define([lt_if_dict_fetch],
-[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4],
- [$5],
- [$6])])
-
-
-# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...])
-# --------------------------------------------------------------
-m4_define([lt_dict_filter],
-[m4_if([$5], [], [],
- [lt_join(m4_quote(m4_default([$4], [[, ]])),
- lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]),
- [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl
-])
-
-# ltversion.m4 -- version numbers -*- Autoconf -*-
-#
-# Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
-# Written by Scott James Remnant, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# @configure_input@
-
-# serial 4179 ltversion.m4
-# This file is part of GNU Libtool
-
-m4_define([LT_PACKAGE_VERSION], [2.4.6])
-m4_define([LT_PACKAGE_REVISION], [2.4.6])
-
-AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.4.6'
-macro_revision='2.4.6'
-_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
-_LT_DECL(, macro_revision, 0)
-])
-
-# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*-
-#
-# Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
-# Foundation, Inc.
-# Written by Scott James Remnant, 2004.
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 5 lt~obsolete.m4
-
-# These exist entirely to fool aclocal when bootstrapping libtool.
-#
-# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN),
-# which have later been changed to m4_define as they aren't part of the
-# exported API, or moved to Autoconf or Automake where they belong.
-#
-# The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN
-# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us
-# using a macro with the same name in our local m4/libtool.m4 it'll
-# pull the old libtool.m4 in (it doesn't see our shiny new m4_define
-# and doesn't know about Autoconf macros at all.)
-#
-# So we provide this file, which has a silly filename so it's always
-# included after everything else. This provides aclocal with the
-# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
-# because those macros already exist, or will be overwritten later.
-# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
-#
-# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
-# Yes, that means every name once taken will need to remain here until
-# we give up compatibility with versions before 1.7, at which point
-# we need to keep only those names which we still refer to.
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
-
-m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])])
-m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])])
-m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])])
-m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])])
-m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])])
-m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])])
-m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])])
-m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])])
-m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])])
-m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])])
-m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])])
-m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])])
-m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])])
-m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])])
-m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])])
-m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])])
-m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])])
-m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])])
-m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])])
-m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])])
-m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])])
-m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])])
-m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])])
-m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])])
-m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])])
-m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])])
-m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])])
-m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])])
-m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])])
-m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])])
-m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])])
-m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])])
-m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])])
-m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
-m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])])
-m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])])
-m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])])
-m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
-m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
-m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])])
-m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])])
-m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
-m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
-m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])])
-m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])])
-m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS], [AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])])
-m4_ifndef([_LT_AC_PROG_CXXCPP], [AC_DEFUN([_LT_AC_PROG_CXXCPP])])
-m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS], [AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])])
-m4_ifndef([_LT_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])])
-m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])])
-m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])])
-
-# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
-# serial 12 (pkg-config-0.29.2)
-
-dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
-dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
-dnl
-dnl This program is free software; you can redistribute it and/or modify
-dnl it under the terms of the GNU General Public License as published by
-dnl the Free Software Foundation; either version 2 of the License, or
-dnl (at your option) any later version.
-dnl
-dnl This program is distributed in the hope that it will be useful, but
-dnl WITHOUT ANY WARRANTY; without even the implied warranty of
-dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-dnl General Public License for more details.
-dnl
-dnl You should have received a copy of the GNU General Public License
-dnl along with this program; if not, write to the Free Software
-dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-dnl 02111-1307, USA.
-dnl
-dnl As a special exception to the GNU General Public License, if you
-dnl distribute this file as part of a program that contains a
-dnl configuration script generated by Autoconf, you may include it under
-dnl the same distribution terms that you use for the rest of that
-dnl program.
-
-dnl PKG_PREREQ(MIN-VERSION)
-dnl -----------------------
-dnl Since: 0.29
-dnl
-dnl Verify that the version of the pkg-config macros are at least
-dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's
-dnl installed version of pkg-config, this checks the developer's version
-dnl of pkg.m4 when generating configure.
-dnl
-dnl To ensure that this macro is defined, also add:
-dnl m4_ifndef([PKG_PREREQ],
-dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])])
-dnl
-dnl See the "Since" comment for each macro you use to see what version
-dnl of the macros you require.
-m4_defun([PKG_PREREQ],
-[m4_define([PKG_MACROS_VERSION], [0.29.2])
-m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
- [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
-])dnl PKG_PREREQ
-
-dnl PKG_PROG_PKG_CONFIG([MIN-VERSION])
-dnl ----------------------------------
-dnl Since: 0.16
-dnl
-dnl Search for the pkg-config tool and set the PKG_CONFIG variable to
-dnl first found in the path. Checks that the version of pkg-config found
-dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is
-dnl used since that's the first version where most current features of
-dnl pkg-config existed.
-AC_DEFUN([PKG_PROG_PKG_CONFIG],
-[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
-m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
-m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
-AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
-AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
-AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
-
-if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
- AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
-fi
-if test -n "$PKG_CONFIG"; then
- _pkg_min_version=m4_default([$1], [0.9.0])
- AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
- if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- PKG_CONFIG=""
- fi
-fi[]dnl
-])dnl PKG_PROG_PKG_CONFIG
-
-dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-dnl -------------------------------------------------------------------
-dnl Since: 0.18
-dnl
-dnl Check to see whether a particular set of modules exists. Similar to
-dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
-dnl
-dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-dnl only at the first occurence in configure.ac, so if the first place
-dnl it's called might be skipped (such as if it is within an "if", you
-dnl have to call PKG_CHECK_EXISTS manually
-AC_DEFUN([PKG_CHECK_EXISTS],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-if test -n "$PKG_CONFIG" && \
- AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
- m4_default([$2], [:])
-m4_ifvaln([$3], [else
- $3])dnl
-fi])
-
-dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
-dnl ---------------------------------------------
-dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting
-dnl pkg_failed based on the result.
-m4_define([_PKG_CONFIG],
-[if test -n "$$1"; then
- pkg_cv_[]$1="$$1"
- elif test -n "$PKG_CONFIG"; then
- PKG_CHECK_EXISTS([$3],
- [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes ],
- [pkg_failed=yes])
- else
- pkg_failed=untried
-fi[]dnl
-])dnl _PKG_CONFIG
-
-dnl _PKG_SHORT_ERRORS_SUPPORTED
-dnl ---------------------------
-dnl Internal check to see if pkg-config supports short errors.
-AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
- _pkg_short_errors_supported=yes
-else
- _pkg_short_errors_supported=no
-fi[]dnl
-])dnl _PKG_SHORT_ERRORS_SUPPORTED
-
-
-dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
-dnl [ACTION-IF-NOT-FOUND])
-dnl --------------------------------------------------------------
-dnl Since: 0.4.0
-dnl
-dnl Note that if there is a possibility the first call to
-dnl PKG_CHECK_MODULES might not happen, you should be sure to include an
-dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
-AC_DEFUN([PKG_CHECK_MODULES],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
-AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
-
-pkg_failed=no
-AC_MSG_CHECKING([for $2])
-
-_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
-_PKG_CONFIG([$1][_LIBS], [libs], [$2])
-
-m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
-and $1[]_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details.])
-
-if test $pkg_failed = yes; then
- AC_MSG_RESULT([no])
- _PKG_SHORT_ERRORS_SUPPORTED
- if test $_pkg_short_errors_supported = yes; then
- $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
- else
- $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
- fi
- # Put the nasty error message in config.log where it belongs
- echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
-
- m4_default([$4], [AC_MSG_ERROR(
-[Package requirements ($2) were not met:
-
-$$1_PKG_ERRORS
-
-Consider adjusting the PKG_CONFIG_PATH environment variable if you
-installed software in a non-standard prefix.
-
-_PKG_TEXT])[]dnl
- ])
-elif test $pkg_failed = untried; then
- AC_MSG_RESULT([no])
- m4_default([$4], [AC_MSG_FAILURE(
-[The pkg-config script could not be found or is too old. Make sure it
-is in your PATH or set the PKG_CONFIG environment variable to the full
-path to pkg-config.
-
-_PKG_TEXT
-
-To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
- ])
-else
- $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
- $1[]_LIBS=$pkg_cv_[]$1[]_LIBS
- AC_MSG_RESULT([yes])
- $3
-fi[]dnl
-])dnl PKG_CHECK_MODULES
-
-
-dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
-dnl [ACTION-IF-NOT-FOUND])
-dnl ---------------------------------------------------------------------
-dnl Since: 0.29
-dnl
-dnl Checks for existence of MODULES and gathers its build flags with
-dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags
-dnl and VARIABLE-PREFIX_LIBS from --libs.
-dnl
-dnl Note that if there is a possibility the first call to
-dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to
-dnl include an explicit call to PKG_PROG_PKG_CONFIG in your
-dnl configure.ac.
-AC_DEFUN([PKG_CHECK_MODULES_STATIC],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-_save_PKG_CONFIG=$PKG_CONFIG
-PKG_CONFIG="$PKG_CONFIG --static"
-PKG_CHECK_MODULES($@)
-PKG_CONFIG=$_save_PKG_CONFIG[]dnl
-])dnl PKG_CHECK_MODULES_STATIC
-
-
-dnl PKG_INSTALLDIR([DIRECTORY])
-dnl -------------------------
-dnl Since: 0.27
-dnl
-dnl Substitutes the variable pkgconfigdir as the location where a module
-dnl should install pkg-config .pc files. By default the directory is
-dnl $libdir/pkgconfig, but the default can be changed by passing
-dnl DIRECTORY. The user can override through the --with-pkgconfigdir
-dnl parameter.
-AC_DEFUN([PKG_INSTALLDIR],
-[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
-m4_pushdef([pkg_description],
- [pkg-config installation directory @<:@]pkg_default[@:>@])
-AC_ARG_WITH([pkgconfigdir],
- [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
- [with_pkgconfigdir=]pkg_default)
-AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
-m4_popdef([pkg_default])
-m4_popdef([pkg_description])
-])dnl PKG_INSTALLDIR
-
-
-dnl PKG_NOARCH_INSTALLDIR([DIRECTORY])
-dnl --------------------------------
-dnl Since: 0.27
-dnl
-dnl Substitutes the variable noarch_pkgconfigdir as the location where a
-dnl module should install arch-independent pkg-config .pc files. By
-dnl default the directory is $datadir/pkgconfig, but the default can be
-dnl changed by passing DIRECTORY. The user can override through the
-dnl --with-noarch-pkgconfigdir parameter.
-AC_DEFUN([PKG_NOARCH_INSTALLDIR],
-[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
-m4_pushdef([pkg_description],
- [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
-AC_ARG_WITH([noarch-pkgconfigdir],
- [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
- [with_noarch_pkgconfigdir=]pkg_default)
-AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
-m4_popdef([pkg_default])
-m4_popdef([pkg_description])
-])dnl PKG_NOARCH_INSTALLDIR
-
-
-dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
-dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-dnl -------------------------------------------
-dnl Since: 0.28
-dnl
-dnl Retrieves the value of the pkg-config variable for the given module.
-AC_DEFUN([PKG_CHECK_VAR],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
-
-_PKG_CONFIG([$1], [variable="][$3]["], [$2])
-AS_VAR_COPY([$1], [pkg_cv_][$1])
-
-AS_VAR_IF([$1], [""], [$5], [$4])dnl
-])dnl PKG_CHECK_VAR
-
-# Copyright (C) 2002-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_AUTOMAKE_VERSION(VERSION)
-# ----------------------------
-# Automake X.Y traces this macro to ensure aclocal.m4 has been
-# generated from the m4 files accompanying Automake X.Y.
-# (This private macro should not be called outside this file.)
-AC_DEFUN([AM_AUTOMAKE_VERSION],
-[am__api_version='1.16'
-dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
-dnl require some minimum version. Point them to the right macro.
-m4_if([$1], [1.16.5], [],
- [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
-])
-
-# _AM_AUTOCONF_VERSION(VERSION)
-# -----------------------------
-# aclocal traces this macro to find the Autoconf version.
-# This is a private macro too. Using m4_define simplifies
-# the logic in aclocal, which can simply ignore this definition.
-m4_define([_AM_AUTOCONF_VERSION], [])
-
-# AM_SET_CURRENT_AUTOMAKE_VERSION
-# -------------------------------
-# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
-# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
-AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.16.5])dnl
-m4_ifndef([AC_AUTOCONF_VERSION],
- [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
-_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
-
-# AM_AUX_DIR_EXPAND -*- Autoconf -*-
-
-# Copyright (C) 2001-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
-# $ac_aux_dir to '$srcdir/foo'. In other projects, it is set to
-# '$srcdir', '$srcdir/..', or '$srcdir/../..'.
-#
-# Of course, Automake must honor this variable whenever it calls a
-# tool from the auxiliary directory. The problem is that $srcdir (and
-# therefore $ac_aux_dir as well) can be either absolute or relative,
-# depending on how configure is run. This is pretty annoying, since
-# it makes $ac_aux_dir quite unusable in subdirectories: in the top
-# source directory, any form will work fine, but in subdirectories a
-# relative path needs to be adjusted first.
-#
-# $ac_aux_dir/missing
-# fails when called from a subdirectory if $ac_aux_dir is relative
-# $top_srcdir/$ac_aux_dir/missing
-# fails if $ac_aux_dir is absolute,
-# fails when called from a subdirectory in a VPATH build with
-# a relative $ac_aux_dir
-#
-# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
-# are both prefixed by $srcdir. In an in-source build this is usually
-# harmless because $srcdir is '.', but things will broke when you
-# start a VPATH build or use an absolute $srcdir.
-#
-# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
-# iff we strip the leading $srcdir from $ac_aux_dir. That would be:
-# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
-# and then we would define $MISSING as
-# MISSING="\${SHELL} $am_aux_dir/missing"
-# This will work as long as MISSING is not called from configure, because
-# unfortunately $(top_srcdir) has no meaning in configure.
-# However there are other variables, like CC, which are often used in
-# configure, and could therefore not use this "fixed" $ac_aux_dir.
-#
-# Another solution, used here, is to always expand $ac_aux_dir to an
-# absolute PATH. The drawback is that using absolute paths prevent a
-# configured tree to be moved without reconfiguration.
-
-AC_DEFUN([AM_AUX_DIR_EXPAND],
-[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
-# Expand $ac_aux_dir to an absolute path.
-am_aux_dir=`cd "$ac_aux_dir" && pwd`
-])
-
-# AM_CONDITIONAL -*- Autoconf -*-
-
-# Copyright (C) 1997-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_CONDITIONAL(NAME, SHELL-CONDITION)
-# -------------------------------------
-# Define a conditional.
-AC_DEFUN([AM_CONDITIONAL],
-[AC_PREREQ([2.52])dnl
- m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])],
- [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
-AC_SUBST([$1_TRUE])dnl
-AC_SUBST([$1_FALSE])dnl
-_AM_SUBST_NOTMAKE([$1_TRUE])dnl
-_AM_SUBST_NOTMAKE([$1_FALSE])dnl
-m4_define([_AM_COND_VALUE_$1], [$2])dnl
-if $2; then
- $1_TRUE=
- $1_FALSE='#'
-else
- $1_TRUE='#'
- $1_FALSE=
-fi
-AC_CONFIG_COMMANDS_PRE(
-[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
- AC_MSG_ERROR([[conditional "$1" was never defined.
-Usually this means the macro was only invoked conditionally.]])
-fi])])
-
-# Copyright (C) 1999-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-
-# There are a few dirty hacks below to avoid letting 'AC_PROG_CC' be
-# written in clear, in which case automake, when reading aclocal.m4,
-# will think it sees a *use*, and therefore will trigger all it's
-# C support machinery. Also note that it means that autoscan, seeing
-# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
-
-
-# _AM_DEPENDENCIES(NAME)
-# ----------------------
-# See how the compiler implements dependency checking.
-# NAME is "CC", "CXX", "OBJC", "OBJCXX", "UPC", or "GJC".
-# We try a few techniques and use that to set a single cache variable.
-#
-# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
-# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
-# dependency, and given that the user is not expected to run this macro,
-# just rely on AC_PROG_CC.
-AC_DEFUN([_AM_DEPENDENCIES],
-[AC_REQUIRE([AM_SET_DEPDIR])dnl
-AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
-AC_REQUIRE([AM_MAKE_INCLUDE])dnl
-AC_REQUIRE([AM_DEP_TRACK])dnl
-
-m4_if([$1], [CC], [depcc="$CC" am_compiler_list=],
- [$1], [CXX], [depcc="$CXX" am_compiler_list=],
- [$1], [OBJC], [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
- [$1], [OBJCXX], [depcc="$OBJCXX" am_compiler_list='gcc3 gcc'],
- [$1], [UPC], [depcc="$UPC" am_compiler_list=],
- [$1], [GCJ], [depcc="$GCJ" am_compiler_list='gcc3 gcc'],
- [depcc="$$1" am_compiler_list=])
-
-AC_CACHE_CHECK([dependency style of $depcc],
- [am_cv_$1_dependencies_compiler_type],
-[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
- # We make a subdir and do the tests there. Otherwise we can end up
- # making bogus files that we don't know about and never remove. For
- # instance it was reported that on HP-UX the gcc test will end up
- # making a dummy file named 'D' -- because '-MD' means "put the output
- # in D".
- rm -rf conftest.dir
- mkdir conftest.dir
- # Copy depcomp to subdir because otherwise we won't find it if we're
- # using a relative directory.
- cp "$am_depcomp" conftest.dir
- cd conftest.dir
- # We will build objects and dependencies in a subdirectory because
- # it helps to detect inapplicable dependency modes. For instance
- # both Tru64's cc and ICC support -MD to output dependencies as a
- # side effect of compilation, but ICC will put the dependencies in
- # the current directory while Tru64 will put them in the object
- # directory.
- mkdir sub
-
- am_cv_$1_dependencies_compiler_type=none
- if test "$am_compiler_list" = ""; then
- am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
- fi
- am__universal=false
- m4_case([$1], [CC],
- [case " $depcc " in #(
- *\ -arch\ *\ -arch\ *) am__universal=true ;;
- esac],
- [CXX],
- [case " $depcc " in #(
- *\ -arch\ *\ -arch\ *) am__universal=true ;;
- esac])
-
- for depmode in $am_compiler_list; do
- # Setup a source with many dependencies, because some compilers
- # like to wrap large dependency lists on column 80 (with \), and
- # we should not choose a depcomp mode which is confused by this.
- #
- # We need to recreate these files for each test, as the compiler may
- # overwrite some of them when testing with obscure command lines.
- # This happens at least with the AIX C compiler.
- : > sub/conftest.c
- for i in 1 2 3 4 5 6; do
- echo '#include "conftst'$i'.h"' >> sub/conftest.c
- # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with
- # Solaris 10 /bin/sh.
- echo '/* dummy */' > sub/conftst$i.h
- done
- echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
-
- # We check with '-c' and '-o' for the sake of the "dashmstdout"
- # mode. It turns out that the SunPro C++ compiler does not properly
- # handle '-M -o', and we need to detect this. Also, some Intel
- # versions had trouble with output in subdirs.
- am__obj=sub/conftest.${OBJEXT-o}
- am__minus_obj="-o $am__obj"
- case $depmode in
- gcc)
- # This depmode causes a compiler race in universal mode.
- test "$am__universal" = false || continue
- ;;
- nosideeffect)
- # After this tag, mechanisms are not by side-effect, so they'll
- # only be used when explicitly requested.
- if test "x$enable_dependency_tracking" = xyes; then
- continue
- else
- break
- fi
- ;;
- msvc7 | msvc7msys | msvisualcpp | msvcmsys)
- # This compiler won't grok '-c -o', but also, the minuso test has
- # not run yet. These depmodes are late enough in the game, and
- # so weak that their functioning should not be impacted.
- am__obj=conftest.${OBJEXT-o}
- am__minus_obj=
- ;;
- none) break ;;
- esac
- if depmode=$depmode \
- source=sub/conftest.c object=$am__obj \
- depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
- $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
- >/dev/null 2>conftest.err &&
- grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
- grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
- ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
- # icc doesn't choke on unknown options, it will just issue warnings
- # or remarks (even with -Werror). So we grep stderr for any message
- # that says an option was ignored or not supported.
- # When given -MP, icc 7.0 and 7.1 complain thusly:
- # icc: Command line warning: ignoring option '-M'; no argument required
- # The diagnosis changed in icc 8.0:
- # icc: Command line remark: option '-MP' not supported
- if (grep 'ignoring option' conftest.err ||
- grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
- am_cv_$1_dependencies_compiler_type=$depmode
- break
- fi
- fi
- done
-
- cd ..
- rm -rf conftest.dir
-else
- am_cv_$1_dependencies_compiler_type=none
-fi
-])
-AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
-AM_CONDITIONAL([am__fastdep$1], [
- test "x$enable_dependency_tracking" != xno \
- && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
-])
-
-
-# AM_SET_DEPDIR
-# -------------
-# Choose a directory name for dependency files.
-# This macro is AC_REQUIREd in _AM_DEPENDENCIES.
-AC_DEFUN([AM_SET_DEPDIR],
-[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
-AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
-])
-
-
-# AM_DEP_TRACK
-# ------------
-AC_DEFUN([AM_DEP_TRACK],
-[AC_ARG_ENABLE([dependency-tracking], [dnl
-AS_HELP_STRING(
- [--enable-dependency-tracking],
- [do not reject slow dependency extractors])
-AS_HELP_STRING(
- [--disable-dependency-tracking],
- [speeds up one-time build])])
-if test "x$enable_dependency_tracking" != xno; then
- am_depcomp="$ac_aux_dir/depcomp"
- AMDEPBACKSLASH='\'
- am__nodep='_no'
-fi
-AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
-AC_SUBST([AMDEPBACKSLASH])dnl
-_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
-AC_SUBST([am__nodep])dnl
-_AM_SUBST_NOTMAKE([am__nodep])dnl
-])
-
-# Generate code to set up dependency tracking. -*- Autoconf -*-
-
-# Copyright (C) 1999-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# _AM_OUTPUT_DEPENDENCY_COMMANDS
-# ------------------------------
-AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
-[{
- # Older Autoconf quotes --file arguments for eval, but not when files
- # are listed without --file. Let's play safe and only enable the eval
- # if we detect the quoting.
- # TODO: see whether this extra hack can be removed once we start
- # requiring Autoconf 2.70 or later.
- AS_CASE([$CONFIG_FILES],
- [*\'*], [eval set x "$CONFIG_FILES"],
- [*], [set x $CONFIG_FILES])
- shift
- # Used to flag and report bootstrapping failures.
- am_rc=0
- for am_mf
- do
- # Strip MF so we end up with the name of the file.
- am_mf=`AS_ECHO(["$am_mf"]) | sed -e 's/:.*$//'`
- # Check whether this is an Automake generated Makefile which includes
- # dependency-tracking related rules and includes.
- # Grep'ing the whole file directly is not great: AIX grep has a line
- # limit of 2048, but all sed's we know have understand at least 4000.
- sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
- || continue
- am_dirpart=`AS_DIRNAME(["$am_mf"])`
- am_filepart=`AS_BASENAME(["$am_mf"])`
- AM_RUN_LOG([cd "$am_dirpart" \
- && sed -e '/# am--include-marker/d' "$am_filepart" \
- | $MAKE -f - am--depfiles]) || am_rc=$?
- done
- if test $am_rc -ne 0; then
- AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments
- for automatic dependency tracking. If GNU make was not used, consider
- re-running the configure script with MAKE="gmake" (or whatever is
- necessary). You can also try re-running configure with the
- '--disable-dependency-tracking' option to at least be able to build
- the package (albeit without support for automatic dependency tracking).])
- fi
- AS_UNSET([am_dirpart])
- AS_UNSET([am_filepart])
- AS_UNSET([am_mf])
- AS_UNSET([am_rc])
- rm -f conftest-deps.mk
-}
-])# _AM_OUTPUT_DEPENDENCY_COMMANDS
-
-
-# AM_OUTPUT_DEPENDENCY_COMMANDS
-# -----------------------------
-# This macro should only be invoked once -- use via AC_REQUIRE.
-#
-# This code is only required when automatic dependency tracking is enabled.
-# This creates each '.Po' and '.Plo' makefile fragment that we'll need in
-# order to bootstrap the dependency handling code.
-AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
-[AC_CONFIG_COMMANDS([depfiles],
- [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
- [AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])])
-
-# Do all the work for Automake. -*- Autoconf -*-
-
-# Copyright (C) 1996-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This macro actually does too much. Some checks are only needed if
-# your package does certain things. But this isn't really a big deal.
-
-dnl Redefine AC_PROG_CC to automatically invoke _AM_PROG_CC_C_O.
-m4_define([AC_PROG_CC],
-m4_defn([AC_PROG_CC])
-[_AM_PROG_CC_C_O
-])
-
-# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
-# AM_INIT_AUTOMAKE([OPTIONS])
-# -----------------------------------------------
-# The call with PACKAGE and VERSION arguments is the old style
-# call (pre autoconf-2.50), which is being phased out. PACKAGE
-# and VERSION should now be passed to AC_INIT and removed from
-# the call to AM_INIT_AUTOMAKE.
-# We support both call styles for the transition. After
-# the next Automake release, Autoconf can make the AC_INIT
-# arguments mandatory, and then we can depend on a new Autoconf
-# release and drop the old call support.
-AC_DEFUN([AM_INIT_AUTOMAKE],
-[AC_PREREQ([2.65])dnl
-m4_ifdef([_$0_ALREADY_INIT],
- [m4_fatal([$0 expanded multiple times
-]m4_defn([_$0_ALREADY_INIT]))],
- [m4_define([_$0_ALREADY_INIT], m4_expansion_stack)])dnl
-dnl Autoconf wants to disallow AM_ names. We explicitly allow
-dnl the ones we care about.
-m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
-AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
-AC_REQUIRE([AC_PROG_INSTALL])dnl
-if test "`cd $srcdir && pwd`" != "`pwd`"; then
- # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
- # is not polluted with repeated "-I."
- AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
- # test to see if srcdir already configured
- if test -f $srcdir/config.status; then
- AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
- fi
-fi
-
-# test whether we have cygpath
-if test -z "$CYGPATH_W"; then
- if (cygpath --version) >/dev/null 2>/dev/null; then
- CYGPATH_W='cygpath -w'
- else
- CYGPATH_W=echo
- fi
-fi
-AC_SUBST([CYGPATH_W])
-
-# Define the identity of the package.
-dnl Distinguish between old-style and new-style calls.
-m4_ifval([$2],
-[AC_DIAGNOSE([obsolete],
- [$0: two- and three-arguments forms are deprecated.])
-m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
- AC_SUBST([PACKAGE], [$1])dnl
- AC_SUBST([VERSION], [$2])],
-[_AM_SET_OPTIONS([$1])dnl
-dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
-m4_if(
- m4_ifset([AC_PACKAGE_NAME], [ok]):m4_ifset([AC_PACKAGE_VERSION], [ok]),
- [ok:ok],,
- [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
- AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
- AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
-
-_AM_IF_OPTION([no-define],,
-[AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package])
- AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])dnl
-
-# Some tools Automake needs.
-AC_REQUIRE([AM_SANITY_CHECK])dnl
-AC_REQUIRE([AC_ARG_PROGRAM])dnl
-AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}])
-AM_MISSING_PROG([AUTOCONF], [autoconf])
-AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}])
-AM_MISSING_PROG([AUTOHEADER], [autoheader])
-AM_MISSING_PROG([MAKEINFO], [makeinfo])
-AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
-AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
-AC_REQUIRE([AC_PROG_MKDIR_P])dnl
-# For better backward compatibility. To be removed once Automake 1.9.x
-# dies out for good. For more background, see:
-# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
-# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
-AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
-# We need awk for the "check" target (and possibly the TAP driver). The
-# system "awk" is bad on some platforms.
-AC_REQUIRE([AC_PROG_AWK])dnl
-AC_REQUIRE([AC_PROG_MAKE_SET])dnl
-AC_REQUIRE([AM_SET_LEADING_DOT])dnl
-_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
- [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
- [_AM_PROG_TAR([v7])])])
-_AM_IF_OPTION([no-dependencies],,
-[AC_PROVIDE_IFELSE([AC_PROG_CC],
- [_AM_DEPENDENCIES([CC])],
- [m4_define([AC_PROG_CC],
- m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl
-AC_PROVIDE_IFELSE([AC_PROG_CXX],
- [_AM_DEPENDENCIES([CXX])],
- [m4_define([AC_PROG_CXX],
- m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl
-AC_PROVIDE_IFELSE([AC_PROG_OBJC],
- [_AM_DEPENDENCIES([OBJC])],
- [m4_define([AC_PROG_OBJC],
- m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl
-AC_PROVIDE_IFELSE([AC_PROG_OBJCXX],
- [_AM_DEPENDENCIES([OBJCXX])],
- [m4_define([AC_PROG_OBJCXX],
- m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl
-])
-# Variables for tags utilities; see am/tags.am
-if test -z "$CTAGS"; then
- CTAGS=ctags
-fi
-AC_SUBST([CTAGS])
-if test -z "$ETAGS"; then
- ETAGS=etags
-fi
-AC_SUBST([ETAGS])
-if test -z "$CSCOPE"; then
- CSCOPE=cscope
-fi
-AC_SUBST([CSCOPE])
-
-AC_REQUIRE([AM_SILENT_RULES])dnl
-dnl The testsuite driver may need to know about EXEEXT, so add the
-dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This
-dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below.
-AC_CONFIG_COMMANDS_PRE(dnl
-[m4_provide_if([_AM_COMPILER_EXEEXT],
- [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
-
-# POSIX will say in a future version that running "rm -f" with no argument
-# is OK; and we want to be able to make that assumption in our Makefile
-# recipes. So use an aggressive probe to check that the usage we want is
-# actually supported "in the wild" to an acceptable degree.
-# See automake bug#10828.
-# To make any issue more visible, cause the running configure to be aborted
-# by default if the 'rm' program in use doesn't match our expectations; the
-# user can still override this though.
-if rm -f && rm -fr && rm -rf; then : OK; else
- cat >&2 <<'END'
-Oops!
-
-Your 'rm' program seems unable to run without file operands specified
-on the command line, even when the '-f' option is present. This is contrary
-to the behaviour of most rm programs out there, and not conforming with
-the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542>
-
-Please tell bug-automake@gnu.org about your system, including the value
-of your $PATH and any error possibly output before this message. This
-can help us improve future automake versions.
-
-END
- if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then
- echo 'Configuration will proceed anyway, since you have set the' >&2
- echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2
- echo >&2
- else
- cat >&2 <<'END'
-Aborting the configuration process, to ensure you take notice of the issue.
-
-You can download and install GNU coreutils to get an 'rm' implementation
-that behaves properly: <https://www.gnu.org/software/coreutils/>.
-
-If you want to complete the configuration process using your problematic
-'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
-to "yes", and re-run configure.
-
-END
- AC_MSG_ERROR([Your 'rm' program is bad, sorry.])
- fi
-fi
-dnl The trailing newline in this macro's definition is deliberate, for
-dnl backward compatibility and to allow trailing 'dnl'-style comments
-dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841.
-])
-
-dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not
-dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
-dnl mangled by Autoconf and run in a shell conditional statement.
-m4_define([_AC_COMPILER_EXEEXT],
-m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
-
-# When config.status generates a header, we must update the stamp-h file.
-# This file resides in the same directory as the config header
-# that is generated. The stamp files are numbered to have different names.
-
-# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
-# loop where config.status creates the headers, so we can generate
-# our stamp files there.
-AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
-[# Compute $1's index in $config_headers.
-_am_arg=$1
-_am_stamp_count=1
-for _am_header in $config_headers :; do
- case $_am_header in
- $_am_arg | $_am_arg:* )
- break ;;
- * )
- _am_stamp_count=`expr $_am_stamp_count + 1` ;;
- esac
-done
-echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
-
-# Copyright (C) 2001-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_PROG_INSTALL_SH
-# ------------------
-# Define $install_sh.
-AC_DEFUN([AM_PROG_INSTALL_SH],
-[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-if test x"${install_sh+set}" != xset; then
- case $am_aux_dir in
- *\ * | *\ *)
- install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
- *)
- install_sh="\${SHELL} $am_aux_dir/install-sh"
- esac
-fi
-AC_SUBST([install_sh])])
-
-# Copyright (C) 2003-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# Check whether the underlying file-system supports filenames
-# with a leading dot. For instance MS-DOS doesn't.
-AC_DEFUN([AM_SET_LEADING_DOT],
-[rm -rf .tst 2>/dev/null
-mkdir .tst 2>/dev/null
-if test -d .tst; then
- am__leading_dot=.
-else
- am__leading_dot=_
-fi
-rmdir .tst 2>/dev/null
-AC_SUBST([am__leading_dot])])
-
-# Copyright (C) 1998-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_PROG_LEX
-# -----------
-# Autoconf leaves LEX=: if lex or flex can't be found. Change that to a
-# "missing" invocation, for better error output.
-AC_DEFUN([AM_PROG_LEX],
-[AC_PREREQ([2.50])dnl
-AC_REQUIRE([AM_MISSING_HAS_RUN])dnl
-AC_REQUIRE([AC_PROG_LEX])dnl
-if test "$LEX" = :; then
- LEX=${am_missing_run}flex
-fi])
-
-# Check to see how 'make' treats includes. -*- Autoconf -*-
-
-# Copyright (C) 2001-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_MAKE_INCLUDE()
-# -----------------
-# Check whether make has an 'include' directive that can support all
-# the idioms we need for our automatic dependency tracking code.
-AC_DEFUN([AM_MAKE_INCLUDE],
-[AC_MSG_CHECKING([whether ${MAKE-make} supports the include directive])
-cat > confinc.mk << 'END'
-am__doit:
- @echo this is the am__doit target >confinc.out
-.PHONY: am__doit
-END
-am__include="#"
-am__quote=
-# BSD make does it like this.
-echo '.include "confinc.mk" # ignored' > confmf.BSD
-# Other make implementations (GNU, Solaris 10, AIX) do it like this.
-echo 'include confinc.mk # ignored' > confmf.GNU
-_am_result=no
-for s in GNU BSD; do
- AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out])
- AS_CASE([$?:`cat confinc.out 2>/dev/null`],
- ['0:this is the am__doit target'],
- [AS_CASE([$s],
- [BSD], [am__include='.include' am__quote='"'],
- [am__include='include' am__quote=''])])
- if test "$am__include" != "#"; then
- _am_result="yes ($s style)"
- break
- fi
-done
-rm -f confinc.* confmf.*
-AC_MSG_RESULT([${_am_result}])
-AC_SUBST([am__include])])
-AC_SUBST([am__quote])])
-
-# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
-
-# Copyright (C) 1997-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_MISSING_PROG(NAME, PROGRAM)
-# ------------------------------
-AC_DEFUN([AM_MISSING_PROG],
-[AC_REQUIRE([AM_MISSING_HAS_RUN])
-$1=${$1-"${am_missing_run}$2"}
-AC_SUBST($1)])
-
-# AM_MISSING_HAS_RUN
-# ------------------
-# Define MISSING if not defined so far and test if it is modern enough.
-# If it is, set am_missing_run to use it, otherwise, to nothing.
-AC_DEFUN([AM_MISSING_HAS_RUN],
-[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-AC_REQUIRE_AUX_FILE([missing])dnl
-if test x"${MISSING+set}" != xset; then
- MISSING="\${SHELL} '$am_aux_dir/missing'"
-fi
-# Use eval to expand $SHELL
-if eval "$MISSING --is-lightweight"; then
- am_missing_run="$MISSING "
-else
- am_missing_run=
- AC_MSG_WARN(['missing' script is too old or missing])
-fi
-])
-
-# Helper functions for option handling. -*- Autoconf -*-
-
-# Copyright (C) 2001-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# _AM_MANGLE_OPTION(NAME)
-# -----------------------
-AC_DEFUN([_AM_MANGLE_OPTION],
-[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
-
-# _AM_SET_OPTION(NAME)
-# --------------------
-# Set option NAME. Presently that only means defining a flag for this option.
-AC_DEFUN([_AM_SET_OPTION],
-[m4_define(_AM_MANGLE_OPTION([$1]), [1])])
-
-# _AM_SET_OPTIONS(OPTIONS)
-# ------------------------
-# OPTIONS is a space-separated list of Automake options.
-AC_DEFUN([_AM_SET_OPTIONS],
-[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
-
-# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
-# -------------------------------------------
-# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
-AC_DEFUN([_AM_IF_OPTION],
-[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
-
-# Copyright (C) 1999-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# _AM_PROG_CC_C_O
-# ---------------
-# Like AC_PROG_CC_C_O, but changed for automake. We rewrite AC_PROG_CC
-# to automatically call this.
-AC_DEFUN([_AM_PROG_CC_C_O],
-[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-AC_REQUIRE_AUX_FILE([compile])dnl
-AC_LANG_PUSH([C])dnl
-AC_CACHE_CHECK(
- [whether $CC understands -c and -o together],
- [am_cv_prog_cc_c_o],
- [AC_LANG_CONFTEST([AC_LANG_PROGRAM([])])
- # Make sure it works both with $CC and with simple cc.
- # Following AC_PROG_CC_C_O, we do the test twice because some
- # compilers refuse to overwrite an existing .o file with -o,
- # though they will create one.
- am_cv_prog_cc_c_o=yes
- for am_i in 1 2; do
- if AM_RUN_LOG([$CC -c conftest.$ac_ext -o conftest2.$ac_objext]) \
- && test -f conftest2.$ac_objext; then
- : OK
- else
- am_cv_prog_cc_c_o=no
- break
- fi
- done
- rm -f core conftest*
- unset am_i])
-if test "$am_cv_prog_cc_c_o" != yes; then
- # Losing compiler, so override with the script.
- # FIXME: It is wrong to rewrite CC.
- # But if we don't then we get into trouble of one sort or another.
- # A longer-term fix would be to have automake use am__CC in this case,
- # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
- CC="$am_aux_dir/compile $CC"
-fi
-AC_LANG_POP([C])])
-
-# For backward compatibility.
-AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
-
-# Copyright (C) 1999-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-
-# AM_PATH_PYTHON([MINIMUM-VERSION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-# ---------------------------------------------------------------------------
-# Adds support for distributing Python modules and packages. To
-# install modules, copy them to $(pythondir), using the python_PYTHON
-# automake variable. To install a package with the same name as the
-# automake package, install to $(pkgpythondir), or use the
-# pkgpython_PYTHON automake variable.
-#
-# The variables $(pyexecdir) and $(pkgpyexecdir) are provided as
-# locations to install python extension modules (shared libraries).
-# Another macro is required to find the appropriate flags to compile
-# extension modules.
-#
-# If your package is configured with a different prefix to python,
-# users will have to add the install directory to the PYTHONPATH
-# environment variable, or create a .pth file (see the python
-# documentation for details).
-#
-# If the MINIMUM-VERSION argument is passed, AM_PATH_PYTHON will
-# cause an error if the version of python installed on the system
-# doesn't meet the requirement. MINIMUM-VERSION should consist of
-# numbers and dots only.
-AC_DEFUN([AM_PATH_PYTHON],
- [
- dnl Find a Python interpreter. Python versions prior to 2.0 are not
- dnl supported. (2.0 was released on October 16, 2000).
- m4_define_default([_AM_PYTHON_INTERPRETER_LIST],
-[python python2 python3 dnl
- python3.11 python3.10 dnl
- python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 dnl
- python3.2 python3.1 python3.0 dnl
- python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 dnl
- python2.0])
-
- AC_ARG_VAR([PYTHON], [the Python interpreter])
-
- m4_if([$1],[],[
- dnl No version check is needed.
- # Find any Python interpreter.
- if test -z "$PYTHON"; then
- AC_PATH_PROGS([PYTHON], _AM_PYTHON_INTERPRETER_LIST, :)
- fi
- am_display_PYTHON=python
- ], [
- dnl A version check is needed.
- if test -n "$PYTHON"; then
- # If the user set $PYTHON, use it and don't search something else.
- AC_MSG_CHECKING([whether $PYTHON version is >= $1])
- AM_PYTHON_CHECK_VERSION([$PYTHON], [$1],
- [AC_MSG_RESULT([yes])],
- [AC_MSG_RESULT([no])
- AC_MSG_ERROR([Python interpreter is too old])])
- am_display_PYTHON=$PYTHON
- else
- # Otherwise, try each interpreter until we find one that satisfies
- # VERSION.
- AC_CACHE_CHECK([for a Python interpreter with version >= $1],
- [am_cv_pathless_PYTHON],[
- for am_cv_pathless_PYTHON in _AM_PYTHON_INTERPRETER_LIST none; do
- test "$am_cv_pathless_PYTHON" = none && break
- AM_PYTHON_CHECK_VERSION([$am_cv_pathless_PYTHON], [$1], [break])
- done])
- # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON.
- if test "$am_cv_pathless_PYTHON" = none; then
- PYTHON=:
- else
- AC_PATH_PROG([PYTHON], [$am_cv_pathless_PYTHON])
- fi
- am_display_PYTHON=$am_cv_pathless_PYTHON
- fi
- ])
-
- if test "$PYTHON" = :; then
- dnl Run any user-specified action, or abort.
- m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])])
- else
-
- dnl Query Python for its version number. Although site.py simply uses
- dnl sys.version[:3], printing that failed with Python 3.10, since the
- dnl trailing zero was eliminated. So now we output just the major
- dnl and minor version numbers, as numbers. Apparently the tertiary
- dnl version is not of interest.
- dnl
- AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version],
- [am_cv_python_version=`$PYTHON -c "import sys; print ('%u.%u' % sys.version_info[[:2]])"`])
- AC_SUBST([PYTHON_VERSION], [$am_cv_python_version])
-
- dnl At times, e.g., when building shared libraries, you may want
- dnl to know which OS platform Python thinks this is.
- dnl
- AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform],
- [am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`])
- AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform])
-
- dnl emacs-page
- dnl If --with-python-sys-prefix is given, use the values of sys.prefix
- dnl and sys.exec_prefix for the corresponding values of PYTHON_PREFIX
- dnl and PYTHON_EXEC_PREFIX. Otherwise, use the GNU ${prefix} and
- dnl ${exec_prefix} variables.
- dnl
- dnl The two are made distinct variables so they can be overridden if
- dnl need be, although general consensus is that you shouldn't need
- dnl this separation.
- dnl
- dnl Also allow directly setting the prefixes via configure options,
- dnl overriding any default.
- dnl
- if test "x$prefix" = xNONE; then
- am__usable_prefix=$ac_default_prefix
- else
- am__usable_prefix=$prefix
- fi
-
- # Allow user to request using sys.* values from Python,
- # instead of the GNU $prefix values.
- AC_ARG_WITH([python-sys-prefix],
- [AS_HELP_STRING([--with-python-sys-prefix],
- [use Python's sys.prefix and sys.exec_prefix values])],
- [am_use_python_sys=:],
- [am_use_python_sys=false])
-
- # Allow user to override whatever the default Python prefix is.
- AC_ARG_WITH([python_prefix],
- [AS_HELP_STRING([--with-python_prefix],
- [override the default PYTHON_PREFIX])],
- [am_python_prefix_subst=$withval
- am_cv_python_prefix=$withval
- AC_MSG_CHECKING([for explicit $am_display_PYTHON prefix])
- AC_MSG_RESULT([$am_cv_python_prefix])],
- [
- if $am_use_python_sys; then
- # using python sys.prefix value, not GNU
- AC_CACHE_CHECK([for python default $am_display_PYTHON prefix],
- [am_cv_python_prefix],
- [am_cv_python_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.prefix)"`])
-
- dnl If sys.prefix is a subdir of $prefix, replace the literal value of
- dnl $prefix with a variable reference so it can be overridden.
- case $am_cv_python_prefix in
- $am__usable_prefix*)
- am__strip_prefix=`echo "$am__usable_prefix" | sed 's|.|.|g'`
- am_python_prefix_subst=`echo "$am_cv_python_prefix" | sed "s,^$am__strip_prefix,\\${prefix},"`
- ;;
- *)
- am_python_prefix_subst=$am_cv_python_prefix
- ;;
- esac
- else # using GNU prefix value, not python sys.prefix
- am_python_prefix_subst='${prefix}'
- am_python_prefix=$am_python_prefix_subst
- AC_MSG_CHECKING([for GNU default $am_display_PYTHON prefix])
- AC_MSG_RESULT([$am_python_prefix])
- fi])
- # Substituting python_prefix_subst value.
- AC_SUBST([PYTHON_PREFIX], [$am_python_prefix_subst])
-
- # emacs-page Now do it all over again for Python exec_prefix, but with yet
- # another conditional: fall back to regular prefix if that was specified.
- AC_ARG_WITH([python_exec_prefix],
- [AS_HELP_STRING([--with-python_exec_prefix],
- [override the default PYTHON_EXEC_PREFIX])],
- [am_python_exec_prefix_subst=$withval
- am_cv_python_exec_prefix=$withval
- AC_MSG_CHECKING([for explicit $am_display_PYTHON exec_prefix])
- AC_MSG_RESULT([$am_cv_python_exec_prefix])],
- [
- # no explicit --with-python_exec_prefix, but if
- # --with-python_prefix was given, use its value for python_exec_prefix too.
- AS_IF([test -n "$with_python_prefix"],
- [am_python_exec_prefix_subst=$with_python_prefix
- am_cv_python_exec_prefix=$with_python_prefix
- AC_MSG_CHECKING([for python_prefix-given $am_display_PYTHON exec_prefix])
- AC_MSG_RESULT([$am_cv_python_exec_prefix])],
- [
- # Set am__usable_exec_prefix whether using GNU or Python values,
- # since we use that variable for pyexecdir.
- if test "x$exec_prefix" = xNONE; then
- am__usable_exec_prefix=$am__usable_prefix
- else
- am__usable_exec_prefix=$exec_prefix
- fi
- #
- if $am_use_python_sys; then # using python sys.exec_prefix, not GNU
- AC_CACHE_CHECK([for python default $am_display_PYTHON exec_prefix],
- [am_cv_python_exec_prefix],
- [am_cv_python_exec_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.exec_prefix)"`])
- dnl If sys.exec_prefix is a subdir of $exec_prefix, replace the
- dnl literal value of $exec_prefix with a variable reference so it can
- dnl be overridden.
- case $am_cv_python_exec_prefix in
- $am__usable_exec_prefix*)
- am__strip_prefix=`echo "$am__usable_exec_prefix" | sed 's|.|.|g'`
- am_python_exec_prefix_subst=`echo "$am_cv_python_exec_prefix" | sed "s,^$am__strip_prefix,\\${exec_prefix},"`
- ;;
- *)
- am_python_exec_prefix_subst=$am_cv_python_exec_prefix
- ;;
- esac
- else # using GNU $exec_prefix, not python sys.exec_prefix
- am_python_exec_prefix_subst='${exec_prefix}'
- am_python_exec_prefix=$am_python_exec_prefix_subst
- AC_MSG_CHECKING([for GNU default $am_display_PYTHON exec_prefix])
- AC_MSG_RESULT([$am_python_exec_prefix])
- fi])])
- # Substituting python_exec_prefix_subst.
- AC_SUBST([PYTHON_EXEC_PREFIX], [$am_python_exec_prefix_subst])
-
- # Factor out some code duplication into this shell variable.
- am_python_setup_sysconfig="\
-import sys
-# Prefer sysconfig over distutils.sysconfig, for better compatibility
-# with python 3.x. See automake bug#10227.
-try:
- import sysconfig
-except ImportError:
- can_use_sysconfig = 0
-else:
- can_use_sysconfig = 1
-# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs:
-# <https://github.com/pypa/virtualenv/issues/118>
-try:
- from platform import python_implementation
- if python_implementation() == 'CPython' and sys.version[[:3]] == '2.7':
- can_use_sysconfig = 0
-except ImportError:
- pass"
-
- dnl emacs-page Set up 4 directories:
-
- dnl 1. pythondir: where to install python scripts. This is the
- dnl site-packages directory, not the python standard library
- dnl directory like in previous automake betas. This behavior
- dnl is more consistent with lispdir.m4 for example.
- dnl Query distutils for this directory.
- dnl
- AC_CACHE_CHECK([for $am_display_PYTHON script directory (pythondir)],
- [am_cv_python_pythondir],
- [if test "x$am_cv_python_prefix" = x; then
- am_py_prefix=$am__usable_prefix
- else
- am_py_prefix=$am_cv_python_prefix
- fi
- am_cv_python_pythondir=`$PYTHON -c "
-$am_python_setup_sysconfig
-if can_use_sysconfig:
- if hasattr(sysconfig, 'get_default_scheme'):
- scheme = sysconfig.get_default_scheme()
- else:
- scheme = sysconfig._get_default_scheme()
- if scheme == 'posix_local':
- # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
- scheme = 'posix_prefix'
- sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'})
-else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
-sys.stdout.write(sitedir)"`
- #
- case $am_cv_python_pythondir in
- $am_py_prefix*)
- am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
- am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,\\${PYTHON_PREFIX},"`
- ;;
- *)
- case $am_py_prefix in
- /usr|/System*) ;;
- *) am_cv_python_pythondir="\${PYTHON_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
- ;;
- esac
- ;;
- esac
- ])
- AC_SUBST([pythondir], [$am_cv_python_pythondir])
-
- dnl 2. pkgpythondir: $PACKAGE directory under pythondir. Was
- dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is
- dnl more consistent with the rest of automake.
- dnl
- AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE])
-
- dnl 3. pyexecdir: directory for installing python extension modules
- dnl (shared libraries).
- dnl Query distutils for this directory.
- dnl
- AC_CACHE_CHECK([for $am_display_PYTHON extension module directory (pyexecdir)],
- [am_cv_python_pyexecdir],
- [if test "x$am_cv_python_exec_prefix" = x; then
- am_py_exec_prefix=$am__usable_exec_prefix
- else
- am_py_exec_prefix=$am_cv_python_exec_prefix
- fi
- am_cv_python_pyexecdir=`$PYTHON -c "
-$am_python_setup_sysconfig
-if can_use_sysconfig:
- if hasattr(sysconfig, 'get_default_scheme'):
- scheme = sysconfig.get_default_scheme()
- else:
- scheme = sysconfig._get_default_scheme()
- if scheme == 'posix_local':
- # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
- scheme = 'posix_prefix'
- sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'})
-else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_exec_prefix')
-sys.stdout.write(sitedir)"`
- #
- case $am_cv_python_pyexecdir in
- $am_py_exec_prefix*)
- am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
- am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,\\${PYTHON_EXEC_PREFIX},"`
- ;;
- *)
- case $am_py_exec_prefix in
- /usr|/System*) ;;
- *) am_cv_python_pyexecdir="\${PYTHON_EXEC_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
- ;;
- esac
- ;;
- esac
- ])
- AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir])
-
- dnl 4. pkgpyexecdir: $(pyexecdir)/$(PACKAGE)
- dnl
- AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE])
-
- dnl Run any user-specified action.
- $2
- fi
-])
-
-
-# AM_PYTHON_CHECK_VERSION(PROG, VERSION, [ACTION-IF-TRUE], [ACTION-IF-FALSE])
-# ---------------------------------------------------------------------------
-# Run ACTION-IF-TRUE if the Python interpreter PROG has version >= VERSION.
-# Run ACTION-IF-FALSE otherwise.
-# This test uses sys.hexversion instead of the string equivalent (first
-# word of sys.version), in order to cope with versions such as 2.2c1.
-# This supports Python 2.0 or higher. (2.0 was released on October 16, 2000).
-AC_DEFUN([AM_PYTHON_CHECK_VERSION],
- [prog="import sys
-# split strings by '.' and convert to numeric. Append some zeros
-# because we need at least 4 digits for the hex conversion.
-# map returns an iterator in Python 3.0 and a list in 2.x
-minver = list(map(int, '$2'.split('.'))) + [[0, 0, 0]]
-minverhex = 0
-# xrange is not present in Python 3.0 and range returns an iterator
-for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]]
-sys.exit(sys.hexversion < minverhex)"
- AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])])
-
-# Copyright (C) 2001-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_RUN_LOG(COMMAND)
-# -------------------
-# Run COMMAND, save the exit status in ac_status, and log it.
-# (This has been adapted from Autoconf's _AC_RUN_LOG macro.)
-AC_DEFUN([AM_RUN_LOG],
-[{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD
- ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
- (exit $ac_status); }])
-
-# Check to make sure that the build environment is sane. -*- Autoconf -*-
-
-# Copyright (C) 1996-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_SANITY_CHECK
-# ---------------
-AC_DEFUN([AM_SANITY_CHECK],
-[AC_MSG_CHECKING([whether build environment is sane])
-# Reject unsafe characters in $srcdir or the absolute working directory
-# name. Accept space and tab only in the latter.
-am_lf='
-'
-case `pwd` in
- *[[\\\"\#\$\&\'\`$am_lf]]*)
- AC_MSG_ERROR([unsafe absolute working directory name]);;
-esac
-case $srcdir in
- *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*)
- AC_MSG_ERROR([unsafe srcdir value: '$srcdir']);;
-esac
-
-# Do 'set' in a subshell so we don't clobber the current shell's
-# arguments. Must try -L first in case configure is actually a
-# symlink; some systems play weird games with the mod time of symlinks
-# (eg FreeBSD returns the mod time of the symlink's containing
-# directory).
-if (
- am_has_slept=no
- for am_try in 1 2; do
- echo "timestamp, slept: $am_has_slept" > conftest.file
- set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
- if test "$[*]" = "X"; then
- # -L didn't work.
- set X `ls -t "$srcdir/configure" conftest.file`
- fi
- if test "$[*]" != "X $srcdir/configure conftest.file" \
- && test "$[*]" != "X conftest.file $srcdir/configure"; then
-
- # If neither matched, then we have a broken ls. This can happen
- # if, for instance, CONFIG_SHELL is bash and it inherits a
- # broken ls alias from the environment. This has actually
- # happened. Such a system could not be considered "sane".
- AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken
- alias in your environment])
- fi
- if test "$[2]" = conftest.file || test $am_try -eq 2; then
- break
- fi
- # Just in case.
- sleep 1
- am_has_slept=yes
- done
- test "$[2]" = conftest.file
- )
-then
- # Ok.
- :
-else
- AC_MSG_ERROR([newly created file is older than distributed files!
-Check your system clock])
-fi
-AC_MSG_RESULT([yes])
-# If we didn't sleep, we still need to ensure time stamps of config.status and
-# generated files are strictly newer.
-am_sleep_pid=
-if grep 'slept: no' conftest.file >/dev/null 2>&1; then
- ( sleep 1 ) &
- am_sleep_pid=$!
-fi
-AC_CONFIG_COMMANDS_PRE(
- [AC_MSG_CHECKING([that generated files are newer than configure])
- if test -n "$am_sleep_pid"; then
- # Hide warnings about reused PIDs.
- wait $am_sleep_pid 2>/dev/null
- fi
- AC_MSG_RESULT([done])])
-rm -f conftest.file
-])
-
-# Copyright (C) 2009-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_SILENT_RULES([DEFAULT])
-# --------------------------
-# Enable less verbose build rules; with the default set to DEFAULT
-# ("yes" being less verbose, "no" or empty being verbose).
-AC_DEFUN([AM_SILENT_RULES],
-[AC_ARG_ENABLE([silent-rules], [dnl
-AS_HELP_STRING(
- [--enable-silent-rules],
- [less verbose build output (undo: "make V=1")])
-AS_HELP_STRING(
- [--disable-silent-rules],
- [verbose build output (undo: "make V=0")])dnl
-])
-case $enable_silent_rules in @%:@ (((
- yes) AM_DEFAULT_VERBOSITY=0;;
- no) AM_DEFAULT_VERBOSITY=1;;
- *) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);;
-esac
-dnl
-dnl A few 'make' implementations (e.g., NonStop OS and NextStep)
-dnl do not support nested variable expansions.
-dnl See automake bug#9928 and bug#10237.
-am_make=${MAKE-make}
-AC_CACHE_CHECK([whether $am_make supports nested variables],
- [am_cv_make_support_nested_variables],
- [if AS_ECHO([['TRUE=$(BAR$(V))
-BAR0=false
-BAR1=true
-V=1
-am__doit:
- @$(TRUE)
-.PHONY: am__doit']]) | $am_make -f - >/dev/null 2>&1; then
- am_cv_make_support_nested_variables=yes
-else
- am_cv_make_support_nested_variables=no
-fi])
-if test $am_cv_make_support_nested_variables = yes; then
- dnl Using '$V' instead of '$(V)' breaks IRIX make.
- AM_V='$(V)'
- AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
-else
- AM_V=$AM_DEFAULT_VERBOSITY
- AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY
-fi
-AC_SUBST([AM_V])dnl
-AM_SUBST_NOTMAKE([AM_V])dnl
-AC_SUBST([AM_DEFAULT_V])dnl
-AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl
-AC_SUBST([AM_DEFAULT_VERBOSITY])dnl
-AM_BACKSLASH='\'
-AC_SUBST([AM_BACKSLASH])dnl
-_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
-])
-
-# Copyright (C) 2001-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_PROG_INSTALL_STRIP
-# ---------------------
-# One issue with vendor 'install' (even GNU) is that you can't
-# specify the program used to strip binaries. This is especially
-# annoying in cross-compiling environments, where the build's strip
-# is unlikely to handle the host's binaries.
-# Fortunately install-sh will honor a STRIPPROG variable, so we
-# always use install-sh in "make install-strip", and initialize
-# STRIPPROG with the value of the STRIP variable (set by the user).
-AC_DEFUN([AM_PROG_INSTALL_STRIP],
-[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
-# Installed binaries are usually stripped using 'strip' when the user
-# run "make install-strip". However 'strip' might not be the right
-# tool to use in cross-compilation environments, therefore Automake
-# will honor the 'STRIP' environment variable to overrule this program.
-dnl Don't test for $cross_compiling = yes, because it might be 'maybe'.
-if test "$cross_compiling" != no; then
- AC_CHECK_TOOL([STRIP], [strip], :)
-fi
-INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
-AC_SUBST([INSTALL_STRIP_PROGRAM])])
-
-# Copyright (C) 2006-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# _AM_SUBST_NOTMAKE(VARIABLE)
-# ---------------------------
-# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
-# This macro is traced by Automake.
-AC_DEFUN([_AM_SUBST_NOTMAKE])
-
-# AM_SUBST_NOTMAKE(VARIABLE)
-# --------------------------
-# Public sister of _AM_SUBST_NOTMAKE.
-AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
-
-# Check how to create a tarball. -*- Autoconf -*-
-
-# Copyright (C) 2004-2021 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# _AM_PROG_TAR(FORMAT)
-# --------------------
-# Check how to create a tarball in format FORMAT.
-# FORMAT should be one of 'v7', 'ustar', or 'pax'.
-#
-# Substitute a variable $(am__tar) that is a command
-# writing to stdout a FORMAT-tarball containing the directory
-# $tardir.
-# tardir=directory && $(am__tar) > result.tar
-#
-# Substitute a variable $(am__untar) that extract such
-# a tarball read from stdin.
-# $(am__untar) < result.tar
-#
-AC_DEFUN([_AM_PROG_TAR],
-[# Always define AMTAR for backward compatibility. Yes, it's still used
-# in the wild :-( We should find a proper way to deprecate it ...
-AC_SUBST([AMTAR], ['$${TAR-tar}'])
-
-# We'll loop over all known methods to create a tar archive until one works.
-_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
-
-m4_if([$1], [v7],
- [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'],
-
- [m4_case([$1],
- [ustar],
- [# The POSIX 1988 'ustar' format is defined with fixed-size fields.
- # There is notably a 21 bits limit for the UID and the GID. In fact,
- # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343
- # and bug#13588).
- am_max_uid=2097151 # 2^21 - 1
- am_max_gid=$am_max_uid
- # The $UID and $GID variables are not portable, so we need to resort
- # to the POSIX-mandated id(1) utility. Errors in the 'id' calls
- # below are definitely unexpected, so allow the users to see them
- # (that is, avoid stderr redirection).
- am_uid=`id -u || echo unknown`
- am_gid=`id -g || echo unknown`
- AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format])
- if test $am_uid -le $am_max_uid; then
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- _am_tools=none
- fi
- AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format])
- if test $am_gid -le $am_max_gid; then
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- _am_tools=none
- fi],
-
- [pax],
- [],
-
- [m4_fatal([Unknown tar format])])
-
- AC_MSG_CHECKING([how to create a $1 tar archive])
-
- # Go ahead even if we have the value already cached. We do so because we
- # need to set the values for the 'am__tar' and 'am__untar' variables.
- _am_tools=${am_cv_prog_tar_$1-$_am_tools}
-
- for _am_tool in $_am_tools; do
- case $_am_tool in
- gnutar)
- for _am_tar in tar gnutar gtar; do
- AM_RUN_LOG([$_am_tar --version]) && break
- done
- am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
- am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
- am__untar="$_am_tar -xf -"
- ;;
- plaintar)
- # Must skip GNU tar: if it does not support --format= it doesn't create
- # ustar tarball either.
- (tar --version) >/dev/null 2>&1 && continue
- am__tar='tar chf - "$$tardir"'
- am__tar_='tar chf - "$tardir"'
- am__untar='tar xf -'
- ;;
- pax)
- am__tar='pax -L -x $1 -w "$$tardir"'
- am__tar_='pax -L -x $1 -w "$tardir"'
- am__untar='pax -r'
- ;;
- cpio)
- am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
- am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
- am__untar='cpio -i -H $1 -d'
- ;;
- none)
- am__tar=false
- am__tar_=false
- am__untar=false
- ;;
- esac
-
- # If the value was cached, stop now. We just wanted to have am__tar
- # and am__untar set.
- test -n "${am_cv_prog_tar_$1}" && break
-
- # tar/untar a dummy directory, and stop if the command works.
- rm -rf conftest.dir
- mkdir conftest.dir
- echo GrepMe > conftest.dir/file
- AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
- rm -rf conftest.dir
- if test -s conftest.tar; then
- AM_RUN_LOG([$am__untar <conftest.tar])
- AM_RUN_LOG([cat conftest.dir/file])
- grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
- fi
- done
- rm -rf conftest.dir
-
- AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
- AC_MSG_RESULT([$am_cv_prog_tar_$1])])
-
-AC_SUBST([am__tar])
-AC_SUBST([am__untar])
-]) # _AM_PROG_TAR
-
diff --git a/libraries/libapparmor/autom4te.cache/output.0 b/libraries/libapparmor/autom4te.cache/output.0
deleted file mode 100644
index a3a08e2ae5fcdb167013f75a93ced571fa52dd1e..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/autom4te.cache/output.0
+++ /dev/null
@@ -1,16585 +0,0 @@
-@%:@! /bin/sh
-@%:@ Guess values for system-dependent variables and create Makefiles.
-@%:@ Generated by GNU Autoconf 2.71.
-@%:@
-@%:@
-@%:@ Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
-@%:@ Inc.
-@%:@
-@%:@
-@%:@ This configure script is free software; the Free Software Foundation
-@%:@ gives unlimited permission to copy, distribute and modify it.
-## -------------------- ##
-## M4sh Initialization. ##
-## -------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-as_nop=:
-if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else $as_nop
- case `(set -o) 2>/dev/null` in @%:@(
- *posix*) :
- set -o posix ;; @%:@(
- *) :
- ;;
-esac
-fi
-
-
-
-# Reset variables that may have inherited troublesome values from
-# the environment.
-
-# IFS needs to be set, to space, tab, and newline, in precisely that order.
-# (If _AS_PATH_WALK were called with IFS unset, it would have the
-# side effect of setting IFS to empty, thus disabling word splitting.)
-# Quoting is to prevent editors from complaining about space-tab.
-as_nl='
-'
-export as_nl
-IFS=" "" $as_nl"
-
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# Ensure predictable behavior from utilities with locale-dependent output.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# We cannot yet rely on "unset" to work, but we need these variables
-# to be unset--not just set to an empty or harmless value--now, to
-# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
-# also avoids known problems related to "unset" and subshell syntax
-# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
-for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
-do eval test \${$as_var+y} \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-
-# Ensure that fds 0, 1, and 2 are open.
-if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
-if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
-if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
-
-# The user is always right.
-if ${PATH_SEPARATOR+false} :; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-# Find who we are. Look in the path if we contain no directory separator.
-as_myself=
-case $0 in @%:@((
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- test -r "$as_dir$0" && as_myself=$as_dir$0 && break
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
-fi
-
-
-# Use a proper internal environment variable to ensure we don't fall
- # into an infinite loop, continuously re-executing ourselves.
- if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
- _as_can_reexec=no; export _as_can_reexec;
- # We cannot yet assume a decent shell, so we have to provide a
-# neutralization value for shells without unset; and this also
-# works around shells that cannot unset nonexistent variables.
-# Preserve -v and -x to the replacement shell.
-BASH_ENV=/dev/null
-ENV=/dev/null
-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-case $- in @%:@ ((((
- *v*x* | *x*v* ) as_opts=-vx ;;
- *v* ) as_opts=-v ;;
- *x* ) as_opts=-x ;;
- * ) as_opts= ;;
-esac
-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-# Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed `exec'.
-printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
-exit 255
- fi
- # We don't want this to propagate to other subprocesses.
- { _as_can_reexec=; unset _as_can_reexec;}
-if test "x$CONFIG_SHELL" = x; then
- as_bourne_compatible="as_nop=:
-if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '\${1+\"\$@\"}'='\"\$@\"'
- setopt NO_GLOB_SUBST
-else \$as_nop
- case \`(set -o) 2>/dev/null\` in @%:@(
- *posix*) :
- set -o posix ;; @%:@(
- *) :
- ;;
-esac
-fi
-"
- as_required="as_fn_return () { (exit \$1); }
-as_fn_success () { as_fn_return 0; }
-as_fn_failure () { as_fn_return 1; }
-as_fn_ret_success () { return 0; }
-as_fn_ret_failure () { return 1; }
-
-exitcode=0
-as_fn_success || { exitcode=1; echo as_fn_success failed.; }
-as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
-as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
-as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
-if ( set x; as_fn_ret_success y && test x = \"\$1\" )
-then :
-
-else \$as_nop
- exitcode=1; echo positional parameters were not saved.
-fi
-test x\$exitcode = x0 || exit 1
-blah=\$(echo \$(echo blah))
-test x\"\$blah\" = xblah || exit 1
-test -x / || exit 1"
- as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
- as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
- eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
- test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
-test \$(( 1 + 1 )) = 2 || exit 1
-
- test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || (
- ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
- ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO
- ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO
- PATH=/empty FPATH=/empty; export PATH FPATH
- test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\
- || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1"
- if (eval "$as_required") 2>/dev/null
-then :
- as_have_required=yes
-else $as_nop
- as_have_required=no
-fi
- if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null
-then :
-
-else $as_nop
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-as_found=false
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- as_found=:
- case $as_dir in @%:@(
- /*)
- for as_base in sh bash ksh sh5; do
- # Try only shells that exist, to save several forks.
- as_shell=$as_dir$as_base
- if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
- as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null
-then :
- CONFIG_SHELL=$as_shell as_have_required=yes
- if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null
-then :
- break 2
-fi
-fi
- done;;
- esac
- as_found=false
-done
-IFS=$as_save_IFS
-if $as_found
-then :
-
-else $as_nop
- if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
- as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null
-then :
- CONFIG_SHELL=$SHELL as_have_required=yes
-fi
-fi
-
-
- if test "x$CONFIG_SHELL" != x
-then :
- export CONFIG_SHELL
- # We cannot yet assume a decent shell, so we have to provide a
-# neutralization value for shells without unset; and this also
-# works around shells that cannot unset nonexistent variables.
-# Preserve -v and -x to the replacement shell.
-BASH_ENV=/dev/null
-ENV=/dev/null
-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-case $- in @%:@ ((((
- *v*x* | *x*v* ) as_opts=-vx ;;
- *v* ) as_opts=-v ;;
- *x* ) as_opts=-x ;;
- * ) as_opts= ;;
-esac
-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-# Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed `exec'.
-printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
-exit 255
-fi
-
- if test x$as_have_required = xno
-then :
- printf "%s\n" "$0: This script requires a shell more modern than all"
- printf "%s\n" "$0: the shells that I found on your system."
- if test ${ZSH_VERSION+y} ; then
- printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should"
- printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later."
- else
- printf "%s\n" "$0: Please tell bug-autoconf@gnu.org about your system,
-$0: including any error possibly output before this
-$0: message. Then install a modern shell, or manually run
-$0: the script under such a shell if you do have one."
- fi
- exit 1
-fi
-fi
-fi
-SHELL=${CONFIG_SHELL-/bin/sh}
-export SHELL
-# Unset more variables known to interfere with behavior of common tools.
-CLICOLOR_FORCE= GREP_OPTIONS=
-unset CLICOLOR_FORCE GREP_OPTIONS
-
-## --------------------- ##
-## M4sh Shell Functions. ##
-## --------------------- ##
-@%:@ as_fn_unset VAR
-@%:@ ---------------
-@%:@ Portably unset VAR.
-as_fn_unset ()
-{
- { eval $1=; unset $1;}
-}
-as_unset=as_fn_unset
-
-
-@%:@ as_fn_set_status STATUS
-@%:@ -----------------------
-@%:@ Set @S|@? to STATUS, without forking.
-as_fn_set_status ()
-{
- return $1
-} @%:@ as_fn_set_status
-
-@%:@ as_fn_exit STATUS
-@%:@ -----------------
-@%:@ Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
-as_fn_exit ()
-{
- set +e
- as_fn_set_status $1
- exit $1
-} @%:@ as_fn_exit
-@%:@ as_fn_nop
-@%:@ ---------
-@%:@ Do nothing but, unlike ":", preserve the value of @S|@?.
-as_fn_nop ()
-{
- return $?
-}
-as_nop=as_fn_nop
-
-@%:@ as_fn_mkdir_p
-@%:@ -------------
-@%:@ Create "@S|@as_dir" as a directory, including parents if necessary.
-as_fn_mkdir_p ()
-{
-
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || eval $as_mkdir_p || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
-
-
-} @%:@ as_fn_mkdir_p
-
-@%:@ as_fn_executable_p FILE
-@%:@ -----------------------
-@%:@ Test if FILE is an executable regular file.
-as_fn_executable_p ()
-{
- test -f "$1" && test -x "$1"
-} @%:@ as_fn_executable_p
-@%:@ as_fn_append VAR VALUE
-@%:@ ----------------------
-@%:@ Append the text in VALUE to the end of the definition contained in VAR. Take
-@%:@ advantage of any shell optimizations that allow amortized linear growth over
-@%:@ repeated appends, instead of the typical quadratic growth present in naive
-@%:@ implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
-then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
-else $as_nop
- as_fn_append ()
- {
- eval $1=\$$1\$2
- }
-fi # as_fn_append
-
-@%:@ as_fn_arith ARG...
-@%:@ ------------------
-@%:@ Perform arithmetic evaluation on the ARGs, and store the result in the
-@%:@ global @S|@as_val. Take advantage of shells that can avoid forks. The arguments
-@%:@ must be portable across @S|@(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
-then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
-else $as_nop
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
- }
-fi # as_fn_arith
-
-@%:@ as_fn_nop
-@%:@ ---------
-@%:@ Do nothing but, unlike ":", preserve the value of @S|@?.
-as_fn_nop ()
-{
- return $?
-}
-as_nop=as_fn_nop
-
-@%:@ as_fn_error STATUS ERROR [LINENO LOG_FD]
-@%:@ ----------------------------------------
-@%:@ Output "`basename @S|@0`: error: ERROR" to stderr. If LINENO and LOG_FD are
-@%:@ provided, also output the error to LOG_FD, referencing LINENO. Then exit the
-@%:@ script with STATUS, using 1 if that was 0.
-as_fn_error ()
-{
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
- printf "%s\n" "$as_me: error: $2" >&2
- as_fn_exit $as_status
-} @%:@ as_fn_error
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-
- as_lineno_1=$LINENO as_lineno_1a=$LINENO
- as_lineno_2=$LINENO as_lineno_2a=$LINENO
- eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
- test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
- # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
- sed -n '
- p
- /[$]LINENO/=
- ' <$as_myself |
- sed '
- s/[$]LINENO.*/&-/
- t lineno
- b
- :lineno
- N
- :loop
- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
- t loop
- s/-\n.*//
- ' >$as_me.lineno &&
- chmod +x "$as_me.lineno" ||
- { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
-
- # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
- # already done that, so ensure we don't try to do so again and fall
- # in an infinite loop. This has already happened in practice.
- _as_can_reexec=no; export _as_can_reexec
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensitive to this).
- . "./$as_me.lineno"
- # Exit status is that of the last command.
- exit
-}
-
-
-# Determine whether it's possible to make 'echo' print without a newline.
-# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
-# for compatibility with existing Makefiles.
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in @%:@(((((
--n*)
- case `echo 'xy\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- xy) ECHO_C='\c';;
- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
- ECHO_T=' ';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-
-# For backward compatibility with old third-party macros, we provide
-# the shell variables $as_echo and $as_echo_n. New code should use
-# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
-as_@&t@echo='printf %s\n'
-as_@&t@echo_n='printf %s'
-
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -pR'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -pR'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -pR'
- fi
-else
- as_ln_s='cp -pR'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p='mkdir -p "$as_dir"'
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-as_test_x='test -x'
-as_executable_p=as_fn_executable_p
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-
-test -n "$DJDIR" || exec 7<&0 </dev/null
-exec 6>&1
-
-# Name of the host.
-# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
-# so uname gets run too.
-ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
-
-#
-# Initializations.
-#
-ac_default_prefix=/usr/local
-ac_clean_files=
-ac_config_libobj_dir=.
-LIB@&t@OBJS=
-cross_compiling=no
-subdirs=
-MFLAGS=
-MAKEFLAGS=
-
-# Identity of this package.
-PACKAGE_NAME=''
-PACKAGE_TARNAME=''
-PACKAGE_VERSION=''
-PACKAGE_STRING=''
-PACKAGE_BUGREPORT=''
-PACKAGE_URL=''
-
-ac_unique_file="configure.ac"
-# Factoring default headers for most tests.
-ac_includes_default="\
-#include <stddef.h>
-#ifdef HAVE_STDIO_H
-# include <stdio.h>
-#endif
-#ifdef HAVE_STDLIB_H
-# include <stdlib.h>
-#endif
-#ifdef HAVE_STRING_H
-# include <string.h>
-#endif
-#ifdef HAVE_INTTYPES_H
-# include <inttypes.h>
-#endif
-#ifdef HAVE_STDINT_H
-# include <stdint.h>
-#endif
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif"
-
-ac_header_c_list=
-ac_subst_vars='am__EXEEXT_FALSE
-am__EXEEXT_TRUE
-LTLIBOBJS
-LIB@&t@OBJS
-LT_SYS_LIBRARY_PATH
-OTOOL64
-OTOOL
-LIPO
-NMEDIT
-DSYMUTIL
-MANIFEST_TOOL
-RANLIB
-ac_ct_AR
-AR
-DLLTOOL
-OBJDUMP
-LN_S
-NM
-ac_ct_DUMPBIN
-DUMPBIN
-LD
-FGREP
-host_os
-host_vendor
-host_cpu
-host
-build_os
-build_vendor
-build_cpu
-build
-LIBTOOL
-EGREP
-GREP
-HAVE_RUBY_FALSE
-HAVE_RUBY_TRUE
-HAVE_PERL_FALSE
-HAVE_PERL_TRUE
-HAVE_PYTHON_FALSE
-HAVE_PYTHON_TRUE
-ENABLE_MAN_PAGES_FALSE
-ENABLE_MAN_PAGES_TRUE
-RUBY
-PERL
-pkgpyexecdir
-pyexecdir
-pkgpythondir
-pythondir
-PYTHON_EXEC_PREFIX
-PYTHON_PREFIX
-PYTHON_PLATFORM
-PYTHON_EXTRA_LDFLAGS
-PYTHON_EXTRA_LIBS
-PYTHON_SITE_PKG
-PYTHON_LDFLAGS
-PYTHON_CPPFLAGS
-PYTHON_CONFIG
-PYTHON_VERSION
-PYTHON
-POD2MAN
-PODCHECKER
-SWIG
-PKG_CONFIG_LIBDIR
-PKG_CONFIG_PATH
-PKG_CONFIG
-SED
-YFLAGS
-YACC
-LEXLIB
-am__fastdepCC_FALSE
-am__fastdepCC_TRUE
-CCDEPMODE
-am__nodep
-AMDEPBACKSLASH
-AMDEP_FALSE
-AMDEP_TRUE
-am__include
-DEPDIR
-OBJEXT
-EXEEXT
-ac_ct_CC
-CPPFLAGS
-LDFLAGS
-CFLAGS
-CC
-LEX_OUTPUT_ROOT
-LEX
-AM_BACKSLASH
-AM_DEFAULT_VERBOSITY
-AM_DEFAULT_V
-AM_V
-CSCOPE
-ETAGS
-CTAGS
-am__untar
-am__tar
-AMTAR
-am__leading_dot
-SET_MAKE
-AWK
-mkdir_p
-MKDIR_P
-INSTALL_STRIP_PROGRAM
-STRIP
-install_sh
-MAKEINFO
-AUTOHEADER
-AUTOMAKE
-AUTOCONF
-ACLOCAL
-VERSION
-PACKAGE
-CYGPATH_W
-am__isrc
-INSTALL_DATA
-INSTALL_SCRIPT
-INSTALL_PROGRAM
-target_alias
-host_alias
-build_alias
-LIBS
-ECHO_T
-ECHO_N
-ECHO_C
-DEFS
-mandir
-localedir
-libdir
-psdir
-pdfdir
-dvidir
-htmldir
-infodir
-docdir
-oldincludedir
-includedir
-runstatedir
-localstatedir
-sharedstatedir
-sysconfdir
-datadir
-datarootdir
-libexecdir
-sbindir
-bindir
-program_transform_name
-prefix
-exec_prefix
-PACKAGE_URL
-PACKAGE_BUGREPORT
-PACKAGE_STRING
-PACKAGE_VERSION
-PACKAGE_TARNAME
-PACKAGE_NAME
-PATH_SEPARATOR
-SHELL
-am__quote'
-ac_subst_files=''
-ac_user_opts='
-enable_option_checking
-enable_silent_rules
-enable_dependency_tracking
-enable_debug_output
-enable_man_pages
-with_python
-with_python_sys_prefix
-with_python_prefix
-with_python_exec_prefix
-with_perl
-with_ruby
-enable_shared
-enable_static
-with_pic
-enable_fast_install
-with_aix_soname
-with_gnu_ld
-with_sysroot
-enable_libtool_lock
-'
- ac_precious_vars='build_alias
-host_alias
-target_alias
-CC
-CFLAGS
-LDFLAGS
-LIBS
-CPPFLAGS
-YACC
-YFLAGS
-PKG_CONFIG
-PKG_CONFIG_PATH
-PKG_CONFIG_LIBDIR
-PYTHON_VERSION
-PYTHON
-LT_SYS_LIBRARY_PATH'
-
-
-# Initialize some variables set by options.
-ac_init_help=
-ac_init_version=false
-ac_unrecognized_opts=
-ac_unrecognized_sep=
-# The variables have the same names as the options, with
-# dashes changed to underlines.
-cache_file=/dev/null
-exec_prefix=NONE
-no_create=
-no_recursion=
-prefix=NONE
-program_prefix=NONE
-program_suffix=NONE
-program_transform_name=s,x,x,
-silent=
-site=
-srcdir=
-verbose=
-x_includes=NONE
-x_libraries=NONE
-
-# Installation directory options.
-# These are left unexpanded so users can "make install exec_prefix=/foo"
-# and all the variables that are supposed to be based on exec_prefix
-# by default will actually change.
-# Use braces instead of parens because sh, perl, etc. also accept them.
-# (The list follows the same order as the GNU Coding Standards.)
-bindir='${exec_prefix}/bin'
-sbindir='${exec_prefix}/sbin'
-libexecdir='${exec_prefix}/libexec'
-datarootdir='${prefix}/share'
-datadir='${datarootdir}'
-sysconfdir='${prefix}/etc'
-sharedstatedir='${prefix}/com'
-localstatedir='${prefix}/var'
-runstatedir='${localstatedir}/run'
-includedir='${prefix}/include'
-oldincludedir='/usr/include'
-docdir='${datarootdir}/doc/${PACKAGE}'
-infodir='${datarootdir}/info'
-htmldir='${docdir}'
-dvidir='${docdir}'
-pdfdir='${docdir}'
-psdir='${docdir}'
-libdir='${exec_prefix}/lib'
-localedir='${datarootdir}/locale'
-mandir='${datarootdir}/man'
-
-ac_prev=
-ac_dashdash=
-for ac_option
-do
- # If the previous option needs an argument, assign it.
- if test -n "$ac_prev"; then
- eval $ac_prev=\$ac_option
- ac_prev=
- continue
- fi
-
- case $ac_option in
- *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
- *=) ac_optarg= ;;
- *) ac_optarg=yes ;;
- esac
-
- case $ac_dashdash$ac_option in
- --)
- ac_dashdash=yes ;;
-
- -bindir | --bindir | --bindi | --bind | --bin | --bi)
- ac_prev=bindir ;;
- -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
- bindir=$ac_optarg ;;
-
- -build | --build | --buil | --bui | --bu)
- ac_prev=build_alias ;;
- -build=* | --build=* | --buil=* | --bui=* | --bu=*)
- build_alias=$ac_optarg ;;
-
- -cache-file | --cache-file | --cache-fil | --cache-fi \
- | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
- ac_prev=cache_file ;;
- -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
- | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
- cache_file=$ac_optarg ;;
-
- --config-cache | -C)
- cache_file=config.cache ;;
-
- -datadir | --datadir | --datadi | --datad)
- ac_prev=datadir ;;
- -datadir=* | --datadir=* | --datadi=* | --datad=*)
- datadir=$ac_optarg ;;
-
- -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
- | --dataroo | --dataro | --datar)
- ac_prev=datarootdir ;;
- -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
- | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
- datarootdir=$ac_optarg ;;
-
- -disable-* | --disable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=no ;;
-
- -docdir | --docdir | --docdi | --doc | --do)
- ac_prev=docdir ;;
- -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
- docdir=$ac_optarg ;;
-
- -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
- ac_prev=dvidir ;;
- -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
- dvidir=$ac_optarg ;;
-
- -enable-* | --enable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=\$ac_optarg ;;
-
- -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
- | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
- | --exec | --exe | --ex)
- ac_prev=exec_prefix ;;
- -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
- | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
- | --exec=* | --exe=* | --ex=*)
- exec_prefix=$ac_optarg ;;
-
- -gas | --gas | --ga | --g)
- # Obsolete; use --with-gas.
- with_gas=yes ;;
-
- -help | --help | --hel | --he | -h)
- ac_init_help=long ;;
- -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
- ac_init_help=recursive ;;
- -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
- ac_init_help=short ;;
-
- -host | --host | --hos | --ho)
- ac_prev=host_alias ;;
- -host=* | --host=* | --hos=* | --ho=*)
- host_alias=$ac_optarg ;;
-
- -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
- ac_prev=htmldir ;;
- -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
- | --ht=*)
- htmldir=$ac_optarg ;;
-
- -includedir | --includedir | --includedi | --included | --include \
- | --includ | --inclu | --incl | --inc)
- ac_prev=includedir ;;
- -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
- | --includ=* | --inclu=* | --incl=* | --inc=*)
- includedir=$ac_optarg ;;
-
- -infodir | --infodir | --infodi | --infod | --info | --inf)
- ac_prev=infodir ;;
- -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
- infodir=$ac_optarg ;;
-
- -libdir | --libdir | --libdi | --libd)
- ac_prev=libdir ;;
- -libdir=* | --libdir=* | --libdi=* | --libd=*)
- libdir=$ac_optarg ;;
-
- -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
- | --libexe | --libex | --libe)
- ac_prev=libexecdir ;;
- -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
- | --libexe=* | --libex=* | --libe=*)
- libexecdir=$ac_optarg ;;
-
- -localedir | --localedir | --localedi | --localed | --locale)
- ac_prev=localedir ;;
- -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
- localedir=$ac_optarg ;;
-
- -localstatedir | --localstatedir | --localstatedi | --localstated \
- | --localstate | --localstat | --localsta | --localst | --locals)
- ac_prev=localstatedir ;;
- -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
- | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
- localstatedir=$ac_optarg ;;
-
- -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
- ac_prev=mandir ;;
- -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
- mandir=$ac_optarg ;;
-
- -nfp | --nfp | --nf)
- # Obsolete; use --without-fp.
- with_fp=no ;;
-
- -no-create | --no-create | --no-creat | --no-crea | --no-cre \
- | --no-cr | --no-c | -n)
- no_create=yes ;;
-
- -no-recursion | --no-recursion | --no-recursio | --no-recursi \
- | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
- no_recursion=yes ;;
-
- -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
- | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
- | --oldin | --oldi | --old | --ol | --o)
- ac_prev=oldincludedir ;;
- -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
- | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
- | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
- oldincludedir=$ac_optarg ;;
-
- -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
- ac_prev=prefix ;;
- -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
- prefix=$ac_optarg ;;
-
- -program-prefix | --program-prefix | --program-prefi | --program-pref \
- | --program-pre | --program-pr | --program-p)
- ac_prev=program_prefix ;;
- -program-prefix=* | --program-prefix=* | --program-prefi=* \
- | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
- program_prefix=$ac_optarg ;;
-
- -program-suffix | --program-suffix | --program-suffi | --program-suff \
- | --program-suf | --program-su | --program-s)
- ac_prev=program_suffix ;;
- -program-suffix=* | --program-suffix=* | --program-suffi=* \
- | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
- program_suffix=$ac_optarg ;;
-
- -program-transform-name | --program-transform-name \
- | --program-transform-nam | --program-transform-na \
- | --program-transform-n | --program-transform- \
- | --program-transform | --program-transfor \
- | --program-transfo | --program-transf \
- | --program-trans | --program-tran \
- | --progr-tra | --program-tr | --program-t)
- ac_prev=program_transform_name ;;
- -program-transform-name=* | --program-transform-name=* \
- | --program-transform-nam=* | --program-transform-na=* \
- | --program-transform-n=* | --program-transform-=* \
- | --program-transform=* | --program-transfor=* \
- | --program-transfo=* | --program-transf=* \
- | --program-trans=* | --program-tran=* \
- | --progr-tra=* | --program-tr=* | --program-t=*)
- program_transform_name=$ac_optarg ;;
-
- -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
- ac_prev=pdfdir ;;
- -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
- pdfdir=$ac_optarg ;;
-
- -psdir | --psdir | --psdi | --psd | --ps)
- ac_prev=psdir ;;
- -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
- psdir=$ac_optarg ;;
-
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- silent=yes ;;
-
- -runstatedir | --runstatedir | --runstatedi | --runstated \
- | --runstate | --runstat | --runsta | --runst | --runs \
- | --run | --ru | --r)
- ac_prev=runstatedir ;;
- -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
- | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
- | --run=* | --ru=* | --r=*)
- runstatedir=$ac_optarg ;;
-
- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
- ac_prev=sbindir ;;
- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
- | --sbi=* | --sb=*)
- sbindir=$ac_optarg ;;
-
- -sharedstatedir | --sharedstatedir | --sharedstatedi \
- | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
- | --sharedst | --shareds | --shared | --share | --shar \
- | --sha | --sh)
- ac_prev=sharedstatedir ;;
- -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
- | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
- | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
- | --sha=* | --sh=*)
- sharedstatedir=$ac_optarg ;;
-
- -site | --site | --sit)
- ac_prev=site ;;
- -site=* | --site=* | --sit=*)
- site=$ac_optarg ;;
-
- -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
- ac_prev=srcdir ;;
- -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
- srcdir=$ac_optarg ;;
-
- -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
- | --syscon | --sysco | --sysc | --sys | --sy)
- ac_prev=sysconfdir ;;
- -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
- | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
- sysconfdir=$ac_optarg ;;
-
- -target | --target | --targe | --targ | --tar | --ta | --t)
- ac_prev=target_alias ;;
- -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
- target_alias=$ac_optarg ;;
-
- -v | -verbose | --verbose | --verbos | --verbo | --verb)
- verbose=yes ;;
-
- -version | --version | --versio | --versi | --vers | -V)
- ac_init_version=: ;;
-
- -with-* | --with-*)
- ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=\$ac_optarg ;;
-
- -without-* | --without-*)
- ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=no ;;
-
- --x)
- # Obsolete; use --with-x.
- with_x=yes ;;
-
- -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
- | --x-incl | --x-inc | --x-in | --x-i)
- ac_prev=x_includes ;;
- -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
- | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
- x_includes=$ac_optarg ;;
-
- -x-libraries | --x-libraries | --x-librarie | --x-librari \
- | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
- ac_prev=x_libraries ;;
- -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
- | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
- x_libraries=$ac_optarg ;;
-
- -*) as_fn_error $? "unrecognized option: \`$ac_option'
-Try \`$0 --help' for more information"
- ;;
-
- *=*)
- ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
- # Reject names that are not valid shell variable names.
- case $ac_envvar in #(
- '' | [0-9]* | *[!_$as_cr_alnum]* )
- as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
- esac
- eval $ac_envvar=\$ac_optarg
- export $ac_envvar ;;
-
- *)
- # FIXME: should be removed in autoconf 3.0.
- printf "%s\n" "$as_me: WARNING: you should use --build, --host, --target" >&2
- expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- printf "%s\n" "$as_me: WARNING: invalid host type: $ac_option" >&2
- : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
- ;;
-
- esac
-done
-
-if test -n "$ac_prev"; then
- ac_option=--`echo $ac_prev | sed 's/_/-/g'`
- as_fn_error $? "missing argument to $ac_option"
-fi
-
-if test -n "$ac_unrecognized_opts"; then
- case $enable_option_checking in
- no) ;;
- fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
- *) printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
- esac
-fi
-
-# Check all directory arguments for consistency.
-for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
- datadir sysconfdir sharedstatedir localstatedir includedir \
- oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
- libdir localedir mandir runstatedir
-do
- eval ac_val=\$$ac_var
- # Remove trailing slashes.
- case $ac_val in
- */ )
- ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
- eval $ac_var=\$ac_val;;
- esac
- # Be sure to have absolute directory names.
- case $ac_val in
- [\\/$]* | ?:[\\/]* ) continue;;
- NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
- esac
- as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
-done
-
-# There might be people who depend on the old broken behavior: `$host'
-# used to hold the argument of --host etc.
-# FIXME: To remove some day.
-build=$build_alias
-host=$host_alias
-target=$target_alias
-
-# FIXME: To remove some day.
-if test "x$host_alias" != x; then
- if test "x$build_alias" = x; then
- cross_compiling=maybe
- elif test "x$build_alias" != "x$host_alias"; then
- cross_compiling=yes
- fi
-fi
-
-ac_tool_prefix=
-test -n "$host_alias" && ac_tool_prefix=$host_alias-
-
-test "$silent" = yes && exec 6>/dev/null
-
-
-ac_pwd=`pwd` && test -n "$ac_pwd" &&
-ac_ls_di=`ls -di .` &&
-ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
- as_fn_error $? "working directory cannot be determined"
-test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
- as_fn_error $? "pwd does not report name of working directory"
-
-
-# Find the source files, if location was not specified.
-if test -z "$srcdir"; then
- ac_srcdir_defaulted=yes
- # Try the directory containing this script, then the parent directory.
- ac_confdir=`$as_dirname -- "$as_myself" ||
-$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_myself" : 'X\(//\)[^/]' \| \
- X"$as_myself" : 'X\(//\)$' \| \
- X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$as_myself" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- srcdir=$ac_confdir
- if test ! -r "$srcdir/$ac_unique_file"; then
- srcdir=..
- fi
-else
- ac_srcdir_defaulted=no
-fi
-if test ! -r "$srcdir/$ac_unique_file"; then
- test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
- as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
-fi
-ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
-ac_abs_confdir=`(
- cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
- pwd)`
-# When building in place, set srcdir=.
-if test "$ac_abs_confdir" = "$ac_pwd"; then
- srcdir=.
-fi
-# Remove unnecessary trailing slashes from srcdir.
-# Double slashes in file names in object file debugging info
-# mess up M-x gdb in Emacs.
-case $srcdir in
-*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
-esac
-for ac_var in $ac_precious_vars; do
- eval ac_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_env_${ac_var}_value=\$${ac_var}
- eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_cv_env_${ac_var}_value=\$${ac_var}
-done
-
-#
-# Report the --help message.
-#
-if test "$ac_init_help" = "long"; then
- # Omit some internal or obsolete options to make the list less imposing.
- # This message is too long to be a string in the A/UX 3.1 sh.
- cat <<_ACEOF
-\`configure' configures this package to adapt to many kinds of systems.
-
-Usage: $0 [OPTION]... [VAR=VALUE]...
-
-To assign environment variables (e.g., CC, CFLAGS...), specify them as
-VAR=VALUE. See below for descriptions of some of the useful variables.
-
-Defaults for the options are specified in brackets.
-
-Configuration:
- -h, --help display this help and exit
- --help=short display options specific to this package
- --help=recursive display the short help of all the included packages
- -V, --version display version information and exit
- -q, --quiet, --silent do not print \`checking ...' messages
- --cache-file=FILE cache test results in FILE [disabled]
- -C, --config-cache alias for \`--cache-file=config.cache'
- -n, --no-create do not create output files
- --srcdir=DIR find the sources in DIR [configure dir or \`..']
-
-Installation directories:
- --prefix=PREFIX install architecture-independent files in PREFIX
- @<:@@S|@ac_default_prefix@:>@
- --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
- @<:@PREFIX@:>@
-
-By default, \`make install' will install all the files in
-\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
-an installation prefix other than \`$ac_default_prefix' using \`--prefix',
-for instance \`--prefix=\$HOME'.
-
-For better control, use the options below.
-
-Fine tuning of the installation directories:
- --bindir=DIR user executables [EPREFIX/bin]
- --sbindir=DIR system admin executables [EPREFIX/sbin]
- --libexecdir=DIR program executables [EPREFIX/libexec]
- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
- --libdir=DIR object code libraries [EPREFIX/lib]
- --includedir=DIR C header files [PREFIX/include]
- --oldincludedir=DIR C header files for non-gcc [/usr/include]
- --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
- --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
- --infodir=DIR info documentation [DATAROOTDIR/info]
- --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
- --mandir=DIR man documentation [DATAROOTDIR/man]
- --docdir=DIR documentation root @<:@DATAROOTDIR/doc/PACKAGE@:>@
- --htmldir=DIR html documentation [DOCDIR]
- --dvidir=DIR dvi documentation [DOCDIR]
- --pdfdir=DIR pdf documentation [DOCDIR]
- --psdir=DIR ps documentation [DOCDIR]
-_ACEOF
-
- cat <<\_ACEOF
-
-Program names:
- --program-prefix=PREFIX prepend PREFIX to installed program names
- --program-suffix=SUFFIX append SUFFIX to installed program names
- --program-transform-name=PROGRAM run sed PROGRAM on installed program names
-
-System types:
- --build=BUILD configure for building on BUILD [guessed]
- --host=HOST cross-compile to build programs to run on HOST [BUILD]
-_ACEOF
-fi
-
-if test -n "$ac_init_help"; then
-
- cat <<\_ACEOF
-
-Optional Features:
- --disable-option-checking ignore unrecognized --enable/--with options
- --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
- --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
- --enable-silent-rules less verbose build output (undo: "make V=1")
- --disable-silent-rules verbose build output (undo: "make V=0")
- --enable-dependency-tracking
- do not reject slow dependency extractors
- --disable-dependency-tracking
- speeds up one-time build
- --enable-debug-output generate the libapparmor debug output @<:@@<:@default=no@:>@@:>@
- --enable-man-pages generate the libapparmor man pages @<:@@<:@default=yes@:>@@:>@
- --enable-shared@<:@=PKGS@:>@ build shared libraries @<:@default=yes@:>@
- --enable-static@<:@=PKGS@:>@ build static libraries @<:@default=yes@:>@
- --enable-fast-install@<:@=PKGS@:>@
- optimize for fast installation @<:@default=yes@:>@
- --disable-libtool-lock avoid locking (might break parallel builds)
-
-Optional Packages:
- --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
- --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
- --with-python enable the python wrapper [default=no]
- --with-python-sys-prefix
- use Python's sys.prefix and sys.exec_prefix values
- --with-python_prefix override the default PYTHON_PREFIX
- --with-python_exec_prefix
- override the default PYTHON_EXEC_PREFIX
- --with-perl enable the perl wrapper [default=no]
- --with-ruby enable the ruby wrapper [default=no]
- --with-pic@<:@=PKGS@:>@ try to use only PIC/non-PIC objects @<:@default=use
- both@:>@
- --with-aix-soname=aix|svr4|both
- shared library versioning (aka "SONAME") variant to
- provide on AIX, @<:@default=aix@:>@.
- --with-gnu-ld assume the C compiler uses GNU ld @<:@default=no@:>@
- --with-sysroot@<:@=DIR@:>@ Search for dependent libraries within DIR (or the
- compiler's sysroot if not specified).
-
-Some influential environment variables:
- CC C compiler command
- CFLAGS C compiler flags
- LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
- nonstandard directory <lib dir>
- LIBS libraries to pass to the linker, e.g. -l<library>
- CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
- you have headers in a nonstandard directory <include dir>
- YACC The `Yet Another Compiler Compiler' implementation to use.
- Defaults to the first program found out of: `bison -y', `byacc',
- `yacc'.
- YFLAGS The list of arguments that will be passed by default to @S|@YACC.
- This script will default YFLAGS to the empty string to avoid a
- default value of `-d' given by some make applications.
- PKG_CONFIG path to pkg-config utility
- PKG_CONFIG_PATH
- directories to add to pkg-config's search path
- PKG_CONFIG_LIBDIR
- path overriding pkg-config's built-in search path
- PYTHON_VERSION
- The installed Python version to use, for example '2.3'. This
- string will be appended to the Python interpreter canonical
- name.
- PYTHON the Python interpreter
- LT_SYS_LIBRARY_PATH
- User-defined run-time library search path.
-
-Use these variables to override the choices made by `configure' or to help
-it to find libraries and programs with nonstandard names/locations.
-
-Report bugs to the package provider.
-_ACEOF
-ac_status=$?
-fi
-
-if test "$ac_init_help" = "recursive"; then
- # If there are subdirs, report their specific --help.
- for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
- test -d "$ac_dir" ||
- { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
- continue
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
- cd "$ac_dir" || { ac_status=$?; continue; }
- # Check for configure.gnu first; this name is used for a wrapper for
- # Metaconfig's "Configure" on case-insensitive file systems.
- if test -f "$ac_srcdir/configure.gnu"; then
- echo &&
- $SHELL "$ac_srcdir/configure.gnu" --help=recursive
- elif test -f "$ac_srcdir/configure"; then
- echo &&
- $SHELL "$ac_srcdir/configure" --help=recursive
- else
- printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2
- fi || ac_status=$?
- cd "$ac_pwd" || { ac_status=$?; break; }
- done
-fi
-
-test -n "$ac_init_help" && exit $ac_status
-if $ac_init_version; then
- cat <<\_ACEOF
-configure
-generated by GNU Autoconf 2.71
-
-Copyright (C) 2021 Free Software Foundation, Inc.
-This configure script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it.
-_ACEOF
- exit
-fi
-
-## ------------------------ ##
-## Autoconf initialization. ##
-## ------------------------ ##
-
-@%:@ ac_fn_c_try_compile LINENO
-@%:@ --------------------------
-@%:@ Try to compile conftest.@S|@ac_ext, and return whether this succeeded.
-ac_fn_c_try_compile ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext conftest.beam
- if { { ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext
-then :
- ac_retval=0
-else $as_nop
- printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} @%:@ ac_fn_c_try_compile
-
-@%:@ ac_fn_c_try_link LINENO
-@%:@ -----------------------
-@%:@ Try to link conftest.@S|@ac_ext, and return whether this succeeded.
-ac_fn_c_try_link ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext
- if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext && {
- test "$cross_compiling" = yes ||
- test -x conftest$ac_exeext
- }
-then :
- ac_retval=0
-else $as_nop
- printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
- # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
- # interfere with the next link command; also delete a directory that is
- # left behind by Apple's compiler. We do this before executing the actions.
- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} @%:@ ac_fn_c_try_link
-
-@%:@ ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
-@%:@ -------------------------------------------------------
-@%:@ Tests whether HEADER exists and can be compiled using the include files in
-@%:@ INCLUDES, setting the cache variable VAR accordingly.
-ac_fn_c_check_header_compile ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-printf %s "checking for $2... " >&6; }
-if eval test \${$3+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-@%:@include <$2>
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- eval "$3=yes"
-else $as_nop
- eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-printf "%s\n" "$ac_res" >&6; }
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} @%:@ ac_fn_c_check_header_compile
-
-@%:@ ac_fn_c_check_func LINENO FUNC VAR
-@%:@ ----------------------------------
-@%:@ Tests whether FUNC exists, setting the cache variable VAR accordingly
-ac_fn_c_check_func ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-printf %s "checking for $2... " >&6; }
-if eval test \${$3+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define $2 innocuous_$2
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $2 (); below. */
-
-#include <limits.h>
-#undef $2
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $2 ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined __stub_$2 || defined __stub___$2
-choke me
-#endif
-
-int
-main (void)
-{
-return $2 ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- eval "$3=yes"
-else $as_nop
- eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-printf "%s\n" "$ac_res" >&6; }
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} @%:@ ac_fn_c_check_func
-ac_configure_args_raw=
-for ac_arg
-do
- case $ac_arg in
- *\'*)
- ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- as_fn_append ac_configure_args_raw " '$ac_arg'"
-done
-
-case $ac_configure_args_raw in
- *$as_nl*)
- ac_safe_unquote= ;;
- *)
- ac_unsafe_z='|&;<>()$`\\"*?@<:@ '' ' # This string ends in space, tab.
- ac_unsafe_a="$ac_unsafe_z#~"
- ac_safe_unquote="s/ '\\([^$ac_unsafe_a][^$ac_unsafe_z]*\\)'/ \\1/g"
- ac_configure_args_raw=` printf "%s\n" "$ac_configure_args_raw" | sed "$ac_safe_unquote"`;;
-esac
-
-cat >config.log <<_ACEOF
-This file contains any messages produced by compilers while
-running configure, to aid debugging if configure makes a mistake.
-
-It was created by $as_me, which was
-generated by GNU Autoconf 2.71. Invocation command line was
-
- $ $0$ac_configure_args_raw
-
-_ACEOF
-exec 5>>config.log
-{
-cat <<_ASUNAME
-## --------- ##
-## Platform. ##
-## --------- ##
-
-hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
-/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
-
-/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
-/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
-/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
-/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
-/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
-/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
-
-_ASUNAME
-
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- printf "%s\n" "PATH: $as_dir"
- done
-IFS=$as_save_IFS
-
-} >&5
-
-cat >&5 <<_ACEOF
-
-
-## ----------- ##
-## Core tests. ##
-## ----------- ##
-
-_ACEOF
-
-
-# Keep a trace of the command line.
-# Strip out --no-create and --no-recursion so they do not pile up.
-# Strip out --silent because we don't want to record it for future runs.
-# Also quote any args containing shell meta-characters.
-# Make two passes to allow for proper duplicate-argument suppression.
-ac_configure_args=
-ac_configure_args0=
-ac_configure_args1=
-ac_must_keep_next=false
-for ac_pass in 1 2
-do
- for ac_arg
- do
- case $ac_arg in
- -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- continue ;;
- *\'*)
- ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- case $ac_pass in
- 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
- 2)
- as_fn_append ac_configure_args1 " '$ac_arg'"
- if test $ac_must_keep_next = true; then
- ac_must_keep_next=false # Got value, back to normal.
- else
- case $ac_arg in
- *=* | --config-cache | -C | -disable-* | --disable-* \
- | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
- | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
- | -with-* | --with-* | -without-* | --without-* | --x)
- case "$ac_configure_args0 " in
- "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
- esac
- ;;
- -* ) ac_must_keep_next=true ;;
- esac
- fi
- as_fn_append ac_configure_args " '$ac_arg'"
- ;;
- esac
- done
-done
-{ ac_configure_args0=; unset ac_configure_args0;}
-{ ac_configure_args1=; unset ac_configure_args1;}
-
-# When interrupted or exit'd, cleanup temporary files, and complete
-# config.log. We remove comments because anyway the quotes in there
-# would cause problems or look ugly.
-# WARNING: Use '\'' to represent an apostrophe within the trap.
-# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
-trap 'exit_status=$?
- # Sanitize IFS.
- IFS=" "" $as_nl"
- # Save into config.log some information that might help in debugging.
- {
- echo
-
- printf "%s\n" "## ---------------- ##
-## Cache variables. ##
-## ---------------- ##"
- echo
- # The following way of writing the cache mishandles newlines in values,
-(
- for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) { eval $ac_var=; unset $ac_var;} ;;
- esac ;;
- esac
- done
- (set) 2>&1 |
- case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- sed -n \
- "s/'\''/'\''\\\\'\'''\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
- ;; #(
- *)
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-)
- echo
-
- printf "%s\n" "## ----------------- ##
-## Output variables. ##
-## ----------------- ##"
- echo
- for ac_var in $ac_subst_vars
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- printf "%s\n" "$ac_var='\''$ac_val'\''"
- done | sort
- echo
-
- if test -n "$ac_subst_files"; then
- printf "%s\n" "## ------------------- ##
-## File substitutions. ##
-## ------------------- ##"
- echo
- for ac_var in $ac_subst_files
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- printf "%s\n" "$ac_var='\''$ac_val'\''"
- done | sort
- echo
- fi
-
- if test -s confdefs.h; then
- printf "%s\n" "## ----------- ##
-## confdefs.h. ##
-## ----------- ##"
- echo
- cat confdefs.h
- echo
- fi
- test "$ac_signal" != 0 &&
- printf "%s\n" "$as_me: caught signal $ac_signal"
- printf "%s\n" "$as_me: exit $exit_status"
- } >&5
- rm -f core *.core core.conftest.* &&
- rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
- exit $exit_status
-' 0
-for ac_signal in 1 2 13 15; do
- trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
-done
-ac_signal=0
-
-# confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -f -r conftest* confdefs.h
-
-printf "%s\n" "/* confdefs.h */" > confdefs.h
-
-# Predefined preprocessor variables.
-
-printf "%s\n" "@%:@define PACKAGE_NAME \"$PACKAGE_NAME\"" >>confdefs.h
-
-printf "%s\n" "@%:@define PACKAGE_TARNAME \"$PACKAGE_TARNAME\"" >>confdefs.h
-
-printf "%s\n" "@%:@define PACKAGE_VERSION \"$PACKAGE_VERSION\"" >>confdefs.h
-
-printf "%s\n" "@%:@define PACKAGE_STRING \"$PACKAGE_STRING\"" >>confdefs.h
-
-printf "%s\n" "@%:@define PACKAGE_BUGREPORT \"$PACKAGE_BUGREPORT\"" >>confdefs.h
-
-printf "%s\n" "@%:@define PACKAGE_URL \"$PACKAGE_URL\"" >>confdefs.h
-
-
-# Let the site file select an alternate cache file if it wants to.
-# Prefer an explicitly selected file to automatically selected ones.
-if test -n "$CONFIG_SITE"; then
- ac_site_files="$CONFIG_SITE"
-elif test "x$prefix" != xNONE; then
- ac_site_files="$prefix/share/config.site $prefix/etc/config.site"
-else
- ac_site_files="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
-fi
-
-for ac_site_file in $ac_site_files
-do
- case $ac_site_file in @%:@(
- */*) :
- ;; @%:@(
- *) :
- ac_site_file=./$ac_site_file ;;
-esac
- if test -f "$ac_site_file" && test -r "$ac_site_file"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
-printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;}
- sed 's/^/| /' "$ac_site_file" >&5
- . "$ac_site_file" \
- || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "failed to load site script $ac_site_file
-See \`config.log' for more details" "$LINENO" 5; }
- fi
-done
-
-if test -r "$cache_file"; then
- # Some versions of bash will fail to source /dev/null (special files
- # actually), so we avoid doing that. DJGPP emulates it as a regular file.
- if test /dev/null != "$cache_file" && test -f "$cache_file"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
-printf "%s\n" "$as_me: loading cache $cache_file" >&6;}
- case $cache_file in
- [\\/]* | ?:[\\/]* ) . "$cache_file";;
- *) . "./$cache_file";;
- esac
- fi
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
-printf "%s\n" "$as_me: creating cache $cache_file" >&6;}
- >$cache_file
-fi
-
-# Test code for whether the C compiler supports C89 (global declarations)
-ac_c_conftest_c89_globals='
-/* Does the compiler advertise C89 conformance?
- Do not test the value of __STDC__, because some compilers set it to 0
- while being otherwise adequately conformant. */
-#if !defined __STDC__
-# error "Compiler does not advertise C89 conformance"
-#endif
-
-#include <stddef.h>
-#include <stdarg.h>
-struct stat;
-/* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */
-struct buf { int x; };
-struct buf * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
- char **p;
- int i;
-{
- return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
- char *s;
- va_list v;
- va_start (v,p);
- s = g (p, va_arg (v,int));
- va_end (v);
- return s;
-}
-
-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
- function prototypes and stuff, but not \xHH hex character constants.
- These do not provoke an error unfortunately, instead are silently treated
- as an "x". The following induces an error, until -std is added to get
- proper ANSI mode. Curiously \x00 != x always comes out true, for an
- array size at least. It is necessary to write \x00 == 0 to get something
- that is true only with -std. */
-int osf4_cc_array ['\''\x00'\'' == 0 ? 1 : -1];
-
-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
- inside strings and character constants. */
-#define FOO(x) '\''x'\''
-int xlc6_cc_array[FOO(a) == '\''x'\'' ? 1 : -1];
-
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, int *(*)(struct buf *, struct stat *, int),
- int, int);'
-
-# Test code for whether the C compiler supports C89 (body of main).
-ac_c_conftest_c89_main='
-ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]);
-'
-
-# Test code for whether the C compiler supports C99 (global declarations)
-ac_c_conftest_c99_globals='
-// Does the compiler advertise C99 conformance?
-#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L
-# error "Compiler does not advertise C99 conformance"
-#endif
-
-#include <stdbool.h>
-extern int puts (const char *);
-extern int printf (const char *, ...);
-extern int dprintf (int, const char *, ...);
-extern void *malloc (size_t);
-
-// Check varargs macros. These examples are taken from C99 6.10.3.5.
-// dprintf is used instead of fprintf to avoid needing to declare
-// FILE and stderr.
-#define debug(...) dprintf (2, __VA_ARGS__)
-#define showlist(...) puts (#__VA_ARGS__)
-#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
-static void
-test_varargs_macros (void)
-{
- int x = 1234;
- int y = 5678;
- debug ("Flag");
- debug ("X = %d\n", x);
- showlist (The first, second, and third items.);
- report (x>y, "x is %d but y is %d", x, y);
-}
-
-// Check long long types.
-#define BIG64 18446744073709551615ull
-#define BIG32 4294967295ul
-#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
-#if !BIG_OK
- #error "your preprocessor is broken"
-#endif
-#if BIG_OK
-#else
- #error "your preprocessor is broken"
-#endif
-static long long int bignum = -9223372036854775807LL;
-static unsigned long long int ubignum = BIG64;
-
-struct incomplete_array
-{
- int datasize;
- double data[];
-};
-
-struct named_init {
- int number;
- const wchar_t *name;
- double average;
-};
-
-typedef const char *ccp;
-
-static inline int
-test_restrict (ccp restrict text)
-{
- // See if C++-style comments work.
- // Iterate through items via the restricted pointer.
- // Also check for declarations in for loops.
- for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i)
- continue;
- return 0;
-}
-
-// Check varargs and va_copy.
-static bool
-test_varargs (const char *format, ...)
-{
- va_list args;
- va_start (args, format);
- va_list args_copy;
- va_copy (args_copy, args);
-
- const char *str = "";
- int number = 0;
- float fnumber = 0;
-
- while (*format)
- {
- switch (*format++)
- {
- case '\''s'\'': // string
- str = va_arg (args_copy, const char *);
- break;
- case '\''d'\'': // int
- number = va_arg (args_copy, int);
- break;
- case '\''f'\'': // float
- fnumber = va_arg (args_copy, double);
- break;
- default:
- break;
- }
- }
- va_end (args_copy);
- va_end (args);
-
- return *str && number && fnumber;
-}
-'
-
-# Test code for whether the C compiler supports C99 (body of main).
-ac_c_conftest_c99_main='
- // Check bool.
- _Bool success = false;
- success |= (argc != 0);
-
- // Check restrict.
- if (test_restrict ("String literal") == 0)
- success = true;
- char *restrict newvar = "Another string";
-
- // Check varargs.
- success &= test_varargs ("s, d'\'' f .", "string", 65, 34.234);
- test_varargs_macros ();
-
- // Check flexible array members.
- struct incomplete_array *ia =
- malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
- ia->datasize = 10;
- for (int i = 0; i < ia->datasize; ++i)
- ia->data[i] = i * 1.234;
-
- // Check named initializers.
- struct named_init ni = {
- .number = 34,
- .name = L"Test wide string",
- .average = 543.34343,
- };
-
- ni.number = 58;
-
- int dynamic_array[ni.number];
- dynamic_array[0] = argv[0][0];
- dynamic_array[ni.number - 1] = 543;
-
- // work around unused variable warnings
- ok |= (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == '\''x'\''
- || dynamic_array[ni.number - 1] != 543);
-'
-
-# Test code for whether the C compiler supports C11 (global declarations)
-ac_c_conftest_c11_globals='
-// Does the compiler advertise C11 conformance?
-#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L
-# error "Compiler does not advertise C11 conformance"
-#endif
-
-// Check _Alignas.
-char _Alignas (double) aligned_as_double;
-char _Alignas (0) no_special_alignment;
-extern char aligned_as_int;
-char _Alignas (0) _Alignas (int) aligned_as_int;
-
-// Check _Alignof.
-enum
-{
- int_alignment = _Alignof (int),
- int_array_alignment = _Alignof (int[100]),
- char_alignment = _Alignof (char)
-};
-_Static_assert (0 < -_Alignof (int), "_Alignof is signed");
-
-// Check _Noreturn.
-int _Noreturn does_not_return (void) { for (;;) continue; }
-
-// Check _Static_assert.
-struct test_static_assert
-{
- int x;
- _Static_assert (sizeof (int) <= sizeof (long int),
- "_Static_assert does not work in struct");
- long int y;
-};
-
-// Check UTF-8 literals.
-#define u8 syntax error!
-char const utf8_literal[] = u8"happens to be ASCII" "another string";
-
-// Check duplicate typedefs.
-typedef long *long_ptr;
-typedef long int *long_ptr;
-typedef long_ptr long_ptr;
-
-// Anonymous structures and unions -- taken from C11 6.7.2.1 Example 1.
-struct anonymous
-{
- union {
- struct { int i; int j; };
- struct { int k; long int l; } w;
- };
- int m;
-} v1;
-'
-
-# Test code for whether the C compiler supports C11 (body of main).
-ac_c_conftest_c11_main='
- _Static_assert ((offsetof (struct anonymous, i)
- == offsetof (struct anonymous, w.k)),
- "Anonymous union alignment botch");
- v1.i = 2;
- v1.w.k = 5;
- ok |= v1.i != 5;
-'
-
-# Test code for whether the C compiler supports C11 (complete).
-ac_c_conftest_c11_program="${ac_c_conftest_c89_globals}
-${ac_c_conftest_c99_globals}
-${ac_c_conftest_c11_globals}
-
-int
-main (int argc, char **argv)
-{
- int ok = 0;
- ${ac_c_conftest_c89_main}
- ${ac_c_conftest_c99_main}
- ${ac_c_conftest_c11_main}
- return ok;
-}
-"
-
-# Test code for whether the C compiler supports C99 (complete).
-ac_c_conftest_c99_program="${ac_c_conftest_c89_globals}
-${ac_c_conftest_c99_globals}
-
-int
-main (int argc, char **argv)
-{
- int ok = 0;
- ${ac_c_conftest_c89_main}
- ${ac_c_conftest_c99_main}
- return ok;
-}
-"
-
-# Test code for whether the C compiler supports C89 (complete).
-ac_c_conftest_c89_program="${ac_c_conftest_c89_globals}
-
-int
-main (int argc, char **argv)
-{
- int ok = 0;
- ${ac_c_conftest_c89_main}
- return ok;
-}
-"
-
-as_fn_append ac_header_c_list " stdio.h stdio_h HAVE_STDIO_H"
-as_fn_append ac_header_c_list " stdlib.h stdlib_h HAVE_STDLIB_H"
-as_fn_append ac_header_c_list " string.h string_h HAVE_STRING_H"
-as_fn_append ac_header_c_list " inttypes.h inttypes_h HAVE_INTTYPES_H"
-as_fn_append ac_header_c_list " stdint.h stdint_h HAVE_STDINT_H"
-as_fn_append ac_header_c_list " strings.h strings_h HAVE_STRINGS_H"
-as_fn_append ac_header_c_list " sys/stat.h sys_stat_h HAVE_SYS_STAT_H"
-as_fn_append ac_header_c_list " sys/types.h sys_types_h HAVE_SYS_TYPES_H"
-as_fn_append ac_header_c_list " unistd.h unistd_h HAVE_UNISTD_H"
-
-# Auxiliary files required by this configure script.
-ac_aux_files="config.guess config.sub ltmain.sh compile missing install-sh"
-
-# Locations in which to look for auxiliary files.
-ac_aux_dir_candidates="${srcdir}${PATH_SEPARATOR}${srcdir}/..${PATH_SEPARATOR}${srcdir}/../.."
-
-# Search for a directory containing all of the required auxiliary files,
-# $ac_aux_files, from the $PATH-style list $ac_aux_dir_candidates.
-# If we don't find one directory that contains all the files we need,
-# we report the set of missing files from the *first* directory in
-# $ac_aux_dir_candidates and give up.
-ac_missing_aux_files=""
-ac_first_candidate=:
-printf "%s\n" "$as_me:${as_lineno-$LINENO}: looking for aux files: $ac_aux_files" >&5
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-as_found=false
-for as_dir in $ac_aux_dir_candidates
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- as_found=:
-
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: trying $as_dir" >&5
- ac_aux_dir_found=yes
- ac_install_sh=
- for ac_aux in $ac_aux_files
- do
- # As a special case, if "install-sh" is required, that requirement
- # can be satisfied by any of "install-sh", "install.sh", or "shtool",
- # and $ac_install_sh is set appropriately for whichever one is found.
- if test x"$ac_aux" = x"install-sh"
- then
- if test -f "${as_dir}install-sh"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install-sh found" >&5
- ac_install_sh="${as_dir}install-sh -c"
- elif test -f "${as_dir}install.sh"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install.sh found" >&5
- ac_install_sh="${as_dir}install.sh -c"
- elif test -f "${as_dir}shtool"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}shtool found" >&5
- ac_install_sh="${as_dir}shtool install -c"
- else
- ac_aux_dir_found=no
- if $ac_first_candidate; then
- ac_missing_aux_files="${ac_missing_aux_files} install-sh"
- else
- break
- fi
- fi
- else
- if test -f "${as_dir}${ac_aux}"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}${ac_aux} found" >&5
- else
- ac_aux_dir_found=no
- if $ac_first_candidate; then
- ac_missing_aux_files="${ac_missing_aux_files} ${ac_aux}"
- else
- break
- fi
- fi
- fi
- done
- if test "$ac_aux_dir_found" = yes; then
- ac_aux_dir="$as_dir"
- break
- fi
- ac_first_candidate=false
-
- as_found=false
-done
-IFS=$as_save_IFS
-if $as_found
-then :
-
-else $as_nop
- as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5
-fi
-
-
-# These three variables are undocumented and unsupported,
-# and are intended to be withdrawn in a future Autoconf release.
-# They can cause serious problems if a builder's source tree is in a directory
-# whose full name contains unusual characters.
-if test -f "${ac_aux_dir}config.guess"; then
- ac_@&t@config_guess="$SHELL ${ac_aux_dir}config.guess"
-fi
-if test -f "${ac_aux_dir}config.sub"; then
- ac_@&t@config_sub="$SHELL ${ac_aux_dir}config.sub"
-fi
-if test -f "$ac_aux_dir/configure"; then
- ac_@&t@configure="$SHELL ${ac_aux_dir}configure"
-fi
-
-# Check that the precious variables saved in the cache have kept the same
-# value.
-ac_cache_corrupted=false
-for ac_var in $ac_precious_vars; do
- eval ac_old_set=\$ac_cv_env_${ac_var}_set
- eval ac_new_set=\$ac_env_${ac_var}_set
- eval ac_old_val=\$ac_cv_env_${ac_var}_value
- eval ac_new_val=\$ac_env_${ac_var}_value
- case $ac_old_set,$ac_new_set in
- set,)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,set)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,);;
- *)
- if test "x$ac_old_val" != "x$ac_new_val"; then
- # differences in whitespace do not lead to failure.
- ac_old_val_w=`echo x $ac_old_val`
- ac_new_val_w=`echo x $ac_new_val`
- if test "$ac_old_val_w" != "$ac_new_val_w"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
- ac_cache_corrupted=:
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
-printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
- eval $ac_var=\$ac_old_val
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
-printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;}
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
-printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;}
- fi;;
- esac
- # Pass precious variables to config.status.
- if test "$ac_new_set" = set; then
- case $ac_new_val in
- *\'*) ac_arg=$ac_var=`printf "%s\n" "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
- *) ac_arg=$ac_var=$ac_new_val ;;
- esac
- case " $ac_configure_args " in
- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
- *) as_fn_append ac_configure_args " '$ac_arg'" ;;
- esac
- fi
-done
-if $ac_cache_corrupted; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
-printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;}
- as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file'
- and start over" "$LINENO" 5
-fi
-## -------------------- ##
-## Main body of script. ##
-## -------------------- ##
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-am__api_version='1.16'
-
-
-
- # Find a good install program. We prefer a C program (faster),
-# so one script is as good as another. But avoid the broken or
-# incompatible versions:
-# SysV /etc/install, /usr/sbin/install
-# SunOS /usr/etc/install
-# IRIX /sbin/install
-# AIX /bin/install
-# AmigaOS /C/install, which installs bootblocks on floppy discs
-# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
-# AFS /usr/afsws/bin/install, which mishandles nonexistent args
-# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
-# OS/2's system install, which has a completely different semantic
-# ./install, which can be erroneously created by make from ./install.sh.
-# Reject install programs that cannot install multiple files.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
-printf %s "checking for a BSD-compatible install... " >&6; }
-if test -z "$INSTALL"; then
-if test ${ac_cv_path_install+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- # Account for fact that we put trailing slashes in our PATH walk.
-case $as_dir in @%:@((
- ./ | /[cC]/* | \
- /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
- ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
- /usr/ucb/* ) ;;
- *)
- # OSF1 and SCO ODT 3.0 have their own names for install.
- # Don't use installbsd from OSF since it installs stuff as root
- # by default.
- for ac_prog in ginstall scoinst install; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext"; then
- if test $ac_prog = install &&
- grep dspmsg "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # AIX install. It has an incompatible calling convention.
- :
- elif test $ac_prog = install &&
- grep pwplus "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # program-specific install script used by HP pwplus--don't use.
- :
- else
- rm -rf conftest.one conftest.two conftest.dir
- echo one > conftest.one
- echo two > conftest.two
- mkdir conftest.dir
- if "$as_dir$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir/" &&
- test -s conftest.one && test -s conftest.two &&
- test -s conftest.dir/conftest.one &&
- test -s conftest.dir/conftest.two
- then
- ac_cv_path_install="$as_dir$ac_prog$ac_exec_ext -c"
- break 3
- fi
- fi
- fi
- done
- done
- ;;
-esac
-
- done
-IFS=$as_save_IFS
-
-rm -rf conftest.one conftest.two conftest.dir
-
-fi
- if test ${ac_cv_path_install+y}; then
- INSTALL=$ac_cv_path_install
- else
- # As a last resort, use the slow shell script. Don't cache a
- # value for INSTALL within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the value is a relative name.
- INSTALL=$ac_install_sh
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
-printf "%s\n" "$INSTALL" >&6; }
-
-# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
-# It thinks the first close brace ends the variable substitution.
-test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
-
-test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
-
-test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
-printf %s "checking whether build environment is sane... " >&6; }
-# Reject unsafe characters in $srcdir or the absolute working directory
-# name. Accept space and tab only in the latter.
-am_lf='
-'
-case `pwd` in
- *[\\\"\#\$\&\'\`$am_lf]*)
- as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;;
-esac
-case $srcdir in
- *[\\\"\#\$\&\'\`$am_lf\ \ ]*)
- as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;;
-esac
-
-# Do 'set' in a subshell so we don't clobber the current shell's
-# arguments. Must try -L first in case configure is actually a
-# symlink; some systems play weird games with the mod time of symlinks
-# (eg FreeBSD returns the mod time of the symlink's containing
-# directory).
-if (
- am_has_slept=no
- for am_try in 1 2; do
- echo "timestamp, slept: $am_has_slept" > conftest.file
- set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
- if test "$*" = "X"; then
- # -L didn't work.
- set X `ls -t "$srcdir/configure" conftest.file`
- fi
- if test "$*" != "X $srcdir/configure conftest.file" \
- && test "$*" != "X conftest.file $srcdir/configure"; then
-
- # If neither matched, then we have a broken ls. This can happen
- # if, for instance, CONFIG_SHELL is bash and it inherits a
- # broken ls alias from the environment. This has actually
- # happened. Such a system could not be considered "sane".
- as_fn_error $? "ls -t appears to fail. Make sure there is not a broken
- alias in your environment" "$LINENO" 5
- fi
- if test "$2" = conftest.file || test $am_try -eq 2; then
- break
- fi
- # Just in case.
- sleep 1
- am_has_slept=yes
- done
- test "$2" = conftest.file
- )
-then
- # Ok.
- :
-else
- as_fn_error $? "newly created file is older than distributed files!
-Check your system clock" "$LINENO" 5
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-# If we didn't sleep, we still need to ensure time stamps of config.status and
-# generated files are strictly newer.
-am_sleep_pid=
-if grep 'slept: no' conftest.file >/dev/null 2>&1; then
- ( sleep 1 ) &
- am_sleep_pid=$!
-fi
-
-rm -f conftest.file
-
-test "$program_prefix" != NONE &&
- program_transform_name="s&^&$program_prefix&;$program_transform_name"
-# Use a double $ so make ignores it.
-test "$program_suffix" != NONE &&
- program_transform_name="s&\$&$program_suffix&;$program_transform_name"
-# Double any \ or $.
-# By default was `s,x,x', remove it if useless.
-ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
-program_transform_name=`printf "%s\n" "$program_transform_name" | sed "$ac_script"`
-
-
-# Expand $ac_aux_dir to an absolute path.
-am_aux_dir=`cd "$ac_aux_dir" && pwd`
-
-
- if test x"${MISSING+set}" != xset; then
- MISSING="\${SHELL} '$am_aux_dir/missing'"
-fi
-# Use eval to expand $SHELL
-if eval "$MISSING --is-lightweight"; then
- am_missing_run="$MISSING "
-else
- am_missing_run=
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5
-printf "%s\n" "$as_me: WARNING: 'missing' script is too old or missing" >&2;}
-fi
-
-if test x"${install_sh+set}" != xset; then
- case $am_aux_dir in
- *\ * | *\ *)
- install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
- *)
- install_sh="\${SHELL} $am_aux_dir/install-sh"
- esac
-fi
-
-# Installed binaries are usually stripped using 'strip' when the user
-# run "make install-strip". However 'strip' might not be the right
-# tool to use in cross-compilation environments, therefore Automake
-# will honor the 'STRIP' environment variable to overrule this program.
-if test "$cross_compiling" != no; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$STRIP"; then
- ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-printf "%s\n" "$STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
- ac_ct_STRIP=$STRIP
- # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_STRIP"; then
- ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_STRIP="strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-printf "%s\n" "$ac_ct_STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_STRIP" = x; then
- STRIP=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- STRIP=$ac_ct_STRIP
- fi
-else
- STRIP="$ac_cv_prog_STRIP"
-fi
-
-fi
-INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a race-free mkdir -p" >&5
-printf %s "checking for a race-free mkdir -p... " >&6; }
-if test -z "$MKDIR_P"; then
- if test ${ac_cv_path_mkdir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in mkdir gmkdir; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext" || continue
- case `"$as_dir$ac_prog$ac_exec_ext" --version 2>&1` in #(
- 'mkdir ('*'coreutils) '* | \
- 'BusyBox '* | \
- 'mkdir (fileutils) '4.1*)
- ac_cv_path_mkdir=$as_dir$ac_prog$ac_exec_ext
- break 3;;
- esac
- done
- done
- done
-IFS=$as_save_IFS
-
-fi
-
- test -d ./--version && rmdir ./--version
- if test ${ac_cv_path_mkdir+y}; then
- MKDIR_P="$ac_cv_path_mkdir -p"
- else
- # As a last resort, use the slow shell script. Don't cache a
- # value for MKDIR_P within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the value is a relative name.
- MKDIR_P="$ac_install_sh -d"
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
-printf "%s\n" "$MKDIR_P" >&6; }
-
-for ac_prog in gawk mawk nawk awk
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_AWK+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$AWK"; then
- ac_cv_prog_AWK="$AWK" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_AWK="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-AWK=$ac_cv_prog_AWK
-if test -n "$AWK"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
-printf "%s\n" "$AWK" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$AWK" && break
-done
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
-printf %s "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
-set x ${MAKE-make}
-ac_make=`printf "%s\n" "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
-if eval test \${ac_cv_prog_make_${ac_make}_set+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat >conftest.make <<\_ACEOF
-SHELL = /bin/sh
-all:
- @echo '@@@%%%=$(MAKE)=@@@%%%'
-_ACEOF
-# GNU make sometimes prints "make[1]: Entering ...", which would confuse us.
-case `${MAKE-make} -f conftest.make 2>/dev/null` in
- *@@@%%%=?*=@@@%%%*)
- eval ac_cv_prog_make_${ac_make}_set=yes;;
- *)
- eval ac_cv_prog_make_${ac_make}_set=no;;
-esac
-rm -f conftest.make
-fi
-if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- SET_MAKE=
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- SET_MAKE="MAKE=${MAKE-make}"
-fi
-
-rm -rf .tst 2>/dev/null
-mkdir .tst 2>/dev/null
-if test -d .tst; then
- am__leading_dot=.
-else
- am__leading_dot=_
-fi
-rmdir .tst 2>/dev/null
-
-@%:@ Check whether --enable-silent-rules was given.
-if test ${enable_silent_rules+y}
-then :
- enableval=$enable_silent_rules;
-fi
-
-case $enable_silent_rules in @%:@ (((
- yes) AM_DEFAULT_VERBOSITY=0;;
- no) AM_DEFAULT_VERBOSITY=1;;
- *) AM_DEFAULT_VERBOSITY=1;;
-esac
-am_make=${MAKE-make}
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5
-printf %s "checking whether $am_make supports nested variables... " >&6; }
-if test ${am_cv_make_support_nested_variables+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if printf "%s\n" 'TRUE=$(BAR$(V))
-BAR0=false
-BAR1=true
-V=1
-am__doit:
- @$(TRUE)
-.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then
- am_cv_make_support_nested_variables=yes
-else
- am_cv_make_support_nested_variables=no
-fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5
-printf "%s\n" "$am_cv_make_support_nested_variables" >&6; }
-if test $am_cv_make_support_nested_variables = yes; then
- AM_V='$(V)'
- AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
-else
- AM_V=$AM_DEFAULT_VERBOSITY
- AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY
-fi
-AM_BACKSLASH='\'
-
-if test "`cd $srcdir && pwd`" != "`pwd`"; then
- # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
- # is not polluted with repeated "-I."
- am__isrc=' -I$(srcdir)'
- # test to see if srcdir already configured
- if test -f $srcdir/config.status; then
- as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5
- fi
-fi
-
-# test whether we have cygpath
-if test -z "$CYGPATH_W"; then
- if (cygpath --version) >/dev/null 2>/dev/null; then
- CYGPATH_W='cygpath -w'
- else
- CYGPATH_W=echo
- fi
-fi
-
-
-# Define the identity of the package.
-
- PACKAGE=libapparmor1
- VERSION=3.1.7
-
-
-printf "%s\n" "@%:@define PACKAGE \"$PACKAGE\"" >>confdefs.h
-
-
-printf "%s\n" "@%:@define VERSION \"$VERSION\"" >>confdefs.h
-
-# Some tools Automake needs.
-
-ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
-
-
-AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
-
-
-AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
-
-
-AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
-
-
-MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
-
-# For better backward compatibility. To be removed once Automake 1.9.x
-# dies out for good. For more background, see:
-# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
-# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
-mkdir_p='$(MKDIR_P)'
-
-# We need awk for the "check" target (and possibly the TAP driver). The
-# system "awk" is bad on some platforms.
-# Always define AMTAR for backward compatibility. Yes, it's still used
-# in the wild :-( We should find a proper way to deprecate it ...
-AMTAR='$${TAR-tar}'
-
-
-# We'll loop over all known methods to create a tar archive until one works.
-_am_tools='gnutar pax cpio none'
-
-am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'
-
-
-
-
-
-# Variables for tags utilities; see am/tags.am
-if test -z "$CTAGS"; then
- CTAGS=ctags
-fi
-
-if test -z "$ETAGS"; then
- ETAGS=etags
-fi
-
-if test -z "$CSCOPE"; then
- CSCOPE=cscope
-fi
-
-
-
-# POSIX will say in a future version that running "rm -f" with no argument
-# is OK; and we want to be able to make that assumption in our Makefile
-# recipes. So use an aggressive probe to check that the usage we want is
-# actually supported "in the wild" to an acceptable degree.
-# See automake bug#10828.
-# To make any issue more visible, cause the running configure to be aborted
-# by default if the 'rm' program in use doesn't match our expectations; the
-# user can still override this though.
-if rm -f && rm -fr && rm -rf; then : OK; else
- cat >&2 <<'END'
-Oops!
-
-Your 'rm' program seems unable to run without file operands specified
-on the command line, even when the '-f' option is present. This is contrary
-to the behaviour of most rm programs out there, and not conforming with
-the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542>
-
-Please tell bug-automake@gnu.org about your system, including the value
-of your $PATH and any error possibly output before this message. This
-can help us improve future automake versions.
-
-END
- if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then
- echo 'Configuration will proceed anyway, since you have set the' >&2
- echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2
- echo >&2
- else
- cat >&2 <<'END'
-Aborting the configuration process, to ensure you take notice of the issue.
-
-You can download and install GNU coreutils to get an 'rm' implementation
-that behaves properly: <https://www.gnu.org/software/coreutils/>.
-
-If you want to complete the configuration process using your problematic
-'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
-to "yes", and re-run configure.
-
-END
- as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5
- fi
-fi
-
-
-
-
-
-
-
-
-
-
-
-DEPDIR="${am__leading_dot}deps"
-
-ac_config_commands="$ac_config_commands depfiles"
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5
-printf %s "checking whether ${MAKE-make} supports the include directive... " >&6; }
-cat > confinc.mk << 'END'
-am__doit:
- @echo this is the am__doit target >confinc.out
-.PHONY: am__doit
-END
-am__include="#"
-am__quote=
-# BSD make does it like this.
-echo '.include "confinc.mk" # ignored' > confmf.BSD
-# Other make implementations (GNU, Solaris 10, AIX) do it like this.
-echo 'include confinc.mk # ignored' > confmf.GNU
-_am_result=no
-for s in GNU BSD; do
- { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5
- (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
- case $?:`cat confinc.out 2>/dev/null` in @%:@(
- '0:this is the am__doit target') :
- case $s in @%:@(
- BSD) :
- am__include='.include' am__quote='"' ;; @%:@(
- *) :
- am__include='include' am__quote='' ;;
-esac ;; @%:@(
- *) :
- ;;
-esac
- if test "$am__include" != "#"; then
- _am_result="yes ($s style)"
- break
- fi
-done
-rm -f confinc.* confmf.*
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5
-printf "%s\n" "${_am_result}" >&6; }
-
-@%:@ Check whether --enable-dependency-tracking was given.
-if test ${enable_dependency_tracking+y}
-then :
- enableval=$enable_dependency_tracking;
-fi
-
-if test "x$enable_dependency_tracking" != xno; then
- am_depcomp="$ac_aux_dir/depcomp"
- AMDEPBACKSLASH='\'
- am__nodep='_no'
-fi
- if test "x$enable_dependency_tracking" != xno; then
- AMDEP_TRUE=
- AMDEP_FALSE='#'
-else
- AMDEP_TRUE='#'
- AMDEP_FALSE=
-fi
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}gcc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="gcc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}cc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- fi
-fi
-if test -z "$CC"; then
- # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
- ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- if test "$as_dir$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
- ac_prog_rejected=yes
- continue
- fi
- ac_cv_prog_CC="cc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-if test $ac_prog_rejected = yes; then
- # We found a bogon in the path, so make sure we never use it.
- set dummy $ac_cv_prog_CC
- shift
- if test $@%:@ != 0; then
- # We chose a different compiler from the bogus one.
- # However, it has the same basename, so the bogon will be chosen
- # first if we set CC to just the basename; use the full file name.
- shift
- ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@"
- fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- for ac_prog in cl.exe
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$CC" && break
- done
-fi
-if test -z "$CC"; then
- ac_ct_CC=$CC
- for ac_prog in cl.exe
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$ac_ct_CC" && break
-done
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-fi
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}clang", so it can be a program name with args.
-set dummy ${ac_tool_prefix}clang; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}clang"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "clang", so it can be a program name with args.
-set dummy clang; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="clang"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-fi
-
-
-test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "no acceptable C compiler found in \$PATH
-See \`config.log' for more details" "$LINENO" 5; }
-
-# Provide some information about the compiler.
-printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
-set X $ac_compile
-ac_compiler=$2
-for ac_option in --version -v -V -qversion -version; do
- { { ac_try="$ac_compiler $ac_option >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compiler $ac_option >&5") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- sed '10a\
-... rest of stderr output deleted ...
- 10q' conftest.err >conftest.er1
- cat conftest.er1 >&5
- fi
- rm -f conftest.er1 conftest.err
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-done
-
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
-# Try to create an executable without -o first, disregard a.out.
-# It will help us diagnose broken compilers, and finding out an intuition
-# of exeext.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
-printf %s "checking whether the C compiler works... " >&6; }
-ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-
-# The possible output files:
-ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
-
-ac_rmfiles=
-for ac_file in $ac_files
-do
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- * ) ac_rmfiles="$ac_rmfiles $ac_file";;
- esac
-done
-rm -f $ac_rmfiles
-
-if { { ac_try="$ac_link_default"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link_default") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-then :
- # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
-# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
-# in a Makefile. We should not override ac_cv_exeext if it was cached,
-# so that the user can short-circuit this test for compilers unknown to
-# Autoconf.
-for ac_file in $ac_files ''
-do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
- ;;
- [ab].out )
- # We found the default executable, but exeext='' is most
- # certainly right.
- break;;
- *.* )
- if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no;
- then :; else
- ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- fi
- # We set ac_cv_exeext here because the later test for it is not
- # safe: cross compilers may not add the suffix if given an `-o'
- # argument, so we may need to know it at that point already.
- # Even if this section looks crufty: it has the advantage of
- # actually working.
- break;;
- * )
- break;;
- esac
-done
-test "$ac_cv_exeext" = no && ac_cv_exeext=
-
-else $as_nop
- ac_file=''
-fi
-if test -z "$ac_file"
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "C compiler cannot create executables
-See \`config.log' for more details" "$LINENO" 5; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
-printf %s "checking for C compiler default output file name... " >&6; }
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
-printf "%s\n" "$ac_file" >&6; }
-ac_exeext=$ac_cv_exeext
-
-rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
-ac_clean_files=$ac_clean_files_save
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
-printf %s "checking for suffix of executables... " >&6; }
-if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-then :
- # If both `conftest.exe' and `conftest' are `present' (well, observable)
-# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
-# work properly (i.e., refer to `conftest.exe'), while it won't with
-# `rm'.
-for ac_file in conftest.exe conftest conftest.*; do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- break;;
- * ) break;;
- esac
-done
-else $as_nop
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-rm -f conftest conftest$ac_cv_exeext
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
-printf "%s\n" "$ac_cv_exeext" >&6; }
-
-rm -f conftest.$ac_ext
-EXEEXT=$ac_cv_exeext
-ac_exeext=$EXEEXT
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-@%:@include <stdio.h>
-int
-main (void)
-{
-FILE *f = fopen ("conftest.out", "w");
- return ferror (f) || fclose (f) != 0;
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files="$ac_clean_files conftest.out"
-# Check that the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
-printf %s "checking whether we are cross compiling... " >&6; }
-if test "$cross_compiling" != yes; then
- { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if { ac_try='./conftest$ac_cv_exeext'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then
- cross_compiling=no
- else
- if test "$cross_compiling" = maybe; then
- cross_compiling=yes
- else
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details" "$LINENO" 5; }
- fi
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
-printf "%s\n" "$cross_compiling" >&6; }
-
-rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
-ac_clean_files=$ac_clean_files_save
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
-printf %s "checking for suffix of object files... " >&6; }
-if test ${ac_cv_objext+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.o conftest.obj
-if { { ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-then :
- for ac_file in conftest.o conftest.obj conftest.*; do
- test -f "$ac_file" || continue;
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
- *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
- break;;
- esac
-done
-else $as_nop
- printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot compute suffix of object files: cannot compile
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-rm -f conftest.$ac_cv_objext conftest.$ac_ext
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
-printf "%s\n" "$ac_cv_objext" >&6; }
-OBJEXT=$ac_cv_objext
-ac_objext=$OBJEXT
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5
-printf %s "checking whether the compiler supports GNU C... " >&6; }
-if test ${ac_cv_c_compiler_gnu+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-#ifndef __GNUC__
- choke me
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_compiler_gnu=yes
-else $as_nop
- ac_compiler_gnu=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
-printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; }
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-if test $ac_compiler_gnu = yes; then
- GCC=yes
-else
- GCC=
-fi
-ac_test_CFLAGS=${CFLAGS+y}
-ac_save_CFLAGS=$CFLAGS
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
-printf %s "checking whether $CC accepts -g... " >&6; }
-if test ${ac_cv_prog_cc_g+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_save_c_werror_flag=$ac_c_werror_flag
- ac_c_werror_flag=yes
- ac_cv_prog_cc_g=no
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_g=yes
-else $as_nop
- CFLAGS=""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-else $as_nop
- ac_c_werror_flag=$ac_save_c_werror_flag
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_g=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- ac_c_werror_flag=$ac_save_c_werror_flag
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
-printf "%s\n" "$ac_cv_prog_cc_g" >&6; }
-if test $ac_test_CFLAGS; then
- CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
- CFLAGS="-g -O2"
- else
- CFLAGS="-g"
- fi
-else
- if test "$GCC" = yes; then
- CFLAGS="-O2"
- else
- CFLAGS=
- fi
-fi
-ac_prog_cc_stdc=no
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5
-printf %s "checking for $CC option to enable C11 features... " >&6; }
-if test ${ac_cv_prog_cc_c11+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c11=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c11_program
-_ACEOF
-for ac_arg in '' -std=gnu11
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c11=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c11" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c11" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c11" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
-printf "%s\n" "$ac_cv_prog_cc_c11" >&6; }
- CC="$CC $ac_cv_prog_cc_c11"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11
- ac_prog_cc_stdc=c11
-fi
-fi
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5
-printf %s "checking for $CC option to enable C99 features... " >&6; }
-if test ${ac_cv_prog_cc_c99+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c99=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c99_program
-_ACEOF
-for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99=
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c99=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c99" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c99" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c99" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
-printf "%s\n" "$ac_cv_prog_cc_c99" >&6; }
- CC="$CC $ac_cv_prog_cc_c99"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99
- ac_prog_cc_stdc=c99
-fi
-fi
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5
-printf %s "checking for $CC option to enable C89 features... " >&6; }
-if test ${ac_cv_prog_cc_c89+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c89=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c89_program
-_ACEOF
-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c89=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c89" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c89" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c89" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
-printf "%s\n" "$ac_cv_prog_cc_c89" >&6; }
- CC="$CC $ac_cv_prog_cc_c89"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89
- ac_prog_cc_stdc=c89
-fi
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
-printf %s "checking whether $CC understands -c and -o together... " >&6; }
-if test ${am_cv_prog_cc_c_o+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
- # Make sure it works both with $CC and with simple cc.
- # Following AC_PROG_CC_C_O, we do the test twice because some
- # compilers refuse to overwrite an existing .o file with -o,
- # though they will create one.
- am_cv_prog_cc_c_o=yes
- for am_i in 1 2; do
- if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5
- ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } \
- && test -f conftest2.$ac_objext; then
- : OK
- else
- am_cv_prog_cc_c_o=no
- break
- fi
- done
- rm -f core conftest*
- unset am_i
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
-printf "%s\n" "$am_cv_prog_cc_c_o" >&6; }
-if test "$am_cv_prog_cc_c_o" != yes; then
- # Losing compiler, so override with the script.
- # FIXME: It is wrong to rewrite CC.
- # But if we don't then we get into trouble of one sort or another.
- # A longer-term fix would be to have automake use am__CC in this case,
- # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
- CC="$am_aux_dir/compile $CC"
-fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-depcc="$CC" am_compiler_list=
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
-printf %s "checking dependency style of $depcc... " >&6; }
-if test ${am_cv_CC_dependencies_compiler_type+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
- # We make a subdir and do the tests there. Otherwise we can end up
- # making bogus files that we don't know about and never remove. For
- # instance it was reported that on HP-UX the gcc test will end up
- # making a dummy file named 'D' -- because '-MD' means "put the output
- # in D".
- rm -rf conftest.dir
- mkdir conftest.dir
- # Copy depcomp to subdir because otherwise we won't find it if we're
- # using a relative directory.
- cp "$am_depcomp" conftest.dir
- cd conftest.dir
- # We will build objects and dependencies in a subdirectory because
- # it helps to detect inapplicable dependency modes. For instance
- # both Tru64's cc and ICC support -MD to output dependencies as a
- # side effect of compilation, but ICC will put the dependencies in
- # the current directory while Tru64 will put them in the object
- # directory.
- mkdir sub
-
- am_cv_CC_dependencies_compiler_type=none
- if test "$am_compiler_list" = ""; then
- am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
- fi
- am__universal=false
- case " $depcc " in #(
- *\ -arch\ *\ -arch\ *) am__universal=true ;;
- esac
-
- for depmode in $am_compiler_list; do
- # Setup a source with many dependencies, because some compilers
- # like to wrap large dependency lists on column 80 (with \), and
- # we should not choose a depcomp mode which is confused by this.
- #
- # We need to recreate these files for each test, as the compiler may
- # overwrite some of them when testing with obscure command lines.
- # This happens at least with the AIX C compiler.
- : > sub/conftest.c
- for i in 1 2 3 4 5 6; do
- echo '#include "conftst'$i'.h"' >> sub/conftest.c
- # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with
- # Solaris 10 /bin/sh.
- echo '/* dummy */' > sub/conftst$i.h
- done
- echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
-
- # We check with '-c' and '-o' for the sake of the "dashmstdout"
- # mode. It turns out that the SunPro C++ compiler does not properly
- # handle '-M -o', and we need to detect this. Also, some Intel
- # versions had trouble with output in subdirs.
- am__obj=sub/conftest.${OBJEXT-o}
- am__minus_obj="-o $am__obj"
- case $depmode in
- gcc)
- # This depmode causes a compiler race in universal mode.
- test "$am__universal" = false || continue
- ;;
- nosideeffect)
- # After this tag, mechanisms are not by side-effect, so they'll
- # only be used when explicitly requested.
- if test "x$enable_dependency_tracking" = xyes; then
- continue
- else
- break
- fi
- ;;
- msvc7 | msvc7msys | msvisualcpp | msvcmsys)
- # This compiler won't grok '-c -o', but also, the minuso test has
- # not run yet. These depmodes are late enough in the game, and
- # so weak that their functioning should not be impacted.
- am__obj=conftest.${OBJEXT-o}
- am__minus_obj=
- ;;
- none) break ;;
- esac
- if depmode=$depmode \
- source=sub/conftest.c object=$am__obj \
- depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
- $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
- >/dev/null 2>conftest.err &&
- grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
- grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
- ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
- # icc doesn't choke on unknown options, it will just issue warnings
- # or remarks (even with -Werror). So we grep stderr for any message
- # that says an option was ignored or not supported.
- # When given -MP, icc 7.0 and 7.1 complain thusly:
- # icc: Command line warning: ignoring option '-M'; no argument required
- # The diagnosis changed in icc 8.0:
- # icc: Command line remark: option '-MP' not supported
- if (grep 'ignoring option' conftest.err ||
- grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
- am_cv_CC_dependencies_compiler_type=$depmode
- break
- fi
- fi
- done
-
- cd ..
- rm -rf conftest.dir
-else
- am_cv_CC_dependencies_compiler_type=none
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
-printf "%s\n" "$am_cv_CC_dependencies_compiler_type" >&6; }
-CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
-
- if
- test "x$enable_dependency_tracking" != xno \
- && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
- am__fastdepCC_TRUE=
- am__fastdepCC_FALSE='#'
-else
- am__fastdepCC_TRUE='#'
- am__fastdepCC_FALSE=
-fi
-
-
-
-for ac_prog in flex lex
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_LEX+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$LEX"; then
- ac_cv_prog_LEX="$LEX" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_LEX="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-LEX=$ac_cv_prog_LEX
-if test -n "$LEX"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LEX" >&5
-printf "%s\n" "$LEX" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$LEX" && break
-done
-test -n "$LEX" || LEX=":"
-
- if test "x$LEX" != "x:"; then
- cat >conftest.l <<_ACEOF
-%{
-#ifdef __cplusplus
-extern "C"
-#endif
-int yywrap(void);
-%}
-%%
-a { ECHO; }
-b { REJECT; }
-c { yymore (); }
-d { yyless (1); }
-e { /* IRIX 6.5 flex 2.5.4 underquotes its yyless argument. */
-#ifdef __cplusplus
- yyless ((yyinput () != 0));
-#else
- yyless ((input () != 0));
-#endif
- }
-f { unput (yytext[0]); }
-. { BEGIN INITIAL; }
-%%
-#ifdef YYTEXT_POINTER
-extern char *yytext;
-#endif
-int
-yywrap (void)
-{
- return 1;
-}
-int
-main (void)
-{
- return ! yylex ();
-}
-_ACEOF
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex output file root" >&5
-printf %s "checking for lex output file root... " >&6; }
-if test ${ac_cv_prog_lex_root+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
-ac_cv_prog_lex_root=unknown
-{ { ac_try="$LEX conftest.l"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$LEX conftest.l") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } &&
-if test -f lex.yy.c; then
- ac_cv_prog_lex_root=lex.yy
-elif test -f lexyy.c; then
- ac_cv_prog_lex_root=lexyy
-fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5
-printf "%s\n" "$ac_cv_prog_lex_root" >&6; }
-if test "$ac_cv_prog_lex_root" = unknown
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cannot find output from $LEX; giving up on $LEX" >&5
-printf "%s\n" "$as_me: WARNING: cannot find output from $LEX; giving up on $LEX" >&2;}
- LEX=: LEXLIB=
-fi
-LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root
-
-if test ${LEXLIB+y}
-then :
-
-else $as_nop
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex library" >&5
-printf %s "checking for lex library... " >&6; }
-if test ${ac_cv_lib_lex+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
- ac_save_LIBS="$LIBS"
- ac_found=false
- for ac_cv_lib_lex in 'none needed' -lfl -ll 'not found'; do
- case $ac_cv_lib_lex in @%:@(
- 'none needed') :
- ;; @%:@(
- 'not found') :
- break ;; @%:@(
- *) :
- LIBS="$ac_cv_lib_lex $ac_save_LIBS" ;; @%:@(
- *) :
- ;;
-esac
-
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-`cat $LEX_OUTPUT_ROOT.c`
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_found=:
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- if $ac_found; then
- break
- fi
- done
- LIBS="$ac_save_LIBS"
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5
-printf "%s\n" "$ac_cv_lib_lex" >&6; }
- if test "$ac_cv_lib_lex" = 'not found'
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: required lex library not found; giving up on $LEX" >&5
-printf "%s\n" "$as_me: WARNING: required lex library not found; giving up on $LEX" >&2;}
- LEX=: LEXLIB=
-elif test "$ac_cv_lib_lex" = 'none needed'
-then :
- LEXLIB=''
-else $as_nop
- LEXLIB=$ac_cv_lib_lex
-fi
- ac_save_LIBS="$LIBS"
- LIBS=
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing yywrap" >&5
-printf %s "checking for library containing yywrap... " >&6; }
-if test ${ac_cv_search_yywrap+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char yywrap ();
-int
-main (void)
-{
-return yywrap ();
- ;
- return 0;
-}
-_ACEOF
-for ac_lib in '' fl l
-do
- if test -z "$ac_lib"; then
- ac_res="none required"
- else
- ac_res=-l$ac_lib
- LIBS="-l$ac_lib $ac_func_search_save_LIBS"
- fi
- if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_search_yywrap=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext
- if test ${ac_cv_search_yywrap+y}
-then :
- break
-fi
-done
-if test ${ac_cv_search_yywrap+y}
-then :
-
-else $as_nop
- ac_cv_search_yywrap=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_yywrap" >&5
-printf "%s\n" "$ac_cv_search_yywrap" >&6; }
-ac_res=$ac_cv_search_yywrap
-if test "$ac_res" != no
-then :
- test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
- LEXLIB="$LIBS"
-fi
-
- LIBS="$ac_save_LIBS"
-fi
-
-
-if test "$LEX" != :
-then :
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether yytext is a pointer" >&5
-printf %s "checking whether yytext is a pointer... " >&6; }
-if test ${ac_cv_prog_lex_yytext_pointer+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- # POSIX says lex can declare yytext either as a pointer or an array; the
-# default is implementation-dependent. Figure out which it is, since
-# not all implementations provide the %pointer and %array declarations.
-ac_cv_prog_lex_yytext_pointer=no
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
- #define YYTEXT_POINTER 1
-`cat $LEX_OUTPUT_ROOT.c`
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_lex_yytext_pointer=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5
-printf "%s\n" "$ac_cv_prog_lex_yytext_pointer" >&6; }
-if test $ac_cv_prog_lex_yytext_pointer = yes; then
-
-printf "%s\n" "@%:@define YYTEXT_POINTER 1" >>confdefs.h
-
-fi
-
-fi
-rm -f conftest.l $LEX_OUTPUT_ROOT.c
-
-fi
-if test "$LEX" = :; then
- LEX=${am_missing_run}flex
-fi
-for ac_prog in 'bison -y' byacc
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_YACC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$YACC"; then
- ac_cv_prog_YACC="$YACC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_YACC="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-YACC=$ac_cv_prog_YACC
-if test -n "$YACC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5
-printf "%s\n" "$YACC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$YACC" && break
-done
-test -n "$YACC" || YACC="yacc"
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
-printf %s "checking for a sed that does not truncate output... " >&6; }
-if test ${ac_cv_path_SED+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
- for ac_i in 1 2 3 4 5 6 7; do
- ac_script="$ac_script$as_nl$ac_script"
- done
- echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
- { ac_script=; unset ac_script;}
- if test -z "$SED"; then
- ac_path_SED_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in sed gsed
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_SED" || continue
-# Check for GNU ac_path_SED and select it if it is found.
- # Check for GNU $ac_path_SED
-case `"$ac_path_SED" --version 2>&1` in
-*GNU*)
- ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" '' >> "conftest.nl"
- "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_SED_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_SED="$ac_path_SED"
- ac_path_SED_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_SED_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_SED"; then
- as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
- fi
-else
- ac_cv_path_SED=$SED
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
-printf "%s\n" "$ac_cv_path_SED" >&6; }
- SED="$ac_cv_path_SED"
- rm -f conftest.sed
-
-
-
-
-
-
-
-
-if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
-set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PKG_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PKG_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PKG_CONFIG=$ac_cv_path_PKG_CONFIG
-if test -n "$PKG_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
-printf "%s\n" "$PKG_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_path_PKG_CONFIG"; then
- ac_pt_PKG_CONFIG=$PKG_CONFIG
- # Extract the first word of "pkg-config", so it can be a program name with args.
-set dummy pkg-config; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_ac_pt_PKG_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $ac_pt_PKG_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_ac_pt_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
-if test -n "$ac_pt_PKG_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
-printf "%s\n" "$ac_pt_PKG_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_pt_PKG_CONFIG" = x; then
- PKG_CONFIG=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- PKG_CONFIG=$ac_pt_PKG_CONFIG
- fi
-else
- PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
-fi
-
-fi
-if test -n "$PKG_CONFIG"; then
- _pkg_min_version=0.9.0
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
-printf %s "checking pkg-config is at least version $_pkg_min_version... " >&6; }
- if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- PKG_CONFIG=""
- fi
-fi
-
-# Extract the first word of "swig", so it can be a program name with args.
-set dummy swig; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_SWIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $SWIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_SWIG="$SWIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_SWIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-SWIG=$ac_cv_path_SWIG
-if test -n "$SWIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SWIG" >&5
-printf "%s\n" "$SWIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor debug output should be enabled" >&5
-printf %s "checking whether the libapparmor debug output should be enabled... " >&6; }
-@%:@ Check whether --enable-debug_output was given.
-if test ${enable_debug_output+y}
-then :
- enableval=$enable_debug_output; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-printf "%s\n" "$enableval" >&6; }
-else $as_nop
- enable_debug_output=no
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_debug_output" >&5
-printf "%s\n" "$enable_debug_output" >&6; }
-fi
-
-if test "$enable_debug_output" = "yes"
-then :
-
-printf "%s\n" "@%:@define ENABLE_DEBUG_OUTPUT 1" >>confdefs.h
-
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor man pages should be generated" >&5
-printf %s "checking whether the libapparmor man pages should be generated... " >&6; }
-@%:@ Check whether --enable-man_pages was given.
-if test ${enable_man_pages+y}
-then :
- enableval=$enable_man_pages; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-printf "%s\n" "$enableval" >&6; }
-else $as_nop
- enable_man_pages=yes
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_man_pages" >&5
-printf "%s\n" "$enable_man_pages" >&6; }
-fi
-
-if test "$enable_man_pages" = "yes"; then
-
-
-
- # Extract the first word of "podchecker", so it can be a program name with args.
-set dummy podchecker; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_PODCHECKER+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$PODCHECKER"; then
- ac_cv_prog_PODCHECKER="$PODCHECKER" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_PODCHECKER="podchecker"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- test -z "$ac_cv_prog_PODCHECKER" && ac_cv_prog_PODCHECKER="no"
-fi
-fi
-PODCHECKER=$ac_cv_prog_PODCHECKER
-if test -n "$PODCHECKER"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PODCHECKER" >&5
-printf "%s\n" "$PODCHECKER" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- if test "$PODCHECKER" = "no"; then
- as_fn_error $? "
-The podchecker program was not found in the default path. podchecker is part of
-Perl, which can be retrieved from:
-
- https://www.perl.org
-" "$LINENO" 5
- fi
-
-
-
-
-
- # Extract the first word of "pod2man", so it can be a program name with args.
-set dummy pod2man; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_POD2MAN+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$POD2MAN"; then
- ac_cv_prog_POD2MAN="$POD2MAN" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_POD2MAN="pod2man"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- test -z "$ac_cv_prog_POD2MAN" && ac_cv_prog_POD2MAN="no"
-fi
-fi
-POD2MAN=$ac_cv_prog_POD2MAN
-if test -n "$POD2MAN"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $POD2MAN" >&5
-printf "%s\n" "$POD2MAN" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- if test "$POD2MAN" = "no"; then
- as_fn_error $? "
-The pod2man program was not found in the default path. pod2man is part of
-Perl, which can be retrieved from:
-
- https://www.perl.org
-" "$LINENO" 5
- fi
-
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether python bindings are enabled" >&5
-printf %s "checking whether python bindings are enabled... " >&6; }
-
-@%:@ Check whether --with-python was given.
-if test ${with_python+y}
-then :
- withval=$with_python; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-printf "%s\n" "$withval" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-if test "$with_python" = "yes"; then
- test -z "$SWIG" && as_fn_error $? "swig is required when enabling python bindings" "$LINENO" 5
- # Extract the first word of "python3", so it can be a program name with args.
-set dummy python3; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PYTHON+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PYTHON in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PYTHON=$ac_cv_path_PYTHON
-if test -n "$PYTHON"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-printf "%s\n" "$PYTHON" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -z "$PYTHON" && as_fn_error $? "python is required when enabling python bindings" "$LINENO" 5
-
-
-
- #
- # Allow the use of a (user set) custom python version
- #
-
-
- # Extract the first word of "python[$PYTHON_VERSION]", so it can be a program name with args.
-set dummy python$PYTHON_VERSION; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PYTHON+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PYTHON in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PYTHON=$ac_cv_path_PYTHON
-if test -n "$PYTHON"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-printf "%s\n" "$PYTHON" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- if test -z "$PYTHON"; then
- as_fn_error $? "Cannot find python$PYTHON_VERSION in your system path" "$LINENO" 5
- PYTHON_VERSION=""
- fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}`basename [$PYTHON]-config`", so it can be a program name with args.
-set dummy ${ac_tool_prefix}`basename $PYTHON-config`; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PYTHON_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PYTHON_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PYTHON_CONFIG="$PYTHON_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PYTHON_CONFIG=$ac_cv_path_PYTHON_CONFIG
-if test -n "$PYTHON_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CONFIG" >&5
-printf "%s\n" "$PYTHON_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_path_PYTHON_CONFIG"; then
- ac_pt_PYTHON_CONFIG=$PYTHON_CONFIG
- # Extract the first word of "`basename [$PYTHON]-config`", so it can be a program name with args.
-set dummy `basename $PYTHON-config`; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_ac_pt_PYTHON_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $ac_pt_PYTHON_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_ac_pt_PYTHON_CONFIG="$ac_pt_PYTHON_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_ac_pt_PYTHON_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-ac_pt_PYTHON_CONFIG=$ac_cv_path_ac_pt_PYTHON_CONFIG
-if test -n "$ac_pt_PYTHON_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PYTHON_CONFIG" >&5
-printf "%s\n" "$ac_pt_PYTHON_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_pt_PYTHON_CONFIG" = x; then
- PYTHON_CONFIG=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- PYTHON_CONFIG=$ac_pt_PYTHON_CONFIG
- fi
-else
- PYTHON_CONFIG="$ac_cv_path_PYTHON_CONFIG"
-fi
-
- if test -z "$PYTHON_CONFIG"; then
- as_fn_error $? "Cannot find python$PYTHON_VERSION-config in your system path" "$LINENO" 5
- fi
-
- #
- # Check for a version of Python >= 2.1.0
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a version of Python >= '2.1.0'" >&5
-printf %s "checking for a version of Python >= '2.1.0'... " >&6; }
- ac_supports_python_ver=`$PYTHON -c "import sys; \
- ver = sys.version.split()[0]; \
- sys.stdout.write(str(ver >= '2.1.0'))"`
- if test "$ac_supports_python_ver" != "True"; then
- if test -z "$PYTHON_NOVERSIONCHECK"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "
-This version of the AC@&t@_PYTHON_DEVEL macro
-doesn't work properly with versions of Python before
-2.1.0. You may need to re-run configure, setting the
-variables PYTHON_CPPFLAGS, PYTHON_LDFLAGS, PYTHON_SITE_PKG,
-PYTHON_EXTRA_LIBS and PYTHON_EXTRA_LDFLAGS by hand.
-Moreover, to disable this check, set PYTHON_NOVERSIONCHECK
-to something else than an empty string.
-
-See \`config.log' for more details" "$LINENO" 5; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: skip at user request" >&5
-printf "%s\n" "skip at user request" >&6; }
- fi
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- fi
-
- #
- # if the macro parameter ``version'' is set, honour it
- #
- if test -n ""; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a version of Python " >&5
-printf %s "checking for a version of Python ... " >&6; }
- ac_supports_python_ver=`$PYTHON -c "import sys; \
- ver = sys.version.split()[0]; \
- sys.stdout.write("%s\n" % (ver == ))"`
- if test "$ac_supports_python_ver" = "True"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- as_fn_error $? "this package requires Python .
-If you have it installed, but it isn't the default Python
-interpreter in your system path, please pass the PYTHON_VERSION
-variable to configure. See \`\`configure --help'' for reference.
-" "$LINENO" 5
- PYTHON_VERSION=""
- fi
- fi
-
- #
- # Check if you have setuptools, else fail
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for the setuptools Python package" >&5
-printf %s "checking for the setuptools Python package... " >&6; }
- ac_setuptools_result=`$PYTHON -c "import setuptools" 2>&1`
- if test -z "$ac_setuptools_result"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- as_fn_error $? "cannot import Python module \"setuptools\".
-Please check your Python installation. The error was:
-$ac_setuptools_result" "$LINENO" 5
- PYTHON_VERSION=""
- fi
-
- #
- # Check for Python include path
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python include path" >&5
-printf %s "checking for Python include path... " >&6; }
- if type $PYTHON_CONFIG; then
- PYTHON_CPPFLAGS=`$PYTHON_CONFIG --includes`
- fi
- if test -z "$PYTHON_CPPFLAGS"; then
- python_path=`$PYTHON -c "import sys; import sysconfig;\
-sys.stdout.write('%s\n' % sysconfig.get_path('include'));"`
- if test -n "${python_path}"; then
- python_path="-I$python_path"
- fi
- PYTHON_CPPFLAGS=$python_path
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CPPFLAGS" >&5
-printf "%s\n" "$PYTHON_CPPFLAGS" >&6; }
-
-
- #
- # Check for Python library path
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python library path" >&5
-printf %s "checking for Python library path... " >&6; }
- if type $PYTHON_CONFIG; then
- PYTHON_LDFLAGS=`$PYTHON_CONFIG --ldflags`
- fi
- if test -z "$PYTHON_LDFLAGS"; then
- # (makes two attempts to ensure we've got a version number
- # from the interpreter)
- py_version=`$PYTHON -c "import sys; import sysconfig; \
-sys.stdout.write('%s\n' % ''.join(sysconfig.get_config_vars('VERSION')))"`
- if test "$py_version" == "None"; then
- if test -n "$PYTHON_VERSION"; then
- py_version=$PYTHON_VERSION
- else
- py_version=`$PYTHON -c "import sys; \
-sys.stdout.write("%s\n" % sys.version[:3])"`
- fi
- fi
-
- PYTHON_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
-sys.stdout.write('-L' + sysconfig.get_path('stdlib') + ' -lpython\n')"`$py_version`$PYTHON -c \
-"import sys; sys.stdout.write('%s' % getattr(sys,'abiflags',''))"`
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LDFLAGS" >&5
-printf "%s\n" "$PYTHON_LDFLAGS" >&6; }
-
-
- #
- # Check for site packages
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python site-packages path" >&5
-printf %s "checking for Python site-packages path... " >&6; }
- if test -z "$PYTHON_SITE_PKG"; then
- PYTHON_SITE_PKG=`$PYTHON -c "import sys; import sysconfig; \
-sys.stdout.write('%s\n' % sysconfig.get_path('purelib'));"`
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_SITE_PKG" >&5
-printf "%s\n" "$PYTHON_SITE_PKG" >&6; }
-
-
- #
- # libraries which must be linked in when embedding
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking python extra libraries" >&5
-printf %s "checking python extra libraries... " >&6; }
- if type $PYTHON_CONFIG; then
- PYTHON_EXTRA_LIBS=`$PYTHON_CONFIG --libs --embed` || \
- PYTHON_EXTRA_LIBS=''
- fi
- if test -z "$PYTHON_EXTRA_LIBS"; then
- PYTHON_EXTRA_LIBS=`$PYTHON -c "import sys; import sysconfig; \
-conf = sysconfig.get_config_var; \
-sys.stdout.write('%s %s %s\n' % (conf('BLDLIBRARY'), conf('LOCALMODLIBS'), conf('LIBS')))"`
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LIBS" >&5
-printf "%s\n" "$PYTHON_EXTRA_LIBS" >&6; }
-
-
- #
- # linking flags needed when embedding
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking python extra linking flags" >&5
-printf %s "checking python extra linking flags... " >&6; }
- if type $PYTHON_CONFIG; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON_CONFIG --ldflags --embed` || \
- PYTHON_EXTRA_LDFLAGS=''
- fi
- if test -z "$PYTHON_EXTRA_LDFLAGS"; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
-conf = sysconfig.get_config_var; \
-sys.stdout.write('%s\n' % conf('LINKFORSHARED'))"`
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LDFLAGS" >&5
-printf "%s\n" "$PYTHON_EXTRA_LDFLAGS" >&6; }
-
-
- #
- # final check to see if everything compiles alright
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking consistency of all components of python development environment" >&5
-printf %s "checking consistency of all components of python development environment... " >&6; }
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- # save current global flags
- ac_save_LIBS="$LIBS"
- ac_save_CPPFLAGS="$CPPFLAGS"
- LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
- CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
- #include <Python.h>
-
-int
-main (void)
-{
-
- Py_Initialize();
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- pythonexists=yes
-else $as_nop
- pythonexists=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $pythonexists" >&5
-printf "%s\n" "$pythonexists" >&6; }
-
- if test ! "$pythonexists" = "yes"; then
- as_fn_error $? "
- Could not link test program to Python. Maybe the main Python library has been
- installed in some non-standard library path. If so, pass it to configure,
- via the LDFLAGS environment variable.
- Example: ./configure LDFLAGS=\"-L/usr/non-standard-path/python/lib\"
- ============================================================================
- ERROR!
- You probably have to install the development version of the Python package
- for your distribution. The exact name of this package varies among them.
- ============================================================================
- " "$LINENO" 5
- PYTHON_VERSION=""
- fi
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- # turn back to default flags
- CPPFLAGS="$ac_save_CPPFLAGS"
- LIBS="$ac_save_LIBS"
-
- #
- # all done!
- #
-
-
-
-
-
-
-
- if test -n "$PYTHON"; then
- # If the user set $PYTHON, use it and don't search something else.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version is >= 3.0" >&5
-printf %s "checking whether $PYTHON version is >= 3.0... " >&6; }
- prog="import sys
-# split strings by '.' and convert to numeric. Append some zeros
-# because we need at least 4 digits for the hex conversion.
-# map returns an iterator in Python 3.0 and a list in 2.x
-minver = list(map(int, '3.0'.split('.'))) + [0, 0, 0]
-minverhex = 0
-# xrange is not present in Python 3.0 and range returns an iterator
-for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i]
-sys.exit(sys.hexversion < minverhex)"
- if { echo "$as_me:$LINENO: $PYTHON -c "$prog"" >&5
- ($PYTHON -c "$prog") >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- as_fn_error $? "Python interpreter is too old" "$LINENO" 5
-fi
- am_display_PYTHON=$PYTHON
- else
- # Otherwise, try each interpreter until we find one that satisfies
- # VERSION.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a Python interpreter with version >= 3.0" >&5
-printf %s "checking for a Python interpreter with version >= 3.0... " >&6; }
-if test ${am_cv_pathless_PYTHON+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
- for am_cv_pathless_PYTHON in python python2 python3 python3.11 python3.10 python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do
- test "$am_cv_pathless_PYTHON" = none && break
- prog="import sys
-# split strings by '.' and convert to numeric. Append some zeros
-# because we need at least 4 digits for the hex conversion.
-# map returns an iterator in Python 3.0 and a list in 2.x
-minver = list(map(int, '3.0'.split('.'))) + [0, 0, 0]
-minverhex = 0
-# xrange is not present in Python 3.0 and range returns an iterator
-for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i]
-sys.exit(sys.hexversion < minverhex)"
- if { echo "$as_me:$LINENO: $am_cv_pathless_PYTHON -c "$prog"" >&5
- ($am_cv_pathless_PYTHON -c "$prog") >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-then :
- break
-fi
- done
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_pathless_PYTHON" >&5
-printf "%s\n" "$am_cv_pathless_PYTHON" >&6; }
- # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON.
- if test "$am_cv_pathless_PYTHON" = none; then
- PYTHON=:
- else
- # Extract the first word of "$am_cv_pathless_PYTHON", so it can be a program name with args.
-set dummy $am_cv_pathless_PYTHON; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PYTHON+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PYTHON in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PYTHON=$ac_cv_path_PYTHON
-if test -n "$PYTHON"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-printf "%s\n" "$PYTHON" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- fi
- am_display_PYTHON=$am_cv_pathless_PYTHON
- fi
-
-
- if test "$PYTHON" = :; then
- as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5
- else
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5
-printf %s "checking for $am_display_PYTHON version... " >&6; }
-if test ${am_cv_python_version+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- am_cv_python_version=`$PYTHON -c "import sys; print ('%u.%u' % sys.version_info[:2])"`
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5
-printf "%s\n" "$am_cv_python_version" >&6; }
- PYTHON_VERSION=$am_cv_python_version
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5
-printf %s "checking for $am_display_PYTHON platform... " >&6; }
-if test ${am_cv_python_platform+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5
-printf "%s\n" "$am_cv_python_platform" >&6; }
- PYTHON_PLATFORM=$am_cv_python_platform
-
-
- if test "x$prefix" = xNONE; then
- am__usable_prefix=$ac_default_prefix
- else
- am__usable_prefix=$prefix
- fi
-
- # Allow user to request using sys.* values from Python,
- # instead of the GNU $prefix values.
-
-@%:@ Check whether --with-python-sys-prefix was given.
-if test ${with_python_sys_prefix+y}
-then :
- withval=$with_python_sys_prefix; am_use_python_sys=:
-else $as_nop
- am_use_python_sys=false
-fi
-
-
- # Allow user to override whatever the default Python prefix is.
-
-@%:@ Check whether --with-python_prefix was given.
-if test ${with_python_prefix+y}
-then :
- withval=$with_python_prefix; am_python_prefix_subst=$withval
- am_cv_python_prefix=$withval
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON prefix" >&5
-printf %s "checking for explicit $am_display_PYTHON prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5
-printf "%s\n" "$am_cv_python_prefix" >&6; }
-else $as_nop
-
- if $am_use_python_sys; then
- # using python sys.prefix value, not GNU
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON prefix" >&5
-printf %s "checking for python default $am_display_PYTHON prefix... " >&6; }
-if test ${am_cv_python_prefix+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- am_cv_python_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.prefix)"`
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5
-printf "%s\n" "$am_cv_python_prefix" >&6; }
-
- case $am_cv_python_prefix in
- $am__usable_prefix*)
- am__strip_prefix=`echo "$am__usable_prefix" | sed 's|.|.|g'`
- am_python_prefix_subst=`echo "$am_cv_python_prefix" | sed "s,^$am__strip_prefix,\\${prefix},"`
- ;;
- *)
- am_python_prefix_subst=$am_cv_python_prefix
- ;;
- esac
- else # using GNU prefix value, not python sys.prefix
- am_python_prefix_subst='${prefix}'
- am_python_prefix=$am_python_prefix_subst
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON prefix" >&5
-printf %s "checking for GNU default $am_display_PYTHON prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_prefix" >&5
-printf "%s\n" "$am_python_prefix" >&6; }
- fi
-fi
-
- # Substituting python_prefix_subst value.
- PYTHON_PREFIX=$am_python_prefix_subst
-
-
- # emacs-page Now do it all over again for Python exec_prefix, but with yet
- # another conditional: fall back to regular prefix if that was specified.
-
-@%:@ Check whether --with-python_exec_prefix was given.
-if test ${with_python_exec_prefix+y}
-then :
- withval=$with_python_exec_prefix; am_python_exec_prefix_subst=$withval
- am_cv_python_exec_prefix=$withval
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON exec_prefix" >&5
-printf %s "checking for explicit $am_display_PYTHON exec_prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
-printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
-else $as_nop
-
- # no explicit --with-python_exec_prefix, but if
- # --with-python_prefix was given, use its value for python_exec_prefix too.
- if test -n "$with_python_prefix"
-then :
- am_python_exec_prefix_subst=$with_python_prefix
- am_cv_python_exec_prefix=$with_python_prefix
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python_prefix-given $am_display_PYTHON exec_prefix" >&5
-printf %s "checking for python_prefix-given $am_display_PYTHON exec_prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
-printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
-else $as_nop
-
- # Set am__usable_exec_prefix whether using GNU or Python values,
- # since we use that variable for pyexecdir.
- if test "x$exec_prefix" = xNONE; then
- am__usable_exec_prefix=$am__usable_prefix
- else
- am__usable_exec_prefix=$exec_prefix
- fi
- #
- if $am_use_python_sys; then # using python sys.exec_prefix, not GNU
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON exec_prefix" >&5
-printf %s "checking for python default $am_display_PYTHON exec_prefix... " >&6; }
-if test ${am_cv_python_exec_prefix+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- am_cv_python_exec_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.exec_prefix)"`
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
-printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
- case $am_cv_python_exec_prefix in
- $am__usable_exec_prefix*)
- am__strip_prefix=`echo "$am__usable_exec_prefix" | sed 's|.|.|g'`
- am_python_exec_prefix_subst=`echo "$am_cv_python_exec_prefix" | sed "s,^$am__strip_prefix,\\${exec_prefix},"`
- ;;
- *)
- am_python_exec_prefix_subst=$am_cv_python_exec_prefix
- ;;
- esac
- else # using GNU $exec_prefix, not python sys.exec_prefix
- am_python_exec_prefix_subst='${exec_prefix}'
- am_python_exec_prefix=$am_python_exec_prefix_subst
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON exec_prefix" >&5
-printf %s "checking for GNU default $am_display_PYTHON exec_prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_exec_prefix" >&5
-printf "%s\n" "$am_python_exec_prefix" >&6; }
- fi
-fi
-fi
-
- # Substituting python_exec_prefix_subst.
- PYTHON_EXEC_PREFIX=$am_python_exec_prefix_subst
-
-
- # Factor out some code duplication into this shell variable.
- am_python_setup_sysconfig="\
-import sys
-# Prefer sysconfig over distutils.sysconfig, for better compatibility
-# with python 3.x. See automake bug#10227.
-try:
- import sysconfig
-except ImportError:
- can_use_sysconfig = 0
-else:
- can_use_sysconfig = 1
-# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs:
-# <https://github.com/pypa/virtualenv/issues/118>
-try:
- from platform import python_implementation
- if python_implementation() == 'CPython' and sys.version[:3] == '2.7':
- can_use_sysconfig = 0
-except ImportError:
- pass"
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory (pythondir)" >&5
-printf %s "checking for $am_display_PYTHON script directory (pythondir)... " >&6; }
-if test ${am_cv_python_pythondir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test "x$am_cv_python_prefix" = x; then
- am_py_prefix=$am__usable_prefix
- else
- am_py_prefix=$am_cv_python_prefix
- fi
- am_cv_python_pythondir=`$PYTHON -c "
-$am_python_setup_sysconfig
-if can_use_sysconfig:
- if hasattr(sysconfig, 'get_default_scheme'):
- scheme = sysconfig.get_default_scheme()
- else:
- scheme = sysconfig._get_default_scheme()
- if scheme == 'posix_local':
- # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
- scheme = 'posix_prefix'
- sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'})
-else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
-sys.stdout.write(sitedir)"`
- #
- case $am_cv_python_pythondir in
- $am_py_prefix*)
- am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
- am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,\\${PYTHON_PREFIX},"`
- ;;
- *)
- case $am_py_prefix in
- /usr|/System*) ;;
- *) am_cv_python_pythondir="\${PYTHON_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
- ;;
- esac
- ;;
- esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5
-printf "%s\n" "$am_cv_python_pythondir" >&6; }
- pythondir=$am_cv_python_pythondir
-
-
- pkgpythondir=\${pythondir}/$PACKAGE
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory (pyexecdir)" >&5
-printf %s "checking for $am_display_PYTHON extension module directory (pyexecdir)... " >&6; }
-if test ${am_cv_python_pyexecdir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test "x$am_cv_python_exec_prefix" = x; then
- am_py_exec_prefix=$am__usable_exec_prefix
- else
- am_py_exec_prefix=$am_cv_python_exec_prefix
- fi
- am_cv_python_pyexecdir=`$PYTHON -c "
-$am_python_setup_sysconfig
-if can_use_sysconfig:
- if hasattr(sysconfig, 'get_default_scheme'):
- scheme = sysconfig.get_default_scheme()
- else:
- scheme = sysconfig._get_default_scheme()
- if scheme == 'posix_local':
- # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
- scheme = 'posix_prefix'
- sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'})
-else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_exec_prefix')
-sys.stdout.write(sitedir)"`
- #
- case $am_cv_python_pyexecdir in
- $am_py_exec_prefix*)
- am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
- am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,\\${PYTHON_EXEC_PREFIX},"`
- ;;
- *)
- case $am_py_exec_prefix in
- /usr|/System*) ;;
- *) am_cv_python_pyexecdir="\${PYTHON_EXEC_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
- ;;
- esac
- ;;
- esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5
-printf "%s\n" "$am_cv_python_pyexecdir" >&6; }
- pyexecdir=$am_cv_python_pyexecdir
-
-
- pkgpyexecdir=\${pyexecdir}/$PACKAGE
-
-
-
- fi
-
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether perl bindings are enabled" >&5
-printf %s "checking whether perl bindings are enabled... " >&6; }
-
-@%:@ Check whether --with-perl was given.
-if test ${with_perl+y}
-then :
- withval=$with_perl; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-printf "%s\n" "$withval" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-if test "$with_perl" = "yes"; then
- test -z "$SWIG" && as_fn_error $? "swig is required when enabling perl bindings" "$LINENO" 5
- # Extract the first word of "perl", so it can be a program name with args.
-set dummy perl; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PERL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PERL in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PERL="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PERL=$ac_cv_path_PERL
-if test -n "$PERL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
-printf "%s\n" "$PERL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -z "$PERL" && as_fn_error $? "perl is required when enabling perl bindings" "$LINENO" 5
- perl_includedir="`$PERL -e 'use Config; print $Config{archlib}'`/CORE"
- if test -e "$perl_includedir/perl.h"
-then :
- enable_perl=yes
-else $as_nop
- enable_perl=no
-fi
-fi
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ruby bindings are enabled" >&5
-printf %s "checking whether ruby bindings are enabled... " >&6; }
-
-@%:@ Check whether --with-ruby was given.
-if test ${with_ruby+y}
-then :
- withval=$with_ruby; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-printf "%s\n" "$withval" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-if test "$with_ruby" = "yes"; then
- test -z "$SWIG" && as_fn_error $? "swig is required when enabling ruby bindings" "$LINENO" 5
- # Extract the first word of "ruby", so it can be a program name with args.
-set dummy ruby; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_RUBY+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $RUBY in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_RUBY="$RUBY" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_RUBY="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-RUBY=$ac_cv_path_RUBY
-if test -n "$RUBY"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RUBY" >&5
-printf "%s\n" "$RUBY" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -z "$RUBY" && as_fn_error $? "ruby is required when enabling ruby bindings" "$LINENO" 5
-fi
-
-
- if test x$enable_man_pages = xyes; then
- ENABLE_MAN_PAGES_TRUE=
- ENABLE_MAN_PAGES_FALSE='#'
-else
- ENABLE_MAN_PAGES_TRUE='#'
- ENABLE_MAN_PAGES_FALSE=
-fi
-
- if test x$with_python = xyes; then
- HAVE_PYTHON_TRUE=
- HAVE_PYTHON_FALSE='#'
-else
- HAVE_PYTHON_TRUE='#'
- HAVE_PYTHON_FALSE=
-fi
-
- if test x$with_perl = xyes; then
- HAVE_PERL_TRUE=
- HAVE_PERL_FALSE='#'
-else
- HAVE_PERL_TRUE='#'
- HAVE_PERL_FALSE=
-fi
-
- if test x$with_ruby = xyes; then
- HAVE_RUBY_TRUE=
- HAVE_RUBY_FALSE='#'
-else
- HAVE_RUBY_TRUE='#'
- HAVE_RUBY_FALSE=
-fi
-
-
-ac_header= ac_cache=
-for ac_item in $ac_header_c_list
-do
- if test $ac_cache; then
- ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default"
- if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then
- printf "%s\n" "#define $ac_item 1" >> confdefs.h
- fi
- ac_header= ac_cache=
- elif test $ac_header; then
- ac_cache=$ac_item
- else
- ac_header=$ac_item
- fi
-done
-
-
-
-
-
-
-
-
-if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes
-then :
-
-printf "%s\n" "@%:@define STDC_HEADERS 1" >>confdefs.h
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
-printf %s "checking for grep that handles long lines and -e... " >&6; }
-if test ${ac_cv_path_GREP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -z "$GREP"; then
- ac_path_GREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in grep ggrep
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_GREP="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_GREP" || continue
-# Check for GNU ac_path_GREP and select it if it is found.
- # Check for GNU $ac_path_GREP
-case `"$ac_path_GREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" 'GREP' >> "conftest.nl"
- "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_GREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_GREP="$ac_path_GREP"
- ac_path_GREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_GREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_GREP"; then
- as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_GREP=$GREP
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
-printf "%s\n" "$ac_cv_path_GREP" >&6; }
- GREP="$ac_cv_path_GREP"
-
-
-# Autoupdate added the next two lines to ensure that your configure
-# script's behavior did not change. They are probably safe to remove.
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
-printf %s "checking for egrep... " >&6; }
-if test ${ac_cv_path_EGREP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
- then ac_cv_path_EGREP="$GREP -E"
- else
- if test -z "$EGREP"; then
- ac_path_EGREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in egrep
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_EGREP" || continue
-# Check for GNU ac_path_EGREP and select it if it is found.
- # Check for GNU $ac_path_EGREP
-case `"$ac_path_EGREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" 'EGREP' >> "conftest.nl"
- "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_EGREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_EGREP="$ac_path_EGREP"
- ac_path_EGREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_EGREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_EGREP"; then
- as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_EGREP=$EGREP
-fi
-
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
-printf "%s\n" "$ac_cv_path_EGREP" >&6; }
- EGREP="$ac_cv_path_EGREP"
-
-
-
-ac_fn_c_check_header_compile "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
-if test "x$ac_cv_header_unistd_h" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_UNISTD_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
-if test "x$ac_cv_header_stdint_h" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_STDINT_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "syslog.h" "ac_cv_header_syslog_h" "$ac_includes_default"
-if test "x$ac_cv_header_syslog_h" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_SYSLOG_H 1" >>confdefs.h
-
-fi
-
-
-ac_fn_c_check_func "$LINENO" "asprintf" "ac_cv_func_asprintf"
-if test "x$ac_cv_func_asprintf" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_ASPRINTF 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "__secure_getenv" "ac_cv_func___secure_getenv"
-if test "x$ac_cv_func___secure_getenv" = xyes
-then :
- printf "%s\n" "@%:@define HAVE___SECURE_GETENV 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "secure_getenv" "ac_cv_func_secure_getenv"
-if test "x$ac_cv_func_secure_getenv" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_SECURE_GETENV 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray"
-if test "x$ac_cv_func_reallocarray" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_REALLOCARRAY 1" >>confdefs.h
-
-fi
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
-printf %s "checking for an ANSI C-conforming const... " >&6; }
-if test ${ac_cv_c_const+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
-#ifndef __cplusplus
- /* Ultrix mips cc rejects this sort of thing. */
- typedef int charset[2];
- const charset cs = { 0, 0 };
- /* SunOS 4.1.1 cc rejects this. */
- char const *const *pcpcc;
- char **ppc;
- /* NEC SVR4.0.2 mips cc rejects this. */
- struct point {int x, y;};
- static struct point const zero = {0,0};
- /* IBM XL C 1.02.0.0 rejects this.
- It does not let you subtract one const X* pointer from another in
- an arm of an if-expression whose if-part is not a constant
- expression */
- const char *g = "string";
- pcpcc = &g + (g ? g-g : 0);
- /* HPUX 7.0 cc rejects these. */
- ++pcpcc;
- ppc = (char**) pcpcc;
- pcpcc = (char const *const *) ppc;
- { /* SCO 3.2v4 cc rejects this sort of thing. */
- char tx;
- char *t = &tx;
- char const *s = 0 ? (char *) 0 : (char const *) 0;
-
- *t++ = 0;
- if (s) return 0;
- }
- { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
- int x[] = {25, 17};
- const int *foo = &x[0];
- ++foo;
- }
- { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
- typedef const int *iptr;
- iptr p = 0;
- ++p;
- }
- { /* IBM XL C 1.02.0.0 rejects this sort of thing, saying
- "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
- struct s { int j; const int *ap[3]; } bx;
- struct s *b = &bx; b->j = 5;
- }
- { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
- const int foo = 10;
- if (!foo) return 0;
- }
- return !cs[0] && !zero.x;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_c_const=yes
-else $as_nop
- ac_cv_c_const=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
-printf "%s\n" "$ac_cv_c_const" >&6; }
-if test $ac_cv_c_const = no; then
-
-printf "%s\n" "@%:@define const /**/" >>confdefs.h
-
-fi
-
-case `pwd` in
- *\ * | *\ *)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
-printf "%s\n" "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
-esac
-
-
-
-macro_version='2.4.6'
-macro_revision='2.4.6'
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-ltmain=$ac_aux_dir/ltmain.sh
-
-
-
- # Make sure we can run config.sub.
-$SHELL "${ac_aux_dir}config.sub" sun4 >/dev/null 2>&1 ||
- as_fn_error $? "cannot run $SHELL ${ac_aux_dir}config.sub" "$LINENO" 5
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
-printf %s "checking build system type... " >&6; }
-if test ${ac_cv_build+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_build_alias=$build_alias
-test "x$ac_build_alias" = x &&
- ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"`
-test "x$ac_build_alias" = x &&
- as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
-ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` ||
- as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
-printf "%s\n" "$ac_cv_build" >&6; }
-case $ac_cv_build in
-*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
-esac
-build=$ac_cv_build
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_build
-shift
-build_cpu=$1
-build_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-build_os=$*
-IFS=$ac_save_IFS
-case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
-printf %s "checking host system type... " >&6; }
-if test ${ac_cv_host+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test "x$host_alias" = x; then
- ac_cv_host=$ac_cv_build
-else
- ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` ||
- as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
-printf "%s\n" "$ac_cv_host" >&6; }
-case $ac_cv_host in
-*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
-esac
-host=$ac_cv_host
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_host
-shift
-host_cpu=$1
-host_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-host_os=$*
-IFS=$ac_save_IFS
-case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
-
-
-# Backslashify metacharacters that are still active within
-# double-quoted strings.
-sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\(["`\\]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to delay expansion of an escaped single quote.
-delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-
-ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5
-printf %s "checking how to print strings... " >&6; }
-# Test print first, because it will be a builtin if present.
-if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
- test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
- ECHO='print -r --'
-elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
- ECHO='printf %s\n'
-else
- # Use this function as a fallback that always works.
- func_fallback_echo ()
- {
- eval 'cat <<_LTECHO_EOF
-$1
-_LTECHO_EOF'
- }
- ECHO='func_fallback_echo'
-fi
-
-# func_echo_all arg...
-# Invoke $ECHO with all args, space-separated.
-func_echo_all ()
-{
- $ECHO ""
-}
-
-case $ECHO in
- printf*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: printf" >&5
-printf "%s\n" "printf" >&6; } ;;
- print*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: print -r" >&5
-printf "%s\n" "print -r" >&6; } ;;
- *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: cat" >&5
-printf "%s\n" "cat" >&6; } ;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
-printf %s "checking for a sed that does not truncate output... " >&6; }
-if test ${ac_cv_path_SED+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
- for ac_i in 1 2 3 4 5 6 7; do
- ac_script="$ac_script$as_nl$ac_script"
- done
- echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
- { ac_script=; unset ac_script;}
- if test -z "$SED"; then
- ac_path_SED_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in sed gsed
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_SED" || continue
-# Check for GNU ac_path_SED and select it if it is found.
- # Check for GNU $ac_path_SED
-case `"$ac_path_SED" --version 2>&1` in
-*GNU*)
- ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" '' >> "conftest.nl"
- "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_SED_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_SED="$ac_path_SED"
- ac_path_SED_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_SED_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_SED"; then
- as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
- fi
-else
- ac_cv_path_SED=$SED
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
-printf "%s\n" "$ac_cv_path_SED" >&6; }
- SED="$ac_cv_path_SED"
- rm -f conftest.sed
-
-test -z "$SED" && SED=sed
-Xsed="$SED -e 1s/^X//"
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
-printf %s "checking for fgrep... " >&6; }
-if test ${ac_cv_path_FGREP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
- then ac_cv_path_FGREP="$GREP -F"
- else
- if test -z "$FGREP"; then
- ac_path_FGREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in fgrep
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_FGREP="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_FGREP" || continue
-# Check for GNU ac_path_FGREP and select it if it is found.
- # Check for GNU $ac_path_FGREP
-case `"$ac_path_FGREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" 'FGREP' >> "conftest.nl"
- "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_FGREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_FGREP="$ac_path_FGREP"
- ac_path_FGREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_FGREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_FGREP"; then
- as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_FGREP=$FGREP
-fi
-
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
-printf "%s\n" "$ac_cv_path_FGREP" >&6; }
- FGREP="$ac_cv_path_FGREP"
-
-
-test -z "$GREP" && GREP=grep
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-@%:@ Check whether --with-gnu-ld was given.
-if test ${with_gnu_ld+y}
-then :
- withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes
-else $as_nop
- with_gnu_ld=no
-fi
-
-ac_prog=ld
-if test yes = "$GCC"; then
- # Check if gcc -print-prog-name=ld gives a path.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
-printf %s "checking for ld used by $CC... " >&6; }
- case $host in
- *-*-mingw*)
- # gcc leaves a trailing carriage return, which upsets mingw
- ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
- *)
- ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
- esac
- case $ac_prog in
- # Accept absolute paths.
- [\\/]* | ?:[\\/]*)
- re_direlt='/[^/][^/]*/\.\./'
- # Canonicalize the pathname of ld
- ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
- while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
- ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
- done
- test -z "$LD" && LD=$ac_prog
- ;;
- "")
- # If it fails, then pretend we aren't using GCC.
- ac_prog=ld
- ;;
- *)
- # If it is relative, then search for the first ld in PATH.
- with_gnu_ld=unknown
- ;;
- esac
-elif test yes = "$with_gnu_ld"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
-printf %s "checking for GNU ld... " >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
-printf %s "checking for non-GNU ld... " >&6; }
-fi
-if test ${lt_cv_path_LD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -z "$LD"; then
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
- lt_cv_path_LD=$ac_dir/$ac_prog
- # Check to see if the program is GNU ld. I'd rather use --version,
- # but apparently some variants of GNU ld only accept -v.
- # Break only if it was the GNU/non-GNU ld that we prefer.
- case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
- *GNU* | *'with BFD'*)
- test no != "$with_gnu_ld" && break
- ;;
- *)
- test yes != "$with_gnu_ld" && break
- ;;
- esac
- fi
- done
- IFS=$lt_save_ifs
-else
- lt_cv_path_LD=$LD # Let the user override the test with a path.
-fi
-fi
-
-LD=$lt_cv_path_LD
-if test -n "$LD"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
-printf "%s\n" "$LD" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
-printf %s "checking if the linker ($LD) is GNU ld... " >&6; }
-if test ${lt_cv_prog_gnu_ld+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- # I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
- lt_cv_prog_gnu_ld=yes
- ;;
-*)
- lt_cv_prog_gnu_ld=no
- ;;
-esac
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
-printf "%s\n" "$lt_cv_prog_gnu_ld" >&6; }
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
-printf %s "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
-if test ${lt_cv_path_NM+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$NM"; then
- # Let the user override the test.
- lt_cv_path_NM=$NM
-else
- lt_nm_to_check=${ac_tool_prefix}nm
- if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
- lt_nm_to_check="$lt_nm_to_check nm"
- fi
- for lt_tmp_nm in $lt_nm_to_check; do
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- tmp_nm=$ac_dir/$lt_tmp_nm
- if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
- # Check to see if the nm accepts a BSD-compat flag.
- # Adding the 'sed 1q' prevents false positives on HP-UX, which says:
- # nm: unknown option "B" ignored
- # Tru64's nm complains that /dev/null is an invalid object file
- # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
- case $build_os in
- mingw*) lt_bad_file=conftest.nm/nofile ;;
- *) lt_bad_file=/dev/null ;;
- esac
- case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
- *$lt_bad_file* | *'Invalid file or object type'*)
- lt_cv_path_NM="$tmp_nm -B"
- break 2
- ;;
- *)
- case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
- */dev/null*)
- lt_cv_path_NM="$tmp_nm -p"
- break 2
- ;;
- *)
- lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
- continue # so that we can try to find one that supports BSD flags
- ;;
- esac
- ;;
- esac
- fi
- done
- IFS=$lt_save_ifs
- done
- : ${lt_cv_path_NM=no}
-fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
-printf "%s\n" "$lt_cv_path_NM" >&6; }
-if test no != "$lt_cv_path_NM"; then
- NM=$lt_cv_path_NM
-else
- # Didn't find any BSD compatible name lister, look for dumpbin.
- if test -n "$DUMPBIN"; then :
- # Let the user override the test.
- else
- if test -n "$ac_tool_prefix"; then
- for ac_prog in dumpbin "link -dump"
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_DUMPBIN+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$DUMPBIN"; then
- ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-DUMPBIN=$ac_cv_prog_DUMPBIN
-if test -n "$DUMPBIN"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
-printf "%s\n" "$DUMPBIN" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$DUMPBIN" && break
- done
-fi
-if test -z "$DUMPBIN"; then
- ac_ct_DUMPBIN=$DUMPBIN
- for ac_prog in dumpbin "link -dump"
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_DUMPBIN+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_DUMPBIN"; then
- ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
-if test -n "$ac_ct_DUMPBIN"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
-printf "%s\n" "$ac_ct_DUMPBIN" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$ac_ct_DUMPBIN" && break
-done
-
- if test "x$ac_ct_DUMPBIN" = x; then
- DUMPBIN=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- DUMPBIN=$ac_ct_DUMPBIN
- fi
-fi
-
- case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
- *COFF*)
- DUMPBIN="$DUMPBIN -symbols -headers"
- ;;
- *)
- DUMPBIN=:
- ;;
- esac
- fi
-
- if test : != "$DUMPBIN"; then
- NM=$DUMPBIN
- fi
-fi
-test -z "$NM" && NM=nm
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
-printf %s "checking the name lister ($NM) interface... " >&6; }
-if test ${lt_cv_nm_interface+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_nm_interface="BSD nm"
- echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5)
- (eval "$ac_compile" 2>conftest.err)
- cat conftest.err >&5
- (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
- (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
- cat conftest.err >&5
- (eval echo "\"\$as_me:$LINENO: output\"" >&5)
- cat conftest.out >&5
- if $GREP 'External.*some_variable' conftest.out > /dev/null; then
- lt_cv_nm_interface="MS dumpbin"
- fi
- rm -f conftest*
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
-printf "%s\n" "$lt_cv_nm_interface" >&6; }
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
-printf %s "checking whether ln -s works... " >&6; }
-LN_S=$as_ln_s
-if test "$LN_S" = "ln -s"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
-printf "%s\n" "no, using $LN_S" >&6; }
-fi
-
-# find the maximum length of command line arguments
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
-printf %s "checking the maximum length of command line arguments... " >&6; }
-if test ${lt_cv_sys_max_cmd_len+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- i=0
- teststring=ABCD
-
- case $build_os in
- msdosdjgpp*)
- # On DJGPP, this test can blow up pretty badly due to problems in libc
- # (any single argument exceeding 2000 bytes causes a buffer overrun
- # during glob expansion). Even if it were fixed, the result of this
- # check would be larger than it should be.
- lt_cv_sys_max_cmd_len=12288; # 12K is about right
- ;;
-
- gnu*)
- # Under GNU Hurd, this test is not required because there is
- # no limit to the length of command line arguments.
- # Libtool will interpret -1 as no limit whatsoever
- lt_cv_sys_max_cmd_len=-1;
- ;;
-
- cygwin* | mingw* | cegcc*)
- # On Win9x/ME, this test blows up -- it succeeds, but takes
- # about 5 minutes as the teststring grows exponentially.
- # Worse, since 9x/ME are not pre-emptively multitasking,
- # you end up with a "frozen" computer, even though with patience
- # the test eventually succeeds (with a max line length of 256k).
- # Instead, let's just punt: use the minimum linelength reported by
- # all of the supported platforms: 8192 (on NT/2K/XP).
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- mint*)
- # On MiNT this can take a long time and run out of memory.
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- amigaos*)
- # On AmigaOS with pdksh, this test takes hours, literally.
- # So we just punt and use a minimum line length of 8192.
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
- # This has been around since 386BSD, at least. Likely further.
- if test -x /sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
- elif test -x /usr/sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
- else
- lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
- fi
- # And add a safety zone
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- ;;
-
- interix*)
- # We know the value 262144 and hardcode it with a safety zone (like BSD)
- lt_cv_sys_max_cmd_len=196608
- ;;
-
- os2*)
- # The test takes a long time on OS/2.
- lt_cv_sys_max_cmd_len=8192
- ;;
-
- osf*)
- # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
- # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
- # nice to cause kernel panics so lets avoid the loop below.
- # First set a reasonable default.
- lt_cv_sys_max_cmd_len=16384
- #
- if test -x /sbin/sysconfig; then
- case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
- *1*) lt_cv_sys_max_cmd_len=-1 ;;
- esac
- fi
- ;;
- sco3.2v5*)
- lt_cv_sys_max_cmd_len=102400
- ;;
- sysv5* | sco5v6* | sysv4.2uw2*)
- kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
- if test -n "$kargmax"; then
- lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'`
- else
- lt_cv_sys_max_cmd_len=32768
- fi
- ;;
- *)
- lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
- if test -n "$lt_cv_sys_max_cmd_len" && \
- test undefined != "$lt_cv_sys_max_cmd_len"; then
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- else
- # Make teststring a little bigger before we do anything with it.
- # a 1K string should be a reasonable start.
- for i in 1 2 3 4 5 6 7 8; do
- teststring=$teststring$teststring
- done
- SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
- # If test is not a shell built-in, we'll probably end up computing a
- # maximum length that is only half of the actual maximum length, but
- # we can't tell.
- while { test X`env echo "$teststring$teststring" 2>/dev/null` \
- = "X$teststring$teststring"; } >/dev/null 2>&1 &&
- test 17 != "$i" # 1/2 MB should be enough
- do
- i=`expr $i + 1`
- teststring=$teststring$teststring
- done
- # Only check the string length outside the loop.
- lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
- teststring=
- # Add a significant safety factor because C++ compilers can tack on
- # massive amounts of additional arguments before passing them to the
- # linker. It appears as though 1/2 is a usable value.
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
- fi
- ;;
- esac
-
-fi
-
-if test -n "$lt_cv_sys_max_cmd_len"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
-printf "%s\n" "$lt_cv_sys_max_cmd_len" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5
-printf "%s\n" "none" >&6; }
-fi
-max_cmd_len=$lt_cv_sys_max_cmd_len
-
-
-
-
-
-
-: ${CP="cp -f"}
-: ${MV="mv -f"}
-: ${RM="rm -f"}
-
-if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
- lt_unset=unset
-else
- lt_unset=false
-fi
-
-
-
-
-
-# test EBCDIC or ASCII
-case `echo X|tr X '\101'` in
- A) # ASCII based system
- # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
- lt_SP2NL='tr \040 \012'
- lt_NL2SP='tr \015\012 \040\040'
- ;;
- *) # EBCDIC based system
- lt_SP2NL='tr \100 \n'
- lt_NL2SP='tr \r\n \100\100'
- ;;
-esac
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5
-printf %s "checking how to convert $build file names to $host format... " >&6; }
-if test ${lt_cv_to_host_file_cmd+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $host in
- *-*-mingw* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
- ;;
- *-*-cygwin* )
- lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
- ;;
- * ) # otherwise, assume *nix
- lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
- ;;
- esac
- ;;
- *-*-cygwin* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
- ;;
- *-*-cygwin* )
- lt_cv_to_host_file_cmd=func_convert_file_noop
- ;;
- * ) # otherwise, assume *nix
- lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
- ;;
- esac
- ;;
- * ) # unhandled hosts (and "normal" native builds)
- lt_cv_to_host_file_cmd=func_convert_file_noop
- ;;
-esac
-
-fi
-
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5
-printf "%s\n" "$lt_cv_to_host_file_cmd" >&6; }
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5
-printf %s "checking how to convert $build file names to toolchain format... " >&6; }
-if test ${lt_cv_to_tool_file_cmd+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- #assume ordinary cross tools, or native build.
-lt_cv_to_tool_file_cmd=func_convert_file_noop
-case $host in
- *-*-mingw* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
- ;;
- esac
- ;;
-esac
-
-fi
-
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5
-printf "%s\n" "$lt_cv_to_tool_file_cmd" >&6; }
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
-printf %s "checking for $LD option to reload object files... " >&6; }
-if test ${lt_cv_ld_reload_flag+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ld_reload_flag='-r'
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
-printf "%s\n" "$lt_cv_ld_reload_flag" >&6; }
-reload_flag=$lt_cv_ld_reload_flag
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-case $host_os in
- cygwin* | mingw* | pw32* | cegcc*)
- if test yes != "$GCC"; then
- reload_cmds=false
- fi
- ;;
- darwin*)
- if test yes = "$GCC"; then
- reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
- else
- reload_cmds='$LD$reload_flag -o $output$reload_objs'
- fi
- ;;
-esac
-
-
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
-set dummy ${ac_tool_prefix}objdump; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_OBJDUMP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$OBJDUMP"; then
- ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OBJDUMP=$ac_cv_prog_OBJDUMP
-if test -n "$OBJDUMP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
-printf "%s\n" "$OBJDUMP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OBJDUMP"; then
- ac_ct_OBJDUMP=$OBJDUMP
- # Extract the first word of "objdump", so it can be a program name with args.
-set dummy objdump; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_OBJDUMP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_OBJDUMP"; then
- ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_OBJDUMP="objdump"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
-if test -n "$ac_ct_OBJDUMP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
-printf "%s\n" "$ac_ct_OBJDUMP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_OBJDUMP" = x; then
- OBJDUMP="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OBJDUMP=$ac_ct_OBJDUMP
- fi
-else
- OBJDUMP="$ac_cv_prog_OBJDUMP"
-fi
-
-test -z "$OBJDUMP" && OBJDUMP=objdump
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
-printf %s "checking how to recognize dependent libraries... " >&6; }
-if test ${lt_cv_deplibs_check_method+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# 'unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# that responds to the $file_magic_cmd with a given extended regex.
-# If you have 'file' or equivalent on your system and you're not sure
-# whether 'pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix[4-9]*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-beos*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-bsdi[45]*)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
- lt_cv_file_magic_cmd='/usr/bin/file -L'
- lt_cv_file_magic_test_file=/shlib/libc.so
- ;;
-
-cygwin*)
- # func_win32_libid is a shell function defined in ltmain.sh
- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
- lt_cv_file_magic_cmd='func_win32_libid'
- ;;
-
-mingw* | pw32*)
- # Base MSYS/MinGW do not provide the 'file' command needed by
- # func_win32_libid shell function, so use a weaker test based on 'objdump',
- # unless we find 'file', for example because we are cross-compiling.
- if ( file / ) >/dev/null 2>&1; then
- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
- lt_cv_file_magic_cmd='func_win32_libid'
- else
- # Keep this pattern in sync with the one in func_win32_libid.
- lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
- lt_cv_file_magic_cmd='$OBJDUMP -f'
- fi
- ;;
-
-cegcc*)
- # use the weaker test based on 'objdump'. See mingw*.
- lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
- lt_cv_file_magic_cmd='$OBJDUMP -f'
- ;;
-
-darwin* | rhapsody*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-freebsd* | dragonfly*)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
- case $host_cpu in
- i*86 )
- # Not sure whether the presence of OpenBSD here was a mistake.
- # Let's accept both of them until this is cleared up.
- lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
- lt_cv_file_magic_cmd=/usr/bin/file
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
- ;;
- esac
- else
- lt_cv_deplibs_check_method=pass_all
- fi
- ;;
-
-haiku*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-hpux10.20* | hpux11*)
- lt_cv_file_magic_cmd=/usr/bin/file
- case $host_cpu in
- ia64*)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
- lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
- ;;
- hppa*64*)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'
- lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
- ;;
- *)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library'
- lt_cv_file_magic_test_file=/usr/lib/libc.sl
- ;;
- esac
- ;;
-
-interix[3-9]*)
- # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
- ;;
-
-irix5* | irix6* | nonstopux*)
- case $LD in
- *-32|*"-32 ") libmagic=32-bit;;
- *-n32|*"-n32 ") libmagic=N32;;
- *-64|*"-64 ") libmagic=64-bit;;
- *) libmagic=never-match;;
- esac
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
- else
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
- fi
- ;;
-
-newos6*)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
- lt_cv_file_magic_cmd=/usr/bin/file
- lt_cv_file_magic_test_file=/usr/lib/libnls.so
- ;;
-
-*nto* | *qnx*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-openbsd* | bitrig*)
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
- else
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
- fi
- ;;
-
-osf3* | osf4* | osf5*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-rdos*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-solaris*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-sysv4 | sysv4.3*)
- case $host_vendor in
- motorola)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
- ;;
- ncr)
- lt_cv_deplibs_check_method=pass_all
- ;;
- sequent)
- lt_cv_file_magic_cmd='/bin/file'
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
- ;;
- sni)
- lt_cv_file_magic_cmd='/bin/file'
- lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
- lt_cv_file_magic_test_file=/lib/libc.so
- ;;
- siemens)
- lt_cv_deplibs_check_method=pass_all
- ;;
- pc)
- lt_cv_deplibs_check_method=pass_all
- ;;
- esac
- ;;
-
-tpf*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-os2*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
-printf "%s\n" "$lt_cv_deplibs_check_method" >&6; }
-
-file_magic_glob=
-want_nocaseglob=no
-if test "$build" = "$host"; then
- case $host_os in
- mingw* | pw32*)
- if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
- want_nocaseglob=yes
- else
- file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"`
- fi
- ;;
- esac
-fi
-
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args.
-set dummy ${ac_tool_prefix}dlltool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_DLLTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$DLLTOOL"; then
- ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-DLLTOOL=$ac_cv_prog_DLLTOOL
-if test -n "$DLLTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5
-printf "%s\n" "$DLLTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_DLLTOOL"; then
- ac_ct_DLLTOOL=$DLLTOOL
- # Extract the first word of "dlltool", so it can be a program name with args.
-set dummy dlltool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_DLLTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_DLLTOOL"; then
- ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_DLLTOOL="dlltool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL
-if test -n "$ac_ct_DLLTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5
-printf "%s\n" "$ac_ct_DLLTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_DLLTOOL" = x; then
- DLLTOOL="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- DLLTOOL=$ac_ct_DLLTOOL
- fi
-else
- DLLTOOL="$ac_cv_prog_DLLTOOL"
-fi
-
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5
-printf %s "checking how to associate runtime and link libraries... " >&6; }
-if test ${lt_cv_sharedlib_from_linklib_cmd+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_sharedlib_from_linklib_cmd='unknown'
-
-case $host_os in
-cygwin* | mingw* | pw32* | cegcc*)
- # two different shell functions defined in ltmain.sh;
- # decide which one to use based on capabilities of $DLLTOOL
- case `$DLLTOOL --help 2>&1` in
- *--identify-strict*)
- lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
- ;;
- *)
- lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
- ;;
- esac
- ;;
-*)
- # fallback: assume linklib IS sharedlib
- lt_cv_sharedlib_from_linklib_cmd=$ECHO
- ;;
-esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5
-printf "%s\n" "$lt_cv_sharedlib_from_linklib_cmd" >&6; }
-sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
-test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- for ac_prog in ar
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_AR+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$AR"; then
- ac_cv_prog_AR="$AR" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-AR=$ac_cv_prog_AR
-if test -n "$AR"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
-printf "%s\n" "$AR" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$AR" && break
- done
-fi
-if test -z "$AR"; then
- ac_ct_AR=$AR
- for ac_prog in ar
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_AR+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_AR"; then
- ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_AR="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_AR=$ac_cv_prog_ac_ct_AR
-if test -n "$ac_ct_AR"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
-printf "%s\n" "$ac_ct_AR" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$ac_ct_AR" && break
-done
-
- if test "x$ac_ct_AR" = x; then
- AR="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- AR=$ac_ct_AR
- fi
-fi
-
-: ${AR=ar}
-: ${AR_FLAGS=cr}
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5
-printf %s "checking for archiver @FILE support... " >&6; }
-if test ${lt_cv_ar_at_file+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ar_at_file=no
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- echo conftest.$ac_objext > conftest.lst
- lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5'
- { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
- (eval $lt_ar_try) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if test 0 -eq "$ac_status"; then
- # Ensure the archiver fails upon bogus file names.
- rm -f conftest.$ac_objext libconftest.a
- { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
- (eval $lt_ar_try) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if test 0 -ne "$ac_status"; then
- lt_cv_ar_at_file=@
- fi
- fi
- rm -f conftest.* libconftest.a
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5
-printf "%s\n" "$lt_cv_ar_at_file" >&6; }
-
-if test no = "$lt_cv_ar_at_file"; then
- archiver_list_spec=
-else
- archiver_list_spec=$lt_cv_ar_at_file
-fi
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$STRIP"; then
- ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-printf "%s\n" "$STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
- ac_ct_STRIP=$STRIP
- # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_STRIP"; then
- ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_STRIP="strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-printf "%s\n" "$ac_ct_STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_STRIP" = x; then
- STRIP=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- STRIP=$ac_ct_STRIP
- fi
-else
- STRIP="$ac_cv_prog_STRIP"
-fi
-
-test -z "$STRIP" && STRIP=:
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
-set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_RANLIB+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$RANLIB"; then
- ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-RANLIB=$ac_cv_prog_RANLIB
-if test -n "$RANLIB"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
-printf "%s\n" "$RANLIB" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_RANLIB"; then
- ac_ct_RANLIB=$RANLIB
- # Extract the first word of "ranlib", so it can be a program name with args.
-set dummy ranlib; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_RANLIB+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_RANLIB"; then
- ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_RANLIB="ranlib"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
-if test -n "$ac_ct_RANLIB"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
-printf "%s\n" "$ac_ct_RANLIB" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_RANLIB" = x; then
- RANLIB=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- RANLIB=$ac_ct_RANLIB
- fi
-else
- RANLIB="$ac_cv_prog_RANLIB"
-fi
-
-test -z "$RANLIB" && RANLIB=:
-
-
-
-
-
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
- case $host_os in
- bitrig* | openbsd*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
- ;;
- *)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
- ;;
- esac
- old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
-fi
-
-case $host_os in
- darwin*)
- lock_old_archive_extraction=yes ;;
- *)
- lock_old_archive_extraction=no ;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
-printf %s "checking command to parse $NM output from $compiler object... " >&6; }
-if test ${lt_cv_sys_global_symbol_pipe+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix. What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[BCDEGRST]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
-
-# Define system-specific variables.
-case $host_os in
-aix*)
- symcode='[BCDT]'
- ;;
-cygwin* | mingw* | pw32* | cegcc*)
- symcode='[ABCDGISTW]'
- ;;
-hpux*)
- if test ia64 = "$host_cpu"; then
- symcode='[ABCDEGRST]'
- fi
- ;;
-irix* | nonstopux*)
- symcode='[BCDEGRST]'
- ;;
-osf*)
- symcode='[BCDEGQRST]'
- ;;
-solaris*)
- symcode='[BDRT]'
- ;;
-sco3.2v5*)
- symcode='[DT]'
- ;;
-sysv4.2uw2*)
- symcode='[DT]'
- ;;
-sysv5* | sco5v6* | unixware* | OpenUNIX*)
- symcode='[ABDT]'
- ;;
-sysv4)
- symcode='[DFNSTU]'
- ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-case `$NM -V 2>&1` in
-*GNU* | *'with BFD'*)
- symcode='[ABCDGIRSTW]' ;;
-esac
-
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- # Gets list of data symbols to import.
- lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
- # Adjust the below global symbol transforms to fixup imported variables.
- lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
- lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'"
- lt_c_name_lib_hook="\
- -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\
- -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'"
-else
- # Disable hooks by default.
- lt_cv_sys_global_symbol_to_import=
- lt_cdecl_hook=
- lt_c_name_hook=
- lt_c_name_lib_hook=
-fi
-
-# Transform an extracted symbol line into a proper C declaration.
-# Some systems (esp. on ia64) link data and code symbols differently,
-# so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
-$lt_cdecl_hook\
-" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
-$lt_c_name_hook\
-" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'"
-
-# Transform an extracted symbol line into symbol name with lib prefix and
-# symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
-$lt_c_name_lib_hook\
-" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'"
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $build_os in
-mingw*)
- opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
- ;;
-esac
-
-# Try without a prefix underscore, then with it.
-for ac_symprfx in "" "_"; do
-
- # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
- symxfrm="\\1 $ac_symprfx\\2 \\2"
-
- # Write the raw and C identifiers.
- if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- # Fake it for dumpbin and say T for any non-static function,
- # D for any global variable and I for any imported variable.
- # Also find C++ and __fastcall symbols from MSVC++,
- # which start with @ or ?.
- lt_cv_sys_global_symbol_pipe="$AWK '"\
-" {last_section=section; section=\$ 3};"\
-" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
-" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
-" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
-" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
-" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
-" \$ 0!~/External *\|/{next};"\
-" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
-" {if(hide[section]) next};"\
-" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
-" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
-" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
-" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
-" ' prfx=^$ac_symprfx"
- else
- lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
- fi
- lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
-
- # Check to see that the pipe works correctly.
- pipe_works=no
-
- rm -f conftest*
- cat > conftest.$ac_ext <<_LT_EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(void);
-void nm_test_func(void){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-_LT_EOF
-
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- # Now try to grab the symbols.
- nlist=conftest.nm
- $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&5
- if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&5 && test -s "$nlist"; then
- # Try sorting and uniquifying the output.
- if sort "$nlist" | uniq > "$nlist"T; then
- mv -f "$nlist"T "$nlist"
- else
- rm -f "$nlist"T
- fi
-
- # Make sure that we snagged all the symbols we need.
- if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
- if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
- cat <<_LT_EOF > conftest.$ac_ext
-/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */
-#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
-/* DATA imports from DLLs on WIN32 can't be const, because runtime
- relocations are performed -- see ld's documentation on pseudo-relocs. */
-# define LT@&t@_DLSYM_CONST
-#elif defined __osf__
-/* This system does not cope well with relocations in const data. */
-# define LT@&t@_DLSYM_CONST
-#else
-# define LT@&t@_DLSYM_CONST const
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-_LT_EOF
- # Now generate the symbol file.
- eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
-
- cat <<_LT_EOF >> conftest.$ac_ext
-
-/* The mapping between symbol names and symbols. */
-LT@&t@_DLSYM_CONST struct {
- const char *name;
- void *address;
-}
-lt__PROGRAM__LTX_preloaded_symbols[] =
-{
- { "@PROGRAM@", (void *) 0 },
-_LT_EOF
- $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
- cat <<\_LT_EOF >> conftest.$ac_ext
- {0, (void *) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
- return lt__PROGRAM__LTX_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-_LT_EOF
- # Now try linking the two files.
- mv conftest.$ac_objext conftstm.$ac_objext
- lt_globsym_save_LIBS=$LIBS
- lt_globsym_save_CFLAGS=$CFLAGS
- LIBS=conftstm.$ac_objext
- CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s conftest$ac_exeext; then
- pipe_works=yes
- fi
- LIBS=$lt_globsym_save_LIBS
- CFLAGS=$lt_globsym_save_CFLAGS
- else
- echo "cannot find nm_test_func in $nlist" >&5
- fi
- else
- echo "cannot find nm_test_var in $nlist" >&5
- fi
- else
- echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
- fi
- else
- echo "$progname: failed program was:" >&5
- cat conftest.$ac_ext >&5
- fi
- rm -rf conftest* conftst*
-
- # Do not use the global_symbol_pipe unless it works.
- if test yes = "$pipe_works"; then
- break
- else
- lt_cv_sys_global_symbol_pipe=
- fi
-done
-
-fi
-
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
- lt_cv_sys_global_symbol_to_cdecl=
-fi
-if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: failed" >&5
-printf "%s\n" "failed" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok" >&5
-printf "%s\n" "ok" >&6; }
-fi
-
-# Response file support.
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- nm_file_list_spec='@'
-elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then
- nm_file_list_spec='@'
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5
-printf %s "checking for sysroot... " >&6; }
-
-@%:@ Check whether --with-sysroot was given.
-if test ${with_sysroot+y}
-then :
- withval=$with_sysroot;
-else $as_nop
- with_sysroot=no
-fi
-
-
-lt_sysroot=
-case $with_sysroot in #(
- yes)
- if test yes = "$GCC"; then
- lt_sysroot=`$CC --print-sysroot 2>/dev/null`
- fi
- ;; #(
- /*)
- lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
- ;; #(
- no|'')
- ;; #(
- *)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5
-printf "%s\n" "$with_sysroot" >&6; }
- as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5
- ;;
-esac
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5
-printf "%s\n" "${lt_sysroot:-no}" >&6; }
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5
-printf %s "checking for a working dd... " >&6; }
-if test ${ac_cv_path_lt_DD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-: ${lt_DD:=$DD}
-if test -z "$lt_DD"; then
- ac_path_lt_DD_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in dd
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_lt_DD="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_lt_DD" || continue
-if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
- cmp -s conftest.i conftest.out \
- && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
-fi
- $ac_path_lt_DD_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_lt_DD"; then
- :
- fi
-else
- ac_cv_path_lt_DD=$lt_DD
-fi
-
-rm -f conftest.i conftest2.i conftest.out
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5
-printf "%s\n" "$ac_cv_path_lt_DD" >&6; }
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5
-printf %s "checking how to truncate binary pipes... " >&6; }
-if test ${lt_cv_truncate_bin+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-lt_cv_truncate_bin=
-if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
- cmp -s conftest.i conftest.out \
- && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
-fi
-rm -f conftest.i conftest2.i conftest.out
-test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5
-printf "%s\n" "$lt_cv_truncate_bin" >&6; }
-
-
-
-
-
-
-
-# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
- for cc_temp in @S|@*""; do
- case $cc_temp in
- compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
- distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
- \-*) ;;
- *) break;;
- esac
- done
- func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-
-@%:@ Check whether --enable-libtool-lock was given.
-if test ${enable_libtool_lock+y}
-then :
- enableval=$enable_libtool_lock;
-fi
-
-test no = "$enable_libtool_lock" || enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-ia64-*-hpux*)
- # Find out what ABI is being produced by ac_compile, and set mode
- # options accordingly.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.$ac_objext` in
- *ELF-32*)
- HPUX_IA64_MODE=32
- ;;
- *ELF-64*)
- HPUX_IA64_MODE=64
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-*-*-irix6*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo '#line '$LINENO' "configure"' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- if test yes = "$lt_cv_prog_gnu_ld"; then
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- LD="${LD-ld} -melf32bsmip"
- ;;
- *N32*)
- LD="${LD-ld} -melf32bmipn32"
- ;;
- *64-bit*)
- LD="${LD-ld} -melf64bmip"
- ;;
- esac
- else
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- LD="${LD-ld} -32"
- ;;
- *N32*)
- LD="${LD-ld} -n32"
- ;;
- *64-bit*)
- LD="${LD-ld} -64"
- ;;
- esac
- fi
- fi
- rm -rf conftest*
- ;;
-
-mips64*-*linux*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo '#line '$LINENO' "configure"' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- emul=elf
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- emul="${emul}32"
- ;;
- *64-bit*)
- emul="${emul}64"
- ;;
- esac
- case `/usr/bin/file conftest.$ac_objext` in
- *MSB*)
- emul="${emul}btsmip"
- ;;
- *LSB*)
- emul="${emul}ltsmip"
- ;;
- esac
- case `/usr/bin/file conftest.$ac_objext` in
- *N32*)
- emul="${emul}n32"
- ;;
- esac
- LD="${LD-ld} -m $emul"
- fi
- rm -rf conftest*
- ;;
-
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
-s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly. Note that the listed cases only cover the
- # situations where additional linker options are needed (such as when
- # doing 32-bit compilation for a host where ld defaults to 64-bit, or
- # vice versa); the common cases where no linker options are needed do
- # not appear in the list.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.o` in
- *32-bit*)
- case $host in
- x86_64-*kfreebsd*-gnu)
- LD="${LD-ld} -m elf_i386_fbsd"
- ;;
- x86_64-*linux*)
- case `/usr/bin/file conftest.o` in
- *x86-64*)
- LD="${LD-ld} -m elf32_x86_64"
- ;;
- *)
- LD="${LD-ld} -m elf_i386"
- ;;
- esac
- ;;
- powerpc64le-*linux*)
- LD="${LD-ld} -m elf32lppclinux"
- ;;
- powerpc64-*linux*)
- LD="${LD-ld} -m elf32ppclinux"
- ;;
- s390x-*linux*)
- LD="${LD-ld} -m elf_s390"
- ;;
- sparc64-*linux*)
- LD="${LD-ld} -m elf32_sparc"
- ;;
- esac
- ;;
- *64-bit*)
- case $host in
- x86_64-*kfreebsd*-gnu)
- LD="${LD-ld} -m elf_x86_64_fbsd"
- ;;
- x86_64-*linux*)
- LD="${LD-ld} -m elf_x86_64"
- ;;
- powerpcle-*linux*)
- LD="${LD-ld} -m elf64lppc"
- ;;
- powerpc-*linux*)
- LD="${LD-ld} -m elf64ppc"
- ;;
- s390*-*linux*|s390*-*tpf*)
- LD="${LD-ld} -m elf64_s390"
- ;;
- sparc*-*linux*)
- LD="${LD-ld} -m elf64_sparc"
- ;;
- esac
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-
-*-*-sco3.2v5*)
- # On SCO OpenServer 5, we need -belf to get full-featured binaries.
- SAVE_CFLAGS=$CFLAGS
- CFLAGS="$CFLAGS -belf"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
-printf %s "checking whether the C compiler needs -belf... " >&6; }
-if test ${lt_cv_cc_needs_belf+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- lt_cv_cc_needs_belf=yes
-else $as_nop
- lt_cv_cc_needs_belf=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
-printf "%s\n" "$lt_cv_cc_needs_belf" >&6; }
- if test yes != "$lt_cv_cc_needs_belf"; then
- # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
- CFLAGS=$SAVE_CFLAGS
- fi
- ;;
-*-*solaris*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.o` in
- *64-bit*)
- case $lt_cv_prog_gnu_ld in
- yes*)
- case $host in
- i?86-*-solaris*|x86_64-*-solaris*)
- LD="${LD-ld} -m elf_x86_64"
- ;;
- sparc*-*-solaris*)
- LD="${LD-ld} -m elf64_sparc"
- ;;
- esac
- # GNU ld 2.21 introduced _sol2 emulations. Use them if available.
- if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
- LD=${LD-ld}_sol2
- fi
- ;;
- *)
- if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
- LD="${LD-ld} -64"
- fi
- ;;
- esac
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-esac
-
-need_locks=$enable_libtool_lock
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args.
-set dummy ${ac_tool_prefix}mt; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_MANIFEST_TOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$MANIFEST_TOOL"; then
- ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL
-if test -n "$MANIFEST_TOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5
-printf "%s\n" "$MANIFEST_TOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_MANIFEST_TOOL"; then
- ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL
- # Extract the first word of "mt", so it can be a program name with args.
-set dummy mt; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_MANIFEST_TOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_MANIFEST_TOOL"; then
- ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_MANIFEST_TOOL="mt"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL
-if test -n "$ac_ct_MANIFEST_TOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5
-printf "%s\n" "$ac_ct_MANIFEST_TOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_MANIFEST_TOOL" = x; then
- MANIFEST_TOOL=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL
- fi
-else
- MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL"
-fi
-
-test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5
-printf %s "checking if $MANIFEST_TOOL is a manifest tool... " >&6; }
-if test ${lt_cv_path_mainfest_tool+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_path_mainfest_tool=no
- echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5
- $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
- cat conftest.err >&5
- if $GREP 'Manifest Tool' conftest.out > /dev/null; then
- lt_cv_path_mainfest_tool=yes
- fi
- rm -f conftest*
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5
-printf "%s\n" "$lt_cv_path_mainfest_tool" >&6; }
-if test yes != "$lt_cv_path_mainfest_tool"; then
- MANIFEST_TOOL=:
-fi
-
-
-
-
-
-
- case $host_os in
- rhapsody* | darwin*)
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
-set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_DSYMUTIL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$DSYMUTIL"; then
- ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-DSYMUTIL=$ac_cv_prog_DSYMUTIL
-if test -n "$DSYMUTIL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
-printf "%s\n" "$DSYMUTIL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_DSYMUTIL"; then
- ac_ct_DSYMUTIL=$DSYMUTIL
- # Extract the first word of "dsymutil", so it can be a program name with args.
-set dummy dsymutil; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_DSYMUTIL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_DSYMUTIL"; then
- ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
-if test -n "$ac_ct_DSYMUTIL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
-printf "%s\n" "$ac_ct_DSYMUTIL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_DSYMUTIL" = x; then
- DSYMUTIL=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- DSYMUTIL=$ac_ct_DSYMUTIL
- fi
-else
- DSYMUTIL="$ac_cv_prog_DSYMUTIL"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
-set dummy ${ac_tool_prefix}nmedit; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_NMEDIT+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$NMEDIT"; then
- ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-NMEDIT=$ac_cv_prog_NMEDIT
-if test -n "$NMEDIT"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
-printf "%s\n" "$NMEDIT" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_NMEDIT"; then
- ac_ct_NMEDIT=$NMEDIT
- # Extract the first word of "nmedit", so it can be a program name with args.
-set dummy nmedit; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_NMEDIT+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_NMEDIT"; then
- ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_NMEDIT="nmedit"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
-if test -n "$ac_ct_NMEDIT"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
-printf "%s\n" "$ac_ct_NMEDIT" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_NMEDIT" = x; then
- NMEDIT=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- NMEDIT=$ac_ct_NMEDIT
- fi
-else
- NMEDIT="$ac_cv_prog_NMEDIT"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
-set dummy ${ac_tool_prefix}lipo; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_LIPO+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$LIPO"; then
- ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-LIPO=$ac_cv_prog_LIPO
-if test -n "$LIPO"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
-printf "%s\n" "$LIPO" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_LIPO"; then
- ac_ct_LIPO=$LIPO
- # Extract the first word of "lipo", so it can be a program name with args.
-set dummy lipo; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_LIPO+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_LIPO"; then
- ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_LIPO="lipo"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
-if test -n "$ac_ct_LIPO"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
-printf "%s\n" "$ac_ct_LIPO" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_LIPO" = x; then
- LIPO=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- LIPO=$ac_ct_LIPO
- fi
-else
- LIPO="$ac_cv_prog_LIPO"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
-set dummy ${ac_tool_prefix}otool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_OTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$OTOOL"; then
- ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OTOOL=$ac_cv_prog_OTOOL
-if test -n "$OTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
-printf "%s\n" "$OTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OTOOL"; then
- ac_ct_OTOOL=$OTOOL
- # Extract the first word of "otool", so it can be a program name with args.
-set dummy otool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_OTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_OTOOL"; then
- ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_OTOOL="otool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
-if test -n "$ac_ct_OTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
-printf "%s\n" "$ac_ct_OTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_OTOOL" = x; then
- OTOOL=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OTOOL=$ac_ct_OTOOL
- fi
-else
- OTOOL="$ac_cv_prog_OTOOL"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
-set dummy ${ac_tool_prefix}otool64; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_OTOOL64+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$OTOOL64"; then
- ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OTOOL64=$ac_cv_prog_OTOOL64
-if test -n "$OTOOL64"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
-printf "%s\n" "$OTOOL64" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OTOOL64"; then
- ac_ct_OTOOL64=$OTOOL64
- # Extract the first word of "otool64", so it can be a program name with args.
-set dummy otool64; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_OTOOL64+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_OTOOL64"; then
- ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_OTOOL64="otool64"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
-if test -n "$ac_ct_OTOOL64"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
-printf "%s\n" "$ac_ct_OTOOL64" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_OTOOL64" = x; then
- OTOOL64=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OTOOL64=$ac_ct_OTOOL64
- fi
-else
- OTOOL64="$ac_cv_prog_OTOOL64"
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
-printf %s "checking for -single_module linker flag... " >&6; }
-if test ${lt_cv_apple_cc_single_mod+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_apple_cc_single_mod=no
- if test -z "$LT_MULTI_MODULE"; then
- # By default we will add the -single_module flag. You can override
- # by either setting the environment variable LT_MULTI_MODULE
- # non-empty at configure time, or by adding -multi_module to the
- # link flags.
- rm -rf libconftest.dylib*
- echo "int foo(void){return 1;}" > conftest.c
- echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
--dynamiclib -Wl,-single_module conftest.c" >&5
- $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
- -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
- _lt_result=$?
- # If there is a non-empty error log, and "single_module"
- # appears in it, assume the flag caused a linker warning
- if test -s conftest.err && $GREP single_module conftest.err; then
- cat conftest.err >&5
- # Otherwise, if the output was created with a 0 exit code from
- # the compiler, it worked.
- elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
- lt_cv_apple_cc_single_mod=yes
- else
- cat conftest.err >&5
- fi
- rm -rf libconftest.dylib*
- rm -f conftest.*
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
-printf "%s\n" "$lt_cv_apple_cc_single_mod" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
-printf %s "checking for -exported_symbols_list linker flag... " >&6; }
-if test ${lt_cv_ld_exported_symbols_list+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ld_exported_symbols_list=no
- save_LDFLAGS=$LDFLAGS
- echo "_main" > conftest.sym
- LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- lt_cv_ld_exported_symbols_list=yes
-else $as_nop
- lt_cv_ld_exported_symbols_list=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
-printf "%s\n" "$lt_cv_ld_exported_symbols_list" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5
-printf %s "checking for -force_load linker flag... " >&6; }
-if test ${lt_cv_ld_force_load+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ld_force_load=no
- cat > conftest.c << _LT_EOF
-int forced_loaded() { return 2;}
-_LT_EOF
- echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5
- $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5
- echo "$AR cr libconftest.a conftest.o" >&5
- $AR cr libconftest.a conftest.o 2>&5
- echo "$RANLIB libconftest.a" >&5
- $RANLIB libconftest.a 2>&5
- cat > conftest.c << _LT_EOF
-int main() { return 0;}
-_LT_EOF
- echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5
- $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
- _lt_result=$?
- if test -s conftest.err && $GREP force_load conftest.err; then
- cat conftest.err >&5
- elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
- lt_cv_ld_force_load=yes
- else
- cat conftest.err >&5
- fi
- rm -f conftest.err libconftest.a conftest conftest.c
- rm -rf conftest.dSYM
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5
-printf "%s\n" "$lt_cv_ld_force_load" >&6; }
- case $host_os in
- rhapsody* | darwin1.[012])
- _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
- darwin1.*)
- _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- darwin*) # darwin 5.x on
- # if running on 10.5 or later, the deployment target defaults
- # to the OS version, if on x86, and 10.4, the deployment
- # target defaults to 10.4. Don't you love it?
- case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
- 10.0,*86*-darwin8*|10.0,*-darwin[912]*)
- _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
- 10.[012][,.]*)
- _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- 10.*|11.*)
- _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
- esac
- ;;
- esac
- if test yes = "$lt_cv_apple_cc_single_mod"; then
- _lt_dar_single_mod='$single_module'
- fi
- if test yes = "$lt_cv_ld_exported_symbols_list"; then
- _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
- else
- _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
- fi
- if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
- _lt_dsymutil='~$DSYMUTIL $lib || :'
- else
- _lt_dsymutil=
- fi
- ;;
- esac
-
-# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-# string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-# string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-# string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-# "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-# VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
- case x@S|@2 in
- x)
- ;;
- *:)
- eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
- ;;
- x:*)
- eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
- ;;
- *::*)
- eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
- eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
- ;;
- *)
- eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
- ;;
- esac
-}
-
-ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
-"
-if test "x$ac_cv_header_dlfcn_h" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_DLFCN_H 1" >>confdefs.h
-
-fi
-
-
-
-
-
-# Set options
-
-
-
- enable_dlopen=no
-
-
- enable_win32_dll=no
-
-
- @%:@ Check whether --enable-shared was given.
-if test ${enable_shared+y}
-then :
- enableval=$enable_shared; p=${PACKAGE-default}
- case $enableval in
- yes) enable_shared=yes ;;
- no) enable_shared=no ;;
- *)
- enable_shared=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_shared=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- enable_shared=yes
-fi
-
-
-
-
-
-
-
-
-
- @%:@ Check whether --enable-static was given.
-if test ${enable_static+y}
-then :
- enableval=$enable_static; p=${PACKAGE-default}
- case $enableval in
- yes) enable_static=yes ;;
- no) enable_static=no ;;
- *)
- enable_static=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_static=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- enable_static=yes
-fi
-
-
-
-
-
-
-
-
-
-
-@%:@ Check whether --with-pic was given.
-if test ${with_pic+y}
-then :
- withval=$with_pic; lt_p=${PACKAGE-default}
- case $withval in
- yes|no) pic_mode=$withval ;;
- *)
- pic_mode=default
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for lt_pkg in $withval; do
- IFS=$lt_save_ifs
- if test "X$lt_pkg" = "X$lt_p"; then
- pic_mode=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- pic_mode=default
-fi
-
-
-
-
-
-
-
-
- @%:@ Check whether --enable-fast-install was given.
-if test ${enable_fast_install+y}
-then :
- enableval=$enable_fast_install; p=${PACKAGE-default}
- case $enableval in
- yes) enable_fast_install=yes ;;
- no) enable_fast_install=no ;;
- *)
- enable_fast_install=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_fast_install=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- enable_fast_install=yes
-fi
-
-
-
-
-
-
-
-
- shared_archive_member_spec=
-case $host,$enable_shared in
-power*-*-aix[5-9]*,yes)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5
-printf %s "checking which variant of shared library versioning to provide... " >&6; }
-
-@%:@ Check whether --with-aix-soname was given.
-if test ${with_aix_soname+y}
-then :
- withval=$with_aix_soname; case $withval in
- aix|svr4|both)
- ;;
- *)
- as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5
- ;;
- esac
- lt_cv_with_aix_soname=$with_aix_soname
-else $as_nop
- if test ${lt_cv_with_aix_soname+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_with_aix_soname=aix
-fi
-
- with_aix_soname=$lt_cv_with_aix_soname
-fi
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5
-printf "%s\n" "$with_aix_soname" >&6; }
- if test aix != "$with_aix_soname"; then
- # For the AIX way of multilib, we name the shared archive member
- # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
- # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
- # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
- # the AIX toolchain works better with OBJECT_MODE set (default 32).
- if test 64 = "${OBJECT_MODE-32}"; then
- shared_archive_member_spec=shr_64
- else
- shared_archive_member_spec=shr
- fi
- fi
- ;;
-*)
- with_aix_soname=aix
- ;;
-esac
-
-
-
-
-
-
-
-
-
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS=$ltmain
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-test -z "$LN_S" && LN_S="ln -s"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-if test -n "${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
-printf %s "checking for objdir... " >&6; }
-if test ${lt_cv_objdir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
- lt_cv_objdir=.libs
-else
- # MS-DOS does not allow filenames that begin with a dot.
- lt_cv_objdir=_libs
-fi
-rmdir .libs 2>/dev/null
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
-printf "%s\n" "$lt_cv_objdir" >&6; }
-objdir=$lt_cv_objdir
-
-
-
-
-
-printf "%s\n" "@%:@define LT_OBJDIR \"$lt_cv_objdir/\"" >>confdefs.h
-
-
-
-
-case $host_os in
-aix3*)
- # AIX sometimes has problems with the GCC collect2 program. For some
- # reason, if we set the COLLECT_NAMES environment variable, the problems
- # vanish in a puff of smoke.
- if test set != "${COLLECT_NAMES+set}"; then
- COLLECT_NAMES=
- export COLLECT_NAMES
- fi
- ;;
-esac
-
-# Global variables:
-ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-old_CC=$CC
-old_CFLAGS=$CFLAGS
-
-# Set sane defaults for various variables
-test -z "$CC" && CC=cc
-test -z "$LTCC" && LTCC=$CC
-test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
-test -z "$LD" && LD=ld
-test -z "$ac_objext" && ac_objext=o
-
-func_cc_basename $compiler
-cc_basename=$func_cc_basename_result
-
-
-# Only perform the check for file, if the check method requires it
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-case $deplibs_check_method in
-file_magic*)
- if test "$file_magic_cmd" = '$MAGIC_CMD'; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
-printf %s "checking for ${ac_tool_prefix}file... " >&6; }
-if test ${lt_cv_path_MAGIC_CMD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $MAGIC_CMD in
-[\\/*] | ?:[\\/]*)
- lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
- ;;
-*)
- lt_save_MAGIC_CMD=$MAGIC_CMD
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
- for ac_dir in $ac_dummy; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/${ac_tool_prefix}file"; then
- lt_cv_path_MAGIC_CMD=$ac_dir/"${ac_tool_prefix}file"
- if test -n "$file_magic_test_file"; then
- case $deplibs_check_method in
- "file_magic "*)
- file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD=$lt_cv_path_MAGIC_CMD
- if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
- $EGREP "$file_magic_regex" > /dev/null; then
- :
- else
- cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such. This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem. Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
- fi ;;
- esac
- fi
- break
- fi
- done
- IFS=$lt_save_ifs
- MAGIC_CMD=$lt_save_MAGIC_CMD
- ;;
-esac
-fi
-
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-printf "%s\n" "$MAGIC_CMD" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-
-
-
-if test -z "$lt_cv_path_MAGIC_CMD"; then
- if test -n "$ac_tool_prefix"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for file" >&5
-printf %s "checking for file... " >&6; }
-if test ${lt_cv_path_MAGIC_CMD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $MAGIC_CMD in
-[\\/*] | ?:[\\/]*)
- lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
- ;;
-*)
- lt_save_MAGIC_CMD=$MAGIC_CMD
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
- for ac_dir in $ac_dummy; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/file"; then
- lt_cv_path_MAGIC_CMD=$ac_dir/"file"
- if test -n "$file_magic_test_file"; then
- case $deplibs_check_method in
- "file_magic "*)
- file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD=$lt_cv_path_MAGIC_CMD
- if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
- $EGREP "$file_magic_regex" > /dev/null; then
- :
- else
- cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such. This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem. Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
- fi ;;
- esac
- fi
- break
- fi
- done
- IFS=$lt_save_ifs
- MAGIC_CMD=$lt_save_MAGIC_CMD
- ;;
-esac
-fi
-
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-printf "%s\n" "$MAGIC_CMD" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- else
- MAGIC_CMD=:
- fi
-fi
-
- fi
- ;;
-esac
-
-# Use C for the default configuration in the libtool script
-
-lt_save_CC=$CC
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-# Source file extension for C test sources.
-ac_ext=c
-
-# Object file extension for compiled C test sources.
-objext=o
-objext=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}'
-
-
-
-
-
-
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-# Save the default compiler, since it gets overwritten when the other
-# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
-compiler_DEFAULT=$CC
-
-# save warnings/boilerplate of simple test code
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$RM conftest*
-
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$RM -r conftest*
-
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-
-lt_prog_compiler_no_builtin_flag=
-
-if test yes = "$GCC"; then
- case $cc_basename in
- nvcc*)
- lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;;
- *)
- lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;;
- esac
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
-printf %s "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
-if test ${lt_cv_prog_compiler_rtti_exceptions+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_rtti_exceptions=no
- ac_outfile=conftest.$ac_objext
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="-fno-rtti -fno-exceptions" ## exclude from sc_useless_quotes_in_assignment
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- # The option is referenced via a variable to avoid confusing sed.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>conftest.err)
- ac_status=$?
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s "$ac_outfile"; then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings other than the usual output.
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_rtti_exceptions=yes
- fi
- fi
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
-printf "%s\n" "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
-
-if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then
- lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
-else
- :
-fi
-
-fi
-
-
-
-
-
-
- lt_prog_compiler_wl=
-lt_prog_compiler_pic=
-lt_prog_compiler_static=
-
-
- if test yes = "$GCC"; then
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_static='-static'
-
- case $host_os in
- aix*)
- # All AIX code is PIC.
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- lt_prog_compiler_static='-Bstatic'
- fi
- lt_prog_compiler_pic='-fPIC'
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- lt_prog_compiler_pic='-fPIC'
- ;;
- m68k)
- # FIXME: we need at least 68020 code to build shared libraries, but
- # adding the '-m68020' flag to GCC prevents building anything better,
- # like '-m68040'.
- lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
- ;;
- esac
- ;;
-
- beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
- # PIC is the default for these OSes.
- ;;
-
- mingw* | cygwin* | pw32* | os2* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- # Although the cygwin gcc ignores -fPIC, still need this for old-style
- # (--disable-auto-import) libraries
- lt_prog_compiler_pic='-DDLL_EXPORT'
- case $host_os in
- os2*)
- lt_prog_compiler_static='$wl-static'
- ;;
- esac
- ;;
-
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- lt_prog_compiler_pic='-fno-common'
- ;;
-
- haiku*)
- # PIC is the default for Haiku.
- # The "-static" flag exists, but is broken.
- lt_prog_compiler_static=
- ;;
-
- hpux*)
- # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
- # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
- # sets the default TLS model and affects inlining.
- case $host_cpu in
- hppa*64*)
- # +Z the default
- ;;
- *)
- lt_prog_compiler_pic='-fPIC'
- ;;
- esac
- ;;
-
- interix[3-9]*)
- # Interix 3.x gcc -fpic/-fPIC options generate broken code.
- # Instead, we relocate shared libraries at runtime.
- ;;
-
- msdosdjgpp*)
- # Just because we use GCC doesn't mean we suddenly get shared libraries
- # on systems that don't support them.
- lt_prog_compiler_can_build_shared=no
- enable_shared=no
- ;;
-
- *nto* | *qnx*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- lt_prog_compiler_pic='-fPIC -shared'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- lt_prog_compiler_pic=-Kconform_pic
- fi
- ;;
-
- *)
- lt_prog_compiler_pic='-fPIC'
- ;;
- esac
-
- case $cc_basename in
- nvcc*) # Cuda Compiler Driver 2.2
- lt_prog_compiler_wl='-Xlinker '
- if test -n "$lt_prog_compiler_pic"; then
- lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic"
- fi
- ;;
- esac
- else
- # PORTME Check for flag to pass linker flags through the system compiler.
- case $host_os in
- aix*)
- lt_prog_compiler_wl='-Wl,'
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- lt_prog_compiler_static='-Bstatic'
- else
- lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
- fi
- ;;
-
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- lt_prog_compiler_pic='-fno-common'
- case $cc_basename in
- nagfor*)
- # NAG Fortran compiler
- lt_prog_compiler_wl='-Wl,-Wl,,'
- lt_prog_compiler_pic='-PIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
- esac
- ;;
-
- mingw* | cygwin* | pw32* | os2* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- lt_prog_compiler_pic='-DDLL_EXPORT'
- case $host_os in
- os2*)
- lt_prog_compiler_static='$wl-static'
- ;;
- esac
- ;;
-
- hpux9* | hpux10* | hpux11*)
- lt_prog_compiler_wl='-Wl,'
- # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
- # not for PA HP-UX.
- case $host_cpu in
- hppa*64*|ia64*)
- # +Z the default
- ;;
- *)
- lt_prog_compiler_pic='+Z'
- ;;
- esac
- # Is there a better lt_prog_compiler_static that works with the bundled CC?
- lt_prog_compiler_static='$wl-a ${wl}archive'
- ;;
-
- irix5* | irix6* | nonstopux*)
- lt_prog_compiler_wl='-Wl,'
- # PIC (with -KPIC) is the default.
- lt_prog_compiler_static='-non_shared'
- ;;
-
- linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- case $cc_basename in
- # old Intel for x86_64, which still supported -KPIC.
- ecc*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-static'
- ;;
- # flang / f18. f95 an alias for gfortran or flang on Debian
- flang* | f18* | f95*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- # icc used to be incompatible with GCC.
- # ICC 10 doesn't accept -KPIC any more.
- icc* | ifort*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- # Lahey Fortran 8.1.
- lf95*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='--shared'
- lt_prog_compiler_static='--static'
- ;;
- nagfor*)
- # NAG Fortran compiler
- lt_prog_compiler_wl='-Wl,-Wl,,'
- lt_prog_compiler_pic='-PIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
- tcc*)
- # Fabrice Bellard et al's Tiny C Compiler
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
- # Portland Group compilers (*not* the Pentium gcc compiler,
- # which looks to be a dead project)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fpic'
- lt_prog_compiler_static='-Bstatic'
- ;;
- ccc*)
- lt_prog_compiler_wl='-Wl,'
- # All Alpha code is PIC.
- lt_prog_compiler_static='-non_shared'
- ;;
- xl* | bgxl* | bgf* | mpixl*)
- # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-qpic'
- lt_prog_compiler_static='-qstaticlink'
- ;;
- *)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*)
- # Sun Fortran 8.3 passes all unrecognized flags to the linker
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl=''
- ;;
- *Sun\ F* | *Sun*Fortran*)
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl='-Qoption ld '
- ;;
- *Sun\ C*)
- # Sun C 5.9
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl='-Wl,'
- ;;
- *Intel*\ [CF]*Compiler*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- *Portland\ Group*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fpic'
- lt_prog_compiler_static='-Bstatic'
- ;;
- esac
- ;;
- esac
- ;;
-
- newsos6)
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- *nto* | *qnx*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- lt_prog_compiler_pic='-fPIC -shared'
- ;;
-
- osf3* | osf4* | osf5*)
- lt_prog_compiler_wl='-Wl,'
- # All OSF/1 code is PIC.
- lt_prog_compiler_static='-non_shared'
- ;;
-
- rdos*)
- lt_prog_compiler_static='-non_shared'
- ;;
-
- solaris*)
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- case $cc_basename in
- f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
- lt_prog_compiler_wl='-Qoption ld ';;
- *)
- lt_prog_compiler_wl='-Wl,';;
- esac
- ;;
-
- sunos4*)
- lt_prog_compiler_wl='-Qoption ld '
- lt_prog_compiler_pic='-PIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- sysv4 | sysv4.2uw2* | sysv4.3*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- lt_prog_compiler_pic='-Kconform_pic'
- lt_prog_compiler_static='-Bstatic'
- fi
- ;;
-
- sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- unicos*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_can_build_shared=no
- ;;
-
- uts4*)
- lt_prog_compiler_pic='-pic'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- *)
- lt_prog_compiler_can_build_shared=no
- ;;
- esac
- fi
-
-case $host_os in
- # For platforms that do not support PIC, -DPIC is meaningless:
- *djgpp*)
- lt_prog_compiler_pic=
- ;;
- *)
- lt_prog_compiler_pic="$lt_prog_compiler_pic@&t@ -DPIC"
- ;;
-esac
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
-printf %s "checking for $compiler option to produce PIC... " >&6; }
-if test ${lt_cv_prog_compiler_pic+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_pic=$lt_prog_compiler_pic
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5
-printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; }
-lt_prog_compiler_pic=$lt_cv_prog_compiler_pic
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$lt_prog_compiler_pic"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
-printf %s "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
-if test ${lt_cv_prog_compiler_pic_works+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_pic_works=no
- ac_outfile=conftest.$ac_objext
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="$lt_prog_compiler_pic@&t@ -DPIC" ## exclude from sc_useless_quotes_in_assignment
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- # The option is referenced via a variable to avoid confusing sed.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>conftest.err)
- ac_status=$?
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s "$ac_outfile"; then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings other than the usual output.
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_pic_works=yes
- fi
- fi
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
-printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; }
-
-if test yes = "$lt_cv_prog_compiler_pic_works"; then
- case $lt_prog_compiler_pic in
- "" | " "*) ;;
- *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
- esac
-else
- lt_prog_compiler_pic=
- lt_prog_compiler_can_build_shared=no
-fi
-
-fi
-
-
-
-
-
-
-
-
-
-
-
-#
-# Check to make sure the static flag actually works.
-#
-wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
-printf %s "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
-if test ${lt_cv_prog_compiler_static_works+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_static_works=no
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
- echo "$lt_simple_link_test_code" > conftest.$ac_ext
- if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
- # The linker can only warn and ignore the option if not recognized
- # So say no if there are warnings
- if test -s conftest.err; then
- # Append any errors to the config.log.
- cat conftest.err 1>&5
- $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_static_works=yes
- fi
- else
- lt_cv_prog_compiler_static_works=yes
- fi
- fi
- $RM -r conftest*
- LDFLAGS=$save_LDFLAGS
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
-printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; }
-
-if test yes = "$lt_cv_prog_compiler_static_works"; then
- :
-else
- lt_prog_compiler_static=
-fi
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if test ${lt_cv_prog_compiler_c_o+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_c_o=no
- $RM -r conftest 2>/dev/null
- mkdir conftest
- cd conftest
- mkdir out
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- lt_compiler_flag="-o out/conftest2.$ac_objext"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>out/conftest.err)
- ac_status=$?
- cat out/conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s out/conftest2.$ac_objext
- then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
- $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
- if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_c_o=yes
- fi
- fi
- chmod u+w . 2>&5
- $RM conftest*
- # SGI C++ compiler will create directory out/ii_files/ for
- # template instantiation
- test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
- $RM out/* && rmdir out
- cd ..
- $RM -r conftest
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if test ${lt_cv_prog_compiler_c_o+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_c_o=no
- $RM -r conftest 2>/dev/null
- mkdir conftest
- cd conftest
- mkdir out
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- lt_compiler_flag="-o out/conftest2.$ac_objext"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>out/conftest.err)
- ac_status=$?
- cat out/conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s out/conftest2.$ac_objext
- then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
- $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
- if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_c_o=yes
- fi
- fi
- chmod u+w . 2>&5
- $RM conftest*
- # SGI C++ compiler will create directory out/ii_files/ for
- # template instantiation
- test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
- $RM out/* && rmdir out
- cd ..
- $RM -r conftest
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
-
-
-
-
-hard_links=nottested
-if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then
- # do not overwrite the value of need_locks provided by the user
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
-printf %s "checking if we can lock with hard links... " >&6; }
- hard_links=yes
- $RM conftest*
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- touch conftest.a
- ln conftest.a conftest.b 2>&5 || hard_links=no
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
-printf "%s\n" "$hard_links" >&6; }
- if test no = "$hard_links"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5
-printf "%s\n" "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;}
- need_locks=warn
- fi
-else
- need_locks=no
-fi
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-printf %s "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
-
- runpath_var=
- allow_undefined_flag=
- always_export_symbols=no
- archive_cmds=
- archive_expsym_cmds=
- compiler_needs_object=no
- enable_shared_with_static_runtimes=no
- export_dynamic_flag_spec=
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
- hardcode_automatic=no
- hardcode_direct=no
- hardcode_direct_absolute=no
- hardcode_libdir_flag_spec=
- hardcode_libdir_separator=
- hardcode_minus_L=no
- hardcode_shlibpath_var=unsupported
- inherit_rpath=no
- link_all_deplibs=unknown
- module_cmds=
- module_expsym_cmds=
- old_archive_from_new_cmds=
- old_archive_from_expsyms_cmds=
- thread_safe_flag_spec=
- whole_archive_flag_spec=
- # include_expsyms should be a list of space-separated symbols to be *always*
- # included in the symbol list
- include_expsyms=
- # exclude_expsyms can be an extended regexp of symbols to exclude
- # it will be wrapped by ' (' and ')$', so one must not match beginning or
- # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
- # as well as any symbol that contains 'd'.
- exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
- # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
- # platforms (ab)use it in PIC code, but their linkers get confused if
- # the symbol is explicitly referenced. Since portable code cannot
- # rely on this symbol name, it's probably fine to never include it in
- # preloaded symbol tables.
- # Exclude shared library initialization/finalization symbols.
- extract_expsyms_cmds=
-
- case $host_os in
- cygwin* | mingw* | pw32* | cegcc*)
- # FIXME: the MSVC++ port hasn't been tested in a loooong time
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- if test yes != "$GCC"; then
- with_gnu_ld=no
- fi
- ;;
- interix*)
- # we just hope/assume this is gcc and not c89 (= MSVC++)
- with_gnu_ld=yes
- ;;
- openbsd* | bitrig*)
- with_gnu_ld=no
- ;;
- linux* | k*bsd*-gnu | gnu*)
- link_all_deplibs=no
- ;;
- esac
-
- ld_shlibs=yes
-
- # On some targets, GNU ld is compatible enough with the native linker
- # that we're better off using the native interface for both.
- lt_use_gnu_ld_interface=no
- if test yes = "$with_gnu_ld"; then
- case $host_os in
- aix*)
- # The AIX port of GNU ld has always aspired to compatibility
- # with the native linker. However, as the warning in the GNU ld
- # block says, versions before 2.19.5* couldn't really create working
- # shared libraries, regardless of the interface used.
- case `$LD -v 2>&1` in
- *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
- *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;;
- *\ \(GNU\ Binutils\)\ [3-9]*) ;;
- *)
- lt_use_gnu_ld_interface=yes
- ;;
- esac
- ;;
- *)
- lt_use_gnu_ld_interface=yes
- ;;
- esac
- fi
-
- if test yes = "$lt_use_gnu_ld_interface"; then
- # If archive_cmds runs LD, not CC, wlarc should be empty
- wlarc='$wl'
-
- # Set some defaults for GNU ld with shared library support. These
- # are reset later if shared libraries are not supported. Putting them
- # here allows them to be overridden if necessary.
- runpath_var=LD_RUN_PATH
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- export_dynamic_flag_spec='$wl--export-dynamic'
- # ancient GNU ld didn't support --whole-archive et. al.
- if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
- whole_archive_flag_spec=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
- else
- whole_archive_flag_spec=
- fi
- supports_anon_versioning=no
- case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in
- *GNU\ gold*) supports_anon_versioning=yes ;;
- *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
- *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
- *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
- *\ 2.11.*) ;; # other 2.11 versions
- *) supports_anon_versioning=yes ;;
- esac
-
- # See if GNU ld supports shared libraries.
- case $host_os in
- aix[3-9]*)
- # On AIX/PPC, the GNU linker is very broken
- if test ia64 != "$host_cpu"; then
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.19, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support. If you
-*** really care for shared libraries, you may want to install binutils
-*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
-*** You will then need to restart the configuration process.
-
-_LT_EOF
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds=''
- ;;
- m68k)
- archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- ;;
- esac
- ;;
-
- beos*)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- allow_undefined_flag=unsupported
- # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
- # support --undefined. This deserves some investigation. FIXME
- archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
- # as there is no search path for DLLs.
- hardcode_libdir_flag_spec='-L$libdir'
- export_dynamic_flag_spec='$wl--export-all-symbols'
- allow_undefined_flag=unsupported
- always_export_symbols=no
- enable_shared_with_static_runtimes=yes
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols'
- exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'
-
- if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- # If the export-symbols file already is a .def file, use it as
- # is; otherwise, prepend EXPORTS...
- archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then
- cp $export_symbols $output_objdir/$soname.def;
- else
- echo EXPORTS > $output_objdir/$soname.def;
- cat $export_symbols >> $output_objdir/$soname.def;
- fi~
- $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- haiku*)
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- link_all_deplibs=yes
- ;;
-
- os2*)
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- allow_undefined_flag=unsupported
- shrext_cmds=.dll
- archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- prefix_cmds="$SED"~
- if test EXPORTS = "`$SED 1q $export_symbols`"; then
- prefix_cmds="$prefix_cmds -e 1d";
- fi~
- prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
- cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
- enable_shared_with_static_runtimes=yes
- ;;
-
- interix[3-9]*)
- hardcode_direct=no
- hardcode_shlibpath_var=no
- hardcode_libdir_flag_spec='$wl-rpath,$libdir'
- export_dynamic_flag_spec='$wl-E'
- # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
- # Instead, shared libraries are loaded at an image base (0x10000000 by
- # default) and relocated if they conflict, which is a slow very memory
- # consuming and fragmenting process. To avoid this, we pick a random,
- # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
- # time. Moving up from 0x10000000 also allows more sbrk(2) space.
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- ;;
-
- gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
- tmp_diet=no
- if test linux-dietlibc = "$host_os"; then
- case $cc_basename in
- diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
- esac
- fi
- if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
- && test no = "$tmp_diet"
- then
- tmp_addflag=' $pic_flag'
- tmp_sharedflag='-shared'
- case $cc_basename,$host_cpu in
- pgcc*) # Portland Group C compiler
- whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- tmp_addflag=' $pic_flag'
- ;;
- pgf77* | pgf90* | pgf95* | pgfortran*)
- # Portland Group f77 and f90 compilers
- whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- tmp_addflag=' $pic_flag -Mnomain' ;;
- ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
- tmp_addflag=' -i_dynamic' ;;
- efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
- tmp_addflag=' -i_dynamic -nofor_main' ;;
- ifc* | ifort*) # Intel Fortran compiler
- tmp_addflag=' -nofor_main' ;;
- lf95*) # Lahey Fortran 8.1
- whole_archive_flag_spec=
- tmp_sharedflag='--shared' ;;
- nagfor*) # NAGFOR 5.3
- tmp_sharedflag='-Wl,-shared' ;;
- xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below)
- tmp_sharedflag='-qmkshrobj'
- tmp_addflag= ;;
- nvcc*) # Cuda Compiler Driver 2.2
- whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- compiler_needs_object=yes
- ;;
- esac
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*) # Sun C 5.9
- whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- compiler_needs_object=yes
- tmp_sharedflag='-G' ;;
- *Sun\ F*) # Sun Fortran 8.3
- tmp_sharedflag='-G' ;;
- esac
- archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-
- if test yes = "$supports_anon_versioning"; then
- archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
- fi
-
- case $cc_basename in
- tcc*)
- export_dynamic_flag_spec='-rdynamic'
- ;;
- xlf* | bgf* | bgxlf* | mpixlf*)
- # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
- whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
- if test yes = "$supports_anon_versioning"; then
- archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
- fi
- ;;
- esac
- else
- ld_shlibs=no
- fi
- ;;
-
- netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
- wlarc=
- else
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- fi
- ;;
-
- solaris*)
- if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems. Therefore, libtool
-*** is disabling shared libraries support. We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer. Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
- elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
- case `$LD -v 2>&1` in
- *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
-*** reliably create shared libraries on SCO systems. Therefore, libtool
-*** is disabling shared libraries support. We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
- ;;
- *)
- # For security reasons, it is highly recommended that you always
- # use absolute paths for naming shared libraries, and exclude the
- # DT_RUNPATH tag from executables and libraries. But doing so
- # requires that you compile everything twice, which is a pain.
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
- esac
- ;;
-
- sunos4*)
- archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- wlarc=
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- *)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
- esac
-
- if test no = "$ld_shlibs"; then
- runpath_var=
- hardcode_libdir_flag_spec=
- export_dynamic_flag_spec=
- whole_archive_flag_spec=
- fi
- else
- # PORTME fill in a description of your system's linker (not GNU ld)
- case $host_os in
- aix3*)
- allow_undefined_flag=unsupported
- always_export_symbols=yes
- archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
- # Note: this linker hardcodes the directories in LIBPATH if there
- # are no directories specified by -L.
- hardcode_minus_L=yes
- if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
- # Neither direct hardcoding nor static linking is supported with a
- # broken collect2.
- hardcode_direct=unsupported
- fi
- ;;
-
- aix[4-9]*)
- if test ia64 = "$host_cpu"; then
- # On IA64, the linker does run time linking by default, so we don't
- # have to do anything special.
- aix_use_runtimelinking=no
- exp_sym_flag='-Bexport'
- no_entry_flag=
- else
- # If we're using GNU nm, then we don't want the "-C" option.
- # -C means demangle to GNU nm, but means don't demangle to AIX nm.
- # Without the "-l" option, or with the "-B" option, AIX nm treats
- # weak defined symbols like other global defined symbols, whereas
- # GNU nm marks them as "W".
- # While the 'weak' keyword is ignored in the Export File, we need
- # it in the Import File for the 'aix-soname' feature, so we have
- # to replace the "-B" option with "-P" for AIX nm.
- if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
- export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
- else
- export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
- fi
- aix_use_runtimelinking=no
-
- # Test if we are trying to use run time linking or normal
- # AIX style linking. If -brtl is somewhere in LDFLAGS, we
- # have runtime linking enabled, and use it for executables.
- # For shared libraries, we enable/disable runtime linking
- # depending on the kind of the shared library created -
- # when "with_aix_soname,aix_use_runtimelinking" is:
- # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables
- # "aix,yes" lib.so shared, rtl:yes, for executables
- # lib.a static archive
- # "both,no" lib.so.V(shr.o) shared, rtl:yes
- # lib.a(lib.so.V) shared, rtl:no, for executables
- # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a(lib.so.V) shared, rtl:no
- # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a static archive
- case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
- for ld_flag in $LDFLAGS; do
- if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
- aix_use_runtimelinking=yes
- break
- fi
- done
- if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
- # With aix-soname=svr4, we create the lib.so.V shared archives only,
- # so we don't have lib.a shared libs to link our executables.
- # We have to force runtime linking in this case.
- aix_use_runtimelinking=yes
- LDFLAGS="$LDFLAGS -Wl,-brtl"
- fi
- ;;
- esac
-
- exp_sym_flag='-bexport'
- no_entry_flag='-bnoentry'
- fi
-
- # When large executables or shared objects are built, AIX ld can
- # have problems creating the table of contents. If linking a library
- # or program results in "error TOC overflow" add -mminimal-toc to
- # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
- # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
- archive_cmds=''
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- hardcode_libdir_separator=':'
- link_all_deplibs=yes
- file_list_spec='$wl-f,'
- case $with_aix_soname,$aix_use_runtimelinking in
- aix,*) ;; # traditional, no import file
- svr4,* | *,yes) # use import file
- # The Import File defines what to hardcode.
- hardcode_direct=no
- hardcode_direct_absolute=no
- ;;
- esac
-
- if test yes = "$GCC"; then
- case $host_os in aix4.[012]|aix4.[012].*)
- # We only want to do this on AIX 4.2 and lower, the check
- # below for broken collect2 doesn't work under 4.3+
- collect2name=`$CC -print-prog-name=collect2`
- if test -f "$collect2name" &&
- strings "$collect2name" | $GREP resolve_lib_name >/dev/null
- then
- # We have reworked collect2
- :
- else
- # We have old collect2
- hardcode_direct=unsupported
- # It fails to find uninstalled libraries when the uninstalled
- # path is not listed in the libpath. Setting hardcode_minus_L
- # to unsupported forces relinking
- hardcode_minus_L=yes
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_libdir_separator=
- fi
- ;;
- esac
- shared_flag='-shared'
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag="$shared_flag "'$wl-G'
- fi
- # Need to ensure runtime linking is disabled for the traditional
- # shared library, or the linker may eventually find shared libraries
- # /with/ Import File - we do not want to mix them.
- shared_flag_aix='-shared'
- shared_flag_svr4='-shared $wl-G'
- else
- # not using gcc
- if test ia64 = "$host_cpu"; then
- # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
- # chokes on -Wl,-G. The following line is correct:
- shared_flag='-G'
- else
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag='$wl-G'
- else
- shared_flag='$wl-bM:SRE'
- fi
- shared_flag_aix='$wl-bM:SRE'
- shared_flag_svr4='$wl-G'
- fi
- fi
-
- export_dynamic_flag_spec='$wl-bexpall'
- # It seems that -bexpall does not export symbols beginning with
- # underscore (_), so it is better to generate a list of symbols to export.
- always_export_symbols=yes
- if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
- # Warning - without using the other runtime loading flags (-brtl),
- # -berok will link without error, but may produce a broken library.
- allow_undefined_flag='-berok'
- # Determine the default libpath from the value encoded in an
- # empty executable.
- if test set = "${lt_cv_aix_libpath+set}"; then
- aix_libpath=$lt_cv_aix_libpath
-else
- if test ${lt_cv_aix_libpath_+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
- lt_aix_libpath_sed='
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\([^ ]*\) *$/\1/
- p
- }
- }'
- lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- # Check for a 64-bit object if we didn't find anything.
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- fi
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=/usr/lib:/lib
- fi
-
-fi
-
- aix_libpath=$lt_cv_aix_libpath_
-fi
-
- hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath"
- archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
- else
- if test ia64 = "$host_cpu"; then
- hardcode_libdir_flag_spec='$wl-R $libdir:/usr/lib:/lib'
- allow_undefined_flag="-z nodefs"
- archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
- else
- # Determine the default libpath from the value encoded in an
- # empty executable.
- if test set = "${lt_cv_aix_libpath+set}"; then
- aix_libpath=$lt_cv_aix_libpath
-else
- if test ${lt_cv_aix_libpath_+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
- lt_aix_libpath_sed='
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\([^ ]*\) *$/\1/
- p
- }
- }'
- lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- # Check for a 64-bit object if we didn't find anything.
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- fi
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=/usr/lib:/lib
- fi
-
-fi
-
- aix_libpath=$lt_cv_aix_libpath_
-fi
-
- hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath"
- # Warning - without using the other run time loading flags,
- # -berok will link without error, but may produce a broken library.
- no_undefined_flag=' $wl-bernotok'
- allow_undefined_flag=' $wl-berok'
- if test yes = "$with_gnu_ld"; then
- # We only use this code for GNU lds that support --whole-archive.
- whole_archive_flag_spec='$wl--whole-archive$convenience $wl--no-whole-archive'
- else
- # Exported symbols can be pulled into shared objects from archives
- whole_archive_flag_spec='$convenience'
- fi
- archive_cmds_need_lc=yes
- archive_expsym_cmds='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
- # -brtl affects multiple linker settings, -berok does not and is overridden later
- compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`'
- if test svr4 != "$with_aix_soname"; then
- # This is similar to how AIX traditionally builds its shared libraries.
- archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
- fi
- if test aix != "$with_aix_soname"; then
- archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
- else
- # used by -dlpreopen to get the symbols
- archive_expsym_cmds="$archive_expsym_cmds"'~$MV $output_objdir/$realname.d/$soname $output_objdir'
- fi
- archive_expsym_cmds="$archive_expsym_cmds"'~$RM -r $output_objdir/$realname.d'
- fi
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds=''
- ;;
- m68k)
- archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- ;;
- esac
- ;;
-
- bsdi[45]*)
- export_dynamic_flag_spec=-rdynamic
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- # hardcode_libdir_flag_spec is actually meaningless, as there is
- # no search path for DLLs.
- case $cc_basename in
- cl*)
- # Native MSVC
- hardcode_libdir_flag_spec=' '
- allow_undefined_flag=unsupported
- always_export_symbols=yes
- file_list_spec='@'
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=.dll
- # FIXME: Setting linknames here is a bad hack.
- archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
- archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then
- cp "$export_symbols" "$output_objdir/$soname.def";
- echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
- else
- $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
- fi~
- $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
- linknames='
- # The linker will not automatically build a static lib if we build a DLL.
- # _LT_TAGVAR(old_archive_from_new_cmds, )='true'
- enable_shared_with_static_runtimes=yes
- exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
- # Don't use ranlib
- old_postinstall_cmds='chmod 644 $oldlib'
- postlink_cmds='lt_outputfile="@OUTPUT@"~
- lt_tool_outputfile="@TOOL_OUTPUT@"~
- case $lt_outputfile in
- *.exe|*.EXE) ;;
- *)
- lt_outputfile=$lt_outputfile.exe
- lt_tool_outputfile=$lt_tool_outputfile.exe
- ;;
- esac~
- if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
- $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
- $RM "$lt_outputfile.manifest";
- fi'
- ;;
- *)
- # Assume MSVC wrapper
- hardcode_libdir_flag_spec=' '
- allow_undefined_flag=unsupported
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=.dll
- # FIXME: Setting linknames here is a bad hack.
- archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
- # The linker will automatically build a .lib file if we build a DLL.
- old_archive_from_new_cmds='true'
- # FIXME: Should let the user specify the lib program.
- old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs'
- enable_shared_with_static_runtimes=yes
- ;;
- esac
- ;;
-
- darwin* | rhapsody*)
-
-
- archive_cmds_need_lc=no
- hardcode_direct=no
- hardcode_automatic=yes
- hardcode_shlibpath_var=unsupported
- if test yes = "$lt_cv_ld_force_load"; then
- whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
-
- else
- whole_archive_flag_spec=''
- fi
- link_all_deplibs=yes
- allow_undefined_flag=$_lt_dar_allow_undefined
- case $cc_basename in
- ifort*|nagfor*) _lt_dar_can_shared=yes ;;
- *) _lt_dar_can_shared=$GCC ;;
- esac
- if test yes = "$_lt_dar_can_shared"; then
- output_verbose_link_cmd=func_echo_all
- archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
- module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
- archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
- module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
-
- else
- ld_shlibs=no
- fi
-
- ;;
-
- dgux*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_shlibpath_var=no
- ;;
-
- # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
- # support. Future versions do this automatically, but an explicit c++rt0.o
- # does not break anything, and helps significantly (at the cost of a little
- # extra space).
- freebsd2.2*)
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- # Unfortunately, older versions of FreeBSD 2 do not have this feature.
- freebsd2.*)
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes
- hardcode_minus_L=yes
- hardcode_shlibpath_var=no
- ;;
-
- # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
- freebsd* | dragonfly*)
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- hpux9*)
- if test yes = "$GCC"; then
- archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- else
- archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- fi
- hardcode_libdir_flag_spec='$wl+b $wl$libdir'
- hardcode_libdir_separator=:
- hardcode_direct=yes
-
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- export_dynamic_flag_spec='$wl-E'
- ;;
-
- hpux10*)
- if test yes,no = "$GCC,$with_gnu_ld"; then
- archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
- fi
- if test no = "$with_gnu_ld"; then
- hardcode_libdir_flag_spec='$wl+b $wl$libdir'
- hardcode_libdir_separator=:
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- export_dynamic_flag_spec='$wl-E'
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- fi
- ;;
-
- hpux11*)
- if test yes,no = "$GCC,$with_gnu_ld"; then
- case $host_cpu in
- hppa*64*)
- archive_cmds='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- ia64*)
- archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
- archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- else
- case $host_cpu in
- hppa*64*)
- archive_cmds='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- ia64*)
- archive_cmds='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
-
- # Older versions of the 11.00 compiler do not understand -b yet
- # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5
-printf %s "checking if $CC understands -b... " >&6; }
-if test ${lt_cv_prog_compiler__b+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler__b=no
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS -b"
- echo "$lt_simple_link_test_code" > conftest.$ac_ext
- if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
- # The linker can only warn and ignore the option if not recognized
- # So say no if there are warnings
- if test -s conftest.err; then
- # Append any errors to the config.log.
- cat conftest.err 1>&5
- $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler__b=yes
- fi
- else
- lt_cv_prog_compiler__b=yes
- fi
- fi
- $RM -r conftest*
- LDFLAGS=$save_LDFLAGS
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5
-printf "%s\n" "$lt_cv_prog_compiler__b" >&6; }
-
-if test yes = "$lt_cv_prog_compiler__b"; then
- archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-else
- archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
-fi
-
- ;;
- esac
- fi
- if test no = "$with_gnu_ld"; then
- hardcode_libdir_flag_spec='$wl+b $wl$libdir'
- hardcode_libdir_separator=:
-
- case $host_cpu in
- hppa*64*|ia64*)
- hardcode_direct=no
- hardcode_shlibpath_var=no
- ;;
- *)
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- export_dynamic_flag_spec='$wl-E'
-
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- ;;
- esac
- fi
- ;;
-
- irix5* | irix6* | nonstopux*)
- if test yes = "$GCC"; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- # Try to use the -exported_symbol ld option, if it does not
- # work, assume that -exports_file does not work either and
- # implicitly export all symbols.
- # This should be the same for all languages, so no per-tag cache variable.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5
-printf %s "checking whether the $host_os linker accepts -exported_symbol... " >&6; }
-if test ${lt_cv_irix_exported_symbol+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-int foo (void) { return 0; }
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- lt_cv_irix_exported_symbol=yes
-else $as_nop
- lt_cv_irix_exported_symbol=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5
-printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
- if test yes = "$lt_cv_irix_exported_symbol"; then
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
- fi
- link_all_deplibs=no
- else
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- hardcode_libdir_separator=:
- inherit_rpath=yes
- link_all_deplibs=yes
- ;;
-
- linux*)
- case $cc_basename in
- tcc*)
- # Fabrice Bellard et al's Tiny C Compiler
- ld_shlibs=yes
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- ;;
-
- netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
- else
- archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
- fi
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- newsos6)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- hardcode_libdir_separator=:
- hardcode_shlibpath_var=no
- ;;
-
- *nto* | *qnx*)
- ;;
-
- openbsd* | bitrig*)
- if test -f /usr/libexec/ld.so; then
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- hardcode_direct_absolute=yes
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
- hardcode_libdir_flag_spec='$wl-rpath,$libdir'
- export_dynamic_flag_spec='$wl-E'
- else
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- hardcode_libdir_flag_spec='$wl-rpath,$libdir'
- fi
- else
- ld_shlibs=no
- fi
- ;;
-
- os2*)
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- allow_undefined_flag=unsupported
- shrext_cmds=.dll
- archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- prefix_cmds="$SED"~
- if test EXPORTS = "`$SED 1q $export_symbols`"; then
- prefix_cmds="$prefix_cmds -e 1d";
- fi~
- prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
- cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
- enable_shared_with_static_runtimes=yes
- ;;
-
- osf3*)
- if test yes = "$GCC"; then
- allow_undefined_flag=' $wl-expect_unresolved $wl\*'
- archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- else
- allow_undefined_flag=' -expect_unresolved \*'
- archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- hardcode_libdir_separator=:
- ;;
-
- osf4* | osf5*) # as osf3* with the addition of -msym flag
- if test yes = "$GCC"; then
- allow_undefined_flag=' $wl-expect_unresolved $wl\*'
- archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- else
- allow_undefined_flag=' -expect_unresolved \*'
- archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
- $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
-
- # Both c and cxx compiler support -rpath directly
- hardcode_libdir_flag_spec='-rpath $libdir'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_separator=:
- ;;
-
- solaris*)
- no_undefined_flag=' -z defs'
- if test yes = "$GCC"; then
- wlarc='$wl'
- archive_cmds='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
- else
- case `$CC -V 2>&1` in
- *"Compilers 5.0"*)
- wlarc=''
- archive_cmds='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
- ;;
- *)
- wlarc='$wl'
- archive_cmds='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
- ;;
- esac
- fi
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_shlibpath_var=no
- case $host_os in
- solaris2.[0-5] | solaris2.[0-5].*) ;;
- *)
- # The compiler driver will combine and reorder linker options,
- # but understands '-z linker_flag'. GCC discards it without '$wl',
- # but is careful enough not to reorder.
- # Supported since Solaris 2.6 (maybe 2.5.1?)
- if test yes = "$GCC"; then
- whole_archive_flag_spec='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
- else
- whole_archive_flag_spec='-z allextract$convenience -z defaultextract'
- fi
- ;;
- esac
- link_all_deplibs=yes
- ;;
-
- sunos4*)
- if test sequent = "$host_vendor"; then
- # Use $CC to link under sequent, because it throws in some extra .o
- # files that make .init and .fini sections work.
- archive_cmds='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
- fi
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_direct=yes
- hardcode_minus_L=yes
- hardcode_shlibpath_var=no
- ;;
-
- sysv4)
- case $host_vendor in
- sni)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes # is this really true???
- ;;
- siemens)
- ## LD is ld it makes a PLAMLIB
- ## CC just makes a GrossModule.
- archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
- reload_cmds='$CC -r -o $output$reload_objs'
- hardcode_direct=no
- ;;
- motorola)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=no #Motorola manual says yes, but my tests say they lie
- ;;
- esac
- runpath_var='LD_RUN_PATH'
- hardcode_shlibpath_var=no
- ;;
-
- sysv4.3*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_shlibpath_var=no
- export_dynamic_flag_spec='-Bexport'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_shlibpath_var=no
- runpath_var=LD_RUN_PATH
- hardcode_runpath_var=yes
- ld_shlibs=yes
- fi
- ;;
-
- sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
- no_undefined_flag='$wl-z,text'
- archive_cmds_need_lc=no
- hardcode_shlibpath_var=no
- runpath_var='LD_RUN_PATH'
-
- if test yes = "$GCC"; then
- archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- fi
- ;;
-
- sysv5* | sco3.2v5* | sco5v6*)
- # Note: We CANNOT use -z defs as we might desire, because we do not
- # link with -lc, and that would cause any symbols used from libc to
- # always be unresolved, which means just about no library would
- # ever link correctly. If we're not using GNU ld we use -z text
- # though, which does catch some bad symbols but isn't as heavy-handed
- # as -z defs.
- no_undefined_flag='$wl-z,text'
- allow_undefined_flag='$wl-z,nodefs'
- archive_cmds_need_lc=no
- hardcode_shlibpath_var=no
- hardcode_libdir_flag_spec='$wl-R,$libdir'
- hardcode_libdir_separator=':'
- link_all_deplibs=yes
- export_dynamic_flag_spec='$wl-Bexport'
- runpath_var='LD_RUN_PATH'
-
- if test yes = "$GCC"; then
- archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- fi
- ;;
-
- uts4*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_shlibpath_var=no
- ;;
-
- *)
- ld_shlibs=no
- ;;
- esac
-
- if test sni = "$host_vendor"; then
- case $host in
- sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
- export_dynamic_flag_spec='$wl-Blargedynsym'
- ;;
- esac
- fi
- fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
-printf "%s\n" "$ld_shlibs" >&6; }
-test no = "$ld_shlibs" && can_build_shared=no
-
-with_gnu_ld=$with_gnu_ld
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$archive_cmds_need_lc" in
-x|xyes)
- # Assume -lc should be added
- archive_cmds_need_lc=yes
-
- if test yes,yes = "$GCC,$enable_shared"; then
- case $archive_cmds in
- *'~'*)
- # FIXME: we may have to deal with multi-command sequences.
- ;;
- '$CC '*)
- # Test whether the compiler implicitly links with -lc since on some
- # systems, -lgcc has to come before -lc. If gcc already passes -lc
- # to ld, don't add -lc before -lgcc.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
-printf %s "checking whether -lc should be explicitly linked in... " >&6; }
-if test ${lt_cv_archive_cmds_need_lc+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- $RM conftest*
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } 2>conftest.err; then
- soname=conftest
- lib=conftest
- libobjs=conftest.$ac_objext
- deplibs=
- wl=$lt_prog_compiler_wl
- pic_flag=$lt_prog_compiler_pic
- compiler_flags=-v
- linker_flags=-v
- verstring=
- output_objdir=.
- libname=conftest
- lt_save_allow_undefined_flag=$allow_undefined_flag
- allow_undefined_flag=
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
- (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- then
- lt_cv_archive_cmds_need_lc=no
- else
- lt_cv_archive_cmds_need_lc=yes
- fi
- allow_undefined_flag=$lt_save_allow_undefined_flag
- else
- cat conftest.err 1>&5
- fi
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5
-printf "%s\n" "$lt_cv_archive_cmds_need_lc" >&6; }
- archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc
- ;;
- esac
- fi
- ;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
-printf %s "checking dynamic linker characteristics... " >&6; }
-
-if test yes = "$GCC"; then
- case $host_os in
- darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
- *) lt_awk_arg='/^libraries:/' ;;
- esac
- case $host_os in
- mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;;
- *) lt_sed_strip_eq='s|=/|/|g' ;;
- esac
- lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
- case $lt_search_path_spec in
- *\;*)
- # if the path contains ";" then we assume it to be the separator
- # otherwise default to the standard path separator (i.e. ":") - it is
- # assumed that no part of a normal pathname contains ";" but that should
- # okay in the real world where ";" in dirpaths is itself problematic.
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
- ;;
- *)
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
- ;;
- esac
- # Ok, now we have the path, separated by spaces, we can step through it
- # and add multilib dir if necessary...
- lt_tmp_lt_search_path_spec=
- lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
- # ...but if some path component already ends with the multilib dir we assume
- # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
- case "$lt_multi_os_dir; $lt_search_path_spec " in
- "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
- lt_multi_os_dir=
- ;;
- esac
- for lt_sys_path in $lt_search_path_spec; do
- if test -d "$lt_sys_path$lt_multi_os_dir"; then
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
- elif test -n "$lt_multi_os_dir"; then
- test -d "$lt_sys_path" && \
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
- fi
- done
- lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
-BEGIN {RS = " "; FS = "/|\n";} {
- lt_foo = "";
- lt_count = 0;
- for (lt_i = NF; lt_i > 0; lt_i--) {
- if ($lt_i != "" && $lt_i != ".") {
- if ($lt_i == "..") {
- lt_count++;
- } else {
- if (lt_count == 0) {
- lt_foo = "/" $lt_i lt_foo;
- } else {
- lt_count--;
- }
- }
- }
- }
- if (lt_foo != "") { lt_freq[lt_foo]++; }
- if (lt_freq[lt_foo] == 1) { print lt_foo; }
-}'`
- # AWK program above erroneously prepends '/' to C:/dos/paths
- # for these hosts.
- case $host_os in
- mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
- $SED 's|/\([A-Za-z]:\)|\1|g'` ;;
- esac
- sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
-else
- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=.so
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-
-
-case $host_os in
-aix3*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
- shlibpath_var=LIBPATH
-
- # AIX 3 has no versioning support, so we append a major version to the name.
- soname_spec='$libname$release$shared_ext$major'
- ;;
-
-aix[4-9]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- hardcode_into_libs=yes
- if test ia64 = "$host_cpu"; then
- # AIX 5 supports IA64
- library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- else
- # With GCC up to 2.95.x, collect2 would create an import file
- # for dependence libraries. The import file would start with
- # the line '#! .'. This would cause the generated library to
- # depend on '.', always an invalid library. This was fixed in
- # development snapshots of GCC prior to 3.0.
- case $host_os in
- aix4 | aix4.[01] | aix4.[01].*)
- if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
- echo ' yes '
- echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
- :
- else
- can_build_shared=no
- fi
- ;;
- esac
- # Using Import Files as archive members, it is possible to support
- # filename-based versioning of shared library archives on AIX. While
- # this would work for both with and without runtime linking, it will
- # prevent static linking of such archives. So we do filename-based
- # shared library versioning with .so extension only, which is used
- # when both runtime linking and shared linking is enabled.
- # Unfortunately, runtime linking may impact performance, so we do
- # not want this to be the default eventually. Also, we use the
- # versioned .so libs for executables only if there is the -brtl
- # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
- # To allow for filename-based versioning support, we need to create
- # libNAME.so.V as an archive file, containing:
- # *) an Import File, referring to the versioned filename of the
- # archive as well as the shared archive member, telling the
- # bitwidth (32 or 64) of that shared object, and providing the
- # list of exported symbols of that shared object, eventually
- # decorated with the 'weak' keyword
- # *) the shared object with the F_LOADONLY flag set, to really avoid
- # it being seen by the linker.
- # At run time we better use the real file rather than another symlink,
- # but for link time we create the symlink libNAME.so -> libNAME.so.V
-
- case $with_aix_soname,$aix_use_runtimelinking in
- # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
- # soname into executable. Probably we can add versioning support to
- # collect2, so additional links can be useful in future.
- aix,yes) # traditional libtool
- dynamic_linker='AIX unversionable lib.so'
- # If using run time linking (on AIX 4.2 or later) use lib<name>.so
- # instead of lib<name>.a to let people know that these are not
- # typical AIX shared libraries.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- ;;
- aix,no) # traditional AIX only
- dynamic_linker='AIX lib.a(lib.so.V)'
- # We preserve .a as extension for shared libraries through AIX4.2
- # and later when we are not doing run time linking.
- library_names_spec='$libname$release.a $libname.a'
- soname_spec='$libname$release$shared_ext$major'
- ;;
- svr4,*) # full svr4 only
- dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)"
- library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
- # We do not specify a path in Import Files, so LIBPATH fires.
- shlibpath_overrides_runpath=yes
- ;;
- *,yes) # both, prefer svr4
- dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)"
- library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
- # unpreferred sharedlib libNAME.a needs extra handling
- postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
- postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
- # We do not specify a path in Import Files, so LIBPATH fires.
- shlibpath_overrides_runpath=yes
- ;;
- *,no) # both, prefer aix
- dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)"
- library_names_spec='$libname$release.a $libname.a'
- soname_spec='$libname$release$shared_ext$major'
- # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
- postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
- postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
- ;;
- esac
- shlibpath_var=LIBPATH
- fi
- ;;
-
-amigaos*)
- case $host_cpu in
- powerpc)
- # Since July 2007 AmigaOS4 officially supports .so libraries.
- # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- ;;
- m68k)
- library_names_spec='$libname.ixlibrary $libname.a'
- # Create ${libname}_ixlibrary.a entries in /sys/libs.
- finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
- ;;
- esac
- ;;
-
-beos*)
- library_names_spec='$libname$shared_ext'
- dynamic_linker="$host_os ld.so"
- shlibpath_var=LIBRARY_PATH
- ;;
-
-bsdi[45]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
- sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
- # the default ld.so.conf also contains /usr/contrib/lib and
- # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
- # libtool to hard-code these into programs
- ;;
-
-cygwin* | mingw* | pw32* | cegcc*)
- version_type=windows
- shrext_cmds=.dll
- need_version=no
- need_lib_prefix=no
-
- case $GCC,$cc_basename in
- yes,*)
- # gcc
- library_names_spec='$libname.dll.a'
- # DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname~
- chmod a+x \$dldir/$dlname~
- if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
- eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
- fi'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- shlibpath_overrides_runpath=yes
-
- case $host_os in
- cygwin*)
- # Cygwin DLLs use 'cyg' prefix rather than 'lib'
- soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
-
- sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"
- ;;
- mingw* | cegcc*)
- # MinGW DLLs use traditional 'lib' prefix
- soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
- ;;
- pw32*)
- # pw32 DLLs use 'pw' prefix rather than 'lib'
- library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
- ;;
- esac
- dynamic_linker='Win32 ld.exe'
- ;;
-
- *,cl*)
- # Native MSVC
- libname_spec='$name'
- soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
- library_names_spec='$libname.dll.lib'
-
- case $build_os in
- mingw*)
- sys_lib_search_path_spec=
- lt_save_ifs=$IFS
- IFS=';'
- for lt_path in $LIB
- do
- IFS=$lt_save_ifs
- # Let DOS variable expansion print the short 8.3 style file name.
- lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
- sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
- done
- IFS=$lt_save_ifs
- # Convert to MSYS style.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'`
- ;;
- cygwin*)
- # Convert to unix form, then to dos form, then back to unix form
- # but this time dos style (no spaces!) so that the unix form looks
- # like /cygdrive/c/PROGRA~1:/cygdr...
- sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
- sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
- sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- ;;
- *)
- sys_lib_search_path_spec=$LIB
- if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
- # It is most probably a Windows format PATH.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
- else
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- fi
- # FIXME: find the short name or the path components, as spaces are
- # common. (e.g. "Program Files" -> "PROGRA~1")
- ;;
- esac
-
- # DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- shlibpath_overrides_runpath=yes
- dynamic_linker='Win32 link.exe'
- ;;
-
- *)
- # Assume MSVC wrapper
- library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib'
- dynamic_linker='Win32 ld.exe'
- ;;
- esac
- # FIXME: first we should search . and the directory the executable is in
- shlibpath_var=PATH
- ;;
-
-darwin* | rhapsody*)
- dynamic_linker="$host_os dyld"
- version_type=darwin
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
- soname_spec='$libname$release$major$shared_ext'
- shlibpath_overrides_runpath=yes
- shlibpath_var=DYLD_LIBRARY_PATH
- shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-
- sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"
- sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
- ;;
-
-dgux*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-freebsd* | dragonfly*)
- # DragonFly does not have aout. When/if they implement a new
- # versioning mechanism, adjust this.
- if test -x /usr/bin/objformat; then
- objformat=`/usr/bin/objformat`
- else
- case $host_os in
- freebsd[23].*) objformat=aout ;;
- *) objformat=elf ;;
- esac
- fi
- version_type=freebsd-$objformat
- case $version_type in
- freebsd-elf*)
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- need_version=no
- need_lib_prefix=no
- ;;
- freebsd-*)
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- need_version=yes
- ;;
- esac
- shlibpath_var=LD_LIBRARY_PATH
- case $host_os in
- freebsd2.*)
- shlibpath_overrides_runpath=yes
- ;;
- freebsd3.[01]* | freebsdelf3.[01]*)
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
- freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
- *) # from 4.6 on, and DragonFly
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- esac
- ;;
-
-haiku*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- dynamic_linker="$host_os runtime_loader"
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LIBRARY_PATH
- shlibpath_overrides_runpath=no
- sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
- hardcode_into_libs=yes
- ;;
-
-hpux9* | hpux10* | hpux11*)
- # Give a soname corresponding to the major version so that dld.sl refuses to
- # link against other versions.
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- case $host_cpu in
- ia64*)
- shrext_cmds='.so'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.so"
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- if test 32 = "$HPUX_IA64_MODE"; then
- sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
- sys_lib_dlsearch_path_spec=/usr/lib/hpux32
- else
- sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
- sys_lib_dlsearch_path_spec=/usr/lib/hpux64
- fi
- ;;
- hppa*64*)
- shrext_cmds='.sl'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
- *)
- shrext_cmds='.sl'
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=SHLIB_PATH
- shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- ;;
- esac
- # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
- postinstall_cmds='chmod 555 $lib'
- # or fails outright, so override atomically:
- install_override_mode=555
- ;;
-
-interix[3-9]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-irix5* | irix6* | nonstopux*)
- case $host_os in
- nonstopux*) version_type=nonstopux ;;
- *)
- if test yes = "$lt_cv_prog_gnu_ld"; then
- version_type=linux # correct to gnu/linux during the next big refactor
- else
- version_type=irix
- fi ;;
- esac
- need_lib_prefix=no
- need_version=no
- soname_spec='$libname$release$shared_ext$major'
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
- case $host_os in
- irix5* | nonstopux*)
- libsuff= shlibsuff=
- ;;
- *)
- case $LD in # libtool.m4 will add one of these switches to LD
- *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
- libsuff= shlibsuff= libmagic=32-bit;;
- *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
- libsuff=32 shlibsuff=N32 libmagic=N32;;
- *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
- libsuff=64 shlibsuff=64 libmagic=64-bit;;
- *) libsuff= shlibsuff= libmagic=never-match;;
- esac
- ;;
- esac
- shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
- sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
- hardcode_into_libs=yes
- ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
- dynamic_linker=no
- ;;
-
-linux*android*)
- version_type=none # Android doesn't support versioned libraries.
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext'
- soname_spec='$libname$release$shared_ext'
- finish_cmds=
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
-
- # This implies no fast_install, which is unacceptable.
- # Some rework will be needed to allow for fast_install
- # before this can be enabled.
- hardcode_into_libs=yes
-
- dynamic_linker='Android linker'
- # Don't embed -rpath directories since the linker doesn't support them.
- hardcode_libdir_flag_spec='-L$libdir'
- ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
-
- # Some binutils ld are patched to set DT_RUNPATH
- if test ${lt_cv_shlibpath_overrides_runpath+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_shlibpath_overrides_runpath=no
- save_LDFLAGS=$LDFLAGS
- save_libdir=$libdir
- eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
- LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null
-then :
- lt_cv_shlibpath_overrides_runpath=yes
-fi
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
- libdir=$save_libdir
-
-fi
-
- shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
-
- # This implies no fast_install, which is unacceptable.
- # Some rework will be needed to allow for fast_install
- # before this can be enabled.
- hardcode_into_libs=yes
-
- # Ideally, we could use ldconfig to report *all* directores which are
- # searched for libraries, however this is still not possible. Aside from not
- # being certain /sbin/ldconfig is available, command
- # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
- # even though it is searched at run-time. Try to do the best guess by
- # appending ld.so.conf contents (and includes) to the search path.
- if test -f /etc/ld.so.conf; then
- lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
- fi
-
- # We used to test for /lib/ld.so.1 and disable shared libraries on
- # powerpc, because MkLinux only supported shared libraries with the
- # GNU dynamic linker. Since this was broken with cross compilers,
- # most powerpc-linux boxes support dynamic linking these days and
- # people can always --disable-shared, the test was removed, and we
- # assume the GNU/Linux dynamic linker is in use.
- dynamic_linker='GNU/Linux ld.so'
- ;;
-
-netbsdelf*-gnu)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- dynamic_linker='NetBSD ld.elf_so'
- ;;
-
-netbsd*)
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- dynamic_linker='NetBSD (a.out) ld.so'
- else
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- dynamic_linker='NetBSD ld.elf_so'
- fi
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
-
-newsos6)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- ;;
-
-*nto* | *qnx*)
- version_type=qnx
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- dynamic_linker='ldqnx.so'
- ;;
-
-openbsd* | bitrig*)
- version_type=sunos
- sys_lib_dlsearch_path_spec=/usr/lib
- need_lib_prefix=no
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- need_version=no
- else
- need_version=yes
- fi
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- ;;
-
-os2*)
- libname_spec='$name'
- version_type=windows
- shrext_cmds=.dll
- need_version=no
- need_lib_prefix=no
- # OS/2 can only load a DLL with a base name of 8 characters or less.
- soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
- v=$($ECHO $release$versuffix | tr -d .-);
- n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
- $ECHO $n$v`$shared_ext'
- library_names_spec='${libname}_dll.$libext'
- dynamic_linker='OS/2 ld.exe'
- shlibpath_var=BEGINLIBPATH
- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname~
- chmod a+x \$dldir/$dlname~
- if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
- eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
- fi'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- ;;
-
-osf3* | osf4* | osf5*)
- version_type=osf
- need_lib_prefix=no
- need_version=no
- soname_spec='$libname$release$shared_ext$major'
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
-
-rdos*)
- dynamic_linker=no
- ;;
-
-solaris*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- # ldd complains unless libraries are executable
- postinstall_cmds='chmod +x $lib'
- ;;
-
-sunos4*)
- version_type=sunos
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- if test yes = "$with_gnu_ld"; then
- need_lib_prefix=no
- fi
- need_version=yes
- ;;
-
-sysv4 | sysv4.3*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- case $host_vendor in
- sni)
- shlibpath_overrides_runpath=no
- need_lib_prefix=no
- runpath_var=LD_RUN_PATH
- ;;
- siemens)
- need_lib_prefix=no
- ;;
- motorola)
- need_lib_prefix=no
- need_version=no
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
- ;;
- esac
- ;;
-
-sysv4*MP*)
- if test -d /usr/nec; then
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
- soname_spec='$libname$shared_ext.$major'
- shlibpath_var=LD_LIBRARY_PATH
- fi
- ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- version_type=sco
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- if test yes = "$with_gnu_ld"; then
- sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
- else
- sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
- case $host_os in
- sco3.2v5*)
- sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
- ;;
- esac
- fi
- sys_lib_dlsearch_path_spec='/usr/lib'
- ;;
-
-tpf*)
- # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-uts4*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-*)
- dynamic_linker=no
- ;;
-esac
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
-printf "%s\n" "$dynamic_linker" >&6; }
-test no = "$dynamic_linker" && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test yes = "$GCC"; then
- variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
- sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
-fi
-
-if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
- sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
-fi
-
-# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
-configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
-
-# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
-func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
-
-# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
-configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
-printf %s "checking how to hardcode library paths into programs... " >&6; }
-hardcode_action=
-if test -n "$hardcode_libdir_flag_spec" ||
- test -n "$runpath_var" ||
- test yes = "$hardcode_automatic"; then
-
- # We can hardcode non-existent directories.
- if test no != "$hardcode_direct" &&
- # If the only mechanism to avoid hardcoding is shlibpath_var, we
- # have to relink, otherwise we might link with an installed library
- # when we should be linking with a yet-to-be-installed one
- ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, )" &&
- test no != "$hardcode_minus_L"; then
- # Linking always hardcodes the temporary library directory.
- hardcode_action=relink
- else
- # We can link without hardcoding, and we can hardcode nonexisting dirs.
- hardcode_action=immediate
- fi
-else
- # We cannot hardcode anything, or else we can only hardcode existing
- # directories.
- hardcode_action=unsupported
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
-printf "%s\n" "$hardcode_action" >&6; }
-
-if test relink = "$hardcode_action" ||
- test yes = "$inherit_rpath"; then
- # Fast installation is not supported
- enable_fast_install=no
-elif test yes = "$shlibpath_overrides_runpath" ||
- test no = "$enable_shared"; then
- # Fast installation is not necessary
- enable_fast_install=needless
-fi
-
-
-
-
-
-
- if test yes != "$enable_dlopen"; then
- enable_dlopen=unknown
- enable_dlopen_self=unknown
- enable_dlopen_self_static=unknown
-else
- lt_cv_dlopen=no
- lt_cv_dlopen_libs=
-
- case $host_os in
- beos*)
- lt_cv_dlopen=load_add_on
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
- ;;
-
- mingw* | pw32* | cegcc*)
- lt_cv_dlopen=LoadLibrary
- lt_cv_dlopen_libs=
- ;;
-
- cygwin*)
- lt_cv_dlopen=dlopen
- lt_cv_dlopen_libs=
- ;;
-
- darwin*)
- # if libdl is installed we need to link against it
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-printf %s "checking for dlopen in -ldl... " >&6; }
-if test ${ac_cv_lib_dl_dlopen+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldl $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dlopen ();
-int
-main (void)
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dl_dlopen=yes
-else $as_nop
- ac_cv_lib_dl_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else $as_nop
-
- lt_cv_dlopen=dyld
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
-
-fi
-
- ;;
-
- tpf*)
- # Don't try to run any link tests for TPF. We know it's impossible
- # because TPF is a cross-compiler, and we know how we open DSOs.
- lt_cv_dlopen=dlopen
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=no
- ;;
-
- *)
- ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
-if test "x$ac_cv_func_shl_load" = xyes
-then :
- lt_cv_dlopen=shl_load
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
-printf %s "checking for shl_load in -ldld... " >&6; }
-if test ${ac_cv_lib_dld_shl_load+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char shl_load ();
-int
-main (void)
-{
-return shl_load ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dld_shl_load=yes
-else $as_nop
- ac_cv_lib_dld_shl_load=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
-printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; }
-if test "x$ac_cv_lib_dld_shl_load" = xyes
-then :
- lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld
-else $as_nop
- ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
-if test "x$ac_cv_func_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-printf %s "checking for dlopen in -ldl... " >&6; }
-if test ${ac_cv_lib_dl_dlopen+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldl $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dlopen ();
-int
-main (void)
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dl_dlopen=yes
-else $as_nop
- ac_cv_lib_dl_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
-printf %s "checking for dlopen in -lsvld... " >&6; }
-if test ${ac_cv_lib_svld_dlopen+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsvld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dlopen ();
-int
-main (void)
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_svld_dlopen=yes
-else $as_nop
- ac_cv_lib_svld_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
-printf "%s\n" "$ac_cv_lib_svld_dlopen" >&6; }
-if test "x$ac_cv_lib_svld_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
-printf %s "checking for dld_link in -ldld... " >&6; }
-if test ${ac_cv_lib_dld_dld_link+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dld_link ();
-int
-main (void)
-{
-return dld_link ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dld_dld_link=yes
-else $as_nop
- ac_cv_lib_dld_dld_link=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
-printf "%s\n" "$ac_cv_lib_dld_dld_link" >&6; }
-if test "x$ac_cv_lib_dld_dld_link" = xyes
-then :
- lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
- ;;
- esac
-
- if test no = "$lt_cv_dlopen"; then
- enable_dlopen=no
- else
- enable_dlopen=yes
- fi
-
- case $lt_cv_dlopen in
- dlopen)
- save_CPPFLAGS=$CPPFLAGS
- test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
- save_LDFLAGS=$LDFLAGS
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
- save_LIBS=$LIBS
- LIBS="$lt_cv_dlopen_libs $LIBS"
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
-printf %s "checking whether a program can dlopen itself... " >&6; }
-if test ${lt_cv_dlopen_self+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test yes = "$cross_compiling"; then :
- lt_cv_dlopen_self=cross
-else
- lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
- lt_status=$lt_dlunknown
- cat > conftest.$ac_ext <<_LT_EOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LT_DLGLOBAL RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-# define LT_DLGLOBAL DL_GLOBAL
-# else
-# define LT_DLGLOBAL 0
-# endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
- find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-# ifdef RTLD_LAZY
-# define LT_DLLAZY_OR_NOW RTLD_LAZY
-# else
-# ifdef DL_LAZY
-# define LT_DLLAZY_OR_NOW DL_LAZY
-# else
-# ifdef RTLD_NOW
-# define LT_DLLAZY_OR_NOW RTLD_NOW
-# else
-# ifdef DL_NOW
-# define LT_DLLAZY_OR_NOW DL_NOW
-# else
-# define LT_DLLAZY_OR_NOW 0
-# endif
-# endif
-# endif
-# endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
- correspondingly for the symbols needed. */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
- void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
- int status = $lt_dlunknown;
-
- if (self)
- {
- if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
- else
- {
- if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
- else puts (dlerror ());
- }
- /* dlclose (self); */
- }
- else
- puts (dlerror ());
-
- return status;
-}
-_LT_EOF
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
- (./conftest; exit; ) >&5 2>/dev/null
- lt_status=$?
- case x$lt_status in
- x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
- x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
- x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;;
- esac
- else :
- # compilation failed
- lt_cv_dlopen_self=no
- fi
-fi
-rm -fr conftest*
-
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
-printf "%s\n" "$lt_cv_dlopen_self" >&6; }
-
- if test yes = "$lt_cv_dlopen_self"; then
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
-printf %s "checking whether a statically linked program can dlopen itself... " >&6; }
-if test ${lt_cv_dlopen_self_static+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test yes = "$cross_compiling"; then :
- lt_cv_dlopen_self_static=cross
-else
- lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
- lt_status=$lt_dlunknown
- cat > conftest.$ac_ext <<_LT_EOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LT_DLGLOBAL RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-# define LT_DLGLOBAL DL_GLOBAL
-# else
-# define LT_DLGLOBAL 0
-# endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
- find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-# ifdef RTLD_LAZY
-# define LT_DLLAZY_OR_NOW RTLD_LAZY
-# else
-# ifdef DL_LAZY
-# define LT_DLLAZY_OR_NOW DL_LAZY
-# else
-# ifdef RTLD_NOW
-# define LT_DLLAZY_OR_NOW RTLD_NOW
-# else
-# ifdef DL_NOW
-# define LT_DLLAZY_OR_NOW DL_NOW
-# else
-# define LT_DLLAZY_OR_NOW 0
-# endif
-# endif
-# endif
-# endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
- correspondingly for the symbols needed. */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
- void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
- int status = $lt_dlunknown;
-
- if (self)
- {
- if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
- else
- {
- if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
- else puts (dlerror ());
- }
- /* dlclose (self); */
- }
- else
- puts (dlerror ());
-
- return status;
-}
-_LT_EOF
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
- (./conftest; exit; ) >&5 2>/dev/null
- lt_status=$?
- case x$lt_status in
- x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
- x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
- x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;;
- esac
- else :
- # compilation failed
- lt_cv_dlopen_self_static=no
- fi
-fi
-rm -fr conftest*
-
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
-printf "%s\n" "$lt_cv_dlopen_self_static" >&6; }
- fi
-
- CPPFLAGS=$save_CPPFLAGS
- LDFLAGS=$save_LDFLAGS
- LIBS=$save_LIBS
- ;;
- esac
-
- case $lt_cv_dlopen_self in
- yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
- *) enable_dlopen_self=unknown ;;
- esac
-
- case $lt_cv_dlopen_self_static in
- yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
- *) enable_dlopen_self_static=unknown ;;
- esac
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-striplib=
-old_striplib=
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
-printf %s "checking whether stripping libraries is possible... " >&6; }
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
- test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
- test -z "$striplib" && striplib="$STRIP --strip-unneeded"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-else
-# FIXME - insert some real tests, host_os isn't really good enough
- case $host_os in
- darwin*)
- if test -n "$STRIP"; then
- striplib="$STRIP -x"
- old_striplib="$STRIP -S"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- fi
- ;;
- *)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- ;;
- esac
-fi
-
-
-
-
-
-
-
-
-
-
-
-
- # Report what library types will actually be built
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
-printf %s "checking if libtool supports shared libraries... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
-printf "%s\n" "$can_build_shared" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
-printf %s "checking whether to build shared libraries... " >&6; }
- test no = "$can_build_shared" && enable_shared=no
-
- # On AIX, shared libraries and static libraries use the same namespace, and
- # are all built from PIC.
- case $host_os in
- aix3*)
- test yes = "$enable_shared" && enable_static=no
- if test -n "$RANLIB"; then
- archive_cmds="$archive_cmds~\$RANLIB \$lib"
- postinstall_cmds='$RANLIB $lib'
- fi
- ;;
-
- aix[4-9]*)
- if test ia64 != "$host_cpu"; then
- case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
- yes,aix,yes) ;; # shared object as lib.so file only
- yes,svr4,*) ;; # shared object as lib.so archive member only
- yes,*) enable_static=no ;; # shared object in lib.a archive as well
- esac
- fi
- ;;
- esac
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
-printf "%s\n" "$enable_shared" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
-printf %s "checking whether to build static libraries... " >&6; }
- # Make sure either enable_shared or enable_static is yes.
- test yes = "$enable_shared" || enable_static=yes
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
-printf "%s\n" "$enable_static" >&6; }
-
-
-
-
-fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-CC=$lt_save_CC
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ac_config_commands="$ac_config_commands libtool"
-
-
-
-
-# Only expand once:
-
-
-
-
-if test "$ac_cv_prog_cc_c99" = "no"; then
- as_fn_error $? "C99 mode is required to build libapparmor" "$LINENO" 5
-fi
-
-ac_config_files="$ac_config_files Makefile doc/Makefile src/Makefile swig/Makefile swig/perl/Makefile swig/perl/Makefile.PL swig/python/Makefile swig/python/setup.py swig/python/test/Makefile swig/ruby/Makefile testsuite/Makefile testsuite/config/Makefile testsuite/libaalogparse.test/Makefile testsuite/lib/Makefile include/Makefile include/sys/Makefile"
-
-cat >confcache <<\_ACEOF
-# This file is a shell script that caches the results of configure
-# tests run on this system so they can be shared between configure
-# scripts and configure runs, see configure's option --config-cache.
-# It is not useful on other systems. If it contains results you don't
-# want to keep, you may remove or edit it.
-#
-# config.status only pays attention to the cache file if you give it
-# the --recheck option to rerun configure.
-#
-# `ac_cv_env_foo' variables (set or unset) will be overridden when
-# loading this file, other *unset* `ac_cv_foo' will be assigned the
-# following values.
-
-_ACEOF
-
-# The following way of writing the cache mishandles newlines in values,
-# but we know of no workaround that is simple, portable, and efficient.
-# So, we kill variables containing newlines.
-# Ultrix sh set writes to stderr and can't be redirected directly,
-# and sets the high bit in the cache file unless we assign to the vars.
-(
- for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) { eval $ac_var=; unset $ac_var;} ;;
- esac ;;
- esac
- done
-
- (set) 2>&1 |
- case $as_nl`(ac_space=' '; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- # `set' does not quote correctly, so add quotes: double-quote
- # substitution turns \\\\ into \\, and sed turns \\ into \.
- sed -n \
- "s/'/'\\\\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
- ;; #(
- *)
- # `set' quotes correctly as required by POSIX, so do not add quotes.
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-) |
- sed '
- /^ac_cv_env_/b end
- t clear
- :clear
- s/^\([^=]*\)=\(.*[{}].*\)$/test ${\1+y} || &/
- t end
- s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
- :end' >>confcache
-if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
- if test -w "$cache_file"; then
- if test "x$cache_file" != "x/dev/null"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
-printf "%s\n" "$as_me: updating cache $cache_file" >&6;}
- if test ! -f "$cache_file" || test -h "$cache_file"; then
- cat confcache >"$cache_file"
- else
- case $cache_file in #(
- */* | ?:*)
- mv -f confcache "$cache_file"$$ &&
- mv -f "$cache_file"$$ "$cache_file" ;; #(
- *)
- mv -f confcache "$cache_file" ;;
- esac
- fi
- fi
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
-printf "%s\n" "$as_me: not updating unwritable cache $cache_file" >&6;}
- fi
-fi
-rm -f confcache
-
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-# Let make expand exec_prefix.
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-# Transform confdefs.h into DEFS.
-# Protect against shell expansion while executing Makefile rules.
-# Protect against Makefile macro expansion.
-#
-# If the first sed substitution is executed (which looks for macros that
-# take arguments), then branch to the quote section. Otherwise,
-# look for a macro that doesn't take arguments.
-ac_script='
-:mline
-/\\$/{
- N
- s,\\\n,,
- b mline
-}
-t clear
-:clear
-s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g
-t quote
-s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g
-t quote
-b any
-:quote
-s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g
-s/\[/\\&/g
-s/\]/\\&/g
-s/\$/$$/g
-H
-:any
-${
- g
- s/^\n//
- s/\n/ /g
- p
-}
-'
-DEFS=`sed -n "$ac_script" confdefs.h`
-
-
-ac_libobjs=
-ac_ltlibobjs=
-U=
-for ac_i in : $LIB@&t@OBJS; do test "x$ac_i" = x: && continue
- # 1. Remove the extension, and $U if already installed.
- ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
- ac_i=`printf "%s\n" "$ac_i" | sed "$ac_script"`
- # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
- # will be set to the directory where LIBOBJS objects are built.
- as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
- as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
-done
-LIB@&t@OBJS=$ac_libobjs
-
-LTLIBOBJS=$ac_ltlibobjs
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5
-printf %s "checking that generated files are newer than configure... " >&6; }
- if test -n "$am_sleep_pid"; then
- # Hide warnings about reused PIDs.
- wait $am_sleep_pid 2>/dev/null
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: done" >&5
-printf "%s\n" "done" >&6; }
- if test -n "$EXEEXT"; then
- am__EXEEXT_TRUE=
- am__EXEEXT_FALSE='#'
-else
- am__EXEEXT_TRUE='#'
- am__EXEEXT_FALSE=
-fi
-
-if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
- as_fn_error $? "conditional \"AMDEP\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
- as_fn_error $? "conditional \"am__fastdepCC\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${ENABLE_MAN_PAGES_TRUE}" && test -z "${ENABLE_MAN_PAGES_FALSE}"; then
- as_fn_error $? "conditional \"ENABLE_MAN_PAGES\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${HAVE_PYTHON_TRUE}" && test -z "${HAVE_PYTHON_FALSE}"; then
- as_fn_error $? "conditional \"HAVE_PYTHON\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${HAVE_PERL_TRUE}" && test -z "${HAVE_PERL_FALSE}"; then
- as_fn_error $? "conditional \"HAVE_PERL\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${HAVE_RUBY_TRUE}" && test -z "${HAVE_RUBY_FALSE}"; then
- as_fn_error $? "conditional \"HAVE_RUBY\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-
-: "${CONFIG_STATUS=./config.status}"
-ac_write_fail=0
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
-printf "%s\n" "$as_me: creating $CONFIG_STATUS" >&6;}
-as_write_fail=0
-cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-# Run this file to recreate the current configuration.
-# Compiler output produced by configure, useful for debugging
-# configure, is in config.log if it exists.
-
-debug=false
-ac_cs_recheck=false
-ac_cs_silent=false
-
-SHELL=\${CONFIG_SHELL-$SHELL}
-export SHELL
-_ASEOF
-cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
-## -------------------- ##
-## M4sh Initialization. ##
-## -------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-as_nop=:
-if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else $as_nop
- case `(set -o) 2>/dev/null` in @%:@(
- *posix*) :
- set -o posix ;; @%:@(
- *) :
- ;;
-esac
-fi
-
-
-
-# Reset variables that may have inherited troublesome values from
-# the environment.
-
-# IFS needs to be set, to space, tab, and newline, in precisely that order.
-# (If _AS_PATH_WALK were called with IFS unset, it would have the
-# side effect of setting IFS to empty, thus disabling word splitting.)
-# Quoting is to prevent editors from complaining about space-tab.
-as_nl='
-'
-export as_nl
-IFS=" "" $as_nl"
-
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# Ensure predictable behavior from utilities with locale-dependent output.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# We cannot yet rely on "unset" to work, but we need these variables
-# to be unset--not just set to an empty or harmless value--now, to
-# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
-# also avoids known problems related to "unset" and subshell syntax
-# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
-for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
-do eval test \${$as_var+y} \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-
-# Ensure that fds 0, 1, and 2 are open.
-if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
-if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
-if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
-
-# The user is always right.
-if ${PATH_SEPARATOR+false} :; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-# Find who we are. Look in the path if we contain no directory separator.
-as_myself=
-case $0 in @%:@((
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- test -r "$as_dir$0" && as_myself=$as_dir$0 && break
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
-fi
-
-
-
-@%:@ as_fn_error STATUS ERROR [LINENO LOG_FD]
-@%:@ ----------------------------------------
-@%:@ Output "`basename @S|@0`: error: ERROR" to stderr. If LINENO and LOG_FD are
-@%:@ provided, also output the error to LOG_FD, referencing LINENO. Then exit the
-@%:@ script with STATUS, using 1 if that was 0.
-as_fn_error ()
-{
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
- printf "%s\n" "$as_me: error: $2" >&2
- as_fn_exit $as_status
-} @%:@ as_fn_error
-
-
-
-@%:@ as_fn_set_status STATUS
-@%:@ -----------------------
-@%:@ Set @S|@? to STATUS, without forking.
-as_fn_set_status ()
-{
- return $1
-} @%:@ as_fn_set_status
-
-@%:@ as_fn_exit STATUS
-@%:@ -----------------
-@%:@ Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
-as_fn_exit ()
-{
- set +e
- as_fn_set_status $1
- exit $1
-} @%:@ as_fn_exit
-
-@%:@ as_fn_unset VAR
-@%:@ ---------------
-@%:@ Portably unset VAR.
-as_fn_unset ()
-{
- { eval $1=; unset $1;}
-}
-as_unset=as_fn_unset
-
-@%:@ as_fn_append VAR VALUE
-@%:@ ----------------------
-@%:@ Append the text in VALUE to the end of the definition contained in VAR. Take
-@%:@ advantage of any shell optimizations that allow amortized linear growth over
-@%:@ repeated appends, instead of the typical quadratic growth present in naive
-@%:@ implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
-then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
-else $as_nop
- as_fn_append ()
- {
- eval $1=\$$1\$2
- }
-fi # as_fn_append
-
-@%:@ as_fn_arith ARG...
-@%:@ ------------------
-@%:@ Perform arithmetic evaluation on the ARGs, and store the result in the
-@%:@ global @S|@as_val. Take advantage of shells that can avoid forks. The arguments
-@%:@ must be portable across @S|@(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
-then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
-else $as_nop
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
- }
-fi # as_fn_arith
-
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-
-# Determine whether it's possible to make 'echo' print without a newline.
-# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
-# for compatibility with existing Makefiles.
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in @%:@(((((
--n*)
- case `echo 'xy\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- xy) ECHO_C='\c';;
- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
- ECHO_T=' ';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-
-# For backward compatibility with old third-party macros, we provide
-# the shell variables $as_echo and $as_echo_n. New code should use
-# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
-as_@&t@echo='printf %s\n'
-as_@&t@echo_n='printf %s'
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -pR'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -pR'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -pR'
- fi
-else
- as_ln_s='cp -pR'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-
-@%:@ as_fn_mkdir_p
-@%:@ -------------
-@%:@ Create "@S|@as_dir" as a directory, including parents if necessary.
-as_fn_mkdir_p ()
-{
-
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || eval $as_mkdir_p || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
-
-
-} @%:@ as_fn_mkdir_p
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p='mkdir -p "$as_dir"'
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-
-@%:@ as_fn_executable_p FILE
-@%:@ -----------------------
-@%:@ Test if FILE is an executable regular file.
-as_fn_executable_p ()
-{
- test -f "$1" && test -x "$1"
-} @%:@ as_fn_executable_p
-as_test_x='test -x'
-as_executable_p=as_fn_executable_p
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-
-exec 6>&1
-## ----------------------------------- ##
-## Main body of $CONFIG_STATUS script. ##
-## ----------------------------------- ##
-_ASEOF
-test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# Save the log message, to keep $0 and so on meaningful, and to
-# report actual input values of CONFIG_FILES etc. instead of their
-# values after options handling.
-ac_log="
-This file was extended by $as_me, which was
-generated by GNU Autoconf 2.71. Invocation command line was
-
- CONFIG_FILES = $CONFIG_FILES
- CONFIG_HEADERS = $CONFIG_HEADERS
- CONFIG_LINKS = $CONFIG_LINKS
- CONFIG_COMMANDS = $CONFIG_COMMANDS
- $ $0 $@
-
-on `(hostname || uname -n) 2>/dev/null | sed 1q`
-"
-
-_ACEOF
-
-case $ac_config_files in *"
-"*) set x $ac_config_files; shift; ac_config_files=$*;;
-esac
-
-
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-# Files that config.status was made for.
-config_files="$ac_config_files"
-config_commands="$ac_config_commands"
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-ac_cs_usage="\
-\`$as_me' instantiates files and other configuration actions
-from templates according to the current configuration. Unless the files
-and actions are specified as TAGs, all are instantiated by default.
-
-Usage: $0 [OPTION]... [TAG]...
-
- -h, --help print this help, then exit
- -V, --version print version number and configuration settings, then exit
- --config print configuration, then exit
- -q, --quiet, --silent
- do not print progress messages
- -d, --debug don't remove temporary files
- --recheck update $as_me by reconfiguring in the same conditions
- --file=FILE[:TEMPLATE]
- instantiate the configuration file FILE
-
-Configuration files:
-$config_files
-
-Configuration commands:
-$config_commands
-
-Report bugs to the package provider."
-
-_ACEOF
-ac_cs_config=`printf "%s\n" "$ac_configure_args" | sed "$ac_safe_unquote"`
-ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"`
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_cs_config='$ac_cs_config_escaped'
-ac_cs_version="\\
-config.status
-configured by $0, generated by GNU Autoconf 2.71,
- with options \\"\$ac_cs_config\\"
-
-Copyright (C) 2021 Free Software Foundation, Inc.
-This config.status script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it."
-
-ac_pwd='$ac_pwd'
-srcdir='$srcdir'
-INSTALL='$INSTALL'
-MKDIR_P='$MKDIR_P'
-AWK='$AWK'
-test -n "\$AWK" || AWK=awk
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# The default lists apply if the user does not specify any file.
-ac_need_defaults=:
-while test $# != 0
-do
- case $1 in
- --*=?*)
- ac_option=`expr "X$1" : 'X\([^=]*\)='`
- ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
- ac_shift=:
- ;;
- --*=)
- ac_option=`expr "X$1" : 'X\([^=]*\)='`
- ac_optarg=
- ac_shift=:
- ;;
- *)
- ac_option=$1
- ac_optarg=$2
- ac_shift=shift
- ;;
- esac
-
- case $ac_option in
- # Handling of the options.
- -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
- ac_cs_recheck=: ;;
- --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
- printf "%s\n" "$ac_cs_version"; exit ;;
- --config | --confi | --conf | --con | --co | --c )
- printf "%s\n" "$ac_cs_config"; exit ;;
- --debug | --debu | --deb | --de | --d | -d )
- debug=: ;;
- --file | --fil | --fi | --f )
- $ac_shift
- case $ac_optarg in
- *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
- '') as_fn_error $? "missing file argument" ;;
- esac
- as_fn_append CONFIG_FILES " '$ac_optarg'"
- ac_need_defaults=false;;
- --he | --h | --help | --hel | -h )
- printf "%s\n" "$ac_cs_usage"; exit ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil | --si | --s)
- ac_cs_silent=: ;;
-
- # This is an error.
- -*) as_fn_error $? "unrecognized option: \`$1'
-Try \`$0 --help' for more information." ;;
-
- *) as_fn_append ac_config_targets " $1"
- ac_need_defaults=false ;;
-
- esac
- shift
-done
-
-ac_configure_extra_args=
-
-if $ac_cs_silent; then
- exec 6>/dev/null
- ac_configure_extra_args="$ac_configure_extra_args --silent"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-if \$ac_cs_recheck; then
- set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
- shift
- \printf "%s\n" "running CONFIG_SHELL=$SHELL \$*" >&6
- CONFIG_SHELL='$SHELL'
- export CONFIG_SHELL
- exec "\$@"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-exec 5>>config.log
-{
- echo
- sed 'h;s/./-/g;s/^.../@%:@@%:@ /;s/...$/ @%:@@%:@/;p;x;p;x' <<_ASBOX
-@%:@@%:@ Running $as_me. @%:@@%:@
-_ASBOX
- printf "%s\n" "$ac_log"
-} >&5
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-#
-# INIT-COMMANDS
-#
-AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"
-
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-sed_quote_subst='$sed_quote_subst'
-double_quote_subst='$double_quote_subst'
-delay_variable_subst='$delay_variable_subst'
-macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`'
-macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`'
-enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`'
-enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`'
-pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`'
-enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`'
-shared_archive_member_spec='`$ECHO "$shared_archive_member_spec" | $SED "$delay_single_quote_subst"`'
-SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`'
-ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`'
-PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`'
-host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`'
-host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`'
-host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`'
-build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`'
-build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`'
-build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`'
-SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`'
-Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`'
-GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`'
-EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`'
-FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`'
-LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`'
-NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`'
-LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`'
-max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`'
-ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`'
-exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`'
-lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`'
-lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`'
-lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`'
-lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`'
-lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`'
-reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`'
-reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`'
-OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`'
-deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`'
-file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`'
-file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`'
-want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`'
-DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`'
-sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`'
-AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`'
-AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`'
-archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`'
-STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`'
-RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`'
-old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`'
-old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`'
-old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`'
-lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`'
-CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`'
-CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`'
-compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`'
-GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_import='`$ECHO "$lt_cv_sys_global_symbol_to_import" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`'
-lt_cv_nm_interface='`$ECHO "$lt_cv_nm_interface" | $SED "$delay_single_quote_subst"`'
-nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`'
-lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`'
-lt_cv_truncate_bin='`$ECHO "$lt_cv_truncate_bin" | $SED "$delay_single_quote_subst"`'
-objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`'
-MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`'
-lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`'
-need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`'
-MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`'
-DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`'
-NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`'
-LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`'
-OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`'
-OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`'
-libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`'
-shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`'
-extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`'
-archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`'
-enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`'
-export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`'
-whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`'
-compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`'
-old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`'
-old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`'
-archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`'
-archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`'
-module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`'
-module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`'
-with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`'
-allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`'
-no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`'
-hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`'
-hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`'
-hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`'
-hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`'
-hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`'
-hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`'
-hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`'
-inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`'
-link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`'
-always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`'
-export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`'
-exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`'
-include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`'
-prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`'
-postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`'
-file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`'
-variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`'
-need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`'
-need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`'
-version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`'
-runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`'
-shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`'
-shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`'
-libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`'
-library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`'
-soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`'
-install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`'
-postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`'
-postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`'
-finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`'
-finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`'
-hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`'
-sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`'
-configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`'
-configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`'
-hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`'
-enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`'
-enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`'
-enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`'
-old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`'
-striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`'
-
-LTCC='$LTCC'
-LTCFLAGS='$LTCFLAGS'
-compiler='$compiler_DEFAULT'
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
- eval 'cat <<_LTECHO_EOF
-\$1
-_LTECHO_EOF'
-}
-
-# Quote evaled strings.
-for var in SHELL \
-ECHO \
-PATH_SEPARATOR \
-SED \
-GREP \
-EGREP \
-FGREP \
-LD \
-NM \
-LN_S \
-lt_SP2NL \
-lt_NL2SP \
-reload_flag \
-OBJDUMP \
-deplibs_check_method \
-file_magic_cmd \
-file_magic_glob \
-want_nocaseglob \
-DLLTOOL \
-sharedlib_from_linklib_cmd \
-AR \
-AR_FLAGS \
-archiver_list_spec \
-STRIP \
-RANLIB \
-CC \
-CFLAGS \
-compiler \
-lt_cv_sys_global_symbol_pipe \
-lt_cv_sys_global_symbol_to_cdecl \
-lt_cv_sys_global_symbol_to_import \
-lt_cv_sys_global_symbol_to_c_name_address \
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \
-lt_cv_nm_interface \
-nm_file_list_spec \
-lt_cv_truncate_bin \
-lt_prog_compiler_no_builtin_flag \
-lt_prog_compiler_pic \
-lt_prog_compiler_wl \
-lt_prog_compiler_static \
-lt_cv_prog_compiler_c_o \
-need_locks \
-MANIFEST_TOOL \
-DSYMUTIL \
-NMEDIT \
-LIPO \
-OTOOL \
-OTOOL64 \
-shrext_cmds \
-export_dynamic_flag_spec \
-whole_archive_flag_spec \
-compiler_needs_object \
-with_gnu_ld \
-allow_undefined_flag \
-no_undefined_flag \
-hardcode_libdir_flag_spec \
-hardcode_libdir_separator \
-exclude_expsyms \
-include_expsyms \
-file_list_spec \
-variables_saved_for_relink \
-libname_spec \
-library_names_spec \
-soname_spec \
-install_override_mode \
-finish_eval \
-old_striplib \
-striplib; do
- case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
- *[\\\\\\\`\\"\\\$]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
- ;;
- *)
- eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
- ;;
- esac
-done
-
-# Double-quote double-evaled strings.
-for var in reload_cmds \
-old_postinstall_cmds \
-old_postuninstall_cmds \
-old_archive_cmds \
-extract_expsyms_cmds \
-old_archive_from_new_cmds \
-old_archive_from_expsyms_cmds \
-archive_cmds \
-archive_expsym_cmds \
-module_cmds \
-module_expsym_cmds \
-export_symbols_cmds \
-prelink_cmds \
-postlink_cmds \
-postinstall_cmds \
-postuninstall_cmds \
-finish_cmds \
-sys_lib_search_path_spec \
-configure_time_dlsearch_path \
-configure_time_lt_sys_library_path; do
- case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
- *[\\\\\\\`\\"\\\$]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
- ;;
- *)
- eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
- ;;
- esac
-done
-
-ac_aux_dir='$ac_aux_dir'
-
-# See if we are running on zsh, and set the options that allow our
-# commands through without removal of \ escapes INIT.
-if test -n "\${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
-fi
-
-
- PACKAGE='$PACKAGE'
- VERSION='$VERSION'
- RM='$RM'
- ofile='$ofile'
-
-
-
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-
-# Handling of arguments.
-for ac_config_target in $ac_config_targets
-do
- case $ac_config_target in
- "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
- "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
- "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
- "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
- "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
- "swig/Makefile") CONFIG_FILES="$CONFIG_FILES swig/Makefile" ;;
- "swig/perl/Makefile") CONFIG_FILES="$CONFIG_FILES swig/perl/Makefile" ;;
- "swig/perl/Makefile.PL") CONFIG_FILES="$CONFIG_FILES swig/perl/Makefile.PL" ;;
- "swig/python/Makefile") CONFIG_FILES="$CONFIG_FILES swig/python/Makefile" ;;
- "swig/python/setup.py") CONFIG_FILES="$CONFIG_FILES swig/python/setup.py" ;;
- "swig/python/test/Makefile") CONFIG_FILES="$CONFIG_FILES swig/python/test/Makefile" ;;
- "swig/ruby/Makefile") CONFIG_FILES="$CONFIG_FILES swig/ruby/Makefile" ;;
- "testsuite/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/Makefile" ;;
- "testsuite/config/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/config/Makefile" ;;
- "testsuite/libaalogparse.test/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/libaalogparse.test/Makefile" ;;
- "testsuite/lib/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/lib/Makefile" ;;
- "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
- "include/sys/Makefile") CONFIG_FILES="$CONFIG_FILES include/sys/Makefile" ;;
-
- *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
- esac
-done
-
-
-# If the user did not use the arguments to specify the items to instantiate,
-# then the envvar interface is used. Set only those that are not.
-# We use the long form for the default assignment because of an extremely
-# bizarre bug on SunOS 4.1.3.
-if $ac_need_defaults; then
- test ${CONFIG_FILES+y} || CONFIG_FILES=$config_files
- test ${CONFIG_COMMANDS+y} || CONFIG_COMMANDS=$config_commands
-fi
-
-# Have a temporary directory for convenience. Make it in the build tree
-# simply because there is no reason against having it here, and in addition,
-# creating and moving files from /tmp can sometimes cause problems.
-# Hook for its removal unless debugging.
-# Note that there is a small window in which the directory will not be cleaned:
-# after its creation but before its name has been assigned to `$tmp'.
-$debug ||
-{
- tmp= ac_tmp=
- trap 'exit_status=$?
- : "${ac_tmp:=$tmp}"
- { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
-' 0
- trap 'as_fn_exit 1' 1 2 13 15
-}
-# Create a (secure) tmp directory for tmp files.
-
-{
- tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
- test -d "$tmp"
-} ||
-{
- tmp=./conf$$-$RANDOM
- (umask 077 && mkdir "$tmp")
-} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
-ac_tmp=$tmp
-
-# Set up the scripts for CONFIG_FILES section.
-# No need to generate them if there are no CONFIG_FILES.
-# This happens for instance with `./config.status config.h'.
-if test -n "$CONFIG_FILES"; then
-
-
-ac_cr=`echo X | tr X '\015'`
-# On cygwin, bash can eat \r inside `` if the user requested igncr.
-# But we know of no other shell where ac_cr would be empty at this
-# point, so we can use a bashism as a fallback.
-if test "x$ac_cr" = x; then
- eval ac_cr=\$\'\\r\'
-fi
-ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
-if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
- ac_cs_awk_cr='\\r'
-else
- ac_cs_awk_cr=$ac_cr
-fi
-
-echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
-_ACEOF
-
-
-{
- echo "cat >conf$$subs.awk <<_ACEOF" &&
- echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
- echo "_ACEOF"
-} >conf$$subs.sh ||
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
-ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
-ac_delim='%!_!# '
-for ac_last_try in false false false false false :; do
- . ./conf$$subs.sh ||
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
-
- ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
- if test $ac_delim_n = $ac_delim_num; then
- break
- elif $ac_last_try; then
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
- else
- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
- fi
-done
-rm -f conf$$subs.sh
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
-_ACEOF
-sed -n '
-h
-s/^/S["/; s/!.*/"]=/
-p
-g
-s/^[^!]*!//
-:repl
-t repl
-s/'"$ac_delim"'$//
-t delim
-:nl
-h
-s/\(.\{148\}\)..*/\1/
-t more1
-s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
-p
-n
-b repl
-:more1
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t nl
-:delim
-h
-s/\(.\{148\}\)..*/\1/
-t more2
-s/["\\]/\\&/g; s/^/"/; s/$/"/
-p
-b
-:more2
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t delim
-' <conf$$subs.awk | sed '
-/^[^""]/{
- N
- s/\n//
-}
-' >>$CONFIG_STATUS || ac_write_fail=1
-rm -f conf$$subs.awk
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-_ACAWK
-cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
- for (key in S) S_is_set[key] = 1
- FS = "�"
-
-}
-{
- line = $ 0
- nfields = split(line, field, "@")
- substed = 0
- len = length(field[1])
- for (i = 2; i < nfields; i++) {
- key = field[i]
- keylen = length(key)
- if (S_is_set[key]) {
- value = S[key]
- line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
- len += length(value) + length(field[++i])
- substed = 1
- } else
- len += 1 + keylen
- }
-
- print line
-}
-
-_ACAWK
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
- sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
-else
- cat
-fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
- || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
-_ACEOF
-
-# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
-# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
-# trailing colons and then remove the whole line if VPATH becomes empty
-# (actually we leave an empty line to preserve line numbers).
-if test "x$srcdir" = x.; then
- ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
-h
-s///
-s/^/:/
-s/[ ]*$/:/
-s/:\$(srcdir):/:/g
-s/:\${srcdir}:/:/g
-s/:@srcdir@:/:/g
-s/^:*//
-s/:*$//
-x
-s/\(=[ ]*\).*/\1/
-G
-s/\n//
-s/^[^=]*=[ ]*$//
-}'
-fi
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-fi # test -n "$CONFIG_FILES"
-
-
-eval set X " :F $CONFIG_FILES :C $CONFIG_COMMANDS"
-shift
-for ac_tag
-do
- case $ac_tag in
- :[FHLC]) ac_mode=$ac_tag; continue;;
- esac
- case $ac_mode$ac_tag in
- :[FHL]*:*);;
- :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
- :[FH]-) ac_tag=-:-;;
- :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
- esac
- ac_save_IFS=$IFS
- IFS=:
- set x $ac_tag
- IFS=$ac_save_IFS
- shift
- ac_file=$1
- shift
-
- case $ac_mode in
- :L) ac_source=$1;;
- :[FH])
- ac_file_inputs=
- for ac_f
- do
- case $ac_f in
- -) ac_f="$ac_tmp/stdin";;
- *) # Look for the file first in the build tree, then in the source tree
- # (if the path is not absolute). The absolute path cannot be DOS-style,
- # because $ac_f cannot contain `:'.
- test -f "$ac_f" ||
- case $ac_f in
- [\\/$]*) false;;
- *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
- esac ||
- as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
- esac
- case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
- as_fn_append ac_file_inputs " '$ac_f'"
- done
-
- # Let's still pretend it is `configure' which instantiates (i.e., don't
- # use $as_me), people would be surprised to read:
- # /* config.h. Generated by config.status. */
- configure_input='Generated from '`
- printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
- `' by configure.'
- if test x"$ac_file" != x-; then
- configure_input="$ac_file. $configure_input"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
-printf "%s\n" "$as_me: creating $ac_file" >&6;}
- fi
- # Neutralize special characters interpreted by sed in replacement strings.
- case $configure_input in #(
- *\&* | *\|* | *\\* )
- ac_sed_conf_input=`printf "%s\n" "$configure_input" |
- sed 's/[\\\\&|]/\\\\&/g'`;; #(
- *) ac_sed_conf_input=$configure_input;;
- esac
-
- case $ac_tag in
- *:-:* | *:-) cat >"$ac_tmp/stdin" \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
- esac
- ;;
- esac
-
- ac_dir=`$as_dirname -- "$ac_file" ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$ac_file" : 'X\(//\)[^/]' \| \
- X"$ac_file" : 'X\(//\)$' \| \
- X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$ac_file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- as_dir="$ac_dir"; as_fn_mkdir_p
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
-
- case $ac_mode in
- :F)
- #
- # CONFIG_FILE
- #
-
- case $INSTALL in
- [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
- *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
- esac
- ac_MKDIR_P=$MKDIR_P
- case $MKDIR_P in
- [\\/$]* | ?:[\\/]* ) ;;
- */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
- esac
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# If the template does not know about datarootdir, expand it.
-# FIXME: This hack should be removed a few years after 2.60.
-ac_datarootdir_hack=; ac_datarootdir_seen=
-ac_sed_dataroot='
-/datarootdir/ {
- p
- q
-}
-/@datadir@/p
-/@docdir@/p
-/@infodir@/p
-/@localedir@/p
-/@mandir@/p'
-case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
-*datarootdir*) ac_datarootdir_seen=yes;;
-*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
-printf "%s\n" "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
- ac_datarootdir_hack='
- s&@datadir@&$datadir&g
- s&@docdir@&$docdir&g
- s&@infodir@&$infodir&g
- s&@localedir@&$localedir&g
- s&@mandir@&$mandir&g
- s&\\\${datarootdir}&$datarootdir&g' ;;
-esac
-_ACEOF
-
-# Neutralize VPATH when `$srcdir' = `.'.
-# Shell code in configure.ac might set extrasub.
-# FIXME: do we really want to maintain this feature?
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_sed_extra="$ac_vpsub
-$extrasub
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-:t
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s|@configure_input@|$ac_sed_conf_input|;t t
-s&@top_builddir@&$ac_top_builddir_sub&;t t
-s&@top_build_prefix@&$ac_top_build_prefix&;t t
-s&@srcdir@&$ac_srcdir&;t t
-s&@abs_srcdir@&$ac_abs_srcdir&;t t
-s&@top_srcdir@&$ac_top_srcdir&;t t
-s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
-s&@builddir@&$ac_builddir&;t t
-s&@abs_builddir@&$ac_abs_builddir&;t t
-s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
-s&@INSTALL@&$ac_INSTALL&;t t
-s&@MKDIR_P@&$ac_MKDIR_P&;t t
-$ac_datarootdir_hack
-"
-eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
- >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
-
-test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
- { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
- { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
- "$ac_tmp/out"`; test -z "$ac_out"; } &&
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined" >&5
-printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined" >&2;}
-
- rm -f "$ac_tmp/stdin"
- case $ac_file in
- -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
- *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
- esac \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
- ;;
-
-
- :C) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
-printf "%s\n" "$as_me: executing $ac_file commands" >&6;}
- ;;
- esac
-
-
- case $ac_file$ac_mode in
- "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
- # Older Autoconf quotes --file arguments for eval, but not when files
- # are listed without --file. Let's play safe and only enable the eval
- # if we detect the quoting.
- # TODO: see whether this extra hack can be removed once we start
- # requiring Autoconf 2.70 or later.
- case $CONFIG_FILES in @%:@(
- *\'*) :
- eval set x "$CONFIG_FILES" ;; @%:@(
- *) :
- set x $CONFIG_FILES ;; @%:@(
- *) :
- ;;
-esac
- shift
- # Used to flag and report bootstrapping failures.
- am_rc=0
- for am_mf
- do
- # Strip MF so we end up with the name of the file.
- am_mf=`printf "%s\n" "$am_mf" | sed -e 's/:.*$//'`
- # Check whether this is an Automake generated Makefile which includes
- # dependency-tracking related rules and includes.
- # Grep'ing the whole file directly is not great: AIX grep has a line
- # limit of 2048, but all sed's we know have understand at least 4000.
- sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
- || continue
- am_dirpart=`$as_dirname -- "$am_mf" ||
-$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$am_mf" : 'X\(//\)[^/]' \| \
- X"$am_mf" : 'X\(//\)$' \| \
- X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$am_mf" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- am_filepart=`$as_basename -- "$am_mf" ||
-$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \
- X"$am_mf" : 'X\(//\)$' \| \
- X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X/"$am_mf" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- { echo "$as_me:$LINENO: cd "$am_dirpart" \
- && sed -e '/# am--include-marker/d' "$am_filepart" \
- | $MAKE -f - am--depfiles" >&5
- (cd "$am_dirpart" \
- && sed -e '/# am--include-marker/d' "$am_filepart" \
- | $MAKE -f - am--depfiles) >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } || am_rc=$?
- done
- if test $am_rc -ne 0; then
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "Something went wrong bootstrapping makefile fragments
- for automatic dependency tracking. If GNU make was not used, consider
- re-running the configure script with MAKE=\"gmake\" (or whatever is
- necessary). You can also try re-running configure with the
- '--disable-dependency-tracking' option to at least be able to build
- the package (albeit without support for automatic dependency tracking).
-See \`config.log' for more details" "$LINENO" 5; }
- fi
- { am_dirpart=; unset am_dirpart;}
- { am_filepart=; unset am_filepart;}
- { am_mf=; unset am_mf;}
- { am_rc=; unset am_rc;}
- rm -f conftest-deps.mk
-}
- ;;
- "libtool":C)
-
- # See if we are running on zsh, and set the options that allow our
- # commands through without removal of \ escapes.
- if test -n "${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
- fi
-
- cfgfile=${ofile}T
- trap "$RM \"$cfgfile\"; exit 1" 1 2 15
- $RM "$cfgfile"
-
- cat <<_LT_EOF >> "$cfgfile"
-#! $SHELL
-# Generated automatically by $as_me ($PACKAGE) $VERSION
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-
-# Provide generalized library-building support services.
-# Written by Gordon Matzigkeit, 1996
-
-# Copyright (C) 2014 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions. There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# GNU Libtool is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of of the License, or
-# (at your option) any later version.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program or library that is built
-# using GNU Libtool, you may include this file under the same
-# distribution terms that you use for the rest of that program.
-#
-# GNU Libtool is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-
-# The names of the tagged configurations supported by this script.
-available_tags=''
-
-# Configured defaults for sys_lib_dlsearch_path munging.
-: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
-
-# ### BEGIN LIBTOOL CONFIG
-
-# Which release of libtool.m4 was used?
-macro_version=$macro_version
-macro_revision=$macro_revision
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# What type of objects to build.
-pic_mode=$pic_mode
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# Shared archive member basename,for filename based shared library versioning on AIX.
-shared_archive_member_spec=$shared_archive_member_spec
-
-# Shell to use when invoking shell scripts.
-SHELL=$lt_SHELL
-
-# An echo program that protects backslashes.
-ECHO=$lt_ECHO
-
-# The PATH separator for the build system.
-PATH_SEPARATOR=$lt_PATH_SEPARATOR
-
-# The host system.
-host_alias=$host_alias
-host=$host
-host_os=$host_os
-
-# The build system.
-build_alias=$build_alias
-build=$build
-build_os=$build_os
-
-# A sed program that does not truncate output.
-SED=$lt_SED
-
-# Sed that helps us avoid accidentally triggering echo(1) options like -n.
-Xsed="\$SED -e 1s/^X//"
-
-# A grep program that handles long lines.
-GREP=$lt_GREP
-
-# An ERE matcher.
-EGREP=$lt_EGREP
-
-# A literal string matcher.
-FGREP=$lt_FGREP
-
-# A BSD- or MS-compatible name lister.
-NM=$lt_NM
-
-# Whether we need soft or hard links.
-LN_S=$lt_LN_S
-
-# What is the maximum length of a command?
-max_cmd_len=$max_cmd_len
-
-# Object file suffix (normally "o").
-objext=$ac_objext
-
-# Executable file suffix (normally "").
-exeext=$exeext
-
-# whether the shell understands "unset".
-lt_unset=$lt_unset
-
-# turn spaces into newlines.
-SP2NL=$lt_lt_SP2NL
-
-# turn newlines into spaces.
-NL2SP=$lt_lt_NL2SP
-
-# convert \$build file names to \$host format.
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-
-# convert \$build files to toolchain format.
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-
-# An object symbol dumper.
-OBJDUMP=$lt_OBJDUMP
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$lt_deplibs_check_method
-
-# Command to use when deplibs_check_method = "file_magic".
-file_magic_cmd=$lt_file_magic_cmd
-
-# How to find potential files when deplibs_check_method = "file_magic".
-file_magic_glob=$lt_file_magic_glob
-
-# Find potential files using nocaseglob when deplibs_check_method = "file_magic".
-want_nocaseglob=$lt_want_nocaseglob
-
-# DLL creation program.
-DLLTOOL=$lt_DLLTOOL
-
-# Command to associate shared and link libraries.
-sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd
-
-# The archiver.
-AR=$lt_AR
-
-# Flags to create an archive.
-AR_FLAGS=$lt_AR_FLAGS
-
-# How to feed a file listing to the archiver.
-archiver_list_spec=$lt_archiver_list_spec
-
-# A symbol stripping program.
-STRIP=$lt_STRIP
-
-# Commands used to install an old-style archive.
-RANLIB=$lt_RANLIB
-old_postinstall_cmds=$lt_old_postinstall_cmds
-old_postuninstall_cmds=$lt_old_postuninstall_cmds
-
-# Whether to use a lock for old archive extraction.
-lock_old_archive_extraction=$lock_old_archive_extraction
-
-# A C compiler.
-LTCC=$lt_CC
-
-# LTCC compiler flags.
-LTCFLAGS=$lt_CFLAGS
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration.
-global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
-
-# Transform the output of nm into a list of symbols to manually relocate.
-global_symbol_to_import=$lt_lt_cv_sys_global_symbol_to_import
-
-# Transform the output of nm in a C name address pair.
-global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
-
-# Transform the output of nm in a C name address pair when lib prefix is needed.
-global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix
-
-# The name lister interface.
-nm_interface=$lt_lt_cv_nm_interface
-
-# Specify filename containing input files for \$NM.
-nm_file_list_spec=$lt_nm_file_list_spec
-
-# The root where to search for dependent libraries,and where our libraries should be installed.
-lt_sysroot=$lt_sysroot
-
-# Command to truncate a binary pipe.
-lt_truncate_bin=$lt_lt_cv_truncate_bin
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# Used to examine libraries when file_magic_cmd begins with "file".
-MAGIC_CMD=$MAGIC_CMD
-
-# Must we lock files when doing compilation?
-need_locks=$lt_need_locks
-
-# Manifest tool.
-MANIFEST_TOOL=$lt_MANIFEST_TOOL
-
-# Tool to manipulate archived DWARF debug symbol files on Mac OS X.
-DSYMUTIL=$lt_DSYMUTIL
-
-# Tool to change global to local symbols on Mac OS X.
-NMEDIT=$lt_NMEDIT
-
-# Tool to manipulate fat objects and archives on Mac OS X.
-LIPO=$lt_LIPO
-
-# ldd/readelf like tool for Mach-O binaries on Mac OS X.
-OTOOL=$lt_OTOOL
-
-# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4.
-OTOOL64=$lt_OTOOL64
-
-# Old archive suffix (normally "a").
-libext=$libext
-
-# Shared library suffix (normally ".so").
-shrext_cmds=$lt_shrext_cmds
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$lt_extract_expsyms_cmds
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at link time.
-variables_saved_for_relink=$lt_variables_saved_for_relink
-
-# Do we need the "lib" prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Library versioning type.
-version_type=$version_type
-
-# Shared library runtime path variable.
-runpath_var=$runpath_var
-
-# Shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# Format of library name prefix.
-libname_spec=$lt_libname_spec
-
-# List of archive names. First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME
-library_names_spec=$lt_library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$lt_soname_spec
-
-# Permission mode override for installation of shared libraries.
-install_override_mode=$lt_install_override_mode
-
-# Command to use after installation of a shared archive.
-postinstall_cmds=$lt_postinstall_cmds
-
-# Command to use after uninstallation of a shared archive.
-postuninstall_cmds=$lt_postuninstall_cmds
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$lt_finish_cmds
-
-# As "finish_cmds", except a single script fragment to be evaled but
-# not shown.
-finish_eval=$lt_finish_eval
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Compile-time system search path for libraries.
-sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
-
-# Detected run-time system search path for libraries.
-sys_lib_dlsearch_path_spec=$lt_configure_time_dlsearch_path
-
-# Explicit LT_SYS_LIBRARY_PATH set during ./configure time.
-configure_time_lt_sys_library_path=$lt_configure_time_lt_sys_library_path
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Commands to strip libraries.
-old_striplib=$lt_old_striplib
-striplib=$lt_striplib
-
-
-# The linker used to build libraries.
-LD=$lt_LD
-
-# How to create reloadable object files.
-reload_flag=$lt_reload_flag
-reload_cmds=$lt_reload_cmds
-
-# Commands used to build an old-style archive.
-old_archive_cmds=$lt_old_archive_cmds
-
-# A language specific compiler.
-CC=$lt_compiler
-
-# Is the compiler the GNU compiler?
-with_gcc=$GCC
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
-
-# Additional compiler flags for building library objects.
-pic_flag=$lt_lt_prog_compiler_pic
-
-# How to pass a linker flag through the compiler.
-wl=$lt_lt_prog_compiler_wl
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$lt_lt_prog_compiler_static
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$lt_lt_cv_prog_compiler_c_o
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$archive_cmds_need_lc
-
-# Whether or not to disallow shared libs when runtime libs are static.
-allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$lt_whole_archive_flag_spec
-
-# Whether the compiler copes with passing no objects directly.
-compiler_needs_object=$lt_compiler_needs_object
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
-
-# Commands used to build a shared archive.
-archive_cmds=$lt_archive_cmds
-archive_expsym_cmds=$lt_archive_expsym_cmds
-
-# Commands used to build a loadable module if different from building
-# a shared archive.
-module_cmds=$lt_module_cmds
-module_expsym_cmds=$lt_module_expsym_cmds
-
-# Whether we are building with GNU ld or not.
-with_gnu_ld=$lt_with_gnu_ld
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$lt_allow_undefined_flag
-
-# Flag that enforces no undefined symbols.
-no_undefined_flag=$lt_no_undefined_flag
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist
-hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
-
-# Whether we need a single "-rpath" flag with a separated argument.
-hardcode_libdir_separator=$lt_hardcode_libdir_separator
-
-# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
-# DIR into the resulting binary.
-hardcode_direct=$hardcode_direct
-
-# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
-# DIR into the resulting binary and the resulting library dependency is
-# "absolute",i.e impossible to change by setting \$shlibpath_var if the
-# library is relocated.
-hardcode_direct_absolute=$hardcode_direct_absolute
-
-# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
-# into the resulting binary.
-hardcode_minus_L=$hardcode_minus_L
-
-# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
-# into the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var
-
-# Set to "yes" if building a shared library automatically hardcodes DIR
-# into the library and all subsequent libraries and executables linked
-# against it.
-hardcode_automatic=$hardcode_automatic
-
-# Set to yes if linker adds runtime paths of dependent libraries
-# to runtime path list.
-inherit_rpath=$inherit_rpath
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs
-
-# Set to "yes" if exported symbols are required.
-always_export_symbols=$always_export_symbols
-
-# The commands to list exported symbols.
-export_symbols_cmds=$lt_export_symbols_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$lt_exclude_expsyms
-
-# Symbols that must always be exported.
-include_expsyms=$lt_include_expsyms
-
-# Commands necessary for linking programs (against libraries) with templates.
-prelink_cmds=$lt_prelink_cmds
-
-# Commands necessary for finishing linking programs.
-postlink_cmds=$lt_postlink_cmds
-
-# Specify filename containing input files.
-file_list_spec=$lt_file_list_spec
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action
-
-# ### END LIBTOOL CONFIG
-
-_LT_EOF
-
- cat <<'_LT_EOF' >> "$cfgfile"
-
-# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
-
-# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-# string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-# string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-# string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-# "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-# VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
- case x@S|@2 in
- x)
- ;;
- *:)
- eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
- ;;
- x:*)
- eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
- ;;
- *::*)
- eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
- eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
- ;;
- *)
- eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
- ;;
- esac
-}
-
-
-# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
- for cc_temp in @S|@*""; do
- case $cc_temp in
- compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
- distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
- \-*) ;;
- *) break;;
- esac
- done
- func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-
-
-# ### END FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_EOF
-
- case $host_os in
- aix3*)
- cat <<\_LT_EOF >> "$cfgfile"
-# AIX sometimes has problems with the GCC collect2 program. For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test set != "${COLLECT_NAMES+set}"; then
- COLLECT_NAMES=
- export COLLECT_NAMES
-fi
-_LT_EOF
- ;;
- esac
-
-
-
-ltmain=$ac_aux_dir/ltmain.sh
-
-
- # We use sed instead of cat because bash on DJGPP gets confused if
- # if finds mixed CR/LF and LF-only lines. Since sed operates in
- # text mode, it properly converts lines to CR/LF. This bash problem
- # is reportedly fixed, but why not run on old versions too?
- sed '$q' "$ltmain" >> "$cfgfile" \
- || (rm -f "$cfgfile"; exit 1)
-
- mv -f "$cfgfile" "$ofile" ||
- (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
- chmod +x "$ofile"
-
- ;;
-
- esac
-done # for ac_tag
-
-
-as_fn_exit 0
-_ACEOF
-ac_clean_files=$ac_clean_files_save
-
-test $ac_write_fail = 0 ||
- as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
-
-
-# configure is writing to config.log, and then calls config.status.
-# config.status does its own redirection, appending to config.log.
-# Unfortunately, on DOS this fails, as config.log is still kept open
-# by configure, so config.status won't be able to write to it; its
-# output is simply discarded. So we exec the FD to /dev/null,
-# effectively closing config.log, so it can be properly (re)opened and
-# appended to by config.status. When coming back to configure, we
-# need to make the FD available again.
-if test "$no_create" != yes; then
- ac_cs_success=:
- ac_config_status_args=
- test "$silent" = yes &&
- ac_config_status_args="$ac_config_status_args --quiet"
- exec 5>/dev/null
- $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
- exec 5>>config.log
- # Use ||, not &&, to avoid exiting from the if with $? = 1, which
- # would make configure fail if this is the last instruction.
- $ac_cs_success || as_fn_exit 1
-fi
-if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
-printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
-fi
-
diff --git a/libraries/libapparmor/autom4te.cache/output.1 b/libraries/libapparmor/autom4te.cache/output.1
deleted file mode 100644
index f8d012c77079cb8e53e830a7743397aa01dc9856..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/autom4te.cache/output.1
+++ /dev/null
@@ -1,16582 +0,0 @@
-@%:@! /bin/sh
-@%:@ Guess values for system-dependent variables and create Makefiles.
-@%:@ Generated by GNU Autoconf 2.71.
-@%:@
-@%:@
-@%:@ Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
-@%:@ Inc.
-@%:@
-@%:@
-@%:@ This configure script is free software; the Free Software Foundation
-@%:@ gives unlimited permission to copy, distribute and modify it.
-## -------------------- ##
-## M4sh Initialization. ##
-## -------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-as_nop=:
-if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else $as_nop
- case `(set -o) 2>/dev/null` in @%:@(
- *posix*) :
- set -o posix ;; @%:@(
- *) :
- ;;
-esac
-fi
-
-
-
-# Reset variables that may have inherited troublesome values from
-# the environment.
-
-# IFS needs to be set, to space, tab, and newline, in precisely that order.
-# (If _AS_PATH_WALK were called with IFS unset, it would have the
-# side effect of setting IFS to empty, thus disabling word splitting.)
-# Quoting is to prevent editors from complaining about space-tab.
-as_nl='
-'
-export as_nl
-IFS=" "" $as_nl"
-
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# Ensure predictable behavior from utilities with locale-dependent output.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# We cannot yet rely on "unset" to work, but we need these variables
-# to be unset--not just set to an empty or harmless value--now, to
-# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
-# also avoids known problems related to "unset" and subshell syntax
-# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
-for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
-do eval test \${$as_var+y} \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-
-# Ensure that fds 0, 1, and 2 are open.
-if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
-if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
-if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
-
-# The user is always right.
-if ${PATH_SEPARATOR+false} :; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-# Find who we are. Look in the path if we contain no directory separator.
-as_myself=
-case $0 in @%:@((
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- test -r "$as_dir$0" && as_myself=$as_dir$0 && break
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
-fi
-
-
-# Use a proper internal environment variable to ensure we don't fall
- # into an infinite loop, continuously re-executing ourselves.
- if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
- _as_can_reexec=no; export _as_can_reexec;
- # We cannot yet assume a decent shell, so we have to provide a
-# neutralization value for shells without unset; and this also
-# works around shells that cannot unset nonexistent variables.
-# Preserve -v and -x to the replacement shell.
-BASH_ENV=/dev/null
-ENV=/dev/null
-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-case $- in @%:@ ((((
- *v*x* | *x*v* ) as_opts=-vx ;;
- *v* ) as_opts=-v ;;
- *x* ) as_opts=-x ;;
- * ) as_opts= ;;
-esac
-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-# Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed `exec'.
-printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
-exit 255
- fi
- # We don't want this to propagate to other subprocesses.
- { _as_can_reexec=; unset _as_can_reexec;}
-if test "x$CONFIG_SHELL" = x; then
- as_bourne_compatible="as_nop=:
-if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '\${1+\"\$@\"}'='\"\$@\"'
- setopt NO_GLOB_SUBST
-else \$as_nop
- case \`(set -o) 2>/dev/null\` in @%:@(
- *posix*) :
- set -o posix ;; @%:@(
- *) :
- ;;
-esac
-fi
-"
- as_required="as_fn_return () { (exit \$1); }
-as_fn_success () { as_fn_return 0; }
-as_fn_failure () { as_fn_return 1; }
-as_fn_ret_success () { return 0; }
-as_fn_ret_failure () { return 1; }
-
-exitcode=0
-as_fn_success || { exitcode=1; echo as_fn_success failed.; }
-as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
-as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
-as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
-if ( set x; as_fn_ret_success y && test x = \"\$1\" )
-then :
-
-else \$as_nop
- exitcode=1; echo positional parameters were not saved.
-fi
-test x\$exitcode = x0 || exit 1
-blah=\$(echo \$(echo blah))
-test x\"\$blah\" = xblah || exit 1
-test -x / || exit 1"
- as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
- as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
- eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
- test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
-test \$(( 1 + 1 )) = 2 || exit 1
-
- test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || (
- ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
- ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO
- ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO
- PATH=/empty FPATH=/empty; export PATH FPATH
- test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\
- || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1"
- if (eval "$as_required") 2>/dev/null
-then :
- as_have_required=yes
-else $as_nop
- as_have_required=no
-fi
- if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null
-then :
-
-else $as_nop
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-as_found=false
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- as_found=:
- case $as_dir in @%:@(
- /*)
- for as_base in sh bash ksh sh5; do
- # Try only shells that exist, to save several forks.
- as_shell=$as_dir$as_base
- if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
- as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null
-then :
- CONFIG_SHELL=$as_shell as_have_required=yes
- if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null
-then :
- break 2
-fi
-fi
- done;;
- esac
- as_found=false
-done
-IFS=$as_save_IFS
-if $as_found
-then :
-
-else $as_nop
- if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
- as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null
-then :
- CONFIG_SHELL=$SHELL as_have_required=yes
-fi
-fi
-
-
- if test "x$CONFIG_SHELL" != x
-then :
- export CONFIG_SHELL
- # We cannot yet assume a decent shell, so we have to provide a
-# neutralization value for shells without unset; and this also
-# works around shells that cannot unset nonexistent variables.
-# Preserve -v and -x to the replacement shell.
-BASH_ENV=/dev/null
-ENV=/dev/null
-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-case $- in @%:@ ((((
- *v*x* | *x*v* ) as_opts=-vx ;;
- *v* ) as_opts=-v ;;
- *x* ) as_opts=-x ;;
- * ) as_opts= ;;
-esac
-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-# Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed `exec'.
-printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
-exit 255
-fi
-
- if test x$as_have_required = xno
-then :
- printf "%s\n" "$0: This script requires a shell more modern than all"
- printf "%s\n" "$0: the shells that I found on your system."
- if test ${ZSH_VERSION+y} ; then
- printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should"
- printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later."
- else
- printf "%s\n" "$0: Please tell bug-autoconf@gnu.org about your system,
-$0: including any error possibly output before this
-$0: message. Then install a modern shell, or manually run
-$0: the script under such a shell if you do have one."
- fi
- exit 1
-fi
-fi
-fi
-SHELL=${CONFIG_SHELL-/bin/sh}
-export SHELL
-# Unset more variables known to interfere with behavior of common tools.
-CLICOLOR_FORCE= GREP_OPTIONS=
-unset CLICOLOR_FORCE GREP_OPTIONS
-
-## --------------------- ##
-## M4sh Shell Functions. ##
-## --------------------- ##
-@%:@ as_fn_unset VAR
-@%:@ ---------------
-@%:@ Portably unset VAR.
-as_fn_unset ()
-{
- { eval $1=; unset $1;}
-}
-as_unset=as_fn_unset
-
-
-@%:@ as_fn_set_status STATUS
-@%:@ -----------------------
-@%:@ Set @S|@? to STATUS, without forking.
-as_fn_set_status ()
-{
- return $1
-} @%:@ as_fn_set_status
-
-@%:@ as_fn_exit STATUS
-@%:@ -----------------
-@%:@ Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
-as_fn_exit ()
-{
- set +e
- as_fn_set_status $1
- exit $1
-} @%:@ as_fn_exit
-@%:@ as_fn_nop
-@%:@ ---------
-@%:@ Do nothing but, unlike ":", preserve the value of @S|@?.
-as_fn_nop ()
-{
- return $?
-}
-as_nop=as_fn_nop
-
-@%:@ as_fn_mkdir_p
-@%:@ -------------
-@%:@ Create "@S|@as_dir" as a directory, including parents if necessary.
-as_fn_mkdir_p ()
-{
-
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || eval $as_mkdir_p || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
-
-
-} @%:@ as_fn_mkdir_p
-
-@%:@ as_fn_executable_p FILE
-@%:@ -----------------------
-@%:@ Test if FILE is an executable regular file.
-as_fn_executable_p ()
-{
- test -f "$1" && test -x "$1"
-} @%:@ as_fn_executable_p
-@%:@ as_fn_append VAR VALUE
-@%:@ ----------------------
-@%:@ Append the text in VALUE to the end of the definition contained in VAR. Take
-@%:@ advantage of any shell optimizations that allow amortized linear growth over
-@%:@ repeated appends, instead of the typical quadratic growth present in naive
-@%:@ implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
-then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
-else $as_nop
- as_fn_append ()
- {
- eval $1=\$$1\$2
- }
-fi # as_fn_append
-
-@%:@ as_fn_arith ARG...
-@%:@ ------------------
-@%:@ Perform arithmetic evaluation on the ARGs, and store the result in the
-@%:@ global @S|@as_val. Take advantage of shells that can avoid forks. The arguments
-@%:@ must be portable across @S|@(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
-then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
-else $as_nop
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
- }
-fi # as_fn_arith
-
-@%:@ as_fn_nop
-@%:@ ---------
-@%:@ Do nothing but, unlike ":", preserve the value of @S|@?.
-as_fn_nop ()
-{
- return $?
-}
-as_nop=as_fn_nop
-
-@%:@ as_fn_error STATUS ERROR [LINENO LOG_FD]
-@%:@ ----------------------------------------
-@%:@ Output "`basename @S|@0`: error: ERROR" to stderr. If LINENO and LOG_FD are
-@%:@ provided, also output the error to LOG_FD, referencing LINENO. Then exit the
-@%:@ script with STATUS, using 1 if that was 0.
-as_fn_error ()
-{
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
- printf "%s\n" "$as_me: error: $2" >&2
- as_fn_exit $as_status
-} @%:@ as_fn_error
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-
- as_lineno_1=$LINENO as_lineno_1a=$LINENO
- as_lineno_2=$LINENO as_lineno_2a=$LINENO
- eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
- test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
- # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
- sed -n '
- p
- /[$]LINENO/=
- ' <$as_myself |
- sed '
- s/[$]LINENO.*/&-/
- t lineno
- b
- :lineno
- N
- :loop
- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
- t loop
- s/-\n.*//
- ' >$as_me.lineno &&
- chmod +x "$as_me.lineno" ||
- { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
-
- # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
- # already done that, so ensure we don't try to do so again and fall
- # in an infinite loop. This has already happened in practice.
- _as_can_reexec=no; export _as_can_reexec
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensitive to this).
- . "./$as_me.lineno"
- # Exit status is that of the last command.
- exit
-}
-
-
-# Determine whether it's possible to make 'echo' print without a newline.
-# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
-# for compatibility with existing Makefiles.
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in @%:@(((((
--n*)
- case `echo 'xy\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- xy) ECHO_C='\c';;
- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
- ECHO_T=' ';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-
-# For backward compatibility with old third-party macros, we provide
-# the shell variables $as_echo and $as_echo_n. New code should use
-# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
-as_@&t@echo='printf %s\n'
-as_@&t@echo_n='printf %s'
-
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -pR'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -pR'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -pR'
- fi
-else
- as_ln_s='cp -pR'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p='mkdir -p "$as_dir"'
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-as_test_x='test -x'
-as_executable_p=as_fn_executable_p
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-
-test -n "$DJDIR" || exec 7<&0 </dev/null
-exec 6>&1
-
-# Name of the host.
-# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
-# so uname gets run too.
-ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
-
-#
-# Initializations.
-#
-ac_default_prefix=/usr/local
-ac_clean_files=
-ac_config_libobj_dir=.
-LIB@&t@OBJS=
-cross_compiling=no
-subdirs=
-MFLAGS=
-MAKEFLAGS=
-
-# Identity of this package.
-PACKAGE_NAME=''
-PACKAGE_TARNAME=''
-PACKAGE_VERSION=''
-PACKAGE_STRING=''
-PACKAGE_BUGREPORT=''
-PACKAGE_URL=''
-
-ac_unique_file="configure.ac"
-# Factoring default headers for most tests.
-ac_includes_default="\
-#include <stddef.h>
-#ifdef HAVE_STDIO_H
-# include <stdio.h>
-#endif
-#ifdef HAVE_STDLIB_H
-# include <stdlib.h>
-#endif
-#ifdef HAVE_STRING_H
-# include <string.h>
-#endif
-#ifdef HAVE_INTTYPES_H
-# include <inttypes.h>
-#endif
-#ifdef HAVE_STDINT_H
-# include <stdint.h>
-#endif
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif"
-
-ac_header_c_list=
-ac_subst_vars='am__EXEEXT_FALSE
-am__EXEEXT_TRUE
-LTLIBOBJS
-LIB@&t@OBJS
-LT_SYS_LIBRARY_PATH
-OTOOL64
-OTOOL
-LIPO
-NMEDIT
-DSYMUTIL
-MANIFEST_TOOL
-RANLIB
-ac_ct_AR
-AR
-DLLTOOL
-OBJDUMP
-LN_S
-NM
-ac_ct_DUMPBIN
-DUMPBIN
-LD
-FGREP
-host_os
-host_vendor
-host_cpu
-host
-build_os
-build_vendor
-build_cpu
-build
-LIBTOOL
-EGREP
-GREP
-HAVE_RUBY_FALSE
-HAVE_RUBY_TRUE
-HAVE_PERL_FALSE
-HAVE_PERL_TRUE
-HAVE_PYTHON_FALSE
-HAVE_PYTHON_TRUE
-ENABLE_MAN_PAGES_FALSE
-ENABLE_MAN_PAGES_TRUE
-RUBY
-PERL
-pkgpyexecdir
-pyexecdir
-pkgpythondir
-pythondir
-PYTHON_EXEC_PREFIX
-PYTHON_PREFIX
-PYTHON_PLATFORM
-PYTHON_EXTRA_LDFLAGS
-PYTHON_EXTRA_LIBS
-PYTHON_SITE_PKG
-PYTHON_LDFLAGS
-PYTHON_CPPFLAGS
-PYTHON_CONFIG
-PYTHON_VERSION
-PYTHON
-POD2MAN
-PODCHECKER
-SWIG
-PKG_CONFIG_LIBDIR
-PKG_CONFIG_PATH
-PKG_CONFIG
-SED
-YFLAGS
-YACC
-LEXLIB
-am__fastdepCC_FALSE
-am__fastdepCC_TRUE
-CCDEPMODE
-am__nodep
-AMDEPBACKSLASH
-AMDEP_FALSE
-AMDEP_TRUE
-am__include
-DEPDIR
-OBJEXT
-EXEEXT
-ac_ct_CC
-CPPFLAGS
-LDFLAGS
-CFLAGS
-CC
-LEX_OUTPUT_ROOT
-LEX
-AM_BACKSLASH
-AM_DEFAULT_VERBOSITY
-AM_DEFAULT_V
-AM_V
-CSCOPE
-ETAGS
-CTAGS
-am__untar
-am__tar
-AMTAR
-am__leading_dot
-SET_MAKE
-AWK
-mkdir_p
-MKDIR_P
-INSTALL_STRIP_PROGRAM
-STRIP
-install_sh
-MAKEINFO
-AUTOHEADER
-AUTOMAKE
-AUTOCONF
-ACLOCAL
-VERSION
-PACKAGE
-CYGPATH_W
-am__isrc
-INSTALL_DATA
-INSTALL_SCRIPT
-INSTALL_PROGRAM
-target_alias
-host_alias
-build_alias
-LIBS
-ECHO_T
-ECHO_N
-ECHO_C
-DEFS
-mandir
-localedir
-libdir
-psdir
-pdfdir
-dvidir
-htmldir
-infodir
-docdir
-oldincludedir
-includedir
-runstatedir
-localstatedir
-sharedstatedir
-sysconfdir
-datadir
-datarootdir
-libexecdir
-sbindir
-bindir
-program_transform_name
-prefix
-exec_prefix
-PACKAGE_URL
-PACKAGE_BUGREPORT
-PACKAGE_STRING
-PACKAGE_VERSION
-PACKAGE_TARNAME
-PACKAGE_NAME
-PATH_SEPARATOR
-SHELL
-am__quote'
-ac_subst_files=''
-ac_user_opts='
-enable_option_checking
-enable_silent_rules
-enable_dependency_tracking
-enable_debug_output
-enable_man_pages
-with_python
-with_python_sys_prefix
-with_python_prefix
-with_python_exec_prefix
-with_perl
-with_ruby
-enable_shared
-enable_static
-with_pic
-enable_fast_install
-with_aix_soname
-with_gnu_ld
-with_sysroot
-enable_libtool_lock
-'
- ac_precious_vars='build_alias
-host_alias
-target_alias
-CC
-CFLAGS
-LDFLAGS
-LIBS
-CPPFLAGS
-YACC
-YFLAGS
-PKG_CONFIG
-PKG_CONFIG_PATH
-PKG_CONFIG_LIBDIR
-PYTHON_VERSION
-PYTHON
-LT_SYS_LIBRARY_PATH'
-
-
-# Initialize some variables set by options.
-ac_init_help=
-ac_init_version=false
-ac_unrecognized_opts=
-ac_unrecognized_sep=
-# The variables have the same names as the options, with
-# dashes changed to underlines.
-cache_file=/dev/null
-exec_prefix=NONE
-no_create=
-no_recursion=
-prefix=NONE
-program_prefix=NONE
-program_suffix=NONE
-program_transform_name=s,x,x,
-silent=
-site=
-srcdir=
-verbose=
-x_includes=NONE
-x_libraries=NONE
-
-# Installation directory options.
-# These are left unexpanded so users can "make install exec_prefix=/foo"
-# and all the variables that are supposed to be based on exec_prefix
-# by default will actually change.
-# Use braces instead of parens because sh, perl, etc. also accept them.
-# (The list follows the same order as the GNU Coding Standards.)
-bindir='${exec_prefix}/bin'
-sbindir='${exec_prefix}/sbin'
-libexecdir='${exec_prefix}/libexec'
-datarootdir='${prefix}/share'
-datadir='${datarootdir}'
-sysconfdir='${prefix}/etc'
-sharedstatedir='${prefix}/com'
-localstatedir='${prefix}/var'
-runstatedir='${localstatedir}/run'
-includedir='${prefix}/include'
-oldincludedir='/usr/include'
-docdir='${datarootdir}/doc/${PACKAGE}'
-infodir='${datarootdir}/info'
-htmldir='${docdir}'
-dvidir='${docdir}'
-pdfdir='${docdir}'
-psdir='${docdir}'
-libdir='${exec_prefix}/lib'
-localedir='${datarootdir}/locale'
-mandir='${datarootdir}/man'
-
-ac_prev=
-ac_dashdash=
-for ac_option
-do
- # If the previous option needs an argument, assign it.
- if test -n "$ac_prev"; then
- eval $ac_prev=\$ac_option
- ac_prev=
- continue
- fi
-
- case $ac_option in
- *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
- *=) ac_optarg= ;;
- *) ac_optarg=yes ;;
- esac
-
- case $ac_dashdash$ac_option in
- --)
- ac_dashdash=yes ;;
-
- -bindir | --bindir | --bindi | --bind | --bin | --bi)
- ac_prev=bindir ;;
- -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
- bindir=$ac_optarg ;;
-
- -build | --build | --buil | --bui | --bu)
- ac_prev=build_alias ;;
- -build=* | --build=* | --buil=* | --bui=* | --bu=*)
- build_alias=$ac_optarg ;;
-
- -cache-file | --cache-file | --cache-fil | --cache-fi \
- | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
- ac_prev=cache_file ;;
- -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
- | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
- cache_file=$ac_optarg ;;
-
- --config-cache | -C)
- cache_file=config.cache ;;
-
- -datadir | --datadir | --datadi | --datad)
- ac_prev=datadir ;;
- -datadir=* | --datadir=* | --datadi=* | --datad=*)
- datadir=$ac_optarg ;;
-
- -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
- | --dataroo | --dataro | --datar)
- ac_prev=datarootdir ;;
- -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
- | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
- datarootdir=$ac_optarg ;;
-
- -disable-* | --disable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=no ;;
-
- -docdir | --docdir | --docdi | --doc | --do)
- ac_prev=docdir ;;
- -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
- docdir=$ac_optarg ;;
-
- -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
- ac_prev=dvidir ;;
- -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
- dvidir=$ac_optarg ;;
-
- -enable-* | --enable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=\$ac_optarg ;;
-
- -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
- | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
- | --exec | --exe | --ex)
- ac_prev=exec_prefix ;;
- -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
- | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
- | --exec=* | --exe=* | --ex=*)
- exec_prefix=$ac_optarg ;;
-
- -gas | --gas | --ga | --g)
- # Obsolete; use --with-gas.
- with_gas=yes ;;
-
- -help | --help | --hel | --he | -h)
- ac_init_help=long ;;
- -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
- ac_init_help=recursive ;;
- -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
- ac_init_help=short ;;
-
- -host | --host | --hos | --ho)
- ac_prev=host_alias ;;
- -host=* | --host=* | --hos=* | --ho=*)
- host_alias=$ac_optarg ;;
-
- -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
- ac_prev=htmldir ;;
- -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
- | --ht=*)
- htmldir=$ac_optarg ;;
-
- -includedir | --includedir | --includedi | --included | --include \
- | --includ | --inclu | --incl | --inc)
- ac_prev=includedir ;;
- -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
- | --includ=* | --inclu=* | --incl=* | --inc=*)
- includedir=$ac_optarg ;;
-
- -infodir | --infodir | --infodi | --infod | --info | --inf)
- ac_prev=infodir ;;
- -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
- infodir=$ac_optarg ;;
-
- -libdir | --libdir | --libdi | --libd)
- ac_prev=libdir ;;
- -libdir=* | --libdir=* | --libdi=* | --libd=*)
- libdir=$ac_optarg ;;
-
- -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
- | --libexe | --libex | --libe)
- ac_prev=libexecdir ;;
- -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
- | --libexe=* | --libex=* | --libe=*)
- libexecdir=$ac_optarg ;;
-
- -localedir | --localedir | --localedi | --localed | --locale)
- ac_prev=localedir ;;
- -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
- localedir=$ac_optarg ;;
-
- -localstatedir | --localstatedir | --localstatedi | --localstated \
- | --localstate | --localstat | --localsta | --localst | --locals)
- ac_prev=localstatedir ;;
- -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
- | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
- localstatedir=$ac_optarg ;;
-
- -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
- ac_prev=mandir ;;
- -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
- mandir=$ac_optarg ;;
-
- -nfp | --nfp | --nf)
- # Obsolete; use --without-fp.
- with_fp=no ;;
-
- -no-create | --no-create | --no-creat | --no-crea | --no-cre \
- | --no-cr | --no-c | -n)
- no_create=yes ;;
-
- -no-recursion | --no-recursion | --no-recursio | --no-recursi \
- | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
- no_recursion=yes ;;
-
- -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
- | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
- | --oldin | --oldi | --old | --ol | --o)
- ac_prev=oldincludedir ;;
- -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
- | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
- | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
- oldincludedir=$ac_optarg ;;
-
- -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
- ac_prev=prefix ;;
- -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
- prefix=$ac_optarg ;;
-
- -program-prefix | --program-prefix | --program-prefi | --program-pref \
- | --program-pre | --program-pr | --program-p)
- ac_prev=program_prefix ;;
- -program-prefix=* | --program-prefix=* | --program-prefi=* \
- | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
- program_prefix=$ac_optarg ;;
-
- -program-suffix | --program-suffix | --program-suffi | --program-suff \
- | --program-suf | --program-su | --program-s)
- ac_prev=program_suffix ;;
- -program-suffix=* | --program-suffix=* | --program-suffi=* \
- | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
- program_suffix=$ac_optarg ;;
-
- -program-transform-name | --program-transform-name \
- | --program-transform-nam | --program-transform-na \
- | --program-transform-n | --program-transform- \
- | --program-transform | --program-transfor \
- | --program-transfo | --program-transf \
- | --program-trans | --program-tran \
- | --progr-tra | --program-tr | --program-t)
- ac_prev=program_transform_name ;;
- -program-transform-name=* | --program-transform-name=* \
- | --program-transform-nam=* | --program-transform-na=* \
- | --program-transform-n=* | --program-transform-=* \
- | --program-transform=* | --program-transfor=* \
- | --program-transfo=* | --program-transf=* \
- | --program-trans=* | --program-tran=* \
- | --progr-tra=* | --program-tr=* | --program-t=*)
- program_transform_name=$ac_optarg ;;
-
- -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
- ac_prev=pdfdir ;;
- -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
- pdfdir=$ac_optarg ;;
-
- -psdir | --psdir | --psdi | --psd | --ps)
- ac_prev=psdir ;;
- -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
- psdir=$ac_optarg ;;
-
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- silent=yes ;;
-
- -runstatedir | --runstatedir | --runstatedi | --runstated \
- | --runstate | --runstat | --runsta | --runst | --runs \
- | --run | --ru | --r)
- ac_prev=runstatedir ;;
- -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
- | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
- | --run=* | --ru=* | --r=*)
- runstatedir=$ac_optarg ;;
-
- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
- ac_prev=sbindir ;;
- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
- | --sbi=* | --sb=*)
- sbindir=$ac_optarg ;;
-
- -sharedstatedir | --sharedstatedir | --sharedstatedi \
- | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
- | --sharedst | --shareds | --shared | --share | --shar \
- | --sha | --sh)
- ac_prev=sharedstatedir ;;
- -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
- | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
- | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
- | --sha=* | --sh=*)
- sharedstatedir=$ac_optarg ;;
-
- -site | --site | --sit)
- ac_prev=site ;;
- -site=* | --site=* | --sit=*)
- site=$ac_optarg ;;
-
- -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
- ac_prev=srcdir ;;
- -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
- srcdir=$ac_optarg ;;
-
- -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
- | --syscon | --sysco | --sysc | --sys | --sy)
- ac_prev=sysconfdir ;;
- -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
- | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
- sysconfdir=$ac_optarg ;;
-
- -target | --target | --targe | --targ | --tar | --ta | --t)
- ac_prev=target_alias ;;
- -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
- target_alias=$ac_optarg ;;
-
- -v | -verbose | --verbose | --verbos | --verbo | --verb)
- verbose=yes ;;
-
- -version | --version | --versio | --versi | --vers | -V)
- ac_init_version=: ;;
-
- -with-* | --with-*)
- ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=\$ac_optarg ;;
-
- -without-* | --without-*)
- ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=no ;;
-
- --x)
- # Obsolete; use --with-x.
- with_x=yes ;;
-
- -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
- | --x-incl | --x-inc | --x-in | --x-i)
- ac_prev=x_includes ;;
- -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
- | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
- x_includes=$ac_optarg ;;
-
- -x-libraries | --x-libraries | --x-librarie | --x-librari \
- | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
- ac_prev=x_libraries ;;
- -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
- | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
- x_libraries=$ac_optarg ;;
-
- -*) as_fn_error $? "unrecognized option: \`$ac_option'
-Try \`$0 --help' for more information"
- ;;
-
- *=*)
- ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
- # Reject names that are not valid shell variable names.
- case $ac_envvar in #(
- '' | [0-9]* | *[!_$as_cr_alnum]* )
- as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
- esac
- eval $ac_envvar=\$ac_optarg
- export $ac_envvar ;;
-
- *)
- # FIXME: should be removed in autoconf 3.0.
- printf "%s\n" "$as_me: WARNING: you should use --build, --host, --target" >&2
- expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- printf "%s\n" "$as_me: WARNING: invalid host type: $ac_option" >&2
- : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
- ;;
-
- esac
-done
-
-if test -n "$ac_prev"; then
- ac_option=--`echo $ac_prev | sed 's/_/-/g'`
- as_fn_error $? "missing argument to $ac_option"
-fi
-
-if test -n "$ac_unrecognized_opts"; then
- case $enable_option_checking in
- no) ;;
- fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
- *) printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
- esac
-fi
-
-# Check all directory arguments for consistency.
-for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
- datadir sysconfdir sharedstatedir localstatedir includedir \
- oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
- libdir localedir mandir runstatedir
-do
- eval ac_val=\$$ac_var
- # Remove trailing slashes.
- case $ac_val in
- */ )
- ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
- eval $ac_var=\$ac_val;;
- esac
- # Be sure to have absolute directory names.
- case $ac_val in
- [\\/$]* | ?:[\\/]* ) continue;;
- NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
- esac
- as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
-done
-
-# There might be people who depend on the old broken behavior: `$host'
-# used to hold the argument of --host etc.
-# FIXME: To remove some day.
-build=$build_alias
-host=$host_alias
-target=$target_alias
-
-# FIXME: To remove some day.
-if test "x$host_alias" != x; then
- if test "x$build_alias" = x; then
- cross_compiling=maybe
- elif test "x$build_alias" != "x$host_alias"; then
- cross_compiling=yes
- fi
-fi
-
-ac_tool_prefix=
-test -n "$host_alias" && ac_tool_prefix=$host_alias-
-
-test "$silent" = yes && exec 6>/dev/null
-
-
-ac_pwd=`pwd` && test -n "$ac_pwd" &&
-ac_ls_di=`ls -di .` &&
-ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
- as_fn_error $? "working directory cannot be determined"
-test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
- as_fn_error $? "pwd does not report name of working directory"
-
-
-# Find the source files, if location was not specified.
-if test -z "$srcdir"; then
- ac_srcdir_defaulted=yes
- # Try the directory containing this script, then the parent directory.
- ac_confdir=`$as_dirname -- "$as_myself" ||
-$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_myself" : 'X\(//\)[^/]' \| \
- X"$as_myself" : 'X\(//\)$' \| \
- X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$as_myself" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- srcdir=$ac_confdir
- if test ! -r "$srcdir/$ac_unique_file"; then
- srcdir=..
- fi
-else
- ac_srcdir_defaulted=no
-fi
-if test ! -r "$srcdir/$ac_unique_file"; then
- test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
- as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
-fi
-ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
-ac_abs_confdir=`(
- cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
- pwd)`
-# When building in place, set srcdir=.
-if test "$ac_abs_confdir" = "$ac_pwd"; then
- srcdir=.
-fi
-# Remove unnecessary trailing slashes from srcdir.
-# Double slashes in file names in object file debugging info
-# mess up M-x gdb in Emacs.
-case $srcdir in
-*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
-esac
-for ac_var in $ac_precious_vars; do
- eval ac_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_env_${ac_var}_value=\$${ac_var}
- eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_cv_env_${ac_var}_value=\$${ac_var}
-done
-
-#
-# Report the --help message.
-#
-if test "$ac_init_help" = "long"; then
- # Omit some internal or obsolete options to make the list less imposing.
- # This message is too long to be a string in the A/UX 3.1 sh.
- cat <<_ACEOF
-\`configure' configures this package to adapt to many kinds of systems.
-
-Usage: $0 [OPTION]... [VAR=VALUE]...
-
-To assign environment variables (e.g., CC, CFLAGS...), specify them as
-VAR=VALUE. See below for descriptions of some of the useful variables.
-
-Defaults for the options are specified in brackets.
-
-Configuration:
- -h, --help display this help and exit
- --help=short display options specific to this package
- --help=recursive display the short help of all the included packages
- -V, --version display version information and exit
- -q, --quiet, --silent do not print \`checking ...' messages
- --cache-file=FILE cache test results in FILE [disabled]
- -C, --config-cache alias for \`--cache-file=config.cache'
- -n, --no-create do not create output files
- --srcdir=DIR find the sources in DIR [configure dir or \`..']
-
-Installation directories:
- --prefix=PREFIX install architecture-independent files in PREFIX
- @<:@@S|@ac_default_prefix@:>@
- --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
- @<:@PREFIX@:>@
-
-By default, \`make install' will install all the files in
-\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
-an installation prefix other than \`$ac_default_prefix' using \`--prefix',
-for instance \`--prefix=\$HOME'.
-
-For better control, use the options below.
-
-Fine tuning of the installation directories:
- --bindir=DIR user executables [EPREFIX/bin]
- --sbindir=DIR system admin executables [EPREFIX/sbin]
- --libexecdir=DIR program executables [EPREFIX/libexec]
- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
- --libdir=DIR object code libraries [EPREFIX/lib]
- --includedir=DIR C header files [PREFIX/include]
- --oldincludedir=DIR C header files for non-gcc [/usr/include]
- --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
- --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
- --infodir=DIR info documentation [DATAROOTDIR/info]
- --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
- --mandir=DIR man documentation [DATAROOTDIR/man]
- --docdir=DIR documentation root @<:@DATAROOTDIR/doc/PACKAGE@:>@
- --htmldir=DIR html documentation [DOCDIR]
- --dvidir=DIR dvi documentation [DOCDIR]
- --pdfdir=DIR pdf documentation [DOCDIR]
- --psdir=DIR ps documentation [DOCDIR]
-_ACEOF
-
- cat <<\_ACEOF
-
-Program names:
- --program-prefix=PREFIX prepend PREFIX to installed program names
- --program-suffix=SUFFIX append SUFFIX to installed program names
- --program-transform-name=PROGRAM run sed PROGRAM on installed program names
-
-System types:
- --build=BUILD configure for building on BUILD [guessed]
- --host=HOST cross-compile to build programs to run on HOST [BUILD]
-_ACEOF
-fi
-
-if test -n "$ac_init_help"; then
-
- cat <<\_ACEOF
-
-Optional Features:
- --disable-option-checking ignore unrecognized --enable/--with options
- --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
- --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
- --enable-silent-rules less verbose build output (undo: "make V=1")
- --disable-silent-rules verbose build output (undo: "make V=0")
- --enable-dependency-tracking
- do not reject slow dependency extractors
- --disable-dependency-tracking
- speeds up one-time build
- --enable-debug-output generate the libapparmor debug output @<:@@<:@default=no@:>@@:>@
- --enable-man-pages generate the libapparmor man pages @<:@@<:@default=yes@:>@@:>@
- --enable-shared@<:@=PKGS@:>@ build shared libraries @<:@default=yes@:>@
- --enable-static@<:@=PKGS@:>@ build static libraries @<:@default=yes@:>@
- --enable-fast-install@<:@=PKGS@:>@
- optimize for fast installation @<:@default=yes@:>@
- --disable-libtool-lock avoid locking (might break parallel builds)
-
-Optional Packages:
- --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
- --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
- --with-python enable the python wrapper [default=no]
- --with-python-sys-prefix
- use Python's sys.prefix and sys.exec_prefix values
- --with-python_prefix override the default PYTHON_PREFIX
- --with-python_exec_prefix
- override the default PYTHON_EXEC_PREFIX
- --with-perl enable the perl wrapper [default=no]
- --with-ruby enable the ruby wrapper [default=no]
- --with-pic@<:@=PKGS@:>@ try to use only PIC/non-PIC objects @<:@default=use
- both@:>@
- --with-aix-soname=aix|svr4|both
- shared library versioning (aka "SONAME") variant to
- provide on AIX, @<:@default=aix@:>@.
- --with-gnu-ld assume the C compiler uses GNU ld @<:@default=no@:>@
- --with-sysroot@<:@=DIR@:>@ Search for dependent libraries within DIR (or the
- compiler's sysroot if not specified).
-
-Some influential environment variables:
- CC C compiler command
- CFLAGS C compiler flags
- LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
- nonstandard directory <lib dir>
- LIBS libraries to pass to the linker, e.g. -l<library>
- CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
- you have headers in a nonstandard directory <include dir>
- YACC The `Yet Another Compiler Compiler' implementation to use.
- Defaults to the first program found out of: `bison -y', `byacc',
- `yacc'.
- YFLAGS The list of arguments that will be passed by default to @S|@YACC.
- This script will default YFLAGS to the empty string to avoid a
- default value of `-d' given by some make applications.
- PKG_CONFIG path to pkg-config utility
- PKG_CONFIG_PATH
- directories to add to pkg-config's search path
- PKG_CONFIG_LIBDIR
- path overriding pkg-config's built-in search path
- PYTHON_VERSION
- The installed Python version to use, for example '2.3'. This
- string will be appended to the Python interpreter canonical
- name.
- PYTHON the Python interpreter
- LT_SYS_LIBRARY_PATH
- User-defined run-time library search path.
-
-Use these variables to override the choices made by `configure' or to help
-it to find libraries and programs with nonstandard names/locations.
-
-Report bugs to the package provider.
-_ACEOF
-ac_status=$?
-fi
-
-if test "$ac_init_help" = "recursive"; then
- # If there are subdirs, report their specific --help.
- for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
- test -d "$ac_dir" ||
- { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
- continue
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
- cd "$ac_dir" || { ac_status=$?; continue; }
- # Check for configure.gnu first; this name is used for a wrapper for
- # Metaconfig's "Configure" on case-insensitive file systems.
- if test -f "$ac_srcdir/configure.gnu"; then
- echo &&
- $SHELL "$ac_srcdir/configure.gnu" --help=recursive
- elif test -f "$ac_srcdir/configure"; then
- echo &&
- $SHELL "$ac_srcdir/configure" --help=recursive
- else
- printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2
- fi || ac_status=$?
- cd "$ac_pwd" || { ac_status=$?; break; }
- done
-fi
-
-test -n "$ac_init_help" && exit $ac_status
-if $ac_init_version; then
- cat <<\_ACEOF
-configure
-generated by GNU Autoconf 2.71
-
-Copyright (C) 2021 Free Software Foundation, Inc.
-This configure script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it.
-_ACEOF
- exit
-fi
-
-## ------------------------ ##
-## Autoconf initialization. ##
-## ------------------------ ##
-
-@%:@ ac_fn_c_try_compile LINENO
-@%:@ --------------------------
-@%:@ Try to compile conftest.@S|@ac_ext, and return whether this succeeded.
-ac_fn_c_try_compile ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext conftest.beam
- if { { ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext
-then :
- ac_retval=0
-else $as_nop
- printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} @%:@ ac_fn_c_try_compile
-
-@%:@ ac_fn_c_try_link LINENO
-@%:@ -----------------------
-@%:@ Try to link conftest.@S|@ac_ext, and return whether this succeeded.
-ac_fn_c_try_link ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext
- if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext && {
- test "$cross_compiling" = yes ||
- test -x conftest$ac_exeext
- }
-then :
- ac_retval=0
-else $as_nop
- printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
- # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
- # interfere with the next link command; also delete a directory that is
- # left behind by Apple's compiler. We do this before executing the actions.
- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} @%:@ ac_fn_c_try_link
-
-@%:@ ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
-@%:@ -------------------------------------------------------
-@%:@ Tests whether HEADER exists and can be compiled using the include files in
-@%:@ INCLUDES, setting the cache variable VAR accordingly.
-ac_fn_c_check_header_compile ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-printf %s "checking for $2... " >&6; }
-if eval test \${$3+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-@%:@include <$2>
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- eval "$3=yes"
-else $as_nop
- eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-printf "%s\n" "$ac_res" >&6; }
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} @%:@ ac_fn_c_check_header_compile
-
-@%:@ ac_fn_c_check_func LINENO FUNC VAR
-@%:@ ----------------------------------
-@%:@ Tests whether FUNC exists, setting the cache variable VAR accordingly
-ac_fn_c_check_func ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-printf %s "checking for $2... " >&6; }
-if eval test \${$3+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define $2 innocuous_$2
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $2 (); below. */
-
-#include <limits.h>
-#undef $2
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $2 ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined __stub_$2 || defined __stub___$2
-choke me
-#endif
-
-int
-main (void)
-{
-return $2 ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- eval "$3=yes"
-else $as_nop
- eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-printf "%s\n" "$ac_res" >&6; }
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} @%:@ ac_fn_c_check_func
-ac_configure_args_raw=
-for ac_arg
-do
- case $ac_arg in
- *\'*)
- ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- as_fn_append ac_configure_args_raw " '$ac_arg'"
-done
-
-case $ac_configure_args_raw in
- *$as_nl*)
- ac_safe_unquote= ;;
- *)
- ac_unsafe_z='|&;<>()$`\\"*?@<:@ '' ' # This string ends in space, tab.
- ac_unsafe_a="$ac_unsafe_z#~"
- ac_safe_unquote="s/ '\\([^$ac_unsafe_a][^$ac_unsafe_z]*\\)'/ \\1/g"
- ac_configure_args_raw=` printf "%s\n" "$ac_configure_args_raw" | sed "$ac_safe_unquote"`;;
-esac
-
-cat >config.log <<_ACEOF
-This file contains any messages produced by compilers while
-running configure, to aid debugging if configure makes a mistake.
-
-It was created by $as_me, which was
-generated by GNU Autoconf 2.71. Invocation command line was
-
- $ $0$ac_configure_args_raw
-
-_ACEOF
-exec 5>>config.log
-{
-cat <<_ASUNAME
-## --------- ##
-## Platform. ##
-## --------- ##
-
-hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
-/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
-
-/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
-/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
-/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
-/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
-/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
-/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
-
-_ASUNAME
-
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- printf "%s\n" "PATH: $as_dir"
- done
-IFS=$as_save_IFS
-
-} >&5
-
-cat >&5 <<_ACEOF
-
-
-## ----------- ##
-## Core tests. ##
-## ----------- ##
-
-_ACEOF
-
-
-# Keep a trace of the command line.
-# Strip out --no-create and --no-recursion so they do not pile up.
-# Strip out --silent because we don't want to record it for future runs.
-# Also quote any args containing shell meta-characters.
-# Make two passes to allow for proper duplicate-argument suppression.
-ac_configure_args=
-ac_configure_args0=
-ac_configure_args1=
-ac_must_keep_next=false
-for ac_pass in 1 2
-do
- for ac_arg
- do
- case $ac_arg in
- -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- continue ;;
- *\'*)
- ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- case $ac_pass in
- 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
- 2)
- as_fn_append ac_configure_args1 " '$ac_arg'"
- if test $ac_must_keep_next = true; then
- ac_must_keep_next=false # Got value, back to normal.
- else
- case $ac_arg in
- *=* | --config-cache | -C | -disable-* | --disable-* \
- | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
- | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
- | -with-* | --with-* | -without-* | --without-* | --x)
- case "$ac_configure_args0 " in
- "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
- esac
- ;;
- -* ) ac_must_keep_next=true ;;
- esac
- fi
- as_fn_append ac_configure_args " '$ac_arg'"
- ;;
- esac
- done
-done
-{ ac_configure_args0=; unset ac_configure_args0;}
-{ ac_configure_args1=; unset ac_configure_args1;}
-
-# When interrupted or exit'd, cleanup temporary files, and complete
-# config.log. We remove comments because anyway the quotes in there
-# would cause problems or look ugly.
-# WARNING: Use '\'' to represent an apostrophe within the trap.
-# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
-trap 'exit_status=$?
- # Sanitize IFS.
- IFS=" "" $as_nl"
- # Save into config.log some information that might help in debugging.
- {
- echo
-
- printf "%s\n" "## ---------------- ##
-## Cache variables. ##
-## ---------------- ##"
- echo
- # The following way of writing the cache mishandles newlines in values,
-(
- for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) { eval $ac_var=; unset $ac_var;} ;;
- esac ;;
- esac
- done
- (set) 2>&1 |
- case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- sed -n \
- "s/'\''/'\''\\\\'\'''\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
- ;; #(
- *)
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-)
- echo
-
- printf "%s\n" "## ----------------- ##
-## Output variables. ##
-## ----------------- ##"
- echo
- for ac_var in $ac_subst_vars
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- printf "%s\n" "$ac_var='\''$ac_val'\''"
- done | sort
- echo
-
- if test -n "$ac_subst_files"; then
- printf "%s\n" "## ------------------- ##
-## File substitutions. ##
-## ------------------- ##"
- echo
- for ac_var in $ac_subst_files
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- printf "%s\n" "$ac_var='\''$ac_val'\''"
- done | sort
- echo
- fi
-
- if test -s confdefs.h; then
- printf "%s\n" "## ----------- ##
-## confdefs.h. ##
-## ----------- ##"
- echo
- cat confdefs.h
- echo
- fi
- test "$ac_signal" != 0 &&
- printf "%s\n" "$as_me: caught signal $ac_signal"
- printf "%s\n" "$as_me: exit $exit_status"
- } >&5
- rm -f core *.core core.conftest.* &&
- rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
- exit $exit_status
-' 0
-for ac_signal in 1 2 13 15; do
- trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
-done
-ac_signal=0
-
-# confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -f -r conftest* confdefs.h
-
-printf "%s\n" "/* confdefs.h */" > confdefs.h
-
-# Predefined preprocessor variables.
-
-printf "%s\n" "@%:@define PACKAGE_NAME \"$PACKAGE_NAME\"" >>confdefs.h
-
-printf "%s\n" "@%:@define PACKAGE_TARNAME \"$PACKAGE_TARNAME\"" >>confdefs.h
-
-printf "%s\n" "@%:@define PACKAGE_VERSION \"$PACKAGE_VERSION\"" >>confdefs.h
-
-printf "%s\n" "@%:@define PACKAGE_STRING \"$PACKAGE_STRING\"" >>confdefs.h
-
-printf "%s\n" "@%:@define PACKAGE_BUGREPORT \"$PACKAGE_BUGREPORT\"" >>confdefs.h
-
-printf "%s\n" "@%:@define PACKAGE_URL \"$PACKAGE_URL\"" >>confdefs.h
-
-
-# Let the site file select an alternate cache file if it wants to.
-# Prefer an explicitly selected file to automatically selected ones.
-if test -n "$CONFIG_SITE"; then
- ac_site_files="$CONFIG_SITE"
-elif test "x$prefix" != xNONE; then
- ac_site_files="$prefix/share/config.site $prefix/etc/config.site"
-else
- ac_site_files="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
-fi
-
-for ac_site_file in $ac_site_files
-do
- case $ac_site_file in @%:@(
- */*) :
- ;; @%:@(
- *) :
- ac_site_file=./$ac_site_file ;;
-esac
- if test -f "$ac_site_file" && test -r "$ac_site_file"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
-printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;}
- sed 's/^/| /' "$ac_site_file" >&5
- . "$ac_site_file" \
- || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "failed to load site script $ac_site_file
-See \`config.log' for more details" "$LINENO" 5; }
- fi
-done
-
-if test -r "$cache_file"; then
- # Some versions of bash will fail to source /dev/null (special files
- # actually), so we avoid doing that. DJGPP emulates it as a regular file.
- if test /dev/null != "$cache_file" && test -f "$cache_file"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
-printf "%s\n" "$as_me: loading cache $cache_file" >&6;}
- case $cache_file in
- [\\/]* | ?:[\\/]* ) . "$cache_file";;
- *) . "./$cache_file";;
- esac
- fi
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
-printf "%s\n" "$as_me: creating cache $cache_file" >&6;}
- >$cache_file
-fi
-
-# Test code for whether the C compiler supports C89 (global declarations)
-ac_c_conftest_c89_globals='
-/* Does the compiler advertise C89 conformance?
- Do not test the value of __STDC__, because some compilers set it to 0
- while being otherwise adequately conformant. */
-#if !defined __STDC__
-# error "Compiler does not advertise C89 conformance"
-#endif
-
-#include <stddef.h>
-#include <stdarg.h>
-struct stat;
-/* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */
-struct buf { int x; };
-struct buf * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
- char **p;
- int i;
-{
- return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
- char *s;
- va_list v;
- va_start (v,p);
- s = g (p, va_arg (v,int));
- va_end (v);
- return s;
-}
-
-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
- function prototypes and stuff, but not \xHH hex character constants.
- These do not provoke an error unfortunately, instead are silently treated
- as an "x". The following induces an error, until -std is added to get
- proper ANSI mode. Curiously \x00 != x always comes out true, for an
- array size at least. It is necessary to write \x00 == 0 to get something
- that is true only with -std. */
-int osf4_cc_array ['\''\x00'\'' == 0 ? 1 : -1];
-
-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
- inside strings and character constants. */
-#define FOO(x) '\''x'\''
-int xlc6_cc_array[FOO(a) == '\''x'\'' ? 1 : -1];
-
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, int *(*)(struct buf *, struct stat *, int),
- int, int);'
-
-# Test code for whether the C compiler supports C89 (body of main).
-ac_c_conftest_c89_main='
-ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]);
-'
-
-# Test code for whether the C compiler supports C99 (global declarations)
-ac_c_conftest_c99_globals='
-// Does the compiler advertise C99 conformance?
-#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L
-# error "Compiler does not advertise C99 conformance"
-#endif
-
-#include <stdbool.h>
-extern int puts (const char *);
-extern int printf (const char *, ...);
-extern int dprintf (int, const char *, ...);
-extern void *malloc (size_t);
-
-// Check varargs macros. These examples are taken from C99 6.10.3.5.
-// dprintf is used instead of fprintf to avoid needing to declare
-// FILE and stderr.
-#define debug(...) dprintf (2, __VA_ARGS__)
-#define showlist(...) puts (#__VA_ARGS__)
-#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
-static void
-test_varargs_macros (void)
-{
- int x = 1234;
- int y = 5678;
- debug ("Flag");
- debug ("X = %d\n", x);
- showlist (The first, second, and third items.);
- report (x>y, "x is %d but y is %d", x, y);
-}
-
-// Check long long types.
-#define BIG64 18446744073709551615ull
-#define BIG32 4294967295ul
-#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
-#if !BIG_OK
- #error "your preprocessor is broken"
-#endif
-#if BIG_OK
-#else
- #error "your preprocessor is broken"
-#endif
-static long long int bignum = -9223372036854775807LL;
-static unsigned long long int ubignum = BIG64;
-
-struct incomplete_array
-{
- int datasize;
- double data[];
-};
-
-struct named_init {
- int number;
- const wchar_t *name;
- double average;
-};
-
-typedef const char *ccp;
-
-static inline int
-test_restrict (ccp restrict text)
-{
- // See if C++-style comments work.
- // Iterate through items via the restricted pointer.
- // Also check for declarations in for loops.
- for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i)
- continue;
- return 0;
-}
-
-// Check varargs and va_copy.
-static bool
-test_varargs (const char *format, ...)
-{
- va_list args;
- va_start (args, format);
- va_list args_copy;
- va_copy (args_copy, args);
-
- const char *str = "";
- int number = 0;
- float fnumber = 0;
-
- while (*format)
- {
- switch (*format++)
- {
- case '\''s'\'': // string
- str = va_arg (args_copy, const char *);
- break;
- case '\''d'\'': // int
- number = va_arg (args_copy, int);
- break;
- case '\''f'\'': // float
- fnumber = va_arg (args_copy, double);
- break;
- default:
- break;
- }
- }
- va_end (args_copy);
- va_end (args);
-
- return *str && number && fnumber;
-}
-'
-
-# Test code for whether the C compiler supports C99 (body of main).
-ac_c_conftest_c99_main='
- // Check bool.
- _Bool success = false;
- success |= (argc != 0);
-
- // Check restrict.
- if (test_restrict ("String literal") == 0)
- success = true;
- char *restrict newvar = "Another string";
-
- // Check varargs.
- success &= test_varargs ("s, d'\'' f .", "string", 65, 34.234);
- test_varargs_macros ();
-
- // Check flexible array members.
- struct incomplete_array *ia =
- malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
- ia->datasize = 10;
- for (int i = 0; i < ia->datasize; ++i)
- ia->data[i] = i * 1.234;
-
- // Check named initializers.
- struct named_init ni = {
- .number = 34,
- .name = L"Test wide string",
- .average = 543.34343,
- };
-
- ni.number = 58;
-
- int dynamic_array[ni.number];
- dynamic_array[0] = argv[0][0];
- dynamic_array[ni.number - 1] = 543;
-
- // work around unused variable warnings
- ok |= (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == '\''x'\''
- || dynamic_array[ni.number - 1] != 543);
-'
-
-# Test code for whether the C compiler supports C11 (global declarations)
-ac_c_conftest_c11_globals='
-// Does the compiler advertise C11 conformance?
-#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L
-# error "Compiler does not advertise C11 conformance"
-#endif
-
-// Check _Alignas.
-char _Alignas (double) aligned_as_double;
-char _Alignas (0) no_special_alignment;
-extern char aligned_as_int;
-char _Alignas (0) _Alignas (int) aligned_as_int;
-
-// Check _Alignof.
-enum
-{
- int_alignment = _Alignof (int),
- int_array_alignment = _Alignof (int[100]),
- char_alignment = _Alignof (char)
-};
-_Static_assert (0 < -_Alignof (int), "_Alignof is signed");
-
-// Check _Noreturn.
-int _Noreturn does_not_return (void) { for (;;) continue; }
-
-// Check _Static_assert.
-struct test_static_assert
-{
- int x;
- _Static_assert (sizeof (int) <= sizeof (long int),
- "_Static_assert does not work in struct");
- long int y;
-};
-
-// Check UTF-8 literals.
-#define u8 syntax error!
-char const utf8_literal[] = u8"happens to be ASCII" "another string";
-
-// Check duplicate typedefs.
-typedef long *long_ptr;
-typedef long int *long_ptr;
-typedef long_ptr long_ptr;
-
-// Anonymous structures and unions -- taken from C11 6.7.2.1 Example 1.
-struct anonymous
-{
- union {
- struct { int i; int j; };
- struct { int k; long int l; } w;
- };
- int m;
-} v1;
-'
-
-# Test code for whether the C compiler supports C11 (body of main).
-ac_c_conftest_c11_main='
- _Static_assert ((offsetof (struct anonymous, i)
- == offsetof (struct anonymous, w.k)),
- "Anonymous union alignment botch");
- v1.i = 2;
- v1.w.k = 5;
- ok |= v1.i != 5;
-'
-
-# Test code for whether the C compiler supports C11 (complete).
-ac_c_conftest_c11_program="${ac_c_conftest_c89_globals}
-${ac_c_conftest_c99_globals}
-${ac_c_conftest_c11_globals}
-
-int
-main (int argc, char **argv)
-{
- int ok = 0;
- ${ac_c_conftest_c89_main}
- ${ac_c_conftest_c99_main}
- ${ac_c_conftest_c11_main}
- return ok;
-}
-"
-
-# Test code for whether the C compiler supports C99 (complete).
-ac_c_conftest_c99_program="${ac_c_conftest_c89_globals}
-${ac_c_conftest_c99_globals}
-
-int
-main (int argc, char **argv)
-{
- int ok = 0;
- ${ac_c_conftest_c89_main}
- ${ac_c_conftest_c99_main}
- return ok;
-}
-"
-
-# Test code for whether the C compiler supports C89 (complete).
-ac_c_conftest_c89_program="${ac_c_conftest_c89_globals}
-
-int
-main (int argc, char **argv)
-{
- int ok = 0;
- ${ac_c_conftest_c89_main}
- return ok;
-}
-"
-
-as_fn_append ac_header_c_list " stdio.h stdio_h HAVE_STDIO_H"
-as_fn_append ac_header_c_list " stdlib.h stdlib_h HAVE_STDLIB_H"
-as_fn_append ac_header_c_list " string.h string_h HAVE_STRING_H"
-as_fn_append ac_header_c_list " inttypes.h inttypes_h HAVE_INTTYPES_H"
-as_fn_append ac_header_c_list " stdint.h stdint_h HAVE_STDINT_H"
-as_fn_append ac_header_c_list " strings.h strings_h HAVE_STRINGS_H"
-as_fn_append ac_header_c_list " sys/stat.h sys_stat_h HAVE_SYS_STAT_H"
-as_fn_append ac_header_c_list " sys/types.h sys_types_h HAVE_SYS_TYPES_H"
-as_fn_append ac_header_c_list " unistd.h unistd_h HAVE_UNISTD_H"
-
-# Auxiliary files required by this configure script.
-ac_aux_files="config.guess config.sub ltmain.sh compile missing install-sh"
-
-# Locations in which to look for auxiliary files.
-ac_aux_dir_candidates="${srcdir}${PATH_SEPARATOR}${srcdir}/..${PATH_SEPARATOR}${srcdir}/../.."
-
-# Search for a directory containing all of the required auxiliary files,
-# $ac_aux_files, from the $PATH-style list $ac_aux_dir_candidates.
-# If we don't find one directory that contains all the files we need,
-# we report the set of missing files from the *first* directory in
-# $ac_aux_dir_candidates and give up.
-ac_missing_aux_files=""
-ac_first_candidate=:
-printf "%s\n" "$as_me:${as_lineno-$LINENO}: looking for aux files: $ac_aux_files" >&5
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-as_found=false
-for as_dir in $ac_aux_dir_candidates
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- as_found=:
-
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: trying $as_dir" >&5
- ac_aux_dir_found=yes
- ac_install_sh=
- for ac_aux in $ac_aux_files
- do
- # As a special case, if "install-sh" is required, that requirement
- # can be satisfied by any of "install-sh", "install.sh", or "shtool",
- # and $ac_install_sh is set appropriately for whichever one is found.
- if test x"$ac_aux" = x"install-sh"
- then
- if test -f "${as_dir}install-sh"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install-sh found" >&5
- ac_install_sh="${as_dir}install-sh -c"
- elif test -f "${as_dir}install.sh"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install.sh found" >&5
- ac_install_sh="${as_dir}install.sh -c"
- elif test -f "${as_dir}shtool"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}shtool found" >&5
- ac_install_sh="${as_dir}shtool install -c"
- else
- ac_aux_dir_found=no
- if $ac_first_candidate; then
- ac_missing_aux_files="${ac_missing_aux_files} install-sh"
- else
- break
- fi
- fi
- else
- if test -f "${as_dir}${ac_aux}"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}${ac_aux} found" >&5
- else
- ac_aux_dir_found=no
- if $ac_first_candidate; then
- ac_missing_aux_files="${ac_missing_aux_files} ${ac_aux}"
- else
- break
- fi
- fi
- fi
- done
- if test "$ac_aux_dir_found" = yes; then
- ac_aux_dir="$as_dir"
- break
- fi
- ac_first_candidate=false
-
- as_found=false
-done
-IFS=$as_save_IFS
-if $as_found
-then :
-
-else $as_nop
- as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5
-fi
-
-
-# These three variables are undocumented and unsupported,
-# and are intended to be withdrawn in a future Autoconf release.
-# They can cause serious problems if a builder's source tree is in a directory
-# whose full name contains unusual characters.
-if test -f "${ac_aux_dir}config.guess"; then
- ac_@&t@config_guess="$SHELL ${ac_aux_dir}config.guess"
-fi
-if test -f "${ac_aux_dir}config.sub"; then
- ac_@&t@config_sub="$SHELL ${ac_aux_dir}config.sub"
-fi
-if test -f "$ac_aux_dir/configure"; then
- ac_@&t@configure="$SHELL ${ac_aux_dir}configure"
-fi
-
-# Check that the precious variables saved in the cache have kept the same
-# value.
-ac_cache_corrupted=false
-for ac_var in $ac_precious_vars; do
- eval ac_old_set=\$ac_cv_env_${ac_var}_set
- eval ac_new_set=\$ac_env_${ac_var}_set
- eval ac_old_val=\$ac_cv_env_${ac_var}_value
- eval ac_new_val=\$ac_env_${ac_var}_value
- case $ac_old_set,$ac_new_set in
- set,)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,set)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,);;
- *)
- if test "x$ac_old_val" != "x$ac_new_val"; then
- # differences in whitespace do not lead to failure.
- ac_old_val_w=`echo x $ac_old_val`
- ac_new_val_w=`echo x $ac_new_val`
- if test "$ac_old_val_w" != "$ac_new_val_w"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
- ac_cache_corrupted=:
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
-printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
- eval $ac_var=\$ac_old_val
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
-printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;}
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
-printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;}
- fi;;
- esac
- # Pass precious variables to config.status.
- if test "$ac_new_set" = set; then
- case $ac_new_val in
- *\'*) ac_arg=$ac_var=`printf "%s\n" "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
- *) ac_arg=$ac_var=$ac_new_val ;;
- esac
- case " $ac_configure_args " in
- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
- *) as_fn_append ac_configure_args " '$ac_arg'" ;;
- esac
- fi
-done
-if $ac_cache_corrupted; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
-printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;}
- as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file'
- and start over" "$LINENO" 5
-fi
-## -------------------- ##
-## Main body of script. ##
-## -------------------- ##
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-am__api_version='1.16'
-
-
-
- # Find a good install program. We prefer a C program (faster),
-# so one script is as good as another. But avoid the broken or
-# incompatible versions:
-# SysV /etc/install, /usr/sbin/install
-# SunOS /usr/etc/install
-# IRIX /sbin/install
-# AIX /bin/install
-# AmigaOS /C/install, which installs bootblocks on floppy discs
-# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
-# AFS /usr/afsws/bin/install, which mishandles nonexistent args
-# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
-# OS/2's system install, which has a completely different semantic
-# ./install, which can be erroneously created by make from ./install.sh.
-# Reject install programs that cannot install multiple files.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
-printf %s "checking for a BSD-compatible install... " >&6; }
-if test -z "$INSTALL"; then
-if test ${ac_cv_path_install+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- # Account for fact that we put trailing slashes in our PATH walk.
-case $as_dir in @%:@((
- ./ | /[cC]/* | \
- /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
- ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
- /usr/ucb/* ) ;;
- *)
- # OSF1 and SCO ODT 3.0 have their own names for install.
- # Don't use installbsd from OSF since it installs stuff as root
- # by default.
- for ac_prog in ginstall scoinst install; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext"; then
- if test $ac_prog = install &&
- grep dspmsg "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # AIX install. It has an incompatible calling convention.
- :
- elif test $ac_prog = install &&
- grep pwplus "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # program-specific install script used by HP pwplus--don't use.
- :
- else
- rm -rf conftest.one conftest.two conftest.dir
- echo one > conftest.one
- echo two > conftest.two
- mkdir conftest.dir
- if "$as_dir$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir/" &&
- test -s conftest.one && test -s conftest.two &&
- test -s conftest.dir/conftest.one &&
- test -s conftest.dir/conftest.two
- then
- ac_cv_path_install="$as_dir$ac_prog$ac_exec_ext -c"
- break 3
- fi
- fi
- fi
- done
- done
- ;;
-esac
-
- done
-IFS=$as_save_IFS
-
-rm -rf conftest.one conftest.two conftest.dir
-
-fi
- if test ${ac_cv_path_install+y}; then
- INSTALL=$ac_cv_path_install
- else
- # As a last resort, use the slow shell script. Don't cache a
- # value for INSTALL within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the value is a relative name.
- INSTALL=$ac_install_sh
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
-printf "%s\n" "$INSTALL" >&6; }
-
-# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
-# It thinks the first close brace ends the variable substitution.
-test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
-
-test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
-
-test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
-printf %s "checking whether build environment is sane... " >&6; }
-# Reject unsafe characters in $srcdir or the absolute working directory
-# name. Accept space and tab only in the latter.
-am_lf='
-'
-case `pwd` in
- *[\\\"\#\$\&\'\`$am_lf]*)
- as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;;
-esac
-case $srcdir in
- *[\\\"\#\$\&\'\`$am_lf\ \ ]*)
- as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;;
-esac
-
-# Do 'set' in a subshell so we don't clobber the current shell's
-# arguments. Must try -L first in case configure is actually a
-# symlink; some systems play weird games with the mod time of symlinks
-# (eg FreeBSD returns the mod time of the symlink's containing
-# directory).
-if (
- am_has_slept=no
- for am_try in 1 2; do
- echo "timestamp, slept: $am_has_slept" > conftest.file
- set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
- if test "$*" = "X"; then
- # -L didn't work.
- set X `ls -t "$srcdir/configure" conftest.file`
- fi
- if test "$*" != "X $srcdir/configure conftest.file" \
- && test "$*" != "X conftest.file $srcdir/configure"; then
-
- # If neither matched, then we have a broken ls. This can happen
- # if, for instance, CONFIG_SHELL is bash and it inherits a
- # broken ls alias from the environment. This has actually
- # happened. Such a system could not be considered "sane".
- as_fn_error $? "ls -t appears to fail. Make sure there is not a broken
- alias in your environment" "$LINENO" 5
- fi
- if test "$2" = conftest.file || test $am_try -eq 2; then
- break
- fi
- # Just in case.
- sleep 1
- am_has_slept=yes
- done
- test "$2" = conftest.file
- )
-then
- # Ok.
- :
-else
- as_fn_error $? "newly created file is older than distributed files!
-Check your system clock" "$LINENO" 5
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-# If we didn't sleep, we still need to ensure time stamps of config.status and
-# generated files are strictly newer.
-am_sleep_pid=
-if grep 'slept: no' conftest.file >/dev/null 2>&1; then
- ( sleep 1 ) &
- am_sleep_pid=$!
-fi
-
-rm -f conftest.file
-
-test "$program_prefix" != NONE &&
- program_transform_name="s&^&$program_prefix&;$program_transform_name"
-# Use a double $ so make ignores it.
-test "$program_suffix" != NONE &&
- program_transform_name="s&\$&$program_suffix&;$program_transform_name"
-# Double any \ or $.
-# By default was `s,x,x', remove it if useless.
-ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
-program_transform_name=`printf "%s\n" "$program_transform_name" | sed "$ac_script"`
-
-
-# Expand $ac_aux_dir to an absolute path.
-am_aux_dir=`cd "$ac_aux_dir" && pwd`
-
-
- if test x"${MISSING+set}" != xset; then
- MISSING="\${SHELL} '$am_aux_dir/missing'"
-fi
-# Use eval to expand $SHELL
-if eval "$MISSING --is-lightweight"; then
- am_missing_run="$MISSING "
-else
- am_missing_run=
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5
-printf "%s\n" "$as_me: WARNING: 'missing' script is too old or missing" >&2;}
-fi
-
-if test x"${install_sh+set}" != xset; then
- case $am_aux_dir in
- *\ * | *\ *)
- install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
- *)
- install_sh="\${SHELL} $am_aux_dir/install-sh"
- esac
-fi
-
-# Installed binaries are usually stripped using 'strip' when the user
-# run "make install-strip". However 'strip' might not be the right
-# tool to use in cross-compilation environments, therefore Automake
-# will honor the 'STRIP' environment variable to overrule this program.
-if test "$cross_compiling" != no; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$STRIP"; then
- ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-printf "%s\n" "$STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
- ac_ct_STRIP=$STRIP
- # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_STRIP"; then
- ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_STRIP="strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-printf "%s\n" "$ac_ct_STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_STRIP" = x; then
- STRIP=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- STRIP=$ac_ct_STRIP
- fi
-else
- STRIP="$ac_cv_prog_STRIP"
-fi
-
-fi
-INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a race-free mkdir -p" >&5
-printf %s "checking for a race-free mkdir -p... " >&6; }
-if test -z "$MKDIR_P"; then
- if test ${ac_cv_path_mkdir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in mkdir gmkdir; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext" || continue
- case `"$as_dir$ac_prog$ac_exec_ext" --version 2>&1` in #(
- 'mkdir ('*'coreutils) '* | \
- 'BusyBox '* | \
- 'mkdir (fileutils) '4.1*)
- ac_cv_path_mkdir=$as_dir$ac_prog$ac_exec_ext
- break 3;;
- esac
- done
- done
- done
-IFS=$as_save_IFS
-
-fi
-
- test -d ./--version && rmdir ./--version
- if test ${ac_cv_path_mkdir+y}; then
- MKDIR_P="$ac_cv_path_mkdir -p"
- else
- # As a last resort, use the slow shell script. Don't cache a
- # value for MKDIR_P within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the value is a relative name.
- MKDIR_P="$ac_install_sh -d"
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
-printf "%s\n" "$MKDIR_P" >&6; }
-
-for ac_prog in gawk mawk nawk awk
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_AWK+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$AWK"; then
- ac_cv_prog_AWK="$AWK" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_AWK="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-AWK=$ac_cv_prog_AWK
-if test -n "$AWK"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
-printf "%s\n" "$AWK" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$AWK" && break
-done
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
-printf %s "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
-set x ${MAKE-make}
-ac_make=`printf "%s\n" "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
-if eval test \${ac_cv_prog_make_${ac_make}_set+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat >conftest.make <<\_ACEOF
-SHELL = /bin/sh
-all:
- @echo '@@@%%%=$(MAKE)=@@@%%%'
-_ACEOF
-# GNU make sometimes prints "make[1]: Entering ...", which would confuse us.
-case `${MAKE-make} -f conftest.make 2>/dev/null` in
- *@@@%%%=?*=@@@%%%*)
- eval ac_cv_prog_make_${ac_make}_set=yes;;
- *)
- eval ac_cv_prog_make_${ac_make}_set=no;;
-esac
-rm -f conftest.make
-fi
-if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- SET_MAKE=
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- SET_MAKE="MAKE=${MAKE-make}"
-fi
-
-rm -rf .tst 2>/dev/null
-mkdir .tst 2>/dev/null
-if test -d .tst; then
- am__leading_dot=.
-else
- am__leading_dot=_
-fi
-rmdir .tst 2>/dev/null
-
-@%:@ Check whether --enable-silent-rules was given.
-if test ${enable_silent_rules+y}
-then :
- enableval=$enable_silent_rules;
-fi
-
-case $enable_silent_rules in @%:@ (((
- yes) AM_DEFAULT_VERBOSITY=0;;
- no) AM_DEFAULT_VERBOSITY=1;;
- *) AM_DEFAULT_VERBOSITY=1;;
-esac
-am_make=${MAKE-make}
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5
-printf %s "checking whether $am_make supports nested variables... " >&6; }
-if test ${am_cv_make_support_nested_variables+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if printf "%s\n" 'TRUE=$(BAR$(V))
-BAR0=false
-BAR1=true
-V=1
-am__doit:
- @$(TRUE)
-.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then
- am_cv_make_support_nested_variables=yes
-else
- am_cv_make_support_nested_variables=no
-fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5
-printf "%s\n" "$am_cv_make_support_nested_variables" >&6; }
-if test $am_cv_make_support_nested_variables = yes; then
- AM_V='$(V)'
- AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
-else
- AM_V=$AM_DEFAULT_VERBOSITY
- AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY
-fi
-AM_BACKSLASH='\'
-
-if test "`cd $srcdir && pwd`" != "`pwd`"; then
- # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
- # is not polluted with repeated "-I."
- am__isrc=' -I$(srcdir)'
- # test to see if srcdir already configured
- if test -f $srcdir/config.status; then
- as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5
- fi
-fi
-
-# test whether we have cygpath
-if test -z "$CYGPATH_W"; then
- if (cygpath --version) >/dev/null 2>/dev/null; then
- CYGPATH_W='cygpath -w'
- else
- CYGPATH_W=echo
- fi
-fi
-
-
-# Define the identity of the package.
-
- PACKAGE=libapparmor1
- VERSION=3.1.7
-
-
-printf "%s\n" "@%:@define PACKAGE \"$PACKAGE\"" >>confdefs.h
-
-
-printf "%s\n" "@%:@define VERSION \"$VERSION\"" >>confdefs.h
-
-# Some tools Automake needs.
-
-ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
-
-
-AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
-
-
-AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
-
-
-AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
-
-
-MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
-
-# For better backward compatibility. To be removed once Automake 1.9.x
-# dies out for good. For more background, see:
-# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
-# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
-mkdir_p='$(MKDIR_P)'
-
-# We need awk for the "check" target (and possibly the TAP driver). The
-# system "awk" is bad on some platforms.
-# Always define AMTAR for backward compatibility. Yes, it's still used
-# in the wild :-( We should find a proper way to deprecate it ...
-AMTAR='$${TAR-tar}'
-
-
-# We'll loop over all known methods to create a tar archive until one works.
-_am_tools='gnutar pax cpio none'
-
-am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'
-
-
-
-
-
-# Variables for tags utilities; see am/tags.am
-if test -z "$CTAGS"; then
- CTAGS=ctags
-fi
-
-if test -z "$ETAGS"; then
- ETAGS=etags
-fi
-
-if test -z "$CSCOPE"; then
- CSCOPE=cscope
-fi
-
-
-
-# POSIX will say in a future version that running "rm -f" with no argument
-# is OK; and we want to be able to make that assumption in our Makefile
-# recipes. So use an aggressive probe to check that the usage we want is
-# actually supported "in the wild" to an acceptable degree.
-# See automake bug#10828.
-# To make any issue more visible, cause the running configure to be aborted
-# by default if the 'rm' program in use doesn't match our expectations; the
-# user can still override this though.
-if rm -f && rm -fr && rm -rf; then : OK; else
- cat >&2 <<'END'
-Oops!
-
-Your 'rm' program seems unable to run without file operands specified
-on the command line, even when the '-f' option is present. This is contrary
-to the behaviour of most rm programs out there, and not conforming with
-the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542>
-
-Please tell bug-automake@gnu.org about your system, including the value
-of your $PATH and any error possibly output before this message. This
-can help us improve future automake versions.
-
-END
- if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then
- echo 'Configuration will proceed anyway, since you have set the' >&2
- echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2
- echo >&2
- else
- cat >&2 <<'END'
-Aborting the configuration process, to ensure you take notice of the issue.
-
-You can download and install GNU coreutils to get an 'rm' implementation
-that behaves properly: <https://www.gnu.org/software/coreutils/>.
-
-If you want to complete the configuration process using your problematic
-'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
-to "yes", and re-run configure.
-
-END
- as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5
- fi
-fi
-
-
-
-
-
-
-
-
-
-
-
-DEPDIR="${am__leading_dot}deps"
-
-ac_config_commands="$ac_config_commands depfiles"
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5
-printf %s "checking whether ${MAKE-make} supports the include directive... " >&6; }
-cat > confinc.mk << 'END'
-am__doit:
- @echo this is the am__doit target >confinc.out
-.PHONY: am__doit
-END
-am__include="#"
-am__quote=
-# BSD make does it like this.
-echo '.include "confinc.mk" # ignored' > confmf.BSD
-# Other make implementations (GNU, Solaris 10, AIX) do it like this.
-echo 'include confinc.mk # ignored' > confmf.GNU
-_am_result=no
-for s in GNU BSD; do
- { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5
- (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
- case $?:`cat confinc.out 2>/dev/null` in @%:@(
- '0:this is the am__doit target') :
- case $s in @%:@(
- BSD) :
- am__include='.include' am__quote='"' ;; @%:@(
- *) :
- am__include='include' am__quote='' ;;
-esac ;; @%:@(
- *) :
- ;;
-esac
- if test "$am__include" != "#"; then
- _am_result="yes ($s style)"
- break
- fi
-done
-rm -f confinc.* confmf.*
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5
-printf "%s\n" "${_am_result}" >&6; }
-
-@%:@ Check whether --enable-dependency-tracking was given.
-if test ${enable_dependency_tracking+y}
-then :
- enableval=$enable_dependency_tracking;
-fi
-
-if test "x$enable_dependency_tracking" != xno; then
- am_depcomp="$ac_aux_dir/depcomp"
- AMDEPBACKSLASH='\'
- am__nodep='_no'
-fi
- if test "x$enable_dependency_tracking" != xno; then
- AMDEP_TRUE=
- AMDEP_FALSE='#'
-else
- AMDEP_TRUE='#'
- AMDEP_FALSE=
-fi
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}gcc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="gcc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}cc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- fi
-fi
-if test -z "$CC"; then
- # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
- ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- if test "$as_dir$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
- ac_prog_rejected=yes
- continue
- fi
- ac_cv_prog_CC="cc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-if test $ac_prog_rejected = yes; then
- # We found a bogon in the path, so make sure we never use it.
- set dummy $ac_cv_prog_CC
- shift
- if test $@%:@ != 0; then
- # We chose a different compiler from the bogus one.
- # However, it has the same basename, so the bogon will be chosen
- # first if we set CC to just the basename; use the full file name.
- shift
- ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@"
- fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- for ac_prog in cl.exe
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$CC" && break
- done
-fi
-if test -z "$CC"; then
- ac_ct_CC=$CC
- for ac_prog in cl.exe
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$ac_ct_CC" && break
-done
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-fi
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}clang", so it can be a program name with args.
-set dummy ${ac_tool_prefix}clang; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}clang"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "clang", so it can be a program name with args.
-set dummy clang; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="clang"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-fi
-
-
-test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "no acceptable C compiler found in \$PATH
-See \`config.log' for more details" "$LINENO" 5; }
-
-# Provide some information about the compiler.
-printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
-set X $ac_compile
-ac_compiler=$2
-for ac_option in --version -v -V -qversion -version; do
- { { ac_try="$ac_compiler $ac_option >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compiler $ac_option >&5") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- sed '10a\
-... rest of stderr output deleted ...
- 10q' conftest.err >conftest.er1
- cat conftest.er1 >&5
- fi
- rm -f conftest.er1 conftest.err
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-done
-
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
-# Try to create an executable without -o first, disregard a.out.
-# It will help us diagnose broken compilers, and finding out an intuition
-# of exeext.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
-printf %s "checking whether the C compiler works... " >&6; }
-ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-
-# The possible output files:
-ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
-
-ac_rmfiles=
-for ac_file in $ac_files
-do
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- * ) ac_rmfiles="$ac_rmfiles $ac_file";;
- esac
-done
-rm -f $ac_rmfiles
-
-if { { ac_try="$ac_link_default"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link_default") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-then :
- # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
-# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
-# in a Makefile. We should not override ac_cv_exeext if it was cached,
-# so that the user can short-circuit this test for compilers unknown to
-# Autoconf.
-for ac_file in $ac_files ''
-do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
- ;;
- [ab].out )
- # We found the default executable, but exeext='' is most
- # certainly right.
- break;;
- *.* )
- if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no;
- then :; else
- ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- fi
- # We set ac_cv_exeext here because the later test for it is not
- # safe: cross compilers may not add the suffix if given an `-o'
- # argument, so we may need to know it at that point already.
- # Even if this section looks crufty: it has the advantage of
- # actually working.
- break;;
- * )
- break;;
- esac
-done
-test "$ac_cv_exeext" = no && ac_cv_exeext=
-
-else $as_nop
- ac_file=''
-fi
-if test -z "$ac_file"
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "C compiler cannot create executables
-See \`config.log' for more details" "$LINENO" 5; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
-printf %s "checking for C compiler default output file name... " >&6; }
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
-printf "%s\n" "$ac_file" >&6; }
-ac_exeext=$ac_cv_exeext
-
-rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
-ac_clean_files=$ac_clean_files_save
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
-printf %s "checking for suffix of executables... " >&6; }
-if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-then :
- # If both `conftest.exe' and `conftest' are `present' (well, observable)
-# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
-# work properly (i.e., refer to `conftest.exe'), while it won't with
-# `rm'.
-for ac_file in conftest.exe conftest conftest.*; do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- break;;
- * ) break;;
- esac
-done
-else $as_nop
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-rm -f conftest conftest$ac_cv_exeext
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
-printf "%s\n" "$ac_cv_exeext" >&6; }
-
-rm -f conftest.$ac_ext
-EXEEXT=$ac_cv_exeext
-ac_exeext=$EXEEXT
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-@%:@include <stdio.h>
-int
-main (void)
-{
-FILE *f = fopen ("conftest.out", "w");
- return ferror (f) || fclose (f) != 0;
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files="$ac_clean_files conftest.out"
-# Check that the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
-printf %s "checking whether we are cross compiling... " >&6; }
-if test "$cross_compiling" != yes; then
- { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if { ac_try='./conftest$ac_cv_exeext'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then
- cross_compiling=no
- else
- if test "$cross_compiling" = maybe; then
- cross_compiling=yes
- else
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details" "$LINENO" 5; }
- fi
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
-printf "%s\n" "$cross_compiling" >&6; }
-
-rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
-ac_clean_files=$ac_clean_files_save
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
-printf %s "checking for suffix of object files... " >&6; }
-if test ${ac_cv_objext+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.o conftest.obj
-if { { ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-then :
- for ac_file in conftest.o conftest.obj conftest.*; do
- test -f "$ac_file" || continue;
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
- *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
- break;;
- esac
-done
-else $as_nop
- printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot compute suffix of object files: cannot compile
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-rm -f conftest.$ac_cv_objext conftest.$ac_ext
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
-printf "%s\n" "$ac_cv_objext" >&6; }
-OBJEXT=$ac_cv_objext
-ac_objext=$OBJEXT
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5
-printf %s "checking whether the compiler supports GNU C... " >&6; }
-if test ${ac_cv_c_compiler_gnu+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-#ifndef __GNUC__
- choke me
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_compiler_gnu=yes
-else $as_nop
- ac_compiler_gnu=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
-printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; }
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-if test $ac_compiler_gnu = yes; then
- GCC=yes
-else
- GCC=
-fi
-ac_test_CFLAGS=${CFLAGS+y}
-ac_save_CFLAGS=$CFLAGS
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
-printf %s "checking whether $CC accepts -g... " >&6; }
-if test ${ac_cv_prog_cc_g+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_save_c_werror_flag=$ac_c_werror_flag
- ac_c_werror_flag=yes
- ac_cv_prog_cc_g=no
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_g=yes
-else $as_nop
- CFLAGS=""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-else $as_nop
- ac_c_werror_flag=$ac_save_c_werror_flag
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_g=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- ac_c_werror_flag=$ac_save_c_werror_flag
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
-printf "%s\n" "$ac_cv_prog_cc_g" >&6; }
-if test $ac_test_CFLAGS; then
- CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
- CFLAGS="-g -O2"
- else
- CFLAGS="-g"
- fi
-else
- if test "$GCC" = yes; then
- CFLAGS="-O2"
- else
- CFLAGS=
- fi
-fi
-ac_prog_cc_stdc=no
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5
-printf %s "checking for $CC option to enable C11 features... " >&6; }
-if test ${ac_cv_prog_cc_c11+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c11=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c11_program
-_ACEOF
-for ac_arg in '' -std=gnu11
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c11=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c11" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c11" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c11" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
-printf "%s\n" "$ac_cv_prog_cc_c11" >&6; }
- CC="$CC $ac_cv_prog_cc_c11"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11
- ac_prog_cc_stdc=c11
-fi
-fi
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5
-printf %s "checking for $CC option to enable C99 features... " >&6; }
-if test ${ac_cv_prog_cc_c99+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c99=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c99_program
-_ACEOF
-for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99=
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c99=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c99" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c99" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c99" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
-printf "%s\n" "$ac_cv_prog_cc_c99" >&6; }
- CC="$CC $ac_cv_prog_cc_c99"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99
- ac_prog_cc_stdc=c99
-fi
-fi
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5
-printf %s "checking for $CC option to enable C89 features... " >&6; }
-if test ${ac_cv_prog_cc_c89+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c89=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c89_program
-_ACEOF
-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c89=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c89" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c89" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c89" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
-printf "%s\n" "$ac_cv_prog_cc_c89" >&6; }
- CC="$CC $ac_cv_prog_cc_c89"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89
- ac_prog_cc_stdc=c89
-fi
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
-printf %s "checking whether $CC understands -c and -o together... " >&6; }
-if test ${am_cv_prog_cc_c_o+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
- # Make sure it works both with $CC and with simple cc.
- # Following AC_PROG_CC_C_O, we do the test twice because some
- # compilers refuse to overwrite an existing .o file with -o,
- # though they will create one.
- am_cv_prog_cc_c_o=yes
- for am_i in 1 2; do
- if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5
- ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } \
- && test -f conftest2.$ac_objext; then
- : OK
- else
- am_cv_prog_cc_c_o=no
- break
- fi
- done
- rm -f core conftest*
- unset am_i
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
-printf "%s\n" "$am_cv_prog_cc_c_o" >&6; }
-if test "$am_cv_prog_cc_c_o" != yes; then
- # Losing compiler, so override with the script.
- # FIXME: It is wrong to rewrite CC.
- # But if we don't then we get into trouble of one sort or another.
- # A longer-term fix would be to have automake use am__CC in this case,
- # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
- CC="$am_aux_dir/compile $CC"
-fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-depcc="$CC" am_compiler_list=
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
-printf %s "checking dependency style of $depcc... " >&6; }
-if test ${am_cv_CC_dependencies_compiler_type+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
- # We make a subdir and do the tests there. Otherwise we can end up
- # making bogus files that we don't know about and never remove. For
- # instance it was reported that on HP-UX the gcc test will end up
- # making a dummy file named 'D' -- because '-MD' means "put the output
- # in D".
- rm -rf conftest.dir
- mkdir conftest.dir
- # Copy depcomp to subdir because otherwise we won't find it if we're
- # using a relative directory.
- cp "$am_depcomp" conftest.dir
- cd conftest.dir
- # We will build objects and dependencies in a subdirectory because
- # it helps to detect inapplicable dependency modes. For instance
- # both Tru64's cc and ICC support -MD to output dependencies as a
- # side effect of compilation, but ICC will put the dependencies in
- # the current directory while Tru64 will put them in the object
- # directory.
- mkdir sub
-
- am_cv_CC_dependencies_compiler_type=none
- if test "$am_compiler_list" = ""; then
- am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
- fi
- am__universal=false
- case " $depcc " in #(
- *\ -arch\ *\ -arch\ *) am__universal=true ;;
- esac
-
- for depmode in $am_compiler_list; do
- # Setup a source with many dependencies, because some compilers
- # like to wrap large dependency lists on column 80 (with \), and
- # we should not choose a depcomp mode which is confused by this.
- #
- # We need to recreate these files for each test, as the compiler may
- # overwrite some of them when testing with obscure command lines.
- # This happens at least with the AIX C compiler.
- : > sub/conftest.c
- for i in 1 2 3 4 5 6; do
- echo '#include "conftst'$i'.h"' >> sub/conftest.c
- # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with
- # Solaris 10 /bin/sh.
- echo '/* dummy */' > sub/conftst$i.h
- done
- echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
-
- # We check with '-c' and '-o' for the sake of the "dashmstdout"
- # mode. It turns out that the SunPro C++ compiler does not properly
- # handle '-M -o', and we need to detect this. Also, some Intel
- # versions had trouble with output in subdirs.
- am__obj=sub/conftest.${OBJEXT-o}
- am__minus_obj="-o $am__obj"
- case $depmode in
- gcc)
- # This depmode causes a compiler race in universal mode.
- test "$am__universal" = false || continue
- ;;
- nosideeffect)
- # After this tag, mechanisms are not by side-effect, so they'll
- # only be used when explicitly requested.
- if test "x$enable_dependency_tracking" = xyes; then
- continue
- else
- break
- fi
- ;;
- msvc7 | msvc7msys | msvisualcpp | msvcmsys)
- # This compiler won't grok '-c -o', but also, the minuso test has
- # not run yet. These depmodes are late enough in the game, and
- # so weak that their functioning should not be impacted.
- am__obj=conftest.${OBJEXT-o}
- am__minus_obj=
- ;;
- none) break ;;
- esac
- if depmode=$depmode \
- source=sub/conftest.c object=$am__obj \
- depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
- $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
- >/dev/null 2>conftest.err &&
- grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
- grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
- ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
- # icc doesn't choke on unknown options, it will just issue warnings
- # or remarks (even with -Werror). So we grep stderr for any message
- # that says an option was ignored or not supported.
- # When given -MP, icc 7.0 and 7.1 complain thusly:
- # icc: Command line warning: ignoring option '-M'; no argument required
- # The diagnosis changed in icc 8.0:
- # icc: Command line remark: option '-MP' not supported
- if (grep 'ignoring option' conftest.err ||
- grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
- am_cv_CC_dependencies_compiler_type=$depmode
- break
- fi
- fi
- done
-
- cd ..
- rm -rf conftest.dir
-else
- am_cv_CC_dependencies_compiler_type=none
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
-printf "%s\n" "$am_cv_CC_dependencies_compiler_type" >&6; }
-CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
-
- if
- test "x$enable_dependency_tracking" != xno \
- && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
- am__fastdepCC_TRUE=
- am__fastdepCC_FALSE='#'
-else
- am__fastdepCC_TRUE='#'
- am__fastdepCC_FALSE=
-fi
-
-
-
-for ac_prog in flex lex
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_LEX+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$LEX"; then
- ac_cv_prog_LEX="$LEX" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_LEX="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-LEX=$ac_cv_prog_LEX
-if test -n "$LEX"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LEX" >&5
-printf "%s\n" "$LEX" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$LEX" && break
-done
-test -n "$LEX" || LEX=":"
-
- if test "x$LEX" != "x:"; then
- cat >conftest.l <<_ACEOF
-%{
-#ifdef __cplusplus
-extern "C"
-#endif
-int yywrap(void);
-%}
-%%
-a { ECHO; }
-b { REJECT; }
-c { yymore (); }
-d { yyless (1); }
-e { /* IRIX 6.5 flex 2.5.4 underquotes its yyless argument. */
-#ifdef __cplusplus
- yyless ((yyinput () != 0));
-#else
- yyless ((input () != 0));
-#endif
- }
-f { unput (yytext[0]); }
-. { BEGIN INITIAL; }
-%%
-#ifdef YYTEXT_POINTER
-extern char *yytext;
-#endif
-int
-yywrap (void)
-{
- return 1;
-}
-int
-main (void)
-{
- return ! yylex ();
-}
-_ACEOF
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex output file root" >&5
-printf %s "checking for lex output file root... " >&6; }
-if test ${ac_cv_prog_lex_root+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
-ac_cv_prog_lex_root=unknown
-{ { ac_try="$LEX conftest.l"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$LEX conftest.l") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } &&
-if test -f lex.yy.c; then
- ac_cv_prog_lex_root=lex.yy
-elif test -f lexyy.c; then
- ac_cv_prog_lex_root=lexyy
-fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5
-printf "%s\n" "$ac_cv_prog_lex_root" >&6; }
-if test "$ac_cv_prog_lex_root" = unknown
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cannot find output from $LEX; giving up on $LEX" >&5
-printf "%s\n" "$as_me: WARNING: cannot find output from $LEX; giving up on $LEX" >&2;}
- LEX=: LEXLIB=
-fi
-LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root
-
-if test ${LEXLIB+y}
-then :
-
-else $as_nop
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex library" >&5
-printf %s "checking for lex library... " >&6; }
-if test ${ac_cv_lib_lex+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
- ac_save_LIBS="$LIBS"
- ac_found=false
- for ac_cv_lib_lex in 'none needed' -lfl -ll 'not found'; do
- case $ac_cv_lib_lex in @%:@(
- 'none needed') :
- ;; @%:@(
- 'not found') :
- break ;; @%:@(
- *) :
- LIBS="$ac_cv_lib_lex $ac_save_LIBS" ;; @%:@(
- *) :
- ;;
-esac
-
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-`cat $LEX_OUTPUT_ROOT.c`
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_found=:
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- if $ac_found; then
- break
- fi
- done
- LIBS="$ac_save_LIBS"
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5
-printf "%s\n" "$ac_cv_lib_lex" >&6; }
- if test "$ac_cv_lib_lex" = 'not found'
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: required lex library not found; giving up on $LEX" >&5
-printf "%s\n" "$as_me: WARNING: required lex library not found; giving up on $LEX" >&2;}
- LEX=: LEXLIB=
-elif test "$ac_cv_lib_lex" = 'none needed'
-then :
- LEXLIB=''
-else $as_nop
- LEXLIB=$ac_cv_lib_lex
-fi
- ac_save_LIBS="$LIBS"
- LIBS=
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing yywrap" >&5
-printf %s "checking for library containing yywrap... " >&6; }
-if test ${ac_cv_search_yywrap+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char yywrap ();
-int
-main (void)
-{
-return yywrap ();
- ;
- return 0;
-}
-_ACEOF
-for ac_lib in '' fl l
-do
- if test -z "$ac_lib"; then
- ac_res="none required"
- else
- ac_res=-l$ac_lib
- LIBS="-l$ac_lib $ac_func_search_save_LIBS"
- fi
- if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_search_yywrap=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext
- if test ${ac_cv_search_yywrap+y}
-then :
- break
-fi
-done
-if test ${ac_cv_search_yywrap+y}
-then :
-
-else $as_nop
- ac_cv_search_yywrap=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_yywrap" >&5
-printf "%s\n" "$ac_cv_search_yywrap" >&6; }
-ac_res=$ac_cv_search_yywrap
-if test "$ac_res" != no
-then :
- test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
- LEXLIB="$LIBS"
-fi
-
- LIBS="$ac_save_LIBS"
-fi
-
-
-if test "$LEX" != :
-then :
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether yytext is a pointer" >&5
-printf %s "checking whether yytext is a pointer... " >&6; }
-if test ${ac_cv_prog_lex_yytext_pointer+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- # POSIX says lex can declare yytext either as a pointer or an array; the
-# default is implementation-dependent. Figure out which it is, since
-# not all implementations provide the %pointer and %array declarations.
-ac_cv_prog_lex_yytext_pointer=no
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
- #define YYTEXT_POINTER 1
-`cat $LEX_OUTPUT_ROOT.c`
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_lex_yytext_pointer=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5
-printf "%s\n" "$ac_cv_prog_lex_yytext_pointer" >&6; }
-if test $ac_cv_prog_lex_yytext_pointer = yes; then
-
-printf "%s\n" "@%:@define YYTEXT_POINTER 1" >>confdefs.h
-
-fi
-
-fi
-rm -f conftest.l $LEX_OUTPUT_ROOT.c
-
-fi
-if test "$LEX" = :; then
- LEX=${am_missing_run}flex
-fi
-for ac_prog in 'bison -y' byacc
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_YACC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$YACC"; then
- ac_cv_prog_YACC="$YACC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_YACC="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-YACC=$ac_cv_prog_YACC
-if test -n "$YACC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5
-printf "%s\n" "$YACC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$YACC" && break
-done
-test -n "$YACC" || YACC="yacc"
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
-printf %s "checking for a sed that does not truncate output... " >&6; }
-if test ${ac_cv_path_SED+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
- for ac_i in 1 2 3 4 5 6 7; do
- ac_script="$ac_script$as_nl$ac_script"
- done
- echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
- { ac_script=; unset ac_script;}
- if test -z "$SED"; then
- ac_path_SED_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in sed gsed
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_SED" || continue
-# Check for GNU ac_path_SED and select it if it is found.
- # Check for GNU $ac_path_SED
-case `"$ac_path_SED" --version 2>&1` in
-*GNU*)
- ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" '' >> "conftest.nl"
- "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_SED_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_SED="$ac_path_SED"
- ac_path_SED_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_SED_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_SED"; then
- as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
- fi
-else
- ac_cv_path_SED=$SED
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
-printf "%s\n" "$ac_cv_path_SED" >&6; }
- SED="$ac_cv_path_SED"
- rm -f conftest.sed
-
-
-
-
-
-
-
-
-if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
-set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PKG_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PKG_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PKG_CONFIG=$ac_cv_path_PKG_CONFIG
-if test -n "$PKG_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
-printf "%s\n" "$PKG_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_path_PKG_CONFIG"; then
- ac_pt_PKG_CONFIG=$PKG_CONFIG
- # Extract the first word of "pkg-config", so it can be a program name with args.
-set dummy pkg-config; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_ac_pt_PKG_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $ac_pt_PKG_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_ac_pt_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
-if test -n "$ac_pt_PKG_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
-printf "%s\n" "$ac_pt_PKG_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_pt_PKG_CONFIG" = x; then
- PKG_CONFIG=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- PKG_CONFIG=$ac_pt_PKG_CONFIG
- fi
-else
- PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
-fi
-
-fi
-if test -n "$PKG_CONFIG"; then
- _pkg_min_version=0.9.0
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
-printf %s "checking pkg-config is at least version $_pkg_min_version... " >&6; }
- if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- PKG_CONFIG=""
- fi
-fi
-
-# Extract the first word of "swig", so it can be a program name with args.
-set dummy swig; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_SWIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $SWIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_SWIG="$SWIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_SWIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-SWIG=$ac_cv_path_SWIG
-if test -n "$SWIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SWIG" >&5
-printf "%s\n" "$SWIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor debug output should be enabled" >&5
-printf %s "checking whether the libapparmor debug output should be enabled... " >&6; }
-@%:@ Check whether --enable-debug_output was given.
-if test ${enable_debug_output+y}
-then :
- enableval=$enable_debug_output; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-printf "%s\n" "$enableval" >&6; }
-else $as_nop
- enable_debug_output=no
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_debug_output" >&5
-printf "%s\n" "$enable_debug_output" >&6; }
-fi
-
-if test "$enable_debug_output" = "yes"
-then :
-
-printf "%s\n" "@%:@define ENABLE_DEBUG_OUTPUT 1" >>confdefs.h
-
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor man pages should be generated" >&5
-printf %s "checking whether the libapparmor man pages should be generated... " >&6; }
-@%:@ Check whether --enable-man_pages was given.
-if test ${enable_man_pages+y}
-then :
- enableval=$enable_man_pages; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-printf "%s\n" "$enableval" >&6; }
-else $as_nop
- enable_man_pages=yes
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_man_pages" >&5
-printf "%s\n" "$enable_man_pages" >&6; }
-fi
-
-if test "$enable_man_pages" = "yes"; then
-
-
-
- # Extract the first word of "podchecker", so it can be a program name with args.
-set dummy podchecker; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_PODCHECKER+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$PODCHECKER"; then
- ac_cv_prog_PODCHECKER="$PODCHECKER" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_PODCHECKER="podchecker"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- test -z "$ac_cv_prog_PODCHECKER" && ac_cv_prog_PODCHECKER="no"
-fi
-fi
-PODCHECKER=$ac_cv_prog_PODCHECKER
-if test -n "$PODCHECKER"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PODCHECKER" >&5
-printf "%s\n" "$PODCHECKER" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- if test "$PODCHECKER" = "no"; then
- as_fn_error $? "
-The podchecker program was not found in the default path. podchecker is part of
-Perl, which can be retrieved from:
-
- https://www.perl.org
-" "$LINENO" 5
- fi
-
-
-
-
-
- # Extract the first word of "pod2man", so it can be a program name with args.
-set dummy pod2man; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_POD2MAN+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$POD2MAN"; then
- ac_cv_prog_POD2MAN="$POD2MAN" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_POD2MAN="pod2man"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- test -z "$ac_cv_prog_POD2MAN" && ac_cv_prog_POD2MAN="no"
-fi
-fi
-POD2MAN=$ac_cv_prog_POD2MAN
-if test -n "$POD2MAN"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $POD2MAN" >&5
-printf "%s\n" "$POD2MAN" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- if test "$POD2MAN" = "no"; then
- as_fn_error $? "
-The pod2man program was not found in the default path. pod2man is part of
-Perl, which can be retrieved from:
-
- https://www.perl.org
-" "$LINENO" 5
- fi
-
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether python bindings are enabled" >&5
-printf %s "checking whether python bindings are enabled... " >&6; }
-
-@%:@ Check whether --with-python was given.
-if test ${with_python+y}
-then :
- withval=$with_python; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-printf "%s\n" "$withval" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-if test "$with_python" = "yes"; then
- test -z "$SWIG" && as_fn_error $? "swig is required when enabling python bindings" "$LINENO" 5
- # Extract the first word of "python3", so it can be a program name with args.
-set dummy python3; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PYTHON+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PYTHON in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PYTHON=$ac_cv_path_PYTHON
-if test -n "$PYTHON"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-printf "%s\n" "$PYTHON" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -z "$PYTHON" && as_fn_error $? "python is required when enabling python bindings" "$LINENO" 5
-
-
-
- #
- # Allow the use of a (user set) custom python version
- #
-
-
- # Extract the first word of "python[$PYTHON_VERSION]", so it can be a program name with args.
-set dummy python$PYTHON_VERSION; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PYTHON+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PYTHON in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PYTHON=$ac_cv_path_PYTHON
-if test -n "$PYTHON"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-printf "%s\n" "$PYTHON" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- if test -z "$PYTHON"; then
- as_fn_error $? "Cannot find python$PYTHON_VERSION in your system path" "$LINENO" 5
- PYTHON_VERSION=""
- fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}`basename [$PYTHON]-config`", so it can be a program name with args.
-set dummy ${ac_tool_prefix}`basename $PYTHON-config`; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PYTHON_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PYTHON_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PYTHON_CONFIG="$PYTHON_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PYTHON_CONFIG=$ac_cv_path_PYTHON_CONFIG
-if test -n "$PYTHON_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CONFIG" >&5
-printf "%s\n" "$PYTHON_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_path_PYTHON_CONFIG"; then
- ac_pt_PYTHON_CONFIG=$PYTHON_CONFIG
- # Extract the first word of "`basename [$PYTHON]-config`", so it can be a program name with args.
-set dummy `basename $PYTHON-config`; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_ac_pt_PYTHON_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $ac_pt_PYTHON_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_ac_pt_PYTHON_CONFIG="$ac_pt_PYTHON_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_ac_pt_PYTHON_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-ac_pt_PYTHON_CONFIG=$ac_cv_path_ac_pt_PYTHON_CONFIG
-if test -n "$ac_pt_PYTHON_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PYTHON_CONFIG" >&5
-printf "%s\n" "$ac_pt_PYTHON_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_pt_PYTHON_CONFIG" = x; then
- PYTHON_CONFIG=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- PYTHON_CONFIG=$ac_pt_PYTHON_CONFIG
- fi
-else
- PYTHON_CONFIG="$ac_cv_path_PYTHON_CONFIG"
-fi
-
- if test -z "$PYTHON_CONFIG"; then
- as_fn_error $? "Cannot find python$PYTHON_VERSION-config in your system path" "$LINENO" 5
- fi
-
- #
- # Check for a version of Python >= 2.1.0
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a version of Python >= '2.1.0'" >&5
-printf %s "checking for a version of Python >= '2.1.0'... " >&6; }
- ac_supports_python_ver=`$PYTHON -c "import sys; \
- ver = sys.version.split()[0]; \
- sys.stdout.write(str(ver >= '2.1.0'))"`
- if test "$ac_supports_python_ver" != "True"; then
- if test -z "$PYTHON_NOVERSIONCHECK"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "
-This version of the AC@&t@_PYTHON_DEVEL macro
-doesn't work properly with versions of Python before
-2.1.0. You may need to re-run configure, setting the
-variables PYTHON_CPPFLAGS, PYTHON_LDFLAGS, PYTHON_SITE_PKG,
-PYTHON_EXTRA_LIBS and PYTHON_EXTRA_LDFLAGS by hand.
-Moreover, to disable this check, set PYTHON_NOVERSIONCHECK
-to something else than an empty string.
-
-See \`config.log' for more details" "$LINENO" 5; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: skip at user request" >&5
-printf "%s\n" "skip at user request" >&6; }
- fi
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- fi
-
- #
- # if the macro parameter ``version'' is set, honour it
- #
- if test -n ""; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a version of Python " >&5
-printf %s "checking for a version of Python ... " >&6; }
- ac_supports_python_ver=`$PYTHON -c "import sys; \
- ver = sys.version.split()[0]; \
- sys.stdout.write("%s\n" % (ver == ))"`
- if test "$ac_supports_python_ver" = "True"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- as_fn_error $? "this package requires Python .
-If you have it installed, but it isn't the default Python
-interpreter in your system path, please pass the PYTHON_VERSION
-variable to configure. See \`\`configure --help'' for reference.
-" "$LINENO" 5
- PYTHON_VERSION=""
- fi
- fi
-
- #
- # Check if you have setuptools, else fail
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for the setuptools Python package" >&5
-printf %s "checking for the setuptools Python package... " >&6; }
- ac_setuptools_result=`$PYTHON -c "import setuptools" 2>&1`
- if test -z "$ac_setuptools_result"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- as_fn_error $? "cannot import Python module \"setuptools\".
-Please check your Python installation. The error was:
-$ac_setuptools_result" "$LINENO" 5
- PYTHON_VERSION=""
- fi
-
- #
- # Check for Python include path
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python include path" >&5
-printf %s "checking for Python include path... " >&6; }
- if type $PYTHON_CONFIG; then
- PYTHON_CPPFLAGS=`$PYTHON_CONFIG --includes`
- fi
- if test -z "$PYTHON_CPPFLAGS"; then
- python_path=`$PYTHON -c "import sys; import sysconfig;\
-sys.stdout.write('%s\n' % sysconfig.get_path('include'));"`
- if test -n "${python_path}"; then
- python_path="-I$python_path"
- fi
- PYTHON_CPPFLAGS=$python_path
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CPPFLAGS" >&5
-printf "%s\n" "$PYTHON_CPPFLAGS" >&6; }
-
-
- #
- # Check for Python library path
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python library path" >&5
-printf %s "checking for Python library path... " >&6; }
- if type $PYTHON_CONFIG; then
- PYTHON_LDFLAGS=`$PYTHON_CONFIG --ldflags`
- fi
- if test -z "$PYTHON_LDFLAGS"; then
- # (makes two attempts to ensure we've got a version number
- # from the interpreter)
- py_version=`$PYTHON -c "import sys; import sysconfig; \
-sys.stdout.write('%s\n' % ''.join(sysconfig.get_config_vars('VERSION')))"`
- if test "$py_version" == "None"; then
- if test -n "$PYTHON_VERSION"; then
- py_version=$PYTHON_VERSION
- else
- py_version=`$PYTHON -c "import sys; \
-sys.stdout.write("%s\n" % sys.version[:3])"`
- fi
- fi
-
- PYTHON_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
-sys.stdout.write('-L' + sysconfig.get_path('stdlib') + ' -lpython\n')"`$py_version`$PYTHON -c \
-"import sys; sys.stdout.write('%s' % getattr(sys,'abiflags',''))"`
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LDFLAGS" >&5
-printf "%s\n" "$PYTHON_LDFLAGS" >&6; }
-
-
- #
- # Check for site packages
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python site-packages path" >&5
-printf %s "checking for Python site-packages path... " >&6; }
- if test -z "$PYTHON_SITE_PKG"; then
- PYTHON_SITE_PKG=`$PYTHON -c "import sys; import sysconfig; \
-sys.stdout.write('%s\n' % sysconfig.get_path('purelib'));"`
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_SITE_PKG" >&5
-printf "%s\n" "$PYTHON_SITE_PKG" >&6; }
-
-
- #
- # libraries which must be linked in when embedding
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking python extra libraries" >&5
-printf %s "checking python extra libraries... " >&6; }
- if type $PYTHON_CONFIG; then
- PYTHON_EXTRA_LIBS=`$PYTHON_CONFIG --libs --embed` || \
- PYTHON_EXTRA_LIBS=''
- fi
- if test -z "$PYTHON_EXTRA_LIBS"; then
- PYTHON_EXTRA_LIBS=`$PYTHON -c "import sys; import sysconfig; \
-conf = sysconfig.get_config_var; \
-sys.stdout.write('%s %s %s\n' % (conf('BLDLIBRARY'), conf('LOCALMODLIBS'), conf('LIBS')))"`
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LIBS" >&5
-printf "%s\n" "$PYTHON_EXTRA_LIBS" >&6; }
-
-
- #
- # linking flags needed when embedding
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking python extra linking flags" >&5
-printf %s "checking python extra linking flags... " >&6; }
- if type $PYTHON_CONFIG; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON_CONFIG --ldflags --embed` || \
- PYTHON_EXTRA_LDFLAGS=''
- fi
- if test -z "$PYTHON_EXTRA_LDFLAGS"; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
-conf = sysconfig.get_config_var; \
-sys.stdout.write('%s\n' % conf('LINKFORSHARED'))"`
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LDFLAGS" >&5
-printf "%s\n" "$PYTHON_EXTRA_LDFLAGS" >&6; }
-
-
- #
- # final check to see if everything compiles alright
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking consistency of all components of python development environment" >&5
-printf %s "checking consistency of all components of python development environment... " >&6; }
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- # save current global flags
- ac_save_LIBS="$LIBS"
- ac_save_CPPFLAGS="$CPPFLAGS"
- LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
- CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
- #include <Python.h>
-
-int
-main (void)
-{
-
- Py_Initialize();
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- pythonexists=yes
-else $as_nop
- pythonexists=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $pythonexists" >&5
-printf "%s\n" "$pythonexists" >&6; }
-
- if test ! "$pythonexists" = "yes"; then
- as_fn_error $? "
- Could not link test program to Python. Maybe the main Python library has been
- installed in some non-standard library path. If so, pass it to configure,
- via the LDFLAGS environment variable.
- Example: ./configure LDFLAGS=\"-L/usr/non-standard-path/python/lib\"
- ============================================================================
- ERROR!
- You probably have to install the development version of the Python package
- for your distribution. The exact name of this package varies among them.
- ============================================================================
- " "$LINENO" 5
- PYTHON_VERSION=""
- fi
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- # turn back to default flags
- CPPFLAGS="$ac_save_CPPFLAGS"
- LIBS="$ac_save_LIBS"
-
- #
- # all done!
- #
-
-
-
-
-
-
-
- if test -n "$PYTHON"; then
- # If the user set $PYTHON, use it and don't search something else.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version is >= 3.0" >&5
-printf %s "checking whether $PYTHON version is >= 3.0... " >&6; }
- prog="import sys
-# split strings by '.' and convert to numeric. Append some zeros
-# because we need at least 4 digits for the hex conversion.
-# map returns an iterator in Python 3.0 and a list in 2.x
-minver = list(map(int, '3.0'.split('.'))) + [0, 0, 0]
-minverhex = 0
-# xrange is not present in Python 3.0 and range returns an iterator
-for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i]
-sys.exit(sys.hexversion < minverhex)"
- if { echo "$as_me:$LINENO: $PYTHON -c "$prog"" >&5
- ($PYTHON -c "$prog") >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- as_fn_error $? "Python interpreter is too old" "$LINENO" 5
-fi
- am_display_PYTHON=$PYTHON
- else
- # Otherwise, try each interpreter until we find one that satisfies
- # VERSION.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a Python interpreter with version >= 3.0" >&5
-printf %s "checking for a Python interpreter with version >= 3.0... " >&6; }
-if test ${am_cv_pathless_PYTHON+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
- for am_cv_pathless_PYTHON in python python2 python3 python3.11 python3.10 python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do
- test "$am_cv_pathless_PYTHON" = none && break
- prog="import sys
-# split strings by '.' and convert to numeric. Append some zeros
-# because we need at least 4 digits for the hex conversion.
-# map returns an iterator in Python 3.0 and a list in 2.x
-minver = list(map(int, '3.0'.split('.'))) + [0, 0, 0]
-minverhex = 0
-# xrange is not present in Python 3.0 and range returns an iterator
-for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i]
-sys.exit(sys.hexversion < minverhex)"
- if { echo "$as_me:$LINENO: $am_cv_pathless_PYTHON -c "$prog"" >&5
- ($am_cv_pathless_PYTHON -c "$prog") >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-then :
- break
-fi
- done
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_pathless_PYTHON" >&5
-printf "%s\n" "$am_cv_pathless_PYTHON" >&6; }
- # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON.
- if test "$am_cv_pathless_PYTHON" = none; then
- PYTHON=:
- else
- # Extract the first word of "$am_cv_pathless_PYTHON", so it can be a program name with args.
-set dummy $am_cv_pathless_PYTHON; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PYTHON+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PYTHON in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PYTHON=$ac_cv_path_PYTHON
-if test -n "$PYTHON"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-printf "%s\n" "$PYTHON" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- fi
- am_display_PYTHON=$am_cv_pathless_PYTHON
- fi
-
-
- if test "$PYTHON" = :; then
- as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5
- else
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5
-printf %s "checking for $am_display_PYTHON version... " >&6; }
-if test ${am_cv_python_version+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- am_cv_python_version=`$PYTHON -c "import sys; print ('%u.%u' % sys.version_info[:2])"`
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5
-printf "%s\n" "$am_cv_python_version" >&6; }
- PYTHON_VERSION=$am_cv_python_version
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5
-printf %s "checking for $am_display_PYTHON platform... " >&6; }
-if test ${am_cv_python_platform+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5
-printf "%s\n" "$am_cv_python_platform" >&6; }
- PYTHON_PLATFORM=$am_cv_python_platform
-
-
- if test "x$prefix" = xNONE; then
- am__usable_prefix=$ac_default_prefix
- else
- am__usable_prefix=$prefix
- fi
-
- # Allow user to request using sys.* values from Python,
- # instead of the GNU $prefix values.
-
-@%:@ Check whether --with-python-sys-prefix was given.
-if test ${with_python_sys_prefix+y}
-then :
- withval=$with_python_sys_prefix; am_use_python_sys=:
-else $as_nop
- am_use_python_sys=false
-fi
-
-
- # Allow user to override whatever the default Python prefix is.
-
-@%:@ Check whether --with-python_prefix was given.
-if test ${with_python_prefix+y}
-then :
- withval=$with_python_prefix; am_python_prefix_subst=$withval
- am_cv_python_prefix=$withval
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON prefix" >&5
-printf %s "checking for explicit $am_display_PYTHON prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5
-printf "%s\n" "$am_cv_python_prefix" >&6; }
-else $as_nop
-
- if $am_use_python_sys; then
- # using python sys.prefix value, not GNU
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON prefix" >&5
-printf %s "checking for python default $am_display_PYTHON prefix... " >&6; }
-if test ${am_cv_python_prefix+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- am_cv_python_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.prefix)"`
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5
-printf "%s\n" "$am_cv_python_prefix" >&6; }
-
- case $am_cv_python_prefix in
- $am__usable_prefix*)
- am__strip_prefix=`echo "$am__usable_prefix" | sed 's|.|.|g'`
- am_python_prefix_subst=`echo "$am_cv_python_prefix" | sed "s,^$am__strip_prefix,\\${prefix},"`
- ;;
- *)
- am_python_prefix_subst=$am_cv_python_prefix
- ;;
- esac
- else # using GNU prefix value, not python sys.prefix
- am_python_prefix_subst='${prefix}'
- am_python_prefix=$am_python_prefix_subst
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON prefix" >&5
-printf %s "checking for GNU default $am_display_PYTHON prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_prefix" >&5
-printf "%s\n" "$am_python_prefix" >&6; }
- fi
-fi
-
- # Substituting python_prefix_subst value.
- PYTHON_PREFIX=$am_python_prefix_subst
-
-
- # emacs-page Now do it all over again for Python exec_prefix, but with yet
- # another conditional: fall back to regular prefix if that was specified.
-
-@%:@ Check whether --with-python_exec_prefix was given.
-if test ${with_python_exec_prefix+y}
-then :
- withval=$with_python_exec_prefix; am_python_exec_prefix_subst=$withval
- am_cv_python_exec_prefix=$withval
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON exec_prefix" >&5
-printf %s "checking for explicit $am_display_PYTHON exec_prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
-printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
-else $as_nop
-
- # no explicit --with-python_exec_prefix, but if
- # --with-python_prefix was given, use its value for python_exec_prefix too.
- if test -n "$with_python_prefix"
-then :
- am_python_exec_prefix_subst=$with_python_prefix
- am_cv_python_exec_prefix=$with_python_prefix
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python_prefix-given $am_display_PYTHON exec_prefix" >&5
-printf %s "checking for python_prefix-given $am_display_PYTHON exec_prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
-printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
-else $as_nop
-
- # Set am__usable_exec_prefix whether using GNU or Python values,
- # since we use that variable for pyexecdir.
- if test "x$exec_prefix" = xNONE; then
- am__usable_exec_prefix=$am__usable_prefix
- else
- am__usable_exec_prefix=$exec_prefix
- fi
- #
- if $am_use_python_sys; then # using python sys.exec_prefix, not GNU
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON exec_prefix" >&5
-printf %s "checking for python default $am_display_PYTHON exec_prefix... " >&6; }
-if test ${am_cv_python_exec_prefix+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- am_cv_python_exec_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.exec_prefix)"`
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
-printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
- case $am_cv_python_exec_prefix in
- $am__usable_exec_prefix*)
- am__strip_prefix=`echo "$am__usable_exec_prefix" | sed 's|.|.|g'`
- am_python_exec_prefix_subst=`echo "$am_cv_python_exec_prefix" | sed "s,^$am__strip_prefix,\\${exec_prefix},"`
- ;;
- *)
- am_python_exec_prefix_subst=$am_cv_python_exec_prefix
- ;;
- esac
- else # using GNU $exec_prefix, not python sys.exec_prefix
- am_python_exec_prefix_subst='${exec_prefix}'
- am_python_exec_prefix=$am_python_exec_prefix_subst
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON exec_prefix" >&5
-printf %s "checking for GNU default $am_display_PYTHON exec_prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_exec_prefix" >&5
-printf "%s\n" "$am_python_exec_prefix" >&6; }
- fi
-fi
-fi
-
- # Substituting python_exec_prefix_subst.
- PYTHON_EXEC_PREFIX=$am_python_exec_prefix_subst
-
-
- # Factor out some code duplication into this shell variable.
- am_python_setup_sysconfig="\
-import sys
-# Prefer sysconfig over distutils.sysconfig, for better compatibility
-# with python 3.x. See automake bug#10227.
-try:
- import sysconfig
-except ImportError:
- can_use_sysconfig = 0
-else:
- can_use_sysconfig = 1
-# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs:
-# <https://github.com/pypa/virtualenv/issues/118>
-try:
- from platform import python_implementation
- if python_implementation() == 'CPython' and sys.version[:3] == '2.7':
- can_use_sysconfig = 0
-except ImportError:
- pass"
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory (pythondir)" >&5
-printf %s "checking for $am_display_PYTHON script directory (pythondir)... " >&6; }
-if test ${am_cv_python_pythondir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test "x$am_cv_python_prefix" = x; then
- am_py_prefix=$am__usable_prefix
- else
- am_py_prefix=$am_cv_python_prefix
- fi
- am_cv_python_pythondir=`$PYTHON -c "
-$am_python_setup_sysconfig
-if can_use_sysconfig:
- if hasattr(sysconfig, 'get_default_scheme'):
- scheme = sysconfig.get_default_scheme()
- else:
- scheme = sysconfig._get_default_scheme()
- if scheme == 'posix_local':
- # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
- scheme = 'posix_prefix'
- sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'})
-else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
-sys.stdout.write(sitedir)"`
- #
- case $am_cv_python_pythondir in
- $am_py_prefix*)
- am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
- am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,\\${PYTHON_PREFIX},"`
- ;;
- *)
- case $am_py_prefix in
- /usr|/System*) ;;
- *) am_cv_python_pythondir="\${PYTHON_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
- ;;
- esac
- ;;
- esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5
-printf "%s\n" "$am_cv_python_pythondir" >&6; }
- pythondir=$am_cv_python_pythondir
-
-
- pkgpythondir=\${pythondir}/$PACKAGE
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory (pyexecdir)" >&5
-printf %s "checking for $am_display_PYTHON extension module directory (pyexecdir)... " >&6; }
-if test ${am_cv_python_pyexecdir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test "x$am_cv_python_exec_prefix" = x; then
- am_py_exec_prefix=$am__usable_exec_prefix
- else
- am_py_exec_prefix=$am_cv_python_exec_prefix
- fi
- am_cv_python_pyexecdir=`$PYTHON -c "
-$am_python_setup_sysconfig
-if can_use_sysconfig:
- if hasattr(sysconfig, 'get_default_scheme'):
- scheme = sysconfig.get_default_scheme()
- else:
- scheme = sysconfig._get_default_scheme()
- if scheme == 'posix_local':
- # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
- scheme = 'posix_prefix'
- sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'})
-else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_exec_prefix')
-sys.stdout.write(sitedir)"`
- #
- case $am_cv_python_pyexecdir in
- $am_py_exec_prefix*)
- am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
- am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,\\${PYTHON_EXEC_PREFIX},"`
- ;;
- *)
- case $am_py_exec_prefix in
- /usr|/System*) ;;
- *) am_cv_python_pyexecdir="\${PYTHON_EXEC_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
- ;;
- esac
- ;;
- esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5
-printf "%s\n" "$am_cv_python_pyexecdir" >&6; }
- pyexecdir=$am_cv_python_pyexecdir
-
-
- pkgpyexecdir=\${pyexecdir}/$PACKAGE
-
-
-
- fi
-
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether perl bindings are enabled" >&5
-printf %s "checking whether perl bindings are enabled... " >&6; }
-
-@%:@ Check whether --with-perl was given.
-if test ${with_perl+y}
-then :
- withval=$with_perl; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-printf "%s\n" "$withval" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-if test "$with_perl" = "yes"; then
- test -z "$SWIG" && as_fn_error $? "swig is required when enabling perl bindings" "$LINENO" 5
- # Extract the first word of "perl", so it can be a program name with args.
-set dummy perl; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PERL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PERL in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PERL="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PERL=$ac_cv_path_PERL
-if test -n "$PERL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
-printf "%s\n" "$PERL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -z "$PERL" && as_fn_error $? "perl is required when enabling perl bindings" "$LINENO" 5
- perl_includedir="`$PERL -e 'use Config; print $Config{archlib}'`/CORE"
- if test -e "$perl_includedir/perl.h"
-then :
- enable_perl=yes
-else $as_nop
- enable_perl=no
-fi
-fi
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ruby bindings are enabled" >&5
-printf %s "checking whether ruby bindings are enabled... " >&6; }
-
-@%:@ Check whether --with-ruby was given.
-if test ${with_ruby+y}
-then :
- withval=$with_ruby; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-printf "%s\n" "$withval" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-if test "$with_ruby" = "yes"; then
- test -z "$SWIG" && as_fn_error $? "swig is required when enabling ruby bindings" "$LINENO" 5
- # Extract the first word of "ruby", so it can be a program name with args.
-set dummy ruby; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_RUBY+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $RUBY in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_RUBY="$RUBY" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_RUBY="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-RUBY=$ac_cv_path_RUBY
-if test -n "$RUBY"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RUBY" >&5
-printf "%s\n" "$RUBY" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -z "$RUBY" && as_fn_error $? "ruby is required when enabling ruby bindings" "$LINENO" 5
-fi
-
-
- if test x$enable_man_pages = xyes; then
- ENABLE_MAN_PAGES_TRUE=
- ENABLE_MAN_PAGES_FALSE='#'
-else
- ENABLE_MAN_PAGES_TRUE='#'
- ENABLE_MAN_PAGES_FALSE=
-fi
-
- if test x$with_python = xyes; then
- HAVE_PYTHON_TRUE=
- HAVE_PYTHON_FALSE='#'
-else
- HAVE_PYTHON_TRUE='#'
- HAVE_PYTHON_FALSE=
-fi
-
- if test x$with_perl = xyes; then
- HAVE_PERL_TRUE=
- HAVE_PERL_FALSE='#'
-else
- HAVE_PERL_TRUE='#'
- HAVE_PERL_FALSE=
-fi
-
- if test x$with_ruby = xyes; then
- HAVE_RUBY_TRUE=
- HAVE_RUBY_FALSE='#'
-else
- HAVE_RUBY_TRUE='#'
- HAVE_RUBY_FALSE=
-fi
-
-
-ac_header= ac_cache=
-for ac_item in $ac_header_c_list
-do
- if test $ac_cache; then
- ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default"
- if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then
- printf "%s\n" "#define $ac_item 1" >> confdefs.h
- fi
- ac_header= ac_cache=
- elif test $ac_header; then
- ac_cache=$ac_item
- else
- ac_header=$ac_item
- fi
-done
-
-
-
-
-
-
-
-
-if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes
-then :
-
-printf "%s\n" "@%:@define STDC_HEADERS 1" >>confdefs.h
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
-printf %s "checking for grep that handles long lines and -e... " >&6; }
-if test ${ac_cv_path_GREP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -z "$GREP"; then
- ac_path_GREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in grep ggrep
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_GREP="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_GREP" || continue
-# Check for GNU ac_path_GREP and select it if it is found.
- # Check for GNU $ac_path_GREP
-case `"$ac_path_GREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" 'GREP' >> "conftest.nl"
- "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_GREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_GREP="$ac_path_GREP"
- ac_path_GREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_GREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_GREP"; then
- as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_GREP=$GREP
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
-printf "%s\n" "$ac_cv_path_GREP" >&6; }
- GREP="$ac_cv_path_GREP"
-
-
-# Autoupdate added the next two lines to ensure that your configure
-# script's behavior did not change. They are probably safe to remove.
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
-printf %s "checking for egrep... " >&6; }
-if test ${ac_cv_path_EGREP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
- then ac_cv_path_EGREP="$GREP -E"
- else
- if test -z "$EGREP"; then
- ac_path_EGREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in egrep
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_EGREP" || continue
-# Check for GNU ac_path_EGREP and select it if it is found.
- # Check for GNU $ac_path_EGREP
-case `"$ac_path_EGREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" 'EGREP' >> "conftest.nl"
- "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_EGREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_EGREP="$ac_path_EGREP"
- ac_path_EGREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_EGREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_EGREP"; then
- as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_EGREP=$EGREP
-fi
-
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
-printf "%s\n" "$ac_cv_path_EGREP" >&6; }
- EGREP="$ac_cv_path_EGREP"
-
-
-
-ac_fn_c_check_header_compile "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
-if test "x$ac_cv_header_unistd_h" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_UNISTD_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
-if test "x$ac_cv_header_stdint_h" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_STDINT_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "syslog.h" "ac_cv_header_syslog_h" "$ac_includes_default"
-if test "x$ac_cv_header_syslog_h" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_SYSLOG_H 1" >>confdefs.h
-
-fi
-
-
-ac_fn_c_check_func "$LINENO" "asprintf" "ac_cv_func_asprintf"
-if test "x$ac_cv_func_asprintf" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_ASPRINTF 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "__secure_getenv" "ac_cv_func___secure_getenv"
-if test "x$ac_cv_func___secure_getenv" = xyes
-then :
- printf "%s\n" "@%:@define HAVE___SECURE_GETENV 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "secure_getenv" "ac_cv_func_secure_getenv"
-if test "x$ac_cv_func_secure_getenv" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_SECURE_GETENV 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray"
-if test "x$ac_cv_func_reallocarray" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_REALLOCARRAY 1" >>confdefs.h
-
-fi
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
-printf %s "checking for an ANSI C-conforming const... " >&6; }
-if test ${ac_cv_c_const+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
-#ifndef __cplusplus
- /* Ultrix mips cc rejects this sort of thing. */
- typedef int charset[2];
- const charset cs = { 0, 0 };
- /* SunOS 4.1.1 cc rejects this. */
- char const *const *pcpcc;
- char **ppc;
- /* NEC SVR4.0.2 mips cc rejects this. */
- struct point {int x, y;};
- static struct point const zero = {0,0};
- /* IBM XL C 1.02.0.0 rejects this.
- It does not let you subtract one const X* pointer from another in
- an arm of an if-expression whose if-part is not a constant
- expression */
- const char *g = "string";
- pcpcc = &g + (g ? g-g : 0);
- /* HPUX 7.0 cc rejects these. */
- ++pcpcc;
- ppc = (char**) pcpcc;
- pcpcc = (char const *const *) ppc;
- { /* SCO 3.2v4 cc rejects this sort of thing. */
- char tx;
- char *t = &tx;
- char const *s = 0 ? (char *) 0 : (char const *) 0;
-
- *t++ = 0;
- if (s) return 0;
- }
- { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
- int x[] = {25, 17};
- const int *foo = &x[0];
- ++foo;
- }
- { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
- typedef const int *iptr;
- iptr p = 0;
- ++p;
- }
- { /* IBM XL C 1.02.0.0 rejects this sort of thing, saying
- "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
- struct s { int j; const int *ap[3]; } bx;
- struct s *b = &bx; b->j = 5;
- }
- { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
- const int foo = 10;
- if (!foo) return 0;
- }
- return !cs[0] && !zero.x;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_c_const=yes
-else $as_nop
- ac_cv_c_const=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
-printf "%s\n" "$ac_cv_c_const" >&6; }
-if test $ac_cv_c_const = no; then
-
-printf "%s\n" "@%:@define const /**/" >>confdefs.h
-
-fi
-
-case `pwd` in
- *\ * | *\ *)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
-printf "%s\n" "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
-esac
-
-
-
-macro_version='2.4.6'
-macro_revision='2.4.6'
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-ltmain=$ac_aux_dir/ltmain.sh
-
-
-
- # Make sure we can run config.sub.
-$SHELL "${ac_aux_dir}config.sub" sun4 >/dev/null 2>&1 ||
- as_fn_error $? "cannot run $SHELL ${ac_aux_dir}config.sub" "$LINENO" 5
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
-printf %s "checking build system type... " >&6; }
-if test ${ac_cv_build+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_build_alias=$build_alias
-test "x$ac_build_alias" = x &&
- ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"`
-test "x$ac_build_alias" = x &&
- as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
-ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` ||
- as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
-printf "%s\n" "$ac_cv_build" >&6; }
-case $ac_cv_build in
-*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
-esac
-build=$ac_cv_build
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_build
-shift
-build_cpu=$1
-build_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-build_os=$*
-IFS=$ac_save_IFS
-case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
-printf %s "checking host system type... " >&6; }
-if test ${ac_cv_host+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test "x$host_alias" = x; then
- ac_cv_host=$ac_cv_build
-else
- ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` ||
- as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
-printf "%s\n" "$ac_cv_host" >&6; }
-case $ac_cv_host in
-*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
-esac
-host=$ac_cv_host
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_host
-shift
-host_cpu=$1
-host_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-host_os=$*
-IFS=$ac_save_IFS
-case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
-
-
-# Backslashify metacharacters that are still active within
-# double-quoted strings.
-sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\(["`\\]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to delay expansion of an escaped single quote.
-delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-
-ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5
-printf %s "checking how to print strings... " >&6; }
-# Test print first, because it will be a builtin if present.
-if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
- test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
- ECHO='print -r --'
-elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
- ECHO='printf %s\n'
-else
- # Use this function as a fallback that always works.
- func_fallback_echo ()
- {
- eval 'cat <<_LTECHO_EOF
-$1
-_LTECHO_EOF'
- }
- ECHO='func_fallback_echo'
-fi
-
-# func_echo_all arg...
-# Invoke $ECHO with all args, space-separated.
-func_echo_all ()
-{
- $ECHO ""
-}
-
-case $ECHO in
- printf*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: printf" >&5
-printf "%s\n" "printf" >&6; } ;;
- print*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: print -r" >&5
-printf "%s\n" "print -r" >&6; } ;;
- *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: cat" >&5
-printf "%s\n" "cat" >&6; } ;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
-printf %s "checking for a sed that does not truncate output... " >&6; }
-if test ${ac_cv_path_SED+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
- for ac_i in 1 2 3 4 5 6 7; do
- ac_script="$ac_script$as_nl$ac_script"
- done
- echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
- { ac_script=; unset ac_script;}
- if test -z "$SED"; then
- ac_path_SED_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in sed gsed
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_SED" || continue
-# Check for GNU ac_path_SED and select it if it is found.
- # Check for GNU $ac_path_SED
-case `"$ac_path_SED" --version 2>&1` in
-*GNU*)
- ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" '' >> "conftest.nl"
- "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_SED_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_SED="$ac_path_SED"
- ac_path_SED_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_SED_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_SED"; then
- as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
- fi
-else
- ac_cv_path_SED=$SED
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
-printf "%s\n" "$ac_cv_path_SED" >&6; }
- SED="$ac_cv_path_SED"
- rm -f conftest.sed
-
-test -z "$SED" && SED=sed
-Xsed="$SED -e 1s/^X//"
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
-printf %s "checking for fgrep... " >&6; }
-if test ${ac_cv_path_FGREP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
- then ac_cv_path_FGREP="$GREP -F"
- else
- if test -z "$FGREP"; then
- ac_path_FGREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in fgrep
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_FGREP="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_FGREP" || continue
-# Check for GNU ac_path_FGREP and select it if it is found.
- # Check for GNU $ac_path_FGREP
-case `"$ac_path_FGREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" 'FGREP' >> "conftest.nl"
- "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_FGREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_FGREP="$ac_path_FGREP"
- ac_path_FGREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_FGREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_FGREP"; then
- as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_FGREP=$FGREP
-fi
-
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
-printf "%s\n" "$ac_cv_path_FGREP" >&6; }
- FGREP="$ac_cv_path_FGREP"
-
-
-test -z "$GREP" && GREP=grep
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-@%:@ Check whether --with-gnu-ld was given.
-if test ${with_gnu_ld+y}
-then :
- withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes
-else $as_nop
- with_gnu_ld=no
-fi
-
-ac_prog=ld
-if test yes = "$GCC"; then
- # Check if gcc -print-prog-name=ld gives a path.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
-printf %s "checking for ld used by $CC... " >&6; }
- case $host in
- *-*-mingw*)
- # gcc leaves a trailing carriage return, which upsets mingw
- ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
- *)
- ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
- esac
- case $ac_prog in
- # Accept absolute paths.
- [\\/]* | ?:[\\/]*)
- re_direlt='/[^/][^/]*/\.\./'
- # Canonicalize the pathname of ld
- ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
- while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
- ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
- done
- test -z "$LD" && LD=$ac_prog
- ;;
- "")
- # If it fails, then pretend we aren't using GCC.
- ac_prog=ld
- ;;
- *)
- # If it is relative, then search for the first ld in PATH.
- with_gnu_ld=unknown
- ;;
- esac
-elif test yes = "$with_gnu_ld"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
-printf %s "checking for GNU ld... " >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
-printf %s "checking for non-GNU ld... " >&6; }
-fi
-if test ${lt_cv_path_LD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -z "$LD"; then
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
- lt_cv_path_LD=$ac_dir/$ac_prog
- # Check to see if the program is GNU ld. I'd rather use --version,
- # but apparently some variants of GNU ld only accept -v.
- # Break only if it was the GNU/non-GNU ld that we prefer.
- case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
- *GNU* | *'with BFD'*)
- test no != "$with_gnu_ld" && break
- ;;
- *)
- test yes != "$with_gnu_ld" && break
- ;;
- esac
- fi
- done
- IFS=$lt_save_ifs
-else
- lt_cv_path_LD=$LD # Let the user override the test with a path.
-fi
-fi
-
-LD=$lt_cv_path_LD
-if test -n "$LD"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
-printf "%s\n" "$LD" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
-printf %s "checking if the linker ($LD) is GNU ld... " >&6; }
-if test ${lt_cv_prog_gnu_ld+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- # I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
- lt_cv_prog_gnu_ld=yes
- ;;
-*)
- lt_cv_prog_gnu_ld=no
- ;;
-esac
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
-printf "%s\n" "$lt_cv_prog_gnu_ld" >&6; }
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
-printf %s "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
-if test ${lt_cv_path_NM+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$NM"; then
- # Let the user override the test.
- lt_cv_path_NM=$NM
-else
- lt_nm_to_check=${ac_tool_prefix}nm
- if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
- lt_nm_to_check="$lt_nm_to_check nm"
- fi
- for lt_tmp_nm in $lt_nm_to_check; do
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- tmp_nm=$ac_dir/$lt_tmp_nm
- if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
- # Check to see if the nm accepts a BSD-compat flag.
- # Adding the 'sed 1q' prevents false positives on HP-UX, which says:
- # nm: unknown option "B" ignored
- # Tru64's nm complains that /dev/null is an invalid object file
- # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
- case $build_os in
- mingw*) lt_bad_file=conftest.nm/nofile ;;
- *) lt_bad_file=/dev/null ;;
- esac
- case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
- *$lt_bad_file* | *'Invalid file or object type'*)
- lt_cv_path_NM="$tmp_nm -B"
- break 2
- ;;
- *)
- case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
- */dev/null*)
- lt_cv_path_NM="$tmp_nm -p"
- break 2
- ;;
- *)
- lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
- continue # so that we can try to find one that supports BSD flags
- ;;
- esac
- ;;
- esac
- fi
- done
- IFS=$lt_save_ifs
- done
- : ${lt_cv_path_NM=no}
-fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
-printf "%s\n" "$lt_cv_path_NM" >&6; }
-if test no != "$lt_cv_path_NM"; then
- NM=$lt_cv_path_NM
-else
- # Didn't find any BSD compatible name lister, look for dumpbin.
- if test -n "$DUMPBIN"; then :
- # Let the user override the test.
- else
- if test -n "$ac_tool_prefix"; then
- for ac_prog in dumpbin "link -dump"
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_DUMPBIN+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$DUMPBIN"; then
- ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-DUMPBIN=$ac_cv_prog_DUMPBIN
-if test -n "$DUMPBIN"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
-printf "%s\n" "$DUMPBIN" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$DUMPBIN" && break
- done
-fi
-if test -z "$DUMPBIN"; then
- ac_ct_DUMPBIN=$DUMPBIN
- for ac_prog in dumpbin "link -dump"
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_DUMPBIN+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_DUMPBIN"; then
- ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
-if test -n "$ac_ct_DUMPBIN"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
-printf "%s\n" "$ac_ct_DUMPBIN" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$ac_ct_DUMPBIN" && break
-done
-
- if test "x$ac_ct_DUMPBIN" = x; then
- DUMPBIN=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- DUMPBIN=$ac_ct_DUMPBIN
- fi
-fi
-
- case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
- *COFF*)
- DUMPBIN="$DUMPBIN -symbols -headers"
- ;;
- *)
- DUMPBIN=:
- ;;
- esac
- fi
-
- if test : != "$DUMPBIN"; then
- NM=$DUMPBIN
- fi
-fi
-test -z "$NM" && NM=nm
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
-printf %s "checking the name lister ($NM) interface... " >&6; }
-if test ${lt_cv_nm_interface+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_nm_interface="BSD nm"
- echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5)
- (eval "$ac_compile" 2>conftest.err)
- cat conftest.err >&5
- (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
- (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
- cat conftest.err >&5
- (eval echo "\"\$as_me:$LINENO: output\"" >&5)
- cat conftest.out >&5
- if $GREP 'External.*some_variable' conftest.out > /dev/null; then
- lt_cv_nm_interface="MS dumpbin"
- fi
- rm -f conftest*
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
-printf "%s\n" "$lt_cv_nm_interface" >&6; }
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
-printf %s "checking whether ln -s works... " >&6; }
-LN_S=$as_ln_s
-if test "$LN_S" = "ln -s"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
-printf "%s\n" "no, using $LN_S" >&6; }
-fi
-
-# find the maximum length of command line arguments
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
-printf %s "checking the maximum length of command line arguments... " >&6; }
-if test ${lt_cv_sys_max_cmd_len+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- i=0
- teststring=ABCD
-
- case $build_os in
- msdosdjgpp*)
- # On DJGPP, this test can blow up pretty badly due to problems in libc
- # (any single argument exceeding 2000 bytes causes a buffer overrun
- # during glob expansion). Even if it were fixed, the result of this
- # check would be larger than it should be.
- lt_cv_sys_max_cmd_len=12288; # 12K is about right
- ;;
-
- gnu*)
- # Under GNU Hurd, this test is not required because there is
- # no limit to the length of command line arguments.
- # Libtool will interpret -1 as no limit whatsoever
- lt_cv_sys_max_cmd_len=-1;
- ;;
-
- cygwin* | mingw* | cegcc*)
- # On Win9x/ME, this test blows up -- it succeeds, but takes
- # about 5 minutes as the teststring grows exponentially.
- # Worse, since 9x/ME are not pre-emptively multitasking,
- # you end up with a "frozen" computer, even though with patience
- # the test eventually succeeds (with a max line length of 256k).
- # Instead, let's just punt: use the minimum linelength reported by
- # all of the supported platforms: 8192 (on NT/2K/XP).
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- mint*)
- # On MiNT this can take a long time and run out of memory.
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- amigaos*)
- # On AmigaOS with pdksh, this test takes hours, literally.
- # So we just punt and use a minimum line length of 8192.
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
- # This has been around since 386BSD, at least. Likely further.
- if test -x /sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
- elif test -x /usr/sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
- else
- lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
- fi
- # And add a safety zone
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- ;;
-
- interix*)
- # We know the value 262144 and hardcode it with a safety zone (like BSD)
- lt_cv_sys_max_cmd_len=196608
- ;;
-
- os2*)
- # The test takes a long time on OS/2.
- lt_cv_sys_max_cmd_len=8192
- ;;
-
- osf*)
- # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
- # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
- # nice to cause kernel panics so lets avoid the loop below.
- # First set a reasonable default.
- lt_cv_sys_max_cmd_len=16384
- #
- if test -x /sbin/sysconfig; then
- case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
- *1*) lt_cv_sys_max_cmd_len=-1 ;;
- esac
- fi
- ;;
- sco3.2v5*)
- lt_cv_sys_max_cmd_len=102400
- ;;
- sysv5* | sco5v6* | sysv4.2uw2*)
- kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
- if test -n "$kargmax"; then
- lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'`
- else
- lt_cv_sys_max_cmd_len=32768
- fi
- ;;
- *)
- lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
- if test -n "$lt_cv_sys_max_cmd_len" && \
- test undefined != "$lt_cv_sys_max_cmd_len"; then
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- else
- # Make teststring a little bigger before we do anything with it.
- # a 1K string should be a reasonable start.
- for i in 1 2 3 4 5 6 7 8; do
- teststring=$teststring$teststring
- done
- SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
- # If test is not a shell built-in, we'll probably end up computing a
- # maximum length that is only half of the actual maximum length, but
- # we can't tell.
- while { test X`env echo "$teststring$teststring" 2>/dev/null` \
- = "X$teststring$teststring"; } >/dev/null 2>&1 &&
- test 17 != "$i" # 1/2 MB should be enough
- do
- i=`expr $i + 1`
- teststring=$teststring$teststring
- done
- # Only check the string length outside the loop.
- lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
- teststring=
- # Add a significant safety factor because C++ compilers can tack on
- # massive amounts of additional arguments before passing them to the
- # linker. It appears as though 1/2 is a usable value.
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
- fi
- ;;
- esac
-
-fi
-
-if test -n "$lt_cv_sys_max_cmd_len"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
-printf "%s\n" "$lt_cv_sys_max_cmd_len" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5
-printf "%s\n" "none" >&6; }
-fi
-max_cmd_len=$lt_cv_sys_max_cmd_len
-
-
-
-
-
-
-: ${CP="cp -f"}
-: ${MV="mv -f"}
-: ${RM="rm -f"}
-
-if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
- lt_unset=unset
-else
- lt_unset=false
-fi
-
-
-
-
-
-# test EBCDIC or ASCII
-case `echo X|tr X '\101'` in
- A) # ASCII based system
- # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
- lt_SP2NL='tr \040 \012'
- lt_NL2SP='tr \015\012 \040\040'
- ;;
- *) # EBCDIC based system
- lt_SP2NL='tr \100 \n'
- lt_NL2SP='tr \r\n \100\100'
- ;;
-esac
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5
-printf %s "checking how to convert $build file names to $host format... " >&6; }
-if test ${lt_cv_to_host_file_cmd+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $host in
- *-*-mingw* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
- ;;
- *-*-cygwin* )
- lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
- ;;
- * ) # otherwise, assume *nix
- lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
- ;;
- esac
- ;;
- *-*-cygwin* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
- ;;
- *-*-cygwin* )
- lt_cv_to_host_file_cmd=func_convert_file_noop
- ;;
- * ) # otherwise, assume *nix
- lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
- ;;
- esac
- ;;
- * ) # unhandled hosts (and "normal" native builds)
- lt_cv_to_host_file_cmd=func_convert_file_noop
- ;;
-esac
-
-fi
-
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5
-printf "%s\n" "$lt_cv_to_host_file_cmd" >&6; }
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5
-printf %s "checking how to convert $build file names to toolchain format... " >&6; }
-if test ${lt_cv_to_tool_file_cmd+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- #assume ordinary cross tools, or native build.
-lt_cv_to_tool_file_cmd=func_convert_file_noop
-case $host in
- *-*-mingw* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
- ;;
- esac
- ;;
-esac
-
-fi
-
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5
-printf "%s\n" "$lt_cv_to_tool_file_cmd" >&6; }
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
-printf %s "checking for $LD option to reload object files... " >&6; }
-if test ${lt_cv_ld_reload_flag+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ld_reload_flag='-r'
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
-printf "%s\n" "$lt_cv_ld_reload_flag" >&6; }
-reload_flag=$lt_cv_ld_reload_flag
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-case $host_os in
- cygwin* | mingw* | pw32* | cegcc*)
- if test yes != "$GCC"; then
- reload_cmds=false
- fi
- ;;
- darwin*)
- if test yes = "$GCC"; then
- reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
- else
- reload_cmds='$LD$reload_flag -o $output$reload_objs'
- fi
- ;;
-esac
-
-
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
-set dummy ${ac_tool_prefix}objdump; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_OBJDUMP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$OBJDUMP"; then
- ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OBJDUMP=$ac_cv_prog_OBJDUMP
-if test -n "$OBJDUMP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
-printf "%s\n" "$OBJDUMP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OBJDUMP"; then
- ac_ct_OBJDUMP=$OBJDUMP
- # Extract the first word of "objdump", so it can be a program name with args.
-set dummy objdump; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_OBJDUMP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_OBJDUMP"; then
- ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_OBJDUMP="objdump"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
-if test -n "$ac_ct_OBJDUMP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
-printf "%s\n" "$ac_ct_OBJDUMP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_OBJDUMP" = x; then
- OBJDUMP="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OBJDUMP=$ac_ct_OBJDUMP
- fi
-else
- OBJDUMP="$ac_cv_prog_OBJDUMP"
-fi
-
-test -z "$OBJDUMP" && OBJDUMP=objdump
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
-printf %s "checking how to recognize dependent libraries... " >&6; }
-if test ${lt_cv_deplibs_check_method+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# 'unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# that responds to the $file_magic_cmd with a given extended regex.
-# If you have 'file' or equivalent on your system and you're not sure
-# whether 'pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix[4-9]*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-beos*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-bsdi[45]*)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
- lt_cv_file_magic_cmd='/usr/bin/file -L'
- lt_cv_file_magic_test_file=/shlib/libc.so
- ;;
-
-cygwin*)
- # func_win32_libid is a shell function defined in ltmain.sh
- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
- lt_cv_file_magic_cmd='func_win32_libid'
- ;;
-
-mingw* | pw32*)
- # Base MSYS/MinGW do not provide the 'file' command needed by
- # func_win32_libid shell function, so use a weaker test based on 'objdump',
- # unless we find 'file', for example because we are cross-compiling.
- if ( file / ) >/dev/null 2>&1; then
- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
- lt_cv_file_magic_cmd='func_win32_libid'
- else
- # Keep this pattern in sync with the one in func_win32_libid.
- lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
- lt_cv_file_magic_cmd='$OBJDUMP -f'
- fi
- ;;
-
-cegcc*)
- # use the weaker test based on 'objdump'. See mingw*.
- lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
- lt_cv_file_magic_cmd='$OBJDUMP -f'
- ;;
-
-darwin* | rhapsody*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-freebsd* | dragonfly*)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
- case $host_cpu in
- i*86 )
- # Not sure whether the presence of OpenBSD here was a mistake.
- # Let's accept both of them until this is cleared up.
- lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
- lt_cv_file_magic_cmd=/usr/bin/file
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
- ;;
- esac
- else
- lt_cv_deplibs_check_method=pass_all
- fi
- ;;
-
-haiku*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-hpux10.20* | hpux11*)
- lt_cv_file_magic_cmd=/usr/bin/file
- case $host_cpu in
- ia64*)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
- lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
- ;;
- hppa*64*)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'
- lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
- ;;
- *)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library'
- lt_cv_file_magic_test_file=/usr/lib/libc.sl
- ;;
- esac
- ;;
-
-interix[3-9]*)
- # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
- ;;
-
-irix5* | irix6* | nonstopux*)
- case $LD in
- *-32|*"-32 ") libmagic=32-bit;;
- *-n32|*"-n32 ") libmagic=N32;;
- *-64|*"-64 ") libmagic=64-bit;;
- *) libmagic=never-match;;
- esac
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
- else
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
- fi
- ;;
-
-newos6*)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
- lt_cv_file_magic_cmd=/usr/bin/file
- lt_cv_file_magic_test_file=/usr/lib/libnls.so
- ;;
-
-*nto* | *qnx*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-openbsd* | bitrig*)
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
- else
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
- fi
- ;;
-
-osf3* | osf4* | osf5*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-rdos*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-solaris*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-sysv4 | sysv4.3*)
- case $host_vendor in
- motorola)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
- ;;
- ncr)
- lt_cv_deplibs_check_method=pass_all
- ;;
- sequent)
- lt_cv_file_magic_cmd='/bin/file'
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
- ;;
- sni)
- lt_cv_file_magic_cmd='/bin/file'
- lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
- lt_cv_file_magic_test_file=/lib/libc.so
- ;;
- siemens)
- lt_cv_deplibs_check_method=pass_all
- ;;
- pc)
- lt_cv_deplibs_check_method=pass_all
- ;;
- esac
- ;;
-
-tpf*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-os2*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
-printf "%s\n" "$lt_cv_deplibs_check_method" >&6; }
-
-file_magic_glob=
-want_nocaseglob=no
-if test "$build" = "$host"; then
- case $host_os in
- mingw* | pw32*)
- if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
- want_nocaseglob=yes
- else
- file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"`
- fi
- ;;
- esac
-fi
-
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args.
-set dummy ${ac_tool_prefix}dlltool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_DLLTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$DLLTOOL"; then
- ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-DLLTOOL=$ac_cv_prog_DLLTOOL
-if test -n "$DLLTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5
-printf "%s\n" "$DLLTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_DLLTOOL"; then
- ac_ct_DLLTOOL=$DLLTOOL
- # Extract the first word of "dlltool", so it can be a program name with args.
-set dummy dlltool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_DLLTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_DLLTOOL"; then
- ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_DLLTOOL="dlltool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL
-if test -n "$ac_ct_DLLTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5
-printf "%s\n" "$ac_ct_DLLTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_DLLTOOL" = x; then
- DLLTOOL="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- DLLTOOL=$ac_ct_DLLTOOL
- fi
-else
- DLLTOOL="$ac_cv_prog_DLLTOOL"
-fi
-
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5
-printf %s "checking how to associate runtime and link libraries... " >&6; }
-if test ${lt_cv_sharedlib_from_linklib_cmd+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_sharedlib_from_linklib_cmd='unknown'
-
-case $host_os in
-cygwin* | mingw* | pw32* | cegcc*)
- # two different shell functions defined in ltmain.sh;
- # decide which one to use based on capabilities of $DLLTOOL
- case `$DLLTOOL --help 2>&1` in
- *--identify-strict*)
- lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
- ;;
- *)
- lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
- ;;
- esac
- ;;
-*)
- # fallback: assume linklib IS sharedlib
- lt_cv_sharedlib_from_linklib_cmd=$ECHO
- ;;
-esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5
-printf "%s\n" "$lt_cv_sharedlib_from_linklib_cmd" >&6; }
-sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
-test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- for ac_prog in ar
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_AR+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$AR"; then
- ac_cv_prog_AR="$AR" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-AR=$ac_cv_prog_AR
-if test -n "$AR"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
-printf "%s\n" "$AR" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$AR" && break
- done
-fi
-if test -z "$AR"; then
- ac_ct_AR=$AR
- for ac_prog in ar
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_AR+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_AR"; then
- ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_AR="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_AR=$ac_cv_prog_ac_ct_AR
-if test -n "$ac_ct_AR"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
-printf "%s\n" "$ac_ct_AR" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$ac_ct_AR" && break
-done
-
- if test "x$ac_ct_AR" = x; then
- AR="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- AR=$ac_ct_AR
- fi
-fi
-
-: ${AR=ar}
-: ${AR_FLAGS=cr}
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5
-printf %s "checking for archiver @FILE support... " >&6; }
-if test ${lt_cv_ar_at_file+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ar_at_file=no
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- echo conftest.$ac_objext > conftest.lst
- lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5'
- { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
- (eval $lt_ar_try) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if test 0 -eq "$ac_status"; then
- # Ensure the archiver fails upon bogus file names.
- rm -f conftest.$ac_objext libconftest.a
- { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
- (eval $lt_ar_try) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if test 0 -ne "$ac_status"; then
- lt_cv_ar_at_file=@
- fi
- fi
- rm -f conftest.* libconftest.a
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5
-printf "%s\n" "$lt_cv_ar_at_file" >&6; }
-
-if test no = "$lt_cv_ar_at_file"; then
- archiver_list_spec=
-else
- archiver_list_spec=$lt_cv_ar_at_file
-fi
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$STRIP"; then
- ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-printf "%s\n" "$STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
- ac_ct_STRIP=$STRIP
- # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_STRIP"; then
- ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_STRIP="strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-printf "%s\n" "$ac_ct_STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_STRIP" = x; then
- STRIP=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- STRIP=$ac_ct_STRIP
- fi
-else
- STRIP="$ac_cv_prog_STRIP"
-fi
-
-test -z "$STRIP" && STRIP=:
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
-set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_RANLIB+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$RANLIB"; then
- ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-RANLIB=$ac_cv_prog_RANLIB
-if test -n "$RANLIB"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
-printf "%s\n" "$RANLIB" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_RANLIB"; then
- ac_ct_RANLIB=$RANLIB
- # Extract the first word of "ranlib", so it can be a program name with args.
-set dummy ranlib; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_RANLIB+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_RANLIB"; then
- ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_RANLIB="ranlib"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
-if test -n "$ac_ct_RANLIB"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
-printf "%s\n" "$ac_ct_RANLIB" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_RANLIB" = x; then
- RANLIB=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- RANLIB=$ac_ct_RANLIB
- fi
-else
- RANLIB="$ac_cv_prog_RANLIB"
-fi
-
-test -z "$RANLIB" && RANLIB=:
-
-
-
-
-
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
- case $host_os in
- bitrig* | openbsd*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
- ;;
- *)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
- ;;
- esac
- old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
-fi
-
-case $host_os in
- darwin*)
- lock_old_archive_extraction=yes ;;
- *)
- lock_old_archive_extraction=no ;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
-printf %s "checking command to parse $NM output from $compiler object... " >&6; }
-if test ${lt_cv_sys_global_symbol_pipe+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix. What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[BCDEGRST]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
-
-# Define system-specific variables.
-case $host_os in
-aix*)
- symcode='[BCDT]'
- ;;
-cygwin* | mingw* | pw32* | cegcc*)
- symcode='[ABCDGISTW]'
- ;;
-hpux*)
- if test ia64 = "$host_cpu"; then
- symcode='[ABCDEGRST]'
- fi
- ;;
-irix* | nonstopux*)
- symcode='[BCDEGRST]'
- ;;
-osf*)
- symcode='[BCDEGQRST]'
- ;;
-solaris*)
- symcode='[BDRT]'
- ;;
-sco3.2v5*)
- symcode='[DT]'
- ;;
-sysv4.2uw2*)
- symcode='[DT]'
- ;;
-sysv5* | sco5v6* | unixware* | OpenUNIX*)
- symcode='[ABDT]'
- ;;
-sysv4)
- symcode='[DFNSTU]'
- ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-case `$NM -V 2>&1` in
-*GNU* | *'with BFD'*)
- symcode='[ABCDGIRSTW]' ;;
-esac
-
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- # Gets list of data symbols to import.
- lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
- # Adjust the below global symbol transforms to fixup imported variables.
- lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
- lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'"
- lt_c_name_lib_hook="\
- -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\
- -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'"
-else
- # Disable hooks by default.
- lt_cv_sys_global_symbol_to_import=
- lt_cdecl_hook=
- lt_c_name_hook=
- lt_c_name_lib_hook=
-fi
-
-# Transform an extracted symbol line into a proper C declaration.
-# Some systems (esp. on ia64) link data and code symbols differently,
-# so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
-$lt_cdecl_hook\
-" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
-$lt_c_name_hook\
-" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'"
-
-# Transform an extracted symbol line into symbol name with lib prefix and
-# symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
-$lt_c_name_lib_hook\
-" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'"
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $build_os in
-mingw*)
- opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
- ;;
-esac
-
-# Try without a prefix underscore, then with it.
-for ac_symprfx in "" "_"; do
-
- # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
- symxfrm="\\1 $ac_symprfx\\2 \\2"
-
- # Write the raw and C identifiers.
- if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- # Fake it for dumpbin and say T for any non-static function,
- # D for any global variable and I for any imported variable.
- # Also find C++ and __fastcall symbols from MSVC++,
- # which start with @ or ?.
- lt_cv_sys_global_symbol_pipe="$AWK '"\
-" {last_section=section; section=\$ 3};"\
-" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
-" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
-" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
-" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
-" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
-" \$ 0!~/External *\|/{next};"\
-" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
-" {if(hide[section]) next};"\
-" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
-" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
-" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
-" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
-" ' prfx=^$ac_symprfx"
- else
- lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
- fi
- lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
-
- # Check to see that the pipe works correctly.
- pipe_works=no
-
- rm -f conftest*
- cat > conftest.$ac_ext <<_LT_EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(void);
-void nm_test_func(void){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-_LT_EOF
-
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- # Now try to grab the symbols.
- nlist=conftest.nm
- $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&5
- if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&5 && test -s "$nlist"; then
- # Try sorting and uniquifying the output.
- if sort "$nlist" | uniq > "$nlist"T; then
- mv -f "$nlist"T "$nlist"
- else
- rm -f "$nlist"T
- fi
-
- # Make sure that we snagged all the symbols we need.
- if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
- if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
- cat <<_LT_EOF > conftest.$ac_ext
-/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */
-#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
-/* DATA imports from DLLs on WIN32 can't be const, because runtime
- relocations are performed -- see ld's documentation on pseudo-relocs. */
-# define LT@&t@_DLSYM_CONST
-#elif defined __osf__
-/* This system does not cope well with relocations in const data. */
-# define LT@&t@_DLSYM_CONST
-#else
-# define LT@&t@_DLSYM_CONST const
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-_LT_EOF
- # Now generate the symbol file.
- eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
-
- cat <<_LT_EOF >> conftest.$ac_ext
-
-/* The mapping between symbol names and symbols. */
-LT@&t@_DLSYM_CONST struct {
- const char *name;
- void *address;
-}
-lt__PROGRAM__LTX_preloaded_symbols[] =
-{
- { "@PROGRAM@", (void *) 0 },
-_LT_EOF
- $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
- cat <<\_LT_EOF >> conftest.$ac_ext
- {0, (void *) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
- return lt__PROGRAM__LTX_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-_LT_EOF
- # Now try linking the two files.
- mv conftest.$ac_objext conftstm.$ac_objext
- lt_globsym_save_LIBS=$LIBS
- lt_globsym_save_CFLAGS=$CFLAGS
- LIBS=conftstm.$ac_objext
- CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s conftest$ac_exeext; then
- pipe_works=yes
- fi
- LIBS=$lt_globsym_save_LIBS
- CFLAGS=$lt_globsym_save_CFLAGS
- else
- echo "cannot find nm_test_func in $nlist" >&5
- fi
- else
- echo "cannot find nm_test_var in $nlist" >&5
- fi
- else
- echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
- fi
- else
- echo "$progname: failed program was:" >&5
- cat conftest.$ac_ext >&5
- fi
- rm -rf conftest* conftst*
-
- # Do not use the global_symbol_pipe unless it works.
- if test yes = "$pipe_works"; then
- break
- else
- lt_cv_sys_global_symbol_pipe=
- fi
-done
-
-fi
-
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
- lt_cv_sys_global_symbol_to_cdecl=
-fi
-if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: failed" >&5
-printf "%s\n" "failed" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok" >&5
-printf "%s\n" "ok" >&6; }
-fi
-
-# Response file support.
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- nm_file_list_spec='@'
-elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then
- nm_file_list_spec='@'
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5
-printf %s "checking for sysroot... " >&6; }
-
-@%:@ Check whether --with-sysroot was given.
-if test ${with_sysroot+y}
-then :
- withval=$with_sysroot;
-else $as_nop
- with_sysroot=no
-fi
-
-
-lt_sysroot=
-case $with_sysroot in #(
- yes)
- if test yes = "$GCC"; then
- lt_sysroot=`$CC --print-sysroot 2>/dev/null`
- fi
- ;; #(
- /*)
- lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
- ;; #(
- no|'')
- ;; #(
- *)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5
-printf "%s\n" "$with_sysroot" >&6; }
- as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5
- ;;
-esac
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5
-printf "%s\n" "${lt_sysroot:-no}" >&6; }
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5
-printf %s "checking for a working dd... " >&6; }
-if test ${ac_cv_path_lt_DD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-: ${lt_DD:=$DD}
-if test -z "$lt_DD"; then
- ac_path_lt_DD_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in dd
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_lt_DD="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_lt_DD" || continue
-if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
- cmp -s conftest.i conftest.out \
- && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
-fi
- $ac_path_lt_DD_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_lt_DD"; then
- :
- fi
-else
- ac_cv_path_lt_DD=$lt_DD
-fi
-
-rm -f conftest.i conftest2.i conftest.out
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5
-printf "%s\n" "$ac_cv_path_lt_DD" >&6; }
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5
-printf %s "checking how to truncate binary pipes... " >&6; }
-if test ${lt_cv_truncate_bin+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-lt_cv_truncate_bin=
-if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
- cmp -s conftest.i conftest.out \
- && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
-fi
-rm -f conftest.i conftest2.i conftest.out
-test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5
-printf "%s\n" "$lt_cv_truncate_bin" >&6; }
-
-
-
-
-
-
-
-# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
- for cc_temp in @S|@*""; do
- case $cc_temp in
- compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
- distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
- \-*) ;;
- *) break;;
- esac
- done
- func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-
-@%:@ Check whether --enable-libtool-lock was given.
-if test ${enable_libtool_lock+y}
-then :
- enableval=$enable_libtool_lock;
-fi
-
-test no = "$enable_libtool_lock" || enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-ia64-*-hpux*)
- # Find out what ABI is being produced by ac_compile, and set mode
- # options accordingly.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.$ac_objext` in
- *ELF-32*)
- HPUX_IA64_MODE=32
- ;;
- *ELF-64*)
- HPUX_IA64_MODE=64
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-*-*-irix6*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo '#line '$LINENO' "configure"' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- if test yes = "$lt_cv_prog_gnu_ld"; then
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- LD="${LD-ld} -melf32bsmip"
- ;;
- *N32*)
- LD="${LD-ld} -melf32bmipn32"
- ;;
- *64-bit*)
- LD="${LD-ld} -melf64bmip"
- ;;
- esac
- else
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- LD="${LD-ld} -32"
- ;;
- *N32*)
- LD="${LD-ld} -n32"
- ;;
- *64-bit*)
- LD="${LD-ld} -64"
- ;;
- esac
- fi
- fi
- rm -rf conftest*
- ;;
-
-mips64*-*linux*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo '#line '$LINENO' "configure"' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- emul=elf
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- emul="${emul}32"
- ;;
- *64-bit*)
- emul="${emul}64"
- ;;
- esac
- case `/usr/bin/file conftest.$ac_objext` in
- *MSB*)
- emul="${emul}btsmip"
- ;;
- *LSB*)
- emul="${emul}ltsmip"
- ;;
- esac
- case `/usr/bin/file conftest.$ac_objext` in
- *N32*)
- emul="${emul}n32"
- ;;
- esac
- LD="${LD-ld} -m $emul"
- fi
- rm -rf conftest*
- ;;
-
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
-s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly. Note that the listed cases only cover the
- # situations where additional linker options are needed (such as when
- # doing 32-bit compilation for a host where ld defaults to 64-bit, or
- # vice versa); the common cases where no linker options are needed do
- # not appear in the list.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.o` in
- *32-bit*)
- case $host in
- x86_64-*kfreebsd*-gnu)
- LD="${LD-ld} -m elf_i386_fbsd"
- ;;
- x86_64-*linux*)
- case `/usr/bin/file conftest.o` in
- *x86-64*)
- LD="${LD-ld} -m elf32_x86_64"
- ;;
- *)
- LD="${LD-ld} -m elf_i386"
- ;;
- esac
- ;;
- powerpc64le-*linux*)
- LD="${LD-ld} -m elf32lppclinux"
- ;;
- powerpc64-*linux*)
- LD="${LD-ld} -m elf32ppclinux"
- ;;
- s390x-*linux*)
- LD="${LD-ld} -m elf_s390"
- ;;
- sparc64-*linux*)
- LD="${LD-ld} -m elf32_sparc"
- ;;
- esac
- ;;
- *64-bit*)
- case $host in
- x86_64-*kfreebsd*-gnu)
- LD="${LD-ld} -m elf_x86_64_fbsd"
- ;;
- x86_64-*linux*)
- LD="${LD-ld} -m elf_x86_64"
- ;;
- powerpcle-*linux*)
- LD="${LD-ld} -m elf64lppc"
- ;;
- powerpc-*linux*)
- LD="${LD-ld} -m elf64ppc"
- ;;
- s390*-*linux*|s390*-*tpf*)
- LD="${LD-ld} -m elf64_s390"
- ;;
- sparc*-*linux*)
- LD="${LD-ld} -m elf64_sparc"
- ;;
- esac
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-
-*-*-sco3.2v5*)
- # On SCO OpenServer 5, we need -belf to get full-featured binaries.
- SAVE_CFLAGS=$CFLAGS
- CFLAGS="$CFLAGS -belf"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
-printf %s "checking whether the C compiler needs -belf... " >&6; }
-if test ${lt_cv_cc_needs_belf+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- lt_cv_cc_needs_belf=yes
-else $as_nop
- lt_cv_cc_needs_belf=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
-printf "%s\n" "$lt_cv_cc_needs_belf" >&6; }
- if test yes != "$lt_cv_cc_needs_belf"; then
- # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
- CFLAGS=$SAVE_CFLAGS
- fi
- ;;
-*-*solaris*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.o` in
- *64-bit*)
- case $lt_cv_prog_gnu_ld in
- yes*)
- case $host in
- i?86-*-solaris*|x86_64-*-solaris*)
- LD="${LD-ld} -m elf_x86_64"
- ;;
- sparc*-*-solaris*)
- LD="${LD-ld} -m elf64_sparc"
- ;;
- esac
- # GNU ld 2.21 introduced _sol2 emulations. Use them if available.
- if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
- LD=${LD-ld}_sol2
- fi
- ;;
- *)
- if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
- LD="${LD-ld} -64"
- fi
- ;;
- esac
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-esac
-
-need_locks=$enable_libtool_lock
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args.
-set dummy ${ac_tool_prefix}mt; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_MANIFEST_TOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$MANIFEST_TOOL"; then
- ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL
-if test -n "$MANIFEST_TOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5
-printf "%s\n" "$MANIFEST_TOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_MANIFEST_TOOL"; then
- ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL
- # Extract the first word of "mt", so it can be a program name with args.
-set dummy mt; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_MANIFEST_TOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_MANIFEST_TOOL"; then
- ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_MANIFEST_TOOL="mt"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL
-if test -n "$ac_ct_MANIFEST_TOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5
-printf "%s\n" "$ac_ct_MANIFEST_TOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_MANIFEST_TOOL" = x; then
- MANIFEST_TOOL=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL
- fi
-else
- MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL"
-fi
-
-test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5
-printf %s "checking if $MANIFEST_TOOL is a manifest tool... " >&6; }
-if test ${lt_cv_path_mainfest_tool+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_path_mainfest_tool=no
- echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5
- $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
- cat conftest.err >&5
- if $GREP 'Manifest Tool' conftest.out > /dev/null; then
- lt_cv_path_mainfest_tool=yes
- fi
- rm -f conftest*
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5
-printf "%s\n" "$lt_cv_path_mainfest_tool" >&6; }
-if test yes != "$lt_cv_path_mainfest_tool"; then
- MANIFEST_TOOL=:
-fi
-
-
-
-
-
-
- case $host_os in
- rhapsody* | darwin*)
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
-set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_DSYMUTIL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$DSYMUTIL"; then
- ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-DSYMUTIL=$ac_cv_prog_DSYMUTIL
-if test -n "$DSYMUTIL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
-printf "%s\n" "$DSYMUTIL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_DSYMUTIL"; then
- ac_ct_DSYMUTIL=$DSYMUTIL
- # Extract the first word of "dsymutil", so it can be a program name with args.
-set dummy dsymutil; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_DSYMUTIL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_DSYMUTIL"; then
- ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
-if test -n "$ac_ct_DSYMUTIL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
-printf "%s\n" "$ac_ct_DSYMUTIL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_DSYMUTIL" = x; then
- DSYMUTIL=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- DSYMUTIL=$ac_ct_DSYMUTIL
- fi
-else
- DSYMUTIL="$ac_cv_prog_DSYMUTIL"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
-set dummy ${ac_tool_prefix}nmedit; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_NMEDIT+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$NMEDIT"; then
- ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-NMEDIT=$ac_cv_prog_NMEDIT
-if test -n "$NMEDIT"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
-printf "%s\n" "$NMEDIT" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_NMEDIT"; then
- ac_ct_NMEDIT=$NMEDIT
- # Extract the first word of "nmedit", so it can be a program name with args.
-set dummy nmedit; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_NMEDIT+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_NMEDIT"; then
- ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_NMEDIT="nmedit"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
-if test -n "$ac_ct_NMEDIT"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
-printf "%s\n" "$ac_ct_NMEDIT" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_NMEDIT" = x; then
- NMEDIT=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- NMEDIT=$ac_ct_NMEDIT
- fi
-else
- NMEDIT="$ac_cv_prog_NMEDIT"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
-set dummy ${ac_tool_prefix}lipo; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_LIPO+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$LIPO"; then
- ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-LIPO=$ac_cv_prog_LIPO
-if test -n "$LIPO"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
-printf "%s\n" "$LIPO" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_LIPO"; then
- ac_ct_LIPO=$LIPO
- # Extract the first word of "lipo", so it can be a program name with args.
-set dummy lipo; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_LIPO+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_LIPO"; then
- ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_LIPO="lipo"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
-if test -n "$ac_ct_LIPO"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
-printf "%s\n" "$ac_ct_LIPO" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_LIPO" = x; then
- LIPO=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- LIPO=$ac_ct_LIPO
- fi
-else
- LIPO="$ac_cv_prog_LIPO"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
-set dummy ${ac_tool_prefix}otool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_OTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$OTOOL"; then
- ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OTOOL=$ac_cv_prog_OTOOL
-if test -n "$OTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
-printf "%s\n" "$OTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OTOOL"; then
- ac_ct_OTOOL=$OTOOL
- # Extract the first word of "otool", so it can be a program name with args.
-set dummy otool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_OTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_OTOOL"; then
- ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_OTOOL="otool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
-if test -n "$ac_ct_OTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
-printf "%s\n" "$ac_ct_OTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_OTOOL" = x; then
- OTOOL=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OTOOL=$ac_ct_OTOOL
- fi
-else
- OTOOL="$ac_cv_prog_OTOOL"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
-set dummy ${ac_tool_prefix}otool64; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_OTOOL64+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$OTOOL64"; then
- ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OTOOL64=$ac_cv_prog_OTOOL64
-if test -n "$OTOOL64"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
-printf "%s\n" "$OTOOL64" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OTOOL64"; then
- ac_ct_OTOOL64=$OTOOL64
- # Extract the first word of "otool64", so it can be a program name with args.
-set dummy otool64; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_OTOOL64+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_OTOOL64"; then
- ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_OTOOL64="otool64"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
-if test -n "$ac_ct_OTOOL64"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
-printf "%s\n" "$ac_ct_OTOOL64" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_OTOOL64" = x; then
- OTOOL64=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OTOOL64=$ac_ct_OTOOL64
- fi
-else
- OTOOL64="$ac_cv_prog_OTOOL64"
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
-printf %s "checking for -single_module linker flag... " >&6; }
-if test ${lt_cv_apple_cc_single_mod+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_apple_cc_single_mod=no
- if test -z "$LT_MULTI_MODULE"; then
- # By default we will add the -single_module flag. You can override
- # by either setting the environment variable LT_MULTI_MODULE
- # non-empty at configure time, or by adding -multi_module to the
- # link flags.
- rm -rf libconftest.dylib*
- echo "int foo(void){return 1;}" > conftest.c
- echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
--dynamiclib -Wl,-single_module conftest.c" >&5
- $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
- -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
- _lt_result=$?
- # If there is a non-empty error log, and "single_module"
- # appears in it, assume the flag caused a linker warning
- if test -s conftest.err && $GREP single_module conftest.err; then
- cat conftest.err >&5
- # Otherwise, if the output was created with a 0 exit code from
- # the compiler, it worked.
- elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
- lt_cv_apple_cc_single_mod=yes
- else
- cat conftest.err >&5
- fi
- rm -rf libconftest.dylib*
- rm -f conftest.*
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
-printf "%s\n" "$lt_cv_apple_cc_single_mod" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
-printf %s "checking for -exported_symbols_list linker flag... " >&6; }
-if test ${lt_cv_ld_exported_symbols_list+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ld_exported_symbols_list=no
- save_LDFLAGS=$LDFLAGS
- echo "_main" > conftest.sym
- LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- lt_cv_ld_exported_symbols_list=yes
-else $as_nop
- lt_cv_ld_exported_symbols_list=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
-printf "%s\n" "$lt_cv_ld_exported_symbols_list" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5
-printf %s "checking for -force_load linker flag... " >&6; }
-if test ${lt_cv_ld_force_load+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ld_force_load=no
- cat > conftest.c << _LT_EOF
-int forced_loaded() { return 2;}
-_LT_EOF
- echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5
- $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5
- echo "$AR cr libconftest.a conftest.o" >&5
- $AR cr libconftest.a conftest.o 2>&5
- echo "$RANLIB libconftest.a" >&5
- $RANLIB libconftest.a 2>&5
- cat > conftest.c << _LT_EOF
-int main() { return 0;}
-_LT_EOF
- echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5
- $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
- _lt_result=$?
- if test -s conftest.err && $GREP force_load conftest.err; then
- cat conftest.err >&5
- elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
- lt_cv_ld_force_load=yes
- else
- cat conftest.err >&5
- fi
- rm -f conftest.err libconftest.a conftest conftest.c
- rm -rf conftest.dSYM
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5
-printf "%s\n" "$lt_cv_ld_force_load" >&6; }
- case $host_os in
- rhapsody* | darwin1.[012])
- _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
- darwin1.*)
- _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- darwin*) # darwin 5.x on
- # if running on 10.5 or later, the deployment target defaults
- # to the OS version, if on x86, and 10.4, the deployment
- # target defaults to 10.4. Don't you love it?
- case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
- 10.0,*86*-darwin8*|10.0,*-darwin[912]*)
- _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
- 10.[012][,.]*)
- _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- 10.*|11.*)
- _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
- esac
- ;;
- esac
- if test yes = "$lt_cv_apple_cc_single_mod"; then
- _lt_dar_single_mod='$single_module'
- fi
- if test yes = "$lt_cv_ld_exported_symbols_list"; then
- _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
- else
- _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
- fi
- if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
- _lt_dsymutil='~$DSYMUTIL $lib || :'
- else
- _lt_dsymutil=
- fi
- ;;
- esac
-
-# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-# string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-# string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-# string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-# "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-# VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
- case x@S|@2 in
- x)
- ;;
- *:)
- eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
- ;;
- x:*)
- eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
- ;;
- *::*)
- eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
- eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
- ;;
- *)
- eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
- ;;
- esac
-}
-
-ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
-"
-if test "x$ac_cv_header_dlfcn_h" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_DLFCN_H 1" >>confdefs.h
-
-fi
-
-
-
-
-
-# Set options
-
-
-
- enable_dlopen=no
-
-
- enable_win32_dll=no
-
-
- @%:@ Check whether --enable-shared was given.
-if test ${enable_shared+y}
-then :
- enableval=$enable_shared; p=${PACKAGE-default}
- case $enableval in
- yes) enable_shared=yes ;;
- no) enable_shared=no ;;
- *)
- enable_shared=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_shared=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- enable_shared=yes
-fi
-
-
-
-
-
-
-
-
-
- @%:@ Check whether --enable-static was given.
-if test ${enable_static+y}
-then :
- enableval=$enable_static; p=${PACKAGE-default}
- case $enableval in
- yes) enable_static=yes ;;
- no) enable_static=no ;;
- *)
- enable_static=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_static=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- enable_static=yes
-fi
-
-
-
-
-
-
-
-
-
-
-@%:@ Check whether --with-pic was given.
-if test ${with_pic+y}
-then :
- withval=$with_pic; lt_p=${PACKAGE-default}
- case $withval in
- yes|no) pic_mode=$withval ;;
- *)
- pic_mode=default
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for lt_pkg in $withval; do
- IFS=$lt_save_ifs
- if test "X$lt_pkg" = "X$lt_p"; then
- pic_mode=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- pic_mode=default
-fi
-
-
-
-
-
-
-
-
- @%:@ Check whether --enable-fast-install was given.
-if test ${enable_fast_install+y}
-then :
- enableval=$enable_fast_install; p=${PACKAGE-default}
- case $enableval in
- yes) enable_fast_install=yes ;;
- no) enable_fast_install=no ;;
- *)
- enable_fast_install=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_fast_install=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- enable_fast_install=yes
-fi
-
-
-
-
-
-
-
-
- shared_archive_member_spec=
-case $host,$enable_shared in
-power*-*-aix[5-9]*,yes)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5
-printf %s "checking which variant of shared library versioning to provide... " >&6; }
-
-@%:@ Check whether --with-aix-soname was given.
-if test ${with_aix_soname+y}
-then :
- withval=$with_aix_soname; case $withval in
- aix|svr4|both)
- ;;
- *)
- as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5
- ;;
- esac
- lt_cv_with_aix_soname=$with_aix_soname
-else $as_nop
- if test ${lt_cv_with_aix_soname+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_with_aix_soname=aix
-fi
-
- with_aix_soname=$lt_cv_with_aix_soname
-fi
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5
-printf "%s\n" "$with_aix_soname" >&6; }
- if test aix != "$with_aix_soname"; then
- # For the AIX way of multilib, we name the shared archive member
- # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
- # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
- # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
- # the AIX toolchain works better with OBJECT_MODE set (default 32).
- if test 64 = "${OBJECT_MODE-32}"; then
- shared_archive_member_spec=shr_64
- else
- shared_archive_member_spec=shr
- fi
- fi
- ;;
-*)
- with_aix_soname=aix
- ;;
-esac
-
-
-
-
-
-
-
-
-
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS=$ltmain
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-test -z "$LN_S" && LN_S="ln -s"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-if test -n "${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
-printf %s "checking for objdir... " >&6; }
-if test ${lt_cv_objdir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
- lt_cv_objdir=.libs
-else
- # MS-DOS does not allow filenames that begin with a dot.
- lt_cv_objdir=_libs
-fi
-rmdir .libs 2>/dev/null
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
-printf "%s\n" "$lt_cv_objdir" >&6; }
-objdir=$lt_cv_objdir
-
-
-
-
-
-printf "%s\n" "@%:@define LT_OBJDIR \"$lt_cv_objdir/\"" >>confdefs.h
-
-
-
-
-case $host_os in
-aix3*)
- # AIX sometimes has problems with the GCC collect2 program. For some
- # reason, if we set the COLLECT_NAMES environment variable, the problems
- # vanish in a puff of smoke.
- if test set != "${COLLECT_NAMES+set}"; then
- COLLECT_NAMES=
- export COLLECT_NAMES
- fi
- ;;
-esac
-
-# Global variables:
-ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-old_CC=$CC
-old_CFLAGS=$CFLAGS
-
-# Set sane defaults for various variables
-test -z "$CC" && CC=cc
-test -z "$LTCC" && LTCC=$CC
-test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
-test -z "$LD" && LD=ld
-test -z "$ac_objext" && ac_objext=o
-
-func_cc_basename $compiler
-cc_basename=$func_cc_basename_result
-
-
-# Only perform the check for file, if the check method requires it
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-case $deplibs_check_method in
-file_magic*)
- if test "$file_magic_cmd" = '$MAGIC_CMD'; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
-printf %s "checking for ${ac_tool_prefix}file... " >&6; }
-if test ${lt_cv_path_MAGIC_CMD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $MAGIC_CMD in
-[\\/*] | ?:[\\/]*)
- lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
- ;;
-*)
- lt_save_MAGIC_CMD=$MAGIC_CMD
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
- for ac_dir in $ac_dummy; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/${ac_tool_prefix}file"; then
- lt_cv_path_MAGIC_CMD=$ac_dir/"${ac_tool_prefix}file"
- if test -n "$file_magic_test_file"; then
- case $deplibs_check_method in
- "file_magic "*)
- file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD=$lt_cv_path_MAGIC_CMD
- if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
- $EGREP "$file_magic_regex" > /dev/null; then
- :
- else
- cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such. This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem. Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
- fi ;;
- esac
- fi
- break
- fi
- done
- IFS=$lt_save_ifs
- MAGIC_CMD=$lt_save_MAGIC_CMD
- ;;
-esac
-fi
-
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-printf "%s\n" "$MAGIC_CMD" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-
-
-
-if test -z "$lt_cv_path_MAGIC_CMD"; then
- if test -n "$ac_tool_prefix"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for file" >&5
-printf %s "checking for file... " >&6; }
-if test ${lt_cv_path_MAGIC_CMD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $MAGIC_CMD in
-[\\/*] | ?:[\\/]*)
- lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
- ;;
-*)
- lt_save_MAGIC_CMD=$MAGIC_CMD
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
- for ac_dir in $ac_dummy; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/file"; then
- lt_cv_path_MAGIC_CMD=$ac_dir/"file"
- if test -n "$file_magic_test_file"; then
- case $deplibs_check_method in
- "file_magic "*)
- file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD=$lt_cv_path_MAGIC_CMD
- if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
- $EGREP "$file_magic_regex" > /dev/null; then
- :
- else
- cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such. This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem. Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
- fi ;;
- esac
- fi
- break
- fi
- done
- IFS=$lt_save_ifs
- MAGIC_CMD=$lt_save_MAGIC_CMD
- ;;
-esac
-fi
-
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-printf "%s\n" "$MAGIC_CMD" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- else
- MAGIC_CMD=:
- fi
-fi
-
- fi
- ;;
-esac
-
-# Use C for the default configuration in the libtool script
-
-lt_save_CC=$CC
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-# Source file extension for C test sources.
-ac_ext=c
-
-# Object file extension for compiled C test sources.
-objext=o
-objext=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}'
-
-
-
-
-
-
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-# Save the default compiler, since it gets overwritten when the other
-# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
-compiler_DEFAULT=$CC
-
-# save warnings/boilerplate of simple test code
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$RM conftest*
-
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$RM -r conftest*
-
-
-if test -n "$compiler"; then
-
-lt_prog_compiler_no_builtin_flag=
-
-if test yes = "$GCC"; then
- case $cc_basename in
- nvcc*)
- lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;;
- *)
- lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;;
- esac
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
-printf %s "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
-if test ${lt_cv_prog_compiler_rtti_exceptions+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_rtti_exceptions=no
- ac_outfile=conftest.$ac_objext
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="-fno-rtti -fno-exceptions" ## exclude from sc_useless_quotes_in_assignment
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- # The option is referenced via a variable to avoid confusing sed.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>conftest.err)
- ac_status=$?
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s "$ac_outfile"; then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings other than the usual output.
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_rtti_exceptions=yes
- fi
- fi
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
-printf "%s\n" "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
-
-if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then
- lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
-else
- :
-fi
-
-fi
-
-
-
-
-
-
- lt_prog_compiler_wl=
-lt_prog_compiler_pic=
-lt_prog_compiler_static=
-
-
- if test yes = "$GCC"; then
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_static='-static'
-
- case $host_os in
- aix*)
- # All AIX code is PIC.
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- lt_prog_compiler_static='-Bstatic'
- fi
- lt_prog_compiler_pic='-fPIC'
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- lt_prog_compiler_pic='-fPIC'
- ;;
- m68k)
- # FIXME: we need at least 68020 code to build shared libraries, but
- # adding the '-m68020' flag to GCC prevents building anything better,
- # like '-m68040'.
- lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
- ;;
- esac
- ;;
-
- beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
- # PIC is the default for these OSes.
- ;;
-
- mingw* | cygwin* | pw32* | os2* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- # Although the cygwin gcc ignores -fPIC, still need this for old-style
- # (--disable-auto-import) libraries
- lt_prog_compiler_pic='-DDLL_EXPORT'
- case $host_os in
- os2*)
- lt_prog_compiler_static='$wl-static'
- ;;
- esac
- ;;
-
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- lt_prog_compiler_pic='-fno-common'
- ;;
-
- haiku*)
- # PIC is the default for Haiku.
- # The "-static" flag exists, but is broken.
- lt_prog_compiler_static=
- ;;
-
- hpux*)
- # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
- # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
- # sets the default TLS model and affects inlining.
- case $host_cpu in
- hppa*64*)
- # +Z the default
- ;;
- *)
- lt_prog_compiler_pic='-fPIC'
- ;;
- esac
- ;;
-
- interix[3-9]*)
- # Interix 3.x gcc -fpic/-fPIC options generate broken code.
- # Instead, we relocate shared libraries at runtime.
- ;;
-
- msdosdjgpp*)
- # Just because we use GCC doesn't mean we suddenly get shared libraries
- # on systems that don't support them.
- lt_prog_compiler_can_build_shared=no
- enable_shared=no
- ;;
-
- *nto* | *qnx*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- lt_prog_compiler_pic='-fPIC -shared'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- lt_prog_compiler_pic=-Kconform_pic
- fi
- ;;
-
- *)
- lt_prog_compiler_pic='-fPIC'
- ;;
- esac
-
- case $cc_basename in
- nvcc*) # Cuda Compiler Driver 2.2
- lt_prog_compiler_wl='-Xlinker '
- if test -n "$lt_prog_compiler_pic"; then
- lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic"
- fi
- ;;
- esac
- else
- # PORTME Check for flag to pass linker flags through the system compiler.
- case $host_os in
- aix*)
- lt_prog_compiler_wl='-Wl,'
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- lt_prog_compiler_static='-Bstatic'
- else
- lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
- fi
- ;;
-
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- lt_prog_compiler_pic='-fno-common'
- case $cc_basename in
- nagfor*)
- # NAG Fortran compiler
- lt_prog_compiler_wl='-Wl,-Wl,,'
- lt_prog_compiler_pic='-PIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
- esac
- ;;
-
- mingw* | cygwin* | pw32* | os2* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- lt_prog_compiler_pic='-DDLL_EXPORT'
- case $host_os in
- os2*)
- lt_prog_compiler_static='$wl-static'
- ;;
- esac
- ;;
-
- hpux9* | hpux10* | hpux11*)
- lt_prog_compiler_wl='-Wl,'
- # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
- # not for PA HP-UX.
- case $host_cpu in
- hppa*64*|ia64*)
- # +Z the default
- ;;
- *)
- lt_prog_compiler_pic='+Z'
- ;;
- esac
- # Is there a better lt_prog_compiler_static that works with the bundled CC?
- lt_prog_compiler_static='$wl-a ${wl}archive'
- ;;
-
- irix5* | irix6* | nonstopux*)
- lt_prog_compiler_wl='-Wl,'
- # PIC (with -KPIC) is the default.
- lt_prog_compiler_static='-non_shared'
- ;;
-
- linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- case $cc_basename in
- # old Intel for x86_64, which still supported -KPIC.
- ecc*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-static'
- ;;
- # flang / f18. f95 an alias for gfortran or flang on Debian
- flang* | f18* | f95*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- # icc used to be incompatible with GCC.
- # ICC 10 doesn't accept -KPIC any more.
- icc* | ifort*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- # Lahey Fortran 8.1.
- lf95*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='--shared'
- lt_prog_compiler_static='--static'
- ;;
- nagfor*)
- # NAG Fortran compiler
- lt_prog_compiler_wl='-Wl,-Wl,,'
- lt_prog_compiler_pic='-PIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
- tcc*)
- # Fabrice Bellard et al's Tiny C Compiler
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
- # Portland Group compilers (*not* the Pentium gcc compiler,
- # which looks to be a dead project)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fpic'
- lt_prog_compiler_static='-Bstatic'
- ;;
- ccc*)
- lt_prog_compiler_wl='-Wl,'
- # All Alpha code is PIC.
- lt_prog_compiler_static='-non_shared'
- ;;
- xl* | bgxl* | bgf* | mpixl*)
- # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-qpic'
- lt_prog_compiler_static='-qstaticlink'
- ;;
- *)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*)
- # Sun Fortran 8.3 passes all unrecognized flags to the linker
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl=''
- ;;
- *Sun\ F* | *Sun*Fortran*)
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl='-Qoption ld '
- ;;
- *Sun\ C*)
- # Sun C 5.9
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl='-Wl,'
- ;;
- *Intel*\ [CF]*Compiler*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- *Portland\ Group*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fpic'
- lt_prog_compiler_static='-Bstatic'
- ;;
- esac
- ;;
- esac
- ;;
-
- newsos6)
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- *nto* | *qnx*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- lt_prog_compiler_pic='-fPIC -shared'
- ;;
-
- osf3* | osf4* | osf5*)
- lt_prog_compiler_wl='-Wl,'
- # All OSF/1 code is PIC.
- lt_prog_compiler_static='-non_shared'
- ;;
-
- rdos*)
- lt_prog_compiler_static='-non_shared'
- ;;
-
- solaris*)
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- case $cc_basename in
- f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
- lt_prog_compiler_wl='-Qoption ld ';;
- *)
- lt_prog_compiler_wl='-Wl,';;
- esac
- ;;
-
- sunos4*)
- lt_prog_compiler_wl='-Qoption ld '
- lt_prog_compiler_pic='-PIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- sysv4 | sysv4.2uw2* | sysv4.3*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- lt_prog_compiler_pic='-Kconform_pic'
- lt_prog_compiler_static='-Bstatic'
- fi
- ;;
-
- sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- unicos*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_can_build_shared=no
- ;;
-
- uts4*)
- lt_prog_compiler_pic='-pic'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- *)
- lt_prog_compiler_can_build_shared=no
- ;;
- esac
- fi
-
-case $host_os in
- # For platforms that do not support PIC, -DPIC is meaningless:
- *djgpp*)
- lt_prog_compiler_pic=
- ;;
- *)
- lt_prog_compiler_pic="$lt_prog_compiler_pic@&t@ -DPIC"
- ;;
-esac
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
-printf %s "checking for $compiler option to produce PIC... " >&6; }
-if test ${lt_cv_prog_compiler_pic+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_pic=$lt_prog_compiler_pic
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5
-printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; }
-lt_prog_compiler_pic=$lt_cv_prog_compiler_pic
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$lt_prog_compiler_pic"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
-printf %s "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
-if test ${lt_cv_prog_compiler_pic_works+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_pic_works=no
- ac_outfile=conftest.$ac_objext
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="$lt_prog_compiler_pic@&t@ -DPIC" ## exclude from sc_useless_quotes_in_assignment
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- # The option is referenced via a variable to avoid confusing sed.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>conftest.err)
- ac_status=$?
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s "$ac_outfile"; then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings other than the usual output.
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_pic_works=yes
- fi
- fi
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
-printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; }
-
-if test yes = "$lt_cv_prog_compiler_pic_works"; then
- case $lt_prog_compiler_pic in
- "" | " "*) ;;
- *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
- esac
-else
- lt_prog_compiler_pic=
- lt_prog_compiler_can_build_shared=no
-fi
-
-fi
-
-
-
-
-
-
-
-
-
-
-
-#
-# Check to make sure the static flag actually works.
-#
-wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
-printf %s "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
-if test ${lt_cv_prog_compiler_static_works+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_static_works=no
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
- echo "$lt_simple_link_test_code" > conftest.$ac_ext
- if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
- # The linker can only warn and ignore the option if not recognized
- # So say no if there are warnings
- if test -s conftest.err; then
- # Append any errors to the config.log.
- cat conftest.err 1>&5
- $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_static_works=yes
- fi
- else
- lt_cv_prog_compiler_static_works=yes
- fi
- fi
- $RM -r conftest*
- LDFLAGS=$save_LDFLAGS
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
-printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; }
-
-if test yes = "$lt_cv_prog_compiler_static_works"; then
- :
-else
- lt_prog_compiler_static=
-fi
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if test ${lt_cv_prog_compiler_c_o+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_c_o=no
- $RM -r conftest 2>/dev/null
- mkdir conftest
- cd conftest
- mkdir out
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- lt_compiler_flag="-o out/conftest2.$ac_objext"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>out/conftest.err)
- ac_status=$?
- cat out/conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s out/conftest2.$ac_objext
- then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
- $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
- if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_c_o=yes
- fi
- fi
- chmod u+w . 2>&5
- $RM conftest*
- # SGI C++ compiler will create directory out/ii_files/ for
- # template instantiation
- test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
- $RM out/* && rmdir out
- cd ..
- $RM -r conftest
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if test ${lt_cv_prog_compiler_c_o+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_c_o=no
- $RM -r conftest 2>/dev/null
- mkdir conftest
- cd conftest
- mkdir out
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- lt_compiler_flag="-o out/conftest2.$ac_objext"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>out/conftest.err)
- ac_status=$?
- cat out/conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s out/conftest2.$ac_objext
- then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
- $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
- if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_c_o=yes
- fi
- fi
- chmod u+w . 2>&5
- $RM conftest*
- # SGI C++ compiler will create directory out/ii_files/ for
- # template instantiation
- test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
- $RM out/* && rmdir out
- cd ..
- $RM -r conftest
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
-
-
-
-
-hard_links=nottested
-if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then
- # do not overwrite the value of need_locks provided by the user
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
-printf %s "checking if we can lock with hard links... " >&6; }
- hard_links=yes
- $RM conftest*
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- touch conftest.a
- ln conftest.a conftest.b 2>&5 || hard_links=no
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
-printf "%s\n" "$hard_links" >&6; }
- if test no = "$hard_links"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5
-printf "%s\n" "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;}
- need_locks=warn
- fi
-else
- need_locks=no
-fi
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-printf %s "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
-
- runpath_var=
- allow_undefined_flag=
- always_export_symbols=no
- archive_cmds=
- archive_expsym_cmds=
- compiler_needs_object=no
- enable_shared_with_static_runtimes=no
- export_dynamic_flag_spec=
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
- hardcode_automatic=no
- hardcode_direct=no
- hardcode_direct_absolute=no
- hardcode_libdir_flag_spec=
- hardcode_libdir_separator=
- hardcode_minus_L=no
- hardcode_shlibpath_var=unsupported
- inherit_rpath=no
- link_all_deplibs=unknown
- module_cmds=
- module_expsym_cmds=
- old_archive_from_new_cmds=
- old_archive_from_expsyms_cmds=
- thread_safe_flag_spec=
- whole_archive_flag_spec=
- # include_expsyms should be a list of space-separated symbols to be *always*
- # included in the symbol list
- include_expsyms=
- # exclude_expsyms can be an extended regexp of symbols to exclude
- # it will be wrapped by ' (' and ')$', so one must not match beginning or
- # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
- # as well as any symbol that contains 'd'.
- exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
- # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
- # platforms (ab)use it in PIC code, but their linkers get confused if
- # the symbol is explicitly referenced. Since portable code cannot
- # rely on this symbol name, it's probably fine to never include it in
- # preloaded symbol tables.
- # Exclude shared library initialization/finalization symbols.
- extract_expsyms_cmds=
-
- case $host_os in
- cygwin* | mingw* | pw32* | cegcc*)
- # FIXME: the MSVC++ port hasn't been tested in a loooong time
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- if test yes != "$GCC"; then
- with_gnu_ld=no
- fi
- ;;
- interix*)
- # we just hope/assume this is gcc and not c89 (= MSVC++)
- with_gnu_ld=yes
- ;;
- openbsd* | bitrig*)
- with_gnu_ld=no
- ;;
- linux* | k*bsd*-gnu | gnu*)
- link_all_deplibs=no
- ;;
- esac
-
- ld_shlibs=yes
-
- # On some targets, GNU ld is compatible enough with the native linker
- # that we're better off using the native interface for both.
- lt_use_gnu_ld_interface=no
- if test yes = "$with_gnu_ld"; then
- case $host_os in
- aix*)
- # The AIX port of GNU ld has always aspired to compatibility
- # with the native linker. However, as the warning in the GNU ld
- # block says, versions before 2.19.5* couldn't really create working
- # shared libraries, regardless of the interface used.
- case `$LD -v 2>&1` in
- *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
- *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;;
- *\ \(GNU\ Binutils\)\ [3-9]*) ;;
- *)
- lt_use_gnu_ld_interface=yes
- ;;
- esac
- ;;
- *)
- lt_use_gnu_ld_interface=yes
- ;;
- esac
- fi
-
- if test yes = "$lt_use_gnu_ld_interface"; then
- # If archive_cmds runs LD, not CC, wlarc should be empty
- wlarc='$wl'
-
- # Set some defaults for GNU ld with shared library support. These
- # are reset later if shared libraries are not supported. Putting them
- # here allows them to be overridden if necessary.
- runpath_var=LD_RUN_PATH
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- export_dynamic_flag_spec='$wl--export-dynamic'
- # ancient GNU ld didn't support --whole-archive et. al.
- if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
- whole_archive_flag_spec=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
- else
- whole_archive_flag_spec=
- fi
- supports_anon_versioning=no
- case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in
- *GNU\ gold*) supports_anon_versioning=yes ;;
- *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
- *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
- *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
- *\ 2.11.*) ;; # other 2.11 versions
- *) supports_anon_versioning=yes ;;
- esac
-
- # See if GNU ld supports shared libraries.
- case $host_os in
- aix[3-9]*)
- # On AIX/PPC, the GNU linker is very broken
- if test ia64 != "$host_cpu"; then
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.19, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support. If you
-*** really care for shared libraries, you may want to install binutils
-*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
-*** You will then need to restart the configuration process.
-
-_LT_EOF
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds=''
- ;;
- m68k)
- archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- ;;
- esac
- ;;
-
- beos*)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- allow_undefined_flag=unsupported
- # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
- # support --undefined. This deserves some investigation. FIXME
- archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
- # as there is no search path for DLLs.
- hardcode_libdir_flag_spec='-L$libdir'
- export_dynamic_flag_spec='$wl--export-all-symbols'
- allow_undefined_flag=unsupported
- always_export_symbols=no
- enable_shared_with_static_runtimes=yes
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols'
- exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'
-
- if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- # If the export-symbols file already is a .def file, use it as
- # is; otherwise, prepend EXPORTS...
- archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then
- cp $export_symbols $output_objdir/$soname.def;
- else
- echo EXPORTS > $output_objdir/$soname.def;
- cat $export_symbols >> $output_objdir/$soname.def;
- fi~
- $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- haiku*)
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- link_all_deplibs=yes
- ;;
-
- os2*)
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- allow_undefined_flag=unsupported
- shrext_cmds=.dll
- archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- prefix_cmds="$SED"~
- if test EXPORTS = "`$SED 1q $export_symbols`"; then
- prefix_cmds="$prefix_cmds -e 1d";
- fi~
- prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
- cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
- enable_shared_with_static_runtimes=yes
- ;;
-
- interix[3-9]*)
- hardcode_direct=no
- hardcode_shlibpath_var=no
- hardcode_libdir_flag_spec='$wl-rpath,$libdir'
- export_dynamic_flag_spec='$wl-E'
- # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
- # Instead, shared libraries are loaded at an image base (0x10000000 by
- # default) and relocated if they conflict, which is a slow very memory
- # consuming and fragmenting process. To avoid this, we pick a random,
- # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
- # time. Moving up from 0x10000000 also allows more sbrk(2) space.
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- ;;
-
- gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
- tmp_diet=no
- if test linux-dietlibc = "$host_os"; then
- case $cc_basename in
- diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
- esac
- fi
- if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
- && test no = "$tmp_diet"
- then
- tmp_addflag=' $pic_flag'
- tmp_sharedflag='-shared'
- case $cc_basename,$host_cpu in
- pgcc*) # Portland Group C compiler
- whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- tmp_addflag=' $pic_flag'
- ;;
- pgf77* | pgf90* | pgf95* | pgfortran*)
- # Portland Group f77 and f90 compilers
- whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- tmp_addflag=' $pic_flag -Mnomain' ;;
- ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
- tmp_addflag=' -i_dynamic' ;;
- efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
- tmp_addflag=' -i_dynamic -nofor_main' ;;
- ifc* | ifort*) # Intel Fortran compiler
- tmp_addflag=' -nofor_main' ;;
- lf95*) # Lahey Fortran 8.1
- whole_archive_flag_spec=
- tmp_sharedflag='--shared' ;;
- nagfor*) # NAGFOR 5.3
- tmp_sharedflag='-Wl,-shared' ;;
- xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below)
- tmp_sharedflag='-qmkshrobj'
- tmp_addflag= ;;
- nvcc*) # Cuda Compiler Driver 2.2
- whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- compiler_needs_object=yes
- ;;
- esac
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*) # Sun C 5.9
- whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- compiler_needs_object=yes
- tmp_sharedflag='-G' ;;
- *Sun\ F*) # Sun Fortran 8.3
- tmp_sharedflag='-G' ;;
- esac
- archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-
- if test yes = "$supports_anon_versioning"; then
- archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
- fi
-
- case $cc_basename in
- tcc*)
- export_dynamic_flag_spec='-rdynamic'
- ;;
- xlf* | bgf* | bgxlf* | mpixlf*)
- # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
- whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
- if test yes = "$supports_anon_versioning"; then
- archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
- fi
- ;;
- esac
- else
- ld_shlibs=no
- fi
- ;;
-
- netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
- wlarc=
- else
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- fi
- ;;
-
- solaris*)
- if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems. Therefore, libtool
-*** is disabling shared libraries support. We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer. Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
- elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
- case `$LD -v 2>&1` in
- *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
-*** reliably create shared libraries on SCO systems. Therefore, libtool
-*** is disabling shared libraries support. We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
- ;;
- *)
- # For security reasons, it is highly recommended that you always
- # use absolute paths for naming shared libraries, and exclude the
- # DT_RUNPATH tag from executables and libraries. But doing so
- # requires that you compile everything twice, which is a pain.
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
- esac
- ;;
-
- sunos4*)
- archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- wlarc=
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- *)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
- esac
-
- if test no = "$ld_shlibs"; then
- runpath_var=
- hardcode_libdir_flag_spec=
- export_dynamic_flag_spec=
- whole_archive_flag_spec=
- fi
- else
- # PORTME fill in a description of your system's linker (not GNU ld)
- case $host_os in
- aix3*)
- allow_undefined_flag=unsupported
- always_export_symbols=yes
- archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
- # Note: this linker hardcodes the directories in LIBPATH if there
- # are no directories specified by -L.
- hardcode_minus_L=yes
- if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
- # Neither direct hardcoding nor static linking is supported with a
- # broken collect2.
- hardcode_direct=unsupported
- fi
- ;;
-
- aix[4-9]*)
- if test ia64 = "$host_cpu"; then
- # On IA64, the linker does run time linking by default, so we don't
- # have to do anything special.
- aix_use_runtimelinking=no
- exp_sym_flag='-Bexport'
- no_entry_flag=
- else
- # If we're using GNU nm, then we don't want the "-C" option.
- # -C means demangle to GNU nm, but means don't demangle to AIX nm.
- # Without the "-l" option, or with the "-B" option, AIX nm treats
- # weak defined symbols like other global defined symbols, whereas
- # GNU nm marks them as "W".
- # While the 'weak' keyword is ignored in the Export File, we need
- # it in the Import File for the 'aix-soname' feature, so we have
- # to replace the "-B" option with "-P" for AIX nm.
- if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
- export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
- else
- export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
- fi
- aix_use_runtimelinking=no
-
- # Test if we are trying to use run time linking or normal
- # AIX style linking. If -brtl is somewhere in LDFLAGS, we
- # have runtime linking enabled, and use it for executables.
- # For shared libraries, we enable/disable runtime linking
- # depending on the kind of the shared library created -
- # when "with_aix_soname,aix_use_runtimelinking" is:
- # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables
- # "aix,yes" lib.so shared, rtl:yes, for executables
- # lib.a static archive
- # "both,no" lib.so.V(shr.o) shared, rtl:yes
- # lib.a(lib.so.V) shared, rtl:no, for executables
- # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a(lib.so.V) shared, rtl:no
- # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a static archive
- case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
- for ld_flag in $LDFLAGS; do
- if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
- aix_use_runtimelinking=yes
- break
- fi
- done
- if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
- # With aix-soname=svr4, we create the lib.so.V shared archives only,
- # so we don't have lib.a shared libs to link our executables.
- # We have to force runtime linking in this case.
- aix_use_runtimelinking=yes
- LDFLAGS="$LDFLAGS -Wl,-brtl"
- fi
- ;;
- esac
-
- exp_sym_flag='-bexport'
- no_entry_flag='-bnoentry'
- fi
-
- # When large executables or shared objects are built, AIX ld can
- # have problems creating the table of contents. If linking a library
- # or program results in "error TOC overflow" add -mminimal-toc to
- # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
- # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
- archive_cmds=''
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- hardcode_libdir_separator=':'
- link_all_deplibs=yes
- file_list_spec='$wl-f,'
- case $with_aix_soname,$aix_use_runtimelinking in
- aix,*) ;; # traditional, no import file
- svr4,* | *,yes) # use import file
- # The Import File defines what to hardcode.
- hardcode_direct=no
- hardcode_direct_absolute=no
- ;;
- esac
-
- if test yes = "$GCC"; then
- case $host_os in aix4.[012]|aix4.[012].*)
- # We only want to do this on AIX 4.2 and lower, the check
- # below for broken collect2 doesn't work under 4.3+
- collect2name=`$CC -print-prog-name=collect2`
- if test -f "$collect2name" &&
- strings "$collect2name" | $GREP resolve_lib_name >/dev/null
- then
- # We have reworked collect2
- :
- else
- # We have old collect2
- hardcode_direct=unsupported
- # It fails to find uninstalled libraries when the uninstalled
- # path is not listed in the libpath. Setting hardcode_minus_L
- # to unsupported forces relinking
- hardcode_minus_L=yes
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_libdir_separator=
- fi
- ;;
- esac
- shared_flag='-shared'
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag="$shared_flag "'$wl-G'
- fi
- # Need to ensure runtime linking is disabled for the traditional
- # shared library, or the linker may eventually find shared libraries
- # /with/ Import File - we do not want to mix them.
- shared_flag_aix='-shared'
- shared_flag_svr4='-shared $wl-G'
- else
- # not using gcc
- if test ia64 = "$host_cpu"; then
- # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
- # chokes on -Wl,-G. The following line is correct:
- shared_flag='-G'
- else
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag='$wl-G'
- else
- shared_flag='$wl-bM:SRE'
- fi
- shared_flag_aix='$wl-bM:SRE'
- shared_flag_svr4='$wl-G'
- fi
- fi
-
- export_dynamic_flag_spec='$wl-bexpall'
- # It seems that -bexpall does not export symbols beginning with
- # underscore (_), so it is better to generate a list of symbols to export.
- always_export_symbols=yes
- if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
- # Warning - without using the other runtime loading flags (-brtl),
- # -berok will link without error, but may produce a broken library.
- allow_undefined_flag='-berok'
- # Determine the default libpath from the value encoded in an
- # empty executable.
- if test set = "${lt_cv_aix_libpath+set}"; then
- aix_libpath=$lt_cv_aix_libpath
-else
- if test ${lt_cv_aix_libpath_+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
- lt_aix_libpath_sed='
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\([^ ]*\) *$/\1/
- p
- }
- }'
- lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- # Check for a 64-bit object if we didn't find anything.
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- fi
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=/usr/lib:/lib
- fi
-
-fi
-
- aix_libpath=$lt_cv_aix_libpath_
-fi
-
- hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath"
- archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
- else
- if test ia64 = "$host_cpu"; then
- hardcode_libdir_flag_spec='$wl-R $libdir:/usr/lib:/lib'
- allow_undefined_flag="-z nodefs"
- archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
- else
- # Determine the default libpath from the value encoded in an
- # empty executable.
- if test set = "${lt_cv_aix_libpath+set}"; then
- aix_libpath=$lt_cv_aix_libpath
-else
- if test ${lt_cv_aix_libpath_+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
- lt_aix_libpath_sed='
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\([^ ]*\) *$/\1/
- p
- }
- }'
- lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- # Check for a 64-bit object if we didn't find anything.
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- fi
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=/usr/lib:/lib
- fi
-
-fi
-
- aix_libpath=$lt_cv_aix_libpath_
-fi
-
- hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath"
- # Warning - without using the other run time loading flags,
- # -berok will link without error, but may produce a broken library.
- no_undefined_flag=' $wl-bernotok'
- allow_undefined_flag=' $wl-berok'
- if test yes = "$with_gnu_ld"; then
- # We only use this code for GNU lds that support --whole-archive.
- whole_archive_flag_spec='$wl--whole-archive$convenience $wl--no-whole-archive'
- else
- # Exported symbols can be pulled into shared objects from archives
- whole_archive_flag_spec='$convenience'
- fi
- archive_cmds_need_lc=yes
- archive_expsym_cmds='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
- # -brtl affects multiple linker settings, -berok does not and is overridden later
- compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`'
- if test svr4 != "$with_aix_soname"; then
- # This is similar to how AIX traditionally builds its shared libraries.
- archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
- fi
- if test aix != "$with_aix_soname"; then
- archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
- else
- # used by -dlpreopen to get the symbols
- archive_expsym_cmds="$archive_expsym_cmds"'~$MV $output_objdir/$realname.d/$soname $output_objdir'
- fi
- archive_expsym_cmds="$archive_expsym_cmds"'~$RM -r $output_objdir/$realname.d'
- fi
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds=''
- ;;
- m68k)
- archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- ;;
- esac
- ;;
-
- bsdi[45]*)
- export_dynamic_flag_spec=-rdynamic
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- # hardcode_libdir_flag_spec is actually meaningless, as there is
- # no search path for DLLs.
- case $cc_basename in
- cl*)
- # Native MSVC
- hardcode_libdir_flag_spec=' '
- allow_undefined_flag=unsupported
- always_export_symbols=yes
- file_list_spec='@'
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=.dll
- # FIXME: Setting linknames here is a bad hack.
- archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
- archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then
- cp "$export_symbols" "$output_objdir/$soname.def";
- echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
- else
- $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
- fi~
- $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
- linknames='
- # The linker will not automatically build a static lib if we build a DLL.
- # _LT_TAGVAR(old_archive_from_new_cmds, )='true'
- enable_shared_with_static_runtimes=yes
- exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
- # Don't use ranlib
- old_postinstall_cmds='chmod 644 $oldlib'
- postlink_cmds='lt_outputfile="@OUTPUT@"~
- lt_tool_outputfile="@TOOL_OUTPUT@"~
- case $lt_outputfile in
- *.exe|*.EXE) ;;
- *)
- lt_outputfile=$lt_outputfile.exe
- lt_tool_outputfile=$lt_tool_outputfile.exe
- ;;
- esac~
- if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
- $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
- $RM "$lt_outputfile.manifest";
- fi'
- ;;
- *)
- # Assume MSVC wrapper
- hardcode_libdir_flag_spec=' '
- allow_undefined_flag=unsupported
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=.dll
- # FIXME: Setting linknames here is a bad hack.
- archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
- # The linker will automatically build a .lib file if we build a DLL.
- old_archive_from_new_cmds='true'
- # FIXME: Should let the user specify the lib program.
- old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs'
- enable_shared_with_static_runtimes=yes
- ;;
- esac
- ;;
-
- darwin* | rhapsody*)
-
-
- archive_cmds_need_lc=no
- hardcode_direct=no
- hardcode_automatic=yes
- hardcode_shlibpath_var=unsupported
- if test yes = "$lt_cv_ld_force_load"; then
- whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
-
- else
- whole_archive_flag_spec=''
- fi
- link_all_deplibs=yes
- allow_undefined_flag=$_lt_dar_allow_undefined
- case $cc_basename in
- ifort*|nagfor*) _lt_dar_can_shared=yes ;;
- *) _lt_dar_can_shared=$GCC ;;
- esac
- if test yes = "$_lt_dar_can_shared"; then
- output_verbose_link_cmd=func_echo_all
- archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
- module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
- archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
- module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
-
- else
- ld_shlibs=no
- fi
-
- ;;
-
- dgux*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_shlibpath_var=no
- ;;
-
- # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
- # support. Future versions do this automatically, but an explicit c++rt0.o
- # does not break anything, and helps significantly (at the cost of a little
- # extra space).
- freebsd2.2*)
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- # Unfortunately, older versions of FreeBSD 2 do not have this feature.
- freebsd2.*)
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes
- hardcode_minus_L=yes
- hardcode_shlibpath_var=no
- ;;
-
- # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
- freebsd* | dragonfly*)
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- hpux9*)
- if test yes = "$GCC"; then
- archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- else
- archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- fi
- hardcode_libdir_flag_spec='$wl+b $wl$libdir'
- hardcode_libdir_separator=:
- hardcode_direct=yes
-
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- export_dynamic_flag_spec='$wl-E'
- ;;
-
- hpux10*)
- if test yes,no = "$GCC,$with_gnu_ld"; then
- archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
- fi
- if test no = "$with_gnu_ld"; then
- hardcode_libdir_flag_spec='$wl+b $wl$libdir'
- hardcode_libdir_separator=:
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- export_dynamic_flag_spec='$wl-E'
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- fi
- ;;
-
- hpux11*)
- if test yes,no = "$GCC,$with_gnu_ld"; then
- case $host_cpu in
- hppa*64*)
- archive_cmds='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- ia64*)
- archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
- archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- else
- case $host_cpu in
- hppa*64*)
- archive_cmds='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- ia64*)
- archive_cmds='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
-
- # Older versions of the 11.00 compiler do not understand -b yet
- # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5
-printf %s "checking if $CC understands -b... " >&6; }
-if test ${lt_cv_prog_compiler__b+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler__b=no
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS -b"
- echo "$lt_simple_link_test_code" > conftest.$ac_ext
- if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
- # The linker can only warn and ignore the option if not recognized
- # So say no if there are warnings
- if test -s conftest.err; then
- # Append any errors to the config.log.
- cat conftest.err 1>&5
- $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler__b=yes
- fi
- else
- lt_cv_prog_compiler__b=yes
- fi
- fi
- $RM -r conftest*
- LDFLAGS=$save_LDFLAGS
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5
-printf "%s\n" "$lt_cv_prog_compiler__b" >&6; }
-
-if test yes = "$lt_cv_prog_compiler__b"; then
- archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-else
- archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
-fi
-
- ;;
- esac
- fi
- if test no = "$with_gnu_ld"; then
- hardcode_libdir_flag_spec='$wl+b $wl$libdir'
- hardcode_libdir_separator=:
-
- case $host_cpu in
- hppa*64*|ia64*)
- hardcode_direct=no
- hardcode_shlibpath_var=no
- ;;
- *)
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- export_dynamic_flag_spec='$wl-E'
-
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- ;;
- esac
- fi
- ;;
-
- irix5* | irix6* | nonstopux*)
- if test yes = "$GCC"; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- # Try to use the -exported_symbol ld option, if it does not
- # work, assume that -exports_file does not work either and
- # implicitly export all symbols.
- # This should be the same for all languages, so no per-tag cache variable.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5
-printf %s "checking whether the $host_os linker accepts -exported_symbol... " >&6; }
-if test ${lt_cv_irix_exported_symbol+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-int foo (void) { return 0; }
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- lt_cv_irix_exported_symbol=yes
-else $as_nop
- lt_cv_irix_exported_symbol=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5
-printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
- if test yes = "$lt_cv_irix_exported_symbol"; then
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
- fi
- link_all_deplibs=no
- else
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- hardcode_libdir_separator=:
- inherit_rpath=yes
- link_all_deplibs=yes
- ;;
-
- linux*)
- case $cc_basename in
- tcc*)
- # Fabrice Bellard et al's Tiny C Compiler
- ld_shlibs=yes
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- ;;
-
- netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
- else
- archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
- fi
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- newsos6)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- hardcode_libdir_separator=:
- hardcode_shlibpath_var=no
- ;;
-
- *nto* | *qnx*)
- ;;
-
- openbsd* | bitrig*)
- if test -f /usr/libexec/ld.so; then
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- hardcode_direct_absolute=yes
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
- hardcode_libdir_flag_spec='$wl-rpath,$libdir'
- export_dynamic_flag_spec='$wl-E'
- else
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- hardcode_libdir_flag_spec='$wl-rpath,$libdir'
- fi
- else
- ld_shlibs=no
- fi
- ;;
-
- os2*)
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- allow_undefined_flag=unsupported
- shrext_cmds=.dll
- archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- prefix_cmds="$SED"~
- if test EXPORTS = "`$SED 1q $export_symbols`"; then
- prefix_cmds="$prefix_cmds -e 1d";
- fi~
- prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
- cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
- enable_shared_with_static_runtimes=yes
- ;;
-
- osf3*)
- if test yes = "$GCC"; then
- allow_undefined_flag=' $wl-expect_unresolved $wl\*'
- archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- else
- allow_undefined_flag=' -expect_unresolved \*'
- archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- hardcode_libdir_separator=:
- ;;
-
- osf4* | osf5*) # as osf3* with the addition of -msym flag
- if test yes = "$GCC"; then
- allow_undefined_flag=' $wl-expect_unresolved $wl\*'
- archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- else
- allow_undefined_flag=' -expect_unresolved \*'
- archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
- $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
-
- # Both c and cxx compiler support -rpath directly
- hardcode_libdir_flag_spec='-rpath $libdir'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_separator=:
- ;;
-
- solaris*)
- no_undefined_flag=' -z defs'
- if test yes = "$GCC"; then
- wlarc='$wl'
- archive_cmds='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
- else
- case `$CC -V 2>&1` in
- *"Compilers 5.0"*)
- wlarc=''
- archive_cmds='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
- ;;
- *)
- wlarc='$wl'
- archive_cmds='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
- ;;
- esac
- fi
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_shlibpath_var=no
- case $host_os in
- solaris2.[0-5] | solaris2.[0-5].*) ;;
- *)
- # The compiler driver will combine and reorder linker options,
- # but understands '-z linker_flag'. GCC discards it without '$wl',
- # but is careful enough not to reorder.
- # Supported since Solaris 2.6 (maybe 2.5.1?)
- if test yes = "$GCC"; then
- whole_archive_flag_spec='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
- else
- whole_archive_flag_spec='-z allextract$convenience -z defaultextract'
- fi
- ;;
- esac
- link_all_deplibs=yes
- ;;
-
- sunos4*)
- if test sequent = "$host_vendor"; then
- # Use $CC to link under sequent, because it throws in some extra .o
- # files that make .init and .fini sections work.
- archive_cmds='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
- fi
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_direct=yes
- hardcode_minus_L=yes
- hardcode_shlibpath_var=no
- ;;
-
- sysv4)
- case $host_vendor in
- sni)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes # is this really true???
- ;;
- siemens)
- ## LD is ld it makes a PLAMLIB
- ## CC just makes a GrossModule.
- archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
- reload_cmds='$CC -r -o $output$reload_objs'
- hardcode_direct=no
- ;;
- motorola)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=no #Motorola manual says yes, but my tests say they lie
- ;;
- esac
- runpath_var='LD_RUN_PATH'
- hardcode_shlibpath_var=no
- ;;
-
- sysv4.3*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_shlibpath_var=no
- export_dynamic_flag_spec='-Bexport'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_shlibpath_var=no
- runpath_var=LD_RUN_PATH
- hardcode_runpath_var=yes
- ld_shlibs=yes
- fi
- ;;
-
- sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
- no_undefined_flag='$wl-z,text'
- archive_cmds_need_lc=no
- hardcode_shlibpath_var=no
- runpath_var='LD_RUN_PATH'
-
- if test yes = "$GCC"; then
- archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- fi
- ;;
-
- sysv5* | sco3.2v5* | sco5v6*)
- # Note: We CANNOT use -z defs as we might desire, because we do not
- # link with -lc, and that would cause any symbols used from libc to
- # always be unresolved, which means just about no library would
- # ever link correctly. If we're not using GNU ld we use -z text
- # though, which does catch some bad symbols but isn't as heavy-handed
- # as -z defs.
- no_undefined_flag='$wl-z,text'
- allow_undefined_flag='$wl-z,nodefs'
- archive_cmds_need_lc=no
- hardcode_shlibpath_var=no
- hardcode_libdir_flag_spec='$wl-R,$libdir'
- hardcode_libdir_separator=':'
- link_all_deplibs=yes
- export_dynamic_flag_spec='$wl-Bexport'
- runpath_var='LD_RUN_PATH'
-
- if test yes = "$GCC"; then
- archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- fi
- ;;
-
- uts4*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_shlibpath_var=no
- ;;
-
- *)
- ld_shlibs=no
- ;;
- esac
-
- if test sni = "$host_vendor"; then
- case $host in
- sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
- export_dynamic_flag_spec='$wl-Blargedynsym'
- ;;
- esac
- fi
- fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
-printf "%s\n" "$ld_shlibs" >&6; }
-test no = "$ld_shlibs" && can_build_shared=no
-
-with_gnu_ld=$with_gnu_ld
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$archive_cmds_need_lc" in
-x|xyes)
- # Assume -lc should be added
- archive_cmds_need_lc=yes
-
- if test yes,yes = "$GCC,$enable_shared"; then
- case $archive_cmds in
- *'~'*)
- # FIXME: we may have to deal with multi-command sequences.
- ;;
- '$CC '*)
- # Test whether the compiler implicitly links with -lc since on some
- # systems, -lgcc has to come before -lc. If gcc already passes -lc
- # to ld, don't add -lc before -lgcc.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
-printf %s "checking whether -lc should be explicitly linked in... " >&6; }
-if test ${lt_cv_archive_cmds_need_lc+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- $RM conftest*
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } 2>conftest.err; then
- soname=conftest
- lib=conftest
- libobjs=conftest.$ac_objext
- deplibs=
- wl=$lt_prog_compiler_wl
- pic_flag=$lt_prog_compiler_pic
- compiler_flags=-v
- linker_flags=-v
- verstring=
- output_objdir=.
- libname=conftest
- lt_save_allow_undefined_flag=$allow_undefined_flag
- allow_undefined_flag=
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
- (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- then
- lt_cv_archive_cmds_need_lc=no
- else
- lt_cv_archive_cmds_need_lc=yes
- fi
- allow_undefined_flag=$lt_save_allow_undefined_flag
- else
- cat conftest.err 1>&5
- fi
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5
-printf "%s\n" "$lt_cv_archive_cmds_need_lc" >&6; }
- archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc
- ;;
- esac
- fi
- ;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
-printf %s "checking dynamic linker characteristics... " >&6; }
-
-if test yes = "$GCC"; then
- case $host_os in
- darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
- *) lt_awk_arg='/^libraries:/' ;;
- esac
- case $host_os in
- mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;;
- *) lt_sed_strip_eq='s|=/|/|g' ;;
- esac
- lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
- case $lt_search_path_spec in
- *\;*)
- # if the path contains ";" then we assume it to be the separator
- # otherwise default to the standard path separator (i.e. ":") - it is
- # assumed that no part of a normal pathname contains ";" but that should
- # okay in the real world where ";" in dirpaths is itself problematic.
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
- ;;
- *)
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
- ;;
- esac
- # Ok, now we have the path, separated by spaces, we can step through it
- # and add multilib dir if necessary...
- lt_tmp_lt_search_path_spec=
- lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
- # ...but if some path component already ends with the multilib dir we assume
- # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
- case "$lt_multi_os_dir; $lt_search_path_spec " in
- "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
- lt_multi_os_dir=
- ;;
- esac
- for lt_sys_path in $lt_search_path_spec; do
- if test -d "$lt_sys_path$lt_multi_os_dir"; then
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
- elif test -n "$lt_multi_os_dir"; then
- test -d "$lt_sys_path" && \
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
- fi
- done
- lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
-BEGIN {RS = " "; FS = "/|\n";} {
- lt_foo = "";
- lt_count = 0;
- for (lt_i = NF; lt_i > 0; lt_i--) {
- if ($lt_i != "" && $lt_i != ".") {
- if ($lt_i == "..") {
- lt_count++;
- } else {
- if (lt_count == 0) {
- lt_foo = "/" $lt_i lt_foo;
- } else {
- lt_count--;
- }
- }
- }
- }
- if (lt_foo != "") { lt_freq[lt_foo]++; }
- if (lt_freq[lt_foo] == 1) { print lt_foo; }
-}'`
- # AWK program above erroneously prepends '/' to C:/dos/paths
- # for these hosts.
- case $host_os in
- mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
- $SED 's|/\([A-Za-z]:\)|\1|g'` ;;
- esac
- sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
-else
- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=.so
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-
-
-case $host_os in
-aix3*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
- shlibpath_var=LIBPATH
-
- # AIX 3 has no versioning support, so we append a major version to the name.
- soname_spec='$libname$release$shared_ext$major'
- ;;
-
-aix[4-9]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- hardcode_into_libs=yes
- if test ia64 = "$host_cpu"; then
- # AIX 5 supports IA64
- library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- else
- # With GCC up to 2.95.x, collect2 would create an import file
- # for dependence libraries. The import file would start with
- # the line '#! .'. This would cause the generated library to
- # depend on '.', always an invalid library. This was fixed in
- # development snapshots of GCC prior to 3.0.
- case $host_os in
- aix4 | aix4.[01] | aix4.[01].*)
- if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
- echo ' yes '
- echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
- :
- else
- can_build_shared=no
- fi
- ;;
- esac
- # Using Import Files as archive members, it is possible to support
- # filename-based versioning of shared library archives on AIX. While
- # this would work for both with and without runtime linking, it will
- # prevent static linking of such archives. So we do filename-based
- # shared library versioning with .so extension only, which is used
- # when both runtime linking and shared linking is enabled.
- # Unfortunately, runtime linking may impact performance, so we do
- # not want this to be the default eventually. Also, we use the
- # versioned .so libs for executables only if there is the -brtl
- # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
- # To allow for filename-based versioning support, we need to create
- # libNAME.so.V as an archive file, containing:
- # *) an Import File, referring to the versioned filename of the
- # archive as well as the shared archive member, telling the
- # bitwidth (32 or 64) of that shared object, and providing the
- # list of exported symbols of that shared object, eventually
- # decorated with the 'weak' keyword
- # *) the shared object with the F_LOADONLY flag set, to really avoid
- # it being seen by the linker.
- # At run time we better use the real file rather than another symlink,
- # but for link time we create the symlink libNAME.so -> libNAME.so.V
-
- case $with_aix_soname,$aix_use_runtimelinking in
- # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
- # soname into executable. Probably we can add versioning support to
- # collect2, so additional links can be useful in future.
- aix,yes) # traditional libtool
- dynamic_linker='AIX unversionable lib.so'
- # If using run time linking (on AIX 4.2 or later) use lib<name>.so
- # instead of lib<name>.a to let people know that these are not
- # typical AIX shared libraries.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- ;;
- aix,no) # traditional AIX only
- dynamic_linker='AIX lib.a(lib.so.V)'
- # We preserve .a as extension for shared libraries through AIX4.2
- # and later when we are not doing run time linking.
- library_names_spec='$libname$release.a $libname.a'
- soname_spec='$libname$release$shared_ext$major'
- ;;
- svr4,*) # full svr4 only
- dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)"
- library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
- # We do not specify a path in Import Files, so LIBPATH fires.
- shlibpath_overrides_runpath=yes
- ;;
- *,yes) # both, prefer svr4
- dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)"
- library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
- # unpreferred sharedlib libNAME.a needs extra handling
- postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
- postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
- # We do not specify a path in Import Files, so LIBPATH fires.
- shlibpath_overrides_runpath=yes
- ;;
- *,no) # both, prefer aix
- dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)"
- library_names_spec='$libname$release.a $libname.a'
- soname_spec='$libname$release$shared_ext$major'
- # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
- postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
- postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
- ;;
- esac
- shlibpath_var=LIBPATH
- fi
- ;;
-
-amigaos*)
- case $host_cpu in
- powerpc)
- # Since July 2007 AmigaOS4 officially supports .so libraries.
- # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- ;;
- m68k)
- library_names_spec='$libname.ixlibrary $libname.a'
- # Create ${libname}_ixlibrary.a entries in /sys/libs.
- finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
- ;;
- esac
- ;;
-
-beos*)
- library_names_spec='$libname$shared_ext'
- dynamic_linker="$host_os ld.so"
- shlibpath_var=LIBRARY_PATH
- ;;
-
-bsdi[45]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
- sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
- # the default ld.so.conf also contains /usr/contrib/lib and
- # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
- # libtool to hard-code these into programs
- ;;
-
-cygwin* | mingw* | pw32* | cegcc*)
- version_type=windows
- shrext_cmds=.dll
- need_version=no
- need_lib_prefix=no
-
- case $GCC,$cc_basename in
- yes,*)
- # gcc
- library_names_spec='$libname.dll.a'
- # DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname~
- chmod a+x \$dldir/$dlname~
- if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
- eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
- fi'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- shlibpath_overrides_runpath=yes
-
- case $host_os in
- cygwin*)
- # Cygwin DLLs use 'cyg' prefix rather than 'lib'
- soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
-
- sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"
- ;;
- mingw* | cegcc*)
- # MinGW DLLs use traditional 'lib' prefix
- soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
- ;;
- pw32*)
- # pw32 DLLs use 'pw' prefix rather than 'lib'
- library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
- ;;
- esac
- dynamic_linker='Win32 ld.exe'
- ;;
-
- *,cl*)
- # Native MSVC
- libname_spec='$name'
- soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
- library_names_spec='$libname.dll.lib'
-
- case $build_os in
- mingw*)
- sys_lib_search_path_spec=
- lt_save_ifs=$IFS
- IFS=';'
- for lt_path in $LIB
- do
- IFS=$lt_save_ifs
- # Let DOS variable expansion print the short 8.3 style file name.
- lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
- sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
- done
- IFS=$lt_save_ifs
- # Convert to MSYS style.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'`
- ;;
- cygwin*)
- # Convert to unix form, then to dos form, then back to unix form
- # but this time dos style (no spaces!) so that the unix form looks
- # like /cygdrive/c/PROGRA~1:/cygdr...
- sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
- sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
- sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- ;;
- *)
- sys_lib_search_path_spec=$LIB
- if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
- # It is most probably a Windows format PATH.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
- else
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- fi
- # FIXME: find the short name or the path components, as spaces are
- # common. (e.g. "Program Files" -> "PROGRA~1")
- ;;
- esac
-
- # DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- shlibpath_overrides_runpath=yes
- dynamic_linker='Win32 link.exe'
- ;;
-
- *)
- # Assume MSVC wrapper
- library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib'
- dynamic_linker='Win32 ld.exe'
- ;;
- esac
- # FIXME: first we should search . and the directory the executable is in
- shlibpath_var=PATH
- ;;
-
-darwin* | rhapsody*)
- dynamic_linker="$host_os dyld"
- version_type=darwin
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
- soname_spec='$libname$release$major$shared_ext'
- shlibpath_overrides_runpath=yes
- shlibpath_var=DYLD_LIBRARY_PATH
- shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-
- sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"
- sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
- ;;
-
-dgux*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-freebsd* | dragonfly*)
- # DragonFly does not have aout. When/if they implement a new
- # versioning mechanism, adjust this.
- if test -x /usr/bin/objformat; then
- objformat=`/usr/bin/objformat`
- else
- case $host_os in
- freebsd[23].*) objformat=aout ;;
- *) objformat=elf ;;
- esac
- fi
- version_type=freebsd-$objformat
- case $version_type in
- freebsd-elf*)
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- need_version=no
- need_lib_prefix=no
- ;;
- freebsd-*)
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- need_version=yes
- ;;
- esac
- shlibpath_var=LD_LIBRARY_PATH
- case $host_os in
- freebsd2.*)
- shlibpath_overrides_runpath=yes
- ;;
- freebsd3.[01]* | freebsdelf3.[01]*)
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
- freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
- *) # from 4.6 on, and DragonFly
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- esac
- ;;
-
-haiku*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- dynamic_linker="$host_os runtime_loader"
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LIBRARY_PATH
- shlibpath_overrides_runpath=no
- sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
- hardcode_into_libs=yes
- ;;
-
-hpux9* | hpux10* | hpux11*)
- # Give a soname corresponding to the major version so that dld.sl refuses to
- # link against other versions.
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- case $host_cpu in
- ia64*)
- shrext_cmds='.so'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.so"
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- if test 32 = "$HPUX_IA64_MODE"; then
- sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
- sys_lib_dlsearch_path_spec=/usr/lib/hpux32
- else
- sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
- sys_lib_dlsearch_path_spec=/usr/lib/hpux64
- fi
- ;;
- hppa*64*)
- shrext_cmds='.sl'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
- *)
- shrext_cmds='.sl'
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=SHLIB_PATH
- shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- ;;
- esac
- # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
- postinstall_cmds='chmod 555 $lib'
- # or fails outright, so override atomically:
- install_override_mode=555
- ;;
-
-interix[3-9]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-irix5* | irix6* | nonstopux*)
- case $host_os in
- nonstopux*) version_type=nonstopux ;;
- *)
- if test yes = "$lt_cv_prog_gnu_ld"; then
- version_type=linux # correct to gnu/linux during the next big refactor
- else
- version_type=irix
- fi ;;
- esac
- need_lib_prefix=no
- need_version=no
- soname_spec='$libname$release$shared_ext$major'
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
- case $host_os in
- irix5* | nonstopux*)
- libsuff= shlibsuff=
- ;;
- *)
- case $LD in # libtool.m4 will add one of these switches to LD
- *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
- libsuff= shlibsuff= libmagic=32-bit;;
- *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
- libsuff=32 shlibsuff=N32 libmagic=N32;;
- *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
- libsuff=64 shlibsuff=64 libmagic=64-bit;;
- *) libsuff= shlibsuff= libmagic=never-match;;
- esac
- ;;
- esac
- shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
- sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
- hardcode_into_libs=yes
- ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
- dynamic_linker=no
- ;;
-
-linux*android*)
- version_type=none # Android doesn't support versioned libraries.
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext'
- soname_spec='$libname$release$shared_ext'
- finish_cmds=
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
-
- # This implies no fast_install, which is unacceptable.
- # Some rework will be needed to allow for fast_install
- # before this can be enabled.
- hardcode_into_libs=yes
-
- dynamic_linker='Android linker'
- # Don't embed -rpath directories since the linker doesn't support them.
- hardcode_libdir_flag_spec='-L$libdir'
- ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
-
- # Some binutils ld are patched to set DT_RUNPATH
- if test ${lt_cv_shlibpath_overrides_runpath+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_shlibpath_overrides_runpath=no
- save_LDFLAGS=$LDFLAGS
- save_libdir=$libdir
- eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
- LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null
-then :
- lt_cv_shlibpath_overrides_runpath=yes
-fi
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
- libdir=$save_libdir
-
-fi
-
- shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
-
- # This implies no fast_install, which is unacceptable.
- # Some rework will be needed to allow for fast_install
- # before this can be enabled.
- hardcode_into_libs=yes
-
- # Ideally, we could use ldconfig to report *all* directores which are
- # searched for libraries, however this is still not possible. Aside from not
- # being certain /sbin/ldconfig is available, command
- # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
- # even though it is searched at run-time. Try to do the best guess by
- # appending ld.so.conf contents (and includes) to the search path.
- if test -f /etc/ld.so.conf; then
- lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
- fi
-
- # We used to test for /lib/ld.so.1 and disable shared libraries on
- # powerpc, because MkLinux only supported shared libraries with the
- # GNU dynamic linker. Since this was broken with cross compilers,
- # most powerpc-linux boxes support dynamic linking these days and
- # people can always --disable-shared, the test was removed, and we
- # assume the GNU/Linux dynamic linker is in use.
- dynamic_linker='GNU/Linux ld.so'
- ;;
-
-netbsdelf*-gnu)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- dynamic_linker='NetBSD ld.elf_so'
- ;;
-
-netbsd*)
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- dynamic_linker='NetBSD (a.out) ld.so'
- else
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- dynamic_linker='NetBSD ld.elf_so'
- fi
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
-
-newsos6)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- ;;
-
-*nto* | *qnx*)
- version_type=qnx
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- dynamic_linker='ldqnx.so'
- ;;
-
-openbsd* | bitrig*)
- version_type=sunos
- sys_lib_dlsearch_path_spec=/usr/lib
- need_lib_prefix=no
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- need_version=no
- else
- need_version=yes
- fi
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- ;;
-
-os2*)
- libname_spec='$name'
- version_type=windows
- shrext_cmds=.dll
- need_version=no
- need_lib_prefix=no
- # OS/2 can only load a DLL with a base name of 8 characters or less.
- soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
- v=$($ECHO $release$versuffix | tr -d .-);
- n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
- $ECHO $n$v`$shared_ext'
- library_names_spec='${libname}_dll.$libext'
- dynamic_linker='OS/2 ld.exe'
- shlibpath_var=BEGINLIBPATH
- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname~
- chmod a+x \$dldir/$dlname~
- if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
- eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
- fi'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- ;;
-
-osf3* | osf4* | osf5*)
- version_type=osf
- need_lib_prefix=no
- need_version=no
- soname_spec='$libname$release$shared_ext$major'
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
-
-rdos*)
- dynamic_linker=no
- ;;
-
-solaris*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- # ldd complains unless libraries are executable
- postinstall_cmds='chmod +x $lib'
- ;;
-
-sunos4*)
- version_type=sunos
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- if test yes = "$with_gnu_ld"; then
- need_lib_prefix=no
- fi
- need_version=yes
- ;;
-
-sysv4 | sysv4.3*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- case $host_vendor in
- sni)
- shlibpath_overrides_runpath=no
- need_lib_prefix=no
- runpath_var=LD_RUN_PATH
- ;;
- siemens)
- need_lib_prefix=no
- ;;
- motorola)
- need_lib_prefix=no
- need_version=no
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
- ;;
- esac
- ;;
-
-sysv4*MP*)
- if test -d /usr/nec; then
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
- soname_spec='$libname$shared_ext.$major'
- shlibpath_var=LD_LIBRARY_PATH
- fi
- ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- version_type=sco
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- if test yes = "$with_gnu_ld"; then
- sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
- else
- sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
- case $host_os in
- sco3.2v5*)
- sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
- ;;
- esac
- fi
- sys_lib_dlsearch_path_spec='/usr/lib'
- ;;
-
-tpf*)
- # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-uts4*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-*)
- dynamic_linker=no
- ;;
-esac
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
-printf "%s\n" "$dynamic_linker" >&6; }
-test no = "$dynamic_linker" && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test yes = "$GCC"; then
- variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
- sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
-fi
-
-if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
- sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
-fi
-
-# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
-configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
-
-# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
-func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
-
-# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
-configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
-printf %s "checking how to hardcode library paths into programs... " >&6; }
-hardcode_action=
-if test -n "$hardcode_libdir_flag_spec" ||
- test -n "$runpath_var" ||
- test yes = "$hardcode_automatic"; then
-
- # We can hardcode non-existent directories.
- if test no != "$hardcode_direct" &&
- # If the only mechanism to avoid hardcoding is shlibpath_var, we
- # have to relink, otherwise we might link with an installed library
- # when we should be linking with a yet-to-be-installed one
- ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, )" &&
- test no != "$hardcode_minus_L"; then
- # Linking always hardcodes the temporary library directory.
- hardcode_action=relink
- else
- # We can link without hardcoding, and we can hardcode nonexisting dirs.
- hardcode_action=immediate
- fi
-else
- # We cannot hardcode anything, or else we can only hardcode existing
- # directories.
- hardcode_action=unsupported
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
-printf "%s\n" "$hardcode_action" >&6; }
-
-if test relink = "$hardcode_action" ||
- test yes = "$inherit_rpath"; then
- # Fast installation is not supported
- enable_fast_install=no
-elif test yes = "$shlibpath_overrides_runpath" ||
- test no = "$enable_shared"; then
- # Fast installation is not necessary
- enable_fast_install=needless
-fi
-
-
-
-
-
-
- if test yes != "$enable_dlopen"; then
- enable_dlopen=unknown
- enable_dlopen_self=unknown
- enable_dlopen_self_static=unknown
-else
- lt_cv_dlopen=no
- lt_cv_dlopen_libs=
-
- case $host_os in
- beos*)
- lt_cv_dlopen=load_add_on
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
- ;;
-
- mingw* | pw32* | cegcc*)
- lt_cv_dlopen=LoadLibrary
- lt_cv_dlopen_libs=
- ;;
-
- cygwin*)
- lt_cv_dlopen=dlopen
- lt_cv_dlopen_libs=
- ;;
-
- darwin*)
- # if libdl is installed we need to link against it
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-printf %s "checking for dlopen in -ldl... " >&6; }
-if test ${ac_cv_lib_dl_dlopen+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldl $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dlopen ();
-int
-main (void)
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dl_dlopen=yes
-else $as_nop
- ac_cv_lib_dl_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else $as_nop
-
- lt_cv_dlopen=dyld
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
-
-fi
-
- ;;
-
- tpf*)
- # Don't try to run any link tests for TPF. We know it's impossible
- # because TPF is a cross-compiler, and we know how we open DSOs.
- lt_cv_dlopen=dlopen
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=no
- ;;
-
- *)
- ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
-if test "x$ac_cv_func_shl_load" = xyes
-then :
- lt_cv_dlopen=shl_load
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
-printf %s "checking for shl_load in -ldld... " >&6; }
-if test ${ac_cv_lib_dld_shl_load+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char shl_load ();
-int
-main (void)
-{
-return shl_load ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dld_shl_load=yes
-else $as_nop
- ac_cv_lib_dld_shl_load=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
-printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; }
-if test "x$ac_cv_lib_dld_shl_load" = xyes
-then :
- lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld
-else $as_nop
- ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
-if test "x$ac_cv_func_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-printf %s "checking for dlopen in -ldl... " >&6; }
-if test ${ac_cv_lib_dl_dlopen+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldl $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dlopen ();
-int
-main (void)
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dl_dlopen=yes
-else $as_nop
- ac_cv_lib_dl_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
-printf %s "checking for dlopen in -lsvld... " >&6; }
-if test ${ac_cv_lib_svld_dlopen+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsvld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dlopen ();
-int
-main (void)
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_svld_dlopen=yes
-else $as_nop
- ac_cv_lib_svld_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
-printf "%s\n" "$ac_cv_lib_svld_dlopen" >&6; }
-if test "x$ac_cv_lib_svld_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
-printf %s "checking for dld_link in -ldld... " >&6; }
-if test ${ac_cv_lib_dld_dld_link+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dld_link ();
-int
-main (void)
-{
-return dld_link ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dld_dld_link=yes
-else $as_nop
- ac_cv_lib_dld_dld_link=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
-printf "%s\n" "$ac_cv_lib_dld_dld_link" >&6; }
-if test "x$ac_cv_lib_dld_dld_link" = xyes
-then :
- lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
- ;;
- esac
-
- if test no = "$lt_cv_dlopen"; then
- enable_dlopen=no
- else
- enable_dlopen=yes
- fi
-
- case $lt_cv_dlopen in
- dlopen)
- save_CPPFLAGS=$CPPFLAGS
- test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
- save_LDFLAGS=$LDFLAGS
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
- save_LIBS=$LIBS
- LIBS="$lt_cv_dlopen_libs $LIBS"
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
-printf %s "checking whether a program can dlopen itself... " >&6; }
-if test ${lt_cv_dlopen_self+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test yes = "$cross_compiling"; then :
- lt_cv_dlopen_self=cross
-else
- lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
- lt_status=$lt_dlunknown
- cat > conftest.$ac_ext <<_LT_EOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LT_DLGLOBAL RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-# define LT_DLGLOBAL DL_GLOBAL
-# else
-# define LT_DLGLOBAL 0
-# endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
- find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-# ifdef RTLD_LAZY
-# define LT_DLLAZY_OR_NOW RTLD_LAZY
-# else
-# ifdef DL_LAZY
-# define LT_DLLAZY_OR_NOW DL_LAZY
-# else
-# ifdef RTLD_NOW
-# define LT_DLLAZY_OR_NOW RTLD_NOW
-# else
-# ifdef DL_NOW
-# define LT_DLLAZY_OR_NOW DL_NOW
-# else
-# define LT_DLLAZY_OR_NOW 0
-# endif
-# endif
-# endif
-# endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
- correspondingly for the symbols needed. */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
- void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
- int status = $lt_dlunknown;
-
- if (self)
- {
- if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
- else
- {
- if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
- else puts (dlerror ());
- }
- /* dlclose (self); */
- }
- else
- puts (dlerror ());
-
- return status;
-}
-_LT_EOF
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
- (./conftest; exit; ) >&5 2>/dev/null
- lt_status=$?
- case x$lt_status in
- x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
- x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
- x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;;
- esac
- else :
- # compilation failed
- lt_cv_dlopen_self=no
- fi
-fi
-rm -fr conftest*
-
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
-printf "%s\n" "$lt_cv_dlopen_self" >&6; }
-
- if test yes = "$lt_cv_dlopen_self"; then
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
-printf %s "checking whether a statically linked program can dlopen itself... " >&6; }
-if test ${lt_cv_dlopen_self_static+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test yes = "$cross_compiling"; then :
- lt_cv_dlopen_self_static=cross
-else
- lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
- lt_status=$lt_dlunknown
- cat > conftest.$ac_ext <<_LT_EOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LT_DLGLOBAL RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-# define LT_DLGLOBAL DL_GLOBAL
-# else
-# define LT_DLGLOBAL 0
-# endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
- find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-# ifdef RTLD_LAZY
-# define LT_DLLAZY_OR_NOW RTLD_LAZY
-# else
-# ifdef DL_LAZY
-# define LT_DLLAZY_OR_NOW DL_LAZY
-# else
-# ifdef RTLD_NOW
-# define LT_DLLAZY_OR_NOW RTLD_NOW
-# else
-# ifdef DL_NOW
-# define LT_DLLAZY_OR_NOW DL_NOW
-# else
-# define LT_DLLAZY_OR_NOW 0
-# endif
-# endif
-# endif
-# endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
- correspondingly for the symbols needed. */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
- void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
- int status = $lt_dlunknown;
-
- if (self)
- {
- if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
- else
- {
- if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
- else puts (dlerror ());
- }
- /* dlclose (self); */
- }
- else
- puts (dlerror ());
-
- return status;
-}
-_LT_EOF
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
- (./conftest; exit; ) >&5 2>/dev/null
- lt_status=$?
- case x$lt_status in
- x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
- x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
- x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;;
- esac
- else :
- # compilation failed
- lt_cv_dlopen_self_static=no
- fi
-fi
-rm -fr conftest*
-
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
-printf "%s\n" "$lt_cv_dlopen_self_static" >&6; }
- fi
-
- CPPFLAGS=$save_CPPFLAGS
- LDFLAGS=$save_LDFLAGS
- LIBS=$save_LIBS
- ;;
- esac
-
- case $lt_cv_dlopen_self in
- yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
- *) enable_dlopen_self=unknown ;;
- esac
-
- case $lt_cv_dlopen_self_static in
- yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
- *) enable_dlopen_self_static=unknown ;;
- esac
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-striplib=
-old_striplib=
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
-printf %s "checking whether stripping libraries is possible... " >&6; }
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
- test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
- test -z "$striplib" && striplib="$STRIP --strip-unneeded"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-else
-# FIXME - insert some real tests, host_os isn't really good enough
- case $host_os in
- darwin*)
- if test -n "$STRIP"; then
- striplib="$STRIP -x"
- old_striplib="$STRIP -S"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- fi
- ;;
- *)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- ;;
- esac
-fi
-
-
-
-
-
-
-
-
-
-
-
-
- # Report what library types will actually be built
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
-printf %s "checking if libtool supports shared libraries... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
-printf "%s\n" "$can_build_shared" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
-printf %s "checking whether to build shared libraries... " >&6; }
- test no = "$can_build_shared" && enable_shared=no
-
- # On AIX, shared libraries and static libraries use the same namespace, and
- # are all built from PIC.
- case $host_os in
- aix3*)
- test yes = "$enable_shared" && enable_static=no
- if test -n "$RANLIB"; then
- archive_cmds="$archive_cmds~\$RANLIB \$lib"
- postinstall_cmds='$RANLIB $lib'
- fi
- ;;
-
- aix[4-9]*)
- if test ia64 != "$host_cpu"; then
- case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
- yes,aix,yes) ;; # shared object as lib.so file only
- yes,svr4,*) ;; # shared object as lib.so archive member only
- yes,*) enable_static=no ;; # shared object in lib.a archive as well
- esac
- fi
- ;;
- esac
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
-printf "%s\n" "$enable_shared" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
-printf %s "checking whether to build static libraries... " >&6; }
- # Make sure either enable_shared or enable_static is yes.
- test yes = "$enable_shared" || enable_static=yes
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
-printf "%s\n" "$enable_static" >&6; }
-
-
-
-
-fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-CC=$lt_save_CC
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ac_config_commands="$ac_config_commands libtool"
-
-
-
-
-# Only expand once:
-
-
-
-
-if test "$ac_cv_prog_cc_c99" = "no"; then
- as_fn_error $? "C99 mode is required to build libapparmor" "$LINENO" 5
-fi
-
-ac_config_files="$ac_config_files Makefile doc/Makefile src/Makefile swig/Makefile swig/perl/Makefile swig/perl/Makefile.PL swig/python/Makefile swig/python/setup.py swig/python/test/Makefile swig/ruby/Makefile testsuite/Makefile testsuite/config/Makefile testsuite/libaalogparse.test/Makefile testsuite/lib/Makefile include/Makefile include/sys/Makefile"
-
-cat >confcache <<\_ACEOF
-# This file is a shell script that caches the results of configure
-# tests run on this system so they can be shared between configure
-# scripts and configure runs, see configure's option --config-cache.
-# It is not useful on other systems. If it contains results you don't
-# want to keep, you may remove or edit it.
-#
-# config.status only pays attention to the cache file if you give it
-# the --recheck option to rerun configure.
-#
-# `ac_cv_env_foo' variables (set or unset) will be overridden when
-# loading this file, other *unset* `ac_cv_foo' will be assigned the
-# following values.
-
-_ACEOF
-
-# The following way of writing the cache mishandles newlines in values,
-# but we know of no workaround that is simple, portable, and efficient.
-# So, we kill variables containing newlines.
-# Ultrix sh set writes to stderr and can't be redirected directly,
-# and sets the high bit in the cache file unless we assign to the vars.
-(
- for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) { eval $ac_var=; unset $ac_var;} ;;
- esac ;;
- esac
- done
-
- (set) 2>&1 |
- case $as_nl`(ac_space=' '; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- # `set' does not quote correctly, so add quotes: double-quote
- # substitution turns \\\\ into \\, and sed turns \\ into \.
- sed -n \
- "s/'/'\\\\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
- ;; #(
- *)
- # `set' quotes correctly as required by POSIX, so do not add quotes.
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-) |
- sed '
- /^ac_cv_env_/b end
- t clear
- :clear
- s/^\([^=]*\)=\(.*[{}].*\)$/test ${\1+y} || &/
- t end
- s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
- :end' >>confcache
-if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
- if test -w "$cache_file"; then
- if test "x$cache_file" != "x/dev/null"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
-printf "%s\n" "$as_me: updating cache $cache_file" >&6;}
- if test ! -f "$cache_file" || test -h "$cache_file"; then
- cat confcache >"$cache_file"
- else
- case $cache_file in #(
- */* | ?:*)
- mv -f confcache "$cache_file"$$ &&
- mv -f "$cache_file"$$ "$cache_file" ;; #(
- *)
- mv -f confcache "$cache_file" ;;
- esac
- fi
- fi
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
-printf "%s\n" "$as_me: not updating unwritable cache $cache_file" >&6;}
- fi
-fi
-rm -f confcache
-
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-# Let make expand exec_prefix.
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-# Transform confdefs.h into DEFS.
-# Protect against shell expansion while executing Makefile rules.
-# Protect against Makefile macro expansion.
-#
-# If the first sed substitution is executed (which looks for macros that
-# take arguments), then branch to the quote section. Otherwise,
-# look for a macro that doesn't take arguments.
-ac_script='
-:mline
-/\\$/{
- N
- s,\\\n,,
- b mline
-}
-t clear
-:clear
-s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g
-t quote
-s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g
-t quote
-b any
-:quote
-s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g
-s/\[/\\&/g
-s/\]/\\&/g
-s/\$/$$/g
-H
-:any
-${
- g
- s/^\n//
- s/\n/ /g
- p
-}
-'
-DEFS=`sed -n "$ac_script" confdefs.h`
-
-
-ac_libobjs=
-ac_ltlibobjs=
-U=
-for ac_i in : $LIB@&t@OBJS; do test "x$ac_i" = x: && continue
- # 1. Remove the extension, and $U if already installed.
- ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
- ac_i=`printf "%s\n" "$ac_i" | sed "$ac_script"`
- # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
- # will be set to the directory where LIBOBJS objects are built.
- as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
- as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
-done
-LIB@&t@OBJS=$ac_libobjs
-
-LTLIBOBJS=$ac_ltlibobjs
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5
-printf %s "checking that generated files are newer than configure... " >&6; }
- if test -n "$am_sleep_pid"; then
- # Hide warnings about reused PIDs.
- wait $am_sleep_pid 2>/dev/null
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: done" >&5
-printf "%s\n" "done" >&6; }
- if test -n "$EXEEXT"; then
- am__EXEEXT_TRUE=
- am__EXEEXT_FALSE='#'
-else
- am__EXEEXT_TRUE='#'
- am__EXEEXT_FALSE=
-fi
-
-if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
- as_fn_error $? "conditional \"AMDEP\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
- as_fn_error $? "conditional \"am__fastdepCC\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${ENABLE_MAN_PAGES_TRUE}" && test -z "${ENABLE_MAN_PAGES_FALSE}"; then
- as_fn_error $? "conditional \"ENABLE_MAN_PAGES\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${HAVE_PYTHON_TRUE}" && test -z "${HAVE_PYTHON_FALSE}"; then
- as_fn_error $? "conditional \"HAVE_PYTHON\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${HAVE_PERL_TRUE}" && test -z "${HAVE_PERL_FALSE}"; then
- as_fn_error $? "conditional \"HAVE_PERL\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${HAVE_RUBY_TRUE}" && test -z "${HAVE_RUBY_FALSE}"; then
- as_fn_error $? "conditional \"HAVE_RUBY\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-
-: "${CONFIG_STATUS=./config.status}"
-ac_write_fail=0
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
-printf "%s\n" "$as_me: creating $CONFIG_STATUS" >&6;}
-as_write_fail=0
-cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-# Run this file to recreate the current configuration.
-# Compiler output produced by configure, useful for debugging
-# configure, is in config.log if it exists.
-
-debug=false
-ac_cs_recheck=false
-ac_cs_silent=false
-
-SHELL=\${CONFIG_SHELL-$SHELL}
-export SHELL
-_ASEOF
-cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
-## -------------------- ##
-## M4sh Initialization. ##
-## -------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-as_nop=:
-if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else $as_nop
- case `(set -o) 2>/dev/null` in @%:@(
- *posix*) :
- set -o posix ;; @%:@(
- *) :
- ;;
-esac
-fi
-
-
-
-# Reset variables that may have inherited troublesome values from
-# the environment.
-
-# IFS needs to be set, to space, tab, and newline, in precisely that order.
-# (If _AS_PATH_WALK were called with IFS unset, it would have the
-# side effect of setting IFS to empty, thus disabling word splitting.)
-# Quoting is to prevent editors from complaining about space-tab.
-as_nl='
-'
-export as_nl
-IFS=" "" $as_nl"
-
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# Ensure predictable behavior from utilities with locale-dependent output.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# We cannot yet rely on "unset" to work, but we need these variables
-# to be unset--not just set to an empty or harmless value--now, to
-# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
-# also avoids known problems related to "unset" and subshell syntax
-# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
-for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
-do eval test \${$as_var+y} \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-
-# Ensure that fds 0, 1, and 2 are open.
-if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
-if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
-if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
-
-# The user is always right.
-if ${PATH_SEPARATOR+false} :; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-# Find who we are. Look in the path if we contain no directory separator.
-as_myself=
-case $0 in @%:@((
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- test -r "$as_dir$0" && as_myself=$as_dir$0 && break
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
-fi
-
-
-
-@%:@ as_fn_error STATUS ERROR [LINENO LOG_FD]
-@%:@ ----------------------------------------
-@%:@ Output "`basename @S|@0`: error: ERROR" to stderr. If LINENO and LOG_FD are
-@%:@ provided, also output the error to LOG_FD, referencing LINENO. Then exit the
-@%:@ script with STATUS, using 1 if that was 0.
-as_fn_error ()
-{
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
- printf "%s\n" "$as_me: error: $2" >&2
- as_fn_exit $as_status
-} @%:@ as_fn_error
-
-
-
-@%:@ as_fn_set_status STATUS
-@%:@ -----------------------
-@%:@ Set @S|@? to STATUS, without forking.
-as_fn_set_status ()
-{
- return $1
-} @%:@ as_fn_set_status
-
-@%:@ as_fn_exit STATUS
-@%:@ -----------------
-@%:@ Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
-as_fn_exit ()
-{
- set +e
- as_fn_set_status $1
- exit $1
-} @%:@ as_fn_exit
-
-@%:@ as_fn_unset VAR
-@%:@ ---------------
-@%:@ Portably unset VAR.
-as_fn_unset ()
-{
- { eval $1=; unset $1;}
-}
-as_unset=as_fn_unset
-
-@%:@ as_fn_append VAR VALUE
-@%:@ ----------------------
-@%:@ Append the text in VALUE to the end of the definition contained in VAR. Take
-@%:@ advantage of any shell optimizations that allow amortized linear growth over
-@%:@ repeated appends, instead of the typical quadratic growth present in naive
-@%:@ implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
-then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
-else $as_nop
- as_fn_append ()
- {
- eval $1=\$$1\$2
- }
-fi # as_fn_append
-
-@%:@ as_fn_arith ARG...
-@%:@ ------------------
-@%:@ Perform arithmetic evaluation on the ARGs, and store the result in the
-@%:@ global @S|@as_val. Take advantage of shells that can avoid forks. The arguments
-@%:@ must be portable across @S|@(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
-then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
-else $as_nop
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
- }
-fi # as_fn_arith
-
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-
-# Determine whether it's possible to make 'echo' print without a newline.
-# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
-# for compatibility with existing Makefiles.
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in @%:@(((((
--n*)
- case `echo 'xy\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- xy) ECHO_C='\c';;
- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
- ECHO_T=' ';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-
-# For backward compatibility with old third-party macros, we provide
-# the shell variables $as_echo and $as_echo_n. New code should use
-# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
-as_@&t@echo='printf %s\n'
-as_@&t@echo_n='printf %s'
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -pR'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -pR'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -pR'
- fi
-else
- as_ln_s='cp -pR'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-
-@%:@ as_fn_mkdir_p
-@%:@ -------------
-@%:@ Create "@S|@as_dir" as a directory, including parents if necessary.
-as_fn_mkdir_p ()
-{
-
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || eval $as_mkdir_p || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
-
-
-} @%:@ as_fn_mkdir_p
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p='mkdir -p "$as_dir"'
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-
-@%:@ as_fn_executable_p FILE
-@%:@ -----------------------
-@%:@ Test if FILE is an executable regular file.
-as_fn_executable_p ()
-{
- test -f "$1" && test -x "$1"
-} @%:@ as_fn_executable_p
-as_test_x='test -x'
-as_executable_p=as_fn_executable_p
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-
-exec 6>&1
-## ----------------------------------- ##
-## Main body of $CONFIG_STATUS script. ##
-## ----------------------------------- ##
-_ASEOF
-test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# Save the log message, to keep $0 and so on meaningful, and to
-# report actual input values of CONFIG_FILES etc. instead of their
-# values after options handling.
-ac_log="
-This file was extended by $as_me, which was
-generated by GNU Autoconf 2.71. Invocation command line was
-
- CONFIG_FILES = $CONFIG_FILES
- CONFIG_HEADERS = $CONFIG_HEADERS
- CONFIG_LINKS = $CONFIG_LINKS
- CONFIG_COMMANDS = $CONFIG_COMMANDS
- $ $0 $@
-
-on `(hostname || uname -n) 2>/dev/null | sed 1q`
-"
-
-_ACEOF
-
-case $ac_config_files in *"
-"*) set x $ac_config_files; shift; ac_config_files=$*;;
-esac
-
-
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-# Files that config.status was made for.
-config_files="$ac_config_files"
-config_commands="$ac_config_commands"
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-ac_cs_usage="\
-\`$as_me' instantiates files and other configuration actions
-from templates according to the current configuration. Unless the files
-and actions are specified as TAGs, all are instantiated by default.
-
-Usage: $0 [OPTION]... [TAG]...
-
- -h, --help print this help, then exit
- -V, --version print version number and configuration settings, then exit
- --config print configuration, then exit
- -q, --quiet, --silent
- do not print progress messages
- -d, --debug don't remove temporary files
- --recheck update $as_me by reconfiguring in the same conditions
- --file=FILE[:TEMPLATE]
- instantiate the configuration file FILE
-
-Configuration files:
-$config_files
-
-Configuration commands:
-$config_commands
-
-Report bugs to the package provider."
-
-_ACEOF
-ac_cs_config=`printf "%s\n" "$ac_configure_args" | sed "$ac_safe_unquote"`
-ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"`
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_cs_config='$ac_cs_config_escaped'
-ac_cs_version="\\
-config.status
-configured by $0, generated by GNU Autoconf 2.71,
- with options \\"\$ac_cs_config\\"
-
-Copyright (C) 2021 Free Software Foundation, Inc.
-This config.status script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it."
-
-ac_pwd='$ac_pwd'
-srcdir='$srcdir'
-INSTALL='$INSTALL'
-MKDIR_P='$MKDIR_P'
-AWK='$AWK'
-test -n "\$AWK" || AWK=awk
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# The default lists apply if the user does not specify any file.
-ac_need_defaults=:
-while test $# != 0
-do
- case $1 in
- --*=?*)
- ac_option=`expr "X$1" : 'X\([^=]*\)='`
- ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
- ac_shift=:
- ;;
- --*=)
- ac_option=`expr "X$1" : 'X\([^=]*\)='`
- ac_optarg=
- ac_shift=:
- ;;
- *)
- ac_option=$1
- ac_optarg=$2
- ac_shift=shift
- ;;
- esac
-
- case $ac_option in
- # Handling of the options.
- -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
- ac_cs_recheck=: ;;
- --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
- printf "%s\n" "$ac_cs_version"; exit ;;
- --config | --confi | --conf | --con | --co | --c )
- printf "%s\n" "$ac_cs_config"; exit ;;
- --debug | --debu | --deb | --de | --d | -d )
- debug=: ;;
- --file | --fil | --fi | --f )
- $ac_shift
- case $ac_optarg in
- *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
- '') as_fn_error $? "missing file argument" ;;
- esac
- as_fn_append CONFIG_FILES " '$ac_optarg'"
- ac_need_defaults=false;;
- --he | --h | --help | --hel | -h )
- printf "%s\n" "$ac_cs_usage"; exit ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil | --si | --s)
- ac_cs_silent=: ;;
-
- # This is an error.
- -*) as_fn_error $? "unrecognized option: \`$1'
-Try \`$0 --help' for more information." ;;
-
- *) as_fn_append ac_config_targets " $1"
- ac_need_defaults=false ;;
-
- esac
- shift
-done
-
-ac_configure_extra_args=
-
-if $ac_cs_silent; then
- exec 6>/dev/null
- ac_configure_extra_args="$ac_configure_extra_args --silent"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-if \$ac_cs_recheck; then
- set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
- shift
- \printf "%s\n" "running CONFIG_SHELL=$SHELL \$*" >&6
- CONFIG_SHELL='$SHELL'
- export CONFIG_SHELL
- exec "\$@"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-exec 5>>config.log
-{
- echo
- sed 'h;s/./-/g;s/^.../@%:@@%:@ /;s/...$/ @%:@@%:@/;p;x;p;x' <<_ASBOX
-@%:@@%:@ Running $as_me. @%:@@%:@
-_ASBOX
- printf "%s\n" "$ac_log"
-} >&5
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-#
-# INIT-COMMANDS
-#
-AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"
-
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-sed_quote_subst='$sed_quote_subst'
-double_quote_subst='$double_quote_subst'
-delay_variable_subst='$delay_variable_subst'
-macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`'
-macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`'
-enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`'
-enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`'
-pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`'
-enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`'
-shared_archive_member_spec='`$ECHO "$shared_archive_member_spec" | $SED "$delay_single_quote_subst"`'
-SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`'
-ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`'
-PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`'
-host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`'
-host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`'
-host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`'
-build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`'
-build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`'
-build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`'
-SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`'
-Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`'
-GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`'
-EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`'
-FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`'
-LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`'
-NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`'
-LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`'
-max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`'
-ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`'
-exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`'
-lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`'
-lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`'
-lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`'
-lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`'
-lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`'
-reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`'
-reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`'
-OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`'
-deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`'
-file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`'
-file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`'
-want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`'
-DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`'
-sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`'
-AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`'
-AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`'
-archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`'
-STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`'
-RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`'
-old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`'
-old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`'
-old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`'
-lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`'
-CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`'
-CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`'
-compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`'
-GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_import='`$ECHO "$lt_cv_sys_global_symbol_to_import" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`'
-lt_cv_nm_interface='`$ECHO "$lt_cv_nm_interface" | $SED "$delay_single_quote_subst"`'
-nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`'
-lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`'
-lt_cv_truncate_bin='`$ECHO "$lt_cv_truncate_bin" | $SED "$delay_single_quote_subst"`'
-objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`'
-MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`'
-lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`'
-need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`'
-MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`'
-DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`'
-NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`'
-LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`'
-OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`'
-OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`'
-libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`'
-shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`'
-extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`'
-archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`'
-enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`'
-export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`'
-whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`'
-compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`'
-old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`'
-old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`'
-archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`'
-archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`'
-module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`'
-module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`'
-with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`'
-allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`'
-no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`'
-hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`'
-hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`'
-hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`'
-hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`'
-hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`'
-hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`'
-hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`'
-inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`'
-link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`'
-always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`'
-export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`'
-exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`'
-include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`'
-prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`'
-postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`'
-file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`'
-variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`'
-need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`'
-need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`'
-version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`'
-runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`'
-shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`'
-shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`'
-libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`'
-library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`'
-soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`'
-install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`'
-postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`'
-postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`'
-finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`'
-finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`'
-hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`'
-sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`'
-configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`'
-configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`'
-hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`'
-enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`'
-enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`'
-enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`'
-old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`'
-striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`'
-
-LTCC='$LTCC'
-LTCFLAGS='$LTCFLAGS'
-compiler='$compiler_DEFAULT'
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
- eval 'cat <<_LTECHO_EOF
-\$1
-_LTECHO_EOF'
-}
-
-# Quote evaled strings.
-for var in SHELL \
-ECHO \
-PATH_SEPARATOR \
-SED \
-GREP \
-EGREP \
-FGREP \
-LD \
-NM \
-LN_S \
-lt_SP2NL \
-lt_NL2SP \
-reload_flag \
-OBJDUMP \
-deplibs_check_method \
-file_magic_cmd \
-file_magic_glob \
-want_nocaseglob \
-DLLTOOL \
-sharedlib_from_linklib_cmd \
-AR \
-AR_FLAGS \
-archiver_list_spec \
-STRIP \
-RANLIB \
-CC \
-CFLAGS \
-compiler \
-lt_cv_sys_global_symbol_pipe \
-lt_cv_sys_global_symbol_to_cdecl \
-lt_cv_sys_global_symbol_to_import \
-lt_cv_sys_global_symbol_to_c_name_address \
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \
-lt_cv_nm_interface \
-nm_file_list_spec \
-lt_cv_truncate_bin \
-lt_prog_compiler_no_builtin_flag \
-lt_prog_compiler_pic \
-lt_prog_compiler_wl \
-lt_prog_compiler_static \
-lt_cv_prog_compiler_c_o \
-need_locks \
-MANIFEST_TOOL \
-DSYMUTIL \
-NMEDIT \
-LIPO \
-OTOOL \
-OTOOL64 \
-shrext_cmds \
-export_dynamic_flag_spec \
-whole_archive_flag_spec \
-compiler_needs_object \
-with_gnu_ld \
-allow_undefined_flag \
-no_undefined_flag \
-hardcode_libdir_flag_spec \
-hardcode_libdir_separator \
-exclude_expsyms \
-include_expsyms \
-file_list_spec \
-variables_saved_for_relink \
-libname_spec \
-library_names_spec \
-soname_spec \
-install_override_mode \
-finish_eval \
-old_striplib \
-striplib; do
- case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
- *[\\\\\\\`\\"\\\$]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
- ;;
- *)
- eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
- ;;
- esac
-done
-
-# Double-quote double-evaled strings.
-for var in reload_cmds \
-old_postinstall_cmds \
-old_postuninstall_cmds \
-old_archive_cmds \
-extract_expsyms_cmds \
-old_archive_from_new_cmds \
-old_archive_from_expsyms_cmds \
-archive_cmds \
-archive_expsym_cmds \
-module_cmds \
-module_expsym_cmds \
-export_symbols_cmds \
-prelink_cmds \
-postlink_cmds \
-postinstall_cmds \
-postuninstall_cmds \
-finish_cmds \
-sys_lib_search_path_spec \
-configure_time_dlsearch_path \
-configure_time_lt_sys_library_path; do
- case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
- *[\\\\\\\`\\"\\\$]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
- ;;
- *)
- eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
- ;;
- esac
-done
-
-ac_aux_dir='$ac_aux_dir'
-
-# See if we are running on zsh, and set the options that allow our
-# commands through without removal of \ escapes INIT.
-if test -n "\${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
-fi
-
-
- PACKAGE='$PACKAGE'
- VERSION='$VERSION'
- RM='$RM'
- ofile='$ofile'
-
-
-
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-
-# Handling of arguments.
-for ac_config_target in $ac_config_targets
-do
- case $ac_config_target in
- "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
- "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
- "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
- "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
- "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
- "swig/Makefile") CONFIG_FILES="$CONFIG_FILES swig/Makefile" ;;
- "swig/perl/Makefile") CONFIG_FILES="$CONFIG_FILES swig/perl/Makefile" ;;
- "swig/perl/Makefile.PL") CONFIG_FILES="$CONFIG_FILES swig/perl/Makefile.PL" ;;
- "swig/python/Makefile") CONFIG_FILES="$CONFIG_FILES swig/python/Makefile" ;;
- "swig/python/setup.py") CONFIG_FILES="$CONFIG_FILES swig/python/setup.py" ;;
- "swig/python/test/Makefile") CONFIG_FILES="$CONFIG_FILES swig/python/test/Makefile" ;;
- "swig/ruby/Makefile") CONFIG_FILES="$CONFIG_FILES swig/ruby/Makefile" ;;
- "testsuite/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/Makefile" ;;
- "testsuite/config/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/config/Makefile" ;;
- "testsuite/libaalogparse.test/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/libaalogparse.test/Makefile" ;;
- "testsuite/lib/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/lib/Makefile" ;;
- "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
- "include/sys/Makefile") CONFIG_FILES="$CONFIG_FILES include/sys/Makefile" ;;
-
- *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
- esac
-done
-
-
-# If the user did not use the arguments to specify the items to instantiate,
-# then the envvar interface is used. Set only those that are not.
-# We use the long form for the default assignment because of an extremely
-# bizarre bug on SunOS 4.1.3.
-if $ac_need_defaults; then
- test ${CONFIG_FILES+y} || CONFIG_FILES=$config_files
- test ${CONFIG_COMMANDS+y} || CONFIG_COMMANDS=$config_commands
-fi
-
-# Have a temporary directory for convenience. Make it in the build tree
-# simply because there is no reason against having it here, and in addition,
-# creating and moving files from /tmp can sometimes cause problems.
-# Hook for its removal unless debugging.
-# Note that there is a small window in which the directory will not be cleaned:
-# after its creation but before its name has been assigned to `$tmp'.
-$debug ||
-{
- tmp= ac_tmp=
- trap 'exit_status=$?
- : "${ac_tmp:=$tmp}"
- { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
-' 0
- trap 'as_fn_exit 1' 1 2 13 15
-}
-# Create a (secure) tmp directory for tmp files.
-
-{
- tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
- test -d "$tmp"
-} ||
-{
- tmp=./conf$$-$RANDOM
- (umask 077 && mkdir "$tmp")
-} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
-ac_tmp=$tmp
-
-# Set up the scripts for CONFIG_FILES section.
-# No need to generate them if there are no CONFIG_FILES.
-# This happens for instance with `./config.status config.h'.
-if test -n "$CONFIG_FILES"; then
-
-
-ac_cr=`echo X | tr X '\015'`
-# On cygwin, bash can eat \r inside `` if the user requested igncr.
-# But we know of no other shell where ac_cr would be empty at this
-# point, so we can use a bashism as a fallback.
-if test "x$ac_cr" = x; then
- eval ac_cr=\$\'\\r\'
-fi
-ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
-if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
- ac_cs_awk_cr='\\r'
-else
- ac_cs_awk_cr=$ac_cr
-fi
-
-echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
-_ACEOF
-
-
-{
- echo "cat >conf$$subs.awk <<_ACEOF" &&
- echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
- echo "_ACEOF"
-} >conf$$subs.sh ||
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
-ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
-ac_delim='%!_!# '
-for ac_last_try in false false false false false :; do
- . ./conf$$subs.sh ||
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
-
- ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
- if test $ac_delim_n = $ac_delim_num; then
- break
- elif $ac_last_try; then
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
- else
- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
- fi
-done
-rm -f conf$$subs.sh
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
-_ACEOF
-sed -n '
-h
-s/^/S["/; s/!.*/"]=/
-p
-g
-s/^[^!]*!//
-:repl
-t repl
-s/'"$ac_delim"'$//
-t delim
-:nl
-h
-s/\(.\{148\}\)..*/\1/
-t more1
-s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
-p
-n
-b repl
-:more1
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t nl
-:delim
-h
-s/\(.\{148\}\)..*/\1/
-t more2
-s/["\\]/\\&/g; s/^/"/; s/$/"/
-p
-b
-:more2
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t delim
-' <conf$$subs.awk | sed '
-/^[^""]/{
- N
- s/\n//
-}
-' >>$CONFIG_STATUS || ac_write_fail=1
-rm -f conf$$subs.awk
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-_ACAWK
-cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
- for (key in S) S_is_set[key] = 1
- FS = "�"
-
-}
-{
- line = $ 0
- nfields = split(line, field, "@")
- substed = 0
- len = length(field[1])
- for (i = 2; i < nfields; i++) {
- key = field[i]
- keylen = length(key)
- if (S_is_set[key]) {
- value = S[key]
- line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
- len += length(value) + length(field[++i])
- substed = 1
- } else
- len += 1 + keylen
- }
-
- print line
-}
-
-_ACAWK
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
- sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
-else
- cat
-fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
- || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
-_ACEOF
-
-# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
-# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
-# trailing colons and then remove the whole line if VPATH becomes empty
-# (actually we leave an empty line to preserve line numbers).
-if test "x$srcdir" = x.; then
- ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
-h
-s///
-s/^/:/
-s/[ ]*$/:/
-s/:\$(srcdir):/:/g
-s/:\${srcdir}:/:/g
-s/:@srcdir@:/:/g
-s/^:*//
-s/:*$//
-x
-s/\(=[ ]*\).*/\1/
-G
-s/\n//
-s/^[^=]*=[ ]*$//
-}'
-fi
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-fi # test -n "$CONFIG_FILES"
-
-
-eval set X " :F $CONFIG_FILES :C $CONFIG_COMMANDS"
-shift
-for ac_tag
-do
- case $ac_tag in
- :[FHLC]) ac_mode=$ac_tag; continue;;
- esac
- case $ac_mode$ac_tag in
- :[FHL]*:*);;
- :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
- :[FH]-) ac_tag=-:-;;
- :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
- esac
- ac_save_IFS=$IFS
- IFS=:
- set x $ac_tag
- IFS=$ac_save_IFS
- shift
- ac_file=$1
- shift
-
- case $ac_mode in
- :L) ac_source=$1;;
- :[FH])
- ac_file_inputs=
- for ac_f
- do
- case $ac_f in
- -) ac_f="$ac_tmp/stdin";;
- *) # Look for the file first in the build tree, then in the source tree
- # (if the path is not absolute). The absolute path cannot be DOS-style,
- # because $ac_f cannot contain `:'.
- test -f "$ac_f" ||
- case $ac_f in
- [\\/$]*) false;;
- *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
- esac ||
- as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
- esac
- case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
- as_fn_append ac_file_inputs " '$ac_f'"
- done
-
- # Let's still pretend it is `configure' which instantiates (i.e., don't
- # use $as_me), people would be surprised to read:
- # /* config.h. Generated by config.status. */
- configure_input='Generated from '`
- printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
- `' by configure.'
- if test x"$ac_file" != x-; then
- configure_input="$ac_file. $configure_input"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
-printf "%s\n" "$as_me: creating $ac_file" >&6;}
- fi
- # Neutralize special characters interpreted by sed in replacement strings.
- case $configure_input in #(
- *\&* | *\|* | *\\* )
- ac_sed_conf_input=`printf "%s\n" "$configure_input" |
- sed 's/[\\\\&|]/\\\\&/g'`;; #(
- *) ac_sed_conf_input=$configure_input;;
- esac
-
- case $ac_tag in
- *:-:* | *:-) cat >"$ac_tmp/stdin" \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
- esac
- ;;
- esac
-
- ac_dir=`$as_dirname -- "$ac_file" ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$ac_file" : 'X\(//\)[^/]' \| \
- X"$ac_file" : 'X\(//\)$' \| \
- X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$ac_file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- as_dir="$ac_dir"; as_fn_mkdir_p
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
-
- case $ac_mode in
- :F)
- #
- # CONFIG_FILE
- #
-
- case $INSTALL in
- [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
- *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
- esac
- ac_MKDIR_P=$MKDIR_P
- case $MKDIR_P in
- [\\/$]* | ?:[\\/]* ) ;;
- */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
- esac
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# If the template does not know about datarootdir, expand it.
-# FIXME: This hack should be removed a few years after 2.60.
-ac_datarootdir_hack=; ac_datarootdir_seen=
-ac_sed_dataroot='
-/datarootdir/ {
- p
- q
-}
-/@datadir@/p
-/@docdir@/p
-/@infodir@/p
-/@localedir@/p
-/@mandir@/p'
-case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
-*datarootdir*) ac_datarootdir_seen=yes;;
-*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
-printf "%s\n" "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
- ac_datarootdir_hack='
- s&@datadir@&$datadir&g
- s&@docdir@&$docdir&g
- s&@infodir@&$infodir&g
- s&@localedir@&$localedir&g
- s&@mandir@&$mandir&g
- s&\\\${datarootdir}&$datarootdir&g' ;;
-esac
-_ACEOF
-
-# Neutralize VPATH when `$srcdir' = `.'.
-# Shell code in configure.ac might set extrasub.
-# FIXME: do we really want to maintain this feature?
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_sed_extra="$ac_vpsub
-$extrasub
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-:t
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s|@configure_input@|$ac_sed_conf_input|;t t
-s&@top_builddir@&$ac_top_builddir_sub&;t t
-s&@top_build_prefix@&$ac_top_build_prefix&;t t
-s&@srcdir@&$ac_srcdir&;t t
-s&@abs_srcdir@&$ac_abs_srcdir&;t t
-s&@top_srcdir@&$ac_top_srcdir&;t t
-s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
-s&@builddir@&$ac_builddir&;t t
-s&@abs_builddir@&$ac_abs_builddir&;t t
-s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
-s&@INSTALL@&$ac_INSTALL&;t t
-s&@MKDIR_P@&$ac_MKDIR_P&;t t
-$ac_datarootdir_hack
-"
-eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
- >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
-
-test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
- { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
- { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
- "$ac_tmp/out"`; test -z "$ac_out"; } &&
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined" >&5
-printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined" >&2;}
-
- rm -f "$ac_tmp/stdin"
- case $ac_file in
- -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
- *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
- esac \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
- ;;
-
-
- :C) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
-printf "%s\n" "$as_me: executing $ac_file commands" >&6;}
- ;;
- esac
-
-
- case $ac_file$ac_mode in
- "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
- # Older Autoconf quotes --file arguments for eval, but not when files
- # are listed without --file. Let's play safe and only enable the eval
- # if we detect the quoting.
- # TODO: see whether this extra hack can be removed once we start
- # requiring Autoconf 2.70 or later.
- case $CONFIG_FILES in @%:@(
- *\'*) :
- eval set x "$CONFIG_FILES" ;; @%:@(
- *) :
- set x $CONFIG_FILES ;; @%:@(
- *) :
- ;;
-esac
- shift
- # Used to flag and report bootstrapping failures.
- am_rc=0
- for am_mf
- do
- # Strip MF so we end up with the name of the file.
- am_mf=`printf "%s\n" "$am_mf" | sed -e 's/:.*$//'`
- # Check whether this is an Automake generated Makefile which includes
- # dependency-tracking related rules and includes.
- # Grep'ing the whole file directly is not great: AIX grep has a line
- # limit of 2048, but all sed's we know have understand at least 4000.
- sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
- || continue
- am_dirpart=`$as_dirname -- "$am_mf" ||
-$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$am_mf" : 'X\(//\)[^/]' \| \
- X"$am_mf" : 'X\(//\)$' \| \
- X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$am_mf" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- am_filepart=`$as_basename -- "$am_mf" ||
-$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \
- X"$am_mf" : 'X\(//\)$' \| \
- X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X/"$am_mf" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- { echo "$as_me:$LINENO: cd "$am_dirpart" \
- && sed -e '/# am--include-marker/d' "$am_filepart" \
- | $MAKE -f - am--depfiles" >&5
- (cd "$am_dirpart" \
- && sed -e '/# am--include-marker/d' "$am_filepart" \
- | $MAKE -f - am--depfiles) >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } || am_rc=$?
- done
- if test $am_rc -ne 0; then
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "Something went wrong bootstrapping makefile fragments
- for automatic dependency tracking. If GNU make was not used, consider
- re-running the configure script with MAKE=\"gmake\" (or whatever is
- necessary). You can also try re-running configure with the
- '--disable-dependency-tracking' option to at least be able to build
- the package (albeit without support for automatic dependency tracking).
-See \`config.log' for more details" "$LINENO" 5; }
- fi
- { am_dirpart=; unset am_dirpart;}
- { am_filepart=; unset am_filepart;}
- { am_mf=; unset am_mf;}
- { am_rc=; unset am_rc;}
- rm -f conftest-deps.mk
-}
- ;;
- "libtool":C)
-
- # See if we are running on zsh, and set the options that allow our
- # commands through without removal of \ escapes.
- if test -n "${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
- fi
-
- cfgfile=${ofile}T
- trap "$RM \"$cfgfile\"; exit 1" 1 2 15
- $RM "$cfgfile"
-
- cat <<_LT_EOF >> "$cfgfile"
-#! $SHELL
-# Generated automatically by $as_me ($PACKAGE) $VERSION
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-
-# Provide generalized library-building support services.
-# Written by Gordon Matzigkeit, 1996
-
-# Copyright (C) 2014 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions. There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# GNU Libtool is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of of the License, or
-# (at your option) any later version.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program or library that is built
-# using GNU Libtool, you may include this file under the same
-# distribution terms that you use for the rest of that program.
-#
-# GNU Libtool is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-
-# The names of the tagged configurations supported by this script.
-available_tags=''
-
-# Configured defaults for sys_lib_dlsearch_path munging.
-: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
-
-# ### BEGIN LIBTOOL CONFIG
-
-# Which release of libtool.m4 was used?
-macro_version=$macro_version
-macro_revision=$macro_revision
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# What type of objects to build.
-pic_mode=$pic_mode
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# Shared archive member basename,for filename based shared library versioning on AIX.
-shared_archive_member_spec=$shared_archive_member_spec
-
-# Shell to use when invoking shell scripts.
-SHELL=$lt_SHELL
-
-# An echo program that protects backslashes.
-ECHO=$lt_ECHO
-
-# The PATH separator for the build system.
-PATH_SEPARATOR=$lt_PATH_SEPARATOR
-
-# The host system.
-host_alias=$host_alias
-host=$host
-host_os=$host_os
-
-# The build system.
-build_alias=$build_alias
-build=$build
-build_os=$build_os
-
-# A sed program that does not truncate output.
-SED=$lt_SED
-
-# Sed that helps us avoid accidentally triggering echo(1) options like -n.
-Xsed="\$SED -e 1s/^X//"
-
-# A grep program that handles long lines.
-GREP=$lt_GREP
-
-# An ERE matcher.
-EGREP=$lt_EGREP
-
-# A literal string matcher.
-FGREP=$lt_FGREP
-
-# A BSD- or MS-compatible name lister.
-NM=$lt_NM
-
-# Whether we need soft or hard links.
-LN_S=$lt_LN_S
-
-# What is the maximum length of a command?
-max_cmd_len=$max_cmd_len
-
-# Object file suffix (normally "o").
-objext=$ac_objext
-
-# Executable file suffix (normally "").
-exeext=$exeext
-
-# whether the shell understands "unset".
-lt_unset=$lt_unset
-
-# turn spaces into newlines.
-SP2NL=$lt_lt_SP2NL
-
-# turn newlines into spaces.
-NL2SP=$lt_lt_NL2SP
-
-# convert \$build file names to \$host format.
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-
-# convert \$build files to toolchain format.
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-
-# An object symbol dumper.
-OBJDUMP=$lt_OBJDUMP
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$lt_deplibs_check_method
-
-# Command to use when deplibs_check_method = "file_magic".
-file_magic_cmd=$lt_file_magic_cmd
-
-# How to find potential files when deplibs_check_method = "file_magic".
-file_magic_glob=$lt_file_magic_glob
-
-# Find potential files using nocaseglob when deplibs_check_method = "file_magic".
-want_nocaseglob=$lt_want_nocaseglob
-
-# DLL creation program.
-DLLTOOL=$lt_DLLTOOL
-
-# Command to associate shared and link libraries.
-sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd
-
-# The archiver.
-AR=$lt_AR
-
-# Flags to create an archive.
-AR_FLAGS=$lt_AR_FLAGS
-
-# How to feed a file listing to the archiver.
-archiver_list_spec=$lt_archiver_list_spec
-
-# A symbol stripping program.
-STRIP=$lt_STRIP
-
-# Commands used to install an old-style archive.
-RANLIB=$lt_RANLIB
-old_postinstall_cmds=$lt_old_postinstall_cmds
-old_postuninstall_cmds=$lt_old_postuninstall_cmds
-
-# Whether to use a lock for old archive extraction.
-lock_old_archive_extraction=$lock_old_archive_extraction
-
-# A C compiler.
-LTCC=$lt_CC
-
-# LTCC compiler flags.
-LTCFLAGS=$lt_CFLAGS
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration.
-global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
-
-# Transform the output of nm into a list of symbols to manually relocate.
-global_symbol_to_import=$lt_lt_cv_sys_global_symbol_to_import
-
-# Transform the output of nm in a C name address pair.
-global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
-
-# Transform the output of nm in a C name address pair when lib prefix is needed.
-global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix
-
-# The name lister interface.
-nm_interface=$lt_lt_cv_nm_interface
-
-# Specify filename containing input files for \$NM.
-nm_file_list_spec=$lt_nm_file_list_spec
-
-# The root where to search for dependent libraries,and where our libraries should be installed.
-lt_sysroot=$lt_sysroot
-
-# Command to truncate a binary pipe.
-lt_truncate_bin=$lt_lt_cv_truncate_bin
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# Used to examine libraries when file_magic_cmd begins with "file".
-MAGIC_CMD=$MAGIC_CMD
-
-# Must we lock files when doing compilation?
-need_locks=$lt_need_locks
-
-# Manifest tool.
-MANIFEST_TOOL=$lt_MANIFEST_TOOL
-
-# Tool to manipulate archived DWARF debug symbol files on Mac OS X.
-DSYMUTIL=$lt_DSYMUTIL
-
-# Tool to change global to local symbols on Mac OS X.
-NMEDIT=$lt_NMEDIT
-
-# Tool to manipulate fat objects and archives on Mac OS X.
-LIPO=$lt_LIPO
-
-# ldd/readelf like tool for Mach-O binaries on Mac OS X.
-OTOOL=$lt_OTOOL
-
-# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4.
-OTOOL64=$lt_OTOOL64
-
-# Old archive suffix (normally "a").
-libext=$libext
-
-# Shared library suffix (normally ".so").
-shrext_cmds=$lt_shrext_cmds
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$lt_extract_expsyms_cmds
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at link time.
-variables_saved_for_relink=$lt_variables_saved_for_relink
-
-# Do we need the "lib" prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Library versioning type.
-version_type=$version_type
-
-# Shared library runtime path variable.
-runpath_var=$runpath_var
-
-# Shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# Format of library name prefix.
-libname_spec=$lt_libname_spec
-
-# List of archive names. First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME
-library_names_spec=$lt_library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$lt_soname_spec
-
-# Permission mode override for installation of shared libraries.
-install_override_mode=$lt_install_override_mode
-
-# Command to use after installation of a shared archive.
-postinstall_cmds=$lt_postinstall_cmds
-
-# Command to use after uninstallation of a shared archive.
-postuninstall_cmds=$lt_postuninstall_cmds
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$lt_finish_cmds
-
-# As "finish_cmds", except a single script fragment to be evaled but
-# not shown.
-finish_eval=$lt_finish_eval
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Compile-time system search path for libraries.
-sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
-
-# Detected run-time system search path for libraries.
-sys_lib_dlsearch_path_spec=$lt_configure_time_dlsearch_path
-
-# Explicit LT_SYS_LIBRARY_PATH set during ./configure time.
-configure_time_lt_sys_library_path=$lt_configure_time_lt_sys_library_path
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Commands to strip libraries.
-old_striplib=$lt_old_striplib
-striplib=$lt_striplib
-
-
-# The linker used to build libraries.
-LD=$lt_LD
-
-# How to create reloadable object files.
-reload_flag=$lt_reload_flag
-reload_cmds=$lt_reload_cmds
-
-# Commands used to build an old-style archive.
-old_archive_cmds=$lt_old_archive_cmds
-
-# A language specific compiler.
-CC=$lt_compiler
-
-# Is the compiler the GNU compiler?
-with_gcc=$GCC
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
-
-# Additional compiler flags for building library objects.
-pic_flag=$lt_lt_prog_compiler_pic
-
-# How to pass a linker flag through the compiler.
-wl=$lt_lt_prog_compiler_wl
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$lt_lt_prog_compiler_static
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$lt_lt_cv_prog_compiler_c_o
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$archive_cmds_need_lc
-
-# Whether or not to disallow shared libs when runtime libs are static.
-allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$lt_whole_archive_flag_spec
-
-# Whether the compiler copes with passing no objects directly.
-compiler_needs_object=$lt_compiler_needs_object
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
-
-# Commands used to build a shared archive.
-archive_cmds=$lt_archive_cmds
-archive_expsym_cmds=$lt_archive_expsym_cmds
-
-# Commands used to build a loadable module if different from building
-# a shared archive.
-module_cmds=$lt_module_cmds
-module_expsym_cmds=$lt_module_expsym_cmds
-
-# Whether we are building with GNU ld or not.
-with_gnu_ld=$lt_with_gnu_ld
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$lt_allow_undefined_flag
-
-# Flag that enforces no undefined symbols.
-no_undefined_flag=$lt_no_undefined_flag
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist
-hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
-
-# Whether we need a single "-rpath" flag with a separated argument.
-hardcode_libdir_separator=$lt_hardcode_libdir_separator
-
-# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
-# DIR into the resulting binary.
-hardcode_direct=$hardcode_direct
-
-# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
-# DIR into the resulting binary and the resulting library dependency is
-# "absolute",i.e impossible to change by setting \$shlibpath_var if the
-# library is relocated.
-hardcode_direct_absolute=$hardcode_direct_absolute
-
-# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
-# into the resulting binary.
-hardcode_minus_L=$hardcode_minus_L
-
-# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
-# into the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var
-
-# Set to "yes" if building a shared library automatically hardcodes DIR
-# into the library and all subsequent libraries and executables linked
-# against it.
-hardcode_automatic=$hardcode_automatic
-
-# Set to yes if linker adds runtime paths of dependent libraries
-# to runtime path list.
-inherit_rpath=$inherit_rpath
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs
-
-# Set to "yes" if exported symbols are required.
-always_export_symbols=$always_export_symbols
-
-# The commands to list exported symbols.
-export_symbols_cmds=$lt_export_symbols_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$lt_exclude_expsyms
-
-# Symbols that must always be exported.
-include_expsyms=$lt_include_expsyms
-
-# Commands necessary for linking programs (against libraries) with templates.
-prelink_cmds=$lt_prelink_cmds
-
-# Commands necessary for finishing linking programs.
-postlink_cmds=$lt_postlink_cmds
-
-# Specify filename containing input files.
-file_list_spec=$lt_file_list_spec
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action
-
-# ### END LIBTOOL CONFIG
-
-_LT_EOF
-
- cat <<'_LT_EOF' >> "$cfgfile"
-
-# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
-
-# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-# string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-# string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-# string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-# "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-# VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
- case x@S|@2 in
- x)
- ;;
- *:)
- eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
- ;;
- x:*)
- eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
- ;;
- *::*)
- eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
- eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
- ;;
- *)
- eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
- ;;
- esac
-}
-
-
-# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
- for cc_temp in @S|@*""; do
- case $cc_temp in
- compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
- distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
- \-*) ;;
- *) break;;
- esac
- done
- func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-
-
-# ### END FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_EOF
-
- case $host_os in
- aix3*)
- cat <<\_LT_EOF >> "$cfgfile"
-# AIX sometimes has problems with the GCC collect2 program. For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test set != "${COLLECT_NAMES+set}"; then
- COLLECT_NAMES=
- export COLLECT_NAMES
-fi
-_LT_EOF
- ;;
- esac
-
-
-
-ltmain=$ac_aux_dir/ltmain.sh
-
-
- # We use sed instead of cat because bash on DJGPP gets confused if
- # if finds mixed CR/LF and LF-only lines. Since sed operates in
- # text mode, it properly converts lines to CR/LF. This bash problem
- # is reportedly fixed, but why not run on old versions too?
- sed '$q' "$ltmain" >> "$cfgfile" \
- || (rm -f "$cfgfile"; exit 1)
-
- mv -f "$cfgfile" "$ofile" ||
- (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
- chmod +x "$ofile"
-
- ;;
-
- esac
-done # for ac_tag
-
-
-as_fn_exit 0
-_ACEOF
-ac_clean_files=$ac_clean_files_save
-
-test $ac_write_fail = 0 ||
- as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
-
-
-# configure is writing to config.log, and then calls config.status.
-# config.status does its own redirection, appending to config.log.
-# Unfortunately, on DOS this fails, as config.log is still kept open
-# by configure, so config.status won't be able to write to it; its
-# output is simply discarded. So we exec the FD to /dev/null,
-# effectively closing config.log, so it can be properly (re)opened and
-# appended to by config.status. When coming back to configure, we
-# need to make the FD available again.
-if test "$no_create" != yes; then
- ac_cs_success=:
- ac_config_status_args=
- test "$silent" = yes &&
- ac_config_status_args="$ac_config_status_args --quiet"
- exec 5>/dev/null
- $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
- exec 5>>config.log
- # Use ||, not &&, to avoid exiting from the if with $? = 1, which
- # would make configure fail if this is the last instruction.
- $ac_cs_success || as_fn_exit 1
-fi
-if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
-printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
-fi
-
-
\ No newline at end of file
diff --git a/libraries/libapparmor/autom4te.cache/output.2 b/libraries/libapparmor/autom4te.cache/output.2
deleted file mode 100644
index 0902381ab45972749ae063188cc342acaba955ad..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/autom4te.cache/output.2
+++ /dev/null
@@ -1,16581 +0,0 @@
-@%:@! /bin/sh
-@%:@ Guess values for system-dependent variables and create Makefiles.
-@%:@ Generated by GNU Autoconf 2.71.
-@%:@
-@%:@
-@%:@ Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
-@%:@ Inc.
-@%:@
-@%:@
-@%:@ This configure script is free software; the Free Software Foundation
-@%:@ gives unlimited permission to copy, distribute and modify it.
-## -------------------- ##
-## M4sh Initialization. ##
-## -------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-as_nop=:
-if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else $as_nop
- case `(set -o) 2>/dev/null` in @%:@(
- *posix*) :
- set -o posix ;; @%:@(
- *) :
- ;;
-esac
-fi
-
-
-
-# Reset variables that may have inherited troublesome values from
-# the environment.
-
-# IFS needs to be set, to space, tab, and newline, in precisely that order.
-# (If _AS_PATH_WALK were called with IFS unset, it would have the
-# side effect of setting IFS to empty, thus disabling word splitting.)
-# Quoting is to prevent editors from complaining about space-tab.
-as_nl='
-'
-export as_nl
-IFS=" "" $as_nl"
-
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# Ensure predictable behavior from utilities with locale-dependent output.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# We cannot yet rely on "unset" to work, but we need these variables
-# to be unset--not just set to an empty or harmless value--now, to
-# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
-# also avoids known problems related to "unset" and subshell syntax
-# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
-for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
-do eval test \${$as_var+y} \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-
-# Ensure that fds 0, 1, and 2 are open.
-if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
-if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
-if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
-
-# The user is always right.
-if ${PATH_SEPARATOR+false} :; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-# Find who we are. Look in the path if we contain no directory separator.
-as_myself=
-case $0 in @%:@((
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- test -r "$as_dir$0" && as_myself=$as_dir$0 && break
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
-fi
-
-
-# Use a proper internal environment variable to ensure we don't fall
- # into an infinite loop, continuously re-executing ourselves.
- if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
- _as_can_reexec=no; export _as_can_reexec;
- # We cannot yet assume a decent shell, so we have to provide a
-# neutralization value for shells without unset; and this also
-# works around shells that cannot unset nonexistent variables.
-# Preserve -v and -x to the replacement shell.
-BASH_ENV=/dev/null
-ENV=/dev/null
-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-case $- in @%:@ ((((
- *v*x* | *x*v* ) as_opts=-vx ;;
- *v* ) as_opts=-v ;;
- *x* ) as_opts=-x ;;
- * ) as_opts= ;;
-esac
-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-# Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed `exec'.
-printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
-exit 255
- fi
- # We don't want this to propagate to other subprocesses.
- { _as_can_reexec=; unset _as_can_reexec;}
-if test "x$CONFIG_SHELL" = x; then
- as_bourne_compatible="as_nop=:
-if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '\${1+\"\$@\"}'='\"\$@\"'
- setopt NO_GLOB_SUBST
-else \$as_nop
- case \`(set -o) 2>/dev/null\` in @%:@(
- *posix*) :
- set -o posix ;; @%:@(
- *) :
- ;;
-esac
-fi
-"
- as_required="as_fn_return () { (exit \$1); }
-as_fn_success () { as_fn_return 0; }
-as_fn_failure () { as_fn_return 1; }
-as_fn_ret_success () { return 0; }
-as_fn_ret_failure () { return 1; }
-
-exitcode=0
-as_fn_success || { exitcode=1; echo as_fn_success failed.; }
-as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
-as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
-as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
-if ( set x; as_fn_ret_success y && test x = \"\$1\" )
-then :
-
-else \$as_nop
- exitcode=1; echo positional parameters were not saved.
-fi
-test x\$exitcode = x0 || exit 1
-blah=\$(echo \$(echo blah))
-test x\"\$blah\" = xblah || exit 1
-test -x / || exit 1"
- as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
- as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
- eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
- test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
-test \$(( 1 + 1 )) = 2 || exit 1
-
- test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || (
- ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
- ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO
- ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO
- PATH=/empty FPATH=/empty; export PATH FPATH
- test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\
- || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1"
- if (eval "$as_required") 2>/dev/null
-then :
- as_have_required=yes
-else $as_nop
- as_have_required=no
-fi
- if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null
-then :
-
-else $as_nop
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-as_found=false
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- as_found=:
- case $as_dir in @%:@(
- /*)
- for as_base in sh bash ksh sh5; do
- # Try only shells that exist, to save several forks.
- as_shell=$as_dir$as_base
- if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
- as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null
-then :
- CONFIG_SHELL=$as_shell as_have_required=yes
- if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null
-then :
- break 2
-fi
-fi
- done;;
- esac
- as_found=false
-done
-IFS=$as_save_IFS
-if $as_found
-then :
-
-else $as_nop
- if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
- as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null
-then :
- CONFIG_SHELL=$SHELL as_have_required=yes
-fi
-fi
-
-
- if test "x$CONFIG_SHELL" != x
-then :
- export CONFIG_SHELL
- # We cannot yet assume a decent shell, so we have to provide a
-# neutralization value for shells without unset; and this also
-# works around shells that cannot unset nonexistent variables.
-# Preserve -v and -x to the replacement shell.
-BASH_ENV=/dev/null
-ENV=/dev/null
-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-case $- in @%:@ ((((
- *v*x* | *x*v* ) as_opts=-vx ;;
- *v* ) as_opts=-v ;;
- *x* ) as_opts=-x ;;
- * ) as_opts= ;;
-esac
-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-# Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed `exec'.
-printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
-exit 255
-fi
-
- if test x$as_have_required = xno
-then :
- printf "%s\n" "$0: This script requires a shell more modern than all"
- printf "%s\n" "$0: the shells that I found on your system."
- if test ${ZSH_VERSION+y} ; then
- printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should"
- printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later."
- else
- printf "%s\n" "$0: Please tell bug-autoconf@gnu.org about your system,
-$0: including any error possibly output before this
-$0: message. Then install a modern shell, or manually run
-$0: the script under such a shell if you do have one."
- fi
- exit 1
-fi
-fi
-fi
-SHELL=${CONFIG_SHELL-/bin/sh}
-export SHELL
-# Unset more variables known to interfere with behavior of common tools.
-CLICOLOR_FORCE= GREP_OPTIONS=
-unset CLICOLOR_FORCE GREP_OPTIONS
-
-## --------------------- ##
-## M4sh Shell Functions. ##
-## --------------------- ##
-@%:@ as_fn_unset VAR
-@%:@ ---------------
-@%:@ Portably unset VAR.
-as_fn_unset ()
-{
- { eval $1=; unset $1;}
-}
-as_unset=as_fn_unset
-
-
-@%:@ as_fn_set_status STATUS
-@%:@ -----------------------
-@%:@ Set @S|@? to STATUS, without forking.
-as_fn_set_status ()
-{
- return $1
-} @%:@ as_fn_set_status
-
-@%:@ as_fn_exit STATUS
-@%:@ -----------------
-@%:@ Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
-as_fn_exit ()
-{
- set +e
- as_fn_set_status $1
- exit $1
-} @%:@ as_fn_exit
-@%:@ as_fn_nop
-@%:@ ---------
-@%:@ Do nothing but, unlike ":", preserve the value of @S|@?.
-as_fn_nop ()
-{
- return $?
-}
-as_nop=as_fn_nop
-
-@%:@ as_fn_mkdir_p
-@%:@ -------------
-@%:@ Create "@S|@as_dir" as a directory, including parents if necessary.
-as_fn_mkdir_p ()
-{
-
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || eval $as_mkdir_p || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
-
-
-} @%:@ as_fn_mkdir_p
-
-@%:@ as_fn_executable_p FILE
-@%:@ -----------------------
-@%:@ Test if FILE is an executable regular file.
-as_fn_executable_p ()
-{
- test -f "$1" && test -x "$1"
-} @%:@ as_fn_executable_p
-@%:@ as_fn_append VAR VALUE
-@%:@ ----------------------
-@%:@ Append the text in VALUE to the end of the definition contained in VAR. Take
-@%:@ advantage of any shell optimizations that allow amortized linear growth over
-@%:@ repeated appends, instead of the typical quadratic growth present in naive
-@%:@ implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
-then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
-else $as_nop
- as_fn_append ()
- {
- eval $1=\$$1\$2
- }
-fi # as_fn_append
-
-@%:@ as_fn_arith ARG...
-@%:@ ------------------
-@%:@ Perform arithmetic evaluation on the ARGs, and store the result in the
-@%:@ global @S|@as_val. Take advantage of shells that can avoid forks. The arguments
-@%:@ must be portable across @S|@(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
-then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
-else $as_nop
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
- }
-fi # as_fn_arith
-
-@%:@ as_fn_nop
-@%:@ ---------
-@%:@ Do nothing but, unlike ":", preserve the value of @S|@?.
-as_fn_nop ()
-{
- return $?
-}
-as_nop=as_fn_nop
-
-@%:@ as_fn_error STATUS ERROR [LINENO LOG_FD]
-@%:@ ----------------------------------------
-@%:@ Output "`basename @S|@0`: error: ERROR" to stderr. If LINENO and LOG_FD are
-@%:@ provided, also output the error to LOG_FD, referencing LINENO. Then exit the
-@%:@ script with STATUS, using 1 if that was 0.
-as_fn_error ()
-{
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
- printf "%s\n" "$as_me: error: $2" >&2
- as_fn_exit $as_status
-} @%:@ as_fn_error
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-
- as_lineno_1=$LINENO as_lineno_1a=$LINENO
- as_lineno_2=$LINENO as_lineno_2a=$LINENO
- eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
- test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
- # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
- sed -n '
- p
- /[$]LINENO/=
- ' <$as_myself |
- sed '
- s/[$]LINENO.*/&-/
- t lineno
- b
- :lineno
- N
- :loop
- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
- t loop
- s/-\n.*//
- ' >$as_me.lineno &&
- chmod +x "$as_me.lineno" ||
- { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
-
- # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
- # already done that, so ensure we don't try to do so again and fall
- # in an infinite loop. This has already happened in practice.
- _as_can_reexec=no; export _as_can_reexec
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensitive to this).
- . "./$as_me.lineno"
- # Exit status is that of the last command.
- exit
-}
-
-
-# Determine whether it's possible to make 'echo' print without a newline.
-# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
-# for compatibility with existing Makefiles.
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in @%:@(((((
--n*)
- case `echo 'xy\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- xy) ECHO_C='\c';;
- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
- ECHO_T=' ';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-
-# For backward compatibility with old third-party macros, we provide
-# the shell variables $as_echo and $as_echo_n. New code should use
-# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
-as_@&t@echo='printf %s\n'
-as_@&t@echo_n='printf %s'
-
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -pR'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -pR'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -pR'
- fi
-else
- as_ln_s='cp -pR'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p='mkdir -p "$as_dir"'
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-as_test_x='test -x'
-as_executable_p=as_fn_executable_p
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-
-test -n "$DJDIR" || exec 7<&0 </dev/null
-exec 6>&1
-
-# Name of the host.
-# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
-# so uname gets run too.
-ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
-
-#
-# Initializations.
-#
-ac_default_prefix=/usr/local
-ac_clean_files=
-ac_config_libobj_dir=.
-LIB@&t@OBJS=
-cross_compiling=no
-subdirs=
-MFLAGS=
-MAKEFLAGS=
-
-# Identity of this package.
-PACKAGE_NAME=''
-PACKAGE_TARNAME=''
-PACKAGE_VERSION=''
-PACKAGE_STRING=''
-PACKAGE_BUGREPORT=''
-PACKAGE_URL=''
-
-ac_unique_file="configure.ac"
-# Factoring default headers for most tests.
-ac_includes_default="\
-#include <stddef.h>
-#ifdef HAVE_STDIO_H
-# include <stdio.h>
-#endif
-#ifdef HAVE_STDLIB_H
-# include <stdlib.h>
-#endif
-#ifdef HAVE_STRING_H
-# include <string.h>
-#endif
-#ifdef HAVE_INTTYPES_H
-# include <inttypes.h>
-#endif
-#ifdef HAVE_STDINT_H
-# include <stdint.h>
-#endif
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif"
-
-ac_header_c_list=
-ac_subst_vars='am__EXEEXT_FALSE
-am__EXEEXT_TRUE
-LTLIBOBJS
-LIB@&t@OBJS
-LT_SYS_LIBRARY_PATH
-OTOOL64
-OTOOL
-LIPO
-NMEDIT
-DSYMUTIL
-MANIFEST_TOOL
-RANLIB
-ac_ct_AR
-AR
-DLLTOOL
-OBJDUMP
-LN_S
-NM
-ac_ct_DUMPBIN
-DUMPBIN
-LD
-FGREP
-host_os
-host_vendor
-host_cpu
-host
-build_os
-build_vendor
-build_cpu
-build
-LIBTOOL
-EGREP
-GREP
-HAVE_RUBY_FALSE
-HAVE_RUBY_TRUE
-HAVE_PERL_FALSE
-HAVE_PERL_TRUE
-HAVE_PYTHON_FALSE
-HAVE_PYTHON_TRUE
-ENABLE_MAN_PAGES_FALSE
-ENABLE_MAN_PAGES_TRUE
-RUBY
-PERL
-pkgpyexecdir
-pyexecdir
-pkgpythondir
-pythondir
-PYTHON_EXEC_PREFIX
-PYTHON_PREFIX
-PYTHON_PLATFORM
-PYTHON_EXTRA_LDFLAGS
-PYTHON_EXTRA_LIBS
-PYTHON_SITE_PKG
-PYTHON_LDFLAGS
-PYTHON_CPPFLAGS
-PYTHON_CONFIG
-PYTHON_VERSION
-PYTHON
-POD2MAN
-PODCHECKER
-SWIG
-PKG_CONFIG_LIBDIR
-PKG_CONFIG_PATH
-PKG_CONFIG
-SED
-YFLAGS
-YACC
-LEXLIB
-am__fastdepCC_FALSE
-am__fastdepCC_TRUE
-CCDEPMODE
-am__nodep
-AMDEPBACKSLASH
-AMDEP_FALSE
-AMDEP_TRUE
-am__include
-DEPDIR
-OBJEXT
-EXEEXT
-ac_ct_CC
-CPPFLAGS
-LDFLAGS
-CFLAGS
-CC
-LEX_OUTPUT_ROOT
-LEX
-AM_BACKSLASH
-AM_DEFAULT_VERBOSITY
-AM_DEFAULT_V
-AM_V
-CSCOPE
-ETAGS
-CTAGS
-am__untar
-am__tar
-AMTAR
-am__leading_dot
-SET_MAKE
-AWK
-mkdir_p
-MKDIR_P
-INSTALL_STRIP_PROGRAM
-STRIP
-install_sh
-MAKEINFO
-AUTOHEADER
-AUTOMAKE
-AUTOCONF
-ACLOCAL
-VERSION
-PACKAGE
-CYGPATH_W
-am__isrc
-INSTALL_DATA
-INSTALL_SCRIPT
-INSTALL_PROGRAM
-target_alias
-host_alias
-build_alias
-LIBS
-ECHO_T
-ECHO_N
-ECHO_C
-DEFS
-mandir
-localedir
-libdir
-psdir
-pdfdir
-dvidir
-htmldir
-infodir
-docdir
-oldincludedir
-includedir
-runstatedir
-localstatedir
-sharedstatedir
-sysconfdir
-datadir
-datarootdir
-libexecdir
-sbindir
-bindir
-program_transform_name
-prefix
-exec_prefix
-PACKAGE_URL
-PACKAGE_BUGREPORT
-PACKAGE_STRING
-PACKAGE_VERSION
-PACKAGE_TARNAME
-PACKAGE_NAME
-PATH_SEPARATOR
-SHELL
-am__quote'
-ac_subst_files=''
-ac_user_opts='
-enable_option_checking
-enable_silent_rules
-enable_dependency_tracking
-enable_debug_output
-enable_man_pages
-with_python
-with_python_sys_prefix
-with_python_prefix
-with_python_exec_prefix
-with_perl
-with_ruby
-enable_shared
-enable_static
-with_pic
-enable_fast_install
-with_aix_soname
-with_gnu_ld
-with_sysroot
-enable_libtool_lock
-'
- ac_precious_vars='build_alias
-host_alias
-target_alias
-CC
-CFLAGS
-LDFLAGS
-LIBS
-CPPFLAGS
-YACC
-YFLAGS
-PKG_CONFIG
-PKG_CONFIG_PATH
-PKG_CONFIG_LIBDIR
-PYTHON_VERSION
-PYTHON
-LT_SYS_LIBRARY_PATH'
-
-
-# Initialize some variables set by options.
-ac_init_help=
-ac_init_version=false
-ac_unrecognized_opts=
-ac_unrecognized_sep=
-# The variables have the same names as the options, with
-# dashes changed to underlines.
-cache_file=/dev/null
-exec_prefix=NONE
-no_create=
-no_recursion=
-prefix=NONE
-program_prefix=NONE
-program_suffix=NONE
-program_transform_name=s,x,x,
-silent=
-site=
-srcdir=
-verbose=
-x_includes=NONE
-x_libraries=NONE
-
-# Installation directory options.
-# These are left unexpanded so users can "make install exec_prefix=/foo"
-# and all the variables that are supposed to be based on exec_prefix
-# by default will actually change.
-# Use braces instead of parens because sh, perl, etc. also accept them.
-# (The list follows the same order as the GNU Coding Standards.)
-bindir='${exec_prefix}/bin'
-sbindir='${exec_prefix}/sbin'
-libexecdir='${exec_prefix}/libexec'
-datarootdir='${prefix}/share'
-datadir='${datarootdir}'
-sysconfdir='${prefix}/etc'
-sharedstatedir='${prefix}/com'
-localstatedir='${prefix}/var'
-runstatedir='${localstatedir}/run'
-includedir='${prefix}/include'
-oldincludedir='/usr/include'
-docdir='${datarootdir}/doc/${PACKAGE}'
-infodir='${datarootdir}/info'
-htmldir='${docdir}'
-dvidir='${docdir}'
-pdfdir='${docdir}'
-psdir='${docdir}'
-libdir='${exec_prefix}/lib'
-localedir='${datarootdir}/locale'
-mandir='${datarootdir}/man'
-
-ac_prev=
-ac_dashdash=
-for ac_option
-do
- # If the previous option needs an argument, assign it.
- if test -n "$ac_prev"; then
- eval $ac_prev=\$ac_option
- ac_prev=
- continue
- fi
-
- case $ac_option in
- *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
- *=) ac_optarg= ;;
- *) ac_optarg=yes ;;
- esac
-
- case $ac_dashdash$ac_option in
- --)
- ac_dashdash=yes ;;
-
- -bindir | --bindir | --bindi | --bind | --bin | --bi)
- ac_prev=bindir ;;
- -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
- bindir=$ac_optarg ;;
-
- -build | --build | --buil | --bui | --bu)
- ac_prev=build_alias ;;
- -build=* | --build=* | --buil=* | --bui=* | --bu=*)
- build_alias=$ac_optarg ;;
-
- -cache-file | --cache-file | --cache-fil | --cache-fi \
- | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
- ac_prev=cache_file ;;
- -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
- | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
- cache_file=$ac_optarg ;;
-
- --config-cache | -C)
- cache_file=config.cache ;;
-
- -datadir | --datadir | --datadi | --datad)
- ac_prev=datadir ;;
- -datadir=* | --datadir=* | --datadi=* | --datad=*)
- datadir=$ac_optarg ;;
-
- -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
- | --dataroo | --dataro | --datar)
- ac_prev=datarootdir ;;
- -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
- | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
- datarootdir=$ac_optarg ;;
-
- -disable-* | --disable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=no ;;
-
- -docdir | --docdir | --docdi | --doc | --do)
- ac_prev=docdir ;;
- -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
- docdir=$ac_optarg ;;
-
- -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
- ac_prev=dvidir ;;
- -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
- dvidir=$ac_optarg ;;
-
- -enable-* | --enable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=\$ac_optarg ;;
-
- -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
- | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
- | --exec | --exe | --ex)
- ac_prev=exec_prefix ;;
- -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
- | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
- | --exec=* | --exe=* | --ex=*)
- exec_prefix=$ac_optarg ;;
-
- -gas | --gas | --ga | --g)
- # Obsolete; use --with-gas.
- with_gas=yes ;;
-
- -help | --help | --hel | --he | -h)
- ac_init_help=long ;;
- -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
- ac_init_help=recursive ;;
- -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
- ac_init_help=short ;;
-
- -host | --host | --hos | --ho)
- ac_prev=host_alias ;;
- -host=* | --host=* | --hos=* | --ho=*)
- host_alias=$ac_optarg ;;
-
- -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
- ac_prev=htmldir ;;
- -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
- | --ht=*)
- htmldir=$ac_optarg ;;
-
- -includedir | --includedir | --includedi | --included | --include \
- | --includ | --inclu | --incl | --inc)
- ac_prev=includedir ;;
- -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
- | --includ=* | --inclu=* | --incl=* | --inc=*)
- includedir=$ac_optarg ;;
-
- -infodir | --infodir | --infodi | --infod | --info | --inf)
- ac_prev=infodir ;;
- -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
- infodir=$ac_optarg ;;
-
- -libdir | --libdir | --libdi | --libd)
- ac_prev=libdir ;;
- -libdir=* | --libdir=* | --libdi=* | --libd=*)
- libdir=$ac_optarg ;;
-
- -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
- | --libexe | --libex | --libe)
- ac_prev=libexecdir ;;
- -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
- | --libexe=* | --libex=* | --libe=*)
- libexecdir=$ac_optarg ;;
-
- -localedir | --localedir | --localedi | --localed | --locale)
- ac_prev=localedir ;;
- -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
- localedir=$ac_optarg ;;
-
- -localstatedir | --localstatedir | --localstatedi | --localstated \
- | --localstate | --localstat | --localsta | --localst | --locals)
- ac_prev=localstatedir ;;
- -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
- | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
- localstatedir=$ac_optarg ;;
-
- -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
- ac_prev=mandir ;;
- -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
- mandir=$ac_optarg ;;
-
- -nfp | --nfp | --nf)
- # Obsolete; use --without-fp.
- with_fp=no ;;
-
- -no-create | --no-create | --no-creat | --no-crea | --no-cre \
- | --no-cr | --no-c | -n)
- no_create=yes ;;
-
- -no-recursion | --no-recursion | --no-recursio | --no-recursi \
- | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
- no_recursion=yes ;;
-
- -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
- | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
- | --oldin | --oldi | --old | --ol | --o)
- ac_prev=oldincludedir ;;
- -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
- | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
- | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
- oldincludedir=$ac_optarg ;;
-
- -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
- ac_prev=prefix ;;
- -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
- prefix=$ac_optarg ;;
-
- -program-prefix | --program-prefix | --program-prefi | --program-pref \
- | --program-pre | --program-pr | --program-p)
- ac_prev=program_prefix ;;
- -program-prefix=* | --program-prefix=* | --program-prefi=* \
- | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
- program_prefix=$ac_optarg ;;
-
- -program-suffix | --program-suffix | --program-suffi | --program-suff \
- | --program-suf | --program-su | --program-s)
- ac_prev=program_suffix ;;
- -program-suffix=* | --program-suffix=* | --program-suffi=* \
- | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
- program_suffix=$ac_optarg ;;
-
- -program-transform-name | --program-transform-name \
- | --program-transform-nam | --program-transform-na \
- | --program-transform-n | --program-transform- \
- | --program-transform | --program-transfor \
- | --program-transfo | --program-transf \
- | --program-trans | --program-tran \
- | --progr-tra | --program-tr | --program-t)
- ac_prev=program_transform_name ;;
- -program-transform-name=* | --program-transform-name=* \
- | --program-transform-nam=* | --program-transform-na=* \
- | --program-transform-n=* | --program-transform-=* \
- | --program-transform=* | --program-transfor=* \
- | --program-transfo=* | --program-transf=* \
- | --program-trans=* | --program-tran=* \
- | --progr-tra=* | --program-tr=* | --program-t=*)
- program_transform_name=$ac_optarg ;;
-
- -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
- ac_prev=pdfdir ;;
- -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
- pdfdir=$ac_optarg ;;
-
- -psdir | --psdir | --psdi | --psd | --ps)
- ac_prev=psdir ;;
- -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
- psdir=$ac_optarg ;;
-
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- silent=yes ;;
-
- -runstatedir | --runstatedir | --runstatedi | --runstated \
- | --runstate | --runstat | --runsta | --runst | --runs \
- | --run | --ru | --r)
- ac_prev=runstatedir ;;
- -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
- | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
- | --run=* | --ru=* | --r=*)
- runstatedir=$ac_optarg ;;
-
- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
- ac_prev=sbindir ;;
- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
- | --sbi=* | --sb=*)
- sbindir=$ac_optarg ;;
-
- -sharedstatedir | --sharedstatedir | --sharedstatedi \
- | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
- | --sharedst | --shareds | --shared | --share | --shar \
- | --sha | --sh)
- ac_prev=sharedstatedir ;;
- -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
- | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
- | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
- | --sha=* | --sh=*)
- sharedstatedir=$ac_optarg ;;
-
- -site | --site | --sit)
- ac_prev=site ;;
- -site=* | --site=* | --sit=*)
- site=$ac_optarg ;;
-
- -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
- ac_prev=srcdir ;;
- -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
- srcdir=$ac_optarg ;;
-
- -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
- | --syscon | --sysco | --sysc | --sys | --sy)
- ac_prev=sysconfdir ;;
- -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
- | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
- sysconfdir=$ac_optarg ;;
-
- -target | --target | --targe | --targ | --tar | --ta | --t)
- ac_prev=target_alias ;;
- -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
- target_alias=$ac_optarg ;;
-
- -v | -verbose | --verbose | --verbos | --verbo | --verb)
- verbose=yes ;;
-
- -version | --version | --versio | --versi | --vers | -V)
- ac_init_version=: ;;
-
- -with-* | --with-*)
- ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=\$ac_optarg ;;
-
- -without-* | --without-*)
- ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=no ;;
-
- --x)
- # Obsolete; use --with-x.
- with_x=yes ;;
-
- -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
- | --x-incl | --x-inc | --x-in | --x-i)
- ac_prev=x_includes ;;
- -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
- | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
- x_includes=$ac_optarg ;;
-
- -x-libraries | --x-libraries | --x-librarie | --x-librari \
- | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
- ac_prev=x_libraries ;;
- -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
- | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
- x_libraries=$ac_optarg ;;
-
- -*) as_fn_error $? "unrecognized option: \`$ac_option'
-Try \`$0 --help' for more information"
- ;;
-
- *=*)
- ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
- # Reject names that are not valid shell variable names.
- case $ac_envvar in #(
- '' | [0-9]* | *[!_$as_cr_alnum]* )
- as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
- esac
- eval $ac_envvar=\$ac_optarg
- export $ac_envvar ;;
-
- *)
- # FIXME: should be removed in autoconf 3.0.
- printf "%s\n" "$as_me: WARNING: you should use --build, --host, --target" >&2
- expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- printf "%s\n" "$as_me: WARNING: invalid host type: $ac_option" >&2
- : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
- ;;
-
- esac
-done
-
-if test -n "$ac_prev"; then
- ac_option=--`echo $ac_prev | sed 's/_/-/g'`
- as_fn_error $? "missing argument to $ac_option"
-fi
-
-if test -n "$ac_unrecognized_opts"; then
- case $enable_option_checking in
- no) ;;
- fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
- *) printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
- esac
-fi
-
-# Check all directory arguments for consistency.
-for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
- datadir sysconfdir sharedstatedir localstatedir includedir \
- oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
- libdir localedir mandir runstatedir
-do
- eval ac_val=\$$ac_var
- # Remove trailing slashes.
- case $ac_val in
- */ )
- ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
- eval $ac_var=\$ac_val;;
- esac
- # Be sure to have absolute directory names.
- case $ac_val in
- [\\/$]* | ?:[\\/]* ) continue;;
- NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
- esac
- as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
-done
-
-# There might be people who depend on the old broken behavior: `$host'
-# used to hold the argument of --host etc.
-# FIXME: To remove some day.
-build=$build_alias
-host=$host_alias
-target=$target_alias
-
-# FIXME: To remove some day.
-if test "x$host_alias" != x; then
- if test "x$build_alias" = x; then
- cross_compiling=maybe
- elif test "x$build_alias" != "x$host_alias"; then
- cross_compiling=yes
- fi
-fi
-
-ac_tool_prefix=
-test -n "$host_alias" && ac_tool_prefix=$host_alias-
-
-test "$silent" = yes && exec 6>/dev/null
-
-
-ac_pwd=`pwd` && test -n "$ac_pwd" &&
-ac_ls_di=`ls -di .` &&
-ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
- as_fn_error $? "working directory cannot be determined"
-test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
- as_fn_error $? "pwd does not report name of working directory"
-
-
-# Find the source files, if location was not specified.
-if test -z "$srcdir"; then
- ac_srcdir_defaulted=yes
- # Try the directory containing this script, then the parent directory.
- ac_confdir=`$as_dirname -- "$as_myself" ||
-$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_myself" : 'X\(//\)[^/]' \| \
- X"$as_myself" : 'X\(//\)$' \| \
- X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$as_myself" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- srcdir=$ac_confdir
- if test ! -r "$srcdir/$ac_unique_file"; then
- srcdir=..
- fi
-else
- ac_srcdir_defaulted=no
-fi
-if test ! -r "$srcdir/$ac_unique_file"; then
- test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
- as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
-fi
-ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
-ac_abs_confdir=`(
- cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
- pwd)`
-# When building in place, set srcdir=.
-if test "$ac_abs_confdir" = "$ac_pwd"; then
- srcdir=.
-fi
-# Remove unnecessary trailing slashes from srcdir.
-# Double slashes in file names in object file debugging info
-# mess up M-x gdb in Emacs.
-case $srcdir in
-*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
-esac
-for ac_var in $ac_precious_vars; do
- eval ac_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_env_${ac_var}_value=\$${ac_var}
- eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_cv_env_${ac_var}_value=\$${ac_var}
-done
-
-#
-# Report the --help message.
-#
-if test "$ac_init_help" = "long"; then
- # Omit some internal or obsolete options to make the list less imposing.
- # This message is too long to be a string in the A/UX 3.1 sh.
- cat <<_ACEOF
-\`configure' configures this package to adapt to many kinds of systems.
-
-Usage: $0 [OPTION]... [VAR=VALUE]...
-
-To assign environment variables (e.g., CC, CFLAGS...), specify them as
-VAR=VALUE. See below for descriptions of some of the useful variables.
-
-Defaults for the options are specified in brackets.
-
-Configuration:
- -h, --help display this help and exit
- --help=short display options specific to this package
- --help=recursive display the short help of all the included packages
- -V, --version display version information and exit
- -q, --quiet, --silent do not print \`checking ...' messages
- --cache-file=FILE cache test results in FILE [disabled]
- -C, --config-cache alias for \`--cache-file=config.cache'
- -n, --no-create do not create output files
- --srcdir=DIR find the sources in DIR [configure dir or \`..']
-
-Installation directories:
- --prefix=PREFIX install architecture-independent files in PREFIX
- @<:@@S|@ac_default_prefix@:>@
- --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
- @<:@PREFIX@:>@
-
-By default, \`make install' will install all the files in
-\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
-an installation prefix other than \`$ac_default_prefix' using \`--prefix',
-for instance \`--prefix=\$HOME'.
-
-For better control, use the options below.
-
-Fine tuning of the installation directories:
- --bindir=DIR user executables [EPREFIX/bin]
- --sbindir=DIR system admin executables [EPREFIX/sbin]
- --libexecdir=DIR program executables [EPREFIX/libexec]
- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
- --libdir=DIR object code libraries [EPREFIX/lib]
- --includedir=DIR C header files [PREFIX/include]
- --oldincludedir=DIR C header files for non-gcc [/usr/include]
- --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
- --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
- --infodir=DIR info documentation [DATAROOTDIR/info]
- --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
- --mandir=DIR man documentation [DATAROOTDIR/man]
- --docdir=DIR documentation root @<:@DATAROOTDIR/doc/PACKAGE@:>@
- --htmldir=DIR html documentation [DOCDIR]
- --dvidir=DIR dvi documentation [DOCDIR]
- --pdfdir=DIR pdf documentation [DOCDIR]
- --psdir=DIR ps documentation [DOCDIR]
-_ACEOF
-
- cat <<\_ACEOF
-
-Program names:
- --program-prefix=PREFIX prepend PREFIX to installed program names
- --program-suffix=SUFFIX append SUFFIX to installed program names
- --program-transform-name=PROGRAM run sed PROGRAM on installed program names
-
-System types:
- --build=BUILD configure for building on BUILD [guessed]
- --host=HOST cross-compile to build programs to run on HOST [BUILD]
-_ACEOF
-fi
-
-if test -n "$ac_init_help"; then
-
- cat <<\_ACEOF
-
-Optional Features:
- --disable-option-checking ignore unrecognized --enable/--with options
- --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
- --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
- --enable-silent-rules less verbose build output (undo: "make V=1")
- --disable-silent-rules verbose build output (undo: "make V=0")
- --enable-dependency-tracking
- do not reject slow dependency extractors
- --disable-dependency-tracking
- speeds up one-time build
- --enable-debug-output generate the libapparmor debug output @<:@@<:@default=no@:>@@:>@
- --enable-man-pages generate the libapparmor man pages @<:@@<:@default=yes@:>@@:>@
- --enable-shared@<:@=PKGS@:>@ build shared libraries @<:@default=yes@:>@
- --enable-static@<:@=PKGS@:>@ build static libraries @<:@default=yes@:>@
- --enable-fast-install@<:@=PKGS@:>@
- optimize for fast installation @<:@default=yes@:>@
- --disable-libtool-lock avoid locking (might break parallel builds)
-
-Optional Packages:
- --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
- --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
- --with-python enable the python wrapper [default=no]
- --with-python-sys-prefix
- use Python's sys.prefix and sys.exec_prefix values
- --with-python_prefix override the default PYTHON_PREFIX
- --with-python_exec_prefix
- override the default PYTHON_EXEC_PREFIX
- --with-perl enable the perl wrapper [default=no]
- --with-ruby enable the ruby wrapper [default=no]
- --with-pic@<:@=PKGS@:>@ try to use only PIC/non-PIC objects @<:@default=use
- both@:>@
- --with-aix-soname=aix|svr4|both
- shared library versioning (aka "SONAME") variant to
- provide on AIX, @<:@default=aix@:>@.
- --with-gnu-ld assume the C compiler uses GNU ld @<:@default=no@:>@
- --with-sysroot@<:@=DIR@:>@ Search for dependent libraries within DIR (or the
- compiler's sysroot if not specified).
-
-Some influential environment variables:
- CC C compiler command
- CFLAGS C compiler flags
- LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
- nonstandard directory <lib dir>
- LIBS libraries to pass to the linker, e.g. -l<library>
- CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
- you have headers in a nonstandard directory <include dir>
- YACC The `Yet Another Compiler Compiler' implementation to use.
- Defaults to the first program found out of: `bison -y', `byacc',
- `yacc'.
- YFLAGS The list of arguments that will be passed by default to @S|@YACC.
- This script will default YFLAGS to the empty string to avoid a
- default value of `-d' given by some make applications.
- PKG_CONFIG path to pkg-config utility
- PKG_CONFIG_PATH
- directories to add to pkg-config's search path
- PKG_CONFIG_LIBDIR
- path overriding pkg-config's built-in search path
- PYTHON_VERSION
- The installed Python version to use, for example '2.3'. This
- string will be appended to the Python interpreter canonical
- name.
- PYTHON the Python interpreter
- LT_SYS_LIBRARY_PATH
- User-defined run-time library search path.
-
-Use these variables to override the choices made by `configure' or to help
-it to find libraries and programs with nonstandard names/locations.
-
-Report bugs to the package provider.
-_ACEOF
-ac_status=$?
-fi
-
-if test "$ac_init_help" = "recursive"; then
- # If there are subdirs, report their specific --help.
- for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
- test -d "$ac_dir" ||
- { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
- continue
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
- cd "$ac_dir" || { ac_status=$?; continue; }
- # Check for configure.gnu first; this name is used for a wrapper for
- # Metaconfig's "Configure" on case-insensitive file systems.
- if test -f "$ac_srcdir/configure.gnu"; then
- echo &&
- $SHELL "$ac_srcdir/configure.gnu" --help=recursive
- elif test -f "$ac_srcdir/configure"; then
- echo &&
- $SHELL "$ac_srcdir/configure" --help=recursive
- else
- printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2
- fi || ac_status=$?
- cd "$ac_pwd" || { ac_status=$?; break; }
- done
-fi
-
-test -n "$ac_init_help" && exit $ac_status
-if $ac_init_version; then
- cat <<\_ACEOF
-configure
-generated by GNU Autoconf 2.71
-
-Copyright (C) 2021 Free Software Foundation, Inc.
-This configure script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it.
-_ACEOF
- exit
-fi
-
-## ------------------------ ##
-## Autoconf initialization. ##
-## ------------------------ ##
-
-@%:@ ac_fn_c_try_compile LINENO
-@%:@ --------------------------
-@%:@ Try to compile conftest.@S|@ac_ext, and return whether this succeeded.
-ac_fn_c_try_compile ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext conftest.beam
- if { { ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext
-then :
- ac_retval=0
-else $as_nop
- printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} @%:@ ac_fn_c_try_compile
-
-@%:@ ac_fn_c_try_link LINENO
-@%:@ -----------------------
-@%:@ Try to link conftest.@S|@ac_ext, and return whether this succeeded.
-ac_fn_c_try_link ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext
- if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext && {
- test "$cross_compiling" = yes ||
- test -x conftest$ac_exeext
- }
-then :
- ac_retval=0
-else $as_nop
- printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
- # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
- # interfere with the next link command; also delete a directory that is
- # left behind by Apple's compiler. We do this before executing the actions.
- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} @%:@ ac_fn_c_try_link
-
-@%:@ ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
-@%:@ -------------------------------------------------------
-@%:@ Tests whether HEADER exists and can be compiled using the include files in
-@%:@ INCLUDES, setting the cache variable VAR accordingly.
-ac_fn_c_check_header_compile ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-printf %s "checking for $2... " >&6; }
-if eval test \${$3+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-@%:@include <$2>
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- eval "$3=yes"
-else $as_nop
- eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-printf "%s\n" "$ac_res" >&6; }
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} @%:@ ac_fn_c_check_header_compile
-
-@%:@ ac_fn_c_check_func LINENO FUNC VAR
-@%:@ ----------------------------------
-@%:@ Tests whether FUNC exists, setting the cache variable VAR accordingly
-ac_fn_c_check_func ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-printf %s "checking for $2... " >&6; }
-if eval test \${$3+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define $2 innocuous_$2
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $2 (); below. */
-
-#include <limits.h>
-#undef $2
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $2 ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined __stub_$2 || defined __stub___$2
-choke me
-#endif
-
-int
-main (void)
-{
-return $2 ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- eval "$3=yes"
-else $as_nop
- eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-printf "%s\n" "$ac_res" >&6; }
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} @%:@ ac_fn_c_check_func
-ac_configure_args_raw=
-for ac_arg
-do
- case $ac_arg in
- *\'*)
- ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- as_fn_append ac_configure_args_raw " '$ac_arg'"
-done
-
-case $ac_configure_args_raw in
- *$as_nl*)
- ac_safe_unquote= ;;
- *)
- ac_unsafe_z='|&;<>()$`\\"*?@<:@ '' ' # This string ends in space, tab.
- ac_unsafe_a="$ac_unsafe_z#~"
- ac_safe_unquote="s/ '\\([^$ac_unsafe_a][^$ac_unsafe_z]*\\)'/ \\1/g"
- ac_configure_args_raw=` printf "%s\n" "$ac_configure_args_raw" | sed "$ac_safe_unquote"`;;
-esac
-
-cat >config.log <<_ACEOF
-This file contains any messages produced by compilers while
-running configure, to aid debugging if configure makes a mistake.
-
-It was created by $as_me, which was
-generated by GNU Autoconf 2.71. Invocation command line was
-
- $ $0$ac_configure_args_raw
-
-_ACEOF
-exec 5>>config.log
-{
-cat <<_ASUNAME
-## --------- ##
-## Platform. ##
-## --------- ##
-
-hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
-/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
-
-/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
-/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
-/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
-/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
-/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
-/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
-
-_ASUNAME
-
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- printf "%s\n" "PATH: $as_dir"
- done
-IFS=$as_save_IFS
-
-} >&5
-
-cat >&5 <<_ACEOF
-
-
-## ----------- ##
-## Core tests. ##
-## ----------- ##
-
-_ACEOF
-
-
-# Keep a trace of the command line.
-# Strip out --no-create and --no-recursion so they do not pile up.
-# Strip out --silent because we don't want to record it for future runs.
-# Also quote any args containing shell meta-characters.
-# Make two passes to allow for proper duplicate-argument suppression.
-ac_configure_args=
-ac_configure_args0=
-ac_configure_args1=
-ac_must_keep_next=false
-for ac_pass in 1 2
-do
- for ac_arg
- do
- case $ac_arg in
- -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- continue ;;
- *\'*)
- ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- case $ac_pass in
- 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
- 2)
- as_fn_append ac_configure_args1 " '$ac_arg'"
- if test $ac_must_keep_next = true; then
- ac_must_keep_next=false # Got value, back to normal.
- else
- case $ac_arg in
- *=* | --config-cache | -C | -disable-* | --disable-* \
- | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
- | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
- | -with-* | --with-* | -without-* | --without-* | --x)
- case "$ac_configure_args0 " in
- "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
- esac
- ;;
- -* ) ac_must_keep_next=true ;;
- esac
- fi
- as_fn_append ac_configure_args " '$ac_arg'"
- ;;
- esac
- done
-done
-{ ac_configure_args0=; unset ac_configure_args0;}
-{ ac_configure_args1=; unset ac_configure_args1;}
-
-# When interrupted or exit'd, cleanup temporary files, and complete
-# config.log. We remove comments because anyway the quotes in there
-# would cause problems or look ugly.
-# WARNING: Use '\'' to represent an apostrophe within the trap.
-# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
-trap 'exit_status=$?
- # Sanitize IFS.
- IFS=" "" $as_nl"
- # Save into config.log some information that might help in debugging.
- {
- echo
-
- printf "%s\n" "## ---------------- ##
-## Cache variables. ##
-## ---------------- ##"
- echo
- # The following way of writing the cache mishandles newlines in values,
-(
- for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) { eval $ac_var=; unset $ac_var;} ;;
- esac ;;
- esac
- done
- (set) 2>&1 |
- case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- sed -n \
- "s/'\''/'\''\\\\'\'''\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
- ;; #(
- *)
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-)
- echo
-
- printf "%s\n" "## ----------------- ##
-## Output variables. ##
-## ----------------- ##"
- echo
- for ac_var in $ac_subst_vars
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- printf "%s\n" "$ac_var='\''$ac_val'\''"
- done | sort
- echo
-
- if test -n "$ac_subst_files"; then
- printf "%s\n" "## ------------------- ##
-## File substitutions. ##
-## ------------------- ##"
- echo
- for ac_var in $ac_subst_files
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- printf "%s\n" "$ac_var='\''$ac_val'\''"
- done | sort
- echo
- fi
-
- if test -s confdefs.h; then
- printf "%s\n" "## ----------- ##
-## confdefs.h. ##
-## ----------- ##"
- echo
- cat confdefs.h
- echo
- fi
- test "$ac_signal" != 0 &&
- printf "%s\n" "$as_me: caught signal $ac_signal"
- printf "%s\n" "$as_me: exit $exit_status"
- } >&5
- rm -f core *.core core.conftest.* &&
- rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
- exit $exit_status
-' 0
-for ac_signal in 1 2 13 15; do
- trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
-done
-ac_signal=0
-
-# confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -f -r conftest* confdefs.h
-
-printf "%s\n" "/* confdefs.h */" > confdefs.h
-
-# Predefined preprocessor variables.
-
-printf "%s\n" "@%:@define PACKAGE_NAME \"$PACKAGE_NAME\"" >>confdefs.h
-
-printf "%s\n" "@%:@define PACKAGE_TARNAME \"$PACKAGE_TARNAME\"" >>confdefs.h
-
-printf "%s\n" "@%:@define PACKAGE_VERSION \"$PACKAGE_VERSION\"" >>confdefs.h
-
-printf "%s\n" "@%:@define PACKAGE_STRING \"$PACKAGE_STRING\"" >>confdefs.h
-
-printf "%s\n" "@%:@define PACKAGE_BUGREPORT \"$PACKAGE_BUGREPORT\"" >>confdefs.h
-
-printf "%s\n" "@%:@define PACKAGE_URL \"$PACKAGE_URL\"" >>confdefs.h
-
-
-# Let the site file select an alternate cache file if it wants to.
-# Prefer an explicitly selected file to automatically selected ones.
-if test -n "$CONFIG_SITE"; then
- ac_site_files="$CONFIG_SITE"
-elif test "x$prefix" != xNONE; then
- ac_site_files="$prefix/share/config.site $prefix/etc/config.site"
-else
- ac_site_files="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
-fi
-
-for ac_site_file in $ac_site_files
-do
- case $ac_site_file in @%:@(
- */*) :
- ;; @%:@(
- *) :
- ac_site_file=./$ac_site_file ;;
-esac
- if test -f "$ac_site_file" && test -r "$ac_site_file"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
-printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;}
- sed 's/^/| /' "$ac_site_file" >&5
- . "$ac_site_file" \
- || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "failed to load site script $ac_site_file
-See \`config.log' for more details" "$LINENO" 5; }
- fi
-done
-
-if test -r "$cache_file"; then
- # Some versions of bash will fail to source /dev/null (special files
- # actually), so we avoid doing that. DJGPP emulates it as a regular file.
- if test /dev/null != "$cache_file" && test -f "$cache_file"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
-printf "%s\n" "$as_me: loading cache $cache_file" >&6;}
- case $cache_file in
- [\\/]* | ?:[\\/]* ) . "$cache_file";;
- *) . "./$cache_file";;
- esac
- fi
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
-printf "%s\n" "$as_me: creating cache $cache_file" >&6;}
- >$cache_file
-fi
-
-# Test code for whether the C compiler supports C89 (global declarations)
-ac_c_conftest_c89_globals='
-/* Does the compiler advertise C89 conformance?
- Do not test the value of __STDC__, because some compilers set it to 0
- while being otherwise adequately conformant. */
-#if !defined __STDC__
-# error "Compiler does not advertise C89 conformance"
-#endif
-
-#include <stddef.h>
-#include <stdarg.h>
-struct stat;
-/* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */
-struct buf { int x; };
-struct buf * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
- char **p;
- int i;
-{
- return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
- char *s;
- va_list v;
- va_start (v,p);
- s = g (p, va_arg (v,int));
- va_end (v);
- return s;
-}
-
-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
- function prototypes and stuff, but not \xHH hex character constants.
- These do not provoke an error unfortunately, instead are silently treated
- as an "x". The following induces an error, until -std is added to get
- proper ANSI mode. Curiously \x00 != x always comes out true, for an
- array size at least. It is necessary to write \x00 == 0 to get something
- that is true only with -std. */
-int osf4_cc_array ['\''\x00'\'' == 0 ? 1 : -1];
-
-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
- inside strings and character constants. */
-#define FOO(x) '\''x'\''
-int xlc6_cc_array[FOO(a) == '\''x'\'' ? 1 : -1];
-
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, int *(*)(struct buf *, struct stat *, int),
- int, int);'
-
-# Test code for whether the C compiler supports C89 (body of main).
-ac_c_conftest_c89_main='
-ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]);
-'
-
-# Test code for whether the C compiler supports C99 (global declarations)
-ac_c_conftest_c99_globals='
-// Does the compiler advertise C99 conformance?
-#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L
-# error "Compiler does not advertise C99 conformance"
-#endif
-
-#include <stdbool.h>
-extern int puts (const char *);
-extern int printf (const char *, ...);
-extern int dprintf (int, const char *, ...);
-extern void *malloc (size_t);
-
-// Check varargs macros. These examples are taken from C99 6.10.3.5.
-// dprintf is used instead of fprintf to avoid needing to declare
-// FILE and stderr.
-#define debug(...) dprintf (2, __VA_ARGS__)
-#define showlist(...) puts (#__VA_ARGS__)
-#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
-static void
-test_varargs_macros (void)
-{
- int x = 1234;
- int y = 5678;
- debug ("Flag");
- debug ("X = %d\n", x);
- showlist (The first, second, and third items.);
- report (x>y, "x is %d but y is %d", x, y);
-}
-
-// Check long long types.
-#define BIG64 18446744073709551615ull
-#define BIG32 4294967295ul
-#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
-#if !BIG_OK
- #error "your preprocessor is broken"
-#endif
-#if BIG_OK
-#else
- #error "your preprocessor is broken"
-#endif
-static long long int bignum = -9223372036854775807LL;
-static unsigned long long int ubignum = BIG64;
-
-struct incomplete_array
-{
- int datasize;
- double data[];
-};
-
-struct named_init {
- int number;
- const wchar_t *name;
- double average;
-};
-
-typedef const char *ccp;
-
-static inline int
-test_restrict (ccp restrict text)
-{
- // See if C++-style comments work.
- // Iterate through items via the restricted pointer.
- // Also check for declarations in for loops.
- for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i)
- continue;
- return 0;
-}
-
-// Check varargs and va_copy.
-static bool
-test_varargs (const char *format, ...)
-{
- va_list args;
- va_start (args, format);
- va_list args_copy;
- va_copy (args_copy, args);
-
- const char *str = "";
- int number = 0;
- float fnumber = 0;
-
- while (*format)
- {
- switch (*format++)
- {
- case '\''s'\'': // string
- str = va_arg (args_copy, const char *);
- break;
- case '\''d'\'': // int
- number = va_arg (args_copy, int);
- break;
- case '\''f'\'': // float
- fnumber = va_arg (args_copy, double);
- break;
- default:
- break;
- }
- }
- va_end (args_copy);
- va_end (args);
-
- return *str && number && fnumber;
-}
-'
-
-# Test code for whether the C compiler supports C99 (body of main).
-ac_c_conftest_c99_main='
- // Check bool.
- _Bool success = false;
- success |= (argc != 0);
-
- // Check restrict.
- if (test_restrict ("String literal") == 0)
- success = true;
- char *restrict newvar = "Another string";
-
- // Check varargs.
- success &= test_varargs ("s, d'\'' f .", "string", 65, 34.234);
- test_varargs_macros ();
-
- // Check flexible array members.
- struct incomplete_array *ia =
- malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
- ia->datasize = 10;
- for (int i = 0; i < ia->datasize; ++i)
- ia->data[i] = i * 1.234;
-
- // Check named initializers.
- struct named_init ni = {
- .number = 34,
- .name = L"Test wide string",
- .average = 543.34343,
- };
-
- ni.number = 58;
-
- int dynamic_array[ni.number];
- dynamic_array[0] = argv[0][0];
- dynamic_array[ni.number - 1] = 543;
-
- // work around unused variable warnings
- ok |= (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == '\''x'\''
- || dynamic_array[ni.number - 1] != 543);
-'
-
-# Test code for whether the C compiler supports C11 (global declarations)
-ac_c_conftest_c11_globals='
-// Does the compiler advertise C11 conformance?
-#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L
-# error "Compiler does not advertise C11 conformance"
-#endif
-
-// Check _Alignas.
-char _Alignas (double) aligned_as_double;
-char _Alignas (0) no_special_alignment;
-extern char aligned_as_int;
-char _Alignas (0) _Alignas (int) aligned_as_int;
-
-// Check _Alignof.
-enum
-{
- int_alignment = _Alignof (int),
- int_array_alignment = _Alignof (int[100]),
- char_alignment = _Alignof (char)
-};
-_Static_assert (0 < -_Alignof (int), "_Alignof is signed");
-
-// Check _Noreturn.
-int _Noreturn does_not_return (void) { for (;;) continue; }
-
-// Check _Static_assert.
-struct test_static_assert
-{
- int x;
- _Static_assert (sizeof (int) <= sizeof (long int),
- "_Static_assert does not work in struct");
- long int y;
-};
-
-// Check UTF-8 literals.
-#define u8 syntax error!
-char const utf8_literal[] = u8"happens to be ASCII" "another string";
-
-// Check duplicate typedefs.
-typedef long *long_ptr;
-typedef long int *long_ptr;
-typedef long_ptr long_ptr;
-
-// Anonymous structures and unions -- taken from C11 6.7.2.1 Example 1.
-struct anonymous
-{
- union {
- struct { int i; int j; };
- struct { int k; long int l; } w;
- };
- int m;
-} v1;
-'
-
-# Test code for whether the C compiler supports C11 (body of main).
-ac_c_conftest_c11_main='
- _Static_assert ((offsetof (struct anonymous, i)
- == offsetof (struct anonymous, w.k)),
- "Anonymous union alignment botch");
- v1.i = 2;
- v1.w.k = 5;
- ok |= v1.i != 5;
-'
-
-# Test code for whether the C compiler supports C11 (complete).
-ac_c_conftest_c11_program="${ac_c_conftest_c89_globals}
-${ac_c_conftest_c99_globals}
-${ac_c_conftest_c11_globals}
-
-int
-main (int argc, char **argv)
-{
- int ok = 0;
- ${ac_c_conftest_c89_main}
- ${ac_c_conftest_c99_main}
- ${ac_c_conftest_c11_main}
- return ok;
-}
-"
-
-# Test code for whether the C compiler supports C99 (complete).
-ac_c_conftest_c99_program="${ac_c_conftest_c89_globals}
-${ac_c_conftest_c99_globals}
-
-int
-main (int argc, char **argv)
-{
- int ok = 0;
- ${ac_c_conftest_c89_main}
- ${ac_c_conftest_c99_main}
- return ok;
-}
-"
-
-# Test code for whether the C compiler supports C89 (complete).
-ac_c_conftest_c89_program="${ac_c_conftest_c89_globals}
-
-int
-main (int argc, char **argv)
-{
- int ok = 0;
- ${ac_c_conftest_c89_main}
- return ok;
-}
-"
-
-as_fn_append ac_header_c_list " stdio.h stdio_h HAVE_STDIO_H"
-as_fn_append ac_header_c_list " stdlib.h stdlib_h HAVE_STDLIB_H"
-as_fn_append ac_header_c_list " string.h string_h HAVE_STRING_H"
-as_fn_append ac_header_c_list " inttypes.h inttypes_h HAVE_INTTYPES_H"
-as_fn_append ac_header_c_list " stdint.h stdint_h HAVE_STDINT_H"
-as_fn_append ac_header_c_list " strings.h strings_h HAVE_STRINGS_H"
-as_fn_append ac_header_c_list " sys/stat.h sys_stat_h HAVE_SYS_STAT_H"
-as_fn_append ac_header_c_list " sys/types.h sys_types_h HAVE_SYS_TYPES_H"
-as_fn_append ac_header_c_list " unistd.h unistd_h HAVE_UNISTD_H"
-
-# Auxiliary files required by this configure script.
-ac_aux_files="config.guess config.sub ltmain.sh compile missing install-sh"
-
-# Locations in which to look for auxiliary files.
-ac_aux_dir_candidates="${srcdir}${PATH_SEPARATOR}${srcdir}/..${PATH_SEPARATOR}${srcdir}/../.."
-
-# Search for a directory containing all of the required auxiliary files,
-# $ac_aux_files, from the $PATH-style list $ac_aux_dir_candidates.
-# If we don't find one directory that contains all the files we need,
-# we report the set of missing files from the *first* directory in
-# $ac_aux_dir_candidates and give up.
-ac_missing_aux_files=""
-ac_first_candidate=:
-printf "%s\n" "$as_me:${as_lineno-$LINENO}: looking for aux files: $ac_aux_files" >&5
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-as_found=false
-for as_dir in $ac_aux_dir_candidates
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- as_found=:
-
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: trying $as_dir" >&5
- ac_aux_dir_found=yes
- ac_install_sh=
- for ac_aux in $ac_aux_files
- do
- # As a special case, if "install-sh" is required, that requirement
- # can be satisfied by any of "install-sh", "install.sh", or "shtool",
- # and $ac_install_sh is set appropriately for whichever one is found.
- if test x"$ac_aux" = x"install-sh"
- then
- if test -f "${as_dir}install-sh"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install-sh found" >&5
- ac_install_sh="${as_dir}install-sh -c"
- elif test -f "${as_dir}install.sh"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install.sh found" >&5
- ac_install_sh="${as_dir}install.sh -c"
- elif test -f "${as_dir}shtool"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}shtool found" >&5
- ac_install_sh="${as_dir}shtool install -c"
- else
- ac_aux_dir_found=no
- if $ac_first_candidate; then
- ac_missing_aux_files="${ac_missing_aux_files} install-sh"
- else
- break
- fi
- fi
- else
- if test -f "${as_dir}${ac_aux}"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}${ac_aux} found" >&5
- else
- ac_aux_dir_found=no
- if $ac_first_candidate; then
- ac_missing_aux_files="${ac_missing_aux_files} ${ac_aux}"
- else
- break
- fi
- fi
- fi
- done
- if test "$ac_aux_dir_found" = yes; then
- ac_aux_dir="$as_dir"
- break
- fi
- ac_first_candidate=false
-
- as_found=false
-done
-IFS=$as_save_IFS
-if $as_found
-then :
-
-else $as_nop
- as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5
-fi
-
-
-# These three variables are undocumented and unsupported,
-# and are intended to be withdrawn in a future Autoconf release.
-# They can cause serious problems if a builder's source tree is in a directory
-# whose full name contains unusual characters.
-if test -f "${ac_aux_dir}config.guess"; then
- ac_@&t@config_guess="$SHELL ${ac_aux_dir}config.guess"
-fi
-if test -f "${ac_aux_dir}config.sub"; then
- ac_@&t@config_sub="$SHELL ${ac_aux_dir}config.sub"
-fi
-if test -f "$ac_aux_dir/configure"; then
- ac_@&t@configure="$SHELL ${ac_aux_dir}configure"
-fi
-
-# Check that the precious variables saved in the cache have kept the same
-# value.
-ac_cache_corrupted=false
-for ac_var in $ac_precious_vars; do
- eval ac_old_set=\$ac_cv_env_${ac_var}_set
- eval ac_new_set=\$ac_env_${ac_var}_set
- eval ac_old_val=\$ac_cv_env_${ac_var}_value
- eval ac_new_val=\$ac_env_${ac_var}_value
- case $ac_old_set,$ac_new_set in
- set,)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,set)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,);;
- *)
- if test "x$ac_old_val" != "x$ac_new_val"; then
- # differences in whitespace do not lead to failure.
- ac_old_val_w=`echo x $ac_old_val`
- ac_new_val_w=`echo x $ac_new_val`
- if test "$ac_old_val_w" != "$ac_new_val_w"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
- ac_cache_corrupted=:
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
-printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
- eval $ac_var=\$ac_old_val
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
-printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;}
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
-printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;}
- fi;;
- esac
- # Pass precious variables to config.status.
- if test "$ac_new_set" = set; then
- case $ac_new_val in
- *\'*) ac_arg=$ac_var=`printf "%s\n" "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
- *) ac_arg=$ac_var=$ac_new_val ;;
- esac
- case " $ac_configure_args " in
- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
- *) as_fn_append ac_configure_args " '$ac_arg'" ;;
- esac
- fi
-done
-if $ac_cache_corrupted; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
-printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;}
- as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file'
- and start over" "$LINENO" 5
-fi
-## -------------------- ##
-## Main body of script. ##
-## -------------------- ##
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-am__api_version='1.16'
-
-
-
- # Find a good install program. We prefer a C program (faster),
-# so one script is as good as another. But avoid the broken or
-# incompatible versions:
-# SysV /etc/install, /usr/sbin/install
-# SunOS /usr/etc/install
-# IRIX /sbin/install
-# AIX /bin/install
-# AmigaOS /C/install, which installs bootblocks on floppy discs
-# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
-# AFS /usr/afsws/bin/install, which mishandles nonexistent args
-# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
-# OS/2's system install, which has a completely different semantic
-# ./install, which can be erroneously created by make from ./install.sh.
-# Reject install programs that cannot install multiple files.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
-printf %s "checking for a BSD-compatible install... " >&6; }
-if test -z "$INSTALL"; then
-if test ${ac_cv_path_install+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- # Account for fact that we put trailing slashes in our PATH walk.
-case $as_dir in @%:@((
- ./ | /[cC]/* | \
- /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
- ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
- /usr/ucb/* ) ;;
- *)
- # OSF1 and SCO ODT 3.0 have their own names for install.
- # Don't use installbsd from OSF since it installs stuff as root
- # by default.
- for ac_prog in ginstall scoinst install; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext"; then
- if test $ac_prog = install &&
- grep dspmsg "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # AIX install. It has an incompatible calling convention.
- :
- elif test $ac_prog = install &&
- grep pwplus "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # program-specific install script used by HP pwplus--don't use.
- :
- else
- rm -rf conftest.one conftest.two conftest.dir
- echo one > conftest.one
- echo two > conftest.two
- mkdir conftest.dir
- if "$as_dir$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir/" &&
- test -s conftest.one && test -s conftest.two &&
- test -s conftest.dir/conftest.one &&
- test -s conftest.dir/conftest.two
- then
- ac_cv_path_install="$as_dir$ac_prog$ac_exec_ext -c"
- break 3
- fi
- fi
- fi
- done
- done
- ;;
-esac
-
- done
-IFS=$as_save_IFS
-
-rm -rf conftest.one conftest.two conftest.dir
-
-fi
- if test ${ac_cv_path_install+y}; then
- INSTALL=$ac_cv_path_install
- else
- # As a last resort, use the slow shell script. Don't cache a
- # value for INSTALL within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the value is a relative name.
- INSTALL=$ac_install_sh
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
-printf "%s\n" "$INSTALL" >&6; }
-
-# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
-# It thinks the first close brace ends the variable substitution.
-test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
-
-test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
-
-test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
-printf %s "checking whether build environment is sane... " >&6; }
-# Reject unsafe characters in $srcdir or the absolute working directory
-# name. Accept space and tab only in the latter.
-am_lf='
-'
-case `pwd` in
- *[\\\"\#\$\&\'\`$am_lf]*)
- as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;;
-esac
-case $srcdir in
- *[\\\"\#\$\&\'\`$am_lf\ \ ]*)
- as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;;
-esac
-
-# Do 'set' in a subshell so we don't clobber the current shell's
-# arguments. Must try -L first in case configure is actually a
-# symlink; some systems play weird games with the mod time of symlinks
-# (eg FreeBSD returns the mod time of the symlink's containing
-# directory).
-if (
- am_has_slept=no
- for am_try in 1 2; do
- echo "timestamp, slept: $am_has_slept" > conftest.file
- set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
- if test "$*" = "X"; then
- # -L didn't work.
- set X `ls -t "$srcdir/configure" conftest.file`
- fi
- if test "$*" != "X $srcdir/configure conftest.file" \
- && test "$*" != "X conftest.file $srcdir/configure"; then
-
- # If neither matched, then we have a broken ls. This can happen
- # if, for instance, CONFIG_SHELL is bash and it inherits a
- # broken ls alias from the environment. This has actually
- # happened. Such a system could not be considered "sane".
- as_fn_error $? "ls -t appears to fail. Make sure there is not a broken
- alias in your environment" "$LINENO" 5
- fi
- if test "$2" = conftest.file || test $am_try -eq 2; then
- break
- fi
- # Just in case.
- sleep 1
- am_has_slept=yes
- done
- test "$2" = conftest.file
- )
-then
- # Ok.
- :
-else
- as_fn_error $? "newly created file is older than distributed files!
-Check your system clock" "$LINENO" 5
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-# If we didn't sleep, we still need to ensure time stamps of config.status and
-# generated files are strictly newer.
-am_sleep_pid=
-if grep 'slept: no' conftest.file >/dev/null 2>&1; then
- ( sleep 1 ) &
- am_sleep_pid=$!
-fi
-
-rm -f conftest.file
-
-test "$program_prefix" != NONE &&
- program_transform_name="s&^&$program_prefix&;$program_transform_name"
-# Use a double $ so make ignores it.
-test "$program_suffix" != NONE &&
- program_transform_name="s&\$&$program_suffix&;$program_transform_name"
-# Double any \ or $.
-# By default was `s,x,x', remove it if useless.
-ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
-program_transform_name=`printf "%s\n" "$program_transform_name" | sed "$ac_script"`
-
-
-# Expand $ac_aux_dir to an absolute path.
-am_aux_dir=`cd "$ac_aux_dir" && pwd`
-
-
- if test x"${MISSING+set}" != xset; then
- MISSING="\${SHELL} '$am_aux_dir/missing'"
-fi
-# Use eval to expand $SHELL
-if eval "$MISSING --is-lightweight"; then
- am_missing_run="$MISSING "
-else
- am_missing_run=
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5
-printf "%s\n" "$as_me: WARNING: 'missing' script is too old or missing" >&2;}
-fi
-
-if test x"${install_sh+set}" != xset; then
- case $am_aux_dir in
- *\ * | *\ *)
- install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
- *)
- install_sh="\${SHELL} $am_aux_dir/install-sh"
- esac
-fi
-
-# Installed binaries are usually stripped using 'strip' when the user
-# run "make install-strip". However 'strip' might not be the right
-# tool to use in cross-compilation environments, therefore Automake
-# will honor the 'STRIP' environment variable to overrule this program.
-if test "$cross_compiling" != no; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$STRIP"; then
- ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-printf "%s\n" "$STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
- ac_ct_STRIP=$STRIP
- # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_STRIP"; then
- ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_STRIP="strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-printf "%s\n" "$ac_ct_STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_STRIP" = x; then
- STRIP=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- STRIP=$ac_ct_STRIP
- fi
-else
- STRIP="$ac_cv_prog_STRIP"
-fi
-
-fi
-INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a race-free mkdir -p" >&5
-printf %s "checking for a race-free mkdir -p... " >&6; }
-if test -z "$MKDIR_P"; then
- if test ${ac_cv_path_mkdir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in mkdir gmkdir; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext" || continue
- case `"$as_dir$ac_prog$ac_exec_ext" --version 2>&1` in #(
- 'mkdir ('*'coreutils) '* | \
- 'BusyBox '* | \
- 'mkdir (fileutils) '4.1*)
- ac_cv_path_mkdir=$as_dir$ac_prog$ac_exec_ext
- break 3;;
- esac
- done
- done
- done
-IFS=$as_save_IFS
-
-fi
-
- test -d ./--version && rmdir ./--version
- if test ${ac_cv_path_mkdir+y}; then
- MKDIR_P="$ac_cv_path_mkdir -p"
- else
- # As a last resort, use the slow shell script. Don't cache a
- # value for MKDIR_P within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the value is a relative name.
- MKDIR_P="$ac_install_sh -d"
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
-printf "%s\n" "$MKDIR_P" >&6; }
-
-for ac_prog in gawk mawk nawk awk
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_AWK+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$AWK"; then
- ac_cv_prog_AWK="$AWK" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_AWK="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-AWK=$ac_cv_prog_AWK
-if test -n "$AWK"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
-printf "%s\n" "$AWK" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$AWK" && break
-done
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
-printf %s "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
-set x ${MAKE-make}
-ac_make=`printf "%s\n" "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
-if eval test \${ac_cv_prog_make_${ac_make}_set+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat >conftest.make <<\_ACEOF
-SHELL = /bin/sh
-all:
- @echo '@@@%%%=$(MAKE)=@@@%%%'
-_ACEOF
-# GNU make sometimes prints "make[1]: Entering ...", which would confuse us.
-case `${MAKE-make} -f conftest.make 2>/dev/null` in
- *@@@%%%=?*=@@@%%%*)
- eval ac_cv_prog_make_${ac_make}_set=yes;;
- *)
- eval ac_cv_prog_make_${ac_make}_set=no;;
-esac
-rm -f conftest.make
-fi
-if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- SET_MAKE=
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- SET_MAKE="MAKE=${MAKE-make}"
-fi
-
-rm -rf .tst 2>/dev/null
-mkdir .tst 2>/dev/null
-if test -d .tst; then
- am__leading_dot=.
-else
- am__leading_dot=_
-fi
-rmdir .tst 2>/dev/null
-
-@%:@ Check whether --enable-silent-rules was given.
-if test ${enable_silent_rules+y}
-then :
- enableval=$enable_silent_rules;
-fi
-
-case $enable_silent_rules in @%:@ (((
- yes) AM_DEFAULT_VERBOSITY=0;;
- no) AM_DEFAULT_VERBOSITY=1;;
- *) AM_DEFAULT_VERBOSITY=1;;
-esac
-am_make=${MAKE-make}
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5
-printf %s "checking whether $am_make supports nested variables... " >&6; }
-if test ${am_cv_make_support_nested_variables+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if printf "%s\n" 'TRUE=$(BAR$(V))
-BAR0=false
-BAR1=true
-V=1
-am__doit:
- @$(TRUE)
-.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then
- am_cv_make_support_nested_variables=yes
-else
- am_cv_make_support_nested_variables=no
-fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5
-printf "%s\n" "$am_cv_make_support_nested_variables" >&6; }
-if test $am_cv_make_support_nested_variables = yes; then
- AM_V='$(V)'
- AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
-else
- AM_V=$AM_DEFAULT_VERBOSITY
- AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY
-fi
-AM_BACKSLASH='\'
-
-if test "`cd $srcdir && pwd`" != "`pwd`"; then
- # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
- # is not polluted with repeated "-I."
- am__isrc=' -I$(srcdir)'
- # test to see if srcdir already configured
- if test -f $srcdir/config.status; then
- as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5
- fi
-fi
-
-# test whether we have cygpath
-if test -z "$CYGPATH_W"; then
- if (cygpath --version) >/dev/null 2>/dev/null; then
- CYGPATH_W='cygpath -w'
- else
- CYGPATH_W=echo
- fi
-fi
-
-
-# Define the identity of the package.
-
- PACKAGE=libapparmor1
- VERSION=3.1.7
-
-
-printf "%s\n" "@%:@define PACKAGE \"$PACKAGE\"" >>confdefs.h
-
-
-printf "%s\n" "@%:@define VERSION \"$VERSION\"" >>confdefs.h
-
-# Some tools Automake needs.
-
-ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
-
-
-AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
-
-
-AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
-
-
-AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
-
-
-MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
-
-# For better backward compatibility. To be removed once Automake 1.9.x
-# dies out for good. For more background, see:
-# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
-# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
-mkdir_p='$(MKDIR_P)'
-
-# We need awk for the "check" target (and possibly the TAP driver). The
-# system "awk" is bad on some platforms.
-# Always define AMTAR for backward compatibility. Yes, it's still used
-# in the wild :-( We should find a proper way to deprecate it ...
-AMTAR='$${TAR-tar}'
-
-
-# We'll loop over all known methods to create a tar archive until one works.
-_am_tools='gnutar pax cpio none'
-
-am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'
-
-
-
-
-
-# Variables for tags utilities; see am/tags.am
-if test -z "$CTAGS"; then
- CTAGS=ctags
-fi
-
-if test -z "$ETAGS"; then
- ETAGS=etags
-fi
-
-if test -z "$CSCOPE"; then
- CSCOPE=cscope
-fi
-
-
-
-# POSIX will say in a future version that running "rm -f" with no argument
-# is OK; and we want to be able to make that assumption in our Makefile
-# recipes. So use an aggressive probe to check that the usage we want is
-# actually supported "in the wild" to an acceptable degree.
-# See automake bug#10828.
-# To make any issue more visible, cause the running configure to be aborted
-# by default if the 'rm' program in use doesn't match our expectations; the
-# user can still override this though.
-if rm -f && rm -fr && rm -rf; then : OK; else
- cat >&2 <<'END'
-Oops!
-
-Your 'rm' program seems unable to run without file operands specified
-on the command line, even when the '-f' option is present. This is contrary
-to the behaviour of most rm programs out there, and not conforming with
-the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542>
-
-Please tell bug-automake@gnu.org about your system, including the value
-of your $PATH and any error possibly output before this message. This
-can help us improve future automake versions.
-
-END
- if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then
- echo 'Configuration will proceed anyway, since you have set the' >&2
- echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2
- echo >&2
- else
- cat >&2 <<'END'
-Aborting the configuration process, to ensure you take notice of the issue.
-
-You can download and install GNU coreutils to get an 'rm' implementation
-that behaves properly: <https://www.gnu.org/software/coreutils/>.
-
-If you want to complete the configuration process using your problematic
-'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
-to "yes", and re-run configure.
-
-END
- as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5
- fi
-fi
-
-
-
-
-
-
-
-
-
-
-
-DEPDIR="${am__leading_dot}deps"
-
-ac_config_commands="$ac_config_commands depfiles"
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5
-printf %s "checking whether ${MAKE-make} supports the include directive... " >&6; }
-cat > confinc.mk << 'END'
-am__doit:
- @echo this is the am__doit target >confinc.out
-.PHONY: am__doit
-END
-am__include="#"
-am__quote=
-# BSD make does it like this.
-echo '.include "confinc.mk" # ignored' > confmf.BSD
-# Other make implementations (GNU, Solaris 10, AIX) do it like this.
-echo 'include confinc.mk # ignored' > confmf.GNU
-_am_result=no
-for s in GNU BSD; do
- { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5
- (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
- case $?:`cat confinc.out 2>/dev/null` in @%:@(
- '0:this is the am__doit target') :
- case $s in @%:@(
- BSD) :
- am__include='.include' am__quote='"' ;; @%:@(
- *) :
- am__include='include' am__quote='' ;;
-esac ;; @%:@(
- *) :
- ;;
-esac
- if test "$am__include" != "#"; then
- _am_result="yes ($s style)"
- break
- fi
-done
-rm -f confinc.* confmf.*
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5
-printf "%s\n" "${_am_result}" >&6; }
-
-@%:@ Check whether --enable-dependency-tracking was given.
-if test ${enable_dependency_tracking+y}
-then :
- enableval=$enable_dependency_tracking;
-fi
-
-if test "x$enable_dependency_tracking" != xno; then
- am_depcomp="$ac_aux_dir/depcomp"
- AMDEPBACKSLASH='\'
- am__nodep='_no'
-fi
- if test "x$enable_dependency_tracking" != xno; then
- AMDEP_TRUE=
- AMDEP_FALSE='#'
-else
- AMDEP_TRUE='#'
- AMDEP_FALSE=
-fi
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}gcc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="gcc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}cc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- fi
-fi
-if test -z "$CC"; then
- # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
- ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- if test "$as_dir$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
- ac_prog_rejected=yes
- continue
- fi
- ac_cv_prog_CC="cc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-if test $ac_prog_rejected = yes; then
- # We found a bogon in the path, so make sure we never use it.
- set dummy $ac_cv_prog_CC
- shift
- if test $@%:@ != 0; then
- # We chose a different compiler from the bogus one.
- # However, it has the same basename, so the bogon will be chosen
- # first if we set CC to just the basename; use the full file name.
- shift
- ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@"
- fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- for ac_prog in cl.exe
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$CC" && break
- done
-fi
-if test -z "$CC"; then
- ac_ct_CC=$CC
- for ac_prog in cl.exe
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$ac_ct_CC" && break
-done
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-fi
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}clang", so it can be a program name with args.
-set dummy ${ac_tool_prefix}clang; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}clang"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "clang", so it can be a program name with args.
-set dummy clang; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="clang"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-fi
-
-
-test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "no acceptable C compiler found in \$PATH
-See \`config.log' for more details" "$LINENO" 5; }
-
-# Provide some information about the compiler.
-printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
-set X $ac_compile
-ac_compiler=$2
-for ac_option in --version -v -V -qversion -version; do
- { { ac_try="$ac_compiler $ac_option >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compiler $ac_option >&5") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- sed '10a\
-... rest of stderr output deleted ...
- 10q' conftest.err >conftest.er1
- cat conftest.er1 >&5
- fi
- rm -f conftest.er1 conftest.err
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-done
-
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
-# Try to create an executable without -o first, disregard a.out.
-# It will help us diagnose broken compilers, and finding out an intuition
-# of exeext.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
-printf %s "checking whether the C compiler works... " >&6; }
-ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-
-# The possible output files:
-ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
-
-ac_rmfiles=
-for ac_file in $ac_files
-do
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- * ) ac_rmfiles="$ac_rmfiles $ac_file";;
- esac
-done
-rm -f $ac_rmfiles
-
-if { { ac_try="$ac_link_default"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link_default") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-then :
- # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
-# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
-# in a Makefile. We should not override ac_cv_exeext if it was cached,
-# so that the user can short-circuit this test for compilers unknown to
-# Autoconf.
-for ac_file in $ac_files ''
-do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
- ;;
- [ab].out )
- # We found the default executable, but exeext='' is most
- # certainly right.
- break;;
- *.* )
- if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no;
- then :; else
- ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- fi
- # We set ac_cv_exeext here because the later test for it is not
- # safe: cross compilers may not add the suffix if given an `-o'
- # argument, so we may need to know it at that point already.
- # Even if this section looks crufty: it has the advantage of
- # actually working.
- break;;
- * )
- break;;
- esac
-done
-test "$ac_cv_exeext" = no && ac_cv_exeext=
-
-else $as_nop
- ac_file=''
-fi
-if test -z "$ac_file"
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "C compiler cannot create executables
-See \`config.log' for more details" "$LINENO" 5; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
-printf %s "checking for C compiler default output file name... " >&6; }
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
-printf "%s\n" "$ac_file" >&6; }
-ac_exeext=$ac_cv_exeext
-
-rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
-ac_clean_files=$ac_clean_files_save
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
-printf %s "checking for suffix of executables... " >&6; }
-if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-then :
- # If both `conftest.exe' and `conftest' are `present' (well, observable)
-# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
-# work properly (i.e., refer to `conftest.exe'), while it won't with
-# `rm'.
-for ac_file in conftest.exe conftest conftest.*; do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- break;;
- * ) break;;
- esac
-done
-else $as_nop
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-rm -f conftest conftest$ac_cv_exeext
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
-printf "%s\n" "$ac_cv_exeext" >&6; }
-
-rm -f conftest.$ac_ext
-EXEEXT=$ac_cv_exeext
-ac_exeext=$EXEEXT
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-@%:@include <stdio.h>
-int
-main (void)
-{
-FILE *f = fopen ("conftest.out", "w");
- return ferror (f) || fclose (f) != 0;
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files="$ac_clean_files conftest.out"
-# Check that the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
-printf %s "checking whether we are cross compiling... " >&6; }
-if test "$cross_compiling" != yes; then
- { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if { ac_try='./conftest$ac_cv_exeext'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then
- cross_compiling=no
- else
- if test "$cross_compiling" = maybe; then
- cross_compiling=yes
- else
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details" "$LINENO" 5; }
- fi
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
-printf "%s\n" "$cross_compiling" >&6; }
-
-rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
-ac_clean_files=$ac_clean_files_save
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
-printf %s "checking for suffix of object files... " >&6; }
-if test ${ac_cv_objext+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.o conftest.obj
-if { { ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-then :
- for ac_file in conftest.o conftest.obj conftest.*; do
- test -f "$ac_file" || continue;
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
- *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
- break;;
- esac
-done
-else $as_nop
- printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot compute suffix of object files: cannot compile
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-rm -f conftest.$ac_cv_objext conftest.$ac_ext
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
-printf "%s\n" "$ac_cv_objext" >&6; }
-OBJEXT=$ac_cv_objext
-ac_objext=$OBJEXT
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5
-printf %s "checking whether the compiler supports GNU C... " >&6; }
-if test ${ac_cv_c_compiler_gnu+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-#ifndef __GNUC__
- choke me
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_compiler_gnu=yes
-else $as_nop
- ac_compiler_gnu=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
-printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; }
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-if test $ac_compiler_gnu = yes; then
- GCC=yes
-else
- GCC=
-fi
-ac_test_CFLAGS=${CFLAGS+y}
-ac_save_CFLAGS=$CFLAGS
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
-printf %s "checking whether $CC accepts -g... " >&6; }
-if test ${ac_cv_prog_cc_g+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_save_c_werror_flag=$ac_c_werror_flag
- ac_c_werror_flag=yes
- ac_cv_prog_cc_g=no
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_g=yes
-else $as_nop
- CFLAGS=""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-else $as_nop
- ac_c_werror_flag=$ac_save_c_werror_flag
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_g=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- ac_c_werror_flag=$ac_save_c_werror_flag
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
-printf "%s\n" "$ac_cv_prog_cc_g" >&6; }
-if test $ac_test_CFLAGS; then
- CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
- CFLAGS="-g -O2"
- else
- CFLAGS="-g"
- fi
-else
- if test "$GCC" = yes; then
- CFLAGS="-O2"
- else
- CFLAGS=
- fi
-fi
-ac_prog_cc_stdc=no
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5
-printf %s "checking for $CC option to enable C11 features... " >&6; }
-if test ${ac_cv_prog_cc_c11+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c11=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c11_program
-_ACEOF
-for ac_arg in '' -std=gnu11
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c11=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c11" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c11" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c11" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
-printf "%s\n" "$ac_cv_prog_cc_c11" >&6; }
- CC="$CC $ac_cv_prog_cc_c11"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11
- ac_prog_cc_stdc=c11
-fi
-fi
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5
-printf %s "checking for $CC option to enable C99 features... " >&6; }
-if test ${ac_cv_prog_cc_c99+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c99=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c99_program
-_ACEOF
-for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99=
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c99=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c99" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c99" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c99" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
-printf "%s\n" "$ac_cv_prog_cc_c99" >&6; }
- CC="$CC $ac_cv_prog_cc_c99"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99
- ac_prog_cc_stdc=c99
-fi
-fi
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5
-printf %s "checking for $CC option to enable C89 features... " >&6; }
-if test ${ac_cv_prog_cc_c89+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c89=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c89_program
-_ACEOF
-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c89=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c89" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c89" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c89" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
-printf "%s\n" "$ac_cv_prog_cc_c89" >&6; }
- CC="$CC $ac_cv_prog_cc_c89"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89
- ac_prog_cc_stdc=c89
-fi
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
-printf %s "checking whether $CC understands -c and -o together... " >&6; }
-if test ${am_cv_prog_cc_c_o+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
- # Make sure it works both with $CC and with simple cc.
- # Following AC_PROG_CC_C_O, we do the test twice because some
- # compilers refuse to overwrite an existing .o file with -o,
- # though they will create one.
- am_cv_prog_cc_c_o=yes
- for am_i in 1 2; do
- if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5
- ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } \
- && test -f conftest2.$ac_objext; then
- : OK
- else
- am_cv_prog_cc_c_o=no
- break
- fi
- done
- rm -f core conftest*
- unset am_i
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
-printf "%s\n" "$am_cv_prog_cc_c_o" >&6; }
-if test "$am_cv_prog_cc_c_o" != yes; then
- # Losing compiler, so override with the script.
- # FIXME: It is wrong to rewrite CC.
- # But if we don't then we get into trouble of one sort or another.
- # A longer-term fix would be to have automake use am__CC in this case,
- # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
- CC="$am_aux_dir/compile $CC"
-fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-depcc="$CC" am_compiler_list=
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
-printf %s "checking dependency style of $depcc... " >&6; }
-if test ${am_cv_CC_dependencies_compiler_type+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
- # We make a subdir and do the tests there. Otherwise we can end up
- # making bogus files that we don't know about and never remove. For
- # instance it was reported that on HP-UX the gcc test will end up
- # making a dummy file named 'D' -- because '-MD' means "put the output
- # in D".
- rm -rf conftest.dir
- mkdir conftest.dir
- # Copy depcomp to subdir because otherwise we won't find it if we're
- # using a relative directory.
- cp "$am_depcomp" conftest.dir
- cd conftest.dir
- # We will build objects and dependencies in a subdirectory because
- # it helps to detect inapplicable dependency modes. For instance
- # both Tru64's cc and ICC support -MD to output dependencies as a
- # side effect of compilation, but ICC will put the dependencies in
- # the current directory while Tru64 will put them in the object
- # directory.
- mkdir sub
-
- am_cv_CC_dependencies_compiler_type=none
- if test "$am_compiler_list" = ""; then
- am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
- fi
- am__universal=false
- case " $depcc " in #(
- *\ -arch\ *\ -arch\ *) am__universal=true ;;
- esac
-
- for depmode in $am_compiler_list; do
- # Setup a source with many dependencies, because some compilers
- # like to wrap large dependency lists on column 80 (with \), and
- # we should not choose a depcomp mode which is confused by this.
- #
- # We need to recreate these files for each test, as the compiler may
- # overwrite some of them when testing with obscure command lines.
- # This happens at least with the AIX C compiler.
- : > sub/conftest.c
- for i in 1 2 3 4 5 6; do
- echo '#include "conftst'$i'.h"' >> sub/conftest.c
- # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with
- # Solaris 10 /bin/sh.
- echo '/* dummy */' > sub/conftst$i.h
- done
- echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
-
- # We check with '-c' and '-o' for the sake of the "dashmstdout"
- # mode. It turns out that the SunPro C++ compiler does not properly
- # handle '-M -o', and we need to detect this. Also, some Intel
- # versions had trouble with output in subdirs.
- am__obj=sub/conftest.${OBJEXT-o}
- am__minus_obj="-o $am__obj"
- case $depmode in
- gcc)
- # This depmode causes a compiler race in universal mode.
- test "$am__universal" = false || continue
- ;;
- nosideeffect)
- # After this tag, mechanisms are not by side-effect, so they'll
- # only be used when explicitly requested.
- if test "x$enable_dependency_tracking" = xyes; then
- continue
- else
- break
- fi
- ;;
- msvc7 | msvc7msys | msvisualcpp | msvcmsys)
- # This compiler won't grok '-c -o', but also, the minuso test has
- # not run yet. These depmodes are late enough in the game, and
- # so weak that their functioning should not be impacted.
- am__obj=conftest.${OBJEXT-o}
- am__minus_obj=
- ;;
- none) break ;;
- esac
- if depmode=$depmode \
- source=sub/conftest.c object=$am__obj \
- depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
- $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
- >/dev/null 2>conftest.err &&
- grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
- grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
- ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
- # icc doesn't choke on unknown options, it will just issue warnings
- # or remarks (even with -Werror). So we grep stderr for any message
- # that says an option was ignored or not supported.
- # When given -MP, icc 7.0 and 7.1 complain thusly:
- # icc: Command line warning: ignoring option '-M'; no argument required
- # The diagnosis changed in icc 8.0:
- # icc: Command line remark: option '-MP' not supported
- if (grep 'ignoring option' conftest.err ||
- grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
- am_cv_CC_dependencies_compiler_type=$depmode
- break
- fi
- fi
- done
-
- cd ..
- rm -rf conftest.dir
-else
- am_cv_CC_dependencies_compiler_type=none
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
-printf "%s\n" "$am_cv_CC_dependencies_compiler_type" >&6; }
-CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
-
- if
- test "x$enable_dependency_tracking" != xno \
- && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
- am__fastdepCC_TRUE=
- am__fastdepCC_FALSE='#'
-else
- am__fastdepCC_TRUE='#'
- am__fastdepCC_FALSE=
-fi
-
-
-
-for ac_prog in flex lex
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_LEX+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$LEX"; then
- ac_cv_prog_LEX="$LEX" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_LEX="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-LEX=$ac_cv_prog_LEX
-if test -n "$LEX"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LEX" >&5
-printf "%s\n" "$LEX" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$LEX" && break
-done
-test -n "$LEX" || LEX=":"
-
- if test "x$LEX" != "x:"; then
- cat >conftest.l <<_ACEOF
-%{
-#ifdef __cplusplus
-extern "C"
-#endif
-int yywrap(void);
-%}
-%%
-a { ECHO; }
-b { REJECT; }
-c { yymore (); }
-d { yyless (1); }
-e { /* IRIX 6.5 flex 2.5.4 underquotes its yyless argument. */
-#ifdef __cplusplus
- yyless ((yyinput () != 0));
-#else
- yyless ((input () != 0));
-#endif
- }
-f { unput (yytext[0]); }
-. { BEGIN INITIAL; }
-%%
-#ifdef YYTEXT_POINTER
-extern char *yytext;
-#endif
-int
-yywrap (void)
-{
- return 1;
-}
-int
-main (void)
-{
- return ! yylex ();
-}
-_ACEOF
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex output file root" >&5
-printf %s "checking for lex output file root... " >&6; }
-if test ${ac_cv_prog_lex_root+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
-ac_cv_prog_lex_root=unknown
-{ { ac_try="$LEX conftest.l"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$LEX conftest.l") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } &&
-if test -f lex.yy.c; then
- ac_cv_prog_lex_root=lex.yy
-elif test -f lexyy.c; then
- ac_cv_prog_lex_root=lexyy
-fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5
-printf "%s\n" "$ac_cv_prog_lex_root" >&6; }
-if test "$ac_cv_prog_lex_root" = unknown
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cannot find output from $LEX; giving up on $LEX" >&5
-printf "%s\n" "$as_me: WARNING: cannot find output from $LEX; giving up on $LEX" >&2;}
- LEX=: LEXLIB=
-fi
-LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root
-
-if test ${LEXLIB+y}
-then :
-
-else $as_nop
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex library" >&5
-printf %s "checking for lex library... " >&6; }
-if test ${ac_cv_lib_lex+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
- ac_save_LIBS="$LIBS"
- ac_found=false
- for ac_cv_lib_lex in 'none needed' -lfl -ll 'not found'; do
- case $ac_cv_lib_lex in @%:@(
- 'none needed') :
- ;; @%:@(
- 'not found') :
- break ;; @%:@(
- *) :
- LIBS="$ac_cv_lib_lex $ac_save_LIBS" ;; @%:@(
- *) :
- ;;
-esac
-
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-`cat $LEX_OUTPUT_ROOT.c`
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_found=:
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- if $ac_found; then
- break
- fi
- done
- LIBS="$ac_save_LIBS"
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5
-printf "%s\n" "$ac_cv_lib_lex" >&6; }
- if test "$ac_cv_lib_lex" = 'not found'
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: required lex library not found; giving up on $LEX" >&5
-printf "%s\n" "$as_me: WARNING: required lex library not found; giving up on $LEX" >&2;}
- LEX=: LEXLIB=
-elif test "$ac_cv_lib_lex" = 'none needed'
-then :
- LEXLIB=''
-else $as_nop
- LEXLIB=$ac_cv_lib_lex
-fi
- ac_save_LIBS="$LIBS"
- LIBS=
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing yywrap" >&5
-printf %s "checking for library containing yywrap... " >&6; }
-if test ${ac_cv_search_yywrap+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char yywrap ();
-int
-main (void)
-{
-return yywrap ();
- ;
- return 0;
-}
-_ACEOF
-for ac_lib in '' fl l
-do
- if test -z "$ac_lib"; then
- ac_res="none required"
- else
- ac_res=-l$ac_lib
- LIBS="-l$ac_lib $ac_func_search_save_LIBS"
- fi
- if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_search_yywrap=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext
- if test ${ac_cv_search_yywrap+y}
-then :
- break
-fi
-done
-if test ${ac_cv_search_yywrap+y}
-then :
-
-else $as_nop
- ac_cv_search_yywrap=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_yywrap" >&5
-printf "%s\n" "$ac_cv_search_yywrap" >&6; }
-ac_res=$ac_cv_search_yywrap
-if test "$ac_res" != no
-then :
- test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
- LEXLIB="$LIBS"
-fi
-
- LIBS="$ac_save_LIBS"
-fi
-
-
-if test "$LEX" != :
-then :
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether yytext is a pointer" >&5
-printf %s "checking whether yytext is a pointer... " >&6; }
-if test ${ac_cv_prog_lex_yytext_pointer+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- # POSIX says lex can declare yytext either as a pointer or an array; the
-# default is implementation-dependent. Figure out which it is, since
-# not all implementations provide the %pointer and %array declarations.
-ac_cv_prog_lex_yytext_pointer=no
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
- #define YYTEXT_POINTER 1
-`cat $LEX_OUTPUT_ROOT.c`
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_lex_yytext_pointer=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5
-printf "%s\n" "$ac_cv_prog_lex_yytext_pointer" >&6; }
-if test $ac_cv_prog_lex_yytext_pointer = yes; then
-
-printf "%s\n" "@%:@define YYTEXT_POINTER 1" >>confdefs.h
-
-fi
-
-fi
-rm -f conftest.l $LEX_OUTPUT_ROOT.c
-
-fi
-if test "$LEX" = :; then
- LEX=${am_missing_run}flex
-fi
-for ac_prog in 'bison -y' byacc
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_YACC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$YACC"; then
- ac_cv_prog_YACC="$YACC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_YACC="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-YACC=$ac_cv_prog_YACC
-if test -n "$YACC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5
-printf "%s\n" "$YACC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$YACC" && break
-done
-test -n "$YACC" || YACC="yacc"
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
-printf %s "checking for a sed that does not truncate output... " >&6; }
-if test ${ac_cv_path_SED+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
- for ac_i in 1 2 3 4 5 6 7; do
- ac_script="$ac_script$as_nl$ac_script"
- done
- echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
- { ac_script=; unset ac_script;}
- if test -z "$SED"; then
- ac_path_SED_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in sed gsed
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_SED" || continue
-# Check for GNU ac_path_SED and select it if it is found.
- # Check for GNU $ac_path_SED
-case `"$ac_path_SED" --version 2>&1` in
-*GNU*)
- ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" '' >> "conftest.nl"
- "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_SED_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_SED="$ac_path_SED"
- ac_path_SED_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_SED_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_SED"; then
- as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
- fi
-else
- ac_cv_path_SED=$SED
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
-printf "%s\n" "$ac_cv_path_SED" >&6; }
- SED="$ac_cv_path_SED"
- rm -f conftest.sed
-
-
-
-
-
-
-
-
-if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
-set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PKG_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PKG_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PKG_CONFIG=$ac_cv_path_PKG_CONFIG
-if test -n "$PKG_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
-printf "%s\n" "$PKG_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_path_PKG_CONFIG"; then
- ac_pt_PKG_CONFIG=$PKG_CONFIG
- # Extract the first word of "pkg-config", so it can be a program name with args.
-set dummy pkg-config; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_ac_pt_PKG_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $ac_pt_PKG_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_ac_pt_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
-if test -n "$ac_pt_PKG_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
-printf "%s\n" "$ac_pt_PKG_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_pt_PKG_CONFIG" = x; then
- PKG_CONFIG=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- PKG_CONFIG=$ac_pt_PKG_CONFIG
- fi
-else
- PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
-fi
-
-fi
-if test -n "$PKG_CONFIG"; then
- _pkg_min_version=0.9.0
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
-printf %s "checking pkg-config is at least version $_pkg_min_version... " >&6; }
- if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- PKG_CONFIG=""
- fi
-fi
-
-# Extract the first word of "swig", so it can be a program name with args.
-set dummy swig; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_SWIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $SWIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_SWIG="$SWIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_SWIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-SWIG=$ac_cv_path_SWIG
-if test -n "$SWIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SWIG" >&5
-printf "%s\n" "$SWIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor debug output should be enabled" >&5
-printf %s "checking whether the libapparmor debug output should be enabled... " >&6; }
-@%:@ Check whether --enable-debug_output was given.
-if test ${enable_debug_output+y}
-then :
- enableval=$enable_debug_output; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-printf "%s\n" "$enableval" >&6; }
-else $as_nop
- enable_debug_output=no
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_debug_output" >&5
-printf "%s\n" "$enable_debug_output" >&6; }
-fi
-
-if test "$enable_debug_output" = "yes"
-then :
-
-printf "%s\n" "@%:@define ENABLE_DEBUG_OUTPUT 1" >>confdefs.h
-
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor man pages should be generated" >&5
-printf %s "checking whether the libapparmor man pages should be generated... " >&6; }
-@%:@ Check whether --enable-man_pages was given.
-if test ${enable_man_pages+y}
-then :
- enableval=$enable_man_pages; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-printf "%s\n" "$enableval" >&6; }
-else $as_nop
- enable_man_pages=yes
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_man_pages" >&5
-printf "%s\n" "$enable_man_pages" >&6; }
-fi
-
-if test "$enable_man_pages" = "yes"; then
-
-
-
- # Extract the first word of "podchecker", so it can be a program name with args.
-set dummy podchecker; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_PODCHECKER+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$PODCHECKER"; then
- ac_cv_prog_PODCHECKER="$PODCHECKER" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_PODCHECKER="podchecker"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- test -z "$ac_cv_prog_PODCHECKER" && ac_cv_prog_PODCHECKER="no"
-fi
-fi
-PODCHECKER=$ac_cv_prog_PODCHECKER
-if test -n "$PODCHECKER"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PODCHECKER" >&5
-printf "%s\n" "$PODCHECKER" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- if test "$PODCHECKER" = "no"; then
- as_fn_error $? "
-The podchecker program was not found in the default path. podchecker is part of
-Perl, which can be retrieved from:
-
- https://www.perl.org
-" "$LINENO" 5
- fi
-
-
-
-
-
- # Extract the first word of "pod2man", so it can be a program name with args.
-set dummy pod2man; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_POD2MAN+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$POD2MAN"; then
- ac_cv_prog_POD2MAN="$POD2MAN" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_POD2MAN="pod2man"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- test -z "$ac_cv_prog_POD2MAN" && ac_cv_prog_POD2MAN="no"
-fi
-fi
-POD2MAN=$ac_cv_prog_POD2MAN
-if test -n "$POD2MAN"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $POD2MAN" >&5
-printf "%s\n" "$POD2MAN" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- if test "$POD2MAN" = "no"; then
- as_fn_error $? "
-The pod2man program was not found in the default path. pod2man is part of
-Perl, which can be retrieved from:
-
- https://www.perl.org
-" "$LINENO" 5
- fi
-
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether python bindings are enabled" >&5
-printf %s "checking whether python bindings are enabled... " >&6; }
-
-@%:@ Check whether --with-python was given.
-if test ${with_python+y}
-then :
- withval=$with_python; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-printf "%s\n" "$withval" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-if test "$with_python" = "yes"; then
- test -z "$SWIG" && as_fn_error $? "swig is required when enabling python bindings" "$LINENO" 5
- # Extract the first word of "python3", so it can be a program name with args.
-set dummy python3; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PYTHON+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PYTHON in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PYTHON=$ac_cv_path_PYTHON
-if test -n "$PYTHON"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-printf "%s\n" "$PYTHON" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -z "$PYTHON" && as_fn_error $? "python is required when enabling python bindings" "$LINENO" 5
-
-
-
- #
- # Allow the use of a (user set) custom python version
- #
-
-
- # Extract the first word of "python[$PYTHON_VERSION]", so it can be a program name with args.
-set dummy python$PYTHON_VERSION; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PYTHON+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PYTHON in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PYTHON=$ac_cv_path_PYTHON
-if test -n "$PYTHON"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-printf "%s\n" "$PYTHON" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- if test -z "$PYTHON"; then
- as_fn_error $? "Cannot find python$PYTHON_VERSION in your system path" "$LINENO" 5
- PYTHON_VERSION=""
- fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}`basename [$PYTHON]-config`", so it can be a program name with args.
-set dummy ${ac_tool_prefix}`basename $PYTHON-config`; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PYTHON_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PYTHON_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PYTHON_CONFIG="$PYTHON_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PYTHON_CONFIG=$ac_cv_path_PYTHON_CONFIG
-if test -n "$PYTHON_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CONFIG" >&5
-printf "%s\n" "$PYTHON_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_path_PYTHON_CONFIG"; then
- ac_pt_PYTHON_CONFIG=$PYTHON_CONFIG
- # Extract the first word of "`basename [$PYTHON]-config`", so it can be a program name with args.
-set dummy `basename $PYTHON-config`; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_ac_pt_PYTHON_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $ac_pt_PYTHON_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_ac_pt_PYTHON_CONFIG="$ac_pt_PYTHON_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_ac_pt_PYTHON_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-ac_pt_PYTHON_CONFIG=$ac_cv_path_ac_pt_PYTHON_CONFIG
-if test -n "$ac_pt_PYTHON_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PYTHON_CONFIG" >&5
-printf "%s\n" "$ac_pt_PYTHON_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_pt_PYTHON_CONFIG" = x; then
- PYTHON_CONFIG=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- PYTHON_CONFIG=$ac_pt_PYTHON_CONFIG
- fi
-else
- PYTHON_CONFIG="$ac_cv_path_PYTHON_CONFIG"
-fi
-
- if test -z "$PYTHON_CONFIG"; then
- as_fn_error $? "Cannot find python$PYTHON_VERSION-config in your system path" "$LINENO" 5
- fi
-
- #
- # Check for a version of Python >= 2.1.0
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a version of Python >= '2.1.0'" >&5
-printf %s "checking for a version of Python >= '2.1.0'... " >&6; }
- ac_supports_python_ver=`$PYTHON -c "import sys; \
- ver = sys.version.split()[0]; \
- sys.stdout.write(str(ver >= '2.1.0'))"`
- if test "$ac_supports_python_ver" != "True"; then
- if test -z "$PYTHON_NOVERSIONCHECK"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "
-This version of the AC@&t@_PYTHON_DEVEL macro
-doesn't work properly with versions of Python before
-2.1.0. You may need to re-run configure, setting the
-variables PYTHON_CPPFLAGS, PYTHON_LDFLAGS, PYTHON_SITE_PKG,
-PYTHON_EXTRA_LIBS and PYTHON_EXTRA_LDFLAGS by hand.
-Moreover, to disable this check, set PYTHON_NOVERSIONCHECK
-to something else than an empty string.
-
-See \`config.log' for more details" "$LINENO" 5; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: skip at user request" >&5
-printf "%s\n" "skip at user request" >&6; }
- fi
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- fi
-
- #
- # if the macro parameter ``version'' is set, honour it
- #
- if test -n ""; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a version of Python " >&5
-printf %s "checking for a version of Python ... " >&6; }
- ac_supports_python_ver=`$PYTHON -c "import sys; \
- ver = sys.version.split()[0]; \
- sys.stdout.write("%s\n" % (ver == ))"`
- if test "$ac_supports_python_ver" = "True"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- as_fn_error $? "this package requires Python .
-If you have it installed, but it isn't the default Python
-interpreter in your system path, please pass the PYTHON_VERSION
-variable to configure. See \`\`configure --help'' for reference.
-" "$LINENO" 5
- PYTHON_VERSION=""
- fi
- fi
-
- #
- # Check if you have setuptools, else fail
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for the setuptools Python package" >&5
-printf %s "checking for the setuptools Python package... " >&6; }
- ac_setuptools_result=`$PYTHON -c "import setuptools" 2>&1`
- if test -z "$ac_setuptools_result"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- as_fn_error $? "cannot import Python module \"setuptools\".
-Please check your Python installation. The error was:
-$ac_setuptools_result" "$LINENO" 5
- PYTHON_VERSION=""
- fi
-
- #
- # Check for Python include path
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python include path" >&5
-printf %s "checking for Python include path... " >&6; }
- if type $PYTHON_CONFIG; then
- PYTHON_CPPFLAGS=`$PYTHON_CONFIG --includes`
- fi
- if test -z "$PYTHON_CPPFLAGS"; then
- python_path=`$PYTHON -c "import sys; import sysconfig;\
-sys.stdout.write('%s\n' % sysconfig.get_path('include'));"`
- if test -n "${python_path}"; then
- python_path="-I$python_path"
- fi
- PYTHON_CPPFLAGS=$python_path
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CPPFLAGS" >&5
-printf "%s\n" "$PYTHON_CPPFLAGS" >&6; }
-
-
- #
- # Check for Python library path
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python library path" >&5
-printf %s "checking for Python library path... " >&6; }
- if type $PYTHON_CONFIG; then
- PYTHON_LDFLAGS=`$PYTHON_CONFIG --ldflags`
- fi
- if test -z "$PYTHON_LDFLAGS"; then
- # (makes two attempts to ensure we've got a version number
- # from the interpreter)
- py_version=`$PYTHON -c "import sys; import sysconfig; \
-sys.stdout.write('%s\n' % ''.join(sysconfig.get_config_vars('VERSION')))"`
- if test "$py_version" == "None"; then
- if test -n "$PYTHON_VERSION"; then
- py_version=$PYTHON_VERSION
- else
- py_version=`$PYTHON -c "import sys; \
-sys.stdout.write("%s\n" % sys.version[:3])"`
- fi
- fi
-
- PYTHON_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
-sys.stdout.write('-L' + sysconfig.get_path('stdlib') + ' -lpython\n')"`$py_version`$PYTHON -c \
-"import sys; sys.stdout.write('%s' % getattr(sys,'abiflags',''))"`
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LDFLAGS" >&5
-printf "%s\n" "$PYTHON_LDFLAGS" >&6; }
-
-
- #
- # Check for site packages
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python site-packages path" >&5
-printf %s "checking for Python site-packages path... " >&6; }
- if test -z "$PYTHON_SITE_PKG"; then
- PYTHON_SITE_PKG=`$PYTHON -c "import sys; import sysconfig; \
-sys.stdout.write('%s\n' % sysconfig.get_path('purelib'));"`
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_SITE_PKG" >&5
-printf "%s\n" "$PYTHON_SITE_PKG" >&6; }
-
-
- #
- # libraries which must be linked in when embedding
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking python extra libraries" >&5
-printf %s "checking python extra libraries... " >&6; }
- if type $PYTHON_CONFIG; then
- PYTHON_EXTRA_LIBS=`$PYTHON_CONFIG --libs --embed` || \
- PYTHON_EXTRA_LIBS=''
- fi
- if test -z "$PYTHON_EXTRA_LIBS"; then
- PYTHON_EXTRA_LIBS=`$PYTHON -c "import sys; import sysconfig; \
-conf = sysconfig.get_config_var; \
-sys.stdout.write('%s %s %s\n' % (conf('BLDLIBRARY'), conf('LOCALMODLIBS'), conf('LIBS')))"`
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LIBS" >&5
-printf "%s\n" "$PYTHON_EXTRA_LIBS" >&6; }
-
-
- #
- # linking flags needed when embedding
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking python extra linking flags" >&5
-printf %s "checking python extra linking flags... " >&6; }
- if type $PYTHON_CONFIG; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON_CONFIG --ldflags --embed` || \
- PYTHON_EXTRA_LDFLAGS=''
- fi
- if test -z "$PYTHON_EXTRA_LDFLAGS"; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
-conf = sysconfig.get_config_var; \
-sys.stdout.write('%s\n' % conf('LINKFORSHARED'))"`
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LDFLAGS" >&5
-printf "%s\n" "$PYTHON_EXTRA_LDFLAGS" >&6; }
-
-
- #
- # final check to see if everything compiles alright
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking consistency of all components of python development environment" >&5
-printf %s "checking consistency of all components of python development environment... " >&6; }
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- # save current global flags
- ac_save_LIBS="$LIBS"
- ac_save_CPPFLAGS="$CPPFLAGS"
- LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
- CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
- #include <Python.h>
-
-int
-main (void)
-{
-
- Py_Initialize();
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- pythonexists=yes
-else $as_nop
- pythonexists=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $pythonexists" >&5
-printf "%s\n" "$pythonexists" >&6; }
-
- if test ! "$pythonexists" = "yes"; then
- as_fn_error $? "
- Could not link test program to Python. Maybe the main Python library has been
- installed in some non-standard library path. If so, pass it to configure,
- via the LDFLAGS environment variable.
- Example: ./configure LDFLAGS=\"-L/usr/non-standard-path/python/lib\"
- ============================================================================
- ERROR!
- You probably have to install the development version of the Python package
- for your distribution. The exact name of this package varies among them.
- ============================================================================
- " "$LINENO" 5
- PYTHON_VERSION=""
- fi
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- # turn back to default flags
- CPPFLAGS="$ac_save_CPPFLAGS"
- LIBS="$ac_save_LIBS"
-
- #
- # all done!
- #
-
-
-
-
-
-
-
- if test -n "$PYTHON"; then
- # If the user set $PYTHON, use it and don't search something else.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version is >= 3.0" >&5
-printf %s "checking whether $PYTHON version is >= 3.0... " >&6; }
- prog="import sys
-# split strings by '.' and convert to numeric. Append some zeros
-# because we need at least 4 digits for the hex conversion.
-# map returns an iterator in Python 3.0 and a list in 2.x
-minver = list(map(int, '3.0'.split('.'))) + [0, 0, 0]
-minverhex = 0
-# xrange is not present in Python 3.0 and range returns an iterator
-for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i]
-sys.exit(sys.hexversion < minverhex)"
- if { echo "$as_me:$LINENO: $PYTHON -c "$prog"" >&5
- ($PYTHON -c "$prog") >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- as_fn_error $? "Python interpreter is too old" "$LINENO" 5
-fi
- am_display_PYTHON=$PYTHON
- else
- # Otherwise, try each interpreter until we find one that satisfies
- # VERSION.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a Python interpreter with version >= 3.0" >&5
-printf %s "checking for a Python interpreter with version >= 3.0... " >&6; }
-if test ${am_cv_pathless_PYTHON+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
- for am_cv_pathless_PYTHON in python python2 python3 python3.11 python3.10 python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do
- test "$am_cv_pathless_PYTHON" = none && break
- prog="import sys
-# split strings by '.' and convert to numeric. Append some zeros
-# because we need at least 4 digits for the hex conversion.
-# map returns an iterator in Python 3.0 and a list in 2.x
-minver = list(map(int, '3.0'.split('.'))) + [0, 0, 0]
-minverhex = 0
-# xrange is not present in Python 3.0 and range returns an iterator
-for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i]
-sys.exit(sys.hexversion < minverhex)"
- if { echo "$as_me:$LINENO: $am_cv_pathless_PYTHON -c "$prog"" >&5
- ($am_cv_pathless_PYTHON -c "$prog") >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-then :
- break
-fi
- done
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_pathless_PYTHON" >&5
-printf "%s\n" "$am_cv_pathless_PYTHON" >&6; }
- # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON.
- if test "$am_cv_pathless_PYTHON" = none; then
- PYTHON=:
- else
- # Extract the first word of "$am_cv_pathless_PYTHON", so it can be a program name with args.
-set dummy $am_cv_pathless_PYTHON; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PYTHON+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PYTHON in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PYTHON=$ac_cv_path_PYTHON
-if test -n "$PYTHON"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-printf "%s\n" "$PYTHON" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- fi
- am_display_PYTHON=$am_cv_pathless_PYTHON
- fi
-
-
- if test "$PYTHON" = :; then
- as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5
- else
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5
-printf %s "checking for $am_display_PYTHON version... " >&6; }
-if test ${am_cv_python_version+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- am_cv_python_version=`$PYTHON -c "import sys; print ('%u.%u' % sys.version_info[:2])"`
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5
-printf "%s\n" "$am_cv_python_version" >&6; }
- PYTHON_VERSION=$am_cv_python_version
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5
-printf %s "checking for $am_display_PYTHON platform... " >&6; }
-if test ${am_cv_python_platform+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5
-printf "%s\n" "$am_cv_python_platform" >&6; }
- PYTHON_PLATFORM=$am_cv_python_platform
-
-
- if test "x$prefix" = xNONE; then
- am__usable_prefix=$ac_default_prefix
- else
- am__usable_prefix=$prefix
- fi
-
- # Allow user to request using sys.* values from Python,
- # instead of the GNU $prefix values.
-
-@%:@ Check whether --with-python-sys-prefix was given.
-if test ${with_python_sys_prefix+y}
-then :
- withval=$with_python_sys_prefix; am_use_python_sys=:
-else $as_nop
- am_use_python_sys=false
-fi
-
-
- # Allow user to override whatever the default Python prefix is.
-
-@%:@ Check whether --with-python_prefix was given.
-if test ${with_python_prefix+y}
-then :
- withval=$with_python_prefix; am_python_prefix_subst=$withval
- am_cv_python_prefix=$withval
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON prefix" >&5
-printf %s "checking for explicit $am_display_PYTHON prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5
-printf "%s\n" "$am_cv_python_prefix" >&6; }
-else $as_nop
-
- if $am_use_python_sys; then
- # using python sys.prefix value, not GNU
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON prefix" >&5
-printf %s "checking for python default $am_display_PYTHON prefix... " >&6; }
-if test ${am_cv_python_prefix+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- am_cv_python_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.prefix)"`
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5
-printf "%s\n" "$am_cv_python_prefix" >&6; }
-
- case $am_cv_python_prefix in
- $am__usable_prefix*)
- am__strip_prefix=`echo "$am__usable_prefix" | sed 's|.|.|g'`
- am_python_prefix_subst=`echo "$am_cv_python_prefix" | sed "s,^$am__strip_prefix,\\${prefix},"`
- ;;
- *)
- am_python_prefix_subst=$am_cv_python_prefix
- ;;
- esac
- else # using GNU prefix value, not python sys.prefix
- am_python_prefix_subst='${prefix}'
- am_python_prefix=$am_python_prefix_subst
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON prefix" >&5
-printf %s "checking for GNU default $am_display_PYTHON prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_prefix" >&5
-printf "%s\n" "$am_python_prefix" >&6; }
- fi
-fi
-
- # Substituting python_prefix_subst value.
- PYTHON_PREFIX=$am_python_prefix_subst
-
-
- # emacs-page Now do it all over again for Python exec_prefix, but with yet
- # another conditional: fall back to regular prefix if that was specified.
-
-@%:@ Check whether --with-python_exec_prefix was given.
-if test ${with_python_exec_prefix+y}
-then :
- withval=$with_python_exec_prefix; am_python_exec_prefix_subst=$withval
- am_cv_python_exec_prefix=$withval
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON exec_prefix" >&5
-printf %s "checking for explicit $am_display_PYTHON exec_prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
-printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
-else $as_nop
-
- # no explicit --with-python_exec_prefix, but if
- # --with-python_prefix was given, use its value for python_exec_prefix too.
- if test -n "$with_python_prefix"
-then :
- am_python_exec_prefix_subst=$with_python_prefix
- am_cv_python_exec_prefix=$with_python_prefix
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python_prefix-given $am_display_PYTHON exec_prefix" >&5
-printf %s "checking for python_prefix-given $am_display_PYTHON exec_prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
-printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
-else $as_nop
-
- # Set am__usable_exec_prefix whether using GNU or Python values,
- # since we use that variable for pyexecdir.
- if test "x$exec_prefix" = xNONE; then
- am__usable_exec_prefix=$am__usable_prefix
- else
- am__usable_exec_prefix=$exec_prefix
- fi
- #
- if $am_use_python_sys; then # using python sys.exec_prefix, not GNU
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON exec_prefix" >&5
-printf %s "checking for python default $am_display_PYTHON exec_prefix... " >&6; }
-if test ${am_cv_python_exec_prefix+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- am_cv_python_exec_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.exec_prefix)"`
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
-printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
- case $am_cv_python_exec_prefix in
- $am__usable_exec_prefix*)
- am__strip_prefix=`echo "$am__usable_exec_prefix" | sed 's|.|.|g'`
- am_python_exec_prefix_subst=`echo "$am_cv_python_exec_prefix" | sed "s,^$am__strip_prefix,\\${exec_prefix},"`
- ;;
- *)
- am_python_exec_prefix_subst=$am_cv_python_exec_prefix
- ;;
- esac
- else # using GNU $exec_prefix, not python sys.exec_prefix
- am_python_exec_prefix_subst='${exec_prefix}'
- am_python_exec_prefix=$am_python_exec_prefix_subst
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON exec_prefix" >&5
-printf %s "checking for GNU default $am_display_PYTHON exec_prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_exec_prefix" >&5
-printf "%s\n" "$am_python_exec_prefix" >&6; }
- fi
-fi
-fi
-
- # Substituting python_exec_prefix_subst.
- PYTHON_EXEC_PREFIX=$am_python_exec_prefix_subst
-
-
- # Factor out some code duplication into this shell variable.
- am_python_setup_sysconfig="\
-import sys
-# Prefer sysconfig over distutils.sysconfig, for better compatibility
-# with python 3.x. See automake bug#10227.
-try:
- import sysconfig
-except ImportError:
- can_use_sysconfig = 0
-else:
- can_use_sysconfig = 1
-# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs:
-# <https://github.com/pypa/virtualenv/issues/118>
-try:
- from platform import python_implementation
- if python_implementation() == 'CPython' and sys.version[:3] == '2.7':
- can_use_sysconfig = 0
-except ImportError:
- pass"
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory (pythondir)" >&5
-printf %s "checking for $am_display_PYTHON script directory (pythondir)... " >&6; }
-if test ${am_cv_python_pythondir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test "x$am_cv_python_prefix" = x; then
- am_py_prefix=$am__usable_prefix
- else
- am_py_prefix=$am_cv_python_prefix
- fi
- am_cv_python_pythondir=`$PYTHON -c "
-$am_python_setup_sysconfig
-if can_use_sysconfig:
- if hasattr(sysconfig, 'get_default_scheme'):
- scheme = sysconfig.get_default_scheme()
- else:
- scheme = sysconfig._get_default_scheme()
- if scheme == 'posix_local':
- # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
- scheme = 'posix_prefix'
- sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'})
-else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
-sys.stdout.write(sitedir)"`
- #
- case $am_cv_python_pythondir in
- $am_py_prefix*)
- am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
- am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,\\${PYTHON_PREFIX},"`
- ;;
- *)
- case $am_py_prefix in
- /usr|/System*) ;;
- *) am_cv_python_pythondir="\${PYTHON_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
- ;;
- esac
- ;;
- esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5
-printf "%s\n" "$am_cv_python_pythondir" >&6; }
- pythondir=$am_cv_python_pythondir
-
-
- pkgpythondir=\${pythondir}/$PACKAGE
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory (pyexecdir)" >&5
-printf %s "checking for $am_display_PYTHON extension module directory (pyexecdir)... " >&6; }
-if test ${am_cv_python_pyexecdir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test "x$am_cv_python_exec_prefix" = x; then
- am_py_exec_prefix=$am__usable_exec_prefix
- else
- am_py_exec_prefix=$am_cv_python_exec_prefix
- fi
- am_cv_python_pyexecdir=`$PYTHON -c "
-$am_python_setup_sysconfig
-if can_use_sysconfig:
- if hasattr(sysconfig, 'get_default_scheme'):
- scheme = sysconfig.get_default_scheme()
- else:
- scheme = sysconfig._get_default_scheme()
- if scheme == 'posix_local':
- # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
- scheme = 'posix_prefix'
- sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'})
-else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_exec_prefix')
-sys.stdout.write(sitedir)"`
- #
- case $am_cv_python_pyexecdir in
- $am_py_exec_prefix*)
- am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
- am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,\\${PYTHON_EXEC_PREFIX},"`
- ;;
- *)
- case $am_py_exec_prefix in
- /usr|/System*) ;;
- *) am_cv_python_pyexecdir="\${PYTHON_EXEC_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
- ;;
- esac
- ;;
- esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5
-printf "%s\n" "$am_cv_python_pyexecdir" >&6; }
- pyexecdir=$am_cv_python_pyexecdir
-
-
- pkgpyexecdir=\${pyexecdir}/$PACKAGE
-
-
-
- fi
-
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether perl bindings are enabled" >&5
-printf %s "checking whether perl bindings are enabled... " >&6; }
-
-@%:@ Check whether --with-perl was given.
-if test ${with_perl+y}
-then :
- withval=$with_perl; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-printf "%s\n" "$withval" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-if test "$with_perl" = "yes"; then
- test -z "$SWIG" && as_fn_error $? "swig is required when enabling perl bindings" "$LINENO" 5
- # Extract the first word of "perl", so it can be a program name with args.
-set dummy perl; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PERL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PERL in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PERL="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PERL=$ac_cv_path_PERL
-if test -n "$PERL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
-printf "%s\n" "$PERL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -z "$PERL" && as_fn_error $? "perl is required when enabling perl bindings" "$LINENO" 5
- perl_includedir="`$PERL -e 'use Config; print $Config{archlib}'`/CORE"
- if test -e "$perl_includedir/perl.h"
-then :
- enable_perl=yes
-else $as_nop
- enable_perl=no
-fi
-fi
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ruby bindings are enabled" >&5
-printf %s "checking whether ruby bindings are enabled... " >&6; }
-
-@%:@ Check whether --with-ruby was given.
-if test ${with_ruby+y}
-then :
- withval=$with_ruby; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-printf "%s\n" "$withval" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-if test "$with_ruby" = "yes"; then
- test -z "$SWIG" && as_fn_error $? "swig is required when enabling ruby bindings" "$LINENO" 5
- # Extract the first word of "ruby", so it can be a program name with args.
-set dummy ruby; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_RUBY+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $RUBY in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_RUBY="$RUBY" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_RUBY="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-RUBY=$ac_cv_path_RUBY
-if test -n "$RUBY"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RUBY" >&5
-printf "%s\n" "$RUBY" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -z "$RUBY" && as_fn_error $? "ruby is required when enabling ruby bindings" "$LINENO" 5
-fi
-
-
- if test x$enable_man_pages = xyes; then
- ENABLE_MAN_PAGES_TRUE=
- ENABLE_MAN_PAGES_FALSE='#'
-else
- ENABLE_MAN_PAGES_TRUE='#'
- ENABLE_MAN_PAGES_FALSE=
-fi
-
- if test x$with_python = xyes; then
- HAVE_PYTHON_TRUE=
- HAVE_PYTHON_FALSE='#'
-else
- HAVE_PYTHON_TRUE='#'
- HAVE_PYTHON_FALSE=
-fi
-
- if test x$with_perl = xyes; then
- HAVE_PERL_TRUE=
- HAVE_PERL_FALSE='#'
-else
- HAVE_PERL_TRUE='#'
- HAVE_PERL_FALSE=
-fi
-
- if test x$with_ruby = xyes; then
- HAVE_RUBY_TRUE=
- HAVE_RUBY_FALSE='#'
-else
- HAVE_RUBY_TRUE='#'
- HAVE_RUBY_FALSE=
-fi
-
-
-ac_header= ac_cache=
-for ac_item in $ac_header_c_list
-do
- if test $ac_cache; then
- ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default"
- if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then
- printf "%s\n" "#define $ac_item 1" >> confdefs.h
- fi
- ac_header= ac_cache=
- elif test $ac_header; then
- ac_cache=$ac_item
- else
- ac_header=$ac_item
- fi
-done
-
-
-
-
-
-
-
-
-if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes
-then :
-
-printf "%s\n" "@%:@define STDC_HEADERS 1" >>confdefs.h
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
-printf %s "checking for grep that handles long lines and -e... " >&6; }
-if test ${ac_cv_path_GREP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -z "$GREP"; then
- ac_path_GREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in grep ggrep
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_GREP="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_GREP" || continue
-# Check for GNU ac_path_GREP and select it if it is found.
- # Check for GNU $ac_path_GREP
-case `"$ac_path_GREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" 'GREP' >> "conftest.nl"
- "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_GREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_GREP="$ac_path_GREP"
- ac_path_GREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_GREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_GREP"; then
- as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_GREP=$GREP
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
-printf "%s\n" "$ac_cv_path_GREP" >&6; }
- GREP="$ac_cv_path_GREP"
-
-
-# Autoupdate added the next two lines to ensure that your configure
-# script's behavior did not change. They are probably safe to remove.
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
-printf %s "checking for egrep... " >&6; }
-if test ${ac_cv_path_EGREP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
- then ac_cv_path_EGREP="$GREP -E"
- else
- if test -z "$EGREP"; then
- ac_path_EGREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in egrep
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_EGREP" || continue
-# Check for GNU ac_path_EGREP and select it if it is found.
- # Check for GNU $ac_path_EGREP
-case `"$ac_path_EGREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" 'EGREP' >> "conftest.nl"
- "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_EGREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_EGREP="$ac_path_EGREP"
- ac_path_EGREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_EGREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_EGREP"; then
- as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_EGREP=$EGREP
-fi
-
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
-printf "%s\n" "$ac_cv_path_EGREP" >&6; }
- EGREP="$ac_cv_path_EGREP"
-
-
-
-ac_fn_c_check_header_compile "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
-if test "x$ac_cv_header_unistd_h" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_UNISTD_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
-if test "x$ac_cv_header_stdint_h" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_STDINT_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "syslog.h" "ac_cv_header_syslog_h" "$ac_includes_default"
-if test "x$ac_cv_header_syslog_h" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_SYSLOG_H 1" >>confdefs.h
-
-fi
-
-
-ac_fn_c_check_func "$LINENO" "asprintf" "ac_cv_func_asprintf"
-if test "x$ac_cv_func_asprintf" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_ASPRINTF 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "__secure_getenv" "ac_cv_func___secure_getenv"
-if test "x$ac_cv_func___secure_getenv" = xyes
-then :
- printf "%s\n" "@%:@define HAVE___SECURE_GETENV 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "secure_getenv" "ac_cv_func_secure_getenv"
-if test "x$ac_cv_func_secure_getenv" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_SECURE_GETENV 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray"
-if test "x$ac_cv_func_reallocarray" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_REALLOCARRAY 1" >>confdefs.h
-
-fi
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
-printf %s "checking for an ANSI C-conforming const... " >&6; }
-if test ${ac_cv_c_const+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
-#ifndef __cplusplus
- /* Ultrix mips cc rejects this sort of thing. */
- typedef int charset[2];
- const charset cs = { 0, 0 };
- /* SunOS 4.1.1 cc rejects this. */
- char const *const *pcpcc;
- char **ppc;
- /* NEC SVR4.0.2 mips cc rejects this. */
- struct point {int x, y;};
- static struct point const zero = {0,0};
- /* IBM XL C 1.02.0.0 rejects this.
- It does not let you subtract one const X* pointer from another in
- an arm of an if-expression whose if-part is not a constant
- expression */
- const char *g = "string";
- pcpcc = &g + (g ? g-g : 0);
- /* HPUX 7.0 cc rejects these. */
- ++pcpcc;
- ppc = (char**) pcpcc;
- pcpcc = (char const *const *) ppc;
- { /* SCO 3.2v4 cc rejects this sort of thing. */
- char tx;
- char *t = &tx;
- char const *s = 0 ? (char *) 0 : (char const *) 0;
-
- *t++ = 0;
- if (s) return 0;
- }
- { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
- int x[] = {25, 17};
- const int *foo = &x[0];
- ++foo;
- }
- { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
- typedef const int *iptr;
- iptr p = 0;
- ++p;
- }
- { /* IBM XL C 1.02.0.0 rejects this sort of thing, saying
- "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
- struct s { int j; const int *ap[3]; } bx;
- struct s *b = &bx; b->j = 5;
- }
- { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
- const int foo = 10;
- if (!foo) return 0;
- }
- return !cs[0] && !zero.x;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_c_const=yes
-else $as_nop
- ac_cv_c_const=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
-printf "%s\n" "$ac_cv_c_const" >&6; }
-if test $ac_cv_c_const = no; then
-
-printf "%s\n" "@%:@define const /**/" >>confdefs.h
-
-fi
-
-case `pwd` in
- *\ * | *\ *)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
-printf "%s\n" "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
-esac
-
-
-
-macro_version='2.4.6'
-macro_revision='2.4.6'
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-ltmain=$ac_aux_dir/ltmain.sh
-
-
-
- # Make sure we can run config.sub.
-$SHELL "${ac_aux_dir}config.sub" sun4 >/dev/null 2>&1 ||
- as_fn_error $? "cannot run $SHELL ${ac_aux_dir}config.sub" "$LINENO" 5
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
-printf %s "checking build system type... " >&6; }
-if test ${ac_cv_build+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_build_alias=$build_alias
-test "x$ac_build_alias" = x &&
- ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"`
-test "x$ac_build_alias" = x &&
- as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
-ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` ||
- as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
-printf "%s\n" "$ac_cv_build" >&6; }
-case $ac_cv_build in
-*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
-esac
-build=$ac_cv_build
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_build
-shift
-build_cpu=$1
-build_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-build_os=$*
-IFS=$ac_save_IFS
-case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
-printf %s "checking host system type... " >&6; }
-if test ${ac_cv_host+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test "x$host_alias" = x; then
- ac_cv_host=$ac_cv_build
-else
- ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` ||
- as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
-printf "%s\n" "$ac_cv_host" >&6; }
-case $ac_cv_host in
-*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
-esac
-host=$ac_cv_host
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_host
-shift
-host_cpu=$1
-host_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-host_os=$*
-IFS=$ac_save_IFS
-case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
-
-
-# Backslashify metacharacters that are still active within
-# double-quoted strings.
-sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\(["`\\]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to delay expansion of an escaped single quote.
-delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-
-ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5
-printf %s "checking how to print strings... " >&6; }
-# Test print first, because it will be a builtin if present.
-if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
- test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
- ECHO='print -r --'
-elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
- ECHO='printf %s\n'
-else
- # Use this function as a fallback that always works.
- func_fallback_echo ()
- {
- eval 'cat <<_LTECHO_EOF
-$1
-_LTECHO_EOF'
- }
- ECHO='func_fallback_echo'
-fi
-
-# func_echo_all arg...
-# Invoke $ECHO with all args, space-separated.
-func_echo_all ()
-{
- $ECHO ""
-}
-
-case $ECHO in
- printf*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: printf" >&5
-printf "%s\n" "printf" >&6; } ;;
- print*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: print -r" >&5
-printf "%s\n" "print -r" >&6; } ;;
- *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: cat" >&5
-printf "%s\n" "cat" >&6; } ;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
-printf %s "checking for a sed that does not truncate output... " >&6; }
-if test ${ac_cv_path_SED+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
- for ac_i in 1 2 3 4 5 6 7; do
- ac_script="$ac_script$as_nl$ac_script"
- done
- echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
- { ac_script=; unset ac_script;}
- if test -z "$SED"; then
- ac_path_SED_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in sed gsed
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_SED" || continue
-# Check for GNU ac_path_SED and select it if it is found.
- # Check for GNU $ac_path_SED
-case `"$ac_path_SED" --version 2>&1` in
-*GNU*)
- ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" '' >> "conftest.nl"
- "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_SED_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_SED="$ac_path_SED"
- ac_path_SED_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_SED_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_SED"; then
- as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
- fi
-else
- ac_cv_path_SED=$SED
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
-printf "%s\n" "$ac_cv_path_SED" >&6; }
- SED="$ac_cv_path_SED"
- rm -f conftest.sed
-
-test -z "$SED" && SED=sed
-Xsed="$SED -e 1s/^X//"
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
-printf %s "checking for fgrep... " >&6; }
-if test ${ac_cv_path_FGREP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
- then ac_cv_path_FGREP="$GREP -F"
- else
- if test -z "$FGREP"; then
- ac_path_FGREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in fgrep
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_FGREP="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_FGREP" || continue
-# Check for GNU ac_path_FGREP and select it if it is found.
- # Check for GNU $ac_path_FGREP
-case `"$ac_path_FGREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" 'FGREP' >> "conftest.nl"
- "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_FGREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_FGREP="$ac_path_FGREP"
- ac_path_FGREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_FGREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_FGREP"; then
- as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_FGREP=$FGREP
-fi
-
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
-printf "%s\n" "$ac_cv_path_FGREP" >&6; }
- FGREP="$ac_cv_path_FGREP"
-
-
-test -z "$GREP" && GREP=grep
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-@%:@ Check whether --with-gnu-ld was given.
-if test ${with_gnu_ld+y}
-then :
- withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes
-else $as_nop
- with_gnu_ld=no
-fi
-
-ac_prog=ld
-if test yes = "$GCC"; then
- # Check if gcc -print-prog-name=ld gives a path.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
-printf %s "checking for ld used by $CC... " >&6; }
- case $host in
- *-*-mingw*)
- # gcc leaves a trailing carriage return, which upsets mingw
- ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
- *)
- ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
- esac
- case $ac_prog in
- # Accept absolute paths.
- [\\/]* | ?:[\\/]*)
- re_direlt='/[^/][^/]*/\.\./'
- # Canonicalize the pathname of ld
- ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
- while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
- ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
- done
- test -z "$LD" && LD=$ac_prog
- ;;
- "")
- # If it fails, then pretend we aren't using GCC.
- ac_prog=ld
- ;;
- *)
- # If it is relative, then search for the first ld in PATH.
- with_gnu_ld=unknown
- ;;
- esac
-elif test yes = "$with_gnu_ld"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
-printf %s "checking for GNU ld... " >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
-printf %s "checking for non-GNU ld... " >&6; }
-fi
-if test ${lt_cv_path_LD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -z "$LD"; then
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
- lt_cv_path_LD=$ac_dir/$ac_prog
- # Check to see if the program is GNU ld. I'd rather use --version,
- # but apparently some variants of GNU ld only accept -v.
- # Break only if it was the GNU/non-GNU ld that we prefer.
- case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
- *GNU* | *'with BFD'*)
- test no != "$with_gnu_ld" && break
- ;;
- *)
- test yes != "$with_gnu_ld" && break
- ;;
- esac
- fi
- done
- IFS=$lt_save_ifs
-else
- lt_cv_path_LD=$LD # Let the user override the test with a path.
-fi
-fi
-
-LD=$lt_cv_path_LD
-if test -n "$LD"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
-printf "%s\n" "$LD" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
-printf %s "checking if the linker ($LD) is GNU ld... " >&6; }
-if test ${lt_cv_prog_gnu_ld+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- # I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
- lt_cv_prog_gnu_ld=yes
- ;;
-*)
- lt_cv_prog_gnu_ld=no
- ;;
-esac
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
-printf "%s\n" "$lt_cv_prog_gnu_ld" >&6; }
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
-printf %s "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
-if test ${lt_cv_path_NM+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$NM"; then
- # Let the user override the test.
- lt_cv_path_NM=$NM
-else
- lt_nm_to_check=${ac_tool_prefix}nm
- if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
- lt_nm_to_check="$lt_nm_to_check nm"
- fi
- for lt_tmp_nm in $lt_nm_to_check; do
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- tmp_nm=$ac_dir/$lt_tmp_nm
- if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
- # Check to see if the nm accepts a BSD-compat flag.
- # Adding the 'sed 1q' prevents false positives on HP-UX, which says:
- # nm: unknown option "B" ignored
- # Tru64's nm complains that /dev/null is an invalid object file
- # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
- case $build_os in
- mingw*) lt_bad_file=conftest.nm/nofile ;;
- *) lt_bad_file=/dev/null ;;
- esac
- case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
- *$lt_bad_file* | *'Invalid file or object type'*)
- lt_cv_path_NM="$tmp_nm -B"
- break 2
- ;;
- *)
- case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
- */dev/null*)
- lt_cv_path_NM="$tmp_nm -p"
- break 2
- ;;
- *)
- lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
- continue # so that we can try to find one that supports BSD flags
- ;;
- esac
- ;;
- esac
- fi
- done
- IFS=$lt_save_ifs
- done
- : ${lt_cv_path_NM=no}
-fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
-printf "%s\n" "$lt_cv_path_NM" >&6; }
-if test no != "$lt_cv_path_NM"; then
- NM=$lt_cv_path_NM
-else
- # Didn't find any BSD compatible name lister, look for dumpbin.
- if test -n "$DUMPBIN"; then :
- # Let the user override the test.
- else
- if test -n "$ac_tool_prefix"; then
- for ac_prog in dumpbin "link -dump"
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_DUMPBIN+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$DUMPBIN"; then
- ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-DUMPBIN=$ac_cv_prog_DUMPBIN
-if test -n "$DUMPBIN"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
-printf "%s\n" "$DUMPBIN" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$DUMPBIN" && break
- done
-fi
-if test -z "$DUMPBIN"; then
- ac_ct_DUMPBIN=$DUMPBIN
- for ac_prog in dumpbin "link -dump"
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_DUMPBIN+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_DUMPBIN"; then
- ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
-if test -n "$ac_ct_DUMPBIN"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
-printf "%s\n" "$ac_ct_DUMPBIN" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$ac_ct_DUMPBIN" && break
-done
-
- if test "x$ac_ct_DUMPBIN" = x; then
- DUMPBIN=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- DUMPBIN=$ac_ct_DUMPBIN
- fi
-fi
-
- case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
- *COFF*)
- DUMPBIN="$DUMPBIN -symbols -headers"
- ;;
- *)
- DUMPBIN=:
- ;;
- esac
- fi
-
- if test : != "$DUMPBIN"; then
- NM=$DUMPBIN
- fi
-fi
-test -z "$NM" && NM=nm
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
-printf %s "checking the name lister ($NM) interface... " >&6; }
-if test ${lt_cv_nm_interface+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_nm_interface="BSD nm"
- echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5)
- (eval "$ac_compile" 2>conftest.err)
- cat conftest.err >&5
- (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
- (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
- cat conftest.err >&5
- (eval echo "\"\$as_me:$LINENO: output\"" >&5)
- cat conftest.out >&5
- if $GREP 'External.*some_variable' conftest.out > /dev/null; then
- lt_cv_nm_interface="MS dumpbin"
- fi
- rm -f conftest*
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
-printf "%s\n" "$lt_cv_nm_interface" >&6; }
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
-printf %s "checking whether ln -s works... " >&6; }
-LN_S=$as_ln_s
-if test "$LN_S" = "ln -s"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
-printf "%s\n" "no, using $LN_S" >&6; }
-fi
-
-# find the maximum length of command line arguments
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
-printf %s "checking the maximum length of command line arguments... " >&6; }
-if test ${lt_cv_sys_max_cmd_len+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- i=0
- teststring=ABCD
-
- case $build_os in
- msdosdjgpp*)
- # On DJGPP, this test can blow up pretty badly due to problems in libc
- # (any single argument exceeding 2000 bytes causes a buffer overrun
- # during glob expansion). Even if it were fixed, the result of this
- # check would be larger than it should be.
- lt_cv_sys_max_cmd_len=12288; # 12K is about right
- ;;
-
- gnu*)
- # Under GNU Hurd, this test is not required because there is
- # no limit to the length of command line arguments.
- # Libtool will interpret -1 as no limit whatsoever
- lt_cv_sys_max_cmd_len=-1;
- ;;
-
- cygwin* | mingw* | cegcc*)
- # On Win9x/ME, this test blows up -- it succeeds, but takes
- # about 5 minutes as the teststring grows exponentially.
- # Worse, since 9x/ME are not pre-emptively multitasking,
- # you end up with a "frozen" computer, even though with patience
- # the test eventually succeeds (with a max line length of 256k).
- # Instead, let's just punt: use the minimum linelength reported by
- # all of the supported platforms: 8192 (on NT/2K/XP).
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- mint*)
- # On MiNT this can take a long time and run out of memory.
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- amigaos*)
- # On AmigaOS with pdksh, this test takes hours, literally.
- # So we just punt and use a minimum line length of 8192.
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
- # This has been around since 386BSD, at least. Likely further.
- if test -x /sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
- elif test -x /usr/sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
- else
- lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
- fi
- # And add a safety zone
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- ;;
-
- interix*)
- # We know the value 262144 and hardcode it with a safety zone (like BSD)
- lt_cv_sys_max_cmd_len=196608
- ;;
-
- os2*)
- # The test takes a long time on OS/2.
- lt_cv_sys_max_cmd_len=8192
- ;;
-
- osf*)
- # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
- # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
- # nice to cause kernel panics so lets avoid the loop below.
- # First set a reasonable default.
- lt_cv_sys_max_cmd_len=16384
- #
- if test -x /sbin/sysconfig; then
- case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
- *1*) lt_cv_sys_max_cmd_len=-1 ;;
- esac
- fi
- ;;
- sco3.2v5*)
- lt_cv_sys_max_cmd_len=102400
- ;;
- sysv5* | sco5v6* | sysv4.2uw2*)
- kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
- if test -n "$kargmax"; then
- lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'`
- else
- lt_cv_sys_max_cmd_len=32768
- fi
- ;;
- *)
- lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
- if test -n "$lt_cv_sys_max_cmd_len" && \
- test undefined != "$lt_cv_sys_max_cmd_len"; then
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- else
- # Make teststring a little bigger before we do anything with it.
- # a 1K string should be a reasonable start.
- for i in 1 2 3 4 5 6 7 8; do
- teststring=$teststring$teststring
- done
- SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
- # If test is not a shell built-in, we'll probably end up computing a
- # maximum length that is only half of the actual maximum length, but
- # we can't tell.
- while { test X`env echo "$teststring$teststring" 2>/dev/null` \
- = "X$teststring$teststring"; } >/dev/null 2>&1 &&
- test 17 != "$i" # 1/2 MB should be enough
- do
- i=`expr $i + 1`
- teststring=$teststring$teststring
- done
- # Only check the string length outside the loop.
- lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
- teststring=
- # Add a significant safety factor because C++ compilers can tack on
- # massive amounts of additional arguments before passing them to the
- # linker. It appears as though 1/2 is a usable value.
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
- fi
- ;;
- esac
-
-fi
-
-if test -n "$lt_cv_sys_max_cmd_len"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
-printf "%s\n" "$lt_cv_sys_max_cmd_len" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5
-printf "%s\n" "none" >&6; }
-fi
-max_cmd_len=$lt_cv_sys_max_cmd_len
-
-
-
-
-
-
-: ${CP="cp -f"}
-: ${MV="mv -f"}
-: ${RM="rm -f"}
-
-if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
- lt_unset=unset
-else
- lt_unset=false
-fi
-
-
-
-
-
-# test EBCDIC or ASCII
-case `echo X|tr X '\101'` in
- A) # ASCII based system
- # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
- lt_SP2NL='tr \040 \012'
- lt_NL2SP='tr \015\012 \040\040'
- ;;
- *) # EBCDIC based system
- lt_SP2NL='tr \100 \n'
- lt_NL2SP='tr \r\n \100\100'
- ;;
-esac
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5
-printf %s "checking how to convert $build file names to $host format... " >&6; }
-if test ${lt_cv_to_host_file_cmd+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $host in
- *-*-mingw* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
- ;;
- *-*-cygwin* )
- lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
- ;;
- * ) # otherwise, assume *nix
- lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
- ;;
- esac
- ;;
- *-*-cygwin* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
- ;;
- *-*-cygwin* )
- lt_cv_to_host_file_cmd=func_convert_file_noop
- ;;
- * ) # otherwise, assume *nix
- lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
- ;;
- esac
- ;;
- * ) # unhandled hosts (and "normal" native builds)
- lt_cv_to_host_file_cmd=func_convert_file_noop
- ;;
-esac
-
-fi
-
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5
-printf "%s\n" "$lt_cv_to_host_file_cmd" >&6; }
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5
-printf %s "checking how to convert $build file names to toolchain format... " >&6; }
-if test ${lt_cv_to_tool_file_cmd+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- #assume ordinary cross tools, or native build.
-lt_cv_to_tool_file_cmd=func_convert_file_noop
-case $host in
- *-*-mingw* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
- ;;
- esac
- ;;
-esac
-
-fi
-
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5
-printf "%s\n" "$lt_cv_to_tool_file_cmd" >&6; }
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
-printf %s "checking for $LD option to reload object files... " >&6; }
-if test ${lt_cv_ld_reload_flag+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ld_reload_flag='-r'
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
-printf "%s\n" "$lt_cv_ld_reload_flag" >&6; }
-reload_flag=$lt_cv_ld_reload_flag
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-case $host_os in
- cygwin* | mingw* | pw32* | cegcc*)
- if test yes != "$GCC"; then
- reload_cmds=false
- fi
- ;;
- darwin*)
- if test yes = "$GCC"; then
- reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
- else
- reload_cmds='$LD$reload_flag -o $output$reload_objs'
- fi
- ;;
-esac
-
-
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
-set dummy ${ac_tool_prefix}objdump; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_OBJDUMP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$OBJDUMP"; then
- ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OBJDUMP=$ac_cv_prog_OBJDUMP
-if test -n "$OBJDUMP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
-printf "%s\n" "$OBJDUMP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OBJDUMP"; then
- ac_ct_OBJDUMP=$OBJDUMP
- # Extract the first word of "objdump", so it can be a program name with args.
-set dummy objdump; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_OBJDUMP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_OBJDUMP"; then
- ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_OBJDUMP="objdump"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
-if test -n "$ac_ct_OBJDUMP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
-printf "%s\n" "$ac_ct_OBJDUMP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_OBJDUMP" = x; then
- OBJDUMP="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OBJDUMP=$ac_ct_OBJDUMP
- fi
-else
- OBJDUMP="$ac_cv_prog_OBJDUMP"
-fi
-
-test -z "$OBJDUMP" && OBJDUMP=objdump
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
-printf %s "checking how to recognize dependent libraries... " >&6; }
-if test ${lt_cv_deplibs_check_method+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# 'unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# that responds to the $file_magic_cmd with a given extended regex.
-# If you have 'file' or equivalent on your system and you're not sure
-# whether 'pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix[4-9]*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-beos*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-bsdi[45]*)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
- lt_cv_file_magic_cmd='/usr/bin/file -L'
- lt_cv_file_magic_test_file=/shlib/libc.so
- ;;
-
-cygwin*)
- # func_win32_libid is a shell function defined in ltmain.sh
- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
- lt_cv_file_magic_cmd='func_win32_libid'
- ;;
-
-mingw* | pw32*)
- # Base MSYS/MinGW do not provide the 'file' command needed by
- # func_win32_libid shell function, so use a weaker test based on 'objdump',
- # unless we find 'file', for example because we are cross-compiling.
- if ( file / ) >/dev/null 2>&1; then
- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
- lt_cv_file_magic_cmd='func_win32_libid'
- else
- # Keep this pattern in sync with the one in func_win32_libid.
- lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
- lt_cv_file_magic_cmd='$OBJDUMP -f'
- fi
- ;;
-
-cegcc*)
- # use the weaker test based on 'objdump'. See mingw*.
- lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
- lt_cv_file_magic_cmd='$OBJDUMP -f'
- ;;
-
-darwin* | rhapsody*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-freebsd* | dragonfly*)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
- case $host_cpu in
- i*86 )
- # Not sure whether the presence of OpenBSD here was a mistake.
- # Let's accept both of them until this is cleared up.
- lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
- lt_cv_file_magic_cmd=/usr/bin/file
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
- ;;
- esac
- else
- lt_cv_deplibs_check_method=pass_all
- fi
- ;;
-
-haiku*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-hpux10.20* | hpux11*)
- lt_cv_file_magic_cmd=/usr/bin/file
- case $host_cpu in
- ia64*)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
- lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
- ;;
- hppa*64*)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'
- lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
- ;;
- *)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library'
- lt_cv_file_magic_test_file=/usr/lib/libc.sl
- ;;
- esac
- ;;
-
-interix[3-9]*)
- # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
- ;;
-
-irix5* | irix6* | nonstopux*)
- case $LD in
- *-32|*"-32 ") libmagic=32-bit;;
- *-n32|*"-n32 ") libmagic=N32;;
- *-64|*"-64 ") libmagic=64-bit;;
- *) libmagic=never-match;;
- esac
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
- else
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
- fi
- ;;
-
-newos6*)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
- lt_cv_file_magic_cmd=/usr/bin/file
- lt_cv_file_magic_test_file=/usr/lib/libnls.so
- ;;
-
-*nto* | *qnx*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-openbsd* | bitrig*)
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
- else
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
- fi
- ;;
-
-osf3* | osf4* | osf5*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-rdos*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-solaris*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-sysv4 | sysv4.3*)
- case $host_vendor in
- motorola)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
- ;;
- ncr)
- lt_cv_deplibs_check_method=pass_all
- ;;
- sequent)
- lt_cv_file_magic_cmd='/bin/file'
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
- ;;
- sni)
- lt_cv_file_magic_cmd='/bin/file'
- lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
- lt_cv_file_magic_test_file=/lib/libc.so
- ;;
- siemens)
- lt_cv_deplibs_check_method=pass_all
- ;;
- pc)
- lt_cv_deplibs_check_method=pass_all
- ;;
- esac
- ;;
-
-tpf*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-os2*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
-printf "%s\n" "$lt_cv_deplibs_check_method" >&6; }
-
-file_magic_glob=
-want_nocaseglob=no
-if test "$build" = "$host"; then
- case $host_os in
- mingw* | pw32*)
- if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
- want_nocaseglob=yes
- else
- file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"`
- fi
- ;;
- esac
-fi
-
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args.
-set dummy ${ac_tool_prefix}dlltool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_DLLTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$DLLTOOL"; then
- ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-DLLTOOL=$ac_cv_prog_DLLTOOL
-if test -n "$DLLTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5
-printf "%s\n" "$DLLTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_DLLTOOL"; then
- ac_ct_DLLTOOL=$DLLTOOL
- # Extract the first word of "dlltool", so it can be a program name with args.
-set dummy dlltool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_DLLTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_DLLTOOL"; then
- ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_DLLTOOL="dlltool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL
-if test -n "$ac_ct_DLLTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5
-printf "%s\n" "$ac_ct_DLLTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_DLLTOOL" = x; then
- DLLTOOL="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- DLLTOOL=$ac_ct_DLLTOOL
- fi
-else
- DLLTOOL="$ac_cv_prog_DLLTOOL"
-fi
-
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5
-printf %s "checking how to associate runtime and link libraries... " >&6; }
-if test ${lt_cv_sharedlib_from_linklib_cmd+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_sharedlib_from_linklib_cmd='unknown'
-
-case $host_os in
-cygwin* | mingw* | pw32* | cegcc*)
- # two different shell functions defined in ltmain.sh;
- # decide which one to use based on capabilities of $DLLTOOL
- case `$DLLTOOL --help 2>&1` in
- *--identify-strict*)
- lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
- ;;
- *)
- lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
- ;;
- esac
- ;;
-*)
- # fallback: assume linklib IS sharedlib
- lt_cv_sharedlib_from_linklib_cmd=$ECHO
- ;;
-esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5
-printf "%s\n" "$lt_cv_sharedlib_from_linklib_cmd" >&6; }
-sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
-test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- for ac_prog in ar
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_AR+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$AR"; then
- ac_cv_prog_AR="$AR" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-AR=$ac_cv_prog_AR
-if test -n "$AR"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
-printf "%s\n" "$AR" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$AR" && break
- done
-fi
-if test -z "$AR"; then
- ac_ct_AR=$AR
- for ac_prog in ar
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_AR+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_AR"; then
- ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_AR="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_AR=$ac_cv_prog_ac_ct_AR
-if test -n "$ac_ct_AR"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
-printf "%s\n" "$ac_ct_AR" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$ac_ct_AR" && break
-done
-
- if test "x$ac_ct_AR" = x; then
- AR="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- AR=$ac_ct_AR
- fi
-fi
-
-: ${AR=ar}
-: ${AR_FLAGS=cr}
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5
-printf %s "checking for archiver @FILE support... " >&6; }
-if test ${lt_cv_ar_at_file+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ar_at_file=no
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- echo conftest.$ac_objext > conftest.lst
- lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5'
- { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
- (eval $lt_ar_try) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if test 0 -eq "$ac_status"; then
- # Ensure the archiver fails upon bogus file names.
- rm -f conftest.$ac_objext libconftest.a
- { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
- (eval $lt_ar_try) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if test 0 -ne "$ac_status"; then
- lt_cv_ar_at_file=@
- fi
- fi
- rm -f conftest.* libconftest.a
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5
-printf "%s\n" "$lt_cv_ar_at_file" >&6; }
-
-if test no = "$lt_cv_ar_at_file"; then
- archiver_list_spec=
-else
- archiver_list_spec=$lt_cv_ar_at_file
-fi
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$STRIP"; then
- ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-printf "%s\n" "$STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
- ac_ct_STRIP=$STRIP
- # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_STRIP"; then
- ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_STRIP="strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-printf "%s\n" "$ac_ct_STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_STRIP" = x; then
- STRIP=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- STRIP=$ac_ct_STRIP
- fi
-else
- STRIP="$ac_cv_prog_STRIP"
-fi
-
-test -z "$STRIP" && STRIP=:
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
-set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_RANLIB+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$RANLIB"; then
- ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-RANLIB=$ac_cv_prog_RANLIB
-if test -n "$RANLIB"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
-printf "%s\n" "$RANLIB" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_RANLIB"; then
- ac_ct_RANLIB=$RANLIB
- # Extract the first word of "ranlib", so it can be a program name with args.
-set dummy ranlib; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_RANLIB+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_RANLIB"; then
- ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_RANLIB="ranlib"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
-if test -n "$ac_ct_RANLIB"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
-printf "%s\n" "$ac_ct_RANLIB" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_RANLIB" = x; then
- RANLIB=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- RANLIB=$ac_ct_RANLIB
- fi
-else
- RANLIB="$ac_cv_prog_RANLIB"
-fi
-
-test -z "$RANLIB" && RANLIB=:
-
-
-
-
-
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
- case $host_os in
- bitrig* | openbsd*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
- ;;
- *)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
- ;;
- esac
- old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
-fi
-
-case $host_os in
- darwin*)
- lock_old_archive_extraction=yes ;;
- *)
- lock_old_archive_extraction=no ;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
-printf %s "checking command to parse $NM output from $compiler object... " >&6; }
-if test ${lt_cv_sys_global_symbol_pipe+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix. What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[BCDEGRST]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
-
-# Define system-specific variables.
-case $host_os in
-aix*)
- symcode='[BCDT]'
- ;;
-cygwin* | mingw* | pw32* | cegcc*)
- symcode='[ABCDGISTW]'
- ;;
-hpux*)
- if test ia64 = "$host_cpu"; then
- symcode='[ABCDEGRST]'
- fi
- ;;
-irix* | nonstopux*)
- symcode='[BCDEGRST]'
- ;;
-osf*)
- symcode='[BCDEGQRST]'
- ;;
-solaris*)
- symcode='[BDRT]'
- ;;
-sco3.2v5*)
- symcode='[DT]'
- ;;
-sysv4.2uw2*)
- symcode='[DT]'
- ;;
-sysv5* | sco5v6* | unixware* | OpenUNIX*)
- symcode='[ABDT]'
- ;;
-sysv4)
- symcode='[DFNSTU]'
- ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-case `$NM -V 2>&1` in
-*GNU* | *'with BFD'*)
- symcode='[ABCDGIRSTW]' ;;
-esac
-
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- # Gets list of data symbols to import.
- lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
- # Adjust the below global symbol transforms to fixup imported variables.
- lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
- lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'"
- lt_c_name_lib_hook="\
- -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\
- -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'"
-else
- # Disable hooks by default.
- lt_cv_sys_global_symbol_to_import=
- lt_cdecl_hook=
- lt_c_name_hook=
- lt_c_name_lib_hook=
-fi
-
-# Transform an extracted symbol line into a proper C declaration.
-# Some systems (esp. on ia64) link data and code symbols differently,
-# so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
-$lt_cdecl_hook\
-" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
-$lt_c_name_hook\
-" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'"
-
-# Transform an extracted symbol line into symbol name with lib prefix and
-# symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
-$lt_c_name_lib_hook\
-" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'"
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $build_os in
-mingw*)
- opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
- ;;
-esac
-
-# Try without a prefix underscore, then with it.
-for ac_symprfx in "" "_"; do
-
- # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
- symxfrm="\\1 $ac_symprfx\\2 \\2"
-
- # Write the raw and C identifiers.
- if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- # Fake it for dumpbin and say T for any non-static function,
- # D for any global variable and I for any imported variable.
- # Also find C++ and __fastcall symbols from MSVC++,
- # which start with @ or ?.
- lt_cv_sys_global_symbol_pipe="$AWK '"\
-" {last_section=section; section=\$ 3};"\
-" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
-" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
-" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
-" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
-" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
-" \$ 0!~/External *\|/{next};"\
-" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
-" {if(hide[section]) next};"\
-" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
-" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
-" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
-" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
-" ' prfx=^$ac_symprfx"
- else
- lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
- fi
- lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
-
- # Check to see that the pipe works correctly.
- pipe_works=no
-
- rm -f conftest*
- cat > conftest.$ac_ext <<_LT_EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(void);
-void nm_test_func(void){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-_LT_EOF
-
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- # Now try to grab the symbols.
- nlist=conftest.nm
- $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&5
- if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&5 && test -s "$nlist"; then
- # Try sorting and uniquifying the output.
- if sort "$nlist" | uniq > "$nlist"T; then
- mv -f "$nlist"T "$nlist"
- else
- rm -f "$nlist"T
- fi
-
- # Make sure that we snagged all the symbols we need.
- if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
- if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
- cat <<_LT_EOF > conftest.$ac_ext
-/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */
-#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
-/* DATA imports from DLLs on WIN32 can't be const, because runtime
- relocations are performed -- see ld's documentation on pseudo-relocs. */
-# define LT@&t@_DLSYM_CONST
-#elif defined __osf__
-/* This system does not cope well with relocations in const data. */
-# define LT@&t@_DLSYM_CONST
-#else
-# define LT@&t@_DLSYM_CONST const
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-_LT_EOF
- # Now generate the symbol file.
- eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
-
- cat <<_LT_EOF >> conftest.$ac_ext
-
-/* The mapping between symbol names and symbols. */
-LT@&t@_DLSYM_CONST struct {
- const char *name;
- void *address;
-}
-lt__PROGRAM__LTX_preloaded_symbols[] =
-{
- { "@PROGRAM@", (void *) 0 },
-_LT_EOF
- $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
- cat <<\_LT_EOF >> conftest.$ac_ext
- {0, (void *) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
- return lt__PROGRAM__LTX_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-_LT_EOF
- # Now try linking the two files.
- mv conftest.$ac_objext conftstm.$ac_objext
- lt_globsym_save_LIBS=$LIBS
- lt_globsym_save_CFLAGS=$CFLAGS
- LIBS=conftstm.$ac_objext
- CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s conftest$ac_exeext; then
- pipe_works=yes
- fi
- LIBS=$lt_globsym_save_LIBS
- CFLAGS=$lt_globsym_save_CFLAGS
- else
- echo "cannot find nm_test_func in $nlist" >&5
- fi
- else
- echo "cannot find nm_test_var in $nlist" >&5
- fi
- else
- echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
- fi
- else
- echo "$progname: failed program was:" >&5
- cat conftest.$ac_ext >&5
- fi
- rm -rf conftest* conftst*
-
- # Do not use the global_symbol_pipe unless it works.
- if test yes = "$pipe_works"; then
- break
- else
- lt_cv_sys_global_symbol_pipe=
- fi
-done
-
-fi
-
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
- lt_cv_sys_global_symbol_to_cdecl=
-fi
-if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: failed" >&5
-printf "%s\n" "failed" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok" >&5
-printf "%s\n" "ok" >&6; }
-fi
-
-# Response file support.
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- nm_file_list_spec='@'
-elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then
- nm_file_list_spec='@'
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5
-printf %s "checking for sysroot... " >&6; }
-
-@%:@ Check whether --with-sysroot was given.
-if test ${with_sysroot+y}
-then :
- withval=$with_sysroot;
-else $as_nop
- with_sysroot=no
-fi
-
-
-lt_sysroot=
-case $with_sysroot in #(
- yes)
- if test yes = "$GCC"; then
- lt_sysroot=`$CC --print-sysroot 2>/dev/null`
- fi
- ;; #(
- /*)
- lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
- ;; #(
- no|'')
- ;; #(
- *)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5
-printf "%s\n" "$with_sysroot" >&6; }
- as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5
- ;;
-esac
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5
-printf "%s\n" "${lt_sysroot:-no}" >&6; }
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5
-printf %s "checking for a working dd... " >&6; }
-if test ${ac_cv_path_lt_DD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-: ${lt_DD:=$DD}
-if test -z "$lt_DD"; then
- ac_path_lt_DD_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in dd
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_lt_DD="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_lt_DD" || continue
-if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
- cmp -s conftest.i conftest.out \
- && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
-fi
- $ac_path_lt_DD_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_lt_DD"; then
- :
- fi
-else
- ac_cv_path_lt_DD=$lt_DD
-fi
-
-rm -f conftest.i conftest2.i conftest.out
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5
-printf "%s\n" "$ac_cv_path_lt_DD" >&6; }
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5
-printf %s "checking how to truncate binary pipes... " >&6; }
-if test ${lt_cv_truncate_bin+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-lt_cv_truncate_bin=
-if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
- cmp -s conftest.i conftest.out \
- && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
-fi
-rm -f conftest.i conftest2.i conftest.out
-test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5
-printf "%s\n" "$lt_cv_truncate_bin" >&6; }
-
-
-
-
-
-
-
-# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
- for cc_temp in @S|@*""; do
- case $cc_temp in
- compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
- distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
- \-*) ;;
- *) break;;
- esac
- done
- func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-
-@%:@ Check whether --enable-libtool-lock was given.
-if test ${enable_libtool_lock+y}
-then :
- enableval=$enable_libtool_lock;
-fi
-
-test no = "$enable_libtool_lock" || enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-ia64-*-hpux*)
- # Find out what ABI is being produced by ac_compile, and set mode
- # options accordingly.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.$ac_objext` in
- *ELF-32*)
- HPUX_IA64_MODE=32
- ;;
- *ELF-64*)
- HPUX_IA64_MODE=64
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-*-*-irix6*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo '#line '$LINENO' "configure"' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- if test yes = "$lt_cv_prog_gnu_ld"; then
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- LD="${LD-ld} -melf32bsmip"
- ;;
- *N32*)
- LD="${LD-ld} -melf32bmipn32"
- ;;
- *64-bit*)
- LD="${LD-ld} -melf64bmip"
- ;;
- esac
- else
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- LD="${LD-ld} -32"
- ;;
- *N32*)
- LD="${LD-ld} -n32"
- ;;
- *64-bit*)
- LD="${LD-ld} -64"
- ;;
- esac
- fi
- fi
- rm -rf conftest*
- ;;
-
-mips64*-*linux*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo '#line '$LINENO' "configure"' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- emul=elf
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- emul="${emul}32"
- ;;
- *64-bit*)
- emul="${emul}64"
- ;;
- esac
- case `/usr/bin/file conftest.$ac_objext` in
- *MSB*)
- emul="${emul}btsmip"
- ;;
- *LSB*)
- emul="${emul}ltsmip"
- ;;
- esac
- case `/usr/bin/file conftest.$ac_objext` in
- *N32*)
- emul="${emul}n32"
- ;;
- esac
- LD="${LD-ld} -m $emul"
- fi
- rm -rf conftest*
- ;;
-
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
-s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly. Note that the listed cases only cover the
- # situations where additional linker options are needed (such as when
- # doing 32-bit compilation for a host where ld defaults to 64-bit, or
- # vice versa); the common cases where no linker options are needed do
- # not appear in the list.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.o` in
- *32-bit*)
- case $host in
- x86_64-*kfreebsd*-gnu)
- LD="${LD-ld} -m elf_i386_fbsd"
- ;;
- x86_64-*linux*)
- case `/usr/bin/file conftest.o` in
- *x86-64*)
- LD="${LD-ld} -m elf32_x86_64"
- ;;
- *)
- LD="${LD-ld} -m elf_i386"
- ;;
- esac
- ;;
- powerpc64le-*linux*)
- LD="${LD-ld} -m elf32lppclinux"
- ;;
- powerpc64-*linux*)
- LD="${LD-ld} -m elf32ppclinux"
- ;;
- s390x-*linux*)
- LD="${LD-ld} -m elf_s390"
- ;;
- sparc64-*linux*)
- LD="${LD-ld} -m elf32_sparc"
- ;;
- esac
- ;;
- *64-bit*)
- case $host in
- x86_64-*kfreebsd*-gnu)
- LD="${LD-ld} -m elf_x86_64_fbsd"
- ;;
- x86_64-*linux*)
- LD="${LD-ld} -m elf_x86_64"
- ;;
- powerpcle-*linux*)
- LD="${LD-ld} -m elf64lppc"
- ;;
- powerpc-*linux*)
- LD="${LD-ld} -m elf64ppc"
- ;;
- s390*-*linux*|s390*-*tpf*)
- LD="${LD-ld} -m elf64_s390"
- ;;
- sparc*-*linux*)
- LD="${LD-ld} -m elf64_sparc"
- ;;
- esac
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-
-*-*-sco3.2v5*)
- # On SCO OpenServer 5, we need -belf to get full-featured binaries.
- SAVE_CFLAGS=$CFLAGS
- CFLAGS="$CFLAGS -belf"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
-printf %s "checking whether the C compiler needs -belf... " >&6; }
-if test ${lt_cv_cc_needs_belf+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- lt_cv_cc_needs_belf=yes
-else $as_nop
- lt_cv_cc_needs_belf=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
-printf "%s\n" "$lt_cv_cc_needs_belf" >&6; }
- if test yes != "$lt_cv_cc_needs_belf"; then
- # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
- CFLAGS=$SAVE_CFLAGS
- fi
- ;;
-*-*solaris*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.o` in
- *64-bit*)
- case $lt_cv_prog_gnu_ld in
- yes*)
- case $host in
- i?86-*-solaris*|x86_64-*-solaris*)
- LD="${LD-ld} -m elf_x86_64"
- ;;
- sparc*-*-solaris*)
- LD="${LD-ld} -m elf64_sparc"
- ;;
- esac
- # GNU ld 2.21 introduced _sol2 emulations. Use them if available.
- if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
- LD=${LD-ld}_sol2
- fi
- ;;
- *)
- if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
- LD="${LD-ld} -64"
- fi
- ;;
- esac
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-esac
-
-need_locks=$enable_libtool_lock
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args.
-set dummy ${ac_tool_prefix}mt; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_MANIFEST_TOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$MANIFEST_TOOL"; then
- ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL
-if test -n "$MANIFEST_TOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5
-printf "%s\n" "$MANIFEST_TOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_MANIFEST_TOOL"; then
- ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL
- # Extract the first word of "mt", so it can be a program name with args.
-set dummy mt; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_MANIFEST_TOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_MANIFEST_TOOL"; then
- ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_MANIFEST_TOOL="mt"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL
-if test -n "$ac_ct_MANIFEST_TOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5
-printf "%s\n" "$ac_ct_MANIFEST_TOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_MANIFEST_TOOL" = x; then
- MANIFEST_TOOL=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL
- fi
-else
- MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL"
-fi
-
-test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5
-printf %s "checking if $MANIFEST_TOOL is a manifest tool... " >&6; }
-if test ${lt_cv_path_mainfest_tool+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_path_mainfest_tool=no
- echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5
- $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
- cat conftest.err >&5
- if $GREP 'Manifest Tool' conftest.out > /dev/null; then
- lt_cv_path_mainfest_tool=yes
- fi
- rm -f conftest*
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5
-printf "%s\n" "$lt_cv_path_mainfest_tool" >&6; }
-if test yes != "$lt_cv_path_mainfest_tool"; then
- MANIFEST_TOOL=:
-fi
-
-
-
-
-
-
- case $host_os in
- rhapsody* | darwin*)
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
-set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_DSYMUTIL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$DSYMUTIL"; then
- ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-DSYMUTIL=$ac_cv_prog_DSYMUTIL
-if test -n "$DSYMUTIL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
-printf "%s\n" "$DSYMUTIL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_DSYMUTIL"; then
- ac_ct_DSYMUTIL=$DSYMUTIL
- # Extract the first word of "dsymutil", so it can be a program name with args.
-set dummy dsymutil; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_DSYMUTIL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_DSYMUTIL"; then
- ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
-if test -n "$ac_ct_DSYMUTIL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
-printf "%s\n" "$ac_ct_DSYMUTIL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_DSYMUTIL" = x; then
- DSYMUTIL=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- DSYMUTIL=$ac_ct_DSYMUTIL
- fi
-else
- DSYMUTIL="$ac_cv_prog_DSYMUTIL"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
-set dummy ${ac_tool_prefix}nmedit; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_NMEDIT+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$NMEDIT"; then
- ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-NMEDIT=$ac_cv_prog_NMEDIT
-if test -n "$NMEDIT"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
-printf "%s\n" "$NMEDIT" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_NMEDIT"; then
- ac_ct_NMEDIT=$NMEDIT
- # Extract the first word of "nmedit", so it can be a program name with args.
-set dummy nmedit; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_NMEDIT+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_NMEDIT"; then
- ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_NMEDIT="nmedit"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
-if test -n "$ac_ct_NMEDIT"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
-printf "%s\n" "$ac_ct_NMEDIT" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_NMEDIT" = x; then
- NMEDIT=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- NMEDIT=$ac_ct_NMEDIT
- fi
-else
- NMEDIT="$ac_cv_prog_NMEDIT"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
-set dummy ${ac_tool_prefix}lipo; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_LIPO+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$LIPO"; then
- ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-LIPO=$ac_cv_prog_LIPO
-if test -n "$LIPO"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
-printf "%s\n" "$LIPO" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_LIPO"; then
- ac_ct_LIPO=$LIPO
- # Extract the first word of "lipo", so it can be a program name with args.
-set dummy lipo; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_LIPO+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_LIPO"; then
- ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_LIPO="lipo"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
-if test -n "$ac_ct_LIPO"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
-printf "%s\n" "$ac_ct_LIPO" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_LIPO" = x; then
- LIPO=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- LIPO=$ac_ct_LIPO
- fi
-else
- LIPO="$ac_cv_prog_LIPO"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
-set dummy ${ac_tool_prefix}otool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_OTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$OTOOL"; then
- ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OTOOL=$ac_cv_prog_OTOOL
-if test -n "$OTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
-printf "%s\n" "$OTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OTOOL"; then
- ac_ct_OTOOL=$OTOOL
- # Extract the first word of "otool", so it can be a program name with args.
-set dummy otool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_OTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_OTOOL"; then
- ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_OTOOL="otool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
-if test -n "$ac_ct_OTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
-printf "%s\n" "$ac_ct_OTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_OTOOL" = x; then
- OTOOL=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OTOOL=$ac_ct_OTOOL
- fi
-else
- OTOOL="$ac_cv_prog_OTOOL"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
-set dummy ${ac_tool_prefix}otool64; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_OTOOL64+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$OTOOL64"; then
- ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OTOOL64=$ac_cv_prog_OTOOL64
-if test -n "$OTOOL64"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
-printf "%s\n" "$OTOOL64" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OTOOL64"; then
- ac_ct_OTOOL64=$OTOOL64
- # Extract the first word of "otool64", so it can be a program name with args.
-set dummy otool64; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_OTOOL64+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_OTOOL64"; then
- ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_OTOOL64="otool64"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
-if test -n "$ac_ct_OTOOL64"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
-printf "%s\n" "$ac_ct_OTOOL64" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_OTOOL64" = x; then
- OTOOL64=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OTOOL64=$ac_ct_OTOOL64
- fi
-else
- OTOOL64="$ac_cv_prog_OTOOL64"
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
-printf %s "checking for -single_module linker flag... " >&6; }
-if test ${lt_cv_apple_cc_single_mod+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_apple_cc_single_mod=no
- if test -z "$LT_MULTI_MODULE"; then
- # By default we will add the -single_module flag. You can override
- # by either setting the environment variable LT_MULTI_MODULE
- # non-empty at configure time, or by adding -multi_module to the
- # link flags.
- rm -rf libconftest.dylib*
- echo "int foo(void){return 1;}" > conftest.c
- echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
--dynamiclib -Wl,-single_module conftest.c" >&5
- $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
- -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
- _lt_result=$?
- # If there is a non-empty error log, and "single_module"
- # appears in it, assume the flag caused a linker warning
- if test -s conftest.err && $GREP single_module conftest.err; then
- cat conftest.err >&5
- # Otherwise, if the output was created with a 0 exit code from
- # the compiler, it worked.
- elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
- lt_cv_apple_cc_single_mod=yes
- else
- cat conftest.err >&5
- fi
- rm -rf libconftest.dylib*
- rm -f conftest.*
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
-printf "%s\n" "$lt_cv_apple_cc_single_mod" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
-printf %s "checking for -exported_symbols_list linker flag... " >&6; }
-if test ${lt_cv_ld_exported_symbols_list+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ld_exported_symbols_list=no
- save_LDFLAGS=$LDFLAGS
- echo "_main" > conftest.sym
- LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- lt_cv_ld_exported_symbols_list=yes
-else $as_nop
- lt_cv_ld_exported_symbols_list=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
-printf "%s\n" "$lt_cv_ld_exported_symbols_list" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5
-printf %s "checking for -force_load linker flag... " >&6; }
-if test ${lt_cv_ld_force_load+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ld_force_load=no
- cat > conftest.c << _LT_EOF
-int forced_loaded() { return 2;}
-_LT_EOF
- echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5
- $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5
- echo "$AR cr libconftest.a conftest.o" >&5
- $AR cr libconftest.a conftest.o 2>&5
- echo "$RANLIB libconftest.a" >&5
- $RANLIB libconftest.a 2>&5
- cat > conftest.c << _LT_EOF
-int main() { return 0;}
-_LT_EOF
- echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5
- $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
- _lt_result=$?
- if test -s conftest.err && $GREP force_load conftest.err; then
- cat conftest.err >&5
- elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
- lt_cv_ld_force_load=yes
- else
- cat conftest.err >&5
- fi
- rm -f conftest.err libconftest.a conftest conftest.c
- rm -rf conftest.dSYM
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5
-printf "%s\n" "$lt_cv_ld_force_load" >&6; }
- case $host_os in
- rhapsody* | darwin1.[012])
- _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
- darwin1.*)
- _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- darwin*) # darwin 5.x on
- # if running on 10.5 or later, the deployment target defaults
- # to the OS version, if on x86, and 10.4, the deployment
- # target defaults to 10.4. Don't you love it?
- case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
- 10.0,*86*-darwin8*|10.0,*-darwin[912]*)
- _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
- 10.[012][,.]*)
- _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- 10.*|11.*)
- _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
- esac
- ;;
- esac
- if test yes = "$lt_cv_apple_cc_single_mod"; then
- _lt_dar_single_mod='$single_module'
- fi
- if test yes = "$lt_cv_ld_exported_symbols_list"; then
- _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
- else
- _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
- fi
- if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
- _lt_dsymutil='~$DSYMUTIL $lib || :'
- else
- _lt_dsymutil=
- fi
- ;;
- esac
-
-# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-# string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-# string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-# string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-# "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-# VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
- case x@S|@2 in
- x)
- ;;
- *:)
- eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
- ;;
- x:*)
- eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
- ;;
- *::*)
- eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
- eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
- ;;
- *)
- eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
- ;;
- esac
-}
-
-ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
-"
-if test "x$ac_cv_header_dlfcn_h" = xyes
-then :
- printf "%s\n" "@%:@define HAVE_DLFCN_H 1" >>confdefs.h
-
-fi
-
-
-
-
-
-# Set options
-
-
-
- enable_dlopen=no
-
-
- enable_win32_dll=no
-
-
- @%:@ Check whether --enable-shared was given.
-if test ${enable_shared+y}
-then :
- enableval=$enable_shared; p=${PACKAGE-default}
- case $enableval in
- yes) enable_shared=yes ;;
- no) enable_shared=no ;;
- *)
- enable_shared=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_shared=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- enable_shared=yes
-fi
-
-
-
-
-
-
-
-
-
- @%:@ Check whether --enable-static was given.
-if test ${enable_static+y}
-then :
- enableval=$enable_static; p=${PACKAGE-default}
- case $enableval in
- yes) enable_static=yes ;;
- no) enable_static=no ;;
- *)
- enable_static=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_static=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- enable_static=yes
-fi
-
-
-
-
-
-
-
-
-
-
-@%:@ Check whether --with-pic was given.
-if test ${with_pic+y}
-then :
- withval=$with_pic; lt_p=${PACKAGE-default}
- case $withval in
- yes|no) pic_mode=$withval ;;
- *)
- pic_mode=default
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for lt_pkg in $withval; do
- IFS=$lt_save_ifs
- if test "X$lt_pkg" = "X$lt_p"; then
- pic_mode=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- pic_mode=default
-fi
-
-
-
-
-
-
-
-
- @%:@ Check whether --enable-fast-install was given.
-if test ${enable_fast_install+y}
-then :
- enableval=$enable_fast_install; p=${PACKAGE-default}
- case $enableval in
- yes) enable_fast_install=yes ;;
- no) enable_fast_install=no ;;
- *)
- enable_fast_install=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_fast_install=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- enable_fast_install=yes
-fi
-
-
-
-
-
-
-
-
- shared_archive_member_spec=
-case $host,$enable_shared in
-power*-*-aix[5-9]*,yes)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5
-printf %s "checking which variant of shared library versioning to provide... " >&6; }
-
-@%:@ Check whether --with-aix-soname was given.
-if test ${with_aix_soname+y}
-then :
- withval=$with_aix_soname; case $withval in
- aix|svr4|both)
- ;;
- *)
- as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5
- ;;
- esac
- lt_cv_with_aix_soname=$with_aix_soname
-else $as_nop
- if test ${lt_cv_with_aix_soname+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_with_aix_soname=aix
-fi
-
- with_aix_soname=$lt_cv_with_aix_soname
-fi
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5
-printf "%s\n" "$with_aix_soname" >&6; }
- if test aix != "$with_aix_soname"; then
- # For the AIX way of multilib, we name the shared archive member
- # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
- # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
- # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
- # the AIX toolchain works better with OBJECT_MODE set (default 32).
- if test 64 = "${OBJECT_MODE-32}"; then
- shared_archive_member_spec=shr_64
- else
- shared_archive_member_spec=shr
- fi
- fi
- ;;
-*)
- with_aix_soname=aix
- ;;
-esac
-
-
-
-
-
-
-
-
-
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS=$ltmain
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-test -z "$LN_S" && LN_S="ln -s"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-if test -n "${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
-printf %s "checking for objdir... " >&6; }
-if test ${lt_cv_objdir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
- lt_cv_objdir=.libs
-else
- # MS-DOS does not allow filenames that begin with a dot.
- lt_cv_objdir=_libs
-fi
-rmdir .libs 2>/dev/null
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
-printf "%s\n" "$lt_cv_objdir" >&6; }
-objdir=$lt_cv_objdir
-
-
-
-
-
-printf "%s\n" "@%:@define LT_OBJDIR \"$lt_cv_objdir/\"" >>confdefs.h
-
-
-
-
-case $host_os in
-aix3*)
- # AIX sometimes has problems with the GCC collect2 program. For some
- # reason, if we set the COLLECT_NAMES environment variable, the problems
- # vanish in a puff of smoke.
- if test set != "${COLLECT_NAMES+set}"; then
- COLLECT_NAMES=
- export COLLECT_NAMES
- fi
- ;;
-esac
-
-# Global variables:
-ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-old_CC=$CC
-old_CFLAGS=$CFLAGS
-
-# Set sane defaults for various variables
-test -z "$CC" && CC=cc
-test -z "$LTCC" && LTCC=$CC
-test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
-test -z "$LD" && LD=ld
-test -z "$ac_objext" && ac_objext=o
-
-func_cc_basename $compiler
-cc_basename=$func_cc_basename_result
-
-
-# Only perform the check for file, if the check method requires it
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-case $deplibs_check_method in
-file_magic*)
- if test "$file_magic_cmd" = '$MAGIC_CMD'; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
-printf %s "checking for ${ac_tool_prefix}file... " >&6; }
-if test ${lt_cv_path_MAGIC_CMD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $MAGIC_CMD in
-[\\/*] | ?:[\\/]*)
- lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
- ;;
-*)
- lt_save_MAGIC_CMD=$MAGIC_CMD
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
- for ac_dir in $ac_dummy; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/${ac_tool_prefix}file"; then
- lt_cv_path_MAGIC_CMD=$ac_dir/"${ac_tool_prefix}file"
- if test -n "$file_magic_test_file"; then
- case $deplibs_check_method in
- "file_magic "*)
- file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD=$lt_cv_path_MAGIC_CMD
- if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
- $EGREP "$file_magic_regex" > /dev/null; then
- :
- else
- cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such. This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem. Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
- fi ;;
- esac
- fi
- break
- fi
- done
- IFS=$lt_save_ifs
- MAGIC_CMD=$lt_save_MAGIC_CMD
- ;;
-esac
-fi
-
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-printf "%s\n" "$MAGIC_CMD" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-
-
-
-if test -z "$lt_cv_path_MAGIC_CMD"; then
- if test -n "$ac_tool_prefix"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for file" >&5
-printf %s "checking for file... " >&6; }
-if test ${lt_cv_path_MAGIC_CMD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $MAGIC_CMD in
-[\\/*] | ?:[\\/]*)
- lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
- ;;
-*)
- lt_save_MAGIC_CMD=$MAGIC_CMD
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
- for ac_dir in $ac_dummy; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/file"; then
- lt_cv_path_MAGIC_CMD=$ac_dir/"file"
- if test -n "$file_magic_test_file"; then
- case $deplibs_check_method in
- "file_magic "*)
- file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD=$lt_cv_path_MAGIC_CMD
- if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
- $EGREP "$file_magic_regex" > /dev/null; then
- :
- else
- cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such. This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem. Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
- fi ;;
- esac
- fi
- break
- fi
- done
- IFS=$lt_save_ifs
- MAGIC_CMD=$lt_save_MAGIC_CMD
- ;;
-esac
-fi
-
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-printf "%s\n" "$MAGIC_CMD" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- else
- MAGIC_CMD=:
- fi
-fi
-
- fi
- ;;
-esac
-
-# Use C for the default configuration in the libtool script
-
-lt_save_CC=$CC
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-# Source file extension for C test sources.
-ac_ext=c
-
-# Object file extension for compiled C test sources.
-objext=o
-objext=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}'
-
-
-
-
-
-
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-# Save the default compiler, since it gets overwritten when the other
-# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
-compiler_DEFAULT=$CC
-
-# save warnings/boilerplate of simple test code
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$RM conftest*
-
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$RM -r conftest*
-
-
-if test -n "$compiler"; then
-
-lt_prog_compiler_no_builtin_flag=
-
-if test yes = "$GCC"; then
- case $cc_basename in
- nvcc*)
- lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;;
- *)
- lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;;
- esac
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
-printf %s "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
-if test ${lt_cv_prog_compiler_rtti_exceptions+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_rtti_exceptions=no
- ac_outfile=conftest.$ac_objext
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="-fno-rtti -fno-exceptions" ## exclude from sc_useless_quotes_in_assignment
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- # The option is referenced via a variable to avoid confusing sed.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>conftest.err)
- ac_status=$?
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s "$ac_outfile"; then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings other than the usual output.
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_rtti_exceptions=yes
- fi
- fi
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
-printf "%s\n" "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
-
-if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then
- lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
-else
- :
-fi
-
-fi
-
-
-
-
-
-
- lt_prog_compiler_wl=
-lt_prog_compiler_pic=
-lt_prog_compiler_static=
-
-
- if test yes = "$GCC"; then
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_static='-static'
-
- case $host_os in
- aix*)
- # All AIX code is PIC.
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- lt_prog_compiler_static='-Bstatic'
- fi
- lt_prog_compiler_pic='-fPIC'
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- lt_prog_compiler_pic='-fPIC'
- ;;
- m68k)
- # FIXME: we need at least 68020 code to build shared libraries, but
- # adding the '-m68020' flag to GCC prevents building anything better,
- # like '-m68040'.
- lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
- ;;
- esac
- ;;
-
- beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
- # PIC is the default for these OSes.
- ;;
-
- mingw* | cygwin* | pw32* | os2* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- # Although the cygwin gcc ignores -fPIC, still need this for old-style
- # (--disable-auto-import) libraries
- lt_prog_compiler_pic='-DDLL_EXPORT'
- case $host_os in
- os2*)
- lt_prog_compiler_static='$wl-static'
- ;;
- esac
- ;;
-
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- lt_prog_compiler_pic='-fno-common'
- ;;
-
- haiku*)
- # PIC is the default for Haiku.
- # The "-static" flag exists, but is broken.
- lt_prog_compiler_static=
- ;;
-
- hpux*)
- # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
- # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
- # sets the default TLS model and affects inlining.
- case $host_cpu in
- hppa*64*)
- # +Z the default
- ;;
- *)
- lt_prog_compiler_pic='-fPIC'
- ;;
- esac
- ;;
-
- interix[3-9]*)
- # Interix 3.x gcc -fpic/-fPIC options generate broken code.
- # Instead, we relocate shared libraries at runtime.
- ;;
-
- msdosdjgpp*)
- # Just because we use GCC doesn't mean we suddenly get shared libraries
- # on systems that don't support them.
- lt_prog_compiler_can_build_shared=no
- enable_shared=no
- ;;
-
- *nto* | *qnx*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- lt_prog_compiler_pic='-fPIC -shared'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- lt_prog_compiler_pic=-Kconform_pic
- fi
- ;;
-
- *)
- lt_prog_compiler_pic='-fPIC'
- ;;
- esac
-
- case $cc_basename in
- nvcc*) # Cuda Compiler Driver 2.2
- lt_prog_compiler_wl='-Xlinker '
- if test -n "$lt_prog_compiler_pic"; then
- lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic"
- fi
- ;;
- esac
- else
- # PORTME Check for flag to pass linker flags through the system compiler.
- case $host_os in
- aix*)
- lt_prog_compiler_wl='-Wl,'
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- lt_prog_compiler_static='-Bstatic'
- else
- lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
- fi
- ;;
-
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- lt_prog_compiler_pic='-fno-common'
- case $cc_basename in
- nagfor*)
- # NAG Fortran compiler
- lt_prog_compiler_wl='-Wl,-Wl,,'
- lt_prog_compiler_pic='-PIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
- esac
- ;;
-
- mingw* | cygwin* | pw32* | os2* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- lt_prog_compiler_pic='-DDLL_EXPORT'
- case $host_os in
- os2*)
- lt_prog_compiler_static='$wl-static'
- ;;
- esac
- ;;
-
- hpux9* | hpux10* | hpux11*)
- lt_prog_compiler_wl='-Wl,'
- # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
- # not for PA HP-UX.
- case $host_cpu in
- hppa*64*|ia64*)
- # +Z the default
- ;;
- *)
- lt_prog_compiler_pic='+Z'
- ;;
- esac
- # Is there a better lt_prog_compiler_static that works with the bundled CC?
- lt_prog_compiler_static='$wl-a ${wl}archive'
- ;;
-
- irix5* | irix6* | nonstopux*)
- lt_prog_compiler_wl='-Wl,'
- # PIC (with -KPIC) is the default.
- lt_prog_compiler_static='-non_shared'
- ;;
-
- linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- case $cc_basename in
- # old Intel for x86_64, which still supported -KPIC.
- ecc*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-static'
- ;;
- # flang / f18. f95 an alias for gfortran or flang on Debian
- flang* | f18* | f95*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- # icc used to be incompatible with GCC.
- # ICC 10 doesn't accept -KPIC any more.
- icc* | ifort*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- # Lahey Fortran 8.1.
- lf95*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='--shared'
- lt_prog_compiler_static='--static'
- ;;
- nagfor*)
- # NAG Fortran compiler
- lt_prog_compiler_wl='-Wl,-Wl,,'
- lt_prog_compiler_pic='-PIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
- tcc*)
- # Fabrice Bellard et al's Tiny C Compiler
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
- # Portland Group compilers (*not* the Pentium gcc compiler,
- # which looks to be a dead project)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fpic'
- lt_prog_compiler_static='-Bstatic'
- ;;
- ccc*)
- lt_prog_compiler_wl='-Wl,'
- # All Alpha code is PIC.
- lt_prog_compiler_static='-non_shared'
- ;;
- xl* | bgxl* | bgf* | mpixl*)
- # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-qpic'
- lt_prog_compiler_static='-qstaticlink'
- ;;
- *)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*)
- # Sun Fortran 8.3 passes all unrecognized flags to the linker
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl=''
- ;;
- *Sun\ F* | *Sun*Fortran*)
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl='-Qoption ld '
- ;;
- *Sun\ C*)
- # Sun C 5.9
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl='-Wl,'
- ;;
- *Intel*\ [CF]*Compiler*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- *Portland\ Group*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fpic'
- lt_prog_compiler_static='-Bstatic'
- ;;
- esac
- ;;
- esac
- ;;
-
- newsos6)
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- *nto* | *qnx*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- lt_prog_compiler_pic='-fPIC -shared'
- ;;
-
- osf3* | osf4* | osf5*)
- lt_prog_compiler_wl='-Wl,'
- # All OSF/1 code is PIC.
- lt_prog_compiler_static='-non_shared'
- ;;
-
- rdos*)
- lt_prog_compiler_static='-non_shared'
- ;;
-
- solaris*)
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- case $cc_basename in
- f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
- lt_prog_compiler_wl='-Qoption ld ';;
- *)
- lt_prog_compiler_wl='-Wl,';;
- esac
- ;;
-
- sunos4*)
- lt_prog_compiler_wl='-Qoption ld '
- lt_prog_compiler_pic='-PIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- sysv4 | sysv4.2uw2* | sysv4.3*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- lt_prog_compiler_pic='-Kconform_pic'
- lt_prog_compiler_static='-Bstatic'
- fi
- ;;
-
- sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- unicos*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_can_build_shared=no
- ;;
-
- uts4*)
- lt_prog_compiler_pic='-pic'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- *)
- lt_prog_compiler_can_build_shared=no
- ;;
- esac
- fi
-
-case $host_os in
- # For platforms that do not support PIC, -DPIC is meaningless:
- *djgpp*)
- lt_prog_compiler_pic=
- ;;
- *)
- lt_prog_compiler_pic="$lt_prog_compiler_pic@&t@ -DPIC"
- ;;
-esac
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
-printf %s "checking for $compiler option to produce PIC... " >&6; }
-if test ${lt_cv_prog_compiler_pic+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_pic=$lt_prog_compiler_pic
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5
-printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; }
-lt_prog_compiler_pic=$lt_cv_prog_compiler_pic
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$lt_prog_compiler_pic"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
-printf %s "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
-if test ${lt_cv_prog_compiler_pic_works+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_pic_works=no
- ac_outfile=conftest.$ac_objext
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="$lt_prog_compiler_pic@&t@ -DPIC" ## exclude from sc_useless_quotes_in_assignment
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- # The option is referenced via a variable to avoid confusing sed.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>conftest.err)
- ac_status=$?
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s "$ac_outfile"; then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings other than the usual output.
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_pic_works=yes
- fi
- fi
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
-printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; }
-
-if test yes = "$lt_cv_prog_compiler_pic_works"; then
- case $lt_prog_compiler_pic in
- "" | " "*) ;;
- *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
- esac
-else
- lt_prog_compiler_pic=
- lt_prog_compiler_can_build_shared=no
-fi
-
-fi
-
-
-
-
-
-
-
-
-
-
-
-#
-# Check to make sure the static flag actually works.
-#
-wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
-printf %s "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
-if test ${lt_cv_prog_compiler_static_works+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_static_works=no
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
- echo "$lt_simple_link_test_code" > conftest.$ac_ext
- if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
- # The linker can only warn and ignore the option if not recognized
- # So say no if there are warnings
- if test -s conftest.err; then
- # Append any errors to the config.log.
- cat conftest.err 1>&5
- $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_static_works=yes
- fi
- else
- lt_cv_prog_compiler_static_works=yes
- fi
- fi
- $RM -r conftest*
- LDFLAGS=$save_LDFLAGS
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
-printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; }
-
-if test yes = "$lt_cv_prog_compiler_static_works"; then
- :
-else
- lt_prog_compiler_static=
-fi
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if test ${lt_cv_prog_compiler_c_o+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_c_o=no
- $RM -r conftest 2>/dev/null
- mkdir conftest
- cd conftest
- mkdir out
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- lt_compiler_flag="-o out/conftest2.$ac_objext"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>out/conftest.err)
- ac_status=$?
- cat out/conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s out/conftest2.$ac_objext
- then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
- $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
- if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_c_o=yes
- fi
- fi
- chmod u+w . 2>&5
- $RM conftest*
- # SGI C++ compiler will create directory out/ii_files/ for
- # template instantiation
- test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
- $RM out/* && rmdir out
- cd ..
- $RM -r conftest
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if test ${lt_cv_prog_compiler_c_o+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_c_o=no
- $RM -r conftest 2>/dev/null
- mkdir conftest
- cd conftest
- mkdir out
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- lt_compiler_flag="-o out/conftest2.$ac_objext"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>out/conftest.err)
- ac_status=$?
- cat out/conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s out/conftest2.$ac_objext
- then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
- $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
- if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_c_o=yes
- fi
- fi
- chmod u+w . 2>&5
- $RM conftest*
- # SGI C++ compiler will create directory out/ii_files/ for
- # template instantiation
- test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
- $RM out/* && rmdir out
- cd ..
- $RM -r conftest
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
-
-
-
-
-hard_links=nottested
-if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then
- # do not overwrite the value of need_locks provided by the user
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
-printf %s "checking if we can lock with hard links... " >&6; }
- hard_links=yes
- $RM conftest*
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- touch conftest.a
- ln conftest.a conftest.b 2>&5 || hard_links=no
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
-printf "%s\n" "$hard_links" >&6; }
- if test no = "$hard_links"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5
-printf "%s\n" "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;}
- need_locks=warn
- fi
-else
- need_locks=no
-fi
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-printf %s "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
-
- runpath_var=
- allow_undefined_flag=
- always_export_symbols=no
- archive_cmds=
- archive_expsym_cmds=
- compiler_needs_object=no
- enable_shared_with_static_runtimes=no
- export_dynamic_flag_spec=
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
- hardcode_automatic=no
- hardcode_direct=no
- hardcode_direct_absolute=no
- hardcode_libdir_flag_spec=
- hardcode_libdir_separator=
- hardcode_minus_L=no
- hardcode_shlibpath_var=unsupported
- inherit_rpath=no
- link_all_deplibs=unknown
- module_cmds=
- module_expsym_cmds=
- old_archive_from_new_cmds=
- old_archive_from_expsyms_cmds=
- thread_safe_flag_spec=
- whole_archive_flag_spec=
- # include_expsyms should be a list of space-separated symbols to be *always*
- # included in the symbol list
- include_expsyms=
- # exclude_expsyms can be an extended regexp of symbols to exclude
- # it will be wrapped by ' (' and ')$', so one must not match beginning or
- # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
- # as well as any symbol that contains 'd'.
- exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
- # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
- # platforms (ab)use it in PIC code, but their linkers get confused if
- # the symbol is explicitly referenced. Since portable code cannot
- # rely on this symbol name, it's probably fine to never include it in
- # preloaded symbol tables.
- # Exclude shared library initialization/finalization symbols.
- extract_expsyms_cmds=
-
- case $host_os in
- cygwin* | mingw* | pw32* | cegcc*)
- # FIXME: the MSVC++ port hasn't been tested in a loooong time
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- if test yes != "$GCC"; then
- with_gnu_ld=no
- fi
- ;;
- interix*)
- # we just hope/assume this is gcc and not c89 (= MSVC++)
- with_gnu_ld=yes
- ;;
- openbsd* | bitrig*)
- with_gnu_ld=no
- ;;
- linux* | k*bsd*-gnu | gnu*)
- link_all_deplibs=no
- ;;
- esac
-
- ld_shlibs=yes
-
- # On some targets, GNU ld is compatible enough with the native linker
- # that we're better off using the native interface for both.
- lt_use_gnu_ld_interface=no
- if test yes = "$with_gnu_ld"; then
- case $host_os in
- aix*)
- # The AIX port of GNU ld has always aspired to compatibility
- # with the native linker. However, as the warning in the GNU ld
- # block says, versions before 2.19.5* couldn't really create working
- # shared libraries, regardless of the interface used.
- case `$LD -v 2>&1` in
- *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
- *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;;
- *\ \(GNU\ Binutils\)\ [3-9]*) ;;
- *)
- lt_use_gnu_ld_interface=yes
- ;;
- esac
- ;;
- *)
- lt_use_gnu_ld_interface=yes
- ;;
- esac
- fi
-
- if test yes = "$lt_use_gnu_ld_interface"; then
- # If archive_cmds runs LD, not CC, wlarc should be empty
- wlarc='$wl'
-
- # Set some defaults for GNU ld with shared library support. These
- # are reset later if shared libraries are not supported. Putting them
- # here allows them to be overridden if necessary.
- runpath_var=LD_RUN_PATH
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- export_dynamic_flag_spec='$wl--export-dynamic'
- # ancient GNU ld didn't support --whole-archive et. al.
- if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
- whole_archive_flag_spec=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
- else
- whole_archive_flag_spec=
- fi
- supports_anon_versioning=no
- case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in
- *GNU\ gold*) supports_anon_versioning=yes ;;
- *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
- *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
- *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
- *\ 2.11.*) ;; # other 2.11 versions
- *) supports_anon_versioning=yes ;;
- esac
-
- # See if GNU ld supports shared libraries.
- case $host_os in
- aix[3-9]*)
- # On AIX/PPC, the GNU linker is very broken
- if test ia64 != "$host_cpu"; then
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.19, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support. If you
-*** really care for shared libraries, you may want to install binutils
-*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
-*** You will then need to restart the configuration process.
-
-_LT_EOF
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds=''
- ;;
- m68k)
- archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- ;;
- esac
- ;;
-
- beos*)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- allow_undefined_flag=unsupported
- # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
- # support --undefined. This deserves some investigation. FIXME
- archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
- # as there is no search path for DLLs.
- hardcode_libdir_flag_spec='-L$libdir'
- export_dynamic_flag_spec='$wl--export-all-symbols'
- allow_undefined_flag=unsupported
- always_export_symbols=no
- enable_shared_with_static_runtimes=yes
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols'
- exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'
-
- if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- # If the export-symbols file already is a .def file, use it as
- # is; otherwise, prepend EXPORTS...
- archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then
- cp $export_symbols $output_objdir/$soname.def;
- else
- echo EXPORTS > $output_objdir/$soname.def;
- cat $export_symbols >> $output_objdir/$soname.def;
- fi~
- $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- haiku*)
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- link_all_deplibs=yes
- ;;
-
- os2*)
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- allow_undefined_flag=unsupported
- shrext_cmds=.dll
- archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- prefix_cmds="$SED"~
- if test EXPORTS = "`$SED 1q $export_symbols`"; then
- prefix_cmds="$prefix_cmds -e 1d";
- fi~
- prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
- cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
- enable_shared_with_static_runtimes=yes
- ;;
-
- interix[3-9]*)
- hardcode_direct=no
- hardcode_shlibpath_var=no
- hardcode_libdir_flag_spec='$wl-rpath,$libdir'
- export_dynamic_flag_spec='$wl-E'
- # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
- # Instead, shared libraries are loaded at an image base (0x10000000 by
- # default) and relocated if they conflict, which is a slow very memory
- # consuming and fragmenting process. To avoid this, we pick a random,
- # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
- # time. Moving up from 0x10000000 also allows more sbrk(2) space.
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- ;;
-
- gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
- tmp_diet=no
- if test linux-dietlibc = "$host_os"; then
- case $cc_basename in
- diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
- esac
- fi
- if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
- && test no = "$tmp_diet"
- then
- tmp_addflag=' $pic_flag'
- tmp_sharedflag='-shared'
- case $cc_basename,$host_cpu in
- pgcc*) # Portland Group C compiler
- whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- tmp_addflag=' $pic_flag'
- ;;
- pgf77* | pgf90* | pgf95* | pgfortran*)
- # Portland Group f77 and f90 compilers
- whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- tmp_addflag=' $pic_flag -Mnomain' ;;
- ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
- tmp_addflag=' -i_dynamic' ;;
- efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
- tmp_addflag=' -i_dynamic -nofor_main' ;;
- ifc* | ifort*) # Intel Fortran compiler
- tmp_addflag=' -nofor_main' ;;
- lf95*) # Lahey Fortran 8.1
- whole_archive_flag_spec=
- tmp_sharedflag='--shared' ;;
- nagfor*) # NAGFOR 5.3
- tmp_sharedflag='-Wl,-shared' ;;
- xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below)
- tmp_sharedflag='-qmkshrobj'
- tmp_addflag= ;;
- nvcc*) # Cuda Compiler Driver 2.2
- whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- compiler_needs_object=yes
- ;;
- esac
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*) # Sun C 5.9
- whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- compiler_needs_object=yes
- tmp_sharedflag='-G' ;;
- *Sun\ F*) # Sun Fortran 8.3
- tmp_sharedflag='-G' ;;
- esac
- archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-
- if test yes = "$supports_anon_versioning"; then
- archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
- fi
-
- case $cc_basename in
- tcc*)
- export_dynamic_flag_spec='-rdynamic'
- ;;
- xlf* | bgf* | bgxlf* | mpixlf*)
- # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
- whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
- if test yes = "$supports_anon_versioning"; then
- archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
- fi
- ;;
- esac
- else
- ld_shlibs=no
- fi
- ;;
-
- netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
- wlarc=
- else
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- fi
- ;;
-
- solaris*)
- if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems. Therefore, libtool
-*** is disabling shared libraries support. We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer. Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
- elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
- case `$LD -v 2>&1` in
- *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
-*** reliably create shared libraries on SCO systems. Therefore, libtool
-*** is disabling shared libraries support. We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
- ;;
- *)
- # For security reasons, it is highly recommended that you always
- # use absolute paths for naming shared libraries, and exclude the
- # DT_RUNPATH tag from executables and libraries. But doing so
- # requires that you compile everything twice, which is a pain.
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
- esac
- ;;
-
- sunos4*)
- archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- wlarc=
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- *)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
- esac
-
- if test no = "$ld_shlibs"; then
- runpath_var=
- hardcode_libdir_flag_spec=
- export_dynamic_flag_spec=
- whole_archive_flag_spec=
- fi
- else
- # PORTME fill in a description of your system's linker (not GNU ld)
- case $host_os in
- aix3*)
- allow_undefined_flag=unsupported
- always_export_symbols=yes
- archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
- # Note: this linker hardcodes the directories in LIBPATH if there
- # are no directories specified by -L.
- hardcode_minus_L=yes
- if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
- # Neither direct hardcoding nor static linking is supported with a
- # broken collect2.
- hardcode_direct=unsupported
- fi
- ;;
-
- aix[4-9]*)
- if test ia64 = "$host_cpu"; then
- # On IA64, the linker does run time linking by default, so we don't
- # have to do anything special.
- aix_use_runtimelinking=no
- exp_sym_flag='-Bexport'
- no_entry_flag=
- else
- # If we're using GNU nm, then we don't want the "-C" option.
- # -C means demangle to GNU nm, but means don't demangle to AIX nm.
- # Without the "-l" option, or with the "-B" option, AIX nm treats
- # weak defined symbols like other global defined symbols, whereas
- # GNU nm marks them as "W".
- # While the 'weak' keyword is ignored in the Export File, we need
- # it in the Import File for the 'aix-soname' feature, so we have
- # to replace the "-B" option with "-P" for AIX nm.
- if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
- export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
- else
- export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
- fi
- aix_use_runtimelinking=no
-
- # Test if we are trying to use run time linking or normal
- # AIX style linking. If -brtl is somewhere in LDFLAGS, we
- # have runtime linking enabled, and use it for executables.
- # For shared libraries, we enable/disable runtime linking
- # depending on the kind of the shared library created -
- # when "with_aix_soname,aix_use_runtimelinking" is:
- # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables
- # "aix,yes" lib.so shared, rtl:yes, for executables
- # lib.a static archive
- # "both,no" lib.so.V(shr.o) shared, rtl:yes
- # lib.a(lib.so.V) shared, rtl:no, for executables
- # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a(lib.so.V) shared, rtl:no
- # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a static archive
- case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
- for ld_flag in $LDFLAGS; do
- if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
- aix_use_runtimelinking=yes
- break
- fi
- done
- if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
- # With aix-soname=svr4, we create the lib.so.V shared archives only,
- # so we don't have lib.a shared libs to link our executables.
- # We have to force runtime linking in this case.
- aix_use_runtimelinking=yes
- LDFLAGS="$LDFLAGS -Wl,-brtl"
- fi
- ;;
- esac
-
- exp_sym_flag='-bexport'
- no_entry_flag='-bnoentry'
- fi
-
- # When large executables or shared objects are built, AIX ld can
- # have problems creating the table of contents. If linking a library
- # or program results in "error TOC overflow" add -mminimal-toc to
- # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
- # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
- archive_cmds=''
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- hardcode_libdir_separator=':'
- link_all_deplibs=yes
- file_list_spec='$wl-f,'
- case $with_aix_soname,$aix_use_runtimelinking in
- aix,*) ;; # traditional, no import file
- svr4,* | *,yes) # use import file
- # The Import File defines what to hardcode.
- hardcode_direct=no
- hardcode_direct_absolute=no
- ;;
- esac
-
- if test yes = "$GCC"; then
- case $host_os in aix4.[012]|aix4.[012].*)
- # We only want to do this on AIX 4.2 and lower, the check
- # below for broken collect2 doesn't work under 4.3+
- collect2name=`$CC -print-prog-name=collect2`
- if test -f "$collect2name" &&
- strings "$collect2name" | $GREP resolve_lib_name >/dev/null
- then
- # We have reworked collect2
- :
- else
- # We have old collect2
- hardcode_direct=unsupported
- # It fails to find uninstalled libraries when the uninstalled
- # path is not listed in the libpath. Setting hardcode_minus_L
- # to unsupported forces relinking
- hardcode_minus_L=yes
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_libdir_separator=
- fi
- ;;
- esac
- shared_flag='-shared'
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag="$shared_flag "'$wl-G'
- fi
- # Need to ensure runtime linking is disabled for the traditional
- # shared library, or the linker may eventually find shared libraries
- # /with/ Import File - we do not want to mix them.
- shared_flag_aix='-shared'
- shared_flag_svr4='-shared $wl-G'
- else
- # not using gcc
- if test ia64 = "$host_cpu"; then
- # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
- # chokes on -Wl,-G. The following line is correct:
- shared_flag='-G'
- else
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag='$wl-G'
- else
- shared_flag='$wl-bM:SRE'
- fi
- shared_flag_aix='$wl-bM:SRE'
- shared_flag_svr4='$wl-G'
- fi
- fi
-
- export_dynamic_flag_spec='$wl-bexpall'
- # It seems that -bexpall does not export symbols beginning with
- # underscore (_), so it is better to generate a list of symbols to export.
- always_export_symbols=yes
- if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
- # Warning - without using the other runtime loading flags (-brtl),
- # -berok will link without error, but may produce a broken library.
- allow_undefined_flag='-berok'
- # Determine the default libpath from the value encoded in an
- # empty executable.
- if test set = "${lt_cv_aix_libpath+set}"; then
- aix_libpath=$lt_cv_aix_libpath
-else
- if test ${lt_cv_aix_libpath_+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
- lt_aix_libpath_sed='
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\([^ ]*\) *$/\1/
- p
- }
- }'
- lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- # Check for a 64-bit object if we didn't find anything.
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- fi
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=/usr/lib:/lib
- fi
-
-fi
-
- aix_libpath=$lt_cv_aix_libpath_
-fi
-
- hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath"
- archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
- else
- if test ia64 = "$host_cpu"; then
- hardcode_libdir_flag_spec='$wl-R $libdir:/usr/lib:/lib'
- allow_undefined_flag="-z nodefs"
- archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
- else
- # Determine the default libpath from the value encoded in an
- # empty executable.
- if test set = "${lt_cv_aix_libpath+set}"; then
- aix_libpath=$lt_cv_aix_libpath
-else
- if test ${lt_cv_aix_libpath_+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
- lt_aix_libpath_sed='
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\([^ ]*\) *$/\1/
- p
- }
- }'
- lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- # Check for a 64-bit object if we didn't find anything.
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- fi
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=/usr/lib:/lib
- fi
-
-fi
-
- aix_libpath=$lt_cv_aix_libpath_
-fi
-
- hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath"
- # Warning - without using the other run time loading flags,
- # -berok will link without error, but may produce a broken library.
- no_undefined_flag=' $wl-bernotok'
- allow_undefined_flag=' $wl-berok'
- if test yes = "$with_gnu_ld"; then
- # We only use this code for GNU lds that support --whole-archive.
- whole_archive_flag_spec='$wl--whole-archive$convenience $wl--no-whole-archive'
- else
- # Exported symbols can be pulled into shared objects from archives
- whole_archive_flag_spec='$convenience'
- fi
- archive_cmds_need_lc=yes
- archive_expsym_cmds='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
- # -brtl affects multiple linker settings, -berok does not and is overridden later
- compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`'
- if test svr4 != "$with_aix_soname"; then
- # This is similar to how AIX traditionally builds its shared libraries.
- archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
- fi
- if test aix != "$with_aix_soname"; then
- archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
- else
- # used by -dlpreopen to get the symbols
- archive_expsym_cmds="$archive_expsym_cmds"'~$MV $output_objdir/$realname.d/$soname $output_objdir'
- fi
- archive_expsym_cmds="$archive_expsym_cmds"'~$RM -r $output_objdir/$realname.d'
- fi
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds=''
- ;;
- m68k)
- archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- ;;
- esac
- ;;
-
- bsdi[45]*)
- export_dynamic_flag_spec=-rdynamic
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- # hardcode_libdir_flag_spec is actually meaningless, as there is
- # no search path for DLLs.
- case $cc_basename in
- cl*)
- # Native MSVC
- hardcode_libdir_flag_spec=' '
- allow_undefined_flag=unsupported
- always_export_symbols=yes
- file_list_spec='@'
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=.dll
- # FIXME: Setting linknames here is a bad hack.
- archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
- archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then
- cp "$export_symbols" "$output_objdir/$soname.def";
- echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
- else
- $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
- fi~
- $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
- linknames='
- # The linker will not automatically build a static lib if we build a DLL.
- # _LT_TAGVAR(old_archive_from_new_cmds, )='true'
- enable_shared_with_static_runtimes=yes
- exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
- # Don't use ranlib
- old_postinstall_cmds='chmod 644 $oldlib'
- postlink_cmds='lt_outputfile="@OUTPUT@"~
- lt_tool_outputfile="@TOOL_OUTPUT@"~
- case $lt_outputfile in
- *.exe|*.EXE) ;;
- *)
- lt_outputfile=$lt_outputfile.exe
- lt_tool_outputfile=$lt_tool_outputfile.exe
- ;;
- esac~
- if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
- $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
- $RM "$lt_outputfile.manifest";
- fi'
- ;;
- *)
- # Assume MSVC wrapper
- hardcode_libdir_flag_spec=' '
- allow_undefined_flag=unsupported
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=.dll
- # FIXME: Setting linknames here is a bad hack.
- archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
- # The linker will automatically build a .lib file if we build a DLL.
- old_archive_from_new_cmds='true'
- # FIXME: Should let the user specify the lib program.
- old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs'
- enable_shared_with_static_runtimes=yes
- ;;
- esac
- ;;
-
- darwin* | rhapsody*)
-
-
- archive_cmds_need_lc=no
- hardcode_direct=no
- hardcode_automatic=yes
- hardcode_shlibpath_var=unsupported
- if test yes = "$lt_cv_ld_force_load"; then
- whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
-
- else
- whole_archive_flag_spec=''
- fi
- link_all_deplibs=yes
- allow_undefined_flag=$_lt_dar_allow_undefined
- case $cc_basename in
- ifort*|nagfor*) _lt_dar_can_shared=yes ;;
- *) _lt_dar_can_shared=$GCC ;;
- esac
- if test yes = "$_lt_dar_can_shared"; then
- output_verbose_link_cmd=func_echo_all
- archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
- module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
- archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
- module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
-
- else
- ld_shlibs=no
- fi
-
- ;;
-
- dgux*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_shlibpath_var=no
- ;;
-
- # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
- # support. Future versions do this automatically, but an explicit c++rt0.o
- # does not break anything, and helps significantly (at the cost of a little
- # extra space).
- freebsd2.2*)
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- # Unfortunately, older versions of FreeBSD 2 do not have this feature.
- freebsd2.*)
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes
- hardcode_minus_L=yes
- hardcode_shlibpath_var=no
- ;;
-
- # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
- freebsd* | dragonfly*)
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- hpux9*)
- if test yes = "$GCC"; then
- archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- else
- archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- fi
- hardcode_libdir_flag_spec='$wl+b $wl$libdir'
- hardcode_libdir_separator=:
- hardcode_direct=yes
-
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- export_dynamic_flag_spec='$wl-E'
- ;;
-
- hpux10*)
- if test yes,no = "$GCC,$with_gnu_ld"; then
- archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
- fi
- if test no = "$with_gnu_ld"; then
- hardcode_libdir_flag_spec='$wl+b $wl$libdir'
- hardcode_libdir_separator=:
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- export_dynamic_flag_spec='$wl-E'
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- fi
- ;;
-
- hpux11*)
- if test yes,no = "$GCC,$with_gnu_ld"; then
- case $host_cpu in
- hppa*64*)
- archive_cmds='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- ia64*)
- archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
- archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- else
- case $host_cpu in
- hppa*64*)
- archive_cmds='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- ia64*)
- archive_cmds='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
-
- # Older versions of the 11.00 compiler do not understand -b yet
- # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5
-printf %s "checking if $CC understands -b... " >&6; }
-if test ${lt_cv_prog_compiler__b+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler__b=no
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS -b"
- echo "$lt_simple_link_test_code" > conftest.$ac_ext
- if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
- # The linker can only warn and ignore the option if not recognized
- # So say no if there are warnings
- if test -s conftest.err; then
- # Append any errors to the config.log.
- cat conftest.err 1>&5
- $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler__b=yes
- fi
- else
- lt_cv_prog_compiler__b=yes
- fi
- fi
- $RM -r conftest*
- LDFLAGS=$save_LDFLAGS
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5
-printf "%s\n" "$lt_cv_prog_compiler__b" >&6; }
-
-if test yes = "$lt_cv_prog_compiler__b"; then
- archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-else
- archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
-fi
-
- ;;
- esac
- fi
- if test no = "$with_gnu_ld"; then
- hardcode_libdir_flag_spec='$wl+b $wl$libdir'
- hardcode_libdir_separator=:
-
- case $host_cpu in
- hppa*64*|ia64*)
- hardcode_direct=no
- hardcode_shlibpath_var=no
- ;;
- *)
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- export_dynamic_flag_spec='$wl-E'
-
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- ;;
- esac
- fi
- ;;
-
- irix5* | irix6* | nonstopux*)
- if test yes = "$GCC"; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- # Try to use the -exported_symbol ld option, if it does not
- # work, assume that -exports_file does not work either and
- # implicitly export all symbols.
- # This should be the same for all languages, so no per-tag cache variable.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5
-printf %s "checking whether the $host_os linker accepts -exported_symbol... " >&6; }
-if test ${lt_cv_irix_exported_symbol+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-int foo (void) { return 0; }
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- lt_cv_irix_exported_symbol=yes
-else $as_nop
- lt_cv_irix_exported_symbol=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5
-printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
- if test yes = "$lt_cv_irix_exported_symbol"; then
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
- fi
- link_all_deplibs=no
- else
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- hardcode_libdir_separator=:
- inherit_rpath=yes
- link_all_deplibs=yes
- ;;
-
- linux*)
- case $cc_basename in
- tcc*)
- # Fabrice Bellard et al's Tiny C Compiler
- ld_shlibs=yes
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- ;;
-
- netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
- else
- archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
- fi
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- newsos6)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- hardcode_libdir_separator=:
- hardcode_shlibpath_var=no
- ;;
-
- *nto* | *qnx*)
- ;;
-
- openbsd* | bitrig*)
- if test -f /usr/libexec/ld.so; then
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- hardcode_direct_absolute=yes
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
- hardcode_libdir_flag_spec='$wl-rpath,$libdir'
- export_dynamic_flag_spec='$wl-E'
- else
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- hardcode_libdir_flag_spec='$wl-rpath,$libdir'
- fi
- else
- ld_shlibs=no
- fi
- ;;
-
- os2*)
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- allow_undefined_flag=unsupported
- shrext_cmds=.dll
- archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- prefix_cmds="$SED"~
- if test EXPORTS = "`$SED 1q $export_symbols`"; then
- prefix_cmds="$prefix_cmds -e 1d";
- fi~
- prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
- cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
- enable_shared_with_static_runtimes=yes
- ;;
-
- osf3*)
- if test yes = "$GCC"; then
- allow_undefined_flag=' $wl-expect_unresolved $wl\*'
- archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- else
- allow_undefined_flag=' -expect_unresolved \*'
- archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- hardcode_libdir_separator=:
- ;;
-
- osf4* | osf5*) # as osf3* with the addition of -msym flag
- if test yes = "$GCC"; then
- allow_undefined_flag=' $wl-expect_unresolved $wl\*'
- archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- else
- allow_undefined_flag=' -expect_unresolved \*'
- archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
- $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
-
- # Both c and cxx compiler support -rpath directly
- hardcode_libdir_flag_spec='-rpath $libdir'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_separator=:
- ;;
-
- solaris*)
- no_undefined_flag=' -z defs'
- if test yes = "$GCC"; then
- wlarc='$wl'
- archive_cmds='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
- else
- case `$CC -V 2>&1` in
- *"Compilers 5.0"*)
- wlarc=''
- archive_cmds='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
- ;;
- *)
- wlarc='$wl'
- archive_cmds='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
- ;;
- esac
- fi
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_shlibpath_var=no
- case $host_os in
- solaris2.[0-5] | solaris2.[0-5].*) ;;
- *)
- # The compiler driver will combine and reorder linker options,
- # but understands '-z linker_flag'. GCC discards it without '$wl',
- # but is careful enough not to reorder.
- # Supported since Solaris 2.6 (maybe 2.5.1?)
- if test yes = "$GCC"; then
- whole_archive_flag_spec='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
- else
- whole_archive_flag_spec='-z allextract$convenience -z defaultextract'
- fi
- ;;
- esac
- link_all_deplibs=yes
- ;;
-
- sunos4*)
- if test sequent = "$host_vendor"; then
- # Use $CC to link under sequent, because it throws in some extra .o
- # files that make .init and .fini sections work.
- archive_cmds='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
- fi
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_direct=yes
- hardcode_minus_L=yes
- hardcode_shlibpath_var=no
- ;;
-
- sysv4)
- case $host_vendor in
- sni)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes # is this really true???
- ;;
- siemens)
- ## LD is ld it makes a PLAMLIB
- ## CC just makes a GrossModule.
- archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
- reload_cmds='$CC -r -o $output$reload_objs'
- hardcode_direct=no
- ;;
- motorola)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=no #Motorola manual says yes, but my tests say they lie
- ;;
- esac
- runpath_var='LD_RUN_PATH'
- hardcode_shlibpath_var=no
- ;;
-
- sysv4.3*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_shlibpath_var=no
- export_dynamic_flag_spec='-Bexport'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_shlibpath_var=no
- runpath_var=LD_RUN_PATH
- hardcode_runpath_var=yes
- ld_shlibs=yes
- fi
- ;;
-
- sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
- no_undefined_flag='$wl-z,text'
- archive_cmds_need_lc=no
- hardcode_shlibpath_var=no
- runpath_var='LD_RUN_PATH'
-
- if test yes = "$GCC"; then
- archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- fi
- ;;
-
- sysv5* | sco3.2v5* | sco5v6*)
- # Note: We CANNOT use -z defs as we might desire, because we do not
- # link with -lc, and that would cause any symbols used from libc to
- # always be unresolved, which means just about no library would
- # ever link correctly. If we're not using GNU ld we use -z text
- # though, which does catch some bad symbols but isn't as heavy-handed
- # as -z defs.
- no_undefined_flag='$wl-z,text'
- allow_undefined_flag='$wl-z,nodefs'
- archive_cmds_need_lc=no
- hardcode_shlibpath_var=no
- hardcode_libdir_flag_spec='$wl-R,$libdir'
- hardcode_libdir_separator=':'
- link_all_deplibs=yes
- export_dynamic_flag_spec='$wl-Bexport'
- runpath_var='LD_RUN_PATH'
-
- if test yes = "$GCC"; then
- archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- fi
- ;;
-
- uts4*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_shlibpath_var=no
- ;;
-
- *)
- ld_shlibs=no
- ;;
- esac
-
- if test sni = "$host_vendor"; then
- case $host in
- sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
- export_dynamic_flag_spec='$wl-Blargedynsym'
- ;;
- esac
- fi
- fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
-printf "%s\n" "$ld_shlibs" >&6; }
-test no = "$ld_shlibs" && can_build_shared=no
-
-with_gnu_ld=$with_gnu_ld
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$archive_cmds_need_lc" in
-x|xyes)
- # Assume -lc should be added
- archive_cmds_need_lc=yes
-
- if test yes,yes = "$GCC,$enable_shared"; then
- case $archive_cmds in
- *'~'*)
- # FIXME: we may have to deal with multi-command sequences.
- ;;
- '$CC '*)
- # Test whether the compiler implicitly links with -lc since on some
- # systems, -lgcc has to come before -lc. If gcc already passes -lc
- # to ld, don't add -lc before -lgcc.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
-printf %s "checking whether -lc should be explicitly linked in... " >&6; }
-if test ${lt_cv_archive_cmds_need_lc+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- $RM conftest*
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } 2>conftest.err; then
- soname=conftest
- lib=conftest
- libobjs=conftest.$ac_objext
- deplibs=
- wl=$lt_prog_compiler_wl
- pic_flag=$lt_prog_compiler_pic
- compiler_flags=-v
- linker_flags=-v
- verstring=
- output_objdir=.
- libname=conftest
- lt_save_allow_undefined_flag=$allow_undefined_flag
- allow_undefined_flag=
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
- (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- then
- lt_cv_archive_cmds_need_lc=no
- else
- lt_cv_archive_cmds_need_lc=yes
- fi
- allow_undefined_flag=$lt_save_allow_undefined_flag
- else
- cat conftest.err 1>&5
- fi
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5
-printf "%s\n" "$lt_cv_archive_cmds_need_lc" >&6; }
- archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc
- ;;
- esac
- fi
- ;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
-printf %s "checking dynamic linker characteristics... " >&6; }
-
-if test yes = "$GCC"; then
- case $host_os in
- darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
- *) lt_awk_arg='/^libraries:/' ;;
- esac
- case $host_os in
- mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;;
- *) lt_sed_strip_eq='s|=/|/|g' ;;
- esac
- lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
- case $lt_search_path_spec in
- *\;*)
- # if the path contains ";" then we assume it to be the separator
- # otherwise default to the standard path separator (i.e. ":") - it is
- # assumed that no part of a normal pathname contains ";" but that should
- # okay in the real world where ";" in dirpaths is itself problematic.
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
- ;;
- *)
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
- ;;
- esac
- # Ok, now we have the path, separated by spaces, we can step through it
- # and add multilib dir if necessary...
- lt_tmp_lt_search_path_spec=
- lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
- # ...but if some path component already ends with the multilib dir we assume
- # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
- case "$lt_multi_os_dir; $lt_search_path_spec " in
- "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
- lt_multi_os_dir=
- ;;
- esac
- for lt_sys_path in $lt_search_path_spec; do
- if test -d "$lt_sys_path$lt_multi_os_dir"; then
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
- elif test -n "$lt_multi_os_dir"; then
- test -d "$lt_sys_path" && \
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
- fi
- done
- lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
-BEGIN {RS = " "; FS = "/|\n";} {
- lt_foo = "";
- lt_count = 0;
- for (lt_i = NF; lt_i > 0; lt_i--) {
- if ($lt_i != "" && $lt_i != ".") {
- if ($lt_i == "..") {
- lt_count++;
- } else {
- if (lt_count == 0) {
- lt_foo = "/" $lt_i lt_foo;
- } else {
- lt_count--;
- }
- }
- }
- }
- if (lt_foo != "") { lt_freq[lt_foo]++; }
- if (lt_freq[lt_foo] == 1) { print lt_foo; }
-}'`
- # AWK program above erroneously prepends '/' to C:/dos/paths
- # for these hosts.
- case $host_os in
- mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
- $SED 's|/\([A-Za-z]:\)|\1|g'` ;;
- esac
- sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
-else
- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=.so
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-
-
-case $host_os in
-aix3*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
- shlibpath_var=LIBPATH
-
- # AIX 3 has no versioning support, so we append a major version to the name.
- soname_spec='$libname$release$shared_ext$major'
- ;;
-
-aix[4-9]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- hardcode_into_libs=yes
- if test ia64 = "$host_cpu"; then
- # AIX 5 supports IA64
- library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- else
- # With GCC up to 2.95.x, collect2 would create an import file
- # for dependence libraries. The import file would start with
- # the line '#! .'. This would cause the generated library to
- # depend on '.', always an invalid library. This was fixed in
- # development snapshots of GCC prior to 3.0.
- case $host_os in
- aix4 | aix4.[01] | aix4.[01].*)
- if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
- echo ' yes '
- echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
- :
- else
- can_build_shared=no
- fi
- ;;
- esac
- # Using Import Files as archive members, it is possible to support
- # filename-based versioning of shared library archives on AIX. While
- # this would work for both with and without runtime linking, it will
- # prevent static linking of such archives. So we do filename-based
- # shared library versioning with .so extension only, which is used
- # when both runtime linking and shared linking is enabled.
- # Unfortunately, runtime linking may impact performance, so we do
- # not want this to be the default eventually. Also, we use the
- # versioned .so libs for executables only if there is the -brtl
- # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
- # To allow for filename-based versioning support, we need to create
- # libNAME.so.V as an archive file, containing:
- # *) an Import File, referring to the versioned filename of the
- # archive as well as the shared archive member, telling the
- # bitwidth (32 or 64) of that shared object, and providing the
- # list of exported symbols of that shared object, eventually
- # decorated with the 'weak' keyword
- # *) the shared object with the F_LOADONLY flag set, to really avoid
- # it being seen by the linker.
- # At run time we better use the real file rather than another symlink,
- # but for link time we create the symlink libNAME.so -> libNAME.so.V
-
- case $with_aix_soname,$aix_use_runtimelinking in
- # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
- # soname into executable. Probably we can add versioning support to
- # collect2, so additional links can be useful in future.
- aix,yes) # traditional libtool
- dynamic_linker='AIX unversionable lib.so'
- # If using run time linking (on AIX 4.2 or later) use lib<name>.so
- # instead of lib<name>.a to let people know that these are not
- # typical AIX shared libraries.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- ;;
- aix,no) # traditional AIX only
- dynamic_linker='AIX lib.a(lib.so.V)'
- # We preserve .a as extension for shared libraries through AIX4.2
- # and later when we are not doing run time linking.
- library_names_spec='$libname$release.a $libname.a'
- soname_spec='$libname$release$shared_ext$major'
- ;;
- svr4,*) # full svr4 only
- dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)"
- library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
- # We do not specify a path in Import Files, so LIBPATH fires.
- shlibpath_overrides_runpath=yes
- ;;
- *,yes) # both, prefer svr4
- dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)"
- library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
- # unpreferred sharedlib libNAME.a needs extra handling
- postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
- postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
- # We do not specify a path in Import Files, so LIBPATH fires.
- shlibpath_overrides_runpath=yes
- ;;
- *,no) # both, prefer aix
- dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)"
- library_names_spec='$libname$release.a $libname.a'
- soname_spec='$libname$release$shared_ext$major'
- # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
- postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
- postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
- ;;
- esac
- shlibpath_var=LIBPATH
- fi
- ;;
-
-amigaos*)
- case $host_cpu in
- powerpc)
- # Since July 2007 AmigaOS4 officially supports .so libraries.
- # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- ;;
- m68k)
- library_names_spec='$libname.ixlibrary $libname.a'
- # Create ${libname}_ixlibrary.a entries in /sys/libs.
- finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
- ;;
- esac
- ;;
-
-beos*)
- library_names_spec='$libname$shared_ext'
- dynamic_linker="$host_os ld.so"
- shlibpath_var=LIBRARY_PATH
- ;;
-
-bsdi[45]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
- sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
- # the default ld.so.conf also contains /usr/contrib/lib and
- # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
- # libtool to hard-code these into programs
- ;;
-
-cygwin* | mingw* | pw32* | cegcc*)
- version_type=windows
- shrext_cmds=.dll
- need_version=no
- need_lib_prefix=no
-
- case $GCC,$cc_basename in
- yes,*)
- # gcc
- library_names_spec='$libname.dll.a'
- # DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname~
- chmod a+x \$dldir/$dlname~
- if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
- eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
- fi'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- shlibpath_overrides_runpath=yes
-
- case $host_os in
- cygwin*)
- # Cygwin DLLs use 'cyg' prefix rather than 'lib'
- soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
-
- sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"
- ;;
- mingw* | cegcc*)
- # MinGW DLLs use traditional 'lib' prefix
- soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
- ;;
- pw32*)
- # pw32 DLLs use 'pw' prefix rather than 'lib'
- library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
- ;;
- esac
- dynamic_linker='Win32 ld.exe'
- ;;
-
- *,cl*)
- # Native MSVC
- libname_spec='$name'
- soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
- library_names_spec='$libname.dll.lib'
-
- case $build_os in
- mingw*)
- sys_lib_search_path_spec=
- lt_save_ifs=$IFS
- IFS=';'
- for lt_path in $LIB
- do
- IFS=$lt_save_ifs
- # Let DOS variable expansion print the short 8.3 style file name.
- lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
- sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
- done
- IFS=$lt_save_ifs
- # Convert to MSYS style.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'`
- ;;
- cygwin*)
- # Convert to unix form, then to dos form, then back to unix form
- # but this time dos style (no spaces!) so that the unix form looks
- # like /cygdrive/c/PROGRA~1:/cygdr...
- sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
- sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
- sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- ;;
- *)
- sys_lib_search_path_spec=$LIB
- if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
- # It is most probably a Windows format PATH.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
- else
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- fi
- # FIXME: find the short name or the path components, as spaces are
- # common. (e.g. "Program Files" -> "PROGRA~1")
- ;;
- esac
-
- # DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- shlibpath_overrides_runpath=yes
- dynamic_linker='Win32 link.exe'
- ;;
-
- *)
- # Assume MSVC wrapper
- library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib'
- dynamic_linker='Win32 ld.exe'
- ;;
- esac
- # FIXME: first we should search . and the directory the executable is in
- shlibpath_var=PATH
- ;;
-
-darwin* | rhapsody*)
- dynamic_linker="$host_os dyld"
- version_type=darwin
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
- soname_spec='$libname$release$major$shared_ext'
- shlibpath_overrides_runpath=yes
- shlibpath_var=DYLD_LIBRARY_PATH
- shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-
- sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"
- sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
- ;;
-
-dgux*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-freebsd* | dragonfly*)
- # DragonFly does not have aout. When/if they implement a new
- # versioning mechanism, adjust this.
- if test -x /usr/bin/objformat; then
- objformat=`/usr/bin/objformat`
- else
- case $host_os in
- freebsd[23].*) objformat=aout ;;
- *) objformat=elf ;;
- esac
- fi
- version_type=freebsd-$objformat
- case $version_type in
- freebsd-elf*)
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- need_version=no
- need_lib_prefix=no
- ;;
- freebsd-*)
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- need_version=yes
- ;;
- esac
- shlibpath_var=LD_LIBRARY_PATH
- case $host_os in
- freebsd2.*)
- shlibpath_overrides_runpath=yes
- ;;
- freebsd3.[01]* | freebsdelf3.[01]*)
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
- freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
- *) # from 4.6 on, and DragonFly
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- esac
- ;;
-
-haiku*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- dynamic_linker="$host_os runtime_loader"
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LIBRARY_PATH
- shlibpath_overrides_runpath=no
- sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
- hardcode_into_libs=yes
- ;;
-
-hpux9* | hpux10* | hpux11*)
- # Give a soname corresponding to the major version so that dld.sl refuses to
- # link against other versions.
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- case $host_cpu in
- ia64*)
- shrext_cmds='.so'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.so"
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- if test 32 = "$HPUX_IA64_MODE"; then
- sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
- sys_lib_dlsearch_path_spec=/usr/lib/hpux32
- else
- sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
- sys_lib_dlsearch_path_spec=/usr/lib/hpux64
- fi
- ;;
- hppa*64*)
- shrext_cmds='.sl'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
- *)
- shrext_cmds='.sl'
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=SHLIB_PATH
- shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- ;;
- esac
- # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
- postinstall_cmds='chmod 555 $lib'
- # or fails outright, so override atomically:
- install_override_mode=555
- ;;
-
-interix[3-9]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-irix5* | irix6* | nonstopux*)
- case $host_os in
- nonstopux*) version_type=nonstopux ;;
- *)
- if test yes = "$lt_cv_prog_gnu_ld"; then
- version_type=linux # correct to gnu/linux during the next big refactor
- else
- version_type=irix
- fi ;;
- esac
- need_lib_prefix=no
- need_version=no
- soname_spec='$libname$release$shared_ext$major'
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
- case $host_os in
- irix5* | nonstopux*)
- libsuff= shlibsuff=
- ;;
- *)
- case $LD in # libtool.m4 will add one of these switches to LD
- *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
- libsuff= shlibsuff= libmagic=32-bit;;
- *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
- libsuff=32 shlibsuff=N32 libmagic=N32;;
- *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
- libsuff=64 shlibsuff=64 libmagic=64-bit;;
- *) libsuff= shlibsuff= libmagic=never-match;;
- esac
- ;;
- esac
- shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
- sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
- hardcode_into_libs=yes
- ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
- dynamic_linker=no
- ;;
-
-linux*android*)
- version_type=none # Android doesn't support versioned libraries.
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext'
- soname_spec='$libname$release$shared_ext'
- finish_cmds=
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
-
- # This implies no fast_install, which is unacceptable.
- # Some rework will be needed to allow for fast_install
- # before this can be enabled.
- hardcode_into_libs=yes
-
- dynamic_linker='Android linker'
- # Don't embed -rpath directories since the linker doesn't support them.
- hardcode_libdir_flag_spec='-L$libdir'
- ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
-
- # Some binutils ld are patched to set DT_RUNPATH
- if test ${lt_cv_shlibpath_overrides_runpath+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_shlibpath_overrides_runpath=no
- save_LDFLAGS=$LDFLAGS
- save_libdir=$libdir
- eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
- LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null
-then :
- lt_cv_shlibpath_overrides_runpath=yes
-fi
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
- libdir=$save_libdir
-
-fi
-
- shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
-
- # This implies no fast_install, which is unacceptable.
- # Some rework will be needed to allow for fast_install
- # before this can be enabled.
- hardcode_into_libs=yes
-
- # Ideally, we could use ldconfig to report *all* directores which are
- # searched for libraries, however this is still not possible. Aside from not
- # being certain /sbin/ldconfig is available, command
- # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
- # even though it is searched at run-time. Try to do the best guess by
- # appending ld.so.conf contents (and includes) to the search path.
- if test -f /etc/ld.so.conf; then
- lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
- fi
-
- # We used to test for /lib/ld.so.1 and disable shared libraries on
- # powerpc, because MkLinux only supported shared libraries with the
- # GNU dynamic linker. Since this was broken with cross compilers,
- # most powerpc-linux boxes support dynamic linking these days and
- # people can always --disable-shared, the test was removed, and we
- # assume the GNU/Linux dynamic linker is in use.
- dynamic_linker='GNU/Linux ld.so'
- ;;
-
-netbsdelf*-gnu)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- dynamic_linker='NetBSD ld.elf_so'
- ;;
-
-netbsd*)
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- dynamic_linker='NetBSD (a.out) ld.so'
- else
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- dynamic_linker='NetBSD ld.elf_so'
- fi
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
-
-newsos6)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- ;;
-
-*nto* | *qnx*)
- version_type=qnx
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- dynamic_linker='ldqnx.so'
- ;;
-
-openbsd* | bitrig*)
- version_type=sunos
- sys_lib_dlsearch_path_spec=/usr/lib
- need_lib_prefix=no
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- need_version=no
- else
- need_version=yes
- fi
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- ;;
-
-os2*)
- libname_spec='$name'
- version_type=windows
- shrext_cmds=.dll
- need_version=no
- need_lib_prefix=no
- # OS/2 can only load a DLL with a base name of 8 characters or less.
- soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
- v=$($ECHO $release$versuffix | tr -d .-);
- n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
- $ECHO $n$v`$shared_ext'
- library_names_spec='${libname}_dll.$libext'
- dynamic_linker='OS/2 ld.exe'
- shlibpath_var=BEGINLIBPATH
- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname~
- chmod a+x \$dldir/$dlname~
- if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
- eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
- fi'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- ;;
-
-osf3* | osf4* | osf5*)
- version_type=osf
- need_lib_prefix=no
- need_version=no
- soname_spec='$libname$release$shared_ext$major'
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
-
-rdos*)
- dynamic_linker=no
- ;;
-
-solaris*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- # ldd complains unless libraries are executable
- postinstall_cmds='chmod +x $lib'
- ;;
-
-sunos4*)
- version_type=sunos
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- if test yes = "$with_gnu_ld"; then
- need_lib_prefix=no
- fi
- need_version=yes
- ;;
-
-sysv4 | sysv4.3*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- case $host_vendor in
- sni)
- shlibpath_overrides_runpath=no
- need_lib_prefix=no
- runpath_var=LD_RUN_PATH
- ;;
- siemens)
- need_lib_prefix=no
- ;;
- motorola)
- need_lib_prefix=no
- need_version=no
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
- ;;
- esac
- ;;
-
-sysv4*MP*)
- if test -d /usr/nec; then
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
- soname_spec='$libname$shared_ext.$major'
- shlibpath_var=LD_LIBRARY_PATH
- fi
- ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- version_type=sco
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- if test yes = "$with_gnu_ld"; then
- sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
- else
- sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
- case $host_os in
- sco3.2v5*)
- sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
- ;;
- esac
- fi
- sys_lib_dlsearch_path_spec='/usr/lib'
- ;;
-
-tpf*)
- # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-uts4*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-*)
- dynamic_linker=no
- ;;
-esac
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
-printf "%s\n" "$dynamic_linker" >&6; }
-test no = "$dynamic_linker" && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test yes = "$GCC"; then
- variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
- sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
-fi
-
-if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
- sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
-fi
-
-# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
-configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
-
-# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
-func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
-
-# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
-configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
-printf %s "checking how to hardcode library paths into programs... " >&6; }
-hardcode_action=
-if test -n "$hardcode_libdir_flag_spec" ||
- test -n "$runpath_var" ||
- test yes = "$hardcode_automatic"; then
-
- # We can hardcode non-existent directories.
- if test no != "$hardcode_direct" &&
- # If the only mechanism to avoid hardcoding is shlibpath_var, we
- # have to relink, otherwise we might link with an installed library
- # when we should be linking with a yet-to-be-installed one
- ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, )" &&
- test no != "$hardcode_minus_L"; then
- # Linking always hardcodes the temporary library directory.
- hardcode_action=relink
- else
- # We can link without hardcoding, and we can hardcode nonexisting dirs.
- hardcode_action=immediate
- fi
-else
- # We cannot hardcode anything, or else we can only hardcode existing
- # directories.
- hardcode_action=unsupported
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
-printf "%s\n" "$hardcode_action" >&6; }
-
-if test relink = "$hardcode_action" ||
- test yes = "$inherit_rpath"; then
- # Fast installation is not supported
- enable_fast_install=no
-elif test yes = "$shlibpath_overrides_runpath" ||
- test no = "$enable_shared"; then
- # Fast installation is not necessary
- enable_fast_install=needless
-fi
-
-
-
-
-
-
- if test yes != "$enable_dlopen"; then
- enable_dlopen=unknown
- enable_dlopen_self=unknown
- enable_dlopen_self_static=unknown
-else
- lt_cv_dlopen=no
- lt_cv_dlopen_libs=
-
- case $host_os in
- beos*)
- lt_cv_dlopen=load_add_on
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
- ;;
-
- mingw* | pw32* | cegcc*)
- lt_cv_dlopen=LoadLibrary
- lt_cv_dlopen_libs=
- ;;
-
- cygwin*)
- lt_cv_dlopen=dlopen
- lt_cv_dlopen_libs=
- ;;
-
- darwin*)
- # if libdl is installed we need to link against it
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-printf %s "checking for dlopen in -ldl... " >&6; }
-if test ${ac_cv_lib_dl_dlopen+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldl $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dlopen ();
-int
-main (void)
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dl_dlopen=yes
-else $as_nop
- ac_cv_lib_dl_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else $as_nop
-
- lt_cv_dlopen=dyld
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
-
-fi
-
- ;;
-
- tpf*)
- # Don't try to run any link tests for TPF. We know it's impossible
- # because TPF is a cross-compiler, and we know how we open DSOs.
- lt_cv_dlopen=dlopen
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=no
- ;;
-
- *)
- ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
-if test "x$ac_cv_func_shl_load" = xyes
-then :
- lt_cv_dlopen=shl_load
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
-printf %s "checking for shl_load in -ldld... " >&6; }
-if test ${ac_cv_lib_dld_shl_load+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char shl_load ();
-int
-main (void)
-{
-return shl_load ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dld_shl_load=yes
-else $as_nop
- ac_cv_lib_dld_shl_load=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
-printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; }
-if test "x$ac_cv_lib_dld_shl_load" = xyes
-then :
- lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld
-else $as_nop
- ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
-if test "x$ac_cv_func_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-printf %s "checking for dlopen in -ldl... " >&6; }
-if test ${ac_cv_lib_dl_dlopen+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldl $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dlopen ();
-int
-main (void)
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dl_dlopen=yes
-else $as_nop
- ac_cv_lib_dl_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
-printf %s "checking for dlopen in -lsvld... " >&6; }
-if test ${ac_cv_lib_svld_dlopen+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsvld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dlopen ();
-int
-main (void)
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_svld_dlopen=yes
-else $as_nop
- ac_cv_lib_svld_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
-printf "%s\n" "$ac_cv_lib_svld_dlopen" >&6; }
-if test "x$ac_cv_lib_svld_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
-printf %s "checking for dld_link in -ldld... " >&6; }
-if test ${ac_cv_lib_dld_dld_link+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dld_link ();
-int
-main (void)
-{
-return dld_link ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dld_dld_link=yes
-else $as_nop
- ac_cv_lib_dld_dld_link=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
-printf "%s\n" "$ac_cv_lib_dld_dld_link" >&6; }
-if test "x$ac_cv_lib_dld_dld_link" = xyes
-then :
- lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
- ;;
- esac
-
- if test no = "$lt_cv_dlopen"; then
- enable_dlopen=no
- else
- enable_dlopen=yes
- fi
-
- case $lt_cv_dlopen in
- dlopen)
- save_CPPFLAGS=$CPPFLAGS
- test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
- save_LDFLAGS=$LDFLAGS
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
- save_LIBS=$LIBS
- LIBS="$lt_cv_dlopen_libs $LIBS"
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
-printf %s "checking whether a program can dlopen itself... " >&6; }
-if test ${lt_cv_dlopen_self+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test yes = "$cross_compiling"; then :
- lt_cv_dlopen_self=cross
-else
- lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
- lt_status=$lt_dlunknown
- cat > conftest.$ac_ext <<_LT_EOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LT_DLGLOBAL RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-# define LT_DLGLOBAL DL_GLOBAL
-# else
-# define LT_DLGLOBAL 0
-# endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
- find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-# ifdef RTLD_LAZY
-# define LT_DLLAZY_OR_NOW RTLD_LAZY
-# else
-# ifdef DL_LAZY
-# define LT_DLLAZY_OR_NOW DL_LAZY
-# else
-# ifdef RTLD_NOW
-# define LT_DLLAZY_OR_NOW RTLD_NOW
-# else
-# ifdef DL_NOW
-# define LT_DLLAZY_OR_NOW DL_NOW
-# else
-# define LT_DLLAZY_OR_NOW 0
-# endif
-# endif
-# endif
-# endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
- correspondingly for the symbols needed. */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
- void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
- int status = $lt_dlunknown;
-
- if (self)
- {
- if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
- else
- {
- if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
- else puts (dlerror ());
- }
- /* dlclose (self); */
- }
- else
- puts (dlerror ());
-
- return status;
-}
-_LT_EOF
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
- (./conftest; exit; ) >&5 2>/dev/null
- lt_status=$?
- case x$lt_status in
- x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
- x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
- x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;;
- esac
- else :
- # compilation failed
- lt_cv_dlopen_self=no
- fi
-fi
-rm -fr conftest*
-
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
-printf "%s\n" "$lt_cv_dlopen_self" >&6; }
-
- if test yes = "$lt_cv_dlopen_self"; then
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
-printf %s "checking whether a statically linked program can dlopen itself... " >&6; }
-if test ${lt_cv_dlopen_self_static+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test yes = "$cross_compiling"; then :
- lt_cv_dlopen_self_static=cross
-else
- lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
- lt_status=$lt_dlunknown
- cat > conftest.$ac_ext <<_LT_EOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LT_DLGLOBAL RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-# define LT_DLGLOBAL DL_GLOBAL
-# else
-# define LT_DLGLOBAL 0
-# endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
- find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-# ifdef RTLD_LAZY
-# define LT_DLLAZY_OR_NOW RTLD_LAZY
-# else
-# ifdef DL_LAZY
-# define LT_DLLAZY_OR_NOW DL_LAZY
-# else
-# ifdef RTLD_NOW
-# define LT_DLLAZY_OR_NOW RTLD_NOW
-# else
-# ifdef DL_NOW
-# define LT_DLLAZY_OR_NOW DL_NOW
-# else
-# define LT_DLLAZY_OR_NOW 0
-# endif
-# endif
-# endif
-# endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
- correspondingly for the symbols needed. */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
- void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
- int status = $lt_dlunknown;
-
- if (self)
- {
- if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
- else
- {
- if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
- else puts (dlerror ());
- }
- /* dlclose (self); */
- }
- else
- puts (dlerror ());
-
- return status;
-}
-_LT_EOF
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
- (./conftest; exit; ) >&5 2>/dev/null
- lt_status=$?
- case x$lt_status in
- x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
- x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
- x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;;
- esac
- else :
- # compilation failed
- lt_cv_dlopen_self_static=no
- fi
-fi
-rm -fr conftest*
-
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
-printf "%s\n" "$lt_cv_dlopen_self_static" >&6; }
- fi
-
- CPPFLAGS=$save_CPPFLAGS
- LDFLAGS=$save_LDFLAGS
- LIBS=$save_LIBS
- ;;
- esac
-
- case $lt_cv_dlopen_self in
- yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
- *) enable_dlopen_self=unknown ;;
- esac
-
- case $lt_cv_dlopen_self_static in
- yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
- *) enable_dlopen_self_static=unknown ;;
- esac
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-striplib=
-old_striplib=
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
-printf %s "checking whether stripping libraries is possible... " >&6; }
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
- test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
- test -z "$striplib" && striplib="$STRIP --strip-unneeded"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-else
-# FIXME - insert some real tests, host_os isn't really good enough
- case $host_os in
- darwin*)
- if test -n "$STRIP"; then
- striplib="$STRIP -x"
- old_striplib="$STRIP -S"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- fi
- ;;
- *)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- ;;
- esac
-fi
-
-
-
-
-
-
-
-
-
-
-
-
- # Report what library types will actually be built
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
-printf %s "checking if libtool supports shared libraries... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
-printf "%s\n" "$can_build_shared" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
-printf %s "checking whether to build shared libraries... " >&6; }
- test no = "$can_build_shared" && enable_shared=no
-
- # On AIX, shared libraries and static libraries use the same namespace, and
- # are all built from PIC.
- case $host_os in
- aix3*)
- test yes = "$enable_shared" && enable_static=no
- if test -n "$RANLIB"; then
- archive_cmds="$archive_cmds~\$RANLIB \$lib"
- postinstall_cmds='$RANLIB $lib'
- fi
- ;;
-
- aix[4-9]*)
- if test ia64 != "$host_cpu"; then
- case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
- yes,aix,yes) ;; # shared object as lib.so file only
- yes,svr4,*) ;; # shared object as lib.so archive member only
- yes,*) enable_static=no ;; # shared object in lib.a archive as well
- esac
- fi
- ;;
- esac
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
-printf "%s\n" "$enable_shared" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
-printf %s "checking whether to build static libraries... " >&6; }
- # Make sure either enable_shared or enable_static is yes.
- test yes = "$enable_shared" || enable_static=yes
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
-printf "%s\n" "$enable_static" >&6; }
-
-
-
-
-fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-CC=$lt_save_CC
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ac_config_commands="$ac_config_commands libtool"
-
-
-
-
-# Only expand once:
-
-
-
-
-if test "$ac_cv_prog_cc_c99" = "no"; then
- as_fn_error $? "C99 mode is required to build libapparmor" "$LINENO" 5
-fi
-
-ac_config_files="$ac_config_files Makefile doc/Makefile src/Makefile swig/Makefile swig/perl/Makefile swig/perl/Makefile.PL swig/python/Makefile swig/python/setup.py swig/python/test/Makefile swig/ruby/Makefile testsuite/Makefile testsuite/config/Makefile testsuite/libaalogparse.test/Makefile testsuite/lib/Makefile include/Makefile include/sys/Makefile"
-
-cat >confcache <<\_ACEOF
-# This file is a shell script that caches the results of configure
-# tests run on this system so they can be shared between configure
-# scripts and configure runs, see configure's option --config-cache.
-# It is not useful on other systems. If it contains results you don't
-# want to keep, you may remove or edit it.
-#
-# config.status only pays attention to the cache file if you give it
-# the --recheck option to rerun configure.
-#
-# `ac_cv_env_foo' variables (set or unset) will be overridden when
-# loading this file, other *unset* `ac_cv_foo' will be assigned the
-# following values.
-
-_ACEOF
-
-# The following way of writing the cache mishandles newlines in values,
-# but we know of no workaround that is simple, portable, and efficient.
-# So, we kill variables containing newlines.
-# Ultrix sh set writes to stderr and can't be redirected directly,
-# and sets the high bit in the cache file unless we assign to the vars.
-(
- for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) { eval $ac_var=; unset $ac_var;} ;;
- esac ;;
- esac
- done
-
- (set) 2>&1 |
- case $as_nl`(ac_space=' '; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- # `set' does not quote correctly, so add quotes: double-quote
- # substitution turns \\\\ into \\, and sed turns \\ into \.
- sed -n \
- "s/'/'\\\\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
- ;; #(
- *)
- # `set' quotes correctly as required by POSIX, so do not add quotes.
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-) |
- sed '
- /^ac_cv_env_/b end
- t clear
- :clear
- s/^\([^=]*\)=\(.*[{}].*\)$/test ${\1+y} || &/
- t end
- s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
- :end' >>confcache
-if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
- if test -w "$cache_file"; then
- if test "x$cache_file" != "x/dev/null"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
-printf "%s\n" "$as_me: updating cache $cache_file" >&6;}
- if test ! -f "$cache_file" || test -h "$cache_file"; then
- cat confcache >"$cache_file"
- else
- case $cache_file in #(
- */* | ?:*)
- mv -f confcache "$cache_file"$$ &&
- mv -f "$cache_file"$$ "$cache_file" ;; #(
- *)
- mv -f confcache "$cache_file" ;;
- esac
- fi
- fi
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
-printf "%s\n" "$as_me: not updating unwritable cache $cache_file" >&6;}
- fi
-fi
-rm -f confcache
-
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-# Let make expand exec_prefix.
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-# Transform confdefs.h into DEFS.
-# Protect against shell expansion while executing Makefile rules.
-# Protect against Makefile macro expansion.
-#
-# If the first sed substitution is executed (which looks for macros that
-# take arguments), then branch to the quote section. Otherwise,
-# look for a macro that doesn't take arguments.
-ac_script='
-:mline
-/\\$/{
- N
- s,\\\n,,
- b mline
-}
-t clear
-:clear
-s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g
-t quote
-s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g
-t quote
-b any
-:quote
-s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g
-s/\[/\\&/g
-s/\]/\\&/g
-s/\$/$$/g
-H
-:any
-${
- g
- s/^\n//
- s/\n/ /g
- p
-}
-'
-DEFS=`sed -n "$ac_script" confdefs.h`
-
-
-ac_libobjs=
-ac_ltlibobjs=
-U=
-for ac_i in : $LIB@&t@OBJS; do test "x$ac_i" = x: && continue
- # 1. Remove the extension, and $U if already installed.
- ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
- ac_i=`printf "%s\n" "$ac_i" | sed "$ac_script"`
- # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
- # will be set to the directory where LIBOBJS objects are built.
- as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
- as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
-done
-LIB@&t@OBJS=$ac_libobjs
-
-LTLIBOBJS=$ac_ltlibobjs
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5
-printf %s "checking that generated files are newer than configure... " >&6; }
- if test -n "$am_sleep_pid"; then
- # Hide warnings about reused PIDs.
- wait $am_sleep_pid 2>/dev/null
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: done" >&5
-printf "%s\n" "done" >&6; }
- if test -n "$EXEEXT"; then
- am__EXEEXT_TRUE=
- am__EXEEXT_FALSE='#'
-else
- am__EXEEXT_TRUE='#'
- am__EXEEXT_FALSE=
-fi
-
-if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
- as_fn_error $? "conditional \"AMDEP\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
- as_fn_error $? "conditional \"am__fastdepCC\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${ENABLE_MAN_PAGES_TRUE}" && test -z "${ENABLE_MAN_PAGES_FALSE}"; then
- as_fn_error $? "conditional \"ENABLE_MAN_PAGES\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${HAVE_PYTHON_TRUE}" && test -z "${HAVE_PYTHON_FALSE}"; then
- as_fn_error $? "conditional \"HAVE_PYTHON\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${HAVE_PERL_TRUE}" && test -z "${HAVE_PERL_FALSE}"; then
- as_fn_error $? "conditional \"HAVE_PERL\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${HAVE_RUBY_TRUE}" && test -z "${HAVE_RUBY_FALSE}"; then
- as_fn_error $? "conditional \"HAVE_RUBY\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-
-: "${CONFIG_STATUS=./config.status}"
-ac_write_fail=0
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
-printf "%s\n" "$as_me: creating $CONFIG_STATUS" >&6;}
-as_write_fail=0
-cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-# Run this file to recreate the current configuration.
-# Compiler output produced by configure, useful for debugging
-# configure, is in config.log if it exists.
-
-debug=false
-ac_cs_recheck=false
-ac_cs_silent=false
-
-SHELL=\${CONFIG_SHELL-$SHELL}
-export SHELL
-_ASEOF
-cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
-## -------------------- ##
-## M4sh Initialization. ##
-## -------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-as_nop=:
-if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else $as_nop
- case `(set -o) 2>/dev/null` in @%:@(
- *posix*) :
- set -o posix ;; @%:@(
- *) :
- ;;
-esac
-fi
-
-
-
-# Reset variables that may have inherited troublesome values from
-# the environment.
-
-# IFS needs to be set, to space, tab, and newline, in precisely that order.
-# (If _AS_PATH_WALK were called with IFS unset, it would have the
-# side effect of setting IFS to empty, thus disabling word splitting.)
-# Quoting is to prevent editors from complaining about space-tab.
-as_nl='
-'
-export as_nl
-IFS=" "" $as_nl"
-
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# Ensure predictable behavior from utilities with locale-dependent output.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# We cannot yet rely on "unset" to work, but we need these variables
-# to be unset--not just set to an empty or harmless value--now, to
-# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
-# also avoids known problems related to "unset" and subshell syntax
-# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
-for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
-do eval test \${$as_var+y} \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-
-# Ensure that fds 0, 1, and 2 are open.
-if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
-if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
-if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
-
-# The user is always right.
-if ${PATH_SEPARATOR+false} :; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-# Find who we are. Look in the path if we contain no directory separator.
-as_myself=
-case $0 in @%:@((
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- test -r "$as_dir$0" && as_myself=$as_dir$0 && break
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
-fi
-
-
-
-@%:@ as_fn_error STATUS ERROR [LINENO LOG_FD]
-@%:@ ----------------------------------------
-@%:@ Output "`basename @S|@0`: error: ERROR" to stderr. If LINENO and LOG_FD are
-@%:@ provided, also output the error to LOG_FD, referencing LINENO. Then exit the
-@%:@ script with STATUS, using 1 if that was 0.
-as_fn_error ()
-{
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
- printf "%s\n" "$as_me: error: $2" >&2
- as_fn_exit $as_status
-} @%:@ as_fn_error
-
-
-
-@%:@ as_fn_set_status STATUS
-@%:@ -----------------------
-@%:@ Set @S|@? to STATUS, without forking.
-as_fn_set_status ()
-{
- return $1
-} @%:@ as_fn_set_status
-
-@%:@ as_fn_exit STATUS
-@%:@ -----------------
-@%:@ Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
-as_fn_exit ()
-{
- set +e
- as_fn_set_status $1
- exit $1
-} @%:@ as_fn_exit
-
-@%:@ as_fn_unset VAR
-@%:@ ---------------
-@%:@ Portably unset VAR.
-as_fn_unset ()
-{
- { eval $1=; unset $1;}
-}
-as_unset=as_fn_unset
-
-@%:@ as_fn_append VAR VALUE
-@%:@ ----------------------
-@%:@ Append the text in VALUE to the end of the definition contained in VAR. Take
-@%:@ advantage of any shell optimizations that allow amortized linear growth over
-@%:@ repeated appends, instead of the typical quadratic growth present in naive
-@%:@ implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
-then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
-else $as_nop
- as_fn_append ()
- {
- eval $1=\$$1\$2
- }
-fi # as_fn_append
-
-@%:@ as_fn_arith ARG...
-@%:@ ------------------
-@%:@ Perform arithmetic evaluation on the ARGs, and store the result in the
-@%:@ global @S|@as_val. Take advantage of shells that can avoid forks. The arguments
-@%:@ must be portable across @S|@(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
-then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
-else $as_nop
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
- }
-fi # as_fn_arith
-
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-
-# Determine whether it's possible to make 'echo' print without a newline.
-# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
-# for compatibility with existing Makefiles.
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in @%:@(((((
--n*)
- case `echo 'xy\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- xy) ECHO_C='\c';;
- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
- ECHO_T=' ';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-
-# For backward compatibility with old third-party macros, we provide
-# the shell variables $as_echo and $as_echo_n. New code should use
-# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
-as_@&t@echo='printf %s\n'
-as_@&t@echo_n='printf %s'
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -pR'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -pR'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -pR'
- fi
-else
- as_ln_s='cp -pR'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-
-@%:@ as_fn_mkdir_p
-@%:@ -------------
-@%:@ Create "@S|@as_dir" as a directory, including parents if necessary.
-as_fn_mkdir_p ()
-{
-
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || eval $as_mkdir_p || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
-
-
-} @%:@ as_fn_mkdir_p
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p='mkdir -p "$as_dir"'
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-
-@%:@ as_fn_executable_p FILE
-@%:@ -----------------------
-@%:@ Test if FILE is an executable regular file.
-as_fn_executable_p ()
-{
- test -f "$1" && test -x "$1"
-} @%:@ as_fn_executable_p
-as_test_x='test -x'
-as_executable_p=as_fn_executable_p
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-
-exec 6>&1
-## ----------------------------------- ##
-## Main body of $CONFIG_STATUS script. ##
-## ----------------------------------- ##
-_ASEOF
-test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# Save the log message, to keep $0 and so on meaningful, and to
-# report actual input values of CONFIG_FILES etc. instead of their
-# values after options handling.
-ac_log="
-This file was extended by $as_me, which was
-generated by GNU Autoconf 2.71. Invocation command line was
-
- CONFIG_FILES = $CONFIG_FILES
- CONFIG_HEADERS = $CONFIG_HEADERS
- CONFIG_LINKS = $CONFIG_LINKS
- CONFIG_COMMANDS = $CONFIG_COMMANDS
- $ $0 $@
-
-on `(hostname || uname -n) 2>/dev/null | sed 1q`
-"
-
-_ACEOF
-
-case $ac_config_files in *"
-"*) set x $ac_config_files; shift; ac_config_files=$*;;
-esac
-
-
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-# Files that config.status was made for.
-config_files="$ac_config_files"
-config_commands="$ac_config_commands"
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-ac_cs_usage="\
-\`$as_me' instantiates files and other configuration actions
-from templates according to the current configuration. Unless the files
-and actions are specified as TAGs, all are instantiated by default.
-
-Usage: $0 [OPTION]... [TAG]...
-
- -h, --help print this help, then exit
- -V, --version print version number and configuration settings, then exit
- --config print configuration, then exit
- -q, --quiet, --silent
- do not print progress messages
- -d, --debug don't remove temporary files
- --recheck update $as_me by reconfiguring in the same conditions
- --file=FILE[:TEMPLATE]
- instantiate the configuration file FILE
-
-Configuration files:
-$config_files
-
-Configuration commands:
-$config_commands
-
-Report bugs to the package provider."
-
-_ACEOF
-ac_cs_config=`printf "%s\n" "$ac_configure_args" | sed "$ac_safe_unquote"`
-ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"`
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_cs_config='$ac_cs_config_escaped'
-ac_cs_version="\\
-config.status
-configured by $0, generated by GNU Autoconf 2.71,
- with options \\"\$ac_cs_config\\"
-
-Copyright (C) 2021 Free Software Foundation, Inc.
-This config.status script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it."
-
-ac_pwd='$ac_pwd'
-srcdir='$srcdir'
-INSTALL='$INSTALL'
-MKDIR_P='$MKDIR_P'
-AWK='$AWK'
-test -n "\$AWK" || AWK=awk
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# The default lists apply if the user does not specify any file.
-ac_need_defaults=:
-while test $# != 0
-do
- case $1 in
- --*=?*)
- ac_option=`expr "X$1" : 'X\([^=]*\)='`
- ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
- ac_shift=:
- ;;
- --*=)
- ac_option=`expr "X$1" : 'X\([^=]*\)='`
- ac_optarg=
- ac_shift=:
- ;;
- *)
- ac_option=$1
- ac_optarg=$2
- ac_shift=shift
- ;;
- esac
-
- case $ac_option in
- # Handling of the options.
- -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
- ac_cs_recheck=: ;;
- --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
- printf "%s\n" "$ac_cs_version"; exit ;;
- --config | --confi | --conf | --con | --co | --c )
- printf "%s\n" "$ac_cs_config"; exit ;;
- --debug | --debu | --deb | --de | --d | -d )
- debug=: ;;
- --file | --fil | --fi | --f )
- $ac_shift
- case $ac_optarg in
- *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
- '') as_fn_error $? "missing file argument" ;;
- esac
- as_fn_append CONFIG_FILES " '$ac_optarg'"
- ac_need_defaults=false;;
- --he | --h | --help | --hel | -h )
- printf "%s\n" "$ac_cs_usage"; exit ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil | --si | --s)
- ac_cs_silent=: ;;
-
- # This is an error.
- -*) as_fn_error $? "unrecognized option: \`$1'
-Try \`$0 --help' for more information." ;;
-
- *) as_fn_append ac_config_targets " $1"
- ac_need_defaults=false ;;
-
- esac
- shift
-done
-
-ac_configure_extra_args=
-
-if $ac_cs_silent; then
- exec 6>/dev/null
- ac_configure_extra_args="$ac_configure_extra_args --silent"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-if \$ac_cs_recheck; then
- set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
- shift
- \printf "%s\n" "running CONFIG_SHELL=$SHELL \$*" >&6
- CONFIG_SHELL='$SHELL'
- export CONFIG_SHELL
- exec "\$@"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-exec 5>>config.log
-{
- echo
- sed 'h;s/./-/g;s/^.../@%:@@%:@ /;s/...$/ @%:@@%:@/;p;x;p;x' <<_ASBOX
-@%:@@%:@ Running $as_me. @%:@@%:@
-_ASBOX
- printf "%s\n" "$ac_log"
-} >&5
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-#
-# INIT-COMMANDS
-#
-AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"
-
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-sed_quote_subst='$sed_quote_subst'
-double_quote_subst='$double_quote_subst'
-delay_variable_subst='$delay_variable_subst'
-macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`'
-macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`'
-enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`'
-enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`'
-pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`'
-enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`'
-shared_archive_member_spec='`$ECHO "$shared_archive_member_spec" | $SED "$delay_single_quote_subst"`'
-SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`'
-ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`'
-PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`'
-host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`'
-host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`'
-host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`'
-build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`'
-build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`'
-build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`'
-SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`'
-Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`'
-GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`'
-EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`'
-FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`'
-LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`'
-NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`'
-LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`'
-max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`'
-ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`'
-exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`'
-lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`'
-lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`'
-lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`'
-lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`'
-lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`'
-reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`'
-reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`'
-OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`'
-deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`'
-file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`'
-file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`'
-want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`'
-DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`'
-sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`'
-AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`'
-AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`'
-archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`'
-STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`'
-RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`'
-old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`'
-old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`'
-old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`'
-lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`'
-CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`'
-CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`'
-compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`'
-GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_import='`$ECHO "$lt_cv_sys_global_symbol_to_import" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`'
-lt_cv_nm_interface='`$ECHO "$lt_cv_nm_interface" | $SED "$delay_single_quote_subst"`'
-nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`'
-lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`'
-lt_cv_truncate_bin='`$ECHO "$lt_cv_truncate_bin" | $SED "$delay_single_quote_subst"`'
-objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`'
-MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`'
-lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`'
-need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`'
-MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`'
-DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`'
-NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`'
-LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`'
-OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`'
-OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`'
-libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`'
-shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`'
-extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`'
-archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`'
-enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`'
-export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`'
-whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`'
-compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`'
-old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`'
-old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`'
-archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`'
-archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`'
-module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`'
-module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`'
-with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`'
-allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`'
-no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`'
-hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`'
-hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`'
-hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`'
-hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`'
-hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`'
-hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`'
-hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`'
-inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`'
-link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`'
-always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`'
-export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`'
-exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`'
-include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`'
-prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`'
-postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`'
-file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`'
-variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`'
-need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`'
-need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`'
-version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`'
-runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`'
-shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`'
-shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`'
-libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`'
-library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`'
-soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`'
-install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`'
-postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`'
-postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`'
-finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`'
-finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`'
-hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`'
-sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`'
-configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`'
-configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`'
-hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`'
-enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`'
-enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`'
-enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`'
-old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`'
-striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`'
-
-LTCC='$LTCC'
-LTCFLAGS='$LTCFLAGS'
-compiler='$compiler_DEFAULT'
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
- eval 'cat <<_LTECHO_EOF
-\$1
-_LTECHO_EOF'
-}
-
-# Quote evaled strings.
-for var in SHELL \
-ECHO \
-PATH_SEPARATOR \
-SED \
-GREP \
-EGREP \
-FGREP \
-LD \
-NM \
-LN_S \
-lt_SP2NL \
-lt_NL2SP \
-reload_flag \
-OBJDUMP \
-deplibs_check_method \
-file_magic_cmd \
-file_magic_glob \
-want_nocaseglob \
-DLLTOOL \
-sharedlib_from_linklib_cmd \
-AR \
-AR_FLAGS \
-archiver_list_spec \
-STRIP \
-RANLIB \
-CC \
-CFLAGS \
-compiler \
-lt_cv_sys_global_symbol_pipe \
-lt_cv_sys_global_symbol_to_cdecl \
-lt_cv_sys_global_symbol_to_import \
-lt_cv_sys_global_symbol_to_c_name_address \
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \
-lt_cv_nm_interface \
-nm_file_list_spec \
-lt_cv_truncate_bin \
-lt_prog_compiler_no_builtin_flag \
-lt_prog_compiler_pic \
-lt_prog_compiler_wl \
-lt_prog_compiler_static \
-lt_cv_prog_compiler_c_o \
-need_locks \
-MANIFEST_TOOL \
-DSYMUTIL \
-NMEDIT \
-LIPO \
-OTOOL \
-OTOOL64 \
-shrext_cmds \
-export_dynamic_flag_spec \
-whole_archive_flag_spec \
-compiler_needs_object \
-with_gnu_ld \
-allow_undefined_flag \
-no_undefined_flag \
-hardcode_libdir_flag_spec \
-hardcode_libdir_separator \
-exclude_expsyms \
-include_expsyms \
-file_list_spec \
-variables_saved_for_relink \
-libname_spec \
-library_names_spec \
-soname_spec \
-install_override_mode \
-finish_eval \
-old_striplib \
-striplib; do
- case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
- *[\\\\\\\`\\"\\\$]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
- ;;
- *)
- eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
- ;;
- esac
-done
-
-# Double-quote double-evaled strings.
-for var in reload_cmds \
-old_postinstall_cmds \
-old_postuninstall_cmds \
-old_archive_cmds \
-extract_expsyms_cmds \
-old_archive_from_new_cmds \
-old_archive_from_expsyms_cmds \
-archive_cmds \
-archive_expsym_cmds \
-module_cmds \
-module_expsym_cmds \
-export_symbols_cmds \
-prelink_cmds \
-postlink_cmds \
-postinstall_cmds \
-postuninstall_cmds \
-finish_cmds \
-sys_lib_search_path_spec \
-configure_time_dlsearch_path \
-configure_time_lt_sys_library_path; do
- case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
- *[\\\\\\\`\\"\\\$]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
- ;;
- *)
- eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
- ;;
- esac
-done
-
-ac_aux_dir='$ac_aux_dir'
-
-# See if we are running on zsh, and set the options that allow our
-# commands through without removal of \ escapes INIT.
-if test -n "\${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
-fi
-
-
- PACKAGE='$PACKAGE'
- VERSION='$VERSION'
- RM='$RM'
- ofile='$ofile'
-
-
-
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-
-# Handling of arguments.
-for ac_config_target in $ac_config_targets
-do
- case $ac_config_target in
- "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
- "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
- "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
- "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
- "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
- "swig/Makefile") CONFIG_FILES="$CONFIG_FILES swig/Makefile" ;;
- "swig/perl/Makefile") CONFIG_FILES="$CONFIG_FILES swig/perl/Makefile" ;;
- "swig/perl/Makefile.PL") CONFIG_FILES="$CONFIG_FILES swig/perl/Makefile.PL" ;;
- "swig/python/Makefile") CONFIG_FILES="$CONFIG_FILES swig/python/Makefile" ;;
- "swig/python/setup.py") CONFIG_FILES="$CONFIG_FILES swig/python/setup.py" ;;
- "swig/python/test/Makefile") CONFIG_FILES="$CONFIG_FILES swig/python/test/Makefile" ;;
- "swig/ruby/Makefile") CONFIG_FILES="$CONFIG_FILES swig/ruby/Makefile" ;;
- "testsuite/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/Makefile" ;;
- "testsuite/config/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/config/Makefile" ;;
- "testsuite/libaalogparse.test/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/libaalogparse.test/Makefile" ;;
- "testsuite/lib/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/lib/Makefile" ;;
- "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
- "include/sys/Makefile") CONFIG_FILES="$CONFIG_FILES include/sys/Makefile" ;;
-
- *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
- esac
-done
-
-
-# If the user did not use the arguments to specify the items to instantiate,
-# then the envvar interface is used. Set only those that are not.
-# We use the long form for the default assignment because of an extremely
-# bizarre bug on SunOS 4.1.3.
-if $ac_need_defaults; then
- test ${CONFIG_FILES+y} || CONFIG_FILES=$config_files
- test ${CONFIG_COMMANDS+y} || CONFIG_COMMANDS=$config_commands
-fi
-
-# Have a temporary directory for convenience. Make it in the build tree
-# simply because there is no reason against having it here, and in addition,
-# creating and moving files from /tmp can sometimes cause problems.
-# Hook for its removal unless debugging.
-# Note that there is a small window in which the directory will not be cleaned:
-# after its creation but before its name has been assigned to `$tmp'.
-$debug ||
-{
- tmp= ac_tmp=
- trap 'exit_status=$?
- : "${ac_tmp:=$tmp}"
- { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
-' 0
- trap 'as_fn_exit 1' 1 2 13 15
-}
-# Create a (secure) tmp directory for tmp files.
-
-{
- tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
- test -d "$tmp"
-} ||
-{
- tmp=./conf$$-$RANDOM
- (umask 077 && mkdir "$tmp")
-} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
-ac_tmp=$tmp
-
-# Set up the scripts for CONFIG_FILES section.
-# No need to generate them if there are no CONFIG_FILES.
-# This happens for instance with `./config.status config.h'.
-if test -n "$CONFIG_FILES"; then
-
-
-ac_cr=`echo X | tr X '\015'`
-# On cygwin, bash can eat \r inside `` if the user requested igncr.
-# But we know of no other shell where ac_cr would be empty at this
-# point, so we can use a bashism as a fallback.
-if test "x$ac_cr" = x; then
- eval ac_cr=\$\'\\r\'
-fi
-ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
-if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
- ac_cs_awk_cr='\\r'
-else
- ac_cs_awk_cr=$ac_cr
-fi
-
-echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
-_ACEOF
-
-
-{
- echo "cat >conf$$subs.awk <<_ACEOF" &&
- echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
- echo "_ACEOF"
-} >conf$$subs.sh ||
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
-ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
-ac_delim='%!_!# '
-for ac_last_try in false false false false false :; do
- . ./conf$$subs.sh ||
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
-
- ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
- if test $ac_delim_n = $ac_delim_num; then
- break
- elif $ac_last_try; then
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
- else
- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
- fi
-done
-rm -f conf$$subs.sh
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
-_ACEOF
-sed -n '
-h
-s/^/S["/; s/!.*/"]=/
-p
-g
-s/^[^!]*!//
-:repl
-t repl
-s/'"$ac_delim"'$//
-t delim
-:nl
-h
-s/\(.\{148\}\)..*/\1/
-t more1
-s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
-p
-n
-b repl
-:more1
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t nl
-:delim
-h
-s/\(.\{148\}\)..*/\1/
-t more2
-s/["\\]/\\&/g; s/^/"/; s/$/"/
-p
-b
-:more2
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t delim
-' <conf$$subs.awk | sed '
-/^[^""]/{
- N
- s/\n//
-}
-' >>$CONFIG_STATUS || ac_write_fail=1
-rm -f conf$$subs.awk
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-_ACAWK
-cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
- for (key in S) S_is_set[key] = 1
- FS = "�"
-
-}
-{
- line = $ 0
- nfields = split(line, field, "@")
- substed = 0
- len = length(field[1])
- for (i = 2; i < nfields; i++) {
- key = field[i]
- keylen = length(key)
- if (S_is_set[key]) {
- value = S[key]
- line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
- len += length(value) + length(field[++i])
- substed = 1
- } else
- len += 1 + keylen
- }
-
- print line
-}
-
-_ACAWK
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
- sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
-else
- cat
-fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
- || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
-_ACEOF
-
-# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
-# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
-# trailing colons and then remove the whole line if VPATH becomes empty
-# (actually we leave an empty line to preserve line numbers).
-if test "x$srcdir" = x.; then
- ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
-h
-s///
-s/^/:/
-s/[ ]*$/:/
-s/:\$(srcdir):/:/g
-s/:\${srcdir}:/:/g
-s/:@srcdir@:/:/g
-s/^:*//
-s/:*$//
-x
-s/\(=[ ]*\).*/\1/
-G
-s/\n//
-s/^[^=]*=[ ]*$//
-}'
-fi
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-fi # test -n "$CONFIG_FILES"
-
-
-eval set X " :F $CONFIG_FILES :C $CONFIG_COMMANDS"
-shift
-for ac_tag
-do
- case $ac_tag in
- :[FHLC]) ac_mode=$ac_tag; continue;;
- esac
- case $ac_mode$ac_tag in
- :[FHL]*:*);;
- :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
- :[FH]-) ac_tag=-:-;;
- :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
- esac
- ac_save_IFS=$IFS
- IFS=:
- set x $ac_tag
- IFS=$ac_save_IFS
- shift
- ac_file=$1
- shift
-
- case $ac_mode in
- :L) ac_source=$1;;
- :[FH])
- ac_file_inputs=
- for ac_f
- do
- case $ac_f in
- -) ac_f="$ac_tmp/stdin";;
- *) # Look for the file first in the build tree, then in the source tree
- # (if the path is not absolute). The absolute path cannot be DOS-style,
- # because $ac_f cannot contain `:'.
- test -f "$ac_f" ||
- case $ac_f in
- [\\/$]*) false;;
- *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
- esac ||
- as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
- esac
- case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
- as_fn_append ac_file_inputs " '$ac_f'"
- done
-
- # Let's still pretend it is `configure' which instantiates (i.e., don't
- # use $as_me), people would be surprised to read:
- # /* config.h. Generated by config.status. */
- configure_input='Generated from '`
- printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
- `' by configure.'
- if test x"$ac_file" != x-; then
- configure_input="$ac_file. $configure_input"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
-printf "%s\n" "$as_me: creating $ac_file" >&6;}
- fi
- # Neutralize special characters interpreted by sed in replacement strings.
- case $configure_input in #(
- *\&* | *\|* | *\\* )
- ac_sed_conf_input=`printf "%s\n" "$configure_input" |
- sed 's/[\\\\&|]/\\\\&/g'`;; #(
- *) ac_sed_conf_input=$configure_input;;
- esac
-
- case $ac_tag in
- *:-:* | *:-) cat >"$ac_tmp/stdin" \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
- esac
- ;;
- esac
-
- ac_dir=`$as_dirname -- "$ac_file" ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$ac_file" : 'X\(//\)[^/]' \| \
- X"$ac_file" : 'X\(//\)$' \| \
- X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$ac_file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- as_dir="$ac_dir"; as_fn_mkdir_p
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
-
- case $ac_mode in
- :F)
- #
- # CONFIG_FILE
- #
-
- case $INSTALL in
- [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
- *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
- esac
- ac_MKDIR_P=$MKDIR_P
- case $MKDIR_P in
- [\\/$]* | ?:[\\/]* ) ;;
- */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
- esac
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# If the template does not know about datarootdir, expand it.
-# FIXME: This hack should be removed a few years after 2.60.
-ac_datarootdir_hack=; ac_datarootdir_seen=
-ac_sed_dataroot='
-/datarootdir/ {
- p
- q
-}
-/@datadir@/p
-/@docdir@/p
-/@infodir@/p
-/@localedir@/p
-/@mandir@/p'
-case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
-*datarootdir*) ac_datarootdir_seen=yes;;
-*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
-printf "%s\n" "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
- ac_datarootdir_hack='
- s&@datadir@&$datadir&g
- s&@docdir@&$docdir&g
- s&@infodir@&$infodir&g
- s&@localedir@&$localedir&g
- s&@mandir@&$mandir&g
- s&\\\${datarootdir}&$datarootdir&g' ;;
-esac
-_ACEOF
-
-# Neutralize VPATH when `$srcdir' = `.'.
-# Shell code in configure.ac might set extrasub.
-# FIXME: do we really want to maintain this feature?
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_sed_extra="$ac_vpsub
-$extrasub
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-:t
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s|@configure_input@|$ac_sed_conf_input|;t t
-s&@top_builddir@&$ac_top_builddir_sub&;t t
-s&@top_build_prefix@&$ac_top_build_prefix&;t t
-s&@srcdir@&$ac_srcdir&;t t
-s&@abs_srcdir@&$ac_abs_srcdir&;t t
-s&@top_srcdir@&$ac_top_srcdir&;t t
-s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
-s&@builddir@&$ac_builddir&;t t
-s&@abs_builddir@&$ac_abs_builddir&;t t
-s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
-s&@INSTALL@&$ac_INSTALL&;t t
-s&@MKDIR_P@&$ac_MKDIR_P&;t t
-$ac_datarootdir_hack
-"
-eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
- >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
-
-test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
- { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
- { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
- "$ac_tmp/out"`; test -z "$ac_out"; } &&
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined" >&5
-printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined" >&2;}
-
- rm -f "$ac_tmp/stdin"
- case $ac_file in
- -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
- *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
- esac \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
- ;;
-
-
- :C) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
-printf "%s\n" "$as_me: executing $ac_file commands" >&6;}
- ;;
- esac
-
-
- case $ac_file$ac_mode in
- "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
- # Older Autoconf quotes --file arguments for eval, but not when files
- # are listed without --file. Let's play safe and only enable the eval
- # if we detect the quoting.
- # TODO: see whether this extra hack can be removed once we start
- # requiring Autoconf 2.70 or later.
- case $CONFIG_FILES in @%:@(
- *\'*) :
- eval set x "$CONFIG_FILES" ;; @%:@(
- *) :
- set x $CONFIG_FILES ;; @%:@(
- *) :
- ;;
-esac
- shift
- # Used to flag and report bootstrapping failures.
- am_rc=0
- for am_mf
- do
- # Strip MF so we end up with the name of the file.
- am_mf=`printf "%s\n" "$am_mf" | sed -e 's/:.*$//'`
- # Check whether this is an Automake generated Makefile which includes
- # dependency-tracking related rules and includes.
- # Grep'ing the whole file directly is not great: AIX grep has a line
- # limit of 2048, but all sed's we know have understand at least 4000.
- sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
- || continue
- am_dirpart=`$as_dirname -- "$am_mf" ||
-$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$am_mf" : 'X\(//\)[^/]' \| \
- X"$am_mf" : 'X\(//\)$' \| \
- X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$am_mf" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- am_filepart=`$as_basename -- "$am_mf" ||
-$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \
- X"$am_mf" : 'X\(//\)$' \| \
- X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X/"$am_mf" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- { echo "$as_me:$LINENO: cd "$am_dirpart" \
- && sed -e '/# am--include-marker/d' "$am_filepart" \
- | $MAKE -f - am--depfiles" >&5
- (cd "$am_dirpart" \
- && sed -e '/# am--include-marker/d' "$am_filepart" \
- | $MAKE -f - am--depfiles) >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } || am_rc=$?
- done
- if test $am_rc -ne 0; then
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "Something went wrong bootstrapping makefile fragments
- for automatic dependency tracking. If GNU make was not used, consider
- re-running the configure script with MAKE=\"gmake\" (or whatever is
- necessary). You can also try re-running configure with the
- '--disable-dependency-tracking' option to at least be able to build
- the package (albeit without support for automatic dependency tracking).
-See \`config.log' for more details" "$LINENO" 5; }
- fi
- { am_dirpart=; unset am_dirpart;}
- { am_filepart=; unset am_filepart;}
- { am_mf=; unset am_mf;}
- { am_rc=; unset am_rc;}
- rm -f conftest-deps.mk
-}
- ;;
- "libtool":C)
-
- # See if we are running on zsh, and set the options that allow our
- # commands through without removal of \ escapes.
- if test -n "${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
- fi
-
- cfgfile=${ofile}T
- trap "$RM \"$cfgfile\"; exit 1" 1 2 15
- $RM "$cfgfile"
-
- cat <<_LT_EOF >> "$cfgfile"
-#! $SHELL
-# Generated automatically by $as_me ($PACKAGE) $VERSION
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-
-# Provide generalized library-building support services.
-# Written by Gordon Matzigkeit, 1996
-
-# Copyright (C) 2014 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions. There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# GNU Libtool is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of of the License, or
-# (at your option) any later version.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program or library that is built
-# using GNU Libtool, you may include this file under the same
-# distribution terms that you use for the rest of that program.
-#
-# GNU Libtool is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-
-# The names of the tagged configurations supported by this script.
-available_tags=''
-
-# Configured defaults for sys_lib_dlsearch_path munging.
-: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
-
-# ### BEGIN LIBTOOL CONFIG
-
-# Which release of libtool.m4 was used?
-macro_version=$macro_version
-macro_revision=$macro_revision
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# What type of objects to build.
-pic_mode=$pic_mode
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# Shared archive member basename,for filename based shared library versioning on AIX.
-shared_archive_member_spec=$shared_archive_member_spec
-
-# Shell to use when invoking shell scripts.
-SHELL=$lt_SHELL
-
-# An echo program that protects backslashes.
-ECHO=$lt_ECHO
-
-# The PATH separator for the build system.
-PATH_SEPARATOR=$lt_PATH_SEPARATOR
-
-# The host system.
-host_alias=$host_alias
-host=$host
-host_os=$host_os
-
-# The build system.
-build_alias=$build_alias
-build=$build
-build_os=$build_os
-
-# A sed program that does not truncate output.
-SED=$lt_SED
-
-# Sed that helps us avoid accidentally triggering echo(1) options like -n.
-Xsed="\$SED -e 1s/^X//"
-
-# A grep program that handles long lines.
-GREP=$lt_GREP
-
-# An ERE matcher.
-EGREP=$lt_EGREP
-
-# A literal string matcher.
-FGREP=$lt_FGREP
-
-# A BSD- or MS-compatible name lister.
-NM=$lt_NM
-
-# Whether we need soft or hard links.
-LN_S=$lt_LN_S
-
-# What is the maximum length of a command?
-max_cmd_len=$max_cmd_len
-
-# Object file suffix (normally "o").
-objext=$ac_objext
-
-# Executable file suffix (normally "").
-exeext=$exeext
-
-# whether the shell understands "unset".
-lt_unset=$lt_unset
-
-# turn spaces into newlines.
-SP2NL=$lt_lt_SP2NL
-
-# turn newlines into spaces.
-NL2SP=$lt_lt_NL2SP
-
-# convert \$build file names to \$host format.
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-
-# convert \$build files to toolchain format.
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-
-# An object symbol dumper.
-OBJDUMP=$lt_OBJDUMP
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$lt_deplibs_check_method
-
-# Command to use when deplibs_check_method = "file_magic".
-file_magic_cmd=$lt_file_magic_cmd
-
-# How to find potential files when deplibs_check_method = "file_magic".
-file_magic_glob=$lt_file_magic_glob
-
-# Find potential files using nocaseglob when deplibs_check_method = "file_magic".
-want_nocaseglob=$lt_want_nocaseglob
-
-# DLL creation program.
-DLLTOOL=$lt_DLLTOOL
-
-# Command to associate shared and link libraries.
-sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd
-
-# The archiver.
-AR=$lt_AR
-
-# Flags to create an archive.
-AR_FLAGS=$lt_AR_FLAGS
-
-# How to feed a file listing to the archiver.
-archiver_list_spec=$lt_archiver_list_spec
-
-# A symbol stripping program.
-STRIP=$lt_STRIP
-
-# Commands used to install an old-style archive.
-RANLIB=$lt_RANLIB
-old_postinstall_cmds=$lt_old_postinstall_cmds
-old_postuninstall_cmds=$lt_old_postuninstall_cmds
-
-# Whether to use a lock for old archive extraction.
-lock_old_archive_extraction=$lock_old_archive_extraction
-
-# A C compiler.
-LTCC=$lt_CC
-
-# LTCC compiler flags.
-LTCFLAGS=$lt_CFLAGS
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration.
-global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
-
-# Transform the output of nm into a list of symbols to manually relocate.
-global_symbol_to_import=$lt_lt_cv_sys_global_symbol_to_import
-
-# Transform the output of nm in a C name address pair.
-global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
-
-# Transform the output of nm in a C name address pair when lib prefix is needed.
-global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix
-
-# The name lister interface.
-nm_interface=$lt_lt_cv_nm_interface
-
-# Specify filename containing input files for \$NM.
-nm_file_list_spec=$lt_nm_file_list_spec
-
-# The root where to search for dependent libraries,and where our libraries should be installed.
-lt_sysroot=$lt_sysroot
-
-# Command to truncate a binary pipe.
-lt_truncate_bin=$lt_lt_cv_truncate_bin
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# Used to examine libraries when file_magic_cmd begins with "file".
-MAGIC_CMD=$MAGIC_CMD
-
-# Must we lock files when doing compilation?
-need_locks=$lt_need_locks
-
-# Manifest tool.
-MANIFEST_TOOL=$lt_MANIFEST_TOOL
-
-# Tool to manipulate archived DWARF debug symbol files on Mac OS X.
-DSYMUTIL=$lt_DSYMUTIL
-
-# Tool to change global to local symbols on Mac OS X.
-NMEDIT=$lt_NMEDIT
-
-# Tool to manipulate fat objects and archives on Mac OS X.
-LIPO=$lt_LIPO
-
-# ldd/readelf like tool for Mach-O binaries on Mac OS X.
-OTOOL=$lt_OTOOL
-
-# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4.
-OTOOL64=$lt_OTOOL64
-
-# Old archive suffix (normally "a").
-libext=$libext
-
-# Shared library suffix (normally ".so").
-shrext_cmds=$lt_shrext_cmds
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$lt_extract_expsyms_cmds
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at link time.
-variables_saved_for_relink=$lt_variables_saved_for_relink
-
-# Do we need the "lib" prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Library versioning type.
-version_type=$version_type
-
-# Shared library runtime path variable.
-runpath_var=$runpath_var
-
-# Shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# Format of library name prefix.
-libname_spec=$lt_libname_spec
-
-# List of archive names. First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME
-library_names_spec=$lt_library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$lt_soname_spec
-
-# Permission mode override for installation of shared libraries.
-install_override_mode=$lt_install_override_mode
-
-# Command to use after installation of a shared archive.
-postinstall_cmds=$lt_postinstall_cmds
-
-# Command to use after uninstallation of a shared archive.
-postuninstall_cmds=$lt_postuninstall_cmds
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$lt_finish_cmds
-
-# As "finish_cmds", except a single script fragment to be evaled but
-# not shown.
-finish_eval=$lt_finish_eval
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Compile-time system search path for libraries.
-sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
-
-# Detected run-time system search path for libraries.
-sys_lib_dlsearch_path_spec=$lt_configure_time_dlsearch_path
-
-# Explicit LT_SYS_LIBRARY_PATH set during ./configure time.
-configure_time_lt_sys_library_path=$lt_configure_time_lt_sys_library_path
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Commands to strip libraries.
-old_striplib=$lt_old_striplib
-striplib=$lt_striplib
-
-
-# The linker used to build libraries.
-LD=$lt_LD
-
-# How to create reloadable object files.
-reload_flag=$lt_reload_flag
-reload_cmds=$lt_reload_cmds
-
-# Commands used to build an old-style archive.
-old_archive_cmds=$lt_old_archive_cmds
-
-# A language specific compiler.
-CC=$lt_compiler
-
-# Is the compiler the GNU compiler?
-with_gcc=$GCC
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
-
-# Additional compiler flags for building library objects.
-pic_flag=$lt_lt_prog_compiler_pic
-
-# How to pass a linker flag through the compiler.
-wl=$lt_lt_prog_compiler_wl
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$lt_lt_prog_compiler_static
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$lt_lt_cv_prog_compiler_c_o
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$archive_cmds_need_lc
-
-# Whether or not to disallow shared libs when runtime libs are static.
-allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$lt_whole_archive_flag_spec
-
-# Whether the compiler copes with passing no objects directly.
-compiler_needs_object=$lt_compiler_needs_object
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
-
-# Commands used to build a shared archive.
-archive_cmds=$lt_archive_cmds
-archive_expsym_cmds=$lt_archive_expsym_cmds
-
-# Commands used to build a loadable module if different from building
-# a shared archive.
-module_cmds=$lt_module_cmds
-module_expsym_cmds=$lt_module_expsym_cmds
-
-# Whether we are building with GNU ld or not.
-with_gnu_ld=$lt_with_gnu_ld
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$lt_allow_undefined_flag
-
-# Flag that enforces no undefined symbols.
-no_undefined_flag=$lt_no_undefined_flag
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist
-hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
-
-# Whether we need a single "-rpath" flag with a separated argument.
-hardcode_libdir_separator=$lt_hardcode_libdir_separator
-
-# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
-# DIR into the resulting binary.
-hardcode_direct=$hardcode_direct
-
-# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
-# DIR into the resulting binary and the resulting library dependency is
-# "absolute",i.e impossible to change by setting \$shlibpath_var if the
-# library is relocated.
-hardcode_direct_absolute=$hardcode_direct_absolute
-
-# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
-# into the resulting binary.
-hardcode_minus_L=$hardcode_minus_L
-
-# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
-# into the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var
-
-# Set to "yes" if building a shared library automatically hardcodes DIR
-# into the library and all subsequent libraries and executables linked
-# against it.
-hardcode_automatic=$hardcode_automatic
-
-# Set to yes if linker adds runtime paths of dependent libraries
-# to runtime path list.
-inherit_rpath=$inherit_rpath
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs
-
-# Set to "yes" if exported symbols are required.
-always_export_symbols=$always_export_symbols
-
-# The commands to list exported symbols.
-export_symbols_cmds=$lt_export_symbols_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$lt_exclude_expsyms
-
-# Symbols that must always be exported.
-include_expsyms=$lt_include_expsyms
-
-# Commands necessary for linking programs (against libraries) with templates.
-prelink_cmds=$lt_prelink_cmds
-
-# Commands necessary for finishing linking programs.
-postlink_cmds=$lt_postlink_cmds
-
-# Specify filename containing input files.
-file_list_spec=$lt_file_list_spec
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action
-
-# ### END LIBTOOL CONFIG
-
-_LT_EOF
-
- cat <<'_LT_EOF' >> "$cfgfile"
-
-# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
-
-# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-# string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-# string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-# string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-# "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-# VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
- case x@S|@2 in
- x)
- ;;
- *:)
- eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
- ;;
- x:*)
- eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
- ;;
- *::*)
- eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
- eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
- ;;
- *)
- eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
- ;;
- esac
-}
-
-
-# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
- for cc_temp in @S|@*""; do
- case $cc_temp in
- compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
- distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
- \-*) ;;
- *) break;;
- esac
- done
- func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-
-
-# ### END FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_EOF
-
- case $host_os in
- aix3*)
- cat <<\_LT_EOF >> "$cfgfile"
-# AIX sometimes has problems with the GCC collect2 program. For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test set != "${COLLECT_NAMES+set}"; then
- COLLECT_NAMES=
- export COLLECT_NAMES
-fi
-_LT_EOF
- ;;
- esac
-
-
-
-ltmain=$ac_aux_dir/ltmain.sh
-
-
- # We use sed instead of cat because bash on DJGPP gets confused if
- # if finds mixed CR/LF and LF-only lines. Since sed operates in
- # text mode, it properly converts lines to CR/LF. This bash problem
- # is reportedly fixed, but why not run on old versions too?
- sed '$q' "$ltmain" >> "$cfgfile" \
- || (rm -f "$cfgfile"; exit 1)
-
- mv -f "$cfgfile" "$ofile" ||
- (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
- chmod +x "$ofile"
-
- ;;
-
- esac
-done # for ac_tag
-
-
-as_fn_exit 0
-_ACEOF
-ac_clean_files=$ac_clean_files_save
-
-test $ac_write_fail = 0 ||
- as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
-
-
-# configure is writing to config.log, and then calls config.status.
-# config.status does its own redirection, appending to config.log.
-# Unfortunately, on DOS this fails, as config.log is still kept open
-# by configure, so config.status won't be able to write to it; its
-# output is simply discarded. So we exec the FD to /dev/null,
-# effectively closing config.log, so it can be properly (re)opened and
-# appended to by config.status. When coming back to configure, we
-# need to make the FD available again.
-if test "$no_create" != yes; then
- ac_cs_success=:
- ac_config_status_args=
- test "$silent" = yes &&
- ac_config_status_args="$ac_config_status_args --quiet"
- exec 5>/dev/null
- $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
- exec 5>>config.log
- # Use ||, not &&, to avoid exiting from the if with $? = 1, which
- # would make configure fail if this is the last instruction.
- $ac_cs_success || as_fn_exit 1
-fi
-if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
-printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
-fi
-
diff --git a/libraries/libapparmor/autom4te.cache/requests b/libraries/libapparmor/autom4te.cache/requests
deleted file mode 100644
index d75f86279bb40ea3f7cfb949d0b2dcb54166deff..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/autom4te.cache/requests
+++ /dev/null
@@ -1,369 +0,0 @@
-# This file was generated by Autom4te 2.71.
-# It contains the lists of macros which have been traced.
-# It can be safely removed.
-
-@request = (
- bless( [
- '0',
- 1,
- [
- '/usr/share/autoconf'
- ],
- [
- '/usr/share/autoconf/autoconf/autoconf.m4f',
- '/usr/share/aclocal-1.16/internal/ac-config-macro-dirs.m4',
- '/usr/share/aclocal/libtool.m4',
- '/usr/share/aclocal/ltoptions.m4',
- '/usr/share/aclocal/ltsugar.m4',
- '/usr/share/aclocal/ltversion.m4',
- '/usr/share/aclocal/lt~obsolete.m4',
- '/usr/share/aclocal/pkg.m4',
- '/usr/share/aclocal-1.16/amversion.m4',
- '/usr/share/aclocal-1.16/auxdir.m4',
- '/usr/share/aclocal-1.16/cond.m4',
- '/usr/share/aclocal-1.16/depend.m4',
- '/usr/share/aclocal-1.16/depout.m4',
- '/usr/share/aclocal-1.16/init.m4',
- '/usr/share/aclocal-1.16/install-sh.m4',
- '/usr/share/aclocal-1.16/lead-dot.m4',
- '/usr/share/aclocal-1.16/lex.m4',
- '/usr/share/aclocal-1.16/make.m4',
- '/usr/share/aclocal-1.16/missing.m4',
- '/usr/share/aclocal-1.16/options.m4',
- '/usr/share/aclocal-1.16/prog-cc-c-o.m4',
- '/usr/share/aclocal-1.16/python.m4',
- '/usr/share/aclocal-1.16/runlog.m4',
- '/usr/share/aclocal-1.16/sanity.m4',
- '/usr/share/aclocal-1.16/silent.m4',
- '/usr/share/aclocal-1.16/strip.m4',
- '/usr/share/aclocal-1.16/substnot.m4',
- '/usr/share/aclocal-1.16/tar.m4',
- 'configure.ac'
- ],
- {
- 'AU_DEFUN' => 1,
- 'AC_LIBTOOL_GCJ' => 1,
- 'LT_AC_PROG_GCJ' => 1,
- 'AM_SANITY_CHECK' => 1,
- 'AM_PROG_INSTALL_SH' => 1,
- 'AM_AUX_DIR_EXPAND' => 1,
- 'AC_LIBTOOL_CXX' => 1,
- 'AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH' => 1,
- 'AC_LIBTOOL_LINKER_OPTION' => 1,
- 'PROG_POD2MAN' => 1,
- 'AM_PATH_PYTHON' => 1,
- '_LT_AC_LANG_F77' => 1,
- '_LT_CC_BASENAME' => 1,
- '_AM_AUTOCONF_VERSION' => 1,
- '_LT_AC_PROG_CXXCPP' => 1,
- 'AM_SET_DEPDIR' => 1,
- '_LT_AC_TAGCONFIG' => 1,
- '_AM_SUBST_NOTMAKE' => 1,
- '_LT_PROG_FC' => 1,
- 'AC_DISABLE_FAST_INSTALL' => 1,
- 'AC_LIBTOOL_PROG_LD_SHLIBS' => 1,
- '_LT_PROG_CXX' => 1,
- '_AM_CONFIG_MACRO_DIRS' => 1,
- '_LT_AC_PROG_ECHO_BACKSLASH' => 1,
- 'AC_LIBTOOL_LANG_F77_CONFIG' => 1,
- '_LT_LINKER_BOILERPLATE' => 1,
- 'PKG_NOARCH_INSTALLDIR' => 1,
- 'AC_LIBTOOL_SYS_MAX_CMD_LEN' => 1,
- 'AC_LIBTOOL_PROG_CC_C_O' => 1,
- 'LT_OUTPUT' => 1,
- 'AM_ENABLE_SHARED' => 1,
- 'PKG_CHECK_MODULES' => 1,
- '_AM_SET_OPTION' => 1,
- 'AM_SUBST_NOTMAKE' => 1,
- 'AC_CONFIG_MACRO_DIR_TRACE' => 1,
- '_LT_AC_TRY_DLOPEN_SELF' => 1,
- 'AM_PROG_INSTALL_STRIP' => 1,
- '_LT_AC_CHECK_DLFCN' => 1,
- 'AC_LIBTOOL_LANG_CXX_CONFIG' => 1,
- '_AM_PROG_TAR' => 1,
- 'PKG_CHECK_EXISTS' => 1,
- '_LT_PROG_LTMAIN' => 1,
- 'AC_LIBTOOL_POSTDEP_PREDEP' => 1,
- 'AC_LIBTOOL_LANG_RC_CONFIG' => 1,
- '_LT_COMPILER_OPTION' => 1,
- 'AC_PROG_LD_GNU' => 1,
- 'AM_SET_LEADING_DOT' => 1,
- '_AM_DEPENDENCIES' => 1,
- '_LT_AC_LANG_F77_CONFIG' => 1,
- 'LT_SUPPORTED_TAG' => 1,
- '_LT_AC_LANG_C_CONFIG' => 1,
- 'LTVERSION_VERSION' => 1,
- 'AM_MISSING_HAS_RUN' => 1,
- 'AM_RUN_LOG' => 1,
- 'LT_PROG_RC' => 1,
- 'AM_CONDITIONAL' => 1,
- 'AM_AUTOMAKE_VERSION' => 1,
- '_LT_AC_TAGVAR' => 1,
- '_AM_IF_OPTION' => 1,
- 'AM_MAKE_INCLUDE' => 1,
- 'AM_SET_CURRENT_AUTOMAKE_VERSION' => 1,
- 'AC_LIBTOOL_F77' => 1,
- '_LT_AC_FILE_LTDLL_C' => 1,
- 'AC_LTDL_ENABLE_INSTALL' => 1,
- 'LTSUGAR_VERSION' => 1,
- 'AC_LIBTOOL_SYS_LIB_STRIP' => 1,
- '_AC_PROG_LIBTOOL' => 1,
- '_AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
- 'AM_SILENT_RULES' => 1,
- 'AC_PROG_LD_RELOAD_FLAG' => 1,
- 'AC_ENABLE_SHARED' => 1,
- 'AC_PYTHON_DEVEL' => 1,
- 'AM_MISSING_PROG' => 1,
- '_LT_AC_SYS_COMPILER' => 1,
- 'AC_LTDL_PREOPEN' => 1,
- 'LT_PROG_GCJ' => 1,
- '_LT_AC_LANG_RC_CONFIG' => 1,
- 'AC_LIBTOOL_SYS_OLD_ARCHIVE' => 1,
- '_LT_AC_SYS_LIBPATH_AIX' => 1,
- 'AC_LIBTOOL_WIN32_DLL' => 1,
- 'AC_PATH_MAGIC' => 1,
- 'AC_LIBTOOL_LANG_GCJ_CONFIG' => 1,
- 'AC_CONFIG_MACRO_DIR' => 1,
- 'LT_PATH_LD' => 1,
- 'AM_INIT_AUTOMAKE' => 1,
- 'AC_PROG_EGREP' => 1,
- '_LT_DLL_DEF_P' => 1,
- 'LT_PATH_NM' => 1,
- 'AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE' => 1,
- '_m4_warn' => 1,
- 'AM_PROG_LD' => 1,
- '_LT_REQUIRED_DARWIN_CHECKS' => 1,
- '_LT_PROG_F77' => 1,
- '_AC_AM_CONFIG_HEADER_HOOK' => 1,
- 'AM_PROG_NM' => 1,
- '_AM_PROG_CC_C_O' => 1,
- 'LTOPTIONS_VERSION' => 1,
- 'AC_LIBTOOL_PROG_COMPILER_NO_RTTI' => 1,
- 'AC_PATH_TOOL_PREFIX' => 1,
- 'PKG_CHECK_VAR' => 1,
- 'AC_ENABLE_STATIC' => 1,
- 'AC_PROG_LIBTOOL' => 1,
- 'AC_LIBTOOL_SYS_HARD_LINK_LOCKS' => 1,
- 'LT_PROG_GO' => 1,
- 'AC_LIBTOOL_SETUP' => 1,
- 'AC_LIBTOOL_COMPILER_OPTION' => 1,
- 'AC_LIBTOOL_FC' => 1,
- 'AC_ENABLE_FAST_INSTALL' => 1,
- 'PKG_CHECK_MODULES_STATIC' => 1,
- 'AM_DISABLE_SHARED' => 1,
- '_LT_PREPARE_SED_QUOTE_VARS' => 1,
- 'AC_DEFUN_ONCE' => 1,
- 'AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
- 'AC_LIBTOOL_PICMODE' => 1,
- 'AC_DISABLE_STATIC' => 1,
- 'AC_LIBTOOL_CONFIG' => 1,
- 'LT_SYS_DLOPEN_SELF' => 1,
- '_AM_SET_OPTIONS' => 1,
- '_LT_AC_LANG_GCJ_CONFIG' => 1,
- 'AC_LTDL_OBJDIR' => 1,
- 'PKG_INSTALLDIR' => 1,
- 'AM_DEP_TRACK' => 1,
- 'AC_LIBTOOL_DLOPEN' => 1,
- '_LT_AC_LANG_CXX' => 1,
- 'AM_PROG_CC_C_O' => 1,
- '_LT_WITH_SYSROOT' => 1,
- 'm4_include' => 1,
- 'AC_DEFUN' => 1,
- '_LT_PATH_TOOL_PREFIX' => 1,
- 'm4_pattern_forbid' => 1,
- 'AM_PYTHON_CHECK_VERSION' => 1,
- 'include' => 1,
- 'AC_LIBTOOL_SYS_DYNAMIC_LINKER' => 1,
- 'AC_CHECK_LIBM' => 1,
- 'AC_PROG_NM' => 1,
- 'AC_PROG_LD' => 1,
- 'AM_PROG_LEX' => 1,
- 'LT_AC_PROG_EGREP' => 1,
- 'PROG_PODCHECKER' => 1,
- '_LT_AC_SHELL_INIT' => 1,
- 'LT_LANG' => 1,
- 'LT_AC_PROG_RC' => 1,
- 'LT_AC_PROG_SED' => 1,
- 'AM_ENABLE_STATIC' => 1,
- 'AM_PROG_LIBTOOL' => 1,
- 'AC_LIBTOOL_RC' => 1,
- 'LT_CMD_MAX_LEN' => 1,
- 'AC_LIBTOOL_DLOPEN_SELF' => 1,
- 'AC_LIBTOOL_OBJDIR' => 1,
- 'LT_INIT' => 1,
- '_LT_AC_LANG_GCJ' => 1,
- 'AC_DEPLIBS_CHECK_METHOD' => 1,
- '_LT_AC_LANG_CXX_CONFIG' => 1,
- '_LT_LINKER_OPTION' => 1,
- '_AM_MANGLE_OPTION' => 1,
- 'LTOBSOLETE_VERSION' => 1,
- 'm4_pattern_allow' => 1,
- 'AC_DISABLE_SHARED' => 1,
- '_LT_PROG_ECHO_BACKSLASH' => 1,
- 'AM_DISABLE_STATIC' => 1,
- 'PKG_PROG_PKG_CONFIG' => 1,
- '_PKG_SHORT_ERRORS_SUPPORTED' => 1,
- 'AC_LIBTOOL_LANG_C_CONFIG' => 1,
- '_LT_COMPILER_BOILERPLATE' => 1,
- 'AC_LIBTOOL_PROG_COMPILER_PIC' => 1,
- 'LT_LIB_M' => 1,
- '_LT_AC_LOCK' => 1
- }
- ], 'Autom4te::Request' ),
- bless( [
- '1',
- 1,
- [
- '/usr/share/autoconf'
- ],
- [
- '/usr/share/autoconf/autoconf/autoconf.m4f',
- 'aclocal.m4',
- '/usr/share/autoconf/autoconf/trailer.m4',
- 'configure.ac'
- ],
- {
- 'AM_PROG_FC_C_O' => 1,
- 'AC_FC_PP_DEFINE' => 1,
- 'AC_CANONICAL_BUILD' => 1,
- 'include' => 1,
- 'LT_SUPPORTED_TAG' => 1,
- 'IT_PROG_INTLTOOL' => 1,
- 'm4_pattern_forbid' => 1,
- 'AC_CONFIG_LIBOBJ_DIR' => 1,
- 'AC_SUBST_TRACE' => 1,
- 'AM_PATH_GUILE' => 1,
- 'AM_GNU_GETTEXT_INTL_SUBDIR' => 1,
- 'AM_PROG_LIBTOOL' => 1,
- 'AM_CONDITIONAL' => 1,
- 'AM_AUTOMAKE_VERSION' => 1,
- 'AC_CANONICAL_SYSTEM' => 1,
- 'AC_REQUIRE_AUX_FILE' => 1,
- 'AH_OUTPUT' => 1,
- 'm4_pattern_allow' => 1,
- 'AM_SILENT_RULES' => 1,
- 'LT_INIT' => 1,
- 'AM_ENABLE_MULTILIB' => 1,
- 'AC_CONFIG_FILES' => 1,
- 'AM_INIT_AUTOMAKE' => 1,
- 'sinclude' => 1,
- 'm4_sinclude' => 1,
- 'AM_PROG_MOC' => 1,
- 'AC_FC_FREEFORM' => 1,
- '_AM_COND_ELSE' => 1,
- 'AM_NLS' => 1,
- 'AC_CONFIG_HEADERS' => 1,
- '_m4_warn' => 1,
- 'AC_LIBSOURCE' => 1,
- 'AM_PROG_F77_C_O' => 1,
- 'AM_GNU_GETTEXT' => 1,
- 'GTK_DOC_CHECK' => 1,
- '_AM_SUBST_NOTMAKE' => 1,
- 'AM_PROG_MKDIR_P' => 1,
- '_LT_AC_TAGCONFIG' => 1,
- 'AC_CONFIG_SUBDIRS' => 1,
- 'AC_PROG_LIBTOOL' => 1,
- 'AM_PROG_CXX_C_O' => 1,
- 'AM_MAKEFILE_INCLUDE' => 1,
- 'AM_EXTRA_RECURSIVE_TARGETS' => 1,
- '_AM_COND_IF' => 1,
- 'AM_PROG_AR' => 1,
- 'AC_SUBST' => 1,
- 'AM_XGETTEXT_OPTION' => 1,
- 'LT_CONFIG_LTDL_DIR' => 1,
- '_AM_MAKEFILE_INCLUDE' => 1,
- 'AC_CANONICAL_TARGET' => 1,
- 'AC_CONFIG_AUX_DIR' => 1,
- 'm4_include' => 1,
- 'AM_PROG_CC_C_O' => 1,
- 'AC_CONFIG_LINKS' => 1,
- 'AC_DEFINE_TRACE_LITERAL' => 1,
- 'AM_POT_TOOLS' => 1,
- 'AM_MAINTAINER_MODE' => 1,
- '_AM_COND_ENDIF' => 1,
- 'AC_FC_PP_SRCEXT' => 1,
- 'AC_INIT' => 1,
- 'AC_CONFIG_MACRO_DIR_TRACE' => 1,
- 'AC_CANONICAL_HOST' => 1,
- 'AC_FC_SRCEXT' => 1
- }
- ], 'Autom4te::Request' ),
- bless( [
- '2',
- 1,
- [
- '/usr/share/autoconf'
- ],
- [
- '/usr/share/autoconf/autoconf/autoconf.m4f',
- 'aclocal.m4',
- 'configure.ac'
- ],
- {
- 'AC_FC_PP_SRCEXT' => 1,
- 'AC_INIT' => 1,
- 'AC_CONFIG_MACRO_DIR_TRACE' => 1,
- 'AC_CANONICAL_HOST' => 1,
- 'AC_FC_SRCEXT' => 1,
- 'm4_include' => 1,
- 'AC_CONFIG_AUX_DIR' => 1,
- 'AC_CONFIG_LINKS' => 1,
- 'AM_PROG_CC_C_O' => 1,
- 'AC_DEFINE_TRACE_LITERAL' => 1,
- 'AM_POT_TOOLS' => 1,
- '_AM_COND_ENDIF' => 1,
- 'AM_MAINTAINER_MODE' => 1,
- '_AM_MAKEFILE_INCLUDE' => 1,
- 'AC_CANONICAL_TARGET' => 1,
- 'AM_PROG_AR' => 1,
- '_AM_COND_IF' => 1,
- 'AC_SUBST' => 1,
- 'AM_XGETTEXT_OPTION' => 1,
- 'LT_CONFIG_LTDL_DIR' => 1,
- 'AM_PROG_CXX_C_O' => 1,
- 'AM_MAKEFILE_INCLUDE' => 1,
- 'AM_EXTRA_RECURSIVE_TARGETS' => 1,
- 'AM_PROG_MKDIR_P' => 1,
- '_AM_SUBST_NOTMAKE' => 1,
- '_LT_AC_TAGCONFIG' => 1,
- 'AC_CONFIG_SUBDIRS' => 1,
- 'AC_PROG_LIBTOOL' => 1,
- 'AM_GNU_GETTEXT' => 1,
- 'GTK_DOC_CHECK' => 1,
- '_m4_warn' => 1,
- 'AC_LIBSOURCE' => 1,
- 'AM_PROG_F77_C_O' => 1,
- 'AC_FC_FREEFORM' => 1,
- '_AM_COND_ELSE' => 1,
- 'AM_NLS' => 1,
- 'AC_CONFIG_HEADERS' => 1,
- 'AM_INIT_AUTOMAKE' => 1,
- 'sinclude' => 1,
- 'm4_sinclude' => 1,
- 'AM_PROG_MOC' => 1,
- 'LT_INIT' => 1,
- 'AM_ENABLE_MULTILIB' => 1,
- 'AC_CONFIG_FILES' => 1,
- 'm4_pattern_allow' => 1,
- 'AM_SILENT_RULES' => 1,
- 'AC_CANONICAL_SYSTEM' => 1,
- 'AC_REQUIRE_AUX_FILE' => 1,
- 'AH_OUTPUT' => 1,
- 'AM_GNU_GETTEXT_INTL_SUBDIR' => 1,
- 'AM_PATH_GUILE' => 1,
- 'AM_PROG_LIBTOOL' => 1,
- 'AM_CONDITIONAL' => 1,
- 'AM_AUTOMAKE_VERSION' => 1,
- 'IT_PROG_INTLTOOL' => 1,
- 'm4_pattern_forbid' => 1,
- 'AC_CONFIG_LIBOBJ_DIR' => 1,
- 'AC_SUBST_TRACE' => 1,
- 'AM_PROG_FC_C_O' => 1,
- 'AC_FC_PP_DEFINE' => 1,
- 'include' => 1,
- 'AC_CANONICAL_BUILD' => 1,
- 'LT_SUPPORTED_TAG' => 1
- }
- ], 'Autom4te::Request' )
- );
-
diff --git a/libraries/libapparmor/autom4te.cache/traces.0 b/libraries/libapparmor/autom4te.cache/traces.0
deleted file mode 100644
index b2fc42af6a2bde08673750c6f852d485b2a8e8b9..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/autom4te.cache/traces.0
+++ /dev/null
@@ -1,2806 +0,0 @@
-m4trace:/usr/share/aclocal/libtool.m4:61: -1- AC_DEFUN([LT_INIT], [AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK
-AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
-AC_BEFORE([$0], [LT_LANG])dnl
-AC_BEFORE([$0], [LT_OUTPUT])dnl
-AC_BEFORE([$0], [LTDL_INIT])dnl
-m4_require([_LT_CHECK_BUILDDIR])dnl
-
-dnl Autoconf doesn't catch unexpanded LT_ macros by default:
-m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl
-m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl
-dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4
-dnl unless we require an AC_DEFUNed macro:
-AC_REQUIRE([LTOPTIONS_VERSION])dnl
-AC_REQUIRE([LTSUGAR_VERSION])dnl
-AC_REQUIRE([LTVERSION_VERSION])dnl
-AC_REQUIRE([LTOBSOLETE_VERSION])dnl
-m4_require([_LT_PROG_LTMAIN])dnl
-
-_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}])
-
-dnl Parse OPTIONS
-_LT_SET_OPTIONS([$0], [$1])
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS=$ltmain
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-AC_SUBST(LIBTOOL)dnl
-
-_LT_SETUP
-
-# Only expand once:
-m4_define([LT_INIT])
-])
-m4trace:/usr/share/aclocal/libtool.m4:99: -1- AU_DEFUN([AC_PROG_LIBTOOL], [m4_if($#, 0, [LT_INIT], [LT_INIT($@)])], [], [])
-m4trace:/usr/share/aclocal/libtool.m4:99: -1- AC_DEFUN([AC_PROG_LIBTOOL], [m4_warn([obsolete], [The macro `AC_PROG_LIBTOOL' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_INIT], [LT_INIT($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:100: -1- AU_DEFUN([AM_PROG_LIBTOOL], [m4_if($#, 0, [LT_INIT], [LT_INIT($@)])], [], [])
-m4trace:/usr/share/aclocal/libtool.m4:100: -1- AC_DEFUN([AM_PROG_LIBTOOL], [m4_warn([obsolete], [The macro `AM_PROG_LIBTOOL' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_INIT], [LT_INIT($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:619: -1- AC_DEFUN([LT_OUTPUT], [: ${CONFIG_LT=./config.lt}
-AC_MSG_NOTICE([creating $CONFIG_LT])
-_LT_GENERATED_FILE_INIT(["$CONFIG_LT"],
-[# Run this file to recreate a libtool stub with the current configuration.])
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-lt_cl_silent=false
-exec AS_MESSAGE_LOG_FD>>config.log
-{
- echo
- AS_BOX([Running $as_me.])
-} >&AS_MESSAGE_LOG_FD
-
-lt_cl_help="\
-'$as_me' creates a local libtool stub from the current configuration,
-for use in further configure time tests before the real libtool is
-generated.
-
-Usage: $[0] [[OPTIONS]]
-
- -h, --help print this help, then exit
- -V, --version print version number, then exit
- -q, --quiet do not print progress messages
- -d, --debug don't remove temporary files
-
-Report bugs to <bug-libtool@gnu.org>."
-
-lt_cl_version="\
-m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
-m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
-configured by $[0], generated by m4_PACKAGE_STRING.
-
-Copyright (C) 2011 Free Software Foundation, Inc.
-This config.lt script is free software; the Free Software Foundation
-gives unlimited permision to copy, distribute and modify it."
-
-while test 0 != $[#]
-do
- case $[1] in
- --version | --v* | -V )
- echo "$lt_cl_version"; exit 0 ;;
- --help | --h* | -h )
- echo "$lt_cl_help"; exit 0 ;;
- --debug | --d* | -d )
- debug=: ;;
- --quiet | --q* | --silent | --s* | -q )
- lt_cl_silent=: ;;
-
- -*) AC_MSG_ERROR([unrecognized option: $[1]
-Try '$[0] --help' for more information.]) ;;
-
- *) AC_MSG_ERROR([unrecognized argument: $[1]
-Try '$[0] --help' for more information.]) ;;
- esac
- shift
-done
-
-if $lt_cl_silent; then
- exec AS_MESSAGE_FD>/dev/null
-fi
-_LTEOF
-
-cat >>"$CONFIG_LT" <<_LTEOF
-_LT_OUTPUT_LIBTOOL_COMMANDS_INIT
-_LTEOF
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-AC_MSG_NOTICE([creating $ofile])
-_LT_OUTPUT_LIBTOOL_COMMANDS
-AS_EXIT(0)
-_LTEOF
-chmod +x "$CONFIG_LT"
-
-# configure is writing to config.log, but config.lt does its own redirection,
-# appending to config.log, which fails on DOS, as config.log is still kept
-# open by configure. Here we exec the FD to /dev/null, effectively closing
-# config.log, so it can be properly (re)opened and appended to by config.lt.
-lt_cl_success=:
-test yes = "$silent" &&
- lt_config_lt_args="$lt_config_lt_args --quiet"
-exec AS_MESSAGE_LOG_FD>/dev/null
-$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
-exec AS_MESSAGE_LOG_FD>>config.log
-$lt_cl_success || AS_EXIT(1)
-])
-m4trace:/usr/share/aclocal/libtool.m4:811: -1- AC_DEFUN([LT_SUPPORTED_TAG], [])
-m4trace:/usr/share/aclocal/libtool.m4:822: -1- AC_DEFUN([LT_LANG], [AC_BEFORE([$0], [LT_OUTPUT])dnl
-m4_case([$1],
- [C], [_LT_LANG(C)],
- [C++], [_LT_LANG(CXX)],
- [Go], [_LT_LANG(GO)],
- [Java], [_LT_LANG(GCJ)],
- [Fortran 77], [_LT_LANG(F77)],
- [Fortran], [_LT_LANG(FC)],
- [Windows Resource], [_LT_LANG(RC)],
- [m4_ifdef([_LT_LANG_]$1[_CONFIG],
- [_LT_LANG($1)],
- [m4_fatal([$0: unsupported language: "$1"])])])dnl
-])
-m4trace:/usr/share/aclocal/libtool.m4:914: -1- AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)])
-m4trace:/usr/share/aclocal/libtool.m4:914: -1- AC_DEFUN([AC_LIBTOOL_CXX], [m4_warn([obsolete], [The macro `AC_LIBTOOL_CXX' is obsolete.
-You should run autoupdate.])dnl
-LT_LANG(C++)])
-m4trace:/usr/share/aclocal/libtool.m4:915: -1- AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)])
-m4trace:/usr/share/aclocal/libtool.m4:915: -1- AC_DEFUN([AC_LIBTOOL_F77], [m4_warn([obsolete], [The macro `AC_LIBTOOL_F77' is obsolete.
-You should run autoupdate.])dnl
-LT_LANG(Fortran 77)])
-m4trace:/usr/share/aclocal/libtool.m4:916: -1- AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)])
-m4trace:/usr/share/aclocal/libtool.m4:916: -1- AC_DEFUN([AC_LIBTOOL_FC], [m4_warn([obsolete], [The macro `AC_LIBTOOL_FC' is obsolete.
-You should run autoupdate.])dnl
-LT_LANG(Fortran)])
-m4trace:/usr/share/aclocal/libtool.m4:917: -1- AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)])
-m4trace:/usr/share/aclocal/libtool.m4:917: -1- AC_DEFUN([AC_LIBTOOL_GCJ], [m4_warn([obsolete], [The macro `AC_LIBTOOL_GCJ' is obsolete.
-You should run autoupdate.])dnl
-LT_LANG(Java)])
-m4trace:/usr/share/aclocal/libtool.m4:918: -1- AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)])
-m4trace:/usr/share/aclocal/libtool.m4:918: -1- AC_DEFUN([AC_LIBTOOL_RC], [m4_warn([obsolete], [The macro `AC_LIBTOOL_RC' is obsolete.
-You should run autoupdate.])dnl
-LT_LANG(Windows Resource)])
-m4trace:/usr/share/aclocal/libtool.m4:1246: -1- AC_DEFUN([_LT_WITH_SYSROOT], [AC_MSG_CHECKING([for sysroot])
-AC_ARG_WITH([sysroot],
-[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@],
- [Search for dependent libraries within DIR (or the compiler's sysroot
- if not specified).])],
-[], [with_sysroot=no])
-
-dnl lt_sysroot will always be passed unquoted. We quote it here
-dnl in case the user passed a directory name.
-lt_sysroot=
-case $with_sysroot in #(
- yes)
- if test yes = "$GCC"; then
- lt_sysroot=`$CC --print-sysroot 2>/dev/null`
- fi
- ;; #(
- /*)
- lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
- ;; #(
- no|'')
- ;; #(
- *)
- AC_MSG_RESULT([$with_sysroot])
- AC_MSG_ERROR([The sysroot must be an absolute path.])
- ;;
-esac
-
- AC_MSG_RESULT([${lt_sysroot:-no}])
-_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl
-[dependent libraries, and where our libraries should be installed.])])
-m4trace:/usr/share/aclocal/libtool.m4:1577: -1- AC_DEFUN([_LT_COMPILER_OPTION], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
- [$2=no
- m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="$3" ## exclude from sc_useless_quotes_in_assignment
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- # The option is referenced via a variable to avoid confusing sed.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
- (eval "$lt_compile" 2>conftest.err)
- ac_status=$?
- cat conftest.err >&AS_MESSAGE_LOG_FD
- echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
- if (exit $ac_status) && test -s "$ac_outfile"; then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings other than the usual output.
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
- $2=yes
- fi
- fi
- $RM conftest*
-])
-
-if test yes = "[$]$2"; then
- m4_if([$5], , :, [$5])
-else
- m4_if([$6], , :, [$6])
-fi
-])
-m4trace:/usr/share/aclocal/libtool.m4:1619: -1- AU_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [m4_if($#, 0, [_LT_COMPILER_OPTION], [_LT_COMPILER_OPTION($@)])], [], [])
-m4trace:/usr/share/aclocal/libtool.m4:1619: -1- AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [m4_warn([obsolete], [The macro `AC_LIBTOOL_COMPILER_OPTION' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [_LT_COMPILER_OPTION], [_LT_COMPILER_OPTION($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:1628: -1- AC_DEFUN([_LT_LINKER_OPTION], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
- [$2=no
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS $3"
- echo "$lt_simple_link_test_code" > conftest.$ac_ext
- if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
- # The linker can only warn and ignore the option if not recognized
- # So say no if there are warnings
- if test -s conftest.err; then
- # Append any errors to the config.log.
- cat conftest.err 1>&AS_MESSAGE_LOG_FD
- $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if diff conftest.exp conftest.er2 >/dev/null; then
- $2=yes
- fi
- else
- $2=yes
- fi
- fi
- $RM -r conftest*
- LDFLAGS=$save_LDFLAGS
-])
-
-if test yes = "[$]$2"; then
- m4_if([$4], , :, [$4])
-else
- m4_if([$5], , :, [$5])
-fi
-])
-m4trace:/usr/share/aclocal/libtool.m4:1663: -1- AU_DEFUN([AC_LIBTOOL_LINKER_OPTION], [m4_if($#, 0, [_LT_LINKER_OPTION], [_LT_LINKER_OPTION($@)])], [], [])
-m4trace:/usr/share/aclocal/libtool.m4:1663: -1- AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [m4_warn([obsolete], [The macro `AC_LIBTOOL_LINKER_OPTION' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [_LT_LINKER_OPTION], [_LT_LINKER_OPTION($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:1670: -1- AC_DEFUN([LT_CMD_MAX_LEN], [AC_REQUIRE([AC_CANONICAL_HOST])dnl
-# find the maximum length of command line arguments
-AC_MSG_CHECKING([the maximum length of command line arguments])
-AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
- i=0
- teststring=ABCD
-
- case $build_os in
- msdosdjgpp*)
- # On DJGPP, this test can blow up pretty badly due to problems in libc
- # (any single argument exceeding 2000 bytes causes a buffer overrun
- # during glob expansion). Even if it were fixed, the result of this
- # check would be larger than it should be.
- lt_cv_sys_max_cmd_len=12288; # 12K is about right
- ;;
-
- gnu*)
- # Under GNU Hurd, this test is not required because there is
- # no limit to the length of command line arguments.
- # Libtool will interpret -1 as no limit whatsoever
- lt_cv_sys_max_cmd_len=-1;
- ;;
-
- cygwin* | mingw* | cegcc*)
- # On Win9x/ME, this test blows up -- it succeeds, but takes
- # about 5 minutes as the teststring grows exponentially.
- # Worse, since 9x/ME are not pre-emptively multitasking,
- # you end up with a "frozen" computer, even though with patience
- # the test eventually succeeds (with a max line length of 256k).
- # Instead, let's just punt: use the minimum linelength reported by
- # all of the supported platforms: 8192 (on NT/2K/XP).
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- mint*)
- # On MiNT this can take a long time and run out of memory.
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- amigaos*)
- # On AmigaOS with pdksh, this test takes hours, literally.
- # So we just punt and use a minimum line length of 8192.
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
- # This has been around since 386BSD, at least. Likely further.
- if test -x /sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
- elif test -x /usr/sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
- else
- lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
- fi
- # And add a safety zone
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- ;;
-
- interix*)
- # We know the value 262144 and hardcode it with a safety zone (like BSD)
- lt_cv_sys_max_cmd_len=196608
- ;;
-
- os2*)
- # The test takes a long time on OS/2.
- lt_cv_sys_max_cmd_len=8192
- ;;
-
- osf*)
- # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
- # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
- # nice to cause kernel panics so lets avoid the loop below.
- # First set a reasonable default.
- lt_cv_sys_max_cmd_len=16384
- #
- if test -x /sbin/sysconfig; then
- case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
- *1*) lt_cv_sys_max_cmd_len=-1 ;;
- esac
- fi
- ;;
- sco3.2v5*)
- lt_cv_sys_max_cmd_len=102400
- ;;
- sysv5* | sco5v6* | sysv4.2uw2*)
- kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
- if test -n "$kargmax"; then
- lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'`
- else
- lt_cv_sys_max_cmd_len=32768
- fi
- ;;
- *)
- lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
- if test -n "$lt_cv_sys_max_cmd_len" && \
- test undefined != "$lt_cv_sys_max_cmd_len"; then
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- else
- # Make teststring a little bigger before we do anything with it.
- # a 1K string should be a reasonable start.
- for i in 1 2 3 4 5 6 7 8; do
- teststring=$teststring$teststring
- done
- SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
- # If test is not a shell built-in, we'll probably end up computing a
- # maximum length that is only half of the actual maximum length, but
- # we can't tell.
- while { test X`env echo "$teststring$teststring" 2>/dev/null` \
- = "X$teststring$teststring"; } >/dev/null 2>&1 &&
- test 17 != "$i" # 1/2 MB should be enough
- do
- i=`expr $i + 1`
- teststring=$teststring$teststring
- done
- # Only check the string length outside the loop.
- lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
- teststring=
- # Add a significant safety factor because C++ compilers can tack on
- # massive amounts of additional arguments before passing them to the
- # linker. It appears as though 1/2 is a usable value.
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
- fi
- ;;
- esac
-])
-if test -n "$lt_cv_sys_max_cmd_len"; then
- AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
-else
- AC_MSG_RESULT(none)
-fi
-max_cmd_len=$lt_cv_sys_max_cmd_len
-_LT_DECL([], [max_cmd_len], [0],
- [What is the maximum length of a command?])
-])
-m4trace:/usr/share/aclocal/libtool.m4:1809: -1- AU_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [m4_if($#, 0, [LT_CMD_MAX_LEN], [LT_CMD_MAX_LEN($@)])], [], [])
-m4trace:/usr/share/aclocal/libtool.m4:1809: -1- AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [m4_warn([obsolete], [The macro `AC_LIBTOOL_SYS_MAX_CMD_LEN' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_CMD_MAX_LEN], [LT_CMD_MAX_LEN($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:1920: -1- AC_DEFUN([LT_SYS_DLOPEN_SELF], [m4_require([_LT_HEADER_DLFCN])dnl
-if test yes != "$enable_dlopen"; then
- enable_dlopen=unknown
- enable_dlopen_self=unknown
- enable_dlopen_self_static=unknown
-else
- lt_cv_dlopen=no
- lt_cv_dlopen_libs=
-
- case $host_os in
- beos*)
- lt_cv_dlopen=load_add_on
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
- ;;
-
- mingw* | pw32* | cegcc*)
- lt_cv_dlopen=LoadLibrary
- lt_cv_dlopen_libs=
- ;;
-
- cygwin*)
- lt_cv_dlopen=dlopen
- lt_cv_dlopen_libs=
- ;;
-
- darwin*)
- # if libdl is installed we need to link against it
- AC_CHECK_LIB([dl], [dlopen],
- [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[
- lt_cv_dlopen=dyld
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
- ])
- ;;
-
- tpf*)
- # Don't try to run any link tests for TPF. We know it's impossible
- # because TPF is a cross-compiler, and we know how we open DSOs.
- lt_cv_dlopen=dlopen
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=no
- ;;
-
- *)
- AC_CHECK_FUNC([shl_load],
- [lt_cv_dlopen=shl_load],
- [AC_CHECK_LIB([dld], [shl_load],
- [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld],
- [AC_CHECK_FUNC([dlopen],
- [lt_cv_dlopen=dlopen],
- [AC_CHECK_LIB([dl], [dlopen],
- [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],
- [AC_CHECK_LIB([svld], [dlopen],
- [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld],
- [AC_CHECK_LIB([dld], [dld_link],
- [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld])
- ])
- ])
- ])
- ])
- ])
- ;;
- esac
-
- if test no = "$lt_cv_dlopen"; then
- enable_dlopen=no
- else
- enable_dlopen=yes
- fi
-
- case $lt_cv_dlopen in
- dlopen)
- save_CPPFLAGS=$CPPFLAGS
- test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
- save_LDFLAGS=$LDFLAGS
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
- save_LIBS=$LIBS
- LIBS="$lt_cv_dlopen_libs $LIBS"
-
- AC_CACHE_CHECK([whether a program can dlopen itself],
- lt_cv_dlopen_self, [dnl
- _LT_TRY_DLOPEN_SELF(
- lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
- lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
- ])
-
- if test yes = "$lt_cv_dlopen_self"; then
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
- AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
- lt_cv_dlopen_self_static, [dnl
- _LT_TRY_DLOPEN_SELF(
- lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
- lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross)
- ])
- fi
-
- CPPFLAGS=$save_CPPFLAGS
- LDFLAGS=$save_LDFLAGS
- LIBS=$save_LIBS
- ;;
- esac
-
- case $lt_cv_dlopen_self in
- yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
- *) enable_dlopen_self=unknown ;;
- esac
-
- case $lt_cv_dlopen_self_static in
- yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
- *) enable_dlopen_self_static=unknown ;;
- esac
-fi
-_LT_DECL([dlopen_support], [enable_dlopen], [0],
- [Whether dlopen is supported])
-_LT_DECL([dlopen_self], [enable_dlopen_self], [0],
- [Whether dlopen of programs is supported])
-_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0],
- [Whether dlopen of statically linked programs is supported])
-])
-m4trace:/usr/share/aclocal/libtool.m4:2045: -1- AU_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [m4_if($#, 0, [LT_SYS_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF($@)])], [], [])
-m4trace:/usr/share/aclocal/libtool.m4:2045: -1- AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [m4_warn([obsolete], [The macro `AC_LIBTOOL_DLOPEN_SELF' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_SYS_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:3166: -1- AC_DEFUN([_LT_PATH_TOOL_PREFIX], [m4_require([_LT_DECL_EGREP])dnl
-AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
-[case $MAGIC_CMD in
-[[\\/*] | ?:[\\/]*])
- lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
- ;;
-*)
- lt_save_MAGIC_CMD=$MAGIC_CMD
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-dnl $ac_dummy forces splitting on constant user-supplied paths.
-dnl POSIX.2 word splitting is done only on the output of word expansions,
-dnl not every word. This closes a longstanding sh security hole.
- ac_dummy="m4_if([$2], , $PATH, [$2])"
- for ac_dir in $ac_dummy; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/$1"; then
- lt_cv_path_MAGIC_CMD=$ac_dir/"$1"
- if test -n "$file_magic_test_file"; then
- case $deplibs_check_method in
- "file_magic "*)
- file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD=$lt_cv_path_MAGIC_CMD
- if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
- $EGREP "$file_magic_regex" > /dev/null; then
- :
- else
- cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such. This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem. Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
- fi ;;
- esac
- fi
- break
- fi
- done
- IFS=$lt_save_ifs
- MAGIC_CMD=$lt_save_MAGIC_CMD
- ;;
-esac])
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
- AC_MSG_RESULT($MAGIC_CMD)
-else
- AC_MSG_RESULT(no)
-fi
-_LT_DECL([], [MAGIC_CMD], [0],
- [Used to examine libraries when file_magic_cmd begins with "file"])dnl
-])
-m4trace:/usr/share/aclocal/libtool.m4:3228: -1- AU_DEFUN([AC_PATH_TOOL_PREFIX], [m4_if($#, 0, [_LT_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX($@)])], [], [])
-m4trace:/usr/share/aclocal/libtool.m4:3228: -1- AC_DEFUN([AC_PATH_TOOL_PREFIX], [m4_warn([obsolete], [The macro `AC_PATH_TOOL_PREFIX' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [_LT_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:3251: -1- AC_DEFUN([LT_PATH_LD], [AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PROG_ECHO_BACKSLASH])dnl
-
-AC_ARG_WITH([gnu-ld],
- [AS_HELP_STRING([--with-gnu-ld],
- [assume the C compiler uses GNU ld @<:@default=no@:>@])],
- [test no = "$withval" || with_gnu_ld=yes],
- [with_gnu_ld=no])dnl
-
-ac_prog=ld
-if test yes = "$GCC"; then
- # Check if gcc -print-prog-name=ld gives a path.
- AC_MSG_CHECKING([for ld used by $CC])
- case $host in
- *-*-mingw*)
- # gcc leaves a trailing carriage return, which upsets mingw
- ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
- *)
- ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
- esac
- case $ac_prog in
- # Accept absolute paths.
- [[\\/]]* | ?:[[\\/]]*)
- re_direlt='/[[^/]][[^/]]*/\.\./'
- # Canonicalize the pathname of ld
- ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
- while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
- ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
- done
- test -z "$LD" && LD=$ac_prog
- ;;
- "")
- # If it fails, then pretend we aren't using GCC.
- ac_prog=ld
- ;;
- *)
- # If it is relative, then search for the first ld in PATH.
- with_gnu_ld=unknown
- ;;
- esac
-elif test yes = "$with_gnu_ld"; then
- AC_MSG_CHECKING([for GNU ld])
-else
- AC_MSG_CHECKING([for non-GNU ld])
-fi
-AC_CACHE_VAL(lt_cv_path_LD,
-[if test -z "$LD"; then
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
- lt_cv_path_LD=$ac_dir/$ac_prog
- # Check to see if the program is GNU ld. I'd rather use --version,
- # but apparently some variants of GNU ld only accept -v.
- # Break only if it was the GNU/non-GNU ld that we prefer.
- case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
- *GNU* | *'with BFD'*)
- test no != "$with_gnu_ld" && break
- ;;
- *)
- test yes != "$with_gnu_ld" && break
- ;;
- esac
- fi
- done
- IFS=$lt_save_ifs
-else
- lt_cv_path_LD=$LD # Let the user override the test with a path.
-fi])
-LD=$lt_cv_path_LD
-if test -n "$LD"; then
- AC_MSG_RESULT($LD)
-else
- AC_MSG_RESULT(no)
-fi
-test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
-_LT_PATH_LD_GNU
-AC_SUBST([LD])
-
-_LT_TAGDECL([], [LD], [1], [The linker used to build libraries])
-])
-m4trace:/usr/share/aclocal/libtool.m4:3340: -1- AU_DEFUN([AM_PROG_LD], [m4_if($#, 0, [LT_PATH_LD], [LT_PATH_LD($@)])], [], [])
-m4trace:/usr/share/aclocal/libtool.m4:3340: -1- AC_DEFUN([AM_PROG_LD], [m4_warn([obsolete], [The macro `AM_PROG_LD' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_PATH_LD], [LT_PATH_LD($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:3341: -1- AU_DEFUN([AC_PROG_LD], [m4_if($#, 0, [LT_PATH_LD], [LT_PATH_LD($@)])], [], [])
-m4trace:/usr/share/aclocal/libtool.m4:3341: -1- AC_DEFUN([AC_PROG_LD], [m4_warn([obsolete], [The macro `AC_PROG_LD' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_PATH_LD], [LT_PATH_LD($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:3670: -1- AC_DEFUN([LT_PATH_NM], [AC_REQUIRE([AC_PROG_CC])dnl
-AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM,
-[if test -n "$NM"; then
- # Let the user override the test.
- lt_cv_path_NM=$NM
-else
- lt_nm_to_check=${ac_tool_prefix}nm
- if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
- lt_nm_to_check="$lt_nm_to_check nm"
- fi
- for lt_tmp_nm in $lt_nm_to_check; do
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- tmp_nm=$ac_dir/$lt_tmp_nm
- if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
- # Check to see if the nm accepts a BSD-compat flag.
- # Adding the 'sed 1q' prevents false positives on HP-UX, which says:
- # nm: unknown option "B" ignored
- # Tru64's nm complains that /dev/null is an invalid object file
- # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
- case $build_os in
- mingw*) lt_bad_file=conftest.nm/nofile ;;
- *) lt_bad_file=/dev/null ;;
- esac
- case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
- *$lt_bad_file* | *'Invalid file or object type'*)
- lt_cv_path_NM="$tmp_nm -B"
- break 2
- ;;
- *)
- case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
- */dev/null*)
- lt_cv_path_NM="$tmp_nm -p"
- break 2
- ;;
- *)
- lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
- continue # so that we can try to find one that supports BSD flags
- ;;
- esac
- ;;
- esac
- fi
- done
- IFS=$lt_save_ifs
- done
- : ${lt_cv_path_NM=no}
-fi])
-if test no != "$lt_cv_path_NM"; then
- NM=$lt_cv_path_NM
-else
- # Didn't find any BSD compatible name lister, look for dumpbin.
- if test -n "$DUMPBIN"; then :
- # Let the user override the test.
- else
- AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
- case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
- *COFF*)
- DUMPBIN="$DUMPBIN -symbols -headers"
- ;;
- *)
- DUMPBIN=:
- ;;
- esac
- fi
- AC_SUBST([DUMPBIN])
- if test : != "$DUMPBIN"; then
- NM=$DUMPBIN
- fi
-fi
-test -z "$NM" && NM=nm
-AC_SUBST([NM])
-_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl
-
-AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface],
- [lt_cv_nm_interface="BSD nm"
- echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD)
- (eval "$ac_compile" 2>conftest.err)
- cat conftest.err >&AS_MESSAGE_LOG_FD
- (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD)
- (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
- cat conftest.err >&AS_MESSAGE_LOG_FD
- (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD)
- cat conftest.out >&AS_MESSAGE_LOG_FD
- if $GREP 'External.*some_variable' conftest.out > /dev/null; then
- lt_cv_nm_interface="MS dumpbin"
- fi
- rm -f conftest*])
-])
-m4trace:/usr/share/aclocal/libtool.m4:3765: -1- AU_DEFUN([AM_PROG_NM], [m4_if($#, 0, [LT_PATH_NM], [LT_PATH_NM($@)])], [], [])
-m4trace:/usr/share/aclocal/libtool.m4:3765: -1- AC_DEFUN([AM_PROG_NM], [m4_warn([obsolete], [The macro `AM_PROG_NM' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_PATH_NM], [LT_PATH_NM($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:3766: -1- AU_DEFUN([AC_PROG_NM], [m4_if($#, 0, [LT_PATH_NM], [LT_PATH_NM($@)])], [], [])
-m4trace:/usr/share/aclocal/libtool.m4:3766: -1- AC_DEFUN([AC_PROG_NM], [m4_warn([obsolete], [The macro `AC_PROG_NM' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_PATH_NM], [LT_PATH_NM($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:3837: -1- AC_DEFUN([_LT_DLL_DEF_P], [dnl
- test DEF = "`$SED -n dnl
- -e '\''s/^[[ ]]*//'\'' dnl Strip leading whitespace
- -e '\''/^\(;.*\)*$/d'\'' dnl Delete empty lines and comments
- -e '\''s/^\(EXPORTS\|LIBRARY\)\([[ ]].*\)*$/DEF/p'\'' dnl
- -e q dnl Only consider the first "real" line
- $1`" dnl
-])
-m4trace:/usr/share/aclocal/libtool.m4:3851: -1- AC_DEFUN([LT_LIB_M], [AC_REQUIRE([AC_CANONICAL_HOST])dnl
-LIBM=
-case $host in
-*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*)
- # These system don't have libm, or don't need it
- ;;
-*-ncr-sysv4.3*)
- AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw)
- AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
- ;;
-*)
- AC_CHECK_LIB(m, cos, LIBM=-lm)
- ;;
-esac
-AC_SUBST([LIBM])
-])
-m4trace:/usr/share/aclocal/libtool.m4:3870: -1- AU_DEFUN([AC_CHECK_LIBM], [m4_if($#, 0, [LT_LIB_M], [LT_LIB_M($@)])], [], [])
-m4trace:/usr/share/aclocal/libtool.m4:3870: -1- AC_DEFUN([AC_CHECK_LIBM], [m4_warn([obsolete], [The macro `AC_CHECK_LIBM' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_LIB_M], [LT_LIB_M($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:8147: -1- AC_DEFUN([LT_PROG_GCJ], [m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
- [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ],
- [AC_CHECK_TOOL(GCJ, gcj,)
- test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2"
- AC_SUBST(GCJFLAGS)])])[]dnl
-])
-m4trace:/usr/share/aclocal/libtool.m4:8156: -1- AU_DEFUN([LT_AC_PROG_GCJ], [m4_if($#, 0, [LT_PROG_GCJ], [LT_PROG_GCJ($@)])], [], [])
-m4trace:/usr/share/aclocal/libtool.m4:8156: -1- AC_DEFUN([LT_AC_PROG_GCJ], [m4_warn([obsolete], [The macro `LT_AC_PROG_GCJ' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_PROG_GCJ], [LT_PROG_GCJ($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:8163: -1- AC_DEFUN([LT_PROG_GO], [AC_CHECK_TOOL(GOC, gccgo,)
-])
-m4trace:/usr/share/aclocal/libtool.m4:8170: -1- AC_DEFUN([LT_PROG_RC], [AC_CHECK_TOOL(RC, windres,)
-])
-m4trace:/usr/share/aclocal/libtool.m4:8175: -1- AU_DEFUN([LT_AC_PROG_RC], [m4_if($#, 0, [LT_PROG_RC], [LT_PROG_RC($@)])], [], [])
-m4trace:/usr/share/aclocal/libtool.m4:8175: -1- AC_DEFUN([LT_AC_PROG_RC], [m4_warn([obsolete], [The macro `LT_AC_PROG_RC' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_PROG_RC], [LT_PROG_RC($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:8295: -1- AU_DEFUN([LT_AC_PROG_SED], [m4_if($#, 0, [AC_PROG_SED], [AC_PROG_SED($@)])], [], [])
-m4trace:/usr/share/aclocal/libtool.m4:8295: -1- AC_DEFUN([LT_AC_PROG_SED], [m4_warn([obsolete], [The macro `LT_AC_PROG_SED' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [AC_PROG_SED], [AC_PROG_SED($@)])])
-m4trace:/usr/share/aclocal/ltoptions.m4:14: -1- AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
-m4trace:/usr/share/aclocal/ltoptions.m4:113: -1- AU_DEFUN([AC_LIBTOOL_DLOPEN], [_LT_SET_OPTION([LT_INIT], [dlopen])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'dlopen' option into LT_INIT's first parameter.])
-])
-m4trace:/usr/share/aclocal/ltoptions.m4:113: -1- AC_DEFUN([AC_LIBTOOL_DLOPEN], [m4_warn([obsolete], [The macro `AC_LIBTOOL_DLOPEN' is obsolete.
-You should run autoupdate.])dnl
-_LT_SET_OPTION([LT_INIT], [dlopen])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'dlopen' option into LT_INIT's first parameter.])
-])
-m4trace:/usr/share/aclocal/ltoptions.m4:148: -1- AU_DEFUN([AC_LIBTOOL_WIN32_DLL], [AC_REQUIRE([AC_CANONICAL_HOST])dnl
-_LT_SET_OPTION([LT_INIT], [win32-dll])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'win32-dll' option into LT_INIT's first parameter.])
-])
-m4trace:/usr/share/aclocal/ltoptions.m4:148: -1- AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [m4_warn([obsolete], [The macro `AC_LIBTOOL_WIN32_DLL' is obsolete.
-You should run autoupdate.])dnl
-AC_REQUIRE([AC_CANONICAL_HOST])dnl
-_LT_SET_OPTION([LT_INIT], [win32-dll])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'win32-dll' option into LT_INIT's first parameter.])
-])
-m4trace:/usr/share/aclocal/ltoptions.m4:197: -1- AC_DEFUN([AC_ENABLE_SHARED], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared])
-])
-m4trace:/usr/share/aclocal/ltoptions.m4:201: -1- AC_DEFUN([AC_DISABLE_SHARED], [_LT_SET_OPTION([LT_INIT], [disable-shared])
-])
-m4trace:/usr/share/aclocal/ltoptions.m4:205: -1- AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
-m4trace:/usr/share/aclocal/ltoptions.m4:205: -1- AC_DEFUN([AM_ENABLE_SHARED], [m4_warn([obsolete], [The macro `AM_ENABLE_SHARED' is obsolete.
-You should run autoupdate.])dnl
-AC_ENABLE_SHARED($@)])
-m4trace:/usr/share/aclocal/ltoptions.m4:206: -1- AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
-m4trace:/usr/share/aclocal/ltoptions.m4:206: -1- AC_DEFUN([AM_DISABLE_SHARED], [m4_warn([obsolete], [The macro `AM_DISABLE_SHARED' is obsolete.
-You should run autoupdate.])dnl
-AC_DISABLE_SHARED($@)])
-m4trace:/usr/share/aclocal/ltoptions.m4:251: -1- AC_DEFUN([AC_ENABLE_STATIC], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
-])
-m4trace:/usr/share/aclocal/ltoptions.m4:255: -1- AC_DEFUN([AC_DISABLE_STATIC], [_LT_SET_OPTION([LT_INIT], [disable-static])
-])
-m4trace:/usr/share/aclocal/ltoptions.m4:259: -1- AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
-m4trace:/usr/share/aclocal/ltoptions.m4:259: -1- AC_DEFUN([AM_ENABLE_STATIC], [m4_warn([obsolete], [The macro `AM_ENABLE_STATIC' is obsolete.
-You should run autoupdate.])dnl
-AC_ENABLE_STATIC($@)])
-m4trace:/usr/share/aclocal/ltoptions.m4:260: -1- AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
-m4trace:/usr/share/aclocal/ltoptions.m4:260: -1- AC_DEFUN([AM_DISABLE_STATIC], [m4_warn([obsolete], [The macro `AM_DISABLE_STATIC' is obsolete.
-You should run autoupdate.])dnl
-AC_DISABLE_STATIC($@)])
-m4trace:/usr/share/aclocal/ltoptions.m4:305: -1- AU_DEFUN([AC_ENABLE_FAST_INSTALL], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'fast-install' option into LT_INIT's first parameter.])
-])
-m4trace:/usr/share/aclocal/ltoptions.m4:305: -1- AC_DEFUN([AC_ENABLE_FAST_INSTALL], [m4_warn([obsolete], [The macro `AC_ENABLE_FAST_INSTALL' is obsolete.
-You should run autoupdate.])dnl
-_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'fast-install' option into LT_INIT's first parameter.])
-])
-m4trace:/usr/share/aclocal/ltoptions.m4:312: -1- AU_DEFUN([AC_DISABLE_FAST_INSTALL], [_LT_SET_OPTION([LT_INIT], [disable-fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'disable-fast-install' option into LT_INIT's first parameter.])
-])
-m4trace:/usr/share/aclocal/ltoptions.m4:312: -1- AC_DEFUN([AC_DISABLE_FAST_INSTALL], [m4_warn([obsolete], [The macro `AC_DISABLE_FAST_INSTALL' is obsolete.
-You should run autoupdate.])dnl
-_LT_SET_OPTION([LT_INIT], [disable-fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'disable-fast-install' option into LT_INIT's first parameter.])
-])
-m4trace:/usr/share/aclocal/ltoptions.m4:411: -1- AU_DEFUN([AC_LIBTOOL_PICMODE], [_LT_SET_OPTION([LT_INIT], [pic-only])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'pic-only' option into LT_INIT's first parameter.])
-])
-m4trace:/usr/share/aclocal/ltoptions.m4:411: -1- AC_DEFUN([AC_LIBTOOL_PICMODE], [m4_warn([obsolete], [The macro `AC_LIBTOOL_PICMODE' is obsolete.
-You should run autoupdate.])dnl
-_LT_SET_OPTION([LT_INIT], [pic-only])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'pic-only' option into LT_INIT's first parameter.])
-])
-m4trace:/usr/share/aclocal/ltsugar.m4:14: -1- AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
-m4trace:/usr/share/aclocal/ltversion.m4:18: -1- AC_DEFUN([LTVERSION_VERSION], [macro_version='2.4.6'
-macro_revision='2.4.6'
-_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
-_LT_DECL(, macro_revision, 0)
-])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:37: -1- AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:41: -1- AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:42: -1- AC_DEFUN([_LT_AC_SHELL_INIT])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:43: -1- AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:45: -1- AC_DEFUN([_LT_AC_TAGVAR])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:46: -1- AC_DEFUN([AC_LTDL_ENABLE_INSTALL])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:47: -1- AC_DEFUN([AC_LTDL_PREOPEN])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:48: -1- AC_DEFUN([_LT_AC_SYS_COMPILER])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:49: -1- AC_DEFUN([_LT_AC_LOCK])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:50: -1- AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:51: -1- AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:52: -1- AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:53: -1- AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:54: -1- AC_DEFUN([AC_LIBTOOL_OBJDIR])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:55: -1- AC_DEFUN([AC_LTDL_OBJDIR])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:56: -1- AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:57: -1- AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:58: -1- AC_DEFUN([AC_PATH_MAGIC])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:59: -1- AC_DEFUN([AC_PROG_LD_GNU])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:60: -1- AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:61: -1- AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:62: -1- AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:63: -1- AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:64: -1- AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:65: -1- AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:66: -1- AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:67: -1- AC_DEFUN([LT_AC_PROG_EGREP])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:72: -1- AC_DEFUN([_AC_PROG_LIBTOOL])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:73: -1- AC_DEFUN([AC_LIBTOOL_SETUP])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:74: -1- AC_DEFUN([_LT_AC_CHECK_DLFCN])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:75: -1- AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:76: -1- AC_DEFUN([_LT_AC_TAGCONFIG])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:78: -1- AC_DEFUN([_LT_AC_LANG_CXX])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:79: -1- AC_DEFUN([_LT_AC_LANG_F77])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:80: -1- AC_DEFUN([_LT_AC_LANG_GCJ])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:81: -1- AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:82: -1- AC_DEFUN([_LT_AC_LANG_C_CONFIG])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:83: -1- AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:84: -1- AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:85: -1- AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:86: -1- AC_DEFUN([_LT_AC_LANG_F77_CONFIG])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:87: -1- AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:88: -1- AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:89: -1- AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:90: -1- AC_DEFUN([_LT_AC_LANG_RC_CONFIG])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:91: -1- AC_DEFUN([AC_LIBTOOL_CONFIG])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:92: -1- AC_DEFUN([_LT_AC_FILE_LTDLL_C])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:94: -1- AC_DEFUN([_LT_AC_PROG_CXXCPP])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:97: -1- AC_DEFUN([_LT_PROG_F77])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:98: -1- AC_DEFUN([_LT_PROG_FC])
-m4trace:/usr/share/aclocal/lt~obsolete.m4:99: -1- AC_DEFUN([_LT_PROG_CXX])
-m4trace:/usr/share/aclocal/pkg.m4:58: -1- AC_DEFUN([PKG_PROG_PKG_CONFIG], [m4_pattern_forbid([^_?PKG_[A-Z_]+$])
-m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
-m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
-AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
-AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
-AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
-
-if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
- AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
-fi
-if test -n "$PKG_CONFIG"; then
- _pkg_min_version=m4_default([$1], [0.9.0])
- AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
- if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- PKG_CONFIG=""
- fi
-fi[]dnl
-])
-m4trace:/usr/share/aclocal/pkg.m4:92: -1- AC_DEFUN([PKG_CHECK_EXISTS], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-if test -n "$PKG_CONFIG" && \
- AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
- m4_default([$2], [:])
-m4_ifvaln([$3], [else
- $3])dnl
-fi])
-m4trace:/usr/share/aclocal/pkg.m4:121: -1- AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
- _pkg_short_errors_supported=yes
-else
- _pkg_short_errors_supported=no
-fi[]dnl
-])
-m4trace:/usr/share/aclocal/pkg.m4:139: -1- AC_DEFUN([PKG_CHECK_MODULES], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
-AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
-
-pkg_failed=no
-AC_MSG_CHECKING([for $2])
-
-_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
-_PKG_CONFIG([$1][_LIBS], [libs], [$2])
-
-m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
-and $1[]_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details.])
-
-if test $pkg_failed = yes; then
- AC_MSG_RESULT([no])
- _PKG_SHORT_ERRORS_SUPPORTED
- if test $_pkg_short_errors_supported = yes; then
- $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
- else
- $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
- fi
- # Put the nasty error message in config.log where it belongs
- echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
-
- m4_default([$4], [AC_MSG_ERROR(
-[Package requirements ($2) were not met:
-
-$$1_PKG_ERRORS
-
-Consider adjusting the PKG_CONFIG_PATH environment variable if you
-installed software in a non-standard prefix.
-
-_PKG_TEXT])[]dnl
- ])
-elif test $pkg_failed = untried; then
- AC_MSG_RESULT([no])
- m4_default([$4], [AC_MSG_FAILURE(
-[The pkg-config script could not be found or is too old. Make sure it
-is in your PATH or set the PKG_CONFIG environment variable to the full
-path to pkg-config.
-
-_PKG_TEXT
-
-To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
- ])
-else
- $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
- $1[]_LIBS=$pkg_cv_[]$1[]_LIBS
- AC_MSG_RESULT([yes])
- $3
-fi[]dnl
-])
-m4trace:/usr/share/aclocal/pkg.m4:208: -1- AC_DEFUN([PKG_CHECK_MODULES_STATIC], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-_save_PKG_CONFIG=$PKG_CONFIG
-PKG_CONFIG="$PKG_CONFIG --static"
-PKG_CHECK_MODULES($@)
-PKG_CONFIG=$_save_PKG_CONFIG[]dnl
-])
-m4trace:/usr/share/aclocal/pkg.m4:226: -1- AC_DEFUN([PKG_INSTALLDIR], [m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
-m4_pushdef([pkg_description],
- [pkg-config installation directory @<:@]pkg_default[@:>@])
-AC_ARG_WITH([pkgconfigdir],
- [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
- [with_pkgconfigdir=]pkg_default)
-AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
-m4_popdef([pkg_default])
-m4_popdef([pkg_description])
-])
-m4trace:/usr/share/aclocal/pkg.m4:248: -1- AC_DEFUN([PKG_NOARCH_INSTALLDIR], [m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
-m4_pushdef([pkg_description],
- [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
-AC_ARG_WITH([noarch-pkgconfigdir],
- [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
- [with_noarch_pkgconfigdir=]pkg_default)
-AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
-m4_popdef([pkg_default])
-m4_popdef([pkg_description])
-])
-m4trace:/usr/share/aclocal/pkg.m4:267: -1- AC_DEFUN([PKG_CHECK_VAR], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
-
-_PKG_CONFIG([$1], [variable="][$3]["], [$2])
-AS_VAR_COPY([$1], [pkg_cv_][$1])
-
-AS_VAR_IF([$1], [""], [$5], [$4])dnl
-])
-m4trace:/usr/share/aclocal-1.16/amversion.m4:14: -1- AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.16'
-dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
-dnl require some minimum version. Point them to the right macro.
-m4_if([$1], [1.16.5], [],
- [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
-])
-m4trace:/usr/share/aclocal-1.16/amversion.m4:33: -1- AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], [AM_AUTOMAKE_VERSION([1.16.5])dnl
-m4_ifndef([AC_AUTOCONF_VERSION],
- [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
-_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
-m4trace:/usr/share/aclocal-1.16/auxdir.m4:47: -1- AC_DEFUN([AM_AUX_DIR_EXPAND], [AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
-# Expand $ac_aux_dir to an absolute path.
-am_aux_dir=`cd "$ac_aux_dir" && pwd`
-])
-m4trace:/usr/share/aclocal-1.16/cond.m4:12: -1- AC_DEFUN([AM_CONDITIONAL], [AC_PREREQ([2.52])dnl
- m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])],
- [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
-AC_SUBST([$1_TRUE])dnl
-AC_SUBST([$1_FALSE])dnl
-_AM_SUBST_NOTMAKE([$1_TRUE])dnl
-_AM_SUBST_NOTMAKE([$1_FALSE])dnl
-m4_define([_AM_COND_VALUE_$1], [$2])dnl
-if $2; then
- $1_TRUE=
- $1_FALSE='#'
-else
- $1_TRUE='#'
- $1_FALSE=
-fi
-AC_CONFIG_COMMANDS_PRE(
-[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
- AC_MSG_ERROR([[conditional "$1" was never defined.
-Usually this means the macro was only invoked conditionally.]])
-fi])])
-m4trace:/usr/share/aclocal-1.16/depend.m4:26: -1- AC_DEFUN([_AM_DEPENDENCIES], [AC_REQUIRE([AM_SET_DEPDIR])dnl
-AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
-AC_REQUIRE([AM_MAKE_INCLUDE])dnl
-AC_REQUIRE([AM_DEP_TRACK])dnl
-
-m4_if([$1], [CC], [depcc="$CC" am_compiler_list=],
- [$1], [CXX], [depcc="$CXX" am_compiler_list=],
- [$1], [OBJC], [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
- [$1], [OBJCXX], [depcc="$OBJCXX" am_compiler_list='gcc3 gcc'],
- [$1], [UPC], [depcc="$UPC" am_compiler_list=],
- [$1], [GCJ], [depcc="$GCJ" am_compiler_list='gcc3 gcc'],
- [depcc="$$1" am_compiler_list=])
-
-AC_CACHE_CHECK([dependency style of $depcc],
- [am_cv_$1_dependencies_compiler_type],
-[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
- # We make a subdir and do the tests there. Otherwise we can end up
- # making bogus files that we don't know about and never remove. For
- # instance it was reported that on HP-UX the gcc test will end up
- # making a dummy file named 'D' -- because '-MD' means "put the output
- # in D".
- rm -rf conftest.dir
- mkdir conftest.dir
- # Copy depcomp to subdir because otherwise we won't find it if we're
- # using a relative directory.
- cp "$am_depcomp" conftest.dir
- cd conftest.dir
- # We will build objects and dependencies in a subdirectory because
- # it helps to detect inapplicable dependency modes. For instance
- # both Tru64's cc and ICC support -MD to output dependencies as a
- # side effect of compilation, but ICC will put the dependencies in
- # the current directory while Tru64 will put them in the object
- # directory.
- mkdir sub
-
- am_cv_$1_dependencies_compiler_type=none
- if test "$am_compiler_list" = ""; then
- am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
- fi
- am__universal=false
- m4_case([$1], [CC],
- [case " $depcc " in #(
- *\ -arch\ *\ -arch\ *) am__universal=true ;;
- esac],
- [CXX],
- [case " $depcc " in #(
- *\ -arch\ *\ -arch\ *) am__universal=true ;;
- esac])
-
- for depmode in $am_compiler_list; do
- # Setup a source with many dependencies, because some compilers
- # like to wrap large dependency lists on column 80 (with \), and
- # we should not choose a depcomp mode which is confused by this.
- #
- # We need to recreate these files for each test, as the compiler may
- # overwrite some of them when testing with obscure command lines.
- # This happens at least with the AIX C compiler.
- : > sub/conftest.c
- for i in 1 2 3 4 5 6; do
- echo '#include "conftst'$i'.h"' >> sub/conftest.c
- # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with
- # Solaris 10 /bin/sh.
- echo '/* dummy */' > sub/conftst$i.h
- done
- echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
-
- # We check with '-c' and '-o' for the sake of the "dashmstdout"
- # mode. It turns out that the SunPro C++ compiler does not properly
- # handle '-M -o', and we need to detect this. Also, some Intel
- # versions had trouble with output in subdirs.
- am__obj=sub/conftest.${OBJEXT-o}
- am__minus_obj="-o $am__obj"
- case $depmode in
- gcc)
- # This depmode causes a compiler race in universal mode.
- test "$am__universal" = false || continue
- ;;
- nosideeffect)
- # After this tag, mechanisms are not by side-effect, so they'll
- # only be used when explicitly requested.
- if test "x$enable_dependency_tracking" = xyes; then
- continue
- else
- break
- fi
- ;;
- msvc7 | msvc7msys | msvisualcpp | msvcmsys)
- # This compiler won't grok '-c -o', but also, the minuso test has
- # not run yet. These depmodes are late enough in the game, and
- # so weak that their functioning should not be impacted.
- am__obj=conftest.${OBJEXT-o}
- am__minus_obj=
- ;;
- none) break ;;
- esac
- if depmode=$depmode \
- source=sub/conftest.c object=$am__obj \
- depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
- $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
- >/dev/null 2>conftest.err &&
- grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
- grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
- ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
- # icc doesn't choke on unknown options, it will just issue warnings
- # or remarks (even with -Werror). So we grep stderr for any message
- # that says an option was ignored or not supported.
- # When given -MP, icc 7.0 and 7.1 complain thusly:
- # icc: Command line warning: ignoring option '-M'; no argument required
- # The diagnosis changed in icc 8.0:
- # icc: Command line remark: option '-MP' not supported
- if (grep 'ignoring option' conftest.err ||
- grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
- am_cv_$1_dependencies_compiler_type=$depmode
- break
- fi
- fi
- done
-
- cd ..
- rm -rf conftest.dir
-else
- am_cv_$1_dependencies_compiler_type=none
-fi
-])
-AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
-AM_CONDITIONAL([am__fastdep$1], [
- test "x$enable_dependency_tracking" != xno \
- && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
-])
-m4trace:/usr/share/aclocal-1.16/depend.m4:163: -1- AC_DEFUN([AM_SET_DEPDIR], [AC_REQUIRE([AM_SET_LEADING_DOT])dnl
-AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
-])
-m4trace:/usr/share/aclocal-1.16/depend.m4:171: -1- AC_DEFUN([AM_DEP_TRACK], [AC_ARG_ENABLE([dependency-tracking], [dnl
-AS_HELP_STRING(
- [--enable-dependency-tracking],
- [do not reject slow dependency extractors])
-AS_HELP_STRING(
- [--disable-dependency-tracking],
- [speeds up one-time build])])
-if test "x$enable_dependency_tracking" != xno; then
- am_depcomp="$ac_aux_dir/depcomp"
- AMDEPBACKSLASH='\'
- am__nodep='_no'
-fi
-AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
-AC_SUBST([AMDEPBACKSLASH])dnl
-_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
-AC_SUBST([am__nodep])dnl
-_AM_SUBST_NOTMAKE([am__nodep])dnl
-])
-m4trace:/usr/share/aclocal-1.16/depout.m4:11: -1- AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], [{
- # Older Autoconf quotes --file arguments for eval, but not when files
- # are listed without --file. Let's play safe and only enable the eval
- # if we detect the quoting.
- # TODO: see whether this extra hack can be removed once we start
- # requiring Autoconf 2.70 or later.
- AS_CASE([$CONFIG_FILES],
- [*\'*], [eval set x "$CONFIG_FILES"],
- [*], [set x $CONFIG_FILES])
- shift
- # Used to flag and report bootstrapping failures.
- am_rc=0
- for am_mf
- do
- # Strip MF so we end up with the name of the file.
- am_mf=`AS_ECHO(["$am_mf"]) | sed -e 's/:.*$//'`
- # Check whether this is an Automake generated Makefile which includes
- # dependency-tracking related rules and includes.
- # Grep'ing the whole file directly is not great: AIX grep has a line
- # limit of 2048, but all sed's we know have understand at least 4000.
- sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
- || continue
- am_dirpart=`AS_DIRNAME(["$am_mf"])`
- am_filepart=`AS_BASENAME(["$am_mf"])`
- AM_RUN_LOG([cd "$am_dirpart" \
- && sed -e '/# am--include-marker/d' "$am_filepart" \
- | $MAKE -f - am--depfiles]) || am_rc=$?
- done
- if test $am_rc -ne 0; then
- AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments
- for automatic dependency tracking. If GNU make was not used, consider
- re-running the configure script with MAKE="gmake" (or whatever is
- necessary). You can also try re-running configure with the
- '--disable-dependency-tracking' option to at least be able to build
- the package (albeit without support for automatic dependency tracking).])
- fi
- AS_UNSET([am_dirpart])
- AS_UNSET([am_filepart])
- AS_UNSET([am_mf])
- AS_UNSET([am_rc])
- rm -f conftest-deps.mk
-}
-])
-m4trace:/usr/share/aclocal-1.16/depout.m4:64: -1- AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles],
- [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
- [AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])])
-m4trace:/usr/share/aclocal-1.16/init.m4:29: -1- AC_DEFUN([AM_INIT_AUTOMAKE], [AC_PREREQ([2.65])dnl
-m4_ifdef([_$0_ALREADY_INIT],
- [m4_fatal([$0 expanded multiple times
-]m4_defn([_$0_ALREADY_INIT]))],
- [m4_define([_$0_ALREADY_INIT], m4_expansion_stack)])dnl
-dnl Autoconf wants to disallow AM_ names. We explicitly allow
-dnl the ones we care about.
-m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
-AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
-AC_REQUIRE([AC_PROG_INSTALL])dnl
-if test "`cd $srcdir && pwd`" != "`pwd`"; then
- # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
- # is not polluted with repeated "-I."
- AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
- # test to see if srcdir already configured
- if test -f $srcdir/config.status; then
- AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
- fi
-fi
-
-# test whether we have cygpath
-if test -z "$CYGPATH_W"; then
- if (cygpath --version) >/dev/null 2>/dev/null; then
- CYGPATH_W='cygpath -w'
- else
- CYGPATH_W=echo
- fi
-fi
-AC_SUBST([CYGPATH_W])
-
-# Define the identity of the package.
-dnl Distinguish between old-style and new-style calls.
-m4_ifval([$2],
-[AC_DIAGNOSE([obsolete],
- [$0: two- and three-arguments forms are deprecated.])
-m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
- AC_SUBST([PACKAGE], [$1])dnl
- AC_SUBST([VERSION], [$2])],
-[_AM_SET_OPTIONS([$1])dnl
-dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
-m4_if(
- m4_ifset([AC_PACKAGE_NAME], [ok]):m4_ifset([AC_PACKAGE_VERSION], [ok]),
- [ok:ok],,
- [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
- AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
- AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
-
-_AM_IF_OPTION([no-define],,
-[AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package])
- AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])dnl
-
-# Some tools Automake needs.
-AC_REQUIRE([AM_SANITY_CHECK])dnl
-AC_REQUIRE([AC_ARG_PROGRAM])dnl
-AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}])
-AM_MISSING_PROG([AUTOCONF], [autoconf])
-AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}])
-AM_MISSING_PROG([AUTOHEADER], [autoheader])
-AM_MISSING_PROG([MAKEINFO], [makeinfo])
-AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
-AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
-AC_REQUIRE([AC_PROG_MKDIR_P])dnl
-# For better backward compatibility. To be removed once Automake 1.9.x
-# dies out for good. For more background, see:
-# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
-# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
-AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
-# We need awk for the "check" target (and possibly the TAP driver). The
-# system "awk" is bad on some platforms.
-AC_REQUIRE([AC_PROG_AWK])dnl
-AC_REQUIRE([AC_PROG_MAKE_SET])dnl
-AC_REQUIRE([AM_SET_LEADING_DOT])dnl
-_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
- [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
- [_AM_PROG_TAR([v7])])])
-_AM_IF_OPTION([no-dependencies],,
-[AC_PROVIDE_IFELSE([AC_PROG_CC],
- [_AM_DEPENDENCIES([CC])],
- [m4_define([AC_PROG_CC],
- m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl
-AC_PROVIDE_IFELSE([AC_PROG_CXX],
- [_AM_DEPENDENCIES([CXX])],
- [m4_define([AC_PROG_CXX],
- m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl
-AC_PROVIDE_IFELSE([AC_PROG_OBJC],
- [_AM_DEPENDENCIES([OBJC])],
- [m4_define([AC_PROG_OBJC],
- m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl
-AC_PROVIDE_IFELSE([AC_PROG_OBJCXX],
- [_AM_DEPENDENCIES([OBJCXX])],
- [m4_define([AC_PROG_OBJCXX],
- m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl
-])
-# Variables for tags utilities; see am/tags.am
-if test -z "$CTAGS"; then
- CTAGS=ctags
-fi
-AC_SUBST([CTAGS])
-if test -z "$ETAGS"; then
- ETAGS=etags
-fi
-AC_SUBST([ETAGS])
-if test -z "$CSCOPE"; then
- CSCOPE=cscope
-fi
-AC_SUBST([CSCOPE])
-
-AC_REQUIRE([AM_SILENT_RULES])dnl
-dnl The testsuite driver may need to know about EXEEXT, so add the
-dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This
-dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below.
-AC_CONFIG_COMMANDS_PRE(dnl
-[m4_provide_if([_AM_COMPILER_EXEEXT],
- [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
-
-# POSIX will say in a future version that running "rm -f" with no argument
-# is OK; and we want to be able to make that assumption in our Makefile
-# recipes. So use an aggressive probe to check that the usage we want is
-# actually supported "in the wild" to an acceptable degree.
-# See automake bug#10828.
-# To make any issue more visible, cause the running configure to be aborted
-# by default if the 'rm' program in use doesn't match our expectations; the
-# user can still override this though.
-if rm -f && rm -fr && rm -rf; then : OK; else
- cat >&2 <<'END'
-Oops!
-
-Your 'rm' program seems unable to run without file operands specified
-on the command line, even when the '-f' option is present. This is contrary
-to the behaviour of most rm programs out there, and not conforming with
-the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542>
-
-Please tell bug-automake@gnu.org about your system, including the value
-of your $PATH and any error possibly output before this message. This
-can help us improve future automake versions.
-
-END
- if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then
- echo 'Configuration will proceed anyway, since you have set the' >&2
- echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2
- echo >&2
- else
- cat >&2 <<'END'
-Aborting the configuration process, to ensure you take notice of the issue.
-
-You can download and install GNU coreutils to get an 'rm' implementation
-that behaves properly: <https://www.gnu.org/software/coreutils/>.
-
-If you want to complete the configuration process using your problematic
-'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
-to "yes", and re-run configure.
-
-END
- AC_MSG_ERROR([Your 'rm' program is bad, sorry.])
- fi
-fi
-dnl The trailing newline in this macro's definition is deliberate, for
-dnl backward compatibility and to allow trailing 'dnl'-style comments
-dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841.
-])
-m4trace:/usr/share/aclocal-1.16/init.m4:204: -1- AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], [# Compute $1's index in $config_headers.
-_am_arg=$1
-_am_stamp_count=1
-for _am_header in $config_headers :; do
- case $_am_header in
- $_am_arg | $_am_arg:* )
- break ;;
- * )
- _am_stamp_count=`expr $_am_stamp_count + 1` ;;
- esac
-done
-echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
-m4trace:/usr/share/aclocal-1.16/install-sh.m4:11: -1- AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-if test x"${install_sh+set}" != xset; then
- case $am_aux_dir in
- *\ * | *\ *)
- install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
- *)
- install_sh="\${SHELL} $am_aux_dir/install-sh"
- esac
-fi
-AC_SUBST([install_sh])])
-m4trace:/usr/share/aclocal-1.16/lead-dot.m4:10: -1- AC_DEFUN([AM_SET_LEADING_DOT], [rm -rf .tst 2>/dev/null
-mkdir .tst 2>/dev/null
-if test -d .tst; then
- am__leading_dot=.
-else
- am__leading_dot=_
-fi
-rmdir .tst 2>/dev/null
-AC_SUBST([am__leading_dot])])
-m4trace:/usr/share/aclocal-1.16/lex.m4:13: -1- AC_DEFUN([AM_PROG_LEX], [AC_PREREQ([2.50])dnl
-AC_REQUIRE([AM_MISSING_HAS_RUN])dnl
-AC_REQUIRE([AC_PROG_LEX])dnl
-if test "$LEX" = :; then
- LEX=${am_missing_run}flex
-fi])
-m4trace:/usr/share/aclocal-1.16/make.m4:13: -1- AC_DEFUN([AM_MAKE_INCLUDE], [AC_MSG_CHECKING([whether ${MAKE-make} supports the include directive])
-cat > confinc.mk << 'END'
-am__doit:
- @echo this is the am__doit target >confinc.out
-.PHONY: am__doit
-END
-am__include="#"
-am__quote=
-# BSD make does it like this.
-echo '.include "confinc.mk" # ignored' > confmf.BSD
-# Other make implementations (GNU, Solaris 10, AIX) do it like this.
-echo 'include confinc.mk # ignored' > confmf.GNU
-_am_result=no
-for s in GNU BSD; do
- AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out])
- AS_CASE([$?:`cat confinc.out 2>/dev/null`],
- ['0:this is the am__doit target'],
- [AS_CASE([$s],
- [BSD], [am__include='.include' am__quote='"'],
- [am__include='include' am__quote=''])])
- if test "$am__include" != "#"; then
- _am_result="yes ($s style)"
- break
- fi
-done
-rm -f confinc.* confmf.*
-AC_MSG_RESULT([${_am_result}])
-AC_SUBST([am__include])])
-m4trace:/usr/share/aclocal-1.16/make.m4:42: -1- m4_pattern_allow([^am__quote$])
-m4trace:/usr/share/aclocal-1.16/missing.m4:11: -1- AC_DEFUN([AM_MISSING_PROG], [AC_REQUIRE([AM_MISSING_HAS_RUN])
-$1=${$1-"${am_missing_run}$2"}
-AC_SUBST($1)])
-m4trace:/usr/share/aclocal-1.16/missing.m4:20: -1- AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-AC_REQUIRE_AUX_FILE([missing])dnl
-if test x"${MISSING+set}" != xset; then
- MISSING="\${SHELL} '$am_aux_dir/missing'"
-fi
-# Use eval to expand $SHELL
-if eval "$MISSING --is-lightweight"; then
- am_missing_run="$MISSING "
-else
- am_missing_run=
- AC_MSG_WARN(['missing' script is too old or missing])
-fi
-])
-m4trace:/usr/share/aclocal-1.16/options.m4:11: -1- AC_DEFUN([_AM_MANGLE_OPTION], [[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
-m4trace:/usr/share/aclocal-1.16/options.m4:17: -1- AC_DEFUN([_AM_SET_OPTION], [m4_define(_AM_MANGLE_OPTION([$1]), [1])])
-m4trace:/usr/share/aclocal-1.16/options.m4:23: -1- AC_DEFUN([_AM_SET_OPTIONS], [m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
-m4trace:/usr/share/aclocal-1.16/options.m4:29: -1- AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
-m4trace:/usr/share/aclocal-1.16/prog-cc-c-o.m4:12: -1- AC_DEFUN([_AM_PROG_CC_C_O], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-AC_REQUIRE_AUX_FILE([compile])dnl
-AC_LANG_PUSH([C])dnl
-AC_CACHE_CHECK(
- [whether $CC understands -c and -o together],
- [am_cv_prog_cc_c_o],
- [AC_LANG_CONFTEST([AC_LANG_PROGRAM([])])
- # Make sure it works both with $CC and with simple cc.
- # Following AC_PROG_CC_C_O, we do the test twice because some
- # compilers refuse to overwrite an existing .o file with -o,
- # though they will create one.
- am_cv_prog_cc_c_o=yes
- for am_i in 1 2; do
- if AM_RUN_LOG([$CC -c conftest.$ac_ext -o conftest2.$ac_objext]) \
- && test -f conftest2.$ac_objext; then
- : OK
- else
- am_cv_prog_cc_c_o=no
- break
- fi
- done
- rm -f core conftest*
- unset am_i])
-if test "$am_cv_prog_cc_c_o" != yes; then
- # Losing compiler, so override with the script.
- # FIXME: It is wrong to rewrite CC.
- # But if we don't then we get into trouble of one sort or another.
- # A longer-term fix would be to have automake use am__CC in this case,
- # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
- CC="$am_aux_dir/compile $CC"
-fi
-AC_LANG_POP([C])])
-m4trace:/usr/share/aclocal-1.16/prog-cc-c-o.m4:47: -1- AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
-m4trace:/usr/share/aclocal-1.16/python.m4:35: -1- AC_DEFUN([AM_PATH_PYTHON], [
- dnl Find a Python interpreter. Python versions prior to 2.0 are not
- dnl supported. (2.0 was released on October 16, 2000).
- m4_define_default([_AM_PYTHON_INTERPRETER_LIST],
-[python python2 python3 dnl
- python3.11 python3.10 dnl
- python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 dnl
- python3.2 python3.1 python3.0 dnl
- python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 dnl
- python2.0])
-
- AC_ARG_VAR([PYTHON], [the Python interpreter])
-
- m4_if([$1],[],[
- dnl No version check is needed.
- # Find any Python interpreter.
- if test -z "$PYTHON"; then
- AC_PATH_PROGS([PYTHON], _AM_PYTHON_INTERPRETER_LIST, :)
- fi
- am_display_PYTHON=python
- ], [
- dnl A version check is needed.
- if test -n "$PYTHON"; then
- # If the user set $PYTHON, use it and don't search something else.
- AC_MSG_CHECKING([whether $PYTHON version is >= $1])
- AM_PYTHON_CHECK_VERSION([$PYTHON], [$1],
- [AC_MSG_RESULT([yes])],
- [AC_MSG_RESULT([no])
- AC_MSG_ERROR([Python interpreter is too old])])
- am_display_PYTHON=$PYTHON
- else
- # Otherwise, try each interpreter until we find one that satisfies
- # VERSION.
- AC_CACHE_CHECK([for a Python interpreter with version >= $1],
- [am_cv_pathless_PYTHON],[
- for am_cv_pathless_PYTHON in _AM_PYTHON_INTERPRETER_LIST none; do
- test "$am_cv_pathless_PYTHON" = none && break
- AM_PYTHON_CHECK_VERSION([$am_cv_pathless_PYTHON], [$1], [break])
- done])
- # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON.
- if test "$am_cv_pathless_PYTHON" = none; then
- PYTHON=:
- else
- AC_PATH_PROG([PYTHON], [$am_cv_pathless_PYTHON])
- fi
- am_display_PYTHON=$am_cv_pathless_PYTHON
- fi
- ])
-
- if test "$PYTHON" = :; then
- dnl Run any user-specified action, or abort.
- m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])])
- else
-
- dnl Query Python for its version number. Although site.py simply uses
- dnl sys.version[:3], printing that failed with Python 3.10, since the
- dnl trailing zero was eliminated. So now we output just the major
- dnl and minor version numbers, as numbers. Apparently the tertiary
- dnl version is not of interest.
- dnl
- AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version],
- [am_cv_python_version=`$PYTHON -c "import sys; print ('%u.%u' % sys.version_info[[:2]])"`])
- AC_SUBST([PYTHON_VERSION], [$am_cv_python_version])
-
- dnl At times, e.g., when building shared libraries, you may want
- dnl to know which OS platform Python thinks this is.
- dnl
- AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform],
- [am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`])
- AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform])
-
- dnl emacs-page
- dnl If --with-python-sys-prefix is given, use the values of sys.prefix
- dnl and sys.exec_prefix for the corresponding values of PYTHON_PREFIX
- dnl and PYTHON_EXEC_PREFIX. Otherwise, use the GNU ${prefix} and
- dnl ${exec_prefix} variables.
- dnl
- dnl The two are made distinct variables so they can be overridden if
- dnl need be, although general consensus is that you shouldn't need
- dnl this separation.
- dnl
- dnl Also allow directly setting the prefixes via configure options,
- dnl overriding any default.
- dnl
- if test "x$prefix" = xNONE; then
- am__usable_prefix=$ac_default_prefix
- else
- am__usable_prefix=$prefix
- fi
-
- # Allow user to request using sys.* values from Python,
- # instead of the GNU $prefix values.
- AC_ARG_WITH([python-sys-prefix],
- [AS_HELP_STRING([--with-python-sys-prefix],
- [use Python's sys.prefix and sys.exec_prefix values])],
- [am_use_python_sys=:],
- [am_use_python_sys=false])
-
- # Allow user to override whatever the default Python prefix is.
- AC_ARG_WITH([python_prefix],
- [AS_HELP_STRING([--with-python_prefix],
- [override the default PYTHON_PREFIX])],
- [am_python_prefix_subst=$withval
- am_cv_python_prefix=$withval
- AC_MSG_CHECKING([for explicit $am_display_PYTHON prefix])
- AC_MSG_RESULT([$am_cv_python_prefix])],
- [
- if $am_use_python_sys; then
- # using python sys.prefix value, not GNU
- AC_CACHE_CHECK([for python default $am_display_PYTHON prefix],
- [am_cv_python_prefix],
- [am_cv_python_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.prefix)"`])
-
- dnl If sys.prefix is a subdir of $prefix, replace the literal value of
- dnl $prefix with a variable reference so it can be overridden.
- case $am_cv_python_prefix in
- $am__usable_prefix*)
- am__strip_prefix=`echo "$am__usable_prefix" | sed 's|.|.|g'`
- am_python_prefix_subst=`echo "$am_cv_python_prefix" | sed "s,^$am__strip_prefix,\\${prefix},"`
- ;;
- *)
- am_python_prefix_subst=$am_cv_python_prefix
- ;;
- esac
- else # using GNU prefix value, not python sys.prefix
- am_python_prefix_subst='${prefix}'
- am_python_prefix=$am_python_prefix_subst
- AC_MSG_CHECKING([for GNU default $am_display_PYTHON prefix])
- AC_MSG_RESULT([$am_python_prefix])
- fi])
- # Substituting python_prefix_subst value.
- AC_SUBST([PYTHON_PREFIX], [$am_python_prefix_subst])
-
- # emacs-page Now do it all over again for Python exec_prefix, but with yet
- # another conditional: fall back to regular prefix if that was specified.
- AC_ARG_WITH([python_exec_prefix],
- [AS_HELP_STRING([--with-python_exec_prefix],
- [override the default PYTHON_EXEC_PREFIX])],
- [am_python_exec_prefix_subst=$withval
- am_cv_python_exec_prefix=$withval
- AC_MSG_CHECKING([for explicit $am_display_PYTHON exec_prefix])
- AC_MSG_RESULT([$am_cv_python_exec_prefix])],
- [
- # no explicit --with-python_exec_prefix, but if
- # --with-python_prefix was given, use its value for python_exec_prefix too.
- AS_IF([test -n "$with_python_prefix"],
- [am_python_exec_prefix_subst=$with_python_prefix
- am_cv_python_exec_prefix=$with_python_prefix
- AC_MSG_CHECKING([for python_prefix-given $am_display_PYTHON exec_prefix])
- AC_MSG_RESULT([$am_cv_python_exec_prefix])],
- [
- # Set am__usable_exec_prefix whether using GNU or Python values,
- # since we use that variable for pyexecdir.
- if test "x$exec_prefix" = xNONE; then
- am__usable_exec_prefix=$am__usable_prefix
- else
- am__usable_exec_prefix=$exec_prefix
- fi
- #
- if $am_use_python_sys; then # using python sys.exec_prefix, not GNU
- AC_CACHE_CHECK([for python default $am_display_PYTHON exec_prefix],
- [am_cv_python_exec_prefix],
- [am_cv_python_exec_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.exec_prefix)"`])
- dnl If sys.exec_prefix is a subdir of $exec_prefix, replace the
- dnl literal value of $exec_prefix with a variable reference so it can
- dnl be overridden.
- case $am_cv_python_exec_prefix in
- $am__usable_exec_prefix*)
- am__strip_prefix=`echo "$am__usable_exec_prefix" | sed 's|.|.|g'`
- am_python_exec_prefix_subst=`echo "$am_cv_python_exec_prefix" | sed "s,^$am__strip_prefix,\\${exec_prefix},"`
- ;;
- *)
- am_python_exec_prefix_subst=$am_cv_python_exec_prefix
- ;;
- esac
- else # using GNU $exec_prefix, not python sys.exec_prefix
- am_python_exec_prefix_subst='${exec_prefix}'
- am_python_exec_prefix=$am_python_exec_prefix_subst
- AC_MSG_CHECKING([for GNU default $am_display_PYTHON exec_prefix])
- AC_MSG_RESULT([$am_python_exec_prefix])
- fi])])
- # Substituting python_exec_prefix_subst.
- AC_SUBST([PYTHON_EXEC_PREFIX], [$am_python_exec_prefix_subst])
-
- # Factor out some code duplication into this shell variable.
- am_python_setup_sysconfig="\
-import sys
-# Prefer sysconfig over distutils.sysconfig, for better compatibility
-# with python 3.x. See automake bug#10227.
-try:
- import sysconfig
-except ImportError:
- can_use_sysconfig = 0
-else:
- can_use_sysconfig = 1
-# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs:
-# <https://github.com/pypa/virtualenv/issues/118>
-try:
- from platform import python_implementation
- if python_implementation() == 'CPython' and sys.version[[:3]] == '2.7':
- can_use_sysconfig = 0
-except ImportError:
- pass"
-
- dnl emacs-page Set up 4 directories:
-
- dnl 1. pythondir: where to install python scripts. This is the
- dnl site-packages directory, not the python standard library
- dnl directory like in previous automake betas. This behavior
- dnl is more consistent with lispdir.m4 for example.
- dnl Query distutils for this directory.
- dnl
- AC_CACHE_CHECK([for $am_display_PYTHON script directory (pythondir)],
- [am_cv_python_pythondir],
- [if test "x$am_cv_python_prefix" = x; then
- am_py_prefix=$am__usable_prefix
- else
- am_py_prefix=$am_cv_python_prefix
- fi
- am_cv_python_pythondir=`$PYTHON -c "
-$am_python_setup_sysconfig
-if can_use_sysconfig:
- if hasattr(sysconfig, 'get_default_scheme'):
- scheme = sysconfig.get_default_scheme()
- else:
- scheme = sysconfig._get_default_scheme()
- if scheme == 'posix_local':
- # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
- scheme = 'posix_prefix'
- sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'})
-else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
-sys.stdout.write(sitedir)"`
- #
- case $am_cv_python_pythondir in
- $am_py_prefix*)
- am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
- am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,\\${PYTHON_PREFIX},"`
- ;;
- *)
- case $am_py_prefix in
- /usr|/System*) ;;
- *) am_cv_python_pythondir="\${PYTHON_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
- ;;
- esac
- ;;
- esac
- ])
- AC_SUBST([pythondir], [$am_cv_python_pythondir])
-
- dnl 2. pkgpythondir: $PACKAGE directory under pythondir. Was
- dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is
- dnl more consistent with the rest of automake.
- dnl
- AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE])
-
- dnl 3. pyexecdir: directory for installing python extension modules
- dnl (shared libraries).
- dnl Query distutils for this directory.
- dnl
- AC_CACHE_CHECK([for $am_display_PYTHON extension module directory (pyexecdir)],
- [am_cv_python_pyexecdir],
- [if test "x$am_cv_python_exec_prefix" = x; then
- am_py_exec_prefix=$am__usable_exec_prefix
- else
- am_py_exec_prefix=$am_cv_python_exec_prefix
- fi
- am_cv_python_pyexecdir=`$PYTHON -c "
-$am_python_setup_sysconfig
-if can_use_sysconfig:
- if hasattr(sysconfig, 'get_default_scheme'):
- scheme = sysconfig.get_default_scheme()
- else:
- scheme = sysconfig._get_default_scheme()
- if scheme == 'posix_local':
- # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
- scheme = 'posix_prefix'
- sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'})
-else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_exec_prefix')
-sys.stdout.write(sitedir)"`
- #
- case $am_cv_python_pyexecdir in
- $am_py_exec_prefix*)
- am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
- am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,\\${PYTHON_EXEC_PREFIX},"`
- ;;
- *)
- case $am_py_exec_prefix in
- /usr|/System*) ;;
- *) am_cv_python_pyexecdir="\${PYTHON_EXEC_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
- ;;
- esac
- ;;
- esac
- ])
- AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir])
-
- dnl 4. pkgpyexecdir: $(pyexecdir)/$(PACKAGE)
- dnl
- AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE])
-
- dnl Run any user-specified action.
- $2
- fi
-])
-m4trace:/usr/share/aclocal-1.16/python.m4:353: -1- AC_DEFUN([AM_PYTHON_CHECK_VERSION], [prog="import sys
-# split strings by '.' and convert to numeric. Append some zeros
-# because we need at least 4 digits for the hex conversion.
-# map returns an iterator in Python 3.0 and a list in 2.x
-minver = list(map(int, '$2'.split('.'))) + [[0, 0, 0]]
-minverhex = 0
-# xrange is not present in Python 3.0 and range returns an iterator
-for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]]
-sys.exit(sys.hexversion < minverhex)"
- AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])])
-m4trace:/usr/share/aclocal-1.16/runlog.m4:12: -1- AC_DEFUN([AM_RUN_LOG], [{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD
- ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
- (exit $ac_status); }])
-m4trace:/usr/share/aclocal-1.16/sanity.m4:11: -1- AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane])
-# Reject unsafe characters in $srcdir or the absolute working directory
-# name. Accept space and tab only in the latter.
-am_lf='
-'
-case `pwd` in
- *[[\\\"\#\$\&\'\`$am_lf]]*)
- AC_MSG_ERROR([unsafe absolute working directory name]);;
-esac
-case $srcdir in
- *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*)
- AC_MSG_ERROR([unsafe srcdir value: '$srcdir']);;
-esac
-
-# Do 'set' in a subshell so we don't clobber the current shell's
-# arguments. Must try -L first in case configure is actually a
-# symlink; some systems play weird games with the mod time of symlinks
-# (eg FreeBSD returns the mod time of the symlink's containing
-# directory).
-if (
- am_has_slept=no
- for am_try in 1 2; do
- echo "timestamp, slept: $am_has_slept" > conftest.file
- set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
- if test "$[*]" = "X"; then
- # -L didn't work.
- set X `ls -t "$srcdir/configure" conftest.file`
- fi
- if test "$[*]" != "X $srcdir/configure conftest.file" \
- && test "$[*]" != "X conftest.file $srcdir/configure"; then
-
- # If neither matched, then we have a broken ls. This can happen
- # if, for instance, CONFIG_SHELL is bash and it inherits a
- # broken ls alias from the environment. This has actually
- # happened. Such a system could not be considered "sane".
- AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken
- alias in your environment])
- fi
- if test "$[2]" = conftest.file || test $am_try -eq 2; then
- break
- fi
- # Just in case.
- sleep 1
- am_has_slept=yes
- done
- test "$[2]" = conftest.file
- )
-then
- # Ok.
- :
-else
- AC_MSG_ERROR([newly created file is older than distributed files!
-Check your system clock])
-fi
-AC_MSG_RESULT([yes])
-# If we didn't sleep, we still need to ensure time stamps of config.status and
-# generated files are strictly newer.
-am_sleep_pid=
-if grep 'slept: no' conftest.file >/dev/null 2>&1; then
- ( sleep 1 ) &
- am_sleep_pid=$!
-fi
-AC_CONFIG_COMMANDS_PRE(
- [AC_MSG_CHECKING([that generated files are newer than configure])
- if test -n "$am_sleep_pid"; then
- # Hide warnings about reused PIDs.
- wait $am_sleep_pid 2>/dev/null
- fi
- AC_MSG_RESULT([done])])
-rm -f conftest.file
-])
-m4trace:/usr/share/aclocal-1.16/silent.m4:12: -1- AC_DEFUN([AM_SILENT_RULES], [AC_ARG_ENABLE([silent-rules], [dnl
-AS_HELP_STRING(
- [--enable-silent-rules],
- [less verbose build output (undo: "make V=1")])
-AS_HELP_STRING(
- [--disable-silent-rules],
- [verbose build output (undo: "make V=0")])dnl
-])
-case $enable_silent_rules in @%:@ (((
- yes) AM_DEFAULT_VERBOSITY=0;;
- no) AM_DEFAULT_VERBOSITY=1;;
- *) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);;
-esac
-dnl
-dnl A few 'make' implementations (e.g., NonStop OS and NextStep)
-dnl do not support nested variable expansions.
-dnl See automake bug#9928 and bug#10237.
-am_make=${MAKE-make}
-AC_CACHE_CHECK([whether $am_make supports nested variables],
- [am_cv_make_support_nested_variables],
- [if AS_ECHO([['TRUE=$(BAR$(V))
-BAR0=false
-BAR1=true
-V=1
-am__doit:
- @$(TRUE)
-.PHONY: am__doit']]) | $am_make -f - >/dev/null 2>&1; then
- am_cv_make_support_nested_variables=yes
-else
- am_cv_make_support_nested_variables=no
-fi])
-if test $am_cv_make_support_nested_variables = yes; then
- dnl Using '$V' instead of '$(V)' breaks IRIX make.
- AM_V='$(V)'
- AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
-else
- AM_V=$AM_DEFAULT_VERBOSITY
- AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY
-fi
-AC_SUBST([AM_V])dnl
-AM_SUBST_NOTMAKE([AM_V])dnl
-AC_SUBST([AM_DEFAULT_V])dnl
-AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl
-AC_SUBST([AM_DEFAULT_VERBOSITY])dnl
-AM_BACKSLASH='\'
-AC_SUBST([AM_BACKSLASH])dnl
-_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
-])
-m4trace:/usr/share/aclocal-1.16/strip.m4:17: -1- AC_DEFUN([AM_PROG_INSTALL_STRIP], [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
-# Installed binaries are usually stripped using 'strip' when the user
-# run "make install-strip". However 'strip' might not be the right
-# tool to use in cross-compilation environments, therefore Automake
-# will honor the 'STRIP' environment variable to overrule this program.
-dnl Don't test for $cross_compiling = yes, because it might be 'maybe'.
-if test "$cross_compiling" != no; then
- AC_CHECK_TOOL([STRIP], [strip], :)
-fi
-INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
-AC_SUBST([INSTALL_STRIP_PROGRAM])])
-m4trace:/usr/share/aclocal-1.16/substnot.m4:12: -1- AC_DEFUN([_AM_SUBST_NOTMAKE])
-m4trace:/usr/share/aclocal-1.16/substnot.m4:17: -1- AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
-m4trace:/usr/share/aclocal-1.16/tar.m4:23: -1- AC_DEFUN([_AM_PROG_TAR], [# Always define AMTAR for backward compatibility. Yes, it's still used
-# in the wild :-( We should find a proper way to deprecate it ...
-AC_SUBST([AMTAR], ['$${TAR-tar}'])
-
-# We'll loop over all known methods to create a tar archive until one works.
-_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
-
-m4_if([$1], [v7],
- [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'],
-
- [m4_case([$1],
- [ustar],
- [# The POSIX 1988 'ustar' format is defined with fixed-size fields.
- # There is notably a 21 bits limit for the UID and the GID. In fact,
- # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343
- # and bug#13588).
- am_max_uid=2097151 # 2^21 - 1
- am_max_gid=$am_max_uid
- # The $UID and $GID variables are not portable, so we need to resort
- # to the POSIX-mandated id(1) utility. Errors in the 'id' calls
- # below are definitely unexpected, so allow the users to see them
- # (that is, avoid stderr redirection).
- am_uid=`id -u || echo unknown`
- am_gid=`id -g || echo unknown`
- AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format])
- if test $am_uid -le $am_max_uid; then
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- _am_tools=none
- fi
- AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format])
- if test $am_gid -le $am_max_gid; then
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- _am_tools=none
- fi],
-
- [pax],
- [],
-
- [m4_fatal([Unknown tar format])])
-
- AC_MSG_CHECKING([how to create a $1 tar archive])
-
- # Go ahead even if we have the value already cached. We do so because we
- # need to set the values for the 'am__tar' and 'am__untar' variables.
- _am_tools=${am_cv_prog_tar_$1-$_am_tools}
-
- for _am_tool in $_am_tools; do
- case $_am_tool in
- gnutar)
- for _am_tar in tar gnutar gtar; do
- AM_RUN_LOG([$_am_tar --version]) && break
- done
- am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
- am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
- am__untar="$_am_tar -xf -"
- ;;
- plaintar)
- # Must skip GNU tar: if it does not support --format= it doesn't create
- # ustar tarball either.
- (tar --version) >/dev/null 2>&1 && continue
- am__tar='tar chf - "$$tardir"'
- am__tar_='tar chf - "$tardir"'
- am__untar='tar xf -'
- ;;
- pax)
- am__tar='pax -L -x $1 -w "$$tardir"'
- am__tar_='pax -L -x $1 -w "$tardir"'
- am__untar='pax -r'
- ;;
- cpio)
- am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
- am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
- am__untar='cpio -i -H $1 -d'
- ;;
- none)
- am__tar=false
- am__tar_=false
- am__untar=false
- ;;
- esac
-
- # If the value was cached, stop now. We just wanted to have am__tar
- # and am__untar set.
- test -n "${am_cv_prog_tar_$1}" && break
-
- # tar/untar a dummy directory, and stop if the command works.
- rm -rf conftest.dir
- mkdir conftest.dir
- echo GrepMe > conftest.dir/file
- AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
- rm -rf conftest.dir
- if test -s conftest.tar; then
- AM_RUN_LOG([$am__untar <conftest.tar])
- AM_RUN_LOG([cat conftest.dir/file])
- grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
- fi
- done
- rm -rf conftest.dir
-
- AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
- AC_MSG_RESULT([$am_cv_prog_tar_$1])])
-
-AC_SUBST([am__tar])
-AC_SUBST([am__untar])
-])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([^_?A[CHUM]_])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([_AC_])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([^LIBOBJS$], [do not use LIBOBJS directly, use AC_LIBOBJ (see section `AC_LIBOBJ vs LIBOBJS'])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^AS_FLAGS$])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([^_?m4_])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([^dnl$])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([^_?AS_])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^SHELL$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PATH_SEPARATOR$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_NAME$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_VERSION$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_STRING$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_URL$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^exec_prefix$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^prefix$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^program_transform_name$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^bindir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^sbindir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^libexecdir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^datarootdir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^datadir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^sysconfdir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^sharedstatedir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^localstatedir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^runstatedir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^includedir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^oldincludedir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^docdir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^infodir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^htmldir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^dvidir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^pdfdir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^psdir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^libdir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^localedir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^mandir$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_NAME$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_VERSION$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_STRING$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_URL$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^DEFS$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^ECHO_C$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^ECHO_N$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^ECHO_T$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^LIBS$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^build_alias$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^host_alias$])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^target_alias$])
-m4trace:configure.ac:8: -1- AM_INIT_AUTOMAKE([libapparmor1], [3.1.7])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_[A-Z]+FLAGS$])
-m4trace:configure.ac:8: -1- AM_SET_CURRENT_AUTOMAKE_VERSION
-m4trace:configure.ac:8: -1- AM_AUTOMAKE_VERSION([1.16.5])
-m4trace:configure.ac:8: -1- _AM_AUTOCONF_VERSION([2.71])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_PROGRAM$])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_SCRIPT$])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_DATA$])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^am__isrc$])
-m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([am__isrc])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^CYGPATH_W$])
-m4trace:configure.ac:8: -1- _m4_warn([obsolete], [AM_INIT_AUTOMAKE: two- and three-arguments forms are deprecated.], [./lib/autoconf/general.m4:2434: AC_DIAGNOSE is expanded from...
-/usr/share/aclocal-1.16/init.m4:29: AM_INIT_AUTOMAKE is expanded from...
-configure.ac:8: the top level])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^PACKAGE$])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^VERSION$])
-m4trace:configure.ac:8: -1- _AM_IF_OPTION([no-define], [], [AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package])
- AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])
-m4trace:configure.ac:8: -2- _AM_MANGLE_OPTION([no-define])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^PACKAGE$])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^VERSION$])
-m4trace:configure.ac:8: -1- AM_SANITY_CHECK
-m4trace:configure.ac:8: -1- AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}])
-m4trace:configure.ac:8: -1- AM_MISSING_HAS_RUN
-m4trace:configure.ac:8: -1- AM_AUX_DIR_EXPAND
-m4trace:configure.ac:8: -1- m4_pattern_allow([^ACLOCAL$])
-m4trace:configure.ac:8: -1- AM_MISSING_PROG([AUTOCONF], [autoconf])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AUTOCONF$])
-m4trace:configure.ac:8: -1- AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AUTOMAKE$])
-m4trace:configure.ac:8: -1- AM_MISSING_PROG([AUTOHEADER], [autoheader])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AUTOHEADER$])
-m4trace:configure.ac:8: -1- AM_MISSING_PROG([MAKEINFO], [makeinfo])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^MAKEINFO$])
-m4trace:configure.ac:8: -1- AM_PROG_INSTALL_SH
-m4trace:configure.ac:8: -1- m4_pattern_allow([^install_sh$])
-m4trace:configure.ac:8: -1- AM_PROG_INSTALL_STRIP
-m4trace:configure.ac:8: -1- m4_pattern_allow([^STRIP$])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_STRIP_PROGRAM$])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^MKDIR_P$])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^mkdir_p$])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AWK$])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^SET_MAKE$])
-m4trace:configure.ac:8: -1- AM_SET_LEADING_DOT
-m4trace:configure.ac:8: -1- m4_pattern_allow([^am__leading_dot$])
-m4trace:configure.ac:8: -1- _AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
- [_AM_PROG_TAR([v7])])])
-m4trace:configure.ac:8: -2- _AM_MANGLE_OPTION([tar-ustar])
-m4trace:configure.ac:8: -1- _AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], [_AM_PROG_TAR([v7])])
-m4trace:configure.ac:8: -2- _AM_MANGLE_OPTION([tar-pax])
-m4trace:configure.ac:8: -1- _AM_PROG_TAR([v7])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AMTAR$])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^am__tar$])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^am__untar$])
-m4trace:configure.ac:8: -1- _AM_IF_OPTION([no-dependencies], [], [AC_PROVIDE_IFELSE([AC_PROG_CC],
- [_AM_DEPENDENCIES([CC])],
- [m4_define([AC_PROG_CC],
- m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl
-AC_PROVIDE_IFELSE([AC_PROG_CXX],
- [_AM_DEPENDENCIES([CXX])],
- [m4_define([AC_PROG_CXX],
- m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl
-AC_PROVIDE_IFELSE([AC_PROG_OBJC],
- [_AM_DEPENDENCIES([OBJC])],
- [m4_define([AC_PROG_OBJC],
- m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl
-AC_PROVIDE_IFELSE([AC_PROG_OBJCXX],
- [_AM_DEPENDENCIES([OBJCXX])],
- [m4_define([AC_PROG_OBJCXX],
- m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl
-])
-m4trace:configure.ac:8: -2- _AM_MANGLE_OPTION([no-dependencies])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^CTAGS$])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^ETAGS$])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^CSCOPE$])
-m4trace:configure.ac:8: -1- AM_SILENT_RULES
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_V$])
-m4trace:configure.ac:8: -1- AM_SUBST_NOTMAKE([AM_V])
-m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([AM_V])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_DEFAULT_V$])
-m4trace:configure.ac:8: -1- AM_SUBST_NOTMAKE([AM_DEFAULT_V])
-m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([AM_DEFAULT_V])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_DEFAULT_VERBOSITY$])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_BACKSLASH$])
-m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([AM_BACKSLASH])
-m4trace:configure.ac:10: -1- AM_PROG_LEX
-m4trace:configure.ac:10: -1- _m4_warn([obsolete], [AC_PROG_LEX without either yywrap or noyywrap is obsolete], [./lib/autoconf/programs.m4:716: _AC_PROG_LEX is expanded from...
-./lib/autoconf/programs.m4:709: AC_PROG_LEX is expanded from...
-/usr/share/aclocal-1.16/lex.m4:13: AM_PROG_LEX is expanded from...
-configure.ac:10: the top level])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^LEX$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^LEX_OUTPUT_ROOT$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CFLAGS$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^LDFLAGS$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^LIBS$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CPPFLAGS$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^ac_ct_CC$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^EXEEXT$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^OBJEXT$])
-m4trace:configure.ac:10: -1- _AM_PROG_CC_C_O
-m4trace:configure.ac:10: -1- AM_RUN_LOG([$CC -c conftest.$ac_ext -o conftest2.$ac_objext])
-m4trace:configure.ac:10: -1- _AM_DEPENDENCIES([CC])
-m4trace:configure.ac:10: -1- AM_SET_DEPDIR
-m4trace:configure.ac:10: -1- m4_pattern_allow([^DEPDIR$])
-m4trace:configure.ac:10: -1- AM_OUTPUT_DEPENDENCY_COMMANDS
-m4trace:configure.ac:10: -1- AM_MAKE_INCLUDE
-m4trace:configure.ac:10: -1- AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^am__include$])
-m4trace:configure.ac:10: -1- AM_DEP_TRACK
-m4trace:configure.ac:10: -1- AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEP_TRUE$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEP_FALSE$])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEP_TRUE])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEP_FALSE])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEPBACKSLASH$])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^am__nodep$])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__nodep])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CCDEPMODE$])
-m4trace:configure.ac:10: -1- AM_CONDITIONAL([am__fastdepCC], [
- test "x$enable_dependency_tracking" != xno \
- && test "$am_cv_CC_dependencies_compiler_type" = gcc3])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^am__fastdepCC_TRUE$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^am__fastdepCC_FALSE$])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_TRUE])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_FALSE])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^LEXLIB$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^YYTEXT_POINTER$])
-m4trace:configure.ac:11: -1- m4_pattern_allow([^YACC$])
-m4trace:configure.ac:11: -1- m4_pattern_allow([^YACC$])
-m4trace:configure.ac:11: -1- m4_pattern_allow([^YFLAGS$])
-m4trace:configure.ac:12: -1- m4_pattern_allow([^SED$])
-m4trace:configure.ac:13: -1- PKG_PROG_PKG_CONFIG
-m4trace:configure.ac:13: -1- m4_pattern_forbid([^_?PKG_[A-Z_]+$])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG$])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG_PATH$])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG_LIBDIR$])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG$])
-m4trace:configure.ac:15: -1- m4_pattern_allow([^SWIG$])
-m4trace:configure.ac:23: -1- m4_pattern_allow([^ENABLE_DEBUG_OUTPUT$])
-m4trace:m4/ac_podchecker.m4:1: -1- AC_DEFUN([PROG_PODCHECKER], [
- AC_CHECK_PROG(PODCHECKER,podchecker,podchecker,no)
- if test "$PODCHECKER" = "no"; then
- AC_MSG_ERROR([
-The podchecker program was not found in the default path. podchecker is part of
-Perl, which can be retrieved from:
-
- https://www.perl.org
-])
- fi
-])
-m4trace:configure.ac:33: -1- PROG_PODCHECKER
-m4trace:configure.ac:33: -1- m4_pattern_allow([^PODCHECKER$])
-m4trace:m4/ac_pod2man.m4:1: -1- AC_DEFUN([PROG_POD2MAN], [
- AC_CHECK_PROG(POD2MAN,pod2man,pod2man,no)
- if test "$POD2MAN" = "no"; then
- AC_MSG_ERROR([
-The pod2man program was not found in the default path. pod2man is part of
-Perl, which can be retrieved from:
-
- https://www.perl.org
-])
- fi
-])
-m4trace:configure.ac:36: -1- PROG_POD2MAN
-m4trace:configure.ac:36: -1- m4_pattern_allow([^POD2MAN$])
-m4trace:configure.ac:45: -1- m4_pattern_allow([^PYTHON$])
-m4trace:m4/ac_python_devel.m4:1: -1- AC_DEFUN([AC_PYTHON_DEVEL], [
- #
- # Allow the use of a (user set) custom python version
- #
- AC_ARG_VAR([PYTHON_VERSION],[The installed Python
- version to use, for example '2.3'. This string
- will be appended to the Python interpreter
- canonical name.])
-
- AC_PATH_PROG([PYTHON],[python[$PYTHON_VERSION]])
- if test -z "$PYTHON"; then
- AC_MSG_ERROR([Cannot find python$PYTHON_VERSION in your system path])
- PYTHON_VERSION=""
- fi
-
- AC_PATH_TOOL([PYTHON_CONFIG],[`basename [$PYTHON]-config`])
- if test -z "$PYTHON_CONFIG"; then
- AC_MSG_ERROR([Cannot find python$PYTHON_VERSION-config in your system path])
- fi
-
- #
- # Check for a version of Python >= 2.1.0
- #
- AC_MSG_CHECKING([for a version of Python >= '2.1.0'])
- ac_supports_python_ver=`$PYTHON -c "import sys; \
- ver = sys.version.split()[[0]]; \
- sys.stdout.write(str(ver >= '2.1.0'))"`
- if test "$ac_supports_python_ver" != "True"; then
- if test -z "$PYTHON_NOVERSIONCHECK"; then
- AC_MSG_RESULT([no])
- AC_MSG_FAILURE([
-This version of the AC@&t@_PYTHON_DEVEL macro
-doesn't work properly with versions of Python before
-2.1.0. You may need to re-run configure, setting the
-variables PYTHON_CPPFLAGS, PYTHON_LDFLAGS, PYTHON_SITE_PKG,
-PYTHON_EXTRA_LIBS and PYTHON_EXTRA_LDFLAGS by hand.
-Moreover, to disable this check, set PYTHON_NOVERSIONCHECK
-to something else than an empty string.
-])
- else
- AC_MSG_RESULT([skip at user request])
- fi
- else
- AC_MSG_RESULT([yes])
- fi
-
- #
- # if the macro parameter ``version'' is set, honour it
- #
- if test -n "$1"; then
- AC_MSG_CHECKING([for a version of Python $1])
- ac_supports_python_ver=`$PYTHON -c "import sys; \
- ver = sys.version.split()[[0]]; \
- sys.stdout.write("%s\n" % (ver == $1))"`
- if test "$ac_supports_python_ver" = "True"; then
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- AC_MSG_ERROR([this package requires Python $1.
-If you have it installed, but it isn't the default Python
-interpreter in your system path, please pass the PYTHON_VERSION
-variable to configure. See ``configure --help'' for reference.
-])
- PYTHON_VERSION=""
- fi
- fi
-
- #
- # Check if you have setuptools, else fail
- #
- AC_MSG_CHECKING([for the setuptools Python package])
- ac_setuptools_result=`$PYTHON -c "import setuptools" 2>&1`
- if test -z "$ac_setuptools_result"; then
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- AC_MSG_ERROR([cannot import Python module "setuptools".
-Please check your Python installation. The error was:
-$ac_setuptools_result])
- PYTHON_VERSION=""
- fi
-
- #
- # Check for Python include path
- #
- AC_MSG_CHECKING([for Python include path])
- if type $PYTHON_CONFIG; then
- PYTHON_CPPFLAGS=`$PYTHON_CONFIG --includes`
- fi
- if test -z "$PYTHON_CPPFLAGS"; then
- python_path=`$PYTHON -c "import sys; import sysconfig;\
-sys.stdout.write('%s\n' % sysconfig.get_path('include'));"`
- if test -n "${python_path}"; then
- python_path="-I$python_path"
- fi
- PYTHON_CPPFLAGS=$python_path
- fi
- AC_MSG_RESULT([$PYTHON_CPPFLAGS])
- AC_SUBST([PYTHON_CPPFLAGS])
-
- #
- # Check for Python library path
- #
- AC_MSG_CHECKING([for Python library path])
- if type $PYTHON_CONFIG; then
- PYTHON_LDFLAGS=`$PYTHON_CONFIG --ldflags`
- fi
- if test -z "$PYTHON_LDFLAGS"; then
- # (makes two attempts to ensure we've got a version number
- # from the interpreter)
- py_version=`$PYTHON -c "import sys; import sysconfig; \
-sys.stdout.write('%s\n' % ''.join(sysconfig.get_config_vars('VERSION')))"`
- if test "$py_version" == "[None]"; then
- if test -n "$PYTHON_VERSION"; then
- py_version=$PYTHON_VERSION
- else
- py_version=`$PYTHON -c "import sys; \
-sys.stdout.write("%s\n" % sys.version[[:3]])"`
- fi
- fi
-
- PYTHON_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
-sys.stdout.write('-L' + sysconfig.get_path('stdlib') + ' -lpython\n')"`$py_version`$PYTHON -c \
-"import sys; sys.stdout.write('%s' % getattr(sys,'abiflags',''))"`
- fi
- AC_MSG_RESULT([$PYTHON_LDFLAGS])
- AC_SUBST([PYTHON_LDFLAGS])
-
- #
- # Check for site packages
- #
- AC_MSG_CHECKING([for Python site-packages path])
- if test -z "$PYTHON_SITE_PKG"; then
- PYTHON_SITE_PKG=`$PYTHON -c "import sys; import sysconfig; \
-sys.stdout.write('%s\n' % sysconfig.get_path('purelib'));"`
- fi
- AC_MSG_RESULT([$PYTHON_SITE_PKG])
- AC_SUBST([PYTHON_SITE_PKG])
-
- #
- # libraries which must be linked in when embedding
- #
- AC_MSG_CHECKING(python extra libraries)
- if type $PYTHON_CONFIG; then
- PYTHON_EXTRA_LIBS=`$PYTHON_CONFIG --libs --embed` || \
- PYTHON_EXTRA_LIBS=''
- fi
- if test -z "$PYTHON_EXTRA_LIBS"; then
- PYTHON_EXTRA_LIBS=`$PYTHON -c "import sys; import sysconfig; \
-conf = sysconfig.get_config_var; \
-sys.stdout.write('%s %s %s\n' % (conf('BLDLIBRARY'), conf('LOCALMODLIBS'), conf('LIBS')))"`
- fi
- AC_MSG_RESULT([$PYTHON_EXTRA_LIBS])
- AC_SUBST(PYTHON_EXTRA_LIBS)
-
- #
- # linking flags needed when embedding
- #
- AC_MSG_CHECKING(python extra linking flags)
- if type $PYTHON_CONFIG; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON_CONFIG --ldflags --embed` || \
- PYTHON_EXTRA_LDFLAGS=''
- fi
- if test -z "$PYTHON_EXTRA_LDFLAGS"; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
-conf = sysconfig.get_config_var; \
-sys.stdout.write('%s\n' % conf('LINKFORSHARED'))"`
- fi
- AC_MSG_RESULT([$PYTHON_EXTRA_LDFLAGS])
- AC_SUBST(PYTHON_EXTRA_LDFLAGS)
-
- #
- # final check to see if everything compiles alright
- #
- AC_MSG_CHECKING([consistency of all components of python development environment])
- AC_LANG_PUSH([C])
- # save current global flags
- ac_save_LIBS="$LIBS"
- ac_save_CPPFLAGS="$CPPFLAGS"
- LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
- CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
- AC_TRY_LINK([
- #include <Python.h>
- ],[
- Py_Initialize();
- ],[pythonexists=yes],[pythonexists=no])
-
- AC_MSG_RESULT([$pythonexists])
-
- if test ! "$pythonexists" = "yes"; then
- AC_MSG_ERROR([
- Could not link test program to Python. Maybe the main Python library has been
- installed in some non-standard library path. If so, pass it to configure,
- via the LDFLAGS environment variable.
- Example: ./configure LDFLAGS="-L/usr/non-standard-path/python/lib"
- ============================================================================
- ERROR!
- You probably have to install the development version of the Python package
- for your distribution. The exact name of this package varies among them.
- ============================================================================
- ])
- PYTHON_VERSION=""
- fi
- AC_LANG_POP
- # turn back to default flags
- CPPFLAGS="$ac_save_CPPFLAGS"
- LIBS="$ac_save_LIBS"
-
- #
- # all done!
- #
-])
-m4trace:configure.ac:48: -1- AC_PYTHON_DEVEL
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_VERSION$])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON$])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_CONFIG$])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_CPPFLAGS$])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_LDFLAGS$])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_SITE_PKG$])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_EXTRA_LIBS$])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_EXTRA_LDFLAGS$])
-m4trace:configure.ac:48: -1- _m4_warn([obsolete], [The macro `AC_TRY_LINK' is obsolete.
-You should run autoupdate.], [./lib/autoconf/general.m4:2920: AC_TRY_LINK is expanded from...
-m4/ac_python_devel.m4:1: AC_PYTHON_DEVEL is expanded from...
-configure.ac:48: the top level])
-m4trace:configure.ac:49: -1- AM_PATH_PYTHON([3.0])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON$])
-m4trace:configure.ac:49: -1- AM_PYTHON_CHECK_VERSION([$PYTHON], [3.0], [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no])
- AC_MSG_ERROR([Python interpreter is too old])])
-m4trace:configure.ac:49: -1- AM_RUN_LOG([$PYTHON -c "$prog"])
-m4trace:configure.ac:49: -1- AM_PYTHON_CHECK_VERSION([$am_cv_pathless_PYTHON], [3.0], [break])
-m4trace:configure.ac:49: -1- AM_RUN_LOG([$am_cv_pathless_PYTHON -c "$prog"])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON$])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_VERSION$])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_PLATFORM$])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_PREFIX$])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_EXEC_PREFIX$])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^pythondir$])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^pkgpythondir$])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^pyexecdir$])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^pkgpyexecdir$])
-m4trace:configure.ac:58: -1- m4_pattern_allow([^PERL$])
-m4trace:configure.ac:71: -1- m4_pattern_allow([^RUBY$])
-m4trace:configure.ac:76: -1- AM_CONDITIONAL([ENABLE_MAN_PAGES], [test x$enable_man_pages = xyes])
-m4trace:configure.ac:76: -1- m4_pattern_allow([^ENABLE_MAN_PAGES_TRUE$])
-m4trace:configure.ac:76: -1- m4_pattern_allow([^ENABLE_MAN_PAGES_FALSE$])
-m4trace:configure.ac:76: -1- _AM_SUBST_NOTMAKE([ENABLE_MAN_PAGES_TRUE])
-m4trace:configure.ac:76: -1- _AM_SUBST_NOTMAKE([ENABLE_MAN_PAGES_FALSE])
-m4trace:configure.ac:77: -1- AM_CONDITIONAL([HAVE_PYTHON], [test x$with_python = xyes])
-m4trace:configure.ac:77: -1- m4_pattern_allow([^HAVE_PYTHON_TRUE$])
-m4trace:configure.ac:77: -1- m4_pattern_allow([^HAVE_PYTHON_FALSE$])
-m4trace:configure.ac:77: -1- _AM_SUBST_NOTMAKE([HAVE_PYTHON_TRUE])
-m4trace:configure.ac:77: -1- _AM_SUBST_NOTMAKE([HAVE_PYTHON_FALSE])
-m4trace:configure.ac:78: -1- AM_CONDITIONAL([HAVE_PERL], [test x$with_perl = xyes])
-m4trace:configure.ac:78: -1- m4_pattern_allow([^HAVE_PERL_TRUE$])
-m4trace:configure.ac:78: -1- m4_pattern_allow([^HAVE_PERL_FALSE$])
-m4trace:configure.ac:78: -1- _AM_SUBST_NOTMAKE([HAVE_PERL_TRUE])
-m4trace:configure.ac:78: -1- _AM_SUBST_NOTMAKE([HAVE_PERL_FALSE])
-m4trace:configure.ac:79: -1- AM_CONDITIONAL([HAVE_RUBY], [test x$with_ruby = xyes])
-m4trace:configure.ac:79: -1- m4_pattern_allow([^HAVE_RUBY_TRUE$])
-m4trace:configure.ac:79: -1- m4_pattern_allow([^HAVE_RUBY_FALSE$])
-m4trace:configure.ac:79: -1- _AM_SUBST_NOTMAKE([HAVE_RUBY_TRUE])
-m4trace:configure.ac:79: -1- _AM_SUBST_NOTMAKE([HAVE_RUBY_FALSE])
-m4trace:configure.ac:81: -1- _m4_warn([obsolete], [The macro `AC_HEADER_STDC' is obsolete.
-You should run autoupdate.], [./lib/autoconf/headers.m4:704: AC_HEADER_STDC is expanded from...
-configure.ac:81: the top level])
-m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_stdio_h], [m4_divert_text([INIT_PREPARE],
- [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
- [" stdio.h ]AS_TR_SH([stdio.h]) AS_TR_CPP([HAVE_stdio.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
-m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_stdlib_h], [m4_divert_text([INIT_PREPARE],
- [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
- [" stdlib.h ]AS_TR_SH([stdlib.h]) AS_TR_CPP([HAVE_stdlib.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
-m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_string_h], [m4_divert_text([INIT_PREPARE],
- [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
- [" string.h ]AS_TR_SH([string.h]) AS_TR_CPP([HAVE_string.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
-m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_inttypes_h], [m4_divert_text([INIT_PREPARE],
- [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
- [" inttypes.h ]AS_TR_SH([inttypes.h]) AS_TR_CPP([HAVE_inttypes.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
-m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_stdint_h], [m4_divert_text([INIT_PREPARE],
- [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
- [" stdint.h ]AS_TR_SH([stdint.h]) AS_TR_CPP([HAVE_stdint.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
-m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_strings_h], [m4_divert_text([INIT_PREPARE],
- [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
- [" strings.h ]AS_TR_SH([strings.h]) AS_TR_CPP([HAVE_strings.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
-m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_sys_stat_h], [m4_divert_text([INIT_PREPARE],
- [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
- [" sys/stat.h ]AS_TR_SH([sys/stat.h]) AS_TR_CPP([HAVE_sys/stat.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
-m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_sys_types_h], [m4_divert_text([INIT_PREPARE],
- [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
- [" sys/types.h ]AS_TR_SH([sys/types.h]) AS_TR_CPP([HAVE_sys/types.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
-m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_unistd_h], [m4_divert_text([INIT_PREPARE],
- [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
- [" unistd.h ]AS_TR_SH([unistd.h]) AS_TR_CPP([HAVE_unistd.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
-m4trace:configure.ac:81: -1- m4_pattern_allow([^STDC_HEADERS$])
-m4trace:configure.ac:81: -1- AC_PROG_EGREP
-m4trace:configure.ac:81: -1- m4_pattern_allow([^GREP$])
-m4trace:configure.ac:81: -1- m4_pattern_allow([^EGREP$])
-m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_UNISTD_H$])
-m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_STDINT_H$])
-m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_SYSLOG_H$])
-m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_ASPRINTF$])
-m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE___SECURE_GETENV$])
-m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_SECURE_GETENV$])
-m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_REALLOCARRAY$])
-m4trace:configure.ac:86: -1- AM_PROG_CC_C_O
-m4trace:configure.ac:87: -1- m4_pattern_allow([^const$])
-m4trace:configure.ac:88: -1- AM_PROG_LIBTOOL
-m4trace:configure.ac:88: -1- _m4_warn([obsolete], [The macro `AM_PROG_LIBTOOL' is obsolete.
-You should run autoupdate.], [/usr/share/aclocal/libtool.m4:100: AM_PROG_LIBTOOL is expanded from...
-configure.ac:88: the top level])
-m4trace:configure.ac:88: -1- LT_INIT
-m4trace:configure.ac:88: -1- m4_pattern_forbid([^_?LT_[A-Z_]+$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])
-m4trace:configure.ac:88: -1- LTOPTIONS_VERSION
-m4trace:configure.ac:88: -1- LTSUGAR_VERSION
-m4trace:configure.ac:88: -1- LTVERSION_VERSION
-m4trace:configure.ac:88: -1- LTOBSOLETE_VERSION
-m4trace:configure.ac:88: -1- _LT_PROG_LTMAIN
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LIBTOOL$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^build$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^build_cpu$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^build_vendor$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^build_os$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^host$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^host_cpu$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^host_vendor$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^host_os$])
-m4trace:configure.ac:88: -1- _LT_PREPARE_SED_QUOTE_VARS
-m4trace:configure.ac:88: -1- _LT_PROG_ECHO_BACKSLASH
-m4trace:configure.ac:88: -1- LT_PATH_LD
-m4trace:configure.ac:88: -1- m4_pattern_allow([^SED$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^FGREP$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^GREP$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LD$])
-m4trace:configure.ac:88: -1- LT_PATH_NM
-m4trace:configure.ac:88: -1- m4_pattern_allow([^DUMPBIN$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^ac_ct_DUMPBIN$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^DUMPBIN$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^NM$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LN_S$])
-m4trace:configure.ac:88: -1- LT_CMD_MAX_LEN
-m4trace:configure.ac:88: -1- m4_pattern_allow([^OBJDUMP$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^OBJDUMP$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^DLLTOOL$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^DLLTOOL$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^AR$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^ac_ct_AR$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^STRIP$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^RANLIB$])
-m4trace:configure.ac:88: -1- _LT_WITH_SYSROOT
-m4trace:configure.ac:88: -1- m4_pattern_allow([LT_OBJDIR])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LT_OBJDIR$])
-m4trace:configure.ac:88: -1- _LT_CC_BASENAME([$compiler])
-m4trace:configure.ac:88: -1- _LT_PATH_TOOL_PREFIX([${ac_tool_prefix}file], [/usr/bin$PATH_SEPARATOR$PATH])
-m4trace:configure.ac:88: -1- _LT_PATH_TOOL_PREFIX([file], [/usr/bin$PATH_SEPARATOR$PATH])
-m4trace:configure.ac:88: -1- LT_SUPPORTED_TAG([CC])
-m4trace:configure.ac:88: -1- _LT_COMPILER_BOILERPLATE
-m4trace:configure.ac:88: -1- _LT_LINKER_BOILERPLATE
-m4trace:configure.ac:88: -1- _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], [lt_cv_prog_compiler_rtti_exceptions], [-fno-rtti -fno-exceptions], [], [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, )="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, ) -fno-rtti -fno-exceptions"])
-m4trace:configure.ac:88: -1- _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, ) works], [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, )], [$_LT_TAGVAR(lt_prog_compiler_pic, )@&t@m4_if([],[],[ -DPIC],[m4_if([],[CXX],[ -DPIC],[])])], [], [case $_LT_TAGVAR(lt_prog_compiler_pic, ) in
- "" | " "*) ;;
- *) _LT_TAGVAR(lt_prog_compiler_pic, )=" $_LT_TAGVAR(lt_prog_compiler_pic, )" ;;
- esac], [_LT_TAGVAR(lt_prog_compiler_pic, )=
- _LT_TAGVAR(lt_prog_compiler_can_build_shared, )=no])
-m4trace:configure.ac:88: -1- _LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works], [lt_cv_prog_compiler_static_works], [$lt_tmp_static_flag], [], [_LT_TAGVAR(lt_prog_compiler_static, )=])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^MANIFEST_TOOL$])
-m4trace:configure.ac:88: -1- _LT_DLL_DEF_P([$export_symbols])
-m4trace:configure.ac:88: -1- _LT_DLL_DEF_P([$export_symbols])
-m4trace:configure.ac:88: -1- _LT_REQUIRED_DARWIN_CHECKS
-m4trace:configure.ac:88: -1- m4_pattern_allow([^DSYMUTIL$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^NMEDIT$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LIPO$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^OTOOL$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^OTOOL64$])
-m4trace:configure.ac:88: -1- _LT_LINKER_OPTION([if $CC understands -b], [lt_cv_prog_compiler__b], [-b], [_LT_TAGVAR(archive_cmds, )='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'], [_LT_TAGVAR(archive_cmds, )='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LT_SYS_LIBRARY_PATH$])
-m4trace:configure.ac:88: -1- LT_SYS_DLOPEN_SELF
-m4trace:configure.ac:88: -1- m4_pattern_allow([^HAVE_DLFCN_H$])
-m4trace:configure.ac:90: -1- _m4_warn([obsolete], [The macro `AC_PROG_CC_C99' is obsolete.
-You should run autoupdate.], [./lib/autoconf/c.m4:1659: AC_PROG_CC_C99 is expanded from...
-configure.ac:90: the top level])
-m4trace:configure.ac:95: -1- _m4_warn([obsolete], [AC_OUTPUT should be used without arguments.
-You should run autoupdate.], [])
-m4trace:configure.ac:95: -1- m4_pattern_allow([^LIB@&t@OBJS$])
-m4trace:configure.ac:95: -1- m4_pattern_allow([^LTLIBOBJS$])
-m4trace:configure.ac:95: -1- AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])
-m4trace:configure.ac:95: -1- m4_pattern_allow([^am__EXEEXT_TRUE$])
-m4trace:configure.ac:95: -1- m4_pattern_allow([^am__EXEEXT_FALSE$])
-m4trace:configure.ac:95: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_TRUE])
-m4trace:configure.ac:95: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_FALSE])
-m4trace:configure.ac:95: -1- _AM_OUTPUT_DEPENDENCY_COMMANDS
-m4trace:configure.ac:95: -1- AM_RUN_LOG([cd "$am_dirpart" \
- && sed -e '/# am--include-marker/d' "$am_filepart" \
- | $MAKE -f - am--depfiles])
-m4trace:configure.ac:95: -1- _LT_PROG_LTMAIN
diff --git a/libraries/libapparmor/autom4te.cache/traces.1 b/libraries/libapparmor/autom4te.cache/traces.1
deleted file mode 100644
index 50db8200f6ccea9590172598a0bf955f41d0f080..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/autom4te.cache/traces.1
+++ /dev/null
@@ -1,745 +0,0 @@
-m4trace:aclocal.m4:10047: -1- AC_SUBST([am__quote])
-m4trace:aclocal.m4:10047: -1- AC_SUBST_TRACE([am__quote])
-m4trace:aclocal.m4:10047: -1- m4_pattern_allow([^am__quote$])
-m4trace:configure.ac:1: -2- m4_sinclude([common/Version])
-m4trace:configure.ac:2: -3- m4_sinclude([../../common/Version])
-m4trace:configure.ac:6: -1- AC_INIT([configure.ac])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([^_?A[CHUM]_])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([_AC_])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([^LIBOBJS$], [do not use LIBOBJS directly, use AC_LIBOBJ (see section `AC_LIBOBJ vs LIBOBJS'])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^AS_FLAGS$])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([^_?m4_])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([^dnl$])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([^_?AS_])
-m4trace:configure.ac:6: -1- AC_SUBST([SHELL])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([SHELL])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^SHELL$])
-m4trace:configure.ac:6: -1- AC_SUBST([PATH_SEPARATOR])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PATH_SEPARATOR])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PATH_SEPARATOR$])
-m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_NAME], [m4_ifdef([AC_PACKAGE_NAME], ['AC_PACKAGE_NAME'])])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_NAME])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_NAME$])
-m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_TARNAME], [m4_ifdef([AC_PACKAGE_TARNAME], ['AC_PACKAGE_TARNAME'])])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_TARNAME])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
-m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_VERSION], [m4_ifdef([AC_PACKAGE_VERSION], ['AC_PACKAGE_VERSION'])])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_VERSION])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_VERSION$])
-m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_STRING], [m4_ifdef([AC_PACKAGE_STRING], ['AC_PACKAGE_STRING'])])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_STRING])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_STRING$])
-m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_BUGREPORT], [m4_ifdef([AC_PACKAGE_BUGREPORT], ['AC_PACKAGE_BUGREPORT'])])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_BUGREPORT])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
-m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_URL], [m4_ifdef([AC_PACKAGE_URL], ['AC_PACKAGE_URL'])])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_URL])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_URL$])
-m4trace:configure.ac:6: -1- AC_SUBST([exec_prefix], [NONE])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([exec_prefix])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^exec_prefix$])
-m4trace:configure.ac:6: -1- AC_SUBST([prefix], [NONE])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([prefix])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^prefix$])
-m4trace:configure.ac:6: -1- AC_SUBST([program_transform_name], [s,x,x,])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([program_transform_name])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^program_transform_name$])
-m4trace:configure.ac:6: -1- AC_SUBST([bindir], ['${exec_prefix}/bin'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([bindir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^bindir$])
-m4trace:configure.ac:6: -1- AC_SUBST([sbindir], ['${exec_prefix}/sbin'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([sbindir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^sbindir$])
-m4trace:configure.ac:6: -1- AC_SUBST([libexecdir], ['${exec_prefix}/libexec'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([libexecdir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^libexecdir$])
-m4trace:configure.ac:6: -1- AC_SUBST([datarootdir], ['${prefix}/share'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([datarootdir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^datarootdir$])
-m4trace:configure.ac:6: -1- AC_SUBST([datadir], ['${datarootdir}'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([datadir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^datadir$])
-m4trace:configure.ac:6: -1- AC_SUBST([sysconfdir], ['${prefix}/etc'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([sysconfdir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^sysconfdir$])
-m4trace:configure.ac:6: -1- AC_SUBST([sharedstatedir], ['${prefix}/com'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([sharedstatedir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^sharedstatedir$])
-m4trace:configure.ac:6: -1- AC_SUBST([localstatedir], ['${prefix}/var'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([localstatedir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^localstatedir$])
-m4trace:configure.ac:6: -1- AC_SUBST([runstatedir], ['${localstatedir}/run'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([runstatedir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^runstatedir$])
-m4trace:configure.ac:6: -1- AC_SUBST([includedir], ['${prefix}/include'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([includedir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^includedir$])
-m4trace:configure.ac:6: -1- AC_SUBST([oldincludedir], ['/usr/include'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([oldincludedir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^oldincludedir$])
-m4trace:configure.ac:6: -1- AC_SUBST([docdir], [m4_ifset([AC_PACKAGE_TARNAME],
- ['${datarootdir}/doc/${PACKAGE_TARNAME}'],
- ['${datarootdir}/doc/${PACKAGE}'])])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([docdir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^docdir$])
-m4trace:configure.ac:6: -1- AC_SUBST([infodir], ['${datarootdir}/info'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([infodir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^infodir$])
-m4trace:configure.ac:6: -1- AC_SUBST([htmldir], ['${docdir}'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([htmldir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^htmldir$])
-m4trace:configure.ac:6: -1- AC_SUBST([dvidir], ['${docdir}'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([dvidir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^dvidir$])
-m4trace:configure.ac:6: -1- AC_SUBST([pdfdir], ['${docdir}'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([pdfdir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^pdfdir$])
-m4trace:configure.ac:6: -1- AC_SUBST([psdir], ['${docdir}'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([psdir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^psdir$])
-m4trace:configure.ac:6: -1- AC_SUBST([libdir], ['${exec_prefix}/lib'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([libdir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^libdir$])
-m4trace:configure.ac:6: -1- AC_SUBST([localedir], ['${datarootdir}/locale'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([localedir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^localedir$])
-m4trace:configure.ac:6: -1- AC_SUBST([mandir], ['${datarootdir}/man'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([mandir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^mandir$])
-m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_NAME])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_NAME$])
-m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_NAME], [/* Define to the full name of this package. */
-@%:@undef PACKAGE_NAME])
-m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_TARNAME])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
-m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_TARNAME], [/* Define to the one symbol short name of this package. */
-@%:@undef PACKAGE_TARNAME])
-m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_VERSION])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_VERSION$])
-m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_VERSION], [/* Define to the version of this package. */
-@%:@undef PACKAGE_VERSION])
-m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_STRING])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_STRING$])
-m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_STRING], [/* Define to the full name and version of this package. */
-@%:@undef PACKAGE_STRING])
-m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_BUGREPORT])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
-m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_BUGREPORT], [/* Define to the address where bug reports for this package should be sent. */
-@%:@undef PACKAGE_BUGREPORT])
-m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_URL])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_URL$])
-m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_URL], [/* Define to the home page for this package. */
-@%:@undef PACKAGE_URL])
-m4trace:configure.ac:6: -1- AC_SUBST([DEFS])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([DEFS])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^DEFS$])
-m4trace:configure.ac:6: -1- AC_SUBST([ECHO_C])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([ECHO_C])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^ECHO_C$])
-m4trace:configure.ac:6: -1- AC_SUBST([ECHO_N])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([ECHO_N])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^ECHO_N$])
-m4trace:configure.ac:6: -1- AC_SUBST([ECHO_T])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([ECHO_T])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^ECHO_T$])
-m4trace:configure.ac:6: -1- AC_SUBST([LIBS])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([LIBS])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^LIBS$])
-m4trace:configure.ac:6: -1- AC_SUBST([build_alias])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([build_alias])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^build_alias$])
-m4trace:configure.ac:6: -1- AC_SUBST([host_alias])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([host_alias])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^host_alias$])
-m4trace:configure.ac:6: -1- AC_SUBST([target_alias])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([target_alias])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^target_alias$])
-m4trace:configure.ac:8: -1- AM_INIT_AUTOMAKE([libapparmor1], [3.1.7])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_[A-Z]+FLAGS$])
-m4trace:configure.ac:8: -1- AM_AUTOMAKE_VERSION([1.16.5])
-m4trace:configure.ac:8: -1- AC_REQUIRE_AUX_FILE([install-sh])
-m4trace:configure.ac:8: -1- AC_SUBST([INSTALL_PROGRAM])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([INSTALL_PROGRAM])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_PROGRAM$])
-m4trace:configure.ac:8: -1- AC_SUBST([INSTALL_SCRIPT])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([INSTALL_SCRIPT])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_SCRIPT$])
-m4trace:configure.ac:8: -1- AC_SUBST([INSTALL_DATA])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([INSTALL_DATA])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_DATA$])
-m4trace:configure.ac:8: -1- AC_SUBST([am__isrc], [' -I$(srcdir)'])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([am__isrc])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^am__isrc$])
-m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([am__isrc])
-m4trace:configure.ac:8: -1- AC_SUBST([CYGPATH_W])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([CYGPATH_W])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^CYGPATH_W$])
-m4trace:configure.ac:8: -1- _m4_warn([obsolete], [AM_INIT_AUTOMAKE: two- and three-arguments forms are deprecated.], [./lib/autoconf/general.m4:2434: AC_DIAGNOSE is expanded from...
-aclocal.m4:9759: AM_INIT_AUTOMAKE is expanded from...
-configure.ac:8: the top level])
-m4trace:configure.ac:8: -1- AC_SUBST([PACKAGE], [libapparmor1])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([PACKAGE])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^PACKAGE$])
-m4trace:configure.ac:8: -1- AC_SUBST([VERSION], [3.1.7])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([VERSION])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^VERSION$])
-m4trace:configure.ac:8: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^PACKAGE$])
-m4trace:configure.ac:8: -1- AH_OUTPUT([PACKAGE], [/* Name of package */
-@%:@undef PACKAGE])
-m4trace:configure.ac:8: -1- AC_DEFINE_TRACE_LITERAL([VERSION])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^VERSION$])
-m4trace:configure.ac:8: -1- AH_OUTPUT([VERSION], [/* Version number of package */
-@%:@undef VERSION])
-m4trace:configure.ac:8: -1- AC_REQUIRE_AUX_FILE([missing])
-m4trace:configure.ac:8: -1- AC_SUBST([ACLOCAL])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([ACLOCAL])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^ACLOCAL$])
-m4trace:configure.ac:8: -1- AC_SUBST([AUTOCONF])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AUTOCONF])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AUTOCONF$])
-m4trace:configure.ac:8: -1- AC_SUBST([AUTOMAKE])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AUTOMAKE])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AUTOMAKE$])
-m4trace:configure.ac:8: -1- AC_SUBST([AUTOHEADER])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AUTOHEADER])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AUTOHEADER$])
-m4trace:configure.ac:8: -1- AC_SUBST([MAKEINFO])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([MAKEINFO])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^MAKEINFO$])
-m4trace:configure.ac:8: -1- AC_SUBST([install_sh])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([install_sh])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^install_sh$])
-m4trace:configure.ac:8: -1- AC_SUBST([STRIP])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([STRIP])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^STRIP$])
-m4trace:configure.ac:8: -1- AC_SUBST([INSTALL_STRIP_PROGRAM])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([INSTALL_STRIP_PROGRAM])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_STRIP_PROGRAM$])
-m4trace:configure.ac:8: -1- AC_REQUIRE_AUX_FILE([install-sh])
-m4trace:configure.ac:8: -1- AC_SUBST([MKDIR_P])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([MKDIR_P])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^MKDIR_P$])
-m4trace:configure.ac:8: -1- AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([mkdir_p])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^mkdir_p$])
-m4trace:configure.ac:8: -1- AC_SUBST([AWK])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AWK])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AWK$])
-m4trace:configure.ac:8: -1- AC_SUBST([SET_MAKE])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([SET_MAKE])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^SET_MAKE$])
-m4trace:configure.ac:8: -1- AC_SUBST([am__leading_dot])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([am__leading_dot])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^am__leading_dot$])
-m4trace:configure.ac:8: -1- AC_SUBST([AMTAR], ['$${TAR-tar}'])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AMTAR])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AMTAR$])
-m4trace:configure.ac:8: -1- AC_SUBST([am__tar])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([am__tar])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^am__tar$])
-m4trace:configure.ac:8: -1- AC_SUBST([am__untar])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([am__untar])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^am__untar$])
-m4trace:configure.ac:8: -1- AC_SUBST([CTAGS])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([CTAGS])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^CTAGS$])
-m4trace:configure.ac:8: -1- AC_SUBST([ETAGS])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([ETAGS])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^ETAGS$])
-m4trace:configure.ac:8: -1- AC_SUBST([CSCOPE])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([CSCOPE])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^CSCOPE$])
-m4trace:configure.ac:8: -1- AM_SILENT_RULES
-m4trace:configure.ac:8: -1- AC_SUBST([AM_V])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AM_V])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_V$])
-m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([AM_V])
-m4trace:configure.ac:8: -1- AC_SUBST([AM_DEFAULT_V])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AM_DEFAULT_V])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_DEFAULT_V$])
-m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([AM_DEFAULT_V])
-m4trace:configure.ac:8: -1- AC_SUBST([AM_DEFAULT_VERBOSITY])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AM_DEFAULT_VERBOSITY])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_DEFAULT_VERBOSITY$])
-m4trace:configure.ac:8: -1- AC_SUBST([AM_BACKSLASH])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AM_BACKSLASH])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_BACKSLASH$])
-m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([AM_BACKSLASH])
-m4trace:configure.ac:10: -1- _m4_warn([obsolete], [AC_PROG_LEX without either yywrap or noyywrap is obsolete], [./lib/autoconf/programs.m4:716: _AC_PROG_LEX is expanded from...
-./lib/autoconf/programs.m4:709: AC_PROG_LEX is expanded from...
-aclocal.m4:9998: AM_PROG_LEX is expanded from...
-configure.ac:10: the top level])
-m4trace:configure.ac:10: -1- AC_SUBST([LEX])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LEX])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^LEX$])
-m4trace:configure.ac:10: -1- AC_SUBST([LEX_OUTPUT_ROOT], [$ac_cv_prog_lex_root])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LEX_OUTPUT_ROOT])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^LEX_OUTPUT_ROOT$])
-m4trace:configure.ac:10: -1- AC_SUBST([CC])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- AC_SUBST([CFLAGS])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CFLAGS])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CFLAGS$])
-m4trace:configure.ac:10: -1- AC_SUBST([LDFLAGS])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LDFLAGS])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^LDFLAGS$])
-m4trace:configure.ac:10: -1- AC_SUBST([LIBS])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LIBS])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^LIBS$])
-m4trace:configure.ac:10: -1- AC_SUBST([CPPFLAGS])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CPPFLAGS])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CPPFLAGS$])
-m4trace:configure.ac:10: -1- AC_SUBST([CC])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- AC_SUBST([CC])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- AC_SUBST([CC])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- AC_SUBST([CC])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- AC_SUBST([ac_ct_CC])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([ac_ct_CC])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^ac_ct_CC$])
-m4trace:configure.ac:10: -1- AC_SUBST([CC])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- AC_SUBST([EXEEXT], [$ac_cv_exeext])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([EXEEXT])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^EXEEXT$])
-m4trace:configure.ac:10: -1- AC_SUBST([OBJEXT], [$ac_cv_objext])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OBJEXT])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^OBJEXT$])
-m4trace:configure.ac:10: -1- AC_REQUIRE_AUX_FILE([compile])
-m4trace:configure.ac:10: -1- AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DEPDIR])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^DEPDIR$])
-m4trace:configure.ac:10: -1- AC_SUBST([am__include])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__include])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^am__include$])
-m4trace:configure.ac:10: -1- AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
-m4trace:configure.ac:10: -1- AC_SUBST([AMDEP_TRUE])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEP_TRUE])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEP_TRUE$])
-m4trace:configure.ac:10: -1- AC_SUBST([AMDEP_FALSE])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEP_FALSE])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEP_FALSE$])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEP_TRUE])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEP_FALSE])
-m4trace:configure.ac:10: -1- AC_SUBST([AMDEPBACKSLASH])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEPBACKSLASH])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEPBACKSLASH$])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])
-m4trace:configure.ac:10: -1- AC_SUBST([am__nodep])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__nodep])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^am__nodep$])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__nodep])
-m4trace:configure.ac:10: -1- AC_SUBST([CCDEPMODE], [depmode=$am_cv_CC_dependencies_compiler_type])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CCDEPMODE])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CCDEPMODE$])
-m4trace:configure.ac:10: -1- AM_CONDITIONAL([am__fastdepCC], [
- test "x$enable_dependency_tracking" != xno \
- && test "$am_cv_CC_dependencies_compiler_type" = gcc3])
-m4trace:configure.ac:10: -1- AC_SUBST([am__fastdepCC_TRUE])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__fastdepCC_TRUE])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^am__fastdepCC_TRUE$])
-m4trace:configure.ac:10: -1- AC_SUBST([am__fastdepCC_FALSE])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__fastdepCC_FALSE])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^am__fastdepCC_FALSE$])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_TRUE])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_FALSE])
-m4trace:configure.ac:10: -1- AC_SUBST([LEXLIB])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LEXLIB])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^LEXLIB$])
-m4trace:configure.ac:10: -1- AC_DEFINE_TRACE_LITERAL([YYTEXT_POINTER])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^YYTEXT_POINTER$])
-m4trace:configure.ac:10: -1- AH_OUTPUT([YYTEXT_POINTER], [/* Define to 1 if `lex\' declares `yytext\' as a `char *\' by default, not a
- `char@<:@@:>@\'. */
-@%:@undef YYTEXT_POINTER])
-m4trace:configure.ac:11: -1- AC_SUBST([YACC])
-m4trace:configure.ac:11: -1- AC_SUBST_TRACE([YACC])
-m4trace:configure.ac:11: -1- m4_pattern_allow([^YACC$])
-m4trace:configure.ac:11: -1- AC_SUBST([YACC])
-m4trace:configure.ac:11: -1- AC_SUBST_TRACE([YACC])
-m4trace:configure.ac:11: -1- m4_pattern_allow([^YACC$])
-m4trace:configure.ac:11: -1- AC_SUBST([YFLAGS])
-m4trace:configure.ac:11: -1- AC_SUBST_TRACE([YFLAGS])
-m4trace:configure.ac:11: -1- m4_pattern_allow([^YFLAGS$])
-m4trace:configure.ac:12: -1- AC_SUBST([SED])
-m4trace:configure.ac:12: -1- AC_SUBST_TRACE([SED])
-m4trace:configure.ac:12: -1- m4_pattern_allow([^SED$])
-m4trace:configure.ac:13: -1- m4_pattern_forbid([^_?PKG_[A-Z_]+$])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
-m4trace:configure.ac:13: -1- AC_SUBST([PKG_CONFIG])
-m4trace:configure.ac:13: -1- AC_SUBST_TRACE([PKG_CONFIG])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG$])
-m4trace:configure.ac:13: -1- AC_SUBST([PKG_CONFIG_PATH])
-m4trace:configure.ac:13: -1- AC_SUBST_TRACE([PKG_CONFIG_PATH])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG_PATH$])
-m4trace:configure.ac:13: -1- AC_SUBST([PKG_CONFIG_LIBDIR])
-m4trace:configure.ac:13: -1- AC_SUBST_TRACE([PKG_CONFIG_LIBDIR])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG_LIBDIR$])
-m4trace:configure.ac:13: -1- AC_SUBST([PKG_CONFIG])
-m4trace:configure.ac:13: -1- AC_SUBST_TRACE([PKG_CONFIG])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG$])
-m4trace:configure.ac:15: -1- AC_SUBST([SWIG])
-m4trace:configure.ac:15: -1- AC_SUBST_TRACE([SWIG])
-m4trace:configure.ac:15: -1- m4_pattern_allow([^SWIG$])
-m4trace:configure.ac:23: -1- AC_DEFINE_TRACE_LITERAL([ENABLE_DEBUG_OUTPUT])
-m4trace:configure.ac:23: -1- m4_pattern_allow([^ENABLE_DEBUG_OUTPUT$])
-m4trace:configure.ac:23: -1- AH_OUTPUT([ENABLE_DEBUG_OUTPUT], [/* debug output */
-@%:@undef ENABLE_DEBUG_OUTPUT])
-m4trace:configure.ac:32: -1- sinclude([m4/ac_podchecker.m4])
-m4trace:configure.ac:33: -1- AC_SUBST([PODCHECKER])
-m4trace:configure.ac:33: -1- AC_SUBST_TRACE([PODCHECKER])
-m4trace:configure.ac:33: -1- m4_pattern_allow([^PODCHECKER$])
-m4trace:configure.ac:35: -1- sinclude([m4/ac_pod2man.m4])
-m4trace:configure.ac:36: -1- AC_SUBST([POD2MAN])
-m4trace:configure.ac:36: -1- AC_SUBST_TRACE([POD2MAN])
-m4trace:configure.ac:36: -1- m4_pattern_allow([^POD2MAN$])
-m4trace:configure.ac:45: -1- AC_SUBST([PYTHON])
-m4trace:configure.ac:45: -1- AC_SUBST_TRACE([PYTHON])
-m4trace:configure.ac:45: -1- m4_pattern_allow([^PYTHON$])
-m4trace:configure.ac:47: -1- sinclude([m4/ac_python_devel.m4])
-m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_VERSION])
-m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_VERSION])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_VERSION$])
-m4trace:configure.ac:48: -1- AC_SUBST([PYTHON])
-m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON$])
-m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_CONFIG])
-m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_CONFIG])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_CONFIG$])
-m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_CPPFLAGS])
-m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_CPPFLAGS])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_CPPFLAGS$])
-m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_LDFLAGS])
-m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_LDFLAGS])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_LDFLAGS$])
-m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_SITE_PKG])
-m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_SITE_PKG])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_SITE_PKG$])
-m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_EXTRA_LIBS])
-m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_EXTRA_LIBS])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_EXTRA_LIBS$])
-m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_EXTRA_LDFLAGS])
-m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_EXTRA_LDFLAGS])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_EXTRA_LDFLAGS$])
-m4trace:configure.ac:48: -1- _m4_warn([obsolete], [The macro `AC_TRY_LINK' is obsolete.
-You should run autoupdate.], [./lib/autoconf/general.m4:2920: AC_TRY_LINK is expanded from...
-m4/ac_python_devel.m4:1: AC_PYTHON_DEVEL is expanded from...
-configure.ac:48: the top level])
-m4trace:configure.ac:49: -1- AC_SUBST([PYTHON])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON$])
-m4trace:configure.ac:49: -1- AC_SUBST([PYTHON])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON$])
-m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_VERSION], [$am_cv_python_version])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON_VERSION])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_VERSION$])
-m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON_PLATFORM])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_PLATFORM$])
-m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_PREFIX], [$am_python_prefix_subst])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON_PREFIX])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_PREFIX$])
-m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_EXEC_PREFIX], [$am_python_exec_prefix_subst])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON_EXEC_PREFIX])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_EXEC_PREFIX$])
-m4trace:configure.ac:49: -1- AC_SUBST([pythondir], [$am_cv_python_pythondir])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([pythondir])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^pythondir$])
-m4trace:configure.ac:49: -1- AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([pkgpythondir])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^pkgpythondir$])
-m4trace:configure.ac:49: -1- AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([pyexecdir])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^pyexecdir$])
-m4trace:configure.ac:49: -1- AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([pkgpyexecdir])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^pkgpyexecdir$])
-m4trace:configure.ac:58: -1- AC_SUBST([PERL])
-m4trace:configure.ac:58: -1- AC_SUBST_TRACE([PERL])
-m4trace:configure.ac:58: -1- m4_pattern_allow([^PERL$])
-m4trace:configure.ac:71: -1- AC_SUBST([RUBY])
-m4trace:configure.ac:71: -1- AC_SUBST_TRACE([RUBY])
-m4trace:configure.ac:71: -1- m4_pattern_allow([^RUBY$])
-m4trace:configure.ac:76: -1- AM_CONDITIONAL([ENABLE_MAN_PAGES], [test x$enable_man_pages = xyes])
-m4trace:configure.ac:76: -1- AC_SUBST([ENABLE_MAN_PAGES_TRUE])
-m4trace:configure.ac:76: -1- AC_SUBST_TRACE([ENABLE_MAN_PAGES_TRUE])
-m4trace:configure.ac:76: -1- m4_pattern_allow([^ENABLE_MAN_PAGES_TRUE$])
-m4trace:configure.ac:76: -1- AC_SUBST([ENABLE_MAN_PAGES_FALSE])
-m4trace:configure.ac:76: -1- AC_SUBST_TRACE([ENABLE_MAN_PAGES_FALSE])
-m4trace:configure.ac:76: -1- m4_pattern_allow([^ENABLE_MAN_PAGES_FALSE$])
-m4trace:configure.ac:76: -1- _AM_SUBST_NOTMAKE([ENABLE_MAN_PAGES_TRUE])
-m4trace:configure.ac:76: -1- _AM_SUBST_NOTMAKE([ENABLE_MAN_PAGES_FALSE])
-m4trace:configure.ac:77: -1- AM_CONDITIONAL([HAVE_PYTHON], [test x$with_python = xyes])
-m4trace:configure.ac:77: -1- AC_SUBST([HAVE_PYTHON_TRUE])
-m4trace:configure.ac:77: -1- AC_SUBST_TRACE([HAVE_PYTHON_TRUE])
-m4trace:configure.ac:77: -1- m4_pattern_allow([^HAVE_PYTHON_TRUE$])
-m4trace:configure.ac:77: -1- AC_SUBST([HAVE_PYTHON_FALSE])
-m4trace:configure.ac:77: -1- AC_SUBST_TRACE([HAVE_PYTHON_FALSE])
-m4trace:configure.ac:77: -1- m4_pattern_allow([^HAVE_PYTHON_FALSE$])
-m4trace:configure.ac:77: -1- _AM_SUBST_NOTMAKE([HAVE_PYTHON_TRUE])
-m4trace:configure.ac:77: -1- _AM_SUBST_NOTMAKE([HAVE_PYTHON_FALSE])
-m4trace:configure.ac:78: -1- AM_CONDITIONAL([HAVE_PERL], [test x$with_perl = xyes])
-m4trace:configure.ac:78: -1- AC_SUBST([HAVE_PERL_TRUE])
-m4trace:configure.ac:78: -1- AC_SUBST_TRACE([HAVE_PERL_TRUE])
-m4trace:configure.ac:78: -1- m4_pattern_allow([^HAVE_PERL_TRUE$])
-m4trace:configure.ac:78: -1- AC_SUBST([HAVE_PERL_FALSE])
-m4trace:configure.ac:78: -1- AC_SUBST_TRACE([HAVE_PERL_FALSE])
-m4trace:configure.ac:78: -1- m4_pattern_allow([^HAVE_PERL_FALSE$])
-m4trace:configure.ac:78: -1- _AM_SUBST_NOTMAKE([HAVE_PERL_TRUE])
-m4trace:configure.ac:78: -1- _AM_SUBST_NOTMAKE([HAVE_PERL_FALSE])
-m4trace:configure.ac:79: -1- AM_CONDITIONAL([HAVE_RUBY], [test x$with_ruby = xyes])
-m4trace:configure.ac:79: -1- AC_SUBST([HAVE_RUBY_TRUE])
-m4trace:configure.ac:79: -1- AC_SUBST_TRACE([HAVE_RUBY_TRUE])
-m4trace:configure.ac:79: -1- m4_pattern_allow([^HAVE_RUBY_TRUE$])
-m4trace:configure.ac:79: -1- AC_SUBST([HAVE_RUBY_FALSE])
-m4trace:configure.ac:79: -1- AC_SUBST_TRACE([HAVE_RUBY_FALSE])
-m4trace:configure.ac:79: -1- m4_pattern_allow([^HAVE_RUBY_FALSE$])
-m4trace:configure.ac:79: -1- _AM_SUBST_NOTMAKE([HAVE_RUBY_TRUE])
-m4trace:configure.ac:79: -1- _AM_SUBST_NOTMAKE([HAVE_RUBY_FALSE])
-m4trace:configure.ac:81: -1- _m4_warn([obsolete], [The macro `AC_HEADER_STDC' is obsolete.
-You should run autoupdate.], [./lib/autoconf/headers.m4:704: AC_HEADER_STDC is expanded from...
-configure.ac:81: the top level])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STDIO_H], [/* Define to 1 if you have the <stdio.h> header file. */
-@%:@undef HAVE_STDIO_H])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
-@%:@undef HAVE_STDLIB_H])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
-@%:@undef HAVE_STRING_H])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
-@%:@undef HAVE_INTTYPES_H])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
-@%:@undef HAVE_STDINT_H])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
-@%:@undef HAVE_STRINGS_H])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
-@%:@undef HAVE_SYS_STAT_H])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */
-@%:@undef HAVE_SYS_TYPES_H])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
-@%:@undef HAVE_UNISTD_H])
-m4trace:configure.ac:81: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
-m4trace:configure.ac:81: -1- m4_pattern_allow([^STDC_HEADERS$])
-m4trace:configure.ac:81: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if all of the C90 standard headers exist (not just the ones
- required in a freestanding environment). This macro is provided for
- backward compatibility; new code need not use it. */
-@%:@undef STDC_HEADERS])
-m4trace:configure.ac:81: -1- AC_SUBST([GREP])
-m4trace:configure.ac:81: -1- AC_SUBST_TRACE([GREP])
-m4trace:configure.ac:81: -1- m4_pattern_allow([^GREP$])
-m4trace:configure.ac:81: -1- AC_SUBST([EGREP])
-m4trace:configure.ac:81: -1- AC_SUBST_TRACE([EGREP])
-m4trace:configure.ac:81: -1- m4_pattern_allow([^EGREP$])
-m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
-@%:@undef HAVE_UNISTD_H])
-m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UNISTD_H])
-m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_UNISTD_H$])
-m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
-@%:@undef HAVE_STDINT_H])
-m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDINT_H])
-m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_STDINT_H$])
-m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_SYSLOG_H], [/* Define to 1 if you have the <syslog.h> header file. */
-@%:@undef HAVE_SYSLOG_H])
-m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYSLOG_H])
-m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_SYSLOG_H$])
-m4trace:configure.ac:84: -1- AH_OUTPUT([HAVE_ASPRINTF], [/* Define to 1 if you have the `asprintf\' function. */
-@%:@undef HAVE_ASPRINTF])
-m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ASPRINTF])
-m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_ASPRINTF$])
-m4trace:configure.ac:84: -1- AH_OUTPUT([HAVE___SECURE_GETENV], [/* Define to 1 if you have the `__secure_getenv\' function. */
-@%:@undef HAVE___SECURE_GETENV])
-m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([HAVE___SECURE_GETENV])
-m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE___SECURE_GETENV$])
-m4trace:configure.ac:84: -1- AH_OUTPUT([HAVE_SECURE_GETENV], [/* Define to 1 if you have the `secure_getenv\' function. */
-@%:@undef HAVE_SECURE_GETENV])
-m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECURE_GETENV])
-m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_SECURE_GETENV$])
-m4trace:configure.ac:84: -1- AH_OUTPUT([HAVE_REALLOCARRAY], [/* Define to 1 if you have the `reallocarray\' function. */
-@%:@undef HAVE_REALLOCARRAY])
-m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([HAVE_REALLOCARRAY])
-m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_REALLOCARRAY$])
-m4trace:configure.ac:86: -1- AM_PROG_CC_C_O
-m4trace:configure.ac:87: -1- AC_DEFINE_TRACE_LITERAL([const])
-m4trace:configure.ac:87: -1- m4_pattern_allow([^const$])
-m4trace:configure.ac:87: -1- AH_OUTPUT([const], [/* Define to empty if `const\' does not conform to ANSI C. */
-@%:@undef const])
-m4trace:configure.ac:88: -1- AM_PROG_LIBTOOL
-m4trace:configure.ac:88: -1- _m4_warn([obsolete], [The macro `AM_PROG_LIBTOOL' is obsolete.
-You should run autoupdate.], [aclocal.m4:122: AM_PROG_LIBTOOL is expanded from...
-configure.ac:88: the top level])
-m4trace:configure.ac:88: -1- LT_INIT
-m4trace:configure.ac:88: -1- m4_pattern_forbid([^_?LT_[A-Z_]+$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])
-m4trace:configure.ac:88: -1- AC_REQUIRE_AUX_FILE([ltmain.sh])
-m4trace:configure.ac:88: -1- AC_SUBST([LIBTOOL])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([LIBTOOL])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LIBTOOL$])
-m4trace:configure.ac:88: -1- AC_CANONICAL_HOST
-m4trace:configure.ac:88: -1- AC_CANONICAL_BUILD
-m4trace:configure.ac:88: -1- AC_REQUIRE_AUX_FILE([config.sub])
-m4trace:configure.ac:88: -1- AC_REQUIRE_AUX_FILE([config.guess])
-m4trace:configure.ac:88: -1- AC_SUBST([build], [$ac_cv_build])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([build])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^build$])
-m4trace:configure.ac:88: -1- AC_SUBST([build_cpu], [$[1]])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([build_cpu])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^build_cpu$])
-m4trace:configure.ac:88: -1- AC_SUBST([build_vendor], [$[2]])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([build_vendor])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^build_vendor$])
-m4trace:configure.ac:88: -1- AC_SUBST([build_os])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([build_os])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^build_os$])
-m4trace:configure.ac:88: -1- AC_SUBST([host], [$ac_cv_host])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([host])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^host$])
-m4trace:configure.ac:88: -1- AC_SUBST([host_cpu], [$[1]])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([host_cpu])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^host_cpu$])
-m4trace:configure.ac:88: -1- AC_SUBST([host_vendor], [$[2]])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([host_vendor])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^host_vendor$])
-m4trace:configure.ac:88: -1- AC_SUBST([host_os])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([host_os])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^host_os$])
-m4trace:configure.ac:88: -1- AC_SUBST([SED])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([SED])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^SED$])
-m4trace:configure.ac:88: -1- AC_SUBST([FGREP])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([FGREP])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^FGREP$])
-m4trace:configure.ac:88: -1- AC_SUBST([GREP])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([GREP])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^GREP$])
-m4trace:configure.ac:88: -1- AC_SUBST([LD])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([LD])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LD$])
-m4trace:configure.ac:88: -1- AC_SUBST([DUMPBIN])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([DUMPBIN])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^DUMPBIN$])
-m4trace:configure.ac:88: -1- AC_SUBST([ac_ct_DUMPBIN])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([ac_ct_DUMPBIN])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^ac_ct_DUMPBIN$])
-m4trace:configure.ac:88: -1- AC_SUBST([DUMPBIN])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([DUMPBIN])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^DUMPBIN$])
-m4trace:configure.ac:88: -1- AC_SUBST([NM])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([NM])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^NM$])
-m4trace:configure.ac:88: -1- AC_SUBST([LN_S], [$as_ln_s])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([LN_S])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LN_S$])
-m4trace:configure.ac:88: -1- AC_SUBST([OBJDUMP])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([OBJDUMP])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^OBJDUMP$])
-m4trace:configure.ac:88: -1- AC_SUBST([OBJDUMP])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([OBJDUMP])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^OBJDUMP$])
-m4trace:configure.ac:88: -1- AC_SUBST([DLLTOOL])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([DLLTOOL])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^DLLTOOL$])
-m4trace:configure.ac:88: -1- AC_SUBST([DLLTOOL])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([DLLTOOL])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^DLLTOOL$])
-m4trace:configure.ac:88: -1- AC_SUBST([AR])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([AR])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^AR$])
-m4trace:configure.ac:88: -1- AC_SUBST([ac_ct_AR])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([ac_ct_AR])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^ac_ct_AR$])
-m4trace:configure.ac:88: -1- AC_SUBST([STRIP])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([STRIP])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^STRIP$])
-m4trace:configure.ac:88: -1- AC_SUBST([RANLIB])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([RANLIB])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^RANLIB$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([LT_OBJDIR])
-m4trace:configure.ac:88: -1- AC_DEFINE_TRACE_LITERAL([LT_OBJDIR])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LT_OBJDIR$])
-m4trace:configure.ac:88: -1- AH_OUTPUT([LT_OBJDIR], [/* Define to the sub-directory where libtool stores uninstalled libraries. */
-@%:@undef LT_OBJDIR])
-m4trace:configure.ac:88: -1- LT_SUPPORTED_TAG([CC])
-m4trace:configure.ac:88: -1- AC_SUBST([MANIFEST_TOOL])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([MANIFEST_TOOL])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^MANIFEST_TOOL$])
-m4trace:configure.ac:88: -1- AC_SUBST([DSYMUTIL])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([DSYMUTIL])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^DSYMUTIL$])
-m4trace:configure.ac:88: -1- AC_SUBST([NMEDIT])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([NMEDIT])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^NMEDIT$])
-m4trace:configure.ac:88: -1- AC_SUBST([LIPO])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([LIPO])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LIPO$])
-m4trace:configure.ac:88: -1- AC_SUBST([OTOOL])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([OTOOL])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^OTOOL$])
-m4trace:configure.ac:88: -1- AC_SUBST([OTOOL64])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([OTOOL64])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^OTOOL64$])
-m4trace:configure.ac:88: -1- AC_SUBST([LT_SYS_LIBRARY_PATH])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([LT_SYS_LIBRARY_PATH])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LT_SYS_LIBRARY_PATH$])
-m4trace:configure.ac:88: -1- AH_OUTPUT([HAVE_DLFCN_H], [/* Define to 1 if you have the <dlfcn.h> header file. */
-@%:@undef HAVE_DLFCN_H])
-m4trace:configure.ac:88: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DLFCN_H])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^HAVE_DLFCN_H$])
-m4trace:configure.ac:90: -1- _m4_warn([obsolete], [The macro `AC_PROG_CC_C99' is obsolete.
-You should run autoupdate.], [./lib/autoconf/c.m4:1659: AC_PROG_CC_C99 is expanded from...
-configure.ac:90: the top level])
-m4trace:configure.ac:95: -1- AC_CONFIG_FILES([Makefile
-doc/Makefile
-src/Makefile
-swig/Makefile
-swig/perl/Makefile
-swig/perl/Makefile.PL
-swig/python/Makefile
-swig/python/setup.py
-swig/python/test/Makefile
-swig/ruby/Makefile
-testsuite/Makefile
-testsuite/config/Makefile
-testsuite/libaalogparse.test/Makefile
-testsuite/lib/Makefile
-include/Makefile
-include/sys/Makefile
-])
-m4trace:configure.ac:95: -1- _m4_warn([obsolete], [AC_OUTPUT should be used without arguments.
-You should run autoupdate.], [])
-m4trace:configure.ac:95: -1- AC_SUBST([LIB@&t@OBJS], [$ac_libobjs])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
-m4trace:configure.ac:95: -1- m4_pattern_allow([^LIB@&t@OBJS$])
-m4trace:configure.ac:95: -1- AC_SUBST([LTLIBOBJS], [$ac_ltlibobjs])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([LTLIBOBJS])
-m4trace:configure.ac:95: -1- m4_pattern_allow([^LTLIBOBJS$])
-m4trace:configure.ac:95: -1- AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])
-m4trace:configure.ac:95: -1- AC_SUBST([am__EXEEXT_TRUE])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([am__EXEEXT_TRUE])
-m4trace:configure.ac:95: -1- m4_pattern_allow([^am__EXEEXT_TRUE$])
-m4trace:configure.ac:95: -1- AC_SUBST([am__EXEEXT_FALSE])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([am__EXEEXT_FALSE])
-m4trace:configure.ac:95: -1- m4_pattern_allow([^am__EXEEXT_FALSE$])
-m4trace:configure.ac:95: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_TRUE])
-m4trace:configure.ac:95: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_FALSE])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([top_builddir])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([top_build_prefix])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([srcdir])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([abs_srcdir])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([top_srcdir])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([abs_top_srcdir])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([builddir])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([abs_builddir])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([abs_top_builddir])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([INSTALL])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([MKDIR_P])
-m4trace:configure.ac:95: -1- AC_REQUIRE_AUX_FILE([ltmain.sh])
diff --git a/libraries/libapparmor/autom4te.cache/traces.2 b/libraries/libapparmor/autom4te.cache/traces.2
deleted file mode 100644
index 50db8200f6ccea9590172598a0bf955f41d0f080..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/autom4te.cache/traces.2
+++ /dev/null
@@ -1,745 +0,0 @@
-m4trace:aclocal.m4:10047: -1- AC_SUBST([am__quote])
-m4trace:aclocal.m4:10047: -1- AC_SUBST_TRACE([am__quote])
-m4trace:aclocal.m4:10047: -1- m4_pattern_allow([^am__quote$])
-m4trace:configure.ac:1: -2- m4_sinclude([common/Version])
-m4trace:configure.ac:2: -3- m4_sinclude([../../common/Version])
-m4trace:configure.ac:6: -1- AC_INIT([configure.ac])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([^_?A[CHUM]_])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([_AC_])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([^LIBOBJS$], [do not use LIBOBJS directly, use AC_LIBOBJ (see section `AC_LIBOBJ vs LIBOBJS'])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^AS_FLAGS$])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([^_?m4_])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([^dnl$])
-m4trace:configure.ac:6: -1- m4_pattern_forbid([^_?AS_])
-m4trace:configure.ac:6: -1- AC_SUBST([SHELL])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([SHELL])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^SHELL$])
-m4trace:configure.ac:6: -1- AC_SUBST([PATH_SEPARATOR])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PATH_SEPARATOR])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PATH_SEPARATOR$])
-m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_NAME], [m4_ifdef([AC_PACKAGE_NAME], ['AC_PACKAGE_NAME'])])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_NAME])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_NAME$])
-m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_TARNAME], [m4_ifdef([AC_PACKAGE_TARNAME], ['AC_PACKAGE_TARNAME'])])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_TARNAME])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
-m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_VERSION], [m4_ifdef([AC_PACKAGE_VERSION], ['AC_PACKAGE_VERSION'])])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_VERSION])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_VERSION$])
-m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_STRING], [m4_ifdef([AC_PACKAGE_STRING], ['AC_PACKAGE_STRING'])])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_STRING])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_STRING$])
-m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_BUGREPORT], [m4_ifdef([AC_PACKAGE_BUGREPORT], ['AC_PACKAGE_BUGREPORT'])])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_BUGREPORT])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
-m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_URL], [m4_ifdef([AC_PACKAGE_URL], ['AC_PACKAGE_URL'])])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_URL])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_URL$])
-m4trace:configure.ac:6: -1- AC_SUBST([exec_prefix], [NONE])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([exec_prefix])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^exec_prefix$])
-m4trace:configure.ac:6: -1- AC_SUBST([prefix], [NONE])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([prefix])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^prefix$])
-m4trace:configure.ac:6: -1- AC_SUBST([program_transform_name], [s,x,x,])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([program_transform_name])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^program_transform_name$])
-m4trace:configure.ac:6: -1- AC_SUBST([bindir], ['${exec_prefix}/bin'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([bindir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^bindir$])
-m4trace:configure.ac:6: -1- AC_SUBST([sbindir], ['${exec_prefix}/sbin'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([sbindir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^sbindir$])
-m4trace:configure.ac:6: -1- AC_SUBST([libexecdir], ['${exec_prefix}/libexec'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([libexecdir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^libexecdir$])
-m4trace:configure.ac:6: -1- AC_SUBST([datarootdir], ['${prefix}/share'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([datarootdir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^datarootdir$])
-m4trace:configure.ac:6: -1- AC_SUBST([datadir], ['${datarootdir}'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([datadir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^datadir$])
-m4trace:configure.ac:6: -1- AC_SUBST([sysconfdir], ['${prefix}/etc'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([sysconfdir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^sysconfdir$])
-m4trace:configure.ac:6: -1- AC_SUBST([sharedstatedir], ['${prefix}/com'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([sharedstatedir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^sharedstatedir$])
-m4trace:configure.ac:6: -1- AC_SUBST([localstatedir], ['${prefix}/var'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([localstatedir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^localstatedir$])
-m4trace:configure.ac:6: -1- AC_SUBST([runstatedir], ['${localstatedir}/run'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([runstatedir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^runstatedir$])
-m4trace:configure.ac:6: -1- AC_SUBST([includedir], ['${prefix}/include'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([includedir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^includedir$])
-m4trace:configure.ac:6: -1- AC_SUBST([oldincludedir], ['/usr/include'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([oldincludedir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^oldincludedir$])
-m4trace:configure.ac:6: -1- AC_SUBST([docdir], [m4_ifset([AC_PACKAGE_TARNAME],
- ['${datarootdir}/doc/${PACKAGE_TARNAME}'],
- ['${datarootdir}/doc/${PACKAGE}'])])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([docdir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^docdir$])
-m4trace:configure.ac:6: -1- AC_SUBST([infodir], ['${datarootdir}/info'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([infodir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^infodir$])
-m4trace:configure.ac:6: -1- AC_SUBST([htmldir], ['${docdir}'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([htmldir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^htmldir$])
-m4trace:configure.ac:6: -1- AC_SUBST([dvidir], ['${docdir}'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([dvidir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^dvidir$])
-m4trace:configure.ac:6: -1- AC_SUBST([pdfdir], ['${docdir}'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([pdfdir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^pdfdir$])
-m4trace:configure.ac:6: -1- AC_SUBST([psdir], ['${docdir}'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([psdir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^psdir$])
-m4trace:configure.ac:6: -1- AC_SUBST([libdir], ['${exec_prefix}/lib'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([libdir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^libdir$])
-m4trace:configure.ac:6: -1- AC_SUBST([localedir], ['${datarootdir}/locale'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([localedir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^localedir$])
-m4trace:configure.ac:6: -1- AC_SUBST([mandir], ['${datarootdir}/man'])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([mandir])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^mandir$])
-m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_NAME])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_NAME$])
-m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_NAME], [/* Define to the full name of this package. */
-@%:@undef PACKAGE_NAME])
-m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_TARNAME])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
-m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_TARNAME], [/* Define to the one symbol short name of this package. */
-@%:@undef PACKAGE_TARNAME])
-m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_VERSION])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_VERSION$])
-m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_VERSION], [/* Define to the version of this package. */
-@%:@undef PACKAGE_VERSION])
-m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_STRING])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_STRING$])
-m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_STRING], [/* Define to the full name and version of this package. */
-@%:@undef PACKAGE_STRING])
-m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_BUGREPORT])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
-m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_BUGREPORT], [/* Define to the address where bug reports for this package should be sent. */
-@%:@undef PACKAGE_BUGREPORT])
-m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_URL])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_URL$])
-m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_URL], [/* Define to the home page for this package. */
-@%:@undef PACKAGE_URL])
-m4trace:configure.ac:6: -1- AC_SUBST([DEFS])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([DEFS])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^DEFS$])
-m4trace:configure.ac:6: -1- AC_SUBST([ECHO_C])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([ECHO_C])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^ECHO_C$])
-m4trace:configure.ac:6: -1- AC_SUBST([ECHO_N])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([ECHO_N])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^ECHO_N$])
-m4trace:configure.ac:6: -1- AC_SUBST([ECHO_T])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([ECHO_T])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^ECHO_T$])
-m4trace:configure.ac:6: -1- AC_SUBST([LIBS])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([LIBS])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^LIBS$])
-m4trace:configure.ac:6: -1- AC_SUBST([build_alias])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([build_alias])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^build_alias$])
-m4trace:configure.ac:6: -1- AC_SUBST([host_alias])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([host_alias])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^host_alias$])
-m4trace:configure.ac:6: -1- AC_SUBST([target_alias])
-m4trace:configure.ac:6: -1- AC_SUBST_TRACE([target_alias])
-m4trace:configure.ac:6: -1- m4_pattern_allow([^target_alias$])
-m4trace:configure.ac:8: -1- AM_INIT_AUTOMAKE([libapparmor1], [3.1.7])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_[A-Z]+FLAGS$])
-m4trace:configure.ac:8: -1- AM_AUTOMAKE_VERSION([1.16.5])
-m4trace:configure.ac:8: -1- AC_REQUIRE_AUX_FILE([install-sh])
-m4trace:configure.ac:8: -1- AC_SUBST([INSTALL_PROGRAM])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([INSTALL_PROGRAM])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_PROGRAM$])
-m4trace:configure.ac:8: -1- AC_SUBST([INSTALL_SCRIPT])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([INSTALL_SCRIPT])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_SCRIPT$])
-m4trace:configure.ac:8: -1- AC_SUBST([INSTALL_DATA])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([INSTALL_DATA])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_DATA$])
-m4trace:configure.ac:8: -1- AC_SUBST([am__isrc], [' -I$(srcdir)'])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([am__isrc])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^am__isrc$])
-m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([am__isrc])
-m4trace:configure.ac:8: -1- AC_SUBST([CYGPATH_W])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([CYGPATH_W])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^CYGPATH_W$])
-m4trace:configure.ac:8: -1- _m4_warn([obsolete], [AM_INIT_AUTOMAKE: two- and three-arguments forms are deprecated.], [./lib/autoconf/general.m4:2434: AC_DIAGNOSE is expanded from...
-aclocal.m4:9759: AM_INIT_AUTOMAKE is expanded from...
-configure.ac:8: the top level])
-m4trace:configure.ac:8: -1- AC_SUBST([PACKAGE], [libapparmor1])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([PACKAGE])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^PACKAGE$])
-m4trace:configure.ac:8: -1- AC_SUBST([VERSION], [3.1.7])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([VERSION])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^VERSION$])
-m4trace:configure.ac:8: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^PACKAGE$])
-m4trace:configure.ac:8: -1- AH_OUTPUT([PACKAGE], [/* Name of package */
-@%:@undef PACKAGE])
-m4trace:configure.ac:8: -1- AC_DEFINE_TRACE_LITERAL([VERSION])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^VERSION$])
-m4trace:configure.ac:8: -1- AH_OUTPUT([VERSION], [/* Version number of package */
-@%:@undef VERSION])
-m4trace:configure.ac:8: -1- AC_REQUIRE_AUX_FILE([missing])
-m4trace:configure.ac:8: -1- AC_SUBST([ACLOCAL])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([ACLOCAL])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^ACLOCAL$])
-m4trace:configure.ac:8: -1- AC_SUBST([AUTOCONF])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AUTOCONF])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AUTOCONF$])
-m4trace:configure.ac:8: -1- AC_SUBST([AUTOMAKE])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AUTOMAKE])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AUTOMAKE$])
-m4trace:configure.ac:8: -1- AC_SUBST([AUTOHEADER])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AUTOHEADER])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AUTOHEADER$])
-m4trace:configure.ac:8: -1- AC_SUBST([MAKEINFO])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([MAKEINFO])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^MAKEINFO$])
-m4trace:configure.ac:8: -1- AC_SUBST([install_sh])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([install_sh])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^install_sh$])
-m4trace:configure.ac:8: -1- AC_SUBST([STRIP])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([STRIP])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^STRIP$])
-m4trace:configure.ac:8: -1- AC_SUBST([INSTALL_STRIP_PROGRAM])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([INSTALL_STRIP_PROGRAM])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_STRIP_PROGRAM$])
-m4trace:configure.ac:8: -1- AC_REQUIRE_AUX_FILE([install-sh])
-m4trace:configure.ac:8: -1- AC_SUBST([MKDIR_P])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([MKDIR_P])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^MKDIR_P$])
-m4trace:configure.ac:8: -1- AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([mkdir_p])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^mkdir_p$])
-m4trace:configure.ac:8: -1- AC_SUBST([AWK])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AWK])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AWK$])
-m4trace:configure.ac:8: -1- AC_SUBST([SET_MAKE])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([SET_MAKE])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^SET_MAKE$])
-m4trace:configure.ac:8: -1- AC_SUBST([am__leading_dot])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([am__leading_dot])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^am__leading_dot$])
-m4trace:configure.ac:8: -1- AC_SUBST([AMTAR], ['$${TAR-tar}'])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AMTAR])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AMTAR$])
-m4trace:configure.ac:8: -1- AC_SUBST([am__tar])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([am__tar])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^am__tar$])
-m4trace:configure.ac:8: -1- AC_SUBST([am__untar])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([am__untar])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^am__untar$])
-m4trace:configure.ac:8: -1- AC_SUBST([CTAGS])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([CTAGS])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^CTAGS$])
-m4trace:configure.ac:8: -1- AC_SUBST([ETAGS])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([ETAGS])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^ETAGS$])
-m4trace:configure.ac:8: -1- AC_SUBST([CSCOPE])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([CSCOPE])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^CSCOPE$])
-m4trace:configure.ac:8: -1- AM_SILENT_RULES
-m4trace:configure.ac:8: -1- AC_SUBST([AM_V])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AM_V])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_V$])
-m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([AM_V])
-m4trace:configure.ac:8: -1- AC_SUBST([AM_DEFAULT_V])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AM_DEFAULT_V])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_DEFAULT_V$])
-m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([AM_DEFAULT_V])
-m4trace:configure.ac:8: -1- AC_SUBST([AM_DEFAULT_VERBOSITY])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AM_DEFAULT_VERBOSITY])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_DEFAULT_VERBOSITY$])
-m4trace:configure.ac:8: -1- AC_SUBST([AM_BACKSLASH])
-m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AM_BACKSLASH])
-m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_BACKSLASH$])
-m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([AM_BACKSLASH])
-m4trace:configure.ac:10: -1- _m4_warn([obsolete], [AC_PROG_LEX without either yywrap or noyywrap is obsolete], [./lib/autoconf/programs.m4:716: _AC_PROG_LEX is expanded from...
-./lib/autoconf/programs.m4:709: AC_PROG_LEX is expanded from...
-aclocal.m4:9998: AM_PROG_LEX is expanded from...
-configure.ac:10: the top level])
-m4trace:configure.ac:10: -1- AC_SUBST([LEX])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LEX])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^LEX$])
-m4trace:configure.ac:10: -1- AC_SUBST([LEX_OUTPUT_ROOT], [$ac_cv_prog_lex_root])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LEX_OUTPUT_ROOT])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^LEX_OUTPUT_ROOT$])
-m4trace:configure.ac:10: -1- AC_SUBST([CC])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- AC_SUBST([CFLAGS])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CFLAGS])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CFLAGS$])
-m4trace:configure.ac:10: -1- AC_SUBST([LDFLAGS])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LDFLAGS])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^LDFLAGS$])
-m4trace:configure.ac:10: -1- AC_SUBST([LIBS])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LIBS])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^LIBS$])
-m4trace:configure.ac:10: -1- AC_SUBST([CPPFLAGS])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CPPFLAGS])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CPPFLAGS$])
-m4trace:configure.ac:10: -1- AC_SUBST([CC])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- AC_SUBST([CC])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- AC_SUBST([CC])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- AC_SUBST([CC])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- AC_SUBST([ac_ct_CC])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([ac_ct_CC])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^ac_ct_CC$])
-m4trace:configure.ac:10: -1- AC_SUBST([CC])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
-m4trace:configure.ac:10: -1- AC_SUBST([EXEEXT], [$ac_cv_exeext])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([EXEEXT])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^EXEEXT$])
-m4trace:configure.ac:10: -1- AC_SUBST([OBJEXT], [$ac_cv_objext])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OBJEXT])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^OBJEXT$])
-m4trace:configure.ac:10: -1- AC_REQUIRE_AUX_FILE([compile])
-m4trace:configure.ac:10: -1- AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DEPDIR])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^DEPDIR$])
-m4trace:configure.ac:10: -1- AC_SUBST([am__include])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__include])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^am__include$])
-m4trace:configure.ac:10: -1- AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
-m4trace:configure.ac:10: -1- AC_SUBST([AMDEP_TRUE])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEP_TRUE])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEP_TRUE$])
-m4trace:configure.ac:10: -1- AC_SUBST([AMDEP_FALSE])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEP_FALSE])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEP_FALSE$])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEP_TRUE])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEP_FALSE])
-m4trace:configure.ac:10: -1- AC_SUBST([AMDEPBACKSLASH])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEPBACKSLASH])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEPBACKSLASH$])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])
-m4trace:configure.ac:10: -1- AC_SUBST([am__nodep])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__nodep])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^am__nodep$])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__nodep])
-m4trace:configure.ac:10: -1- AC_SUBST([CCDEPMODE], [depmode=$am_cv_CC_dependencies_compiler_type])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CCDEPMODE])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^CCDEPMODE$])
-m4trace:configure.ac:10: -1- AM_CONDITIONAL([am__fastdepCC], [
- test "x$enable_dependency_tracking" != xno \
- && test "$am_cv_CC_dependencies_compiler_type" = gcc3])
-m4trace:configure.ac:10: -1- AC_SUBST([am__fastdepCC_TRUE])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__fastdepCC_TRUE])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^am__fastdepCC_TRUE$])
-m4trace:configure.ac:10: -1- AC_SUBST([am__fastdepCC_FALSE])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__fastdepCC_FALSE])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^am__fastdepCC_FALSE$])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_TRUE])
-m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_FALSE])
-m4trace:configure.ac:10: -1- AC_SUBST([LEXLIB])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LEXLIB])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^LEXLIB$])
-m4trace:configure.ac:10: -1- AC_DEFINE_TRACE_LITERAL([YYTEXT_POINTER])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^YYTEXT_POINTER$])
-m4trace:configure.ac:10: -1- AH_OUTPUT([YYTEXT_POINTER], [/* Define to 1 if `lex\' declares `yytext\' as a `char *\' by default, not a
- `char@<:@@:>@\'. */
-@%:@undef YYTEXT_POINTER])
-m4trace:configure.ac:11: -1- AC_SUBST([YACC])
-m4trace:configure.ac:11: -1- AC_SUBST_TRACE([YACC])
-m4trace:configure.ac:11: -1- m4_pattern_allow([^YACC$])
-m4trace:configure.ac:11: -1- AC_SUBST([YACC])
-m4trace:configure.ac:11: -1- AC_SUBST_TRACE([YACC])
-m4trace:configure.ac:11: -1- m4_pattern_allow([^YACC$])
-m4trace:configure.ac:11: -1- AC_SUBST([YFLAGS])
-m4trace:configure.ac:11: -1- AC_SUBST_TRACE([YFLAGS])
-m4trace:configure.ac:11: -1- m4_pattern_allow([^YFLAGS$])
-m4trace:configure.ac:12: -1- AC_SUBST([SED])
-m4trace:configure.ac:12: -1- AC_SUBST_TRACE([SED])
-m4trace:configure.ac:12: -1- m4_pattern_allow([^SED$])
-m4trace:configure.ac:13: -1- m4_pattern_forbid([^_?PKG_[A-Z_]+$])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
-m4trace:configure.ac:13: -1- AC_SUBST([PKG_CONFIG])
-m4trace:configure.ac:13: -1- AC_SUBST_TRACE([PKG_CONFIG])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG$])
-m4trace:configure.ac:13: -1- AC_SUBST([PKG_CONFIG_PATH])
-m4trace:configure.ac:13: -1- AC_SUBST_TRACE([PKG_CONFIG_PATH])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG_PATH$])
-m4trace:configure.ac:13: -1- AC_SUBST([PKG_CONFIG_LIBDIR])
-m4trace:configure.ac:13: -1- AC_SUBST_TRACE([PKG_CONFIG_LIBDIR])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG_LIBDIR$])
-m4trace:configure.ac:13: -1- AC_SUBST([PKG_CONFIG])
-m4trace:configure.ac:13: -1- AC_SUBST_TRACE([PKG_CONFIG])
-m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG$])
-m4trace:configure.ac:15: -1- AC_SUBST([SWIG])
-m4trace:configure.ac:15: -1- AC_SUBST_TRACE([SWIG])
-m4trace:configure.ac:15: -1- m4_pattern_allow([^SWIG$])
-m4trace:configure.ac:23: -1- AC_DEFINE_TRACE_LITERAL([ENABLE_DEBUG_OUTPUT])
-m4trace:configure.ac:23: -1- m4_pattern_allow([^ENABLE_DEBUG_OUTPUT$])
-m4trace:configure.ac:23: -1- AH_OUTPUT([ENABLE_DEBUG_OUTPUT], [/* debug output */
-@%:@undef ENABLE_DEBUG_OUTPUT])
-m4trace:configure.ac:32: -1- sinclude([m4/ac_podchecker.m4])
-m4trace:configure.ac:33: -1- AC_SUBST([PODCHECKER])
-m4trace:configure.ac:33: -1- AC_SUBST_TRACE([PODCHECKER])
-m4trace:configure.ac:33: -1- m4_pattern_allow([^PODCHECKER$])
-m4trace:configure.ac:35: -1- sinclude([m4/ac_pod2man.m4])
-m4trace:configure.ac:36: -1- AC_SUBST([POD2MAN])
-m4trace:configure.ac:36: -1- AC_SUBST_TRACE([POD2MAN])
-m4trace:configure.ac:36: -1- m4_pattern_allow([^POD2MAN$])
-m4trace:configure.ac:45: -1- AC_SUBST([PYTHON])
-m4trace:configure.ac:45: -1- AC_SUBST_TRACE([PYTHON])
-m4trace:configure.ac:45: -1- m4_pattern_allow([^PYTHON$])
-m4trace:configure.ac:47: -1- sinclude([m4/ac_python_devel.m4])
-m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_VERSION])
-m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_VERSION])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_VERSION$])
-m4trace:configure.ac:48: -1- AC_SUBST([PYTHON])
-m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON$])
-m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_CONFIG])
-m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_CONFIG])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_CONFIG$])
-m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_CPPFLAGS])
-m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_CPPFLAGS])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_CPPFLAGS$])
-m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_LDFLAGS])
-m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_LDFLAGS])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_LDFLAGS$])
-m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_SITE_PKG])
-m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_SITE_PKG])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_SITE_PKG$])
-m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_EXTRA_LIBS])
-m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_EXTRA_LIBS])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_EXTRA_LIBS$])
-m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_EXTRA_LDFLAGS])
-m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_EXTRA_LDFLAGS])
-m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_EXTRA_LDFLAGS$])
-m4trace:configure.ac:48: -1- _m4_warn([obsolete], [The macro `AC_TRY_LINK' is obsolete.
-You should run autoupdate.], [./lib/autoconf/general.m4:2920: AC_TRY_LINK is expanded from...
-m4/ac_python_devel.m4:1: AC_PYTHON_DEVEL is expanded from...
-configure.ac:48: the top level])
-m4trace:configure.ac:49: -1- AC_SUBST([PYTHON])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON$])
-m4trace:configure.ac:49: -1- AC_SUBST([PYTHON])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON$])
-m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_VERSION], [$am_cv_python_version])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON_VERSION])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_VERSION$])
-m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON_PLATFORM])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_PLATFORM$])
-m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_PREFIX], [$am_python_prefix_subst])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON_PREFIX])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_PREFIX$])
-m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_EXEC_PREFIX], [$am_python_exec_prefix_subst])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON_EXEC_PREFIX])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_EXEC_PREFIX$])
-m4trace:configure.ac:49: -1- AC_SUBST([pythondir], [$am_cv_python_pythondir])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([pythondir])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^pythondir$])
-m4trace:configure.ac:49: -1- AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([pkgpythondir])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^pkgpythondir$])
-m4trace:configure.ac:49: -1- AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([pyexecdir])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^pyexecdir$])
-m4trace:configure.ac:49: -1- AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([pkgpyexecdir])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^pkgpyexecdir$])
-m4trace:configure.ac:58: -1- AC_SUBST([PERL])
-m4trace:configure.ac:58: -1- AC_SUBST_TRACE([PERL])
-m4trace:configure.ac:58: -1- m4_pattern_allow([^PERL$])
-m4trace:configure.ac:71: -1- AC_SUBST([RUBY])
-m4trace:configure.ac:71: -1- AC_SUBST_TRACE([RUBY])
-m4trace:configure.ac:71: -1- m4_pattern_allow([^RUBY$])
-m4trace:configure.ac:76: -1- AM_CONDITIONAL([ENABLE_MAN_PAGES], [test x$enable_man_pages = xyes])
-m4trace:configure.ac:76: -1- AC_SUBST([ENABLE_MAN_PAGES_TRUE])
-m4trace:configure.ac:76: -1- AC_SUBST_TRACE([ENABLE_MAN_PAGES_TRUE])
-m4trace:configure.ac:76: -1- m4_pattern_allow([^ENABLE_MAN_PAGES_TRUE$])
-m4trace:configure.ac:76: -1- AC_SUBST([ENABLE_MAN_PAGES_FALSE])
-m4trace:configure.ac:76: -1- AC_SUBST_TRACE([ENABLE_MAN_PAGES_FALSE])
-m4trace:configure.ac:76: -1- m4_pattern_allow([^ENABLE_MAN_PAGES_FALSE$])
-m4trace:configure.ac:76: -1- _AM_SUBST_NOTMAKE([ENABLE_MAN_PAGES_TRUE])
-m4trace:configure.ac:76: -1- _AM_SUBST_NOTMAKE([ENABLE_MAN_PAGES_FALSE])
-m4trace:configure.ac:77: -1- AM_CONDITIONAL([HAVE_PYTHON], [test x$with_python = xyes])
-m4trace:configure.ac:77: -1- AC_SUBST([HAVE_PYTHON_TRUE])
-m4trace:configure.ac:77: -1- AC_SUBST_TRACE([HAVE_PYTHON_TRUE])
-m4trace:configure.ac:77: -1- m4_pattern_allow([^HAVE_PYTHON_TRUE$])
-m4trace:configure.ac:77: -1- AC_SUBST([HAVE_PYTHON_FALSE])
-m4trace:configure.ac:77: -1- AC_SUBST_TRACE([HAVE_PYTHON_FALSE])
-m4trace:configure.ac:77: -1- m4_pattern_allow([^HAVE_PYTHON_FALSE$])
-m4trace:configure.ac:77: -1- _AM_SUBST_NOTMAKE([HAVE_PYTHON_TRUE])
-m4trace:configure.ac:77: -1- _AM_SUBST_NOTMAKE([HAVE_PYTHON_FALSE])
-m4trace:configure.ac:78: -1- AM_CONDITIONAL([HAVE_PERL], [test x$with_perl = xyes])
-m4trace:configure.ac:78: -1- AC_SUBST([HAVE_PERL_TRUE])
-m4trace:configure.ac:78: -1- AC_SUBST_TRACE([HAVE_PERL_TRUE])
-m4trace:configure.ac:78: -1- m4_pattern_allow([^HAVE_PERL_TRUE$])
-m4trace:configure.ac:78: -1- AC_SUBST([HAVE_PERL_FALSE])
-m4trace:configure.ac:78: -1- AC_SUBST_TRACE([HAVE_PERL_FALSE])
-m4trace:configure.ac:78: -1- m4_pattern_allow([^HAVE_PERL_FALSE$])
-m4trace:configure.ac:78: -1- _AM_SUBST_NOTMAKE([HAVE_PERL_TRUE])
-m4trace:configure.ac:78: -1- _AM_SUBST_NOTMAKE([HAVE_PERL_FALSE])
-m4trace:configure.ac:79: -1- AM_CONDITIONAL([HAVE_RUBY], [test x$with_ruby = xyes])
-m4trace:configure.ac:79: -1- AC_SUBST([HAVE_RUBY_TRUE])
-m4trace:configure.ac:79: -1- AC_SUBST_TRACE([HAVE_RUBY_TRUE])
-m4trace:configure.ac:79: -1- m4_pattern_allow([^HAVE_RUBY_TRUE$])
-m4trace:configure.ac:79: -1- AC_SUBST([HAVE_RUBY_FALSE])
-m4trace:configure.ac:79: -1- AC_SUBST_TRACE([HAVE_RUBY_FALSE])
-m4trace:configure.ac:79: -1- m4_pattern_allow([^HAVE_RUBY_FALSE$])
-m4trace:configure.ac:79: -1- _AM_SUBST_NOTMAKE([HAVE_RUBY_TRUE])
-m4trace:configure.ac:79: -1- _AM_SUBST_NOTMAKE([HAVE_RUBY_FALSE])
-m4trace:configure.ac:81: -1- _m4_warn([obsolete], [The macro `AC_HEADER_STDC' is obsolete.
-You should run autoupdate.], [./lib/autoconf/headers.m4:704: AC_HEADER_STDC is expanded from...
-configure.ac:81: the top level])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STDIO_H], [/* Define to 1 if you have the <stdio.h> header file. */
-@%:@undef HAVE_STDIO_H])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
-@%:@undef HAVE_STDLIB_H])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
-@%:@undef HAVE_STRING_H])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
-@%:@undef HAVE_INTTYPES_H])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
-@%:@undef HAVE_STDINT_H])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
-@%:@undef HAVE_STRINGS_H])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
-@%:@undef HAVE_SYS_STAT_H])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */
-@%:@undef HAVE_SYS_TYPES_H])
-m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
-@%:@undef HAVE_UNISTD_H])
-m4trace:configure.ac:81: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
-m4trace:configure.ac:81: -1- m4_pattern_allow([^STDC_HEADERS$])
-m4trace:configure.ac:81: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if all of the C90 standard headers exist (not just the ones
- required in a freestanding environment). This macro is provided for
- backward compatibility; new code need not use it. */
-@%:@undef STDC_HEADERS])
-m4trace:configure.ac:81: -1- AC_SUBST([GREP])
-m4trace:configure.ac:81: -1- AC_SUBST_TRACE([GREP])
-m4trace:configure.ac:81: -1- m4_pattern_allow([^GREP$])
-m4trace:configure.ac:81: -1- AC_SUBST([EGREP])
-m4trace:configure.ac:81: -1- AC_SUBST_TRACE([EGREP])
-m4trace:configure.ac:81: -1- m4_pattern_allow([^EGREP$])
-m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
-@%:@undef HAVE_UNISTD_H])
-m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UNISTD_H])
-m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_UNISTD_H$])
-m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
-@%:@undef HAVE_STDINT_H])
-m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDINT_H])
-m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_STDINT_H$])
-m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_SYSLOG_H], [/* Define to 1 if you have the <syslog.h> header file. */
-@%:@undef HAVE_SYSLOG_H])
-m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYSLOG_H])
-m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_SYSLOG_H$])
-m4trace:configure.ac:84: -1- AH_OUTPUT([HAVE_ASPRINTF], [/* Define to 1 if you have the `asprintf\' function. */
-@%:@undef HAVE_ASPRINTF])
-m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ASPRINTF])
-m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_ASPRINTF$])
-m4trace:configure.ac:84: -1- AH_OUTPUT([HAVE___SECURE_GETENV], [/* Define to 1 if you have the `__secure_getenv\' function. */
-@%:@undef HAVE___SECURE_GETENV])
-m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([HAVE___SECURE_GETENV])
-m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE___SECURE_GETENV$])
-m4trace:configure.ac:84: -1- AH_OUTPUT([HAVE_SECURE_GETENV], [/* Define to 1 if you have the `secure_getenv\' function. */
-@%:@undef HAVE_SECURE_GETENV])
-m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECURE_GETENV])
-m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_SECURE_GETENV$])
-m4trace:configure.ac:84: -1- AH_OUTPUT([HAVE_REALLOCARRAY], [/* Define to 1 if you have the `reallocarray\' function. */
-@%:@undef HAVE_REALLOCARRAY])
-m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([HAVE_REALLOCARRAY])
-m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_REALLOCARRAY$])
-m4trace:configure.ac:86: -1- AM_PROG_CC_C_O
-m4trace:configure.ac:87: -1- AC_DEFINE_TRACE_LITERAL([const])
-m4trace:configure.ac:87: -1- m4_pattern_allow([^const$])
-m4trace:configure.ac:87: -1- AH_OUTPUT([const], [/* Define to empty if `const\' does not conform to ANSI C. */
-@%:@undef const])
-m4trace:configure.ac:88: -1- AM_PROG_LIBTOOL
-m4trace:configure.ac:88: -1- _m4_warn([obsolete], [The macro `AM_PROG_LIBTOOL' is obsolete.
-You should run autoupdate.], [aclocal.m4:122: AM_PROG_LIBTOOL is expanded from...
-configure.ac:88: the top level])
-m4trace:configure.ac:88: -1- LT_INIT
-m4trace:configure.ac:88: -1- m4_pattern_forbid([^_?LT_[A-Z_]+$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])
-m4trace:configure.ac:88: -1- AC_REQUIRE_AUX_FILE([ltmain.sh])
-m4trace:configure.ac:88: -1- AC_SUBST([LIBTOOL])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([LIBTOOL])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LIBTOOL$])
-m4trace:configure.ac:88: -1- AC_CANONICAL_HOST
-m4trace:configure.ac:88: -1- AC_CANONICAL_BUILD
-m4trace:configure.ac:88: -1- AC_REQUIRE_AUX_FILE([config.sub])
-m4trace:configure.ac:88: -1- AC_REQUIRE_AUX_FILE([config.guess])
-m4trace:configure.ac:88: -1- AC_SUBST([build], [$ac_cv_build])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([build])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^build$])
-m4trace:configure.ac:88: -1- AC_SUBST([build_cpu], [$[1]])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([build_cpu])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^build_cpu$])
-m4trace:configure.ac:88: -1- AC_SUBST([build_vendor], [$[2]])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([build_vendor])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^build_vendor$])
-m4trace:configure.ac:88: -1- AC_SUBST([build_os])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([build_os])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^build_os$])
-m4trace:configure.ac:88: -1- AC_SUBST([host], [$ac_cv_host])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([host])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^host$])
-m4trace:configure.ac:88: -1- AC_SUBST([host_cpu], [$[1]])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([host_cpu])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^host_cpu$])
-m4trace:configure.ac:88: -1- AC_SUBST([host_vendor], [$[2]])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([host_vendor])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^host_vendor$])
-m4trace:configure.ac:88: -1- AC_SUBST([host_os])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([host_os])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^host_os$])
-m4trace:configure.ac:88: -1- AC_SUBST([SED])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([SED])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^SED$])
-m4trace:configure.ac:88: -1- AC_SUBST([FGREP])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([FGREP])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^FGREP$])
-m4trace:configure.ac:88: -1- AC_SUBST([GREP])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([GREP])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^GREP$])
-m4trace:configure.ac:88: -1- AC_SUBST([LD])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([LD])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LD$])
-m4trace:configure.ac:88: -1- AC_SUBST([DUMPBIN])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([DUMPBIN])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^DUMPBIN$])
-m4trace:configure.ac:88: -1- AC_SUBST([ac_ct_DUMPBIN])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([ac_ct_DUMPBIN])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^ac_ct_DUMPBIN$])
-m4trace:configure.ac:88: -1- AC_SUBST([DUMPBIN])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([DUMPBIN])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^DUMPBIN$])
-m4trace:configure.ac:88: -1- AC_SUBST([NM])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([NM])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^NM$])
-m4trace:configure.ac:88: -1- AC_SUBST([LN_S], [$as_ln_s])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([LN_S])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LN_S$])
-m4trace:configure.ac:88: -1- AC_SUBST([OBJDUMP])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([OBJDUMP])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^OBJDUMP$])
-m4trace:configure.ac:88: -1- AC_SUBST([OBJDUMP])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([OBJDUMP])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^OBJDUMP$])
-m4trace:configure.ac:88: -1- AC_SUBST([DLLTOOL])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([DLLTOOL])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^DLLTOOL$])
-m4trace:configure.ac:88: -1- AC_SUBST([DLLTOOL])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([DLLTOOL])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^DLLTOOL$])
-m4trace:configure.ac:88: -1- AC_SUBST([AR])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([AR])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^AR$])
-m4trace:configure.ac:88: -1- AC_SUBST([ac_ct_AR])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([ac_ct_AR])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^ac_ct_AR$])
-m4trace:configure.ac:88: -1- AC_SUBST([STRIP])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([STRIP])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^STRIP$])
-m4trace:configure.ac:88: -1- AC_SUBST([RANLIB])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([RANLIB])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^RANLIB$])
-m4trace:configure.ac:88: -1- m4_pattern_allow([LT_OBJDIR])
-m4trace:configure.ac:88: -1- AC_DEFINE_TRACE_LITERAL([LT_OBJDIR])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LT_OBJDIR$])
-m4trace:configure.ac:88: -1- AH_OUTPUT([LT_OBJDIR], [/* Define to the sub-directory where libtool stores uninstalled libraries. */
-@%:@undef LT_OBJDIR])
-m4trace:configure.ac:88: -1- LT_SUPPORTED_TAG([CC])
-m4trace:configure.ac:88: -1- AC_SUBST([MANIFEST_TOOL])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([MANIFEST_TOOL])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^MANIFEST_TOOL$])
-m4trace:configure.ac:88: -1- AC_SUBST([DSYMUTIL])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([DSYMUTIL])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^DSYMUTIL$])
-m4trace:configure.ac:88: -1- AC_SUBST([NMEDIT])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([NMEDIT])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^NMEDIT$])
-m4trace:configure.ac:88: -1- AC_SUBST([LIPO])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([LIPO])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LIPO$])
-m4trace:configure.ac:88: -1- AC_SUBST([OTOOL])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([OTOOL])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^OTOOL$])
-m4trace:configure.ac:88: -1- AC_SUBST([OTOOL64])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([OTOOL64])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^OTOOL64$])
-m4trace:configure.ac:88: -1- AC_SUBST([LT_SYS_LIBRARY_PATH])
-m4trace:configure.ac:88: -1- AC_SUBST_TRACE([LT_SYS_LIBRARY_PATH])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^LT_SYS_LIBRARY_PATH$])
-m4trace:configure.ac:88: -1- AH_OUTPUT([HAVE_DLFCN_H], [/* Define to 1 if you have the <dlfcn.h> header file. */
-@%:@undef HAVE_DLFCN_H])
-m4trace:configure.ac:88: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DLFCN_H])
-m4trace:configure.ac:88: -1- m4_pattern_allow([^HAVE_DLFCN_H$])
-m4trace:configure.ac:90: -1- _m4_warn([obsolete], [The macro `AC_PROG_CC_C99' is obsolete.
-You should run autoupdate.], [./lib/autoconf/c.m4:1659: AC_PROG_CC_C99 is expanded from...
-configure.ac:90: the top level])
-m4trace:configure.ac:95: -1- AC_CONFIG_FILES([Makefile
-doc/Makefile
-src/Makefile
-swig/Makefile
-swig/perl/Makefile
-swig/perl/Makefile.PL
-swig/python/Makefile
-swig/python/setup.py
-swig/python/test/Makefile
-swig/ruby/Makefile
-testsuite/Makefile
-testsuite/config/Makefile
-testsuite/libaalogparse.test/Makefile
-testsuite/lib/Makefile
-include/Makefile
-include/sys/Makefile
-])
-m4trace:configure.ac:95: -1- _m4_warn([obsolete], [AC_OUTPUT should be used without arguments.
-You should run autoupdate.], [])
-m4trace:configure.ac:95: -1- AC_SUBST([LIB@&t@OBJS], [$ac_libobjs])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
-m4trace:configure.ac:95: -1- m4_pattern_allow([^LIB@&t@OBJS$])
-m4trace:configure.ac:95: -1- AC_SUBST([LTLIBOBJS], [$ac_ltlibobjs])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([LTLIBOBJS])
-m4trace:configure.ac:95: -1- m4_pattern_allow([^LTLIBOBJS$])
-m4trace:configure.ac:95: -1- AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])
-m4trace:configure.ac:95: -1- AC_SUBST([am__EXEEXT_TRUE])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([am__EXEEXT_TRUE])
-m4trace:configure.ac:95: -1- m4_pattern_allow([^am__EXEEXT_TRUE$])
-m4trace:configure.ac:95: -1- AC_SUBST([am__EXEEXT_FALSE])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([am__EXEEXT_FALSE])
-m4trace:configure.ac:95: -1- m4_pattern_allow([^am__EXEEXT_FALSE$])
-m4trace:configure.ac:95: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_TRUE])
-m4trace:configure.ac:95: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_FALSE])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([top_builddir])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([top_build_prefix])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([srcdir])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([abs_srcdir])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([top_srcdir])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([abs_top_srcdir])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([builddir])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([abs_builddir])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([abs_top_builddir])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([INSTALL])
-m4trace:configure.ac:95: -1- AC_SUBST_TRACE([MKDIR_P])
-m4trace:configure.ac:95: -1- AC_REQUIRE_AUX_FILE([ltmain.sh])
diff --git a/libraries/libapparmor/compile b/libraries/libapparmor/compile
deleted file mode 100755
index df363c8fbfbcbba9df21d8c9455b58c038697b61..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/compile
+++ /dev/null
@@ -1,348 +0,0 @@
-#! /bin/sh
-# Wrapper for compilers which do not understand '-c -o'.
-
-scriptversion=2018-03-07.03; # UTC
-
-# Copyright (C) 1999-2021 Free Software Foundation, Inc.
-# Written by Tom Tromey <tromey@cygnus.com>.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# This file is maintained in Automake, please report
-# bugs to <bug-automake@gnu.org> or send patches to
-# <automake-patches@gnu.org>.
-
-nl='
-'
-
-# We need space, tab and new line, in precisely that order. Quoting is
-# there to prevent tools from complaining about whitespace usage.
-IFS=" "" $nl"
-
-file_conv=
-
-# func_file_conv build_file lazy
-# Convert a $build file to $host form and store it in $file
-# Currently only supports Windows hosts. If the determined conversion
-# type is listed in (the comma separated) LAZY, no conversion will
-# take place.
-func_file_conv ()
-{
- file=$1
- case $file in
- / | /[!/]*) # absolute file, and not a UNC file
- if test -z "$file_conv"; then
- # lazily determine how to convert abs files
- case `uname -s` in
- MINGW*)
- file_conv=mingw
- ;;
- CYGWIN* | MSYS*)
- file_conv=cygwin
- ;;
- *)
- file_conv=wine
- ;;
- esac
- fi
- case $file_conv/,$2, in
- *,$file_conv,*)
- ;;
- mingw/*)
- file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
- ;;
- cygwin/* | msys/*)
- file=`cygpath -m "$file" || echo "$file"`
- ;;
- wine/*)
- file=`winepath -w "$file" || echo "$file"`
- ;;
- esac
- ;;
- esac
-}
-
-# func_cl_dashL linkdir
-# Make cl look for libraries in LINKDIR
-func_cl_dashL ()
-{
- func_file_conv "$1"
- if test -z "$lib_path"; then
- lib_path=$file
- else
- lib_path="$lib_path;$file"
- fi
- linker_opts="$linker_opts -LIBPATH:$file"
-}
-
-# func_cl_dashl library
-# Do a library search-path lookup for cl
-func_cl_dashl ()
-{
- lib=$1
- found=no
- save_IFS=$IFS
- IFS=';'
- for dir in $lib_path $LIB
- do
- IFS=$save_IFS
- if $shared && test -f "$dir/$lib.dll.lib"; then
- found=yes
- lib=$dir/$lib.dll.lib
- break
- fi
- if test -f "$dir/$lib.lib"; then
- found=yes
- lib=$dir/$lib.lib
- break
- fi
- if test -f "$dir/lib$lib.a"; then
- found=yes
- lib=$dir/lib$lib.a
- break
- fi
- done
- IFS=$save_IFS
-
- if test "$found" != yes; then
- lib=$lib.lib
- fi
-}
-
-# func_cl_wrapper cl arg...
-# Adjust compile command to suit cl
-func_cl_wrapper ()
-{
- # Assume a capable shell
- lib_path=
- shared=:
- linker_opts=
- for arg
- do
- if test -n "$eat"; then
- eat=
- else
- case $1 in
- -o)
- # configure might choose to run compile as 'compile cc -o foo foo.c'.
- eat=1
- case $2 in
- *.o | *.[oO][bB][jJ])
- func_file_conv "$2"
- set x "$@" -Fo"$file"
- shift
- ;;
- *)
- func_file_conv "$2"
- set x "$@" -Fe"$file"
- shift
- ;;
- esac
- ;;
- -I)
- eat=1
- func_file_conv "$2" mingw
- set x "$@" -I"$file"
- shift
- ;;
- -I*)
- func_file_conv "${1#-I}" mingw
- set x "$@" -I"$file"
- shift
- ;;
- -l)
- eat=1
- func_cl_dashl "$2"
- set x "$@" "$lib"
- shift
- ;;
- -l*)
- func_cl_dashl "${1#-l}"
- set x "$@" "$lib"
- shift
- ;;
- -L)
- eat=1
- func_cl_dashL "$2"
- ;;
- -L*)
- func_cl_dashL "${1#-L}"
- ;;
- -static)
- shared=false
- ;;
- -Wl,*)
- arg=${1#-Wl,}
- save_ifs="$IFS"; IFS=','
- for flag in $arg; do
- IFS="$save_ifs"
- linker_opts="$linker_opts $flag"
- done
- IFS="$save_ifs"
- ;;
- -Xlinker)
- eat=1
- linker_opts="$linker_opts $2"
- ;;
- -*)
- set x "$@" "$1"
- shift
- ;;
- *.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
- func_file_conv "$1"
- set x "$@" -Tp"$file"
- shift
- ;;
- *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
- func_file_conv "$1" mingw
- set x "$@" "$file"
- shift
- ;;
- *)
- set x "$@" "$1"
- shift
- ;;
- esac
- fi
- shift
- done
- if test -n "$linker_opts"; then
- linker_opts="-link$linker_opts"
- fi
- exec "$@" $linker_opts
- exit 1
-}
-
-eat=
-
-case $1 in
- '')
- echo "$0: No command. Try '$0 --help' for more information." 1>&2
- exit 1;
- ;;
- -h | --h*)
- cat <<\EOF
-Usage: compile [--help] [--version] PROGRAM [ARGS]
-
-Wrapper for compilers which do not understand '-c -o'.
-Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
-arguments, and rename the output as expected.
-
-If you are trying to build a whole package this is not the
-right script to run: please start by reading the file 'INSTALL'.
-
-Report bugs to <bug-automake@gnu.org>.
-EOF
- exit $?
- ;;
- -v | --v*)
- echo "compile $scriptversion"
- exit $?
- ;;
- cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \
- icl | *[/\\]icl | icl.exe | *[/\\]icl.exe )
- func_cl_wrapper "$@" # Doesn't return...
- ;;
-esac
-
-ofile=
-cfile=
-
-for arg
-do
- if test -n "$eat"; then
- eat=
- else
- case $1 in
- -o)
- # configure might choose to run compile as 'compile cc -o foo foo.c'.
- # So we strip '-o arg' only if arg is an object.
- eat=1
- case $2 in
- *.o | *.obj)
- ofile=$2
- ;;
- *)
- set x "$@" -o "$2"
- shift
- ;;
- esac
- ;;
- *.c)
- cfile=$1
- set x "$@" "$1"
- shift
- ;;
- *)
- set x "$@" "$1"
- shift
- ;;
- esac
- fi
- shift
-done
-
-if test -z "$ofile" || test -z "$cfile"; then
- # If no '-o' option was seen then we might have been invoked from a
- # pattern rule where we don't need one. That is ok -- this is a
- # normal compilation that the losing compiler can handle. If no
- # '.c' file was seen then we are probably linking. That is also
- # ok.
- exec "$@"
-fi
-
-# Name of file we expect compiler to create.
-cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
-
-# Create the lock directory.
-# Note: use '[/\\:.-]' here to ensure that we don't use the same name
-# that we are using for the .o file. Also, base the name on the expected
-# object file name, since that is what matters with a parallel build.
-lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
-while true; do
- if mkdir "$lockdir" >/dev/null 2>&1; then
- break
- fi
- sleep 1
-done
-# FIXME: race condition here if user kills between mkdir and trap.
-trap "rmdir '$lockdir'; exit 1" 1 2 15
-
-# Run the compile.
-"$@"
-ret=$?
-
-if test -f "$cofile"; then
- test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
-elif test -f "${cofile}bj"; then
- test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
-fi
-
-rmdir "$lockdir"
-exit $ret
-
-# Local Variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
-# time-stamp-end: "; # UTC"
-# End:
diff --git a/libraries/libapparmor/config.guess b/libraries/libapparmor/config.guess
deleted file mode 100755
index 7f76b6228f73d674f58cfcc3523f99e253ee5515..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/config.guess
+++ /dev/null
@@ -1,1754 +0,0 @@
-#! /bin/sh
-# Attempt to guess a canonical system name.
-# Copyright 1992-2022 Free Software Foundation, Inc.
-
-# shellcheck disable=SC2006,SC2268 # see below for rationale
-
-timestamp='2022-01-09'
-
-# This file is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, see <https://www.gnu.org/licenses/>.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that
-# program. This Exception is an additional permission under section 7
-# of the GNU General Public License, version 3 ("GPLv3").
-#
-# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
-#
-# You can get the latest version of this script from:
-# https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
-#
-# Please send patches to <config-patches@gnu.org>.
-
-
-# The "shellcheck disable" line above the timestamp inhibits complaints
-# about features and limitations of the classic Bourne shell that were
-# superseded or lifted in POSIX. However, this script identifies a wide
-# variety of pre-POSIX systems that do not have POSIX shells at all, and
-# even some reasonably current systems (Solaris 10 as case-in-point) still
-# have a pre-POSIX /bin/sh.
-
-
-me=`echo "$0" | sed -e 's,.*/,,'`
-
-usage="\
-Usage: $0 [OPTION]
-
-Output the configuration name of the system \`$me' is run on.
-
-Options:
- -h, --help print this help, then exit
- -t, --time-stamp print date of last modification, then exit
- -v, --version print version number, then exit
-
-Report bugs and patches to <config-patches@gnu.org>."
-
-version="\
-GNU config.guess ($timestamp)
-
-Originally written by Per Bothner.
-Copyright 1992-2022 Free Software Foundation, Inc.
-
-This is free software; see the source for copying conditions. There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
-
-help="
-Try \`$me --help' for more information."
-
-# Parse command line
-while test $# -gt 0 ; do
- case $1 in
- --time-stamp | --time* | -t )
- echo "$timestamp" ; exit ;;
- --version | -v )
- echo "$version" ; exit ;;
- --help | --h* | -h )
- echo "$usage"; exit ;;
- -- ) # Stop option processing
- shift; break ;;
- - ) # Use stdin as input.
- break ;;
- -* )
- echo "$me: invalid option $1$help" >&2
- exit 1 ;;
- * )
- break ;;
- esac
-done
-
-if test $# != 0; then
- echo "$me: too many arguments$help" >&2
- exit 1
-fi
-
-# Just in case it came from the environment.
-GUESS=
-
-# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
-# compiler to aid in system detection is discouraged as it requires
-# temporary files to be created and, as you can see below, it is a
-# headache to deal with in a portable fashion.
-
-# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
-# use `HOST_CC' if defined, but it is deprecated.
-
-# Portable tmp directory creation inspired by the Autoconf team.
-
-tmp=
-# shellcheck disable=SC2172
-trap 'test -z "$tmp" || rm -fr "$tmp"' 0 1 2 13 15
-
-set_cc_for_build() {
- # prevent multiple calls if $tmp is already set
- test "$tmp" && return 0
- : "${TMPDIR=/tmp}"
- # shellcheck disable=SC2039,SC3028
- { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
- { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } ||
- { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } ||
- { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; }
- dummy=$tmp/dummy
- case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in
- ,,) echo "int x;" > "$dummy.c"
- for driver in cc gcc c89 c99 ; do
- if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then
- CC_FOR_BUILD=$driver
- break
- fi
- done
- if test x"$CC_FOR_BUILD" = x ; then
- CC_FOR_BUILD=no_compiler_found
- fi
- ;;
- ,,*) CC_FOR_BUILD=$CC ;;
- ,*,*) CC_FOR_BUILD=$HOST_CC ;;
- esac
-}
-
-# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
-# (ghazi@noc.rutgers.edu 1994-08-24)
-if test -f /.attbin/uname ; then
- PATH=$PATH:/.attbin ; export PATH
-fi
-
-UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
-UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
-UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
-UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
-
-case $UNAME_SYSTEM in
-Linux|GNU|GNU/*)
- LIBC=unknown
-
- set_cc_for_build
- cat <<-EOF > "$dummy.c"
- #include <features.h>
- #if defined(__UCLIBC__)
- LIBC=uclibc
- #elif defined(__dietlibc__)
- LIBC=dietlibc
- #elif defined(__GLIBC__)
- LIBC=gnu
- #else
- #include <stdarg.h>
- /* First heuristic to detect musl libc. */
- #ifdef __DEFINED_va_list
- LIBC=musl
- #endif
- #endif
- EOF
- cc_set_libc=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`
- eval "$cc_set_libc"
-
- # Second heuristic to detect musl libc.
- if [ "$LIBC" = unknown ] &&
- command -v ldd >/dev/null &&
- ldd --version 2>&1 | grep -q ^musl; then
- LIBC=musl
- fi
-
- # If the system lacks a compiler, then just pick glibc.
- # We could probably try harder.
- if [ "$LIBC" = unknown ]; then
- LIBC=gnu
- fi
- ;;
-esac
-
-# Note: order is significant - the case branches are not exclusive.
-
-case $UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION in
- *:NetBSD:*:*)
- # NetBSD (nbsd) targets should (where applicable) match one or
- # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
- # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
- # switched to ELF, *-*-netbsd* would select the old
- # object file format. This provides both forward
- # compatibility and a consistent mechanism for selecting the
- # object file format.
- #
- # Note: NetBSD doesn't particularly care about the vendor
- # portion of the name. We always set it to "unknown".
- UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
- /sbin/sysctl -n hw.machine_arch 2>/dev/null || \
- /usr/sbin/sysctl -n hw.machine_arch 2>/dev/null || \
- echo unknown)`
- case $UNAME_MACHINE_ARCH in
- aarch64eb) machine=aarch64_be-unknown ;;
- armeb) machine=armeb-unknown ;;
- arm*) machine=arm-unknown ;;
- sh3el) machine=shl-unknown ;;
- sh3eb) machine=sh-unknown ;;
- sh5el) machine=sh5le-unknown ;;
- earmv*)
- arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
- endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'`
- machine=${arch}${endian}-unknown
- ;;
- *) machine=$UNAME_MACHINE_ARCH-unknown ;;
- esac
- # The Operating System including object format, if it has switched
- # to ELF recently (or will in the future) and ABI.
- case $UNAME_MACHINE_ARCH in
- earm*)
- os=netbsdelf
- ;;
- arm*|i386|m68k|ns32k|sh3*|sparc|vax)
- set_cc_for_build
- if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
- | grep -q __ELF__
- then
- # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
- # Return netbsd for either. FIX?
- os=netbsd
- else
- os=netbsdelf
- fi
- ;;
- *)
- os=netbsd
- ;;
- esac
- # Determine ABI tags.
- case $UNAME_MACHINE_ARCH in
- earm*)
- expr='s/^earmv[0-9]/-eabi/;s/eb$//'
- abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"`
- ;;
- esac
- # The OS release
- # Debian GNU/NetBSD machines have a different userland, and
- # thus, need a distinct triplet. However, they do not need
- # kernel version information, so it can be replaced with a
- # suitable tag, in the style of linux-gnu.
- case $UNAME_VERSION in
- Debian*)
- release='-gnu'
- ;;
- *)
- release=`echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2`
- ;;
- esac
- # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
- # contains redundant information, the shorter form:
- # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
- GUESS=$machine-${os}${release}${abi-}
- ;;
- *:Bitrig:*:*)
- UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
- GUESS=$UNAME_MACHINE_ARCH-unknown-bitrig$UNAME_RELEASE
- ;;
- *:OpenBSD:*:*)
- UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
- GUESS=$UNAME_MACHINE_ARCH-unknown-openbsd$UNAME_RELEASE
- ;;
- *:SecBSD:*:*)
- UNAME_MACHINE_ARCH=`arch | sed 's/SecBSD.//'`
- GUESS=$UNAME_MACHINE_ARCH-unknown-secbsd$UNAME_RELEASE
- ;;
- *:LibertyBSD:*:*)
- UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
- GUESS=$UNAME_MACHINE_ARCH-unknown-libertybsd$UNAME_RELEASE
- ;;
- *:MidnightBSD:*:*)
- GUESS=$UNAME_MACHINE-unknown-midnightbsd$UNAME_RELEASE
- ;;
- *:ekkoBSD:*:*)
- GUESS=$UNAME_MACHINE-unknown-ekkobsd$UNAME_RELEASE
- ;;
- *:SolidBSD:*:*)
- GUESS=$UNAME_MACHINE-unknown-solidbsd$UNAME_RELEASE
- ;;
- *:OS108:*:*)
- GUESS=$UNAME_MACHINE-unknown-os108_$UNAME_RELEASE
- ;;
- macppc:MirBSD:*:*)
- GUESS=powerpc-unknown-mirbsd$UNAME_RELEASE
- ;;
- *:MirBSD:*:*)
- GUESS=$UNAME_MACHINE-unknown-mirbsd$UNAME_RELEASE
- ;;
- *:Sortix:*:*)
- GUESS=$UNAME_MACHINE-unknown-sortix
- ;;
- *:Twizzler:*:*)
- GUESS=$UNAME_MACHINE-unknown-twizzler
- ;;
- *:Redox:*:*)
- GUESS=$UNAME_MACHINE-unknown-redox
- ;;
- mips:OSF1:*.*)
- GUESS=mips-dec-osf1
- ;;
- alpha:OSF1:*:*)
- # Reset EXIT trap before exiting to avoid spurious non-zero exit code.
- trap '' 0
- case $UNAME_RELEASE in
- *4.0)
- UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
- ;;
- *5.*)
- UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
- ;;
- esac
- # According to Compaq, /usr/sbin/psrinfo has been available on
- # OSF/1 and Tru64 systems produced since 1995. I hope that
- # covers most systems running today. This code pipes the CPU
- # types through head -n 1, so we only detect the type of CPU 0.
- ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
- case $ALPHA_CPU_TYPE in
- "EV4 (21064)")
- UNAME_MACHINE=alpha ;;
- "EV4.5 (21064)")
- UNAME_MACHINE=alpha ;;
- "LCA4 (21066/21068)")
- UNAME_MACHINE=alpha ;;
- "EV5 (21164)")
- UNAME_MACHINE=alphaev5 ;;
- "EV5.6 (21164A)")
- UNAME_MACHINE=alphaev56 ;;
- "EV5.6 (21164PC)")
- UNAME_MACHINE=alphapca56 ;;
- "EV5.7 (21164PC)")
- UNAME_MACHINE=alphapca57 ;;
- "EV6 (21264)")
- UNAME_MACHINE=alphaev6 ;;
- "EV6.7 (21264A)")
- UNAME_MACHINE=alphaev67 ;;
- "EV6.8CB (21264C)")
- UNAME_MACHINE=alphaev68 ;;
- "EV6.8AL (21264B)")
- UNAME_MACHINE=alphaev68 ;;
- "EV6.8CX (21264D)")
- UNAME_MACHINE=alphaev68 ;;
- "EV6.9A (21264/EV69A)")
- UNAME_MACHINE=alphaev69 ;;
- "EV7 (21364)")
- UNAME_MACHINE=alphaev7 ;;
- "EV7.9 (21364A)")
- UNAME_MACHINE=alphaev79 ;;
- esac
- # A Pn.n version is a patched version.
- # A Vn.n version is a released version.
- # A Tn.n version is a released field test version.
- # A Xn.n version is an unreleased experimental baselevel.
- # 1.2 uses "1.2" for uname -r.
- OSF_REL=`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
- GUESS=$UNAME_MACHINE-dec-osf$OSF_REL
- ;;
- Amiga*:UNIX_System_V:4.0:*)
- GUESS=m68k-unknown-sysv4
- ;;
- *:[Aa]miga[Oo][Ss]:*:*)
- GUESS=$UNAME_MACHINE-unknown-amigaos
- ;;
- *:[Mm]orph[Oo][Ss]:*:*)
- GUESS=$UNAME_MACHINE-unknown-morphos
- ;;
- *:OS/390:*:*)
- GUESS=i370-ibm-openedition
- ;;
- *:z/VM:*:*)
- GUESS=s390-ibm-zvmoe
- ;;
- *:OS400:*:*)
- GUESS=powerpc-ibm-os400
- ;;
- arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
- GUESS=arm-acorn-riscix$UNAME_RELEASE
- ;;
- arm*:riscos:*:*|arm*:RISCOS:*:*)
- GUESS=arm-unknown-riscos
- ;;
- SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
- GUESS=hppa1.1-hitachi-hiuxmpp
- ;;
- Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
- # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
- case `(/bin/universe) 2>/dev/null` in
- att) GUESS=pyramid-pyramid-sysv3 ;;
- *) GUESS=pyramid-pyramid-bsd ;;
- esac
- ;;
- NILE*:*:*:dcosx)
- GUESS=pyramid-pyramid-svr4
- ;;
- DRS?6000:unix:4.0:6*)
- GUESS=sparc-icl-nx6
- ;;
- DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
- case `/usr/bin/uname -p` in
- sparc) GUESS=sparc-icl-nx7 ;;
- esac
- ;;
- s390x:SunOS:*:*)
- SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
- GUESS=$UNAME_MACHINE-ibm-solaris2$SUN_REL
- ;;
- sun4H:SunOS:5.*:*)
- SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
- GUESS=sparc-hal-solaris2$SUN_REL
- ;;
- sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
- SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
- GUESS=sparc-sun-solaris2$SUN_REL
- ;;
- i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
- GUESS=i386-pc-auroraux$UNAME_RELEASE
- ;;
- i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
- set_cc_for_build
- SUN_ARCH=i386
- # If there is a compiler, see if it is configured for 64-bit objects.
- # Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
- # This test works for both compilers.
- if test "$CC_FOR_BUILD" != no_compiler_found; then
- if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
- (CCOPTS="" $CC_FOR_BUILD -m64 -E - 2>/dev/null) | \
- grep IS_64BIT_ARCH >/dev/null
- then
- SUN_ARCH=x86_64
- fi
- fi
- SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
- GUESS=$SUN_ARCH-pc-solaris2$SUN_REL
- ;;
- sun4*:SunOS:6*:*)
- # According to config.sub, this is the proper way to canonicalize
- # SunOS6. Hard to guess exactly what SunOS6 will be like, but
- # it's likely to be more like Solaris than SunOS4.
- SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
- GUESS=sparc-sun-solaris3$SUN_REL
- ;;
- sun4*:SunOS:*:*)
- case `/usr/bin/arch -k` in
- Series*|S4*)
- UNAME_RELEASE=`uname -v`
- ;;
- esac
- # Japanese Language versions have a version number like `4.1.3-JL'.
- SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/'`
- GUESS=sparc-sun-sunos$SUN_REL
- ;;
- sun3*:SunOS:*:*)
- GUESS=m68k-sun-sunos$UNAME_RELEASE
- ;;
- sun*:*:4.2BSD:*)
- UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
- test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3
- case `/bin/arch` in
- sun3)
- GUESS=m68k-sun-sunos$UNAME_RELEASE
- ;;
- sun4)
- GUESS=sparc-sun-sunos$UNAME_RELEASE
- ;;
- esac
- ;;
- aushp:SunOS:*:*)
- GUESS=sparc-auspex-sunos$UNAME_RELEASE
- ;;
- # The situation for MiNT is a little confusing. The machine name
- # can be virtually everything (everything which is not
- # "atarist" or "atariste" at least should have a processor
- # > m68000). The system name ranges from "MiNT" over "FreeMiNT"
- # to the lowercase version "mint" (or "freemint"). Finally
- # the system name "TOS" denotes a system which is actually not
- # MiNT. But MiNT is downward compatible to TOS, so this should
- # be no problem.
- atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
- GUESS=m68k-atari-mint$UNAME_RELEASE
- ;;
- atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
- GUESS=m68k-atari-mint$UNAME_RELEASE
- ;;
- *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
- GUESS=m68k-atari-mint$UNAME_RELEASE
- ;;
- milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
- GUESS=m68k-milan-mint$UNAME_RELEASE
- ;;
- hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
- GUESS=m68k-hades-mint$UNAME_RELEASE
- ;;
- *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
- GUESS=m68k-unknown-mint$UNAME_RELEASE
- ;;
- m68k:machten:*:*)
- GUESS=m68k-apple-machten$UNAME_RELEASE
- ;;
- powerpc:machten:*:*)
- GUESS=powerpc-apple-machten$UNAME_RELEASE
- ;;
- RISC*:Mach:*:*)
- GUESS=mips-dec-mach_bsd4.3
- ;;
- RISC*:ULTRIX:*:*)
- GUESS=mips-dec-ultrix$UNAME_RELEASE
- ;;
- VAX*:ULTRIX*:*:*)
- GUESS=vax-dec-ultrix$UNAME_RELEASE
- ;;
- 2020:CLIX:*:* | 2430:CLIX:*:*)
- GUESS=clipper-intergraph-clix$UNAME_RELEASE
- ;;
- mips:*:*:UMIPS | mips:*:*:RISCos)
- set_cc_for_build
- sed 's/^ //' << EOF > "$dummy.c"
-#ifdef __cplusplus
-#include <stdio.h> /* for printf() prototype */
- int main (int argc, char *argv[]) {
-#else
- int main (argc, argv) int argc; char *argv[]; {
-#endif
- #if defined (host_mips) && defined (MIPSEB)
- #if defined (SYSTYPE_SYSV)
- printf ("mips-mips-riscos%ssysv\\n", argv[1]); exit (0);
- #endif
- #if defined (SYSTYPE_SVR4)
- printf ("mips-mips-riscos%ssvr4\\n", argv[1]); exit (0);
- #endif
- #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
- printf ("mips-mips-riscos%sbsd\\n", argv[1]); exit (0);
- #endif
- #endif
- exit (-1);
- }
-EOF
- $CC_FOR_BUILD -o "$dummy" "$dummy.c" &&
- dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` &&
- SYSTEM_NAME=`"$dummy" "$dummyarg"` &&
- { echo "$SYSTEM_NAME"; exit; }
- GUESS=mips-mips-riscos$UNAME_RELEASE
- ;;
- Motorola:PowerMAX_OS:*:*)
- GUESS=powerpc-motorola-powermax
- ;;
- Motorola:*:4.3:PL8-*)
- GUESS=powerpc-harris-powermax
- ;;
- Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
- GUESS=powerpc-harris-powermax
- ;;
- Night_Hawk:Power_UNIX:*:*)
- GUESS=powerpc-harris-powerunix
- ;;
- m88k:CX/UX:7*:*)
- GUESS=m88k-harris-cxux7
- ;;
- m88k:*:4*:R4*)
- GUESS=m88k-motorola-sysv4
- ;;
- m88k:*:3*:R3*)
- GUESS=m88k-motorola-sysv3
- ;;
- AViiON:dgux:*:*)
- # DG/UX returns AViiON for all architectures
- UNAME_PROCESSOR=`/usr/bin/uname -p`
- if test "$UNAME_PROCESSOR" = mc88100 || test "$UNAME_PROCESSOR" = mc88110
- then
- if test "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx || \
- test "$TARGET_BINARY_INTERFACE"x = x
- then
- GUESS=m88k-dg-dgux$UNAME_RELEASE
- else
- GUESS=m88k-dg-dguxbcs$UNAME_RELEASE
- fi
- else
- GUESS=i586-dg-dgux$UNAME_RELEASE
- fi
- ;;
- M88*:DolphinOS:*:*) # DolphinOS (SVR3)
- GUESS=m88k-dolphin-sysv3
- ;;
- M88*:*:R3*:*)
- # Delta 88k system running SVR3
- GUESS=m88k-motorola-sysv3
- ;;
- XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
- GUESS=m88k-tektronix-sysv3
- ;;
- Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
- GUESS=m68k-tektronix-bsd
- ;;
- *:IRIX*:*:*)
- IRIX_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/g'`
- GUESS=mips-sgi-irix$IRIX_REL
- ;;
- ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
- GUESS=romp-ibm-aix # uname -m gives an 8 hex-code CPU id
- ;; # Note that: echo "'`uname -s`'" gives 'AIX '
- i*86:AIX:*:*)
- GUESS=i386-ibm-aix
- ;;
- ia64:AIX:*:*)
- if test -x /usr/bin/oslevel ; then
- IBM_REV=`/usr/bin/oslevel`
- else
- IBM_REV=$UNAME_VERSION.$UNAME_RELEASE
- fi
- GUESS=$UNAME_MACHINE-ibm-aix$IBM_REV
- ;;
- *:AIX:2:3)
- if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
- set_cc_for_build
- sed 's/^ //' << EOF > "$dummy.c"
- #include <sys/systemcfg.h>
-
- main()
- {
- if (!__power_pc())
- exit(1);
- puts("powerpc-ibm-aix3.2.5");
- exit(0);
- }
-EOF
- if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"`
- then
- GUESS=$SYSTEM_NAME
- else
- GUESS=rs6000-ibm-aix3.2.5
- fi
- elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
- GUESS=rs6000-ibm-aix3.2.4
- else
- GUESS=rs6000-ibm-aix3.2
- fi
- ;;
- *:AIX:*:[4567])
- IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
- if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then
- IBM_ARCH=rs6000
- else
- IBM_ARCH=powerpc
- fi
- if test -x /usr/bin/lslpp ; then
- IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | \
- awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
- else
- IBM_REV=$UNAME_VERSION.$UNAME_RELEASE
- fi
- GUESS=$IBM_ARCH-ibm-aix$IBM_REV
- ;;
- *:AIX:*:*)
- GUESS=rs6000-ibm-aix
- ;;
- ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*)
- GUESS=romp-ibm-bsd4.4
- ;;
- ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
- GUESS=romp-ibm-bsd$UNAME_RELEASE # 4.3 with uname added to
- ;; # report: romp-ibm BSD 4.3
- *:BOSX:*:*)
- GUESS=rs6000-bull-bosx
- ;;
- DPX/2?00:B.O.S.:*:*)
- GUESS=m68k-bull-sysv3
- ;;
- 9000/[34]??:4.3bsd:1.*:*)
- GUESS=m68k-hp-bsd
- ;;
- hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
- GUESS=m68k-hp-bsd4.4
- ;;
- 9000/[34678]??:HP-UX:*:*)
- HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'`
- case $UNAME_MACHINE in
- 9000/31?) HP_ARCH=m68000 ;;
- 9000/[34]??) HP_ARCH=m68k ;;
- 9000/[678][0-9][0-9])
- if test -x /usr/bin/getconf; then
- sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
- sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
- case $sc_cpu_version in
- 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
- 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
- 532) # CPU_PA_RISC2_0
- case $sc_kernel_bits in
- 32) HP_ARCH=hppa2.0n ;;
- 64) HP_ARCH=hppa2.0w ;;
- '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20
- esac ;;
- esac
- fi
- if test "$HP_ARCH" = ""; then
- set_cc_for_build
- sed 's/^ //' << EOF > "$dummy.c"
-
- #define _HPUX_SOURCE
- #include <stdlib.h>
- #include <unistd.h>
-
- int main ()
- {
- #if defined(_SC_KERNEL_BITS)
- long bits = sysconf(_SC_KERNEL_BITS);
- #endif
- long cpu = sysconf (_SC_CPU_VERSION);
-
- switch (cpu)
- {
- case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
- case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
- case CPU_PA_RISC2_0:
- #if defined(_SC_KERNEL_BITS)
- switch (bits)
- {
- case 64: puts ("hppa2.0w"); break;
- case 32: puts ("hppa2.0n"); break;
- default: puts ("hppa2.0"); break;
- } break;
- #else /* !defined(_SC_KERNEL_BITS) */
- puts ("hppa2.0"); break;
- #endif
- default: puts ("hppa1.0"); break;
- }
- exit (0);
- }
-EOF
- (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=`"$dummy"`
- test -z "$HP_ARCH" && HP_ARCH=hppa
- fi ;;
- esac
- if test "$HP_ARCH" = hppa2.0w
- then
- set_cc_for_build
-
- # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
- # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
- # generating 64-bit code. GNU and HP use different nomenclature:
- #
- # $ CC_FOR_BUILD=cc ./config.guess
- # => hppa2.0w-hp-hpux11.23
- # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
- # => hppa64-hp-hpux11.23
-
- if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) |
- grep -q __LP64__
- then
- HP_ARCH=hppa2.0w
- else
- HP_ARCH=hppa64
- fi
- fi
- GUESS=$HP_ARCH-hp-hpux$HPUX_REV
- ;;
- ia64:HP-UX:*:*)
- HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'`
- GUESS=ia64-hp-hpux$HPUX_REV
- ;;
- 3050*:HI-UX:*:*)
- set_cc_for_build
- sed 's/^ //' << EOF > "$dummy.c"
- #include <unistd.h>
- int
- main ()
- {
- long cpu = sysconf (_SC_CPU_VERSION);
- /* The order matters, because CPU_IS_HP_MC68K erroneously returns
- true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
- results, however. */
- if (CPU_IS_PA_RISC (cpu))
- {
- switch (cpu)
- {
- case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
- case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
- case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
- default: puts ("hppa-hitachi-hiuxwe2"); break;
- }
- }
- else if (CPU_IS_HP_MC68K (cpu))
- puts ("m68k-hitachi-hiuxwe2");
- else puts ("unknown-hitachi-hiuxwe2");
- exit (0);
- }
-EOF
- $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` &&
- { echo "$SYSTEM_NAME"; exit; }
- GUESS=unknown-hitachi-hiuxwe2
- ;;
- 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*)
- GUESS=hppa1.1-hp-bsd
- ;;
- 9000/8??:4.3bsd:*:*)
- GUESS=hppa1.0-hp-bsd
- ;;
- *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
- GUESS=hppa1.0-hp-mpeix
- ;;
- hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*)
- GUESS=hppa1.1-hp-osf
- ;;
- hp8??:OSF1:*:*)
- GUESS=hppa1.0-hp-osf
- ;;
- i*86:OSF1:*:*)
- if test -x /usr/sbin/sysversion ; then
- GUESS=$UNAME_MACHINE-unknown-osf1mk
- else
- GUESS=$UNAME_MACHINE-unknown-osf1
- fi
- ;;
- parisc*:Lites*:*:*)
- GUESS=hppa1.1-hp-lites
- ;;
- C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
- GUESS=c1-convex-bsd
- ;;
- C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
- if getsysinfo -f scalar_acc
- then echo c32-convex-bsd
- else echo c2-convex-bsd
- fi
- exit ;;
- C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
- GUESS=c34-convex-bsd
- ;;
- C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
- GUESS=c38-convex-bsd
- ;;
- C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
- GUESS=c4-convex-bsd
- ;;
- CRAY*Y-MP:*:*:*)
- CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
- GUESS=ymp-cray-unicos$CRAY_REL
- ;;
- CRAY*[A-Z]90:*:*:*)
- echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \
- | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
- -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
- -e 's/\.[^.]*$/.X/'
- exit ;;
- CRAY*TS:*:*:*)
- CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
- GUESS=t90-cray-unicos$CRAY_REL
- ;;
- CRAY*T3E:*:*:*)
- CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
- GUESS=alphaev5-cray-unicosmk$CRAY_REL
- ;;
- CRAY*SV1:*:*:*)
- CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
- GUESS=sv1-cray-unicos$CRAY_REL
- ;;
- *:UNICOS/mp:*:*)
- CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
- GUESS=craynv-cray-unicosmp$CRAY_REL
- ;;
- F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
- FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
- FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
- FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'`
- GUESS=${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}
- ;;
- 5000:UNIX_System_V:4.*:*)
- FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
- FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
- GUESS=sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}
- ;;
- i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
- GUESS=$UNAME_MACHINE-pc-bsdi$UNAME_RELEASE
- ;;
- sparc*:BSD/OS:*:*)
- GUESS=sparc-unknown-bsdi$UNAME_RELEASE
- ;;
- *:BSD/OS:*:*)
- GUESS=$UNAME_MACHINE-unknown-bsdi$UNAME_RELEASE
- ;;
- arm:FreeBSD:*:*)
- UNAME_PROCESSOR=`uname -p`
- set_cc_for_build
- if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
- | grep -q __ARM_PCS_VFP
- then
- FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
- GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabi
- else
- FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
- GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabihf
- fi
- ;;
- *:FreeBSD:*:*)
- UNAME_PROCESSOR=`/usr/bin/uname -p`
- case $UNAME_PROCESSOR in
- amd64)
- UNAME_PROCESSOR=x86_64 ;;
- i386)
- UNAME_PROCESSOR=i586 ;;
- esac
- FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
- GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL
- ;;
- i*:CYGWIN*:*)
- GUESS=$UNAME_MACHINE-pc-cygwin
- ;;
- *:MINGW64*:*)
- GUESS=$UNAME_MACHINE-pc-mingw64
- ;;
- *:MINGW*:*)
- GUESS=$UNAME_MACHINE-pc-mingw32
- ;;
- *:MSYS*:*)
- GUESS=$UNAME_MACHINE-pc-msys
- ;;
- i*:PW*:*)
- GUESS=$UNAME_MACHINE-pc-pw32
- ;;
- *:SerenityOS:*:*)
- GUESS=$UNAME_MACHINE-pc-serenity
- ;;
- *:Interix*:*)
- case $UNAME_MACHINE in
- x86)
- GUESS=i586-pc-interix$UNAME_RELEASE
- ;;
- authenticamd | genuineintel | EM64T)
- GUESS=x86_64-unknown-interix$UNAME_RELEASE
- ;;
- IA64)
- GUESS=ia64-unknown-interix$UNAME_RELEASE
- ;;
- esac ;;
- i*:UWIN*:*)
- GUESS=$UNAME_MACHINE-pc-uwin
- ;;
- amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
- GUESS=x86_64-pc-cygwin
- ;;
- prep*:SunOS:5.*:*)
- SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
- GUESS=powerpcle-unknown-solaris2$SUN_REL
- ;;
- *:GNU:*:*)
- # the GNU system
- GNU_ARCH=`echo "$UNAME_MACHINE" | sed -e 's,[-/].*$,,'`
- GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's,/.*$,,'`
- GUESS=$GNU_ARCH-unknown-$LIBC$GNU_REL
- ;;
- *:GNU/*:*:*)
- # other systems with GNU libc and userland
- GNU_SYS=`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"`
- GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
- GUESS=$UNAME_MACHINE-unknown-$GNU_SYS$GNU_REL-$LIBC
- ;;
- *:Minix:*:*)
- GUESS=$UNAME_MACHINE-unknown-minix
- ;;
- aarch64:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- aarch64_be:Linux:*:*)
- UNAME_MACHINE=aarch64_be
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- alpha:Linux:*:*)
- case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null` in
- EV5) UNAME_MACHINE=alphaev5 ;;
- EV56) UNAME_MACHINE=alphaev56 ;;
- PCA56) UNAME_MACHINE=alphapca56 ;;
- PCA57) UNAME_MACHINE=alphapca56 ;;
- EV6) UNAME_MACHINE=alphaev6 ;;
- EV67) UNAME_MACHINE=alphaev67 ;;
- EV68*) UNAME_MACHINE=alphaev68 ;;
- esac
- objdump --private-headers /bin/sh | grep -q ld.so.1
- if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- arc:Linux:*:* | arceb:Linux:*:* | arc32:Linux:*:* | arc64:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- arm*:Linux:*:*)
- set_cc_for_build
- if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
- | grep -q __ARM_EABI__
- then
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- else
- if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
- | grep -q __ARM_PCS_VFP
- then
- GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabi
- else
- GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabihf
- fi
- fi
- ;;
- avr32*:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- cris:Linux:*:*)
- GUESS=$UNAME_MACHINE-axis-linux-$LIBC
- ;;
- crisv32:Linux:*:*)
- GUESS=$UNAME_MACHINE-axis-linux-$LIBC
- ;;
- e2k:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- frv:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- hexagon:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- i*86:Linux:*:*)
- GUESS=$UNAME_MACHINE-pc-linux-$LIBC
- ;;
- ia64:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- k1om:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- m32r*:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- m68*:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- mips:Linux:*:* | mips64:Linux:*:*)
- set_cc_for_build
- IS_GLIBC=0
- test x"${LIBC}" = xgnu && IS_GLIBC=1
- sed 's/^ //' << EOF > "$dummy.c"
- #undef CPU
- #undef mips
- #undef mipsel
- #undef mips64
- #undef mips64el
- #if ${IS_GLIBC} && defined(_ABI64)
- LIBCABI=gnuabi64
- #else
- #if ${IS_GLIBC} && defined(_ABIN32)
- LIBCABI=gnuabin32
- #else
- LIBCABI=${LIBC}
- #endif
- #endif
-
- #if ${IS_GLIBC} && defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6
- CPU=mipsisa64r6
- #else
- #if ${IS_GLIBC} && !defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6
- CPU=mipsisa32r6
- #else
- #if defined(__mips64)
- CPU=mips64
- #else
- CPU=mips
- #endif
- #endif
- #endif
-
- #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
- MIPS_ENDIAN=el
- #else
- #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
- MIPS_ENDIAN=
- #else
- MIPS_ENDIAN=
- #endif
- #endif
-EOF
- cc_set_vars=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI'`
- eval "$cc_set_vars"
- test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; }
- ;;
- mips64el:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- openrisc*:Linux:*:*)
- GUESS=or1k-unknown-linux-$LIBC
- ;;
- or32:Linux:*:* | or1k*:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- padre:Linux:*:*)
- GUESS=sparc-unknown-linux-$LIBC
- ;;
- parisc64:Linux:*:* | hppa64:Linux:*:*)
- GUESS=hppa64-unknown-linux-$LIBC
- ;;
- parisc:Linux:*:* | hppa:Linux:*:*)
- # Look for CPU level
- case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
- PA7*) GUESS=hppa1.1-unknown-linux-$LIBC ;;
- PA8*) GUESS=hppa2.0-unknown-linux-$LIBC ;;
- *) GUESS=hppa-unknown-linux-$LIBC ;;
- esac
- ;;
- ppc64:Linux:*:*)
- GUESS=powerpc64-unknown-linux-$LIBC
- ;;
- ppc:Linux:*:*)
- GUESS=powerpc-unknown-linux-$LIBC
- ;;
- ppc64le:Linux:*:*)
- GUESS=powerpc64le-unknown-linux-$LIBC
- ;;
- ppcle:Linux:*:*)
- GUESS=powerpcle-unknown-linux-$LIBC
- ;;
- riscv32:Linux:*:* | riscv32be:Linux:*:* | riscv64:Linux:*:* | riscv64be:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- s390:Linux:*:* | s390x:Linux:*:*)
- GUESS=$UNAME_MACHINE-ibm-linux-$LIBC
- ;;
- sh64*:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- sh*:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- sparc:Linux:*:* | sparc64:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- tile*:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- vax:Linux:*:*)
- GUESS=$UNAME_MACHINE-dec-linux-$LIBC
- ;;
- x86_64:Linux:*:*)
- set_cc_for_build
- LIBCABI=$LIBC
- if test "$CC_FOR_BUILD" != no_compiler_found; then
- if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \
- (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
- grep IS_X32 >/dev/null
- then
- LIBCABI=${LIBC}x32
- fi
- fi
- GUESS=$UNAME_MACHINE-pc-linux-$LIBCABI
- ;;
- xtensa*:Linux:*:*)
- GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
- ;;
- i*86:DYNIX/ptx:4*:*)
- # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
- # earlier versions are messed up and put the nodename in both
- # sysname and nodename.
- GUESS=i386-sequent-sysv4
- ;;
- i*86:UNIX_SV:4.2MP:2.*)
- # Unixware is an offshoot of SVR4, but it has its own version
- # number series starting with 2...
- # I am not positive that other SVR4 systems won't match this,
- # I just have to hope. -- rms.
- # Use sysv4.2uw... so that sysv4* matches it.
- GUESS=$UNAME_MACHINE-pc-sysv4.2uw$UNAME_VERSION
- ;;
- i*86:OS/2:*:*)
- # If we were able to find `uname', then EMX Unix compatibility
- # is probably installed.
- GUESS=$UNAME_MACHINE-pc-os2-emx
- ;;
- i*86:XTS-300:*:STOP)
- GUESS=$UNAME_MACHINE-unknown-stop
- ;;
- i*86:atheos:*:*)
- GUESS=$UNAME_MACHINE-unknown-atheos
- ;;
- i*86:syllable:*:*)
- GUESS=$UNAME_MACHINE-pc-syllable
- ;;
- i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
- GUESS=i386-unknown-lynxos$UNAME_RELEASE
- ;;
- i*86:*DOS:*:*)
- GUESS=$UNAME_MACHINE-pc-msdosdjgpp
- ;;
- i*86:*:4.*:*)
- UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'`
- if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
- GUESS=$UNAME_MACHINE-univel-sysv$UNAME_REL
- else
- GUESS=$UNAME_MACHINE-pc-sysv$UNAME_REL
- fi
- ;;
- i*86:*:5:[678]*)
- # UnixWare 7.x, OpenUNIX and OpenServer 6.
- case `/bin/uname -X | grep "^Machine"` in
- *486*) UNAME_MACHINE=i486 ;;
- *Pentium) UNAME_MACHINE=i586 ;;
- *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
- esac
- GUESS=$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
- ;;
- i*86:*:3.2:*)
- if test -f /usr/options/cb.name; then
- UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
- GUESS=$UNAME_MACHINE-pc-isc$UNAME_REL
- elif /bin/uname -X 2>/dev/null >/dev/null ; then
- UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
- (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
- (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
- && UNAME_MACHINE=i586
- (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
- && UNAME_MACHINE=i686
- (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
- && UNAME_MACHINE=i686
- GUESS=$UNAME_MACHINE-pc-sco$UNAME_REL
- else
- GUESS=$UNAME_MACHINE-pc-sysv32
- fi
- ;;
- pc:*:*:*)
- # Left here for compatibility:
- # uname -m prints for DJGPP always 'pc', but it prints nothing about
- # the processor, so we play safe by assuming i586.
- # Note: whatever this is, it MUST be the same as what config.sub
- # prints for the "djgpp" host, or else GDB configure will decide that
- # this is a cross-build.
- GUESS=i586-pc-msdosdjgpp
- ;;
- Intel:Mach:3*:*)
- GUESS=i386-pc-mach3
- ;;
- paragon:*:*:*)
- GUESS=i860-intel-osf1
- ;;
- i860:*:4.*:*) # i860-SVR4
- if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
- GUESS=i860-stardent-sysv$UNAME_RELEASE # Stardent Vistra i860-SVR4
- else # Add other i860-SVR4 vendors below as they are discovered.
- GUESS=i860-unknown-sysv$UNAME_RELEASE # Unknown i860-SVR4
- fi
- ;;
- mini*:CTIX:SYS*5:*)
- # "miniframe"
- GUESS=m68010-convergent-sysv
- ;;
- mc68k:UNIX:SYSTEM5:3.51m)
- GUESS=m68k-convergent-sysv
- ;;
- M680?0:D-NIX:5.3:*)
- GUESS=m68k-diab-dnix
- ;;
- M68*:*:R3V[5678]*:*)
- test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
- 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
- OS_REL=''
- test -r /etc/.relid \
- && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
- /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
- && { echo i486-ncr-sysv4.3"$OS_REL"; exit; }
- /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
- && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;;
- 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
- /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
- && { echo i486-ncr-sysv4; exit; } ;;
- NCR*:*:4.2:* | MPRAS*:*:4.2:*)
- OS_REL='.3'
- test -r /etc/.relid \
- && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
- /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
- && { echo i486-ncr-sysv4.3"$OS_REL"; exit; }
- /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
- && { echo i586-ncr-sysv4.3"$OS_REL"; exit; }
- /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
- && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;;
- m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
- GUESS=m68k-unknown-lynxos$UNAME_RELEASE
- ;;
- mc68030:UNIX_System_V:4.*:*)
- GUESS=m68k-atari-sysv4
- ;;
- TSUNAMI:LynxOS:2.*:*)
- GUESS=sparc-unknown-lynxos$UNAME_RELEASE
- ;;
- rs6000:LynxOS:2.*:*)
- GUESS=rs6000-unknown-lynxos$UNAME_RELEASE
- ;;
- PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
- GUESS=powerpc-unknown-lynxos$UNAME_RELEASE
- ;;
- SM[BE]S:UNIX_SV:*:*)
- GUESS=mips-dde-sysv$UNAME_RELEASE
- ;;
- RM*:ReliantUNIX-*:*:*)
- GUESS=mips-sni-sysv4
- ;;
- RM*:SINIX-*:*:*)
- GUESS=mips-sni-sysv4
- ;;
- *:SINIX-*:*:*)
- if uname -p 2>/dev/null >/dev/null ; then
- UNAME_MACHINE=`(uname -p) 2>/dev/null`
- GUESS=$UNAME_MACHINE-sni-sysv4
- else
- GUESS=ns32k-sni-sysv
- fi
- ;;
- PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
- # says <Richard.M.Bartel@ccMail.Census.GOV>
- GUESS=i586-unisys-sysv4
- ;;
- *:UNIX_System_V:4*:FTX*)
- # From Gerald Hewes <hewes@openmarket.com>.
- # How about differentiating between stratus architectures? -djm
- GUESS=hppa1.1-stratus-sysv4
- ;;
- *:*:*:FTX*)
- # From seanf@swdc.stratus.com.
- GUESS=i860-stratus-sysv4
- ;;
- i*86:VOS:*:*)
- # From Paul.Green@stratus.com.
- GUESS=$UNAME_MACHINE-stratus-vos
- ;;
- *:VOS:*:*)
- # From Paul.Green@stratus.com.
- GUESS=hppa1.1-stratus-vos
- ;;
- mc68*:A/UX:*:*)
- GUESS=m68k-apple-aux$UNAME_RELEASE
- ;;
- news*:NEWS-OS:6*:*)
- GUESS=mips-sony-newsos6
- ;;
- R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
- if test -d /usr/nec; then
- GUESS=mips-nec-sysv$UNAME_RELEASE
- else
- GUESS=mips-unknown-sysv$UNAME_RELEASE
- fi
- ;;
- BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
- GUESS=powerpc-be-beos
- ;;
- BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
- GUESS=powerpc-apple-beos
- ;;
- BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
- GUESS=i586-pc-beos
- ;;
- BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
- GUESS=i586-pc-haiku
- ;;
- x86_64:Haiku:*:*)
- GUESS=x86_64-unknown-haiku
- ;;
- SX-4:SUPER-UX:*:*)
- GUESS=sx4-nec-superux$UNAME_RELEASE
- ;;
- SX-5:SUPER-UX:*:*)
- GUESS=sx5-nec-superux$UNAME_RELEASE
- ;;
- SX-6:SUPER-UX:*:*)
- GUESS=sx6-nec-superux$UNAME_RELEASE
- ;;
- SX-7:SUPER-UX:*:*)
- GUESS=sx7-nec-superux$UNAME_RELEASE
- ;;
- SX-8:SUPER-UX:*:*)
- GUESS=sx8-nec-superux$UNAME_RELEASE
- ;;
- SX-8R:SUPER-UX:*:*)
- GUESS=sx8r-nec-superux$UNAME_RELEASE
- ;;
- SX-ACE:SUPER-UX:*:*)
- GUESS=sxace-nec-superux$UNAME_RELEASE
- ;;
- Power*:Rhapsody:*:*)
- GUESS=powerpc-apple-rhapsody$UNAME_RELEASE
- ;;
- *:Rhapsody:*:*)
- GUESS=$UNAME_MACHINE-apple-rhapsody$UNAME_RELEASE
- ;;
- arm64:Darwin:*:*)
- GUESS=aarch64-apple-darwin$UNAME_RELEASE
- ;;
- *:Darwin:*:*)
- UNAME_PROCESSOR=`uname -p`
- case $UNAME_PROCESSOR in
- unknown) UNAME_PROCESSOR=powerpc ;;
- esac
- if command -v xcode-select > /dev/null 2> /dev/null && \
- ! xcode-select --print-path > /dev/null 2> /dev/null ; then
- # Avoid executing cc if there is no toolchain installed as
- # cc will be a stub that puts up a graphical alert
- # prompting the user to install developer tools.
- CC_FOR_BUILD=no_compiler_found
- else
- set_cc_for_build
- fi
- if test "$CC_FOR_BUILD" != no_compiler_found; then
- if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
- (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
- grep IS_64BIT_ARCH >/dev/null
- then
- case $UNAME_PROCESSOR in
- i386) UNAME_PROCESSOR=x86_64 ;;
- powerpc) UNAME_PROCESSOR=powerpc64 ;;
- esac
- fi
- # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc
- if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \
- (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
- grep IS_PPC >/dev/null
- then
- UNAME_PROCESSOR=powerpc
- fi
- elif test "$UNAME_PROCESSOR" = i386 ; then
- # uname -m returns i386 or x86_64
- UNAME_PROCESSOR=$UNAME_MACHINE
- fi
- GUESS=$UNAME_PROCESSOR-apple-darwin$UNAME_RELEASE
- ;;
- *:procnto*:*:* | *:QNX:[0123456789]*:*)
- UNAME_PROCESSOR=`uname -p`
- if test "$UNAME_PROCESSOR" = x86; then
- UNAME_PROCESSOR=i386
- UNAME_MACHINE=pc
- fi
- GUESS=$UNAME_PROCESSOR-$UNAME_MACHINE-nto-qnx$UNAME_RELEASE
- ;;
- *:QNX:*:4*)
- GUESS=i386-pc-qnx
- ;;
- NEO-*:NONSTOP_KERNEL:*:*)
- GUESS=neo-tandem-nsk$UNAME_RELEASE
- ;;
- NSE-*:NONSTOP_KERNEL:*:*)
- GUESS=nse-tandem-nsk$UNAME_RELEASE
- ;;
- NSR-*:NONSTOP_KERNEL:*:*)
- GUESS=nsr-tandem-nsk$UNAME_RELEASE
- ;;
- NSV-*:NONSTOP_KERNEL:*:*)
- GUESS=nsv-tandem-nsk$UNAME_RELEASE
- ;;
- NSX-*:NONSTOP_KERNEL:*:*)
- GUESS=nsx-tandem-nsk$UNAME_RELEASE
- ;;
- *:NonStop-UX:*:*)
- GUESS=mips-compaq-nonstopux
- ;;
- BS2000:POSIX*:*:*)
- GUESS=bs2000-siemens-sysv
- ;;
- DS/*:UNIX_System_V:*:*)
- GUESS=$UNAME_MACHINE-$UNAME_SYSTEM-$UNAME_RELEASE
- ;;
- *:Plan9:*:*)
- # "uname -m" is not consistent, so use $cputype instead. 386
- # is converted to i386 for consistency with other x86
- # operating systems.
- if test "${cputype-}" = 386; then
- UNAME_MACHINE=i386
- elif test "x${cputype-}" != x; then
- UNAME_MACHINE=$cputype
- fi
- GUESS=$UNAME_MACHINE-unknown-plan9
- ;;
- *:TOPS-10:*:*)
- GUESS=pdp10-unknown-tops10
- ;;
- *:TENEX:*:*)
- GUESS=pdp10-unknown-tenex
- ;;
- KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
- GUESS=pdp10-dec-tops20
- ;;
- XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
- GUESS=pdp10-xkl-tops20
- ;;
- *:TOPS-20:*:*)
- GUESS=pdp10-unknown-tops20
- ;;
- *:ITS:*:*)
- GUESS=pdp10-unknown-its
- ;;
- SEI:*:*:SEIUX)
- GUESS=mips-sei-seiux$UNAME_RELEASE
- ;;
- *:DragonFly:*:*)
- DRAGONFLY_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
- GUESS=$UNAME_MACHINE-unknown-dragonfly$DRAGONFLY_REL
- ;;
- *:*VMS:*:*)
- UNAME_MACHINE=`(uname -p) 2>/dev/null`
- case $UNAME_MACHINE in
- A*) GUESS=alpha-dec-vms ;;
- I*) GUESS=ia64-dec-vms ;;
- V*) GUESS=vax-dec-vms ;;
- esac ;;
- *:XENIX:*:SysV)
- GUESS=i386-pc-xenix
- ;;
- i*86:skyos:*:*)
- SKYOS_REL=`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`
- GUESS=$UNAME_MACHINE-pc-skyos$SKYOS_REL
- ;;
- i*86:rdos:*:*)
- GUESS=$UNAME_MACHINE-pc-rdos
- ;;
- i*86:Fiwix:*:*)
- GUESS=$UNAME_MACHINE-pc-fiwix
- ;;
- *:AROS:*:*)
- GUESS=$UNAME_MACHINE-unknown-aros
- ;;
- x86_64:VMkernel:*:*)
- GUESS=$UNAME_MACHINE-unknown-esx
- ;;
- amd64:Isilon\ OneFS:*:*)
- GUESS=x86_64-unknown-onefs
- ;;
- *:Unleashed:*:*)
- GUESS=$UNAME_MACHINE-unknown-unleashed$UNAME_RELEASE
- ;;
-esac
-
-# Do we have a guess based on uname results?
-if test "x$GUESS" != x; then
- echo "$GUESS"
- exit
-fi
-
-# No uname command or uname output not recognized.
-set_cc_for_build
-cat > "$dummy.c" <<EOF
-#ifdef _SEQUENT_
-#include <sys/types.h>
-#include <sys/utsname.h>
-#endif
-#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__)
-#if defined (vax) || defined (__vax) || defined (__vax__) || defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__)
-#include <signal.h>
-#if defined(_SIZE_T_) || defined(SIGLOST)
-#include <sys/utsname.h>
-#endif
-#endif
-#endif
-main ()
-{
-#if defined (sony)
-#if defined (MIPSEB)
- /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
- I don't know.... */
- printf ("mips-sony-bsd\n"); exit (0);
-#else
-#include <sys/param.h>
- printf ("m68k-sony-newsos%s\n",
-#ifdef NEWSOS4
- "4"
-#else
- ""
-#endif
- ); exit (0);
-#endif
-#endif
-
-#if defined (NeXT)
-#if !defined (__ARCHITECTURE__)
-#define __ARCHITECTURE__ "m68k"
-#endif
- int version;
- version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
- if (version < 4)
- printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
- else
- printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
- exit (0);
-#endif
-
-#if defined (MULTIMAX) || defined (n16)
-#if defined (UMAXV)
- printf ("ns32k-encore-sysv\n"); exit (0);
-#else
-#if defined (CMU)
- printf ("ns32k-encore-mach\n"); exit (0);
-#else
- printf ("ns32k-encore-bsd\n"); exit (0);
-#endif
-#endif
-#endif
-
-#if defined (__386BSD__)
- printf ("i386-pc-bsd\n"); exit (0);
-#endif
-
-#if defined (sequent)
-#if defined (i386)
- printf ("i386-sequent-dynix\n"); exit (0);
-#endif
-#if defined (ns32000)
- printf ("ns32k-sequent-dynix\n"); exit (0);
-#endif
-#endif
-
-#if defined (_SEQUENT_)
- struct utsname un;
-
- uname(&un);
- if (strncmp(un.version, "V2", 2) == 0) {
- printf ("i386-sequent-ptx2\n"); exit (0);
- }
- if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
- printf ("i386-sequent-ptx1\n"); exit (0);
- }
- printf ("i386-sequent-ptx\n"); exit (0);
-#endif
-
-#if defined (vax)
-#if !defined (ultrix)
-#include <sys/param.h>
-#if defined (BSD)
-#if BSD == 43
- printf ("vax-dec-bsd4.3\n"); exit (0);
-#else
-#if BSD == 199006
- printf ("vax-dec-bsd4.3reno\n"); exit (0);
-#else
- printf ("vax-dec-bsd\n"); exit (0);
-#endif
-#endif
-#else
- printf ("vax-dec-bsd\n"); exit (0);
-#endif
-#else
-#if defined(_SIZE_T_) || defined(SIGLOST)
- struct utsname un;
- uname (&un);
- printf ("vax-dec-ultrix%s\n", un.release); exit (0);
-#else
- printf ("vax-dec-ultrix\n"); exit (0);
-#endif
-#endif
-#endif
-#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__)
-#if defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__)
-#if defined(_SIZE_T_) || defined(SIGLOST)
- struct utsname *un;
- uname (&un);
- printf ("mips-dec-ultrix%s\n", un.release); exit (0);
-#else
- printf ("mips-dec-ultrix\n"); exit (0);
-#endif
-#endif
-#endif
-
-#if defined (alliant) && defined (i860)
- printf ("i860-alliant-bsd\n"); exit (0);
-#endif
-
- exit (1);
-}
-EOF
-
-$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=`"$dummy"` &&
- { echo "$SYSTEM_NAME"; exit; }
-
-# Apollos put the system type in the environment.
-test -d /usr/apollo && { echo "$ISP-apollo-$SYSTYPE"; exit; }
-
-echo "$0: unable to guess system type" >&2
-
-case $UNAME_MACHINE:$UNAME_SYSTEM in
- mips:Linux | mips64:Linux)
- # If we got here on MIPS GNU/Linux, output extra information.
- cat >&2 <<EOF
-
-NOTE: MIPS GNU/Linux systems require a C compiler to fully recognize
-the system type. Please install a C compiler and try again.
-EOF
- ;;
-esac
-
-cat >&2 <<EOF
-
-This script (version $timestamp), has failed to recognize the
-operating system you are using. If your script is old, overwrite *all*
-copies of config.guess and config.sub with the latest versions from:
-
- https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
-and
- https://git.savannah.gnu.org/cgit/config.git/plain/config.sub
-EOF
-
-our_year=`echo $timestamp | sed 's,-.*,,'`
-thisyear=`date +%Y`
-# shellcheck disable=SC2003
-script_age=`expr "$thisyear" - "$our_year"`
-if test "$script_age" -lt 3 ; then
- cat >&2 <<EOF
-
-If $0 has already been updated, send the following data and any
-information you think might be pertinent to config-patches@gnu.org to
-provide the necessary information to handle your system.
-
-config.guess timestamp = $timestamp
-
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
-/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
-
-hostinfo = `(hostinfo) 2>/dev/null`
-/bin/universe = `(/bin/universe) 2>/dev/null`
-/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
-/bin/arch = `(/bin/arch) 2>/dev/null`
-/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
-
-UNAME_MACHINE = "$UNAME_MACHINE"
-UNAME_RELEASE = "$UNAME_RELEASE"
-UNAME_SYSTEM = "$UNAME_SYSTEM"
-UNAME_VERSION = "$UNAME_VERSION"
-EOF
-fi
-
-exit 1
-
-# Local variables:
-# eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-start: "timestamp='"
-# time-stamp-format: "%:y-%02m-%02d"
-# time-stamp-end: "'"
-# End:
diff --git a/libraries/libapparmor/config.sub b/libraries/libapparmor/config.sub
deleted file mode 100755
index dba16e84c77c7d25871d80c24deff717faf4c094..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/config.sub
+++ /dev/null
@@ -1,1890 +0,0 @@
-#! /bin/sh
-# Configuration validation subroutine script.
-# Copyright 1992-2022 Free Software Foundation, Inc.
-
-# shellcheck disable=SC2006,SC2268 # see below for rationale
-
-timestamp='2022-01-03'
-
-# This file is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, see <https://www.gnu.org/licenses/>.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that
-# program. This Exception is an additional permission under section 7
-# of the GNU General Public License, version 3 ("GPLv3").
-
-
-# Please send patches to <config-patches@gnu.org>.
-#
-# Configuration subroutine to validate and canonicalize a configuration type.
-# Supply the specified configuration type as an argument.
-# If it is invalid, we print an error message on stderr and exit with code 1.
-# Otherwise, we print the canonical config type on stdout and succeed.
-
-# You can get the latest version of this script from:
-# https://git.savannah.gnu.org/cgit/config.git/plain/config.sub
-
-# This file is supposed to be the same for all GNU packages
-# and recognize all the CPU types, system types and aliases
-# that are meaningful with *any* GNU software.
-# Each package is responsible for reporting which valid configurations
-# it does not support. The user should be able to distinguish
-# a failure to support a valid configuration from a meaningless
-# configuration.
-
-# The goal of this file is to map all the various variations of a given
-# machine specification into a single specification in the form:
-# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
-# or in some cases, the newer four-part form:
-# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
-# It is wrong to echo any other type of specification.
-
-# The "shellcheck disable" line above the timestamp inhibits complaints
-# about features and limitations of the classic Bourne shell that were
-# superseded or lifted in POSIX. However, this script identifies a wide
-# variety of pre-POSIX systems that do not have POSIX shells at all, and
-# even some reasonably current systems (Solaris 10 as case-in-point) still
-# have a pre-POSIX /bin/sh.
-
-me=`echo "$0" | sed -e 's,.*/,,'`
-
-usage="\
-Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
-
-Canonicalize a configuration name.
-
-Options:
- -h, --help print this help, then exit
- -t, --time-stamp print date of last modification, then exit
- -v, --version print version number, then exit
-
-Report bugs and patches to <config-patches@gnu.org>."
-
-version="\
-GNU config.sub ($timestamp)
-
-Copyright 1992-2022 Free Software Foundation, Inc.
-
-This is free software; see the source for copying conditions. There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
-
-help="
-Try \`$me --help' for more information."
-
-# Parse command line
-while test $# -gt 0 ; do
- case $1 in
- --time-stamp | --time* | -t )
- echo "$timestamp" ; exit ;;
- --version | -v )
- echo "$version" ; exit ;;
- --help | --h* | -h )
- echo "$usage"; exit ;;
- -- ) # Stop option processing
- shift; break ;;
- - ) # Use stdin as input.
- break ;;
- -* )
- echo "$me: invalid option $1$help" >&2
- exit 1 ;;
-
- *local*)
- # First pass through any local machine types.
- echo "$1"
- exit ;;
-
- * )
- break ;;
- esac
-done
-
-case $# in
- 0) echo "$me: missing argument$help" >&2
- exit 1;;
- 1) ;;
- *) echo "$me: too many arguments$help" >&2
- exit 1;;
-esac
-
-# Split fields of configuration type
-# shellcheck disable=SC2162
-saved_IFS=$IFS
-IFS="-" read field1 field2 field3 field4 <<EOF
-$1
-EOF
-IFS=$saved_IFS
-
-# Separate into logical components for further validation
-case $1 in
- *-*-*-*-*)
- echo Invalid configuration \`"$1"\': more than four components >&2
- exit 1
- ;;
- *-*-*-*)
- basic_machine=$field1-$field2
- basic_os=$field3-$field4
- ;;
- *-*-*)
- # Ambiguous whether COMPANY is present, or skipped and KERNEL-OS is two
- # parts
- maybe_os=$field2-$field3
- case $maybe_os in
- nto-qnx* | linux-* | uclinux-uclibc* \
- | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \
- | netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \
- | storm-chaos* | os2-emx* | rtmk-nova*)
- basic_machine=$field1
- basic_os=$maybe_os
- ;;
- android-linux)
- basic_machine=$field1-unknown
- basic_os=linux-android
- ;;
- *)
- basic_machine=$field1-$field2
- basic_os=$field3
- ;;
- esac
- ;;
- *-*)
- # A lone config we happen to match not fitting any pattern
- case $field1-$field2 in
- decstation-3100)
- basic_machine=mips-dec
- basic_os=
- ;;
- *-*)
- # Second component is usually, but not always the OS
- case $field2 in
- # Prevent following clause from handling this valid os
- sun*os*)
- basic_machine=$field1
- basic_os=$field2
- ;;
- zephyr*)
- basic_machine=$field1-unknown
- basic_os=$field2
- ;;
- # Manufacturers
- dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \
- | att* | 7300* | 3300* | delta* | motorola* | sun[234]* \
- | unicom* | ibm* | next | hp | isi* | apollo | altos* \
- | convergent* | ncr* | news | 32* | 3600* | 3100* \
- | hitachi* | c[123]* | convex* | sun | crds | omron* | dg \
- | ultra | tti* | harris | dolphin | highlevel | gould \
- | cbm | ns | masscomp | apple | axis | knuth | cray \
- | microblaze* | sim | cisco \
- | oki | wec | wrs | winbond)
- basic_machine=$field1-$field2
- basic_os=
- ;;
- *)
- basic_machine=$field1
- basic_os=$field2
- ;;
- esac
- ;;
- esac
- ;;
- *)
- # Convert single-component short-hands not valid as part of
- # multi-component configurations.
- case $field1 in
- 386bsd)
- basic_machine=i386-pc
- basic_os=bsd
- ;;
- a29khif)
- basic_machine=a29k-amd
- basic_os=udi
- ;;
- adobe68k)
- basic_machine=m68010-adobe
- basic_os=scout
- ;;
- alliant)
- basic_machine=fx80-alliant
- basic_os=
- ;;
- altos | altos3068)
- basic_machine=m68k-altos
- basic_os=
- ;;
- am29k)
- basic_machine=a29k-none
- basic_os=bsd
- ;;
- amdahl)
- basic_machine=580-amdahl
- basic_os=sysv
- ;;
- amiga)
- basic_machine=m68k-unknown
- basic_os=
- ;;
- amigaos | amigados)
- basic_machine=m68k-unknown
- basic_os=amigaos
- ;;
- amigaunix | amix)
- basic_machine=m68k-unknown
- basic_os=sysv4
- ;;
- apollo68)
- basic_machine=m68k-apollo
- basic_os=sysv
- ;;
- apollo68bsd)
- basic_machine=m68k-apollo
- basic_os=bsd
- ;;
- aros)
- basic_machine=i386-pc
- basic_os=aros
- ;;
- aux)
- basic_machine=m68k-apple
- basic_os=aux
- ;;
- balance)
- basic_machine=ns32k-sequent
- basic_os=dynix
- ;;
- blackfin)
- basic_machine=bfin-unknown
- basic_os=linux
- ;;
- cegcc)
- basic_machine=arm-unknown
- basic_os=cegcc
- ;;
- convex-c1)
- basic_machine=c1-convex
- basic_os=bsd
- ;;
- convex-c2)
- basic_machine=c2-convex
- basic_os=bsd
- ;;
- convex-c32)
- basic_machine=c32-convex
- basic_os=bsd
- ;;
- convex-c34)
- basic_machine=c34-convex
- basic_os=bsd
- ;;
- convex-c38)
- basic_machine=c38-convex
- basic_os=bsd
- ;;
- cray)
- basic_machine=j90-cray
- basic_os=unicos
- ;;
- crds | unos)
- basic_machine=m68k-crds
- basic_os=
- ;;
- da30)
- basic_machine=m68k-da30
- basic_os=
- ;;
- decstation | pmax | pmin | dec3100 | decstatn)
- basic_machine=mips-dec
- basic_os=
- ;;
- delta88)
- basic_machine=m88k-motorola
- basic_os=sysv3
- ;;
- dicos)
- basic_machine=i686-pc
- basic_os=dicos
- ;;
- djgpp)
- basic_machine=i586-pc
- basic_os=msdosdjgpp
- ;;
- ebmon29k)
- basic_machine=a29k-amd
- basic_os=ebmon
- ;;
- es1800 | OSE68k | ose68k | ose | OSE)
- basic_machine=m68k-ericsson
- basic_os=ose
- ;;
- gmicro)
- basic_machine=tron-gmicro
- basic_os=sysv
- ;;
- go32)
- basic_machine=i386-pc
- basic_os=go32
- ;;
- h8300hms)
- basic_machine=h8300-hitachi
- basic_os=hms
- ;;
- h8300xray)
- basic_machine=h8300-hitachi
- basic_os=xray
- ;;
- h8500hms)
- basic_machine=h8500-hitachi
- basic_os=hms
- ;;
- harris)
- basic_machine=m88k-harris
- basic_os=sysv3
- ;;
- hp300 | hp300hpux)
- basic_machine=m68k-hp
- basic_os=hpux
- ;;
- hp300bsd)
- basic_machine=m68k-hp
- basic_os=bsd
- ;;
- hppaosf)
- basic_machine=hppa1.1-hp
- basic_os=osf
- ;;
- hppro)
- basic_machine=hppa1.1-hp
- basic_os=proelf
- ;;
- i386mach)
- basic_machine=i386-mach
- basic_os=mach
- ;;
- isi68 | isi)
- basic_machine=m68k-isi
- basic_os=sysv
- ;;
- m68knommu)
- basic_machine=m68k-unknown
- basic_os=linux
- ;;
- magnum | m3230)
- basic_machine=mips-mips
- basic_os=sysv
- ;;
- merlin)
- basic_machine=ns32k-utek
- basic_os=sysv
- ;;
- mingw64)
- basic_machine=x86_64-pc
- basic_os=mingw64
- ;;
- mingw32)
- basic_machine=i686-pc
- basic_os=mingw32
- ;;
- mingw32ce)
- basic_machine=arm-unknown
- basic_os=mingw32ce
- ;;
- monitor)
- basic_machine=m68k-rom68k
- basic_os=coff
- ;;
- morphos)
- basic_machine=powerpc-unknown
- basic_os=morphos
- ;;
- moxiebox)
- basic_machine=moxie-unknown
- basic_os=moxiebox
- ;;
- msdos)
- basic_machine=i386-pc
- basic_os=msdos
- ;;
- msys)
- basic_machine=i686-pc
- basic_os=msys
- ;;
- mvs)
- basic_machine=i370-ibm
- basic_os=mvs
- ;;
- nacl)
- basic_machine=le32-unknown
- basic_os=nacl
- ;;
- ncr3000)
- basic_machine=i486-ncr
- basic_os=sysv4
- ;;
- netbsd386)
- basic_machine=i386-pc
- basic_os=netbsd
- ;;
- netwinder)
- basic_machine=armv4l-rebel
- basic_os=linux
- ;;
- news | news700 | news800 | news900)
- basic_machine=m68k-sony
- basic_os=newsos
- ;;
- news1000)
- basic_machine=m68030-sony
- basic_os=newsos
- ;;
- necv70)
- basic_machine=v70-nec
- basic_os=sysv
- ;;
- nh3000)
- basic_machine=m68k-harris
- basic_os=cxux
- ;;
- nh[45]000)
- basic_machine=m88k-harris
- basic_os=cxux
- ;;
- nindy960)
- basic_machine=i960-intel
- basic_os=nindy
- ;;
- mon960)
- basic_machine=i960-intel
- basic_os=mon960
- ;;
- nonstopux)
- basic_machine=mips-compaq
- basic_os=nonstopux
- ;;
- os400)
- basic_machine=powerpc-ibm
- basic_os=os400
- ;;
- OSE68000 | ose68000)
- basic_machine=m68000-ericsson
- basic_os=ose
- ;;
- os68k)
- basic_machine=m68k-none
- basic_os=os68k
- ;;
- paragon)
- basic_machine=i860-intel
- basic_os=osf
- ;;
- parisc)
- basic_machine=hppa-unknown
- basic_os=linux
- ;;
- psp)
- basic_machine=mipsallegrexel-sony
- basic_os=psp
- ;;
- pw32)
- basic_machine=i586-unknown
- basic_os=pw32
- ;;
- rdos | rdos64)
- basic_machine=x86_64-pc
- basic_os=rdos
- ;;
- rdos32)
- basic_machine=i386-pc
- basic_os=rdos
- ;;
- rom68k)
- basic_machine=m68k-rom68k
- basic_os=coff
- ;;
- sa29200)
- basic_machine=a29k-amd
- basic_os=udi
- ;;
- sei)
- basic_machine=mips-sei
- basic_os=seiux
- ;;
- sequent)
- basic_machine=i386-sequent
- basic_os=
- ;;
- sps7)
- basic_machine=m68k-bull
- basic_os=sysv2
- ;;
- st2000)
- basic_machine=m68k-tandem
- basic_os=
- ;;
- stratus)
- basic_machine=i860-stratus
- basic_os=sysv4
- ;;
- sun2)
- basic_machine=m68000-sun
- basic_os=
- ;;
- sun2os3)
- basic_machine=m68000-sun
- basic_os=sunos3
- ;;
- sun2os4)
- basic_machine=m68000-sun
- basic_os=sunos4
- ;;
- sun3)
- basic_machine=m68k-sun
- basic_os=
- ;;
- sun3os3)
- basic_machine=m68k-sun
- basic_os=sunos3
- ;;
- sun3os4)
- basic_machine=m68k-sun
- basic_os=sunos4
- ;;
- sun4)
- basic_machine=sparc-sun
- basic_os=
- ;;
- sun4os3)
- basic_machine=sparc-sun
- basic_os=sunos3
- ;;
- sun4os4)
- basic_machine=sparc-sun
- basic_os=sunos4
- ;;
- sun4sol2)
- basic_machine=sparc-sun
- basic_os=solaris2
- ;;
- sun386 | sun386i | roadrunner)
- basic_machine=i386-sun
- basic_os=
- ;;
- sv1)
- basic_machine=sv1-cray
- basic_os=unicos
- ;;
- symmetry)
- basic_machine=i386-sequent
- basic_os=dynix
- ;;
- t3e)
- basic_machine=alphaev5-cray
- basic_os=unicos
- ;;
- t90)
- basic_machine=t90-cray
- basic_os=unicos
- ;;
- toad1)
- basic_machine=pdp10-xkl
- basic_os=tops20
- ;;
- tpf)
- basic_machine=s390x-ibm
- basic_os=tpf
- ;;
- udi29k)
- basic_machine=a29k-amd
- basic_os=udi
- ;;
- ultra3)
- basic_machine=a29k-nyu
- basic_os=sym1
- ;;
- v810 | necv810)
- basic_machine=v810-nec
- basic_os=none
- ;;
- vaxv)
- basic_machine=vax-dec
- basic_os=sysv
- ;;
- vms)
- basic_machine=vax-dec
- basic_os=vms
- ;;
- vsta)
- basic_machine=i386-pc
- basic_os=vsta
- ;;
- vxworks960)
- basic_machine=i960-wrs
- basic_os=vxworks
- ;;
- vxworks68)
- basic_machine=m68k-wrs
- basic_os=vxworks
- ;;
- vxworks29k)
- basic_machine=a29k-wrs
- basic_os=vxworks
- ;;
- xbox)
- basic_machine=i686-pc
- basic_os=mingw32
- ;;
- ymp)
- basic_machine=ymp-cray
- basic_os=unicos
- ;;
- *)
- basic_machine=$1
- basic_os=
- ;;
- esac
- ;;
-esac
-
-# Decode 1-component or ad-hoc basic machines
-case $basic_machine in
- # Here we handle the default manufacturer of certain CPU types. It is in
- # some cases the only manufacturer, in others, it is the most popular.
- w89k)
- cpu=hppa1.1
- vendor=winbond
- ;;
- op50n)
- cpu=hppa1.1
- vendor=oki
- ;;
- op60c)
- cpu=hppa1.1
- vendor=oki
- ;;
- ibm*)
- cpu=i370
- vendor=ibm
- ;;
- orion105)
- cpu=clipper
- vendor=highlevel
- ;;
- mac | mpw | mac-mpw)
- cpu=m68k
- vendor=apple
- ;;
- pmac | pmac-mpw)
- cpu=powerpc
- vendor=apple
- ;;
-
- # Recognize the various machine names and aliases which stand
- # for a CPU type and a company and sometimes even an OS.
- 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
- cpu=m68000
- vendor=att
- ;;
- 3b*)
- cpu=we32k
- vendor=att
- ;;
- bluegene*)
- cpu=powerpc
- vendor=ibm
- basic_os=cnk
- ;;
- decsystem10* | dec10*)
- cpu=pdp10
- vendor=dec
- basic_os=tops10
- ;;
- decsystem20* | dec20*)
- cpu=pdp10
- vendor=dec
- basic_os=tops20
- ;;
- delta | 3300 | motorola-3300 | motorola-delta \
- | 3300-motorola | delta-motorola)
- cpu=m68k
- vendor=motorola
- ;;
- dpx2*)
- cpu=m68k
- vendor=bull
- basic_os=sysv3
- ;;
- encore | umax | mmax)
- cpu=ns32k
- vendor=encore
- ;;
- elxsi)
- cpu=elxsi
- vendor=elxsi
- basic_os=${basic_os:-bsd}
- ;;
- fx2800)
- cpu=i860
- vendor=alliant
- ;;
- genix)
- cpu=ns32k
- vendor=ns
- ;;
- h3050r* | hiux*)
- cpu=hppa1.1
- vendor=hitachi
- basic_os=hiuxwe2
- ;;
- hp3k9[0-9][0-9] | hp9[0-9][0-9])
- cpu=hppa1.0
- vendor=hp
- ;;
- hp9k2[0-9][0-9] | hp9k31[0-9])
- cpu=m68000
- vendor=hp
- ;;
- hp9k3[2-9][0-9])
- cpu=m68k
- vendor=hp
- ;;
- hp9k6[0-9][0-9] | hp6[0-9][0-9])
- cpu=hppa1.0
- vendor=hp
- ;;
- hp9k7[0-79][0-9] | hp7[0-79][0-9])
- cpu=hppa1.1
- vendor=hp
- ;;
- hp9k78[0-9] | hp78[0-9])
- # FIXME: really hppa2.0-hp
- cpu=hppa1.1
- vendor=hp
- ;;
- hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
- # FIXME: really hppa2.0-hp
- cpu=hppa1.1
- vendor=hp
- ;;
- hp9k8[0-9][13679] | hp8[0-9][13679])
- cpu=hppa1.1
- vendor=hp
- ;;
- hp9k8[0-9][0-9] | hp8[0-9][0-9])
- cpu=hppa1.0
- vendor=hp
- ;;
- i*86v32)
- cpu=`echo "$1" | sed -e 's/86.*/86/'`
- vendor=pc
- basic_os=sysv32
- ;;
- i*86v4*)
- cpu=`echo "$1" | sed -e 's/86.*/86/'`
- vendor=pc
- basic_os=sysv4
- ;;
- i*86v)
- cpu=`echo "$1" | sed -e 's/86.*/86/'`
- vendor=pc
- basic_os=sysv
- ;;
- i*86sol2)
- cpu=`echo "$1" | sed -e 's/86.*/86/'`
- vendor=pc
- basic_os=solaris2
- ;;
- j90 | j90-cray)
- cpu=j90
- vendor=cray
- basic_os=${basic_os:-unicos}
- ;;
- iris | iris4d)
- cpu=mips
- vendor=sgi
- case $basic_os in
- irix*)
- ;;
- *)
- basic_os=irix4
- ;;
- esac
- ;;
- miniframe)
- cpu=m68000
- vendor=convergent
- ;;
- *mint | mint[0-9]* | *MiNT | *MiNT[0-9]*)
- cpu=m68k
- vendor=atari
- basic_os=mint
- ;;
- news-3600 | risc-news)
- cpu=mips
- vendor=sony
- basic_os=newsos
- ;;
- next | m*-next)
- cpu=m68k
- vendor=next
- case $basic_os in
- openstep*)
- ;;
- nextstep*)
- ;;
- ns2*)
- basic_os=nextstep2
- ;;
- *)
- basic_os=nextstep3
- ;;
- esac
- ;;
- np1)
- cpu=np1
- vendor=gould
- ;;
- op50n-* | op60c-*)
- cpu=hppa1.1
- vendor=oki
- basic_os=proelf
- ;;
- pa-hitachi)
- cpu=hppa1.1
- vendor=hitachi
- basic_os=hiuxwe2
- ;;
- pbd)
- cpu=sparc
- vendor=tti
- ;;
- pbb)
- cpu=m68k
- vendor=tti
- ;;
- pc532)
- cpu=ns32k
- vendor=pc532
- ;;
- pn)
- cpu=pn
- vendor=gould
- ;;
- power)
- cpu=power
- vendor=ibm
- ;;
- ps2)
- cpu=i386
- vendor=ibm
- ;;
- rm[46]00)
- cpu=mips
- vendor=siemens
- ;;
- rtpc | rtpc-*)
- cpu=romp
- vendor=ibm
- ;;
- sde)
- cpu=mipsisa32
- vendor=sde
- basic_os=${basic_os:-elf}
- ;;
- simso-wrs)
- cpu=sparclite
- vendor=wrs
- basic_os=vxworks
- ;;
- tower | tower-32)
- cpu=m68k
- vendor=ncr
- ;;
- vpp*|vx|vx-*)
- cpu=f301
- vendor=fujitsu
- ;;
- w65)
- cpu=w65
- vendor=wdc
- ;;
- w89k-*)
- cpu=hppa1.1
- vendor=winbond
- basic_os=proelf
- ;;
- none)
- cpu=none
- vendor=none
- ;;
- leon|leon[3-9])
- cpu=sparc
- vendor=$basic_machine
- ;;
- leon-*|leon[3-9]-*)
- cpu=sparc
- vendor=`echo "$basic_machine" | sed 's/-.*//'`
- ;;
-
- *-*)
- # shellcheck disable=SC2162
- saved_IFS=$IFS
- IFS="-" read cpu vendor <<EOF
-$basic_machine
-EOF
- IFS=$saved_IFS
- ;;
- # We use `pc' rather than `unknown'
- # because (1) that's what they normally are, and
- # (2) the word "unknown" tends to confuse beginning users.
- i*86 | x86_64)
- cpu=$basic_machine
- vendor=pc
- ;;
- # These rules are duplicated from below for sake of the special case above;
- # i.e. things that normalized to x86 arches should also default to "pc"
- pc98)
- cpu=i386
- vendor=pc
- ;;
- x64 | amd64)
- cpu=x86_64
- vendor=pc
- ;;
- # Recognize the basic CPU types without company name.
- *)
- cpu=$basic_machine
- vendor=unknown
- ;;
-esac
-
-unset -v basic_machine
-
-# Decode basic machines in the full and proper CPU-Company form.
-case $cpu-$vendor in
- # Here we handle the default manufacturer of certain CPU types in canonical form. It is in
- # some cases the only manufacturer, in others, it is the most popular.
- craynv-unknown)
- vendor=cray
- basic_os=${basic_os:-unicosmp}
- ;;
- c90-unknown | c90-cray)
- vendor=cray
- basic_os=${Basic_os:-unicos}
- ;;
- fx80-unknown)
- vendor=alliant
- ;;
- romp-unknown)
- vendor=ibm
- ;;
- mmix-unknown)
- vendor=knuth
- ;;
- microblaze-unknown | microblazeel-unknown)
- vendor=xilinx
- ;;
- rs6000-unknown)
- vendor=ibm
- ;;
- vax-unknown)
- vendor=dec
- ;;
- pdp11-unknown)
- vendor=dec
- ;;
- we32k-unknown)
- vendor=att
- ;;
- cydra-unknown)
- vendor=cydrome
- ;;
- i370-ibm*)
- vendor=ibm
- ;;
- orion-unknown)
- vendor=highlevel
- ;;
- xps-unknown | xps100-unknown)
- cpu=xps100
- vendor=honeywell
- ;;
-
- # Here we normalize CPU types with a missing or matching vendor
- armh-unknown | armh-alt)
- cpu=armv7l
- vendor=alt
- basic_os=${basic_os:-linux-gnueabihf}
- ;;
- dpx20-unknown | dpx20-bull)
- cpu=rs6000
- vendor=bull
- basic_os=${basic_os:-bosx}
- ;;
-
- # Here we normalize CPU types irrespective of the vendor
- amd64-*)
- cpu=x86_64
- ;;
- blackfin-*)
- cpu=bfin
- basic_os=linux
- ;;
- c54x-*)
- cpu=tic54x
- ;;
- c55x-*)
- cpu=tic55x
- ;;
- c6x-*)
- cpu=tic6x
- ;;
- e500v[12]-*)
- cpu=powerpc
- basic_os=${basic_os}"spe"
- ;;
- mips3*-*)
- cpu=mips64
- ;;
- ms1-*)
- cpu=mt
- ;;
- m68knommu-*)
- cpu=m68k
- basic_os=linux
- ;;
- m9s12z-* | m68hcs12z-* | hcs12z-* | s12z-*)
- cpu=s12z
- ;;
- openrisc-*)
- cpu=or32
- ;;
- parisc-*)
- cpu=hppa
- basic_os=linux
- ;;
- pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
- cpu=i586
- ;;
- pentiumpro-* | p6-* | 6x86-* | athlon-* | athalon_*-*)
- cpu=i686
- ;;
- pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
- cpu=i686
- ;;
- pentium4-*)
- cpu=i786
- ;;
- pc98-*)
- cpu=i386
- ;;
- ppc-* | ppcbe-*)
- cpu=powerpc
- ;;
- ppcle-* | powerpclittle-*)
- cpu=powerpcle
- ;;
- ppc64-*)
- cpu=powerpc64
- ;;
- ppc64le-* | powerpc64little-*)
- cpu=powerpc64le
- ;;
- sb1-*)
- cpu=mipsisa64sb1
- ;;
- sb1el-*)
- cpu=mipsisa64sb1el
- ;;
- sh5e[lb]-*)
- cpu=`echo "$cpu" | sed 's/^\(sh.\)e\(.\)$/\1\2e/'`
- ;;
- spur-*)
- cpu=spur
- ;;
- strongarm-* | thumb-*)
- cpu=arm
- ;;
- tx39-*)
- cpu=mipstx39
- ;;
- tx39el-*)
- cpu=mipstx39el
- ;;
- x64-*)
- cpu=x86_64
- ;;
- xscale-* | xscalee[bl]-*)
- cpu=`echo "$cpu" | sed 's/^xscale/arm/'`
- ;;
- arm64-* | aarch64le-*)
- cpu=aarch64
- ;;
-
- # Recognize the canonical CPU Types that limit and/or modify the
- # company names they are paired with.
- cr16-*)
- basic_os=${basic_os:-elf}
- ;;
- crisv32-* | etraxfs*-*)
- cpu=crisv32
- vendor=axis
- ;;
- cris-* | etrax*-*)
- cpu=cris
- vendor=axis
- ;;
- crx-*)
- basic_os=${basic_os:-elf}
- ;;
- neo-tandem)
- cpu=neo
- vendor=tandem
- ;;
- nse-tandem)
- cpu=nse
- vendor=tandem
- ;;
- nsr-tandem)
- cpu=nsr
- vendor=tandem
- ;;
- nsv-tandem)
- cpu=nsv
- vendor=tandem
- ;;
- nsx-tandem)
- cpu=nsx
- vendor=tandem
- ;;
- mipsallegrexel-sony)
- cpu=mipsallegrexel
- vendor=sony
- ;;
- tile*-*)
- basic_os=${basic_os:-linux-gnu}
- ;;
-
- *)
- # Recognize the canonical CPU types that are allowed with any
- # company name.
- case $cpu in
- 1750a | 580 \
- | a29k \
- | aarch64 | aarch64_be \
- | abacus \
- | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] \
- | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] \
- | alphapca5[67] | alpha64pca5[67] \
- | am33_2.0 \
- | amdgcn \
- | arc | arceb | arc32 | arc64 \
- | arm | arm[lb]e | arme[lb] | armv* \
- | avr | avr32 \
- | asmjs \
- | ba \
- | be32 | be64 \
- | bfin | bpf | bs2000 \
- | c[123]* | c30 | [cjt]90 | c4x \
- | c8051 | clipper | craynv | csky | cydra \
- | d10v | d30v | dlx | dsp16xx \
- | e2k | elxsi | epiphany \
- | f30[01] | f700 | fido | fr30 | frv | ft32 | fx80 \
- | h8300 | h8500 \
- | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
- | hexagon \
- | i370 | i*86 | i860 | i960 | ia16 | ia64 \
- | ip2k | iq2000 \
- | k1om \
- | le32 | le64 \
- | lm32 \
- | loongarch32 | loongarch64 | loongarchx32 \
- | m32c | m32r | m32rle \
- | m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k \
- | m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \
- | m88110 | m88k | maxq | mb | mcore | mep | metag \
- | microblaze | microblazeel \
- | mips | mipsbe | mipseb | mipsel | mipsle \
- | mips16 \
- | mips64 | mips64eb | mips64el \
- | mips64octeon | mips64octeonel \
- | mips64orion | mips64orionel \
- | mips64r5900 | mips64r5900el \
- | mips64vr | mips64vrel \
- | mips64vr4100 | mips64vr4100el \
- | mips64vr4300 | mips64vr4300el \
- | mips64vr5000 | mips64vr5000el \
- | mips64vr5900 | mips64vr5900el \
- | mipsisa32 | mipsisa32el \
- | mipsisa32r2 | mipsisa32r2el \
- | mipsisa32r3 | mipsisa32r3el \
- | mipsisa32r5 | mipsisa32r5el \
- | mipsisa32r6 | mipsisa32r6el \
- | mipsisa64 | mipsisa64el \
- | mipsisa64r2 | mipsisa64r2el \
- | mipsisa64r3 | mipsisa64r3el \
- | mipsisa64r5 | mipsisa64r5el \
- | mipsisa64r6 | mipsisa64r6el \
- | mipsisa64sb1 | mipsisa64sb1el \
- | mipsisa64sr71k | mipsisa64sr71kel \
- | mipsr5900 | mipsr5900el \
- | mipstx39 | mipstx39el \
- | mmix \
- | mn10200 | mn10300 \
- | moxie \
- | mt \
- | msp430 \
- | nds32 | nds32le | nds32be \
- | nfp \
- | nios | nios2 | nios2eb | nios2el \
- | none | np1 | ns16k | ns32k | nvptx \
- | open8 \
- | or1k* \
- | or32 \
- | orion \
- | picochip \
- | pdp10 | pdp11 | pj | pjl | pn | power \
- | powerpc | powerpc64 | powerpc64le | powerpcle | powerpcspe \
- | pru \
- | pyramid \
- | riscv | riscv32 | riscv32be | riscv64 | riscv64be \
- | rl78 | romp | rs6000 | rx \
- | s390 | s390x \
- | score \
- | sh | shl \
- | sh[1234] | sh[24]a | sh[24]ae[lb] | sh[23]e | she[lb] | sh[lb]e \
- | sh[1234]e[lb] | sh[12345][lb]e | sh[23]ele | sh64 | sh64le \
- | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet \
- | sparclite \
- | sparcv8 | sparcv9 | sparcv9b | sparcv9v | sv1 | sx* \
- | spu \
- | tahoe \
- | thumbv7* \
- | tic30 | tic4x | tic54x | tic55x | tic6x | tic80 \
- | tron \
- | ubicom32 \
- | v70 | v850 | v850e | v850e1 | v850es | v850e2 | v850e2v3 \
- | vax \
- | visium \
- | w65 \
- | wasm32 | wasm64 \
- | we32k \
- | x86 | x86_64 | xc16x | xgate | xps100 \
- | xstormy16 | xtensa* \
- | ymp \
- | z8k | z80)
- ;;
-
- *)
- echo Invalid configuration \`"$1"\': machine \`"$cpu-$vendor"\' not recognized 1>&2
- exit 1
- ;;
- esac
- ;;
-esac
-
-# Here we canonicalize certain aliases for manufacturers.
-case $vendor in
- digital*)
- vendor=dec
- ;;
- commodore*)
- vendor=cbm
- ;;
- *)
- ;;
-esac
-
-# Decode manufacturer-specific aliases for certain operating systems.
-
-if test x$basic_os != x
-then
-
-# First recognize some ad-hoc cases, or perhaps split kernel-os, or else just
-# set os.
-case $basic_os in
- gnu/linux*)
- kernel=linux
- os=`echo "$basic_os" | sed -e 's|gnu/linux|gnu|'`
- ;;
- os2-emx)
- kernel=os2
- os=`echo "$basic_os" | sed -e 's|os2-emx|emx|'`
- ;;
- nto-qnx*)
- kernel=nto
- os=`echo "$basic_os" | sed -e 's|nto-qnx|qnx|'`
- ;;
- *-*)
- # shellcheck disable=SC2162
- saved_IFS=$IFS
- IFS="-" read kernel os <<EOF
-$basic_os
-EOF
- IFS=$saved_IFS
- ;;
- # Default OS when just kernel was specified
- nto*)
- kernel=nto
- os=`echo "$basic_os" | sed -e 's|nto|qnx|'`
- ;;
- linux*)
- kernel=linux
- os=`echo "$basic_os" | sed -e 's|linux|gnu|'`
- ;;
- *)
- kernel=
- os=$basic_os
- ;;
-esac
-
-# Now, normalize the OS (knowing we just have one component, it's not a kernel,
-# etc.)
-case $os in
- # First match some system type aliases that might get confused
- # with valid system types.
- # solaris* is a basic system type, with this one exception.
- auroraux)
- os=auroraux
- ;;
- bluegene*)
- os=cnk
- ;;
- solaris1 | solaris1.*)
- os=`echo "$os" | sed -e 's|solaris1|sunos4|'`
- ;;
- solaris)
- os=solaris2
- ;;
- unixware*)
- os=sysv4.2uw
- ;;
- # es1800 is here to avoid being matched by es* (a different OS)
- es1800*)
- os=ose
- ;;
- # Some version numbers need modification
- chorusos*)
- os=chorusos
- ;;
- isc)
- os=isc2.2
- ;;
- sco6)
- os=sco5v6
- ;;
- sco5)
- os=sco3.2v5
- ;;
- sco4)
- os=sco3.2v4
- ;;
- sco3.2.[4-9]*)
- os=`echo "$os" | sed -e 's/sco3.2./sco3.2v/'`
- ;;
- sco*v* | scout)
- # Don't match below
- ;;
- sco*)
- os=sco3.2v2
- ;;
- psos*)
- os=psos
- ;;
- qnx*)
- os=qnx
- ;;
- hiux*)
- os=hiuxwe2
- ;;
- lynx*178)
- os=lynxos178
- ;;
- lynx*5)
- os=lynxos5
- ;;
- lynxos*)
- # don't get caught up in next wildcard
- ;;
- lynx*)
- os=lynxos
- ;;
- mac[0-9]*)
- os=`echo "$os" | sed -e 's|mac|macos|'`
- ;;
- opened*)
- os=openedition
- ;;
- os400*)
- os=os400
- ;;
- sunos5*)
- os=`echo "$os" | sed -e 's|sunos5|solaris2|'`
- ;;
- sunos6*)
- os=`echo "$os" | sed -e 's|sunos6|solaris3|'`
- ;;
- wince*)
- os=wince
- ;;
- utek*)
- os=bsd
- ;;
- dynix*)
- os=bsd
- ;;
- acis*)
- os=aos
- ;;
- atheos*)
- os=atheos
- ;;
- syllable*)
- os=syllable
- ;;
- 386bsd)
- os=bsd
- ;;
- ctix* | uts*)
- os=sysv
- ;;
- nova*)
- os=rtmk-nova
- ;;
- ns2)
- os=nextstep2
- ;;
- # Preserve the version number of sinix5.
- sinix5.*)
- os=`echo "$os" | sed -e 's|sinix|sysv|'`
- ;;
- sinix*)
- os=sysv4
- ;;
- tpf*)
- os=tpf
- ;;
- triton*)
- os=sysv3
- ;;
- oss*)
- os=sysv3
- ;;
- svr4*)
- os=sysv4
- ;;
- svr3)
- os=sysv3
- ;;
- sysvr4)
- os=sysv4
- ;;
- ose*)
- os=ose
- ;;
- *mint | mint[0-9]* | *MiNT | MiNT[0-9]*)
- os=mint
- ;;
- dicos*)
- os=dicos
- ;;
- pikeos*)
- # Until real need of OS specific support for
- # particular features comes up, bare metal
- # configurations are quite functional.
- case $cpu in
- arm*)
- os=eabi
- ;;
- *)
- os=elf
- ;;
- esac
- ;;
- *)
- # No normalization, but not necessarily accepted, that comes below.
- ;;
-esac
-
-else
-
-# Here we handle the default operating systems that come with various machines.
-# The value should be what the vendor currently ships out the door with their
-# machine or put another way, the most popular os provided with the machine.
-
-# Note that if you're going to try to match "-MANUFACTURER" here (say,
-# "-sun"), then you have to tell the case statement up towards the top
-# that MANUFACTURER isn't an operating system. Otherwise, code above
-# will signal an error saying that MANUFACTURER isn't an operating
-# system, and we'll never get to this point.
-
-kernel=
-case $cpu-$vendor in
- score-*)
- os=elf
- ;;
- spu-*)
- os=elf
- ;;
- *-acorn)
- os=riscix1.2
- ;;
- arm*-rebel)
- kernel=linux
- os=gnu
- ;;
- arm*-semi)
- os=aout
- ;;
- c4x-* | tic4x-*)
- os=coff
- ;;
- c8051-*)
- os=elf
- ;;
- clipper-intergraph)
- os=clix
- ;;
- hexagon-*)
- os=elf
- ;;
- tic54x-*)
- os=coff
- ;;
- tic55x-*)
- os=coff
- ;;
- tic6x-*)
- os=coff
- ;;
- # This must come before the *-dec entry.
- pdp10-*)
- os=tops20
- ;;
- pdp11-*)
- os=none
- ;;
- *-dec | vax-*)
- os=ultrix4.2
- ;;
- m68*-apollo)
- os=domain
- ;;
- i386-sun)
- os=sunos4.0.2
- ;;
- m68000-sun)
- os=sunos3
- ;;
- m68*-cisco)
- os=aout
- ;;
- mep-*)
- os=elf
- ;;
- mips*-cisco)
- os=elf
- ;;
- mips*-*)
- os=elf
- ;;
- or32-*)
- os=coff
- ;;
- *-tti) # must be before sparc entry or we get the wrong os.
- os=sysv3
- ;;
- sparc-* | *-sun)
- os=sunos4.1.1
- ;;
- pru-*)
- os=elf
- ;;
- *-be)
- os=beos
- ;;
- *-ibm)
- os=aix
- ;;
- *-knuth)
- os=mmixware
- ;;
- *-wec)
- os=proelf
- ;;
- *-winbond)
- os=proelf
- ;;
- *-oki)
- os=proelf
- ;;
- *-hp)
- os=hpux
- ;;
- *-hitachi)
- os=hiux
- ;;
- i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
- os=sysv
- ;;
- *-cbm)
- os=amigaos
- ;;
- *-dg)
- os=dgux
- ;;
- *-dolphin)
- os=sysv3
- ;;
- m68k-ccur)
- os=rtu
- ;;
- m88k-omron*)
- os=luna
- ;;
- *-next)
- os=nextstep
- ;;
- *-sequent)
- os=ptx
- ;;
- *-crds)
- os=unos
- ;;
- *-ns)
- os=genix
- ;;
- i370-*)
- os=mvs
- ;;
- *-gould)
- os=sysv
- ;;
- *-highlevel)
- os=bsd
- ;;
- *-encore)
- os=bsd
- ;;
- *-sgi)
- os=irix
- ;;
- *-siemens)
- os=sysv4
- ;;
- *-masscomp)
- os=rtu
- ;;
- f30[01]-fujitsu | f700-fujitsu)
- os=uxpv
- ;;
- *-rom68k)
- os=coff
- ;;
- *-*bug)
- os=coff
- ;;
- *-apple)
- os=macos
- ;;
- *-atari*)
- os=mint
- ;;
- *-wrs)
- os=vxworks
- ;;
- *)
- os=none
- ;;
-esac
-
-fi
-
-# Now, validate our (potentially fixed-up) OS.
-case $os in
- # Sometimes we do "kernel-libc", so those need to count as OSes.
- musl* | newlib* | relibc* | uclibc*)
- ;;
- # Likewise for "kernel-abi"
- eabi* | gnueabi*)
- ;;
- # VxWorks passes extra cpu info in the 4th filed.
- simlinux | simwindows | spe)
- ;;
- # Now accept the basic system types.
- # The portable systems comes first.
- # Each alternative MUST end in a * to match a version number.
- gnu* | android* | bsd* | mach* | minix* | genix* | ultrix* | irix* \
- | *vms* | esix* | aix* | cnk* | sunos | sunos[34]* \
- | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \
- | sym* | plan9* | psp* | sim* | xray* | os68k* | v88r* \
- | hiux* | abug | nacl* | netware* | windows* \
- | os9* | macos* | osx* | ios* \
- | mpw* | magic* | mmixware* | mon960* | lnews* \
- | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \
- | aos* | aros* | cloudabi* | sortix* | twizzler* \
- | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \
- | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \
- | mirbsd* | netbsd* | dicos* | openedition* | ose* \
- | bitrig* | openbsd* | secbsd* | solidbsd* | libertybsd* | os108* \
- | ekkobsd* | freebsd* | riscix* | lynxos* | os400* \
- | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \
- | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \
- | udi* | lites* | ieee* | go32* | aux* | hcos* \
- | chorusrdb* | cegcc* | glidix* | serenity* \
- | cygwin* | msys* | pe* | moss* | proelf* | rtems* \
- | midipix* | mingw32* | mingw64* | mint* \
- | uxpv* | beos* | mpeix* | udk* | moxiebox* \
- | interix* | uwin* | mks* | rhapsody* | darwin* \
- | openstep* | oskit* | conix* | pw32* | nonstopux* \
- | storm-chaos* | tops10* | tenex* | tops20* | its* \
- | os2* | vos* | palmos* | uclinux* | nucleus* | morphos* \
- | scout* | superux* | sysv* | rtmk* | tpf* | windiss* \
- | powermax* | dnix* | nx6 | nx7 | sei* | dragonfly* \
- | skyos* | haiku* | rdos* | toppers* | drops* | es* \
- | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \
- | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \
- | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr* \
- | fiwix* )
- ;;
- # This one is extra strict with allowed versions
- sco3.2v2 | sco3.2v[4-9]* | sco5v6*)
- # Don't forget version if it is 3.2v4 or newer.
- ;;
- none)
- ;;
- *)
- echo Invalid configuration \`"$1"\': OS \`"$os"\' not recognized 1>&2
- exit 1
- ;;
-esac
-
-# As a final step for OS-related things, validate the OS-kernel combination
-# (given a valid OS), if there is a kernel.
-case $kernel-$os in
- linux-gnu* | linux-dietlibc* | linux-android* | linux-newlib* \
- | linux-musl* | linux-relibc* | linux-uclibc* )
- ;;
- uclinux-uclibc* )
- ;;
- -dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* )
- # These are just libc implementations, not actual OSes, and thus
- # require a kernel.
- echo "Invalid configuration \`$1': libc \`$os' needs explicit kernel." 1>&2
- exit 1
- ;;
- kfreebsd*-gnu* | kopensolaris*-gnu*)
- ;;
- vxworks-simlinux | vxworks-simwindows | vxworks-spe)
- ;;
- nto-qnx*)
- ;;
- os2-emx)
- ;;
- *-eabi* | *-gnueabi*)
- ;;
- -*)
- # Blank kernel with real OS is always fine.
- ;;
- *-*)
- echo "Invalid configuration \`$1': Kernel \`$kernel' not known to work with OS \`$os'." 1>&2
- exit 1
- ;;
-esac
-
-# Here we handle the case where we know the os, and the CPU type, but not the
-# manufacturer. We pick the logical manufacturer.
-case $vendor in
- unknown)
- case $cpu-$os in
- *-riscix*)
- vendor=acorn
- ;;
- *-sunos*)
- vendor=sun
- ;;
- *-cnk* | *-aix*)
- vendor=ibm
- ;;
- *-beos*)
- vendor=be
- ;;
- *-hpux*)
- vendor=hp
- ;;
- *-mpeix*)
- vendor=hp
- ;;
- *-hiux*)
- vendor=hitachi
- ;;
- *-unos*)
- vendor=crds
- ;;
- *-dgux*)
- vendor=dg
- ;;
- *-luna*)
- vendor=omron
- ;;
- *-genix*)
- vendor=ns
- ;;
- *-clix*)
- vendor=intergraph
- ;;
- *-mvs* | *-opened*)
- vendor=ibm
- ;;
- *-os400*)
- vendor=ibm
- ;;
- s390-* | s390x-*)
- vendor=ibm
- ;;
- *-ptx*)
- vendor=sequent
- ;;
- *-tpf*)
- vendor=ibm
- ;;
- *-vxsim* | *-vxworks* | *-windiss*)
- vendor=wrs
- ;;
- *-aux*)
- vendor=apple
- ;;
- *-hms*)
- vendor=hitachi
- ;;
- *-mpw* | *-macos*)
- vendor=apple
- ;;
- *-*mint | *-mint[0-9]* | *-*MiNT | *-MiNT[0-9]*)
- vendor=atari
- ;;
- *-vos*)
- vendor=stratus
- ;;
- esac
- ;;
-esac
-
-echo "$cpu-$vendor-${kernel:+$kernel-}$os"
-exit
-
-# Local variables:
-# eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-start: "timestamp='"
-# time-stamp-format: "%:y-%02m-%02d"
-# time-stamp-end: "'"
-# End:
diff --git a/libraries/libapparmor/configure b/libraries/libapparmor/configure
deleted file mode 100755
index b83b543b78a03236f43037baa69df22949ad8b88..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/configure
+++ /dev/null
@@ -1,16582 +0,0 @@
-#! /bin/sh
-# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71.
-#
-#
-# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
-# Inc.
-#
-#
-# This configure script is free software; the Free Software Foundation
-# gives unlimited permission to copy, distribute and modify it.
-## -------------------- ##
-## M4sh Initialization. ##
-## -------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-as_nop=:
-if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else $as_nop
- case `(set -o) 2>/dev/null` in #(
- *posix*) :
- set -o posix ;; #(
- *) :
- ;;
-esac
-fi
-
-
-
-# Reset variables that may have inherited troublesome values from
-# the environment.
-
-# IFS needs to be set, to space, tab, and newline, in precisely that order.
-# (If _AS_PATH_WALK were called with IFS unset, it would have the
-# side effect of setting IFS to empty, thus disabling word splitting.)
-# Quoting is to prevent editors from complaining about space-tab.
-as_nl='
-'
-export as_nl
-IFS=" "" $as_nl"
-
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# Ensure predictable behavior from utilities with locale-dependent output.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# We cannot yet rely on "unset" to work, but we need these variables
-# to be unset--not just set to an empty or harmless value--now, to
-# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
-# also avoids known problems related to "unset" and subshell syntax
-# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
-for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
-do eval test \${$as_var+y} \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-
-# Ensure that fds 0, 1, and 2 are open.
-if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
-if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
-if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
-
-# The user is always right.
-if ${PATH_SEPARATOR+false} :; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-# Find who we are. Look in the path if we contain no directory separator.
-as_myself=
-case $0 in #((
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- test -r "$as_dir$0" && as_myself=$as_dir$0 && break
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
-fi
-
-
-# Use a proper internal environment variable to ensure we don't fall
- # into an infinite loop, continuously re-executing ourselves.
- if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
- _as_can_reexec=no; export _as_can_reexec;
- # We cannot yet assume a decent shell, so we have to provide a
-# neutralization value for shells without unset; and this also
-# works around shells that cannot unset nonexistent variables.
-# Preserve -v and -x to the replacement shell.
-BASH_ENV=/dev/null
-ENV=/dev/null
-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-case $- in # ((((
- *v*x* | *x*v* ) as_opts=-vx ;;
- *v* ) as_opts=-v ;;
- *x* ) as_opts=-x ;;
- * ) as_opts= ;;
-esac
-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-# Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed `exec'.
-printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
-exit 255
- fi
- # We don't want this to propagate to other subprocesses.
- { _as_can_reexec=; unset _as_can_reexec;}
-if test "x$CONFIG_SHELL" = x; then
- as_bourne_compatible="as_nop=:
-if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '\${1+\"\$@\"}'='\"\$@\"'
- setopt NO_GLOB_SUBST
-else \$as_nop
- case \`(set -o) 2>/dev/null\` in #(
- *posix*) :
- set -o posix ;; #(
- *) :
- ;;
-esac
-fi
-"
- as_required="as_fn_return () { (exit \$1); }
-as_fn_success () { as_fn_return 0; }
-as_fn_failure () { as_fn_return 1; }
-as_fn_ret_success () { return 0; }
-as_fn_ret_failure () { return 1; }
-
-exitcode=0
-as_fn_success || { exitcode=1; echo as_fn_success failed.; }
-as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
-as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
-as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
-if ( set x; as_fn_ret_success y && test x = \"\$1\" )
-then :
-
-else \$as_nop
- exitcode=1; echo positional parameters were not saved.
-fi
-test x\$exitcode = x0 || exit 1
-blah=\$(echo \$(echo blah))
-test x\"\$blah\" = xblah || exit 1
-test -x / || exit 1"
- as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
- as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
- eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
- test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
-test \$(( 1 + 1 )) = 2 || exit 1
-
- test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || (
- ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
- ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO
- ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO
- PATH=/empty FPATH=/empty; export PATH FPATH
- test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\
- || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1"
- if (eval "$as_required") 2>/dev/null
-then :
- as_have_required=yes
-else $as_nop
- as_have_required=no
-fi
- if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null
-then :
-
-else $as_nop
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-as_found=false
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- as_found=:
- case $as_dir in #(
- /*)
- for as_base in sh bash ksh sh5; do
- # Try only shells that exist, to save several forks.
- as_shell=$as_dir$as_base
- if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
- as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null
-then :
- CONFIG_SHELL=$as_shell as_have_required=yes
- if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null
-then :
- break 2
-fi
-fi
- done;;
- esac
- as_found=false
-done
-IFS=$as_save_IFS
-if $as_found
-then :
-
-else $as_nop
- if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
- as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null
-then :
- CONFIG_SHELL=$SHELL as_have_required=yes
-fi
-fi
-
-
- if test "x$CONFIG_SHELL" != x
-then :
- export CONFIG_SHELL
- # We cannot yet assume a decent shell, so we have to provide a
-# neutralization value for shells without unset; and this also
-# works around shells that cannot unset nonexistent variables.
-# Preserve -v and -x to the replacement shell.
-BASH_ENV=/dev/null
-ENV=/dev/null
-(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
-case $- in # ((((
- *v*x* | *x*v* ) as_opts=-vx ;;
- *v* ) as_opts=-v ;;
- *x* ) as_opts=-x ;;
- * ) as_opts= ;;
-esac
-exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
-# Admittedly, this is quite paranoid, since all the known shells bail
-# out after a failed `exec'.
-printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
-exit 255
-fi
-
- if test x$as_have_required = xno
-then :
- printf "%s\n" "$0: This script requires a shell more modern than all"
- printf "%s\n" "$0: the shells that I found on your system."
- if test ${ZSH_VERSION+y} ; then
- printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should"
- printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later."
- else
- printf "%s\n" "$0: Please tell bug-autoconf@gnu.org about your system,
-$0: including any error possibly output before this
-$0: message. Then install a modern shell, or manually run
-$0: the script under such a shell if you do have one."
- fi
- exit 1
-fi
-fi
-fi
-SHELL=${CONFIG_SHELL-/bin/sh}
-export SHELL
-# Unset more variables known to interfere with behavior of common tools.
-CLICOLOR_FORCE= GREP_OPTIONS=
-unset CLICOLOR_FORCE GREP_OPTIONS
-
-## --------------------- ##
-## M4sh Shell Functions. ##
-## --------------------- ##
-# as_fn_unset VAR
-# ---------------
-# Portably unset VAR.
-as_fn_unset ()
-{
- { eval $1=; unset $1;}
-}
-as_unset=as_fn_unset
-
-
-# as_fn_set_status STATUS
-# -----------------------
-# Set $? to STATUS, without forking.
-as_fn_set_status ()
-{
- return $1
-} # as_fn_set_status
-
-# as_fn_exit STATUS
-# -----------------
-# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
-as_fn_exit ()
-{
- set +e
- as_fn_set_status $1
- exit $1
-} # as_fn_exit
-# as_fn_nop
-# ---------
-# Do nothing but, unlike ":", preserve the value of $?.
-as_fn_nop ()
-{
- return $?
-}
-as_nop=as_fn_nop
-
-# as_fn_mkdir_p
-# -------------
-# Create "$as_dir" as a directory, including parents if necessary.
-as_fn_mkdir_p ()
-{
-
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || eval $as_mkdir_p || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
-
-
-} # as_fn_mkdir_p
-
-# as_fn_executable_p FILE
-# -----------------------
-# Test if FILE is an executable regular file.
-as_fn_executable_p ()
-{
- test -f "$1" && test -x "$1"
-} # as_fn_executable_p
-# as_fn_append VAR VALUE
-# ----------------------
-# Append the text in VALUE to the end of the definition contained in VAR. Take
-# advantage of any shell optimizations that allow amortized linear growth over
-# repeated appends, instead of the typical quadratic growth present in naive
-# implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
-then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
-else $as_nop
- as_fn_append ()
- {
- eval $1=\$$1\$2
- }
-fi # as_fn_append
-
-# as_fn_arith ARG...
-# ------------------
-# Perform arithmetic evaluation on the ARGs, and store the result in the
-# global $as_val. Take advantage of shells that can avoid forks. The arguments
-# must be portable across $(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
-then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
-else $as_nop
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
- }
-fi # as_fn_arith
-
-# as_fn_nop
-# ---------
-# Do nothing but, unlike ":", preserve the value of $?.
-as_fn_nop ()
-{
- return $?
-}
-as_nop=as_fn_nop
-
-# as_fn_error STATUS ERROR [LINENO LOG_FD]
-# ----------------------------------------
-# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
-# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
-# script with STATUS, using 1 if that was 0.
-as_fn_error ()
-{
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
- printf "%s\n" "$as_me: error: $2" >&2
- as_fn_exit $as_status
-} # as_fn_error
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-
- as_lineno_1=$LINENO as_lineno_1a=$LINENO
- as_lineno_2=$LINENO as_lineno_2a=$LINENO
- eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
- test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
- # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
- sed -n '
- p
- /[$]LINENO/=
- ' <$as_myself |
- sed '
- s/[$]LINENO.*/&-/
- t lineno
- b
- :lineno
- N
- :loop
- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
- t loop
- s/-\n.*//
- ' >$as_me.lineno &&
- chmod +x "$as_me.lineno" ||
- { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
-
- # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
- # already done that, so ensure we don't try to do so again and fall
- # in an infinite loop. This has already happened in practice.
- _as_can_reexec=no; export _as_can_reexec
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensitive to this).
- . "./$as_me.lineno"
- # Exit status is that of the last command.
- exit
-}
-
-
-# Determine whether it's possible to make 'echo' print without a newline.
-# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
-# for compatibility with existing Makefiles.
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in #(((((
--n*)
- case `echo 'xy\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- xy) ECHO_C='\c';;
- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
- ECHO_T=' ';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-
-# For backward compatibility with old third-party macros, we provide
-# the shell variables $as_echo and $as_echo_n. New code should use
-# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
-as_echo='printf %s\n'
-as_echo_n='printf %s'
-
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -pR'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -pR'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -pR'
- fi
-else
- as_ln_s='cp -pR'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p='mkdir -p "$as_dir"'
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-as_test_x='test -x'
-as_executable_p=as_fn_executable_p
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-
-test -n "$DJDIR" || exec 7<&0 </dev/null
-exec 6>&1
-
-# Name of the host.
-# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
-# so uname gets run too.
-ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
-
-#
-# Initializations.
-#
-ac_default_prefix=/usr/local
-ac_clean_files=
-ac_config_libobj_dir=.
-LIBOBJS=
-cross_compiling=no
-subdirs=
-MFLAGS=
-MAKEFLAGS=
-
-# Identity of this package.
-PACKAGE_NAME=''
-PACKAGE_TARNAME=''
-PACKAGE_VERSION=''
-PACKAGE_STRING=''
-PACKAGE_BUGREPORT=''
-PACKAGE_URL=''
-
-ac_unique_file="configure.ac"
-# Factoring default headers for most tests.
-ac_includes_default="\
-#include <stddef.h>
-#ifdef HAVE_STDIO_H
-# include <stdio.h>
-#endif
-#ifdef HAVE_STDLIB_H
-# include <stdlib.h>
-#endif
-#ifdef HAVE_STRING_H
-# include <string.h>
-#endif
-#ifdef HAVE_INTTYPES_H
-# include <inttypes.h>
-#endif
-#ifdef HAVE_STDINT_H
-# include <stdint.h>
-#endif
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif"
-
-ac_header_c_list=
-ac_subst_vars='am__EXEEXT_FALSE
-am__EXEEXT_TRUE
-LTLIBOBJS
-LIBOBJS
-LT_SYS_LIBRARY_PATH
-OTOOL64
-OTOOL
-LIPO
-NMEDIT
-DSYMUTIL
-MANIFEST_TOOL
-RANLIB
-ac_ct_AR
-AR
-DLLTOOL
-OBJDUMP
-LN_S
-NM
-ac_ct_DUMPBIN
-DUMPBIN
-LD
-FGREP
-host_os
-host_vendor
-host_cpu
-host
-build_os
-build_vendor
-build_cpu
-build
-LIBTOOL
-EGREP
-GREP
-HAVE_RUBY_FALSE
-HAVE_RUBY_TRUE
-HAVE_PERL_FALSE
-HAVE_PERL_TRUE
-HAVE_PYTHON_FALSE
-HAVE_PYTHON_TRUE
-ENABLE_MAN_PAGES_FALSE
-ENABLE_MAN_PAGES_TRUE
-RUBY
-PERL
-pkgpyexecdir
-pyexecdir
-pkgpythondir
-pythondir
-PYTHON_EXEC_PREFIX
-PYTHON_PREFIX
-PYTHON_PLATFORM
-PYTHON_EXTRA_LDFLAGS
-PYTHON_EXTRA_LIBS
-PYTHON_SITE_PKG
-PYTHON_LDFLAGS
-PYTHON_CPPFLAGS
-PYTHON_CONFIG
-PYTHON_VERSION
-PYTHON
-POD2MAN
-PODCHECKER
-SWIG
-PKG_CONFIG_LIBDIR
-PKG_CONFIG_PATH
-PKG_CONFIG
-SED
-YFLAGS
-YACC
-LEXLIB
-am__fastdepCC_FALSE
-am__fastdepCC_TRUE
-CCDEPMODE
-am__nodep
-AMDEPBACKSLASH
-AMDEP_FALSE
-AMDEP_TRUE
-am__include
-DEPDIR
-OBJEXT
-EXEEXT
-ac_ct_CC
-CPPFLAGS
-LDFLAGS
-CFLAGS
-CC
-LEX_OUTPUT_ROOT
-LEX
-AM_BACKSLASH
-AM_DEFAULT_VERBOSITY
-AM_DEFAULT_V
-AM_V
-CSCOPE
-ETAGS
-CTAGS
-am__untar
-am__tar
-AMTAR
-am__leading_dot
-SET_MAKE
-AWK
-mkdir_p
-MKDIR_P
-INSTALL_STRIP_PROGRAM
-STRIP
-install_sh
-MAKEINFO
-AUTOHEADER
-AUTOMAKE
-AUTOCONF
-ACLOCAL
-VERSION
-PACKAGE
-CYGPATH_W
-am__isrc
-INSTALL_DATA
-INSTALL_SCRIPT
-INSTALL_PROGRAM
-target_alias
-host_alias
-build_alias
-LIBS
-ECHO_T
-ECHO_N
-ECHO_C
-DEFS
-mandir
-localedir
-libdir
-psdir
-pdfdir
-dvidir
-htmldir
-infodir
-docdir
-oldincludedir
-includedir
-runstatedir
-localstatedir
-sharedstatedir
-sysconfdir
-datadir
-datarootdir
-libexecdir
-sbindir
-bindir
-program_transform_name
-prefix
-exec_prefix
-PACKAGE_URL
-PACKAGE_BUGREPORT
-PACKAGE_STRING
-PACKAGE_VERSION
-PACKAGE_TARNAME
-PACKAGE_NAME
-PATH_SEPARATOR
-SHELL
-am__quote'
-ac_subst_files=''
-ac_user_opts='
-enable_option_checking
-enable_silent_rules
-enable_dependency_tracking
-enable_debug_output
-enable_man_pages
-with_python
-with_python_sys_prefix
-with_python_prefix
-with_python_exec_prefix
-with_perl
-with_ruby
-enable_shared
-enable_static
-with_pic
-enable_fast_install
-with_aix_soname
-with_gnu_ld
-with_sysroot
-enable_libtool_lock
-'
- ac_precious_vars='build_alias
-host_alias
-target_alias
-CC
-CFLAGS
-LDFLAGS
-LIBS
-CPPFLAGS
-YACC
-YFLAGS
-PKG_CONFIG
-PKG_CONFIG_PATH
-PKG_CONFIG_LIBDIR
-PYTHON_VERSION
-PYTHON
-LT_SYS_LIBRARY_PATH'
-
-
-# Initialize some variables set by options.
-ac_init_help=
-ac_init_version=false
-ac_unrecognized_opts=
-ac_unrecognized_sep=
-# The variables have the same names as the options, with
-# dashes changed to underlines.
-cache_file=/dev/null
-exec_prefix=NONE
-no_create=
-no_recursion=
-prefix=NONE
-program_prefix=NONE
-program_suffix=NONE
-program_transform_name=s,x,x,
-silent=
-site=
-srcdir=
-verbose=
-x_includes=NONE
-x_libraries=NONE
-
-# Installation directory options.
-# These are left unexpanded so users can "make install exec_prefix=/foo"
-# and all the variables that are supposed to be based on exec_prefix
-# by default will actually change.
-# Use braces instead of parens because sh, perl, etc. also accept them.
-# (The list follows the same order as the GNU Coding Standards.)
-bindir='${exec_prefix}/bin'
-sbindir='${exec_prefix}/sbin'
-libexecdir='${exec_prefix}/libexec'
-datarootdir='${prefix}/share'
-datadir='${datarootdir}'
-sysconfdir='${prefix}/etc'
-sharedstatedir='${prefix}/com'
-localstatedir='${prefix}/var'
-runstatedir='${localstatedir}/run'
-includedir='${prefix}/include'
-oldincludedir='/usr/include'
-docdir='${datarootdir}/doc/${PACKAGE}'
-infodir='${datarootdir}/info'
-htmldir='${docdir}'
-dvidir='${docdir}'
-pdfdir='${docdir}'
-psdir='${docdir}'
-libdir='${exec_prefix}/lib'
-localedir='${datarootdir}/locale'
-mandir='${datarootdir}/man'
-
-ac_prev=
-ac_dashdash=
-for ac_option
-do
- # If the previous option needs an argument, assign it.
- if test -n "$ac_prev"; then
- eval $ac_prev=\$ac_option
- ac_prev=
- continue
- fi
-
- case $ac_option in
- *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
- *=) ac_optarg= ;;
- *) ac_optarg=yes ;;
- esac
-
- case $ac_dashdash$ac_option in
- --)
- ac_dashdash=yes ;;
-
- -bindir | --bindir | --bindi | --bind | --bin | --bi)
- ac_prev=bindir ;;
- -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
- bindir=$ac_optarg ;;
-
- -build | --build | --buil | --bui | --bu)
- ac_prev=build_alias ;;
- -build=* | --build=* | --buil=* | --bui=* | --bu=*)
- build_alias=$ac_optarg ;;
-
- -cache-file | --cache-file | --cache-fil | --cache-fi \
- | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
- ac_prev=cache_file ;;
- -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
- | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
- cache_file=$ac_optarg ;;
-
- --config-cache | -C)
- cache_file=config.cache ;;
-
- -datadir | --datadir | --datadi | --datad)
- ac_prev=datadir ;;
- -datadir=* | --datadir=* | --datadi=* | --datad=*)
- datadir=$ac_optarg ;;
-
- -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
- | --dataroo | --dataro | --datar)
- ac_prev=datarootdir ;;
- -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
- | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
- datarootdir=$ac_optarg ;;
-
- -disable-* | --disable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=no ;;
-
- -docdir | --docdir | --docdi | --doc | --do)
- ac_prev=docdir ;;
- -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
- docdir=$ac_optarg ;;
-
- -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
- ac_prev=dvidir ;;
- -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
- dvidir=$ac_optarg ;;
-
- -enable-* | --enable-*)
- ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"enable_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval enable_$ac_useropt=\$ac_optarg ;;
-
- -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
- | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
- | --exec | --exe | --ex)
- ac_prev=exec_prefix ;;
- -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
- | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
- | --exec=* | --exe=* | --ex=*)
- exec_prefix=$ac_optarg ;;
-
- -gas | --gas | --ga | --g)
- # Obsolete; use --with-gas.
- with_gas=yes ;;
-
- -help | --help | --hel | --he | -h)
- ac_init_help=long ;;
- -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
- ac_init_help=recursive ;;
- -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
- ac_init_help=short ;;
-
- -host | --host | --hos | --ho)
- ac_prev=host_alias ;;
- -host=* | --host=* | --hos=* | --ho=*)
- host_alias=$ac_optarg ;;
-
- -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
- ac_prev=htmldir ;;
- -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
- | --ht=*)
- htmldir=$ac_optarg ;;
-
- -includedir | --includedir | --includedi | --included | --include \
- | --includ | --inclu | --incl | --inc)
- ac_prev=includedir ;;
- -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
- | --includ=* | --inclu=* | --incl=* | --inc=*)
- includedir=$ac_optarg ;;
-
- -infodir | --infodir | --infodi | --infod | --info | --inf)
- ac_prev=infodir ;;
- -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
- infodir=$ac_optarg ;;
-
- -libdir | --libdir | --libdi | --libd)
- ac_prev=libdir ;;
- -libdir=* | --libdir=* | --libdi=* | --libd=*)
- libdir=$ac_optarg ;;
-
- -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
- | --libexe | --libex | --libe)
- ac_prev=libexecdir ;;
- -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
- | --libexe=* | --libex=* | --libe=*)
- libexecdir=$ac_optarg ;;
-
- -localedir | --localedir | --localedi | --localed | --locale)
- ac_prev=localedir ;;
- -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
- localedir=$ac_optarg ;;
-
- -localstatedir | --localstatedir | --localstatedi | --localstated \
- | --localstate | --localstat | --localsta | --localst | --locals)
- ac_prev=localstatedir ;;
- -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
- | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
- localstatedir=$ac_optarg ;;
-
- -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
- ac_prev=mandir ;;
- -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
- mandir=$ac_optarg ;;
-
- -nfp | --nfp | --nf)
- # Obsolete; use --without-fp.
- with_fp=no ;;
-
- -no-create | --no-create | --no-creat | --no-crea | --no-cre \
- | --no-cr | --no-c | -n)
- no_create=yes ;;
-
- -no-recursion | --no-recursion | --no-recursio | --no-recursi \
- | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
- no_recursion=yes ;;
-
- -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
- | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
- | --oldin | --oldi | --old | --ol | --o)
- ac_prev=oldincludedir ;;
- -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
- | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
- | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
- oldincludedir=$ac_optarg ;;
-
- -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
- ac_prev=prefix ;;
- -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
- prefix=$ac_optarg ;;
-
- -program-prefix | --program-prefix | --program-prefi | --program-pref \
- | --program-pre | --program-pr | --program-p)
- ac_prev=program_prefix ;;
- -program-prefix=* | --program-prefix=* | --program-prefi=* \
- | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
- program_prefix=$ac_optarg ;;
-
- -program-suffix | --program-suffix | --program-suffi | --program-suff \
- | --program-suf | --program-su | --program-s)
- ac_prev=program_suffix ;;
- -program-suffix=* | --program-suffix=* | --program-suffi=* \
- | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
- program_suffix=$ac_optarg ;;
-
- -program-transform-name | --program-transform-name \
- | --program-transform-nam | --program-transform-na \
- | --program-transform-n | --program-transform- \
- | --program-transform | --program-transfor \
- | --program-transfo | --program-transf \
- | --program-trans | --program-tran \
- | --progr-tra | --program-tr | --program-t)
- ac_prev=program_transform_name ;;
- -program-transform-name=* | --program-transform-name=* \
- | --program-transform-nam=* | --program-transform-na=* \
- | --program-transform-n=* | --program-transform-=* \
- | --program-transform=* | --program-transfor=* \
- | --program-transfo=* | --program-transf=* \
- | --program-trans=* | --program-tran=* \
- | --progr-tra=* | --program-tr=* | --program-t=*)
- program_transform_name=$ac_optarg ;;
-
- -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
- ac_prev=pdfdir ;;
- -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
- pdfdir=$ac_optarg ;;
-
- -psdir | --psdir | --psdi | --psd | --ps)
- ac_prev=psdir ;;
- -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
- psdir=$ac_optarg ;;
-
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- silent=yes ;;
-
- -runstatedir | --runstatedir | --runstatedi | --runstated \
- | --runstate | --runstat | --runsta | --runst | --runs \
- | --run | --ru | --r)
- ac_prev=runstatedir ;;
- -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
- | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
- | --run=* | --ru=* | --r=*)
- runstatedir=$ac_optarg ;;
-
- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
- ac_prev=sbindir ;;
- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
- | --sbi=* | --sb=*)
- sbindir=$ac_optarg ;;
-
- -sharedstatedir | --sharedstatedir | --sharedstatedi \
- | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
- | --sharedst | --shareds | --shared | --share | --shar \
- | --sha | --sh)
- ac_prev=sharedstatedir ;;
- -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
- | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
- | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
- | --sha=* | --sh=*)
- sharedstatedir=$ac_optarg ;;
-
- -site | --site | --sit)
- ac_prev=site ;;
- -site=* | --site=* | --sit=*)
- site=$ac_optarg ;;
-
- -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
- ac_prev=srcdir ;;
- -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
- srcdir=$ac_optarg ;;
-
- -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
- | --syscon | --sysco | --sysc | --sys | --sy)
- ac_prev=sysconfdir ;;
- -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
- | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
- sysconfdir=$ac_optarg ;;
-
- -target | --target | --targe | --targ | --tar | --ta | --t)
- ac_prev=target_alias ;;
- -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
- target_alias=$ac_optarg ;;
-
- -v | -verbose | --verbose | --verbos | --verbo | --verb)
- verbose=yes ;;
-
- -version | --version | --versio | --versi | --vers | -V)
- ac_init_version=: ;;
-
- -with-* | --with-*)
- ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=\$ac_optarg ;;
-
- -without-* | --without-*)
- ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: \`$ac_useropt'"
- ac_useropt_orig=$ac_useropt
- ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
- case $ac_user_opts in
- *"
-"with_$ac_useropt"
-"*) ;;
- *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
- ac_unrecognized_sep=', ';;
- esac
- eval with_$ac_useropt=no ;;
-
- --x)
- # Obsolete; use --with-x.
- with_x=yes ;;
-
- -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
- | --x-incl | --x-inc | --x-in | --x-i)
- ac_prev=x_includes ;;
- -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
- | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
- x_includes=$ac_optarg ;;
-
- -x-libraries | --x-libraries | --x-librarie | --x-librari \
- | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
- ac_prev=x_libraries ;;
- -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
- | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
- x_libraries=$ac_optarg ;;
-
- -*) as_fn_error $? "unrecognized option: \`$ac_option'
-Try \`$0 --help' for more information"
- ;;
-
- *=*)
- ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
- # Reject names that are not valid shell variable names.
- case $ac_envvar in #(
- '' | [0-9]* | *[!_$as_cr_alnum]* )
- as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
- esac
- eval $ac_envvar=\$ac_optarg
- export $ac_envvar ;;
-
- *)
- # FIXME: should be removed in autoconf 3.0.
- printf "%s\n" "$as_me: WARNING: you should use --build, --host, --target" >&2
- expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- printf "%s\n" "$as_me: WARNING: invalid host type: $ac_option" >&2
- : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
- ;;
-
- esac
-done
-
-if test -n "$ac_prev"; then
- ac_option=--`echo $ac_prev | sed 's/_/-/g'`
- as_fn_error $? "missing argument to $ac_option"
-fi
-
-if test -n "$ac_unrecognized_opts"; then
- case $enable_option_checking in
- no) ;;
- fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
- *) printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
- esac
-fi
-
-# Check all directory arguments for consistency.
-for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
- datadir sysconfdir sharedstatedir localstatedir includedir \
- oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
- libdir localedir mandir runstatedir
-do
- eval ac_val=\$$ac_var
- # Remove trailing slashes.
- case $ac_val in
- */ )
- ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
- eval $ac_var=\$ac_val;;
- esac
- # Be sure to have absolute directory names.
- case $ac_val in
- [\\/$]* | ?:[\\/]* ) continue;;
- NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
- esac
- as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
-done
-
-# There might be people who depend on the old broken behavior: `$host'
-# used to hold the argument of --host etc.
-# FIXME: To remove some day.
-build=$build_alias
-host=$host_alias
-target=$target_alias
-
-# FIXME: To remove some day.
-if test "x$host_alias" != x; then
- if test "x$build_alias" = x; then
- cross_compiling=maybe
- elif test "x$build_alias" != "x$host_alias"; then
- cross_compiling=yes
- fi
-fi
-
-ac_tool_prefix=
-test -n "$host_alias" && ac_tool_prefix=$host_alias-
-
-test "$silent" = yes && exec 6>/dev/null
-
-
-ac_pwd=`pwd` && test -n "$ac_pwd" &&
-ac_ls_di=`ls -di .` &&
-ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
- as_fn_error $? "working directory cannot be determined"
-test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
- as_fn_error $? "pwd does not report name of working directory"
-
-
-# Find the source files, if location was not specified.
-if test -z "$srcdir"; then
- ac_srcdir_defaulted=yes
- # Try the directory containing this script, then the parent directory.
- ac_confdir=`$as_dirname -- "$as_myself" ||
-$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_myself" : 'X\(//\)[^/]' \| \
- X"$as_myself" : 'X\(//\)$' \| \
- X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$as_myself" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- srcdir=$ac_confdir
- if test ! -r "$srcdir/$ac_unique_file"; then
- srcdir=..
- fi
-else
- ac_srcdir_defaulted=no
-fi
-if test ! -r "$srcdir/$ac_unique_file"; then
- test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
- as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
-fi
-ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
-ac_abs_confdir=`(
- cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
- pwd)`
-# When building in place, set srcdir=.
-if test "$ac_abs_confdir" = "$ac_pwd"; then
- srcdir=.
-fi
-# Remove unnecessary trailing slashes from srcdir.
-# Double slashes in file names in object file debugging info
-# mess up M-x gdb in Emacs.
-case $srcdir in
-*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
-esac
-for ac_var in $ac_precious_vars; do
- eval ac_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_env_${ac_var}_value=\$${ac_var}
- eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
- eval ac_cv_env_${ac_var}_value=\$${ac_var}
-done
-
-#
-# Report the --help message.
-#
-if test "$ac_init_help" = "long"; then
- # Omit some internal or obsolete options to make the list less imposing.
- # This message is too long to be a string in the A/UX 3.1 sh.
- cat <<_ACEOF
-\`configure' configures this package to adapt to many kinds of systems.
-
-Usage: $0 [OPTION]... [VAR=VALUE]...
-
-To assign environment variables (e.g., CC, CFLAGS...), specify them as
-VAR=VALUE. See below for descriptions of some of the useful variables.
-
-Defaults for the options are specified in brackets.
-
-Configuration:
- -h, --help display this help and exit
- --help=short display options specific to this package
- --help=recursive display the short help of all the included packages
- -V, --version display version information and exit
- -q, --quiet, --silent do not print \`checking ...' messages
- --cache-file=FILE cache test results in FILE [disabled]
- -C, --config-cache alias for \`--cache-file=config.cache'
- -n, --no-create do not create output files
- --srcdir=DIR find the sources in DIR [configure dir or \`..']
-
-Installation directories:
- --prefix=PREFIX install architecture-independent files in PREFIX
- [$ac_default_prefix]
- --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
- [PREFIX]
-
-By default, \`make install' will install all the files in
-\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
-an installation prefix other than \`$ac_default_prefix' using \`--prefix',
-for instance \`--prefix=\$HOME'.
-
-For better control, use the options below.
-
-Fine tuning of the installation directories:
- --bindir=DIR user executables [EPREFIX/bin]
- --sbindir=DIR system admin executables [EPREFIX/sbin]
- --libexecdir=DIR program executables [EPREFIX/libexec]
- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
- --libdir=DIR object code libraries [EPREFIX/lib]
- --includedir=DIR C header files [PREFIX/include]
- --oldincludedir=DIR C header files for non-gcc [/usr/include]
- --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
- --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
- --infodir=DIR info documentation [DATAROOTDIR/info]
- --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
- --mandir=DIR man documentation [DATAROOTDIR/man]
- --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE]
- --htmldir=DIR html documentation [DOCDIR]
- --dvidir=DIR dvi documentation [DOCDIR]
- --pdfdir=DIR pdf documentation [DOCDIR]
- --psdir=DIR ps documentation [DOCDIR]
-_ACEOF
-
- cat <<\_ACEOF
-
-Program names:
- --program-prefix=PREFIX prepend PREFIX to installed program names
- --program-suffix=SUFFIX append SUFFIX to installed program names
- --program-transform-name=PROGRAM run sed PROGRAM on installed program names
-
-System types:
- --build=BUILD configure for building on BUILD [guessed]
- --host=HOST cross-compile to build programs to run on HOST [BUILD]
-_ACEOF
-fi
-
-if test -n "$ac_init_help"; then
-
- cat <<\_ACEOF
-
-Optional Features:
- --disable-option-checking ignore unrecognized --enable/--with options
- --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
- --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
- --enable-silent-rules less verbose build output (undo: "make V=1")
- --disable-silent-rules verbose build output (undo: "make V=0")
- --enable-dependency-tracking
- do not reject slow dependency extractors
- --disable-dependency-tracking
- speeds up one-time build
- --enable-debug-output generate the libapparmor debug output [[default=no]]
- --enable-man-pages generate the libapparmor man pages [[default=yes]]
- --enable-shared[=PKGS] build shared libraries [default=yes]
- --enable-static[=PKGS] build static libraries [default=yes]
- --enable-fast-install[=PKGS]
- optimize for fast installation [default=yes]
- --disable-libtool-lock avoid locking (might break parallel builds)
-
-Optional Packages:
- --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
- --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
- --with-python enable the python wrapper [default=no]
- --with-python-sys-prefix
- use Python's sys.prefix and sys.exec_prefix values
- --with-python_prefix override the default PYTHON_PREFIX
- --with-python_exec_prefix
- override the default PYTHON_EXEC_PREFIX
- --with-perl enable the perl wrapper [default=no]
- --with-ruby enable the ruby wrapper [default=no]
- --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use
- both]
- --with-aix-soname=aix|svr4|both
- shared library versioning (aka "SONAME") variant to
- provide on AIX, [default=aix].
- --with-gnu-ld assume the C compiler uses GNU ld [default=no]
- --with-sysroot[=DIR] Search for dependent libraries within DIR (or the
- compiler's sysroot if not specified).
-
-Some influential environment variables:
- CC C compiler command
- CFLAGS C compiler flags
- LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
- nonstandard directory <lib dir>
- LIBS libraries to pass to the linker, e.g. -l<library>
- CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
- you have headers in a nonstandard directory <include dir>
- YACC The `Yet Another Compiler Compiler' implementation to use.
- Defaults to the first program found out of: `bison -y', `byacc',
- `yacc'.
- YFLAGS The list of arguments that will be passed by default to $YACC.
- This script will default YFLAGS to the empty string to avoid a
- default value of `-d' given by some make applications.
- PKG_CONFIG path to pkg-config utility
- PKG_CONFIG_PATH
- directories to add to pkg-config's search path
- PKG_CONFIG_LIBDIR
- path overriding pkg-config's built-in search path
- PYTHON_VERSION
- The installed Python version to use, for example '2.3'. This
- string will be appended to the Python interpreter canonical
- name.
- PYTHON the Python interpreter
- LT_SYS_LIBRARY_PATH
- User-defined run-time library search path.
-
-Use these variables to override the choices made by `configure' or to help
-it to find libraries and programs with nonstandard names/locations.
-
-Report bugs to the package provider.
-_ACEOF
-ac_status=$?
-fi
-
-if test "$ac_init_help" = "recursive"; then
- # If there are subdirs, report their specific --help.
- for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
- test -d "$ac_dir" ||
- { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
- continue
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
- cd "$ac_dir" || { ac_status=$?; continue; }
- # Check for configure.gnu first; this name is used for a wrapper for
- # Metaconfig's "Configure" on case-insensitive file systems.
- if test -f "$ac_srcdir/configure.gnu"; then
- echo &&
- $SHELL "$ac_srcdir/configure.gnu" --help=recursive
- elif test -f "$ac_srcdir/configure"; then
- echo &&
- $SHELL "$ac_srcdir/configure" --help=recursive
- else
- printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2
- fi || ac_status=$?
- cd "$ac_pwd" || { ac_status=$?; break; }
- done
-fi
-
-test -n "$ac_init_help" && exit $ac_status
-if $ac_init_version; then
- cat <<\_ACEOF
-configure
-generated by GNU Autoconf 2.71
-
-Copyright (C) 2021 Free Software Foundation, Inc.
-This configure script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it.
-_ACEOF
- exit
-fi
-
-## ------------------------ ##
-## Autoconf initialization. ##
-## ------------------------ ##
-
-# ac_fn_c_try_compile LINENO
-# --------------------------
-# Try to compile conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_compile ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext conftest.beam
- if { { ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext
-then :
- ac_retval=0
-else $as_nop
- printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_compile
-
-# ac_fn_c_try_link LINENO
-# -----------------------
-# Try to link conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_link ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext
- if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext && {
- test "$cross_compiling" = yes ||
- test -x conftest$ac_exeext
- }
-then :
- ac_retval=0
-else $as_nop
- printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
- # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
- # interfere with the next link command; also delete a directory that is
- # left behind by Apple's compiler. We do this before executing the actions.
- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_link
-
-# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
-# -------------------------------------------------------
-# Tests whether HEADER exists and can be compiled using the include files in
-# INCLUDES, setting the cache variable VAR accordingly.
-ac_fn_c_check_header_compile ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-printf %s "checking for $2... " >&6; }
-if eval test \${$3+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-#include <$2>
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- eval "$3=yes"
-else $as_nop
- eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-printf "%s\n" "$ac_res" >&6; }
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} # ac_fn_c_check_header_compile
-
-# ac_fn_c_check_func LINENO FUNC VAR
-# ----------------------------------
-# Tests whether FUNC exists, setting the cache variable VAR accordingly
-ac_fn_c_check_func ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-printf %s "checking for $2... " >&6; }
-if eval test \${$3+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define $2 innocuous_$2
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $2 (); below. */
-
-#include <limits.h>
-#undef $2
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $2 ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined __stub_$2 || defined __stub___$2
-choke me
-#endif
-
-int
-main (void)
-{
-return $2 ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- eval "$3=yes"
-else $as_nop
- eval "$3=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-fi
-eval ac_res=\$$3
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-printf "%s\n" "$ac_res" >&6; }
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} # ac_fn_c_check_func
-ac_configure_args_raw=
-for ac_arg
-do
- case $ac_arg in
- *\'*)
- ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- as_fn_append ac_configure_args_raw " '$ac_arg'"
-done
-
-case $ac_configure_args_raw in
- *$as_nl*)
- ac_safe_unquote= ;;
- *)
- ac_unsafe_z='|&;<>()$`\\"*?[ '' ' # This string ends in space, tab.
- ac_unsafe_a="$ac_unsafe_z#~"
- ac_safe_unquote="s/ '\\([^$ac_unsafe_a][^$ac_unsafe_z]*\\)'/ \\1/g"
- ac_configure_args_raw=` printf "%s\n" "$ac_configure_args_raw" | sed "$ac_safe_unquote"`;;
-esac
-
-cat >config.log <<_ACEOF
-This file contains any messages produced by compilers while
-running configure, to aid debugging if configure makes a mistake.
-
-It was created by $as_me, which was
-generated by GNU Autoconf 2.71. Invocation command line was
-
- $ $0$ac_configure_args_raw
-
-_ACEOF
-exec 5>>config.log
-{
-cat <<_ASUNAME
-## --------- ##
-## Platform. ##
-## --------- ##
-
-hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
-/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
-
-/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
-/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
-/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
-/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
-/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
-/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
-
-_ASUNAME
-
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- printf "%s\n" "PATH: $as_dir"
- done
-IFS=$as_save_IFS
-
-} >&5
-
-cat >&5 <<_ACEOF
-
-
-## ----------- ##
-## Core tests. ##
-## ----------- ##
-
-_ACEOF
-
-
-# Keep a trace of the command line.
-# Strip out --no-create and --no-recursion so they do not pile up.
-# Strip out --silent because we don't want to record it for future runs.
-# Also quote any args containing shell meta-characters.
-# Make two passes to allow for proper duplicate-argument suppression.
-ac_configure_args=
-ac_configure_args0=
-ac_configure_args1=
-ac_must_keep_next=false
-for ac_pass in 1 2
-do
- for ac_arg
- do
- case $ac_arg in
- -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- continue ;;
- *\'*)
- ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- case $ac_pass in
- 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
- 2)
- as_fn_append ac_configure_args1 " '$ac_arg'"
- if test $ac_must_keep_next = true; then
- ac_must_keep_next=false # Got value, back to normal.
- else
- case $ac_arg in
- *=* | --config-cache | -C | -disable-* | --disable-* \
- | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
- | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
- | -with-* | --with-* | -without-* | --without-* | --x)
- case "$ac_configure_args0 " in
- "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
- esac
- ;;
- -* ) ac_must_keep_next=true ;;
- esac
- fi
- as_fn_append ac_configure_args " '$ac_arg'"
- ;;
- esac
- done
-done
-{ ac_configure_args0=; unset ac_configure_args0;}
-{ ac_configure_args1=; unset ac_configure_args1;}
-
-# When interrupted or exit'd, cleanup temporary files, and complete
-# config.log. We remove comments because anyway the quotes in there
-# would cause problems or look ugly.
-# WARNING: Use '\'' to represent an apostrophe within the trap.
-# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
-trap 'exit_status=$?
- # Sanitize IFS.
- IFS=" "" $as_nl"
- # Save into config.log some information that might help in debugging.
- {
- echo
-
- printf "%s\n" "## ---------------- ##
-## Cache variables. ##
-## ---------------- ##"
- echo
- # The following way of writing the cache mishandles newlines in values,
-(
- for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) { eval $ac_var=; unset $ac_var;} ;;
- esac ;;
- esac
- done
- (set) 2>&1 |
- case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- sed -n \
- "s/'\''/'\''\\\\'\'''\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
- ;; #(
- *)
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-)
- echo
-
- printf "%s\n" "## ----------------- ##
-## Output variables. ##
-## ----------------- ##"
- echo
- for ac_var in $ac_subst_vars
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- printf "%s\n" "$ac_var='\''$ac_val'\''"
- done | sort
- echo
-
- if test -n "$ac_subst_files"; then
- printf "%s\n" "## ------------------- ##
-## File substitutions. ##
-## ------------------- ##"
- echo
- for ac_var in $ac_subst_files
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- printf "%s\n" "$ac_var='\''$ac_val'\''"
- done | sort
- echo
- fi
-
- if test -s confdefs.h; then
- printf "%s\n" "## ----------- ##
-## confdefs.h. ##
-## ----------- ##"
- echo
- cat confdefs.h
- echo
- fi
- test "$ac_signal" != 0 &&
- printf "%s\n" "$as_me: caught signal $ac_signal"
- printf "%s\n" "$as_me: exit $exit_status"
- } >&5
- rm -f core *.core core.conftest.* &&
- rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
- exit $exit_status
-' 0
-for ac_signal in 1 2 13 15; do
- trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
-done
-ac_signal=0
-
-# confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -f -r conftest* confdefs.h
-
-printf "%s\n" "/* confdefs.h */" > confdefs.h
-
-# Predefined preprocessor variables.
-
-printf "%s\n" "#define PACKAGE_NAME \"$PACKAGE_NAME\"" >>confdefs.h
-
-printf "%s\n" "#define PACKAGE_TARNAME \"$PACKAGE_TARNAME\"" >>confdefs.h
-
-printf "%s\n" "#define PACKAGE_VERSION \"$PACKAGE_VERSION\"" >>confdefs.h
-
-printf "%s\n" "#define PACKAGE_STRING \"$PACKAGE_STRING\"" >>confdefs.h
-
-printf "%s\n" "#define PACKAGE_BUGREPORT \"$PACKAGE_BUGREPORT\"" >>confdefs.h
-
-printf "%s\n" "#define PACKAGE_URL \"$PACKAGE_URL\"" >>confdefs.h
-
-
-# Let the site file select an alternate cache file if it wants to.
-# Prefer an explicitly selected file to automatically selected ones.
-if test -n "$CONFIG_SITE"; then
- ac_site_files="$CONFIG_SITE"
-elif test "x$prefix" != xNONE; then
- ac_site_files="$prefix/share/config.site $prefix/etc/config.site"
-else
- ac_site_files="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
-fi
-
-for ac_site_file in $ac_site_files
-do
- case $ac_site_file in #(
- */*) :
- ;; #(
- *) :
- ac_site_file=./$ac_site_file ;;
-esac
- if test -f "$ac_site_file" && test -r "$ac_site_file"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
-printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;}
- sed 's/^/| /' "$ac_site_file" >&5
- . "$ac_site_file" \
- || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "failed to load site script $ac_site_file
-See \`config.log' for more details" "$LINENO" 5; }
- fi
-done
-
-if test -r "$cache_file"; then
- # Some versions of bash will fail to source /dev/null (special files
- # actually), so we avoid doing that. DJGPP emulates it as a regular file.
- if test /dev/null != "$cache_file" && test -f "$cache_file"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
-printf "%s\n" "$as_me: loading cache $cache_file" >&6;}
- case $cache_file in
- [\\/]* | ?:[\\/]* ) . "$cache_file";;
- *) . "./$cache_file";;
- esac
- fi
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
-printf "%s\n" "$as_me: creating cache $cache_file" >&6;}
- >$cache_file
-fi
-
-# Test code for whether the C compiler supports C89 (global declarations)
-ac_c_conftest_c89_globals='
-/* Does the compiler advertise C89 conformance?
- Do not test the value of __STDC__, because some compilers set it to 0
- while being otherwise adequately conformant. */
-#if !defined __STDC__
-# error "Compiler does not advertise C89 conformance"
-#endif
-
-#include <stddef.h>
-#include <stdarg.h>
-struct stat;
-/* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */
-struct buf { int x; };
-struct buf * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
- char **p;
- int i;
-{
- return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
- char *s;
- va_list v;
- va_start (v,p);
- s = g (p, va_arg (v,int));
- va_end (v);
- return s;
-}
-
-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
- function prototypes and stuff, but not \xHH hex character constants.
- These do not provoke an error unfortunately, instead are silently treated
- as an "x". The following induces an error, until -std is added to get
- proper ANSI mode. Curiously \x00 != x always comes out true, for an
- array size at least. It is necessary to write \x00 == 0 to get something
- that is true only with -std. */
-int osf4_cc_array ['\''\x00'\'' == 0 ? 1 : -1];
-
-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
- inside strings and character constants. */
-#define FOO(x) '\''x'\''
-int xlc6_cc_array[FOO(a) == '\''x'\'' ? 1 : -1];
-
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, int *(*)(struct buf *, struct stat *, int),
- int, int);'
-
-# Test code for whether the C compiler supports C89 (body of main).
-ac_c_conftest_c89_main='
-ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]);
-'
-
-# Test code for whether the C compiler supports C99 (global declarations)
-ac_c_conftest_c99_globals='
-// Does the compiler advertise C99 conformance?
-#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L
-# error "Compiler does not advertise C99 conformance"
-#endif
-
-#include <stdbool.h>
-extern int puts (const char *);
-extern int printf (const char *, ...);
-extern int dprintf (int, const char *, ...);
-extern void *malloc (size_t);
-
-// Check varargs macros. These examples are taken from C99 6.10.3.5.
-// dprintf is used instead of fprintf to avoid needing to declare
-// FILE and stderr.
-#define debug(...) dprintf (2, __VA_ARGS__)
-#define showlist(...) puts (#__VA_ARGS__)
-#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
-static void
-test_varargs_macros (void)
-{
- int x = 1234;
- int y = 5678;
- debug ("Flag");
- debug ("X = %d\n", x);
- showlist (The first, second, and third items.);
- report (x>y, "x is %d but y is %d", x, y);
-}
-
-// Check long long types.
-#define BIG64 18446744073709551615ull
-#define BIG32 4294967295ul
-#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
-#if !BIG_OK
- #error "your preprocessor is broken"
-#endif
-#if BIG_OK
-#else
- #error "your preprocessor is broken"
-#endif
-static long long int bignum = -9223372036854775807LL;
-static unsigned long long int ubignum = BIG64;
-
-struct incomplete_array
-{
- int datasize;
- double data[];
-};
-
-struct named_init {
- int number;
- const wchar_t *name;
- double average;
-};
-
-typedef const char *ccp;
-
-static inline int
-test_restrict (ccp restrict text)
-{
- // See if C++-style comments work.
- // Iterate through items via the restricted pointer.
- // Also check for declarations in for loops.
- for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i)
- continue;
- return 0;
-}
-
-// Check varargs and va_copy.
-static bool
-test_varargs (const char *format, ...)
-{
- va_list args;
- va_start (args, format);
- va_list args_copy;
- va_copy (args_copy, args);
-
- const char *str = "";
- int number = 0;
- float fnumber = 0;
-
- while (*format)
- {
- switch (*format++)
- {
- case '\''s'\'': // string
- str = va_arg (args_copy, const char *);
- break;
- case '\''d'\'': // int
- number = va_arg (args_copy, int);
- break;
- case '\''f'\'': // float
- fnumber = va_arg (args_copy, double);
- break;
- default:
- break;
- }
- }
- va_end (args_copy);
- va_end (args);
-
- return *str && number && fnumber;
-}
-'
-
-# Test code for whether the C compiler supports C99 (body of main).
-ac_c_conftest_c99_main='
- // Check bool.
- _Bool success = false;
- success |= (argc != 0);
-
- // Check restrict.
- if (test_restrict ("String literal") == 0)
- success = true;
- char *restrict newvar = "Another string";
-
- // Check varargs.
- success &= test_varargs ("s, d'\'' f .", "string", 65, 34.234);
- test_varargs_macros ();
-
- // Check flexible array members.
- struct incomplete_array *ia =
- malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
- ia->datasize = 10;
- for (int i = 0; i < ia->datasize; ++i)
- ia->data[i] = i * 1.234;
-
- // Check named initializers.
- struct named_init ni = {
- .number = 34,
- .name = L"Test wide string",
- .average = 543.34343,
- };
-
- ni.number = 58;
-
- int dynamic_array[ni.number];
- dynamic_array[0] = argv[0][0];
- dynamic_array[ni.number - 1] = 543;
-
- // work around unused variable warnings
- ok |= (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == '\''x'\''
- || dynamic_array[ni.number - 1] != 543);
-'
-
-# Test code for whether the C compiler supports C11 (global declarations)
-ac_c_conftest_c11_globals='
-// Does the compiler advertise C11 conformance?
-#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L
-# error "Compiler does not advertise C11 conformance"
-#endif
-
-// Check _Alignas.
-char _Alignas (double) aligned_as_double;
-char _Alignas (0) no_special_alignment;
-extern char aligned_as_int;
-char _Alignas (0) _Alignas (int) aligned_as_int;
-
-// Check _Alignof.
-enum
-{
- int_alignment = _Alignof (int),
- int_array_alignment = _Alignof (int[100]),
- char_alignment = _Alignof (char)
-};
-_Static_assert (0 < -_Alignof (int), "_Alignof is signed");
-
-// Check _Noreturn.
-int _Noreturn does_not_return (void) { for (;;) continue; }
-
-// Check _Static_assert.
-struct test_static_assert
-{
- int x;
- _Static_assert (sizeof (int) <= sizeof (long int),
- "_Static_assert does not work in struct");
- long int y;
-};
-
-// Check UTF-8 literals.
-#define u8 syntax error!
-char const utf8_literal[] = u8"happens to be ASCII" "another string";
-
-// Check duplicate typedefs.
-typedef long *long_ptr;
-typedef long int *long_ptr;
-typedef long_ptr long_ptr;
-
-// Anonymous structures and unions -- taken from C11 6.7.2.1 Example 1.
-struct anonymous
-{
- union {
- struct { int i; int j; };
- struct { int k; long int l; } w;
- };
- int m;
-} v1;
-'
-
-# Test code for whether the C compiler supports C11 (body of main).
-ac_c_conftest_c11_main='
- _Static_assert ((offsetof (struct anonymous, i)
- == offsetof (struct anonymous, w.k)),
- "Anonymous union alignment botch");
- v1.i = 2;
- v1.w.k = 5;
- ok |= v1.i != 5;
-'
-
-# Test code for whether the C compiler supports C11 (complete).
-ac_c_conftest_c11_program="${ac_c_conftest_c89_globals}
-${ac_c_conftest_c99_globals}
-${ac_c_conftest_c11_globals}
-
-int
-main (int argc, char **argv)
-{
- int ok = 0;
- ${ac_c_conftest_c89_main}
- ${ac_c_conftest_c99_main}
- ${ac_c_conftest_c11_main}
- return ok;
-}
-"
-
-# Test code for whether the C compiler supports C99 (complete).
-ac_c_conftest_c99_program="${ac_c_conftest_c89_globals}
-${ac_c_conftest_c99_globals}
-
-int
-main (int argc, char **argv)
-{
- int ok = 0;
- ${ac_c_conftest_c89_main}
- ${ac_c_conftest_c99_main}
- return ok;
-}
-"
-
-# Test code for whether the C compiler supports C89 (complete).
-ac_c_conftest_c89_program="${ac_c_conftest_c89_globals}
-
-int
-main (int argc, char **argv)
-{
- int ok = 0;
- ${ac_c_conftest_c89_main}
- return ok;
-}
-"
-
-as_fn_append ac_header_c_list " stdio.h stdio_h HAVE_STDIO_H"
-as_fn_append ac_header_c_list " stdlib.h stdlib_h HAVE_STDLIB_H"
-as_fn_append ac_header_c_list " string.h string_h HAVE_STRING_H"
-as_fn_append ac_header_c_list " inttypes.h inttypes_h HAVE_INTTYPES_H"
-as_fn_append ac_header_c_list " stdint.h stdint_h HAVE_STDINT_H"
-as_fn_append ac_header_c_list " strings.h strings_h HAVE_STRINGS_H"
-as_fn_append ac_header_c_list " sys/stat.h sys_stat_h HAVE_SYS_STAT_H"
-as_fn_append ac_header_c_list " sys/types.h sys_types_h HAVE_SYS_TYPES_H"
-as_fn_append ac_header_c_list " unistd.h unistd_h HAVE_UNISTD_H"
-
-# Auxiliary files required by this configure script.
-ac_aux_files="config.guess config.sub ltmain.sh compile missing install-sh"
-
-# Locations in which to look for auxiliary files.
-ac_aux_dir_candidates="${srcdir}${PATH_SEPARATOR}${srcdir}/..${PATH_SEPARATOR}${srcdir}/../.."
-
-# Search for a directory containing all of the required auxiliary files,
-# $ac_aux_files, from the $PATH-style list $ac_aux_dir_candidates.
-# If we don't find one directory that contains all the files we need,
-# we report the set of missing files from the *first* directory in
-# $ac_aux_dir_candidates and give up.
-ac_missing_aux_files=""
-ac_first_candidate=:
-printf "%s\n" "$as_me:${as_lineno-$LINENO}: looking for aux files: $ac_aux_files" >&5
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-as_found=false
-for as_dir in $ac_aux_dir_candidates
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- as_found=:
-
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: trying $as_dir" >&5
- ac_aux_dir_found=yes
- ac_install_sh=
- for ac_aux in $ac_aux_files
- do
- # As a special case, if "install-sh" is required, that requirement
- # can be satisfied by any of "install-sh", "install.sh", or "shtool",
- # and $ac_install_sh is set appropriately for whichever one is found.
- if test x"$ac_aux" = x"install-sh"
- then
- if test -f "${as_dir}install-sh"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install-sh found" >&5
- ac_install_sh="${as_dir}install-sh -c"
- elif test -f "${as_dir}install.sh"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install.sh found" >&5
- ac_install_sh="${as_dir}install.sh -c"
- elif test -f "${as_dir}shtool"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}shtool found" >&5
- ac_install_sh="${as_dir}shtool install -c"
- else
- ac_aux_dir_found=no
- if $ac_first_candidate; then
- ac_missing_aux_files="${ac_missing_aux_files} install-sh"
- else
- break
- fi
- fi
- else
- if test -f "${as_dir}${ac_aux}"; then
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}${ac_aux} found" >&5
- else
- ac_aux_dir_found=no
- if $ac_first_candidate; then
- ac_missing_aux_files="${ac_missing_aux_files} ${ac_aux}"
- else
- break
- fi
- fi
- fi
- done
- if test "$ac_aux_dir_found" = yes; then
- ac_aux_dir="$as_dir"
- break
- fi
- ac_first_candidate=false
-
- as_found=false
-done
-IFS=$as_save_IFS
-if $as_found
-then :
-
-else $as_nop
- as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5
-fi
-
-
-# These three variables are undocumented and unsupported,
-# and are intended to be withdrawn in a future Autoconf release.
-# They can cause serious problems if a builder's source tree is in a directory
-# whose full name contains unusual characters.
-if test -f "${ac_aux_dir}config.guess"; then
- ac_config_guess="$SHELL ${ac_aux_dir}config.guess"
-fi
-if test -f "${ac_aux_dir}config.sub"; then
- ac_config_sub="$SHELL ${ac_aux_dir}config.sub"
-fi
-if test -f "$ac_aux_dir/configure"; then
- ac_configure="$SHELL ${ac_aux_dir}configure"
-fi
-
-# Check that the precious variables saved in the cache have kept the same
-# value.
-ac_cache_corrupted=false
-for ac_var in $ac_precious_vars; do
- eval ac_old_set=\$ac_cv_env_${ac_var}_set
- eval ac_new_set=\$ac_env_${ac_var}_set
- eval ac_old_val=\$ac_cv_env_${ac_var}_value
- eval ac_new_val=\$ac_env_${ac_var}_value
- case $ac_old_set,$ac_new_set in
- set,)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,set)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,);;
- *)
- if test "x$ac_old_val" != "x$ac_new_val"; then
- # differences in whitespace do not lead to failure.
- ac_old_val_w=`echo x $ac_old_val`
- ac_new_val_w=`echo x $ac_new_val`
- if test "$ac_old_val_w" != "$ac_new_val_w"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
-printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
- ac_cache_corrupted=:
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
-printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
- eval $ac_var=\$ac_old_val
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
-printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;}
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
-printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;}
- fi;;
- esac
- # Pass precious variables to config.status.
- if test "$ac_new_set" = set; then
- case $ac_new_val in
- *\'*) ac_arg=$ac_var=`printf "%s\n" "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
- *) ac_arg=$ac_var=$ac_new_val ;;
- esac
- case " $ac_configure_args " in
- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
- *) as_fn_append ac_configure_args " '$ac_arg'" ;;
- esac
- fi
-done
-if $ac_cache_corrupted; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
-printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;}
- as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file'
- and start over" "$LINENO" 5
-fi
-## -------------------- ##
-## Main body of script. ##
-## -------------------- ##
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-am__api_version='1.16'
-
-
-
- # Find a good install program. We prefer a C program (faster),
-# so one script is as good as another. But avoid the broken or
-# incompatible versions:
-# SysV /etc/install, /usr/sbin/install
-# SunOS /usr/etc/install
-# IRIX /sbin/install
-# AIX /bin/install
-# AmigaOS /C/install, which installs bootblocks on floppy discs
-# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
-# AFS /usr/afsws/bin/install, which mishandles nonexistent args
-# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
-# OS/2's system install, which has a completely different semantic
-# ./install, which can be erroneously created by make from ./install.sh.
-# Reject install programs that cannot install multiple files.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
-printf %s "checking for a BSD-compatible install... " >&6; }
-if test -z "$INSTALL"; then
-if test ${ac_cv_path_install+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- # Account for fact that we put trailing slashes in our PATH walk.
-case $as_dir in #((
- ./ | /[cC]/* | \
- /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
- ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
- /usr/ucb/* ) ;;
- *)
- # OSF1 and SCO ODT 3.0 have their own names for install.
- # Don't use installbsd from OSF since it installs stuff as root
- # by default.
- for ac_prog in ginstall scoinst install; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext"; then
- if test $ac_prog = install &&
- grep dspmsg "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # AIX install. It has an incompatible calling convention.
- :
- elif test $ac_prog = install &&
- grep pwplus "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # program-specific install script used by HP pwplus--don't use.
- :
- else
- rm -rf conftest.one conftest.two conftest.dir
- echo one > conftest.one
- echo two > conftest.two
- mkdir conftest.dir
- if "$as_dir$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir/" &&
- test -s conftest.one && test -s conftest.two &&
- test -s conftest.dir/conftest.one &&
- test -s conftest.dir/conftest.two
- then
- ac_cv_path_install="$as_dir$ac_prog$ac_exec_ext -c"
- break 3
- fi
- fi
- fi
- done
- done
- ;;
-esac
-
- done
-IFS=$as_save_IFS
-
-rm -rf conftest.one conftest.two conftest.dir
-
-fi
- if test ${ac_cv_path_install+y}; then
- INSTALL=$ac_cv_path_install
- else
- # As a last resort, use the slow shell script. Don't cache a
- # value for INSTALL within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the value is a relative name.
- INSTALL=$ac_install_sh
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
-printf "%s\n" "$INSTALL" >&6; }
-
-# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
-# It thinks the first close brace ends the variable substitution.
-test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
-
-test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
-
-test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
-printf %s "checking whether build environment is sane... " >&6; }
-# Reject unsafe characters in $srcdir or the absolute working directory
-# name. Accept space and tab only in the latter.
-am_lf='
-'
-case `pwd` in
- *[\\\"\#\$\&\'\`$am_lf]*)
- as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;;
-esac
-case $srcdir in
- *[\\\"\#\$\&\'\`$am_lf\ \ ]*)
- as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;;
-esac
-
-# Do 'set' in a subshell so we don't clobber the current shell's
-# arguments. Must try -L first in case configure is actually a
-# symlink; some systems play weird games with the mod time of symlinks
-# (eg FreeBSD returns the mod time of the symlink's containing
-# directory).
-if (
- am_has_slept=no
- for am_try in 1 2; do
- echo "timestamp, slept: $am_has_slept" > conftest.file
- set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
- if test "$*" = "X"; then
- # -L didn't work.
- set X `ls -t "$srcdir/configure" conftest.file`
- fi
- if test "$*" != "X $srcdir/configure conftest.file" \
- && test "$*" != "X conftest.file $srcdir/configure"; then
-
- # If neither matched, then we have a broken ls. This can happen
- # if, for instance, CONFIG_SHELL is bash and it inherits a
- # broken ls alias from the environment. This has actually
- # happened. Such a system could not be considered "sane".
- as_fn_error $? "ls -t appears to fail. Make sure there is not a broken
- alias in your environment" "$LINENO" 5
- fi
- if test "$2" = conftest.file || test $am_try -eq 2; then
- break
- fi
- # Just in case.
- sleep 1
- am_has_slept=yes
- done
- test "$2" = conftest.file
- )
-then
- # Ok.
- :
-else
- as_fn_error $? "newly created file is older than distributed files!
-Check your system clock" "$LINENO" 5
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-# If we didn't sleep, we still need to ensure time stamps of config.status and
-# generated files are strictly newer.
-am_sleep_pid=
-if grep 'slept: no' conftest.file >/dev/null 2>&1; then
- ( sleep 1 ) &
- am_sleep_pid=$!
-fi
-
-rm -f conftest.file
-
-test "$program_prefix" != NONE &&
- program_transform_name="s&^&$program_prefix&;$program_transform_name"
-# Use a double $ so make ignores it.
-test "$program_suffix" != NONE &&
- program_transform_name="s&\$&$program_suffix&;$program_transform_name"
-# Double any \ or $.
-# By default was `s,x,x', remove it if useless.
-ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
-program_transform_name=`printf "%s\n" "$program_transform_name" | sed "$ac_script"`
-
-
-# Expand $ac_aux_dir to an absolute path.
-am_aux_dir=`cd "$ac_aux_dir" && pwd`
-
-
- if test x"${MISSING+set}" != xset; then
- MISSING="\${SHELL} '$am_aux_dir/missing'"
-fi
-# Use eval to expand $SHELL
-if eval "$MISSING --is-lightweight"; then
- am_missing_run="$MISSING "
-else
- am_missing_run=
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5
-printf "%s\n" "$as_me: WARNING: 'missing' script is too old or missing" >&2;}
-fi
-
-if test x"${install_sh+set}" != xset; then
- case $am_aux_dir in
- *\ * | *\ *)
- install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
- *)
- install_sh="\${SHELL} $am_aux_dir/install-sh"
- esac
-fi
-
-# Installed binaries are usually stripped using 'strip' when the user
-# run "make install-strip". However 'strip' might not be the right
-# tool to use in cross-compilation environments, therefore Automake
-# will honor the 'STRIP' environment variable to overrule this program.
-if test "$cross_compiling" != no; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$STRIP"; then
- ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-printf "%s\n" "$STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
- ac_ct_STRIP=$STRIP
- # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_STRIP"; then
- ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_STRIP="strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-printf "%s\n" "$ac_ct_STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_STRIP" = x; then
- STRIP=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- STRIP=$ac_ct_STRIP
- fi
-else
- STRIP="$ac_cv_prog_STRIP"
-fi
-
-fi
-INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a race-free mkdir -p" >&5
-printf %s "checking for a race-free mkdir -p... " >&6; }
-if test -z "$MKDIR_P"; then
- if test ${ac_cv_path_mkdir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in mkdir gmkdir; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext" || continue
- case `"$as_dir$ac_prog$ac_exec_ext" --version 2>&1` in #(
- 'mkdir ('*'coreutils) '* | \
- 'BusyBox '* | \
- 'mkdir (fileutils) '4.1*)
- ac_cv_path_mkdir=$as_dir$ac_prog$ac_exec_ext
- break 3;;
- esac
- done
- done
- done
-IFS=$as_save_IFS
-
-fi
-
- test -d ./--version && rmdir ./--version
- if test ${ac_cv_path_mkdir+y}; then
- MKDIR_P="$ac_cv_path_mkdir -p"
- else
- # As a last resort, use the slow shell script. Don't cache a
- # value for MKDIR_P within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the value is a relative name.
- MKDIR_P="$ac_install_sh -d"
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
-printf "%s\n" "$MKDIR_P" >&6; }
-
-for ac_prog in gawk mawk nawk awk
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_AWK+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$AWK"; then
- ac_cv_prog_AWK="$AWK" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_AWK="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-AWK=$ac_cv_prog_AWK
-if test -n "$AWK"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
-printf "%s\n" "$AWK" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$AWK" && break
-done
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
-printf %s "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
-set x ${MAKE-make}
-ac_make=`printf "%s\n" "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
-if eval test \${ac_cv_prog_make_${ac_make}_set+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat >conftest.make <<\_ACEOF
-SHELL = /bin/sh
-all:
- @echo '@@@%%%=$(MAKE)=@@@%%%'
-_ACEOF
-# GNU make sometimes prints "make[1]: Entering ...", which would confuse us.
-case `${MAKE-make} -f conftest.make 2>/dev/null` in
- *@@@%%%=?*=@@@%%%*)
- eval ac_cv_prog_make_${ac_make}_set=yes;;
- *)
- eval ac_cv_prog_make_${ac_make}_set=no;;
-esac
-rm -f conftest.make
-fi
-if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- SET_MAKE=
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- SET_MAKE="MAKE=${MAKE-make}"
-fi
-
-rm -rf .tst 2>/dev/null
-mkdir .tst 2>/dev/null
-if test -d .tst; then
- am__leading_dot=.
-else
- am__leading_dot=_
-fi
-rmdir .tst 2>/dev/null
-
-# Check whether --enable-silent-rules was given.
-if test ${enable_silent_rules+y}
-then :
- enableval=$enable_silent_rules;
-fi
-
-case $enable_silent_rules in # (((
- yes) AM_DEFAULT_VERBOSITY=0;;
- no) AM_DEFAULT_VERBOSITY=1;;
- *) AM_DEFAULT_VERBOSITY=1;;
-esac
-am_make=${MAKE-make}
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5
-printf %s "checking whether $am_make supports nested variables... " >&6; }
-if test ${am_cv_make_support_nested_variables+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if printf "%s\n" 'TRUE=$(BAR$(V))
-BAR0=false
-BAR1=true
-V=1
-am__doit:
- @$(TRUE)
-.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then
- am_cv_make_support_nested_variables=yes
-else
- am_cv_make_support_nested_variables=no
-fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5
-printf "%s\n" "$am_cv_make_support_nested_variables" >&6; }
-if test $am_cv_make_support_nested_variables = yes; then
- AM_V='$(V)'
- AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
-else
- AM_V=$AM_DEFAULT_VERBOSITY
- AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY
-fi
-AM_BACKSLASH='\'
-
-if test "`cd $srcdir && pwd`" != "`pwd`"; then
- # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
- # is not polluted with repeated "-I."
- am__isrc=' -I$(srcdir)'
- # test to see if srcdir already configured
- if test -f $srcdir/config.status; then
- as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5
- fi
-fi
-
-# test whether we have cygpath
-if test -z "$CYGPATH_W"; then
- if (cygpath --version) >/dev/null 2>/dev/null; then
- CYGPATH_W='cygpath -w'
- else
- CYGPATH_W=echo
- fi
-fi
-
-
-# Define the identity of the package.
-
- PACKAGE=libapparmor1
- VERSION=3.1.7
-
-
-printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
-
-
-printf "%s\n" "#define VERSION \"$VERSION\"" >>confdefs.h
-
-# Some tools Automake needs.
-
-ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
-
-
-AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
-
-
-AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
-
-
-AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
-
-
-MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
-
-# For better backward compatibility. To be removed once Automake 1.9.x
-# dies out for good. For more background, see:
-# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
-# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
-mkdir_p='$(MKDIR_P)'
-
-# We need awk for the "check" target (and possibly the TAP driver). The
-# system "awk" is bad on some platforms.
-# Always define AMTAR for backward compatibility. Yes, it's still used
-# in the wild :-( We should find a proper way to deprecate it ...
-AMTAR='$${TAR-tar}'
-
-
-# We'll loop over all known methods to create a tar archive until one works.
-_am_tools='gnutar pax cpio none'
-
-am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'
-
-
-
-
-
-# Variables for tags utilities; see am/tags.am
-if test -z "$CTAGS"; then
- CTAGS=ctags
-fi
-
-if test -z "$ETAGS"; then
- ETAGS=etags
-fi
-
-if test -z "$CSCOPE"; then
- CSCOPE=cscope
-fi
-
-
-
-# POSIX will say in a future version that running "rm -f" with no argument
-# is OK; and we want to be able to make that assumption in our Makefile
-# recipes. So use an aggressive probe to check that the usage we want is
-# actually supported "in the wild" to an acceptable degree.
-# See automake bug#10828.
-# To make any issue more visible, cause the running configure to be aborted
-# by default if the 'rm' program in use doesn't match our expectations; the
-# user can still override this though.
-if rm -f && rm -fr && rm -rf; then : OK; else
- cat >&2 <<'END'
-Oops!
-
-Your 'rm' program seems unable to run without file operands specified
-on the command line, even when the '-f' option is present. This is contrary
-to the behaviour of most rm programs out there, and not conforming with
-the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542>
-
-Please tell bug-automake@gnu.org about your system, including the value
-of your $PATH and any error possibly output before this message. This
-can help us improve future automake versions.
-
-END
- if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then
- echo 'Configuration will proceed anyway, since you have set the' >&2
- echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2
- echo >&2
- else
- cat >&2 <<'END'
-Aborting the configuration process, to ensure you take notice of the issue.
-
-You can download and install GNU coreutils to get an 'rm' implementation
-that behaves properly: <https://www.gnu.org/software/coreutils/>.
-
-If you want to complete the configuration process using your problematic
-'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
-to "yes", and re-run configure.
-
-END
- as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5
- fi
-fi
-
-
-
-
-
-
-
-
-
-
-
-DEPDIR="${am__leading_dot}deps"
-
-ac_config_commands="$ac_config_commands depfiles"
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5
-printf %s "checking whether ${MAKE-make} supports the include directive... " >&6; }
-cat > confinc.mk << 'END'
-am__doit:
- @echo this is the am__doit target >confinc.out
-.PHONY: am__doit
-END
-am__include="#"
-am__quote=
-# BSD make does it like this.
-echo '.include "confinc.mk" # ignored' > confmf.BSD
-# Other make implementations (GNU, Solaris 10, AIX) do it like this.
-echo 'include confinc.mk # ignored' > confmf.GNU
-_am_result=no
-for s in GNU BSD; do
- { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5
- (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
- case $?:`cat confinc.out 2>/dev/null` in #(
- '0:this is the am__doit target') :
- case $s in #(
- BSD) :
- am__include='.include' am__quote='"' ;; #(
- *) :
- am__include='include' am__quote='' ;;
-esac ;; #(
- *) :
- ;;
-esac
- if test "$am__include" != "#"; then
- _am_result="yes ($s style)"
- break
- fi
-done
-rm -f confinc.* confmf.*
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5
-printf "%s\n" "${_am_result}" >&6; }
-
-# Check whether --enable-dependency-tracking was given.
-if test ${enable_dependency_tracking+y}
-then :
- enableval=$enable_dependency_tracking;
-fi
-
-if test "x$enable_dependency_tracking" != xno; then
- am_depcomp="$ac_aux_dir/depcomp"
- AMDEPBACKSLASH='\'
- am__nodep='_no'
-fi
- if test "x$enable_dependency_tracking" != xno; then
- AMDEP_TRUE=
- AMDEP_FALSE='#'
-else
- AMDEP_TRUE='#'
- AMDEP_FALSE=
-fi
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}gcc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="gcc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}cc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- fi
-fi
-if test -z "$CC"; then
- # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
- ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- if test "$as_dir$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
- ac_prog_rejected=yes
- continue
- fi
- ac_cv_prog_CC="cc"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-if test $ac_prog_rejected = yes; then
- # We found a bogon in the path, so make sure we never use it.
- set dummy $ac_cv_prog_CC
- shift
- if test $# != 0; then
- # We chose a different compiler from the bogus one.
- # However, it has the same basename, so the bogon will be chosen
- # first if we set CC to just the basename; use the full file name.
- shift
- ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@"
- fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- for ac_prog in cl.exe
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$CC" && break
- done
-fi
-if test -z "$CC"; then
- ac_ct_CC=$CC
- for ac_prog in cl.exe
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$ac_ct_CC" && break
-done
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-fi
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}clang", so it can be a program name with args.
-set dummy ${ac_tool_prefix}clang; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}clang"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-printf "%s\n" "$CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "clang", so it can be a program name with args.
-set dummy clang; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_CC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="clang"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-printf "%s\n" "$ac_ct_CC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-fi
-
-
-test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "no acceptable C compiler found in \$PATH
-See \`config.log' for more details" "$LINENO" 5; }
-
-# Provide some information about the compiler.
-printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
-set X $ac_compile
-ac_compiler=$2
-for ac_option in --version -v -V -qversion -version; do
- { { ac_try="$ac_compiler $ac_option >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compiler $ac_option >&5") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- sed '10a\
-... rest of stderr output deleted ...
- 10q' conftest.err >conftest.er1
- cat conftest.er1 >&5
- fi
- rm -f conftest.er1 conftest.err
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-done
-
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
-# Try to create an executable without -o first, disregard a.out.
-# It will help us diagnose broken compilers, and finding out an intuition
-# of exeext.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
-printf %s "checking whether the C compiler works... " >&6; }
-ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-
-# The possible output files:
-ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
-
-ac_rmfiles=
-for ac_file in $ac_files
-do
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- * ) ac_rmfiles="$ac_rmfiles $ac_file";;
- esac
-done
-rm -f $ac_rmfiles
-
-if { { ac_try="$ac_link_default"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link_default") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-then :
- # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
-# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
-# in a Makefile. We should not override ac_cv_exeext if it was cached,
-# so that the user can short-circuit this test for compilers unknown to
-# Autoconf.
-for ac_file in $ac_files ''
-do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
- ;;
- [ab].out )
- # We found the default executable, but exeext='' is most
- # certainly right.
- break;;
- *.* )
- if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no;
- then :; else
- ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- fi
- # We set ac_cv_exeext here because the later test for it is not
- # safe: cross compilers may not add the suffix if given an `-o'
- # argument, so we may need to know it at that point already.
- # Even if this section looks crufty: it has the advantage of
- # actually working.
- break;;
- * )
- break;;
- esac
-done
-test "$ac_cv_exeext" = no && ac_cv_exeext=
-
-else $as_nop
- ac_file=''
-fi
-if test -z "$ac_file"
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "C compiler cannot create executables
-See \`config.log' for more details" "$LINENO" 5; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
-printf %s "checking for C compiler default output file name... " >&6; }
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
-printf "%s\n" "$ac_file" >&6; }
-ac_exeext=$ac_cv_exeext
-
-rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
-ac_clean_files=$ac_clean_files_save
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
-printf %s "checking for suffix of executables... " >&6; }
-if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-then :
- # If both `conftest.exe' and `conftest' are `present' (well, observable)
-# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
-# work properly (i.e., refer to `conftest.exe'), while it won't with
-# `rm'.
-for ac_file in conftest.exe conftest conftest.*; do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
- *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- break;;
- * ) break;;
- esac
-done
-else $as_nop
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-rm -f conftest conftest$ac_cv_exeext
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
-printf "%s\n" "$ac_cv_exeext" >&6; }
-
-rm -f conftest.$ac_ext
-EXEEXT=$ac_cv_exeext
-ac_exeext=$EXEEXT
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdio.h>
-int
-main (void)
-{
-FILE *f = fopen ("conftest.out", "w");
- return ferror (f) || fclose (f) != 0;
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files="$ac_clean_files conftest.out"
-# Check that the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
-printf %s "checking whether we are cross compiling... " >&6; }
-if test "$cross_compiling" != yes; then
- { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if { ac_try='./conftest$ac_cv_exeext'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then
- cross_compiling=no
- else
- if test "$cross_compiling" = maybe; then
- cross_compiling=yes
- else
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error 77 "cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details" "$LINENO" 5; }
- fi
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
-printf "%s\n" "$cross_compiling" >&6; }
-
-rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
-ac_clean_files=$ac_clean_files_save
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
-printf %s "checking for suffix of object files... " >&6; }
-if test ${ac_cv_objext+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.o conftest.obj
-if { { ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$ac_compile") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-then :
- for ac_file in conftest.o conftest.obj conftest.*; do
- test -f "$ac_file" || continue;
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
- *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
- break;;
- esac
-done
-else $as_nop
- printf "%s\n" "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot compute suffix of object files: cannot compile
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-rm -f conftest.$ac_cv_objext conftest.$ac_ext
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
-printf "%s\n" "$ac_cv_objext" >&6; }
-OBJEXT=$ac_cv_objext
-ac_objext=$OBJEXT
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5
-printf %s "checking whether the compiler supports GNU C... " >&6; }
-if test ${ac_cv_c_compiler_gnu+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-#ifndef __GNUC__
- choke me
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_compiler_gnu=yes
-else $as_nop
- ac_compiler_gnu=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
-printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; }
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-if test $ac_compiler_gnu = yes; then
- GCC=yes
-else
- GCC=
-fi
-ac_test_CFLAGS=${CFLAGS+y}
-ac_save_CFLAGS=$CFLAGS
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
-printf %s "checking whether $CC accepts -g... " >&6; }
-if test ${ac_cv_prog_cc_g+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_save_c_werror_flag=$ac_c_werror_flag
- ac_c_werror_flag=yes
- ac_cv_prog_cc_g=no
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_g=yes
-else $as_nop
- CFLAGS=""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
-
-else $as_nop
- ac_c_werror_flag=$ac_save_c_werror_flag
- CFLAGS="-g"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_g=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
- ac_c_werror_flag=$ac_save_c_werror_flag
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
-printf "%s\n" "$ac_cv_prog_cc_g" >&6; }
-if test $ac_test_CFLAGS; then
- CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
- CFLAGS="-g -O2"
- else
- CFLAGS="-g"
- fi
-else
- if test "$GCC" = yes; then
- CFLAGS="-O2"
- else
- CFLAGS=
- fi
-fi
-ac_prog_cc_stdc=no
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5
-printf %s "checking for $CC option to enable C11 features... " >&6; }
-if test ${ac_cv_prog_cc_c11+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c11=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c11_program
-_ACEOF
-for ac_arg in '' -std=gnu11
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c11=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c11" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c11" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c11" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
-printf "%s\n" "$ac_cv_prog_cc_c11" >&6; }
- CC="$CC $ac_cv_prog_cc_c11"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11
- ac_prog_cc_stdc=c11
-fi
-fi
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5
-printf %s "checking for $CC option to enable C99 features... " >&6; }
-if test ${ac_cv_prog_cc_c99+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c99=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c99_program
-_ACEOF
-for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99=
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c99=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c99" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c99" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c99" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
-printf "%s\n" "$ac_cv_prog_cc_c99" >&6; }
- CC="$CC $ac_cv_prog_cc_c99"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99
- ac_prog_cc_stdc=c99
-fi
-fi
-if test x$ac_prog_cc_stdc = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5
-printf %s "checking for $CC option to enable C89 features... " >&6; }
-if test ${ac_cv_prog_cc_c89+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_cv_prog_cc_c89=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$ac_c_conftest_c89_program
-_ACEOF
-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_cc_c89=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam
- test "x$ac_cv_prog_cc_c89" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-fi
-
-if test "x$ac_cv_prog_cc_c89" = xno
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-printf "%s\n" "unsupported" >&6; }
-else $as_nop
- if test "x$ac_cv_prog_cc_c89" = x
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-printf "%s\n" "none needed" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
-printf "%s\n" "$ac_cv_prog_cc_c89" >&6; }
- CC="$CC $ac_cv_prog_cc_c89"
-fi
- ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89
- ac_prog_cc_stdc=c89
-fi
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
-printf %s "checking whether $CC understands -c and -o together... " >&6; }
-if test ${am_cv_prog_cc_c_o+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
- # Make sure it works both with $CC and with simple cc.
- # Following AC_PROG_CC_C_O, we do the test twice because some
- # compilers refuse to overwrite an existing .o file with -o,
- # though they will create one.
- am_cv_prog_cc_c_o=yes
- for am_i in 1 2; do
- if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5
- ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } \
- && test -f conftest2.$ac_objext; then
- : OK
- else
- am_cv_prog_cc_c_o=no
- break
- fi
- done
- rm -f core conftest*
- unset am_i
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
-printf "%s\n" "$am_cv_prog_cc_c_o" >&6; }
-if test "$am_cv_prog_cc_c_o" != yes; then
- # Losing compiler, so override with the script.
- # FIXME: It is wrong to rewrite CC.
- # But if we don't then we get into trouble of one sort or another.
- # A longer-term fix would be to have automake use am__CC in this case,
- # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
- CC="$am_aux_dir/compile $CC"
-fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-depcc="$CC" am_compiler_list=
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
-printf %s "checking dependency style of $depcc... " >&6; }
-if test ${am_cv_CC_dependencies_compiler_type+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
- # We make a subdir and do the tests there. Otherwise we can end up
- # making bogus files that we don't know about and never remove. For
- # instance it was reported that on HP-UX the gcc test will end up
- # making a dummy file named 'D' -- because '-MD' means "put the output
- # in D".
- rm -rf conftest.dir
- mkdir conftest.dir
- # Copy depcomp to subdir because otherwise we won't find it if we're
- # using a relative directory.
- cp "$am_depcomp" conftest.dir
- cd conftest.dir
- # We will build objects and dependencies in a subdirectory because
- # it helps to detect inapplicable dependency modes. For instance
- # both Tru64's cc and ICC support -MD to output dependencies as a
- # side effect of compilation, but ICC will put the dependencies in
- # the current directory while Tru64 will put them in the object
- # directory.
- mkdir sub
-
- am_cv_CC_dependencies_compiler_type=none
- if test "$am_compiler_list" = ""; then
- am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
- fi
- am__universal=false
- case " $depcc " in #(
- *\ -arch\ *\ -arch\ *) am__universal=true ;;
- esac
-
- for depmode in $am_compiler_list; do
- # Setup a source with many dependencies, because some compilers
- # like to wrap large dependency lists on column 80 (with \), and
- # we should not choose a depcomp mode which is confused by this.
- #
- # We need to recreate these files for each test, as the compiler may
- # overwrite some of them when testing with obscure command lines.
- # This happens at least with the AIX C compiler.
- : > sub/conftest.c
- for i in 1 2 3 4 5 6; do
- echo '#include "conftst'$i'.h"' >> sub/conftest.c
- # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with
- # Solaris 10 /bin/sh.
- echo '/* dummy */' > sub/conftst$i.h
- done
- echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
-
- # We check with '-c' and '-o' for the sake of the "dashmstdout"
- # mode. It turns out that the SunPro C++ compiler does not properly
- # handle '-M -o', and we need to detect this. Also, some Intel
- # versions had trouble with output in subdirs.
- am__obj=sub/conftest.${OBJEXT-o}
- am__minus_obj="-o $am__obj"
- case $depmode in
- gcc)
- # This depmode causes a compiler race in universal mode.
- test "$am__universal" = false || continue
- ;;
- nosideeffect)
- # After this tag, mechanisms are not by side-effect, so they'll
- # only be used when explicitly requested.
- if test "x$enable_dependency_tracking" = xyes; then
- continue
- else
- break
- fi
- ;;
- msvc7 | msvc7msys | msvisualcpp | msvcmsys)
- # This compiler won't grok '-c -o', but also, the minuso test has
- # not run yet. These depmodes are late enough in the game, and
- # so weak that their functioning should not be impacted.
- am__obj=conftest.${OBJEXT-o}
- am__minus_obj=
- ;;
- none) break ;;
- esac
- if depmode=$depmode \
- source=sub/conftest.c object=$am__obj \
- depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
- $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
- >/dev/null 2>conftest.err &&
- grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
- grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
- grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
- ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
- # icc doesn't choke on unknown options, it will just issue warnings
- # or remarks (even with -Werror). So we grep stderr for any message
- # that says an option was ignored or not supported.
- # When given -MP, icc 7.0 and 7.1 complain thusly:
- # icc: Command line warning: ignoring option '-M'; no argument required
- # The diagnosis changed in icc 8.0:
- # icc: Command line remark: option '-MP' not supported
- if (grep 'ignoring option' conftest.err ||
- grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
- am_cv_CC_dependencies_compiler_type=$depmode
- break
- fi
- fi
- done
-
- cd ..
- rm -rf conftest.dir
-else
- am_cv_CC_dependencies_compiler_type=none
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
-printf "%s\n" "$am_cv_CC_dependencies_compiler_type" >&6; }
-CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
-
- if
- test "x$enable_dependency_tracking" != xno \
- && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
- am__fastdepCC_TRUE=
- am__fastdepCC_FALSE='#'
-else
- am__fastdepCC_TRUE='#'
- am__fastdepCC_FALSE=
-fi
-
-
-
-for ac_prog in flex lex
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_LEX+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$LEX"; then
- ac_cv_prog_LEX="$LEX" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_LEX="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-LEX=$ac_cv_prog_LEX
-if test -n "$LEX"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LEX" >&5
-printf "%s\n" "$LEX" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$LEX" && break
-done
-test -n "$LEX" || LEX=":"
-
- if test "x$LEX" != "x:"; then
- cat >conftest.l <<_ACEOF
-%{
-#ifdef __cplusplus
-extern "C"
-#endif
-int yywrap(void);
-%}
-%%
-a { ECHO; }
-b { REJECT; }
-c { yymore (); }
-d { yyless (1); }
-e { /* IRIX 6.5 flex 2.5.4 underquotes its yyless argument. */
-#ifdef __cplusplus
- yyless ((yyinput () != 0));
-#else
- yyless ((input () != 0));
-#endif
- }
-f { unput (yytext[0]); }
-. { BEGIN INITIAL; }
-%%
-#ifdef YYTEXT_POINTER
-extern char *yytext;
-#endif
-int
-yywrap (void)
-{
- return 1;
-}
-int
-main (void)
-{
- return ! yylex ();
-}
-_ACEOF
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex output file root" >&5
-printf %s "checking for lex output file root... " >&6; }
-if test ${ac_cv_prog_lex_root+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
-ac_cv_prog_lex_root=unknown
-{ { ac_try="$LEX conftest.l"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-printf "%s\n" "$ac_try_echo"; } >&5
- (eval "$LEX conftest.l") 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } &&
-if test -f lex.yy.c; then
- ac_cv_prog_lex_root=lex.yy
-elif test -f lexyy.c; then
- ac_cv_prog_lex_root=lexyy
-fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5
-printf "%s\n" "$ac_cv_prog_lex_root" >&6; }
-if test "$ac_cv_prog_lex_root" = unknown
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cannot find output from $LEX; giving up on $LEX" >&5
-printf "%s\n" "$as_me: WARNING: cannot find output from $LEX; giving up on $LEX" >&2;}
- LEX=: LEXLIB=
-fi
-LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root
-
-if test ${LEXLIB+y}
-then :
-
-else $as_nop
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex library" >&5
-printf %s "checking for lex library... " >&6; }
-if test ${ac_cv_lib_lex+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
- ac_save_LIBS="$LIBS"
- ac_found=false
- for ac_cv_lib_lex in 'none needed' -lfl -ll 'not found'; do
- case $ac_cv_lib_lex in #(
- 'none needed') :
- ;; #(
- 'not found') :
- break ;; #(
- *) :
- LIBS="$ac_cv_lib_lex $ac_save_LIBS" ;; #(
- *) :
- ;;
-esac
-
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-`cat $LEX_OUTPUT_ROOT.c`
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_found=:
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- if $ac_found; then
- break
- fi
- done
- LIBS="$ac_save_LIBS"
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5
-printf "%s\n" "$ac_cv_lib_lex" >&6; }
- if test "$ac_cv_lib_lex" = 'not found'
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: required lex library not found; giving up on $LEX" >&5
-printf "%s\n" "$as_me: WARNING: required lex library not found; giving up on $LEX" >&2;}
- LEX=: LEXLIB=
-elif test "$ac_cv_lib_lex" = 'none needed'
-then :
- LEXLIB=''
-else $as_nop
- LEXLIB=$ac_cv_lib_lex
-fi
- ac_save_LIBS="$LIBS"
- LIBS=
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing yywrap" >&5
-printf %s "checking for library containing yywrap... " >&6; }
-if test ${ac_cv_search_yywrap+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char yywrap ();
-int
-main (void)
-{
-return yywrap ();
- ;
- return 0;
-}
-_ACEOF
-for ac_lib in '' fl l
-do
- if test -z "$ac_lib"; then
- ac_res="none required"
- else
- ac_res=-l$ac_lib
- LIBS="-l$ac_lib $ac_func_search_save_LIBS"
- fi
- if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_search_yywrap=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext
- if test ${ac_cv_search_yywrap+y}
-then :
- break
-fi
-done
-if test ${ac_cv_search_yywrap+y}
-then :
-
-else $as_nop
- ac_cv_search_yywrap=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_yywrap" >&5
-printf "%s\n" "$ac_cv_search_yywrap" >&6; }
-ac_res=$ac_cv_search_yywrap
-if test "$ac_res" != no
-then :
- test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
- LEXLIB="$LIBS"
-fi
-
- LIBS="$ac_save_LIBS"
-fi
-
-
-if test "$LEX" != :
-then :
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether yytext is a pointer" >&5
-printf %s "checking whether yytext is a pointer... " >&6; }
-if test ${ac_cv_prog_lex_yytext_pointer+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- # POSIX says lex can declare yytext either as a pointer or an array; the
-# default is implementation-dependent. Figure out which it is, since
-# not all implementations provide the %pointer and %array declarations.
-ac_cv_prog_lex_yytext_pointer=no
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
- #define YYTEXT_POINTER 1
-`cat $LEX_OUTPUT_ROOT.c`
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_prog_lex_yytext_pointer=yes
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5
-printf "%s\n" "$ac_cv_prog_lex_yytext_pointer" >&6; }
-if test $ac_cv_prog_lex_yytext_pointer = yes; then
-
-printf "%s\n" "#define YYTEXT_POINTER 1" >>confdefs.h
-
-fi
-
-fi
-rm -f conftest.l $LEX_OUTPUT_ROOT.c
-
-fi
-if test "$LEX" = :; then
- LEX=${am_missing_run}flex
-fi
-for ac_prog in 'bison -y' byacc
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_YACC+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$YACC"; then
- ac_cv_prog_YACC="$YACC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_YACC="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-YACC=$ac_cv_prog_YACC
-if test -n "$YACC"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5
-printf "%s\n" "$YACC" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$YACC" && break
-done
-test -n "$YACC" || YACC="yacc"
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
-printf %s "checking for a sed that does not truncate output... " >&6; }
-if test ${ac_cv_path_SED+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
- for ac_i in 1 2 3 4 5 6 7; do
- ac_script="$ac_script$as_nl$ac_script"
- done
- echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
- { ac_script=; unset ac_script;}
- if test -z "$SED"; then
- ac_path_SED_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in sed gsed
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_SED" || continue
-# Check for GNU ac_path_SED and select it if it is found.
- # Check for GNU $ac_path_SED
-case `"$ac_path_SED" --version 2>&1` in
-*GNU*)
- ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" '' >> "conftest.nl"
- "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_SED_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_SED="$ac_path_SED"
- ac_path_SED_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_SED_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_SED"; then
- as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
- fi
-else
- ac_cv_path_SED=$SED
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
-printf "%s\n" "$ac_cv_path_SED" >&6; }
- SED="$ac_cv_path_SED"
- rm -f conftest.sed
-
-
-
-
-
-
-
-
-if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
-set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PKG_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PKG_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PKG_CONFIG=$ac_cv_path_PKG_CONFIG
-if test -n "$PKG_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
-printf "%s\n" "$PKG_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_path_PKG_CONFIG"; then
- ac_pt_PKG_CONFIG=$PKG_CONFIG
- # Extract the first word of "pkg-config", so it can be a program name with args.
-set dummy pkg-config; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_ac_pt_PKG_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $ac_pt_PKG_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_ac_pt_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
-if test -n "$ac_pt_PKG_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
-printf "%s\n" "$ac_pt_PKG_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_pt_PKG_CONFIG" = x; then
- PKG_CONFIG=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- PKG_CONFIG=$ac_pt_PKG_CONFIG
- fi
-else
- PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
-fi
-
-fi
-if test -n "$PKG_CONFIG"; then
- _pkg_min_version=0.9.0
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
-printf %s "checking pkg-config is at least version $_pkg_min_version... " >&6; }
- if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- PKG_CONFIG=""
- fi
-fi
-
-# Extract the first word of "swig", so it can be a program name with args.
-set dummy swig; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_SWIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $SWIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_SWIG="$SWIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_SWIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-SWIG=$ac_cv_path_SWIG
-if test -n "$SWIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SWIG" >&5
-printf "%s\n" "$SWIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor debug output should be enabled" >&5
-printf %s "checking whether the libapparmor debug output should be enabled... " >&6; }
-# Check whether --enable-debug_output was given.
-if test ${enable_debug_output+y}
-then :
- enableval=$enable_debug_output; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-printf "%s\n" "$enableval" >&6; }
-else $as_nop
- enable_debug_output=no
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_debug_output" >&5
-printf "%s\n" "$enable_debug_output" >&6; }
-fi
-
-if test "$enable_debug_output" = "yes"
-then :
-
-printf "%s\n" "#define ENABLE_DEBUG_OUTPUT 1" >>confdefs.h
-
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor man pages should be generated" >&5
-printf %s "checking whether the libapparmor man pages should be generated... " >&6; }
-# Check whether --enable-man_pages was given.
-if test ${enable_man_pages+y}
-then :
- enableval=$enable_man_pages; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-printf "%s\n" "$enableval" >&6; }
-else $as_nop
- enable_man_pages=yes
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_man_pages" >&5
-printf "%s\n" "$enable_man_pages" >&6; }
-fi
-
-if test "$enable_man_pages" = "yes"; then
-
-
-
- # Extract the first word of "podchecker", so it can be a program name with args.
-set dummy podchecker; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_PODCHECKER+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$PODCHECKER"; then
- ac_cv_prog_PODCHECKER="$PODCHECKER" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_PODCHECKER="podchecker"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- test -z "$ac_cv_prog_PODCHECKER" && ac_cv_prog_PODCHECKER="no"
-fi
-fi
-PODCHECKER=$ac_cv_prog_PODCHECKER
-if test -n "$PODCHECKER"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PODCHECKER" >&5
-printf "%s\n" "$PODCHECKER" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- if test "$PODCHECKER" = "no"; then
- as_fn_error $? "
-The podchecker program was not found in the default path. podchecker is part of
-Perl, which can be retrieved from:
-
- https://www.perl.org
-" "$LINENO" 5
- fi
-
-
-
-
-
- # Extract the first word of "pod2man", so it can be a program name with args.
-set dummy pod2man; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_POD2MAN+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$POD2MAN"; then
- ac_cv_prog_POD2MAN="$POD2MAN" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_POD2MAN="pod2man"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- test -z "$ac_cv_prog_POD2MAN" && ac_cv_prog_POD2MAN="no"
-fi
-fi
-POD2MAN=$ac_cv_prog_POD2MAN
-if test -n "$POD2MAN"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $POD2MAN" >&5
-printf "%s\n" "$POD2MAN" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- if test "$POD2MAN" = "no"; then
- as_fn_error $? "
-The pod2man program was not found in the default path. pod2man is part of
-Perl, which can be retrieved from:
-
- https://www.perl.org
-" "$LINENO" 5
- fi
-
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether python bindings are enabled" >&5
-printf %s "checking whether python bindings are enabled... " >&6; }
-
-# Check whether --with-python was given.
-if test ${with_python+y}
-then :
- withval=$with_python; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-printf "%s\n" "$withval" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-if test "$with_python" = "yes"; then
- test -z "$SWIG" && as_fn_error $? "swig is required when enabling python bindings" "$LINENO" 5
- # Extract the first word of "python3", so it can be a program name with args.
-set dummy python3; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PYTHON+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PYTHON in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PYTHON=$ac_cv_path_PYTHON
-if test -n "$PYTHON"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-printf "%s\n" "$PYTHON" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -z "$PYTHON" && as_fn_error $? "python is required when enabling python bindings" "$LINENO" 5
-
-
-
- #
- # Allow the use of a (user set) custom python version
- #
-
-
- # Extract the first word of "python[$PYTHON_VERSION]", so it can be a program name with args.
-set dummy python$PYTHON_VERSION; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PYTHON+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PYTHON in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PYTHON=$ac_cv_path_PYTHON
-if test -n "$PYTHON"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-printf "%s\n" "$PYTHON" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- if test -z "$PYTHON"; then
- as_fn_error $? "Cannot find python$PYTHON_VERSION in your system path" "$LINENO" 5
- PYTHON_VERSION=""
- fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}`basename [$PYTHON]-config`", so it can be a program name with args.
-set dummy ${ac_tool_prefix}`basename $PYTHON-config`; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PYTHON_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PYTHON_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PYTHON_CONFIG="$PYTHON_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PYTHON_CONFIG=$ac_cv_path_PYTHON_CONFIG
-if test -n "$PYTHON_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CONFIG" >&5
-printf "%s\n" "$PYTHON_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_path_PYTHON_CONFIG"; then
- ac_pt_PYTHON_CONFIG=$PYTHON_CONFIG
- # Extract the first word of "`basename [$PYTHON]-config`", so it can be a program name with args.
-set dummy `basename $PYTHON-config`; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_ac_pt_PYTHON_CONFIG+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $ac_pt_PYTHON_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_ac_pt_PYTHON_CONFIG="$ac_pt_PYTHON_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_ac_pt_PYTHON_CONFIG="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-ac_pt_PYTHON_CONFIG=$ac_cv_path_ac_pt_PYTHON_CONFIG
-if test -n "$ac_pt_PYTHON_CONFIG"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PYTHON_CONFIG" >&5
-printf "%s\n" "$ac_pt_PYTHON_CONFIG" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_pt_PYTHON_CONFIG" = x; then
- PYTHON_CONFIG=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- PYTHON_CONFIG=$ac_pt_PYTHON_CONFIG
- fi
-else
- PYTHON_CONFIG="$ac_cv_path_PYTHON_CONFIG"
-fi
-
- if test -z "$PYTHON_CONFIG"; then
- as_fn_error $? "Cannot find python$PYTHON_VERSION-config in your system path" "$LINENO" 5
- fi
-
- #
- # Check for a version of Python >= 2.1.0
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a version of Python >= '2.1.0'" >&5
-printf %s "checking for a version of Python >= '2.1.0'... " >&6; }
- ac_supports_python_ver=`$PYTHON -c "import sys; \
- ver = sys.version.split()[0]; \
- sys.stdout.write(str(ver >= '2.1.0'))"`
- if test "$ac_supports_python_ver" != "True"; then
- if test -z "$PYTHON_NOVERSIONCHECK"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "
-This version of the AC_PYTHON_DEVEL macro
-doesn't work properly with versions of Python before
-2.1.0. You may need to re-run configure, setting the
-variables PYTHON_CPPFLAGS, PYTHON_LDFLAGS, PYTHON_SITE_PKG,
-PYTHON_EXTRA_LIBS and PYTHON_EXTRA_LDFLAGS by hand.
-Moreover, to disable this check, set PYTHON_NOVERSIONCHECK
-to something else than an empty string.
-
-See \`config.log' for more details" "$LINENO" 5; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: skip at user request" >&5
-printf "%s\n" "skip at user request" >&6; }
- fi
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- fi
-
- #
- # if the macro parameter ``version'' is set, honour it
- #
- if test -n ""; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a version of Python " >&5
-printf %s "checking for a version of Python ... " >&6; }
- ac_supports_python_ver=`$PYTHON -c "import sys; \
- ver = sys.version.split()[0]; \
- sys.stdout.write("%s\n" % (ver == ))"`
- if test "$ac_supports_python_ver" = "True"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- as_fn_error $? "this package requires Python .
-If you have it installed, but it isn't the default Python
-interpreter in your system path, please pass the PYTHON_VERSION
-variable to configure. See \`\`configure --help'' for reference.
-" "$LINENO" 5
- PYTHON_VERSION=""
- fi
- fi
-
- #
- # Check if you have setuptools, else fail
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for the setuptools Python package" >&5
-printf %s "checking for the setuptools Python package... " >&6; }
- ac_setuptools_result=`$PYTHON -c "import setuptools" 2>&1`
- if test -z "$ac_setuptools_result"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- as_fn_error $? "cannot import Python module \"setuptools\".
-Please check your Python installation. The error was:
-$ac_setuptools_result" "$LINENO" 5
- PYTHON_VERSION=""
- fi
-
- #
- # Check for Python include path
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python include path" >&5
-printf %s "checking for Python include path... " >&6; }
- if type $PYTHON_CONFIG; then
- PYTHON_CPPFLAGS=`$PYTHON_CONFIG --includes`
- fi
- if test -z "$PYTHON_CPPFLAGS"; then
- python_path=`$PYTHON -c "import sys; import sysconfig;\
-sys.stdout.write('%s\n' % sysconfig.get_path('include'));"`
- if test -n "${python_path}"; then
- python_path="-I$python_path"
- fi
- PYTHON_CPPFLAGS=$python_path
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CPPFLAGS" >&5
-printf "%s\n" "$PYTHON_CPPFLAGS" >&6; }
-
-
- #
- # Check for Python library path
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python library path" >&5
-printf %s "checking for Python library path... " >&6; }
- if type $PYTHON_CONFIG; then
- PYTHON_LDFLAGS=`$PYTHON_CONFIG --ldflags`
- fi
- if test -z "$PYTHON_LDFLAGS"; then
- # (makes two attempts to ensure we've got a version number
- # from the interpreter)
- py_version=`$PYTHON -c "import sys; import sysconfig; \
-sys.stdout.write('%s\n' % ''.join(sysconfig.get_config_vars('VERSION')))"`
- if test "$py_version" == "None"; then
- if test -n "$PYTHON_VERSION"; then
- py_version=$PYTHON_VERSION
- else
- py_version=`$PYTHON -c "import sys; \
-sys.stdout.write("%s\n" % sys.version[:3])"`
- fi
- fi
-
- PYTHON_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
-sys.stdout.write('-L' + sysconfig.get_path('stdlib') + ' -lpython\n')"`$py_version`$PYTHON -c \
-"import sys; sys.stdout.write('%s' % getattr(sys,'abiflags',''))"`
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LDFLAGS" >&5
-printf "%s\n" "$PYTHON_LDFLAGS" >&6; }
-
-
- #
- # Check for site packages
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python site-packages path" >&5
-printf %s "checking for Python site-packages path... " >&6; }
- if test -z "$PYTHON_SITE_PKG"; then
- PYTHON_SITE_PKG=`$PYTHON -c "import sys; import sysconfig; \
-sys.stdout.write('%s\n' % sysconfig.get_path('purelib'));"`
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_SITE_PKG" >&5
-printf "%s\n" "$PYTHON_SITE_PKG" >&6; }
-
-
- #
- # libraries which must be linked in when embedding
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking python extra libraries" >&5
-printf %s "checking python extra libraries... " >&6; }
- if type $PYTHON_CONFIG; then
- PYTHON_EXTRA_LIBS=`$PYTHON_CONFIG --libs --embed` || \
- PYTHON_EXTRA_LIBS=''
- fi
- if test -z "$PYTHON_EXTRA_LIBS"; then
- PYTHON_EXTRA_LIBS=`$PYTHON -c "import sys; import sysconfig; \
-conf = sysconfig.get_config_var; \
-sys.stdout.write('%s %s %s\n' % (conf('BLDLIBRARY'), conf('LOCALMODLIBS'), conf('LIBS')))"`
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LIBS" >&5
-printf "%s\n" "$PYTHON_EXTRA_LIBS" >&6; }
-
-
- #
- # linking flags needed when embedding
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking python extra linking flags" >&5
-printf %s "checking python extra linking flags... " >&6; }
- if type $PYTHON_CONFIG; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON_CONFIG --ldflags --embed` || \
- PYTHON_EXTRA_LDFLAGS=''
- fi
- if test -z "$PYTHON_EXTRA_LDFLAGS"; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
-conf = sysconfig.get_config_var; \
-sys.stdout.write('%s\n' % conf('LINKFORSHARED'))"`
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LDFLAGS" >&5
-printf "%s\n" "$PYTHON_EXTRA_LDFLAGS" >&6; }
-
-
- #
- # final check to see if everything compiles alright
- #
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking consistency of all components of python development environment" >&5
-printf %s "checking consistency of all components of python development environment... " >&6; }
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- # save current global flags
- ac_save_LIBS="$LIBS"
- ac_save_CPPFLAGS="$CPPFLAGS"
- LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
- CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
- #include <Python.h>
-
-int
-main (void)
-{
-
- Py_Initialize();
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- pythonexists=yes
-else $as_nop
- pythonexists=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $pythonexists" >&5
-printf "%s\n" "$pythonexists" >&6; }
-
- if test ! "$pythonexists" = "yes"; then
- as_fn_error $? "
- Could not link test program to Python. Maybe the main Python library has been
- installed in some non-standard library path. If so, pass it to configure,
- via the LDFLAGS environment variable.
- Example: ./configure LDFLAGS=\"-L/usr/non-standard-path/python/lib\"
- ============================================================================
- ERROR!
- You probably have to install the development version of the Python package
- for your distribution. The exact name of this package varies among them.
- ============================================================================
- " "$LINENO" 5
- PYTHON_VERSION=""
- fi
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- # turn back to default flags
- CPPFLAGS="$ac_save_CPPFLAGS"
- LIBS="$ac_save_LIBS"
-
- #
- # all done!
- #
-
-
-
-
-
-
-
- if test -n "$PYTHON"; then
- # If the user set $PYTHON, use it and don't search something else.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version is >= 3.0" >&5
-printf %s "checking whether $PYTHON version is >= 3.0... " >&6; }
- prog="import sys
-# split strings by '.' and convert to numeric. Append some zeros
-# because we need at least 4 digits for the hex conversion.
-# map returns an iterator in Python 3.0 and a list in 2.x
-minver = list(map(int, '3.0'.split('.'))) + [0, 0, 0]
-minverhex = 0
-# xrange is not present in Python 3.0 and range returns an iterator
-for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i]
-sys.exit(sys.hexversion < minverhex)"
- if { echo "$as_me:$LINENO: $PYTHON -c "$prog"" >&5
- ($PYTHON -c "$prog") >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-then :
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- as_fn_error $? "Python interpreter is too old" "$LINENO" 5
-fi
- am_display_PYTHON=$PYTHON
- else
- # Otherwise, try each interpreter until we find one that satisfies
- # VERSION.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a Python interpreter with version >= 3.0" >&5
-printf %s "checking for a Python interpreter with version >= 3.0... " >&6; }
-if test ${am_cv_pathless_PYTHON+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
- for am_cv_pathless_PYTHON in python python2 python3 python3.11 python3.10 python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do
- test "$am_cv_pathless_PYTHON" = none && break
- prog="import sys
-# split strings by '.' and convert to numeric. Append some zeros
-# because we need at least 4 digits for the hex conversion.
-# map returns an iterator in Python 3.0 and a list in 2.x
-minver = list(map(int, '3.0'.split('.'))) + [0, 0, 0]
-minverhex = 0
-# xrange is not present in Python 3.0 and range returns an iterator
-for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i]
-sys.exit(sys.hexversion < minverhex)"
- if { echo "$as_me:$LINENO: $am_cv_pathless_PYTHON -c "$prog"" >&5
- ($am_cv_pathless_PYTHON -c "$prog") >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-then :
- break
-fi
- done
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_pathless_PYTHON" >&5
-printf "%s\n" "$am_cv_pathless_PYTHON" >&6; }
- # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON.
- if test "$am_cv_pathless_PYTHON" = none; then
- PYTHON=:
- else
- # Extract the first word of "$am_cv_pathless_PYTHON", so it can be a program name with args.
-set dummy $am_cv_pathless_PYTHON; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PYTHON+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PYTHON in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PYTHON=$ac_cv_path_PYTHON
-if test -n "$PYTHON"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-printf "%s\n" "$PYTHON" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- fi
- am_display_PYTHON=$am_cv_pathless_PYTHON
- fi
-
-
- if test "$PYTHON" = :; then
- as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5
- else
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5
-printf %s "checking for $am_display_PYTHON version... " >&6; }
-if test ${am_cv_python_version+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- am_cv_python_version=`$PYTHON -c "import sys; print ('%u.%u' % sys.version_info[:2])"`
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5
-printf "%s\n" "$am_cv_python_version" >&6; }
- PYTHON_VERSION=$am_cv_python_version
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5
-printf %s "checking for $am_display_PYTHON platform... " >&6; }
-if test ${am_cv_python_platform+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5
-printf "%s\n" "$am_cv_python_platform" >&6; }
- PYTHON_PLATFORM=$am_cv_python_platform
-
-
- if test "x$prefix" = xNONE; then
- am__usable_prefix=$ac_default_prefix
- else
- am__usable_prefix=$prefix
- fi
-
- # Allow user to request using sys.* values from Python,
- # instead of the GNU $prefix values.
-
-# Check whether --with-python-sys-prefix was given.
-if test ${with_python_sys_prefix+y}
-then :
- withval=$with_python_sys_prefix; am_use_python_sys=:
-else $as_nop
- am_use_python_sys=false
-fi
-
-
- # Allow user to override whatever the default Python prefix is.
-
-# Check whether --with-python_prefix was given.
-if test ${with_python_prefix+y}
-then :
- withval=$with_python_prefix; am_python_prefix_subst=$withval
- am_cv_python_prefix=$withval
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON prefix" >&5
-printf %s "checking for explicit $am_display_PYTHON prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5
-printf "%s\n" "$am_cv_python_prefix" >&6; }
-else $as_nop
-
- if $am_use_python_sys; then
- # using python sys.prefix value, not GNU
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON prefix" >&5
-printf %s "checking for python default $am_display_PYTHON prefix... " >&6; }
-if test ${am_cv_python_prefix+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- am_cv_python_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.prefix)"`
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5
-printf "%s\n" "$am_cv_python_prefix" >&6; }
-
- case $am_cv_python_prefix in
- $am__usable_prefix*)
- am__strip_prefix=`echo "$am__usable_prefix" | sed 's|.|.|g'`
- am_python_prefix_subst=`echo "$am_cv_python_prefix" | sed "s,^$am__strip_prefix,\\${prefix},"`
- ;;
- *)
- am_python_prefix_subst=$am_cv_python_prefix
- ;;
- esac
- else # using GNU prefix value, not python sys.prefix
- am_python_prefix_subst='${prefix}'
- am_python_prefix=$am_python_prefix_subst
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON prefix" >&5
-printf %s "checking for GNU default $am_display_PYTHON prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_prefix" >&5
-printf "%s\n" "$am_python_prefix" >&6; }
- fi
-fi
-
- # Substituting python_prefix_subst value.
- PYTHON_PREFIX=$am_python_prefix_subst
-
-
- # emacs-page Now do it all over again for Python exec_prefix, but with yet
- # another conditional: fall back to regular prefix if that was specified.
-
-# Check whether --with-python_exec_prefix was given.
-if test ${with_python_exec_prefix+y}
-then :
- withval=$with_python_exec_prefix; am_python_exec_prefix_subst=$withval
- am_cv_python_exec_prefix=$withval
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON exec_prefix" >&5
-printf %s "checking for explicit $am_display_PYTHON exec_prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
-printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
-else $as_nop
-
- # no explicit --with-python_exec_prefix, but if
- # --with-python_prefix was given, use its value for python_exec_prefix too.
- if test -n "$with_python_prefix"
-then :
- am_python_exec_prefix_subst=$with_python_prefix
- am_cv_python_exec_prefix=$with_python_prefix
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python_prefix-given $am_display_PYTHON exec_prefix" >&5
-printf %s "checking for python_prefix-given $am_display_PYTHON exec_prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
-printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
-else $as_nop
-
- # Set am__usable_exec_prefix whether using GNU or Python values,
- # since we use that variable for pyexecdir.
- if test "x$exec_prefix" = xNONE; then
- am__usable_exec_prefix=$am__usable_prefix
- else
- am__usable_exec_prefix=$exec_prefix
- fi
- #
- if $am_use_python_sys; then # using python sys.exec_prefix, not GNU
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON exec_prefix" >&5
-printf %s "checking for python default $am_display_PYTHON exec_prefix... " >&6; }
-if test ${am_cv_python_exec_prefix+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- am_cv_python_exec_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.exec_prefix)"`
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
-printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
- case $am_cv_python_exec_prefix in
- $am__usable_exec_prefix*)
- am__strip_prefix=`echo "$am__usable_exec_prefix" | sed 's|.|.|g'`
- am_python_exec_prefix_subst=`echo "$am_cv_python_exec_prefix" | sed "s,^$am__strip_prefix,\\${exec_prefix},"`
- ;;
- *)
- am_python_exec_prefix_subst=$am_cv_python_exec_prefix
- ;;
- esac
- else # using GNU $exec_prefix, not python sys.exec_prefix
- am_python_exec_prefix_subst='${exec_prefix}'
- am_python_exec_prefix=$am_python_exec_prefix_subst
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON exec_prefix" >&5
-printf %s "checking for GNU default $am_display_PYTHON exec_prefix... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_exec_prefix" >&5
-printf "%s\n" "$am_python_exec_prefix" >&6; }
- fi
-fi
-fi
-
- # Substituting python_exec_prefix_subst.
- PYTHON_EXEC_PREFIX=$am_python_exec_prefix_subst
-
-
- # Factor out some code duplication into this shell variable.
- am_python_setup_sysconfig="\
-import sys
-# Prefer sysconfig over distutils.sysconfig, for better compatibility
-# with python 3.x. See automake bug#10227.
-try:
- import sysconfig
-except ImportError:
- can_use_sysconfig = 0
-else:
- can_use_sysconfig = 1
-# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs:
-# <https://github.com/pypa/virtualenv/issues/118>
-try:
- from platform import python_implementation
- if python_implementation() == 'CPython' and sys.version[:3] == '2.7':
- can_use_sysconfig = 0
-except ImportError:
- pass"
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory (pythondir)" >&5
-printf %s "checking for $am_display_PYTHON script directory (pythondir)... " >&6; }
-if test ${am_cv_python_pythondir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test "x$am_cv_python_prefix" = x; then
- am_py_prefix=$am__usable_prefix
- else
- am_py_prefix=$am_cv_python_prefix
- fi
- am_cv_python_pythondir=`$PYTHON -c "
-$am_python_setup_sysconfig
-if can_use_sysconfig:
- if hasattr(sysconfig, 'get_default_scheme'):
- scheme = sysconfig.get_default_scheme()
- else:
- scheme = sysconfig._get_default_scheme()
- if scheme == 'posix_local':
- # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
- scheme = 'posix_prefix'
- sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'})
-else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
-sys.stdout.write(sitedir)"`
- #
- case $am_cv_python_pythondir in
- $am_py_prefix*)
- am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
- am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,\\${PYTHON_PREFIX},"`
- ;;
- *)
- case $am_py_prefix in
- /usr|/System*) ;;
- *) am_cv_python_pythondir="\${PYTHON_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
- ;;
- esac
- ;;
- esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5
-printf "%s\n" "$am_cv_python_pythondir" >&6; }
- pythondir=$am_cv_python_pythondir
-
-
- pkgpythondir=\${pythondir}/$PACKAGE
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory (pyexecdir)" >&5
-printf %s "checking for $am_display_PYTHON extension module directory (pyexecdir)... " >&6; }
-if test ${am_cv_python_pyexecdir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test "x$am_cv_python_exec_prefix" = x; then
- am_py_exec_prefix=$am__usable_exec_prefix
- else
- am_py_exec_prefix=$am_cv_python_exec_prefix
- fi
- am_cv_python_pyexecdir=`$PYTHON -c "
-$am_python_setup_sysconfig
-if can_use_sysconfig:
- if hasattr(sysconfig, 'get_default_scheme'):
- scheme = sysconfig.get_default_scheme()
- else:
- scheme = sysconfig._get_default_scheme()
- if scheme == 'posix_local':
- # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
- scheme = 'posix_prefix'
- sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'})
-else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_exec_prefix')
-sys.stdout.write(sitedir)"`
- #
- case $am_cv_python_pyexecdir in
- $am_py_exec_prefix*)
- am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
- am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,\\${PYTHON_EXEC_PREFIX},"`
- ;;
- *)
- case $am_py_exec_prefix in
- /usr|/System*) ;;
- *) am_cv_python_pyexecdir="\${PYTHON_EXEC_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
- ;;
- esac
- ;;
- esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5
-printf "%s\n" "$am_cv_python_pyexecdir" >&6; }
- pyexecdir=$am_cv_python_pyexecdir
-
-
- pkgpyexecdir=\${pyexecdir}/$PACKAGE
-
-
-
- fi
-
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether perl bindings are enabled" >&5
-printf %s "checking whether perl bindings are enabled... " >&6; }
-
-# Check whether --with-perl was given.
-if test ${with_perl+y}
-then :
- withval=$with_perl; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-printf "%s\n" "$withval" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-if test "$with_perl" = "yes"; then
- test -z "$SWIG" && as_fn_error $? "swig is required when enabling perl bindings" "$LINENO" 5
- # Extract the first word of "perl", so it can be a program name with args.
-set dummy perl; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_PERL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $PERL in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_PERL="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-PERL=$ac_cv_path_PERL
-if test -n "$PERL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
-printf "%s\n" "$PERL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -z "$PERL" && as_fn_error $? "perl is required when enabling perl bindings" "$LINENO" 5
- perl_includedir="`$PERL -e 'use Config; print $Config{archlib}'`/CORE"
- if test -e "$perl_includedir/perl.h"
-then :
- enable_perl=yes
-else $as_nop
- enable_perl=no
-fi
-fi
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ruby bindings are enabled" >&5
-printf %s "checking whether ruby bindings are enabled... " >&6; }
-
-# Check whether --with-ruby was given.
-if test ${with_ruby+y}
-then :
- withval=$with_ruby; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-printf "%s\n" "$withval" >&6; }
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-if test "$with_ruby" = "yes"; then
- test -z "$SWIG" && as_fn_error $? "swig is required when enabling ruby bindings" "$LINENO" 5
- # Extract the first word of "ruby", so it can be a program name with args.
-set dummy ruby; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_path_RUBY+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $RUBY in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_RUBY="$RUBY" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_path_RUBY="$as_dir$ac_word$ac_exec_ext"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-fi
-RUBY=$ac_cv_path_RUBY
-if test -n "$RUBY"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RUBY" >&5
-printf "%s\n" "$RUBY" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -z "$RUBY" && as_fn_error $? "ruby is required when enabling ruby bindings" "$LINENO" 5
-fi
-
-
- if test x$enable_man_pages = xyes; then
- ENABLE_MAN_PAGES_TRUE=
- ENABLE_MAN_PAGES_FALSE='#'
-else
- ENABLE_MAN_PAGES_TRUE='#'
- ENABLE_MAN_PAGES_FALSE=
-fi
-
- if test x$with_python = xyes; then
- HAVE_PYTHON_TRUE=
- HAVE_PYTHON_FALSE='#'
-else
- HAVE_PYTHON_TRUE='#'
- HAVE_PYTHON_FALSE=
-fi
-
- if test x$with_perl = xyes; then
- HAVE_PERL_TRUE=
- HAVE_PERL_FALSE='#'
-else
- HAVE_PERL_TRUE='#'
- HAVE_PERL_FALSE=
-fi
-
- if test x$with_ruby = xyes; then
- HAVE_RUBY_TRUE=
- HAVE_RUBY_FALSE='#'
-else
- HAVE_RUBY_TRUE='#'
- HAVE_RUBY_FALSE=
-fi
-
-
-ac_header= ac_cache=
-for ac_item in $ac_header_c_list
-do
- if test $ac_cache; then
- ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default"
- if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then
- printf "%s\n" "#define $ac_item 1" >> confdefs.h
- fi
- ac_header= ac_cache=
- elif test $ac_header; then
- ac_cache=$ac_item
- else
- ac_header=$ac_item
- fi
-done
-
-
-
-
-
-
-
-
-if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes
-then :
-
-printf "%s\n" "#define STDC_HEADERS 1" >>confdefs.h
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
-printf %s "checking for grep that handles long lines and -e... " >&6; }
-if test ${ac_cv_path_GREP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -z "$GREP"; then
- ac_path_GREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in grep ggrep
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_GREP="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_GREP" || continue
-# Check for GNU ac_path_GREP and select it if it is found.
- # Check for GNU $ac_path_GREP
-case `"$ac_path_GREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" 'GREP' >> "conftest.nl"
- "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_GREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_GREP="$ac_path_GREP"
- ac_path_GREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_GREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_GREP"; then
- as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_GREP=$GREP
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
-printf "%s\n" "$ac_cv_path_GREP" >&6; }
- GREP="$ac_cv_path_GREP"
-
-
-# Autoupdate added the next two lines to ensure that your configure
-# script's behavior did not change. They are probably safe to remove.
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
-printf %s "checking for egrep... " >&6; }
-if test ${ac_cv_path_EGREP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
- then ac_cv_path_EGREP="$GREP -E"
- else
- if test -z "$EGREP"; then
- ac_path_EGREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in egrep
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_EGREP" || continue
-# Check for GNU ac_path_EGREP and select it if it is found.
- # Check for GNU $ac_path_EGREP
-case `"$ac_path_EGREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" 'EGREP' >> "conftest.nl"
- "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_EGREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_EGREP="$ac_path_EGREP"
- ac_path_EGREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_EGREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_EGREP"; then
- as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_EGREP=$EGREP
-fi
-
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
-printf "%s\n" "$ac_cv_path_EGREP" >&6; }
- EGREP="$ac_cv_path_EGREP"
-
-
-
-ac_fn_c_check_header_compile "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
-if test "x$ac_cv_header_unistd_h" = xyes
-then :
- printf "%s\n" "#define HAVE_UNISTD_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
-if test "x$ac_cv_header_stdint_h" = xyes
-then :
- printf "%s\n" "#define HAVE_STDINT_H 1" >>confdefs.h
-
-fi
-ac_fn_c_check_header_compile "$LINENO" "syslog.h" "ac_cv_header_syslog_h" "$ac_includes_default"
-if test "x$ac_cv_header_syslog_h" = xyes
-then :
- printf "%s\n" "#define HAVE_SYSLOG_H 1" >>confdefs.h
-
-fi
-
-
-ac_fn_c_check_func "$LINENO" "asprintf" "ac_cv_func_asprintf"
-if test "x$ac_cv_func_asprintf" = xyes
-then :
- printf "%s\n" "#define HAVE_ASPRINTF 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "__secure_getenv" "ac_cv_func___secure_getenv"
-if test "x$ac_cv_func___secure_getenv" = xyes
-then :
- printf "%s\n" "#define HAVE___SECURE_GETENV 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "secure_getenv" "ac_cv_func_secure_getenv"
-if test "x$ac_cv_func_secure_getenv" = xyes
-then :
- printf "%s\n" "#define HAVE_SECURE_GETENV 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray"
-if test "x$ac_cv_func_reallocarray" = xyes
-then :
- printf "%s\n" "#define HAVE_REALLOCARRAY 1" >>confdefs.h
-
-fi
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
-printf %s "checking for an ANSI C-conforming const... " >&6; }
-if test ${ac_cv_c_const+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
-#ifndef __cplusplus
- /* Ultrix mips cc rejects this sort of thing. */
- typedef int charset[2];
- const charset cs = { 0, 0 };
- /* SunOS 4.1.1 cc rejects this. */
- char const *const *pcpcc;
- char **ppc;
- /* NEC SVR4.0.2 mips cc rejects this. */
- struct point {int x, y;};
- static struct point const zero = {0,0};
- /* IBM XL C 1.02.0.0 rejects this.
- It does not let you subtract one const X* pointer from another in
- an arm of an if-expression whose if-part is not a constant
- expression */
- const char *g = "string";
- pcpcc = &g + (g ? g-g : 0);
- /* HPUX 7.0 cc rejects these. */
- ++pcpcc;
- ppc = (char**) pcpcc;
- pcpcc = (char const *const *) ppc;
- { /* SCO 3.2v4 cc rejects this sort of thing. */
- char tx;
- char *t = &tx;
- char const *s = 0 ? (char *) 0 : (char const *) 0;
-
- *t++ = 0;
- if (s) return 0;
- }
- { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
- int x[] = {25, 17};
- const int *foo = &x[0];
- ++foo;
- }
- { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
- typedef const int *iptr;
- iptr p = 0;
- ++p;
- }
- { /* IBM XL C 1.02.0.0 rejects this sort of thing, saying
- "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
- struct s { int j; const int *ap[3]; } bx;
- struct s *b = &bx; b->j = 5;
- }
- { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
- const int foo = 10;
- if (!foo) return 0;
- }
- return !cs[0] && !zero.x;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- ac_cv_c_const=yes
-else $as_nop
- ac_cv_c_const=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
-printf "%s\n" "$ac_cv_c_const" >&6; }
-if test $ac_cv_c_const = no; then
-
-printf "%s\n" "#define const /**/" >>confdefs.h
-
-fi
-
-case `pwd` in
- *\ * | *\ *)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
-printf "%s\n" "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
-esac
-
-
-
-macro_version='2.4.6'
-macro_revision='2.4.6'
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-ltmain=$ac_aux_dir/ltmain.sh
-
-
-
- # Make sure we can run config.sub.
-$SHELL "${ac_aux_dir}config.sub" sun4 >/dev/null 2>&1 ||
- as_fn_error $? "cannot run $SHELL ${ac_aux_dir}config.sub" "$LINENO" 5
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
-printf %s "checking build system type... " >&6; }
-if test ${ac_cv_build+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_build_alias=$build_alias
-test "x$ac_build_alias" = x &&
- ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"`
-test "x$ac_build_alias" = x &&
- as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
-ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` ||
- as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
-printf "%s\n" "$ac_cv_build" >&6; }
-case $ac_cv_build in
-*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
-esac
-build=$ac_cv_build
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_build
-shift
-build_cpu=$1
-build_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-build_os=$*
-IFS=$ac_save_IFS
-case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
-printf %s "checking host system type... " >&6; }
-if test ${ac_cv_host+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test "x$host_alias" = x; then
- ac_cv_host=$ac_cv_build
-else
- ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` ||
- as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
-printf "%s\n" "$ac_cv_host" >&6; }
-case $ac_cv_host in
-*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
-esac
-host=$ac_cv_host
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_host
-shift
-host_cpu=$1
-host_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-host_os=$*
-IFS=$ac_save_IFS
-case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
-
-
-# Backslashify metacharacters that are still active within
-# double-quoted strings.
-sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\(["`\\]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to delay expansion of an escaped single quote.
-delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-
-ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5
-printf %s "checking how to print strings... " >&6; }
-# Test print first, because it will be a builtin if present.
-if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
- test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
- ECHO='print -r --'
-elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
- ECHO='printf %s\n'
-else
- # Use this function as a fallback that always works.
- func_fallback_echo ()
- {
- eval 'cat <<_LTECHO_EOF
-$1
-_LTECHO_EOF'
- }
- ECHO='func_fallback_echo'
-fi
-
-# func_echo_all arg...
-# Invoke $ECHO with all args, space-separated.
-func_echo_all ()
-{
- $ECHO ""
-}
-
-case $ECHO in
- printf*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: printf" >&5
-printf "%s\n" "printf" >&6; } ;;
- print*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: print -r" >&5
-printf "%s\n" "print -r" >&6; } ;;
- *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: cat" >&5
-printf "%s\n" "cat" >&6; } ;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
-printf %s "checking for a sed that does not truncate output... " >&6; }
-if test ${ac_cv_path_SED+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
- for ac_i in 1 2 3 4 5 6 7; do
- ac_script="$ac_script$as_nl$ac_script"
- done
- echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
- { ac_script=; unset ac_script;}
- if test -z "$SED"; then
- ac_path_SED_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in sed gsed
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_SED" || continue
-# Check for GNU ac_path_SED and select it if it is found.
- # Check for GNU $ac_path_SED
-case `"$ac_path_SED" --version 2>&1` in
-*GNU*)
- ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" '' >> "conftest.nl"
- "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_SED_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_SED="$ac_path_SED"
- ac_path_SED_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_SED_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_SED"; then
- as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
- fi
-else
- ac_cv_path_SED=$SED
-fi
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
-printf "%s\n" "$ac_cv_path_SED" >&6; }
- SED="$ac_cv_path_SED"
- rm -f conftest.sed
-
-test -z "$SED" && SED=sed
-Xsed="$SED -e 1s/^X//"
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
-printf %s "checking for fgrep... " >&6; }
-if test ${ac_cv_path_FGREP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
- then ac_cv_path_FGREP="$GREP -F"
- else
- if test -z "$FGREP"; then
- ac_path_FGREP_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in fgrep
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_FGREP="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_FGREP" || continue
-# Check for GNU ac_path_FGREP and select it if it is found.
- # Check for GNU $ac_path_FGREP
-case `"$ac_path_FGREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
-*)
- ac_count=0
- printf %s 0123456789 >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- printf "%s\n" 'FGREP' >> "conftest.nl"
- "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- as_fn_arith $ac_count + 1 && ac_count=$as_val
- if test $ac_count -gt ${ac_path_FGREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_FGREP="$ac_path_FGREP"
- ac_path_FGREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
- $ac_path_FGREP_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_FGREP"; then
- as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
- fi
-else
- ac_cv_path_FGREP=$FGREP
-fi
-
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
-printf "%s\n" "$ac_cv_path_FGREP" >&6; }
- FGREP="$ac_cv_path_FGREP"
-
-
-test -z "$GREP" && GREP=grep
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-# Check whether --with-gnu-ld was given.
-if test ${with_gnu_ld+y}
-then :
- withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes
-else $as_nop
- with_gnu_ld=no
-fi
-
-ac_prog=ld
-if test yes = "$GCC"; then
- # Check if gcc -print-prog-name=ld gives a path.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
-printf %s "checking for ld used by $CC... " >&6; }
- case $host in
- *-*-mingw*)
- # gcc leaves a trailing carriage return, which upsets mingw
- ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
- *)
- ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
- esac
- case $ac_prog in
- # Accept absolute paths.
- [\\/]* | ?:[\\/]*)
- re_direlt='/[^/][^/]*/\.\./'
- # Canonicalize the pathname of ld
- ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
- while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
- ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
- done
- test -z "$LD" && LD=$ac_prog
- ;;
- "")
- # If it fails, then pretend we aren't using GCC.
- ac_prog=ld
- ;;
- *)
- # If it is relative, then search for the first ld in PATH.
- with_gnu_ld=unknown
- ;;
- esac
-elif test yes = "$with_gnu_ld"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
-printf %s "checking for GNU ld... " >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
-printf %s "checking for non-GNU ld... " >&6; }
-fi
-if test ${lt_cv_path_LD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -z "$LD"; then
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
- lt_cv_path_LD=$ac_dir/$ac_prog
- # Check to see if the program is GNU ld. I'd rather use --version,
- # but apparently some variants of GNU ld only accept -v.
- # Break only if it was the GNU/non-GNU ld that we prefer.
- case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
- *GNU* | *'with BFD'*)
- test no != "$with_gnu_ld" && break
- ;;
- *)
- test yes != "$with_gnu_ld" && break
- ;;
- esac
- fi
- done
- IFS=$lt_save_ifs
-else
- lt_cv_path_LD=$LD # Let the user override the test with a path.
-fi
-fi
-
-LD=$lt_cv_path_LD
-if test -n "$LD"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
-printf "%s\n" "$LD" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
-printf %s "checking if the linker ($LD) is GNU ld... " >&6; }
-if test ${lt_cv_prog_gnu_ld+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- # I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
- lt_cv_prog_gnu_ld=yes
- ;;
-*)
- lt_cv_prog_gnu_ld=no
- ;;
-esac
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
-printf "%s\n" "$lt_cv_prog_gnu_ld" >&6; }
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
-printf %s "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
-if test ${lt_cv_path_NM+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$NM"; then
- # Let the user override the test.
- lt_cv_path_NM=$NM
-else
- lt_nm_to_check=${ac_tool_prefix}nm
- if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
- lt_nm_to_check="$lt_nm_to_check nm"
- fi
- for lt_tmp_nm in $lt_nm_to_check; do
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- tmp_nm=$ac_dir/$lt_tmp_nm
- if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
- # Check to see if the nm accepts a BSD-compat flag.
- # Adding the 'sed 1q' prevents false positives on HP-UX, which says:
- # nm: unknown option "B" ignored
- # Tru64's nm complains that /dev/null is an invalid object file
- # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
- case $build_os in
- mingw*) lt_bad_file=conftest.nm/nofile ;;
- *) lt_bad_file=/dev/null ;;
- esac
- case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
- *$lt_bad_file* | *'Invalid file or object type'*)
- lt_cv_path_NM="$tmp_nm -B"
- break 2
- ;;
- *)
- case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
- */dev/null*)
- lt_cv_path_NM="$tmp_nm -p"
- break 2
- ;;
- *)
- lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
- continue # so that we can try to find one that supports BSD flags
- ;;
- esac
- ;;
- esac
- fi
- done
- IFS=$lt_save_ifs
- done
- : ${lt_cv_path_NM=no}
-fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
-printf "%s\n" "$lt_cv_path_NM" >&6; }
-if test no != "$lt_cv_path_NM"; then
- NM=$lt_cv_path_NM
-else
- # Didn't find any BSD compatible name lister, look for dumpbin.
- if test -n "$DUMPBIN"; then :
- # Let the user override the test.
- else
- if test -n "$ac_tool_prefix"; then
- for ac_prog in dumpbin "link -dump"
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_DUMPBIN+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$DUMPBIN"; then
- ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-DUMPBIN=$ac_cv_prog_DUMPBIN
-if test -n "$DUMPBIN"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
-printf "%s\n" "$DUMPBIN" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$DUMPBIN" && break
- done
-fi
-if test -z "$DUMPBIN"; then
- ac_ct_DUMPBIN=$DUMPBIN
- for ac_prog in dumpbin "link -dump"
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_DUMPBIN+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_DUMPBIN"; then
- ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
-if test -n "$ac_ct_DUMPBIN"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
-printf "%s\n" "$ac_ct_DUMPBIN" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$ac_ct_DUMPBIN" && break
-done
-
- if test "x$ac_ct_DUMPBIN" = x; then
- DUMPBIN=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- DUMPBIN=$ac_ct_DUMPBIN
- fi
-fi
-
- case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
- *COFF*)
- DUMPBIN="$DUMPBIN -symbols -headers"
- ;;
- *)
- DUMPBIN=:
- ;;
- esac
- fi
-
- if test : != "$DUMPBIN"; then
- NM=$DUMPBIN
- fi
-fi
-test -z "$NM" && NM=nm
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
-printf %s "checking the name lister ($NM) interface... " >&6; }
-if test ${lt_cv_nm_interface+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_nm_interface="BSD nm"
- echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5)
- (eval "$ac_compile" 2>conftest.err)
- cat conftest.err >&5
- (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
- (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
- cat conftest.err >&5
- (eval echo "\"\$as_me:$LINENO: output\"" >&5)
- cat conftest.out >&5
- if $GREP 'External.*some_variable' conftest.out > /dev/null; then
- lt_cv_nm_interface="MS dumpbin"
- fi
- rm -f conftest*
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
-printf "%s\n" "$lt_cv_nm_interface" >&6; }
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
-printf %s "checking whether ln -s works... " >&6; }
-LN_S=$as_ln_s
-if test "$LN_S" = "ln -s"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
-printf "%s\n" "no, using $LN_S" >&6; }
-fi
-
-# find the maximum length of command line arguments
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
-printf %s "checking the maximum length of command line arguments... " >&6; }
-if test ${lt_cv_sys_max_cmd_len+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- i=0
- teststring=ABCD
-
- case $build_os in
- msdosdjgpp*)
- # On DJGPP, this test can blow up pretty badly due to problems in libc
- # (any single argument exceeding 2000 bytes causes a buffer overrun
- # during glob expansion). Even if it were fixed, the result of this
- # check would be larger than it should be.
- lt_cv_sys_max_cmd_len=12288; # 12K is about right
- ;;
-
- gnu*)
- # Under GNU Hurd, this test is not required because there is
- # no limit to the length of command line arguments.
- # Libtool will interpret -1 as no limit whatsoever
- lt_cv_sys_max_cmd_len=-1;
- ;;
-
- cygwin* | mingw* | cegcc*)
- # On Win9x/ME, this test blows up -- it succeeds, but takes
- # about 5 minutes as the teststring grows exponentially.
- # Worse, since 9x/ME are not pre-emptively multitasking,
- # you end up with a "frozen" computer, even though with patience
- # the test eventually succeeds (with a max line length of 256k).
- # Instead, let's just punt: use the minimum linelength reported by
- # all of the supported platforms: 8192 (on NT/2K/XP).
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- mint*)
- # On MiNT this can take a long time and run out of memory.
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- amigaos*)
- # On AmigaOS with pdksh, this test takes hours, literally.
- # So we just punt and use a minimum line length of 8192.
- lt_cv_sys_max_cmd_len=8192;
- ;;
-
- bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
- # This has been around since 386BSD, at least. Likely further.
- if test -x /sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
- elif test -x /usr/sbin/sysctl; then
- lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
- else
- lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
- fi
- # And add a safety zone
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- ;;
-
- interix*)
- # We know the value 262144 and hardcode it with a safety zone (like BSD)
- lt_cv_sys_max_cmd_len=196608
- ;;
-
- os2*)
- # The test takes a long time on OS/2.
- lt_cv_sys_max_cmd_len=8192
- ;;
-
- osf*)
- # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
- # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
- # nice to cause kernel panics so lets avoid the loop below.
- # First set a reasonable default.
- lt_cv_sys_max_cmd_len=16384
- #
- if test -x /sbin/sysconfig; then
- case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
- *1*) lt_cv_sys_max_cmd_len=-1 ;;
- esac
- fi
- ;;
- sco3.2v5*)
- lt_cv_sys_max_cmd_len=102400
- ;;
- sysv5* | sco5v6* | sysv4.2uw2*)
- kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
- if test -n "$kargmax"; then
- lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'`
- else
- lt_cv_sys_max_cmd_len=32768
- fi
- ;;
- *)
- lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
- if test -n "$lt_cv_sys_max_cmd_len" && \
- test undefined != "$lt_cv_sys_max_cmd_len"; then
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
- else
- # Make teststring a little bigger before we do anything with it.
- # a 1K string should be a reasonable start.
- for i in 1 2 3 4 5 6 7 8; do
- teststring=$teststring$teststring
- done
- SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
- # If test is not a shell built-in, we'll probably end up computing a
- # maximum length that is only half of the actual maximum length, but
- # we can't tell.
- while { test X`env echo "$teststring$teststring" 2>/dev/null` \
- = "X$teststring$teststring"; } >/dev/null 2>&1 &&
- test 17 != "$i" # 1/2 MB should be enough
- do
- i=`expr $i + 1`
- teststring=$teststring$teststring
- done
- # Only check the string length outside the loop.
- lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
- teststring=
- # Add a significant safety factor because C++ compilers can tack on
- # massive amounts of additional arguments before passing them to the
- # linker. It appears as though 1/2 is a usable value.
- lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
- fi
- ;;
- esac
-
-fi
-
-if test -n "$lt_cv_sys_max_cmd_len"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
-printf "%s\n" "$lt_cv_sys_max_cmd_len" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5
-printf "%s\n" "none" >&6; }
-fi
-max_cmd_len=$lt_cv_sys_max_cmd_len
-
-
-
-
-
-
-: ${CP="cp -f"}
-: ${MV="mv -f"}
-: ${RM="rm -f"}
-
-if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
- lt_unset=unset
-else
- lt_unset=false
-fi
-
-
-
-
-
-# test EBCDIC or ASCII
-case `echo X|tr X '\101'` in
- A) # ASCII based system
- # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
- lt_SP2NL='tr \040 \012'
- lt_NL2SP='tr \015\012 \040\040'
- ;;
- *) # EBCDIC based system
- lt_SP2NL='tr \100 \n'
- lt_NL2SP='tr \r\n \100\100'
- ;;
-esac
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5
-printf %s "checking how to convert $build file names to $host format... " >&6; }
-if test ${lt_cv_to_host_file_cmd+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $host in
- *-*-mingw* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
- ;;
- *-*-cygwin* )
- lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
- ;;
- * ) # otherwise, assume *nix
- lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
- ;;
- esac
- ;;
- *-*-cygwin* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
- ;;
- *-*-cygwin* )
- lt_cv_to_host_file_cmd=func_convert_file_noop
- ;;
- * ) # otherwise, assume *nix
- lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
- ;;
- esac
- ;;
- * ) # unhandled hosts (and "normal" native builds)
- lt_cv_to_host_file_cmd=func_convert_file_noop
- ;;
-esac
-
-fi
-
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5
-printf "%s\n" "$lt_cv_to_host_file_cmd" >&6; }
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5
-printf %s "checking how to convert $build file names to toolchain format... " >&6; }
-if test ${lt_cv_to_tool_file_cmd+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- #assume ordinary cross tools, or native build.
-lt_cv_to_tool_file_cmd=func_convert_file_noop
-case $host in
- *-*-mingw* )
- case $build in
- *-*-mingw* ) # actually msys
- lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
- ;;
- esac
- ;;
-esac
-
-fi
-
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5
-printf "%s\n" "$lt_cv_to_tool_file_cmd" >&6; }
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
-printf %s "checking for $LD option to reload object files... " >&6; }
-if test ${lt_cv_ld_reload_flag+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ld_reload_flag='-r'
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
-printf "%s\n" "$lt_cv_ld_reload_flag" >&6; }
-reload_flag=$lt_cv_ld_reload_flag
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-case $host_os in
- cygwin* | mingw* | pw32* | cegcc*)
- if test yes != "$GCC"; then
- reload_cmds=false
- fi
- ;;
- darwin*)
- if test yes = "$GCC"; then
- reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
- else
- reload_cmds='$LD$reload_flag -o $output$reload_objs'
- fi
- ;;
-esac
-
-
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
-set dummy ${ac_tool_prefix}objdump; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_OBJDUMP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$OBJDUMP"; then
- ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OBJDUMP=$ac_cv_prog_OBJDUMP
-if test -n "$OBJDUMP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
-printf "%s\n" "$OBJDUMP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OBJDUMP"; then
- ac_ct_OBJDUMP=$OBJDUMP
- # Extract the first word of "objdump", so it can be a program name with args.
-set dummy objdump; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_OBJDUMP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_OBJDUMP"; then
- ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_OBJDUMP="objdump"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
-if test -n "$ac_ct_OBJDUMP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
-printf "%s\n" "$ac_ct_OBJDUMP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_OBJDUMP" = x; then
- OBJDUMP="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OBJDUMP=$ac_ct_OBJDUMP
- fi
-else
- OBJDUMP="$ac_cv_prog_OBJDUMP"
-fi
-
-test -z "$OBJDUMP" && OBJDUMP=objdump
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
-printf %s "checking how to recognize dependent libraries... " >&6; }
-if test ${lt_cv_deplibs_check_method+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# 'unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# that responds to the $file_magic_cmd with a given extended regex.
-# If you have 'file' or equivalent on your system and you're not sure
-# whether 'pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix[4-9]*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-beos*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-bsdi[45]*)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
- lt_cv_file_magic_cmd='/usr/bin/file -L'
- lt_cv_file_magic_test_file=/shlib/libc.so
- ;;
-
-cygwin*)
- # func_win32_libid is a shell function defined in ltmain.sh
- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
- lt_cv_file_magic_cmd='func_win32_libid'
- ;;
-
-mingw* | pw32*)
- # Base MSYS/MinGW do not provide the 'file' command needed by
- # func_win32_libid shell function, so use a weaker test based on 'objdump',
- # unless we find 'file', for example because we are cross-compiling.
- if ( file / ) >/dev/null 2>&1; then
- lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
- lt_cv_file_magic_cmd='func_win32_libid'
- else
- # Keep this pattern in sync with the one in func_win32_libid.
- lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
- lt_cv_file_magic_cmd='$OBJDUMP -f'
- fi
- ;;
-
-cegcc*)
- # use the weaker test based on 'objdump'. See mingw*.
- lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
- lt_cv_file_magic_cmd='$OBJDUMP -f'
- ;;
-
-darwin* | rhapsody*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-freebsd* | dragonfly*)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
- case $host_cpu in
- i*86 )
- # Not sure whether the presence of OpenBSD here was a mistake.
- # Let's accept both of them until this is cleared up.
- lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
- lt_cv_file_magic_cmd=/usr/bin/file
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
- ;;
- esac
- else
- lt_cv_deplibs_check_method=pass_all
- fi
- ;;
-
-haiku*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-hpux10.20* | hpux11*)
- lt_cv_file_magic_cmd=/usr/bin/file
- case $host_cpu in
- ia64*)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
- lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
- ;;
- hppa*64*)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'
- lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
- ;;
- *)
- lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library'
- lt_cv_file_magic_test_file=/usr/lib/libc.sl
- ;;
- esac
- ;;
-
-interix[3-9]*)
- # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
- ;;
-
-irix5* | irix6* | nonstopux*)
- case $LD in
- *-32|*"-32 ") libmagic=32-bit;;
- *-n32|*"-n32 ") libmagic=N32;;
- *-64|*"-64 ") libmagic=64-bit;;
- *) libmagic=never-match;;
- esac
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
- else
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
- fi
- ;;
-
-newos6*)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
- lt_cv_file_magic_cmd=/usr/bin/file
- lt_cv_file_magic_test_file=/usr/lib/libnls.so
- ;;
-
-*nto* | *qnx*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-openbsd* | bitrig*)
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
- else
- lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
- fi
- ;;
-
-osf3* | osf4* | osf5*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-rdos*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-solaris*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-
-sysv4 | sysv4.3*)
- case $host_vendor in
- motorola)
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
- lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
- ;;
- ncr)
- lt_cv_deplibs_check_method=pass_all
- ;;
- sequent)
- lt_cv_file_magic_cmd='/bin/file'
- lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
- ;;
- sni)
- lt_cv_file_magic_cmd='/bin/file'
- lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
- lt_cv_file_magic_test_file=/lib/libc.so
- ;;
- siemens)
- lt_cv_deplibs_check_method=pass_all
- ;;
- pc)
- lt_cv_deplibs_check_method=pass_all
- ;;
- esac
- ;;
-
-tpf*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-os2*)
- lt_cv_deplibs_check_method=pass_all
- ;;
-esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
-printf "%s\n" "$lt_cv_deplibs_check_method" >&6; }
-
-file_magic_glob=
-want_nocaseglob=no
-if test "$build" = "$host"; then
- case $host_os in
- mingw* | pw32*)
- if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
- want_nocaseglob=yes
- else
- file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"`
- fi
- ;;
- esac
-fi
-
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args.
-set dummy ${ac_tool_prefix}dlltool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_DLLTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$DLLTOOL"; then
- ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-DLLTOOL=$ac_cv_prog_DLLTOOL
-if test -n "$DLLTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5
-printf "%s\n" "$DLLTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_DLLTOOL"; then
- ac_ct_DLLTOOL=$DLLTOOL
- # Extract the first word of "dlltool", so it can be a program name with args.
-set dummy dlltool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_DLLTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_DLLTOOL"; then
- ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_DLLTOOL="dlltool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL
-if test -n "$ac_ct_DLLTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5
-printf "%s\n" "$ac_ct_DLLTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_DLLTOOL" = x; then
- DLLTOOL="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- DLLTOOL=$ac_ct_DLLTOOL
- fi
-else
- DLLTOOL="$ac_cv_prog_DLLTOOL"
-fi
-
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5
-printf %s "checking how to associate runtime and link libraries... " >&6; }
-if test ${lt_cv_sharedlib_from_linklib_cmd+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_sharedlib_from_linklib_cmd='unknown'
-
-case $host_os in
-cygwin* | mingw* | pw32* | cegcc*)
- # two different shell functions defined in ltmain.sh;
- # decide which one to use based on capabilities of $DLLTOOL
- case `$DLLTOOL --help 2>&1` in
- *--identify-strict*)
- lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
- ;;
- *)
- lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
- ;;
- esac
- ;;
-*)
- # fallback: assume linklib IS sharedlib
- lt_cv_sharedlib_from_linklib_cmd=$ECHO
- ;;
-esac
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5
-printf "%s\n" "$lt_cv_sharedlib_from_linklib_cmd" >&6; }
-sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
-test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- for ac_prog in ar
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_AR+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$AR"; then
- ac_cv_prog_AR="$AR" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-AR=$ac_cv_prog_AR
-if test -n "$AR"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
-printf "%s\n" "$AR" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$AR" && break
- done
-fi
-if test -z "$AR"; then
- ac_ct_AR=$AR
- for ac_prog in ar
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_AR+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_AR"; then
- ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_AR="$ac_prog"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_AR=$ac_cv_prog_ac_ct_AR
-if test -n "$ac_ct_AR"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
-printf "%s\n" "$ac_ct_AR" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- test -n "$ac_ct_AR" && break
-done
-
- if test "x$ac_ct_AR" = x; then
- AR="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- AR=$ac_ct_AR
- fi
-fi
-
-: ${AR=ar}
-: ${AR_FLAGS=cr}
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5
-printf %s "checking for archiver @FILE support... " >&6; }
-if test ${lt_cv_ar_at_file+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ar_at_file=no
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"
-then :
- echo conftest.$ac_objext > conftest.lst
- lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5'
- { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
- (eval $lt_ar_try) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if test 0 -eq "$ac_status"; then
- # Ensure the archiver fails upon bogus file names.
- rm -f conftest.$ac_objext libconftest.a
- { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
- (eval $lt_ar_try) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- if test 0 -ne "$ac_status"; then
- lt_cv_ar_at_file=@
- fi
- fi
- rm -f conftest.* libconftest.a
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5
-printf "%s\n" "$lt_cv_ar_at_file" >&6; }
-
-if test no = "$lt_cv_ar_at_file"; then
- archiver_list_spec=
-else
- archiver_list_spec=$lt_cv_ar_at_file
-fi
-
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
-set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$STRIP"; then
- ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-STRIP=$ac_cv_prog_STRIP
-if test -n "$STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-printf "%s\n" "$STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_STRIP"; then
- ac_ct_STRIP=$STRIP
- # Extract the first word of "strip", so it can be a program name with args.
-set dummy strip; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_STRIP+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_STRIP"; then
- ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_STRIP="strip"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
-if test -n "$ac_ct_STRIP"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-printf "%s\n" "$ac_ct_STRIP" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_STRIP" = x; then
- STRIP=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- STRIP=$ac_ct_STRIP
- fi
-else
- STRIP="$ac_cv_prog_STRIP"
-fi
-
-test -z "$STRIP" && STRIP=:
-
-
-
-
-
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
-set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_RANLIB+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$RANLIB"; then
- ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-RANLIB=$ac_cv_prog_RANLIB
-if test -n "$RANLIB"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
-printf "%s\n" "$RANLIB" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_RANLIB"; then
- ac_ct_RANLIB=$RANLIB
- # Extract the first word of "ranlib", so it can be a program name with args.
-set dummy ranlib; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_RANLIB+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_RANLIB"; then
- ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_RANLIB="ranlib"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
-if test -n "$ac_ct_RANLIB"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
-printf "%s\n" "$ac_ct_RANLIB" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_RANLIB" = x; then
- RANLIB=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- RANLIB=$ac_ct_RANLIB
- fi
-else
- RANLIB="$ac_cv_prog_RANLIB"
-fi
-
-test -z "$RANLIB" && RANLIB=:
-
-
-
-
-
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
- case $host_os in
- bitrig* | openbsd*)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
- ;;
- *)
- old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
- ;;
- esac
- old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
-fi
-
-case $host_os in
- darwin*)
- lock_old_archive_extraction=yes ;;
- *)
- lock_old_archive_extraction=no ;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
-printf %s "checking command to parse $NM output from $compiler object... " >&6; }
-if test ${lt_cv_sys_global_symbol_pipe+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
-
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix. What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[BCDEGRST]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
-
-# Define system-specific variables.
-case $host_os in
-aix*)
- symcode='[BCDT]'
- ;;
-cygwin* | mingw* | pw32* | cegcc*)
- symcode='[ABCDGISTW]'
- ;;
-hpux*)
- if test ia64 = "$host_cpu"; then
- symcode='[ABCDEGRST]'
- fi
- ;;
-irix* | nonstopux*)
- symcode='[BCDEGRST]'
- ;;
-osf*)
- symcode='[BCDEGQRST]'
- ;;
-solaris*)
- symcode='[BDRT]'
- ;;
-sco3.2v5*)
- symcode='[DT]'
- ;;
-sysv4.2uw2*)
- symcode='[DT]'
- ;;
-sysv5* | sco5v6* | unixware* | OpenUNIX*)
- symcode='[ABDT]'
- ;;
-sysv4)
- symcode='[DFNSTU]'
- ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-case `$NM -V 2>&1` in
-*GNU* | *'with BFD'*)
- symcode='[ABCDGIRSTW]' ;;
-esac
-
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- # Gets list of data symbols to import.
- lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
- # Adjust the below global symbol transforms to fixup imported variables.
- lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
- lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'"
- lt_c_name_lib_hook="\
- -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\
- -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'"
-else
- # Disable hooks by default.
- lt_cv_sys_global_symbol_to_import=
- lt_cdecl_hook=
- lt_c_name_hook=
- lt_c_name_lib_hook=
-fi
-
-# Transform an extracted symbol line into a proper C declaration.
-# Some systems (esp. on ia64) link data and code symbols differently,
-# so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
-$lt_cdecl_hook\
-" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
-$lt_c_name_hook\
-" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'"
-
-# Transform an extracted symbol line into symbol name with lib prefix and
-# symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
-$lt_c_name_lib_hook\
-" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'"
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $build_os in
-mingw*)
- opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
- ;;
-esac
-
-# Try without a prefix underscore, then with it.
-for ac_symprfx in "" "_"; do
-
- # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
- symxfrm="\\1 $ac_symprfx\\2 \\2"
-
- # Write the raw and C identifiers.
- if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- # Fake it for dumpbin and say T for any non-static function,
- # D for any global variable and I for any imported variable.
- # Also find C++ and __fastcall symbols from MSVC++,
- # which start with @ or ?.
- lt_cv_sys_global_symbol_pipe="$AWK '"\
-" {last_section=section; section=\$ 3};"\
-" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
-" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
-" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
-" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
-" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
-" \$ 0!~/External *\|/{next};"\
-" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
-" {if(hide[section]) next};"\
-" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
-" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
-" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
-" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
-" ' prfx=^$ac_symprfx"
- else
- lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
- fi
- lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
-
- # Check to see that the pipe works correctly.
- pipe_works=no
-
- rm -f conftest*
- cat > conftest.$ac_ext <<_LT_EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(void);
-void nm_test_func(void){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-_LT_EOF
-
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- # Now try to grab the symbols.
- nlist=conftest.nm
- $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&5
- if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&5 && test -s "$nlist"; then
- # Try sorting and uniquifying the output.
- if sort "$nlist" | uniq > "$nlist"T; then
- mv -f "$nlist"T "$nlist"
- else
- rm -f "$nlist"T
- fi
-
- # Make sure that we snagged all the symbols we need.
- if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
- if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
- cat <<_LT_EOF > conftest.$ac_ext
-/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */
-#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
-/* DATA imports from DLLs on WIN32 can't be const, because runtime
- relocations are performed -- see ld's documentation on pseudo-relocs. */
-# define LT_DLSYM_CONST
-#elif defined __osf__
-/* This system does not cope well with relocations in const data. */
-# define LT_DLSYM_CONST
-#else
-# define LT_DLSYM_CONST const
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-_LT_EOF
- # Now generate the symbol file.
- eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
-
- cat <<_LT_EOF >> conftest.$ac_ext
-
-/* The mapping between symbol names and symbols. */
-LT_DLSYM_CONST struct {
- const char *name;
- void *address;
-}
-lt__PROGRAM__LTX_preloaded_symbols[] =
-{
- { "@PROGRAM@", (void *) 0 },
-_LT_EOF
- $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
- cat <<\_LT_EOF >> conftest.$ac_ext
- {0, (void *) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
- return lt__PROGRAM__LTX_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-_LT_EOF
- # Now try linking the two files.
- mv conftest.$ac_objext conftstm.$ac_objext
- lt_globsym_save_LIBS=$LIBS
- lt_globsym_save_CFLAGS=$CFLAGS
- LIBS=conftstm.$ac_objext
- CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s conftest$ac_exeext; then
- pipe_works=yes
- fi
- LIBS=$lt_globsym_save_LIBS
- CFLAGS=$lt_globsym_save_CFLAGS
- else
- echo "cannot find nm_test_func in $nlist" >&5
- fi
- else
- echo "cannot find nm_test_var in $nlist" >&5
- fi
- else
- echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
- fi
- else
- echo "$progname: failed program was:" >&5
- cat conftest.$ac_ext >&5
- fi
- rm -rf conftest* conftst*
-
- # Do not use the global_symbol_pipe unless it works.
- if test yes = "$pipe_works"; then
- break
- else
- lt_cv_sys_global_symbol_pipe=
- fi
-done
-
-fi
-
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
- lt_cv_sys_global_symbol_to_cdecl=
-fi
-if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: failed" >&5
-printf "%s\n" "failed" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok" >&5
-printf "%s\n" "ok" >&6; }
-fi
-
-# Response file support.
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
- nm_file_list_spec='@'
-elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then
- nm_file_list_spec='@'
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5
-printf %s "checking for sysroot... " >&6; }
-
-# Check whether --with-sysroot was given.
-if test ${with_sysroot+y}
-then :
- withval=$with_sysroot;
-else $as_nop
- with_sysroot=no
-fi
-
-
-lt_sysroot=
-case $with_sysroot in #(
- yes)
- if test yes = "$GCC"; then
- lt_sysroot=`$CC --print-sysroot 2>/dev/null`
- fi
- ;; #(
- /*)
- lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
- ;; #(
- no|'')
- ;; #(
- *)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5
-printf "%s\n" "$with_sysroot" >&6; }
- as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5
- ;;
-esac
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5
-printf "%s\n" "${lt_sysroot:-no}" >&6; }
-
-
-
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5
-printf %s "checking for a working dd... " >&6; }
-if test ${ac_cv_path_lt_DD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-: ${lt_DD:=$DD}
-if test -z "$lt_DD"; then
- ac_path_lt_DD_found=false
- # Loop through the user's path and test for each of PROGNAME-LIST
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_prog in dd
- do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_lt_DD="$as_dir$ac_prog$ac_exec_ext"
- as_fn_executable_p "$ac_path_lt_DD" || continue
-if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
- cmp -s conftest.i conftest.out \
- && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
-fi
- $ac_path_lt_DD_found && break 3
- done
- done
- done
-IFS=$as_save_IFS
- if test -z "$ac_cv_path_lt_DD"; then
- :
- fi
-else
- ac_cv_path_lt_DD=$lt_DD
-fi
-
-rm -f conftest.i conftest2.i conftest.out
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5
-printf "%s\n" "$ac_cv_path_lt_DD" >&6; }
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5
-printf %s "checking how to truncate binary pipes... " >&6; }
-if test ${lt_cv_truncate_bin+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-lt_cv_truncate_bin=
-if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
- cmp -s conftest.i conftest.out \
- && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
-fi
-rm -f conftest.i conftest2.i conftest.out
-test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5
-printf "%s\n" "$lt_cv_truncate_bin" >&6; }
-
-
-
-
-
-
-
-# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
- for cc_temp in $*""; do
- case $cc_temp in
- compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
- distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
- \-*) ;;
- *) break;;
- esac
- done
- func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-
-# Check whether --enable-libtool-lock was given.
-if test ${enable_libtool_lock+y}
-then :
- enableval=$enable_libtool_lock;
-fi
-
-test no = "$enable_libtool_lock" || enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-ia64-*-hpux*)
- # Find out what ABI is being produced by ac_compile, and set mode
- # options accordingly.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.$ac_objext` in
- *ELF-32*)
- HPUX_IA64_MODE=32
- ;;
- *ELF-64*)
- HPUX_IA64_MODE=64
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-*-*-irix6*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo '#line '$LINENO' "configure"' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- if test yes = "$lt_cv_prog_gnu_ld"; then
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- LD="${LD-ld} -melf32bsmip"
- ;;
- *N32*)
- LD="${LD-ld} -melf32bmipn32"
- ;;
- *64-bit*)
- LD="${LD-ld} -melf64bmip"
- ;;
- esac
- else
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- LD="${LD-ld} -32"
- ;;
- *N32*)
- LD="${LD-ld} -n32"
- ;;
- *64-bit*)
- LD="${LD-ld} -64"
- ;;
- esac
- fi
- fi
- rm -rf conftest*
- ;;
-
-mips64*-*linux*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo '#line '$LINENO' "configure"' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- emul=elf
- case `/usr/bin/file conftest.$ac_objext` in
- *32-bit*)
- emul="${emul}32"
- ;;
- *64-bit*)
- emul="${emul}64"
- ;;
- esac
- case `/usr/bin/file conftest.$ac_objext` in
- *MSB*)
- emul="${emul}btsmip"
- ;;
- *LSB*)
- emul="${emul}ltsmip"
- ;;
- esac
- case `/usr/bin/file conftest.$ac_objext` in
- *N32*)
- emul="${emul}n32"
- ;;
- esac
- LD="${LD-ld} -m $emul"
- fi
- rm -rf conftest*
- ;;
-
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
-s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly. Note that the listed cases only cover the
- # situations where additional linker options are needed (such as when
- # doing 32-bit compilation for a host where ld defaults to 64-bit, or
- # vice versa); the common cases where no linker options are needed do
- # not appear in the list.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.o` in
- *32-bit*)
- case $host in
- x86_64-*kfreebsd*-gnu)
- LD="${LD-ld} -m elf_i386_fbsd"
- ;;
- x86_64-*linux*)
- case `/usr/bin/file conftest.o` in
- *x86-64*)
- LD="${LD-ld} -m elf32_x86_64"
- ;;
- *)
- LD="${LD-ld} -m elf_i386"
- ;;
- esac
- ;;
- powerpc64le-*linux*)
- LD="${LD-ld} -m elf32lppclinux"
- ;;
- powerpc64-*linux*)
- LD="${LD-ld} -m elf32ppclinux"
- ;;
- s390x-*linux*)
- LD="${LD-ld} -m elf_s390"
- ;;
- sparc64-*linux*)
- LD="${LD-ld} -m elf32_sparc"
- ;;
- esac
- ;;
- *64-bit*)
- case $host in
- x86_64-*kfreebsd*-gnu)
- LD="${LD-ld} -m elf_x86_64_fbsd"
- ;;
- x86_64-*linux*)
- LD="${LD-ld} -m elf_x86_64"
- ;;
- powerpcle-*linux*)
- LD="${LD-ld} -m elf64lppc"
- ;;
- powerpc-*linux*)
- LD="${LD-ld} -m elf64ppc"
- ;;
- s390*-*linux*|s390*-*tpf*)
- LD="${LD-ld} -m elf64_s390"
- ;;
- sparc*-*linux*)
- LD="${LD-ld} -m elf64_sparc"
- ;;
- esac
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-
-*-*-sco3.2v5*)
- # On SCO OpenServer 5, we need -belf to get full-featured binaries.
- SAVE_CFLAGS=$CFLAGS
- CFLAGS="$CFLAGS -belf"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
-printf %s "checking whether the C compiler needs -belf... " >&6; }
-if test ${lt_cv_cc_needs_belf+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- lt_cv_cc_needs_belf=yes
-else $as_nop
- lt_cv_cc_needs_belf=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
-printf "%s\n" "$lt_cv_cc_needs_belf" >&6; }
- if test yes != "$lt_cv_cc_needs_belf"; then
- # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
- CFLAGS=$SAVE_CFLAGS
- fi
- ;;
-*-*solaris*)
- # Find out what ABI is being produced by ac_compile, and set linker
- # options accordingly.
- echo 'int i;' > conftest.$ac_ext
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- case `/usr/bin/file conftest.o` in
- *64-bit*)
- case $lt_cv_prog_gnu_ld in
- yes*)
- case $host in
- i?86-*-solaris*|x86_64-*-solaris*)
- LD="${LD-ld} -m elf_x86_64"
- ;;
- sparc*-*-solaris*)
- LD="${LD-ld} -m elf64_sparc"
- ;;
- esac
- # GNU ld 2.21 introduced _sol2 emulations. Use them if available.
- if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
- LD=${LD-ld}_sol2
- fi
- ;;
- *)
- if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
- LD="${LD-ld} -64"
- fi
- ;;
- esac
- ;;
- esac
- fi
- rm -rf conftest*
- ;;
-esac
-
-need_locks=$enable_libtool_lock
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args.
-set dummy ${ac_tool_prefix}mt; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_MANIFEST_TOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$MANIFEST_TOOL"; then
- ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL
-if test -n "$MANIFEST_TOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5
-printf "%s\n" "$MANIFEST_TOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_MANIFEST_TOOL"; then
- ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL
- # Extract the first word of "mt", so it can be a program name with args.
-set dummy mt; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_MANIFEST_TOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_MANIFEST_TOOL"; then
- ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_MANIFEST_TOOL="mt"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL
-if test -n "$ac_ct_MANIFEST_TOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5
-printf "%s\n" "$ac_ct_MANIFEST_TOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_MANIFEST_TOOL" = x; then
- MANIFEST_TOOL=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL
- fi
-else
- MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL"
-fi
-
-test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5
-printf %s "checking if $MANIFEST_TOOL is a manifest tool... " >&6; }
-if test ${lt_cv_path_mainfest_tool+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_path_mainfest_tool=no
- echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5
- $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
- cat conftest.err >&5
- if $GREP 'Manifest Tool' conftest.out > /dev/null; then
- lt_cv_path_mainfest_tool=yes
- fi
- rm -f conftest*
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5
-printf "%s\n" "$lt_cv_path_mainfest_tool" >&6; }
-if test yes != "$lt_cv_path_mainfest_tool"; then
- MANIFEST_TOOL=:
-fi
-
-
-
-
-
-
- case $host_os in
- rhapsody* | darwin*)
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
-set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_DSYMUTIL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$DSYMUTIL"; then
- ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-DSYMUTIL=$ac_cv_prog_DSYMUTIL
-if test -n "$DSYMUTIL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
-printf "%s\n" "$DSYMUTIL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_DSYMUTIL"; then
- ac_ct_DSYMUTIL=$DSYMUTIL
- # Extract the first word of "dsymutil", so it can be a program name with args.
-set dummy dsymutil; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_DSYMUTIL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_DSYMUTIL"; then
- ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
-if test -n "$ac_ct_DSYMUTIL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
-printf "%s\n" "$ac_ct_DSYMUTIL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_DSYMUTIL" = x; then
- DSYMUTIL=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- DSYMUTIL=$ac_ct_DSYMUTIL
- fi
-else
- DSYMUTIL="$ac_cv_prog_DSYMUTIL"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
-set dummy ${ac_tool_prefix}nmedit; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_NMEDIT+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$NMEDIT"; then
- ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-NMEDIT=$ac_cv_prog_NMEDIT
-if test -n "$NMEDIT"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
-printf "%s\n" "$NMEDIT" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_NMEDIT"; then
- ac_ct_NMEDIT=$NMEDIT
- # Extract the first word of "nmedit", so it can be a program name with args.
-set dummy nmedit; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_NMEDIT+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_NMEDIT"; then
- ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_NMEDIT="nmedit"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
-if test -n "$ac_ct_NMEDIT"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
-printf "%s\n" "$ac_ct_NMEDIT" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_NMEDIT" = x; then
- NMEDIT=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- NMEDIT=$ac_ct_NMEDIT
- fi
-else
- NMEDIT="$ac_cv_prog_NMEDIT"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
-set dummy ${ac_tool_prefix}lipo; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_LIPO+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$LIPO"; then
- ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-LIPO=$ac_cv_prog_LIPO
-if test -n "$LIPO"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
-printf "%s\n" "$LIPO" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_LIPO"; then
- ac_ct_LIPO=$LIPO
- # Extract the first word of "lipo", so it can be a program name with args.
-set dummy lipo; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_LIPO+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_LIPO"; then
- ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_LIPO="lipo"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
-if test -n "$ac_ct_LIPO"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
-printf "%s\n" "$ac_ct_LIPO" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_LIPO" = x; then
- LIPO=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- LIPO=$ac_ct_LIPO
- fi
-else
- LIPO="$ac_cv_prog_LIPO"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
-set dummy ${ac_tool_prefix}otool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_OTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$OTOOL"; then
- ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OTOOL=$ac_cv_prog_OTOOL
-if test -n "$OTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
-printf "%s\n" "$OTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OTOOL"; then
- ac_ct_OTOOL=$OTOOL
- # Extract the first word of "otool", so it can be a program name with args.
-set dummy otool; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_OTOOL+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_OTOOL"; then
- ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_OTOOL="otool"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
-if test -n "$ac_ct_OTOOL"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
-printf "%s\n" "$ac_ct_OTOOL" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_OTOOL" = x; then
- OTOOL=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OTOOL=$ac_ct_OTOOL
- fi
-else
- OTOOL="$ac_cv_prog_OTOOL"
-fi
-
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
-set dummy ${ac_tool_prefix}otool64; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_OTOOL64+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$OTOOL64"; then
- ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-OTOOL64=$ac_cv_prog_OTOOL64
-if test -n "$OTOOL64"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
-printf "%s\n" "$OTOOL64" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_OTOOL64"; then
- ac_ct_OTOOL64=$OTOOL64
- # Extract the first word of "otool64", so it can be a program name with args.
-set dummy otool64; ac_word=$2
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-printf %s "checking for $ac_word... " >&6; }
-if test ${ac_cv_prog_ac_ct_OTOOL64+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test -n "$ac_ct_OTOOL64"; then
- ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_OTOOL64="otool64"
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
-if test -n "$ac_ct_OTOOL64"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
-printf "%s\n" "$ac_ct_OTOOL64" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
- if test "x$ac_ct_OTOOL64" = x; then
- OTOOL64=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
- OTOOL64=$ac_ct_OTOOL64
- fi
-else
- OTOOL64="$ac_cv_prog_OTOOL64"
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
-printf %s "checking for -single_module linker flag... " >&6; }
-if test ${lt_cv_apple_cc_single_mod+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_apple_cc_single_mod=no
- if test -z "$LT_MULTI_MODULE"; then
- # By default we will add the -single_module flag. You can override
- # by either setting the environment variable LT_MULTI_MODULE
- # non-empty at configure time, or by adding -multi_module to the
- # link flags.
- rm -rf libconftest.dylib*
- echo "int foo(void){return 1;}" > conftest.c
- echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
--dynamiclib -Wl,-single_module conftest.c" >&5
- $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
- -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
- _lt_result=$?
- # If there is a non-empty error log, and "single_module"
- # appears in it, assume the flag caused a linker warning
- if test -s conftest.err && $GREP single_module conftest.err; then
- cat conftest.err >&5
- # Otherwise, if the output was created with a 0 exit code from
- # the compiler, it worked.
- elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
- lt_cv_apple_cc_single_mod=yes
- else
- cat conftest.err >&5
- fi
- rm -rf libconftest.dylib*
- rm -f conftest.*
- fi
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
-printf "%s\n" "$lt_cv_apple_cc_single_mod" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
-printf %s "checking for -exported_symbols_list linker flag... " >&6; }
-if test ${lt_cv_ld_exported_symbols_list+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ld_exported_symbols_list=no
- save_LDFLAGS=$LDFLAGS
- echo "_main" > conftest.sym
- LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- lt_cv_ld_exported_symbols_list=yes
-else $as_nop
- lt_cv_ld_exported_symbols_list=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
-printf "%s\n" "$lt_cv_ld_exported_symbols_list" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5
-printf %s "checking for -force_load linker flag... " >&6; }
-if test ${lt_cv_ld_force_load+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_ld_force_load=no
- cat > conftest.c << _LT_EOF
-int forced_loaded() { return 2;}
-_LT_EOF
- echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5
- $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5
- echo "$AR cr libconftest.a conftest.o" >&5
- $AR cr libconftest.a conftest.o 2>&5
- echo "$RANLIB libconftest.a" >&5
- $RANLIB libconftest.a 2>&5
- cat > conftest.c << _LT_EOF
-int main() { return 0;}
-_LT_EOF
- echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5
- $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
- _lt_result=$?
- if test -s conftest.err && $GREP force_load conftest.err; then
- cat conftest.err >&5
- elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
- lt_cv_ld_force_load=yes
- else
- cat conftest.err >&5
- fi
- rm -f conftest.err libconftest.a conftest conftest.c
- rm -rf conftest.dSYM
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5
-printf "%s\n" "$lt_cv_ld_force_load" >&6; }
- case $host_os in
- rhapsody* | darwin1.[012])
- _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
- darwin1.*)
- _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- darwin*) # darwin 5.x on
- # if running on 10.5 or later, the deployment target defaults
- # to the OS version, if on x86, and 10.4, the deployment
- # target defaults to 10.4. Don't you love it?
- case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
- 10.0,*86*-darwin8*|10.0,*-darwin[912]*)
- _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
- 10.[012][,.]*)
- _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- 10.*|11.*)
- _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
- esac
- ;;
- esac
- if test yes = "$lt_cv_apple_cc_single_mod"; then
- _lt_dar_single_mod='$single_module'
- fi
- if test yes = "$lt_cv_ld_exported_symbols_list"; then
- _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
- else
- _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
- fi
- if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
- _lt_dsymutil='~$DSYMUTIL $lib || :'
- else
- _lt_dsymutil=
- fi
- ;;
- esac
-
-# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-# string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-# string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-# string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-# "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-# VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
- case x$2 in
- x)
- ;;
- *:)
- eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\"
- ;;
- x:*)
- eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\"
- ;;
- *::*)
- eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
- eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\"
- ;;
- *)
- eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\"
- ;;
- esac
-}
-
-ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
-"
-if test "x$ac_cv_header_dlfcn_h" = xyes
-then :
- printf "%s\n" "#define HAVE_DLFCN_H 1" >>confdefs.h
-
-fi
-
-
-
-
-
-# Set options
-
-
-
- enable_dlopen=no
-
-
- enable_win32_dll=no
-
-
- # Check whether --enable-shared was given.
-if test ${enable_shared+y}
-then :
- enableval=$enable_shared; p=${PACKAGE-default}
- case $enableval in
- yes) enable_shared=yes ;;
- no) enable_shared=no ;;
- *)
- enable_shared=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_shared=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- enable_shared=yes
-fi
-
-
-
-
-
-
-
-
-
- # Check whether --enable-static was given.
-if test ${enable_static+y}
-then :
- enableval=$enable_static; p=${PACKAGE-default}
- case $enableval in
- yes) enable_static=yes ;;
- no) enable_static=no ;;
- *)
- enable_static=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_static=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- enable_static=yes
-fi
-
-
-
-
-
-
-
-
-
-
-# Check whether --with-pic was given.
-if test ${with_pic+y}
-then :
- withval=$with_pic; lt_p=${PACKAGE-default}
- case $withval in
- yes|no) pic_mode=$withval ;;
- *)
- pic_mode=default
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for lt_pkg in $withval; do
- IFS=$lt_save_ifs
- if test "X$lt_pkg" = "X$lt_p"; then
- pic_mode=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- pic_mode=default
-fi
-
-
-
-
-
-
-
-
- # Check whether --enable-fast-install was given.
-if test ${enable_fast_install+y}
-then :
- enableval=$enable_fast_install; p=${PACKAGE-default}
- case $enableval in
- yes) enable_fast_install=yes ;;
- no) enable_fast_install=no ;;
- *)
- enable_fast_install=no
- # Look at the argument we got. We use all the common list separators.
- lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
- for pkg in $enableval; do
- IFS=$lt_save_ifs
- if test "X$pkg" = "X$p"; then
- enable_fast_install=yes
- fi
- done
- IFS=$lt_save_ifs
- ;;
- esac
-else $as_nop
- enable_fast_install=yes
-fi
-
-
-
-
-
-
-
-
- shared_archive_member_spec=
-case $host,$enable_shared in
-power*-*-aix[5-9]*,yes)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5
-printf %s "checking which variant of shared library versioning to provide... " >&6; }
-
-# Check whether --with-aix-soname was given.
-if test ${with_aix_soname+y}
-then :
- withval=$with_aix_soname; case $withval in
- aix|svr4|both)
- ;;
- *)
- as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5
- ;;
- esac
- lt_cv_with_aix_soname=$with_aix_soname
-else $as_nop
- if test ${lt_cv_with_aix_soname+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_with_aix_soname=aix
-fi
-
- with_aix_soname=$lt_cv_with_aix_soname
-fi
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5
-printf "%s\n" "$with_aix_soname" >&6; }
- if test aix != "$with_aix_soname"; then
- # For the AIX way of multilib, we name the shared archive member
- # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
- # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
- # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
- # the AIX toolchain works better with OBJECT_MODE set (default 32).
- if test 64 = "${OBJECT_MODE-32}"; then
- shared_archive_member_spec=shr_64
- else
- shared_archive_member_spec=shr
- fi
- fi
- ;;
-*)
- with_aix_soname=aix
- ;;
-esac
-
-
-
-
-
-
-
-
-
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS=$ltmain
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-test -z "$LN_S" && LN_S="ln -s"
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-if test -n "${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
-fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
-printf %s "checking for objdir... " >&6; }
-if test ${lt_cv_objdir+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
- lt_cv_objdir=.libs
-else
- # MS-DOS does not allow filenames that begin with a dot.
- lt_cv_objdir=_libs
-fi
-rmdir .libs 2>/dev/null
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
-printf "%s\n" "$lt_cv_objdir" >&6; }
-objdir=$lt_cv_objdir
-
-
-
-
-
-printf "%s\n" "#define LT_OBJDIR \"$lt_cv_objdir/\"" >>confdefs.h
-
-
-
-
-case $host_os in
-aix3*)
- # AIX sometimes has problems with the GCC collect2 program. For some
- # reason, if we set the COLLECT_NAMES environment variable, the problems
- # vanish in a puff of smoke.
- if test set != "${COLLECT_NAMES+set}"; then
- COLLECT_NAMES=
- export COLLECT_NAMES
- fi
- ;;
-esac
-
-# Global variables:
-ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-old_CC=$CC
-old_CFLAGS=$CFLAGS
-
-# Set sane defaults for various variables
-test -z "$CC" && CC=cc
-test -z "$LTCC" && LTCC=$CC
-test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
-test -z "$LD" && LD=ld
-test -z "$ac_objext" && ac_objext=o
-
-func_cc_basename $compiler
-cc_basename=$func_cc_basename_result
-
-
-# Only perform the check for file, if the check method requires it
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-case $deplibs_check_method in
-file_magic*)
- if test "$file_magic_cmd" = '$MAGIC_CMD'; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
-printf %s "checking for ${ac_tool_prefix}file... " >&6; }
-if test ${lt_cv_path_MAGIC_CMD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $MAGIC_CMD in
-[\\/*] | ?:[\\/]*)
- lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
- ;;
-*)
- lt_save_MAGIC_CMD=$MAGIC_CMD
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
- for ac_dir in $ac_dummy; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/${ac_tool_prefix}file"; then
- lt_cv_path_MAGIC_CMD=$ac_dir/"${ac_tool_prefix}file"
- if test -n "$file_magic_test_file"; then
- case $deplibs_check_method in
- "file_magic "*)
- file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD=$lt_cv_path_MAGIC_CMD
- if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
- $EGREP "$file_magic_regex" > /dev/null; then
- :
- else
- cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such. This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem. Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
- fi ;;
- esac
- fi
- break
- fi
- done
- IFS=$lt_save_ifs
- MAGIC_CMD=$lt_save_MAGIC_CMD
- ;;
-esac
-fi
-
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-printf "%s\n" "$MAGIC_CMD" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
-
-
-
-if test -z "$lt_cv_path_MAGIC_CMD"; then
- if test -n "$ac_tool_prefix"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for file" >&5
-printf %s "checking for file... " >&6; }
-if test ${lt_cv_path_MAGIC_CMD+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- case $MAGIC_CMD in
-[\\/*] | ?:[\\/]*)
- lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
- ;;
-*)
- lt_save_MAGIC_CMD=$MAGIC_CMD
- lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
- ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
- for ac_dir in $ac_dummy; do
- IFS=$lt_save_ifs
- test -z "$ac_dir" && ac_dir=.
- if test -f "$ac_dir/file"; then
- lt_cv_path_MAGIC_CMD=$ac_dir/"file"
- if test -n "$file_magic_test_file"; then
- case $deplibs_check_method in
- "file_magic "*)
- file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
- MAGIC_CMD=$lt_cv_path_MAGIC_CMD
- if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
- $EGREP "$file_magic_regex" > /dev/null; then
- :
- else
- cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such. This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem. Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
- fi ;;
- esac
- fi
- break
- fi
- done
- IFS=$lt_save_ifs
- MAGIC_CMD=$lt_save_MAGIC_CMD
- ;;
-esac
-fi
-
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-printf "%s\n" "$MAGIC_CMD" >&6; }
-else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
-fi
-
-
- else
- MAGIC_CMD=:
- fi
-fi
-
- fi
- ;;
-esac
-
-# Use C for the default configuration in the libtool script
-
-lt_save_CC=$CC
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-# Source file extension for C test sources.
-ac_ext=c
-
-# Object file extension for compiled C test sources.
-objext=o
-objext=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}'
-
-
-
-
-
-
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-
-# Save the default compiler, since it gets overwritten when the other
-# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
-compiler_DEFAULT=$CC
-
-# save warnings/boilerplate of simple test code
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$RM conftest*
-
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$RM -r conftest*
-
-
-if test -n "$compiler"; then
-
-lt_prog_compiler_no_builtin_flag=
-
-if test yes = "$GCC"; then
- case $cc_basename in
- nvcc*)
- lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;;
- *)
- lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;;
- esac
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
-printf %s "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
-if test ${lt_cv_prog_compiler_rtti_exceptions+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_rtti_exceptions=no
- ac_outfile=conftest.$ac_objext
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="-fno-rtti -fno-exceptions" ## exclude from sc_useless_quotes_in_assignment
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- # The option is referenced via a variable to avoid confusing sed.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>conftest.err)
- ac_status=$?
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s "$ac_outfile"; then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings other than the usual output.
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_rtti_exceptions=yes
- fi
- fi
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
-printf "%s\n" "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
-
-if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then
- lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
-else
- :
-fi
-
-fi
-
-
-
-
-
-
- lt_prog_compiler_wl=
-lt_prog_compiler_pic=
-lt_prog_compiler_static=
-
-
- if test yes = "$GCC"; then
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_static='-static'
-
- case $host_os in
- aix*)
- # All AIX code is PIC.
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- lt_prog_compiler_static='-Bstatic'
- fi
- lt_prog_compiler_pic='-fPIC'
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- lt_prog_compiler_pic='-fPIC'
- ;;
- m68k)
- # FIXME: we need at least 68020 code to build shared libraries, but
- # adding the '-m68020' flag to GCC prevents building anything better,
- # like '-m68040'.
- lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
- ;;
- esac
- ;;
-
- beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
- # PIC is the default for these OSes.
- ;;
-
- mingw* | cygwin* | pw32* | os2* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- # Although the cygwin gcc ignores -fPIC, still need this for old-style
- # (--disable-auto-import) libraries
- lt_prog_compiler_pic='-DDLL_EXPORT'
- case $host_os in
- os2*)
- lt_prog_compiler_static='$wl-static'
- ;;
- esac
- ;;
-
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- lt_prog_compiler_pic='-fno-common'
- ;;
-
- haiku*)
- # PIC is the default for Haiku.
- # The "-static" flag exists, but is broken.
- lt_prog_compiler_static=
- ;;
-
- hpux*)
- # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
- # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
- # sets the default TLS model and affects inlining.
- case $host_cpu in
- hppa*64*)
- # +Z the default
- ;;
- *)
- lt_prog_compiler_pic='-fPIC'
- ;;
- esac
- ;;
-
- interix[3-9]*)
- # Interix 3.x gcc -fpic/-fPIC options generate broken code.
- # Instead, we relocate shared libraries at runtime.
- ;;
-
- msdosdjgpp*)
- # Just because we use GCC doesn't mean we suddenly get shared libraries
- # on systems that don't support them.
- lt_prog_compiler_can_build_shared=no
- enable_shared=no
- ;;
-
- *nto* | *qnx*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- lt_prog_compiler_pic='-fPIC -shared'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- lt_prog_compiler_pic=-Kconform_pic
- fi
- ;;
-
- *)
- lt_prog_compiler_pic='-fPIC'
- ;;
- esac
-
- case $cc_basename in
- nvcc*) # Cuda Compiler Driver 2.2
- lt_prog_compiler_wl='-Xlinker '
- if test -n "$lt_prog_compiler_pic"; then
- lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic"
- fi
- ;;
- esac
- else
- # PORTME Check for flag to pass linker flags through the system compiler.
- case $host_os in
- aix*)
- lt_prog_compiler_wl='-Wl,'
- if test ia64 = "$host_cpu"; then
- # AIX 5 now supports IA64 processor
- lt_prog_compiler_static='-Bstatic'
- else
- lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
- fi
- ;;
-
- darwin* | rhapsody*)
- # PIC is the default on this platform
- # Common symbols not allowed in MH_DYLIB files
- lt_prog_compiler_pic='-fno-common'
- case $cc_basename in
- nagfor*)
- # NAG Fortran compiler
- lt_prog_compiler_wl='-Wl,-Wl,,'
- lt_prog_compiler_pic='-PIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
- esac
- ;;
-
- mingw* | cygwin* | pw32* | os2* | cegcc*)
- # This hack is so that the source file can tell whether it is being
- # built for inclusion in a dll (and should export symbols for example).
- lt_prog_compiler_pic='-DDLL_EXPORT'
- case $host_os in
- os2*)
- lt_prog_compiler_static='$wl-static'
- ;;
- esac
- ;;
-
- hpux9* | hpux10* | hpux11*)
- lt_prog_compiler_wl='-Wl,'
- # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
- # not for PA HP-UX.
- case $host_cpu in
- hppa*64*|ia64*)
- # +Z the default
- ;;
- *)
- lt_prog_compiler_pic='+Z'
- ;;
- esac
- # Is there a better lt_prog_compiler_static that works with the bundled CC?
- lt_prog_compiler_static='$wl-a ${wl}archive'
- ;;
-
- irix5* | irix6* | nonstopux*)
- lt_prog_compiler_wl='-Wl,'
- # PIC (with -KPIC) is the default.
- lt_prog_compiler_static='-non_shared'
- ;;
-
- linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- case $cc_basename in
- # old Intel for x86_64, which still supported -KPIC.
- ecc*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-static'
- ;;
- # flang / f18. f95 an alias for gfortran or flang on Debian
- flang* | f18* | f95*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- # icc used to be incompatible with GCC.
- # ICC 10 doesn't accept -KPIC any more.
- icc* | ifort*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- # Lahey Fortran 8.1.
- lf95*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='--shared'
- lt_prog_compiler_static='--static'
- ;;
- nagfor*)
- # NAG Fortran compiler
- lt_prog_compiler_wl='-Wl,-Wl,,'
- lt_prog_compiler_pic='-PIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
- tcc*)
- # Fabrice Bellard et al's Tiny C Compiler
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
- # Portland Group compilers (*not* the Pentium gcc compiler,
- # which looks to be a dead project)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fpic'
- lt_prog_compiler_static='-Bstatic'
- ;;
- ccc*)
- lt_prog_compiler_wl='-Wl,'
- # All Alpha code is PIC.
- lt_prog_compiler_static='-non_shared'
- ;;
- xl* | bgxl* | bgf* | mpixl*)
- # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-qpic'
- lt_prog_compiler_static='-qstaticlink'
- ;;
- *)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*)
- # Sun Fortran 8.3 passes all unrecognized flags to the linker
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl=''
- ;;
- *Sun\ F* | *Sun*Fortran*)
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl='-Qoption ld '
- ;;
- *Sun\ C*)
- # Sun C 5.9
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- lt_prog_compiler_wl='-Wl,'
- ;;
- *Intel*\ [CF]*Compiler*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fPIC'
- lt_prog_compiler_static='-static'
- ;;
- *Portland\ Group*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-fpic'
- lt_prog_compiler_static='-Bstatic'
- ;;
- esac
- ;;
- esac
- ;;
-
- newsos6)
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- *nto* | *qnx*)
- # QNX uses GNU C++, but need to define -shared option too, otherwise
- # it will coredump.
- lt_prog_compiler_pic='-fPIC -shared'
- ;;
-
- osf3* | osf4* | osf5*)
- lt_prog_compiler_wl='-Wl,'
- # All OSF/1 code is PIC.
- lt_prog_compiler_static='-non_shared'
- ;;
-
- rdos*)
- lt_prog_compiler_static='-non_shared'
- ;;
-
- solaris*)
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- case $cc_basename in
- f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
- lt_prog_compiler_wl='-Qoption ld ';;
- *)
- lt_prog_compiler_wl='-Wl,';;
- esac
- ;;
-
- sunos4*)
- lt_prog_compiler_wl='-Qoption ld '
- lt_prog_compiler_pic='-PIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- sysv4 | sysv4.2uw2* | sysv4.3*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- lt_prog_compiler_pic='-Kconform_pic'
- lt_prog_compiler_static='-Bstatic'
- fi
- ;;
-
- sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_pic='-KPIC'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- unicos*)
- lt_prog_compiler_wl='-Wl,'
- lt_prog_compiler_can_build_shared=no
- ;;
-
- uts4*)
- lt_prog_compiler_pic='-pic'
- lt_prog_compiler_static='-Bstatic'
- ;;
-
- *)
- lt_prog_compiler_can_build_shared=no
- ;;
- esac
- fi
-
-case $host_os in
- # For platforms that do not support PIC, -DPIC is meaningless:
- *djgpp*)
- lt_prog_compiler_pic=
- ;;
- *)
- lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC"
- ;;
-esac
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
-printf %s "checking for $compiler option to produce PIC... " >&6; }
-if test ${lt_cv_prog_compiler_pic+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_pic=$lt_prog_compiler_pic
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5
-printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; }
-lt_prog_compiler_pic=$lt_cv_prog_compiler_pic
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$lt_prog_compiler_pic"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
-printf %s "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
-if test ${lt_cv_prog_compiler_pic_works+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_pic_works=no
- ac_outfile=conftest.$ac_objext
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
- lt_compiler_flag="$lt_prog_compiler_pic -DPIC" ## exclude from sc_useless_quotes_in_assignment
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- # The option is referenced via a variable to avoid confusing sed.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>conftest.err)
- ac_status=$?
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s "$ac_outfile"; then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings other than the usual output.
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_pic_works=yes
- fi
- fi
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
-printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; }
-
-if test yes = "$lt_cv_prog_compiler_pic_works"; then
- case $lt_prog_compiler_pic in
- "" | " "*) ;;
- *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
- esac
-else
- lt_prog_compiler_pic=
- lt_prog_compiler_can_build_shared=no
-fi
-
-fi
-
-
-
-
-
-
-
-
-
-
-
-#
-# Check to make sure the static flag actually works.
-#
-wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
-printf %s "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
-if test ${lt_cv_prog_compiler_static_works+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_static_works=no
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
- echo "$lt_simple_link_test_code" > conftest.$ac_ext
- if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
- # The linker can only warn and ignore the option if not recognized
- # So say no if there are warnings
- if test -s conftest.err; then
- # Append any errors to the config.log.
- cat conftest.err 1>&5
- $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_static_works=yes
- fi
- else
- lt_cv_prog_compiler_static_works=yes
- fi
- fi
- $RM -r conftest*
- LDFLAGS=$save_LDFLAGS
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
-printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; }
-
-if test yes = "$lt_cv_prog_compiler_static_works"; then
- :
-else
- lt_prog_compiler_static=
-fi
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if test ${lt_cv_prog_compiler_c_o+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_c_o=no
- $RM -r conftest 2>/dev/null
- mkdir conftest
- cd conftest
- mkdir out
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- lt_compiler_flag="-o out/conftest2.$ac_objext"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>out/conftest.err)
- ac_status=$?
- cat out/conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s out/conftest2.$ac_objext
- then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
- $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
- if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_c_o=yes
- fi
- fi
- chmod u+w . 2>&5
- $RM conftest*
- # SGI C++ compiler will create directory out/ii_files/ for
- # template instantiation
- test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
- $RM out/* && rmdir out
- cd ..
- $RM -r conftest
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if test ${lt_cv_prog_compiler_c_o+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler_c_o=no
- $RM -r conftest 2>/dev/null
- mkdir conftest
- cd conftest
- mkdir out
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- lt_compiler_flag="-o out/conftest2.$ac_objext"
- # Insert the option either (1) after the last *FLAGS variable, or
- # (2) before a word containing "conftest.", or (3) at the end.
- # Note that $ac_compile itself does not contain backslashes and begins
- # with a dollar sign (not a hyphen), so the echo should work correctly.
- lt_compile=`echo "$ac_compile" | $SED \
- -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
- -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
- -e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
- (eval "$lt_compile" 2>out/conftest.err)
- ac_status=$?
- cat out/conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- if (exit $ac_status) && test -s out/conftest2.$ac_objext
- then
- # The compiler can only warn and ignore the option if not recognized
- # So say no if there are warnings
- $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
- $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
- if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
- lt_cv_prog_compiler_c_o=yes
- fi
- fi
- chmod u+w . 2>&5
- $RM conftest*
- # SGI C++ compiler will create directory out/ii_files/ for
- # template instantiation
- test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
- $RM out/* && rmdir out
- cd ..
- $RM -r conftest
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
-
-
-
-
-hard_links=nottested
-if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then
- # do not overwrite the value of need_locks provided by the user
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
-printf %s "checking if we can lock with hard links... " >&6; }
- hard_links=yes
- $RM conftest*
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- touch conftest.a
- ln conftest.a conftest.b 2>&5 || hard_links=no
- ln conftest.a conftest.b 2>/dev/null && hard_links=no
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
-printf "%s\n" "$hard_links" >&6; }
- if test no = "$hard_links"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5
-printf "%s\n" "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;}
- need_locks=warn
- fi
-else
- need_locks=no
-fi
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-printf %s "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
-
- runpath_var=
- allow_undefined_flag=
- always_export_symbols=no
- archive_cmds=
- archive_expsym_cmds=
- compiler_needs_object=no
- enable_shared_with_static_runtimes=no
- export_dynamic_flag_spec=
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
- hardcode_automatic=no
- hardcode_direct=no
- hardcode_direct_absolute=no
- hardcode_libdir_flag_spec=
- hardcode_libdir_separator=
- hardcode_minus_L=no
- hardcode_shlibpath_var=unsupported
- inherit_rpath=no
- link_all_deplibs=unknown
- module_cmds=
- module_expsym_cmds=
- old_archive_from_new_cmds=
- old_archive_from_expsyms_cmds=
- thread_safe_flag_spec=
- whole_archive_flag_spec=
- # include_expsyms should be a list of space-separated symbols to be *always*
- # included in the symbol list
- include_expsyms=
- # exclude_expsyms can be an extended regexp of symbols to exclude
- # it will be wrapped by ' (' and ')$', so one must not match beginning or
- # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
- # as well as any symbol that contains 'd'.
- exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
- # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
- # platforms (ab)use it in PIC code, but their linkers get confused if
- # the symbol is explicitly referenced. Since portable code cannot
- # rely on this symbol name, it's probably fine to never include it in
- # preloaded symbol tables.
- # Exclude shared library initialization/finalization symbols.
- extract_expsyms_cmds=
-
- case $host_os in
- cygwin* | mingw* | pw32* | cegcc*)
- # FIXME: the MSVC++ port hasn't been tested in a loooong time
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- if test yes != "$GCC"; then
- with_gnu_ld=no
- fi
- ;;
- interix*)
- # we just hope/assume this is gcc and not c89 (= MSVC++)
- with_gnu_ld=yes
- ;;
- openbsd* | bitrig*)
- with_gnu_ld=no
- ;;
- linux* | k*bsd*-gnu | gnu*)
- link_all_deplibs=no
- ;;
- esac
-
- ld_shlibs=yes
-
- # On some targets, GNU ld is compatible enough with the native linker
- # that we're better off using the native interface for both.
- lt_use_gnu_ld_interface=no
- if test yes = "$with_gnu_ld"; then
- case $host_os in
- aix*)
- # The AIX port of GNU ld has always aspired to compatibility
- # with the native linker. However, as the warning in the GNU ld
- # block says, versions before 2.19.5* couldn't really create working
- # shared libraries, regardless of the interface used.
- case `$LD -v 2>&1` in
- *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
- *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;;
- *\ \(GNU\ Binutils\)\ [3-9]*) ;;
- *)
- lt_use_gnu_ld_interface=yes
- ;;
- esac
- ;;
- *)
- lt_use_gnu_ld_interface=yes
- ;;
- esac
- fi
-
- if test yes = "$lt_use_gnu_ld_interface"; then
- # If archive_cmds runs LD, not CC, wlarc should be empty
- wlarc='$wl'
-
- # Set some defaults for GNU ld with shared library support. These
- # are reset later if shared libraries are not supported. Putting them
- # here allows them to be overridden if necessary.
- runpath_var=LD_RUN_PATH
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- export_dynamic_flag_spec='$wl--export-dynamic'
- # ancient GNU ld didn't support --whole-archive et. al.
- if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
- whole_archive_flag_spec=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
- else
- whole_archive_flag_spec=
- fi
- supports_anon_versioning=no
- case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in
- *GNU\ gold*) supports_anon_versioning=yes ;;
- *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
- *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
- *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
- *\ 2.11.*) ;; # other 2.11 versions
- *) supports_anon_versioning=yes ;;
- esac
-
- # See if GNU ld supports shared libraries.
- case $host_os in
- aix[3-9]*)
- # On AIX/PPC, the GNU linker is very broken
- if test ia64 != "$host_cpu"; then
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.19, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support. If you
-*** really care for shared libraries, you may want to install binutils
-*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
-*** You will then need to restart the configuration process.
-
-_LT_EOF
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds=''
- ;;
- m68k)
- archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- ;;
- esac
- ;;
-
- beos*)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- allow_undefined_flag=unsupported
- # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
- # support --undefined. This deserves some investigation. FIXME
- archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
- # as there is no search path for DLLs.
- hardcode_libdir_flag_spec='-L$libdir'
- export_dynamic_flag_spec='$wl--export-all-symbols'
- allow_undefined_flag=unsupported
- always_export_symbols=no
- enable_shared_with_static_runtimes=yes
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols'
- exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'
-
- if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- # If the export-symbols file already is a .def file, use it as
- # is; otherwise, prepend EXPORTS...
- archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then
- cp $export_symbols $output_objdir/$soname.def;
- else
- echo EXPORTS > $output_objdir/$soname.def;
- cat $export_symbols >> $output_objdir/$soname.def;
- fi~
- $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- haiku*)
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- link_all_deplibs=yes
- ;;
-
- os2*)
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- allow_undefined_flag=unsupported
- shrext_cmds=.dll
- archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- prefix_cmds="$SED"~
- if test EXPORTS = "`$SED 1q $export_symbols`"; then
- prefix_cmds="$prefix_cmds -e 1d";
- fi~
- prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
- cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
- enable_shared_with_static_runtimes=yes
- ;;
-
- interix[3-9]*)
- hardcode_direct=no
- hardcode_shlibpath_var=no
- hardcode_libdir_flag_spec='$wl-rpath,$libdir'
- export_dynamic_flag_spec='$wl-E'
- # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
- # Instead, shared libraries are loaded at an image base (0x10000000 by
- # default) and relocated if they conflict, which is a slow very memory
- # consuming and fragmenting process. To avoid this, we pick a random,
- # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
- # time. Moving up from 0x10000000 also allows more sbrk(2) space.
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
- ;;
-
- gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
- tmp_diet=no
- if test linux-dietlibc = "$host_os"; then
- case $cc_basename in
- diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
- esac
- fi
- if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
- && test no = "$tmp_diet"
- then
- tmp_addflag=' $pic_flag'
- tmp_sharedflag='-shared'
- case $cc_basename,$host_cpu in
- pgcc*) # Portland Group C compiler
- whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- tmp_addflag=' $pic_flag'
- ;;
- pgf77* | pgf90* | pgf95* | pgfortran*)
- # Portland Group f77 and f90 compilers
- whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- tmp_addflag=' $pic_flag -Mnomain' ;;
- ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
- tmp_addflag=' -i_dynamic' ;;
- efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
- tmp_addflag=' -i_dynamic -nofor_main' ;;
- ifc* | ifort*) # Intel Fortran compiler
- tmp_addflag=' -nofor_main' ;;
- lf95*) # Lahey Fortran 8.1
- whole_archive_flag_spec=
- tmp_sharedflag='--shared' ;;
- nagfor*) # NAGFOR 5.3
- tmp_sharedflag='-Wl,-shared' ;;
- xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below)
- tmp_sharedflag='-qmkshrobj'
- tmp_addflag= ;;
- nvcc*) # Cuda Compiler Driver 2.2
- whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- compiler_needs_object=yes
- ;;
- esac
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*) # Sun C 5.9
- whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
- compiler_needs_object=yes
- tmp_sharedflag='-G' ;;
- *Sun\ F*) # Sun Fortran 8.3
- tmp_sharedflag='-G' ;;
- esac
- archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-
- if test yes = "$supports_anon_versioning"; then
- archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
- fi
-
- case $cc_basename in
- tcc*)
- export_dynamic_flag_spec='-rdynamic'
- ;;
- xlf* | bgf* | bgxlf* | mpixlf*)
- # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
- whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
- if test yes = "$supports_anon_versioning"; then
- archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
- cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
- echo "local: *; };" >> $output_objdir/$libname.ver~
- $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
- fi
- ;;
- esac
- else
- ld_shlibs=no
- fi
- ;;
-
- netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
- wlarc=
- else
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- fi
- ;;
-
- solaris*)
- if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems. Therefore, libtool
-*** is disabling shared libraries support. We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer. Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
- elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
-
- sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
- case `$LD -v 2>&1` in
- *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
- ld_shlibs=no
- cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
-*** reliably create shared libraries on SCO systems. Therefore, libtool
-*** is disabling shared libraries support. We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
- ;;
- *)
- # For security reasons, it is highly recommended that you always
- # use absolute paths for naming shared libraries, and exclude the
- # DT_RUNPATH tag from executables and libraries. But doing so
- # requires that you compile everything twice, which is a pain.
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
- esac
- ;;
-
- sunos4*)
- archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- wlarc=
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- *)
- if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
- else
- ld_shlibs=no
- fi
- ;;
- esac
-
- if test no = "$ld_shlibs"; then
- runpath_var=
- hardcode_libdir_flag_spec=
- export_dynamic_flag_spec=
- whole_archive_flag_spec=
- fi
- else
- # PORTME fill in a description of your system's linker (not GNU ld)
- case $host_os in
- aix3*)
- allow_undefined_flag=unsupported
- always_export_symbols=yes
- archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
- # Note: this linker hardcodes the directories in LIBPATH if there
- # are no directories specified by -L.
- hardcode_minus_L=yes
- if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
- # Neither direct hardcoding nor static linking is supported with a
- # broken collect2.
- hardcode_direct=unsupported
- fi
- ;;
-
- aix[4-9]*)
- if test ia64 = "$host_cpu"; then
- # On IA64, the linker does run time linking by default, so we don't
- # have to do anything special.
- aix_use_runtimelinking=no
- exp_sym_flag='-Bexport'
- no_entry_flag=
- else
- # If we're using GNU nm, then we don't want the "-C" option.
- # -C means demangle to GNU nm, but means don't demangle to AIX nm.
- # Without the "-l" option, or with the "-B" option, AIX nm treats
- # weak defined symbols like other global defined symbols, whereas
- # GNU nm marks them as "W".
- # While the 'weak' keyword is ignored in the Export File, we need
- # it in the Import File for the 'aix-soname' feature, so we have
- # to replace the "-B" option with "-P" for AIX nm.
- if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
- export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
- else
- export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
- fi
- aix_use_runtimelinking=no
-
- # Test if we are trying to use run time linking or normal
- # AIX style linking. If -brtl is somewhere in LDFLAGS, we
- # have runtime linking enabled, and use it for executables.
- # For shared libraries, we enable/disable runtime linking
- # depending on the kind of the shared library created -
- # when "with_aix_soname,aix_use_runtimelinking" is:
- # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables
- # "aix,yes" lib.so shared, rtl:yes, for executables
- # lib.a static archive
- # "both,no" lib.so.V(shr.o) shared, rtl:yes
- # lib.a(lib.so.V) shared, rtl:no, for executables
- # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a(lib.so.V) shared, rtl:no
- # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables
- # lib.a static archive
- case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
- for ld_flag in $LDFLAGS; do
- if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
- aix_use_runtimelinking=yes
- break
- fi
- done
- if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
- # With aix-soname=svr4, we create the lib.so.V shared archives only,
- # so we don't have lib.a shared libs to link our executables.
- # We have to force runtime linking in this case.
- aix_use_runtimelinking=yes
- LDFLAGS="$LDFLAGS -Wl,-brtl"
- fi
- ;;
- esac
-
- exp_sym_flag='-bexport'
- no_entry_flag='-bnoentry'
- fi
-
- # When large executables or shared objects are built, AIX ld can
- # have problems creating the table of contents. If linking a library
- # or program results in "error TOC overflow" add -mminimal-toc to
- # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
- # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
- archive_cmds=''
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- hardcode_libdir_separator=':'
- link_all_deplibs=yes
- file_list_spec='$wl-f,'
- case $with_aix_soname,$aix_use_runtimelinking in
- aix,*) ;; # traditional, no import file
- svr4,* | *,yes) # use import file
- # The Import File defines what to hardcode.
- hardcode_direct=no
- hardcode_direct_absolute=no
- ;;
- esac
-
- if test yes = "$GCC"; then
- case $host_os in aix4.[012]|aix4.[012].*)
- # We only want to do this on AIX 4.2 and lower, the check
- # below for broken collect2 doesn't work under 4.3+
- collect2name=`$CC -print-prog-name=collect2`
- if test -f "$collect2name" &&
- strings "$collect2name" | $GREP resolve_lib_name >/dev/null
- then
- # We have reworked collect2
- :
- else
- # We have old collect2
- hardcode_direct=unsupported
- # It fails to find uninstalled libraries when the uninstalled
- # path is not listed in the libpath. Setting hardcode_minus_L
- # to unsupported forces relinking
- hardcode_minus_L=yes
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_libdir_separator=
- fi
- ;;
- esac
- shared_flag='-shared'
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag="$shared_flag "'$wl-G'
- fi
- # Need to ensure runtime linking is disabled for the traditional
- # shared library, or the linker may eventually find shared libraries
- # /with/ Import File - we do not want to mix them.
- shared_flag_aix='-shared'
- shared_flag_svr4='-shared $wl-G'
- else
- # not using gcc
- if test ia64 = "$host_cpu"; then
- # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
- # chokes on -Wl,-G. The following line is correct:
- shared_flag='-G'
- else
- if test yes = "$aix_use_runtimelinking"; then
- shared_flag='$wl-G'
- else
- shared_flag='$wl-bM:SRE'
- fi
- shared_flag_aix='$wl-bM:SRE'
- shared_flag_svr4='$wl-G'
- fi
- fi
-
- export_dynamic_flag_spec='$wl-bexpall'
- # It seems that -bexpall does not export symbols beginning with
- # underscore (_), so it is better to generate a list of symbols to export.
- always_export_symbols=yes
- if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
- # Warning - without using the other runtime loading flags (-brtl),
- # -berok will link without error, but may produce a broken library.
- allow_undefined_flag='-berok'
- # Determine the default libpath from the value encoded in an
- # empty executable.
- if test set = "${lt_cv_aix_libpath+set}"; then
- aix_libpath=$lt_cv_aix_libpath
-else
- if test ${lt_cv_aix_libpath_+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
- lt_aix_libpath_sed='
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\([^ ]*\) *$/\1/
- p
- }
- }'
- lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- # Check for a 64-bit object if we didn't find anything.
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- fi
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=/usr/lib:/lib
- fi
-
-fi
-
- aix_libpath=$lt_cv_aix_libpath_
-fi
-
- hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath"
- archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
- else
- if test ia64 = "$host_cpu"; then
- hardcode_libdir_flag_spec='$wl-R $libdir:/usr/lib:/lib'
- allow_undefined_flag="-z nodefs"
- archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
- else
- # Determine the default libpath from the value encoded in an
- # empty executable.
- if test set = "${lt_cv_aix_libpath+set}"; then
- aix_libpath=$lt_cv_aix_libpath
-else
- if test ${lt_cv_aix_libpath_+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
-
- lt_aix_libpath_sed='
- /Import File Strings/,/^$/ {
- /^0/ {
- s/^0 *\([^ ]*\) *$/\1/
- p
- }
- }'
- lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- # Check for a 64-bit object if we didn't find anything.
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
- fi
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- if test -z "$lt_cv_aix_libpath_"; then
- lt_cv_aix_libpath_=/usr/lib:/lib
- fi
-
-fi
-
- aix_libpath=$lt_cv_aix_libpath_
-fi
-
- hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath"
- # Warning - without using the other run time loading flags,
- # -berok will link without error, but may produce a broken library.
- no_undefined_flag=' $wl-bernotok'
- allow_undefined_flag=' $wl-berok'
- if test yes = "$with_gnu_ld"; then
- # We only use this code for GNU lds that support --whole-archive.
- whole_archive_flag_spec='$wl--whole-archive$convenience $wl--no-whole-archive'
- else
- # Exported symbols can be pulled into shared objects from archives
- whole_archive_flag_spec='$convenience'
- fi
- archive_cmds_need_lc=yes
- archive_expsym_cmds='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
- # -brtl affects multiple linker settings, -berok does not and is overridden later
- compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`'
- if test svr4 != "$with_aix_soname"; then
- # This is similar to how AIX traditionally builds its shared libraries.
- archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
- fi
- if test aix != "$with_aix_soname"; then
- archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
- else
- # used by -dlpreopen to get the symbols
- archive_expsym_cmds="$archive_expsym_cmds"'~$MV $output_objdir/$realname.d/$soname $output_objdir'
- fi
- archive_expsym_cmds="$archive_expsym_cmds"'~$RM -r $output_objdir/$realname.d'
- fi
- fi
- ;;
-
- amigaos*)
- case $host_cpu in
- powerpc)
- # see comment about AmigaOS4 .so support
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
- archive_expsym_cmds=''
- ;;
- m68k)
- archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- ;;
- esac
- ;;
-
- bsdi[45]*)
- export_dynamic_flag_spec=-rdynamic
- ;;
-
- cygwin* | mingw* | pw32* | cegcc*)
- # When not using gcc, we currently assume that we are using
- # Microsoft Visual C++.
- # hardcode_libdir_flag_spec is actually meaningless, as there is
- # no search path for DLLs.
- case $cc_basename in
- cl*)
- # Native MSVC
- hardcode_libdir_flag_spec=' '
- allow_undefined_flag=unsupported
- always_export_symbols=yes
- file_list_spec='@'
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=.dll
- # FIXME: Setting linknames here is a bad hack.
- archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
- archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then
- cp "$export_symbols" "$output_objdir/$soname.def";
- echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
- else
- $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
- fi~
- $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
- linknames='
- # The linker will not automatically build a static lib if we build a DLL.
- # _LT_TAGVAR(old_archive_from_new_cmds, )='true'
- enable_shared_with_static_runtimes=yes
- exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
- export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
- # Don't use ranlib
- old_postinstall_cmds='chmod 644 $oldlib'
- postlink_cmds='lt_outputfile="@OUTPUT@"~
- lt_tool_outputfile="@TOOL_OUTPUT@"~
- case $lt_outputfile in
- *.exe|*.EXE) ;;
- *)
- lt_outputfile=$lt_outputfile.exe
- lt_tool_outputfile=$lt_tool_outputfile.exe
- ;;
- esac~
- if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
- $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
- $RM "$lt_outputfile.manifest";
- fi'
- ;;
- *)
- # Assume MSVC wrapper
- hardcode_libdir_flag_spec=' '
- allow_undefined_flag=unsupported
- # Tell ltmain to make .lib files, not .a files.
- libext=lib
- # Tell ltmain to make .dll files, not .so files.
- shrext_cmds=.dll
- # FIXME: Setting linknames here is a bad hack.
- archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
- # The linker will automatically build a .lib file if we build a DLL.
- old_archive_from_new_cmds='true'
- # FIXME: Should let the user specify the lib program.
- old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs'
- enable_shared_with_static_runtimes=yes
- ;;
- esac
- ;;
-
- darwin* | rhapsody*)
-
-
- archive_cmds_need_lc=no
- hardcode_direct=no
- hardcode_automatic=yes
- hardcode_shlibpath_var=unsupported
- if test yes = "$lt_cv_ld_force_load"; then
- whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
-
- else
- whole_archive_flag_spec=''
- fi
- link_all_deplibs=yes
- allow_undefined_flag=$_lt_dar_allow_undefined
- case $cc_basename in
- ifort*|nagfor*) _lt_dar_can_shared=yes ;;
- *) _lt_dar_can_shared=$GCC ;;
- esac
- if test yes = "$_lt_dar_can_shared"; then
- output_verbose_link_cmd=func_echo_all
- archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
- module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
- archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
- module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
-
- else
- ld_shlibs=no
- fi
-
- ;;
-
- dgux*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_shlibpath_var=no
- ;;
-
- # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
- # support. Future versions do this automatically, but an explicit c++rt0.o
- # does not break anything, and helps significantly (at the cost of a little
- # extra space).
- freebsd2.2*)
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- # Unfortunately, older versions of FreeBSD 2 do not have this feature.
- freebsd2.*)
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes
- hardcode_minus_L=yes
- hardcode_shlibpath_var=no
- ;;
-
- # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
- freebsd* | dragonfly*)
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- hpux9*)
- if test yes = "$GCC"; then
- archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- else
- archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
- fi
- hardcode_libdir_flag_spec='$wl+b $wl$libdir'
- hardcode_libdir_separator=:
- hardcode_direct=yes
-
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- export_dynamic_flag_spec='$wl-E'
- ;;
-
- hpux10*)
- if test yes,no = "$GCC,$with_gnu_ld"; then
- archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
- fi
- if test no = "$with_gnu_ld"; then
- hardcode_libdir_flag_spec='$wl+b $wl$libdir'
- hardcode_libdir_separator=:
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- export_dynamic_flag_spec='$wl-E'
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- fi
- ;;
-
- hpux11*)
- if test yes,no = "$GCC,$with_gnu_ld"; then
- case $host_cpu in
- hppa*64*)
- archive_cmds='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- ia64*)
- archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
- archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- else
- case $host_cpu in
- hppa*64*)
- archive_cmds='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- ia64*)
- archive_cmds='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- *)
-
- # Older versions of the 11.00 compiler do not understand -b yet
- # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5
-printf %s "checking if $CC understands -b... " >&6; }
-if test ${lt_cv_prog_compiler__b+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_prog_compiler__b=no
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS -b"
- echo "$lt_simple_link_test_code" > conftest.$ac_ext
- if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
- # The linker can only warn and ignore the option if not recognized
- # So say no if there are warnings
- if test -s conftest.err; then
- # Append any errors to the config.log.
- cat conftest.err 1>&5
- $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
- $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
- if diff conftest.exp conftest.er2 >/dev/null; then
- lt_cv_prog_compiler__b=yes
- fi
- else
- lt_cv_prog_compiler__b=yes
- fi
- fi
- $RM -r conftest*
- LDFLAGS=$save_LDFLAGS
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5
-printf "%s\n" "$lt_cv_prog_compiler__b" >&6; }
-
-if test yes = "$lt_cv_prog_compiler__b"; then
- archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-else
- archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
-fi
-
- ;;
- esac
- fi
- if test no = "$with_gnu_ld"; then
- hardcode_libdir_flag_spec='$wl+b $wl$libdir'
- hardcode_libdir_separator=:
-
- case $host_cpu in
- hppa*64*|ia64*)
- hardcode_direct=no
- hardcode_shlibpath_var=no
- ;;
- *)
- hardcode_direct=yes
- hardcode_direct_absolute=yes
- export_dynamic_flag_spec='$wl-E'
-
- # hardcode_minus_L: Not really in the search PATH,
- # but as the default location of the library.
- hardcode_minus_L=yes
- ;;
- esac
- fi
- ;;
-
- irix5* | irix6* | nonstopux*)
- if test yes = "$GCC"; then
- archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- # Try to use the -exported_symbol ld option, if it does not
- # work, assume that -exports_file does not work either and
- # implicitly export all symbols.
- # This should be the same for all languages, so no per-tag cache variable.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5
-printf %s "checking whether the $host_os linker accepts -exported_symbol... " >&6; }
-if test ${lt_cv_irix_exported_symbol+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- save_LDFLAGS=$LDFLAGS
- LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-int foo (void) { return 0; }
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- lt_cv_irix_exported_symbol=yes
-else $as_nop
- lt_cv_irix_exported_symbol=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5
-printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
- if test yes = "$lt_cv_irix_exported_symbol"; then
- archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
- fi
- link_all_deplibs=no
- else
- archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- hardcode_libdir_separator=:
- inherit_rpath=yes
- link_all_deplibs=yes
- ;;
-
- linux*)
- case $cc_basename in
- tcc*)
- # Fabrice Bellard et al's Tiny C Compiler
- ld_shlibs=yes
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- ;;
- esac
- ;;
-
- netbsd* | netbsdelf*-gnu)
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
- else
- archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
- fi
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- ;;
-
- newsos6)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- hardcode_libdir_separator=:
- hardcode_shlibpath_var=no
- ;;
-
- *nto* | *qnx*)
- ;;
-
- openbsd* | bitrig*)
- if test -f /usr/libexec/ld.so; then
- hardcode_direct=yes
- hardcode_shlibpath_var=no
- hardcode_direct_absolute=yes
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
- hardcode_libdir_flag_spec='$wl-rpath,$libdir'
- export_dynamic_flag_spec='$wl-E'
- else
- archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
- hardcode_libdir_flag_spec='$wl-rpath,$libdir'
- fi
- else
- ld_shlibs=no
- fi
- ;;
-
- os2*)
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_minus_L=yes
- allow_undefined_flag=unsupported
- shrext_cmds=.dll
- archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
- $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
- $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
- $ECHO EXPORTS >> $output_objdir/$libname.def~
- prefix_cmds="$SED"~
- if test EXPORTS = "`$SED 1q $export_symbols`"; then
- prefix_cmds="$prefix_cmds -e 1d";
- fi~
- prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
- cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
- $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
- emximp -o $lib $output_objdir/$libname.def'
- old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
- enable_shared_with_static_runtimes=yes
- ;;
-
- osf3*)
- if test yes = "$GCC"; then
- allow_undefined_flag=' $wl-expect_unresolved $wl\*'
- archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- else
- allow_undefined_flag=' -expect_unresolved \*'
- archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- hardcode_libdir_separator=:
- ;;
-
- osf4* | osf5*) # as osf3* with the addition of -msym flag
- if test yes = "$GCC"; then
- allow_undefined_flag=' $wl-expect_unresolved $wl\*'
- archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
- else
- allow_undefined_flag=' -expect_unresolved \*'
- archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
- archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
- $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
-
- # Both c and cxx compiler support -rpath directly
- hardcode_libdir_flag_spec='-rpath $libdir'
- fi
- archive_cmds_need_lc='no'
- hardcode_libdir_separator=:
- ;;
-
- solaris*)
- no_undefined_flag=' -z defs'
- if test yes = "$GCC"; then
- wlarc='$wl'
- archive_cmds='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
- else
- case `$CC -V 2>&1` in
- *"Compilers 5.0"*)
- wlarc=''
- archive_cmds='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
- ;;
- *)
- wlarc='$wl'
- archive_cmds='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
- $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
- ;;
- esac
- fi
- hardcode_libdir_flag_spec='-R$libdir'
- hardcode_shlibpath_var=no
- case $host_os in
- solaris2.[0-5] | solaris2.[0-5].*) ;;
- *)
- # The compiler driver will combine and reorder linker options,
- # but understands '-z linker_flag'. GCC discards it without '$wl',
- # but is careful enough not to reorder.
- # Supported since Solaris 2.6 (maybe 2.5.1?)
- if test yes = "$GCC"; then
- whole_archive_flag_spec='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
- else
- whole_archive_flag_spec='-z allextract$convenience -z defaultextract'
- fi
- ;;
- esac
- link_all_deplibs=yes
- ;;
-
- sunos4*)
- if test sequent = "$host_vendor"; then
- # Use $CC to link under sequent, because it throws in some extra .o
- # files that make .init and .fini sections work.
- archive_cmds='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
- fi
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_direct=yes
- hardcode_minus_L=yes
- hardcode_shlibpath_var=no
- ;;
-
- sysv4)
- case $host_vendor in
- sni)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=yes # is this really true???
- ;;
- siemens)
- ## LD is ld it makes a PLAMLIB
- ## CC just makes a GrossModule.
- archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
- reload_cmds='$CC -r -o $output$reload_objs'
- hardcode_direct=no
- ;;
- motorola)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_direct=no #Motorola manual says yes, but my tests say they lie
- ;;
- esac
- runpath_var='LD_RUN_PATH'
- hardcode_shlibpath_var=no
- ;;
-
- sysv4.3*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_shlibpath_var=no
- export_dynamic_flag_spec='-Bexport'
- ;;
-
- sysv4*MP*)
- if test -d /usr/nec; then
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_shlibpath_var=no
- runpath_var=LD_RUN_PATH
- hardcode_runpath_var=yes
- ld_shlibs=yes
- fi
- ;;
-
- sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
- no_undefined_flag='$wl-z,text'
- archive_cmds_need_lc=no
- hardcode_shlibpath_var=no
- runpath_var='LD_RUN_PATH'
-
- if test yes = "$GCC"; then
- archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- fi
- ;;
-
- sysv5* | sco3.2v5* | sco5v6*)
- # Note: We CANNOT use -z defs as we might desire, because we do not
- # link with -lc, and that would cause any symbols used from libc to
- # always be unresolved, which means just about no library would
- # ever link correctly. If we're not using GNU ld we use -z text
- # though, which does catch some bad symbols but isn't as heavy-handed
- # as -z defs.
- no_undefined_flag='$wl-z,text'
- allow_undefined_flag='$wl-z,nodefs'
- archive_cmds_need_lc=no
- hardcode_shlibpath_var=no
- hardcode_libdir_flag_spec='$wl-R,$libdir'
- hardcode_libdir_separator=':'
- link_all_deplibs=yes
- export_dynamic_flag_spec='$wl-Bexport'
- runpath_var='LD_RUN_PATH'
-
- if test yes = "$GCC"; then
- archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- else
- archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
- fi
- ;;
-
- uts4*)
- archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
- hardcode_libdir_flag_spec='-L$libdir'
- hardcode_shlibpath_var=no
- ;;
-
- *)
- ld_shlibs=no
- ;;
- esac
-
- if test sni = "$host_vendor"; then
- case $host in
- sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
- export_dynamic_flag_spec='$wl-Blargedynsym'
- ;;
- esac
- fi
- fi
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
-printf "%s\n" "$ld_shlibs" >&6; }
-test no = "$ld_shlibs" && can_build_shared=no
-
-with_gnu_ld=$with_gnu_ld
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$archive_cmds_need_lc" in
-x|xyes)
- # Assume -lc should be added
- archive_cmds_need_lc=yes
-
- if test yes,yes = "$GCC,$enable_shared"; then
- case $archive_cmds in
- *'~'*)
- # FIXME: we may have to deal with multi-command sequences.
- ;;
- '$CC '*)
- # Test whether the compiler implicitly links with -lc since on some
- # systems, -lgcc has to come before -lc. If gcc already passes -lc
- # to ld, don't add -lc before -lgcc.
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
-printf %s "checking whether -lc should be explicitly linked in... " >&6; }
-if test ${lt_cv_archive_cmds_need_lc+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- $RM conftest*
- echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } 2>conftest.err; then
- soname=conftest
- lib=conftest
- libobjs=conftest.$ac_objext
- deplibs=
- wl=$lt_prog_compiler_wl
- pic_flag=$lt_prog_compiler_pic
- compiler_flags=-v
- linker_flags=-v
- verstring=
- output_objdir=.
- libname=conftest
- lt_save_allow_undefined_flag=$allow_undefined_flag
- allow_undefined_flag=
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
- (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- then
- lt_cv_archive_cmds_need_lc=no
- else
- lt_cv_archive_cmds_need_lc=yes
- fi
- allow_undefined_flag=$lt_save_allow_undefined_flag
- else
- cat conftest.err 1>&5
- fi
- $RM conftest*
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5
-printf "%s\n" "$lt_cv_archive_cmds_need_lc" >&6; }
- archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc
- ;;
- esac
- fi
- ;;
-esac
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
-printf %s "checking dynamic linker characteristics... " >&6; }
-
-if test yes = "$GCC"; then
- case $host_os in
- darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
- *) lt_awk_arg='/^libraries:/' ;;
- esac
- case $host_os in
- mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;;
- *) lt_sed_strip_eq='s|=/|/|g' ;;
- esac
- lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
- case $lt_search_path_spec in
- *\;*)
- # if the path contains ";" then we assume it to be the separator
- # otherwise default to the standard path separator (i.e. ":") - it is
- # assumed that no part of a normal pathname contains ";" but that should
- # okay in the real world where ";" in dirpaths is itself problematic.
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
- ;;
- *)
- lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
- ;;
- esac
- # Ok, now we have the path, separated by spaces, we can step through it
- # and add multilib dir if necessary...
- lt_tmp_lt_search_path_spec=
- lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
- # ...but if some path component already ends with the multilib dir we assume
- # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
- case "$lt_multi_os_dir; $lt_search_path_spec " in
- "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
- lt_multi_os_dir=
- ;;
- esac
- for lt_sys_path in $lt_search_path_spec; do
- if test -d "$lt_sys_path$lt_multi_os_dir"; then
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
- elif test -n "$lt_multi_os_dir"; then
- test -d "$lt_sys_path" && \
- lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
- fi
- done
- lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
-BEGIN {RS = " "; FS = "/|\n";} {
- lt_foo = "";
- lt_count = 0;
- for (lt_i = NF; lt_i > 0; lt_i--) {
- if ($lt_i != "" && $lt_i != ".") {
- if ($lt_i == "..") {
- lt_count++;
- } else {
- if (lt_count == 0) {
- lt_foo = "/" $lt_i lt_foo;
- } else {
- lt_count--;
- }
- }
- }
- }
- if (lt_foo != "") { lt_freq[lt_foo]++; }
- if (lt_freq[lt_foo] == 1) { print lt_foo; }
-}'`
- # AWK program above erroneously prepends '/' to C:/dos/paths
- # for these hosts.
- case $host_os in
- mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
- $SED 's|/\([A-Za-z]:\)|\1|g'` ;;
- esac
- sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
-else
- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=.so
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-
-
-case $host_os in
-aix3*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
- shlibpath_var=LIBPATH
-
- # AIX 3 has no versioning support, so we append a major version to the name.
- soname_spec='$libname$release$shared_ext$major'
- ;;
-
-aix[4-9]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- hardcode_into_libs=yes
- if test ia64 = "$host_cpu"; then
- # AIX 5 supports IA64
- library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- else
- # With GCC up to 2.95.x, collect2 would create an import file
- # for dependence libraries. The import file would start with
- # the line '#! .'. This would cause the generated library to
- # depend on '.', always an invalid library. This was fixed in
- # development snapshots of GCC prior to 3.0.
- case $host_os in
- aix4 | aix4.[01] | aix4.[01].*)
- if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
- echo ' yes '
- echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
- :
- else
- can_build_shared=no
- fi
- ;;
- esac
- # Using Import Files as archive members, it is possible to support
- # filename-based versioning of shared library archives on AIX. While
- # this would work for both with and without runtime linking, it will
- # prevent static linking of such archives. So we do filename-based
- # shared library versioning with .so extension only, which is used
- # when both runtime linking and shared linking is enabled.
- # Unfortunately, runtime linking may impact performance, so we do
- # not want this to be the default eventually. Also, we use the
- # versioned .so libs for executables only if there is the -brtl
- # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
- # To allow for filename-based versioning support, we need to create
- # libNAME.so.V as an archive file, containing:
- # *) an Import File, referring to the versioned filename of the
- # archive as well as the shared archive member, telling the
- # bitwidth (32 or 64) of that shared object, and providing the
- # list of exported symbols of that shared object, eventually
- # decorated with the 'weak' keyword
- # *) the shared object with the F_LOADONLY flag set, to really avoid
- # it being seen by the linker.
- # At run time we better use the real file rather than another symlink,
- # but for link time we create the symlink libNAME.so -> libNAME.so.V
-
- case $with_aix_soname,$aix_use_runtimelinking in
- # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
- # soname into executable. Probably we can add versioning support to
- # collect2, so additional links can be useful in future.
- aix,yes) # traditional libtool
- dynamic_linker='AIX unversionable lib.so'
- # If using run time linking (on AIX 4.2 or later) use lib<name>.so
- # instead of lib<name>.a to let people know that these are not
- # typical AIX shared libraries.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- ;;
- aix,no) # traditional AIX only
- dynamic_linker='AIX lib.a(lib.so.V)'
- # We preserve .a as extension for shared libraries through AIX4.2
- # and later when we are not doing run time linking.
- library_names_spec='$libname$release.a $libname.a'
- soname_spec='$libname$release$shared_ext$major'
- ;;
- svr4,*) # full svr4 only
- dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)"
- library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
- # We do not specify a path in Import Files, so LIBPATH fires.
- shlibpath_overrides_runpath=yes
- ;;
- *,yes) # both, prefer svr4
- dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)"
- library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
- # unpreferred sharedlib libNAME.a needs extra handling
- postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
- postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
- # We do not specify a path in Import Files, so LIBPATH fires.
- shlibpath_overrides_runpath=yes
- ;;
- *,no) # both, prefer aix
- dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)"
- library_names_spec='$libname$release.a $libname.a'
- soname_spec='$libname$release$shared_ext$major'
- # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
- postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
- postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
- ;;
- esac
- shlibpath_var=LIBPATH
- fi
- ;;
-
-amigaos*)
- case $host_cpu in
- powerpc)
- # Since July 2007 AmigaOS4 officially supports .so libraries.
- # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- ;;
- m68k)
- library_names_spec='$libname.ixlibrary $libname.a'
- # Create ${libname}_ixlibrary.a entries in /sys/libs.
- finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
- ;;
- esac
- ;;
-
-beos*)
- library_names_spec='$libname$shared_ext'
- dynamic_linker="$host_os ld.so"
- shlibpath_var=LIBRARY_PATH
- ;;
-
-bsdi[45]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
- sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
- # the default ld.so.conf also contains /usr/contrib/lib and
- # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
- # libtool to hard-code these into programs
- ;;
-
-cygwin* | mingw* | pw32* | cegcc*)
- version_type=windows
- shrext_cmds=.dll
- need_version=no
- need_lib_prefix=no
-
- case $GCC,$cc_basename in
- yes,*)
- # gcc
- library_names_spec='$libname.dll.a'
- # DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname~
- chmod a+x \$dldir/$dlname~
- if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
- eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
- fi'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- shlibpath_overrides_runpath=yes
-
- case $host_os in
- cygwin*)
- # Cygwin DLLs use 'cyg' prefix rather than 'lib'
- soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
-
- sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"
- ;;
- mingw* | cegcc*)
- # MinGW DLLs use traditional 'lib' prefix
- soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
- ;;
- pw32*)
- # pw32 DLLs use 'pw' prefix rather than 'lib'
- library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
- ;;
- esac
- dynamic_linker='Win32 ld.exe'
- ;;
-
- *,cl*)
- # Native MSVC
- libname_spec='$name'
- soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
- library_names_spec='$libname.dll.lib'
-
- case $build_os in
- mingw*)
- sys_lib_search_path_spec=
- lt_save_ifs=$IFS
- IFS=';'
- for lt_path in $LIB
- do
- IFS=$lt_save_ifs
- # Let DOS variable expansion print the short 8.3 style file name.
- lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
- sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
- done
- IFS=$lt_save_ifs
- # Convert to MSYS style.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'`
- ;;
- cygwin*)
- # Convert to unix form, then to dos form, then back to unix form
- # but this time dos style (no spaces!) so that the unix form looks
- # like /cygdrive/c/PROGRA~1:/cygdr...
- sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
- sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
- sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- ;;
- *)
- sys_lib_search_path_spec=$LIB
- if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
- # It is most probably a Windows format PATH.
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
- else
- sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
- fi
- # FIXME: find the short name or the path components, as spaces are
- # common. (e.g. "Program Files" -> "PROGRA~1")
- ;;
- esac
-
- # DLL is installed to $(libdir)/../bin by postinstall_cmds
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- shlibpath_overrides_runpath=yes
- dynamic_linker='Win32 link.exe'
- ;;
-
- *)
- # Assume MSVC wrapper
- library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib'
- dynamic_linker='Win32 ld.exe'
- ;;
- esac
- # FIXME: first we should search . and the directory the executable is in
- shlibpath_var=PATH
- ;;
-
-darwin* | rhapsody*)
- dynamic_linker="$host_os dyld"
- version_type=darwin
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
- soname_spec='$libname$release$major$shared_ext'
- shlibpath_overrides_runpath=yes
- shlibpath_var=DYLD_LIBRARY_PATH
- shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-
- sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"
- sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
- ;;
-
-dgux*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-freebsd* | dragonfly*)
- # DragonFly does not have aout. When/if they implement a new
- # versioning mechanism, adjust this.
- if test -x /usr/bin/objformat; then
- objformat=`/usr/bin/objformat`
- else
- case $host_os in
- freebsd[23].*) objformat=aout ;;
- *) objformat=elf ;;
- esac
- fi
- version_type=freebsd-$objformat
- case $version_type in
- freebsd-elf*)
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- need_version=no
- need_lib_prefix=no
- ;;
- freebsd-*)
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- need_version=yes
- ;;
- esac
- shlibpath_var=LD_LIBRARY_PATH
- case $host_os in
- freebsd2.*)
- shlibpath_overrides_runpath=yes
- ;;
- freebsd3.[01]* | freebsdelf3.[01]*)
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
- freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
- *) # from 4.6 on, and DragonFly
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
- esac
- ;;
-
-haiku*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- dynamic_linker="$host_os runtime_loader"
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LIBRARY_PATH
- shlibpath_overrides_runpath=no
- sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
- hardcode_into_libs=yes
- ;;
-
-hpux9* | hpux10* | hpux11*)
- # Give a soname corresponding to the major version so that dld.sl refuses to
- # link against other versions.
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- case $host_cpu in
- ia64*)
- shrext_cmds='.so'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.so"
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- if test 32 = "$HPUX_IA64_MODE"; then
- sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
- sys_lib_dlsearch_path_spec=/usr/lib/hpux32
- else
- sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
- sys_lib_dlsearch_path_spec=/usr/lib/hpux64
- fi
- ;;
- hppa*64*)
- shrext_cmds='.sl'
- hardcode_into_libs=yes
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
- shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
- *)
- shrext_cmds='.sl'
- dynamic_linker="$host_os dld.sl"
- shlibpath_var=SHLIB_PATH
- shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- ;;
- esac
- # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
- postinstall_cmds='chmod 555 $lib'
- # or fails outright, so override atomically:
- install_override_mode=555
- ;;
-
-interix[3-9]*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-irix5* | irix6* | nonstopux*)
- case $host_os in
- nonstopux*) version_type=nonstopux ;;
- *)
- if test yes = "$lt_cv_prog_gnu_ld"; then
- version_type=linux # correct to gnu/linux during the next big refactor
- else
- version_type=irix
- fi ;;
- esac
- need_lib_prefix=no
- need_version=no
- soname_spec='$libname$release$shared_ext$major'
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
- case $host_os in
- irix5* | nonstopux*)
- libsuff= shlibsuff=
- ;;
- *)
- case $LD in # libtool.m4 will add one of these switches to LD
- *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
- libsuff= shlibsuff= libmagic=32-bit;;
- *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
- libsuff=32 shlibsuff=N32 libmagic=N32;;
- *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
- libsuff=64 shlibsuff=64 libmagic=64-bit;;
- *) libsuff= shlibsuff= libmagic=never-match;;
- esac
- ;;
- esac
- shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
- sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
- hardcode_into_libs=yes
- ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
- dynamic_linker=no
- ;;
-
-linux*android*)
- version_type=none # Android doesn't support versioned libraries.
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext'
- soname_spec='$libname$release$shared_ext'
- finish_cmds=
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
-
- # This implies no fast_install, which is unacceptable.
- # Some rework will be needed to allow for fast_install
- # before this can be enabled.
- hardcode_into_libs=yes
-
- dynamic_linker='Android linker'
- # Don't embed -rpath directories since the linker doesn't support them.
- hardcode_libdir_flag_spec='-L$libdir'
- ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
-
- # Some binutils ld are patched to set DT_RUNPATH
- if test ${lt_cv_shlibpath_overrides_runpath+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- lt_cv_shlibpath_overrides_runpath=no
- save_LDFLAGS=$LDFLAGS
- save_libdir=$libdir
- eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
- LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\""
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main (void)
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null
-then :
- lt_cv_shlibpath_overrides_runpath=yes
-fi
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
- LDFLAGS=$save_LDFLAGS
- libdir=$save_libdir
-
-fi
-
- shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
-
- # This implies no fast_install, which is unacceptable.
- # Some rework will be needed to allow for fast_install
- # before this can be enabled.
- hardcode_into_libs=yes
-
- # Ideally, we could use ldconfig to report *all* directores which are
- # searched for libraries, however this is still not possible. Aside from not
- # being certain /sbin/ldconfig is available, command
- # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
- # even though it is searched at run-time. Try to do the best guess by
- # appending ld.so.conf contents (and includes) to the search path.
- if test -f /etc/ld.so.conf; then
- lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
- fi
-
- # We used to test for /lib/ld.so.1 and disable shared libraries on
- # powerpc, because MkLinux only supported shared libraries with the
- # GNU dynamic linker. Since this was broken with cross compilers,
- # most powerpc-linux boxes support dynamic linking these days and
- # people can always --disable-shared, the test was removed, and we
- # assume the GNU/Linux dynamic linker is in use.
- dynamic_linker='GNU/Linux ld.so'
- ;;
-
-netbsdelf*-gnu)
- version_type=linux
- need_lib_prefix=no
- need_version=no
- library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
- soname_spec='${libname}${release}${shared_ext}$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- dynamic_linker='NetBSD ld.elf_so'
- ;;
-
-netbsd*)
- version_type=sunos
- need_lib_prefix=no
- need_version=no
- if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- dynamic_linker='NetBSD (a.out) ld.so'
- else
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- dynamic_linker='NetBSD ld.elf_so'
- fi
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- ;;
-
-newsos6)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- ;;
-
-*nto* | *qnx*)
- version_type=qnx
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- dynamic_linker='ldqnx.so'
- ;;
-
-openbsd* | bitrig*)
- version_type=sunos
- sys_lib_dlsearch_path_spec=/usr/lib
- need_lib_prefix=no
- if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
- need_version=no
- else
- need_version=yes
- fi
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- ;;
-
-os2*)
- libname_spec='$name'
- version_type=windows
- shrext_cmds=.dll
- need_version=no
- need_lib_prefix=no
- # OS/2 can only load a DLL with a base name of 8 characters or less.
- soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
- v=$($ECHO $release$versuffix | tr -d .-);
- n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
- $ECHO $n$v`$shared_ext'
- library_names_spec='${libname}_dll.$libext'
- dynamic_linker='OS/2 ld.exe'
- shlibpath_var=BEGINLIBPATH
- sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- postinstall_cmds='base_file=`basename \$file`~
- dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
- dldir=$destdir/`dirname \$dlpath`~
- test -d \$dldir || mkdir -p \$dldir~
- $install_prog $dir/$dlname \$dldir/$dlname~
- chmod a+x \$dldir/$dlname~
- if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
- eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
- fi'
- postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
- dlpath=$dir/\$dldll~
- $RM \$dlpath'
- ;;
-
-osf3* | osf4* | osf5*)
- version_type=osf
- need_lib_prefix=no
- need_version=no
- soname_spec='$libname$release$shared_ext$major'
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
- sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
- ;;
-
-rdos*)
- dynamic_linker=no
- ;;
-
-solaris*)
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- # ldd complains unless libraries are executable
- postinstall_cmds='chmod +x $lib'
- ;;
-
-sunos4*)
- version_type=sunos
- library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
- finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- if test yes = "$with_gnu_ld"; then
- need_lib_prefix=no
- fi
- need_version=yes
- ;;
-
-sysv4 | sysv4.3*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- case $host_vendor in
- sni)
- shlibpath_overrides_runpath=no
- need_lib_prefix=no
- runpath_var=LD_RUN_PATH
- ;;
- siemens)
- need_lib_prefix=no
- ;;
- motorola)
- need_lib_prefix=no
- need_version=no
- shlibpath_overrides_runpath=no
- sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
- ;;
- esac
- ;;
-
-sysv4*MP*)
- if test -d /usr/nec; then
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
- soname_spec='$libname$shared_ext.$major'
- shlibpath_var=LD_LIBRARY_PATH
- fi
- ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- version_type=sco
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=yes
- hardcode_into_libs=yes
- if test yes = "$with_gnu_ld"; then
- sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
- else
- sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
- case $host_os in
- sco3.2v5*)
- sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
- ;;
- esac
- fi
- sys_lib_dlsearch_path_spec='/usr/lib'
- ;;
-
-tpf*)
- # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
- version_type=linux # correct to gnu/linux during the next big refactor
- need_lib_prefix=no
- need_version=no
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- shlibpath_var=LD_LIBRARY_PATH
- shlibpath_overrides_runpath=no
- hardcode_into_libs=yes
- ;;
-
-uts4*)
- version_type=linux # correct to gnu/linux during the next big refactor
- library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
- soname_spec='$libname$release$shared_ext$major'
- shlibpath_var=LD_LIBRARY_PATH
- ;;
-
-*)
- dynamic_linker=no
- ;;
-esac
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
-printf "%s\n" "$dynamic_linker" >&6; }
-test no = "$dynamic_linker" && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test yes = "$GCC"; then
- variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
- sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
-fi
-
-if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
- sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
-fi
-
-# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
-configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
-
-# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
-func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
-
-# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
-configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
-printf %s "checking how to hardcode library paths into programs... " >&6; }
-hardcode_action=
-if test -n "$hardcode_libdir_flag_spec" ||
- test -n "$runpath_var" ||
- test yes = "$hardcode_automatic"; then
-
- # We can hardcode non-existent directories.
- if test no != "$hardcode_direct" &&
- # If the only mechanism to avoid hardcoding is shlibpath_var, we
- # have to relink, otherwise we might link with an installed library
- # when we should be linking with a yet-to-be-installed one
- ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, )" &&
- test no != "$hardcode_minus_L"; then
- # Linking always hardcodes the temporary library directory.
- hardcode_action=relink
- else
- # We can link without hardcoding, and we can hardcode nonexisting dirs.
- hardcode_action=immediate
- fi
-else
- # We cannot hardcode anything, or else we can only hardcode existing
- # directories.
- hardcode_action=unsupported
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
-printf "%s\n" "$hardcode_action" >&6; }
-
-if test relink = "$hardcode_action" ||
- test yes = "$inherit_rpath"; then
- # Fast installation is not supported
- enable_fast_install=no
-elif test yes = "$shlibpath_overrides_runpath" ||
- test no = "$enable_shared"; then
- # Fast installation is not necessary
- enable_fast_install=needless
-fi
-
-
-
-
-
-
- if test yes != "$enable_dlopen"; then
- enable_dlopen=unknown
- enable_dlopen_self=unknown
- enable_dlopen_self_static=unknown
-else
- lt_cv_dlopen=no
- lt_cv_dlopen_libs=
-
- case $host_os in
- beos*)
- lt_cv_dlopen=load_add_on
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
- ;;
-
- mingw* | pw32* | cegcc*)
- lt_cv_dlopen=LoadLibrary
- lt_cv_dlopen_libs=
- ;;
-
- cygwin*)
- lt_cv_dlopen=dlopen
- lt_cv_dlopen_libs=
- ;;
-
- darwin*)
- # if libdl is installed we need to link against it
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-printf %s "checking for dlopen in -ldl... " >&6; }
-if test ${ac_cv_lib_dl_dlopen+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldl $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dlopen ();
-int
-main (void)
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dl_dlopen=yes
-else $as_nop
- ac_cv_lib_dl_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else $as_nop
-
- lt_cv_dlopen=dyld
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=yes
-
-fi
-
- ;;
-
- tpf*)
- # Don't try to run any link tests for TPF. We know it's impossible
- # because TPF is a cross-compiler, and we know how we open DSOs.
- lt_cv_dlopen=dlopen
- lt_cv_dlopen_libs=
- lt_cv_dlopen_self=no
- ;;
-
- *)
- ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
-if test "x$ac_cv_func_shl_load" = xyes
-then :
- lt_cv_dlopen=shl_load
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
-printf %s "checking for shl_load in -ldld... " >&6; }
-if test ${ac_cv_lib_dld_shl_load+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char shl_load ();
-int
-main (void)
-{
-return shl_load ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dld_shl_load=yes
-else $as_nop
- ac_cv_lib_dld_shl_load=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
-printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; }
-if test "x$ac_cv_lib_dld_shl_load" = xyes
-then :
- lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld
-else $as_nop
- ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
-if test "x$ac_cv_func_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-printf %s "checking for dlopen in -ldl... " >&6; }
-if test ${ac_cv_lib_dl_dlopen+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldl $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dlopen ();
-int
-main (void)
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dl_dlopen=yes
-else $as_nop
- ac_cv_lib_dl_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
-printf %s "checking for dlopen in -lsvld... " >&6; }
-if test ${ac_cv_lib_svld_dlopen+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsvld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dlopen ();
-int
-main (void)
-{
-return dlopen ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_svld_dlopen=yes
-else $as_nop
- ac_cv_lib_svld_dlopen=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
-printf "%s\n" "$ac_cv_lib_svld_dlopen" >&6; }
-if test "x$ac_cv_lib_svld_dlopen" = xyes
-then :
- lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld
-else $as_nop
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
-printf %s "checking for dld_link in -ldld... " >&6; }
-if test ${ac_cv_lib_dld_dld_link+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldld $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-char dld_link ();
-int
-main (void)
-{
-return dld_link ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"
-then :
- ac_cv_lib_dld_dld_link=yes
-else $as_nop
- ac_cv_lib_dld_dld_link=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.beam \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
-printf "%s\n" "$ac_cv_lib_dld_dld_link" >&6; }
-if test "x$ac_cv_lib_dld_dld_link" = xyes
-then :
- lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
-
-fi
-
- ;;
- esac
-
- if test no = "$lt_cv_dlopen"; then
- enable_dlopen=no
- else
- enable_dlopen=yes
- fi
-
- case $lt_cv_dlopen in
- dlopen)
- save_CPPFLAGS=$CPPFLAGS
- test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
- save_LDFLAGS=$LDFLAGS
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
- save_LIBS=$LIBS
- LIBS="$lt_cv_dlopen_libs $LIBS"
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
-printf %s "checking whether a program can dlopen itself... " >&6; }
-if test ${lt_cv_dlopen_self+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test yes = "$cross_compiling"; then :
- lt_cv_dlopen_self=cross
-else
- lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
- lt_status=$lt_dlunknown
- cat > conftest.$ac_ext <<_LT_EOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LT_DLGLOBAL RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-# define LT_DLGLOBAL DL_GLOBAL
-# else
-# define LT_DLGLOBAL 0
-# endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
- find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-# ifdef RTLD_LAZY
-# define LT_DLLAZY_OR_NOW RTLD_LAZY
-# else
-# ifdef DL_LAZY
-# define LT_DLLAZY_OR_NOW DL_LAZY
-# else
-# ifdef RTLD_NOW
-# define LT_DLLAZY_OR_NOW RTLD_NOW
-# else
-# ifdef DL_NOW
-# define LT_DLLAZY_OR_NOW DL_NOW
-# else
-# define LT_DLLAZY_OR_NOW 0
-# endif
-# endif
-# endif
-# endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
- correspondingly for the symbols needed. */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
- void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
- int status = $lt_dlunknown;
-
- if (self)
- {
- if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
- else
- {
- if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
- else puts (dlerror ());
- }
- /* dlclose (self); */
- }
- else
- puts (dlerror ());
-
- return status;
-}
-_LT_EOF
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
- (./conftest; exit; ) >&5 2>/dev/null
- lt_status=$?
- case x$lt_status in
- x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
- x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
- x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;;
- esac
- else :
- # compilation failed
- lt_cv_dlopen_self=no
- fi
-fi
-rm -fr conftest*
-
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
-printf "%s\n" "$lt_cv_dlopen_self" >&6; }
-
- if test yes = "$lt_cv_dlopen_self"; then
- wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
-printf %s "checking whether a statically linked program can dlopen itself... " >&6; }
-if test ${lt_cv_dlopen_self_static+y}
-then :
- printf %s "(cached) " >&6
-else $as_nop
- if test yes = "$cross_compiling"; then :
- lt_cv_dlopen_self_static=cross
-else
- lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
- lt_status=$lt_dlunknown
- cat > conftest.$ac_ext <<_LT_EOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-# define LT_DLGLOBAL RTLD_GLOBAL
-#else
-# ifdef DL_GLOBAL
-# define LT_DLGLOBAL DL_GLOBAL
-# else
-# define LT_DLGLOBAL 0
-# endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
- find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-# ifdef RTLD_LAZY
-# define LT_DLLAZY_OR_NOW RTLD_LAZY
-# else
-# ifdef DL_LAZY
-# define LT_DLLAZY_OR_NOW DL_LAZY
-# else
-# ifdef RTLD_NOW
-# define LT_DLLAZY_OR_NOW RTLD_NOW
-# else
-# ifdef DL_NOW
-# define LT_DLLAZY_OR_NOW DL_NOW
-# else
-# define LT_DLLAZY_OR_NOW 0
-# endif
-# endif
-# endif
-# endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
- correspondingly for the symbols needed. */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
- void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
- int status = $lt_dlunknown;
-
- if (self)
- {
- if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
- else
- {
- if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
- else puts (dlerror ());
- }
- /* dlclose (self); */
- }
- else
- puts (dlerror ());
-
- return status;
-}
-_LT_EOF
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
- (./conftest; exit; ) >&5 2>/dev/null
- lt_status=$?
- case x$lt_status in
- x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
- x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
- x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;;
- esac
- else :
- # compilation failed
- lt_cv_dlopen_self_static=no
- fi
-fi
-rm -fr conftest*
-
-
-fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
-printf "%s\n" "$lt_cv_dlopen_self_static" >&6; }
- fi
-
- CPPFLAGS=$save_CPPFLAGS
- LDFLAGS=$save_LDFLAGS
- LIBS=$save_LIBS
- ;;
- esac
-
- case $lt_cv_dlopen_self in
- yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
- *) enable_dlopen_self=unknown ;;
- esac
-
- case $lt_cv_dlopen_self_static in
- yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
- *) enable_dlopen_self_static=unknown ;;
- esac
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-striplib=
-old_striplib=
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
-printf %s "checking whether stripping libraries is possible... " >&6; }
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
- test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
- test -z "$striplib" && striplib="$STRIP --strip-unneeded"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
-else
-# FIXME - insert some real tests, host_os isn't really good enough
- case $host_os in
- darwin*)
- if test -n "$STRIP"; then
- striplib="$STRIP -x"
- old_striplib="$STRIP -S"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-printf "%s\n" "yes" >&6; }
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- fi
- ;;
- *)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
-printf "%s\n" "no" >&6; }
- ;;
- esac
-fi
-
-
-
-
-
-
-
-
-
-
-
-
- # Report what library types will actually be built
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
-printf %s "checking if libtool supports shared libraries... " >&6; }
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
-printf "%s\n" "$can_build_shared" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
-printf %s "checking whether to build shared libraries... " >&6; }
- test no = "$can_build_shared" && enable_shared=no
-
- # On AIX, shared libraries and static libraries use the same namespace, and
- # are all built from PIC.
- case $host_os in
- aix3*)
- test yes = "$enable_shared" && enable_static=no
- if test -n "$RANLIB"; then
- archive_cmds="$archive_cmds~\$RANLIB \$lib"
- postinstall_cmds='$RANLIB $lib'
- fi
- ;;
-
- aix[4-9]*)
- if test ia64 != "$host_cpu"; then
- case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
- yes,aix,yes) ;; # shared object as lib.so file only
- yes,svr4,*) ;; # shared object as lib.so archive member only
- yes,*) enable_static=no ;; # shared object in lib.a archive as well
- esac
- fi
- ;;
- esac
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
-printf "%s\n" "$enable_shared" >&6; }
-
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
-printf %s "checking whether to build static libraries... " >&6; }
- # Make sure either enable_shared or enable_static is yes.
- test yes = "$enable_shared" || enable_static=yes
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
-printf "%s\n" "$enable_static" >&6; }
-
-
-
-
-fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-CC=$lt_save_CC
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- ac_config_commands="$ac_config_commands libtool"
-
-
-
-
-# Only expand once:
-
-
-
-
-if test "$ac_cv_prog_cc_c99" = "no"; then
- as_fn_error $? "C99 mode is required to build libapparmor" "$LINENO" 5
-fi
-
-ac_config_files="$ac_config_files Makefile doc/Makefile src/Makefile swig/Makefile swig/perl/Makefile swig/perl/Makefile.PL swig/python/Makefile swig/python/setup.py swig/python/test/Makefile swig/ruby/Makefile testsuite/Makefile testsuite/config/Makefile testsuite/libaalogparse.test/Makefile testsuite/lib/Makefile include/Makefile include/sys/Makefile"
-
-cat >confcache <<\_ACEOF
-# This file is a shell script that caches the results of configure
-# tests run on this system so they can be shared between configure
-# scripts and configure runs, see configure's option --config-cache.
-# It is not useful on other systems. If it contains results you don't
-# want to keep, you may remove or edit it.
-#
-# config.status only pays attention to the cache file if you give it
-# the --recheck option to rerun configure.
-#
-# `ac_cv_env_foo' variables (set or unset) will be overridden when
-# loading this file, other *unset* `ac_cv_foo' will be assigned the
-# following values.
-
-_ACEOF
-
-# The following way of writing the cache mishandles newlines in values,
-# but we know of no workaround that is simple, portable, and efficient.
-# So, we kill variables containing newlines.
-# Ultrix sh set writes to stderr and can't be redirected directly,
-# and sets the high bit in the cache file unless we assign to the vars.
-(
- for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
- *) { eval $ac_var=; unset $ac_var;} ;;
- esac ;;
- esac
- done
-
- (set) 2>&1 |
- case $as_nl`(ac_space=' '; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- # `set' does not quote correctly, so add quotes: double-quote
- # substitution turns \\\\ into \\, and sed turns \\ into \.
- sed -n \
- "s/'/'\\\\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
- ;; #(
- *)
- # `set' quotes correctly as required by POSIX, so do not add quotes.
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-) |
- sed '
- /^ac_cv_env_/b end
- t clear
- :clear
- s/^\([^=]*\)=\(.*[{}].*\)$/test ${\1+y} || &/
- t end
- s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
- :end' >>confcache
-if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
- if test -w "$cache_file"; then
- if test "x$cache_file" != "x/dev/null"; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
-printf "%s\n" "$as_me: updating cache $cache_file" >&6;}
- if test ! -f "$cache_file" || test -h "$cache_file"; then
- cat confcache >"$cache_file"
- else
- case $cache_file in #(
- */* | ?:*)
- mv -f confcache "$cache_file"$$ &&
- mv -f "$cache_file"$$ "$cache_file" ;; #(
- *)
- mv -f confcache "$cache_file" ;;
- esac
- fi
- fi
- else
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
-printf "%s\n" "$as_me: not updating unwritable cache $cache_file" >&6;}
- fi
-fi
-rm -f confcache
-
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-# Let make expand exec_prefix.
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-# Transform confdefs.h into DEFS.
-# Protect against shell expansion while executing Makefile rules.
-# Protect against Makefile macro expansion.
-#
-# If the first sed substitution is executed (which looks for macros that
-# take arguments), then branch to the quote section. Otherwise,
-# look for a macro that doesn't take arguments.
-ac_script='
-:mline
-/\\$/{
- N
- s,\\\n,,
- b mline
-}
-t clear
-:clear
-s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g
-t quote
-s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g
-t quote
-b any
-:quote
-s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g
-s/\[/\\&/g
-s/\]/\\&/g
-s/\$/$$/g
-H
-:any
-${
- g
- s/^\n//
- s/\n/ /g
- p
-}
-'
-DEFS=`sed -n "$ac_script" confdefs.h`
-
-
-ac_libobjs=
-ac_ltlibobjs=
-U=
-for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
- # 1. Remove the extension, and $U if already installed.
- ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
- ac_i=`printf "%s\n" "$ac_i" | sed "$ac_script"`
- # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
- # will be set to the directory where LIBOBJS objects are built.
- as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
- as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
-done
-LIBOBJS=$ac_libobjs
-
-LTLIBOBJS=$ac_ltlibobjs
-
-
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5
-printf %s "checking that generated files are newer than configure... " >&6; }
- if test -n "$am_sleep_pid"; then
- # Hide warnings about reused PIDs.
- wait $am_sleep_pid 2>/dev/null
- fi
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: done" >&5
-printf "%s\n" "done" >&6; }
- if test -n "$EXEEXT"; then
- am__EXEEXT_TRUE=
- am__EXEEXT_FALSE='#'
-else
- am__EXEEXT_TRUE='#'
- am__EXEEXT_FALSE=
-fi
-
-if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
- as_fn_error $? "conditional \"AMDEP\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
- as_fn_error $? "conditional \"am__fastdepCC\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${ENABLE_MAN_PAGES_TRUE}" && test -z "${ENABLE_MAN_PAGES_FALSE}"; then
- as_fn_error $? "conditional \"ENABLE_MAN_PAGES\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${HAVE_PYTHON_TRUE}" && test -z "${HAVE_PYTHON_FALSE}"; then
- as_fn_error $? "conditional \"HAVE_PYTHON\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${HAVE_PERL_TRUE}" && test -z "${HAVE_PERL_FALSE}"; then
- as_fn_error $? "conditional \"HAVE_PERL\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${HAVE_RUBY_TRUE}" && test -z "${HAVE_RUBY_FALSE}"; then
- as_fn_error $? "conditional \"HAVE_RUBY\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-
-: "${CONFIG_STATUS=./config.status}"
-ac_write_fail=0
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
-printf "%s\n" "$as_me: creating $CONFIG_STATUS" >&6;}
-as_write_fail=0
-cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-# Run this file to recreate the current configuration.
-# Compiler output produced by configure, useful for debugging
-# configure, is in config.log if it exists.
-
-debug=false
-ac_cs_recheck=false
-ac_cs_silent=false
-
-SHELL=\${CONFIG_SHELL-$SHELL}
-export SHELL
-_ASEOF
-cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
-## -------------------- ##
-## M4sh Initialization. ##
-## -------------------- ##
-
-# Be more Bourne compatible
-DUALCASE=1; export DUALCASE # for MKS sh
-as_nop=:
-if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
-then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else $as_nop
- case `(set -o) 2>/dev/null` in #(
- *posix*) :
- set -o posix ;; #(
- *) :
- ;;
-esac
-fi
-
-
-
-# Reset variables that may have inherited troublesome values from
-# the environment.
-
-# IFS needs to be set, to space, tab, and newline, in precisely that order.
-# (If _AS_PATH_WALK were called with IFS unset, it would have the
-# side effect of setting IFS to empty, thus disabling word splitting.)
-# Quoting is to prevent editors from complaining about space-tab.
-as_nl='
-'
-export as_nl
-IFS=" "" $as_nl"
-
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# Ensure predictable behavior from utilities with locale-dependent output.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# We cannot yet rely on "unset" to work, but we need these variables
-# to be unset--not just set to an empty or harmless value--now, to
-# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
-# also avoids known problems related to "unset" and subshell syntax
-# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
-for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
-do eval test \${$as_var+y} \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-
-# Ensure that fds 0, 1, and 2 are open.
-if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
-if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
-if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
-
-# The user is always right.
-if ${PATH_SEPARATOR+false} :; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-# Find who we are. Look in the path if we contain no directory separator.
-as_myself=
-case $0 in #((
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- case $as_dir in #(((
- '') as_dir=./ ;;
- */) ;;
- *) as_dir=$as_dir/ ;;
- esac
- test -r "$as_dir$0" && as_myself=$as_dir$0 && break
- done
-IFS=$as_save_IFS
-
- ;;
-esac
-# We did not find ourselves, most probably we were run as `sh COMMAND'
-# in which case we are not to be found in the path.
-if test "x$as_myself" = x; then
- as_myself=$0
-fi
-if test ! -f "$as_myself"; then
- printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- exit 1
-fi
-
-
-
-# as_fn_error STATUS ERROR [LINENO LOG_FD]
-# ----------------------------------------
-# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
-# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
-# script with STATUS, using 1 if that was 0.
-as_fn_error ()
-{
- as_status=$1; test $as_status -eq 0 && as_status=1
- if test "$4"; then
- as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
- fi
- printf "%s\n" "$as_me: error: $2" >&2
- as_fn_exit $as_status
-} # as_fn_error
-
-
-
-# as_fn_set_status STATUS
-# -----------------------
-# Set $? to STATUS, without forking.
-as_fn_set_status ()
-{
- return $1
-} # as_fn_set_status
-
-# as_fn_exit STATUS
-# -----------------
-# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
-as_fn_exit ()
-{
- set +e
- as_fn_set_status $1
- exit $1
-} # as_fn_exit
-
-# as_fn_unset VAR
-# ---------------
-# Portably unset VAR.
-as_fn_unset ()
-{
- { eval $1=; unset $1;}
-}
-as_unset=as_fn_unset
-
-# as_fn_append VAR VALUE
-# ----------------------
-# Append the text in VALUE to the end of the definition contained in VAR. Take
-# advantage of any shell optimizations that allow amortized linear growth over
-# repeated appends, instead of the typical quadratic growth present in naive
-# implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
-then :
- eval 'as_fn_append ()
- {
- eval $1+=\$2
- }'
-else $as_nop
- as_fn_append ()
- {
- eval $1=\$$1\$2
- }
-fi # as_fn_append
-
-# as_fn_arith ARG...
-# ------------------
-# Perform arithmetic evaluation on the ARGs, and store the result in the
-# global $as_val. Take advantage of shells that can avoid forks. The arguments
-# must be portable across $(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
-then :
- eval 'as_fn_arith ()
- {
- as_val=$(( $* ))
- }'
-else $as_nop
- as_fn_arith ()
- {
- as_val=`expr "$@" || test $? -eq 1`
- }
-fi # as_fn_arith
-
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
-
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-
-# Determine whether it's possible to make 'echo' print without a newline.
-# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
-# for compatibility with existing Makefiles.
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in #(((((
--n*)
- case `echo 'xy\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- xy) ECHO_C='\c';;
- *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
- ECHO_T=' ';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-
-# For backward compatibility with old third-party macros, we provide
-# the shell variables $as_echo and $as_echo_n. New code should use
-# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
-as_echo='printf %s\n'
-as_echo_n='printf %s'
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir 2>/dev/null
-fi
-if (echo >conf$$.file) 2>/dev/null; then
- if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -pR'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -pR'
- elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
- else
- as_ln_s='cp -pR'
- fi
-else
- as_ln_s='cp -pR'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-
-# as_fn_mkdir_p
-# -------------
-# Create "$as_dir" as a directory, including parents if necessary.
-as_fn_mkdir_p ()
-{
-
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || eval $as_mkdir_p || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$as_dir" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
-
-
-} # as_fn_mkdir_p
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p='mkdir -p "$as_dir"'
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-
-# as_fn_executable_p FILE
-# -----------------------
-# Test if FILE is an executable regular file.
-as_fn_executable_p ()
-{
- test -f "$1" && test -x "$1"
-} # as_fn_executable_p
-as_test_x='test -x'
-as_executable_p=as_fn_executable_p
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-
-exec 6>&1
-## ----------------------------------- ##
-## Main body of $CONFIG_STATUS script. ##
-## ----------------------------------- ##
-_ASEOF
-test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# Save the log message, to keep $0 and so on meaningful, and to
-# report actual input values of CONFIG_FILES etc. instead of their
-# values after options handling.
-ac_log="
-This file was extended by $as_me, which was
-generated by GNU Autoconf 2.71. Invocation command line was
-
- CONFIG_FILES = $CONFIG_FILES
- CONFIG_HEADERS = $CONFIG_HEADERS
- CONFIG_LINKS = $CONFIG_LINKS
- CONFIG_COMMANDS = $CONFIG_COMMANDS
- $ $0 $@
-
-on `(hostname || uname -n) 2>/dev/null | sed 1q`
-"
-
-_ACEOF
-
-case $ac_config_files in *"
-"*) set x $ac_config_files; shift; ac_config_files=$*;;
-esac
-
-
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-# Files that config.status was made for.
-config_files="$ac_config_files"
-config_commands="$ac_config_commands"
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-ac_cs_usage="\
-\`$as_me' instantiates files and other configuration actions
-from templates according to the current configuration. Unless the files
-and actions are specified as TAGs, all are instantiated by default.
-
-Usage: $0 [OPTION]... [TAG]...
-
- -h, --help print this help, then exit
- -V, --version print version number and configuration settings, then exit
- --config print configuration, then exit
- -q, --quiet, --silent
- do not print progress messages
- -d, --debug don't remove temporary files
- --recheck update $as_me by reconfiguring in the same conditions
- --file=FILE[:TEMPLATE]
- instantiate the configuration file FILE
-
-Configuration files:
-$config_files
-
-Configuration commands:
-$config_commands
-
-Report bugs to the package provider."
-
-_ACEOF
-ac_cs_config=`printf "%s\n" "$ac_configure_args" | sed "$ac_safe_unquote"`
-ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"`
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_cs_config='$ac_cs_config_escaped'
-ac_cs_version="\\
-config.status
-configured by $0, generated by GNU Autoconf 2.71,
- with options \\"\$ac_cs_config\\"
-
-Copyright (C) 2021 Free Software Foundation, Inc.
-This config.status script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it."
-
-ac_pwd='$ac_pwd'
-srcdir='$srcdir'
-INSTALL='$INSTALL'
-MKDIR_P='$MKDIR_P'
-AWK='$AWK'
-test -n "\$AWK" || AWK=awk
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# The default lists apply if the user does not specify any file.
-ac_need_defaults=:
-while test $# != 0
-do
- case $1 in
- --*=?*)
- ac_option=`expr "X$1" : 'X\([^=]*\)='`
- ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
- ac_shift=:
- ;;
- --*=)
- ac_option=`expr "X$1" : 'X\([^=]*\)='`
- ac_optarg=
- ac_shift=:
- ;;
- *)
- ac_option=$1
- ac_optarg=$2
- ac_shift=shift
- ;;
- esac
-
- case $ac_option in
- # Handling of the options.
- -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
- ac_cs_recheck=: ;;
- --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
- printf "%s\n" "$ac_cs_version"; exit ;;
- --config | --confi | --conf | --con | --co | --c )
- printf "%s\n" "$ac_cs_config"; exit ;;
- --debug | --debu | --deb | --de | --d | -d )
- debug=: ;;
- --file | --fil | --fi | --f )
- $ac_shift
- case $ac_optarg in
- *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
- '') as_fn_error $? "missing file argument" ;;
- esac
- as_fn_append CONFIG_FILES " '$ac_optarg'"
- ac_need_defaults=false;;
- --he | --h | --help | --hel | -h )
- printf "%s\n" "$ac_cs_usage"; exit ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil | --si | --s)
- ac_cs_silent=: ;;
-
- # This is an error.
- -*) as_fn_error $? "unrecognized option: \`$1'
-Try \`$0 --help' for more information." ;;
-
- *) as_fn_append ac_config_targets " $1"
- ac_need_defaults=false ;;
-
- esac
- shift
-done
-
-ac_configure_extra_args=
-
-if $ac_cs_silent; then
- exec 6>/dev/null
- ac_configure_extra_args="$ac_configure_extra_args --silent"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-if \$ac_cs_recheck; then
- set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
- shift
- \printf "%s\n" "running CONFIG_SHELL=$SHELL \$*" >&6
- CONFIG_SHELL='$SHELL'
- export CONFIG_SHELL
- exec "\$@"
-fi
-
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-exec 5>>config.log
-{
- echo
- sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
-## Running $as_me. ##
-_ASBOX
- printf "%s\n" "$ac_log"
-} >&5
-
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-#
-# INIT-COMMANDS
-#
-AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"
-
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-sed_quote_subst='$sed_quote_subst'
-double_quote_subst='$double_quote_subst'
-delay_variable_subst='$delay_variable_subst'
-macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`'
-macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`'
-enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`'
-enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`'
-pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`'
-enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`'
-shared_archive_member_spec='`$ECHO "$shared_archive_member_spec" | $SED "$delay_single_quote_subst"`'
-SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`'
-ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`'
-PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`'
-host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`'
-host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`'
-host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`'
-build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`'
-build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`'
-build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`'
-SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`'
-Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`'
-GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`'
-EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`'
-FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`'
-LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`'
-NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`'
-LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`'
-max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`'
-ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`'
-exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`'
-lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`'
-lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`'
-lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`'
-lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`'
-lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`'
-reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`'
-reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`'
-OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`'
-deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`'
-file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`'
-file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`'
-want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`'
-DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`'
-sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`'
-AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`'
-AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`'
-archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`'
-STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`'
-RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`'
-old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`'
-old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`'
-old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`'
-lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`'
-CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`'
-CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`'
-compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`'
-GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_import='`$ECHO "$lt_cv_sys_global_symbol_to_import" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`'
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`'
-lt_cv_nm_interface='`$ECHO "$lt_cv_nm_interface" | $SED "$delay_single_quote_subst"`'
-nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`'
-lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`'
-lt_cv_truncate_bin='`$ECHO "$lt_cv_truncate_bin" | $SED "$delay_single_quote_subst"`'
-objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`'
-MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`'
-lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`'
-lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`'
-need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`'
-MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`'
-DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`'
-NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`'
-LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`'
-OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`'
-OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`'
-libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`'
-shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`'
-extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`'
-archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`'
-enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`'
-export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`'
-whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`'
-compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`'
-old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`'
-old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`'
-archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`'
-archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`'
-module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`'
-module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`'
-with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`'
-allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`'
-no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`'
-hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`'
-hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`'
-hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`'
-hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`'
-hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`'
-hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`'
-hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`'
-inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`'
-link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`'
-always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`'
-export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`'
-exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`'
-include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`'
-prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`'
-postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`'
-file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`'
-variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`'
-need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`'
-need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`'
-version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`'
-runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`'
-shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`'
-shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`'
-libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`'
-library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`'
-soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`'
-install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`'
-postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`'
-postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`'
-finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`'
-finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`'
-hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`'
-sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`'
-configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`'
-configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`'
-hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`'
-enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`'
-enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`'
-enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`'
-old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`'
-striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`'
-
-LTCC='$LTCC'
-LTCFLAGS='$LTCFLAGS'
-compiler='$compiler_DEFAULT'
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
- eval 'cat <<_LTECHO_EOF
-\$1
-_LTECHO_EOF'
-}
-
-# Quote evaled strings.
-for var in SHELL \
-ECHO \
-PATH_SEPARATOR \
-SED \
-GREP \
-EGREP \
-FGREP \
-LD \
-NM \
-LN_S \
-lt_SP2NL \
-lt_NL2SP \
-reload_flag \
-OBJDUMP \
-deplibs_check_method \
-file_magic_cmd \
-file_magic_glob \
-want_nocaseglob \
-DLLTOOL \
-sharedlib_from_linklib_cmd \
-AR \
-AR_FLAGS \
-archiver_list_spec \
-STRIP \
-RANLIB \
-CC \
-CFLAGS \
-compiler \
-lt_cv_sys_global_symbol_pipe \
-lt_cv_sys_global_symbol_to_cdecl \
-lt_cv_sys_global_symbol_to_import \
-lt_cv_sys_global_symbol_to_c_name_address \
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \
-lt_cv_nm_interface \
-nm_file_list_spec \
-lt_cv_truncate_bin \
-lt_prog_compiler_no_builtin_flag \
-lt_prog_compiler_pic \
-lt_prog_compiler_wl \
-lt_prog_compiler_static \
-lt_cv_prog_compiler_c_o \
-need_locks \
-MANIFEST_TOOL \
-DSYMUTIL \
-NMEDIT \
-LIPO \
-OTOOL \
-OTOOL64 \
-shrext_cmds \
-export_dynamic_flag_spec \
-whole_archive_flag_spec \
-compiler_needs_object \
-with_gnu_ld \
-allow_undefined_flag \
-no_undefined_flag \
-hardcode_libdir_flag_spec \
-hardcode_libdir_separator \
-exclude_expsyms \
-include_expsyms \
-file_list_spec \
-variables_saved_for_relink \
-libname_spec \
-library_names_spec \
-soname_spec \
-install_override_mode \
-finish_eval \
-old_striplib \
-striplib; do
- case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
- *[\\\\\\\`\\"\\\$]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
- ;;
- *)
- eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
- ;;
- esac
-done
-
-# Double-quote double-evaled strings.
-for var in reload_cmds \
-old_postinstall_cmds \
-old_postuninstall_cmds \
-old_archive_cmds \
-extract_expsyms_cmds \
-old_archive_from_new_cmds \
-old_archive_from_expsyms_cmds \
-archive_cmds \
-archive_expsym_cmds \
-module_cmds \
-module_expsym_cmds \
-export_symbols_cmds \
-prelink_cmds \
-postlink_cmds \
-postinstall_cmds \
-postuninstall_cmds \
-finish_cmds \
-sys_lib_search_path_spec \
-configure_time_dlsearch_path \
-configure_time_lt_sys_library_path; do
- case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
- *[\\\\\\\`\\"\\\$]*)
- eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
- ;;
- *)
- eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
- ;;
- esac
-done
-
-ac_aux_dir='$ac_aux_dir'
-
-# See if we are running on zsh, and set the options that allow our
-# commands through without removal of \ escapes INIT.
-if test -n "\${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
-fi
-
-
- PACKAGE='$PACKAGE'
- VERSION='$VERSION'
- RM='$RM'
- ofile='$ofile'
-
-
-
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-
-# Handling of arguments.
-for ac_config_target in $ac_config_targets
-do
- case $ac_config_target in
- "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
- "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
- "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
- "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
- "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
- "swig/Makefile") CONFIG_FILES="$CONFIG_FILES swig/Makefile" ;;
- "swig/perl/Makefile") CONFIG_FILES="$CONFIG_FILES swig/perl/Makefile" ;;
- "swig/perl/Makefile.PL") CONFIG_FILES="$CONFIG_FILES swig/perl/Makefile.PL" ;;
- "swig/python/Makefile") CONFIG_FILES="$CONFIG_FILES swig/python/Makefile" ;;
- "swig/python/setup.py") CONFIG_FILES="$CONFIG_FILES swig/python/setup.py" ;;
- "swig/python/test/Makefile") CONFIG_FILES="$CONFIG_FILES swig/python/test/Makefile" ;;
- "swig/ruby/Makefile") CONFIG_FILES="$CONFIG_FILES swig/ruby/Makefile" ;;
- "testsuite/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/Makefile" ;;
- "testsuite/config/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/config/Makefile" ;;
- "testsuite/libaalogparse.test/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/libaalogparse.test/Makefile" ;;
- "testsuite/lib/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/lib/Makefile" ;;
- "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
- "include/sys/Makefile") CONFIG_FILES="$CONFIG_FILES include/sys/Makefile" ;;
-
- *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
- esac
-done
-
-
-# If the user did not use the arguments to specify the items to instantiate,
-# then the envvar interface is used. Set only those that are not.
-# We use the long form for the default assignment because of an extremely
-# bizarre bug on SunOS 4.1.3.
-if $ac_need_defaults; then
- test ${CONFIG_FILES+y} || CONFIG_FILES=$config_files
- test ${CONFIG_COMMANDS+y} || CONFIG_COMMANDS=$config_commands
-fi
-
-# Have a temporary directory for convenience. Make it in the build tree
-# simply because there is no reason against having it here, and in addition,
-# creating and moving files from /tmp can sometimes cause problems.
-# Hook for its removal unless debugging.
-# Note that there is a small window in which the directory will not be cleaned:
-# after its creation but before its name has been assigned to `$tmp'.
-$debug ||
-{
- tmp= ac_tmp=
- trap 'exit_status=$?
- : "${ac_tmp:=$tmp}"
- { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
-' 0
- trap 'as_fn_exit 1' 1 2 13 15
-}
-# Create a (secure) tmp directory for tmp files.
-
-{
- tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
- test -d "$tmp"
-} ||
-{
- tmp=./conf$$-$RANDOM
- (umask 077 && mkdir "$tmp")
-} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
-ac_tmp=$tmp
-
-# Set up the scripts for CONFIG_FILES section.
-# No need to generate them if there are no CONFIG_FILES.
-# This happens for instance with `./config.status config.h'.
-if test -n "$CONFIG_FILES"; then
-
-
-ac_cr=`echo X | tr X '\015'`
-# On cygwin, bash can eat \r inside `` if the user requested igncr.
-# But we know of no other shell where ac_cr would be empty at this
-# point, so we can use a bashism as a fallback.
-if test "x$ac_cr" = x; then
- eval ac_cr=\$\'\\r\'
-fi
-ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
-if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
- ac_cs_awk_cr='\\r'
-else
- ac_cs_awk_cr=$ac_cr
-fi
-
-echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
-_ACEOF
-
-
-{
- echo "cat >conf$$subs.awk <<_ACEOF" &&
- echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
- echo "_ACEOF"
-} >conf$$subs.sh ||
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
-ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
-ac_delim='%!_!# '
-for ac_last_try in false false false false false :; do
- . ./conf$$subs.sh ||
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
-
- ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
- if test $ac_delim_n = $ac_delim_num; then
- break
- elif $ac_last_try; then
- as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
- else
- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
- fi
-done
-rm -f conf$$subs.sh
-
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
-_ACEOF
-sed -n '
-h
-s/^/S["/; s/!.*/"]=/
-p
-g
-s/^[^!]*!//
-:repl
-t repl
-s/'"$ac_delim"'$//
-t delim
-:nl
-h
-s/\(.\{148\}\)..*/\1/
-t more1
-s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
-p
-n
-b repl
-:more1
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t nl
-:delim
-h
-s/\(.\{148\}\)..*/\1/
-t more2
-s/["\\]/\\&/g; s/^/"/; s/$/"/
-p
-b
-:more2
-s/["\\]/\\&/g; s/^/"/; s/$/"\\/
-p
-g
-s/.\{148\}//
-t delim
-' <conf$$subs.awk | sed '
-/^[^""]/{
- N
- s/\n//
-}
-' >>$CONFIG_STATUS || ac_write_fail=1
-rm -f conf$$subs.awk
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-_ACAWK
-cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
- for (key in S) S_is_set[key] = 1
- FS = "�"
-
-}
-{
- line = $ 0
- nfields = split(line, field, "@")
- substed = 0
- len = length(field[1])
- for (i = 2; i < nfields; i++) {
- key = field[i]
- keylen = length(key)
- if (S_is_set[key]) {
- value = S[key]
- line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
- len += length(value) + length(field[++i])
- substed = 1
- } else
- len += 1 + keylen
- }
-
- print line
-}
-
-_ACAWK
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
- sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
-else
- cat
-fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
- || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
-_ACEOF
-
-# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
-# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
-# trailing colons and then remove the whole line if VPATH becomes empty
-# (actually we leave an empty line to preserve line numbers).
-if test "x$srcdir" = x.; then
- ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
-h
-s///
-s/^/:/
-s/[ ]*$/:/
-s/:\$(srcdir):/:/g
-s/:\${srcdir}:/:/g
-s/:@srcdir@:/:/g
-s/^:*//
-s/:*$//
-x
-s/\(=[ ]*\).*/\1/
-G
-s/\n//
-s/^[^=]*=[ ]*$//
-}'
-fi
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-fi # test -n "$CONFIG_FILES"
-
-
-eval set X " :F $CONFIG_FILES :C $CONFIG_COMMANDS"
-shift
-for ac_tag
-do
- case $ac_tag in
- :[FHLC]) ac_mode=$ac_tag; continue;;
- esac
- case $ac_mode$ac_tag in
- :[FHL]*:*);;
- :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
- :[FH]-) ac_tag=-:-;;
- :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
- esac
- ac_save_IFS=$IFS
- IFS=:
- set x $ac_tag
- IFS=$ac_save_IFS
- shift
- ac_file=$1
- shift
-
- case $ac_mode in
- :L) ac_source=$1;;
- :[FH])
- ac_file_inputs=
- for ac_f
- do
- case $ac_f in
- -) ac_f="$ac_tmp/stdin";;
- *) # Look for the file first in the build tree, then in the source tree
- # (if the path is not absolute). The absolute path cannot be DOS-style,
- # because $ac_f cannot contain `:'.
- test -f "$ac_f" ||
- case $ac_f in
- [\\/$]*) false;;
- *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
- esac ||
- as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
- esac
- case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
- as_fn_append ac_file_inputs " '$ac_f'"
- done
-
- # Let's still pretend it is `configure' which instantiates (i.e., don't
- # use $as_me), people would be surprised to read:
- # /* config.h. Generated by config.status. */
- configure_input='Generated from '`
- printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
- `' by configure.'
- if test x"$ac_file" != x-; then
- configure_input="$ac_file. $configure_input"
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
-printf "%s\n" "$as_me: creating $ac_file" >&6;}
- fi
- # Neutralize special characters interpreted by sed in replacement strings.
- case $configure_input in #(
- *\&* | *\|* | *\\* )
- ac_sed_conf_input=`printf "%s\n" "$configure_input" |
- sed 's/[\\\\&|]/\\\\&/g'`;; #(
- *) ac_sed_conf_input=$configure_input;;
- esac
-
- case $ac_tag in
- *:-:* | *:-) cat >"$ac_tmp/stdin" \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
- esac
- ;;
- esac
-
- ac_dir=`$as_dirname -- "$ac_file" ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$ac_file" : 'X\(//\)[^/]' \| \
- X"$ac_file" : 'X\(//\)$' \| \
- X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$ac_file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- as_dir="$ac_dir"; as_fn_mkdir_p
- ac_builddir=.
-
-case "$ac_dir" in
-.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
-*)
- ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
- # A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
- case $ac_top_builddir_sub in
- "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
- *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
- esac ;;
-esac
-ac_abs_top_builddir=$ac_pwd
-ac_abs_builddir=$ac_pwd$ac_dir_suffix
-# for backward compatibility:
-ac_top_builddir=$ac_top_build_prefix
-
-case $srcdir in
- .) # We are building in place.
- ac_srcdir=.
- ac_top_srcdir=$ac_top_builddir_sub
- ac_abs_top_srcdir=$ac_pwd ;;
- [\\/]* | ?:[\\/]* ) # Absolute name.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir
- ac_abs_top_srcdir=$srcdir ;;
- *) # Relative name.
- ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_build_prefix$srcdir
- ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
-esac
-ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
-
-
- case $ac_mode in
- :F)
- #
- # CONFIG_FILE
- #
-
- case $INSTALL in
- [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
- *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
- esac
- ac_MKDIR_P=$MKDIR_P
- case $MKDIR_P in
- [\\/$]* | ?:[\\/]* ) ;;
- */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
- esac
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-# If the template does not know about datarootdir, expand it.
-# FIXME: This hack should be removed a few years after 2.60.
-ac_datarootdir_hack=; ac_datarootdir_seen=
-ac_sed_dataroot='
-/datarootdir/ {
- p
- q
-}
-/@datadir@/p
-/@docdir@/p
-/@infodir@/p
-/@localedir@/p
-/@mandir@/p'
-case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
-*datarootdir*) ac_datarootdir_seen=yes;;
-*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
-printf "%s\n" "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
- ac_datarootdir_hack='
- s&@datadir@&$datadir&g
- s&@docdir@&$docdir&g
- s&@infodir@&$infodir&g
- s&@localedir@&$localedir&g
- s&@mandir@&$mandir&g
- s&\\\${datarootdir}&$datarootdir&g' ;;
-esac
-_ACEOF
-
-# Neutralize VPATH when `$srcdir' = `.'.
-# Shell code in configure.ac might set extrasub.
-# FIXME: do we really want to maintain this feature?
-cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_sed_extra="$ac_vpsub
-$extrasub
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
-:t
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s|@configure_input@|$ac_sed_conf_input|;t t
-s&@top_builddir@&$ac_top_builddir_sub&;t t
-s&@top_build_prefix@&$ac_top_build_prefix&;t t
-s&@srcdir@&$ac_srcdir&;t t
-s&@abs_srcdir@&$ac_abs_srcdir&;t t
-s&@top_srcdir@&$ac_top_srcdir&;t t
-s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
-s&@builddir@&$ac_builddir&;t t
-s&@abs_builddir@&$ac_abs_builddir&;t t
-s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
-s&@INSTALL@&$ac_INSTALL&;t t
-s&@MKDIR_P@&$ac_MKDIR_P&;t t
-$ac_datarootdir_hack
-"
-eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
- >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
-
-test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
- { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
- { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
- "$ac_tmp/out"`; test -z "$ac_out"; } &&
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined" >&5
-printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined" >&2;}
-
- rm -f "$ac_tmp/stdin"
- case $ac_file in
- -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
- *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
- esac \
- || as_fn_error $? "could not create $ac_file" "$LINENO" 5
- ;;
-
-
- :C) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
-printf "%s\n" "$as_me: executing $ac_file commands" >&6;}
- ;;
- esac
-
-
- case $ac_file$ac_mode in
- "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
- # Older Autoconf quotes --file arguments for eval, but not when files
- # are listed without --file. Let's play safe and only enable the eval
- # if we detect the quoting.
- # TODO: see whether this extra hack can be removed once we start
- # requiring Autoconf 2.70 or later.
- case $CONFIG_FILES in #(
- *\'*) :
- eval set x "$CONFIG_FILES" ;; #(
- *) :
- set x $CONFIG_FILES ;; #(
- *) :
- ;;
-esac
- shift
- # Used to flag and report bootstrapping failures.
- am_rc=0
- for am_mf
- do
- # Strip MF so we end up with the name of the file.
- am_mf=`printf "%s\n" "$am_mf" | sed -e 's/:.*$//'`
- # Check whether this is an Automake generated Makefile which includes
- # dependency-tracking related rules and includes.
- # Grep'ing the whole file directly is not great: AIX grep has a line
- # limit of 2048, but all sed's we know have understand at least 4000.
- sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
- || continue
- am_dirpart=`$as_dirname -- "$am_mf" ||
-$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$am_mf" : 'X\(//\)[^/]' \| \
- X"$am_mf" : 'X\(//\)$' \| \
- X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X"$am_mf" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- am_filepart=`$as_basename -- "$am_mf" ||
-$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \
- X"$am_mf" : 'X\(//\)$' \| \
- X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
-printf "%s\n" X/"$am_mf" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- { echo "$as_me:$LINENO: cd "$am_dirpart" \
- && sed -e '/# am--include-marker/d' "$am_filepart" \
- | $MAKE -f - am--depfiles" >&5
- (cd "$am_dirpart" \
- && sed -e '/# am--include-marker/d' "$am_filepart" \
- | $MAKE -f - am--depfiles) >&5 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } || am_rc=$?
- done
- if test $am_rc -ne 0; then
- { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "Something went wrong bootstrapping makefile fragments
- for automatic dependency tracking. If GNU make was not used, consider
- re-running the configure script with MAKE=\"gmake\" (or whatever is
- necessary). You can also try re-running configure with the
- '--disable-dependency-tracking' option to at least be able to build
- the package (albeit without support for automatic dependency tracking).
-See \`config.log' for more details" "$LINENO" 5; }
- fi
- { am_dirpart=; unset am_dirpart;}
- { am_filepart=; unset am_filepart;}
- { am_mf=; unset am_mf;}
- { am_rc=; unset am_rc;}
- rm -f conftest-deps.mk
-}
- ;;
- "libtool":C)
-
- # See if we are running on zsh, and set the options that allow our
- # commands through without removal of \ escapes.
- if test -n "${ZSH_VERSION+set}"; then
- setopt NO_GLOB_SUBST
- fi
-
- cfgfile=${ofile}T
- trap "$RM \"$cfgfile\"; exit 1" 1 2 15
- $RM "$cfgfile"
-
- cat <<_LT_EOF >> "$cfgfile"
-#! $SHELL
-# Generated automatically by $as_me ($PACKAGE) $VERSION
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-
-# Provide generalized library-building support services.
-# Written by Gordon Matzigkeit, 1996
-
-# Copyright (C) 2014 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions. There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# GNU Libtool is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of of the License, or
-# (at your option) any later version.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program or library that is built
-# using GNU Libtool, you may include this file under the same
-# distribution terms that you use for the rest of that program.
-#
-# GNU Libtool is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-
-# The names of the tagged configurations supported by this script.
-available_tags=''
-
-# Configured defaults for sys_lib_dlsearch_path munging.
-: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
-
-# ### BEGIN LIBTOOL CONFIG
-
-# Which release of libtool.m4 was used?
-macro_version=$macro_version
-macro_revision=$macro_revision
-
-# Whether or not to build shared libraries.
-build_libtool_libs=$enable_shared
-
-# Whether or not to build static libraries.
-build_old_libs=$enable_static
-
-# What type of objects to build.
-pic_mode=$pic_mode
-
-# Whether or not to optimize for fast installation.
-fast_install=$enable_fast_install
-
-# Shared archive member basename,for filename based shared library versioning on AIX.
-shared_archive_member_spec=$shared_archive_member_spec
-
-# Shell to use when invoking shell scripts.
-SHELL=$lt_SHELL
-
-# An echo program that protects backslashes.
-ECHO=$lt_ECHO
-
-# The PATH separator for the build system.
-PATH_SEPARATOR=$lt_PATH_SEPARATOR
-
-# The host system.
-host_alias=$host_alias
-host=$host
-host_os=$host_os
-
-# The build system.
-build_alias=$build_alias
-build=$build
-build_os=$build_os
-
-# A sed program that does not truncate output.
-SED=$lt_SED
-
-# Sed that helps us avoid accidentally triggering echo(1) options like -n.
-Xsed="\$SED -e 1s/^X//"
-
-# A grep program that handles long lines.
-GREP=$lt_GREP
-
-# An ERE matcher.
-EGREP=$lt_EGREP
-
-# A literal string matcher.
-FGREP=$lt_FGREP
-
-# A BSD- or MS-compatible name lister.
-NM=$lt_NM
-
-# Whether we need soft or hard links.
-LN_S=$lt_LN_S
-
-# What is the maximum length of a command?
-max_cmd_len=$max_cmd_len
-
-# Object file suffix (normally "o").
-objext=$ac_objext
-
-# Executable file suffix (normally "").
-exeext=$exeext
-
-# whether the shell understands "unset".
-lt_unset=$lt_unset
-
-# turn spaces into newlines.
-SP2NL=$lt_lt_SP2NL
-
-# turn newlines into spaces.
-NL2SP=$lt_lt_NL2SP
-
-# convert \$build file names to \$host format.
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-
-# convert \$build files to toolchain format.
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-
-# An object symbol dumper.
-OBJDUMP=$lt_OBJDUMP
-
-# Method to check whether dependent libraries are shared objects.
-deplibs_check_method=$lt_deplibs_check_method
-
-# Command to use when deplibs_check_method = "file_magic".
-file_magic_cmd=$lt_file_magic_cmd
-
-# How to find potential files when deplibs_check_method = "file_magic".
-file_magic_glob=$lt_file_magic_glob
-
-# Find potential files using nocaseglob when deplibs_check_method = "file_magic".
-want_nocaseglob=$lt_want_nocaseglob
-
-# DLL creation program.
-DLLTOOL=$lt_DLLTOOL
-
-# Command to associate shared and link libraries.
-sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd
-
-# The archiver.
-AR=$lt_AR
-
-# Flags to create an archive.
-AR_FLAGS=$lt_AR_FLAGS
-
-# How to feed a file listing to the archiver.
-archiver_list_spec=$lt_archiver_list_spec
-
-# A symbol stripping program.
-STRIP=$lt_STRIP
-
-# Commands used to install an old-style archive.
-RANLIB=$lt_RANLIB
-old_postinstall_cmds=$lt_old_postinstall_cmds
-old_postuninstall_cmds=$lt_old_postuninstall_cmds
-
-# Whether to use a lock for old archive extraction.
-lock_old_archive_extraction=$lock_old_archive_extraction
-
-# A C compiler.
-LTCC=$lt_CC
-
-# LTCC compiler flags.
-LTCFLAGS=$lt_CFLAGS
-
-# Take the output of nm and produce a listing of raw symbols and C names.
-global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
-
-# Transform the output of nm in a proper C declaration.
-global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
-
-# Transform the output of nm into a list of symbols to manually relocate.
-global_symbol_to_import=$lt_lt_cv_sys_global_symbol_to_import
-
-# Transform the output of nm in a C name address pair.
-global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
-
-# Transform the output of nm in a C name address pair when lib prefix is needed.
-global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix
-
-# The name lister interface.
-nm_interface=$lt_lt_cv_nm_interface
-
-# Specify filename containing input files for \$NM.
-nm_file_list_spec=$lt_nm_file_list_spec
-
-# The root where to search for dependent libraries,and where our libraries should be installed.
-lt_sysroot=$lt_sysroot
-
-# Command to truncate a binary pipe.
-lt_truncate_bin=$lt_lt_cv_truncate_bin
-
-# The name of the directory that contains temporary libtool files.
-objdir=$objdir
-
-# Used to examine libraries when file_magic_cmd begins with "file".
-MAGIC_CMD=$MAGIC_CMD
-
-# Must we lock files when doing compilation?
-need_locks=$lt_need_locks
-
-# Manifest tool.
-MANIFEST_TOOL=$lt_MANIFEST_TOOL
-
-# Tool to manipulate archived DWARF debug symbol files on Mac OS X.
-DSYMUTIL=$lt_DSYMUTIL
-
-# Tool to change global to local symbols on Mac OS X.
-NMEDIT=$lt_NMEDIT
-
-# Tool to manipulate fat objects and archives on Mac OS X.
-LIPO=$lt_LIPO
-
-# ldd/readelf like tool for Mach-O binaries on Mac OS X.
-OTOOL=$lt_OTOOL
-
-# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4.
-OTOOL64=$lt_OTOOL64
-
-# Old archive suffix (normally "a").
-libext=$libext
-
-# Shared library suffix (normally ".so").
-shrext_cmds=$lt_shrext_cmds
-
-# The commands to extract the exported symbol list from a shared archive.
-extract_expsyms_cmds=$lt_extract_expsyms_cmds
-
-# Variables whose values should be saved in libtool wrapper scripts and
-# restored at link time.
-variables_saved_for_relink=$lt_variables_saved_for_relink
-
-# Do we need the "lib" prefix for modules?
-need_lib_prefix=$need_lib_prefix
-
-# Do we need a version for libraries?
-need_version=$need_version
-
-# Library versioning type.
-version_type=$version_type
-
-# Shared library runtime path variable.
-runpath_var=$runpath_var
-
-# Shared library path variable.
-shlibpath_var=$shlibpath_var
-
-# Is shlibpath searched before the hard-coded library search path?
-shlibpath_overrides_runpath=$shlibpath_overrides_runpath
-
-# Format of library name prefix.
-libname_spec=$lt_libname_spec
-
-# List of archive names. First name is the real one, the rest are links.
-# The last name is the one that the linker finds with -lNAME
-library_names_spec=$lt_library_names_spec
-
-# The coded name of the library, if different from the real name.
-soname_spec=$lt_soname_spec
-
-# Permission mode override for installation of shared libraries.
-install_override_mode=$lt_install_override_mode
-
-# Command to use after installation of a shared archive.
-postinstall_cmds=$lt_postinstall_cmds
-
-# Command to use after uninstallation of a shared archive.
-postuninstall_cmds=$lt_postuninstall_cmds
-
-# Commands used to finish a libtool library installation in a directory.
-finish_cmds=$lt_finish_cmds
-
-# As "finish_cmds", except a single script fragment to be evaled but
-# not shown.
-finish_eval=$lt_finish_eval
-
-# Whether we should hardcode library paths into libraries.
-hardcode_into_libs=$hardcode_into_libs
-
-# Compile-time system search path for libraries.
-sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
-
-# Detected run-time system search path for libraries.
-sys_lib_dlsearch_path_spec=$lt_configure_time_dlsearch_path
-
-# Explicit LT_SYS_LIBRARY_PATH set during ./configure time.
-configure_time_lt_sys_library_path=$lt_configure_time_lt_sys_library_path
-
-# Whether dlopen is supported.
-dlopen_support=$enable_dlopen
-
-# Whether dlopen of programs is supported.
-dlopen_self=$enable_dlopen_self
-
-# Whether dlopen of statically linked programs is supported.
-dlopen_self_static=$enable_dlopen_self_static
-
-# Commands to strip libraries.
-old_striplib=$lt_old_striplib
-striplib=$lt_striplib
-
-
-# The linker used to build libraries.
-LD=$lt_LD
-
-# How to create reloadable object files.
-reload_flag=$lt_reload_flag
-reload_cmds=$lt_reload_cmds
-
-# Commands used to build an old-style archive.
-old_archive_cmds=$lt_old_archive_cmds
-
-# A language specific compiler.
-CC=$lt_compiler
-
-# Is the compiler the GNU compiler?
-with_gcc=$GCC
-
-# Compiler flag to turn off builtin functions.
-no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
-
-# Additional compiler flags for building library objects.
-pic_flag=$lt_lt_prog_compiler_pic
-
-# How to pass a linker flag through the compiler.
-wl=$lt_lt_prog_compiler_wl
-
-# Compiler flag to prevent dynamic linking.
-link_static_flag=$lt_lt_prog_compiler_static
-
-# Does compiler simultaneously support -c and -o options?
-compiler_c_o=$lt_lt_cv_prog_compiler_c_o
-
-# Whether or not to add -lc for building shared libraries.
-build_libtool_need_lc=$archive_cmds_need_lc
-
-# Whether or not to disallow shared libs when runtime libs are static.
-allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
-
-# Compiler flag to allow reflexive dlopens.
-export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
-
-# Compiler flag to generate shared objects directly from archives.
-whole_archive_flag_spec=$lt_whole_archive_flag_spec
-
-# Whether the compiler copes with passing no objects directly.
-compiler_needs_object=$lt_compiler_needs_object
-
-# Create an old-style archive from a shared archive.
-old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
-
-# Create a temporary old-style archive to link instead of a shared archive.
-old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
-
-# Commands used to build a shared archive.
-archive_cmds=$lt_archive_cmds
-archive_expsym_cmds=$lt_archive_expsym_cmds
-
-# Commands used to build a loadable module if different from building
-# a shared archive.
-module_cmds=$lt_module_cmds
-module_expsym_cmds=$lt_module_expsym_cmds
-
-# Whether we are building with GNU ld or not.
-with_gnu_ld=$lt_with_gnu_ld
-
-# Flag that allows shared libraries with undefined symbols to be built.
-allow_undefined_flag=$lt_allow_undefined_flag
-
-# Flag that enforces no undefined symbols.
-no_undefined_flag=$lt_no_undefined_flag
-
-# Flag to hardcode \$libdir into a binary during linking.
-# This must work even if \$libdir does not exist
-hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
-
-# Whether we need a single "-rpath" flag with a separated argument.
-hardcode_libdir_separator=$lt_hardcode_libdir_separator
-
-# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
-# DIR into the resulting binary.
-hardcode_direct=$hardcode_direct
-
-# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
-# DIR into the resulting binary and the resulting library dependency is
-# "absolute",i.e impossible to change by setting \$shlibpath_var if the
-# library is relocated.
-hardcode_direct_absolute=$hardcode_direct_absolute
-
-# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
-# into the resulting binary.
-hardcode_minus_L=$hardcode_minus_L
-
-# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
-# into the resulting binary.
-hardcode_shlibpath_var=$hardcode_shlibpath_var
-
-# Set to "yes" if building a shared library automatically hardcodes DIR
-# into the library and all subsequent libraries and executables linked
-# against it.
-hardcode_automatic=$hardcode_automatic
-
-# Set to yes if linker adds runtime paths of dependent libraries
-# to runtime path list.
-inherit_rpath=$inherit_rpath
-
-# Whether libtool must link a program against all its dependency libraries.
-link_all_deplibs=$link_all_deplibs
-
-# Set to "yes" if exported symbols are required.
-always_export_symbols=$always_export_symbols
-
-# The commands to list exported symbols.
-export_symbols_cmds=$lt_export_symbols_cmds
-
-# Symbols that should not be listed in the preloaded symbols.
-exclude_expsyms=$lt_exclude_expsyms
-
-# Symbols that must always be exported.
-include_expsyms=$lt_include_expsyms
-
-# Commands necessary for linking programs (against libraries) with templates.
-prelink_cmds=$lt_prelink_cmds
-
-# Commands necessary for finishing linking programs.
-postlink_cmds=$lt_postlink_cmds
-
-# Specify filename containing input files.
-file_list_spec=$lt_file_list_spec
-
-# How to hardcode a shared library path into an executable.
-hardcode_action=$hardcode_action
-
-# ### END LIBTOOL CONFIG
-
-_LT_EOF
-
- cat <<'_LT_EOF' >> "$cfgfile"
-
-# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
-
-# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-# string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-# string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-# string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-# "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-# VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
- case x$2 in
- x)
- ;;
- *:)
- eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\"
- ;;
- x:*)
- eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\"
- ;;
- *::*)
- eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
- eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\"
- ;;
- *)
- eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\"
- ;;
- esac
-}
-
-
-# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
- for cc_temp in $*""; do
- case $cc_temp in
- compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
- distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
- \-*) ;;
- *) break;;
- esac
- done
- func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-
-
-# ### END FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_EOF
-
- case $host_os in
- aix3*)
- cat <<\_LT_EOF >> "$cfgfile"
-# AIX sometimes has problems with the GCC collect2 program. For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test set != "${COLLECT_NAMES+set}"; then
- COLLECT_NAMES=
- export COLLECT_NAMES
-fi
-_LT_EOF
- ;;
- esac
-
-
-
-ltmain=$ac_aux_dir/ltmain.sh
-
-
- # We use sed instead of cat because bash on DJGPP gets confused if
- # if finds mixed CR/LF and LF-only lines. Since sed operates in
- # text mode, it properly converts lines to CR/LF. This bash problem
- # is reportedly fixed, but why not run on old versions too?
- sed '$q' "$ltmain" >> "$cfgfile" \
- || (rm -f "$cfgfile"; exit 1)
-
- mv -f "$cfgfile" "$ofile" ||
- (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
- chmod +x "$ofile"
-
- ;;
-
- esac
-done # for ac_tag
-
-
-as_fn_exit 0
-_ACEOF
-ac_clean_files=$ac_clean_files_save
-
-test $ac_write_fail = 0 ||
- as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
-
-
-# configure is writing to config.log, and then calls config.status.
-# config.status does its own redirection, appending to config.log.
-# Unfortunately, on DOS this fails, as config.log is still kept open
-# by configure, so config.status won't be able to write to it; its
-# output is simply discarded. So we exec the FD to /dev/null,
-# effectively closing config.log, so it can be properly (re)opened and
-# appended to by config.status. When coming back to configure, we
-# need to make the FD available again.
-if test "$no_create" != yes; then
- ac_cs_success=:
- ac_config_status_args=
- test "$silent" = yes &&
- ac_config_status_args="$ac_config_status_args --quiet"
- exec 5>/dev/null
- $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
- exec 5>>config.log
- # Use ||, not &&, to avoid exiting from the if with $? = 1, which
- # would make configure fail if this is the last instruction.
- $ac_cs_success || as_fn_exit 1
-fi
-if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
-printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
-fi
-
-
diff --git a/libraries/libapparmor/configure.ac b/libraries/libapparmor/configure.ac
index 0852aebaba0760a4d7f8f6804c2a8c66a4d0859c..85ce865ccd6f76032cbb28a5d788cebbe1b955b7 100644
--- a/libraries/libapparmor/configure.ac
+++ b/libraries/libapparmor/configure.ac
@@ -92,6 +92,17 @@ if test "$ac_cv_prog_cc_c99" = "no"; then
AC_MSG_ERROR([C99 mode is required to build libapparmor])
fi
+AC_PROG_CXX
+
+m4_ifndef([AX_CHECK_COMPILE_FLAG], [AC_MSG_ERROR(['autoconf-archive' missing])])
+EXTRA_CFLAGS="-Wall $EXTRA_WARNINGS -fPIC"
+AX_CHECK_COMPILE_FLAG([-flto-partition=none], , , [-Werror])
+AS_VAR_IF([ax_cv_check_cflags__Werror__flto_partition_none], [yes],
+ [EXTRA_CFLAGS="$EXTRA_CFLAGS -flto-partition=none"]
+ ,)
+AC_SUBST([AM_CFLAGS], ["$EXTRA_CFLAGS"])
+AC_SUBST([AM_CXXFLAGS], ["$EXTRA_CFLAGS"])
+
AC_OUTPUT(
Makefile
doc/Makefile
diff --git a/libraries/libapparmor/depcomp b/libraries/libapparmor/depcomp
deleted file mode 100755
index 715e34311ed2d2dbff881aedc7e25b81db54614c..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/depcomp
+++ /dev/null
@@ -1,791 +0,0 @@
-#! /bin/sh
-# depcomp - compile a program generating dependencies as side-effects
-
-scriptversion=2018-03-07.03; # UTC
-
-# Copyright (C) 1999-2021 Free Software Foundation, Inc.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
-
-case $1 in
- '')
- echo "$0: No command. Try '$0 --help' for more information." 1>&2
- exit 1;
- ;;
- -h | --h*)
- cat <<\EOF
-Usage: depcomp [--help] [--version] PROGRAM [ARGS]
-
-Run PROGRAMS ARGS to compile a file, generating dependencies
-as side-effects.
-
-Environment variables:
- depmode Dependency tracking mode.
- source Source file read by 'PROGRAMS ARGS'.
- object Object file output by 'PROGRAMS ARGS'.
- DEPDIR directory where to store dependencies.
- depfile Dependency file to output.
- tmpdepfile Temporary file to use when outputting dependencies.
- libtool Whether libtool is used (yes/no).
-
-Report bugs to <bug-automake@gnu.org>.
-EOF
- exit $?
- ;;
- -v | --v*)
- echo "depcomp $scriptversion"
- exit $?
- ;;
-esac
-
-# Get the directory component of the given path, and save it in the
-# global variables '$dir'. Note that this directory component will
-# be either empty or ending with a '/' character. This is deliberate.
-set_dir_from ()
-{
- case $1 in
- */*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;;
- *) dir=;;
- esac
-}
-
-# Get the suffix-stripped basename of the given path, and save it the
-# global variable '$base'.
-set_base_from ()
-{
- base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'`
-}
-
-# If no dependency file was actually created by the compiler invocation,
-# we still have to create a dummy depfile, to avoid errors with the
-# Makefile "include basename.Plo" scheme.
-make_dummy_depfile ()
-{
- echo "#dummy" > "$depfile"
-}
-
-# Factor out some common post-processing of the generated depfile.
-# Requires the auxiliary global variable '$tmpdepfile' to be set.
-aix_post_process_depfile ()
-{
- # If the compiler actually managed to produce a dependency file,
- # post-process it.
- if test -f "$tmpdepfile"; then
- # Each line is of the form 'foo.o: dependency.h'.
- # Do two passes, one to just change these to
- # $object: dependency.h
- # and one to simply output
- # dependency.h:
- # which is needed to avoid the deleted-header problem.
- { sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile"
- sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile"
- } > "$depfile"
- rm -f "$tmpdepfile"
- else
- make_dummy_depfile
- fi
-}
-
-# A tabulation character.
-tab=' '
-# A newline character.
-nl='
-'
-# Character ranges might be problematic outside the C locale.
-# These definitions help.
-upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ
-lower=abcdefghijklmnopqrstuvwxyz
-digits=0123456789
-alpha=${upper}${lower}
-
-if test -z "$depmode" || test -z "$source" || test -z "$object"; then
- echo "depcomp: Variables source, object and depmode must be set" 1>&2
- exit 1
-fi
-
-# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
-depfile=${depfile-`echo "$object" |
- sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
-tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
-
-rm -f "$tmpdepfile"
-
-# Avoid interferences from the environment.
-gccflag= dashmflag=
-
-# Some modes work just like other modes, but use different flags. We
-# parameterize here, but still list the modes in the big case below,
-# to make depend.m4 easier to write. Note that we *cannot* use a case
-# here, because this file can only contain one case statement.
-if test "$depmode" = hp; then
- # HP compiler uses -M and no extra arg.
- gccflag=-M
- depmode=gcc
-fi
-
-if test "$depmode" = dashXmstdout; then
- # This is just like dashmstdout with a different argument.
- dashmflag=-xM
- depmode=dashmstdout
-fi
-
-cygpath_u="cygpath -u -f -"
-if test "$depmode" = msvcmsys; then
- # This is just like msvisualcpp but w/o cygpath translation.
- # Just convert the backslash-escaped backslashes to single forward
- # slashes to satisfy depend.m4
- cygpath_u='sed s,\\\\,/,g'
- depmode=msvisualcpp
-fi
-
-if test "$depmode" = msvc7msys; then
- # This is just like msvc7 but w/o cygpath translation.
- # Just convert the backslash-escaped backslashes to single forward
- # slashes to satisfy depend.m4
- cygpath_u='sed s,\\\\,/,g'
- depmode=msvc7
-fi
-
-if test "$depmode" = xlc; then
- # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information.
- gccflag=-qmakedep=gcc,-MF
- depmode=gcc
-fi
-
-case "$depmode" in
-gcc3)
-## gcc 3 implements dependency tracking that does exactly what
-## we want. Yay! Note: for some reason libtool 1.4 doesn't like
-## it if -MD -MP comes after the -MF stuff. Hmm.
-## Unfortunately, FreeBSD c89 acceptance of flags depends upon
-## the command line argument order; so add the flags where they
-## appear in depend2.am. Note that the slowdown incurred here
-## affects only configure: in makefiles, %FASTDEP% shortcuts this.
- for arg
- do
- case $arg in
- -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
- *) set fnord "$@" "$arg" ;;
- esac
- shift # fnord
- shift # $arg
- done
- "$@"
- stat=$?
- if test $stat -ne 0; then
- rm -f "$tmpdepfile"
- exit $stat
- fi
- mv "$tmpdepfile" "$depfile"
- ;;
-
-gcc)
-## Note that this doesn't just cater to obsosete pre-3.x GCC compilers.
-## but also to in-use compilers like IMB xlc/xlC and the HP C compiler.
-## (see the conditional assignment to $gccflag above).
-## There are various ways to get dependency output from gcc. Here's
-## why we pick this rather obscure method:
-## - Don't want to use -MD because we'd like the dependencies to end
-## up in a subdir. Having to rename by hand is ugly.
-## (We might end up doing this anyway to support other compilers.)
-## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
-## -MM, not -M (despite what the docs say). Also, it might not be
-## supported by the other compilers which use the 'gcc' depmode.
-## - Using -M directly means running the compiler twice (even worse
-## than renaming).
- if test -z "$gccflag"; then
- gccflag=-MD,
- fi
- "$@" -Wp,"$gccflag$tmpdepfile"
- stat=$?
- if test $stat -ne 0; then
- rm -f "$tmpdepfile"
- exit $stat
- fi
- rm -f "$depfile"
- echo "$object : \\" > "$depfile"
- # The second -e expression handles DOS-style file names with drive
- # letters.
- sed -e 's/^[^:]*: / /' \
- -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
-## This next piece of magic avoids the "deleted header file" problem.
-## The problem is that when a header file which appears in a .P file
-## is deleted, the dependency causes make to die (because there is
-## typically no way to rebuild the header). We avoid this by adding
-## dummy dependencies for each header file. Too bad gcc doesn't do
-## this for us directly.
-## Some versions of gcc put a space before the ':'. On the theory
-## that the space means something, we add a space to the output as
-## well. hp depmode also adds that space, but also prefixes the VPATH
-## to the object. Take care to not repeat it in the output.
-## Some versions of the HPUX 10.20 sed can't process this invocation
-## correctly. Breaking it into two sed invocations is a workaround.
- tr ' ' "$nl" < "$tmpdepfile" \
- | sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \
- | sed -e 's/$/ :/' >> "$depfile"
- rm -f "$tmpdepfile"
- ;;
-
-hp)
- # This case exists only to let depend.m4 do its work. It works by
- # looking at the text of this script. This case will never be run,
- # since it is checked for above.
- exit 1
- ;;
-
-sgi)
- if test "$libtool" = yes; then
- "$@" "-Wp,-MDupdate,$tmpdepfile"
- else
- "$@" -MDupdate "$tmpdepfile"
- fi
- stat=$?
- if test $stat -ne 0; then
- rm -f "$tmpdepfile"
- exit $stat
- fi
- rm -f "$depfile"
-
- if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files
- echo "$object : \\" > "$depfile"
- # Clip off the initial element (the dependent). Don't try to be
- # clever and replace this with sed code, as IRIX sed won't handle
- # lines with more than a fixed number of characters (4096 in
- # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
- # the IRIX cc adds comments like '#:fec' to the end of the
- # dependency line.
- tr ' ' "$nl" < "$tmpdepfile" \
- | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \
- | tr "$nl" ' ' >> "$depfile"
- echo >> "$depfile"
- # The second pass generates a dummy entry for each header file.
- tr ' ' "$nl" < "$tmpdepfile" \
- | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
- >> "$depfile"
- else
- make_dummy_depfile
- fi
- rm -f "$tmpdepfile"
- ;;
-
-xlc)
- # This case exists only to let depend.m4 do its work. It works by
- # looking at the text of this script. This case will never be run,
- # since it is checked for above.
- exit 1
- ;;
-
-aix)
- # The C for AIX Compiler uses -M and outputs the dependencies
- # in a .u file. In older versions, this file always lives in the
- # current directory. Also, the AIX compiler puts '$object:' at the
- # start of each line; $object doesn't have directory information.
- # Version 6 uses the directory in both cases.
- set_dir_from "$object"
- set_base_from "$object"
- if test "$libtool" = yes; then
- tmpdepfile1=$dir$base.u
- tmpdepfile2=$base.u
- tmpdepfile3=$dir.libs/$base.u
- "$@" -Wc,-M
- else
- tmpdepfile1=$dir$base.u
- tmpdepfile2=$dir$base.u
- tmpdepfile3=$dir$base.u
- "$@" -M
- fi
- stat=$?
- if test $stat -ne 0; then
- rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
- exit $stat
- fi
-
- for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
- do
- test -f "$tmpdepfile" && break
- done
- aix_post_process_depfile
- ;;
-
-tcc)
- # tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26
- # FIXME: That version still under development at the moment of writing.
- # Make that this statement remains true also for stable, released
- # versions.
- # It will wrap lines (doesn't matter whether long or short) with a
- # trailing '\', as in:
- #
- # foo.o : \
- # foo.c \
- # foo.h \
- #
- # It will put a trailing '\' even on the last line, and will use leading
- # spaces rather than leading tabs (at least since its commit 0394caf7
- # "Emit spaces for -MD").
- "$@" -MD -MF "$tmpdepfile"
- stat=$?
- if test $stat -ne 0; then
- rm -f "$tmpdepfile"
- exit $stat
- fi
- rm -f "$depfile"
- # Each non-empty line is of the form 'foo.o : \' or ' dep.h \'.
- # We have to change lines of the first kind to '$object: \'.
- sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile"
- # And for each line of the second kind, we have to emit a 'dep.h:'
- # dummy dependency, to avoid the deleted-header problem.
- sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile"
- rm -f "$tmpdepfile"
- ;;
-
-## The order of this option in the case statement is important, since the
-## shell code in configure will try each of these formats in the order
-## listed in this file. A plain '-MD' option would be understood by many
-## compilers, so we must ensure this comes after the gcc and icc options.
-pgcc)
- # Portland's C compiler understands '-MD'.
- # Will always output deps to 'file.d' where file is the root name of the
- # source file under compilation, even if file resides in a subdirectory.
- # The object file name does not affect the name of the '.d' file.
- # pgcc 10.2 will output
- # foo.o: sub/foo.c sub/foo.h
- # and will wrap long lines using '\' :
- # foo.o: sub/foo.c ... \
- # sub/foo.h ... \
- # ...
- set_dir_from "$object"
- # Use the source, not the object, to determine the base name, since
- # that's sadly what pgcc will do too.
- set_base_from "$source"
- tmpdepfile=$base.d
-
- # For projects that build the same source file twice into different object
- # files, the pgcc approach of using the *source* file root name can cause
- # problems in parallel builds. Use a locking strategy to avoid stomping on
- # the same $tmpdepfile.
- lockdir=$base.d-lock
- trap "
- echo '$0: caught signal, cleaning up...' >&2
- rmdir '$lockdir'
- exit 1
- " 1 2 13 15
- numtries=100
- i=$numtries
- while test $i -gt 0; do
- # mkdir is a portable test-and-set.
- if mkdir "$lockdir" 2>/dev/null; then
- # This process acquired the lock.
- "$@" -MD
- stat=$?
- # Release the lock.
- rmdir "$lockdir"
- break
- else
- # If the lock is being held by a different process, wait
- # until the winning process is done or we timeout.
- while test -d "$lockdir" && test $i -gt 0; do
- sleep 1
- i=`expr $i - 1`
- done
- fi
- i=`expr $i - 1`
- done
- trap - 1 2 13 15
- if test $i -le 0; then
- echo "$0: failed to acquire lock after $numtries attempts" >&2
- echo "$0: check lockdir '$lockdir'" >&2
- exit 1
- fi
-
- if test $stat -ne 0; then
- rm -f "$tmpdepfile"
- exit $stat
- fi
- rm -f "$depfile"
- # Each line is of the form `foo.o: dependent.h',
- # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
- # Do two passes, one to just change these to
- # `$object: dependent.h' and one to simply `dependent.h:'.
- sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
- # Some versions of the HPUX 10.20 sed can't process this invocation
- # correctly. Breaking it into two sed invocations is a workaround.
- sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \
- | sed -e 's/$/ :/' >> "$depfile"
- rm -f "$tmpdepfile"
- ;;
-
-hp2)
- # The "hp" stanza above does not work with aCC (C++) and HP's ia64
- # compilers, which have integrated preprocessors. The correct option
- # to use with these is +Maked; it writes dependencies to a file named
- # 'foo.d', which lands next to the object file, wherever that
- # happens to be.
- # Much of this is similar to the tru64 case; see comments there.
- set_dir_from "$object"
- set_base_from "$object"
- if test "$libtool" = yes; then
- tmpdepfile1=$dir$base.d
- tmpdepfile2=$dir.libs/$base.d
- "$@" -Wc,+Maked
- else
- tmpdepfile1=$dir$base.d
- tmpdepfile2=$dir$base.d
- "$@" +Maked
- fi
- stat=$?
- if test $stat -ne 0; then
- rm -f "$tmpdepfile1" "$tmpdepfile2"
- exit $stat
- fi
-
- for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
- do
- test -f "$tmpdepfile" && break
- done
- if test -f "$tmpdepfile"; then
- sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile"
- # Add 'dependent.h:' lines.
- sed -ne '2,${
- s/^ *//
- s/ \\*$//
- s/$/:/
- p
- }' "$tmpdepfile" >> "$depfile"
- else
- make_dummy_depfile
- fi
- rm -f "$tmpdepfile" "$tmpdepfile2"
- ;;
-
-tru64)
- # The Tru64 compiler uses -MD to generate dependencies as a side
- # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'.
- # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
- # dependencies in 'foo.d' instead, so we check for that too.
- # Subdirectories are respected.
- set_dir_from "$object"
- set_base_from "$object"
-
- if test "$libtool" = yes; then
- # Libtool generates 2 separate objects for the 2 libraries. These
- # two compilations output dependencies in $dir.libs/$base.o.d and
- # in $dir$base.o.d. We have to check for both files, because
- # one of the two compilations can be disabled. We should prefer
- # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
- # automatically cleaned when .libs/ is deleted, while ignoring
- # the former would cause a distcleancheck panic.
- tmpdepfile1=$dir$base.o.d # libtool 1.5
- tmpdepfile2=$dir.libs/$base.o.d # Likewise.
- tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504
- "$@" -Wc,-MD
- else
- tmpdepfile1=$dir$base.d
- tmpdepfile2=$dir$base.d
- tmpdepfile3=$dir$base.d
- "$@" -MD
- fi
-
- stat=$?
- if test $stat -ne 0; then
- rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
- exit $stat
- fi
-
- for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
- do
- test -f "$tmpdepfile" && break
- done
- # Same post-processing that is required for AIX mode.
- aix_post_process_depfile
- ;;
-
-msvc7)
- if test "$libtool" = yes; then
- showIncludes=-Wc,-showIncludes
- else
- showIncludes=-showIncludes
- fi
- "$@" $showIncludes > "$tmpdepfile"
- stat=$?
- grep -v '^Note: including file: ' "$tmpdepfile"
- if test $stat -ne 0; then
- rm -f "$tmpdepfile"
- exit $stat
- fi
- rm -f "$depfile"
- echo "$object : \\" > "$depfile"
- # The first sed program below extracts the file names and escapes
- # backslashes for cygpath. The second sed program outputs the file
- # name when reading, but also accumulates all include files in the
- # hold buffer in order to output them again at the end. This only
- # works with sed implementations that can handle large buffers.
- sed < "$tmpdepfile" -n '
-/^Note: including file: *\(.*\)/ {
- s//\1/
- s/\\/\\\\/g
- p
-}' | $cygpath_u | sort -u | sed -n '
-s/ /\\ /g
-s/\(.*\)/'"$tab"'\1 \\/p
-s/.\(.*\) \\/\1:/
-H
-$ {
- s/.*/'"$tab"'/
- G
- p
-}' >> "$depfile"
- echo >> "$depfile" # make sure the fragment doesn't end with a backslash
- rm -f "$tmpdepfile"
- ;;
-
-msvc7msys)
- # This case exists only to let depend.m4 do its work. It works by
- # looking at the text of this script. This case will never be run,
- # since it is checked for above.
- exit 1
- ;;
-
-#nosideeffect)
- # This comment above is used by automake to tell side-effect
- # dependency tracking mechanisms from slower ones.
-
-dashmstdout)
- # Important note: in order to support this mode, a compiler *must*
- # always write the preprocessed file to stdout, regardless of -o.
- "$@" || exit $?
-
- # Remove the call to Libtool.
- if test "$libtool" = yes; then
- while test "X$1" != 'X--mode=compile'; do
- shift
- done
- shift
- fi
-
- # Remove '-o $object'.
- IFS=" "
- for arg
- do
- case $arg in
- -o)
- shift
- ;;
- $object)
- shift
- ;;
- *)
- set fnord "$@" "$arg"
- shift # fnord
- shift # $arg
- ;;
- esac
- done
-
- test -z "$dashmflag" && dashmflag=-M
- # Require at least two characters before searching for ':'
- # in the target name. This is to cope with DOS-style filenames:
- # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise.
- "$@" $dashmflag |
- sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile"
- rm -f "$depfile"
- cat < "$tmpdepfile" > "$depfile"
- # Some versions of the HPUX 10.20 sed can't process this sed invocation
- # correctly. Breaking it into two sed invocations is a workaround.
- tr ' ' "$nl" < "$tmpdepfile" \
- | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
- | sed -e 's/$/ :/' >> "$depfile"
- rm -f "$tmpdepfile"
- ;;
-
-dashXmstdout)
- # This case only exists to satisfy depend.m4. It is never actually
- # run, as this mode is specially recognized in the preamble.
- exit 1
- ;;
-
-makedepend)
- "$@" || exit $?
- # Remove any Libtool call
- if test "$libtool" = yes; then
- while test "X$1" != 'X--mode=compile'; do
- shift
- done
- shift
- fi
- # X makedepend
- shift
- cleared=no eat=no
- for arg
- do
- case $cleared in
- no)
- set ""; shift
- cleared=yes ;;
- esac
- if test $eat = yes; then
- eat=no
- continue
- fi
- case "$arg" in
- -D*|-I*)
- set fnord "$@" "$arg"; shift ;;
- # Strip any option that makedepend may not understand. Remove
- # the object too, otherwise makedepend will parse it as a source file.
- -arch)
- eat=yes ;;
- -*|$object)
- ;;
- *)
- set fnord "$@" "$arg"; shift ;;
- esac
- done
- obj_suffix=`echo "$object" | sed 's/^.*\././'`
- touch "$tmpdepfile"
- ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
- rm -f "$depfile"
- # makedepend may prepend the VPATH from the source file name to the object.
- # No need to regex-escape $object, excess matching of '.' is harmless.
- sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile"
- # Some versions of the HPUX 10.20 sed can't process the last invocation
- # correctly. Breaking it into two sed invocations is a workaround.
- sed '1,2d' "$tmpdepfile" \
- | tr ' ' "$nl" \
- | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
- | sed -e 's/$/ :/' >> "$depfile"
- rm -f "$tmpdepfile" "$tmpdepfile".bak
- ;;
-
-cpp)
- # Important note: in order to support this mode, a compiler *must*
- # always write the preprocessed file to stdout.
- "$@" || exit $?
-
- # Remove the call to Libtool.
- if test "$libtool" = yes; then
- while test "X$1" != 'X--mode=compile'; do
- shift
- done
- shift
- fi
-
- # Remove '-o $object'.
- IFS=" "
- for arg
- do
- case $arg in
- -o)
- shift
- ;;
- $object)
- shift
- ;;
- *)
- set fnord "$@" "$arg"
- shift # fnord
- shift # $arg
- ;;
- esac
- done
-
- "$@" -E \
- | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
- -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
- | sed '$ s: \\$::' > "$tmpdepfile"
- rm -f "$depfile"
- echo "$object : \\" > "$depfile"
- cat < "$tmpdepfile" >> "$depfile"
- sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
- rm -f "$tmpdepfile"
- ;;
-
-msvisualcpp)
- # Important note: in order to support this mode, a compiler *must*
- # always write the preprocessed file to stdout.
- "$@" || exit $?
-
- # Remove the call to Libtool.
- if test "$libtool" = yes; then
- while test "X$1" != 'X--mode=compile'; do
- shift
- done
- shift
- fi
-
- IFS=" "
- for arg
- do
- case "$arg" in
- -o)
- shift
- ;;
- $object)
- shift
- ;;
- "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
- set fnord "$@"
- shift
- shift
- ;;
- *)
- set fnord "$@" "$arg"
- shift
- shift
- ;;
- esac
- done
- "$@" -E 2>/dev/null |
- sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
- rm -f "$depfile"
- echo "$object : \\" > "$depfile"
- sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile"
- echo "$tab" >> "$depfile"
- sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
- rm -f "$tmpdepfile"
- ;;
-
-msvcmsys)
- # This case exists only to let depend.m4 do its work. It works by
- # looking at the text of this script. This case will never be run,
- # since it is checked for above.
- exit 1
- ;;
-
-none)
- exec "$@"
- ;;
-
-*)
- echo "Unknown depmode $depmode" 1>&2
- exit 1
- ;;
-esac
-
-exit 0
-
-# Local Variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
-# time-stamp-end: "; # UTC"
-# End:
diff --git a/libraries/libapparmor/doc/Makefile.in b/libraries/libapparmor/doc/Makefile.in
deleted file mode 100644
index f5d9d850ae3cb1cc3641f2d4275fb388f01085e4..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/doc/Makefile.in
+++ /dev/null
@@ -1,613 +0,0 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = doc
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/../../common/Version \
- $(top_srcdir)/m4/ac_podchecker.m4 \
- $(top_srcdir)/m4/ac_pod2man.m4 \
- $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-SOURCES =
-DIST_SOURCES =
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-man2dir = $(mandir)/man2
-am__installdirs = "$(DESTDIR)$(man2dir)" "$(DESTDIR)$(man3dir)"
-man3dir = $(mandir)/man3
-NROFF = nroff
-MANS = $(man_MANS)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-am__DIST_COMMON = $(srcdir)/Makefile.in
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POD2MAN = pod2man
-PODCHECKER = podchecker
-PYTHON = @PYTHON@
-PYTHON_CONFIG = @PYTHON_CONFIG@
-PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
-PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
-PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RUBY = @RUBY@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-SWIG = @SWIG@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-@ENABLE_MAN_PAGES_TRUE@man_MANS = aa_change_hat.2 aa_change_profile.2 aa_stack_profile.2 aa_getcon.2 aa_find_mountpoint.2 aa_splitcon.3 aa_query_label.2 aa_features.3 aa_kernel_interface.3 aa_policy_cache.3
-@ENABLE_MAN_PAGES_TRUE@PODS = $(subst .2,.pod,$(man_MANS)) $(subst .3,.pod,$(man_MANS))
-@ENABLE_MAN_PAGES_TRUE@EXTRA_DIST = $(man_MANS) $(PODS)
-@ENABLE_MAN_PAGES_TRUE@CLEANFILES = $(man_MANS)
-all: all-am
-
-.SUFFIXES:
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu doc/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-install-man2: $(man_MANS)
- @$(NORMAL_INSTALL)
- @list1=''; \
- list2='$(man_MANS)'; \
- test -n "$(man2dir)" \
- && test -n "`echo $$list1$$list2`" \
- || exit 0; \
- echo " $(MKDIR_P) '$(DESTDIR)$(man2dir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(man2dir)" || exit 1; \
- { for i in $$list1; do echo "$$i"; done; \
- if test -n "$$list2"; then \
- for i in $$list2; do echo "$$i"; done \
- | sed -n '/\.2[a-z]*$$/p'; \
- fi; \
- } | while read p; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; echo "$$p"; \
- done | \
- sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^2][0-9a-z]*$$,2,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
- sed 'N;N;s,\n, ,g' | { \
- list=; while read file base inst; do \
- if test "$$base" = "$$inst"; then list="$$list $$file"; else \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man2dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man2dir)/$$inst" || exit $$?; \
- fi; \
- done; \
- for i in $$list; do echo "$$i"; done | $(am__base_list) | \
- while read files; do \
- test -z "$$files" || { \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man2dir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(man2dir)" || exit $$?; }; \
- done; }
-
-uninstall-man2:
- @$(NORMAL_UNINSTALL)
- @list=''; test -n "$(man2dir)" || exit 0; \
- files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.2[a-z]*$$/p'; \
- } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^2][0-9a-z]*$$,2,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- dir='$(DESTDIR)$(man2dir)'; $(am__uninstall_files_from_dir)
-install-man3: $(man_MANS)
- @$(NORMAL_INSTALL)
- @list1=''; \
- list2='$(man_MANS)'; \
- test -n "$(man3dir)" \
- && test -n "`echo $$list1$$list2`" \
- || exit 0; \
- echo " $(MKDIR_P) '$(DESTDIR)$(man3dir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(man3dir)" || exit 1; \
- { for i in $$list1; do echo "$$i"; done; \
- if test -n "$$list2"; then \
- for i in $$list2; do echo "$$i"; done \
- | sed -n '/\.3[a-z]*$$/p'; \
- fi; \
- } | while read p; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; echo "$$p"; \
- done | \
- sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
- sed 'N;N;s,\n, ,g' | { \
- list=; while read file base inst; do \
- if test "$$base" = "$$inst"; then list="$$list $$file"; else \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \
- fi; \
- done; \
- for i in $$list; do echo "$$i"; done | $(am__base_list) | \
- while read files; do \
- test -z "$$files" || { \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \
- done; }
-
-uninstall-man3:
- @$(NORMAL_UNINSTALL)
- @list=''; test -n "$(man3dir)" || exit 0; \
- files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.3[a-z]*$$/p'; \
- } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- dir='$(DESTDIR)$(man3dir)'; $(am__uninstall_files_from_dir)
-tags TAGS:
-
-ctags CTAGS:
-
-cscope cscopelist:
-
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(MANS)
-installdirs:
- for dir in "$(DESTDIR)$(man2dir)" "$(DESTDIR)$(man3dir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
- -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
- -rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man: install-man2 install-man3
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-man
-
-uninstall-man: uninstall-man2 uninstall-man3
-
-.MAKE: install-am install-strip
-
-.PHONY: all all-am check check-am clean clean-generic clean-libtool \
- cscopelist-am ctags-am distclean distclean-generic \
- distclean-libtool distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-man2 install-man3 install-pdf install-pdf-am \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
- uninstall-am uninstall-man uninstall-man2 uninstall-man3
-
-.PRECIOUS: Makefile
-
-
-@ENABLE_MAN_PAGES_TRUE@%.2: %.pod
-@ENABLE_MAN_PAGES_TRUE@ $(PODCHECKER) -warnings -warnings $<
-@ENABLE_MAN_PAGES_TRUE@ $(POD2MAN) \
-@ENABLE_MAN_PAGES_TRUE@ --section=2 \
-@ENABLE_MAN_PAGES_TRUE@ --release="AppArmor $(VERSION)" \
-@ENABLE_MAN_PAGES_TRUE@ --center="AppArmor" \
-@ENABLE_MAN_PAGES_TRUE@ --stderr \
-@ENABLE_MAN_PAGES_TRUE@ $< > $@
-
-@ENABLE_MAN_PAGES_TRUE@%.3: %.pod
-@ENABLE_MAN_PAGES_TRUE@ $(PODCHECKER) -warnings -warnings $<
-@ENABLE_MAN_PAGES_TRUE@ $(POD2MAN) \
-@ENABLE_MAN_PAGES_TRUE@ --section=3 \
-@ENABLE_MAN_PAGES_TRUE@ --release="AppArmor $(VERSION)" \
-@ENABLE_MAN_PAGES_TRUE@ --center="AppArmor" \
-@ENABLE_MAN_PAGES_TRUE@ --stderr \
-@ENABLE_MAN_PAGES_TRUE@ $< > $@
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/libraries/libapparmor/include/Makefile.in b/libraries/libapparmor/include/Makefile.in
deleted file mode 100644
index f02759a3b38460faaabd8bf7c97008c57ac2507f..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/include/Makefile.in
+++ /dev/null
@@ -1,703 +0,0 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = include
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/../../common/Version \
- $(top_srcdir)/m4/ac_podchecker.m4 \
- $(top_srcdir)/m4/ac_pod2man.m4 \
- $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(aalogparse_HEADERS) \
- $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-SOURCES =
-DIST_SOURCES =
-RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
- ctags-recursive dvi-recursive html-recursive info-recursive \
- install-data-recursive install-dvi-recursive \
- install-exec-recursive install-html-recursive \
- install-info-recursive install-pdf-recursive \
- install-ps-recursive install-recursive installcheck-recursive \
- installdirs-recursive pdf-recursive ps-recursive \
- tags-recursive uninstall-recursive
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(aalogparsedir)"
-HEADERS = $(aalogparse_HEADERS)
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
- distclean-recursive maintainer-clean-recursive
-am__recursive_targets = \
- $(RECURSIVE_TARGETS) \
- $(RECURSIVE_CLEAN_TARGETS) \
- $(am__extra_recursive_targets)
-AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
- distdir distdir-am
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-DIST_SUBDIRS = $(SUBDIRS)
-am__DIST_COMMON = $(srcdir)/Makefile.in
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-am__relativize = \
- dir0=`pwd`; \
- sed_first='s,^\([^/]*\)/.*$$,\1,'; \
- sed_rest='s,^[^/]*/*,,'; \
- sed_last='s,^.*/\([^/]*\)$$,\1,'; \
- sed_butlast='s,/*[^/]*$$,,'; \
- while test -n "$$dir1"; do \
- first=`echo "$$dir1" | sed -e "$$sed_first"`; \
- if test "$$first" != "."; then \
- if test "$$first" = ".."; then \
- dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
- dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
- else \
- first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
- if test "$$first2" = "$$first"; then \
- dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
- else \
- dir2="../$$dir2"; \
- fi; \
- dir0="$$dir0"/"$$first"; \
- fi; \
- fi; \
- dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
- done; \
- reldir="$$dir2"
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POD2MAN = @POD2MAN@
-PODCHECKER = @PODCHECKER@
-PYTHON = @PYTHON@
-PYTHON_CONFIG = @PYTHON_CONFIG@
-PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
-PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
-PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RUBY = @RUBY@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-SWIG = @SWIG@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUBDIRS = sys
-aalogparsedir = $(includedir)/aalogparse
-aalogparse_HEADERS = aalogparse.h
-all: all-recursive
-
-.SUFFIXES:
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu include/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu include/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-install-aalogparseHEADERS: $(aalogparse_HEADERS)
- @$(NORMAL_INSTALL)
- @list='$(aalogparse_HEADERS)'; test -n "$(aalogparsedir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(aalogparsedir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(aalogparsedir)" || exit 1; \
- fi; \
- for p in $$list; do \
- if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; \
- done | $(am__base_list) | \
- while read files; do \
- echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(aalogparsedir)'"; \
- $(INSTALL_HEADER) $$files "$(DESTDIR)$(aalogparsedir)" || exit $$?; \
- done
-
-uninstall-aalogparseHEADERS:
- @$(NORMAL_UNINSTALL)
- @list='$(aalogparse_HEADERS)'; test -n "$(aalogparsedir)" || list=; \
- files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
- dir='$(DESTDIR)$(aalogparsedir)'; $(am__uninstall_files_from_dir)
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run 'make' without going through this Makefile.
-# To change the values of 'make' variables: instead of editing Makefiles,
-# (1) if the variable is set in 'config.status', edit 'config.status'
-# (which will cause the Makefiles to be regenerated when you run 'make');
-# (2) otherwise, pass the desired values on the 'make' command line.
-$(am__recursive_targets):
- @fail=; \
- if $(am__make_keepgoing); then \
- failcom='fail=yes'; \
- else \
- failcom='exit 1'; \
- fi; \
- dot_seen=no; \
- target=`echo $@ | sed s/-recursive//`; \
- case "$@" in \
- distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
- *) list='$(SUBDIRS)' ;; \
- esac; \
- for subdir in $$list; do \
- echo "Making $$target in $$subdir"; \
- if test "$$subdir" = "."; then \
- dot_seen=yes; \
- local_target="$$target-am"; \
- else \
- local_target="$$target"; \
- fi; \
- ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
- || eval $$failcom; \
- done; \
- if test "$$dot_seen" = "no"; then \
- $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
- fi; test -z "$$fail"
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-recursive
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
- include_option=--etags-include; \
- empty_fix=.; \
- else \
- include_option=--include; \
- empty_fix=; \
- fi; \
- list='$(SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- test ! -f $$subdir/TAGS || \
- set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
- fi; \
- done; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-recursive
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-recursive
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
- @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- $(am__make_dryrun) \
- || test -d "$(distdir)/$$subdir" \
- || $(MKDIR_P) "$(distdir)/$$subdir" \
- || exit 1; \
- dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
- $(am__relativize); \
- new_distdir=$$reldir; \
- dir1=$$subdir; dir2="$(top_distdir)"; \
- $(am__relativize); \
- new_top_distdir=$$reldir; \
- echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
- echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
- ($(am__cd) $$subdir && \
- $(MAKE) $(AM_MAKEFLAGS) \
- top_distdir="$$new_top_distdir" \
- distdir="$$new_distdir" \
- am__remove_distdir=: \
- am__skip_length_check=: \
- am__skip_mode_fix=: \
- distdir) \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-recursive
-all-am: Makefile $(HEADERS)
-installdirs: installdirs-recursive
-installdirs-am:
- for dir in "$(DESTDIR)$(aalogparsedir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
- -rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-html-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am: install-aalogparseHEADERS
-
-install-dvi: install-dvi-recursive
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-recursive
-
-install-html-am:
-
-install-info: install-info-recursive
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-pdf-am:
-
-install-ps: install-ps-recursive
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am: uninstall-aalogparseHEADERS
-
-.MAKE: $(am__recursive_targets) install-am install-strip
-
-.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
- check-am clean clean-generic clean-libtool cscopelist-am ctags \
- ctags-am distclean distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-aalogparseHEADERS install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-man install-pdf install-pdf-am \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs installdirs-am maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
- uninstall-aalogparseHEADERS uninstall-am
-
-.PRECIOUS: Makefile
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/libraries/libapparmor/include/aalogparse.h b/libraries/libapparmor/include/aalogparse.h
index aab0093ffa0105bd8dba70655d7b49f076b98bce..dabffe29506d3b2a38a27d0e29819c977c120943 100644
--- a/libraries/libapparmor/include/aalogparse.h
+++ b/libraries/libapparmor/include/aalogparse.h
@@ -19,6 +19,10 @@
#ifndef __LIBAALOGPARSE_H_
#define __LIBAALOGPARSE_H_
+#ifdef __cplusplus
+extern "C" {
+#endif
+
#define AA_RECORD_EXEC_MMAP 1
#define AA_RECORD_READ 2
#define AA_RECORD_WRITE 4
@@ -26,10 +30,10 @@
#define AA_RECORD_LINK 16
/**
- * This is just for convenience now that we have two
- * wildly different grammars.
+ * Enum representing which syntax version the log entry used.
+ * Support for V1 parsing was completely removed in 2011 and that enum entry
+ * is only still there for API compatibility reasons.
*/
-
typedef enum
{
AA_RECORD_SYNTAX_V1,
@@ -48,70 +52,23 @@ typedef enum
AA_RECORD_STATUS /* Configuration change */
} aa_record_event_type;
-/**
- * With the sole exception of active_hat, this is a 1:1
- * mapping from the keys that the new syntax uses.
- *
- * Some examples of the old syntax and how they're mapped with the aa_log_record struct:
- *
- * "PERMITTING r access to /path (program_name(12345) profile /profile active hat)"
- * - operation: access
- * - requested_mask: r
- * - pid: 12345
- * - profile: /profile
- * - name: /path
- * - info: program_name
- * - active_hat: hat
- *
- * "REJECTING mkdir on /path/to/something (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out"
- * - operation: mkdir
- * - name: /path/to/something
- * - info: bash
- * - pid: 23415
- * - profile: /bin/freak-aa-out
- * - active_hat: /bin/freak-aa-out
- *
- * "REJECTING xattr set on /path/to/something (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)"
- * - operation: xattr
- * - attribute: set
- * - name: /path/to/something
- * - info: bash
- * - pid: 23415
- * - profile: /bin/freak-aa-out
- * - active_hat: /bin/freak-aa-out
- *
- * "PERMITTING attribute (something) change to /else (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)"
- * - operation: setattr
- * - attribute: something
- * - name: /else
- * - info: bash
- * - pid: 23415
- * - profile: /bin/freak-aa-out
- * - active_hat: /bin/freak-aa-out
- *
- * "PERMITTING access to capability 'cap' (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)"
- * - operation: capability
- * - name: cap
- * - info: bash
- * - pid: 23415
- * - profile: /bin/freak-aa-out
- * - active_hat: /bin/freak-aa-out
- *
- * "LOGPROF-HINT unknown_hat TESTHAT pid=27764 profile=/change_hat_test/test_hat active=/change_hat_test/test_hat"
- * - operation: change_hat
- * - name: TESTHAT
- * - info: unknown_hat
- * - pid: 27764
- * - profile: /change_hat_test/test_hat
- * - active_hat: /change_hat_test/test_hat
+/*
+ * Use this preprocessor dance to maintain backcompat for field names
+ * This will break C code that used the C++ reserved keywords "namespace"
+ * and "class" as identifiers, but this is bad practice anyways, and we
+ * hope that we are the only ones in a given C file that messed up this way
*
- * "LOGPROF-HINT fork pid=27764 child=38229"
- * - operation: clone
- * - task: 38229
- * - pid: 27764
- **/
+ * TODO: document this in a man page for aalogparse?
+ */
+#if defined(SWIG) && defined(__cplusplus)
+#error "SWIG and __cplusplus are defined together"
+#elif !defined(SWIG) && !defined(__cplusplus)
+/* Use SWIG's %rename feature to preserve backcompat */
+#define class rule_class
+#define namespace aa_namespace
+#endif
-typedef struct
+typedef struct aa_log_record
{
aa_record_syntax_version version;
aa_record_event_type event; /* Event type */
@@ -134,7 +91,7 @@ typedef struct
char *comm; /* Command that triggered msg */
char *name;
char *name2;
- char *namespace;
+ char *aa_namespace;
char *attribute;
unsigned long parent;
char *info;
@@ -148,6 +105,7 @@ typedef struct
unsigned long net_local_port;
char *net_foreign_addr;
unsigned long net_foreign_port;
+
char *dbus_bus;
char *dbus_path;
char *dbus_interface;
@@ -160,7 +118,11 @@ typedef struct
char *flags;
char *src_name;
- char *class;
+ char *rule_class;
+
+ char *net_addr;
+ char *peer_addr;
+ char *execpath;
} aa_log_record;
/**
@@ -171,7 +133,7 @@ typedef struct
* @return Parsed data.
*/
aa_log_record *
-parse_record(char *str);
+parse_record(const char *str);
/**
* Frees all struct data.
@@ -180,5 +142,9 @@ parse_record(char *str);
void
free_record(aa_log_record *record);
+#ifdef __cplusplus
+}
+#endif
+
#endif
diff --git a/libraries/libapparmor/include/sys/Makefile.in b/libraries/libapparmor/include/sys/Makefile.in
deleted file mode 100644
index 8120ba87273bf50da3787db7d5f4819b0496949c..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/include/sys/Makefile.in
+++ /dev/null
@@ -1,587 +0,0 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = include/sys
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/../../common/Version \
- $(top_srcdir)/m4/ac_podchecker.m4 \
- $(top_srcdir)/m4/ac_pod2man.m4 \
- $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(apparmor_hdr_HEADERS) \
- $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-SOURCES =
-DIST_SOURCES =
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(apparmor_hdrdir)"
-HEADERS = $(apparmor_hdr_HEADERS)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-am__DIST_COMMON = $(srcdir)/Makefile.in
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POD2MAN = @POD2MAN@
-PODCHECKER = @PODCHECKER@
-PYTHON = @PYTHON@
-PYTHON_CONFIG = @PYTHON_CONFIG@
-PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
-PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
-PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RUBY = @RUBY@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-SWIG = @SWIG@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-apparmor_hdrdir = $(includedir)/sys
-apparmor_hdr_HEADERS = apparmor.h apparmor_private.h
-all: all-am
-
-.SUFFIXES:
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu include/sys/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu include/sys/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-install-apparmor_hdrHEADERS: $(apparmor_hdr_HEADERS)
- @$(NORMAL_INSTALL)
- @list='$(apparmor_hdr_HEADERS)'; test -n "$(apparmor_hdrdir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(apparmor_hdrdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(apparmor_hdrdir)" || exit 1; \
- fi; \
- for p in $$list; do \
- if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; \
- done | $(am__base_list) | \
- while read files; do \
- echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(apparmor_hdrdir)'"; \
- $(INSTALL_HEADER) $$files "$(DESTDIR)$(apparmor_hdrdir)" || exit $$?; \
- done
-
-uninstall-apparmor_hdrHEADERS:
- @$(NORMAL_UNINSTALL)
- @list='$(apparmor_hdr_HEADERS)'; test -n "$(apparmor_hdrdir)" || list=; \
- files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
- dir='$(DESTDIR)$(apparmor_hdrdir)'; $(am__uninstall_files_from_dir)
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(HEADERS)
-installdirs:
- for dir in "$(DESTDIR)$(apparmor_hdrdir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
- -rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-apparmor_hdrHEADERS
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-apparmor_hdrHEADERS
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-libtool cscopelist-am ctags ctags-am distclean \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-apparmor_hdrHEADERS install-data install-data-am \
- install-dvi install-dvi-am install-exec install-exec-am \
- install-html install-html-am install-info install-info-am \
- install-man install-pdf install-pdf-am install-ps \
- install-ps-am install-strip installcheck installcheck-am \
- installdirs maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
- ps ps-am tags tags-am uninstall uninstall-am \
- uninstall-apparmor_hdrHEADERS
-
-.PRECIOUS: Makefile
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/libraries/libapparmor/include/sys/apparmor.h b/libraries/libapparmor/include/sys/apparmor.h
index d70eff947c7c9bab3552a6c9f62f64722f98b657..b2901418b54574aa7eaa0d0c501057e51ecbc62f 100644
--- a/libraries/libapparmor/include/sys/apparmor.h
+++ b/libraries/libapparmor/include/sys/apparmor.h
@@ -105,8 +105,8 @@ extern int aa_getpeercon(int fd, char **label, char **mode);
#define AA_QUERY_CMD_LABEL "label"
#define AA_QUERY_CMD_LABEL_SIZE sizeof(AA_QUERY_CMD_LABEL)
-extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allow,
- int *audit);
+extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allowed,
+ int *audited);
extern int aa_query_file_path_len(uint32_t mask, const char *label,
size_t label_len, const char *path,
size_t path_len, int *allowed, int *audited);
@@ -157,6 +157,8 @@ extern int aa_features_write_to_file(aa_features *features,
int dirfd, const char *path);
extern bool aa_features_is_equal(aa_features *features1,
aa_features *features2);
+extern int aa_features_check(int dirfd, const char *path,
+ aa_features *features);
extern bool aa_features_supports(aa_features *features, const char *str);
extern char *aa_features_id(aa_features *features);
extern char *aa_features_value(aa_features *features, const char *str, size_t *len);
@@ -209,6 +211,8 @@ extern char *aa_policy_cache_filename(aa_policy_cache *policy_cache, const char
extern char *aa_policy_cache_dir_path_preview(aa_features *kernel_features,
int dirfd, const char *path);
+extern int aa_split_overlay_str(char *str, char ***vec, size_t max_size, bool immutable);
+
#ifdef __cplusplus
}
#endif
diff --git a/libraries/libapparmor/install-sh b/libraries/libapparmor/install-sh
deleted file mode 100755
index ec298b53740270ce82b326c4c2deaa5dcdec4596..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/install-sh
+++ /dev/null
@@ -1,541 +0,0 @@
-#!/bin/sh
-# install - install a program, script, or datafile
-
-scriptversion=2020-11-14.01; # UTC
-
-# This originates from X11R5 (mit/util/scripts/install.sh), which was
-# later released in X11R6 (xc/config/util/install.sh) with the
-# following copyright and license.
-#
-# Copyright (C) 1994 X Consortium
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to
-# deal in the Software without restriction, including without limitation the
-# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
-# sell copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
-# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
-# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#
-# Except as contained in this notice, the name of the X Consortium shall not
-# be used in advertising or otherwise to promote the sale, use or other deal-
-# ings in this Software without prior written authorization from the X Consor-
-# tium.
-#
-#
-# FSF changes to this file are in the public domain.
-#
-# Calling this script install-sh is preferred over install.sh, to prevent
-# 'make' implicit rules from creating a file called install from it
-# when there is no Makefile.
-#
-# This script is compatible with the BSD install script, but was written
-# from scratch.
-
-tab=' '
-nl='
-'
-IFS=" $tab$nl"
-
-# Set DOITPROG to "echo" to test this script.
-
-doit=${DOITPROG-}
-doit_exec=${doit:-exec}
-
-# Put in absolute file names if you don't have them in your path;
-# or use environment vars.
-
-chgrpprog=${CHGRPPROG-chgrp}
-chmodprog=${CHMODPROG-chmod}
-chownprog=${CHOWNPROG-chown}
-cmpprog=${CMPPROG-cmp}
-cpprog=${CPPROG-cp}
-mkdirprog=${MKDIRPROG-mkdir}
-mvprog=${MVPROG-mv}
-rmprog=${RMPROG-rm}
-stripprog=${STRIPPROG-strip}
-
-posix_mkdir=
-
-# Desired mode of installed file.
-mode=0755
-
-# Create dirs (including intermediate dirs) using mode 755.
-# This is like GNU 'install' as of coreutils 8.32 (2020).
-mkdir_umask=22
-
-backupsuffix=
-chgrpcmd=
-chmodcmd=$chmodprog
-chowncmd=
-mvcmd=$mvprog
-rmcmd="$rmprog -f"
-stripcmd=
-
-src=
-dst=
-dir_arg=
-dst_arg=
-
-copy_on_change=false
-is_target_a_directory=possibly
-
-usage="\
-Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
- or: $0 [OPTION]... SRCFILES... DIRECTORY
- or: $0 [OPTION]... -t DIRECTORY SRCFILES...
- or: $0 [OPTION]... -d DIRECTORIES...
-
-In the 1st form, copy SRCFILE to DSTFILE.
-In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
-In the 4th, create DIRECTORIES.
-
-Options:
- --help display this help and exit.
- --version display version info and exit.
-
- -c (ignored)
- -C install only if different (preserve data modification time)
- -d create directories instead of installing files.
- -g GROUP $chgrpprog installed files to GROUP.
- -m MODE $chmodprog installed files to MODE.
- -o USER $chownprog installed files to USER.
- -p pass -p to $cpprog.
- -s $stripprog installed files.
- -S SUFFIX attempt to back up existing files, with suffix SUFFIX.
- -t DIRECTORY install into DIRECTORY.
- -T report an error if DSTFILE is a directory.
-
-Environment variables override the default commands:
- CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
- RMPROG STRIPPROG
-
-By default, rm is invoked with -f; when overridden with RMPROG,
-it's up to you to specify -f if you want it.
-
-If -S is not specified, no backups are attempted.
-
-Email bug reports to bug-automake@gnu.org.
-Automake home page: https://www.gnu.org/software/automake/
-"
-
-while test $# -ne 0; do
- case $1 in
- -c) ;;
-
- -C) copy_on_change=true;;
-
- -d) dir_arg=true;;
-
- -g) chgrpcmd="$chgrpprog $2"
- shift;;
-
- --help) echo "$usage"; exit $?;;
-
- -m) mode=$2
- case $mode in
- *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*)
- echo "$0: invalid mode: $mode" >&2
- exit 1;;
- esac
- shift;;
-
- -o) chowncmd="$chownprog $2"
- shift;;
-
- -p) cpprog="$cpprog -p";;
-
- -s) stripcmd=$stripprog;;
-
- -S) backupsuffix="$2"
- shift;;
-
- -t)
- is_target_a_directory=always
- dst_arg=$2
- # Protect names problematic for 'test' and other utilities.
- case $dst_arg in
- -* | [=\(\)!]) dst_arg=./$dst_arg;;
- esac
- shift;;
-
- -T) is_target_a_directory=never;;
-
- --version) echo "$0 $scriptversion"; exit $?;;
-
- --) shift
- break;;
-
- -*) echo "$0: invalid option: $1" >&2
- exit 1;;
-
- *) break;;
- esac
- shift
-done
-
-# We allow the use of options -d and -T together, by making -d
-# take the precedence; this is for compatibility with GNU install.
-
-if test -n "$dir_arg"; then
- if test -n "$dst_arg"; then
- echo "$0: target directory not allowed when installing a directory." >&2
- exit 1
- fi
-fi
-
-if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
- # When -d is used, all remaining arguments are directories to create.
- # When -t is used, the destination is already specified.
- # Otherwise, the last argument is the destination. Remove it from $@.
- for arg
- do
- if test -n "$dst_arg"; then
- # $@ is not empty: it contains at least $arg.
- set fnord "$@" "$dst_arg"
- shift # fnord
- fi
- shift # arg
- dst_arg=$arg
- # Protect names problematic for 'test' and other utilities.
- case $dst_arg in
- -* | [=\(\)!]) dst_arg=./$dst_arg;;
- esac
- done
-fi
-
-if test $# -eq 0; then
- if test -z "$dir_arg"; then
- echo "$0: no input file specified." >&2
- exit 1
- fi
- # It's OK to call 'install-sh -d' without argument.
- # This can happen when creating conditional directories.
- exit 0
-fi
-
-if test -z "$dir_arg"; then
- if test $# -gt 1 || test "$is_target_a_directory" = always; then
- if test ! -d "$dst_arg"; then
- echo "$0: $dst_arg: Is not a directory." >&2
- exit 1
- fi
- fi
-fi
-
-if test -z "$dir_arg"; then
- do_exit='(exit $ret); exit $ret'
- trap "ret=129; $do_exit" 1
- trap "ret=130; $do_exit" 2
- trap "ret=141; $do_exit" 13
- trap "ret=143; $do_exit" 15
-
- # Set umask so as not to create temps with too-generous modes.
- # However, 'strip' requires both read and write access to temps.
- case $mode in
- # Optimize common cases.
- *644) cp_umask=133;;
- *755) cp_umask=22;;
-
- *[0-7])
- if test -z "$stripcmd"; then
- u_plus_rw=
- else
- u_plus_rw='% 200'
- fi
- cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
- *)
- if test -z "$stripcmd"; then
- u_plus_rw=
- else
- u_plus_rw=,u+rw
- fi
- cp_umask=$mode$u_plus_rw;;
- esac
-fi
-
-for src
-do
- # Protect names problematic for 'test' and other utilities.
- case $src in
- -* | [=\(\)!]) src=./$src;;
- esac
-
- if test -n "$dir_arg"; then
- dst=$src
- dstdir=$dst
- test -d "$dstdir"
- dstdir_status=$?
- # Don't chown directories that already exist.
- if test $dstdir_status = 0; then
- chowncmd=""
- fi
- else
-
- # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
- # might cause directories to be created, which would be especially bad
- # if $src (and thus $dsttmp) contains '*'.
- if test ! -f "$src" && test ! -d "$src"; then
- echo "$0: $src does not exist." >&2
- exit 1
- fi
-
- if test -z "$dst_arg"; then
- echo "$0: no destination specified." >&2
- exit 1
- fi
- dst=$dst_arg
-
- # If destination is a directory, append the input filename.
- if test -d "$dst"; then
- if test "$is_target_a_directory" = never; then
- echo "$0: $dst_arg: Is a directory" >&2
- exit 1
- fi
- dstdir=$dst
- dstbase=`basename "$src"`
- case $dst in
- */) dst=$dst$dstbase;;
- *) dst=$dst/$dstbase;;
- esac
- dstdir_status=0
- else
- dstdir=`dirname "$dst"`
- test -d "$dstdir"
- dstdir_status=$?
- fi
- fi
-
- case $dstdir in
- */) dstdirslash=$dstdir;;
- *) dstdirslash=$dstdir/;;
- esac
-
- obsolete_mkdir_used=false
-
- if test $dstdir_status != 0; then
- case $posix_mkdir in
- '')
- # With -d, create the new directory with the user-specified mode.
- # Otherwise, rely on $mkdir_umask.
- if test -n "$dir_arg"; then
- mkdir_mode=-m$mode
- else
- mkdir_mode=
- fi
-
- posix_mkdir=false
- # The $RANDOM variable is not portable (e.g., dash). Use it
- # here however when possible just to lower collision chance.
- tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
-
- trap '
- ret=$?
- rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null
- exit $ret
- ' 0
-
- # Because "mkdir -p" follows existing symlinks and we likely work
- # directly in world-writeable /tmp, make sure that the '$tmpdir'
- # directory is successfully created first before we actually test
- # 'mkdir -p'.
- if (umask $mkdir_umask &&
- $mkdirprog $mkdir_mode "$tmpdir" &&
- exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
- then
- if test -z "$dir_arg" || {
- # Check for POSIX incompatibilities with -m.
- # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
- # other-writable bit of parent directory when it shouldn't.
- # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
- test_tmpdir="$tmpdir/a"
- ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
- case $ls_ld_tmpdir in
- d????-?r-*) different_mode=700;;
- d????-?--*) different_mode=755;;
- *) false;;
- esac &&
- $mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
- ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
- test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
- }
- }
- then posix_mkdir=:
- fi
- rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
- else
- # Remove any dirs left behind by ancient mkdir implementations.
- rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
- fi
- trap '' 0;;
- esac
-
- if
- $posix_mkdir && (
- umask $mkdir_umask &&
- $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
- )
- then :
- else
-
- # mkdir does not conform to POSIX,
- # or it failed possibly due to a race condition. Create the
- # directory the slow way, step by step, checking for races as we go.
-
- case $dstdir in
- /*) prefix='/';;
- [-=\(\)!]*) prefix='./';;
- *) prefix='';;
- esac
-
- oIFS=$IFS
- IFS=/
- set -f
- set fnord $dstdir
- shift
- set +f
- IFS=$oIFS
-
- prefixes=
-
- for d
- do
- test X"$d" = X && continue
-
- prefix=$prefix$d
- if test -d "$prefix"; then
- prefixes=
- else
- if $posix_mkdir; then
- (umask $mkdir_umask &&
- $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
- # Don't fail if two instances are running concurrently.
- test -d "$prefix" || exit 1
- else
- case $prefix in
- *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
- *) qprefix=$prefix;;
- esac
- prefixes="$prefixes '$qprefix'"
- fi
- fi
- prefix=$prefix/
- done
-
- if test -n "$prefixes"; then
- # Don't fail if two instances are running concurrently.
- (umask $mkdir_umask &&
- eval "\$doit_exec \$mkdirprog $prefixes") ||
- test -d "$dstdir" || exit 1
- obsolete_mkdir_used=true
- fi
- fi
- fi
-
- if test -n "$dir_arg"; then
- { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
- { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
- { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
- test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
- else
-
- # Make a couple of temp file names in the proper directory.
- dsttmp=${dstdirslash}_inst.$$_
- rmtmp=${dstdirslash}_rm.$$_
-
- # Trap to clean up those temp files at exit.
- trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
-
- # Copy the file name to the temp name.
- (umask $cp_umask &&
- { test -z "$stripcmd" || {
- # Create $dsttmp read-write so that cp doesn't create it read-only,
- # which would cause strip to fail.
- if test -z "$doit"; then
- : >"$dsttmp" # No need to fork-exec 'touch'.
- else
- $doit touch "$dsttmp"
- fi
- }
- } &&
- $doit_exec $cpprog "$src" "$dsttmp") &&
-
- # and set any options; do chmod last to preserve setuid bits.
- #
- # If any of these fail, we abort the whole thing. If we want to
- # ignore errors from any of these, just make sure not to ignore
- # errors from the above "$doit $cpprog $src $dsttmp" command.
- #
- { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
- { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
- { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
- { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
-
- # If -C, don't bother to copy if it wouldn't change the file.
- if $copy_on_change &&
- old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
- new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
- set -f &&
- set X $old && old=:$2:$4:$5:$6 &&
- set X $new && new=:$2:$4:$5:$6 &&
- set +f &&
- test "$old" = "$new" &&
- $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
- then
- rm -f "$dsttmp"
- else
- # If $backupsuffix is set, and the file being installed
- # already exists, attempt a backup. Don't worry if it fails,
- # e.g., if mv doesn't support -f.
- if test -n "$backupsuffix" && test -f "$dst"; then
- $doit $mvcmd -f "$dst" "$dst$backupsuffix" 2>/dev/null
- fi
-
- # Rename the file to the real destination.
- $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
-
- # The rename failed, perhaps because mv can't rename something else
- # to itself, or perhaps because mv is so ancient that it does not
- # support -f.
- {
- # Now remove or move aside any old file at destination location.
- # We try this two ways since rm can't unlink itself on some
- # systems and the destination file might be busy for other
- # reasons. In this case, the final cleanup might fail but the new
- # file should still install successfully.
- {
- test ! -f "$dst" ||
- $doit $rmcmd "$dst" 2>/dev/null ||
- { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
- { $doit $rmcmd "$rmtmp" 2>/dev/null; :; }
- } ||
- { echo "$0: cannot unlink or rename $dst" >&2
- (exit 1); exit 1
- }
- } &&
-
- # Now rename the file to the real destination.
- $doit $mvcmd "$dsttmp" "$dst"
- }
- fi || exit 1
-
- trap '' 0
- fi
-done
-
-# Local variables:
-# eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
-# time-stamp-end: "; # UTC"
-# End:
diff --git a/libraries/libapparmor/ltmain.sh b/libraries/libapparmor/ltmain.sh
deleted file mode 100755
index 540a92ab54765696c6f096b7b9fa4b0818ef3ff6..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/ltmain.sh
+++ /dev/null
@@ -1,11251 +0,0 @@
-#! /bin/sh
-## DO NOT EDIT - This file generated from ./build-aux/ltmain.in
-## by inline-source v2014-01-03.01
-
-# libtool (GNU libtool) 2.4.6
-# Provide generalized library-building support services.
-# Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
-
-# Copyright (C) 1996-2015 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions. There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# GNU Libtool is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# As a special exception to the GNU General Public License,
-# if you distribute this file as part of a program or library that
-# is built using GNU Libtool, you may include this file under the
-# same distribution terms that you use for the rest of that program.
-#
-# GNU Libtool is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-
-PROGRAM=libtool
-PACKAGE=libtool
-VERSION="2.4.6 Debian-2.4.6-15build2"
-package_revision=2.4.6
-
-
-## ------ ##
-## Usage. ##
-## ------ ##
-
-# Run './libtool --help' for help with using this script from the
-# command line.
-
-
-## ------------------------------- ##
-## User overridable command paths. ##
-## ------------------------------- ##
-
-# After configure completes, it has a better idea of some of the
-# shell tools we need than the defaults used by the functions shared
-# with bootstrap, so set those here where they can still be over-
-# ridden by the user, but otherwise take precedence.
-
-: ${AUTOCONF="autoconf"}
-: ${AUTOMAKE="automake"}
-
-
-## -------------------------- ##
-## Source external libraries. ##
-## -------------------------- ##
-
-# Much of our low-level functionality needs to be sourced from external
-# libraries, which are installed to $pkgauxdir.
-
-# Set a version string for this script.
-scriptversion=2015-01-20.17; # UTC
-
-# General shell script boiler plate, and helper functions.
-# Written by Gary V. Vaughan, 2004
-
-# Copyright (C) 2004-2015 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions. There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-
-# As a special exception to the GNU General Public License, if you distribute
-# this file as part of a program or library that is built using GNU Libtool,
-# you may include this file under the same distribution terms that you use
-# for the rest of that program.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU
-# General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-# Please report bugs or propose patches to gary@gnu.org.
-
-
-## ------ ##
-## Usage. ##
-## ------ ##
-
-# Evaluate this file near the top of your script to gain access to
-# the functions and variables defined here:
-#
-# . `echo "$0" | ${SED-sed} 's|[^/]*$||'`/build-aux/funclib.sh
-#
-# If you need to override any of the default environment variable
-# settings, do that before evaluating this file.
-
-
-## -------------------- ##
-## Shell normalisation. ##
-## -------------------- ##
-
-# Some shells need a little help to be as Bourne compatible as possible.
-# Before doing anything else, make sure all that help has been provided!
-
-DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
- emulate sh
- NULLCMD=:
- # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else
- case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac
-fi
-
-# NLS nuisances: We save the old values in case they are required later.
-_G_user_locale=
-_G_safe_locale=
-for _G_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
-do
- eval "if test set = \"\${$_G_var+set}\"; then
- save_$_G_var=\$$_G_var
- $_G_var=C
- export $_G_var
- _G_user_locale=\"$_G_var=\\\$save_\$_G_var; \$_G_user_locale\"
- _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\"
- fi"
-done
-
-# CDPATH.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-# Make sure IFS has a sensible default
-sp=' '
-nl='
-'
-IFS="$sp $nl"
-
-# There are apparently some retarded systems that use ';' as a PATH separator!
-if test "${PATH_SEPARATOR+set}" != set; then
- PATH_SEPARATOR=:
- (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
- (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
- PATH_SEPARATOR=';'
- }
-fi
-
-
-
-## ------------------------- ##
-## Locate command utilities. ##
-## ------------------------- ##
-
-
-# func_executable_p FILE
-# ----------------------
-# Check that FILE is an executable regular file.
-func_executable_p ()
-{
- test -f "$1" && test -x "$1"
-}
-
-
-# func_path_progs PROGS_LIST CHECK_FUNC [PATH]
-# --------------------------------------------
-# Search for either a program that responds to --version with output
-# containing "GNU", or else returned by CHECK_FUNC otherwise, by
-# trying all the directories in PATH with each of the elements of
-# PROGS_LIST.
-#
-# CHECK_FUNC should accept the path to a candidate program, and
-# set $func_check_prog_result if it truncates its output less than
-# $_G_path_prog_max characters.
-func_path_progs ()
-{
- _G_progs_list=$1
- _G_check_func=$2
- _G_PATH=${3-"$PATH"}
-
- _G_path_prog_max=0
- _G_path_prog_found=false
- _G_save_IFS=$IFS; IFS=${PATH_SEPARATOR-:}
- for _G_dir in $_G_PATH; do
- IFS=$_G_save_IFS
- test -z "$_G_dir" && _G_dir=.
- for _G_prog_name in $_G_progs_list; do
- for _exeext in '' .EXE; do
- _G_path_prog=$_G_dir/$_G_prog_name$_exeext
- func_executable_p "$_G_path_prog" || continue
- case `"$_G_path_prog" --version 2>&1` in
- *GNU*) func_path_progs_result=$_G_path_prog _G_path_prog_found=: ;;
- *) $_G_check_func $_G_path_prog
- func_path_progs_result=$func_check_prog_result
- ;;
- esac
- $_G_path_prog_found && break 3
- done
- done
- done
- IFS=$_G_save_IFS
- test -z "$func_path_progs_result" && {
- echo "no acceptable sed could be found in \$PATH" >&2
- exit 1
- }
-}
-
-
-# We want to be able to use the functions in this file before configure
-# has figured out where the best binaries are kept, which means we have
-# to search for them ourselves - except when the results are already set
-# where we skip the searches.
-
-# Unless the user overrides by setting SED, search the path for either GNU
-# sed, or the sed that truncates its output the least.
-test -z "$SED" && {
- _G_sed_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
- for _G_i in 1 2 3 4 5 6 7; do
- _G_sed_script=$_G_sed_script$nl$_G_sed_script
- done
- echo "$_G_sed_script" 2>/dev/null | sed 99q >conftest.sed
- _G_sed_script=
-
- func_check_prog_sed ()
- {
- _G_path_prog=$1
-
- _G_count=0
- printf 0123456789 >conftest.in
- while :
- do
- cat conftest.in conftest.in >conftest.tmp
- mv conftest.tmp conftest.in
- cp conftest.in conftest.nl
- echo '' >> conftest.nl
- "$_G_path_prog" -f conftest.sed <conftest.nl >conftest.out 2>/dev/null || break
- diff conftest.out conftest.nl >/dev/null 2>&1 || break
- _G_count=`expr $_G_count + 1`
- if test "$_G_count" -gt "$_G_path_prog_max"; then
- # Best one so far, save it but keep looking for a better one
- func_check_prog_result=$_G_path_prog
- _G_path_prog_max=$_G_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test 10 -lt "$_G_count" && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out
- }
-
- func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin
- rm -f conftest.sed
- SED=$func_path_progs_result
-}
-
-
-# Unless the user overrides by setting GREP, search the path for either GNU
-# grep, or the grep that truncates its output the least.
-test -z "$GREP" && {
- func_check_prog_grep ()
- {
- _G_path_prog=$1
-
- _G_count=0
- _G_path_prog_max=0
- printf 0123456789 >conftest.in
- while :
- do
- cat conftest.in conftest.in >conftest.tmp
- mv conftest.tmp conftest.in
- cp conftest.in conftest.nl
- echo 'GREP' >> conftest.nl
- "$_G_path_prog" -e 'GREP$' -e '-(cannot match)-' <conftest.nl >conftest.out 2>/dev/null || break
- diff conftest.out conftest.nl >/dev/null 2>&1 || break
- _G_count=`expr $_G_count + 1`
- if test "$_G_count" -gt "$_G_path_prog_max"; then
- # Best one so far, save it but keep looking for a better one
- func_check_prog_result=$_G_path_prog
- _G_path_prog_max=$_G_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test 10 -lt "$_G_count" && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out
- }
-
- func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin
- GREP=$func_path_progs_result
-}
-
-
-## ------------------------------- ##
-## User overridable command paths. ##
-## ------------------------------- ##
-
-# All uppercase variable names are used for environment variables. These
-# variables can be overridden by the user before calling a script that
-# uses them if a suitable command of that name is not already available
-# in the command search PATH.
-
-: ${CP="cp -f"}
-: ${ECHO="printf %s\n"}
-: ${EGREP="$GREP -E"}
-: ${FGREP="$GREP -F"}
-: ${LN_S="ln -s"}
-: ${MAKE="make"}
-: ${MKDIR="mkdir"}
-: ${MV="mv -f"}
-: ${RM="rm -f"}
-: ${SHELL="${CONFIG_SHELL-/bin/sh}"}
-
-
-## -------------------- ##
-## Useful sed snippets. ##
-## -------------------- ##
-
-sed_dirname='s|/[^/]*$||'
-sed_basename='s|^.*/||'
-
-# Sed substitution that helps us do robust quoting. It backslashifies
-# metacharacters that are still active within double-quoted strings.
-sed_quote_subst='s|\([`"$\\]\)|\\\1|g'
-
-# Same as above, but do not quote variable references.
-sed_double_quote_subst='s/\(["`\\]\)/\\\1/g'
-
-# Sed substitution that turns a string into a regex matching for the
-# string literally.
-sed_make_literal_regex='s|[].[^$\\*\/]|\\&|g'
-
-# Sed substitution that converts a w32 file name or path
-# that contains forward slashes, into one that contains
-# (escaped) backslashes. A very naive implementation.
-sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
-
-# Re-'\' parameter expansions in output of sed_double_quote_subst that
-# were '\'-ed in input to the same. If an odd number of '\' preceded a
-# '$' in input to sed_double_quote_subst, that '$' was protected from
-# expansion. Since each input '\' is now two '\'s, look for any number
-# of runs of four '\'s followed by two '\'s and then a '$'. '\' that '$'.
-_G_bs='\\'
-_G_bs2='\\\\'
-_G_bs4='\\\\\\\\'
-_G_dollar='\$'
-sed_double_backslash="\
- s/$_G_bs4/&\\
-/g
- s/^$_G_bs2$_G_dollar/$_G_bs&/
- s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g
- s/\n//g"
-
-
-## ----------------- ##
-## Global variables. ##
-## ----------------- ##
-
-# Except for the global variables explicitly listed below, the following
-# functions in the '^func_' namespace, and the '^require_' namespace
-# variables initialised in the 'Resource management' section, sourcing
-# this file will not pollute your global namespace with anything
-# else. There's no portable way to scope variables in Bourne shell
-# though, so actually running these functions will sometimes place
-# results into a variable named after the function, and often use
-# temporary variables in the '^_G_' namespace. If you are careful to
-# avoid using those namespaces casually in your sourcing script, things
-# should continue to work as you expect. And, of course, you can freely
-# overwrite any of the functions or variables defined here before
-# calling anything to customize them.
-
-EXIT_SUCCESS=0
-EXIT_FAILURE=1
-EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing.
-EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake.
-
-# Allow overriding, eg assuming that you follow the convention of
-# putting '$debug_cmd' at the start of all your functions, you can get
-# bash to show function call trace with:
-#
-# debug_cmd='echo "${FUNCNAME[0]} $*" >&2' bash your-script-name
-debug_cmd=${debug_cmd-":"}
-exit_cmd=:
-
-# By convention, finish your script with:
-#
-# exit $exit_status
-#
-# so that you can set exit_status to non-zero if you want to indicate
-# something went wrong during execution without actually bailing out at
-# the point of failure.
-exit_status=$EXIT_SUCCESS
-
-# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
-# is ksh but when the shell is invoked as "sh" and the current value of
-# the _XPG environment variable is not equal to 1 (one), the special
-# positional parameter $0, within a function call, is the name of the
-# function.
-progpath=$0
-
-# The name of this program.
-progname=`$ECHO "$progpath" |$SED "$sed_basename"`
-
-# Make sure we have an absolute progpath for reexecution:
-case $progpath in
- [\\/]*|[A-Za-z]:\\*) ;;
- *[\\/]*)
- progdir=`$ECHO "$progpath" |$SED "$sed_dirname"`
- progdir=`cd "$progdir" && pwd`
- progpath=$progdir/$progname
- ;;
- *)
- _G_IFS=$IFS
- IFS=${PATH_SEPARATOR-:}
- for progdir in $PATH; do
- IFS=$_G_IFS
- test -x "$progdir/$progname" && break
- done
- IFS=$_G_IFS
- test -n "$progdir" || progdir=`pwd`
- progpath=$progdir/$progname
- ;;
-esac
-
-
-## ----------------- ##
-## Standard options. ##
-## ----------------- ##
-
-# The following options affect the operation of the functions defined
-# below, and should be set appropriately depending on run-time para-
-# meters passed on the command line.
-
-opt_dry_run=false
-opt_quiet=false
-opt_verbose=false
-
-# Categories 'all' and 'none' are always available. Append any others
-# you will pass as the first argument to func_warning from your own
-# code.
-warning_categories=
-
-# By default, display warnings according to 'opt_warning_types'. Set
-# 'warning_func' to ':' to elide all warnings, or func_fatal_error to
-# treat the next displayed warning as a fatal error.
-warning_func=func_warn_and_continue
-
-# Set to 'all' to display all warnings, 'none' to suppress all
-# warnings, or a space delimited list of some subset of
-# 'warning_categories' to display only the listed warnings.
-opt_warning_types=all
-
-
-## -------------------- ##
-## Resource management. ##
-## -------------------- ##
-
-# This section contains definitions for functions that each ensure a
-# particular resource (a file, or a non-empty configuration variable for
-# example) is available, and if appropriate to extract default values
-# from pertinent package files. Call them using their associated
-# 'require_*' variable to ensure that they are executed, at most, once.
-#
-# It's entirely deliberate that calling these functions can set
-# variables that don't obey the namespace limitations obeyed by the rest
-# of this file, in order that that they be as useful as possible to
-# callers.
-
-
-# require_term_colors
-# -------------------
-# Allow display of bold text on terminals that support it.
-require_term_colors=func_require_term_colors
-func_require_term_colors ()
-{
- $debug_cmd
-
- test -t 1 && {
- # COLORTERM and USE_ANSI_COLORS environment variables take
- # precedence, because most terminfo databases neglect to describe
- # whether color sequences are supported.
- test -n "${COLORTERM+set}" && : ${USE_ANSI_COLORS="1"}
-
- if test 1 = "$USE_ANSI_COLORS"; then
- # Standard ANSI escape sequences
- tc_reset='�[0m'
- tc_bold='�[1m'; tc_standout='�[7m'
- tc_red='�[31m'; tc_green='�[32m'
- tc_blue='�[34m'; tc_cyan='�[36m'
- else
- # Otherwise trust the terminfo database after all.
- test -n "`tput sgr0 2>/dev/null`" && {
- tc_reset=`tput sgr0`
- test -n "`tput bold 2>/dev/null`" && tc_bold=`tput bold`
- tc_standout=$tc_bold
- test -n "`tput smso 2>/dev/null`" && tc_standout=`tput smso`
- test -n "`tput setaf 1 2>/dev/null`" && tc_red=`tput setaf 1`
- test -n "`tput setaf 2 2>/dev/null`" && tc_green=`tput setaf 2`
- test -n "`tput setaf 4 2>/dev/null`" && tc_blue=`tput setaf 4`
- test -n "`tput setaf 5 2>/dev/null`" && tc_cyan=`tput setaf 5`
- }
- fi
- }
-
- require_term_colors=:
-}
-
-
-## ----------------- ##
-## Function library. ##
-## ----------------- ##
-
-# This section contains a variety of useful functions to call in your
-# scripts. Take note of the portable wrappers for features provided by
-# some modern shells, which will fall back to slower equivalents on
-# less featureful shells.
-
-
-# func_append VAR VALUE
-# ---------------------
-# Append VALUE onto the existing contents of VAR.
-
- # We should try to minimise forks, especially on Windows where they are
- # unreasonably slow, so skip the feature probes when bash or zsh are
- # being used:
- if test set = "${BASH_VERSION+set}${ZSH_VERSION+set}"; then
- : ${_G_HAVE_ARITH_OP="yes"}
- : ${_G_HAVE_XSI_OPS="yes"}
- # The += operator was introduced in bash 3.1
- case $BASH_VERSION in
- [12].* | 3.0 | 3.0*) ;;
- *)
- : ${_G_HAVE_PLUSEQ_OP="yes"}
- ;;
- esac
- fi
-
- # _G_HAVE_PLUSEQ_OP
- # Can be empty, in which case the shell is probed, "yes" if += is
- # useable or anything else if it does not work.
- test -z "$_G_HAVE_PLUSEQ_OP" \
- && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \
- && _G_HAVE_PLUSEQ_OP=yes
-
-if test yes = "$_G_HAVE_PLUSEQ_OP"
-then
- # This is an XSI compatible shell, allowing a faster implementation...
- eval 'func_append ()
- {
- $debug_cmd
-
- eval "$1+=\$2"
- }'
-else
- # ...otherwise fall back to using expr, which is often a shell builtin.
- func_append ()
- {
- $debug_cmd
-
- eval "$1=\$$1\$2"
- }
-fi
-
-
-# func_append_quoted VAR VALUE
-# ----------------------------
-# Quote VALUE and append to the end of shell variable VAR, separated
-# by a space.
-if test yes = "$_G_HAVE_PLUSEQ_OP"; then
- eval 'func_append_quoted ()
- {
- $debug_cmd
-
- func_quote_for_eval "$2"
- eval "$1+=\\ \$func_quote_for_eval_result"
- }'
-else
- func_append_quoted ()
- {
- $debug_cmd
-
- func_quote_for_eval "$2"
- eval "$1=\$$1\\ \$func_quote_for_eval_result"
- }
-fi
-
-
-# func_append_uniq VAR VALUE
-# --------------------------
-# Append unique VALUE onto the existing contents of VAR, assuming
-# entries are delimited by the first character of VALUE. For example:
-#
-# func_append_uniq options " --another-option option-argument"
-#
-# will only append to $options if " --another-option option-argument "
-# is not already present somewhere in $options already (note spaces at
-# each end implied by leading space in second argument).
-func_append_uniq ()
-{
- $debug_cmd
-
- eval _G_current_value='`$ECHO $'$1'`'
- _G_delim=`expr "$2" : '\(.\)'`
-
- case $_G_delim$_G_current_value$_G_delim in
- *"$2$_G_delim"*) ;;
- *) func_append "$@" ;;
- esac
-}
-
-
-# func_arith TERM...
-# ------------------
-# Set func_arith_result to the result of evaluating TERMs.
- test -z "$_G_HAVE_ARITH_OP" \
- && (eval 'test 2 = $(( 1 + 1 ))') 2>/dev/null \
- && _G_HAVE_ARITH_OP=yes
-
-if test yes = "$_G_HAVE_ARITH_OP"; then
- eval 'func_arith ()
- {
- $debug_cmd
-
- func_arith_result=$(( $* ))
- }'
-else
- func_arith ()
- {
- $debug_cmd
-
- func_arith_result=`expr "$@"`
- }
-fi
-
-
-# func_basename FILE
-# ------------------
-# Set func_basename_result to FILE with everything up to and including
-# the last / stripped.
-if test yes = "$_G_HAVE_XSI_OPS"; then
- # If this shell supports suffix pattern removal, then use it to avoid
- # forking. Hide the definitions single quotes in case the shell chokes
- # on unsupported syntax...
- _b='func_basename_result=${1##*/}'
- _d='case $1 in
- */*) func_dirname_result=${1%/*}$2 ;;
- * ) func_dirname_result=$3 ;;
- esac'
-
-else
- # ...otherwise fall back to using sed.
- _b='func_basename_result=`$ECHO "$1" |$SED "$sed_basename"`'
- _d='func_dirname_result=`$ECHO "$1" |$SED "$sed_dirname"`
- if test "X$func_dirname_result" = "X$1"; then
- func_dirname_result=$3
- else
- func_append func_dirname_result "$2"
- fi'
-fi
-
-eval 'func_basename ()
-{
- $debug_cmd
-
- '"$_b"'
-}'
-
-
-# func_dirname FILE APPEND NONDIR_REPLACEMENT
-# -------------------------------------------
-# Compute the dirname of FILE. If nonempty, add APPEND to the result,
-# otherwise set result to NONDIR_REPLACEMENT.
-eval 'func_dirname ()
-{
- $debug_cmd
-
- '"$_d"'
-}'
-
-
-# func_dirname_and_basename FILE APPEND NONDIR_REPLACEMENT
-# --------------------------------------------------------
-# Perform func_basename and func_dirname in a single function
-# call:
-# dirname: Compute the dirname of FILE. If nonempty,
-# add APPEND to the result, otherwise set result
-# to NONDIR_REPLACEMENT.
-# value returned in "$func_dirname_result"
-# basename: Compute filename of FILE.
-# value retuned in "$func_basename_result"
-# For efficiency, we do not delegate to the functions above but instead
-# duplicate the functionality here.
-eval 'func_dirname_and_basename ()
-{
- $debug_cmd
-
- '"$_b"'
- '"$_d"'
-}'
-
-
-# func_echo ARG...
-# ----------------
-# Echo program name prefixed message.
-func_echo ()
-{
- $debug_cmd
-
- _G_message=$*
-
- func_echo_IFS=$IFS
- IFS=$nl
- for _G_line in $_G_message; do
- IFS=$func_echo_IFS
- $ECHO "$progname: $_G_line"
- done
- IFS=$func_echo_IFS
-}
-
-
-# func_echo_all ARG...
-# --------------------
-# Invoke $ECHO with all args, space-separated.
-func_echo_all ()
-{
- $ECHO "$*"
-}
-
-
-# func_echo_infix_1 INFIX ARG...
-# ------------------------------
-# Echo program name, followed by INFIX on the first line, with any
-# additional lines not showing INFIX.
-func_echo_infix_1 ()
-{
- $debug_cmd
-
- $require_term_colors
-
- _G_infix=$1; shift
- _G_indent=$_G_infix
- _G_prefix="$progname: $_G_infix: "
- _G_message=$*
-
- # Strip color escape sequences before counting printable length
- for _G_tc in "$tc_reset" "$tc_bold" "$tc_standout" "$tc_red" "$tc_green" "$tc_blue" "$tc_cyan"
- do
- test -n "$_G_tc" && {
- _G_esc_tc=`$ECHO "$_G_tc" | $SED "$sed_make_literal_regex"`
- _G_indent=`$ECHO "$_G_indent" | $SED "s|$_G_esc_tc||g"`
- }
- done
- _G_indent="$progname: "`echo "$_G_indent" | $SED 's|.| |g'`" " ## exclude from sc_prohibit_nested_quotes
-
- func_echo_infix_1_IFS=$IFS
- IFS=$nl
- for _G_line in $_G_message; do
- IFS=$func_echo_infix_1_IFS
- $ECHO "$_G_prefix$tc_bold$_G_line$tc_reset" >&2
- _G_prefix=$_G_indent
- done
- IFS=$func_echo_infix_1_IFS
-}
-
-
-# func_error ARG...
-# -----------------
-# Echo program name prefixed message to standard error.
-func_error ()
-{
- $debug_cmd
-
- $require_term_colors
-
- func_echo_infix_1 " $tc_standout${tc_red}error$tc_reset" "$*" >&2
-}
-
-
-# func_fatal_error ARG...
-# -----------------------
-# Echo program name prefixed message to standard error, and exit.
-func_fatal_error ()
-{
- $debug_cmd
-
- func_error "$*"
- exit $EXIT_FAILURE
-}
-
-
-# func_grep EXPRESSION FILENAME
-# -----------------------------
-# Check whether EXPRESSION matches any line of FILENAME, without output.
-func_grep ()
-{
- $debug_cmd
-
- $GREP "$1" "$2" >/dev/null 2>&1
-}
-
-
-# func_len STRING
-# ---------------
-# Set func_len_result to the length of STRING. STRING may not
-# start with a hyphen.
- test -z "$_G_HAVE_XSI_OPS" \
- && (eval 'x=a/b/c;
- test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \
- && _G_HAVE_XSI_OPS=yes
-
-if test yes = "$_G_HAVE_XSI_OPS"; then
- eval 'func_len ()
- {
- $debug_cmd
-
- func_len_result=${#1}
- }'
-else
- func_len ()
- {
- $debug_cmd
-
- func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len`
- }
-fi
-
-
-# func_mkdir_p DIRECTORY-PATH
-# ---------------------------
-# Make sure the entire path to DIRECTORY-PATH is available.
-func_mkdir_p ()
-{
- $debug_cmd
-
- _G_directory_path=$1
- _G_dir_list=
-
- if test -n "$_G_directory_path" && test : != "$opt_dry_run"; then
-
- # Protect directory names starting with '-'
- case $_G_directory_path in
- -*) _G_directory_path=./$_G_directory_path ;;
- esac
-
- # While some portion of DIR does not yet exist...
- while test ! -d "$_G_directory_path"; do
- # ...make a list in topmost first order. Use a colon delimited
- # list incase some portion of path contains whitespace.
- _G_dir_list=$_G_directory_path:$_G_dir_list
-
- # If the last portion added has no slash in it, the list is done
- case $_G_directory_path in */*) ;; *) break ;; esac
-
- # ...otherwise throw away the child directory and loop
- _G_directory_path=`$ECHO "$_G_directory_path" | $SED -e "$sed_dirname"`
- done
- _G_dir_list=`$ECHO "$_G_dir_list" | $SED 's|:*$||'`
-
- func_mkdir_p_IFS=$IFS; IFS=:
- for _G_dir in $_G_dir_list; do
- IFS=$func_mkdir_p_IFS
- # mkdir can fail with a 'File exist' error if two processes
- # try to create one of the directories concurrently. Don't
- # stop in that case!
- $MKDIR "$_G_dir" 2>/dev/null || :
- done
- IFS=$func_mkdir_p_IFS
-
- # Bail out if we (or some other process) failed to create a directory.
- test -d "$_G_directory_path" || \
- func_fatal_error "Failed to create '$1'"
- fi
-}
-
-
-# func_mktempdir [BASENAME]
-# -------------------------
-# Make a temporary directory that won't clash with other running
-# libtool processes, and avoids race conditions if possible. If
-# given, BASENAME is the basename for that directory.
-func_mktempdir ()
-{
- $debug_cmd
-
- _G_template=${TMPDIR-/tmp}/${1-$progname}
-
- if test : = "$opt_dry_run"; then
- # Return a directory name, but don't create it in dry-run mode
- _G_tmpdir=$_G_template-$$
- else
-
- # If mktemp works, use that first and foremost
- _G_tmpdir=`mktemp -d "$_G_template-XXXXXXXX" 2>/dev/null`
-
- if test ! -d "$_G_tmpdir"; then
- # Failing that, at least try and use $RANDOM to avoid a race
- _G_tmpdir=$_G_template-${RANDOM-0}$$
-
- func_mktempdir_umask=`umask`
- umask 0077
- $MKDIR "$_G_tmpdir"
- umask $func_mktempdir_umask
- fi
-
- # If we're not in dry-run mode, bomb out on failure
- test -d "$_G_tmpdir" || \
- func_fatal_error "cannot create temporary directory '$_G_tmpdir'"
- fi
-
- $ECHO "$_G_tmpdir"
-}
-
-
-# func_normal_abspath PATH
-# ------------------------
-# Remove doubled-up and trailing slashes, "." path components,
-# and cancel out any ".." path components in PATH after making
-# it an absolute path.
-func_normal_abspath ()
-{
- $debug_cmd
-
- # These SED scripts presuppose an absolute path with a trailing slash.
- _G_pathcar='s|^/\([^/]*\).*$|\1|'
- _G_pathcdr='s|^/[^/]*||'
- _G_removedotparts=':dotsl
- s|/\./|/|g
- t dotsl
- s|/\.$|/|'
- _G_collapseslashes='s|/\{1,\}|/|g'
- _G_finalslash='s|/*$|/|'
-
- # Start from root dir and reassemble the path.
- func_normal_abspath_result=
- func_normal_abspath_tpath=$1
- func_normal_abspath_altnamespace=
- case $func_normal_abspath_tpath in
- "")
- # Empty path, that just means $cwd.
- func_stripname '' '/' "`pwd`"
- func_normal_abspath_result=$func_stripname_result
- return
- ;;
- # The next three entries are used to spot a run of precisely
- # two leading slashes without using negated character classes;
- # we take advantage of case's first-match behaviour.
- ///*)
- # Unusual form of absolute path, do nothing.
- ;;
- //*)
- # Not necessarily an ordinary path; POSIX reserves leading '//'
- # and for example Cygwin uses it to access remote file shares
- # over CIFS/SMB, so we conserve a leading double slash if found.
- func_normal_abspath_altnamespace=/
- ;;
- /*)
- # Absolute path, do nothing.
- ;;
- *)
- # Relative path, prepend $cwd.
- func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath
- ;;
- esac
-
- # Cancel out all the simple stuff to save iterations. We also want
- # the path to end with a slash for ease of parsing, so make sure
- # there is one (and only one) here.
- func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \
- -e "$_G_removedotparts" -e "$_G_collapseslashes" -e "$_G_finalslash"`
- while :; do
- # Processed it all yet?
- if test / = "$func_normal_abspath_tpath"; then
- # If we ascended to the root using ".." the result may be empty now.
- if test -z "$func_normal_abspath_result"; then
- func_normal_abspath_result=/
- fi
- break
- fi
- func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \
- -e "$_G_pathcar"`
- func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \
- -e "$_G_pathcdr"`
- # Figure out what to do with it
- case $func_normal_abspath_tcomponent in
- "")
- # Trailing empty path component, ignore it.
- ;;
- ..)
- # Parent dir; strip last assembled component from result.
- func_dirname "$func_normal_abspath_result"
- func_normal_abspath_result=$func_dirname_result
- ;;
- *)
- # Actual path component, append it.
- func_append func_normal_abspath_result "/$func_normal_abspath_tcomponent"
- ;;
- esac
- done
- # Restore leading double-slash if one was found on entry.
- func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result
-}
-
-
-# func_notquiet ARG...
-# --------------------
-# Echo program name prefixed message only when not in quiet mode.
-func_notquiet ()
-{
- $debug_cmd
-
- $opt_quiet || func_echo ${1+"$@"}
-
- # A bug in bash halts the script if the last line of a function
- # fails when set -e is in force, so we need another command to
- # work around that:
- :
-}
-
-
-# func_relative_path SRCDIR DSTDIR
-# --------------------------------
-# Set func_relative_path_result to the relative path from SRCDIR to DSTDIR.
-func_relative_path ()
-{
- $debug_cmd
-
- func_relative_path_result=
- func_normal_abspath "$1"
- func_relative_path_tlibdir=$func_normal_abspath_result
- func_normal_abspath "$2"
- func_relative_path_tbindir=$func_normal_abspath_result
-
- # Ascend the tree starting from libdir
- while :; do
- # check if we have found a prefix of bindir
- case $func_relative_path_tbindir in
- $func_relative_path_tlibdir)
- # found an exact match
- func_relative_path_tcancelled=
- break
- ;;
- $func_relative_path_tlibdir*)
- # found a matching prefix
- func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir"
- func_relative_path_tcancelled=$func_stripname_result
- if test -z "$func_relative_path_result"; then
- func_relative_path_result=.
- fi
- break
- ;;
- *)
- func_dirname $func_relative_path_tlibdir
- func_relative_path_tlibdir=$func_dirname_result
- if test -z "$func_relative_path_tlibdir"; then
- # Have to descend all the way to the root!
- func_relative_path_result=../$func_relative_path_result
- func_relative_path_tcancelled=$func_relative_path_tbindir
- break
- fi
- func_relative_path_result=../$func_relative_path_result
- ;;
- esac
- done
-
- # Now calculate path; take care to avoid doubling-up slashes.
- func_stripname '' '/' "$func_relative_path_result"
- func_relative_path_result=$func_stripname_result
- func_stripname '/' '/' "$func_relative_path_tcancelled"
- if test -n "$func_stripname_result"; then
- func_append func_relative_path_result "/$func_stripname_result"
- fi
-
- # Normalisation. If bindir is libdir, return '.' else relative path.
- if test -n "$func_relative_path_result"; then
- func_stripname './' '' "$func_relative_path_result"
- func_relative_path_result=$func_stripname_result
- fi
-
- test -n "$func_relative_path_result" || func_relative_path_result=.
-
- :
-}
-
-
-# func_quote_for_eval ARG...
-# --------------------------
-# Aesthetically quote ARGs to be evaled later.
-# This function returns two values:
-# i) func_quote_for_eval_result
-# double-quoted, suitable for a subsequent eval
-# ii) func_quote_for_eval_unquoted_result
-# has all characters that are still active within double
-# quotes backslashified.
-func_quote_for_eval ()
-{
- $debug_cmd
-
- func_quote_for_eval_unquoted_result=
- func_quote_for_eval_result=
- while test 0 -lt $#; do
- case $1 in
- *[\\\`\"\$]*)
- _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;;
- *)
- _G_unquoted_arg=$1 ;;
- esac
- if test -n "$func_quote_for_eval_unquoted_result"; then
- func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg"
- else
- func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg"
- fi
-
- case $_G_unquoted_arg in
- # Double-quote args containing shell metacharacters to delay
- # word splitting, command substitution and variable expansion
- # for a subsequent eval.
- # Many Bourne shells cannot handle close brackets correctly
- # in scan sets, so we specify it separately.
- *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
- _G_quoted_arg=\"$_G_unquoted_arg\"
- ;;
- *)
- _G_quoted_arg=$_G_unquoted_arg
- ;;
- esac
-
- if test -n "$func_quote_for_eval_result"; then
- func_append func_quote_for_eval_result " $_G_quoted_arg"
- else
- func_append func_quote_for_eval_result "$_G_quoted_arg"
- fi
- shift
- done
-}
-
-
-# func_quote_for_expand ARG
-# -------------------------
-# Aesthetically quote ARG to be evaled later; same as above,
-# but do not quote variable references.
-func_quote_for_expand ()
-{
- $debug_cmd
-
- case $1 in
- *[\\\`\"]*)
- _G_arg=`$ECHO "$1" | $SED \
- -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;;
- *)
- _G_arg=$1 ;;
- esac
-
- case $_G_arg in
- # Double-quote args containing shell metacharacters to delay
- # word splitting and command substitution for a subsequent eval.
- # Many Bourne shells cannot handle close brackets correctly
- # in scan sets, so we specify it separately.
- *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
- _G_arg=\"$_G_arg\"
- ;;
- esac
-
- func_quote_for_expand_result=$_G_arg
-}
-
-
-# func_stripname PREFIX SUFFIX NAME
-# ---------------------------------
-# strip PREFIX and SUFFIX from NAME, and store in func_stripname_result.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-if test yes = "$_G_HAVE_XSI_OPS"; then
- eval 'func_stripname ()
- {
- $debug_cmd
-
- # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
- # positional parameters, so assign one to ordinary variable first.
- func_stripname_result=$3
- func_stripname_result=${func_stripname_result#"$1"}
- func_stripname_result=${func_stripname_result%"$2"}
- }'
-else
- func_stripname ()
- {
- $debug_cmd
-
- case $2 in
- .*) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%\\\\$2\$%%"`;;
- *) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%$2\$%%"`;;
- esac
- }
-fi
-
-
-# func_show_eval CMD [FAIL_EXP]
-# -----------------------------
-# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is
-# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP
-# is given, then evaluate it.
-func_show_eval ()
-{
- $debug_cmd
-
- _G_cmd=$1
- _G_fail_exp=${2-':'}
-
- func_quote_for_expand "$_G_cmd"
- eval "func_notquiet $func_quote_for_expand_result"
-
- $opt_dry_run || {
- eval "$_G_cmd"
- _G_status=$?
- if test 0 -ne "$_G_status"; then
- eval "(exit $_G_status); $_G_fail_exp"
- fi
- }
-}
-
-
-# func_show_eval_locale CMD [FAIL_EXP]
-# ------------------------------------
-# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is
-# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP
-# is given, then evaluate it. Use the saved locale for evaluation.
-func_show_eval_locale ()
-{
- $debug_cmd
-
- _G_cmd=$1
- _G_fail_exp=${2-':'}
-
- $opt_quiet || {
- func_quote_for_expand "$_G_cmd"
- eval "func_echo $func_quote_for_expand_result"
- }
-
- $opt_dry_run || {
- eval "$_G_user_locale
- $_G_cmd"
- _G_status=$?
- eval "$_G_safe_locale"
- if test 0 -ne "$_G_status"; then
- eval "(exit $_G_status); $_G_fail_exp"
- fi
- }
-}
-
-
-# func_tr_sh
-# ----------
-# Turn $1 into a string suitable for a shell variable name.
-# Result is stored in $func_tr_sh_result. All characters
-# not in the set a-zA-Z0-9_ are replaced with '_'. Further,
-# if $1 begins with a digit, a '_' is prepended as well.
-func_tr_sh ()
-{
- $debug_cmd
-
- case $1 in
- [0-9]* | *[!a-zA-Z0-9_]*)
- func_tr_sh_result=`$ECHO "$1" | $SED -e 's/^\([0-9]\)/_\1/' -e 's/[^a-zA-Z0-9_]/_/g'`
- ;;
- * )
- func_tr_sh_result=$1
- ;;
- esac
-}
-
-
-# func_verbose ARG...
-# -------------------
-# Echo program name prefixed message in verbose mode only.
-func_verbose ()
-{
- $debug_cmd
-
- $opt_verbose && func_echo "$*"
-
- :
-}
-
-
-# func_warn_and_continue ARG...
-# -----------------------------
-# Echo program name prefixed warning message to standard error.
-func_warn_and_continue ()
-{
- $debug_cmd
-
- $require_term_colors
-
- func_echo_infix_1 "${tc_red}warning$tc_reset" "$*" >&2
-}
-
-
-# func_warning CATEGORY ARG...
-# ----------------------------
-# Echo program name prefixed warning message to standard error. Warning
-# messages can be filtered according to CATEGORY, where this function
-# elides messages where CATEGORY is not listed in the global variable
-# 'opt_warning_types'.
-func_warning ()
-{
- $debug_cmd
-
- # CATEGORY must be in the warning_categories list!
- case " $warning_categories " in
- *" $1 "*) ;;
- *) func_internal_error "invalid warning category '$1'" ;;
- esac
-
- _G_category=$1
- shift
-
- case " $opt_warning_types " in
- *" $_G_category "*) $warning_func ${1+"$@"} ;;
- esac
-}
-
-
-# func_sort_ver VER1 VER2
-# -----------------------
-# 'sort -V' is not generally available.
-# Note this deviates from the version comparison in automake
-# in that it treats 1.5 < 1.5.0, and treats 1.4.4a < 1.4-p3a
-# but this should suffice as we won't be specifying old
-# version formats or redundant trailing .0 in bootstrap.conf.
-# If we did want full compatibility then we should probably
-# use m4_version_compare from autoconf.
-func_sort_ver ()
-{
- $debug_cmd
-
- printf '%s\n%s\n' "$1" "$2" \
- | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n -k 5,5n -k 6,6n -k 7,7n -k 8,8n -k 9,9n
-}
-
-# func_lt_ver PREV CURR
-# ---------------------
-# Return true if PREV and CURR are in the correct order according to
-# func_sort_ver, otherwise false. Use it like this:
-#
-# func_lt_ver "$prev_ver" "$proposed_ver" || func_fatal_error "..."
-func_lt_ver ()
-{
- $debug_cmd
-
- test "x$1" = x`func_sort_ver "$1" "$2" | $SED 1q`
-}
-
-
-# Local variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC"
-# time-stamp-time-zone: "UTC"
-# End:
-#! /bin/sh
-
-# Set a version string for this script.
-scriptversion=2015-10-07.11; # UTC
-
-# A portable, pluggable option parser for Bourne shell.
-# Written by Gary V. Vaughan, 2010
-
-# Copyright (C) 2010-2015 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions. There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-# Please report bugs or propose patches to gary@gnu.org.
-
-
-## ------ ##
-## Usage. ##
-## ------ ##
-
-# This file is a library for parsing options in your shell scripts along
-# with assorted other useful supporting features that you can make use
-# of too.
-#
-# For the simplest scripts you might need only:
-#
-# #!/bin/sh
-# . relative/path/to/funclib.sh
-# . relative/path/to/options-parser
-# scriptversion=1.0
-# func_options ${1+"$@"}
-# eval set dummy "$func_options_result"; shift
-# ...rest of your script...
-#
-# In order for the '--version' option to work, you will need to have a
-# suitably formatted comment like the one at the top of this file
-# starting with '# Written by ' and ending with '# warranty; '.
-#
-# For '-h' and '--help' to work, you will also need a one line
-# description of your script's purpose in a comment directly above the
-# '# Written by ' line, like the one at the top of this file.
-#
-# The default options also support '--debug', which will turn on shell
-# execution tracing (see the comment above debug_cmd below for another
-# use), and '--verbose' and the func_verbose function to allow your script
-# to display verbose messages only when your user has specified
-# '--verbose'.
-#
-# After sourcing this file, you can plug processing for additional
-# options by amending the variables from the 'Configuration' section
-# below, and following the instructions in the 'Option parsing'
-# section further down.
-
-## -------------- ##
-## Configuration. ##
-## -------------- ##
-
-# You should override these variables in your script after sourcing this
-# file so that they reflect the customisations you have added to the
-# option parser.
-
-# The usage line for option parsing errors and the start of '-h' and
-# '--help' output messages. You can embed shell variables for delayed
-# expansion at the time the message is displayed, but you will need to
-# quote other shell meta-characters carefully to prevent them being
-# expanded when the contents are evaled.
-usage='$progpath [OPTION]...'
-
-# Short help message in response to '-h' and '--help'. Add to this or
-# override it after sourcing this library to reflect the full set of
-# options your script accepts.
-usage_message="\
- --debug enable verbose shell tracing
- -W, --warnings=CATEGORY
- report the warnings falling in CATEGORY [all]
- -v, --verbose verbosely report processing
- --version print version information and exit
- -h, --help print short or long help message and exit
-"
-
-# Additional text appended to 'usage_message' in response to '--help'.
-long_help_message="
-Warning categories include:
- 'all' show all warnings
- 'none' turn off all the warnings
- 'error' warnings are treated as fatal errors"
-
-# Help message printed before fatal option parsing errors.
-fatal_help="Try '\$progname --help' for more information."
-
-
-
-## ------------------------- ##
-## Hook function management. ##
-## ------------------------- ##
-
-# This section contains functions for adding, removing, and running hooks
-# to the main code. A hook is just a named list of of function, that can
-# be run in order later on.
-
-# func_hookable FUNC_NAME
-# -----------------------
-# Declare that FUNC_NAME will run hooks added with
-# 'func_add_hook FUNC_NAME ...'.
-func_hookable ()
-{
- $debug_cmd
-
- func_append hookable_fns " $1"
-}
-
-
-# func_add_hook FUNC_NAME HOOK_FUNC
-# ---------------------------------
-# Request that FUNC_NAME call HOOK_FUNC before it returns. FUNC_NAME must
-# first have been declared "hookable" by a call to 'func_hookable'.
-func_add_hook ()
-{
- $debug_cmd
-
- case " $hookable_fns " in
- *" $1 "*) ;;
- *) func_fatal_error "'$1' does not accept hook functions." ;;
- esac
-
- eval func_append ${1}_hooks '" $2"'
-}
-
-
-# func_remove_hook FUNC_NAME HOOK_FUNC
-# ------------------------------------
-# Remove HOOK_FUNC from the list of functions called by FUNC_NAME.
-func_remove_hook ()
-{
- $debug_cmd
-
- eval ${1}_hooks='`$ECHO "\$'$1'_hooks" |$SED "s| '$2'||"`'
-}
-
-
-# func_run_hooks FUNC_NAME [ARG]...
-# ---------------------------------
-# Run all hook functions registered to FUNC_NAME.
-# It is assumed that the list of hook functions contains nothing more
-# than a whitespace-delimited list of legal shell function names, and
-# no effort is wasted trying to catch shell meta-characters or preserve
-# whitespace.
-func_run_hooks ()
-{
- $debug_cmd
-
- _G_rc_run_hooks=false
-
- case " $hookable_fns " in
- *" $1 "*) ;;
- *) func_fatal_error "'$1' does not support hook funcions.n" ;;
- esac
-
- eval _G_hook_fns=\$$1_hooks; shift
-
- for _G_hook in $_G_hook_fns; do
- if eval $_G_hook '"$@"'; then
- # store returned options list back into positional
- # parameters for next 'cmd' execution.
- eval _G_hook_result=\$${_G_hook}_result
- eval set dummy "$_G_hook_result"; shift
- _G_rc_run_hooks=:
- fi
- done
-
- $_G_rc_run_hooks && func_run_hooks_result=$_G_hook_result
-}
-
-
-
-## --------------- ##
-## Option parsing. ##
-## --------------- ##
-
-# In order to add your own option parsing hooks, you must accept the
-# full positional parameter list in your hook function, you may remove/edit
-# any options that you action, and then pass back the remaining unprocessed
-# options in '<hooked_function_name>_result', escaped suitably for
-# 'eval'. In this case you also must return $EXIT_SUCCESS to let the
-# hook's caller know that it should pay attention to
-# '<hooked_function_name>_result'. Returning $EXIT_FAILURE signalizes that
-# arguments are left untouched by the hook and therefore caller will ignore the
-# result variable.
-#
-# Like this:
-#
-# my_options_prep ()
-# {
-# $debug_cmd
-#
-# # Extend the existing usage message.
-# usage_message=$usage_message'
-# -s, --silent don'\''t print informational messages
-# '
-# # No change in '$@' (ignored completely by this hook). There is
-# # no need to do the equivalent (but slower) action:
-# # func_quote_for_eval ${1+"$@"}
-# # my_options_prep_result=$func_quote_for_eval_result
-# false
-# }
-# func_add_hook func_options_prep my_options_prep
-#
-#
-# my_silent_option ()
-# {
-# $debug_cmd
-#
-# args_changed=false
-#
-# # Note that for efficiency, we parse as many options as we can
-# # recognise in a loop before passing the remainder back to the
-# # caller on the first unrecognised argument we encounter.
-# while test $# -gt 0; do
-# opt=$1; shift
-# case $opt in
-# --silent|-s) opt_silent=:
-# args_changed=:
-# ;;
-# # Separate non-argument short options:
-# -s*) func_split_short_opt "$_G_opt"
-# set dummy "$func_split_short_opt_name" \
-# "-$func_split_short_opt_arg" ${1+"$@"}
-# shift
-# args_changed=:
-# ;;
-# *) # Make sure the first unrecognised option "$_G_opt"
-# # is added back to "$@", we could need that later
-# # if $args_changed is true.
-# set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
-# esac
-# done
-#
-# if $args_changed; then
-# func_quote_for_eval ${1+"$@"}
-# my_silent_option_result=$func_quote_for_eval_result
-# fi
-#
-# $args_changed
-# }
-# func_add_hook func_parse_options my_silent_option
-#
-#
-# my_option_validation ()
-# {
-# $debug_cmd
-#
-# $opt_silent && $opt_verbose && func_fatal_help "\
-# '--silent' and '--verbose' options are mutually exclusive."
-#
-# false
-# }
-# func_add_hook func_validate_options my_option_validation
-#
-# You'll also need to manually amend $usage_message to reflect the extra
-# options you parse. It's preferable to append if you can, so that
-# multiple option parsing hooks can be added safely.
-
-
-# func_options_finish [ARG]...
-# ----------------------------
-# Finishing the option parse loop (call 'func_options' hooks ATM).
-func_options_finish ()
-{
- $debug_cmd
-
- _G_func_options_finish_exit=false
- if func_run_hooks func_options ${1+"$@"}; then
- func_options_finish_result=$func_run_hooks_result
- _G_func_options_finish_exit=:
- fi
-
- $_G_func_options_finish_exit
-}
-
-
-# func_options [ARG]...
-# ---------------------
-# All the functions called inside func_options are hookable. See the
-# individual implementations for details.
-func_hookable func_options
-func_options ()
-{
- $debug_cmd
-
- _G_rc_options=false
-
- for my_func in options_prep parse_options validate_options options_finish
- do
- if eval func_$my_func '${1+"$@"}'; then
- eval _G_res_var='$'"func_${my_func}_result"
- eval set dummy "$_G_res_var" ; shift
- _G_rc_options=:
- fi
- done
-
- # Save modified positional parameters for caller. As a top-level
- # options-parser function we always need to set the 'func_options_result'
- # variable (regardless the $_G_rc_options value).
- if $_G_rc_options; then
- func_options_result=$_G_res_var
- else
- func_quote_for_eval ${1+"$@"}
- func_options_result=$func_quote_for_eval_result
- fi
-
- $_G_rc_options
-}
-
-
-# func_options_prep [ARG]...
-# --------------------------
-# All initialisations required before starting the option parse loop.
-# Note that when calling hook functions, we pass through the list of
-# positional parameters. If a hook function modifies that list, and
-# needs to propagate that back to rest of this script, then the complete
-# modified list must be put in 'func_run_hooks_result' before
-# returning $EXIT_SUCCESS (otherwise $EXIT_FAILURE is returned).
-func_hookable func_options_prep
-func_options_prep ()
-{
- $debug_cmd
-
- # Option defaults:
- opt_verbose=false
- opt_warning_types=
-
- _G_rc_options_prep=false
- if func_run_hooks func_options_prep ${1+"$@"}; then
- _G_rc_options_prep=:
- # save modified positional parameters for caller
- func_options_prep_result=$func_run_hooks_result
- fi
-
- $_G_rc_options_prep
-}
-
-
-# func_parse_options [ARG]...
-# ---------------------------
-# The main option parsing loop.
-func_hookable func_parse_options
-func_parse_options ()
-{
- $debug_cmd
-
- func_parse_options_result=
-
- _G_rc_parse_options=false
- # this just eases exit handling
- while test $# -gt 0; do
- # Defer to hook functions for initial option parsing, so they
- # get priority in the event of reusing an option name.
- if func_run_hooks func_parse_options ${1+"$@"}; then
- eval set dummy "$func_run_hooks_result"; shift
- _G_rc_parse_options=:
- fi
-
- # Break out of the loop if we already parsed every option.
- test $# -gt 0 || break
-
- _G_match_parse_options=:
- _G_opt=$1
- shift
- case $_G_opt in
- --debug|-x) debug_cmd='set -x'
- func_echo "enabling shell trace mode"
- $debug_cmd
- ;;
-
- --no-warnings|--no-warning|--no-warn)
- set dummy --warnings none ${1+"$@"}
- shift
- ;;
-
- --warnings|--warning|-W)
- if test $# = 0 && func_missing_arg $_G_opt; then
- _G_rc_parse_options=:
- break
- fi
- case " $warning_categories $1" in
- *" $1 "*)
- # trailing space prevents matching last $1 above
- func_append_uniq opt_warning_types " $1"
- ;;
- *all)
- opt_warning_types=$warning_categories
- ;;
- *none)
- opt_warning_types=none
- warning_func=:
- ;;
- *error)
- opt_warning_types=$warning_categories
- warning_func=func_fatal_error
- ;;
- *)
- func_fatal_error \
- "unsupported warning category: '$1'"
- ;;
- esac
- shift
- ;;
-
- --verbose|-v) opt_verbose=: ;;
- --version) func_version ;;
- -\?|-h) func_usage ;;
- --help) func_help ;;
-
- # Separate optargs to long options (plugins may need this):
- --*=*) func_split_equals "$_G_opt"
- set dummy "$func_split_equals_lhs" \
- "$func_split_equals_rhs" ${1+"$@"}
- shift
- ;;
-
- # Separate optargs to short options:
- -W*)
- func_split_short_opt "$_G_opt"
- set dummy "$func_split_short_opt_name" \
- "$func_split_short_opt_arg" ${1+"$@"}
- shift
- ;;
-
- # Separate non-argument short options:
- -\?*|-h*|-v*|-x*)
- func_split_short_opt "$_G_opt"
- set dummy "$func_split_short_opt_name" \
- "-$func_split_short_opt_arg" ${1+"$@"}
- shift
- ;;
-
- --) _G_rc_parse_options=: ; break ;;
- -*) func_fatal_help "unrecognised option: '$_G_opt'" ;;
- *) set dummy "$_G_opt" ${1+"$@"}; shift
- _G_match_parse_options=false
- break
- ;;
- esac
-
- $_G_match_parse_options && _G_rc_parse_options=:
- done
-
-
- if $_G_rc_parse_options; then
- # save modified positional parameters for caller
- func_quote_for_eval ${1+"$@"}
- func_parse_options_result=$func_quote_for_eval_result
- fi
-
- $_G_rc_parse_options
-}
-
-
-# func_validate_options [ARG]...
-# ------------------------------
-# Perform any sanity checks on option settings and/or unconsumed
-# arguments.
-func_hookable func_validate_options
-func_validate_options ()
-{
- $debug_cmd
-
- _G_rc_validate_options=false
-
- # Display all warnings if -W was not given.
- test -n "$opt_warning_types" || opt_warning_types=" $warning_categories"
-
- if func_run_hooks func_validate_options ${1+"$@"}; then
- # save modified positional parameters for caller
- func_validate_options_result=$func_run_hooks_result
- _G_rc_validate_options=:
- fi
-
- # Bail if the options were screwed!
- $exit_cmd $EXIT_FAILURE
-
- $_G_rc_validate_options
-}
-
-
-
-## ----------------- ##
-## Helper functions. ##
-## ----------------- ##
-
-# This section contains the helper functions used by the rest of the
-# hookable option parser framework in ascii-betical order.
-
-
-# func_fatal_help ARG...
-# ----------------------
-# Echo program name prefixed message to standard error, followed by
-# a help hint, and exit.
-func_fatal_help ()
-{
- $debug_cmd
-
- eval \$ECHO \""Usage: $usage"\"
- eval \$ECHO \""$fatal_help"\"
- func_error ${1+"$@"}
- exit $EXIT_FAILURE
-}
-
-
-# func_help
-# ---------
-# Echo long help message to standard output and exit.
-func_help ()
-{
- $debug_cmd
-
- func_usage_message
- $ECHO "$long_help_message"
- exit 0
-}
-
-
-# func_missing_arg ARGNAME
-# ------------------------
-# Echo program name prefixed message to standard error and set global
-# exit_cmd.
-func_missing_arg ()
-{
- $debug_cmd
-
- func_error "Missing argument for '$1'."
- exit_cmd=exit
-}
-
-
-# func_split_equals STRING
-# ------------------------
-# Set func_split_equals_lhs and func_split_equals_rhs shell variables after
-# splitting STRING at the '=' sign.
-test -z "$_G_HAVE_XSI_OPS" \
- && (eval 'x=a/b/c;
- test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \
- && _G_HAVE_XSI_OPS=yes
-
-if test yes = "$_G_HAVE_XSI_OPS"
-then
- # This is an XSI compatible shell, allowing a faster implementation...
- eval 'func_split_equals ()
- {
- $debug_cmd
-
- func_split_equals_lhs=${1%%=*}
- func_split_equals_rhs=${1#*=}
- test "x$func_split_equals_lhs" = "x$1" \
- && func_split_equals_rhs=
- }'
-else
- # ...otherwise fall back to using expr, which is often a shell builtin.
- func_split_equals ()
- {
- $debug_cmd
-
- func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'`
- func_split_equals_rhs=
- test "x$func_split_equals_lhs" = "x$1" \
- || func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'`
- }
-fi #func_split_equals
-
-
-# func_split_short_opt SHORTOPT
-# -----------------------------
-# Set func_split_short_opt_name and func_split_short_opt_arg shell
-# variables after splitting SHORTOPT after the 2nd character.
-if test yes = "$_G_HAVE_XSI_OPS"
-then
- # This is an XSI compatible shell, allowing a faster implementation...
- eval 'func_split_short_opt ()
- {
- $debug_cmd
-
- func_split_short_opt_arg=${1#??}
- func_split_short_opt_name=${1%"$func_split_short_opt_arg"}
- }'
-else
- # ...otherwise fall back to using expr, which is often a shell builtin.
- func_split_short_opt ()
- {
- $debug_cmd
-
- func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'`
- func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'`
- }
-fi #func_split_short_opt
-
-
-# func_usage
-# ----------
-# Echo short help message to standard output and exit.
-func_usage ()
-{
- $debug_cmd
-
- func_usage_message
- $ECHO "Run '$progname --help |${PAGER-more}' for full usage"
- exit 0
-}
-
-
-# func_usage_message
-# ------------------
-# Echo short help message to standard output.
-func_usage_message ()
-{
- $debug_cmd
-
- eval \$ECHO \""Usage: $usage"\"
- echo
- $SED -n 's|^# ||
- /^Written by/{
- x;p;x
- }
- h
- /^Written by/q' < "$progpath"
- echo
- eval \$ECHO \""$usage_message"\"
-}
-
-
-# func_version
-# ------------
-# Echo version message to standard output and exit.
-func_version ()
-{
- $debug_cmd
-
- printf '%s\n' "$progname $scriptversion"
- $SED -n '
- /(C)/!b go
- :more
- /\./!{
- N
- s|\n# | |
- b more
- }
- :go
- /^# Written by /,/# warranty; / {
- s|^# ||
- s|^# *$||
- s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2|
- p
- }
- /^# Written by / {
- s|^# ||
- p
- }
- /^warranty; /q' < "$progpath"
-
- exit $?
-}
-
-
-# Local variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC"
-# time-stamp-time-zone: "UTC"
-# End:
-
-# Set a version string.
-scriptversion='(GNU libtool) 2.4.6'
-
-
-# func_echo ARG...
-# ----------------
-# Libtool also displays the current mode in messages, so override
-# funclib.sh func_echo with this custom definition.
-func_echo ()
-{
- $debug_cmd
-
- _G_message=$*
-
- func_echo_IFS=$IFS
- IFS=$nl
- for _G_line in $_G_message; do
- IFS=$func_echo_IFS
- $ECHO "$progname${opt_mode+: $opt_mode}: $_G_line"
- done
- IFS=$func_echo_IFS
-}
-
-
-# func_warning ARG...
-# -------------------
-# Libtool warnings are not categorized, so override funclib.sh
-# func_warning with this simpler definition.
-func_warning ()
-{
- $debug_cmd
-
- $warning_func ${1+"$@"}
-}
-
-
-## ---------------- ##
-## Options parsing. ##
-## ---------------- ##
-
-# Hook in the functions to make sure our own options are parsed during
-# the option parsing loop.
-
-usage='$progpath [OPTION]... [MODE-ARG]...'
-
-# Short help message in response to '-h'.
-usage_message="Options:
- --config show all configuration variables
- --debug enable verbose shell tracing
- -n, --dry-run display commands without modifying any files
- --features display basic configuration information and exit
- --mode=MODE use operation mode MODE
- --no-warnings equivalent to '-Wnone'
- --preserve-dup-deps don't remove duplicate dependency libraries
- --quiet, --silent don't print informational messages
- --tag=TAG use configuration variables from tag TAG
- -v, --verbose print more informational messages than default
- --version print version information
- -W, --warnings=CATEGORY report the warnings falling in CATEGORY [all]
- -h, --help, --help-all print short, long, or detailed help message
-"
-
-# Additional text appended to 'usage_message' in response to '--help'.
-func_help ()
-{
- $debug_cmd
-
- func_usage_message
- $ECHO "$long_help_message
-
-MODE must be one of the following:
-
- clean remove files from the build directory
- compile compile a source file into a libtool object
- execute automatically set library path, then run a program
- finish complete the installation of libtool libraries
- install install libraries or executables
- link create a library or an executable
- uninstall remove libraries from an installed directory
-
-MODE-ARGS vary depending on the MODE. When passed as first option,
-'--mode=MODE' may be abbreviated as 'MODE' or a unique abbreviation of that.
-Try '$progname --help --mode=MODE' for a more detailed description of MODE.
-
-When reporting a bug, please describe a test case to reproduce it and
-include the following information:
-
- host-triplet: $host
- shell: $SHELL
- compiler: $LTCC
- compiler flags: $LTCFLAGS
- linker: $LD (gnu? $with_gnu_ld)
- version: $progname $scriptversion Debian-2.4.6-15build2
- automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q`
- autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q`
-
-Report bugs to <bug-libtool@gnu.org>.
-GNU libtool home page: <http://www.gnu.org/s/libtool/>.
-General help using GNU software: <http://www.gnu.org/gethelp/>."
- exit 0
-}
-
-
-# func_lo2o OBJECT-NAME
-# ---------------------
-# Transform OBJECT-NAME from a '.lo' suffix to the platform specific
-# object suffix.
-
-lo2o=s/\\.lo\$/.$objext/
-o2lo=s/\\.$objext\$/.lo/
-
-if test yes = "$_G_HAVE_XSI_OPS"; then
- eval 'func_lo2o ()
- {
- case $1 in
- *.lo) func_lo2o_result=${1%.lo}.$objext ;;
- * ) func_lo2o_result=$1 ;;
- esac
- }'
-
- # func_xform LIBOBJ-OR-SOURCE
- # ---------------------------
- # Transform LIBOBJ-OR-SOURCE from a '.o' or '.c' (or otherwise)
- # suffix to a '.lo' libtool-object suffix.
- eval 'func_xform ()
- {
- func_xform_result=${1%.*}.lo
- }'
-else
- # ...otherwise fall back to using sed.
- func_lo2o ()
- {
- func_lo2o_result=`$ECHO "$1" | $SED "$lo2o"`
- }
-
- func_xform ()
- {
- func_xform_result=`$ECHO "$1" | $SED 's|\.[^.]*$|.lo|'`
- }
-fi
-
-
-# func_fatal_configuration ARG...
-# -------------------------------
-# Echo program name prefixed message to standard error, followed by
-# a configuration failure hint, and exit.
-func_fatal_configuration ()
-{
- func__fatal_error ${1+"$@"} \
- "See the $PACKAGE documentation for more information." \
- "Fatal configuration error."
-}
-
-
-# func_config
-# -----------
-# Display the configuration for all the tags in this script.
-func_config ()
-{
- re_begincf='^# ### BEGIN LIBTOOL'
- re_endcf='^# ### END LIBTOOL'
-
- # Default configuration.
- $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath"
-
- # Now print the configurations for the tags.
- for tagname in $taglist; do
- $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath"
- done
-
- exit $?
-}
-
-
-# func_features
-# -------------
-# Display the features supported by this script.
-func_features ()
-{
- echo "host: $host"
- if test yes = "$build_libtool_libs"; then
- echo "enable shared libraries"
- else
- echo "disable shared libraries"
- fi
- if test yes = "$build_old_libs"; then
- echo "enable static libraries"
- else
- echo "disable static libraries"
- fi
-
- exit $?
-}
-
-
-# func_enable_tag TAGNAME
-# -----------------------
-# Verify that TAGNAME is valid, and either flag an error and exit, or
-# enable the TAGNAME tag. We also add TAGNAME to the global $taglist
-# variable here.
-func_enable_tag ()
-{
- # Global variable:
- tagname=$1
-
- re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$"
- re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$"
- sed_extractcf=/$re_begincf/,/$re_endcf/p
-
- # Validate tagname.
- case $tagname in
- *[!-_A-Za-z0-9,/]*)
- func_fatal_error "invalid tag name: $tagname"
- ;;
- esac
-
- # Don't test for the "default" C tag, as we know it's
- # there but not specially marked.
- case $tagname in
- CC) ;;
- *)
- if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then
- taglist="$taglist $tagname"
-
- # Evaluate the configuration. Be careful to quote the path
- # and the sed script, to avoid splitting on whitespace, but
- # also don't use non-portable quotes within backquotes within
- # quotes we have to do it in 2 steps:
- extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"`
- eval "$extractedcf"
- else
- func_error "ignoring unknown tag $tagname"
- fi
- ;;
- esac
-}
-
-
-# func_check_version_match
-# ------------------------
-# Ensure that we are using m4 macros, and libtool script from the same
-# release of libtool.
-func_check_version_match ()
-{
- if test "$package_revision" != "$macro_revision"; then
- if test "$VERSION" != "$macro_version"; then
- if test -z "$macro_version"; then
- cat >&2 <<_LT_EOF
-$progname: Version mismatch error. This is $PACKAGE $VERSION, but the
-$progname: definition of this LT_INIT comes from an older release.
-$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
-$progname: and run autoconf again.
-_LT_EOF
- else
- cat >&2 <<_LT_EOF
-$progname: Version mismatch error. This is $PACKAGE $VERSION, but the
-$progname: definition of this LT_INIT comes from $PACKAGE $macro_version.
-$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
-$progname: and run autoconf again.
-_LT_EOF
- fi
- else
- cat >&2 <<_LT_EOF
-$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision,
-$progname: but the definition of this LT_INIT comes from revision $macro_revision.
-$progname: You should recreate aclocal.m4 with macros from revision $package_revision
-$progname: of $PACKAGE $VERSION and run autoconf again.
-_LT_EOF
- fi
-
- exit $EXIT_MISMATCH
- fi
-}
-
-
-# libtool_options_prep [ARG]...
-# -----------------------------
-# Preparation for options parsed by libtool.
-libtool_options_prep ()
-{
- $debug_mode
-
- # Option defaults:
- opt_config=false
- opt_dlopen=
- opt_dry_run=false
- opt_help=false
- opt_mode=
- opt_preserve_dup_deps=false
- opt_quiet=false
-
- nonopt=
- preserve_args=
-
- _G_rc_lt_options_prep=:
-
- # Shorthand for --mode=foo, only valid as the first argument
- case $1 in
- clean|clea|cle|cl)
- shift; set dummy --mode clean ${1+"$@"}; shift
- ;;
- compile|compil|compi|comp|com|co|c)
- shift; set dummy --mode compile ${1+"$@"}; shift
- ;;
- execute|execut|execu|exec|exe|ex|e)
- shift; set dummy --mode execute ${1+"$@"}; shift
- ;;
- finish|finis|fini|fin|fi|f)
- shift; set dummy --mode finish ${1+"$@"}; shift
- ;;
- install|instal|insta|inst|ins|in|i)
- shift; set dummy --mode install ${1+"$@"}; shift
- ;;
- link|lin|li|l)
- shift; set dummy --mode link ${1+"$@"}; shift
- ;;
- uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
- shift; set dummy --mode uninstall ${1+"$@"}; shift
- ;;
- *)
- _G_rc_lt_options_prep=false
- ;;
- esac
-
- if $_G_rc_lt_options_prep; then
- # Pass back the list of options.
- func_quote_for_eval ${1+"$@"}
- libtool_options_prep_result=$func_quote_for_eval_result
- fi
-
- $_G_rc_lt_options_prep
-}
-func_add_hook func_options_prep libtool_options_prep
-
-
-# libtool_parse_options [ARG]...
-# ---------------------------------
-# Provide handling for libtool specific options.
-libtool_parse_options ()
-{
- $debug_cmd
-
- _G_rc_lt_parse_options=false
-
- # Perform our own loop to consume as many options as possible in
- # each iteration.
- while test $# -gt 0; do
- _G_match_lt_parse_options=:
- _G_opt=$1
- shift
- case $_G_opt in
- --dry-run|--dryrun|-n)
- opt_dry_run=:
- ;;
-
- --config) func_config ;;
-
- --dlopen|-dlopen)
- opt_dlopen="${opt_dlopen+$opt_dlopen
-}$1"
- shift
- ;;
-
- --preserve-dup-deps)
- opt_preserve_dup_deps=: ;;
-
- --features) func_features ;;
-
- --finish) set dummy --mode finish ${1+"$@"}; shift ;;
-
- --help) opt_help=: ;;
-
- --help-all) opt_help=': help-all' ;;
-
- --mode) test $# = 0 && func_missing_arg $_G_opt && break
- opt_mode=$1
- case $1 in
- # Valid mode arguments:
- clean|compile|execute|finish|install|link|relink|uninstall) ;;
-
- # Catch anything else as an error
- *) func_error "invalid argument for $_G_opt"
- exit_cmd=exit
- break
- ;;
- esac
- shift
- ;;
-
- --no-silent|--no-quiet)
- opt_quiet=false
- func_append preserve_args " $_G_opt"
- ;;
-
- --no-warnings|--no-warning|--no-warn)
- opt_warning=false
- func_append preserve_args " $_G_opt"
- ;;
-
- --no-verbose)
- opt_verbose=false
- func_append preserve_args " $_G_opt"
- ;;
-
- --silent|--quiet)
- opt_quiet=:
- opt_verbose=false
- func_append preserve_args " $_G_opt"
- ;;
-
- --tag) test $# = 0 && func_missing_arg $_G_opt && break
- opt_tag=$1
- func_append preserve_args " $_G_opt $1"
- func_enable_tag "$1"
- shift
- ;;
-
- --verbose|-v) opt_quiet=false
- opt_verbose=:
- func_append preserve_args " $_G_opt"
- ;;
-
- # An option not handled by this hook function:
- *) set dummy "$_G_opt" ${1+"$@"} ; shift
- _G_match_lt_parse_options=false
- break
- ;;
- esac
- $_G_match_lt_parse_options && _G_rc_lt_parse_options=:
- done
-
- if $_G_rc_lt_parse_options; then
- # save modified positional parameters for caller
- func_quote_for_eval ${1+"$@"}
- libtool_parse_options_result=$func_quote_for_eval_result
- fi
-
- $_G_rc_lt_parse_options
-}
-func_add_hook func_parse_options libtool_parse_options
-
-
-
-# libtool_validate_options [ARG]...
-# ---------------------------------
-# Perform any sanity checks on option settings and/or unconsumed
-# arguments.
-libtool_validate_options ()
-{
- # save first non-option argument
- if test 0 -lt $#; then
- nonopt=$1
- shift
- fi
-
- # preserve --debug
- test : = "$debug_cmd" || func_append preserve_args " --debug"
-
- case $host in
- # Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452
- # see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788
- *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*)
- # don't eliminate duplications in $postdeps and $predeps
- opt_duplicate_compiler_generated_deps=:
- ;;
- *)
- opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps
- ;;
- esac
-
- $opt_help || {
- # Sanity checks first:
- func_check_version_match
-
- test yes != "$build_libtool_libs" \
- && test yes != "$build_old_libs" \
- && func_fatal_configuration "not configured to build any kind of library"
-
- # Darwin sucks
- eval std_shrext=\"$shrext_cmds\"
-
- # Only execute mode is allowed to have -dlopen flags.
- if test -n "$opt_dlopen" && test execute != "$opt_mode"; then
- func_error "unrecognized option '-dlopen'"
- $ECHO "$help" 1>&2
- exit $EXIT_FAILURE
- fi
-
- # Change the help message to a mode-specific one.
- generic_help=$help
- help="Try '$progname --help --mode=$opt_mode' for more information."
- }
-
- # Pass back the unparsed argument list
- func_quote_for_eval ${1+"$@"}
- libtool_validate_options_result=$func_quote_for_eval_result
-}
-func_add_hook func_validate_options libtool_validate_options
-
-
-# Process options as early as possible so that --help and --version
-# can return quickly.
-func_options ${1+"$@"}
-eval set dummy "$func_options_result"; shift
-
-
-
-## ----------- ##
-## Main. ##
-## ----------- ##
-
-magic='%%%MAGIC variable%%%'
-magic_exe='%%%MAGIC EXE variable%%%'
-
-# Global variables.
-extracted_archives=
-extracted_serial=0
-
-# If this variable is set in any of the actions, the command in it
-# will be execed at the end. This prevents here-documents from being
-# left over by shells.
-exec_cmd=
-
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
- eval 'cat <<_LTECHO_EOF
-$1
-_LTECHO_EOF'
-}
-
-# func_generated_by_libtool
-# True iff stdin has been generated by Libtool. This function is only
-# a basic sanity check; it will hardly flush out determined imposters.
-func_generated_by_libtool_p ()
-{
- $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1
-}
-
-# func_lalib_p file
-# True iff FILE is a libtool '.la' library or '.lo' object file.
-# This function is only a basic sanity check; it will hardly flush out
-# determined imposters.
-func_lalib_p ()
-{
- test -f "$1" &&
- $SED -e 4q "$1" 2>/dev/null | func_generated_by_libtool_p
-}
-
-# func_lalib_unsafe_p file
-# True iff FILE is a libtool '.la' library or '.lo' object file.
-# This function implements the same check as func_lalib_p without
-# resorting to external programs. To this end, it redirects stdin and
-# closes it afterwards, without saving the original file descriptor.
-# As a safety measure, use it only where a negative result would be
-# fatal anyway. Works if 'file' does not exist.
-func_lalib_unsafe_p ()
-{
- lalib_p=no
- if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then
- for lalib_p_l in 1 2 3 4
- do
- read lalib_p_line
- case $lalib_p_line in
- \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;;
- esac
- done
- exec 0<&5 5<&-
- fi
- test yes = "$lalib_p"
-}
-
-# func_ltwrapper_script_p file
-# True iff FILE is a libtool wrapper script
-# This function is only a basic sanity check; it will hardly flush out
-# determined imposters.
-func_ltwrapper_script_p ()
-{
- test -f "$1" &&
- $lt_truncate_bin < "$1" 2>/dev/null | func_generated_by_libtool_p
-}
-
-# func_ltwrapper_executable_p file
-# True iff FILE is a libtool wrapper executable
-# This function is only a basic sanity check; it will hardly flush out
-# determined imposters.
-func_ltwrapper_executable_p ()
-{
- func_ltwrapper_exec_suffix=
- case $1 in
- *.exe) ;;
- *) func_ltwrapper_exec_suffix=.exe ;;
- esac
- $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1
-}
-
-# func_ltwrapper_scriptname file
-# Assumes file is an ltwrapper_executable
-# uses $file to determine the appropriate filename for a
-# temporary ltwrapper_script.
-func_ltwrapper_scriptname ()
-{
- func_dirname_and_basename "$1" "" "."
- func_stripname '' '.exe' "$func_basename_result"
- func_ltwrapper_scriptname_result=$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper
-}
-
-# func_ltwrapper_p file
-# True iff FILE is a libtool wrapper script or wrapper executable
-# This function is only a basic sanity check; it will hardly flush out
-# determined imposters.
-func_ltwrapper_p ()
-{
- func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1"
-}
-
-
-# func_execute_cmds commands fail_cmd
-# Execute tilde-delimited COMMANDS.
-# If FAIL_CMD is given, eval that upon failure.
-# FAIL_CMD may read-access the current command in variable CMD!
-func_execute_cmds ()
-{
- $debug_cmd
-
- save_ifs=$IFS; IFS='~'
- for cmd in $1; do
- IFS=$sp$nl
- eval cmd=\"$cmd\"
- IFS=$save_ifs
- func_show_eval "$cmd" "${2-:}"
- done
- IFS=$save_ifs
-}
-
-
-# func_source file
-# Source FILE, adding directory component if necessary.
-# Note that it is not necessary on cygwin/mingw to append a dot to
-# FILE even if both FILE and FILE.exe exist: automatic-append-.exe
-# behavior happens only for exec(3), not for open(2)! Also, sourcing
-# 'FILE.' does not work on cygwin managed mounts.
-func_source ()
-{
- $debug_cmd
-
- case $1 in
- */* | *\\*) . "$1" ;;
- *) . "./$1" ;;
- esac
-}
-
-
-# func_resolve_sysroot PATH
-# Replace a leading = in PATH with a sysroot. Store the result into
-# func_resolve_sysroot_result
-func_resolve_sysroot ()
-{
- func_resolve_sysroot_result=$1
- case $func_resolve_sysroot_result in
- =*)
- func_stripname '=' '' "$func_resolve_sysroot_result"
- func_resolve_sysroot_result=$lt_sysroot$func_stripname_result
- ;;
- esac
-}
-
-# func_replace_sysroot PATH
-# If PATH begins with the sysroot, replace it with = and
-# store the result into func_replace_sysroot_result.
-func_replace_sysroot ()
-{
- case $lt_sysroot:$1 in
- ?*:"$lt_sysroot"*)
- func_stripname "$lt_sysroot" '' "$1"
- func_replace_sysroot_result='='$func_stripname_result
- ;;
- *)
- # Including no sysroot.
- func_replace_sysroot_result=$1
- ;;
- esac
-}
-
-# func_infer_tag arg
-# Infer tagged configuration to use if any are available and
-# if one wasn't chosen via the "--tag" command line option.
-# Only attempt this if the compiler in the base compile
-# command doesn't match the default compiler.
-# arg is usually of the form 'gcc ...'
-func_infer_tag ()
-{
- $debug_cmd
-
- if test -n "$available_tags" && test -z "$tagname"; then
- CC_quoted=
- for arg in $CC; do
- func_append_quoted CC_quoted "$arg"
- done
- CC_expanded=`func_echo_all $CC`
- CC_quoted_expanded=`func_echo_all $CC_quoted`
- case $@ in
- # Blanks in the command may have been stripped by the calling shell,
- # but not from the CC environment variable when configure was run.
- " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \
- " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;;
- # Blanks at the start of $base_compile will cause this to fail
- # if we don't check for them as well.
- *)
- for z in $available_tags; do
- if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then
- # Evaluate the configuration.
- eval "`$SED -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
- CC_quoted=
- for arg in $CC; do
- # Double-quote args containing other shell metacharacters.
- func_append_quoted CC_quoted "$arg"
- done
- CC_expanded=`func_echo_all $CC`
- CC_quoted_expanded=`func_echo_all $CC_quoted`
- case "$@ " in
- " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \
- " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*)
- # The compiler in the base compile command matches
- # the one in the tagged configuration.
- # Assume this is the tagged configuration we want.
- tagname=$z
- break
- ;;
- esac
- fi
- done
- # If $tagname still isn't set, then no tagged configuration
- # was found and let the user know that the "--tag" command
- # line option must be used.
- if test -z "$tagname"; then
- func_echo "unable to infer tagged configuration"
- func_fatal_error "specify a tag with '--tag'"
-# else
-# func_verbose "using $tagname tagged configuration"
- fi
- ;;
- esac
- fi
-}
-
-
-
-# func_write_libtool_object output_name pic_name nonpic_name
-# Create a libtool object file (analogous to a ".la" file),
-# but don't create it if we're doing a dry run.
-func_write_libtool_object ()
-{
- write_libobj=$1
- if test yes = "$build_libtool_libs"; then
- write_lobj=\'$2\'
- else
- write_lobj=none
- fi
-
- if test yes = "$build_old_libs"; then
- write_oldobj=\'$3\'
- else
- write_oldobj=none
- fi
-
- $opt_dry_run || {
- cat >${write_libobj}T <<EOF
-# $write_libobj - a libtool object file
-# Generated by $PROGRAM (GNU $PACKAGE) $VERSION
-#
-# Please DO NOT delete this file!
-# It is necessary for linking the library.
-
-# Name of the PIC object.
-pic_object=$write_lobj
-
-# Name of the non-PIC object
-non_pic_object=$write_oldobj
-
-EOF
- $MV "${write_libobj}T" "$write_libobj"
- }
-}
-
-
-##################################################
-# FILE NAME AND PATH CONVERSION HELPER FUNCTIONS #
-##################################################
-
-# func_convert_core_file_wine_to_w32 ARG
-# Helper function used by file name conversion functions when $build is *nix,
-# and $host is mingw, cygwin, or some other w32 environment. Relies on a
-# correctly configured wine environment available, with the winepath program
-# in $build's $PATH.
-#
-# ARG is the $build file name to be converted to w32 format.
-# Result is available in $func_convert_core_file_wine_to_w32_result, and will
-# be empty on error (or when ARG is empty)
-func_convert_core_file_wine_to_w32 ()
-{
- $debug_cmd
-
- func_convert_core_file_wine_to_w32_result=$1
- if test -n "$1"; then
- # Unfortunately, winepath does not exit with a non-zero error code, so we
- # are forced to check the contents of stdout. On the other hand, if the
- # command is not found, the shell will set an exit code of 127 and print
- # *an error message* to stdout. So we must check for both error code of
- # zero AND non-empty stdout, which explains the odd construction:
- func_convert_core_file_wine_to_w32_tmp=`winepath -w "$1" 2>/dev/null`
- if test "$?" -eq 0 && test -n "$func_convert_core_file_wine_to_w32_tmp"; then
- func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" |
- $SED -e "$sed_naive_backslashify"`
- else
- func_convert_core_file_wine_to_w32_result=
- fi
- fi
-}
-# end: func_convert_core_file_wine_to_w32
-
-
-# func_convert_core_path_wine_to_w32 ARG
-# Helper function used by path conversion functions when $build is *nix, and
-# $host is mingw, cygwin, or some other w32 environment. Relies on a correctly
-# configured wine environment available, with the winepath program in $build's
-# $PATH. Assumes ARG has no leading or trailing path separator characters.
-#
-# ARG is path to be converted from $build format to win32.
-# Result is available in $func_convert_core_path_wine_to_w32_result.
-# Unconvertible file (directory) names in ARG are skipped; if no directory names
-# are convertible, then the result may be empty.
-func_convert_core_path_wine_to_w32 ()
-{
- $debug_cmd
-
- # unfortunately, winepath doesn't convert paths, only file names
- func_convert_core_path_wine_to_w32_result=
- if test -n "$1"; then
- oldIFS=$IFS
- IFS=:
- for func_convert_core_path_wine_to_w32_f in $1; do
- IFS=$oldIFS
- func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f"
- if test -n "$func_convert_core_file_wine_to_w32_result"; then
- if test -z "$func_convert_core_path_wine_to_w32_result"; then
- func_convert_core_path_wine_to_w32_result=$func_convert_core_file_wine_to_w32_result
- else
- func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result"
- fi
- fi
- done
- IFS=$oldIFS
- fi
-}
-# end: func_convert_core_path_wine_to_w32
-
-
-# func_cygpath ARGS...
-# Wrapper around calling the cygpath program via LT_CYGPATH. This is used when
-# when (1) $build is *nix and Cygwin is hosted via a wine environment; or (2)
-# $build is MSYS and $host is Cygwin, or (3) $build is Cygwin. In case (1) or
-# (2), returns the Cygwin file name or path in func_cygpath_result (input
-# file name or path is assumed to be in w32 format, as previously converted
-# from $build's *nix or MSYS format). In case (3), returns the w32 file name
-# or path in func_cygpath_result (input file name or path is assumed to be in
-# Cygwin format). Returns an empty string on error.
-#
-# ARGS are passed to cygpath, with the last one being the file name or path to
-# be converted.
-#
-# Specify the absolute *nix (or w32) name to cygpath in the LT_CYGPATH
-# environment variable; do not put it in $PATH.
-func_cygpath ()
-{
- $debug_cmd
-
- if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then
- func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null`
- if test "$?" -ne 0; then
- # on failure, ensure result is empty
- func_cygpath_result=
- fi
- else
- func_cygpath_result=
- func_error "LT_CYGPATH is empty or specifies non-existent file: '$LT_CYGPATH'"
- fi
-}
-#end: func_cygpath
-
-
-# func_convert_core_msys_to_w32 ARG
-# Convert file name or path ARG from MSYS format to w32 format. Return
-# result in func_convert_core_msys_to_w32_result.
-func_convert_core_msys_to_w32 ()
-{
- $debug_cmd
-
- # awkward: cmd appends spaces to result
- func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null |
- $SED -e 's/[ ]*$//' -e "$sed_naive_backslashify"`
-}
-#end: func_convert_core_msys_to_w32
-
-
-# func_convert_file_check ARG1 ARG2
-# Verify that ARG1 (a file name in $build format) was converted to $host
-# format in ARG2. Otherwise, emit an error message, but continue (resetting
-# func_to_host_file_result to ARG1).
-func_convert_file_check ()
-{
- $debug_cmd
-
- if test -z "$2" && test -n "$1"; then
- func_error "Could not determine host file name corresponding to"
- func_error " '$1'"
- func_error "Continuing, but uninstalled executables may not work."
- # Fallback:
- func_to_host_file_result=$1
- fi
-}
-# end func_convert_file_check
-
-
-# func_convert_path_check FROM_PATHSEP TO_PATHSEP FROM_PATH TO_PATH
-# Verify that FROM_PATH (a path in $build format) was converted to $host
-# format in TO_PATH. Otherwise, emit an error message, but continue, resetting
-# func_to_host_file_result to a simplistic fallback value (see below).
-func_convert_path_check ()
-{
- $debug_cmd
-
- if test -z "$4" && test -n "$3"; then
- func_error "Could not determine the host path corresponding to"
- func_error " '$3'"
- func_error "Continuing, but uninstalled executables may not work."
- # Fallback. This is a deliberately simplistic "conversion" and
- # should not be "improved". See libtool.info.
- if test "x$1" != "x$2"; then
- lt_replace_pathsep_chars="s|$1|$2|g"
- func_to_host_path_result=`echo "$3" |
- $SED -e "$lt_replace_pathsep_chars"`
- else
- func_to_host_path_result=$3
- fi
- fi
-}
-# end func_convert_path_check
-
-
-# func_convert_path_front_back_pathsep FRONTPAT BACKPAT REPL ORIG
-# Modifies func_to_host_path_result by prepending REPL if ORIG matches FRONTPAT
-# and appending REPL if ORIG matches BACKPAT.
-func_convert_path_front_back_pathsep ()
-{
- $debug_cmd
-
- case $4 in
- $1 ) func_to_host_path_result=$3$func_to_host_path_result
- ;;
- esac
- case $4 in
- $2 ) func_append func_to_host_path_result "$3"
- ;;
- esac
-}
-# end func_convert_path_front_back_pathsep
-
-
-##################################################
-# $build to $host FILE NAME CONVERSION FUNCTIONS #
-##################################################
-# invoked via '$to_host_file_cmd ARG'
-#
-# In each case, ARG is the path to be converted from $build to $host format.
-# Result will be available in $func_to_host_file_result.
-
-
-# func_to_host_file ARG
-# Converts the file name ARG from $build format to $host format. Return result
-# in func_to_host_file_result.
-func_to_host_file ()
-{
- $debug_cmd
-
- $to_host_file_cmd "$1"
-}
-# end func_to_host_file
-
-
-# func_to_tool_file ARG LAZY
-# converts the file name ARG from $build format to toolchain format. Return
-# result in func_to_tool_file_result. If the conversion in use is listed
-# in (the comma separated) LAZY, no conversion takes place.
-func_to_tool_file ()
-{
- $debug_cmd
-
- case ,$2, in
- *,"$to_tool_file_cmd",*)
- func_to_tool_file_result=$1
- ;;
- *)
- $to_tool_file_cmd "$1"
- func_to_tool_file_result=$func_to_host_file_result
- ;;
- esac
-}
-# end func_to_tool_file
-
-
-# func_convert_file_noop ARG
-# Copy ARG to func_to_host_file_result.
-func_convert_file_noop ()
-{
- func_to_host_file_result=$1
-}
-# end func_convert_file_noop
-
-
-# func_convert_file_msys_to_w32 ARG
-# Convert file name ARG from (mingw) MSYS to (mingw) w32 format; automatic
-# conversion to w32 is not available inside the cwrapper. Returns result in
-# func_to_host_file_result.
-func_convert_file_msys_to_w32 ()
-{
- $debug_cmd
-
- func_to_host_file_result=$1
- if test -n "$1"; then
- func_convert_core_msys_to_w32 "$1"
- func_to_host_file_result=$func_convert_core_msys_to_w32_result
- fi
- func_convert_file_check "$1" "$func_to_host_file_result"
-}
-# end func_convert_file_msys_to_w32
-
-
-# func_convert_file_cygwin_to_w32 ARG
-# Convert file name ARG from Cygwin to w32 format. Returns result in
-# func_to_host_file_result.
-func_convert_file_cygwin_to_w32 ()
-{
- $debug_cmd
-
- func_to_host_file_result=$1
- if test -n "$1"; then
- # because $build is cygwin, we call "the" cygpath in $PATH; no need to use
- # LT_CYGPATH in this case.
- func_to_host_file_result=`cygpath -m "$1"`
- fi
- func_convert_file_check "$1" "$func_to_host_file_result"
-}
-# end func_convert_file_cygwin_to_w32
-
-
-# func_convert_file_nix_to_w32 ARG
-# Convert file name ARG from *nix to w32 format. Requires a wine environment
-# and a working winepath. Returns result in func_to_host_file_result.
-func_convert_file_nix_to_w32 ()
-{
- $debug_cmd
-
- func_to_host_file_result=$1
- if test -n "$1"; then
- func_convert_core_file_wine_to_w32 "$1"
- func_to_host_file_result=$func_convert_core_file_wine_to_w32_result
- fi
- func_convert_file_check "$1" "$func_to_host_file_result"
-}
-# end func_convert_file_nix_to_w32
-
-
-# func_convert_file_msys_to_cygwin ARG
-# Convert file name ARG from MSYS to Cygwin format. Requires LT_CYGPATH set.
-# Returns result in func_to_host_file_result.
-func_convert_file_msys_to_cygwin ()
-{
- $debug_cmd
-
- func_to_host_file_result=$1
- if test -n "$1"; then
- func_convert_core_msys_to_w32 "$1"
- func_cygpath -u "$func_convert_core_msys_to_w32_result"
- func_to_host_file_result=$func_cygpath_result
- fi
- func_convert_file_check "$1" "$func_to_host_file_result"
-}
-# end func_convert_file_msys_to_cygwin
-
-
-# func_convert_file_nix_to_cygwin ARG
-# Convert file name ARG from *nix to Cygwin format. Requires Cygwin installed
-# in a wine environment, working winepath, and LT_CYGPATH set. Returns result
-# in func_to_host_file_result.
-func_convert_file_nix_to_cygwin ()
-{
- $debug_cmd
-
- func_to_host_file_result=$1
- if test -n "$1"; then
- # convert from *nix to w32, then use cygpath to convert from w32 to cygwin.
- func_convert_core_file_wine_to_w32 "$1"
- func_cygpath -u "$func_convert_core_file_wine_to_w32_result"
- func_to_host_file_result=$func_cygpath_result
- fi
- func_convert_file_check "$1" "$func_to_host_file_result"
-}
-# end func_convert_file_nix_to_cygwin
-
-
-#############################################
-# $build to $host PATH CONVERSION FUNCTIONS #
-#############################################
-# invoked via '$to_host_path_cmd ARG'
-#
-# In each case, ARG is the path to be converted from $build to $host format.
-# The result will be available in $func_to_host_path_result.
-#
-# Path separators are also converted from $build format to $host format. If
-# ARG begins or ends with a path separator character, it is preserved (but
-# converted to $host format) on output.
-#
-# All path conversion functions are named using the following convention:
-# file name conversion function : func_convert_file_X_to_Y ()
-# path conversion function : func_convert_path_X_to_Y ()
-# where, for any given $build/$host combination the 'X_to_Y' value is the
-# same. If conversion functions are added for new $build/$host combinations,
-# the two new functions must follow this pattern, or func_init_to_host_path_cmd
-# will break.
-
-
-# func_init_to_host_path_cmd
-# Ensures that function "pointer" variable $to_host_path_cmd is set to the
-# appropriate value, based on the value of $to_host_file_cmd.
-to_host_path_cmd=
-func_init_to_host_path_cmd ()
-{
- $debug_cmd
-
- if test -z "$to_host_path_cmd"; then
- func_stripname 'func_convert_file_' '' "$to_host_file_cmd"
- to_host_path_cmd=func_convert_path_$func_stripname_result
- fi
-}
-
-
-# func_to_host_path ARG
-# Converts the path ARG from $build format to $host format. Return result
-# in func_to_host_path_result.
-func_to_host_path ()
-{
- $debug_cmd
-
- func_init_to_host_path_cmd
- $to_host_path_cmd "$1"
-}
-# end func_to_host_path
-
-
-# func_convert_path_noop ARG
-# Copy ARG to func_to_host_path_result.
-func_convert_path_noop ()
-{
- func_to_host_path_result=$1
-}
-# end func_convert_path_noop
-
-
-# func_convert_path_msys_to_w32 ARG
-# Convert path ARG from (mingw) MSYS to (mingw) w32 format; automatic
-# conversion to w32 is not available inside the cwrapper. Returns result in
-# func_to_host_path_result.
-func_convert_path_msys_to_w32 ()
-{
- $debug_cmd
-
- func_to_host_path_result=$1
- if test -n "$1"; then
- # Remove leading and trailing path separator characters from ARG. MSYS
- # behavior is inconsistent here; cygpath turns them into '.;' and ';.';
- # and winepath ignores them completely.
- func_stripname : : "$1"
- func_to_host_path_tmp1=$func_stripname_result
- func_convert_core_msys_to_w32 "$func_to_host_path_tmp1"
- func_to_host_path_result=$func_convert_core_msys_to_w32_result
- func_convert_path_check : ";" \
- "$func_to_host_path_tmp1" "$func_to_host_path_result"
- func_convert_path_front_back_pathsep ":*" "*:" ";" "$1"
- fi
-}
-# end func_convert_path_msys_to_w32
-
-
-# func_convert_path_cygwin_to_w32 ARG
-# Convert path ARG from Cygwin to w32 format. Returns result in
-# func_to_host_file_result.
-func_convert_path_cygwin_to_w32 ()
-{
- $debug_cmd
-
- func_to_host_path_result=$1
- if test -n "$1"; then
- # See func_convert_path_msys_to_w32:
- func_stripname : : "$1"
- func_to_host_path_tmp1=$func_stripname_result
- func_to_host_path_result=`cygpath -m -p "$func_to_host_path_tmp1"`
- func_convert_path_check : ";" \
- "$func_to_host_path_tmp1" "$func_to_host_path_result"
- func_convert_path_front_back_pathsep ":*" "*:" ";" "$1"
- fi
-}
-# end func_convert_path_cygwin_to_w32
-
-
-# func_convert_path_nix_to_w32 ARG
-# Convert path ARG from *nix to w32 format. Requires a wine environment and
-# a working winepath. Returns result in func_to_host_file_result.
-func_convert_path_nix_to_w32 ()
-{
- $debug_cmd
-
- func_to_host_path_result=$1
- if test -n "$1"; then
- # See func_convert_path_msys_to_w32:
- func_stripname : : "$1"
- func_to_host_path_tmp1=$func_stripname_result
- func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1"
- func_to_host_path_result=$func_convert_core_path_wine_to_w32_result
- func_convert_path_check : ";" \
- "$func_to_host_path_tmp1" "$func_to_host_path_result"
- func_convert_path_front_back_pathsep ":*" "*:" ";" "$1"
- fi
-}
-# end func_convert_path_nix_to_w32
-
-
-# func_convert_path_msys_to_cygwin ARG
-# Convert path ARG from MSYS to Cygwin format. Requires LT_CYGPATH set.
-# Returns result in func_to_host_file_result.
-func_convert_path_msys_to_cygwin ()
-{
- $debug_cmd
-
- func_to_host_path_result=$1
- if test -n "$1"; then
- # See func_convert_path_msys_to_w32:
- func_stripname : : "$1"
- func_to_host_path_tmp1=$func_stripname_result
- func_convert_core_msys_to_w32 "$func_to_host_path_tmp1"
- func_cygpath -u -p "$func_convert_core_msys_to_w32_result"
- func_to_host_path_result=$func_cygpath_result
- func_convert_path_check : : \
- "$func_to_host_path_tmp1" "$func_to_host_path_result"
- func_convert_path_front_back_pathsep ":*" "*:" : "$1"
- fi
-}
-# end func_convert_path_msys_to_cygwin
-
-
-# func_convert_path_nix_to_cygwin ARG
-# Convert path ARG from *nix to Cygwin format. Requires Cygwin installed in a
-# a wine environment, working winepath, and LT_CYGPATH set. Returns result in
-# func_to_host_file_result.
-func_convert_path_nix_to_cygwin ()
-{
- $debug_cmd
-
- func_to_host_path_result=$1
- if test -n "$1"; then
- # Remove leading and trailing path separator characters from
- # ARG. msys behavior is inconsistent here, cygpath turns them
- # into '.;' and ';.', and winepath ignores them completely.
- func_stripname : : "$1"
- func_to_host_path_tmp1=$func_stripname_result
- func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1"
- func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result"
- func_to_host_path_result=$func_cygpath_result
- func_convert_path_check : : \
- "$func_to_host_path_tmp1" "$func_to_host_path_result"
- func_convert_path_front_back_pathsep ":*" "*:" : "$1"
- fi
-}
-# end func_convert_path_nix_to_cygwin
-
-
-# func_dll_def_p FILE
-# True iff FILE is a Windows DLL '.def' file.
-# Keep in sync with _LT_DLL_DEF_P in libtool.m4
-func_dll_def_p ()
-{
- $debug_cmd
-
- func_dll_def_p_tmp=`$SED -n \
- -e 's/^[ ]*//' \
- -e '/^\(;.*\)*$/d' \
- -e 's/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p' \
- -e q \
- "$1"`
- test DEF = "$func_dll_def_p_tmp"
-}
-
-
-# func_mode_compile arg...
-func_mode_compile ()
-{
- $debug_cmd
-
- # Get the compilation command and the source file.
- base_compile=
- srcfile=$nonopt # always keep a non-empty value in "srcfile"
- suppress_opt=yes
- suppress_output=
- arg_mode=normal
- libobj=
- later=
- pie_flag=
-
- for arg
- do
- case $arg_mode in
- arg )
- # do not "continue". Instead, add this to base_compile
- lastarg=$arg
- arg_mode=normal
- ;;
-
- target )
- libobj=$arg
- arg_mode=normal
- continue
- ;;
-
- normal )
- # Accept any command-line options.
- case $arg in
- -o)
- test -n "$libobj" && \
- func_fatal_error "you cannot specify '-o' more than once"
- arg_mode=target
- continue
- ;;
-
- -pie | -fpie | -fPIE)
- func_append pie_flag " $arg"
- continue
- ;;
-
- -shared | -static | -prefer-pic | -prefer-non-pic)
- func_append later " $arg"
- continue
- ;;
-
- -no-suppress)
- suppress_opt=no
- continue
- ;;
-
- -Xcompiler)
- arg_mode=arg # the next one goes into the "base_compile" arg list
- continue # The current "srcfile" will either be retained or
- ;; # replaced later. I would guess that would be a bug.
-
- -Wc,*)
- func_stripname '-Wc,' '' "$arg"
- args=$func_stripname_result
- lastarg=
- save_ifs=$IFS; IFS=,
- for arg in $args; do
- IFS=$save_ifs
- func_append_quoted lastarg "$arg"
- done
- IFS=$save_ifs
- func_stripname ' ' '' "$lastarg"
- lastarg=$func_stripname_result
-
- # Add the arguments to base_compile.
- func_append base_compile " $lastarg"
- continue
- ;;
-
- *)
- # Accept the current argument as the source file.
- # The previous "srcfile" becomes the current argument.
- #
- lastarg=$srcfile
- srcfile=$arg
- ;;
- esac # case $arg
- ;;
- esac # case $arg_mode
-
- # Aesthetically quote the previous argument.
- func_append_quoted base_compile "$lastarg"
- done # for arg
-
- case $arg_mode in
- arg)
- func_fatal_error "you must specify an argument for -Xcompile"
- ;;
- target)
- func_fatal_error "you must specify a target with '-o'"
- ;;
- *)
- # Get the name of the library object.
- test -z "$libobj" && {
- func_basename "$srcfile"
- libobj=$func_basename_result
- }
- ;;
- esac
-
- # Recognize several different file suffixes.
- # If the user specifies -o file.o, it is replaced with file.lo
- case $libobj in
- *.[cCFSifmso] | \
- *.ada | *.adb | *.ads | *.asm | \
- *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \
- *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup)
- func_xform "$libobj"
- libobj=$func_xform_result
- ;;
- esac
-
- case $libobj in
- *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;;
- *)
- func_fatal_error "cannot determine name of library object from '$libobj'"
- ;;
- esac
-
- func_infer_tag $base_compile
-
- for arg in $later; do
- case $arg in
- -shared)
- test yes = "$build_libtool_libs" \
- || func_fatal_configuration "cannot build a shared library"
- build_old_libs=no
- continue
- ;;
-
- -static)
- build_libtool_libs=no
- build_old_libs=yes
- continue
- ;;
-
- -prefer-pic)
- pic_mode=yes
- continue
- ;;
-
- -prefer-non-pic)
- pic_mode=no
- continue
- ;;
- esac
- done
-
- func_quote_for_eval "$libobj"
- test "X$libobj" != "X$func_quote_for_eval_result" \
- && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \
- && func_warning "libobj name '$libobj' may not contain shell special characters."
- func_dirname_and_basename "$obj" "/" ""
- objname=$func_basename_result
- xdir=$func_dirname_result
- lobj=$xdir$objdir/$objname
-
- test -z "$base_compile" && \
- func_fatal_help "you must specify a compilation command"
-
- # Delete any leftover library objects.
- if test yes = "$build_old_libs"; then
- removelist="$obj $lobj $libobj ${libobj}T"
- else
- removelist="$lobj $libobj ${libobj}T"
- fi
-
- # On Cygwin there's no "real" PIC flag so we must build both object types
- case $host_os in
- cygwin* | mingw* | pw32* | os2* | cegcc*)
- pic_mode=default
- ;;
- esac
- if test no = "$pic_mode" && test pass_all != "$deplibs_check_method"; then
- # non-PIC code in shared libraries is not supported
- pic_mode=default
- fi
-
- # Calculate the filename of the output object if compiler does
- # not support -o with -c
- if test no = "$compiler_c_o"; then
- output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.$objext
- lockfile=$output_obj.lock
- else
- output_obj=
- need_locks=no
- lockfile=
- fi
-
- # Lock this critical section if it is needed
- # We use this script file to make the link, it avoids creating a new file
- if test yes = "$need_locks"; then
- until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do
- func_echo "Waiting for $lockfile to be removed"
- sleep 2
- done
- elif test warn = "$need_locks"; then
- if test -f "$lockfile"; then
- $ECHO "\
-*** ERROR, $lockfile exists and contains:
-`cat $lockfile 2>/dev/null`
-
-This indicates that another process is trying to use the same
-temporary object file, and libtool could not work around it because
-your compiler does not support '-c' and '-o' together. If you
-repeat this compilation, it may succeed, by chance, but you had better
-avoid parallel builds (make -j) in this platform, or get a better
-compiler."
-
- $opt_dry_run || $RM $removelist
- exit $EXIT_FAILURE
- fi
- func_append removelist " $output_obj"
- $ECHO "$srcfile" > "$lockfile"
- fi
-
- $opt_dry_run || $RM $removelist
- func_append removelist " $lockfile"
- trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15
-
- func_to_tool_file "$srcfile" func_convert_file_msys_to_w32
- srcfile=$func_to_tool_file_result
- func_quote_for_eval "$srcfile"
- qsrcfile=$func_quote_for_eval_result
-
- # Only build a PIC object if we are building libtool libraries.
- if test yes = "$build_libtool_libs"; then
- # Without this assignment, base_compile gets emptied.
- fbsd_hideous_sh_bug=$base_compile
-
- if test no != "$pic_mode"; then
- command="$base_compile $qsrcfile $pic_flag"
- else
- # Don't build PIC code
- command="$base_compile $qsrcfile"
- fi
-
- func_mkdir_p "$xdir$objdir"
-
- if test -z "$output_obj"; then
- # Place PIC objects in $objdir
- func_append command " -o $lobj"
- fi
-
- func_show_eval_locale "$command" \
- 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE'
-
- if test warn = "$need_locks" &&
- test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
- $ECHO "\
-*** ERROR, $lockfile contains:
-`cat $lockfile 2>/dev/null`
-
-but it should contain:
-$srcfile
-
-This indicates that another process is trying to use the same
-temporary object file, and libtool could not work around it because
-your compiler does not support '-c' and '-o' together. If you
-repeat this compilation, it may succeed, by chance, but you had better
-avoid parallel builds (make -j) in this platform, or get a better
-compiler."
-
- $opt_dry_run || $RM $removelist
- exit $EXIT_FAILURE
- fi
-
- # Just move the object if needed, then go on to compile the next one
- if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then
- func_show_eval '$MV "$output_obj" "$lobj"' \
- 'error=$?; $opt_dry_run || $RM $removelist; exit $error'
- fi
-
- # Allow error messages only from the first compilation.
- if test yes = "$suppress_opt"; then
- suppress_output=' >/dev/null 2>&1'
- fi
- fi
-
- # Only build a position-dependent object if we build old libraries.
- if test yes = "$build_old_libs"; then
- if test yes != "$pic_mode"; then
- # Don't build PIC code
- command="$base_compile $qsrcfile$pie_flag"
- else
- command="$base_compile $qsrcfile $pic_flag"
- fi
- if test yes = "$compiler_c_o"; then
- func_append command " -o $obj"
- fi
-
- # Suppress compiler output if we already did a PIC compilation.
- func_append command "$suppress_output"
- func_show_eval_locale "$command" \
- '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE'
-
- if test warn = "$need_locks" &&
- test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
- $ECHO "\
-*** ERROR, $lockfile contains:
-`cat $lockfile 2>/dev/null`
-
-but it should contain:
-$srcfile
-
-This indicates that another process is trying to use the same
-temporary object file, and libtool could not work around it because
-your compiler does not support '-c' and '-o' together. If you
-repeat this compilation, it may succeed, by chance, but you had better
-avoid parallel builds (make -j) in this platform, or get a better
-compiler."
-
- $opt_dry_run || $RM $removelist
- exit $EXIT_FAILURE
- fi
-
- # Just move the object if needed
- if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then
- func_show_eval '$MV "$output_obj" "$obj"' \
- 'error=$?; $opt_dry_run || $RM $removelist; exit $error'
- fi
- fi
-
- $opt_dry_run || {
- func_write_libtool_object "$libobj" "$objdir/$objname" "$objname"
-
- # Unlock the critical section if it was locked
- if test no != "$need_locks"; then
- removelist=$lockfile
- $RM "$lockfile"
- fi
- }
-
- exit $EXIT_SUCCESS
-}
-
-$opt_help || {
- test compile = "$opt_mode" && func_mode_compile ${1+"$@"}
-}
-
-func_mode_help ()
-{
- # We need to display help for each of the modes.
- case $opt_mode in
- "")
- # Generic help is extracted from the usage comments
- # at the start of this file.
- func_help
- ;;
-
- clean)
- $ECHO \
-"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE...
-
-Remove files from the build directory.
-
-RM is the name of the program to use to delete files associated with each FILE
-(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed
-to RM.
-
-If FILE is a libtool library, object or program, all the files associated
-with it are deleted. Otherwise, only FILE itself is deleted using RM."
- ;;
-
- compile)
- $ECHO \
-"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE
-
-Compile a source file into a libtool library object.
-
-This mode accepts the following additional options:
-
- -o OUTPUT-FILE set the output file name to OUTPUT-FILE
- -no-suppress do not suppress compiler output for multiple passes
- -prefer-pic try to build PIC objects only
- -prefer-non-pic try to build non-PIC objects only
- -shared do not build a '.o' file suitable for static linking
- -static only build a '.o' file suitable for static linking
- -Wc,FLAG pass FLAG directly to the compiler
-
-COMPILE-COMMAND is a command to be used in creating a 'standard' object file
-from the given SOURCEFILE.
-
-The output file name is determined by removing the directory component from
-SOURCEFILE, then substituting the C source code suffix '.c' with the
-library object suffix, '.lo'."
- ;;
-
- execute)
- $ECHO \
-"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]...
-
-Automatically set library path, then run a program.
-
-This mode accepts the following additional options:
-
- -dlopen FILE add the directory containing FILE to the library path
-
-This mode sets the library path environment variable according to '-dlopen'
-flags.
-
-If any of the ARGS are libtool executable wrappers, then they are translated
-into their corresponding uninstalled binary, and any of their required library
-directories are added to the library path.
-
-Then, COMMAND is executed, with ARGS as arguments."
- ;;
-
- finish)
- $ECHO \
-"Usage: $progname [OPTION]... --mode=finish [LIBDIR]...
-
-Complete the installation of libtool libraries.
-
-Each LIBDIR is a directory that contains libtool libraries.
-
-The commands that this mode executes may require superuser privileges. Use
-the '--dry-run' option if you just want to see what would be executed."
- ;;
-
- install)
- $ECHO \
-"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND...
-
-Install executables or libraries.
-
-INSTALL-COMMAND is the installation command. The first component should be
-either the 'install' or 'cp' program.
-
-The following components of INSTALL-COMMAND are treated specially:
-
- -inst-prefix-dir PREFIX-DIR Use PREFIX-DIR as a staging area for installation
-
-The rest of the components are interpreted as arguments to that command (only
-BSD-compatible install options are recognized)."
- ;;
-
- link)
- $ECHO \
-"Usage: $progname [OPTION]... --mode=link LINK-COMMAND...
-
-Link object files or libraries together to form another library, or to
-create an executable program.
-
-LINK-COMMAND is a command using the C compiler that you would use to create
-a program from several object files.
-
-The following components of LINK-COMMAND are treated specially:
-
- -all-static do not do any dynamic linking at all
- -avoid-version do not add a version suffix if possible
- -bindir BINDIR specify path to binaries directory (for systems where
- libraries must be found in the PATH setting at runtime)
- -dlopen FILE '-dlpreopen' FILE if it cannot be dlopened at runtime
- -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols
- -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
- -export-symbols SYMFILE
- try to export only the symbols listed in SYMFILE
- -export-symbols-regex REGEX
- try to export only the symbols matching REGEX
- -LLIBDIR search LIBDIR for required installed libraries
- -lNAME OUTPUT-FILE requires the installed library libNAME
- -module build a library that can dlopened
- -no-fast-install disable the fast-install mode
- -no-install link a not-installable executable
- -no-undefined declare that a library does not refer to external symbols
- -o OUTPUT-FILE create OUTPUT-FILE from the specified objects
- -objectlist FILE use a list of object files found in FILE to specify objects
- -os2dllname NAME force a short DLL name on OS/2 (no effect on other OSes)
- -precious-files-regex REGEX
- don't remove output files matching REGEX
- -release RELEASE specify package release information
- -rpath LIBDIR the created library will eventually be installed in LIBDIR
- -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries
- -shared only do dynamic linking of libtool libraries
- -shrext SUFFIX override the standard shared library file extension
- -static do not do any dynamic linking of uninstalled libtool libraries
- -static-libtool-libs
- do not do any dynamic linking of libtool libraries
- -version-info CURRENT[:REVISION[:AGE]]
- specify library version info [each variable defaults to 0]
- -weak LIBNAME declare that the target provides the LIBNAME interface
- -Wc,FLAG
- -Xcompiler FLAG pass linker-specific FLAG directly to the compiler
- -Wl,FLAG
- -Xlinker FLAG pass linker-specific FLAG directly to the linker
- -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC)
-
-All other options (arguments beginning with '-') are ignored.
-
-Every other argument is treated as a filename. Files ending in '.la' are
-treated as uninstalled libtool libraries, other files are standard or library
-object files.
-
-If the OUTPUT-FILE ends in '.la', then a libtool library is created,
-only library objects ('.lo' files) may be specified, and '-rpath' is
-required, except when creating a convenience library.
-
-If OUTPUT-FILE ends in '.a' or '.lib', then a standard library is created
-using 'ar' and 'ranlib', or on Windows using 'lib'.
-
-If OUTPUT-FILE ends in '.lo' or '.$objext', then a reloadable object file
-is created, otherwise an executable program is created."
- ;;
-
- uninstall)
- $ECHO \
-"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE...
-
-Remove libraries from an installation directory.
-
-RM is the name of the program to use to delete files associated with each FILE
-(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed
-to RM.
-
-If FILE is a libtool library, all the files associated with it are deleted.
-Otherwise, only FILE itself is deleted using RM."
- ;;
-
- *)
- func_fatal_help "invalid operation mode '$opt_mode'"
- ;;
- esac
-
- echo
- $ECHO "Try '$progname --help' for more information about other modes."
-}
-
-# Now that we've collected a possible --mode arg, show help if necessary
-if $opt_help; then
- if test : = "$opt_help"; then
- func_mode_help
- else
- {
- func_help noexit
- for opt_mode in compile link execute install finish uninstall clean; do
- func_mode_help
- done
- } | $SED -n '1p; 2,$s/^Usage:/ or: /p'
- {
- func_help noexit
- for opt_mode in compile link execute install finish uninstall clean; do
- echo
- func_mode_help
- done
- } |
- $SED '1d
- /^When reporting/,/^Report/{
- H
- d
- }
- $x
- /information about other modes/d
- /more detailed .*MODE/d
- s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/'
- fi
- exit $?
-fi
-
-
-# func_mode_execute arg...
-func_mode_execute ()
-{
- $debug_cmd
-
- # The first argument is the command name.
- cmd=$nonopt
- test -z "$cmd" && \
- func_fatal_help "you must specify a COMMAND"
-
- # Handle -dlopen flags immediately.
- for file in $opt_dlopen; do
- test -f "$file" \
- || func_fatal_help "'$file' is not a file"
-
- dir=
- case $file in
- *.la)
- func_resolve_sysroot "$file"
- file=$func_resolve_sysroot_result
-
- # Check to see that this really is a libtool archive.
- func_lalib_unsafe_p "$file" \
- || func_fatal_help "'$lib' is not a valid libtool archive"
-
- # Read the libtool library.
- dlname=
- library_names=
- func_source "$file"
-
- # Skip this library if it cannot be dlopened.
- if test -z "$dlname"; then
- # Warn if it was a shared library.
- test -n "$library_names" && \
- func_warning "'$file' was not linked with '-export-dynamic'"
- continue
- fi
-
- func_dirname "$file" "" "."
- dir=$func_dirname_result
-
- if test -f "$dir/$objdir/$dlname"; then
- func_append dir "/$objdir"
- else
- if test ! -f "$dir/$dlname"; then
- func_fatal_error "cannot find '$dlname' in '$dir' or '$dir/$objdir'"
- fi
- fi
- ;;
-
- *.lo)
- # Just add the directory containing the .lo file.
- func_dirname "$file" "" "."
- dir=$func_dirname_result
- ;;
-
- *)
- func_warning "'-dlopen' is ignored for non-libtool libraries and objects"
- continue
- ;;
- esac
-
- # Get the absolute pathname.
- absdir=`cd "$dir" && pwd`
- test -n "$absdir" && dir=$absdir
-
- # Now add the directory to shlibpath_var.
- if eval "test -z \"\$$shlibpath_var\""; then
- eval "$shlibpath_var=\"\$dir\""
- else
- eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\""
- fi
- done
-
- # This variable tells wrapper scripts just to set shlibpath_var
- # rather than running their programs.
- libtool_execute_magic=$magic
-
- # Check if any of the arguments is a wrapper script.
- args=
- for file
- do
- case $file in
- -* | *.la | *.lo ) ;;
- *)
- # Do a test to see if this is really a libtool program.
- if func_ltwrapper_script_p "$file"; then
- func_source "$file"
- # Transform arg to wrapped name.
- file=$progdir/$program
- elif func_ltwrapper_executable_p "$file"; then
- func_ltwrapper_scriptname "$file"
- func_source "$func_ltwrapper_scriptname_result"
- # Transform arg to wrapped name.
- file=$progdir/$program
- fi
- ;;
- esac
- # Quote arguments (to preserve shell metacharacters).
- func_append_quoted args "$file"
- done
-
- if $opt_dry_run; then
- # Display what would be done.
- if test -n "$shlibpath_var"; then
- eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\""
- echo "export $shlibpath_var"
- fi
- $ECHO "$cmd$args"
- exit $EXIT_SUCCESS
- else
- if test -n "$shlibpath_var"; then
- # Export the shlibpath_var.
- eval "export $shlibpath_var"
- fi
-
- # Restore saved environment variables
- for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
- do
- eval "if test \"\${save_$lt_var+set}\" = set; then
- $lt_var=\$save_$lt_var; export $lt_var
- else
- $lt_unset $lt_var
- fi"
- done
-
- # Now prepare to actually exec the command.
- exec_cmd=\$cmd$args
- fi
-}
-
-test execute = "$opt_mode" && func_mode_execute ${1+"$@"}
-
-
-# func_mode_finish arg...
-func_mode_finish ()
-{
- $debug_cmd
-
- libs=
- libdirs=
- admincmds=
-
- for opt in "$nonopt" ${1+"$@"}
- do
- if test -d "$opt"; then
- func_append libdirs " $opt"
-
- elif test -f "$opt"; then
- if func_lalib_unsafe_p "$opt"; then
- func_append libs " $opt"
- else
- func_warning "'$opt' is not a valid libtool archive"
- fi
-
- else
- func_fatal_error "invalid argument '$opt'"
- fi
- done
-
- if test -n "$libs"; then
- if test -n "$lt_sysroot"; then
- sysroot_regex=`$ECHO "$lt_sysroot" | $SED "$sed_make_literal_regex"`
- sysroot_cmd="s/\([ ']\)$sysroot_regex/\1/g;"
- else
- sysroot_cmd=
- fi
-
- # Remove sysroot references
- if $opt_dry_run; then
- for lib in $libs; do
- echo "removing references to $lt_sysroot and '=' prefixes from $lib"
- done
- else
- tmpdir=`func_mktempdir`
- for lib in $libs; do
- $SED -e "$sysroot_cmd s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \
- > $tmpdir/tmp-la
- mv -f $tmpdir/tmp-la $lib
- done
- ${RM}r "$tmpdir"
- fi
- fi
-
- if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
- for libdir in $libdirs; do
- if test -n "$finish_cmds"; then
- # Do each command in the finish commands.
- func_execute_cmds "$finish_cmds" 'admincmds="$admincmds
-'"$cmd"'"'
- fi
- if test -n "$finish_eval"; then
- # Do the single finish_eval.
- eval cmds=\"$finish_eval\"
- $opt_dry_run || eval "$cmds" || func_append admincmds "
- $cmds"
- fi
- done
- fi
-
- # Exit here if they wanted silent mode.
- $opt_quiet && exit $EXIT_SUCCESS
-
- if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
- echo "----------------------------------------------------------------------"
- echo "Libraries have been installed in:"
- for libdir in $libdirs; do
- $ECHO " $libdir"
- done
- echo
- echo "If you ever happen to want to link against installed libraries"
- echo "in a given directory, LIBDIR, you must either use libtool, and"
- echo "specify the full pathname of the library, or use the '-LLIBDIR'"
- echo "flag during linking and do at least one of the following:"
- if test -n "$shlibpath_var"; then
- echo " - add LIBDIR to the '$shlibpath_var' environment variable"
- echo " during execution"
- fi
- if test -n "$runpath_var"; then
- echo " - add LIBDIR to the '$runpath_var' environment variable"
- echo " during linking"
- fi
- if test -n "$hardcode_libdir_flag_spec"; then
- libdir=LIBDIR
- eval flag=\"$hardcode_libdir_flag_spec\"
-
- $ECHO " - use the '$flag' linker flag"
- fi
- if test -n "$admincmds"; then
- $ECHO " - have your system administrator run these commands:$admincmds"
- fi
- if test -f /etc/ld.so.conf; then
- echo " - have your system administrator add LIBDIR to '/etc/ld.so.conf'"
- fi
- echo
-
- echo "See any operating system documentation about shared libraries for"
- case $host in
- solaris2.[6789]|solaris2.1[0-9])
- echo "more information, such as the ld(1), crle(1) and ld.so(8) manual"
- echo "pages."
- ;;
- *)
- echo "more information, such as the ld(1) and ld.so(8) manual pages."
- ;;
- esac
- echo "----------------------------------------------------------------------"
- fi
- exit $EXIT_SUCCESS
-}
-
-test finish = "$opt_mode" && func_mode_finish ${1+"$@"}
-
-
-# func_mode_install arg...
-func_mode_install ()
-{
- $debug_cmd
-
- # There may be an optional sh(1) argument at the beginning of
- # install_prog (especially on Windows NT).
- if test "$SHELL" = "$nonopt" || test /bin/sh = "$nonopt" ||
- # Allow the use of GNU shtool's install command.
- case $nonopt in *shtool*) :;; *) false;; esac
- then
- # Aesthetically quote it.
- func_quote_for_eval "$nonopt"
- install_prog="$func_quote_for_eval_result "
- arg=$1
- shift
- else
- install_prog=
- arg=$nonopt
- fi
-
- # The real first argument should be the name of the installation program.
- # Aesthetically quote it.
- func_quote_for_eval "$arg"
- func_append install_prog "$func_quote_for_eval_result"
- install_shared_prog=$install_prog
- case " $install_prog " in
- *[\\\ /]cp\ *) install_cp=: ;;
- *) install_cp=false ;;
- esac
-
- # We need to accept at least all the BSD install flags.
- dest=
- files=
- opts=
- prev=
- install_type=
- isdir=false
- stripme=
- no_mode=:
- for arg
- do
- arg2=
- if test -n "$dest"; then
- func_append files " $dest"
- dest=$arg
- continue
- fi
-
- case $arg in
- -d) isdir=: ;;
- -f)
- if $install_cp; then :; else
- prev=$arg
- fi
- ;;
- -g | -m | -o)
- prev=$arg
- ;;
- -s)
- stripme=" -s"
- continue
- ;;
- -*)
- ;;
- *)
- # If the previous option needed an argument, then skip it.
- if test -n "$prev"; then
- if test X-m = "X$prev" && test -n "$install_override_mode"; then
- arg2=$install_override_mode
- no_mode=false
- fi
- prev=
- else
- dest=$arg
- continue
- fi
- ;;
- esac
-
- # Aesthetically quote the argument.
- func_quote_for_eval "$arg"
- func_append install_prog " $func_quote_for_eval_result"
- if test -n "$arg2"; then
- func_quote_for_eval "$arg2"
- fi
- func_append install_shared_prog " $func_quote_for_eval_result"
- done
-
- test -z "$install_prog" && \
- func_fatal_help "you must specify an install program"
-
- test -n "$prev" && \
- func_fatal_help "the '$prev' option requires an argument"
-
- if test -n "$install_override_mode" && $no_mode; then
- if $install_cp; then :; else
- func_quote_for_eval "$install_override_mode"
- func_append install_shared_prog " -m $func_quote_for_eval_result"
- fi
- fi
-
- if test -z "$files"; then
- if test -z "$dest"; then
- func_fatal_help "no file or destination specified"
- else
- func_fatal_help "you must specify a destination"
- fi
- fi
-
- # Strip any trailing slash from the destination.
- func_stripname '' '/' "$dest"
- dest=$func_stripname_result
-
- # Check to see that the destination is a directory.
- test -d "$dest" && isdir=:
- if $isdir; then
- destdir=$dest
- destname=
- else
- func_dirname_and_basename "$dest" "" "."
- destdir=$func_dirname_result
- destname=$func_basename_result
-
- # Not a directory, so check to see that there is only one file specified.
- set dummy $files; shift
- test "$#" -gt 1 && \
- func_fatal_help "'$dest' is not a directory"
- fi
- case $destdir in
- [\\/]* | [A-Za-z]:[\\/]*) ;;
- *)
- for file in $files; do
- case $file in
- *.lo) ;;
- *)
- func_fatal_help "'$destdir' must be an absolute directory name"
- ;;
- esac
- done
- ;;
- esac
-
- # This variable tells wrapper scripts just to set variables rather
- # than running their programs.
- libtool_install_magic=$magic
-
- staticlibs=
- future_libdirs=
- current_libdirs=
- for file in $files; do
-
- # Do each installation.
- case $file in
- *.$libext)
- # Do the static libraries later.
- func_append staticlibs " $file"
- ;;
-
- *.la)
- func_resolve_sysroot "$file"
- file=$func_resolve_sysroot_result
-
- # Check to see that this really is a libtool archive.
- func_lalib_unsafe_p "$file" \
- || func_fatal_help "'$file' is not a valid libtool archive"
-
- library_names=
- old_library=
- relink_command=
- func_source "$file"
-
- # Add the libdir to current_libdirs if it is the destination.
- if test "X$destdir" = "X$libdir"; then
- case "$current_libdirs " in
- *" $libdir "*) ;;
- *) func_append current_libdirs " $libdir" ;;
- esac
- else
- # Note the libdir as a future libdir.
- case "$future_libdirs " in
- *" $libdir "*) ;;
- *) func_append future_libdirs " $libdir" ;;
- esac
- fi
-
- func_dirname "$file" "/" ""
- dir=$func_dirname_result
- func_append dir "$objdir"
-
- if test -n "$relink_command"; then
- # Determine the prefix the user has applied to our future dir.
- inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"`
-
- # Don't allow the user to place us outside of our expected
- # location b/c this prevents finding dependent libraries that
- # are installed to the same prefix.
- # At present, this check doesn't affect windows .dll's that
- # are installed into $libdir/../bin (currently, that works fine)
- # but it's something to keep an eye on.
- test "$inst_prefix_dir" = "$destdir" && \
- func_fatal_error "error: cannot install '$file' to a directory not ending in $libdir"
-
- if test -n "$inst_prefix_dir"; then
- # Stick the inst_prefix_dir data into the link command.
- relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"`
- else
- relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"`
- fi
-
- func_warning "relinking '$file'"
- func_show_eval "$relink_command" \
- 'func_fatal_error "error: relink '\''$file'\'' with the above command before installing it"'
- fi
-
- # See the names of the shared library.
- set dummy $library_names; shift
- if test -n "$1"; then
- realname=$1
- shift
-
- srcname=$realname
- test -n "$relink_command" && srcname=${realname}T
-
- # Install the shared library and build the symlinks.
- func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \
- 'exit $?'
- tstripme=$stripme
- case $host_os in
- cygwin* | mingw* | pw32* | cegcc*)
- case $realname in
- *.dll.a)
- tstripme=
- ;;
- esac
- ;;
- os2*)
- case $realname in
- *_dll.a)
- tstripme=
- ;;
- esac
- ;;
- esac
- if test -n "$tstripme" && test -n "$striplib"; then
- func_show_eval "$striplib $destdir/$realname" 'exit $?'
- fi
-
- if test "$#" -gt 0; then
- # Delete the old symlinks, and create new ones.
- # Try 'ln -sf' first, because the 'ln' binary might depend on
- # the symlink we replace! Solaris /bin/ln does not understand -f,
- # so we also need to try rm && ln -s.
- for linkname
- do
- test "$linkname" != "$realname" \
- && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })"
- done
- fi
-
- # Do each command in the postinstall commands.
- lib=$destdir/$realname
- func_execute_cmds "$postinstall_cmds" 'exit $?'
- fi
-
- # Install the pseudo-library for information purposes.
- func_basename "$file"
- name=$func_basename_result
- instname=$dir/${name}i
- func_show_eval "$install_prog $instname $destdir/$name" 'exit $?'
-
- # Maybe install the static library, too.
- test -n "$old_library" && func_append staticlibs " $dir/$old_library"
- ;;
-
- *.lo)
- # Install (i.e. copy) a libtool object.
-
- # Figure out destination file name, if it wasn't already specified.
- if test -n "$destname"; then
- destfile=$destdir/$destname
- else
- func_basename "$file"
- destfile=$func_basename_result
- destfile=$destdir/$destfile
- fi
-
- # Deduce the name of the destination old-style object file.
- case $destfile in
- *.lo)
- func_lo2o "$destfile"
- staticdest=$func_lo2o_result
- ;;
- *.$objext)
- staticdest=$destfile
- destfile=
- ;;
- *)
- func_fatal_help "cannot copy a libtool object to '$destfile'"
- ;;
- esac
-
- # Install the libtool object if requested.
- test -n "$destfile" && \
- func_show_eval "$install_prog $file $destfile" 'exit $?'
-
- # Install the old object if enabled.
- if test yes = "$build_old_libs"; then
- # Deduce the name of the old-style object file.
- func_lo2o "$file"
- staticobj=$func_lo2o_result
- func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?'
- fi
- exit $EXIT_SUCCESS
- ;;
-
- *)
- # Figure out destination file name, if it wasn't already specified.
- if test -n "$destname"; then
- destfile=$destdir/$destname
- else
- func_basename "$file"
- destfile=$func_basename_result
- destfile=$destdir/$destfile
- fi
-
- # If the file is missing, and there is a .exe on the end, strip it
- # because it is most likely a libtool script we actually want to
- # install
- stripped_ext=
- case $file in
- *.exe)
- if test ! -f "$file"; then
- func_stripname '' '.exe' "$file"
- file=$func_stripname_result
- stripped_ext=.exe
- fi
- ;;
- esac
-
- # Do a test to see if this is really a libtool program.
- case $host in
- *cygwin* | *mingw*)
- if func_ltwrapper_executable_p "$file"; then
- func_ltwrapper_scriptname "$file"
- wrapper=$func_ltwrapper_scriptname_result
- else
- func_stripname '' '.exe' "$file"
- wrapper=$func_stripname_result
- fi
- ;;
- *)
- wrapper=$file
- ;;
- esac
- if func_ltwrapper_script_p "$wrapper"; then
- notinst_deplibs=
- relink_command=
-
- func_source "$wrapper"
-
- # Check the variables that should have been set.
- test -z "$generated_by_libtool_version" && \
- func_fatal_error "invalid libtool wrapper script '$wrapper'"
-
- finalize=:
- for lib in $notinst_deplibs; do
- # Check to see that each library is installed.
- libdir=
- if test -f "$lib"; then
- func_source "$lib"
- fi
- libfile=$libdir/`$ECHO "$lib" | $SED 's%^.*/%%g'`
- if test -n "$libdir" && test ! -f "$libfile"; then
- func_warning "'$lib' has not been installed in '$libdir'"
- finalize=false
- fi
- done
-
- relink_command=
- func_source "$wrapper"
-
- outputname=
- if test no = "$fast_install" && test -n "$relink_command"; then
- $opt_dry_run || {
- if $finalize; then
- tmpdir=`func_mktempdir`
- func_basename "$file$stripped_ext"
- file=$func_basename_result
- outputname=$tmpdir/$file
- # Replace the output file specification.
- relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'`
-
- $opt_quiet || {
- func_quote_for_expand "$relink_command"
- eval "func_echo $func_quote_for_expand_result"
- }
- if eval "$relink_command"; then :
- else
- func_error "error: relink '$file' with the above command before installing it"
- $opt_dry_run || ${RM}r "$tmpdir"
- continue
- fi
- file=$outputname
- else
- func_warning "cannot relink '$file'"
- fi
- }
- else
- # Install the binary that we compiled earlier.
- file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"`
- fi
- fi
-
- # remove .exe since cygwin /usr/bin/install will append another
- # one anyway
- case $install_prog,$host in
- */usr/bin/install*,*cygwin*)
- case $file:$destfile in
- *.exe:*.exe)
- # this is ok
- ;;
- *.exe:*)
- destfile=$destfile.exe
- ;;
- *:*.exe)
- func_stripname '' '.exe' "$destfile"
- destfile=$func_stripname_result
- ;;
- esac
- ;;
- esac
- func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?'
- $opt_dry_run || if test -n "$outputname"; then
- ${RM}r "$tmpdir"
- fi
- ;;
- esac
- done
-
- for file in $staticlibs; do
- func_basename "$file"
- name=$func_basename_result
-
- # Set up the ranlib parameters.
- oldlib=$destdir/$name
- func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
- tool_oldlib=$func_to_tool_file_result
-
- func_show_eval "$install_prog \$file \$oldlib" 'exit $?'
-
- if test -n "$stripme" && test -n "$old_striplib"; then
- func_show_eval "$old_striplib $tool_oldlib" 'exit $?'
- fi
-
- # Do each command in the postinstall commands.
- func_execute_cmds "$old_postinstall_cmds" 'exit $?'
- done
-
- test -n "$future_libdirs" && \
- func_warning "remember to run '$progname --finish$future_libdirs'"
-
- if test -n "$current_libdirs"; then
- # Maybe just do a dry run.
- $opt_dry_run && current_libdirs=" -n$current_libdirs"
- exec_cmd='$SHELL "$progpath" $preserve_args --finish$current_libdirs'
- else
- exit $EXIT_SUCCESS
- fi
-}
-
-test install = "$opt_mode" && func_mode_install ${1+"$@"}
-
-
-# func_generate_dlsyms outputname originator pic_p
-# Extract symbols from dlprefiles and create ${outputname}S.o with
-# a dlpreopen symbol table.
-func_generate_dlsyms ()
-{
- $debug_cmd
-
- my_outputname=$1
- my_originator=$2
- my_pic_p=${3-false}
- my_prefix=`$ECHO "$my_originator" | $SED 's%[^a-zA-Z0-9]%_%g'`
- my_dlsyms=
-
- if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then
- if test -n "$NM" && test -n "$global_symbol_pipe"; then
- my_dlsyms=${my_outputname}S.c
- else
- func_error "not configured to extract global symbols from dlpreopened files"
- fi
- fi
-
- if test -n "$my_dlsyms"; then
- case $my_dlsyms in
- "") ;;
- *.c)
- # Discover the nlist of each of the dlfiles.
- nlist=$output_objdir/$my_outputname.nm
-
- func_show_eval "$RM $nlist ${nlist}S ${nlist}T"
-
- # Parse the name list into a source file.
- func_verbose "creating $output_objdir/$my_dlsyms"
-
- $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\
-/* $my_dlsyms - symbol resolution table for '$my_outputname' dlsym emulation. */
-/* Generated by $PROGRAM (GNU $PACKAGE) $VERSION */
-
-#ifdef __cplusplus
-extern \"C\" {
-#endif
-
-#if defined __GNUC__ && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4))
-#pragma GCC diagnostic ignored \"-Wstrict-prototypes\"
-#endif
-
-/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */
-#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
-/* DATA imports from DLLs on WIN32 can't be const, because runtime
- relocations are performed -- see ld's documentation on pseudo-relocs. */
-# define LT_DLSYM_CONST
-#elif defined __osf__
-/* This system does not cope well with relocations in const data. */
-# define LT_DLSYM_CONST
-#else
-# define LT_DLSYM_CONST const
-#endif
-
-#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0)
-
-/* External symbol declarations for the compiler. */\
-"
-
- if test yes = "$dlself"; then
- func_verbose "generating symbol list for '$output'"
-
- $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist"
-
- # Add our own program objects to the symbol list.
- progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP`
- for progfile in $progfiles; do
- func_to_tool_file "$progfile" func_convert_file_msys_to_w32
- func_verbose "extracting global C symbols from '$func_to_tool_file_result'"
- $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'"
- done
-
- if test -n "$exclude_expsyms"; then
- $opt_dry_run || {
- eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
- eval '$MV "$nlist"T "$nlist"'
- }
- fi
-
- if test -n "$export_symbols_regex"; then
- $opt_dry_run || {
- eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T'
- eval '$MV "$nlist"T "$nlist"'
- }
- fi
-
- # Prepare the list of exported symbols
- if test -z "$export_symbols"; then
- export_symbols=$output_objdir/$outputname.exp
- $opt_dry_run || {
- $RM $export_symbols
- eval "$SED -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
- case $host in
- *cygwin* | *mingw* | *cegcc* )
- eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
- eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"'
- ;;
- esac
- }
- else
- $opt_dry_run || {
- eval "$SED -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
- eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
- eval '$MV "$nlist"T "$nlist"'
- case $host in
- *cygwin* | *mingw* | *cegcc* )
- eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
- eval 'cat "$nlist" >> "$output_objdir/$outputname.def"'
- ;;
- esac
- }
- fi
- fi
-
- for dlprefile in $dlprefiles; do
- func_verbose "extracting global C symbols from '$dlprefile'"
- func_basename "$dlprefile"
- name=$func_basename_result
- case $host in
- *cygwin* | *mingw* | *cegcc* )
- # if an import library, we need to obtain dlname
- if func_win32_import_lib_p "$dlprefile"; then
- func_tr_sh "$dlprefile"
- eval "curr_lafile=\$libfile_$func_tr_sh_result"
- dlprefile_dlbasename=
- if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then
- # Use subshell, to avoid clobbering current variable values
- dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"`
- if test -n "$dlprefile_dlname"; then
- func_basename "$dlprefile_dlname"
- dlprefile_dlbasename=$func_basename_result
- else
- # no lafile. user explicitly requested -dlpreopen <import library>.
- $sharedlib_from_linklib_cmd "$dlprefile"
- dlprefile_dlbasename=$sharedlib_from_linklib_result
- fi
- fi
- $opt_dry_run || {
- if test -n "$dlprefile_dlbasename"; then
- eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"'
- else
- func_warning "Could not compute DLL name from $name"
- eval '$ECHO ": $name " >> "$nlist"'
- fi
- func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32
- eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe |
- $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'"
- }
- else # not an import lib
- $opt_dry_run || {
- eval '$ECHO ": $name " >> "$nlist"'
- func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32
- eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'"
- }
- fi
- ;;
- *)
- $opt_dry_run || {
- eval '$ECHO ": $name " >> "$nlist"'
- func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32
- eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'"
- }
- ;;
- esac
- done
-
- $opt_dry_run || {
- # Make sure we have at least an empty file.
- test -f "$nlist" || : > "$nlist"
-
- if test -n "$exclude_expsyms"; then
- $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
- $MV "$nlist"T "$nlist"
- fi
-
- # Try sorting and uniquifying the output.
- if $GREP -v "^: " < "$nlist" |
- if sort -k 3 </dev/null >/dev/null 2>&1; then
- sort -k 3
- else
- sort +2
- fi |
- uniq > "$nlist"S; then
- :
- else
- $GREP -v "^: " < "$nlist" > "$nlist"S
- fi
-
- if test -f "$nlist"S; then
- eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"'
- else
- echo '/* NONE */' >> "$output_objdir/$my_dlsyms"
- fi
-
- func_show_eval '$RM "${nlist}I"'
- if test -n "$global_symbol_to_import"; then
- eval "$global_symbol_to_import"' < "$nlist"S > "$nlist"I'
- fi
-
- echo >> "$output_objdir/$my_dlsyms" "\
-
-/* The mapping between symbol names and symbols. */
-typedef struct {
- const char *name;
- void *address;
-} lt_dlsymlist;
-extern LT_DLSYM_CONST lt_dlsymlist
-lt_${my_prefix}_LTX_preloaded_symbols[];\
-"
-
- if test -s "$nlist"I; then
- echo >> "$output_objdir/$my_dlsyms" "\
-static void lt_syminit(void)
-{
- LT_DLSYM_CONST lt_dlsymlist *symbol = lt_${my_prefix}_LTX_preloaded_symbols;
- for (; symbol->name; ++symbol)
- {"
- $SED 's/.*/ if (STREQ (symbol->name, \"&\")) symbol->address = (void *) \&&;/' < "$nlist"I >> "$output_objdir/$my_dlsyms"
- echo >> "$output_objdir/$my_dlsyms" "\
- }
-}"
- fi
- echo >> "$output_objdir/$my_dlsyms" "\
-LT_DLSYM_CONST lt_dlsymlist
-lt_${my_prefix}_LTX_preloaded_symbols[] =
-{ {\"$my_originator\", (void *) 0},"
-
- if test -s "$nlist"I; then
- echo >> "$output_objdir/$my_dlsyms" "\
- {\"@INIT@\", (void *) <_syminit},"
- fi
-
- case $need_lib_prefix in
- no)
- eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms"
- ;;
- *)
- eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms"
- ;;
- esac
- echo >> "$output_objdir/$my_dlsyms" "\
- {0, (void *) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
- return lt_${my_prefix}_LTX_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif\
-"
- } # !$opt_dry_run
-
- pic_flag_for_symtable=
- case "$compile_command " in
- *" -static "*) ;;
- *)
- case $host in
- # compiling the symbol table file with pic_flag works around
- # a FreeBSD bug that causes programs to crash when -lm is
- # linked before any other PIC object. But we must not use
- # pic_flag when linking with -static. The problem exists in
- # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
- *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
- pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;;
- *-*-hpux*)
- pic_flag_for_symtable=" $pic_flag" ;;
- *)
- $my_pic_p && pic_flag_for_symtable=" $pic_flag"
- ;;
- esac
- ;;
- esac
- symtab_cflags=
- for arg in $LTCFLAGS; do
- case $arg in
- -pie | -fpie | -fPIE) ;;
- *) func_append symtab_cflags " $arg" ;;
- esac
- done
-
- # Now compile the dynamic symbol file.
- func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?'
-
- # Clean up the generated files.
- func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T" "${nlist}I"'
-
- # Transform the symbol file into the correct name.
- symfileobj=$output_objdir/${my_outputname}S.$objext
- case $host in
- *cygwin* | *mingw* | *cegcc* )
- if test -f "$output_objdir/$my_outputname.def"; then
- compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
- finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
- else
- compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"`
- finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"`
- fi
- ;;
- *)
- compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"`
- finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"`
- ;;
- esac
- ;;
- *)
- func_fatal_error "unknown suffix for '$my_dlsyms'"
- ;;
- esac
- else
- # We keep going just in case the user didn't refer to
- # lt_preloaded_symbols. The linker will fail if global_symbol_pipe
- # really was required.
-
- # Nullify the symbol file.
- compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"`
- finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"`
- fi
-}
-
-# func_cygming_gnu_implib_p ARG
-# This predicate returns with zero status (TRUE) if
-# ARG is a GNU/binutils-style import library. Returns
-# with nonzero status (FALSE) otherwise.
-func_cygming_gnu_implib_p ()
-{
- $debug_cmd
-
- func_to_tool_file "$1" func_convert_file_msys_to_w32
- func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'`
- test -n "$func_cygming_gnu_implib_tmp"
-}
-
-# func_cygming_ms_implib_p ARG
-# This predicate returns with zero status (TRUE) if
-# ARG is an MS-style import library. Returns
-# with nonzero status (FALSE) otherwise.
-func_cygming_ms_implib_p ()
-{
- $debug_cmd
-
- func_to_tool_file "$1" func_convert_file_msys_to_w32
- func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'`
- test -n "$func_cygming_ms_implib_tmp"
-}
-
-# func_win32_libid arg
-# return the library type of file 'arg'
-#
-# Need a lot of goo to handle *both* DLLs and import libs
-# Has to be a shell function in order to 'eat' the argument
-# that is supplied when $file_magic_command is called.
-# Despite the name, also deal with 64 bit binaries.
-func_win32_libid ()
-{
- $debug_cmd
-
- win32_libid_type=unknown
- win32_fileres=`file -L $1 2>/dev/null`
- case $win32_fileres in
- *ar\ archive\ import\ library*) # definitely import
- win32_libid_type="x86 archive import"
- ;;
- *ar\ archive*) # could be an import, or static
- # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD.
- if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null |
- $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then
- case $nm_interface in
- "MS dumpbin")
- if func_cygming_ms_implib_p "$1" ||
- func_cygming_gnu_implib_p "$1"
- then
- win32_nmres=import
- else
- win32_nmres=
- fi
- ;;
- *)
- func_to_tool_file "$1" func_convert_file_msys_to_w32
- win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" |
- $SED -n -e '
- 1,100{
- / I /{
- s|.*|import|
- p
- q
- }
- }'`
- ;;
- esac
- case $win32_nmres in
- import*) win32_libid_type="x86 archive import";;
- *) win32_libid_type="x86 archive static";;
- esac
- fi
- ;;
- *DLL*)
- win32_libid_type="x86 DLL"
- ;;
- *executable*) # but shell scripts are "executable" too...
- case $win32_fileres in
- *MS\ Windows\ PE\ Intel*)
- win32_libid_type="x86 DLL"
- ;;
- esac
- ;;
- esac
- $ECHO "$win32_libid_type"
-}
-
-# func_cygming_dll_for_implib ARG
-#
-# Platform-specific function to extract the
-# name of the DLL associated with the specified
-# import library ARG.
-# Invoked by eval'ing the libtool variable
-# $sharedlib_from_linklib_cmd
-# Result is available in the variable
-# $sharedlib_from_linklib_result
-func_cygming_dll_for_implib ()
-{
- $debug_cmd
-
- sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"`
-}
-
-# func_cygming_dll_for_implib_fallback_core SECTION_NAME LIBNAMEs
-#
-# The is the core of a fallback implementation of a
-# platform-specific function to extract the name of the
-# DLL associated with the specified import library LIBNAME.
-#
-# SECTION_NAME is either .idata$6 or .idata$7, depending
-# on the platform and compiler that created the implib.
-#
-# Echos the name of the DLL associated with the
-# specified import library.
-func_cygming_dll_for_implib_fallback_core ()
-{
- $debug_cmd
-
- match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"`
- $OBJDUMP -s --section "$1" "$2" 2>/dev/null |
- $SED '/^Contents of section '"$match_literal"':/{
- # Place marker at beginning of archive member dllname section
- s/.*/====MARK====/
- p
- d
- }
- # These lines can sometimes be longer than 43 characters, but
- # are always uninteresting
- /:[ ]*file format pe[i]\{,1\}-/d
- /^In archive [^:]*:/d
- # Ensure marker is printed
- /^====MARK====/p
- # Remove all lines with less than 43 characters
- /^.\{43\}/!d
- # From remaining lines, remove first 43 characters
- s/^.\{43\}//' |
- $SED -n '
- # Join marker and all lines until next marker into a single line
- /^====MARK====/ b para
- H
- $ b para
- b
- :para
- x
- s/\n//g
- # Remove the marker
- s/^====MARK====//
- # Remove trailing dots and whitespace
- s/[\. \t]*$//
- # Print
- /./p' |
- # we now have a list, one entry per line, of the stringified
- # contents of the appropriate section of all members of the
- # archive that possess that section. Heuristic: eliminate
- # all those that have a first or second character that is
- # a '.' (that is, objdump's representation of an unprintable
- # character.) This should work for all archives with less than
- # 0x302f exports -- but will fail for DLLs whose name actually
- # begins with a literal '.' or a single character followed by
- # a '.'.
- #
- # Of those that remain, print the first one.
- $SED -e '/^\./d;/^.\./d;q'
-}
-
-# func_cygming_dll_for_implib_fallback ARG
-# Platform-specific function to extract the
-# name of the DLL associated with the specified
-# import library ARG.
-#
-# This fallback implementation is for use when $DLLTOOL
-# does not support the --identify-strict option.
-# Invoked by eval'ing the libtool variable
-# $sharedlib_from_linklib_cmd
-# Result is available in the variable
-# $sharedlib_from_linklib_result
-func_cygming_dll_for_implib_fallback ()
-{
- $debug_cmd
-
- if func_cygming_gnu_implib_p "$1"; then
- # binutils import library
- sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"`
- elif func_cygming_ms_implib_p "$1"; then
- # ms-generated import library
- sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"`
- else
- # unknown
- sharedlib_from_linklib_result=
- fi
-}
-
-
-# func_extract_an_archive dir oldlib
-func_extract_an_archive ()
-{
- $debug_cmd
-
- f_ex_an_ar_dir=$1; shift
- f_ex_an_ar_oldlib=$1
- if test yes = "$lock_old_archive_extraction"; then
- lockfile=$f_ex_an_ar_oldlib.lock
- until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do
- func_echo "Waiting for $lockfile to be removed"
- sleep 2
- done
- fi
- func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \
- 'stat=$?; rm -f "$lockfile"; exit $stat'
- if test yes = "$lock_old_archive_extraction"; then
- $opt_dry_run || rm -f "$lockfile"
- fi
- if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
- :
- else
- func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib"
- fi
-}
-
-
-# func_extract_archives gentop oldlib ...
-func_extract_archives ()
-{
- $debug_cmd
-
- my_gentop=$1; shift
- my_oldlibs=${1+"$@"}
- my_oldobjs=
- my_xlib=
- my_xabs=
- my_xdir=
-
- for my_xlib in $my_oldlibs; do
- # Extract the objects.
- case $my_xlib in
- [\\/]* | [A-Za-z]:[\\/]*) my_xabs=$my_xlib ;;
- *) my_xabs=`pwd`"/$my_xlib" ;;
- esac
- func_basename "$my_xlib"
- my_xlib=$func_basename_result
- my_xlib_u=$my_xlib
- while :; do
- case " $extracted_archives " in
- *" $my_xlib_u "*)
- func_arith $extracted_serial + 1
- extracted_serial=$func_arith_result
- my_xlib_u=lt$extracted_serial-$my_xlib ;;
- *) break ;;
- esac
- done
- extracted_archives="$extracted_archives $my_xlib_u"
- my_xdir=$my_gentop/$my_xlib_u
-
- func_mkdir_p "$my_xdir"
-
- case $host in
- *-darwin*)
- func_verbose "Extracting $my_xabs"
- # Do not bother doing anything if just a dry run
- $opt_dry_run || {
- darwin_orig_dir=`pwd`
- cd $my_xdir || exit $?
- darwin_archive=$my_xabs
- darwin_curdir=`pwd`
- func_basename "$darwin_archive"
- darwin_base_archive=$func_basename_result
- darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true`
- if test -n "$darwin_arches"; then
- darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'`
- darwin_arch=
- func_verbose "$darwin_base_archive has multiple architectures $darwin_arches"
- for darwin_arch in $darwin_arches; do
- func_mkdir_p "unfat-$$/$darwin_base_archive-$darwin_arch"
- $LIPO -thin $darwin_arch -output "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" "$darwin_archive"
- cd "unfat-$$/$darwin_base_archive-$darwin_arch"
- func_extract_an_archive "`pwd`" "$darwin_base_archive"
- cd "$darwin_curdir"
- $RM "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive"
- done # $darwin_arches
- ## Okay now we've a bunch of thin objects, gotta fatten them up :)
- darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$sed_basename" | sort -u`
- darwin_file=
- darwin_files=
- for darwin_file in $darwin_filelist; do
- darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP`
- $LIPO -create -output "$darwin_file" $darwin_files
- done # $darwin_filelist
- $RM -rf unfat-$$
- cd "$darwin_orig_dir"
- else
- cd $darwin_orig_dir
- func_extract_an_archive "$my_xdir" "$my_xabs"
- fi # $darwin_arches
- } # !$opt_dry_run
- ;;
- *)
- func_extract_an_archive "$my_xdir" "$my_xabs"
- ;;
- esac
- my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP`
- done
-
- func_extract_archives_result=$my_oldobjs
-}
-
-
-# func_emit_wrapper [arg=no]
-#
-# Emit a libtool wrapper script on stdout.
-# Don't directly open a file because we may want to
-# incorporate the script contents within a cygwin/mingw
-# wrapper executable. Must ONLY be called from within
-# func_mode_link because it depends on a number of variables
-# set therein.
-#
-# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR
-# variable will take. If 'yes', then the emitted script
-# will assume that the directory where it is stored is
-# the $objdir directory. This is a cygwin/mingw-specific
-# behavior.
-func_emit_wrapper ()
-{
- func_emit_wrapper_arg1=${1-no}
-
- $ECHO "\
-#! $SHELL
-
-# $output - temporary wrapper script for $objdir/$outputname
-# Generated by $PROGRAM (GNU $PACKAGE) $VERSION
-#
-# The $output program cannot be directly executed until all the libtool
-# libraries that it depends on are installed.
-#
-# This wrapper script should never be moved out of the build directory.
-# If it is, it will not operate correctly.
-
-# Sed substitution that helps us do robust quoting. It backslashifies
-# metacharacters that are still active within double-quoted strings.
-sed_quote_subst='$sed_quote_subst'
-
-# Be Bourne compatible
-if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then
- emulate sh
- NULLCMD=:
- # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '\${1+\"\$@\"}'='\"\$@\"'
- setopt NO_GLOB_SUBST
-else
- case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac
-fi
-BIN_SH=xpg4; export BIN_SH # for Tru64
-DUALCASE=1; export DUALCASE # for MKS sh
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-relink_command=\"$relink_command\"
-
-# This environment variable determines our operation mode.
-if test \"\$libtool_install_magic\" = \"$magic\"; then
- # install mode needs the following variables:
- generated_by_libtool_version='$macro_version'
- notinst_deplibs='$notinst_deplibs'
-else
- # When we are sourced in execute mode, \$file and \$ECHO are already set.
- if test \"\$libtool_execute_magic\" != \"$magic\"; then
- file=\"\$0\""
-
- qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"`
- $ECHO "\
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
- eval 'cat <<_LTECHO_EOF
-\$1
-_LTECHO_EOF'
-}
- ECHO=\"$qECHO\"
- fi
-
-# Very basic option parsing. These options are (a) specific to
-# the libtool wrapper, (b) are identical between the wrapper
-# /script/ and the wrapper /executable/ that is used only on
-# windows platforms, and (c) all begin with the string "--lt-"
-# (application programs are unlikely to have options that match
-# this pattern).
-#
-# There are only two supported options: --lt-debug and
-# --lt-dump-script. There is, deliberately, no --lt-help.
-#
-# The first argument to this parsing function should be the
-# script's $0 value, followed by "$@".
-lt_option_debug=
-func_parse_lt_options ()
-{
- lt_script_arg0=\$0
- shift
- for lt_opt
- do
- case \"\$lt_opt\" in
- --lt-debug) lt_option_debug=1 ;;
- --lt-dump-script)
- lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\`
- test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=.
- lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\`
- cat \"\$lt_dump_D/\$lt_dump_F\"
- exit 0
- ;;
- --lt-*)
- \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2
- exit 1
- ;;
- esac
- done
-
- # Print the debug banner immediately:
- if test -n \"\$lt_option_debug\"; then
- echo \"$outputname:$output:\$LINENO: libtool wrapper (GNU $PACKAGE) $VERSION\" 1>&2
- fi
-}
-
-# Used when --lt-debug. Prints its arguments to stdout
-# (redirection is the responsibility of the caller)
-func_lt_dump_args ()
-{
- lt_dump_args_N=1;
- for lt_arg
- do
- \$ECHO \"$outputname:$output:\$LINENO: newargv[\$lt_dump_args_N]: \$lt_arg\"
- lt_dump_args_N=\`expr \$lt_dump_args_N + 1\`
- done
-}
-
-# Core function for launching the target application
-func_exec_program_core ()
-{
-"
- case $host in
- # Backslashes separate directories on plain windows
- *-*-mingw | *-*-os2* | *-cegcc*)
- $ECHO "\
- if test -n \"\$lt_option_debug\"; then
- \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir\\\\\$program\" 1>&2
- func_lt_dump_args \${1+\"\$@\"} 1>&2
- fi
- exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
-"
- ;;
-
- *)
- $ECHO "\
- if test -n \"\$lt_option_debug\"; then
- \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir/\$program\" 1>&2
- func_lt_dump_args \${1+\"\$@\"} 1>&2
- fi
- exec \"\$progdir/\$program\" \${1+\"\$@\"}
-"
- ;;
- esac
- $ECHO "\
- \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2
- exit 1
-}
-
-# A function to encapsulate launching the target application
-# Strips options in the --lt-* namespace from \$@ and
-# launches target application with the remaining arguments.
-func_exec_program ()
-{
- case \" \$* \" in
- *\\ --lt-*)
- for lt_wr_arg
- do
- case \$lt_wr_arg in
- --lt-*) ;;
- *) set x \"\$@\" \"\$lt_wr_arg\"; shift;;
- esac
- shift
- done ;;
- esac
- func_exec_program_core \${1+\"\$@\"}
-}
-
- # Parse options
- func_parse_lt_options \"\$0\" \${1+\"\$@\"}
-
- # Find the directory that this script lives in.
- thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\`
- test \"x\$thisdir\" = \"x\$file\" && thisdir=.
-
- # Follow symbolic links until we get to the real thisdir.
- file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\`
- while test -n \"\$file\"; do
- destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\`
-
- # If there was a directory component, then change thisdir.
- if test \"x\$destdir\" != \"x\$file\"; then
- case \"\$destdir\" in
- [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;;
- *) thisdir=\"\$thisdir/\$destdir\" ;;
- esac
- fi
-
- file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\`
- file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\`
- done
-
- # Usually 'no', except on cygwin/mingw when embedded into
- # the cwrapper.
- WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1
- if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then
- # special case for '.'
- if test \"\$thisdir\" = \".\"; then
- thisdir=\`pwd\`
- fi
- # remove .libs from thisdir
- case \"\$thisdir\" in
- *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;;
- $objdir ) thisdir=. ;;
- esac
- fi
-
- # Try to get the absolute directory name.
- absdir=\`cd \"\$thisdir\" && pwd\`
- test -n \"\$absdir\" && thisdir=\"\$absdir\"
-"
-
- if test yes = "$fast_install"; then
- $ECHO "\
- program=lt-'$outputname'$exeext
- progdir=\"\$thisdir/$objdir\"
-
- if test ! -f \"\$progdir/\$program\" ||
- { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | $SED 1q\`; \\
- test \"X\$file\" != \"X\$progdir/\$program\"; }; then
-
- file=\"\$\$-\$program\"
-
- if test ! -d \"\$progdir\"; then
- $MKDIR \"\$progdir\"
- else
- $RM \"\$progdir/\$file\"
- fi"
-
- $ECHO "\
-
- # relink executable if necessary
- if test -n \"\$relink_command\"; then
- if relink_command_output=\`eval \$relink_command 2>&1\`; then :
- else
- \$ECHO \"\$relink_command_output\" >&2
- $RM \"\$progdir/\$file\"
- exit 1
- fi
- fi
-
- $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null ||
- { $RM \"\$progdir/\$program\";
- $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; }
- $RM \"\$progdir/\$file\"
- fi"
- else
- $ECHO "\
- program='$outputname'
- progdir=\"\$thisdir/$objdir\"
-"
- fi
-
- $ECHO "\
-
- if test -f \"\$progdir/\$program\"; then"
-
- # fixup the dll searchpath if we need to.
- #
- # Fix the DLL searchpath if we need to. Do this before prepending
- # to shlibpath, because on Windows, both are PATH and uninstalled
- # libraries must come first.
- if test -n "$dllsearchpath"; then
- $ECHO "\
- # Add the dll search path components to the executable PATH
- PATH=$dllsearchpath:\$PATH
-"
- fi
-
- # Export our shlibpath_var if we have one.
- if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
- $ECHO "\
- # Add our own library path to $shlibpath_var
- $shlibpath_var=\"$temp_rpath\$$shlibpath_var\"
-
- # Some systems cannot cope with colon-terminated $shlibpath_var
- # The second colon is a workaround for a bug in BeOS R4 sed
- $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\`
-
- export $shlibpath_var
-"
- fi
-
- $ECHO "\
- if test \"\$libtool_execute_magic\" != \"$magic\"; then
- # Run the actual program with our arguments.
- func_exec_program \${1+\"\$@\"}
- fi
- else
- # The program doesn't exist.
- \$ECHO \"\$0: error: '\$progdir/\$program' does not exist\" 1>&2
- \$ECHO \"This script is just a wrapper for \$program.\" 1>&2
- \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2
- exit 1
- fi
-fi\
-"
-}
-
-
-# func_emit_cwrapperexe_src
-# emit the source code for a wrapper executable on stdout
-# Must ONLY be called from within func_mode_link because
-# it depends on a number of variable set therein.
-func_emit_cwrapperexe_src ()
-{
- cat <<EOF
-
-/* $cwrappersource - temporary wrapper executable for $objdir/$outputname
- Generated by $PROGRAM (GNU $PACKAGE) $VERSION
-
- The $output program cannot be directly executed until all the libtool
- libraries that it depends on are installed.
-
- This wrapper executable should never be moved out of the build directory.
- If it is, it will not operate correctly.
-*/
-EOF
- cat <<"EOF"
-#ifdef _MSC_VER
-# define _CRT_SECURE_NO_DEPRECATE 1
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#ifdef _MSC_VER
-# include <direct.h>
-# include <process.h>
-# include <io.h>
-#else
-# include <unistd.h>
-# include <stdint.h>
-# ifdef __CYGWIN__
-# include <io.h>
-# endif
-#endif
-#include <malloc.h>
-#include <stdarg.h>
-#include <assert.h>
-#include <string.h>
-#include <ctype.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-
-#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0)
-
-/* declarations of non-ANSI functions */
-#if defined __MINGW32__
-# ifdef __STRICT_ANSI__
-int _putenv (const char *);
-# endif
-#elif defined __CYGWIN__
-# ifdef __STRICT_ANSI__
-char *realpath (const char *, char *);
-int putenv (char *);
-int setenv (const char *, const char *, int);
-# endif
-/* #elif defined other_platform || defined ... */
-#endif
-
-/* portability defines, excluding path handling macros */
-#if defined _MSC_VER
-# define setmode _setmode
-# define stat _stat
-# define chmod _chmod
-# define getcwd _getcwd
-# define putenv _putenv
-# define S_IXUSR _S_IEXEC
-#elif defined __MINGW32__
-# define setmode _setmode
-# define stat _stat
-# define chmod _chmod
-# define getcwd _getcwd
-# define putenv _putenv
-#elif defined __CYGWIN__
-# define HAVE_SETENV
-# define FOPEN_WB "wb"
-/* #elif defined other platforms ... */
-#endif
-
-#if defined PATH_MAX
-# define LT_PATHMAX PATH_MAX
-#elif defined MAXPATHLEN
-# define LT_PATHMAX MAXPATHLEN
-#else
-# define LT_PATHMAX 1024
-#endif
-
-#ifndef S_IXOTH
-# define S_IXOTH 0
-#endif
-#ifndef S_IXGRP
-# define S_IXGRP 0
-#endif
-
-/* path handling portability macros */
-#ifndef DIR_SEPARATOR
-# define DIR_SEPARATOR '/'
-# define PATH_SEPARATOR ':'
-#endif
-
-#if defined _WIN32 || defined __MSDOS__ || defined __DJGPP__ || \
- defined __OS2__
-# define HAVE_DOS_BASED_FILE_SYSTEM
-# define FOPEN_WB "wb"
-# ifndef DIR_SEPARATOR_2
-# define DIR_SEPARATOR_2 '\\'
-# endif
-# ifndef PATH_SEPARATOR_2
-# define PATH_SEPARATOR_2 ';'
-# endif
-#endif
-
-#ifndef DIR_SEPARATOR_2
-# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR)
-#else /* DIR_SEPARATOR_2 */
-# define IS_DIR_SEPARATOR(ch) \
- (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2))
-#endif /* DIR_SEPARATOR_2 */
-
-#ifndef PATH_SEPARATOR_2
-# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR)
-#else /* PATH_SEPARATOR_2 */
-# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2)
-#endif /* PATH_SEPARATOR_2 */
-
-#ifndef FOPEN_WB
-# define FOPEN_WB "w"
-#endif
-#ifndef _O_BINARY
-# define _O_BINARY 0
-#endif
-
-#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type)))
-#define XFREE(stale) do { \
- if (stale) { free (stale); stale = 0; } \
-} while (0)
-
-#if defined LT_DEBUGWRAPPER
-static int lt_debug = 1;
-#else
-static int lt_debug = 0;
-#endif
-
-const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */
-
-void *xmalloc (size_t num);
-char *xstrdup (const char *string);
-const char *base_name (const char *name);
-char *find_executable (const char *wrapper);
-char *chase_symlinks (const char *pathspec);
-int make_executable (const char *path);
-int check_executable (const char *path);
-char *strendzap (char *str, const char *pat);
-void lt_debugprintf (const char *file, int line, const char *fmt, ...);
-void lt_fatal (const char *file, int line, const char *message, ...);
-static const char *nonnull (const char *s);
-static const char *nonempty (const char *s);
-void lt_setenv (const char *name, const char *value);
-char *lt_extend_str (const char *orig_value, const char *add, int to_end);
-void lt_update_exe_path (const char *name, const char *value);
-void lt_update_lib_path (const char *name, const char *value);
-char **prepare_spawn (char **argv);
-void lt_dump_script (FILE *f);
-EOF
-
- cat <<EOF
-#if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 5)
-# define externally_visible volatile
-#else
-# define externally_visible __attribute__((externally_visible)) volatile
-#endif
-externally_visible const char * MAGIC_EXE = "$magic_exe";
-const char * LIB_PATH_VARNAME = "$shlibpath_var";
-EOF
-
- if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
- func_to_host_path "$temp_rpath"
- cat <<EOF
-const char * LIB_PATH_VALUE = "$func_to_host_path_result";
-EOF
- else
- cat <<"EOF"
-const char * LIB_PATH_VALUE = "";
-EOF
- fi
-
- if test -n "$dllsearchpath"; then
- func_to_host_path "$dllsearchpath:"
- cat <<EOF
-const char * EXE_PATH_VARNAME = "PATH";
-const char * EXE_PATH_VALUE = "$func_to_host_path_result";
-EOF
- else
- cat <<"EOF"
-const char * EXE_PATH_VARNAME = "";
-const char * EXE_PATH_VALUE = "";
-EOF
- fi
-
- if test yes = "$fast_install"; then
- cat <<EOF
-const char * TARGET_PROGRAM_NAME = "lt-$outputname"; /* hopefully, no .exe */
-EOF
- else
- cat <<EOF
-const char * TARGET_PROGRAM_NAME = "$outputname"; /* hopefully, no .exe */
-EOF
- fi
-
-
- cat <<"EOF"
-
-#define LTWRAPPER_OPTION_PREFIX "--lt-"
-
-static const char *ltwrapper_option_prefix = LTWRAPPER_OPTION_PREFIX;
-static const char *dumpscript_opt = LTWRAPPER_OPTION_PREFIX "dump-script";
-static const char *debug_opt = LTWRAPPER_OPTION_PREFIX "debug";
-
-int
-main (int argc, char *argv[])
-{
- char **newargz;
- int newargc;
- char *tmp_pathspec;
- char *actual_cwrapper_path;
- char *actual_cwrapper_name;
- char *target_name;
- char *lt_argv_zero;
- int rval = 127;
-
- int i;
-
- program_name = (char *) xstrdup (base_name (argv[0]));
- newargz = XMALLOC (char *, (size_t) argc + 1);
-
- /* very simple arg parsing; don't want to rely on getopt
- * also, copy all non cwrapper options to newargz, except
- * argz[0], which is handled differently
- */
- newargc=0;
- for (i = 1; i < argc; i++)
- {
- if (STREQ (argv[i], dumpscript_opt))
- {
-EOF
- case $host in
- *mingw* | *cygwin* )
- # make stdout use "unix" line endings
- echo " setmode(1,_O_BINARY);"
- ;;
- esac
-
- cat <<"EOF"
- lt_dump_script (stdout);
- return 0;
- }
- if (STREQ (argv[i], debug_opt))
- {
- lt_debug = 1;
- continue;
- }
- if (STREQ (argv[i], ltwrapper_option_prefix))
- {
- /* however, if there is an option in the LTWRAPPER_OPTION_PREFIX
- namespace, but it is not one of the ones we know about and
- have already dealt with, above (inluding dump-script), then
- report an error. Otherwise, targets might begin to believe
- they are allowed to use options in the LTWRAPPER_OPTION_PREFIX
- namespace. The first time any user complains about this, we'll
- need to make LTWRAPPER_OPTION_PREFIX a configure-time option
- or a configure.ac-settable value.
- */
- lt_fatal (__FILE__, __LINE__,
- "unrecognized %s option: '%s'",
- ltwrapper_option_prefix, argv[i]);
- }
- /* otherwise ... */
- newargz[++newargc] = xstrdup (argv[i]);
- }
- newargz[++newargc] = NULL;
-
-EOF
- cat <<EOF
- /* The GNU banner must be the first non-error debug message */
- lt_debugprintf (__FILE__, __LINE__, "libtool wrapper (GNU $PACKAGE) $VERSION\n");
-EOF
- cat <<"EOF"
- lt_debugprintf (__FILE__, __LINE__, "(main) argv[0]: %s\n", argv[0]);
- lt_debugprintf (__FILE__, __LINE__, "(main) program_name: %s\n", program_name);
-
- tmp_pathspec = find_executable (argv[0]);
- if (tmp_pathspec == NULL)
- lt_fatal (__FILE__, __LINE__, "couldn't find %s", argv[0]);
- lt_debugprintf (__FILE__, __LINE__,
- "(main) found exe (before symlink chase) at: %s\n",
- tmp_pathspec);
-
- actual_cwrapper_path = chase_symlinks (tmp_pathspec);
- lt_debugprintf (__FILE__, __LINE__,
- "(main) found exe (after symlink chase) at: %s\n",
- actual_cwrapper_path);
- XFREE (tmp_pathspec);
-
- actual_cwrapper_name = xstrdup (base_name (actual_cwrapper_path));
- strendzap (actual_cwrapper_path, actual_cwrapper_name);
-
- /* wrapper name transforms */
- strendzap (actual_cwrapper_name, ".exe");
- tmp_pathspec = lt_extend_str (actual_cwrapper_name, ".exe", 1);
- XFREE (actual_cwrapper_name);
- actual_cwrapper_name = tmp_pathspec;
- tmp_pathspec = 0;
-
- /* target_name transforms -- use actual target program name; might have lt- prefix */
- target_name = xstrdup (base_name (TARGET_PROGRAM_NAME));
- strendzap (target_name, ".exe");
- tmp_pathspec = lt_extend_str (target_name, ".exe", 1);
- XFREE (target_name);
- target_name = tmp_pathspec;
- tmp_pathspec = 0;
-
- lt_debugprintf (__FILE__, __LINE__,
- "(main) libtool target name: %s\n",
- target_name);
-EOF
-
- cat <<EOF
- newargz[0] =
- XMALLOC (char, (strlen (actual_cwrapper_path) +
- strlen ("$objdir") + 1 + strlen (actual_cwrapper_name) + 1));
- strcpy (newargz[0], actual_cwrapper_path);
- strcat (newargz[0], "$objdir");
- strcat (newargz[0], "/");
-EOF
-
- cat <<"EOF"
- /* stop here, and copy so we don't have to do this twice */
- tmp_pathspec = xstrdup (newargz[0]);
-
- /* do NOT want the lt- prefix here, so use actual_cwrapper_name */
- strcat (newargz[0], actual_cwrapper_name);
-
- /* DO want the lt- prefix here if it exists, so use target_name */
- lt_argv_zero = lt_extend_str (tmp_pathspec, target_name, 1);
- XFREE (tmp_pathspec);
- tmp_pathspec = NULL;
-EOF
-
- case $host_os in
- mingw*)
- cat <<"EOF"
- {
- char* p;
- while ((p = strchr (newargz[0], '\\')) != NULL)
- {
- *p = '/';
- }
- while ((p = strchr (lt_argv_zero, '\\')) != NULL)
- {
- *p = '/';
- }
- }
-EOF
- ;;
- esac
-
- cat <<"EOF"
- XFREE (target_name);
- XFREE (actual_cwrapper_path);
- XFREE (actual_cwrapper_name);
-
- lt_setenv ("BIN_SH", "xpg4"); /* for Tru64 */
- lt_setenv ("DUALCASE", "1"); /* for MSK sh */
- /* Update the DLL searchpath. EXE_PATH_VALUE ($dllsearchpath) must
- be prepended before (that is, appear after) LIB_PATH_VALUE ($temp_rpath)
- because on Windows, both *_VARNAMEs are PATH but uninstalled
- libraries must come first. */
- lt_update_exe_path (EXE_PATH_VARNAME, EXE_PATH_VALUE);
- lt_update_lib_path (LIB_PATH_VARNAME, LIB_PATH_VALUE);
-
- lt_debugprintf (__FILE__, __LINE__, "(main) lt_argv_zero: %s\n",
- nonnull (lt_argv_zero));
- for (i = 0; i < newargc; i++)
- {
- lt_debugprintf (__FILE__, __LINE__, "(main) newargz[%d]: %s\n",
- i, nonnull (newargz[i]));
- }
-
-EOF
-
- case $host_os in
- mingw*)
- cat <<"EOF"
- /* execv doesn't actually work on mingw as expected on unix */
- newargz = prepare_spawn (newargz);
- rval = (int) _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz);
- if (rval == -1)
- {
- /* failed to start process */
- lt_debugprintf (__FILE__, __LINE__,
- "(main) failed to launch target \"%s\": %s\n",
- lt_argv_zero, nonnull (strerror (errno)));
- return 127;
- }
- return rval;
-EOF
- ;;
- *)
- cat <<"EOF"
- execv (lt_argv_zero, newargz);
- return rval; /* =127, but avoids unused variable warning */
-EOF
- ;;
- esac
-
- cat <<"EOF"
-}
-
-void *
-xmalloc (size_t num)
-{
- void *p = (void *) malloc (num);
- if (!p)
- lt_fatal (__FILE__, __LINE__, "memory exhausted");
-
- return p;
-}
-
-char *
-xstrdup (const char *string)
-{
- return string ? strcpy ((char *) xmalloc (strlen (string) + 1),
- string) : NULL;
-}
-
-const char *
-base_name (const char *name)
-{
- const char *base;
-
-#if defined HAVE_DOS_BASED_FILE_SYSTEM
- /* Skip over the disk name in MSDOS pathnames. */
- if (isalpha ((unsigned char) name[0]) && name[1] == ':')
- name += 2;
-#endif
-
- for (base = name; *name; name++)
- if (IS_DIR_SEPARATOR (*name))
- base = name + 1;
- return base;
-}
-
-int
-check_executable (const char *path)
-{
- struct stat st;
-
- lt_debugprintf (__FILE__, __LINE__, "(check_executable): %s\n",
- nonempty (path));
- if ((!path) || (!*path))
- return 0;
-
- if ((stat (path, &st) >= 0)
- && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)))
- return 1;
- else
- return 0;
-}
-
-int
-make_executable (const char *path)
-{
- int rval = 0;
- struct stat st;
-
- lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n",
- nonempty (path));
- if ((!path) || (!*path))
- return 0;
-
- if (stat (path, &st) >= 0)
- {
- rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR);
- }
- return rval;
-}
-
-/* Searches for the full path of the wrapper. Returns
- newly allocated full path name if found, NULL otherwise
- Does not chase symlinks, even on platforms that support them.
-*/
-char *
-find_executable (const char *wrapper)
-{
- int has_slash = 0;
- const char *p;
- const char *p_next;
- /* static buffer for getcwd */
- char tmp[LT_PATHMAX + 1];
- size_t tmp_len;
- char *concat_name;
-
- lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n",
- nonempty (wrapper));
-
- if ((wrapper == NULL) || (*wrapper == '\0'))
- return NULL;
-
- /* Absolute path? */
-#if defined HAVE_DOS_BASED_FILE_SYSTEM
- if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':')
- {
- concat_name = xstrdup (wrapper);
- if (check_executable (concat_name))
- return concat_name;
- XFREE (concat_name);
- }
- else
- {
-#endif
- if (IS_DIR_SEPARATOR (wrapper[0]))
- {
- concat_name = xstrdup (wrapper);
- if (check_executable (concat_name))
- return concat_name;
- XFREE (concat_name);
- }
-#if defined HAVE_DOS_BASED_FILE_SYSTEM
- }
-#endif
-
- for (p = wrapper; *p; p++)
- if (*p == '/')
- {
- has_slash = 1;
- break;
- }
- if (!has_slash)
- {
- /* no slashes; search PATH */
- const char *path = getenv ("PATH");
- if (path != NULL)
- {
- for (p = path; *p; p = p_next)
- {
- const char *q;
- size_t p_len;
- for (q = p; *q; q++)
- if (IS_PATH_SEPARATOR (*q))
- break;
- p_len = (size_t) (q - p);
- p_next = (*q == '\0' ? q : q + 1);
- if (p_len == 0)
- {
- /* empty path: current directory */
- if (getcwd (tmp, LT_PATHMAX) == NULL)
- lt_fatal (__FILE__, __LINE__, "getcwd failed: %s",
- nonnull (strerror (errno)));
- tmp_len = strlen (tmp);
- concat_name =
- XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
- memcpy (concat_name, tmp, tmp_len);
- concat_name[tmp_len] = '/';
- strcpy (concat_name + tmp_len + 1, wrapper);
- }
- else
- {
- concat_name =
- XMALLOC (char, p_len + 1 + strlen (wrapper) + 1);
- memcpy (concat_name, p, p_len);
- concat_name[p_len] = '/';
- strcpy (concat_name + p_len + 1, wrapper);
- }
- if (check_executable (concat_name))
- return concat_name;
- XFREE (concat_name);
- }
- }
- /* not found in PATH; assume curdir */
- }
- /* Relative path | not found in path: prepend cwd */
- if (getcwd (tmp, LT_PATHMAX) == NULL)
- lt_fatal (__FILE__, __LINE__, "getcwd failed: %s",
- nonnull (strerror (errno)));
- tmp_len = strlen (tmp);
- concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
- memcpy (concat_name, tmp, tmp_len);
- concat_name[tmp_len] = '/';
- strcpy (concat_name + tmp_len + 1, wrapper);
-
- if (check_executable (concat_name))
- return concat_name;
- XFREE (concat_name);
- return NULL;
-}
-
-char *
-chase_symlinks (const char *pathspec)
-{
-#ifndef S_ISLNK
- return xstrdup (pathspec);
-#else
- char buf[LT_PATHMAX];
- struct stat s;
- char *tmp_pathspec = xstrdup (pathspec);
- char *p;
- int has_symlinks = 0;
- while (strlen (tmp_pathspec) && !has_symlinks)
- {
- lt_debugprintf (__FILE__, __LINE__,
- "checking path component for symlinks: %s\n",
- tmp_pathspec);
- if (lstat (tmp_pathspec, &s) == 0)
- {
- if (S_ISLNK (s.st_mode) != 0)
- {
- has_symlinks = 1;
- break;
- }
-
- /* search backwards for last DIR_SEPARATOR */
- p = tmp_pathspec + strlen (tmp_pathspec) - 1;
- while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
- p--;
- if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
- {
- /* no more DIR_SEPARATORS left */
- break;
- }
- *p = '\0';
- }
- else
- {
- lt_fatal (__FILE__, __LINE__,
- "error accessing file \"%s\": %s",
- tmp_pathspec, nonnull (strerror (errno)));
- }
- }
- XFREE (tmp_pathspec);
-
- if (!has_symlinks)
- {
- return xstrdup (pathspec);
- }
-
- tmp_pathspec = realpath (pathspec, buf);
- if (tmp_pathspec == 0)
- {
- lt_fatal (__FILE__, __LINE__,
- "could not follow symlinks for %s", pathspec);
- }
- return xstrdup (tmp_pathspec);
-#endif
-}
-
-char *
-strendzap (char *str, const char *pat)
-{
- size_t len, patlen;
-
- assert (str != NULL);
- assert (pat != NULL);
-
- len = strlen (str);
- patlen = strlen (pat);
-
- if (patlen <= len)
- {
- str += len - patlen;
- if (STREQ (str, pat))
- *str = '\0';
- }
- return str;
-}
-
-void
-lt_debugprintf (const char *file, int line, const char *fmt, ...)
-{
- va_list args;
- if (lt_debug)
- {
- (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line);
- va_start (args, fmt);
- (void) vfprintf (stderr, fmt, args);
- va_end (args);
- }
-}
-
-static void
-lt_error_core (int exit_status, const char *file,
- int line, const char *mode,
- const char *message, va_list ap)
-{
- fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode);
- vfprintf (stderr, message, ap);
- fprintf (stderr, ".\n");
-
- if (exit_status >= 0)
- exit (exit_status);
-}
-
-void
-lt_fatal (const char *file, int line, const char *message, ...)
-{
- va_list ap;
- va_start (ap, message);
- lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap);
- va_end (ap);
-}
-
-static const char *
-nonnull (const char *s)
-{
- return s ? s : "(null)";
-}
-
-static const char *
-nonempty (const char *s)
-{
- return (s && !*s) ? "(empty)" : nonnull (s);
-}
-
-void
-lt_setenv (const char *name, const char *value)
-{
- lt_debugprintf (__FILE__, __LINE__,
- "(lt_setenv) setting '%s' to '%s'\n",
- nonnull (name), nonnull (value));
- {
-#ifdef HAVE_SETENV
- /* always make a copy, for consistency with !HAVE_SETENV */
- char *str = xstrdup (value);
- setenv (name, str, 1);
-#else
- size_t len = strlen (name) + 1 + strlen (value) + 1;
- char *str = XMALLOC (char, len);
- sprintf (str, "%s=%s", name, value);
- if (putenv (str) != EXIT_SUCCESS)
- {
- XFREE (str);
- }
-#endif
- }
-}
-
-char *
-lt_extend_str (const char *orig_value, const char *add, int to_end)
-{
- char *new_value;
- if (orig_value && *orig_value)
- {
- size_t orig_value_len = strlen (orig_value);
- size_t add_len = strlen (add);
- new_value = XMALLOC (char, add_len + orig_value_len + 1);
- if (to_end)
- {
- strcpy (new_value, orig_value);
- strcpy (new_value + orig_value_len, add);
- }
- else
- {
- strcpy (new_value, add);
- strcpy (new_value + add_len, orig_value);
- }
- }
- else
- {
- new_value = xstrdup (add);
- }
- return new_value;
-}
-
-void
-lt_update_exe_path (const char *name, const char *value)
-{
- lt_debugprintf (__FILE__, __LINE__,
- "(lt_update_exe_path) modifying '%s' by prepending '%s'\n",
- nonnull (name), nonnull (value));
-
- if (name && *name && value && *value)
- {
- char *new_value = lt_extend_str (getenv (name), value, 0);
- /* some systems can't cope with a ':'-terminated path #' */
- size_t len = strlen (new_value);
- while ((len > 0) && IS_PATH_SEPARATOR (new_value[len-1]))
- {
- new_value[--len] = '\0';
- }
- lt_setenv (name, new_value);
- XFREE (new_value);
- }
-}
-
-void
-lt_update_lib_path (const char *name, const char *value)
-{
- lt_debugprintf (__FILE__, __LINE__,
- "(lt_update_lib_path) modifying '%s' by prepending '%s'\n",
- nonnull (name), nonnull (value));
-
- if (name && *name && value && *value)
- {
- char *new_value = lt_extend_str (getenv (name), value, 0);
- lt_setenv (name, new_value);
- XFREE (new_value);
- }
-}
-
-EOF
- case $host_os in
- mingw*)
- cat <<"EOF"
-
-/* Prepares an argument vector before calling spawn().
- Note that spawn() does not by itself call the command interpreter
- (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") :
- ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
- GetVersionEx(&v);
- v.dwPlatformId == VER_PLATFORM_WIN32_NT;
- }) ? "cmd.exe" : "command.com").
- Instead it simply concatenates the arguments, separated by ' ', and calls
- CreateProcess(). We must quote the arguments since Win32 CreateProcess()
- interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a
- special way:
- - Space and tab are interpreted as delimiters. They are not treated as
- delimiters if they are surrounded by double quotes: "...".
- - Unescaped double quotes are removed from the input. Their only effect is
- that within double quotes, space and tab are treated like normal
- characters.
- - Backslashes not followed by double quotes are not special.
- - But 2*n+1 backslashes followed by a double quote become
- n backslashes followed by a double quote (n >= 0):
- \" -> "
- \\\" -> \"
- \\\\\" -> \\"
- */
-#define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037"
-#define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037"
-char **
-prepare_spawn (char **argv)
-{
- size_t argc;
- char **new_argv;
- size_t i;
-
- /* Count number of arguments. */
- for (argc = 0; argv[argc] != NULL; argc++)
- ;
-
- /* Allocate new argument vector. */
- new_argv = XMALLOC (char *, argc + 1);
-
- /* Put quoted arguments into the new argument vector. */
- for (i = 0; i < argc; i++)
- {
- const char *string = argv[i];
-
- if (string[0] == '\0')
- new_argv[i] = xstrdup ("\"\"");
- else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL)
- {
- int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL);
- size_t length;
- unsigned int backslashes;
- const char *s;
- char *quoted_string;
- char *p;
-
- length = 0;
- backslashes = 0;
- if (quote_around)
- length++;
- for (s = string; *s != '\0'; s++)
- {
- char c = *s;
- if (c == '"')
- length += backslashes + 1;
- length++;
- if (c == '\\')
- backslashes++;
- else
- backslashes = 0;
- }
- if (quote_around)
- length += backslashes + 1;
-
- quoted_string = XMALLOC (char, length + 1);
-
- p = quoted_string;
- backslashes = 0;
- if (quote_around)
- *p++ = '"';
- for (s = string; *s != '\0'; s++)
- {
- char c = *s;
- if (c == '"')
- {
- unsigned int j;
- for (j = backslashes + 1; j > 0; j--)
- *p++ = '\\';
- }
- *p++ = c;
- if (c == '\\')
- backslashes++;
- else
- backslashes = 0;
- }
- if (quote_around)
- {
- unsigned int j;
- for (j = backslashes; j > 0; j--)
- *p++ = '\\';
- *p++ = '"';
- }
- *p = '\0';
-
- new_argv[i] = quoted_string;
- }
- else
- new_argv[i] = (char *) string;
- }
- new_argv[argc] = NULL;
-
- return new_argv;
-}
-EOF
- ;;
- esac
-
- cat <<"EOF"
-void lt_dump_script (FILE* f)
-{
-EOF
- func_emit_wrapper yes |
- $SED -n -e '
-s/^\(.\{79\}\)\(..*\)/\1\
-\2/
-h
-s/\([\\"]\)/\\\1/g
-s/$/\\n/
-s/\([^\n]*\).*/ fputs ("\1", f);/p
-g
-D'
- cat <<"EOF"
-}
-EOF
-}
-# end: func_emit_cwrapperexe_src
-
-# func_win32_import_lib_p ARG
-# True if ARG is an import lib, as indicated by $file_magic_cmd
-func_win32_import_lib_p ()
-{
- $debug_cmd
-
- case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in
- *import*) : ;;
- *) false ;;
- esac
-}
-
-# func_suncc_cstd_abi
-# !!ONLY CALL THIS FOR SUN CC AFTER $compile_command IS FULLY EXPANDED!!
-# Several compiler flags select an ABI that is incompatible with the
-# Cstd library. Avoid specifying it if any are in CXXFLAGS.
-func_suncc_cstd_abi ()
-{
- $debug_cmd
-
- case " $compile_command " in
- *" -compat=g "*|*\ -std=c++[0-9][0-9]\ *|*" -library=stdcxx4 "*|*" -library=stlport4 "*)
- suncc_use_cstd_abi=no
- ;;
- *)
- suncc_use_cstd_abi=yes
- ;;
- esac
-}
-
-# func_mode_link arg...
-func_mode_link ()
-{
- $debug_cmd
-
- case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
- # It is impossible to link a dll without this setting, and
- # we shouldn't force the makefile maintainer to figure out
- # what system we are compiling for in order to pass an extra
- # flag for every libtool invocation.
- # allow_undefined=no
-
- # FIXME: Unfortunately, there are problems with the above when trying
- # to make a dll that has undefined symbols, in which case not
- # even a static library is built. For now, we need to specify
- # -no-undefined on the libtool link line when we can be certain
- # that all symbols are satisfied, otherwise we get a static library.
- allow_undefined=yes
- ;;
- *)
- allow_undefined=yes
- ;;
- esac
- libtool_args=$nonopt
- base_compile="$nonopt $@"
- compile_command=$nonopt
- finalize_command=$nonopt
-
- compile_rpath=
- finalize_rpath=
- compile_shlibpath=
- finalize_shlibpath=
- convenience=
- old_convenience=
- deplibs=
- old_deplibs=
- compiler_flags=
- linker_flags=
- dllsearchpath=
- lib_search_path=`pwd`
- inst_prefix_dir=
- new_inherited_linker_flags=
-
- avoid_version=no
- bindir=
- dlfiles=
- dlprefiles=
- dlself=no
- export_dynamic=no
- export_symbols=
- export_symbols_regex=
- generated=
- libobjs=
- ltlibs=
- module=no
- no_install=no
- objs=
- os2dllname=
- non_pic_objects=
- precious_files_regex=
- prefer_static_libs=no
- preload=false
- prev=
- prevarg=
- release=
- rpath=
- xrpath=
- perm_rpath=
- temp_rpath=
- thread_safe=no
- vinfo=
- vinfo_number=no
- weak_libs=
- single_module=$wl-single_module
- func_infer_tag $base_compile
-
- # We need to know -static, to get the right output filenames.
- for arg
- do
- case $arg in
- -shared)
- test yes != "$build_libtool_libs" \
- && func_fatal_configuration "cannot build a shared library"
- build_old_libs=no
- break
- ;;
- -all-static | -static | -static-libtool-libs)
- case $arg in
- -all-static)
- if test yes = "$build_libtool_libs" && test -z "$link_static_flag"; then
- func_warning "complete static linking is impossible in this configuration"
- fi
- if test -n "$link_static_flag"; then
- dlopen_self=$dlopen_self_static
- fi
- prefer_static_libs=yes
- ;;
- -static)
- if test -z "$pic_flag" && test -n "$link_static_flag"; then
- dlopen_self=$dlopen_self_static
- fi
- prefer_static_libs=built
- ;;
- -static-libtool-libs)
- if test -z "$pic_flag" && test -n "$link_static_flag"; then
- dlopen_self=$dlopen_self_static
- fi
- prefer_static_libs=yes
- ;;
- esac
- build_libtool_libs=no
- build_old_libs=yes
- break
- ;;
- esac
- done
-
- # See if our shared archives depend on static archives.
- test -n "$old_archive_from_new_cmds" && build_old_libs=yes
-
- # Go through the arguments, transforming them on the way.
- while test "$#" -gt 0; do
- arg=$1
- shift
- func_quote_for_eval "$arg"
- qarg=$func_quote_for_eval_unquoted_result
- func_append libtool_args " $func_quote_for_eval_result"
-
- # If the previous option needs an argument, assign it.
- if test -n "$prev"; then
- case $prev in
- output)
- func_append compile_command " @OUTPUT@"
- func_append finalize_command " @OUTPUT@"
- ;;
- esac
-
- case $prev in
- bindir)
- bindir=$arg
- prev=
- continue
- ;;
- dlfiles|dlprefiles)
- $preload || {
- # Add the symbol object into the linking commands.
- func_append compile_command " @SYMFILE@"
- func_append finalize_command " @SYMFILE@"
- preload=:
- }
- case $arg in
- *.la | *.lo) ;; # We handle these cases below.
- force)
- if test no = "$dlself"; then
- dlself=needless
- export_dynamic=yes
- fi
- prev=
- continue
- ;;
- self)
- if test dlprefiles = "$prev"; then
- dlself=yes
- elif test dlfiles = "$prev" && test yes != "$dlopen_self"; then
- dlself=yes
- else
- dlself=needless
- export_dynamic=yes
- fi
- prev=
- continue
- ;;
- *)
- if test dlfiles = "$prev"; then
- func_append dlfiles " $arg"
- else
- func_append dlprefiles " $arg"
- fi
- prev=
- continue
- ;;
- esac
- ;;
- expsyms)
- export_symbols=$arg
- test -f "$arg" \
- || func_fatal_error "symbol file '$arg' does not exist"
- prev=
- continue
- ;;
- expsyms_regex)
- export_symbols_regex=$arg
- prev=
- continue
- ;;
- framework)
- case $host in
- *-*-darwin*)
- case "$deplibs " in
- *" $qarg.ltframework "*) ;;
- *) func_append deplibs " $qarg.ltframework" # this is fixed later
- ;;
- esac
- ;;
- esac
- prev=
- continue
- ;;
- inst_prefix)
- inst_prefix_dir=$arg
- prev=
- continue
- ;;
- mllvm)
- # Clang does not use LLVM to link, so we can simply discard any
- # '-mllvm $arg' options when doing the link step.
- prev=
- continue
- ;;
- objectlist)
- if test -f "$arg"; then
- save_arg=$arg
- moreargs=
- for fil in `cat "$save_arg"`
- do
-# func_append moreargs " $fil"
- arg=$fil
- # A libtool-controlled object.
-
- # Check to see that this really is a libtool object.
- if func_lalib_unsafe_p "$arg"; then
- pic_object=
- non_pic_object=
-
- # Read the .lo file
- func_source "$arg"
-
- if test -z "$pic_object" ||
- test -z "$non_pic_object" ||
- test none = "$pic_object" &&
- test none = "$non_pic_object"; then
- func_fatal_error "cannot find name of object for '$arg'"
- fi
-
- # Extract subdirectory from the argument.
- func_dirname "$arg" "/" ""
- xdir=$func_dirname_result
-
- if test none != "$pic_object"; then
- # Prepend the subdirectory the object is found in.
- pic_object=$xdir$pic_object
-
- if test dlfiles = "$prev"; then
- if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then
- func_append dlfiles " $pic_object"
- prev=
- continue
- else
- # If libtool objects are unsupported, then we need to preload.
- prev=dlprefiles
- fi
- fi
-
- # CHECK ME: I think I busted this. -Ossama
- if test dlprefiles = "$prev"; then
- # Preload the old-style object.
- func_append dlprefiles " $pic_object"
- prev=
- fi
-
- # A PIC object.
- func_append libobjs " $pic_object"
- arg=$pic_object
- fi
-
- # Non-PIC object.
- if test none != "$non_pic_object"; then
- # Prepend the subdirectory the object is found in.
- non_pic_object=$xdir$non_pic_object
-
- # A standard non-PIC object
- func_append non_pic_objects " $non_pic_object"
- if test -z "$pic_object" || test none = "$pic_object"; then
- arg=$non_pic_object
- fi
- else
- # If the PIC object exists, use it instead.
- # $xdir was prepended to $pic_object above.
- non_pic_object=$pic_object
- func_append non_pic_objects " $non_pic_object"
- fi
- else
- # Only an error if not doing a dry-run.
- if $opt_dry_run; then
- # Extract subdirectory from the argument.
- func_dirname "$arg" "/" ""
- xdir=$func_dirname_result
-
- func_lo2o "$arg"
- pic_object=$xdir$objdir/$func_lo2o_result
- non_pic_object=$xdir$func_lo2o_result
- func_append libobjs " $pic_object"
- func_append non_pic_objects " $non_pic_object"
- else
- func_fatal_error "'$arg' is not a valid libtool object"
- fi
- fi
- done
- else
- func_fatal_error "link input file '$arg' does not exist"
- fi
- arg=$save_arg
- prev=
- continue
- ;;
- os2dllname)
- os2dllname=$arg
- prev=
- continue
- ;;
- precious_regex)
- precious_files_regex=$arg
- prev=
- continue
- ;;
- release)
- release=-$arg
- prev=
- continue
- ;;
- rpath | xrpath)
- # We need an absolute path.
- case $arg in
- [\\/]* | [A-Za-z]:[\\/]*) ;;
- *)
- func_fatal_error "only absolute run-paths are allowed"
- ;;
- esac
- if test rpath = "$prev"; then
- case "$rpath " in
- *" $arg "*) ;;
- *) func_append rpath " $arg" ;;
- esac
- else
- case "$xrpath " in
- *" $arg "*) ;;
- *) func_append xrpath " $arg" ;;
- esac
- fi
- prev=
- continue
- ;;
- shrext)
- shrext_cmds=$arg
- prev=
- continue
- ;;
- weak)
- func_append weak_libs " $arg"
- prev=
- continue
- ;;
- xcclinker)
- func_append linker_flags " $qarg"
- func_append compiler_flags " $qarg"
- prev=
- func_append compile_command " $qarg"
- func_append finalize_command " $qarg"
- continue
- ;;
- xcompiler)
- func_append compiler_flags " $qarg"
- prev=
- func_append compile_command " $qarg"
- func_append finalize_command " $qarg"
- continue
- ;;
- xlinker)
- func_append linker_flags " $qarg"
- func_append compiler_flags " $wl$qarg"
- prev=
- func_append compile_command " $wl$qarg"
- func_append finalize_command " $wl$qarg"
- continue
- ;;
- *)
- eval "$prev=\"\$arg\""
- prev=
- continue
- ;;
- esac
- fi # test -n "$prev"
-
- prevarg=$arg
-
- case $arg in
- -all-static)
- if test -n "$link_static_flag"; then
- # See comment for -static flag below, for more details.
- func_append compile_command " $link_static_flag"
- func_append finalize_command " $link_static_flag"
- fi
- continue
- ;;
-
- -allow-undefined)
- # FIXME: remove this flag sometime in the future.
- func_fatal_error "'-allow-undefined' must not be used because it is the default"
- ;;
-
- -avoid-version)
- avoid_version=yes
- continue
- ;;
-
- -bindir)
- prev=bindir
- continue
- ;;
-
- -dlopen)
- prev=dlfiles
- continue
- ;;
-
- -dlpreopen)
- prev=dlprefiles
- continue
- ;;
-
- -export-dynamic)
- export_dynamic=yes
- continue
- ;;
-
- -export-symbols | -export-symbols-regex)
- if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
- func_fatal_error "more than one -exported-symbols argument is not allowed"
- fi
- if test X-export-symbols = "X$arg"; then
- prev=expsyms
- else
- prev=expsyms_regex
- fi
- continue
- ;;
-
- -framework)
- prev=framework
- continue
- ;;
-
- -inst-prefix-dir)
- prev=inst_prefix
- continue
- ;;
-
- # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:*
- # so, if we see these flags be careful not to treat them like -L
- -L[A-Z][A-Z]*:*)
- case $with_gcc/$host in
- no/*-*-irix* | /*-*-irix*)
- func_append compile_command " $arg"
- func_append finalize_command " $arg"
- ;;
- esac
- continue
- ;;
-
- -L*)
- func_stripname "-L" '' "$arg"
- if test -z "$func_stripname_result"; then
- if test "$#" -gt 0; then
- func_fatal_error "require no space between '-L' and '$1'"
- else
- func_fatal_error "need path for '-L' option"
- fi
- fi
- func_resolve_sysroot "$func_stripname_result"
- dir=$func_resolve_sysroot_result
- # We need an absolute path.
- case $dir in
- [\\/]* | [A-Za-z]:[\\/]*) ;;
- *)
- absdir=`cd "$dir" && pwd`
- test -z "$absdir" && \
- func_fatal_error "cannot determine absolute directory name of '$dir'"
- dir=$absdir
- ;;
- esac
- case "$deplibs " in
- *" -L$dir "* | *" $arg "*)
- # Will only happen for absolute or sysroot arguments
- ;;
- *)
- # Preserve sysroot, but never include relative directories
- case $dir in
- [\\/]* | [A-Za-z]:[\\/]* | =*) func_append deplibs " $arg" ;;
- *) func_append deplibs " -L$dir" ;;
- esac
- func_append lib_search_path " $dir"
- ;;
- esac
- case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
- testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'`
- case :$dllsearchpath: in
- *":$dir:"*) ;;
- ::) dllsearchpath=$dir;;
- *) func_append dllsearchpath ":$dir";;
- esac
- case :$dllsearchpath: in
- *":$testbindir:"*) ;;
- ::) dllsearchpath=$testbindir;;
- *) func_append dllsearchpath ":$testbindir";;
- esac
- ;;
- esac
- continue
- ;;
-
- -l*)
- if test X-lc = "X$arg" || test X-lm = "X$arg"; then
- case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*)
- # These systems don't actually have a C or math library (as such)
- continue
- ;;
- *-*-os2*)
- # These systems don't actually have a C library (as such)
- test X-lc = "X$arg" && continue
- ;;
- *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*)
- # Do not include libc due to us having libc/libc_r.
- test X-lc = "X$arg" && continue
- ;;
- *-*-rhapsody* | *-*-darwin1.[012])
- # Rhapsody C and math libraries are in the System framework
- func_append deplibs " System.ltframework"
- continue
- ;;
- *-*-sco3.2v5* | *-*-sco5v6*)
- # Causes problems with __ctype
- test X-lc = "X$arg" && continue
- ;;
- *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
- # Compiler inserts libc in the correct place for threads to work
- test X-lc = "X$arg" && continue
- ;;
- esac
- elif test X-lc_r = "X$arg"; then
- case $host in
- *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*)
- # Do not include libc_r directly, use -pthread flag.
- continue
- ;;
- esac
- fi
- func_append deplibs " $arg"
- continue
- ;;
-
- -mllvm)
- prev=mllvm
- continue
- ;;
-
- -module)
- module=yes
- continue
- ;;
-
- # Tru64 UNIX uses -model [arg] to determine the layout of C++
- # classes, name mangling, and exception handling.
- # Darwin uses the -arch flag to determine output architecture.
- -model|-arch|-isysroot|--sysroot)
- func_append compiler_flags " $arg"
- func_append compile_command " $arg"
- func_append finalize_command " $arg"
- prev=xcompiler
- continue
- ;;
-
- -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
- |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
- func_append compiler_flags " $arg"
- func_append compile_command " $arg"
- func_append finalize_command " $arg"
- case "$new_inherited_linker_flags " in
- *" $arg "*) ;;
- * ) func_append new_inherited_linker_flags " $arg" ;;
- esac
- continue
- ;;
-
- -multi_module)
- single_module=$wl-multi_module
- continue
- ;;
-
- -no-fast-install)
- fast_install=no
- continue
- ;;
-
- -no-install)
- case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*)
- # The PATH hackery in wrapper scripts is required on Windows
- # and Darwin in order for the loader to find any dlls it needs.
- func_warning "'-no-install' is ignored for $host"
- func_warning "assuming '-no-fast-install' instead"
- fast_install=no
- ;;
- *) no_install=yes ;;
- esac
- continue
- ;;
-
- -no-undefined)
- allow_undefined=no
- continue
- ;;
-
- -objectlist)
- prev=objectlist
- continue
- ;;
-
- -os2dllname)
- prev=os2dllname
- continue
- ;;
-
- -o) prev=output ;;
-
- -precious-files-regex)
- prev=precious_regex
- continue
- ;;
-
- -release)
- prev=release
- continue
- ;;
-
- -rpath)
- prev=rpath
- continue
- ;;
-
- -R)
- prev=xrpath
- continue
- ;;
-
- -R*)
- func_stripname '-R' '' "$arg"
- dir=$func_stripname_result
- # We need an absolute path.
- case $dir in
- [\\/]* | [A-Za-z]:[\\/]*) ;;
- =*)
- func_stripname '=' '' "$dir"
- dir=$lt_sysroot$func_stripname_result
- ;;
- *)
- func_fatal_error "only absolute run-paths are allowed"
- ;;
- esac
- case "$xrpath " in
- *" $dir "*) ;;
- *) func_append xrpath " $dir" ;;
- esac
- continue
- ;;
-
- -shared)
- # The effects of -shared are defined in a previous loop.
- continue
- ;;
-
- -shrext)
- prev=shrext
- continue
- ;;
-
- -static | -static-libtool-libs)
- # The effects of -static are defined in a previous loop.
- # We used to do the same as -all-static on platforms that
- # didn't have a PIC flag, but the assumption that the effects
- # would be equivalent was wrong. It would break on at least
- # Digital Unix and AIX.
- continue
- ;;
-
- -thread-safe)
- thread_safe=yes
- continue
- ;;
-
- -version-info)
- prev=vinfo
- continue
- ;;
-
- -version-number)
- prev=vinfo
- vinfo_number=yes
- continue
- ;;
-
- -weak)
- prev=weak
- continue
- ;;
-
- -Wc,*)
- func_stripname '-Wc,' '' "$arg"
- args=$func_stripname_result
- arg=
- save_ifs=$IFS; IFS=,
- for flag in $args; do
- IFS=$save_ifs
- func_quote_for_eval "$flag"
- func_append arg " $func_quote_for_eval_result"
- func_append compiler_flags " $func_quote_for_eval_result"
- done
- IFS=$save_ifs
- func_stripname ' ' '' "$arg"
- arg=$func_stripname_result
- ;;
-
- -Wl,*)
- func_stripname '-Wl,' '' "$arg"
- args=$func_stripname_result
- arg=
- save_ifs=$IFS; IFS=,
- for flag in $args; do
- IFS=$save_ifs
- func_quote_for_eval "$flag"
- func_append arg " $wl$func_quote_for_eval_result"
- func_append compiler_flags " $wl$func_quote_for_eval_result"
- func_append linker_flags " $func_quote_for_eval_result"
- done
- IFS=$save_ifs
- func_stripname ' ' '' "$arg"
- arg=$func_stripname_result
- ;;
-
- -Xcompiler)
- prev=xcompiler
- continue
- ;;
-
- -Xlinker)
- prev=xlinker
- continue
- ;;
-
- -XCClinker)
- prev=xcclinker
- continue
- ;;
-
- # -msg_* for osf cc
- -msg_*)
- func_quote_for_eval "$arg"
- arg=$func_quote_for_eval_result
- ;;
-
- # Flags to be passed through unchanged, with rationale:
- # -64, -mips[0-9] enable 64-bit mode for the SGI compiler
- # -r[0-9][0-9]* specify processor for the SGI compiler
- # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler
- # +DA*, +DD* enable 64-bit mode for the HP compiler
- # -q* compiler args for the IBM compiler
- # -m*, -t[45]*, -txscale* architecture-specific flags for GCC
- # -F/path path to uninstalled frameworks, gcc on darwin
- # -p, -pg, --coverage, -fprofile-* profiling flags for GCC
- # -fstack-protector* stack protector flags for GCC
- # @file GCC response files
- # -tp=* Portland pgcc target processor selection
- # --sysroot=* for sysroot support
- # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization
- # -specs=* GCC specs files
- # -stdlib=* select c++ std lib with clang
- # -fsanitize=* Clang/GCC memory and address sanitizer
- # -fuse-ld=* Linker select flags for GCC
- # -static-* direct GCC to link specific libraries statically
- # -fcilkplus Cilk Plus language extension features for C/C++
- -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
- -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \
- -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \
- -specs=*|-fsanitize=*|-fuse-ld=*|-static-*|-fcilkplus)
- func_quote_for_eval "$arg"
- arg=$func_quote_for_eval_result
- func_append compile_command " $arg"
- func_append finalize_command " $arg"
- func_append compiler_flags " $arg"
- continue
- ;;
-
- -Z*)
- if test os2 = "`expr $host : '.*\(os2\)'`"; then
- # OS/2 uses -Zxxx to specify OS/2-specific options
- compiler_flags="$compiler_flags $arg"
- func_append compile_command " $arg"
- func_append finalize_command " $arg"
- case $arg in
- -Zlinker | -Zstack)
- prev=xcompiler
- ;;
- esac
- continue
- else
- # Otherwise treat like 'Some other compiler flag' below
- func_quote_for_eval "$arg"
- arg=$func_quote_for_eval_result
- fi
- ;;
-
- # Some other compiler flag.
- -* | +*)
- func_quote_for_eval "$arg"
- arg=$func_quote_for_eval_result
- ;;
-
- *.$objext)
- # A standard object.
- func_append objs " $arg"
- ;;
-
- *.lo)
- # A libtool-controlled object.
-
- # Check to see that this really is a libtool object.
- if func_lalib_unsafe_p "$arg"; then
- pic_object=
- non_pic_object=
-
- # Read the .lo file
- func_source "$arg"
-
- if test -z "$pic_object" ||
- test -z "$non_pic_object" ||
- test none = "$pic_object" &&
- test none = "$non_pic_object"; then
- func_fatal_error "cannot find name of object for '$arg'"
- fi
-
- # Extract subdirectory from the argument.
- func_dirname "$arg" "/" ""
- xdir=$func_dirname_result
-
- test none = "$pic_object" || {
- # Prepend the subdirectory the object is found in.
- pic_object=$xdir$pic_object
-
- if test dlfiles = "$prev"; then
- if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then
- func_append dlfiles " $pic_object"
- prev=
- continue
- else
- # If libtool objects are unsupported, then we need to preload.
- prev=dlprefiles
- fi
- fi
-
- # CHECK ME: I think I busted this. -Ossama
- if test dlprefiles = "$prev"; then
- # Preload the old-style object.
- func_append dlprefiles " $pic_object"
- prev=
- fi
-
- # A PIC object.
- func_append libobjs " $pic_object"
- arg=$pic_object
- }
-
- # Non-PIC object.
- if test none != "$non_pic_object"; then
- # Prepend the subdirectory the object is found in.
- non_pic_object=$xdir$non_pic_object
-
- # A standard non-PIC object
- func_append non_pic_objects " $non_pic_object"
- if test -z "$pic_object" || test none = "$pic_object"; then
- arg=$non_pic_object
- fi
- else
- # If the PIC object exists, use it instead.
- # $xdir was prepended to $pic_object above.
- non_pic_object=$pic_object
- func_append non_pic_objects " $non_pic_object"
- fi
- else
- # Only an error if not doing a dry-run.
- if $opt_dry_run; then
- # Extract subdirectory from the argument.
- func_dirname "$arg" "/" ""
- xdir=$func_dirname_result
-
- func_lo2o "$arg"
- pic_object=$xdir$objdir/$func_lo2o_result
- non_pic_object=$xdir$func_lo2o_result
- func_append libobjs " $pic_object"
- func_append non_pic_objects " $non_pic_object"
- else
- func_fatal_error "'$arg' is not a valid libtool object"
- fi
- fi
- ;;
-
- *.$libext)
- # An archive.
- func_append deplibs " $arg"
- func_append old_deplibs " $arg"
- continue
- ;;
-
- *.la)
- # A libtool-controlled library.
-
- func_resolve_sysroot "$arg"
- if test dlfiles = "$prev"; then
- # This library was specified with -dlopen.
- func_append dlfiles " $func_resolve_sysroot_result"
- prev=
- elif test dlprefiles = "$prev"; then
- # The library was specified with -dlpreopen.
- func_append dlprefiles " $func_resolve_sysroot_result"
- prev=
- else
- func_append deplibs " $func_resolve_sysroot_result"
- fi
- continue
- ;;
-
- # Some other compiler argument.
- *)
- # Unknown arguments in both finalize_command and compile_command need
- # to be aesthetically quoted because they are evaled later.
- func_quote_for_eval "$arg"
- arg=$func_quote_for_eval_result
- ;;
- esac # arg
-
- # Now actually substitute the argument into the commands.
- if test -n "$arg"; then
- func_append compile_command " $arg"
- func_append finalize_command " $arg"
- fi
- done # argument parsing loop
-
- test -n "$prev" && \
- func_fatal_help "the '$prevarg' option requires an argument"
-
- if test yes = "$export_dynamic" && test -n "$export_dynamic_flag_spec"; then
- eval arg=\"$export_dynamic_flag_spec\"
- func_append compile_command " $arg"
- func_append finalize_command " $arg"
- fi
-
- oldlibs=
- # calculate the name of the file, without its directory
- func_basename "$output"
- outputname=$func_basename_result
- libobjs_save=$libobjs
-
- if test -n "$shlibpath_var"; then
- # get the directories listed in $shlibpath_var
- eval shlib_search_path=\`\$ECHO \"\$$shlibpath_var\" \| \$SED \'s/:/ /g\'\`
- else
- shlib_search_path=
- fi
- eval sys_lib_search_path=\"$sys_lib_search_path_spec\"
- eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
-
- # Definition is injected by LT_CONFIG during libtool generation.
- func_munge_path_list sys_lib_dlsearch_path "$LT_SYS_LIBRARY_PATH"
-
- func_dirname "$output" "/" ""
- output_objdir=$func_dirname_result$objdir
- func_to_tool_file "$output_objdir/"
- tool_output_objdir=$func_to_tool_file_result
- # Create the object directory.
- func_mkdir_p "$output_objdir"
-
- # Determine the type of output
- case $output in
- "")
- func_fatal_help "you must specify an output file"
- ;;
- *.$libext) linkmode=oldlib ;;
- *.lo | *.$objext) linkmode=obj ;;
- *.la) linkmode=lib ;;
- *) linkmode=prog ;; # Anything else should be a program.
- esac
-
- specialdeplibs=
-
- libs=
- # Find all interdependent deplibs by searching for libraries
- # that are linked more than once (e.g. -la -lb -la)
- for deplib in $deplibs; do
- if $opt_preserve_dup_deps; then
- case "$libs " in
- *" $deplib "*) func_append specialdeplibs " $deplib" ;;
- esac
- fi
- func_append libs " $deplib"
- done
-
- if test lib = "$linkmode"; then
- libs="$predeps $libs $compiler_lib_search_path $postdeps"
-
- # Compute libraries that are listed more than once in $predeps
- # $postdeps and mark them as special (i.e., whose duplicates are
- # not to be eliminated).
- pre_post_deps=
- if $opt_duplicate_compiler_generated_deps; then
- for pre_post_dep in $predeps $postdeps; do
- case "$pre_post_deps " in
- *" $pre_post_dep "*) func_append specialdeplibs " $pre_post_deps" ;;
- esac
- func_append pre_post_deps " $pre_post_dep"
- done
- fi
- pre_post_deps=
- fi
-
- deplibs=
- newdependency_libs=
- newlib_search_path=
- need_relink=no # whether we're linking any uninstalled libtool libraries
- notinst_deplibs= # not-installed libtool libraries
- notinst_path= # paths that contain not-installed libtool libraries
-
- case $linkmode in
- lib)
- passes="conv dlpreopen link"
- for file in $dlfiles $dlprefiles; do
- case $file in
- *.la) ;;
- *)
- func_fatal_help "libraries can '-dlopen' only libtool libraries: $file"
- ;;
- esac
- done
- ;;
- prog)
- compile_deplibs=
- finalize_deplibs=
- alldeplibs=false
- newdlfiles=
- newdlprefiles=
- passes="conv scan dlopen dlpreopen link"
- ;;
- *) passes="conv"
- ;;
- esac
-
- for pass in $passes; do
- # The preopen pass in lib mode reverses $deplibs; put it back here
- # so that -L comes before libs that need it for instance...
- if test lib,link = "$linkmode,$pass"; then
- ## FIXME: Find the place where the list is rebuilt in the wrong
- ## order, and fix it there properly
- tmp_deplibs=
- for deplib in $deplibs; do
- tmp_deplibs="$deplib $tmp_deplibs"
- done
- deplibs=$tmp_deplibs
- fi
-
- if test lib,link = "$linkmode,$pass" ||
- test prog,scan = "$linkmode,$pass"; then
- libs=$deplibs
- deplibs=
- fi
- if test prog = "$linkmode"; then
- case $pass in
- dlopen) libs=$dlfiles ;;
- dlpreopen) libs=$dlprefiles ;;
- link)
- libs="$deplibs %DEPLIBS%"
- test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs"
- ;;
- esac
- fi
- if test lib,dlpreopen = "$linkmode,$pass"; then
- # Collect and forward deplibs of preopened libtool libs
- for lib in $dlprefiles; do
- # Ignore non-libtool-libs
- dependency_libs=
- func_resolve_sysroot "$lib"
- case $lib in
- *.la) func_source "$func_resolve_sysroot_result" ;;
- esac
-
- # Collect preopened libtool deplibs, except any this library
- # has declared as weak libs
- for deplib in $dependency_libs; do
- func_basename "$deplib"
- deplib_base=$func_basename_result
- case " $weak_libs " in
- *" $deplib_base "*) ;;
- *) func_append deplibs " $deplib" ;;
- esac
- done
- done
- libs=$dlprefiles
- fi
- if test dlopen = "$pass"; then
- # Collect dlpreopened libraries
- save_deplibs=$deplibs
- deplibs=
- fi
-
- for deplib in $libs; do
- lib=
- found=false
- case $deplib in
- -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
- |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
- if test prog,link = "$linkmode,$pass"; then
- compile_deplibs="$deplib $compile_deplibs"
- finalize_deplibs="$deplib $finalize_deplibs"
- else
- func_append compiler_flags " $deplib"
- if test lib = "$linkmode"; then
- case "$new_inherited_linker_flags " in
- *" $deplib "*) ;;
- * ) func_append new_inherited_linker_flags " $deplib" ;;
- esac
- fi
- fi
- continue
- ;;
- -l*)
- if test lib != "$linkmode" && test prog != "$linkmode"; then
- func_warning "'-l' is ignored for archives/objects"
- continue
- fi
- func_stripname '-l' '' "$deplib"
- name=$func_stripname_result
- if test lib = "$linkmode"; then
- searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path"
- else
- searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path"
- fi
- for searchdir in $searchdirs; do
- for search_ext in .la $std_shrext .so .a; do
- # Search the libtool library
- lib=$searchdir/lib$name$search_ext
- if test -f "$lib"; then
- if test .la = "$search_ext"; then
- found=:
- else
- found=false
- fi
- break 2
- fi
- done
- done
- if $found; then
- # deplib is a libtool library
- # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib,
- # We need to do some special things here, and not later.
- if test yes = "$allow_libtool_libs_with_static_runtimes"; then
- case " $predeps $postdeps " in
- *" $deplib "*)
- if func_lalib_p "$lib"; then
- library_names=
- old_library=
- func_source "$lib"
- for l in $old_library $library_names; do
- ll=$l
- done
- if test "X$ll" = "X$old_library"; then # only static version available
- found=false
- func_dirname "$lib" "" "."
- ladir=$func_dirname_result
- lib=$ladir/$old_library
- if test prog,link = "$linkmode,$pass"; then
- compile_deplibs="$deplib $compile_deplibs"
- finalize_deplibs="$deplib $finalize_deplibs"
- else
- deplibs="$deplib $deplibs"
- test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs"
- fi
- continue
- fi
- fi
- ;;
- *) ;;
- esac
- fi
- else
- # deplib doesn't seem to be a libtool library
- if test prog,link = "$linkmode,$pass"; then
- compile_deplibs="$deplib $compile_deplibs"
- finalize_deplibs="$deplib $finalize_deplibs"
- else
- deplibs="$deplib $deplibs"
- test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs"
- fi
- continue
- fi
- ;; # -l
- *.ltframework)
- if test prog,link = "$linkmode,$pass"; then
- compile_deplibs="$deplib $compile_deplibs"
- finalize_deplibs="$deplib $finalize_deplibs"
- else
- deplibs="$deplib $deplibs"
- if test lib = "$linkmode"; then
- case "$new_inherited_linker_flags " in
- *" $deplib "*) ;;
- * ) func_append new_inherited_linker_flags " $deplib" ;;
- esac
- fi
- fi
- continue
- ;;
- -L*)
- case $linkmode in
- lib)
- deplibs="$deplib $deplibs"
- test conv = "$pass" && continue
- newdependency_libs="$deplib $newdependency_libs"
- func_stripname '-L' '' "$deplib"
- func_resolve_sysroot "$func_stripname_result"
- func_append newlib_search_path " $func_resolve_sysroot_result"
- ;;
- prog)
- if test conv = "$pass"; then
- deplibs="$deplib $deplibs"
- continue
- fi
- if test scan = "$pass"; then
- deplibs="$deplib $deplibs"
- else
- compile_deplibs="$deplib $compile_deplibs"
- finalize_deplibs="$deplib $finalize_deplibs"
- fi
- func_stripname '-L' '' "$deplib"
- func_resolve_sysroot "$func_stripname_result"
- func_append newlib_search_path " $func_resolve_sysroot_result"
- ;;
- *)
- func_warning "'-L' is ignored for archives/objects"
- ;;
- esac # linkmode
- continue
- ;; # -L
- -R*)
- if test link = "$pass"; then
- func_stripname '-R' '' "$deplib"
- func_resolve_sysroot "$func_stripname_result"
- dir=$func_resolve_sysroot_result
- # Make sure the xrpath contains only unique directories.
- case "$xrpath " in
- *" $dir "*) ;;
- *) func_append xrpath " $dir" ;;
- esac
- fi
- deplibs="$deplib $deplibs"
- continue
- ;;
- *.la)
- func_resolve_sysroot "$deplib"
- lib=$func_resolve_sysroot_result
- ;;
- *.$libext)
- if test conv = "$pass"; then
- deplibs="$deplib $deplibs"
- continue
- fi
- case $linkmode in
- lib)
- # Linking convenience modules into shared libraries is allowed,
- # but linking other static libraries is non-portable.
- case " $dlpreconveniencelibs " in
- *" $deplib "*) ;;
- *)
- valid_a_lib=false
- case $deplibs_check_method in
- match_pattern*)
- set dummy $deplibs_check_method; shift
- match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
- if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \
- | $EGREP "$match_pattern_regex" > /dev/null; then
- valid_a_lib=:
- fi
- ;;
- pass_all)
- valid_a_lib=:
- ;;
- esac
- if $valid_a_lib; then
- echo
- $ECHO "*** Warning: Linking the shared library $output against the"
- $ECHO "*** static library $deplib is not portable!"
- deplibs="$deplib $deplibs"
- else
- echo
- $ECHO "*** Warning: Trying to link with static lib archive $deplib."
- echo "*** I have the capability to make that library automatically link in when"
- echo "*** you link to this library. But I can only do this if you have a"
- echo "*** shared version of the library, which you do not appear to have"
- echo "*** because the file extensions .$libext of this argument makes me believe"
- echo "*** that it is just a static archive that I should not use here."
- fi
- ;;
- esac
- continue
- ;;
- prog)
- if test link != "$pass"; then
- deplibs="$deplib $deplibs"
- else
- compile_deplibs="$deplib $compile_deplibs"
- finalize_deplibs="$deplib $finalize_deplibs"
- fi
- continue
- ;;
- esac # linkmode
- ;; # *.$libext
- *.lo | *.$objext)
- if test conv = "$pass"; then
- deplibs="$deplib $deplibs"
- elif test prog = "$linkmode"; then
- if test dlpreopen = "$pass" || test yes != "$dlopen_support" || test no = "$build_libtool_libs"; then
- # If there is no dlopen support or we're linking statically,
- # we need to preload.
- func_append newdlprefiles " $deplib"
- compile_deplibs="$deplib $compile_deplibs"
- finalize_deplibs="$deplib $finalize_deplibs"
- else
- func_append newdlfiles " $deplib"
- fi
- fi
- continue
- ;;
- %DEPLIBS%)
- alldeplibs=:
- continue
- ;;
- esac # case $deplib
-
- $found || test -f "$lib" \
- || func_fatal_error "cannot find the library '$lib' or unhandled argument '$deplib'"
-
- # Check to see that this really is a libtool archive.
- func_lalib_unsafe_p "$lib" \
- || func_fatal_error "'$lib' is not a valid libtool archive"
-
- func_dirname "$lib" "" "."
- ladir=$func_dirname_result
-
- dlname=
- dlopen=
- dlpreopen=
- libdir=
- library_names=
- old_library=
- inherited_linker_flags=
- # If the library was installed with an old release of libtool,
- # it will not redefine variables installed, or shouldnotlink
- installed=yes
- shouldnotlink=no
- avoidtemprpath=
-
-
- # Read the .la file
- func_source "$lib"
-
- # Convert "-framework foo" to "foo.ltframework"
- if test -n "$inherited_linker_flags"; then
- tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'`
- for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do
- case " $new_inherited_linker_flags " in
- *" $tmp_inherited_linker_flag "*) ;;
- *) func_append new_inherited_linker_flags " $tmp_inherited_linker_flag";;
- esac
- done
- fi
- dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
- if test lib,link = "$linkmode,$pass" ||
- test prog,scan = "$linkmode,$pass" ||
- { test prog != "$linkmode" && test lib != "$linkmode"; }; then
- test -n "$dlopen" && func_append dlfiles " $dlopen"
- test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen"
- fi
-
- if test conv = "$pass"; then
- # Only check for convenience libraries
- deplibs="$lib $deplibs"
- if test -z "$libdir"; then
- if test -z "$old_library"; then
- func_fatal_error "cannot find name of link library for '$lib'"
- fi
- # It is a libtool convenience library, so add in its objects.
- func_append convenience " $ladir/$objdir/$old_library"
- func_append old_convenience " $ladir/$objdir/$old_library"
- tmp_libs=
- for deplib in $dependency_libs; do
- deplibs="$deplib $deplibs"
- if $opt_preserve_dup_deps; then
- case "$tmp_libs " in
- *" $deplib "*) func_append specialdeplibs " $deplib" ;;
- esac
- fi
- func_append tmp_libs " $deplib"
- done
- elif test prog != "$linkmode" && test lib != "$linkmode"; then
- func_fatal_error "'$lib' is not a convenience library"
- fi
- continue
- fi # $pass = conv
-
-
- # Get the name of the library we link against.
- linklib=
- if test -n "$old_library" &&
- { test yes = "$prefer_static_libs" ||
- test built,no = "$prefer_static_libs,$installed"; }; then
- linklib=$old_library
- else
- for l in $old_library $library_names; do
- linklib=$l
- done
- fi
- if test -z "$linklib"; then
- func_fatal_error "cannot find name of link library for '$lib'"
- fi
-
- # This library was specified with -dlopen.
- if test dlopen = "$pass"; then
- test -z "$libdir" \
- && func_fatal_error "cannot -dlopen a convenience library: '$lib'"
- if test -z "$dlname" ||
- test yes != "$dlopen_support" ||
- test no = "$build_libtool_libs"
- then
- # If there is no dlname, no dlopen support or we're linking
- # statically, we need to preload. We also need to preload any
- # dependent libraries so libltdl's deplib preloader doesn't
- # bomb out in the load deplibs phase.
- func_append dlprefiles " $lib $dependency_libs"
- else
- func_append newdlfiles " $lib"
- fi
- continue
- fi # $pass = dlopen
-
- # We need an absolute path.
- case $ladir in
- [\\/]* | [A-Za-z]:[\\/]*) abs_ladir=$ladir ;;
- *)
- abs_ladir=`cd "$ladir" && pwd`
- if test -z "$abs_ladir"; then
- func_warning "cannot determine absolute directory name of '$ladir'"
- func_warning "passing it literally to the linker, although it might fail"
- abs_ladir=$ladir
- fi
- ;;
- esac
- func_basename "$lib"
- laname=$func_basename_result
-
- # Find the relevant object directory and library name.
- if test yes = "$installed"; then
- if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
- func_warning "library '$lib' was moved."
- dir=$ladir
- absdir=$abs_ladir
- libdir=$abs_ladir
- else
- dir=$lt_sysroot$libdir
- absdir=$lt_sysroot$libdir
- fi
- test yes = "$hardcode_automatic" && avoidtemprpath=yes
- else
- if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then
- dir=$ladir
- absdir=$abs_ladir
- # Remove this search path later
- func_append notinst_path " $abs_ladir"
- else
- dir=$ladir/$objdir
- absdir=$abs_ladir/$objdir
- # Remove this search path later
- func_append notinst_path " $abs_ladir"
- fi
- fi # $installed = yes
- func_stripname 'lib' '.la' "$laname"
- name=$func_stripname_result
-
- # This library was specified with -dlpreopen.
- if test dlpreopen = "$pass"; then
- if test -z "$libdir" && test prog = "$linkmode"; then
- func_fatal_error "only libraries may -dlpreopen a convenience library: '$lib'"
- fi
- case $host in
- # special handling for platforms with PE-DLLs.
- *cygwin* | *mingw* | *cegcc* )
- # Linker will automatically link against shared library if both
- # static and shared are present. Therefore, ensure we extract
- # symbols from the import library if a shared library is present
- # (otherwise, the dlopen module name will be incorrect). We do
- # this by putting the import library name into $newdlprefiles.
- # We recover the dlopen module name by 'saving' the la file
- # name in a special purpose variable, and (later) extracting the
- # dlname from the la file.
- if test -n "$dlname"; then
- func_tr_sh "$dir/$linklib"
- eval "libfile_$func_tr_sh_result=\$abs_ladir/\$laname"
- func_append newdlprefiles " $dir/$linklib"
- else
- func_append newdlprefiles " $dir/$old_library"
- # Keep a list of preopened convenience libraries to check
- # that they are being used correctly in the link pass.
- test -z "$libdir" && \
- func_append dlpreconveniencelibs " $dir/$old_library"
- fi
- ;;
- * )
- # Prefer using a static library (so that no silly _DYNAMIC symbols
- # are required to link).
- if test -n "$old_library"; then
- func_append newdlprefiles " $dir/$old_library"
- # Keep a list of preopened convenience libraries to check
- # that they are being used correctly in the link pass.
- test -z "$libdir" && \
- func_append dlpreconveniencelibs " $dir/$old_library"
- # Otherwise, use the dlname, so that lt_dlopen finds it.
- elif test -n "$dlname"; then
- func_append newdlprefiles " $dir/$dlname"
- else
- func_append newdlprefiles " $dir/$linklib"
- fi
- ;;
- esac
- fi # $pass = dlpreopen
-
- if test -z "$libdir"; then
- # Link the convenience library
- if test lib = "$linkmode"; then
- deplibs="$dir/$old_library $deplibs"
- elif test prog,link = "$linkmode,$pass"; then
- compile_deplibs="$dir/$old_library $compile_deplibs"
- finalize_deplibs="$dir/$old_library $finalize_deplibs"
- else
- deplibs="$lib $deplibs" # used for prog,scan pass
- fi
- continue
- fi
-
-
- if test prog = "$linkmode" && test link != "$pass"; then
- func_append newlib_search_path " $ladir"
- deplibs="$lib $deplibs"
-
- linkalldeplibs=false
- if test no != "$link_all_deplibs" || test -z "$library_names" ||
- test no = "$build_libtool_libs"; then
- linkalldeplibs=:
- fi
-
- tmp_libs=
- for deplib in $dependency_libs; do
- case $deplib in
- -L*) func_stripname '-L' '' "$deplib"
- func_resolve_sysroot "$func_stripname_result"
- func_append newlib_search_path " $func_resolve_sysroot_result"
- ;;
- esac
- # Need to link against all dependency_libs?
- if $linkalldeplibs; then
- deplibs="$deplib $deplibs"
- else
- # Need to hardcode shared library paths
- # or/and link against static libraries
- newdependency_libs="$deplib $newdependency_libs"
- fi
- if $opt_preserve_dup_deps; then
- case "$tmp_libs " in
- *" $deplib "*) func_append specialdeplibs " $deplib" ;;
- esac
- fi
- func_append tmp_libs " $deplib"
- done # for deplib
- continue
- fi # $linkmode = prog...
-
- if test prog,link = "$linkmode,$pass"; then
- if test -n "$library_names" &&
- { { test no = "$prefer_static_libs" ||
- test built,yes = "$prefer_static_libs,$installed"; } ||
- test -z "$old_library"; }; then
- # We need to hardcode the library path
- if test -n "$shlibpath_var" && test -z "$avoidtemprpath"; then
- # Make sure the rpath contains only unique directories.
- case $temp_rpath: in
- *"$absdir:"*) ;;
- *) func_append temp_rpath "$absdir:" ;;
- esac
- fi
-
- # Hardcode the library path.
- # Skip directories that are in the system default run-time
- # search path.
- case " $sys_lib_dlsearch_path " in
- *" $absdir "*) ;;
- *)
- case "$compile_rpath " in
- *" $absdir "*) ;;
- *) func_append compile_rpath " $absdir" ;;
- esac
- ;;
- esac
- case " $sys_lib_dlsearch_path " in
- *" $libdir "*) ;;
- *)
- case "$finalize_rpath " in
- *" $libdir "*) ;;
- *) func_append finalize_rpath " $libdir" ;;
- esac
- ;;
- esac
- fi # $linkmode,$pass = prog,link...
-
- if $alldeplibs &&
- { test pass_all = "$deplibs_check_method" ||
- { test yes = "$build_libtool_libs" &&
- test -n "$library_names"; }; }; then
- # We only need to search for static libraries
- continue
- fi
- fi
-
- link_static=no # Whether the deplib will be linked statically
- use_static_libs=$prefer_static_libs
- if test built = "$use_static_libs" && test yes = "$installed"; then
- use_static_libs=no
- fi
- if test -n "$library_names" &&
- { test no = "$use_static_libs" || test -z "$old_library"; }; then
- case $host in
- *cygwin* | *mingw* | *cegcc* | *os2*)
- # No point in relinking DLLs because paths are not encoded
- func_append notinst_deplibs " $lib"
- need_relink=no
- ;;
- *)
- if test no = "$installed"; then
- func_append notinst_deplibs " $lib"
- need_relink=yes
- fi
- ;;
- esac
- # This is a shared library
-
- # Warn about portability, can't link against -module's on some
- # systems (darwin). Don't bleat about dlopened modules though!
- dlopenmodule=
- for dlpremoduletest in $dlprefiles; do
- if test "X$dlpremoduletest" = "X$lib"; then
- dlopenmodule=$dlpremoduletest
- break
- fi
- done
- if test -z "$dlopenmodule" && test yes = "$shouldnotlink" && test link = "$pass"; then
- echo
- if test prog = "$linkmode"; then
- $ECHO "*** Warning: Linking the executable $output against the loadable module"
- else
- $ECHO "*** Warning: Linking the shared library $output against the loadable module"
- fi
- $ECHO "*** $linklib is not portable!"
- fi
- if test lib = "$linkmode" &&
- test yes = "$hardcode_into_libs"; then
- # Hardcode the library path.
- # Skip directories that are in the system default run-time
- # search path.
- case " $sys_lib_dlsearch_path " in
- *" $absdir "*) ;;
- *)
- case "$compile_rpath " in
- *" $absdir "*) ;;
- *) func_append compile_rpath " $absdir" ;;
- esac
- ;;
- esac
- case " $sys_lib_dlsearch_path " in
- *" $libdir "*) ;;
- *)
- case "$finalize_rpath " in
- *" $libdir "*) ;;
- *) func_append finalize_rpath " $libdir" ;;
- esac
- ;;
- esac
- fi
-
- if test -n "$old_archive_from_expsyms_cmds"; then
- # figure out the soname
- set dummy $library_names
- shift
- realname=$1
- shift
- libname=`eval "\\$ECHO \"$libname_spec\""`
- # use dlname if we got it. it's perfectly good, no?
- if test -n "$dlname"; then
- soname=$dlname
- elif test -n "$soname_spec"; then
- # bleh windows
- case $host in
- *cygwin* | mingw* | *cegcc* | *os2*)
- func_arith $current - $age
- major=$func_arith_result
- versuffix=-$major
- ;;
- esac
- eval soname=\"$soname_spec\"
- else
- soname=$realname
- fi
-
- # Make a new name for the extract_expsyms_cmds to use
- soroot=$soname
- func_basename "$soroot"
- soname=$func_basename_result
- func_stripname 'lib' '.dll' "$soname"
- newlib=libimp-$func_stripname_result.a
-
- # If the library has no export list, then create one now
- if test -f "$output_objdir/$soname-def"; then :
- else
- func_verbose "extracting exported symbol list from '$soname'"
- func_execute_cmds "$extract_expsyms_cmds" 'exit $?'
- fi
-
- # Create $newlib
- if test -f "$output_objdir/$newlib"; then :; else
- func_verbose "generating import library for '$soname'"
- func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?'
- fi
- # make sure the library variables are pointing to the new library
- dir=$output_objdir
- linklib=$newlib
- fi # test -n "$old_archive_from_expsyms_cmds"
-
- if test prog = "$linkmode" || test relink != "$opt_mode"; then
- add_shlibpath=
- add_dir=
- add=
- lib_linked=yes
- case $hardcode_action in
- immediate | unsupported)
- if test no = "$hardcode_direct"; then
- add=$dir/$linklib
- case $host in
- *-*-sco3.2v5.0.[024]*) add_dir=-L$dir ;;
- *-*-sysv4*uw2*) add_dir=-L$dir ;;
- *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \
- *-*-unixware7*) add_dir=-L$dir ;;
- *-*-darwin* )
- # if the lib is a (non-dlopened) module then we cannot
- # link against it, someone is ignoring the earlier warnings
- if /usr/bin/file -L $add 2> /dev/null |
- $GREP ": [^:]* bundle" >/dev/null; then
- if test "X$dlopenmodule" != "X$lib"; then
- $ECHO "*** Warning: lib $linklib is a module, not a shared library"
- if test -z "$old_library"; then
- echo
- echo "*** And there doesn't seem to be a static archive available"
- echo "*** The link will probably fail, sorry"
- else
- add=$dir/$old_library
- fi
- elif test -n "$old_library"; then
- add=$dir/$old_library
- fi
- fi
- esac
- elif test no = "$hardcode_minus_L"; then
- case $host in
- *-*-sunos*) add_shlibpath=$dir ;;
- esac
- add_dir=-L$dir
- add=-l$name
- elif test no = "$hardcode_shlibpath_var"; then
- add_shlibpath=$dir
- add=-l$name
- else
- lib_linked=no
- fi
- ;;
- relink)
- if test yes = "$hardcode_direct" &&
- test no = "$hardcode_direct_absolute"; then
- add=$dir/$linklib
- elif test yes = "$hardcode_minus_L"; then
- add_dir=-L$absdir
- # Try looking first in the location we're being installed to.
- if test -n "$inst_prefix_dir"; then
- case $libdir in
- [\\/]*)
- func_append add_dir " -L$inst_prefix_dir$libdir"
- ;;
- esac
- fi
- add=-l$name
- elif test yes = "$hardcode_shlibpath_var"; then
- add_shlibpath=$dir
- add=-l$name
- else
- lib_linked=no
- fi
- ;;
- *) lib_linked=no ;;
- esac
-
- if test yes != "$lib_linked"; then
- func_fatal_configuration "unsupported hardcode properties"
- fi
-
- if test -n "$add_shlibpath"; then
- case :$compile_shlibpath: in
- *":$add_shlibpath:"*) ;;
- *) func_append compile_shlibpath "$add_shlibpath:" ;;
- esac
- fi
- if test prog = "$linkmode"; then
- test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs"
- test -n "$add" && compile_deplibs="$add $compile_deplibs"
- else
- test -n "$add_dir" && deplibs="$add_dir $deplibs"
- test -n "$add" && deplibs="$add $deplibs"
- if test yes != "$hardcode_direct" &&
- test yes != "$hardcode_minus_L" &&
- test yes = "$hardcode_shlibpath_var"; then
- case :$finalize_shlibpath: in
- *":$libdir:"*) ;;
- *) func_append finalize_shlibpath "$libdir:" ;;
- esac
- fi
- fi
- fi
-
- if test prog = "$linkmode" || test relink = "$opt_mode"; then
- add_shlibpath=
- add_dir=
- add=
- # Finalize command for both is simple: just hardcode it.
- if test yes = "$hardcode_direct" &&
- test no = "$hardcode_direct_absolute"; then
- add=$libdir/$linklib
- elif test yes = "$hardcode_minus_L"; then
- add_dir=-L$libdir
- add=-l$name
- elif test yes = "$hardcode_shlibpath_var"; then
- case :$finalize_shlibpath: in
- *":$libdir:"*) ;;
- *) func_append finalize_shlibpath "$libdir:" ;;
- esac
- add=-l$name
- elif test yes = "$hardcode_automatic"; then
- if test -n "$inst_prefix_dir" &&
- test -f "$inst_prefix_dir$libdir/$linklib"; then
- add=$inst_prefix_dir$libdir/$linklib
- else
- add=$libdir/$linklib
- fi
- else
- # We cannot seem to hardcode it, guess we'll fake it.
- add_dir=-L$libdir
- # Try looking first in the location we're being installed to.
- if test -n "$inst_prefix_dir"; then
- case $libdir in
- [\\/]*)
- func_append add_dir " -L$inst_prefix_dir$libdir"
- ;;
- esac
- fi
- add=-l$name
- fi
-
- if test prog = "$linkmode"; then
- test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs"
- test -n "$add" && finalize_deplibs="$add $finalize_deplibs"
- else
- test -n "$add_dir" && deplibs="$add_dir $deplibs"
- test -n "$add" && deplibs="$add $deplibs"
- fi
- fi
- elif test prog = "$linkmode"; then
- # Here we assume that one of hardcode_direct or hardcode_minus_L
- # is not unsupported. This is valid on all known static and
- # shared platforms.
- if test unsupported != "$hardcode_direct"; then
- test -n "$old_library" && linklib=$old_library
- compile_deplibs="$dir/$linklib $compile_deplibs"
- finalize_deplibs="$dir/$linklib $finalize_deplibs"
- else
- compile_deplibs="-l$name -L$dir $compile_deplibs"
- finalize_deplibs="-l$name -L$dir $finalize_deplibs"
- fi
- elif test yes = "$build_libtool_libs"; then
- # Not a shared library
- if test pass_all != "$deplibs_check_method"; then
- # We're trying link a shared library against a static one
- # but the system doesn't support it.
-
- # Just print a warning and add the library to dependency_libs so
- # that the program can be linked against the static library.
- echo
- $ECHO "*** Warning: This system cannot link to static lib archive $lib."
- echo "*** I have the capability to make that library automatically link in when"
- echo "*** you link to this library. But I can only do this if you have a"
- echo "*** shared version of the library, which you do not appear to have."
- if test yes = "$module"; then
- echo "*** But as you try to build a module library, libtool will still create "
- echo "*** a static module, that should work as long as the dlopening application"
- echo "*** is linked with the -dlopen flag to resolve symbols at runtime."
- if test -z "$global_symbol_pipe"; then
- echo
- echo "*** However, this would only work if libtool was able to extract symbol"
- echo "*** lists from a program, using 'nm' or equivalent, but libtool could"
- echo "*** not find such a program. So, this module is probably useless."
- echo "*** 'nm' from GNU binutils and a full rebuild may help."
- fi
- if test no = "$build_old_libs"; then
- build_libtool_libs=module
- build_old_libs=yes
- else
- build_libtool_libs=no
- fi
- fi
- else
- deplibs="$dir/$old_library $deplibs"
- link_static=yes
- fi
- fi # link shared/static library?
-
- if test lib = "$linkmode"; then
- if test -n "$dependency_libs" &&
- { test yes != "$hardcode_into_libs" ||
- test yes = "$build_old_libs" ||
- test yes = "$link_static"; }; then
- # Extract -R from dependency_libs
- temp_deplibs=
- for libdir in $dependency_libs; do
- case $libdir in
- -R*) func_stripname '-R' '' "$libdir"
- temp_xrpath=$func_stripname_result
- case " $xrpath " in
- *" $temp_xrpath "*) ;;
- *) func_append xrpath " $temp_xrpath";;
- esac;;
- *) func_append temp_deplibs " $libdir";;
- esac
- done
- dependency_libs=$temp_deplibs
- fi
-
- func_append newlib_search_path " $absdir"
- # Link against this library
- test no = "$link_static" && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
- # ... and its dependency_libs
- tmp_libs=
- for deplib in $dependency_libs; do
- newdependency_libs="$deplib $newdependency_libs"
- case $deplib in
- -L*) func_stripname '-L' '' "$deplib"
- func_resolve_sysroot "$func_stripname_result";;
- *) func_resolve_sysroot "$deplib" ;;
- esac
- if $opt_preserve_dup_deps; then
- case "$tmp_libs " in
- *" $func_resolve_sysroot_result "*)
- func_append specialdeplibs " $func_resolve_sysroot_result" ;;
- esac
- fi
- func_append tmp_libs " $func_resolve_sysroot_result"
- done
-
- if test no != "$link_all_deplibs"; then
- # Add the search paths of all dependency libraries
- for deplib in $dependency_libs; do
- path=
- case $deplib in
- -L*) path=$deplib ;;
- *.la)
- func_resolve_sysroot "$deplib"
- deplib=$func_resolve_sysroot_result
- func_dirname "$deplib" "" "."
- dir=$func_dirname_result
- # We need an absolute path.
- case $dir in
- [\\/]* | [A-Za-z]:[\\/]*) absdir=$dir ;;
- *)
- absdir=`cd "$dir" && pwd`
- if test -z "$absdir"; then
- func_warning "cannot determine absolute directory name of '$dir'"
- absdir=$dir
- fi
- ;;
- esac
- if $GREP "^installed=no" $deplib > /dev/null; then
- case $host in
- *-*-darwin*)
- depdepl=
- eval deplibrary_names=`$SED -n -e 's/^library_names=\(.*\)$/\1/p' $deplib`
- if test -n "$deplibrary_names"; then
- for tmp in $deplibrary_names; do
- depdepl=$tmp
- done
- if test -f "$absdir/$objdir/$depdepl"; then
- depdepl=$absdir/$objdir/$depdepl
- darwin_install_name=`$OTOOL -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
- if test -z "$darwin_install_name"; then
- darwin_install_name=`$OTOOL64 -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
- fi
- func_append compiler_flags " $wl-dylib_file $wl$darwin_install_name:$depdepl"
- func_append linker_flags " -dylib_file $darwin_install_name:$depdepl"
- path=
- fi
- fi
- ;;
- *)
- path=-L$absdir/$objdir
- ;;
- esac
- else
- eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
- test -z "$libdir" && \
- func_fatal_error "'$deplib' is not a valid libtool archive"
- test "$absdir" != "$libdir" && \
- func_warning "'$deplib' seems to be moved"
-
- path=-L$absdir
- fi
- ;;
- esac
- case " $deplibs " in
- *" $path "*) ;;
- *) deplibs="$path $deplibs" ;;
- esac
- done
- fi # link_all_deplibs != no
- fi # linkmode = lib
- done # for deplib in $libs
- if test link = "$pass"; then
- if test prog = "$linkmode"; then
- compile_deplibs="$new_inherited_linker_flags $compile_deplibs"
- finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs"
- else
- compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
- fi
- fi
- dependency_libs=$newdependency_libs
- if test dlpreopen = "$pass"; then
- # Link the dlpreopened libraries before other libraries
- for deplib in $save_deplibs; do
- deplibs="$deplib $deplibs"
- done
- fi
- if test dlopen != "$pass"; then
- test conv = "$pass" || {
- # Make sure lib_search_path contains only unique directories.
- lib_search_path=
- for dir in $newlib_search_path; do
- case "$lib_search_path " in
- *" $dir "*) ;;
- *) func_append lib_search_path " $dir" ;;
- esac
- done
- newlib_search_path=
- }
-
- if test prog,link = "$linkmode,$pass"; then
- vars="compile_deplibs finalize_deplibs"
- else
- vars=deplibs
- fi
- for var in $vars dependency_libs; do
- # Add libraries to $var in reverse order
- eval tmp_libs=\"\$$var\"
- new_libs=
- for deplib in $tmp_libs; do
- # FIXME: Pedantically, this is the right thing to do, so
- # that some nasty dependency loop isn't accidentally
- # broken:
- #new_libs="$deplib $new_libs"
- # Pragmatically, this seems to cause very few problems in
- # practice:
- case $deplib in
- -L*) new_libs="$deplib $new_libs" ;;
- -R*) ;;
- *)
- # And here is the reason: when a library appears more
- # than once as an explicit dependence of a library, or
- # is implicitly linked in more than once by the
- # compiler, it is considered special, and multiple
- # occurrences thereof are not removed. Compare this
- # with having the same library being listed as a
- # dependency of multiple other libraries: in this case,
- # we know (pedantically, we assume) the library does not
- # need to be listed more than once, so we keep only the
- # last copy. This is not always right, but it is rare
- # enough that we require users that really mean to play
- # such unportable linking tricks to link the library
- # using -Wl,-lname, so that libtool does not consider it
- # for duplicate removal.
- case " $specialdeplibs " in
- *" $deplib "*) new_libs="$deplib $new_libs" ;;
- *)
- case " $new_libs " in
- *" $deplib "*) ;;
- *) new_libs="$deplib $new_libs" ;;
- esac
- ;;
- esac
- ;;
- esac
- done
- tmp_libs=
- for deplib in $new_libs; do
- case $deplib in
- -L*)
- case " $tmp_libs " in
- *" $deplib "*) ;;
- *) func_append tmp_libs " $deplib" ;;
- esac
- ;;
- *) func_append tmp_libs " $deplib" ;;
- esac
- done
- eval $var=\"$tmp_libs\"
- done # for var
- fi
-
- # Add Sun CC postdeps if required:
- test CXX = "$tagname" && {
- case $host_os in
- linux*)
- case `$CC -V 2>&1 | sed 5q` in
- *Sun\ C*) # Sun C++ 5.9
- func_suncc_cstd_abi
-
- if test no != "$suncc_use_cstd_abi"; then
- func_append postdeps ' -library=Cstd -library=Crun'
- fi
- ;;
- esac
- ;;
-
- solaris*)
- func_cc_basename "$CC"
- case $func_cc_basename_result in
- CC* | sunCC*)
- func_suncc_cstd_abi
-
- if test no != "$suncc_use_cstd_abi"; then
- func_append postdeps ' -library=Cstd -library=Crun'
- fi
- ;;
- esac
- ;;
- esac
- }
-
- # Last step: remove runtime libs from dependency_libs
- # (they stay in deplibs)
- tmp_libs=
- for i in $dependency_libs; do
- case " $predeps $postdeps $compiler_lib_search_path " in
- *" $i "*)
- i=
- ;;
- esac
- if test -n "$i"; then
- func_append tmp_libs " $i"
- fi
- done
- dependency_libs=$tmp_libs
- done # for pass
- if test prog = "$linkmode"; then
- dlfiles=$newdlfiles
- fi
- if test prog = "$linkmode" || test lib = "$linkmode"; then
- dlprefiles=$newdlprefiles
- fi
-
- case $linkmode in
- oldlib)
- if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then
- func_warning "'-dlopen' is ignored for archives"
- fi
-
- case " $deplibs" in
- *\ -l* | *\ -L*)
- func_warning "'-l' and '-L' are ignored for archives" ;;
- esac
-
- test -n "$rpath" && \
- func_warning "'-rpath' is ignored for archives"
-
- test -n "$xrpath" && \
- func_warning "'-R' is ignored for archives"
-
- test -n "$vinfo" && \
- func_warning "'-version-info/-version-number' is ignored for archives"
-
- test -n "$release" && \
- func_warning "'-release' is ignored for archives"
-
- test -n "$export_symbols$export_symbols_regex" && \
- func_warning "'-export-symbols' is ignored for archives"
-
- # Now set the variables for building old libraries.
- build_libtool_libs=no
- oldlibs=$output
- func_append objs "$old_deplibs"
- ;;
-
- lib)
- # Make sure we only generate libraries of the form 'libNAME.la'.
- case $outputname in
- lib*)
- func_stripname 'lib' '.la' "$outputname"
- name=$func_stripname_result
- eval shared_ext=\"$shrext_cmds\"
- eval libname=\"$libname_spec\"
- ;;
- *)
- test no = "$module" \
- && func_fatal_help "libtool library '$output' must begin with 'lib'"
-
- if test no != "$need_lib_prefix"; then
- # Add the "lib" prefix for modules if required
- func_stripname '' '.la' "$outputname"
- name=$func_stripname_result
- eval shared_ext=\"$shrext_cmds\"
- eval libname=\"$libname_spec\"
- else
- func_stripname '' '.la' "$outputname"
- libname=$func_stripname_result
- fi
- ;;
- esac
-
- if test -n "$objs"; then
- if test pass_all != "$deplibs_check_method"; then
- func_fatal_error "cannot build libtool library '$output' from non-libtool objects on this host:$objs"
- else
- echo
- $ECHO "*** Warning: Linking the shared library $output against the non-libtool"
- $ECHO "*** objects $objs is not portable!"
- func_append libobjs " $objs"
- fi
- fi
-
- test no = "$dlself" \
- || func_warning "'-dlopen self' is ignored for libtool libraries"
-
- set dummy $rpath
- shift
- test 1 -lt "$#" \
- && func_warning "ignoring multiple '-rpath's for a libtool library"
-
- install_libdir=$1
-
- oldlibs=
- if test -z "$rpath"; then
- if test yes = "$build_libtool_libs"; then
- # Building a libtool convenience library.
- # Some compilers have problems with a '.al' extension so
- # convenience libraries should have the same extension an
- # archive normally would.
- oldlibs="$output_objdir/$libname.$libext $oldlibs"
- build_libtool_libs=convenience
- build_old_libs=yes
- fi
-
- test -n "$vinfo" && \
- func_warning "'-version-info/-version-number' is ignored for convenience libraries"
-
- test -n "$release" && \
- func_warning "'-release' is ignored for convenience libraries"
- else
-
- # Parse the version information argument.
- save_ifs=$IFS; IFS=:
- set dummy $vinfo 0 0 0
- shift
- IFS=$save_ifs
-
- test -n "$7" && \
- func_fatal_help "too many parameters to '-version-info'"
-
- # convert absolute version numbers to libtool ages
- # this retains compatibility with .la files and attempts
- # to make the code below a bit more comprehensible
-
- case $vinfo_number in
- yes)
- number_major=$1
- number_minor=$2
- number_revision=$3
- #
- # There are really only two kinds -- those that
- # use the current revision as the major version
- # and those that subtract age and use age as
- # a minor version. But, then there is irix
- # that has an extra 1 added just for fun
- #
- case $version_type in
- # correct linux to gnu/linux during the next big refactor
- darwin|freebsd-elf|linux|osf|windows|none)
- func_arith $number_major + $number_minor
- current=$func_arith_result
- age=$number_minor
- revision=$number_revision
- ;;
- freebsd-aout|qnx|sunos)
- current=$number_major
- revision=$number_minor
- age=0
- ;;
- irix|nonstopux)
- func_arith $number_major + $number_minor
- current=$func_arith_result
- age=$number_minor
- revision=$number_minor
- lt_irix_increment=no
- ;;
- *)
- func_fatal_configuration "$modename: unknown library version type '$version_type'"
- ;;
- esac
- ;;
- no)
- current=$1
- revision=$2
- age=$3
- ;;
- esac
-
- # Check that each of the things are valid numbers.
- case $current in
- 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
- *)
- func_error "CURRENT '$current' must be a nonnegative integer"
- func_fatal_error "'$vinfo' is not valid version information"
- ;;
- esac
-
- case $revision in
- 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
- *)
- func_error "REVISION '$revision' must be a nonnegative integer"
- func_fatal_error "'$vinfo' is not valid version information"
- ;;
- esac
-
- case $age in
- 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
- *)
- func_error "AGE '$age' must be a nonnegative integer"
- func_fatal_error "'$vinfo' is not valid version information"
- ;;
- esac
-
- if test "$age" -gt "$current"; then
- func_error "AGE '$age' is greater than the current interface number '$current'"
- func_fatal_error "'$vinfo' is not valid version information"
- fi
-
- # Calculate the version variables.
- major=
- versuffix=
- verstring=
- case $version_type in
- none) ;;
-
- darwin)
- # Like Linux, but with the current version available in
- # verstring for coding it into the library header
- func_arith $current - $age
- major=.$func_arith_result
- versuffix=$major.$age.$revision
- # Darwin ld doesn't like 0 for these options...
- func_arith $current + 1
- minor_current=$func_arith_result
- xlcverstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision"
- verstring="-compatibility_version $minor_current -current_version $minor_current.$revision"
- # On Darwin other compilers
- case $CC in
- nagfor*)
- verstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision"
- ;;
- *)
- verstring="-compatibility_version $minor_current -current_version $minor_current.$revision"
- ;;
- esac
- ;;
-
- freebsd-aout)
- major=.$current
- versuffix=.$current.$revision
- ;;
-
- freebsd-elf)
- func_arith $current - $age
- major=.$func_arith_result
- versuffix=$major.$age.$revision
- ;;
-
- irix | nonstopux)
- if test no = "$lt_irix_increment"; then
- func_arith $current - $age
- else
- func_arith $current - $age + 1
- fi
- major=$func_arith_result
-
- case $version_type in
- nonstopux) verstring_prefix=nonstopux ;;
- *) verstring_prefix=sgi ;;
- esac
- verstring=$verstring_prefix$major.$revision
-
- # Add in all the interfaces that we are compatible with.
- loop=$revision
- while test 0 -ne "$loop"; do
- func_arith $revision - $loop
- iface=$func_arith_result
- func_arith $loop - 1
- loop=$func_arith_result
- verstring=$verstring_prefix$major.$iface:$verstring
- done
-
- # Before this point, $major must not contain '.'.
- major=.$major
- versuffix=$major.$revision
- ;;
-
- linux) # correct to gnu/linux during the next big refactor
- func_arith $current - $age
- major=.$func_arith_result
- versuffix=$major.$age.$revision
- ;;
-
- osf)
- func_arith $current - $age
- major=.$func_arith_result
- versuffix=.$current.$age.$revision
- verstring=$current.$age.$revision
-
- # Add in all the interfaces that we are compatible with.
- loop=$age
- while test 0 -ne "$loop"; do
- func_arith $current - $loop
- iface=$func_arith_result
- func_arith $loop - 1
- loop=$func_arith_result
- verstring=$verstring:$iface.0
- done
-
- # Make executables depend on our current version.
- func_append verstring ":$current.0"
- ;;
-
- qnx)
- major=.$current
- versuffix=.$current
- ;;
-
- sco)
- major=.$current
- versuffix=.$current
- ;;
-
- sunos)
- major=.$current
- versuffix=.$current.$revision
- ;;
-
- windows)
- # Use '-' rather than '.', since we only want one
- # extension on DOS 8.3 file systems.
- func_arith $current - $age
- major=$func_arith_result
- versuffix=-$major
- ;;
-
- *)
- func_fatal_configuration "unknown library version type '$version_type'"
- ;;
- esac
-
- # Clear the version info if we defaulted, and they specified a release.
- if test -z "$vinfo" && test -n "$release"; then
- major=
- case $version_type in
- darwin)
- # we can't check for "0.0" in archive_cmds due to quoting
- # problems, so we reset it completely
- verstring=
- ;;
- *)
- verstring=0.0
- ;;
- esac
- if test no = "$need_version"; then
- versuffix=
- else
- versuffix=.0.0
- fi
- fi
-
- # Remove version info from name if versioning should be avoided
- if test yes,no = "$avoid_version,$need_version"; then
- major=
- versuffix=
- verstring=
- fi
-
- # Check to see if the archive will have undefined symbols.
- if test yes = "$allow_undefined"; then
- if test unsupported = "$allow_undefined_flag"; then
- if test yes = "$build_old_libs"; then
- func_warning "undefined symbols not allowed in $host shared libraries; building static only"
- build_libtool_libs=no
- else
- func_fatal_error "can't build $host shared library unless -no-undefined is specified"
- fi
- fi
- else
- # Don't allow undefined symbols.
- allow_undefined_flag=$no_undefined_flag
- fi
-
- fi
-
- func_generate_dlsyms "$libname" "$libname" :
- func_append libobjs " $symfileobj"
- test " " = "$libobjs" && libobjs=
-
- if test relink != "$opt_mode"; then
- # Remove our outputs, but don't remove object files since they
- # may have been created when compiling PIC objects.
- removelist=
- tempremovelist=`$ECHO "$output_objdir/*"`
- for p in $tempremovelist; do
- case $p in
- *.$objext | *.gcno)
- ;;
- $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/$libname$release.*)
- if test -n "$precious_files_regex"; then
- if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1
- then
- continue
- fi
- fi
- func_append removelist " $p"
- ;;
- *) ;;
- esac
- done
- test -n "$removelist" && \
- func_show_eval "${RM}r \$removelist"
- fi
-
- # Now set the variables for building old libraries.
- if test yes = "$build_old_libs" && test convenience != "$build_libtool_libs"; then
- func_append oldlibs " $output_objdir/$libname.$libext"
-
- # Transform .lo files to .o files.
- oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; $lo2o" | $NL2SP`
- fi
-
- # Eliminate all temporary directories.
- #for path in $notinst_path; do
- # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"`
- # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"`
- # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"`
- #done
-
- if test -n "$xrpath"; then
- # If the user specified any rpath flags, then add them.
- temp_xrpath=
- for libdir in $xrpath; do
- func_replace_sysroot "$libdir"
- func_append temp_xrpath " -R$func_replace_sysroot_result"
- case "$finalize_rpath " in
- *" $libdir "*) ;;
- *) func_append finalize_rpath " $libdir" ;;
- esac
- done
- if test yes != "$hardcode_into_libs" || test yes = "$build_old_libs"; then
- dependency_libs="$temp_xrpath $dependency_libs"
- fi
- fi
-
- # Make sure dlfiles contains only unique files that won't be dlpreopened
- old_dlfiles=$dlfiles
- dlfiles=
- for lib in $old_dlfiles; do
- case " $dlprefiles $dlfiles " in
- *" $lib "*) ;;
- *) func_append dlfiles " $lib" ;;
- esac
- done
-
- # Make sure dlprefiles contains only unique files
- old_dlprefiles=$dlprefiles
- dlprefiles=
- for lib in $old_dlprefiles; do
- case "$dlprefiles " in
- *" $lib "*) ;;
- *) func_append dlprefiles " $lib" ;;
- esac
- done
-
- if test yes = "$build_libtool_libs"; then
- if test -n "$rpath"; then
- case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*)
- # these systems don't actually have a c library (as such)!
- ;;
- *-*-rhapsody* | *-*-darwin1.[012])
- # Rhapsody C library is in the System framework
- func_append deplibs " System.ltframework"
- ;;
- *-*-netbsd*)
- # Don't link with libc until the a.out ld.so is fixed.
- ;;
- *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
- # Do not include libc due to us having libc/libc_r.
- ;;
- *-*-sco3.2v5* | *-*-sco5v6*)
- # Causes problems with __ctype
- ;;
- *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
- # Compiler inserts libc in the correct place for threads to work
- ;;
- *)
- # Add libc to deplibs on all other systems if necessary.
- if test yes = "$build_libtool_need_lc"; then
- func_append deplibs " -lc"
- fi
- ;;
- esac
- fi
-
- # Transform deplibs into only deplibs that can be linked in shared.
- name_save=$name
- libname_save=$libname
- release_save=$release
- versuffix_save=$versuffix
- major_save=$major
- # I'm not sure if I'm treating the release correctly. I think
- # release should show up in the -l (ie -lgmp5) so we don't want to
- # add it in twice. Is that correct?
- release=
- versuffix=
- major=
- newdeplibs=
- droppeddeps=no
- case $deplibs_check_method in
- pass_all)
- # Don't check for shared/static. Everything works.
- # This might be a little naive. We might want to check
- # whether the library exists or not. But this is on
- # osf3 & osf4 and I'm not really sure... Just
- # implementing what was already the behavior.
- newdeplibs=$deplibs
- ;;
- test_compile)
- # This code stresses the "libraries are programs" paradigm to its
- # limits. Maybe even breaks it. We compile a program, linking it
- # against the deplibs as a proxy for the library. Then we can check
- # whether they linked in statically or dynamically with ldd.
- $opt_dry_run || $RM conftest.c
- cat > conftest.c <<EOF
- int main() { return 0; }
-EOF
- $opt_dry_run || $RM conftest
- if $LTCC $LTCFLAGS -o conftest conftest.c $deplibs; then
- ldd_output=`ldd conftest`
- for i in $deplibs; do
- case $i in
- -l*)
- func_stripname -l '' "$i"
- name=$func_stripname_result
- if test yes = "$allow_libtool_libs_with_static_runtimes"; then
- case " $predeps $postdeps " in
- *" $i "*)
- func_append newdeplibs " $i"
- i=
- ;;
- esac
- fi
- if test -n "$i"; then
- libname=`eval "\\$ECHO \"$libname_spec\""`
- deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
- set dummy $deplib_matches; shift
- deplib_match=$1
- if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0; then
- func_append newdeplibs " $i"
- else
- droppeddeps=yes
- echo
- $ECHO "*** Warning: dynamic linker does not accept needed library $i."
- echo "*** I have the capability to make that library automatically link in when"
- echo "*** you link to this library. But I can only do this if you have a"
- echo "*** shared version of the library, which I believe you do not have"
- echo "*** because a test_compile did reveal that the linker did not use it for"
- echo "*** its dynamic dependency list that programs get resolved with at runtime."
- fi
- fi
- ;;
- *)
- func_append newdeplibs " $i"
- ;;
- esac
- done
- else
- # Error occurred in the first compile. Let's try to salvage
- # the situation: Compile a separate program for each library.
- for i in $deplibs; do
- case $i in
- -l*)
- func_stripname -l '' "$i"
- name=$func_stripname_result
- $opt_dry_run || $RM conftest
- if $LTCC $LTCFLAGS -o conftest conftest.c $i; then
- ldd_output=`ldd conftest`
- if test yes = "$allow_libtool_libs_with_static_runtimes"; then
- case " $predeps $postdeps " in
- *" $i "*)
- func_append newdeplibs " $i"
- i=
- ;;
- esac
- fi
- if test -n "$i"; then
- libname=`eval "\\$ECHO \"$libname_spec\""`
- deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
- set dummy $deplib_matches; shift
- deplib_match=$1
- if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0; then
- func_append newdeplibs " $i"
- else
- droppeddeps=yes
- echo
- $ECHO "*** Warning: dynamic linker does not accept needed library $i."
- echo "*** I have the capability to make that library automatically link in when"
- echo "*** you link to this library. But I can only do this if you have a"
- echo "*** shared version of the library, which you do not appear to have"
- echo "*** because a test_compile did reveal that the linker did not use this one"
- echo "*** as a dynamic dependency that programs can get resolved with at runtime."
- fi
- fi
- else
- droppeddeps=yes
- echo
- $ECHO "*** Warning! Library $i is needed by this library but I was not able to"
- echo "*** make it link in! You will probably need to install it or some"
- echo "*** library that it depends on before this library will be fully"
- echo "*** functional. Installing it before continuing would be even better."
- fi
- ;;
- *)
- func_append newdeplibs " $i"
- ;;
- esac
- done
- fi
- ;;
- file_magic*)
- set dummy $deplibs_check_method; shift
- file_magic_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
- for a_deplib in $deplibs; do
- case $a_deplib in
- -l*)
- func_stripname -l '' "$a_deplib"
- name=$func_stripname_result
- if test yes = "$allow_libtool_libs_with_static_runtimes"; then
- case " $predeps $postdeps " in
- *" $a_deplib "*)
- func_append newdeplibs " $a_deplib"
- a_deplib=
- ;;
- esac
- fi
- if test -n "$a_deplib"; then
- libname=`eval "\\$ECHO \"$libname_spec\""`
- if test -n "$file_magic_glob"; then
- libnameglob=`func_echo_all "$libname" | $SED -e $file_magic_glob`
- else
- libnameglob=$libname
- fi
- test yes = "$want_nocaseglob" && nocaseglob=`shopt -p nocaseglob`
- for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
- if test yes = "$want_nocaseglob"; then
- shopt -s nocaseglob
- potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null`
- $nocaseglob
- else
- potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null`
- fi
- for potent_lib in $potential_libs; do
- # Follow soft links.
- if ls -lLd "$potent_lib" 2>/dev/null |
- $GREP " -> " >/dev/null; then
- continue
- fi
- # The statement above tries to avoid entering an
- # endless loop below, in case of cyclic links.
- # We might still enter an endless loop, since a link
- # loop can be closed while we follow links,
- # but so what?
- potlib=$potent_lib
- while test -h "$potlib" 2>/dev/null; do
- potliblink=`ls -ld $potlib | $SED 's/.* -> //'`
- case $potliblink in
- [\\/]* | [A-Za-z]:[\\/]*) potlib=$potliblink;;
- *) potlib=`$ECHO "$potlib" | $SED 's|[^/]*$||'`"$potliblink";;
- esac
- done
- if eval $file_magic_cmd \"\$potlib\" 2>/dev/null |
- $SED -e 10q |
- $EGREP "$file_magic_regex" > /dev/null; then
- func_append newdeplibs " $a_deplib"
- a_deplib=
- break 2
- fi
- done
- done
- fi
- if test -n "$a_deplib"; then
- droppeddeps=yes
- echo
- $ECHO "*** Warning: linker path does not have real file for library $a_deplib."
- echo "*** I have the capability to make that library automatically link in when"
- echo "*** you link to this library. But I can only do this if you have a"
- echo "*** shared version of the library, which you do not appear to have"
- echo "*** because I did check the linker path looking for a file starting"
- if test -z "$potlib"; then
- $ECHO "*** with $libname but no candidates were found. (...for file magic test)"
- else
- $ECHO "*** with $libname and none of the candidates passed a file format test"
- $ECHO "*** using a file magic. Last file checked: $potlib"
- fi
- fi
- ;;
- *)
- # Add a -L argument.
- func_append newdeplibs " $a_deplib"
- ;;
- esac
- done # Gone through all deplibs.
- ;;
- match_pattern*)
- set dummy $deplibs_check_method; shift
- match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
- for a_deplib in $deplibs; do
- case $a_deplib in
- -l*)
- func_stripname -l '' "$a_deplib"
- name=$func_stripname_result
- if test yes = "$allow_libtool_libs_with_static_runtimes"; then
- case " $predeps $postdeps " in
- *" $a_deplib "*)
- func_append newdeplibs " $a_deplib"
- a_deplib=
- ;;
- esac
- fi
- if test -n "$a_deplib"; then
- libname=`eval "\\$ECHO \"$libname_spec\""`
- for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
- potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
- for potent_lib in $potential_libs; do
- potlib=$potent_lib # see symlink-check above in file_magic test
- if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \
- $EGREP "$match_pattern_regex" > /dev/null; then
- func_append newdeplibs " $a_deplib"
- a_deplib=
- break 2
- fi
- done
- done
- fi
- if test -n "$a_deplib"; then
- droppeddeps=yes
- echo
- $ECHO "*** Warning: linker path does not have real file for library $a_deplib."
- echo "*** I have the capability to make that library automatically link in when"
- echo "*** you link to this library. But I can only do this if you have a"
- echo "*** shared version of the library, which you do not appear to have"
- echo "*** because I did check the linker path looking for a file starting"
- if test -z "$potlib"; then
- $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)"
- else
- $ECHO "*** with $libname and none of the candidates passed a file format test"
- $ECHO "*** using a regex pattern. Last file checked: $potlib"
- fi
- fi
- ;;
- *)
- # Add a -L argument.
- func_append newdeplibs " $a_deplib"
- ;;
- esac
- done # Gone through all deplibs.
- ;;
- none | unknown | *)
- newdeplibs=
- tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'`
- if test yes = "$allow_libtool_libs_with_static_runtimes"; then
- for i in $predeps $postdeps; do
- # can't use Xsed below, because $i might contain '/'
- tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s|$i||"`
- done
- fi
- case $tmp_deplibs in
- *[!\ \ ]*)
- echo
- if test none = "$deplibs_check_method"; then
- echo "*** Warning: inter-library dependencies are not supported in this platform."
- else
- echo "*** Warning: inter-library dependencies are not known to be supported."
- fi
- echo "*** All declared inter-library dependencies are being dropped."
- droppeddeps=yes
- ;;
- esac
- ;;
- esac
- versuffix=$versuffix_save
- major=$major_save
- release=$release_save
- libname=$libname_save
- name=$name_save
-
- case $host in
- *-*-rhapsody* | *-*-darwin1.[012])
- # On Rhapsody replace the C library with the System framework
- newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'`
- ;;
- esac
-
- if test yes = "$droppeddeps"; then
- if test yes = "$module"; then
- echo
- echo "*** Warning: libtool could not satisfy all declared inter-library"
- $ECHO "*** dependencies of module $libname. Therefore, libtool will create"
- echo "*** a static module, that should work as long as the dlopening"
- echo "*** application is linked with the -dlopen flag."
- if test -z "$global_symbol_pipe"; then
- echo
- echo "*** However, this would only work if libtool was able to extract symbol"
- echo "*** lists from a program, using 'nm' or equivalent, but libtool could"
- echo "*** not find such a program. So, this module is probably useless."
- echo "*** 'nm' from GNU binutils and a full rebuild may help."
- fi
- if test no = "$build_old_libs"; then
- oldlibs=$output_objdir/$libname.$libext
- build_libtool_libs=module
- build_old_libs=yes
- else
- build_libtool_libs=no
- fi
- else
- echo "*** The inter-library dependencies that have been dropped here will be"
- echo "*** automatically added whenever a program is linked with this library"
- echo "*** or is declared to -dlopen it."
-
- if test no = "$allow_undefined"; then
- echo
- echo "*** Since this library must not contain undefined symbols,"
- echo "*** because either the platform does not support them or"
- echo "*** it was explicitly requested with -no-undefined,"
- echo "*** libtool will only create a static version of it."
- if test no = "$build_old_libs"; then
- oldlibs=$output_objdir/$libname.$libext
- build_libtool_libs=module
- build_old_libs=yes
- else
- build_libtool_libs=no
- fi
- fi
- fi
- fi
- # Done checking deplibs!
- deplibs=$newdeplibs
- fi
- # Time to change all our "foo.ltframework" stuff back to "-framework foo"
- case $host in
- *-*-darwin*)
- newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
- new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
- deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
- ;;
- esac
-
- # move library search paths that coincide with paths to not yet
- # installed libraries to the beginning of the library search list
- new_libs=
- for path in $notinst_path; do
- case " $new_libs " in
- *" -L$path/$objdir "*) ;;
- *)
- case " $deplibs " in
- *" -L$path/$objdir "*)
- func_append new_libs " -L$path/$objdir" ;;
- esac
- ;;
- esac
- done
- for deplib in $deplibs; do
- case $deplib in
- -L*)
- case " $new_libs " in
- *" $deplib "*) ;;
- *) func_append new_libs " $deplib" ;;
- esac
- ;;
- *) func_append new_libs " $deplib" ;;
- esac
- done
- deplibs=$new_libs
-
- # All the library-specific variables (install_libdir is set above).
- library_names=
- old_library=
- dlname=
-
- # Test again, we may have decided not to build it any more
- if test yes = "$build_libtool_libs"; then
- # Remove $wl instances when linking with ld.
- # FIXME: should test the right _cmds variable.
- case $archive_cmds in
- *\$LD\ *) wl= ;;
- esac
- if test yes = "$hardcode_into_libs"; then
- # Hardcode the library paths
- hardcode_libdirs=
- dep_rpath=
- rpath=$finalize_rpath
- test relink = "$opt_mode" || rpath=$compile_rpath$rpath
- for libdir in $rpath; do
- if test -n "$hardcode_libdir_flag_spec"; then
- if test -n "$hardcode_libdir_separator"; then
- func_replace_sysroot "$libdir"
- libdir=$func_replace_sysroot_result
- if test -z "$hardcode_libdirs"; then
- hardcode_libdirs=$libdir
- else
- # Just accumulate the unique libdirs.
- case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
- *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
- ;;
- *)
- func_append hardcode_libdirs "$hardcode_libdir_separator$libdir"
- ;;
- esac
- fi
- else
- eval flag=\"$hardcode_libdir_flag_spec\"
- func_append dep_rpath " $flag"
- fi
- elif test -n "$runpath_var"; then
- case "$perm_rpath " in
- *" $libdir "*) ;;
- *) func_append perm_rpath " $libdir" ;;
- esac
- fi
- done
- # Substitute the hardcoded libdirs into the rpath.
- if test -n "$hardcode_libdir_separator" &&
- test -n "$hardcode_libdirs"; then
- libdir=$hardcode_libdirs
- eval "dep_rpath=\"$hardcode_libdir_flag_spec\""
- fi
- if test -n "$runpath_var" && test -n "$perm_rpath"; then
- # We should set the runpath_var.
- rpath=
- for dir in $perm_rpath; do
- func_append rpath "$dir:"
- done
- eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var"
- fi
- test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs"
- fi
-
- shlibpath=$finalize_shlibpath
- test relink = "$opt_mode" || shlibpath=$compile_shlibpath$shlibpath
- if test -n "$shlibpath"; then
- eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var"
- fi
-
- # Get the real and link names of the library.
- eval shared_ext=\"$shrext_cmds\"
- eval library_names=\"$library_names_spec\"
- set dummy $library_names
- shift
- realname=$1
- shift
-
- if test -n "$soname_spec"; then
- eval soname=\"$soname_spec\"
- else
- soname=$realname
- fi
- if test -z "$dlname"; then
- dlname=$soname
- fi
-
- lib=$output_objdir/$realname
- linknames=
- for link
- do
- func_append linknames " $link"
- done
-
- # Use standard objects if they are pic
- test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP`
- test "X$libobjs" = "X " && libobjs=
-
- delfiles=
- if test -n "$export_symbols" && test -n "$include_expsyms"; then
- $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp"
- export_symbols=$output_objdir/$libname.uexp
- func_append delfiles " $export_symbols"
- fi
-
- orig_export_symbols=
- case $host_os in
- cygwin* | mingw* | cegcc*)
- if test -n "$export_symbols" && test -z "$export_symbols_regex"; then
- # exporting using user supplied symfile
- func_dll_def_p "$export_symbols" || {
- # and it's NOT already a .def file. Must figure out
- # which of the given symbols are data symbols and tag
- # them as such. So, trigger use of export_symbols_cmds.
- # export_symbols gets reassigned inside the "prepare
- # the list of exported symbols" if statement, so the
- # include_expsyms logic still works.
- orig_export_symbols=$export_symbols
- export_symbols=
- always_export_symbols=yes
- }
- fi
- ;;
- esac
-
- # Prepare the list of exported symbols
- if test -z "$export_symbols"; then
- if test yes = "$always_export_symbols" || test -n "$export_symbols_regex"; then
- func_verbose "generating symbol list for '$libname.la'"
- export_symbols=$output_objdir/$libname.exp
- $opt_dry_run || $RM $export_symbols
- cmds=$export_symbols_cmds
- save_ifs=$IFS; IFS='~'
- for cmd1 in $cmds; do
- IFS=$save_ifs
- # Take the normal branch if the nm_file_list_spec branch
- # doesn't work or if tool conversion is not needed.
- case $nm_file_list_spec~$to_tool_file_cmd in
- *~func_convert_file_noop | *~func_convert_file_msys_to_w32 | ~*)
- try_normal_branch=yes
- eval cmd=\"$cmd1\"
- func_len " $cmd"
- len=$func_len_result
- ;;
- *)
- try_normal_branch=no
- ;;
- esac
- if test yes = "$try_normal_branch" \
- && { test "$len" -lt "$max_cmd_len" \
- || test "$max_cmd_len" -le -1; }
- then
- func_show_eval "$cmd" 'exit $?'
- skipped_export=false
- elif test -n "$nm_file_list_spec"; then
- func_basename "$output"
- output_la=$func_basename_result
- save_libobjs=$libobjs
- save_output=$output
- output=$output_objdir/$output_la.nm
- func_to_tool_file "$output"
- libobjs=$nm_file_list_spec$func_to_tool_file_result
- func_append delfiles " $output"
- func_verbose "creating $NM input file list: $output"
- for obj in $save_libobjs; do
- func_to_tool_file "$obj"
- $ECHO "$func_to_tool_file_result"
- done > "$output"
- eval cmd=\"$cmd1\"
- func_show_eval "$cmd" 'exit $?'
- output=$save_output
- libobjs=$save_libobjs
- skipped_export=false
- else
- # The command line is too long to execute in one step.
- func_verbose "using reloadable object file for export list..."
- skipped_export=:
- # Break out early, otherwise skipped_export may be
- # set to false by a later but shorter cmd.
- break
- fi
- done
- IFS=$save_ifs
- if test -n "$export_symbols_regex" && test : != "$skipped_export"; then
- func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
- func_show_eval '$MV "${export_symbols}T" "$export_symbols"'
- fi
- fi
- fi
-
- if test -n "$export_symbols" && test -n "$include_expsyms"; then
- tmp_export_symbols=$export_symbols
- test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols
- $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"'
- fi
-
- if test : != "$skipped_export" && test -n "$orig_export_symbols"; then
- # The given exports_symbols file has to be filtered, so filter it.
- func_verbose "filter symbol list for '$libname.la' to tag DATA exports"
- # FIXME: $output_objdir/$libname.filter potentially contains lots of
- # 's' commands, which not all seds can handle. GNU sed should be fine
- # though. Also, the filter scales superlinearly with the number of
- # global variables. join(1) would be nice here, but unfortunately
- # isn't a blessed tool.
- $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
- func_append delfiles " $export_symbols $output_objdir/$libname.filter"
- export_symbols=$output_objdir/$libname.def
- $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
- fi
-
- tmp_deplibs=
- for test_deplib in $deplibs; do
- case " $convenience " in
- *" $test_deplib "*) ;;
- *)
- func_append tmp_deplibs " $test_deplib"
- ;;
- esac
- done
- deplibs=$tmp_deplibs
-
- if test -n "$convenience"; then
- if test -n "$whole_archive_flag_spec" &&
- test yes = "$compiler_needs_object" &&
- test -z "$libobjs"; then
- # extract the archives, so we have objects to list.
- # TODO: could optimize this to just extract one archive.
- whole_archive_flag_spec=
- fi
- if test -n "$whole_archive_flag_spec"; then
- save_libobjs=$libobjs
- eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
- test "X$libobjs" = "X " && libobjs=
- else
- gentop=$output_objdir/${outputname}x
- func_append generated " $gentop"
-
- func_extract_archives $gentop $convenience
- func_append libobjs " $func_extract_archives_result"
- test "X$libobjs" = "X " && libobjs=
- fi
- fi
-
- if test yes = "$thread_safe" && test -n "$thread_safe_flag_spec"; then
- eval flag=\"$thread_safe_flag_spec\"
- func_append linker_flags " $flag"
- fi
-
- # Make a backup of the uninstalled library when relinking
- if test relink = "$opt_mode"; then
- $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $?
- fi
-
- # Do each of the archive commands.
- if test yes = "$module" && test -n "$module_cmds"; then
- if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
- eval test_cmds=\"$module_expsym_cmds\"
- cmds=$module_expsym_cmds
- else
- eval test_cmds=\"$module_cmds\"
- cmds=$module_cmds
- fi
- else
- if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
- eval test_cmds=\"$archive_expsym_cmds\"
- cmds=$archive_expsym_cmds
- else
- eval test_cmds=\"$archive_cmds\"
- cmds=$archive_cmds
- fi
- fi
-
- if test : != "$skipped_export" &&
- func_len " $test_cmds" &&
- len=$func_len_result &&
- test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
- :
- else
- # The command line is too long to link in one step, link piecewise
- # or, if using GNU ld and skipped_export is not :, use a linker
- # script.
-
- # Save the value of $output and $libobjs because we want to
- # use them later. If we have whole_archive_flag_spec, we
- # want to use save_libobjs as it was before
- # whole_archive_flag_spec was expanded, because we can't
- # assume the linker understands whole_archive_flag_spec.
- # This may have to be revisited, in case too many
- # convenience libraries get linked in and end up exceeding
- # the spec.
- if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then
- save_libobjs=$libobjs
- fi
- save_output=$output
- func_basename "$output"
- output_la=$func_basename_result
-
- # Clear the reloadable object creation command queue and
- # initialize k to one.
- test_cmds=
- concat_cmds=
- objlist=
- last_robj=
- k=1
-
- if test -n "$save_libobjs" && test : != "$skipped_export" && test yes = "$with_gnu_ld"; then
- output=$output_objdir/$output_la.lnkscript
- func_verbose "creating GNU ld script: $output"
- echo 'INPUT (' > $output
- for obj in $save_libobjs
- do
- func_to_tool_file "$obj"
- $ECHO "$func_to_tool_file_result" >> $output
- done
- echo ')' >> $output
- func_append delfiles " $output"
- func_to_tool_file "$output"
- output=$func_to_tool_file_result
- elif test -n "$save_libobjs" && test : != "$skipped_export" && test -n "$file_list_spec"; then
- output=$output_objdir/$output_la.lnk
- func_verbose "creating linker input file list: $output"
- : > $output
- set x $save_libobjs
- shift
- firstobj=
- if test yes = "$compiler_needs_object"; then
- firstobj="$1 "
- shift
- fi
- for obj
- do
- func_to_tool_file "$obj"
- $ECHO "$func_to_tool_file_result" >> $output
- done
- func_append delfiles " $output"
- func_to_tool_file "$output"
- output=$firstobj\"$file_list_spec$func_to_tool_file_result\"
- else
- if test -n "$save_libobjs"; then
- func_verbose "creating reloadable object files..."
- output=$output_objdir/$output_la-$k.$objext
- eval test_cmds=\"$reload_cmds\"
- func_len " $test_cmds"
- len0=$func_len_result
- len=$len0
-
- # Loop over the list of objects to be linked.
- for obj in $save_libobjs
- do
- func_len " $obj"
- func_arith $len + $func_len_result
- len=$func_arith_result
- if test -z "$objlist" ||
- test "$len" -lt "$max_cmd_len"; then
- func_append objlist " $obj"
- else
- # The command $test_cmds is almost too long, add a
- # command to the queue.
- if test 1 -eq "$k"; then
- # The first file doesn't have a previous command to add.
- reload_objs=$objlist
- eval concat_cmds=\"$reload_cmds\"
- else
- # All subsequent reloadable object files will link in
- # the last one created.
- reload_objs="$objlist $last_robj"
- eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\"
- fi
- last_robj=$output_objdir/$output_la-$k.$objext
- func_arith $k + 1
- k=$func_arith_result
- output=$output_objdir/$output_la-$k.$objext
- objlist=" $obj"
- func_len " $last_robj"
- func_arith $len0 + $func_len_result
- len=$func_arith_result
- fi
- done
- # Handle the remaining objects by creating one last
- # reloadable object file. All subsequent reloadable object
- # files will link in the last one created.
- test -z "$concat_cmds" || concat_cmds=$concat_cmds~
- reload_objs="$objlist $last_robj"
- eval concat_cmds=\"\$concat_cmds$reload_cmds\"
- if test -n "$last_robj"; then
- eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\"
- fi
- func_append delfiles " $output"
-
- else
- output=
- fi
-
- ${skipped_export-false} && {
- func_verbose "generating symbol list for '$libname.la'"
- export_symbols=$output_objdir/$libname.exp
- $opt_dry_run || $RM $export_symbols
- libobjs=$output
- # Append the command to create the export file.
- test -z "$concat_cmds" || concat_cmds=$concat_cmds~
- eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\"
- if test -n "$last_robj"; then
- eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\"
- fi
- }
-
- test -n "$save_libobjs" &&
- func_verbose "creating a temporary reloadable object file: $output"
-
- # Loop through the commands generated above and execute them.
- save_ifs=$IFS; IFS='~'
- for cmd in $concat_cmds; do
- IFS=$save_ifs
- $opt_quiet || {
- func_quote_for_expand "$cmd"
- eval "func_echo $func_quote_for_expand_result"
- }
- $opt_dry_run || eval "$cmd" || {
- lt_exit=$?
-
- # Restore the uninstalled library and exit
- if test relink = "$opt_mode"; then
- ( cd "$output_objdir" && \
- $RM "${realname}T" && \
- $MV "${realname}U" "$realname" )
- fi
-
- exit $lt_exit
- }
- done
- IFS=$save_ifs
-
- if test -n "$export_symbols_regex" && ${skipped_export-false}; then
- func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
- func_show_eval '$MV "${export_symbols}T" "$export_symbols"'
- fi
- fi
-
- ${skipped_export-false} && {
- if test -n "$export_symbols" && test -n "$include_expsyms"; then
- tmp_export_symbols=$export_symbols
- test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols
- $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"'
- fi
-
- if test -n "$orig_export_symbols"; then
- # The given exports_symbols file has to be filtered, so filter it.
- func_verbose "filter symbol list for '$libname.la' to tag DATA exports"
- # FIXME: $output_objdir/$libname.filter potentially contains lots of
- # 's' commands, which not all seds can handle. GNU sed should be fine
- # though. Also, the filter scales superlinearly with the number of
- # global variables. join(1) would be nice here, but unfortunately
- # isn't a blessed tool.
- $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
- func_append delfiles " $export_symbols $output_objdir/$libname.filter"
- export_symbols=$output_objdir/$libname.def
- $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
- fi
- }
-
- libobjs=$output
- # Restore the value of output.
- output=$save_output
-
- if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then
- eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
- test "X$libobjs" = "X " && libobjs=
- fi
- # Expand the library linking commands again to reset the
- # value of $libobjs for piecewise linking.
-
- # Do each of the archive commands.
- if test yes = "$module" && test -n "$module_cmds"; then
- if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
- cmds=$module_expsym_cmds
- else
- cmds=$module_cmds
- fi
- else
- if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
- cmds=$archive_expsym_cmds
- else
- cmds=$archive_cmds
- fi
- fi
- fi
-
- if test -n "$delfiles"; then
- # Append the command to remove temporary files to $cmds.
- eval cmds=\"\$cmds~\$RM $delfiles\"
- fi
-
- # Add any objects from preloaded convenience libraries
- if test -n "$dlprefiles"; then
- gentop=$output_objdir/${outputname}x
- func_append generated " $gentop"
-
- func_extract_archives $gentop $dlprefiles
- func_append libobjs " $func_extract_archives_result"
- test "X$libobjs" = "X " && libobjs=
- fi
-
- save_ifs=$IFS; IFS='~'
- for cmd in $cmds; do
- IFS=$sp$nl
- eval cmd=\"$cmd\"
- IFS=$save_ifs
- $opt_quiet || {
- func_quote_for_expand "$cmd"
- eval "func_echo $func_quote_for_expand_result"
- }
- $opt_dry_run || eval "$cmd" || {
- lt_exit=$?
-
- # Restore the uninstalled library and exit
- if test relink = "$opt_mode"; then
- ( cd "$output_objdir" && \
- $RM "${realname}T" && \
- $MV "${realname}U" "$realname" )
- fi
-
- exit $lt_exit
- }
- done
- IFS=$save_ifs
-
- # Restore the uninstalled library and exit
- if test relink = "$opt_mode"; then
- $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $?
-
- if test -n "$convenience"; then
- if test -z "$whole_archive_flag_spec"; then
- func_show_eval '${RM}r "$gentop"'
- fi
- fi
-
- exit $EXIT_SUCCESS
- fi
-
- # Create links to the real library.
- for linkname in $linknames; do
- if test "$realname" != "$linkname"; then
- func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?'
- fi
- done
-
- # If -module or -export-dynamic was specified, set the dlname.
- if test yes = "$module" || test yes = "$export_dynamic"; then
- # On all known operating systems, these are identical.
- dlname=$soname
- fi
- fi
- ;;
-
- obj)
- if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then
- func_warning "'-dlopen' is ignored for objects"
- fi
-
- case " $deplibs" in
- *\ -l* | *\ -L*)
- func_warning "'-l' and '-L' are ignored for objects" ;;
- esac
-
- test -n "$rpath" && \
- func_warning "'-rpath' is ignored for objects"
-
- test -n "$xrpath" && \
- func_warning "'-R' is ignored for objects"
-
- test -n "$vinfo" && \
- func_warning "'-version-info' is ignored for objects"
-
- test -n "$release" && \
- func_warning "'-release' is ignored for objects"
-
- case $output in
- *.lo)
- test -n "$objs$old_deplibs" && \
- func_fatal_error "cannot build library object '$output' from non-libtool objects"
-
- libobj=$output
- func_lo2o "$libobj"
- obj=$func_lo2o_result
- ;;
- *)
- libobj=
- obj=$output
- ;;
- esac
-
- # Delete the old objects.
- $opt_dry_run || $RM $obj $libobj
-
- # Objects from convenience libraries. This assumes
- # single-version convenience libraries. Whenever we create
- # different ones for PIC/non-PIC, this we'll have to duplicate
- # the extraction.
- reload_conv_objs=
- gentop=
- # if reload_cmds runs $LD directly, get rid of -Wl from
- # whole_archive_flag_spec and hope we can get by with turning comma
- # into space.
- case $reload_cmds in
- *\$LD[\ \$]*) wl= ;;
- esac
- if test -n "$convenience"; then
- if test -n "$whole_archive_flag_spec"; then
- eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\"
- test -n "$wl" || tmp_whole_archive_flags=`$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'`
- reload_conv_objs=$reload_objs\ $tmp_whole_archive_flags
- else
- gentop=$output_objdir/${obj}x
- func_append generated " $gentop"
-
- func_extract_archives $gentop $convenience
- reload_conv_objs="$reload_objs $func_extract_archives_result"
- fi
- fi
-
- # If we're not building shared, we need to use non_pic_objs
- test yes = "$build_libtool_libs" || libobjs=$non_pic_objects
-
- # Create the old-style object.
- reload_objs=$objs$old_deplibs' '`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; /\.lib$/d; $lo2o" | $NL2SP`' '$reload_conv_objs
-
- output=$obj
- func_execute_cmds "$reload_cmds" 'exit $?'
-
- # Exit if we aren't doing a library object file.
- if test -z "$libobj"; then
- if test -n "$gentop"; then
- func_show_eval '${RM}r "$gentop"'
- fi
-
- exit $EXIT_SUCCESS
- fi
-
- test yes = "$build_libtool_libs" || {
- if test -n "$gentop"; then
- func_show_eval '${RM}r "$gentop"'
- fi
-
- # Create an invalid libtool object if no PIC, so that we don't
- # accidentally link it into a program.
- # $show "echo timestamp > $libobj"
- # $opt_dry_run || eval "echo timestamp > $libobj" || exit $?
- exit $EXIT_SUCCESS
- }
-
- if test -n "$pic_flag" || test default != "$pic_mode"; then
- # Only do commands if we really have different PIC objects.
- reload_objs="$libobjs $reload_conv_objs"
- output=$libobj
- func_execute_cmds "$reload_cmds" 'exit $?'
- fi
-
- if test -n "$gentop"; then
- func_show_eval '${RM}r "$gentop"'
- fi
-
- exit $EXIT_SUCCESS
- ;;
-
- prog)
- case $host in
- *cygwin*) func_stripname '' '.exe' "$output"
- output=$func_stripname_result.exe;;
- esac
- test -n "$vinfo" && \
- func_warning "'-version-info' is ignored for programs"
-
- test -n "$release" && \
- func_warning "'-release' is ignored for programs"
-
- $preload \
- && test unknown,unknown,unknown = "$dlopen_support,$dlopen_self,$dlopen_self_static" \
- && func_warning "'LT_INIT([dlopen])' not used. Assuming no dlopen support."
-
- case $host in
- *-*-rhapsody* | *-*-darwin1.[012])
- # On Rhapsody replace the C library is the System framework
- compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'`
- finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'`
- ;;
- esac
-
- case $host in
- *-*-darwin*)
- # Don't allow lazy linking, it breaks C++ global constructors
- # But is supposedly fixed on 10.4 or later (yay!).
- if test CXX = "$tagname"; then
- case ${MACOSX_DEPLOYMENT_TARGET-10.0} in
- 10.[0123])
- func_append compile_command " $wl-bind_at_load"
- func_append finalize_command " $wl-bind_at_load"
- ;;
- esac
- fi
- # Time to change all our "foo.ltframework" stuff back to "-framework foo"
- compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
- finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
- ;;
- esac
-
-
- # move library search paths that coincide with paths to not yet
- # installed libraries to the beginning of the library search list
- new_libs=
- for path in $notinst_path; do
- case " $new_libs " in
- *" -L$path/$objdir "*) ;;
- *)
- case " $compile_deplibs " in
- *" -L$path/$objdir "*)
- func_append new_libs " -L$path/$objdir" ;;
- esac
- ;;
- esac
- done
- for deplib in $compile_deplibs; do
- case $deplib in
- -L*)
- case " $new_libs " in
- *" $deplib "*) ;;
- *) func_append new_libs " $deplib" ;;
- esac
- ;;
- *) func_append new_libs " $deplib" ;;
- esac
- done
- compile_deplibs=$new_libs
-
-
- func_append compile_command " $compile_deplibs"
- func_append finalize_command " $finalize_deplibs"
-
- if test -n "$rpath$xrpath"; then
- # If the user specified any rpath flags, then add them.
- for libdir in $rpath $xrpath; do
- # This is the magic to use -rpath.
- case "$finalize_rpath " in
- *" $libdir "*) ;;
- *) func_append finalize_rpath " $libdir" ;;
- esac
- done
- fi
-
- # Now hardcode the library paths
- rpath=
- hardcode_libdirs=
- for libdir in $compile_rpath $finalize_rpath; do
- if test -n "$hardcode_libdir_flag_spec"; then
- if test -n "$hardcode_libdir_separator"; then
- if test -z "$hardcode_libdirs"; then
- hardcode_libdirs=$libdir
- else
- # Just accumulate the unique libdirs.
- case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
- *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
- ;;
- *)
- func_append hardcode_libdirs "$hardcode_libdir_separator$libdir"
- ;;
- esac
- fi
- else
- eval flag=\"$hardcode_libdir_flag_spec\"
- func_append rpath " $flag"
- fi
- elif test -n "$runpath_var"; then
- case "$perm_rpath " in
- *" $libdir "*) ;;
- *) func_append perm_rpath " $libdir" ;;
- esac
- fi
- case $host in
- *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
- testbindir=`$ECHO "$libdir" | $SED -e 's*/lib$*/bin*'`
- case :$dllsearchpath: in
- *":$libdir:"*) ;;
- ::) dllsearchpath=$libdir;;
- *) func_append dllsearchpath ":$libdir";;
- esac
- case :$dllsearchpath: in
- *":$testbindir:"*) ;;
- ::) dllsearchpath=$testbindir;;
- *) func_append dllsearchpath ":$testbindir";;
- esac
- ;;
- esac
- done
- # Substitute the hardcoded libdirs into the rpath.
- if test -n "$hardcode_libdir_separator" &&
- test -n "$hardcode_libdirs"; then
- libdir=$hardcode_libdirs
- eval rpath=\" $hardcode_libdir_flag_spec\"
- fi
- compile_rpath=$rpath
-
- rpath=
- hardcode_libdirs=
- for libdir in $finalize_rpath; do
- if test -n "$hardcode_libdir_flag_spec"; then
- if test -n "$hardcode_libdir_separator"; then
- if test -z "$hardcode_libdirs"; then
- hardcode_libdirs=$libdir
- else
- # Just accumulate the unique libdirs.
- case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
- *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
- ;;
- *)
- func_append hardcode_libdirs "$hardcode_libdir_separator$libdir"
- ;;
- esac
- fi
- else
- eval flag=\"$hardcode_libdir_flag_spec\"
- func_append rpath " $flag"
- fi
- elif test -n "$runpath_var"; then
- case "$finalize_perm_rpath " in
- *" $libdir "*) ;;
- *) func_append finalize_perm_rpath " $libdir" ;;
- esac
- fi
- done
- # Substitute the hardcoded libdirs into the rpath.
- if test -n "$hardcode_libdir_separator" &&
- test -n "$hardcode_libdirs"; then
- libdir=$hardcode_libdirs
- eval rpath=\" $hardcode_libdir_flag_spec\"
- fi
- finalize_rpath=$rpath
-
- if test -n "$libobjs" && test yes = "$build_old_libs"; then
- # Transform all the library objects into standard objects.
- compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP`
- finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP`
- fi
-
- func_generate_dlsyms "$outputname" "@PROGRAM@" false
-
- # template prelinking step
- if test -n "$prelink_cmds"; then
- func_execute_cmds "$prelink_cmds" 'exit $?'
- fi
-
- wrappers_required=:
- case $host in
- *cegcc* | *mingw32ce*)
- # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway.
- wrappers_required=false
- ;;
- *cygwin* | *mingw* )
- test yes = "$build_libtool_libs" || wrappers_required=false
- ;;
- *)
- if test no = "$need_relink" || test yes != "$build_libtool_libs"; then
- wrappers_required=false
- fi
- ;;
- esac
- $wrappers_required || {
- # Replace the output file specification.
- compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'`
- link_command=$compile_command$compile_rpath
-
- # We have no uninstalled library dependencies, so finalize right now.
- exit_status=0
- func_show_eval "$link_command" 'exit_status=$?'
-
- if test -n "$postlink_cmds"; then
- func_to_tool_file "$output"
- postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'`
- func_execute_cmds "$postlink_cmds" 'exit $?'
- fi
-
- # Delete the generated files.
- if test -f "$output_objdir/${outputname}S.$objext"; then
- func_show_eval '$RM "$output_objdir/${outputname}S.$objext"'
- fi
-
- exit $exit_status
- }
-
- if test -n "$compile_shlibpath$finalize_shlibpath"; then
- compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command"
- fi
- if test -n "$finalize_shlibpath"; then
- finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command"
- fi
-
- compile_var=
- finalize_var=
- if test -n "$runpath_var"; then
- if test -n "$perm_rpath"; then
- # We should set the runpath_var.
- rpath=
- for dir in $perm_rpath; do
- func_append rpath "$dir:"
- done
- compile_var="$runpath_var=\"$rpath\$$runpath_var\" "
- fi
- if test -n "$finalize_perm_rpath"; then
- # We should set the runpath_var.
- rpath=
- for dir in $finalize_perm_rpath; do
- func_append rpath "$dir:"
- done
- finalize_var="$runpath_var=\"$rpath\$$runpath_var\" "
- fi
- fi
-
- if test yes = "$no_install"; then
- # We don't need to create a wrapper script.
- link_command=$compile_var$compile_command$compile_rpath
- # Replace the output file specification.
- link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'`
- # Delete the old output file.
- $opt_dry_run || $RM $output
- # Link the executable and exit
- func_show_eval "$link_command" 'exit $?'
-
- if test -n "$postlink_cmds"; then
- func_to_tool_file "$output"
- postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'`
- func_execute_cmds "$postlink_cmds" 'exit $?'
- fi
-
- exit $EXIT_SUCCESS
- fi
-
- case $hardcode_action,$fast_install in
- relink,*)
- # Fast installation is not supported
- link_command=$compile_var$compile_command$compile_rpath
- relink_command=$finalize_var$finalize_command$finalize_rpath
-
- func_warning "this platform does not like uninstalled shared libraries"
- func_warning "'$output' will be relinked during installation"
- ;;
- *,yes)
- link_command=$finalize_var$compile_command$finalize_rpath
- relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'`
- ;;
- *,no)
- link_command=$compile_var$compile_command$compile_rpath
- relink_command=$finalize_var$finalize_command$finalize_rpath
- ;;
- *,needless)
- link_command=$finalize_var$compile_command$finalize_rpath
- relink_command=
- ;;
- esac
-
- # Replace the output file specification.
- link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
-
- # Delete the old output files.
- $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname
-
- func_show_eval "$link_command" 'exit $?'
-
- if test -n "$postlink_cmds"; then
- func_to_tool_file "$output_objdir/$outputname"
- postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'`
- func_execute_cmds "$postlink_cmds" 'exit $?'
- fi
-
- # Now create the wrapper script.
- func_verbose "creating $output"
-
- # Quote the relink command for shipping.
- if test -n "$relink_command"; then
- # Preserve any variables that may affect compiler behavior
- for var in $variables_saved_for_relink; do
- if eval test -z \"\${$var+set}\"; then
- relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command"
- elif eval var_value=\$$var; test -z "$var_value"; then
- relink_command="$var=; export $var; $relink_command"
- else
- func_quote_for_eval "$var_value"
- relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
- fi
- done
- relink_command="(cd `pwd`; $relink_command)"
- relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
- fi
-
- # Only actually do things if not in dry run mode.
- $opt_dry_run || {
- # win32 will think the script is a binary if it has
- # a .exe suffix, so we strip it off here.
- case $output in
- *.exe) func_stripname '' '.exe' "$output"
- output=$func_stripname_result ;;
- esac
- # test for cygwin because mv fails w/o .exe extensions
- case $host in
- *cygwin*)
- exeext=.exe
- func_stripname '' '.exe' "$outputname"
- outputname=$func_stripname_result ;;
- *) exeext= ;;
- esac
- case $host in
- *cygwin* | *mingw* )
- func_dirname_and_basename "$output" "" "."
- output_name=$func_basename_result
- output_path=$func_dirname_result
- cwrappersource=$output_path/$objdir/lt-$output_name.c
- cwrapper=$output_path/$output_name.exe
- $RM $cwrappersource $cwrapper
- trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15
-
- func_emit_cwrapperexe_src > $cwrappersource
-
- # The wrapper executable is built using the $host compiler,
- # because it contains $host paths and files. If cross-
- # compiling, it, like the target executable, must be
- # executed on the $host or under an emulation environment.
- $opt_dry_run || {
- $LTCC $LTCFLAGS -o $cwrapper $cwrappersource
- $STRIP $cwrapper
- }
-
- # Now, create the wrapper script for func_source use:
- func_ltwrapper_scriptname $cwrapper
- $RM $func_ltwrapper_scriptname_result
- trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15
- $opt_dry_run || {
- # note: this script will not be executed, so do not chmod.
- if test "x$build" = "x$host"; then
- $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result
- else
- func_emit_wrapper no > $func_ltwrapper_scriptname_result
- fi
- }
- ;;
- * )
- $RM $output
- trap "$RM $output; exit $EXIT_FAILURE" 1 2 15
-
- func_emit_wrapper no > $output
- chmod +x $output
- ;;
- esac
- }
- exit $EXIT_SUCCESS
- ;;
- esac
-
- # See if we need to build an old-fashioned archive.
- for oldlib in $oldlibs; do
-
- case $build_libtool_libs in
- convenience)
- oldobjs="$libobjs_save $symfileobj"
- addlibs=$convenience
- build_libtool_libs=no
- ;;
- module)
- oldobjs=$libobjs_save
- addlibs=$old_convenience
- build_libtool_libs=no
- ;;
- *)
- oldobjs="$old_deplibs $non_pic_objects"
- $preload && test -f "$symfileobj" \
- && func_append oldobjs " $symfileobj"
- addlibs=$old_convenience
- ;;
- esac
-
- if test -n "$addlibs"; then
- gentop=$output_objdir/${outputname}x
- func_append generated " $gentop"
-
- func_extract_archives $gentop $addlibs
- func_append oldobjs " $func_extract_archives_result"
- fi
-
- # Do each command in the archive commands.
- if test -n "$old_archive_from_new_cmds" && test yes = "$build_libtool_libs"; then
- cmds=$old_archive_from_new_cmds
- else
-
- # Add any objects from preloaded convenience libraries
- if test -n "$dlprefiles"; then
- gentop=$output_objdir/${outputname}x
- func_append generated " $gentop"
-
- func_extract_archives $gentop $dlprefiles
- func_append oldobjs " $func_extract_archives_result"
- fi
-
- # POSIX demands no paths to be encoded in archives. We have
- # to avoid creating archives with duplicate basenames if we
- # might have to extract them afterwards, e.g., when creating a
- # static archive out of a convenience library, or when linking
- # the entirety of a libtool archive into another (currently
- # not supported by libtool).
- if (for obj in $oldobjs
- do
- func_basename "$obj"
- $ECHO "$func_basename_result"
- done | sort | sort -uc >/dev/null 2>&1); then
- :
- else
- echo "copying selected object files to avoid basename conflicts..."
- gentop=$output_objdir/${outputname}x
- func_append generated " $gentop"
- func_mkdir_p "$gentop"
- save_oldobjs=$oldobjs
- oldobjs=
- counter=1
- for obj in $save_oldobjs
- do
- func_basename "$obj"
- objbase=$func_basename_result
- case " $oldobjs " in
- " ") oldobjs=$obj ;;
- *[\ /]"$objbase "*)
- while :; do
- # Make sure we don't pick an alternate name that also
- # overlaps.
- newobj=lt$counter-$objbase
- func_arith $counter + 1
- counter=$func_arith_result
- case " $oldobjs " in
- *[\ /]"$newobj "*) ;;
- *) if test ! -f "$gentop/$newobj"; then break; fi ;;
- esac
- done
- func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj"
- func_append oldobjs " $gentop/$newobj"
- ;;
- *) func_append oldobjs " $obj" ;;
- esac
- done
- fi
- func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
- tool_oldlib=$func_to_tool_file_result
- eval cmds=\"$old_archive_cmds\"
-
- func_len " $cmds"
- len=$func_len_result
- if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
- cmds=$old_archive_cmds
- elif test -n "$archiver_list_spec"; then
- func_verbose "using command file archive linking..."
- for obj in $oldobjs
- do
- func_to_tool_file "$obj"
- $ECHO "$func_to_tool_file_result"
- done > $output_objdir/$libname.libcmd
- func_to_tool_file "$output_objdir/$libname.libcmd"
- oldobjs=" $archiver_list_spec$func_to_tool_file_result"
- cmds=$old_archive_cmds
- else
- # the command line is too long to link in one step, link in parts
- func_verbose "using piecewise archive linking..."
- save_RANLIB=$RANLIB
- RANLIB=:
- objlist=
- concat_cmds=
- save_oldobjs=$oldobjs
- oldobjs=
- # Is there a better way of finding the last object in the list?
- for obj in $save_oldobjs
- do
- last_oldobj=$obj
- done
- eval test_cmds=\"$old_archive_cmds\"
- func_len " $test_cmds"
- len0=$func_len_result
- len=$len0
- for obj in $save_oldobjs
- do
- func_len " $obj"
- func_arith $len + $func_len_result
- len=$func_arith_result
- func_append objlist " $obj"
- if test "$len" -lt "$max_cmd_len"; then
- :
- else
- # the above command should be used before it gets too long
- oldobjs=$objlist
- if test "$obj" = "$last_oldobj"; then
- RANLIB=$save_RANLIB
- fi
- test -z "$concat_cmds" || concat_cmds=$concat_cmds~
- eval concat_cmds=\"\$concat_cmds$old_archive_cmds\"
- objlist=
- len=$len0
- fi
- done
- RANLIB=$save_RANLIB
- oldobjs=$objlist
- if test -z "$oldobjs"; then
- eval cmds=\"\$concat_cmds\"
- else
- eval cmds=\"\$concat_cmds~\$old_archive_cmds\"
- fi
- fi
- fi
- func_execute_cmds "$cmds" 'exit $?'
- done
-
- test -n "$generated" && \
- func_show_eval "${RM}r$generated"
-
- # Now create the libtool archive.
- case $output in
- *.la)
- old_library=
- test yes = "$build_old_libs" && old_library=$libname.$libext
- func_verbose "creating $output"
-
- # Preserve any variables that may affect compiler behavior
- for var in $variables_saved_for_relink; do
- if eval test -z \"\${$var+set}\"; then
- relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command"
- elif eval var_value=\$$var; test -z "$var_value"; then
- relink_command="$var=; export $var; $relink_command"
- else
- func_quote_for_eval "$var_value"
- relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
- fi
- done
- # Quote the link command for shipping.
- relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
- relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
- if test yes = "$hardcode_automatic"; then
- relink_command=
- fi
-
- # Only create the output if not a dry run.
- $opt_dry_run || {
- for installed in no yes; do
- if test yes = "$installed"; then
- if test -z "$install_libdir"; then
- break
- fi
- output=$output_objdir/${outputname}i
- # Replace all uninstalled libtool libraries with the installed ones
- newdependency_libs=
- for deplib in $dependency_libs; do
- case $deplib in
- *.la)
- func_basename "$deplib"
- name=$func_basename_result
- func_resolve_sysroot "$deplib"
- eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result`
- test -z "$libdir" && \
- func_fatal_error "'$deplib' is not a valid libtool archive"
- func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name"
- ;;
- -L*)
- func_stripname -L '' "$deplib"
- func_replace_sysroot "$func_stripname_result"
- func_append newdependency_libs " -L$func_replace_sysroot_result"
- ;;
- -R*)
- func_stripname -R '' "$deplib"
- func_replace_sysroot "$func_stripname_result"
- func_append newdependency_libs " -R$func_replace_sysroot_result"
- ;;
- *) func_append newdependency_libs " $deplib" ;;
- esac
- done
- dependency_libs=$newdependency_libs
- newdlfiles=
-
- for lib in $dlfiles; do
- case $lib in
- *.la)
- func_basename "$lib"
- name=$func_basename_result
- eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
- test -z "$libdir" && \
- func_fatal_error "'$lib' is not a valid libtool archive"
- func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name"
- ;;
- *) func_append newdlfiles " $lib" ;;
- esac
- done
- dlfiles=$newdlfiles
- newdlprefiles=
- for lib in $dlprefiles; do
- case $lib in
- *.la)
- # Only pass preopened files to the pseudo-archive (for
- # eventual linking with the app. that links it) if we
- # didn't already link the preopened objects directly into
- # the library:
- func_basename "$lib"
- name=$func_basename_result
- eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
- test -z "$libdir" && \
- func_fatal_error "'$lib' is not a valid libtool archive"
- func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name"
- ;;
- esac
- done
- dlprefiles=$newdlprefiles
- else
- newdlfiles=
- for lib in $dlfiles; do
- case $lib in
- [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;;
- *) abs=`pwd`"/$lib" ;;
- esac
- func_append newdlfiles " $abs"
- done
- dlfiles=$newdlfiles
- newdlprefiles=
- for lib in $dlprefiles; do
- case $lib in
- [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;;
- *) abs=`pwd`"/$lib" ;;
- esac
- func_append newdlprefiles " $abs"
- done
- dlprefiles=$newdlprefiles
- fi
- $RM $output
- # place dlname in correct position for cygwin
- # In fact, it would be nice if we could use this code for all target
- # systems that can't hard-code library paths into their executables
- # and that have no shared library path variable independent of PATH,
- # but it turns out we can't easily determine that from inspecting
- # libtool variables, so we have to hard-code the OSs to which it
- # applies here; at the moment, that means platforms that use the PE
- # object format with DLL files. See the long comment at the top of
- # tests/bindir.at for full details.
- tdlname=$dlname
- case $host,$output,$installed,$module,$dlname in
- *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll)
- # If a -bindir argument was supplied, place the dll there.
- if test -n "$bindir"; then
- func_relative_path "$install_libdir" "$bindir"
- tdlname=$func_relative_path_result/$dlname
- else
- # Otherwise fall back on heuristic.
- tdlname=../bin/$dlname
- fi
- ;;
- esac
- $ECHO > $output "\
-# $outputname - a libtool library file
-# Generated by $PROGRAM (GNU $PACKAGE) $VERSION
-#
-# Please DO NOT delete this file!
-# It is necessary for linking the library.
-
-# The name that we can dlopen(3).
-dlname='$tdlname'
-
-# Names of this library.
-library_names='$library_names'
-
-# The name of the static archive.
-old_library='$old_library'
-
-# Linker flags that cannot go in dependency_libs.
-inherited_linker_flags='$new_inherited_linker_flags'
-
-# Libraries that this one depends upon.
-dependency_libs='$dependency_libs'
-
-# Names of additional weak libraries provided by this library
-weak_library_names='$weak_libs'
-
-# Version information for $libname.
-current=$current
-age=$age
-revision=$revision
-
-# Is this an already installed library?
-installed=$installed
-
-# Should we warn about portability when linking against -modules?
-shouldnotlink=$module
-
-# Files to dlopen/dlpreopen
-dlopen='$dlfiles'
-dlpreopen='$dlprefiles'
-
-# Directory that this library needs to be installed in:
-libdir='$install_libdir'"
- if test no,yes = "$installed,$need_relink"; then
- $ECHO >> $output "\
-relink_command=\"$relink_command\""
- fi
- done
- }
-
- # Do a symbolic link so that the libtool archive can be found in
- # LD_LIBRARY_PATH before the program is installed.
- func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?'
- ;;
- esac
- exit $EXIT_SUCCESS
-}
-
-if test link = "$opt_mode" || test relink = "$opt_mode"; then
- func_mode_link ${1+"$@"}
-fi
-
-
-# func_mode_uninstall arg...
-func_mode_uninstall ()
-{
- $debug_cmd
-
- RM=$nonopt
- files=
- rmforce=false
- exit_status=0
-
- # This variable tells wrapper scripts just to set variables rather
- # than running their programs.
- libtool_install_magic=$magic
-
- for arg
- do
- case $arg in
- -f) func_append RM " $arg"; rmforce=: ;;
- -*) func_append RM " $arg" ;;
- *) func_append files " $arg" ;;
- esac
- done
-
- test -z "$RM" && \
- func_fatal_help "you must specify an RM program"
-
- rmdirs=
-
- for file in $files; do
- func_dirname "$file" "" "."
- dir=$func_dirname_result
- if test . = "$dir"; then
- odir=$objdir
- else
- odir=$dir/$objdir
- fi
- func_basename "$file"
- name=$func_basename_result
- test uninstall = "$opt_mode" && odir=$dir
-
- # Remember odir for removal later, being careful to avoid duplicates
- if test clean = "$opt_mode"; then
- case " $rmdirs " in
- *" $odir "*) ;;
- *) func_append rmdirs " $odir" ;;
- esac
- fi
-
- # Don't error if the file doesn't exist and rm -f was used.
- if { test -L "$file"; } >/dev/null 2>&1 ||
- { test -h "$file"; } >/dev/null 2>&1 ||
- test -f "$file"; then
- :
- elif test -d "$file"; then
- exit_status=1
- continue
- elif $rmforce; then
- continue
- fi
-
- rmfiles=$file
-
- case $name in
- *.la)
- # Possibly a libtool archive, so verify it.
- if func_lalib_p "$file"; then
- func_source $dir/$name
-
- # Delete the libtool libraries and symlinks.
- for n in $library_names; do
- func_append rmfiles " $odir/$n"
- done
- test -n "$old_library" && func_append rmfiles " $odir/$old_library"
-
- case $opt_mode in
- clean)
- case " $library_names " in
- *" $dlname "*) ;;
- *) test -n "$dlname" && func_append rmfiles " $odir/$dlname" ;;
- esac
- test -n "$libdir" && func_append rmfiles " $odir/$name $odir/${name}i"
- ;;
- uninstall)
- if test -n "$library_names"; then
- # Do each command in the postuninstall commands.
- func_execute_cmds "$postuninstall_cmds" '$rmforce || exit_status=1'
- fi
-
- if test -n "$old_library"; then
- # Do each command in the old_postuninstall commands.
- func_execute_cmds "$old_postuninstall_cmds" '$rmforce || exit_status=1'
- fi
- # FIXME: should reinstall the best remaining shared library.
- ;;
- esac
- fi
- ;;
-
- *.lo)
- # Possibly a libtool object, so verify it.
- if func_lalib_p "$file"; then
-
- # Read the .lo file
- func_source $dir/$name
-
- # Add PIC object to the list of files to remove.
- if test -n "$pic_object" && test none != "$pic_object"; then
- func_append rmfiles " $dir/$pic_object"
- fi
-
- # Add non-PIC object to the list of files to remove.
- if test -n "$non_pic_object" && test none != "$non_pic_object"; then
- func_append rmfiles " $dir/$non_pic_object"
- fi
- fi
- ;;
-
- *)
- if test clean = "$opt_mode"; then
- noexename=$name
- case $file in
- *.exe)
- func_stripname '' '.exe' "$file"
- file=$func_stripname_result
- func_stripname '' '.exe' "$name"
- noexename=$func_stripname_result
- # $file with .exe has already been added to rmfiles,
- # add $file without .exe
- func_append rmfiles " $file"
- ;;
- esac
- # Do a test to see if this is a libtool program.
- if func_ltwrapper_p "$file"; then
- if func_ltwrapper_executable_p "$file"; then
- func_ltwrapper_scriptname "$file"
- relink_command=
- func_source $func_ltwrapper_scriptname_result
- func_append rmfiles " $func_ltwrapper_scriptname_result"
- else
- relink_command=
- func_source $dir/$noexename
- fi
-
- # note $name still contains .exe if it was in $file originally
- # as does the version of $file that was added into $rmfiles
- func_append rmfiles " $odir/$name $odir/${name}S.$objext"
- if test yes = "$fast_install" && test -n "$relink_command"; then
- func_append rmfiles " $odir/lt-$name"
- fi
- if test "X$noexename" != "X$name"; then
- func_append rmfiles " $odir/lt-$noexename.c"
- fi
- fi
- fi
- ;;
- esac
- func_show_eval "$RM $rmfiles" 'exit_status=1'
- done
-
- # Try to remove the $objdir's in the directories where we deleted files
- for dir in $rmdirs; do
- if test -d "$dir"; then
- func_show_eval "rmdir $dir >/dev/null 2>&1"
- fi
- done
-
- exit $exit_status
-}
-
-if test uninstall = "$opt_mode" || test clean = "$opt_mode"; then
- func_mode_uninstall ${1+"$@"}
-fi
-
-test -z "$opt_mode" && {
- help=$generic_help
- func_fatal_help "you must specify a MODE"
-}
-
-test -z "$exec_cmd" && \
- func_fatal_help "invalid operation mode '$opt_mode'"
-
-if test -n "$exec_cmd"; then
- eval exec "$exec_cmd"
- exit $EXIT_FAILURE
-fi
-
-exit $exit_status
-
-
-# The TAGs below are defined such that we never get into a situation
-# where we disable both kinds of libraries. Given conflicting
-# choices, we go for a static library, that is the most portable,
-# since we can't tell whether shared libraries were disabled because
-# the user asked for that or because the platform doesn't support
-# them. This is particularly important on AIX, because we don't
-# support having both static and shared libraries enabled at the same
-# time on that platform, so we default to a shared-only configuration.
-# If a disable-shared tag is given, we'll fallback to a static-only
-# configuration. But we'll never go from static-only to shared-only.
-
-# ### BEGIN LIBTOOL TAG CONFIG: disable-shared
-build_libtool_libs=no
-build_old_libs=yes
-# ### END LIBTOOL TAG CONFIG: disable-shared
-
-# ### BEGIN LIBTOOL TAG CONFIG: disable-static
-build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac`
-# ### END LIBTOOL TAG CONFIG: disable-static
-
-# Local Variables:
-# mode:shell-script
-# sh-indentation:2
-# End:
diff --git a/libraries/libapparmor/missing b/libraries/libapparmor/missing
deleted file mode 100755
index 1fe1611f18514b7174f3529145b56cdc51d48c7c..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/missing
+++ /dev/null
@@ -1,215 +0,0 @@
-#! /bin/sh
-# Common wrapper for a few potentially missing GNU programs.
-
-scriptversion=2018-03-07.03; # UTC
-
-# Copyright (C) 1996-2021 Free Software Foundation, Inc.
-# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-if test $# -eq 0; then
- echo 1>&2 "Try '$0 --help' for more information"
- exit 1
-fi
-
-case $1 in
-
- --is-lightweight)
- # Used by our autoconf macros to check whether the available missing
- # script is modern enough.
- exit 0
- ;;
-
- --run)
- # Back-compat with the calling convention used by older automake.
- shift
- ;;
-
- -h|--h|--he|--hel|--help)
- echo "\
-$0 [OPTION]... PROGRAM [ARGUMENT]...
-
-Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due
-to PROGRAM being missing or too old.
-
-Options:
- -h, --help display this help and exit
- -v, --version output version information and exit
-
-Supported PROGRAM values:
- aclocal autoconf autoheader autom4te automake makeinfo
- bison yacc flex lex help2man
-
-Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and
-'g' are ignored when checking the name.
-
-Send bug reports to <bug-automake@gnu.org>."
- exit $?
- ;;
-
- -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
- echo "missing $scriptversion (GNU Automake)"
- exit $?
- ;;
-
- -*)
- echo 1>&2 "$0: unknown '$1' option"
- echo 1>&2 "Try '$0 --help' for more information"
- exit 1
- ;;
-
-esac
-
-# Run the given program, remember its exit status.
-"$@"; st=$?
-
-# If it succeeded, we are done.
-test $st -eq 0 && exit 0
-
-# Also exit now if we it failed (or wasn't found), and '--version' was
-# passed; such an option is passed most likely to detect whether the
-# program is present and works.
-case $2 in --version|--help) exit $st;; esac
-
-# Exit code 63 means version mismatch. This often happens when the user
-# tries to use an ancient version of a tool on a file that requires a
-# minimum version.
-if test $st -eq 63; then
- msg="probably too old"
-elif test $st -eq 127; then
- # Program was missing.
- msg="missing on your system"
-else
- # Program was found and executed, but failed. Give up.
- exit $st
-fi
-
-perl_URL=https://www.perl.org/
-flex_URL=https://github.com/westes/flex
-gnu_software_URL=https://www.gnu.org/software
-
-program_details ()
-{
- case $1 in
- aclocal|automake)
- echo "The '$1' program is part of the GNU Automake package:"
- echo "<$gnu_software_URL/automake>"
- echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:"
- echo "<$gnu_software_URL/autoconf>"
- echo "<$gnu_software_URL/m4/>"
- echo "<$perl_URL>"
- ;;
- autoconf|autom4te|autoheader)
- echo "The '$1' program is part of the GNU Autoconf package:"
- echo "<$gnu_software_URL/autoconf/>"
- echo "It also requires GNU m4 and Perl in order to run:"
- echo "<$gnu_software_URL/m4/>"
- echo "<$perl_URL>"
- ;;
- esac
-}
-
-give_advice ()
-{
- # Normalize program name to check for.
- normalized_program=`echo "$1" | sed '
- s/^gnu-//; t
- s/^gnu//; t
- s/^g//; t'`
-
- printf '%s\n' "'$1' is $msg."
-
- configure_deps="'configure.ac' or m4 files included by 'configure.ac'"
- case $normalized_program in
- autoconf*)
- echo "You should only need it if you modified 'configure.ac',"
- echo "or m4 files included by it."
- program_details 'autoconf'
- ;;
- autoheader*)
- echo "You should only need it if you modified 'acconfig.h' or"
- echo "$configure_deps."
- program_details 'autoheader'
- ;;
- automake*)
- echo "You should only need it if you modified 'Makefile.am' or"
- echo "$configure_deps."
- program_details 'automake'
- ;;
- aclocal*)
- echo "You should only need it if you modified 'acinclude.m4' or"
- echo "$configure_deps."
- program_details 'aclocal'
- ;;
- autom4te*)
- echo "You might have modified some maintainer files that require"
- echo "the 'autom4te' program to be rebuilt."
- program_details 'autom4te'
- ;;
- bison*|yacc*)
- echo "You should only need it if you modified a '.y' file."
- echo "You may want to install the GNU Bison package:"
- echo "<$gnu_software_URL/bison/>"
- ;;
- lex*|flex*)
- echo "You should only need it if you modified a '.l' file."
- echo "You may want to install the Fast Lexical Analyzer package:"
- echo "<$flex_URL>"
- ;;
- help2man*)
- echo "You should only need it if you modified a dependency" \
- "of a man page."
- echo "You may want to install the GNU Help2man package:"
- echo "<$gnu_software_URL/help2man/>"
- ;;
- makeinfo*)
- echo "You should only need it if you modified a '.texi' file, or"
- echo "any other file indirectly affecting the aspect of the manual."
- echo "You might want to install the Texinfo package:"
- echo "<$gnu_software_URL/texinfo/>"
- echo "The spurious makeinfo call might also be the consequence of"
- echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might"
- echo "want to install GNU make:"
- echo "<$gnu_software_URL/make/>"
- ;;
- *)
- echo "You might have modified some files without having the proper"
- echo "tools for further handling them. Check the 'README' file, it"
- echo "often tells you about the needed prerequisites for installing"
- echo "this package. You may also peek at any GNU archive site, in"
- echo "case some other package contains this missing '$1' program."
- ;;
- esac
-}
-
-give_advice "$1" | sed -e '1s/^/WARNING: /' \
- -e '2,$s/^/ /' >&2
-
-# Propagate the correct exit status (expected to be 127 for a program
-# not found, 63 for a program that failed due to version mismatch).
-exit $st
-
-# Local variables:
-# eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
-# time-stamp-end: "; # UTC"
-# End:
diff --git a/libraries/libapparmor/src/Makefile.am b/libraries/libapparmor/src/Makefile.am
index 58c5599e773ff104a8e9f7662b428de5181f05e8..910189811808375ee2f26ec6c54db70d73512e59 100644
--- a/libraries/libapparmor/src/Makefile.am
+++ b/libraries/libapparmor/src/Makefile.am
@@ -32,10 +32,10 @@ INCLUDES = $(all_includes)
#
# After changing the AA_LIB_* variables, also update EXPECTED_SO_NAME.
-AA_LIB_CURRENT = 13
-AA_LIB_REVISION = 3
-AA_LIB_AGE = 12
-EXPECTED_SO_NAME = libapparmor.so.1.12.3
+AA_LIB_CURRENT = 25
+AA_LIB_REVISION = 1
+AA_LIB_AGE = 24
+EXPECTED_SO_NAME = libapparmor.so.1.24.1
SUFFIXES = .pc.in .pc
@@ -44,8 +44,7 @@ include $(COMMONDIR)/Make.rules
BUILT_SOURCES = grammar.h scanner.h af_protos.h
AM_LFLAGS = -v
-AM_YFLAGS = -d -p aalogparse_
-AM_CFLAGS = -Wall $(EXTRA_WARNINGS) -fPIC -flto-partition=none
+AM_YFLAGS = -Wno-yacc -d -p aalogparse_
AM_CPPFLAGS = -D_GNU_SOURCE -I$(top_srcdir)/include/
scanner.h: scanner.l
$(LEX) -v $<
@@ -53,13 +52,13 @@ scanner.h: scanner.l
scanner.c: scanner.l
af_protos.h:
- echo '#include <netinet/in.h>' | $(CC) $(CPPFLAGS) -E -dM - | LC_ALL=C sed -n -e "/IPPROTO_MAX/d" -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" > $@
+ echo '#include <netinet/in.h>' | $(CC) $(CPPFLAGS) -E -dD - | LC_ALL=C sed -n -e "/IPPROTO_MAX/d" -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" > $@
lib_LTLIBRARIES = libapparmor.la
noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h private.h PMurHash.h
libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel.c scanner.c private.c features.c kernel_interface.c policy_cache.c PMurHash.c
-libapparmor_la_LDFLAGS = -version-info $(AA_LIB_CURRENT):$(AA_LIB_REVISION):$(AA_LIB_AGE) -XCClinker -dynamic -pthread \
+libapparmor_la_LDFLAGS = -version-info $(AA_LIB_CURRENT):$(AA_LIB_REVISION):$(AA_LIB_AGE) -XCClinker -Bdynamic -pthread \
-Wl,--version-script=$(top_srcdir)/src/libapparmor.map
pkgconfigdir = $(libdir)/pkgconfig
@@ -74,6 +73,16 @@ CLEANFILES = libapparmor.pc
tst_aalogmisc_SOURCES = tst_aalogmisc.c
tst_aalogmisc_LDADD = .libs/libapparmor.a
+tst_aalogparse_cpp_SOURCES = tst_aalogparse_cpp.cpp
+tst_aalogparse_cpp_LDADD = .libs/libapparmor.a
+
+tst_aalogparse_oldname_SOURCES = tst_aalogparse_oldname.c
+tst_aalogparse_oldname_LDADD = .libs/libapparmor.a
+
+tst_aalogparse_reentrancy_SOURCES = tst_aalogparse_reentrancy.c
+tst_aalogparse_reentrancy_LDADD = .libs/libapparmor.a
+tst_aalogparse_reentrancy_LDFLAGS = -pthread
+
tst_features_SOURCES = tst_features.c
tst_features_LDADD = .libs/libapparmor.a
@@ -81,7 +90,7 @@ tst_kernel_SOURCES = tst_kernel.c
tst_kernel_LDADD = .libs/libapparmor.a
tst_kernel_LDFLAGS = -pthread
-check_PROGRAMS = tst_aalogmisc tst_features tst_kernel
+check_PROGRAMS = tst_aalogmisc tst_aalogparse_cpp tst_aalogparse_reentrancy tst_aalogparse_oldname tst_features tst_kernel
TESTS = $(check_PROGRAMS)
.PHONY: check-local
diff --git a/libraries/libapparmor/src/Makefile.in b/libraries/libapparmor/src/Makefile.in
deleted file mode 100644
index e182893ecb4bb85cd4ade7a447dc69a0af763c18..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/src/Makefile.in
+++ /dev/null
@@ -1,1249 +0,0 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-check_PROGRAMS = tst_aalogmisc$(EXEEXT) tst_features$(EXEEXT) \
- tst_kernel$(EXEEXT)
-subdir = src
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/../../common/Version \
- $(top_srcdir)/m4/ac_podchecker.m4 \
- $(top_srcdir)/m4/ac_pod2man.m4 \
- $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(noinst_HEADERS) \
- $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkgconfigdir)"
-LTLIBRARIES = $(lib_LTLIBRARIES)
-libapparmor_la_LIBADD =
-am_libapparmor_la_OBJECTS = grammar.lo libaalogparse.lo kernel.lo \
- scanner.lo private.lo features.lo kernel_interface.lo \
- policy_cache.lo PMurHash.lo
-libapparmor_la_OBJECTS = $(am_libapparmor_la_OBJECTS)
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-libapparmor_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
- $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
- $(AM_CFLAGS) $(CFLAGS) $(libapparmor_la_LDFLAGS) $(LDFLAGS) -o \
- $@
-am_tst_aalogmisc_OBJECTS = tst_aalogmisc.$(OBJEXT)
-tst_aalogmisc_OBJECTS = $(am_tst_aalogmisc_OBJECTS)
-tst_aalogmisc_DEPENDENCIES = .libs/libapparmor.a
-am_tst_features_OBJECTS = tst_features.$(OBJEXT)
-tst_features_OBJECTS = $(am_tst_features_OBJECTS)
-tst_features_DEPENDENCIES = .libs/libapparmor.a
-am_tst_kernel_OBJECTS = tst_kernel.$(OBJEXT)
-tst_kernel_OBJECTS = $(am_tst_kernel_OBJECTS)
-tst_kernel_DEPENDENCIES = .libs/libapparmor.a
-tst_kernel_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(tst_kernel_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I.@am__isrc@
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/PMurHash.Plo \
- ./$(DEPDIR)/features.Plo ./$(DEPDIR)/grammar.Plo \
- ./$(DEPDIR)/kernel.Plo ./$(DEPDIR)/kernel_interface.Plo \
- ./$(DEPDIR)/libaalogparse.Plo ./$(DEPDIR)/policy_cache.Plo \
- ./$(DEPDIR)/private.Plo ./$(DEPDIR)/scanner.Plo \
- ./$(DEPDIR)/tst_aalogmisc.Po ./$(DEPDIR)/tst_features.Po \
- ./$(DEPDIR)/tst_kernel.Po
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-am__yacc_c2h = sed -e s/cc$$/hh/ -e s/cpp$$/hpp/ -e s/cxx$$/hxx/ \
- -e s/c++$$/h++/ -e s/c$$/h/
-YACCCOMPILE = $(YACC) $(AM_YFLAGS) $(YFLAGS)
-LTYACCCOMPILE = $(LIBTOOL) $(AM_V_lt) $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(YACC) $(AM_YFLAGS) $(YFLAGS)
-AM_V_YACC = $(am__v_YACC_@AM_V@)
-am__v_YACC_ = $(am__v_YACC_@AM_DEFAULT_V@)
-am__v_YACC_0 = @echo " YACC " $@;
-am__v_YACC_1 =
-YLWRAP = $(top_srcdir)/ylwrap
-SOURCES = $(libapparmor_la_SOURCES) $(tst_aalogmisc_SOURCES) \
- $(tst_features_SOURCES) $(tst_kernel_SOURCES)
-DIST_SOURCES = $(libapparmor_la_SOURCES) $(tst_aalogmisc_SOURCES) \
- $(tst_features_SOURCES) $(tst_kernel_SOURCES)
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-DATA = $(pkgconfig_DATA)
-HEADERS = $(noinst_HEADERS)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-am__tty_colors_dummy = \
- mgn= red= grn= lgn= blu= brg= std=; \
- am__color_tests=no
-am__tty_colors = { \
- $(am__tty_colors_dummy); \
- if test "X$(AM_COLOR_TESTS)" = Xno; then \
- am__color_tests=no; \
- elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
- am__color_tests=yes; \
- elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
- am__color_tests=yes; \
- fi; \
- if test $$am__color_tests = yes; then \
- red='�[0;31m'; \
- grn='�[0;32m'; \
- lgn='�[1;32m'; \
- blu='�[1;34m'; \
- mgn='�[0;35m'; \
- brg='�[1m'; \
- std='�[m'; \
- fi; \
-}
-am__recheck_rx = ^[ ]*:recheck:[ ]*
-am__global_test_result_rx = ^[ ]*:global-test-result:[ ]*
-am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]*
-# A command that, given a newline-separated list of test names on the
-# standard input, print the name of the tests that are to be re-run
-# upon "make recheck".
-am__list_recheck_tests = $(AWK) '{ \
- recheck = 1; \
- while ((rc = (getline line < ($$0 ".trs"))) != 0) \
- { \
- if (rc < 0) \
- { \
- if ((getline line2 < ($$0 ".log")) < 0) \
- recheck = 0; \
- break; \
- } \
- else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
- { \
- recheck = 0; \
- break; \
- } \
- else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
- { \
- break; \
- } \
- }; \
- if (recheck) \
- print $$0; \
- close ($$0 ".trs"); \
- close ($$0 ".log"); \
-}'
-# A command that, given a newline-separated list of test names on the
-# standard input, create the global log from their .trs and .log files.
-am__create_global_log = $(AWK) ' \
-function fatal(msg) \
-{ \
- print "fatal: making $@: " msg | "cat >&2"; \
- exit 1; \
-} \
-function rst_section(header) \
-{ \
- print header; \
- len = length(header); \
- for (i = 1; i <= len; i = i + 1) \
- printf "="; \
- printf "\n\n"; \
-} \
-{ \
- copy_in_global_log = 1; \
- global_test_result = "RUN"; \
- while ((rc = (getline line < ($$0 ".trs"))) != 0) \
- { \
- if (rc < 0) \
- fatal("failed to read from " $$0 ".trs"); \
- if (line ~ /$(am__global_test_result_rx)/) \
- { \
- sub("$(am__global_test_result_rx)", "", line); \
- sub("[ ]*$$", "", line); \
- global_test_result = line; \
- } \
- else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
- copy_in_global_log = 0; \
- }; \
- if (copy_in_global_log) \
- { \
- rst_section(global_test_result ": " $$0); \
- while ((rc = (getline line < ($$0 ".log"))) != 0) \
- { \
- if (rc < 0) \
- fatal("failed to read from " $$0 ".log"); \
- print line; \
- }; \
- printf "\n"; \
- }; \
- close ($$0 ".trs"); \
- close ($$0 ".log"); \
-}'
-# Restructured Text title.
-am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
-# Solaris 10 'make', and several other traditional 'make' implementations,
-# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it
-# by disabling -e (using the XSI extension "set +e") if it's set.
-am__sh_e_setup = case $$- in *e*) set +e;; esac
-# Default flags passed to test drivers.
-am__common_driver_flags = \
- --color-tests "$$am__color_tests" \
- --enable-hard-errors "$$am__enable_hard_errors" \
- --expect-failure "$$am__expect_failure"
-# To be inserted before the command running the test. Creates the
-# directory for the log if needed. Stores in $dir the directory
-# containing $f, in $tst the test, in $log the log. Executes the
-# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
-# passes TESTS_ENVIRONMENT. Set up options for the wrapper that
-# will run the test scripts (or their associated LOG_COMPILER, if
-# thy have one).
-am__check_pre = \
-$(am__sh_e_setup); \
-$(am__vpath_adj_setup) $(am__vpath_adj) \
-$(am__tty_colors); \
-srcdir=$(srcdir); export srcdir; \
-case "$@" in \
- */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \
- *) am__odir=.;; \
-esac; \
-test "x$$am__odir" = x"." || test -d "$$am__odir" \
- || $(MKDIR_P) "$$am__odir" || exit $$?; \
-if test -f "./$$f"; then dir=./; \
-elif test -f "$$f"; then dir=; \
-else dir="$(srcdir)/"; fi; \
-tst=$$dir$$f; log='$@'; \
-if test -n '$(DISABLE_HARD_ERRORS)'; then \
- am__enable_hard_errors=no; \
-else \
- am__enable_hard_errors=yes; \
-fi; \
-case " $(XFAIL_TESTS) " in \
- *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \
- am__expect_failure=yes;; \
- *) \
- am__expect_failure=no;; \
-esac; \
-$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
-# A shell command to get the names of the tests scripts with any registered
-# extension removed (i.e., equivalently, the names of the test logs, with
-# the '.log' extension removed). The result is saved in the shell variable
-# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly,
-# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
-# since that might cause problem with VPATH rewrites for suffix-less tests.
-# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
-am__set_TESTS_bases = \
- bases='$(TEST_LOGS)'; \
- bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
- bases=`echo $$bases`
-AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
-RECHECK_LOGS = $(TEST_LOGS)
-AM_RECURSIVE_TARGETS = check recheck
-TEST_SUITE_LOG = test-suite.log
-TEST_EXTENSIONS = @EXEEXT@ .test
-LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
-LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
-am__set_b = \
- case '$@' in \
- */*) \
- case '$*' in \
- */*) b='$*';; \
- *) b=`echo '$@' | sed 's/\.log$$//'`; \
- esac;; \
- *) \
- b='$*';; \
- esac
-am__test_logs1 = $(TESTS:=.log)
-am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
-TEST_LOGS = $(am__test_logs2:.test.log=.log)
-TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
-TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
- $(TEST_LOG_FLAGS)
-am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \
- $(top_srcdir)/test-driver $(top_srcdir)/ylwrap grammar.c \
- grammar.h
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POD2MAN = @POD2MAN@
-PODCHECKER = @PODCHECKER@
-PYTHON = @PYTHON@
-PYTHON_CONFIG = @PYTHON_CONFIG@
-PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
-PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
-PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RUBY = @RUBY@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-SWIG = @SWIG@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-INCLUDES = $(all_includes)
-
-# variables to set the library versions used by libtool
-# Step through these rules IN ORDER to update the library version.
-# 1. Update the version information only immediately before a public release
-# of your software. More frequent updates are unnecessary, and only
-# guarantee that the current interface number gets larger faster.
-# 2. If the library source code has changed at all since the last update,
-# then
-# - increment AA_LIB_REVISION
-# 3. If any interfaces have been added, removed, or changed since the last
-# update,
-# - increment AA_LIB_CURRENT
-# - by 1 if bugfix release
-# - by 5 on larger releases. This gives room to fix library interface
-# problems in the unlikely event where an interface has to break.
-# - set AA_LIB_REVISION to 0.
-# 4. If any interfaces have been added since the last public release, then
-# - increment AA_LIB_AGE by the same amount that AA_LIB_CURRENT was
-# incremented.
-# 5. If any interfaces have been removed or changed since the last public
-# release, then
-# - set AA_LIB_AGE to 0.
-#
-# The resulting library version triplet will be:
-# (AA_LIB_CURRENT - AA_LIB_AGE).AA_LIB_AGE.AA_LIB_REVISION
-# and the SONAME will be:
-# libapparmor.so.(AA_LIB_CURRENT - AA_LIB_AGE)
-#
-# For more information, see:
-# http://www.gnu.org/software/libtool/manual/html_node/Libtool-versioning.html
-#
-# After changing the AA_LIB_* variables, also update EXPECTED_SO_NAME.
-AA_LIB_CURRENT = 13
-AA_LIB_REVISION = 3
-AA_LIB_AGE = 12
-EXPECTED_SO_NAME = libapparmor.so.1.12.3
-SUFFIXES = .pc.in .pc
-COMMONDIR = $(top_srcdir)/../../common/
-BUILT_SOURCES = grammar.h scanner.h af_protos.h
-AM_LFLAGS = -v
-AM_YFLAGS = -d -p aalogparse_
-AM_CFLAGS = -Wall $(EXTRA_WARNINGS) -fPIC -flto-partition=none
-AM_CPPFLAGS = -D_GNU_SOURCE -I$(top_srcdir)/include/
-lib_LTLIBRARIES = libapparmor.la
-noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h private.h PMurHash.h
-libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel.c scanner.c private.c features.c kernel_interface.c policy_cache.c PMurHash.c
-libapparmor_la_LDFLAGS = -version-info $(AA_LIB_CURRENT):$(AA_LIB_REVISION):$(AA_LIB_AGE) -XCClinker -dynamic -pthread \
- -Wl,--version-script=$(top_srcdir)/src/libapparmor.map
-
-pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = libapparmor.pc
-CLEANFILES = libapparmor.pc
-tst_aalogmisc_SOURCES = tst_aalogmisc.c
-tst_aalogmisc_LDADD = .libs/libapparmor.a
-tst_features_SOURCES = tst_features.c
-tst_features_LDADD = .libs/libapparmor.a
-tst_kernel_SOURCES = tst_kernel.c
-tst_kernel_LDADD = .libs/libapparmor.a
-tst_kernel_LDFLAGS = -pthread
-TESTS = $(check_PROGRAMS)
-EXTRA_DIST = grammar.y scanner.l libapparmor.map libapparmor.pc
-all: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) all-am
-
-.SUFFIXES:
-.SUFFIXES: .pc.in .pc .c .lo .log .o .obj .test .test$(EXEEXT) .trs .y
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-clean-checkPROGRAMS:
- @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
- echo " rm -f" $$list; \
- rm -f $$list || exit $$?; \
- test -n "$(EXEEXT)" || exit 0; \
- list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f" $$list; \
- rm -f $$list
-
-install-libLTLIBRARIES: $(lib_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
- }
-
-uninstall-libLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
- done
-
-clean-libLTLIBRARIES:
- -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
- @list='$(lib_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-grammar.h: grammar.c
- @if test ! -f $@; then rm -f grammar.c; else :; fi
- @if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) grammar.c; else :; fi
-
-libapparmor.la: $(libapparmor_la_OBJECTS) $(libapparmor_la_DEPENDENCIES) $(EXTRA_libapparmor_la_DEPENDENCIES)
- $(AM_V_CCLD)$(libapparmor_la_LINK) -rpath $(libdir) $(libapparmor_la_OBJECTS) $(libapparmor_la_LIBADD) $(LIBS)
-
-tst_aalogmisc$(EXEEXT): $(tst_aalogmisc_OBJECTS) $(tst_aalogmisc_DEPENDENCIES) $(EXTRA_tst_aalogmisc_DEPENDENCIES)
- @rm -f tst_aalogmisc$(EXEEXT)
- $(AM_V_CCLD)$(LINK) $(tst_aalogmisc_OBJECTS) $(tst_aalogmisc_LDADD) $(LIBS)
-
-tst_features$(EXEEXT): $(tst_features_OBJECTS) $(tst_features_DEPENDENCIES) $(EXTRA_tst_features_DEPENDENCIES)
- @rm -f tst_features$(EXEEXT)
- $(AM_V_CCLD)$(LINK) $(tst_features_OBJECTS) $(tst_features_LDADD) $(LIBS)
-
-tst_kernel$(EXEEXT): $(tst_kernel_OBJECTS) $(tst_kernel_DEPENDENCIES) $(EXTRA_tst_kernel_DEPENDENCIES)
- @rm -f tst_kernel$(EXEEXT)
- $(AM_V_CCLD)$(tst_kernel_LINK) $(tst_kernel_OBJECTS) $(tst_kernel_LDADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/PMurHash.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/features.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/grammar.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_interface.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libaalogparse.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/policy_cache.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/private.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scanner.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst_aalogmisc.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst_features.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst_kernel.Po@am__quote@ # am--include-marker
-
-$(am__depfiles_remade):
- @$(MKDIR_P) $(@D)
- @echo '# dummy' >$@-t && $(am__mv) $@-t $@
-
-am--depfiles: $(am__depfiles_remade)
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-.y.c:
- $(AM_V_YACC)$(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h `echo $@ | $(am__yacc_c2h)` y.output $*.output -- $(YACCCOMPILE)
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-install-pkgconfigDATA: $(pkgconfig_DATA)
- @$(NORMAL_INSTALL)
- @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(pkgconfigdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" || exit 1; \
- fi; \
- for p in $$list; do \
- if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; \
- done | $(am__base_list) | \
- while read files; do \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \
- done
-
-uninstall-pkgconfigDATA:
- @$(NORMAL_UNINSTALL)
- @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
- files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
- dir='$(DESTDIR)$(pkgconfigdir)'; $(am__uninstall_files_from_dir)
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-# Recover from deleted '.trs' file; this should ensure that
-# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
-# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells
-# to avoid problems with "make -n".
-.log.trs:
- rm -f $< $@
- $(MAKE) $(AM_MAKEFLAGS) $<
-
-# Leading 'am--fnord' is there to ensure the list of targets does not
-# expand to empty, as could happen e.g. with make check TESTS=''.
-am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
-am--force-recheck:
- @:
-
-$(TEST_SUITE_LOG): $(TEST_LOGS)
- @$(am__set_TESTS_bases); \
- am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
- redo_bases=`for i in $$bases; do \
- am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
- done`; \
- if test -n "$$redo_bases"; then \
- redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
- redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
- if $(am__make_dryrun); then :; else \
- rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
- fi; \
- fi; \
- if test -n "$$am__remaking_logs"; then \
- echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
- "recursion detected" >&2; \
- elif test -n "$$redo_logs"; then \
- am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
- fi; \
- if $(am__make_dryrun); then :; else \
- st=0; \
- errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
- for i in $$redo_bases; do \
- test -f $$i.trs && test -r $$i.trs \
- || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
- test -f $$i.log && test -r $$i.log \
- || { echo "$$errmsg $$i.log" >&2; st=1; }; \
- done; \
- test $$st -eq 0 || exit 1; \
- fi
- @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
- ws='[ ]'; \
- results=`for b in $$bases; do echo $$b.trs; done`; \
- test -n "$$results" || results=/dev/null; \
- all=` grep "^$$ws*:test-result:" $$results | wc -l`; \
- pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \
- fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \
- skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \
- xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
- xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
- error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
- if test `expr $$fail + $$xpass + $$error` -eq 0; then \
- success=true; \
- else \
- success=false; \
- fi; \
- br='==================='; br=$$br$$br$$br$$br; \
- result_count () \
- { \
- if test x"$$1" = x"--maybe-color"; then \
- maybe_colorize=yes; \
- elif test x"$$1" = x"--no-color"; then \
- maybe_colorize=no; \
- else \
- echo "$@: invalid 'result_count' usage" >&2; exit 4; \
- fi; \
- shift; \
- desc=$$1 count=$$2; \
- if test $$maybe_colorize = yes && test $$count -gt 0; then \
- color_start=$$3 color_end=$$std; \
- else \
- color_start= color_end=; \
- fi; \
- echo "$${color_start}# $$desc $$count$${color_end}"; \
- }; \
- create_testsuite_report () \
- { \
- result_count $$1 "TOTAL:" $$all "$$brg"; \
- result_count $$1 "PASS: " $$pass "$$grn"; \
- result_count $$1 "SKIP: " $$skip "$$blu"; \
- result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
- result_count $$1 "FAIL: " $$fail "$$red"; \
- result_count $$1 "XPASS:" $$xpass "$$red"; \
- result_count $$1 "ERROR:" $$error "$$mgn"; \
- }; \
- { \
- echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \
- $(am__rst_title); \
- create_testsuite_report --no-color; \
- echo; \
- echo ".. contents:: :depth: 2"; \
- echo; \
- for b in $$bases; do echo $$b; done \
- | $(am__create_global_log); \
- } >$(TEST_SUITE_LOG).tmp || exit 1; \
- mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \
- if $$success; then \
- col="$$grn"; \
- else \
- col="$$red"; \
- test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \
- fi; \
- echo "$${col}$$br$${std}"; \
- echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \
- echo "$${col}$$br$${std}"; \
- create_testsuite_report --maybe-color; \
- echo "$$col$$br$$std"; \
- if $$success; then :; else \
- echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \
- if test -n "$(PACKAGE_BUGREPORT)"; then \
- echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \
- fi; \
- echo "$$col$$br$$std"; \
- fi; \
- $$success || exit 1
-
-check-TESTS: $(check_PROGRAMS)
- @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
- @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
- @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
- @set +e; $(am__set_TESTS_bases); \
- log_list=`for i in $$bases; do echo $$i.log; done`; \
- trs_list=`for i in $$bases; do echo $$i.trs; done`; \
- log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
- $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
- exit $$?;
-recheck: all $(check_PROGRAMS)
- @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
- @set +e; $(am__set_TESTS_bases); \
- bases=`for i in $$bases; do echo $$i; done \
- | $(am__list_recheck_tests)` || exit 1; \
- log_list=`for i in $$bases; do echo $$i.log; done`; \
- log_list=`echo $$log_list`; \
- $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
- am__force_recheck=am--force-recheck \
- TEST_LOGS="$$log_list"; \
- exit $$?
-tst_aalogmisc.log: tst_aalogmisc$(EXEEXT)
- @p='tst_aalogmisc$(EXEEXT)'; \
- b='tst_aalogmisc'; \
- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
-tst_features.log: tst_features$(EXEEXT)
- @p='tst_features$(EXEEXT)'; \
- b='tst_features'; \
- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
-tst_kernel.log: tst_kernel$(EXEEXT)
- @p='tst_kernel$(EXEEXT)'; \
- b='tst_kernel'; \
- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
-.test.log:
- @p='$<'; \
- $(am__set_b); \
- $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
-@am__EXEEXT_TRUE@.test$(EXEEXT).log:
-@am__EXEEXT_TRUE@ @p='$<'; \
-@am__EXEEXT_TRUE@ $(am__set_b); \
-@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
-@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \
-@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
-@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
- $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
- $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
-check: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) check-am
-all-am: Makefile $(LTLIBRARIES) $(DATA) $(HEADERS)
-install-checkPROGRAMS: install-libLTLIBRARIES
-
-installdirs:
- for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkgconfigdir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) install-am
-install-exec: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
- -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
- -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
- -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
-
-clean-generic:
- -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
- -rm -f grammar.c
- -rm -f grammar.h
- -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
-clean: clean-am
-
-clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
- clean-libtool mostlyclean-am
-
-distclean: distclean-am
- -rm -f ./$(DEPDIR)/PMurHash.Plo
- -rm -f ./$(DEPDIR)/features.Plo
- -rm -f ./$(DEPDIR)/grammar.Plo
- -rm -f ./$(DEPDIR)/kernel.Plo
- -rm -f ./$(DEPDIR)/kernel_interface.Plo
- -rm -f ./$(DEPDIR)/libaalogparse.Plo
- -rm -f ./$(DEPDIR)/policy_cache.Plo
- -rm -f ./$(DEPDIR)/private.Plo
- -rm -f ./$(DEPDIR)/scanner.Plo
- -rm -f ./$(DEPDIR)/tst_aalogmisc.Po
- -rm -f ./$(DEPDIR)/tst_features.Po
- -rm -f ./$(DEPDIR)/tst_kernel.Po
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-pkgconfigDATA
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am: install-libLTLIBRARIES
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -f ./$(DEPDIR)/PMurHash.Plo
- -rm -f ./$(DEPDIR)/features.Plo
- -rm -f ./$(DEPDIR)/grammar.Plo
- -rm -f ./$(DEPDIR)/kernel.Plo
- -rm -f ./$(DEPDIR)/kernel_interface.Plo
- -rm -f ./$(DEPDIR)/libaalogparse.Plo
- -rm -f ./$(DEPDIR)/policy_cache.Plo
- -rm -f ./$(DEPDIR)/private.Plo
- -rm -f ./$(DEPDIR)/scanner.Plo
- -rm -f ./$(DEPDIR)/tst_aalogmisc.Po
- -rm -f ./$(DEPDIR)/tst_features.Po
- -rm -f ./$(DEPDIR)/tst_kernel.Po
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-libLTLIBRARIES uninstall-pkgconfigDATA
-
-.MAKE: all check check-am install install-am install-exec \
- install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
- check-am check-local clean clean-checkPROGRAMS clean-generic \
- clean-libLTLIBRARIES clean-libtool cscopelist-am ctags \
- ctags-am distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-libLTLIBRARIES install-man install-pdf \
- install-pdf-am install-pkgconfigDATA install-ps install-ps-am \
- install-strip installcheck installcheck-am installdirs \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
- pdf pdf-am ps ps-am recheck tags tags-am uninstall \
- uninstall-am uninstall-libLTLIBRARIES uninstall-pkgconfigDATA
-
-.PRECIOUS: Makefile
-
-include $(COMMONDIR)/Make.rules
-scanner.h: scanner.l
- $(LEX) -v $<
-
-scanner.c: scanner.l
-
-af_protos.h:
- echo '#include <netinet/in.h>' | $(CC) $(CPPFLAGS) -E -dM - | LC_ALL=C sed -n -e "/IPPROTO_MAX/d" -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" > $@
-
-%.pc: %.pc.in $(top_builddir)/config.status
- $(AM_V_GEN)cd "$(top_builddir)" && \
- $(SHELL) ./config.status --file="src/$@"
-
-.PHONY: check-local
-check-local:
- test -f ./.libs/$(EXPECTED_SO_NAME) || { echo '*** unexpected .so name/number for libapparmor (expected $(EXPECTED_SO_NAME), the actual filename is shown below) ***' ; ls -l ./.libs/libapparmor.so.*.* ; exit 1; }
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/libraries/libapparmor/src/features.c b/libraries/libapparmor/src/features.c
index 2b16dcf58b19c6b1113ac8dc7f8d690d2794af5b..ba27ed546745a70a3a4f21f4dc09c6add26cc699 100644
--- a/libraries/libapparmor/src/features.c
+++ b/libraries/libapparmor/src/features.c
@@ -35,6 +35,7 @@
#include "PMurHash.h"
#define FEATURES_FILE "/sys/kernel/security/apparmor/features"
+#define CACHE_FEATURES_FILE ".features"
#define HASH_SIZE (8 + 1) /* 32 bits binary to hex + NUL terminator */
#define STRING_SIZE 8192
@@ -658,6 +659,44 @@ bool aa_features_is_equal(aa_features *features1, aa_features *features2)
strcmp(features1->string, features2->string) == 0;
}
+/**
+ * aa_features_check - check if features from a directory matches an aa_features object
+ * @dirfd: a directory file descriptory or AT_FDCWD (see openat(2))
+ * @path: the path containing the features
+ * @features: features to be matched against
+ *
+ * Returns: 0 on success, -1 on failure. errno is set to EEXIST when there's not a match
+ */
+int aa_features_check(int dirfd, const char *path,
+ aa_features *features)
+{
+ aa_features *local_features = NULL;
+ autofree char *name = NULL;
+ bool rc;
+ int len;
+
+ len = asprintf(&name, "%s/%s", path, CACHE_FEATURES_FILE);
+ if (len == -1) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ /* verify that path dir .features matches */
+ if (aa_features_new(&local_features, dirfd, name)) {
+ PDEBUG("could not setup new features object for dirfd '%d' '%s'\n", dirfd, name);
+ return -1;
+ }
+
+ rc = aa_features_is_equal(local_features, features);
+ aa_features_unref(local_features);
+ if (!rc) {
+ errno = EEXIST;
+ return -1;
+ }
+
+ return 0;
+}
+
static const char *features_lookup(aa_features *features, const char *str)
{
const char *features_string = features->string;
diff --git a/libraries/libapparmor/src/grammar.y b/libraries/libapparmor/src/grammar.y
index 8afd0c39f5817efae2f3d5d24b891fc3cb4423c6..a834838b3c2730e0316b7e6015e00bcf18c2786a 100644
--- a/libraries/libapparmor/src/grammar.y
+++ b/libraries/libapparmor/src/grammar.y
@@ -15,17 +15,15 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+/* aalogparse_error now requires visibility of the aa_log_record type
+ * Also include in a %code requires block to add it to the header
+ */
+%code requires{
+ #include <aalogparse.h>
+}
%{
-/* set the following to non-zero to get bison to emit debugging
- * information about tokens given and rules matched.
- * Also:
- * Uncomment the %defines
- * parse.error
- * parse.trace
- */
-#define YYDEBUG 0
#include <string.h>
#include <aalogparse.h>
#include "parser.h"
@@ -41,12 +39,10 @@
#define debug_unused_ unused_
#endif
-aa_log_record *ret_record;
-
/* Since we're a library, on any errors we don't want to print out any
* error messages. We should probably add a debug interface that does
* emit messages when asked for. */
-void aalogparse_error(unused_ void *scanner, debug_unused_ char const *s)
+void aalogparse_error(unused_ void *scanner, aa_log_record *ret_record, debug_unused_ char const *s)
{
#if (YYDEBUG != 0)
printf("ERROR: %s\n", s);
@@ -89,9 +85,10 @@ aa_record_event_type lookup_aa_event(unsigned int type)
%define parse.trace
*/
-%define api.pure
+%define api.pure full
%lex-param{void *scanner}
%parse-param{void *scanner}
+%parse-param{aa_log_record *ret_record}
%union
{
@@ -114,6 +111,7 @@ aa_record_event_type lookup_aa_event(unsigned int type)
%token TOK_PERIOD
%token TOK_QUESTION_MARK
%token TOK_SINGLE_QUOTE
+%token TOK_NONE
%token TOK_TYPE_REJECT
%token TOK_TYPE_AUDIT
@@ -187,6 +185,8 @@ aa_record_event_type lookup_aa_event(unsigned int type)
%token TOK_KEY_FSTYPE
%token TOK_KEY_FLAGS
%token TOK_KEY_SRCNAME
+%token TOK_KEY_UNIX_PEER_ADDR
+%token TOK_KEY_EXECPATH
%token TOK_KEY_CLASS
%token TOK_SOCKLOGD_KERNEL
@@ -249,7 +249,7 @@ syslog_type:
{ ret_record->version = AA_RECORD_SYNTAX_V2; free($3); }
| syslog_date syslog_id TOK_DMESG_STAMP key_type audit_id key_list
{ ret_record->version = AA_RECORD_SYNTAX_V2; free($3); }
- /* needs update: hard newline in handling mutiline log messages */
+ /* needs update: hard newline in handling multiline log messages */
| syslog_date syslog_id TOK_DMESG_STAMP TOK_AUDIT TOK_COLON key_type audit_id audit_user_msg_partial_tail
{ ret_record->version = AA_RECORD_SYNTAX_V2; free($3); }
| syslog_date syslog_id TOK_DMESG_STAMP TOK_AUDIT TOK_COLON key_type audit_id audit_user_msg_tail
@@ -281,8 +281,9 @@ audit_user_msg: TOK_KEY_MSG TOK_EQUALS audit_id audit_user_msg_tail
audit_id: TOK_AUDIT TOK_OPEN_PAREN TOK_AUDIT_DIGITS TOK_PERIOD TOK_AUDIT_DIGITS TOK_COLON TOK_AUDIT_DIGITS TOK_CLOSE_PAREN TOK_COLON
{
- if (!asprintf(&ret_record->audit_id, "%s.%s:%s", $3, $5, $7))
- yyerror(scanner, YY_("Out of memory"));
+ if (!asprintf(&ret_record->audit_id, "%s.%s:%s", $3, $5, $7)) {
+ yyerror(scanner, ret_record, YY_("Out of memory"));
+ }
ret_record->epoch = atol($3);
ret_record->audit_sub_id = atoi($7);
free($3);
@@ -305,7 +306,7 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
| TOK_KEY_NAME TOK_EQUALS safe_string
{ ret_record->name = $3;}
| TOK_KEY_NAMESPACE TOK_EQUALS safe_string
- { ret_record->namespace = $3;}
+ { ret_record->aa_namespace = $3;}
| TOK_KEY_NAME2 TOK_EQUALS safe_string
{ ret_record->name2 = $3;}
| TOK_KEY_MASK TOK_EQUALS TOK_QUOTED_STRING
@@ -354,6 +355,13 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->fsuid = $3;}
| TOK_KEY_OUID TOK_EQUALS TOK_DIGITS
{ ret_record->ouid = $3;}
+ | TOK_KEY_ADDR TOK_EQUALS TOK_QUESTION_MARK
+ | TOK_KEY_ADDR TOK_EQUALS TOK_NONE
+ | TOK_KEY_ADDR TOK_EQUALS safe_string
+ { ret_record->net_addr = $3; }
+ | TOK_KEY_UNIX_PEER_ADDR TOK_EQUALS TOK_NONE
+ | TOK_KEY_UNIX_PEER_ADDR TOK_EQUALS safe_string
+ { ret_record->peer_addr = $3; }
| TOK_KEY_FSUID_UPPER TOK_EQUALS TOK_QUOTED_STRING
{ free($3);} /* Ignore - fsuid username */
| TOK_KEY_OUID_UPPER TOK_EQUALS TOK_QUOTED_STRING
@@ -363,10 +371,7 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
| TOK_KEY_HOSTNAME TOK_EQUALS safe_string
{ free($3); /* Ignore - hostname from user AVC messages */ }
| TOK_KEY_HOSTNAME TOK_EQUALS TOK_QUESTION_MARK
- | TOK_KEY_ADDR TOK_EQUALS TOK_QUESTION_MARK
| TOK_KEY_TERMINAL TOK_EQUALS TOK_QUESTION_MARK
- | TOK_KEY_ADDR TOK_EQUALS safe_string
- { free($3); /* Ignore - IP address from user AVC messages */ }
| TOK_KEY_TERMINAL TOK_EQUALS safe_string
{ free($3); /* Ignore - TTY from user AVC messages */ }
| TOK_KEY_EXE TOK_EQUALS safe_string
@@ -419,21 +424,21 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->dbus_member = $3; }
| TOK_KEY_SIGNAL TOK_EQUALS TOK_ID
{ ret_record->signal = $3; }
-
| TOK_KEY_FSTYPE TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->fs_type = $3; }
| TOK_KEY_FLAGS TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->flags = $3; }
| TOK_KEY_SRCNAME TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->src_name = $3; }
-
+ | TOK_KEY_EXECPATH TOK_EQUALS TOK_QUOTED_STRING
+ { ret_record->execpath = $3; }
| TOK_MSG_REST
{
ret_record->event = AA_RECORD_INVALID;
ret_record->info = $1;
}
| TOK_KEY_CLASS TOK_EQUALS TOK_QUOTED_STRING
- { ret_record->class = $3; }
+ { ret_record->rule_class = $3; }
;
apparmor_event:
@@ -470,31 +475,3 @@ protocol: TOK_QUOTED_STRING
}
;
%%
-
-aa_log_record *
-_parse_yacc(char *str)
-{
- /* yydebug = 1; */
- YY_BUFFER_STATE lex_buf;
- yyscan_t scanner;
-
- ret_record = NULL;
- ret_record = malloc(sizeof(aa_log_record));
-
- _init_log_record(ret_record);
-
- if (ret_record == NULL)
- return NULL;
-
-#if (YYDEBUG != 0)
- yydebug = 1;
-#endif
-
- aalogparse_lex_init(&scanner);
- lex_buf = aalogparse__scan_string(str, scanner);
- /* Ignore return value to return an AA_RECORD_INVALID event */
- (void)aalogparse_parse(scanner);
- aalogparse__delete_buffer(lex_buf, scanner);
- aalogparse_lex_destroy(scanner);
- return ret_record;
-}
diff --git a/libraries/libapparmor/src/kernel.c b/libraries/libapparmor/src/kernel.c
index 5fab36e5683fa78438092f24a732776931fbec1c..21ec1e2eeb5cbc0833dc226a969449ac9d6c95cc 100644
--- a/libraries/libapparmor/src/kernel.c
+++ b/libraries/libapparmor/src/kernel.c
@@ -463,7 +463,7 @@ static char *procattr_path(pid_t pid, const char *attr)
static int procattr_open(pid_t tid, const char *attr, int flags)
{
- char *tmp;
+ autofree char *tmp = NULL;
int fd;
tmp = procattr_path(tid, attr);
@@ -471,7 +471,7 @@ static int procattr_open(pid_t tid, const char *attr, int flags)
return -1;
}
fd = open(tmp, flags);
- free(tmp);
+
/* Test is we can fallback to the old interface (this is ugly).
* If we haven't tried the old interface already
* proc_attr_base == proc_attr_base_old - no fallback
@@ -483,11 +483,14 @@ static int procattr_open(pid_t tid, const char *attr, int flags)
* old interface where is_enabled() is only successful if
* the old interface is available to apparmor.
*/
- if (fd == -1 && tmp != proc_attr_base_old && param_check_enabled() != 0) {
- if (asprintf(&tmp, proc_attr_base_old, tid, attr) < 0)
+ if (fd == -1 && param_check_enabled() != 0 && strncmp(tmp, proc_attr_base_old, strlen(proc_attr_base_old)) != 0) {
+ free(tmp);
+ if (asprintf(&tmp, proc_attr_base_old, tid, attr) < 0) {
+ /* tmp is undefined, make sure it is null for autofree*/
+ tmp = NULL;
return -1;
+ }
fd = open(tmp, flags);
- free(tmp);
}
return fd;
@@ -1355,3 +1358,121 @@ int aa_query_link_path(const char *label, const char *target, const char *link,
strlen(target), link, strlen(link),
allowed, audited);
}
+
+static int alloc_substring(char ***v, char *s, char *p,
+ size_t max_size, size_t n, bool immutable)
+{
+ if (max_size) {
+ if (n >= max_size) {
+ errno = E2BIG;
+ return -1;
+ }
+ } else {
+ char ** tmpv;
+ tmpv = (char **) realloc(*v, (n + 1) * sizeof(char *));
+ if (tmpv == NULL) {
+ errno = ENOMEM;
+ return -1;
+ }
+ *v = tmpv;
+ }
+ if (immutable) {
+ char *tmp;
+ tmp = (char *) malloc(p - s + 1);
+ if (tmp == NULL) {
+ errno = ENOMEM;
+ return -1;
+ }
+ memcpy(tmp, s, p - s);
+ tmp[p - s] = 0;
+ (*v)[n] = tmp;
+ } else {
+ (*v)[n] = s;
+ if (*p)
+ *p = 0;
+ }
+
+ return 0;
+}
+
+/**
+ * aa_split_overlay_str - split a string into potentially multiple strings
+ * @str: the string to split
+ * @vec: vector to put string pointers into, IF null will be allocated
+ * @max_size: maximum number of ents to put in @vec, IF 0 dynamic
+ * @immutable: true if @str should not be modified.
+ *
+ * Returns: the number of entries in vec on success. -1 on error and errno set.
+ *
+ * Split a comma or colon separated string into substrings.
+ *
+ * IF @vec == NULL
+ * the vec will be dynamically allocated
+ * ELSE
+ * passed in @vec will be used, and NOT updated/extended
+ *
+ * IF @max_size == 0 && @vec == NULL
+ * @vec will be dynamically resized
+ * ELSE
+ * @vec will be fixed at @max_size
+ *
+ * IF @immutable is true
+ * the substrings placed in @vec will be allocated copies.
+ * ELSE
+ * @str will be updated in place and @vec[x] will point into @str
+ */
+int aa_split_overlay_str(char *str, char ***vec, size_t max_size, bool immutable)
+{
+ char *s = str;
+ char *p = str;
+ int rc, n = 0;
+ char **v = *vec;
+
+ if (!*vec) {
+ if (max_size) {
+ v = (char **) malloc(max_size * sizeof(char *));
+ if (v == NULL) {
+ rc = ENOMEM;
+ goto err;
+ }
+ }
+ }
+
+ while (*p) {
+ if (*p == '\\') {
+ if (*(p + 1) != 0)
+ p++;
+ } else if (*p == ',' || *p == ':') {
+ if (p != s) {
+ if (alloc_substring(&v, s, p, max_size, n, immutable) == -1) {
+ rc = errno;
+ goto err;
+ }
+ n++;
+ }
+ p++;
+ s = p;
+ } else
+ p++;
+ }
+ if (p != s) {
+ if (alloc_substring(&v, s, p, max_size, n, immutable) == -1) {
+ rc = errno;
+ goto err;
+ }
+ n++;
+ }
+
+ *vec = v;
+ return n;
+err:
+ if (immutable) {
+ for (int i = 0; i < n; i++) {
+ free(v[i]);
+ }
+ }
+ if (!*vec)
+ free(v);
+ errno = rc;
+ return -1;
+}
diff --git a/libraries/libapparmor/src/libaalogparse.c b/libraries/libapparmor/src/libaalogparse.c
index d4f0c1737d2763ac40206e0bd81fc19d784fa913..8993cf038e0b38d3b2d2f57283088d4e1d76d04b 100644
--- a/libraries/libapparmor/src/libaalogparse.c
+++ b/libraries/libapparmor/src/libaalogparse.c
@@ -34,13 +34,42 @@
#include <aalogparse.h>
#include "parser.h"
+#include "grammar.h"
+#include "scanner.h"
+
/* This is mostly just a wrapper around the code in grammar.y */
-aa_log_record *parse_record(char *str)
+aa_log_record *parse_record(const char *str)
{
+ YY_BUFFER_STATE lex_buf;
+ yyscan_t scanner;
+ aa_log_record *ret_record;
+
if (str == NULL)
return NULL;
- return _parse_yacc(str);
+ ret_record = malloc(sizeof(aa_log_record));
+
+ _init_log_record(ret_record);
+
+ if (ret_record == NULL)
+ return NULL;
+
+ struct string_buf string_buf = {.buf = NULL, .buf_len = 0, .buf_alloc = 0};
+
+#if (YYDEBUG != 0)
+ /* Warning: this is still a global even in reentrant parsers */
+ aalogparse_debug = 1;
+#endif
+
+ aalogparse_lex_init_extra(&string_buf, &scanner);
+ lex_buf = aalogparse__scan_string(str, scanner);
+ /* Ignore return value to return an AA_RECORD_INVALID event */
+ (void)aalogparse_parse(scanner, ret_record);
+ aalogparse__delete_buffer(lex_buf, scanner);
+ aalogparse_lex_destroy(scanner);
+ /* free(NULL) is a no-op */
+ free(string_buf.buf);
+ return ret_record;
}
void free_record(aa_log_record *record)
@@ -63,8 +92,8 @@ void free_record(aa_log_record *record)
free(record->name);
if (record->name2 != NULL)
free(record->name2);
- if (record->namespace != NULL)
- free(record->namespace);
+ if (record->aa_namespace != NULL)
+ free(record->aa_namespace);
if (record->attribute != NULL)
free(record->attribute);
if (record->info != NULL)
@@ -103,8 +132,15 @@ void free_record(aa_log_record *record)
free(record->flags);
if (record->src_name != NULL)
free(record->src_name);
- if (record->class != NULL)
- free(record->class);
+ if (record->net_addr != NULL)
+ free(record->net_addr);
+ if (record->peer_addr != NULL)
+ free(record->peer_addr);
+ if (record->execpath != NULL)
+ free(record->execpath);
+
+ if (record->rule_class != NULL)
+ free(record->rule_class);
free(record);
}
diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
index 7ca7caea3b3f811db09f37973be80a133b3c4bf1..436522a55ba6159a349b69ead6b8a1cf660cc19c 100644
--- a/libraries/libapparmor/src/libapparmor.map
+++ b/libraries/libapparmor/src/libapparmor.map
@@ -124,6 +124,14 @@ APPARMOR_3.0 {
*;
} APPARMOR_2.13.1;
+APPARMOR_3.1 {
+ global:
+ aa_features_check;
+ aa_split_overlay_str;
+ local:
+ *;
+} APPARMOR_3.0;
+
PRIVATE {
global:
_aa_is_blacklisted;
diff --git a/libraries/libapparmor/src/parser.h b/libraries/libapparmor/src/parser.h
index dcb6e5c9179b03960b912052fb0329651b3a1b72..d81e4fef81b9cfa1c9d85dcd51b1070f0d99641d 100644
--- a/libraries/libapparmor/src/parser.h
+++ b/libraries/libapparmor/src/parser.h
@@ -19,8 +19,14 @@
#ifndef __AA_LOG_PARSER_H__
#define __AA_LOG_PARSER_H__
+// Internal-only type
+struct string_buf {
+ char *buf;
+ unsigned int buf_len;
+ unsigned int buf_alloc;
+};
+
extern void _init_log_record(aa_log_record *record);
-extern aa_log_record *_parse_yacc(char *str);
extern char *hex_to_string(char *str);
extern char *ipproto_to_string(unsigned int proto);
diff --git a/libraries/libapparmor/src/policy_cache.c b/libraries/libapparmor/src/policy_cache.c
index 7e840dc6663dcca23eaf8a70e5758b2b82625a6f..40ef1576a3dacfa1802bc79b889988ac1b12a896 100644
--- a/libraries/libapparmor/src/policy_cache.c
+++ b/libraries/libapparmor/src/policy_cache.c
@@ -147,36 +147,6 @@ repeat:
return path;
}
-static int cache_check_features(int dirfd, const char *cache_name,
- aa_features *features)
-{
- aa_features *local_features = NULL;
- autofree char *name = NULL;
- bool rc;
- int len;
-
- len = asprintf(&name, "%s/%s", cache_name, CACHE_FEATURES_FILE);
- if (len == -1) {
- errno = ENOMEM;
- return -1;
- }
-
- /* verify that cache dir .features matches */
- if (aa_features_new(&local_features, dirfd, name)) {
- PDEBUG("could not setup new features object for dirfd '%d' '%s'\n", dirfd, name);
- return -1;
- }
-
- rc = aa_features_is_equal(local_features, features);
- aa_features_unref(local_features);
- if (!rc) {
- errno = EEXIST;
- return -1;
- }
-
- return 0;
-}
-
static int create_cache(aa_policy_cache *policy_cache, aa_features *features)
{
if (aa_policy_cache_remove(policy_cache->dirfd[0], "."))
@@ -194,8 +164,8 @@ static int create_cache(aa_policy_cache *policy_cache, aa_features *features)
static int init_cache_features(aa_policy_cache *policy_cache,
aa_features *kernel_features, bool create)
{
- if (cache_check_features(policy_cache->dirfd[0], ".",
- kernel_features)) {
+ if (aa_features_check(policy_cache->dirfd[0], ".",
+ kernel_features)) {
/* EEXIST must come before ENOENT for short circuit eval */
if (!create || errno == EEXIST || errno != ENOENT)
return -1;
@@ -231,13 +201,13 @@ static int cache_miss_cb(int dirfd, const struct dirent *ent, void *arg)
errno = ENOMEM;
return -1;
}
- if (!cache_check_features(dirfd, cache_name, data->features) || errno == ENOENT) {
+ if (!aa_features_check(dirfd, cache_name, data->features) || errno == ENOENT) {
/* found cache dir matching pattern */
data->cache_name = cache_name;
/* return 1 to stop iteration and signal dir found */
return 1;
} else if (errno != EEXIST) {
- PDEBUG("cache_check_features() failed for dirfd '%d' '%s'\n", dirfd, cache_name);
+ PDEBUG("aa_features_check() failed for dirfd '%d' '%s'\n", dirfd, cache_name);
free(cache_name);
return -1;
}
@@ -273,12 +243,12 @@ static int cache_dir_from_path_and_features(char **cache_path,
if (len == -1)
return -1;
- if (!cache_check_features(dirfd, cache_dir, features) || errno == ENOENT) {
+ if (!aa_features_check(dirfd, cache_dir, features) || errno == ENOENT) {
PDEBUG("cache_dir_from_path_and_features() found '%s'\n", cache_dir);
*cache_path = cache_dir;
return 0;
} else if (errno != EEXIST) {
- PDEBUG("cache_check_features() failed for dirfd '%d' %s\n", dirfd, cache_dir);
+ PDEBUG("aa_features_check() failed for dirfd '%d' %s\n", dirfd, cache_dir);
free(cache_dir);
return -1;
}
diff --git a/libraries/libapparmor/src/scanner.l b/libraries/libapparmor/src/scanner.l
index e663f787aa7193d88aeb88809de3bcadec13357c..72e8825e5d2581ee01296d9fef94a5d1d07a85a9 100644
--- a/libraries/libapparmor/src/scanner.l
+++ b/libraries/libapparmor/src/scanner.l
@@ -19,6 +19,7 @@
%option nounput
%option noyy_top_state
%option reentrant
+%option extra-type="struct string_buf*"
%option prefix="aalogparse_"
%option bison-bridge
%option header-file="scanner.h"
@@ -34,40 +35,37 @@
#define YY_NO_INPUT
-unsigned int string_buf_alloc = 0;
-unsigned int string_buf_len = 0;
-char *string_buf = NULL;
-
-void string_buf_reset()
+void string_buf_reset(struct string_buf* char_buf)
{
/* rewind buffer to zero, possibly doing initial allocation too */
- string_buf_len = 0;
- if (string_buf == NULL) {
- string_buf_alloc = 128;
- string_buf = malloc(string_buf_alloc);
- assert(string_buf != NULL);
+ char_buf->buf_len = 0;
+ if (char_buf->buf == NULL) {
+ char_buf->buf_alloc = 128;
+ char_buf->buf = malloc(char_buf->buf_alloc);
+ assert(char_buf->buf != NULL);
}
/* always start with a valid but empty string */
- string_buf[0] = '\0';
+ char_buf->buf[0] = '\0';
}
-void string_buf_append(unsigned int length, char *text)
+void string_buf_append(struct string_buf* char_buf, unsigned int length, char *text)
{
- unsigned int current_length = string_buf_len;
+ unsigned int current_length = char_buf->buf_len;
/* handle calling ..._append before ..._reset */
- if (string_buf == NULL) string_buf_reset();
+ if (char_buf->buf == NULL) string_buf_reset(char_buf);
- string_buf_len += length;
+ char_buf->buf_len += length;
/* expand allocation if this append would exceed the allocation */
- while (string_buf_len >= string_buf_alloc) {
- string_buf_alloc *= 2;
- string_buf = realloc(string_buf, string_buf_alloc);
- assert(string_buf != NULL);
+ while (char_buf->buf_len >= char_buf->buf_alloc) {
+ // TODO: overflow?
+ char_buf->buf_alloc *= 2;
+ char_buf->buf = realloc(char_buf->buf, char_buf->buf_alloc);
+ assert(char_buf->buf != NULL);
}
/* copy and unconditionally terminate */
- memcpy(string_buf+current_length, text, length);
- string_buf[string_buf_len] = '\0';
+ memcpy(char_buf->buf+current_length, text, length);
+ char_buf->buf[char_buf->buf_len] = '\0';
}
%}
@@ -90,6 +88,7 @@ question_mark "?"
single_quote "'"
mode_chars ([RrWwaLlMmkXx])|([Pp][Xx])|([Uu][Xx])|([Ii][Xx])|([Pp][Ii][Xx])
modes ({mode_chars}+)|({mode_chars}+::{mode_chars}*)|(::{mode_chars}*)
+none "none"
/* New message types */
aa_reject_type "APPARMOR_DENIED"
@@ -157,9 +156,13 @@ key_capname "capname"
key_offset "offset"
key_target "target"
key_laddr "laddr"
+key_saddr "saddr"
key_faddr "faddr"
+key_daddr "daddr"
key_lport "lport"
+key_srcport "src"
key_fport "fport"
+key_destport "dest"
key_bus "bus"
key_dest "dest"
key_path "path"
@@ -172,6 +175,9 @@ key_fstype "fstype"
key_flags "flags"
key_srcname "srcname"
key_class "class"
+key_tcontext "tcontext"
+key_unix_peer_addr "peer_addr"
+key_execpath "execpath"
audit "audit"
/* network addrs */
@@ -224,7 +230,7 @@ yy_flex_debug = 0;
{open_paren} { return(TOK_OPEN_PAREN); }
{close_paren} { BEGIN(INITIAL); return(TOK_CLOSE_PAREN); }
{ws} { }
- \" { string_buf_reset(); BEGIN(quoted_string); }
+ \" { string_buf_reset(yyextra); BEGIN(quoted_string); }
{ID}+ {
yylval->t_str = strdup(yytext);
BEGIN(INITIAL);
@@ -233,20 +239,20 @@ yy_flex_debug = 0;
{equals} { return(TOK_EQUALS); }
}
-\" { string_buf_reset(); BEGIN(quoted_string); }
+\" { string_buf_reset(yyextra); BEGIN(quoted_string); }
<quoted_string>\" { /* End of the quoted string */
BEGIN(INITIAL);
- yylval->t_str = strdup(string_buf);
+ yylval->t_str = strdup(yyextra->buf);
return(TOK_QUOTED_STRING);
}
-<quoted_string>\\(.|\n) { string_buf_append(1, &yytext[1]); }
+<quoted_string>\\(.|\n) { string_buf_append(yyextra, 1, &yytext[1]); }
-<quoted_string>[^\\\n\"]+ { string_buf_append(yyleng, yytext); }
+<quoted_string>[^\\\n\"]+ { string_buf_append(yyextra, yyleng, yytext); }
<safe_string>{
- \" { string_buf_reset(); BEGIN(quoted_string); }
+ \" { string_buf_reset(yyextra); BEGIN(quoted_string); }
{hexstring} { yylval->t_str = hex_to_string(yytext); BEGIN(INITIAL); return(TOK_HEXSTRING);}
{equals} { return(TOK_EQUALS); }
. { /* eek, error! try another state */ BEGIN(INITIAL); yyless(0); }
@@ -302,6 +308,8 @@ yy_flex_debug = 0;
{period} { return(TOK_PERIOD); }
{question_mark} { return(TOK_QUESTION_MARK); }
{single_quote} { return(TOK_SINGLE_QUOTE); }
+{none} { return(TOK_NONE); }
+
{key_apparmor} { BEGIN(audit_types); return(TOK_KEY_APPARMOR); }
{key_type} { BEGIN(audit_types); return(TOK_KEY_TYPE); }
@@ -327,6 +335,7 @@ yy_flex_debug = 0;
{key_peer_profile} { BEGIN(safe_string); return(TOK_KEY_PEER_PROFILE); }
{key_label} { BEGIN(safe_string); return(TOK_KEY_LABEL); }
{key_peer_label} { BEGIN(safe_string); return(TOK_KEY_PEER_LABEL); }
+{key_tcontext} { BEGIN(safe_string); return(TOK_KEY_PEER_LABEL); }
{key_family} { return(TOK_KEY_FAMILY); }
{key_sock_type} { return(TOK_KEY_SOCK_TYPE); }
{key_protocol} { return(TOK_KEY_PROTOCOL); }
@@ -340,7 +349,7 @@ yy_flex_debug = 0;
{key_sauid} { return(TOK_KEY_SAUID); }
{key_ses} { return(TOK_KEY_SES); }
{key_hostname} { return(TOK_KEY_HOSTNAME); }
-{key_addr} { return(TOK_KEY_ADDR); }
+{key_addr} { BEGIN(safe_string); return(TOK_KEY_ADDR); }
{key_terminal} { return(TOK_KEY_TERMINAL); }
{key_exe} { BEGIN(safe_string); return(TOK_KEY_EXE); }
{key_comm} { BEGIN(safe_string); return(TOK_KEY_COMM); }
@@ -349,9 +358,13 @@ yy_flex_debug = 0;
{key_offset} { return(TOK_KEY_OFFSET); }
{key_target} { return(TOK_KEY_TARGET); }
{key_laddr} { yy_push_state(ip_addr, yyscanner); return(TOK_KEY_LADDR); }
+{key_saddr} { yy_push_state(ip_addr, yyscanner); return(TOK_KEY_LADDR); }
{key_faddr} { yy_push_state(ip_addr, yyscanner); return(TOK_KEY_FADDR); }
+{key_daddr} { yy_push_state(ip_addr, yyscanner); return(TOK_KEY_FADDR); }
{key_lport} { return(TOK_KEY_LPORT); }
+{key_srcport} { return(TOK_KEY_LPORT); }
{key_fport} { return(TOK_KEY_FPORT); }
+{key_destport} { return(TOK_KEY_FPORT); }
{key_bus} { return(TOK_KEY_BUS); }
{key_path} { return(TOK_KEY_PATH); }
{key_interface} { return(TOK_KEY_INTERFACE); }
@@ -362,6 +375,8 @@ yy_flex_debug = 0;
{key_fstype} { return(TOK_KEY_FSTYPE); }
{key_flags} { BEGIN(safe_string); return(TOK_KEY_FLAGS); }
{key_srcname} { BEGIN(safe_string); return(TOK_KEY_SRCNAME); }
+{key_unix_peer_addr} { BEGIN(safe_string); return(TOK_KEY_UNIX_PEER_ADDR); }
+{key_execpath} { BEGIN(safe_string); return(TOK_KEY_EXECPATH); }
{key_class} { BEGIN(safe_string); return(TOK_KEY_CLASS); }
{socklogd_kernel} { BEGIN(dmesg_timestamp); return(TOK_SOCKLOGD_KERNEL); }
diff --git a/libraries/libapparmor/src/tst_aalogparse_cpp.cpp b/libraries/libapparmor/src/tst_aalogparse_cpp.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..ad28c6ab5058cf00efe8908c8af35ac25487eaba
--- /dev/null
+++ b/libraries/libapparmor/src/tst_aalogparse_cpp.cpp
@@ -0,0 +1,20 @@
+#include <aalogparse.h>
+#include <string.h>
+
+#include "private.h"
+
+const char* log_line = "[23342.075380] audit: type=1400 audit(1725487203.971:1831): apparmor=\"DENIED\" operation=\"open\" class=\"file\" profile=\"snap-update-ns.firmware-updater\" name=\"/proc/202964/maps\" pid=202964 comm=\"5\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=0";
+
+int main(void) {
+ int rc = 0;
+
+ /* Very basic test to ensure we can do aalogparse stuff in C++ */
+ aa_log_record *record = parse_record(log_line);
+ MY_TEST(record != NULL, "Log failed to parse");
+ MY_TEST(record->version == AA_RECORD_SYNTAX_V2, "Log should have parsed as v2 form");
+ MY_TEST(record->aa_namespace == NULL, "Log should have NULL namespace");
+ MY_TEST((record->rule_class != NULL) && (strcmp(record->rule_class, "file") == 0), "Log should have file class");
+ free_record(record);
+
+ return rc;
+}
\ No newline at end of file
diff --git a/libraries/libapparmor/src/tst_aalogparse_oldname.c b/libraries/libapparmor/src/tst_aalogparse_oldname.c
new file mode 100644
index 0000000000000000000000000000000000000000..51bfc70b1a8084fdf5bddf1ae5344063275a5049
--- /dev/null
+++ b/libraries/libapparmor/src/tst_aalogparse_oldname.c
@@ -0,0 +1,20 @@
+#include <aalogparse.h>
+#include <string.h>
+
+#include "private.h"
+
+const char* log_line = "[23342.075380] audit: type=1400 audit(1725487203.971:1831): apparmor=\"DENIED\" operation=\"open\" class=\"file\" profile=\"snap-update-ns.firmware-updater\" name=\"/proc/202964/maps\" pid=202964 comm=\"5\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=0";
+
+int main(void) {
+ int rc = 0;
+
+ /* Very basic test to ensure we can use the C++-incompatible field names */
+ aa_log_record *record = parse_record(log_line);
+ MY_TEST(record != NULL, "Log failed to parse");
+ MY_TEST(record->version == AA_RECORD_SYNTAX_V2, "Log should have parsed as v2 form");
+ MY_TEST(record->namespace == NULL, "Log should have NULL namespace");
+ MY_TEST((record->class != NULL) && (strcmp(record->class, "file") == 0), "Log should have file class");
+ free_record(record);
+
+ return rc;
+}
\ No newline at end of file
diff --git a/libraries/libapparmor/src/tst_aalogparse_reentrancy.c b/libraries/libapparmor/src/tst_aalogparse_reentrancy.c
new file mode 100644
index 0000000000000000000000000000000000000000..43b932adbdd539d8b75cc5f5147664374419dd6a
--- /dev/null
+++ b/libraries/libapparmor/src/tst_aalogparse_reentrancy.c
@@ -0,0 +1,154 @@
+#include <pthread.h>
+#include <string.h>
+
+#include <aalogparse.h>
+
+#include "private.h"
+
+const char* log_line = "[23342.075380] audit: type=1400 audit(1725487203.971:1831): apparmor=\"DENIED\" operation=\"open\" class=\"file\" profile=\"snap-update-ns.firmware-updater\" name=\"/proc/202964/maps\" pid=202964 comm=\"5\" requested_mask=\"r\" denied_mask=\"r\" fsuid=1000 ouid=0";
+const char* log_line_2 = "[ 4074.372559] audit: type=1400 audit(1725553393.143:793): apparmor=\"DENIED\" operation=\"capable\" class=\"cap\" profile=\"/usr/lib/snapd/snap-confine\" pid=19034 comm=\"snap-confine\" capability=12 capname=\"net_admin\"";
+
+static int pthread_barrier_ok(int barrier_result) {
+ return barrier_result == 0 || barrier_result == PTHREAD_BARRIER_SERIAL_THREAD;
+}
+
+static int nullcmp_and_strcmp(const void *s1, const void *s2)
+{
+ /* Return 0 if both pointers are NULL & non-zero if only one is NULL */
+ if (!s1 || !s2)
+ return s1 != s2;
+
+ return strcmp(s1, s2);
+}
+
+int aa_log_record_eq(aa_log_record *record1, aa_log_record *record2) {
+ int are_eq = 1;
+
+ are_eq &= (record1->version == record2->version);
+ are_eq &= (record1->event == record2->event);
+ are_eq &= (record1->pid == record2->pid);
+ are_eq &= (record1->peer_pid == record2->peer_pid);
+ are_eq &= (record1->task == record2->task);
+ are_eq &= (record1->magic_token == record2->magic_token);
+ are_eq &= (record1->epoch == record2->epoch);
+ are_eq &= (record1->audit_sub_id == record2->audit_sub_id);
+
+ are_eq &= (record1->bitmask == record2->bitmask);
+ are_eq &= (nullcmp_and_strcmp(record1->audit_id, record2->audit_id) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->operation, record2->operation) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->denied_mask, record2->denied_mask) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->requested_mask, record2->requested_mask) == 0);
+ are_eq &= (record1->fsuid == record2->fsuid);
+ are_eq &= (record1->ouid == record2->ouid);
+ are_eq &= (nullcmp_and_strcmp(record1->profile, record2->profile) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->peer_profile, record2->peer_profile) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->comm, record2->comm) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->name, record2->name) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->name2, record2->name2) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->namespace, record2->namespace) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->attribute, record2->attribute) == 0);
+ are_eq &= (record1->parent == record2->parent);
+ are_eq &= (nullcmp_and_strcmp(record1->info, record2->info) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->peer_info, record2->peer_info) == 0);
+ are_eq &= (record1->error_code == record2->error_code);
+ are_eq &= (nullcmp_and_strcmp(record1->active_hat, record2->active_hat) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->net_family, record2->net_family) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->net_protocol, record2->net_protocol) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->net_sock_type, record2->net_sock_type) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->net_local_addr, record2->net_local_addr) == 0);
+ are_eq &= (record1->net_local_port == record2->net_local_port);
+ are_eq &= (nullcmp_and_strcmp(record1->net_foreign_addr, record2->net_foreign_addr) == 0);
+ are_eq &= (record1->net_foreign_port == record2->net_foreign_port);
+
+ are_eq &= (nullcmp_and_strcmp(record1->execpath, record2->execpath) == 0);
+
+ are_eq &= (nullcmp_and_strcmp(record1->dbus_bus, record2->dbus_bus) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->dbus_path, record2->dbus_path) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->dbus_interface, record2->dbus_interface) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->dbus_member, record2->dbus_member) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->signal, record2->signal) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->peer, record2->peer) == 0);
+
+ are_eq &= (nullcmp_and_strcmp(record1->fs_type, record2->fs_type) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->flags, record2->flags) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->src_name, record2->src_name) == 0);
+
+ are_eq &= (nullcmp_and_strcmp(record1->class, record2->class) == 0);
+
+ are_eq &= (nullcmp_and_strcmp(record1->net_addr, record2->net_addr) == 0);
+ are_eq &= (nullcmp_and_strcmp(record1->peer_addr, record2->peer_addr) == 0);
+ return are_eq;
+}
+
+typedef struct {
+ const char* log;
+ pthread_barrier_t *barrier;
+} pthread_parse_args;
+
+void* pthread_parse_log(void* args) {
+ pthread_parse_args *args_real = (pthread_parse_args *) args;
+ int barrier_wait_result = pthread_barrier_wait(args_real->barrier);
+ /* Return NULL and fail test if barrier wait fails */
+ if (!pthread_barrier_ok(barrier_wait_result)) {
+ return NULL;
+ }
+ aa_log_record *record = parse_record(args_real->log);
+ return (void*) record;
+}
+
+#define NUM_THREADS 16
+
+int main(void) {
+ pthread_t thread_ids[NUM_THREADS];
+ pthread_barrier_t barrier;
+ int barrier_wait_result;
+ aa_log_record* parsed_logs[NUM_THREADS];
+ int rc = 0;
+ /* Set up arguments to be passed to threads */
+ pthread_parse_args args = {.log=log_line, .barrier=&barrier};
+ pthread_parse_args args2 = {.log=log_line_2, .barrier=&barrier};
+
+ MY_TEST(NUM_THREADS > 2, "Test requires more than 2 threads");
+
+ /* Use barrier to synchronize the start of log parsing among all the threads
+ * This increases the likelihood of tickling race conditions, if there are any
+ */
+ MY_TEST(pthread_barrier_init(&barrier, NULL, NUM_THREADS+1) == 0,
+ "Could not init pthread barrier");
+ for (int i=0; i<NUM_THREADS; i++) {
+ if (i%2 == 0) {
+ pthread_create(&thread_ids[i], NULL, pthread_parse_log, (void *) &args);
+ } else {
+ pthread_create(&thread_ids[i], NULL, pthread_parse_log, (void *) &args2);
+ }
+ }
+ /* Final barrier_wait to set off the thread race */
+ barrier_wait_result = pthread_barrier_wait(&barrier);
+ MY_TEST(pthread_barrier_ok(barrier_wait_result), "Could not wait on pthread barrier");
+
+ /* Wait for threads to finish parsing the logs */
+ for (int i=0; i<NUM_THREADS; i++) {
+ MY_TEST(pthread_join(thread_ids[i], (void*) &parsed_logs[i]) == 0, "Could not join thread");
+ }
+
+ /* Check that all logs parsed and are equal */
+ for (int i=0; i<NUM_THREADS; i++) {
+ MY_TEST(parsed_logs[i] != NULL, "Log failed to parse");
+ MY_TEST(parsed_logs[i]->version == AA_RECORD_SYNTAX_V2, "Log should have parsed as v2 form");
+ MY_TEST(parsed_logs[i]->event == AA_RECORD_DENIED, "Log should have parsed as denied");
+
+ /* Also check i==0 and i==1 as a sanity check for aa_log_record_eq */
+ if (i%2 == 0) {
+ MY_TEST(aa_log_record_eq(parsed_logs[0], parsed_logs[i]), "Log 0 != Log even");
+ } else {
+ MY_TEST(aa_log_record_eq(parsed_logs[1], parsed_logs[i]), "Log 1 != Log odd");
+ }
+ }
+ MY_TEST(!aa_log_record_eq(parsed_logs[0], parsed_logs[1]), "Log 0 and log 1 shouldn't be equal");
+ /* Clean up */
+ MY_TEST(pthread_barrier_destroy(&barrier) == 0, "Could not destroy pthread barrier");
+ for (int i=0; i<NUM_THREADS; i++) {
+ free_record(parsed_logs[i]);
+ }
+ return rc;
+}
\ No newline at end of file
diff --git a/libraries/libapparmor/src/tst_features.c b/libraries/libapparmor/src/tst_features.c
index 036fc9d4a062c1ea31c84f9dfd4d5f8c0771aeae..9d60aa68cf31e0ab4d2870641b99485916037288 100644
--- a/libraries/libapparmor/src/tst_features.c
+++ b/libraries/libapparmor/src/tst_features.c
@@ -135,7 +135,7 @@ static int do_test_walk_one(const char **str, const struct component *component,
static int test_walk_one(void)
{
- struct component c;
+ struct component c = (struct component) { NULL, 0 };
const char *str;
int rc = 0;
diff --git a/libraries/libapparmor/swig/Makefile.in b/libraries/libapparmor/swig/Makefile.in
deleted file mode 100644
index 0ee85c9a532a9ec0bd5f2e2d96eec5efc19fb3d0..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/swig/Makefile.in
+++ /dev/null
@@ -1,646 +0,0 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = swig
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/../../common/Version \
- $(top_srcdir)/m4/ac_podchecker.m4 \
- $(top_srcdir)/m4/ac_pod2man.m4 \
- $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-SOURCES =
-DIST_SOURCES =
-RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
- ctags-recursive dvi-recursive html-recursive info-recursive \
- install-data-recursive install-dvi-recursive \
- install-exec-recursive install-html-recursive \
- install-info-recursive install-pdf-recursive \
- install-ps-recursive install-recursive installcheck-recursive \
- installdirs-recursive pdf-recursive ps-recursive \
- tags-recursive uninstall-recursive
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
- distclean-recursive maintainer-clean-recursive
-am__recursive_targets = \
- $(RECURSIVE_TARGETS) \
- $(RECURSIVE_CLEAN_TARGETS) \
- $(am__extra_recursive_targets)
-AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
- distdir distdir-am
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-DIST_SUBDIRS = $(SUBDIRS)
-am__DIST_COMMON = $(srcdir)/Makefile.in
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-am__relativize = \
- dir0=`pwd`; \
- sed_first='s,^\([^/]*\)/.*$$,\1,'; \
- sed_rest='s,^[^/]*/*,,'; \
- sed_last='s,^.*/\([^/]*\)$$,\1,'; \
- sed_butlast='s,/*[^/]*$$,,'; \
- while test -n "$$dir1"; do \
- first=`echo "$$dir1" | sed -e "$$sed_first"`; \
- if test "$$first" != "."; then \
- if test "$$first" = ".."; then \
- dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
- dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
- else \
- first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
- if test "$$first2" = "$$first"; then \
- dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
- else \
- dir2="../$$dir2"; \
- fi; \
- dir0="$$dir0"/"$$first"; \
- fi; \
- fi; \
- dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
- done; \
- reldir="$$dir2"
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POD2MAN = @POD2MAN@
-PODCHECKER = @PODCHECKER@
-PYTHON = @PYTHON@
-PYTHON_CONFIG = @PYTHON_CONFIG@
-PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
-PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
-PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RUBY = @RUBY@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-SWIG = @SWIG@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUBDIRS = perl python ruby
-EXTRA_DIST = SWIG/*.i java/Makefile.am
-all: all-recursive
-
-.SUFFIXES:
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu swig/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu swig/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run 'make' without going through this Makefile.
-# To change the values of 'make' variables: instead of editing Makefiles,
-# (1) if the variable is set in 'config.status', edit 'config.status'
-# (which will cause the Makefiles to be regenerated when you run 'make');
-# (2) otherwise, pass the desired values on the 'make' command line.
-$(am__recursive_targets):
- @fail=; \
- if $(am__make_keepgoing); then \
- failcom='fail=yes'; \
- else \
- failcom='exit 1'; \
- fi; \
- dot_seen=no; \
- target=`echo $@ | sed s/-recursive//`; \
- case "$@" in \
- distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
- *) list='$(SUBDIRS)' ;; \
- esac; \
- for subdir in $$list; do \
- echo "Making $$target in $$subdir"; \
- if test "$$subdir" = "."; then \
- dot_seen=yes; \
- local_target="$$target-am"; \
- else \
- local_target="$$target"; \
- fi; \
- ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
- || eval $$failcom; \
- done; \
- if test "$$dot_seen" = "no"; then \
- $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
- fi; test -z "$$fail"
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-recursive
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
- include_option=--etags-include; \
- empty_fix=.; \
- else \
- include_option=--include; \
- empty_fix=; \
- fi; \
- list='$(SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- test ! -f $$subdir/TAGS || \
- set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
- fi; \
- done; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-recursive
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-recursive
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
- @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- $(am__make_dryrun) \
- || test -d "$(distdir)/$$subdir" \
- || $(MKDIR_P) "$(distdir)/$$subdir" \
- || exit 1; \
- dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
- $(am__relativize); \
- new_distdir=$$reldir; \
- dir1=$$subdir; dir2="$(top_distdir)"; \
- $(am__relativize); \
- new_top_distdir=$$reldir; \
- echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
- echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
- ($(am__cd) $$subdir && \
- $(MAKE) $(AM_MAKEFLAGS) \
- top_distdir="$$new_top_distdir" \
- distdir="$$new_distdir" \
- am__remove_distdir=: \
- am__skip_length_check=: \
- am__skip_mode_fix=: \
- distdir) \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-recursive
-all-am: Makefile
-installdirs: installdirs-recursive
-installdirs-am:
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-recursive
- -rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-html-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-
-install-dvi: install-dvi-recursive
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-recursive
-
-install-html-am:
-
-install-info: install-info-recursive
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-pdf-am:
-
-install-ps: install-ps-recursive
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am:
-
-.MAKE: $(am__recursive_targets) install-am install-strip
-
-.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
- check-am clean clean-generic clean-libtool cscopelist-am ctags \
- ctags-am distclean distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-ps install-ps-am \
- install-strip installcheck installcheck-am installdirs \
- installdirs-am maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
- ps ps-am tags tags-am uninstall uninstall-am
-
-.PRECIOUS: Makefile
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
index 005dd7fb12c7a2f84c363d286e0b8dee4f5a0aa5..9c01b182b3555bedf3b2f56f4a1df269ebd9c9b8 100644
--- a/libraries/libapparmor/swig/SWIG/libapparmor.i
+++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
@@ -5,9 +5,98 @@
#include <sys/apparmor.h>
#include <sys/apparmor_private.h>
+// Include static_assert if the C compiler supports it
+// static_assert standardized since C11, assert.h not needed since C23
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && __STDC_VERSION__ < 202311L
+#include <assert.h>
+#endif
%}
%include "typemaps.i"
+%include <cstring.i>
+%include <stdint.i>
+%include <exception.i>
+
+/*
+ * SWIG 4.3 included https://github.com/swig/swig/pull/2907 to distinguish
+ * between Py_None being returned as a default void and Py_None being returned
+ * as the equivalent of C NULL. Unfortunately, this turns into an API breaking
+ * change with our use of %append_output when we want the Python function to
+ * return something even when the C function has a void return type. Thus, we
+ * need an additional macro to smooth over the differences. Include all affected
+ * languages, even ones we don't build bindings for, for completeness.
+ */
+#if SWIG_VERSION >= 0x040300
+#ifdef SWIGPYTHON
+#define ISVOID_APPEND_OUTPUT(value) {$result = SWIG_Python_AppendOutput($result, value, 1);}
+#elif defined(SWIGRUBY)
+#define ISVOID_APPEND_OUTPUT(value) {$result = SWIG_Ruby_AppendOutput($result, value, 1);}
+#elif defined(SWIGPHP)
+#define ISVOID_APPEND_OUTPUT(value) {$result = SWIG_Php_AppendOutput($result, value, 1);}
+#else
+#define ISVOID_APPEND_OUTPUT(value) %append_output(value)
+#endif
+#else
+#define ISVOID_APPEND_OUTPUT(value) %append_output(value)
+#endif
+
+%newobject parse_record;
+%delobject free_record;
+/*
+ * Despite its name, %delobject does not hook up destructors to language
+ * deletion mechanisms. Instead, it sets flags so that manually calling the
+ * free function and then deleting by language mechanisms doesn't cause a
+ * double-free.
+ *
+ * Additionally, we can manually extend the struct with a C++-like
+ * destructor. This ensures that the record struct is freed
+ * automatically when the high-level object goes out of scope.
+ */
+%extend aa_log_record {
+ ~aa_log_record() {
+ free_record($self);
+ }
+}
+
+/*
+ * Generate a no-op free_record wrapper to avoid making a double-free footgun.
+ * Use rename directive to avoid colliding with the actual free_record, which
+ * we use above to clean up when the higher-level language deletes the object.
+ *
+ * Ideally we would not expose a free_record at all, but we need to maintain
+ * backwards compatibility with the existing high-level code that uses it.
+ */
+%rename(free_record) noop_free_record;
+#ifdef SWIGPYTHON
+%pythonprepend noop_free_record %{
+import warnings
+warnings.warn("free_record is now a no-op as the record's memory is handled automatically", DeprecationWarning)
+%}
+#endif
+%feature("autodoc",
+ "This function used to free aa_log_record objects. Freeing is now handled "
+ "automatically, so this no-op function remains for backwards compatibility.") noop_free_record;
+%inline %{
+ void noop_free_record(aa_log_record *record) {(void) record;}
+%}
+
+/*
+ * Do not autogenerate a wrapper around free_record. This does not prevent us
+ * from calling it ourselves in %extend C code.
+ */
+%ignore free_record;
+
+
+/*
+ * Map names to preserve backwards compatibility
+ */
+#ifdef SWIGPYTHON
+%rename("_class") aa_log_record::rule_class;
+#else
+%rename("class") aa_log_record::rule_class;
+#endif
+%rename("namespace") aa_log_record::aa_namespace;
+
%include <aalogparse.h>
/**
@@ -21,18 +110,75 @@
/* apparmor.h */
-extern char *aa_splitcon(char *con, char **mode);
+/*
+ * label is a heap-allocated pointer, but when label and mode occur together,
+ * the freeing of label must be deferred because mode points into label.
+ *
+ * %cstring_output_allocate((char **label, char **mode), free(*$1))
+ * does not handle multi-argument typemaps correctly, so we write our own
+ * typemap based on it instead.
+ */
+%typemap(in,noblock=1,numinputs=0) (char **label, char **mode) ($*1_ltype temp_label = 0, $*2_ltype temp_mode = 0) {
+ $1 = &temp_label;
+ $2 = &temp_mode;
+}
+%typemap(freearg,match="in") (char **label, char **mode) ""
+%typemap(argout,noblock=1,fragment="SWIG_FromCharPtr") (char **label, char **mode) {
+ ISVOID_APPEND_OUTPUT(SWIG_FromCharPtr(*$1));
+ ISVOID_APPEND_OUTPUT(SWIG_FromCharPtr(*$2));
+ free(*$1);
+}
+
+/*
+ * mode also occurs in combination with con in aa_splitcon
+ * typemap based on %cstring_mutable but with substantial modifications
+ */
+%typemap(in,numinputs=1,fragment="SWIG_AsCharPtrAndSize") (char *con, char **mode) ($*2_ltype temp_mode = 0) {
+ int alloc_status = 0;
+ $1_ltype con_ptr = NULL;
+ size_t con_len = 0;
+ int char_ptr_res = SWIG_AsCharPtrAndSize($input, &con_ptr, &con_len, &alloc_status);
+ if (!SWIG_IsOK(char_ptr_res)) {
+ %argument_fail(char_ptr_res, "char *con", $symname, $argnum);
+ }
+ if (alloc_status != SWIG_NEWOBJ) {
+ // Unconditionally copy because the C function modifies the string in place
+ $1 = %new_copy_array(con_ptr, con_len+1, char);
+ } else {
+ $1 = con_ptr;
+ }
-/* apparmor_private.h */
+ $2 = &temp_mode;
+}
+%typemap(freearg,noblock=1,match="in") (char *con, char **mode) {
+ %delete_array($1);
+}
+%typemap(argout,noblock=1,fragment="SWIG_FromCharPtr") (char *con, char **mode) {
+ /*
+ * aa_splitcon returns either con or NULL so we don't need to explicitly
+ * append it to the output, and we don't need the ISVOID helper here
+ *
+ * SWIG_FromCharPtr does NULL checks for us
+ */
+ %append_output(SWIG_FromCharPtr(*$2));
+}
-extern int _aa_is_blacklisted(const char *name);
+%exception aa_splitcon {
+ $action
+ if (result == NULL) {
+ SWIG_exception_fail(SWIG_ValueError, "received invalid confinement context");
+ }
+}
+
+extern char *aa_splitcon(char *con, char **mode);
#ifdef SWIGPYTHON
%exception {
$action
if (result < 0) {
+ // Unfortunately SWIG_exception does not support OSError
PyErr_SetFromErrno(PyExc_OSError);
- return NULL;
+ SWIG_fail;
}
}
#endif
@@ -41,33 +187,219 @@ extern int _aa_is_blacklisted(const char *name);
/* apparmor.h */
+/*
+ * aa_is_enabled returns a boolean as an int with failure reason in errno
+ * Therefore, aa_is_enabled either returns True or throws an exception
+ *
+ * Keep that behavior for backwards compatibilty but return a boolean on Python
+ * where it makes more sense, which isn't a breaking change because a boolean is
+ * a subclass of int
+ */
+#ifdef SWIGPYTHON
+%typemap(out) int {
+ $result = PyBool_FromLong($1);
+}
+#endif
extern int aa_is_enabled(void);
-extern int aa_find_mountpoint(char **mnt);
+
+#ifdef SWIGPYTHON
+// Based on SWIG's argcargv.i but we don't have an argc
+%typemap(in,fragment="SWIG_AsCharPtr") const char *subprofiles[] (Py_ssize_t seq_len=0, int* alloc_tracking = NULL) {
+ void* arg_as_ptr = NULL;
+ int res_convertptr = SWIG_ConvertPtr($input, &arg_as_ptr, $descriptor(char*[]), 0);
+ if (SWIG_IsOK(res_convertptr)) {
+ $1 = %static_cast(arg_as_ptr, $1_ltype);
+ } else {
+ // Clear error that would be set if ptr conversion failed
+ PyErr_Clear();
+
+ int is_list = PyList_Check($input);
+ if (is_list || PyTuple_Check($input)) {
+ seq_len = PySequence_Length($input);
+ /*
+ * %new_array zero-inits for cleaner error handling and memory cleanup
+ * %delete_array(NULL) is no-op (either free or delete), and
+ * alloc_tracking of 0 is uninit
+ *
+ * Further note: SWIG_exception_fail jumps to the freearg typemap
+ */
+ $1 = %new_array(seq_len+1, char *);
+ if ($1 == NULL) {
+ SWIG_exception_fail(SWIG_MemoryError, "could not allocate C subprofiles");
+ }
+
+ alloc_tracking = %new_array(seq_len, int);
+ if (alloc_tracking == NULL) {
+ SWIG_exception_fail(SWIG_MemoryError, "could not allocate C alloc track arr");
+ }
+ for (Py_ssize_t i=0; i<seq_len; i++) {
+ PyObject *o = is_list ? PyList_GetItem($input, i) : PyTuple_GetItem($input, i);
+ if (o == NULL) {
+ // Failed to get item-Python already set exception info
+ SWIG_fail;
+ } else if (o == Py_None) {
+ // SWIG_AsCharPtr(Py_None, ...) succeeds with ptr output being NULL
+ SWIG_exception_fail(SWIG_ValueError, "sequence contains a None object");
+ }
+ int res = SWIG_AsCharPtr(o, &$1[i], &alloc_tracking[i]);
+ if (!SWIG_IsOK(res)) {
+ // Could emit idx of error here, maybe?
+ SWIG_exception_fail(SWIG_ArgError(res), "sequence does not contain all strings");
+ }
+ }
+ } else {
+ SWIG_exception_fail(SWIG_TypeError, "subprofiles is not a list or tuple");
+ }
+ }
+}
+%typemap(freearg,noblock=1) const char *subprofiles[] {
+/*
+ * If static_assert is present, use it to verify the assumption that
+ * allocation uninitialized (0) != SWIG_NEWOBJ
+ */
+%#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+ /*
+ * Some older versions of SWIG place this right after a goto label
+ * This would then be a label followed by a declaration, a C23 extension (!)
+ * To ensure this works for older SWIG versions and older compilers,
+ * make this a block element with curly braces.
+ */
+ {static_assert(SWIG_NEWOBJ != 0, "SWIG_NEWOBJ is 0");}
+%#endif
+ if ($1 != NULL && alloc_tracking$argnum != NULL) {
+ for (Py_ssize_t i=0; i<seq_len$argnum; i++) {
+ if (alloc_tracking$argnum[i] == SWIG_NEWOBJ) {
+ %delete_array($1[i]);
+ }
+ }
+ }
+ %delete_array(alloc_tracking$argnum);
+ %delete_array($1);
+}
+#endif
+
+/* These should not receive the VOID_Object typemap */
extern int aa_change_hat(const char *subprofile, unsigned long magic_token);
extern int aa_change_profile(const char *profile);
extern int aa_change_onexec(const char *profile);
extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
-extern int aa_change_hat_vargs(unsigned long token, int count, ...);
extern int aa_stack_profile(const char *profile);
extern int aa_stack_onexec(const char *profile);
-extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
- char **mode);
-extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode);
+
+/*
+ * aa_find_mountpoint mnt is an output pointer to a heap-allocated string
+ *
+ * This is a replica of %cstring_output_allocate(char **mnt, free(*$1))
+ * that uses the ISVOID helper to work correctly on SWIG 4.3 or later.
+ */
+%typemap(in,noblock=1,numinputs=0) (char **mnt) ($*1_ltype temp_mnt = 0) {
+ $1 = &temp_mnt;
+}
+%typemap(freearg,match="in") (char **mnt) ""
+%typemap(argout,noblock=1,fragment="SWIG_FromCharPtr") (char **mnt) {
+ ISVOID_APPEND_OUTPUT(SWIG_FromCharPtr(*$1));
+ free(*$1);
+}
+/* The other errno-based functions should not always be returning the int value:
+ * - Python exceptions signal success/failure status instead via the %exception
+ * handler above.
+ * - Perl (the other binding) has $! for accessing errno but would check the int
+ * return status first.
+ *
+ * The generated C code for (out) resets the return value to None
+ * before appending the returned data (argout generated by %cstring stuff)
+ */
+#ifdef SWIGPYTHON
+%typemap(out,noblock=1) int {
+#if defined(VOID_Object)
+ $result = VOID_Object;
+#endif
+}
+#endif
+
+/*
+ * We can't use "typedef int pid_t" because we still support systems
+ * with 16-bit PIDs and SWIG can't find sys/types.h
+ *
+ * Capture the passed-in value as a long because pid_t is guaranteed
+ * to be a signed integer and because the aalogparse struct uses
+ * (unsigned) longs to store pid values. While intmax_t would be more
+ * technically correct, if sizeof(pid_t) > sizeof(long) then aalogparse
+ * itself would also need fixing.
+ */
+%typemap(in,noblock=1,fragment="SWIG_AsVal_long") pid_t (int conv_pid, long pid_large) {
+%#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+ static_assert(sizeof(pid_t) <= sizeof(long),
+ "pid_t type is too large to be stored in a long");
+%#endif
+ conv_pid = SWIG_AsVal_long($input, &pid_large);
+ if (!SWIG_IsOK(conv_pid)) {
+ %argument_fail(conv_pid, "pid_t", $symname, $argnum);
+ }
+ /*
+ * Cast the long to a pid_t and then cast back to check for overflow
+ * Technically this is implementation-defined behaviour but we should be fine
+ */
+ $1 = (pid_t) pid_large;
+ if ((long) $1 != pid_large) {
+ SWIG_exception_fail(SWIG_OverflowError, "pid_t is too large");
+ }
+}
+
+extern int aa_find_mountpoint(char **mnt);
+extern int aa_getprocattr(pid_t tid, const char *attr, char **label, char **mode);
extern int aa_gettaskcon(pid_t target, char **label, char **mode);
extern int aa_getcon(char **label, char **mode);
-extern int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode);
extern int aa_getpeercon(int fd, char **label, char **mode);
-extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allow,
- int *audit);
-extern int aa_query_file_path_len(uint32_t mask, const char *label,
- size_t label_len, const char *path,
- size_t path_len, int *allowed, int *audited);
+
+/*
+ * Typemaps for the boolean outputs of the query functions
+ * Use boolean types for Python and int types elsewhere
+ */
+#ifdef SWIGPYTHON
+// TODO: find a way to deduplicate these
+%typemap(in, numinputs=0) int *allowed (int temp) {
+ $1 = &temp;
+}
+%typemap(argout) int *allowed {
+ ISVOID_APPEND_OUTPUT(PyBool_FromLong(*$1));
+}
+
+%typemap(in, numinputs=0) int *audited (int temp) {
+ $1 = &temp;
+}
+%typemap(argout) int *audited {
+ ISVOID_APPEND_OUTPUT(PyBool_FromLong(*$1));
+}
+#else
+%apply int *OUTPUT { int *allowed };
+%apply int *OUTPUT { int *audited };
+#endif
+
+/* Sync this with the apparmor.h */
+/* Permission flags for the AA_CLASS_FILE mediation class */
+#define AA_MAY_EXEC (1 << 0)
+#define AA_MAY_WRITE (1 << 1)
+#define AA_MAY_READ (1 << 2)
+#define AA_MAY_APPEND (1 << 3)
+#define AA_MAY_CREATE (1 << 4)
+#define AA_MAY_DELETE (1 << 5)
+#define AA_MAY_OPEN (1 << 6)
+#define AA_MAY_RENAME (1 << 7)
+#define AA_MAY_SETATTR (1 << 8)
+#define AA_MAY_GETATTR (1 << 9)
+#define AA_MAY_SETCRED (1 << 10)
+#define AA_MAY_GETCRED (1 << 11)
+#define AA_MAY_CHMOD (1 << 12)
+#define AA_MAY_CHOWN (1 << 13)
+#define AA_MAY_LOCK 0x8000
+#define AA_EXEC_MMAP 0x10000
+#define AA_MAY_LINK 0x40000
+#define AA_MAY_ONEXEC 0x20000000
+#define AA_MAY_CHANGE_PROFILE 0x40000000
+
extern int aa_query_file_path(uint32_t mask, const char *label,
const char *path, int *allowed, int *audited);
-extern int aa_query_link_path_len(const char *label, size_t label_len,
- const char *target, size_t target_len,
- const char *link, size_t link_len,
- int *allowed, int *audited);
extern int aa_query_link_path(const char *label, const char *target,
const char *link, int *allowed, int *audited);
diff --git a/libraries/libapparmor/swig/perl/Makefile.in b/libraries/libapparmor/swig/perl/Makefile.in
deleted file mode 100644
index d2daf7a5f915dfabb6527408c032a19e5d55fc39..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/swig/perl/Makefile.in
+++ /dev/null
@@ -1,503 +0,0 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = swig/perl
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/../../common/Version \
- $(top_srcdir)/m4/ac_podchecker.m4 \
- $(top_srcdir)/m4/ac_pod2man.m4 \
- $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_CLEAN_FILES = Makefile.PL
-CONFIG_CLEAN_VPATH_FILES =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-SOURCES =
-DIST_SOURCES =
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-DATA = $(noinst_DATA)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-am__DIST_COMMON = $(srcdir)/Makefile.PL.in $(srcdir)/Makefile.in
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POD2MAN = @POD2MAN@
-PODCHECKER = @PODCHECKER@
-PYTHON = @PYTHON@
-PYTHON_CONFIG = @PYTHON_CONFIG@
-PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
-PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
-PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RUBY = @RUBY@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-SWIG = @SWIG@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-EXTRA_DIST = Makefile.PL libapparmor_wrap.c LibAppArmor.pm examples/*.pl
-@HAVE_PERL_TRUE@noinst_DATA = LibAppArmor.so
-@HAVE_PERL_TRUE@MOSTLYCLEANFILES = libapparmor_wrap.c LibAppArmor.pm
-all: all-am
-
-.SUFFIXES:
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu swig/perl/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu swig/perl/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-Makefile.PL: $(top_builddir)/config.status $(srcdir)/Makefile.PL.in
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-tags TAGS:
-
-ctags CTAGS:
-
-cscope cscopelist:
-
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(DATA)
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
- -test -z "$(MOSTLYCLEANFILES)" || rm -f $(MOSTLYCLEANFILES)
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-@HAVE_PERL_FALSE@clean-local:
-@HAVE_PERL_FALSE@install-exec-local:
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-local mostlyclean-am
-
-distclean: distclean-am
- -rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am: install-exec-local
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-
-.MAKE: install-am install-strip
-
-.PHONY: all all-am check check-am clean clean-generic clean-libtool \
- clean-local cscopelist-am ctags-am distclean distclean-generic \
- distclean-libtool distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-exec-local \
- install-html install-html-am install-info install-info-am \
- install-man install-pdf install-pdf-am install-ps \
- install-ps-am install-strip installcheck installcheck-am \
- installdirs maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
- ps ps-am tags-am uninstall uninstall-am
-
-.PRECIOUS: Makefile
-
-
-@HAVE_PERL_TRUE@libapparmor_wrap.c: $(srcdir)/../SWIG/libapparmor.i
-@HAVE_PERL_TRUE@ $(SWIG) -perl -I$(srcdir)/../../include -module LibAppArmor -o $@ $(srcdir)/../SWIG/libapparmor.i
-
-@HAVE_PERL_TRUE@LibAppArmor.pm: libapparmor_wrap.c
-
-@HAVE_PERL_TRUE@Makefile.perl: Makefile.PL LibAppArmor.pm
-@HAVE_PERL_TRUE@ $(PERL) $< PREFIX=$(prefix) MAKEFILE=$@
-@HAVE_PERL_TRUE@ sed -ie 's/LD_RUN_PATH="\x24(LD_RUN_PATH)"//g' Makefile.perl
-@HAVE_PERL_TRUE@ sed -ie 's/^LD_RUN_PATH.*//g' Makefile.perl
-
-@HAVE_PERL_TRUE@LibAppArmor.so: libapparmor_wrap.c Makefile.perl
-@HAVE_PERL_TRUE@ if test ! -f libapparmor_wrap.c; then cp $(srcdir)/libapparmor_wrap.c . ; fi
-@HAVE_PERL_TRUE@ $(MAKE) -fMakefile.perl
-@HAVE_PERL_TRUE@ if test $(top_srcdir) != $(top_builddir) ; then rm -f libapparmor_wrap.c ; fi
-
-@HAVE_PERL_TRUE@install-exec-local: Makefile.perl
-@HAVE_PERL_TRUE@ $(MAKE) -fMakefile.perl install_vendor
-
-# sadly there is no make uninstall for perl
-#uninstall-local: Makefile.perl
-#$(MAKE) -fMakefile.perl uninstall
-
-@HAVE_PERL_TRUE@clean-local:
-@HAVE_PERL_TRUE@ if test -f Makefile.perl; then $(MAKE) -fMakefile.perl realclean; fi
-#rm -f Makefile.perl Makefile.perl.old
-@HAVE_PERL_TRUE@ rm -f *.so # *.o
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/libraries/libapparmor/swig/python/Makefile.am b/libraries/libapparmor/swig/python/Makefile.am
index bf05fe0fc2f563f012b232c4925ed4cad75e88ca..b42ebb1e213a6b96783bb01aae4506fedb7b56b2 100644
--- a/libraries/libapparmor/swig/python/Makefile.am
+++ b/libraries/libapparmor/swig/python/Makefile.am
@@ -14,7 +14,7 @@ MOSTLYCLEANFILES=libapparmor_wrap.c LibAppArmor.py
all-local: libapparmor_wrap.c setup.py
if test ! -f libapparmor_wrap.c; then cp $(srcdir)/libapparmor_wrap.c . ; fi
- CC="$(CC)" CFLAGS="$(PYTHON_CPPFLAGS) $(EXTRA_WARNINGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(PYTHON_LDFLAGS) $(LDFLAGS)" $(PYTHON) setup.py build
+ CC="$(CC)" CFLAGS="$(PYTHON_CPPFLAGS) $(CFLAGS) $(EXTRA_WARNINGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(PYTHON_LDFLAGS) $(LDFLAGS)" $(PYTHON) setup.py build
install-exec-local:
$(PYTHON) setup.py install --root="/$(DESTDIR)" --prefix="$(prefix)"
diff --git a/libraries/libapparmor/swig/python/Makefile.in b/libraries/libapparmor/swig/python/Makefile.in
deleted file mode 100644
index 3591d849d2fdd0ee28a3b0cfaa92b284ba92ba95..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/swig/python/Makefile.in
+++ /dev/null
@@ -1,671 +0,0 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = swig/python
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/../../common/Version \
- $(top_srcdir)/m4/ac_podchecker.m4 \
- $(top_srcdir)/m4/ac_pod2man.m4 \
- $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_CLEAN_FILES = setup.py
-CONFIG_CLEAN_VPATH_FILES =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-SOURCES =
-DIST_SOURCES =
-RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
- ctags-recursive dvi-recursive html-recursive info-recursive \
- install-data-recursive install-dvi-recursive \
- install-exec-recursive install-html-recursive \
- install-info-recursive install-pdf-recursive \
- install-ps-recursive install-recursive installcheck-recursive \
- installdirs-recursive pdf-recursive ps-recursive \
- tags-recursive uninstall-recursive
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
- distclean-recursive maintainer-clean-recursive
-am__recursive_targets = \
- $(RECURSIVE_TARGETS) \
- $(RECURSIVE_CLEAN_TARGETS) \
- $(am__extra_recursive_targets)
-AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
- distdir distdir-am
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-DIST_SUBDIRS = test
-am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/setup.py.in
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-am__relativize = \
- dir0=`pwd`; \
- sed_first='s,^\([^/]*\)/.*$$,\1,'; \
- sed_rest='s,^[^/]*/*,,'; \
- sed_last='s,^.*/\([^/]*\)$$,\1,'; \
- sed_butlast='s,/*[^/]*$$,,'; \
- while test -n "$$dir1"; do \
- first=`echo "$$dir1" | sed -e "$$sed_first"`; \
- if test "$$first" != "."; then \
- if test "$$first" = ".."; then \
- dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
- dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
- else \
- first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
- if test "$$first2" = "$$first"; then \
- dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
- else \
- dir2="../$$dir2"; \
- fi; \
- dir0="$$dir0"/"$$first"; \
- fi; \
- fi; \
- dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
- done; \
- reldir="$$dir2"
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POD2MAN = @POD2MAN@
-PODCHECKER = @PODCHECKER@
-PYTHON = @PYTHON@
-PYTHON_CONFIG = @PYTHON_CONFIG@
-PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
-PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
-PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RUBY = @RUBY@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-SWIG = @SWIG@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-@HAVE_PYTHON_TRUE@COMMONDIR = $(top_srcdir)/../../common/
-@HAVE_PYTHON_TRUE@EXTRA_DIST = libapparmor_wrap.c
-@HAVE_PYTHON_TRUE@SUBDIRS = test
-@HAVE_PYTHON_TRUE@MOSTLYCLEANFILES = libapparmor_wrap.c LibAppArmor.py
-all: all-recursive
-
-.SUFFIXES:
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu swig/python/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu swig/python/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-setup.py: $(top_builddir)/config.status $(srcdir)/setup.py.in
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run 'make' without going through this Makefile.
-# To change the values of 'make' variables: instead of editing Makefiles,
-# (1) if the variable is set in 'config.status', edit 'config.status'
-# (which will cause the Makefiles to be regenerated when you run 'make');
-# (2) otherwise, pass the desired values on the 'make' command line.
-$(am__recursive_targets):
- @fail=; \
- if $(am__make_keepgoing); then \
- failcom='fail=yes'; \
- else \
- failcom='exit 1'; \
- fi; \
- dot_seen=no; \
- target=`echo $@ | sed s/-recursive//`; \
- case "$@" in \
- distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
- *) list='$(SUBDIRS)' ;; \
- esac; \
- for subdir in $$list; do \
- echo "Making $$target in $$subdir"; \
- if test "$$subdir" = "."; then \
- dot_seen=yes; \
- local_target="$$target-am"; \
- else \
- local_target="$$target"; \
- fi; \
- ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
- || eval $$failcom; \
- done; \
- if test "$$dot_seen" = "no"; then \
- $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
- fi; test -z "$$fail"
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-recursive
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
- include_option=--etags-include; \
- empty_fix=.; \
- else \
- include_option=--include; \
- empty_fix=; \
- fi; \
- list='$(SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- test ! -f $$subdir/TAGS || \
- set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
- fi; \
- done; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-recursive
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-recursive
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
- @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- $(am__make_dryrun) \
- || test -d "$(distdir)/$$subdir" \
- || $(MKDIR_P) "$(distdir)/$$subdir" \
- || exit 1; \
- dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
- $(am__relativize); \
- new_distdir=$$reldir; \
- dir1=$$subdir; dir2="$(top_distdir)"; \
- $(am__relativize); \
- new_top_distdir=$$reldir; \
- echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
- echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
- ($(am__cd) $$subdir && \
- $(MAKE) $(AM_MAKEFLAGS) \
- top_distdir="$$new_top_distdir" \
- distdir="$$new_distdir" \
- am__remove_distdir=: \
- am__skip_length_check=: \
- am__skip_mode_fix=: \
- distdir) \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-recursive
-@HAVE_PYTHON_FALSE@all-local:
-all-am: Makefile all-local
-installdirs: installdirs-recursive
-installdirs-am:
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
- -test -z "$(MOSTLYCLEANFILES)" || rm -f $(MOSTLYCLEANFILES)
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-@HAVE_PYTHON_FALSE@clean-local:
-@HAVE_PYTHON_FALSE@install-exec-local:
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool clean-local mostlyclean-am
-
-distclean: distclean-recursive
- -rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-html-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-
-install-dvi: install-dvi-recursive
-
-install-dvi-am:
-
-install-exec-am: install-exec-local
-
-install-html: install-html-recursive
-
-install-html-am:
-
-install-info: install-info-recursive
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-pdf-am:
-
-install-ps: install-ps-recursive
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am:
-
-.MAKE: $(am__recursive_targets) install-am install-strip
-
-.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am all-local \
- check check-am clean clean-generic clean-libtool clean-local \
- cscopelist-am ctags ctags-am distclean distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-exec-local install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-ps install-ps-am \
- install-strip installcheck installcheck-am installdirs \
- installdirs-am maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
- ps ps-am tags tags-am uninstall uninstall-am
-
-.PRECIOUS: Makefile
-
-@HAVE_PYTHON_TRUE@include $(COMMONDIR)/Make.rules
-
-@HAVE_PYTHON_TRUE@libapparmor_wrap.c: $(srcdir)/../SWIG/libapparmor.i
-@HAVE_PYTHON_TRUE@ $(SWIG) -python -I$(srcdir)/../../include -module LibAppArmor -o $@ $(srcdir)/../SWIG/libapparmor.i
-
-@HAVE_PYTHON_TRUE@all-local: libapparmor_wrap.c setup.py
-@HAVE_PYTHON_TRUE@ if test ! -f libapparmor_wrap.c; then cp $(srcdir)/libapparmor_wrap.c . ; fi
-@HAVE_PYTHON_TRUE@ CC="$(CC)" CFLAGS="$(PYTHON_CPPFLAGS) $(EXTRA_WARNINGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(PYTHON_LDFLAGS) $(LDFLAGS)" $(PYTHON) setup.py build
-
-@HAVE_PYTHON_TRUE@install-exec-local:
-@HAVE_PYTHON_TRUE@ $(PYTHON) setup.py install --root="/$(DESTDIR)" --prefix="$(prefix)"
-
-@HAVE_PYTHON_TRUE@clean-local:
-@HAVE_PYTHON_TRUE@ if test -x "$(PYTHON)"; then $(PYTHON) setup.py clean; fi
-@HAVE_PYTHON_TRUE@ rm -rf build LibAppArmor.egg-info
-@HAVE_PYTHON_TRUE@ if test $(top_srcdir) != $(top_builddir) ; then rm -f libapparmor_wrap.c ; fi
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/libraries/libapparmor/swig/python/setup.py.in b/libraries/libapparmor/swig/python/setup.py.in
index b23e40746241006b494977d1c994969e4ce486cb..499a0d69feda2ab90fee81a6a8748d1380a513e6 100644
--- a/libraries/libapparmor/swig/python/setup.py.in
+++ b/libraries/libapparmor/swig/python/setup.py.in
@@ -2,7 +2,7 @@ from setuptools import setup, Extension
import string
setup(name = 'LibAppArmor',
- version = '@VERSION@',
+ version = '@VERSION@'.replace('~', '-'),
author = 'AppArmor Dev Team',
author_email = 'apparmor@lists.ubuntu.com',
url = 'https://wiki.apparmor.net',
diff --git a/libraries/libapparmor/swig/python/test/Makefile.in b/libraries/libapparmor/swig/python/test/Makefile.in
deleted file mode 100644
index 9ef993efcad7ea4df7f4c00a9440cdeea2d119cd..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/swig/python/test/Makefile.in
+++ /dev/null
@@ -1,856 +0,0 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = swig/python/test
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/../../common/Version \
- $(top_srcdir)/m4/ac_podchecker.m4 \
- $(top_srcdir)/m4/ac_pod2man.m4 \
- $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-SOURCES =
-DIST_SOURCES =
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-am__tty_colors_dummy = \
- mgn= red= grn= lgn= blu= brg= std=; \
- am__color_tests=no
-am__tty_colors = { \
- $(am__tty_colors_dummy); \
- if test "X$(AM_COLOR_TESTS)" = Xno; then \
- am__color_tests=no; \
- elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
- am__color_tests=yes; \
- elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
- am__color_tests=yes; \
- fi; \
- if test $$am__color_tests = yes; then \
- red='�[0;31m'; \
- grn='�[0;32m'; \
- lgn='�[1;32m'; \
- blu='�[1;34m'; \
- mgn='�[0;35m'; \
- brg='�[1m'; \
- std='�[m'; \
- fi; \
-}
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__recheck_rx = ^[ ]*:recheck:[ ]*
-am__global_test_result_rx = ^[ ]*:global-test-result:[ ]*
-am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]*
-# A command that, given a newline-separated list of test names on the
-# standard input, print the name of the tests that are to be re-run
-# upon "make recheck".
-am__list_recheck_tests = $(AWK) '{ \
- recheck = 1; \
- while ((rc = (getline line < ($$0 ".trs"))) != 0) \
- { \
- if (rc < 0) \
- { \
- if ((getline line2 < ($$0 ".log")) < 0) \
- recheck = 0; \
- break; \
- } \
- else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
- { \
- recheck = 0; \
- break; \
- } \
- else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
- { \
- break; \
- } \
- }; \
- if (recheck) \
- print $$0; \
- close ($$0 ".trs"); \
- close ($$0 ".log"); \
-}'
-# A command that, given a newline-separated list of test names on the
-# standard input, create the global log from their .trs and .log files.
-am__create_global_log = $(AWK) ' \
-function fatal(msg) \
-{ \
- print "fatal: making $@: " msg | "cat >&2"; \
- exit 1; \
-} \
-function rst_section(header) \
-{ \
- print header; \
- len = length(header); \
- for (i = 1; i <= len; i = i + 1) \
- printf "="; \
- printf "\n\n"; \
-} \
-{ \
- copy_in_global_log = 1; \
- global_test_result = "RUN"; \
- while ((rc = (getline line < ($$0 ".trs"))) != 0) \
- { \
- if (rc < 0) \
- fatal("failed to read from " $$0 ".trs"); \
- if (line ~ /$(am__global_test_result_rx)/) \
- { \
- sub("$(am__global_test_result_rx)", "", line); \
- sub("[ ]*$$", "", line); \
- global_test_result = line; \
- } \
- else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
- copy_in_global_log = 0; \
- }; \
- if (copy_in_global_log) \
- { \
- rst_section(global_test_result ": " $$0); \
- while ((rc = (getline line < ($$0 ".log"))) != 0) \
- { \
- if (rc < 0) \
- fatal("failed to read from " $$0 ".log"); \
- print line; \
- }; \
- printf "\n"; \
- }; \
- close ($$0 ".trs"); \
- close ($$0 ".log"); \
-}'
-# Restructured Text title.
-am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
-# Solaris 10 'make', and several other traditional 'make' implementations,
-# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it
-# by disabling -e (using the XSI extension "set +e") if it's set.
-am__sh_e_setup = case $$- in *e*) set +e;; esac
-# Default flags passed to test drivers.
-am__common_driver_flags = \
- --color-tests "$$am__color_tests" \
- --enable-hard-errors "$$am__enable_hard_errors" \
- --expect-failure "$$am__expect_failure"
-# To be inserted before the command running the test. Creates the
-# directory for the log if needed. Stores in $dir the directory
-# containing $f, in $tst the test, in $log the log. Executes the
-# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
-# passes TESTS_ENVIRONMENT. Set up options for the wrapper that
-# will run the test scripts (or their associated LOG_COMPILER, if
-# thy have one).
-am__check_pre = \
-$(am__sh_e_setup); \
-$(am__vpath_adj_setup) $(am__vpath_adj) \
-$(am__tty_colors); \
-srcdir=$(srcdir); export srcdir; \
-case "$@" in \
- */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \
- *) am__odir=.;; \
-esac; \
-test "x$$am__odir" = x"." || test -d "$$am__odir" \
- || $(MKDIR_P) "$$am__odir" || exit $$?; \
-if test -f "./$$f"; then dir=./; \
-elif test -f "$$f"; then dir=; \
-else dir="$(srcdir)/"; fi; \
-tst=$$dir$$f; log='$@'; \
-if test -n '$(DISABLE_HARD_ERRORS)'; then \
- am__enable_hard_errors=no; \
-else \
- am__enable_hard_errors=yes; \
-fi; \
-case " $(XFAIL_TESTS) " in \
- *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \
- am__expect_failure=yes;; \
- *) \
- am__expect_failure=no;; \
-esac; \
-$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
-# A shell command to get the names of the tests scripts with any registered
-# extension removed (i.e., equivalently, the names of the test logs, with
-# the '.log' extension removed). The result is saved in the shell variable
-# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly,
-# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
-# since that might cause problem with VPATH rewrites for suffix-less tests.
-# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
-am__set_TESTS_bases = \
- bases='$(TEST_LOGS)'; \
- bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
- bases=`echo $$bases`
-AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
-RECHECK_LOGS = $(TEST_LOGS)
-AM_RECURSIVE_TARGETS = check recheck
-TEST_SUITE_LOG = test-suite.log
-TEST_EXTENSIONS = @EXEEXT@ .test
-LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
-LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
-am__set_b = \
- case '$@' in \
- */*) \
- case '$*' in \
- */*) b='$*';; \
- *) b=`echo '$@' | sed 's/\.log$$//'`; \
- esac;; \
- *) \
- b='$*';; \
- esac
-am__test_logs1 = $(TESTS:=.log)
-am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
-TEST_LOGS = $(am__test_logs2:.test.log=.log)
-TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver
-TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
- $(TEST_LOG_FLAGS)
-am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/test-driver
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POD2MAN = @POD2MAN@
-PODCHECKER = @PODCHECKER@
-PYTHON = @PYTHON@
-PYTHON_CONFIG = @PYTHON_CONFIG@
-PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
-PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
-PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RUBY = @RUBY@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-SWIG = @SWIG@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-@HAVE_PYTHON_TRUE@CLEANFILES = test_python.py
-@HAVE_PYTHON_TRUE@PYTHON_DIST_BUILD_PATH = '$(builddir)/../build/$$($(PYTHON) buildpath.py)'
-@HAVE_PYTHON_TRUE@TESTS = test_python.py
-@HAVE_PYTHON_TRUE@TESTS_ENVIRONMENT = \
-@HAVE_PYTHON_TRUE@ LD_LIBRARY_PATH='$(top_builddir)/src/.libs:$(PYTHON_DIST_BUILD_PATH)' \
-@HAVE_PYTHON_TRUE@ PYTHONPATH='$(PYTHON_DIST_BUILD_PATH)'
-
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .log .test .test$(EXEEXT) .trs
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu swig/python/test/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu swig/python/test/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-tags TAGS:
-
-ctags CTAGS:
-
-cscope cscopelist:
-
-
-# Recover from deleted '.trs' file; this should ensure that
-# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
-# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells
-# to avoid problems with "make -n".
-.log.trs:
- rm -f $< $@
- $(MAKE) $(AM_MAKEFLAGS) $<
-
-# Leading 'am--fnord' is there to ensure the list of targets does not
-# expand to empty, as could happen e.g. with make check TESTS=''.
-am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
-am--force-recheck:
- @:
-
-$(TEST_SUITE_LOG): $(TEST_LOGS)
- @$(am__set_TESTS_bases); \
- am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
- redo_bases=`for i in $$bases; do \
- am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
- done`; \
- if test -n "$$redo_bases"; then \
- redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
- redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
- if $(am__make_dryrun); then :; else \
- rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
- fi; \
- fi; \
- if test -n "$$am__remaking_logs"; then \
- echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
- "recursion detected" >&2; \
- elif test -n "$$redo_logs"; then \
- am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
- fi; \
- if $(am__make_dryrun); then :; else \
- st=0; \
- errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
- for i in $$redo_bases; do \
- test -f $$i.trs && test -r $$i.trs \
- || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
- test -f $$i.log && test -r $$i.log \
- || { echo "$$errmsg $$i.log" >&2; st=1; }; \
- done; \
- test $$st -eq 0 || exit 1; \
- fi
- @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
- ws='[ ]'; \
- results=`for b in $$bases; do echo $$b.trs; done`; \
- test -n "$$results" || results=/dev/null; \
- all=` grep "^$$ws*:test-result:" $$results | wc -l`; \
- pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \
- fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \
- skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \
- xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
- xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
- error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
- if test `expr $$fail + $$xpass + $$error` -eq 0; then \
- success=true; \
- else \
- success=false; \
- fi; \
- br='==================='; br=$$br$$br$$br$$br; \
- result_count () \
- { \
- if test x"$$1" = x"--maybe-color"; then \
- maybe_colorize=yes; \
- elif test x"$$1" = x"--no-color"; then \
- maybe_colorize=no; \
- else \
- echo "$@: invalid 'result_count' usage" >&2; exit 4; \
- fi; \
- shift; \
- desc=$$1 count=$$2; \
- if test $$maybe_colorize = yes && test $$count -gt 0; then \
- color_start=$$3 color_end=$$std; \
- else \
- color_start= color_end=; \
- fi; \
- echo "$${color_start}# $$desc $$count$${color_end}"; \
- }; \
- create_testsuite_report () \
- { \
- result_count $$1 "TOTAL:" $$all "$$brg"; \
- result_count $$1 "PASS: " $$pass "$$grn"; \
- result_count $$1 "SKIP: " $$skip "$$blu"; \
- result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
- result_count $$1 "FAIL: " $$fail "$$red"; \
- result_count $$1 "XPASS:" $$xpass "$$red"; \
- result_count $$1 "ERROR:" $$error "$$mgn"; \
- }; \
- { \
- echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \
- $(am__rst_title); \
- create_testsuite_report --no-color; \
- echo; \
- echo ".. contents:: :depth: 2"; \
- echo; \
- for b in $$bases; do echo $$b; done \
- | $(am__create_global_log); \
- } >$(TEST_SUITE_LOG).tmp || exit 1; \
- mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \
- if $$success; then \
- col="$$grn"; \
- else \
- col="$$red"; \
- test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \
- fi; \
- echo "$${col}$$br$${std}"; \
- echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \
- echo "$${col}$$br$${std}"; \
- create_testsuite_report --maybe-color; \
- echo "$$col$$br$$std"; \
- if $$success; then :; else \
- echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \
- if test -n "$(PACKAGE_BUGREPORT)"; then \
- echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \
- fi; \
- echo "$$col$$br$$std"; \
- fi; \
- $$success || exit 1
-
-check-TESTS:
- @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
- @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
- @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
- @set +e; $(am__set_TESTS_bases); \
- log_list=`for i in $$bases; do echo $$i.log; done`; \
- trs_list=`for i in $$bases; do echo $$i.trs; done`; \
- log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
- $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
- exit $$?;
-recheck: all
- @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
- @set +e; $(am__set_TESTS_bases); \
- bases=`for i in $$bases; do echo $$i; done \
- | $(am__list_recheck_tests)` || exit 1; \
- log_list=`for i in $$bases; do echo $$i.log; done`; \
- log_list=`echo $$log_list`; \
- $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
- am__force_recheck=am--force-recheck \
- TEST_LOGS="$$log_list"; \
- exit $$?
-test_python.py.log: test_python.py
- @p='test_python.py'; \
- b='test_python.py'; \
- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
-.test.log:
- @p='$<'; \
- $(am__set_b); \
- $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
-@am__EXEEXT_TRUE@.test$(EXEEXT).log:
-@am__EXEEXT_TRUE@ @p='$<'; \
-@am__EXEEXT_TRUE@ $(am__set_b); \
-@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
-@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \
-@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
-@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
- $(MAKE) $(AM_MAKEFLAGS) check-TESTS
-check: check-am
-all-am: Makefile
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
- -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
- -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
- -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
-
-clean-generic:
- -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
- -rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-
-.MAKE: check-am install-am install-strip
-
-.PHONY: all all-am check check-TESTS check-am clean clean-generic \
- clean-libtool cscopelist-am ctags-am distclean \
- distclean-generic distclean-libtool distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-man install-pdf install-pdf-am \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am recheck tags-am \
- uninstall uninstall-am
-
-.PRECIOUS: Makefile
-
-
-# NOTE: tests needs to exist in test/test*.py for python's setuptools
-# not to treat it as a script to install.
-
-@HAVE_PYTHON_TRUE@test_python.py: test_python.py.in $(top_builddir)/config.status
-@HAVE_PYTHON_TRUE@ $(AM_V_GEN)cd "$(top_builddir)" && \
-@HAVE_PYTHON_TRUE@ $(SHELL) ./config.status --file="swig/python/test/$@"
-@HAVE_PYTHON_TRUE@ chmod +x test_python.py
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/libraries/libapparmor/swig/python/test/buildpath.py b/libraries/libapparmor/swig/python/test/buildpath.py
index cfa05c01f9b3ce24d56b492097384c1d30f9308f..63d70f7941ae9a9e737092929a2a4f0174804998 100644
--- a/libraries/libapparmor/swig/python/test/buildpath.py
+++ b/libraries/libapparmor/swig/python/test/buildpath.py
@@ -7,8 +7,8 @@ import sysconfig
import setuptools
-if tuple(map(int, setuptools.__version__.split("."))) >= (62, 1):
+if tuple(map(int, setuptools.__version__.split(".")[:2])) >= (62, 1):
identifier = sys.implementation.cache_tag
else:
identifier = "%d.%d" % sys.version_info[:2]
-print("lib.%s-%s" % (sysconfig.get_platform(), identifier))
+print("lib.{}-{}".format(sysconfig.get_platform(), identifier))
diff --git a/libraries/libapparmor/swig/python/test/test_python.py.in b/libraries/libapparmor/swig/python/test/test_python.py.in
index 02b4c39eeae59c39cc03853f79af8cd5b907abd5..b9d7afa7509f80c6a3d8db7db61f656db577aad0 100644
--- a/libraries/libapparmor/swig/python/test/test_python.py.in
+++ b/libraries/libapparmor/swig/python/test/test_python.py.in
@@ -55,17 +55,107 @@ NO_VALUE_MAP = {
'fsuid': int(ctypes.c_ulong(-1).value),
'ouid': int(ctypes.c_ulong(-1).value),
}
+class AAPythonBindingsTests(unittest.TestCase):
+ def setUp(self):
+ # REPORT ALL THE OUTPUT
+ self.maxDiff = None
-class AAPythonBindingsTests(unittest.TestCase):
+ def test_aa_splitcon(self):
+ AA_SPLITCON_EXPECT = [
+ ("unconfined", "unconfined", None),
+ ("unconfined\n", "unconfined", None),
+ ("/bin/ping (enforce)", "/bin/ping", "enforce"),
+ ("/bin/ping (enforce)\n", "/bin/ping", "enforce"),
+ ("/usr/sbin/rsyslog (complain)", "/usr/sbin/rsyslog", "complain"),
+ ]
+ for context, expected_label, expected_mode in AA_SPLITCON_EXPECT:
+ actual_label, actual_mode = libapparmor.aa_splitcon(context)
+ if expected_label is None:
+ self.assertIsNone(actual_label)
+ else:
+ self.assertIsInstance(actual_label, str)
+ self.assertEqual(expected_label, actual_label)
+
+ if expected_mode is None:
+ self.assertIsNone(actual_mode)
+ else:
+ self.assertIsInstance(actual_mode, str)
+ self.assertEqual(expected_mode, actual_mode)
+
+ with self.assertRaises(ValueError):
+ libapparmor.aa_splitcon("")
+
+ def test_aa_is_enabled(self):
+ aa_enabled = libapparmor.aa_is_enabled()
+ self.assertIsInstance(aa_enabled, bool)
+
+ @unittest.skipUnless(libapparmor.aa_is_enabled(), "AppArmor is not enabled")
+ def test_aa_find_mountpoint(self):
+ mount_point = libapparmor.aa_find_mountpoint()
+ self.assertIsInstance(mount_point, str)
+ self.assertGreater(len(mount_point), 0, "mount point should not be empty")
+ self.assertTrue(os.path.isdir(mount_point))
+
+ # TODO: test commented out functions (or at least their prototypes)
+ # extern int aa_change_profile(const char *profile);
+ # extern int aa_change_onexec(const char *profile);
+ @unittest.skipUnless(libapparmor.aa_is_enabled(), "AppArmor is not enabled")
+ def test_change_hats(self):
+ # Changing hats will fail because we have no valid hats to change to
+ # However, we still verify that we get an OSError instead of a TypeError
+ with self.assertRaises(OSError):
+ libapparmor.aa_change_hat("nonexistent_profile", 12345678)
+
+ with self.assertRaises(OSError):
+ libapparmor.aa_change_hatv(["nonexistent_1", "nonexistent_2"], 0xabcdef)
+ libapparmor.aa_change_hatv(("nonexistent_1", "nonexistent_2"), 0xabcdef)
+
+ # extern int aa_stack_profile(const char *profile);
+ # extern int aa_stack_onexec(const char *profile);
+ # extern int aa_getprocattr(pid_t tid, const char *attr, char **label, char **mode);
+ # extern int aa_gettaskcon(pid_t target, char **label, char **mode);
+
+ @unittest.skipUnless(libapparmor.aa_is_enabled(), "AppArmor is not enabled")
+ def test_aa_gettaskcon(self):
+ # Our test harness should be running us as unconfined
+ # Get our own pid and this should be equivalent to aa_getcon
+ pid = os.getpid()
+
+ label, mode = libapparmor.aa_gettaskcon(pid)
+ self.assertEqual(label, "unconfined", "aa_gettaskcon label should be unconfined")
+ self.assertIsNone(mode, "aa_gettaskcon mode should be unconfined")
+
+ @unittest.skipUnless(libapparmor.aa_is_enabled(), "AppArmor is not enabled")
+ def test_aa_getcon(self):
+ # Our test harness should be running us as unconfined
+ label, mode = libapparmor.aa_getcon()
+ self.assertEqual(label, "unconfined", "aa_getcon label should be unconfined")
+ self.assertIsNone(mode, "aa_getcon mode should be unconfined")
+
+ # extern int aa_getpeercon(int fd, char **label, char **mode);
+
+ # extern int aa_query_file_path(uint32_t mask, const char *label,
+ # const char *path, int *allowed, int *audited);
+ @unittest.skipUnless(libapparmor.aa_is_enabled(), "AppArmor is not enabled")
+ def test_aa_query_file_path(self):
+ aa_query_mask = libapparmor.AA_MAY_EXEC | libapparmor.AA_MAY_READ | libapparmor.AA_MAY_WRITE
+ allowed, audited = libapparmor.aa_query_file_path(aa_query_mask, "unconfined", "/tmp/hello")
+ self.assertTrue(allowed)
+ self.assertFalse(audited)
+ # extern int aa_query_link_path(const char *label, const char *target,
+ # const char *link, int *allowed, int *audited);
+
+
+class AALogParsePythonBindingsTests(unittest.TestCase):
def setUp(self):
# REPORT ALL THE OUTPUT
self.maxDiff = None
def _runtest(self, testname):
- infile = "%s.in" % (testname)
- outfile = "%s.out" % (testname)
+ infile = testname + ".in"
+ outfile = testname + ".out"
# infile *should* only contain one line
with open(os.path.join(TESTDIR, infile), 'r') as f:
line = f.read()
@@ -78,7 +168,7 @@ class AAPythonBindingsTests(unittest.TestCase):
expected = self.parse_output_file(outfile)
self.assertEqual(expected, record,
"expected records did not match\n"
- "expected = %s\nactual = %s" % (expected, record))
+ "expected = {}\nactual = {}".format(expected, record))
def parse_output_file(self, outfile):
"""parse testcase .out file and return dict"""
@@ -93,7 +183,7 @@ class AAPythonBindingsTests(unittest.TestCase):
count += 1
if line == "START":
self.assertEqual(count, 1,
- "Unexpected output format in %s" % (outfile))
+ "Unexpected output format in " + outfile)
continue
else:
key, value = line.split(": ", 1)
@@ -118,6 +208,9 @@ class AAPythonBindingsTests(unittest.TestCase):
# FIXME: out files should report log version?
# FIXME: or can we just deprecate v1 logs?
continue
+ elif key == "thisown":
+ # SWIG generates this key to track memory allocation
+ continue
elif key in NO_VALUE_MAP:
if NO_VALUE_MAP[key] == value:
continue
@@ -141,8 +234,8 @@ def main():
for f in find_testcases(TESTDIR):
def stub_test(self, testname=f):
self._runtest(testname)
- stub_test.__doc__ = "test %s" % (f)
- setattr(AAPythonBindingsTests, 'test_%s' % (f), stub_test)
+ stub_test.__doc__ = "test " + f
+ setattr(AALogParsePythonBindingsTests, 'test_' + f, stub_test)
return unittest.main(verbosity=2)
diff --git a/libraries/libapparmor/swig/ruby/Makefile.in b/libraries/libapparmor/swig/ruby/Makefile.in
deleted file mode 100644
index 5c9b2403e4c18b848cd2297acef945182c30f9ba..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/swig/ruby/Makefile.in
+++ /dev/null
@@ -1,496 +0,0 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = swig/ruby
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/../../common/Version \
- $(top_srcdir)/m4/ac_podchecker.m4 \
- $(top_srcdir)/m4/ac_pod2man.m4 \
- $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-SOURCES =
-DIST_SOURCES =
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-DATA = $(noinst_DATA)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-am__DIST_COMMON = $(srcdir)/Makefile.in
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POD2MAN = @POD2MAN@
-PODCHECKER = @PODCHECKER@
-PYTHON = @PYTHON@
-PYTHON_CONFIG = @PYTHON_CONFIG@
-PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
-PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
-PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RUBY = @RUBY@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-SWIG = @SWIG@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-@HAVE_RUBY_TRUE@EXTRA_DIST = extconf.rb LibAppArmor_wrap.c examples/*.rb
-@HAVE_RUBY_TRUE@noinst_DATA = LibAppArmor.so
-@HAVE_RUBY_TRUE@MOSTLYCLEANFILES = LibAppArmor_wrap.c
-all: all-am
-
-.SUFFIXES:
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu swig/ruby/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu swig/ruby/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-tags TAGS:
-
-ctags CTAGS:
-
-cscope cscopelist:
-
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(DATA)
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
- -test -z "$(MOSTLYCLEANFILES)" || rm -f $(MOSTLYCLEANFILES)
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-@HAVE_RUBY_FALSE@clean-local:
-@HAVE_RUBY_FALSE@install-exec-local:
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-local mostlyclean-am
-
-distclean: distclean-am
- -rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am: install-exec-local
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-
-.MAKE: install-am install-strip
-
-.PHONY: all all-am check check-am clean clean-generic clean-libtool \
- clean-local cscopelist-am ctags-am distclean distclean-generic \
- distclean-libtool distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-exec-local \
- install-html install-html-am install-info install-info-am \
- install-man install-pdf install-pdf-am install-ps \
- install-ps-am install-strip installcheck installcheck-am \
- installdirs maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
- ps ps-am tags-am uninstall uninstall-am
-
-.PRECIOUS: Makefile
-
-
-@HAVE_RUBY_TRUE@LibAppArmor_wrap.c : $(srcdir)/../SWIG/libapparmor.i
-@HAVE_RUBY_TRUE@ $(SWIG) -ruby -module LibAppArmor -I$(top_srcdir)/include -o $@ $(srcdir)/../SWIG/libapparmor.i
-
-@HAVE_RUBY_TRUE@Makefile.ruby: extconf.rb
-@HAVE_RUBY_TRUE@ mv Makefile Makefile.bak
-@HAVE_RUBY_TRUE@ PREFIX=$(prefix) $(RUBY) $< --with-LibAppArmor-include=$(top_srcdir)/include
-@HAVE_RUBY_TRUE@ mv Makefile.bak Makefile
-
-@HAVE_RUBY_TRUE@LibAppArmor.so: LibAppArmor_wrap.c Makefile.ruby
-@HAVE_RUBY_TRUE@ $(MAKE) -fMakefile.ruby
-
-@HAVE_RUBY_TRUE@install-exec-local: Makefile.ruby
-@HAVE_RUBY_TRUE@ $(MAKE) -fMakefile.ruby install
-
-#uninstall
-#./lib/ruby/site_ruby/1.8/i686-linux/LibAppArmor.so
-
-@HAVE_RUBY_TRUE@clean-local:
-@HAVE_RUBY_TRUE@ if test -f Makefile.ruby; then $(MAKE) -fMakefile.ruby clean; fi
-@HAVE_RUBY_TRUE@ rm -f Makefile.ruby Makefile.bak
-@HAVE_RUBY_TRUE@ rm -f *.o *.so *.log
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/libraries/libapparmor/test-driver b/libraries/libapparmor/test-driver
deleted file mode 100755
index be73b80adf95515f3fc7cdc504facb29bc12e6b3..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/test-driver
+++ /dev/null
@@ -1,153 +0,0 @@
-#! /bin/sh
-# test-driver - basic testsuite driver script.
-
-scriptversion=2018-03-07.03; # UTC
-
-# Copyright (C) 2011-2021 Free Software Foundation, Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# This file is maintained in Automake, please report
-# bugs to <bug-automake@gnu.org> or send patches to
-# <automake-patches@gnu.org>.
-
-# Make unconditional expansion of undefined variables an error. This
-# helps a lot in preventing typo-related bugs.
-set -u
-
-usage_error ()
-{
- echo "$0: $*" >&2
- print_usage >&2
- exit 2
-}
-
-print_usage ()
-{
- cat <<END
-Usage:
- test-driver --test-name NAME --log-file PATH --trs-file PATH
- [--expect-failure {yes|no}] [--color-tests {yes|no}]
- [--enable-hard-errors {yes|no}] [--]
- TEST-SCRIPT [TEST-SCRIPT-ARGUMENTS]
-
-The '--test-name', '--log-file' and '--trs-file' options are mandatory.
-See the GNU Automake documentation for information.
-END
-}
-
-test_name= # Used for reporting.
-log_file= # Where to save the output of the test script.
-trs_file= # Where to save the metadata of the test run.
-expect_failure=no
-color_tests=no
-enable_hard_errors=yes
-while test $# -gt 0; do
- case $1 in
- --help) print_usage; exit $?;;
- --version) echo "test-driver $scriptversion"; exit $?;;
- --test-name) test_name=$2; shift;;
- --log-file) log_file=$2; shift;;
- --trs-file) trs_file=$2; shift;;
- --color-tests) color_tests=$2; shift;;
- --expect-failure) expect_failure=$2; shift;;
- --enable-hard-errors) enable_hard_errors=$2; shift;;
- --) shift; break;;
- -*) usage_error "invalid option: '$1'";;
- *) break;;
- esac
- shift
-done
-
-missing_opts=
-test x"$test_name" = x && missing_opts="$missing_opts --test-name"
-test x"$log_file" = x && missing_opts="$missing_opts --log-file"
-test x"$trs_file" = x && missing_opts="$missing_opts --trs-file"
-if test x"$missing_opts" != x; then
- usage_error "the following mandatory options are missing:$missing_opts"
-fi
-
-if test $# -eq 0; then
- usage_error "missing argument"
-fi
-
-if test $color_tests = yes; then
- # Keep this in sync with 'lib/am/check.am:$(am__tty_colors)'.
- red='�[0;31m' # Red.
- grn='�[0;32m' # Green.
- lgn='�[1;32m' # Light green.
- blu='�[1;34m' # Blue.
- mgn='�[0;35m' # Magenta.
- std='�[m' # No color.
-else
- red= grn= lgn= blu= mgn= std=
-fi
-
-do_exit='rm -f $log_file $trs_file; (exit $st); exit $st'
-trap "st=129; $do_exit" 1
-trap "st=130; $do_exit" 2
-trap "st=141; $do_exit" 13
-trap "st=143; $do_exit" 15
-
-# Test script is run here. We create the file first, then append to it,
-# to ameliorate tests themselves also writing to the log file. Our tests
-# don't, but others can (automake bug#35762).
-: >"$log_file"
-"$@" >>"$log_file" 2>&1
-estatus=$?
-
-if test $enable_hard_errors = no && test $estatus -eq 99; then
- tweaked_estatus=1
-else
- tweaked_estatus=$estatus
-fi
-
-case $tweaked_estatus:$expect_failure in
- 0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
- 0:*) col=$grn res=PASS recheck=no gcopy=no;;
- 77:*) col=$blu res=SKIP recheck=no gcopy=yes;;
- 99:*) col=$mgn res=ERROR recheck=yes gcopy=yes;;
- *:yes) col=$lgn res=XFAIL recheck=no gcopy=yes;;
- *:*) col=$red res=FAIL recheck=yes gcopy=yes;;
-esac
-
-# Report the test outcome and exit status in the logs, so that one can
-# know whether the test passed or failed simply by looking at the '.log'
-# file, without the need of also peaking into the corresponding '.trs'
-# file (automake bug#11814).
-echo "$res $test_name (exit status: $estatus)" >>"$log_file"
-
-# Report outcome to console.
-echo "${col}${res}${std}: $test_name"
-
-# Register the test result, and other relevant metadata.
-echo ":test-result: $res" > $trs_file
-echo ":global-test-result: $res" >> $trs_file
-echo ":recheck: $recheck" >> $trs_file
-echo ":copy-in-global-log: $gcopy" >> $trs_file
-
-# Local Variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
-# time-stamp-end: "; # UTC"
-# End:
diff --git a/libraries/libapparmor/testsuite/Makefile.in b/libraries/libapparmor/testsuite/Makefile.in
deleted file mode 100644
index ce85d92d9c15a043b87c5d98db59d083d270925a..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/testsuite/Makefile.in
+++ /dev/null
@@ -1,818 +0,0 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-noinst_PROGRAMS = test_multi.multi$(EXEEXT)
-subdir = testsuite
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/../../common/Version \
- $(top_srcdir)/m4/ac_podchecker.m4 \
- $(top_srcdir)/m4/ac_pod2man.m4 \
- $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-PROGRAMS = $(noinst_PROGRAMS)
-am_test_multi_multi_OBJECTS = test_multi_multi-test_multi.$(OBJEXT)
-test_multi_multi_OBJECTS = $(am_test_multi_multi_OBJECTS)
-test_multi_multi_DEPENDENCIES =
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-test_multi_multi_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
- $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
- $(test_multi_multi_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \
- -o $@
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I.@am__isrc@
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/test_multi_multi-test_multi.Po
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(test_multi_multi_SOURCES)
-DIST_SOURCES = $(test_multi_multi_SOURCES)
-RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
- ctags-recursive dvi-recursive html-recursive info-recursive \
- install-data-recursive install-dvi-recursive \
- install-exec-recursive install-html-recursive \
- install-info-recursive install-pdf-recursive \
- install-ps-recursive install-recursive installcheck-recursive \
- installdirs-recursive pdf-recursive ps-recursive \
- tags-recursive uninstall-recursive
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
- distclean-recursive maintainer-clean-recursive
-am__recursive_targets = \
- $(RECURSIVE_TARGETS) \
- $(RECURSIVE_CLEAN_TARGETS) \
- $(am__extra_recursive_targets)
-AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
- distdir distdir-am
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-DEJATOOL = $(PACKAGE)
-RUNTESTDEFAULTFLAGS = --tool $$tool --srcdir $$srcdir
-EXPECT = expect
-RUNTEST = runtest
-DIST_SUBDIRS = $(SUBDIRS)
-am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-am__relativize = \
- dir0=`pwd`; \
- sed_first='s,^\([^/]*\)/.*$$,\1,'; \
- sed_rest='s,^[^/]*/*,,'; \
- sed_last='s,^.*/\([^/]*\)$$,\1,'; \
- sed_butlast='s,/*[^/]*$$,,'; \
- while test -n "$$dir1"; do \
- first=`echo "$$dir1" | sed -e "$$sed_first"`; \
- if test "$$first" != "."; then \
- if test "$$first" = ".."; then \
- dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
- dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
- else \
- first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
- if test "$$first2" = "$$first"; then \
- dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
- else \
- dir2="../$$dir2"; \
- fi; \
- dir0="$$dir0"/"$$first"; \
- fi; \
- fi; \
- dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
- done; \
- reldir="$$dir2"
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = libaalogparse
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POD2MAN = @POD2MAN@
-PODCHECKER = @PODCHECKER@
-PYTHON = @PYTHON@
-PYTHON_CONFIG = @PYTHON_CONFIG@
-PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
-PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
-PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RUBY = @RUBY@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-SWIG = @SWIG@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-SUBDIRS = lib config libaalogparse.test
-AUTOMAKE_OPTIONS = dejagnu
-COMMONDIR = $(top_srcdir)/../../common
-INCLUDES = -I. -I$(top_srcdir)/include
-AM_CPPFLAGS = $(DEBUG_FLAGS) -DLOCALEDIR=\"${localedir}\"
-AM_CFLAGS = -Wall
-test_multi_multi_SOURCES = test_multi.c
-test_multi_multi_CFLAGS = -Wall $(EXTRA_WARNINGS)
-test_multi_multi_LDADD = -L../src/.libs -lapparmor
-EXTRA_DIST = test_multi/*.in test_multi/*.out test_multi/*.err
-all: all-recursive
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu testsuite/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu testsuite/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-clean-noinstPROGRAMS:
- @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \
- echo " rm -f" $$list; \
- rm -f $$list || exit $$?; \
- test -n "$(EXEEXT)" || exit 0; \
- list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f" $$list; \
- rm -f $$list
-
-test_multi.multi$(EXEEXT): $(test_multi_multi_OBJECTS) $(test_multi_multi_DEPENDENCIES) $(EXTRA_test_multi_multi_DEPENDENCIES)
- @rm -f test_multi.multi$(EXEEXT)
- $(AM_V_CCLD)$(test_multi_multi_LINK) $(test_multi_multi_OBJECTS) $(test_multi_multi_LDADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_multi_multi-test_multi.Po@am__quote@ # am--include-marker
-
-$(am__depfiles_remade):
- @$(MKDIR_P) $(@D)
- @echo '# dummy' >$@-t && $(am__mv) $@-t $@
-
-am--depfiles: $(am__depfiles_remade)
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-test_multi_multi-test_multi.o: test_multi.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_multi_multi_CFLAGS) $(CFLAGS) -MT test_multi_multi-test_multi.o -MD -MP -MF $(DEPDIR)/test_multi_multi-test_multi.Tpo -c -o test_multi_multi-test_multi.o `test -f 'test_multi.c' || echo '$(srcdir)/'`test_multi.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_multi_multi-test_multi.Tpo $(DEPDIR)/test_multi_multi-test_multi.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_multi.c' object='test_multi_multi-test_multi.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_multi_multi_CFLAGS) $(CFLAGS) -c -o test_multi_multi-test_multi.o `test -f 'test_multi.c' || echo '$(srcdir)/'`test_multi.c
-
-test_multi_multi-test_multi.obj: test_multi.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_multi_multi_CFLAGS) $(CFLAGS) -MT test_multi_multi-test_multi.obj -MD -MP -MF $(DEPDIR)/test_multi_multi-test_multi.Tpo -c -o test_multi_multi-test_multi.obj `if test -f 'test_multi.c'; then $(CYGPATH_W) 'test_multi.c'; else $(CYGPATH_W) '$(srcdir)/test_multi.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_multi_multi-test_multi.Tpo $(DEPDIR)/test_multi_multi-test_multi.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_multi.c' object='test_multi_multi-test_multi.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_multi_multi_CFLAGS) $(CFLAGS) -c -o test_multi_multi-test_multi.obj `if test -f 'test_multi.c'; then $(CYGPATH_W) 'test_multi.c'; else $(CYGPATH_W) '$(srcdir)/test_multi.c'; fi`
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run 'make' without going through this Makefile.
-# To change the values of 'make' variables: instead of editing Makefiles,
-# (1) if the variable is set in 'config.status', edit 'config.status'
-# (which will cause the Makefiles to be regenerated when you run 'make');
-# (2) otherwise, pass the desired values on the 'make' command line.
-$(am__recursive_targets):
- @fail=; \
- if $(am__make_keepgoing); then \
- failcom='fail=yes'; \
- else \
- failcom='exit 1'; \
- fi; \
- dot_seen=no; \
- target=`echo $@ | sed s/-recursive//`; \
- case "$@" in \
- distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
- *) list='$(SUBDIRS)' ;; \
- esac; \
- for subdir in $$list; do \
- echo "Making $$target in $$subdir"; \
- if test "$$subdir" = "."; then \
- dot_seen=yes; \
- local_target="$$target-am"; \
- else \
- local_target="$$target"; \
- fi; \
- ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
- || eval $$failcom; \
- done; \
- if test "$$dot_seen" = "no"; then \
- $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
- fi; test -z "$$fail"
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-recursive
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
- include_option=--etags-include; \
- empty_fix=.; \
- else \
- include_option=--include; \
- empty_fix=; \
- fi; \
- list='$(SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- test ! -f $$subdir/TAGS || \
- set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
- fi; \
- done; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-recursive
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-recursive
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-check-DEJAGNU: site.exp
- srcdir='$(srcdir)'; export srcdir; \
- EXPECT=$(EXPECT); export EXPECT; \
- if $(SHELL) -c "$(RUNTEST) --version" > /dev/null 2>&1; then \
- exit_status=0; l='$(DEJATOOL)'; for tool in $$l; do \
- if $(RUNTEST) $(RUNTESTDEFAULTFLAGS) $(AM_RUNTESTFLAGS) $(RUNTESTFLAGS); \
- then :; else exit_status=1; fi; \
- done; \
- else echo "WARNING: could not find '$(RUNTEST)'" 1>&2; :;\
- fi; \
- exit $$exit_status
-site.exp: Makefile $(EXTRA_DEJAGNU_SITE_CONFIG)
- @echo 'Making a new site.exp file ...'
- @echo '## these variables are automatically generated by make ##' >site.tmp
- @echo '# Do not edit here. If you wish to override these values' >>site.tmp
- @echo '# edit the last section' >>site.tmp
- @echo 'set srcdir "$(srcdir)"' >>site.tmp
- @echo "set objdir \"`pwd`\"" >>site.tmp
- @echo 'set build_alias "$(build_alias)"' >>site.tmp
- @echo 'set build_triplet $(build_triplet)' >>site.tmp
- @echo 'set host_alias "$(host_alias)"' >>site.tmp
- @echo 'set host_triplet $(host_triplet)' >>site.tmp
- @list='$(EXTRA_DEJAGNU_SITE_CONFIG)'; for f in $$list; do \
- echo "## Begin content included from file $$f. Do not modify. ##" \
- && cat `test -f "$$f" || echo '$(srcdir)/'`$$f \
- && echo "## End content included from file $$f. ##" \
- || exit 1; \
- done >> site.tmp
- @echo "## End of auto-generated content; you can edit from here. ##" >> site.tmp
- @if test -f site.exp; then \
- sed -e '1,/^## End of auto-generated content.*##/d' site.exp >> site.tmp; \
- fi
- @-rm -f site.bak
- @test ! -f site.exp || mv site.exp site.bak
- @mv site.tmp site.exp
-
-distclean-DEJAGNU:
- -rm -f site.exp site.bak
- -l='$(DEJATOOL)'; for tool in $$l; do \
- rm -f $$tool.sum $$tool.log; \
- done
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
- @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
- if test "$$subdir" = .; then :; else \
- $(am__make_dryrun) \
- || test -d "$(distdir)/$$subdir" \
- || $(MKDIR_P) "$(distdir)/$$subdir" \
- || exit 1; \
- dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
- $(am__relativize); \
- new_distdir=$$reldir; \
- dir1=$$subdir; dir2="$(top_distdir)"; \
- $(am__relativize); \
- new_top_distdir=$$reldir; \
- echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
- echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
- ($(am__cd) $$subdir && \
- $(MAKE) $(AM_MAKEFLAGS) \
- top_distdir="$$new_top_distdir" \
- distdir="$$new_distdir" \
- am__remove_distdir=: \
- am__skip_length_check=: \
- am__skip_mode_fix=: \
- distdir) \
- || exit 1; \
- fi; \
- done
-check-am: all-am
- $(MAKE) $(AM_MAKEFLAGS) check-DEJAGNU check-local
-check: check-recursive
-all-am: Makefile $(PROGRAMS)
-installdirs: installdirs-recursive
-installdirs-am:
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-recursive
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
-
-clean-am: clean-generic clean-libtool clean-local clean-noinstPROGRAMS \
- mostlyclean-am
-
-distclean: distclean-recursive
- -rm -f ./$(DEPDIR)/test_multi_multi-test_multi.Po
- -rm -f Makefile
-distclean-am: clean-am distclean-DEJAGNU distclean-compile \
- distclean-generic distclean-tags
-
-dvi: dvi-recursive
-
-dvi-am:
-
-html: html-recursive
-
-html-am:
-
-info: info-recursive
-
-info-am:
-
-install-data-am:
-
-install-dvi: install-dvi-recursive
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-recursive
-
-install-html-am:
-
-install-info: install-info-recursive
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-recursive
-
-install-pdf-am:
-
-install-ps: install-ps-recursive
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-recursive
- -rm -f ./$(DEPDIR)/test_multi_multi-test_multi.Po
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-recursive
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-recursive
-
-pdf-am:
-
-ps: ps-recursive
-
-ps-am:
-
-uninstall-am:
-
-.MAKE: $(am__recursive_targets) check-am install-am install-strip
-
-.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \
- am--depfiles check check-DEJAGNU check-am check-local clean \
- clean-generic clean-libtool clean-local clean-noinstPROGRAMS \
- cscopelist-am ctags ctags-am distclean distclean-DEJAGNU \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-ps install-ps-am \
- install-strip installcheck installcheck-am installdirs \
- installdirs-am maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
- uninstall-am
-
-.PRECIOUS: Makefile
-
-include $(COMMONDIR)/Make.rules
-
-clean-local:
- rm -rf tmp.err.* tmp.out.* site.exp site.bak test_multi/out
- rm -f libaalogparse.log libaalogparse.sum
-
-check-local: check-DEJAGNU
- @if ! test -f libaalogparse.log ; then echo '*** libaalogparse.log not found - is dejagnu installed? ***'; exit 1; fi
- @if grep ERROR libaalogparse.log ; then exit 1 ; fi
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/libraries/libapparmor/testsuite/config/Makefile.in b/libraries/libapparmor/testsuite/config/Makefile.in
deleted file mode 100644
index 05377bf1b91860fc752d7086790dcf0194db0397..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/testsuite/config/Makefile.in
+++ /dev/null
@@ -1,467 +0,0 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = testsuite/config
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/../../common/Version \
- $(top_srcdir)/m4/ac_podchecker.m4 \
- $(top_srcdir)/m4/ac_pod2man.m4 \
- $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-SOURCES =
-DIST_SOURCES =
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-am__DIST_COMMON = $(srcdir)/Makefile.in
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POD2MAN = @POD2MAN@
-PODCHECKER = @PODCHECKER@
-PYTHON = @PYTHON@
-PYTHON_CONFIG = @PYTHON_CONFIG@
-PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
-PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
-PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RUBY = @RUBY@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-SWIG = @SWIG@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-EXTRA_DIST = default.exp unix.exp unknown.exp
-all: all-am
-
-.SUFFIXES:
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu testsuite/config/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu testsuite/config/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-tags TAGS:
-
-ctags CTAGS:
-
-cscope cscopelist:
-
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
- -rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-
-.MAKE: install-am install-strip
-
-.PHONY: all all-am check check-am clean clean-generic clean-libtool \
- cscopelist-am ctags-am distclean distclean-generic \
- distclean-libtool distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-ps install-ps-am \
- install-strip installcheck installcheck-am installdirs \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags-am uninstall uninstall-am
-
-.PRECIOUS: Makefile
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/libraries/libapparmor/testsuite/lib/Makefile.in b/libraries/libapparmor/testsuite/lib/Makefile.in
deleted file mode 100644
index 1b8b260bb2c83e051b93de381c2e501afb4685d1..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/testsuite/lib/Makefile.in
+++ /dev/null
@@ -1,467 +0,0 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = testsuite/lib
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/../../common/Version \
- $(top_srcdir)/m4/ac_podchecker.m4 \
- $(top_srcdir)/m4/ac_pod2man.m4 \
- $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-SOURCES =
-DIST_SOURCES =
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-am__DIST_COMMON = $(srcdir)/Makefile.in
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POD2MAN = @POD2MAN@
-PODCHECKER = @PODCHECKER@
-PYTHON = @PYTHON@
-PYTHON_CONFIG = @PYTHON_CONFIG@
-PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
-PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
-PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RUBY = @RUBY@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-SWIG = @SWIG@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-EXTRA_DIST = libaalogparse_init.exp
-all: all-am
-
-.SUFFIXES:
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu testsuite/lib/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu testsuite/lib/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-tags TAGS:
-
-ctags CTAGS:
-
-cscope cscopelist:
-
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
- -rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-
-.MAKE: install-am install-strip
-
-.PHONY: all all-am check check-am clean clean-generic clean-libtool \
- cscopelist-am ctags-am distclean distclean-generic \
- distclean-libtool distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-ps install-ps-am \
- install-strip installcheck installcheck-am installdirs \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags-am uninstall uninstall-am
-
-.PRECIOUS: Makefile
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/libraries/libapparmor/testsuite/libaalogparse.test/Makefile.in b/libraries/libapparmor/testsuite/libaalogparse.test/Makefile.in
deleted file mode 100644
index dff549c3c944b62c25d4b3c357d34b37e3e4e210..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/testsuite/libaalogparse.test/Makefile.in
+++ /dev/null
@@ -1,467 +0,0 @@
-# Makefile.in generated by automake 1.16.5 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2021 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = testsuite/libaalogparse.test
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/../../common/Version \
- $(top_srcdir)/m4/ac_podchecker.m4 \
- $(top_srcdir)/m4/ac_pod2man.m4 \
- $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-SOURCES =
-DIST_SOURCES =
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-am__DIST_COMMON = $(srcdir)/Makefile.in
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPPFLAGS = @CPPFLAGS@
-CSCOPE = @CSCOPE@
-CTAGS = @CTAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-ETAGS = @ETAGS@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POD2MAN = @POD2MAN@
-PODCHECKER = @PODCHECKER@
-PYTHON = @PYTHON@
-PYTHON_CONFIG = @PYTHON_CONFIG@
-PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
-PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
-PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
-PYTHON_VERSION = @PYTHON_VERSION@
-RANLIB = @RANLIB@
-RUBY = @RUBY@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-SWIG = @SWIG@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pdfdir = @pdfdir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-runstatedir = @runstatedir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-EXTRA_DIST = multi_test.exp
-all: all-am
-
-.SUFFIXES:
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu testsuite/libaalogparse.test/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu testsuite/libaalogparse.test/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-tags TAGS:
-
-ctags CTAGS:
-
-cscope cscopelist:
-
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile
-installdirs:
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-libtool mostlyclean-am
-
-distclean: distclean-am
- -rm -f Makefile
-distclean-am: clean-am distclean-generic
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am:
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am:
-
-.MAKE: install-am install-strip
-
-.PHONY: all all-am check check-am clean clean-generic clean-libtool \
- cscopelist-am ctags-am distclean distclean-generic \
- distclean-libtool distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-ps install-ps-am \
- install-strip installcheck installcheck-am installdirs \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags-am uninstall uninstall-am
-
-.PRECIOUS: Makefile
-
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/libraries/libapparmor/testsuite/test_multi.c b/libraries/libapparmor/testsuite/test_multi.c
index f4092a8709232ef5685b25ce9dea44cfb3dc2c58..a9658d117b623ea49e340671d0de4020fd47f3ff 100644
--- a/libraries/libapparmor/testsuite/test_multi.c
+++ b/libraries/libapparmor/testsuite/test_multi.c
@@ -1,5 +1,3 @@
-#define _GNU_SOURCE /* for glibc's basename version */
-
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -7,6 +5,12 @@
#include <aalogparse.h>
+static const char *basename(const char *path)
+{
+ const char *p = strrchr(path, '/');
+ return p ? p + 1 : path;
+}
+
int print_results(aa_log_record *record);
int main(int argc, char **argv)
@@ -103,7 +107,7 @@ int print_results(aa_log_record *record)
print_string("Name", record->name);
print_string("Command", record->comm);
print_string("Name2", record->name2);
- print_string("Namespace", record->namespace);
+ print_string("Namespace", record->aa_namespace);
print_string("Attribute", record->attribute);
print_long("Task", record->task, 0);
print_long("Parent", record->parent, 0);
@@ -115,6 +119,8 @@ int print_results(aa_log_record *record)
print_long("Peer PID", record->peer_pid, 0);
print_string("Active hat", record->active_hat);
+ print_string("Net Addr", record->net_addr);
+ print_string("Peer Addr", record->peer_addr);
print_string("Network family", record->net_family);
print_string("Socket type", record->net_sock_type);
print_string("Protocol", record->net_protocol);
@@ -134,7 +140,9 @@ int print_results(aa_log_record *record)
print_string("Flags", record->flags);
print_string("Src name", record->src_name);
- print_string("Class", record->class);
+ print_string("Execpath", record->execpath);
+
+ print_string("Class", record->rule_class);
print_long("Epoch", record->epoch, 0);
print_long("Audit subid", (long) record->audit_sub_id, 0);
diff --git a/libraries/libapparmor/testsuite/test_multi/file_inherit_network_lp1509030.profile b/libraries/libapparmor/testsuite/test_multi/file_inherit_network_lp1509030.profile
index bdef4d493a18474d054676dc657c8db835d2add1..ca29bc469010b1f7d0f2180829fc941d006c981a 100644
--- a/libraries/libapparmor/testsuite/test_multi/file_inherit_network_lp1509030.profile
+++ b/libraries/libapparmor/testsuite/test_multi/file_inherit_network_lp1509030.profile
@@ -1,4 +1,4 @@
/usr/lib/NetworkManager/nm-dhcp-client.action {
- network inet6 dgram,
+ network inet6 dgram port=10580,
}
diff --git a/libraries/libapparmor/testsuite/test_multi/file_perm_network_lp1466812.profile b/libraries/libapparmor/testsuite/test_multi/file_perm_network_lp1466812.profile
index 60e448b341bcc7df01707e0f6f18460b57a6f112..f5fe6307c800512489056b666e4d9a66f8974c06 100644
--- a/libraries/libapparmor/testsuite/test_multi/file_perm_network_lp1466812.profile
+++ b/libraries/libapparmor/testsuite/test_multi/file_perm_network_lp1466812.profile
@@ -1,4 +1,4 @@
/usr/sbin/apache2 {
- network inet6 stream,
+ network inet6 stream ip=::ffff:192.168.236.159 port=80 peer=(ip=::ffff:192.168.103.80 port=61985),
}
diff --git a/libraries/libapparmor/testsuite/test_multi/file_perm_network_receive_lp1577051.profile b/libraries/libapparmor/testsuite/test_multi/file_perm_network_receive_lp1577051.profile
index e44ef1a7952a27301e35e95ee486327dc3a717aa..3074d9334640b2bc7c9e1586fef77af3c8edcb27 100644
--- a/libraries/libapparmor/testsuite/test_multi/file_perm_network_receive_lp1577051.profile
+++ b/libraries/libapparmor/testsuite/test_multi/file_perm_network_receive_lp1577051.profile
@@ -1,7 +1,7 @@
/usr/sbin/apache2 {
^www.xxxxxxxxxx.co.uk {
- network inet6 stream,
+ network (send) inet6 stream ip=::ffff:192.168.1.100 port=80 peer=(ip=::ffff:192.168.1.100 port=45658),
}
}
diff --git a/libraries/libapparmor/testsuite/test_multi/file_perm_network_receive_lp1582374.profile b/libraries/libapparmor/testsuite/test_multi/file_perm_network_receive_lp1582374.profile
index 4fac23a517bee1e565f85f328ccf40e7fac80d80..7ed203db3ccb1adae53d3ac2cc2a831025577306 100644
--- a/libraries/libapparmor/testsuite/test_multi/file_perm_network_receive_lp1582374.profile
+++ b/libraries/libapparmor/testsuite/test_multi/file_perm_network_receive_lp1582374.profile
@@ -1,7 +1,7 @@
/usr/local/apache-tomcat-8.0.33/bin/catalina.sh {
^/usr/local/jdk1.8.0_92/bin/java {
- network inet6 stream,
+ network (receive) inet6 stream ip=::ffff:127.0.0.1 port=8080 peer=(ip=::ffff:127.0.0.1 port=52308),
}
}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase36.err b/libraries/libapparmor/testsuite/test_multi/testcase36.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase36.in b/libraries/libapparmor/testsuite/test_multi/testcase36.in
new file mode 100644
index 0000000000000000000000000000000000000000..626e45e11cb4442357f0caac5435b24ac2315a50
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase36.in
@@ -0,0 +1 @@
+2025-01-27T13:01:36.226987+05:30 sec-plucky-amd64 kernel: audit: type=1400 audit(1737963096.225:3240): apparmor="AUDIT" operation="getattr" class="file" profile="/usr/sbin/mosquitto" name="/etc/mosquitto/pwfile" pid=8119 comm="mosquitto" requested_mask="r" fsuid=122 ouid=122
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase36.out b/libraries/libapparmor/testsuite/test_multi/testcase36.out
new file mode 100644
index 0000000000000000000000000000000000000000..24e0da758897c7bb9b742490f66417bd1efa61fb
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase36.out
@@ -0,0 +1,15 @@
+START
+File: testcase36.in
+Event type: AA_RECORD_AUDIT
+Audit ID: 1737963096.225:3240
+Operation: getattr
+Mask: r
+fsuid: 122
+ouid: 122
+Profile: /usr/sbin/mosquitto
+Name: /etc/mosquitto/pwfile
+Command: mosquitto
+PID: 8119
+Class: file
+Epoch: 1737963096
+Audit subid: 3240
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase36.profile b/libraries/libapparmor/testsuite/test_multi/testcase36.profile
new file mode 100644
index 0000000000000000000000000000000000000000..0b69d04d7395b28658409b70576c680a1c99eab6
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase36.profile
@@ -0,0 +1,4 @@
+/usr/sbin/mosquitto {
+ /etc/mosquitto/pwfile r,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_01.err b/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_01.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_01.in b/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_01.in
new file mode 100644
index 0000000000000000000000000000000000000000..52542253b4af00b1b663c481108f02e69e205c60
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_01.in
@@ -0,0 +1 @@
+[ 4584.703379] audit: type=1400 audit(1680266735.359:69): apparmor="DENIED" operation="uring_sqpoll" class="io_uring" profile="/root/apparmor/tests/regression/apparmor/io_uring" pid=1320 comm="io_uring" requested="sqpoll" denied="sqpoll"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_01.out b/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_01.out
new file mode 100644
index 0000000000000000000000000000000000000000..7476dd71af9b2c52f4d4575ad0de36b69fe1a27c
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_01.out
@@ -0,0 +1,13 @@
+START
+File: testcase_io_uring_01.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1680266735.359:69
+Operation: uring_sqpoll
+Mask: sqpoll
+Denied Mask: sqpoll
+Profile: /root/apparmor/tests/regression/apparmor/io_uring
+Command: io_uring
+PID: 1320
+Class: io_uring
+Epoch: 1680266735
+Audit subid: 69
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_01.profile b/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_01.profile
new file mode 100644
index 0000000000000000000000000000000000000000..5b604fc5624ef8581cc1efaac4149cad7e245e24
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_01.profile
@@ -0,0 +1,4 @@
+/root/apparmor/tests/regression/apparmor/io_uring {
+ io_uring sqpoll,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_02.err b/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_02.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_02.in b/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_02.in
new file mode 100644
index 0000000000000000000000000000000000000000..8af3ec4f28b79e6fbc1a95c5049346f12a1ae3c7
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_02.in
@@ -0,0 +1 @@
+[ 4584.491076] audit: type=1400 audit(1680266735.147:63): apparmor="DENIED" operation="uring_override" class="io_uring" profile="/root/apparmor/tests/regression/apparmor/io_uring" pid=1193 comm="io_uring" requested="override_creds" denied="override_creds" tcontext="/root/apparmor/tests/regression/apparmor/io_uring"
\ No newline at end of file
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_02.out b/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_02.out
new file mode 100644
index 0000000000000000000000000000000000000000..5e7b7667315cb70e473b174ddd2b954544f740b0
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_02.out
@@ -0,0 +1,14 @@
+START
+File: testcase_io_uring_02.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1680266735.147:63
+Operation: uring_override
+Mask: override_creds
+Denied Mask: override_creds
+Profile: /root/apparmor/tests/regression/apparmor/io_uring
+Peer profile: /root/apparmor/tests/regression/apparmor/io_uring
+Command: io_uring
+PID: 1193
+Class: io_uring
+Epoch: 1680266735
+Audit subid: 63
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_02.profile b/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_02.profile
new file mode 100644
index 0000000000000000000000000000000000000000..431511dc8e2ddd8343e5548c8a722880c4d74758
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_io_uring_02.profile
@@ -0,0 +1,4 @@
+/root/apparmor/tests/regression/apparmor/io_uring {
+ io_uring override_creds label=/root/apparmor/tests/regression/apparmor/io_uring,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mount_01.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mount_01.profile
index ecdf67104a12fa7585b3c8d461fc7bf1841e5afd..329511dcb33e87349f22c894c862975216018547 100644
--- a/libraries/libapparmor/testsuite/test_multi/testcase_mount_01.profile
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mount_01.profile
@@ -1,4 +1,4 @@
/home/ubuntu/bzr/apparmor/tests/regression/apparmor/mount {
- mount fstype=ext2 options="rw, mand" /dev/loop0/ -> /tmp/sdtest.19033-29001-MPfz98/mountpoint/,
+ mount fstype=(ext2) options=(mand, rw) /dev/loop0/ -> /tmp/sdtest.19033-29001-MPfz98/mountpoint/,
}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mount_02.err b/libraries/libapparmor/testsuite/test_multi/testcase_mount_02.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mount_02.in b/libraries/libapparmor/testsuite/test_multi/testcase_mount_02.in
new file mode 100644
index 0000000000000000000000000000000000000000..00a90dabbdb6a92fa682b3e033f9712f2486d6b2
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mount_02.in
@@ -0,0 +1 @@
+type=AVC msg=audit(1715045678.914:344186): apparmor="ALLOWED" operation="mount" info="failed flags match" error=-13 profile="steam" name="/newroot/dev/" pid=26487 comm="srt-bwrap" flags="rw, nosuid, nodev, remount, bind, silent, relatime"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mount_02.out b/libraries/libapparmor/testsuite/test_multi/testcase_mount_02.out
new file mode 100644
index 0000000000000000000000000000000000000000..1487dfcf5e8a53d92465944767cb33a5da6dbab3
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mount_02.out
@@ -0,0 +1,14 @@
+START
+File: testcase_mount_02.in
+Event type: AA_RECORD_ALLOWED
+Audit ID: 1715045678.914:344186
+Operation: mount
+Profile: steam
+Name: /newroot/dev/
+Command: srt-bwrap
+Info: failed flags match
+ErrorCode: 13
+PID: 26487
+Flags: rw, nosuid, nodev, remount, bind, silent, relatime
+Epoch: 1715045678
+Audit subid: 344186
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mount_02.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mount_02.profile
new file mode 100644
index 0000000000000000000000000000000000000000..275d93136e761277ecffb04121db60d030305e82
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mount_02.profile
@@ -0,0 +1,4 @@
+profile steam {
+ mount options=(bind, nodev, nosuid, relatime, remount, rw, silent) -> /newroot/dev/,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.err b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.in b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.in
new file mode 100644
index 0000000000000000000000000000000000000000..4bc393d5869bca389ce9f2924e72780ef5e10486
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.in
@@ -0,0 +1 @@
+Apr 05 19:36:19 ubuntu kernel: audit: type=1400 audit(1649187379.660:255): apparmor="DENIED" operation="create" profile="/root/apparmor/tests/regression/apparmor/posix_mq_rcv" name="/queuename" pid=791 comm="posix_mq_rcv" requested="create" denied="create" class="posix_mqueue" fsuid=0 ouid=0
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.out b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.out
new file mode 100644
index 0000000000000000000000000000000000000000..4c1d8be16c74d113b5a4830b1f7203a9442349c0
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.out
@@ -0,0 +1,16 @@
+START
+File: testcase_mqueue_01.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1649187379.660:255
+Operation: create
+Mask: create
+Denied Mask: create
+fsuid: 0
+ouid: 0
+Profile: /root/apparmor/tests/regression/apparmor/posix_mq_rcv
+Name: /queuename
+Command: posix_mq_rcv
+PID: 791
+Class: posix_mqueue
+Epoch: 1649187379
+Audit subid: 255
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.profile
new file mode 100644
index 0000000000000000000000000000000000000000..f9a36a126c1db6488dc1f7765256f90824c24dd6
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_01.profile
@@ -0,0 +1,4 @@
+/root/apparmor/tests/regression/apparmor/posix_mq_rcv {
+ mqueue create type=posix /queuename,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.err b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.in b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.in
new file mode 100644
index 0000000000000000000000000000000000000000..abd39024da7cc6cd74e69393b619332ebe66974f
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.in
@@ -0,0 +1,2 @@
+Apr 05 19:36:29 ubuntu kernel: audit: type=1400 audit(1649187389.828:262): apparmor="DENIED" operation="open" profile="/root/apparmor/tests/regression/apparmor/posix_mq_rcv" name="/queuename" pid=848 comm="posix_mq_rcv" requested="read create" denied="read" class="posix_mqueue" fsuid=0 ouid=0
+
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.out b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.out
new file mode 100644
index 0000000000000000000000000000000000000000..b38b68a0363dfa34070a150068196821ada2c4d0
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.out
@@ -0,0 +1,16 @@
+START
+File: testcase_mqueue_02.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1649187389.828:262
+Operation: open
+Mask: read create
+Denied Mask: read
+fsuid: 0
+ouid: 0
+Profile: /root/apparmor/tests/regression/apparmor/posix_mq_rcv
+Name: /queuename
+Command: posix_mq_rcv
+PID: 848
+Class: posix_mqueue
+Epoch: 1649187389
+Audit subid: 262
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.profile
new file mode 100644
index 0000000000000000000000000000000000000000..1aaeff6f23a5ed7e9ae7781f608a44c8bde504bd
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_02.profile
@@ -0,0 +1,4 @@
+/root/apparmor/tests/regression/apparmor/posix_mq_rcv {
+ mqueue read type=posix /queuename,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.err b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.in b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.in
new file mode 100644
index 0000000000000000000000000000000000000000..538a5429f2bdb7d6e81b1f13dbccf324d36b8ef1
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.in
@@ -0,0 +1 @@
+Apr 05 19:36:39 ubuntu kernel: audit: type=1400 audit(1649187399.973:265): apparmor="DENIED" operation="unlink" profile="/root/apparmor/tests/regression/apparmor/posix_mq_rcv" name="/queuename" pid=897 comm="posix_mq_rcv" requested="delete" denied="delete" class="posix_mqueue" fsuid=0 ouid=0
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.out b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.out
new file mode 100644
index 0000000000000000000000000000000000000000..b21d118550e704601e4018723c9ec60ea8b81187
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.out
@@ -0,0 +1,16 @@
+START
+File: testcase_mqueue_03.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1649187399.973:265
+Operation: unlink
+Mask: delete
+Denied Mask: delete
+fsuid: 0
+ouid: 0
+Profile: /root/apparmor/tests/regression/apparmor/posix_mq_rcv
+Name: /queuename
+Command: posix_mq_rcv
+PID: 897
+Class: posix_mqueue
+Epoch: 1649187399
+Audit subid: 265
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.profile
new file mode 100644
index 0000000000000000000000000000000000000000..af443f5d0147a3461fccf4650d05c382b898b0ec
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_03.profile
@@ -0,0 +1,4 @@
+/root/apparmor/tests/regression/apparmor/posix_mq_rcv {
+ mqueue delete type=posix /queuename,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.err b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.in b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.in
new file mode 100644
index 0000000000000000000000000000000000000000..ce2aa35aaba2d6b655ec295e37479919f594d113
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.in
@@ -0,0 +1 @@
+Jun 02 16:58:20 ubuntu kernel: audit: type=1400 audit(1654189100.680:1011): apparmor="DENIED" operation="sysv_mqueue" profile="/root/apparmor/tests/regression/apparmor/sysv_mq_rcv" name="123" pid=13574 comm="sysv_mq_rcv" requested="create" denied="create" class="sysv_mqueue" fsuid=0 ouid=0
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.out b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.out
new file mode 100644
index 0000000000000000000000000000000000000000..3ea1ed8de17dbfccc8b9c33cba2526fcaed1fd1c
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.out
@@ -0,0 +1,16 @@
+START
+File: testcase_mqueue_04.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1654189100.680:1011
+Operation: sysv_mqueue
+Mask: create
+Denied Mask: create
+fsuid: 0
+ouid: 0
+Profile: /root/apparmor/tests/regression/apparmor/sysv_mq_rcv
+Name: 123
+Command: sysv_mq_rcv
+PID: 13574
+Class: sysv_mqueue
+Epoch: 1654189100
+Audit subid: 1011
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.profile
new file mode 100644
index 0000000000000000000000000000000000000000..44f5f21fe87d5dbf84e4367c830750b5d0d497dd
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_04.profile
@@ -0,0 +1,4 @@
+/root/apparmor/tests/regression/apparmor/sysv_mq_rcv {
+ mqueue create type=sysv 123,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.err b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.in b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.in
new file mode 100644
index 0000000000000000000000000000000000000000..8b36aa91b6b22f7dba286bb97b75b70df225829b
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.in
@@ -0,0 +1 @@
+Jun 02 17:15:45 ubuntu kernel: audit: type=1400 audit(1654190145.439:1135): apparmor="DENIED" operation="sysv_mqueue" profile="/root/apparmor/tests/regression/apparmor/sysv_mq_snd" name="123" pid=15849 comm="sysv_mq_snd" requested="open" denied="open" class="sysv_mqueue"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.out b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.out
new file mode 100644
index 0000000000000000000000000000000000000000..fc7c58e8d5654d22c6b53869b7658ec49c50326b
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.out
@@ -0,0 +1,14 @@
+START
+File: testcase_mqueue_05.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1654190145.439:1135
+Operation: sysv_mqueue
+Mask: open
+Denied Mask: open
+Profile: /root/apparmor/tests/regression/apparmor/sysv_mq_snd
+Name: 123
+Command: sysv_mq_snd
+PID: 15849
+Class: sysv_mqueue
+Epoch: 1654190145
+Audit subid: 1135
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.profile
new file mode 100644
index 0000000000000000000000000000000000000000..f04e07e46c8b9b06c5c62aa464cc50fb19d71a75
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_05.profile
@@ -0,0 +1,4 @@
+/root/apparmor/tests/regression/apparmor/sysv_mq_snd {
+ mqueue open type=sysv 123,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.err b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.in b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.in
new file mode 100644
index 0000000000000000000000000000000000000000..b8f7413337a9b1ae0125d10b9b4ed7a0f778fcc7
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.in
@@ -0,0 +1 @@
+Jun 02 17:15:37 ubuntu kernel: audit: type=1400 audit(1654190137.559:1122): apparmor="DENIED" operation="sysv_mqueue" profile="/root/apparmor/tests/regression/apparmor/sysv_mq_rcv" name="123" pid=15632 comm="sysv_mq_rcv" requested="read" denied="read" class="sysv_mqueue" fsuid=0 ouid=0
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.out b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.out
new file mode 100644
index 0000000000000000000000000000000000000000..cb348a874f67227b7ba75d3bf5840f086e17fe62
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.out
@@ -0,0 +1,16 @@
+START
+File: testcase_mqueue_06.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1654190137.559:1122
+Operation: sysv_mqueue
+Mask: read
+Denied Mask: read
+fsuid: 0
+ouid: 0
+Profile: /root/apparmor/tests/regression/apparmor/sysv_mq_rcv
+Name: 123
+Command: sysv_mq_rcv
+PID: 15632
+Class: sysv_mqueue
+Epoch: 1654190137
+Audit subid: 1122
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.profile
new file mode 100644
index 0000000000000000000000000000000000000000..3ab389d668473915242d6b7e426668c303cd9503
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_06.profile
@@ -0,0 +1,4 @@
+/root/apparmor/tests/regression/apparmor/sysv_mq_rcv {
+ mqueue read type=sysv 123,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.err b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.in b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.in
new file mode 100644
index 0000000000000000000000000000000000000000..15e22e7ea7b8e52d4d40951758b5cf889b790079
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.in
@@ -0,0 +1 @@
+Jun 02 17:15:51 ubuntu kernel: audit: type=1400 audit(1654190151.003:1145): apparmor="DENIED" operation="sysv_mqueue" profile="/root/apparmor/tests/regression/apparmor/sysv_mq_rcv" name="123" pid=15973 comm="sysv_mq_rcv" requested="delete" denied="delete" class="sysv_mqueue" fsuid=1001 ouid=1001
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.out b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.out
new file mode 100644
index 0000000000000000000000000000000000000000..739ae8ecac32de6d4ef892e78aa9b36f2796237d
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.out
@@ -0,0 +1,16 @@
+START
+File: testcase_mqueue_07.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1654190151.003:1145
+Operation: sysv_mqueue
+Mask: delete
+Denied Mask: delete
+fsuid: 1001
+ouid: 1001
+Profile: /root/apparmor/tests/regression/apparmor/sysv_mq_rcv
+Name: 123
+Command: sysv_mq_rcv
+PID: 15973
+Class: sysv_mqueue
+Epoch: 1654190151
+Audit subid: 1145
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.profile
new file mode 100644
index 0000000000000000000000000000000000000000..bb496517931ba8f32e6d585585a54eb3e3409255
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_07.profile
@@ -0,0 +1,4 @@
+/root/apparmor/tests/regression/apparmor/sysv_mq_rcv {
+ mqueue delete type=sysv 123,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.err b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.in b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.in
new file mode 100644
index 0000000000000000000000000000000000000000..dd46a703c00a566b37632beecc16b3339b768b59
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.in
@@ -0,0 +1 @@
+Jun 02 17:15:55 ubuntu kernel: audit: type=1400 audit(1654190155.699:1155): apparmor="DENIED" operation="sysv_mqueue" profile="/root/apparmor/tests/regression/apparmor/sysv_mq_snd" name="123" pid=16148 comm="sysv_mq_snd" requested="write" denied="write" class="sysv_mqueue" fsuid=1001 ouid=1001
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.out b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.out
new file mode 100644
index 0000000000000000000000000000000000000000..b6a1fa40ac1470aa93f95d0bf557cbc4975ce94f
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.out
@@ -0,0 +1,16 @@
+START
+File: testcase_mqueue_08.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1654190155.699:1155
+Operation: sysv_mqueue
+Mask: write
+Denied Mask: write
+fsuid: 1001
+ouid: 1001
+Profile: /root/apparmor/tests/regression/apparmor/sysv_mq_snd
+Name: 123
+Command: sysv_mq_snd
+PID: 16148
+Class: sysv_mqueue
+Epoch: 1654190155
+Audit subid: 1155
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.profile b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.profile
new file mode 100644
index 0000000000000000000000000000000000000000..9b220cff3dca713aca5146f74dee81136c8efb15
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_mqueue_08.profile
@@ -0,0 +1,4 @@
+/root/apparmor/tests/regression/apparmor/sysv_mq_snd {
+ mqueue write type=sysv 123,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_01.profile b/libraries/libapparmor/testsuite/test_multi/testcase_network_01.profile
index 5ab2381ff7d8f28c7261fcd1982ab4f22888a325..331c9d6d7344716d6094892737339d3d5d0f6c2a 100644
--- a/libraries/libapparmor/testsuite/test_multi/testcase_network_01.profile
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_01.profile
@@ -1,4 +1,4 @@
/usr/bin/evince-thumbnailer {
- network inet stream,
+ network inet stream ip=192.168.66.150 port=765 peer=(ip=192.168.66.200 port=2049),
}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_02.profile b/libraries/libapparmor/testsuite/test_multi/testcase_network_02.profile
index 5ab2381ff7d8f28c7261fcd1982ab4f22888a325..6b4cc231822fd5573a8e60e82a19007dcb5d8005 100644
--- a/libraries/libapparmor/testsuite/test_multi/testcase_network_02.profile
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_02.profile
@@ -1,4 +1,4 @@
/usr/bin/evince-thumbnailer {
- network inet stream,
+ network inet stream port=765 peer=(port=2049),
}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_03.profile b/libraries/libapparmor/testsuite/test_multi/testcase_network_03.profile
index ed4a74b4bbc1f52c4d2a3ec1104834ac0ca2f280..33ed641d73062342b5947a6ad2b75aecfde7aa53 100644
--- a/libraries/libapparmor/testsuite/test_multi/testcase_network_03.profile
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_03.profile
@@ -1,4 +1,4 @@
/usr/lib/dovecot/imap-login {
- network inet6 stream,
+ network inet6 stream port=143,
}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_04.profile b/libraries/libapparmor/testsuite/test_multi/testcase_network_04.profile
index 5e60b14a87e9fa1b5d2eadfd3aa842b2231732c4..802bc91cf14c444009eb3bb0042547863e727477 100644
--- a/libraries/libapparmor/testsuite/test_multi/testcase_network_04.profile
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_04.profile
@@ -1,4 +1,4 @@
/home/ubuntu/tmp/nc {
- network inet6 stream,
+ network inet6 stream ip=::1 port=2048 peer=(ip=::1 port=33986),
}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_05.profile b/libraries/libapparmor/testsuite/test_multi/testcase_network_05.profile
index 5e60b14a87e9fa1b5d2eadfd3aa842b2231732c4..b8c174f2c891d449b89267ca67775acac4e17b20 100644
--- a/libraries/libapparmor/testsuite/test_multi/testcase_network_05.profile
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_05.profile
@@ -1,4 +1,4 @@
/home/ubuntu/tmp/nc {
- network inet6 stream,
+ network inet6 stream ip=::ffff:127.0.0.1 port=2048 peer=(ip=::ffff:127.0.0.1 port=59180),
}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_06.err b/libraries/libapparmor/testsuite/test_multi/testcase_network_06.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_06.in b/libraries/libapparmor/testsuite/test_multi/testcase_network_06.in
new file mode 100644
index 0000000000000000000000000000000000000000..f9872e57a08108098995fe0bf023e3031ec9a908
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_06.in
@@ -0,0 +1 @@
+[319992.813426] audit: type=1400 audit(1716557137.764:477): apparmor="DENIED" operation="recvmsg" class="net" info="failed remote addr match" error=-13 profile="/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv" pid=22237 comm="net_inet_rcv" laddr=127.0.97.3 lport=3456 saddr=127.0.97.3 src=3456 family="inet" sock_type="dgram" protocol=17 requested="receive" denied="receive"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_06.out b/libraries/libapparmor/testsuite/test_multi/testcase_network_06.out
new file mode 100644
index 0000000000000000000000000000000000000000..017179ff3b352b2ff888d0d7e00f1e52005b3b99
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_06.out
@@ -0,0 +1,20 @@
+START
+File: testcase_network_06.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1716557137.764:477
+Operation: recvmsg
+Mask: receive
+Denied Mask: receive
+Profile: /home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv
+Command: net_inet_rcv
+Info: failed remote addr match
+ErrorCode: 13
+PID: 22237
+Network family: inet
+Socket type: dgram
+Protocol: udp
+Local addr: 127.0.97.3
+Local port: 3456
+Class: net
+Epoch: 1716557137
+Audit subid: 477
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_06.profile b/libraries/libapparmor/testsuite/test_multi/testcase_network_06.profile
new file mode 100644
index 0000000000000000000000000000000000000000..f9e8db43755ca8a65bb3d3e0d747bc4be2dc9a5a
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_06.profile
@@ -0,0 +1,4 @@
+/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv {
+ network (receive) inet dgram ip=127.0.97.3 port=3456,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_07.err b/libraries/libapparmor/testsuite/test_multi/testcase_network_07.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_07.in b/libraries/libapparmor/testsuite/test_multi/testcase_network_07.in
new file mode 100644
index 0000000000000000000000000000000000000000..bcf15c7be430f6da9db1adfb35974a922c520deb
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_07.in
@@ -0,0 +1 @@
+[321266.557863] audit: type=1400 audit(1716558411.518:583): apparmor="DENIED" operation="bind" class="net" profile="/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv" pid=23602 comm="net_inet_rcv" saddr=127.0.97.3 src=3456 family="inet" sock_type="dgram" protocol=17 requested="bind" denied="bind"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_07.out b/libraries/libapparmor/testsuite/test_multi/testcase_network_07.out
new file mode 100644
index 0000000000000000000000000000000000000000..0c2479f58378b3fba7d8ad64a3fd3a49c2da2543
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_07.out
@@ -0,0 +1,18 @@
+START
+File: testcase_network_07.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1716558411.518:583
+Operation: bind
+Mask: bind
+Denied Mask: bind
+Profile: /home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv
+Command: net_inet_rcv
+PID: 23602
+Network family: inet
+Socket type: dgram
+Protocol: udp
+Local addr: 127.0.97.3
+Local port: 3456
+Class: net
+Epoch: 1716558411
+Audit subid: 583
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_07.profile b/libraries/libapparmor/testsuite/test_multi/testcase_network_07.profile
new file mode 100644
index 0000000000000000000000000000000000000000..d4c5ae9c4b2aa5a436bb6df878370fd61d1069c9
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_07.profile
@@ -0,0 +1,4 @@
+/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv {
+ network (bind) inet dgram ip=127.0.97.3 port=3456,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_08.err b/libraries/libapparmor/testsuite/test_multi/testcase_network_08.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_08.in b/libraries/libapparmor/testsuite/test_multi/testcase_network_08.in
new file mode 100644
index 0000000000000000000000000000000000000000..5c26804612912d01fa1dd4c16602ed4f582012cd
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_08.in
@@ -0,0 +1 @@
+[321557.117710] audit: type=1400 audit(1716558702.097:793): apparmor="DENIED" operation="setsockopt" class="net" info="failed cmd selection match" error=-13 profile="/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv" pid=26135 comm="net_inet_rcv" family="inet" sock_type="dgram" protocol=17 requested="setopt" denied="setopt"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_08.out b/libraries/libapparmor/testsuite/test_multi/testcase_network_08.out
new file mode 100644
index 0000000000000000000000000000000000000000..5983eaec44e218f13fe67389692daca0f1d191b6
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_08.out
@@ -0,0 +1,18 @@
+START
+File: testcase_network_08.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1716558702.097:793
+Operation: setsockopt
+Mask: setopt
+Denied Mask: setopt
+Profile: /home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv
+Command: net_inet_rcv
+Info: failed cmd selection match
+ErrorCode: 13
+PID: 26135
+Network family: inet
+Socket type: dgram
+Protocol: udp
+Class: net
+Epoch: 1716558702
+Audit subid: 793
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_08.profile b/libraries/libapparmor/testsuite/test_multi/testcase_network_08.profile
new file mode 100644
index 0000000000000000000000000000000000000000..787e2e48055e3b1a882024c239ed4fd88862078f
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_08.profile
@@ -0,0 +1,4 @@
+/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv {
+ network (setopt) inet dgram,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_09.err b/libraries/libapparmor/testsuite/test_multi/testcase_network_09.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_09.in b/libraries/libapparmor/testsuite/test_multi/testcase_network_09.in
new file mode 100644
index 0000000000000000000000000000000000000000..a541812ce5eb3d2180fff03a9d4a37990c0dc913
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_09.in
@@ -0,0 +1 @@
+[338728.513756] audit: type=1400 audit(1716575873.613:1160): apparmor="DENIED" operation="sendmsg" class="net" profile="/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_snd" pid=31340 comm="net_inet_snd" laddr=127.187.243.54 lport=3457 saddr=127.187.243.54 src=3457 daddr=127.0.97.3 dest=3456 family="inet" sock_type="dgram" protocol=17 requested="send" denied="send"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_09.out b/libraries/libapparmor/testsuite/test_multi/testcase_network_09.out
new file mode 100644
index 0000000000000000000000000000000000000000..bd7028382276b45369b17e3709fa9ab14fa63cb0
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_09.out
@@ -0,0 +1,20 @@
+START
+File: testcase_network_09.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1716575873.613:1160
+Operation: sendmsg
+Mask: send
+Denied Mask: send
+Profile: /home/ubuntu/apparmor/tests/regression/apparmor/net_inet_snd
+Command: net_inet_snd
+PID: 31340
+Network family: inet
+Socket type: dgram
+Protocol: udp
+Local addr: 127.187.243.54
+Foreign addr: 127.0.97.3
+Local port: 3457
+Foreign port: 3456
+Class: net
+Epoch: 1716575873
+Audit subid: 1160
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_09.profile b/libraries/libapparmor/testsuite/test_multi/testcase_network_09.profile
new file mode 100644
index 0000000000000000000000000000000000000000..ca092cbc4eda2230c89c4b035eb7a89fec17129d
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_09.profile
@@ -0,0 +1,4 @@
+/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_snd {
+ network (send) inet dgram ip=127.187.243.54 port=3457 peer=(ip=127.0.97.3 port=3456),
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_10.err b/libraries/libapparmor/testsuite/test_multi/testcase_network_10.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_10.in b/libraries/libapparmor/testsuite/test_multi/testcase_network_10.in
new file mode 100644
index 0000000000000000000000000000000000000000..5e1286648d063b78eef9d9ea90ea5754ff423a7c
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_10.in
@@ -0,0 +1 @@
+[341455.536270] audit: type=1400 audit(1716578600.733:1467): apparmor="DENIED" operation="bind" class="net" profile="/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv" pid=35013 comm="net_inet_rcv" saddr=fd74:1820:b03a:b361::cf32 src=3456 family="inet6" sock_type="dgram" protocol=17 requested="bind" denied="bind"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_10.out b/libraries/libapparmor/testsuite/test_multi/testcase_network_10.out
new file mode 100644
index 0000000000000000000000000000000000000000..4534705fda709654c32f2f3ff6cd24bf7ac21d3e
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_10.out
@@ -0,0 +1,18 @@
+START
+File: testcase_network_10.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1716578600.733:1467
+Operation: bind
+Mask: bind
+Denied Mask: bind
+Profile: /home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv
+Command: net_inet_rcv
+PID: 35013
+Network family: inet6
+Socket type: dgram
+Protocol: udp
+Local addr: fd74:1820:b03a:b361::cf32
+Local port: 3456
+Class: net
+Epoch: 1716578600
+Audit subid: 1467
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_10.profile b/libraries/libapparmor/testsuite/test_multi/testcase_network_10.profile
new file mode 100644
index 0000000000000000000000000000000000000000..de470e4faf38c705df67f21bcdfb34eedca65e7e
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_10.profile
@@ -0,0 +1,4 @@
+/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_rcv {
+ network (bind) inet6 dgram ip=fd74:1820:b03a:b361::cf32 port=3456,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_11.err b/libraries/libapparmor/testsuite/test_multi/testcase_network_11.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_11.in b/libraries/libapparmor/testsuite/test_multi/testcase_network_11.in
new file mode 100644
index 0000000000000000000000000000000000000000..404d34c40517e92d25f60e4273be338fb393b412
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_11.in
@@ -0,0 +1 @@
+[342092.040080] audit: type=1400 audit(1716579237.240:2187): apparmor="DENIED" operation="sendmsg" class="net" profile="/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_snd" pid=43431 comm="net_inet_snd" laddr=fd74:1820:b03a:b361::a0f9 lport=3457 saddr=fd74:1820:b03a:b361::a0f9 src=3457 daddr=fd74:1820:b03a:b361::cf32 dest=3456 family="inet6" sock_type="dgram" protocol=17 requested="send" denied="send"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_11.out b/libraries/libapparmor/testsuite/test_multi/testcase_network_11.out
new file mode 100644
index 0000000000000000000000000000000000000000..5a42f1f4f4dd2c4d282142c5b7ccf9c1ba2ec7ff
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_11.out
@@ -0,0 +1,20 @@
+START
+File: testcase_network_11.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1716579237.240:2187
+Operation: sendmsg
+Mask: send
+Denied Mask: send
+Profile: /home/ubuntu/apparmor/tests/regression/apparmor/net_inet_snd
+Command: net_inet_snd
+PID: 43431
+Network family: inet6
+Socket type: dgram
+Protocol: udp
+Local addr: fd74:1820:b03a:b361::a0f9
+Foreign addr: fd74:1820:b03a:b361::cf32
+Local port: 3457
+Foreign port: 3456
+Class: net
+Epoch: 1716579237
+Audit subid: 2187
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_11.profile b/libraries/libapparmor/testsuite/test_multi/testcase_network_11.profile
new file mode 100644
index 0000000000000000000000000000000000000000..f7b1bc1010c355b59f08bcf3a1579366981af1d3
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_11.profile
@@ -0,0 +1,4 @@
+/home/ubuntu/apparmor/tests/regression/apparmor/net_inet_snd {
+ network (send) inet6 dgram ip=fd74:1820:b03a:b361::a0f9 port=3457 peer=(ip=fd74:1820:b03a:b361::cf32 port=3456),
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_12.err b/libraries/libapparmor/testsuite/test_multi/testcase_network_12.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_12.in b/libraries/libapparmor/testsuite/test_multi/testcase_network_12.in
new file mode 100644
index 0000000000000000000000000000000000000000..b4ec321871785f7a23f8ebe414a689c44d440a55
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_12.in
@@ -0,0 +1 @@
+[ 310.308737] audit: type=1400 audit(1724847289.985:631): apparmor="ALLOWED" operation="getsockname" class="net" profile="/usr/bin/wg" pid=15374 comm="wg" laddr=::ffff:127.0.0.1 lport=53131 faddr=::ffff:127.0.0.1 fport=51821 saddr=::ffff:127.0.0.1 src=53131 family="inet6" sock_type="dgram" protocol=17 requested="getattr" denied="getattr"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_12.out b/libraries/libapparmor/testsuite/test_multi/testcase_network_12.out
new file mode 100644
index 0000000000000000000000000000000000000000..a8ae57da7e81750bfb40f2cb119c9d72b5c0b526
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_12.out
@@ -0,0 +1,20 @@
+START
+File: testcase_network_12.in
+Event type: AA_RECORD_ALLOWED
+Audit ID: 1724847289.985:631
+Operation: getsockname
+Mask: getattr
+Denied Mask: getattr
+Profile: /usr/bin/wg
+Command: wg
+PID: 15374
+Network family: inet6
+Socket type: dgram
+Protocol: udp
+Local addr: ::ffff:127.0.0.1
+Foreign addr: ::ffff:127.0.0.1
+Local port: 53131
+Foreign port: 51821
+Class: net
+Epoch: 1724847289
+Audit subid: 631
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_12.profile b/libraries/libapparmor/testsuite/test_multi/testcase_network_12.profile
new file mode 100644
index 0000000000000000000000000000000000000000..dd8f887e24f67e97decca467dbacafeb47a443c4
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_12.profile
@@ -0,0 +1,4 @@
+/usr/bin/wg {
+ network (getattr) inet6 dgram ip=::ffff:127.0.0.1 port=53131,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_send_receive.profile b/libraries/libapparmor/testsuite/test_multi/testcase_network_send_receive.profile
index d56590696bfbd5d03ae1baa4504c1fa7a17e4179..2afc2fa3a555e970eb688000749383fd9673e1d2 100644
--- a/libraries/libapparmor/testsuite/test_multi/testcase_network_send_receive.profile
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_send_receive.profile
@@ -1,7 +1,7 @@
/usr/bin/nginx-amplify-agent.py {
^null-/bin/dash {
- network inet stream,
+ network (receive, send) inet stream ip=192.168.10.3 port=50758 peer=(ip=54.153.70.241 port=443),
}
}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_remount_01.err b/libraries/libapparmor/testsuite/test_multi/testcase_remount_01.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_remount_01.in b/libraries/libapparmor/testsuite/test_multi/testcase_remount_01.in
new file mode 100644
index 0000000000000000000000000000000000000000..17dce4df876a4c5157ac0af52e7fc2687bbb92a2
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_remount_01.in
@@ -0,0 +1 @@
+type=AVC msg=audit(1709108389.303:12383): apparmor="DENIED" operation="mount" class="mount" info="failed mntpnt match" error=-13 profile="/home/user/test/testmount" name="/tmp/foo/" pid=14155 comm="testmount" flags="ro, remount"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_remount_01.out b/libraries/libapparmor/testsuite/test_multi/testcase_remount_01.out
new file mode 100644
index 0000000000000000000000000000000000000000..74773be57d2b1b240dc763e468d4be0e69a080b2
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_remount_01.out
@@ -0,0 +1,15 @@
+START
+File: testcase_remount_01.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1709108389.303:12383
+Operation: mount
+Profile: /home/user/test/testmount
+Name: /tmp/foo/
+Command: testmount
+Info: failed mntpnt match
+ErrorCode: 13
+PID: 14155
+Flags: ro, remount
+Class: mount
+Epoch: 1709108389
+Audit subid: 12383
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_remount_01.profile b/libraries/libapparmor/testsuite/test_multi/testcase_remount_01.profile
new file mode 100644
index 0000000000000000000000000000000000000000..56495d0f5f3b7de7bb29fe151d36cd798191f98c
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_remount_01.profile
@@ -0,0 +1,4 @@
+/home/user/test/testmount {
+ mount options=(remount, ro) -> /tmp/foo/,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_umount_01.err b/libraries/libapparmor/testsuite/test_multi/testcase_umount_01.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_umount_01.in b/libraries/libapparmor/testsuite/test_multi/testcase_umount_01.in
new file mode 100644
index 0000000000000000000000000000000000000000..36eea0cf3551f485602cb933b00fa95c909bc959
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_umount_01.in
@@ -0,0 +1 @@
+type=AVC msg=audit(1709025786.045:43147): apparmor="DENIED" operation="umount" class="mount" profile="/home/user/test/testmount" name="/mnt/a/" pid=26697 comm="testmount"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_umount_01.out b/libraries/libapparmor/testsuite/test_multi/testcase_umount_01.out
new file mode 100644
index 0000000000000000000000000000000000000000..dd6669afda1c4e1b5c721fc5b7697a9f3121328e
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_umount_01.out
@@ -0,0 +1,12 @@
+START
+File: testcase_umount_01.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1709025786.045:43147
+Operation: umount
+Profile: /home/user/test/testmount
+Name: /mnt/a/
+Command: testmount
+PID: 26697
+Class: mount
+Epoch: 1709025786
+Audit subid: 43147
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_umount_01.profile b/libraries/libapparmor/testsuite/test_multi/testcase_umount_01.profile
new file mode 100644
index 0000000000000000000000000000000000000000..39febcc24a0a05d47b15cd8c341d2abf9573be5e
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_umount_01.profile
@@ -0,0 +1,4 @@
+/home/user/test/testmount {
+ umount /mnt/a/,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_unix_01.err b/libraries/libapparmor/testsuite/test_multi/testcase_unix_01.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_unix_01.in b/libraries/libapparmor/testsuite/test_multi/testcase_unix_01.in
new file mode 100644
index 0000000000000000000000000000000000000000..9593ab19f9ca56ef3fefe5bd3cb785bb5fb0f491
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_unix_01.in
@@ -0,0 +1 @@
+type=AVC msg=audit(1711454639.955:322): apparmor="DENIED" operation="connect" class="net" profile="/home/user/test/client.py" pid=80819 comm="client.py" family="unix" sock_type="stream" protocol=0 requested="send receive connect" denied="send receive connect" addr=none peer_addr="@test_abstract_socket" peer="/home/user/test/server.py"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_unix_01.out b/libraries/libapparmor/testsuite/test_multi/testcase_unix_01.out
new file mode 100644
index 0000000000000000000000000000000000000000..f5f463234fbdefea17f46eb0b6457d2587d87b5a
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_unix_01.out
@@ -0,0 +1,18 @@
+START
+File: testcase_unix_01.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1711454639.955:322
+Operation: connect
+Mask: send receive connect
+Denied Mask: send receive connect
+Profile: /home/user/test/client.py
+Peer: /home/user/test/server.py
+Command: client.py
+PID: 80819
+Peer Addr: @test_abstract_socket
+Network family: unix
+Socket type: stream
+Protocol: ip
+Class: net
+Epoch: 1711454639
+Audit subid: 322
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_unix_01.profile b/libraries/libapparmor/testsuite/test_multi/testcase_unix_01.profile
new file mode 100644
index 0000000000000000000000000000000000000000..6e4534cafdd99d49d1f3cf2cc58df7579e806bff
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_unix_01.profile
@@ -0,0 +1,4 @@
+/home/user/test/client.py {
+ unix (connect, receive, send) type=stream peer=(addr=@test_abstract_socket),
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_unix_02.err b/libraries/libapparmor/testsuite/test_multi/testcase_unix_02.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_unix_02.in b/libraries/libapparmor/testsuite/test_multi/testcase_unix_02.in
new file mode 100644
index 0000000000000000000000000000000000000000..9e460a3354a13fa095b5d14b90c47f3c9e3f988e
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_unix_02.in
@@ -0,0 +1 @@
+type=AVC msg=audit(1711214183.107:298): apparmor="DENIED" operation="connect" class="net" profile="/home/user/test/client.py" pid=65262 comm="server.py" family="unix" sock_type="stream" protocol=0 requested="send receive accept" denied="send accept" addr="@test_abstract_socket" peer_addr=none peer="unconfined"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_unix_02.out b/libraries/libapparmor/testsuite/test_multi/testcase_unix_02.out
new file mode 100644
index 0000000000000000000000000000000000000000..9603de15ec9896e57a06e9faaad1f6d51b3c5a5e
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_unix_02.out
@@ -0,0 +1,18 @@
+START
+File: testcase_unix_02.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1711214183.107:298
+Operation: connect
+Mask: send receive accept
+Denied Mask: send accept
+Profile: /home/user/test/client.py
+Peer: unconfined
+Command: server.py
+PID: 65262
+Net Addr: @test_abstract_socket
+Network family: unix
+Socket type: stream
+Protocol: ip
+Class: net
+Epoch: 1711214183
+Audit subid: 298
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_unix_02.profile b/libraries/libapparmor/testsuite/test_multi/testcase_unix_02.profile
new file mode 100644
index 0000000000000000000000000000000000000000..600d067a10d161b57342dfec9187657e5dbd5b15
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_unix_02.profile
@@ -0,0 +1,4 @@
+/home/user/test/client.py {
+ unix (accept, send) type=stream addr=@test_abstract_socket,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_unix_03.err b/libraries/libapparmor/testsuite/test_multi/testcase_unix_03.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_unix_03.in b/libraries/libapparmor/testsuite/test_multi/testcase_unix_03.in
new file mode 100644
index 0000000000000000000000000000000000000000..7a52d0730df1e6a3ddbd6a0d292e11fb0f4df302
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_unix_03.in
@@ -0,0 +1 @@
+type=AVC msg=audit(1711214069.931:292): apparmor="DENIED" operation="bind" class="net" profile="/home/user/test/client.py" pid=64952 comm="client.py" family="unix" sock_type="stream" protocol=0 requested="bind" denied="bind" addr="@test_abstract_socket"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_unix_03.out b/libraries/libapparmor/testsuite/test_multi/testcase_unix_03.out
new file mode 100644
index 0000000000000000000000000000000000000000..646074118190200ff971d937c6e6c2e26a09163a
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_unix_03.out
@@ -0,0 +1,17 @@
+START
+File: testcase_unix_03.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1711214069.931:292
+Operation: bind
+Mask: bind
+Denied Mask: bind
+Profile: /home/user/test/client.py
+Command: client.py
+PID: 64952
+Net Addr: @test_abstract_socket
+Network family: unix
+Socket type: stream
+Protocol: ip
+Class: net
+Epoch: 1711214069
+Audit subid: 292
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_unix_03.profile b/libraries/libapparmor/testsuite/test_multi/testcase_unix_03.profile
new file mode 100644
index 0000000000000000000000000000000000000000..c02eab6a6958d38f20963581a969088c77c89a73
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_unix_03.profile
@@ -0,0 +1,4 @@
+/home/user/test/client.py {
+ unix (bind) type=stream addr=@test_abstract_socket,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_userns_01.err b/libraries/libapparmor/testsuite/test_multi/testcase_userns_01.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_userns_01.in b/libraries/libapparmor/testsuite/test_multi/testcase_userns_01.in
new file mode 100644
index 0000000000000000000000000000000000000000..a574fb0d0fa448d9c13470b3e04191284ce283fe
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_userns_01.in
@@ -0,0 +1 @@
+[ 176.385388] audit: type=1400 audit(1666891380.570:78): apparmor="DENIED" operation="userns_create" class="namespace" profile="/usr/bin/userns_child_exec" pid=1785 comm="userns_child_ex" requested="userns_create" denied="userns_create"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_userns_01.out b/libraries/libapparmor/testsuite/test_multi/testcase_userns_01.out
new file mode 100644
index 0000000000000000000000000000000000000000..3f43436262862c0813ef80d26836dc21a4fd591d
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_userns_01.out
@@ -0,0 +1,13 @@
+START
+File: testcase_userns_01.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1666891380.570:78
+Operation: userns_create
+Mask: userns_create
+Denied Mask: userns_create
+Profile: /usr/bin/userns_child_exec
+Command: userns_child_ex
+PID: 1785
+Class: namespace
+Epoch: 1666891380
+Audit subid: 78
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_userns_01.profile b/libraries/libapparmor/testsuite/test_multi/testcase_userns_01.profile
new file mode 100644
index 0000000000000000000000000000000000000000..6b774549c7f4894b0273df6b188b993c8f0165d1
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_userns_01.profile
@@ -0,0 +1,4 @@
+/usr/bin/userns_child_exec {
+ userns create,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_userns_02.err b/libraries/libapparmor/testsuite/test_multi/testcase_userns_02.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_userns_02.in b/libraries/libapparmor/testsuite/test_multi/testcase_userns_02.in
new file mode 100644
index 0000000000000000000000000000000000000000..b82ddf0696de403d8dc2e2de119ab926d1927675
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_userns_02.in
@@ -0,0 +1 @@
+[ 429.272003] audit: type=1400 audit(1720613712.153:168): apparmor="AUDIT" operation="userns_create" class="namespace" info="Userns create - transitioning profile" profile="unconfined" pid=5630 comm="unshare" requested="userns_create" target="unprivileged_userns" execpath="/usr/bin/unshare"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_userns_02.out b/libraries/libapparmor/testsuite/test_multi/testcase_userns_02.out
new file mode 100644
index 0000000000000000000000000000000000000000..bbc0c4952a5ab186c01b8ff9fbd4f04015b767ff
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_userns_02.out
@@ -0,0 +1,15 @@
+START
+File: testcase_userns_02.in
+Event type: AA_RECORD_AUDIT
+Audit ID: 1720613712.153:168
+Operation: userns_create
+Mask: userns_create
+Profile: unconfined
+Command: unshare
+Name2: unprivileged_userns
+Info: Userns create - transitioning profile
+PID: 5630
+Execpath: /usr/bin/unshare
+Class: namespace
+Epoch: 1720613712
+Audit subid: 168
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_userns_02.profile b/libraries/libapparmor/testsuite/test_multi/testcase_userns_02.profile
new file mode 100644
index 0000000000000000000000000000000000000000..bce7a9cee4683bf64f7cbe7e2622cf0530ba3f2e
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_userns_02.profile
@@ -0,0 +1,4 @@
+/usr/bin/unshare {
+ audit userns create,
+
+}
diff --git a/libraries/libapparmor/ylwrap b/libraries/libapparmor/ylwrap
deleted file mode 100755
index e8ec109fa26c0306dc1e234b84998b5ab4b460ca..0000000000000000000000000000000000000000
--- a/libraries/libapparmor/ylwrap
+++ /dev/null
@@ -1,247 +0,0 @@
-#! /bin/sh
-# ylwrap - wrapper for lex/yacc invocations.
-
-scriptversion=2018-03-07.03; # UTC
-
-# Copyright (C) 1996-2021 Free Software Foundation, Inc.
-#
-# Written by Tom Tromey <tromey@cygnus.com>.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# This file is maintained in Automake, please report
-# bugs to <bug-automake@gnu.org> or send patches to
-# <automake-patches@gnu.org>.
-
-get_dirname ()
-{
- case $1 in
- */*|*\\*) printf '%s\n' "$1" | sed -e 's|\([\\/]\)[^\\/]*$|\1|';;
- # Otherwise, we want the empty string (not ".").
- esac
-}
-
-# guard FILE
-# ----------
-# The CPP macro used to guard inclusion of FILE.
-guard ()
-{
- printf '%s\n' "$1" \
- | sed \
- -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/' \
- -e 's/[^ABCDEFGHIJKLMNOPQRSTUVWXYZ]/_/g' \
- -e 's/__*/_/g'
-}
-
-# quote_for_sed [STRING]
-# ----------------------
-# Return STRING (or stdin) quoted to be used as a sed pattern.
-quote_for_sed ()
-{
- case $# in
- 0) cat;;
- 1) printf '%s\n' "$1";;
- esac \
- | sed -e 's|[][\\.*]|\\&|g'
-}
-
-case "$1" in
- '')
- echo "$0: No files given. Try '$0 --help' for more information." 1>&2
- exit 1
- ;;
- --basedir)
- basedir=$2
- shift 2
- ;;
- -h|--h*)
- cat <<\EOF
-Usage: ylwrap [--help|--version] INPUT [OUTPUT DESIRED]... -- PROGRAM [ARGS]...
-
-Wrapper for lex/yacc invocations, renaming files as desired.
-
- INPUT is the input file
- OUTPUT is one file PROG generates
- DESIRED is the file we actually want instead of OUTPUT
- PROGRAM is program to run
- ARGS are passed to PROG
-
-Any number of OUTPUT,DESIRED pairs may be used.
-
-Report bugs to <bug-automake@gnu.org>.
-EOF
- exit $?
- ;;
- -v|--v*)
- echo "ylwrap $scriptversion"
- exit $?
- ;;
-esac
-
-
-# The input.
-input=$1
-shift
-# We'll later need for a correct munging of "#line" directives.
-input_sub_rx=`get_dirname "$input" | quote_for_sed`
-case $input in
- [\\/]* | ?:[\\/]*)
- # Absolute path; do nothing.
- ;;
- *)
- # Relative path. Make it absolute.
- input=`pwd`/$input
- ;;
-esac
-input_rx=`get_dirname "$input" | quote_for_sed`
-
-# Since DOS filename conventions don't allow two dots,
-# the DOS version of Bison writes out y_tab.c instead of y.tab.c
-# and y_tab.h instead of y.tab.h. Test to see if this is the case.
-y_tab_nodot=false
-if test -f y_tab.c || test -f y_tab.h; then
- y_tab_nodot=true
-fi
-
-# The parser itself, the first file, is the destination of the .y.c
-# rule in the Makefile.
-parser=$1
-
-# A sed program to s/FROM/TO/g for all the FROM/TO so that, for
-# instance, we rename #include "y.tab.h" into #include "parse.h"
-# during the conversion from y.tab.c to parse.c.
-sed_fix_filenames=
-
-# Also rename header guards, as Bison 2.7 for instance uses its header
-# guard in its implementation file.
-sed_fix_header_guards=
-
-while test $# -ne 0; do
- if test x"$1" = x"--"; then
- shift
- break
- fi
- from=$1
- # Handle y_tab.c and y_tab.h output by DOS
- if $y_tab_nodot; then
- case $from in
- "y.tab.c") from=y_tab.c;;
- "y.tab.h") from=y_tab.h;;
- esac
- fi
- shift
- to=$1
- shift
- sed_fix_filenames="${sed_fix_filenames}s|"`quote_for_sed "$from"`"|$to|g;"
- sed_fix_header_guards="${sed_fix_header_guards}s|"`guard "$from"`"|"`guard "$to"`"|g;"
-done
-
-# The program to run.
-prog=$1
-shift
-# Make any relative path in $prog absolute.
-case $prog in
- [\\/]* | ?:[\\/]*) ;;
- *[\\/]*) prog=`pwd`/$prog ;;
-esac
-
-dirname=ylwrap$$
-do_exit="cd '`pwd`' && rm -rf $dirname > /dev/null 2>&1;"' (exit $ret); exit $ret'
-trap "ret=129; $do_exit" 1
-trap "ret=130; $do_exit" 2
-trap "ret=141; $do_exit" 13
-trap "ret=143; $do_exit" 15
-mkdir $dirname || exit 1
-
-cd $dirname
-
-case $# in
- 0) "$prog" "$input" ;;
- *) "$prog" "$@" "$input" ;;
-esac
-ret=$?
-
-if test $ret -eq 0; then
- for from in *
- do
- to=`printf '%s\n' "$from" | sed "$sed_fix_filenames"`
- if test -f "$from"; then
- # If $2 is an absolute path name, then just use that,
- # otherwise prepend '../'.
- case $to in
- [\\/]* | ?:[\\/]*) target=$to;;
- *) target=../$to;;
- esac
-
- # Do not overwrite unchanged header files to avoid useless
- # recompilations. Always update the parser itself: it is the
- # destination of the .y.c rule in the Makefile. Divert the
- # output of all other files to a temporary file so we can
- # compare them to existing versions.
- if test $from != $parser; then
- realtarget=$target
- target=tmp-`printf '%s\n' "$target" | sed 's|.*[\\/]||g'`
- fi
-
- # Munge "#line" or "#" directives. Don't let the resulting
- # debug information point at an absolute srcdir. Use the real
- # output file name, not yy.lex.c for instance. Adjust the
- # include guards too.
- sed -e "/^#/!b" \
- -e "s|$input_rx|$input_sub_rx|" \
- -e "$sed_fix_filenames" \
- -e "$sed_fix_header_guards" \
- "$from" >"$target" || ret=$?
-
- # Check whether files must be updated.
- if test "$from" != "$parser"; then
- if test -f "$realtarget" && cmp -s "$realtarget" "$target"; then
- echo "$to is unchanged"
- rm -f "$target"
- else
- echo "updating $to"
- mv -f "$target" "$realtarget"
- fi
- fi
- else
- # A missing file is only an error for the parser. This is a
- # blatant hack to let us support using "yacc -d". If -d is not
- # specified, don't fail when the header file is "missing".
- if test "$from" = "$parser"; then
- ret=1
- fi
- fi
- done
-fi
-
-# Remove the directory.
-cd ..
-rm -rf $dirname
-
-exit $ret
-
-# Local Variables:
-# mode: shell-script
-# sh-indentation: 2
-# eval: (add-hook 'before-save-hook 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC0"
-# time-stamp-end: "; # UTC"
-# End:
diff --git a/parser/Makefile b/parser/Makefile
index c39ed309f06295b5945b80605c94788b95ad19ee..57a699d1c5be5f79e1a57b2d3640c57011ebb88c 100644
--- a/parser/Makefile
+++ b/parser/Makefile
@@ -38,7 +38,7 @@ MANPAGES=apparmor.d.5 apparmor.7 apparmor_parser.8 aa-teardown.8 apparmor_xattrs
# parse.error=verbose supported from 3.0 so just test on that
# TODO move to autoconf
BISON_MAJOR:=$(shell bison --version | awk '/^bison/ { print ($$NF) }' | awk -F. '{print $$1 }')
-USE_PARSE_ERROR:=$(shell test ${BISON_MAJOR} -ge 3 && echo true)
+USE_PARSE_ERROR:=$(shell test "${BISON_MAJOR}" -ge 3 && echo true)
YACC := bison
YFLAGS := -d
@@ -70,7 +70,10 @@ CFLAGS = -g -pg -fprofile-arcs -ftest-coverage
endif
endif #CFLAGS
-CFLAGS += -flto-partition=none
+HAVE_FLTO_PARTITION_NONE:=$(shell ${CC} -E -flto-partition=none /dev/null 1>/dev/null 2>&1 && echo true)
+ifeq ($(HAVE_FLTO_PARTITION_NONE),true)
+ CFLAGS += -flto-partition=none
+endif
EXTRA_CXXFLAGS = ${CFLAGS} ${CPPFLAGS} ${CXX_WARNINGS} -std=gnu++0x
EXTRA_CFLAGS = ${EXTRA_CXXFLAGS} ${CPP_WARNINGS}
@@ -99,12 +102,21 @@ EXTRA_CFLAGS+=-DPACKAGE=\"${NAME}\" -DLOCALEDIR=\"${LOCALEDIR}\"
SRCS = parser_common.c parser_include.c parser_interface.c parser_lex.c \
parser_main.c parser_misc.c parser_merge.c parser_symtab.c \
parser_yacc.c parser_regex.c parser_variable.c parser_policy.c \
- parser_alias.c common_optarg.c lib.c network.c \
+ parser_alias.c common_optarg.c lib.c network.cc \
mount.cc dbus.cc profile.cc rule.cc signal.cc ptrace.cc \
- af_rule.cc af_unix.cc policy_cache.c default_features.c
-HDRS = parser.h parser_include.h immunix.h mount.h dbus.h lib.h profile.h \
- rule.h common_optarg.h signal.h ptrace.h network.h af_rule.h af_unix.h \
- policy_cache.h file_cache.h
+ af_rule.cc af_unix.cc policy_cache.c default_features.c userns.cc \
+ mqueue.cc io_uring.cc all_rule.cc cond_expr.cc
+STATIC_HDRS = af_rule.h af_unix.h capability.h common_optarg.h dbus.h \
+ file_cache.h immunix.h lib.h mount.h network.h parser.h \
+ parser_include.h parser_version.h policy_cache.h policydb.h \
+ profile.h ptrace.h rule.h signal.h userns.h mqueue.h io_uring.h \
+ common_flags.h bignum.h all_rule.h cond_expr.h
+
+SPECIAL_HDRS = parser_yacc.h unit_test.h base_cap_names.h
+GENERATED_HDRS = af_names.h generated_af_names.h \
+ cap_names.h generated_cap_names.h parser_version.h errnos.h
+LIBAA_HDRS = libapparmor_re/apparmor_re.h libapparmor_re/aare_rules.h
+
TOOLS = apparmor_parser
OBJECTS = $(patsubst %.cc, %.o, $(SRCS:.c=.o))
@@ -166,8 +178,11 @@ else
endif
export Q VERBOSE BUILD_OUTPUT
-po/${NAME}.pot: ${SRCS} ${HDRS}
- $(MAKE) -C po ${NAME}.pot NAME=${NAME} SOURCES="${SRCS} ${HDRS}"
+HDRS=$(STATIC_HDRS) $(GENERATED_HDRS) parser_yacc.h $(LIBAA_HDRS) $(APPARMOR_H)
+
+
+po/${NAME}.pot: ${SRCS} ${STATIC_HDRS}
+ $(MAKE) -C po ${NAME}.pot NAME=${NAME} SOURCES="${SRCS} ${STATIC_HDRS}"
techdoc.pdf: techdoc.tex
timestamp=$(shell date --utc "+%Y%m%d%H%M%S%z" -r $< );\
@@ -217,88 +232,103 @@ apparmor_parser: $(OBJECTS) $(AAREOBJECTS) $(LIBAPPARMOR_A)
$(CXX) $(LDFLAGS) $(EXTRA_CFLAGS) -o $@ $(OBJECTS) $(LIBS) \
${LEXLIB} $(AAREOBJECTS) $(AARE_LDFLAGS) $(AALIB)
-parser_yacc.c parser_yacc.h: parser_yacc.y parser.h profile.h file_cache.h
+parser_yacc.c parser_yacc.h: parser_yacc.y $(STATIC_HDRS) $(DYNAMIC_HDRS)
$(YACC) $(YFLAGS) -o parser_yacc.c parser_yacc.y
-parser_lex.c: parser_lex.l parser_yacc.h parser.h profile.h mount.h dbus.h policy_cache.h file_cache.h
+parser_lex.c: parser_lex.l $(HDRS)
$(LEX) ${LEXFLAGS} -o$@ $<
-parser_lex.o: parser_lex.c parser.h parser_yacc.h
+parser_lex.o: parser_lex.c $(HDRS)
+ $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
+
+parser_misc.o: parser_misc.c $(HDRS) unit_test.h
+ $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
+
+parser_yacc.o: parser_yacc.c $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_misc.o: parser_misc.c parser.h parser_yacc.h profile.h cap_names.h $(APPARMOR_H)
+parser_main.o: parser_main.c $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_yacc.o: parser_yacc.c parser_yacc.h $(APPARMOR_H)
+parser_interface.o: parser_interface.c $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_main.o: parser_main.c parser.h parser_version.h policy_cache.h file_cache.h libapparmor_re/apparmor_re.h $(APPARMOR_H)
+parser_include.o: parser_include.c $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_interface.o: parser_interface.c parser.h profile.h libapparmor_re/apparmor_re.h
+parser_merge.o: parser_merge.c $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_include.o: parser_include.c parser.h parser_include.h file_cache.h
+parser_regex.o: parser_regex.c $(HDRS) unit_test.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_merge.o: parser_merge.c parser.h profile.h
+parser_symtab.o: parser_symtab.c $(HDRS) unit_test.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_regex.o: parser_regex.c parser.h profile.h libapparmor_re/apparmor_re.h libapparmor_re/aare_rules.h $(APPARMOR_H)
+parser_variable.o: parser_variable.c $(HDRS) unit_test.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_symtab.o: parser_symtab.c parser.h
+parser_policy.o: parser_policy.c $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_variable.o: parser_variable.c parser.h profile.h
+parser_alias.o: parser_alias.c $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_policy.o: parser_policy.c parser.h parser_yacc.h profile.h
+parser_common.o: parser_common.c $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_alias.o: parser_alias.c parser.h profile.h
+mount.o: mount.cc mount.h $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_common.o: parser_common.c parser.h file_cache.h
+common_optarg.o: common_optarg.c $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-mount.o: mount.cc mount.h parser.h immunix.h rule.h
+policy_cache.o: policy_cache.c $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-common_optarg.o: common_optarg.c common_optarg.h parser.h libapparmor_re/apparmor_re.h
+lib.o: lib.c $(HDRS) unit_test.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-policy_cache.o: policy_cache.c policy_cache.h parser.h lib.h
+dbus.o: dbus.cc $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-lib.o: lib.c lib.h parser.h
+signal.o: signal.cc $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-dbus.o: dbus.cc dbus.h parser.h immunix.h parser_yacc.h rule.h $(APPARMOR_H)
+ptrace.o: ptrace.cc $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-signal.o: signal.cc signal.h parser.h immunix.h parser_yacc.h rule.h $(APPARMOR_H)
+network.o: network.cc $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-ptrace.o: ptrace.cc ptrace.h parser.h immunix.h parser_yacc.h rule.h $(APPARMOR_H)
+default_features.o: default_features.c $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-network.o: network.c network.h parser.h immunix.h parser_yacc.h rule.h af_names.h $(APPARMOR_H)
+af_rule.o: af_rule.cc $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-default_features.o: default_features.c parser.h
+af_unix.o: af_unix.cc $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-af_rule.o: af_rule.cc af_rule.h network.h parser.h profile.h immunix.h parser_yacc.h rule.h $(APPARMOR_H)
+profile.o: profile.cc $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-af_unix.o: af_unix.cc af_unix.h network.h af_rule.h parser.h profile.h immunix.h parser_yacc.h $(APPARMOR_H)
+rule.o: rule.cc $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-profile.o: profile.cc profile.h parser.h network.h
+userns.o: userns.cc $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-rule.o: rule.cc rule.h policydb.h
+mqueue.o: mqueue.cc $(HDRS)
+ $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
+
+io_uring.o: io_uring.cc $(HDRS)
+ $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
+
+all_rule.o: all_rule.cc $(HDRS)
+ $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
+
+cond_expr.o: cond_expr.cc $(HDRS)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_version.h: Makefile
@@ -313,7 +343,7 @@ generated_af_names.h: ../common/list_af_names.sh
../common/list_af_names.sh > $@
af_names.h: generated_af_names.h base_af_names.h
- cat base_af_names.h | diff -u - generated_af_names.h | grep -v '^.AF_MAX' | grep '^\+[^+]' ; \
+ @cat base_af_names.h | diff -u - generated_af_names.h | grep -v '^.AF_MAX' | grep '^\+[^+]' ; \
if [ $$? -eq 1 ] ; then \
cat base_af_names.h | LC_ALL=C sed -n -e 's/[ \t]\?AF_MAX[ \t]\+[0-9]\+,//g' -e 's/[ \t]\+\?AF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\),/#ifndef AF_\1\n# define AF_\1 \2\n#endif\nAA_GEN_NET_ENT("\L\1", \UAF_\1)\n/pg' > $@ ; \
cat base_af_names.h | LC_ALL=C sed -n -e 's/AF_MAX[ \t]\+\([0-9]\+\),\?.*/\n#define AA_AF_MAX \1\n/p' >> $@ ; \
@@ -335,11 +365,19 @@ cap_names.h: generated_cap_names.h base_cap_names.h
exit 1; \
fi
+.PHONY: tst_binaries
+tst_binaries: $(TESTS)
+
tst_lib: lib.c parser.h $(filter-out lib.o, ${TEST_OBJECTS})
$(CXX) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), ${TEST_OBJECTS}) $(TEST_LDFLAGS) $(TEST_LDLIBS)
tst_%: parser_%.c parser.h $(filter-out parser_%.o, ${TEST_OBJECTS})
$(CXX) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), ${TEST_OBJECTS}) $(TEST_LDFLAGS) $(TEST_LDLIBS)
+errnos.h:
+ echo '#include <errno.h>' > dump.c
+ $(CC) -E -dD dump.c | awk '/^#define E/ { printf "{ \"%s\", %s },\n", $$2, $$2 }' > errnos.h
+ rm -f dump.c
+
.SILENT: check
.PHONY: check
check: check_pod_files tests
@@ -413,7 +451,6 @@ install-arch: $(INSTALLDEPS)
install-indep: indep
install -m 755 -d $(INSTALL_CONFDIR)
install -m 644 parser.conf $(INSTALL_CONFDIR)
- install -m 755 -d ${DESTDIR}/var/lib/apparmor
install -m 755 -d $(APPARMOR_BIN_PREFIX)
install -m 755 rc.apparmor.functions $(APPARMOR_BIN_PREFIX)
install -m 755 profile-load $(APPARMOR_BIN_PREFIX)
@@ -438,10 +475,8 @@ clean: pod_clean
rm -f $(TOOLS) $(TESTS)
rm -f $(LEX_C_FILES)
rm -f $(YACC_C_FILES)
- rm -f parser_version.h
rm -f $(NAME)*.tar.gz $(NAME)*.tgz
- rm -f af_names.h generated_af_names.h
- rm -f cap_names.h generated_cap_names.h
+ rm -f $(GENERATED_HDRS)
rm -rf techdoc.aux techdoc.out techdoc.log techdoc.pdf techdoc.toc techdoc.txt techdoc/
$(MAKE) -s -C $(AAREDIR) clean
$(MAKE) -s -C po clean
diff --git a/parser/aa-teardown.8 b/parser/aa-teardown.8
deleted file mode 100644
index 6f375619e38e7e8681d72d3d6cf3d51e4ce70c18..0000000000000000000000000000000000000000
--- a/parser/aa-teardown.8
+++ /dev/null
@@ -1,155 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-TEARDOWN 8"
-.TH AA-TEARDOWN 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-teardown \- unload all AppArmor profiles
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-teardown\fR
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-aa-teardown unloads all AppArmor profiles
-.SH "BUGS"
-.IX Header "BUGS"
-If you find any bugs, please report them at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), and <https://wiki.apparmor.net>.
diff --git a/parser/aa-teardown.8.html b/parser/aa-teardown.8.html
deleted file mode 100644
index 6e3847bdc80f7532649f86ce462722441799e872..0000000000000000000000000000000000000000
--- a/parser/aa-teardown.8.html
+++ /dev/null
@@ -1,58 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>aa-teardown - unload all AppArmor profiles</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-teardown - unload all AppArmor profiles</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>aa-teardown - unload all AppArmor profiles</p>
-
-<h1 id="SYNOPSIS">SYNOPSIS</h1>
-
-<p><b>aa-teardown</b></p>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p>aa-teardown unloads all AppArmor profiles</p>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7), apparmor.d(5), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-teardown - unload all AppArmor profiles</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/parser/af_rule.cc b/parser/af_rule.cc
index dc86c590ba15f34c359d5a58c42dc5513e670ebb..e384d95f04a247fc4015725057906d96cf9d90d3 100644
--- a/parser/af_rule.cc
+++ b/parser/af_rule.cc
@@ -90,43 +90,34 @@ int af_rule::move_base_cond(struct cond_entry *ent, bool peer)
return true;
}
-ostream &af_rule::dump_prefix(ostream &os)
-{
- if (audit)
- os << "audit ";
- if (deny)
- os << "deny ";
- return os;
-}
-
ostream &af_rule::dump_local(ostream &os)
{
- if (mode != AA_VALID_NET_PERMS) {
+ if (perms != AA_VALID_NET_PERMS) {
os << " (";
- if (mode & AA_NET_SEND)
+ if (perms & AA_NET_SEND)
os << "send ";
- if (mode & AA_NET_RECEIVE)
+ if (perms & AA_NET_RECEIVE)
os << "receive ";
- if (mode & AA_NET_CREATE)
+ if (perms & AA_NET_CREATE)
os << "create ";
- if (mode & AA_NET_SHUTDOWN)
+ if (perms & AA_NET_SHUTDOWN)
os << "shutdown ";
- if (mode & AA_NET_CONNECT)
+ if (perms & AA_NET_CONNECT)
os << "connect ";
- if (mode & AA_NET_SETATTR)
+ if (perms & AA_NET_SETATTR)
os << "setattr ";
- if (mode & AA_NET_GETATTR)
+ if (perms & AA_NET_GETATTR)
os << "getattr ";
- if (mode & AA_NET_BIND)
+ if (perms & AA_NET_BIND)
os << "bind ";
- if (mode & AA_NET_ACCEPT)
+ if (perms & AA_NET_ACCEPT)
os << "accept ";
- if (mode & AA_NET_LISTEN)
+ if (perms & AA_NET_LISTEN)
os << "listen ";
- if (mode & AA_NET_SETOPT)
+ if (perms & AA_NET_SETOPT)
os << "setopt ";
- if (mode & AA_NET_GETOPT)
+ if (perms & AA_NET_GETOPT)
os << "getopt ";
os << ")";
}
@@ -148,8 +139,8 @@ ostream &af_rule::dump_peer(ostream &os)
ostream &af_rule::dump(ostream &os)
{
- dump_prefix(os);
- os << af_name;
+ prefix_rule_t::dump(os);
+ os << af_name();
dump_local(os);
if (has_peer_conds()) {
os << " peer=(";
diff --git a/parser/af_rule.h b/parser/af_rule.h
index ef40805503ec494f49f226e2dbeffd82804efba2..bc06e6193b5ed922cc62f6485a24fb6558e9d1c8 100644
--- a/parser/af_rule.h
+++ b/parser/af_rule.h
@@ -25,6 +25,8 @@
#include "rule.h"
+#define AF_ANY -1
+
enum cond_side { local_cond, peer_cond, either_cond };
struct supported_cond {
@@ -35,23 +37,21 @@ struct supported_cond {
enum cond_side side ;
};
-class af_rule: public rule_t {
+class af_rule: public perms_rule_t {
public:
- std::string af_name;
+ int af;
char *sock_type;
int sock_type_n;
char *proto;
int proto_n;
char *label;
char *peer_label;
- int mode;
- int audit;
- bool deny;
- af_rule(const char *name): af_name(name), sock_type(NULL),
+ af_rule(int f):
+ perms_rule_t(AA_CLASS_NET),
+ af(f), sock_type(NULL),
sock_type_n(-1), proto(NULL), proto_n(0), label(NULL),
- peer_label(NULL), mode(0), audit(0), deny(0)
- {}
+ peer_label(NULL) { }
virtual ~af_rule()
{
@@ -61,18 +61,50 @@ public:
free(peer_label);
};
+ const char *af_name(void) {
+ if (af != AF_ANY)
+ return net_find_af_name(af);
+ return "*";
+ }
bool cond_check(struct supported_cond *cond, struct cond_entry *ent,
bool peer, const char *rname);
int move_base_cond(struct cond_entry *conds, bool peer);
virtual bool has_peer_conds(void) { return peer_label ? true : false; }
- virtual ostream &dump_prefix(ostream &os);
virtual ostream &dump_local(ostream &os);
virtual ostream &dump_peer(ostream &os);
virtual ostream &dump(ostream &os);
virtual int expand_variables(void);
virtual int gen_policy_re(Profile &prof) = 0;
- virtual void post_process(Profile &prof unused) { };
+
+ virtual bool is_mergeable(void) { return true; }
+ virtual int cmp(rule_t const &rhs) const
+ {
+ int res = perms_rule_t::cmp(rhs);
+ if (res)
+ return res;
+ af_rule const &trhs = (rule_cast<af_rule const &>(rhs));
+ res = af - trhs.af;
+ if (res)
+ return res;
+ res = sock_type_n - trhs.sock_type_n;
+ if (res)
+ return res;
+ res = proto_n - trhs.proto_n;
+ if (res)
+ return res;
+ res = null_strcmp(sock_type, trhs.sock_type);
+ if (res)
+ return res;
+ res = null_strcmp(proto, trhs.proto);
+ if (res)
+ return res;
+ res = null_strcmp(label, trhs.label);
+ if (res)
+ return res;
+ return null_strcmp(peer_label, trhs.peer_label);
+ };
+
};
#endif /* __AA_AF_RULE_H */
diff --git a/parser/af_unix.cc b/parser/af_unix.cc
index db3aa08ca736eff4a4e457b679c75e8a41115757..f9b977a4939227b97eec41d7fa69f2ce57160c0a 100644
--- a/parser/af_unix.cc
+++ b/parser/af_unix.cc
@@ -24,6 +24,7 @@
#include <string>
#include <sstream>
+#include "common_optarg.h"
#include "network.h"
#include "parser.h"
#include "profile.h"
@@ -32,9 +33,9 @@
/* See unix(7) for autobind address definition */
#define autobind_address_pattern "\\x00[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]";
-int parse_unix_mode(const char *str_mode, int *mode, int fail)
+int parse_unix_perms(const char *str_perms, perm32_t *perms, int fail)
{
- return parse_X_mode("unix", AA_VALID_NET_PERMS, str_mode, mode, fail);
+ return parse_X_perms("unix", AA_VALID_NET_PERMS, str_perms, perms, fail);
}
@@ -95,8 +96,8 @@ void unix_rule::move_peer_conditionals(struct cond_entry *conds)
}
}
-unix_rule::unix_rule(unsigned int type_p, bool audit_p, bool denied):
- af_rule("unix"), addr(NULL), peer_addr(NULL)
+unix_rule::unix_rule(unsigned int type_p, audit_t audit_p, rule_mode_t rule_mode_p):
+ af_rule(AF_UNIX), addr(NULL), peer_addr(NULL)
{
if (type_p != 0xffffffff) {
sock_type_n = type_p;
@@ -104,26 +105,29 @@ unix_rule::unix_rule(unsigned int type_p, bool audit_p, bool denied):
if (!sock_type)
yyerror("socket rule: invalid socket type '%d'", type_p);
}
- mode = AA_VALID_NET_PERMS;
- audit = audit_p ? AA_VALID_NET_PERMS : 0;
- deny = denied;
+ perms = AA_VALID_NET_PERMS;
+ audit = audit_p;
+ rule_mode = rule_mode_p;
+ /* if this constructor is used, then there's already a
+ * downgraded network_rule in profile */
+ downgrade = false;
}
-unix_rule::unix_rule(int mode_p, struct cond_entry *conds,
+unix_rule::unix_rule(perm32_t perms_p, struct cond_entry *conds,
struct cond_entry *peer_conds):
- af_rule("unix"), addr(NULL), peer_addr(NULL)
+ af_rule(AF_UNIX), addr(NULL), peer_addr(NULL)
{
move_conditionals(conds);
move_peer_conditionals(peer_conds);
- if (mode_p) {
- mode = mode_p;
- if (mode & ~AA_VALID_NET_PERMS)
- yyerror("mode contains invalid permissions for unix socket rules\n");
- else if ((mode & ~AA_PEER_NET_PERMS) && has_peer_conds())
+ if (perms_p) {
+ perms = perms_p;
+ if (perms & ~AA_VALID_NET_PERMS)
+ yyerror("perms contains invalid permissions for unix socket rules\n");
+ else if ((perms & ~AA_PEER_NET_PERMS) && has_peer_conds())
yyerror("unix socket 'create', 'shutdown', 'setattr', 'getattr', 'bind', 'listen', 'setopt', and/or 'getopt' accesses cannot be used with peer socket conditionals\n");
} else {
- mode = AA_VALID_NET_PERMS;
+ perms = AA_VALID_NET_PERMS;
}
free_cond_list(conds);
@@ -187,23 +191,28 @@ static void writeu16(std::ostringstream &o, int v)
#define CMD_OPT 4
void unix_rule::downgrade_rule(Profile &prof) {
- unsigned int mask = (unsigned int) -1;
+ perm32_t mask = (perm32_t) -1;
- if (!prof.net.allow && !prof.alloc_net_table())
+ if (!prof.net.allow && !prof.net.alloc_net_table())
yyerror(_("Memory allocation error."));
if (sock_type_n != -1)
mask = 1 << sock_type_n;
- if (!deny) {
+ if (rule_mode != RULE_DENY) {
prof.net.allow[AF_UNIX] |= mask;
- if (audit)
+ if (audit == AUDIT_FORCE)
prof.net.audit[AF_UNIX] |= mask;
+ const char *error;
+ network_rule *netv8 = new network_rule(perms, AF_UNIX, sock_type_n);
+ if(!netv8->add_prefix({0, audit, rule_mode, owner}, error))
+ yyerror(error);
+ prof.rule_ents.push_back(netv8);
} else {
/* deny rules have to be dropped because the downgrade makes
* the rule less specific meaning it will make the profile more
* restrictive and may end up denying accesses that might be
* allowed by the profile.
*/
- if (warnflags & WARN_RULE_NOT_ENFORCED)
+ if (parseopts.warn & WARN_RULE_NOT_ENFORCED)
rule_t::warn_once(prof.name, "deny unix socket rule not enforced, can't be downgraded to generic network rule\n");
}
}
@@ -309,19 +318,20 @@ int unix_rule::gen_policy_re(Profile &prof)
std::ostringstream buffer;
std::string buf;
- int mask = mode;
+ perm32_t mask = perms;
/* always generate a downgraded rule. This doesn't change generated
* policy size and allows the binary policy to be loaded against
* older kernels and be enforced to the best of the old network
* rules ability
*/
- downgrade_rule(prof);
+ if (downgrade)
+ downgrade_rule(prof);
if (!features_supports_unix) {
if (features_supports_network || features_supports_networkv8) {
/* only warn if we are building against a kernel
* that requires downgrading */
- if (warnflags & WARN_RULE_DOWNGRADED)
+ if (parseopts.warn & WARN_RULE_DOWNGRADED)
rule_t::warn_once(prof.name, "downgrading extended network unix socket rule to generic network rule\n");
/* TODO: add ability to abort instead of downgrade */
return RULE_OK;
@@ -334,10 +344,11 @@ int unix_rule::gen_policy_re(Profile &prof)
write_to_prot(buffer);
if ((mask & AA_NET_CREATE) && !has_peer_conds()) {
buf = buffer.str();
- if (!prof.policy.rules->add_rule(buf.c_str(), deny,
+ if (!prof.policy.rules->add_rule(buf.c_str(), priority,
+ rule_mode,
map_perms(AA_NET_CREATE),
- map_perms(audit & AA_NET_CREATE),
- dfaflags))
+ map_perms(audit == AUDIT_FORCE ? AA_NET_CREATE : 0),
+ parseopts))
goto fail;
mask &= ~AA_NET_CREATE;
}
@@ -359,10 +370,11 @@ int unix_rule::gen_policy_re(Profile &prof)
tmp << "\\x00";
buf = tmp.str();
- if (!prof.policy.rules->add_rule(buf.c_str(), deny,
+ if (!prof.policy.rules->add_rule(buf.c_str(), priority,
+ rule_mode,
map_perms(AA_NET_BIND),
- map_perms(audit & AA_NET_BIND),
- dfaflags))
+ map_perms(audit == AUDIT_FORCE ? AA_NET_BIND : 0),
+ parseopts))
goto fail;
/* clear if auto, else generic need to generate addr below */
if (addr)
@@ -384,10 +396,11 @@ int unix_rule::gen_policy_re(Profile &prof)
AA_LOCAL_NET_PERMS & ~AA_LOCAL_NET_CMD;
if (mask & local_mask) {
buf = buffer.str();
- if (!prof.policy.rules->add_rule(buf.c_str(), deny,
+ if (!prof.policy.rules->add_rule(buf.c_str(), priority,
+ rule_mode,
map_perms(mask & local_mask),
- map_perms(audit & local_mask),
- dfaflags))
+ map_perms(audit == AUDIT_FORCE ? mask & local_mask : 0),
+ parseopts))
goto fail;
}
@@ -398,10 +411,12 @@ int unix_rule::gen_policy_re(Profile &prof)
/* TODO: backlog conditional: for now match anything*/
tmp << "..";
buf = tmp.str();
- if (!prof.policy.rules->add_rule(buf.c_str(), deny,
+ if (!prof.policy.rules->add_rule(buf.c_str(),
+ priority,
+ rule_mode,
map_perms(AA_NET_LISTEN),
- map_perms(audit & AA_NET_LISTEN),
- dfaflags))
+ map_perms(audit == AUDIT_FORCE ? AA_NET_LISTEN : 0),
+ parseopts))
goto fail;
}
if ((mask & AA_NET_OPT) && !has_peer_conds()) {
@@ -411,10 +426,13 @@ int unix_rule::gen_policy_re(Profile &prof)
/* TODO: sockopt conditional: for now match anything */
tmp << "..";
buf = tmp.str();
- if (!prof.policy.rules->add_rule(buf.c_str(), deny,
- map_perms(mask & AA_NET_OPT),
- map_perms(audit & AA_NET_OPT),
- dfaflags))
+ if (!prof.policy.rules->add_rule(buf.c_str(),
+ priority,
+ rule_mode,
+ map_perms(mask & AA_NET_OPT),
+ map_perms(audit == AUDIT_FORCE ?
+ AA_NET_OPT : 0),
+ parseopts))
goto fail;
}
mask &= ~AA_LOCAL_NET_PERMS | AA_NET_ACCEPT;
@@ -432,7 +450,10 @@ int unix_rule::gen_policy_re(Profile &prof)
goto fail;
buf = buffer.str();
- if (!prof.policy.rules->add_rule(buf.c_str(), deny, map_perms(mode & AA_PEER_NET_PERMS), map_perms(audit), dfaflags))
+ if (!prof.policy.rules->add_rule(buf.c_str(), priority,
+ rule_mode, map_perms(perms & AA_PEER_NET_PERMS),
+ map_perms(audit == AUDIT_FORCE ? perms & AA_PEER_NET_PERMS : 0),
+ parseopts))
goto fail;
}
diff --git a/parser/af_unix.h b/parser/af_unix.h
index 2d2d70e1f24d263d40d72eb6c178fc8486c863a1..70685380c4029f14fa396584d587155015610831 100644
--- a/parser/af_unix.h
+++ b/parser/af_unix.h
@@ -24,7 +24,7 @@
#include "profile.h"
#include "af_rule.h"
-int parse_unix_mode(const char *str_mode, int *mode, int fail);
+int parse_unix_perms(const char *str_mode, perm32_t *perms, int fail);
class unix_rule: public af_rule {
void write_to_prot(std::ostringstream &buffer);
@@ -36,9 +36,10 @@ class unix_rule: public af_rule {
public:
char *addr;
char *peer_addr;
+ bool downgrade = true;
- unix_rule(unsigned int type_p, bool audit_p, bool denied);
- unix_rule(int mode, struct cond_entry *conds,
+ unix_rule(unsigned int type_p, audit_t audit_p, rule_mode_t rule_mode_p);
+ unix_rule(perm32_t perms, struct cond_entry *conds,
struct cond_entry *peer_conds);
virtual ~unix_rule()
{
@@ -46,6 +47,16 @@ public:
free(peer_addr);
};
+ virtual bool valid_prefix(const prefixes &p, const char *&error) {
+ // priority is partially supported for unix rules
+ // rules that get downgraded to just network socket
+ // won't support them but the fine grained do.
+ if (p.owner) {
+ error = "owner prefix not allowed on unix rules";
+ return false;
+ }
+ return true;
+ };
virtual bool has_peer_conds(void) {
return af_rule::has_peer_conds() || peer_addr;
}
@@ -54,7 +65,19 @@ public:
virtual ostream &dump_peer(ostream &os);
virtual int expand_variables(void);
virtual int gen_policy_re(Profile &prof);
- virtual void post_process(Profile &prof unused) { };
+
+ // inherit is_mergable() from af_rule
+ virtual int cmp(rule_t const &rhs) const
+ {
+ int res = af_rule::cmp(rhs);
+ if (res)
+ return res;
+ unix_rule const &trhs = (rule_cast<unix_rule const &>(rhs));
+ res = null_strcmp(addr, trhs.addr);
+ if (res)
+ return res;
+ return null_strcmp(peer_addr, trhs.peer_addr);
+ };
protected:
virtual void warn_once(const char *name) override;
diff --git a/parser/all_rule.cc b/parser/all_rule.cc
new file mode 100644
index 0000000000000000000000000000000000000000..503ede1171b30f956174c2f092bcaf94834beefb
--- /dev/null
+++ b/parser/all_rule.cc
@@ -0,0 +1,156 @@
+/*
+ * Copyright (c) 2023
+ * Canonical Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Canonical Ltd.
+ */
+
+#include "profile.h"
+#include "all_rule.h"
+#include "af_unix.h"
+#include "dbus.h"
+#include "io_uring.h"
+#include "mqueue.h"
+#include "ptrace.h"
+#include "signal.h"
+#include "userns.h"
+#include "mount.h"
+#include "parser.h"
+
+#include <iomanip>
+#include <string>
+#include <iostream>
+#include <sstream>
+
+
+
+void all_rule::add_implied_rules(Profile &prof)
+{
+ prefix_rule_t *rule;
+ const prefixes *prefix = this;
+
+ rule = new unix_rule(0xffffffff, audit, rule_mode);
+ (void) rule->add_prefix(*prefix);
+ prof.rule_ents.push_back(rule);
+
+ rule = new dbus_rule(0, NULL, NULL);
+ (void) rule->add_prefix(*prefix);
+ prof.rule_ents.push_back(rule);
+
+ rule = new io_uring_rule(0, NULL, NULL);
+ (void) rule->add_prefix(*prefix);
+ prof.rule_ents.push_back(rule);
+
+ rule = new mqueue_rule(0, NULL);
+ (void) rule->add_prefix(*prefix);
+ prof.rule_ents.push_back(rule);
+
+ rule = new ptrace_rule(0, NULL);
+ (void) rule->add_prefix(*prefix);
+ prof.rule_ents.push_back(rule);
+
+ rule = new signal_rule(0, NULL);
+ (void) rule->add_prefix(*prefix);
+ prof.rule_ents.push_back(rule);
+
+ rule = new userns_rule(0, NULL);
+ (void) rule->add_prefix(*prefix);
+ prof.rule_ents.push_back(rule);
+
+ rule = new mnt_rule(NULL, NULL, NULL, NULL, AA_MAY_MOUNT);
+ (void) rule->add_prefix(*prefix);
+ prof.rule_ents.push_back(rule);
+
+ rule = new mnt_rule(NULL, NULL, NULL, NULL, AA_DUMMY_REMOUNT);
+ (void) rule->add_prefix(*prefix);
+ prof.rule_ents.push_back(rule);
+
+ rule = new mnt_rule(NULL, NULL, NULL, NULL, AA_MAY_UMOUNT);
+ (void) rule->add_prefix(*prefix);
+ prof.rule_ents.push_back(rule);
+
+ rule = new mnt_rule(NULL, NULL, NULL, NULL, AA_MAY_PIVOTROOT);
+ (void) rule->add_prefix(*prefix);
+ prof.rule_ents.push_back(rule);
+
+ rule = new network_rule(0, (struct cond_entry *)NULL, (struct cond_entry *)NULL);
+ (void) rule->add_prefix(*prefix);
+ prof.rule_ents.push_back(rule);
+
+ /* rules that have not been converted to use rule.h */
+
+ //file no x
+ {
+ const char *error;
+ struct cod_entry *entry;
+ char *path = strdup("/{**,}");
+ int perms = (AA_BASE_PERMS & ~(AA_EXEC_TYPE | AA_MAY_EXEC));
+ if (rule_mode != RULE_DENY)
+ /* duplicate to other permission set */
+ perms |= perms << AA_OTHER_SHIFT;
+ if (!path)
+ yyerror(_("Memory allocation error."));
+ entry = new_entry(path, perms, NULL);
+ if (!entry_add_prefix(entry, *prefix, error)) {
+ yyerror(_("%s"), error);
+ }
+ add_entry_to_policy(&prof, entry);
+ }
+ // lower priority ix
+ {
+ const char *error;
+ struct cod_entry *entry;
+ char *path = strdup("/{**,}");
+ int perms = AA_MAY_EXEC;
+ prefixes ix_prefix;
+
+ // TODO:
+ // need a better way to make sure the prefix is intialized
+ // without a constructor or copy constructor
+ ix_prefix.priority = prefix->priority -1;
+ ix_prefix.audit = prefix->audit;
+ ix_prefix.rule_mode = prefix->rule_mode;
+ ix_prefix.owner = prefix->owner;
+
+ ix_prefix.priority -= 1;
+ if (rule_mode != RULE_DENY)
+ perms |= AA_EXEC_INHERIT;
+ /* duplicate to other permission set */
+ perms |= perms << AA_OTHER_SHIFT;
+ if (!path)
+ yyerror(_("Memory allocation error."));
+ entry = new_entry(path, perms, NULL);
+ if (!entry_add_prefix(entry, ix_prefix, error)) {
+ yyerror(_("%s"), error);
+ }
+ add_entry_to_policy(&prof, entry);
+ }
+ // caps
+ {
+ if (prefix->owner)
+ yyerror(_("owner prefix not allowed on capability rules"));
+
+ if (rule_mode == RULE_DENY && audit == AUDIT_FORCE) {
+ prof.caps.deny |= 0xffffffffffffffff;
+ } else if (rule_mode == RULE_DENY) {
+ prof.caps.deny |= 0xffffffffffffffff;
+ prof.caps.quiet |= 0xffffffffffffffff;
+ } else {
+ prof.caps.allow |= 0xffffffffffffffff;
+ if (audit != AUDIT_UNSPECIFIED)
+ prof.caps.audit |= 0xffffffffffffffff;
+ }
+ }
+
+ // TODO: rlimit
+}
diff --git a/parser/all_rule.h b/parser/all_rule.h
new file mode 100644
index 0000000000000000000000000000000000000000..eb936d52014bf1489e1ba4d655ff08cceb8c06de
--- /dev/null
+++ b/parser/all_rule.h
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2023
+ * Canonical Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Canonical Ltd.
+ */
+
+#ifndef __AA_ALL_H
+#define __AA_ALL_H
+
+#include "rule.h"
+
+#define AA_IO_URING_OVERRIDE_CREDS AA_MAY_APPEND
+#define AA_IO_URING_SQPOLL AA_MAY_CREATE
+
+#define AA_VALID_IO_URING_PERMS (AA_IO_URING_OVERRIDE_CREDS | \
+ AA_IO_URING_SQPOLL)
+
+class all_rule: public prefix_rule_t {
+ void move_conditionals(struct cond_entry *conds);
+public:
+ all_rule(void): prefix_rule_t(RULE_TYPE_ALL) { }
+
+ virtual bool valid_prefix(const prefixes &p, const char *&error) {
+ if (p.priority != 0) {
+ error = _("priority prefix not allowed on all rules");
+ return false;
+ }
+ if (p.owner) {
+ error = _("owner prefix not allowed on all rules");
+ return false;
+ }
+ return true;
+ };
+
+ int expand_variables(void)
+ {
+ return 0;
+ }
+ virtual ostream &dump(ostream &os) {
+ prefix_rule_t::dump(os);
+
+ os << "all";
+
+ return os;
+ }
+ virtual bool is_mergeable(void) { return true; }
+ virtual int cmp(rule_t const &rhs) const
+ {
+ return prefix_rule_t::cmp(rhs);
+ };
+
+ virtual void add_implied_rules(Profile &prof);
+
+ virtual int gen_policy_re(Profile &prof unused) { return RULE_OK; };
+
+protected:
+ virtual void warn_once(const char *name unused, const char *msg unused) { };
+ virtual void warn_once(const char *name unused) { };
+};
+
+#endif /* __AA_ALL_H */
diff --git a/parser/apparmor.7 b/parser/apparmor.7
deleted file mode 100644
index 4e518c775f383667818e0d0995e1ba5d9d61ae87..0000000000000000000000000000000000000000
--- a/parser/apparmor.7
+++ /dev/null
@@ -1,420 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "APPARMOR 7"
-.TH APPARMOR 7 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-AppArmor \- kernel enhancement to confine programs to a limited set of resources.
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-AppArmor is a kernel enhancement to confine programs to a limited set
-of resources. AppArmor's unique security model is to bind access control
-attributes to programs rather than to users.
-.PP
-AppArmor confinement is provided via \fIprofiles\fR loaded into the kernel
-via \fBapparmor_parser\fR\|(8), typically through the \fI/etc/init.d/apparmor\fR
-SysV initscript, which is used like this:
-.PP
-.Vb 3
-\& # /etc/init.d/apparmor start
-\& # /etc/init.d/apparmor stop
-\& # /etc/init.d/apparmor restart
-.Ve
-.PP
-AppArmor can operate in two modes: \fIenforcement\fR, and \fIcomplain or learning\fR:
-.IP "\(bu" 4
-\&\fIenforcement\fR \- Profiles loaded in enforcement mode will result
-in enforcement of the policy defined in the profile as well as reporting
-policy violation attempts to syslogd.
-.IP "\(bu" 4
-\&\fIcomplain\fR \- Profiles loaded in \f(CW\*(C`complain\*(C'\fR mode will not enforce policy.
-Instead, it will report policy violation attempts. This mode is convenient for
-developing profiles. To manage complain mode for individual profiles the
-utilities \fBaa\-complain\fR\|(8) and \fBaa\-enforce\fR\|(8) can be used.
-These utilities take a program name as an argument.
-.PP
-Profiles are traditionally stored in files in \fI/etc/apparmor.d/\fR
-under filenames with the convention of replacing the \fB/\fR in pathnames
-with \fB.\fR (except for the root \fB/\fR) so profiles are easier to manage
-(e.g. the \fI/usr/sbin/nscd\fR profile would be named \fIusr.sbin.nscd\fR).
-.PP
-Profiles are applied to a process at \fBexec\fR\|(3) time (as seen through the
-\&\fBexecve\fR\|(2) system call): once a profile is loaded for a program, that
-program will be confined on the next \fBexec\fR\|(3). If a process is already
-running under a profile, when one replaces that profile in the kernel,
-the updated profile is applied immediately to that process.
-On the other hand, a process that is already running unconfined cannot
-be confined.
-.PP
-AppArmor supports the Linux kernel's securityfs filesystem, and makes
-available the list of the profiles currently loaded; to mount the
-filesystem:
-.PP
-.Vb 5
-\& # mount \-tsecurityfs securityfs /sys/kernel/security
-\& $ cat /sys/kernel/security/apparmor/profiles
-\& /usr/bin/mutt
-\& /usr/bin/gpg
-\& ...
-.Ve
-.PP
-Normally, the initscript will mount securityfs if it has not already
-been done.
-.PP
-AppArmor also restricts what privileged operations a confined process
-may execute, even if the process is running as root. A confined process
-cannot call the following system calls:
-.PP
-.Vb 3
-\& create_module(2) delete_module(2) init_module(2) ioperm(2)
-\& iopl(2) ptrace(2) reboot(2) setdomainname(2)
-\& sethostname(2) swapoff(2) swapon(2) sysctl(2)
-.Ve
-.SS "Complain mode"
-.IX Subsection "Complain mode"
-Instead of denying access to resources the profile does not have a rule for
-AppArmor can \*(L"allow\*(R" the access and log a message for the operation
-that triggers it. This is called \fIcomplain mode\fR. It is important to
-note that rules that are present in the profile are still applied, so
-allow rules will still quiet or force audit messages, and deny rules
-will still result in denials and quieting of denial messages (see
-\&\fITurn off deny audit quieting\fR if this is a problem).
-.PP
-Complain mode can be used to develop profiles incrementally as an
-application is exercised. The logged accesses can be added to the
-profile and then can the application further excercised to discover further
-additions that are needed. Because AppArmor allows the accesses the
-application will behave as it would if AppArmor was not confining it.
-.PP
-\&\fBWarning\fR complain mode does not provide any security, only
-auditing, while it is enabled. It should not be used in a hostile
-environment or bad behaviors may be logged and added to the profile
-as if they are resource accesses that should be used by the
-application.
-.PP
-\&\fBNote\fR complain mode can be very noisy with new or empty profiles,
-but with developed profiles might not log anything if the profile
-covers the application behavior well. See \fIAudit Rate Limiting\fR if
-complain mode is generating too many log messages.
-.PP
-To set a profile and any children or hat profiles the profile may contain
-into complain mode use
-.PP
-.Vb 1
-\& aa\-complain /etc/apparmor.d/<the\-application>
-.Ve
-.PP
-To manually set a specific profile in complain mode, add the
-\&\f(CW\*(C`complain\*(C'\fR flag, and then manually reload the profile:
-.PP
-.Vb 1
-\& profile foo flags=(complain) { ... }
-.Ve
-.PP
-Note that the \f(CW\*(C`complain\*(C'\fR flag must also be added manually to any
-hats or children profiles of the profile or they will continue to
-use the previous mode.
-.PP
-To enable complain mode globally, run:
-.PP
-.Vb 1
-\& echo \-n complain > /sys/module/apparmor/parameters/mode
-.Ve
-.PP
-or to set it on boot add:
-.PP
-.Vb 1
-\& apparmor.mode=complain
-.Ve
-.PP
-as a kernel boot paramenter.
-.PP
-\&\fBWarning\fR Setting complain mode gloabally disables all apparmor
-security protections. It can be useful during debugging or profile
-development, but setting it selectively on a per profile basis is
-safer.
-.SH "ERRORS"
-.IX Header "ERRORS"
-When a confined process tries to access a file it does not have permission
-to access, the kernel will report a message through audit, similar to:
-.PP
-.Vb 3
-\& audit(1386511672.612:238): apparmor="DENIED" operation="exec"
-\& parent=7589 profile="/tmp/sh" name="/bin/uname" pid=7605
-\& comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
-\&
-\& audit(1386511672.613:239): apparmor="DENIED" operation="open"
-\& parent=7589 profile="/tmp/sh" name="/bin/uname" pid=7605
-\& comm="sh" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
-\&
-\& audit(1386511772.804:246): apparmor="DENIED" operation="capable"
-\& parent=7246 profile="/tmp/sh" pid=7589 comm="sh" pid=7589
-\& comm="sh" capability=2 capname="dac_override"
-.Ve
-.PP
-The permissions requested by the process are described in the operation=
-and denied_mask= (for files \- capabilities etc. use a slightly different
-log format).
-The \*(L"name\*(R" and process id of the running program are reported,
-as well as the profile name including any \*(L"hat\*(R" that may be active,
-separated by \*(L"//\*(R". (\*(L"Name\*(R"
-is in quotes, because the process name is limited to 15 bytes; it is the
-same as reported through the Berkeley process accounting.)
-.PP
-For confined processes running under a profile that has been loaded in
-complain mode, enforcement will not take place and the log messages
-reported to audit will be of the form:
-.PP
-.Vb 3
-\& audit(1386512577.017:275): apparmor="ALLOWED" operation="open"
-\& parent=8012 profile="/usr/bin/du" name="/etc/apparmor.d/tunables/"
-\& pid=8049 comm="du" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
-\&
-\& audit(1386512577.017:276): apparmor="ALLOWED" operation="open"
-\& parent=8012 profile="/usr/bin/du" name="/etc/apparmor.d/tunables/"
-\& pid=8049 comm="du" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
-.Ve
-.PP
-If the userland auditd is not running, the kernel will send audit events
-to klogd; klogd will send the messages to syslog, which will log the
-messages with the \s-1KERN\s0 facility. Thus, \s-1REJECTING\s0 and \s-1PERMITTING\s0 messages
-may go to either \fI/var/log/audit/audit.log\fR or \fI/var/log/messages\fR,
-depending upon local configuration.
-.SH "DEBUGGING"
-.IX Header "DEBUGGING"
-AppArmor provides a few facilities to log more information,
-which can help debugging profiles.
-.SS "Enable debug mode"
-.IX Subsection "Enable debug mode"
-When debug mode is enabled, AppArmor will log a few extra messages to
-dmesg (not via the audit subsystem). For example, the logs will tell
-whether environment scrubbing has been applied.
-.PP
-To enable debug mode, run:
-.PP
-.Vb 1
-\& echo 1 > /sys/module/apparmor/parameters/debug
-.Ve
-.PP
-or to set it on boot add:
-.PP
-.Vb 1
-\& apparmor.debug=1
-.Ve
-.PP
-as a kernel boot paramenter.
-.SS "Turn off deny audit quieting"
-.IX Subsection "Turn off deny audit quieting"
-By default, operations that trigger \f(CW\*(C`deny\*(C'\fR rules are not logged.
-This is called \fIdeny audit quieting\fR.
-.PP
-To turn off deny audit quieting, run:
-.PP
-.Vb 1
-\& echo \-n noquiet >/sys/module/apparmor/parameters/audit
-.Ve
-.PP
-or to set it on boot add:
-.PP
-.Vb 1
-\& apparmor.audit=noquiet
-.Ve
-.PP
-as a kernel boot paramenter.
-.SS "Force audit mode"
-.IX Subsection "Force audit mode"
-AppArmor can log a message for every operation that triggers a rule
-configured in the policy. This is called \fIforce audit mode\fR.
-.PP
-\&\fBWarning!\fR Force audit mode can be extremely noisy even for a single profile,
-let alone when enabled globally.
-.PP
-To set a specific profile in force audit mode, add the \f(CW\*(C`audit\*(C'\fR flag:
-.PP
-.Vb 1
-\& profile foo flags=(audit) { ... }
-.Ve
-.PP
-To enable force audit mode globally, run:
-.PP
-.Vb 1
-\& echo \-n all > /sys/module/apparmor/parameters/audit
-.Ve
-.PP
-or to set it on boot add:
-.PP
-.Vb 1
-\& apparmor.audit=all
-.Ve
-.PP
-as a kernel boot paramenter.
-.PP
-\&\fBAudit Rate Limiting\fR
-.PP
-If auditd is not running, to avoid losing too many of the extra log
-messages, you will likely have to turn off rate limiting by doing:
-.PP
-.Vb 1
-\& echo 0 > /proc/sys/kernel/printk_ratelimit
-.Ve
-.PP
-But even then the kernel ring buffer may overflow and you might
-lose messages.
-.PP
-Else, if auditd is running, see \fBauditd\fR\|(8) and \fBauditd.conf\fR\|(5).
-.SH "FILES"
-.IX Header "FILES"
-.IP "\fI/etc/init.d/apparmor\fR" 4
-.IX Item "/etc/init.d/apparmor"
-.PD 0
-.IP "\fI/etc/apparmor.d/\fR" 4
-.IX Item "/etc/apparmor.d/"
-.IP "\fI/var/lib/apparmor/\fR" 4
-.IX Item "/var/lib/apparmor/"
-.IP "\fI/var/log/audit/audit.log\fR" 4
-.IX Item "/var/log/audit/audit.log"
-.IP "\fI/var/log/messages\fR" 4
-.IX Item "/var/log/messages"
-.PD
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor_parser\fR\|(8), \fBaa_change_hat\fR\|(2), \fBapparmor.d\fR\|(5),
-\&\fBaa\-autodep\fR\|(1), \fBclean\fR\|(1),
-\&\fBauditd\fR\|(8),
-\&\fBaa\-unconfined\fR\|(8), \fBaa\-enforce\fR\|(1), \fBaa\-complain\fR\|(1), and
-<https://wiki.apparmor.net>.
diff --git a/parser/apparmor.7.html b/parser/apparmor.7.html
deleted file mode 100644
index 0c15736f55b3a53483f6ac35282d1e87b301cc1b..0000000000000000000000000000000000000000
--- a/parser/apparmor.7.html
+++ /dev/null
@@ -1,249 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>AppArmor - kernel enhancement to confine programs to a limited set of resources.</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> AppArmor - kernel enhancement to confine programs to a limited set of resources.</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a>
- <ul>
- <li><a href="#Complain-mode">Complain mode</a></li>
- </ul>
- </li>
- <li><a href="#ERRORS">ERRORS</a></li>
- <li><a href="#DEBUGGING">DEBUGGING</a>
- <ul>
- <li><a href="#Enable-debug-mode">Enable debug mode</a></li>
- <li><a href="#Turn-off-deny-audit-quieting">Turn off deny audit quieting</a></li>
- <li><a href="#Force-audit-mode">Force audit mode</a></li>
- </ul>
- </li>
- <li><a href="#FILES">FILES</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>AppArmor - kernel enhancement to confine programs to a limited set of resources.</p>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p>AppArmor is a kernel enhancement to confine programs to a limited set of resources. AppArmor's unique security model is to bind access control attributes to programs rather than to users.</p>
-
-<p>AppArmor confinement is provided via <i>profiles</i> loaded into the kernel via apparmor_parser(8), typically through the <i>/etc/init.d/apparmor</i> SysV initscript, which is used like this:</p>
-
-<pre><code># /etc/init.d/apparmor start
-# /etc/init.d/apparmor stop
-# /etc/init.d/apparmor restart</code></pre>
-
-<p>AppArmor can operate in two modes: <i>enforcement</i>, and <i>complain or learning</i>:</p>
-
-<ul>
-
-<li><p><i>enforcement</i> - Profiles loaded in enforcement mode will result in enforcement of the policy defined in the profile as well as reporting policy violation attempts to syslogd.</p>
-
-</li>
-<li><p><i>complain</i> - Profiles loaded in <code>complain</code> mode will not enforce policy. Instead, it will report policy violation attempts. This mode is convenient for developing profiles. To manage complain mode for individual profiles the utilities aa-complain(8) and aa-enforce(8) can be used. These utilities take a program name as an argument.</p>
-
-</li>
-</ul>
-
-<p>Profiles are traditionally stored in files in <i>/etc/apparmor.d/</i> under filenames with the convention of replacing the <b>/</b> in pathnames with <b>.</b> (except for the root <b>/</b>) so profiles are easier to manage (e.g. the <i>/usr/sbin/nscd</i> profile would be named <i>usr.sbin.nscd</i>).</p>
-
-<p>Profiles are applied to a process at exec(3) time (as seen through the execve(2) system call): once a profile is loaded for a program, that program will be confined on the next exec(3). If a process is already running under a profile, when one replaces that profile in the kernel, the updated profile is applied immediately to that process. On the other hand, a process that is already running unconfined cannot be confined.</p>
-
-<p>AppArmor supports the Linux kernel's securityfs filesystem, and makes available the list of the profiles currently loaded; to mount the filesystem:</p>
-
-<pre><code># mount -tsecurityfs securityfs /sys/kernel/security
-$ cat /sys/kernel/security/apparmor/profiles
-/usr/bin/mutt
-/usr/bin/gpg
- ...</code></pre>
-
-<p>Normally, the initscript will mount securityfs if it has not already been done.</p>
-
-<p>AppArmor also restricts what privileged operations a confined process may execute, even if the process is running as root. A confined process cannot call the following system calls:</p>
-
-<pre><code>create_module(2) delete_module(2) init_module(2) ioperm(2)
-iopl(2) ptrace(2) reboot(2) setdomainname(2)
-sethostname(2) swapoff(2) swapon(2) sysctl(2)</code></pre>
-
-<h2 id="Complain-mode">Complain mode</h2>
-
-<p>Instead of denying access to resources the profile does not have a rule for AppArmor can "allow" the access and log a message for the operation that triggers it. This is called <i>complain mode</i>. It is important to note that rules that are present in the profile are still applied, so allow rules will still quiet or force audit messages, and deny rules will still result in denials and quieting of denial messages (see <i>Turn off deny audit quieting</i> if this is a problem).</p>
-
-<p>Complain mode can be used to develop profiles incrementally as an application is exercised. The logged accesses can be added to the profile and then can the application further excercised to discover further additions that are needed. Because AppArmor allows the accesses the application will behave as it would if AppArmor was not confining it.</p>
-
-<p><b>Warning</b> complain mode does not provide any security, only auditing, while it is enabled. It should not be used in a hostile environment or bad behaviors may be logged and added to the profile as if they are resource accesses that should be used by the application.</p>
-
-<p><b>Note</b> complain mode can be very noisy with new or empty profiles, but with developed profiles might not log anything if the profile covers the application behavior well. See <i>Audit Rate Limiting</i> if complain mode is generating too many log messages.</p>
-
-<p>To set a profile and any children or hat profiles the profile may contain into complain mode use</p>
-
-<pre><code>aa-complain /etc/apparmor.d/<the-application></code></pre>
-
-<p>To manually set a specific profile in complain mode, add the <code>complain</code> flag, and then manually reload the profile:</p>
-
-<pre><code>profile foo flags=(complain) { ... }</code></pre>
-
-<p>Note that the <code>complain</code> flag must also be added manually to any hats or children profiles of the profile or they will continue to use the previous mode.</p>
-
-<p>To enable complain mode globally, run:</p>
-
-<pre><code>echo -n complain > /sys/module/apparmor/parameters/mode</code></pre>
-
-<p>or to set it on boot add:</p>
-
-<pre><code>apparmor.mode=complain</code></pre>
-
-<p>as a kernel boot paramenter.</p>
-
-<p><b>Warning</b> Setting complain mode gloabally disables all apparmor security protections. It can be useful during debugging or profile development, but setting it selectively on a per profile basis is safer.</p>
-
-<h1 id="ERRORS">ERRORS</h1>
-
-<p>When a confined process tries to access a file it does not have permission to access, the kernel will report a message through audit, similar to:</p>
-
-<pre><code>audit(1386511672.612:238): apparmor="DENIED" operation="exec"
- parent=7589 profile="/tmp/sh" name="/bin/uname" pid=7605
- comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
-
-audit(1386511672.613:239): apparmor="DENIED" operation="open"
- parent=7589 profile="/tmp/sh" name="/bin/uname" pid=7605
- comm="sh" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
-
-audit(1386511772.804:246): apparmor="DENIED" operation="capable"
- parent=7246 profile="/tmp/sh" pid=7589 comm="sh" pid=7589
- comm="sh" capability=2 capname="dac_override"</code></pre>
-
-<p>The permissions requested by the process are described in the operation= and denied_mask= (for files - capabilities etc. use a slightly different log format). The "name" and process id of the running program are reported, as well as the profile name including any "hat" that may be active, separated by "//". ("Name" is in quotes, because the process name is limited to 15 bytes; it is the same as reported through the Berkeley process accounting.)</p>
-
-<p>For confined processes running under a profile that has been loaded in complain mode, enforcement will not take place and the log messages reported to audit will be of the form:</p>
-
-<pre><code>audit(1386512577.017:275): apparmor="ALLOWED" operation="open"
- parent=8012 profile="/usr/bin/du" name="/etc/apparmor.d/tunables/"
- pid=8049 comm="du" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
-
-audit(1386512577.017:276): apparmor="ALLOWED" operation="open"
- parent=8012 profile="/usr/bin/du" name="/etc/apparmor.d/tunables/"
- pid=8049 comm="du" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0</code></pre>
-
-<p>If the userland auditd is not running, the kernel will send audit events to klogd; klogd will send the messages to syslog, which will log the messages with the KERN facility. Thus, REJECTING and PERMITTING messages may go to either <i>/var/log/audit/audit.log</i> or <i>/var/log/messages</i>, depending upon local configuration.</p>
-
-<h1 id="DEBUGGING">DEBUGGING</h1>
-
-<p>AppArmor provides a few facilities to log more information, which can help debugging profiles.</p>
-
-<h2 id="Enable-debug-mode">Enable debug mode</h2>
-
-<p>When debug mode is enabled, AppArmor will log a few extra messages to dmesg (not via the audit subsystem). For example, the logs will tell whether environment scrubbing has been applied.</p>
-
-<p>To enable debug mode, run:</p>
-
-<pre><code>echo 1 > /sys/module/apparmor/parameters/debug</code></pre>
-
-<p>or to set it on boot add:</p>
-
-<pre><code>apparmor.debug=1</code></pre>
-
-<p>as a kernel boot paramenter.</p>
-
-<h2 id="Turn-off-deny-audit-quieting">Turn off deny audit quieting</h2>
-
-<p>By default, operations that trigger <code>deny</code> rules are not logged. This is called <i>deny audit quieting</i>.</p>
-
-<p>To turn off deny audit quieting, run:</p>
-
-<pre><code>echo -n noquiet >/sys/module/apparmor/parameters/audit</code></pre>
-
-<p>or to set it on boot add:</p>
-
-<pre><code>apparmor.audit=noquiet</code></pre>
-
-<p>as a kernel boot paramenter.</p>
-
-<h2 id="Force-audit-mode">Force audit mode</h2>
-
-<p>AppArmor can log a message for every operation that triggers a rule configured in the policy. This is called <i>force audit mode</i>.</p>
-
-<p><b>Warning!</b> Force audit mode can be extremely noisy even for a single profile, let alone when enabled globally.</p>
-
-<p>To set a specific profile in force audit mode, add the <code>audit</code> flag:</p>
-
-<pre><code>profile foo flags=(audit) { ... }</code></pre>
-
-<p>To enable force audit mode globally, run:</p>
-
-<pre><code>echo -n all > /sys/module/apparmor/parameters/audit</code></pre>
-
-<p>or to set it on boot add:</p>
-
-<pre><code>apparmor.audit=all</code></pre>
-
-<p>as a kernel boot paramenter.</p>
-
-<p><b>Audit Rate Limiting</b></p>
-
-<p>If auditd is not running, to avoid losing too many of the extra log messages, you will likely have to turn off rate limiting by doing:</p>
-
-<pre><code>echo 0 > /proc/sys/kernel/printk_ratelimit</code></pre>
-
-<p>But even then the kernel ring buffer may overflow and you might lose messages.</p>
-
-<p>Else, if auditd is running, see auditd(8) and auditd.conf(5).</p>
-
-<h1 id="FILES">FILES</h1>
-
-<dl>
-
-<dt id="etc-init.d-apparmor"><i>/etc/init.d/apparmor</i></dt>
-<dd>
-
-</dd>
-<dt id="etc-apparmor.d"><i>/etc/apparmor.d/</i></dt>
-<dd>
-
-</dd>
-<dt id="var-lib-apparmor"><i>/var/lib/apparmor/</i></dt>
-<dd>
-
-</dd>
-<dt id="var-log-audit-audit.log"><i>/var/log/audit/audit.log</i></dt>
-<dd>
-
-</dd>
-<dt id="var-log-messages"><i>/var/log/messages</i></dt>
-<dd>
-
-</dd>
-</dl>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor_parser(8), aa_change_hat(2), apparmor.d(5), aa-autodep(1), clean(1), auditd(8), aa-unconfined(8), aa-enforce(1), aa-complain(1), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> AppArmor - kernel enhancement to confine programs to a limited set of resources.</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/parser/apparmor.d.5 b/parser/apparmor.d.5
deleted file mode 100644
index c654e7201d3388ddad674ddf95c0054b22b2d19e..0000000000000000000000000000000000000000
--- a/parser/apparmor.d.5
+++ /dev/null
@@ -1,1912 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "APPARMOR.D 5"
-.TH APPARMOR.D 5 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-apparmor.d \- syntax of security profiles for AppArmor.
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-AppArmor profiles describe mandatory access rights granted to given
-programs and are fed to the AppArmor policy enforcement module using
-\&\fBapparmor_parser\fR\|(8). This man page describes the format of the AppArmor
-configuration files; see \fBapparmor\fR\|(7) for an overview of AppArmor.
-.SH "FORMAT"
-.IX Header "FORMAT"
-AppArmor policy is written in a declarative language, in which the
-order of rules within a given section or block does not
-matter. Policy is by convention written so that it is contained in
-multiple files, but this is not a requirement. It could just as easily
-be written in a single file. The policy language is compiled to a
-architecture independent binary format that is loaded into the kernel
-for enforcement.
-.PP
-The base unit of AppArmor confinement is the profile. It contains a
-set of rules which are enforced when the profile is associated with a
-running program. The rules within the profile provide a whitelist of
-different permission that are allowed, along with a few other special
-rules.
-.PP
-The text in AppArmor policy is split into two sections, the preamble
-and the profile definitions. The preamble must occur at the head of
-the file and once profile definitions begin, no more preamble rules
-are allowed (even in files that are included into the profile). When
-AppArmor policy (set of profiles) is split across multiple files, each
-file can have its own preamble section, which may be the same or
-different from other files preamble. Files included within a profile
-section can not have a preamble section.
-.PP
-The following is a BNF-style description of AppArmor policy
-configuration files; see below for an example AppArmor policy file.
-AppArmor configuration files are line-oriented; \fB#\fR introduces a
-comment, similar to shell scripting languages. The exception to this
-rule is that \fB#include\fR will \fIinclude\fR the contents of a file inline
-to the policy; this behaviour is modelled after \fBcpp\fR\|(1).
-.Sp
-.RS 4
-\&\fB\s-1PROFILE FILE\s0\fR = ( [ \fI\s-1PREAMBLE\s0\fR ] [ \fI\s-1PROFILE\s0\fR ] )*
-.Sp
-\&\fB\s-1PREAMBLE\s0\fR = ( \fI\s-1COMMENT\s0\fR | \fI\s-1VARIABLE ASSIGNMENT\s0\fR | \fI\s-1ALIAS RULE\s0\fR | \fI\s-1INCLUDE\s0\fR | \fI\s-1ABI\s0\fR )*
- Variable assignment and alias rules must come before the profile.
-.Sp
-\&\fB\s-1VARIABLE ASSIGNMENT\s0\fR = \fI\s-1VARIABLE\s0\fR ('=' | '+=') (space separated values)
-.Sp
-\&\fB\s-1VARIABLE\s0\fR = '@{' \fI\s-1ALPHA\s0\fR [ ( \fI\s-1ALPHANUMERIC\s0\fR | '_' ) ... ] '}'
-.Sp
-\&\fB\s-1ALIAS RULE\s0\fR = 'alias' \fI\s-1ABS PATH\s0\fR '\->' \fI\s-1REWRITTEN ABS PATH\s0\fR ','
-.Sp
-\&\fB\s-1INCLUDE\s0\fR = ( '#include' | 'include' ) [ 'if exists' ] ( \fI\s-1ABS PATH\s0\fR | \fI\s-1MAGIC PATH\s0\fR )
-.Sp
-\&\fB\s-1ABI\s0\fR = ( 'abi' ) ( \fI\s-1ABS PATH\s0\fR | \fI\s-1MAGIC PATH\s0\fR ) ','
-.Sp
-\&\fB\s-1ABS PATH\s0\fR = '\*(L"' path '\*(R"' (the path is passed to \fBopen\fR\|(2))
-.Sp
-\&\fB\s-1MAGIC PATH\s0\fR = '<' relative path '>'
- The path is relative to \fI/etc/apparmor.d/\fR.
-.Sp
-\&\fB\s-1COMMENT\s0\fR = '#' \fI\s-1TEXT\s0\fR [ '\er' ] '\en'
-.Sp
-\&\fB\s-1TEXT\s0\fR = any characters
-.Sp
-\&\fB\s-1PROFILE\s0\fR = ( \fI\s-1PROFILE HEAD\s0\fR ) [ \fI\s-1ATTACHMENT SPECIFICATION\s0\fR ] [ \fI\s-1PROFILE FLAG CONDS\s0\fR ] '{' ( \fI\s-1RULES\s0\fR )* '}'
-.Sp
-\&\fB\s-1PROFILE HEAD\s0\fR = [ 'profile' ] \fI\s-1FILEGLOB\s0\fR | 'profile' \fI\s-1PROFILE NAME\s0\fR
-.Sp
-\&\fB\s-1PROFILE NAME\s0\fR ( \fI\s-1UNQUOTED PROFILE NAME\s0\fR | \fI\s-1QUOTED PROFILE NAME\s0\fR )
-.Sp
-\&\fB\s-1QUOTED PROFILE NAME\s0\fR = '"' \fI\s-1UNQUOTED PROFILE NAME\s0\fR '"'
-.Sp
-\&\fB\s-1UNQUOTED PROFILE NAME\s0\fR = (must start with alphanumeric character (after variable expansion), or '/' \fB\s-1AARE\s0\fR have special meanings; see below. May include \fI\s-1VARIABLE\s0\fR. Rules with embedded spaces or tabs must be quoted.)
-.Sp
-\&\fB\s-1ATTACHMENT SPECIFICATION\s0\fR = [ \fI\s-1PROFILE_EXEC_COND\s0\fR ] [ \fI\s-1PROFILE XATTR CONDS\s0\fR ]
-.Sp
-\&\fB\s-1PROFILE_EXEC_COND\s0\fR = \fI\s-1FILEGLOB\s0\fR
-.Sp
-\&\fB\s-1PROFILE XATTR CONDS\s0\fR = [ 'xattrs=' ] '(' comma or white space separated list of \fI\s-1PROFILE XATTR\s0\fR ')'
-.Sp
-\&\fB\s-1PROFILE XATTR\s0\fR = extended attribute name '=' \fI\s-1XATTR VALUE FILEGLOB\s0\fR
-.Sp
-\&\fB\s-1XATTR VALUE FILEGLOB\s0\fR = \fI\s-1FILEGLOB\s0\fR
-.Sp
-\&\fB\s-1PROFILE FLAG CONDS\s0\fR = [ 'flags=' ] '(' comma or white space separated list of \fI\s-1PROFILE FLAGS\s0\fR ')'
-.Sp
-\&\fB\s-1PROFILE FLAGS\s0\fR = \fI\s-1PROFILE MODE\s0\fR | \fI\s-1AUDIT_MODE\s0\fR | 'mediate_deleted' | 'attach_disconnected' | 'chroot_relative'
-.Sp
-\&\fB\s-1PROFILE MODE\s0\fR = 'enforce' | 'complain' | 'kill' | 'unconfined'
-.Sp
-\&\fB\s-1AUDIT MODE\s0\fR = 'audit'
-.Sp
-\&\fB\s-1RULES\s0\fR = [ ( \fI\s-1LINE RULES\s0\fR | \fI\s-1COMMA RULES\s0\fR ',' | \fI\s-1BLOCK RULES\s0\fR )
-.Sp
-\&\fB\s-1LINE RULES\s0\fR = ( \fI\s-1COMMENT\s0\fR | \fI\s-1INCLUDE\s0\fR ) [ '\er' ] '\en'
-.Sp
-\&\fB\s-1COMMA RULES\s0\fR = ( \fI\s-1CAPABILITY RULE\s0\fR | \fI\s-1NETWORK RULE\s0\fR | \fI\s-1MOUNT RULE\s0\fR | \fI\s-1PIVOT ROOT RULE\s0\fR | \fI\s-1UNIX RULE\s0\fR | \fI\s-1FILE RULE\s0\fR | \fI\s-1LINK RULE\s0\fR | \fI\s-1CHANGE_PROFILE RULE\s0\fR | \fI\s-1RLIMIT RULE\s0\fR | \fI\s-1DBUS RULE\s0\fR )
-.Sp
-\&\fB\s-1BLOCK RULES\s0\fR = ( \fI\s-1SUBPROFILE\s0\fR | \fI\s-1HAT\s0\fR | \fI\s-1QUALIFIER BLOCK\s0\fR )
-.Sp
-\&\fB\s-1SUBPROFILE\s0\fR = 'profile' \fI\s-1PROFILE NAME\s0\fR [ \fI\s-1ATTACHMENT SPECIFICATION\s0\fR ] [ \fI\s-1PROFILE FLAG CONDS\s0\fR ] '{' ( \fI\s-1RULES\s0\fR )* '}'
-.Sp
-\&\fB\s-1HAT\s0\fR = ('hat' | '^') \fI\s-1HATNAME\s0\fR [ \fI\s-1PROFILE FLAG CONDS\s0\fR ] '{' ( \fI\s-1RULES\s0\fR )* '}'
-.Sp
-\&\fB\s-1HATNAME\s0\fR = (must start with alphanumeric character. See \fBaa_change_hat\fR\|(2) for a description of how this \*(L"hat\*(R" is used. If '^' is used to start a hat then there is no space between the '^' and \fI\s-1HATNAME\s0\fR)
-.Sp
-\&\fB\s-1QUALIFIER BLOCK\s0\fR = \fI\s-1QUALIFIERS\s0\fR \fI\s-1BLOCK\s0\fR
-.Sp
-\&\fB\s-1ACCESS TYPE\s0\fR = ( 'allow' | 'deny' )
-.Sp
-\&\fB\s-1QUALIFIERS\s0\fR = [ 'audit' ] [ \fI\s-1ACCESS TYPE\s0\fR ]
-.Sp
-\&\fB\s-1CAPABILITY RULE\s0\fR = [ \fI\s-1QUALIFIERS\s0\fR ] 'capability' [ \fI\s-1CAPABILITY LIST\s0\fR ]
-.Sp
-\&\fB\s-1CAPABILITY LIST\s0\fR = ( \fI\s-1CAPABILITY\s0\fR )+
-.Sp
-\&\fB\s-1CAPABILITY\s0\fR = (lowercase capability name without '\s-1CAP_\s0' prefix; see
-\&\fBcapabilities\fR\|(7))
-.Sp
-\&\fB\s-1NETWORK RULE\s0\fR = [ \fI\s-1QUALIFIERS\s0\fR ] 'network' [ \fI\s-1DOMAIN\s0\fR ] [ \fI\s-1TYPE\s0\fR | \fI\s-1PROTOCOL\s0\fR ]
-.Sp
-\&\fB\s-1DOMAIN\s0\fR = ( 'unix' | 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' | 'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' | 'netbeui' | 'security' | 'key' | 'netlink' | 'packet' | 'ash' | 'econet' | 'atmsvc' | 'rds' | 'sna' | 'irda' | 'pppox' | 'wanpipe' | 'llc' | 'ib' | 'mpls' | 'can' | 'tipc' | 'bluetooth' | 'iucv' | 'rxrpc' | 'isdn' | 'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' | 'vsock' | 'kcm' | 'qipcrtr' | 'smc' | 'xdp' | 'mctp' ) ','
-.Sp
-\&\fB\s-1TYPE\s0\fR = ( 'stream' | 'dgram' | 'seqpacket' | 'rdm' | 'raw' | 'packet' )
-.Sp
-\&\fB\s-1PROTOCOL\s0\fR = ( 'tcp' | 'udp' | 'icmp' )
-.Sp
-\&\fB\s-1MOUNT RULE\s0\fR = ( \fI\s-1MOUNT\s0\fR | \fI\s-1REMOUNT\s0\fR | \fI\s-1UMOUNT\s0\fR )
-.Sp
-\&\fB\s-1MOUNT\s0\fR = [ \fI\s-1QUALIFIERS\s0\fR ] 'mount' [ \fI\s-1MOUNT CONDITIONS\s0\fR ] [ \fI\s-1SOURCE FILEGLOB\s0\fR ] [ '\->' [ \fI\s-1MOUNTPOINT FILEGLOB\s0\fR ]
-.Sp
-\&\fB\s-1REMOUNT\s0\fR = [ \fI\s-1QUALIFIERS\s0\fR ] 'remount' [ \fI\s-1MOUNT CONDITIONS\s0\fR ] \fI\s-1MOUNTPOINT FILEGLOB\s0\fR
-.Sp
-\&\fB\s-1UMOUNT\s0\fR = [ \fI\s-1QUALIFIERS\s0\fR ] 'umount' [ \fI\s-1MOUNT CONDITIONS\s0\fR ] \fI\s-1MOUNTPOINT FILEGLOB\s0\fR
-.Sp
-\&\fB\s-1MOUNT CONDITIONS\s0\fR = [ ( 'fstype' | 'vfstype' ) ( '=' | 'in' ) \fI\s-1MOUNT FSTYPE EXPRESSION\s0\fR ] [ 'options' ( '=' | 'in' ) \fI\s-1MOUNT FLAGS EXPRESSION\s0\fR ]
-.Sp
-\&\fB\s-1MOUNT FSTYPE EXPRESSION\s0\fR = ( \fI\s-1MOUNT FSTYPE LIST\s0\fR | \fI\s-1MOUNT EXPRESSION\s0\fR )
-.Sp
-\&\fB\s-1MOUNT FSTYPE LIST\s0\fR = Comma separated list of valid filesystem and virtual filesystem types (eg ext4, debugfs, devfs, etc)
-.Sp
-\&\fB\s-1MOUNT FLAGS EXPRESSION\s0\fR = ( \fI\s-1MOUNT FLAGS LIST\s0\fR | \fI\s-1MOUNT EXPRESSION\s0\fR )
-.Sp
-\&\fB\s-1MOUNT FLAGS LIST\s0\fR = Comma separated list of \fI\s-1MOUNT FLAGS\s0\fR.
-.Sp
-\&\fB\s-1MOUNT FLAGS\s0\fR = ( 'ro' | 'rw' | 'nosuid' | 'suid' | 'nodev' | 'dev' | 'noexec' | 'exec' | 'sync' | 'async' | 'remount' | 'mand' | 'nomand' | 'dirsync' | 'noatime' | 'atime' | 'nodiratime' | 'diratime' | 'bind' | 'rbind' | 'move' | 'verbose' | 'silent' | 'loud' | 'acl' | 'noacl' | 'unbindable' | 'runbindable' | 'private' | 'rprivate' | 'slave' | 'rslave' | 'shared' | 'rshared' | 'relatime' | 'norelatime' | 'iversion' | 'noiversion' | 'strictatime' | 'nostrictatime' | 'lazytime' | 'nolazytime' | 'nouser' | 'user' | 'symfollow' | 'nosymfollow' )
-.Sp
-\&\fB\s-1MOUNT EXPRESSION\s0\fR = ( \fI\s-1ALPHANUMERIC\s0\fR | \fI\s-1AARE\s0\fR ) ...
-.Sp
-\&\fB\s-1PIVOT ROOT RULE\s0\fR = [ \fI\s-1QUALIFIERS\s0\fR ] pivot_root [ oldroot=\fI\s-1OLD PUT FILEGLOB\s0\fR ] [ \fI\s-1NEW ROOT FILEGLOB\s0\fR ] [ '\->' \fI\s-1PROFILE NAME\s0\fR ]
-.Sp
-\&\fB\s-1SOURCE FILEGLOB\s0\fR = \fI\s-1FILEGLOB\s0\fR
-.Sp
-\&\fB\s-1MOUNTPOINT FILEGLOB\s0\fR = \fI\s-1FILEGLOB\s0\fR
-.Sp
-\&\fB\s-1OLD PUT FILEGLOB\s0\fR = \fI\s-1FILEGLOB\s0\fR
-.Sp
-\&\fB\s-1PTRACE_RULE\s0\fR = [ \fI\s-1QUALIFIERS\s0\fR ] 'ptrace' [ \fI\s-1PTRACE ACCESS PERMISSIONS\s0\fR ] [ \fI\s-1PTRACE PEER\s0\fR ]
-.Sp
-\&\fB\s-1PTRACE ACCESS PERMISSIONS\s0\fR = \fI\s-1PTRACE ACCESS\s0\fR | \fI\s-1PTRACE ACCESS LIST\s0\fR
-.Sp
-\&\fB\s-1PTRACE ACCESS LIST\s0\fR = '(' Comma or space separated list of \fI\s-1PTRACE ACCESS\s0\fR ')'
-.Sp
-\&\fB\s-1PTRACE ACCESS\s0\fR = ( 'r' | 'w' | 'rw' | 'read' | 'readby' | 'trace' | 'tracedby' )
-.Sp
-\&\fB\s-1PTRACE PEER\s0\fR = 'peer' '=' \fI\s-1AARE\s0\fR
-.Sp
-\&\fB\s-1SIGNAL_RULE\s0\fR = [ \fI\s-1QUALIFIERS\s0\fR ] 'signal' [ \fI\s-1SIGNAL ACCESS PERMISSIONS\s0\fR ] [ \fI\s-1SIGNAL SET\s0\fR ] [ \fI\s-1SIGNAL PEER\s0\fR ]
-.Sp
-\&\fB\s-1SIGNAL ACCESS PERMISSIONS\s0\fR = \fI\s-1SIGNAL ACCESS\s0\fR | \fI\s-1SIGNAL ACCESS LIST\s0\fR
-.Sp
-\&\fB\s-1SIGNAL ACCESS LIST\s0\fR = '(' Comma or space separated list of \fI\s-1SIGNAL ACCESS\s0\fR ')'
-.Sp
-\&\fB\s-1SIGNAL ACCESS\s0\fR = ( 'r' | 'w' | 'rw' | 'read' | 'write' | 'send' | 'receive' )
-.Sp
-\&\fB\s-1SIGNAL SET\s0\fR = 'set' '=' '(' \fI\s-1SIGNAL LIST\s0\fR ')'
-.Sp
-\&\fB\s-1SIGNAL LIST\s0\fR = Comma or space separated list of \fI\s-1SIGNALS\s0\fR
-.Sp
-\&\fB\s-1SIGNALS\s0\fR = ( 'hup' | 'int' | 'quit' | 'ill' | 'trap' | 'abrt' | 'bus' | 'fpe' | 'kill' | 'usr1' | 'segv' | 'usr2' | 'pipe' | 'alrm' | 'term' | 'stkflt' | 'chld' | 'cont' | 'stop' | 'stp' | 'ttin' | 'ttou' | 'urg' | 'xcpu' | 'xfsz' | 'vtalrm' | 'prof' | 'winch' | 'io' | 'pwr' | 'sys' | 'emt' | 'exists' | 'rtmin+0' ... 'rtmin+32' )
-.Sp
-\&\fB\s-1SIGNAL PEER\s0\fR = 'peer' '=' \fI\s-1AARE\s0\fR
-.Sp
-\&\fB\s-1DBUS RULE\s0\fR = ( \fI\s-1DBUS MESSAGE RULE\s0\fR | \fI\s-1DBUS SERVICE RULE\s0\fR | \fI\s-1DBUS EAVESDROP RULE\s0\fR | \fI\s-1DBUS COMBINED RULE\s0\fR )
-.Sp
-\&\fB\s-1DBUS MESSAGE RULE\s0\fR = [ \fI\s-1QUALIFIERS\s0\fR ] 'dbus' [ \fI\s-1DBUS ACCESS EXPRESSION\s0\fR ] [ \fI\s-1DBUS BUS\s0\fR ] [ \fI\s-1DBUS PATH\s0\fR ] [ \fI\s-1DBUS INTERFACE\s0\fR ] [ \fI\s-1DBUS MEMBER\s0\fR ] [ \fI\s-1DBUS PEER\s0\fR ]
-.Sp
-\&\fB\s-1DBUS SERVICE RULE\s0\fR = [ \fI\s-1QUALIFIERS\s0\fR ] 'dbus' [ \fI\s-1DBUS ACCESS EXPRESSION\s0\fR ] [ \fI\s-1DBUS BUS\s0\fR ] [ \fI\s-1DBUS NAME\s0\fR ]
-.Sp
-\&\fB\s-1DBUS EAVESDROP RULE\s0\fR = [ \fI\s-1QUALIFIERS\s0\fR ] 'dbus' [ \fI\s-1DBUS ACCESS EXPRESSION\s0\fR ] [ \fI\s-1DBUS BUS\s0\fR ]
-.Sp
-\&\fB\s-1DBUS COMBINED RULE\s0\fR = [ \fI\s-1QUALIFIERS\s0\fR ] 'dbus' [ \fI\s-1DBUS ACCESS EXPRESSION\s0\fR ] [ \fI\s-1DBUS BUS\s0\fR ]
-.Sp
-\&\fB\s-1DBUS ACCESS EXPRESSION\s0\fR = ( \fI\s-1DBUS ACCESS\s0\fR | '(' \fI\s-1DBUS ACCESS LIST\s0\fR ')' )
-.Sp
-\&\fB\s-1DBUS BUS\s0\fR = 'bus' '=' '(' 'system' | 'session' | '"' \fI\s-1AARE\s0\fR '"' | \fI\s-1AARE\s0\fR ')'
-.Sp
-\&\fB\s-1DBUS PATH\s0\fR = 'path' '=' '(' '"' \fI\s-1AARE\s0\fR '"' | \fI\s-1AARE\s0\fR ')'
-.Sp
-\&\fB\s-1DBUS INTERFACE\s0\fR = 'interface' '=' '(' '"' \fI\s-1AARE\s0\fR '"' | \fI\s-1AARE\s0\fR ')'
-.Sp
-\&\fB\s-1DBUS MEMBER\s0\fR = 'member' '=' '(' '"' \fI\s-1AARE\s0\fR '"' | \fI\s-1AARE\s0\fR ')'
-.Sp
-\&\fB\s-1DBUS PEER\s0\fR = 'peer' '=' '(' [ \fI\s-1DBUS NAME\s0\fR ] [ \fI\s-1DBUS LABEL\s0\fR ] ')'
-.Sp
-\&\fB\s-1DBUS NAME\s0\fR = 'name' '=' '(' '"' \fI\s-1AARE\s0\fR '"' | \fI\s-1AARE\s0\fR ')'
-.Sp
-\&\fB\s-1DBUS LABEL\s0\fR = 'label' '=' '(' '"' \fI\s-1AARE\s0\fR '"' | \fI\s-1AARE\s0\fR ')'
-.Sp
-\&\fB\s-1DBUS ACCESS LIST\s0\fR = Comma separated list of \fI\s-1DBUS ACCESS\s0\fR
-.Sp
-\&\fB\s-1DBUS ACCESS\s0\fR = ( 'send' | 'receive' | 'bind' | 'eavesdrop' | 'r' | 'read' | 'w' | 'write' | 'rw' )
- Some accesses are incompatible with some rules; see below.
-.Sp
-\&\fB\s-1UNIX RULE\s0\fR = [ \fI\s-1QUALIFIERS\s0\fR ] 'unix' [ \fI\s-1UNIX ACCESS EXPR\s0\fR ] [ \fI\s-1UNIX RULE CONDS\s0\fR ] [ \fI\s-1UNIX LOCAL EXPR\s0\fR ] [ \fI\s-1UNIX PEER EXPR\s0\fR ]
-.Sp
-\&\fB\s-1UNIX ACCESS EXPR\s0\fR = ( \fI\s-1UNIX ACCESS\s0\fR | \fI\s-1UNIX ACCESS LIST\s0\fR )
-.Sp
-\&\fB\s-1UNIX ACCESS\s0\fR = ( 'create' | 'bind' | 'listen' | 'accept' | 'connect' | 'shutdown' | 'getattr' | 'setattr' | 'getopt' | 'setopt' | 'send' | 'receive' | 'r' | 'w' | 'rw' )
- Some access modes are incompatible with some rules or require additional parameters.
-.Sp
-\&\fB\s-1UNIX ACCESS LIST\s0\fR = '(' \fI\s-1UNIX ACCESS\s0\fR ( [','] \fI\s-1UNIX ACCESS\s0\fR )* ')'
-.Sp
-\&\fB\s-1UNIX RULE CONDS\s0\fR = ( \fI\s-1TYPE COND\s0\fR | \fI\s-1PROTO COND\s0\fR )
- Each cond can appear at most once.
-.Sp
-\&\fB\s-1TYPE COND\s0\fR = 'type' '=' ( \fI\s-1AARE\s0\fR | '(' ( '"' \fI\s-1AARE\s0\fR '"' | \fI\s-1AARE\s0\fR )+ ')' )
-.Sp
-\&\fB\s-1PROTO COND\s0\fR = 'protocol' '=' ( \fI\s-1AARE\s0\fR | '(' ( '"' \fI\s-1AARE\s0\fR '"' | \fI\s-1AARE\s0\fR )+ ')' )
-.Sp
-\&\fB\s-1UNIX LOCAL EXPR\s0\fR = ( \fI\s-1UNIX ADDRESS COND\s0\fR | \fI\s-1UNIX LABEL COND\s0\fR | \fI\s-1UNIX ATTR COND\s0\fR | \fI\s-1UNIX OPT COND\s0\fR )*
- Each cond can appear at most once.
-.Sp
-\&\fB\s-1UNIX PEER EXPR\s0\fR = 'peer' '=' ( \fI\s-1UNIX ADDRESS COND\s0\fR | \fI\s-1UNIX LABEL COND\s0\fR )+
- Each cond can appear at most once.
-.Sp
-\&\fB\s-1UNIX ADDRESS COND\s0\fR 'addr' '=' ( \fI\s-1AARE\s0\fR | '(' '"' \fI\s-1AARE\s0\fR '"' | \fI\s-1AARE\s0\fR ')' )
-.Sp
-\&\fB\s-1UNIX LABEL COND\s0\fR 'label' '=' ( \fI\s-1AARE\s0\fR | '(' '"' \fI\s-1AARE\s0\fR '"' | \fI\s-1AARE\s0\fR ')' )
-.Sp
-\&\fB\s-1UNIX ATTR COND\s0\fR 'attr' '=' ( \fI\s-1AARE\s0\fR | '(' '"' \fI\s-1AARE\s0\fR '"' | \fI\s-1AARE\s0\fR ')' )
-.Sp
-\&\fB\s-1UNIX OPT COND\s0\fR 'opt' '=' ( \fI\s-1AARE\s0\fR | '(' '"' \fI\s-1AARE\s0\fR '"' | \fI\s-1AARE\s0\fR ')' )
-.Sp
-\&\fB\s-1RLIMIT RULE\s0\fR = 'set' 'rlimit' [\fI\s-1RLIMIT\s0\fR '<=' \fI\s-1RLIMIT VALUE\s0\fR ]
-.Sp
-\&\fB\s-1RLIMIT\s0\fR = ( 'cpu' | 'fsize' | 'data' | 'stack' | 'core' | 'rss' | 'nofile' | 'ofile' | 'as' | 'nproc' | 'memlock' | 'locks' | 'sigpending' | 'msgqueue' | 'nice' | 'rtprio' | 'rttime' )
-.Sp
-\&\fB\s-1RLIMIT VALUE\s0\fR = ( \fI\s-1RLIMIT SIZE\s0\fR | \fI\s-1RLIMIT NUMBER\s0\fR | \fI\s-1RLIMIT TIME\s0\fR | \fI\s-1RLIMIT NICE\s0\fR )
-.Sp
-\&\fB\s-1RLIMIT SIZE\s0\fR = \fI\s-1NUMBER\s0\fR ( 'K' | 'M' | 'G' )
- Only applies to \s-1RLIMIT\s0 of 'fsize', 'data', 'stack', 'core', 'rss', 'as', 'memlock', 'msgqueue'.
-.Sp
-\&\fB\s-1RLIMIT NUMBER\s0\fR = number from 0 to max rlimit value.
- Only applies to \s-1RLIMIT\s0 of 'ofile', 'nofile', 'locks', 'sigpending', 'nproc', 'rtprio'.
-.Sp
-\&\fB\s-1RLIMIT TIME\s0\fR = \fI\s-1NUMBER\s0\fR ( 'us' | 'microsecond' | 'microseconds' | 'ms' | 'millisecond' | 'milliseconds' | 's' | 'sec' | 'second' | 'seconds' | 'min' | 'minute' | 'minutes' | 'h' | 'hour' | 'hours' | 'd' | 'day' | 'days' | 'week' | 'weeks' )
- Only applies to \s-1RLIMIT\s0 of 'cpu' and 'rttime'. \s-1RLIMIT\s0 'cpu' only allows units >= 'seconds'.
-.Sp
-\&\fB\s-1RLIMIT NICE\s0\fR = a number between \-20 and 19.
- Only applies to \s-1RLIMIT\s0 of 'nice'.
-.Sp
-\&\fB\s-1FILE RULE\s0\fR = [ \fI\s-1QUALIFIERS\s0\fR ] [ 'owner' ] ( 'file' | [ 'file' ] ( \fI\s-1FILEGLOB\s0\fR \fI\s-1ACCESS\s0\fR | \fI\s-1ACCESS\s0\fR \fI\s-1FILEGLOB\s0\fR ) [ '\->' \fI\s-1EXEC TARGET\s0\fR ] )
-.Sp
-\&\fB\s-1FILEGLOB\s0\fR = ( \fI\s-1QUOTED FILEGLOB\s0\fR | \fI\s-1UNQUOTED FILEGLOB\s0\fR )
-.Sp
-\&\fB\s-1QUOTED FILEGLOB\s0\fR = '"' \fI\s-1UNQUOTED FILEGLOB\s0\fR '"'
-.Sp
-\&\fB\s-1UNQUOTED FILEGLOB\s0\fR = (must start with '/' (after variable expansion), \fB\s-1AARE\s0\fR have special meanings; see below. May include \fI\s-1VARIABLE\s0\fR. Rules with embedded spaces or tabs must be quoted. Rules must end with '/' to apply to directories.)
-.Sp
-\&\fB\s-1AARE\s0\fR = \fB?*[]{}^\fR
- See section \*(L"Globbing (\s-1AARE\s0)\*(R" below for meanings.
-.Sp
-\&\fB\s-1ACCESS\s0\fR = ( 'r' | 'w' | 'a' | 'l' | 'k' | 'm' | \fI\s-1EXEC TRANSITION\s0\fR )+ (not all combinations are allowed; see below.)
-.Sp
-\&\fB\s-1EXEC TRANSITION\s0\fR = ( 'ix' | 'ux' | 'Ux' | 'px' | 'Px' | 'cx' | 'Cx' | 'pix' | 'Pix' | 'cix' | 'Cix' | 'pux' | 'PUx' | 'cux' | 'CUx' | 'x' )
- A bare 'x' is only allowed in rules with the deny qualifier, everything else only without the deny qualifier.
-.Sp
-\&\fB\s-1EXEC TARGET\s0\fR = name
- Requires \fI\s-1EXEC TRANSITION\s0\fR specified.
-.Sp
-\&\fB\s-1LINK RULE\s0\fR = \fI\s-1QUALIFIERS\s0\fR [ 'owner' ] 'link' [ 'subset' ] \fI\s-1FILEGLOB\s0\fR '\->' \fI\s-1FILEGLOB\s0\fR
-.Sp
-\&\fB\s-1ALPHA\s0\fR = ('a', 'b', 'c', ... 'z', 'A', 'B', ... 'Z')
-.Sp
-\&\fB\s-1ALPHANUMERIC\s0\fR = ('0', '1', '2', ... '9', 'a', 'b', 'c', ... 'z', 'A', 'B', ... 'Z')
-.Sp
-\&\fB\s-1CHANGE_PROFILE RULE\s0\fR = 'change_profile' [ [ \fI\s-1EXEC MODE\s0\fR ] \fI\s-1EXEC COND\s0\fR ] [ '\->' \fI\s-1PROFILE NAME\s0\fR ]
-.Sp
-\&\fB\s-1EXEC_MODE\s0\fR = ( 'safe' | 'unsafe' )
-.Sp
-\&\fB\s-1EXEC COND\s0\fR = \fI\s-1FILEGLOB\s0\fR
-.RE
-.PP
-All resources and programs need a full path. There may be any number of
-subprofiles (aka child profiles) in a profile, limited only by kernel
-memory. Subprofile names are limited to 974 characters. Child profiles can
-be used to confine an application in a special way, or when you want the
-child to be unconfined on the system, but confined when called from the
-parent. Hats are a special child profile that can be used with the
-\&\fBaa_change_hat\fR\|(2) \s-1API\s0 call. Applications written or modified to use
-\&\fBaa_change_hat\fR\|(2) can take advantage of subprofiles to run under different
-confinements, dependent on program logic. Several \fBaa_change_hat\fR\|(2)\-aware
-applications exist, including an Apache module, \fBmod_apparmor\fR\|(5); a \s-1PAM\s0
-module, pam_apparmor; and a Tomcat valve, tomcat_apparmor. Applications
-written or modified to use \fBchange_profile\fR\|(2) transition permanently to the
-specified profile. libvirt is one such application.
-.SS "Profile Head"
-.IX Subsection "Profile Head"
-The profile head consists of a required name that is unique and optional
-attachment conditionals and control flags.
-.PP
-\fIName\fR
-.IX Subsection "Name"
-.PP
-The name of the profile is its identifier. It is what is displayed
-during introspection (eg. ps \-Z), and defines how the profile is
-referenced by policy rules for any policy interaction via ipc or
-domain changes. It is recommended that the name be kept short and have
-meaning for the application it is being applied eg. \fIfirefox\fR for the
-firefox web browser or its functional role eg. log_admin.
-.PP
-If the name is an applications full absolute path name
-eg. \fI/usr/bin/firefox\fR and an exec attachment conditional is not
-specified the name is also used as the profile's exec attachment
-conditional. This use however has been deprecated and is discouraged
-as it makes for long names that can make profile rules difficult to
-understand, and may not be fully displayed by some introspection
-tools.
-.PP
-\fIAttachment Conditionals\fR
-.IX Subsection "Attachment Conditionals"
-.PP
-The attachment conditionals are used during profile changes to
-determine whether a profile is a match for the proposed profile
-transition. The attachment conditionals are optional, how and when
-they are applied is determined by the specific condition(s) used.
-.PP
-When attachment conditionals are used, the attachment conditionals for
-all profiles in the namespace will be evaluated. The profile with the
-set of attachments that result in the best match will become the new
-profile after a transition operation. Attachments that don't match
-will result in the profile not being available for transition.
-.PP
-If no conditionals are specified the profile will only be used if a
-transition explicitly specifies the profile name.
-.PP
-Exec Attachment Conditional
-.IX Subsection "Exec Attachment Conditional"
-.PP
-The exec attachment conditional governs how closely the profile
-matches an executable program. This conditional is only used during an
-exec operation when the matching exec rule specifies either a \fBpx\fR or
-\&\fBcx\fR (or their derivatives) transition type. The exec attachment
-conditional will also be used by tasks that are \fIunconfined\fR as they
-use a \fBpix\fR transition rule.
-.PP
-If there are no attachment matches then it is up to the exec rule to
-determine what happens (fail or a fallback option).
-.PP
-Note: see profile \fIName\fR for information around using the profile name
-as an attachment conditional.
-.PP
-Exec attachment conditionals can contain variable names and pattern
-matching. They use a longest left match heuristic to deterime the
-winner in the case of multiple matches at run time. The exact
-implementation of this resolution is kernel specific and has improved
-over time, while retaining backwards compatibility. If the heuristic
-can not determine a winner between multiple matches the exec will be
-denied.
-.PP
-Extended Attributes Attachment Conditional
-.IX Subsection "Extended Attributes Attachment Conditional"
-.PP
-AppArmor profiles have the ability to target files based on their \fBxattr\fR\|(7)
-values in addition to their path. For example, the following profile matches
-files in /usr/bin with the attribute \*(L"security.apparmor\*(R" and value \*(L"trusted\*(R":
-.PP
-.Vb 3
-\& /usr/bin/* xattrs(security.apparmor="trusted") {
-\& # ...
-\& }
-.Ve
-.PP
-See \fBapparmor_xattrs\fR\|(7) for further details.
-.PP
-\fIFlags\fR
-.IX Subsection "Flags"
-.PP
-The profile flags allow modifying the behavior of the profile. If a
-profile flag is specified it takes priority over any conflicting flags
-that have been specified by rules in the profile body.
-.PP
-Profile Mode
-.IX Subsection "Profile Mode"
-.PP
-The profile mode allow controlling the enforcement behavior of the
-profile rules.
-.PP
-If no mode is specified the profile defaults to \fIenforce\fR mode.
-.IP "\fBenforce\fR For a given action, if the profile rules do not grant permission the action will be denied, with an \fI\s-1EACCES\s0\fR or \fI\s-1EPERM\s0\fR error code returned to userspace, and the violation will be logged with a tag of the access being \fB\s-1DENIED\s0\fR." 8
-.IX Item "enforce For a given action, if the profile rules do not grant permission the action will be denied, with an EACCES or EPERM error code returned to userspace, and the violation will be logged with a tag of the access being DENIED."
-.PD 0
-.IP "\fBkill\fR This is a variant of enforce mode where in addition to returning \fI\s-1EACCES\s0\fR or \fI\s-1EPERM\s0\fR for a violation, the task is also sent a signal to kill it." 8
-.IX Item "kill This is a variant of enforce mode where in addition to returning EACCES or EPERM for a violation, the task is also sent a signal to kill it."
-.IP "\fBcomplain\fR For a given action, if the profile rules do not grant permission the action will be allowed, but the violation will be logged with a tag of the access being \fB\s-1ALLOWED\s0\fR." 8
-.IX Item "complain For a given action, if the profile rules do not grant permission the action will be allowed, but the violation will be logged with a tag of the access being ALLOWED."
-.IP "\fBunconfined\fR This mode allows a task confined by the profile to behave as though they are \fIunconfined\fR. This mode allow for an unconfined behavior that can be later changed to confinement by using profile replacement. This mode is should not be used under regular deployment but can be useful during debugging and some system initialization scenarios." 8
-.IX Item "unconfined This mode allows a task confined by the profile to behave as though they are unconfined. This mode allow for an unconfined behavior that can be later changed to confinement by using profile replacement. This mode is should not be used under regular deployment but can be useful during debugging and some system initialization scenarios."
-.PD
-.PP
-Audit Mode
-.IX Subsection "Audit Mode"
-.PP
-The audit mode allows control of how AppArmor messages are are logged
-to the audit system.
-.IP "\fBaudit\fR This flag causes all actions whether allowed or denied to be logged." 8
-.IX Item "audit This flag causes all actions whether allowed or denied to be logged."
-.PP
-Misc modes
-.IX Subsection "Misc modes"
-.IP "\fBmediate_deleted\fR This forces AppArmor to mediate deleted files as if they still exist in the file system." 8
-.IX Item "mediate_deleted This forces AppArmor to mediate deleted files as if they still exist in the file system."
-.PD 0
-.IP "\fBattach_disconnected\fR This forces AppArmor to attach disconnected objects to the task's namespace and mediate them as though they are part of the namespace. \s-1WARNING\s0 this mode is unsafe and can result in aliasing and access to objects that should not be allowed. Its intent is a debug and policy development tool." 8
-.IX Item "attach_disconnected This forces AppArmor to attach disconnected objects to the task's namespace and mediate them as though they are part of the namespace. WARNING this mode is unsafe and can result in aliasing and access to objects that should not be allowed. Its intent is a debug and policy development tool."
-.IP "\fBchroot_relative\fR This forces file names to be relative to a chroot and behave as if the chroot is a mount namespace." 8
-.IX Item "chroot_relative This forces file names to be relative to a chroot and behave as if the chroot is a mount namespace."
-.PD
-.SS "Access Modes"
-.IX Subsection "Access Modes"
-File permission access modes consists of combinations of the following
-modes:
-.IP "\fBr\fR" 8
-.IX Item "r"
-\&\- read
-.IP "\fBw\fR" 8
-.IX Item "w"
-\&\- write \*(-- conflicts with append
-.IP "\fBa\fR" 8
-.IX Item "a"
-\&\- append \*(-- conflicts with write
-.IP "\fBux\fR" 8
-.IX Item "ux"
-\&\- unconfined execute
-.IP "\fBUx\fR" 8
-.IX Item "Ux"
-\&\- unconfined execute \*(-- scrub the environment
-.IP "\fBpx\fR" 8
-.IX Item "px"
-\&\- discrete profile execute
-.IP "\fBPx\fR" 8
-.IX Item "Px"
-\&\- discrete profile execute \*(-- scrub the environment
-.IP "\fBcx\fR" 8
-.IX Item "cx"
-\&\- transition to subprofile on execute
-.IP "\fBCx\fR" 8
-.IX Item "Cx"
-\&\- transition to subprofile on execute \*(-- scrub the environment
-.IP "\fBix\fR" 8
-.IX Item "ix"
-\&\- inherit execute
-.IP "\fBpix\fR" 8
-.IX Item "pix"
-\&\- discrete profile execute with inherit fallback
-.IP "\fBPix\fR" 8
-.IX Item "Pix"
-\&\- discrete profile execute with inherit fallback \*(-- scrub the environment
-.IP "\fBcix\fR" 8
-.IX Item "cix"
-\&\- transition to subprofile on execute with inherit fallback
-.IP "\fBCix\fR" 8
-.IX Item "Cix"
-\&\- transition to subprofile on execute with inherit fallback \*(-- scrub the environment
-.IP "\fBpux\fR" 8
-.IX Item "pux"
-\&\- discrete profile execute with fallback to unconfined
-.IP "\fBPUx\fR" 8
-.IX Item "PUx"
-\&\- discrete profile execute with fallback to unconfined \*(-- scrub the environment
-.IP "\fBcux\fR" 8
-.IX Item "cux"
-\&\- transition to subprofile on execute with fallback to unconfined
-.IP "\fBCUx\fR" 8
-.IX Item "CUx"
-\&\- transition to subprofile on execute with fallback to unconfined \*(-- scrub the environment
-.IP "\fBdeny x\fR" 8
-.IX Item "deny x"
-\&\- disallow execute (in rules with the deny qualifier)
-.IP "\fBm\fR" 8
-.IX Item "m"
-\&\- allow \s-1PROT_EXEC\s0 with \fBmmap\fR\|(2) calls
-.IP "\fBl\fR" 8
-.IX Item "l"
-\&\- link
-.IP "\fBk\fR" 8
-.IX Item "k"
-\&\- lock
-.SS "Access Modes Details"
-.IX Subsection "Access Modes Details"
-.IP "\fBr \- Read mode\fR" 4
-.IX Item "r - Read mode"
-Allows the program to have read access to the file or directory listing. Read access is
-required for shell scripts and other interpreted content.
-.IP "\fBw \- Write mode\fR" 4
-.IX Item "w - Write mode"
-Allows the program to have write access to the file. Files and directories
-must have this permission if they are to be unlinked (removed.) Write mode
-is not required on a directory to rename or create files within the directory.
-.Sp
-This mode conflicts with append mode.
-.IP "\fBa \- Append mode\fR" 4
-.IX Item "a - Append mode"
-Allows the program to have a limited appending only write access to the file.
-Append mode will prevent an application from opening the file for write unless
-it passes the O_APPEND parameter flag on open.
-.Sp
-The mode conflicts with Write mode.
-.IP "\fBux \- Unconfined execute mode\fR" 4
-.IX Item "ux - Unconfined execute mode"
-Allows the program to execute the program without any AppArmor profile
-being applied to the program.
-.Sp
-This mode is useful when a confined program needs to be able to perform
-a privileged operation, such as rebooting the machine. By placing the
-privileged section in another executable and granting unconfined
-execution rights, it is possible to bypass the mandatory constraints
-imposed on all confined processes. For more information on what is
-constrained, see the \fBapparmor\fR\|(7) man page.
-.Sp
-\&\fB\s-1WARNING\s0\fR 'ux' should only be used in very special cases. It enables the
-designated child processes to be run without any AppArmor protection.
-\&'ux' does not scrub the environment of variables such as \s-1LD_PRELOAD\s0;
-as a result, the calling domain may have an undue amount of influence
-over the callee. Use this mode only if the child absolutely must be
-run unconfined and \s-1LD_PRELOAD\s0 must be used. Any profile using this mode
-provides negligible security. Use at your own risk.
-.Sp
-Incompatible with other exec transition modes and the deny qualifier.
-.IP "\fBUx \- unconfined execute \*(-- scrub the environment\fR" 4
-.IX Item "Ux - unconfined execute scrub the environment"
-\&'Ux' allows the named program to run in 'ux' mode, but AppArmor
-will invoke the Linux Kernel's \fBunsafe_exec\fR routines to scrub
-the environment, similar to setuid programs. (See \fBld.so\fR\|(8) for some
-information on setuid/setgid environment scrubbing.)
-.Sp
-\&\fB\s-1WARNING\s0\fR 'Ux' should only be used in very special cases. It enables the
-designated child processes to be run without any AppArmor protection.
-Use this mode only if the child absolutely must be run unconfined. Use
-at your own risk.
-.Sp
-Incompatible with other exec transition modes and the deny qualifier.
-.IP "\fBpx \- Discrete Profile execute mode\fR" 4
-.IX Item "px - Discrete Profile execute mode"
-This mode requires that a discrete security profile is defined for a
-program executed and forces an AppArmor domain transition. If there is
-no profile defined then the access will be denied.
-.Sp
-\&\fB\s-1WARNING\s0\fR 'px' does not scrub the environment of variables such as
-\&\s-1LD_PRELOAD\s0; as a result, the calling domain may have an undue amount of
-influence over the callee.
-.Sp
-Incompatible with other exec transition modes and the deny qualifier.
-.IP "\fBPx \- Discrete Profile execute mode \*(-- scrub the environment\fR" 4
-.IX Item "Px - Discrete Profile execute mode scrub the environment"
-\&'Px' allows the named program to run in 'px' mode, but AppArmor
-will invoke the Linux Kernel's \fBunsafe_exec\fR routines to scrub
-the environment, similar to setuid programs. (See \fBld.so\fR\|(8) for some
-information on setuid/setgid environment scrubbing.)
-.Sp
-Incompatible with other exec transition modes and the deny qualifier.
-.IP "\fBcx \- Transition to Subprofile execute mode\fR" 4
-.IX Item "cx - Transition to Subprofile execute mode"
-This mode requires that a local security profile is defined and forces an
-AppArmor domain transition to the named profile. If there is no profile
-defined then the access will be denied.
-.Sp
-\&\fB\s-1WARNING\s0\fR 'cx' does not scrub the environment of variables such as
-\&\s-1LD_PRELOAD\s0; as a result, the calling domain may have an undue amount of
-influence over the callee.
-.Sp
-Incompatible with other exec transition modes and the deny qualifier.
-.IP "\fBCx \- Transition to Subprofile execute mode \*(-- scrub the environment\fR" 4
-.IX Item "Cx - Transition to Subprofile execute mode scrub the environment"
-\&'Cx' allows the named program to run in 'cx' mode, but AppArmor
-will invoke the Linux Kernel's \fBunsafe_exec\fR routines to scrub
-the environment, similar to setuid programs. (See \fBld.so\fR\|(8) for some
-information on setuid/setgid environment scrubbing.)
-.Sp
-Incompatible with other exec transition modes and the deny qualifier.
-.IP "\fBix \- Inherit execute mode\fR" 4
-.IX Item "ix - Inherit execute mode"
-Prevent the normal AppArmor domain transition on \fBexecve\fR\|(2) when the
-profiled program executes the named program. Instead, the executed resource
-will inherit the current profile.
-.Sp
-This mode is useful when a confined program needs to call another
-confined program without gaining the permissions of the target's
-profile, or losing the permissions of the current profile. There is no
-version to scrub the environment because 'ix' executions don't change
-privileges.
-.Sp
-Incompatible with other exec transition modes and the deny qualifier.
-.IP "\fBProfile transition with inheritance fallback execute mode\fR" 4
-.IX Item "Profile transition with inheritance fallback execute mode"
-These modes attempt to perform a domain transition as specified by
-the matching permission (shown below) and if that transition fails
-to find the matching profile the domain transition proceeds using
-the 'ix' transition mode.
-.Sp
-.Vb 4
-\& \*(AqPix\*(Aq == \*(AqPx\*(Aq with fallback to \*(Aqix\*(Aq
-\& \*(Aqpix\*(Aq == \*(Aqpx\*(Aq with fallback to \*(Aqix\*(Aq
-\& \*(AqCix\*(Aq == \*(AqCx\*(Aq with fallback to \*(Aqix\*(Aq
-\& \*(Aqcix\*(Aq == \*(Aqcx\*(Aq with fallback to \*(Aqix\*(Aq
-.Ve
-.Sp
-Incompatible with other exec transition modes and the deny qualifier.
-.IP "\fBProfile transition with unconfined fallback execute mode\fR" 4
-.IX Item "Profile transition with unconfined fallback execute mode"
-These modes attempt to perform a domain transition as specified by
-the matching permission (shown below) and if that transition fails
-to find the matching profile the domain transition proceeds using
-the 'ux' transition mode if 'pux', 'cux' or the 'Ux' transition mode
-if 'PUx', 'CUx' is used.
-.Sp
-.Vb 4
-\& \*(AqPUx\*(Aq == \*(AqPx\*(Aq with fallback to \*(AqUx\*(Aq
-\& \*(Aqpux\*(Aq == \*(Aqpx\*(Aq with fallback to \*(Aqux\*(Aq
-\& \*(AqCUx\*(Aq == \*(AqCx\*(Aq with fallback to \*(AqUx\*(Aq
-\& \*(Aqcux\*(Aq == \*(Aqcx\*(Aq with fallback to \*(Aqux\*(Aq
-.Ve
-.Sp
-Incompatible with other exec transition modes and the deny qualifier.
-.IP "\fBdeny x \- Deny execute\fR" 4
-.IX Item "deny x - Deny execute"
-For rules including the deny modifier, only 'x' is allowed to deny execute.
-.Sp
-The 'ix', 'Px', 'px', 'Cx', 'cx' and the fallback modes conflict with the deny
-modifier.
-.IP "\fBDirected profile transitions\fR" 4
-.IX Item "Directed profile transitions"
-The directed ('px', 'Px', 'pix', 'Pix', 'pux', 'PUx') profile and
-subprofile ('cx', 'Cx', 'cix', 'Cix', 'cux', 'CUx') transitions normally
-determine the profile to transition to from the executable name. It
-is however possible to specify the name of the profile that the transition
-should use.
-.Sp
-The name of the profile to transition to is specified using the '\->'
-followed by the name of the profile to transition to. Eg.
-.Sp
-.Vb 1
-\& /bin/** px \-> profile,
-.Ve
-.Sp
-Incompatible with other exec transition modes.
-.IP "\fBm \- Allow executable mapping\fR" 4
-.IX Item "m - Allow executable mapping"
-This mode allows a file to be mapped into memory using \fBmmap\fR\|(2)'s
-\&\s-1PROT_EXEC\s0 flag. This flag marks the pages executable; it is used on some
-architectures to provide non-executable data pages, which can complicate
-exploit attempts. AppArmor uses this mode to limit which files a
-well-behaved program (or all programs on architectures that enforce
-non-executable memory access controls) may use as libraries, to limit
-the effect of invalid \fB\-L\fR flags given to \fBld\fR\|(1) and \fB\s-1LD_PRELOAD\s0\fR,
-\&\fB\s-1LD_LIBRARY_PATH\s0\fR, given to \fBld.so\fR\|(8).
-.IP "\fBl \- Link mode\fR" 4
-.IX Item "l - Link mode"
-Allows the program to be able to create a link with this name. When a
-link is created, the new link \fB\s-1MUST\s0\fR have a subset of permissions as
-the original file (with the exception that the destination does not have
-to have link access.) If there is an 'x' rule on the new link, it must
-match the original file exactly.
-.IP "\fBk \- lock mode\fR" 4
-.IX Item "k - lock mode"
-Allows the program to be able lock a file with this name. This permission
-covers both advisory and mandatory locking.
-.IP "\fBleading \s-1OR\s0 trailing access permissions\fR" 4
-.IX Item "leading OR trailing access permissions"
-File rules can be specified with the access permission either leading
-or trailing the file glob. Eg.
-.Sp
-.Vb 1
-\& rw /**, # leading permissions
-\&
-\& /** rw, # trailing permissions
-.Ve
-.Sp
-When leading permissions are used further rule options and context
-may be allowed, Eg.
-.Sp
-.Vb 1
-\& l /foo \-> /bar, # lead \*(Aql\*(Aq link permission is equivalent to link rules
-.Ve
-.SS "Link rules"
-.IX Subsection "Link rules"
-Link rules allow specifying permission to form a hard link as a link
-target pair. If the subset condition is specified then the permissions
-to access the link file must be a subset of the profiles permissions
-to access the target file. If there is an 'x' rule on the new link, it
-must match the original file exactly.
-.PP
-Eg.
-.PP
-.Vb 4
-\& /file1 r,
-\& /file2 rwk,
-\& /link* rw,
-\& link subset /link* \-> /**,
-.Ve
-.PP
-The link rule allows linking of /link to both /file1 or /file2 by
-name however because the /link file has 'rw' permissions it is not
-allowed to link to /file1 because that would grant an access path
-to /file1 with more permissions than the 'r' permissions the profile
-specifies.
-.PP
-A link of /link to /file2 would be allowed because the 'rw' permissions
-of /link are a subset of the 'rwk' permissions for /file1.
-.PP
-The link rule is equivalent to specifying the 'l' link permission as
-a leading permission with no other file access permissions. When this
-is done the link rule options can be specified.
-.PP
-The following link rule is equivalent to the 'l' permission file rule
-.PP
-.Vb 2
-\& link /foo \-> bar,
-\& l /foo \-> /bar,
-.Ve
-.PP
-File rules that specify the 'l' permission and don't specify the extend
-link permissions map to link rules as follows.
-.PP
-.Vb 3
-\& /foo l,
-\& l /foo,
-\& link subset /foo \-> /**,
-.Ve
-.SS "Comments"
-.IX Subsection "Comments"
-Comments start with # and may begin at any place within a line. The
-comment ends when the line ends. This is the same comment style as
-shell scripts.
-.SS "Capabilities"
-.IX Subsection "Capabilities"
-The only capabilities a confined process may use may be enumerated; for
-the complete list, please refer to \fBcapabilities\fR\|(7). Note that granting
-some capabilities renders AppArmor confinement for that domain advisory;
-while \fBopen\fR\|(2), \fBread\fR\|(2), \fBwrite\fR\|(2), etc., will still return error when
-access is not granted, some capabilities allow loading kernel modules,
-arbitrary access to \s-1IPC,\s0 ability to bypass discretionary access controls,
-and other operations that are typically reserved for the root user.
-.SS "Network Rules"
-.IX Subsection "Network Rules"
-AppArmor supports simple coarse grained network mediation. The network
-rule restrict all \fBsocket\fR\|(2) based operations. The mediation done is
-a coarse-grained check on whether a socket of a given type and family
-can be created, read, or written. There is no mediation based of port
-number or protocol beyond tcp, udp, and raw. Network \fBnetlink\fR\|(7) rules may
-only specify type 'dgram' and 'raw'.
-.PP
-AppArmor network rules are accumulated so that the granted network
-permissions are the union of all the listed network rule permissions.
-.PP
-AppArmor network rules are broad and general and become more restrictive
-as further information is specified.
-.PP
-eg.
-.PP
-.Vb 5
-\& network, #allow access to all networking
-\& network tcp, #allow access to tcp
-\& network inet tcp, #allow access to tcp only for inet4 addresses
-\& network inet6 tcp, #allow access to tcp only for inet6 addresses
-\& network netlink raw, #allow access to AF_NETLINK SOCK_RAW
-.Ve
-.SS "Mount Rules"
-.IX Subsection "Mount Rules"
-AppArmor supports mount mediation and allows specifying filesystem types and
-mount flags. The syntax of mount rules in AppArmor is based on the \fBmount\fR\|(8)
-command syntax. Mount rules must contain one of the mount, remount or umount
-keywords, but all mount conditions are optional. Unspecified optional
-conditionals are assumed to match all entries (eg, not specifying fstype means
-all fstypes are matched). Due to the complexity of the mount command and how
-options may be specified, AppArmor allows specifying conditionals three
-different ways:
-.IP "1." 4
-If a conditional is specified using '=', then the rule only grants permission
-for mounts matching the exactly specified options. For example, an AppArmor
-policy with the following rule:
-.Sp
-.Vb 1
-\& mount options=ro /dev/foo \-E<gt> /mnt/,
-.Ve
-.Sp
-Would match:
-.Sp
-.Vb 1
-\& $ mount \-o ro /dev/foo /mnt
-.Ve
-.Sp
-but not either of these:
-.Sp
-.Vb 1
-\& $ mount \-o ro,atime /dev/foo /mnt
-\&
-\& $ mount \-o rw /dev/foo /mnt
-.Ve
-.IP "2." 4
-If a conditional is specified using 'in', then the rule grants permission for
-mounts matching any combination of the specified options. For example, if an
-AppArmor policy has the following rule:
-.Sp
-.Vb 1
-\& mount options in (ro,atime) /dev/foo \-> /mnt/,
-.Ve
-.Sp
-all of these mount commands will match:
-.Sp
-.Vb 1
-\& $ mount \-o ro /dev/foo /mnt
-\&
-\& $ mount \-o ro,atime /dev/foo /mnt
-\&
-\& $ mount \-o atime /dev/foo /mnt
-.Ve
-.Sp
-but none of these will:
-.Sp
-.Vb 1
-\& $ mount \-o ro,sync /dev/foo /mnt
-\&
-\& $ mount \-o ro,atime,sync /dev/foo /mnt
-\&
-\& $ mount \-o rw /dev/foo /mnt
-\&
-\& $ mount \-o rw,noatime /dev/foo /mnt
-\&
-\& $ mount /dev/foo /mnt
-.Ve
-.IP "3." 4
-If multiple conditionals are specified in a single mount rule, then the rule
-grants permission for each set of options. This provides a shorthand when
-writing mount rules which might help to logically break up a conditional. For
-example, if an AppArmor policy has the following rule:
-.Sp
-.Vb 1
-\& mount options=ro options=atime
-.Ve
-.Sp
-both of these mount commands will match:
-.Sp
-.Vb 1
-\& $ mount \-o ro /dev/foo /mnt
-\&
-\& $ mount \-o atime /dev/foo /mnt
-.Ve
-.Sp
-but this one will not:
-.Sp
-.Vb 1
-\& $ mount \-o ro,atime /dev/foo /mnt
-.Ve
-.PP
-Note that separate mount rules are distinct and the options do not accumulate.
-For example, these AppArmor mount rules:
-.PP
-.Vb 1
-\& mount options=ro,
-\&
-\& mount options=atime,
-.Ve
-.PP
-are not equivalent to either of these mount rules:
-.PP
-.Vb 1
-\& mount options=(ro,atime),
-\&
-\& mount options in (ro,atime),
-.Ve
-.PP
-To help clarify the flexibility and complexity of mount rules, here are some
-example rules with accompanying matching commands:
-.IP "\fBmount,\fR" 4
-.IX Item "mount,"
-the 'mount' rule without any conditionals is the most generic and allows any
-mount. Equivalent to 'mount fstype=** options=** ** \-> /**'.
-.IP "\fBmount /dev/foo,\fR" 4
-.IX Item "mount /dev/foo,"
-allow mounting of /dev/foo anywhere with any options. Some matching mount
-commands:
-.Sp
-.Vb 1
-\& $ mount /dev/foo /mnt
-\&
-\& $ mount \-t ext3 /dev/foo /mnt
-\&
-\& $ mount \-t vfat /dev/foo /mnt
-\&
-\& $ mount \-o ro,atime,noexec,nodiratime /dev/foo /srv/some/mountpoint
-.Ve
-.IP "\fBmount options=ro /dev/foo,\fR" 4
-.IX Item "mount options=ro /dev/foo,"
-allow mounting of /dev/foo anywhere, as read only. Some matching mount
-commands:
-.Sp
-.Vb 1
-\& $ mount \-o ro /dev/foo /mnt
-\&
-\& $ mount \-o ro /dev/foo /some/where/else
-.Ve
-.IP "\fBmount options=(ro,atime) /dev/foo,\fR" 4
-.IX Item "mount options=(ro,atime) /dev/foo,"
-allow mount of /dev/foo anywhere, as read only and using inode access times.
-Some matching mount commands:
-.Sp
-.Vb 1
-\& $ mount \-o ro,atime /dev/foo /mnt
-\&
-\& $ mount \-o ro,atime /dev/foo /some/where/else
-.Ve
-.IP "\fBmount options in (ro,atime) /dev/foo,\fR" 4
-.IX Item "mount options in (ro,atime) /dev/foo,"
-allow mount of /dev/foo anywhere using some combination of 'ro' and 'atime'
-(see above). Some matching mount commands:
-.Sp
-.Vb 1
-\& $ mount \-o ro /dev/foo /mnt
-\&
-\& $ mount \-o atime /dev/foo /some/where/else
-\&
-\& $ mount \-o ro,atime /dev/foo /some/other/place
-.Ve
-.IP "\fBmount options=ro /dev/foo, mount options=atime /dev/foo,\fR" 4
-.IX Item "mount options=ro /dev/foo, mount options=atime /dev/foo,"
-allow mount of /dev/foo anywhere as read only, and allow mount of /dev/foo
-anywhere using inode access times. Note this is expressed as two different
-rules. Matches:
-.Sp
-.Vb 1
-\& $ mount \-o ro /dev/foo /mnt/1
-\&
-\& $ mount \-o atime /dev/foo /mnt/2
-.Ve
-.IP "\fBmount \-> /mnt/**,\fR" 4
-.IX Item "mount -> /mnt/**,"
-allow mounting anything under a directory in /mnt/**. Some matching mount
-commands:
-.Sp
-.Vb 1
-\& $ mount /dev/foo1 /mnt/1
-\&
-\& $ mount \-o ro,atime,noexec,nodiratime /dev/foo2 /mnt/deep/path/foo2
-.Ve
-.IP "\fBmount options=ro \-> /mnt/**,\fR" 4
-.IX Item "mount options=ro -> /mnt/**,"
-allow mounting anything under /mnt/**, as read only. Some matching mount
-commands:
-.Sp
-.Vb 1
-\& $ mount \-o ro /dev/foo1 /mnt/1
-\&
-\& $ mount \-o ro /dev/foo2 /mnt/deep/path/foo2
-.Ve
-.IP "\fBmount fstype=ext3 options=(rw,atime) /dev/sdb1 \-> /mnt/stick/,\fR" 4
-.IX Item "mount fstype=ext3 options=(rw,atime) /dev/sdb1 -> /mnt/stick/,"
-allow mounting an ext3 filesystem in /dev/sdb1 on /mnt/stick as read/write and
-using inode access times. Matches only:
-.Sp
-.Vb 1
-\& $ mount \-o rw,atime /dev/sdb1 /mnt/stick
-.Ve
-.IP "\fBmount options=(ro, atime) options in (nodev, user) /dev/foo \-> /mnt/,\fR" 4
-.IX Item "mount options=(ro, atime) options in (nodev, user) /dev/foo -> /mnt/,"
-allow mounting /dev/foo on /mmt/ read only and using inode access times or
-allow mounting /dev/foo on /mnt/ with some combination of 'nodev' and 'user'.
-Matches only:
-.Sp
-.Vb 1
-\& $ mount \-o ro,atime /dev/foo /mnt
-\&
-\& $ mount \-o nodev /dev/foo /mnt
-\&
-\& $ mount \-o user /dev/foo /mnt
-\&
-\& $ mount \-o nodev,user /dev/foo /mnt
-.Ve
-.SS "Pivot Root Rules"
-.IX Subsection "Pivot Root Rules"
-AppArmor mediates changing of the root filesystem through the \fBpivot_root\fR\|(2)
-system call. The syntax of 'pivot_root' rules in AppArmor is based on the
-\&\fBpivot_root\fR\|(2) system call parameters with the notable exception that the
-ordering is reversed. The path corresponding to the put_old parameter of
-\&\fBpivot_root\fR\|(2) is optionally specified in the 'pivot_root' rule using the
-\&'oldroot=' prefix.
-.PP
-AppArmor 'pivot_root' rules can specify a profile transition to occur during
-the \fBpivot_root\fR\|(2) system call. Note that AppArmor will only transition the
-process calling \fBpivot_root\fR\|(2) to the new profile.
-.PP
-The paths specified in 'pivot_root' rules must end with '/' since they are
-directories.
-.PP
-Here are some example 'pivot_root' rules:
-.PP
-.Vb 2
-\& # Allow any pivot
-\& pivot_root,
-\&
-\& # Allow pivoting to any new root directory and putting the old root
-\& # directory at /mnt/root/old/
-\& pivot_root oldroot=/mnt/root/old/,
-\&
-\& # Allow pivoting the root directory to /mnt/root/
-\& pivot_root /mnt/root/,
-\&
-\& # Allow pivoting to /mnt/root/ and putting the old root directory at
-\& # /mnt/root/old/
-\& pivot_root oldroot=/mnt/root/old/ /mnt/root/,
-\&
-\& # Allow pivoting to /mnt/root/, putting the old root directory at
-\& # /mnt/root/old/ and transition to the /mnt/root/sbin/init profile
-\& pivot_root oldroot=/mnt/root/old/ /mnt/root/ \-> /mnt/root/sbin/init,
-.Ve
-.SS "PTrace rules"
-.IX Subsection "PTrace rules"
-AppArmor supports mediation of \fBptrace\fR\|(2). AppArmor PTrace rules are accumulated
-so that the granted PTrace permissions are the union of all the listed PTrace
-rule permissions.
-.PP
-AppArmor PTrace permissions are implied when a rule does not explicitly state
-an access list. By default, all PTrace permissions are implied.
-.PP
-The trace and tracedby permissions govern \fBptrace\fR\|(2) while read and readby
-govern certain \fBproc\fR\|(5) filesystem accesses, \fBkcmp\fR\|(2), futexes
-(\fBget_robust_list\fR\|(2)) and perf trace events.
-.PP
-For a ptrace operation to be allowed the profile of the tracing process and the
-profile of the target task must both have the correct permissions. For example,
-the profile of the process attaching to another task must have the trace
-permission for the target task's profile, and the task being traced must have
-the tracedby permission for the tracing process' profile.
-.PP
-Example AppArmor PTrace rules:
-.PP
-.Vb 2
-\& # Allow all PTrace access
-\& ptrace,
-\&
-\& # Explicitly allow all PTrace access,
-\& ptrace (read, readby, trace, tracedby),
-\&
-\& # Explicitly deny use of ptrace(2)
-\& deny ptrace (trace),
-\&
-\& # Allow unconfined processes (eg, a debugger) to ptrace us
-\& ptrace (readby, tracedby) peer=unconfined,
-\&
-\& # Allow ptrace of a process running under the /usr/bin/foo profile
-\& ptrace (trace) peer=/usr/bin/foo,
-.Ve
-.SS "Signal rules"
-.IX Subsection "Signal rules"
-AppArmor supports mediation of \fBsignal\fR\|(7). AppArmor signal rules are accumulated
-so that the granted signal permissions are the union of all the listed signal
-rule permissions.
-.PP
-AppArmor signal permissions are implied when a rule does not explicitly state
-an access list. By default, all signal permissions are implied.
-.PP
-For the sending of a signal to be allowed, the profile of the sending process
-and the profile of the target task must both have the correct permissions. For
-example, the profile of a process sending a signal to another task must have
-the send permission for the target task's profile, and the task receiving the
-signal must have a receive permission for the sending process' profile.
-.PP
-Example AppArmor signal rules:
-.PP
-.Vb 2
-\& # Allow all signal access
-\& signal,
-\&
-\& # Explicitly deny sending the HUP and INT signals
-\& deny signal (send) set=(hup, int),
-\&
-\& # Allow unconfined processes to send us signals
-\& signal (receive) peer=unconfined,
-\&
-\& # Allow sending of signals to a process running under the /usr/bin/foo
-\& # profile
-\& signal (send) peer=/usr/bin/foo,
-\&
-\& # Allow checking for PID existence
-\& signal (receive, send) set=("exists"),
-\&
-\& # Allow us to signal ourselves using the built\-in @{profile_name} variable
-\& signal peer=@{profile_name},
-\&
-\& # Allow two real\-time signals
-\& signal set=(rtmin+0 rtmin+32),
-.Ve
-.SS "DBus rules"
-.IX Subsection "DBus rules"
-AppArmor supports DBus mediation. The mediation is performed in conjunction
-with the DBus daemon. The DBus daemon verifies that communications over the
-bus are permitted by AppArmor policy.
-.PP
-AppArmor DBus rules are accumulated so that the granted DBus permissions are
-the union of all the listed DBus rule permissions.
-.PP
-AppArmor DBus rules are broad and general and become more restrictive as
-further information is specified. Policy may be specified down to the interface
-member level (method or signal name), however the contents of messages are not
-examined.
-.PP
-Some AppArmor DBus permissions are not compatible with all AppArmor DBus rules.
-The 'bind' permission cannot be used in message rules. The 'send' and 'receive'
-permissions cannot be used in service rules. The 'eavesdrop' permission cannot
-be used in rules containing any conditionals outside of the 'bus' conditional.
-.PP
-\&'r' and 'read' are synonyms for 'receive'. 'w' and 'write' are synonyms for
-\&'send'. 'rw' is a synonym for both 'send' and 'receive'.
-.PP
-AppArmor DBus permissions are implied when a rule does not explicitly state an
-access list. By default, all DBus permissions are implied. Only message
-permissions are implied for message rules and only service permissions are
-implied for service rules.
-.PP
-Example AppArmor DBus rules:
-.PP
-.Vb 2
-\& # Allow all DBus access
-\& dbus,
-\&
-\& # Explicitly allow all DBus access,
-\& dbus (send, receive, bind),
-\&
-\& # Deny send/receive/bind access to the session bus
-\& deny dbus bus=session,
-\&
-\& # Allow bind access for a particular name on any bus
-\& dbus bind name=com.example.ExampleName,
-\&
-\& # Allow receive access for a particular path and interface
-\& dbus receive path=/com/example/path interface=com.example.Interface,
-\&
-\& # Deny send/receive access to the system bus for a particular interface
-\& deny dbus bus=system interface=com.example.ExampleInterface,
-\&
-\& # Allow send access for a particular path, interface, member, and pair of
-\& # peer names:
-\& dbus send
-\& bus=session
-\& path=/com/example/path
-\& interface=com.example.Interface
-\& member=ExampleMethod
-\& peer=(name=(com.example.ExampleName1|com.example.ExampleName2)),
-\&
-\& # Allow receive access for all unconfined peers
-\& dbus receive peer=(label=unconfined),
-\&
-\& # Allow eavesdropping on the system bus
-\& dbus eavesdrop bus=system,
-\&
-\& # Allow and audit all eavesdropping
-\& audit dbus eavesdrop,
-.Ve
-.SS "Unix socket rules"
-.IX Subsection "Unix socket rules"
-AppArmor supports fine grained mediation of unix domain abstract and
-anonymous sockets. Unix domain sockets with file system paths are
-mediated via file access rules.
-.PP
-Abstract unix domain sockets is a nonportable Linux extension of unix
-domain sockets, see \fBunix\fR\|(7) for more information.
-.PP
-\fIUnix socket address paths\fR
-.IX Subsection "Unix socket address paths"
-.PP
-The sun_path component (aka the socket address) of a unix domain socket is
-specified by the
-.PP
-.Vb 1
-\& addr=
-.Ve
-.PP
-conditional. If an address conditional is not specified as part of
-a rule then the rule matches both abstract and anonymous sockets.
-.PP
-In apparmor the address of an abstract unix domain socket begins with
-the \fI@\fR character, similar to how they are reported (as paths) by
-netstat \-x. The address then follows and may contain pattern matching
-and any characters including the null character. In apparmor null
-characters must be specified by using an escape sequence \fI\e000\fR or
-\&\fI\ex00\fR. The pattern matching is the same as is used by file path matching
-so * will not match \fI/\fR even though it has no special meaning with
-in an abstract socket name. Eg.
-.PP
-.Vb 1
-\& unix addr=@*,
-.Ve
-.PP
-Autobound unix domain sockets have a unix sun_path assigned to them
-by the kernel, as such specifying a policy based address is not possible.
-The autobinding of sockets can be controlled by specifying the special
-\&\fIauto\fR keyword. Eg.
-.PP
-.Vb 1
-\& unix addr=auto,
-.Ve
-.PP
-To indicate that the rule only applies to auto binding of unix domain
-sockets. It is important to note this only applies to the \fIbind\fR
-permission as once the socket is bound to an address it is
-indistinguishable from a socket that have an addr bound with a
-specified name. When the \fIauto\fR keyword is used with other permissions
-or as part of a peer addr it will be replaced with a pattern that
-can match an autobound socket. Eg. For some kernels
-.PP
-.Vb 1
-\& unix rw addr=auto,
-.Ve
-.PP
-is transformed to
-.PP
-.Vb 1
-\& unix rw addr=@[a\-f0\-9][a\-f0\-9][a\-f0\-9][a\-f0\-9][a\-f0\-9],
-.Ve
-.PP
-It is important to note, this pattern may match abstract sockets that
-were not autobound but have an addr that fits what is generated by
-the kernel when autobinding a socket.
-.PP
-Anonymous unix domain sockets have no sun_path associated with the socket
-address, however it can be specified with the special \fInone\fR keyword to
-indicate the rule only applies to anonymous unix domain sockets. Eg.
-.PP
-.Vb 1
-\& unix addr=none,
-.Ve
-.PP
-If the address component of a rule is not specified then the rule applies
-to autobind, abstract and anonymous sockets.
-.PP
-\fIUnix socket permissions\fR
-.IX Subsection "Unix socket permissions"
-.PP
-Unix domain socket rules are accumulated so that the granted unix
-socket permissions are the union of all the listed unix rule permissions.
-.PP
-Unix domain socket rules are broad and general and become more restrictive
-as further information is specified. Policy may be specified down to
-the socket address (aka sun_path) and label level. The content of the
-communication is not examined.
-.PP
-Unix socket rule permissions are implied when a rule does not explicitly
-state an access list. By default if a rule does not have an access list
-all permissions that are compatible with the specified set of local
-and peer conditionals are implied.
-.PP
-The create, bind, listen, shutdown, getattr, setattr, getopt, and setopt
-permissions are local socket permissions. They are only applied to the local
-socket and can't be specified in rules that have a peer component. The accept
-permission applies to the combination of a local and peer socket. The connect,
-send, and receive permissions are peer socket permissions.
-.PP
-Only the peer socket permissions will be applied to rules that don't specify
-permissions and contain a peer component.
-.PP
-\fIExample Unix domain socket rules:\fR
-.IX Subsection "Example Unix domain socket rules:"
-.PP
-.Vb 2
-\& # Allow all permissions to unix sockets
-\& unix,
-\&
-\& # Explicitly allow all unix permissions
-\& unix (create, listen, accept, connect, send, receive, getattr, setattr, setopt, getopt),
-\&
-\& # Explicitly deny unix socket access
-\& deny unix,
-\&
-\& # Allow create and use of abstract and anonymous sockets for profile_name
-\& unix peer=(label=@{profile_name}),
-\&
-\& # Allow receiving via unix sockets from unconfined
-\& unix (receive) peer=(label=unconfined),
-\&
-\& # Allow getattr and shutdown on anonymous sockets
-\& unix (getattr, shutdown) addr=none,
-\&
-\& # Allow SOCK_STREAM connect, receive and send on an abstract socket @bar
-\& # with peer running under profile \*(Aq/foo\*(Aq
-\& unix (connect, receive, send) type=stream peer=(label=/foo,addr="@bar"),
-\&
-\& # Allow accepting connections from and receiving from peer running under
-\& # profile \*(Aq/bar\*(Aq on abstract socket \*(Aq@foo\*(Aq
-\& unix (accept, receive) addr=@foo peer=(label=/bar),
-.Ve
-.PP
-\fIAbstract unix domain sockets autobind\fR
-.IX Subsection "Abstract unix domain sockets autobind"
-.PP
-Abstract unix domain sockets can autobind to an address. The autobind
-address is a unique 5 digit string of decimal numbers, eg. \f(CW@00001\fR. There
-is nothing that prevents a task from manually binding to addresses with a
-similar pattern so it is impossible to reliably identify autobind addresses
-from a regular address.
-.PP
-\fIInteraction of network rules and fine grained unix domain socket rules\fR
-.IX Subsection "Interaction of network rules and fine grained unix domain socket rules"
-.PP
-The coarse grained networking rules can be used to control unix domain
-sockets as well. When fine grained unix domain socket mediation is available
-the coarse grained network rule is mapped into the equivalent unix socket
-rule.
-.PP
-E.G.
-.PP
-.Vb 1
-\& network unix, => unix,
-\&
-\& network unix stream, => unix stream,
-.Ve
-.PP
-Fine grained mediation rules however can not be losslessly converted back
-to the coarse grained network rule; e.g.
-.PP
-.Vb 1
-\& unix bind addr=@example,
-.Ve
-.PP
-Has no exact match under coarse grained network rules, the closest match is
-the much wider permission rule of
-.PP
-.Vb 1
-\& network unix,
-.Ve
-.SS "change_profile rules"
-.IX Subsection "change_profile rules"
-AppArmor supports self directed profile transitions via the change_profile
-api. Change_profile rules control which permissions for which profiles
-a confined task can transition to. The profile name can contain apparmor
-pattern matching to specify different profiles.
-.PP
-.Vb 1
-\& change_profile \-> **,
-.Ve
-.PP
-The change_profile api allows the transition to be delayed until when
-a task executes another application. If an exec rule transition is
-specified for the application and the change_profile api is used to
-make a transition at exec time, the transition specified by the
-change_profile api takes precedence.
-.PP
-The Change_profile permission can restrict which profiles can be transitioned
-to based off of the executable name by specifying the exec condition.
-.PP
-.Vb 1
-\& change_profile /bin/bash \-> new_profile,
-.Ve
-.PP
-The restricting of the transition profile to a given executable at exec
-time is only useful when then current task is allowed to make dynamic
-decisions about what confinement should be, but the decision set needs
-to be controlled. A list of profiles or multiple rules can be used to
-specify the profiles in the set. Eg.
-.PP
-.Vb 1
-\& change_profile /bin/bash \-> {new_profile1,new_profile2,new_profile3},
-.Ve
-.PP
-An exec rule can be used to specify a transition for the executable, if
-the transition should be allowed even if the change_profile api has not
-been used to select a transition for those available in the change_profile
-rule set. Eg.
-.PP
-.Vb 2
-\& /bin/bash Px \-> new_profile1,
-\& change_profile /bin/bash \-> {new_profile1,new_profile2,new_profile3},
-.Ve
-.PP
-The exec mode dictates whether or not the Linux Kernel's \fBunsafe_exec\fR
-routines should be used to scrub the environment, similar to setuid programs.
-(See \fBld.so\fR\|(8) for some information on setuid/setgid environment scrubbing.) The
-\&\fBsafe\fR mode sets up environment scrubbing to occur when the new application is
-executed and \fBunsafe\fR mode disables AppArmor's requirement for environment
-scrubbing (the kernel and/or libc may still require environment scrubbing). An
-exec mode can only be specified when an exec condition is present.
-.PP
-.Vb 1
-\& change_profile safe /bin/bash \-> new_profile,
-.Ve
-.PP
-Not all kernels support \fBsafe\fR mode and the parser will downgrade rules to
-\&\fBunsafe\fR mode in that situation. If no exec mode is specified, the default is
-\&\fBsafe\fR mode in kernels that support it.
-.SS "rlimit rules"
-.IX Subsection "rlimit rules"
-AppArmor can set and control the resource limits associated with a
-profile as described in the \fBsetrlimit\fR\|(2) man page.
-.PP
-The AppArmor rlimit controls allow setting of limits and restricting
-changes of them and these actions can be audited. Enforcement of the
-set limits is handled by the standard kernel enforcement mechanism
-for rlimits and will not result in an audited apparmor message if
-the limit is enforced.
-.PP
-If a profile does not have an rlimit rule associated with a given
-rlimit then the rlimit is left alone and regular access, including
-changing the limit, is allowed. However if the profile sets an rlimit
-then the current limit is checked and if greater than the limit specified
-in the rule it will be changed to the specified limit.
-.PP
-AppArmor rlimit rules control the hard limit of an application and
-ensure that if the hard limit is lowered that the soft limit does not
-exceed the hard limit value.
-.PP
-Eg.
-.PP
-.Vb 3
-\& set rlimit data <= 100M,
-\& set rlimit nproc <= 10,
-\& set rlimit nice <= 5,
-.Ve
-.SS "Variables"
-.IX Subsection "Variables"
-AppArmor's policy language allows embedding variables into file rules
-to enable easier configuration for some common (and pervasive) setups.
-Variables may have multiple values assigned, but any variable assignments
-must be made before the start of the profile.
-.PP
-The parser will automatically expand variables to include all values
-that they have been assigned; it is an error to reference a variable
-without setting at least one value. You can use empty quotes ("") to
-explicitly add an empty value.
-.PP
-At the time of this writing, the following variables are defined in the
-provided AppArmor policy:
-.PP
-.Vb 10
-\& @{HOME}
-\& @{HOMEDIRS}
-\& @{multiarch}
-\& @{pid}
-\& @{pids}
-\& @{PROC}
-\& @{securityfs}
-\& @{apparmorfs}
-\& @{sys}
-\& @{tid}
-\& @{run}
-\& @{XDG_DESKTOP_DIR}
-\& @{XDG_DOWNLOAD_DIR}
-\& @{XDG_TEMPLATES_DIR}
-\& @{XDG_PUBLICSHARE_DIR}
-\& @{XDG_DOCUMENTS_DIR}
-\& @{XDG_MUSIC_DIR}
-\& @{XDG_PICTURES_DIR}
-\& @{XDG_VIDEOS_DIR}
-.Ve
-.PP
-These are defined in files in \fI/etc/apparmor.d/tunables\fR and are used in many
-of the abstractions described later.
-.PP
-You may also add files in \fI/etc/apparmor.d/tunables/home.d\fR for
-site-specific customization of \fB@{\s-1HOMEDIRS\s0}\fR,
-\&\fI/etc/apparmor.d/tunables/multiarch.d\fR for \fB@{multiarch}\fR and
-\&\fI/etc/apparmor.d/tunables/xdg\-user\-dirs.d\fR for \fB@{XDG_*}\fR.
-.PP
-The special \fB@{profile_name}\fR variable is set to the profile name and may be
-used in all policy.
-.SS "Alias rules"
-.IX Subsection "Alias rules"
-AppArmor also provides alias rules for remapping paths for site-specific
-layouts. They are an alternative form of path rewriting to using variables,
-and are done after variable resolution. Alias rules must occur within the
-preamble of the profile. System-wide aliases are found in
-\&\fI/etc/apparmor.d/tunables/alias\fR, which is included by
-\&\fI/etc/apparmor.d/tunables/global\fR. \fI/etc/apparmor.d/tunables/global\fR is
-typically included at the beginning of an AppArmor profile.
-.SS "Globbing (\s-1AARE\s0)"
-.IX Subsection "Globbing (AARE)"
-File resources and other parameters accepting an \s-1AARE\s0
-may be specified with a globbing syntax similar to that
-used by popular shells, such as \fBcsh\fR\|(1), \fBbash\fR\|(1), \fBzsh\fR\|(1).
-.IP "\fB*\fR" 4
-.IX Item "*"
-can substitute for any number of characters, excepting '/'
-.IP "\fB**\fR" 4
-.IX Item "**"
-can substitute for any number of characters, including '/'
-.IP "\fB?\fR" 4
-.IX Item "?"
-can substitute for any single character excepting '/'
-.IP "\fB[abc]\fR" 4
-.IX Item "[abc]"
-will substitute for the single character a, b, or c
-.IP "\fB[a\-c]\fR" 4
-.IX Item "[a-c]"
-will substitute for the single character a, b, or c
-.IP "\fB[^a\-c]\fR" 4
-.IX Item "[^a-c]"
-will substitute for any single character not matching a, b or c
-.IP "\fB{ab,cd}\fR" 4
-.IX Item "{ab,cd}"
-will expand to one rule to match ab, one rule to match cd
-.Sp
-Can also include variables.
-.IP "\fB@{variable}\fR" 4
-.IX Item "@{variable}"
-will expand to all values assigned to the given variable.
-.PP
-When AppArmor looks up a directory the pathname being looked up will
-end with a slash (e.g., \fI/var/tmp/\fR); otherwise it will not end with a
-slash. Only rules that match a trailing slash will match directories. Some
-examples, none matching the \fI/tmp/\fR directory itself, are:
-.IP "\fB/tmp/*\fR" 4
-.IX Item "/tmp/*"
-Files directly in \fI/tmp\fR.
-.IP "\fB/tmp/*/\fR" 4
-.IX Item "/tmp/*/"
-Directories directly in \fI/tmp\fR.
-.IP "\fB/tmp/**\fR" 4
-.IX Item "/tmp/**"
-Files and directories anywhere underneath \fI/tmp\fR.
-.IP "\fB/tmp/**/\fR" 4
-.IX Item "/tmp/**/"
-Directories anywhere underneath \fI/tmp\fR.
-.SS "Rule Qualifiers"
-.IX Subsection "Rule Qualifiers"
-There are several rule qualifiers that can be applied to permission rules.
-Rule qualifiers can modify the rule and/or permissions within the rule.
-.IP "\fBallow\fR" 4
-.IX Item "allow"
-Specifies that permissions requests that match the rule are allowed. This
-is the default value for rules and does not need to be specified. Conflicts
-with the \fIdeny\fR qualifier.
-.IP "\fBaudit\fR" 4
-.IX Item "audit"
-Specifies that permissions requests that match the rule should be recorded
-to the audit log.
-.IP "\fBdeny\fR" 4
-.IX Item "deny"
-Specifies that permissions requests that match the rule should be denied
-without logging. Can be combined with 'audit' to enable logging. Conflicts
-with the \fIallow\fR qualifier.
-.IP "\fBowner\fR" 4
-.IX Item "owner"
-Specifies that the task must have the same euid/fsuid as the object being
-referenced by the permission check.
-.PP
-\fIQualifier Blocks\fR
-.IX Subsection "Qualifier Blocks"
-.PP
-Rule Qualifiers can be applied to multiple rules at a time by grouping the
-rules into a rule block.
-.PP
-.Vb 4
-\& audit {
-\& /foo r,
-\& network,
-\& }
-.Ve
-.SS "#include mechanism"
-.IX Subsection "#include mechanism"
-AppArmor provides an easy abstraction mechanism to group common
-access requirements; this abstraction is an extremely flexible way to
-grant site-specific rights and makes writing new AppArmor profiles very
-simple by assembling the needed building blocks for any given program.
-.PP
-The use of '#include' is modelled directly after \fBcpp\fR\|(1); its use will
-replace the '#include' statement with the specified file's contents.
-The leading '#' is optional, and the '#include' keyword can be followed
-by an option conditional 'if exists' that specifies profile compilation
-should continue if the specified file or directory is not found.
-.PP
-\&\fB#include \*(L"/absolute/path\*(R"\fR specifies that \fI/absolute/path\fR should be
-used. \fB#include \*(L"relative/path\*(R"\fR specifies that \fIrelative/path\fR should
-be used, where the path is relative to the current working directory.
-\&\fB#include <magic/path>\fR is the most common usage; it will load
-\&\fImagic/path\fR relative to a directory specified to \fBapparmor_parser\fR\|(8).
-\&\fI/etc/apparmor.d/\fR is the AppArmor default.
-.PP
-The supplied AppArmor profiles follow several conventions; the
-abstractions stored in \fI/etc/apparmor.d/abstractions/\fR are some
-large clusters that are used in most profiles. What follows are short
-descriptions of how some of the abstractions are used.
-.IP "\fIabstractions/audio\fR" 4
-.IX Item "abstractions/audio"
-Includes accesses to device files used for audio applications.
-.IP "\fIabstractions/authentication\fR" 4
-.IX Item "abstractions/authentication"
-Includes access to files and services typically necessary for services
-that perform user authentication.
-.IP "\fIabstractions/base\fR" 4
-.IX Item "abstractions/base"
-Includes files that should be readable and writable in all profiles.
-.IP "\fIabstractions/bash\fR" 4
-.IX Item "abstractions/bash"
-Includes many files used by bash; useful for interactive shells and
-programs that call \fBsystem\fR\|(3).
-.IP "\fIabstractions/consoles\fR" 4
-.IX Item "abstractions/consoles"
-Includes read and write access to the device files controlling the
-virtual console, \fBsshd\fR\|(8), \fBxterm\fR\|(1), etc. This abstraction is needed for
-many programs that interact with users.
-.IP "\fIabstractions/fonts\fR" 4
-.IX Item "abstractions/fonts"
-Includes access to fonts and the font libraries.
-.IP "\fIabstractions/gnome\fR" 4
-.IX Item "abstractions/gnome"
-Includes read and write access to \s-1GNOME\s0 configuration files, as well as
-read access to \s-1GNOME\s0 libraries.
-.IP "\fIabstractions/kde\fR" 4
-.IX Item "abstractions/kde"
-Includes read and write access to \s-1KDE\s0 configuration files, as well as
-read access to \s-1KDE\s0 libraries.
-.IP "\fIabstractions/kerberosclient\fR" 4
-.IX Item "abstractions/kerberosclient"
-Includes file access rules needed for common kerberos clients.
-.IP "\fIabstractions/nameservice\fR" 4
-.IX Item "abstractions/nameservice"
-Includes file rules to allow \s-1DNS, LDAP, NIS, SMB,\s0 user and group password
-databases, services, and protocols lookups.
-.IP "\fIabstractions/perl\fR" 4
-.IX Item "abstractions/perl"
-Includes read access to perl modules.
-.IP "\fIabstractions/user\-download\fR" 4
-.IX Item "abstractions/user-download"
-.PD 0
-.IP "\fIabstractions/user\-mail\fR" 4
-.IX Item "abstractions/user-mail"
-.IP "\fIabstractions/user\-manpages\fR" 4
-.IX Item "abstractions/user-manpages"
-.IP "\fIabstractions/user\-tmp\fR" 4
-.IX Item "abstractions/user-tmp"
-.IP "\fIabstractions/user\-write\fR" 4
-.IX Item "abstractions/user-write"
-.PD
-Some profiles for typical \*(L"user\*(R" programs will use these include files
-to describe rights that users have in the system.
-.IP "\fIabstractions/wutmp\fR" 4
-.IX Item "abstractions/wutmp"
-Includes write access to files used to maintain \fBwtmp\fR\|(5) and \fButmp\fR\|(5)
-databases, used with the w(1) and associated commands.
-.IP "\fIabstractions/X\fR" 4
-.IX Item "abstractions/X"
-Includes read access to libraries, configuration files, X authentication
-files, and the X socket.
-.PP
-Some of the abstractions rely on variables that are set in files in the
-\&\fI/etc/apparmor.d/tunables/\fR directory. These variables are currently
-\&\fB@{\s-1HOME\s0}\fR and \fB@{\s-1HOMEDIRS\s0}\fR. Variables cannot be set in profile scope;
-they can only be set before the profile. Therefore, any profiles that
-use abstractions should either \fB#include <tunables/global>\fR or
-otherwise ensure that \fB@{\s-1HOME\s0}\fR and \fB@{\s-1HOMEDIRS\s0}\fR are set before
-starting the profile definition. The \fBaa\-autodep\fR\|(8) and \fBaa\-genprof\fR\|(8) utilities
-will automatically emit \fB#include <tunables/global>\fR in
-generated profiles.
-.SS "Feature \s-1ABI\s0"
-.IX Subsection "Feature ABI"
-The feature abi tells AppArmor which feature set the policy was
-developed under. This is important to ensure that kernels with a
-different feature set don't enforce features that the policy doesn't
-support, which can result in unexpected application failures.
-.PP
-When policy is compiled both the kernel feature abi and policy feature
-abi are consulted to build a policy that will work for the system's
-kernel.
-.PP
-If the kernel supports a feature not supported by the policy then
-policy will be built so that the kernel does \s-1NOT\s0 enforce that feature.
-.PP
-If the policy supports a feature not supported by the kernel the
-compile may downgrade the rule with the feature to something the
-kernel supports, drop the rule completely, or fail the compile.
-.PP
-If the policy abi is specified as \fBkernel\fR then the running kernel's
-abi will be used. This should never be used in shipped policy as it
-can cause system breakage when a new kernel is installed.
-.PP
-\fI\s-1ABI\s0 compatibility with AppArmor 2.x\fR
-.IX Subsection "ABI compatibility with AppArmor 2.x"
-.PP
-AppArmor 3 remains compatible with AppArmor 2.x by detecting when a
-profile does not have a feature \s-1ABI\s0 specified. In this case the policy
-compile will either apply the pinned feature \s-1ABI\s0 as specified by the
-config file or the command line, or if neither of those are applied by
-using a default feature \s-1ABI.\s0
-.PP
-It is important to note that the default feature \s-1ABI\s0 does not support
-new features added in AppArmor 3 or later.
-.SH "EXAMPLE"
-.IX Header "EXAMPLE"
-An example AppArmor profile:
-.PP
-.Vb 2
-\& # which feature abi the policy was developed with
-\& abi <abi/3.0>,
-\&
-\& # a variable definition in the preamble
-\& @{HOME} = /home/*/ /root/
-\&
-\& # a comment about foo.
-\& /usr/bin/foo {
-\& /bin/mount ux,
-\& /dev/{,u}random r,
-\& /etc/ld.so.cache r,
-\& /etc/foo.conf r,
-\& /etc/foo/* r,
-\& /lib/ld\-*.so* rmix,
-\& /lib/lib*.so* r,
-\& /proc/[0\-9]** r,
-\& /usr/lib/** r,
-\& /tmp/foo.pid wr,
-\& /tmp/foo.* lrw,
-\& /@{HOME}/.foo_file rw,
-\& /usr/bin/baz Cx \-> baz,
-\&
-\& # a comment about foo\*(Aqs hat (subprofile), bar.
-\& ^bar {
-\& /lib/ld\-*.so* rmix,
-\& /usr/bin/bar rmix,
-\& /var/spool/* rwl,
-\& }
-\&
-\& # a comment about foo\*(Aqs subprofile, baz.
-\& profile baz {
-\& #include <abstractions/bash>
-\& owner /proc/[0\-9]*/stat r,
-\& /bin/bash ixr,
-\& /var/lib/baz/ r,
-\& owner /var/lib/baz/* rw,
-\& }
-\& }
-.Ve
-.SH "FILES"
-.IX Header "FILES"
-.IP "\fI/etc/init.d/boot.apparmor\fR" 4
-.IX Item "/etc/init.d/boot.apparmor"
-.PD 0
-.IP "\fI/etc/apparmor.d/\fR" 4
-.IX Item "/etc/apparmor.d/"
-.PD
-.SH "KNOWN BUGS"
-.IX Header "KNOWN BUGS"
-.IP "\(bu" 4
-Mount options support the use of pattern matching but mount flags are not
-correctly intersected against specified patterns. Eg, 'mount options=**,'
-should be equivalent to 'mount,', but it is not. (\s-1LP:\s0 #965690)
-.IP "\(bu" 4
-The fstype may not be matched against when certain mount command flags are
-used. Specifically fstype matching currently only works when creating a new
-mount and not remount, bind, etc.
-.IP "\(bu" 4
-Mount rules with multiple 'options' conditionals are not applied as documented
-but instead merged such that 'options in (ro,nodev) options in (atime)' is
-equivalent to 'options in (ro,nodev,atime)'.
-.IP "\(bu" 4
-When specifying mount options with the 'in' conditional, both the positive and
-negative values match when specifying one or the other. Eg, 'rw' matches when
-\&'ro' is specified and 'dev' matches when 'nodev' is specified such that
-\&'options in (ro,nodev)' is equivalent to 'options in (rw,dev)'.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7), \fBapparmor_parser\fR\|(8), \fBapparmor_xattrs\fR\|(7), \fBaa\-complain\fR\|(1),
-\&\fBaa\-enforce\fR\|(1), \fBaa_change_hat\fR\|(2), \fBmod_apparmor\fR\|(5), and
-<https://wiki.apparmor.net>.
diff --git a/parser/apparmor.d.5.html b/parser/apparmor.d.5.html
deleted file mode 100644
index f94bd2eca656212c8c031a589c09e8ce90bcbfa2..0000000000000000000000000000000000000000
--- a/parser/apparmor.d.5.html
+++ /dev/null
@@ -1,1670 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>apparmor.d - syntax of security profiles for AppArmor.</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> apparmor.d - syntax of security profiles for AppArmor.</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#FORMAT">FORMAT</a>
- <ul>
- <li><a href="#Profile-Head">Profile Head</a>
- <ul>
- <li><a href="#Name">Name</a></li>
- <li><a href="#Attachment-Conditionals">Attachment Conditionals</a>
- <ul>
- <li><a href="#Exec-Attachment-Conditional">Exec Attachment Conditional</a></li>
- <li><a href="#Extended-Attributes-Attachment-Conditional">Extended Attributes Attachment Conditional</a></li>
- </ul>
- </li>
- <li><a href="#Flags">Flags</a>
- <ul>
- <li><a href="#Profile-Mode">Profile Mode</a></li>
- <li><a href="#Audit-Mode">Audit Mode</a></li>
- <li><a href="#Misc-modes">Misc modes</a></li>
- </ul>
- </li>
- </ul>
- </li>
- <li><a href="#Access-Modes">Access Modes</a></li>
- <li><a href="#Access-Modes-Details">Access Modes Details</a></li>
- <li><a href="#Link-rules">Link rules</a></li>
- <li><a href="#Comments">Comments</a></li>
- <li><a href="#Capabilities">Capabilities</a></li>
- <li><a href="#Network-Rules">Network Rules</a></li>
- <li><a href="#Mount-Rules">Mount Rules</a></li>
- <li><a href="#Pivot-Root-Rules">Pivot Root Rules</a></li>
- <li><a href="#PTrace-rules">PTrace rules</a></li>
- <li><a href="#Signal-rules">Signal rules</a></li>
- <li><a href="#DBus-rules">DBus rules</a></li>
- <li><a href="#Unix-socket-rules">Unix socket rules</a>
- <ul>
- <li><a href="#Unix-socket-address-paths">Unix socket address paths</a></li>
- <li><a href="#Unix-socket-permissions">Unix socket permissions</a></li>
- <li><a href="#Example-Unix-domain-socket-rules">Example Unix domain socket rules:</a></li>
- <li><a href="#Abstract-unix-domain-sockets-autobind">Abstract unix domain sockets autobind</a></li>
- <li><a href="#Interaction-of-network-rules-and-fine-grained-unix-domain-socket-rules">Interaction of network rules and fine grained unix domain socket rules</a></li>
- </ul>
- </li>
- <li><a href="#change_profile-rules">change_profile rules</a></li>
- <li><a href="#rlimit-rules">rlimit rules</a></li>
- <li><a href="#Variables">Variables</a></li>
- <li><a href="#Alias-rules">Alias rules</a></li>
- <li><a href="#Globbing-AARE">Globbing (AARE)</a></li>
- <li><a href="#Rule-Qualifiers">Rule Qualifiers</a>
- <ul>
- <li><a href="#Qualifier-Blocks">Qualifier Blocks</a></li>
- </ul>
- </li>
- <li><a href="#include-mechanism">#include mechanism</a></li>
- <li><a href="#Feature-ABI">Feature ABI</a>
- <ul>
- <li><a href="#ABI-compatibility-with-AppArmor-2.x">ABI compatibility with AppArmor 2.x</a></li>
- </ul>
- </li>
- </ul>
- </li>
- <li><a href="#EXAMPLE">EXAMPLE</a></li>
- <li><a href="#FILES">FILES</a></li>
- <li><a href="#KNOWN-BUGS">KNOWN BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>apparmor.d - syntax of security profiles for AppArmor.</p>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p>AppArmor profiles describe mandatory access rights granted to given programs and are fed to the AppArmor policy enforcement module using apparmor_parser(8). This man page describes the format of the AppArmor configuration files; see apparmor(7) for an overview of AppArmor.</p>
-
-<h1 id="FORMAT">FORMAT</h1>
-
-<p>AppArmor policy is written in a declarative language, in which the order of rules within a given section or block does not matter. Policy is by convention written so that it is contained in multiple files, but this is not a requirement. It could just as easily be written in a single file. The policy language is compiled to a architecture independent binary format that is loaded into the kernel for enforcement.</p>
-
-<p>The base unit of AppArmor confinement is the profile. It contains a set of rules which are enforced when the profile is associated with a running program. The rules within the profile provide a whitelist of different permission that are allowed, along with a few other special rules.</p>
-
-<p>The text in AppArmor policy is split into two sections, the preamble and the profile definitions. The preamble must occur at the head of the file and once profile definitions begin, no more preamble rules are allowed (even in files that are included into the profile). When AppArmor policy (set of profiles) is split across multiple files, each file can have its own preamble section, which may be the same or different from other files preamble. Files included within a profile section can not have a preamble section.</p>
-
-<p>The following is a BNF-style description of AppArmor policy configuration files; see below for an example AppArmor policy file. AppArmor configuration files are line-oriented; <b>#</b> introduces a comment, similar to shell scripting languages. The exception to this rule is that <b>#include</b> will <i>include</i> the contents of a file inline to the policy; this behaviour is modelled after cpp(1).</p>
-
-<ul>
-
-<p><b>PROFILE FILE</b> = ( [ <i>PREAMBLE</i> ] [ <i>PROFILE</i> ] )*</p>
-
-<p><b>PREAMBLE</b> = ( <i>COMMENT</i> | <i>VARIABLE ASSIGNMENT</i> | <i>ALIAS RULE</i> | <i>INCLUDE</i> | <i>ABI</i> )* Variable assignment and alias rules must come before the profile.</p>
-
-<p><b>VARIABLE ASSIGNMENT</b> = <i>VARIABLE</i> ('=' | '+=') (space separated values)</p>
-
-<p><b>VARIABLE</b> = '@{' <i>ALPHA</i> [ ( <i>ALPHANUMERIC</i> | '_' ) ... ] '}'</p>
-
-<p><b>ALIAS RULE</b> = 'alias' <i>ABS PATH</i> '->' <i>REWRITTEN ABS PATH</i> ','</p>
-
-<p><b>INCLUDE</b> = ( '#include' | 'include' ) [ 'if exists' ] ( <i>ABS PATH</i> | <i>MAGIC PATH</i> )</p>
-
-<p><b>ABI</b> = ( 'abi' ) ( <i>ABS PATH</i> | <i>MAGIC PATH</i> ) ','</p>
-
-<p><b>ABS PATH</b> = '"' path '"' (the path is passed to open(2))</p>
-
-<p><b>MAGIC PATH</b> = '<' relative path '>' The path is relative to <i>/etc/apparmor.d/</i>.</p>
-
-<p><b>COMMENT</b> = '#' <i>TEXT</i> [ '\r' ] '\n'</p>
-
-<p><b>TEXT</b> = any characters</p>
-
-<p><b>PROFILE</b> = ( <i>PROFILE HEAD</i> ) [ <i>ATTACHMENT SPECIFICATION</i> ] [ <i>PROFILE FLAG CONDS</i> ] '{' ( <i>RULES</i> )* '}'</p>
-
-<p><b>PROFILE HEAD</b> = [ 'profile' ] <i>FILEGLOB</i> | 'profile' <i>PROFILE NAME</i></p>
-
-<p><b>PROFILE NAME</b> ( <i>UNQUOTED PROFILE NAME</i> | <i>QUOTED PROFILE NAME</i> )</p>
-
-<p><b>QUOTED PROFILE NAME</b> = '"' <i>UNQUOTED PROFILE NAME</i> '"'</p>
-
-<p><b>UNQUOTED PROFILE NAME</b> = (must start with alphanumeric character (after variable expansion), or '/' <b>AARE</b> have special meanings; see below. May include <i>VARIABLE</i>. Rules with embedded spaces or tabs must be quoted.)</p>
-
-<p><b>ATTACHMENT SPECIFICATION</b> = [ <i>PROFILE_EXEC_COND</i> ] [ <i>PROFILE XATTR CONDS</i> ]</p>
-
-<p><b>PROFILE_EXEC_COND</b> = <i>FILEGLOB</i></p>
-
-<p><b>PROFILE XATTR CONDS</b> = [ 'xattrs=' ] '(' comma or white space separated list of <i>PROFILE XATTR</i> ')'</p>
-
-<p><b>PROFILE XATTR</b> = extended attribute name '=' <i>XATTR VALUE FILEGLOB</i></p>
-
-<p><b>XATTR VALUE FILEGLOB</b> = <i>FILEGLOB</i></p>
-
-<p><b>PROFILE FLAG CONDS</b> = [ 'flags=' ] '(' comma or white space separated list of <i>PROFILE FLAGS</i> ')'</p>
-
-<p><b>PROFILE FLAGS</b> = <i>PROFILE MODE</i> | <i>AUDIT_MODE</i> | 'mediate_deleted' | 'attach_disconnected' | 'chroot_relative'</p>
-
-<p><b>PROFILE MODE</b> = 'enforce' | 'complain' | 'kill' | 'unconfined'</p>
-
-<p><b>AUDIT MODE</b> = 'audit'</p>
-
-<p><b>RULES</b> = [ ( <i>LINE RULES</i> | <i>COMMA RULES</i> ',' | <i>BLOCK RULES</i> )</p>
-
-<p><b>LINE RULES</b> = ( <i>COMMENT</i> | <i>INCLUDE</i> ) [ '\r' ] '\n'</p>
-
-<p><b>COMMA RULES</b> = ( <i>CAPABILITY RULE</i> | <i>NETWORK RULE</i> | <i>MOUNT RULE</i> | <i>PIVOT ROOT RULE</i> | <i>UNIX RULE</i> | <i>FILE RULE</i> | <i>LINK RULE</i> | <i>CHANGE_PROFILE RULE</i> | <i>RLIMIT RULE</i> | <i>DBUS RULE</i> )</p>
-
-<p><b>BLOCK RULES</b> = ( <i>SUBPROFILE</i> | <i>HAT</i> | <i>QUALIFIER BLOCK</i> )</p>
-
-<p><b>SUBPROFILE</b> = 'profile' <i>PROFILE NAME</i> [ <i>ATTACHMENT SPECIFICATION</i> ] [ <i>PROFILE FLAG CONDS</i> ] '{' ( <i>RULES</i> )* '}'</p>
-
-<p><b>HAT</b> = ('hat' | '^') <i>HATNAME</i> [ <i>PROFILE FLAG CONDS</i> ] '{' ( <i>RULES</i> )* '}'</p>
-
-<p><b>HATNAME</b> = (must start with alphanumeric character. See aa_change_hat(2) for a description of how this "hat" is used. If '^' is used to start a hat then there is no space between the '^' and <i>HATNAME</i>)</p>
-
-<p><b>QUALIFIER BLOCK</b> = <i>QUALIFIERS</i> <i>BLOCK</i></p>
-
-<p><b>ACCESS TYPE</b> = ( 'allow' | 'deny' )</p>
-
-<p><b>QUALIFIERS</b> = [ 'audit' ] [ <i>ACCESS TYPE</i> ]</p>
-
-<p><b>CAPABILITY RULE</b> = [ <i>QUALIFIERS</i> ] 'capability' [ <i>CAPABILITY LIST</i> ]</p>
-
-<p><b>CAPABILITY LIST</b> = ( <i>CAPABILITY</i> )+</p>
-
-<p><b>CAPABILITY</b> = (lowercase capability name without 'CAP_' prefix; see capabilities(7))</p>
-
-<p><b>NETWORK RULE</b> = [ <i>QUALIFIERS</i> ] 'network' [ <i>DOMAIN</i> ] [ <i>TYPE</i> | <i>PROTOCOL</i> ]</p>
-
-<p><b>DOMAIN</b> = ( 'unix' | 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' | 'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' | 'netbeui' | 'security' | 'key' | 'netlink' | 'packet' | 'ash' | 'econet' | 'atmsvc' | 'rds' | 'sna' | 'irda' | 'pppox' | 'wanpipe' | 'llc' | 'ib' | 'mpls' | 'can' | 'tipc' | 'bluetooth' | 'iucv' | 'rxrpc' | 'isdn' | 'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' | 'vsock' | 'kcm' | 'qipcrtr' | 'smc' | 'xdp' | 'mctp' ) ','</p>
-
-<p><b>TYPE</b> = ( 'stream' | 'dgram' | 'seqpacket' | 'rdm' | 'raw' | 'packet' )</p>
-
-<p><b>PROTOCOL</b> = ( 'tcp' | 'udp' | 'icmp' )</p>
-
-<p><b>MOUNT RULE</b> = ( <i>MOUNT</i> | <i>REMOUNT</i> | <i>UMOUNT</i> )</p>
-
-<p><b>MOUNT</b> = [ <i>QUALIFIERS</i> ] 'mount' [ <i>MOUNT CONDITIONS</i> ] [ <i>SOURCE FILEGLOB</i> ] [ '->' [ <i>MOUNTPOINT FILEGLOB</i> ]</p>
-
-<p><b>REMOUNT</b> = [ <i>QUALIFIERS</i> ] 'remount' [ <i>MOUNT CONDITIONS</i> ] <i>MOUNTPOINT FILEGLOB</i></p>
-
-<p><b>UMOUNT</b> = [ <i>QUALIFIERS</i> ] 'umount' [ <i>MOUNT CONDITIONS</i> ] <i>MOUNTPOINT FILEGLOB</i></p>
-
-<p><b>MOUNT CONDITIONS</b> = [ ( 'fstype' | 'vfstype' ) ( '=' | 'in' ) <i>MOUNT FSTYPE EXPRESSION</i> ] [ 'options' ( '=' | 'in' ) <i>MOUNT FLAGS EXPRESSION</i> ]</p>
-
-<p><b>MOUNT FSTYPE EXPRESSION</b> = ( <i>MOUNT FSTYPE LIST</i> | <i>MOUNT EXPRESSION</i> )</p>
-
-<p><b>MOUNT FSTYPE LIST</b> = Comma separated list of valid filesystem and virtual filesystem types (eg ext4, debugfs, devfs, etc)</p>
-
-<p><b>MOUNT FLAGS EXPRESSION</b> = ( <i>MOUNT FLAGS LIST</i> | <i>MOUNT EXPRESSION</i> )</p>
-
-<p><b>MOUNT FLAGS LIST</b> = Comma separated list of <i>MOUNT FLAGS</i>.</p>
-
-<p><b>MOUNT FLAGS</b> = ( 'ro' | 'rw' | 'nosuid' | 'suid' | 'nodev' | 'dev' | 'noexec' | 'exec' | 'sync' | 'async' | 'remount' | 'mand' | 'nomand' | 'dirsync' | 'noatime' | 'atime' | 'nodiratime' | 'diratime' | 'bind' | 'rbind' | 'move' | 'verbose' | 'silent' | 'loud' | 'acl' | 'noacl' | 'unbindable' | 'runbindable' | 'private' | 'rprivate' | 'slave' | 'rslave' | 'shared' | 'rshared' | 'relatime' | 'norelatime' | 'iversion' | 'noiversion' | 'strictatime' | 'nostrictatime' | 'lazytime' | 'nolazytime' | 'nouser' | 'user' | 'symfollow' | 'nosymfollow' )</p>
-
-<p><b>MOUNT EXPRESSION</b> = ( <i>ALPHANUMERIC</i> | <i>AARE</i> ) ...</p>
-
-<p><b>PIVOT ROOT RULE</b> = [ <i>QUALIFIERS</i> ] pivot_root [ oldroot=<i>OLD PUT FILEGLOB</i> ] [ <i>NEW ROOT FILEGLOB</i> ] [ '->' <i>PROFILE NAME</i> ]</p>
-
-<p><b>SOURCE FILEGLOB</b> = <i>FILEGLOB</i></p>
-
-<p><b>MOUNTPOINT FILEGLOB</b> = <i>FILEGLOB</i></p>
-
-<p><b>OLD PUT FILEGLOB</b> = <i>FILEGLOB</i></p>
-
-<p><b>PTRACE_RULE</b> = [ <i>QUALIFIERS</i> ] 'ptrace' [ <i>PTRACE ACCESS PERMISSIONS</i> ] [ <i>PTRACE PEER</i> ]</p>
-
-<p><b>PTRACE ACCESS PERMISSIONS</b> = <i>PTRACE ACCESS</i> | <i>PTRACE ACCESS LIST</i></p>
-
-<p><b>PTRACE ACCESS LIST</b> = '(' Comma or space separated list of <i>PTRACE ACCESS</i> ')'</p>
-
-<p><b>PTRACE ACCESS</b> = ( 'r' | 'w' | 'rw' | 'read' | 'readby' | 'trace' | 'tracedby' )</p>
-
-<p><b>PTRACE PEER</b> = 'peer' '=' <i>AARE</i></p>
-
-<p><b>SIGNAL_RULE</b> = [ <i>QUALIFIERS</i> ] 'signal' [ <i>SIGNAL ACCESS PERMISSIONS</i> ] [ <i>SIGNAL SET</i> ] [ <i>SIGNAL PEER</i> ]</p>
-
-<p><b>SIGNAL ACCESS PERMISSIONS</b> = <i>SIGNAL ACCESS</i> | <i>SIGNAL ACCESS LIST</i></p>
-
-<p><b>SIGNAL ACCESS LIST</b> = '(' Comma or space separated list of <i>SIGNAL ACCESS</i> ')'</p>
-
-<p><b>SIGNAL ACCESS</b> = ( 'r' | 'w' | 'rw' | 'read' | 'write' | 'send' | 'receive' )</p>
-
-<p><b>SIGNAL SET</b> = 'set' '=' '(' <i>SIGNAL LIST</i> ')'</p>
-
-<p><b>SIGNAL LIST</b> = Comma or space separated list of <i>SIGNALS</i></p>
-
-<p><b>SIGNALS</b> = ( 'hup' | 'int' | 'quit' | 'ill' | 'trap' | 'abrt' | 'bus' | 'fpe' | 'kill' | 'usr1' | 'segv' | 'usr2' | 'pipe' | 'alrm' | 'term' | 'stkflt' | 'chld' | 'cont' | 'stop' | 'stp' | 'ttin' | 'ttou' | 'urg' | 'xcpu' | 'xfsz' | 'vtalrm' | 'prof' | 'winch' | 'io' | 'pwr' | 'sys' | 'emt' | 'exists' | 'rtmin+0' ... 'rtmin+32' )</p>
-
-<p><b>SIGNAL PEER</b> = 'peer' '=' <i>AARE</i></p>
-
-<p><b>DBUS RULE</b> = ( <i>DBUS MESSAGE RULE</i> | <i>DBUS SERVICE RULE</i> | <i>DBUS EAVESDROP RULE</i> | <i>DBUS COMBINED RULE</i> )</p>
-
-<p><b>DBUS MESSAGE RULE</b> = [ <i>QUALIFIERS</i> ] 'dbus' [ <i>DBUS ACCESS EXPRESSION</i> ] [ <i>DBUS BUS</i> ] [ <i>DBUS PATH</i> ] [ <i>DBUS INTERFACE</i> ] [ <i>DBUS MEMBER</i> ] [ <i>DBUS PEER</i> ]</p>
-
-<p><b>DBUS SERVICE RULE</b> = [ <i>QUALIFIERS</i> ] 'dbus' [ <i>DBUS ACCESS EXPRESSION</i> ] [ <i>DBUS BUS</i> ] [ <i>DBUS NAME</i> ]</p>
-
-<p><b>DBUS EAVESDROP RULE</b> = [ <i>QUALIFIERS</i> ] 'dbus' [ <i>DBUS ACCESS EXPRESSION</i> ] [ <i>DBUS BUS</i> ]</p>
-
-<p><b>DBUS COMBINED RULE</b> = [ <i>QUALIFIERS</i> ] 'dbus' [ <i>DBUS ACCESS EXPRESSION</i> ] [ <i>DBUS BUS</i> ]</p>
-
-<p><b>DBUS ACCESS EXPRESSION</b> = ( <i>DBUS ACCESS</i> | '(' <i>DBUS ACCESS LIST</i> ')' )</p>
-
-<p><b>DBUS BUS</b> = 'bus' '=' '(' 'system' | 'session' | '"' <i>AARE</i> '"' | <i>AARE</i> ')'</p>
-
-<p><b>DBUS PATH</b> = 'path' '=' '(' '"' <i>AARE</i> '"' | <i>AARE</i> ')'</p>
-
-<p><b>DBUS INTERFACE</b> = 'interface' '=' '(' '"' <i>AARE</i> '"' | <i>AARE</i> ')'</p>
-
-<p><b>DBUS MEMBER</b> = 'member' '=' '(' '"' <i>AARE</i> '"' | <i>AARE</i> ')'</p>
-
-<p><b>DBUS PEER</b> = 'peer' '=' '(' [ <i>DBUS NAME</i> ] [ <i>DBUS LABEL</i> ] ')'</p>
-
-<p><b>DBUS NAME</b> = 'name' '=' '(' '"' <i>AARE</i> '"' | <i>AARE</i> ')'</p>
-
-<p><b>DBUS LABEL</b> = 'label' '=' '(' '"' <i>AARE</i> '"' | <i>AARE</i> ')'</p>
-
-<p><b>DBUS ACCESS LIST</b> = Comma separated list of <i>DBUS ACCESS</i></p>
-
-<p><b>DBUS ACCESS</b> = ( 'send' | 'receive' | 'bind' | 'eavesdrop' | 'r' | 'read' | 'w' | 'write' | 'rw' ) Some accesses are incompatible with some rules; see below.</p>
-
-<p><b>UNIX RULE</b> = [ <i>QUALIFIERS</i> ] 'unix' [ <i>UNIX ACCESS EXPR</i> ] [ <i>UNIX RULE CONDS</i> ] [ <i>UNIX LOCAL EXPR</i> ] [ <i>UNIX PEER EXPR</i> ]</p>
-
-<p><b>UNIX ACCESS EXPR</b> = ( <i>UNIX ACCESS</i> | <i>UNIX ACCESS LIST</i> )</p>
-
-<p><b>UNIX ACCESS</b> = ( 'create' | 'bind' | 'listen' | 'accept' | 'connect' | 'shutdown' | 'getattr' | 'setattr' | 'getopt' | 'setopt' | 'send' | 'receive' | 'r' | 'w' | 'rw' ) Some access modes are incompatible with some rules or require additional parameters.</p>
-
-<p><b>UNIX ACCESS LIST</b> = '(' <i>UNIX ACCESS</i> ( [','] <i>UNIX ACCESS</i> )* ')'</p>
-
-<p><b>UNIX RULE CONDS</b> = ( <i>TYPE COND</i> | <i>PROTO COND</i> ) Each cond can appear at most once.</p>
-
-<p><b>TYPE COND</b> = 'type' '=' ( <i>AARE</i> | '(' ( '"' <i>AARE</i> '"' | <i>AARE</i> )+ ')' )</p>
-
-<p><b>PROTO COND</b> = 'protocol' '=' ( <i>AARE</i> | '(' ( '"' <i>AARE</i> '"' | <i>AARE</i> )+ ')' )</p>
-
-<p><b>UNIX LOCAL EXPR</b> = ( <i>UNIX ADDRESS COND</i> | <i>UNIX LABEL COND</i> | <i>UNIX ATTR COND</i> | <i>UNIX OPT COND</i> )* Each cond can appear at most once.</p>
-
-<p><b>UNIX PEER EXPR</b> = 'peer' '=' ( <i>UNIX ADDRESS COND</i> | <i>UNIX LABEL COND</i> )+ Each cond can appear at most once.</p>
-
-<p><b>UNIX ADDRESS COND</b> 'addr' '=' ( <i>AARE</i> | '(' '"' <i>AARE</i> '"' | <i>AARE</i> ')' )</p>
-
-<p><b>UNIX LABEL COND</b> 'label' '=' ( <i>AARE</i> | '(' '"' <i>AARE</i> '"' | <i>AARE</i> ')' )</p>
-
-<p><b>UNIX ATTR COND</b> 'attr' '=' ( <i>AARE</i> | '(' '"' <i>AARE</i> '"' | <i>AARE</i> ')' )</p>
-
-<p><b>UNIX OPT COND</b> 'opt' '=' ( <i>AARE</i> | '(' '"' <i>AARE</i> '"' | <i>AARE</i> ')' )</p>
-
-<p><b>RLIMIT RULE</b> = 'set' 'rlimit' [<i>RLIMIT</i> '<=' <i>RLIMIT VALUE</i> ]</p>
-
-<p><b>RLIMIT</b> = ( 'cpu' | 'fsize' | 'data' | 'stack' | 'core' | 'rss' | 'nofile' | 'ofile' | 'as' | 'nproc' | 'memlock' | 'locks' | 'sigpending' | 'msgqueue' | 'nice' | 'rtprio' | 'rttime' )</p>
-
-<p><b>RLIMIT VALUE</b> = ( <i>RLIMIT SIZE</i> | <i>RLIMIT NUMBER</i> | <i>RLIMIT TIME</i> | <i>RLIMIT NICE</i> )</p>
-
-<p><b>RLIMIT SIZE</b> = <i>NUMBER</i> ( 'K' | 'M' | 'G' ) Only applies to RLIMIT of 'fsize', 'data', 'stack', 'core', 'rss', 'as', 'memlock', 'msgqueue'.</p>
-
-<p><b>RLIMIT NUMBER</b> = number from 0 to max rlimit value. Only applies to RLIMIT of 'ofile', 'nofile', 'locks', 'sigpending', 'nproc', 'rtprio'.</p>
-
-<p><b>RLIMIT TIME</b> = <i>NUMBER</i> ( 'us' | 'microsecond' | 'microseconds' | 'ms' | 'millisecond' | 'milliseconds' | 's' | 'sec' | 'second' | 'seconds' | 'min' | 'minute' | 'minutes' | 'h' | 'hour' | 'hours' | 'd' | 'day' | 'days' | 'week' | 'weeks' ) Only applies to RLIMIT of 'cpu' and 'rttime'. RLIMIT 'cpu' only allows units >= 'seconds'.</p>
-
-<p><b>RLIMIT NICE</b> = a number between -20 and 19. Only applies to RLIMIT of 'nice'.</p>
-
-<p><b>FILE RULE</b> = [ <i>QUALIFIERS</i> ] [ 'owner' ] ( 'file' | [ 'file' ] ( <i>FILEGLOB</i> <i>ACCESS</i> | <i>ACCESS</i> <i>FILEGLOB</i> ) [ '->' <i>EXEC TARGET</i> ] )</p>
-
-<p><b>FILEGLOB</b> = ( <i>QUOTED FILEGLOB</i> | <i>UNQUOTED FILEGLOB</i> )</p>
-
-<p><b>QUOTED FILEGLOB</b> = '"' <i>UNQUOTED FILEGLOB</i> '"'</p>
-
-<p><b>UNQUOTED FILEGLOB</b> = (must start with '/' (after variable expansion), <b>AARE</b> have special meanings; see below. May include <i>VARIABLE</i>. Rules with embedded spaces or tabs must be quoted. Rules must end with '/' to apply to directories.)</p>
-
-<p><b>AARE</b> = <b>?*[]{}^</b> See section "Globbing (AARE)" below for meanings.</p>
-
-<p><b>ACCESS</b> = ( 'r' | 'w' | 'a' | 'l' | 'k' | 'm' | <i>EXEC TRANSITION</i> )+ (not all combinations are allowed; see below.)</p>
-
-<p><b>EXEC TRANSITION</b> = ( 'ix' | 'ux' | 'Ux' | 'px' | 'Px' | 'cx' | 'Cx' | 'pix' | 'Pix' | 'cix' | 'Cix' | 'pux' | 'PUx' | 'cux' | 'CUx' | 'x' ) A bare 'x' is only allowed in rules with the deny qualifier, everything else only without the deny qualifier.</p>
-
-<p><b>EXEC TARGET</b> = name Requires <i>EXEC TRANSITION</i> specified.</p>
-
-<p><b>LINK RULE</b> = <i>QUALIFIERS</i> [ 'owner' ] 'link' [ 'subset' ] <i>FILEGLOB</i> '->' <i>FILEGLOB</i></p>
-
-<p><b>ALPHA</b> = ('a', 'b', 'c', ... 'z', 'A', 'B', ... 'Z')</p>
-
-<p><b>ALPHANUMERIC</b> = ('0', '1', '2', ... '9', 'a', 'b', 'c', ... 'z', 'A', 'B', ... 'Z')</p>
-
-<p><b>CHANGE_PROFILE RULE</b> = 'change_profile' [ [ <i>EXEC MODE</i> ] <i>EXEC COND</i> ] [ '->' <i>PROFILE NAME</i> ]</p>
-
-<p><b>EXEC_MODE</b> = ( 'safe' | 'unsafe' )</p>
-
-<p><b>EXEC COND</b> = <i>FILEGLOB</i></p>
-
-</ul>
-
-<p>All resources and programs need a full path. There may be any number of subprofiles (aka child profiles) in a profile, limited only by kernel memory. Subprofile names are limited to 974 characters. Child profiles can be used to confine an application in a special way, or when you want the child to be unconfined on the system, but confined when called from the parent. Hats are a special child profile that can be used with the aa_change_hat(2) API call. Applications written or modified to use aa_change_hat(2) can take advantage of subprofiles to run under different confinements, dependent on program logic. Several aa_change_hat(2)-aware applications exist, including an Apache module, mod_apparmor(5); a PAM module, pam_apparmor; and a Tomcat valve, tomcat_apparmor. Applications written or modified to use change_profile(2) transition permanently to the specified profile. libvirt is one such application.</p>
-
-<h2 id="Profile-Head">Profile Head</h2>
-
-<p>The profile head consists of a required name that is unique and optional attachment conditionals and control flags.</p>
-
-<h3 id="Name">Name</h3>
-
-<p>The name of the profile is its identifier. It is what is displayed during introspection (eg. ps -Z), and defines how the profile is referenced by policy rules for any policy interaction via ipc or domain changes. It is recommended that the name be kept short and have meaning for the application it is being applied eg. <i>firefox</i> for the firefox web browser or its functional role eg. log_admin.</p>
-
-<p>If the name is an applications full absolute path name eg. <i>/usr/bin/firefox</i> and an exec attachment conditional is not specified the name is also used as the profile's exec attachment conditional. This use however has been deprecated and is discouraged as it makes for long names that can make profile rules difficult to understand, and may not be fully displayed by some introspection tools.</p>
-
-<h3 id="Attachment-Conditionals">Attachment Conditionals</h3>
-
-<p>The attachment conditionals are used during profile changes to determine whether a profile is a match for the proposed profile transition. The attachment conditionals are optional, how and when they are applied is determined by the specific condition(s) used.</p>
-
-<p>When attachment conditionals are used, the attachment conditionals for all profiles in the namespace will be evaluated. The profile with the set of attachments that result in the best match will become the new profile after a transition operation. Attachments that don't match will result in the profile not being available for transition.</p>
-
-<p>If no conditionals are specified the profile will only be used if a transition explicitly specifies the profile name.</p>
-
-<h4 id="Exec-Attachment-Conditional">Exec Attachment Conditional</h4>
-
-<p>The exec attachment conditional governs how closely the profile matches an executable program. This conditional is only used during an exec operation when the matching exec rule specifies either a <b>px</b> or <b>cx</b> (or their derivatives) transition type. The exec attachment conditional will also be used by tasks that are <i>unconfined</i> as they use a <b>pix</b> transition rule.</p>
-
-<p>If there are no attachment matches then it is up to the exec rule to determine what happens (fail or a fallback option).</p>
-
-<p>Note: see profile <i>Name</i> for information around using the profile name as an attachment conditional.</p>
-
-<p>Exec attachment conditionals can contain variable names and pattern matching. They use a longest left match heuristic to deterime the winner in the case of multiple matches at run time. The exact implementation of this resolution is kernel specific and has improved over time, while retaining backwards compatibility. If the heuristic can not determine a winner between multiple matches the exec will be denied.</p>
-
-<h4 id="Extended-Attributes-Attachment-Conditional">Extended Attributes Attachment Conditional</h4>
-
-<p>AppArmor profiles have the ability to target files based on their xattr(7) values in addition to their path. For example, the following profile matches files in /usr/bin with the attribute "security.apparmor" and value "trusted":</p>
-
-<pre><code>/usr/bin/* xattrs(security.apparmor="trusted") {
- # ...
-}</code></pre>
-
-<p>See apparmor_xattrs(7) for further details.</p>
-
-<h3 id="Flags">Flags</h3>
-
-<p>The profile flags allow modifying the behavior of the profile. If a profile flag is specified it takes priority over any conflicting flags that have been specified by rules in the profile body.</p>
-
-<h4 id="Profile-Mode">Profile Mode</h4>
-
-<p>The profile mode allow controlling the enforcement behavior of the profile rules.</p>
-
-<p>If no mode is specified the profile defaults to <i>enforce</i> mode.</p>
-
-<dl>
-
-<dt id="enforce-For-a-given-action-if-the-profile-rules-do-not-grant-permission-the-action-will-be-denied-with-an-EACCES-or-EPERM-error-code-returned-to-userspace-and-the-violation-will-be-logged-with-a-tag-of-the-access-being-DENIED"><b>enforce</b> For a given action, if the profile rules do not grant permission the action will be denied, with an <i>EACCES</i> or <i>EPERM</i> error code returned to userspace, and the violation will be logged with a tag of the access being <b>DENIED</b>.</dt>
-<dd>
-
-</dd>
-<dt id="kill-This-is-a-variant-of-enforce-mode-where-in-addition-to-returning-EACCES-or-EPERM-for-a-violation-the-task-is-also-sent-a-signal-to-kill-it"><b>kill</b> This is a variant of enforce mode where in addition to returning <i>EACCES</i> or <i>EPERM</i> for a violation, the task is also sent a signal to kill it.</dt>
-<dd>
-
-</dd>
-<dt id="complain-For-a-given-action-if-the-profile-rules-do-not-grant-permission-the-action-will-be-allowed-but-the-violation-will-be-logged-with-a-tag-of-the-access-being-ALLOWED"><b>complain</b> For a given action, if the profile rules do not grant permission the action will be allowed, but the violation will be logged with a tag of the access being <b>ALLOWED</b>.</dt>
-<dd>
-
-</dd>
-<dt id="unconfined-This-mode-allows-a-task-confined-by-the-profile-to-behave-as-though-they-are-unconfined.-This-mode-allow-for-an-unconfined-behavior-that-can-be-later-changed-to-confinement-by-using-profile-replacement.-This-mode-is-should-not-be-used-under-regular-deployment-but-can-be-useful-during-debugging-and-some-system-initialization-scenarios"><b>unconfined</b> This mode allows a task confined by the profile to behave as though they are <i>unconfined</i>. This mode allow for an unconfined behavior that can be later changed to confinement by using profile replacement. This mode is should not be used under regular deployment but can be useful during debugging and some system initialization scenarios.</dt>
-<dd>
-
-</dd>
-</dl>
-
-<h4 id="Audit-Mode">Audit Mode</h4>
-
-<p>The audit mode allows control of how AppArmor messages are are logged to the audit system.</p>
-
-<dl>
-
-<dt id="audit-This-flag-causes-all-actions-whether-allowed-or-denied-to-be-logged"><b>audit</b> This flag causes all actions whether allowed or denied to be logged.</dt>
-<dd>
-
-</dd>
-</dl>
-
-<h4 id="Misc-modes">Misc modes</h4>
-
-<dl>
-
-<dt id="mediate_deleted-This-forces-AppArmor-to-mediate-deleted-files-as-if-they-still-exist-in-the-file-system"><b>mediate_deleted</b> This forces AppArmor to mediate deleted files as if they still exist in the file system.</dt>
-<dd>
-
-</dd>
-<dt id="attach_disconnected-This-forces-AppArmor-to-attach-disconnected-objects-to-the-tasks-namespace-and-mediate-them-as-though-they-are-part-of-the-namespace.-WARNING-this-mode-is-unsafe-and-can-result-in-aliasing-and-access-to-objects-that-should-not-be-allowed.-Its-intent-is-a-debug-and-policy-development-tool"><b>attach_disconnected</b> This forces AppArmor to attach disconnected objects to the task's namespace and mediate them as though they are part of the namespace. WARNING this mode is unsafe and can result in aliasing and access to objects that should not be allowed. Its intent is a debug and policy development tool.</dt>
-<dd>
-
-</dd>
-<dt id="chroot_relative-This-forces-file-names-to-be-relative-to-a-chroot-and-behave-as-if-the-chroot-is-a-mount-namespace"><b>chroot_relative</b> This forces file names to be relative to a chroot and behave as if the chroot is a mount namespace.</dt>
-<dd>
-
-</dd>
-</dl>
-
-<h2 id="Access-Modes">Access Modes</h2>
-
-<p>File permission access modes consists of combinations of the following modes:</p>
-
-<dl>
-
-<dt id="r"><b>r</b></dt>
-<dd>
-
-<p>- read</p>
-
-</dd>
-<dt id="w"><b>w</b></dt>
-<dd>
-
-<p>- write -- conflicts with append</p>
-
-</dd>
-<dt id="a"><b>a</b></dt>
-<dd>
-
-<p>- append -- conflicts with write</p>
-
-</dd>
-<dt id="ux"><b>ux</b></dt>
-<dd>
-
-<p>- unconfined execute</p>
-
-</dd>
-<dt id="Ux"><b>Ux</b></dt>
-<dd>
-
-<p>- unconfined execute -- scrub the environment</p>
-
-</dd>
-<dt id="px"><b>px</b></dt>
-<dd>
-
-<p>- discrete profile execute</p>
-
-</dd>
-<dt id="Px"><b>Px</b></dt>
-<dd>
-
-<p>- discrete profile execute -- scrub the environment</p>
-
-</dd>
-<dt id="cx"><b>cx</b></dt>
-<dd>
-
-<p>- transition to subprofile on execute</p>
-
-</dd>
-<dt id="Cx"><b>Cx</b></dt>
-<dd>
-
-<p>- transition to subprofile on execute -- scrub the environment</p>
-
-</dd>
-<dt id="ix"><b>ix</b></dt>
-<dd>
-
-<p>- inherit execute</p>
-
-</dd>
-<dt id="pix"><b>pix</b></dt>
-<dd>
-
-<p>- discrete profile execute with inherit fallback</p>
-
-</dd>
-<dt id="Pix"><b>Pix</b></dt>
-<dd>
-
-<p>- discrete profile execute with inherit fallback -- scrub the environment</p>
-
-</dd>
-<dt id="cix"><b>cix</b></dt>
-<dd>
-
-<p>- transition to subprofile on execute with inherit fallback</p>
-
-</dd>
-<dt id="Cix"><b>Cix</b></dt>
-<dd>
-
-<p>- transition to subprofile on execute with inherit fallback -- scrub the environment</p>
-
-</dd>
-<dt id="pux"><b>pux</b></dt>
-<dd>
-
-<p>- discrete profile execute with fallback to unconfined</p>
-
-</dd>
-<dt id="PUx"><b>PUx</b></dt>
-<dd>
-
-<p>- discrete profile execute with fallback to unconfined -- scrub the environment</p>
-
-</dd>
-<dt id="cux"><b>cux</b></dt>
-<dd>
-
-<p>- transition to subprofile on execute with fallback to unconfined</p>
-
-</dd>
-<dt id="CUx"><b>CUx</b></dt>
-<dd>
-
-<p>- transition to subprofile on execute with fallback to unconfined -- scrub the environment</p>
-
-</dd>
-<dt id="deny-x"><b>deny x</b></dt>
-<dd>
-
-<p>- disallow execute (in rules with the deny qualifier)</p>
-
-</dd>
-<dt id="m"><b>m</b></dt>
-<dd>
-
-<p>- allow PROT_EXEC with mmap(2) calls</p>
-
-</dd>
-<dt id="l"><b>l</b></dt>
-<dd>
-
-<p>- link</p>
-
-</dd>
-<dt id="k"><b>k</b></dt>
-<dd>
-
-<p>- lock</p>
-
-</dd>
-</dl>
-
-<h2 id="Access-Modes-Details">Access Modes Details</h2>
-
-<dl>
-
-<dt id="r---Read-mode"><b>r - Read mode</b></dt>
-<dd>
-
-<p>Allows the program to have read access to the file or directory listing. Read access is required for shell scripts and other interpreted content.</p>
-
-</dd>
-<dt id="w---Write-mode"><b>w - Write mode</b></dt>
-<dd>
-
-<p>Allows the program to have write access to the file. Files and directories must have this permission if they are to be unlinked (removed.) Write mode is not required on a directory to rename or create files within the directory.</p>
-
-<p>This mode conflicts with append mode.</p>
-
-</dd>
-<dt id="a---Append-mode"><b>a - Append mode</b></dt>
-<dd>
-
-<p>Allows the program to have a limited appending only write access to the file. Append mode will prevent an application from opening the file for write unless it passes the O_APPEND parameter flag on open.</p>
-
-<p>The mode conflicts with Write mode.</p>
-
-</dd>
-<dt id="ux---Unconfined-execute-mode"><b>ux - Unconfined execute mode</b></dt>
-<dd>
-
-<p>Allows the program to execute the program without any AppArmor profile being applied to the program.</p>
-
-<p>This mode is useful when a confined program needs to be able to perform a privileged operation, such as rebooting the machine. By placing the privileged section in another executable and granting unconfined execution rights, it is possible to bypass the mandatory constraints imposed on all confined processes. For more information on what is constrained, see the apparmor(7) man page.</p>
-
-<p><b>WARNING</b> 'ux' should only be used in very special cases. It enables the designated child processes to be run without any AppArmor protection. 'ux' does not scrub the environment of variables such as LD_PRELOAD; as a result, the calling domain may have an undue amount of influence over the callee. Use this mode only if the child absolutely must be run unconfined and LD_PRELOAD must be used. Any profile using this mode provides negligible security. Use at your own risk.</p>
-
-<p>Incompatible with other exec transition modes and the deny qualifier.</p>
-
-</dd>
-<dt id="Ux---unconfined-execute----scrub-the-environment"><b>Ux - unconfined execute -- scrub the environment</b></dt>
-<dd>
-
-<p>'Ux' allows the named program to run in 'ux' mode, but AppArmor will invoke the Linux Kernel's <b>unsafe_exec</b> routines to scrub the environment, similar to setuid programs. (See ld.so(8) for some information on setuid/setgid environment scrubbing.)</p>
-
-<p><b>WARNING</b> 'Ux' should only be used in very special cases. It enables the designated child processes to be run without any AppArmor protection. Use this mode only if the child absolutely must be run unconfined. Use at your own risk.</p>
-
-<p>Incompatible with other exec transition modes and the deny qualifier.</p>
-
-</dd>
-<dt id="px---Discrete-Profile-execute-mode"><b>px - Discrete Profile execute mode</b></dt>
-<dd>
-
-<p>This mode requires that a discrete security profile is defined for a program executed and forces an AppArmor domain transition. If there is no profile defined then the access will be denied.</p>
-
-<p><b>WARNING</b> 'px' does not scrub the environment of variables such as LD_PRELOAD; as a result, the calling domain may have an undue amount of influence over the callee.</p>
-
-<p>Incompatible with other exec transition modes and the deny qualifier.</p>
-
-</dd>
-<dt id="Px---Discrete-Profile-execute-mode----scrub-the-environment"><b>Px - Discrete Profile execute mode -- scrub the environment</b></dt>
-<dd>
-
-<p>'Px' allows the named program to run in 'px' mode, but AppArmor will invoke the Linux Kernel's <b>unsafe_exec</b> routines to scrub the environment, similar to setuid programs. (See ld.so(8) for some information on setuid/setgid environment scrubbing.)</p>
-
-<p>Incompatible with other exec transition modes and the deny qualifier.</p>
-
-</dd>
-<dt id="cx---Transition-to-Subprofile-execute-mode"><b>cx - Transition to Subprofile execute mode</b></dt>
-<dd>
-
-<p>This mode requires that a local security profile is defined and forces an AppArmor domain transition to the named profile. If there is no profile defined then the access will be denied.</p>
-
-<p><b>WARNING</b> 'cx' does not scrub the environment of variables such as LD_PRELOAD; as a result, the calling domain may have an undue amount of influence over the callee.</p>
-
-<p>Incompatible with other exec transition modes and the deny qualifier.</p>
-
-</dd>
-<dt id="Cx---Transition-to-Subprofile-execute-mode----scrub-the-environment"><b>Cx - Transition to Subprofile execute mode -- scrub the environment</b></dt>
-<dd>
-
-<p>'Cx' allows the named program to run in 'cx' mode, but AppArmor will invoke the Linux Kernel's <b>unsafe_exec</b> routines to scrub the environment, similar to setuid programs. (See ld.so(8) for some information on setuid/setgid environment scrubbing.)</p>
-
-<p>Incompatible with other exec transition modes and the deny qualifier.</p>
-
-</dd>
-<dt id="ix---Inherit-execute-mode"><b>ix - Inherit execute mode</b></dt>
-<dd>
-
-<p>Prevent the normal AppArmor domain transition on execve(2) when the profiled program executes the named program. Instead, the executed resource will inherit the current profile.</p>
-
-<p>This mode is useful when a confined program needs to call another confined program without gaining the permissions of the target's profile, or losing the permissions of the current profile. There is no version to scrub the environment because 'ix' executions don't change privileges.</p>
-
-<p>Incompatible with other exec transition modes and the deny qualifier.</p>
-
-</dd>
-<dt id="Profile-transition-with-inheritance-fallback-execute-mode"><b>Profile transition with inheritance fallback execute mode</b></dt>
-<dd>
-
-<p>These modes attempt to perform a domain transition as specified by the matching permission (shown below) and if that transition fails to find the matching profile the domain transition proceeds using the 'ix' transition mode.</p>
-
-<pre><code>'Pix' == 'Px' with fallback to 'ix'
-'pix' == 'px' with fallback to 'ix'
-'Cix' == 'Cx' with fallback to 'ix'
-'cix' == 'cx' with fallback to 'ix'</code></pre>
-
-<p>Incompatible with other exec transition modes and the deny qualifier.</p>
-
-</dd>
-<dt id="Profile-transition-with-unconfined-fallback-execute-mode"><b>Profile transition with unconfined fallback execute mode</b></dt>
-<dd>
-
-<p>These modes attempt to perform a domain transition as specified by the matching permission (shown below) and if that transition fails to find the matching profile the domain transition proceeds using the 'ux' transition mode if 'pux', 'cux' or the 'Ux' transition mode if 'PUx', 'CUx' is used.</p>
-
-<pre><code>'PUx' == 'Px' with fallback to 'Ux'
-'pux' == 'px' with fallback to 'ux'
-'CUx' == 'Cx' with fallback to 'Ux'
-'cux' == 'cx' with fallback to 'ux'</code></pre>
-
-<p>Incompatible with other exec transition modes and the deny qualifier.</p>
-
-</dd>
-<dt id="deny-x---Deny-execute"><b>deny x - Deny execute</b></dt>
-<dd>
-
-<p>For rules including the deny modifier, only 'x' is allowed to deny execute.</p>
-
-<p>The 'ix', 'Px', 'px', 'Cx', 'cx' and the fallback modes conflict with the deny modifier.</p>
-
-</dd>
-<dt id="Directed-profile-transitions"><b>Directed profile transitions</b></dt>
-<dd>
-
-<p>The directed ('px', 'Px', 'pix', 'Pix', 'pux', 'PUx') profile and subprofile ('cx', 'Cx', 'cix', 'Cix', 'cux', 'CUx') transitions normally determine the profile to transition to from the executable name. It is however possible to specify the name of the profile that the transition should use.</p>
-
-<p>The name of the profile to transition to is specified using the '->' followed by the name of the profile to transition to. Eg.</p>
-
-<pre><code>/bin/** px -> profile,</code></pre>
-
-<p>Incompatible with other exec transition modes.</p>
-
-</dd>
-<dt id="m---Allow-executable-mapping"><b>m - Allow executable mapping</b></dt>
-<dd>
-
-<p>This mode allows a file to be mapped into memory using mmap(2)'s PROT_EXEC flag. This flag marks the pages executable; it is used on some architectures to provide non-executable data pages, which can complicate exploit attempts. AppArmor uses this mode to limit which files a well-behaved program (or all programs on architectures that enforce non-executable memory access controls) may use as libraries, to limit the effect of invalid <b>-L</b> flags given to ld(1) and <b>LD_PRELOAD</b>, <b>LD_LIBRARY_PATH</b>, given to ld.so(8).</p>
-
-</dd>
-<dt id="l---Link-mode"><b>l - Link mode</b></dt>
-<dd>
-
-<p>Allows the program to be able to create a link with this name. When a link is created, the new link <b>MUST</b> have a subset of permissions as the original file (with the exception that the destination does not have to have link access.) If there is an 'x' rule on the new link, it must match the original file exactly.</p>
-
-</dd>
-<dt id="k---lock-mode"><b>k - lock mode</b></dt>
-<dd>
-
-<p>Allows the program to be able lock a file with this name. This permission covers both advisory and mandatory locking.</p>
-
-</dd>
-<dt id="leading-OR-trailing-access-permissions"><b>leading OR trailing access permissions</b></dt>
-<dd>
-
-<p>File rules can be specified with the access permission either leading or trailing the file glob. Eg.</p>
-
-<pre><code>rw /**, # leading permissions
-
-/** rw, # trailing permissions</code></pre>
-
-<p>When leading permissions are used further rule options and context may be allowed, Eg.</p>
-
-<pre><code>l /foo -> /bar, # lead 'l' link permission is equivalent to link rules</code></pre>
-
-</dd>
-</dl>
-
-<h2 id="Link-rules">Link rules</h2>
-
-<p>Link rules allow specifying permission to form a hard link as a link target pair. If the subset condition is specified then the permissions to access the link file must be a subset of the profiles permissions to access the target file. If there is an 'x' rule on the new link, it must match the original file exactly.</p>
-
-<p>Eg.</p>
-
-<pre><code>/file1 r,
-/file2 rwk,
-/link* rw,
-link subset /link* -> /**,</code></pre>
-
-<p>The link rule allows linking of /link to both /file1 or /file2 by name however because the /link file has 'rw' permissions it is not allowed to link to /file1 because that would grant an access path to /file1 with more permissions than the 'r' permissions the profile specifies.</p>
-
-<p>A link of /link to /file2 would be allowed because the 'rw' permissions of /link are a subset of the 'rwk' permissions for /file1.</p>
-
-<p>The link rule is equivalent to specifying the 'l' link permission as a leading permission with no other file access permissions. When this is done the link rule options can be specified.</p>
-
-<p>The following link rule is equivalent to the 'l' permission file rule</p>
-
-<pre><code>link /foo -> bar,
-l /foo -> /bar,</code></pre>
-
-<p>File rules that specify the 'l' permission and don't specify the extend link permissions map to link rules as follows.</p>
-
-<pre><code>/foo l,
-l /foo,
-link subset /foo -> /**,</code></pre>
-
-<h2 id="Comments">Comments</h2>
-
-<p>Comments start with # and may begin at any place within a line. The comment ends when the line ends. This is the same comment style as shell scripts.</p>
-
-<h2 id="Capabilities">Capabilities</h2>
-
-<p>The only capabilities a confined process may use may be enumerated; for the complete list, please refer to capabilities(7). Note that granting some capabilities renders AppArmor confinement for that domain advisory; while open(2), read(2), write(2), etc., will still return error when access is not granted, some capabilities allow loading kernel modules, arbitrary access to IPC, ability to bypass discretionary access controls, and other operations that are typically reserved for the root user.</p>
-
-<h2 id="Network-Rules">Network Rules</h2>
-
-<p>AppArmor supports simple coarse grained network mediation. The network rule restrict all socket(2) based operations. The mediation done is a coarse-grained check on whether a socket of a given type and family can be created, read, or written. There is no mediation based of port number or protocol beyond tcp, udp, and raw. Network netlink(7) rules may only specify type 'dgram' and 'raw'.</p>
-
-<p>AppArmor network rules are accumulated so that the granted network permissions are the union of all the listed network rule permissions.</p>
-
-<p>AppArmor network rules are broad and general and become more restrictive as further information is specified.</p>
-
-<p>eg.</p>
-
-<pre><code>network, #allow access to all networking
-network tcp, #allow access to tcp
-network inet tcp, #allow access to tcp only for inet4 addresses
-network inet6 tcp, #allow access to tcp only for inet6 addresses
-network netlink raw, #allow access to AF_NETLINK SOCK_RAW</code></pre>
-
-<h2 id="Mount-Rules">Mount Rules</h2>
-
-<p>AppArmor supports mount mediation and allows specifying filesystem types and mount flags. The syntax of mount rules in AppArmor is based on the mount(8) command syntax. Mount rules must contain one of the mount, remount or umount keywords, but all mount conditions are optional. Unspecified optional conditionals are assumed to match all entries (eg, not specifying fstype means all fstypes are matched). Due to the complexity of the mount command and how options may be specified, AppArmor allows specifying conditionals three different ways:</p>
-
-<ol>
-
-<li><p>If a conditional is specified using '=', then the rule only grants permission for mounts matching the exactly specified options. For example, an AppArmor policy with the following rule:</p>
-
-<pre><code>mount options=ro /dev/foo -E<gt> /mnt/,</code></pre>
-
-<p>Would match:</p>
-
-<pre><code>$ mount -o ro /dev/foo /mnt</code></pre>
-
-<p>but not either of these:</p>
-
-<pre><code>$ mount -o ro,atime /dev/foo /mnt
-
-$ mount -o rw /dev/foo /mnt</code></pre>
-
-</li>
-<li><p>If a conditional is specified using 'in', then the rule grants permission for mounts matching any combination of the specified options. For example, if an AppArmor policy has the following rule:</p>
-
-<pre><code>mount options in (ro,atime) /dev/foo -> /mnt/,</code></pre>
-
-<p>all of these mount commands will match:</p>
-
-<pre><code>$ mount -o ro /dev/foo /mnt
-
-$ mount -o ro,atime /dev/foo /mnt
-
-$ mount -o atime /dev/foo /mnt</code></pre>
-
-<p>but none of these will:</p>
-
-<pre><code>$ mount -o ro,sync /dev/foo /mnt
-
-$ mount -o ro,atime,sync /dev/foo /mnt
-
-$ mount -o rw /dev/foo /mnt
-
-$ mount -o rw,noatime /dev/foo /mnt
-
-$ mount /dev/foo /mnt</code></pre>
-
-</li>
-<li><p>If multiple conditionals are specified in a single mount rule, then the rule grants permission for each set of options. This provides a shorthand when writing mount rules which might help to logically break up a conditional. For example, if an AppArmor policy has the following rule:</p>
-
-<pre><code>mount options=ro options=atime</code></pre>
-
-<p>both of these mount commands will match:</p>
-
-<pre><code>$ mount -o ro /dev/foo /mnt
-
-$ mount -o atime /dev/foo /mnt</code></pre>
-
-<p>but this one will not:</p>
-
-<pre><code>$ mount -o ro,atime /dev/foo /mnt</code></pre>
-
-</li>
-</ol>
-
-<p>Note that separate mount rules are distinct and the options do not accumulate. For example, these AppArmor mount rules:</p>
-
-<pre><code>mount options=ro,
-
-mount options=atime,</code></pre>
-
-<p>are not equivalent to either of these mount rules:</p>
-
-<pre><code>mount options=(ro,atime),
-
-mount options in (ro,atime),</code></pre>
-
-<p>To help clarify the flexibility and complexity of mount rules, here are some example rules with accompanying matching commands:</p>
-
-<dl>
-
-<dt id="mount"><b>mount,</b></dt>
-<dd>
-
-<p>the 'mount' rule without any conditionals is the most generic and allows any mount. Equivalent to 'mount fstype=** options=** ** -> /**'.</p>
-
-</dd>
-<dt id="mount-dev-foo"><b>mount /dev/foo,</b></dt>
-<dd>
-
-<p>allow mounting of /dev/foo anywhere with any options. Some matching mount commands:</p>
-
-<pre><code>$ mount /dev/foo /mnt
-
-$ mount -t ext3 /dev/foo /mnt
-
-$ mount -t vfat /dev/foo /mnt
-
-$ mount -o ro,atime,noexec,nodiratime /dev/foo /srv/some/mountpoint</code></pre>
-
-</dd>
-<dt id="mount-options-ro-dev-foo"><b>mount options=ro /dev/foo,</b></dt>
-<dd>
-
-<p>allow mounting of /dev/foo anywhere, as read only. Some matching mount commands:</p>
-
-<pre><code>$ mount -o ro /dev/foo /mnt
-
-$ mount -o ro /dev/foo /some/where/else</code></pre>
-
-</dd>
-<dt id="mount-options-ro-atime-dev-foo"><b>mount options=(ro,atime) /dev/foo,</b></dt>
-<dd>
-
-<p>allow mount of /dev/foo anywhere, as read only and using inode access times. Some matching mount commands:</p>
-
-<pre><code>$ mount -o ro,atime /dev/foo /mnt
-
-$ mount -o ro,atime /dev/foo /some/where/else</code></pre>
-
-</dd>
-<dt id="mount-options-in-ro-atime-dev-foo"><b>mount options in (ro,atime) /dev/foo,</b></dt>
-<dd>
-
-<p>allow mount of /dev/foo anywhere using some combination of 'ro' and 'atime' (see above). Some matching mount commands:</p>
-
-<pre><code>$ mount -o ro /dev/foo /mnt
-
-$ mount -o atime /dev/foo /some/where/else
-
-$ mount -o ro,atime /dev/foo /some/other/place</code></pre>
-
-</dd>
-<dt id="mount-options-ro-dev-foo-mount-options-atime-dev-foo"><b>mount options=ro /dev/foo, mount options=atime /dev/foo,</b></dt>
-<dd>
-
-<p>allow mount of /dev/foo anywhere as read only, and allow mount of /dev/foo anywhere using inode access times. Note this is expressed as two different rules. Matches:</p>
-
-<pre><code>$ mount -o ro /dev/foo /mnt/1
-
-$ mount -o atime /dev/foo /mnt/2</code></pre>
-
-</dd>
-<dt id="mount---mnt"><b>mount -> /mnt/**,</b></dt>
-<dd>
-
-<p>allow mounting anything under a directory in /mnt/**. Some matching mount commands:</p>
-
-<pre><code>$ mount /dev/foo1 /mnt/1
-
-$ mount -o ro,atime,noexec,nodiratime /dev/foo2 /mnt/deep/path/foo2</code></pre>
-
-</dd>
-<dt id="mount-options-ro---mnt"><b>mount options=ro -> /mnt/**,</b></dt>
-<dd>
-
-<p>allow mounting anything under /mnt/**, as read only. Some matching mount commands:</p>
-
-<pre><code>$ mount -o ro /dev/foo1 /mnt/1
-
-$ mount -o ro /dev/foo2 /mnt/deep/path/foo2</code></pre>
-
-</dd>
-<dt id="mount-fstype-ext3-options-rw-atime-dev-sdb1---mnt-stick"><b>mount fstype=ext3 options=(rw,atime) /dev/sdb1 -> /mnt/stick/,</b></dt>
-<dd>
-
-<p>allow mounting an ext3 filesystem in /dev/sdb1 on /mnt/stick as read/write and using inode access times. Matches only:</p>
-
-<pre><code>$ mount -o rw,atime /dev/sdb1 /mnt/stick</code></pre>
-
-</dd>
-<dt id="mount-options-ro-atime-options-in-nodev-user-dev-foo---mnt"><b>mount options=(ro, atime) options in (nodev, user) /dev/foo -> /mnt/,</b></dt>
-<dd>
-
-<p>allow mounting /dev/foo on /mmt/ read only and using inode access times or allow mounting /dev/foo on /mnt/ with some combination of 'nodev' and 'user'. Matches only:</p>
-
-<pre><code>$ mount -o ro,atime /dev/foo /mnt
-
-$ mount -o nodev /dev/foo /mnt
-
-$ mount -o user /dev/foo /mnt
-
-$ mount -o nodev,user /dev/foo /mnt</code></pre>
-
-</dd>
-</dl>
-
-<h2 id="Pivot-Root-Rules">Pivot Root Rules</h2>
-
-<p>AppArmor mediates changing of the root filesystem through the pivot_root(2) system call. The syntax of 'pivot_root' rules in AppArmor is based on the pivot_root(2) system call parameters with the notable exception that the ordering is reversed. The path corresponding to the put_old parameter of pivot_root(2) is optionally specified in the 'pivot_root' rule using the 'oldroot=' prefix.</p>
-
-<p>AppArmor 'pivot_root' rules can specify a profile transition to occur during the pivot_root(2) system call. Note that AppArmor will only transition the process calling pivot_root(2) to the new profile.</p>
-
-<p>The paths specified in 'pivot_root' rules must end with '/' since they are directories.</p>
-
-<p>Here are some example 'pivot_root' rules:</p>
-
-<pre><code># Allow any pivot
-pivot_root,
-
-# Allow pivoting to any new root directory and putting the old root
-# directory at /mnt/root/old/
-pivot_root oldroot=/mnt/root/old/,
-
-# Allow pivoting the root directory to /mnt/root/
-pivot_root /mnt/root/,
-
-# Allow pivoting to /mnt/root/ and putting the old root directory at
-# /mnt/root/old/
-pivot_root oldroot=/mnt/root/old/ /mnt/root/,
-
-# Allow pivoting to /mnt/root/, putting the old root directory at
-# /mnt/root/old/ and transition to the /mnt/root/sbin/init profile
-pivot_root oldroot=/mnt/root/old/ /mnt/root/ -> /mnt/root/sbin/init,</code></pre>
-
-<h2 id="PTrace-rules">PTrace rules</h2>
-
-<p>AppArmor supports mediation of ptrace(2). AppArmor PTrace rules are accumulated so that the granted PTrace permissions are the union of all the listed PTrace rule permissions.</p>
-
-<p>AppArmor PTrace permissions are implied when a rule does not explicitly state an access list. By default, all PTrace permissions are implied.</p>
-
-<p>The trace and tracedby permissions govern ptrace(2) while read and readby govern certain proc(5) filesystem accesses, kcmp(2), futexes (get_robust_list(2)) and perf trace events.</p>
-
-<p>For a ptrace operation to be allowed the profile of the tracing process and the profile of the target task must both have the correct permissions. For example, the profile of the process attaching to another task must have the trace permission for the target task's profile, and the task being traced must have the tracedby permission for the tracing process' profile.</p>
-
-<p>Example AppArmor PTrace rules:</p>
-
-<pre><code># Allow all PTrace access
-ptrace,
-
-# Explicitly allow all PTrace access,
-ptrace (read, readby, trace, tracedby),
-
-# Explicitly deny use of ptrace(2)
-deny ptrace (trace),
-
-# Allow unconfined processes (eg, a debugger) to ptrace us
-ptrace (readby, tracedby) peer=unconfined,
-
-# Allow ptrace of a process running under the /usr/bin/foo profile
-ptrace (trace) peer=/usr/bin/foo,</code></pre>
-
-<h2 id="Signal-rules">Signal rules</h2>
-
-<p>AppArmor supports mediation of signal(7). AppArmor signal rules are accumulated so that the granted signal permissions are the union of all the listed signal rule permissions.</p>
-
-<p>AppArmor signal permissions are implied when a rule does not explicitly state an access list. By default, all signal permissions are implied.</p>
-
-<p>For the sending of a signal to be allowed, the profile of the sending process and the profile of the target task must both have the correct permissions. For example, the profile of a process sending a signal to another task must have the send permission for the target task's profile, and the task receiving the signal must have a receive permission for the sending process' profile.</p>
-
-<p>Example AppArmor signal rules:</p>
-
-<pre><code># Allow all signal access
-signal,
-
-# Explicitly deny sending the HUP and INT signals
-deny signal (send) set=(hup, int),
-
-# Allow unconfined processes to send us signals
-signal (receive) peer=unconfined,
-
-# Allow sending of signals to a process running under the /usr/bin/foo
-# profile
-signal (send) peer=/usr/bin/foo,
-
-# Allow checking for PID existence
-signal (receive, send) set=("exists"),
-
-# Allow us to signal ourselves using the built-in @{profile_name} variable
-signal peer=@{profile_name},
-
-# Allow two real-time signals
-signal set=(rtmin+0 rtmin+32),</code></pre>
-
-<h2 id="DBus-rules">DBus rules</h2>
-
-<p>AppArmor supports DBus mediation. The mediation is performed in conjunction with the DBus daemon. The DBus daemon verifies that communications over the bus are permitted by AppArmor policy.</p>
-
-<p>AppArmor DBus rules are accumulated so that the granted DBus permissions are the union of all the listed DBus rule permissions.</p>
-
-<p>AppArmor DBus rules are broad and general and become more restrictive as further information is specified. Policy may be specified down to the interface member level (method or signal name), however the contents of messages are not examined.</p>
-
-<p>Some AppArmor DBus permissions are not compatible with all AppArmor DBus rules. The 'bind' permission cannot be used in message rules. The 'send' and 'receive' permissions cannot be used in service rules. The 'eavesdrop' permission cannot be used in rules containing any conditionals outside of the 'bus' conditional.</p>
-
-<p>'r' and 'read' are synonyms for 'receive'. 'w' and 'write' are synonyms for 'send'. 'rw' is a synonym for both 'send' and 'receive'.</p>
-
-<p>AppArmor DBus permissions are implied when a rule does not explicitly state an access list. By default, all DBus permissions are implied. Only message permissions are implied for message rules and only service permissions are implied for service rules.</p>
-
-<p>Example AppArmor DBus rules:</p>
-
-<pre><code># Allow all DBus access
-dbus,
-
-# Explicitly allow all DBus access,
-dbus (send, receive, bind),
-
-# Deny send/receive/bind access to the session bus
-deny dbus bus=session,
-
-# Allow bind access for a particular name on any bus
-dbus bind name=com.example.ExampleName,
-
-# Allow receive access for a particular path and interface
-dbus receive path=/com/example/path interface=com.example.Interface,
-
-# Deny send/receive access to the system bus for a particular interface
-deny dbus bus=system interface=com.example.ExampleInterface,
-
-# Allow send access for a particular path, interface, member, and pair of
-# peer names:
-dbus send
- bus=session
- path=/com/example/path
- interface=com.example.Interface
- member=ExampleMethod
- peer=(name=(com.example.ExampleName1|com.example.ExampleName2)),
-
-# Allow receive access for all unconfined peers
-dbus receive peer=(label=unconfined),
-
-# Allow eavesdropping on the system bus
-dbus eavesdrop bus=system,
-
-# Allow and audit all eavesdropping
-audit dbus eavesdrop,</code></pre>
-
-<h2 id="Unix-socket-rules">Unix socket rules</h2>
-
-<p>AppArmor supports fine grained mediation of unix domain abstract and anonymous sockets. Unix domain sockets with file system paths are mediated via file access rules.</p>
-
-<p>Abstract unix domain sockets is a nonportable Linux extension of unix domain sockets, see unix(7) for more information.</p>
-
-<h3 id="Unix-socket-address-paths">Unix socket address paths</h3>
-
-<p>The sun_path component (aka the socket address) of a unix domain socket is specified by the</p>
-
-<pre><code>addr=</code></pre>
-
-<p>conditional. If an address conditional is not specified as part of a rule then the rule matches both abstract and anonymous sockets.</p>
-
-<p>In apparmor the address of an abstract unix domain socket begins with the <i>@</i> character, similar to how they are reported (as paths) by netstat -x. The address then follows and may contain pattern matching and any characters including the null character. In apparmor null characters must be specified by using an escape sequence <i>\000</i> or <i>\x00</i>. The pattern matching is the same as is used by file path matching so * will not match <i>/</i> even though it has no special meaning with in an abstract socket name. Eg.</p>
-
-<pre><code>unix addr=@*,</code></pre>
-
-<p>Autobound unix domain sockets have a unix sun_path assigned to them by the kernel, as such specifying a policy based address is not possible. The autobinding of sockets can be controlled by specifying the special <i>auto</i> keyword. Eg.</p>
-
-<pre><code>unix addr=auto,</code></pre>
-
-<p>To indicate that the rule only applies to auto binding of unix domain sockets. It is important to note this only applies to the <i>bind</i> permission as once the socket is bound to an address it is indistinguishable from a socket that have an addr bound with a specified name. When the <i>auto</i> keyword is used with other permissions or as part of a peer addr it will be replaced with a pattern that can match an autobound socket. Eg. For some kernels</p>
-
-<pre><code>unix rw addr=auto,</code></pre>
-
-<p>is transformed to</p>
-
-<pre><code>unix rw addr=@[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],</code></pre>
-
-<p>It is important to note, this pattern may match abstract sockets that were not autobound but have an addr that fits what is generated by the kernel when autobinding a socket.</p>
-
-<p>Anonymous unix domain sockets have no sun_path associated with the socket address, however it can be specified with the special <i>none</i> keyword to indicate the rule only applies to anonymous unix domain sockets. Eg.</p>
-
-<pre><code>unix addr=none,</code></pre>
-
-<p>If the address component of a rule is not specified then the rule applies to autobind, abstract and anonymous sockets.</p>
-
-<h3 id="Unix-socket-permissions">Unix socket permissions</h3>
-
-<p>Unix domain socket rules are accumulated so that the granted unix socket permissions are the union of all the listed unix rule permissions.</p>
-
-<p>Unix domain socket rules are broad and general and become more restrictive as further information is specified. Policy may be specified down to the socket address (aka sun_path) and label level. The content of the communication is not examined.</p>
-
-<p>Unix socket rule permissions are implied when a rule does not explicitly state an access list. By default if a rule does not have an access list all permissions that are compatible with the specified set of local and peer conditionals are implied.</p>
-
-<p>The create, bind, listen, shutdown, getattr, setattr, getopt, and setopt permissions are local socket permissions. They are only applied to the local socket and can't be specified in rules that have a peer component. The accept permission applies to the combination of a local and peer socket. The connect, send, and receive permissions are peer socket permissions.</p>
-
-<p>Only the peer socket permissions will be applied to rules that don't specify permissions and contain a peer component.</p>
-
-<h3 id="Example-Unix-domain-socket-rules">Example Unix domain socket rules:</h3>
-
-<pre><code># Allow all permissions to unix sockets
-unix,
-
-# Explicitly allow all unix permissions
-unix (create, listen, accept, connect, send, receive, getattr, setattr, setopt, getopt),
-
-# Explicitly deny unix socket access
-deny unix,
-
-# Allow create and use of abstract and anonymous sockets for profile_name
-unix peer=(label=@{profile_name}),
-
-# Allow receiving via unix sockets from unconfined
-unix (receive) peer=(label=unconfined),
-
-# Allow getattr and shutdown on anonymous sockets
-unix (getattr, shutdown) addr=none,
-
-# Allow SOCK_STREAM connect, receive and send on an abstract socket @bar
-# with peer running under profile '/foo'
-unix (connect, receive, send) type=stream peer=(label=/foo,addr="@bar"),
-
-# Allow accepting connections from and receiving from peer running under
-# profile '/bar' on abstract socket '@foo'
-unix (accept, receive) addr=@foo peer=(label=/bar),</code></pre>
-
-<h3 id="Abstract-unix-domain-sockets-autobind">Abstract unix domain sockets autobind</h3>
-
-<p>Abstract unix domain sockets can autobind to an address. The autobind address is a unique 5 digit string of decimal numbers, eg. @00001. There is nothing that prevents a task from manually binding to addresses with a similar pattern so it is impossible to reliably identify autobind addresses from a regular address.</p>
-
-<h3 id="Interaction-of-network-rules-and-fine-grained-unix-domain-socket-rules">Interaction of network rules and fine grained unix domain socket rules</h3>
-
-<p>The coarse grained networking rules can be used to control unix domain sockets as well. When fine grained unix domain socket mediation is available the coarse grained network rule is mapped into the equivalent unix socket rule.</p>
-
-<p>E.G.</p>
-
-<pre><code>network unix, => unix,
-
-network unix stream, => unix stream,</code></pre>
-
-<p>Fine grained mediation rules however can not be losslessly converted back to the coarse grained network rule; e.g.</p>
-
-<pre><code>unix bind addr=@example,</code></pre>
-
-<p>Has no exact match under coarse grained network rules, the closest match is the much wider permission rule of</p>
-
-<pre><code>network unix,</code></pre>
-
-<h2 id="change_profile-rules">change_profile rules</h2>
-
-<p>AppArmor supports self directed profile transitions via the change_profile api. Change_profile rules control which permissions for which profiles a confined task can transition to. The profile name can contain apparmor pattern matching to specify different profiles.</p>
-
-<pre><code>change_profile -> **,</code></pre>
-
-<p>The change_profile api allows the transition to be delayed until when a task executes another application. If an exec rule transition is specified for the application and the change_profile api is used to make a transition at exec time, the transition specified by the change_profile api takes precedence.</p>
-
-<p>The Change_profile permission can restrict which profiles can be transitioned to based off of the executable name by specifying the exec condition.</p>
-
-<pre><code>change_profile /bin/bash -> new_profile,</code></pre>
-
-<p>The restricting of the transition profile to a given executable at exec time is only useful when then current task is allowed to make dynamic decisions about what confinement should be, but the decision set needs to be controlled. A list of profiles or multiple rules can be used to specify the profiles in the set. Eg.</p>
-
-<pre><code>change_profile /bin/bash -> {new_profile1,new_profile2,new_profile3},</code></pre>
-
-<p>An exec rule can be used to specify a transition for the executable, if the transition should be allowed even if the change_profile api has not been used to select a transition for those available in the change_profile rule set. Eg.</p>
-
-<pre><code>/bin/bash Px -> new_profile1,
-change_profile /bin/bash -> {new_profile1,new_profile2,new_profile3},</code></pre>
-
-<p>The exec mode dictates whether or not the Linux Kernel's <b>unsafe_exec</b> routines should be used to scrub the environment, similar to setuid programs. (See ld.so(8) for some information on setuid/setgid environment scrubbing.) The <b>safe</b> mode sets up environment scrubbing to occur when the new application is executed and <b>unsafe</b> mode disables AppArmor's requirement for environment scrubbing (the kernel and/or libc may still require environment scrubbing). An exec mode can only be specified when an exec condition is present.</p>
-
-<pre><code>change_profile safe /bin/bash -> new_profile,</code></pre>
-
-<p>Not all kernels support <b>safe</b> mode and the parser will downgrade rules to <b>unsafe</b> mode in that situation. If no exec mode is specified, the default is <b>safe</b> mode in kernels that support it.</p>
-
-<h2 id="rlimit-rules">rlimit rules</h2>
-
-<p>AppArmor can set and control the resource limits associated with a profile as described in the setrlimit(2) man page.</p>
-
-<p>The AppArmor rlimit controls allow setting of limits and restricting changes of them and these actions can be audited. Enforcement of the set limits is handled by the standard kernel enforcement mechanism for rlimits and will not result in an audited apparmor message if the limit is enforced.</p>
-
-<p>If a profile does not have an rlimit rule associated with a given rlimit then the rlimit is left alone and regular access, including changing the limit, is allowed. However if the profile sets an rlimit then the current limit is checked and if greater than the limit specified in the rule it will be changed to the specified limit.</p>
-
-<p>AppArmor rlimit rules control the hard limit of an application and ensure that if the hard limit is lowered that the soft limit does not exceed the hard limit value.</p>
-
-<p>Eg.</p>
-
-<pre><code>set rlimit data <= 100M,
-set rlimit nproc <= 10,
-set rlimit nice <= 5,</code></pre>
-
-<h2 id="Variables">Variables</h2>
-
-<p>AppArmor's policy language allows embedding variables into file rules to enable easier configuration for some common (and pervasive) setups. Variables may have multiple values assigned, but any variable assignments must be made before the start of the profile.</p>
-
-<p>The parser will automatically expand variables to include all values that they have been assigned; it is an error to reference a variable without setting at least one value. You can use empty quotes ("") to explicitly add an empty value.</p>
-
-<p>At the time of this writing, the following variables are defined in the provided AppArmor policy:</p>
-
-<pre><code>@{HOME}
-@{HOMEDIRS}
-@{multiarch}
-@{pid}
-@{pids}
-@{PROC}
-@{securityfs}
-@{apparmorfs}
-@{sys}
-@{tid}
-@{run}
-@{XDG_DESKTOP_DIR}
-@{XDG_DOWNLOAD_DIR}
-@{XDG_TEMPLATES_DIR}
-@{XDG_PUBLICSHARE_DIR}
-@{XDG_DOCUMENTS_DIR}
-@{XDG_MUSIC_DIR}
-@{XDG_PICTURES_DIR}
-@{XDG_VIDEOS_DIR}</code></pre>
-
-<p>These are defined in files in <i>/etc/apparmor.d/tunables</i> and are used in many of the abstractions described later.</p>
-
-<p>You may also add files in <i>/etc/apparmor.d/tunables/home.d</i> for site-specific customization of <b>@{HOMEDIRS}</b>, <i>/etc/apparmor.d/tunables/multiarch.d</i> for <b>@{multiarch}</b> and <i>/etc/apparmor.d/tunables/xdg-user-dirs.d</i> for <b>@{XDG_*}</b>.</p>
-
-<p>The special <b>@{profile_name}</b> variable is set to the profile name and may be used in all policy.</p>
-
-<h2 id="Alias-rules">Alias rules</h2>
-
-<p>AppArmor also provides alias rules for remapping paths for site-specific layouts. They are an alternative form of path rewriting to using variables, and are done after variable resolution. Alias rules must occur within the preamble of the profile. System-wide aliases are found in <i>/etc/apparmor.d/tunables/alias</i>, which is included by <i>/etc/apparmor.d/tunables/global</i>. <i>/etc/apparmor.d/tunables/global</i> is typically included at the beginning of an AppArmor profile.</p>
-
-<h2 id="Globbing-AARE">Globbing (AARE)</h2>
-
-<p>File resources and other parameters accepting an AARE may be specified with a globbing syntax similar to that used by popular shells, such as csh(1), bash(1), zsh(1).</p>
-
-<dl>
-
-<dt id="pod"><b>*</b></dt>
-<dd>
-
-<p>can substitute for any number of characters, excepting '/'</p>
-
-</dd>
-<dt id="pod1"><b>**</b></dt>
-<dd>
-
-<p>can substitute for any number of characters, including '/'</p>
-
-</dd>
-<dt id="pod2"><b>?</b></dt>
-<dd>
-
-<p>can substitute for any single character excepting '/'</p>
-
-</dd>
-<dt id="abc"><b>[abc]</b></dt>
-<dd>
-
-<p>will substitute for the single character a, b, or c</p>
-
-</dd>
-<dt id="a-c"><b>[a-c]</b></dt>
-<dd>
-
-<p>will substitute for the single character a, b, or c</p>
-
-</dd>
-<dt id="a-c1"><b>[^a-c]</b></dt>
-<dd>
-
-<p>will substitute for any single character not matching a, b or c</p>
-
-</dd>
-<dt id="ab-cd"><b>{ab,cd}</b></dt>
-<dd>
-
-<p>will expand to one rule to match ab, one rule to match cd</p>
-
-<p>Can also include variables.</p>
-
-</dd>
-<dt id="variable"><b>@{variable}</b></dt>
-<dd>
-
-<p>will expand to all values assigned to the given variable.</p>
-
-</dd>
-</dl>
-
-<p>When AppArmor looks up a directory the pathname being looked up will end with a slash (e.g., <i>/var/tmp/</i>); otherwise it will not end with a slash. Only rules that match a trailing slash will match directories. Some examples, none matching the <i>/tmp/</i> directory itself, are:</p>
-
-<dl>
-
-<dt id="tmp"><b>/tmp/*</b></dt>
-<dd>
-
-<p>Files directly in <i>/tmp</i>.</p>
-
-</dd>
-<dt id="tmp1"><b>/tmp/*/</b></dt>
-<dd>
-
-<p>Directories directly in <i>/tmp</i>.</p>
-
-</dd>
-<dt id="tmp2"><b>/tmp/**</b></dt>
-<dd>
-
-<p>Files and directories anywhere underneath <i>/tmp</i>.</p>
-
-</dd>
-<dt id="tmp3"><b>/tmp/**/</b></dt>
-<dd>
-
-<p>Directories anywhere underneath <i>/tmp</i>.</p>
-
-</dd>
-</dl>
-
-<h2 id="Rule-Qualifiers">Rule Qualifiers</h2>
-
-<p>There are several rule qualifiers that can be applied to permission rules. Rule qualifiers can modify the rule and/or permissions within the rule.</p>
-
-<dl>
-
-<dt id="allow"><b>allow</b></dt>
-<dd>
-
-<p>Specifies that permissions requests that match the rule are allowed. This is the default value for rules and does not need to be specified. Conflicts with the <i>deny</i> qualifier.</p>
-
-</dd>
-<dt id="audit"><b>audit</b></dt>
-<dd>
-
-<p>Specifies that permissions requests that match the rule should be recorded to the audit log.</p>
-
-</dd>
-<dt id="deny"><b>deny</b></dt>
-<dd>
-
-<p>Specifies that permissions requests that match the rule should be denied without logging. Can be combined with 'audit' to enable logging. Conflicts with the <i>allow</i> qualifier.</p>
-
-</dd>
-<dt id="owner"><b>owner</b></dt>
-<dd>
-
-<p>Specifies that the task must have the same euid/fsuid as the object being referenced by the permission check.</p>
-
-</dd>
-</dl>
-
-<h3 id="Qualifier-Blocks">Qualifier Blocks</h3>
-
-<p>Rule Qualifiers can be applied to multiple rules at a time by grouping the rules into a rule block.</p>
-
-<pre><code>audit {
- /foo r,
- network,
-}</code></pre>
-
-<h2 id="include-mechanism">#include mechanism</h2>
-
-<p>AppArmor provides an easy abstraction mechanism to group common access requirements; this abstraction is an extremely flexible way to grant site-specific rights and makes writing new AppArmor profiles very simple by assembling the needed building blocks for any given program.</p>
-
-<p>The use of '#include' is modelled directly after cpp(1); its use will replace the '#include' statement with the specified file's contents. The leading '#' is optional, and the '#include' keyword can be followed by an option conditional 'if exists' that specifies profile compilation should continue if the specified file or directory is not found.</p>
-
-<p><b>#include "/absolute/path"</b> specifies that <i>/absolute/path</i> should be used. <b>#include "relative/path"</b> specifies that <i>relative/path</i> should be used, where the path is relative to the current working directory. <b>#include <magic/path></b> is the most common usage; it will load <i>magic/path</i> relative to a directory specified to apparmor_parser(8). <i>/etc/apparmor.d/</i> is the AppArmor default.</p>
-
-<p>The supplied AppArmor profiles follow several conventions; the abstractions stored in <i>/etc/apparmor.d/abstractions/</i> are some large clusters that are used in most profiles. What follows are short descriptions of how some of the abstractions are used.</p>
-
-<dl>
-
-<dt id="abstractions-audio"><i>abstractions/audio</i></dt>
-<dd>
-
-<p>Includes accesses to device files used for audio applications.</p>
-
-</dd>
-<dt id="abstractions-authentication"><i>abstractions/authentication</i></dt>
-<dd>
-
-<p>Includes access to files and services typically necessary for services that perform user authentication.</p>
-
-</dd>
-<dt id="abstractions-base"><i>abstractions/base</i></dt>
-<dd>
-
-<p>Includes files that should be readable and writable in all profiles.</p>
-
-</dd>
-<dt id="abstractions-bash"><i>abstractions/bash</i></dt>
-<dd>
-
-<p>Includes many files used by bash; useful for interactive shells and programs that call system(3).</p>
-
-</dd>
-<dt id="abstractions-consoles"><i>abstractions/consoles</i></dt>
-<dd>
-
-<p>Includes read and write access to the device files controlling the virtual console, sshd(8), xterm(1), etc. This abstraction is needed for many programs that interact with users.</p>
-
-</dd>
-<dt id="abstractions-fonts"><i>abstractions/fonts</i></dt>
-<dd>
-
-<p>Includes access to fonts and the font libraries.</p>
-
-</dd>
-<dt id="abstractions-gnome"><i>abstractions/gnome</i></dt>
-<dd>
-
-<p>Includes read and write access to GNOME configuration files, as well as read access to GNOME libraries.</p>
-
-</dd>
-<dt id="abstractions-kde"><i>abstractions/kde</i></dt>
-<dd>
-
-<p>Includes read and write access to KDE configuration files, as well as read access to KDE libraries.</p>
-
-</dd>
-<dt id="abstractions-kerberosclient"><i>abstractions/kerberosclient</i></dt>
-<dd>
-
-<p>Includes file access rules needed for common kerberos clients.</p>
-
-</dd>
-<dt id="abstractions-nameservice"><i>abstractions/nameservice</i></dt>
-<dd>
-
-<p>Includes file rules to allow DNS, LDAP, NIS, SMB, user and group password databases, services, and protocols lookups.</p>
-
-</dd>
-<dt id="abstractions-perl"><i>abstractions/perl</i></dt>
-<dd>
-
-<p>Includes read access to perl modules.</p>
-
-</dd>
-<dt id="abstractions-user-download"><i>abstractions/user-download</i></dt>
-<dd>
-
-</dd>
-<dt id="abstractions-user-mail"><i>abstractions/user-mail</i></dt>
-<dd>
-
-</dd>
-<dt id="abstractions-user-manpages"><i>abstractions/user-manpages</i></dt>
-<dd>
-
-</dd>
-<dt id="abstractions-user-tmp"><i>abstractions/user-tmp</i></dt>
-<dd>
-
-</dd>
-<dt id="abstractions-user-write"><i>abstractions/user-write</i></dt>
-<dd>
-
-<p>Some profiles for typical "user" programs will use these include files to describe rights that users have in the system.</p>
-
-</dd>
-<dt id="abstractions-wutmp"><i>abstractions/wutmp</i></dt>
-<dd>
-
-<p>Includes write access to files used to maintain wtmp(5) and utmp(5) databases, used with the w(1) and associated commands.</p>
-
-</dd>
-<dt id="abstractions-X"><i>abstractions/X</i></dt>
-<dd>
-
-<p>Includes read access to libraries, configuration files, X authentication files, and the X socket.</p>
-
-</dd>
-</dl>
-
-<p>Some of the abstractions rely on variables that are set in files in the <i>/etc/apparmor.d/tunables/</i> directory. These variables are currently <b>@{HOME}</b> and <b>@{HOMEDIRS}</b>. Variables cannot be set in profile scope; they can only be set before the profile. Therefore, any profiles that use abstractions should either <b>#include <tunables/global></b> or otherwise ensure that <b>@{HOME}</b> and <b>@{HOMEDIRS}</b> are set before starting the profile definition. The aa-autodep(8) and aa-genprof(8) utilities will automatically emit <b>#include <tunables/global></b> in generated profiles.</p>
-
-<h2 id="Feature-ABI">Feature ABI</h2>
-
-<p>The feature abi tells AppArmor which feature set the policy was developed under. This is important to ensure that kernels with a different feature set don't enforce features that the policy doesn't support, which can result in unexpected application failures.</p>
-
-<p>When policy is compiled both the kernel feature abi and policy feature abi are consulted to build a policy that will work for the system's kernel.</p>
-
-<p>If the kernel supports a feature not supported by the policy then policy will be built so that the kernel does NOT enforce that feature.</p>
-
-<p>If the policy supports a feature not supported by the kernel the compile may downgrade the rule with the feature to something the kernel supports, drop the rule completely, or fail the compile.</p>
-
-<p>If the policy abi is specified as <b>kernel</b> then the running kernel's abi will be used. This should never be used in shipped policy as it can cause system breakage when a new kernel is installed.</p>
-
-<h3 id="ABI-compatibility-with-AppArmor-2.x">ABI compatibility with AppArmor 2.x</h3>
-
-<p>AppArmor 3 remains compatible with AppArmor 2.x by detecting when a profile does not have a feature ABI specified. In this case the policy compile will either apply the pinned feature ABI as specified by the config file or the command line, or if neither of those are applied by using a default feature ABI.</p>
-
-<p>It is important to note that the default feature ABI does not support new features added in AppArmor 3 or later.</p>
-
-<h1 id="EXAMPLE">EXAMPLE</h1>
-
-<p>An example AppArmor profile:</p>
-
-<pre><code># which feature abi the policy was developed with
-abi <abi/3.0>,
-
-# a variable definition in the preamble
-@{HOME} = /home/*/ /root/
-
-# a comment about foo.
-/usr/bin/foo {
- /bin/mount ux,
- /dev/{,u}random r,
- /etc/ld.so.cache r,
- /etc/foo.conf r,
- /etc/foo/* r,
- /lib/ld-*.so* rmix,
- /lib/lib*.so* r,
- /proc/[0-9]** r,
- /usr/lib/** r,
- /tmp/foo.pid wr,
- /tmp/foo.* lrw,
- /@{HOME}/.foo_file rw,
- /usr/bin/baz Cx -> baz,
-
- # a comment about foo's hat (subprofile), bar.
- ^bar {
- /lib/ld-*.so* rmix,
- /usr/bin/bar rmix,
- /var/spool/* rwl,
- }
-
- # a comment about foo's subprofile, baz.
- profile baz {
- #include <abstractions/bash>
- owner /proc/[0-9]*/stat r,
- /bin/bash ixr,
- /var/lib/baz/ r,
- owner /var/lib/baz/* rw,
- }
-}</code></pre>
-
-<h1 id="FILES">FILES</h1>
-
-<dl>
-
-<dt id="etc-init.d-boot.apparmor"><i>/etc/init.d/boot.apparmor</i></dt>
-<dd>
-
-</dd>
-<dt id="etc-apparmor.d"><i>/etc/apparmor.d/</i></dt>
-<dd>
-
-</dd>
-</dl>
-
-<h1 id="KNOWN-BUGS">KNOWN BUGS</h1>
-
-<ul>
-
-<li><p>Mount options support the use of pattern matching but mount flags are not correctly intersected against specified patterns. Eg, 'mount options=**,' should be equivalent to 'mount,', but it is not. (LP: #965690)</p>
-
-</li>
-<li><p>The fstype may not be matched against when certain mount command flags are used. Specifically fstype matching currently only works when creating a new mount and not remount, bind, etc.</p>
-
-</li>
-<li><p>Mount rules with multiple 'options' conditionals are not applied as documented but instead merged such that 'options in (ro,nodev) options in (atime)' is equivalent to 'options in (ro,nodev,atime)'.</p>
-
-</li>
-<li><p>When specifying mount options with the 'in' conditional, both the positive and negative values match when specifying one or the other. Eg, 'rw' matches when 'ro' is specified and 'dev' matches when 'nodev' is specified such that 'options in (ro,nodev)' is equivalent to 'options in (rw,dev)'.</p>
-
-</li>
-</ul>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7), apparmor_parser(8), apparmor_xattrs(7), aa-complain(1), aa-enforce(1), aa_change_hat(2), mod_apparmor(5), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> apparmor.d - syntax of security profiles for AppArmor.</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
index e5c0317385bcfe8a9cd5f3d5761c83373a5acf88..d5493d74f7a89e0000ab885ac64edb43af358ce2 100644
--- a/parser/apparmor.d.pod
+++ b/parser/apparmor.d.pod
@@ -113,9 +113,13 @@ B<XATTR VALUE FILEGLOB> = I<FILEGLOB>
B<PROFILE FLAG CONDS> = [ 'flags=' ] '(' comma or white space separated list of I<PROFILE FLAGS> ')'
-B<PROFILE FLAGS> = I<PROFILE MODE> | I<AUDIT_MODE> | 'mediate_deleted' | 'attach_disconnected' | 'chroot_relative'
+B<PROFILE FLAGS> = I<PROFILE MODE> | I<AUDIT_MODE> | 'mediate_deleted'
+| 'attach_disconnected' | 'attach_disconneced.path='I<ABS PATH> | 'chroot_relative'
+| 'debug' | 'interruptible' | 'kill.signal='I<SIGNAL> | 'error='I<ERROR CODE>
-B<PROFILE MODE> = 'enforce' | 'complain' | 'kill' | 'unconfined'
+B<ERROR CODE> = (case insensitive error code name starting with 'E'; see errno(3))
+
+B<PROFILE MODE> = 'enforce' | 'complain' | 'kill' | 'default_allow' | 'unconfined' | 'prompt'
B<AUDIT MODE> = 'audit'
@@ -123,7 +127,7 @@ B<RULES> = [ ( I<LINE RULES> | I<COMMA RULES> ',' | I<BLOCK RULES> )
B<LINE RULES> = ( I<COMMENT> | I<INCLUDE> ) [ '\r' ] '\n'
-B<COMMA RULES> = ( I<CAPABILITY RULE> | I<NETWORK RULE> | I<MOUNT RULE> | I<PIVOT ROOT RULE> | I<UNIX RULE> | I<FILE RULE> | I<LINK RULE> | I<CHANGE_PROFILE RULE> | I<RLIMIT RULE> | I<DBUS RULE> )
+B<COMMA RULES> = ( I<CAPABILITY RULE> | I<NETWORK RULE> | I<MOUNT RULE> | I<PIVOT ROOT RULE> | I<UNIX RULE> | I<FILE RULE> | I<LINK RULE> | I<CHANGE_PROFILE RULE> | I<RLIMIT RULE> | I<DBUS RULE> | I<MQUEUE RULE> | I<IO_URING RULE> | I<USERNS RULE> | I<ALL RULE>)
B<BLOCK RULES> = ( I<SUBPROFILE> | I<HAT> | I<QUALIFIER BLOCK> )
@@ -135,9 +139,11 @@ B<HATNAME> = (must start with alphanumeric character. See aa_change_hat(2) for a
B<QUALIFIER BLOCK> = I<QUALIFIERS> I<BLOCK>
+B<INTEGER> = (+ | -)? [[:digit:]]+
+
B<ACCESS TYPE> = ( 'allow' | 'deny' )
-B<QUALIFIERS> = [ 'audit' ] [ I<ACCESS TYPE> ]
+B<QUALIFIERS> = [ 'priority' '=' <INTEGER> ] [ 'audit' ] [ I<ACCESS TYPE> ]
B<CAPABILITY RULE> = [ I<QUALIFIERS> ] 'capability' [ I<CAPABILITY LIST> ]
@@ -146,7 +152,14 @@ B<CAPABILITY LIST> = ( I<CAPABILITY> )+
B<CAPABILITY> = (lowercase capability name without 'CAP_' prefix; see
capabilities(7))
-B<NETWORK RULE> = [ I<QUALIFIERS> ] 'network' [ I<DOMAIN> ] [ I<TYPE> | I<PROTOCOL> ]
+B<NETWORK RULE> = [ I<QUALIFIERS> ] 'network' [ I<NETWORK ACCESS EXPR> ] [ I<DOMAIN> ] [ I<TYPE> | I<PROTOCOL> ] [ I<NETWORK LOCAL EXPR> ] [ I<NETWORK PEER EXPR> ]
+
+B<NETWORK ACCESS EXPR> = ( I<NETWORK ACCESS> | I<NETWORK ACCESS LIST> )
+
+B<NETWORK ACCESS> = ( 'create' | 'bind' | 'listen' | 'accept' | 'connect' | 'shutdown' | 'getattr' | 'setattr' | 'getopt' | 'setopt' | 'send' | 'receive' | 'r' | 'w' | 'rw' )
+ Some access modes are incompatible with some rules.
+
+B<NETWORK ACCESS LIST> = '(' I<NETWORK ACCESS> ( [','] I<NETWORK ACCESS> )* ')'
B<DOMAIN> = ( 'unix' | 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' | 'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' | 'netbeui' | 'security' | 'key' | 'netlink' | 'packet' | 'ash' | 'econet' | 'atmsvc' | 'rds' | 'sna' | 'irda' | 'pppox' | 'wanpipe' | 'llc' | 'ib' | 'mpls' | 'can' | 'tipc' | 'bluetooth' | 'iucv' | 'rxrpc' | 'isdn' | 'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' | 'vsock' | 'kcm' | 'qipcrtr' | 'smc' | 'xdp' | 'mctp' ) ','
@@ -154,6 +167,22 @@ B<TYPE> = ( 'stream' | 'dgram' | 'seqpacket' | 'rdm' | 'raw' | 'packet' )
B<PROTOCOL> = ( 'tcp' | 'udp' | 'icmp' )
+B<NETWORK LOCAL EXPR> = ( I<NETWORK IP COND> | I<NETWORK PORT COND> )*
+ Each cond can appear at most once.
+
+B<NETWORK PEER EXPR> = 'peer' '=' '(' ( I<NETWORK IP COND> | I<NETWORK PORT COND> )+ ')'
+ Each cond can appear at most once.
+
+B<NETWORK IP COND> = 'ip' '=' ( 'none' | I<NETWORK IPV4> | I<NETWORK IPV6> )
+
+B<NETWORK PORT COND> = 'port' '=' ( I<NETWORK PORT> | I<NETWORK PORT> '-' I<NETWORK PORT> )
+
+B<NETWORK IPV4> = IPv4, represented by four 8-bit decimal numbers separated by '.'
+
+B<NETWORK IPV6> = IPv6, represented by eight groups of four hexadecimal numbers separated by ':'. Shortened representation of contiguous zeros is allowed by using '::'
+
+B<NETWORK PORT> = 16-bit number ranging from 0 to 65535
+
B<MOUNT RULE> = ( I<MOUNT> | I<REMOUNT> | I<UMOUNT> )
B<MOUNT> = [ I<QUALIFIERS> ] 'mount' [ I<MOUNT CONDITIONS> ] [ I<SOURCE FILEGLOB> ] [ '-E<gt>' [ I<MOUNTPOINT FILEGLOB> ]
@@ -176,6 +205,30 @@ B<MOUNT FLAGS> = ( 'ro' | 'rw' | 'nosuid' | 'suid' | 'nodev' | 'dev' | 'noexec'
B<MOUNT EXPRESSION> = ( I<ALPHANUMERIC> | I<AARE> ) ...
+B<MQUEUE_RULE> = [ I<QUALIFIERS> ] 'mqueue' [ I<MQUEUE ACCESS PERMISSIONS> ] [ I<MQUEUE TYPE> ] [ I<MQUEUE LABEL> ] [ I<MQUEUE NAME> ]
+
+B<MQUEUE ACCESS PERMISSIONS> = I<MQUEUE ACCESS> | I<MQUEUE ACCESS LIST>
+
+B<MQUEUE ACCESS LIST> = '(' Comma or space separated list of I<MQUEUE ACCESS> ')'
+
+B<MQUEUE ACCESS> = ( 'r' | 'w' | 'rw' | 'read' | 'write' | 'create' | 'open' | 'delete' | 'getattr' | 'setattr' )
+
+B<MQUEUE TYPE> = 'type' '=' ( 'posix' | 'sysv' )
+
+B<MQUEUE LABEL> = 'label' '=' '(' '"' I<AARE> '"' | I<AARE> ')'
+
+B<MQUEUE NAME> = I<AARE>
+
+B<USERNS RULE> = [ I<QUALIFIERS> ] 'userns' [ I<USERNS ACCESS PERMISSIONS> ]
+
+B<USERNS ACCESS PERMISSIONS> = ( 'create' )
+
+B<IO_URING RULE> = [ I<QUALIFIERS> ] 'io_uring' [ I<IO_URING ACCESS PERMISSIONS> [ I<IO_URING LABEL> ]
+
+B<IO_URING ACCESS PERMISSIONS> = ( 'sqpoll' | 'override_creds' )
+
+B<IO_URING LABEL> = 'label' '=' '(' '"' I<AARE> '"' | I<AARE> ')'
+
B<PIVOT ROOT RULE> = [ I<QUALIFIERS> ] pivot_root [ oldroot=I<OLD PUT FILEGLOB> ] [ I<NEW ROOT FILEGLOB> ] [ '-E<gt>' I<PROFILE NAME> ]
B<SOURCE FILEGLOB> = I<FILEGLOB>
@@ -204,9 +257,9 @@ B<SIGNAL ACCESS> = ( 'r' | 'w' | 'rw' | 'read' | 'write' | 'send' | 'receive' )
B<SIGNAL SET> = 'set' '=' '(' I<SIGNAL LIST> ')'
-B<SIGNAL LIST> = Comma or space separated list of I<SIGNALS>
+B<SIGNAL LIST> = Comma or space separated list of I<SIGNAL>s
-B<SIGNALS> = ( 'hup' | 'int' | 'quit' | 'ill' | 'trap' | 'abrt' | 'bus' | 'fpe' | 'kill' | 'usr1' | 'segv' | 'usr2' | 'pipe' | 'alrm' | 'term' | 'stkflt' | 'chld' | 'cont' | 'stop' | 'stp' | 'ttin' | 'ttou' | 'urg' | 'xcpu' | 'xfsz' | 'vtalrm' | 'prof' | 'winch' | 'io' | 'pwr' | 'sys' | 'emt' | 'exists' | 'rtmin+0' ... 'rtmin+32' )
+B<SIGNAL> = ( 'hup' | 'int' | 'quit' | 'ill' | 'trap' | 'abrt' | 'bus' | 'fpe' | 'kill' | 'usr1' | 'segv' | 'usr2' | 'pipe' | 'alrm' | 'term' | 'stkflt' | 'chld' | 'cont' | 'stop' | 'stp' | 'ttin' | 'ttou' | 'urg' | 'xcpu' | 'xfsz' | 'vtalrm' | 'prof' | 'winch' | 'io' | 'pwr' | 'sys' | 'emt' | 'exists' | 'rtmin+0' ... 'rtmin+32' )
B<SIGNAL PEER> = 'peer' '=' I<AARE>
@@ -320,6 +373,8 @@ B<EXEC_MODE> = ( 'safe' | 'unsafe' )
B<EXEC COND> = I<FILEGLOB>
+B<ALL RULE> = 'all'
+
=back
All resources and programs need a full path. There may be any number of
@@ -438,12 +493,41 @@ a signal to kill it.
permission the action will be allowed, but the violation will be logged
with a tag of the access being B<ALLOWED>.
+=item B<default_allow> This mode changes the default behavior of
+apparmor from default deny to default allow. When default_allow is
+specified the resulting profile will allow operations that the profile
+does not have a rule for. This mode is similar to I<unconfined> but
+allows for allow and deny rules, specifying audit, and domain
+transitions. Profiles in this mode may be be reported as being in
+I<enforce> mode or I<allow> mode when introspected from the kernel.
+
+Note: default_allow is similar and for many profiles will be equivalent
+to specifying an I<allow all,> rule in the profile. The default_allow
+flag does not provide all the same option that the I<allow all,> rule
+provides.
+
=item B<unconfined> This mode allows a task confined by the profile to
-behave as though they are I<unconfined>. This mode allow for an
-unconfined behavior that can be later changed to confinement by using
-profile replacement. This mode is should not be used under regular
-deployment but can be useful during debugging and some system
-initialization scenarios.
+behave as though it is I<unconfined>. The unconfined behavior can be
+later changed to confinement by using profile replacement. This mode
+should not be used under regular deployment but can be useful during
+debugging and some system initialization scenarios.
+
+This mode is similar to default_allow and may be emulated by
+default_allow in kernels that no longer support a true unconfined
+mode. It does not generally allow for specifying deny rules, or allow
+rules that override the default behavior, except in a few custom
+kernels where unconfined restricts a few operations. It relies on
+special customized behavior of the unconfined profile in the kernel
+and as such should only be used for debugging.
+
+Note: true unconfined is being phased out, with unconfined becoming a
+replaceable profile. As such unconfined mode will be emulated by a
+special profile compiled with the default_allow flag in newer kernels.
+
+=item B<prompt> This mode allows task mediation to send an up call to
+userspace to ask for a decision when there isn't a rule covering the
+permission request. If userspace does not respond then the access
+will be denied.
=back
@@ -472,9 +556,27 @@ though they are part of the namespace. WARNING this mode is unsafe and
can result in aliasing and access to objects that should not be
allowed. Its intent is a debug and policy development tool.
+=item B<attach_disconnected.path>=I<ABS PATH> Like attach_disconnected, but
+attach disconnected objects to the supplied path instead of the root of
+the namespace.
+
=item B<chroot_relative> This forces file names to be relative to a
chroot and behave as if the chroot is a mount namespace.
+=item B<debug> This flag allows turning on kernel debug messages on
+a per profile basis. It works in conjunction with other kernel debug
+flags to control what messages will be output. Its effect is kernel
+dependent, and it should never appear in policy except when trying
+to debug kernel or policy problems.
+
+=item B<interruptible> Enables interrupts for prompt upcall to userspace.
+
+=item B<kill.signal>=I<SIGNAL> This changes the signal that will be
+sent by AppArmor when in kill mode or a kill rule has been violated.
+
+=item B<error>=I<ERROR CODE> This changes the error code returned by
+AppArmor when a rule has been violated.
+
=back
=head2 Access Modes
@@ -840,11 +942,10 @@ and other operations that are typically reserved for the root user.
=head2 Network Rules
-AppArmor supports simple coarse grained network mediation. The network
-rule restrict all socket(2) based operations. The mediation done is
-a coarse-grained check on whether a socket of a given type and family
-can be created, read, or written. There is no mediation based of port
-number or protocol beyond tcp, udp, and raw. Network netlink(7) rules may
+AppArmor supports simple coarse grained network mediation. The
+network rule restrict all socket(2) based operations. The mediation
+done is a coarse-grained check on whether a socket of a given type and
+family can be created, read, or written. Network netlink(7) rules may
only specify type 'dgram' and 'raw'.
AppArmor network rules are accumulated so that the granted network
@@ -861,6 +962,49 @@ eg.
network inet6 tcp, #allow access to tcp only for inet6 addresses
network netlink raw, #allow access to AF_NETLINK SOCK_RAW
+=head3 Network permissions
+
+Network rule permissions are implied when a rule does not explicitly
+state an access list. By default if a rule does not have an access
+list all permissions that are compatible with the specified set of
+local and peer conditionals are implied.
+
+The create, bind, listen, shutdown, getattr, setattr, getopt, and
+setopt permissions are local socket permissions. They are only applied
+to the local socket and can't be specified in rules that have a peer
+conditional. The accept permission applies to the combination of a
+local and peer socket. The connect, send, and receive permissions are
+peer socket permissions.
+
+=head3 Mediation of inet/inet6 family
+
+AppArmor supports fine grained mediation of the inet and inet6
+families by using the ip and port conditionals. The ip conditional
+accepts both IPv4 and IPv6 using the regular representation of four
+octets separated by '.' for IPv4 and eight groups of four hexadecimal
+numbers separated by ':' for IPv6. Contiguous leading zeros can be
+replaced by '::' once. On a connected socket, the sender and receiver
+don't need to be specified in the recvfrom and sendto system calls. In
+that case, and with unbounded sockets, the IP address is none, or
+unknown. Unknown or Unbound IP addresses are represented in policy by the
+'none' keyword. When the ip conditional is omitted, then all IP
+addresses will be allowed: IPv4, IPv6 and none. If INADDR_ANY or
+in6addr_any is used, then the ip conditional can be omitted or they
+can be represented by:
+
+ network ip=::, #allow in6addr_any
+ network ip=0.0.0.0; #allow INADDR_ANY
+
+The network rules support the specification of local and remote IP
+addresses, ports, and port ranges.
+
+ network ip=127.0.0.1 port=8080,
+ network peer=(ip=10.139.15.23 port=8081),
+ network ip=fd74:1820:b03a:b361::cf32 peer=(ip=fd74:1820:b03a:b361::a0f9),
+ network port=8080 peer=(port=8081),
+ network ip=127.0.0.1 port=8080 peer=(ip=10.139.15.23 port=8081),
+ network ip=127.0.0.1 port=8080-8084,
+
=head2 Mount Rules
AppArmor supports mount mediation and allows specifying filesystem types and
@@ -880,7 +1024,7 @@ If a conditional is specified using '=', then the rule only grants permission
for mounts matching the exactly specified options. For example, an AppArmor
policy with the following rule:
- mount options=ro /dev/foo -E<gt> /mnt/,
+ mount options=ro /dev/foo -> /mnt/,
Would match:
@@ -927,7 +1071,7 @@ grants permission for each set of options. This provides a shorthand when
writing mount rules which might help to logically break up a conditional. For
example, if an AppArmor policy has the following rule:
- mount options=ro options=atime
+ mount options=ro options=atime,
both of these mount commands will match:
@@ -1057,6 +1201,134 @@ Matches only:
=back
+=head2 Message Queue rules
+
+AppArmor supports mediation of POSIX and SYSV message queues.
+
+AppArmor Message Queue permissions are implied when a rule does not explicitly
+state an access list. By default, all Message Queue permissions are implied.
+
+AppArmor Message Queue permissions become more restricted as further information
+is specified. Policy can be specified by determining its access mode, type,
+label, and message queue name.
+
+Regarding access modes, 'r' and 'read' are used to read messages from the queue.
+'w' and 'write' are used to write to the message queue. 'create' is used to create
+the message queue, and 'open' is used to get the message queue identifier when the
+queue is already created. 'delete' is used to remove the message queue. The access
+modes to get and set attributes of the message queue are 'setattr' and 'getattr'.
+
+The type of the policy can be either 'posix' or 'sysv'. This information is
+relevant when the message queue name is not specified, and when specified can be
+inferred by the queue name, since message queues' name for posix must start with '/',
+and message queues' key for SYSV must be a positive integer.
+
+The policy label is the label assigned to the message queue when it is created.
+
+The message queue name can be either a string starting with '/' if the type
+is POSIX, or a positive integer if the type is SYSV. If the type is not
+specified, then it will be inferred by the queue name.
+
+Example AppArmor Message Queue rules:
+
+ # Allow all Message Queue access
+ mqueue,
+
+ # Explicitly allow all Message Queue access,
+ mqueue (create, open, delete, read, write, getattr, setattr),
+
+ # Explicitly deny use of Message Queue
+ deny mqueue,
+
+ # Allow all access for POSIX queue of name /bar
+ mqueue type=posix /bar,
+
+ # Allow create permission for a SYSV queue of label foo
+ mqueue create label=foo 123,
+
+=head2 User Namespace Rules
+
+User namespaces are part of many sandboxing and containerization
+solutions. They provide a way for a non-system root process to be
+root within the container. Unfortunately this opens up attack surface
+in the kernel and has been part of several exploit chains. As such
+AppArmor can be used to restrict the creation of user namespaces to
+select processes.
+
+User namespace permission are implied when a rule does not explicitly
+state an access list. The rule becomes more restrictive as further
+information is specified.
+
+Note: user namespace creation may be restricted so that it is not
+available to unprivieged unconfined processes. If this is the case any
+process trying to create user namespaces will require a profile that
+allows the necessary permissions.
+
+=over 4
+
+=item B<create>
+
+Allow creation of user namespaces.
+
+=back
+
+Example userns rules:
+
+=over 4
+
+ # Allow all userns perms
+ userns,
+
+ # Allow creation of a userns
+ userns create,
+
+=back
+
+=head2 IO_URing Rules
+
+AppArmor supports mediation of the new Linux high speed IO interface.
+There is limited mediation at this time to just a few permissions at
+the moment.
+
+IO Uring permission are implied when a rule does not explicitly state
+an access list. The rule becomes more restrictive as further
+information is specified.
+
+Note: io_uring access may be restricted so that it is not available to
+unprivileged unconfined processes. If this is the case any process
+trying to use io_uring will require a profile that allows the
+necessary io_uring permissions.
+
+=over 4
+
+=item B<sqpoll>
+
+All the task confined by the profile to spawn a io_uring polling
+thread.
+
+=item B<override_creds>
+
+Grants the task confined by the profile to override (change) its
+credentials to the specified label, when executing an io_uring
+operation.
+
+=back
+
+Example IO_URING rules:
+
+=over 4
+
+ # Allow io_uring operations
+ io_uring,
+
+ # Allow creation of a polling thread
+ io_uring sqpoll,
+
+ # Allow task to override credentials during io_uring operation
+ io_uring override_creds label=new_creds,
+
+=back
+
=head2 Pivot Root Rules
AppArmor mediates changing of the root filesystem through the pivot_root(2)
@@ -1067,8 +1339,9 @@ pivot_root(2) is optionally specified in the 'pivot_root' rule using the
'oldroot=' prefix.
AppArmor 'pivot_root' rules can specify a profile transition to occur during
-the pivot_root(2) system call. Note that AppArmor will only transition the
-process calling pivot_root(2) to the new profile.
+the pivot_root(2) system call. Note that currently, this feature is not
+supported by any kernel. When this feature will be supported, AppArmor will
+only transition the process calling pivot_root(2) to the new profile.
The paths specified in 'pivot_root' rules must end with '/' since they are
directories.
@@ -1430,6 +1703,26 @@ Not all kernels support B<safe> mode and the parser will downgrade rules to
B<unsafe> mode in that situation. If no exec mode is specified, the default is
B<safe> mode in kernels that support it.
+=head2 all rule
+
+The all rule is used to add a generic rule for all supported rule types.
+This is useful when policy wants to define a black list instead of
+white list, but can also be useful to add an access qualifier to all
+rules.
+
+Eg. Black list
+
+ allow all,
+ # begin blacklist
+ deny file,
+ deny unix,
+
+
+Eg. Adding audit qualifier
+
+ audit access all,
+
+
=head2 rlimit rules
AppArmor can set and control the resource limits associated with a
@@ -1503,6 +1796,61 @@ F</etc/apparmor.d/tunables/xdg-user-dirs.d> for B<@{XDG_*}>.
The special B<@{profile_name}> variable is set to the profile name and may be
used in all policy.
+=head3 Notes on variable expansion and the / character
+
+It is important to note that how AppArmor performs variable expansion
+depends on the context where a variable is used. When a variable is
+expanded it can result in a string with multiple path characters
+next to each other, in a way that is not evident when looking at
+policy.
+
+Eg.
+
+=over 4
+
+Given the following variable definition and rule
+
+@{HOME}=/home/*/
+file rw @{HOME}/*,
+
+The variable expansion results in a rule of
+
+file rw /home/*//*.
+
+=back
+
+When this occurs in a context where a path is expected, AppArmor will
+canonicalize the path by collapsing consecutive / characters into
+a single character. For the above example, this would be
+
+ file rw /home/*/*,
+
+There is one exception to this rule, when the consecutive / characters
+are at the beginning of a path, this indicates a posix namespace
+and the characters will not be collapsed.
+
+Eg.
+
+=over 4
+
+@{HOME}=/home/*/
+file rw /@{HOME}/*,
+
+will result in an expansion of
+
+file rw //home/*//*,
+
+which is collapsed to
+
+file rw //home/*/*,
+
+Note: that the leading // in the above example is not collapsed to a
+single /. However the second // (that was also seen in the first
+example) is collapsed.
+
+=back
+
+
=head2 Alias rules
AppArmor also provides alias rules for remapping paths for site-specific
@@ -1589,6 +1937,17 @@ Rule qualifiers can modify the rule and/or permissions within the rule.
=over 4
+=item B<priority>
+
+Specifies the priority of the rule. Currently the allowed range is
+-1000 to 1000 with the default priority of rule is 0. Rules with
+higher priority are given preferences and will completely override
+permissions of lower priority rules where they overlap. When rules
+partially overlap the permissions of the higher priority rule will
+completely override lower priority rules within in overlap. Within a
+given priority level rules that overlap will accumulate permissions in
+the standard apparmor fashion.
+
=item B<allow>
Specifies that permissions requests that match the rule are allowed. This
@@ -1793,7 +2152,7 @@ An example AppArmor profile:
/usr/lib/** r,
/tmp/foo.pid wr,
/tmp/foo.* lrw,
- /@{HOME}/.foo_file rw,
+ @{HOME}/.foo_file rw,
/usr/bin/baz Cx -> baz,
# a comment about foo's hat (subprofile), bar.
@@ -1817,8 +2176,6 @@ An example AppArmor profile:
=over 4
-=item F</etc/init.d/boot.apparmor>
-
=item F</etc/apparmor.d/>
=back
diff --git a/parser/apparmor.pod b/parser/apparmor.pod
index 95c10d09dc3195785a24b3e4d56a4583a522c4bd..0d2a01bed911f93fe7d27e732a46441f9952741b 100644
--- a/parser/apparmor.pod
+++ b/parser/apparmor.pod
@@ -36,12 +36,11 @@ of resources. AppArmor's unique security model is to bind access control
attributes to programs rather than to users.
AppArmor confinement is provided via I<profiles> loaded into the kernel
-via apparmor_parser(8), typically through the F</etc/init.d/apparmor>
-SysV initscript, which is used like this:
+via apparmor_parser(8), typically through the F<apparmor.service>
+systemd unit, which is used like this:
- # /etc/init.d/apparmor start
- # /etc/init.d/apparmor stop
- # /etc/init.d/apparmor restart
+ # systemctl start apparmor
+ # systemctl reload apparmor
AppArmor can operate in two modes: I<enforcement>, and I<complain or learning>:
@@ -110,7 +109,7 @@ I<Turn off deny audit quieting> if this is a problem).
Complain mode can be used to develop profiles incrementally as an
application is exercised. The logged accesses can be added to the
-profile and then can the application further excercised to discover further
+profile and then can the application further exercised to discover further
additions that are needed. Because AppArmor allows the accesses the
application will behave as it would if AppArmor was not confining it.
@@ -147,9 +146,9 @@ or to set it on boot add:
apparmor.mode=complain
-as a kernel boot paramenter.
+as a kernel boot parameter.
-B<Warning> Setting complain mode gloabally disables all apparmor
+B<Warning> Setting complain mode globally disables all apparmor
security protections. It can be useful during debugging or profile
development, but setting it selectively on a per profile basis is
safer.
@@ -218,7 +217,7 @@ or to set it on boot add:
apparmor.debug=1
-as a kernel boot paramenter.
+as a kernel boot parameter.
=head2 Turn off deny audit quieting
@@ -233,7 +232,7 @@ or to set it on boot add:
apparmor.audit=noquiet
-as a kernel boot paramenter.
+as a kernel boot parameter.
=head2 Force audit mode
@@ -255,7 +254,7 @@ or to set it on boot add:
apparmor.audit=all
-as a kernel boot paramenter.
+as a kernel boot parameter.
B<Audit Rate Limiting>
@@ -273,11 +272,9 @@ Else, if auditd is running, see auditd(8) and auditd.conf(5).
=over 4
-=item F</etc/init.d/apparmor>
-
=item F</etc/apparmor.d/>
-=item F</var/lib/apparmor/>
+=item F</var/cache/apparmor/>
=item F</var/log/audit/audit.log>
diff --git a/parser/apparmor.service b/parser/apparmor.service
index 15b9f74e6c5eff6fdb0a5cf8bc52582f8f12041d..641771ffb7f4c17d410096dd3fee838d4aa4ea40 100644
--- a/parser/apparmor.service
+++ b/parser/apparmor.service
@@ -6,6 +6,8 @@ After=systemd-journald-audit.socket
# profile cache: /var/cache/apparmor/ and /usr/share/apparmor/cache/
After=var.mount var-cache.mount usr.mount usr-share.mount
ConditionSecurity=apparmor
+Documentation=man:apparmor(7)
+Documentation=https://gitlab.com/apparmor/apparmor/wikis/home/
[Service]
Type=oneshot
diff --git a/parser/apparmor.systemd b/parser/apparmor.systemd
index 09d579245dcc27855cb54b6d7bd3f9a3dfd06377..ccdad3b499fdd3545caefa389b972f9676b655bb 100644
--- a/parser/apparmor.systemd
+++ b/parser/apparmor.systemd
@@ -17,6 +17,8 @@
APPARMOR_FUNCTIONS=/lib/apparmor/rc.apparmor.functions
+# This function is used in rc.apparmor.functions
+# shellcheck disable=SC2317
aa_action()
{
echo "$1"
@@ -25,36 +27,50 @@ aa_action()
return $?
}
+# This function is used in rc.apparmor.functions
+# shellcheck disable=SC2317
aa_log_warning_msg()
{
echo "Warning: $*"
}
+# This function is used in rc.apparmor.functions
+# shellcheck disable=SC2317
aa_log_failure_msg()
{
echo "Error: $*"
}
+# This function is used in rc.apparmor.functions
+# shellcheck disable=SC2317
aa_log_action_start()
{
echo "$@"
}
+# This function is used in rc.apparmor.functions
+# shellcheck disable=SC2317
aa_log_action_end()
{
printf ""
}
+# This function is used in rc.apparmor.functions
+# shellcheck disable=SC2317
aa_log_daemon_msg()
{
echo "$@"
}
+# This function is used in rc.apparmor.functions
+# shellcheck disable=SC2317
aa_log_skipped_msg()
{
echo "Skipped: $*"
}
+# This function is used in rc.apparmor.functions
+# shellcheck disable=SC2317
aa_log_end_msg()
{
printf ""
diff --git a/parser/apparmor_parser.8 b/parser/apparmor_parser.8
deleted file mode 100644
index 00b22b949577a04a7da24e16bf54e5c0e4327515..0000000000000000000000000000000000000000
--- a/parser/apparmor_parser.8
+++ /dev/null
@@ -1,506 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "APPARMOR_PARSER 8"
-.TH APPARMOR_PARSER 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-apparmor_parser \- loads AppArmor profiles into the kernel
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBapparmor_parser [options] <command> [profiles]...\fR
-.PP
-\&\fBapparmor_parser [options] <command>\fR
-.PP
-\&\fBapparmor_parser [\-hv] [\-\-help] [\-\-version]\fR
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBapparmor_parser\fR is used as a general tool to compile, and manage AppArmor
-policy, including loading new \fBapparmor.d\fR\|(5) profiles into the Linux kernel.
-.PP
-AppArmor profiles restrict the operations available to processes.
-.PP
-The \fBprofiles\fR are loaded into the Linux kernel by the \fBapparmor_parser\fR
-program. The \fBprofiles\fR may be specified by file name or a directory
-name containing a set of profiles. If a directory is specified then the
-\&\fBapparmor_parser\fR will try to do a profile load for each file in the
-directory that is not a dot file, or explicitly black listed (*.dpkg\-new,
-*.dpkg\-old, *.dpkg\-dist, *.dpkg\-bak, *.dpkg\-remove, *.pacsave, *.pacnew,
-*.rpmnew, *.rpmsave, *.orig, *.rej, *~).
-The \fBapparmor_parser\fR will fall back to taking input from standard input if
-a profile or directory is not supplied.
-.PP
-The input supplied to \fBapparmor_parser\fR should be in the format described in
-\&\fBapparmor.d\fR\|(5).
-.SH "COMMANDS"
-.IX Header "COMMANDS"
-The command set is broken into four subcategories.
-.IP "unprivileged commands" 4
-.IX Item "unprivileged commands"
-Commands that don't require any privilege and don't operate on profiles.
-.IP "unprivileged profile commands" 4
-.IX Item "unprivileged profile commands"
-Commands that operate on a profile either specified on the command line or
-read from stdin if no profile was specified.
-.IP "privileged commands" 4
-.IX Item "privileged commands"
-Commands that require the \s-1MAC_ADMIN\s0 capability within the affected AppArmor
-namespace to load policy into the kernel or filesystem write permissions to
-update the affected privileged files (cache etc).
-.IP "privileged profile commands" 4
-.IX Item "privileged profile commands"
-Commands that require privilege and operate on profiles.
-.SH "Unprivileged commands"
-.IX Header "Unprivileged commands"
-.IP "\-V, \-\-version" 4
-.IX Item "-V, --version"
-Print the version number and exit.
-.IP "\-h, \-\-help" 4
-.IX Item "-h, --help"
-Give a quick reference guide.
-.SH "Unprivileged profile commands"
-.IX Header "Unprivileged profile commands"
-.IP "\-N, \-\-names" 4
-.IX Item "-N, --names"
-Produce a list of policies from a given set of profiles (implies \-K).
-.IP "\-p, \-\-preprocess" 4
-.IX Item "-p, --preprocess"
-Apply preprocessing to the input profile(s) by flattening includes into
-the output profile and dump to stdout.
-.IP "\-S, \-\-stdout" 4
-.IX Item "-S, --stdout"
-Writes a binary (cached) profile to stdout (implies \-K and \-T).
-.IP "\-o file, \-\-ofile file" 4
-.IX Item "-o file, --ofile file"
-Writes a binary (cached) profile to the specified file (implies \-K and \-T)
-.SH "Privileged commands"
-.IX Header "Privileged commands"
-.IP "\-\-purge\-cache" 4
-.IX Item "--purge-cache"
-Unconditionally clear out cached profiles.
-.SH "Privileged profile commands"
-.IX Header "Privileged profile commands"
-.IP "\-a, \-\-add" 4
-.IX Item "-a, --add"
-Insert the AppArmor definitions given into the kernel. This is the default
-action. This gives an error message if a AppArmor definition by the same
-name already exists in the kernel, or if the parser doesn't understand
-its input. It reports when an addition succeeded.
-.IP "\-r, \-\-replace" 4
-.IX Item "-r, --replace"
-This flag is required if an AppArmor definition by the same name already
-exists in the kernel; used to replace the definition already
-in the kernel with the definition given on standard input.
-.IP "\-R, \-\-remove" 4
-.IX Item "-R, --remove"
-This flag is used to remove an AppArmor definition already in the kernel.
-Note that it still requires a complete AppArmor definition as described
-in \fBapparmor.d\fR\|(5) even though the contents of the definition aren't
-used.
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-.IP "\-B, \-\-binary" 4
-.IX Item "-B, --binary"
-Treat the profile files specified on the command line (or stdin if none
-specified) as binary cache files, produced with the \-S or \-o options,
-and load to the kernel as specified by \-a, \-r, and \-R (implies \-K
-and \-T).
-.IP "\-C, \-\-Complain" 4
-.IX Item "-C, --Complain"
-Force the profile to load in complain mode.
-.IP "\-b n, \-\-base n" 4
-.IX Item "-b n, --base n"
-Set the base directory for resolving #include directives
-defined as relative paths.
-.IP "\-I n, \-\-Include n" 4
-.IX Item "-I n, --Include n"
-Add element n to the search path when resolving #include directives
-defined as an absolute paths.
-.IP "\-f n, \-\-apparmorfs n" 4
-.IX Item "-f n, --apparmorfs n"
-Set the location of the apparmor security filesystem (default is
-\&\*(L"/sys/kernel/security/apparmor\*(R").
-.IP "\-\-policy\-features n" 4
-.IX Item "--policy-features n"
-Specify the feature set that the policy was developed under. This does
-not override feature \s-1ABI\s0 rules.
-.IP "\-\-override\-policy\-abi n" 4
-.IX Item "--override-policy-abi n"
-Specify the feature set that the policy was developed under and
-override any feature \s-1ABI\s0 rules that the policy may be using.
-.IP "\-\-kernel\-features n" 4
-.IX Item "--kernel-features n"
-Specify the feature set of the kernel that the policy is being compiled for. If not specified this will be determined by the system's kernel.
-.IP "\-M n, \-\-features\-file n" 4
-.IX Item "-M n, --features-file n"
-Use the features file located at path \*(L"n\*(R" (default is
-/etc/apparmor.d/cache/.features). If the \-\-cache\-loc option is present, the
-\&\*(L".features\*(R" file in the specified cache directory is used.
-.Sp
-Note: this sets both the \-\-kernel\-features and \-\-policy\-features to be the
-same.
-.IP "\-m n, \-\-match\-string n" 4
-.IX Item "-m n, --match-string n"
-Only use match features \*(L"n\*(R".
-.Sp
-Note: this sets both the \-\-kernel\-features and \-\-policy\-features to be the
-same.
-.IP "\-n n, \-\-namespace\-string n" 4
-.IX Item "-n n, --namespace-string n"
-Force a profile to load in the namespace \*(L"n\*(R".
-.IP "\-X, \-\-readimpliesX" 4
-.IX Item "-X, --readimpliesX"
-In the case of profiles that are loading on systems were \s-1READ_IMPLIES_EXEC\s0
-is set in the kernel for a given process, load the profile so that any \*(L"r\*(R"
-flags are processed as \*(L"mr\*(R".
-.IP "\-k, \-\-show\-cache" 4
-.IX Item "-k, --show-cache"
-Report the cache processing (hit/miss details) when loading or saving
-cached profiles.
-.IP "\-K, \-\-skip\-cache" 4
-.IX Item "-K, --skip-cache"
-Perform no caching at all: disables \-W, implies \-T.
-.IP "\-T, \-\-skip\-read\-cache" 4
-.IX Item "-T, --skip-read-cache"
-By default, if a profile's cache is found in the location specified by
-\&\-\-cache\-loc and the timestamp is newer than the profile, it will be loaded
-from the cache. This option disables this cache loading behavior.
-.IP "\-W, \-\-write\-cache" 4
-.IX Item "-W, --write-cache"
-Write out cached profiles to the location specified in \-\-cache\-loc. Off
-by default. In cases where abstractions have been changed, and the parser
-is running with \*(L"\-\-replace\*(R", it may make sense to also use
-\&\*(L"\-\-skip\-read\-cache\*(R" with the \*(L"\-\-write\-cache\*(R" option.
-.IP "\-\-skip\-bad\-cache" 4
-.IX Item "--skip-bad-cache"
-Skip updating the cache if it contains cached profiles in a bad or
-inconsistent state
-.IP "\-L, \-\-cache\-loc" 4
-.IX Item "-L, --cache-loc"
-Set the location(s) of the cache directory. This option can accept a
-comma separated list of directories, which will be searched in order
-to find a matching cache. The first matching cache file found is used
-even if a directory later in the search order may contain a newer cache
-file.
-.Sp
-If multiple directories are specified and \-\-write\-cache has been specified
-then cache writes will be made to the first directory in the list, all
-other directories will be treated as read only.
-.Sp
-If a cache directory name needs to have a comma as part of the name, it
-can be specified by using a backslash to escape the comma character in
-the directory name.
-.Sp
-If not specified the cache location defaults to /var/cache/apparmor
-.IP "\-\-print\-cache\-dir" 4
-.IX Item "--print-cache-dir"
-Print the cache directory location. This path will be a subdirectory of the
-directory specified by \-\-cache\-loc. The subdirectory used will be influenced by
-the features available in the currently running kernel or by the features
-specified with the \-\-match\-string or \-\-features\-file options.
-.IP "\-Q, \-\-skip\-kernel\-load" 4
-.IX Item "-Q, --skip-kernel-load"
-Perform all actions except the actual loading of a profile into the kernel.
-This is useful for testing profile generation, caching, etc, without making
-changes to the running kernel profiles.
-.Sp
-This also removes the need for privilege to execute the commands that
-manage policy in the kernel
-.IP "\-q, \-\-quiet" 4
-.IX Item "-q, --quiet"
-Do not report on the profiles as they are loaded, and not show warnings.
-.IP "\-v, \-\-verbose" 4
-.IX Item "-v, --verbose"
-Report on the profiles as they are loaded, and show warnings.
-.IP "\-\-warn=n" 4
-.IX Item "--warn=n"
-Enable various warnings during policy compilation. A single warn flag
-can be specified per \-\-warn option, but the \-\-warn flag can be passed
-multiple times.
-.Sp
-.Vb 1
-\& apparmor_parser \-\-warn=rule\-not\-enforced ...
-.Ve
-.Sp
-A specific warning can be disabled by prepending \fIno\fR\- to the flag
-.Sp
-.Vb 1
-\& apparmor_parser \-\-warn=no\-rule\-not\-enforced ...
-.Ve
-.Sp
-Use \-\-help=warn to see a full list of which warn flags are supported.
-.IP "\-\-Werror[=n]" 4
-.IX Item "--Werror[=n]"
-Convert warnings into errors during policy compilation. If the
-optional flag is not specified all warnings become errors. If the
-optional flag is specified only the class of warnings specified will
-become errors. A single flag can be specified per \-\-Werror option, but
-the \-\-Werror flag can be passed multiple times.
-.Sp
-.Vb 1
-\& apparmor_parser \-\-Werror=deprecated ...
-.Ve
-.Sp
-Use \-\-help=warn or \-\-help=Werror to see a full list of which warn flags
-are supported.
-.IP "\-d, \-\-debug" 4
-.IX Item "-d, --debug"
-Given once, only checks the profiles to ensure syntactic correctness.
-Given twice, dumps its interpretation of the profile for checking.
-.IP "\-D n, \-\-dump=n" 4
-.IX Item "-D n, --dump=n"
-Debug flag for dumping various structures and passes of policy compilation.
-A single dump flag can be specified per \-\-dump option, but the dump flag
-can be passed multiple times. Note progress flags tend to also imply
-the matching stats flag.
-.Sp
-.Vb 1
-\& apparmor_parser \-\-dump=dfa\-stats \-\-dump=trans\-stats <file>
-.Ve
-.Sp
-Use \-\-help=dump to see a full list of which dump flags are supported
-.IP "\-j n, \-\-jobs=n" 4
-.IX Item "-j n, --jobs=n"
-Set the number of jobs used to compile the specified policy. Where n can
-be
-.Sp
-.Vb 4
-\& 0 \- disable jobs and use the main process for all compilation
-\& # \- a specific number of jobs
-\& auto \- the # of cpus in the in the system
-\& x# \- # * number of cpus
-.Ve
-.Sp
-Eg.
- \-j8 \s-1OR\s0 \-\-jobs=8 allows for 8 parallel jobs
- \-jauto \s-1OR\s0 \-\-jobs=auto sets the jobs to the # of cpus
- \-jx4 \s-1OR\s0 \-\-jobs=x4 sets the jobs to # of cpus * 4
- \-jx1 is equivalent to \-jauto
-.Sp
-The default value is the number of cpus in the system. Note that if jobs
-is a positive integer number the \-\-jobs\-max parameter is automatically
-set to the same value.
-.IP "\-\-max\-jobs n" 4
-.IX Item "--max-jobs n"
-When \-\-jobs is set to a scaling value (ie. auto or xN) the specify a
-hard cap on the value that can be specified by the \-\-jobs flag. It
-takes the same set of options available to the \-\-jobs option, and
-defaults to 8*cpus
-.IP "\-O n, \-\-optimize=n" 4
-.IX Item "-O n, --optimize=n"
-Set the optimization flags used by policy compilation. A single optimization
-flag can be toggled per \-O option, but the optimize flag can be passed
-multiple times. Turning off some phases of the optimization can make
-it so that policy can't complete compilation due to size constraints
-(it is entirely possible to create a dfa with millions of states that will
-take days or longer to compile).
-.Sp
-Note: The parser is set to use a balanced default set of flags, that
-will result in reasonable compression but not take excessive amounts
-of time to complete.
-.Sp
-Use \-\-help=optimize to see a full list of which optimization flags are
-supported.
-.IP "\-\-abort\-on\-error Abort processing of profiles on the first error encountered, otherwise the parser will continue to try to compile other profiles if specified." 4
-.IX Item "--abort-on-error Abort processing of profiles on the first error encountered, otherwise the parser will continue to try to compile other profiles if specified."
-Note: If an error is encountered while processing profiles the last error
-encountered will be used to set the exit code.
-.IP "\-\-skip\-bad\-cache\-rebuild The default behavior of the parser is to check if a cached version of a profile exists and if it does it attempt to load it into the kernel. If that load is rejected, then the parser will attempt to rebuild the cache file, and load again." 4
-.IX Item "--skip-bad-cache-rebuild The default behavior of the parser is to check if a cached version of a profile exists and if it does it attempt to load it into the kernel. If that load is rejected, then the parser will attempt to rebuild the cache file, and load again."
-This option tells the parser to not attempt to rebuild the cache on
-failure, instead the parser continues on with processing the remaining
-profiles.
-.IP "\-\-estimated\-compile\-size Adjust the internal parameter used to estimate how agressive the parser can be when compiling policy. This may include changes to how or when caches are dropped or how many compile units (jobs) are launched. The value should slightly larger than the largest Resident Set Size (\s-1RSS\s0) encountered for the type of policy being compiled." 4
-.IX Item "--estimated-compile-size Adjust the internal parameter used to estimate how agressive the parser can be when compiling policy. This may include changes to how or when caches are dropped or how many compile units (jobs) are launched. The value should slightly larger than the largest Resident Set Size (RSS) encountered for the type of policy being compiled."
-A value that is too small may result in the parser exhausting system
-resources when compiling large policy. A value too large may slow
-policy compiles down.
-.Sp
-The value specified may include a suffix of \fI\s-1KB\s0\fR, \fI\s-1MB\s0\fR, \fI\s-1GB\s0\fR, to
-make it easier to adjust the size.
-.Sp
-Note: config-file and command line options will override values chosen
-by tuning affected by the option.
-.IP "\-\-config\-file" 4
-.IX Item "--config-file"
-Specify the config file to use instead of
-/etc/apparmor/parser.conf. This option will be processed early before
-regular options regardless of the order it is specified in.
-.IP "\-\-print\-config\-file" 4
-.IX Item "--print-config-file"
-Print the config file location that will be used.
-.SH "CONFIG FILE"
-.IX Header "CONFIG FILE"
-An optional config file /etc/apparmor/parser.conf can be used to specify the
-default options for the parser, which then can be overridden using the command
-line options.
-.PP
-The config file ignores leading whitespace and treats lines that begin with #
-as comments. Config options are specified one per line using the same format
-as the longform command line options (without the preceding \-\-).
-.PP
-Eg.
- #comment
-.PP
-.Vb 2
-\& optimize=no\-expr\-tree
-\& optimize=compress\-fast
-.Ve
-.PP
-As with the command line some options accumulate and others override, ie. when
-there are conflicting versions of switch the last option is the one chosen.
-.PP
-Eg.
- Optimize=no\-minimize
- Optimize=minimize
-.PP
-would result in Optimize=minimize being set.
-.PP
-The Include, Dump, and Optimize options accululate except for the inversion
-option (no-X vs. X), and a couple options that work by setting/clearing
-multiple options (compress-small). In that case the option will override
-the flags it sets but will may accumulate with others.
-.PP
-All other options override previously set values.
-.SH "BUGS"
-.IX Header "BUGS"
-If you find any bugs, please report them at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa_change_hat\fR\|(2), and
-<https://wiki.apparmor.net>.
diff --git a/parser/apparmor_parser.8.html b/parser/apparmor_parser.8.html
deleted file mode 100644
index 05c23a5aa8c02eae01c94d81e18235dc74b11537..0000000000000000000000000000000000000000
--- a/parser/apparmor_parser.8.html
+++ /dev/null
@@ -1,467 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>apparmor_parser - loads AppArmor profiles into the kernel</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> apparmor_parser - loads AppArmor profiles into the kernel</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#COMMANDS">COMMANDS</a></li>
- <li><a href="#Unprivileged-commands">Unprivileged commands</a></li>
- <li><a href="#Unprivileged-profile-commands">Unprivileged profile commands</a></li>
- <li><a href="#Privileged-commands">Privileged commands</a></li>
- <li><a href="#Privileged-profile-commands">Privileged profile commands</a></li>
- <li><a href="#OPTIONS">OPTIONS</a></li>
- <li><a href="#CONFIG-FILE">CONFIG FILE</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>apparmor_parser - loads AppArmor profiles into the kernel</p>
-
-<h1 id="SYNOPSIS">SYNOPSIS</h1>
-
-<p><b>apparmor_parser [options] <command> [profiles]...</b></p>
-
-<p><b>apparmor_parser [options] <command></b></p>
-
-<p><b>apparmor_parser [-hv] [--help] [--version]</b></p>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p><b>apparmor_parser</b> is used as a general tool to compile, and manage AppArmor policy, including loading new apparmor.d(5) profiles into the Linux kernel.</p>
-
-<p>AppArmor profiles restrict the operations available to processes.</p>
-
-<p>The <b>profiles</b> are loaded into the Linux kernel by the <b>apparmor_parser</b> program. The <b>profiles</b> may be specified by file name or a directory name containing a set of profiles. If a directory is specified then the <b>apparmor_parser</b> will try to do a profile load for each file in the directory that is not a dot file, or explicitly black listed (*.dpkg-new, *.dpkg-old, *.dpkg-dist, *.dpkg-bak, *.dpkg-remove, *.pacsave, *.pacnew, *.rpmnew, *.rpmsave, *.orig, *.rej, *~). The <b>apparmor_parser</b> will fall back to taking input from standard input if a profile or directory is not supplied.</p>
-
-<p>The input supplied to <b>apparmor_parser</b> should be in the format described in apparmor.d(5).</p>
-
-<h1 id="COMMANDS">COMMANDS</h1>
-
-<p>The command set is broken into four subcategories.</p>
-
-<dl>
-
-<dt id="unprivileged-commands">unprivileged commands</dt>
-<dd>
-
-<p>Commands that don't require any privilege and don't operate on profiles.</p>
-
-</dd>
-<dt id="unprivileged-profile-commands">unprivileged profile commands</dt>
-<dd>
-
-<p>Commands that operate on a profile either specified on the command line or read from stdin if no profile was specified.</p>
-
-</dd>
-<dt id="privileged-commands">privileged commands</dt>
-<dd>
-
-<p>Commands that require the MAC_ADMIN capability within the affected AppArmor namespace to load policy into the kernel or filesystem write permissions to update the affected privileged files (cache etc).</p>
-
-</dd>
-<dt id="privileged-profile-commands">privileged profile commands</dt>
-<dd>
-
-<p>Commands that require privilege and operate on profiles.</p>
-
-</dd>
-</dl>
-
-<h1 id="Unprivileged-commands">Unprivileged commands</h1>
-
-<dl>
-
-<dt id="V---version">-V, --version</dt>
-<dd>
-
-<p>Print the version number and exit.</p>
-
-</dd>
-<dt id="h---help">-h, --help</dt>
-<dd>
-
-<p>Give a quick reference guide.</p>
-
-</dd>
-</dl>
-
-<h1 id="Unprivileged-profile-commands">Unprivileged profile commands</h1>
-
-<dl>
-
-<dt id="N---names">-N, --names</dt>
-<dd>
-
-<p>Produce a list of policies from a given set of profiles (implies -K).</p>
-
-</dd>
-<dt id="p---preprocess">-p, --preprocess</dt>
-<dd>
-
-<p>Apply preprocessing to the input profile(s) by flattening includes into the output profile and dump to stdout.</p>
-
-</dd>
-<dt id="S---stdout">-S, --stdout</dt>
-<dd>
-
-<p>Writes a binary (cached) profile to stdout (implies -K and -T).</p>
-
-</dd>
-<dt id="o-file---ofile-file">-o file, --ofile file</dt>
-<dd>
-
-<p>Writes a binary (cached) profile to the specified file (implies -K and -T)</p>
-
-</dd>
-</dl>
-
-<h1 id="Privileged-commands">Privileged commands</h1>
-
-<dl>
-
-<dt id="purge-cache">--purge-cache</dt>
-<dd>
-
-<p>Unconditionally clear out cached profiles.</p>
-
-</dd>
-</dl>
-
-<h1 id="Privileged-profile-commands">Privileged profile commands</h1>
-
-<dl>
-
-<dt id="a---add">-a, --add</dt>
-<dd>
-
-<p>Insert the AppArmor definitions given into the kernel. This is the default action. This gives an error message if a AppArmor definition by the same name already exists in the kernel, or if the parser doesn't understand its input. It reports when an addition succeeded.</p>
-
-</dd>
-<dt id="r---replace">-r, --replace</dt>
-<dd>
-
-<p>This flag is required if an AppArmor definition by the same name already exists in the kernel; used to replace the definition already in the kernel with the definition given on standard input.</p>
-
-</dd>
-<dt id="R---remove">-R, --remove</dt>
-<dd>
-
-<p>This flag is used to remove an AppArmor definition already in the kernel. Note that it still requires a complete AppArmor definition as described in apparmor.d(5) even though the contents of the definition aren't used.</p>
-
-</dd>
-</dl>
-
-<h1 id="OPTIONS">OPTIONS</h1>
-
-<dl>
-
-<dt id="B---binary">-B, --binary</dt>
-<dd>
-
-<p>Treat the profile files specified on the command line (or stdin if none specified) as binary cache files, produced with the -S or -o options, and load to the kernel as specified by -a, -r, and -R (implies -K and -T).</p>
-
-</dd>
-<dt id="C---Complain">-C, --Complain</dt>
-<dd>
-
-<p>Force the profile to load in complain mode.</p>
-
-</dd>
-<dt id="b-n---base-n">-b n, --base n</dt>
-<dd>
-
-<p>Set the base directory for resolving #include directives defined as relative paths.</p>
-
-</dd>
-<dt id="I-n---Include-n">-I n, --Include n</dt>
-<dd>
-
-<p>Add element n to the search path when resolving #include directives defined as an absolute paths.</p>
-
-</dd>
-<dt id="f-n---apparmorfs-n">-f n, --apparmorfs n</dt>
-<dd>
-
-<p>Set the location of the apparmor security filesystem (default is "/sys/kernel/security/apparmor").</p>
-
-</dd>
-<dt id="policy-features-n">--policy-features n</dt>
-<dd>
-
-<p>Specify the feature set that the policy was developed under. This does not override feature ABI rules.</p>
-
-</dd>
-<dt id="override-policy-abi-n">--override-policy-abi n</dt>
-<dd>
-
-<p>Specify the feature set that the policy was developed under and override any feature ABI rules that the policy may be using.</p>
-
-</dd>
-<dt id="kernel-features-n">--kernel-features n</dt>
-<dd>
-
-<p>Specify the feature set of the kernel that the policy is being compiled for. If not specified this will be determined by the system's kernel.</p>
-
-</dd>
-<dt id="M-n---features-file-n">-M n, --features-file n</dt>
-<dd>
-
-<p>Use the features file located at path "n" (default is /etc/apparmor.d/cache/.features). If the --cache-loc option is present, the ".features" file in the specified cache directory is used.</p>
-
-<p>Note: this sets both the --kernel-features and --policy-features to be the same.</p>
-
-</dd>
-<dt id="m-n---match-string-n">-m n, --match-string n</dt>
-<dd>
-
-<p>Only use match features "n".</p>
-
-<p>Note: this sets both the --kernel-features and --policy-features to be the same.</p>
-
-</dd>
-<dt id="n-n---namespace-string-n">-n n, --namespace-string n</dt>
-<dd>
-
-<p>Force a profile to load in the namespace "n".</p>
-
-</dd>
-<dt id="X---readimpliesX">-X, --readimpliesX</dt>
-<dd>
-
-<p>In the case of profiles that are loading on systems were READ_IMPLIES_EXEC is set in the kernel for a given process, load the profile so that any "r" flags are processed as "mr".</p>
-
-</dd>
-<dt id="k---show-cache">-k, --show-cache</dt>
-<dd>
-
-<p>Report the cache processing (hit/miss details) when loading or saving cached profiles.</p>
-
-</dd>
-<dt id="K---skip-cache">-K, --skip-cache</dt>
-<dd>
-
-<p>Perform no caching at all: disables -W, implies -T.</p>
-
-</dd>
-<dt id="T---skip-read-cache">-T, --skip-read-cache</dt>
-<dd>
-
-<p>By default, if a profile's cache is found in the location specified by --cache-loc and the timestamp is newer than the profile, it will be loaded from the cache. This option disables this cache loading behavior.</p>
-
-</dd>
-<dt id="W---write-cache">-W, --write-cache</dt>
-<dd>
-
-<p>Write out cached profiles to the location specified in --cache-loc. Off by default. In cases where abstractions have been changed, and the parser is running with "--replace", it may make sense to also use "--skip-read-cache" with the "--write-cache" option.</p>
-
-</dd>
-<dt id="skip-bad-cache">--skip-bad-cache</dt>
-<dd>
-
-<p>Skip updating the cache if it contains cached profiles in a bad or inconsistent state</p>
-
-</dd>
-<dt id="L---cache-loc">-L, --cache-loc</dt>
-<dd>
-
-<p>Set the location(s) of the cache directory. This option can accept a comma separated list of directories, which will be searched in order to find a matching cache. The first matching cache file found is used even if a directory later in the search order may contain a newer cache file.</p>
-
-<p>If multiple directories are specified and --write-cache has been specified then cache writes will be made to the first directory in the list, all other directories will be treated as read only.</p>
-
-<p>If a cache directory name needs to have a comma as part of the name, it can be specified by using a backslash to escape the comma character in the directory name.</p>
-
-<p>If not specified the cache location defaults to /var/cache/apparmor</p>
-
-</dd>
-<dt id="print-cache-dir">--print-cache-dir</dt>
-<dd>
-
-<p>Print the cache directory location. This path will be a subdirectory of the directory specified by --cache-loc. The subdirectory used will be influenced by the features available in the currently running kernel or by the features specified with the --match-string or --features-file options.</p>
-
-</dd>
-<dt id="Q---skip-kernel-load">-Q, --skip-kernel-load</dt>
-<dd>
-
-<p>Perform all actions except the actual loading of a profile into the kernel. This is useful for testing profile generation, caching, etc, without making changes to the running kernel profiles.</p>
-
-<p>This also removes the need for privilege to execute the commands that manage policy in the kernel</p>
-
-</dd>
-<dt id="q---quiet">-q, --quiet</dt>
-<dd>
-
-<p>Do not report on the profiles as they are loaded, and not show warnings.</p>
-
-</dd>
-<dt id="v---verbose">-v, --verbose</dt>
-<dd>
-
-<p>Report on the profiles as they are loaded, and show warnings.</p>
-
-</dd>
-<dt id="warn-n">--warn=n</dt>
-<dd>
-
-<p>Enable various warnings during policy compilation. A single warn flag can be specified per --warn option, but the --warn flag can be passed multiple times.</p>
-
-<pre><code>apparmor_parser --warn=rule-not-enforced ...</code></pre>
-
-<p>A specific warning can be disabled by prepending <i>no</i>- to the flag</p>
-
-<pre><code>apparmor_parser --warn=no-rule-not-enforced ...</code></pre>
-
-<p>Use --help=warn to see a full list of which warn flags are supported.</p>
-
-</dd>
-<dt id="Werror-n">--Werror[=n]</dt>
-<dd>
-
-<p>Convert warnings into errors during policy compilation. If the optional flag is not specified all warnings become errors. If the optional flag is specified only the class of warnings specified will become errors. A single flag can be specified per --Werror option, but the --Werror flag can be passed multiple times.</p>
-
-<pre><code>apparmor_parser --Werror=deprecated ...</code></pre>
-
-<p>Use --help=warn or --help=Werror to see a full list of which warn flags are supported.</p>
-
-</dd>
-<dt id="d---debug">-d, --debug</dt>
-<dd>
-
-<p>Given once, only checks the profiles to ensure syntactic correctness. Given twice, dumps its interpretation of the profile for checking.</p>
-
-</dd>
-<dt id="D-n---dump-n">-D n, --dump=n</dt>
-<dd>
-
-<p>Debug flag for dumping various structures and passes of policy compilation. A single dump flag can be specified per --dump option, but the dump flag can be passed multiple times. Note progress flags tend to also imply the matching stats flag.</p>
-
-<pre><code>apparmor_parser --dump=dfa-stats --dump=trans-stats <file></code></pre>
-
-<p>Use --help=dump to see a full list of which dump flags are supported</p>
-
-</dd>
-<dt id="j-n---jobs-n">-j n, --jobs=n</dt>
-<dd>
-
-<p>Set the number of jobs used to compile the specified policy. Where n can be</p>
-
-<pre><code>0 - disable jobs and use the main process for all compilation
-# - a specific number of jobs
-auto - the # of cpus in the in the system
-x# - # * number of cpus</code></pre>
-
-<p>Eg. -j8 OR --jobs=8 allows for 8 parallel jobs -jauto OR --jobs=auto sets the jobs to the # of cpus -jx4 OR --jobs=x4 sets the jobs to # of cpus * 4 -jx1 is equivalent to -jauto</p>
-
-<p>The default value is the number of cpus in the system. Note that if jobs is a positive integer number the --jobs-max parameter is automatically set to the same value.</p>
-
-</dd>
-<dt id="max-jobs-n">--max-jobs n</dt>
-<dd>
-
-<p>When --jobs is set to a scaling value (ie. auto or xN) the specify a hard cap on the value that can be specified by the --jobs flag. It takes the same set of options available to the --jobs option, and defaults to 8*cpus</p>
-
-</dd>
-<dt id="O-n---optimize-n">-O n, --optimize=n</dt>
-<dd>
-
-<p>Set the optimization flags used by policy compilation. A single optimization flag can be toggled per -O option, but the optimize flag can be passed multiple times. Turning off some phases of the optimization can make it so that policy can't complete compilation due to size constraints (it is entirely possible to create a dfa with millions of states that will take days or longer to compile).</p>
-
-<p>Note: The parser is set to use a balanced default set of flags, that will result in reasonable compression but not take excessive amounts of time to complete.</p>
-
-<p>Use --help=optimize to see a full list of which optimization flags are supported.</p>
-
-</dd>
-<dt id="abort-on-error-Abort-processing-of-profiles-on-the-first-error-encountered-otherwise-the-parser-will-continue-to-try-to-compile-other-profiles-if-specified">--abort-on-error Abort processing of profiles on the first error encountered, otherwise the parser will continue to try to compile other profiles if specified.</dt>
-<dd>
-
-<p>Note: If an error is encountered while processing profiles the last error encountered will be used to set the exit code.</p>
-
-</dd>
-<dt id="skip-bad-cache-rebuild-The-default-behavior-of-the-parser-is-to-check-if-a-cached-version-of-a-profile-exists-and-if-it-does-it-attempt-to-load-it-into-the-kernel.-If-that-load-is-rejected-then-the-parser-will-attempt-to-rebuild-the-cache-file-and-load-again">--skip-bad-cache-rebuild The default behavior of the parser is to check if a cached version of a profile exists and if it does it attempt to load it into the kernel. If that load is rejected, then the parser will attempt to rebuild the cache file, and load again.</dt>
-<dd>
-
-<p>This option tells the parser to not attempt to rebuild the cache on failure, instead the parser continues on with processing the remaining profiles.</p>
-
-</dd>
-<dt id="estimated-compile-size-Adjust-the-internal-parameter-used-to-estimate-how-agressive-the-parser-can-be-when-compiling-policy.-This-may-include-changes-to-how-or-when-caches-are-dropped-or-how-many-compile-units-jobs-are-launched.-The-value-should-slightly-larger-than-the-largest-Resident-Set-Size-RSS-encountered-for-the-type-of-policy-being-compiled">--estimated-compile-size Adjust the internal parameter used to estimate how agressive the parser can be when compiling policy. This may include changes to how or when caches are dropped or how many compile units (jobs) are launched. The value should slightly larger than the largest Resident Set Size (RSS) encountered for the type of policy being compiled.</dt>
-<dd>
-
-<p>A value that is too small may result in the parser exhausting system resources when compiling large policy. A value too large may slow policy compiles down.</p>
-
-<p>The value specified may include a suffix of <i>KB</i>, <i>MB</i>, <i>GB</i>, to make it easier to adjust the size.</p>
-
-<p>Note: config-file and command line options will override values chosen by tuning affected by the option.</p>
-
-</dd>
-<dt id="config-file">--config-file</dt>
-<dd>
-
-<p>Specify the config file to use instead of /etc/apparmor/parser.conf. This option will be processed early before regular options regardless of the order it is specified in.</p>
-
-</dd>
-<dt id="print-config-file">--print-config-file</dt>
-<dd>
-
-<p>Print the config file location that will be used.</p>
-
-</dd>
-</dl>
-
-<h1 id="CONFIG-FILE">CONFIG FILE</h1>
-
-<p>An optional config file /etc/apparmor/parser.conf can be used to specify the default options for the parser, which then can be overridden using the command line options.</p>
-
-<p>The config file ignores leading whitespace and treats lines that begin with # as comments. Config options are specified one per line using the same format as the longform command line options (without the preceding --).</p>
-
-<p>Eg. #comment</p>
-
-<pre><code>optimize=no-expr-tree
-optimize=compress-fast</code></pre>
-
-<p>As with the command line some options accumulate and others override, ie. when there are conflicting versions of switch the last option is the one chosen.</p>
-
-<p>Eg. Optimize=no-minimize Optimize=minimize</p>
-
-<p>would result in Optimize=minimize being set.</p>
-
-<p>The Include, Dump, and Optimize options accululate except for the inversion option (no-X vs. X), and a couple options that work by setting/clearing multiple options (compress-small). In that case the option will override the flags it sets but will may accumulate with others.</p>
-
-<p>All other options override previously set values.</p>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7), apparmor.d(5), aa_change_hat(2), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> apparmor_parser - loads AppArmor profiles into the kernel</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/parser/apparmor_parser.pod b/parser/apparmor_parser.pod
index 6c9d0f2289934f68bd37fb8ca038a64b696e506d..deb242d876333f56cec37dc2e879bcc1b663fcea 100644
--- a/parser/apparmor_parser.pod
+++ b/parser/apparmor_parser.pod
@@ -397,7 +397,7 @@ failure, instead the parser continues on with processing the remaining
profiles.
=item --estimated-compile-size
-Adjust the internal parameter used to estimate how agressive the parser
+Adjust the internal parameter used to estimate how aggressive the parser
can be when compiling policy. This may include changes to how or when
caches are dropped or how many compile units (jobs) are launched. The
value should slightly larger than the largest Resident Set Size (RSS)
@@ -451,7 +451,7 @@ Eg.
would result in Optimize=minimize being set.
-The Include, Dump, and Optimize options accululate except for the inversion
+The Include, Dump, and Optimize options accumulate except for the inversion
option (no-X vs. X), and a couple options that work by setting/clearing
multiple options (compress-small). In that case the option will override
the flags it sets but will may accumulate with others.
diff --git a/parser/apparmor_xattrs.7 b/parser/apparmor_xattrs.7
deleted file mode 100644
index 8cd3552e8ac51bddabc1d2ef4f9033311e0ee7bd..0000000000000000000000000000000000000000
--- a/parser/apparmor_xattrs.7
+++ /dev/null
@@ -1,225 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "APPARMOR_XATTRS 7"
-.TH APPARMOR_XATTRS 7 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-apparmor_xattrs \- AppArmor profile xattr(7) matching
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-AppArmor profiles can conditionally match files based on the presence and value
-of extended attributes in addition to file path. The following profile applies
-to any file under \*(L"/usr/bin\*(R" where the \*(L"security.apparmor\*(R" extended attribute
-has the value \*(L"trusted\*(R":
-.PP
-.Vb 3
-\& profile trusted /usr/bin/* xattrs=(security.apparmor="trusted") {
-\& # ...
-\& }
-.Ve
-.PP
-Note that \*(L"security.apparmor\*(R" and \*(L"trusted\*(R" are arbitrary, and profiles can
-match based on the value of any attribute.
-.PP
-The xattrs value may also contain a path regex:
-.PP
-.Vb 1
-\& profile trusted /usr/bin/* xattrs=(user.trust="tier/*") {
-\&
-\& # ...
-\& }
-.Ve
-.PP
-The \fBgetfattr\fR\|(1) and \fBsetfattr\fR\|(1) tools can be used to view and manage xattr
-values:
-.PP
-.Vb 4
-\& $ setfattr \-n \*(Aqsecurity.apparmor\*(Aq \-v \*(Aqtrusted\*(Aq /usr/bin/example\-tool
-\& $ getfattr \-\-absolute\-names \-d \-m \- /usr/bin/example\-tool
-\& # file: usr/bin/example\-tool
-\& security.apparmor="trusted"
-.Ve
-.PP
-The priority of each profile is determined by the length of the path, then the
-number of xattrs specified. A more specific path is preferred over xattr
-matches:
-.PP
-.Vb 4
-\& # Highest priority, longest path.
-\& profile example1 /usr/bin/example\-tool {
-\& # ...
-\& }
-\&
-\& # Lower priority than the longer path, but higher priority than a rule
-\& # with fewer xattr matches.
-\& profile example2 /usr/** xattrs=(
-\& security.apparmor="trusted"
-\& user.domain="**"
-\& ) {
-\& # ...
-\& }
-\&
-\& # Lowest priority. Same path length as the second profile, but has
-\& # fewer xattr matches.
-\& profile example2 /usr/** {
-\& # ...
-\& }
-.Ve
-.PP
-xattr matching requires the following kernel feature:
-.PP
-.Vb 1
-\& /sys/kernel/security/apparmor/features/domain/attach_conditions/xattr
-.Ve
-.SH "KNOWN ISSUES"
-.IX Header "KNOWN ISSUES"
-AppArmor profiles currently can't reliably match extended attributes with
-binary values such as security.evm and security.ima. In the future AppArmor may
-gain the ability to match based on the presence of certain attributes while
-ignoring their values.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(8),
-\&\fBapparmor_parser\fR\|(8),
-\&\fBapparmor.d\fR\|(5),
-\&\fBxattr\fR\|(7),
-\&\fBaa\-autodep\fR\|(1), \fBclean\fR\|(1),
-\&\fBauditd\fR\|(8),
-\&\fBgetfattr\fR\|(1),
-\&\fBsetfattr\fR\|(1),
-and <https://wiki.apparmor.net>.
diff --git a/parser/apparmor_xattrs.7.html b/parser/apparmor_xattrs.7.html
deleted file mode 100644
index 9a1e5752f627a1d7afdfa13f208d9395749bf1de..0000000000000000000000000000000000000000
--- a/parser/apparmor_xattrs.7.html
+++ /dev/null
@@ -1,99 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>apparmor_xattrs - AppArmor profile xattr(7) matching</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> apparmor_xattrs - AppArmor profile xattr(7) matching</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#KNOWN-ISSUES">KNOWN ISSUES</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>apparmor_xattrs - AppArmor profile xattr(7) matching</p>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p>AppArmor profiles can conditionally match files based on the presence and value of extended attributes in addition to file path. The following profile applies to any file under "/usr/bin" where the "security.apparmor" extended attribute has the value "trusted":</p>
-
-<pre><code>profile trusted /usr/bin/* xattrs=(security.apparmor="trusted") {
- # ...
-}</code></pre>
-
-<p>Note that "security.apparmor" and "trusted" are arbitrary, and profiles can match based on the value of any attribute.</p>
-
-<p>The xattrs value may also contain a path regex:</p>
-
-<pre><code>profile trusted /usr/bin/* xattrs=(user.trust="tier/*") {
-
- # ...
-}</code></pre>
-
-<p>The getfattr(1) and setfattr(1) tools can be used to view and manage xattr values:</p>
-
-<pre><code>$ setfattr -n 'security.apparmor' -v 'trusted' /usr/bin/example-tool
-$ getfattr --absolute-names -d -m - /usr/bin/example-tool
-# file: usr/bin/example-tool
-security.apparmor="trusted"</code></pre>
-
-<p>The priority of each profile is determined by the length of the path, then the number of xattrs specified. A more specific path is preferred over xattr matches:</p>
-
-<pre><code># Highest priority, longest path.
-profile example1 /usr/bin/example-tool {
- # ...
-}
-
-# Lower priority than the longer path, but higher priority than a rule
-# with fewer xattr matches.
-profile example2 /usr/** xattrs=(
- security.apparmor="trusted"
- user.domain="**"
-) {
- # ...
-}
-
-# Lowest priority. Same path length as the second profile, but has
-# fewer xattr matches.
-profile example2 /usr/** {
- # ...
-}</code></pre>
-
-<p>xattr matching requires the following kernel feature:</p>
-
-<pre><code>/sys/kernel/security/apparmor/features/domain/attach_conditions/xattr</code></pre>
-
-<h1 id="KNOWN-ISSUES">KNOWN ISSUES</h1>
-
-<p>AppArmor profiles currently can't reliably match extended attributes with binary values such as security.evm and security.ima. In the future AppArmor may gain the ability to match based on the presence of certain attributes while ignoring their values.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(8), apparmor_parser(8), apparmor.d(5), xattr(7), aa-autodep(1), clean(1), auditd(8), getfattr(1), setfattr(1), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> apparmor_xattrs - AppArmor profile xattr(7) matching</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/parser/bignum.h b/parser/bignum.h
new file mode 100644
index 0000000000000000000000000000000000000000..e472de8441081ec89d539b3340dfe792b9ae4a56
--- /dev/null
+++ b/parser/bignum.h
@@ -0,0 +1,233 @@
+/*
+ * Copyright (c) 2023
+ * Canonical Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Canonical Ltd.
+ */
+
+#ifndef __AA_BIGNUM_H
+#define __AA_BIGNUM_H
+
+#include <iostream>
+#include <vector>
+#include <sstream>
+#include <algorithm>
+#include <string>
+
+class bignum
+{
+public:
+ std::vector<uint8_t> data;
+ uint8_t base;
+ bool negative = false;
+ bignum () : base(0) {}
+
+ bignum (unsigned long val) {
+ if (val == 0)
+ data.push_back(val);
+ else {
+ while(val > 0) {
+ data.push_back(val % 10);
+ val /= 10;
+ }
+ }
+ base = 10;
+ }
+
+ bignum (const char *val) {
+ while (*val) {
+ data.push_back(*val - 48);
+ val++;
+ }
+ std::reverse(data.begin(), data.end());
+ base = 10;
+ }
+
+ bignum (const uint8_t val[16]) {
+ size_t i;
+ bool flag = true;
+ for (i = 0; i < 16; i++) {
+ if (flag && (val[i] & 0xF0) >> 4 != 0)
+ flag = false;
+ if (!flag)
+ data.push_back((val[i] & 0xF0) >> 4);
+ if (flag && (val[i] & 0x0F) != 0)
+ flag = false;
+ if (!flag)
+ data.push_back(val[i] & 0x0F);
+ }
+ std::reverse(data.begin(), data.end());
+ base = 16;
+ }
+
+ bignum operator+(const bignum &brhs) const {
+ bignum b1 = this->size() < brhs.size() ? *this : brhs;
+ bignum b2 = this->size() < brhs.size() ? brhs : *this;
+ bignum result;
+ result.base = this->base;
+ uint8_t carryover = 0;
+ uint8_t sum;
+ size_t i;
+ for (i = 0; i < b1.size(); i++) {
+ sum = b1[i] + b2[i] + carryover;
+ if (sum > base - 1)
+ carryover = 1;
+ else
+ carryover = 0;
+ result.data.push_back(sum % base);
+ }
+ for (; i < b2.size(); i++) {
+ sum = b2[i] + carryover;
+ if (sum > base - 1)
+ carryover = 1;
+ else
+ carryover = 0;
+ result.data.push_back(sum % base);
+ }
+ if (carryover != 0)
+ result.data.push_back(carryover);
+ return result;
+ }
+
+ bignum operator-(const bignum &brhs) const {
+ bignum b1 = this->size() < brhs.size() ? *this : brhs;
+ bignum b2 = this->size() < brhs.size() ? brhs : *this;
+ bignum result;
+ result.negative = *this < brhs;
+ result.base = this->base;
+ int8_t borrow = 0;
+ int8_t sub;
+ size_t i;
+ for (i = 0; i < b1.size(); i++) {
+ sub = b2[i] - b1[i] - borrow;
+ if (sub < 0) {
+ sub += base;
+ borrow = 1;
+ } else
+ borrow = 0;
+ result.data.push_back(sub);
+ }
+ for (; i < b2.size(); i++) {
+ sub = b2[i] - borrow;
+ if (sub < 0) {
+ sub += base;
+ borrow = 1;
+ } else
+ borrow = 0;
+ result.data.push_back(sub);
+ }
+ if (borrow) {
+ int8_t tmp = result.data[result.size() - 1] -= base;
+ tmp *= -1;
+ result.data[result.size() - 1] = tmp;
+ }
+ while (result.size() > 1 && result.data[result.size() - 1] == 0)
+ result.data.pop_back();
+
+ return result;
+ }
+ bool operator>=(const bignum &rhs) const {
+ return cmp_bignum(this->data, rhs.data) >= 0;
+ }
+ bool operator<=(const bignum &rhs) const {
+ return cmp_bignum(this->data, rhs.data) <= 0;
+ }
+ bool operator>(const bignum &rhs) const {
+ return cmp_bignum(this->data, rhs.data) > 0;
+ }
+ bool operator<(const bignum &rhs) const {
+ return cmp_bignum(this->data, rhs.data) < 0;
+ }
+ int operator[](int index) const {
+ return this->data[index];
+ }
+ friend std::ostream &operator<<(std::ostream &os, bignum &bn);
+ size_t size() const {
+ return data.size();
+ }
+
+ /*
+ returns:
+ - 0, if the lhs and rhs are equal;
+ - a negative value if lhs is less than rhs;
+ - a positive value if lhs is greater than rhs.
+ */
+ int cmp_bignum(std::vector<uint8_t> lhs, std::vector<uint8_t> rhs) const
+ {
+ if (lhs.size() > rhs.size())
+ return 1;
+ else if (lhs.size() < rhs.size())
+ return -1;
+ else {
+ /* assumes the digits are stored in reverse order */
+ std::reverse(lhs.begin(), lhs.end());
+ std::reverse(rhs.begin(), rhs.end());
+ for (size_t i = 0; i < lhs.size(); i++) {
+ if (lhs[i] > rhs[i])
+ return 1;
+ if (lhs[i] < rhs[i])
+ return -1;
+ }
+ }
+ return 0;
+ }
+
+ static bignum lower_bound_regex(bignum val)
+ {
+ /* single digit numbers reduce to 0 */
+ if (val.size() == 1) {
+ val.data[0] = 0;
+ return val;
+ }
+
+ for (auto& j : val.data) {
+ uint8_t tmp = j;
+ j = 0;
+ if (tmp != val.base - 1) {
+ break;
+ }
+ if (&j == &val.data[val.size()-2]) {
+ val.data[val.size()-1] = 1;
+ break;
+ }
+ }
+ return val;
+
+ }
+
+ static bignum upper_bound_regex(bignum val)
+ {
+ for (auto& j : val.data) {
+ uint8_t tmp = j;
+ j = val.base - 1;
+ if (tmp != 0) {
+ break;
+ }
+ }
+ return val;
+ }
+
+};
+
+inline std::ostream &operator<<(std::ostream &os, bignum &bn)
+{
+ std::stringstream ss;
+ bignum tmp = bn;
+ std::reverse(tmp.data.begin(), tmp.data.end());
+ for (auto i : tmp.data)
+ ss << std::hex << (int) i;
+ os << ss.str();
+ return os;
+};
+
+#endif /* __AA_BIGNUM_H */
diff --git a/parser/common_flags.h b/parser/common_flags.h
new file mode 100644
index 0000000000000000000000000000000000000000..68421a32aabe1b513e05e82c7337be48b4a55c13
--- /dev/null
+++ b/parser/common_flags.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2023
+ * Canonical Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Novell, Inc. or Canonical
+ * Ltd.
+ */
+
+#ifndef __AA_COMMON_FLAGS_H
+#define __AA_COMMON_FLAGS_H
+
+typedef int optflags_t;
+
+typedef struct optflags {
+ optflags_t control;
+ optflags_t dump;
+ optflags_t warn;
+ optflags_t Werror;
+} optflags;
+
+extern optflags parseopts;
+
+#endif /* __AA_COMMON_FLAGS_H */
diff --git a/parser/common_optarg.c b/parser/common_optarg.c
index bd77b0b1bc235ef72673c69c25b039b2be237ca1..a9bd20b8db496bc1c31318f6819bad479d63f490 100644
--- a/parser/common_optarg.c
+++ b/parser/common_optarg.c
@@ -29,80 +29,98 @@
optflag_table_t dumpflag_table[] = {
{ 1, "rule-exprs", "Dump rule to expr tree conversions",
- DFA_DUMP_RULE_EXPR },
- { 1, "expr-stats", "Dump stats on expr tree", DFA_DUMP_TREE_STATS },
- { 1, "expr-tree", "Dump expression tree", DFA_DUMP_TREE },
+ DUMP_DFA_RULE_EXPR },
+ { 1, "expr-stats", "Dump stats on expr tree", DUMP_DFA_TREE_STATS },
+ { 1, "expr-tree", "Dump expression tree", DUMP_DFA_TREE },
{ 1, "expr-simplified", "Dump simplified expression tree",
- DFA_DUMP_SIMPLE_TREE },
+ DUMP_DFA_SIMPLE_TREE },
{ 1, "stats", "Dump all compile stats",
- DFA_DUMP_TREE_STATS | DFA_DUMP_STATS | DFA_DUMP_TRANS_STATS |
- DFA_DUMP_EQUIV_STATS | DFA_DUMP_DIFF_STATS },
+ DUMP_DFA_TREE_STATS | DUMP_DFA_STATS | DUMP_DFA_TRANS_STATS |
+ DUMP_DFA_EQUIV_STATS | DUMP_DFA_DIFF_STATS },
{ 1, "progress", "Dump progress for all compile phases",
- DFA_DUMP_PROGRESS | DFA_DUMP_STATS | DFA_DUMP_TRANS_PROGRESS |
- DFA_DUMP_TRANS_STATS | DFA_DUMP_DIFF_PROGRESS | DFA_DUMP_DIFF_STATS },
+ DUMP_DFA_PROGRESS | DUMP_DFA_STATS | DUMP_DFA_TRANS_PROGRESS |
+ DUMP_DFA_TRANS_STATS | DUMP_DFA_DIFF_PROGRESS | DUMP_DFA_DIFF_STATS },
{ 1, "dfa-progress", "Dump dfa creation as in progress",
- DFA_DUMP_PROGRESS | DFA_DUMP_STATS },
- { 1, "dfa-stats", "Dump dfa creation stats", DFA_DUMP_STATS },
- { 1, "dfa-states", "Dump dfa state diagram", DFA_DUMP_STATES },
- { 1, "dfa-graph", "Dump dfa dot (graphviz) graph", DFA_DUMP_GRAPH },
- { 1, "dfa-minimize", "Dump dfa minimization", DFA_DUMP_MINIMIZE },
+ DUMP_DFA_PROGRESS | DUMP_DFA_STATS },
+ { 1, "dfa-stats", "Dump dfa creation stats", DUMP_DFA_STATS },
+ { 1, "dfa-states", "Dump final dfa state information", DUMP_DFA_STATES },
+ { 1, "dfa-compressed-states", "Dump compressed dfa state information", DUMP_DFA_COMPTRESSED_STATES },
+ { 1, "dfa-states-initial", "Dump dfa state immediately after initial build", DUMP_DFA_STATES_INIT },
+ { 1, "dfa-states-post-filter", "Dump dfa state immediately after filtering deny", DUMP_DFA_STATES_POST_FILTER },
+ { 1, "dfa-states-post-minimize", "Dump dfa state immediately after initial build", DUMP_DFA_STATES_POST_MINIMIZE },
+ { 1, "dfa-states-post-unreachable", "Dump dfa state immediately after filtering deny", DUMP_DFA_STATES_POST_UNREACHABLE },
+ { 1, "dfa-perms-build", "Dump permission being built from accept node", DUMP_DFA_PERMS },
+ { 1, "dfa-graph", "Dump dfa dot (graphviz) graph", DUMP_DFA_GRAPH },
+ { 1, "dfa-minimize", "Dump dfa minimization", DUMP_DFA_MINIMIZE },
{ 1, "dfa-unreachable", "Dump dfa unreachable states",
- DFA_DUMP_UNREACHABLE },
+ DUMP_DFA_UNREACHABLE },
{ 1, "dfa-node-map", "Dump expr node set to state mapping",
- DFA_DUMP_NODE_TO_DFA },
+ DUMP_DFA_NODE_TO_DFA },
{ 1, "dfa-uniq-perms", "Dump unique perms",
- DFA_DUMP_UNIQ_PERMS },
+ DUMP_DFA_UNIQ_PERMS },
{ 1, "dfa-minimize-uniq-perms", "Dump unique perms post minimization",
- DFA_DUMP_MIN_UNIQ_PERMS },
+ DUMP_DFA_MIN_UNIQ_PERMS },
{ 1, "dfa-minimize-partitions", "Dump dfa minimization partitions",
- DFA_DUMP_MIN_PARTS },
+ DUMP_DFA_MIN_PARTS },
{ 1, "compress-progress", "Dump progress of compression",
- DFA_DUMP_TRANS_PROGRESS | DFA_DUMP_TRANS_STATS },
+ DUMP_DFA_TRANS_PROGRESS | DUMP_DFA_TRANS_STATS },
{ 1, "compress-stats", "Dump stats on compression",
- DFA_DUMP_TRANS_STATS },
- { 1, "compressed-dfa", "Dump compressed dfa", DFA_DUMP_TRANS_TABLE },
+ DUMP_DFA_TRANS_STATS },
+ { 1, "compressed-dfa", "Dump compressed dfa", DUMP_DFA_TRANS_TABLE },
{ 1, "equiv-stats", "Dump equivalence class stats",
- DFA_DUMP_EQUIV_STATS },
- { 1, "equiv", "Dump equivalence class", DFA_DUMP_EQUIV },
+ DUMP_DFA_EQUIV_STATS },
+ { 1, "equiv", "Dump equivalence class", DUMP_DFA_EQUIV },
{ 1, "diff-encode", "Dump differential encoding",
- DFA_DUMP_DIFF_ENCODE },
+ DUMP_DFA_DIFF_ENCODE },
{ 1, "diff-stats", "Dump differential encoding stats",
- DFA_DUMP_DIFF_STATS },
+ DUMP_DFA_DIFF_STATS },
{ 1, "diff-progress", "Dump progress of differential encoding",
- DFA_DUMP_DIFF_PROGRESS | DFA_DUMP_DIFF_STATS },
+ DUMP_DFA_DIFF_PROGRESS | DUMP_DFA_DIFF_STATS },
+ { 1, "rule-merge", "dump information about rule merging", DUMP_RULE_MERGE},
+ { 1, "state32", "Dump encoding 32 bit states",
+ DUMP_DFA_STATE32 },
+ { 1, "flags_table", "Dump encoding flags table",
+ DUMP_DFA_FLAGS_TABLE },
{ 0, NULL, NULL, 0 },
};
-optflag_table_t optflag_table[] = {
+optflag_table_t dfaoptflag_table[] = {
{ 2, "0", "no optimizations",
- DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE |
- DFA_CONTROL_MINIMIZE | DFA_CONTROL_REMOVE_UNREACHABLE |
- DFA_CONTROL_DIFF_ENCODE
+ CONTROL_DFA_TREE_NORMAL | CONTROL_DFA_TREE_SIMPLE |
+ CONTROL_DFA_MINIMIZE | CONTROL_DFA_REMOVE_UNREACHABLE |
+ CONTROL_DFA_DIFF_ENCODE | CONTROL_DFA_STATE32 |
+ CONTROL_DFA_FLAGS_TABLE
},
- { 1, "equiv", "use equivalent classes", DFA_CONTROL_EQUIV },
+ { 1, "equiv", "use equivalent classes", CONTROL_DFA_EQUIV },
{ 1, "expr-normalize", "expression tree normalization",
- DFA_CONTROL_TREE_NORMAL },
+ CONTROL_DFA_TREE_NORMAL },
{ 1, "expr-simplify", "expression tree simplification",
- DFA_CONTROL_TREE_SIMPLE },
+ CONTROL_DFA_TREE_SIMPLE },
{ 0, "expr-left-simplify", "left simplification first",
- DFA_CONTROL_TREE_LEFT },
+ CONTROL_DFA_TREE_LEFT },
{ 2, "expr-right-simplify", "right simplification first",
- DFA_CONTROL_TREE_LEFT },
- { 1, "minimize", "dfa state minimization", DFA_CONTROL_MINIMIZE },
+ CONTROL_DFA_TREE_LEFT },
+ { 1, "minimize", "dfa state minimization", CONTROL_DFA_MINIMIZE },
{ 1, "filter-deny", "filter out deny information from final dfa",
- DFA_CONTROL_FILTER_DENY },
+ CONTROL_DFA_FILTER_DENY },
{ 1, "remove-unreachable", "dfa unreachable state removal",
- DFA_CONTROL_REMOVE_UNREACHABLE },
+ CONTROL_DFA_REMOVE_UNREACHABLE },
{ 0, "compress-small",
"do slower dfa transition table compression",
- DFA_CONTROL_TRANS_HIGH },
+ CONTROL_DFA_TRANS_HIGH },
{ 2, "compress-fast", "do faster dfa transition table compression",
- DFA_CONTROL_TRANS_HIGH },
+ CONTROL_DFA_TRANS_HIGH },
{ 1, "diff-encode", "Differentially encode transitions",
- DFA_CONTROL_DIFF_ENCODE },
+ CONTROL_DFA_DIFF_ENCODE },
+ { 1, "rule-merge", "turn on rule merging", CONTROL_RULE_MERGE},
+ { 1, "state32", "use 32 bit state transitions",
+ CONTROL_DFA_STATE32 },
+ { 1, "flags-table", "use independent flags table",
+ CONTROL_DFA_FLAGS_TABLE },
{ 0, NULL, NULL, 0 },
};
+
void print_flag_table(optflag_table_t *table)
{
int i;
@@ -114,12 +132,14 @@ void print_flag_table(optflag_table_t *table)
printf("%-*s \t%s\n", longest, " show", "show flags that have been set and exit");
for (i = 0; table[i].option; i++) {
- printf("%5s%-*s \t%s\n", (table[i].control & 1) ? "[no-]" : "",
+ printf("%5s%-*s \t%s\n",
+ (table[i].control & OPT_FLAG_CONTROL_PREFIX_NO) ? "[no-]" : "",
longest, table[i].option, table[i].desc);
}
}
-void print_flags(const char *prefix, optflag_table_t *table, dfaflags_t flags)
+void print_flags(const char *prefix, optflag_table_t *table,
+ optflags_t flags)
{
int i, count = 0;
@@ -137,7 +157,7 @@ void print_flags(const char *prefix, optflag_table_t *table, dfaflags_t flags)
}
int handle_flag_table(optflag_table_t *table, const char *optarg,
- dfaflags_t *flags)
+ optflags_t *flags)
{
const char *arg = optarg;
int i, invert = 0;
diff --git a/parser/common_optarg.h b/parser/common_optarg.h
index d10e70109325b5875c69b05d9574917fda7cceae..4e44f5b8f94018764359c7a84a3e42f523aa0127 100644
--- a/parser/common_optarg.h
+++ b/parser/common_optarg.h
@@ -21,25 +21,31 @@
#ifndef __AA_COMMON_OPTARG_H
#define __AA_COMMON_OPTARG_H
+#include "common_flags.h"
#include "libapparmor_re/apparmor_re.h"
+
/*
* flag: 1 - allow no- inversion
* flag: 2 - flags specified should be masked off
*/
+#define OPT_FLAG_CONTROL_PREFIX_NO 1
+#define OPT_FLAG_CONTROL_MASK 2
typedef struct {
int control;
const char *option;
const char *desc;
- dfaflags_t flags;
+ optflags_t flags;
} optflag_table_t;
extern optflag_table_t dumpflag_table[];
-extern optflag_table_t optflag_table[];
+extern optflag_table_t dfaoptflag_table[];
+
-void print_flags(const char *prefix, optflag_table_t *table, dfaflags_t flags);
+void print_flags(const char *prefix, optflag_table_t *table,
+ optflags_t flags);
int handle_flag_table(optflag_table_t *table, const char *optarg,
- dfaflags_t *flags);
+ optflags_t *flags);
void flagtable_help(const char *name, const char *header, const char *command,
optflag_table_t *table);
diff --git a/parser/cond_expr.cc b/parser/cond_expr.cc
new file mode 100644
index 0000000000000000000000000000000000000000..2a7c6ef9464e6f956ead8ec43c8ef24197ab6d49
--- /dev/null
+++ b/parser/cond_expr.cc
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2024
+ * Canonical Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Novell, Inc. or Canonical
+ * Ltd.
+ */
+
+#include "cond_expr.h"
+#include "parser.h"
+
+cond_expr::cond_expr(bool result):
+ result(result)
+{
+}
+
+cond_expr::cond_expr(const char *var, bool defined)
+{
+ char *var_name = process_var(var);
+
+ if (!defined) {
+ int ret = get_boolean_var(var_name);
+ if (ret < 0) {
+ /* FIXME check for set var */
+ free(var_name);
+ yyerror(_("Unset boolean variable %s used in if-expression"), var);
+ }
+ result = ret;
+ } else {
+ void *set_value = get_set_var(var_name);
+ PDEBUG("Matched: defined set expr %s value %lx\n", var_name, (long) set_value);
+ result = !! (long) set_value;
+ }
+ free(var_name);
+}
diff --git a/parser/cond_expr.h b/parser/cond_expr.h
new file mode 100644
index 0000000000000000000000000000000000000000..13bd8d5241db99b842f1aa46bb53e200f69bdef5
--- /dev/null
+++ b/parser/cond_expr.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2024
+ * Canonical Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Novell, Inc. or Canonical
+ * Ltd.
+ */
+
+#ifndef __AA_COND_EXPR_H
+#define __AA_COND_EXPR_H
+
+class cond_expr {
+private:
+ bool result;
+public:
+ cond_expr(bool result);
+ cond_expr(const char *var, bool defined);
+ virtual ~cond_expr()
+ {
+ };
+
+ bool eval(void) { return result; }
+};
+
+#endif /* __AA_COND_EXPR_H */
diff --git a/parser/dbus.cc b/parser/dbus.cc
index d02b90dd2b1503853677929ed1a08f32738c3cc8..6af32d4cd7c052cc08bac85b2a73e3a6714d80af 100644
--- a/parser/dbus.cc
+++ b/parser/dbus.cc
@@ -30,9 +30,9 @@
#include "dbus.h"
-int parse_dbus_mode(const char *str_mode, int *mode, int fail)
+int parse_dbus_perms(const char *str_perms, perm32_t *perms, int fail)
{
- return parse_X_mode("DBus", AA_VALID_DBUS_PERMS, str_mode, mode, fail);
+ return parse_X_perms("DBus", AA_VALID_DBUS_PERMS, str_perms, perms, fail);
}
void dbus_rule::move_conditionals(struct cond_entry *conds)
@@ -66,10 +66,9 @@ void dbus_rule::move_conditionals(struct cond_entry *conds)
}
}
-dbus_rule::dbus_rule(int mode_p, struct cond_entry *conds,
+dbus_rule::dbus_rule(perm32_t perms_p, struct cond_entry *conds,
struct cond_entry *peer_conds):
- bus(NULL), name(NULL), peer_label(NULL), path(NULL), interface(NULL), member(NULL),
- mode(0), audit(0), deny(0)
+ perms_rule_t(AA_CLASS_DBUS), bus(NULL), name(NULL), peer_label(NULL), path(NULL), interface(NULL), member(NULL)
{
int name_is_subject_cond = 0, message_rule = 0, service_rule = 0;
@@ -93,27 +92,27 @@ dbus_rule::dbus_rule(int mode_p, struct cond_entry *conds,
if (message_rule && service_rule)
yyerror("dbus rule contains message conditionals and service conditionals\n");
- /* Copy mode. If no mode was specified, assign an implied mode. */
- if (mode_p) {
- mode = mode_p;
- if (mode & ~AA_VALID_DBUS_PERMS)
- yyerror("mode contains unknown dbus access\n");
- else if (message_rule && (mode & AA_DBUS_BIND))
+ /* Copy perms. If no perms was specified, assign an implied perms. */
+ if (perms_p) {
+ perms = perms_p;
+ if (perms & ~AA_VALID_DBUS_PERMS)
+ yyerror("perms contains unknown dbus access\n");
+ else if (message_rule && (perms & AA_DBUS_BIND))
yyerror("dbus \"bind\" access cannot be used with message rule conditionals\n");
- else if (service_rule && (mode & (AA_DBUS_SEND | AA_DBUS_RECEIVE)))
+ else if (service_rule && (perms & (AA_DBUS_SEND | AA_DBUS_RECEIVE)))
yyerror("dbus \"send\" and/or \"receive\" accesses cannot be used with service rule conditionals\n");
- else if (mode & AA_DBUS_EAVESDROP &&
+ else if (perms & AA_DBUS_EAVESDROP &&
(path || interface || member ||
peer_label || name)) {
yyerror("dbus \"eavesdrop\" access can only contain a bus conditional\n");
}
} else {
if (message_rule)
- mode = (AA_DBUS_SEND | AA_DBUS_RECEIVE);
+ perms = (AA_DBUS_SEND | AA_DBUS_RECEIVE);
else if (service_rule)
- mode = (AA_DBUS_BIND);
+ perms = (AA_DBUS_BIND);
else
- mode = AA_VALID_DBUS_PERMS;
+ perms = AA_VALID_DBUS_PERMS;
}
free_cond_list(conds);
@@ -122,26 +121,23 @@ dbus_rule::dbus_rule(int mode_p, struct cond_entry *conds,
ostream &dbus_rule::dump(ostream &os)
{
- if (audit)
- os << "audit ";
- if (deny)
- os << "deny ";
+ class_rule_t::dump(os);
- os << "dbus ( ";
-
- if (mode & AA_DBUS_SEND)
+ os << " ( ";
+ /* override default perms */
+ if (perms & AA_DBUS_SEND)
os << "send ";
- if (mode & AA_DBUS_RECEIVE)
+ if (perms & AA_DBUS_RECEIVE)
os << "receive ";
- if (mode & AA_DBUS_BIND)
+ if (perms & AA_DBUS_BIND)
os << "bind ";
- if (mode & AA_DBUS_EAVESDROP)
+ if (perms & AA_DBUS_EAVESDROP)
os << "eavesdrop ";
os << ")";
if (bus)
os << " bus=\"" << bus << "\"";
- if ((mode & AA_DBUS_BIND) && name)
+ if ((perms & AA_DBUS_BIND) && name)
os << " name=\"" << name << "\"";
if (path)
os << " path=\"" << path << "\"";
@@ -150,7 +146,7 @@ ostream &dbus_rule::dump(ostream &os)
if (member)
os << " member=\"" << member << "\"";
- if (!(mode & AA_DBUS_BIND) && (peer_label || name)) {
+ if (!(perms & AA_DBUS_BIND) && (peer_label || name)) {
os << " peer=( ";
if (peer_label)
os << "label=\"" << peer_label << "\" ";
@@ -277,24 +273,25 @@ int dbus_rule::gen_policy_re(Profile &prof)
vec[5] = default_match_pattern;
}
- if (mode & AA_DBUS_BIND) {
- if (!prof.policy.rules->add_rule_vec(deny, mode & AA_DBUS_BIND,
- audit & AA_DBUS_BIND,
- 2, vec, dfaflags, false))
+ if (perms & AA_DBUS_BIND) {
+ if (!prof.policy.rules->add_rule_vec(priority, rule_mode,
+ perms & AA_DBUS_BIND,
+ audit == AUDIT_FORCE ? perms & AA_DBUS_BIND : 0,
+ 2, vec, parseopts, false))
goto fail;
}
- if (mode & (AA_DBUS_SEND | AA_DBUS_RECEIVE)) {
- if (!prof.policy.rules->add_rule_vec(deny,
- mode & (AA_DBUS_SEND | AA_DBUS_RECEIVE),
- audit & (AA_DBUS_SEND | AA_DBUS_RECEIVE),
- 6, vec, dfaflags, false))
+ if (perms & (AA_DBUS_SEND | AA_DBUS_RECEIVE)) {
+ if (!prof.policy.rules->add_rule_vec(priority, rule_mode,
+ perms & (AA_DBUS_SEND | AA_DBUS_RECEIVE),
+ audit == AUDIT_FORCE ? perms & (AA_DBUS_SEND | AA_DBUS_RECEIVE) : 0,
+ 6, vec, parseopts, false))
goto fail;
}
- if (mode & AA_DBUS_EAVESDROP) {
- if (!prof.policy.rules->add_rule_vec(deny,
- mode & AA_DBUS_EAVESDROP,
- audit & AA_DBUS_EAVESDROP,
- 1, vec, dfaflags, false))
+ if (perms & AA_DBUS_EAVESDROP) {
+ if (!prof.policy.rules->add_rule_vec(priority, rule_mode,
+ perms & AA_DBUS_EAVESDROP,
+ audit == AUDIT_FORCE ? perms & AA_DBUS_EAVESDROP : 0,
+ 1, vec, parseopts, false))
goto fail;
}
diff --git a/parser/dbus.h b/parser/dbus.h
index f736cc3e42074766ef89bb7186f224b5c395dfeb..9d978d97de49f704894fc1b564c6d8bc54839915 100644
--- a/parser/dbus.h
+++ b/parser/dbus.h
@@ -23,9 +23,9 @@
#include "rule.h"
#include "profile.h"
-extern int parse_dbus_mode(const char *str_mode, int *mode, int fail);
+extern int parse_dbus_perms(const char *str_mode, perm32_t *mode, int fail);
-class dbus_rule: public rule_t {
+class dbus_rule: public perms_rule_t {
void move_conditionals(struct cond_entry *conds);
public:
char *bus;
@@ -39,11 +39,8 @@ public:
char *path;
char *interface;
char *member;
- int mode;
- int audit;
- int deny;
- dbus_rule(int mode_p, struct cond_entry *conds,
+ dbus_rule(perm32_t perms_p, struct cond_entry *conds,
struct cond_entry *peer_conds);
virtual ~dbus_rule() {
free(bus);
@@ -53,11 +50,43 @@ public:
free(interface);
free(member);
};
+ virtual bool valid_prefix(const prefixes &p, const char *&error) {
+ if (p.owner != OWNER_UNSPECIFIED) {
+ error = "owner prefix not allowed on dbus rules";
+ return false;
+ }
+ return true;
+ };
virtual ostream &dump(ostream &os);
virtual int expand_variables(void);
virtual int gen_policy_re(Profile &prof);
- virtual void post_process(Profile &prof unused) { };
+
+ virtual bool is_mergeable(void) { return true; }
+ virtual int cmp(rule_t const &rhs) const
+ {
+ int res = perms_rule_t::cmp(rhs);
+ if (res)
+ return res;
+ dbus_rule const &trhs = (rule_cast<dbus_rule const &>(rhs));
+ res = null_strcmp(bus, trhs.bus);
+ if (res)
+ return res;
+ res = null_strcmp(name, trhs.name);
+ if (res)
+ return res;
+ res = null_strcmp(peer_label, trhs.peer_label);
+ if (res)
+ return res;
+ res = null_strcmp(path, trhs.path);
+ if (res)
+ return res;
+ res = null_strcmp(interface, trhs.interface);
+ if (res)
+ return res;
+ return null_strcmp(member, trhs.member);
+ };
+
protected:
virtual void warn_once(const char *name) override;
diff --git a/parser/immunix.h b/parser/immunix.h
index 9039817b99566d4a134c814105087c6586f0f308..11af2ced629de7ae6e69915df0cd301b4510d8f6 100644
--- a/parser/immunix.h
+++ b/parser/immunix.h
@@ -95,10 +95,16 @@
#define ALL_USER_EXEC (AA_USER_EXEC | AA_USER_EXEC_TYPE)
#define ALL_OTHER_EXEC (AA_OTHER_EXEC | AA_OTHER_EXEC_TYPE)
+#define AA_USER_EXEC_INHERIT (AA_EXEC_INHERIT << AA_USER_SHIFT)
+#define AA_OTHER_EXEC_INHERIT (AA_EXEC_INHERIT << AA_OTHER_SHIFT)
+
+#define AA_USER_EXEC_MMAP (AA_OLD_EXEC_MMAP << AA_USER_SHIFT)
+#define AA_OTHER_EXEC_MMAP (AA_OLD_EXEC_MMAP << AA_OTHER_SHIFT)
+
#define AA_LINK_BITS ((AA_OLD_MAY_LINK << AA_USER_SHIFT) | \
(AA_OLD_MAY_LINK << AA_OTHER_SHIFT))
-#define SHIFT_MODE(MODE, SHIFT) ((((MODE) & AA_BASE_PERMS) << (SHIFT))\
+#define SHIFT_PERMS(MODE, SHIFT) ((((MODE) & AA_BASE_PERMS) << (SHIFT))\
| ((MODE) & ~AA_FILE_PERMS))
#define SHIFT_TO_BASE(MODE, SHIFT) ((((MODE) & AA_FILE_PERMS) >> (SHIFT))\
| ((MODE) & ~AA_FILE_PERMS))
@@ -175,6 +181,28 @@ static inline int is_merged_x_consistent(int a, int b)
return 1;
}
+/* Arbitrary max and minimum priority that userspace can specify,
+ * internally we handle up to MAX_INTERNAL_PRIORITY and
+ * MIN_INTERNAL_PRIORITY. Do not ever allow INT_MAX, or INT_MIN
+ * because cmp uses subtraction and it can cause overflow. Ensure we
+ * don't over/underflow make internal max/min one more than allowed on
+ * rules.
+ *
+ * see
+ * note on mediates_priority
+ */
+#define MIN_POLICY_PRIORITY (-1000)
+#define MAX_POLICY_PRIORITY (1000)
+
+/* internally we need a priority that any policy based rule can override
+ * and a priority that no policy based rule can override. These are
+ * used on rules encoding what abi/classes are supported by the
+ * compiled policy.
+ */
+#define MIN_INTERNAL_PRIORITY (MIN_POLICY_PRIORITY - 1)
+#define MAX_INTERNAL_PRIORITY (MAX_POLICY_PRIORITY + 1)
+
+
#endif /* ! _IMMUNIX_H */
/* LocalWords: MMAP
diff --git a/parser/io_uring.cc b/parser/io_uring.cc
new file mode 100644
index 0000000000000000000000000000000000000000..60b8c2579f04074e986ab9fb76d446153509dd3d
--- /dev/null
+++ b/parser/io_uring.cc
@@ -0,0 +1,151 @@
+/*
+ * Copyright (c) 2023
+ * Canonical Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Canonical Ltd.
+ */
+
+#include "common_optarg.h"
+#include "parser.h"
+#include "profile.h"
+#include "io_uring.h"
+
+#include <iomanip>
+#include <string>
+#include <iostream>
+#include <sstream>
+
+void io_uring_rule::move_conditionals(struct cond_entry *conds)
+{
+ struct cond_entry *cond_ent;
+
+ list_for_each(conds, cond_ent) {
+ /* disallow keyword 'in' (list) */
+ if (!cond_ent->eq)
+ yyerror("keyword \"in\" is not allowed in io_uring rules\n");
+
+ if (list_len(cond_ent->vals) > 1)
+ yyerror("io_uring conditional \"%s\" only supports a single value\n",
+ cond_ent->name);
+
+ if (strcmp(cond_ent->name, "label") == 0) {
+ move_conditional_value("io_uring", &label, cond_ent);
+ } else {
+ yyerror("invalid io_uring conditional \"%s\"\n",
+ cond_ent->name);
+ }
+ }
+}
+
+io_uring_rule::io_uring_rule(perm32_t perms_p, struct cond_entry *conds, struct cond_entry *ring_conds):
+ perms_rule_t(AA_CLASS_IO_URING), label(NULL)
+{
+ if (perms_p) {
+ if (perms_p & ~AA_VALID_IO_URING_PERMS) {
+ yyerror("perms contains invalid permissions for io_uring\n");
+ }
+ perms = perms_p;
+
+ } else {
+ /* default to all perms */
+ perms = AA_VALID_IO_URING_PERMS;
+ }
+ move_conditionals(conds);
+ move_conditionals(ring_conds);
+ free_cond_list(conds);
+ free_cond_list(ring_conds);
+}
+
+ostream &io_uring_rule::dump(ostream &os)
+{
+ class_rule_t::dump(os);
+
+ if (perms != AA_VALID_IO_URING_PERMS) {
+ os << " ( ";
+
+ if (perms & AA_IO_URING_OVERRIDE_CREDS)
+ os << "override_creds ";
+ if (perms & AA_IO_URING_SQPOLL)
+ os << " sqpoll ";
+
+ os << ")";
+ }
+
+ if (label)
+ os << " label=" << label;
+
+ os << ",\n";
+
+ return os;
+}
+
+
+int io_uring_rule::expand_variables(void)
+{
+ return 0;
+}
+
+void io_uring_rule::warn_once(const char *name)
+{
+ rule_t::warn_once(name, "io_uring rules not enforced");
+}
+
+int io_uring_rule::gen_policy_re(Profile &prof)
+{
+ std::ostringstream buffer;
+ std::string buf, labelbuf;
+
+ if (!features_supports_io_uring) {
+ warn_once(prof.name);
+ return RULE_NOT_SUPPORTED;
+ }
+
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << AA_CLASS_IO_URING;
+ buf = buffer.str();
+
+ if (label) {
+ if (!convert_entry(labelbuf, label))
+ goto fail;
+ buffer << labelbuf;
+ } else {
+ buffer << default_match_pattern;
+ }
+
+ if (perms & AA_VALID_IO_URING_PERMS) {
+ if (!prof.policy.rules->add_rule(buf.c_str(), priority,
+ rule_mode, perms,
+ audit == AUDIT_FORCE ? perms : 0,
+ parseopts))
+ goto fail;
+ /* add a mediates_io_uring rule for every rule added. It
+ * needs to be the same priority
+ */
+ if (!prof.policy.rules->add_rule(buf.c_str(), priority,
+ RULE_ALLOW, AA_MAY_READ, 0,
+ parseopts))
+ goto fail;
+
+ if (perms & AA_IO_URING_OVERRIDE_CREDS) {
+ buf = buffer.str(); /* update buf to have label */
+ if (!prof.policy.rules->add_rule(buf.c_str(),
+ priority, rule_mode,
+ perms, audit == AUDIT_FORCE ? perms : 0,
+ parseopts))
+ goto fail;
+ }
+
+ }
+ return RULE_OK;
+fail:
+ return RULE_ERROR;
+}
diff --git a/parser/io_uring.h b/parser/io_uring.h
new file mode 100644
index 0000000000000000000000000000000000000000..b1d0944242e9027d08f241b40001fdf6532b611d
--- /dev/null
+++ b/parser/io_uring.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2023
+ * Canonical Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Canonical Ltd.
+ */
+
+#ifndef __AA_IO_URING_H
+#define __AA_IO_URING_H
+
+#include "parser.h"
+
+#define AA_IO_URING_OVERRIDE_CREDS AA_MAY_APPEND
+#define AA_IO_URING_SQPOLL AA_MAY_CREATE
+
+#define AA_VALID_IO_URING_PERMS (AA_IO_URING_OVERRIDE_CREDS | \
+ AA_IO_URING_SQPOLL)
+
+class io_uring_rule: public perms_rule_t {
+ void move_conditionals(struct cond_entry *conds);
+public:
+ char *label;
+
+ io_uring_rule(perm32_t perms, struct cond_entry *conds, struct cond_entry *ring_conds);
+ virtual ~io_uring_rule()
+ {
+ free(label);
+ };
+
+ virtual bool valid_prefix(const prefixes &p, const char *&error) {
+ if (p.owner) {
+ error = _("owner prefix not allowed on io_uring rules");
+ return false;
+ }
+ return true;
+ };
+
+ virtual ostream &dump(ostream &os);
+ virtual int expand_variables(void);
+ virtual int gen_policy_re(Profile &prof);
+
+ virtual bool is_mergeable(void) { return true; }
+ virtual int cmp(rule_t const &rhs) const
+ {
+ int res = perms_rule_t::cmp(rhs);
+ if (res)
+ return res;
+ return null_strcmp(label,
+ (rule_cast<io_uring_rule const &>(rhs)).label);
+ };
+
+protected:
+ virtual void warn_once(const char *name) override;
+};
+
+#endif /* __AA_IO_URING_H */
diff --git a/parser/libapparmor_re/Makefile b/parser/libapparmor_re/Makefile
index 4cf11a6a960ee397df8b418d150e969c3b126544..43d0cee5c315201b84febd7faace385222439215 100644
--- a/parser/libapparmor_re/Makefile
+++ b/parser/libapparmor_re/Makefile
@@ -14,6 +14,14 @@ AR ?= ar
CFLAGS ?= -g -Wall -O2 ${EXTRA_CFLAGS} -std=gnu++0x
CXXFLAGS := ${CFLAGS} ${INCLUDE_APPARMOR}
+LIB_HDRS = aare_rules.h flex-tables.h apparmor_re.h hfa.h chfa.h parse.h \
+ expr-tree.h policy_compat.h
+
+OTHER_HDRS = ../common_optarg.h ../common_flags.h ../immunix.h \
+ ../policydb.h ../perms.h ../rule.h
+
+HDRS = ${LIB_HDRS} ${OTHER_HDRS}
+
ARFLAGS=-rcs
BISON := bison
@@ -22,20 +30,22 @@ all : ${TARGET}
UNITTESTS = tst_parse
-libapparmor_re.a: parse.o expr-tree.o hfa.o chfa.o aare_rules.o
+libapparmor_re.a: parse.o expr-tree.o hfa.o chfa.o aare_rules.o policy_compat.o
${AR} ${ARFLAGS} $@ $^
expr-tree.o: expr-tree.cc expr-tree.h
-hfa.o: hfa.cc apparmor_re.h hfa.h ../immunix.h
+hfa.o: hfa.cc ${HDRS}
+
+aare_rules.o: aare_rules.cc ${HDRS}
-aare_rules.o: aare_rules.cc aare_rules.h apparmor_re.h expr-tree.h hfa.h chfa.h parse.h ../immunix.h
+chfa.o: chfa.cc ${HDRS}
-chfa.o: chfa.cc chfa.h ../immunix.h
+policy_compat.o: policy_compat.cc ${HDRS}
-parse.o : parse.cc apparmor_re.h expr-tree.h
+parse.o : parse.cc ${HDRS}
-parse.cc : parse.y parse.h flex-tables.h ../immunix.h
+parse.cc : parse.y ${HDRS}
${BISON} -o $@ $<
clean:
diff --git a/parser/libapparmor_re/README b/parser/libapparmor_re/README
index a08ba9b4454b6cffb3bd007b176a72d30d22e04c..6153fdaa2b5c5d9427a1cc3cc678dd636841c95e 100644
--- a/parser/libapparmor_re/README
+++ b/parser/libapparmor_re/README
@@ -10,37 +10,70 @@ aare_rules.{h,cc} - code to that binds parse -> expr-tree -> hfa generation
-> chfa generation into a basic interface for converting
rules to a runtime ready state machine.
-Regular Expression Scanner Generator
-====================================
-
-Notes in the scanner File Format
---------------------------------
+Notes on the compress hfa file format (chfa)
+==============================================
The file format used is based on the GNU flex table file format
(--tables-file option; see Table File Format in the flex info pages and
the flex sources for documentation). The magic number used in the header
is set to 0x1B5E783D instead of 0xF13C57B1 though, which is meant to
indicate that the file format logically is not the same: the YY_ID_CHK
-(check) and YY_ID_DEF (default) tables are used differently.
+(check) and YY_ID_DEF (default), YY_ID_BASE tables are used differently.
+
+The YY_ID_ACCEPTX tables either encode permissions directly, or are an
+index, into an external tables.
+
+There are two DFA table formats to support different size state machines
+DFA16
+ default/next/check - are 16 bit tables
+DFA32
+ default/next/check - are 32 bit tables
+
+ DFA32 is limited to 2^24 states, due to the upper 8 bits being used
+ as flags in the base table, unless the flags table is defined. When
+ the flags table is defined, DFA32 can have a full 2^32 states.
+
+In both DFA16 and DFA32
+ base and accept are 32 bit tables.
+
+State 0 is always used as the trap state. Its accept, base and default
+fields should be 0.
+
+State 1 is the default start state. Alternate start states are stored
+external to the state machine.
+
+If the flags table is not defined, the base table uses the lower 24
+bits as index into the next/check tables, and the upper 8 bits are used
+as flags.
-Flex uses state compression to store only the differences between states
-for states that are similar. The amount of compression influences the parse
-speed.
+The currently defined flags are
+#define MATCH_FLAG_DIFF_ENCODE 0x80000000
+#define MARK_DIFF_ENCODE 0x40000000
+#define MATCH_FLAG_OOB_TRANSITION 0x20000000
+
+Note the default[state] is used in two different ways.
+
+1. When diff_encode is set, the state stores the difference to another
+ state defined by default. The next field will only store the
+ transitions that are unique to this state. Those transition may mask
+ transitions in the state that the current state is relative to, also
+ note the state that this state is relative might also be relative to
+ another state. Cycles are forbidden and checked for by the verifier.
+ The exact algorithm used to build these state difference will be
+ discussed in another section.
-The following two states could be stored as in the tables outlined
-below:
States and transitions on specific characters to next states
------------------------------------------------------------
1: ('a' => 2, 'b' => 3, 'c' => 4)
2: ('a' => 2, 'b' => 3, 'd' => 5)
-Flex-like table format
+Table format - where D in base represnts Diff encode flag
----------------------
index: (default, base)
0: ( 0, 0) <== dummy state (nonmatching)
1: ( 0, 0)
- 2: ( 1, 256)
+ 2: ( 1, D 256)
index: (next, check)
0: ( 0, 0) <== unused entry
@@ -55,66 +88,74 @@ index: (default, base)
Here, state 2 is described as ('c' => 0, 'd' => 5), and everything else
as in state 1. The matching algorithm is as follows.
-Flex-like scanner algorithm
+Scanner algorithm
---------------------------
/* current state is in <state>, input character <c> */
- while (check[base[state] + c] != state)
- state = default[state];
- state = next[state];
- /* continue with the next input character */
-This state compression algorithm performs well, except when there are
-many inverted or wildcard matches ("[^x]", "."). Each input character
-may cause several iterations in the while loop.
+ while (check[base[state] + c] != state) {
+ diff = (FLAGS(base) & diff_encode);
+ state = default[state];
+ if (!diff)
+ goto done;
+ }
+ state = next[base[state] + c];
+ done:
+ /* continue with the next input character */
-We will have many inverted character classes ("[^/]") that wouldn't
-compress very well. Therefore, the regexp matcher uses no state
-compression, and uses the check and default tables differently. The
-above states could be stored as follows:
+2. When diff_encode is NOT set, the default state is used to represent
+ all none matching transitions (ie. check[base[state] + c] != state).
+ The dfa build will compute the transition with the most transitions
+ and use that for the default state. ie.
-Regexp table format
--------------------
+ if we have
+ 1: ('a' => 2)
+ ("[^a]" => 0)
+ then 0 will be used as the default state
-index: (default, base)
- 0: ( 0, 0) <== dummy state (nonmatching)
- 1: ( 0, 0)
- 2: ( 1, 3)
+ if we have
+ 1: ("[^a]" => 2)
+ ('a' => 0)
+ then 2 will be used as the default state, and the only state encoded
+ in the next/check tables will be for 'a'
- index: (next, check)
- 0: ( 0, 0) <== unused entry
- ( 0, 0) <== ord('a') identical, unused entries
- 0+'a': ( 2, 1)
- 0+'b': ( 3, 1)
- 0+'c': ( 4, 1)
- 3+'a': ( 2, 2)
- 3+'b': ( 3, 2)
- 3+'c': ( 0, 0) <== entry is unused
- 3+'d': ( 5, 2)
- ( 0, 0) <== (255 - ord('d')) identical, unused entries
+The combination of the diff-encoded and non-diff encoded states performs
+well even when there are many inverted or wildcard matches ("[^x]", ".").
-All the entries with 0 in check (except the first entry, which is
-deliberately reserved) are still available for other states that
-fit in there.
-Regexp scanner algorithm
+Simplified Regexp scanner algorithm for non-diff encoded state (note
+diff encode algorithm above works as well)
+
------------------------
/* current state is in <state>, matching character <c> */
if (check[base[state] + c] == state)
- state = next[state];
+ state = next[base[state] + c];
else
state = default[state];
/* continue with the next input character */
-This representation and algorithm allows states which match more
-characters than they do not match to be represented as their inverse.
-For example, a third state that accepts everything other than 'a' can
-be added to the tables as one entry in (default, base) and one entry in
-(next, check):
-State
------
- 3: ('a' => 0, everything else => 5)
+Each input character may cause several iterations in the while loop,
+but due to guarantees in the build at most 2n states will be
+transitioned for n input characters. The expected number of states
+walked is much closer to n and in practice due to cache locality the
+diff encoded state machine is usually faster than a non-diff encoded
+state machine with a strict n state for n input walk.
+
+
+Comb Compression
+-----------------
+
+The next/check tables of states are only used to encode transitions
+not covered by the default transition. The input byte is indexed off
+the base value, covering 256 positions within the next/check
+tables. However a state may only encode a few transitions within that
+range, leaving holes. These holes are filled by other states
+transitions whose range will overlap.
+
+ 1: ('a' => 2, 'b' => 3, 'c' => 4)
+ 2: ('a' => 2, 'b' => 3, 'd' => 5)
+ 3: ('a' => 0, everything else => 5)
Regexp tables
-------------
@@ -132,12 +173,65 @@ index: (default, base)
0+'c': ( 4, 1)
3+'a': ( 2, 2)
3+'b': ( 3, 2)
- 3+'c': ( 0, 0) <== entry is unused
+ 3+'c': ( 0, 0) <== entry is unused, hole that could be filled
3+'d': ( 5, 2)
7+'a': ( 0, 3)
( 0, 0) <== (255 - ord('a')) identical, unused entries
-While the current code does not implement any form of state compression,
-the flex state compression representation could be combined by
-remembering (in a bit per state, for example) which default entries
-refer to inverted matches, and which refer to parent states.
+
+Regexp tables comb compressed
+-------------
+index: (default, base)
+ 0: ( 0, 0)
+ 1: ( 0, 0)
+ 2: ( 1, 3)
+ 3: ( 5, 5)
+
+ index: (next, check)
+ 0: ( 0, 0)
+ ( 0, 0)
+ 0+'a': ( 2, 1)
+ 0+'b': ( 3, 1)
+ 0+'c': ( 4, 1)
+ 3+'a': ( 2, 2)
+ 3+'b': ( 3, 2)
+ 5+'a': ( 0, 3) <== entry was previously at 7+'a'
+ 3+'d': ( 5, 2)
+ ( 0, 0) <== (255 - ord('a')) identical, unused entries
+
+
+Out of Band Transitions (oobs)
+---------------------------------
+
+Out of band transitions (oobs) allow for a state to have transitions
+that can not be triggered by input. Any state that has oobs must have
+the OOB flag set on the state. An oob is triggered by subtracting the
+oob number from the the base index value, to find the next and check
+value. Current only single oob is supported. And all states using
+an oob must have the oob flag set.
+
+ if ((FLAG(base) & OOB) && check[base[state] - oob] == state)
+ state = next[base[state]] - oob]
+
+oobs might be expressed as a negative number eg. -1 for the first
+oob. In which case the oob transition above uses a + oob instead.
+
+If more oobs are needed a second oob flag can be allocated, and if
+used in combination with the original, would allow a state to have
+up to 3 oobs
+
+ 00 - none
+ 01 - 1
+ 10 - 2
+ 11 - 3
+
+
+Diff Encode Spanning Tree
+============================================
+To build the state machine with diff encoded states and to still meet
+run time guaratees about traversing no more than 2n states for n input
+a spanning tree is use.
+
+* TODO *
+
+
diff --git a/parser/libapparmor_re/aare_rules.cc b/parser/libapparmor_re/aare_rules.cc
index b250e101394a7045dc613c26db4216ab0ba30095..d5546dde41d46355e1bdd993fa34249820e35dc0 100644
--- a/parser/libapparmor_re/aare_rules.cc
+++ b/parser/libapparmor_re/aare_rules.cc
@@ -44,10 +44,11 @@ aare_rules::~aare_rules(void)
expr_map.clear();
}
-bool aare_rules::add_rule(const char *rule, int deny, uint32_t perms,
- uint32_t audit, dfaflags_t flags)
+bool aare_rules::add_rule(const char *rule, int priority, rule_mode_t mode,
+ perm32_t perms, perm32_t audit, optflags const &opts)
{
- return add_rule_vec(deny, perms, audit, 1, &rule, flags, false);
+ return add_rule_vec(priority, mode, perms, audit, 1, &rule, opts,
+ false);
}
void aare_rules::add_to_rules(Node *tree, Node *perms)
@@ -71,9 +72,9 @@ static Node *cat_with_oob_separator(Node *l, Node *r)
return new CatNode(new CatNode(l, new CharNode(transchar(-1, true))), r);
}
-bool aare_rules::add_rule_vec(int deny, uint32_t perms, uint32_t audit,
- int count, const char **rulev, dfaflags_t flags,
- bool oob)
+bool aare_rules::add_rule_vec(int priority, rule_mode_t mode, perm32_t perms,
+ perm32_t audit, int count, const char **rulev,
+ optflags const &opts, bool oob)
{
Node *tree = NULL, *accept;
int exact_match;
@@ -100,7 +101,6 @@ bool aare_rules::add_rule_vec(int deny, uint32_t perms, uint32_t audit,
if ((*i)->is_type(NODE_TYPE_STAR) ||
(*i)->is_type(NODE_TYPE_PLUS) ||
(*i)->is_type(NODE_TYPE_ANYCHAR) ||
- (*i)->is_type(NODE_TYPE_CHARSET) ||
(*i)->is_type(NODE_TYPE_NOTCHARSET))
exact_match = 0;
}
@@ -108,9 +108,9 @@ bool aare_rules::add_rule_vec(int deny, uint32_t perms, uint32_t audit,
if (reverse)
flip_tree(tree);
- accept = unique_perms.insert(deny, perms, audit, exact_match);
+ accept = unique_perms.insert(priority, mode, perms, audit, exact_match);
- if (flags & DFA_DUMP_RULE_EXPR) {
+ if (opts.dump & DUMP_DFA_RULE_EXPR) {
const char *separator;
if (oob)
separator = "\\-x01";
@@ -124,8 +124,12 @@ bool aare_rules::add_rule_vec(int deny, uint32_t perms, uint32_t audit,
}
cerr << " -> ";
tree->dump(cerr);
- if (deny)
+ // TODO: split out from prefixes class
+ cerr << " priority=" << priority;
+ if (mode == RULE_DENY)
cerr << " deny";
+ else if (mode == RULE_PROMPT)
+ cerr << " prompt";
cerr << " (0x" << hex << perms <<"/" << audit << dec << ")";
accept->dump(cerr);
cerr << "\n\n";
@@ -152,13 +156,13 @@ err:
* advanced by a null character for each xattr.
*/
bool aare_rules::append_rule(const char *rule, bool oob, bool with_perm,
- dfaflags_t flags)
+ optflags const &opts)
{
Node *tree = NULL;
if (regex_parse(&tree, rule))
return false;
- if (flags & DFA_DUMP_RULE_EXPR) {
+ if (opts.dump & DUMP_DFA_RULE_EXPR) {
cerr << "rule: ";
cerr << rule;
cerr << " -> ";
@@ -190,29 +194,29 @@ bool aare_rules::append_rule(const char *rule, bool oob, bool with_perm,
return true;
}
-/* create a dfa from the ruleset
+/* create a chfa from the ruleset
* returns: buffer contain dfa tables, @size set to the size of the tables
* else NULL on failure, @min_match_len set to the shortest string
* that can match the dfa for determining xmatch priority.
*/
-void *aare_rules::create_dfa(size_t *size, int *min_match_len, dfaflags_t flags,
- bool filedfa)
+CHFA *aare_rules::create_chfa(int *min_match_len,
+ vector <aa_perms> &perms_table,
+ optflags const &opts, bool filedfa,
+ bool extended_perms, bool prompt)
{
- char *buffer = NULL;
-
/* finish constructing the expr tree from the different permission
* set nodes */
PermExprMap::iterator i = expr_map.begin();
if (i != expr_map.end()) {
- if (flags & DFA_CONTROL_TREE_SIMPLE) {
- Node *tmp = simplify_tree(i->second, flags);
+ if (opts.control & CONTROL_DFA_TREE_SIMPLE) {
+ Node *tmp = simplify_tree(i->second, opts);
root = new CatNode(tmp, i->first);
} else
root = new CatNode(i->second, i->first);
for (i++; i != expr_map.end(); i++) {
Node *tmp;
- if (flags & DFA_CONTROL_TREE_SIMPLE) {
- tmp = simplify_tree(i->second, flags);
+ if (opts.control & CONTROL_DFA_TREE_SIMPLE) {
+ tmp = simplify_tree(i->second, opts);
} else
tmp = i->second;
root = new AltNode(root, new CatNode(tmp, i->first));
@@ -226,89 +230,140 @@ void *aare_rules::create_dfa(size_t *size, int *min_match_len, dfaflags_t flags,
* this debug dump.
*/
label_nodes(root);
- if (flags & DFA_DUMP_TREE) {
+ if (opts.dump & DUMP_DFA_TREE) {
cerr << "\nDFA: Expression Tree\n";
root->dump(cerr);
cerr << "\n\n";
}
- if (flags & DFA_CONTROL_TREE_SIMPLE) {
+ if (opts.control & CONTROL_DFA_TREE_SIMPLE) {
/* This is old total tree, simplification point
* For now just do simplification up front. It gets most
* of the benefit running on the smaller chains, and is
* overall faster because there are less nodes. Reevaluate
* once tree simplification is rewritten
*/
- //root = simplify_tree(root, flags);
+ //root = simplify_tree(root, opts);
- if (flags & DFA_DUMP_SIMPLE_TREE) {
+ if (opts.dump & DUMP_DFA_SIMPLE_TREE) {
cerr << "\nDFA: Simplified Expression Tree\n";
root->dump(cerr);
cerr << "\n\n";
}
}
- stringstream stream;
+ CHFA *chfa = NULL;
try {
- DFA dfa(root, flags, filedfa);
- if (flags & DFA_DUMP_UNIQ_PERMS)
+ DFA dfa(root, opts, filedfa);
+ if (opts.dump & DUMP_DFA_UNIQ_PERMS)
dfa.dump_uniq_perms("dfa");
- if (flags & DFA_CONTROL_MINIMIZE) {
- dfa.minimize(flags);
+ if (opts.dump & DUMP_DFA_STATES_INIT)
+ dfa.dump(cerr, NULL);
- if (flags & DFA_DUMP_MIN_UNIQ_PERMS)
- dfa.dump_uniq_perms("minimized dfa");
+ /* since we are building a chfa, use the info about
+ * whether the chfa supports extended perms to help
+ * determine whether we clear the deny info.
+ * This will let us build the minimal dfa for the
+ * information supported by the backed
+ */
+ if (!extended_perms ||
+ ((opts.control & CONTROL_DFA_FILTER_DENY))) {
+ dfa.apply_and_clear_deny();
+ if (opts.dump & DUMP_DFA_STATES_POST_FILTER)
+ dfa.dump(cerr, NULL);
}
-
- if (flags & DFA_CONTROL_FILTER_DENY &&
- flags & DFA_CONTROL_MINIMIZE &&
- dfa.apply_and_clear_deny()) {
- /* Do a second minimization pass as removal of deny
- * information has moved some states from accepting
- * to none accepting partitions
- *
- * TODO: add this as a tail pass to minimization
- * so we don't need to do a full second pass
- */
- dfa.minimize(flags);
-
- if (flags & DFA_DUMP_MIN_UNIQ_PERMS)
+ if (opts.control & CONTROL_DFA_MINIMIZE) {
+ dfa.minimize(opts);
+ if (opts.dump & DUMP_DFA_MIN_UNIQ_PERMS)
dfa.dump_uniq_perms("minimized dfa");
+ if (opts.dump & DUMP_DFA_STATES_POST_MINIMIZE)
+ dfa.dump(cerr, NULL);
}
- if (flags & DFA_CONTROL_REMOVE_UNREACHABLE)
- dfa.remove_unreachable(flags);
-
- if (flags & DFA_DUMP_STATES)
- dfa.dump(cerr);
+ if (opts.control & CONTROL_DFA_REMOVE_UNREACHABLE) {
+ dfa.remove_unreachable(opts);
+ if (opts.dump & DUMP_DFA_STATES_POST_UNREACHABLE)
+ dfa.dump(cerr, NULL);
+ }
+ if (opts.dump & DUMP_DFA_STATES)
+ dfa.dump(cerr, NULL);
- if (flags & DFA_DUMP_GRAPH)
+ if (opts.dump & DUMP_DFA_GRAPH)
dfa.dump_dot_graph(cerr);
map<transchar, transchar> eq;
- if (flags & DFA_CONTROL_EQUIV) {
- eq = dfa.equivalence_classes(flags);
+ if (opts.control & CONTROL_DFA_EQUIV) {
+ eq = dfa.equivalence_classes(opts);
dfa.apply_equivalence_classes(eq);
- if (flags & DFA_DUMP_EQUIV) {
+ if (opts.dump & DUMP_DFA_EQUIV) {
cerr << "\nDFA equivalence class\n";
dump_equivalence_classes(cerr, eq);
}
- } else if (flags & DFA_DUMP_EQUIV)
+ } else if (opts.dump & DUMP_DFA_EQUIV)
cerr << "\nDFA did not generate an equivalence class\n";
- if (flags & DFA_CONTROL_DIFF_ENCODE) {
- dfa.diff_encode(flags);
+ if (opts.control & CONTROL_DFA_DIFF_ENCODE) {
+ dfa.diff_encode(opts);
- if (flags & DFA_DUMP_DIFF_ENCODE)
+ if (opts.dump & DUMP_DFA_DIFF_ENCODE)
dfa.dump_diff_encode(cerr);
}
- CHFA chfa(dfa, eq, flags);
- if (flags & DFA_DUMP_TRANS_TABLE)
- chfa.dump(cerr);
- chfa.flex_table(stream, "");
+ //cerr << "Checking extended perms " << extended_perms << "\n";
+ if (extended_perms) {
+ //cerr << "creating permstable\n";
+ dfa.compute_perms_table(perms_table, prompt);
+ // TODO: move perms table to a class
+ if (opts.dump & DUMP_DFA_TRANS_TABLE && perms_table.size()) {
+ cerr << "Perms Table size: " << perms_table.size() << "\n";
+ perms_table[0].dump_header(cerr);
+ for (size_t i = 0; i < perms_table.size(); i++) {
+ perms_table[i].dump(cerr);
+ cerr << "accept1: 0x";
+ cerr << ", accept2: 0x";
+ cerr << "\n";
+ }
+ cerr << "\n";
+ }
+ }
+ chfa = new CHFA(dfa, eq, opts, extended_perms, prompt);
+ if (opts.dump & DUMP_DFA_TRANS_TABLE)
+ chfa->dump(cerr);
+ if (opts.dump & DUMP_DFA_COMPTRESSED_STATES)
+ dfa.dump(cerr, &chfa->num);
+ }
+ catch(int error) {
+ return NULL;
+ }
+
+ return chfa;
+}
+
+/* create a dfa from the ruleset
+ * returns: buffer contain dfa tables, @size set to the size of the tables
+ * else NULL on failure, @min_match_len set to the shortest string
+ * that can match the dfa for determining xmatch priority.
+ */
+void *aare_rules::create_dfablob(size_t *size, int *min_match_len,
+ vector <aa_perms> &perms_table,
+ optflags const &opts, bool filedfa,
+ bool extended_perms, bool prompt)
+{
+ char *buffer = NULL;
+ stringstream stream;
+
+ try {
+ CHFA *chfa = create_chfa(min_match_len, perms_table,
+ opts, filedfa, extended_perms,
+ prompt);
+ if (!chfa) {
+ *size = 0;
+ return NULL;
+ }
+ chfa->flex_table(stream, opts);
+ delete (chfa);
}
catch(int error) {
*size = 0;
@@ -324,5 +379,85 @@ void *aare_rules::create_dfa(size_t *size, int *min_match_len, dfaflags_t flags,
if (!buffer)
return NULL;
buf->sgetn(buffer, *size);
+
+ return buffer;
+}
+
+
+/* create a dfa from the ruleset
+ * returns: buffer contain dfa tables, @size set to the size of the tables
+ * else NULL on failure, @min_match_len set to the shortest string
+ * that can match the dfa for determining xmatch priority.
+ */
+void *aare_rules::create_welded_dfablob(aare_rules *file_rules,
+ size_t *size, int *min_match_len,
+ size_t *new_start,
+ vector <aa_perms> &perms_table,
+ optflags const &opts,
+ bool extended_perms, bool prompt)
+{
+ int file_min_len;
+ vector <aa_perms> file_perms;
+ CHFA *file_chfa;
+ try {
+ file_chfa = file_rules->create_chfa(&file_min_len,
+ file_perms, opts,
+ true, extended_perms, prompt);
+ if (!file_chfa) {
+ *size = 0;
+ return NULL;
+ }
+ }
+ catch(int error) {
+ *size = 0;
+ return NULL;
+ }
+
+ CHFA *policy_chfa;
+ try {
+ policy_chfa = create_chfa(min_match_len,
+ perms_table, opts,
+ false, extended_perms, prompt);
+ if (!policy_chfa) {
+ delete file_chfa;
+ *size = 0;
+ return NULL;
+ }
+ }
+ catch(int error) {
+ delete file_chfa;
+ *size = 0;
+ return NULL;
+ }
+
+ stringstream stream;
+ try {
+ policy_chfa->weld_file_to_policy(*file_chfa, *new_start,
+ extended_perms, prompt,
+ perms_table, file_perms);
+ policy_chfa->flex_table(stream, opts);
+ }
+ catch(int error) {
+ delete (file_chfa);
+ delete (policy_chfa);
+ *size = 0;
+ return NULL;
+ }
+ delete file_chfa;
+ delete policy_chfa;
+
+ /* write blob to buffer */
+ stringbuf *buf = stream.rdbuf();
+
+ buf->pubseekpos(0);
+ *size = buf->in_avail();
+ if (file_min_len < *min_match_len)
+ *min_match_len = file_min_len;
+
+ char *buffer = (char *)malloc(*size);
+ if (!buffer)
+ return NULL;
+ buf->sgetn(buffer, *size);
+
return buffer;
}
diff --git a/parser/libapparmor_re/aare_rules.h b/parser/libapparmor_re/aare_rules.h
index ab88f0af0bf8063b674d2dfe367ba0de45864f62..91ae289b3662be62ad65ce7216ccc25dd333c6a5 100644
--- a/parser/libapparmor_re/aare_rules.h
+++ b/parser/libapparmor_re/aare_rules.h
@@ -21,21 +21,31 @@
#ifndef __LIBAA_RE_RULES_H
#define __LIBAA_RE_RULES_H
+#include <vector>
+
#include <stdint.h>
+#include "../common_optarg.h"
#include "apparmor_re.h"
+#include "chfa.h"
#include "expr-tree.h"
+#include "../immunix.h"
+#include "../perms.h"
+#include "../rule.h"
class UniquePerm {
public:
- bool deny;
+ int priority;
+ rule_mode_t mode;
bool exact_match;
uint32_t perms;
uint32_t audit;
bool operator<(UniquePerm const &rhs)const
{
- if (deny == rhs.deny) {
+ if (priority < rhs.priority)
+ return priority < rhs.priority;
+ if (mode >= rhs.mode) {
if (exact_match == rhs.exact_match) {
if (perms == rhs.perms)
return audit < rhs.audit;
@@ -43,7 +53,7 @@ public:
}
return exact_match;
}
- return deny;
+ return true; // mode < rhs.mode
}
};
@@ -64,22 +74,26 @@ public:
nodes.clear();
}
- Node *insert(bool deny, uint32_t perms, uint32_t audit,
- bool exact_match)
+ Node *insert(int priority, rule_mode_t mode, uint32_t perms,
+ uint32_t audit, bool exact_match)
{
- UniquePerm tmp = { deny, exact_match, perms, audit };
+ UniquePerm tmp = { priority, mode, exact_match, perms, audit };
iterator res = nodes.find(tmp);
if (res == nodes.end()) {
Node *node;
- if (deny)
- node = new DenyMatchFlag(perms, audit);
+ if (mode == RULE_DENY)
+ node = new DenyMatchFlag(priority, perms, audit);
+ else if (mode == RULE_PROMPT)
+ node = new PromptMatchFlag(priority, perms, audit);
else if (exact_match)
- node = new ExactMatchFlag(perms, audit);
+ node = new ExactMatchFlag(priority, perms, audit);
else
- node = new MatchFlag(perms, audit);
+ node = new MatchFlag(priority, perms, audit);
pair<iterator, bool> val = nodes.insert(make_pair(tmp, node));
- if (val.second == false)
+ if (val.second == false) {
+ delete node;
return val.first->second;
+ }
return node;
}
return res->second;
@@ -100,13 +114,26 @@ class aare_rules {
aare_rules(int reverse): root(NULL), unique_perms(), expr_map(), reverse(reverse), rule_count(0) { };
~aare_rules();
- bool add_rule(const char *rule, int deny, uint32_t perms,
- uint32_t audit, dfaflags_t flags);
- bool add_rule_vec(int deny, uint32_t perms, uint32_t audit, int count,
- const char **rulev, dfaflags_t flags, bool oob);
- bool append_rule(const char *rule, bool oob, bool with_perm, dfaflags_t flags);
- void *create_dfa(size_t *size, int *min_match_len, dfaflags_t flags,
- bool filedfa);
+ bool add_rule(const char *rule, int priority, rule_mode_t mode,
+ perm32_t perms, perm32_t audit, optflags const &opts);
+ bool add_rule_vec(int priority, rule_mode_t mode, perm32_t perms,
+ perm32_t audit, int count, const char **rulev,
+ optflags const &opts, bool oob);
+ bool append_rule(const char *rule, bool oob, bool with_perm, optflags const &opts);
+ CHFA *create_chfa(int *min_match_len,
+ vector <aa_perms> &perms_table,
+ optflags const &opts, bool filedfa,
+ bool extended_perms, bool prompt);
+ void *create_dfablob(size_t *size, int *min_match_len,
+ vector <aa_perms> &perms_table,
+ optflags const &opts,
+ bool filedfa, bool extended_perms, bool prompt);
+ void *create_welded_dfablob(aare_rules *file_rules,
+ size_t *size, int *min_match_len,
+ size_t *new_start,
+ vector <aa_perms> &perms_table,
+ optflags const &opts,
+ bool extended_perms, bool prompt);
};
#endif /* __LIBAA_RE_RULES_H */
diff --git a/parser/libapparmor_re/apparmor_re.h b/parser/libapparmor_re/apparmor_re.h
index 8e9fd9984fa095157d7f627e1f335aae1c9066ec..2d87652632088d2ad2de3ceac91844d5f8755fba 100644
--- a/parser/libapparmor_re/apparmor_re.h
+++ b/parser/libapparmor_re/apparmor_re.h
@@ -19,40 +19,52 @@
#ifndef APPARMOR_RE_H
#define APPARMOR_RE_H
-typedef int dfaflags_t;
+#include "../common_flags.h"
+#define CONTROL_DFA_EQUIV (1 << 0)
+#define CONTROL_DFA_TREE_NORMAL (1 << 1)
+#define CONTROL_DFA_TREE_SIMPLE (1 << 2)
+#define CONTROL_DFA_TREE_LEFT (1 << 3)
+#define CONTROL_DFA_MINIMIZE (1 << 4)
+#define CONTROL_DFA_FILTER_DENY (1 << 6)
+#define CONTROL_DFA_REMOVE_UNREACHABLE (1 << 7)
+#define CONTROL_DFA_TRANS_HIGH (1 << 8)
+#define CONTROL_DFA_DIFF_ENCODE (1 << 9)
+#define CONTROL_RULE_MERGE (1 << 10)
+#define CONTROL_DFA_STATE32 (1 << 11)
+#define CONTROL_DFA_FLAGS_TABLE (1 << 12)
-#define DFA_CONTROL_EQUIV (1 << 0)
-#define DFA_CONTROL_TREE_NORMAL (1 << 1)
-#define DFA_CONTROL_TREE_SIMPLE (1 << 2)
-#define DFA_CONTROL_TREE_LEFT (1 << 3)
-#define DFA_CONTROL_MINIMIZE (1 << 4)
-#define DFA_CONTROL_FILTER_DENY (1 << 6)
-#define DFA_CONTROL_REMOVE_UNREACHABLE (1 << 7)
-#define DFA_CONTROL_TRANS_HIGH (1 << 8)
-#define DFA_CONTROL_DIFF_ENCODE (1 << 9)
-#define DFA_DUMP_DIFF_PROGRESS (1 << 10)
-#define DFA_DUMP_DIFF_ENCODE (1 << 11)
-#define DFA_DUMP_DIFF_STATS (1 << 12)
-#define DFA_DUMP_MIN_PARTS (1 << 13)
-#define DFA_DUMP_UNIQ_PERMS (1 << 14)
-#define DFA_DUMP_MIN_UNIQ_PERMS (1 << 15)
-#define DFA_DUMP_TREE_STATS (1 << 16)
-#define DFA_DUMP_TREE (1 << 17)
-#define DFA_DUMP_SIMPLE_TREE (1 << 18)
-#define DFA_DUMP_PROGRESS (1 << 19)
-#define DFA_DUMP_STATS (1 << 20)
-#define DFA_DUMP_STATES (1 << 21)
-#define DFA_DUMP_GRAPH (1 << 22)
-#define DFA_DUMP_TRANS_PROGRESS (1 << 23)
-#define DFA_DUMP_TRANS_STATS (1 << 24)
-#define DFA_DUMP_TRANS_TABLE (1 << 25)
-#define DFA_DUMP_EQUIV (1 << 26)
-#define DFA_DUMP_EQUIV_STATS (1 << 27)
-#define DFA_DUMP_MINIMIZE (1 << 28)
-#define DFA_DUMP_UNREACHABLE (1 << 29)
-#define DFA_DUMP_RULE_EXPR (1 << 30)
-#define DFA_DUMP_NODE_TO_DFA (1 << 31)
+#define DUMP_DFA_DIFF_PROGRESS (1 << 0)
+#define DUMP_DFA_DIFF_ENCODE (1 << 1)
+#define DUMP_DFA_DIFF_STATS (1 << 2)
+#define DUMP_DFA_MIN_PARTS (1 << 3)
+#define DUMP_DFA_UNIQ_PERMS (1 << 4)
+#define DUMP_DFA_MIN_UNIQ_PERMS (1 << 5)
+#define DUMP_DFA_TREE_STATS (1 << 6)
+#define DUMP_DFA_TREE (1 << 7)
+#define DUMP_DFA_SIMPLE_TREE (1 << 8)
+#define DUMP_DFA_PROGRESS (1 << 9)
+#define DUMP_DFA_STATS (1 << 10)
+#define DUMP_DFA_STATES (1 << 11)
+#define DUMP_DFA_GRAPH (1 << 12)
+#define DUMP_DFA_TRANS_PROGRESS (1 << 13)
+#define DUMP_DFA_TRANS_STATS (1 << 14)
+#define DUMP_DFA_TRANS_TABLE (1 << 15)
+#define DUMP_DFA_EQUIV (1 << 16)
+#define DUMP_DFA_EQUIV_STATS (1 << 17)
+#define DUMP_DFA_MINIMIZE (1 << 18)
+#define DUMP_DFA_UNREACHABLE (1 << 19)
+#define DUMP_DFA_RULE_EXPR (1 << 20)
+#define DUMP_DFA_NODE_TO_DFA (1 << 21)
+#define DUMP_RULE_MERGE (1 << 22)
+#define DUMP_DFA_STATE32 (1 << 23)
+#define DUMP_DFA_FLAGS_TABLE (1 << 24)
+#define DUMP_DFA_STATES_INIT (1 << 25)
+#define DUMP_DFA_STATES_POST_FILTER (1 << 26)
+#define DUMP_DFA_STATES_POST_MINIMIZE (1 << 27)
+#define DUMP_DFA_STATES_POST_UNREACHABLE (1 << 28)
+#define DUMP_DFA_COMPTRESSED_STATES (1 << 29)
+#define DUMP_DFA_PERMS (1 << 30)
#endif /* APPARMOR_RE_H */
diff --git a/parser/libapparmor_re/chfa.cc b/parser/libapparmor_re/chfa.cc
index 235df335bc9ed38b6ae10d34cf2d488946fa3cec..8d11503004a0d88385d91d81df287bd823fd3d98 100644
--- a/parser/libapparmor_re/chfa.cc
+++ b/parser/libapparmor_re/chfa.cc
@@ -32,6 +32,7 @@
#include "hfa.h"
#include "chfa.h"
#include "../immunix.h"
+#include "../policydb.h"
#include "flex-tables.h"
void CHFA::init_free_list(vector<pair<size_t, size_t> > &free_list,
@@ -46,12 +47,17 @@ void CHFA::init_free_list(vector<pair<size_t, size_t> > &free_list,
free_list[free_list.size() - 1].second = 0;
}
+
/**
* new Construct the transition table.
+ *
+ * TODO: split dfaflags into separate control and dump so we can fold in
+ * permtable index flag
*/
-CHFA::CHFA(DFA &dfa, map<transchar, transchar> &eq, dfaflags_t flags): eq(eq)
+CHFA::CHFA(DFA &dfa, map<transchar, transchar> &eq, optflags const &opts,
+ bool permindex, bool prompt): eq(eq)
{
- if (flags & DFA_DUMP_TRANS_PROGRESS)
+ if (opts.dump & DUMP_DFA_TRANS_PROGRESS)
fprintf(stderr, "Compressing HFA:\r");
chfaflags = 0;
@@ -82,7 +88,7 @@ CHFA::CHFA(DFA &dfa, map<transchar, transchar> &eq, dfaflags_t flags): eq(eq)
if (*i == dfa.start || *i == dfa.nonmatching)
continue;
optimal += (*i)->trans.size();
- if (flags & DFA_CONTROL_TRANS_HIGH) {
+ if (opts.control & CONTROL_DFA_TRANS_HIGH) {
size_t range = 0;
if ((*i)->trans.size())
range =
@@ -100,31 +106,48 @@ CHFA::CHFA(DFA &dfa, map<transchar, transchar> &eq, dfaflags_t flags): eq(eq)
num.insert(make_pair(dfa.nonmatching, num.size()));
accept.resize(max(dfa.states.size(), (size_t) 2));
- accept2.resize(max(dfa.states.size(), (size_t) 2));
+ if (permindex) {
+ accept[0] = dfa.nonmatching->idx;
+ accept[1] = dfa.start->idx;
+ } else {
+ uint32_t accept3;
+ accept2.resize(max(dfa.states.size(), (size_t) 2));
+ dfa.nonmatching->map_perms_to_accept(accept[0],
+ accept2[0],
+ accept3,
+ prompt);
+ dfa.start->map_perms_to_accept(accept[1],
+ accept2[1],
+ accept3,
+ prompt);
+ }
next_check.resize(max(optimal, (size_t) dfa.max_range));
free_list.resize(next_check.size());
- accept[0] = 0;
- accept2[0] = 0;
first_free = 1;
init_free_list(free_list, 0, 1);
+ start = dfa.start;
insert_state(free_list, dfa.start, dfa);
- accept[1] = 0;
- accept2[1] = 0;
num.insert(make_pair(dfa.start, num.size()));
int count = 2;
- if (!(flags & DFA_CONTROL_TRANS_HIGH)) {
+ if (!(opts.control & CONTROL_DFA_TRANS_HIGH)) {
for (Partition::iterator i = dfa.states.begin(); i != dfa.states.end(); i++) {
if (*i != dfa.nonmatching && *i != dfa.start) {
+ uint32_t accept3;
insert_state(free_list, *i, dfa);
- accept[num.size()] = (*i)->perms.allow;
- accept2[num.size()] = PACK_AUDIT_CTL((*i)->perms.audit, (*i)->perms.quiet & (*i)->perms.deny);
+ if (permindex)
+ accept[num.size()] = (*i)->idx;
+ else
+ (*i)->map_perms_to_accept(accept[num.size()],
+ accept2[num.size()],
+ accept3,
+ prompt);
num.insert(make_pair(*i, num.size()));
}
- if (flags & (DFA_DUMP_TRANS_PROGRESS)) {
+ if (opts.dump & (DUMP_DFA_TRANS_PROGRESS)) {
count++;
if (count % 100 == 0)
fprintf(stderr, "\033[2KCompressing trans table: insert state: %d/%zd\r",
@@ -136,12 +159,18 @@ CHFA::CHFA(DFA &dfa, map<transchar, transchar> &eq, dfaflags_t flags): eq(eq)
i != order.end(); i++) {
if (i->second != dfa.nonmatching &&
i->second != dfa.start) {
+ uint32_t accept3;
insert_state(free_list, i->second, dfa);
- accept[num.size()] = i->second->perms.allow;
- accept2[num.size()] = PACK_AUDIT_CTL(i->second->perms.audit, i->second->perms.quiet & i->second->perms.deny);
+ if (permindex)
+ accept[num.size()] = i->second->idx;
+ else
+ i->second->map_perms_to_accept(accept[num.size()],
+ accept2[num.size()],
+ accept3,
+ prompt);
num.insert(make_pair(i->second, num.size()));
}
- if (flags & (DFA_DUMP_TRANS_PROGRESS)) {
+ if (opts.dump & (DUMP_DFA_TRANS_PROGRESS)) {
count++;
if (count % 100 == 0)
fprintf(stderr, "\033[2KCompressing trans table: insert state: %d/%zd\r",
@@ -150,7 +179,7 @@ CHFA::CHFA(DFA &dfa, map<transchar, transchar> &eq, dfaflags_t flags): eq(eq)
}
}
- if (flags & (DFA_DUMP_TRANS_STATS | DFA_DUMP_TRANS_PROGRESS)) {
+ if (opts.dump & (DUMP_DFA_TRANS_STATS | DUMP_DFA_TRANS_PROGRESS)) {
ssize_t size = 4 * next_check.size() + 6 * dfa.states.size();
fprintf(stderr, "\033[2KCompressed trans table: states %zd, next/check %zd, optimal next/check %zd avg/state %.2f, compression %zd/%zd = %.2f %%\n",
dfa.states.size(), next_check.size(), optimal,
@@ -278,11 +307,16 @@ void CHFA::dump(ostream &os)
st.insert(make_pair(i->second, i->first));
}
- os << "size=" << default_base.size() << " (accept, default, base): {state} -> {default state}" << "\n";
+ os << "size=" << default_base.size() << " (accept, accept2, default, base): {state} -> {default state}" << "\n";
for (size_t i = 0; i < default_base.size(); i++) {
os << i << ": ";
- os << "(" << accept[i] << ", " << num[default_base[i].first]
- << ", " << default_base[i].second << ")";
+ os << "(" << accept[i] << ", ";
+ if (accept2.size() > 0)
+ os << accept2[i];
+ else
+ os << "---, ";
+ os << num[default_base[i].first] << ", " <<
+ default_base[i].second << ")";
if (st[i])
os << " " << *st[i];
if (default_base[i].first)
@@ -367,7 +401,9 @@ template<class Iter>
os << fill64(sizeof(td) + sizeof(*pos) * size);
}
-void CHFA::flex_table(ostream &os, const char *name)
+template<class STATE_TYPE>
+void flex_table_serialize(CHFA &chfa, ostream &os,
+ uint32_t max_size)
{
const char th_version[] = "notflex";
struct table_set_header th = { 0, 0, 0, 0 };
@@ -376,16 +412,15 @@ void CHFA::flex_table(ostream &os, const char *name)
* Change the following two data types to adjust the maximum flex
* table size.
*/
- typedef uint16_t state_t;
typedef uint32_t trans_t;
- if (default_base.size() >= (state_t) - 1) {
- cerr << "Too many states (" << default_base.size() << ") for "
+ if (chfa.default_base.size() >= (max_size)) {
+ cerr << "Too many states (" << chfa.default_base.size() << ") for "
"type state_t\n";
exit(1);
}
- if (next_check.size() >= (trans_t) - 1) {
- cerr << "Too many transitions (" << next_check.size()
+ if (chfa.next_check.size() >= (trans_t) - 1) {
+ cerr << "Too many transitions (" << chfa.next_check.size()
<< ") for " "type trans_t\n";
exit(1);
}
@@ -395,48 +430,60 @@ void CHFA::flex_table(ostream &os, const char *name)
* using the generic write_flex_table() routine.
*/
vector<uint8_t> equiv_vec;
- if (eq.size()) {
+ if (chfa.eq.size()) {
equiv_vec.resize(256);
- for (map<transchar, transchar>::iterator i = eq.begin(); i != eq.end(); i++) {
+ for (map<transchar, transchar>::iterator i = chfa.eq.begin(); i != chfa.eq.end(); i++) {
equiv_vec[i->first.c] = i->second.c;
}
}
- vector<state_t> default_vec;
+ vector<STATE_TYPE> default_vec;
vector<trans_t> base_vec;
- for (DefaultBase::iterator i = default_base.begin(); i != default_base.end(); i++) {
- default_vec.push_back(num[i->first]);
+ for (DefaultBase::iterator i = chfa.default_base.begin(); i != chfa.default_base.end(); i++) {
+ default_vec.push_back(chfa.num[i->first]);
base_vec.push_back(i->second);
}
- vector<state_t> next_vec;
- vector<state_t> check_vec;
- for (NextCheck::iterator i = next_check.begin(); i != next_check.end(); i++) {
- next_vec.push_back(num[i->first]);
- check_vec.push_back(num[i->second]);
+ vector<STATE_TYPE> next_vec;
+ vector<STATE_TYPE> check_vec;
+ for (NextCheck::iterator i = chfa.next_check.begin(); i != chfa.next_check.end(); i++) {
+ next_vec.push_back(chfa.num[i->first]);
+ check_vec.push_back(chfa.num[i->second]);
}
/* Write the actual flex parser table. */
/* TODO: add max_oob */
- size_t hsize = pad64(sizeof(th) + sizeof(th_version) + strlen(name) + 1);
+ // sizeof(th_version) includes trailing \0
+ size_t hsize = pad64(sizeof(th) + sizeof(th_version));
th.th_magic = htonl(YYTH_REGEX_MAGIC);
- th.th_flags = htons(chfaflags);
+ th.th_flags = htons(chfa.chfaflags);
th.th_hsize = htonl(hsize);
th.th_ssize = htonl(hsize +
- flex_table_size(accept.begin(), accept.end()) +
- flex_table_size(accept2.begin(), accept2.end()) +
- (eq.size() ? flex_table_size(equiv_vec.begin(), equiv_vec.end()) : 0) +
- flex_table_size(base_vec.begin(), base_vec.end()) +
- flex_table_size(default_vec.begin(), default_vec.end()) +
+ flex_table_size(chfa.accept.begin(),
+ chfa.accept.end()) +
+ (chfa.accept2.size() ?
+ flex_table_size(chfa.accept2.begin(),
+ chfa.accept2.end()) : 0) +
+ (chfa.eq.size() ?
+ flex_table_size(equiv_vec.begin(),
+ equiv_vec.end()) : 0) +
+ flex_table_size(base_vec.begin(),
+ base_vec.end()) +
+ flex_table_size(default_vec.begin(),
+ default_vec.end()) +
flex_table_size(next_vec.begin(), next_vec.end()) +
- flex_table_size(check_vec.begin(), check_vec.end()));
+ flex_table_size(check_vec.begin(),
+ check_vec.end()));
os.write((char *)&th, sizeof(th));
- os << th_version << (char)0 << name << (char)0;
- os << fill64(sizeof(th) + sizeof(th_version) + strlen(name) + 1);
-
- write_flex_table(os, YYTD_ID_ACCEPT, accept.begin(), accept.end());
- write_flex_table(os, YYTD_ID_ACCEPT2, accept2.begin(), accept2.end());
- if (eq.size())
+ os.write(th_version, sizeof(th_version));
+ os << fill64(sizeof(th) + sizeof(th_version));
+
+ write_flex_table(os, YYTD_ID_ACCEPT, chfa.accept.begin(),
+ chfa.accept.end());
+ if (chfa.accept2.size())
+ write_flex_table(os, YYTD_ID_ACCEPT2, chfa.accept2.begin(),
+ chfa.accept2.end());
+ if (chfa.eq.size())
write_flex_table(os, YYTD_ID_EC, equiv_vec.begin(),
equiv_vec.end());
write_flex_table(os, YYTD_ID_BASE, base_vec.begin(), base_vec.end());
@@ -444,3 +491,139 @@ void CHFA::flex_table(ostream &os, const char *name)
write_flex_table(os, YYTD_ID_NXT, next_vec.begin(), next_vec.end());
write_flex_table(os, YYTD_ID_CHK, check_vec.begin(), check_vec.end());
}
+
+void CHFA::flex_table(ostream &os, optflags const &opts) {
+
+ if (opts.control & CONTROL_DFA_STATE32 &&
+ default_base.size() > (1 << 16) - 1) {
+// TODO: implement support for flags in separate table
+// if (opts.control & CONTROL_DFA_FLAGS_TABLE) {
+// if (opts.dump & DUMP_FLAGS_TABLE)
+// cerr << "using flags table\n";
+// flex_table_serialize(os, uint32_t, (1 << 32) - 1);
+// } else { /* only 24 bits available */
+ if (opts.dump & DUMP_DFA_STATE32)
+ cerr << "using 32 bit state tables, embedded flags\n";
+ flex_table_serialize<uint32_t>(*this, os, (1 << 24) - 1);
+ } else {
+ if (opts.control & CONTROL_DFA_FLAGS_TABLE) {
+ cerr << "Flags table specified when using 16 bit state\n";
+ exit(1);
+ }
+ if (opts.dump & DUMP_DFA_STATE32)
+ cerr << "using 16 bit state tables, embedded flags\n";
+ flex_table_serialize<uint16_t>(*this, os, (1 << 16) - 1);
+ }
+}
+
+/*
+ * @file_chfa: chfa to add on to the policy chfa
+ * @new_start: new start state for where the @file_dfa is in the new chfa
+ *
+ * Make a new chfa that is a combination of policy and file chfas. It
+ * assumes policy is built with AA_CLASS_FILE support transition. The
+ * resultant chfa will have file states and indexes offset except for
+ * start and null states.
+ *
+ * NOTE:
+ * - modifies chfa
+ * requires:
+ * - no ec
+ * - policy chfa has transitions state[start].next[AA_CLASS_FILE]
+ * - policy perms table is build if using permstable
+
+ */
+void CHFA::weld_file_to_policy(CHFA &file_chfa, size_t &new_start,
+ bool accept_idx, bool prompt,
+ vector <aa_perms> &policy_perms,
+ vector <aa_perms> &file_perms)
+{
+ // doesn't support remapping eq classes yet
+ if (eq.size() > 0 || file_chfa.eq.size() > 0)
+ throw 1;
+
+ size_t old_base_size = default_base.size();
+ size_t old_next_size = next_check.size();
+
+ const State *nonmatching = default_base[0].first;
+ //const State *start = default_base[1].first;
+ const State *file_nonmatching = file_chfa.default_base[0].first;
+
+ // renumber states from file_dfa by appending to policy dfa
+ num.insert(make_pair(file_nonmatching, 0)); // remap to policy nonmatching
+ for (map<const State *, size_t>::iterator i = file_chfa.num.begin(); i != file_chfa.num.end() ; i++) {
+ if (i->first == file_nonmatching)
+ continue;
+ num.insert(make_pair(i->first, i->second + old_base_size));
+ }
+
+ // handle default and base table expansion, and setup renumbering
+ // while we remap file_nonmatch within the table, we still keep its
+ // slot.
+ bool first = true;
+ for (DefaultBase::iterator i = file_chfa.default_base.begin(); i != file_chfa.default_base.end(); i++) {
+ const State *def;
+ size_t base;
+ if (first) {
+ first = false;
+ // remap file_nonmatch to nonmatch
+ def = nonmatching;
+ base = 0;
+ } else {
+ def = i->first;
+ base = i->second + old_next_size;
+ }
+ default_base.push_back(make_pair(def, base));
+ }
+
+ // mapping for these are handled by num[]
+ for (NextCheck::iterator i = file_chfa.next_check.begin(); i != file_chfa.next_check.end(); i++) {
+ next_check.push_back(*i);
+ }
+
+ // append file perms to policy perms, and rework permsidx if needed
+ if (accept_idx) {
+ // policy idx double
+ // file + doubled offset
+ // Requires: policy perms table, so we can double and
+ // update indexes
+ // * file perm idx to start on even idx
+ // * policy perms table size to double and entries
+ // to repeat
+ assert(accept.size() == old_base_size);
+ accept.resize(accept.size() + file_chfa.accept.size());
+ size_t size = policy_perms.size();
+ policy_perms.resize(size*2 + file_perms.size());
+ // shift and double the policy perms
+ for (size_t i = size - 1; size >= 0; i--) {
+ policy_perms[i*2] = policy_perms[i];
+ policy_perms[i*2 + 1] = policy_perms[i];
+ }
+ // update policy accept idx for the new shifted perms table
+ for (size_t i = 0; i < old_base_size; i++) {
+ accept[i] = accept[i]*2;
+ }
+ // copy over file perms
+ for (size_t i = 0; i < file_perms.size(); i++) {
+ policy_perms[size*2 + i] = file_perms[i];
+ }
+ // shift file accept indexs
+ for (size_t i = 0; i < file_chfa.accept.size(); i++) {
+ accept[old_base_size + i] = file_chfa.accept[i] + size*2;
+ }
+ } else {
+ // perms are stored in accept just append the perms
+ size_t size = accept.size();
+ accept.resize(size + file_chfa.accept.size());
+ accept2.resize(size + file_chfa.accept.size());
+ for (size_t i = 0; i < file_chfa.accept.size(); i++) {
+ accept[size + i] = file_chfa.accept[i];
+ accept2[size + i] = file_chfa.accept2[i];
+ }
+ }
+
+ // Rework transition state[start].next[AA_CLASS_FILE]
+ next_check[default_base[1].second + AA_CLASS_FILE].first = file_chfa.start;
+
+ new_start = num[file_chfa.start];
+}
diff --git a/parser/libapparmor_re/chfa.h b/parser/libapparmor_re/chfa.h
index 0577215dc0185912671ea42821346212a87121ac..cc36e858012f1a9caf69993f058eab9cb3717ce5 100644
--- a/parser/libapparmor_re/chfa.h
+++ b/parser/libapparmor_re/chfa.h
@@ -16,7 +16,7 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*
- * Create a compressed hfa (chfa) from and hfa
+ * Create a compressed hfa (chfa) from an hfa
*/
#ifndef __LIBAA_RE_CHFA_H
#define __LIBAA_RE_CHFA_H
@@ -25,6 +25,7 @@
#include <vector>
#include "hfa.h"
+#include "../perms.h"
#define BASE32_FLAGS 0xff000000
#define DiffEncodeBit32 0x80000000
@@ -33,30 +34,41 @@
using namespace std;
+typedef vector<pair<const State *, size_t> > DefaultBase;
+typedef vector<pair<const State *, const State *> > NextCheck;
+
class CHFA {
- typedef vector<pair<const State *, size_t> > DefaultBase;
- typedef vector<pair<const State *, const State *> > NextCheck;
public:
- CHFA(DFA &dfa, map<transchar, transchar> &eq, dfaflags_t flags);
+ CHFA(void);
+ CHFA(DFA &dfa, map<transchar, transchar> &eq, optflags const &opts,
+ bool permindex, bool prompt);
void dump(ostream & os);
- void flex_table(ostream &os, const char *name);
+ void flex_table(ostream &os, optflags const &opts);
void init_free_list(vector<pair<size_t, size_t> > &free_list,
size_t prev, size_t start);
bool fits_in(vector<pair<size_t, size_t> > &free_list, size_t base,
StateTrans &cases);
void insert_state(vector<pair<size_t, size_t> > &free_list,
State *state, DFA &dfa);
+ void weld_file_to_policy(CHFA &file_chfa, size_t &new_start,
+ bool accept_idx, bool prompt,
+ vector <aa_perms> &policy_perms,
+ vector <aa_perms> &file_perms);
- private:
+ // private:
+ // sigh templates suck, friend declaration does not work so for now
+ // make these public
vector<uint32_t> accept;
vector<uint32_t> accept2;
DefaultBase default_base;
NextCheck next_check;
- map<const State *, size_t> num;
- map<transchar, transchar> &eq;
+ const State *start;
+ Renumber_Map num;
+ map<transchar, transchar> eq;
+ unsigned int chfaflags;
+ private:
transchar max_eq;
ssize_t first_free;
- unsigned int chfaflags;
};
#endif /* __LIBAA_RE_CHFA_H */
diff --git a/parser/libapparmor_re/expr-tree.cc b/parser/libapparmor_re/expr-tree.cc
index 7dc18b041a7dee018bab245e5c4886140758c4bc..184d515154ee2ac73ef94517baf3674080d3503e 100644
--- a/parser/libapparmor_re/expr-tree.cc
+++ b/parser/libapparmor_re/expr-tree.cc
@@ -189,6 +189,19 @@ void Node::dump_syntax_tree(ostream &os)
* a b c T
*
*/
+
+
+static Node *simplify_eps_pair(Node *t)
+{
+ if (t->is_type(NODE_TYPE_TWOCHILD) &&
+ t->child[0] == &epsnode &&
+ t->child[1] == &epsnode) {
+ t->release();
+ return &epsnode;
+ }
+ return t;
+}
+
static void rotate_node(Node *t, int dir)
{
// (a | b) | c -> a | (b | c)
@@ -197,7 +210,9 @@ static void rotate_node(Node *t, int dir)
t->child[dir] = left->child[dir];
left->child[dir] = left->child[!dir];
left->child[!dir] = t->child[!dir];
- t->child[!dir] = left;
+
+ // check that rotation didn't create (E | E)
+ t->child[!dir] = simplify_eps_pair(left);
}
/* return False if no work done */
@@ -209,13 +224,7 @@ int TwoChildNode::normalize_eps(int dir)
// Ea -> aE
// Test for E | (E | E) and E . (E . E) which will
// result in an infinite loop
- Node *c = child[!dir];
- if (c->is_type(NODE_TYPE_TWOCHILD) &&
- &epsnode == c->child[dir] &&
- &epsnode == c->child[!dir]) {
- c->release();
- c = &epsnode;
- }
+ Node *c = simplify_eps_pair(child[!dir]);
child[!dir] = child[dir];
child[dir] = c;
return 1;
@@ -575,12 +584,12 @@ static void count_tree_nodes(Node *t, struct node_counts *counts)
// simplification passes. Simplification may exit sooner if no changes
// are made.
#define MAX_PASSES 1
-Node *simplify_tree(Node *t, dfaflags_t flags)
+Node *simplify_tree(Node *t, optflags const &opts)
{
bool update = true;
int i;
- if (flags & DFA_DUMP_TREE_STATS) {
+ if (opts.dump & DUMP_DFA_TREE_STATS) {
struct node_counts counts = { 0, 0, 0, 0, 0, 0, 0, 0, 0 };
count_tree_nodes(t, &counts);
fprintf(stderr,
@@ -598,25 +607,25 @@ Node *simplify_tree(Node *t, dfaflags_t flags)
// the dfa having about 7 thousands states,
// and it having about 1.25 million states
int dir = 1;
- if (flags & DFA_CONTROL_TREE_LEFT)
+ if (opts.control & CONTROL_DFA_TREE_LEFT)
dir = 0;
for (int count = 0; count < 2; count++) {
bool modified;
do {
modified = false;
- if (flags & DFA_CONTROL_TREE_NORMAL)
+ if (opts.control & CONTROL_DFA_TREE_NORMAL)
t->normalize(dir);
t = simplify_tree_base(t, dir, modified);
if (modified)
update = true;
} while (modified);
- if (flags & DFA_CONTROL_TREE_LEFT)
+ if (opts.control & CONTROL_DFA_TREE_LEFT)
dir++;
else
dir--;
}
}
- if (flags & DFA_DUMP_TREE_STATS) {
+ if (opts.dump & DUMP_DFA_TREE_STATS) {
struct node_counts counts = { 0, 0, 0, 0, 0, 0, 0, 0, 0 };
count_tree_nodes(t, &counts);
fprintf(stderr,
diff --git a/parser/libapparmor_re/expr-tree.h b/parser/libapparmor_re/expr-tree.h
index 3530eb167518e6e5862ca000685243afe7ab1e52..995c51ecf4ae11fd7d96f30840c249b5310c9aef 100644
--- a/parser/libapparmor_re/expr-tree.h
+++ b/parser/libapparmor_re/expr-tree.h
@@ -41,6 +41,7 @@
#include <stdint.h>
+#include "../perms.h"
#include "apparmor_re.h"
using namespace std;
@@ -244,6 +245,7 @@ ostream &operator<<(ostream &os, Node &node);
#define NODE_TYPE_MATCHFLAG (1 << 18)
#define NODE_TYPE_EXACTMATCHFLAG (1 << 19)
#define NODE_TYPE_DENYMATCHFLAG (1 << 20)
+#define NODE_TYPE_PROMPTMATCHFLAG (1 << 21)
/* An abstract node in the syntax tree. */
class Node {
@@ -885,19 +887,20 @@ public:
class MatchFlag: public AcceptNode {
public:
- MatchFlag(uint32_t flag, uint32_t audit): flag(flag), audit(audit)
+ MatchFlag(int priority, perm32_t perms, perm32_t audit): priority(priority), perms(perms), audit(audit)
{
type_flags |= NODE_TYPE_MATCHFLAG;
}
- ostream &dump(ostream &os) { return os << "< 0x" << hex << flag << '>'; }
+ ostream &dump(ostream &os) { return os << "< 0x" << hex << perms << std::dec << '>'; }
- uint32_t flag;
- uint32_t audit;
+ int priority;
+ perm32_t perms;
+ perm32_t audit;
};
class ExactMatchFlag: public MatchFlag {
public:
- ExactMatchFlag(uint32_t flag, uint32_t audit): MatchFlag(flag, audit)
+ ExactMatchFlag(int priority, perm32_t perms, perm32_t audit): MatchFlag(priority, perms, audit)
{
type_flags |= NODE_TYPE_EXACTMATCHFLAG;
}
@@ -905,12 +908,21 @@ public:
class DenyMatchFlag: public MatchFlag {
public:
- DenyMatchFlag(uint32_t flag, uint32_t quiet): MatchFlag(flag, quiet)
+ DenyMatchFlag(int priority, perm32_t perms, perm32_t quiet): MatchFlag(priority, perms, quiet)
{
type_flags |= NODE_TYPE_DENYMATCHFLAG;
}
};
+class PromptMatchFlag: public MatchFlag {
+public:
+ PromptMatchFlag(int priority, perm32_t prompt, perm32_t audit): MatchFlag(priority, prompt, audit)
+ {
+ type_flags |= NODE_TYPE_PROMPTMATCHFLAG;
+ }
+};
+
+
/* Traverse the syntax tree depth-first in an iterator-like manner. */
class depth_first_traversal {
stack<Node *>pos;
@@ -958,41 +970,13 @@ struct node_counts {
extern EpsNode epsnode;
int debug_tree(Node *t);
-Node *simplify_tree(Node *t, dfaflags_t flags);
+Node *simplify_tree(Node *t, optflags const &opts);
void label_nodes(Node *root);
unsigned long hash_NodeSet(NodeSet *ns);
void flip_tree(Node *node);
-
-/*
- * hashedNodes - for efficient set comparison
- */
-class hashedNodeSet {
-public:
- unsigned long hash;
- NodeSet *nodes;
-
- hashedNodeSet(NodeSet *n): nodes(n)
- {
- hash = hash_NodeSet(n);
- }
-
- bool operator<(hashedNodeSet const &rhs)const
- {
- if (hash == rhs.hash) {
- if (nodes->size() == rhs.nodes->size())
- return *nodes < *(rhs.nodes);
- else
- return nodes->size() < rhs.nodes->size();
- } else {
- return hash < rhs.hash;
- }
- }
-};
-
-
-class hashedNodeVec {
+class NodeVec {
public:
typedef ImportantNode ** iterator;
iterator begin() { return nodes; }
@@ -1002,7 +986,7 @@ public:
unsigned long len;
ImportantNode **nodes;
- hashedNodeVec(NodeSet *n)
+ NodeVec(NodeSet *n)
{
hash = hash_NodeSet(n);
len = n->size();
@@ -1014,7 +998,7 @@ public:
}
}
- hashedNodeVec(NodeSet *n, unsigned long h): hash(h)
+ NodeVec(NodeSet *n, unsigned long h): hash(h)
{
len = n->size();
nodes = new ImportantNode *[n->size()];
@@ -1024,14 +1008,14 @@ public:
}
}
- ~hashedNodeVec()
+ ~NodeVec()
{
delete [] nodes;
}
unsigned long size()const { return len; }
- bool operator<(hashedNodeVec const &rhs)const
+ bool operator<(NodeVec const &rhs)const
{
if (hash == rhs.hash) {
if (len == rhs.size()) {
@@ -1057,45 +1041,8 @@ public:
virtual unsigned long size(void) const = 0;
};
-class NodeCache: public CacheStats {
-public:
- set<hashedNodeSet> cache;
-
- NodeCache(void): cache() { };
- ~NodeCache() { clear(); };
-
- virtual unsigned long size(void) const { return cache.size(); }
-
- void clear()
- {
- for (set<hashedNodeSet>::iterator i = cache.begin();
- i != cache.end(); i++) {
- delete i->nodes;
- }
- cache.clear();
- CacheStats::clear();
- }
-
- NodeSet *insert(NodeSet *nodes)
- {
- if (!nodes)
- return NULL;
- pair<set<hashedNodeSet>::iterator,bool> uniq;
- uniq = cache.insert(hashedNodeSet(nodes));
- if (uniq.second == false) {
- delete(nodes);
- dup++;
- } else {
- sum += nodes->size();
- if (nodes->size() > max)
- max = nodes->size();
- }
- return uniq.first->nodes;
- }
-};
-
struct deref_less_than {
- bool operator()(hashedNodeVec * const &lhs, hashedNodeVec * const &rhs)const
+ bool operator()(NodeVec * const &lhs, NodeVec * const &rhs)const
{
return *lhs < *rhs;
}
@@ -1103,7 +1050,7 @@ struct deref_less_than {
class NodeVecCache: public CacheStats {
public:
- set<hashedNodeVec *, deref_less_than> cache;
+ set<NodeVec *, deref_less_than> cache;
NodeVecCache(void): cache() { };
~NodeVecCache() { clear(); };
@@ -1112,7 +1059,7 @@ public:
void clear()
{
- for (set<hashedNodeVec *>::iterator i = cache.begin();
+ for (set<NodeVec *>::iterator i = cache.begin();
i != cache.end(); i++) {
delete *i;
}
@@ -1120,12 +1067,12 @@ public:
CacheStats::clear();
}
- hashedNodeVec *insert(NodeSet *nodes)
+ NodeVec *insert(NodeSet *nodes)
{
if (!nodes)
return NULL;
- pair<set<hashedNodeVec *>::iterator,bool> uniq;
- hashedNodeVec *nv = new hashedNodeVec(nodes);
+ pair<set<NodeVec *>::iterator,bool> uniq;
+ NodeVec *nv = new NodeVec(nodes);
uniq = cache.insert(nv);
if (uniq.second == false) {
delete nv;
diff --git a/parser/libapparmor_re/hfa.cc b/parser/libapparmor_re/hfa.cc
index e1ef1803ba3a40d655a5a16026da53e52ccd5dac..210c4534ff3806f8c20f3492fddb74b7848ac428 100644
--- a/parser/libapparmor_re/hfa.cc
+++ b/parser/libapparmor_re/hfa.cc
@@ -31,11 +31,12 @@
#include <iostream>
#include <fstream>
#include <string.h>
-
+#include <stdint.h>
#include "expr-tree.h"
#include "hfa.h"
+#include "policy_compat.h"
#include "../immunix.h"
-
+#include "../perms.h"
ostream &operator<<(ostream &os, const CacheStats &cache)
{
@@ -82,6 +83,21 @@ ostream &operator<<(ostream &os, State &state)
return os;
}
+ostream &operator<<(ostream &os,
+ const std::pair<State * const, Renumber_Map *> &p)
+{
+ /* dump the state label */
+ if (p.second && (*p.second)[p.first] != (size_t) p.first->label) {
+ os << '{';
+ os << (*p.second)[p.first];
+ os << " == " << *(p.first);
+ os << '}';
+ } else {
+ os << *(p.first);
+ }
+ return os;
+}
+
/**
* diff_weight - Find differential compression distance between @rel and @this
* @rel: State to compare too
@@ -301,15 +317,16 @@ static void split_node_types(NodeSet *nodes, NodeSet **anodes, NodeSet **nnodes
*nnodes = nodes;
}
-State *DFA::add_new_state(NodeSet *anodes, NodeSet *nnodes, State *other)
+State *DFA::add_new_state(optflags const &opts, NodeSet *anodes,
+ NodeSet *nnodes, State *other)
{
- hashedNodeVec *nnodev;
+ NodeVec *nnodev, *anodev;
nnodev = nnodes_cache.insert(nnodes);
- anodes = anodes_cache.insert(anodes);
+ anodev = anodes_cache.insert(anodes);
ProtoState proto;
- proto.init(nnodev, anodes);
- State *state = new State(node_map.size(), proto, other, filedfa);
+ proto.init(nnodev, anodev);
+ State *state = new State(opts, node_map.size(), proto, other, filedfa);
pair<NodeMap::iterator,bool> x = node_map.insert(proto, state);
if (x.second == false) {
delete state;
@@ -321,7 +338,7 @@ State *DFA::add_new_state(NodeSet *anodes, NodeSet *nnodes, State *other)
return x.first->second;
}
-State *DFA::add_new_state(NodeSet *nodes, State *other)
+State *DFA::add_new_state(optflags const &opts, NodeSet *nodes, State *other)
{
/* The splitting of nodes should probably get pushed down into
* follow(), ie. put in separate lists from the start
@@ -329,12 +346,12 @@ State *DFA::add_new_state(NodeSet *nodes, State *other)
NodeSet *anodes, *nnodes;
split_node_types(nodes, &anodes, &nnodes);
- State *state = add_new_state(anodes, nnodes, other);
+ State *state = add_new_state(opts, anodes, nnodes, other);
return state;
}
-void DFA::update_state_transitions(State *state)
+void DFA::update_state_transitions(optflags const &opts, State *state)
{
/* Compute possible transitions for state->nodes. This is done by
* iterating over all the nodes in state->nodes and combining the
@@ -347,7 +364,7 @@ void DFA::update_state_transitions(State *state)
* need to compute follow for the accept nodes in a protostate
*/
Cases cases;
- for (hashedNodeVec::iterator i = state->proto.nnodes->begin(); i != state->proto.nnodes->end(); i++)
+ for (NodeVec::iterator i = state->proto.nnodes->begin(); i != state->proto.nnodes->end(); i++)
(*i)->follow(cases);
/* Now for each set of nodes in the computed transitions, make
@@ -357,7 +374,8 @@ void DFA::update_state_transitions(State *state)
/* check the default transition first */
if (cases.otherwise)
- state->otherwise = add_new_state(cases.otherwise, nonmatching);
+ state->otherwise = add_new_state(opts, cases.otherwise,
+ nonmatching);
else
state->otherwise = nonmatching;
@@ -366,7 +384,7 @@ void DFA::update_state_transitions(State *state)
*/
for (Cases::iterator j = cases.begin(); j != cases.end(); j++) {
State *target;
- target = add_new_state(j->second, nonmatching);
+ target = add_new_state(opts, j->second, nonmatching);
/* Don't insert transition that the otherwise transition
* already covers
@@ -391,12 +409,12 @@ void DFA::dump_node_to_dfa(void)
cerr << " " << (*i)->label << " <= " << (*i)->proto << "\n";
}
-void DFA::process_work_queue(const char *header, dfaflags_t flags)
+void DFA::process_work_queue(const char *header, optflags const &opts)
{
int i = 0;
while (!work_queue.empty()) {
- if (i % 1000 == 0 && (flags & DFA_DUMP_PROGRESS)) {
+ if (i % 1000 == 0 && (opts.dump & DUMP_DFA_PROGRESS)) {
cerr << "\033[2K" << header << ": queue "
<< work_queue.size()
<< "\tstates "
@@ -413,14 +431,14 @@ void DFA::process_work_queue(const char *header, dfaflags_t flags)
/* Update 'from's transitions, and if it transitions to any
* unknown State create it and add it to the work_queue
*/
- update_state_transitions(from);
+ update_state_transitions(opts, from);
} /* while (!work_queue.empty()) */
}
/**
* Construct a DFA from a syntax tree.
*/
-DFA::DFA(Node *root, dfaflags_t flags, bool buildfiledfa): root(root), filedfa(buildfiledfa)
+DFA::DFA(Node *root, optflags const &opts, bool buildfiledfa): root(root), filedfa(buildfiledfa)
{
diffcount = 0; /* set by diff_encode */
max_range = 256;
@@ -428,7 +446,7 @@ DFA::DFA(Node *root, dfaflags_t flags, bool buildfiledfa): root(root), filedfa(b
oob_range = 0;
ord_range = 8;
- if (flags & DFA_DUMP_PROGRESS)
+ if (opts.dump & DUMP_DFA_PROGRESS)
fprintf(stderr, "Creating dfa:\r");
for (depth_first_traversal i(root); i; i++) {
@@ -437,14 +455,14 @@ DFA::DFA(Node *root, dfaflags_t flags, bool buildfiledfa): root(root), filedfa(b
(*i)->compute_lastpos();
}
- if (flags & DFA_DUMP_PROGRESS)
+ if (opts.dump & DUMP_DFA_PROGRESS)
fprintf(stderr, "Creating dfa: followpos\r");
for (depth_first_traversal i(root); i; i++) {
(*i)->compute_followpos();
}
- nonmatching = add_new_state(new NodeSet, NULL);
- start = add_new_state(new NodeSet(root->firstpos), nonmatching);
+ nonmatching = add_new_state(opts, new NodeSet, NULL);
+ start = add_new_state(opts, new NodeSet(root->firstpos), nonmatching);
/* the work_queue contains the states that need to have their
* transitions computed. This could be done with a recursive
@@ -457,7 +475,7 @@ DFA::DFA(Node *root, dfaflags_t flags, bool buildfiledfa): root(root), filedfa(b
* work_queue at any given time, thus reducing peak memory use.
*/
work_queue.push_back(start);
- process_work_queue("Creating dfa", flags);
+ process_work_queue("Creating dfa", opts);
max_range += oob_range;
/* if oob_range is ever greater than 256 need to move to computing this */
if (oob_range)
@@ -471,10 +489,10 @@ DFA::DFA(Node *root, dfaflags_t flags, bool buildfiledfa): root(root), filedfa(b
(*i)->followpos.clear();
}
- if (flags & DFA_DUMP_NODE_TO_DFA)
+ if (opts.dump & DUMP_DFA_NODE_TO_DFA)
dump_node_to_dfa();
- if (flags & (DFA_DUMP_STATS)) {
+ if (opts.dump & (DUMP_DFA_STATS)) {
cerr << "\033[2KCreated dfa: states "
<< states.size()
<< " proto { "
@@ -537,10 +555,11 @@ void DFA::dump_uniq_perms(const char *s)
<< i->deny << " audit:" << i->audit
<< " quiet:" << i->quiet << dec << "\n";
}
+ //TODO: add prompt
}
/* Remove dead or unreachable states */
-void DFA::remove_unreachable(dfaflags_t flags)
+void DFA::remove_unreachable(optflags const &opts)
{
set<State *> reachable;
@@ -571,7 +590,7 @@ void DFA::remove_unreachable(dfaflags_t flags)
next = i;
next++;
if (reachable.find(*i) == reachable.end()) {
- if (flags & DFA_DUMP_UNREACHABLE) {
+ if (opts.dump & DUMP_DFA_UNREACHABLE) {
cerr << "unreachable: " << **i;
if (*i == start)
cerr << " <==";
@@ -586,7 +605,7 @@ void DFA::remove_unreachable(dfaflags_t flags)
}
}
- if (count && (flags & DFA_DUMP_STATS))
+ if (count && (opts.dump & DUMP_DFA_STATS))
cerr << "DFA: states " << states.size() << " removed "
<< count << " unreachable states\n";
}
@@ -644,43 +663,34 @@ int DFA::apply_and_clear_deny(void)
return c;
}
+
/* minimize the number of dfa states */
-void DFA::minimize(dfaflags_t flags)
+void DFA::minimize(optflags const &opts)
{
- map<pair<uint64_t, size_t>, Partition *> perm_map;
+ map<perms_t, Partition *> perm_map;
list<Partition *> partitions;
/* Set up the initial partitions
* minimum of - 1 non accepting, and 1 accepting
- * if trans hashing is used the accepting and non-accepting partitions
- * can be further split based on the number and type of transitions
- * a state makes.
- * If permission hashing is enabled the accepting partitions can
- * be further divided by permissions. This can result in not
- * obtaining a truly minimized dfa but comes close, and can speedup
- * minimization.
*/
int accept_count = 0;
int final_accept = 0;
for (Partition::iterator i = states.begin(); i != states.end(); i++) {
- size_t hash = 0;
- uint64_t permtype = ((uint64_t) (PACK_AUDIT_CTL((*i)->perms.audit, (*i)->perms.quiet & (*i)->perms.deny)) << 32) | (uint64_t) (*i)->perms.allow;
- pair<uint64_t, size_t> group = make_pair(permtype, hash);
- map<pair<uint64_t, size_t>, Partition *>::iterator p = perm_map.find(group);
+ map<perms_t, Partition *>::iterator p = perm_map.find((*i)->perms);
if (p == perm_map.end()) {
Partition *part = new Partition();
part->push_back(*i);
- perm_map.insert(make_pair(group, part));
+ perm_map.insert(make_pair((*i)->perms, part));
partitions.push_back(part);
(*i)->partition = part;
- if (permtype)
+ if ((*i)->perms.is_accept())
accept_count++;
} else {
(*i)->partition = p->second;
p->second->push_back(*i);
}
- if ((flags & DFA_DUMP_PROGRESS) && (partitions.size() % 1000 == 0))
+ if ((opts.dump & DUMP_DFA_PROGRESS) && (partitions.size() % 1000 == 0))
cerr << "\033[2KMinimize dfa: partitions "
<< partitions.size() << "\tinit " << partitions.size()
<< " (accept " << accept_count << ")\r";
@@ -692,7 +702,7 @@ void DFA::minimize(dfaflags_t flags)
perm_map.clear();
int init_count = partitions.size();
- if (flags & DFA_DUMP_PROGRESS)
+ if (opts.dump & DUMP_DFA_PROGRESS)
cerr << "\033[2KMinimize dfa: partitions " << partitions.size()
<< "\tinit " << init_count << " (accept "
<< accept_count << ")\r";
@@ -734,7 +744,7 @@ void DFA::minimize(dfaflags_t flags)
(*m)->partition = new_part;
}
}
- if ((flags & DFA_DUMP_PROGRESS) && (partitions.size() % 100 == 0))
+ if ((opts.dump & DUMP_DFA_PROGRESS) && (partitions.size() % 100 == 0))
cerr << "\033[2KMinimize dfa: partitions "
<< partitions.size() << "\tinit "
<< init_count << " (accept "
@@ -743,7 +753,7 @@ void DFA::minimize(dfaflags_t flags)
} while (new_part_count);
if (partitions.size() == states.size()) {
- if (flags & DFA_DUMP_STATS)
+ if (opts.dump & DUMP_DFA_STATS)
cerr << "\033[2KDfa minimization no states removed: partitions "
<< partitions.size() << "\tinit " << init_count
<< " (accept " << accept_count << ")\n";
@@ -757,13 +767,13 @@ void DFA::minimize(dfaflags_t flags)
* to states within the same partitions, however this can slow
* down compressed dfa compression as there are more states,
*/
- if (flags & DFA_DUMP_MIN_PARTS)
+ if (opts.dump & DUMP_DFA_MIN_PARTS)
cerr << "Partitions after minimization\n";
for (list<Partition *>::iterator p = partitions.begin();
p != partitions.end(); p++) {
/* representative state for this partition */
State *rep = *((*p)->begin());
- if (flags & DFA_DUMP_MIN_PARTS)
+ if (opts.dump & DUMP_DFA_MIN_PARTS)
cerr << *rep << " : ";
/* update representative state's transitions */
@@ -782,17 +792,17 @@ void DFA::minimize(dfaflags_t flags)
/* clear the state label for all non representative states,
* and accumulate permissions */
for (Partition::iterator i = ++(*p)->begin(); i != (*p)->end(); i++) {
- if (flags & DFA_DUMP_MIN_PARTS)
+ if (opts.dump & DUMP_DFA_MIN_PARTS)
cerr << **i << ", ";
(*i)->label = -1;
rep->perms.add((*i)->perms, filedfa);
}
if (rep->perms.is_accept())
final_accept++;
- if (flags & DFA_DUMP_MIN_PARTS)
+ if (opts.dump & DUMP_DFA_MIN_PARTS)
cerr << "\n";
}
- if (flags & DFA_DUMP_STATS)
+ if (opts.dump & DUMP_DFA_STATS)
cerr << "\033[2KMinimized dfa: final partitions "
<< partitions.size() << " (accept " << final_accept
<< ")" << "\tinit " << init_count << " (accept "
@@ -875,7 +885,7 @@ static int diff_partition(State *state, Partition &part, int max_range, int uppe
/**
* diff_encode - compress dfa by differentially encoding state transitions
- * @dfa_flags: flags controlling dfa creation
+ * @opts: flags controlling dfa creation
*
* This function reduces the number of transitions that need to be stored
* by encoding transitions as the difference between the state and a
@@ -910,7 +920,7 @@ static int diff_partition(State *state, Partition &part, int max_range, int uppe
* the state transition at most will only move 1 deeper into the DAG so for
* the next state the maximum number of states traversed is 2*7.
*/
-void DFA::diff_encode(dfaflags_t flags)
+void DFA::diff_encode(optflags const &opts)
{
DiffDag *dag;
unsigned int xcount = 0, xweight = 0, transitions = 0, depth = 0;
@@ -965,7 +975,7 @@ void DFA::diff_encode(dfaflags_t flags)
}
}
- if ((flags & DFA_DUMP_DIFF_PROGRESS) && (i % 100 == 0))
+ if ((opts.dump & DUMP_DFA_DIFF_PROGRESS) && (i % 100 == 0))
cerr << "\033[2KDiff Encode: " << i << " of "
<< tail << ". Diff states " << xcount
<< " Savings " << xweight << "\r";
@@ -992,7 +1002,7 @@ void DFA::diff_encode(dfaflags_t flags)
}
}
- if (flags & DFA_DUMP_DIFF_STATS)
+ if (opts.dump & DUMP_DFA_DIFF_STATS)
cerr << "Diff encode states: " << diffcount << " of "
<< tail << " reached @ depth " << depth << ". "
<< aweight << " trans removed\n";
@@ -1070,13 +1080,15 @@ void DFA::dump_diff_encode(ostream &os)
/**
* text-dump the DFA (for debugging).
*/
-void DFA::dump(ostream & os)
+void DFA::dump(ostream &os, Renumber_Map *renum)
{
for (Partition::iterator i = states.begin(); i != states.end(); i++) {
if (*i == start || (*i)->perms.is_accept()) {
- os << **i;
- if (*i == start)
- os << " <== (allow/deny/audit/quiet)";
+ os << make_pair(*i, renum);
+ if (*i == start) {
+ os << " <== ";
+ (*i)->perms.dump_header(os);
+ }
if ((*i)->perms.is_accept())
(*i)->perms.dump(os);
os << "\n";
@@ -1095,7 +1107,7 @@ void DFA::dump(ostream & os)
} else {
if (first) {
first = false;
- os << **i << " perms: ";
+ os << make_pair(*i, renum) << " perms: ";
if ((*i)->perms.is_accept())
(*i)->perms.dump(os);
else
@@ -1103,7 +1115,7 @@ void DFA::dump(ostream & os)
os << "\n";
}
os << " "; j->first.dump(os) << " -> " <<
- *(j)->second;
+ make_pair(j->second, renum);
if ((j)->second->perms.is_accept())
os << " ", (j->second)->perms.dump(os);
os << "\n";
@@ -1113,7 +1125,7 @@ void DFA::dump(ostream & os)
if ((*i)->otherwise != nonmatching) {
if (first) {
first = false;
- os << **i << " perms: ";
+ os << make_pair(*i, renum) << " perms: ";
if ((*i)->perms.is_accept())
(*i)->perms.dump(os);
else
@@ -1128,7 +1140,7 @@ void DFA::dump(ostream & os)
os << *k;
}
}
- os << "] -> " << *(*i)->otherwise;
+ os << "] -> " << make_pair((*i)->otherwise, renum);
if ((*i)->otherwise->perms.is_accept())
os << " ", (*i)->otherwise->perms.dump(os);
os << "\n";
@@ -1194,7 +1206,7 @@ void DFA::dump_dot_graph(ostream & os)
* Compute character equivalence classes in the DFA to save space in the
* transition table.
*/
-map<transchar, transchar> DFA::equivalence_classes(dfaflags_t flags)
+map<transchar, transchar> DFA::equivalence_classes(optflags const &opts)
{
map<transchar, transchar> classes;
transchar next_class = 1;
@@ -1251,7 +1263,7 @@ map<transchar, transchar> DFA::equivalence_classes(dfaflags_t flags)
}
}
- if (flags & DFA_DUMP_EQUIV_STATS)
+ if (opts.dump & DUMP_DFA_EQUIV_STATS)
fprintf(stderr, "Equiv class reduces to %d classes\n",
next_class.c - 1);
return classes;
@@ -1300,6 +1312,45 @@ void DFA::apply_equivalence_classes(map<transchar, transchar> &eq)
}
}
+void DFA::compute_perms_table_ent(State *state, size_t pos,
+ vector <aa_perms> &perms_table,
+ bool prompt)
+{
+ uint32_t accept1, accept2, accept3;
+
+ // until front end doesn't map the way it does
+ state->map_perms_to_accept(accept1, accept2, accept3, prompt);
+ if (filedfa) {
+ state->idx = pos * 2;
+ perms_table[pos*2] = compute_fperms_user(accept1, accept2, accept3);
+ perms_table[pos*2 + 1] = compute_fperms_other(accept1, accept2, accept3);
+ } else {
+ state->idx = pos;
+ perms_table[pos] = compute_perms_entry(accept1, accept2, accept3);
+ }
+}
+
+void DFA::compute_perms_table(vector <aa_perms> &perms_table, bool prompt)
+{
+ size_t mult = filedfa ? 2 : 1;
+ size_t pos = 2;
+
+ assert(states.size() >= 2);
+ perms_table.resize(states.size() * mult);
+
+ // nonmatching and start need to be 0 and 1 so handle outside of loop
+ compute_perms_table_ent(nonmatching, 0, perms_table, prompt);
+ compute_perms_table_ent(start, 1, perms_table, prompt);
+
+ for (Partition::iterator i = states.begin(); i != states.end(); i++) {
+ if (*i == nonmatching || *i == start)
+ continue;
+ compute_perms_table_ent(*i, pos, perms_table, prompt);
+ pos++;
+ }
+}
+
+
#if 0
typedef set <ImportantNode *>AcceptNodes;
map<ImportantNode *, AcceptNodes> dominance(DFA & dfa)
@@ -1329,77 +1380,190 @@ map<ImportantNode *, AcceptNodes> dominance(DFA & dfa)
}
#endif
-static inline int diff_qualifiers(uint32_t perm1, uint32_t perm2)
+static inline int diff_qualifiers(perm32_t perm1, perm32_t perm2)
{
return ((perm1 & AA_EXEC_TYPE) && (perm2 & AA_EXEC_TYPE) &&
(perm1 & AA_EXEC_TYPE) != (perm2 & AA_EXEC_TYPE));
}
+/* update a single permission based on priority - only called if match->perm | match-> audit bit set */
+static int pri_update_perm(optflags const &opts, vector<int> &priority, int i,
+ MatchFlag *match, perms_t &perms, perms_t &exact,
+ bool filedfa)
+{
+ if (priority[i] > match->priority) {
+ if (opts.dump & DUMP_DFA_PERMS)
+ cerr << " " << match << "[" << i << "]=" << priority[i] << " > " << match->priority << " SKIPPING " << hex << (match->perms) << "/" << (match->audit) << dec << "\n";
+ return 0;
+ }
+
+ perm32_t xmask = 0;
+ perm32_t mask = 1 << i;
+ perm32_t amask = mask;
+
+ // drop once we move the xindex out of the perms in the front end
+ if (filedfa) {
+ if (mask & AA_USER_EXEC) {
+ xmask = AA_USER_EXEC_TYPE;
+ // ix implies EXEC_MMAP
+ if (match->perms & AA_EXEC_INHERIT) {
+ xmask |= AA_USER_EXEC_MMAP;
+ //USER_EXEC_MAP = 6
+ if (priority[6] < match->priority)
+ priority[6] = match->priority;
+ }
+ amask = mask | xmask;
+ } else if (mask & AA_OTHER_EXEC) {
+ xmask = AA_OTHER_EXEC_TYPE;
+ // ix implies EXEC_MMAP
+ if (match->perms & AA_OTHER_EXEC_INHERIT) {
+ xmask |= AA_OTHER_EXEC_MMAP;
+ //OTHER_EXEC_MAP = 20
+ if (priority[20] < match->priority)
+ priority[20] = match->priority;
+ }
+ amask = mask | xmask;
+ } else if (((mask & AA_USER_EXEC_MMAP) &&
+ (match->perms & AA_USER_EXEC_INHERIT)) ||
+ ((mask & AA_OTHER_EXEC_MMAP) &&
+ (match->perms & AA_OTHER_EXEC_INHERIT))) {
+ // if exec && ix we handled mmp above
+ if (opts.dump & DUMP_DFA_PERMS)
+ cerr << " " << match << "[" << i << "]=" << priority[i] << " <= " << match->priority << " SKIPPING mmap unmasked " << hex << match->perms << "/" << match->audit << " masked " << (match->perms & amask) << "/" << (match->audit & amask) << " data " << (perms.allow & mask) << "/" << (perms.audit & mask) << " exact " << (exact.allow & mask) << "/" << (exact.audit & mask) << dec << "\n";
+ return 0;
+ }
+ }
+
+ if (opts.dump & DUMP_DFA_PERMS)
+ cerr << " " << match << "[" << i << "]=" << priority[i] << " vs. " << match->priority << " mask: " << hex << mask << " xmask: " << xmask << " amask: " << amask << dec << "\n";
+ if (priority[i] < match->priority) {
+ if (opts.dump & DUMP_DFA_PERMS)
+ cerr << " " << match << "[" << i << "]=" << priority[i] << " < " << match->priority << " clearing " << hex << (perms.allow & amask) << "/" << (perms.audit & amask) << " -> " << dec;
+ priority[i] = match->priority;
+ perms.clear_bits(amask);
+ exact.clear_bits(amask);
+ if (opts.dump & DUMP_DFA_PERMS)
+ cerr << hex << (perms.allow & amask) << "/" << (perms.audit & amask) << dec << "\n";
+ }
+
+ // the if conditions in order of permission priority
+ if (match->is_type(NODE_TYPE_DENYMATCHFLAG)) {
+ if (opts.dump & DUMP_DFA_PERMS)
+ cerr << " " << match << "[" << i << "]=" << priority[i] << " <= " << match->priority << " deny " << hex << (match->perms & amask) << "/" << (match->audit & amask) << dec << "\n";
+ perms.deny |= match->perms & amask;
+ perms.quiet |= match->audit & amask;
+
+ perms.allow &= ~amask;
+ perms.audit &= ~amask;
+ perms.prompt &= ~amask;
+ } else if (match->is_type(NODE_TYPE_EXACTMATCHFLAG)) {
+ /* exact match only asserts dominance on the XTYPE */
+ if (opts.dump & DUMP_DFA_PERMS)
+ cerr << " " << match << "[" << i << "]=" << priority[i] << " <= " << match->priority << " exact " << hex << (match->perms & amask) << "/" << (match->audit & amask) << dec << "\n";
+ if (filedfa &&
+ !is_merged_x_consistent(exact.allow, match->perms & amask)) {
+ if (opts.dump & DUMP_DFA_PERMS)
+ cerr << " " << match << "[" << i << "]=" << priority[i] << " <= " << match->priority << " exact match conflict" << "\n";
+ return 1;
+ }
+ exact.allow |= match->perms & amask;
+ exact.audit |= match->audit & amask;
+
+ // dominance is only done for XTYPE so only clear that
+ // note xmask only set if setting x perm bit, so this
+ // won't clear for other bit types
+ perms.allow &= ~xmask;
+ perms.audit &= ~xmask;
+ perms.prompt &= ~xmask;
+
+ perms.allow |= match->perms & amask;
+ perms.audit |= match->audit & amask;
+ // can't specify exact prompt atm
+
+ } else if (!match->is_type(NODE_TYPE_PROMPTMATCHFLAG)) {
+ // allow perms, if exact has been encountered will already be set
+ // if overlaps x here, don't conflict, because exact will override
+ if (opts.dump & DUMP_DFA_PERMS)
+ cerr << " " << match << "[" << i << "]=" << priority[i] << " <= " << match->priority << " allow " << hex << (match->perms & amask) << "/" << (match->audit & amask) << dec << "\n";
+ if (filedfa && !(exact.allow & mask) &&
+ !is_merged_x_consistent(perms.allow, match->perms & amask)) {
+ if (opts.dump & DUMP_DFA_PERMS)
+ cerr << " " << match << "[" << i << "]=" << priority[i] << " <= " << match->priority << " allow match conflict" << "\n";
+ return 1;
+ }
+ // mask off if XTYPE in xmatch
+ if ((exact.allow | exact.audit) & mask) {
+ // mask == amask & ~xmask
+ perms.allow |= match->perms & mask;
+ perms.audit |= match->audit & mask;
+ } else {
+ perms.allow |= match->perms & amask;
+ perms.audit |= match->audit & amask;
+ }
+ } else { // if (match->is_type(NODE_TYPE_PROMPTMATCHFLAG)) {
+ if (opts.dump & DUMP_DFA_PERMS)
+ cerr << " " << match << "[" << i << "]=" << priority[i] << " <= " << match->priority << " promt " << hex << (match->perms & amask) << "/" << (match->audit & amask) << dec << "\n";
+ if (filedfa && !((exact.allow | perms.allow) & mask) &&
+ !is_merged_x_consistent(perms.allow, match->perms & amask)) {
+ if (opts.dump & DUMP_DFA_PERMS)
+ cerr << " " << match << "[" << i << "]=" << priority[i] << " <= " << match->priority << " prompt match conflict" << "\n";
+ return 1;
+ }
+ if ((exact.allow | exact.audit | perms.allow | perms.audit) & mask) {
+ // mask == amask & ~xmask
+ perms.prompt |= match->perms & mask;
+ perms.audit |= match->audit & mask;
+ } else {
+ perms.prompt |= match->perms & amask;
+ perms.audit |= match->audit & amask;
+ }
+ }
+
+ return 0;
+}
+
/**
* Compute the permission flags that this state corresponds to. If we
* have any exact matches, then they override the execute and safe
* execute flags.
*/
-int accept_perms(NodeSet *state, perms_t &perms, bool filedfa)
+int accept_perms(optflags const &opts, NodeVec *state, perms_t &perms,
+ bool filedfa)
{
int error = 0;
- uint32_t exact_match_allow = 0;
- uint32_t exact_audit = 0;
-
+ perms_t exact;
+ std::vector<int> priority(sizeof(perm32_t)*8, MIN_INTERNAL_PRIORITY); // 32 but wan't tied to perm32_t
perms.clear();
if (!state)
return error;
-
- for (NodeSet::iterator i = state->begin(); i != state->end(); i++) {
+ if (opts.dump & DUMP_DFA_PERMS)
+ cerr << "Building\n";
+ for (NodeVec::iterator i = state->begin(); i != state->end(); i++) {
if (!(*i)->is_type(NODE_TYPE_MATCHFLAG))
continue;
MatchFlag *match = static_cast<MatchFlag *>(*i);
- if (match->is_type(NODE_TYPE_EXACTMATCHFLAG)) {
- /* exact match only ever happens with x */
- if (filedfa && !is_merged_x_consistent(exact_match_allow,
- match->flag))
- error = 1;;
- exact_match_allow |= match->flag;
- exact_audit |= match->audit;
- } else if (match->is_type(NODE_TYPE_DENYMATCHFLAG)) {
- perms.deny |= match->flag;
- perms.quiet |= match->audit;
- } else {
- if (filedfa && !is_merged_x_consistent(perms.allow, match->flag))
- error = 1;
- perms.allow |= match->flag;
- perms.audit |= match->audit;
- }
- }
- if (filedfa) {
- perms.allow |= exact_match_allow & ~(ALL_AA_EXEC_TYPE);
- perms.audit |= exact_audit & ~(ALL_AA_EXEC_TYPE);
- } else {
- perms.allow |= exact_match_allow;
- perms.audit |= exact_audit;
- }
- if (exact_match_allow & AA_USER_EXEC) {
- perms.allow = (exact_match_allow & AA_USER_EXEC_TYPE) |
- (perms.allow & ~AA_USER_EXEC_TYPE);
- perms.exact = AA_USER_EXEC_TYPE;
+ perm32_t bit = 1;
+ perm32_t check = match->perms | match->audit;
+ if (filedfa)
+ check &= ~ALL_AA_EXEC_TYPE;
+
+ for (int i = 0; check; i++) {
+ if (check & bit) {
+ error = pri_update_perm(opts, priority, i, match, perms, exact, filedfa);
+ if (error)
+ goto out;
+ }
+ check &= ~bit;
+ bit <<= 1;
+ }
}
- if (exact_match_allow & AA_OTHER_EXEC) {
- perms.allow = (exact_match_allow & AA_OTHER_EXEC_TYPE) |
- (perms.allow & ~AA_OTHER_EXEC_TYPE);
- perms.exact |= AA_OTHER_EXEC_TYPE;
+ if (opts.dump & DUMP_DFA_PERMS) {
+ cerr << " computed: "; perms.dump(cerr); cerr << "\n";
}
- if (filedfa && (AA_USER_EXEC & perms.deny))
- perms.deny |= AA_USER_EXEC_TYPE;
-
- if (filedfa && (AA_OTHER_EXEC & perms.deny))
- perms.deny |= AA_OTHER_EXEC_TYPE;
-
- perms.allow &= ~perms.deny;
- perms.quiet &= perms.deny;
-
+out:
if (error)
fprintf(stderr, "profile has merged rule with conflicting x modifiers\n");
diff --git a/parser/libapparmor_re/hfa.h b/parser/libapparmor_re/hfa.h
index 451d74659f8a8c0be97c41c73cbab4e391636c77..e4b9590b15de68d0f58c3443440331a56b418f0f 100644
--- a/parser/libapparmor_re/hfa.h
+++ b/parser/libapparmor_re/hfa.h
@@ -27,11 +27,16 @@
#include <list>
#include <map>
#include <vector>
+#include <iostream>
#include <assert.h>
+#include <limits.h>
#include <stdint.h>
#include "expr-tree.h"
+#include "policy_compat.h"
+#include "../rule.h"
+extern int prompt_compat_mode;
#define DiffEncodeFlag 1
@@ -47,18 +52,35 @@ ostream &operator<<(ostream &os, State &state);
class perms_t {
public:
- perms_t(void): allow(0), deny(0), audit(0), quiet(0), exact(0) { };
+ perms_t(void): allow(0), deny(0), prompt(0), audit(0), quiet(0), exact(0) { };
- bool is_accept(void) { return (allow | audit | quiet); }
+ bool is_accept(void) { return (allow | deny | prompt | audit | quiet); }
+ void dump_header(ostream &os)
+ {
+ os << "(allow/deny/prompt/audit/quiet)";
+ }
void dump(ostream &os)
{
- os << " (0x " << hex
- << allow << "/" << deny << "/" << audit << "/" << quiet
+ os << "(0x " << hex
+ << allow << "/" << deny << "/" << "/" << prompt << "/" << audit << "/" << quiet
<< ')' << dec;
}
- void clear(void) { allow = deny = audit = quiet = 0; }
+ void clear(void) {
+ allow = deny = prompt = audit = quiet = exact = 0;
+ }
+
+ void clear_bits(perm32_t bits)
+ {
+ allow &= ~bits;
+ deny &= ~bits;
+ prompt &= ~bits;
+ audit &= ~bits;
+ quiet &= ~bits;
+ exact &= ~bits;
+ }
+
void add(perms_t &rhs, bool filedfa)
{
deny |= rhs.deny;
@@ -95,6 +117,7 @@ public:
allow = (allow | (rhs.allow & ~ALL_AA_EXEC_TYPE));
else
allow |= rhs.allow;
+ prompt |= rhs.prompt;
audit |= rhs.audit;
quiet = (quiet | rhs.quiet);
@@ -108,11 +131,23 @@ public:
*/
}
+
+ /* returns true if perm is no longer accept */
int apply_and_clear_deny(void)
{
if (deny) {
allow &= ~deny;
- quiet &= deny;
+ exact &= ~deny;
+ prompt &= ~deny;
+ /* don't change audit or quiet based on clearing
+ * deny at this stage. This was made unique in
+ * accept_perms, and the info about whether
+ * we are auditing or quieting based on the explicit
+ * deny has been discarded and can only be inferred.
+ * But we know it is correct from accept_perms()
+ * audit &= deny;
+ * quiet &= deny;
+ */
deny = 0;
return !is_accept();
}
@@ -125,28 +160,31 @@ public:
return allow < rhs.allow;
if (deny < rhs.deny)
return deny < rhs.deny;
+ if (prompt < rhs.prompt)
+ return prompt < rhs.prompt;
if (audit < rhs.audit)
return audit < rhs.audit;
return quiet < rhs.quiet;
}
- uint32_t allow, deny, audit, quiet, exact;
+ perm32_t allow, deny, prompt, audit, quiet, exact;
};
-int accept_perms(NodeSet *state, perms_t &perms, bool filedfa);
+int accept_perms(optflags const &opts, NodeVec *state, perms_t &perms,
+ bool filedfa);
/*
* ProtoState - NodeSet and ancillery information used to create a state
*/
class ProtoState {
public:
- hashedNodeVec *nnodes;
- NodeSet *anodes;
+ NodeVec *nnodes;
+ NodeVec *anodes;
/* init is used instead of a constructor because ProtoState is used
* in a union
*/
- void init(hashedNodeVec *n, NodeSet *a = NULL)
+ void init(NodeVec *n, NodeVec *a = NULL)
{
nnodes = n;
anodes = a;
@@ -197,8 +235,9 @@ struct DiffDag {
*/
class State {
public:
- State(int l, ProtoState &n, State *other, bool filedfa):
- label(l), flags(0), perms(), trans()
+ State(optflags const &opts, int l, ProtoState &n, State *other,
+ bool filedfa):
+ label(l), flags(0), idx(0), perms(), trans()
{
int error;
@@ -210,7 +249,7 @@ public:
proto = n;
/* Compute permissions associated with the State. */
- error = accept_perms(n.anodes, perms, filedfa);
+ error = accept_perms(opts, n.anodes, perms, filedfa);
if (error) {
//cerr << "Failing on accept perms " << error << "\n";
throw error;
@@ -248,9 +287,20 @@ public:
void flatten_relative(State *, int upper_bound);
int apply_and_clear_deny(void) { return perms.apply_and_clear_deny(); }
+ void map_perms_to_accept(perm32_t &accept1, perm32_t &accept2,
+ perm32_t &accept3, bool prompt)
+ {
+ accept1 = perms.allow;
+ if (prompt && prompt_compat_mode == PROMPT_COMPAT_DEV)
+ accept2 = PACK_AUDIT_CTL(perms.prompt, perms.quiet);
+ else
+ accept2 = PACK_AUDIT_CTL(perms.audit, perms.quiet);
+ accept3 = perms.prompt;
+ }
int label;
int flags;
+ int idx;
perms_t perms;
StateTrans trans;
State *otherwise;
@@ -298,49 +348,59 @@ public:
}
};
+typedef map<const State *, size_t> Renumber_Map;
/* Transitions in the DFA. */
class DFA {
void dump_node_to_dfa(void);
- State *add_new_state(NodeSet *nodes, State *other);
- State *add_new_state(NodeSet *anodes, NodeSet *nnodes, State *other);
- void update_state_transitions(State *state);
- void process_work_queue(const char *header, dfaflags_t);
+ State *add_new_state(optflags const &opts, NodeSet *nodes,
+ State *other);
+ State *add_new_state(optflags const &opts,NodeSet *anodes,
+ NodeSet *nnodes, State *other);
+ void update_state_transitions(optflags const &opts, State *state);
+ void process_work_queue(const char *header, optflags const &);
void dump_diff_chain(ostream &os, map<State *, Partition> &relmap,
Partition &chain, State *state,
unsigned int &count, unsigned int &total,
unsigned int &max);
/* temporary values used during computations */
- NodeCache anodes_cache;
+ NodeVecCache anodes_cache;
NodeVecCache nnodes_cache;
NodeMap node_map;
list<State *> work_queue;
public:
- DFA(Node *root, dfaflags_t flags, bool filedfa);
+ DFA(Node *root, optflags const &flags, bool filedfa);
virtual ~DFA();
State *match_len(State *state, const char *str, size_t len);
State *match_until(State *state, const char *str, const char term);
State *match(const char *str);
- void remove_unreachable(dfaflags_t flags);
+ void remove_unreachable(optflags const &flags);
bool same_mappings(State *s1, State *s2);
- void minimize(dfaflags_t flags);
+ void minimize(optflags const &flags);
int apply_and_clear_deny(void);
+ void clear_priorities(void);
- void diff_encode(dfaflags_t flags);
+ void diff_encode(optflags const &flags);
void undiff_encode(void);
void dump_diff_encode(ostream &os);
- void dump(ostream &os);
+ void dump(ostream &os, Renumber_Map *renum);
void dump_dot_graph(ostream &os);
void dump_uniq_perms(const char *s);
- map<transchar, transchar> equivalence_classes(dfaflags_t flags);
+ map<transchar, transchar> equivalence_classes(optflags const &flags);
void apply_equivalence_classes(map<transchar, transchar> &eq);
+ void compute_perms_table_ent(State *state, size_t pos,
+ vector <aa_perms> &perms_table,
+ bool prompt);
+ void compute_perms_table(vector <aa_perms> &perms_table,
+ bool prompt);
+
unsigned int diffcount;
int oob_range;
int max_range;
diff --git a/parser/libapparmor_re/parse.y b/parser/libapparmor_re/parse.y
index 3006880b6a98c5bda2d856d4e161753bc8911d42..4a89b81e00f598e8eece8ea704bef03bb3785db4 100644
--- a/parser/libapparmor_re/parse.y
+++ b/parser/libapparmor_re/parse.y
@@ -72,6 +72,7 @@ static inline Chars* insert_char_range(Chars* cset, transchar a, transchar b)
* parsing succeeds!
*/
%destructor { $$->release(); } expr terms0 terms qterm term
+%destructor { delete $$; } charset cset_chars
%%
diff --git a/parser/libapparmor_re/policy_compat.cc b/parser/libapparmor_re/policy_compat.cc
new file mode 100644
index 0000000000000000000000000000000000000000..5e0e0ae83e257443d6e36e8831ec75c342250c24
--- /dev/null
+++ b/parser/libapparmor_re/policy_compat.cc
@@ -0,0 +1,220 @@
+/*
+ * Copyright (c) 2022
+ * Canonical, Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Novell, Inc. or Canonical
+ * Ltd.
+ */
+/*
+ * This is a set of functions to provide convertion from old style permission
+ * mappings, to new style kernel mappings. It is based on the kernel to
+ * as the kernel needs this for backwards compatibility. This allows the
+ * userspace to convert to the new permission mapping without reworking
+ * the internal dfa permission tracking.
+ *
+ * In the future this code will be converted to go the reverse direction
+ * i.e. new mappings into old, which the parser will need for backwards
+ * compat with old kernels.
+ */
+
+#include <stdint.h>
+#include <iostream>
+
+#include "policy_compat.h"
+#include "../perms.h"
+#include "../rule.h"
+extern int prompt_compat_mode;
+
+
+/* remap old accept table embedded permissions to separate permission table */
+static uint32_t dfa_map_xindex(uint16_t mask)
+{
+ uint16_t old_index = (mask >> 10) & 0xf;
+ uint32_t index = 0;
+
+ if (mask & 0x100)
+ index |= AA_X_UNSAFE;
+ if (mask & 0x200)
+ index |= AA_X_INHERIT;
+ if (mask & 0x80)
+ index |= AA_X_UNCONFINED;
+
+ if (old_index == 1) {
+ index |= AA_X_UNCONFINED;
+ } else if (old_index == 2) {
+ index |= AA_X_NAME;
+ } else if (old_index == 3) {
+ index |= AA_X_NAME | AA_X_CHILD;
+ } else if (old_index) {
+ index |= AA_X_TABLE;
+ index |= old_index - 4;
+ }
+
+ return index;
+}
+
+/*
+ * map old dfa inline permissions to new format
+ */
+#define dfa_user_allow(accept1) (((accept1) & 0x7f) | \
+ ((accept1) & 0x80000000))
+#define dfa_user_xbits(accept1) (((accept1) >> 7) & 0x7f)
+#define dfa_user_audit(accept1, accept2) ((accept2) & 0x7f)
+#define dfa_user_quiet(accept1, accept2) (((accept2) >> 7) & 0x7f)
+#define dfa_user_xindex(accept1) \
+ (dfa_map_xindex(accept1 & 0x3fff))
+
+#define dfa_other_allow(accept1) ((((accept1) >> 14) & \
+ 0x7f) | \
+ ((accept1) & 0x80000000))
+#define dfa_other_xbits(accept1) \
+ ((((accept1) >> 7) >> 14) & 0x7f)
+#define dfa_other_audit(accept1, accept2) (((accept2) >> 14) & 0x7f)
+#define dfa_other_quiet(accept1, accept2) \
+ ((((accept2) >> 7) >> 14) & 0x7f)
+#define dfa_other_xindex(accept1) \
+ dfa_map_xindex((accept1 >> 14) & 0x3fff)
+
+/**
+ * map_old_perms - map old file perms layout to the new layout
+ * @old: permission set in old mapping
+ *
+ * Returns: new permission mapping
+ */
+static uint32_t map_old_perms(uint32_t old)
+{
+ uint32_t perm = old & 0xf;
+
+ if (old & AA_MAY_READ)
+ perm |= AA_MAY_GETATTR | AA_MAY_OPEN;
+ if (old & AA_MAY_WRITE)
+ perm |= AA_MAY_SETATTR | AA_MAY_CREATE | AA_MAY_DELETE |
+ AA_MAY_CHMOD | AA_MAY_CHOWN | AA_MAY_OPEN;
+ if (old & 0x10)
+ perm |= AA_MAY_LINK;
+ /* the old mapping lock and link_subset flags where overlaid
+ * and use was determined by part of a pair that they were in
+ */
+ if (old & 0x20)
+ perm |= AA_MAY_LOCK | AA_LINK_SUBSET;
+ if (old & 0x40) /* AA_EXEC_MMAP */
+ perm |= AA_EXEC_MMAP;
+
+ return perm;
+}
+
+static void compute_fperms_allow(struct aa_perms *perms, uint32_t accept1)
+{
+ perms->allow |= AA_MAY_GETATTR;
+
+ /* change_profile wasn't determined by ownership in old mapping */
+ if (accept1 & 0x80000000)
+ perms->allow |= AA_MAY_CHANGE_PROFILE;
+ if (accept1 & 0x40000000)
+ perms->allow |= AA_MAY_ONEXEC;
+}
+
+struct aa_perms compute_fperms_user(uint32_t accept1, uint32_t accept2,
+ uint32_t accept3)
+{
+ struct aa_perms perms = { };
+
+ perms.allow = map_old_perms(dfa_user_allow(accept1));
+ perms.prompt = map_old_perms(dfa_user_allow(accept3));
+ perms.audit = map_old_perms(dfa_user_audit(accept1, accept2));
+ perms.quiet = map_old_perms(dfa_user_quiet(accept1, accept2));
+ if (prompt_compat_mode != PROMPT_COMPAT_PERMSV1)
+ perms.xindex = dfa_user_xindex(accept1);
+
+ compute_fperms_allow(&perms, accept1);
+ perms.prompt &= ~(perms.allow | perms.deny);
+ return perms;
+}
+
+struct aa_perms compute_fperms_other(uint32_t accept1, uint32_t accept2,
+ uint32_t accept3)
+{
+ struct aa_perms perms = { };
+
+ perms.allow = map_old_perms(dfa_other_allow(accept1));
+ perms.prompt = map_old_perms(dfa_other_allow(accept3));
+ perms.audit = map_old_perms(dfa_other_audit(accept1, accept2));
+ perms.quiet = map_old_perms(dfa_other_quiet(accept1, accept2));
+ if (prompt_compat_mode != PROMPT_COMPAT_PERMSV1)
+ perms.xindex = dfa_other_xindex(accept1);
+
+ compute_fperms_allow(&perms, accept1);
+ perms.prompt &= ~(perms.allow | perms.deny);
+ return perms;
+}
+
+static uint32_t map_other(uint32_t x)
+{
+ return ((x & 0x3) << 8) | /* SETATTR/GETATTR */
+ ((x & 0x1c) << 18) | /* ACCEPT/BIND/LISTEN */
+ ((x & 0x60) << 19); /* SETOPT/GETOPT */
+}
+
+static uint32_t map_xbits(uint32_t x)
+{
+ return ((x & 0x1) << 7) |
+ ((x & 0x7e) << 9);
+}
+
+struct aa_perms compute_perms_entry(uint32_t accept1, uint32_t accept2,
+ uint32_t accept3)
+// don't need to worry about version internally within the parser
+// uint32_t version)
+{
+ struct aa_perms perms = { };
+
+ perms.allow = dfa_user_allow(accept1);
+ perms.prompt = dfa_user_allow(accept3);
+ perms.audit = dfa_user_audit(accept1, accept2);
+ perms.quiet = dfa_user_quiet(accept1, accept2);
+ if (accept1 & AA_COMPAT_CONT_MATCH)
+ perms.allow |= AA_CONT_MATCH;
+
+ /*
+ * This mapping is convulated due to history.
+ * v1-v4: only file perms, which are handled by compute_fperms
+ * v5: added policydb which dropped user conditional to gain new
+ * perm bits, but had to map around the xbits because the
+ * userspace compiler was still munging them.
+ * v9: adds using the xbits in policydb because the compiler now
+ * supports treating policydb permission bits different.
+ * Unfortunately there is no way to force auditing on the
+ * perms represented by the xbits
+ */
+ perms.allow |= map_other(dfa_other_allow(accept1));
+ // v9 encoding never rolled out. AA_MAY_LOCK needed to fix
+ // non fs unix locking see kernel commit
+ // 1cf26c3d2c4c apparmor: fix apparmor mediating locking non-fs unix sockets
+ //if (VERSION_LE(version, v8))
+ perms.allow |= AA_MAY_LOCK;
+ //else
+ // perms.allow |= map_xbits(dfa_user_xbits(dfa, state));
+
+ /*
+ * for v5-v9 perm mapping in the policydb, the other set is used
+ * to extend the general perm set
+ */
+ perms.prompt |= map_other(dfa_other_allow(accept3));
+ perms.audit |= map_other(dfa_other_audit(accept1, accept2));
+ perms.quiet |= map_other(dfa_other_quiet(accept1, accept2));
+ //if (VERSION_GT(version, v8))
+ // perms.quiet |= map_xbits(dfa_other_xbits(dfa, state));
+
+ return perms;
+}
+
diff --git a/parser/libapparmor_re/policy_compat.h b/parser/libapparmor_re/policy_compat.h
new file mode 100644
index 0000000000000000000000000000000000000000..7563c41bf40bf6a763b1811fa605af3692e93aa5
--- /dev/null
+++ b/parser/libapparmor_re/policy_compat.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2022
+ * Canonical, Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Novell, Inc. or Canonical
+ * Ltd.
+ */
+#ifndef __AA_POLICY_COMPAT_H
+#define __AA_POLICY_COMPAT_H
+
+struct aa_perms compute_fperms_user(uint32_t accept1, uint32_t accept2, uint32_t accept3);
+struct aa_perms compute_fperms_other(uint32_t accept1, uint32_t accept2, uint32_t accept3);
+struct aa_perms compute_perms_entry(uint32_t accept1, uint32_t accept2, uint32_t accept3);
+
+#endif /* __AA_POLICY_COMPAT_H */
diff --git a/parser/mount.cc b/parser/mount.cc
index 30de90e0dd4f808ae20d26b868d8b74fad175778..0bd4ecf3f8c76367a9d815f6798b1b24487fe210 100644
--- a/parser/mount.cc
+++ b/parser/mount.cc
@@ -234,6 +234,7 @@ struct mnt_keyword_table {
unsigned int clear;
};
+// keep in sync with utils/apparmor/rule/mount.py flags_keywords
static struct mnt_keyword_table mnt_opts_table[] = {
{"ro", MS_RDONLY, 0},
{"r", MS_RDONLY, 0},
@@ -246,8 +247,8 @@ static struct mnt_keyword_table mnt_opts_table[] = {
{"nodev", MS_NODEV, 0},
{"exec", 0, MS_NOEXEC},
{"noexec", MS_NOEXEC, 0},
- {"sync", MS_SYNC, 0},
- {"async", 0, MS_SYNC},
+ {"sync", MS_SYNCHRONOUS, 0},
+ {"async", 0, MS_SYNCHRONOUS},
{"remount", MS_REMOUNT, 0},
{"mand", MS_MAND, 0},
{"nomand", 0, MS_MAND},
@@ -312,10 +313,16 @@ static struct mnt_keyword_table mnt_conds_table[] = {
static ostream &dump_flags(ostream &os,
pair <unsigned int, unsigned int> flags)
{
+ bool is_first = true;
for (int i = 0; mnt_opts_table[i].keyword; i++) {
if ((flags.first & mnt_opts_table[i].set) ||
- (flags.second & mnt_opts_table[i].clear))
+ (flags.second & mnt_opts_table[i].clear)) {
+ if (!is_first) {
+ os << ", ";
+ }
+ is_first = false;
os << mnt_opts_table[i].keyword;
+ }
}
return os;
}
@@ -477,9 +484,10 @@ static void process_one_option(struct cond_entry *&opts, unsigned int &flags,
mnt_rule::mnt_rule(struct cond_entry *src_conds, char *device_p,
struct cond_entry *dst_conds unused, char *mnt_point_p,
- int allow_p):
+ perm32_t perms_p):
+ perms_rule_t(AA_CLASS_MOUNT),
mnt_point(mnt_point_p), device(device_p), trans(NULL), opts(NULL),
- flagsv(0), opt_flagsv(0), audit(0), deny(0)
+ flagsv(0), opt_flagsv(0)
{
/* FIXME: dst_conds are ignored atm */
dev_type = extract_fstype(&src_conds);
@@ -516,7 +524,7 @@ mnt_rule::mnt_rule(struct cond_entry *src_conds, char *device_p,
/* throw away tmpinv_flags, only needed in
* consistancy check
*/
- if (allow_p & AA_DUMMY_REMOUNT)
+ if (perms_p & AA_DUMMY_REMOUNT)
tmpflags |= MS_REMOUNT;
if (conflicting_flags(tmpflags, tmpinv_flags)) {
@@ -536,7 +544,7 @@ mnt_rule::mnt_rule(struct cond_entry *src_conds, char *device_p,
if (!(flagsv.size() + opt_flagsv.size())) {
/* no flag options, and not remount, allow everything */
- if (allow_p & AA_DUMMY_REMOUNT) {
+ if (perms_p & AA_DUMMY_REMOUNT) {
flagsv.push_back(MS_REMOUNT);
opt_flagsv.push_back(MS_REMOUNT_FLAGS & ~MS_REMOUNT);
} else {
@@ -545,7 +553,7 @@ mnt_rule::mnt_rule(struct cond_entry *src_conds, char *device_p,
}
} else if (!(flagsv.size())) {
/* no flags but opts set */
- if (allow_p & AA_DUMMY_REMOUNT)
+ if (perms_p & AA_DUMMY_REMOUNT)
flagsv.push_back(MS_REMOUNT);
else
flagsv.push_back(0);
@@ -553,19 +561,21 @@ mnt_rule::mnt_rule(struct cond_entry *src_conds, char *device_p,
opt_flagsv.push_back(0);
}
- if (allow_p & AA_DUMMY_REMOUNT) {
- allow_p = AA_MAY_MOUNT;
+ if (perms_p & AA_DUMMY_REMOUNT) {
+ perms_p = AA_MAY_MOUNT;
}
- allow = allow_p;
+ perms = perms_p;
}
ostream &mnt_rule::dump(ostream &os)
{
- if (allow & AA_MAY_MOUNT)
+ prefix_rule_t::dump(os);
+
+ if (perms & AA_MAY_MOUNT)
os << "mount";
- else if (allow & AA_MAY_UMOUNT)
+ else if (perms & AA_MAY_UMOUNT)
os << "umount";
- else if (allow & AA_MAY_PIVOTROOT)
+ else if (perms & AA_MAY_PIVOTROOT)
os << "pivotroot";
else
os << "error: unknown mount perm";
@@ -590,8 +600,8 @@ ostream &mnt_rule::dump(ostream &os)
if (trans)
os << " -> " << trans;
- const char *prefix = deny ? "deny" : "";
- os << " " << prefix << "(0x" << hex << allow << "/0x" << audit << ")";
+
+ os << " " << "(0x" << hex << perms << "/0x" << (audit != AUDIT_UNSPECIFIED ? perms : 0) << ")";
os << ",\n";
return os;
@@ -629,6 +639,50 @@ int mnt_rule::expand_variables(void)
return 0;
}
+static int cmp_vec_int(std::vector<unsigned int> const &lhs,
+ std::vector<unsigned int> const &rhs)
+{
+ int res = lhs.size() - rhs.size();
+ if (res)
+ return res;
+
+ for (unsigned long i = 0; i < lhs.size(); i++) {
+ res = lhs[i] - rhs[i];
+ if (res)
+ return res;
+ }
+
+ return 0;
+}
+
+int mnt_rule::cmp(rule_t const &rhs) const {
+ int res = perms_rule_t::cmp(rhs);
+ if (res != 0)
+ return res;
+ mnt_rule const &rhs_mnt = rule_cast<mnt_rule const &>(rhs);
+ res = null_strcmp(mnt_point, rhs_mnt.mnt_point);
+ if (res)
+ return res;
+ res = null_strcmp(device, rhs_mnt.device);
+ if (res)
+ return res;
+ res = null_strcmp(trans, rhs_mnt.trans);
+ if (res)
+ return res;
+
+ res = cmp_value_list(dev_type, rhs_mnt.dev_type);
+ if (res)
+ return res;
+ res = cmp_value_list(opts, rhs_mnt.opts);
+ if (res)
+ return res;
+
+ res = cmp_vec_int(flagsv, rhs_mnt.flagsv);
+ if (res)
+ return res;
+ return cmp_vec_int(opt_flagsv, rhs_mnt.opt_flagsv);
+ }
+
static int build_mnt_flags(char *buffer, int size, unsigned int flags,
unsigned int opt_flags)
{
@@ -709,7 +763,6 @@ int mnt_rule::gen_policy_remount(Profile &prof, int &count,
std::string optsbuf;
char class_mount_hdr[64];
const char *vec[5];
- int tmpallow;
sprintf(class_mount_hdr, "\\x%02x", AA_CLASS_MOUNT);
@@ -737,15 +790,22 @@ int mnt_rule::gen_policy_remount(Profile &prof, int &count,
vec[3] = flagsbuf;
- if (opts)
- tmpallow = AA_MATCH_CONT;
- else
- tmpallow = allow;
-
- /* rule for match without required data || data MATCH_CONT */
- if (!prof.policy.rules->add_rule_vec(deny, tmpallow,
- audit | AA_AUDIT_MNT_DATA, 4,
- vec, dfaflags, false))
+ perm32_t tmpperms, tmpaudit;
+ if (opts) {
+ tmpperms = AA_MATCH_CONT;
+ tmpaudit = 0;
+ } else {
+ /* dependent on full expansion of any data match perms */
+ tmpperms = perms;
+ tmpaudit = audit == AUDIT_FORCE ? perms : 0;
+ }
+ /* match for up to but not including data
+ * if a data match is required this only has AA_MATCH_CONT perms
+ * else it has full perms
+ */
+ if (!prof.policy.rules->add_rule_vec(priority, rule_mode, tmpperms,
+ tmpaudit, 4, vec, parseopts,
+ false))
goto fail;
count++;
@@ -755,9 +815,9 @@ int mnt_rule::gen_policy_remount(Profile &prof, int &count,
if (!build_mnt_opts(optsbuf, opts))
goto fail;
vec[4] = optsbuf.c_str();
- if (!prof.policy.rules->add_rule_vec(deny, allow,
- audit | AA_AUDIT_MNT_DATA,
- 5, vec, dfaflags, false))
+ if (!prof.policy.rules->add_rule_vec(priority, rule_mode, perms,
+ (audit == AUDIT_FORCE ? perms : 0),
+ 5, vec, parseopts, false))
goto fail;
count++;
}
@@ -797,8 +857,10 @@ int mnt_rule::gen_policy_bind_mount(Profile &prof, int &count,
opt_flags & MS_BIND_FLAGS))
goto fail;
vec[3] = flagsbuf;
- if (!prof.policy.rules->add_rule_vec(deny, allow, audit, 4, vec,
- dfaflags, false))
+ if (!prof.policy.rules->add_rule_vec(priority, rule_mode, perms,
+ audit == AUDIT_FORCE ? perms : 0,
+ 4, vec,
+ parseopts, false))
goto fail;
count++;
@@ -838,6 +900,8 @@ int mnt_rule::gen_policy_change_mount_type(Profile &prof, int &count,
"same time for propagation type flags");
goto fail;
} else if (device && !mnt_point) {
+ pwarn(WARN_DEPRECATED, _("The use of source as mount point for "
+ "propagation type flags is deprecated.\n"));
mountpoint = device;
}
if (!convert_entry(mntbuf, mountpoint))
@@ -851,8 +915,10 @@ int mnt_rule::gen_policy_change_mount_type(Profile &prof, int &count,
opt_flags & MS_MAKE_FLAGS))
goto fail;
vec[3] = flagsbuf;
- if (!prof.policy.rules->add_rule_vec(deny, allow, audit, 4, vec,
- dfaflags, false))
+ if (!prof.policy.rules->add_rule_vec(priority, rule_mode, perms,
+ audit == AUDIT_FORCE ? perms : 0,
+ 4, vec,
+ parseopts, false))
goto fail;
count++;
@@ -893,8 +959,10 @@ int mnt_rule::gen_policy_move_mount(Profile &prof, int &count,
opt_flags & MS_MOVE_FLAGS))
goto fail;
vec[3] = flagsbuf;
- if (!prof.policy.rules->add_rule_vec(deny, allow, audit, 4, vec,
- dfaflags, false))
+ if (!prof.policy.rules->add_rule_vec(priority, rule_mode, perms,
+ audit == AUDIT_FORCE ? perms : 0,
+ 4, vec,
+ parseopts, false))
goto fail;
count++;
@@ -914,7 +982,6 @@ int mnt_rule::gen_policy_new_mount(Profile &prof, int &count,
std::string optsbuf;
char class_mount_hdr[64];
const char *vec[5];
- int tmpallow;
sprintf(class_mount_hdr, "\\x%02x", AA_CLASS_MOUNT);
@@ -936,15 +1003,18 @@ int mnt_rule::gen_policy_new_mount(Profile &prof, int &count,
goto fail;
vec[3] = flagsbuf;
- if (opts)
- tmpallow = AA_MATCH_CONT;
- else
- tmpallow = allow;
-
+ perm32_t tmpperms, tmpaudit;
+ if (opts) {
+ tmpperms = AA_MATCH_CONT;
+ tmpaudit = 0;
+ } else {
+ tmpperms = perms;
+ tmpaudit = audit == AUDIT_FORCE ? perms : 0;
+ }
/* rule for match without required data || data MATCH_CONT */
- if (!prof.policy.rules->add_rule_vec(deny, tmpallow,
- audit | AA_AUDIT_MNT_DATA, 4,
- vec, dfaflags, false))
+ if (!prof.policy.rules->add_rule_vec(priority, rule_mode, tmpperms,
+ tmpaudit, 4, vec, parseopts,
+ false))
goto fail;
count++;
@@ -954,9 +1024,9 @@ int mnt_rule::gen_policy_new_mount(Profile &prof, int &count,
if (!build_mnt_opts(optsbuf, opts))
goto fail;
vec[4] = optsbuf.c_str();
- if (!prof.policy.rules->add_rule_vec(deny, allow,
- audit | AA_AUDIT_MNT_DATA,
- 5, vec, dfaflags, false))
+ if (!prof.policy.rules->add_rule_vec(priority, rule_mode, perms,
+ audit == AUDIT_FORCE ? perms : 0,
+ 5, vec, parseopts, false))
goto fail;
count++;
}
@@ -974,7 +1044,7 @@ int mnt_rule::gen_flag_rules(Profile &prof, int &count, unsigned int flags,
* XXX: added !flags to cover cases like:
* mount options in (bind) /d -> /4,
*/
- if ((allow & AA_MAY_MOUNT) && (!flags || flags == MS_ALL_FLAGS)) {
+ if ((perms & AA_MAY_MOUNT) && (!flags || flags == MS_ALL_FLAGS)) {
/* no mount flags specified, generate multiple rules */
if (!device && !dev_type &&
gen_policy_remount(prof, count, flags, opt_flags) == RULE_ERROR)
@@ -990,20 +1060,20 @@ int mnt_rule::gen_flag_rules(Profile &prof, int &count, unsigned int flags,
return RULE_ERROR;
return gen_policy_new_mount(prof, count, flags, opt_flags);
- } else if ((allow & AA_MAY_MOUNT) && (flags & MS_REMOUNT)
+ } else if ((perms & AA_MAY_MOUNT) && (flags & MS_REMOUNT)
&& !device && !dev_type) {
return gen_policy_remount(prof, count, flags, opt_flags);
- } else if ((allow & AA_MAY_MOUNT) && (flags & MS_BIND)
+ } else if ((perms & AA_MAY_MOUNT) && (flags & MS_BIND)
&& !dev_type && !opts) {
return gen_policy_bind_mount(prof, count, flags, opt_flags);
- } else if ((allow & AA_MAY_MOUNT) &&
+ } else if ((perms & AA_MAY_MOUNT) &&
(flags & (MS_MAKE_CMDS))
&& (!device || !mnt_point) && !dev_type && !opts) {
return gen_policy_change_mount_type(prof, count, flags, opt_flags);
- } else if ((allow & AA_MAY_MOUNT) && (flags & MS_MOVE)
+ } else if ((perms & AA_MAY_MOUNT) && (flags & MS_MOVE)
&& !dev_type && !opts) {
return gen_policy_move_mount(prof, count, flags, opt_flags);
- } else if ((allow & AA_MAY_MOUNT) &&
+ } else if ((perms & AA_MAY_MOUNT) &&
((flags | opt_flags) & ~MS_CMDS)) {
/* generic mount if flags are set that are not covered by
* above commands
@@ -1040,18 +1110,19 @@ int mnt_rule::gen_policy_re(Profile &prof)
goto fail;
}
}
- if (allow & AA_MAY_UMOUNT) {
+ if (perms & AA_MAY_UMOUNT) {
/* rule class single byte header */
mntbuf.assign(class_mount_hdr);
if (!convert_entry(mntbuf, mnt_point))
goto fail;
vec[0] = mntbuf.c_str();
- if (!prof.policy.rules->add_rule_vec(deny, allow, audit, 1, vec,
- dfaflags, false))
+ if (!prof.policy.rules->add_rule_vec(priority, rule_mode, perms,
+ (audit == AUDIT_FORCE ? perms : 0), 1, vec,
+ parseopts, false))
goto fail;
count++;
}
- if (allow & AA_MAY_PIVOTROOT) {
+ if (perms & AA_MAY_PIVOTROOT) {
/* rule class single byte header */
mntbuf.assign(class_mount_hdr);
if (!convert_entry(mntbuf, mnt_point))
@@ -1060,8 +1131,9 @@ int mnt_rule::gen_policy_re(Profile &prof)
if (!clear_and_convert_entry(devbuf, device))
goto fail;
vec[1] = devbuf.c_str();
- if (!prof.policy.rules->add_rule_vec(deny, allow, audit, 2, vec,
- dfaflags, false))
+ if (!prof.policy.rules->add_rule_vec(priority, rule_mode, perms,
+ (audit == AUDIT_FORCE ? perms : 0), 2, vec,
+ parseopts, false))
goto fail;
count++;
}
@@ -1077,22 +1149,22 @@ fail:
return RULE_ERROR;
}
-void mnt_rule::post_process(Profile &prof)
+void mnt_rule::post_parse_profile(Profile &prof)
{
if (trans) {
- unsigned int mode = 0;
+ perm32_t perms = 0;
int n = add_entry_to_x_table(&prof, trans);
if (!n) {
PERROR("Profile %s has too many specified profile transitions.\n", prof.name);
exit(1);
}
- if (allow & AA_USER_EXEC)
- mode |= SHIFT_MODE(n << 10, AA_USER_SHIFT);
- if (allow & AA_OTHER_EXEC)
- mode |= SHIFT_MODE(n << 10, AA_OTHER_SHIFT);
- allow = ((allow & ~AA_ALL_EXEC_MODIFIERS) |
- (mode & AA_ALL_EXEC_MODIFIERS));
+ if (perms & AA_USER_EXEC)
+ perms |= SHIFT_PERMS(n << 10, AA_USER_SHIFT);
+ if (perms & AA_OTHER_EXEC)
+ perms |= SHIFT_PERMS(n << 10, AA_OTHER_SHIFT);
+ perms = ((perms & ~AA_ALL_EXEC_MODIFIERS) |
+ (perms & AA_ALL_EXEC_MODIFIERS));
trans = NULL;
}
diff --git a/parser/mount.h b/parser/mount.h
index 40dd65c1385b80b957acd34081efb983d237fb76..92594cb9599b3062e9e34421c3e995be22a947f6 100644
--- a/parser/mount.h
+++ b/parser/mount.h
@@ -21,6 +21,7 @@
#include <ostream>
#include <vector>
+#include <algorithm>
#include "parser.h"
#include "rule.h"
@@ -34,7 +35,7 @@
#define MS_DEV 0
#define MS_NOEXEC (1 << 3)
#define MS_EXEC 0
-#define MS_SYNC (1 << 4)
+#define MS_SYNCHRONOUS (1 << 4)
#define MS_ASYNC 0
#define MS_REMOUNT (1 << 5)
#define MS_MAND (1 << 6)
@@ -77,7 +78,7 @@
#define MS_RSHARED (MS_SHARED | MS_REC)
#define MS_ALL_FLAGS (MS_RDONLY | MS_NOSUID | MS_NODEV | MS_NOEXEC | \
- MS_SYNC | MS_REMOUNT | MS_MAND | MS_DIRSYNC | \
+ MS_SYNCHRONOUS | MS_REMOUNT | MS_MAND | MS_DIRSYNC | \
MS_NOSYMFOLLOW | \
MS_NOATIME | MS_NODIRATIME | MS_BIND | MS_RBIND | \
MS_MOVE | MS_VERBOSE | MS_ACL | \
@@ -107,7 +108,13 @@
#define MS_MOVE_FLAGS (MS_MOVE)
#define MS_CMDS (MS_MOVE | MS_REMOUNT | MS_BIND | MS_RBIND | MS_MAKE_CMDS)
-#define MS_REMOUNT_FLAGS (MS_ALL_FLAGS & ~(MS_CMDS & ~MS_REMOUNT & ~MS_BIND & ~MS_RBIND))
+/*
+ * This allows MS_MAKE_CMDS, by design: while remount and make-* shouldn't be
+ * used together, real-world applications do use them together, and the Linux
+ * kernel ignores the make-* flags when doing a remount instead of returning
+ * EINVAL. See https://bugs.launchpad.net/apparmor/+bug/2091424 for an example.
+ */
+#define MS_REMOUNT_FLAGS (MS_ALL_FLAGS & ~MS_MOVE_FLAGS)
#define MS_NEW_FLAGS (MS_ALL_FLAGS & ~MS_CMDS)
#define MNT_SRC_OPT 1
@@ -125,7 +132,7 @@
* remapped to a mount option*/
-class mnt_rule: public rule_t {
+class mnt_rule: public perms_rule_t {
int gen_policy_remount(Profile &prof, int &count, unsigned int flags,
unsigned int opt_flags);
int gen_policy_bind_mount(Profile &prof, int &count, unsigned int flags,
@@ -148,12 +155,10 @@ public:
std::vector<unsigned int> flagsv, opt_flagsv;
- int allow, audit;
- int deny;
mnt_rule(struct cond_entry *src_conds, char *device_p,
struct cond_entry *dst_conds unused, char *mnt_point_p,
- int allow_p);
+ perm32_t perms_p);
virtual ~mnt_rule()
{
free_value_list(opts);
@@ -163,10 +168,22 @@ public:
free(trans);
}
+ virtual bool valid_prefix(const prefixes &p, const char *&error) {
+ if (p.owner != OWNER_UNSPECIFIED) {
+ error = "owner prefix not allowed on mount rules";
+ return false;
+ }
+ return true;
+ };
virtual ostream &dump(ostream &os);
virtual int expand_variables(void);
virtual int gen_policy_re(Profile &prof);
- virtual void post_process(Profile &prof unused);
+ virtual void post_parse_profile(Profile &prof unused);
+
+ virtual bool is_mergeable(void) { return true; }
+ virtual int cmp(rule_t const &rhs) const;
+
+ // for now use default merge/dedup
protected:
virtual void warn_once(const char *name) override;
diff --git a/parser/mqueue.cc b/parser/mqueue.cc
new file mode 100644
index 0000000000000000000000000000000000000000..7eba630ba33da8133e0dfbfd48e6962dfdbf3dfe
--- /dev/null
+++ b/parser/mqueue.cc
@@ -0,0 +1,299 @@
+/*
+ * Copyright (c) 2022
+ * Canonical, Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Novell, Inc. or Canonical
+ * Ltd.
+ */
+
+#include "parser.h"
+#include "profile.h"
+#include "mqueue.h"
+
+#include <iomanip>
+#include <string>
+#include <iostream>
+#include <sstream>
+
+int parse_mqueue_perms(const char *str_perms, perm32_t *perms, int fail)
+{
+ return parse_X_perms("mqueue", AA_VALID_MQUEUE_PERMS, str_perms, perms, fail);
+}
+
+static bool is_all_digits(char *str)
+{
+ const char *s = str;
+ while (*str && isdigit(*str))
+ str++;
+ return str != s && *str == 0;
+}
+
+void mqueue_rule::validate_qname(void)
+{
+ if (qname[0] == '/') {
+ // TODO full syntax check of name
+ if (qtype == mqueue_sysv)
+ yyerror("mqueue type=sysv invalid name '%s', sysv "
+ "message queues must be identified by a "
+ "positive integer.\n", qname);
+ qtype = mqueue_posix; // implied by name
+ } else if (is_all_digits(qname)) {
+ if (qtype == mqueue_posix)
+ yyerror("mqueue type=posix invalid name '%s', posix "
+ "message queues names must begin with a /\n",
+ qname);
+ qtype = mqueue_sysv; // implied
+ } else {
+ yyerror("mqueue invalid name '%s', message queue names must begin with a / or be a positive integer.\n", qname);
+ }
+}
+
+void mqueue_rule::move_conditionals(struct cond_entry *conds)
+{
+ struct cond_entry *cond_ent;
+
+ list_for_each(conds, cond_ent) {
+ /* for now disallow keyword 'in' (list) */
+ if (!cond_ent->eq)
+ yyerror("keyword \"in\" is not allowed in mqueue rules\n");
+
+ if (strcmp(cond_ent->name, "label") == 0) {
+ move_conditional_value("mqueue", &label, cond_ent);
+ } else if (strcmp(cond_ent->name, "type") == 0) {
+ char *tmp = NULL;
+ move_conditional_value("mqueue", &tmp, cond_ent);
+ if (strcmp(tmp, "posix") == 0)
+ qtype = mqueue_posix;
+ else if (strcmp(tmp, "sysv") == 0)
+ qtype = mqueue_sysv;
+ else
+ yyerror("mqueue invalid type='%s'\n", tmp);
+ free(tmp);
+ } else {
+ yyerror("invalid mqueue rule conditional \"%s\"\n",
+ cond_ent->name);
+ }
+ }
+}
+
+mqueue_rule::mqueue_rule(perm32_t perms_p, struct cond_entry *conds, char *qname_p):
+ // mqueue uses multiple classes, arbitrary choice to represent group
+ // withing the AST
+ perms_rule_t(AA_CLASS_POSIX_MQUEUE),
+ qtype(mqueue_unspecified), qname(qname_p), label(NULL)
+{
+ move_conditionals(conds);
+ free_cond_list(conds);
+
+ if (qname)
+ validate_qname();
+ if (perms_p) {
+ // do we want to allow perms to imply type like we do for
+ // qname?
+ if (qtype == mqueue_posix && (perms_p & ~AA_VALID_POSIX_MQ_PERMS)) {
+ yyerror("perms contains invalid permissions for mqueue type=posix\n");
+ } else if (qtype == mqueue_sysv && (perms_p & ~AA_VALID_SYSV_MQ_PERMS)) {
+ yyerror("perms contains invalid permissions for mqueue type=sysv\n");
+ } else if (perms_p & ~AA_VALID_MQUEUE_PERMS) {
+ yyerror("perms contains invalid permissions for mqueue\n");
+ }
+ perms = perms_p;
+ } else {
+ // default to all perms
+ perms = AA_VALID_MQUEUE_PERMS;
+ }
+ qname = qname_p;
+
+}
+
+ostream &mqueue_rule::dump(ostream &os)
+{
+ class_rule_t::dump(os);
+
+ // do we want to always put type out or leave it implied if there
+ // is a qname
+ if (qtype == mqueue_posix)
+ os << " type=posix";
+ else if (qtype == mqueue_sysv)
+ os << " type=sysv";
+
+ if (perms != AA_VALID_MQUEUE_PERMS) {
+ os << " ( ";
+
+ if (perms & AA_MQUEUE_WRITE)
+ os << "write ";
+ if (perms & AA_MQUEUE_READ)
+ os << "read ";
+ if (perms & AA_MQUEUE_OPEN)
+ os << "open ";
+ if (perms & AA_MQUEUE_CREATE)
+ os << "create ";
+ if (perms & AA_MQUEUE_DELETE)
+ os << "delete ";
+ if (perms & AA_MQUEUE_SETATTR)
+ os << "setattr ";
+ if (perms & AA_MQUEUE_GETATTR)
+ os << "getattr ";
+
+ os << ")";
+ }
+
+ if (qname)
+ os << " " << qname;
+
+ os << ",\n";
+
+ return os;
+}
+
+int mqueue_rule::expand_variables(void)
+{
+ int error = expand_entry_variables(&qname);
+ if (error)
+ return error;
+ error = expand_entry_variables(&label);
+ if (error)
+ return error;
+
+ return 0;
+}
+
+/* TODO: this is not right, need separate warning for each type */
+void mqueue_rule::warn_once(const char *name)
+{
+ if (qtype == mqueue_unspecified)
+ rule_t::warn_once(name, "mqueue rules not enforced");
+ else if (qtype == mqueue_posix)
+ rule_t::warn_once(name, "mqueue type=posix rules not enforced");
+ else if (qtype == mqueue_sysv)
+ rule_t::warn_once(name, "mqueue type=sysv rules not enforced");
+}
+
+int mqueue_rule::gen_policy_re(Profile &prof)
+{
+ std::string labelbuf;
+ std::string buf;
+ const int size = 2;
+ const char *vec[size];
+
+
+ if (qtype == mqueue_posix && !features_supports_posix_mqueue) {
+ warn_once(prof.name);
+ return RULE_NOT_SUPPORTED;
+ } else if (qtype == mqueue_sysv && !features_supports_sysv_mqueue) {
+ warn_once(prof.name);
+ return RULE_NOT_SUPPORTED;
+ } else if (qtype == mqueue_unspecified &&
+ !(features_supports_posix_mqueue ||
+ features_supports_sysv_mqueue)) {
+ warn_once(prof.name);
+ // should split into warning where posix and sysv can
+ // be separated from nothing being enforced
+ return RULE_NOT_SUPPORTED;
+ }
+
+ /* always generate a label and mqueue entry */
+
+ //buffer << "(" << "\\x" << std::setfill('0') << std::setw(2) << std::hex << AA_CLASS_LABEL << "|)"; //is this required?
+
+ // posix and generic
+ if (qtype != mqueue_sysv) {
+ std::ostringstream buffer;
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << AA_CLASS_POSIX_MQUEUE;
+ buf.assign(buffer.str());
+ if (qname) {
+ if (!convert_entry(buf, qname))
+ goto fail;
+ } else {
+ buf += default_match_pattern;
+ }
+ vec[0] = buf.c_str();
+
+ if (label) {
+ if (!convert_entry(labelbuf, label))
+ goto fail;
+ vec[1] = labelbuf.c_str();
+ } else {
+ vec[1] = anyone_match_pattern;
+ }
+
+ if (perms & AA_VALID_POSIX_MQ_PERMS) {
+ /* store perms at name match so label doesn't need
+ * to be checked
+ */
+ if (!label && !prof.policy.rules->add_rule_vec(
+ priority,
+ rule_mode,
+ map_mqueue_perms(perms),
+ audit == AUDIT_FORCE ? map_mqueue_perms(perms) : 0, 1,
+ vec, parseopts, false))
+ goto fail;
+ /* also provide label match with perm */
+ if (!prof.policy.rules->add_rule_vec(priority,
+ rule_mode,
+ map_mqueue_perms(perms),
+ audit == AUDIT_FORCE ? map_mqueue_perms(perms) : 0,
+ size, vec, parseopts, false))
+ goto fail;
+ }
+ }
+ // sysv and generic
+ if (qtype != mqueue_posix) {
+ std::ostringstream buffer;
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << AA_CLASS_SYSV_MQUEUE;
+
+ if (qname) {
+ int key;
+ sscanf(qname, "%d", &key);
+ u32 tmp = htobe32((u32) key);
+ u8 *byte = (u8 *) &tmp;
+ for (int i = 0; i < 4; i++){
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << static_cast<unsigned int>(byte[i]);
+ }
+ } else {
+ buffer << "....";
+ }
+ buf.assign(buffer.str());
+ vec[0] = buf.c_str();
+
+ if (label) {
+ if (!convert_entry(labelbuf, label))
+ goto fail;
+ vec[1] = labelbuf.c_str();
+ } else {
+ vec[1] = anyone_match_pattern;
+ }
+
+ if (perms & AA_VALID_SYSV_MQ_PERMS) {
+ if (!label &&
+ !prof.policy.rules->add_rule_vec(priority,
+ rule_mode,
+ map_mqueue_perms(perms),
+ audit == AUDIT_FORCE ? map_mqueue_perms(perms) : 0, 1,
+ vec, parseopts, false))
+ goto fail;
+ /* also provide label match with perm */
+ if (!prof.policy.rules->add_rule_vec(priority,
+ rule_mode,
+ map_mqueue_perms(perms),
+ audit == AUDIT_FORCE ? map_mqueue_perms(perms) : 0,
+ size, vec, parseopts, false))
+ goto fail;
+ }
+ }
+
+ return RULE_OK;
+
+fail:
+ return RULE_ERROR;
+}
diff --git a/parser/mqueue.h b/parser/mqueue.h
new file mode 100644
index 0000000000000000000000000000000000000000..ebfa5636e0c6ab591c306ef43ef9a16182f2a0ba
--- /dev/null
+++ b/parser/mqueue.h
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 2022
+ * Canonical Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Novell, Inc. or Canonical
+ * Ltd.
+ */
+
+/* sysv and posix mqueue mediation. */
+
+#ifndef __AA_MQUEUE_H
+#define __AA_MQUEUE_H
+
+#include "immunix.h"
+#include "parser.h"
+
+#define AA_MQUEUE_WRITE AA_MAY_WRITE
+#define AA_MQUEUE_READ AA_MAY_READ
+
+#define AA_MQUEUE_CREATE 0x0010 /* create */
+#define AA_MQUEUE_DELETE 0x0020 /* destroy, unlink */
+#define AA_MQUEUE_OPEN 0x0040 /* associate */
+#define AA_MQUEUE_RENAME 0x0080 /* ?? pair */
+
+#define AA_MQUEUE_SETATTR 0x0100 /* setattr */
+#define AA_MQUEUE_GETATTR 0x0200 /* getattr */
+
+#define AA_MQUEUE_CHMOD 0x1000 /* pair */
+#define AA_MQUEUE_CHOWN 0x2000 /* pair */
+#define AA_MQUEUE_CHGRP 0x4000 /* pair */
+#define AA_MQUEUE_LOCK 0x8000 /* LINK_SUBSET overlaid */
+
+/* sysv and posix mqueues use different terminology, allow mapping
+ * between. To be as common as possible.
+ *
+ * sysv and posix mqueues have different levels of mediation possible
+ * in the kernel. Only the most basic mqueue rules can be shared
+ * eg.
+ * mqueue rw,
+ * mqueue rw label=foo,
+ *
+ * kernel doesn't allow for us to control
+ * - posix
+ * - notify
+ * - labels at anything other than mqueue label, via mqueue inode.
+ */
+
+#define AA_VALID_POSIX_MQ_PERMS (AA_MQUEUE_WRITE | AA_MQUEUE_READ | \
+ AA_MQUEUE_CREATE | AA_MQUEUE_DELETE | \
+ AA_MQUEUE_OPEN | \
+ AA_MQUEUE_SETATTR | AA_MQUEUE_GETATTR)
+
+ /* TBD - for now make it wider than posix */
+#define AA_VALID_SYSV_MQ_PERMS (AA_MQUEUE_WRITE | AA_MQUEUE_READ | \
+ AA_MQUEUE_CREATE | AA_MQUEUE_DELETE | \
+ AA_MQUEUE_OPEN | \
+ AA_MQUEUE_SETATTR | AA_MQUEUE_GETATTR)
+
+#define AA_VALID_MQUEUE_PERMS (AA_VALID_POSIX_MQ_PERMS | \
+ AA_VALID_SYSV_MQ_PERMS)
+
+// warning getting into overlap area
+
+/* Type of mqueue - can be explicit or implied by rule id/path */
+typedef enum mqueue_type {
+ mqueue_unspecified,
+ mqueue_posix,
+ mqueue_sysv
+} mqueue_type;
+
+static inline uint32_t map_mqueue_perms(uint32_t mask)
+{
+ return (mask & 0x7f) |
+ ((mask & (AA_MQUEUE_GETATTR | AA_MQUEUE_SETATTR)) << (AA_OTHER_SHIFT - 8));
+}
+
+int parse_mqueue_perms(const char *str_perms, perm32_t *perms, int fail);
+
+class mqueue_rule: public perms_rule_t {
+ void move_conditionals(struct cond_entry *conds);
+public:
+ mqueue_type qtype;
+ char *qname;
+ char *label;
+
+ mqueue_rule(perm32_t perms, struct cond_entry *conds, char *qname = NULL);
+ virtual ~mqueue_rule()
+ {
+ free(qname);
+ free(label);
+ };
+
+ virtual bool valid_prefix(const prefixes &p, const char *&error) {
+ // not yet, but soon
+ if (p.owner) {
+ error = _("owner prefix not allowed on mqueue rules");
+ return false;
+ }
+ return true;
+ };
+ virtual ostream &dump(ostream &os);
+ virtual int expand_variables(void);
+ virtual int gen_policy_re(Profile &prof);
+
+ virtual bool is_mergeable(void) { return true; }
+ virtual int cmp(rule_t const &rhs) const
+ {
+ int res = perms_rule_t::cmp(rhs);
+ if (res)
+ return res;
+ mqueue_rule const &trhs = rule_cast<mqueue_rule const &>(rhs);
+ res = qtype - trhs.qtype;
+ if (res)
+ return res;
+ res = null_strcmp(qname, trhs.qname);
+ if (res)
+ return res;
+ return null_strcmp(label, trhs.label);
+ };
+
+protected:
+ virtual void warn_once(const char *name) override;
+ void validate_qname(void);
+};
+
+#endif /* __AA_MQUEUE_H */
diff --git a/parser/network.c b/parser/network.c
deleted file mode 100644
index 043aa1b9d6a3ed738035e762e205a4782d09857f..0000000000000000000000000000000000000000
--- a/parser/network.c
+++ /dev/null
@@ -1,396 +0,0 @@
-/*
- * Copyright (c) 2014
- * Canonical, Ltd. (All rights reserved)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of version 2 of the GNU General Public
- * License published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, contact Novell, Inc. or Canonical
- * Ltd.
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <sys/apparmor.h>
-
-#include <iomanip>
-#include <string>
-#include <sstream>
-#include <map>
-
-#include "lib.h"
-#include "parser.h"
-#include "profile.h"
-#include "parser_yacc.h"
-#include "network.h"
-
-
-int parse_net_mode(const char *str_mode, int *mode, int fail)
-{
- return parse_X_mode("net", AA_VALID_NET_PERMS, str_mode, mode, fail);
-}
-
-/* Bleah C++ doesn't have non-trivial designated initializers so we just
- * have to make sure these are in order. This means we are more brittle
- * but there isn't much we can do.
- */
-struct sock_type_map {
- const char *name;
- int value;
-};
-
-struct sock_type_map sock_types[] = {
- { "none", 0 },
- { "stream", SOCK_STREAM },
- { "dgram", SOCK_DGRAM },
- { "raw", SOCK_RAW },
- { "rdm", SOCK_RDM },
- { "seqpacket", SOCK_SEQPACKET },
- { "dccp", SOCK_DCCP },
- { "invalid", -1 },
- { "invalid", -1 },
- { "invalid", -1 },
- { "packet", SOCK_PACKET },
- { NULL, -1 },
- /*
- * See comment above
- */
-};
-
-int net_find_type_val(const char *type)
-{
- int i;
- for (i = 0; sock_types[i].name; i++) {
- if (strcmp(sock_types[i].name, type) == 0)
- return sock_types[i].value;
- }
-
- return -1;
-}
-
-const char *net_find_type_name(int type)
-{
- int i;
- for (i = 0; sock_types[i].name; i++) {
- if (sock_types[i].value == type)
- return sock_types[i].name;
- }
-
- return NULL;
-}
-
-
-/* FIXME: currently just treating as a bit mask this will have to change
- * set up a table of mappings, there can be several mappings for a
- * given match.
- * currently the mapping does not set the protocol for stream/dgram to
- * anything other than 0.
- * network inet tcp -> network inet stream 0 instead of
- * network inet raw tcp.
- * some entries are just provided for completeness at this time
- */
-/* values stolen from /etc/protocols - needs to change */
-#define RAW_TCP 6
-#define RAW_UDP 17
-#define RAW_ICMP 1
-#define RAW_ICMPv6 58
-
-/* used by af_name.h to auto generate table entries for "name", AF_NAME
- * pair */
-#define AA_GEN_NET_ENT(name, AF) \
- {name, AF, "stream", SOCK_STREAM, "", 0xffffff}, \
- {name, AF, "dgram", SOCK_DGRAM, "", 0xffffff}, \
- {name, AF, "seqpacket", SOCK_SEQPACKET, "", 0xffffff}, \
- {name, AF, "rdm", SOCK_RDM, "", 0xffffff}, \
- {name, AF, "raw", SOCK_RAW, "", 0xffffff}, \
- {name, AF, "packet", SOCK_PACKET, "", 0xffffff},
-/*FIXME: missing {name, AF, "dccp", SOCK_DCCP, "", 0xfffffff}, */
-
-static struct network_tuple network_mappings[] = {
- /* basic types */
- #include "af_names.h"
-/* FIXME: af_names.h is missing AF_LLC, AF_TIPC */
- /* mapped types */
- {"inet", AF_INET, "raw", SOCK_RAW,
- "tcp", 1 << RAW_TCP},
- {"inet", AF_INET, "raw", SOCK_RAW,
- "udp", 1 << RAW_UDP},
- {"inet", AF_INET, "raw", SOCK_RAW,
- "icmp", 1 << RAW_ICMP},
- {"inet", AF_INET, "tcp", SOCK_STREAM,
- "", 0xffffffff}, /* should we give raw tcp too? */
- {"inet", AF_INET, "udp", SOCK_DGRAM,
- "", 0xffffffff}, /* should these be open masks? */
- {"inet", AF_INET, "icmp", SOCK_RAW,
- "", 1 << RAW_ICMP},
- {"inet6", AF_INET6, "tcp", SOCK_STREAM,
- "", 0xffffffff},
- {"inet6", AF_INET6, "udp", SOCK_DGRAM,
- "", 0xffffffff},
-/* what do we do with icmp on inet6?
- {"inet6", AF_INET, "icmp", SOCK_RAW, 0},
- {"inet6", AF_INET, "icmpv6", SOCK_RAW, 0},
-*/
- /* terminate */
- {NULL, 0, NULL, 0, NULL, 0}
-};
-
-/* The apparmor kernel patches up until 2.6.38 didn't handle networking
- * tables with sizes > AF_MAX correctly. This could happen when the
- * parser was built against newer kernel headers and then used to load
- * policy on an older kernel. This could happen during upgrades or
- * in multi-kernel boot systems.
- *
- * Try to detect the running kernel version and use that to determine
- * AF_MAX
- */
-#define PROC_VERSION "/proc/sys/kernel/osrelease"
-static size_t kernel_af_max(void) {
- char buffer[32];
- int major;
- autoclose int fd = -1;
- int res;
-
- if (!net_af_max_override) {
- return 0;
- }
- /* the override parameter is specifying the max value */
- if (net_af_max_override > 0)
- return net_af_max_override;
-
- fd = open(PROC_VERSION, O_RDONLY);
- if (fd == -1)
- /* fall back to default provided during build */
- return 0;
- res = read(fd, &buffer, sizeof(buffer) - 1);
- if (res <= 0)
- return 0;
- buffer[res] = '\0';
- res = sscanf(buffer, "2.6.%d", &major);
- if (res != 1)
- return 0;
-
- switch(major) {
- case 24:
- case 25:
- case 26:
- return 34;
- case 27:
- return 35;
- case 28:
- case 29:
- case 30:
- return 36;
- case 31:
- case 32:
- case 33:
- case 34:
- case 35:
- return 37;
- case 36:
- case 37:
- return 38;
- /* kernels .38 and later should handle this correctly so no
- * static mapping needed
- */
- default:
- return 0;
- }
-}
-
-/* Yuck. We grab AF_* values to define above from linux/socket.h because
- * they are more accurate than sys/socket.h for what the kernel actually
- * supports. However, we can't just include linux/socket.h directly,
- * because the AF_* definitions are protected with an ifdef KERNEL
- * wrapper, but we don't want to define that because that can cause
- * other redefinitions from glibc. However, because the kernel may have
- * more definitions than glibc, we need make sure AF_MAX reflects this,
- * hence the wrapping function.
- */
-size_t get_af_max() {
- size_t af_max;
- /* HACK: declare that version without "create" had a static AF_MAX */
- if (!perms_create && !net_af_max_override)
- net_af_max_override = -1;
-
-#if AA_AF_MAX > AF_MAX
- af_max = AA_AF_MAX;
-#else
- af_max = AF_MAX;
-#endif
-
- /* HACK: some kernels didn't handle network tables from parsers
- * compiled against newer kernel headers as they are larger than
- * the running kernel expected. If net_override is defined check
- * to see if there is a static max specified for that kernel
- */
- if (net_af_max_override) {
- size_t max = kernel_af_max();
- if (max && max < af_max)
- return max;
- }
-
- return af_max;
-}
-struct aa_network_entry *new_network_ent(unsigned int family,
- unsigned int type,
- unsigned int protocol)
-{
- struct aa_network_entry *new_entry;
- new_entry = (struct aa_network_entry *) calloc(1, sizeof(struct aa_network_entry));
- if (new_entry) {
- new_entry->family = family;
- new_entry->type = type;
- new_entry->protocol = protocol;
- new_entry->next = NULL;
- }
- return new_entry;
-}
-
-
-const struct network_tuple *net_find_mapping(const struct network_tuple *map,
- const char *family,
- const char *type,
- const char *protocol)
-{
- if (!map)
- map = network_mappings;
- else
- /* assumes it points to last entry returned */
- map++;
-
- for (; map->family_name; map++) {
- if (family) {
- PDEBUG("Checking family %s\n", map->family_name);
- if (strcmp(family, map->family_name) != 0)
- continue;
- PDEBUG("Found family %s\n", family);
- }
- if (type) {
- PDEBUG("Checking type %s\n", map->type_name);
- if (strcmp(type, map->type_name) != 0)
- continue;
- PDEBUG("Found type %s\n", type);
- }
- if (protocol) {
- /* allows the proto to be the "type", ie. tcp implies
- * stream */
- if (!type) {
- PDEBUG("Checking protocol type %s\n", map->type_name);
- if (strcmp(protocol, map->type_name) == 0)
- goto match;
- }
- PDEBUG("Checking type %s protocol %s\n", map->type_name, map->protocol_name);
- if (strcmp(protocol, map->protocol_name) != 0)
- continue;
- /* fixme should we allow specifying protocol by #
- * without needing the protocol mapping? */
- }
-
- /* if we get this far we have a match */
- match:
- return map;
- }
-
- return NULL;
-}
-
-struct aa_network_entry *network_entry(const char *family, const char *type,
- const char *protocol)
-{
- struct aa_network_entry *new_entry, *entry = NULL;
- const struct network_tuple *mapping = NULL;
-
- while ((mapping = net_find_mapping(mapping, family, type, protocol))) {
- new_entry = new_network_ent(mapping->family, mapping->type,
- mapping->protocol);
- if (!new_entry)
- yyerror(_("Memory allocation error."));
- new_entry->next = entry;
- entry = new_entry;
- }
-
- return entry;
-};
-
-#define ALL_TYPES 0x43e
-
-const char *net_find_af_name(unsigned int af)
-{
- size_t i;
-
- if (af < 0 || af > get_af_max())
- return NULL;
-
- for (i = 0; i < sizeof(network_mappings) / sizeof(*network_mappings); i++) {
- if (network_mappings[i].family == af)
- return network_mappings[i].family_name;
- }
-
- return NULL;
-}
-
-void __debug_network(unsigned int *array, const char *name)
-{
- unsigned int count = sizeof(sock_types)/sizeof(sock_types[0]);
- unsigned int mask = ~((1 << count) -1);
- unsigned int i, j;
- int none = 1;
- size_t af_max = get_af_max();
-
- for (i = AF_UNSPEC; i < af_max; i++)
- if (array[i]) {
- none = 0;
- break;
- }
-
- if (none)
- return;
-
- printf("%s: ", name);
-
- /* This can only be set by an unqualified network rule */
- if (array[AF_UNSPEC]) {
- printf("<all>\n");
- return;
- }
-
- for (i = 0; i < af_max; i++) {
- if (array[i]) {
- const char *fam = net_find_af_name(i);
- if (fam)
- printf("%s ", fam);
- else
- printf("#%u ", i);
-
- /* All types/protocols */
- if (array[i] == 0xffffffff || array[i] == ALL_TYPES)
- continue;
-
- printf("{ ");
-
- for (j = 0; j < count; j++) {
- const char *type;
- if (array[i] & (1 << j)) {
- type = sock_types[j].name;
- if (type)
- printf("%s ", type);
- else
- printf("#%u ", j);
- }
- }
- if (array[i] & mask)
- printf("#%x ", array[i] & mask);
-
- printf("} ");
- }
- }
- printf("\n");
-}
diff --git a/parser/network.cc b/parser/network.cc
new file mode 100644
index 0000000000000000000000000000000000000000..b53e24d1ab6ed9607864b27afa427fdf85963ba7
--- /dev/null
+++ b/parser/network.cc
@@ -0,0 +1,1018 @@
+/*
+ * Copyright (c) 2014
+ * Canonical, Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Novell, Inc. or Canonical
+ * Ltd.
+ */
+
+#include <iomanip>
+#include <string>
+#include <sstream>
+#include <map>
+#include <arpa/inet.h>
+
+#include "lib.h"
+#include "parser.h"
+#include "profile.h"
+#include "network.h"
+
+#define ALL_TYPES 0x43e
+
+int parse_net_perms(const char *str_mode, perm32_t *mode, int fail)
+{
+ return parse_X_perms("net", AA_VALID_NET_PERMS, str_mode, mode, fail);
+}
+
+/* Bleah C++ doesn't have non-trivial designated initializers so we just
+ * have to make sure these are in order. This means we are more brittle
+ * but there isn't much we can do.
+ */
+struct sock_type_map {
+ const char *name;
+ int value;
+};
+
+struct sock_type_map sock_types[] = {
+ { "none", 0 },
+ { "stream", SOCK_STREAM },
+ { "dgram", SOCK_DGRAM },
+ { "raw", SOCK_RAW },
+ { "rdm", SOCK_RDM },
+ { "seqpacket", SOCK_SEQPACKET },
+ { "dccp", SOCK_DCCP },
+ { "invalid", -1 },
+ { "invalid", -1 },
+ { "invalid", -1 },
+ { "packet", SOCK_PACKET },
+ { NULL, -1 },
+ /*
+ * See comment above
+ */
+};
+
+int net_find_type_val(const char *type)
+{
+ int i;
+ for (i = 0; sock_types[i].name; i++) {
+ if (strcmp(sock_types[i].name, type) == 0)
+ return sock_types[i].value;
+ }
+
+ return -1;
+}
+
+const char *net_find_type_name(int type)
+{
+ int i;
+ for (i = 0; sock_types[i].name; i++) {
+ if (sock_types[i].value == type)
+ return sock_types[i].name;
+ }
+
+ return NULL;
+}
+
+
+/* FIXME: currently just treating as a bit mask this will have to change
+ * set up a table of mappings, there can be several mappings for a
+ * given match.
+ * currently the mapping does not set the protocol for stream/dgram to
+ * anything other than 0.
+ * network inet tcp -> network inet stream 0 instead of
+ * network inet raw tcp.
+ * some entries are just provided for completeness at this time
+ */
+/* values stolen from /etc/protocols - needs to change */
+#define RAW_TCP 6
+#define RAW_UDP 17
+#define RAW_ICMP 1
+#define RAW_ICMPv6 58
+
+/* used by af_name.h to auto generate table entries for "name", AF_NAME
+ * pair */
+#define AA_GEN_NET_ENT(name, AF) \
+ {name, AF, "stream", SOCK_STREAM, "", 0xffffff}, \
+ {name, AF, "dgram", SOCK_DGRAM, "", 0xffffff}, \
+ {name, AF, "seqpacket", SOCK_SEQPACKET, "", 0xffffff}, \
+ {name, AF, "rdm", SOCK_RDM, "", 0xffffff}, \
+ {name, AF, "raw", SOCK_RAW, "", 0xffffff}, \
+ {name, AF, "packet", SOCK_PACKET, "", 0xffffff},
+/*FIXME: missing {name, AF, "dccp", SOCK_DCCP, "", 0xfffffff}, */
+
+static struct network_tuple network_mappings[] = {
+ /* basic types */
+ #include "af_names.h"
+/* FIXME: af_names.h is missing AF_LLC, AF_TIPC */
+ /* mapped types */
+ {"inet", AF_INET, "raw", SOCK_RAW,
+ "tcp", 1 << RAW_TCP},
+ {"inet", AF_INET, "raw", SOCK_RAW,
+ "udp", 1 << RAW_UDP},
+ {"inet", AF_INET, "raw", SOCK_RAW,
+ "icmp", 1 << RAW_ICMP},
+ {"inet", AF_INET, "tcp", SOCK_STREAM,
+ "", 0xffffffff}, /* should we give raw tcp too? */
+ {"inet", AF_INET, "udp", SOCK_DGRAM,
+ "", 0xffffffff}, /* should these be open masks? */
+ {"inet", AF_INET, "icmp", SOCK_RAW,
+ "", 1 << RAW_ICMP},
+ {"inet6", AF_INET6, "tcp", SOCK_STREAM,
+ "", 0xffffffff},
+ {"inet6", AF_INET6, "udp", SOCK_DGRAM,
+ "", 0xffffffff},
+/* what do we do with icmp on inet6?
+ {"inet6", AF_INET, "icmp", SOCK_RAW, 0},
+ {"inet6", AF_INET, "icmpv6", SOCK_RAW, 0},
+*/
+ /* terminate */
+ {NULL, 0, NULL, 0, NULL, 0}
+};
+
+/* The apparmor kernel patches up until 2.6.38 didn't handle networking
+ * tables with sizes > AF_MAX correctly. This could happen when the
+ * parser was built against newer kernel headers and then used to load
+ * policy on an older kernel. This could happen during upgrades or
+ * in multi-kernel boot systems.
+ *
+ * Try to detect the running kernel version and use that to determine
+ * AF_MAX
+ */
+#define PROC_VERSION "/proc/sys/kernel/osrelease"
+static size_t kernel_af_max(void) {
+ char buffer[32];
+ int major;
+ autoclose int fd = -1;
+ int res;
+
+ if (!net_af_max_override) {
+ return 0;
+ }
+ /* the override parameter is specifying the max value */
+ if (net_af_max_override > 0)
+ return net_af_max_override;
+
+ fd = open(PROC_VERSION, O_RDONLY);
+ if (fd == -1)
+ /* fall back to default provided during build */
+ return 0;
+ res = read(fd, &buffer, sizeof(buffer) - 1);
+ if (res <= 0)
+ return 0;
+ buffer[res] = '\0';
+ res = sscanf(buffer, "2.6.%d", &major);
+ if (res != 1)
+ return 0;
+
+ switch(major) {
+ case 24:
+ case 25:
+ case 26:
+ return 34;
+ case 27:
+ return 35;
+ case 28:
+ case 29:
+ case 30:
+ return 36;
+ case 31:
+ case 32:
+ case 33:
+ case 34:
+ case 35:
+ return 37;
+ case 36:
+ case 37:
+ return 38;
+ /* kernels .38 and later should handle this correctly so no
+ * static mapping needed
+ */
+ default:
+ return 0;
+ }
+}
+
+/* Yuck. We grab AF_* values to define above from linux/socket.h because
+ * they are more accurate than sys/socket.h for what the kernel actually
+ * supports. However, we can't just include linux/socket.h directly,
+ * because the AF_* definitions are protected with an ifdef KERNEL
+ * wrapper, but we don't want to define that because that can cause
+ * other redefinitions from glibc. However, because the kernel may have
+ * more definitions than glibc, we need make sure AF_MAX reflects this,
+ * hence the wrapping function.
+ */
+size_t get_af_max() {
+ size_t af_max;
+ /* HACK: declare that version without "create" had a static AF_MAX */
+ if (!perms_create && !net_af_max_override)
+ net_af_max_override = -1;
+
+#if AA_AF_MAX > AF_MAX
+ af_max = AA_AF_MAX;
+#else
+ af_max = AF_MAX;
+#endif
+
+ /* HACK: some kernels didn't handle network tables from parsers
+ * compiled against newer kernel headers as they are larger than
+ * the running kernel expected. If net_override is defined check
+ * to see if there is a static max specified for that kernel
+ */
+ if (net_af_max_override) {
+ size_t max = kernel_af_max();
+ if (max && max < af_max)
+ return max;
+ }
+
+ return af_max;
+}
+
+const char *net_find_af_name(unsigned int af)
+{
+ size_t i;
+
+ if (af < 0 || af > get_af_max())
+ return NULL;
+
+ for (i = 0; i < sizeof(network_mappings) / sizeof(*network_mappings); i++) {
+ if (network_mappings[i].family == af)
+ return network_mappings[i].family_name;
+ }
+
+ return NULL;
+}
+
+const char *net_find_protocol_name(unsigned int protocol)
+{
+ size_t i;
+
+ for (i = 0; i < sizeof(network_mappings) / sizeof(*network_mappings); i++) {
+ if (network_mappings[i].protocol == protocol) {
+ return network_mappings[i].protocol_name;
+ }
+ }
+
+ return NULL;
+}
+
+const struct network_tuple *net_find_mapping(const struct network_tuple *map,
+ const char *family,
+ const char *type,
+ const char *protocol)
+{
+ if (!map)
+ map = network_mappings;
+ else
+ /* assumes it points to last entry returned */
+ map++;
+
+ for (; map->family_name; map++) {
+ if (family) {
+ PDEBUG("Checking family %s\n", map->family_name);
+ if (strcmp(family, map->family_name) != 0)
+ continue;
+ PDEBUG("Found family %s\n", family);
+ }
+ if (type) {
+ PDEBUG("Checking type %s\n", map->type_name);
+ if (strcmp(type, map->type_name) != 0)
+ continue;
+ PDEBUG("Found type %s\n", type);
+ }
+ if (protocol) {
+ /* allows the proto to be the "type", ie. tcp implies
+ * stream */
+ if (!type) {
+ PDEBUG("Checking protocol type %s\n", map->type_name);
+ if (strcmp(protocol, map->type_name) == 0)
+ goto match;
+ }
+ PDEBUG("Checking type %s protocol %s\n", map->type_name, map->protocol_name);
+ if (strcmp(protocol, map->protocol_name) != 0)
+ continue;
+ /* fixme should we allow specifying protocol by #
+ * without needing the protocol mapping? */
+ }
+
+ /* if we get this far we have a match */
+ match:
+ return map;
+ }
+
+ return NULL;
+}
+
+bool parse_ipv4_address(const char *input, struct ip_address *result)
+{
+ struct in_addr addr;
+ if (inet_pton(AF_INET, input, &addr) == 1) {
+ result->family = AF_INET;
+ result->address.address_v4 = addr.s_addr;
+ return true;
+ }
+ return false;
+}
+
+bool parse_ipv6_address(const char *input, struct ip_address *result)
+{
+ struct in6_addr addr;
+ if (inet_pton(AF_INET6, input, &addr) == 1) {
+ result->family = AF_INET6;
+ memcpy(result->address.address_v6, addr.s6_addr, 16);
+ return true;
+ }
+ return false;
+}
+
+bool parse_ip(const char *ip, struct ip_address *result)
+{
+ return parse_ipv6_address(ip, result) ||
+ parse_ipv4_address(ip, result);
+}
+
+bool parse_port_number(const char *port_entry, uint16_t *port) {
+ char *eptr;
+ unsigned long port_tmp = strtoul(port_entry, &eptr, 10);
+
+ if (port_entry != eptr && *eptr == '\0' &&
+ port_tmp <= UINT16_MAX) {
+ *port = port_tmp;
+ return true;
+ }
+ return false;
+}
+
+bool parse_range(const char *range, uint16_t *from, uint16_t *to)
+{
+ char *range_tmp = strdup(range);
+ char *dash = strchr(range_tmp, '-');
+ bool ret = false;
+ if (dash == NULL)
+ goto out;
+ *dash = '\0';
+
+ if (parse_port_number(range_tmp, from)) {
+ if (parse_port_number(dash + 1, to)) {
+ if (*from > *to) {
+ goto out;
+ }
+ ret = true;
+ goto out;
+ }
+ }
+
+out:
+ free(range_tmp);
+ return ret;
+}
+
+bool network_rule::parse_port(ip_conds &entry)
+{
+ entry.is_port = true;
+ if (parse_range(entry.sport, &entry.from_port, &entry.to_port))
+ return true;
+ if (parse_port_number(entry.sport, &entry.from_port)) {
+ /* if range is not used, from and to have the same value */
+ entry.to_port = entry.from_port;
+ return true;
+ }
+ return false;
+}
+
+bool network_rule::parse_address(ip_conds &entry)
+{
+ if (strcmp(entry.sip, "none") == 0) {
+ entry.is_none = true;
+ return true;
+ }
+ entry.is_ip = true;
+ return parse_ip(entry.sip, &entry.ip);
+}
+
+void network_rule::move_conditionals(struct cond_entry *conds, ip_conds &ip_cond)
+{
+ struct cond_entry *cond_ent;
+
+ list_for_each(conds, cond_ent) {
+ /* for now disallow keyword 'in' (list) */
+ if (!cond_ent->eq)
+ yyerror("keyword \"in\" is not allowed in network rules\n");
+ if (strcmp(cond_ent->name, "ip") == 0) {
+ move_conditional_value("network", &ip_cond.sip, cond_ent);
+ if (!parse_address(ip_cond))
+ yyerror("network invalid ip='%s'\n", ip_cond.sip);
+ } else if (strcmp(cond_ent->name, "port") == 0) {
+ move_conditional_value("network", &ip_cond.sport, cond_ent);
+ if (!parse_port(ip_cond))
+ yyerror("network invalid port='%s'\n", ip_cond.sport);
+ } else {
+ yyerror("invalid network rule conditional \"%s\"\n",
+ cond_ent->name);
+ }
+ }
+}
+
+void network_rule::set_netperm(unsigned int family, unsigned int type, unsigned int protocol)
+{
+ if (type > SOCK_PACKET) {
+ /* setting mask instead of a bit */
+ network_perms[family].first |= type;
+ } else
+ network_perms[family].first |= 1 << type;
+ network_perms[family].second |= protocol;
+}
+
+network_rule::network_rule(perm32_t perms_p, struct cond_entry *conds,
+ struct cond_entry *peer_conds):
+ dedup_perms_rule_t(AA_CLASS_NETV8), label(NULL)
+{
+ size_t family_index, i;
+
+ move_conditionals(conds, local);
+ move_conditionals(peer_conds, peer);
+ free_cond_list(conds);
+ free_cond_list(peer_conds);
+
+ if (has_local_conds() || has_peer_conds()) {
+ const char *family[] = { "inet", "inet6" };
+ for (i = 0; i < sizeof(family)/sizeof(family[0]); i++) {
+ const struct network_tuple *mapping = NULL;
+ while ((mapping = net_find_mapping(mapping, family[i], NULL, NULL))) {
+ network_map[mapping->family].push_back({ mapping->family, mapping->type, mapping->protocol });
+ set_netperm(mapping->family, mapping->type, mapping->protocol);
+ }
+ }
+ } else {
+ for (family_index = AF_UNSPEC; family_index < get_af_max(); family_index++) {
+ network_map[family_index].push_back({ family_index, 0xFFFFFFFF, 0xFFFFFFFF });
+ set_netperm(family_index, 0xFFFFFFFF, 0xFFFFFFFF);
+ }
+ }
+
+
+
+ if (perms_p) {
+ perms = perms_p;
+ if (perms & ~AA_VALID_NET_PERMS)
+ yyerror("perms contains invalid permissions for network rules\n");
+ else if ((perms & ~AA_PEER_NET_PERMS) && has_peer_conds())
+ yyerror("network 'create', 'shutdown', 'setattr', 'getattr', 'bind', 'listen', 'setopt', and/or 'getopt' accesses cannot be used with peer socket conditionals\n");
+ } else {
+ perms = AA_VALID_NET_PERMS;
+ }
+}
+
+network_rule::network_rule(perm32_t perms_p, const char *family, const char *type,
+ const char *protocol, struct cond_entry *conds,
+ struct cond_entry *peer_conds):
+ dedup_perms_rule_t(AA_CLASS_NETV8), label(NULL)
+{
+ const struct network_tuple *mapping = NULL;
+
+ move_conditionals(conds, local);
+ move_conditionals(peer_conds, peer);
+ free_cond_list(conds);
+ free_cond_list(peer_conds);
+
+ while ((mapping = net_find_mapping(mapping, family, type, protocol))) {
+ /* if inet conds and family are specified, fail if
+ * family is not af_inet or af_inet6
+ */
+ if ((has_local_conds() || has_peer_conds()) &&
+ mapping->family != AF_INET && mapping->family != AF_INET6) {
+ yyerror("network family does not support local or peer conditionals\n");
+ }
+ network_map[mapping->family].push_back({ mapping->family, mapping->type, mapping->protocol });
+ set_netperm(mapping->family, mapping->type, mapping->protocol);
+ }
+
+ if (type == NULL && network_map.empty()) {
+ while ((mapping = net_find_mapping(mapping, type, family, protocol))) {
+ /* if inet conds and type/protocol are
+ * specified, only add rules for af_inet and
+ * af_inet6
+ */
+ if ((has_local_conds() || has_peer_conds()) &&
+ mapping->family != AF_INET && mapping->family != AF_INET6)
+ continue;
+
+ network_map[mapping->family].push_back({ mapping->family, mapping->type, mapping->protocol });
+ set_netperm(mapping->family, mapping->type, mapping->protocol);
+ }
+ }
+
+ if (network_map.empty())
+ yyerror(_("Invalid network entry."));
+
+ if (perms_p) {
+ perms = perms_p;
+ if (perms & ~AA_VALID_NET_PERMS)
+ yyerror("perms contains invalid permissions for network rules\n");
+ else if ((perms & ~AA_PEER_NET_PERMS) && has_peer_conds())
+ yyerror("network 'create', 'shutdown', 'setattr', 'getattr', 'bind', 'listen', 'setopt', and/or 'getopt' accesses cannot be used with peer socket conditionals\n");
+ } else {
+ perms = AA_VALID_NET_PERMS;
+ }
+}
+
+network_rule::network_rule(perm32_t perms_p, unsigned int family, unsigned int type):
+ dedup_perms_rule_t(AA_CLASS_NETV8), label(NULL)
+{
+ network_map[family].push_back({ family, type, 0xFFFFFFFF });
+ set_netperm(family, type, 0xFFFFFFFF);
+
+ if (perms_p) {
+ perms = perms_p;
+ if (perms & ~AA_VALID_NET_PERMS)
+ yyerror("perms contains invalid permissions for network rules\n");
+ else if ((perms & ~AA_PEER_NET_PERMS) && has_peer_conds())
+ yyerror("network 'create', 'shutdown', 'setattr', 'getattr', 'bind', 'listen', 'setopt', and/or 'getopt' accesses cannot be used with peer socket conditionals\n");
+ } else {
+ perms = AA_VALID_NET_PERMS;
+ }
+}
+
+ostream &network_rule::dump(ostream &os)
+{
+ class_rule_t::dump(os);
+
+ unsigned int count = sizeof(sock_types)/sizeof(sock_types[0]);
+ unsigned int mask = ~((1 << count) -1);
+ unsigned int j;
+
+ /* This can only be set by an unqualified network rule */
+ if (network_map.find(AF_UNSPEC) != network_map.end()) {
+ os << ",\n";
+ return os;
+ }
+
+ for (const auto& perm : network_perms) {
+ unsigned int family = perm.first;
+ unsigned int type = perm.second.first;
+ unsigned int protocol = perm.second.second;
+
+ const char *family_name = net_find_af_name(family);
+ if (family_name)
+ os << " " << family_name;
+ else
+ os << " #" << family;
+
+ /* All types/protocols */
+ if (type == 0xffffffff || type == ALL_TYPES)
+ continue;
+
+ printf(" {");
+
+ for (j = 0; j < count; j++) {
+ const char *type_name;
+ if (type & (1 << j)) {
+ type_name = sock_types[j].name;
+ if (type_name)
+ os << " " << type_name;
+ else
+ os << " #" << j;
+ }
+ }
+ if (type & mask)
+ os << " #" << std::hex << (type & mask);
+
+ printf(" }");
+
+ const char *protocol_name = net_find_protocol_name(protocol);
+ if (protocol_name)
+ os << " " << protocol_name;
+ else
+ os << " #" << protocol;
+ }
+
+ os << ",\n";
+
+ return os;
+}
+
+
+int network_rule::expand_variables(void)
+{
+ return 0;
+}
+
+void network_rule::warn_once(const char *name)
+{
+ rule_t::warn_once(name, "network rules not enforced");
+}
+
+std::string gen_ip_cond(const struct ip_address ip)
+{
+ std::ostringstream oss;
+ int i;
+ if (ip.family == AF_INET) {
+ /* add a byte containing the size of the following ip */
+ oss << "\\x" << std::setfill('0') << std::setw(2) << std::hex << IPV4_SIZE;
+
+ u8 *byte = (u8 *) &ip.address.address_v4; /* in network byte order */
+ for (i = 0; i < 4; i++)
+ oss << "\\x" << std::setfill('0') << std::setw(2) << std::hex << static_cast<unsigned int>(byte[i]);
+ } else {
+ /* add a byte containing the size of the following ip */
+ oss << "\\x" << std::setfill('0') << std::setw(2) << std::hex << IPV6_SIZE;
+ for (i = 0; i < 16; ++i)
+ oss << "\\x" << std::setfill('0') << std::setw(2) << std::hex << static_cast<unsigned int>(ip.address.address_v6[i]);
+ }
+ return oss.str();
+}
+
+std::string gen_port_cond(uint16_t port)
+{
+ std::ostringstream oss;
+ if (port > 0) {
+ oss << "\\x" << std::setfill('0') << std::setw(2) << std::hex << ((port & 0xff00) >> 8);
+ oss << "\\x" << std::setfill('0') << std::setw(2) << std::hex << (port & 0xff);
+ } else {
+ oss << "..";
+ }
+ return oss.str();
+}
+
+std::list<std::ostringstream> gen_all_ip_options(std::ostringstream &oss) {
+
+ std::list<std::ostringstream> all_streams;
+ std::ostringstream none, ipv4, ipv6;
+ int i;
+ none << oss.str();
+ ipv4 << oss.str();
+ ipv6 << oss.str();
+
+ none << "\\x" << std::setfill('0') << std::setw(2) << std::hex << NONE_SIZE;
+
+ /* add a byte containing the size of the following ip */
+ ipv4 << "\\x" << std::setfill('0') << std::setw(2) << std::hex << IPV4_SIZE;
+ for (i = 0; i < 4; i++)
+ ipv4 << ".";
+
+ /* add a byte containing the size of the following ip */
+ ipv6 << "\\x" << std::setfill('0') << std::setw(2) << std::hex << IPV6_SIZE;
+ for (i = 0; i < 16; ++i)
+ ipv6 << ".";
+
+ all_streams.push_back(std::move(none));
+ all_streams.push_back(std::move(ipv4));
+ all_streams.push_back(std::move(ipv6));
+
+ return all_streams;
+}
+
+std::list<std::ostringstream> copy_streams_list(std::list<std::ostringstream> &streams)
+{
+ std::list<std::ostringstream> streams_copy;
+ for (auto &oss : streams) {
+ std::ostringstream oss_copy(oss.str());
+ streams_copy.push_back(std::move(oss_copy));
+ }
+ return streams_copy;
+}
+
+bool network_rule::gen_ip_conds(Profile &prof, std::list<std::ostringstream> &streams, ip_conds &entry, bool is_peer, uint16_t port, bool is_port, bool is_cmd)
+{
+ std::string buf;
+ perm32_t cond_perms;
+ std::list<std::ostringstream> ip_streams;
+
+ for (auto &oss : streams) {
+ if (is_port && !(entry.is_ip && entry.is_none)) {
+ /* encode port type (privileged - 1, remote - 2, unprivileged - 0) */
+ if (!is_peer && perms & AA_NET_BIND && port < IPPORT_RESERVED)
+ oss << "\\x01";
+ else if (is_peer)
+ oss << "\\x02";
+ else
+ oss << "\\x00";
+
+ oss << gen_port_cond(port);
+ } else {
+ /* port type + port number */
+ oss << "...";
+ }
+ }
+
+ ip_streams = std::move(streams);
+ streams.clear();
+
+ for (auto &oss : ip_streams) {
+ if (entry.is_ip) {
+ oss << gen_ip_cond(entry.ip);
+ streams.push_back(std::move(oss));
+ } else if (entry.is_none) {
+ oss << "\\x" << std::setfill('0') << std::setw(2) << std::hex << NONE_SIZE;
+ streams.push_back(std::move(oss));
+ } else {
+ streams.splice(streams.end(), gen_all_ip_options(oss));
+ }
+ }
+
+ cond_perms = map_perms(perms);
+ if (!is_cmd && (label || is_peer))
+ cond_perms = AA_COMPAT_CONT_MATCH;
+
+ for (auto &oss : streams) {
+ oss << "\\x00"; /* null transition */
+
+ buf = oss.str();
+ /* AA_CONT_MATCH mapping (cond_perms) only applies to perms, not audit */
+ if (!prof.policy.rules->add_rule(buf.c_str(), priority,
+ rule_mode, cond_perms,
+ dedup_perms_rule_t::audit == AUDIT_FORCE ? map_perms(perms) : 0,
+ parseopts))
+ return false;
+
+ if (label || is_peer) {
+ if (!is_peer)
+ cond_perms = map_perms(perms);
+
+ oss << default_match_pattern; /* label - not used for now */
+ oss << "\\x00"; /* null transition */
+
+ buf = oss.str();
+ if (!prof.policy.rules->add_rule(buf.c_str(), priority,
+ rule_mode, cond_perms,
+ dedup_perms_rule_t::audit == AUDIT_FORCE ? map_perms(perms) : 0,
+ parseopts))
+ return false;
+ }
+ }
+ return true;
+}
+
+bool network_rule::gen_net_rule(Profile &prof, u16 family, unsigned int type_mask, unsigned int protocol) {
+ std::ostringstream buffer;
+ std::string buf;
+
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << AA_CLASS_NETV8;
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << ((family & 0xff00) >> 8);
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << (family & 0xff);
+ if (type_mask > 0xffff) {
+ buffer << "..";
+ } else {
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << ((type_mask & 0xff00) >> 8);
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << (type_mask & 0xff);
+ }
+
+ if (!features_supports_inet || (family != AF_INET && family != AF_INET6)) {
+ buf = buffer.str();
+ if (!prof.policy.rules->add_rule(buf.c_str(), priority,
+ rule_mode, map_perms(perms),
+ dedup_perms_rule_t::audit == AUDIT_FORCE ? map_perms(perms) : 0,
+ parseopts))
+ return false;
+ return true;
+ }
+
+ buf = buffer.str();
+ /* create perms need to be generated excluding the rest of the perms */
+ if (perms & AA_NET_CREATE) {
+ if (!prof.policy.rules->add_rule(buf.c_str(), priority,
+ rule_mode, map_perms(perms & AA_NET_CREATE) | (AA_CONT_MATCH << 1),
+ dedup_perms_rule_t::audit == AUDIT_FORCE ? map_perms(perms & AA_NET_CREATE) : 0,
+ parseopts))
+ return false;
+ }
+
+ /* encode protocol */
+ if (protocol > 0xffff) {
+ buffer << "..";
+ } else {
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << ((protocol & 0xff00) >> 8);
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << (protocol & 0xff);
+ }
+
+ if (perms & AA_PEER_NET_PERMS) {
+ for (int peer_port = peer.from_port; peer_port <= peer.to_port; peer_port++) {
+ std::list<std::ostringstream> streams;
+ std::ostringstream cmd_buffer;
+
+ cmd_buffer << buffer.str();
+ streams.push_back(std::move(cmd_buffer));
+
+ if (!gen_ip_conds(prof, streams, peer, true, peer_port, peer.is_port, false))
+ return false;
+
+ for (auto &oss : streams) {
+ oss << "\\x" << std::setfill('0') << std::setw(2) << std::hex << CMD_ADDR;
+ }
+
+ for (int local_port = local.from_port; local_port <= local.to_port; local_port++) {
+ std::list<std::ostringstream> localstreams;
+
+ for (auto &oss : streams) {
+ /* we need to copy streams because each local_port should be an unique entry */
+ std::ostringstream local_buffer;
+ local_buffer << oss.str();
+ localstreams.push_back(std::move(local_buffer));
+ }
+
+ if (!gen_ip_conds(prof, localstreams, local, false, local_port, local.is_port, true))
+ return false;
+ }
+ }
+ }
+
+
+ for (int local_port = local.from_port; local_port <= local.to_port; local_port++) {
+ std::list<std::ostringstream> streams;
+ std::ostringstream common_buffer;
+
+ common_buffer << buffer.str();
+ streams.push_back(std::move(common_buffer));
+ if (!gen_ip_conds(prof, streams, local, false, local_port, local.is_port, false))
+ return false;
+
+ if (perms & AA_NET_LISTEN) {
+ std::list<std::ostringstream> cmd_streams;
+ cmd_streams = copy_streams_list(streams);
+
+ for (auto &cmd_buffer : streams) {
+ std::ostringstream listen_buffer;
+ listen_buffer << cmd_buffer.str();
+ listen_buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << CMD_LISTEN;
+ /* length of queue allowed - not used for now */
+ listen_buffer << "..";
+ buf = listen_buffer.str();
+ if (!prof.policy.rules->add_rule(buf.c_str(), priority,
+ rule_mode, map_perms(perms),
+ dedup_perms_rule_t::audit == AUDIT_FORCE ? map_perms(perms) : 0,
+ parseopts))
+ return false;
+ }
+ }
+ if (perms & AA_NET_OPT) {
+ std::list<std::ostringstream> cmd_streams;
+ cmd_streams = copy_streams_list(streams);
+
+ for (auto &cmd_buffer : streams) {
+ std::ostringstream opt_buffer;
+ opt_buffer << cmd_buffer.str();
+ opt_buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << CMD_OPT;
+ /* level - not used for now */
+ opt_buffer << "..";
+ /* socket mapping - not used for now */
+ opt_buffer << "..";
+ buf = opt_buffer.str();
+ if (!prof.policy.rules->add_rule(buf.c_str(), priority,
+ rule_mode, map_perms(perms),
+ dedup_perms_rule_t::audit == AUDIT_FORCE ? map_perms(perms) : 0,
+ parseopts))
+ return false;
+ }
+ }
+ }
+
+ return true;
+}
+
+int network_rule::gen_policy_re(Profile &prof)
+{
+ std::ostringstream buffer;
+ std::string buf;
+
+ if (!features_supports_networkv8) {
+ warn_once(prof.name);
+ return RULE_NOT_SUPPORTED;
+ }
+
+ for (const auto& perm : network_perms) {
+ unsigned int family = perm.first;
+ unsigned int type = perm.second.first;
+ unsigned int protocol = perm.second.second;
+
+ if (type > 0xffff) {
+ if (!gen_net_rule(prof, family, type, protocol))
+ goto fail;
+ } else {
+ int t;
+ /* generate rules for types that are set */
+ for (t = 0; t < 16; t++) {
+ if (type & (1 << t)) {
+ if (!gen_net_rule(prof, family, t, protocol))
+ goto fail;
+ }
+ }
+ }
+
+ }
+ return RULE_OK;
+
+fail:
+ return RULE_ERROR;
+
+}
+
+/* initialize static members */
+unsigned int *network_rule::allow = NULL;
+unsigned int *network_rule::audit = NULL;
+unsigned int *network_rule::deny = NULL;
+unsigned int *network_rule::quiet = NULL;
+
+bool network_rule::alloc_net_table()
+{
+ if (allow)
+ return true;
+ allow = (unsigned int *) calloc(get_af_max(), sizeof(unsigned int));
+ audit = (unsigned int *) calloc(get_af_max(), sizeof(unsigned int));
+ deny = (unsigned int *) calloc(get_af_max(), sizeof(unsigned int));
+ quiet = (unsigned int *) calloc(get_af_max(), sizeof(unsigned int));
+ if (!allow || !audit || !deny || !quiet)
+ return false;
+
+ return true;
+}
+
+/* update is required because at the point of the creation of the
+ * network_rule object, we don't have owner, rule_mode, or audit
+ * set.
+ */
+void network_rule::update_compat_net(void)
+{
+ if (!alloc_net_table())
+ yyerror(_("Memory allocation error."));
+
+ for (auto& nm: network_map) {
+ for (auto& entry : nm.second) {
+ if (entry.type > SOCK_PACKET) {
+ /* setting mask instead of a bit */
+ if (rule_mode == RULE_DENY) {
+ deny[entry.family] |= entry.type;
+ if (dedup_perms_rule_t::audit != AUDIT_FORCE)
+ quiet[entry.family] |= entry.type;
+ } else {
+ allow[entry.family] |= entry.type;
+ if (dedup_perms_rule_t::audit == AUDIT_FORCE)
+ audit[entry.family] |= entry.type;
+ }
+ } else {
+ if (rule_mode == RULE_DENY) {
+ deny[entry.family] |= 1 << entry.type;
+ if (dedup_perms_rule_t::audit != AUDIT_FORCE)
+ quiet[entry.family] |= 1 << entry.type;
+ } else {
+ allow[entry.family] |= 1 << entry.type;
+ if (dedup_perms_rule_t::audit == AUDIT_FORCE)
+ audit[entry.family] |= 1 << entry.type;
+ }
+ }
+ }
+ }
+}
+
+static int cmp_ip_conds(ip_conds const &lhs, ip_conds const &rhs)
+{
+ int res = null_strcmp(lhs.sip, rhs.sip);
+ if (res)
+ return res;
+ res = null_strcmp(lhs.sport, rhs.sport);
+ if (res)
+ return res;
+ return lhs.is_none - rhs.is_none;
+}
+
+static int cmp_network_map(std::unordered_map<unsigned int, std::pair<unsigned int, unsigned int>> lhs,
+ std::unordered_map<unsigned int, std::pair<unsigned int, unsigned int>> rhs)
+{
+ int res;
+ size_t family_index;
+ for (family_index = AF_UNSPEC; family_index < get_af_max(); family_index++) {
+ res = lhs[family_index].first - rhs[family_index].first;
+ if (res)
+ return res;
+ res = lhs[family_index].second - rhs[family_index].second;
+ if (res)
+ return res;
+ }
+ return 0;
+}
+
+int network_rule::cmp(rule_t const &rhs) const
+{
+ int res = dedup_perms_rule_t::cmp(rhs);
+ if (res)
+ return res;
+ network_rule const &nrhs = rule_cast<network_rule const &>(rhs);
+ res = cmp_network_map(network_perms, nrhs.network_perms);
+ if (res)
+ return res;
+ res = cmp_ip_conds(local, nrhs.local);
+ if (res)
+ return res;
+ res = cmp_ip_conds(peer, nrhs.peer);
+ if (res)
+ return res;
+ return null_strcmp(label, nrhs.label);
+};
diff --git a/parser/network.h b/parser/network.h
index d51c5299e70f13fdf53b26351350803830554952..fbb6d59a8a9528051640d1bc367050a6259ffa77 100644
--- a/parser/network.h
+++ b/parser/network.h
@@ -26,9 +26,12 @@
#include <arpa/inet.h>
#include <sys/types.h>
#include <sys/stat.h>
+#include <list>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
+#include <unordered_map>
+#include <vector>
#include "parser.h"
#include "rule.h"
@@ -73,6 +76,14 @@
#define AA_PEER_NET_PERMS (AA_VALID_NET_PERMS & (~AA_LOCAL_NET_PERMS | \
AA_NET_ACCEPT))
+#define CMD_ADDR 1
+#define CMD_LISTEN 2
+#define CMD_OPT 4
+
+#define NONE_SIZE 0
+#define IPV4_SIZE 1
+#define IPV6_SIZE 2
+
struct network_tuple {
const char *family_name;
unsigned int family;
@@ -82,13 +93,10 @@ struct network_tuple {
unsigned int protocol;
};
-/* supported AF protocols */
struct aa_network_entry {
- unsigned int family;
+ long unsigned int family;
unsigned int type;
unsigned int protocol;
-
- struct aa_network_entry *next;
};
static inline uint32_t map_perms(uint32_t mask)
@@ -100,44 +108,124 @@ static inline uint32_t map_perms(uint32_t mask)
};
-int parse_net_mode(const char *str_mode, int *mode, int fail);
-extern struct aa_network_entry *new_network_ent(unsigned int family,
- unsigned int type,
- unsigned int protocol);
-extern struct aa_network_entry *network_entry(const char *family,
- const char *type,
- const char *protocol);
-extern size_t get_af_max(void);
-
-void __debug_network(unsigned int *array, const char *name);
-
-struct network {
- unsigned int *allow; /* array of type masks
- * indexed by AF_FAMILY */
- unsigned int *audit;
- unsigned int *deny;
- unsigned int *quiet;
-
- network(void) { allow = audit = deny = quiet = NULL; }
-
- void dump(void) {
- if (allow)
- __debug_network(allow, "Network");
- if (audit)
- __debug_network(audit, "Audit Net");
- if (deny)
- __debug_network(deny, "Deny Net");
- if (quiet)
- __debug_network(quiet, "Quiet Net");
- }
-};
-
+size_t get_af_max();
+int parse_net_perms(const char *str_mode, perm32_t *perms, int fail);
int net_find_type_val(const char *type);
const char *net_find_type_name(int type);
const char *net_find_af_name(unsigned int af);
-const struct network_tuple *net_find_mapping(const struct network_tuple *map,
- const char *family,
- const char *type,
- const char *protocol);
+
+struct ip_address {
+ union {
+ uint8_t address_v6[16];
+ uint32_t address_v4;
+ } address;
+ uint16_t family;
+};
+
+class ip_conds {
+public:
+ char *sip = NULL;
+ char *sport = NULL;
+
+ bool is_ip = false;
+ bool is_port = false;
+
+ uint16_t from_port = 0;
+ uint16_t to_port = 0;
+
+ struct ip_address ip;
+
+ bool is_none = false;
+
+ void free_conds() {
+ if (sip)
+ free(sip);
+ if (sport)
+ free(sport);
+ }
+};
+
+class network_rule: public dedup_perms_rule_t {
+ void move_conditionals(struct cond_entry *conds, ip_conds &ip_cond);
+public:
+ std::unordered_map<unsigned int, std::vector<struct aa_network_entry>> network_map;
+ std::unordered_map<unsigned int, std::pair<unsigned int, unsigned int>> network_perms;
+
+ ip_conds peer;
+ ip_conds local;
+ char *label;
+
+ bool has_local_conds(void) { return local.sip || local.sport; }
+ bool has_peer_conds(void) { return peer.sip || peer.sport; }
+ /* empty constructor used only for the profile to access
+ * static elements to maintain compatibility with
+ * AA_CLASS_NET */
+ network_rule(): dedup_perms_rule_t(AA_CLASS_NETV8), label(NULL) { }
+ network_rule(perm32_t perms_p, struct cond_entry *conds,
+ struct cond_entry *peer_conds);
+ network_rule(perm32_t perms_p, const char *family, const char *type,
+ const char *protocol, struct cond_entry *conds,
+ struct cond_entry *peer_conds);
+ network_rule(perm32_t perms_p, unsigned int family, unsigned int type);
+ virtual ~network_rule()
+ {
+ peer.free_conds();
+ local.free_conds();
+ if (allow) {
+ free(allow);
+ allow = NULL;
+ }
+ if (audit) {
+ free(audit);
+ audit = NULL;
+ }
+ if (deny) {
+ free(deny);
+ deny = NULL;
+ }
+ if (quiet) {
+ free(quiet);
+ quiet = NULL;
+ }
+ };
+
+ bool gen_ip_conds(Profile &prof, std::list<std::ostringstream> &streams, ip_conds &entry, bool is_peer, uint16_t port, bool is_port, bool is_cmd);
+ bool gen_net_rule(Profile &prof, u16 family, unsigned int type_mask, unsigned int protocol);
+ void set_netperm(unsigned int family, unsigned int type, unsigned int protocol);
+ void update_compat_net(void);
+ bool parse_address(ip_conds &entry);
+ bool parse_port(ip_conds &entry);
+
+ // update TODO: in equality.sh when priority is a valid prefix
+ virtual bool valid_prefix(const prefixes &p, const char *&error) {
+ if (p.priority != 0) {
+ error = _("priority prefix not allowed on network rules");
+ return false;
+ }
+ if (p.owner) {
+ error = _("owner prefix not allowed on network rules");
+ return false;
+ }
+ return true;
+ };
+ virtual ostream &dump(ostream &os);
+ virtual int expand_variables(void);
+ virtual int gen_policy_re(Profile &prof);
+
+ virtual bool is_mergeable(void) { return true; }
+ virtual int cmp(rule_t const &rhs) const;
+
+ /* array of type masks indexed by AF_FAMILY */
+ /* allow, audit, deny and quiet are used for compatibility with AA_CLASS_NET */
+ static unsigned int *allow;
+ static unsigned int *audit;
+ static unsigned int *deny;
+ static unsigned int *quiet;
+
+ bool alloc_net_table(void);
+
+protected:
+ virtual void warn_once(const char *name) override;
+};
#endif /* __AA_NETWORK_H */
diff --git a/parser/parser.h b/parser/parser.h
index a7ead40f2d0b7fd443f54358f6d19c4efffa481e..ca7274f251b8c5a2503a553c8739e5f27dfe2949 100644
--- a/parser/parser.h
+++ b/parser/parser.h
@@ -36,14 +36,15 @@
#include "immunix.h"
#include "libapparmor_re/apparmor_re.h"
#include "libapparmor_re/aare_rules.h"
+#include "rule.h"
+#include "bignum.h"
#include <string>
using namespace std;
#include <set>
-class Profile;
-class rule_t;
+
#define MODULE_NAME "apparmor"
@@ -82,17 +83,9 @@ extern int parser_token;
WARN_UNEXPECTED | WARN_FORMAT | WARN_MISSING | \
WARN_OVERRIDE | WARN_INCLUDE)
-extern dfaflags_t warnflags;
-extern dfaflags_t werrflags;
-
typedef enum pattern_t pattern_t;
-struct prefixes {
- int audit;
- int deny;
- int owner;
-};
struct cod_pattern {
char *regex; // posix regex
@@ -104,6 +97,8 @@ struct value_list {
struct value_list *next;
};
+int cmp_value_list(value_list *lhs, value_list *rhs);
+
struct cond_entry {
char *name;
int eq; /* where equals was used in specifying list */
@@ -119,6 +114,7 @@ struct cond_entry_list {
};
struct cod_entry {
+ int priority;
char *name;
union {
char *link_name;
@@ -127,13 +123,13 @@ struct cod_entry {
char *nt_name;
Profile *prof; /* Special profile defined
* just for this executable */
- int mode; /* mode is 'or' of AA_* bits */
- int audit; /* audit flags for mode */
- int deny; /* TRUE or FALSE */
+ perm32_t perms; /* perms is 'or' of AA_* bits */
+ audit_t audit;
+ rule_mode_t rule_mode;
- int alias_ignore; /* ignore for alias processing */
+ bool alias_ignore; /* ignore for alias processing */
- int subset;
+ bool subset;
pattern_t pattern_type;
struct cod_pattern pat;
@@ -329,6 +325,7 @@ do { \
/* The parser fills this variable in automatically */
#define PROFILE_NAME_VARIABLE "profile_name"
+
/* from parser_common.c */
extern uint32_t policy_version;
extern uint32_t parser_abi_version;
@@ -346,6 +343,7 @@ extern int kernel_load;
extern int kernel_supports_setload;
extern int features_supports_network;
extern int features_supports_networkv8;
+extern int features_supports_inet;
extern int kernel_supports_policydb;
extern int kernel_supports_diff_encode;
extern int features_supports_mount;
@@ -355,13 +353,25 @@ extern int features_supports_ptrace;
extern int features_supports_unix;
extern int features_supports_stacking;
extern int features_supports_domain_xattr;
+extern int features_supports_userns;
+extern int features_supports_posix_mqueue;
+extern int features_supports_sysv_mqueue;
+extern int features_supports_io_uring;
+extern int features_supports_flag_interruptible;
+extern int features_supports_flag_signal;
+extern int features_supports_flag_error;
extern int kernel_supports_oob;
+extern int kernel_supports_promptdev;
+extern int kernel_supports_permstable32;
+extern int kernel_supports_permstable32_v1;
+extern int prompt_compat_mode;
+extern int kernel_supports_state32;
+extern int kernel_supports_flags_table;
extern int conf_verbose;
extern int conf_quiet;
extern int names_only;
extern int option;
extern int current_lineno;
-extern dfaflags_t dfaflags;
extern const char *progname;
extern char *profilename;
extern char *profile_ns;
@@ -372,8 +382,12 @@ extern IncludeCache_t *g_includecache;
extern void pwarnf(bool werr, const char *fmt, ...) __attribute__((__format__(__printf__, 2, 3)));
extern void common_warn_once(const char *name, const char *msg, const char **warned_name);
+bool prompt_compat_mode_supported(int mode);
+int default_prompt_compat_mode();
+void print_prompt_compat_mode(FILE *f);
+
-#define pwarn(F, args...) do { if (warnflags & (F)) pwarnf((werrflags & (F)), ## args); } while (0)
+#define pwarn(F, args...) do { if (parseopts.warn & (F)) pwarnf((parseopts.Werror & (F)), ## args); } while (0)
/* from parser_main (cannot be used in tst builds) */
extern int force_complain;
@@ -412,6 +426,7 @@ extern pattern_t convert_aaregex_to_pcre(const char *aare, int anchor, int glob,
extern int build_list_val_expr(std::string& buffer, struct value_list *list);
extern int convert_entry(std::string& buffer, char *entry);
extern int clear_and_convert_entry(std::string& buffer, char *entry);
+extern int convert_range(std::string& buffer, bignum start, bignum end);
extern int process_regex(Profile *prof);
extern int post_process_entry(struct cod_entry *entry);
@@ -446,18 +461,23 @@ extern char *processunquoted(const char *string, int len);
extern int get_keyword_token(const char *keyword);
extern int get_rlimit(const char *name);
extern char *process_var(const char *var);
-extern int parse_mode(const char *mode);
-extern int parse_X_mode(const char *X, int valid, const char *str_mode, int *mode, int fail);
+extern perm32_t parse_perms(const char *permstr);
+extern int parse_X_perms(const char *X, int valid, const char *str_perms, perm32_t *perms, int fail);
bool label_contains_ns(const char *label);
bool parse_label(bool *_stack, char **_ns, char **_name,
const char *label, bool yyerr);
-extern struct cod_entry *new_entry(char *id, int mode, char *link_id);
+extern struct cod_entry *new_entry(char *id, perm32_t perms, char *link_id);
/* returns -1 if value != true or false, otherwise 0 == false, 1 == true */
extern int str_to_boolean(const char* str);
+extern int null_strcmp(const char *s1, const char *s2);
+extern bool strcomp (const char *lhs, const char *rhs);
extern struct cod_entry *copy_cod_entry(struct cod_entry *cod);
extern void free_cod_entries(struct cod_entry *list);
void debug_cod_entries(struct cod_entry *list);
+bool check_x_qualifier(struct cod_entry *entry, const char *&error);
+bool entry_add_prefix(struct cod_entry *entry, const prefixes &p, const char *&error);
+
#define SECONDS_P_MS (1000LL * 1000LL)
long long convert_time_units(long long value, long long base, const char *units);
@@ -501,8 +521,6 @@ extern void add_to_list(Profile *profile);
extern void add_hat_to_policy(Profile *policy, Profile *hat);
extern int add_entry_to_x_table(Profile *prof, char *name);
extern void add_entry_to_policy(Profile *policy, struct cod_entry *entry);
-extern void post_process_file_entries(Profile *prof);
-extern void post_process_rule_entries(Profile *prof);
extern int post_process_policy(int debug_only);
extern int process_profile_regex(Profile *prof);
extern int process_profile_variables(Profile *prof);
diff --git a/parser/parser_alias.c b/parser/parser_alias.c
index b96d18f87f1073871a55067031225b36d5218b02..827128e87061f36f401d2aecf4241835e0fc194a 100644
--- a/parser/parser_alias.c
+++ b/parser/parser_alias.c
@@ -120,7 +120,7 @@ static void process_entries(const void *nodep, VISIT value, int level unused)
len = strlen((*t)->from);
list_for_each(target_list, entry) {
- if ((entry->mode & AA_SHARED_PERMS) || entry->alias_ignore)
+ if ((entry->perms & AA_SHARED_PERMS) || entry->alias_ignore)
continue;
if (entry->name && strncmp((*t)->from, entry->name, len) == 0) {
char *n = do_alias(*t, entry->name);
@@ -141,7 +141,7 @@ static void process_entries(const void *nodep, VISIT value, int level unused)
dup->link_name = n;
}
if (dup) {
- dup->alias_ignore = 1;
+ dup->alias_ignore = true;
/* adds to the front of the list, list iteratition
* will skip it
*/
diff --git a/parser/parser_common.c b/parser/parser_common.c
index 398df43d7d3cfe7d62a149b2766690987dd621d2..b9f171423468cbd0d4f1c9cf4567884db84a935e 100644
--- a/parser/parser_common.c
+++ b/parser/parser_common.c
@@ -69,6 +69,7 @@ int kernel_load = 1;
int kernel_supports_setload = 0; /* kernel supports atomic set loads */
int features_supports_network = 0; /* kernel supports network rules */
int features_supports_networkv8 = 0; /* kernel supports 4.17 network rules */
+int features_supports_inet = 0; /* kernel supports inet network rules */
int features_supports_unix = 0; /* kernel supports unix socket rules */
int kernel_supports_policydb = 0; /* kernel supports new policydb */
int features_supports_mount = 0; /* kernel supports mount rules */
@@ -78,16 +79,26 @@ int features_supports_signal = 0; /* kernel supports signal rules */
int features_supports_ptrace = 0; /* kernel supports ptrace rules */
int features_supports_stacking = 0; /* kernel supports stacking */
int features_supports_domain_xattr = 0; /* x attachment cond */
+int features_supports_userns = 0; /* kernel supports user namespace */
+int features_supports_posix_mqueue = 0; /* kernel supports mqueue rules */
+int features_supports_sysv_mqueue = 0; /* kernel supports mqueue rules */
+int features_supports_io_uring = 0; /* kernel supports io_uring rules */
+int features_supports_flag_interruptible = 0;
+int features_supports_flag_signal = 0;
+int features_supports_flag_error = 0;
int kernel_supports_oob = 0; /* out of band transitions */
+int kernel_supports_promptdev = 0; /* prompt via audit perms */
+int kernel_supports_permstable32 = 0; /* extended permissions */
+int kernel_supports_permstable32_v1 = 0; /* extended permissions */
+int prompt_compat_mode = PROMPT_COMPAT_UNKNOWN;
+int kernel_supports_state32 = 0; /* 32 bit state table entries */
+int kernel_supports_flags_table = 0; /* state flags stored in table */
int conf_verbose = 0;
int conf_quiet = 0;
int names_only = 0;
int current_lineno = 1;
int option = OPTION_ADD;
-dfaflags_t dfaflags = (dfaflags_t)(DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE | DFA_CONTROL_DIFF_ENCODE);
-dfaflags_t warnflags = DEFAULT_WARNINGS;
-dfaflags_t werrflags = 0;
const char *progname = __FILE__;
char *profile_ns = NULL;
@@ -98,6 +109,19 @@ FILE *ofile = NULL;
IncludeCache_t *g_includecache;
+optflags parseopts = {
+ .control = (optflags_t)(CONTROL_DFA_TREE_NORMAL | CONTROL_DFA_TREE_SIMPLE | CONTROL_DFA_MINIMIZE | CONTROL_DFA_DIFF_ENCODE | CONTROL_RULE_MERGE |
+ /* TODO: remove when we have better auto
+ * selection on when/which explicit denies
+ * to remove
+ */
+ CONTROL_DFA_FILTER_DENY),
+ .dump = 0,
+ .warn = DEFAULT_WARNINGS,
+ .Werror = 0
+};
+
+
#ifdef FORCE_READ_IMPLIES_EXEC
int read_implies_exec = 1;
#else
@@ -136,8 +160,8 @@ void pwarnf(bool werr, const char *fmt, ...)
/* do we want to warn once/profile or just once per compile?? */
void common_warn_once(const char *name, const char *msg, const char **warned_name)
{
- if ((warnflags & WARN_RULE_NOT_ENFORCED) && *warned_name != name) {
- if (werrflags & WARN_RULE_NOT_ENFORCED)
+ if ((parseopts.warn & WARN_RULE_NOT_ENFORCED) && *warned_name != name) {
+ if (parseopts.Werror & WARN_RULE_NOT_ENFORCED)
cerr << "Warning converted to Error";
else
cerr << "Warning";
@@ -150,6 +174,68 @@ void common_warn_once(const char *name, const char *msg, const char **warned_nam
*warned_name = name;
}
- if (werrflags & WARN_RULE_NOT_ENFORCED)
+ if (parseopts.Werror & WARN_RULE_NOT_ENFORCED)
exit(1);
}
+
+bool prompt_compat_mode_supported(int mode)
+{
+ if (mode == PROMPT_COMPAT_PERMSV2 &&
+ (kernel_supports_permstable32 && !kernel_supports_permstable32_v1))
+ return true;
+ /*
+ else if (mode == PROMPT_COMPAT_DEV &&
+ kernel_supports_promptdev)
+ return true;
+ */
+ else if (mode == PROMPT_COMPAT_FLAG &&
+ kernel_supports_permstable32)
+ return true;
+ /*
+ else if (mode == PROMPT_COMPAT_PERMSV1 &&
+ (kernel_supports_permstable32_v1))
+ return true;
+ */
+ else if (mode == PROMPT_COMPAT_IGNORE)
+ return true;
+
+ return false;
+}
+
+int default_prompt_compat_mode()
+{
+ if (prompt_compat_mode_supported(PROMPT_COMPAT_PERMSV2))
+ return PROMPT_COMPAT_PERMSV2;
+ if (prompt_compat_mode_supported(PROMPT_COMPAT_DEV))
+ return PROMPT_COMPAT_DEV;
+ if (prompt_compat_mode_supported(PROMPT_COMPAT_FLAG))
+ return PROMPT_COMPAT_FLAG;
+ if (prompt_compat_mode_supported(PROMPT_COMPAT_PERMSV1))
+ return PROMPT_COMPAT_PERMSV1;
+ if (prompt_compat_mode_supported(PROMPT_COMPAT_IGNORE))
+ return PROMPT_COMPAT_IGNORE;
+ return PROMPT_COMPAT_IGNORE;
+}
+
+void print_prompt_compat_mode(FILE *f)
+{
+ switch (prompt_compat_mode) {
+ case PROMPT_COMPAT_IGNORE:
+ fprintf(f, "ignore");
+ break;
+ case PROMPT_COMPAT_FLAG:
+ fprintf(f, "flag");
+ break;
+ case PROMPT_COMPAT_PERMSV2:
+ fprintf(f, "permsv2");
+ break;
+ case PROMPT_COMPAT_PERMSV1:
+ fprintf(f, "permsv1");
+ break;
+ case PROMPT_COMPAT_DEV:
+ fprintf(stderr, "dev");
+ break;
+ default:
+ fprintf(f, "Unknown prompt compat mode '%d'", prompt_compat_mode);
+ }
+}
diff --git a/parser/parser_interface.c b/parser/parser_interface.c
index 27948b57a4bc6cf3249abe4aa89acd1520837c42..816fe5cbace5ed1529e1d1f915eb08ee430ed5e9 100644
--- a/parser/parser_interface.c
+++ b/parser/parser_interface.c
@@ -51,9 +51,6 @@ static void print_error(int error)
case -ESPIPE:
PERROR(_("Bad write position\n"));
break;
- case -EPERM:
- PERROR(_("Permission denied\n"));
- break;
case -ENOMEM:
PERROR(_("Out of memory\n"));
break;
@@ -75,8 +72,13 @@ static void print_error(int error)
case -ENOENT:
PERROR(_("Profile doesn't exist\n"));
break;
+ case -EPERM:
+ PERROR(_("%s: Permission denied. You need policy admin privileges to manage profiles.\n\n"),
+ progname);
+ break;
case -EACCES:
- PERROR(_("Permission denied; attempted to load a profile while confined?\n"));
+ PERROR(_("%s: Access denied. You need policy admin privileges to manage profiles.\n\n"),
+ progname);
break;
default:
PERROR(_("Unknown error (%d): %s\n"), -error, strerror(-error));
@@ -321,10 +323,49 @@ static inline void sd_write_listend(std::ostringstream &buf)
sd_write8(buf, SD_LISTEND);
}
-void sd_serialize_dfa(std::ostringstream &buf, void *dfa, size_t size)
+void sd_serialize_perm(std::ostringstream &buf, aa_perms &perms)
+{
+ sd_write_uint32(buf, 0); /* reserved */
+ sd_write_uint32(buf, perms.allow);
+ sd_write_uint32(buf, perms.deny);
+ sd_write_uint32(buf, perms.subtree);
+ sd_write_uint32(buf, perms.cond);
+ sd_write_uint32(buf, perms.kill);
+ sd_write_uint32(buf, perms.complain);
+ sd_write_uint32(buf, perms.prompt);
+ sd_write_uint32(buf, perms.audit);
+ sd_write_uint32(buf, perms.quiet);
+ sd_write_uint32(buf, perms.hide);
+ sd_write_uint32(buf, perms.xindex);
+ sd_write_uint32(buf, perms.tag);
+ sd_write_uint32(buf, perms.label);
+}
+
+void sd_serialize_permstable(std::ostringstream &buf, vector <aa_perms> &perms_table)
+{
+ sd_write_struct(buf, "perms");
+ sd_write_name(buf, "version");
+ sd_write_uint32(buf, 1);
+ sd_write_array(buf, NULL, perms_table.size());
+ for (size_t i = 0; i < perms_table.size(); i++) {
+ sd_serialize_perm(buf, perms_table[i]);
+ }
+ sd_write_arrayend(buf);
+ sd_write_structend(buf);
+}
+
+void sd_serialize_dfa(std::ostringstream &buf, void *dfa, size_t size,
+ vector <aa_perms> &perms_table)
{
- if (dfa)
+ if (dfa) {
+ if (kernel_supports_permstable32 && perms_table.size() > 0) {
+ //fprintf(stderr, "writing perms table %d\n", size);
+ sd_serialize_permstable(buf, perms_table);
+ } else {
+ //fprintf(stderr, "skipping permtable32 %d, size %d\n", kernel_supports_permstable32, perms_table.size());
+ }
sd_write_aligned_blob(buf, dfa, size, "aadfa");
+ }
}
void sd_serialize_rlimits(std::ostringstream &buf, struct aa_rlimits *limits)
@@ -342,10 +383,13 @@ void sd_serialize_rlimits(std::ostringstream &buf, struct aa_rlimits *limits)
sd_write_structend(buf);
}
-void sd_serialize_xtable(std::ostringstream &buf, char **table)
+void sd_serialize_xtable(std::ostringstream &buf, char **table,
+ size_t min_size)
{
- int count;
- if (!table[4])
+ size_t count;
+ size_t size;
+
+ if (!table[4] && min_size == 0)
return;
sd_write_struct(buf, "xtable");
count = 0;
@@ -354,9 +398,11 @@ void sd_serialize_xtable(std::ostringstream &buf, char **table)
count++;
}
- sd_write_array(buf, NULL, count);
- for (int i = 4; i < count + 4; i++) {
- int len = strlen(table[i]) + 1;
+ size = max(min_size, count);
+
+ sd_write_array(buf, NULL, size);
+ for (size_t i = 4; i < count + 4; i++) {
+ size_t len = strlen(table[i]) + 1;
/* if its a namespace make sure the second : is overwritten
* with 0, so that the namespace and name are \0 separated
@@ -367,6 +413,14 @@ void sd_serialize_xtable(std::ostringstream &buf, char **table)
}
sd_write_strn(buf, table[i], len, NULL);
}
+ if (min_size > count) {
+ //fprintf(stderr, "Adding padding to xtable count %lu, min %lu\n", count, min_size);
+ for (; count < min_size; count++) {
+ /* fill with null strings */
+ sd_write_strn(buf, "\000", 1, NULL);
+ }
+ }
+
sd_write_arrayend(buf);
sd_write_structend(buf);
}
@@ -409,14 +463,30 @@ void sd_serialize_profile(std::ostringstream &buf, Profile *profile,
/* only emit this if current kernel at least supports "create" */
if (perms_create) {
if (profile->xmatch) {
- sd_serialize_dfa(buf, profile->xmatch, profile->xmatch_size);
+ sd_serialize_dfa(buf, profile->xmatch, profile->xmatch_size, profile->xmatch_perms_table);
sd_write_uint32(buf, profile->xmatch_len);
}
}
+ /* added in 4.13, unfortunately there is no features flag */
+ if (profile->flags.disconnected_path) {
+ sd_write_string(buf, profile->flags.disconnected_path,
+ "disconnected");
+ }
+
+ if (profile->flags.signal && features_supports_flag_signal) {
+ sd_write_name(buf, "kill");
+ sd_write_uint32(buf, profile->flags.signal);
+ }
+
+ if (profile->flags.error && features_supports_flag_error) {
+ sd_write_name(buf, "error");
+ sd_write_uint32(buf, profile->flags.error);
+ }
+
sd_write_struct(buf, "flags");
/* used to be flags.debug, but that's no longer supported */
- sd_write_uint32(buf, profile->flags.hat);
+ sd_write_uint32(buf, profile->flags.flags);
sd_write_uint32(buf, profile_mode_packed(profile->flags.mode));
sd_write_uint32(buf, profile->flags.audit);
sd_write_structend(buf);
@@ -473,14 +543,42 @@ void sd_serialize_profile(std::ostringstream &buf, Profile *profile,
if (profile->policy.dfa) {
sd_write_struct(buf, "policydb");
- sd_serialize_dfa(buf, profile->policy.dfa, profile->policy.size);
+ sd_serialize_dfa(buf, profile->policy.dfa, profile->policy.size,
+ profile->policy.perms_table);
+ if (kernel_supports_permstable32) {
+ sd_serialize_xtable(buf, profile->exec_table,
+ profile->uses_prompt_rules &&
+ prompt_compat_mode == PROMPT_COMPAT_PERMSV1 ?
+ profile->policy.perms_table.size() : 0);
+
+ }
sd_write_structend(buf);
}
/* either have a single dfa or lists of different entry types */
- sd_serialize_dfa(buf, profile->dfa.dfa, profile->dfa.size);
- sd_serialize_xtable(buf, profile->exec_table);
-
+ if (profile->uses_prompt_rules && prompt_compat_mode == PROMPT_COMPAT_PERMSV1) {
+ /* special compat mode to work around verification problem */
+ sd_serialize_dfa(buf, profile->policy.dfa, profile->policy.size,
+ profile->policy.perms_table);
+ sd_write_name(buf, "dfa_start");
+ sd_write_uint32(buf, profile->policy.file_start);
+ if (profile->policy.dfa) {
+ // fprintf(stderr, "profile %s: policy xtable\n", profile->name);
+ // TODO: this is dummy exec make dependent on V1
+ sd_serialize_xtable(buf, profile->exec_table,
+ //permstable32_v1 workaround
+ profile->policy.perms_table.size());
+ }
+ } else {
+ sd_serialize_dfa(buf, profile->dfa.dfa, profile->dfa.size,
+ profile->dfa.perms_table);
+ if (profile->dfa.dfa) {
+ // fprintf(stderr, "profile %s: dfa xtable\n", profile->name);
+ sd_serialize_xtable(buf, profile->exec_table,
+ //??? work around
+ profile->dfa.perms_table.size());
+ }
+ }
sd_write_structend(buf);
}
diff --git a/parser/parser_lex.l b/parser/parser_lex.l
index d37b3350346a2dea1e21b696d5b6ba93a10797c5..15f0bccd27b3d0c0c7ea9c6380fbf58c59777a2e 100644
--- a/parser/parser_lex.l
+++ b/parser/parser_lex.l
@@ -255,9 +255,11 @@ MODES {MODE_CHARS}+
WS [[:blank:]]
NUMBER [[:digit:]]+
+ID_FIRST_CHARS [^ \t\r\n"!,#]
+ID_FIRST {ID_CHARS}|(,{ID_CHARS}|\\[ ]|\\\t|\\\"|\\!|\\,|\\#)
ID_CHARS [^ \t\r\n"!,]
ID {ID_CHARS}|(,{ID_CHARS}|\\[ ]|\\\t|\\\"|\\!|\\,)
-IDS {ID}+
+IDS {ID_FIRST}{ID}*
INC_ID [^ \t\r\n"!,<>]|(,[^ \t\r\n"!,<>]|\\[ ]|\\\t|\\\"|\\!|\\,)
INC_IDS {INC_ID}+
POST_VAR_ID_CHARS [^ \t\n"!,]{-}[=\+]
@@ -275,6 +277,7 @@ QUOTED_ID \"{ALLOWED_QUOTED_ID}*\"
IP {NUMBER}\.{NUMBER}\.{NUMBER}\.{NUMBER}
+INTEGER [+-]?{NUMBER}
HAT hat{WS}*
PROFILE profile{WS}*
KEYWORD [[:alpha:]_]+
@@ -327,7 +330,10 @@ GT >
%x INCLUDE
%x INCLUDE_EXISTS
%x ABI_MODE
-
+%x USERNS_MODE
+%x MQUEUE_MODE
+%x IOURING_MODE
+%x INTEGER_MODE
%%
%{
@@ -339,7 +345,7 @@ GT >
}
%}
-<INITIAL,SUB_ID_WS,INCLUDE,INCLUDE_EXISTS,LIST_VAL_MODE,EXTCOND_MODE,LIST_COND_VAL,LIST_COND_PAREN_VAL,LIST_COND_MODE,EXTCONDLIST_MODE,ASSIGN_MODE,NETWORK_MODE,CHANGE_PROFILE_MODE,RLIMIT_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,ABI_MODE>{
+<INITIAL,SUB_ID_WS,INCLUDE,INCLUDE_EXISTS,LIST_VAL_MODE,EXTCOND_MODE,LIST_COND_VAL,LIST_COND_PAREN_VAL,LIST_COND_MODE,EXTCONDLIST_MODE,ASSIGN_MODE,NETWORK_MODE,CHANGE_PROFILE_MODE,RLIMIT_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,ABI_MODE,USERNS_MODE,MQUEUE_MODE,IOURING_MODE,INTEGER_MODE>{
{WS}+ { DUMP_PREPROCESS; /* Ignoring whitespace */ }
}
@@ -375,7 +381,7 @@ GT >
yyterminate();
}
-<INITIAL,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE>{
+<INITIAL,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,MQUEUE_MODE,NETWORK_MODE>{
(peer|xattrs)/{WS}*={WS}*\( {
/* we match to the = in the lexer so that we can switch scanner
* state. By the time the parser see the = it may be too late
@@ -384,6 +390,11 @@ GT >
yylval.id = processid(yytext, yyleng);
PUSH_AND_RETURN(EXTCONDLIST_MODE, TOK_CONDLISTID);
}
+ priority/{WS}*= {
+ /* has to be before {VARIABLE_NAME} matches below */
+ PUSH_AND_RETURN(INTEGER_MODE, TOK_PRIORITY);
+
+ }
{VARIABLE_NAME}/{WS}*= {
/* we match to the = in the lexer so that we can switch scanner
* state. By the time the parser see the = it may be too late
@@ -504,6 +515,12 @@ GT >
yyerror(_("Variable declarations do not accept trailing commas"));
}
+ #.*\r?\n { /* normal comment */
+ DUMP_AND_DEBUG("comment(%d): %s\n", current_lineno, yytext);
+ current_lineno++;
+ POP();
+ }
+
\\\n { DUMP_PREPROCESS; current_lineno++ ; }
\r?\n {
@@ -514,12 +531,6 @@ GT >
}
}
-<NETWORK_MODE>{
- {IDS} {
- yylval.id = strdup(yytext);
- RETURN_TOKEN(TOK_ID);
- }
-}
<CHANGE_PROFILE_MODE>{
safe { RETURN_TOKEN(TOK_SAFE); }
@@ -555,19 +566,30 @@ GT >
{LT_EQUAL} { RETURN_TOKEN(TOK_LE); }
}
-<UNIX_MODE>{
- create { RETURN_TOKEN(TOK_CREATE); }
+<UNIX_MODE,NETWORK_MODE>{
listen { RETURN_TOKEN(TOK_LISTEN); }
accept { RETURN_TOKEN(TOK_ACCEPT); }
connect { RETURN_TOKEN(TOK_CONNECT); }
- getattr { RETURN_TOKEN(TOK_GETATTR); }
- setattr { RETURN_TOKEN(TOK_SETATTR); }
getopt { RETURN_TOKEN(TOK_GETOPT); }
setopt { RETURN_TOKEN(TOK_SETOPT); }
shutdown { RETURN_TOKEN(TOK_SHUTDOWN); }
}
-<DBUS_MODE,UNIX_MODE>{
+<UNIX_MODE,USERNS_MODE,MQUEUE_MODE,NETWORK_MODE>{
+ create { RETURN_TOKEN(TOK_CREATE); }
+}
+
+<MQUEUE_MODE>{
+ open { RETURN_TOKEN(TOK_OPEN); }
+ delete { RETURN_TOKEN(TOK_DELETE); }
+}
+
+<UNIX_MODE,MQUEUE_MODE,NETWORK_MODE>{
+ getattr { RETURN_TOKEN(TOK_GETATTR); }
+ setattr { RETURN_TOKEN(TOK_SETATTR); }
+}
+
+<DBUS_MODE,UNIX_MODE,NETWORK_MODE>{
bind { RETURN_TOKEN(TOK_BIND); }
}
@@ -575,7 +597,7 @@ GT >
eavesdrop { RETURN_TOKEN(TOK_EAVESDROP); }
}
-<DBUS_MODE,SIGNAL_MODE,UNIX_MODE>{
+<DBUS_MODE,SIGNAL_MODE,UNIX_MODE,NETWORK_MODE>{
send { RETURN_TOKEN(TOK_SEND); }
receive { RETURN_TOKEN(TOK_RECEIVE); }
}
@@ -586,7 +608,7 @@ GT >
tracedby { RETURN_TOKEN(TOK_TRACEDBY); }
}
-<DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE>{
+<DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,MQUEUE_MODE,NETWORK_MODE>{
read { RETURN_TOKEN(TOK_READ); }
write { RETURN_TOKEN(TOK_WRITE); }
{OPEN_PAREN} {
@@ -602,13 +624,27 @@ GT >
{ARROW} { RETURN_TOKEN(TOK_ARROW); }
}
-<MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE>{
+<IOURING_MODE>{
+ override_creds { RETURN_TOKEN(TOK_OVERRIDE_CREDS); }
+ sqpoll { RETURN_TOKEN(TOK_SQPOLL); }
+}
+
+<MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,MQUEUE_MODE,IOURING_MODE,NETWORK_MODE>{
({IDS_NOEQ}|{LABEL}|{QUOTED_ID}) {
yylval.id = processid(yytext, yyleng);
RETURN_TOKEN(TOK_ID);
}
}
+<INTEGER_MODE>{
+ {EQUALS} { RETURN_TOKEN(TOK_EQUALS); }
+
+ {INTEGER} {
+ yylval.mode = strdup(yytext);
+ POP_AND_RETURN(TOK_VALUE);
+ }
+}
+
#include{WS}+if{WS}+exists/{WS}.*\r?\n {
/* Don't use PUSH() macro here as we don't want #include echoed out.
* It needs to be handled specially
@@ -639,6 +675,10 @@ include/{WS} {
yy_push_state(INCLUDE);
}
+all/({WS}|[^[:alnum:]_]) {
+ RETURN_TOKEN(TOK_ALL);
+}
+
#.*\r?\n { /* normal comment */
DUMP_AND_DEBUG("comment(%d): %s\n", current_lineno, yytext);
current_lineno++;
@@ -724,13 +764,19 @@ include/{WS} {
case TOK_ABI:
state = ABI_MODE;
break;
+ case TOK_USERNS:
+ state = USERNS_MODE;
+ break;
+ case TOK_MQUEUE:
+ state = MQUEUE_MODE;
+ break;
default: /* nothing */
break;
}
PUSH_AND_RETURN(state, token);
}
-<INITIAL,NETWORK_MODE,RLIMIT_MODE,CHANGE_PROFILE_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,ABI_MODE>{
+<INITIAL,NETWORK_MODE,RLIMIT_MODE,CHANGE_PROFILE_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,ABI_MODE,USERNS_MODE,MQUEUE_MODE,IOURING_MODE>{
{END_OF_RULE} {
if (YY_START != INITIAL)
POP_NODUMP();
@@ -738,14 +784,14 @@ include/{WS} {
}
}
-<INITIAL,SUB_ID_WS,INCLUDE,INCLUDE_EXISTS,LIST_VAL_MODE,EXTCOND_MODE,LIST_COND_VAL,LIST_COND_PAREN_VAL,LIST_COND_MODE,EXTCONDLIST_MODE,NETWORK_MODE,CHANGE_PROFILE_MODE,RLIMIT_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,ABI_MODE>{
+<INITIAL,SUB_ID_WS,INCLUDE,INCLUDE_EXISTS,LIST_VAL_MODE,EXTCOND_MODE,LIST_COND_VAL,LIST_COND_PAREN_VAL,LIST_COND_MODE,EXTCONDLIST_MODE,NETWORK_MODE,CHANGE_PROFILE_MODE,RLIMIT_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,ABI_MODE,USERNS_MODE,MQUEUE_MODE,IOURING_MODE>{
\r?\n {
DUMP_PREPROCESS;
current_lineno++;
}
}
-<INITIAL,SUB_ID,SUB_ID_WS,SUB_VALUE,LIST_VAL_MODE,EXTCOND_MODE,LIST_COND_VAL,LIST_COND_PAREN_VAL,LIST_COND_MODE,EXTCONDLIST_MODE,ASSIGN_MODE,NETWORK_MODE,CHANGE_PROFILE_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,RLIMIT_MODE,INCLUDE,INCLUDE_EXISTS,ABI_MODE>{
+<INITIAL,SUB_ID,SUB_ID_WS,SUB_VALUE,LIST_VAL_MODE,EXTCOND_MODE,LIST_COND_VAL,LIST_COND_PAREN_VAL,LIST_COND_MODE,EXTCONDLIST_MODE,ASSIGN_MODE,NETWORK_MODE,CHANGE_PROFILE_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,RLIMIT_MODE,INCLUDE,INCLUDE_EXISTS,ABI_MODE,USERNS_MODE,MQUEUE_MODE,IOURING_MODE>{
(.|\n) {
DUMP_PREPROCESS;
/* Something we didn't expect */
@@ -780,4 +826,8 @@ unordered_map<int, string> state_names = {
STATE_TABLE_ENT(INCLUDE),
STATE_TABLE_ENT(INCLUDE_EXISTS),
STATE_TABLE_ENT(ABI_MODE),
+ STATE_TABLE_ENT(USERNS_MODE),
+ STATE_TABLE_ENT(MQUEUE_MODE),
+ STATE_TABLE_ENT(IOURING_MODE),
+ STATE_TABLE_ENT(INTEGER_MODE),
};
diff --git a/parser/parser_main.c b/parser/parser_main.c
index e61456748eab65f399cef7ec77d7dfe0cdbcdbd0..a1c7d9c088f979b12fac32c3b9f672c8d27645c6 100644
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -82,6 +82,9 @@ int abort_on_error = 0; /* stop processing profiles if error */
int skip_bad_cache_rebuild = 0;
int mru_skip_cache = 1;
+bool O_rule_merge = true;
+bool D_rule_merge = false;
+
/* for jobs_max and jobs
* LONG_MAX : no limit
* LONG_MIN : auto = detect system processing cores
@@ -134,6 +137,8 @@ static const char *config_file = "/etc/apparmor/parser.conf";
#define EARLY_ARG_CONFIG_FILE 142
#define ARG_WERROR 143
#define ARG_ESTIMATED_COMPILE_SIZE 144
+#define ARG_PROMPT_COMPAT 145
+#define ARG_PRINT_PROMPT_COMPAT 146
/* Make sure to update BOTH the short and long_options */
static const char *short_options = "ad::f:h::rRVvI:b:BCD:NSm:M:qQn:XKTWkL:O:po:j:";
@@ -189,6 +194,8 @@ struct option long_options[] = {
{"override-policy-abi", 1, 0, ARG_OVERRIDE_POLICY_ABI}, /* no short option */
{"config-file", 1, 0, EARLY_ARG_CONFIG_FILE}, /* early option, no short option */
{"estimated-compile-size", 1, 0, ARG_ESTIMATED_COMPILE_SIZE}, /* no short option, not in help */
+ {"prompt-compat", 1, 0, ARG_PROMPT_COMPAT}, /* no short option */
+ {"print-prompt-compat", 1, 0, ARG_PRINT_PROMPT_COMPAT}, /* no short option */
{NULL, 0, 0, 0},
};
@@ -274,6 +281,7 @@ optflag_table_t warnflag_table[] = {
{ 0, NULL, NULL, 0 },
};
+
/* Parse comma separated cachelocations. Commas can be escaped by \, */
static int parse_cacheloc(const char *arg, const char **cacheloc, int max_size)
{
@@ -497,7 +505,7 @@ static int process_arg(int c, char *optarg)
} else if (strcmp(optarg, "Optimize") == 0 ||
strcmp(optarg, "optimize") == 0 ||
strcmp(optarg, "O") == 0) {
- flagtable_help("-O ", "", progname, optflag_table);
+ flagtable_help("-O ", "", progname, dfaoptflag_table);
} else if (strcmp(optarg, "warn") == 0) {
flagtable_help("--warn=", "", progname, warnflag_table);
} else if (strcmp(optarg, "Werror") == 0) {
@@ -568,13 +576,13 @@ static int process_arg(int c, char *optarg)
if (!optarg) {
dump_vars = 1;
} else if (strcmp(optarg, "show") == 0) {
- print_flags("dump", dumpflag_table, dfaflags);
+ print_flags("dump", dumpflag_table, parseopts.dump);
} else if (strcmp(optarg, "variables") == 0) {
dump_vars = 1;
} else if (strcmp(optarg, "expanded-variables") == 0) {
dump_expanded_vars = 1;
} else if (!handle_flag_table(dumpflag_table, optarg,
- &dfaflags)) {
+ &parseopts.dump)) {
PERROR("%s: Invalid --Dump option %s\n",
progname, optarg);
exit(1);
@@ -582,9 +590,9 @@ static int process_arg(int c, char *optarg)
break;
case 'O':
if (strcmp(optarg, "show") == 0) {
- print_flags("Optimize", optflag_table, dfaflags);
- } else if (!handle_flag_table(optflag_table, optarg,
- &dfaflags)) {
+ print_flags("Optimize", dfaoptflag_table, parseopts.control);
+ } else if (!handle_flag_table(dfaoptflag_table, optarg,
+ &parseopts.control)) {
PERROR("%s: Invalid --Optimize option %s\n",
progname, optarg);
exit(1);
@@ -665,7 +673,7 @@ static int process_arg(int c, char *optarg)
case 'q':
conf_verbose = 0;
conf_quiet = 1;
- warnflags = 0;
+ parseopts.warn = 0;
break;
case 'v':
conf_verbose = 1;
@@ -723,9 +731,9 @@ static int process_arg(int c, char *optarg)
break;
case ARG_WARN:
if (strcmp(optarg, "show") == 0) {
- print_flags("warn", warnflag_table, warnflags);
+ print_flags("warn", warnflag_table, parseopts.warn);
} else if (!handle_flag_table(warnflag_table, optarg,
- &warnflags)) {
+ &parseopts.warn)) {
PERROR("%s: Invalid --warn option %s\n",
progname, optarg);
exit(1);
@@ -733,18 +741,18 @@ static int process_arg(int c, char *optarg)
break;
case ARG_WERROR:
if (!optarg) {
- werrflags = -1;
+ parseopts.Werror = -1;
} else if (strcmp(optarg, "show") == 0) {
- print_flags("Werror", warnflag_table, werrflags);
+ print_flags("Werror", warnflag_table, parseopts.Werror);
} else if (optarg && !handle_flag_table(warnflag_table, optarg,
- &werrflags)) {
+ &parseopts.Werror)) {
PERROR("%s: Invalid --Werror option %s\n",
progname, optarg);
exit(1);
}
break;
case ARG_DEBUG_CACHE:
- warnflags |= WARN_DEBUG_CACHE;
+ parseopts.warn |= WARN_DEBUG_CACHE;
break;
case 'j':
jobs = process_jobs_arg("-j", optarg);
@@ -785,6 +793,30 @@ static int process_arg(int c, char *optarg)
estimated_job_size = tmp * mult;
}
break;
+ case ARG_PROMPT_COMPAT:
+ if (strcmp(optarg, "permsv2") == 0) {
+ prompt_compat_mode = PROMPT_COMPAT_PERMSV2;
+ } else if (strcmp(optarg, "permsv1") == 0) {
+ prompt_compat_mode = PROMPT_COMPAT_PERMSV1;
+ } else if (strcmp(optarg, "default") == 0) {
+ prompt_compat_mode = default_prompt_compat_mode();
+ } else if (strcmp(optarg, "dev") == 0) {
+ prompt_compat_mode = PROMPT_COMPAT_DEV;
+ } else if (strcmp(optarg, "ignore") == 0) {
+ prompt_compat_mode = PROMPT_COMPAT_IGNORE;
+ } else if (strcmp(optarg, "flag") == 0) {
+ prompt_compat_mode = PROMPT_COMPAT_FLAG;
+ } else {
+ PERROR("%s: Invalid --prompt-compat option '%s'\n",
+ progname, optarg);
+ exit(1);
+ }
+ break;
+ case ARG_PRINT_PROMPT_COMPAT:
+ fprintf(stderr, "Prompt compat mode: ");
+ print_prompt_compat_mode(stderr);
+ fprintf(stderr, "\n");
+ break;
default:
/* 'unrecognized option' error message gets printed by getopt_long() */
exit(1);
@@ -855,12 +887,6 @@ int have_enough_privilege(void)
uid = getuid();
euid = geteuid();
- if (uid != 0 && euid != 0) {
- PERROR(_("%s: Sorry. You need root privileges to run this program.\n\n"),
- progname);
- return EPERM;
- }
-
if (uid != 0 && euid == 0) {
PERROR(_("%s: Warning! You've set this program setuid root.\n"
"Anybody who can run this program can update "
@@ -921,6 +947,9 @@ void set_supported_features()
features_supports_networkv8 = features_intersect(kernel_features,
policy_features,
"network_v8");
+ features_supports_inet = features_intersect(kernel_features,
+ policy_features,
+ "network_v8/af_inet");
features_supports_unix = features_intersect(kernel_features,
policy_features,
"network/af_unix");
@@ -941,6 +970,27 @@ void set_supported_features()
features_supports_domain_xattr = features_intersect(kernel_features,
policy_features,
"domain/attach_conditions/xattr");
+ features_supports_userns = features_intersect(kernel_features,
+ policy_features,
+ "namespaces/mask/userns_create");
+ features_supports_posix_mqueue = features_intersect(kernel_features,
+ policy_features,
+ "ipc/posix_mqueue");
+ features_supports_sysv_mqueue = features_intersect(kernel_features,
+ policy_features,
+ "ipc/sysv_mqueue");
+ features_supports_io_uring = features_intersect(kernel_features,
+ policy_features,
+ "io_uring");
+ features_supports_flag_interruptible = features_intersect(kernel_features,
+ policy_features,
+ "policy/profile/interruptible");
+ features_supports_flag_signal = features_intersect(kernel_features,
+ policy_features,
+ "policy/profile/kill.signal");
+ features_supports_flag_error = features_intersect(kernel_features,
+ policy_features,
+ "policy/profile/error");
}
static bool do_print_cache_dir(aa_features *features, int dirfd, const char *path)
@@ -1514,6 +1564,10 @@ static bool get_kernel_features(struct aa_features **features)
"policy/set_load");
kernel_supports_diff_encode = aa_features_supports(*features,
"policy/diff_encode");
+ kernel_supports_state32 = aa_features_supports(*features,
+ "policy/state32");
+ kernel_supports_flags_table = aa_features_supports(*features,
+ "policy/flags_table");
kernel_supports_oob = aa_features_supports(*features,
"policy/outofband");
@@ -1522,9 +1576,34 @@ static bool get_kernel_features(struct aa_features **features)
else if (aa_features_supports(*features, "policy/versions/v6"))
kernel_abi_version = 6;
+ kernel_supports_promptdev = aa_features_supports(*features, "policy/perms_compatprompt");
+ kernel_supports_permstable32 = aa_features_supports(*features, "policy/permstable32");
+ if (kernel_supports_permstable32) {
+ //fprintf(stderr, "kernel supports prompt\n");
+ }
+ kernel_supports_permstable32_v1 = aa_features_supports(*features, "policy/permstable32_version/0x000001");
+ if (kernel_supports_permstable32_v1) {
+ /* permstabl32 is broken in kernels that only support v1
+ * so disable it
+ */
+ kernel_supports_permstable32 = false;
+ }
+
+ /* set default prompt_compat_mode to the best that is supported */
+ if (prompt_compat_mode == PROMPT_COMPAT_UNKNOWN) {
+ prompt_compat_mode = default_prompt_compat_mode();
+ }
if (!kernel_supports_diff_encode)
/* clear diff_encode because it is not supported */
- dfaflags &= ~DFA_CONTROL_DIFF_ENCODE;
+ parseopts.control &= ~CONTROL_DFA_DIFF_ENCODE;
+
+ if (!kernel_supports_state32)
+ parseopts.control &= ~CONTROL_DFA_STATE32;
+ if (!kernel_supports_flags_table || !kernel_supports_state32)
+ /* if only encoding 16 bit states, don't waste space on
+ * a flags table
+ */
+ parseopts.control &= ~CONTROL_DFA_FLAGS_TABLE;
return true;
}
diff --git a/parser/parser_merge.c b/parser/parser_merge.c
index 489821841000b4775d4596827d15f28d76b8fb4d..972bb9a470f54447650dcbeb8b8fa39f93315171 100644
--- a/parser/parser_merge.c
+++ b/parser/parser_merge.c
@@ -44,12 +44,18 @@ static int file_comp(const void *c1, const void *c2)
return res;
if ((*e1)->link_name)
- res = (*e2)->subset - (*e1)->subset;
+ res = ((int) (*e2)->subset) - ((int) (*e1)->subset);
if (res)
return res;
- if ((*e1)->deny != (*e2)->deny)
- return (*e1)->deny < (*e2)->deny ? -1 : 1;
+ if ((*e1)->rule_mode != (*e2)->rule_mode)
+ return (*e1)->rule_mode < (*e2)->rule_mode ? -1 : 1;
+
+ if ((*e1)->audit != (*e2)->audit)
+ return (*e1)->audit < (*e2)->audit ? -1 : 1;
+
+ if ((*e1)->priority != (*e2)->priority)
+ return (*e2)->priority - (*e1)->priority;
return strcmp((*e1)->name, (*e2)->name);
}
@@ -69,7 +75,7 @@ static int process_file_entries(Profile *prof)
table = (struct cod_entry **) malloc(sizeof(struct cod_entry *) * (count + 1));
if (!table) {
PERROR(_("Couldn't merge entries. Out of Memory\n"));
- return ENOMEM;
+ return -ENOMEM;
}
for (cur = prof->entries, n = 0; cur; cur = cur->next, n++)
@@ -81,6 +87,7 @@ static int process_file_entries(Profile *prof)
prof->entries = table[0];
free(table);
+ count = 0;
/* walk the sorted table merging similar entries */
for (cur = prof->entries, next = cur->next; next; next = cur->next) {
if (file_comp(&cur, &next) != 0) {
@@ -89,23 +96,34 @@ static int process_file_entries(Profile *prof)
}
/* check for merged x consistency */
- if (!is_merged_x_consistent(cur->mode, next->mode)) {
+ if (!is_merged_x_consistent(cur->perms, next->perms)) {
PERROR(_("profile %s: has merged rule %s with conflicting x modifiers\n"),
prof->name, cur->name);
return -1;
}
- cur->mode |= next->mode;
- cur->audit |= next->audit;
+ cur->perms |= next->perms;
cur->next = next->next;
next->next = NULL;
free_cod_entries(next);
+ count++;
}
- return 0;
+ return count;
}
int profile_merge_rules(Profile *prof)
{
- return process_file_entries(prof);
+ if (!(parseopts.control & CONTROL_RULE_MERGE))
+ return 0;
+
+ int res, tmp = process_file_entries(prof);
+ if (tmp < 0)
+ return -tmp;
+ res = prof->merge_rules();
+ if (res < 0)
+ return -res;
+ if (parseopts.dump & DUMP_RULE_MERGE)
+ fprintf(stderr, "RULE MERGE: deleted %d file rules, %d rules\n", tmp, res);
+ return 0;
}
diff --git a/parser/parser_misc.c b/parser/parser_misc.c
index 6b6b334b5b5eb0fb16777d938013c7c1bbfc1742..b55a433e469a6210d6aed24a1a5a0554d5127571 100644
--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@@ -34,6 +34,8 @@
#include <sys/apparmor.h>
#include <sys/apparmor_private.h>
+#include <algorithm>
+
#include "capability.h"
#include "lib.h"
#include "parser.h"
@@ -95,6 +97,7 @@ static struct keyword_table keyword_table[] = {
{"audit", TOK_AUDIT},
{"deny", TOK_DENY},
{"allow", TOK_ALLOW},
+ {"prompt", TOK_PROMPT},
{"set", TOK_SET},
{"rlimit", TOK_RLIMIT},
{"alias", TOK_ALIAS},
@@ -120,7 +123,15 @@ static struct keyword_table keyword_table[] = {
{"tracedby", TOK_TRACEDBY},
{"readby", TOK_READBY},
{"abi", TOK_ABI},
-
+ {"userns", TOK_USERNS},
+ {"mqueue", TOK_MQUEUE},
+ {"delete", TOK_DELETE},
+ {"open", TOK_OPEN},
+ {"io_uring", TOK_IO_URING},
+ {"override_creds", TOK_OVERRIDE_CREDS},
+ {"sqpoll", TOK_SQPOLL},
+ {"all", TOK_ALL},
+ {"priority", TOK_PRIORITY},
/* terminate */
{NULL, 0}
};
@@ -264,6 +275,25 @@ static const char *strn_token(const char *str, size_t &len)
return start;
}
+int null_strcmp(const char *s1, const char *s2)
+{
+ if (s1) {
+ if (s2)
+ return strcmp(s1, s2);
+ return 1;
+ } else if (s2) {
+ return -1;
+ }
+
+ // both null
+ return 0;
+}
+
+bool strcomp (const char *lhs, const char *rhs)
+{
+ return null_strcmp(lhs, rhs) < 0;
+}
+
/*
* Returns: -1: error
* 0: no change - capability already in table
@@ -536,139 +566,139 @@ void warn_uppercase(void)
}
}
-static int parse_sub_mode(const char *str_mode, const char *mode_desc unused)
+static perm32_t parse_sub_perms(const char *str_perms, const char *perms_desc unused)
{
-#define IS_DIFF_QUAL(mode, q) (((mode) & AA_MAY_EXEC) && (((mode) & AA_EXEC_TYPE) != ((q) & AA_EXEC_TYPE)))
+#define IS_DIFF_QUAL(perms, q) (((perms) & AA_MAY_EXEC) && (((perms) & AA_EXEC_TYPE) != ((q) & AA_EXEC_TYPE)))
- int mode = 0;
+ perm32_t perms = 0;
const char *p;
- PDEBUG("Parsing mode: %s\n", str_mode);
+ PDEBUG("Parsing perms: %s\n", str_perms);
- if (!str_mode)
+ if (!str_perms)
return 0;
- p = str_mode;
+ p = str_perms;
while (*p) {
char thisc = *p;
char next = *(p + 1);
char lower;
- int tmode = 0;
+ perm32_t tperms = 0;
reeval:
switch (thisc) {
case COD_READ_CHAR:
if (read_implies_exec) {
- PDEBUG("Parsing mode: found %s READ imply X\n", mode_desc);
- mode |= AA_MAY_READ | AA_OLD_EXEC_MMAP;
+ PDEBUG("Parsing perms: found %s READ imply X\n", perms_desc);
+ perms |= AA_MAY_READ | AA_OLD_EXEC_MMAP;
} else {
- PDEBUG("Parsing mode: found %s READ\n", mode_desc);
- mode |= AA_MAY_READ;
+ PDEBUG("Parsing perms: found %s READ\n", perms_desc);
+ perms |= AA_MAY_READ;
}
break;
case COD_WRITE_CHAR:
- PDEBUG("Parsing mode: found %s WRITE\n", mode_desc);
- if ((mode & AA_MAY_APPEND) && !(mode & AA_MAY_WRITE))
+ PDEBUG("Parsing perms: found %s WRITE\n", perms_desc);
+ if ((perms & AA_MAY_APPEND) && !(perms & AA_MAY_WRITE))
yyerror(_("Conflict 'a' and 'w' perms are mutually exclusive."));
- mode |= AA_MAY_WRITE | AA_MAY_APPEND;
+ perms |= AA_MAY_WRITE | AA_MAY_APPEND;
break;
case COD_APPEND_CHAR:
- PDEBUG("Parsing mode: found %s APPEND\n", mode_desc);
- if (mode & AA_MAY_WRITE)
+ PDEBUG("Parsing perms: found %s APPEND\n", perms_desc);
+ if (perms & AA_MAY_WRITE)
yyerror(_("Conflict 'a' and 'w' perms are mutually exclusive."));
- mode |= AA_MAY_APPEND;
+ perms |= AA_MAY_APPEND;
break;
case COD_LINK_CHAR:
- PDEBUG("Parsing mode: found %s LINK\n", mode_desc);
- mode |= AA_OLD_MAY_LINK;
+ PDEBUG("Parsing perms: found %s LINK\n", perms_desc);
+ perms |= AA_OLD_MAY_LINK;
break;
case COD_LOCK_CHAR:
- PDEBUG("Parsing mode: found %s LOCK\n", mode_desc);
- mode |= AA_OLD_MAY_LOCK;
+ PDEBUG("Parsing perms: found %s LOCK\n", perms_desc);
+ perms |= AA_OLD_MAY_LOCK;
break;
case COD_INHERIT_CHAR:
- PDEBUG("Parsing mode: found INHERIT\n");
- if (mode & AA_EXEC_MODIFIERS) {
+ PDEBUG("Parsing perms: found INHERIT\n");
+ if (perms & AA_EXEC_MODIFIERS) {
yyerror(_("Exec qualifier 'i' invalid, conflicting qualifier already specified"));
} else {
if (next != tolower(next))
warn_uppercase();
- mode |= (AA_EXEC_INHERIT | AA_MAY_EXEC);
+ perms |= (AA_EXEC_INHERIT | AA_MAY_EXEC);
p++; /* skip 'x' */
}
break;
case COD_UNSAFE_UNCONFINED_CHAR:
- tmode = AA_EXEC_UNSAFE;
+ tperms = AA_EXEC_UNSAFE;
pwarn(WARN_DANGEROUS, _("Unconfined exec qualifier (%c%c) allows some dangerous environment variables "
"to be passed to the unconfined process; 'man 5 apparmor.d' for details.\n"),
COD_UNSAFE_UNCONFINED_CHAR, COD_EXEC_CHAR);
/* fall through */
case COD_UNCONFINED_CHAR:
- tmode |= AA_EXEC_UNCONFINED | AA_MAY_EXEC;
- PDEBUG("Parsing mode: found UNCONFINED\n");
- if (IS_DIFF_QUAL(mode, tmode)) {
+ tperms |= AA_EXEC_UNCONFINED | AA_MAY_EXEC;
+ PDEBUG("Parsing perms: found UNCONFINED\n");
+ if (IS_DIFF_QUAL(perms, tperms)) {
yyerror(_("Exec qualifier '%c' invalid, conflicting qualifier already specified"),
thisc);
} else {
if (next != tolower(next))
warn_uppercase();
- mode |= tmode;
+ perms |= tperms;
p++; /* skip 'x' */
}
- tmode = 0;
+ tperms = 0;
break;
case COD_UNSAFE_PROFILE_CHAR:
case COD_UNSAFE_LOCAL_CHAR:
- tmode = AA_EXEC_UNSAFE;
+ tperms = AA_EXEC_UNSAFE;
/* fall through */
case COD_PROFILE_CHAR:
case COD_LOCAL_CHAR:
if (tolower(thisc) == COD_UNSAFE_PROFILE_CHAR)
- tmode |= AA_EXEC_PROFILE | AA_MAY_EXEC;
+ tperms |= AA_EXEC_PROFILE | AA_MAY_EXEC;
else
{
- tmode |= AA_EXEC_LOCAL | AA_MAY_EXEC;
+ tperms |= AA_EXEC_LOCAL | AA_MAY_EXEC;
}
- PDEBUG("Parsing mode: found PROFILE\n");
+ PDEBUG("Parsing perms: found PROFILE\n");
if (tolower(next) == COD_INHERIT_CHAR) {
- tmode |= AA_EXEC_INHERIT;
- if (IS_DIFF_QUAL(mode, tmode)) {
+ tperms |= AA_EXEC_INHERIT;
+ if (IS_DIFF_QUAL(perms, tperms)) {
yyerror(_("Exec qualifier '%c%c' invalid, conflicting qualifier already specified"), thisc, next);
} else {
- mode |= tmode;
+ perms |= tperms;
p += 2; /* skip x */
}
} else if (tolower(next) == COD_UNSAFE_UNCONFINED_CHAR) {
- tmode |= AA_EXEC_PUX;
- if (IS_DIFF_QUAL(mode, tmode)) {
+ tperms |= AA_EXEC_PUX;
+ if (IS_DIFF_QUAL(perms, tperms)) {
yyerror(_("Exec qualifier '%c%c' invalid, conflicting qualifier already specified"), thisc, next);
} else {
- mode |= tmode;
+ perms |= tperms;
p += 2; /* skip x */
}
- } else if (IS_DIFF_QUAL(mode, tmode)) {
+ } else if (IS_DIFF_QUAL(perms, tperms)) {
yyerror(_("Exec qualifier '%c' invalid, conflicting qualifier already specified"), thisc);
} else {
if (next != tolower(next))
warn_uppercase();
- mode |= tmode;
+ perms |= tperms;
p++; /* skip 'x' */
}
- tmode = 0;
+ tperms = 0;
break;
case COD_MMAP_CHAR:
- PDEBUG("Parsing mode: found %s MMAP\n", mode_desc);
- mode |= AA_OLD_EXEC_MMAP;
+ PDEBUG("Parsing perms: found %s MMAP\n", perms_desc);
+ perms |= AA_OLD_EXEC_MMAP;
break;
case COD_EXEC_CHAR:
@@ -676,7 +706,7 @@ reeval:
* but invalid for regular x transitions
* sort it out later.
*/
- mode |= AA_MAY_EXEC;
+ perms |= AA_MAY_EXEC;
break;
/* error cases */
@@ -691,13 +721,13 @@ reeval:
case COD_INHERIT_CHAR:
case COD_MMAP_CHAR:
case COD_EXEC_CHAR:
- PDEBUG("Parsing mode: found invalid upper case char %c\n", thisc);
+ PDEBUG("Parsing perms: found invalid upper case char %c\n", thisc);
warn_uppercase();
thisc = lower;
goto reeval;
break;
default:
- yyerror(_("Internal: unexpected mode character '%c' in input"),
+ yyerror(_("Internal: unexpected perms character '%c' in input"),
thisc);
break;
}
@@ -707,33 +737,33 @@ reeval:
p++;
}
- PDEBUG("Parsed mode: %s 0x%x\n", str_mode, mode);
+ PDEBUG("Parsed perms: %s 0x%x\n", str_perms, perms);
- return mode;
+ return perms;
}
-int parse_mode(const char *str_mode)
+perm32_t parse_perms(const char *str_perms)
{
- int tmp, mode = 0;
- tmp = parse_sub_mode(str_mode, "");
- mode = SHIFT_MODE(tmp, AA_USER_SHIFT);
- mode |= SHIFT_MODE(tmp, AA_OTHER_SHIFT);
- if (mode & ~AA_VALID_PERMS)
- yyerror(_("Internal error generated invalid perm 0x%llx\n"), mode);
- return mode;
+ perm32_t tmp, perms = 0;
+ tmp = parse_sub_perms(str_perms, "");
+ perms = SHIFT_PERMS(tmp, AA_USER_SHIFT);
+ perms |= SHIFT_PERMS(tmp, AA_OTHER_SHIFT);
+ if (perms & ~AA_VALID_PERMS)
+ yyerror(_("Internal error generated invalid perm 0x%llx\n"), perms);
+ return perms;
}
-static int parse_X_sub_mode(const char *X, const char *str_mode, int *result, int fail, const char *mode_desc unused)
+static int parse_X_sub_perms(const char *X, const char *str_perms, perm32_t *result, int fail, const char *perms_desc unused)
{
- int mode = 0;
+ perm32_t perms = 0;
const char *p;
- PDEBUG("Parsing %s mode: %s\n", X, str_mode);
+ PDEBUG("Parsing %s perms: %s\n", X, str_perms);
- if (!str_mode)
+ if (!str_perms)
return 0;
- p = str_mode;
+ p = str_perms;
while (*p) {
char current = *p;
char lower;
@@ -741,14 +771,14 @@ static int parse_X_sub_mode(const char *X, const char *str_mode, int *result, in
reeval:
switch (current) {
case COD_READ_CHAR:
- PDEBUG("Parsing %s mode: found %s READ\n", X, mode_desc);
- mode |= AA_DBUS_RECEIVE;
+ PDEBUG("Parsing %s perms: found %s READ\n", X, perms_desc);
+ perms |= AA_DBUS_RECEIVE;
break;
case COD_WRITE_CHAR:
- PDEBUG("Parsing %s mode: found %s WRITE\n", X,
- mode_desc);
- mode |= AA_DBUS_SEND;
+ PDEBUG("Parsing %s perms: found %s WRITE\n", X,
+ perms_desc);
+ perms |= AA_DBUS_SEND;
break;
/* error cases */
@@ -758,7 +788,7 @@ reeval:
switch (lower) {
case COD_READ_CHAR:
case COD_WRITE_CHAR:
- PDEBUG("Parsing %s mode: found invalid upper case char %c\n",
+ PDEBUG("Parsing %s perms: found invalid upper case char %c\n",
X, current);
warn_uppercase();
current = lower;
@@ -766,7 +796,7 @@ reeval:
break;
default:
if (fail)
- yyerror(_("Internal: unexpected %s mode character '%c' in input"),
+ yyerror(_("Internal: unexpected %s perms character '%c' in input"),
X, current);
else
return 0;
@@ -777,21 +807,21 @@ reeval:
p++;
}
- PDEBUG("Parsed %s mode: %s 0x%x\n", X, str_mode, mode);
+ PDEBUG("Parsed %s perms: %s 0x%x\n", X, str_perms, perms);
- *result = mode;
+ *result = perms;
return 1;
}
-int parse_X_mode(const char *X, int valid, const char *str_mode, int *mode, int fail)
+int parse_X_perms(const char *X, int valid, const char *str_perms, perm32_t *perms, int fail)
{
- *mode = 0;
- if (!parse_X_sub_mode(X, str_mode, mode, fail, ""))
+ *perms = 0;
+ if (!parse_X_sub_perms(X, str_perms, perms, fail, ""))
return 0;
- if (*mode & ~valid) {
+ if (*perms & ~valid) {
if (fail)
yyerror(_("Internal error generated invalid %s perm 0x%x\n"),
- X, mode);
+ X, perms);
else
return 0;
}
@@ -946,7 +976,7 @@ alloc_fail:
return false;
}
-struct cod_entry *new_entry(char *id, int mode, char *link_id)
+struct cod_entry *new_entry(char *id, perm32_t perms, char *link_id)
{
struct cod_entry *entry = NULL;
@@ -954,11 +984,12 @@ struct cod_entry *new_entry(char *id, int mode, char *link_id)
if (!entry)
return NULL;
+ entry->priority = 0;
entry->name = id;
entry->link_name = link_id;
- entry->mode = mode;
- entry->audit = 0;
- entry->deny = FALSE;
+ entry->perms = perms;
+ entry->audit = AUDIT_UNSPECIFIED;
+ entry->rule_mode = RULE_UNSPECIFIED;
entry->pattern_type = ePatternInvalid;
entry->pat.regex = NULL;
@@ -980,9 +1011,10 @@ struct cod_entry *copy_cod_entry(struct cod_entry *orig)
DUP_STRING(orig, entry, name, err);
DUP_STRING(orig, entry, link_name, err);
DUP_STRING(orig, entry, nt_name, err);
- entry->mode = orig->mode;
+ entry->priority = orig->priority;
+ entry->perms = orig->perms;
entry->audit = orig->audit;
- entry->deny = orig->deny;
+ entry->rule_mode = orig->rule_mode;
/* XXX - need to create copies of the patterns, too */
entry->pattern_type = orig->pattern_type;
@@ -1039,25 +1071,114 @@ void debug_cod_entries(struct cod_entry *list)
printf("--- Entries ---\n");
list_for_each(list, item) {
- printf("Mode:\t");
- if (HAS_CHANGE_PROFILE(item->mode))
+ printf("Perms:\t");
+ if (HAS_CHANGE_PROFILE(item->perms))
printf(" change_profile");
- if (HAS_EXEC_UNSAFE(item->mode))
+ if (HAS_EXEC_UNSAFE(item->perms))
printf(" unsafe");
- debug_base_perm_mask(SHIFT_TO_BASE(item->mode, AA_USER_SHIFT));
+ debug_base_perm_mask(SHIFT_TO_BASE(item->perms, AA_USER_SHIFT));
printf(":");
- debug_base_perm_mask(SHIFT_TO_BASE(item->mode, AA_OTHER_SHIFT));
+ debug_base_perm_mask(SHIFT_TO_BASE(item->perms, AA_OTHER_SHIFT));
+
+ printf(" priority=%d ", item->priority);
if (item->name)
printf("\tName:\t(%s)\n", item->name);
else
printf("\tName:\tNULL\n");
- if (AA_LINK_BITS & item->mode)
+ if (AA_LINK_BITS & item->perms)
printf("\tlink:\t(%s)\n", item->link_name ? item->link_name : "/**");
}
}
+bool check_x_qualifier(struct cod_entry *entry, const char *&error)
+{
+ if (entry->perms & AA_EXEC_BITS) {
+ if ((entry->rule_mode == RULE_DENY) &&
+ (entry->perms & ALL_AA_EXEC_TYPE)) {
+ error = _("Invalid perms, in deny rules 'x' must not be preceded by exec qualifier 'i', 'p', or 'u'");
+ return false;
+ } else if ((entry->rule_mode != RULE_DENY) &&
+ !(entry->perms & ALL_AA_EXEC_TYPE)) {
+ error = _("Invalid perms, 'x' must be preceded by exec qualifier 'i', 'p', or 'u'");
+ return false;
+ }
+ }
+ return true;
+}
+
+// cod_entry version of ->add_prefix here just as file rules aren't converted yet
+bool entry_add_prefix(struct cod_entry *entry, const prefixes &p, const char *&error)
+{
+ /* modifiers aren't correctly stored for cod_entries yet so
+ * we can't conflict on them easily. Leave that until conversion
+ * to rule_t
+ */
+ /* apply rule mode */
+ entry->rule_mode = p.rule_mode;
+
+ /* apply owner/other */
+ if (p.owner == 1)
+ entry->perms &= (AA_USER_PERMS | AA_SHARED_PERMS);
+ else if (p.owner == 2)
+ entry->perms &= (AA_OTHER_PERMS | AA_SHARED_PERMS);
+
+ entry->priority = p.priority;
+
+ /* implied audit modifier */
+ if (p.audit == AUDIT_FORCE && (entry->rule_mode != RULE_DENY))
+ entry->audit = AUDIT_FORCE;
+ else if (p.audit != AUDIT_FORCE && (entry->rule_mode == RULE_DENY))
+ entry->audit = AUDIT_FORCE;
+
+ return check_x_qualifier(entry, error);
+}
+
+// these need to move to stl
+int ordered_cmp_value_list(value_list *lhs, value_list *rhs)
+{
+ std::vector<const char *> lhstable;
+ std::vector<const char *> rhstable;
+
+ struct value_list *entry;
+ list_for_each(lhs, entry) {
+ lhstable.push_back(entry->value);
+ }
+ list_for_each(rhs, entry) {
+ rhstable.push_back(entry->value);
+ }
+
+ int res = lhstable.size() - rhstable.size();
+ if (res)
+ return res;
+
+ std::sort(lhstable.begin(), lhstable.end(), strcomp);
+ std::sort(rhstable.begin(), rhstable.end(), strcomp);
+
+ for (unsigned long i = 0; i < lhstable.size(); i++) {
+ res = null_strcmp(lhstable[i], rhstable[i]);
+ if (res)
+ return res;
+ }
+
+ return 0;
+}
+
+int cmp_value_list(value_list *lhs, value_list *rhs)
+{
+ if (lhs) {
+ if (rhs) {
+ return ordered_cmp_value_list(lhs, rhs);
+ }
+ return 1;
+ } else if (rhs) {
+ return -1;
+ }
+
+ return 0;
+}
+
struct value_list *new_value_list(char *value)
{
struct value_list *val = (struct value_list *) calloc(1, sizeof(struct value_list));
diff --git a/parser/parser_policy.c b/parser/parser_policy.c
index f18d0a13c1c81dba886d2c45a24fd9b128e65bf0..facb1d173ab2bebdff2e69cc76e3eb0ad4535172 100644
--- a/parser/parser_policy.c
+++ b/parser/parser_policy.c
@@ -33,6 +33,7 @@
#include "parser.h"
#include "profile.h"
#include "parser_yacc.h"
+#include "network.h"
/* #define DEBUG */
#ifdef DEBUG
@@ -70,188 +71,6 @@ void add_hat_to_policy(Profile *prof, Profile *hat)
}
}
-int add_entry_to_x_table(Profile *prof, char *name)
-{
- int i;
- for (i = (AA_EXEC_LOCAL >> 10) + 1; i < AA_EXEC_COUNT; i++) {
- if (!prof->exec_table[i]) {
- prof->exec_table[i] = name;
- return i;
- } else if (strcmp(prof->exec_table[i], name) == 0) {
- /* name already in table */
- free(name);
- return i;
- }
- }
- free(name);
- return 0;
-}
-
-static int add_named_transition(Profile *prof, struct cod_entry *entry)
-{
- char *name = NULL;
-
- /* check to see if it is a local transition */
- if (!label_contains_ns(entry->nt_name)) {
- char *sub = strstr(entry->nt_name, "//");
- /* does the subprofile name match the rule */
-
- if (sub && strncmp(prof->name, sub, sub - entry->nt_name) &&
- strcmp(sub + 2, entry->name) == 0) {
- free(entry->nt_name);
- entry->nt_name = NULL;
- return AA_EXEC_LOCAL >> 10;
- } else if (((entry->mode & AA_USER_EXEC_MODIFIERS) ==
- SHIFT_MODE(AA_EXEC_LOCAL, AA_USER_SHIFT)) ||
- ((entry->mode & AA_OTHER_EXEC_MODIFIERS) ==
- SHIFT_MODE(AA_EXEC_LOCAL, AA_OTHER_SHIFT))) {
- if (strcmp(entry->nt_name, entry->name) == 0) {
- free(entry->nt_name);
- entry->nt_name = NULL;
- return AA_EXEC_LOCAL >> 10;
- }
- /* specified as cix so profile name is implicit */
- name = (char *) malloc(strlen(prof->name) + strlen(entry->nt_name)
- + 3);
- if (!name) {
- PERROR("Memory allocation error\n");
- exit(1);
- }
- sprintf(name, "%s//%s", prof->name, entry->nt_name);
- free(entry->nt_name);
- entry->nt_name = NULL;
- } else {
- /**
- * pass control of the memory pointed to by nt_name
- * from entry to add_entry_to_x_table()
- */
- name = entry->nt_name;
- entry->nt_name = NULL;
- }
- } else {
- /**
- * pass control of the memory pointed to by nt_name
- * from entry to add_entry_to_x_table()
- */
- name = entry->nt_name;
- entry->nt_name = NULL;
- }
-
- return add_entry_to_x_table(prof, name);
-}
-
-void add_entry_to_policy(Profile *prof, struct cod_entry *entry)
-{
- entry->next = prof->entries;
- prof->entries = entry;
-}
-
-static bool add_proc_access(Profile *prof, const char *rule)
-{
- /* FIXME: should use @{PROC}/@{PID}/attr/{apparmor/,}{current,exec} */
- struct cod_entry *new_ent;
- /* allow probe for new interfaces */
- char *buffer = strdup("/proc/*/attr/apparmor/");
- if (!buffer) {
- PERROR("Memory allocation error\n");
- return FALSE;
- }
- new_ent = new_entry(buffer, AA_MAY_READ, NULL);
- if (!new_ent) {
- free(buffer);
- PERROR("Memory allocation error\n");
- return FALSE;
- }
- add_entry_to_policy(prof, new_ent);
-
- /* allow probe if apparmor is enabled for the old interface */
- buffer = strdup("/sys/module/apparmor/parameters/enabled");
- if (!buffer) {
- PERROR("Memory allocation error\n");
- return FALSE;
- }
- new_ent = new_entry(buffer, AA_MAY_READ, NULL);
- if (!new_ent) {
- free(buffer);
- PERROR("Memory allocation error\n");
- return FALSE;
- }
- add_entry_to_policy(prof, new_ent);
-
- /* allow setting on new and old interfaces */
- buffer = strdup(rule);
- if (!buffer) {
- PERROR("Memory allocation error\n");
- return FALSE;
- }
- new_ent = new_entry(buffer, AA_MAY_WRITE, NULL);
- if (!new_ent) {
- free(buffer);
- PERROR("Memory allocation error\n");
- return FALSE;
- }
- add_entry_to_policy(prof, new_ent);
-
- return TRUE;
-}
-
-#define CHANGEPROFILE_PATH "/proc/*/attr/{apparmor/,}{current,exec}"
-void post_process_file_entries(Profile *prof)
-{
- struct cod_entry *entry;
- int cp_mode = 0;
-
- list_for_each(prof->entries, entry) {
- if (entry->nt_name) {
- int mode = 0;
- int n = add_named_transition(prof, entry);
- if (!n) {
- PERROR("Profile %s has too many specified profile transitions.\n", prof->name);
- exit(1);
- }
- if (entry->mode & AA_USER_EXEC)
- mode |= SHIFT_MODE(n << 10, AA_USER_SHIFT);
- if (entry->mode & AA_OTHER_EXEC)
- mode |= SHIFT_MODE(n << 10, AA_OTHER_SHIFT);
- entry->mode = ((entry->mode & ~AA_ALL_EXEC_MODIFIERS) |
- (mode & AA_ALL_EXEC_MODIFIERS));
- }
- /* FIXME: currently change_profile also implies onexec */
- cp_mode |= entry->mode & (AA_CHANGE_PROFILE);
- }
-
- /* if there are change_profile rules, this implies that we need
- * access to some /proc/ interfaces
- */
- if (cp_mode & AA_CHANGE_PROFILE) {
- if (!add_proc_access(prof, CHANGEPROFILE_PATH))
- exit(1);
- }
-}
-
-void post_process_rule_entries(Profile *prof)
-{
- for (RuleList::iterator i = prof->rule_ents.begin(); i != prof->rule_ents.end(); i++)
- (*i)->post_process(*prof);
-}
-
-
-#define CHANGEHAT_PATH "/proc/[0-9]*/attr/{apparmor/,}current"
-
-/* add file rules to access /proc files to call change_hat()
- */
-static int profile_add_hat_rules(Profile *prof)
-{
- /* don't add hat rules if not hat or profile doesn't have hats */
- if (!prof->flags.hat && prof->hat_table.empty())
- return 0;
-
- if (!add_proc_access(prof, CHANGEHAT_PATH))
- return ENOMEM;
-
- return 0;
-}
-
int load_policy_list(ProfileList &list, int option,
aa_kernel_interface *kernel_interface, int cache_fd)
{
@@ -392,12 +211,7 @@ int post_process_profile(Profile *profile, int debug_only)
{
int error = 0;
- error = profile_add_hat_rules(profile);
- if (error) {
- PERROR(_("ERROR adding hat access rule for profile %s\n"),
- profile->name);
- return error;
- }
+ profile->add_implied_rules();
error = process_profile_variables(profile);
if (error) {
@@ -426,6 +240,13 @@ int post_process_profile(Profile *profile, int debug_only)
}
error = post_process_policy_list(profile->hat_table, debug_only);
+
+ if (prompt_compat_mode == PROMPT_COMPAT_DEV && profile->uses_prompt_rules)
+ profile->flags.flags |= FLAG_PROMPT_COMPAT;
+
+ else if (prompt_compat_mode == PROMPT_COMPAT_FLAG && profile->uses_prompt_rules)
+ profile->flags.mode = MODE_PROMPT;
+
return error;
}
diff --git a/parser/parser_regex.c b/parser/parser_regex.c
index 200c94767cc14b996051cd10b61e5bcc875ef512..e4d6e012dc58612a62b1c38d63a84469b7265a6b 100644
--- a/parser/parser_regex.c
+++ b/parser/parser_regex.c
@@ -28,7 +28,7 @@
/* #define DEBUG */
-
+#include "common_optarg.h"
#include "lib.h"
#include "parser.h"
#include "profile.h"
@@ -128,7 +128,7 @@ pattern_t convert_aaregex_to_pcre(const char *aare, int anchor, int glob,
sptr = aare;
- if (dfaflags & DFA_DUMP_RULE_EXPR)
+ if (parseopts.dump & DUMP_DFA_RULE_EXPR)
fprintf(stderr, "aare: %s -> ", aare);
if (anchor)
@@ -427,7 +427,7 @@ out:
if (ret == FALSE)
ptype = ePatternInvalid;
- if (dfaflags & DFA_DUMP_RULE_EXPR)
+ if (parseopts.dump & DUMP_DFA_RULE_EXPR)
fprintf(stderr, "%s\n", pcre.c_str());
return ptype;
@@ -507,7 +507,8 @@ static int process_profile_name_xmatch(Profile *prof)
aare_rules *rules = new aare_rules();
if (!rules)
return FALSE;
- if (!rules->add_rule(tbuf.c_str(), 0, AA_MAY_EXEC, 0, dfaflags)) {
+ if (!rules->add_rule(tbuf.c_str(), 0, RULE_ALLOW,
+ AA_MAY_EXEC, 0, parseopts)) {
delete rules;
return FALSE;
}
@@ -520,7 +521,9 @@ static int process_profile_name_xmatch(Profile *prof)
ptype = convert_aaregex_to_pcre(alt->name, 0,
glob_default,
tbuf, &len);
- if (!rules->add_rule(tbuf.c_str(), 0, AA_MAY_EXEC, 0, dfaflags)) {
+ if (!rules->add_rule(tbuf.c_str(), 0,
+ RULE_ALLOW, AA_MAY_EXEC,
+ 0, parseopts)) {
delete rules;
return FALSE;
}
@@ -562,14 +565,20 @@ static int process_profile_name_xmatch(Profile *prof)
convert_aaregex_to_pcre(xattr_value, 0,
glob_null, tbuf,
&len);
- if (!rules->append_rule(tbuf.c_str(), true, true, dfaflags)) {
+ if (!rules->append_rule(tbuf.c_str(), true, true, parseopts)) {
delete rules;
return FALSE;
}
}
}
build:
- prof->xmatch = rules->create_dfa(&prof->xmatch_size, &prof->xmatch_len, dfaflags, true);
+ /* xmatch doesn't use file dfa exec mode bits NOT the owner
+ * conditional and for just MAY_EXEC can be processed as
+ * none file perms
+ *
+ * we don't need to build xmatch for permstable32, so don't
+ */
+ prof->xmatch = rules->create_dfablob(&prof->xmatch_size, &prof->xmatch_len, prof->xmatch_perms_table, parseopts, false, false, false);
delete rules;
if (!prof->xmatch)
return FALSE;
@@ -580,7 +589,7 @@ build:
static int warn_change_profile = 1;
-static bool is_change_profile_mode(int mode)
+static bool is_change_profile_perms(perm32_t perms)
{
/**
* A change_profile entry will have the AA_CHANGE_PROFILE bit set.
@@ -588,13 +597,13 @@ static bool is_change_profile_mode(int mode)
* set by the frontend parser. That means that it is incorrect to
* identify change_profile modes using a test like this:
*
- * (mode & ~AA_CHANGE_PROFILE)
+ * (perms & ~AA_CHANGE_PROFILE)
*
* The above test would incorrectly return true on a
* change_profile mode that has the
* (AA_EXEC_BITS | ALL_AA_EXEC_UNSAFE) bits set.
*/
- return mode & AA_CHANGE_PROFILE;
+ return perms & AA_CHANGE_PROFILE;
}
static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
@@ -607,7 +616,7 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
return TRUE;
- if (!is_change_profile_mode(entry->mode))
+ if (!is_change_profile_perms(entry->perms))
filter_slashes(entry->name);
ptype = convert_aaregex_to_pcre(entry->name, 0, glob_default, tbuf, &pos);
if (ptype == ePatternInvalid)
@@ -618,10 +627,10 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
/* ix implies m but the apparmor module does not add m bit to
* dfa states like it does for pcre
*/
- if ((entry->mode >> AA_OTHER_SHIFT) & AA_EXEC_INHERIT)
- entry->mode |= AA_OLD_EXEC_MMAP << AA_OTHER_SHIFT;
- if ((entry->mode >> AA_USER_SHIFT) & AA_EXEC_INHERIT)
- entry->mode |= AA_OLD_EXEC_MMAP << AA_USER_SHIFT;
+ if ((entry->perms >> AA_OTHER_SHIFT) & AA_EXEC_INHERIT)
+ entry->perms |= AA_OLD_EXEC_MMAP << AA_OTHER_SHIFT;
+ if ((entry->perms >> AA_USER_SHIFT) & AA_EXEC_INHERIT)
+ entry->perms |= AA_OLD_EXEC_MMAP << AA_USER_SHIFT;
/* the link bit on the first pair entry should not get masked
* out by a deny rule, as both pieces of the link pair must
@@ -632,24 +641,27 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
* than link in the entry.
* TODO: split link and change_profile entries earlier
*/
- if (entry->deny) {
- if ((entry->mode & ~AA_LINK_BITS) &&
- !is_change_profile_mode(entry->mode) &&
- !dfarules->add_rule(tbuf.c_str(), entry->deny,
- entry->mode & ~(AA_LINK_BITS | AA_CHANGE_PROFILE),
- entry->audit & ~(AA_LINK_BITS | AA_CHANGE_PROFILE),
- dfaflags))
+ if (entry->rule_mode == RULE_DENY) {
+ if ((entry->perms & ~AA_LINK_BITS) &&
+ !is_change_profile_perms(entry->perms) &&
+ !dfarules->add_rule(tbuf.c_str(), entry->priority,
+ entry->rule_mode,
+ entry->perms & ~(AA_LINK_BITS | AA_CHANGE_PROFILE),
+ entry->audit == AUDIT_FORCE ? entry->perms & ~(AA_LINK_BITS | AA_CHANGE_PROFILE) : 0,
+ parseopts))
return FALSE;
- } else if (!is_change_profile_mode(entry->mode)) {
- if (!dfarules->add_rule(tbuf.c_str(), entry->deny, entry->mode,
- entry->audit, dfaflags))
+ } else if (!is_change_profile_perms(entry->perms)) {
+ if (!dfarules->add_rule(tbuf.c_str(), entry->priority,
+ entry->rule_mode, entry->perms,
+ entry->audit == AUDIT_FORCE ? entry->perms : 0,
+ parseopts))
return FALSE;
}
- if (entry->mode & (AA_LINK_BITS)) {
+ if (entry->perms & (AA_LINK_BITS)) {
/* add the pair rule */
std::string lbuf;
- int perms = AA_LINK_BITS & entry->mode;
+ int perms = AA_LINK_BITS & entry->perms;
const char *vec[2];
int pos;
vec[0] = tbuf.c_str();
@@ -665,10 +677,13 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
perms |= LINK_TO_LINK_SUBSET(perms);
vec[1] = "/[^/].*";
}
- if (!dfarules->add_rule_vec(entry->deny, perms, entry->audit & AA_LINK_BITS, 2, vec, dfaflags, false))
+ if (!dfarules->add_rule_vec(entry->priority,
+ entry->rule_mode, perms,
+ entry->audit == AUDIT_FORCE ? perms & AA_LINK_BITS : 0,
+ 2, vec, parseopts, false))
return FALSE;
}
- if (is_change_profile_mode(entry->mode)) {
+ if (is_change_profile_perms(entry->perms)) {
const char *vec[3];
std::string lbuf, xbuf;
autofree char *ns = NULL;
@@ -676,7 +691,7 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
int index = 1;
uint32_t onexec_perms = AA_ONEXEC;
- if ((warnflags & WARN_RULE_DOWNGRADED) && entry->audit && warn_change_profile) {
+ if ((parseopts.warn & WARN_RULE_DOWNGRADED) && entry->audit == AUDIT_FORCE && warn_change_profile) {
/* don't have profile name here, so until this code
* gets refactored just throw out a generic warning
*/
@@ -716,23 +731,25 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
}
/* regular change_profile rule */
- if (!dfarules->add_rule_vec(entry->deny,
+ if (!dfarules->add_rule_vec(entry->priority, entry->rule_mode,
AA_CHANGE_PROFILE | onexec_perms,
- 0, index - 1, &vec[1], dfaflags, false))
+ 0, index - 1, &vec[1], parseopts, false))
return FALSE;
/* onexec rules - both rules are needed for onexec */
- if (!dfarules->add_rule_vec(entry->deny, onexec_perms,
- 0, 1, vec, dfaflags, false))
+ if (!dfarules->add_rule_vec(entry->priority, entry->rule_mode,
+ onexec_perms,
+ 0, 1, vec, parseopts, false))
return FALSE;
/**
* pick up any exec bits, from the frontend parser, related to
* unsafe exec transitions
*/
- onexec_perms |= (entry->mode & (AA_EXEC_BITS | ALL_AA_EXEC_UNSAFE));
- if (!dfarules->add_rule_vec(entry->deny, onexec_perms,
- 0, index, vec, dfaflags, false))
+ onexec_perms |= (entry->perms & (AA_EXEC_BITS | ALL_AA_EXEC_UNSAFE));
+ if (!dfarules->add_rule_vec(entry->priority, entry->rule_mode,
+ onexec_perms, 0, index, vec,
+ parseopts, false))
return FALSE;
}
return TRUE;
@@ -765,10 +782,17 @@ int process_profile_regex(Profile *prof)
if (!post_process_entries(prof))
goto out;
- if (prof->dfa.rules->rule_count > 0) {
+ /* under permstable32_v1 we weld file and policydb together, so
+ * don't create the file blob here
+ */
+ if (prof->dfa.rules->rule_count > 0 && prompt_compat_mode != PROMPT_COMPAT_PERMSV1) {
int xmatch_len = 0;
- prof->dfa.dfa = prof->dfa.rules->create_dfa(&prof->dfa.size,
- &xmatch_len, dfaflags, true);
+ //fprintf(stderr, "Creating file DFA %d\n", kernel_supports_permstable32);
+ prof->dfa.dfa = prof->dfa.rules->create_dfablob(&prof->dfa.size,
+ &xmatch_len, prof->dfa.perms_table,
+ parseopts, true,
+ kernel_supports_permstable32,
+ prof->uses_prompt_rules);
delete prof->dfa.rules;
prof->dfa.rules = NULL;
if (!prof->dfa.dfa)
@@ -843,9 +867,121 @@ int clear_and_convert_entry(std::string& buffer, char *entry)
return convert_entry(buffer, entry);
}
+static std::vector<std::pair<bignum, bignum>> regex_range_generator(bignum start, bignum end)
+{
+ std::vector<std::pair<bignum, bignum>> forward;
+ std::vector<std::pair<bignum, bignum>> reverse;
+ bignum next, prev;
+
+ while (start <= end) {
+ next = bignum::upper_bound_regex(start);
+ if (next > end)
+ break;
+
+ forward.emplace_back(start, next);
+ start = next + 1;
+ }
+
+ while (!end.negative && end >= start) {
+ prev = bignum::lower_bound_regex(end);
+ if (prev < start || prev.negative)
+ break;
+
+ reverse.emplace_back(prev, end);
+ end = prev - 1;
+ }
+
+ if (!end.negative && start <= end) {
+ forward.emplace_back(start, end);
+ }
+
+ forward.insert(forward.end(), reverse.rbegin(), reverse.rend());
+ return forward;
+}
+
+static std::string generate_regex_range(bignum start, bignum end)
+{
+ std::ostringstream result;
+ std::vector<std::pair<bignum, bignum>> regex_range;
+ int j;
+ regex_range = regex_range_generator(std::move(start), std::move(end));
+ for (auto &i: regex_range) {
+ bignum sstart = i.first;
+ bignum send = i.second;
+ if (sstart.base == 16) {
+ for (j = (size_t) sstart.size(); j < 32; j++)
+ result << '0';
+ }
+ for (j = sstart.size() - 1; j >= 0; j--) {
+ result << std::nouppercase;
+ if (sstart[j] == send[j]) {
+ if (sstart[j] >= 10)
+ result << '[';
+ result << std::hex << sstart[j];
+ if (sstart[j] >= 10)
+ result << std::uppercase << std::hex << sstart[j] << ']';
+ } else {
+ if (sstart[j] < 10 && send[j] >= 10) {
+ result << '[';
+ result << std::hex << sstart[j];
+ if (sstart[j] < 9) {
+ result << '-';
+ result << '9';
+ }
+ if (send[j] > 10) {
+ result << 'a';
+ result << '-';
+ }
+ result << std::hex << send[j];
+ if (send[j] > 10) {
+ result << 'A';
+ result << '-';
+ }
+ result << std::uppercase << std::hex << send[j];
+ result << ']';
+ } else {
+ result << '[';
+ result << std::hex << sstart[j];
+ result << '-';
+ result << std::hex << send[j];
+ if (sstart[j] >= 10) {
+ result << std::uppercase << std::hex << sstart[j];
+ result << '-';
+ result << std::uppercase << std::hex << send[j];
+ }
+ result << ']';
+ }
+ }
+ }
+ if (&i != ®ex_range.back())
+ result << ",";
+ }
+ return result.str();
+}
+
+int convert_range(std::string& buffer, bignum start, bignum end)
+{
+ pattern_t ptype;
+ int pos;
+
+ std::string regex_range = generate_regex_range(std::move(start), std::move(end));
+
+ if (!regex_range.empty()) {
+ ptype = convert_aaregex_to_pcre(regex_range.c_str(), 0, glob_default, buffer, &pos);
+ if (ptype == ePatternInvalid)
+ return FALSE;
+ } else {
+ buffer.append(default_match_pattern);
+ }
+
+ return TRUE;
+}
+
int post_process_policydb_ents(Profile *prof)
{
for (RuleList::iterator i = prof->rule_ents.begin(); i != prof->rule_ents.end(); i++) {
+ if ((*i)->skip())
+ continue;
if ((*i)->gen_policy_re(*prof) == RULE_ERROR)
return FALSE;
}
@@ -855,7 +991,7 @@ int post_process_policydb_ents(Profile *prof)
static bool gen_net_rule(Profile *prof, u16 family, unsigned int type_mask,
- bool audit, bool deny) {
+ bool audit, rule_mode_t rmode) {
std::ostringstream buffer;
std::string buf;
@@ -869,20 +1005,21 @@ static bool gen_net_rule(Profile *prof, u16 family, unsigned int type_mask,
buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << (type_mask & 0xff);
}
buf = buffer.str();
- if (!prof->policy.rules->add_rule(buf.c_str(), deny, map_perms(AA_VALID_NET_PERMS),
+ if (!prof->policy.rules->add_rule(buf.c_str(), 0, rmode,
+ map_perms(AA_VALID_NET_PERMS),
audit ? map_perms(AA_VALID_NET_PERMS) : 0,
- dfaflags))
+ parseopts))
return false;
return true;
}
static bool gen_af_rules(Profile *prof, u16 family, unsigned int type_mask,
- unsigned int audit_mask, bool deny)
+ unsigned int audit_mask, rule_mode_t rmode)
{
if (type_mask > 0xffff && audit_mask > 0xffff) {
/* instead of generating multiple rules wild card type */
- return gen_net_rule(prof, family, type_mask, audit_mask, deny);
+ return gen_net_rule(prof, family, type_mask, audit_mask, rmode);
} else {
int t;
/* generate rules for types that are set */
@@ -890,7 +1027,7 @@ static bool gen_af_rules(Profile *prof, u16 family, unsigned int type_mask,
if (type_mask & (1 << t)) {
if (!gen_net_rule(prof, family, t,
audit_mask & (1 << t),
- deny))
+ rmode))
return false;
}
}
@@ -915,11 +1052,11 @@ bool post_process_policydb_net(Profile *prof)
prof->net.quiet[af]) {
if (!gen_af_rules(prof, af, prof->net.allow[af],
prof->net.audit[af],
- false))
+ { RULE_ALLOW}))
return false;
if (!gen_af_rules(prof, af, prof->net.deny[af],
prof->net.quiet[af],
- true))
+ { RULE_DENY}))
return false;
}
}
@@ -940,6 +1077,37 @@ static const char *mediates_ptrace = CLASS_STR(AA_CLASS_PTRACE);
static const char *mediates_extended_net = CLASS_STR(AA_CLASS_NET);
static const char *mediates_netv8 = CLASS_STR(AA_CLASS_NETV8);
static const char *mediates_net_unix = CLASS_SUB_STR(AA_CLASS_NET, AF_UNIX);
+static const char *mediates_ns = CLASS_STR(AA_CLASS_NS);
+static const char *mediates_posix_mqueue = CLASS_STR(AA_CLASS_POSIX_MQUEUE);
+static const char *mediates_sysv_mqueue = CLASS_STR(AA_CLASS_SYSV_MQUEUE);
+static const char *mediates_io_uring = CLASS_STR(AA_CLASS_IO_URING);
+static const char *deny_file = ".*";
+
+/* Set the mediates priority to the maximum possible. This is to help
+ * ensure that the mediates information is not wiped out by a rule
+ * of higher priority. Which for allow rules isn't really a problem
+ * in that these are only used as a place holder to ensure we have
+ * a valid state at the mediates check, and an allow rule that wipes
+ * these out would guarantee it. But a deny rule wiping these out
+ * could result in the dfa allowing stuff as unmediated when it shouldn't
+ *
+ * Note: it turns out the above bug does exist for dbus rules in parsers
+ * that do not support priority, and we don't have a way to fix it.
+ * We fix it here by capping user specified priority to be less than
+ * MAX_INTERNAL_PRIORITY.
+ */
+static int mediates_priority = MAX_INTERNAL_PRIORITY;
+
+/* some rule types unfortunately encoded permissions on the class byte
+ * to fix the above bug, they need a different solution. The generic
+ * mediates rule will get encoded at the minimum priority, and then
+ * for every rule of those classes a mediates rule of the same priority
+ * will be added. This way the mediates rule never has higher priority,
+ * which would wipe out the rule permissions encoded on the class state,
+ * and it is guaranteed to have the same priority as the highest priority
+ * rule.
+ */
+static int perms_onclass_mediates_priority = MIN_INTERNAL_PRIORITY;
int process_profile_policydb(Profile *prof)
{
@@ -951,42 +1119,89 @@ int process_profile_policydb(Profile *prof)
if (!post_process_policydb_ents(prof))
goto out;
- /* TODO: move to network class */
- if (features_supports_networkv8 && !post_process_policydb_net(prof))
- goto out;
/* insert entries to show indicate what compiler/policy expects
* to be supported
*/
-
- /* note: this activates fs based unix domain sockets mediation on connect */
- if (kernel_abi_version > 5 &&
- !prof->policy.rules->add_rule(mediates_file, 0, AA_MAY_READ, 0, dfaflags))
+ if (features_supports_userns &&
+ !prof->policy.rules->add_rule(mediates_ns, perms_onclass_mediates_priority, RULE_ALLOW, AA_MAY_READ, 0, parseopts))
goto out;
- if (features_supports_mount &&
- !prof->policy.rules->add_rule(mediates_mount, 0, AA_MAY_READ, 0, dfaflags))
+
+ /* don't add mediated classes to unconfined profiles */
+ if (prof->flags.mode != MODE_UNCONFINED &&
+ prof->flags.mode != MODE_DEFAULT_ALLOW) {
+ /* note: this activates fs based unix domain sockets mediation on connect */
+ if (kernel_abi_version > 5 &&
+ !prof->policy.rules->add_rule(mediates_file, mediates_priority, RULE_ALLOW, AA_MAY_READ, 0, parseopts))
goto out;
- if (features_supports_dbus &&
- !prof->policy.rules->add_rule(mediates_dbus, 0, AA_MAY_READ, 0, dfaflags))
- goto out;
- if (features_supports_signal &&
- !prof->policy.rules->add_rule(mediates_signal, 0, AA_MAY_READ, 0, dfaflags))
- goto out;
- if (features_supports_ptrace &&
- !prof->policy.rules->add_rule(mediates_ptrace, 0, AA_MAY_READ, 0, dfaflags))
- goto out;
- if (features_supports_networkv8 &&
- !prof->policy.rules->add_rule(mediates_netv8, 0, AA_MAY_READ, 0, dfaflags))
- goto out;
- if (features_supports_unix &&
- (!prof->policy.rules->add_rule(mediates_extended_net, 0, AA_MAY_READ, 0, dfaflags) ||
- !prof->policy.rules->add_rule(mediates_net_unix, 0, AA_MAY_READ, 0, dfaflags)))
- goto out;
+ if (features_supports_mount &&
+ !prof->policy.rules->add_rule(mediates_mount, mediates_priority, RULE_ALLOW, AA_MAY_READ, 0, parseopts))
+ goto out;
+ if (features_supports_dbus &&
+ !prof->policy.rules->add_rule(mediates_dbus, mediates_priority, RULE_ALLOW, AA_MAY_READ, 0, parseopts))
+ goto out;
+ if (features_supports_signal &&
+ !prof->policy.rules->add_rule(mediates_signal, mediates_priority, RULE_ALLOW, AA_MAY_READ, 0, parseopts))
+ goto out;
+ if (features_supports_ptrace &&
+ !prof->policy.rules->add_rule(mediates_ptrace, mediates_priority, RULE_ALLOW, AA_MAY_READ, 0, parseopts))
+ goto out;
+ if (features_supports_networkv8 &&
+ !prof->policy.rules->add_rule(mediates_netv8, mediates_priority, RULE_ALLOW, AA_MAY_READ, 0, parseopts))
+ goto out;
+ if (features_supports_unix &&
+ (!prof->policy.rules->add_rule(mediates_extended_net, mediates_priority, RULE_ALLOW, AA_MAY_READ, 0, parseopts) ||
+ !prof->policy.rules->add_rule(mediates_net_unix, mediates_priority, RULE_ALLOW, AA_MAY_READ, 0, parseopts)))
+ goto out;
+ if (features_supports_posix_mqueue &&
+ !prof->policy.rules->add_rule(mediates_posix_mqueue, mediates_priority, RULE_ALLOW, AA_MAY_READ, 0, parseopts))
+ goto out;
+ if (features_supports_sysv_mqueue &&
+ !prof->policy.rules->add_rule(mediates_sysv_mqueue, mediates_priority, RULE_ALLOW, AA_MAY_READ, 0, parseopts))
+ goto out;
+ if (features_supports_io_uring &&
+ !prof->policy.rules->add_rule(mediates_io_uring, perms_onclass_mediates_priority, RULE_ALLOW, AA_MAY_READ, 0, parseopts))
+ goto out;
+ }
- if (prof->policy.rules->rule_count > 0) {
+ if (prompt_compat_mode == PROMPT_COMPAT_PERMSV1) {
+ // MUST have file and policy
+ // This requires file rule processing happen first
+ if (!prof->dfa.rules->rule_count) {
+ // add null dfa
+ if (!prof->dfa.rules->add_rule(deny_file, 0, RULE_DENY, AA_MAY_READ, 0, parseopts))
+ goto out;
+ }
+ if (!prof->policy.rules->rule_count) {
+ if (!prof->policy.rules->add_rule(mediates_file, 0, RULE_DENY, AA_MAY_READ, 0, parseopts))
+ goto out;
+ }
+ int xmatch_len = 0;
+ prof->policy.dfa = prof->policy.rules->create_welded_dfablob(
+ prof->dfa.rules,
+ &prof->policy.size,
+ &xmatch_len,
+ &prof->policy.file_start,
+ prof->policy.perms_table, parseopts,
+ kernel_supports_permstable32_v1,
+ prof->uses_prompt_rules);
+ delete prof->policy.rules;
+ delete prof->dfa.rules;
+ prof->policy.rules = NULL;
+ prof->dfa.rules = NULL;
+ if (!prof->policy.dfa)
+ goto out;
+ } else if (prof->policy.rules->rule_count > 0 &&
+ // yes not needed as covered above, just making sure
+ // this doesn't get messed up in the future
+ prompt_compat_mode != PROMPT_COMPAT_PERMSV1) {
int xmatch_len = 0;
- prof->policy.dfa = prof->policy.rules->create_dfa(&prof->policy.size,
- &xmatch_len, dfaflags, false);
+ prof->policy.dfa = prof->policy.rules->create_dfablob(&prof->policy.size,
+ &xmatch_len,
+ prof->policy.perms_table,
+ parseopts, false,
+ kernel_supports_permstable32,
+ prof->uses_prompt_rules);
delete prof->policy.rules;
prof->policy.rules = NULL;
diff --git a/parser/parser_variable.c b/parser/parser_variable.c
index 3665fe7736792e0befe519be442ee3e9a3cfa48f..35bbd7dd75d6d04fbfcdf48a0ba85cc01168a843 100644
--- a/parser/parser_variable.c
+++ b/parser/parser_variable.c
@@ -267,7 +267,9 @@ static int process_variables_in_entries(struct cod_entry *entry_list)
static int process_variables_in_rules(Profile &prof)
{
for (RuleList::iterator i = prof.rule_ents.begin(); i != prof.rule_ents.end(); i++) {
- int error = (*i)->expand_variables();
+ if ((*i)->skip())
+ continue;
+ int error = (*i)->expand_variables();
if (error)
return error;
}
@@ -283,7 +285,20 @@ static int process_variables_in_name(Profile &prof)
int error = expand_entry_variables(&prof.name);
if (!error && prof.attachment)
error = expand_entry_variables(&prof.attachment);
+ if (!error && prof.flags.disconnected_path) {
+ error = expand_entry_variables(&prof.flags.disconnected_path);
+ if (error)
+ return error;
+ filter_slashes(prof.flags.disconnected_path);
+ // TODO: semantic check should go somewhere else
+ if (prof.flags.disconnected_path[0] != '/')
+ yyerror(_("attach_disconnected_path value must begin with a /"));
+ int n = strlen(prof.flags.disconnected_path);
+ // removing trailing / */
+ while (n && prof.flags.disconnected_path[n-1] == '/')
+ prof.flags.disconnected_path[--n] = 0;
+ }
return error;
}
diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
index 1ef55ab18a2b61fa57805117c6f2f436668f63ce..cc516e7890fc4c6869ee03d9519a45549e0b9749 100644
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@@ -19,6 +19,7 @@
*/
#define YYERROR_VERBOSE 1
+#include <limits.h>
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
@@ -63,14 +64,13 @@
int parser_token = 0;
-struct cod_entry *do_file_rule(char *id, int mode, char *link_id, char *nt);
+struct cod_entry *do_file_rule(char *id, perm32_t perms, char *link_id, char *nt);
mnt_rule *do_mnt_rule(struct cond_entry *src_conds, char *src,
struct cond_entry *dst_conds, char *dst,
- int mode);
+ perm32_t perms);
mnt_rule *do_pivot_rule(struct cond_entry *old, char *root,
char *transition);
static void abi_features(char *filename, bool search);
-void add_local_entry(Profile *prof);
%}
@@ -116,6 +116,7 @@ void add_local_entry(Profile *prof);
%token TOK_AUDIT
%token TOK_DENY
%token TOK_ALLOW
+%token TOK_PROMPT
%token TOK_PROFILE
%token TOK_SET
%token TOK_ALIAS
@@ -142,6 +143,14 @@ void add_local_entry(Profile *prof);
%token TOK_TRACEDBY
%token TOK_READBY
%token TOK_ABI
+%token TOK_USERNS
+%token TOK_MQUEUE
+%token TOK_DELETE
+%token TOK_IO_URING
+%token TOK_OVERRIDE_CREDS
+%token TOK_SQPOLL
+%token TOK_ALL
+%token TOK_PRIORITY
/* rlimits */
%token TOK_RLIMIT
@@ -177,13 +186,19 @@ void add_local_entry(Profile *prof);
#include "signal.h"
#include "ptrace.h"
#include "af_unix.h"
+ #include "userns.h"
+ #include "mqueue.h"
+ #include "io_uring.h"
+ #include "network.h"
+ #include "all_rule.h"
+ #include "cond_expr.h"
}
%union {
char *id;
char *flag_id;
char *mode;
- struct aa_network_entry *network_entry;
+ network_rule *network_entry;
Profile *prof;
struct cod_net_entry *net_entry;
struct cod_entry *user_entry;
@@ -193,9 +208,14 @@ void add_local_entry(Profile *prof);
signal_rule *signal_entry;
ptrace_rule *ptrace_entry;
unix_rule *unix_entry;
+ userns_rule *userns_entry;
+ mqueue_rule *mqueue_entry;
+ io_uring_rule *io_uring_entry;
+ all_rule *all_entry;
+ prefix_rule_t *prefix_entry;
flagvals flags;
- int fmode;
+ perm32_t fperms;
uint64_t cap;
unsigned int allowed_protocol;
char *set_var;
@@ -204,19 +224,25 @@ void add_local_entry(Profile *prof);
struct value_list *val_list;
struct cond_entry *cond_entry;
struct cond_entry_list cond_entry_list;
- int boolean;
+ bool boolean;
+ int integer;
+ owner_t owner;
struct prefixes prefix;
IncludeCache_t *includecache;
+ audit_t audit;
+ rule_mode_t rule_mode;
+ cond_expr *cond;
}
%type <id> TOK_ID
%type <id> TOK_CONDID
%type <id> TOK_CONDLISTID
%type <mode> TOK_MODE
-%type <fmode> file_mode
+%type <fperms> file_perms
%type <prof> profile_base
%type <prof> profile
%type <prof> rules
+%type <prof> block
%type <prof> hat
%type <prof> local_profile
%type <prof> cond_rule
@@ -241,37 +267,52 @@ void add_local_entry(Profile *prof);
%type <bool_var> TOK_BOOL_VAR
%type <var_val> TOK_VALUE
%type <val_list> valuelist
-%type <boolean> expr
+%type <cond> expr
%type <id> id_or_var
%type <id> opt_id_or_var
%type <boolean> opt_subset_flag
-%type <boolean> opt_audit_flag
-%type <boolean> opt_owner_flag
-%type <boolean> opt_profile_flag
+%type <integer> opt_priority
+%type <audit> opt_audit_flag
+%type <owner> opt_owner_flag
+%type <integer> opt_profile_flag
%type <boolean> opt_flags
-%type <boolean> opt_perm_mode
+%type <rule_mode> opt_rule_mode
%type <id> opt_id
%type <prefix> opt_prefix
-%type <fmode> dbus_perm
-%type <fmode> dbus_perms
-%type <fmode> opt_dbus_perm
+%type <fperms> dbus_perm
+%type <fperms> dbus_perms
+%type <fperms> opt_dbus_perm
%type <dbus_entry> dbus_rule
-%type <fmode> signal_perm
-%type <fmode> signal_perms
-%type <fmode> opt_signal_perm
+%type <prefix_entry> prefix_rule
+%type <fperms> signal_perm
+%type <fperms> signal_perms
+%type <fperms> opt_signal_perm
%type <signal_entry> signal_rule
-%type <fmode> ptrace_perm
-%type <fmode> ptrace_perms
-%type <fmode> opt_ptrace_perm
+%type <fperms> ptrace_perm
+%type <fperms> ptrace_perms
+%type <fperms> opt_ptrace_perm
%type <ptrace_entry> ptrace_rule
-%type <fmode> net_perm
-%type <fmode> net_perms
-%type <fmode> opt_net_perm
+%type <fperms> net_perm
+%type <fperms> net_perms
+%type <fperms> opt_net_perm
%type <unix_entry> unix_rule
%type <id> opt_target
%type <id> opt_named_transition
-%type <boolean> opt_exec_mode
+%type <integer> opt_exec_mode
%type <boolean> opt_file
+%type <fperms> userns_perm
+%type <fperms> userns_perms
+%type <fperms> opt_userns_perm
+%type <userns_entry> userns_rule
+%type <fperms> mqueue_perm
+%type <fperms> mqueue_perms
+%type <fperms> opt_mqueue_perm
+%type <mqueue_entry> mqueue_rule
+%type <fperms> io_uring_perm
+%type <fperms> io_uring_perms
+%type <fperms> opt_io_uring_perm
+%type <io_uring_entry> io_uring_rule
+%type <all_entry> all_rule
%%
@@ -379,8 +420,7 @@ profile_base: TOK_ID opt_id_or_var opt_cond_list flags TOK_OPEN
*/
prof->flags.mode = MODE_COMPLAIN;
- post_process_file_entries(prof);
- post_process_rule_entries(prof);
+ prof->post_parse_profile();
prof->flags.debug(cerr);
/* restore previous blocks include cache */
@@ -406,7 +446,7 @@ profile: opt_profile_flag profile_base
yyerror(_("Profile names must begin with a '/', namespace or keyword 'profile' or 'hat'."));
if ($1 == 2)
- prof->flags.hat = 1;
+ prof->flags.flags |= FLAG_HAT;
$$ = prof;
};
@@ -417,7 +457,6 @@ local_profile: TOK_PROFILE profile_base
if ($2)
PDEBUG("Matched: local profile %s { ... }\n", prof->name);
- prof->local = 1;
$$ = prof;
};
@@ -433,7 +472,7 @@ hat: hat_start profile_base
if ($2->xattrs.list)
yyerror("hat profiles can't use xattrs matches");
- prof->flags.hat = 1;
+ prof->flags.flags |= FLAG_HAT;
$$ = prof;
};
@@ -547,18 +586,19 @@ valuelist: valuelist TOK_VALUE
}
flags: { /* nothing */
- flagvals fv = { 0, MODE_UNSPECIFIED, 0, 0 };
+ flagvals fv;
+ fv.init();
$$ = fv;
};
-opt_flags: { /* nothing */ $$ = 0; }
+opt_flags: { /* nothing */ $$ = false; }
| TOK_CONDID TOK_EQUALS
{
if (strcmp($1, "flags") != 0)
yyerror("expected flags= got %s=", $1);
free($1);
- $$ = 1;
+ $$ = true;
}
flags: opt_flags TOK_OPENPAREN flagvals TOK_CLOSEPAREN
@@ -568,27 +608,7 @@ flags: opt_flags TOK_OPENPAREN flagvals TOK_CLOSEPAREN
flagvals: flagvals flagval
{
- if (merge_profile_mode($1.mode, $2.mode) == MODE_CONFLICT)
- yyerror(_("Profile flag '%s' conflicts with '%s'"),
- profile_mode_table[$1.mode],
- profile_mode_table[$2.mode]);
- $1.mode = merge_profile_mode($1.mode, $2.mode);
- $1.audit = $1.audit || $2.audit;
- $1.path = $1.path | $2.path;
- if (($1.path & (PATH_CHROOT_REL | PATH_NS_REL)) ==
- (PATH_CHROOT_REL | PATH_NS_REL))
- yyerror(_("Profile flag chroot_relative conflicts with namespace_relative"));
-
- if (($1.path & (PATH_MEDIATE_DELETED | PATH_DELEGATE_DELETED)) ==
- (PATH_MEDIATE_DELETED | PATH_DELEGATE_DELETED))
- yyerror(_("Profile flag mediate_deleted conflicts with delegate_deleted"));
- if (($1.path & (PATH_ATTACH | PATH_NO_ATTACH)) ==
- (PATH_ATTACH | PATH_NO_ATTACH))
- yyerror(_("Profile flag attach_disconnected conflicts with no_attach_disconnected"));
- if (($1.path & (PATH_CHROOT_NSATTACH | PATH_CHROOT_NO_ATTACH)) ==
- (PATH_CHROOT_NSATTACH | PATH_CHROOT_NO_ATTACH))
- yyerror(_("Profile flag chroot_attach conflicts with chroot_no_attach"));
-
+ $1.merge($2);
$$ = $1;
};
@@ -599,58 +619,52 @@ flagvals: flagval
flagval: TOK_VALUE
{
- flagvals fv = { 0, MODE_UNSPECIFIED, 0, 0 };
- enum profile_mode mode;
-
- if (strcmp($1, "debug") == 0) {
- yyerror(_("Profile flag 'debug' is no longer valid."));
- } if ((mode = str_to_mode($1))) {
- fv.mode = mode;
- } else if (strcmp($1, "audit") == 0) {
- fv.audit = 1;
- } else if (strcmp($1, "chroot_relative") == 0) {
- fv.path |= PATH_CHROOT_REL;
- } else if (strcmp($1, "namespace_relative") == 0) {
- fv.path |= PATH_NS_REL;
- } else if (strcmp($1, "mediate_deleted") == 0) {
- fv.path |= PATH_MEDIATE_DELETED;
- } else if (strcmp($1, "delegate_deleted") == 0) {
- fv.path |= PATH_DELEGATE_DELETED;
- } else if (strcmp($1, "attach_disconnected") == 0) {
- fv.path |= PATH_ATTACH;
- } else if (strcmp($1, "no_attach_disconnected") == 0) {
- fv.path |= PATH_NO_ATTACH;
- } else if (strcmp($1, "chroot_attach") == 0) {
- fv.path |= PATH_CHROOT_NSATTACH;
- } else if (strcmp($1, "chroot_no_attach") == 0) {
- fv.path |= PATH_CHROOT_NO_ATTACH;
- } else {
- yyerror(_("Invalid profile flag: %s."), $1);
- }
+ flagvals fv;
+
+ fv.init($1);
free($1);
$$ = fv;
};
-opt_subset_flag: { /* nothing */ $$ = 0; }
- | TOK_SUBSET { $$ = 1; }
- | TOK_LE { $$ = 1; }
+opt_subset_flag: { /* nothing */ $$ = false; }
+ | TOK_SUBSET { $$ = true; }
+ | TOK_LE { $$ = true; }
+
+
+opt_priority: { $$ = 0; }
+ | TOK_PRIORITY TOK_EQUALS TOK_VALUE
+ {
+ char *end;
+ long tmp = strtol($3, &end, 10);
+ if (end == $3 || *end != '\0')
+ yyerror("invalid priority %s", $3);
+ free($3);
+ /* see note on mediates_priority */
+ if (tmp > MAX_POLICY_PRIORITY)
+ yyerror("invalid priority %l > %d", tmp, MAX_POLICY_PRIORITY);
+ if (tmp < MIN_POLICY_PRIORITY)
+ yyerror("invalid priority %l > %d", tmp, MIN_POLICY_PRIORITY);
+ $$ = tmp;
+ }
-opt_audit_flag: { /* nothing */ $$ = 0; }
- | TOK_AUDIT { $$ = 1; };
+opt_audit_flag: { /* nothing */ $$ = AUDIT_UNSPECIFIED; }
+ | TOK_AUDIT { $$ = AUDIT_FORCE; };
-opt_owner_flag: { /* nothing */ $$ = 0; }
- | TOK_OWNER { $$ = 1; };
- | TOK_OTHER { $$ = 2; };
+opt_owner_flag: { /* nothing */ $$ = OWNER_UNSPECIFIED; }
+ | TOK_OWNER { $$ = OWNER_SPECIFIED; };
+ | TOK_OTHER { $$ = OWNER_NOT; };
-opt_perm_mode: { /* nothing */ $$ = 0; }
- | TOK_ALLOW { $$ = 0; }
- | TOK_DENY { $$ = 1; }
+opt_rule_mode: { /* nothing */ $$ = RULE_UNSPECIFIED; }
+ | TOK_ALLOW { $$ = RULE_ALLOW; }
+ | TOK_DENY { $$ = RULE_DENY; }
+ | TOK_PROMPT { $$ = RULE_PROMPT; }
-opt_prefix: opt_audit_flag opt_perm_mode opt_owner_flag
+opt_prefix: opt_priority opt_audit_flag opt_rule_mode opt_owner_flag
{
- $$.audit = $1;
- $$.deny = $2;
- $$.owner = $3;
+ $$.priority = $1;
+ $$.audit = $2;
+ $$.rule_mode = $3;
+ $$.owner = $4;
}
rules: { /* nothing */
@@ -666,194 +680,90 @@ rules: rules abi_rule { /* nothing */ }
rules: rules opt_prefix rule
{
+ const char *error;
PDEBUG("matched: rules rule\n");
PDEBUG("rules rule: (%s)\n", $3->name);
if (!$3)
yyerror(_("Assert: `rule' returned NULL."));
- $3->deny = $2.deny;
- if (($2.deny && ($3->mode & AA_EXEC_BITS) &&
- ($3->mode & ALL_AA_EXEC_TYPE)))
- yyerror(_("Invalid mode, in deny rules 'x' must not be preceded by exec qualifier 'i', 'p', or 'u'"));
- else if (!$2.deny && ($3->mode & AA_EXEC_BITS) &&
- !($3->mode & ALL_AA_EXEC_TYPE) &&
- !($3->nt_name))
- yyerror(_("Invalid mode, 'x' must be preceded by exec qualifier 'i', 'p', 'c', or 'u'"));
-
- if ($2.owner == 1)
- $3->mode &= (AA_USER_PERMS | AA_SHARED_PERMS);
- else if ($2.owner == 2)
- $3->mode &= (AA_OTHER_PERMS | AA_SHARED_PERMS);
- /* only set audit ctl quieting if the rule is not audited */
- if (($2.deny && !$2.audit) || (!$2.deny && $2.audit))
- $3->audit = $3->mode & ~ALL_AA_EXEC_TYPE;
-
+ if (!entry_add_prefix($3, $2, error)) {
+ yyerror(_("%s"), error);
+ }
add_entry_to_policy($1, $3);
$$ = $1;
};
+block: TOK_OPEN rules TOK_CLOSE
+ {
+ $$ = $2;
+ };
-rules: rules opt_prefix TOK_OPEN rules TOK_CLOSE
+rules: rules opt_prefix block
{
struct cod_entry *entry, *tmp;
- if ($2.deny)
- yyerror(_("deny prefix not allowed"));
- PDEBUG("matched: %s%s%sblock\n", $2.audit ? "audit " : "",
- $2.deny ? "deny " : "", $2.owner ? "owner " : "");
- list_for_each_safe($4->entries, entry, tmp) {
+ if (($2).priority != 0) {
+ yyerror(_("priority is not allowed on rule blocks"));
+ }
+ PDEBUG("matched: %s%s%sblock\n",
+ $2.audit == AUDIT_FORCE ? "audit " : "",
+ $2.rule_mode == RULE_DENY ? "deny " : "",
+ $2.rule_mode == RULE_PROMPT ? "prompt " : "",
+ $2.owner == OWNER_SPECIFIED ? "owner " : "");
+ list_for_each_safe($3->entries, entry, tmp) {
+ const char *error;
entry->next = NULL;
- if (entry->mode & AA_EXEC_BITS) {
- if (entry->deny &&
- (entry->mode & ALL_AA_EXEC_TYPE))
- yyerror(_("Invalid mode, in deny rules 'x' must not be preceded by exec qualifier 'i', 'p', or 'u'"));
- else if (!entry->deny &&
- !(entry->mode & ALL_AA_EXEC_TYPE))
- yyerror(_("Invalid mode, 'x' must be preceded by exec qualifier 'i', 'p', or 'u'"));
+ if (!entry_add_prefix(entry, $2, error)) {
+ yyerror(_("%s"), error);
}
- if ($2.owner == 1)
- entry->mode &= (AA_USER_PERMS | AA_SHARED_PERMS);
- else if ($2.owner == 2)
- entry->mode &= (AA_OTHER_PERMS | AA_SHARED_PERMS);
-
- if ($2.audit && !entry->deny)
- entry->audit = entry->mode & ~ALL_AA_EXEC_TYPE;
- else if (!$2.audit && entry->deny)
- entry->audit = entry->mode & ~ALL_AA_EXEC_TYPE;
+ /* transfer rule for now, TODO keep block and just
+ * apply add_prefix to block rule and have it do
+ * the work
+ */
add_entry_to_policy($1, entry);
}
- $4->entries = NULL;
+ $3->entries = NULL;
// fix me transfer rules and free sub profile
- delete $4;
+ delete $3;
$$ = $1;
};
rules: rules opt_prefix network_rule
{
- struct aa_network_entry *entry, *tmp;
-
- PDEBUG("Matched: network rule\n");
- if ($2.owner)
- yyerror(_("owner prefix not allowed"));
- if (!$3)
- yyerror(_("Assert: `network_rule' return invalid protocol."));
- if (!$1->alloc_net_table())
- yyerror(_("Memory allocation error."));
- list_for_each_safe($3, entry, tmp) {
-
- /* map to extended mediation, let rule backend do
- * downgrade if needed
- */
- if (entry->family == AF_UNIX) {
- unix_rule *rule = new unix_rule(entry->type, $2.audit, $2.deny);
+ const char *error;
+ if (!$3->add_prefix($2, error))
+ yyerror(error);
+ /* class members need to be updated after prefix is added */
+ $3->update_compat_net();
+
+ auto nm_af_unix = $3->network_map.find(AF_UNIX);
+ if (nm_af_unix != $3->network_map.end()) {
+ for (auto& entry : nm_af_unix->second) {
+ unix_rule *rule = new unix_rule(entry.type,
+ $2.audit, $2.rule_mode);
if (!rule)
yyerror(_("Memory allocation error."));
$1->rule_ents.push_back(rule);
}
- if (entry->type > SOCK_PACKET) {
- /* setting mask instead of a bit */
- if ($2.deny) {
- $1->net.deny[entry->family] |= entry->type;
- if (!$2.audit)
- $1->net.quiet[entry->family] |= entry->type;
- } else {
- $1->net.allow[entry->family] |= entry->type;
- if ($2.audit)
- $1->net.audit[entry->family] |= entry->type;
- }
- } else {
- if ($2.deny) {
- $1->net.deny[entry->family] |= 1 << entry->type;
- if (!$2.audit)
- $1->net.quiet[entry->family] |= 1 << entry->type;
- } else {
- $1->net.allow[entry->family] |= 1 << entry->type;
- if ($2.audit)
- $1->net.audit[entry->family] |= 1 << entry->type;
- }
- }
- free(entry);
- }
-
- $$ = $1;
- }
-
-rules: rules opt_prefix mnt_rule
- {
- if ($2.owner)
- yyerror(_("owner prefix not allowed on mount rules"));
- if ($2.deny && $2.audit) {
- $3->deny = 1;
- } else if ($2.deny) {
- $3->deny = 1;
- $3->audit = $3->allow;
- } else if ($2.audit) {
- $3->audit = $3->allow;
- }
-
- $1->rule_ents.push_back($3);
- $$ = $1;
- }
-
-rules: rules opt_prefix dbus_rule
- {
- if ($2.owner)
- yyerror(_("owner prefix not allowed on dbus rules"));
- if ($2.deny && $2.audit) {
- $3->deny = 1;
- } else if ($2.deny) {
- $3->deny = 1;
- $3->audit = $3->mode;
- } else if ($2.audit) {
- $3->audit = $3->mode;
}
$1->rule_ents.push_back($3);
$$ = $1;
}
-rules: rules opt_prefix signal_rule
- {
- if ($2.owner)
- yyerror(_("owner prefix not allowed on signal rules"));
- if ($2.deny && $2.audit) {
- $3->deny = 1;
- } else if ($2.deny) {
- $3->deny = 1;
- $3->audit = $3->mode;
- } else if ($2.audit) {
- $3->audit = $3->mode;
- }
- $1->rule_ents.push_back($3);
- $$ = $1;
- }
+prefix_rule : mnt_rule { $$ = $1; }
+ | dbus_rule { $$ = $1; }
+ | signal_rule { $$ = $1; }
+ | ptrace_rule { $$ = $1; }
+ | unix_rule { $$ = $1; }
+ | userns_rule { $$ = $1; }
+ | mqueue_rule { $$ = $1; }
+ | io_uring_rule { $$ = $1; }
+ | all_rule { $$ = $1; }
-rules: rules opt_prefix ptrace_rule
+rules: rules opt_prefix prefix_rule
{
- if ($2.owner)
- yyerror(_("owner prefix not allowed on ptrace rules"));
- if ($2.deny && $2.audit) {
- $3->deny = 1;
- } else if ($2.deny) {
- $3->deny = 1;
- $3->audit = $3->mode;
- } else if ($2.audit) {
- $3->audit = $3->mode;
- }
- $1->rule_ents.push_back($3);
- $$ = $1;
- }
-
-rules: rules opt_prefix unix_rule
- {
- if ($2.owner)
- yyerror(_("owner prefix not allowed on unix rules"));
- if ($2.deny && $2.audit) {
- $3->deny = 1;
- } else if ($2.deny) {
- $3->deny = 1;
- $3->audit = $3->mode;
- } else if ($2.audit) {
- $3->audit = $3->mode;
- }
+ const char *error;
+ if (!$3->add_prefix($2, error))
+ yyerror(error);
$1->rule_ents.push_back($3);
$$ = $1;
}
@@ -864,15 +774,15 @@ rules: rules opt_prefix change_profile
PDEBUG("rules change_profile: (%s)\n", $3->name);
if (!$3)
yyerror(_("Assert: `change_profile' returned NULL."));
- if ($2.owner)
- yyerror(_("owner prefix not allowed on unix rules"));
- if ($2.deny && $2.audit) {
- $3->deny = 1;
- } else if ($2.deny) {
- $3->deny = 1;
- $3->audit = $3->mode;
- } else if ($2.audit) {
- $3->audit = $3->mode;
+ if ($2.owner != OWNER_UNSPECIFIED)
+ yyerror(_("owner conditional not allowed on unix rules"));
+ if (($2.rule_mode == RULE_DENY) && $2.audit == AUDIT_FORCE) {
+ $3->rule_mode = RULE_DENY;
+ } else if ($2.rule_mode == RULE_DENY) {
+ $3->rule_mode = RULE_DENY;
+ $3->audit = AUDIT_FORCE;
+ } else if ($2.audit != AUDIT_UNSPECIFIED) {
+ $3->audit = $2.audit;
}
add_entry_to_policy($1, $3);
$$ = $1;
@@ -880,17 +790,17 @@ rules: rules opt_prefix change_profile
rules: rules opt_prefix capability
{
- if ($2.owner)
- yyerror(_("owner prefix not allowed on capability rules"));
+ if ($2.owner != OWNER_UNSPECIFIED)
+ yyerror(_("owner conditional not allowed on capability rules"));
- if ($2.deny && $2.audit) {
+ if ($2.rule_mode == RULE_DENY && $2.audit == AUDIT_FORCE) {
$1->caps.deny |= $3;
- } else if ($2.deny) {
+ } else if ($2.rule_mode == RULE_DENY) {
$1->caps.deny |= $3;
$1->caps.quiet |= $3;
} else {
$1->caps.allow |= $3;
- if ($2.audit)
+ if ($2.audit != AUDIT_UNSPECIFIED)
$1->caps.audit |= $3;
}
@@ -912,7 +822,6 @@ rules: rules local_profile
if (!$2)
yyerror(_("Assert: 'local_profile rule' returned NULL."));
add_hat_to_policy($1, $2);
- add_local_entry($2);
$$ = $1;
};
@@ -1021,83 +930,77 @@ rules: rules TOK_SET TOK_RLIMIT TOK_ID TOK_LE TOK_VALUE opt_id TOK_END_OF_RULE
};
-cond_rule: TOK_IF expr TOK_OPEN rules TOK_CLOSE
+cond_rule: TOK_IF expr block
{
Profile *ret = NULL;
PDEBUG("Matched: found conditional rules\n");
- if ($2) {
- ret = $4;
+ if ($2->eval()) {
+ ret = $3;
} else {
- delete $4;
+ delete $3;
}
+ delete $2;
$$ = ret;
}
-cond_rule: TOK_IF expr TOK_OPEN rules TOK_CLOSE TOK_ELSE TOK_OPEN rules TOK_CLOSE
+cond_rule: TOK_IF expr block TOK_ELSE block
{
Profile *ret = NULL;
PDEBUG("Matched: found conditional else rules\n");
- if ($2) {
- ret = $4;
- delete $8;
+ if ($2->eval()) {
+ ret = $3;
+ delete $5;
} else {
- ret = $8;
- delete $4;
+ ret = $5;
+ delete $3;
}
+ delete $2;
$$ = ret;
}
-cond_rule: TOK_IF expr TOK_OPEN rules TOK_CLOSE TOK_ELSE cond_rule
+cond_rule: TOK_IF expr block TOK_ELSE cond_rule
{
Profile *ret = NULL;
PDEBUG("Matched: found conditional else-if rules\n");
- if ($2) {
- ret = $4;
- delete $7;
+ if ($2->eval()) {
+ ret = $3;
+ delete $5;
} else {
- ret = $7;
- delete $4;
+ ret = $5;
+ delete $3;
}
+ delete $2;
$$ = ret;
}
expr: TOK_NOT expr
{
- $$ = !$2;
+ cond_expr *conds = new cond_expr(!$2->eval());
+ delete $2;
+ $$ = conds;
}
expr: TOK_BOOL_VAR
{
- char *var_name = process_var($1);
- int boolean = get_boolean_var(var_name);
- PDEBUG("Matched: boolean expr %s value: %d\n", $1, boolean);
- if (boolean < 0) {
- /* FIXME check for set var */
- yyerror(_("Unset boolean variable %s used in if-expression"),
- $1);
- }
- $$ = boolean;
- free(var_name);
+ cond_expr *conds = new cond_expr($1, false);
+ PDEBUG("Matched: boolean expr %s value: %d\n", $1, conds->eval());
+ $$ = conds;
free($1);
}
expr: TOK_DEFINED TOK_SET_VAR
{
- char *var_name = process_var($2);
- void *set_value = get_set_var(var_name);
- PDEBUG("Matched: defined set expr %s value %lx\n", $2, (long) set_value);
- $$ = !! (long) set_value;
- free(var_name);
+ cond_expr *conds = new cond_expr($2, true);
+ PDEBUG("Matched: defined set expr %s value %d\n", $2, conds->eval());
+ $$ = conds;
free($2);
}
expr: TOK_DEFINED TOK_BOOL_VAR
{
- char *var_name = process_var($2);
- int boolean = get_boolean_var(var_name);
- PDEBUG("Matched: defined set expr %s value %d\n", $2, boolean);
- $$ = (boolean != -1);
- free(var_name);
+ cond_expr *conds = new cond_expr($2, false);
+ PDEBUG("Matched: defined set expr %s value %d\n", $2, conds->eval());
+ $$ = conds;
free($2);
}
@@ -1133,15 +1036,15 @@ opt_exec_mode: { /* nothing */ $$ = EXEC_MODE_EMPTY; }
| TOK_UNSAFE { $$ = EXEC_MODE_UNSAFE; };
| TOK_SAFE { $$ = EXEC_MODE_SAFE; };
-opt_file: { /* nothing */ $$ = 0; }
- | TOK_FILE { $$ = 1; }
+opt_file: { /* nothing */ $$ = false; }
+ | TOK_FILE { $$ = true; }
-frule: id_or_var file_mode opt_named_transition TOK_END_OF_RULE
+frule: id_or_var file_perms opt_named_transition TOK_END_OF_RULE
{
$$ = do_file_rule($1, $2, NULL, $3);
};
-frule: file_mode opt_subset_flag id_or_var opt_named_transition TOK_END_OF_RULE
+frule: file_perms opt_subset_flag id_or_var opt_named_transition TOK_END_OF_RULE
{
if ($2 && ($1 & ~AA_LINK_BITS))
yyerror(_("subset can only be used with link rules."));
@@ -1176,19 +1079,19 @@ file_rule: TOK_FILE TOK_END_OF_RULE
file_rule_tail: opt_exec_mode frule
{
if ($1 != EXEC_MODE_EMPTY) {
- if (!($2->mode & AA_EXEC_BITS))
+ if (!($2->perms & AA_EXEC_BITS))
yyerror(_("unsafe rule missing exec permissions"));
if ($1 == EXEC_MODE_UNSAFE) {
- $2->mode |= (($2->mode & AA_EXEC_BITS) << 8) &
+ $2->perms |= (($2->perms & AA_EXEC_BITS) << 8) &
ALL_AA_EXEC_UNSAFE;
}
else if ($1 == EXEC_MODE_SAFE)
- $2->mode &= ~ALL_AA_EXEC_UNSAFE;
+ $2->perms &= ~ALL_AA_EXEC_UNSAFE;
}
$$ = $2;
};
-file_rule_tail: opt_exec_mode id_or_var file_mode id_or_var
+file_rule_tail: opt_exec_mode id_or_var file_perms id_or_var
{
/* Oopsie, we appear to be missing an EOL marker. If we
* were *smart*, we could work around it. Since we're
@@ -1207,42 +1110,45 @@ link_rule: TOK_LINK opt_subset_flag id_or_var TOK_ARROW id_or_var TOK_END_OF_RUL
$$ = entry;
};
-network_rule: TOK_NETWORK TOK_END_OF_RULE
+network_rule: TOK_NETWORK opt_net_perm opt_conds opt_cond_list TOK_END_OF_RULE
{
- size_t family;
- struct aa_network_entry *new_entry, *entry = NULL;
- for (family = AF_UNSPEC; family < get_af_max(); family++) {
- new_entry = new_network_ent(family, 0xffffffff,
- 0xffffffff);
- if (!new_entry)
- yyerror(_("Memory allocation error."));
- new_entry->next = entry;
- entry = new_entry;
+ network_rule *entry;
+
+ if ($4.name) {
+ if (strcmp($4.name, "peer") != 0)
+ yyerror(_("network rule: invalid conditional group %s=()"), $4.name);
+ free($4.name);
}
+ entry = new network_rule($2, $3, $4.list);
$$ = entry;
}
-network_rule: TOK_NETWORK TOK_ID TOK_END_OF_RULE
+network_rule: TOK_NETWORK opt_net_perm TOK_ID opt_conds opt_cond_list TOK_END_OF_RULE
{
- struct aa_network_entry *entry;
- entry = network_entry($2, NULL, NULL);
- if (!entry)
- /* test for short circuiting of family */
- entry = network_entry(NULL, $2, NULL);
- if (!entry)
- yyerror(_("Invalid network entry."));
- free($2);
+ network_rule *entry;
+
+ if ($5.name) {
+ if (strcmp($5.name, "peer") != 0)
+ yyerror(_("network rule: invalid conditional group %s=()"), $5.name);
+ free($5.name);
+ }
+ entry = new network_rule($2, $3, NULL, NULL, $4, $5.list);
+ free($3);
$$ = entry;
}
-network_rule: TOK_NETWORK TOK_ID TOK_ID TOK_END_OF_RULE
+network_rule: TOK_NETWORK opt_net_perm TOK_ID TOK_ID opt_conds opt_cond_list TOK_END_OF_RULE
{
- struct aa_network_entry *entry;
- entry = network_entry($2, $3, NULL);
- if (!entry)
- yyerror(_("Invalid network entry."));
- free($2);
+ network_rule *entry;
+
+ if ($6.name) {
+ if (strcmp($6.name, "peer") != 0)
+ yyerror(_("network rule: invalid conditional group %s=()"), $6.name);
+ free($6.name);
+ }
+ entry = new network_rule($2, $3, $4, NULL, $5, $6.list);
free($3);
+ free($4);
$$ = entry;
}
@@ -1340,7 +1246,7 @@ dbus_perm: TOK_VALUE
else if (strcmp($1, "eavesdrop") == 0)
$$ = AA_DBUS_EAVESDROP;
else if ($1) {
- parse_dbus_mode($1, &$$, 1);
+ parse_dbus_perms($1, &$$, 1);
} else
$$ = 0;
@@ -1355,7 +1261,7 @@ dbus_perm: TOK_VALUE
| TOK_EAVESDROP { $$ = AA_DBUS_EAVESDROP; }
| TOK_MODE
{
- parse_dbus_mode($1, &$$, 1);
+ parse_dbus_perms($1, &$$, 1);
free($1);
}
@@ -1410,7 +1316,7 @@ net_perm: TOK_VALUE
else if (strcmp($1, "receive") == 0 || strcmp($1, "read") == 0)
$$ = AA_NET_RECEIVE;
else if ($1) {
- parse_net_mode($1, &$$, 1);
+ parse_net_perms($1, &$$, 1);
} else
$$ = 0;
@@ -1433,7 +1339,7 @@ net_perm: TOK_VALUE
| TOK_WRITE { $$ = AA_NET_SEND; }
| TOK_MODE
{
- parse_unix_mode($1, &$$, 1);
+ parse_unix_perms($1, &$$, 1);
free($1);
}
@@ -1468,7 +1374,7 @@ signal_perm: TOK_VALUE
else if (strcmp($1, "receive") == 0 || strcmp($1, "read") == 0)
$$ = AA_MAY_RECEIVE;
else if ($1) {
- parse_signal_mode($1, &$$, 1);
+ parse_signal_perms($1, &$$, 1);
} else
$$ = 0;
@@ -1481,7 +1387,7 @@ signal_perm: TOK_VALUE
| TOK_WRITE { $$ = AA_MAY_SEND; }
| TOK_MODE
{
- parse_signal_mode($1, &$$, 1);
+ parse_signal_perms($1, &$$, 1);
free($1);
}
@@ -1510,7 +1416,7 @@ ptrace_perm: TOK_VALUE
else if (strcmp($1, "readby") == 0)
$$ = AA_MAY_READBY;
else if ($1)
- parse_ptrace_mode($1, &$$, 1);
+ parse_ptrace_perms($1, &$$, 1);
else
$$ = 0;
@@ -1524,7 +1430,7 @@ ptrace_perm: TOK_VALUE
| TOK_READBY { $$ = AA_MAY_READBY; }
| TOK_MODE
{
- parse_ptrace_mode($1, &$$, 1);
+ parse_ptrace_perms($1, &$$, 1);
free($1);
}
@@ -1542,21 +1448,143 @@ ptrace_rule: TOK_PTRACE opt_ptrace_perm opt_conds TOK_END_OF_RULE
$$ = ent;
}
+userns_perm: TOK_VALUE
+ {
+ if (strcmp($1, "create") == 0)
+ $$ = AA_USERNS_CREATE;
+ else
+ $$ = 0;
+
+ if ($1)
+ free($1);
+ }
+ | TOK_CREATE { $$ = AA_USERNS_CREATE; }
+
+userns_perms: { /* nothing */ $$ = 0; }
+ | userns_perms userns_perm { $$ = $1 | $2; }
+ | userns_perms TOK_COMMA userns_perm { $$ = $1 | $3; }
+
+opt_userns_perm: { /* nothing */ $$ = 0; }
+ | userns_perm { $$ = $1; }
+ | TOK_OPENPAREN userns_perms TOK_CLOSEPAREN { $$ = $2; }
+
+userns_rule: TOK_USERNS opt_userns_perm opt_conds TOK_END_OF_RULE
+ {
+ userns_rule *ent = new userns_rule($2, $3);
+ $$ = ent;
+ }
+
+mqueue_perm: TOK_VALUE
+ {
+ if (strcmp($1, "create") == 0)
+ $$ = AA_MQUEUE_CREATE;
+ else if (strcmp($1, "open") == 0)
+ $$ = AA_MQUEUE_OPEN;
+ else if (strcmp($1, "delete") == 0)
+ $$ = AA_MQUEUE_DELETE;
+ else if (strcmp($1, "getattr") == 0)
+ $$ = AA_MQUEUE_GETATTR;
+ else if (strcmp($1, "setattr") == 0)
+ $$ = AA_MQUEUE_SETATTR;
+ else if (strcmp($1, "write") == 0)
+ $$ = AA_MQUEUE_WRITE;
+ else if (strcmp($1, "read") == 0)
+ $$ = AA_MQUEUE_READ;
+ else if ($1) {
+ parse_mqueue_perms($1, &$$, 1);
+ } else
+ $$ = 0;
+
+ if ($1)
+ free($1);
+ }
+ | TOK_CREATE { $$ = AA_MQUEUE_CREATE; }
+ | TOK_OPEN { $$ = AA_MQUEUE_OPEN; }
+ | TOK_DELETE { $$ = AA_MQUEUE_DELETE; }
+ | TOK_GETATTR { $$ = AA_MQUEUE_GETATTR; }
+ | TOK_SETATTR { $$ = AA_MQUEUE_SETATTR; }
+ | TOK_WRITE { $$ = AA_MQUEUE_WRITE; }
+ | TOK_READ { $$ = AA_MQUEUE_READ; }
+ | TOK_MODE
+ {
+ parse_mqueue_perms($1, &$$, 1);
+ free($1);
+ }
+
+mqueue_perms: { /* nothing */ $$ = 0; }
+ | mqueue_perms mqueue_perm { $$ = $1 | $2; }
+ | mqueue_perms TOK_COMMA mqueue_perm { $$ = $1 | $3; }
+
+opt_mqueue_perm: { /* nothing */ $$ = 0; }
+ | mqueue_perm { $$ = $1; }
+ | TOK_OPENPAREN mqueue_perms TOK_CLOSEPAREN { $$ = $2; }
+
+mqueue_rule: TOK_MQUEUE opt_mqueue_perm opt_conds TOK_END_OF_RULE
+ {
+ mqueue_rule *ent = new mqueue_rule($2, $3);
+ $$ = ent;
+ }
+ | TOK_MQUEUE opt_mqueue_perm opt_conds TOK_ID TOK_END_OF_RULE
+ {
+ mqueue_rule *ent = new mqueue_rule($2, $3, $4);
+ $$ = ent;
+ }
+
+io_uring_perm: TOK_VALUE
+ {
+ if (strcmp($1, "override_creds") == 0)
+ $$ = AA_IO_URING_OVERRIDE_CREDS;
+ else if (strcmp($1, "sqpoll") == 0)
+ $$ = AA_IO_URING_SQPOLL;
+ else
+ $$ = 0;
+
+ if ($1)
+ free($1);
+ }
+ | TOK_OVERRIDE_CREDS { $$ = AA_IO_URING_OVERRIDE_CREDS; }
+ | TOK_SQPOLL { $$ = AA_IO_URING_SQPOLL; }
+
+io_uring_perms: { /* nothing */ $$ = 0; }
+ | io_uring_perms io_uring_perm { $$ = $1 | $2; }
+ | io_uring_perms TOK_COMMA io_uring_perm { $$ = $1 | $3; }
+
+opt_io_uring_perm: { /* nothing */ $$ = 0; }
+ | io_uring_perm { $$ = $1; }
+ | TOK_OPENPAREN io_uring_perms TOK_CLOSEPAREN { $$ = $2; }
+
+io_uring_rule: TOK_IO_URING opt_io_uring_perm opt_conds opt_cond_list TOK_END_OF_RULE
+ {
+ io_uring_rule *ent;
+ ent = new io_uring_rule($2, $3, $4.list);
+ if (!ent)
+ yyerror(_("Memory allocation error."));
+ $$ = ent;
+ }
+
+all_rule: TOK_ALL TOK_END_OF_RULE
+ {
+ all_rule *ent = new all_rule();
+ if (!ent)
+ yyerror(_("Memory allocation error."));
+ $$ = ent;
+ }
+
hat_start: TOK_CARET {}
| TOK_HAT {}
-file_mode: TOK_MODE
+file_perms: TOK_MODE
{
/* A single TOK_MODE maps to the same permission in all
* of user::other */
- $$ = parse_mode($1);
+ $$ = parse_perms($1);
free($1);
}
change_profile: TOK_CHANGE_PROFILE opt_exec_mode opt_id opt_named_transition TOK_END_OF_RULE
{
struct cod_entry *entry;
- int mode = AA_CHANGE_PROFILE;
+ perm32_t perms = AA_CHANGE_PROFILE;
int exec_mode = $2;
char *exec = $3;
char *target = $4;
@@ -1565,9 +1593,9 @@ change_profile: TOK_CHANGE_PROFILE opt_exec_mode opt_id opt_named_transition TOK
/* exec bits required to trigger rule conflict if
* for overlapping safe and unsafe exec rules
*/
- mode |= AA_EXEC_BITS;
+ perms |= AA_EXEC_BITS;
if (exec_mode == EXEC_MODE_UNSAFE)
- mode |= ALL_AA_EXEC_UNSAFE;
+ perms |= ALL_AA_EXEC_UNSAFE;
else if (exec_mode == EXEC_MODE_SAFE &&
!features_supports_stacking) {
pwarn(WARN_RULE_DOWNGRADED, "downgrading change_profile safe rule to unsafe due to lack of necessary kernel support\n");
@@ -1591,7 +1619,7 @@ change_profile: TOK_CHANGE_PROFILE opt_exec_mode opt_id opt_named_transition TOK
yyerror(_("Memory allocation error."));
}
- entry = new_entry(target, mode, exec);
+ entry = new_entry(target, perms, exec);
if (!entry)
yyerror(_("Memory allocation error."));
@@ -1664,11 +1692,11 @@ void yyerror(const char *msg, ...)
exit(1);
}
-struct cod_entry *do_file_rule(char *id, int mode, char *link_id, char *nt)
+struct cod_entry *do_file_rule(char *id, perm32_t perms, char *link_id, char *nt)
{
struct cod_entry *entry;
- PDEBUG("Matched: tok_id (%s) tok_mode (0x%x)\n", id, mode);
- entry = new_entry(id, mode, link_id);
+ PDEBUG("Matched: tok_id (%s) tok_perms (0x%x)\n", id, perms);
+ entry = new_entry(id, perms, link_id);
if (!entry)
yyerror(_("Memory allocation error."));
entry->nt_name = nt;
@@ -1676,31 +1704,6 @@ struct cod_entry *do_file_rule(char *id, int mode, char *link_id, char *nt)
return entry;
}
-/* Note: NOT currently in use, used for
- * /foo x -> { /bah, } style transitions
- */
-void add_local_entry(Profile *prof)
-{
- /* ugh this has to be called after the hat is attached to its parent */
- if (prof->local_mode) {
- struct cod_entry *entry;
- char *trans = (char *) malloc(strlen(prof->parent->name) +
- strlen(prof->name) + 3);
- char *name = strdup(prof->name);
- if (!trans)
- yyerror(_("Memory allocation error."));
- sprintf(name, "%s//%s", prof->parent->name, prof->name);
-
- entry = new_entry(name, prof->local_mode, NULL);
- entry->audit = prof->local_audit;
- entry->nt_name = trans;
- if (!entry)
- yyerror(_("Memory allocation error."));
-
- add_entry_to_policy(prof, entry);
- }
-}
-
static const char *mnt_cond_msg[] = {"",
" not allowed as source conditional",
" not allowed as target conditional",
@@ -1730,7 +1733,7 @@ int verify_mnt_conds(struct cond_entry *conds, int src)
mnt_rule *do_mnt_rule(struct cond_entry *src_conds, char *src,
struct cond_entry *dst_conds, char *dst,
- int mode)
+ perm32_t perms)
{
if (verify_mnt_conds(src_conds, MNT_SRC_OPT) != 0)
yyerror(_("bad mount rule"));
@@ -1742,7 +1745,7 @@ mnt_rule *do_mnt_rule(struct cond_entry *src_conds, char *src,
if (dst_conds)
yyerror(_("mount point conditions not currently supported"));
- mnt_rule *ent = new mnt_rule(src_conds, src, dst_conds, dst, mode);
+ mnt_rule *ent = new mnt_rule(src_conds, src, dst_conds, dst, perms);
if (!ent) {
yyerror(_("Memory allocation error."));
}
diff --git a/parser/perms.h b/parser/perms.h
new file mode 100644
index 0000000000000000000000000000000000000000..d174565e6d784d56b8bbee8e5453e1be8a446e84
--- /dev/null
+++ b/parser/perms.h
@@ -0,0 +1,153 @@
+/*
+ * Copyright (c) 2022
+ * Canonical, Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Novell, Inc. or Canonical
+ * Ltd.
+ */
+#ifndef __AA_PERM_H
+#define __AA_PERM_H
+
+/* this represents permissions as used as part of the state machine in
+ * the kernel.
+ * It is possible this will get further mapped for compatibility with
+ * older versions
+ */
+
+#include <ostream>
+#include <iostream>
+using std::ostream;
+using std::cerr;
+
+#include <stdint.h>
+#include <sys/apparmor.h>
+
+/* same as in immunix.h - make it so they can both be included or used alone */
+#ifndef AA_MAY_EXEC
+#define AA_MAY_EXEC 1
+#define AA_MAY_WRITE 2
+#define AA_MAY_READ 4
+#define AA_MAY_APPEND 8
+#endif
+
+#ifndef AA_MAY_CREATE
+// these are in apparmor.h
+#define AA_MAY_CREATE 0x0010
+#define AA_MAY_DELETE 0x0020
+#define AA_MAY_OPEN 0x0040
+#define AA_MAY_RENAME 0x0080 /* pair */
+
+#define AA_MAY_SETATTR 0x0100 /* meta write */
+#define AA_MAY_GETATTR 0x0200 /* meta read */
+#define AA_MAY_SETCRED 0x0400 /* security cred/attr */
+#define AA_MAY_GETCRED 0x0800
+
+#define AA_MAY_CHMOD 0x1000 /* pair */
+#define AA_MAY_CHOWN 0x2000 /* pair */
+#endif
+#define AA_MAY_CHGRP 0x4000 /* pair */
+#ifndef AA_MAY_CREATE
+#define AA_MAY_LOCK 0x8000 /* LINK_SUBSET overlaid */
+
+#define AA_EXEC_MMAP 0x00010000
+#endif
+#define AA_MAY_MPROT 0x00020000 /* extend conditions */
+#ifndef AA_MAY_CREATE
+#define AA_MAY_LINK 0x00040000 /* pair */
+#endif
+#define AA_MAY_SNAPSHOT 0x00080000 /* pair */
+
+#define AA_MAY_DELEGATE
+#define AA_CONT_MATCH 0x08000000
+
+// TODO: move into a reworked immunix.h that is dependent on perms.h
+#define AA_COMPAT_CONT_MATCH (AA_CONT_MATCH << 1)
+
+#define AA_MAY_STACK 0x10000000
+#define AA_MAY_ONEXEC 0x20000000 /* either stack or change_profile */
+#define AA_MAY_CHANGE_PROFILE 0x40000000
+#define AA_MAY_CHANGEHAT 0x80000000
+
+#define AA_LINK_SUBSET AA_MAY_LOCK /* overlaid */
+
+
+/*
+ * The xindex is broken into 3 parts
+ * - index - an index into either the exec name table or the variable table
+ * - exec type - which determines how the executable name and index are used
+ * - flags - which modify how the destination name is applied
+ */
+#define AA_X_INDEX_MASK 0xffffff
+
+#define AA_X_TYPE_MASK 0x0c000000
+#define AA_X_NONE AA_INDEX_NONE
+#define AA_X_NAME 0x04000000 /* use executable name px */
+#define AA_X_TABLE 0x08000000 /* use a specified name ->n# */
+
+#define AA_X_UNSAFE 0x10000000
+#define AA_X_CHILD 0x20000000
+#define AA_X_INHERIT 0x40000000
+#define AA_X_UNCONFINED 0x80000000
+
+typedef uint32_t perm32_t;
+
+class aa_perms {
+public:
+ perm32_t allow;
+ perm32_t deny; /* explicit deny, or conflict if allow also set */
+
+ perm32_t subtree; /* allow perm on full subtree only when allow is set */
+ perm32_t cond; /* set only when ~allow and ~deny */
+
+ perm32_t kill; /* set only when ~allow | deny */
+ perm32_t complain; /* accumulates only used when ~allow & ~deny */
+ perm32_t prompt; /* accumulates only used when ~allow & ~deny */
+
+ perm32_t audit; /* set only when allow is set */
+ perm32_t quiet; /* set only when ~allow | deny */
+ perm32_t hide; /* set only when ~allow | deny */
+
+
+ uint32_t xindex;
+ uint32_t tag; /* tag string index, if present */
+ uint32_t label; /* label string index, if present */
+
+ void dump_header(ostream &os)
+ {
+ os << "(allow/deny/prompt//audit/quiet//xindex)\n";
+ }
+
+ void dump(ostream &os)
+ {
+ os << std::hex << "(0x" << allow << "/0x" << deny << "/0x"
+ << prompt << "//0x" << audit << "/0x" << quiet
+ << std::dec << "//";
+ if (xindex & AA_X_UNSAFE)
+ os << "unsafe ";
+ if (xindex & AA_X_TYPE_MASK) {
+ if (xindex & AA_X_CHILD)
+ os << "c";
+ else
+ os << "p";
+ }
+ if (xindex & AA_X_INHERIT)
+ os << "i";
+ if (xindex & AA_X_UNCONFINED)
+ os << "u";
+ os << (xindex & AA_X_INDEX_MASK);
+ os << ")";
+ }
+
+};
+
+#endif /* __AA_PERM_H */
diff --git a/parser/po/apparmor-parser.pot b/parser/po/apparmor-parser.pot
index 250d6d656963cab82e6646b6cf8e5170ad88b7de..484cb6f1e12014fb4d01d4856807ae2881a7d338 100644
--- a/parser/po/apparmor-parser.pot
+++ b/parser/po/apparmor-parser.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: apparmor@lists.ubuntu.com\n"
-"POT-Creation-Date: 2020-10-14 03:51-0700\n"
+"POT-Creation-Date: 2025-02-18 07:32-0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -86,37 +86,41 @@ msgid "Permission denied; attempted to load a profile while confined?\n"
msgstr ""
#: ../parser_interface.c:99 ../parser_interface.c:102 ../parser_interface.c:79
-#: ../parser_interface.c:82
+#: ../parser_interface.c:82 ../parser_interface.c:84
#, c-format
msgid "Unknown error (%d): %s\n"
msgstr ""
#: ../parser_interface.c:116 ../parser_interface.c:119 ../parser_interface.c:96
-#: ../parser_interface.c:100
+#: ../parser_interface.c:100 ../parser_interface.c:102
#, c-format
msgid "%s: Unable to add \"%s\". "
msgstr ""
#: ../parser_interface.c:121 ../parser_interface.c:124
#: ../parser_interface.c:101 ../parser_interface.c:105
+#: ../parser_interface.c:107
#, c-format
msgid "%s: Unable to replace \"%s\". "
msgstr ""
#: ../parser_interface.c:126 ../parser_interface.c:129
#: ../parser_interface.c:106 ../parser_interface.c:110
+#: ../parser_interface.c:112
#, c-format
msgid "%s: Unable to remove \"%s\". "
msgstr ""
#: ../parser_interface.c:131 ../parser_interface.c:134
#: ../parser_interface.c:111 ../parser_interface.c:115
+#: ../parser_interface.c:117
#, c-format
msgid "%s: Unable to write to stdout\n"
msgstr ""
#: ../parser_interface.c:135 ../parser_interface.c:138
#: ../parser_interface.c:115 ../parser_interface.c:119
+#: ../parser_interface.c:121
#, c-format
msgid "%s: Unable to write to output file\n"
msgstr ""
@@ -125,24 +129,28 @@ msgstr ""
#: ../parser_interface.c:141 ../parser_interface.c:165
#: ../parser_interface.c:118 ../parser_interface.c:142
#: ../parser_interface.c:123 ../parser_interface.c:147
+#: ../parser_interface.c:125 ../parser_interface.c:149
#, c-format
msgid "%s: ASSERT: Invalid option: %d\n"
msgstr ""
#: ../parser_interface.c:147 ../parser_interface.c:150
#: ../parser_interface.c:127 ../parser_interface.c:132
+#: ../parser_interface.c:134
#, c-format
msgid "Addition succeeded for \"%s\".\n"
msgstr ""
#: ../parser_interface.c:151 ../parser_interface.c:154
#: ../parser_interface.c:131 ../parser_interface.c:136
+#: ../parser_interface.c:138
#, c-format
msgid "Replacement succeeded for \"%s\".\n"
msgstr ""
#: ../parser_interface.c:155 ../parser_interface.c:158
#: ../parser_interface.c:135 ../parser_interface.c:140
+#: ../parser_interface.c:142
#, c-format
msgid "Removal succeeded for \"%s\".\n"
msgstr ""
@@ -154,6 +162,7 @@ msgstr ""
#: ../parser_interface.c:656 ../parser_interface.c:658
#: ../parser_interface.c:446 ../parser_interface.c:476
+#: ../parser_interface.c:542
#, c-format
msgid "profile %s network rules not enforced\n"
msgstr ""
@@ -199,16 +208,18 @@ msgstr ""
#: ../parser_interface.c:839 ../parser_interface.c:831
#: ../parser_interface.c:593 ../parser_interface.c:579
+#: ../parser_interface.c:673
#, c-format
msgid "%s: Unable to write entire profile entry to cache\n"
msgstr ""
-#: parser_lex.l:100 parser_lex.l:163 parser_lex.l:169
+#: parser_lex.l:100 parser_lex.l:163 parser_lex.l:169 parser_lex.l:192
#, c-format
msgid "Could not open '%s'"
msgstr ""
#: parser_lex.l:104 parser_lex.l:167 parser_lex.l:173 parser_lex.l:174
+#: parser_lex.l:197
#, c-format
msgid "fstat failed for '%s'"
msgstr ""
@@ -223,7 +234,7 @@ msgstr ""
msgid "stat failed for '%s'"
msgstr ""
-#: parser_lex.l:155 parser_lex.l:133 parser_lex.l:139
+#: parser_lex.l:155 parser_lex.l:133 parser_lex.l:139 parser_lex.l:148
#, c-format
msgid "Could not open '%s' in '%s'"
msgstr ""
@@ -235,6 +246,7 @@ msgid "Found unexpected character: '%s'"
msgstr ""
#: parser_lex.l:386 parser_lex.l:418 parser_lex.l:428 parser_lex.l:474
+#: parser_lex.l:516
msgid "Variable declarations do not accept trailing commas"
msgstr ""
@@ -254,7 +266,7 @@ msgid "%s: Could not allocate memory for subdomainbase mount point\n"
msgstr ""
#: ../parser_main.c:577 ../parser_main.c:616 ../parser_main.c:479
-#: ../parser_main.c:1444
+#: ../parser_main.c:1444 ../parser_main.c:1654
#, c-format
msgid ""
"Warning: unable to find a suitable fs in %s, is it mounted?\n"
@@ -270,7 +282,7 @@ msgid ""
msgstr ""
#: ../parser_main.c:604 ../parser_main.c:642 ../parser_main.c:505
-#: ../parser_main.c:828
+#: ../parser_main.c:828 ../parser_main.c:891
#, c-format
msgid ""
"%s: Warning! You've set this program setuid root.\n"
@@ -280,6 +292,7 @@ msgstr ""
#: ../parser_main.c:704 ../parser_main.c:813 ../parser_main.c:836
#: ../parser_main.c:946 ../parser_main.c:860 ../parser_main.c:1038
+#: ../parser_main.c:1127
#, c-format
msgid "Error: Could not read profile %s: %s.\n"
msgstr ""
@@ -308,29 +321,36 @@ msgstr ""
#: parser_yacc.y:1278 parser_yacc.y:1288 parser_yacc.y:1382 parser_yacc.y:1460
#: parser_yacc.y:1592 parser_yacc.y:1597 parser_yacc.y:1674 parser_yacc.y:1692
#: parser_yacc.y:1699 parser_yacc.y:1748 ../network.c:315 ../af_unix.cc:194
+#: ../parser_misc.c:226 ../parser_misc.c:970 parser_yacc.y:379
+#: parser_yacc.y:403 parser_yacc.y:571 parser_yacc.y:581 parser_yacc.y:673
+#: parser_yacc.y:744 parser_yacc.y:1073 parser_yacc.y:1160 parser_yacc.y:1169
+#: parser_yacc.y:1173 parser_yacc.y:1183 parser_yacc.y:1193 parser_yacc.y:1287
+#: parser_yacc.y:1365 parser_yacc.y:1561 parser_yacc.y:1569 parser_yacc.y:1619
+#: parser_yacc.y:1624 parser_yacc.y:1701 parser_yacc.y:1750 ../network.cc:945
+#: ../af_unix.cc:197 ../all_rule.cc:102 ../all_rule.cc:131
msgid "Memory allocation error."
msgstr ""
#: ../parser_main.c:740 ../parser_main.c:872 ../parser_main.c:757
-#: ../parser_main.c:975
+#: ../parser_main.c:975 ../parser_main.c:1062
#, c-format
msgid "Cached load succeeded for \"%s\".\n"
msgstr ""
#: ../parser_main.c:744 ../parser_main.c:876 ../parser_main.c:761
-#: ../parser_main.c:979
+#: ../parser_main.c:979 ../parser_main.c:1066
#, c-format
msgid "Cached reload succeeded for \"%s\".\n"
msgstr ""
#: ../parser_main.c:910 ../parser_main.c:1058 ../parser_main.c:967
-#: ../parser_main.c:1132
+#: ../parser_main.c:1132 ../parser_main.c:1221
#, c-format
msgid "%s: Errors found in file. Aborting.\n"
msgstr ""
#: ../parser_misc.c:426 ../parser_misc.c:597 ../parser_misc.c:339
-#: ../parser_misc.c:532
+#: ../parser_misc.c:532 ../parser_misc.c:563
msgid ""
"Uppercase qualifiers \"RWLIMX\" are deprecated, please convert to lowercase\n"
"See the apparmor.d(5) manpage for details.\n"
@@ -338,17 +358,18 @@ msgstr ""
#: ../parser_misc.c:467 ../parser_misc.c:474 ../parser_misc.c:638
#: ../parser_misc.c:645 ../parser_misc.c:380 ../parser_misc.c:387
-#: ../parser_misc.c:573 ../parser_misc.c:580
+#: ../parser_misc.c:573 ../parser_misc.c:580 ../parser_misc.c:604
+#: ../parser_misc.c:611
msgid "Conflict 'a' and 'w' perms are mutually exclusive."
msgstr ""
#: ../parser_misc.c:491 ../parser_misc.c:662 ../parser_misc.c:404
-#: ../parser_misc.c:597
+#: ../parser_misc.c:597 ../parser_misc.c:628
msgid "Exec qualifier 'i' invalid, conflicting qualifier already specified"
msgstr ""
#: ../parser_misc.c:502 ../parser_misc.c:673 ../parser_misc.c:415
-#: ../parser_misc.c:608
+#: ../parser_misc.c:608 ../parser_misc.c:639
#, c-format
msgid ""
"Unconfined exec qualifier (%c%c) allows some dangerous environment variables "
@@ -357,14 +378,16 @@ msgstr ""
#: ../parser_misc.c:510 ../parser_misc.c:551 ../parser_misc.c:681
#: ../parser_misc.c:722 ../parser_misc.c:423 ../parser_misc.c:464
-#: ../parser_misc.c:616 ../parser_misc.c:657
+#: ../parser_misc.c:616 ../parser_misc.c:657 ../parser_misc.c:647
+#: ../parser_misc.c:688
#, c-format
msgid "Exec qualifier '%c' invalid, conflicting qualifier already specified"
msgstr ""
#: ../parser_misc.c:537 ../parser_misc.c:545 ../parser_misc.c:708
#: ../parser_misc.c:716 ../parser_misc.c:450 ../parser_misc.c:458
-#: ../parser_misc.c:643 ../parser_misc.c:651
+#: ../parser_misc.c:643 ../parser_misc.c:651 ../parser_misc.c:674
+#: ../parser_misc.c:682
#, c-format
msgid "Exec qualifier '%c%c' invalid, conflicting qualifier already specified"
msgstr ""
@@ -376,7 +399,7 @@ msgid "Internal: unexpected mode character '%c' in input"
msgstr ""
#: ../parser_misc.c:615 ../parser_misc.c:786 ../parser_misc.c:528
-#: ../parser_misc.c:721
+#: ../parser_misc.c:721 ../parser_misc.c:752
#, c-format
msgid "Internal error generated invalid perm 0x%llx\n"
msgstr ""
@@ -388,12 +411,12 @@ msgid "AppArmor parser error: %s\n"
msgstr ""
#: ../parser_merge.c:92 ../parser_merge.c:91 ../parser_merge.c:83
-#: ../parser_merge.c:71
+#: ../parser_merge.c:71 ../parser_merge.c:77
msgid "Couldn't merge entries. Out of Memory\n"
msgstr ""
#: ../parser_merge.c:111 ../parser_merge.c:113 ../parser_merge.c:105
-#: ../parser_merge.c:93
+#: ../parser_merge.c:93 ../parser_merge.c:100
#, c-format
msgid "profile %s: has merged rule %s with conflicting x modifiers\n"
msgstr ""
@@ -403,28 +426,34 @@ msgid "Profile attachment must begin with a '/'."
msgstr ""
#: parser_yacc.y:260 parser_yacc.y:302 parser_yacc.y:348 parser_yacc.y:407
+#: parser_yacc.y:446
msgid ""
"Profile names must begin with a '/', namespace or keyword 'profile' or 'hat'."
msgstr ""
#: parser_yacc.y:296 parser_yacc.y:338 parser_yacc.y:384 parser_yacc.y:449
+#: parser_yacc.y:487
#, c-format
msgid "Failed to create alias %s -> %s\n"
msgstr ""
#: parser_yacc.y:417 parser_yacc.y:460 parser_yacc.y:506 parser_yacc.y:581
+#: ../profile.h:272
msgid "Profile flag chroot_relative conflicts with namespace_relative"
msgstr ""
#: parser_yacc.y:421 parser_yacc.y:464 parser_yacc.y:510 parser_yacc.y:585
+#: ../profile.h:276
msgid "Profile flag mediate_deleted conflicts with delegate_deleted"
msgstr ""
#: parser_yacc.y:424 parser_yacc.y:467 parser_yacc.y:513 parser_yacc.y:588
+#: ../profile.h:279
msgid "Profile flag attach_disconnected conflicts with no_attach_disconnected"
msgstr ""
#: parser_yacc.y:427 parser_yacc.y:470 parser_yacc.y:516 parser_yacc.y:591
+#: ../profile.h:282
msgid "Profile flag chroot_attach conflicts with chroot_no_attach"
msgstr ""
@@ -433,12 +462,13 @@ msgid "Profile flag 'debug' is no longer valid."
msgstr ""
#: parser_yacc.y:463 parser_yacc.y:506 parser_yacc.y:552 parser_yacc.y:629
+#: ../profile.h:220
#, c-format
msgid "Invalid profile flag: %s."
msgstr ""
#: parser_yacc.y:498 parser_yacc.y:520 parser_yacc.y:548 parser_yacc.y:594
-#: parser_yacc.y:673
+#: parser_yacc.y:673 parser_yacc.y:687
msgid "Assert: `rule' returned NULL."
msgstr ""
@@ -464,55 +494,66 @@ msgid "Assert: `network_rule' return invalid protocol."
msgstr ""
#: parser_yacc.y:649 parser_yacc.y:696 parser_yacc.y:786 parser_yacc.y:867
+#: parser_yacc.y:776
msgid "Assert: `change_profile' returned NULL."
msgstr ""
#: parser_yacc.y:680 parser_yacc.y:720 parser_yacc.y:810 parser_yacc.y:905
+#: parser_yacc.y:814
msgid "Assert: 'hat rule' returned NULL."
msgstr ""
#: parser_yacc.y:689 parser_yacc.y:729 parser_yacc.y:819 parser_yacc.y:914
+#: parser_yacc.y:823
msgid "Assert: 'local_profile rule' returned NULL."
msgstr ""
#: parser_yacc.y:824 parser_yacc.y:885 parser_yacc.y:992 parser_yacc.y:1077
+#: ../cond_expr.cc:36
#, c-format
msgid "Unset boolean variable %s used in if-expression"
msgstr ""
#: parser_yacc.y:882 parser_yacc.y:986 parser_yacc.y:1092 parser_yacc.y:1181
+#: parser_yacc.y:1083
msgid "unsafe rule missing exec permissions"
msgstr ""
#: parser_yacc.y:901 parser_yacc.y:954 parser_yacc.y:1060 parser_yacc.y:1148
+#: parser_yacc.y:1050
msgid "subset can only be used with link rules."
msgstr ""
#: parser_yacc.y:903 parser_yacc.y:956 parser_yacc.y:1062 parser_yacc.y:1150
+#: parser_yacc.y:1052
msgid "link and exec perms conflict on a file rule using ->"
msgstr ""
#: parser_yacc.y:905 parser_yacc.y:958 parser_yacc.y:1064 parser_yacc.y:1152
+#: parser_yacc.y:1054
msgid "link perms are not allowed on a named profile transition.\n"
msgstr ""
#: parser_yacc.y:921 parser_yacc.y:1003 parser_yacc.y:1109 parser_yacc.y:1198
+#: parser_yacc.y:1100
#, c-format
msgid "missing an end of line character? (entry: %s)"
msgstr ""
#: parser_yacc.y:975 parser_yacc.y:985 parser_yacc.y:1057 parser_yacc.y:1067
#: parser_yacc.y:1145 parser_yacc.y:1155 parser_yacc.y:1234 parser_yacc.y:1244
+#: ../network.cc:515
msgid "Invalid network entry."
msgstr ""
#: parser_yacc.y:1039 parser_yacc.y:1048 parser_yacc.y:1254 parser_yacc.y:1510
-#: parser_yacc.y:1617
+#: parser_yacc.y:1617 parser_yacc.y:1644
#, c-format
msgid "Invalid capability %s."
msgstr ""
#: parser_yacc.y:1066 parser_yacc.y:1269 parser_yacc.y:1525 parser_yacc.y:1637
+#: parser_yacc.y:1664
#, c-format
msgid "AppArmor parser error for %s%s%s at line %d: %s\n"
msgstr ""
@@ -560,13 +601,13 @@ msgid "%s: Unable to parse input line '%s'\n"
msgstr ""
#: ../parser_regex.c:397 ../parser_regex.c:405 ../parser_regex.c:421
-#: ../parser_regex.c:487
+#: ../parser_regex.c:487 ../parser_regex.c:491
#, c-format
msgid "%s: Invalid profile name '%s' - bad regular expression\n"
msgstr ""
#: ../parser_policy.c:202 ../parser_policy.c:402 ../parser_policy.c:375
-#: ../parser_policy.c:383
+#: ../parser_policy.c:383 ../parser_policy.c:231
#, c-format
msgid "ERROR merging rules for profile %s, failed to load\n"
msgstr ""
@@ -580,19 +621,19 @@ msgid ""
msgstr ""
#: ../parser_policy.c:279 ../parser_policy.c:359 ../parser_policy.c:332
-#: ../parser_policy.c:340
+#: ../parser_policy.c:340 ../parser_policy.c:193
#, c-format
msgid "ERROR processing regexs for profile %s, failed to load\n"
msgstr ""
#: ../parser_policy.c:306 ../parser_policy.c:389 ../parser_policy.c:362
-#: ../parser_policy.c:370
+#: ../parser_policy.c:370 ../parser_policy.c:218
#, c-format
msgid "ERROR expanding variables for profile %s, failed to load\n"
msgstr ""
#: ../parser_policy.c:390 ../parser_policy.c:382 ../parser_policy.c:355
-#: ../parser_policy.c:363
+#: ../parser_policy.c:363 ../profile.cc:366
#, c-format
msgid "ERROR adding hat access rule for profile %s\n"
msgstr ""
@@ -622,7 +663,7 @@ msgstr ""
msgid "%s: Errors found in combining rules postprocessing. Aborting.\n"
msgstr ""
-#: parser_lex.l:180 parser_lex.l:186 parser_lex.l:187
+#: parser_lex.l:180 parser_lex.l:186 parser_lex.l:187 parser_lex.l:211
#, c-format
msgid "Could not process include directory '%s' in '%s'"
msgstr ""
@@ -634,6 +675,8 @@ msgstr ""
#: ../parser_main.c:1115 ../parser_main.c:1132 ../parser_main.c:1024
#: ../parser_main.c:1041 ../parser_main.c:1332 ../parser_main.c:1354
#: ../parser_misc.c:280 ../parser_misc.c:299 ../parser_misc.c:308
+#: ../parser_main.c:1511 ../parser_main.c:1535 ../parser_misc.c:310
+#: ../parser_misc.c:329 ../parser_misc.c:338
msgid "Out of memory"
msgstr ""
@@ -682,20 +725,20 @@ msgstr ""
msgid "owner prefix not allow on capability rules"
msgstr ""
-#: parser_yacc.y:1357 parser_yacc.y:1613 parser_yacc.y:1722
+#: parser_yacc.y:1357 parser_yacc.y:1613 parser_yacc.y:1722 parser_yacc.y:1724
#, c-format
msgid "invalid mount conditional %s%s"
msgstr ""
-#: parser_yacc.y:1374 parser_yacc.y:1628 parser_yacc.y:1737
+#: parser_yacc.y:1374 parser_yacc.y:1628 parser_yacc.y:1737 parser_yacc.y:1739
msgid "bad mount rule"
msgstr ""
-#: parser_yacc.y:1381 parser_yacc.y:1635 parser_yacc.y:1744
+#: parser_yacc.y:1381 parser_yacc.y:1635 parser_yacc.y:1744 parser_yacc.y:1746
msgid "mount point conditions not currently supported"
msgstr ""
-#: parser_yacc.y:1398 parser_yacc.y:1650 parser_yacc.y:1759
+#: parser_yacc.y:1398 parser_yacc.y:1650 parser_yacc.y:1759 parser_yacc.y:1761
#, c-format
msgid "invalid pivotroot conditional '%s'"
msgstr ""
@@ -712,11 +755,13 @@ msgid "%s: Regex grouping error: Exceeded maximum nesting of {}\n"
msgstr ""
#: ../parser_policy.c:366 ../parser_policy.c:339 ../parser_policy.c:347
+#: ../parser_policy.c:200
#, c-format
msgid "ERROR processing policydb rules for profile %s, failed to load\n"
msgstr ""
#: ../parser_policy.c:396 ../parser_policy.c:369 ../parser_policy.c:377
+#: ../parser_policy.c:225
#, c-format
msgid "ERROR replacing aliases for profile %s, failed to load\n"
msgstr ""
@@ -741,7 +786,7 @@ msgstr ""
msgid "Internal: unexpected %s mode character '%c' in input"
msgstr ""
-#: ../parser_misc.c:599 ../parser_misc.c:792
+#: ../parser_misc.c:599 ../parser_misc.c:792 ../parser_misc.c:823
#, c-format
msgid "Internal error generated invalid %s perm 0x%x\n"
msgstr ""
@@ -766,16 +811,16 @@ msgstr ""
msgid "owner prefix not allowed on unix rules"
msgstr ""
-#: parser_yacc.y:794 parser_yacc.y:885
+#: parser_yacc.y:794 parser_yacc.y:885 ../all_rule.cc:141
msgid "owner prefix not allowed on capability rules"
msgstr ""
-#: parser_yacc.y:1293 parser_yacc.y:1377
+#: parser_yacc.y:1293 parser_yacc.y:1377 parser_yacc.y:1282
#, c-format
msgid "dbus rule: invalid conditional group %s=()"
msgstr ""
-#: parser_yacc.y:1371 parser_yacc.y:1455
+#: parser_yacc.y:1371 parser_yacc.y:1455 parser_yacc.y:1360
#, c-format
msgid "unix rule: invalid conditional group %s=()"
msgstr ""
@@ -785,183 +830,183 @@ msgstr ""
msgid "%s: Regex error: trailing '\\' escape character\n"
msgstr ""
-#: ../parser_common.c:112
+#: ../parser_common.c:112 ../parser_common.c:139
#, c-format
msgid "%s from %s (%s%sline %d): %s"
msgstr ""
-#: ../parser_common.c:113
+#: ../parser_common.c:113 ../parser_common.c:140
msgid "Warning converted to Error"
msgstr ""
-#: ../parser_common.c:113
+#: ../parser_common.c:113 ../parser_common.c:140
msgid "Warning"
msgstr ""
-#: ../parser_interface.c:524
+#: ../parser_interface.c:524 ../parser_interface.c:618
#, c-format
msgid "Unable to open stdout - %s\n"
msgstr ""
-#: ../parser_interface.c:533
+#: ../parser_interface.c:533 ../parser_interface.c:627
#, c-format
msgid "Unable to open output file - %s\n"
msgstr ""
-#: parser_lex.l:326
+#: parser_lex.l:326 parser_lex.l:363
msgid "Failed to process filename\n"
msgstr ""
-#: parser_lex.l:720
+#: parser_lex.l:720 parser_lex.l:799
#, c-format
msgid "Lexer found unexpected character: '%s' (0x%x) in state: %s"
msgstr ""
-#: ../parser_main.c:915
+#: ../parser_main.c:915 ../parser_main.c:1002
#, c-format
msgid "Unable to print the cache directory: %m\n"
msgstr ""
-#: ../parser_main.c:951
+#: ../parser_main.c:951 ../parser_main.c:1038
#, c-format
msgid "Error: Could not load profile %s: %s\n"
msgstr ""
-#: ../parser_main.c:961
+#: ../parser_main.c:961 ../parser_main.c:1048
#, c-format
msgid "Error: Could not replace profile %s: %s\n"
msgstr ""
-#: ../parser_main.c:966
+#: ../parser_main.c:966 ../parser_main.c:1053
#, c-format
msgid "Error: Invalid load option specified: %d\n"
msgstr ""
-#: ../parser_main.c:1077
+#: ../parser_main.c:1077 ../parser_main.c:1166
#, c-format
msgid "Could not get cachename for '%s'\n"
msgstr ""
-#: ../parser_main.c:1434
+#: ../parser_main.c:1434 ../parser_main.c:1644
msgid "Kernel features abi not found"
msgstr ""
-#: ../parser_main.c:1438
+#: ../parser_main.c:1438 ../parser_main.c:1648
msgid "Failed to add kernel capabilities to known capabilities set"
msgstr ""
-#: ../parser_main.c:1465
+#: ../parser_main.c:1465 ../parser_main.c:1675
#, c-format
msgid "Failed to clear cache files (%s): %s\n"
msgstr ""
-#: ../parser_main.c:1474
+#: ../parser_main.c:1474 ../parser_main.c:1684
msgid ""
"The --create-cache-dir option is deprecated. Please use --write-cache.\n"
msgstr ""
-#: ../parser_main.c:1479
+#: ../parser_main.c:1479 ../parser_main.c:1689
#, c-format
msgid "Failed setting up policy cache (%s): %s\n"
msgstr ""
-#: ../parser_misc.c:904
+#: ../parser_misc.c:904 ../parser_misc.c:935
#, c-format
msgid "Namespace not terminated: %s\n"
msgstr ""
-#: ../parser_misc.c:906
+#: ../parser_misc.c:906 ../parser_misc.c:937
#, c-format
msgid "Empty namespace: %s\n"
msgstr ""
-#: ../parser_misc.c:908
+#: ../parser_misc.c:908 ../parser_misc.c:939
#, c-format
msgid "Empty named transition profile name: %s\n"
msgstr ""
-#: ../parser_misc.c:910
+#: ../parser_misc.c:910 ../parser_misc.c:941
#, c-format
msgid "Unknown error while parsing label: %s\n"
msgstr ""
-#: parser_yacc.y:306
+#: parser_yacc.y:306 parser_yacc.y:334
msgid "Failed to setup default policy feature abi"
msgstr ""
-#: parser_yacc.y:308
+#: parser_yacc.y:308 parser_yacc.y:336
#, c-format
msgid ""
"%s: File '%s' missing feature abi, falling back to default policy feature "
"abi\n"
msgstr ""
-#: parser_yacc.y:313
+#: parser_yacc.y:313 parser_yacc.y:341
msgid "Failed to add policy capabilities to known capabilities set"
msgstr ""
-#: parser_yacc.y:350
+#: parser_yacc.y:350 parser_yacc.y:386
msgid "Profile names must begin with a '/' or a namespace"
msgstr ""
-#: parser_yacc.y:372
+#: parser_yacc.y:372 parser_yacc.y:408
msgid "Profile attachment must begin with a '/' or variable."
msgstr ""
-#: parser_yacc.y:375
+#: parser_yacc.y:375 parser_yacc.y:411
#, c-format
msgid "profile id: invalid conditional group %s=()"
msgstr ""
-#: parser_yacc.y:404
+#: parser_yacc.y:404 parser_yacc.y:443
msgid ""
"The use of file paths as profile names is deprecated. See man apparmor.d for "
"more information\n"
msgstr ""
-#: parser_yacc.y:573
+#: parser_yacc.y:573 ../profile.h:264
#, c-format
msgid "Profile flag '%s' conflicts with '%s'"
msgstr ""
-#: parser_yacc.y:954
+#: parser_yacc.y:954 parser_yacc.y:862
msgid "RLIMIT 'cpu' no units specified using default units of seconds\n"
msgstr ""
-#: parser_yacc.y:966
+#: parser_yacc.y:966 parser_yacc.y:874
msgid ""
"RLIMIT 'rttime' no units specified using default units of microseconds\n"
msgstr ""
-#: parser_yacc.y:1582
+#: parser_yacc.y:1582 parser_yacc.y:1609
msgid "Exec condition is required when unsafe or safe keywords are present"
msgstr ""
-#: parser_yacc.y:1584
+#: parser_yacc.y:1584 parser_yacc.y:1611
msgid "Exec condition must begin with '/'."
msgstr ""
-#: parser_yacc.y:1643
+#: parser_yacc.y:1643 parser_yacc.y:1670
#, c-format
msgid "AppArmor parser error at line %d: %s\n"
msgstr ""
-#: parser_yacc.y:1790
+#: parser_yacc.y:1790 parser_yacc.y:1797
#, c-format
msgid "Could not open '%s': %m"
msgstr ""
-#: parser_yacc.y:1795
+#: parser_yacc.y:1795 parser_yacc.y:1802
#, c-format
msgid "fstat failed for '%s': %m"
msgstr ""
-#: parser_yacc.y:1809
+#: parser_yacc.y:1809 parser_yacc.y:1816
#, c-format
msgid "failed to find features abi '%s': %m"
msgstr ""
-#: parser_yacc.y:1813
+#: parser_yacc.y:1813 parser_yacc.y:1821
#, c-format
msgid ""
"%s: %s features abi '%s' differs from policy declared feature abi, using the "
@@ -973,7 +1018,124 @@ msgstr ""
msgid "%s: Invalid glob type %d\n"
msgstr ""
-#: ../parser_regex.c:693
+#: ../parser_regex.c:693 ../parser_regex.c:721
#, c-format
msgid "The current kernel does not support stacking of named transitions: %s\n"
msgstr ""
+
+#: ../parser_interface.c:76
+#, c-format
+msgid ""
+"%s: Permission denied. You need policy admin privileges to manage profiles.\n"
+"\n"
+msgstr ""
+
+#: ../parser_interface.c:80
+#, c-format
+msgid ""
+"%s: Access denied. You need policy admin privileges to manage profiles.\n"
+"\n"
+msgstr ""
+
+#: parser_lex.l:653 parser_lex.l:668
+msgid "deprecated use of '#include'\n"
+msgstr ""
+
+#: ../parser_misc.c:730
+#, c-format
+msgid "Internal: unexpected perms character '%c' in input"
+msgstr ""
+
+#: ../parser_misc.c:799
+#, c-format
+msgid "Internal: unexpected %s perms character '%c' in input"
+msgstr ""
+
+#: ../parser_misc.c:1100
+msgid ""
+"Invalid perms, in deny rules 'x' must not be preceded by exec qualifier 'i', "
+"'p', or 'u'"
+msgstr ""
+
+#: ../parser_misc.c:1104
+msgid "Invalid perms, 'x' must be preceded by exec qualifier 'i', 'p', or 'u'"
+msgstr ""
+
+#: parser_yacc.y:689 parser_yacc.y:716 ../all_rule.cc:105 ../all_rule.cc:134
+#, c-format
+msgid "%s"
+msgstr ""
+
+#: parser_yacc.y:705
+msgid "priority is not allowed on rule blocks"
+msgstr ""
+
+#: parser_yacc.y:778
+msgid "owner conditional not allowed on unix rules"
+msgstr ""
+
+#: parser_yacc.y:794
+msgid "owner conditional not allowed on capability rules"
+msgstr ""
+
+#: parser_yacc.y:1119 parser_yacc.y:1132 parser_yacc.y:1146
+#, c-format
+msgid "network rule: invalid conditional group %s=()"
+msgstr ""
+
+#: parser_yacc.y:1827
+msgid "failed features abi not set but include cache skipped\n"
+msgstr ""
+
+#: ../parser_variable.c:295
+msgid "attach_disconnected_path value must begin with a /"
+msgstr ""
+
+#: ../mount.cc:903
+msgid ""
+"The use of source as mount point for propagation type flags is deprecated.\n"
+msgstr ""
+
+#: ../network.h:202
+msgid "priority prefix not allowed on network rules"
+msgstr ""
+
+#: ../network.h:206
+msgid "owner prefix not allowed on network rules"
+msgstr ""
+
+#: ../profile.h:287
+#, c-format
+msgid ""
+"Profile flag attach_disconnected set to conflicting values: '%s' and '%s'"
+msgstr ""
+
+#: ../profile.h:297
+#, c-format
+msgid "Profile flag kill.signal set to conflicting values: '%d' and '%d'"
+msgstr ""
+
+#: ../profile.h:307
+#, c-format
+msgid "Profile flag error set to conflicting values: '%s' and '%s'"
+msgstr ""
+
+#: ../userns.h:36
+msgid "owner prefix not allowed on userns rules"
+msgstr ""
+
+#: ../mqueue.h:106
+msgid "owner prefix not allowed on mqueue rules"
+msgstr ""
+
+#: ../io_uring.h:42
+msgid "owner prefix not allowed on io_uring rules"
+msgstr ""
+
+#: ../all_rule.h:36
+msgid "priority prefix not allowed on all rules"
+msgstr ""
+
+#: ../all_rule.h:40
+msgid "owner prefix not allowed on all rules"
+msgstr ""
diff --git a/parser/pod2htmd.tmp b/parser/pod2htmd.tmp
deleted file mode 100644
index 61e86d9f1b8a5072b5e67872d7c2f8b1e9a79cee..0000000000000000000000000000000000000000
--- a/parser/pod2htmd.tmp
+++ /dev/null
@@ -1,2 +0,0 @@
-
-.
diff --git a/parser/policydb.h b/parser/policydb.h
index 53b80090ccf43816f4f9ebbbb380eb4ca5d08cf5..4bb7070e431aea909e3c6ff4ddc8cb573034d2cd 100644
--- a/parser/policydb.h
+++ b/parser/policydb.h
@@ -32,10 +32,21 @@
#define AA_CLASS_NS_DOMAIN 8
#define AA_CLASS_PTRACE 9
#define AA_CLASS_SIGNAL 10
+#define AA_CLASS_XMATCH 11
+#define AA_CLASS_ENV 12
+#define AA_CLASS_ARGV 13
#define AA_CLASS_NETV8 14
#define AA_CLASS_LABEL 16
+#define AA_CLASS_POSIX_MQUEUE 17
+#define AA_CLASS_SYSV_MQUEUE 18
+#define AA_CLASS_MODULE 19
+#define AA_CLASS_DISPLAY_LSM 20
+#define AA_CLASS_NS 21
+#define AA_CLASS_IO_URING 22
+#define AA_CLASS_X 31
/* defined in libapparmor's apparmor.h #define AA_CLASS_DBUS 32 */
-#define AA_CLASS_X 33
+
+extern const char *aa_class_table[];
#endif /* __AA_POLICYDB_H */
diff --git a/parser/profile.cc b/parser/profile.cc
index a3b982affcb3afac8e65f3cd5ceb05fc3a77891d..71f423b0f64977f67d452e6228d94a470c12c279 100644
--- a/parser/profile.cc
+++ b/parser/profile.cc
@@ -14,9 +14,12 @@
#include "profile.h"
#include "rule.h"
+#include "parser.h"
#include <stdio.h>
#include <stdlib.h>
+#include <vector>
+#include <algorithm>
const char *profile_mode_table[] = {
"",
@@ -24,6 +27,9 @@ const char *profile_mode_table[] = {
"complain",
"kill",
"unconfined",
+ "prompt",
+ "default_allow",
+ "conflict" /* should not ever be displayed */
};
bool deref_profileptr_lt::operator()(Profile * const &lhs, Profile * const &rhs) const
@@ -67,20 +73,6 @@ void ProfileList::dump_profile_names(bool children)
}
}
-bool Profile::alloc_net_table()
-{
- if (net.allow)
- return true;
- net.allow = (unsigned int *) calloc(get_af_max(), sizeof(unsigned int));
- net.audit = (unsigned int *) calloc(get_af_max(), sizeof(unsigned int));
- net.deny = (unsigned int *) calloc(get_af_max(), sizeof(unsigned int));
- net.quiet = (unsigned int *) calloc(get_af_max(), sizeof(unsigned int));
- if (!net.allow || !net.audit || !net.deny || !net.quiet)
- return false;
-
- return true;
-}
-
Profile::~Profile()
{
hat_table.clear();
@@ -103,18 +95,283 @@ Profile::~Profile()
free(name);
if (attachment)
free(attachment);
+ if (flags.disconnected_path)
+ free(flags.disconnected_path);
if (ns)
free(ns);
for (int i = (AA_EXEC_LOCAL >> 10) + 1; i < AA_EXEC_COUNT; i++)
if (exec_table[i])
free(exec_table[i]);
- if (net.allow)
- free(net.allow);
- if (net.audit)
- free(net.audit);
- if (net.deny)
- free(net.deny);
- if (net.quiet)
- free(net.quiet);
}
+static bool comp (rule_t *lhs, rule_t *rhs)
+{
+ return (*lhs < *rhs);
+}
+
+// TODO: move to block rule
+// returns number of rules merged
+// returns negative number on error
+int Profile::merge_rules(void)
+{
+ int count = 0;
+ std::vector<rule_t *> table;
+
+ for (RuleList::iterator i = rule_ents.begin(); i != rule_ents.end(); i++) {
+ if ((*i)->is_mergeable() && !(*i)->skip())
+ table.push_back(*i);
+ }
+ if (table.size() < 2)
+ return 0;
+ std::sort(table.begin(), table.end(), comp);
+ unsigned long n = table.size();
+ for (unsigned long i = 0, j = 1; j < n; j++) {
+ if (table[j]->skip())
+ continue;
+ if (table[i]->cmp(*table[j]) == 0) {
+ if (table[i]->merge(*table[j]))
+ count++;
+ continue;
+ }
+ i = j;
+ }
+
+ return count;
+}
+
+
+int add_entry_to_x_table(Profile *prof, char *name)
+{
+ int i;
+ for (i = (AA_EXEC_LOCAL >> 10) + 1; i < AA_EXEC_COUNT; i++) {
+ if (!prof->exec_table[i]) {
+ prof->exec_table[i] = name;
+ return i;
+ } else if (strcmp(prof->exec_table[i], name) == 0) {
+ /* name already in table */
+ free(name);
+ return i;
+ }
+ }
+ free(name);
+ return 0;
+}
+
+void add_entry_to_policy(Profile *prof, struct cod_entry *entry)
+{
+ entry->next = prof->entries;
+ prof->entries = entry;
+ if (entry->rule_mode == RULE_PROMPT)
+ prof->uses_prompt_rules = true;
+}
+
+static int add_named_transition(Profile *prof, struct cod_entry *entry)
+{
+ char *name = NULL;
+
+ /* check to see if it is a local transition */
+ if (!label_contains_ns(entry->nt_name)) {
+ char *sub = strstr(entry->nt_name, "//");
+ /* does the subprofile name match the rule */
+
+ if (sub && strncmp(prof->name, sub, sub - entry->nt_name) &&
+ strcmp(sub + 2, entry->name) == 0) {
+ free(entry->nt_name);
+ entry->nt_name = NULL;
+ return AA_EXEC_LOCAL >> 10;
+ } else if (((entry->perms & AA_USER_EXEC_MODIFIERS) ==
+ SHIFT_PERMS(AA_EXEC_LOCAL, AA_USER_SHIFT)) ||
+ ((entry->perms & AA_OTHER_EXEC_MODIFIERS) ==
+ SHIFT_PERMS(AA_EXEC_LOCAL, AA_OTHER_SHIFT))) {
+ if (strcmp(entry->nt_name, entry->name) == 0) {
+ free(entry->nt_name);
+ entry->nt_name = NULL;
+ return AA_EXEC_LOCAL >> 10;
+ }
+ /* specified as cix so profile name is implicit */
+ name = (char *) malloc(strlen(prof->name) + strlen(entry->nt_name)
+ + 3);
+ if (!name) {
+ PERROR("Memory allocation error\n");
+ exit(1);
+ }
+ sprintf(name, "%s//%s", prof->name, entry->nt_name);
+ free(entry->nt_name);
+ entry->nt_name = NULL;
+ } else {
+ /**
+ * pass control of the memory pointed to by nt_name
+ * from entry to add_entry_to_x_table()
+ */
+ name = entry->nt_name;
+ entry->nt_name = NULL;
+ }
+ } else {
+ /**
+ * pass control of the memory pointed to by nt_name
+ * from entry to add_entry_to_x_table()
+ */
+ name = entry->nt_name;
+ entry->nt_name = NULL;
+ }
+
+ return add_entry_to_x_table(prof, name);
+}
+
+static bool add_proc_access(Profile *prof, const char *rule)
+{
+ /* FIXME: should use @{PROC}/@{PID}/attr/{apparmor/,}{current,exec} */
+ struct cod_entry *new_ent;
+ /* allow probe for new interfaces */
+ char *buffer = strdup("/proc/*/attr/apparmor/");
+ if (!buffer) {
+ PERROR("Memory allocation error\n");
+ return FALSE;
+ }
+ new_ent = new_entry(buffer, AA_MAY_READ, NULL);
+ if (!new_ent) {
+ free(buffer);
+ PERROR("Memory allocation error\n");
+ return FALSE;
+ }
+ add_entry_to_policy(prof, new_ent);
+
+ /* allow probe if apparmor is enabled for the old interface */
+ buffer = strdup("/sys/module/apparmor/parameters/enabled");
+ if (!buffer) {
+ PERROR("Memory allocation error\n");
+ return FALSE;
+ }
+ new_ent = new_entry(buffer, AA_MAY_READ, NULL);
+ if (!new_ent) {
+ free(buffer);
+ PERROR("Memory allocation error\n");
+ return FALSE;
+ }
+ add_entry_to_policy(prof, new_ent);
+
+ /* allow setting on new and old interfaces */
+ buffer = strdup(rule);
+ if (!buffer) {
+ PERROR("Memory allocation error\n");
+ return FALSE;
+ }
+ new_ent = new_entry(buffer, AA_MAY_WRITE, NULL);
+ if (!new_ent) {
+ free(buffer);
+ PERROR("Memory allocation error\n");
+ return FALSE;
+ }
+ add_entry_to_policy(prof, new_ent);
+
+ return TRUE;
+}
+
+#define CHANGEPROFILE_PATH "/proc/*/attr/{apparmor/,}{current,exec}"
+void post_process_file_entries(Profile *prof)
+{
+ struct cod_entry *entry;
+ perm32_t cp_perms = 0;
+
+ list_for_each(prof->entries, entry) {
+ if (entry->nt_name) {
+ perm32_t perms = 0;
+ int n = add_named_transition(prof, entry);
+ if (!n) {
+ PERROR("Profile %s has too many specified profile transitions.\n", prof->name);
+ exit(1);
+ }
+ if (entry->perms & AA_USER_EXEC)
+ perms |= SHIFT_PERMS(n << 10, AA_USER_SHIFT);
+ if (entry->perms & AA_OTHER_EXEC)
+ perms |= SHIFT_PERMS(n << 10, AA_OTHER_SHIFT);
+ entry->perms = ((entry->perms & ~AA_ALL_EXEC_MODIFIERS) |
+ (perms & AA_ALL_EXEC_MODIFIERS));
+ }
+ /* FIXME: currently change_profile also implies onexec */
+ cp_perms |= entry->perms & (AA_CHANGE_PROFILE);
+ }
+
+ /* if there are change_profile rules, this implies that we need
+ * access to some /proc/ interfaces
+ */
+ if (cp_perms & AA_CHANGE_PROFILE) {
+ if (!add_proc_access(prof, CHANGEPROFILE_PATH))
+ exit(1);
+ }
+}
+
+void post_process_rule_entries(Profile *prof)
+{
+ for (RuleList::iterator i = prof->rule_ents.begin(); i != prof->rule_ents.end(); i++) {
+ if ((*i)->skip())
+ continue;
+ (*i)->post_parse_profile(*prof);
+ }
+}
+
+
+#define CHANGEHAT_PATH "/proc/[0-9]*/attr/{apparmor/,}current"
+
+/* add file rules to access /proc files to call change_hat()
+ */
+static int profile_add_hat_rules(Profile *prof)
+{
+ /* don't add hat rules if not hat or profile doesn't have hats */
+ if (!(prof->flags.flags & FLAG_HAT) && prof->hat_table.empty())
+ return 0;
+
+ if (!add_proc_access(prof, CHANGEHAT_PATH))
+ return ENOMEM;
+
+ return 0;
+}
+
+void Profile::post_parse_profile(void)
+{
+ /* semantic check stuff that can't be done in parse, like flags */
+ if (flags.flags & FLAG_INTERRUPTIBLE) {
+ if (!features_supports_flag_interruptible) {
+ warn_once(name, "flag interruptible not supported. Ignoring");
+ /* TODO: don't clear in parse data, only at encode */
+ flags.flags &= ~FLAG_INTERRUPTIBLE;
+ }
+ }
+ if (flags.signal) {
+ if (!features_supports_flag_signal) {
+ warn_once(name, "kill.signal not supported. Ignoring");
+ }
+ }
+ if (flags.error) {
+ if (!features_supports_flag_error) {
+ warn_once(name, "error flag not supported. Ignoring");
+ }
+ }
+ post_process_file_entries(this);
+ post_process_rule_entries(this);
+}
+
+void Profile::add_implied_rules(void)
+{
+ int error;
+
+ for (RuleList::iterator i = rule_ents.begin(); i != rule_ents.end(); i++) {
+ if ((*i)->skip())
+ continue;
+ (*i)->add_implied_rules(*this);
+ }
+
+ error = profile_add_hat_rules(this);
+ if (error) {
+ PERROR(_("ERROR adding hat access rule for profile %s\n"),
+ name);
+ //return error;
+ }
+
+}
+
+/* do we want to warn once/profile or just once per compile?? */
+void Profile::warn_once(const char *name, const char *msg)
+{
+ common_warn_once(name, msg, &warned_name);
+}
diff --git a/parser/profile.h b/parser/profile.h
index f54467c07ecc81cd605cd8ccf22545a91b430d83..2c13be17b9c16d0d857dedb3e02a34d648a7e6f4 100644
--- a/parser/profile.h
+++ b/parser/profile.h
@@ -15,6 +15,7 @@
#define __AA_PROFILE_H
#include <set>
+#include <vector>
#include <string>
#include <iostream>
@@ -23,6 +24,9 @@
#include "rule.h"
#include "libapparmor_re/aare_rules.h"
#include "network.h"
+#include "signal.h"
+#include "immunix.h"
+#include "perms.h"
class Profile;
@@ -62,9 +66,11 @@ enum profile_mode {
MODE_COMPLAIN = 2,
MODE_KILL = 3,
MODE_UNCONFINED = 4,
- MODE_CONFLICT = 5 /* greater than MODE_LAST */
+ MODE_PROMPT = 5,
+ MODE_DEFAULT_ALLOW = 6,
+ MODE_CONFLICT = 7 /* greater than MODE_LAST */
};
-#define MODE_LAST MODE_UNCONFINED
+#define MODE_LAST MODE_DEFAULT_ALLOW
static inline enum profile_mode operator++(enum profile_mode &mode)
{
@@ -83,6 +89,9 @@ static inline enum profile_mode merge_profile_mode(enum profile_mode l, enum pro
static inline uint32_t profile_mode_packed(enum profile_mode mode)
{
+ /* until dominance is fixed use unconfined mode for default_allow */
+ if (mode == MODE_DEFAULT_ALLOW)
+ mode = MODE_UNCONFINED;
/* kernel doesn't have an unspecified mode everything
* shifts down by 1
*/
@@ -110,12 +119,107 @@ static inline enum profile_mode str_to_mode(const char *str)
return MODE_UNSPECIFIED;
};
+static struct {
+ const char *name;
+ int code;
+} errnos[] = {
+ #include "errnos.h"
+};
+static const int errnos_len = sizeof(errnos) / sizeof(errnos[0]);
+
+static int find_error_code_mapping(const char *name)
+{
+ for (int i = 0; i < errnos_len; i++) {
+ if (strcasecmp(errnos[i].name, name) == 0)
+ return errnos[i].code;
+ }
+ return -1;
+}
+
+static const char *find_error_name_mapping(int code)
+{
+ for (int i = 0; i < errnos_len; i++) {
+ if (errnos[i].code == code)
+ return errnos[i].name;
+ }
+ return NULL;
+}
+
+#define FLAG_HAT 1
+#define FLAG_DEBUG1 2
+#define FLAG_DEBUG2 4
+#define FLAG_INTERRUPTIBLE 8
+#define FLAG_PROMPT_COMPAT 0x10
+
+/* sigh, used in parse union so needs trivial constructors. */
class flagvals {
public:
- int hat;
+ int flags;
enum profile_mode mode;
int audit;
int path;
+ char *disconnected_path;
+ int signal;
+ int error;
+
+ // stupid not constructor constructors
+ void init(void)
+ {
+ flags = 0;
+ mode = MODE_UNSPECIFIED;
+ audit = 0;
+ path = 0;
+ disconnected_path = NULL;
+ signal = 0;
+ error = 0;
+ }
+ void init(const char *str)
+ {
+ init();
+ enum profile_mode pmode = str_to_mode(str);
+
+ if (strcmp(str, "debug") == 0) {
+ /* DEBUG2 is left for internal compiler use atm */
+ flags |= FLAG_DEBUG1;
+ } else if (pmode) {
+ mode = pmode;
+ } else if (strcmp(str, "audit") == 0) {
+ audit = 1;
+ } else if (strcmp(str, "chroot_relative") == 0) {
+ path |= PATH_CHROOT_REL;
+ } else if (strcmp(str, "namespace_relative") == 0) {
+ path |= PATH_NS_REL;
+ } else if (strcmp(str, "mediate_deleted") == 0) {
+ path |= PATH_MEDIATE_DELETED;
+ } else if (strcmp(str, "delegate_deleted") == 0) {
+ path |= PATH_DELEGATE_DELETED;
+ } else if (strcmp(str, "attach_disconnected") == 0) {
+ path |= PATH_ATTACH;
+ } else if (strcmp(str, "no_attach_disconnected") == 0) {
+ path |= PATH_NO_ATTACH;
+ } else if (strcmp(str, "chroot_attach") == 0) {
+ path |= PATH_CHROOT_NSATTACH;
+ } else if (strcmp(str, "chroot_no_attach") == 0) {
+ path |= PATH_CHROOT_NO_ATTACH;
+ } else if (strncmp(str, "attach_disconnected.path=", 25) == 0) {
+ /* TODO: make this a proper parse */
+ path |= PATH_ATTACH;
+ disconnected_path = strdup(str + 25);
+ } else if (strncmp(str, "kill.signal=", 12) == 0) {
+ /* TODO: make this a proper parse */
+ signal = find_signal_mapping(str + 12);
+ if (signal == -1)
+ yyerror("unknown signal specified for kill.signal=\'%s\'\n", str + 12);
+ } else if (strncmp(str, "error=", 6) == 0) {
+ error = find_error_code_mapping(str + 6);
+ if (error == -1)
+ yyerror("unknown error code specified for error=\'%s\'\n", str + 6);
+ } else if (strcmp(str, "interruptible") == 0) {
+ flags |= FLAG_INTERRUPTIBLE;
+ } else {
+ yyerror(_("Invalid profile flag: %s."), str);
+ }
+ }
ostream &dump(ostream &os)
{
@@ -124,9 +228,19 @@ public:
if (audit)
os << ", Audit";
- if (hat)
+ if (flags & FLAG_HAT)
os << ", Hat";
+ if (disconnected_path)
+ os << ", attach_disconnected.path=" << disconnected_path;
+ if (signal)
+ os << ", kill.signal=" << signal;
+ if (error)
+ os << ", error=" << find_error_name_mapping(error);
+
+ if (flags & FLAG_PROMPT_COMPAT)
+ os << ", prompt_dev";
+
os << "\n";
return os;
@@ -140,6 +254,69 @@ public:
#endif
}
+ /* warning for now disconnected_path is just passed on (not copied),
+ * or leaked on error. It is not freed here, It is freed when the
+ * profile destroys it self.
+ */
+ void merge(const flagvals &rhs)
+ {
+ if (merge_profile_mode(mode, rhs.mode) == MODE_CONFLICT)
+ yyerror(_("Profile flag '%s' conflicts with '%s'"),
+ profile_mode_table[mode],
+ profile_mode_table[rhs.mode]);
+ mode = merge_profile_mode(mode, rhs.mode);
+ audit = audit || rhs.audit;
+ path = path | rhs.path;
+ if ((path & (PATH_CHROOT_REL | PATH_NS_REL)) ==
+ (PATH_CHROOT_REL | PATH_NS_REL))
+ yyerror(_("Profile flag chroot_relative conflicts with namespace_relative"));
+
+ if ((path & (PATH_MEDIATE_DELETED | PATH_DELEGATE_DELETED)) ==
+ (PATH_MEDIATE_DELETED | PATH_DELEGATE_DELETED))
+ yyerror(_("Profile flag mediate_deleted conflicts with delegate_deleted"));
+ if ((path & (PATH_ATTACH | PATH_NO_ATTACH)) ==
+ (PATH_ATTACH | PATH_NO_ATTACH))
+ yyerror(_("Profile flag attach_disconnected conflicts with no_attach_disconnected"));
+ if ((path & (PATH_CHROOT_NSATTACH | PATH_CHROOT_NO_ATTACH)) ==
+ (PATH_CHROOT_NSATTACH | PATH_CHROOT_NO_ATTACH))
+ yyerror(_("Profile flag chroot_attach conflicts with chroot_no_attach"));
+
+ if (rhs.disconnected_path) {
+ if (disconnected_path) {
+ if (strcmp(disconnected_path, rhs.disconnected_path) != 0) {
+ yyerror(_("Profile flag attach_disconnected set to conflicting values: '%s' and '%s'"), disconnected_path, rhs.disconnected_path);
+ }
+ // same ignore rhs.disconnect_path
+ } else {
+ disconnected_path = rhs.disconnected_path;
+ }
+ }
+ if (rhs.signal) {
+ if (signal) {
+ if (signal != rhs.signal) {
+ yyerror(_("Profile flag kill.signal set to conflicting values: '%d' and '%d'"), signal, rhs.signal);
+ }
+ // same so do nothing
+ } else {
+ signal = rhs.signal;
+ }
+ }
+ if (rhs.error) {
+ if (error) {
+ if (error != rhs.error) {
+ yyerror(_("Profile flag error set to conflicting values: '%s' and '%s'"), find_error_name_mapping(error), find_error_name_mapping(rhs.error));
+ }
+ // same so do nothing
+ } else {
+ error = rhs.error;
+ }
+ }
+
+
+ /* if we move to dupping disconnected_path will need to have
+ * an assignment and copy constructor and a destructor
+ */
+ }
};
struct capabilities {
@@ -167,12 +344,14 @@ struct dfa_stuff {
aare_rules *rules;
void *dfa;
size_t size;
-
+ size_t file_start; /* special start in welded dfa */
+ vector <aa_perms> perms_table;
dfa_stuff(void): rules(NULL), dfa(NULL), size(0) { }
};
class Profile {
public:
+ bool uses_prompt_rules;
char *ns;
char *name;
char *attachment;
@@ -180,20 +359,18 @@ public:
void *xmatch;
size_t xmatch_size;
int xmatch_len;
-
+ vector <aa_perms> xmatch_perms_table;
struct cond_entry_list xattrs;
/* char *sub_name; */ /* subdomain name or NULL */
/* int default_deny; */ /* TRUE or FALSE */
- int local;
- int local_mode; /* true if local, not hat */
- int local_audit;
+ bool local;
Profile *parent;
flagvals flags;
struct capabilities caps;
- struct network net;
+ network_rule net;
struct aa_rlimits rlimits;
@@ -208,6 +385,7 @@ public:
Profile(void)
{
+ uses_prompt_rules = false;
ns = name = attachment = NULL;
altnames = NULL;
xmatch = NULL;
@@ -217,11 +395,9 @@ public:
xattrs.list = NULL;
xattrs.name = NULL;
- local = local_mode = local_audit = 0;
-
parent = NULL;
- flags = { 0, MODE_UNSPECIFIED, 0, 0 };
+ flags.init();
rlimits = {0, {}};
std::fill(exec_table, exec_table + AA_EXEC_COUNT, (char *)NULL);
@@ -245,6 +421,12 @@ public:
return strcmp(name, rhs.name) < 0;
}
+ /*
+ * Requires the merged rules have customized methods
+ * cmp(), is_mergeable() and merge()
+ */
+ virtual int merge_rules(void);
+
void dump(void)
{
if (ns)
@@ -255,16 +437,13 @@ public:
else
printf("Name:\t\t<NULL>\n");
- if (local) {
- if (parent)
- printf("Local To:\t%s\n", parent->name);
- else
- printf("Local To:\t<NULL>\n");
- }
+ if (parent)
+ printf("Local To:\t%s\n", parent->name);
+ else
+ printf("Local To:\t<NULL>\n");
flags.dump(cerr);
caps.dump();
- net.dump();
if (entries)
debug_cod_entries(entries);
@@ -277,8 +456,6 @@ public:
hat_table.dump();
}
- bool alloc_net_table();
-
std::string hname(void)
{
if (!parent)
@@ -308,6 +485,13 @@ public:
{
cout << get_name(fqp);;
}
+
+ void post_parse_profile(void);
+ void add_implied_rules(void);
+
+protected:
+ const char *warned_name = NULL;
+ virtual void warn_once(const char *name, const char *msg);
};
diff --git a/parser/ptrace.cc b/parser/ptrace.cc
index d13a7fadefcfe8d8cb1b5589cd2af05df97fbb21..2580f0aec9c09ffbf0fd3be1c62ce83a2b913b57 100644
--- a/parser/ptrace.cc
+++ b/parser/ptrace.cc
@@ -24,9 +24,9 @@
#include <string>
#include <sstream>
-int parse_ptrace_mode(const char *str_mode, int *mode, int fail)
+int parse_ptrace_perms(const char *str_perms, perm32_t *perms, int fail)
{
- return parse_X_mode("ptrace", AA_VALID_PTRACE_PERMS, str_mode, mode, fail);
+ return parse_X_perms("ptrace", AA_VALID_PTRACE_PERMS, str_perms, perms, fail);
}
void ptrace_rule::move_conditionals(struct cond_entry *conds)
@@ -47,15 +47,15 @@ void ptrace_rule::move_conditionals(struct cond_entry *conds)
}
}
-ptrace_rule::ptrace_rule(int mode_p, struct cond_entry *conds):
- peer_label(NULL), audit(0), deny(0)
+ptrace_rule::ptrace_rule(perm32_t perms_p, struct cond_entry *conds):
+ perms_rule_t(AA_CLASS_PTRACE), peer_label(NULL)
{
- if (mode_p) {
- if (mode_p & ~AA_VALID_PTRACE_PERMS)
- yyerror("mode contains invalid permissions for ptrace\n");
- mode = mode_p;
+ if (perms_p) {
+ if (perms_p & ~AA_VALID_PTRACE_PERMS)
+ yyerror("perms contains invalid permissions for ptrace\n");
+ perms = perms_p;
} else {
- mode = AA_VALID_PTRACE_PERMS;
+ perms = AA_VALID_PTRACE_PERMS;
}
move_conditionals(conds);
@@ -64,23 +64,19 @@ ptrace_rule::ptrace_rule(int mode_p, struct cond_entry *conds):
ostream &ptrace_rule::dump(ostream &os)
{
- if (audit)
- os << "audit ";
- if (deny)
- os << "deny ";
+ class_rule_t::dump(os);
- os << "ptrace";
-
- if (mode != AA_VALID_PTRACE_PERMS) {
+ /* override default perm dump */
+ if (perms != AA_VALID_PTRACE_PERMS) {
os << " (";
- if (mode & AA_MAY_READ)
+ if (perms & AA_MAY_READ)
os << "read ";
- if (mode & AA_MAY_READBY)
+ if (perms & AA_MAY_READBY)
os << "readby ";
- if (mode & AA_MAY_TRACE)
+ if (perms & AA_MAY_TRACE)
os << "trace ";
- if (mode & AA_MAY_TRACEDBY)
+ if (perms & AA_MAY_TRACEDBY)
os << "tracedby ";
os << ")";
}
@@ -136,9 +132,11 @@ int ptrace_rule::gen_policy_re(Profile &prof)
}
buf = buffer.str();
- if (mode & AA_VALID_PTRACE_PERMS) {
- if (!prof.policy.rules->add_rule(buf.c_str(), deny, mode, audit,
- dfaflags))
+ if (perms & AA_VALID_PTRACE_PERMS) {
+ if (!prof.policy.rules->add_rule(buf.c_str(), priority,
+ rule_mode, perms,
+ audit == AUDIT_FORCE ? perms : 0,
+ parseopts))
goto fail;
}
diff --git a/parser/ptrace.h b/parser/ptrace.h
index 8c320c076d68fe6adc5d0918f6cb751d7d0a0e73..3b76507d5e75d24fe00f10af9da29f1e9f44b795 100644
--- a/parser/ptrace.h
+++ b/parser/ptrace.h
@@ -27,17 +27,14 @@
#define AA_VALID_PTRACE_PERMS (AA_MAY_READ | AA_MAY_TRACE | AA_MAY_READBY | \
AA_MAY_TRACEDBY)
-int parse_ptrace_mode(const char *str_mode, int *mode, int fail);
+int parse_ptrace_perms(const char *str_perms, perm32_t *perms, int fail);
-class ptrace_rule: public rule_t {
+class ptrace_rule: public perms_rule_t {
void move_conditionals(struct cond_entry *conds);
public:
char *peer_label;
- int mode;
- int audit;
- int deny;
- ptrace_rule(int mode, struct cond_entry *conds);
+ ptrace_rule(perm32_t perms, struct cond_entry *conds);
virtual ~ptrace_rule()
{
free(peer_label);
@@ -46,7 +43,24 @@ public:
virtual ostream &dump(ostream &os);
virtual int expand_variables(void);
virtual int gen_policy_re(Profile &prof);
- virtual void post_process(Profile &prof unused) { };
+
+ virtual bool valid_prefix(const prefixes &p, const char *&error) {
+ if (p.owner != OWNER_UNSPECIFIED) {
+ error = "owner prefix not allowed on ptrace rules";
+ return false;
+ }
+ return true;
+ };
+
+ virtual bool is_mergeable(void) { return true; }
+ virtual int cmp(rule_t const &rhs) const
+ {
+ int res = perms_rule_t::cmp(rhs);
+ if (res)
+ return res;
+ return null_strcmp(peer_label,
+ (rule_cast<ptrace_rule const &>(rhs)).peer_label);
+ };
protected:
virtual void warn_once(const char *name) override;
diff --git a/parser/rc.apparmor.functions b/parser/rc.apparmor.functions
index f66fea4225bd0e5e38973e62d09ee10733251f80..2e017e6010200c585f6a8a50c805836401b4c17b 100644
--- a/parser/rc.apparmor.functions
+++ b/parser/rc.apparmor.functions
@@ -253,13 +253,14 @@ remove_profiles() {
retval=0
# We filter child profiles as removing the parent will remove
# the children
- sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | \
+ sed -e "s/ (\(enforce\|complain\|prompt\|kill\|unconfined\))$//" "$SFS_MOUNTPOINT/profiles" | \
LC_COLLATE=C sort | grep -v // | {
while read -r profile ; do
printf "%s" "$profile" > "$SFS_MOUNTPOINT/.remove"
rc=$?
if [ "$rc" -ne 0 ] ; then
retval=$rc
+ aa_log_failure_msg "Unloading profile '$profile' failed"
fi
done
return "$retval"
diff --git a/parser/rule.cc b/parser/rule.cc
index d30fef28dd7423c9a588022ca2b1efc36e24c2e7..e4fff0b6909353834f6febc0f9318abe9e68dd22 100644
--- a/parser/rule.cc
+++ b/parser/rule.cc
@@ -19,6 +19,43 @@
#include "parser.h"
#include <iostream>
+const char *aa_class_table[] = {
+ "nullcond",
+ "unknown",
+ "file",
+ "capability",
+ "network",
+ "rlimit",
+ "domain",
+ "mount",
+ "unknown8",
+ "ptrace",
+ "signal",
+ "xmatch",
+ "env",
+ "argv",
+ "network",
+ "unknown15",
+ "label",
+ "mqueue",
+ "mqueue",
+ "module",
+ "display_lsm",
+ "userns",
+ "io_uring",
+ "unknown23",
+ "unknown24",
+ "unknown25",
+ "unknown26",
+ "unknown27",
+ "unknown28",
+ "unknown29",
+ "unknown30",
+ "X",
+ "dbus",
+ NULL
+};
+
std::ostream &operator<<(std::ostream &os, rule_t &rule)
{
return rule.dump(os);
diff --git a/parser/rule.h b/parser/rule.h
index 73e0175af8d26aa8b08c7e1eb8d8c33233dbee76..64a5f471c6147302c7563963d026db5fb97c42a6 100644
--- a/parser/rule.h
+++ b/parser/rule.h
@@ -18,26 +18,134 @@
#ifndef __AA_RULE_H
#define __AA_RULE_H
+#include <cstdint>
#include <list>
#include <ostream>
+#include "perms.h"
#include "policydb.h"
+using namespace std;
+
+#define PROMPT_COMPAT_UNKNOWN 0
+#define PROMPT_COMPAT_IGNORE 1
+#define PROMPT_COMPAT_PERMSV2 2
+#define PROMPT_COMPAT_DEV 3
+#define PROMPT_COMPAT_FLAG 4
+#define PROMPT_COMPAT_PERMSV1 5
+
+
class Profile;
#define RULE_NOT_SUPPORTED 0
#define RULE_ERROR -1
#define RULE_OK 1
+#define RULE_TYPE_RULE 0
+#define RULE_TYPE_PREFIX 1
+#define RULE_TYPE_PERMS 2
+#define RULE_TYPE_ALL 3
+// RULE_TYPE_CLASS needs to be last because various class follow it
+#define RULE_TYPE_CLASS 4
+
+// rule_cast should only be used after a comparison of rule_type to ensure
+// that it is valid. Change to dynamic_cast for debugging
+//#define rule_cast dynamic_cast
+#define rule_cast static_cast
+
+typedef enum { RULE_FLAG_NONE = 0,
+ RULE_FLAG_DELETED = 1, // rule deleted - skip
+ RULE_FLAG_MERGED = 2, // rule merged with another rule
+ RULE_FLAG_EXPANDED = 4, // variable expanded
+ RULE_FLAG_SUB = 8, // rule expanded to subrule(s)
+ RULE_FLAG_IMPLIED = 16, // rule not specified in policy but
+ // added because it is implied
+} rule_flags_t;
+
+inline rule_flags_t operator|(rule_flags_t a, rule_flags_t b)
+{
+ return static_cast<rule_flags_t>(static_cast<unsigned int>(a) | static_cast<unsigned int>(b));
+}
+
+inline rule_flags_t operator&(rule_flags_t a, rule_flags_t b)
+{
+ return static_cast<rule_flags_t>(static_cast<unsigned int>(a) & static_cast<unsigned int>(b));
+}
+
+inline rule_flags_t& operator|=(rule_flags_t &a, const rule_flags_t &b)
+{
+ a = a | b;
+ return a;
+}
+
class rule_t {
public:
+ int rule_type;
+ rule_flags_t flags;
+
+ rule_t *removed_by;
+
+ rule_t(int t): rule_type(t), flags(RULE_FLAG_NONE), removed_by(NULL) { }
virtual ~rule_t() { };
+ bool is_type(int type) { return rule_type == type; }
+
+ // rule has been marked as should be skipped by regular processing
+ bool skip()
+ {
+ return (flags & RULE_FLAG_DELETED);
+ }
//virtual bool operator<(rule_t const &rhs)const = 0;
virtual std::ostream &dump(std::ostream &os) = 0;
+
+ // Follow methods in order of being called by the parse
+
+ // called when profile is finished parsing
+ virtual void post_parse_profile(Profile &prof __attribute__ ((unused))) { };
+
+ // called before final expansion of variables. So implied rules
+ // can reference variables
+ virtual void add_implied_rules(Profile &prof __attribute__ ((unused))) { };
+
+ // currently only called post parse
+ // needs to change to being interatively called during parse
+ // to support expansion in include names and profile names
virtual int expand_variables(void) = 0;
+
+ virtual int cmp(rule_t const &rhs) const {
+ return rule_type - rhs.rule_type;
+ }
+ virtual bool operator<(rule_t const &rhs) const {
+ return cmp(rhs) < 0;
+ }
+ // called by duplicate rule merge/elimination after final expand_vars
+ // to get default rule dedup
+ // child object need to provide
+ // - cmp, operator<
+ // - is_mergeable() returning true
+ // if a child object wants to provide merging of permissions,
+ // it needs to provide a custom cmp fn that doesn't include
+ // permissions and a merge routine that does more than flagging
+ // as dup as below
+ virtual bool is_mergeable(void) { return false; }
+
+ // returns true if merged
+ virtual bool merge(rule_t &rhs)
+ {
+ if (rule_type != rhs.rule_type)
+ return false;
+ if (skip() || rhs.skip())
+ return false;
+ // default merge is just dedup
+ flags |= RULE_FLAG_MERGED;
+ rhs.flags |= (RULE_FLAG_MERGED | RULE_FLAG_DELETED);
+ rhs.removed_by = this;
+
+ return true;
+ };
+
+ // called late frontend to generate data for regex backend
virtual int gen_policy_re(Profile &prof) = 0;
- virtual void post_process(Profile &prof) = 0;
protected:
const char *warned_name = NULL;
@@ -51,5 +159,318 @@ std::ostream &operator<<(std::ostream &os, rule_t &rule);
typedef std::list<rule_t *> RuleList;
+/* Not classes so they can be used in the bison front end */
+typedef enum { AUDIT_UNSPECIFIED, AUDIT_FORCE, AUDIT_QUIET } audit_t;
+typedef enum { RULE_UNSPECIFIED, RULE_ALLOW, RULE_DENY, RULE_PROMPT } rule_mode_t;
+typedef enum { OWNER_UNSPECIFIED, OWNER_SPECIFIED, OWNER_NOT } owner_t;
+
+
+/* NOTE: we can not have a constructor for class prefixes. This is
+ * because it will break bison, and we would need to transition to
+ * the C++ bison bindings. Instead get around this by using a
+ * special rule class that inherits prefixes and handles the
+ * contruction
+ */
+class prefixes {
+public:
+ int priority;
+ audit_t audit;
+ rule_mode_t rule_mode;
+ owner_t owner;
+
+ ostream &dump(ostream &os)
+ {
+ bool output = true;
+
+ if (priority != 0)
+ os << "priority=" << priority << " ";
+ switch (audit) {
+ case AUDIT_FORCE:
+ os << "audit";
+ break;
+ case AUDIT_QUIET:
+ os << "quiet";
+ break;
+ default:
+ output = false;
+ }
+
+ switch (rule_mode) {
+ case RULE_ALLOW:
+ if (output)
+ os << " ";
+
+ os << "allow";
+ output = true;
+ break;
+ case RULE_DENY:
+ if (output)
+ os << " ";
+
+ os << "deny";
+ output = true;
+ break;
+ case RULE_PROMPT:
+ if (output)
+ os << " ";
+
+ os << "prompt";
+ output = true;
+ break;
+ default:
+ break;
+ }
+
+ switch (owner) {
+ case OWNER_SPECIFIED:
+ if (output)
+ os << " ";
+ os << "owner";
+ output = true;
+ break;
+ case OWNER_NOT:
+ if (output)
+ os << " ";
+ os << "!owner";
+ output = true;
+ break;
+ default:
+ break;
+ }
+
+ if (output)
+ os << " ";
+
+ return os;
+ }
+
+ int cmp(prefixes const &rhs) const {
+ int tmp = priority - rhs.priority;
+ if (tmp != 0)
+ return tmp;
+ tmp = (int) audit - (int) rhs.audit;
+ if (tmp != 0)
+ return tmp;
+ tmp = (int) rule_mode - (int) rhs.rule_mode;
+ if (tmp != 0)
+ return tmp;
+ if ((unsigned int) owner < (unsigned int) rhs.owner)
+ return -1;
+ if ((unsigned int) owner > (unsigned int) rhs.owner)
+ return 1;
+ return 0;
+ }
+
+ bool operator<(prefixes const &rhs) const {
+ if (cmp(rhs) < 0)
+ return true;
+ return false;
+ }
+};
+
+class prefix_rule_t: public rule_t, public prefixes {
+public:
+ prefix_rule_t(int t = RULE_TYPE_PREFIX) : rule_t(t)
+ {
+ /* Must construct prefix here see note on prefixes */
+ priority = 0;
+ audit = AUDIT_UNSPECIFIED;
+ rule_mode = RULE_UNSPECIFIED;
+ owner = OWNER_UNSPECIFIED;
+ };
+
+ virtual bool valid_prefix(const prefixes &p, const char *&error) = 0;
+
+ virtual bool add_prefix(const prefixes &p, const char *&error) {
+ if (!valid_prefix(p, error))
+ return false;
+
+ // priority does NOT conflict but allowed at the block
+ // level yet. priority at the block level applies to
+ // the entire block, but only for the level of rules
+ // it is at.
+ // priority within the block arranges order of rules
+ // within the block.
+ if (priority != 0) {
+ error = "priority levels not supported";
+ return false;
+ }
+ priority = p.priority;
+
+ /* audit conflicts */
+ if (p.audit != AUDIT_UNSPECIFIED) {
+ if (audit != AUDIT_UNSPECIFIED &&
+ audit != p.audit) {
+ error = "conflicting audit prefix";
+ return false;
+ }
+// audit = p.audit;
+ }
+
+ /* allow deny conflicts */
+ if (p.rule_mode != RULE_UNSPECIFIED) {
+ if (rule_mode != RULE_UNSPECIFIED &&
+ rule_mode != p.rule_mode) {
+ error = "conflicting mode prefix";
+ return false;
+ }
+ rule_mode = p.rule_mode;
+ }
+
+ /* owner !owner conflicts */
+ if (p.owner) {
+ if (owner != OWNER_UNSPECIFIED &&
+ owner != p.owner) {
+ error = "conflicting owner prefix";
+ return false;
+ }
+ owner = p.owner;
+ }
+
+ /* TODO: MOVE this ! */
+ /* does the prefix imply a modifier */
+ if (p.rule_mode == RULE_DENY && p.audit == AUDIT_FORCE) {
+ rule_mode = RULE_DENY;
+ } else if (p.rule_mode == RULE_DENY) {
+ rule_mode = RULE_DENY;
+ audit = AUDIT_FORCE;
+ } else if (p.audit != AUDIT_UNSPECIFIED) {
+ audit = p.audit;
+ }
+
+ return true;
+ }
+ virtual bool add_prefix(const prefixes &p) {
+ const char *err;
+ return add_prefix(p, err);
+ }
+
+ int cmp(prefixes const &rhs) const {
+ return prefixes::cmp(rhs);
+ }
+
+ virtual bool operator<(prefixes const &rhs) const {
+ const prefixes *ptr = this;
+ return *ptr < rhs;
+ }
+
+ virtual int cmp(rule_t const &rhs) const {
+ int res = rule_t::cmp(rhs);
+ if (res)
+ return res;
+ prefix_rule_t const &pr = rule_cast<prefix_rule_t const &>(rhs);
+ const prefixes *lhsptr = this, *rhsptr = ≺
+ return lhsptr->cmp(*rhsptr);
+ }
+
+ virtual bool operator<(rule_t const &rhs) const {
+ if (rule_type < rhs.rule_type)
+ return true;
+ if (rhs.rule_type < rule_type)
+ return false;
+ prefix_rule_t const &pr = rule_cast<prefix_rule_t const &>(rhs);
+ const prefixes *rhsptr = ≺
+ return *this < *rhsptr;
+ }
+
+ virtual ostream &dump(ostream &os) {
+ prefixes::dump(os);
+
+ return os;
+ }
+
+};
+
+/* NOTE: rule_type is RULE_TYPE_CLASS + AA_CLASS */
+class class_rule_t: public prefix_rule_t {
+public:
+ class_rule_t(int c): prefix_rule_t(RULE_TYPE_CLASS + c) { }
+
+ int aa_class(void) { return rule_type - RULE_TYPE_CLASS; }
+
+ /* inherit cmp */
+
+ /* we do not inherit operator< from so class_rules children
+ * can in herit the generic one that redirects to cmp()
+ * that does get overriden
+ */
+ virtual bool operator<(rule_t const &rhs) const {
+ return cmp(rhs) < 0;
+ }
+
+ virtual ostream &dump(ostream &os) {
+ prefix_rule_t::dump(os);
+
+ os << aa_class_table[aa_class()];
+
+ return os;
+ }
+
+};
+
+/* same as perms_rule_t except enable rule merging instead of just dedup
+ * original permission set is saved off
+ */
+class perms_rule_t: public class_rule_t {
+public:
+ perms_rule_t(int c): class_rule_t(c), perms(0), saved(0) { };
+
+ virtual int cmp(rule_t const &rhs) const {
+ /* don't compare perms so they can be merged */
+ return class_rule_t::cmp(rhs);
+ }
+
+ virtual bool merge(rule_t &rhs)
+ {
+ int res = class_rule_t::merge(rhs);
+ if (!res)
+ return res;
+ if (!saved)
+ saved = perms;
+ perms |= (rule_cast<perms_rule_t const &>(rhs)).perms;
+ return true;
+ };
+
+ /* defaut perms, override/mask off if none default used */
+ virtual ostream &dump(ostream &os) {
+ class_rule_t::dump(os);
+
+ if (saved)
+ os << "(0x" << hex << perms << "/orig " << saved << ") ";
+ else
+ os << "(0x" << hex << perms << ") ";
+
+ return os;
+ }
+
+ perm32_t perms, saved;
+};
+
+// alternate perms rule class that only does dedup instead of perms merging
+class dedup_perms_rule_t: public class_rule_t {
+public:
+ dedup_perms_rule_t(int c): class_rule_t(c), perms(0) { };
+
+ virtual int cmp(rule_t const &rhs) const {
+ int res = class_rule_t::cmp(rhs);
+ if (res)
+ return res;
+ return perms - (rule_cast<perms_rule_t const &>(rhs)).perms;
+ }
+
+ // inherit default merge which does dedup
+
+ /* defaut perms, override/mask off if none default used */
+ virtual ostream &dump(ostream &os) {
+ class_rule_t::dump(os);
+
+ os << "(0x" << hex << perms << ") ";
+ return os;
+ }
+
+ perm32_t perms;
+};
+
+
#endif /* __AA_RULE_H */
diff --git a/parser/signal.cc b/parser/signal.cc
index c80dab6fbf419fdaae5cb34e3592827343c6edd6..4133513ea5981986edf2260e5a2000242fdf3bd3 100644
--- a/parser/signal.cc
+++ b/parser/signal.cc
@@ -116,12 +116,12 @@ static const char *const sig_names[MAXMAPPED_SIG + 1] = {
};
-int parse_signal_mode(const char *str_mode, int *mode, int fail)
+int parse_signal_perms(const char *str_perms, perm32_t *perms, int fail)
{
- return parse_X_mode("signal", AA_VALID_SIGNAL_PERMS, str_mode, mode, fail);
+ return parse_X_perms("signal", AA_VALID_SIGNAL_PERMS, str_perms, perms, fail);
}
-static int find_signal_mapping(const char *sig)
+int find_signal_mapping(const char *sig)
{
if (strncmp("rtmin+", sig, 6) == 0) {
char *end;
@@ -173,15 +173,15 @@ void signal_rule::move_conditionals(struct cond_entry *conds)
}
}
-signal_rule::signal_rule(int mode_p, struct cond_entry *conds):
- signals(), peer_label(NULL), audit(0), deny(0)
+signal_rule::signal_rule(perm32_t perms_p, struct cond_entry *conds):
+ perms_rule_t(AA_CLASS_SIGNAL), signals(), peer_label(NULL)
{
- if (mode_p) {
- mode = mode_p;
- if (mode & ~AA_VALID_SIGNAL_PERMS)
- yyerror("mode contains invalid permission for signals\n");
+ if (perms_p) {
+ perms = perms_p;
+ if (perms & ~AA_VALID_SIGNAL_PERMS)
+ yyerror("perms contains invalid permission for signals\n");
} else {
- mode = AA_VALID_SIGNAL_PERMS;
+ perms = AA_VALID_SIGNAL_PERMS;
}
move_conditionals(conds);
@@ -191,19 +191,14 @@ signal_rule::signal_rule(int mode_p, struct cond_entry *conds):
ostream &signal_rule::dump(ostream &os)
{
- if (audit)
- os << "audit ";
- if (deny)
- os << "deny ";
+ class_rule_t::dump(os);
- os << "signal";
-
- if (mode != AA_VALID_SIGNAL_PERMS) {
+ if (perms != AA_VALID_SIGNAL_PERMS) {
os << " (";
- if (mode & AA_MAY_SEND)
+ if (perms & AA_MAY_SEND)
os << "send ";
- if (mode & AA_MAY_RECEIVE)
+ if (perms & AA_MAY_RECEIVE)
os << "receive ";
os << ")";
}
@@ -235,6 +230,35 @@ int signal_rule::expand_variables(void)
return expand_entry_variables(&peer_label);
}
+static int cmp_set_int(Signals const &lhs, Signals const &rhs)
+{
+ int res = lhs.size() - rhs.size();
+ if (res)
+ return res;
+
+ for (Signals::iterator i = lhs.begin(),
+ j = rhs.begin();
+ i != lhs.end(); i++, j++) {
+ res = *i - *j;
+ if (res)
+ return res;
+ }
+
+ return 0;
+}
+
+int signal_rule::cmp(rule_t const &rhs) const
+{
+ int res = perms_rule_t::cmp(rhs);
+ if (res)
+ return res;
+ signal_rule const &trhs = rule_cast<signal_rule const &>(rhs);
+ res = null_strcmp(peer_label, trhs.peer_label);
+ if (res)
+ return res;
+ return cmp_set_int(signals, trhs.signals);
+}
+
void signal_rule::warn_once(const char *name)
{
rule_t::warn_once(name, "signal rules not enforced");
@@ -291,9 +315,11 @@ int signal_rule::gen_policy_re(Profile &prof)
}
buf = buffer.str();
- if (mode & (AA_MAY_SEND | AA_MAY_RECEIVE)) {
- if (!prof.policy.rules->add_rule(buf.c_str(), deny, mode, audit,
- dfaflags))
+ if (perms & (AA_MAY_SEND | AA_MAY_RECEIVE)) {
+ if (!prof.policy.rules->add_rule(buf.c_str(), priority,
+ rule_mode,
+ perms, audit == AUDIT_FORCE ? perms : 0,
+ parseopts))
goto fail;
}
diff --git a/parser/signal.h b/parser/signal.h
index b73aeb68a138de8db92626bf3bf72c2a1171907c..a670eb2c3bbe9ac8e0c42b28523053d58545b7d9 100644
--- a/parser/signal.h
+++ b/parser/signal.h
@@ -31,28 +31,35 @@
typedef set<int> Signals;
-int parse_signal_mode(const char *str_mode, int *mode, int fail);
+int find_signal_mapping(const char *sig);
+int parse_signal_perms(const char *str_perms, perm32_t *perms, int fail);
-class signal_rule: public rule_t {
+class signal_rule: public perms_rule_t {
void extract_sigs(struct value_list **list);
void move_conditionals(struct cond_entry *conds);
public:
Signals signals;
char *peer_label;
- int mode;
- int audit;
- int deny;
- signal_rule(int mode, struct cond_entry *conds);
+ signal_rule(perm32_t perms, struct cond_entry *conds);
virtual ~signal_rule() {
signals.clear();
free(peer_label);
};
+ virtual bool valid_prefix(const prefixes &p, const char *&error) {
+ if (p.owner != OWNER_UNSPECIFIED) {
+ error = "owner prefix not allowed on signal rules";
+ return false;
+ }
+ return true;
+ };
virtual ostream &dump(ostream &os);
virtual int expand_variables(void);
virtual int gen_policy_re(Profile &prof);
- virtual void post_process(Profile &prof unused) { };
+
+ virtual bool is_mergeable(void) { return true; }
+ virtual int cmp(rule_t const &rhs) const;
protected:
virtual void warn_once(const char *name) override;
diff --git a/parser/techdoc.aux b/parser/techdoc.aux
deleted file mode 100644
index 6ac81354f5d4793cffa10e1d01decb857d6a4f81..0000000000000000000000000000000000000000
--- a/parser/techdoc.aux
+++ /dev/null
@@ -1,66 +0,0 @@
-\relax
-\providecommand\hyper@newdestlabel[2]{}
-\providecommand\HyperFirstAtBeginDocument{\AtBeginDocument}
-\HyperFirstAtBeginDocument{\ifx\hyper@anchor\@undefined
-\global\let\oldcontentsline\contentsline
-\gdef\contentsline#1#2#3#4{\oldcontentsline{#1}{#2}{#3}}
-\global\let\oldnewlabel\newlabel
-\gdef\newlabel#1#2{\newlabelxx{#1}#2}
-\gdef\newlabelxx#1#2#3#4#5#6{\oldnewlabel{#1}{{#2}{#3}}}
-\AtEndDocument{\ifx\hyper@anchor\@undefined
-\let\contentsline\oldcontentsline
-\let\newlabel\oldnewlabel
-\fi}
-\fi}
-\global\let\hyper@last\relax
-\gdef\HyperFirstAtBeginDocument#1{#1}
-\providecommand\HyField@AuxAddToFields[1]{}
-\providecommand\HyField@AuxAddToCoFields[2]{}
-\citation{apparmor}
-\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{2}{section.1}\protected@file@percent }
-\@writefile{toc}{\contentsline {section}{\numberline {2}Overview}{2}{section.2}\protected@file@percent }
-\newlabel{sec:overview}{{2}{2}{Overview}{section.2}{}}
-\@writefile{toc}{\contentsline {section}{\numberline {3}The AppArmor Security Model}{3}{section.3}\protected@file@percent }
-\newlabel{sec:model}{{3}{3}{The AppArmor Security Model}{section.3}{}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.1}Symbolic Links}{3}{subsection.3.1}\protected@file@percent }
-\citation{ols06-pai}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.2}Namespaces}{4}{subsection.3.2}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.3}Disconnected Files and Pseudo File Systems}{4}{subsection.3.3}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.4}Mount}{5}{subsection.3.4}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.5}The Kernel NFS Daemon}{5}{subsection.3.5}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.6}Why are the computed pathnames meaningful?}{5}{subsection.3.6}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.7}Path Permission Checking}{6}{subsection.3.7}\protected@file@percent }
-\@writefile{lot}{\contentsline {table}{\numberline {1}{\ignorespaces File Access Permissions in Profiles}}{7}{table.1}\protected@file@percent }
-\newlabel{tab:permissions}{{1}{7}{File Access Permissions in Profiles}{table.1}{}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.8}Profile Permissions}{7}{subsection.3.8}\protected@file@percent }
-\newlabel{sec:permissions}{{3.8}{7}{Profile Permissions}{subsection.3.8}{}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.9}System Calls Taking File Handles, At System Calls}{8}{subsection.3.9}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.10}File Descriptor Passing and Revalidation}{8}{subsection.3.10}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.11}Deleted Files}{8}{subsection.3.11}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.12}The access System Call}{9}{subsection.3.12}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.13}The ptrace System Call}{9}{subsection.3.13}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.14}Secure Execution}{9}{subsection.3.14}\protected@file@percent }
-\newlabel{sec:secure-exec}{{3.14}{9}{Secure Execution}{subsection.3.14}{}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.15}Exec Mode Merging in Profiles, Exact Matches}{10}{subsection.3.15}\protected@file@percent }
-\newlabel{sec:merging}{{3.15}{10}{Exec Mode Merging in Profiles, Exact Matches}{subsection.3.15}{}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.16}Capabilities}{10}{subsection.3.16}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.17}The sysctl System Call and /proc/sys}{10}{subsection.3.17}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.18}Subprofiles aka. Hats}{10}{subsection.3.18}\protected@file@percent }
-\citation{dragon86}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.19}Association of Profiles with Processes}{11}{subsection.3.19}\protected@file@percent }
-\newlabel{sec:association}{{3.19}{11}{Association of Profiles with Processes}{subsection.3.19}{}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.20}Profile Loading, Replacement, and Removal}{11}{subsection.3.20}\protected@file@percent }
-\@writefile{toc}{\contentsline {section}{\numberline {4}AppArmor Walk-Through}{12}{section.4}\protected@file@percent }
-\newlabel{sec:walk-through}{{4}{12}{AppArmor Walk-Through}{section.4}{}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}Kernel Patches and Configuration}{12}{subsection.4.1}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.2}The securityfs file system}{13}{subsection.4.2}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.3}Profile Loading}{13}{subsection.4.3}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.4}Anatomy of a Profile}{13}{subsection.4.4}\protected@file@percent }
-\@writefile{lot}{\contentsline {table}{\numberline {2}{\ignorespaces Globbing in File Access Rules. Alternation counts as an exact match in file access rules; all others count as wildcards (see Section\nobreakspace {}\ref {sec:merging}).}}{14}{table.2}\protected@file@percent }
-\newlabel{tab:globbing}{{2}{14}{Globbing in File Access Rules. Alternation counts as an exact match in file access rules; all others count as wildcards (see Section~\ref {sec:merging})}{table.2}{}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.5}Logging}{15}{subsection.4.5}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.6}Generating Profiles By Hand}{15}{subsection.4.6}\protected@file@percent }
-\bibcite{apparmor}{1}
-\bibcite{ols06-pai}{2}
-\bibcite{dragon86}{3}
-\gdef \@abspage@last{20}
diff --git a/parser/techdoc.log b/parser/techdoc.log
deleted file mode 100644
index 0335ef7050d31d6f5140ba6d5677c84032a2d9d4..0000000000000000000000000000000000000000
--- a/parser/techdoc.log
+++ /dev/null
@@ -1,279 +0,0 @@
-This is pdfTeX, Version 3.141592653-2.6-1.40.22 (TeX Live 2022/dev/Debian) (preloaded format=pdflatex 2023.5.30) 5 FEB 2024 13:49
-entering extended mode
- restricted \write18 enabled.
- %&-line parsing enabled.
-**\def\fixedpdfdate{20240202221305+0000}\input techdoc.tex
- (./techdoc.tex
-(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
-Document Class: article 2021/10/04 v1.4n Standard LaTeX document class
-(/usr/share/texlive/texmf-dist/tex/latex/base/size10.clo
-File: size10.clo 2021/10/04 v1.4n Standard LaTeX file (size option)
-)
-\c@part=\count185
-\c@section=\count186
-\c@subsection=\count187
-\c@subsubsection=\count188
-\c@paragraph=\count189
-\c@subparagraph=\count190
-\c@figure=\count191
-\c@table=\count192
-\abovecaptionskip=\skip47
-\belowcaptionskip=\skip48
-\bibindent=\dimen138
-)
-(/usr/share/texlive/texmf-dist/tex/latex/base/inputenc.sty
-Package: inputenc 2021/02/14 v1.3d Input encoding file
-\inpenc@prehook=\toks16
-\inpenc@posthook=\toks17
-)
-(/usr/share/texlive/texmf-dist/tex/latex/url/url.sty
-\Urlmuskip=\muskip16
-Package: url 2013/09/16 ver 3.4 Verb mode for urls, etc.
-)
-(/usr/share/texlive/texmf-dist/tex/latex/hyperref/hyperref.sty
-Package: hyperref 2021-06-07 v7.00m Hypertext links for LaTeX
-
-(/usr/share/texlive/texmf-dist/tex/generic/ltxcmds/ltxcmds.sty
-Package: ltxcmds 2020-05-10 v1.25 LaTeX kernel commands for general use (HO)
-)
-(/usr/share/texlive/texmf-dist/tex/generic/iftex/iftex.sty
-Package: iftex 2020/03/06 v1.0d TeX engine tests
-)
-(/usr/share/texlive/texmf-dist/tex/generic/pdftexcmds/pdftexcmds.sty
-Package: pdftexcmds 2020-06-27 v0.33 Utility functions of pdfTeX for LuaTeX (HO
-)
-
-(/usr/share/texlive/texmf-dist/tex/generic/infwarerr/infwarerr.sty
-Package: infwarerr 2019/12/03 v1.5 Providing info/warning/error messages (HO)
-)
-Package pdftexcmds Info: \pdf@primitive is available.
-Package pdftexcmds Info: \pdf@ifprimitive is available.
-Package pdftexcmds Info: \pdfdraftmode found.
-)
-(/usr/share/texlive/texmf-dist/tex/latex/graphics/keyval.sty
-Package: keyval 2014/10/28 v1.15 key=value parser (DPC)
-\KV@toks@=\toks18
-)
-(/usr/share/texlive/texmf-dist/tex/generic/kvsetkeys/kvsetkeys.sty
-Package: kvsetkeys 2019/12/15 v1.18 Key value parser (HO)
-)
-(/usr/share/texlive/texmf-dist/tex/generic/kvdefinekeys/kvdefinekeys.sty
-Package: kvdefinekeys 2019-12-19 v1.6 Define keys (HO)
-)
-(/usr/share/texlive/texmf-dist/tex/generic/pdfescape/pdfescape.sty
-Package: pdfescape 2019/12/09 v1.15 Implements pdfTeX's escape features (HO)
-)
-(/usr/share/texlive/texmf-dist/tex/latex/hycolor/hycolor.sty
-Package: hycolor 2020-01-27 v1.10 Color options for hyperref/bookmark (HO)
-)
-(/usr/share/texlive/texmf-dist/tex/latex/letltxmacro/letltxmacro.sty
-Package: letltxmacro 2019/12/03 v1.6 Let assignment for LaTeX macros (HO)
-)
-(/usr/share/texlive/texmf-dist/tex/latex/auxhook/auxhook.sty
-Package: auxhook 2019-12-17 v1.6 Hooks for auxiliary files (HO)
-)
-(/usr/share/texlive/texmf-dist/tex/latex/kvoptions/kvoptions.sty
-Package: kvoptions 2020-10-07 v3.14 Key value format for package options (HO)
-)
-\@linkdim=\dimen139
-\Hy@linkcounter=\count193
-\Hy@pagecounter=\count194
-
-(/usr/share/texlive/texmf-dist/tex/latex/hyperref/pd1enc.def
-File: pd1enc.def 2021-06-07 v7.00m Hyperref: PDFDocEncoding definition (HO)
-Now handling font encoding PD1 ...
-... no UTF-8 mapping file for font encoding PD1
-)
-(/usr/share/texlive/texmf-dist/tex/latex/hyperref/hyperref-langpatches.def
-File: hyperref-langpatches.def 2021-06-07 v7.00m Hyperref: patches for babel la
-nguages
-)
-(/usr/share/texlive/texmf-dist/tex/generic/intcalc/intcalc.sty
-Package: intcalc 2019/12/15 v1.3 Expandable calculations with integers (HO)
-)
-(/usr/share/texlive/texmf-dist/tex/generic/etexcmds/etexcmds.sty
-Package: etexcmds 2019/12/15 v1.7 Avoid name clashes with e-TeX commands (HO)
-)
-\Hy@SavedSpaceFactor=\count195
-
-(/usr/share/texlive/texmf-dist/tex/latex/hyperref/puenc.def
-File: puenc.def 2021-06-07 v7.00m Hyperref: PDF Unicode definition (HO)
-Now handling font encoding PU ...
-... no UTF-8 mapping file for font encoding PU
-)
-Package hyperref Info: Hyper figures OFF on input line 4192.
-Package hyperref Info: Link nesting OFF on input line 4197.
-Package hyperref Info: Hyper index ON on input line 4200.
-Package hyperref Info: Plain pages OFF on input line 4207.
-Package hyperref Info: Backreferencing OFF on input line 4212.
-Package hyperref Info: Implicit mode ON; LaTeX internals redefined.
-Package hyperref Info: Bookmarks ON on input line 4445.
-\c@Hy@tempcnt=\count196
-LaTeX Info: Redefining \url on input line 4804.
-\XeTeXLinkMargin=\dimen140
-
-(/usr/share/texlive/texmf-dist/tex/generic/bitset/bitset.sty
-Package: bitset 2019/12/09 v1.3 Handle bit-vector datatype (HO)
-
-(/usr/share/texlive/texmf-dist/tex/generic/bigintcalc/bigintcalc.sty
-Package: bigintcalc 2019/12/15 v1.5 Expandable calculations on big integers (HO
-)
-))
-\Fld@menulength=\count197
-\Field@Width=\dimen141
-\Fld@charsize=\dimen142
-Package hyperref Info: Hyper figures OFF on input line 6076.
-Package hyperref Info: Link nesting OFF on input line 6081.
-Package hyperref Info: Hyper index ON on input line 6084.
-Package hyperref Info: backreferencing OFF on input line 6091.
-Package hyperref Info: Link coloring OFF on input line 6096.
-Package hyperref Info: Link coloring with OCG OFF on input line 6101.
-Package hyperref Info: PDF/A mode OFF on input line 6106.
-LaTeX Info: Redefining \ref on input line 6146.
-LaTeX Info: Redefining \pageref on input line 6150.
-
-(/usr/share/texlive/texmf-dist/tex/latex/base/atbegshi-ltx.sty
-Package: atbegshi-ltx 2021/01/10 v1.0c Emulation of the original atbegshi
-package with kernel methods
-)
-\Hy@abspage=\count198
-\c@Item=\count199
-\c@Hfootnote=\count266
-)
-Package hyperref Info: Driver: hpdftex.
-
-(/usr/share/texlive/texmf-dist/tex/latex/hyperref/hpdftex.def
-File: hpdftex.def 2021-06-07 v7.00m Hyperref driver for pdfTeX
-
-(/usr/share/texlive/texmf-dist/tex/latex/base/atveryend-ltx.sty
-Package: atveryend-ltx 2020/08/19 v1.0a Emulation of the original atveryend pac
-kage
-with kernel methods
-)
-\Fld@listcount=\count267
-\c@bookmark@seq@number=\count268
-
-(/usr/share/texlive/texmf-dist/tex/latex/rerunfilecheck/rerunfilecheck.sty
-Package: rerunfilecheck 2019/12/05 v1.9 Rerun checks for auxiliary files (HO)
-
-(/usr/share/texlive/texmf-dist/tex/generic/uniquecounter/uniquecounter.sty
-Package: uniquecounter 2019/12/15 v1.4 Provide unlimited unique counter (HO)
-)
-Package uniquecounter Info: New unique counter `rerunfilecheck' on input line 2
-86.
-)
-\Hy@SectionHShift=\skip49
-)
-(/usr/share/texlive/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def
-File: l3backend-pdftex.def 2022-01-12 L3 backend support: PDF output (pdfTeX)
-\l__color_backend_stack_int=\count269
-\l__pdf_internal_box=\box50
-)
-(./techdoc.aux)
-\openout1 = `techdoc.aux'.
-
-LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 31.
-LaTeX Font Info: ... okay on input line 31.
-LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 31.
-LaTeX Font Info: ... okay on input line 31.
-LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 31.
-LaTeX Font Info: ... okay on input line 31.
-LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 31.
-LaTeX Font Info: ... okay on input line 31.
-LaTeX Font Info: Checking defaults for TS1/cmr/m/n on input line 31.
-LaTeX Font Info: ... okay on input line 31.
-LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 31.
-LaTeX Font Info: ... okay on input line 31.
-LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 31.
-LaTeX Font Info: ... okay on input line 31.
-LaTeX Font Info: Checking defaults for PD1/pdf/m/n on input line 31.
-LaTeX Font Info: ... okay on input line 31.
-LaTeX Font Info: Checking defaults for PU/pdf/m/n on input line 31.
-LaTeX Font Info: ... okay on input line 31.
-Package hyperref Info: Link coloring OFF on input line 31.
- (/usr/share/texlive/texmf-dist/tex/latex/hyperref/nameref.sty
-Package: nameref 2021-04-02 v2.47 Cross-referencing by name of section
-
-(/usr/share/texlive/texmf-dist/tex/latex/refcount/refcount.sty
-Package: refcount 2019/12/15 v3.6 Data extraction from label references (HO)
-)
-(/usr/share/texlive/texmf-dist/tex/generic/gettitlestring/gettitlestring.sty
-Package: gettitlestring 2019/12/15 v1.6 Cleanup title references (HO)
-)
-\c@section@level=\count270
-)
-LaTeX Info: Redefining \ref on input line 31.
-LaTeX Info: Redefining \pageref on input line 31.
-LaTeX Info: Redefining \nameref on input line 31.
-
-(./techdoc.out) (./techdoc.out)
-\@outlinefile=\write3
-\openout3 = `techdoc.out'.
-
-LaTeX Font Info: External font `cmex10' loaded for size
-(Font) <12> on input line 34.
-LaTeX Font Info: External font `cmex10' loaded for size
-(Font) <8> on input line 34.
-LaTeX Font Info: External font `cmex10' loaded for size
-(Font) <6> on input line 34.
- (./techdoc.toc
-LaTeX Font Info: External font `cmex10' loaded for size
-(Font) <7> on input line 4.
-LaTeX Font Info: External font `cmex10' loaded for size
-(Font) <5> on input line 4.
-)
-\tf@toc=\write4
-\openout4 = `techdoc.toc'.
-
- [1
-
-{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] [2] [3] [4] [5] [6] [7] [8
-] [9] [10] [11] [12] [13]
-LaTeX Font Info: Trying to load font information for OMS+cmr on input line 8
-89.
-
-(/usr/share/texlive/texmf-dist/tex/latex/base/omscmr.fd
-File: omscmr.fd 2019/12/16 v2.5j Standard LaTeX font definitions
-)
-LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <10> not available
-(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 889.
- [14] [15] [16]
-[17] [18] [19]
-Underfull \hbox (badness 1253) in paragraph at lines 1283--1285
-[]\OT1/cmr/m/n/10 AppArmor doc-u-men-ta-tion, []$\OT1/cmtt/m/n/10 http : / / ww
-w . novell . com / documentation /
- []
-
-[20] (./techdoc.aux)
-Package rerunfilecheck Info: File `techdoc.out' has not changed.
-(rerunfilecheck) Checksum: 7B3A8936EC7F2583BFC5DDA92F97A4A2;5538.
- )
-Here is how much of TeX's memory you used:
- 7473 strings out of 480247
- 118156 string characters out of 5896151
- 416357 words of memory out of 5000000
- 25296 multiletter control sequences out of 15000+600000
- 475140 words of font info for 49 fonts, out of 8000000 for 9000
- 16 hyphenation exceptions out of 8191
- 60i,8n,63p,416b,507s stack positions out of 5000i,500n,10000p,200000b,80000s
-</usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx10.pfb></us
-r/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.pfb></usr/shar
-e/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx8.pfb></usr/share/texli
-ve/texmf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb></usr/share/texlive/texm
-f-dist/fonts/type1/public/amsfonts/cm/cmr12.pfb></usr/share/texlive/texmf-dist/
-fonts/type1/public/amsfonts/cm/cmr17.pfb></usr/share/texlive/texmf-dist/fonts/t
-ype1/public/amsfonts/cm/cmr6.pfb></usr/share/texlive/texmf-dist/fonts/type1/pub
-lic/amsfonts/cm/cmr7.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsf
-onts/cm/cmr8.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/
-cmsy10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmti10
-.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt10.pfb><
-/usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt12.pfb></usr/s
-hare/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt8.pfb></usr/share/te
-xlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt9.pfb>
-Output written on techdoc.pdf (20 pages, 248503 bytes).
-PDF statistics:
- 375 PDF objects out of 1000 (max. 8388607)
- 318 compressed objects within 4 object streams
- 60 named destinations out of 1000 (max. 500000)
- 241 words of extra memory for PDF output out of 10000 (max. 10000000)
-
diff --git a/parser/techdoc.out b/parser/techdoc.out
deleted file mode 100644
index c95c05ffb0a38ffe6c5aec010ae78bee085a55ef..0000000000000000000000000000000000000000
--- a/parser/techdoc.out
+++ /dev/null
@@ -1,30 +0,0 @@
-\BOOKMARK [1][-]{section.1}{\376\377\000I\000n\000t\000r\000o\000d\000u\000c\000t\000i\000o\000n}{}% 1
-\BOOKMARK [1][-]{section.2}{\376\377\000O\000v\000e\000r\000v\000i\000e\000w}{}% 2
-\BOOKMARK [1][-]{section.3}{\376\377\000T\000h\000e\000\040\000A\000p\000p\000A\000r\000m\000o\000r\000\040\000S\000e\000c\000u\000r\000i\000t\000y\000\040\000M\000o\000d\000e\000l}{}% 3
-\BOOKMARK [2][-]{subsection.3.1}{\376\377\000S\000y\000m\000b\000o\000l\000i\000c\000\040\000L\000i\000n\000k\000s}{section.3}% 4
-\BOOKMARK [2][-]{subsection.3.2}{\376\377\000N\000a\000m\000e\000s\000p\000a\000c\000e\000s}{section.3}% 5
-\BOOKMARK [2][-]{subsection.3.3}{\376\377\000D\000i\000s\000c\000o\000n\000n\000e\000c\000t\000e\000d\000\040\000F\000i\000l\000e\000s\000\040\000a\000n\000d\000\040\000P\000s\000e\000u\000d\000o\000\040\000F\000i\000l\000e\000\040\000S\000y\000s\000t\000e\000m\000s}{section.3}% 6
-\BOOKMARK [2][-]{subsection.3.4}{\376\377\000M\000o\000u\000n\000t}{section.3}% 7
-\BOOKMARK [2][-]{subsection.3.5}{\376\377\000T\000h\000e\000\040\000K\000e\000r\000n\000e\000l\000\040\000N\000F\000S\000\040\000D\000a\000e\000m\000o\000n}{section.3}% 8
-\BOOKMARK [2][-]{subsection.3.6}{\376\377\000W\000h\000y\000\040\000a\000r\000e\000\040\000t\000h\000e\000\040\000c\000o\000m\000p\000u\000t\000e\000d\000\040\000p\000a\000t\000h\000n\000a\000m\000e\000s\000\040\000m\000e\000a\000n\000i\000n\000g\000f\000u\000l\000?}{section.3}% 9
-\BOOKMARK [2][-]{subsection.3.7}{\376\377\000P\000a\000t\000h\000\040\000P\000e\000r\000m\000i\000s\000s\000i\000o\000n\000\040\000C\000h\000e\000c\000k\000i\000n\000g}{section.3}% 10
-\BOOKMARK [2][-]{subsection.3.8}{\376\377\000P\000r\000o\000f\000i\000l\000e\000\040\000P\000e\000r\000m\000i\000s\000s\000i\000o\000n\000s}{section.3}% 11
-\BOOKMARK [2][-]{subsection.3.9}{\376\377\000S\000y\000s\000t\000e\000m\000\040\000C\000a\000l\000l\000s\000\040\000T\000a\000k\000i\000n\000g\000\040\000F\000i\000l\000e\000\040\000H\000a\000n\000d\000l\000e\000s\000,\000\040\000A\000t\000\040\000S\000y\000s\000t\000e\000m\000\040\000C\000a\000l\000l\000s}{section.3}% 12
-\BOOKMARK [2][-]{subsection.3.10}{\376\377\000F\000i\000l\000e\000\040\000D\000e\000s\000c\000r\000i\000p\000t\000o\000r\000\040\000P\000a\000s\000s\000i\000n\000g\000\040\000a\000n\000d\000\040\000R\000e\000v\000a\000l\000i\000d\000a\000t\000i\000o\000n}{section.3}% 13
-\BOOKMARK [2][-]{subsection.3.11}{\376\377\000D\000e\000l\000e\000t\000e\000d\000\040\000F\000i\000l\000e\000s}{section.3}% 14
-\BOOKMARK [2][-]{subsection.3.12}{\376\377\000T\000h\000e\000\040\000a\000c\000c\000e\000s\000s\000\040\000S\000y\000s\000t\000e\000m\000\040\000C\000a\000l\000l}{section.3}% 15
-\BOOKMARK [2][-]{subsection.3.13}{\376\377\000T\000h\000e\000\040\000p\000t\000r\000a\000c\000e\000\040\000S\000y\000s\000t\000e\000m\000\040\000C\000a\000l\000l}{section.3}% 16
-\BOOKMARK [2][-]{subsection.3.14}{\376\377\000S\000e\000c\000u\000r\000e\000\040\000E\000x\000e\000c\000u\000t\000i\000o\000n}{section.3}% 17
-\BOOKMARK [2][-]{subsection.3.15}{\376\377\000E\000x\000e\000c\000\040\000M\000o\000d\000e\000\040\000M\000e\000r\000g\000i\000n\000g\000\040\000i\000n\000\040\000P\000r\000o\000f\000i\000l\000e\000s\000,\000\040\000E\000x\000a\000c\000t\000\040\000M\000a\000t\000c\000h\000e\000s}{section.3}% 18
-\BOOKMARK [2][-]{subsection.3.16}{\376\377\000C\000a\000p\000a\000b\000i\000l\000i\000t\000i\000e\000s}{section.3}% 19
-\BOOKMARK [2][-]{subsection.3.17}{\376\377\000T\000h\000e\000\040\000s\000y\000s\000c\000t\000l\000\040\000S\000y\000s\000t\000e\000m\000\040\000C\000a\000l\000l\000\040\000a\000n\000d\000\040\000/\000p\000r\000o\000c\000/\000s\000y\000s}{section.3}% 20
-\BOOKMARK [2][-]{subsection.3.18}{\376\377\000S\000u\000b\000p\000r\000o\000f\000i\000l\000e\000s\000\040\000a\000k\000a\000.\000\040\000H\000a\000t\000s}{section.3}% 21
-\BOOKMARK [2][-]{subsection.3.19}{\376\377\000A\000s\000s\000o\000c\000i\000a\000t\000i\000o\000n\000\040\000o\000f\000\040\000P\000r\000o\000f\000i\000l\000e\000s\000\040\000w\000i\000t\000h\000\040\000P\000r\000o\000c\000e\000s\000s\000e\000s}{section.3}% 22
-\BOOKMARK [2][-]{subsection.3.20}{\376\377\000P\000r\000o\000f\000i\000l\000e\000\040\000L\000o\000a\000d\000i\000n\000g\000,\000\040\000R\000e\000p\000l\000a\000c\000e\000m\000e\000n\000t\000,\000\040\000a\000n\000d\000\040\000R\000e\000m\000o\000v\000a\000l}{section.3}% 23
-\BOOKMARK [1][-]{section.4}{\376\377\000A\000p\000p\000A\000r\000m\000o\000r\000\040\000W\000a\000l\000k\000-\000T\000h\000r\000o\000u\000g\000h}{}% 24
-\BOOKMARK [2][-]{subsection.4.1}{\376\377\000K\000e\000r\000n\000e\000l\000\040\000P\000a\000t\000c\000h\000e\000s\000\040\000a\000n\000d\000\040\000C\000o\000n\000f\000i\000g\000u\000r\000a\000t\000i\000o\000n}{section.4}% 25
-\BOOKMARK [2][-]{subsection.4.2}{\376\377\000T\000h\000e\000\040\000s\000e\000c\000u\000r\000i\000t\000y\000f\000s\000\040\000f\000i\000l\000e\000\040\000s\000y\000s\000t\000e\000m}{section.4}% 26
-\BOOKMARK [2][-]{subsection.4.3}{\376\377\000P\000r\000o\000f\000i\000l\000e\000\040\000L\000o\000a\000d\000i\000n\000g}{section.4}% 27
-\BOOKMARK [2][-]{subsection.4.4}{\376\377\000A\000n\000a\000t\000o\000m\000y\000\040\000o\000f\000\040\000a\000\040\000P\000r\000o\000f\000i\000l\000e}{section.4}% 28
-\BOOKMARK [2][-]{subsection.4.5}{\376\377\000L\000o\000g\000g\000i\000n\000g}{section.4}% 29
-\BOOKMARK [2][-]{subsection.4.6}{\376\377\000G\000e\000n\000e\000r\000a\000t\000i\000n\000g\000\040\000P\000r\000o\000f\000i\000l\000e\000s\000\040\000B\000y\000\040\000H\000a\000n\000d}{section.4}% 30
diff --git a/parser/techdoc.pdf b/parser/techdoc.pdf
deleted file mode 100644
index d53b1a30e123a86ea2c646fa6868d07c049d58be..0000000000000000000000000000000000000000
Binary files a/parser/techdoc.pdf and /dev/null differ
diff --git a/parser/techdoc.toc b/parser/techdoc.toc
deleted file mode 100644
index 92ef38e368bfda1a488ce17e21bd6ee3a64aa9e2..0000000000000000000000000000000000000000
--- a/parser/techdoc.toc
+++ /dev/null
@@ -1,30 +0,0 @@
-\contentsline {section}{\numberline {1}Introduction}{2}{section.1}%
-\contentsline {section}{\numberline {2}Overview}{2}{section.2}%
-\contentsline {section}{\numberline {3}The AppArmor Security Model}{3}{section.3}%
-\contentsline {subsection}{\numberline {3.1}Symbolic Links}{3}{subsection.3.1}%
-\contentsline {subsection}{\numberline {3.2}Namespaces}{4}{subsection.3.2}%
-\contentsline {subsection}{\numberline {3.3}Disconnected Files and Pseudo File Systems}{4}{subsection.3.3}%
-\contentsline {subsection}{\numberline {3.4}Mount}{5}{subsection.3.4}%
-\contentsline {subsection}{\numberline {3.5}The Kernel NFS Daemon}{5}{subsection.3.5}%
-\contentsline {subsection}{\numberline {3.6}Why are the computed pathnames meaningful?}{5}{subsection.3.6}%
-\contentsline {subsection}{\numberline {3.7}Path Permission Checking}{6}{subsection.3.7}%
-\contentsline {subsection}{\numberline {3.8}Profile Permissions}{7}{subsection.3.8}%
-\contentsline {subsection}{\numberline {3.9}System Calls Taking File Handles, At System Calls}{8}{subsection.3.9}%
-\contentsline {subsection}{\numberline {3.10}File Descriptor Passing and Revalidation}{8}{subsection.3.10}%
-\contentsline {subsection}{\numberline {3.11}Deleted Files}{8}{subsection.3.11}%
-\contentsline {subsection}{\numberline {3.12}The access System Call}{9}{subsection.3.12}%
-\contentsline {subsection}{\numberline {3.13}The ptrace System Call}{9}{subsection.3.13}%
-\contentsline {subsection}{\numberline {3.14}Secure Execution}{9}{subsection.3.14}%
-\contentsline {subsection}{\numberline {3.15}Exec Mode Merging in Profiles, Exact Matches}{10}{subsection.3.15}%
-\contentsline {subsection}{\numberline {3.16}Capabilities}{10}{subsection.3.16}%
-\contentsline {subsection}{\numberline {3.17}The sysctl System Call and /proc/sys}{10}{subsection.3.17}%
-\contentsline {subsection}{\numberline {3.18}Subprofiles aka. Hats}{10}{subsection.3.18}%
-\contentsline {subsection}{\numberline {3.19}Association of Profiles with Processes}{11}{subsection.3.19}%
-\contentsline {subsection}{\numberline {3.20}Profile Loading, Replacement, and Removal}{11}{subsection.3.20}%
-\contentsline {section}{\numberline {4}AppArmor Walk-Through}{12}{section.4}%
-\contentsline {subsection}{\numberline {4.1}Kernel Patches and Configuration}{12}{subsection.4.1}%
-\contentsline {subsection}{\numberline {4.2}The securityfs file system}{13}{subsection.4.2}%
-\contentsline {subsection}{\numberline {4.3}Profile Loading}{13}{subsection.4.3}%
-\contentsline {subsection}{\numberline {4.4}Anatomy of a Profile}{13}{subsection.4.4}%
-\contentsline {subsection}{\numberline {4.5}Logging}{15}{subsection.4.5}%
-\contentsline {subsection}{\numberline {4.6}Generating Profiles By Hand}{15}{subsection.4.6}%
diff --git a/parser/tst/caching.py b/parser/tst/caching.py
index 3d6f23c91b45c74b7fc1d411461b282f02ce168c..9df65e2aa066bf0821867fb8fde7d1f9da5968ca 100755
--- a/parser/tst/caching.py
+++ b/parser/tst/caching.py
@@ -17,6 +17,7 @@
import os
import shutil
+import sys
import tempfile
import unittest
from argparse import ArgumentParser
@@ -40,7 +41,7 @@ PROFILE_CONTENTS = '''
/bin/ping mixr,
/etc/modules.conf r,
}
-''' % (ABSTRACTION)
+''' % (ABSTRACTION,)
PROFILE = 'sbin.pingy'
config = None
@@ -90,7 +91,7 @@ class AAParserCachingCommon(testlib.AATestTemplate):
"""teardown for each test"""
if not self.do_cleanup:
- print("\n===> Skipping cleanup, leaving testfiles behind in '%s'" % (self.tmp_dir))
+ print("\n===> Skipping cleanup, leaving testfiles behind in '{}'".format(self.tmp_dir))
else:
if os.path.exists(self.tmp_dir):
shutil.rmtree(self.tmp_dir)
@@ -101,7 +102,7 @@ class AAParserCachingCommon(testlib.AATestTemplate):
rc, report = self.run_cmd(cmd)
if rc != 0:
if "unrecognized option '--print-cache-dir'" not in report:
- self.fail('Unknown apparmor_parser error:\n%s' % report)
+ self.fail('Unknown apparmor_parser error:\n' + report)
cache_dir = os.path.join(self.tmp_dir, 'cache')
else:
@@ -115,10 +116,10 @@ class AAParserCachingCommon(testlib.AATestTemplate):
def assert_path_exists(self, path, expected=True):
if expected:
self.assertTrue(os.path.exists(path),
- 'test did not create file %s, when it was expected to do so' % path)
+ 'test did not create file {}, when it was expected to do so'.format(path))
else:
self.assertFalse(os.path.exists(path),
- 'test created file %s, when it was not expected to do so' % path)
+ 'test created file {}, when it was not expected to do so'.format(path))
def is_apparmorfs_mounted(self):
return os.path.exists("/sys/kernel/security/apparmor")
@@ -138,11 +139,11 @@ class AAParserCachingCommon(testlib.AATestTemplate):
if expected:
self.assertEqual(
expected_output, features,
- "features contents differ, expected:\n%s\nresult:\n%s" % (expected_output, features))
+ "features contents differ, expected:\n{}\nresult:\n{}".format(expected_output, features))
else:
self.assertNotEqual(
expected_output, features,
- "features contents equal, expected:\n%s\nresult:\n%s" % (expected_output, features))
+ "features contents equal, expected:\n{}\nresult:\n{}".format(expected_output, features))
class AAParserBasicCachingTests(AAParserCachingCommon):
@@ -209,7 +210,7 @@ class AAParserAltCacheBasicTests(AAParserBasicCachingTests):
def tearDown(self):
if os.listdir(self.unused_cache_loc):
- self.fail("original cache dir '%s' not empty" % self.unused_cache_loc)
+ self.fail("original cache dir '{}' not empty".format(self.unused_cache_loc))
super().tearDown()
@@ -516,7 +517,7 @@ class AAParserAltCacheTests(AAParserCachingTests):
def tearDown(self):
if self.check_orig_cache and os.listdir(self.orig_cache_dir):
- self.fail("original cache dir '%s' not empty" % self.orig_cache_dir)
+ self.fail("original cache dir '{}' not empty".format(self.orig_cache_dir))
super().tearDown()
def test_cache_purge_leaves_original_cache_alone(self):
@@ -533,7 +534,7 @@ class AAParserAltCacheTests(AAParserCachingTests):
for f in filelist:
if not os.path.exists(os.path.join(self.orig_cache_dir, f)):
- self.fail('cache purge removed %s, was not supposed to' % (os.path.join(self.orig_cache_dir, f)))
+ self.fail('cache purge removed {}, was not supposed to'.format(os.path.join(self.orig_cache_dir, f)))
def main():
@@ -544,9 +545,7 @@ def main():
p.add_argument('-d', '--debug', action="store_true", dest="debug")
config = p.parse_args()
- verbosity = 1
- if config.verbose:
- verbosity = 2
+ verbosity = 2 if config.verbose else 1
test_suite = unittest.TestSuite()
test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(AAParserBasicCachingTests))
@@ -556,17 +555,14 @@ def main():
test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(AAParserCreateCacheAltCacheTestsCacheNotExist))
test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(AAParserCachingTests))
test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(AAParserAltCacheTests))
- rc = 0
try:
result = unittest.TextTestRunner(verbosity=verbosity).run(test_suite)
- if not result.wasSuccessful():
- rc = 1
- except:
+ except Exception:
rc = 1
-
+ else:
+ rc = 0 if result.wasSuccessful() else 1
return rc
if __name__ == "__main__":
- rc = main()
- exit(rc)
+ sys.exit(main())
diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh
index a0badfa558a4900f4e306b502bacfd513c990a35..5ee69b079a3786a0f0ef8c106bed745081604f33 100755
--- a/parser/tst/equality.sh
+++ b/parser/tst/equality.sh
@@ -28,11 +28,104 @@ APPARMOR_PARSER="${APPARMOR_PARSER:-${_SCRIPTDIR}/../apparmor_parser}"
fails=0
errors=0
verbose="${VERBOSE:-}"
+default_features_file="features.all"
+features_file=$default_features_file
+retain=0
+dumpdfa=0
+testtype=""
+description="Manually run test"
+tmpdir=$(mktemp -d /tmp/eq.$$-XXXXXX)
+chmod 755 ${tmpdir}
+export tmpdir
+
+map_priority()
+{
+ if [ -z "$1" -o "$1" == "priority=0" ] ; then
+ echo "0";
+ elif [ "$1" == "priority=-1" ] ; then
+ echo "-1"
+ elif [ "$1" == "priority=1" ] ;then
+ echo "1"
+ else
+ echo "unknown priority '$1'"
+ exit 1
+ fi
+}
+
+priority_eq()
+{
+ local p1=$(map_priority "$1")
+ local p2=$(map_priority "$2")
+
+ if [ $p1 -eq $p2 ] ; then
+ return 0
+ fi
+
+ return 1
+}
+
+priority_lt()
+{
+ local p1=$(map_priority "$1")
+ local p2=$(map_priority "$2")
+
+ if [ $p1 -lt $p2 ] ; then
+ return 0
+ fi
+
+ return 1
+}
+
+priority_gt()
+{
+ local p1=$(map_priority "$1")
+ local p2=$(map_priority "$2")
+
+ if [ $p1 -gt $p2 ] ; then
+ return 0
+ fi
+
+ return 1
+}
hash_binary_policy()
{
- printf %s "$1" | ${APPARMOR_PARSER} --features-file "${_SCRIPTDIR}/features_files/features.all" -qS 2>/dev/null| md5sum | cut -d ' ' -f 1
- return $?
+ local hash="parser_failure"
+ local dump="/dev/null"
+ local flags="-QKSq"
+ local rc=0
+
+ if [ $dumpdfa -ne 0 ] ; then
+ flags="$flags -D rule-exprs -D dfa-states"
+ dump="${tmpdir}/$1.state"
+ fi
+
+ printf %s "$2" | ${APPARMOR_PARSER} --features-file "${_SCRIPTDIR}/features_files/$features_file" ${flags} > "$tmpdir/$1.bin" 2>"$dump"
+ rc=$?
+ if [ $rc -eq 0 ] ; then
+ hash=$(sha256sum "${tmpdir}/$1.bin" | cut -d ' ' -f 1)
+ rc=$?
+ fi
+
+ printf %s $hash
+ if [ $retain -eq 0 -a $rc -ne 0 ] ; then
+ rm ${tmpdir}/*
+ else
+ mv "${tmpdir}/$1.bin" "${tmpdir}/$1.bin.$hash"
+ if [ $dumpdfa -ne 0 ] ; then
+ mv "${tmpdir}/$1.state" "$tmpdir/$1.state.$hash"
+ fi
+ fi
+
+ return $rc
+}
+
+check_retain()
+{
+ if [ ${retain} -ne 0 ] ; then
+ printf " files retained in \"%s/\"\n" ${tmpdir} 1>&2
+ exit $ret
+ fi
}
# verify_binary - compares the binary policy of multiple profiles
@@ -55,26 +148,28 @@ verify_binary()
shift
shift
- if [ "$t" != "equality" ] && [ "$t" != "inequality" ]
+ if [ "$t" != "equality" ] && [ "$t" != "inequality" ] && \
+ [ "$t" != "xequality" ] && [ "$t" != "xinequality" ]
then
printf "\nERROR: Unknown test mode:\n%s\n\n" "$t" 1>&2
((errors++))
return $((ret + 1))
fi
+ rm -f $tmpdir/*
if [ -n "$verbose" ] ; then printf "Binary %s %s" "$t" "$desc" ; fi
- if ! good_hash=$(hash_binary_policy "$good_profile")
- then
+ if ! good_hash=$(hash_binary_policy "known" "$good_profile") ; then
if [ -z "$verbose" ] ; then printf "Binary %s %s" "$t" "$desc" ; fi
printf "\nERROR: Error hashing the following \"known-good\" profile:\n%s\n\n" \
"$good_profile" 1>&2
((errors++))
+ rm -f ${tmpdir}/*
return $((ret + 1))
fi
for profile in "$@"
do
- if ! hash=$(hash_binary_policy "$profile")
+ if ! hash=$(hash_binary_policy "test" "$profile")
then
if [ -z "$verbose" ] ; then printf "Binary %s %s" "$t" "$desc" ; fi
printf "\nERROR: Error hashing the following profile:\n%s\n\n" \
@@ -84,20 +179,52 @@ verify_binary()
elif [ "$t" == "equality" ] && [ "$hash" != "$good_hash" ]
then
if [ -z "$verbose" ] ; then printf "Binary %s %s" "$t" "$desc" ; fi
- printf "\nFAIL: Hash values do not match\n" 2>&1
- printf "known-good (%s) != profile-under-test (%s) for the following profile:\n%s\n\n" \
- "$good_hash" "$hash" "$profile" 1>&2
+ printf "\nFAIL: Hash values do not match\n" 1>&2
+ printf "parser: %s -QKSq --features-file=%s\n" "${APPARMOR_PARSER}" "${_SCRIPTDIR}/features_files/$features_file" 1>&2
+ printf "known-good (%s) != profile-under-test (%s) for the following profiles:\nknown-good %s\nprofile-under-test %s\n\n" \
+ "$good_hash" "$hash" "$good_profile" "$profile" 1>&2
((fails++))
((ret++))
+ check_retain
+ elif [ "$t" == "xequality" ] && [ "$hash" == "$good_hash" ]
+ then
+ if [ -z "$verbose" ] ; then printf "Binary %s %s" "$t" "$desc" ; fi
+ printf "\nunexpected PASS: equality test with known problem, Hash values match\n" 1>&2
+ printf "parser: %s -QKSq --features-file=%s\n" "${APPARMOR_PARSER}" "${_SCRIPTDIR}/features_files/$features_file" 1>&2
+ printf "known-good (%s) == profile-under-test (%s) for the following profile:\nknown-good %s\nprofile-under-test %s\n\n" \
+ "$good_hash" "$hash" "$good_profile" "$profile" 1>&2
+ ((fails++))
+ ((ret++))
+ check_retain
+ elif [ "$t" == "xequality" ] && [ "$hash" != "$good_hash" ]
+ then
+ printf "\nknown problem %s %s: unchanged" "$t" "$desc" 1>&2
elif [ "$t" == "inequality" ] && [ "$hash" == "$good_hash" ]
then
if [ -z "$verbose" ] ; then printf "Binary %s %s" "$t" "$desc" ; fi
- printf "\nFAIL: Hash values match\n" 2>&1
- printf "known-good (%s) == profile-under-test (%s) for the following profile:\n%s\n\n" \
- "$good_hash" "$hash" "$profile" 1>&2
+ printf "\nFAIL: Hash values match\n" 1>&2
+ printf "parser: %s -QKSq --features-file=%s\n" "${APPARMOR_PARSER}" "${_SCRIPTDIR}/features_files/$features_file" 1>&2
+ printf "known-good (%s) == profile-under-test (%s) for the following profiles:\nknown-good %s\nprofile-under-test %s\n\n" \
+ "$good_hash" "$hash" "$good_profile" "$profile" 1>&2
+ ((fails++))
+ ((ret++))
+ check_retain
+ elif [ "$t" == "xinequality" ] && [ "$hash" != "$good_hash" ]
+ then
+ if [ -z "$verbose" ] ; then printf "Binary %s %s" "$t" "$desc" ; fi
+ printf "\nunexpected PASS: inequality test with known problem, Hash values do not match\n" 1>&2
+ printf "parser: %s -QKSq --features-file %s\n" "${APPARMOR_PARSER}" "${_SCRIPTDIR}/features_files/$features_file" 1>&2
+ printf "known-good (%s) != profile-under-test (%s) for the following profile:\nknown-good %s\nprofile-under-test %s\n\n" \
+ "$good_hash" "$hash" "$good_profile" "$profile" 1>&2
((fails++))
((ret++))
+ check_retain
+ elif [ "$t" == "xinequality" ] && [ "$hash" == "$good_hash" ]
+ then
+ printf "\nknown problem %s %s: unchanged" "$t" "$desc" 1>&2
+ printf "parser: %s -QKSq --features-file=%s\n" "${APPARMOR_PARSER}" "${_SCRIPTDIR}/features_files/$features_file" 1>&2
fi
+ rm -f ${tmpdir}/test*
done
if [ $ret -eq 0 ]
@@ -117,174 +244,225 @@ verify_binary_equality()
verify_binary "equality" "$@"
}
+# test we want to be equal but is currently a known problem
+verify_binary_xequality()
+{
+ verify_binary "xequality" "$@"
+}
+
verify_binary_inequality()
{
verify_binary "inequality" "$@"
}
-printf "Equality Tests:\n"
-
-verify_binary_equality "dbus send" \
- "/t { dbus send, }" \
- "/t { dbus write, }" \
- "/t { dbus w, }"
-
-verify_binary_equality "dbus receive" \
- "/t { dbus receive, }" \
- "/t { dbus read, }" \
- "/t { dbus r, }"
-
-verify_binary_equality "dbus send + receive" \
- "/t { dbus (send, receive), }" \
- "/t { dbus (read, write), }" \
- "/t { dbus (r, w), }" \
- "/t { dbus (rw), }" \
- "/t { dbus rw, }" \
-
-verify_binary_equality "dbus all accesses" \
- "/t { dbus (send, receive, bind, eavesdrop), }" \
- "/t { dbus (read, write, bind, eavesdrop), }" \
- "/t { dbus (r, w, bind, eavesdrop), }" \
- "/t { dbus (rw, bind, eavesdrop), }" \
- "/t { dbus (), }" \
- "/t { dbus, }" \
-
-verify_binary_equality "dbus implied accesses with a bus conditional" \
- "/t { dbus (send, receive, bind, eavesdrop) bus=session, }" \
- "/t { dbus (read, write, bind, eavesdrop) bus=session, }" \
- "/t { dbus (r, w, bind, eavesdrop) bus=session, }" \
- "/t { dbus (rw, bind, eavesdrop) bus=session, }" \
- "/t { dbus () bus=session, }" \
- "/t { dbus bus=session, }" \
-
-verify_binary_equality "dbus implied accesses for services" \
- "/t { dbus bind name=com.foo, }" \
- "/t { dbus name=com.foo, }"
-
-verify_binary_equality "dbus implied accesses for messages" \
- "/t { dbus (send, receive) path=/com/foo interface=org.foo, }" \
- "/t { dbus path=/com/foo interface=org.foo, }"
-
-verify_binary_equality "dbus implied accesses for messages with peer names" \
- "/t { dbus (send, receive) path=/com/foo interface=org.foo peer=(name=com.foo), }" \
- "/t { dbus path=/com/foo interface=org.foo peer=(name=com.foo), }" \
- "/t { dbus (send, receive) path=/com/foo interface=org.foo peer=(name=(com.foo)), }" \
- "/t { dbus path=/com/foo interface=org.foo peer=(name=(com.foo)), }"
-
-verify_binary_equality "dbus implied accesses for messages with peer labels" \
- "/t { dbus (send, receive) path=/com/foo interface=org.foo peer=(label=/usr/bin/app), }" \
- "/t { dbus path=/com/foo interface=org.foo peer=(label=/usr/bin/app), }"
-
-verify_binary_equality "dbus element parsing" \
- "/t { dbus bus=b path=/ interface=i member=m peer=(name=n label=l), }" \
- "/t { dbus bus=\"b\" path=\"/\" interface=\"i\" member=\"m\" peer=(name=\"n\" label=\"l\"), }" \
- "/t { dbus bus=(b) path=(/) interface=(i) member=(m) peer=(name=(n) label=(l)), }" \
- "/t { dbus bus=(\"b\") path=(\"/\") interface=(\"i\") member=(\"m\") peer=(name=(\"n\") label=(\"l\")), }" \
- "/t { dbus bus =b path =/ interface =i member =m peer =(name =n label =l), }" \
- "/t { dbus bus= b path= / interface= i member= m peer= (name= n label= l), }" \
- "/t { dbus bus = b path = / interface = i member = m peer = ( name = n label = l ), }"
-
-verify_binary_equality "dbus access parsing" \
- "/t { dbus, }" \
- "/t { dbus (), }" \
- "/t { dbus (send, receive, bind, eavesdrop), }" \
- "/t { dbus (send receive bind eavesdrop), }" \
- "/t { dbus (send, receive bind, eavesdrop), }" \
- "/t { dbus (send,receive,bind,eavesdrop), }" \
- "/t { dbus (send,receive,,,,,,,,,,,,,,,,bind,eavesdrop), }" \
- "/t { dbus (send,send,send,send send receive,bind eavesdrop), }" \
-
-verify_binary_equality "dbus variable expansion" \
- "/t { dbus (send, receive) path=/com/foo member=spork interface=org.foo peer=(name=com.foo label=/com/foo), }" \
+# test we want to be not equal but is currently a know problem
+verify_binary_xinequality()
+{
+ verify_binary "xinequality" "$@"
+}
+
+# kernel_features - test whether path(s) are present
+# $@: feature path(s) to test
+# Returns: 0 and outputs "true" if all paths exist
+# 1 and error message if features dir is not available
+# 2 and error message if path does not exist
+kernel_features()
+{
+ features_dir="/sys/kernel/security/apparmor/features/"
+ if [ ! -e "$features_dir" ] ; then
+ echo "Kernel feature masks not supported."
+ return 1;
+ fi
+
+ for f in $@ ; do
+ if [ ! -e "$features_dir/$f" ] ; then
+ # check if feature is in file
+ feature=$(basename "$features_dir/$f")
+ file=$(dirname "$features_dir/$f")
+ if [ -f $file ]; then
+ if ! grep -q $feature $file; then
+ echo "Required feature '$f' not available."
+ return 2;
+ fi
+ else
+ echo "Required feature '$f' not available."
+ return 3;
+ fi
+ fi
+ done
+
+ echo "true"
+ return 0;
+}
+
+##########################################################################
+### wrapper fn, should be indented but isn't to reduce wrap
+verify_set()
+{
+ local p1="$1"
+ local p2="$2"
+ [ -n "${verbose}" ] && echo -e "\n equality $e of '$p1' vs '$p2'\n"
+
+verify_binary_equality "'$p1'x'$p2' dbus send" \
+ "/t { $p1 dbus send, }" \
+ "/t { $p2 dbus write, }" \
+ "/t { $p2 dbus w, }"
+
+verify_binary_equality "'$p1'x'$p2' dbus receive" \
+ "/t { $p1 dbus receive, }" \
+ "/t { $p2 dbus read, }" \
+ "/t { $p2 dbus r, }"
+
+verify_binary_equality "'$p1'x'$p2' dbus send + receive" \
+ "/t { $p1 dbus (send, receive), }" \
+ "/t { $p2 dbus (read, write), }" \
+ "/t { $p2 dbus (r, w), }" \
+ "/t { $p2 dbus (rw), }" \
+ "/t { $p2 dbus rw, }" \
+
+verify_binary_equality "'$p1'x'$p2' dbus all accesses" \
+ "/t { $p1 dbus (send, receive, bind, eavesdrop), }" \
+ "/t { $p2 dbus (read, write, bind, eavesdrop), }" \
+ "/t { $p2 dbus (r, w, bind, eavesdrop), }" \
+ "/t { $p2 dbus (rw, bind, eavesdrop), }" \
+ "/t { $p2 dbus (), }" \
+ "/t { $p2 dbus, }" \
+
+verify_binary_equality "'$p1'x'$p2' dbus implied accesses with a bus conditional" \
+ "/t { $p1 dbus (send, receive, bind, eavesdrop) bus=session, }" \
+ "/t { $p2 dbus (read, write, bind, eavesdrop) bus=session, }" \
+ "/t { $p2 dbus (r, w, bind, eavesdrop) bus=session, }" \
+ "/t { $p2 dbus (rw, bind, eavesdrop) bus=session, }" \
+ "/t { $p2 dbus () bus=session, }" \
+ "/t { $p2 dbus bus=session, }" \
+
+verify_binary_equality "'$p1'x'$p2' dbus implied accesses for services" \
+ "/t { $p1 dbus bind name=com.foo, }" \
+ "/t { $p2 dbus name=com.foo, }"
+
+verify_binary_equality "'$p1'x'$p2' dbus implied accesses for messages" \
+ "/t { $p1 dbus (send, receive) path=/com/foo interface=org.foo, }" \
+ "/t { $p2 dbus path=/com/foo interface=org.foo, }"
+
+verify_binary_equality "'$p1'x'$p2' dbus implied accesses for messages with peer names" \
+ "/t { $p1 dbus (send, receive) path=/com/foo interface=org.foo peer=(name=com.foo), }" \
+ "/t { $p2 dbus path=/com/foo interface=org.foo peer=(name=com.foo), }" \
+ "/t { $p2 dbus (send, receive) path=/com/foo interface=org.foo peer=(name=(com.foo)), }" \
+ "/t { $p2 dbus path=/com/foo interface=org.foo peer=(name=(com.foo)), }"
+
+verify_binary_equality "'$p1'x'$p2' dbus implied accesses for messages with peer labels" \
+ "/t { $p1 dbus (send, receive) path=/com/foo interface=org.foo peer=(label=/usr/bin/app), }" \
+ "/t { $p2 dbus path=/com/foo interface=org.foo peer=(label=/usr/bin/app), }"
+
+verify_binary_equality "'$p1'x'$p2' dbus element parsing" \
+ "/t { $p1 dbus bus=b path=/ interface=i member=m peer=(name=n label=l), }" \
+ "/t { $p2 dbus bus=\"b\" path=\"/\" interface=\"i\" member=\"m\" peer=(name=\"n\" label=\"l\"), }" \
+ "/t { $p2 dbus bus=(b) path=(/) interface=(i) member=(m) peer=(name=(n) label=(l)), }" \
+ "/t { $p2 dbus bus=(\"b\") path=(\"/\") interface=(\"i\") member=(\"m\") peer=(name=(\"n\") label=(\"l\")), }" \
+ "/t { $p2 dbus bus =b path =/ interface =i member =m peer =(name =n label =l), }" \
+ "/t { $p2 dbus bus= b path= / interface= i member= m peer= (name= n label= l), }" \
+ "/t { $p2 dbus bus = b path = / interface = i member = m peer = ( name = n label = l ), }"
+
+verify_binary_equality "'$p1'x'$p2' dbus access parsing" \
+ "/t { $p1 dbus, }" \
+ "/t { $p2 dbus (), }" \
+ "/t { $p2 dbus (send, receive, bind, eavesdrop), }" \
+ "/t { $p2 dbus (send receive bind eavesdrop), }" \
+ "/t { $p2 dbus (send, receive bind, eavesdrop), }" \
+ "/t { $p2 dbus (send,receive,bind,eavesdrop), }" \
+ "/t { $p2 dbus (send,receive,,,,,,,,,,,,,,,,bind,eavesdrop), }" \
+ "/t { $p2 dbus (send,send,send,send send receive,bind eavesdrop), }" \
+
+verify_binary_equality "'$p1'x'$p2' dbus variable expansion" \
+ "/t { $p1 dbus (send, receive) path=/com/foo member=spork interface=org.foo peer=(name=com.foo label=/com/foo), }" \
"@{FOO}=foo
- /t { dbus (send, receive) path=/com/@{FOO} member=spork interface=org.@{FOO} peer=(name=com.@{FOO} label=/com/@{FOO}), }" \
+ /t { $p2 dbus (send, receive) path=/com/@{FOO} member=spork interface=org.@{FOO} peer=(name=com.@{FOO} label=/com/@{FOO}), }" \
"@{FOO}=foo
@{SPORK}=spork
- /t { dbus (send, receive) path=/com/@{FOO} member=@{SPORK} interface=org.@{FOO} peer=(name=com.@{FOO} label=/com/@{FOO}), }" \
+ /t { $p2 dbus (send, receive) path=/com/@{FOO} member=@{SPORK} interface=org.@{FOO} peer=(name=com.@{FOO} label=/com/@{FOO}), }" \
"@{FOO}=/com/foo
- /t { dbus (send, receive) path=@{FOO} member=spork interface=org.foo peer=(name=com.foo label=@{FOO}), }" \
+ /t { $p2 dbus (send, receive) path=@{FOO} member=spork interface=org.foo peer=(name=com.foo label=@{FOO}), }" \
"@{FOO}=com
- /t { dbus (send, receive) path=/@{FOO}/foo member=spork interface=org.foo peer=(name=@{FOO}.foo label=/@{FOO}/foo), }"
+ /t { $p2 dbus (send, receive) path=/@{FOO}/foo member=spork interface=org.foo peer=(name=@{FOO}.foo label=/@{FOO}/foo), }"
-verify_binary_equality "dbus variable expansion, multiple values/rules" \
- "/t { dbus (send, receive) path=/com/foo, dbus (send, receive) path=/com/bar, }" \
- "/t { dbus (send, receive) path=/com/{foo,bar}, }" \
- "/t { dbus (send, receive) path={/com/foo,/com/bar}, }" \
+verify_binary_equality "'$p1'x'$p2' dbus variable expansion, multiple values/rules" \
+ "/t { $p1 dbus (send, receive) path=/com/foo, $p1 dbus (send, receive) path=/com/bar, }" \
+ "/t { $p2 dbus (send, receive) path=/com/{foo,bar}, }" \
+ "/t { $p2 dbus (send, receive) path={/com/foo,/com/bar}, }" \
"@{FOO}=foo
- /t { dbus (send, receive) path=/com/@{FOO}, dbus (send, receive) path=/com/bar, }" \
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, $p2 dbus (send, receive) path=/com/bar, }" \
"@{FOO}=foo bar
- /t { dbus (send, receive) path=/com/@{FOO}, }" \
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, }" \
"@{FOO}=bar foo
- /t { dbus (send, receive) path=/com/@{FOO}, }" \
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, }" \
"@{FOO}={bar,foo}
- /t { dbus (send, receive) path=/com/@{FOO}, }" \
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, }" \
"@{FOO}=foo
@{BAR}=bar
- /t { dbus (send, receive) path=/com/{@{FOO},@{BAR}}, }" \
+ /t { $p2 dbus (send, receive) path=/com/{@{FOO},@{BAR}}, }" \
-verify_binary_equality "dbus variable expansion, ensure rule de-duping occurs" \
- "/t { dbus (send, receive) path=/com/foo, dbus (send, receive) path=/com/bar, }" \
- "/t { dbus (send, receive) path=/com/foo, dbus (send, receive) path=/com/bar, dbus (send, receive) path=/com/bar, }" \
+verify_binary_equality "'$p1'x'$p2' dbus variable expansion, ensure rule de-duping occurs" \
+ "/t { $p1 dbus (send, receive) path=/com/foo, $p1 dbus (send, receive) path=/com/bar, }" \
+ "/t { $p2 dbus (send, receive) path=/com/foo, $p2 dbus (send, receive) path=/com/bar, dbus (send, receive) path=/com/bar, }" \
"@{FOO}=bar foo bar foo
- /t { dbus (send, receive) path=/com/@{FOO}, }" \
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, }" \
"@{FOO}=bar foo bar foo
- /t { dbus (send, receive) path=/com/@{FOO}, dbus (send, receive) path=/com/@{FOO}, }"
-
-verify_binary_equality "dbus minimization with all perms" \
- "/t { dbus, }" \
- "/t { dbus bus=session, dbus, }" \
- "/t { dbus (send, receive, bind, eavesdrop), dbus, }"
-
-verify_binary_equality "dbus minimization with bind" \
- "/t { dbus bind, }" \
- "/t { dbus bind bus=session, dbus bind, }" \
- "/t { dbus bind bus=system name=com.foo, dbus bind, }"
-
-verify_binary_equality "dbus minimization with send and a bus conditional" \
- "/t { dbus send bus=system, }" \
- "/t { dbus send bus=system path=/com/foo interface=com.foo member=bar, dbus send bus=system, }" \
- "/t { dbus send bus=system peer=(label=/usr/bin/foo), dbus send bus=system, }"
-
-verify_binary_equality "dbus minimization with an audit modifier" \
- "/t { audit dbus eavesdrop, }" \
- "/t { audit dbus eavesdrop bus=session, audit dbus eavesdrop, }"
-
-verify_binary_equality "dbus minimization with a deny modifier" \
- "/t { deny dbus send bus=system peer=(name=com.foo), }" \
- "/t { deny dbus send bus=system peer=(name=com.foo label=/usr/bin/foo), deny dbus send bus=system peer=(name=com.foo), }" \
-
-verify_binary_equality "dbus minimization found in dbus abstractions" \
- "/t { dbus send bus=session, }" \
- "/t { dbus send
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, $p2 dbus (send, receive) path=/com/@{FOO}, }"
+
+verify_binary_equality "'$p1'x'$p2' dbus minimization with all perms" \
+ "/t { $p1 dbus, }" \
+ "/t { $p2 dbus bus=session, $p2 dbus, }" \
+ "/t { $p2 dbus (send, receive, bind, eavesdrop), $p2 dbus, }"
+
+verify_binary_equality "'$p1'x'$p2' dbus minimization with bind" \
+ "/t { $p1 dbus bind, }" \
+ "/t { $p2 dbus bind bus=session, $p2 dbus bind, }" \
+ "/t { $p2 dbus bind bus=system name=com.foo, $p2 dbus bind, }"
+
+verify_binary_equality "'$p1'x'$p2' dbus minimization with send and a bus conditional" \
+ "/t { $p1 dbus send bus=system, }" \
+ "/t { $p2 dbus send bus=system path=/com/foo interface=com.foo member=bar, dbus send bus=system, }" \
+ "/t { $p2 dbus send bus=system peer=(label=/usr/bin/foo), $p2 dbus send bus=system, }"
+
+verify_binary_equality "'$p1'x'$p2' dbus minimization with an audit modifier" \
+ "/t { $p1 audit dbus eavesdrop, }" \
+ "/t { $p2 audit dbus eavesdrop bus=session, $p2 audit dbus eavesdrop, }"
+
+verify_binary_equality "'$p1'x'$p2' dbus minimization with a deny modifier" \
+ "/t { $p1 deny dbus send bus=system peer=(name=com.foo), }" \
+ "/t { $p2 deny dbus send bus=system peer=(name=com.foo label=/usr/bin/foo), $p2 deny dbus send bus=system peer=(name=com.foo), }" \
+
+verify_binary_equality "'$p1'x'$p2' dbus minimization found in dbus abstractions" \
+ "/t { $p1 dbus send bus=session, }" \
+ "/t { $p2 dbus send
bus=session
path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
peer=(name=org.freedesktop.DBus),
- dbus send bus=session, }"
+ $p2 dbus send bus=session, }"
# verify slash filtering for dbus paths.
-verify_binary_equality "dbus slash filtering for paths" \
- "/t { dbus (send, receive) path=/com/foo, dbus (send, receive) path=/com/bar, }" \
- "/t { dbus (send, receive) path=/com///foo, dbus (send, receive) path=///com/bar, }" \
- "/t { dbus (send, receive) path=/com//{foo,bar}, }" \
- "/t { dbus (send, receive) path={//com/foo,/com//bar}, }" \
+verify_binary_equality "'$p1'x'$p2' dbus slash filtering for paths" \
+ "/t { $p1 dbus (send, receive) path=/com/foo, $p1 dbus (send, receive) path=/com/bar, }" \
+ "/t { $p2 dbus (send, receive) path=/com///foo, $p2 dbus (send, receive) path=///com/bar, }" \
+ "/t { $p2 dbus (send, receive) path=/com//{foo,bar}, }" \
+ "/t { $p2 dbus (send, receive) path={//com/foo,/com//bar}, }" \
"@{FOO}=/foo
- /t { dbus (send, receive) path=/com/@{FOO}, dbus (send, receive) path=/com/bar, }" \
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, $p2 dbus (send, receive) path=/com/bar, }" \
"@{FOO}=/foo /bar
- /t { dbus (send, receive) path=/com/@{FOO}, }" \
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, }" \
"@{FOO}=/bar //foo
- /t { dbus (send, receive) path=/com/@{FOO}, }" \
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, }" \
"@{FOO}=//{bar,foo}
- /t { dbus (send, receive) path=/com/@{FOO}, }" \
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, }" \
"@{FOO}=/foo
@{BAR}=bar
- /t { dbus (send, receive) path=/com/@{FOO}, dbus (send, receive) path=/com//@{BAR}, }"
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, $p2 dbus (send, receive) path=/com//@{BAR}, }"
# Rules compatible with audit, deny, and audit deny
# note: change_profile does not support audit/allow/deny atm
for rule in "capability" "capability mac_admin" \
- "network" "network tcp" "network inet6 tcp"\
"mount" "mount /a" "mount /a -> /b" "mount options in (ro) /a -> b" \
"remount" "remount /a" \
"umount" "umount /a" \
@@ -302,6 +480,35 @@ for rule in "capability" "capability mac_admin" \
"link /a -> /b" "link subset /a -> /b" \
"l /a -> /b" "l subset /a -> /b" \
"file l /a -> /b" "l subset /a -> /b"
+do
+ verify_binary_equality "'$p1'x'$p2' allow modifier for \"${rule}\"" \
+ "/t { $p1 ${rule}, }" \
+ "/t { $p2 allow ${rule}, }"
+
+ verify_binary_equality "'$p1'x'$p2' audit allow modifier for \"${rule}\"" \
+ "/t { $p1 audit ${rule}, }" \
+ "/t { $p2 audit allow ${rule}, }"
+
+ verify_binary_inequality "'$p1'x'$p2' audit, deny, and audit deny modifiers for \"${rule}\"" \
+ "/t { $p1 ${rule}, }" \
+ "/t { $p2 audit ${rule}, }" \
+ "/t { $p2 audit allow ${rule}, }" \
+ "/t { $p2 deny ${rule}, }" \
+ "/t { $p2 audit deny ${rule}, }"
+
+ verify_binary_inequality "'$p1'x'$p2' audit vs deny and audit deny modifiers for \"${rule}\"" \
+ "/t { $p1 audit ${rule}, }" \
+ "/t { $p2 deny ${rule}, }" \
+ "/t { $p2 audit deny ${rule}, }"
+
+ verify_binary_inequality "'$p1'x'$p2' deny and audit deny modifiers for \"${rule}\"" \
+ "/t { $p1 deny ${rule}, }" \
+ "/t { $p2 audit deny ${rule}, }"
+done
+
+####### special case for network TODO: for network above when network
+####### rules fixed
+for rule in "network" "network tcp" "network inet6 tcp"
do
verify_binary_equality "allow modifier for \"${rule}\"" \
"/t { ${rule}, }" \
@@ -357,36 +564,36 @@ for rule in "/f ux" "/f Ux" "/f px" "/f Px" "/f cx" "/f Cx" "/f ix" \
"file /* cux -> b" "file /* Cux -> b" "file /* cix -> b" "file /* Cix -> b"
do
- verify_binary_equality "allow modifier for \"${rule}\"" \
- "/t { ${rule}, }" \
- "/t { allow ${rule}, }"
+ verify_binary_equality "'$p1'x'$p2' allow modifier for \"${rule}\"" \
+ "/t { $p1 ${rule}, }" \
+ "/t { $p2 allow ${rule}, }"
- verify_binary_equality "audit allow modifier for \"${rule}\"" \
- "/t { audit ${rule}, }" \
- "/t { audit allow ${rule}, }"
+ verify_binary_equality "'$p1'x'$p2' audit allow modifier for \"${rule}\"" \
+ "/t { $p1 audit ${rule}, }" \
+ "/t { $p2 audit allow ${rule}, }"
# skip rules that don't end with x perm
if [ -n "${rule##*x}" ] ; then continue ; fi
- verify_binary_inequality "deny, audit deny modifier for \"${rule}\"" \
- "/t { ${rule}, }" \
- "/t { audit ${rule}, }" \
- "/t { audit allow ${rule}, }" \
- "/t { deny ${rule% *} x, }" \
- "/t { audit deny ${rule% *} x, }"
+ verify_binary_inequality "'$p1'x'$p2' deny, audit deny modifier for \"${rule}\"" \
+ "/t { $p1 ${rule}, }" \
+ "/t { $p2 audit ${rule}, }" \
+ "/t { $p2 audit allow ${rule}, }" \
+ "/t { $p2 deny ${rule% *} x, }" \
+ "/t { $p2 audit deny ${rule% *} x, }"
- verify_binary_inequality "audit vs deny and audit deny modifiers for \"${rule}\"" \
- "/t { audit ${rule}, }" \
- "/t { deny ${rule% *} x, }" \
- "/t { audit deny ${rule% *} x, }"
+ verify_binary_inequality "'$p1'x'$p2' audit vs deny and audit deny modifiers for \"${rule}\"" \
+ "/t { $p1 audit ${rule}, }" \
+ "/t { $p2 deny ${rule% *} x, }" \
+ "/t { $p2 audit deny ${rule% *} x, }"
done
# verify deny and audit deny differ for x perms
for prefix in "/f" "/*" "file /f" "file /*" ; do
- verify_binary_inequality "deny and audit deny x modifiers for \"${prefix}\"" \
- "/t { deny ${prefix} x, }" \
- "/t { audit deny ${prefix} x, }"
+ verify_binary_inequality "'$p1'x'$p2' deny and audit deny x modifiers for \"${prefix}\"" \
+ "/t { $p1 deny ${prefix} x, }" \
+ "/t { $p2 audit deny ${prefix} x, }"
done
#Test equality of leading and trailing file permissions
@@ -403,26 +610,26 @@ for audit in "" "audit" ; do
"lkm" "rwlk" "rwlm" "rwkm" \
"ralk" "ralm" "wlkm" "alkm" \
"rwlkm" "ralkm" ; do
- verify_binary_equality "leading and trailing perms for \"${perm}\"" \
- "/t { ${prefix} /f ${perm}, }" \
- "/t { ${prefix} ${perm} /f, }"
+ verify_binary_equality "'$p1'x'$p2' leading and trailing perms for \"${perm}\"" \
+ "/t { $p1 ${prefix} /f ${perm}, }" \
+ "/t { $p2 ${prefix} ${perm} /f, }"
done
if [ "$allow" == "deny" ] ; then continue ; fi
for perm in "ux" "Ux" "px" "Px" "cx" "Cx" \
"ix" "pux" "Pux" "pix" "Pix" \
"cux" "Cux" "cix" "Cix"
do
- verify_binary_equality "leading and trailing perms for \"${perm}\"" \
- "/t { ${prefix} /f ${perm}, }" \
- "/t { ${prefix} ${perm} /f, }"
+ verify_binary_equality "'$p1'x'$p2' leading and trailing perms for \"${perm}\"" \
+ "/t { $p1 ${prefix} /f ${perm}, }" \
+ "/t { $p2 ${prefix} ${perm} /f, }"
done
for perm in "px" "Px" "cx" "Cx" \
"pux" "Pux" "pix" "Pix" \
"cux" "Cux" "cix" "Cix"
do
- verify_binary_equality "leading and trailing perms for x-transition \"${perm}\"" \
- "/t { ${prefix} /f ${perm} -> b, }" \
- "/t { ${prefix} ${perm} /f -> b, }"
+ verify_binary_equality "'$p1'x'$p2' leading and trailing perms for x-transition \"${perm}\"" \
+ "/t { $p1 ${prefix} /f ${perm} -> b, }" \
+ "/t { $p2 ${prefix} ${perm} /f -> b, }"
done
done
done
@@ -442,128 +649,152 @@ do
"pix -> b" "Pix -> b" "cux -> b" "Cux -> b" \
"cix -> b" "Cix -> b"
do
- if [ "$perm1" == "$perm2" ] ; then
- verify_binary_equality "Exec perm \"${perm1}\" - most specific match: same as glob" \
- "/t { /* ${perm1}, /f ${perm2}, }" \
- "/t { /* ${perm1}, }"
+ # Fixme: have to do special handling for -> b, as this
+ # creates an entry in the transition table. However
+ # priority rules can make it so the reference to the
+ # transition table is removed, but the parser still keeps
+ # the tranition. This can lead to a situation where the
+ # test dfa with a "-> b" transition is functionally equivalent
+ # but will fail equality comparison.
+ # fix this by adding two none overlapping x rules to add
+ # xtable entries
+ # /c -> /t//b, for cx rules being converted to px -> /t//b
+ # /a -> b, for px rules
+ # the rules must come last guarantee xtable order
+ if [ "$perm1" == "$perm2" ] || priority_gt "$p1" "" ; then
+ verify_binary_equality "'$p1'x'$p2' Exec perm \"${perm1}\" - most specific match: same as glob" \
+ "/t { $p1 /f* ${perm1}, /f ${perm2}, /a px -> b, /c px -> /t//b, }" \
+ "/t { $p2 /f* ${perm1}, /a px -> b, /c px -> /t//b, }"
else
- verify_binary_inequality "Exec \"${perm1}\" vs \"${perm2}\" - most specific match: different from glob" \
- "/t { /* ${perm1}, /f ${perm2}, }" \
- "/t { /* ${perm1}, }"
+ verify_binary_inequality "'$p1'x'$p2' Exec \"${perm1}\" vs \"${perm2}\" - most specific match: different from glob" \
+ "/t { $p1 /f* ${perm1}, /f ${perm2}, /a px -> b, /c px -> /t//b, }" \
+ "/t { $p2 /f* ${perm1}, /a px -> b, /c px -> /t//b, }"
fi
done
- verify_binary_inequality "Exec \"${perm1}\" vs deny x - most specific match: different from glob" \
- "/t { /* ${perm1}, audit deny /f x, }" \
- "/t { /* ${perm1}, }"
+ if priority_gt "$p1" "" ; then
+ # priority stops permission carve out
+ verify_binary_equality "'$p1'x'$p2' Exec \"${perm1}\" vs deny x - most specific match: different from glob" \
+ "/t { $p1 /* ${perm1}, audit deny /f x, }" \
+ "/t { $p2 /* ${perm1}, }"
+ else
+ # deny rule carves out some of the match
+ verify_binary_inequality "'$p1'x'$p2' Exec \"${perm1}\" vs deny x - most specific match: different from glob" \
+ "/t { $p1 /* ${perm1}, audit deny /f x, }" \
+ "/t { $p2 /* ${perm1}, }"
+ fi
done
#Test deny carves out permission
-verify_binary_inequality "Deny removes r perm" \
- "/t { /foo/[abc] r, audit deny /foo/b r, }" \
- "/t { /foo/[abc] r, }"
+if priority_gt "$p1" "" ; then
+ verify_binary_equality "'$p1'x'$p2' Deny removes r perm" \
+ "/t { $p1 /foo/[abc] r, audit deny /foo/b r, }" \
+ "/t { $p2 /foo/[abc] r, }"
-verify_binary_equality "Deny removes r perm" \
- "/t { /foo/[abc] r, audit deny /foo/b r, }" \
- "/t { /foo/[ac] r, }"
+ verify_binary_inequality "'$p1'x'$p2' Deny removes r perm" \
+ "/t { $p1 /foo/[abc] r, audit deny /foo/b r, }" \
+ "/t { $p2 /foo/[ac] r, }"
#this one may not be true in the future depending on if the compiled profile
#is explicitly including deny permissions for dynamic composition
-verify_binary_equality "Deny of ungranted perm" \
- "/t { /foo/[abc] r, audit deny /foo/b w, }" \
- "/t { /foo/[abc] r, }"
-
-
-verify_binary_equality "change_profile == change_profile -> **" \
- "/t { change_profile, }" \
- "/t { change_profile -> **, }"
+ verify_binary_equality "'$p1'x'$p2' Deny of ungranted perm" \
+ "/t { $p1 /foo/[abc] r, audit deny /foo/b w, }" \
+ "/t { $p2 /foo/[abc] r, }"
+elif priority_eq "$p1" "" ; then
+ verify_binary_inequality "'$p1'x'$p2' Deny removes r perm" \
+ "/t { $p1 /foo/[abc] r, audit deny /foo/b r, }" \
+ "/t { $p2 /foo/[abc] r, }"
+
+ verify_binary_equality "'$p1'x'$p2' Deny removes r perm" \
+ "/t { $p1 /foo/[abc] r, audit deny /foo/b r, }" \
+ "/t { $p2 /foo/[ac] r, }"
-verify_binary_equality "change_profile /** == change_profile /** -> **" \
- "/t { change_profile /**, }" \
- "/t { change_profile /** -> **, }"
+#this one may not be true in the future depending on if the compiled profile
+#is explicitly including deny permissions for dynamic composition
+ verify_binary_equality "'$p1'x'$p2' Deny of ungranted perm" \
+ "/t { $p1 /foo/[abc] r, audit deny /foo/b w, }" \
+ "/t { $p2 /foo/[abc] r, }"
+else
+ verify_binary_inequality "'$p1'x'$p2' Deny removes r perm" \
+ "/t { $p1 /foo/[abc] r, audit deny /foo/b r, }" \
+ "/t { $p2 /foo/[abc] r, }"
+
+ verify_binary_equality "'$p1'x'$p2' Deny removes r perm" \
+ "/t { $p1 /foo/[abc] r, audit deny /foo/b r, }" \
+ "/t { $p2 /foo/[ac] r, }"
-verify_binary_equality "change_profile /** == change_profile /** -> **" \
- "/t { change_profile unsafe /**, }" \
- "/t { change_profile unsafe /** -> **, }"
+#this one may not be true in the future depending on if the compiled profile
+#is explicitly including deny permissions for dynamic composition
+ verify_binary_equality "'$p1'x'$p2' Deny of ungranted perm" \
+ "/t { $p1 /foo/[abc] r, audit deny /foo/b w, }" \
+ "/t { $p2 /foo/[abc] r, }"
+fi
-verify_binary_equality "change_profile /** == change_profile /** -> **" \
- "/t { change_profile /**, }" \
- "/t { change_profile safe /** -> **, }"
+verify_binary_equality "'$p1'x'$p2' change_profile == change_profile -> **" \
+ "/t { $p1 change_profile, }" \
+ "/t { $p2 change_profile -> **, }"
-verify_binary_inequality "change_profile /** == change_profile /** -> **" \
- "/t { change_profile /**, }" \
- "/t { change_profile unsafe /**, }"
+verify_binary_equality "'$p1'x'$p2' change_profile /** == change_profile /** -> **" \
+ "/t { $p1 change_profile /**, }" \
+ "/t { $p2 change_profile /** -> **, }"
-verify_binary_equality "profile name is hname in rule" \
- ":ns:/hname { signal peer=/hname, }" \
- ":ns:/hname { signal peer=@{profile_name}, }"
+verify_binary_equality "'$p1'x'$p2' change_profile /** == change_profile /** -> **" \
+ "/t { $p1 change_profile unsafe /**, }" \
+ "/t { $p2 change_profile unsafe /** -> **, }"
-verify_binary_inequality "profile name is NOT fq name in rule" \
- ":ns:/hname { signal peer=:ns:/hname, }" \
- ":ns:/hname { signal peer=@{profile_name}, }"
+verify_binary_equality "'$p1'x'$p2' change_profile /** == change_profile /** -> **" \
+ "/t { $p1 change_profile /**, }" \
+ "/t { $p2 change_profile safe /** -> **, }"
-verify_binary_equality "profile name is hname in sub pofile rule" \
- ":ns:/hname { profile child { signal peer=/hname//child, } }" \
- ":ns:/hname { profile child { signal peer=@{profile_name}, } }"
+verify_binary_inequality "'$p1'x'$p2' change_profile /** == change_profile /** -> **" \
+ "/t { $p1 change_profile /**, }" \
+ "/t { $p2 change_profile unsafe /**, }"
-verify_binary_inequality "profile name is NOT fq name in sub profile rule" \
- ":ns:/hname { profile child { signal peer=:ns:/hname//child, } }" \
- ":ns:/hname { profile child { signal peer=@{profile_name}, } }"
+verify_binary_equality "'$p1'x'$p2' profile name is hname in rule" \
+ ":ns:/hname { $p1 signal peer=/hname, }" \
+ ":ns:/hname { $p2 signal peer=@{profile_name}, }"
-verify_binary_equality "profile name is hname in hat rule" \
- ":ns:/hname { ^child { signal peer=/hname//child, } }" \
- ":ns:/hname { ^child { signal peer=@{profile_name}, } }"
+verify_binary_inequality "'$p1'x'$p2' profile name is NOT fq name in rule" \
+ ":ns:/hname { $p1 signal peer=:ns:/hname, }" \
+ ":ns:/hname { $p2 signal peer=@{profile_name}, }"
-verify_binary_inequality "profile name is NOT fq name in hat rule" \
- ":ns:/hname { ^child { signal peer=:ns:/hname//child, } }" \
- ":ns:/hname { ^child { signal peer=@{profile_name}, } }"
+verify_binary_equality "'$p1'x'$p2' profile name is hname in sub pofile rule" \
+ ":ns:/hname { profile child { $p1 signal peer=/hname//child, } }" \
+ ":ns:/hname { profile child { $p2 signal peer=@{profile_name}, } }"
-verify_binary_equality "@{profile_name} is literal in peer" \
- "/{a,b} { signal peer=/\{a,b\}, }" \
- "/{a,b} { signal peer=@{profile_name}, }"
+verify_binary_inequality "'$p1'x'$p2' profile name is NOT fq name in sub profile rule" \
+ ":ns:/hname { profile child { $p1 signal peer=:ns:/hname//child, } }" \
+ ":ns:/hname { profile child { $p2 signal peer=@{profile_name}, } }"
-verify_binary_equality "@{profile_name} is literal in peer with pattern" \
- "/{a,b} { signal peer={/\{a,b\},c}, }" \
- "/{a,b} { signal peer={@{profile_name},c}, }"
+verify_binary_equality "'$p1'x'$p2' profile name is hname in hat rule" \
+ ":ns:/hname { ^child { $p1 signal peer=/hname//child, } }" \
+ ":ns:/hname { ^child { $p2 signal peer=@{profile_name}, } }"
-verify_binary_inequality "@{profile_name} is not pattern in peer" \
- "/{a,b} { signal peer=/{a,b}, }" \
- "/{a,b} { signal peer=@{profile_name}, }"
+verify_binary_inequality "'$p1'x'$p2' profile name is NOT fq name in hat rule" \
+ ":ns:/hname { ^child { $p1 signal peer=:ns:/hname//child, } }" \
+ ":ns:/hname { ^child { $p2 signal peer=@{profile_name}, } }"
-verify_binary_equality "@{profile_name} is literal in peer with esc sequence" \
- "/\\\\a { signal peer=/\\\\a, }" \
- "/\\\\a { signal peer=@{profile_name}, }"
+verify_binary_equality "'$p1'x'$p2' @{profile_name} is literal in peer" \
+ "/{a,b} { $p1 signal peer=/\{a,b\}, }" \
+ "/{a,b} { $p2 signal peer=@{profile_name}, }"
-verify_binary_equality "@{profile_name} is literal in peer with esc alt sequence" \
- "/\\{a,b\\},c { signal peer=/\\{a,b\\},c, }" \
- "/\\{a,b\\},c { signal peer=@{profile_name}, }"
+verify_binary_equality "'$p1'x'$p2' @{profile_name} is literal in peer with pattern" \
+ "/{a,b} { $p1 signal peer={/\{a,b\},c}, }" \
+ "/{a,b} { $p2 signal peer={@{profile_name},c}, }"
+verify_binary_inequality "'$p1'x'$p2' @{profile_name} is not pattern in peer" \
+ "/{a,b} { $p1 signal peer=/{a,b}, }" \
+ "/{a,b} { $p2 signal peer=@{profile_name}, }"
+verify_binary_equality "'$p1'x'$p2' @{profile_name} is literal in peer with esc sequence" \
+ "/\\\\a { $p1 signal peer=/\\\\a, }" \
+ "/\\\\a { $p2 signal peer=@{profile_name}, }"
-# verify rlimit data conversions
-verify_binary_equality "set rlimit rttime <= 12 weeks" \
- "/t { set rlimit rttime <= 12 weeks, }" \
- "/t { set rlimit rttime <= $((12 * 7)) days, }" \
- "/t { set rlimit rttime <= $((12 * 7 * 24)) hours, }" \
- "/t { set rlimit rttime <= $((12 * 7 * 24 * 60)) minutes, }" \
- "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60)) seconds, }" \
- "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000)) ms, }" \
- "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000 * 1000)) us, }" \
- "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000 * 1000)), }"
+verify_binary_equality "'$p1'x'$p2' @{profile_name} is literal in peer with esc alt sequence" \
+ "/\\{a,b\\},c { $p1 signal peer=/\\{a,b\\},c, }" \
+ "/\\{a,b\\},c { $p2 signal peer=@{profile_name}, }"
-verify_binary_equality "set rlimit cpu <= 42 weeks" \
- "/t { set rlimit cpu <= 42 weeks, }" \
- "/t { set rlimit cpu <= $((42 * 7)) days, }" \
- "/t { set rlimit cpu <= $((42 * 7 * 24)) hours, }" \
- "/t { set rlimit cpu <= $((42 * 7 * 24 * 60)) minutes, }" \
- "/t { set rlimit cpu <= $((42 * 7 * 24 * 60 * 60)) seconds, }" \
- "/t { set rlimit cpu <= $((42 * 7 * 24 * 60 * 60)), }"
-verify_binary_equality "set rlimit memlock <= 2GB" \
- "/t { set rlimit memlock <= 2GB, }" \
- "/t { set rlimit memlock <= $((2 * 1024)) MB, }" \
- "/t { set rlimit memlock <= $((2 * 1024 * 1024)) KB, }" \
- "/t { set rlimit memlock <= $((2 * 1024 * 1024 * 1024)) , }"
# Unfortunately we can not just compare an empty profile and hat to a
# ie. "/t { ^test { /f r, }}"
@@ -577,62 +808,78 @@ verify_binary_equality "set rlimit memlock <= 2GB" \
# the "write" permission in the second profile and the test will fail.
# If the parser is adding the change_hat proc attr rules then the
# rules should merge and be equivalent.
-verify_binary_equality "change_hat rules automatically inserted"\
- "/t { owner /proc/[0-9]*/attr/{apparmor/,}current a, ^test { owner /proc/[0-9]*/attr/{apparmor/,}current a, /f r, }}" \
- "/t { owner /proc/[0-9]*/attr/{apparmor/,}current w, ^test { owner /proc/[0-9]*/attr/{apparmor/,}current w, /f r, }}"
+#
+# if priorities are different then the implied rule priority then the
+# implied rule will completely override or completely be overriden.
+# (the change_hat implied rule has a priority of 0)
+# because of the difference in 'a' vs 'w' permission the two rules should
+# only be equal when the append rule has the same priority as the implied
+# rule (allowing them to combine) AND the other rule is not overridden by
+# the implied rule, or both being overridden by the implied rule
+# the implied rule
+if { priority_lt "$p1" "" && priority_lt "$p2" "" ; } ||
+ { priority_eq "$p1" "" && ! priority_lt "$p2" "" ; }; then
+ verify_binary_equality "'$p1'x'$p2' change_hat rules automatically inserted"\
+ "/t { $p1 owner /proc/[0-9]*/attr/{apparmor/,}current a, ^test { $p1 owner /proc/[0-9]*/attr/{apparmor/,}current a, /f r, }}" \
+ "/t { $p2 owner /proc/[0-9]*/attr/{apparmor/,}current w, ^test { $p2 owner /proc/[0-9]*/attr/{apparmor/,}current w, /f r, }}"
+else
+ verify_binary_equality "'$p1'x'$p2' change_hat rules automatically inserted"\
+ "/t { $p1 owner /proc/[0-9]*/attr/{apparmor/,}current a, ^test { $p1 owner /proc/[0-9]*/attr/{apparmor/,}current a, /f r, }}" \
+ "/t { $p2 owner /proc/[0-9]*/attr/{apparmor/,}current w, ^test { $p2 owner /proc/[0-9]*/attr/{apparmor/,}current w, /f r, }}"
+fi
# verify slash filtering for unix socket address paths.
# see https://bugs.launchpad.net/apparmor/+bug/1856738
-verify_binary_equality "unix rules addr conditional" \
- "/t { unix bind addr=@/a/bar, }" \
- "/t { unix bind addr=@/a//bar, }" \
- "/t { unix bind addr=@//a/bar, }" \
- "/t { unix bind addr=@/a///bar, }" \
+verify_binary_equality "'$p1'x'$p2' unix rules addr conditional" \
+ "/t { $p1 unix bind addr=@/a/bar, }" \
+ "/t { $p2 unix bind addr=@/a//bar, }" \
+ "/t { $p2 unix bind addr=@//a/bar, }" \
+ "/t { $p2 unix bind addr=@/a///bar, }" \
"@{HOME}=/a/
- /t { unix bind addr=@@{HOME}/bar, }" \
+ /t { $p2 unix bind addr=@@{HOME}/bar, }" \
"@{HOME}=/a/
- /t { unix bind addr=@//@{HOME}bar, }" \
+ /t { $p2 unix bind addr=@//@{HOME}bar, }" \
"@{HOME}=/a/
- /t { unix bind addr=@/@{HOME}/bar, }"
+ /t { $p2 unix bind addr=@/@{HOME}/bar, }"
-verify_binary_equality "unix rules peer addr conditional" \
- "/t { unix peer=(addr=@/a/bar), }" \
- "/t { unix peer=(addr=@/a//bar), }" \
- "/t { unix peer=(addr=@//a/bar), }" \
- "/t { unix peer=(addr=@/a///bar), }" \
+verify_binary_equality "'$p1'x'$p2' unix rules peer addr conditional" \
+ "/t { $p1 unix peer=(addr=@/a/bar), }" \
+ "/t { $p2 unix peer=(addr=@/a//bar), }" \
+ "/t { $p2 unix peer=(addr=@//a/bar), }" \
+ "/t { $p2 unix peer=(addr=@/a///bar), }" \
"@{HOME}=/a/
- /t { unix peer=(addr=@@{HOME}/bar), }" \
+ /t { $p2 unix peer=(addr=@@{HOME}/bar), }" \
"@{HOME}=/a/
- /t { unix peer=(addr=@//@{HOME}bar), }" \
+ /t { $p2 unix peer=(addr=@//@{HOME}bar), }" \
"@{HOME}=/a/
- /t { unix peer=(addr=@/@{HOME}/bar), }"
+ /t { $p2 unix peer=(addr=@/@{HOME}/bar), }"
# verify slash filtering for mount rules
-verify_binary_equality "mount rules slash filtering" \
- "/t { mount /dev/foo -> /mnt/bar, }" \
- "/t { mount ///dev/foo -> /mnt/bar, }" \
- "/t { mount /dev/foo -> /mnt//bar, }" \
- "/t { mount /dev///foo -> ////mnt/bar, }" \
+verify_binary_equality "'$p1'x'$p2' mount rules slash filtering" \
+ "/t { $p1 mount /dev/foo -> /mnt/bar, }" \
+ "/t { $p2 mount ///dev/foo -> /mnt/bar, }" \
+ "/t { $p2 mount /dev/foo -> /mnt//bar, }" \
+ "/t { $p2 mount /dev///foo -> ////mnt/bar, }" \
"@{MNT}=/mnt/
- /t { mount /dev///foo -> @{MNT}/bar, }" \
+ /t { $p2 mount /dev///foo -> @{MNT}/bar, }" \
"@{FOO}=/foo
- /t { mount /dev//@{FOO} -> /mnt/bar, }"
+ /t { $p2 mount /dev//@{FOO} -> /mnt/bar, }"
# verify slash filtering for link rules
-verify_binary_equality "link rules slash filtering" \
- "/t { link /dev/foo -> /mnt/bar, }" \
- "/t { link ///dev/foo -> /mnt/bar, }" \
- "/t { link /dev/foo -> /mnt//bar, }" \
- "/t { link /dev///foo -> ////mnt/bar, }" \
+verify_binary_equality "'$p1'x'$p2' link rules slash filtering" \
+ "/t { $p1 link /dev/foo -> /mnt/bar, }" \
+ "/t { $p2 link ///dev/foo -> /mnt/bar, }" \
+ "/t { $p2 link /dev/foo -> /mnt//bar, }" \
+ "/t { $p2 link /dev///foo -> ////mnt/bar, }" \
"@{BAR}=/mnt/
- /t { link /dev///foo -> @{BAR}/bar, }" \
+ /t { $p2 link /dev///foo -> @{BAR}/bar, }" \
"@{FOO}=/dev/
- /t { link @{FOO}//foo -> /mnt/bar, }" \
+ /t { $p2 link @{FOO}//foo -> /mnt/bar, }" \
"@{FOO}=/dev/
@{BAR}=/mnt/
- /t { link @{FOO}/foo -> @{BAR}/bar, }"
+ /t { $p2 link @{FOO}/foo -> @{BAR}/bar, }"
-verify_binary_equality "attachment slash filtering" \
+verify_binary_equality "'$p1'x'$p2' attachment slash filtering" \
"/t /bin/foo { }" \
"/t /bin//foo { }" \
"@{BAR}=/bin/
@@ -643,22 +890,339 @@ verify_binary_equality "attachment slash filtering" \
@{FOO}=/foo
/t @{BAR}/@{FOO} { }"
+# verify comment at end of variable assignment is not treated as a value
+verify_binary_equality "comment at end of set var" \
+ "/t { /bin/ r, }" \
+ "@{BAR}=/bin/ #a tail comment
+ /t { @{BAR} r, }"
+
+verify_binary_equality "value like comment at end of set var" \
+ "/t { /{bin/,#value} r, }" \
+ "@{BAR}=bin/ \#value
+ /t { /@{BAR} r, }"
+
+
# This can potentially fail as ideally it requires a better dfa comparison
# routine as it can generates hormomorphic dfas. The enumeration of the
# dfas dumped will be different, even if the binary is the same
# Note: this test in the future will require -O filter-deny and
# -O minimize and -O remove-unreachable.
-verify_binary_equality "mount specific deny doesn't affect non-overlapping" \
- "/t { mount options=bind /e/ -> /**, }" \
- "/t { audit deny mount /s/** -> /**,
+verify_binary_equality "'$p1'x'$p2' mount specific deny doesn't affect non-overlapping" \
+ "/t { $p1 mount options=bind /e/ -> /**, }" \
+ "/t { $p2 audit deny mount /s/** -> /**,
mount options=bind /e/ -> /**, }"
if [ $fails -ne 0 ] || [ $errors -ne 0 ]
then
- printf "ERRORS: %d\nFAILS: %d\n" $errors $fails 2>&1
+ printf "ERRORS: %d\nFAILS: %d\n" $errors $fails 1>&2
exit $((fails + errors))
fi
-[ -z "${verbose}" ] && printf "\n"
-printf "PASS\n"
-exit 0
+
+## priority override equivalence tests
+## compare single rule, to multi-rule profile where one rule overrides
+## the other rule via priority.
+
+
+verify_binary_equality "'$p1'x'$p2' dbus variable expansion, multiple values/rules" \
+ "/t { dbus (send, receive) path=/com/foo, }" \
+ "/t { $p1 dbus (send, receive) path=/com/foo, $p2 dbus (send, receive) path=/com/foo, }" \
+ "@{FOO}=foo
+ /t { $p1 dbus (send, receive) path=/com/@{FOO}, $p2 dbus (send, receive) path=/com/foo, }" \
+
+verify_binary_equality "'$p1'x'$p2' dbus variable expansion, ensure rule de-duping occurs" \
+ "/t { $p1 dbus (send, receive) path=/com/foo, dbus (send, receive) path=/com/bar, }" \
+ "/t { $p2 dbus (send, receive) path=/com/foo, dbus (send, receive) path=/com/bar, dbus (send, receive) path=/com/bar, }" \
+ "@{FOO}=bar foo bar foo
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, }" \
+ "@{FOO}=bar foo bar foo
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, dbus (send, receive) path=/com/@{FOO}, }"
+
+verify_binary_equality "'$p1'x'$p2' dbus minimization with all perms" \
+ "/t { $p1 dbus, }" \
+ "/t { $p2 dbus bus=session, $p2 dbus, }" \
+ "/t { $p2 dbus (send, receive, bind, eavesdrop), $p2 dbus, }"
+
+verify_binary_equality "'$p1'x'$p2' dbus minimization with bind" \
+ "/t { $p1 dbus bind, }" \
+ "/t { $p2 dbus bind bus=session, $p2 dbus bind, }" \
+ "/t { $p2 dbus bind bus=system name=com.foo, $p2 dbus bind, }"
+
+verify_binary_equality "'$p1'x'$p2' dbus minimization with send and a bus conditional" \
+ "/t { $p1 dbus send bus=system, }" \
+ "/t { $p2 dbus send bus=system path=/com/foo interface=com.foo member=bar, dbus send bus=system, }" \
+ "/t { $p2 dbus send bus=system peer=(label=/usr/bin/foo), $p2 dbus send bus=system, }"
+
+verify_binary_equality "'$p1'x'$p2' dbus minimization with an audit modifier" \
+ "/t { $p1 audit dbus eavesdrop, }" \
+ "/t { $p2 audit dbus eavesdrop bus=session, $p2 audit dbus eavesdrop, }"
+
+verify_binary_equality "'$p1'x'$p2' dbus minimization with a deny modifier" \
+ "/t { $p1 deny dbus send bus=system peer=(name=com.foo), }" \
+ "/t { $p2 deny dbus send bus=system peer=(name=com.foo label=/usr/bin/foo), $p2 deny dbus send bus=system peer=(name=com.foo), }" \
+
+verify_binary_equality "'$p1'x'$p2' dbus minimization found in dbus abstractions" \
+ "/t { $p1 dbus send bus=session, }" \
+ "/t { $p2 dbus send
+ bus=session
+ path=/org/freedesktop/DBus
+ interface=org.freedesktop.DBus
+ member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
+ peer=(name=org.freedesktop.DBus),
+ $p2 dbus send bus=session, }"
+
+# verify slash filtering for dbus paths.
+verify_binary_equality "'$p1'x'$p2' dbus slash filtering for paths" \
+ "/t { $p1 dbus (send, receive) path=/com/foo, dbus (send, receive) path=/com/bar, }" \
+ "/t { $p2 dbus (send, receive) path=/com///foo, dbus (send, receive) path=///com/bar, }" \
+ "/t { $p2 dbus (send, receive) path=/com//{foo,bar}, }" \
+ "/t { $p2 dbus (send, receive) path={//com/foo,/com//bar}, }" \
+ "@{FOO}=/foo
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, $p2 dbus (send, receive) path=/com/bar, }" \
+ "@{FOO}=/foo /bar
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, }" \
+ "@{FOO}=/bar //foo
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, }" \
+ "@{FOO}=//{bar,foo}
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, }" \
+ "@{FOO}=/foo
+ @{BAR}=bar
+ /t { $p2 dbus (send, receive) path=/com/@{FOO}, $p2 dbus (send, receive) path=/com//@{BAR}, }"
+
+
+
+#### end of wrapper fn
+}
+
+
+run_tests()
+{
+ printf "Equality Tests:\n"
+
+ #rules that don't support priority
+
+ # verify rlimit data conversions
+ verify_binary_equality "set rlimit rttime <= 12 weeks" \
+ "/t { set rlimit rttime <= 12 weeks, }" \
+ "/t { set rlimit rttime <= $((12 * 7)) days, }" \
+ "/t { set rlimit rttime <= $((12 * 7 * 24)) hours, }" \
+ "/t { set rlimit rttime <= $((12 * 7 * 24 * 60)) minutes, }" \
+ "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60)) seconds, }" \
+ "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000)) ms, }" \
+ "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000 * 1000)) us, }" \
+ "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000 * 1000)), }"
+
+ verify_binary_equality "set rlimit cpu <= 42 weeks" \
+ "/t { set rlimit cpu <= 42 weeks, }" \
+ "/t { set rlimit cpu <= $((42 * 7)) days, }" \
+ "/t { set rlimit cpu <= $((42 * 7 * 24)) hours, }" \
+ "/t { set rlimit cpu <= $((42 * 7 * 24 * 60)) minutes, }" \
+ "/t { set rlimit cpu <= $((42 * 7 * 24 * 60 * 60)) seconds, }" \
+ "/t { set rlimit cpu <= $((42 * 7 * 24 * 60 * 60)), }"
+
+ verify_binary_equality "set rlimit memlock <= 2GB" \
+ "/t { set rlimit memlock <= 2GB, }" \
+ "/t { set rlimit memlock <= $((2 * 1024)) MB, }" \
+ "/t { set rlimit memlock <= $((2 * 1024 * 1024)) KB, }" \
+ "/t { set rlimit memlock <= $((2 * 1024 * 1024 * 1024)) , }"
+
+ run_port_range=$(kernel_features network_v8/af_inet)
+ if [ "$run_port_range" != "true" ]; then
+ echo -e "\nSkipping network af_inet tests. $run_port_range\n"
+ else
+ # network port range
+ # select features file that contains netv8 af_inet
+ features_file="features.af_inet"
+ verify_binary_equality "network port range" \
+ "/t { network port=3456-3460, }" \
+ "/t { network port=3456, \
+ network port=3457, \
+ network port=3458, \
+ network port=3459, \
+ network port=3460, }"
+
+ verify_binary_equality "network peer port range" \
+ "/t { network peer=(port=3456-3460), }" \
+ "/t { network peer=(port=3456), \
+ network peer=(port=3457), \
+ network peer=(port=3458), \
+ network peer=(port=3459), \
+ network peer=(port=3460), }"
+
+ verify_binary_inequality "network port range allows more than single port" \
+ "/t { network port=3456-3460, }" \
+ "/t { network port=3456, }"
+
+ verify_binary_inequality "network peer port range allows more than single port" \
+ "/t { network peer=(port=3456-3460), }" \
+ "/t { network peer=(port=3456), }"
+ # return to default
+ features_file=$default_features_file
+ fi
+
+ # Equality tests that set explicit priority level
+ # TODO: priority handling for file paths is currently broken
+
+ # This test is not actually correct due to two subtle
+ # interactions: - /* is special-cased to expand to /[^/\x00]+
+ # with at least one character - Quieting of [^a] in the DFA is
+ # different and cannot be manually fixed
+
+ #verify_binary_xequality "file rule carveout regex vs priority" \
+ # "/t { deny /[^a]* rwxlk, /a r, }" \
+ # "/t { priority=-1 deny /* rwxlk, /a r, }" \
+
+ # Not grouping all three together because parser correctly handles
+ # the equivalence of carveout regex and default audit deny
+ verify_binary_equality "file rule carveout regex vs priority (audit)" \
+ "/t { audit deny /[^a]* rwxlk, /a r, }" \
+ "/t { priority=-1 audit deny /* rwxlk, /a r, }"
+
+ verify_binary_equality "file rule default audit deny vs audit priority carveout" \
+ "/t { /a r, }" \
+ "/t { priority=-1 audit deny /* rwxlk, /a r, }"
+
+ # verify combinations of different priority levels
+ # for single rule comparisons, rules should keep same expected result
+ # even when the priorities are different.
+ # different priorities within a profile comparison resulting in
+ # different permission could affected expected results
+
+
+ priorities="none 0 1 -1"
+
+ for pri1 in $priorities ; do
+ if [ "$pri1" = "none" ] ; then
+ priority1=""
+ else
+ priority1="priority=$pri1"
+ fi
+ for pri2 in $priorities ; do
+ if [ "$pri2" = "none" ] ; then
+ priority2=""
+ else
+ priority2="priority=$pri2"
+ fi
+
+ verify_set "$priority1" "$priority2"
+ done
+ done
+
+ [ -z "${verbose}" ] && printf "\n"
+ printf "PASS\n"
+ exit 0
+}
+
+
+usage()
+{
+ local progname="$0"
+ local rc="$1"
+ local msg="usage: ${progname} [Options]
+
+Run the equality tests if no options given, otherwise run as directed
+by the options.
+
+Options:
+ -h, --help display this help
+ -e base args run an equality test on the following args
+ -n base args run an inequality test on the following args
+ -xequality run a known proble equality test
+ -xinequality run a known proble inequality test
+ -r on failure retain failed test output and abort
+ -d include dfa dumps with failed test output
+ -f arg features file to use
+ -p arg parser to invoke
+ --description description to print with test
+ -v verbose
+examples:
+$ equality.sh
+...
+$ equality.sh -r
+....
+inary equality 'priority=1'x'' Exec perm \"ux\" - most specific match: same as glob
+FAIL: Hash values do not match
+parser: ../apparmor_parser --config-file=./parser.conf --features-file=./features_files/features.all
+known-good (0344cd377ccb239aba4cce768b818010961d68091d8c7fae72c755cfcb48d4a2) != profile-under-test (33fdf4575322a036c2acb75f93a7154179036f1189ef68ab9f1ae98e7f865780) for the following profiles:
+known-good /t { priority=1 /* ux, /f px -> b, }
+profile-under-test /t { /* ux, }
+
+$ equality.sh -e \"/t { priority=1 /* Px -> b, /f Px, }\" \"/t { /* Px, }\"
+$ equality.sh -e \"/t { priority=1 /* Px -> b, /f Px, }\" \"/t { /* Px, }\""
+
+ echo "$msg"
+}
+
+
+POSITIONAL_ARGS=()
+
+while [[ $# -gt 0 ]]; do
+ case $1 in
+ -h|--help)
+ usage
+ exit 0
+ ;;
+ -e|--equality)
+ testtype="equality"
+ shift # past argument
+ ;;
+ --xequality)
+ testtype="xequality"
+ shift # past argument
+ ;;
+ -n|--inequality)
+ testtype="inequality"
+ shift # past argument
+ ;;
+ --xinequality)
+ testtype="xinequality"
+ shift # past argument
+ ;;
+ -d|--dfa)
+ dumpdfa=1
+ shift # past argument
+ ;;
+ -r|--retain)
+ retain=1
+ shift # past argument
+ ;;
+ -v|--verbose)
+ verbos=1
+ shift # past argument
+ ;;
+ -f|--feature-file)
+ features_file="$2"
+ shift # past argument
+ shift # past option
+ ;;
+ --description)
+ description="$2"
+ shift # past argument
+ shift # past option
+ ;;
+ -p|--parser)
+ APPARMOR_PARSER="$2"
+ shift # past argument
+ shift # past option
+ ;;
+ -*|--*)
+ echo "Unknown option $1"
+ exit 1
+ ;;
+ *)
+ POSITIONAL_ARGS+=("$1") # save positional arg
+ shift # past argument
+ ;;
+ esac
+done
+
+set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
+
+if [ $# -eq 0 -o -z $testtype] ; then
+ run_tests "$@"
+ exit $?
+fi
+
+for profile in "$@" ; do
+ verify_binary "$testtype" "$description" "$known" "$profile"
+done
diff --git a/parser/tst/errors.py b/parser/tst/errors.py
index 3be714925dd5874f0cca3cb70ccf0e362796f08f..28a3b19bc29ac9cb56133de9c6e7aac017d68430 100755
--- a/parser/tst/errors.py
+++ b/parser/tst/errors.py
@@ -13,9 +13,13 @@
#
# ------------------------------------------------------------------
+import os
import subprocess
+import sys
import unittest
from argparse import ArgumentParser
+from shutil import rmtree
+from tempfile import mkdtemp
import testlib
@@ -27,11 +31,20 @@ class AAErrorTests(testlib.AATestTemplate):
self.maxDiff = None
self.cmd_prefix = [config.parser, '--config-file=./parser.conf', '-S', '-I', 'errors']
+ self.tmpdir = os.path.realpath(mkdtemp(prefix='test-aa-parser-errors-'))
+ self.profile_dir = os.path.join(self.tmpdir, 'profile')
+ os.mkdir(self.profile_dir)
+
+
+ def tearDown(self):
+ if os.path.exists(self.tmpdir):
+ rmtree(self.tmpdir)
+
def _run_test(self, profile, message='', is_error=True):
cmd = self.cmd_prefix + [profile]
(rc, out, outerr) = self._run_cmd(cmd, stdout=subprocess.DEVNULL)
- report = "\nCommand: %s\nExit value:%s\nSTDERR\n%s" % (" ".join(cmd), rc, outerr)
+ report = "\nCommand: {}\nExit value:{}\nSTDERR\n{}".format(" ".join(cmd), rc, outerr)
if is_error:
self.assertNotEqual(rc, 0, report)
else:
@@ -89,32 +102,65 @@ class AAErrorTests(testlib.AATestTemplate):
is_error=False
)
+ def test_non_existant_profile(self):
+ test_profile = os.path.join(self.profile_dir, "does-not-exist.sd")
+ self._run_test(
+ test_profile,
+ "File {} not found, skipping...\n".format(test_profile),
+ )
+
+ # We can run this test with multiple different arguments
+ def _test_non_existant_symlink_target(self):
+ """Helper Function to test the parser on a symlink with a non-existent target"""
-def main():
- rc = 0
+ test_profile = os.path.join(self.profile_dir, "non-existant-target.sd")
+ os.symlink('does-not-exist.sd', test_profile)
+ self._run_test(
+ test_profile,
+ "File {} not found, skipping...\n".format(test_profile),
+ )
+
+ def test_non_existant_symlink_target(self):
+ '''Basic symlink test that goes nowhere'''
+ self._test_non_existant_symlink_target()
+
+ def test_non_existant_symlink_target_j0(self):
+ '''Basic symlink test that goes nowhere with 0 jobs'''
+ self.cmd_prefix.append('-j0')
+ self._test_non_existant_symlink_target()
+
+ def test_non_existant_symlink_target_j1(self):
+ '''Basic symlink test that goes nowhere with 1 job arg'''
+ self.cmd_prefix.append('-j1')
+ self._test_non_existant_symlink_target()
+
+ def test_non_existant_symlink_target_j8(self):
+ '''Basic symlink test that goes nowhere with 8 job arg'''
+ self.cmd_prefix.append('-j8')
+ self._test_non_existant_symlink_target()
+
+ def test_non_existant_symlink_target_jauto(self):
+ '''Basic symlink test that goes nowhere with auto job arg'''
+ self.cmd_prefix.append('-jauto')
+ self._test_non_existant_symlink_target()
+
+ def test_non_existant_symlink_target_in_directory(self):
+ '''Symlink test passing a directory to the parser'''
+ test_profile = os.path.join(self.profile_dir, "non-existant-target.sd")
+ os.symlink('does-not-exist.sd', test_profile)
+ self._run_test(
+ self.profile_dir,
+ "There was an error while loading profiles from {}\n".format(self.profile_dir),
+ )
+def main():
global config
p = ArgumentParser()
p.add_argument('-p', '--parser', default=testlib.DEFAULT_PARSER, action="store", dest='parser',
help="Specify path of apparmor parser to use [default = %(default)s]")
- p.add_argument('-v', '--verbose', action="store_true", dest="verbose")
- config = p.parse_args()
-
- verbosity = 1
- if config.verbose:
- verbosity = 2
-
- test_suite = unittest.TestSuite()
- test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(AAErrorTests))
- try:
- result = unittest.TextTestRunner(verbosity=verbosity).run(test_suite)
- if not result.wasSuccessful():
- rc = 1
- except:
- rc = 1
-
- return rc
+ config, args = p.parse_known_args()
+ unittest.main(argv=sys.argv[:1] + args)
if __name__ == "__main__":
- exit(main())
+ main()
diff --git a/parser/tst/features_files/features.af_inet b/parser/tst/features_files/features.af_inet
new file mode 100644
index 0000000000000000000000000000000000000000..09ef7d7b49eb5c42b3adb65bf48b55d9021b4b90
--- /dev/null
+++ b/parser/tst/features_files/features.af_inet
@@ -0,0 +1,117 @@
+capability {0xffffff
+}
+caps {extended {yes
+}
+mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf checkpoint_restore
+}
+}
+dbus {mask {acquire send receive
+}
+}
+domain {attach_conditions {xattr {yes
+}
+}
+change_hat {yes
+}
+change_hatv {yes
+}
+change_onexec {yes
+}
+change_profile {yes
+}
+computed_longest_left {yes
+}
+disconnected.path {yes
+}
+fix_binfmt_elf_mmap {yes
+}
+interruptible {yes
+}
+kill.signal {yes
+}
+post_nnp_subset {yes
+}
+stack {yes
+}
+unconfined_allowed_children {yes
+}
+version {1.2
+}
+}
+file {mask {create read write exec append mmap_exec link lock
+}
+}
+io_uring {mask {sqpoll override_creds
+}
+}
+ipc {posix_mqueue {create read write open delete setattr getattr
+}
+}
+mount {mask {mount umount pivot_root
+}
+move_mount {detached
+}
+}
+namespaces {mask {userns_create
+}
+pivot_root {no
+}
+profile {yes
+}
+userns_create {pciu&
+}
+}
+network {af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp
+}
+af_unix {yes
+}
+}
+network_v8 {af_inet {yes
+}
+af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp
+}
+}
+policy {outofband {0x000001
+}
+permstable32 {allow deny subtree cond kill complain prompt audit quiet hide xindex tag label
+}
+permstable32_version {0x000003
+}
+set_load {yes
+}
+unconfined_restrictions {change_profile {yes
+}
+io_uring {0
+}
+userns {1
+}
+}
+versions {v5 {yes
+}
+v6 {yes
+}
+v7 {yes
+}
+v8 {yes
+}
+v9 {yes
+}
+}
+}
+ptrace {mask {read trace
+}
+}
+query {label {data {yes
+}
+multi_transaction {yes
+}
+perms {allow deny audit quiet
+}
+}
+}
+rlimit {mask {cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
+}
+}
+signal {mask {hup int quit ill trap abrt bus fpe kill usr1 segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg xcpu xfsz vtalrm prof winch io pwr sys emt lost
+}
+}
diff --git a/parser/tst/features_files/features.extended-perms-no-policydb b/parser/tst/features_files/features.extended-perms-no-policydb
new file mode 100644
index 0000000000000000000000000000000000000000..9f8d5b06b6a533a1edef9e0bc79984cdbd4233f4
--- /dev/null
+++ b/parser/tst/features_files/features.extended-perms-no-policydb
@@ -0,0 +1,68 @@
+capability {0xffffff
+}
+caps {extended {yes
+}
+mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf checkpoint_restore
+}
+}
+dbus {mask {acquire send receive
+}
+}
+domain {attach_conditions {xattr {yes
+}
+}
+change_hat {yes
+}
+change_hatv {yes
+}
+change_onexec {yes
+}
+change_profile {yes
+}
+computed_longest_left {yes
+}
+disconnected.path {yes
+}
+fix_binfmt_elf_mmap {yes
+}
+interruptible {yes
+}
+kill.signal {yes
+}
+post_nnp_subset {yes
+}
+stack {yes
+}
+unconfined_allowed_children {yes
+}
+version {1.2
+}
+}
+policy {outofband {0x000001
+}
+permstable32 {allow deny subtree cond kill complain prompt audit quiet hide xindex tag label
+}
+permstable32_version {0x000003
+}
+set_load {yes
+}
+versions {v5 {yes
+}
+v6 {yes
+}
+v7 {yes
+}
+v8 {yes
+}
+v9 {yes
+}
+}
+}
+query {label {data {yes
+}
+multi_transaction {yes
+}
+perms {allow deny audit quiet
+}
+}
+}
diff --git a/parser/tst/features_files/features.extended-perms-policydb b/parser/tst/features_files/features.extended-perms-policydb
new file mode 100644
index 0000000000000000000000000000000000000000..bf629623d5dcf2cb5462109f1a62529c23f705d2
--- /dev/null
+++ b/parser/tst/features_files/features.extended-perms-policydb
@@ -0,0 +1,117 @@
+capability {0xffffff
+}
+caps {extended {yes
+}
+mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf checkpoint_restore
+}
+}
+dbus {mask {acquire send receive
+}
+}
+domain {attach_conditions {xattr {yes
+}
+}
+change_hat {yes
+}
+change_hatv {yes
+}
+change_onexec {yes
+}
+change_profile {yes
+}
+computed_longest_left {yes
+}
+disconnected.path {yes
+}
+fix_binfmt_elf_mmap {yes
+}
+interruptible {yes
+}
+kill.signal {yes
+}
+post_nnp_subset {yes
+}
+stack {yes
+}
+unconfined_allowed_children {yes
+}
+version {1.2
+}
+}
+file {mask {create read write exec append mmap_exec link lock
+}
+}
+io_uring {mask {sqpoll override_creds
+}
+}
+ipc {posix_mqueue {create read write open delete setattr getattr
+}
+}
+mount {mask {mount umount pivot_root
+}
+move_mount {detached
+}
+}
+namespaces {mask {userns_create
+}
+pivot_root {no
+}
+profile {yes
+}
+userns_create {pciu&
+}
+}
+network {af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp
+}
+af_unix {yes
+}
+}
+network_v8 {af_inet {yes
+}
+af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp
+}
+}
+policy {outofband {0x000001
+}
+permstable32 {allow deny subtree cond kill complain prompt audit quiet hide xindex tag label
+}
+permstable32_version {0x000003
+}
+set_load {yes
+}
+unconfined_restrictions {change_profile {yes
+}
+io_uring {0
+}
+userns {0
+}
+}
+versions {v5 {yes
+}
+v6 {yes
+}
+v7 {yes
+}
+v8 {yes
+}
+v9 {yes
+}
+}
+}
+ptrace {mask {read trace
+}
+}
+query {label {data {yes
+}
+multi_transaction {yes
+}
+perms {allow deny audit quiet
+}
+}
+}
+rlimit {mask {cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
+}
+}
+signal {mask {hup int quit ill trap abrt bus fpe kill usr1 segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg xcpu xfsz vtalrm prof winch io pwr sys emt lost
+}
+}
diff --git a/parser/tst/gen-dbus.py b/parser/tst/gen-dbus.py
index 544d0f64a703a07a8a28e707bba1c56b5eb96d60..9ded94002c13769d5a690372046ba368978d6068 100755
--- a/parser/tst/gen-dbus.py
+++ b/parser/tst/gen-dbus.py
@@ -25,7 +25,7 @@ def get_rule(quantifier, perms, session, name, path, interface, member, peer):
for part in (quantifier, 'dbus', perms, session, name, path, interface, member, peer):
if part:
- result += ' %s' % part
+ result += ' ' + part
result += ',\n'
@@ -37,14 +37,14 @@ def gen_file(test, xres, quantifier, perms, session, name, path, interface, memb
content = ''
content += '#\n'
- content += '#=DESCRIPTION %s\n' % test
- content += '#=EXRESULT %s\n' % xres
+ content += '#=DESCRIPTION {}\n'.format(test)
+ content += '#=EXRESULT {}\n'.format(xres)
content += '#\n'
content += '/usr/bin/foo {\n'
content += get_rule(quantifier, perms, session, name, path, interface, member, peer)
content += '}\n'
- write_file('simple_tests/generated_dbus', '%s-%s.sd' % (test, count), content)
+ write_file('simple_tests/generated_dbus', '{}-{}.sd'.format(test, count), content)
count += 1
@@ -158,4 +158,4 @@ gen_file('duplicated-conditionals', 'FAIL', '', 'peer=(name=1) peer=(name=2)', '
gen_file('duplicated-conditionals', 'FAIL', '', 'peer=(label=1) peer=(label=2)', '', '', '', '', '', '')
gen_file('duplicated-conditionals', 'FAIL', '', 'peer=(name=1) peer=(label=2)', '', '', '', '', '', '')
-print('Generated %s dbus tests' % count)
+print('Generated {} dbus tests'.format(count))
diff --git a/parser/tst/gen-xtrans.py b/parser/tst/gen-xtrans.py
index 6a915f05f075a2df9159f556facf96b0a06bdb6d..d4e015551ff38d4b2e7a03eeca6686b485e33af5 100755
--- a/parser/tst/gen-xtrans.py
+++ b/parser/tst/gen-xtrans.py
@@ -66,9 +66,9 @@ def gen_list():
for trans in trans_types:
if trans in trans_modifiers:
for mod in trans_modifiers[trans]:
- output.append("%s%sx" % (trans, mod))
+ output.append("{}{}x".format(trans, mod))
- output.append("%sx" % trans)
+ output.append("{}x".format(trans))
return output
@@ -80,19 +80,19 @@ def test_gen_list():
actual = gen_list()
if actual != expected:
- raise Exception("gen_list produced unexpected result, expected %s, got %s" % (expected, actual))
+ raise Exception("gen_list produced unexpected result, expected {}, got {}".format(expected, actual))
def build_rule(leading, qual, name, perm, target):
rule = ''
if leading:
- rule += "\t%s %s %s" % (qual, perm, name)
+ rule += "\t{} {} {}".format(qual, perm, name)
else:
- rule += "\t%s %s %s" % (qual, name, perm)
+ rule += "\t{} {} {}".format(qual, name, perm)
if target:
- rule += " -> %s" % target
+ rule += " -> {}".format(target)
rule += ",\n"
@@ -105,8 +105,8 @@ def gen_file(name, xres, leading1, qual1, rule1, perm1, target1, leading2, qual2
content = ''
content += "#\n"
- content += "#=DESCRIPTION %s\n" % name
- content += "#=EXRESULT %s\n" % xres
+ content += "#=DESCRIPTION {}\n".format(name)
+ content += "#=EXRESULT {}\n".format(xres)
content += "#\n"
content += "/usr/bin/foo {\n"
content += build_rule(leading1, qual1, rule1, perm1, target1)
@@ -197,10 +197,10 @@ def gen_safe_perms(name, xres, invert, rule1, rule2):
if (not invert or qual):
file = prefix_safe + '/' + name + '-' + invert + '-' + q + qual + '-' + 'rule-' + i + t + '.sd'
- gen_file(file, xres, 0, '%s %s' % (q, qual), rule1, i, t, 1, q, rule2, i, t)
+ gen_file(file, xres, 0, '{} {}'.format(q, qual), rule1, i, t, 1, q, rule2, i, t)
file = prefix_safe + '/' + name + '-' + invert + '-' + q + qual + i + '-' + 'rule-' + t + '.sd'
- gen_file(file, xres, 0, q, rule1, i, t, 1, '%s %s' % (q, qual), rule2, i, t)
+ gen_file(file, xres, 0, q, rule1, i, t, 1, '{} {}'.format(q, qual), rule2, i, t)
test_gen_list()
@@ -225,4 +225,4 @@ gen_safe_perms("overlap", "PASS", "inv", "/*", "/bin/cat")
gen_safe_perms("dominate", "FAIL", "inv", "/**", "/*")
gen_safe_perms("ambiguous", "FAIL", "inv", "/a*", "/*b")
-print("Generated %s xtransition interaction tests" % count)
+print("Generated {} xtransition interaction tests".format(count))
diff --git a/parser/tst/minimize.sh b/parser/tst/minimize.sh
index 3c71d91893a818ceee4b0647ff326c7b5f68e759..8b3c4850c5c58fc6464cc368fd7c0fce237a16e3 100755
--- a/parser/tst/minimize.sh
+++ b/parser/tst/minimize.sh
@@ -78,7 +78,7 @@ APPARMOR_PARSER="${APPARMOR_PARSER:-../apparmor_parser}"
# {a} (0x 40030/0/0/0)
echo -n "Minimize profiles basic perms "
-if [ "$(echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, /** w, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*} (.*)$')" -ne 6 ] ; then
+if [ "$(echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, /** w, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*}(.*)$')" -ne 6 ] ; then
echo "failed"
exit 1;
fi
@@ -93,7 +93,7 @@ echo "ok"
# {9} (0x 12804a/0/2800a/0)
# {c} (0x 40030/0/0/0)
echo -n "Minimize profiles audit perms "
-if [ "$(echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, audit /** w, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*} (.*)$')" -ne 6 ] ; then
+if [ "$(echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, audit /** w, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*}(.*)$')" -ne 6 ] ; then
echo "failed"
exit 1;
fi
@@ -112,7 +112,7 @@ echo "ok"
# {c} (0x 40030/0/0/0)
echo -n "Minimize profiles deny perms "
-if [ "$(echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, deny /** w, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*} (.*)$')" -ne 6 ] ; then
+if [ "$(echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, deny /** w, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*}(.*)$')" -ne 6 ] ; then
echo "failed"
exit 1;
fi
@@ -130,13 +130,59 @@ echo "ok"
# {c} (0x 40030/0/0/0)
echo -n "Minimize profiles audit deny perms "
-if [ "$(echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, audit deny /** w, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*} (.*)$')" -ne 5 ] ; then
+if [ "$(echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, audit deny /** w, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -O filter-deny -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*}(.*)$')" -ne 5 ] ; then
echo "failed"
exit 1;
fi
echo "ok"
+# ---------------------- extended perms ------------------------------
+
+
+# Test that not filtering deny results in more states. This test is testing
+# without filtering. The following test does the filtering
+#
+# {1} <== (allow/deny/prompt/audit/quiet)
+# {3} (0x 0/2800a///0/0/0)
+# {4} (0x 10004/2800a///0/0/0)
+# {7} (0x 40010/2800a///0/0/0)
+# {8} (0x 80020/2800a///0/0/0)
+# {9} (0x 100040/2800a///0/0/0)
+# {12} (0x 40030/0///0/0/0)
+# {2} (0x 4/0//0/0/0) <- from policydb still showing up bug
+
+## NOTE: change count from 6 to 7 when extend perms is not dependent on
+## prompt rules being present
+echo -n "Minimize profiles extended no-filter audit deny perms "
+if [ "$(echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, audit deny /** w, }" | ${APPARMOR_PARSER} -M features_files/features.extended-perms-no-policydb -QT -O minimize -O no-filter-deny -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*}(.*)$')" -ne 7 ] ; then
+ echo "failed"
+ exit 1;
+fi
+echo "ok"
+
+# same test as above except with filter-deny which should result in one less
+# accept state
+#
+# {1} <== (allow/deny/prompt/audit/quiet)
+# {4} (0x 10004/0///0/0/0)
+# {7} (0x 40010/0///0/0/0)
+# {8} (0x 80020/0///0/0/0)
+# {9} (0x 100040/0///0/0/0)
+# {12} (0x 40030/0///0/0/0)
+# {2} (0x 4/0//0/0/0) <- from policydb still showing up bug
+
+echo -n "Minimize profiles extended filter audit deny perms "
+if [ "$(echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, audit deny /** w, }" | ${APPARMOR_PARSER} -M features_files/features.extended-perms-no-policydb -QT -O minimize -O filter-deny -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*}(.*)$')" -ne 6 ] ; then
+ echo "failed"
+ exit 1;
+fi
+echo "ok"
+
+
+
+# ======================= x transition ===============================
+
# The x transition test profile is setup so that there are 3 conflicting x
# permissions, two are on paths that won't collide during dfa creation. The
# 3rd is a generic permission that should be overridden during dfa creation.
@@ -162,7 +208,7 @@ echo "ok"
#
echo -n "Minimize profiles xtrans "
-if [ "$(echo "/t { /b px, /* Pixr, /a Cx -> foo, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*} (.*)$')" -ne 3 ] ; then
+if [ "$(echo "/t { /b px, /* Pixr, /a Cx -> foo, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*}(.*)$')" -ne 3 ] ; then
echo "failed"
exit 1;
fi
@@ -170,7 +216,7 @@ echo "ok"
# same test as above + audit
echo -n "Minimize profiles audit xtrans "
-if [ "$(echo "/t { /b px, audit /* Pixr, /a Cx -> foo, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*} (.*)$')" -ne 3 ] ; then
+if [ "$(echo "/t { /b px, audit /* Pixr, /a Cx -> foo, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*}(.*)$')" -ne 3 ] ; then
echo "failed"
exit 1;
fi
@@ -183,7 +229,7 @@ echo "ok"
# {3} (0x 0/fe17f85/0/14005)
echo -n "Minimize profiles deny xtrans "
-if [ "$(echo "/t { /b px, deny /* xr, /a Cx -> foo, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*} (.*)$')" -ne 1 ] ; then
+if [ "$(echo "/t { /b px, deny /* xr, /a Cx -> foo, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*}(.*)$')" -ne 1 ] ; then
echo "failed"
exit 1;
fi
@@ -195,7 +241,7 @@ echo "ok"
# {3} (0x 0/fe17f85/0/0)
echo -n "Minimize profiles audit deny xtrans "
-if [ "$(echo "/t { /b px, audit deny /* xr, /a Cx -> foo, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*} (.*)$')" -ne 0 ] ; then
+if [ "$(echo "/t { /b px, audit deny /* xr, /a Cx -> foo, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -O no-filter-deny -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*}(.*)$')" -ne 0 ] ; then
echo "failed"
exit 1;
fi
diff --git a/parser/tst/mk_features_file.py b/parser/tst/mk_features_file.py
index bf80d0bc8f8afdd9769105f3e2e279f7f918829d..c4f421503a449d917f4e52342fbce4a58db4f64f 100755
--- a/parser/tst/mk_features_file.py
+++ b/parser/tst/mk_features_file.py
@@ -11,8 +11,8 @@
# ------------------------------------------------------------------
import os
+import sys
from argparse import ArgumentParser
-from sys import stderr, exit
from testlib import read_features_dir
@@ -27,7 +27,7 @@ def main():
config = p.parse_args()
if not os.path.exists(config.fdir):
- print('Unable to find apparmor features directory "%s"' % config.fdir, file=stderr)
+ print('Unable to find apparmor features directory "{}"'.format(config.fdir), file=sys.stderr)
return 1
features = read_features_dir(config.fdir)
@@ -37,4 +37,4 @@ def main():
if __name__ == "__main__":
- exit(main())
+ sys.exit(main())
diff --git a/parser/tst/simple_tests/all/bad_01.sd b/parser/tst/simple_tests/all/bad_01.sd
new file mode 100644
index 0000000000000000000000000000000000000000..9502657ebd16a02b16e239a87b6736197281cbb4
--- /dev/null
+++ b/parser/tst/simple_tests/all/bad_01.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic ptrace all rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ all read readby trace tracedby ,
+
+ }
diff --git a/parser/tst/simple_tests/all/bad_02.sd b/parser/tst/simple_tests/all/bad_02.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d8fc8cdf032443ebe4e6aa9a69affaefbb7d2d6a
--- /dev/null
+++ b/parser/tst/simple_tests/all/bad_02.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic ptrace all rule
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ owner all,
+
+ }
diff --git a/parser/tst/simple_tests/all/ok_01.sd b/parser/tst/simple_tests/all/ok_01.sd
new file mode 100644
index 0000000000000000000000000000000000000000..188fb5f6f9b300071cc5e61a9c6e2cd0d47db9fb
--- /dev/null
+++ b/parser/tst/simple_tests/all/ok_01.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic all rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ all,
+
+ }
diff --git a/parser/tst/simple_tests/all/ok_02.sd b/parser/tst/simple_tests/all/ok_02.sd
new file mode 100644
index 0000000000000000000000000000000000000000..cc82e3ae6eccbcca15ef39ae4ef23432a92877ec
--- /dev/null
+++ b/parser/tst/simple_tests/all/ok_02.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic all rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit all,
+
+ }
diff --git a/parser/tst/simple_tests/all/ok_03.sd b/parser/tst/simple_tests/all/ok_03.sd
new file mode 100644
index 0000000000000000000000000000000000000000..eadc3eaf4dcceb0f35aeb5a176b1eddef7a28ce0
--- /dev/null
+++ b/parser/tst/simple_tests/all/ok_03.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic all rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ allow all,
+
+ }
diff --git a/parser/tst/simple_tests/all/ok_04.sd b/parser/tst/simple_tests/all/ok_04.sd
new file mode 100644
index 0000000000000000000000000000000000000000..8458b3727bdc1b11f127c2f268ba8f22d0c3f423
--- /dev/null
+++ b/parser/tst/simple_tests/all/ok_04.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic all rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ deny all,
+
+ }
diff --git a/parser/tst/simple_tests/all/ok_05.sd b/parser/tst/simple_tests/all/ok_05.sd
new file mode 100644
index 0000000000000000000000000000000000000000..12d65cf4e687fb461ad88bf7b2553d8836bb6a63
--- /dev/null
+++ b/parser/tst/simple_tests/all/ok_05.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic all rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit deny all,
+
+ }
diff --git a/parser/tst/simple_tests/all/ok_06.sd b/parser/tst/simple_tests/all/ok_06.sd
new file mode 100644
index 0000000000000000000000000000000000000000..6016dc246a21c91a0ba684cb2802b107b02e9c26
--- /dev/null
+++ b/parser/tst/simple_tests/all/ok_06.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic all rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ audit allow all,
+
+ }
diff --git a/parser/tst/simple_tests/file/priority/bad_1.sd b/parser/tst/simple_tests/file/priority/bad_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..26cf4d5535f680f9399e4a7952fa1298f6d37f2e
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/bad_1.sd
@@ -0,0 +1,7 @@
+#
+#=Description to rule priority out of low end of range
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ priority=-1001 /usr/bin/foo r,
+}
diff --git a/parser/tst/simple_tests/file/priority/bad_2.sd b/parser/tst/simple_tests/file/priority/bad_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..84ab2df60614e6073d09e5bc6b50b8d9ddaadef2
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/bad_2.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic file rule priority outside high end of range.
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ priority=1001 /usr/bin/foo r,
+}
diff --git a/parser/tst/simple_tests/file/priority/front_perms_ok_1.sd b/parser/tst/simple_tests/file/priority/front_perms_ok_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..2375fd1dc30fd96a28eb121c28b8f67b6a9cbee4
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/front_perms_ok_1.sd
@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION perms before pathname
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+
+ priority=-1 file r /foo1,
+ priority=-1 file w /foo1,
+ priority=-1 file a /foo1,
+ priority=-1 file k /foo1,
+ priority=-1 file m /foo1,
+ priority=-1 file l /foo1,
+ priority=-1 file px /foo1,
+ priority=-1 file Px /foo2,
+ priority=-1 file ux /foo3,
+ priority=-1 file Ux /foo4,
+ priority=-1 file ix /foo5,
+ priority=-1 file unsafe px /foo6,
+ priority=-1 file unsafe Px /foo7,
+ priority=-1 file unsafe ux /foo8,
+ priority=-1 file unsafe Ux /foo9,
+ priority=-1 file unsafe ix /foo10,
+
+}
diff --git a/parser/tst/simple_tests/file/priority/front_perms_ok_2.sd b/parser/tst/simple_tests/file/priority/front_perms_ok_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f1ee0837af6c4751a1968aa3b15c422911c0ed23
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/front_perms_ok_2.sd
@@ -0,0 +1,24 @@
+#
+#=DESCRIPTION perms before pathname
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+
+ priority=-1 r /foo1,
+ priority=-1 w /foo1,
+ priority=-1 a /foo1,
+ priority=-1 k /foo1,
+ priority=-1 m /foo1,
+ priority=-1 l /foo1,
+ priority=-1 px /foo1,
+ priority=-1 Px /foo2,
+ priority=-1 ux /foo3,
+ priority=-1 Ux /foo4,
+ priority=-1 ix /foo5,
+ priority=-1 unsafe px /foo6,
+ priority=-1 unsafe Px /foo7,
+ priority=-1 unsafe ux /foo8,
+ priority=-1 unsafe Ux /foo9,
+ priority=-1 unsafe ix /foo10,
+
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_1.sd b/parser/tst/simple_tests/file/priority/ok_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..a2094645686fd3f7ae787690ba4584d83015c53b
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic file rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ priority=-1 /usr/bin/foo r,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_2.sd b/parser/tst/simple_tests/file/priority/ok_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..563202e5eba518fb0b410ca13f17772bf87f367b
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_2.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic uppercase permission file rule (should emit warning)
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ priority=-1 /usr/bin/foo RWM,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_3.sd b/parser/tst/simple_tests/file/priority/ok_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..377c248343adcca5a707bcfc3a358f2642f028d1
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_3.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION A simple successful profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ /usr/bin/foo r,
+ priority=-1 /usr/bin/blah rix,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/ok_4.sd b/parser/tst/simple_tests/file/priority/ok_4.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0078ba94fc9e1c834ece9b82da253e099a7bd956
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_4.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic inherit uppercase exec permission (should emit warning)
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ priority=-1 /usr/bin/foo iX,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_5.sd b/parser/tst/simple_tests/file/priority/ok_5.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1ca876d28e809cbb3360c18cffa6c77db45d033e
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_5.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic unconfined uppercase exec permission (should emit warning)
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ priority=+5 /usr/bin/foo UX,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_alternations_1.sd b/parser/tst/simple_tests/file/priority/ok_alternations_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1fc60fde5ad096fb27b9bedbf887efcbdd0a9240
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_alternations_1.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic file rule w/alternations
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ priority=0 /a/b/c/**{cache,data,download,/ext,fileadmin,files,images,joomla,moodledata/sessions}/** rw,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_alternations_2.sd b/parser/tst/simple_tests/file/priority/ok_alternations_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..8e89eb113cdb8be01d7f019b1f2f79705faf1b70
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_alternations_2.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic file rule w/nested alternations
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ priority=-1 /a/b/c/**{cache,data,download,/ext,file{admin,s},images,joomla,moodledata/sessions}/** rw,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_alternations_3.sd b/parser/tst/simple_tests/file/priority/ok_alternations_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..42043afb2ec773b41487365e18537cb96bf02dc5
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_alternations_3.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic file rule w/large number of alternations
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ priority=-1 /{a/a,a/b,a/c,a/d,a/e,a/f,a/g,a/h,a/i,a/j,a/k,a/l,a/m,a/n,a/o,a/p,a/q,a/r,a/s,a/t,a/u,a/v,a/w,a/x,a/y,a/z,a/A,a/B,a/C,a/D,a/E,a/F,a/G,a/H,a/I,a/J,a/K,a/L,a/M,a/N,a/O,a/P,a/Q,a/R,a/S,a/T,a/U,a/V,a/W,a/X,a/Y,a/Z,b/a,b/b,b/c,b/d,b/e,b/f,b/g,b/h,b/i,b/j,b/k,b/l,b/m,b/n,b/o,b/p,b/q,b/r,b/s,b/t,b/u,b/v,b/w,b/x,b/y,b/z,b/A,b/B,b/C,b/D,b/E,b/F,b/G,b/H,b/I,b/J,b/K,b/L,b/M,b/N,b/O,b/P,b/Q,b/R,b/S,b/T,b/U,b/V,b/W,b/X,b/Y,b/Z,c/a,c/b,c/c,c/d,c/e,c/f,c/g,c/h,c/i,c/j,c/k,c/l,c/m,c/n,c/o,c/p,c/q,c/r,c/s,c/t,c/u,c/v,c/w,c/x,c/y,c/z,c/A,c/B,c/C,c/D,c/E,c/F,c/G,c/H,c/I,c/J,c/K,c/L,c/M,c/N,c/O,c/P,c/Q,c/R,c/S,c/T,c/U,c/V,c/W,c/X,c/Y,c/Z,d/a,d/b,d/c,d/d,d/e,d/f,d/g,d/h,d/i,d/j,d/k,d/l,d/m,d/n,d/o,d/p,d/q,d/r,d/s,d/t,d/u,d/v,d/w,d/x,d/y,d/z,d/A,d/B,d/C,d/D,d/E,d/F,d/G,d/H,d/I,d/J,d/K,d/L,d/M,d/N,d/O,d/P,d/Q,d/R,d/S,d/T,d/U,d/V,d/W,d/X,d/Y,d/Z,e/a,e/b,e/c,e/d,e/e,e/f,e/g,e/h,e/i,e/j,e/k,e/l,e/m,e/n,e/o,e/p,e/q,e/r,e/s,e/t,e/u,e/v,e/w,e/x,e/y,e/z,e/A,e/B,e/C,e/D,e/E,e/F,e/G,e/H,e/I,e/J,e/K,e/L,e/M,e/N,e/O,e/P,e/Q,e/R,e/S,e/T,e/U,e/V,e/W,e/X,e/Y,e/Z,f/a,f/b,f/c,f/d,f/e,f/f,f/g,f/h,f/i,f/j,f/k,f/l,f/m,f/n,f/o,f/p,f/q,f/r,f/s,f/t,f/u,f/v,f/w,f/x,f/y,f/z,f/A,f/B,f/C,f/D,f/E,f/F,f/G,f/H,f/I,f/J,f/K,f/L,f/M,f/N,f/O,f/P,f/Q,f/R,f/S,f/T,f/U,f/V,f/W,f/X,f/Y,f/Z,g/a,g/b,g/c,g/d,g/e,g/f,g/g,g/h,g/i,g/j,g/k,g/l,g/m,g/n,g/o,g/p,g/q,g/r,g/s,g/t,g/u,g/v,g/w,g/x,g/y,g/z,g/A,g/B,g/C,g/D,g/E,g/F,g/G,g/H,g/I,g/J,g/K,g/L,g/M,g/N,g/O,g/P,g/Q,g/R,g/S,g/T,g/U,g/V,g/W,g/X,g/Y,g/Z,h/a,h/b,h/c,h/d,h/e,h/f,h/g,h/h,h/i,h/j,h/k,h/l,h/m,h/n,h/o,h/p,h/q,h/r,h/s,h/t,h/u,h/v,h/w,h/x,h/y,h/z,h/A,h/B,h/C,h/D,h/E,h/F,h/G,h/H,h/I,h/J,h/K,h/L,h/M,h/N,h/O,h/P,h/Q,h/R,h/S,h/T,h/U,h/V,h/W,h/X,h/Y,h/Z,i/a,i/b,i/c,i/d,i/e,i/f,i/g,i/h,i/i,i/j,i/k,i/l,i/m,i/n,i/o,i/p,i/q,i/r,i/s,i/t,i/u,i/v,i/w,i/x,i/y,i/z,i/A,i/B,i/C,i/D,i/E,i/F,i/G,i/H,i/I,i/J,i/K,i/L,i/M,i/N,i/O,i/P,i/Q,i/R,i/S,i/T,i/U,i/V,i/W,i/X,i/Y,i/Z,j/a,j/b,j/c,j/d,j/e,j/f,j/g,j/h,j/i,j/j,j/k,j/l,j/m,j/n,j/o,j/p,j/q,j/r,j/s,j/t,j/u,j/v,j/w,j/x,j/y,j/z,j/A,j/B,j/C,j/D,j/E,j/F,j/G,j/H,j/I,j/J,j/K,j/L,j/M,j/N,j/O,j/P,j/Q,j/R,j/S,j/T,j/U,j/V,j/W,j/X,j/Y,j/Z,k/a,k/b,k/c,k/d,k/e,k/f,k/g,k/h,k/i,k/j,k/k,k/l,k/m,k/n,k/o,k/p,k/q,k/r,k/s,k/t,k/u,k/v,k/w,k/x,k/y,k/z,k/A,k/B,k/C,k/D,k/E,k/F,k/G,k/H,k/I,k/J,k/K,k/L,k/M,k/N,k/O,k/P,k/Q,k/R,k/S,k/T,k/U,k/V,k/W,k/X,k/Y,k/Z,l/a,l/b,l/c,l/d,l/e,l/f,l/g,l/h,l/i,l/j,l/k,l/l,l/m,l/n,l/o,l/p,l/q,l/r,l/s,l/t,l/u,l/v,l/w,l/x,l/y,l/z,l/A,l/B,l/C,l/D,l/E,l/F,l/G,l/H,l/I,l/J,l/K,l/L,l/M,l/N,l/O,l/P,l/Q,l/R,l/S,l/T,l/U,l/V,l/W,l/X,l/Y,l/Z,m/a,m/b,m/c,m/d,m/e,m/f,m/g,m/h,m/i,m/j,m/k,m/l,m/m,m/n,m/o,m/p,m/q,m/r,m/s,m/t,m/u,m/v,m/w,m/x,m/y,m/z,m/A,m/B,m/C,m/D,m/E,m/F,m/G,m/H,m/I,m/J,m/K,m/L,m/M,m/N,m/O,m/P,m/Q,m/R,m/S,m/T,m/U,m/V,m/W,m/X,m/Y,m/Z,n/a,n/b,n/c,n/d,n/e,n/f,n/g,n/h,n/i,n/j,n/k,n/l,n/m,n/n,n/o,n/p,n/q,n/r,n/s,n/t,n/u,n/v,n/w,n/x,n/y,n/z,n/A,n/B,n/C,n/D,n/E,n/F,n/G,n/H,n/I,n/J,n/K,n/L,n/M,n/N,n/O,n/P,n/Q,n/R,n/S,n/T,n/U,n/V,n/W,n/X,n/Y,n/Z,o/a,o/b,o/c,o/d,o/e,o/f,o/g,o/h,o/i,o/j,o/k,o/l,o/m,o/n,o/o,o/p,o/q,o/r,o/s,o/t,o/u,o/v,o/w,o/x,o/y,o/z,o/A,o/B,o/C,o/D,o/E,o/F,o/G,o/H,o/I,o/J,o/K,o/L,o/M,o/N,o/O,o/P,o/Q,o/R,o/S,o/T,o/U,o/V,o/W,o/X,o/Y,o/Z,p/a,p/b,p/c,p/d,p/e,p/f,p/g,p/h,p/i,p/j,p/k,p/l,p/m,p/n,p/o,p/p,p/q,p/r,p/s,p/t,p/u,p/v,p/w,p/x,p/y,p/z,p/A,p/B,p/C,p/D,p/E,p/F,p/G,p/H,p/I,p/J,p/K,p/L,p/M,p/N,p/O,p/P,p/Q,p/R,p/S,p/T,p/U,p/V,p/W,p/X,p/Y,p/Z,q/a,q/b,q/c,q/d,q/e,q/f,q/g,q/h,q/i,q/j,q/k,q/l,q/m,q/n,q/o,q/p,q/q,q/r,q/s,q/t,q/u,q/v,q/w,q/x,q/y,q/z,q/A,q/B,q/C,q/D,q/E,q/F,q/G,q/H,q/I,q/J,q/K,q/L,q/M,q/N,q/O,q/P,q/Q,q/R,q/S,q/T,q/U,q/V,q/W,q/X,q/Y,q/Z,r/a,r/b,r/c,r/d,r/e,r/f,r/g,r/h,r/i,r/j,r/k,r/l,r/m,r/n,r/o,r/p,r/q,r/r,r/s,r/t,r/u,r/v,r/w,r/x,r/y,r/z,r/A,r/B,r/C,r/D,r/E,r/F,r/G,r/H,r/I,r/J,r/K,r/L,r/M,r/N,r/O,r/P,r/Q,r/R,r/S,r/T,r/U,r/V,r/W,r/X,r/Y,r/Z,s/a,s/b,s/c,s/d,s/e,s/f,s/g,s/h,s/i,s/j,s/k,s/l,s/m,s/n,s/o,s/p,s/q,s/r,s/s,s/t,s/u,s/v,s/w,s/x,s/y,s/z,s/A,s/B,s/C,s/D,s/E,s/F,s/G,s/H,s/I,s/J,s/K,s/L,s/M,s/N,s/O,s/P,s/Q,s/R,s/S,s/T,s/U,s/V,s/W,s/X,s/Y,s/Z,t/a,t/b,t/c,t/d,t/e,t/f,t/g,t/h,t/i,t/j,t/k,t/l,t/m,t/n,t/o,t/p,t/q,t/r,t/s,t/t,t/u,t/v,t/w,t/x,t/y,t/z,t/A,t/B,t/C,t/D,t/E,t/F,t/G,t/H,t/I,t/J,t/K,t/L,t/M,t/N,t/O,t/P,t/Q,t/R,t/S,t/T,t/U,t/V,t/W,t/X,t/Y,t/Z,u/a,u/b,u/c,u/d,u/e,u/f,u/g,u/h,u/i,u/j,u/k,u/l,u/m,u/n,u/o,u/p,u/q,u/r,u/s,u/t,u/u,u/v,u/w,u/x,u/y,u/z,u/A,u/B,u/C,u/D,u/E,u/F,u/G,u/H,u/I,u/J,u/K,u/L,u/M,u/N,u/O,u/P,u/Q,u/R,u/S,u/T,u/U,u/V,u/W,u/X,u/Y,u/Z,v/a,v/b,v/c,v/d,v/e,v/f,v/g,v/h,v/i,v/j,v/k,v/l,v/m,v/n,v/o,v/p,v/q,v/r,v/s,v/t,v/u,v/v,v/w,v/x,v/y,v/z,v/A,v/B,v/C,v/D,v/E,v/F,v/G,v/H,v/I,v/J,v/K,v/L,v/M,v/N,v/O,v/P,v/Q,v/R,v/S,v/T,v/U,v/V,v/W,v/X,v/Y,v/Z,w/a,w/b,w/c,w/d,w/e,w/f,w/g,w/h,w/i,w/j,w/k,w/l,w/m,w/n,w/o,w/p,w/q,w/r,w/s,w/t,w/u,w/v,w/w,w/x,w/y,w/z,w/A,w/B,w/C,w/D,w/E,w/F,w/G,w/H,w/I,w/J,w/K,w/L,w/M,w/N,w/O,w/P,w/Q,w/R,w/S,w/T,w/U,w/V,w/W,w/X,w/Y,w/Z,x/a,x/b,x/c,x/d,x/e,x/f,x/g,x/h,x/i,x/j,x/k,x/l,x/m,x/n,x/o,x/p,x/q,x/r,x/s,x/t,x/u,x/v,x/w,x/x,x/y,x/z,x/A,x/B,x/C,x/D,x/E,x/F,x/G,x/H,x/I,x/J,x/K,x/L,x/M,x/N,x/O,x/P,x/Q,x/R,x/S,x/T,x/U,x/V,x/W,x/X,x/Y,x/Z,y/a,y/b,y/c,y/d,y/e,y/f,y/g,y/h,y/i,y/j,y/k,y/l,y/m,y/n,y/o,y/p,y/q,y/r,y/s,y/t,y/u,y/v,y/w,y/x,y/y,y/z,y/A,y/B,y/C,y/D,y/E,y/F,y/G,y/H,y/I,y/J,y/K,y/L,y/M,y/N,y/O,y/P,y/Q,y/R,y/S,y/T,y/U,y/V,y/W,y/X,y/Y,y/Z,z/a,z/b,z/c,z/d,z/e,z/f,z/g,z/h,z/i,z/j,z/k,z/l,z/m,z/n,z/o,z/p,z/q,z/r,z/s,z/t,z/u,z/v,z/w,z/x,z/y,z/z} rw,
+
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_append_1.sd b/parser/tst/simple_tests/file/priority/ok_append_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..daa96daba737957d4099b8e31db7f58fd7101837
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_append_1.sd
@@ -0,0 +1,13 @@
+#
+#=DESCRIPTION test append
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ /bin/cat a,
+ /bin/true ra,
+ /bin/false ma,
+ priority=-1 /lib/libc.so la,
+ /bin/less ixa,
+ /bin/more pxa,
+ /a uxa,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_audit_deny_link.sd b/parser/tst/simple_tests/file/priority/ok_audit_deny_link.sd
new file mode 100644
index 0000000000000000000000000000000000000000..2e49f3de70c11330ac0e28aebb2e884ebd2cc830
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_audit_deny_link.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+profile test {
+ priority=-1 audit deny link /alpha/beta -> /tmp/**,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/ok_bare_1.sd b/parser/tst/simple_tests/file/priority/ok_bare_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..5993127cc2131fe79a3a13798c2969ead05b3234
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_bare_1.sd
@@ -0,0 +1,8 @@
+#
+#=Description bare file rule
+#=EXRESULT PASS
+#=TODO https://launchpad.net/bugs/1215637
+#
+/usr/bin/foo {
+ priority=19 deny file,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_carat_1.sd b/parser/tst/simple_tests/file/priority/ok_carat_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..bc25543bc69da33c3f87bc25b85480e80d22c182
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_carat_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION carat in pathname
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ priority=-1 /foo^bar r,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_carat_2.sd b/parser/tst/simple_tests/file/priority/ok_carat_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..6b13e0dc161d47d3f940f988d9e64a910ba05225
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_carat_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION trailing carat in pathname
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ priority=-1 /foo/bar^ r,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_comma_1.sd b/parser/tst/simple_tests/file/priority/ok_comma_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4fbaa0bd69926596d54022440c03aaaf4fd6a6a8
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_comma_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION comma in pathname
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ priority=-1 /foo,bar r,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_comma_2.sd b/parser/tst/simple_tests/file/priority/ok_comma_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4dc7b617ca0bf03e77025b702b8975b611cbba79
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_comma_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION comma at end of pathname
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ priority=-1 "/foobar," r,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_deny_1.sd b/parser/tst/simple_tests/file/priority/ok_deny_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1fa3f802e3285e0d72c5167eb866e852c4f1302a
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_deny_1.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION A simple deny rule
+#=EXRESULT PASS
+# vim:syntax=apparmor
+#
+/usr/bin/foo {
+ priority=-1 deny /usr/bin/foo r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/ok_deny_2.sd b/parser/tst/simple_tests/file/priority/ok_deny_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1fa3f802e3285e0d72c5167eb866e852c4f1302a
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_deny_2.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION A simple deny rule
+#=EXRESULT PASS
+# vim:syntax=apparmor
+#
+/usr/bin/foo {
+ priority=-1 deny /usr/bin/foo r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/ok_deny_3.sd b/parser/tst/simple_tests/file/priority/ok_deny_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..72fa5ddb50469882642b9fd00eeeb249620c1e00
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_deny_3.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION an overlapping deny rule
+#=EXRESULT PASS
+# vim:syntax=apparmor
+#
+/usr/bin/foo {
+ priority=-1 /usr/bin/** r,
+ priority=5 deny /usr/bin/foo r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/ok_deny_4.sd b/parser/tst/simple_tests/file/priority/ok_deny_4.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c5bb8a8da287afaf8734a9e71cd2895b8a934e29
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_deny_4.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION an exact overlapping deny rule
+#=EXRESULT PASS
+# vim:syntax=apparmor
+#
+/usr/bin/foo {
+ priority=-1 /usr/bin/foo r,
+ priority=-1 deny /usr/bin/foo r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/ok_deny_link.sd b/parser/tst/simple_tests/file/priority/ok_deny_link.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c9f126d260b0d220d2e595ee511ec336b1cf5f85
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_deny_link.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+profile test {
+ priority=-1 deny link /alpha/beta -> /tmp/**,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/ok_embedded_spaces_1.sd b/parser/tst/simple_tests/file/priority/ok_embedded_spaces_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..3b5d5dd3bf9e08b0162a7588ec3098ef34d2c350
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_embedded_spaces_1.sd
@@ -0,0 +1,6 @@
+#=DESCRIPTION Simple test case for embedded spaces
+#=EXRESULT PASS
+
+/bin/foo {
+ priority=-1 "/abc\ def" r,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_embedded_spaces_2.sd b/parser/tst/simple_tests/file/priority/ok_embedded_spaces_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..bee05bf43dc02d00eb9c9ac9429db11e77d7dfd9
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_embedded_spaces_2.sd
@@ -0,0 +1,6 @@
+#=DESCRIPTION Simple test case for embedded spaces
+#=EXRESULT PASS
+
+/bin/foo {
+ priority=-1 "/abc def" r,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_embedded_spaces_3.sd b/parser/tst/simple_tests/file/priority/ok_embedded_spaces_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..eef2b736af35dc5b79001bc9db70a874448c69ed
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_embedded_spaces_3.sd
@@ -0,0 +1,6 @@
+#=DESCRIPTION Simple test case for embedded spaces
+#=EXRESULT PASS
+
+"/bin/fo o" {
+ priority=-1 "/abc def" r,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_embedded_spaces_4.sd b/parser/tst/simple_tests/file/priority/ok_embedded_spaces_4.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f49fc2de5e469ea3fb55343de64acf28834a8f4b
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_embedded_spaces_4.sd
@@ -0,0 +1,6 @@
+#=DESCRIPTION Simple test case for embedded spaces
+#=EXRESULT PASS
+
+/bin/foo {
+ priority=-1 /abc\ def r,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_inv_char_class.sd b/parser/tst/simple_tests/file/priority/ok_inv_char_class.sd
new file mode 100644
index 0000000000000000000000000000000000000000..33f0bc3090a0be44b566bed990c17a246b9bf1dc
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_inv_char_class.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION carat in pathname
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ priority=-1 /foo[^me]bar r,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_link_1.sd b/parser/tst/simple_tests/file/priority/ok_link_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..bb227d6b3174913848c6f6e363641b0b2c096241
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_link_1.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+profile test {
+ priority=-1 /alpha/beta rl,
+ /gamma/* rwl,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/ok_link_2.sd b/parser/tst/simple_tests/file/priority/ok_link_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d9683fe79c54db87c7a14c45d911010561be46b8
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_link_2.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+profile test {
+ priority=-1 link /alpha/beta -> /tmp/**,
+ /tmp/** r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/ok_link_3.sd b/parser/tst/simple_tests/file/priority/ok_link_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..7bf458aa54b11ba30dcef94e152f60166f3ab7be
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_link_3.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+profile test {
+ priority=-1 link subset /alpha/beta -> /tmp/**,
+ /tmp/** r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/ok_link_audit_deny_owner_subset.sd b/parser/tst/simple_tests/file/priority/ok_link_audit_deny_owner_subset.sd
new file mode 100644
index 0000000000000000000000000000000000000000..67321d3e6675537f3d5b4755a7bfa9addc68f325
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_link_audit_deny_owner_subset.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION link access test with audit deny and owner restriction
+#=EXRESULT PASS
+#
+
+profile test {
+ priority=-1 audit deny owner link subset /alpha/beta -> /tmp/**,
+ /tmp/** r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/ok_link_owner.sd b/parser/tst/simple_tests/file/priority/ok_link_owner.sd
new file mode 100644
index 0000000000000000000000000000000000000000..975657a75c24399093a68b0ff2abdc47c700a0a0
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_link_owner.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test with owner restriction
+#=EXRESULT PASS
+#
+
+profile test {
+ priority=-1 owner link subset /alpha/beta -> /tmp/**,
+ /tmp/** r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/ok_lock_1.sd b/parser/tst/simple_tests/file/priority/ok_lock_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..8909cd45c2119f8b45b96a0456270ed1e4860f44
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_lock_1.sd
@@ -0,0 +1,17 @@
+#
+#=DESCRIPTION k and other perms do not conflict
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ /bin/a k,
+ /bin/b rk,
+ /bin/c wk,
+ priority=-1 /bin/d ak,
+ /bin/e lk,
+ /bin/e mk,
+ /bin/f pxk,
+ /bin/g Pxk,
+ /bin/h ixk,
+ /bin/i uxk,
+ /bin/j Uxk,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_mmap_1.sd b/parser/tst/simple_tests/file/priority/ok_mmap_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..e7b12da37c7fb26de3bb6e436b42d4e17c38a287
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_mmap_1.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION m and [uUpPi]x do not conflict
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ priority=-1 /bin/cat mix,
+ /bin/true mpx,
+ priority=-1 /bin/false mux,
+ priority=-1 /lib/libc.so rwlm,
+ /bin/less mUx,
+ priority=10 /bin/more mPx,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_mmap_2.sd b/parser/tst/simple_tests/file/priority/ok_mmap_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..67212eacb2dbe8bdd00e2a7442196fc8fe598064
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_mmap_2.sd
@@ -0,0 +1,14 @@
+#
+#=DESCRIPTION m and [upi]x do not conflict, separate rules
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ /bin/cat rm,
+ /bin/cat ix,
+ priority=-1 /bin/true px,
+ /bin/true m,
+ /bin/false m,
+ /bin/false ux,
+ priority=-1 /lib/libc.so rwl,
+ /lib/libc.so m,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_octal_1.sd b/parser/tst/simple_tests/file/priority/ok_octal_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c09abb95a1f226af4ceaeff4eb59b3088aa54a24
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_octal_1.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION simple octal test
+#=EXRESULT PASS
+#
+
+profile ascii {
+ priority=-1 /bin/\141bcde rix,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_octal_2.sd b/parser/tst/simple_tests/file/priority/ok_octal_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..26530126ab4a0d43e71424c1475e9abc5d9e61b9
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_octal_2.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION simple quoted octal expansion
+#=EXRESULT PASS
+#
+
+profile octal {
+ priority=-1 "/bin/a b \143 d e" rix,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_other_1.sd b/parser/tst/simple_tests/file/priority/ok_other_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..39d16cb83407e55e88de2f1ac110e6ecd7373e4d
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_other_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple other flag test
+#=EXRESULT PASS
+
+profile test {
+ priority=-1 other /tmp/** rw,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_other_2.sd b/parser/tst/simple_tests/file/priority/ok_other_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..bbbbe43eec9d7e76b1bca549944e84e05d51d784
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_other_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple deny other flag test
+#=EXRESULT PASS
+
+profile test {
+ priority=-1 deny other /tmp/** rw,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_other_3.sd b/parser/tst/simple_tests/file/priority/ok_other_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..ac0e4be6b3f38f687527e476cc5ad56d00236e30
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_other_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple other flag test
+#=EXRESULT PASS
+
+profile test {
+ priority=-1 audit other /tmp/** rw,
+}
diff --git a/parser/tst/simple_tests/file/priority/ok_quoted_1.sd b/parser/tst/simple_tests/file/priority/ok_quoted_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d0844ad826c7e77cd8c6a0c30a98440f7a50a041
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_quoted_1.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION simple quoted tab expansion
+#=EXRESULT PASS
+#
+
+profile test {
+ priority=-1 "/bin/alpha\tbeta" rix,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/ok_quoted_2.sd b/parser/tst/simple_tests/file/priority/ok_quoted_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1bc317668495627d109e6af263f4ebebf59221a7
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_quoted_2.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION simple quoted newline expansion
+#=EXRESULT PASS
+#
+
+profile test {
+ priority=-1 "/bin/alpha\nbeta" rix,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/ok_quoted_3.sd b/parser/tst/simple_tests/file/priority/ok_quoted_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..459e23f1ed5aece39e6ef490cccd5dc39c28d716
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_quoted_3.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION simple quoted carriage return expansion
+#=EXRESULT PASS
+#
+
+profile test {
+ priority=-1 "/bin/alpha\rbeta" rix,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/ok_quoted_4.sd b/parser/tst/simple_tests/file/priority/ok_quoted_4.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4227a539b15fa04065ef0718aad1b0fd4a4acd9c
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_quoted_4.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION simple quoted quote expansion
+#=EXRESULT PASS
+#
+
+profile test {
+ priority=-1 "/bin/alpha\"beta" rix,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/ok_quoted_5.sd b/parser/tst/simple_tests/file/priority/ok_quoted_5.sd
new file mode 100644
index 0000000000000000000000000000000000000000..fd1836f8b4e6e1eb6d9d520b7c7acb3415f4b867
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_quoted_5.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION simple quoted backslash expansion
+#=EXRESULT PASS
+#
+
+profile test {
+ priority=-1 "/bin/alpha\\beta" rix,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/ok_slashquote_1.sd b/parser/tst/simple_tests/file/priority/ok_slashquote_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0924ceb9bc3423047f591a52338aefbe24a3d68c
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/ok_slashquote_1.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION unnecessary slash quotes are okay (should emit warning)
+#=EXRESULT PASS
+#
+
+profile blart {
+ priority=-1 /bingo/bang\o/bongo rw,
+}
diff --git a/parser/tst/simple_tests/file/priority/stacking_ok_1.sd b/parser/tst/simple_tests/file/priority/stacking_ok_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..56b39992363db1e38e8610b1980258756f06eaa9
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/stacking_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic file exec rule with stacking target
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ priority=-1 /bin/bar px -> &baz,
+}
diff --git a/parser/tst/simple_tests/file/priority/var1_ok_audit_deny_link.sd b/parser/tst/simple_tests/file/priority/var1_ok_audit_deny_link.sd
new file mode 100644
index 0000000000000000000000000000000000000000..168999ff64dfc8013e2d23d8381a30254a96a675
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var1_ok_audit_deny_link.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 audit deny link @{var} -> @{var},
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var1_ok_deny_link.sd b/parser/tst/simple_tests/file/priority/var1_ok_deny_link.sd
new file mode 100644
index 0000000000000000000000000000000000000000..a4d55650aa8a3e82cfef7995ca3876c7897ddd1d
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var1_ok_deny_link.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 deny link @{var} -> @{var},
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var1_ok_link_1.sd b/parser/tst/simple_tests/file/priority/var1_ok_link_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..5069fd4f6b222c46cdfd804a922433594b01c485
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var1_ok_link_1.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 @{var} rl,
+ priority=-1 /gamma/* rwl,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var1_ok_link_2.sd b/parser/tst/simple_tests/file/priority/var1_ok_link_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f074f9c8555942011c6a27896e397497f67bad9e
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var1_ok_link_2.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 link @{var} -> @{var},
+ priority=-1 @{var} r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var1_ok_link_3.sd b/parser/tst/simple_tests/file/priority/var1_ok_link_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..54b8e03e4d25a29b7ccffac9561519100868be6b
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var1_ok_link_3.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 link subset @{var} -> @{var},
+ priority=-1 @{var} r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var1_src_ok_audit_deny_link.sd b/parser/tst/simple_tests/file/priority/var1_src_ok_audit_deny_link.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d05278fc409f6ac89314386d8b8c6de6fd428d46
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var1_src_ok_audit_deny_link.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 audit deny link @{var} -> /tmp/**,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var1_src_ok_deny_link.sd b/parser/tst/simple_tests/file/priority/var1_src_ok_deny_link.sd
new file mode 100644
index 0000000000000000000000000000000000000000..9fe80b0f4ee6abdb86e7a2779fbb1fa117c29d2b
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var1_src_ok_deny_link.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 deny link @{var} -> /tmp/**,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var1_src_ok_link_1.sd b/parser/tst/simple_tests/file/priority/var1_src_ok_link_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..5069fd4f6b222c46cdfd804a922433594b01c485
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var1_src_ok_link_1.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 @{var} rl,
+ priority=-1 /gamma/* rwl,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var1_src_ok_link_2.sd b/parser/tst/simple_tests/file/priority/var1_src_ok_link_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..373508ec237cdf67d181fc25d1fc206548bb87bc
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var1_src_ok_link_2.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 link @{var} -> /tmp/**,
+ priority=-1 /tmp/** r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var1_src_ok_link_3.sd b/parser/tst/simple_tests/file/priority/var1_src_ok_link_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..60b5b9b84ac83c08c896a13e8593a22a094bcb7c
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var1_src_ok_link_3.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 link subset @{var} -> /tmp/**,
+ /tmp/** r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var1_target_ok_audit_deny_link.sd b/parser/tst/simple_tests/file/priority/var1_target_ok_audit_deny_link.sd
new file mode 100644
index 0000000000000000000000000000000000000000..e0fc27a79b209c5c3c4f6341ee2f0db9080742ab
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var1_target_ok_audit_deny_link.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 audit deny link /alpha/beta -> @{var},
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var1_target_ok_deny_link.sd b/parser/tst/simple_tests/file/priority/var1_target_ok_deny_link.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d52a0e71d70d83cfcbb1e2adde8ee05ff7b773ce
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var1_target_ok_deny_link.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 deny link /alpha/beta -> @{var},
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var1_target_ok_link_1.sd b/parser/tst/simple_tests/file/priority/var1_target_ok_link_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..6078a72c45a68d5e1eed897fed40f59b5d06c413
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var1_target_ok_link_1.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 /alpha/beta rl,
+ /gamma/* rwl,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var1_target_ok_link_2.sd b/parser/tst/simple_tests/file/priority/var1_target_ok_link_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d0f735798b6e2d603fd362a8c9d09a30fbe09580
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var1_target_ok_link_2.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 link /alpha/beta -> @{var},
+ priority=-1 @{var} r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var1_target_ok_link_3.sd b/parser/tst/simple_tests/file/priority/var1_target_ok_link_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c561351c71e02b936640dfc046d6bd953ec659ea
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var1_target_ok_link_3.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 link subset /alpha/beta -> @{var},
+ priority=-1 @{var} r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var2_ok_audit_deny_link.sd b/parser/tst/simple_tests/file/priority/var2_ok_audit_deny_link.sd
new file mode 100644
index 0000000000000000000000000000000000000000..8547060d578caa4a6c14f23b00d28652bfa2def3
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var2_ok_audit_deny_link.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 audit deny link /foo@{var} -> /foo@{var},
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var2_ok_deny_link.sd b/parser/tst/simple_tests/file/priority/var2_ok_deny_link.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4360476e891c27d7730bf21d6260e3a612b719b1
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var2_ok_deny_link.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 deny link /foo@{var} -> /foo@{var},
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var2_ok_link_1.sd b/parser/tst/simple_tests/file/priority/var2_ok_link_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..3075c2fb632ae9f56061c6213ddf4b34d9fbbdd3
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var2_ok_link_1.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=11 /foo@{var} rl,
+ /gamma/* rwl,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var2_ok_link_2.sd b/parser/tst/simple_tests/file/priority/var2_ok_link_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..69d59834cf411968f13f34afda00c19dafda86a0
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var2_ok_link_2.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 link /foo@{var} -> /foo@{var},
+ /foo@{var} r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var2_ok_link_3.sd b/parser/tst/simple_tests/file/priority/var2_ok_link_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..81b44b024716b996c8876830496f07d5022963f0
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var2_ok_link_3.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 link subset /foo@{var} -> /foo@{var},
+ /foo@{var} r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var2_src_ok_audit_deny_link.sd b/parser/tst/simple_tests/file/priority/var2_src_ok_audit_deny_link.sd
new file mode 100644
index 0000000000000000000000000000000000000000..2d880b19c94425014591856639d344943b870c73
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var2_src_ok_audit_deny_link.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ audit deny link /foo@{var} -> /tmp/**,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var2_src_ok_deny_link.sd b/parser/tst/simple_tests/file/priority/var2_src_ok_deny_link.sd
new file mode 100644
index 0000000000000000000000000000000000000000..a6c4bace6ef38ce92681e89cab96b0e98a53490b
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var2_src_ok_deny_link.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ deny link /foo@{var} -> /tmp/**,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var2_src_ok_link_1.sd b/parser/tst/simple_tests/file/priority/var2_src_ok_link_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..fe1b2dcf8b21590eab6439b848ade3200672f5aa
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var2_src_ok_link_1.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ /foo@{var} rl,
+ /gamma/* rwl,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var2_src_ok_link_2.sd b/parser/tst/simple_tests/file/priority/var2_src_ok_link_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..5bc6ef81c2b4f3f1b599fd182ce3eda1be84d996
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var2_src_ok_link_2.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ link /foo@{var} -> /tmp/**,
+ /tmp/** r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var2_src_ok_link_3.sd b/parser/tst/simple_tests/file/priority/var2_src_ok_link_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0bdd95fc4c752512efb0e1ac441e005dad2b43cd
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var2_src_ok_link_3.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ link subset /foo@{var} -> /tmp/**,
+ /tmp/** r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var2_target_ok_audit_deny_link.sd b/parser/tst/simple_tests/file/priority/var2_target_ok_audit_deny_link.sd
new file mode 100644
index 0000000000000000000000000000000000000000..9c83e7ea9582d27a645d00598a2440bb23d43934
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var2_target_ok_audit_deny_link.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 audit deny link /alpha/beta -> /foo@{var},
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var2_target_ok_deny_link.sd b/parser/tst/simple_tests/file/priority/var2_target_ok_deny_link.sd
new file mode 100644
index 0000000000000000000000000000000000000000..83321243fdd5fd7b66b6fa31b3241b632f4b237a
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var2_target_ok_deny_link.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ deny link /alpha/beta -> /foo@{var},
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var2_target_ok_link_1.sd b/parser/tst/simple_tests/file/priority/var2_target_ok_link_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..6078a72c45a68d5e1eed897fed40f59b5d06c413
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var2_target_ok_link_1.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 /alpha/beta rl,
+ /gamma/* rwl,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var2_target_ok_link_2.sd b/parser/tst/simple_tests/file/priority/var2_target_ok_link_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0b8ab39808c7fe6252c4a246408996771ab21a9b
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var2_target_ok_link_2.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 link /alpha/beta -> /foo@{var},
+ /foo@{var} r,
+}
+
diff --git a/parser/tst/simple_tests/file/priority/var2_target_ok_link_3.sd b/parser/tst/simple_tests/file/priority/var2_target_ok_link_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..e5eb73ceae5a6b51375240497fa9d17731a5ad93
--- /dev/null
+++ b/parser/tst/simple_tests/file/priority/var2_target_ok_link_3.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION simple link access test
+#=EXRESULT PASS
+#
+
+@{var}=/test
+profile test {
+ priority=-1 link subset /alpha/beta -> /foo@{var},
+ /foo@{var} r,
+}
+
diff --git a/parser/tst/simple_tests/io_uring/bad_io_uring_01.sd b/parser/tst/simple_tests/io_uring/bad_io_uring_01.sd
new file mode 100644
index 0000000000000000000000000000000000000000..7f49415cddfcd5abd6c4621c7e7c38d21a3f8491
--- /dev/null
+++ b/parser/tst/simple_tests/io_uring/bad_io_uring_01.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic io_uring invalid access
+#=EXRESULT FAIL
+#
+/usr/bin/io_uring-test {
+ io_uring read,
+
+}
diff --git a/parser/tst/simple_tests/io_uring/bad_io_uring_02.sd b/parser/tst/simple_tests/io_uring/bad_io_uring_02.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4cef61f7a666faf3c463138b54c75fdcacbc090e
--- /dev/null
+++ b/parser/tst/simple_tests/io_uring/bad_io_uring_02.sd
@@ -0,0 +1,8 @@
+#
+#=Description io_uring invalid label
+#=EXRESULT FAIL
+#
+/usr/bin/io_uring-test {
+ io_uring label=,
+
+}
diff --git a/parser/tst/simple_tests/io_uring/bad_io_uring_03.sd b/parser/tst/simple_tests/io_uring/bad_io_uring_03.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4fa305754893c8640498478eab37338143f5157c
--- /dev/null
+++ b/parser/tst/simple_tests/io_uring/bad_io_uring_03.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic io_uring bad conditionals
+#=EXRESULT FAIL
+#
+/usr/bin/io_uring-test {
+ io_uring peer=foo,
+
+}
diff --git a/parser/tst/simple_tests/io_uring/bad_io_uring_04.sd b/parser/tst/simple_tests/io_uring/bad_io_uring_04.sd
new file mode 100644
index 0000000000000000000000000000000000000000..20ab1307cc6751b77233dec46a30cd5292762276
--- /dev/null
+++ b/parser/tst/simple_tests/io_uring/bad_io_uring_04.sd
@@ -0,0 +1,8 @@
+#
+#=Description io_uring valid perm bad conditionals
+#=EXRESULT FAIL
+#
+/usr/bin/io_uring-test {
+ io_uring override_creds peer=foo,
+
+}
diff --git a/parser/tst/simple_tests/io_uring/bad_io_uring_outside_01.sd b/parser/tst/simple_tests/io_uring/bad_io_uring_outside_01.sd
new file mode 100644
index 0000000000000000000000000000000000000000..6a1d595d9ab0f02e3f58109745eb9a3467ae3241
--- /dev/null
+++ b/parser/tst/simple_tests/io_uring/bad_io_uring_outside_01.sd
@@ -0,0 +1,6 @@
+#
+#=Description io_uring rule outside of a profile
+#=EXRESULT FAIL
+#
+
+ io_uring,
diff --git a/parser/tst/simple_tests/io_uring/ok_io_uring_01.sd b/parser/tst/simple_tests/io_uring/ok_io_uring_01.sd
new file mode 100644
index 0000000000000000000000000000000000000000..661d5f7c1e49a0968e1db9051ce3c09bba0c6f47
--- /dev/null
+++ b/parser/tst/simple_tests/io_uring/ok_io_uring_01.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic io_uring all rule
+#=EXRESULT PASS
+#
+/usr/bin/io_uring-rule {
+ io_uring,
+
+}
diff --git a/parser/tst/simple_tests/io_uring/ok_io_uring_02.sd b/parser/tst/simple_tests/io_uring/ok_io_uring_02.sd
new file mode 100644
index 0000000000000000000000000000000000000000..b749e4eea1b333feac651b2ab0098b6723bb92f6
--- /dev/null
+++ b/parser/tst/simple_tests/io_uring/ok_io_uring_02.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic deny io_uring all rule
+#=EXRESULT PASS
+#
+/usr/bin/io_uring-rule {
+ deny io_uring,
+
+}
diff --git a/parser/tst/simple_tests/io_uring/ok_io_uring_03.sd b/parser/tst/simple_tests/io_uring/ok_io_uring_03.sd
new file mode 100644
index 0000000000000000000000000000000000000000..06120703f5cd6561462e4df366118c36fae00776
--- /dev/null
+++ b/parser/tst/simple_tests/io_uring/ok_io_uring_03.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic allow io_uring all rule
+#=EXRESULT PASS
+#
+/usr/bin/io_uring-rule {
+ allow io_uring,
+
+}
diff --git a/parser/tst/simple_tests/io_uring/ok_io_uring_04.sd b/parser/tst/simple_tests/io_uring/ok_io_uring_04.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1ce495f9a7ca1d9fa09c518b418c26465012f5d8
--- /dev/null
+++ b/parser/tst/simple_tests/io_uring/ok_io_uring_04.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic audit io_uring all rule
+#=EXRESULT PASS
+#
+/usr/bin/io_uring-test {
+ audit io_uring,
+
+}
diff --git a/parser/tst/simple_tests/io_uring/ok_io_uring_05.sd b/parser/tst/simple_tests/io_uring/ok_io_uring_05.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c91204a5fb6ab6753c6f1094727856e5c33cf0d0
--- /dev/null
+++ b/parser/tst/simple_tests/io_uring/ok_io_uring_05.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic io_uring sqpoll rule
+#=EXRESULT PASS
+#
+/usr/bin/io_uring-test {
+ io_uring sqpoll,
+
+}
diff --git a/parser/tst/simple_tests/io_uring/ok_io_uring_06.sd b/parser/tst/simple_tests/io_uring/ok_io_uring_06.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1956953a0ed8f7961098078b09f04d8934ca4611
--- /dev/null
+++ b/parser/tst/simple_tests/io_uring/ok_io_uring_06.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic io_uring override_creds rule
+#=EXRESULT PASS
+#
+/usr/bin/io_uring-test {
+ io_uring override_creds,
+
+}
diff --git a/parser/tst/simple_tests/io_uring/ok_io_uring_07.sd b/parser/tst/simple_tests/io_uring/ok_io_uring_07.sd
new file mode 100644
index 0000000000000000000000000000000000000000..b78f99b013559d6a47a2d020f85016d7dce67ce2
--- /dev/null
+++ b/parser/tst/simple_tests/io_uring/ok_io_uring_07.sd
@@ -0,0 +1,10 @@
+#
+#=Description io_uring override_creds rule with label
+#=EXRESULT PASS
+#
+/usr/bin/io_uring-test {
+ io_uring override_creds label=foo,
+ io_uring override_creds label=/path/to/foo,
+ io_uring label=/bar,
+
+}
diff --git a/parser/tst/simple_tests/io_uring/ok_io_uring_08.sd b/parser/tst/simple_tests/io_uring/ok_io_uring_08.sd
new file mode 100644
index 0000000000000000000000000000000000000000..37d0c3822d575563f8464f599e0a4a28d117bae4
--- /dev/null
+++ b/parser/tst/simple_tests/io_uring/ok_io_uring_08.sd
@@ -0,0 +1,18 @@
+#
+#=Description basic io_uring mixed rules
+#=EXRESULT PASS
+#
+/usr/bin/io_uring-test {
+ io_uring,
+ io_uring sqpoll,
+ io_uring override_creds,
+ io_uring override_creds label=/bar,
+}
+
+/usr/bin/io_uring-test2 {
+ io_uring override_creds label=/bar,
+ io_uring override_creds,
+ io_uring sqpoll,
+ io_uring,
+
+}
diff --git a/parser/tst/simple_tests/io_uring/ok_io_uring_09.sd b/parser/tst/simple_tests/io_uring/ok_io_uring_09.sd
new file mode 100644
index 0000000000000000000000000000000000000000..723af25c75f5d81e6259fdcf17b98e140c6c9d34
--- /dev/null
+++ b/parser/tst/simple_tests/io_uring/ok_io_uring_09.sd
@@ -0,0 +1,11 @@
+#
+#=Description io_uring combined rules
+#=EXRESULT PASS
+#
+/usr/bin/io_uring-test {
+ io_uring,
+ io_uring (sqpoll, override_creds),
+ io_uring (sqpoll override_creds),
+ io_uring (sqpoll, override_creds) label=foo,
+ io_uring (sqpoll override_creds) label = /bar,
+}
diff --git a/parser/tst/simple_tests/io_uring/ok_io_uring_10.sd b/parser/tst/simple_tests/io_uring/ok_io_uring_10.sd
new file mode 100644
index 0000000000000000000000000000000000000000..5c00e65eb1e41b0dfe1d1f80a3d431e9c4755034
--- /dev/null
+++ b/parser/tst/simple_tests/io_uring/ok_io_uring_10.sd
@@ -0,0 +1,26 @@
+#
+#=Description basic io_uring mixed access w/modifiers rules
+#=EXRESULT PASS
+#
+/usr/bin/io_uring-test {
+ deny io_uring,
+ audit io_uring sqpoll,
+
+}
+
+/usr/bin/io_uring-test2 {
+ allow io_uring override_creds,
+ audit io_uring,
+
+}
+
+/usr/bin/io_uring-test3 {
+ audit deny io_uring override_creds,
+
+}
+
+/usr/bin/io_uring-test4 {
+ audit allow io_uring sqpoll,
+ deny io_uring sqpoll,
+
+}
diff --git a/parser/tst/simple_tests/mount/ok_opt_85.sd b/parser/tst/simple_tests/mount/ok_opt_85.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d9752248a213c2f32170a7596046acd85ec87041
--- /dev/null
+++ b/parser/tst/simple_tests/mount/ok_opt_85.sd
@@ -0,0 +1,9 @@
+#
+#=Description test globbed destination MR 1195
+#=EXRESULT PASS
+/usr/bin/foo {
+ mount options=(rw, make-slave) -> **,
+ mount options=(rw) foo -> **,
+ mount fstype=tmpfs options=(rw) foo -> **,
+ mount -> **,
+}
diff --git a/parser/tst/simple_tests/mount/ok_quoted_1.sd b/parser/tst/simple_tests/mount/ok_quoted_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c819caea3432eafcbd9f920217f6f2ade60a1711
--- /dev/null
+++ b/parser/tst/simple_tests/mount/ok_quoted_1.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic mount rules with quoted paths
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mount "" -> "/",
+ mount "" -> "/tmp/",
+ umount "/",
+}
diff --git a/parser/tst/simple_tests/mqueue/bad_01.sd b/parser/tst/simple_tests/mqueue/bad_01.sd
new file mode 100644
index 0000000000000000000000000000000000000000..6bad916877d8d2bdbae7f1e409f8f17d5ff2c7fd
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/bad_01.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION mqueue invalid label
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ mqueue label=,
+}
diff --git a/parser/tst/simple_tests/mqueue/bad_02.sd b/parser/tst/simple_tests/mqueue/bad_02.sd
new file mode 100644
index 0000000000000000000000000000000000000000..9645b63e99b51f3c1caccc12008a4fa5a2692d57
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/bad_02.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION mqueue invalid type
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ mqueue type=,
+}
diff --git a/parser/tst/simple_tests/mqueue/bad_03.sd b/parser/tst/simple_tests/mqueue/bad_03.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1fa98a1c464522c298c30085c886fc92013d6d5d
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/bad_03.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION mqueue invalid queuename for type sysv
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ mqueue type=sysv /queuename,
+}
diff --git a/parser/tst/simple_tests/mqueue/bad_04.sd b/parser/tst/simple_tests/mqueue/bad_04.sd
new file mode 100644
index 0000000000000000000000000000000000000000..7e4b24d7af859b844361ccfec2fbee664d2c2321
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/bad_04.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION mqueue invalid queuename for type posix
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ mqueue type=posix 1234,
+}
diff --git a/parser/tst/simple_tests/mqueue/bad_05.sd b/parser/tst/simple_tests/mqueue/bad_05.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c9156dc91cfdf26bd87b0fffba65d82021a49929
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/bad_05.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION mqueue invalid access name
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ mqueue invalidaccess /queuename,
+}
diff --git a/parser/tst/simple_tests/mqueue/bad_06.sd b/parser/tst/simple_tests/mqueue/bad_06.sd
new file mode 100644
index 0000000000000000000000000000000000000000..b586ece1f87dd9d5bc0fbbfa5f152164f4e5a635
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/bad_06.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION mqueue invalid type option - posix
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ mqueue type=posixfoo,
+}
diff --git a/parser/tst/simple_tests/mqueue/bad_07.sd b/parser/tst/simple_tests/mqueue/bad_07.sd
new file mode 100644
index 0000000000000000000000000000000000000000..60a73694a070f7f9daef1fff56713b89fc561bd7
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/bad_07.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION mqueue invalid type option - sysv
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ mqueue type=sysvfoo,
+}
diff --git a/parser/tst/simple_tests/mqueue/bad_08.sd b/parser/tst/simple_tests/mqueue/bad_08.sd
new file mode 100644
index 0000000000000000000000000000000000000000..44d6dbc625e9b20ff171c2e440c97405e7643980
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/bad_08.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION mqueue invalid type option
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ mqueue type=foo,
+}
diff --git a/parser/tst/simple_tests/mqueue/bad_09.sd b/parser/tst/simple_tests/mqueue/bad_09.sd
new file mode 100644
index 0000000000000000000000000000000000000000..eb3b6adfe277b4d8ccf8d8049a258531b928a6aa
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/bad_09.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION mqueue invalid queuename - does not start with /
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ mqueue foo,
+}
diff --git a/parser/tst/simple_tests/mqueue/bad_10.sd b/parser/tst/simple_tests/mqueue/bad_10.sd
new file mode 100644
index 0000000000000000000000000000000000000000..eb7efe47358e986c02938b728a1fc8bd97c121fb
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/bad_10.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION mqueue invalid queuename - not only numbers
+#=EXRESULT FAIL
+#
+
+/usr/bin/foo {
+ mqueue 1234foo,
+}
diff --git a/parser/tst/simple_tests/mqueue/bad_11.sd b/parser/tst/simple_tests/mqueue/bad_11.sd
new file mode 100644
index 0000000000000000000000000000000000000000..9205931c547ff98131c99ef256bec8e51860054e
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/bad_11.sd
@@ -0,0 +1,6 @@
+#
+#=DESCRIPTION mqueue rule outside of a profile
+#=EXRESULT FAIL
+#
+
+ mqueue,
diff --git a/parser/tst/simple_tests/mqueue/ok_01.sd b/parser/tst/simple_tests/mqueue/ok_01.sd
new file mode 100644
index 0000000000000000000000000000000000000000..826fcfce8d3d772c563204c5236fcc338ce5e3c7
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/ok_01.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION mqueue generic rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mqueue,
+}
diff --git a/parser/tst/simple_tests/mqueue/ok_02.sd b/parser/tst/simple_tests/mqueue/ok_02.sd
new file mode 100644
index 0000000000000000000000000000000000000000..7ba3820f8d010505dee150a0cbd1763ac74b1a14
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/ok_02.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION mqueue type option
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mqueue type=posix,
+ mqueue type=sysv,
+}
diff --git a/parser/tst/simple_tests/mqueue/ok_03.sd b/parser/tst/simple_tests/mqueue/ok_03.sd
new file mode 100644
index 0000000000000000000000000000000000000000..823f936ee94ec0054cd824e702454be8898c55d7
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/ok_03.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION mqueue label option
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mqueue label=bar,
+}
diff --git a/parser/tst/simple_tests/mqueue/ok_04.sd b/parser/tst/simple_tests/mqueue/ok_04.sd
new file mode 100644
index 0000000000000000000000000000000000000000..02033d5db98c617bf3cab8d032a6c473e9daa119
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/ok_04.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION mqueue valid sysv queue name
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mqueue 1234,
+}
diff --git a/parser/tst/simple_tests/mqueue/ok_05.sd b/parser/tst/simple_tests/mqueue/ok_05.sd
new file mode 100644
index 0000000000000000000000000000000000000000..6e9fd119f90c0c60452480c3e474a55ea328f189
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/ok_05.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION mqueue valid posix queue name
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mqueue /bar,
+}
diff --git a/parser/tst/simple_tests/mqueue/ok_06.sd b/parser/tst/simple_tests/mqueue/ok_06.sd
new file mode 100644
index 0000000000000000000000000000000000000000..12e09d0c7c244a8adf4cee5ac39dbaa60087cfb2
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/ok_06.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION mqueue valid sysv queue name with type
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mqueue type=sysv 1234,
+}
diff --git a/parser/tst/simple_tests/mqueue/ok_07.sd b/parser/tst/simple_tests/mqueue/ok_07.sd
new file mode 100644
index 0000000000000000000000000000000000000000..85c15812553265993041af229703ab780f693793
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/ok_07.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION mqueue valid posix queue name with type
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mqueue type=posix /bar,
+}
diff --git a/parser/tst/simple_tests/mqueue/ok_08.sd b/parser/tst/simple_tests/mqueue/ok_08.sd
new file mode 100644
index 0000000000000000000000000000000000000000..adead59e8317ea458880633107d18e69ac1b3bf2
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/ok_08.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION mqueue type and label defined
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mqueue type=posix label=bar,
+}
diff --git a/parser/tst/simple_tests/mqueue/ok_09.sd b/parser/tst/simple_tests/mqueue/ok_09.sd
new file mode 100644
index 0000000000000000000000000000000000000000..a1c5e4c483a3a4231c90fb1c8036862d1f20136e
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/ok_09.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION mqueue type, label and queue name defined
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mqueue type=posix label=bar /baz,
+}
diff --git a/parser/tst/simple_tests/mqueue/ok_10.sd b/parser/tst/simple_tests/mqueue/ok_10.sd
new file mode 100644
index 0000000000000000000000000000000000000000..6a204648932214deba5a3e32d15084be7f472aa0
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/ok_10.sd
@@ -0,0 +1,14 @@
+#
+#=DESCRIPTION mqueue valid access mode
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mqueue create,
+ mqueue (create, getattr, setattr),
+ mqueue (open delete),
+ mqueue (read write),
+ mqueue r,
+ mqueue w,
+ mqueue rw,
+ mqueue wr,
+}
diff --git a/parser/tst/simple_tests/mqueue/ok_11.sd b/parser/tst/simple_tests/mqueue/ok_11.sd
new file mode 100644
index 0000000000000000000000000000000000000000..373a7d0ba1c1d8be0d3151c8af7a452e6db4521d
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/ok_11.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION mqueue full valid rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mqueue (create, write) type=posix label=baz /bar,
+ mqueue (open, delete) type=sysv label=baz 1234,
+}
diff --git a/parser/tst/simple_tests/mqueue/ok_12.sd b/parser/tst/simple_tests/mqueue/ok_12.sd
new file mode 100644
index 0000000000000000000000000000000000000000..e38963c8445a0774340d9d0dc2ea9065bc962a0d
--- /dev/null
+++ b/parser/tst/simple_tests/mqueue/ok_12.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION mqueue misc rules
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ deny mqueue,
+ audit allow mqueue,
+ audit deny mqueue,
+ allow mqueue,
+}
diff --git a/parser/tst/simple_tests/namespaces/bad_userns_01.sd b/parser/tst/simple_tests/namespaces/bad_userns_01.sd
new file mode 100644
index 0000000000000000000000000000000000000000..e6be4beec41af97f1ceb166bf21d09ae72353c3e
--- /dev/null
+++ b/parser/tst/simple_tests/namespaces/bad_userns_01.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic userns invalid access
+#=EXRESULT FAIL
+#
+/usr/bin/userns-test {
+ userns read,
+
+}
+
diff --git a/parser/tst/simple_tests/namespaces/bad_userns_02.sd b/parser/tst/simple_tests/namespaces/bad_userns_02.sd
new file mode 100644
index 0000000000000000000000000000000000000000..bf37650cf5c1f06dbf909fa713be1567d30972a1
--- /dev/null
+++ b/parser/tst/simple_tests/namespaces/bad_userns_02.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic userns mixed invalid access
+#=EXRESULT FAIL
+#
+/usr/bin/userns-test {
+ userns (read create),
+
+}
+
diff --git a/parser/tst/simple_tests/namespaces/bad_userns_03.sd b/parser/tst/simple_tests/namespaces/bad_userns_03.sd
new file mode 100644
index 0000000000000000000000000000000000000000..8acca9ad8be2e8314087946a8d9ebf583dee4780
--- /dev/null
+++ b/parser/tst/simple_tests/namespaces/bad_userns_03.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic userns bad conditionals
+#=EXRESULT FAIL
+#
+/usr/bin/userns-test {
+ userns peer=foo,
+
+}
+
diff --git a/parser/tst/simple_tests/namespaces/bad_userns_outside_01.sd b/parser/tst/simple_tests/namespaces/bad_userns_outside_01.sd
new file mode 100644
index 0000000000000000000000000000000000000000..20a6feb4640c248728a2665504cf277461c0d7a2
--- /dev/null
+++ b/parser/tst/simple_tests/namespaces/bad_userns_outside_01.sd
@@ -0,0 +1,7 @@
+#
+#=Description userns rule outside of a profile
+#=EXRESULT FAIL
+#
+
+ userns,
+
diff --git a/parser/tst/simple_tests/namespaces/ok_userns_01.sd b/parser/tst/simple_tests/namespaces/ok_userns_01.sd
new file mode 100644
index 0000000000000000000000000000000000000000..edfcd72dcf1adea9631593f763ee2c5251b8f18c
--- /dev/null
+++ b/parser/tst/simple_tests/namespaces/ok_userns_01.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic userns all rule
+#=EXRESULT PASS
+#
+/usr/bin/userns-rule {
+ userns,
+
+}
+
diff --git a/parser/tst/simple_tests/namespaces/ok_userns_02.sd b/parser/tst/simple_tests/namespaces/ok_userns_02.sd
new file mode 100644
index 0000000000000000000000000000000000000000..69219c1cad2ab5fc3416e5f64b6c9747a8dc50c1
--- /dev/null
+++ b/parser/tst/simple_tests/namespaces/ok_userns_02.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic deny userns all rule
+#=EXRESULT PASS
+#
+/usr/bin/userns-rule {
+ deny userns,
+
+}
+
diff --git a/parser/tst/simple_tests/namespaces/ok_userns_03.sd b/parser/tst/simple_tests/namespaces/ok_userns_03.sd
new file mode 100644
index 0000000000000000000000000000000000000000..36ed7d1488191d905a2682a9970ea10bbc0b1b3e
--- /dev/null
+++ b/parser/tst/simple_tests/namespaces/ok_userns_03.sd
@@ -0,0 +1,10 @@
+#
+#=Description basic allow userns all rule
+#=EXRESULT PASS
+#
+/usr/bin/userns-rule {
+ allow userns,
+
+}
+
+
diff --git a/parser/tst/simple_tests/namespaces/ok_userns_04.sd b/parser/tst/simple_tests/namespaces/ok_userns_04.sd
new file mode 100644
index 0000000000000000000000000000000000000000..6ab7835f075b0ef078f4e08d0eb9cec1e3f21ec7
--- /dev/null
+++ b/parser/tst/simple_tests/namespaces/ok_userns_04.sd
@@ -0,0 +1,9 @@
+#
+#=Description basic audit userns all rule
+#=EXRESULT PASS
+#
+/usr/bin/userns-test {
+ audit userns,
+
+}
+
diff --git a/parser/tst/simple_tests/namespaces/ok_userns_05.sd b/parser/tst/simple_tests/namespaces/ok_userns_05.sd
new file mode 100644
index 0000000000000000000000000000000000000000..60d37548171061cca12b271a2e006d6e117f01cf
--- /dev/null
+++ b/parser/tst/simple_tests/namespaces/ok_userns_05.sd
@@ -0,0 +1,8 @@
+#
+#=Description basic userns create rule
+#=EXRESULT PASS
+#
+/usr/bin/userns-test {
+ userns create,
+
+}
diff --git a/parser/tst/simple_tests/namespaces/ok_userns_06.sd b/parser/tst/simple_tests/namespaces/ok_userns_06.sd
new file mode 100644
index 0000000000000000000000000000000000000000..3797bd72a0fd0cf5141d713656db0480b4b08083
--- /dev/null
+++ b/parser/tst/simple_tests/namespaces/ok_userns_06.sd
@@ -0,0 +1,14 @@
+#
+#=Description basic userns mixed rules
+#=EXRESULT PASS
+#
+/usr/bin/userns-test {
+ userns,
+ userns create,
+}
+
+/usr/bin/userns-test2 {
+ userns create,
+ userns,
+
+}
diff --git a/parser/tst/simple_tests/namespaces/ok_userns_07.sd b/parser/tst/simple_tests/namespaces/ok_userns_07.sd
new file mode 100644
index 0000000000000000000000000000000000000000..65bf7d07535f124a365f5ac9ac39828f9132e6b1
--- /dev/null
+++ b/parser/tst/simple_tests/namespaces/ok_userns_07.sd
@@ -0,0 +1,26 @@
+#
+#=Description basic userns mixed access w/modifiers rules
+#=EXRESULT PASS
+#
+/usr/bin/userns-test {
+ deny userns,
+ audit userns create,
+
+}
+
+/usr/bin/userns-test2 {
+ allow userns create,
+ audit userns,
+
+}
+
+/usr/bin/userns-test3 {
+ audit deny userns create,
+
+}
+
+/usr/bin/userns-test4 {
+ audit allow userns create,
+ deny userns create,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_10.sd b/parser/tst/simple_tests/network/network_bad_10.sd
new file mode 100644
index 0000000000000000000000000000000000000000..25de94b708d98f2f3952c26c0c7c26da33904f12
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_10.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip - port conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=127.0.0.1 port=test),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_11.sd b/parser/tst/simple_tests/network/network_bad_11.sd
new file mode 100644
index 0000000000000000000000000000000000000000..8fad9c9ab3d12a8e93541a34df0d2ba1dd4f67ae
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_11.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network port range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=127.0.0.1 port=65536),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_12.sd b/parser/tst/simple_tests/network/network_bad_12.sd
new file mode 100644
index 0000000000000000000000000000000000000000..514d115453d395394f777f98cda2df8595f9e5b0
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_12.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip - port conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=[invalid] port=80),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_13.sd b/parser/tst/simple_tests/network/network_bad_13.sd
new file mode 100644
index 0000000000000000000000000000000000000000..afa9ff7f6b43c676d43f9071ee39b900589ab75f
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_13.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip - port conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=::1 port=-1),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_14.sd b/parser/tst/simple_tests/network/network_bad_14.sd
new file mode 100644
index 0000000000000000000000000000000000000000..686f6f75243bbedcb5ca0181219ce24cfb7e0885
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_14.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip - port conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=::1 port=test),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_15.sd b/parser/tst/simple_tests/network/network_bad_15.sd
new file mode 100644
index 0000000000000000000000000000000000000000..8cfcadac26483b8fc98e720ee279943afa959fc7
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_15.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network port range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=::1 port=65536),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_16.sd b/parser/tst/simple_tests/network/network_bad_16.sd
new file mode 100644
index 0000000000000000000000000000000000000000..7406d710b94463a9e407f60cca66f090f2428f55
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_16.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network port range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(port=65536),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_17.sd b/parser/tst/simple_tests/network/network_bad_17.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c3bd5eb62b56deadbd9e5032576a2019a67ff51a
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_17.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network port range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(port=-1),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_18.sd b/parser/tst/simple_tests/network/network_bad_18.sd
new file mode 100644
index 0000000000000000000000000000000000000000..50d2eba6b56bddfc2e16ff43649c6ed6225fa2ca
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_18.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network port range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(port=test),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_19.sd b/parser/tst/simple_tests/network/network_bad_19.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d1ca755b9f02113473cb13a92d16399298a56928
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_19.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=192.168.0.39-192.168.0.4),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_20.sd b/parser/tst/simple_tests/network/network_bad_20.sd
new file mode 100644
index 0000000000000000000000000000000000000000..cce022de2fce7ef909def137ceed97c1bb1d8386
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_20.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=192.168.0.39-invalid),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_21.sd b/parser/tst/simple_tests/network/network_bad_21.sd
new file mode 100644
index 0000000000000000000000000000000000000000..626823d8425cee7914e935a2c413856fcf9a7af1
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_21.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=192.168.0.39-::58c2),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_22.sd b/parser/tst/simple_tests/network/network_bad_22.sd
new file mode 100644
index 0000000000000000000000000000000000000000..a33dd6e58a5902771fc849add7ed11053115ce0a
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_22.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=2001:1884:d02e:2759:d30:f166:71c9:288f-192.168.0.39),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_23.sd b/parser/tst/simple_tests/network/network_bad_23.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0888bd90d5393f5f2f79f459be7bc0e0d795a24d
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_23.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=80-192.168.0.39),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_24.sd b/parser/tst/simple_tests/network/network_bad_24.sd
new file mode 100644
index 0000000000000000000000000000000000000000..a934aefc536067599fe26706fe13a42760e1f48a
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_24.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(port=80-65536),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_25.sd b/parser/tst/simple_tests/network/network_bad_25.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0be92c741d1ae248bbcb0dc3e551b4a3a9ab8926
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_25.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(port=443-80),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_26.sd b/parser/tst/simple_tests/network/network_bad_26.sd
new file mode 100644
index 0000000000000000000000000000000000000000..514762e5951a3fe6bc00ff9a01b216ea779c90a1
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_26.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=invalid/80),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_27.sd b/parser/tst/simple_tests/network/network_bad_27.sd
new file mode 100644
index 0000000000000000000000000000000000000000..7d268d0980baf196933dc08a20d57a4bd8b84f24
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_27.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=192.168.0.1/-1),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_28.sd b/parser/tst/simple_tests/network/network_bad_28.sd
new file mode 100644
index 0000000000000000000000000000000000000000..df1b72c09a49686f53c40816eca1dc587820aae8
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_28.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=192.168.0.1/invalid),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_29.sd b/parser/tst/simple_tests/network/network_bad_29.sd
new file mode 100644
index 0000000000000000000000000000000000000000..bd73493ae1c24951cff75c2960d3db847dc0638b
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_29.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=192.168.0.1/33),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_30.sd b/parser/tst/simple_tests/network/network_bad_30.sd
new file mode 100644
index 0000000000000000000000000000000000000000..eadd6dcf839ed1025d824780c71a91041c0f2065
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_30.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=2001:1884:d02e:2759:d30:f166:71c9:288f/-1),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_31.sd b/parser/tst/simple_tests/network/network_bad_31.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4ed5df7eed02164247018fa61ce0f26dc25e9d69
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_31.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=2001:1884:d02e:2759:d30:f166:71c9:288f/invalid),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_32.sd b/parser/tst/simple_tests/network/network_bad_32.sd
new file mode 100644
index 0000000000000000000000000000000000000000..b7034ea5fc38fd1121e1bcdbaddf7250758e2922
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_32.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=2001:1884:d02e:2759:d30:f166:71c9:288f/129),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_33.sd b/parser/tst/simple_tests/network/network_bad_33.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4864ca48944f4f7ce0fda8b69f8c35f6a5c26ab4
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_33.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip - port conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=127.0.0.1 port=test,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_34.sd b/parser/tst/simple_tests/network/network_bad_34.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d9fe5196dd05f4e609c4f664265e0a1809341424
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_34.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip - port conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=127.0.0.1 port=test peer=(ip=127.0.0.1 port=test),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_35.sd b/parser/tst/simple_tests/network/network_bad_35.sd
new file mode 100644
index 0000000000000000000000000000000000000000..a668e997f26b17c0cea71e786f9ff0a3122973cb
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_35.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network port range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=127.0.0.1 port=65536,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_36.sd b/parser/tst/simple_tests/network/network_bad_36.sd
new file mode 100644
index 0000000000000000000000000000000000000000..762ee74ce7802e9bd32168f5d62a9369905b3929
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_36.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network port range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=127.0.0.1 port=65536 peer=(ip=127.0.0.1 port=65536),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_37.sd b/parser/tst/simple_tests/network/network_bad_37.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0cb92ce607c3e86649e7d62865cea146d387a007
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_37.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip - port conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=[invalid] port=80,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_38.sd b/parser/tst/simple_tests/network/network_bad_38.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4f9d34a226a5ab8eaddc50b38e4ae52ac5217aa3
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_38.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip - port conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=[invalid] port=80 peer=(ip=[invalid] port=80),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_39.sd b/parser/tst/simple_tests/network/network_bad_39.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d07d81690efc9c92c73d93647345f64ecf4fa6a3
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_39.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip - port conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=::1 port=-1,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_40.sd b/parser/tst/simple_tests/network/network_bad_40.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f08dce0f1fe5127becd4cb650c51bf1d74cb81ba
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_40.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip - port conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=::1 port=-1 peer=(ip=::1 port=-1),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_41.sd b/parser/tst/simple_tests/network/network_bad_41.sd
new file mode 100644
index 0000000000000000000000000000000000000000..ad798c0be94d8d2969ba6283aeb6c7cc21ba07e5
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_41.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip - port conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=::1 port=test,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_42.sd b/parser/tst/simple_tests/network/network_bad_42.sd
new file mode 100644
index 0000000000000000000000000000000000000000..5d74142b9cd2e6b51b7700a7c2da2eca251cff5b
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_42.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip - port conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=::1 port=test peer=(ip=::1 port=test),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_43.sd b/parser/tst/simple_tests/network/network_bad_43.sd
new file mode 100644
index 0000000000000000000000000000000000000000..25fd7f8a547cc08277481ad99b4772b74ccadc3d
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_43.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network port range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=::1 port=65536,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_44.sd b/parser/tst/simple_tests/network/network_bad_44.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c0b00a507ed2d12f6b3f98bda1a262f9c3d649ea
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_44.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network port range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=::1 port=65536 peer=(ip=::1 port=65536),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_45.sd b/parser/tst/simple_tests/network/network_bad_45.sd
new file mode 100644
index 0000000000000000000000000000000000000000..275c60a1333b8d7fc348a475296df3127b44e39d
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_45.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network port range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network port=65536,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_46.sd b/parser/tst/simple_tests/network/network_bad_46.sd
new file mode 100644
index 0000000000000000000000000000000000000000..a6ca1ac04bffcee41723801a1a4997a929578623
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_46.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network port range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network port=65536 peer=(port=65536),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_47.sd b/parser/tst/simple_tests/network/network_bad_47.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0c8298ce378d74f100fee07c4eac2a55fc3c6e90
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_47.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network port range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network port=-1,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_48.sd b/parser/tst/simple_tests/network/network_bad_48.sd
new file mode 100644
index 0000000000000000000000000000000000000000..2c2ee4b7e5a79e3e26a015bbd2e17134b0cf88be
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_48.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network port range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network port=-1 peer=(port=-1),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_49.sd b/parser/tst/simple_tests/network/network_bad_49.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c58740885eff0ccb49dc1650fb05881aa9f8bc5e
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_49.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network port range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network port=test,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_5.sd b/parser/tst/simple_tests/network/network_bad_5.sd
new file mode 100644
index 0000000000000000000000000000000000000000..b448c8a8cad796c6b7a006c8b52e3a3ca46294f3
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_5.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=10,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_50.sd b/parser/tst/simple_tests/network/network_bad_50.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f4feb025d92c3458f4e1505372d6652857e2c9a3
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_50.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network port range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network port=test peer=(port=test),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_51.sd b/parser/tst/simple_tests/network/network_bad_51.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f8296feb0e0c60a04f0f301b6eda040b448d359e
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_51.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=192.168.0.39-192.168.0.4,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_52.sd b/parser/tst/simple_tests/network/network_bad_52.sd
new file mode 100644
index 0000000000000000000000000000000000000000..5bb7369b1a372a9054f5fda980d3f5f9d400a986
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_52.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=192.168.0.39-192.168.0.4 peer=(ip=192.168.0.39-192.168.0.4),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_53.sd b/parser/tst/simple_tests/network/network_bad_53.sd
new file mode 100644
index 0000000000000000000000000000000000000000..e3414876744a51c0d72a6dd60b835e8d77df70d1
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_53.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=192.168.0.39-invalid,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_54.sd b/parser/tst/simple_tests/network/network_bad_54.sd
new file mode 100644
index 0000000000000000000000000000000000000000..41183ea6aa3a859f8a983ccf4aa9c17a788883df
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_54.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=192.168.0.39-invalid peer=(ip=192.168.0.39-invalid),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_55.sd b/parser/tst/simple_tests/network/network_bad_55.sd
new file mode 100644
index 0000000000000000000000000000000000000000..41875927d38cc7c0fce571d3937c4a417458b191
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_55.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=192.168.0.39-::58c2,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_56.sd b/parser/tst/simple_tests/network/network_bad_56.sd
new file mode 100644
index 0000000000000000000000000000000000000000..fb2b916c839563afa7d8d08a3c0ae7da16a3c349
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_56.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=192.168.0.39-::58c2 peer=(ip=192.168.0.39-::58c2),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_57.sd b/parser/tst/simple_tests/network/network_bad_57.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4ac611bf3679d0138b6123d87d309ab6440b7a1c
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_57.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=2001:1884:d02e:2759:d30:f166:71c9:288f-192.168.0.39,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_58.sd b/parser/tst/simple_tests/network/network_bad_58.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1dbe1abd91f9807accf7b2c310a0b2a75becce4f
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_58.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=2001:1884:d02e:2759:d30:f166:71c9:288f-192.168.0.39 peer=(ip=2001:1884:d02e:2759:d30:f166:71c9:288f-192.168.0.39),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_59.sd b/parser/tst/simple_tests/network/network_bad_59.sd
new file mode 100644
index 0000000000000000000000000000000000000000..69e5ad00216509446d32d0f90c033f1f2d5b456a
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_59.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=80-192.168.0.39,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_6.sd b/parser/tst/simple_tests/network/network_bad_6.sd
new file mode 100644
index 0000000000000000000000000000000000000000..6fc73d6006ca000c98ce9753edb8d5989a6cbead
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_6.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=10.2,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_60.sd b/parser/tst/simple_tests/network/network_bad_60.sd
new file mode 100644
index 0000000000000000000000000000000000000000..e3d23abd298cfc1f4a21436c2b764a017f70db39
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_60.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=80-192.168.0.39 peer=(ip=80-192.168.0.39),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_61.sd b/parser/tst/simple_tests/network/network_bad_61.sd
new file mode 100644
index 0000000000000000000000000000000000000000..43a413a7141611044219fa490b370f5b2d64fb6d
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_61.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network port=80-65536,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_62.sd b/parser/tst/simple_tests/network/network_bad_62.sd
new file mode 100644
index 0000000000000000000000000000000000000000..db2d9d68cc2332628e776722dedca14b42afe3bd
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_62.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network port=80-65536 peer=(port=80-65536),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_63.sd b/parser/tst/simple_tests/network/network_bad_63.sd
new file mode 100644
index 0000000000000000000000000000000000000000..39c849e1b9cee6d6c3b0710e84825d3f36f39d82
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_63.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network port=443-80,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_64.sd b/parser/tst/simple_tests/network/network_bad_64.sd
new file mode 100644
index 0000000000000000000000000000000000000000..247ef9ea2b95124c9cd92ddfadcd5c5658be7d72
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_64.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network range test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network port=443-80 peer=(port=443-80),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_65.sd b/parser/tst/simple_tests/network/network_bad_65.sd
new file mode 100644
index 0000000000000000000000000000000000000000..b73a6afe57fe0c08894ef429dd7d32a20e4010dd
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_65.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=invalid/80,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_66.sd b/parser/tst/simple_tests/network/network_bad_66.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f5ad51a209113f2f860d99e6be96a05112a53e7e
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_66.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=invalid/80 peer=(ip=invalid/80),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_67.sd b/parser/tst/simple_tests/network/network_bad_67.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1f69dff1c530d2dec40ae729a0b730db4a07e275
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_67.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=192.168.0.1/-1,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_68.sd b/parser/tst/simple_tests/network/network_bad_68.sd
new file mode 100644
index 0000000000000000000000000000000000000000..788891cb2069e62eb8d4bbef610c1a174e6acc5c
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_68.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=192.168.0.1/-1 peer=(ip=192.168.0.1/-1),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_69.sd b/parser/tst/simple_tests/network/network_bad_69.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1b71b853323f6fc3332a65a340084d44df0d06bb
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_69.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=192.168.0.1/invalid,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_7.sd b/parser/tst/simple_tests/network/network_bad_7.sd
new file mode 100644
index 0000000000000000000000000000000000000000..ff4a138268d45e593505f05960f6d21edfba1cc4
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_7.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=test,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_70.sd b/parser/tst/simple_tests/network/network_bad_70.sd
new file mode 100644
index 0000000000000000000000000000000000000000..8190fa21ac03853889556684212aa21ed7171334
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_70.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=192.168.0.1/invalid peer=(ip=192.168.0.1/invalid),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_71.sd b/parser/tst/simple_tests/network/network_bad_71.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d8db428c79d6867cd3c8fdc5324c3cbd09dfc69a
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_71.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=192.168.0.1/33,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_72.sd b/parser/tst/simple_tests/network/network_bad_72.sd
new file mode 100644
index 0000000000000000000000000000000000000000..687527e7a2376f761547189f0904d57c200a694e
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_72.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=192.168.0.1/33 peer=(ip=192.168.0.1/33),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_73.sd b/parser/tst/simple_tests/network/network_bad_73.sd
new file mode 100644
index 0000000000000000000000000000000000000000..9750874b977d8d9d359af5b3889da8f7924f08bf
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_73.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=2001:1884:d02e:2759:d30:f166:71c9:288f/-1,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_74.sd b/parser/tst/simple_tests/network/network_bad_74.sd
new file mode 100644
index 0000000000000000000000000000000000000000..ef31eb55a3012f9c0850a3f3acdb3c12a4c1b3be
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_74.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=2001:1884:d02e:2759:d30:f166:71c9:288f/-1 peer=(ip=2001:1884:d02e:2759:d30:f166:71c9:288f/-1),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_75.sd b/parser/tst/simple_tests/network/network_bad_75.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1a796b57eeb3a1bf55dc4718ef36920f147b286c
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_75.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=2001:1884:d02e:2759:d30:f166:71c9:288f/invalid,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_76.sd b/parser/tst/simple_tests/network/network_bad_76.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d14e8a1e4b04b91bea1a19bfa31e2c465dbe905b
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_76.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=2001:1884:d02e:2759:d30:f166:71c9:288f/invalid peer=(ip=2001:1884:d02e:2759:d30:f166:71c9:288f/invalid),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_77.sd b/parser/tst/simple_tests/network/network_bad_77.sd
new file mode 100644
index 0000000000000000000000000000000000000000..e708ee53d93f766fac708ad22abd57d1171c74e9
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_77.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=2001:1884:d02e:2759:d30:f166:71c9:288f/129,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_78.sd b/parser/tst/simple_tests/network/network_bad_78.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d9a76c863d3ddc29ea9414bf2dd03d9c1405ae57
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_78.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network subnet test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=2001:1884:d02e:2759:d30:f166:71c9:288f/129 peer=(ip=2001:1884:d02e:2759:d30:f166:71c9:288f/129),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_79.sd b/parser/tst/simple_tests/network/network_bad_79.sd
new file mode 100644
index 0000000000000000000000000000000000000000..36949d26b4f46791d8d4bbe748d20090bc759f3d
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_79.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=-1,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_8.sd b/parser/tst/simple_tests/network/network_bad_8.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f772cb25c5d5e2a0237fabda975c4533659b8ed2
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_8.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=-1),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_80.sd b/parser/tst/simple_tests/network/network_bad_80.sd
new file mode 100644
index 0000000000000000000000000000000000000000..5b35fad8ff6b36bfaa1fb381e35e0712528c47d1
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_80.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=-1 peer=(ip=-1),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_81.sd b/parser/tst/simple_tests/network/network_bad_81.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0ec4b0b6cc05301fbf6b00abf780531af17e42c1
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_81.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip - port conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=127.0.0.1 port=-1,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_82.sd b/parser/tst/simple_tests/network/network_bad_82.sd
new file mode 100644
index 0000000000000000000000000000000000000000..41dbc9dde4027130cf134e24467e17159ba9a504
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_82.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip - port conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network ip=127.0.0.1 port=-1 peer=(ip=127.0.0.1 port=-1),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_83.sd b/parser/tst/simple_tests/network/network_bad_83.sd
new file mode 100644
index 0000000000000000000000000000000000000000..dd2e1acd36e922a9c1d3a555892385f9a5e24693
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_83.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid family for inet conditionals
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network unix ip=127.0.0.1 port=1234 peer=(ip=127.0.0.1 port=1234),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_84.sd b/parser/tst/simple_tests/network/network_bad_84.sd
new file mode 100644
index 0000000000000000000000000000000000000000..97ca0ce1ae49c53fa31582855450c7fede3e8467
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_84.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid family for inet conditionals
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network netlink ip=127.0.0.1,
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_85.sd b/parser/tst/simple_tests/network/network_bad_85.sd
new file mode 100644
index 0000000000000000000000000000000000000000..ccb326affeba96f008bb85442395180e0ddfa418
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_85.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid family for inet conditionals
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network packet peer=(port=1234),
+
+}
diff --git a/parser/tst/simple_tests/network/network_bad_9.sd b/parser/tst/simple_tests/network/network_bad_9.sd
new file mode 100644
index 0000000000000000000000000000000000000000..61f302a6fbbb8baa307faa9c14c8976b174aef43
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_bad_9.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION invalid network ip - port conditional test
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+ network peer=(ip=127.0.0.1 port=-1),
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_10.sd b/parser/tst/simple_tests/network/network_ok_10.sd
new file mode 100644
index 0000000000000000000000000000000000000000..709e58f232446f7293ae01564bd807f48b07b989
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_10.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION network ipv4 - port conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network peer=(ip=127.0.0.1 port=8080),
+ network peer=(ip=127.0.0.1 port=0),
+ network peer=(ip=127.0.0.1 port=65535),
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_11.sd b/parser/tst/simple_tests/network/network_ok_11.sd
new file mode 100644
index 0000000000000000000000000000000000000000..b66d61a78ae39037ec24f6535b9c34d917f9bc20
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_11.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION network ipv6 conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network peer=(ip=2001:1254:f12e:2059:5f78:28f5:5cf5:9b73),
+ network peer=(ip=fe80::fc54:ff:fece:e21f),
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_12.sd b/parser/tst/simple_tests/network/network_ok_12.sd
new file mode 100644
index 0000000000000000000000000000000000000000..b7e2c465622de1c3a129f69e59e1155eed89acd6
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_12.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION network ipv6 conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network inet peer=(ip=fe80::fc54:ff:fece:e21f),
+ network inet tcp peer=(ip=fe80::fc54:ff:fece:e21f),
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_13.sd b/parser/tst/simple_tests/network/network_ok_13.sd
new file mode 100644
index 0000000000000000000000000000000000000000..e6a3e357a2317595f5f4ea3995dd3e1d8cf2d592
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_13.sd
@@ -0,0 +1,13 @@
+#
+#=DESCRIPTION network ipv6 - port conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network peer=(ip=::1 port=8080),
+ network peer=(ip=0000:0000:0000:0000:0000:0000:0000:0001 port=8080),
+ network peer=(ip=::1 port=0),
+ network peer=(ip=0000:0000:0000:0000:0000:0000:0000:0001 port=0),
+ network peer=(ip=::1 port=65535),
+ network peer=(ip=0000:0000:0000:0000:0000:0000:0000:0001 port=65535),
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_14.sd b/parser/tst/simple_tests/network/network_ok_14.sd
new file mode 100644
index 0000000000000000000000000000000000000000..8fcb3aa181f0d8b358dc630f135c5b17e0c92e6b
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_14.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION network port conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network peer=(port=0),
+ network peer=(port=65535),
+ network peer=(port=443),
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_17.sd b/parser/tst/simple_tests/network/network_ok_17.sd
new file mode 100644
index 0000000000000000000000000000000000000000..59755e47d276ee6a92bb1b26075708c3510cc0a7
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_17.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION network port range conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network peer=(port=22-443),
+ network port=22-443,
+ network port=22-443 peer=(port=1-100),
+ network ip=127.0.0.1 port=3456-3457,
+ network ip=127.0.0.1 port=3456-3457 peer=(ip=127.0.0.2 port=8765-8770),
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_20.sd b/parser/tst/simple_tests/network/network_ok_20.sd
new file mode 100644
index 0000000000000000000000000000000000000000..fe262005562eb2ffb80668dafb7460f42a0e92f0
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_20.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION network ipv4 - port conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network ip=127.0.0.1 port=8080,
+ network ip=127.0.0.1 port=0,
+ network ip=127.0.0.1 port=65535,
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_21.sd b/parser/tst/simple_tests/network/network_ok_21.sd
new file mode 100644
index 0000000000000000000000000000000000000000..3e81653e1caa0437022a3def92d7bf7958884297
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_21.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION network ipv4 - port conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network ip=127.0.0.1 port=8080 peer=(ip=127.0.0.1 port=8080),
+ network ip=127.0.0.1 port=0 peer=(ip=127.0.0.1 port=0),
+ network ip=127.0.0.1 port=65535 peer=(ip=127.0.0.1 port=65535),
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_22.sd b/parser/tst/simple_tests/network/network_ok_22.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c5ff3c59a4d1a4e2bedc70014820fbe6fa712881
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_22.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION network ipv6 conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network ip=2001:1254:f12e:2059:5f78:28f5:5cf5:9b73,
+ network ip=fe80::fc54:ff:fece:e21f,
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_23.sd b/parser/tst/simple_tests/network/network_ok_23.sd
new file mode 100644
index 0000000000000000000000000000000000000000..bde609430bf68ddee1c3450c0a0f82140c743e96
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_23.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION network ipv6 conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network ip=2001:1254:f12e:2059:5f78:28f5:5cf5:9b73 peer=(ip=2001:1254:f12e:2059:5f78:28f5:5cf5:9b73),
+ network ip=fe80::fc54:ff:fece:e21f peer=(ip=fe80::fc54:ff:fece:e21f),
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_24.sd b/parser/tst/simple_tests/network/network_ok_24.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1c579170037abdf5099ec61c1fb23340da7be59c
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_24.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION network ipv6 conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network inet ip=fe80::fc54:ff:fece:e21f,
+ network inet tcp ip=fe80::fc54:ff:fece:e21f,
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_25.sd b/parser/tst/simple_tests/network/network_ok_25.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d313dd7b3f4681ceec0503e30c9f2984a4ec5acb
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_25.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION network ipv6 conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network inet ip=fe80::fc54:ff:fece:e21f peer=(ip=fe80::fc54:ff:fece:e21f),
+ network inet tcp ip=fe80::fc54:ff:fece:e21f peer=(ip=fe80::fc54:ff:fece:e21f),
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_26.sd b/parser/tst/simple_tests/network/network_ok_26.sd
new file mode 100644
index 0000000000000000000000000000000000000000..6698f590c130ab63a5fdcbe4ab040ce85e570219
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_26.sd
@@ -0,0 +1,13 @@
+#
+#=DESCRIPTION network ipv6 - port conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network ip=::1 port=8080,
+ network ip=0000:0000:0000:0000:0000:0000:0000:0001 port=8080,
+ network ip=::1 port=0,
+ network ip=0000:0000:0000:0000:0000:0000:0000:0001 port=0,
+ network ip=::1 port=65535,
+ network ip=0000:0000:0000:0000:0000:0000:0000:0001 port=65535,
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_27.sd b/parser/tst/simple_tests/network/network_ok_27.sd
new file mode 100644
index 0000000000000000000000000000000000000000..7ccef0847b0567aa38fe2f1393096315b87157f0
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_27.sd
@@ -0,0 +1,13 @@
+#
+#=DESCRIPTION network ipv6 - port conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network ip=::1 port=8080 peer=(ip=::1 port=8080),
+ network ip=0000:0000:0000:0000:0000:0000:0000:0001 port=8080 peer=(ip=0000:0000:0000:0000:0000:0000:0000:0001 port=8080),
+ network ip=::1 port=0 peer=(ip=::1 port=0),
+ network ip=0000:0000:0000:0000:0000:0000:0000:0001 port=0 peer=(ip=0000:0000:0000:0000:0000:0000:0000:0001 port=0),
+ network ip=::1 port=65535 peer=(ip=::1 port=65535),
+ network ip=0000:0000:0000:0000:0000:0000:0000:0001 port=65535 peer=(ip=0000:0000:0000:0000:0000:0000:0000:0001 port=65535),
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_28.sd b/parser/tst/simple_tests/network/network_ok_28.sd
new file mode 100644
index 0000000000000000000000000000000000000000..dd3fc3dde90bc08120824d2fece267e5e95b7a60
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_28.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION network port conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network port=0,
+ network port=65535,
+ network port=443,
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_29.sd b/parser/tst/simple_tests/network/network_ok_29.sd
new file mode 100644
index 0000000000000000000000000000000000000000..07a965caf9a37944e80330aff8aebf0621880e9f
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_29.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION network port conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network port=0 peer=(port=0),
+ network port=65535 peer=(port=65535),
+ network port=443 peer=(port=443),
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_40.sd b/parser/tst/simple_tests/network/network_ok_40.sd
new file mode 100644
index 0000000000000000000000000000000000000000..7f904384ec0dc809120403cee340594d996e6b26
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_40.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION network ipv4 conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network ip=10.0.2.1,
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_41.sd b/parser/tst/simple_tests/network/network_ok_41.sd
new file mode 100644
index 0000000000000000000000000000000000000000..adb3dbc0366ac4606c39fc71cdb5d5e1795e642a
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_41.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION network ipv4 conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network ip=10.0.2.1 peer=(ip=10.0.2.1),
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_42.sd b/parser/tst/simple_tests/network/network_ok_42.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c877e17105fc95324d62f7248555937b2997f688
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_42.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION network ipv4 conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network inet ip=10.0.2.1,
+ network inet tcp ip=192.168.2.254,
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_43.sd b/parser/tst/simple_tests/network/network_ok_43.sd
new file mode 100644
index 0000000000000000000000000000000000000000..81d31a9bea7e6639a8bd8dd6f961618c4eb9189d
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_43.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION network ipv4 conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network inet ip=10.0.2.1 peer=(ip=10.0.2.1),
+ network inet tcp ip=192.168.2.254 peer=(ip=192.168.2.254),
+ network stream ip=192.168.2.254 peer=(ip=192.168.2.254),
+ network raw ip=10.0.2.1 peer=(ip=10.0.2.1),
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_44.sd b/parser/tst/simple_tests/network/network_ok_44.sd
new file mode 100644
index 0000000000000000000000000000000000000000..91dfb961e17f3e7b384b599b63040d2848c0bb86
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_44.sd
@@ -0,0 +1,11 @@
+#
+#=DESCRIPTION network none ip conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network ip=none,
+ network peer=(ip=none),
+ network inet ip=none peer=(ip=none),
+ network inet tcp ip=none peer=(ip=none),
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_8.sd b/parser/tst/simple_tests/network/network_ok_8.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0a069536c8fda60327fc64222cc15ae10e1c1ddf
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_8.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION network ipv4 conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network peer=(ip=10.0.2.1),
+
+}
diff --git a/parser/tst/simple_tests/network/network_ok_9.sd b/parser/tst/simple_tests/network/network_ok_9.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c1390673789ed77871ce1d66aee01a2a400ca310
--- /dev/null
+++ b/parser/tst/simple_tests/network/network_ok_9.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION network ipv4 conditional test
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ network inet peer=(ip=10.0.2.1),
+ network inet tcp peer=(ip=192.168.2.254),
+
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_attr_1.sd b/parser/tst/simple_tests/network/perms/bad_attr_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..de891c643c44ce86e9c3d1393db79a41656b1d6e
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_attr_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network getattr w/peer modifier
+#=EXRESULT FAIL
+
+profile a_profile {
+ network getattr peer=(ip=127.0.0.1),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_attr_2.sd b/parser/tst/simple_tests/network/perms/bad_attr_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..b7e1f4020ba2c033c4b90240319d4c0ff7864be9
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_attr_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network getattr acceptance test
+#=EXRESULT FAIL
+
+profile a_profile {
+ network (getattr) peer=(port=1234),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_attr_3.sd b/parser/tst/simple_tests/network/perms/bad_attr_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..5e2a08d2132713a43f8ea5395aeb7e1a0cc20163
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_attr_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network setattr w/peer test
+#=EXRESULT FAIL
+
+profile a_profile {
+ network setattr peer=(port=1234),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_attr_4.sd b/parser/tst/simple_tests/network/perms/bad_attr_4.sd
new file mode 100644
index 0000000000000000000000000000000000000000..401c0f861ec8e074ed246c7d9a58cc4bbdff8d22
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_attr_4.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network setattr w/peer ip test
+#=EXRESULT FAIL
+
+profile a_profile {
+ network (setattr) peer=(ip=127.0.0.1),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_attr_5.sd b/parser/tst/simple_tests/network/perms/bad_attr_5.sd
new file mode 100644
index 0000000000000000000000000000000000000000..be3fc2a278ab56ebd9d7493c2989afb80020f80c
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_attr_5.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network getattr w/peer modifier
+#=EXRESULT FAIL
+
+profile a_profile {
+ network getattr peer=(ip=::1),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_bind_1.sd b/parser/tst/simple_tests/network/perms/bad_bind_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..bfc3b78ff8247194e0134b48918dba5fd791a1c1
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_bind_1.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION network bind with non-bind member modifier
+#=EXRESULT FAIL
+#
+
+profile foo {
+ network bind peer=(ip=127.0.0.1),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_bind_2.sd b/parser/tst/simple_tests/network/perms/bad_bind_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..07319f34702821c10efb513a01139b2dc8593bbb
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_bind_2.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION network bind with non-bind interface modifier
+#=EXRESULT FAIL
+#
+
+profile foo {
+ network bind peer=(port=1234),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_create_1.sd b/parser/tst/simple_tests/network/perms/bad_create_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c0b20053ddbab06825d104c37cc831d8da260a1a
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_create_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network create w/peer acceptance test
+#=EXRESULT FAIL
+
+profile a_profile {
+ network create peer=(port=1234),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_create_2.sd b/parser/tst/simple_tests/network/perms/bad_create_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..9e31dd8bf74bf5556a169a1e72f1088e43c599cd
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_create_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network create acceptance test
+#=EXRESULT FAIL
+
+profile a_profile {
+ network (create) peer=(ip=::1),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_listen_1.sd b/parser/tst/simple_tests/network/perms/bad_listen_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..6c9dad65854f3b521301d63fa952758c9a770f63
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_listen_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network listen w/peer test
+#=EXRESULT FAIL
+
+profile a_profile {
+ network listen peer=(port=1234),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_listen_2.sd b/parser/tst/simple_tests/network/perms/bad_listen_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..18b190683a222d9690080b1083ad58584fc7db26
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_listen_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network listen w/peer test
+#=EXRESULT FAIL
+
+profile a_profile {
+ network (listen) peer=(ip=127.0.0.1),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_modifier_1.sd b/parser/tst/simple_tests/network/perms/bad_modifier_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d6740344f2f25450ef2766a340a99bb5cd12a9c4
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_modifier_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION network entry with a bad modifier
+#=EXRESULT FAIL
+
+profile foo {
+ network send type=dgram modifier=foo,
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_modifier_2.sd b/parser/tst/simple_tests/network/perms/bad_modifier_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f2418454afc3514fcfb0ecab221413b66ff3a12f
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_modifier_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION network entry with a repeated modifier
+#=EXRESULT FAIL
+
+profile foo {
+ network send ip=127.0.0.1 ip=::1,
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_modifier_3.sd b/parser/tst/simple_tests/network/perms/bad_modifier_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f6dd13b392f9f33ab1f9063788b8bb4e9e85ca20
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_modifier_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION network entry with a bad 'in' keyword
+#=EXRESULT FAIL
+
+profile foo {
+ network send ip in (127.0.0.1, ::1),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_opt_1.sd b/parser/tst/simple_tests/network/perms/bad_opt_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c04d26ebce322556b5c9843cc41237c719b62156
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_opt_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network getopt w/peer ip test
+#=EXRESULT FAIL
+
+profile a_profile {
+ network getopt peer=(ip=127.0.0.1),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_opt_2.sd b/parser/tst/simple_tests/network/perms/bad_opt_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..7f146ec8e99cb843a0d044c6a18efbcf427edde4
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_opt_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network getopt w/peer label test
+#=EXRESULT FAIL
+
+profile a_profile {
+ network (getopt) peer=(port=1234),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_opt_3.sd b/parser/tst/simple_tests/network/perms/bad_opt_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..b73bbf8d6b47d5f4376efe1f896b3351a62e99c5
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_opt_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network setopt w/peer ip test
+#=EXRESULT FAIL
+
+profile a_profile {
+ network setopt peer=(ip=::1),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_opt_4.sd b/parser/tst/simple_tests/network/perms/bad_opt_4.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4eb629b4cd37f7e7848f6f0c52f89ed8c315e89b
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_opt_4.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network setopt w/peer label test
+#=EXRESULT FAIL
+
+profile a_profile {
+ network (setopt) peer=(port=1234),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_opt_5.sd b/parser/tst/simple_tests/network/perms/bad_opt_5.sd
new file mode 100644
index 0000000000000000000000000000000000000000..e8c4f1fd1afd926acf71bac19b9f1f691191f59e
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_opt_5.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network getopt w/peer ip test
+#=EXRESULT FAIL
+
+profile a_profile {
+ network getopt peer=(ip=::1),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_outside_1.sd b/parser/tst/simple_tests/network/perms/bad_outside_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..25b247a584f8b81acc061f6ebfe6c9ba8a76ac5f
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_outside_1.sd
@@ -0,0 +1,5 @@
+#
+#=DESCRIPTION network accept rule outside of a profile
+#=EXRESULT FAIL
+
+ network accept,
diff --git a/parser/tst/simple_tests/network/perms/bad_peer_1.sd b/parser/tst/simple_tests/network/perms/bad_peer_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..98fde2dbb087ed8cf6d72fa0543756d48c435f3d
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_peer_1.sd
@@ -0,0 +1,8 @@
+#
+#=Description network rule with bad 'peer'
+#=EXRESULT FAIL
+#
+
+profile foo {
+ network send peer(ip=wat),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_peer_2.sd b/parser/tst/simple_tests/network/perms/bad_peer_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4db6a8f67001174a614cc0a23b71d92056b8716a
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_peer_2.sd
@@ -0,0 +1,8 @@
+#
+#=Description network rule with bad 'peer'
+#=EXRESULT FAIL
+#
+
+profile foo {
+ network send peer(port=auto),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_shutdown_1.sd b/parser/tst/simple_tests/network/perms/bad_shutdown_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..eeffe5a6afcc0212f64b6a183b129ff5c7c49b2b
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_shutdown_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network shutdown w/peer test
+#=EXRESULT FAIL
+
+profile a_profile {
+ network shutdown peer=(ip=127.0.0.1),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_shutdown_2.sd b/parser/tst/simple_tests/network/perms/bad_shutdown_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4d3168bd34df31dfe8cafc2238b746b2e63d5fe3
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_shutdown_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network shutdown acceptance test
+#=EXRESULT FAIL
+
+profile a_profile {
+ network (shutdown) peer=(port=1234),
+}
diff --git a/parser/tst/simple_tests/network/perms/bad_shutdown_3.sd b/parser/tst/simple_tests/network/perms/bad_shutdown_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..16886dfe0c179bb3cdc0902aa789b8c84d457554
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/bad_shutdown_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network shutdown w/peer test
+#=EXRESULT FAIL
+
+profile a_profile {
+ network shutdown peer=(ip=::1),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_accept_1.sd b/parser/tst/simple_tests/network/perms/ok_accept_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0978100a1ac38b676481ab64d8c5f1ab615a0ea6
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_accept_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network accept acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network accept,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_accept_2.sd b/parser/tst/simple_tests/network/perms/ok_accept_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0a67e8c5db20a5f8b443aefe34c05dd3a38f92b7
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_accept_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network accept acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (accept),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_attr_1.sd b/parser/tst/simple_tests/network/perms/ok_attr_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..388ee9eb6f1ea60a178ef97853f77247b59334be
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_attr_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network getattr acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network getattr,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_attr_2.sd b/parser/tst/simple_tests/network/perms/ok_attr_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..42b154ac2b75849d9909eb97eb48e5ea36545726
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_attr_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network getattr acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (getattr),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_attr_3.sd b/parser/tst/simple_tests/network/perms/ok_attr_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..67c8a00292834ed8896680ac51755c1da0beefc6
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_attr_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network setattr acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network setattr,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_attr_4.sd b/parser/tst/simple_tests/network/perms/ok_attr_4.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0146d884133467d1a47f1aea3ccce2e617ec4eb1
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_attr_4.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network setattr acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (setattr),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_attr_5.sd b/parser/tst/simple_tests/network/perms/ok_attr_5.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c2740a3af28ff63717243d41192564ecee89b4a8
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_attr_5.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network getattr w/ip acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network getattr ip=127.0.0.1,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_attr_6.sd b/parser/tst/simple_tests/network/perms/ok_attr_6.sd
new file mode 100644
index 0000000000000000000000000000000000000000..31d7d47e5de3d5782e853e7bfdd303e30c84ab01
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_attr_6.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network setattr w/ip acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network setattr ip=127.0.0.1,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_attr_7.sd b/parser/tst/simple_tests/network/perms/ok_attr_7.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1c4aa8ce028199a50f9aeb594d7b6fdf2ba6398a
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_attr_7.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network getattr w/ip acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network getattr ip=::1,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_attr_8.sd b/parser/tst/simple_tests/network/perms/ok_attr_8.sd
new file mode 100644
index 0000000000000000000000000000000000000000..9c30dea2b3d1d4058fe587da2105fec6007c7f29
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_attr_8.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network setattr w/ip acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network setattr ip=::1,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_bind_1.sd b/parser/tst/simple_tests/network/perms/ok_bind_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..02f8621369816307a444c361b816276648b1596a
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_bind_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network bind acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network bind,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_bind_2.sd b/parser/tst/simple_tests/network/perms/ok_bind_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c0a33f53f1d6c65ced7c8301f0dd366eea70baa2
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_bind_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network bind acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (bind),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_connect_1.sd b/parser/tst/simple_tests/network/perms/ok_connect_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..ca30f0895bd42d61e83fb1d51307c767778d5a19
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_connect_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network connect acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network connect,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_connect_2.sd b/parser/tst/simple_tests/network/perms/ok_connect_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..3045910af9276b91a53398a1ee8b2f0d4a5ec27e
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_connect_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network connect acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (connect),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_create_1.sd b/parser/tst/simple_tests/network/perms/ok_create_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..b60d481632f71315670891b4474d55752aa9c112
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_create_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network create acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network create,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_create_2.sd b/parser/tst/simple_tests/network/perms/ok_create_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..07868cc14610129fd2ae12a639bb9965a40f0893
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_create_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network create acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (create),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_create_3.sd b/parser/tst/simple_tests/network/perms/ok_create_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..da0ad75b3fc293f8f4dbc456577db133805e73b7
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_create_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network create w/ip acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network create ip=127.0.0.1,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_create_4.sd b/parser/tst/simple_tests/network/perms/ok_create_4.sd
new file mode 100644
index 0000000000000000000000000000000000000000..7acbedde185de7287dfff428f011e24c3286ee02
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_create_4.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network create w/ip acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network create ip=::1,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_listen_1.sd b/parser/tst/simple_tests/network/perms/ok_listen_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..5737faa652c12adaffd4b4bf95f220f7dc6dadfa
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_listen_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network listen acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network listen,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_listen_2.sd b/parser/tst/simple_tests/network/perms/ok_listen_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..efad4b665fcc422146ff27cd018dcefa9a551e50
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_listen_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network listen acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (listen),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_listen_3.sd b/parser/tst/simple_tests/network/perms/ok_listen_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..00e0b090eca7557350cd5a92618e675647c62c9e
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_listen_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network listen w/ip acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network listen ip=127.0.0.1,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_1.sd b/parser/tst/simple_tests/network/perms/ok_msg_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..ab6a942967a5be5ac5a3afa896d0592ad1af798f
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network send test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (send),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_10.sd b/parser/tst/simple_tests/network/perms/ok_msg_10.sd
new file mode 100644
index 0000000000000000000000000000000000000000..3790b8dc680a189018f221a74ff6e2da08969856
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_10.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (send) peer=(port=1234),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_11.sd b/parser/tst/simple_tests/network/perms/ok_msg_11.sd
new file mode 100644
index 0000000000000000000000000000000000000000..40bb801a4093276f4e102a32e62fec949ed833dc
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_11.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network rule
+#=EXRESULT PASS
+
+profile a_profile {
+ network,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_12.sd b/parser/tst/simple_tests/network/perms/ok_msg_12.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0973abe1c05619c8439ca88652ca4000667c9844
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_12.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network send test
+#=EXRESULT PASS
+
+profile a_profile {
+ network send,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_13.sd b/parser/tst/simple_tests/network/perms/ok_msg_13.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f154d67550a3c159a50daab4487c5efc93fe40f5
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_13.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ network receive,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_14.sd b/parser/tst/simple_tests/network/perms/ok_msg_14.sd
new file mode 100644
index 0000000000000000000000000000000000000000..cea0236079d2cf1132541600de45402b13a883a7
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_14.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ network r,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_15.sd b/parser/tst/simple_tests/network/perms/ok_msg_15.sd
new file mode 100644
index 0000000000000000000000000000000000000000..64e695323013c197f95db9f60ad1ee78ebd5908e
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_15.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (r),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_16.sd b/parser/tst/simple_tests/network/perms/ok_msg_16.sd
new file mode 100644
index 0000000000000000000000000000000000000000..ae5923a3afc90b91729be715d6af18d30378f98c
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_16.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ network w,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_17.sd b/parser/tst/simple_tests/network/perms/ok_msg_17.sd
new file mode 100644
index 0000000000000000000000000000000000000000..63d906fbbc96f06e3436a340566148328dabd0df
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_17.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (w),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_18.sd b/parser/tst/simple_tests/network/perms/ok_msg_18.sd
new file mode 100644
index 0000000000000000000000000000000000000000..706614bac54ffb9cd6393e54c17423d5d92e9524
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_18.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ network rw,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_19.sd b/parser/tst/simple_tests/network/perms/ok_msg_19.sd
new file mode 100644
index 0000000000000000000000000000000000000000..366f9049d4a89e0767cb2192cc2d12b53bcb18fa
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_19.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (rw),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_2.sd b/parser/tst/simple_tests/network/perms/ok_msg_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..13eb4bf5949816d48c1ecf04b19c0ffb36bc69e4
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (receive),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_20.sd b/parser/tst/simple_tests/network/perms/ok_msg_20.sd
new file mode 100644
index 0000000000000000000000000000000000000000..be4464a2bf80f9be4c2af027757ea4f8225bab39
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_20.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (send) ip=127.0.0.1,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_3.sd b/parser/tst/simple_tests/network/perms/ok_msg_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..2d4950fd06ef1b77b856a35eccd1a90847494338
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (connect),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_4.sd b/parser/tst/simple_tests/network/perms/ok_msg_4.sd
new file mode 100644
index 0000000000000000000000000000000000000000..da6857d90b721816d2858797b3bcf4365b78a009
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_4.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (send),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_5.sd b/parser/tst/simple_tests/network/perms/ok_msg_5.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f847821f47bb7216fee8b7f9704f15b24e346ea4
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_5.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (send, receive),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_6.sd b/parser/tst/simple_tests/network/perms/ok_msg_6.sd
new file mode 100644
index 0000000000000000000000000000000000000000..54c96e267b941aac57d2d97896cafc776fa161c2
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_6.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (send, receive, connect),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_7.sd b/parser/tst/simple_tests/network/perms/ok_msg_7.sd
new file mode 100644
index 0000000000000000000000000000000000000000..be4464a2bf80f9be4c2af027757ea4f8225bab39
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_7.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (send) ip=127.0.0.1,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_8.sd b/parser/tst/simple_tests/network/perms/ok_msg_8.sd
new file mode 100644
index 0000000000000000000000000000000000000000..154e711809f18477d9e7944ca963e5efcd88663e
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_8.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (send) ip=::1,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_msg_9.sd b/parser/tst/simple_tests/network/perms/ok_msg_9.sd
new file mode 100644
index 0000000000000000000000000000000000000000..86b306a79e6c349ed0c8f0c6c7bc8862f984308b
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_msg_9.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (send) peer=(ip=::1),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_opt_1.sd b/parser/tst/simple_tests/network/perms/ok_opt_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..680ece3469b05a59f51c9dd4d78389026d70ade6
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_opt_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network getopt acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network getopt,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_opt_2.sd b/parser/tst/simple_tests/network/perms/ok_opt_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..3bff127b6f70151b5611e9e2d8c27336b77fadb2
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_opt_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network getopt acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (getopt),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_opt_3.sd b/parser/tst/simple_tests/network/perms/ok_opt_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..dee88dcf7855f6dc0202dfef858298a2eb54e3b5
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_opt_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network setopt acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network setopt,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_opt_4.sd b/parser/tst/simple_tests/network/perms/ok_opt_4.sd
new file mode 100644
index 0000000000000000000000000000000000000000..36add574ed109732ae73a9c1b954516a7eed2b69
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_opt_4.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network setopt acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (setopt),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_opt_5.sd b/parser/tst/simple_tests/network/perms/ok_opt_5.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0f5821d5cde8f527e34ef8361a86a939bc0ff184
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_opt_5.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network getopt w/ip acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network getopt ip=127.0.0.1,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_opt_6.sd b/parser/tst/simple_tests/network/perms/ok_opt_6.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f56dea6a97104a3b62de5dab9ba6dd4cb4ea6428
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_opt_6.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network setopt w/ip acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network setopt ip=127.0.0.1,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_opt_7.sd b/parser/tst/simple_tests/network/perms/ok_opt_7.sd
new file mode 100644
index 0000000000000000000000000000000000000000..abbd43d8853c1be48960cf919c633397d9e96140
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_opt_7.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network setopt w/ip acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network setopt ip=::1,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_shutdown_1.sd b/parser/tst/simple_tests/network/perms/ok_shutdown_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..826c1d683486cbe4493a3022aae67289e6217907
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_shutdown_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network shutdown acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network shutdown,
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_shutdown_2.sd b/parser/tst/simple_tests/network/perms/ok_shutdown_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4901d3720ec2af5a3d266df82c001d6920dd7f32
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_shutdown_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network shutdown acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network (shutdown),
+}
diff --git a/parser/tst/simple_tests/network/perms/ok_shutdown_3.sd b/parser/tst/simple_tests/network/perms/ok_shutdown_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..987ff516d1783b9da4ebb4898c589c0a8ddceaec
--- /dev/null
+++ b/parser/tst/simple_tests/network/perms/ok_shutdown_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple network shutdown w/ip acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ network shutdown ip=127.0.0.1,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad47.sd b/parser/tst/simple_tests/profile/flags/flags_bad47.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4d0d6f70355bf312c4fab29d6d12dcd207ee3655
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad47.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce, prompt) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad48.sd b/parser/tst/simple_tests/profile/flags/flags_bad48.sd
new file mode 100644
index 0000000000000000000000000000000000000000..52e5731df1fd64ccb9493c4f3578c6b1b9bcbc43
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad48.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(complain, prompt) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad49.sd b/parser/tst/simple_tests/profile/flags/flags_bad49.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c4025599b4d62f9c669b5fd70dd28e9e207d1336
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad49.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(kill, prompt) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad50.sd b/parser/tst/simple_tests/profile/flags/flags_bad50.sd
new file mode 100644
index 0000000000000000000000000000000000000000..ea3b7a5a4e84c017e3379e048eb02b3007fa0489
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad50.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(prompt, enforce) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad51.sd b/parser/tst/simple_tests/profile/flags/flags_bad51.sd
new file mode 100644
index 0000000000000000000000000000000000000000..844c098bd14b8102afb7ecc608f99902140e47b0
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad51.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(prompt, complain) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad52.sd b/parser/tst/simple_tests/profile/flags/flags_bad52.sd
new file mode 100644
index 0000000000000000000000000000000000000000..ae95bf9db04b3e0e428dbb6edb09b1e83bf0ff32
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad52.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(prompt, kill) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad53.sd b/parser/tst/simple_tests/profile/flags/flags_bad53.sd
new file mode 100644
index 0000000000000000000000000000000000000000..ee108516563406cbb821c0b9271d9b870b682d07
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad53.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(prompt, unconfined) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad54.sd b/parser/tst/simple_tests/profile/flags/flags_bad54.sd
new file mode 100644
index 0000000000000000000000000000000000000000..df1a2e0eb52429cfad526d4bfef2de9aeaf0e50e
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad54.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce, kill, prompt) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad55.sd b/parser/tst/simple_tests/profile/flags/flags_bad55.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0273d6163a5428435ebe638e07aa7faf121fd558
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad55.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(complain, kill, prompt) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad56.sd b/parser/tst/simple_tests/profile/flags/flags_bad56.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1a0c59b6360593dd8658887cab9ce5b2c3b75dea
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad56.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce, complain, kill, unconfined, prompt) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad64.sd b/parser/tst/simple_tests/profile/flags/flags_bad64.sd
new file mode 100644
index 0000000000000000000000000000000000000000..b92cabef84634a308909e0b59c1c85beacb8fcb7
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad64.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce, kill, interruptible) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad65.sd b/parser/tst/simple_tests/profile/flags/flags_bad65.sd
new file mode 100644
index 0000000000000000000000000000000000000000..63d6b9d3c6841388e1d285447087c94bdbfcb4e8
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad65.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(complain, kill, interruptible) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad66.sd b/parser/tst/simple_tests/profile/flags/flags_bad66.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4e303ed31c91f1854a31c060da188cd3383bcdfc
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad66.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce, complain, kill, unconfined, interruptible) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad67.sd b/parser/tst/simple_tests/profile/flags/flags_bad67.sd
new file mode 100644
index 0000000000000000000000000000000000000000..163f30bc1f28ff6fdd6e2a75623f3fec93067437
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad67.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure bad signal value
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(kill.signal=0) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad68.sd b/parser/tst/simple_tests/profile/flags/flags_bad68.sd
new file mode 100644
index 0000000000000000000000000000000000000000..03a617a1a01f5827989bca10405be9006ba588b3
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad68.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure bad signal value
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(kill.signal=foo) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad69.sd b/parser/tst/simple_tests/profile/flags/flags_bad69.sd
new file mode 100644
index 0000000000000000000000000000000000000000..cb5a8a81db6258c80534ff931a979259546a96ec
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad69.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure bad signal value
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(kill.signal=hup.) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad70.sd b/parser/tst/simple_tests/profile/flags/flags_bad70.sd
new file mode 100644
index 0000000000000000000000000000000000000000..e25add6e4633b88dc8e81e75aaab22b26526add3
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad70.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow, complain) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad71.sd b/parser/tst/simple_tests/profile/flags/flags_bad71.sd
new file mode 100644
index 0000000000000000000000000000000000000000..97db286bf1fc26ff9235e5151bf4dc7188ca2c7d
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad71.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow, kill) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad72.sd b/parser/tst/simple_tests/profile/flags/flags_bad72.sd
new file mode 100644
index 0000000000000000000000000000000000000000..7088458ce8e8310827cc488c42cdd29340317ae4
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad72.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow, unconfined) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad73.sd b/parser/tst/simple_tests/profile/flags/flags_bad73.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f9d578112294703d41358e3d33e20a6090eff801
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad73.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow, enforce) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad74.sd b/parser/tst/simple_tests/profile/flags/flags_bad74.sd
new file mode 100644
index 0000000000000000000000000000000000000000..8fbc9643fe1b10a7770cf8de1a494ccb5b34122d
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad74.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow, prompt) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad75.sd b/parser/tst/simple_tests/profile/flags/flags_bad75.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d8fc5d3d7a396840a2aa3184916e2064f754d4f3
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad75.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow, enforce, complain) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad76.sd b/parser/tst/simple_tests/profile/flags/flags_bad76.sd
new file mode 100644
index 0000000000000000000000000000000000000000..93f5a7ec7c26fbeaeae9fc60e7249a5eef8b8dfe
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad76.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow, enforce, kill) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad77.sd b/parser/tst/simple_tests/profile/flags/flags_bad77.sd
new file mode 100644
index 0000000000000000000000000000000000000000..3e1665db727631002bac9a4f8cd99b259fbd0e5b
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad77.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow, enforce, unconfined) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad78.sd b/parser/tst/simple_tests/profile/flags/flags_bad78.sd
new file mode 100644
index 0000000000000000000000000000000000000000..7c2170113491f2a952fa379715f8b9f6f22e167e
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad78.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow, enforce, prompt) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad79.sd b/parser/tst/simple_tests/profile/flags/flags_bad79.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d2fc86e0c7d5a8fa430f2c05c01b04045b1cd714
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad79.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow, complain, kill) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad80.sd b/parser/tst/simple_tests/profile/flags/flags_bad80.sd
new file mode 100644
index 0000000000000000000000000000000000000000..a708be1105a7129c3e85825f10686cd9160e53a6
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad80.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow, complain, unconfined) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad81.sd b/parser/tst/simple_tests/profile/flags/flags_bad81.sd
new file mode 100644
index 0000000000000000000000000000000000000000..aaf99e787d8956952884568b21b64ede54da7364
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad81.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow, complain, prompt) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad82.sd b/parser/tst/simple_tests/profile/flags/flags_bad82.sd
new file mode 100644
index 0000000000000000000000000000000000000000..9dda584ca352fad013621e778aa5b70223a0eef3
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad82.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow, kill, prompt) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad83.sd b/parser/tst/simple_tests/profile/flags/flags_bad83.sd
new file mode 100644
index 0000000000000000000000000000000000000000..584628efce19eff96c4252505db1073194ae5063
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad83.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow, unconfined, prompt) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad84.sd b/parser/tst/simple_tests/profile/flags/flags_bad84.sd
new file mode 100644
index 0000000000000000000000000000000000000000..8cd7326814120787fb7f03f85f781c83513d9321
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad84.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow, enforce, complain, unconfined) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad85.sd b/parser/tst/simple_tests/profile/flags/flags_bad85.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c25575331547e7e963edd97d72d8ef1b3669db93
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad85.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow, enforce, complain, kill, prompt) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad86.sd b/parser/tst/simple_tests/profile/flags/flags_bad86.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4744c46667a843892ad7c46af331feb6303b24c9
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad86.sd
@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow, enforce, complain, kill, unconfined, prompt) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad87.sd b/parser/tst/simple_tests/profile/flags/flags_bad87.sd
new file mode 100644
index 0000000000000000000000000000000000000000..6b6d0591321705ca55b8576552e6616e992a85ea
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad87.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION Ensure bad error value fails
+#=EXRESULT FAIL
+#
+/does/not/exist flags=(error=13) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad88.sd b/parser/tst/simple_tests/profile/flags/flags_bad88.sd
new file mode 100644
index 0000000000000000000000000000000000000000..3c6af2045c90945ecca36c642c7a32fe23e70d69
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad88.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION Ensure bad error value fails
+#=EXRESULT FAIL
+#
+/does/not/exist flags=(error=ENOTVALIDERROR) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad89.sd b/parser/tst/simple_tests/profile/flags/flags_bad89.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d87154d60c93ffaceca2cbc6b4d550bb110607d3
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad89.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION Ensure bad error value fails
+#=EXRESULT FAIL
+#
+/does/not/exist flags=(error=) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad_disconnected_path1.sd b/parser/tst/simple_tests/profile/flags/flags_bad_disconnected_path1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..55b8ba325046f960692738a54409ea0550eab875
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad_disconnected_path1.sd
@@ -0,0 +1,13 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(attach_disconnected.path=foo) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad_disconnected_path2.sd b/parser/tst/simple_tests/profile/flags/flags_bad_disconnected_path2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..a3da64956d4c24c793540ca5d677556c7e188870
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad_disconnected_path2.sd
@@ -0,0 +1,13 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(attach_disconnected.path=foo/) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad_disconnected_path3.sd b/parser/tst/simple_tests/profile/flags/flags_bad_disconnected_path3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..dc866197eaea64fb3bd52f70dbf5dceb1f7f3181
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad_disconnected_path3.sd
@@ -0,0 +1,16 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+
+@{var}=bar
+
+/does/not/exist flags=(attach_disconnected.path=@{var}) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad_disconnected_path4.sd b/parser/tst/simple_tests/profile/flags/flags_bad_disconnected_path4.sd
new file mode 100644
index 0000000000000000000000000000000000000000..a343e596eb083abc57b1c364be355d05a3fe55ec
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad_disconnected_path4.sd
@@ -0,0 +1,16 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+
+@{var}=bar/
+
+/does/not/exist flags=(attach_disconnected.path=@{var}) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad_disconnected_path5.sd b/parser/tst/simple_tests/profile/flags/flags_bad_disconnected_path5.sd
new file mode 100644
index 0000000000000000000000000000000000000000..a2776f9246cc903570a3011c3108d18442a8418d
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad_disconnected_path5.sd
@@ -0,0 +1,16 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+
+@{var}=bar/
+
+/does/not/exist flags=(attach_disconnected.path=@{var}/) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad18.sd b/parser/tst/simple_tests/profile/flags/flags_ok19.sd
similarity index 68%
rename from parser/tst/simple_tests/profile/flags/flags_bad18.sd
rename to parser/tst/simple_tests/profile/flags/flags_ok19.sd
index 1c08130295c8eb79f5ae6b4781f49a4b7d65531e..6cdde9cadacc2d00e10305cc02283d6a3d3b7fd2 100644
--- a/parser/tst/simple_tests/profile/flags/flags_bad18.sd
+++ b/parser/tst/simple_tests/profile/flags/flags_ok19.sd
@@ -1,6 +1,6 @@
#
-#=DESCRIPTION Ensure debug flag is no longer accepted
-#=EXRESULT FAIL
+#=DESCRIPTION check debug flag is supported
+#=EXRESULT PASS
# vim:syntax=subdomain
# Last Modified: Sun Apr 17 19:44:44 2005
#
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad19.sd b/parser/tst/simple_tests/profile/flags/flags_ok20.sd
similarity index 69%
rename from parser/tst/simple_tests/profile/flags/flags_bad19.sd
rename to parser/tst/simple_tests/profile/flags/flags_ok20.sd
index 62b001b284c1fbe6d72f13b49931acce238d6bbe..822c903c7234d75a43cb82b8d716076071b33da9 100644
--- a/parser/tst/simple_tests/profile/flags/flags_bad19.sd
+++ b/parser/tst/simple_tests/profile/flags/flags_ok20.sd
@@ -1,6 +1,6 @@
#
-#=DESCRIPTION Ensure debug flag is no longer accepted
-#=EXRESULT FAIL
+#=DESCRIPTION check debug flag is accepted
+#=EXRESULT PASS
# vim:syntax=subdomain
# Last Modified: Sun Apr 17 19:44:44 2005
#
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad5.sd b/parser/tst/simple_tests/profile/flags/flags_ok21.sd
similarity index 67%
rename from parser/tst/simple_tests/profile/flags/flags_bad5.sd
rename to parser/tst/simple_tests/profile/flags/flags_ok21.sd
index 594f10750626e2f1b0055eea59d73e652a498c04..3a450e1812488a7e6069b35eee20f6ead1a14e8c 100644
--- a/parser/tst/simple_tests/profile/flags/flags_bad5.sd
+++ b/parser/tst/simple_tests/profile/flags/flags_ok21.sd
@@ -1,6 +1,6 @@
#
-#=DESCRIPTION Ensure debug flag is no longer accepted
-#=EXRESULT FAIL
+#=DESCRIPTION check debug flag is accepted
+#=EXRESULT PASS
# vim:syntax=subdomain
# Last Modified: Sun Apr 17 19:44:44 2005
#
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad_debug_1.sd b/parser/tst/simple_tests/profile/flags/flags_ok22.sd
similarity index 68%
rename from parser/tst/simple_tests/profile/flags/flags_bad_debug_1.sd
rename to parser/tst/simple_tests/profile/flags/flags_ok22.sd
index 633e0f9fcc3a32038addd51f3ed3720457bb58eb..084af8af2c92e75689ab666356de1788f1753a8c 100644
--- a/parser/tst/simple_tests/profile/flags/flags_bad_debug_1.sd
+++ b/parser/tst/simple_tests/profile/flags/flags_ok22.sd
@@ -1,6 +1,6 @@
#
-#=DESCRIPTION Ensure debug flag is no longer accepted
-#=EXRESULT FAIL
+#=DESCRIPTION check debug flag is accepted
+#=EXRESULT PASS
# vim:syntax=subdomain
# Last Modified: Sun Apr 17 19:44:44 2005
#
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad_debug_2.sd b/parser/tst/simple_tests/profile/flags/flags_ok23.sd
similarity index 69%
rename from parser/tst/simple_tests/profile/flags/flags_bad_debug_2.sd
rename to parser/tst/simple_tests/profile/flags/flags_ok23.sd
index 70710a8678f3b69881cbed63abe60d6609137954..574e2a8310fe35795c3b507b348a99a850c26b1d 100644
--- a/parser/tst/simple_tests/profile/flags/flags_bad_debug_2.sd
+++ b/parser/tst/simple_tests/profile/flags/flags_ok23.sd
@@ -1,6 +1,6 @@
#
-#=DESCRIPTION Ensure debug flag is no longer accepted
-#=EXRESULT FAIL
+#=DESCRIPTION check debug flag is accepted
+#=EXRESULT PASS
# vim:syntax=subdomain
# Last Modified: Sun Apr 17 19:44:44 2005
#
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad_debug_3.sd b/parser/tst/simple_tests/profile/flags/flags_ok24.sd
similarity index 70%
rename from parser/tst/simple_tests/profile/flags/flags_bad_debug_3.sd
rename to parser/tst/simple_tests/profile/flags/flags_ok24.sd
index 028862221b890cadd048fa46474ee0d6c0fe82cc..de5bf32d314ccd117d1e8f91557d013bb79c2b4c 100644
--- a/parser/tst/simple_tests/profile/flags/flags_bad_debug_3.sd
+++ b/parser/tst/simple_tests/profile/flags/flags_ok24.sd
@@ -1,6 +1,6 @@
#
-#=DESCRIPTION Ensure debug flag is no longer accepted
-#=EXRESULT FAIL
+#=DESCRIPTION check debug flag is accepted
+#=EXRESULT PASS
# vim:syntax=subdomain
# Last Modified: Sun Apr 17 19:44:44 2005
#
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad20.sd b/parser/tst/simple_tests/profile/flags/flags_ok25.sd
similarity index 67%
rename from parser/tst/simple_tests/profile/flags/flags_bad20.sd
rename to parser/tst/simple_tests/profile/flags/flags_ok25.sd
index 9c4de6f5e90a2063df7199e8f81572d3e19297a3..9b74e021d338998b5cae7e8bc7e8613fb6983027 100644
--- a/parser/tst/simple_tests/profile/flags/flags_bad20.sd
+++ b/parser/tst/simple_tests/profile/flags/flags_ok25.sd
@@ -1,6 +1,6 @@
#
-#=DESCRIPTION Ensure debug flag is no longer accepted (even if it's inside a hat)
-#=EXRESULT FAIL
+#=DESCRIPTION Ensure debug flag is accepted (even if it's inside a hat)
+#=EXRESULT PASS
# vim:syntax=subdomain
# Last Modified: Sun Apr 17 19:44:44 2005
#
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad_debug_4.sd b/parser/tst/simple_tests/profile/flags/flags_ok26.sd
similarity index 75%
rename from parser/tst/simple_tests/profile/flags/flags_bad_debug_4.sd
rename to parser/tst/simple_tests/profile/flags/flags_ok26.sd
index 9f3c5255f3f03e1b80816f0fe6ee8e4ca2941e9c..6194b789d05c4474965421ec23c7fba23a703024 100644
--- a/parser/tst/simple_tests/profile/flags/flags_bad_debug_4.sd
+++ b/parser/tst/simple_tests/profile/flags/flags_ok26.sd
@@ -1,6 +1,6 @@
#
-#=DESCRIPTION Ensure debug flag is no longer accepted
-#=EXRESULT FAIL
+#=DESCRIPTION Ensure debug flag is accepted in hat
+#=EXRESULT PASS
# vim:syntax=subdomain
# Last Modified: Sun Apr 17 19:44:44 2005
#
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok27.sd b/parser/tst/simple_tests/profile/flags/flags_ok27.sd
new file mode 100644
index 0000000000000000000000000000000000000000..13abb61ee4a894c8cf4b2ea284bbb0094011560b
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok27.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(prompt) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok28.sd b/parser/tst/simple_tests/profile/flags/flags_ok28.sd
new file mode 100644
index 0000000000000000000000000000000000000000..73b744b32e63ac694512e042d166563f5ab70563
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok28.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(prompt audit) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok29.sd b/parser/tst/simple_tests/profile/flags/flags_ok29.sd
new file mode 100644
index 0000000000000000000000000000000000000000..962ad131a09bb8fbb4498d90aa728eb67b915f2f
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok29.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(interruptible) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok30.sd b/parser/tst/simple_tests/profile/flags/flags_ok30.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c4cd9e0cf4602293e9b6c72de80dad3778a72133
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok30.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(interruptible audit) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok31.sd b/parser/tst/simple_tests/profile/flags/flags_ok31.sd
new file mode 100644
index 0000000000000000000000000000000000000000..8657e04b1b20bb46326cc941ab4857e3845e93dd
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok31.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION ensure flag does not conflict with other mdes, and flags
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce, interruptible) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok32.sd b/parser/tst/simple_tests/profile/flags/flags_ok32.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1ddfdf2f54e52f7347650e1bdd96a8751aa74c04
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok32.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION ensure flag does not conflict with other mdes, and flags
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(complain, interruptible) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok33.sd b/parser/tst/simple_tests/profile/flags/flags_ok33.sd
new file mode 100644
index 0000000000000000000000000000000000000000..b8e3e8b20987f57d3147d835c38a4cac7a16f0dd
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok33.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION ensure flag does not conflict with other mdes, and flags
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(kill, interruptible) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok34.sd b/parser/tst/simple_tests/profile/flags/flags_ok34.sd
new file mode 100644
index 0000000000000000000000000000000000000000..50af6e4717100cb0f425b0f4e3f5c4a9afbad211
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok34.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION ensure flag does not conflict with other mdes, and flags
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(interruptible, enforce) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok35.sd b/parser/tst/simple_tests/profile/flags/flags_ok35.sd
new file mode 100644
index 0000000000000000000000000000000000000000..a1b7b68a5bfa2d34c8761898be1e8aabd16d126f
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok35.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION ensure flag does not conflict with other mdes, and flags
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(interruptible, complain) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok36.sd b/parser/tst/simple_tests/profile/flags/flags_ok36.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1dc0278e8b8cb6032c6f3e032928dd6aa4aa6973
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok36.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION ensure flag does not conflict with other mdes, and flags
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(interruptible, kill) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok37.sd b/parser/tst/simple_tests/profile/flags/flags_ok37.sd
new file mode 100644
index 0000000000000000000000000000000000000000..25068df2db4d3af0a59813619e3872d94f7cb3ef
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok37.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION ensure flag does not conflict with other mdes, and flags
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(interruptible, unconfined) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok38.sd b/parser/tst/simple_tests/profile/flags/flags_ok38.sd
new file mode 100644
index 0000000000000000000000000000000000000000..8657e04b1b20bb46326cc941ab4857e3845e93dd
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok38.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION ensure flag does not conflict with other mdes, and flags
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce, interruptible) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok39.sd b/parser/tst/simple_tests/profile/flags/flags_ok39.sd
new file mode 100644
index 0000000000000000000000000000000000000000..2980edd1164c63bbf2fcf6a9248a31d2ee7fbb1e
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok39.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION ensure flag does not conflict with other mdes, and flags
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(prompt, interruptible) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok40.sd b/parser/tst/simple_tests/profile/flags/flags_ok40.sd
new file mode 100644
index 0000000000000000000000000000000000000000..6706655b25a19ab592a24282fa2670e7cb241226
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok40.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(prompt, kill.signal=hup) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok41.sd b/parser/tst/simple_tests/profile/flags/flags_ok41.sd
new file mode 100644
index 0000000000000000000000000000000000000000..8f1115468ccae1082d1fcab44d7313094942f01f
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok41.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure signal.kill works with different flags and signals
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce, kill.signal=kill) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok42.sd b/parser/tst/simple_tests/profile/flags/flags_ok42.sd
new file mode 100644
index 0000000000000000000000000000000000000000..3631b500e2d122c1a9f9ea227edaaaf142a10fd4
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok42.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure kill.signal works with different flags and signals
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(kill.signal=int, unconfined) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok43.sd b/parser/tst/simple_tests/profile/flags/flags_ok43.sd
new file mode 100644
index 0000000000000000000000000000000000000000..daf788f4be52a309ad4d2204a7579d876f4fa25f
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok43.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure kill.signal works with different modes and signals
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(kill.signal=quit, kill) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok44.sd b/parser/tst/simple_tests/profile/flags/flags_ok44.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4dae342a8668d8f700d92e388d0bfdf9fdf8327c
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok44.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure kill.signal works with different modes and signals
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(kill.signal=hup, complain) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok45.sd b/parser/tst/simple_tests/profile/flags/flags_ok45.sd
new file mode 100644
index 0000000000000000000000000000000000000000..507d612db8b5bfeb9cc1b6a1d438a954831d35ed
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok45.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure kill.signal works with different modes and signals
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(kill.signal=ill, enforce) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok46.sd b/parser/tst/simple_tests/profile/flags/flags_ok46.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d3bf3f40bba5eb011858ba60569bc4eff2e65559
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok46.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure kill.signal works with different modes and signals
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(kill, kill.signal=trap) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok47.sd b/parser/tst/simple_tests/profile/flags/flags_ok47.sd
new file mode 100644
index 0000000000000000000000000000000000000000..55fc7341f1392ee6016b12e51b9ee8eb38bc28bf
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok47.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure kill.signal works with different modes and signals
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(complain, kill.signal=bus) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok48.sd b/parser/tst/simple_tests/profile/flags/flags_ok48.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f54c492eba5d30ceabe7c867f7efc196148696a9
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok48.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure kill.signal works with different flags and signals
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce, kill.signal=usr1) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok49.sd b/parser/tst/simple_tests/profile/flags/flags_ok49.sd
new file mode 100644
index 0000000000000000000000000000000000000000..dec0314b33b3966301a3d37ee4708ac3af6c69e3
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok49.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION Ensure kill.signals works with different flags and signals
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(kill.signal=stop audit) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok50.sd b/parser/tst/simple_tests/profile/flags/flags_ok50.sd
new file mode 100644
index 0000000000000000000000000000000000000000..aa5629823640550eb808020add0f721fe0c94d88
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok50.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION Ensure kill.signal works with different flags and signals
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(kill.signal=emt) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok51.sd b/parser/tst/simple_tests/profile/flags/flags_ok51.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f1ed8f9d725aa0d4135c90fce87369d2be7badce
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok51.sd
@@ -0,0 +1,74 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist2 flags=(audit) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist2 r,
+}
+
+/does/not/exist3 flags=(default_allow,audit) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist5 r,
+}
+
+/does/not/exist4 flags=(audit,default_allow) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist7 r,
+}
+
+/does/not/exist5 flags=(audit,default_allow,audit) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist8 r,
+}
+
+/does/not/exist6 (default_allow) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist7 (audit) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist2 r,
+}
+
+/does/not/exist8 (default_allow,audit) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist5 r,
+}
+
+/does/not/exist9 (audit,default_allow) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist7 r,
+}
+
+/does/not/exist10 (audit,default_allow,audit) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist8 r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok52.sd b/parser/tst/simple_tests/profile/flags/flags_ok52.sd
new file mode 100644
index 0000000000000000000000000000000000000000..bf6078d9a3b5e1f09f65c78239bafc16d72e1664
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok52.sd
@@ -0,0 +1,39 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+#
+/does/not/exist flags=(default_allow) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist1 flags=(audit, default_allow) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist2 flags=(default_allow, audit) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist3 flags=(default_allow, chroot_relative) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist4 flags=(chroot_relative, default_allow) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok53.sd b/parser/tst/simple_tests/profile/flags/flags_ok53.sd
new file mode 100644
index 0000000000000000000000000000000000000000..66acd4c72d4a7ca9794655734492ff441cb138f1
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok53.sd
@@ -0,0 +1,19 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+#
+/does/not/exist1 flags=(default_allow, namespace_relative) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist2 flags=(namespace_relative, default_allow) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok54.sd b/parser/tst/simple_tests/profile/flags/flags_ok54.sd
new file mode 100644
index 0000000000000000000000000000000000000000..fd86697b383726992a501d67fc6b4107cb6c878e
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok54.sd
@@ -0,0 +1,19 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+#
+
+/does/not/exist1 flags=(default_allow, mediate_deleted) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist2 flags=(mediate_deleted, default_allow) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok55.sd b/parser/tst/simple_tests/profile/flags/flags_ok55.sd
new file mode 100644
index 0000000000000000000000000000000000000000..a7a460f6422bf1226e151ad8fe1713658feb0410
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok55.sd
@@ -0,0 +1,18 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+#
+/does/not/exist1 flags=(default_allow, delegate_deleted) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist2 flags=(delegate_deleted, default_allow) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok56.sd b/parser/tst/simple_tests/profile/flags/flags_ok56.sd
new file mode 100644
index 0000000000000000000000000000000000000000..6bc5abf89298b18462c3af8d0aeb963e7e2b3063
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok56.sd
@@ -0,0 +1,18 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+#
+/does/not/exist1 flags=(default_allow, attach_disconnected) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist2 flags=(attach_disconnected, default_allow) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok57.sd b/parser/tst/simple_tests/profile/flags/flags_ok57.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d0f9f3967c29aa096ca4d0c527e221e66b5af958
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok57.sd
@@ -0,0 +1,19 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+#
+/does/not/exist1 flags=(default_allow, no_attach_disconnected) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist2 flags=(no_attach_disconnected, default_allow) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok58.sd b/parser/tst/simple_tests/profile/flags/flags_ok58.sd
new file mode 100644
index 0000000000000000000000000000000000000000..317d41b657ed54b0fcaf88172f306ed5680de35b
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok58.sd
@@ -0,0 +1,18 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+#
+/does/not/exist1 flags=(default_allow, chroot_attach) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist2 flags=(chroot_attach, default_allow) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok59.sd b/parser/tst/simple_tests/profile/flags/flags_ok59.sd
new file mode 100644
index 0000000000000000000000000000000000000000..87cb6872d27123dbc070948df08b045bca1781c2
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok59.sd
@@ -0,0 +1,18 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+#
+/does/not/exist1 flags=(default_allow, chroot_no_attach) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist2 flags=(chroot_no_attach, default_allow) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok60.sd b/parser/tst/simple_tests/profile/flags/flags_ok60.sd
new file mode 100644
index 0000000000000000000000000000000000000000..a2f48f1774fbceeb6b6ba74554d1dbc3e850104a
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok60.sd
@@ -0,0 +1,110 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+#
+
+#==============================
+
+/does/not/exist1 flags=(default_allow, chroot_relative, mediate_deleted) {
+
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist2 flags=(chroot_relative, mediate_deleted, default_allow) {
+
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+
+#-------
+
+
+/does/not/exist12 flags=(default_allow, chroot_relative, delegate_deleted) {
+
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist13 flags=(chroot_relative, delegate_deleted, default_allow) {
+
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+
+#-------
+
+
+/does/not/exist22 flags=(default_allow, chroot_relative, attach_disconnected) {
+
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist23 flags=(chroot_relative, attach_disconnected, default_allow) {
+
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+
+#-------
+
+/does/not/exist32 flags=(default_allow, chroot_relative, no_attach_disconnected) {
+
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist33 flags=(chroot_relative, no_attach_disconnected, default_allow) {
+
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+
+#-------
+
+
+/does/not/exist42 flags=(default_allow, chroot_relative, chroot_attach) {
+
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist43 flags=(chroot_relative, chroot_attach, default_allow) {
+
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+
+#-------
+
+
+/does/not/exist52 flags=(default_allow, chroot_relative, chroot_no_attach) {
+
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
+/does/not/exist53 flags=(chroot_relative, chroot_no_attach, default_allow) {
+
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok61.sd b/parser/tst/simple_tests/profile/flags/flags_ok61.sd
new file mode 100644
index 0000000000000000000000000000000000000000..7a12b81e1bb864d37f8207f479ae8b54b1d20e99
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok61.sd
@@ -0,0 +1,25 @@
+#
+#=DESCRIPTION verify whitespace is allowed in profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+#
+/does/not/exist3 flags=(default_allow, audit) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist5 r,
+}
+
+/does/not/exist4 flags = (audit , default_allow){
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist7 r,
+}
+
+/does/not/exist5 flags = ( audit , default_allow , audit ) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist8 r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok62.sd b/parser/tst/simple_tests/profile/flags/flags_ok62.sd
new file mode 100644
index 0000000000000000000000000000000000000000..786d12413201722d20d022f087aa7843fd5d1c64
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok62.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION Ensure valid error value works
+#=EXRESULT PASS
+#
+/does/not/exist flags=(error=EPERM) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok63.sd b/parser/tst/simple_tests/profile/flags/flags_ok63.sd
new file mode 100644
index 0000000000000000000000000000000000000000..61c4d7f4a32e5ef94e0e512bac6fe8542ee212e9
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok63.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION Ensure valid error value works
+#=EXRESULT PASS
+#
+/does/not/exist flags=(error=ENOENT) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok64.sd b/parser/tst/simple_tests/profile/flags/flags_ok64.sd
new file mode 100644
index 0000000000000000000000000000000000000000..9fab4942df5c4e50cb3af9fe617315c8962cc2db
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok64.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION Ensure error flag works with different flags
+#=EXRESULT PASS
+#
+/does/not/exist flags=(enforce, error=ENOENT) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok65.sd b/parser/tst/simple_tests/profile/flags/flags_ok65.sd
new file mode 100644
index 0000000000000000000000000000000000000000..277d22b3a389f3b130c875d5e2ab7f193ede952f
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok65.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION Ensure error flag works with different flags
+#=EXRESULT PASS
+#
+/does/not/exist flags=(error=ENOENT, prompt) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok66.sd b/parser/tst/simple_tests/profile/flags/flags_ok66.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c7f2510032280a7263e594df4276dc778a7d9f84
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok66.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION Ensure error flag works with different flags
+#=EXRESULT PASS
+#
+/does/not/exist flags=(unconfined, error=EISCONN) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok67.sd b/parser/tst/simple_tests/profile/flags/flags_ok67.sd
new file mode 100644
index 0000000000000000000000000000000000000000..363350ba908c9acc77d868e2b8b6e29ad81c14b0
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok67.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION Ensure error flag works with different flags
+#=EXRESULT PASS
+#
+/does/not/exist flags=(error=EINVAL, kill) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok68.sd b/parser/tst/simple_tests/profile/flags/flags_ok68.sd
new file mode 100644
index 0000000000000000000000000000000000000000..e081d971b629a8f9b7e16e1ce4c7c63ca7101edd
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok68.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION Ensure error flag works with different flags
+#=EXRESULT PASS
+#
+/does/not/exist flags=(error=ENOENT, complain) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok69.sd b/parser/tst/simple_tests/profile/flags/flags_ok69.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c9afdea8d895169b56e8f8045f6657199ae80dfe
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok69.sd
@@ -0,0 +1,8 @@
+#
+#=DESCRIPTION Ensure error flag works with different flags
+#=EXRESULT PASS
+#
+/does/not/exist flags=(error=ENOANO audit) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path1.sd b/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..91aeb1277fbfcc51d8e0463a29e03690b012f849
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path1.sd
@@ -0,0 +1,13 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(attach_disconnected.path=/foo) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path2.sd b/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f4f8c08c77b3ae636f2da6e2801fbdd323f12feb
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path2.sd
@@ -0,0 +1,13 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(attach_disconnected.path=/foo/) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path3.sd b/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0936c89d7dde0af81571caccce455ab872e8e12e
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path3.sd
@@ -0,0 +1,13 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(attach_disconnected.path=/foo//) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path4.sd b/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path4.sd
new file mode 100644
index 0000000000000000000000000000000000000000..e97518c192963e323b7e94a6e6fc20a1044dd56b
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path4.sd
@@ -0,0 +1,13 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(attach_disconnected.path=/foo/bar) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path5.sd b/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path5.sd
new file mode 100644
index 0000000000000000000000000000000000000000..12378a89cf4baa387da5b086fa328363ffdd3662
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path5.sd
@@ -0,0 +1,16 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+
+@{var}=/bar
+
+/does/not/exist flags=(attach_disconnected.path=/foo/@{var}) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path6.sd b/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path6.sd
new file mode 100644
index 0000000000000000000000000000000000000000..e75429f9f50af08ebb0c54fbd4940c5c986527b8
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path6.sd
@@ -0,0 +1,16 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+
+@{var}=/bar
+
+/does/not/exist flags=(attach_disconnected.path=/foo/@{var}/) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path7.sd b/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path7.sd
new file mode 100644
index 0000000000000000000000000000000000000000..da492350796c23ea1707be4ee33d3f0d84b12513
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path7.sd
@@ -0,0 +1,16 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+
+@{var}=/bar
+
+/does/not/exist flags=(attach_disconnected.path=@{var}/foo) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path8.sd b/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path8.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d050a34602f9ffd65f5de0ca896045948b04117f
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok_disconnected_path8.sd
@@ -0,0 +1,16 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+
+@{var}=/bar
+
+/does/not/exist flags=(attach_disconnected.path=@{var}) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
+
diff --git a/parser/tst/simple_tests/regressions/ok_normalize.sd b/parser/tst/simple_tests/regressions/ok_normalize.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d810b0c50fc719adf0d4567f283326b575316c7a
--- /dev/null
+++ b/parser/tst/simple_tests/regressions/ok_normalize.sd
@@ -0,0 +1,25 @@
+#
+#=Description caused an infinite loop in expr normalization
+#=EXRESULT PASS
+
+# This test triggers an infinite loop bug in expr normalization
+# Note: this test might be able to be reduced more but, each element appears
+# to be required to trigger the bug.
+# that is the initial var assignment, += with the "comment" at the end
+# (which is a separate bug), the expansion in the 2nd variable and then
+# the use of the 2nd variable.
+# This seems to be due to difference in consistency check between expansion
+# at parse time and variable expansion.
+# eg. expanding @{exec_path} manually will result in a failure to parse
+# see: https://gitlab.com/apparmor/apparmor/-/issues/398
+
+@{var}=*-linux-gnu*
+@{var}+=*-suse-linux* #aa:only opensuse
+
+@{exec_path} = /{,@{var}/}t
+
+profile test {
+
+
+ @{exec_path} mr,
+}
diff --git a/parser/tst/testlib.py b/parser/tst/testlib.py
index 30b127896c361fb374d2c3829f42f8fb52dc8169..df52e0db204866189e28eadc782f2aa6264c855e 100644
--- a/parser/tst/testlib.py
+++ b/parser/tst/testlib.py
@@ -70,9 +70,9 @@ class AATestTemplate(unittest.TestCase, metaclass=AANoCleanupMetaClass):
rc is as long as it's not a specific set of return codes,
so can't push the check directly into run_cmd()."""
rc, report = self.run_cmd(command, input, stderr, stdout, stdin, timeout)
- self.assertEqual(rc, expected_rc, "Got return code %d, expected %d\nCommand run: %s\nOutput: %s" % (rc, expected_rc, (' '.join(command)), report))
+ self.assertEqual(rc, expected_rc, "Got return code {}, expected {}\nCommand run: {}\nOutput: {}".format(rc, expected_rc, ' '.join(command), report))
if expected_string:
- self.assertIn(expected_string, report, 'Expected message "%s", got: \n%s' % (expected_string, report))
+ self.assertIn(expected_string, report, 'Expected message "{}", got: \n{}'.format(expected_string, report))
return report
def run_cmd(self, command, input=None, stderr=subprocess.PIPE, stdout=subprocess.PIPE,
@@ -81,7 +81,7 @@ class AATestTemplate(unittest.TestCase, metaclass=AANoCleanupMetaClass):
return a textual error if it failed."""
if self.debug:
- print("\n===> Running command: '%s'" % (' '.join(command)))
+ print("\n===> Running command: '{}'".format(' '.join(command)))
(rc, out, outerr) = self._run_cmd(command, input, stderr, stdout, stdin, timeout)
report = out + outerr
@@ -103,7 +103,7 @@ class AATestTemplate(unittest.TestCase, metaclass=AANoCleanupMetaClass):
try:
out, outerr = timeout_communicate(input)
rc = sp.returncode
- except TimeoutFunctionException as e:
+ except TimeoutFunctionException:
sp.terminate()
outerr = 'test timed out, killed'
rc = TIMEOUT_ERROR_CODE
@@ -154,7 +154,7 @@ def filesystem_time_resolution():
for i in range(10):
s = None
- with open(os.path.join(tmp_dir, 'test.%d' % i), 'w+') as f:
+ with open(os.path.join(tmp_dir, 'test.{}'.format(i)), 'w+') as f:
s = os.fstat(f.fileno())
if (s.st_mtime == last_stamp):
@@ -164,7 +164,7 @@ def filesystem_time_resolution():
last_stamp = s.st_mtime
time.sleep(default_diff)
- except:
+ except Exception:
pass
finally:
if os.path.exists(tmp_dir):
@@ -181,13 +181,13 @@ def read_features_dir(path):
for name in sorted(os.listdir(path)):
entry = os.path.join(path, name)
- result += '%s {' % name
+ result += name + ' {'
if os.path.isfile(entry):
with open(entry, 'r') as f:
# don't need extra '\n' here as features file contains it
- result += '%s' % (f.read())
+ result += f.read()
elif os.path.isdir(entry):
- result += '%s' % (read_features_dir(entry))
+ result += read_features_dir(entry)
result += '}\n'
return result
diff --git a/parser/tst/valgrind_simple.py b/parser/tst/valgrind_simple.py
index 92865a896b3cef2bceaf1614fed170d3e4d2bec2..7bae874f63966313a49b84eff04d2f2b7a34b98f 100755
--- a/parser/tst/valgrind_simple.py
+++ b/parser/tst/valgrind_simple.py
@@ -23,7 +23,9 @@ import testlib
DEFAULT_TESTDIR = "./simple_tests/vars"
VALGRIND_ERROR_CODE = 151
-VALGRIND_ARGS = ['--leak-check=full', '--error-exitcode=%d' % (VALGRIND_ERROR_CODE)]
+VALGRIND_ARGS = [
+ '--leak-check=full', '--error-exitcode={}'.format(VALGRIND_ERROR_CODE)
+]
VALGRIND_SUPPRESSIONS = '''
{
@@ -53,8 +55,8 @@ class AAParserValgrindTests(testlib.AATestTemplate):
rc, output = self.run_cmd(command, timeout=120)
self.assertNotIn(
rc, failure_rc,
- "valgrind returned error code %d, gave the following output\n%s\ncommand run: %s"
- % (rc, output, " ".join(command)))
+ "valgrind returned error code {}, gave the following output\n{}\ncommand run: {}".format(
+ rc, output, " ".join(command)))
def find_testcases(testdir):
@@ -94,38 +96,43 @@ def main():
return rc
if not os.path.exists(config.valgrind):
- print("Unable to find valgrind at '%s', ensure that it is installed" % (config.valgrind),
- file=sys.stderr)
- exit(1)
+ print(
+ "Unable to find valgrind at '{}', ensure that it is installed".format(config.valgrind),
+ file=sys.stderr
+ )
+ sys.exit(1)
verbosity = 1
if config.verbose:
verbosity = 2
- if not config.skip_suppressions:
+ if config.skip_suppressions:
+ suppression_file = None
+ else:
suppression_file = create_suppressions()
- VALGRIND_ARGS.append('--suppressions=%s' % (suppression_file))
+ VALGRIND_ARGS.append('--suppressions=' + suppression_file)
for f in find_testcases(config.testdir):
def stub_test(self, testname=f):
self._runtest(testname, config)
- stub_test.__doc__ = "test %s" % (f)
- setattr(AAParserValgrindTests, 'test_%s' % (f), stub_test)
+ stub_test.__doc__ = "test " + f
+ setattr(AAParserValgrindTests, 'test_' + f, stub_test)
test_suite = unittest.TestSuite()
test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(AAParserValgrindTests))
try:
result = unittest.TextTestRunner(verbosity=verbosity).run(test_suite)
+ except Exception:
+ rc = 1
+ else:
if not result.wasSuccessful():
rc = 1
- except:
- rc = 1
finally:
- os.remove(suppression_file)
+ if suppression_file:
+ os.remove(suppression_file)
return rc
if __name__ == "__main__":
- rc = main()
- exit(rc)
+ sys.exit(main())
diff --git a/parser/userns.cc b/parser/userns.cc
new file mode 100644
index 0000000000000000000000000000000000000000..a2cd9e8eb29b83fe226c6481594d01a5c6b4c62a
--- /dev/null
+++ b/parser/userns.cc
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) 2022
+ * Canonical, Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Novell, Inc. or Canonical
+ * Ltd.
+ */
+
+#include "parser.h"
+#include "profile.h"
+#include "userns.h"
+
+#include <iomanip>
+#include <string>
+#include <iostream>
+#include <sstream>
+
+void userns_rule::move_conditionals(struct cond_entry *conds)
+{
+ struct cond_entry *cond_ent;
+
+ list_for_each(conds, cond_ent) {
+ /* for now disallow keyword 'in' (list) */
+ if (!cond_ent->eq)
+ yyerror("keyword \"in\" is not allowed in userns rules\n");
+
+ /* no valid conditionals atm */
+ yyerror("invalid userns rule conditional \"%s\"\n",
+ cond_ent->name);
+ }
+}
+
+userns_rule::userns_rule(perm32_t perms_p, struct cond_entry *conds):
+ perms_rule_t(AA_CLASS_NS)
+{
+ if (perms_p) {
+ if (perms_p & ~AA_VALID_USERNS_PERMS)
+ yyerror("perms contains invalid permissions for userns\n");
+ perms = perms_p;
+
+ } else {
+ /* default to all perms */
+ perms = AA_VALID_USERNS_PERMS;
+ }
+
+ move_conditionals(conds);
+ free_cond_list(conds);
+}
+
+ostream &userns_rule::dump(ostream &os)
+{
+ class_rule_t::dump(os);
+
+ if (perms != AA_VALID_USERNS_PERMS) {
+ if (perms & AA_USERNS_CREATE)
+ os << " create";
+ }
+
+ os << ",\n";
+
+ return os;
+}
+
+
+int userns_rule::expand_variables(void)
+{
+ return 0;
+}
+
+void userns_rule::warn_once(const char *name)
+{
+ rule_t::warn_once(name, "userns rules not enforced");
+}
+
+int userns_rule::gen_policy_re(Profile &prof)
+{
+ std::ostringstream buffer;
+ std::string buf;
+
+ if (!features_supports_userns) {
+ warn_once(prof.name);
+ return RULE_NOT_SUPPORTED;
+ }
+
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << AA_CLASS_NS;
+ buf = buffer.str();
+ if (perms & AA_VALID_USERNS_PERMS) {
+ if (!prof.policy.rules->add_rule(buf.c_str(), priority,
+ rule_mode, perms,
+ audit == AUDIT_FORCE ? perms : 0,
+ parseopts))
+
+ goto fail;
+ /* add a mediates_userns rule for every rule added. It
+ * needs to be the same priority
+ */
+ if (!prof.policy.rules->add_rule(buf.c_str(), priority,
+ RULE_ALLOW, AA_MAY_READ, 0,
+ parseopts))
+ goto fail;
+ }
+
+ return RULE_OK;
+
+fail:
+ return RULE_ERROR;
+}
diff --git a/parser/userns.h b/parser/userns.h
new file mode 100644
index 0000000000000000000000000000000000000000..8c1364aa9cc4095d368bea75165e287e7b8b9b00
--- /dev/null
+++ b/parser/userns.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2022
+ * Canonical Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Novell, Inc. or Canonical
+ * Ltd.
+ */
+#ifndef __AA_USERNS_H
+#define __AA_USERNS_H
+
+#include "parser.h"
+
+#define AA_USERNS_CREATE 8
+#define AA_VALID_USERNS_PERMS (AA_USERNS_CREATE)
+
+class userns_rule: public perms_rule_t {
+ void move_conditionals(struct cond_entry *conds);
+public:
+ userns_rule(perm32_t perms, struct cond_entry *conds);
+ virtual ~userns_rule()
+ {
+ };
+
+ virtual bool valid_prefix(const prefixes &p, const char *&error) {
+ if (p.owner) {
+ error = _("owner prefix not allowed on userns rules");
+ return false;
+ }
+ return true;
+ };
+ virtual ostream &dump(ostream &os);
+ virtual int expand_variables(void);
+ virtual int gen_policy_re(Profile &prof);
+
+ virtual bool is_mergeable(void) { return true; }
+ virtual int cmp(rule_t const &rhs) const
+ {
+ return perms_rule_t::cmp(rhs);
+ };
+ /* merge perms not required atm since there's only one permission */
+
+protected:
+ virtual void warn_once(const char *name) override;
+};
+
+#endif /* __AA_USERNS_H */
diff --git a/profiles/Makefile b/profiles/Makefile
index b68c2ac4bd23e660bf3d3c9050c638555ef244a5..a4ff96e510c9e90144b50db3b5417d3fb27e3b9c 100644
--- a/profiles/Makefile
+++ b/profiles/Makefile
@@ -20,20 +20,18 @@
# Makefile for LSM-based AppArmor profiles
NAME=apparmor-profiles
-all: local docs
+all: docs
COMMONDIR=../common/
include $(COMMONDIR)/Make.rules
DESTDIR=/
PROFILES_DEST=${DESTDIR}/etc/apparmor.d
-EXTRAS_DEST=${DESTDIR}/usr/share/apparmor/extra-profiles/
+EXTRAS_DEST=${DESTDIR}/usr/share/apparmor/extra-profiles
PROFILES_SOURCE=./apparmor.d
ABSTRACTIONS_SOURCE=./apparmor.d/abstractions
-EXTRAS_SOURCE=./apparmor/profiles/extras/
-
-SUBDIRS=$(shell find ${PROFILES_SOURCE} -type d -print)
-TOPLEVEL_PROFILES=$(filter-out ${SUBDIRS}, $(wildcard ${PROFILES_SOURCE}/*))
+EXTRAS_SOURCE=./apparmor/profiles/extras
+EXTRAS_ABSTRACTIONS_SOURCE=./apparmor/profiles/extras/abstractions
ifdef USE_SYSTEM
PYTHONPATH=
@@ -79,24 +77,27 @@ ifndef USE_SYSTEM
endif
local:
- for profile in ${TOPLEVEL_PROFILES}; do \
+ for profile in $$(find ${PROFILES_SOURCE} -maxdepth 1 -type f) ; do \
fn=$$(basename $$profile); \
echo "# Site-specific additions and overrides for '$$fn'" > ${PROFILES_SOURCE}/local/$$fn; \
grep "include[[:space:]]\\+if[[:space:]]\\+exists[[:space:]]\\+<local/$$fn>" "$$profile" >/dev/null || { echo "$$profile doesn't contain include if exists <local/$$fn>" ; exit 1; } ; \
done
.PHONY: install
-install: local
+install:
install -m 755 -d ${PROFILES_DEST}
install -m 755 -d ${PROFILES_DEST}/disable
- for dir in ${SUBDIRS} ; do \
- install -m 755 -d "${PROFILES_DEST}/$${dir#${PROFILES_SOURCE}}" ; \
+ for dir in $$(cd ${PROFILES_SOURCE} && find . -type d -printf '%P\n') ; do \
+ install -m 755 -d "${PROFILES_DEST}/$${dir}" ; \
done
- for file in $$(find ${PROFILES_SOURCE} -type f -print) ; do \
- install -m 644 "$${file}" "${PROFILES_DEST}/$$(dirname $${file#${PROFILES_SOURCE}})" ; \
+ for file in $$(cd ${PROFILES_SOURCE} && find . -type f -printf '%P\n') ; do \
+ install -m 644 "${PROFILES_SOURCE}/$${file}" "${PROFILES_DEST}/$$(dirname $${file})" ; \
done
install -m 755 -d ${EXTRAS_DEST}
- install -m 644 ${EXTRAS_SOURCE}/* ${EXTRAS_DEST}
+ install -m 755 -d ${EXTRAS_DEST}/abstractions
+ for file in $$(cd ${EXTRAS_SOURCE} && find . -type f -printf '%P\n') ; do \
+ install -m 644 "${EXTRAS_SOURCE}/$${file}" "${EXTRAS_DEST}/$$(dirname $${file})" ; \
+ done
LOCAL_ADDITIONS=$(filter-out ${PROFILES_SOURCE}/local/README, $(wildcard ${PROFILES_SOURCE}/local/*))
.PHONY: clean
@@ -113,49 +114,67 @@ endif
# docs: should we have some here?
docs:
-IGNORE_FILES=${EXTRAS_SOURCE}/README
-CHECK_PROFILES=$(filter-out ${IGNORE_FILES} ${SUBDIRS}, $(wildcard ${PROFILES_SOURCE}/*) $(wildcard ${EXTRAS_SOURCE}/*))
-# use find because Make wildcard is not recursive:
-CHECK_ABSTRACTIONS=$(shell find ${ABSTRACTIONS_SOURCE} -type f -print)
-
.PHONY: check
-check: check-parser check-logprof check-abstractions.d check-extras
+check: check-parser check-logprof check-abstractions.d check-tunables.d check-local
.PHONY: check-parser
-check-parser: test-dependencies local
- @echo "*** Checking profiles from ${PROFILES_SOURCE} and ${EXTRAS_SOURCE} against apparmor_parser"
- $(Q)for profile in ${CHECK_PROFILES} ; do \
- [ -n "${VERBOSE}" ] && echo "Testing $${profile}" ; \
- ${PARSER} --config-file=../parser/tst/parser.conf -S -b ${PWD}/apparmor.d $${profile} > /dev/null || exit 1; \
+check-parser: test-dependencies
+ @echo "*** Checking profiles from ${PROFILES_SOURCE} against apparmor_parser"
+ $(Q)for profile in $$(find ${PROFILES_SOURCE} -maxdepth 1 -type f) ; do \
+ [ -n "${VERBOSE}" ] && echo "Testing $${profile}" ; \
+ ${PARSER} --config-file=../parser/tst/parser.conf -S -b ${PROFILES_SOURCE} $${profile} > /dev/null || exit 1; \
+ done
+
+ @echo "*** Checking profiles from ${EXTRAS_SOURCE} against apparmor_parser"
+ $(Q)for profile in $$(find ${EXTRAS_SOURCE} -maxdepth 1 -type f -not -name README) ; do \
+ [ -n "${VERBOSE}" ] && echo "Testing $${profile}" ; \
+ ${PARSER} --config-file=../parser/tst/parser.conf -S -b ${EXTRAS_SOURCE} -I ${PROFILES_SOURCE} $${profile} > /dev/null || exit 1; \
done
@echo "*** Checking abstractions from ${ABSTRACTIONS_SOURCE} against apparmor_parser"
- $(Q)for abstraction in ${CHECK_ABSTRACTIONS} ; do \
- [ -n "${VERBOSE}" ] && echo "Testing $${abstraction}" ; \
- echo "abi <abi/3.0>, #include <tunables/global> profile test { #include <$${abstraction}> }" \
- | ${PARSER} --config-file=../parser/tst/parser.conf -S -b ${PWD}/apparmor.d -I ${PWD} > /dev/null \
+ $(Q)for abstraction in $$(find ${ABSTRACTIONS_SOURCE} -maxdepth 1 -type f -printf '%P\n') ; do \
+ [ -n "${VERBOSE}" ] && echo "Testing ${ABSTRACTIONS_SOURCE}/$${abstraction}" ; \
+ echo "abi <abi/4.0>, include <tunables/global> profile test { include <abstractions/$${abstraction}> }" \
+ | ${PARSER} --config-file=../parser/tst/parser.conf -S -b ${PROFILES_SOURCE} > /dev/null \
+ || exit 1; \
+ done
+
+ @echo "*** Checking abstractions from ${EXTRAS_ABSTRACTIONS_SOURCE} against apparmor_parser"
+ $(Q)for abstraction in $$(find ${EXTRAS_ABSTRACTIONS_SOURCE} -maxdepth 1 -type f -printf '%P\n') ; do \
+ [ -n "${VERBOSE}" ] && echo "Testing ${EXTRAS_ABSTRACTIONS_SOURCE}/$${abstraction}" ; \
+ echo "abi <abi/4.0>, include <tunables/global> profile test { include <abstractions/$${abstraction}> }" \
+ | ${PARSER} --config-file=../parser/tst/parser.conf -S -b ${PROFILES_SOURCE} -I ${EXTRAS_SOURCE} > /dev/null \
|| exit 1; \
done
.PHONY: check-logprof
-check-logprof: test-dependencies local
+check-logprof: test-dependencies
@echo "*** Checking profiles from ${PROFILES_SOURCE} against logprof"
$(Q)${LOGPROF} -d ${PROFILES_SOURCE} -f /dev/null || exit 1
.PHONY: check-abstractions.d
check-abstractions.d:
- @echo "*** Checking if all abstractions (with a few exceptions) contain include if exists <abstractions/*.d>"
- $(Q)cd apparmor.d/abstractions && for file in * ; do \
- test -d "$$file" && continue ; \
- test "$$file" = 'ubuntu-browsers' && continue ; \
- test "$$file" = 'ubuntu-helpers' && continue ; \
- grep -q "^ include if exists <abstractions/$${file}.d>$$" $$file || { echo "$$file does not contain 'include if exists <abstractions/$${file}.d>'"; exit 1; } ; \
+ @echo "*** Checking if all abstractions (with a few exceptions) contain 'include if exists <abstractions/*.d>'"
+ $(Q)for file in $$(find ${ABSTRACTIONS_SOURCE} ${EXTRAS_ABSTRACTIONS_SOURCE} -maxdepth 1 -type f) ; do \
+ case "$${file}" in */ubuntu-browsers | */ubuntu-helpers) continue ;; esac ; \
+ include="include if exists <abstractions/$$(basename $${file}).d>" ; \
+ grep -q "^ $${include}\$$" $${file} || { echo "$${file} does not contain '$${include}'"; exit 1; } ; \
+ done
+
+.PHONY: check-tunables.d
+check-tunables.d:
+ @echo "*** Checking if all tunables (with a few exceptions) contain 'include if exists <tunables/*.d>'"
+ $(Q)for file in $$(find ${PROFILES_SOURCE}/tunables -maxdepth 1 -type f) ; do \
+ case "$${file}" in */sys) continue ;; esac ; \
+ include="include if exists <tunables/$$(basename $${file}).d>" ; \
+ grep -q "^$${include}\$$" $${file} || { echo "$${file} does not contain '$${include}'"; exit 1; } ; \
done
-.PHONY: check-extras
-check-extras:
- @echo "*** Checking if all extra profiles contain include if exists <local/*>"
- $(Q)cd ${EXTRAS_SOURCE} && for file in * ; do \
- test "$$file" = 'README' && continue ; \
- grep -q "^ include if exists <local/$${file}>$$" $$file || { echo "$$file does not contain 'include if exists <local/$${file}>'"; exit 1; } ; \
+.PHONY: check-local
+check-local:
+ @echo "*** Checking if all profiles contain 'include if exists <local/*>'"
+ $(Q)for file in $$(find ${PROFILES_SOURCE} ${EXTRAS_SOURCE} -maxdepth 1 -type f) ; do \
+ case "$${file}" in */README) continue ;; esac ; \
+ include="include if exists <local/$$(basename $${file})>" ; \
+ grep -q "^ *$${include}\$$" $${file} || { echo "$${file} does not contain '$${include}'"; exit 1; } ; \
done
diff --git a/profiles/apparmor.d/1password b/profiles/apparmor.d/1password
new file mode 100644
index 0000000000000000000000000000000000000000..2cd14489de5e777665c3b050c6f3fa892f0e8395
--- /dev/null
+++ b/profiles/apparmor.d/1password
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile 1password /opt/1Password/1password flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/1password>
+}
diff --git a/profiles/apparmor.d/Discord b/profiles/apparmor.d/Discord
new file mode 100644
index 0000000000000000000000000000000000000000..4e96b8fe7b538a3d3813ea8ed511c552a4e56f1a
--- /dev/null
+++ b/profiles/apparmor.d/Discord
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile Discord /usr/share/discord/Discord flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/Discord>
+}
diff --git a/profiles/apparmor.d/MongoDB_Compass b/profiles/apparmor.d/MongoDB_Compass
new file mode 100644
index 0000000000000000000000000000000000000000..6c796ca626b0660c7bc271b72741f5b35fb8ce43
--- /dev/null
+++ b/profiles/apparmor.d/MongoDB_Compass
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile "MongoDB Compass" "/usr/lib/mongodb-compass/MongoDB Compass" flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/MongoDB_Compass>
+}
diff --git a/profiles/apparmor.d/QtWebEngineProcess b/profiles/apparmor.d/QtWebEngineProcess
new file mode 100644
index 0000000000000000000000000000000000000000..65dec4807feddaa966ea204576fe9bba13615079
--- /dev/null
+++ b/profiles/apparmor.d/QtWebEngineProcess
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile QtWebEngineProcess /usr/lib/@{multiarch}/qt{5,6}/libexec/QtWebEngineProcess flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/QtWebEngineProcess>
+}
diff --git a/profiles/apparmor.d/Xorg b/profiles/apparmor.d/Xorg
new file mode 100644
index 0000000000000000000000000000000000000000..15cb45a6e176ae5946dc2f6986c6ed2677972782
--- /dev/null
+++ b/profiles/apparmor.d/Xorg
@@ -0,0 +1,123 @@
+# vim:syntax=apparmor
+# Author: Daniel Richard G. <skunk@iSKUNK.ORG>
+
+# Related:
+# https://bugs.launchpad.net/bugs/1292324
+# https://github.com/canonical/lightdm/issues/18
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+# Note: attach_disconnected appears necessary in rootless mode
+profile Xorg /usr/lib/xorg/Xorg flags=(attach_disconnected, complain) {
+ include <abstractions/base>
+ include <abstractions/dbus-strict>
+ include <abstractions/fonts>
+ include <abstractions/mesa>
+ include <abstractions/nameservice>
+ include <abstractions/vulkan>
+ include <abstractions/X>
+
+ capability dac_override,
+ capability ipc_owner,
+ capability perfmon,
+ capability setgid,
+ capability setuid,
+ capability sys_admin,
+ capability sys_nice,
+ capability sys_rawio,
+
+ network netlink raw,
+
+ signal (receive) set=(hup, term),
+ signal (send) set=(usr1),
+
+ unix (accept, bind, listen, receive, send) type=stream addr="@/tmp/.X11-unix/X[0-9]*",
+
+ dbus (send)
+ bus=system
+ path=/org/freedesktop/login1
+ interface=org.freedesktop.login1.Manager
+ member=GetSessionByPID
+ peer=(name=org.freedesktop.login1),
+
+ dbus (send)
+ bus=system
+ path=/org/freedesktop/login1/session/*
+ interface=org.freedesktop.login1.Session
+ member={PauseDeviceComplete,ReleaseControl,ReleaseDevice,TakeControl,TakeDevice}
+ peer=(name=org.freedesktop.login1),
+
+ dbus (receive)
+ bus=system
+ path=/org/freedesktop/login1/session/*
+ interface=org.freedesktop.login1.Session
+ member=PauseDevice,
+
+ /{,usr/}bin/{bash,dash,sh} ix,
+ /usr/bin/xkbcomp ix,
+
+ @{PROC}/cmdline r,
+ @{PROC}/@{pid}/cmdline r,
+ @{PROC}/ioports r,
+ @{PROC}/mtrr rw,
+
+ @{sys}/**/ r,
+ @{sys}/devices/** r,
+ @{sys}/module/** r,
+
+ @{sys}/devices/pci*/**/backlight/*/brightness rw,
+
+ # Display managers
+ @{run}/user/@{uid}/gdm/* r,
+ @{run}/lightdm/** r,
+ @{run}/lxdm/* r,
+ @{run}/sddm/* r,
+ @{run}/slim.auth r,
+ /var/lib/wdm/** r,
+ /var/lib/xdm/** r,
+
+ @{run}/nvidia-xdriver-* rw, # TODO: double-check
+ @{run}/udev/data/** r,
+
+ /dev/dri/card[0-9]* r,
+ /dev/fb0 rw,
+ /dev/input/event* rw,
+ /dev/tty[0-9]* rw,
+ /dev/vga_arbiter rw,
+
+ /etc/X11/** r,
+
+ owner /tmp/.tX[0-9]*-lock rw,
+ owner /tmp/.X[0-9]*-lock wl,
+ owner /tmp/serverauth.* r, # startx(1)
+ owner /tmp/server-[0-9]*.xkm rw,
+
+ /usr/lib/xorg/modules/ r,
+ /usr/lib/xorg/modules/** mr,
+ /usr/share/** r,
+
+ owner /var/lib/xkb/** rw,
+ owner /var/log/Xorg.pid-[1-9]*.log rw,
+ owner /var/log/Xorg.[0-9]*.log{,.old} rw,
+
+ # Rootless mode (gdm3, startx)
+ owner @{HOME}/.local/ w,
+ owner @{HOME}/.local/share/ w,
+ owner @{HOME}/.local/share/xorg/ w,
+ owner @{HOME}/.local/share/xorg/Xorg.pid-[1-9]*.log rw,
+ owner @{HOME}/.local/share/xorg/Xorg.[0-9]*.log{,.old} rw,
+ owner /var/lib/gdm*/.cache/mesa_shader_cache/ rw,
+ owner /var/lib/gdm*/.cache/mesa_shader_cache/** rwk,
+ owner /var/lib/gdm*/.local/share/xorg/Xorg.pid-[1-9]*.log rw,
+ owner /var/lib/gdm*/.local/share/xorg/Xorg.[0-9]*.log{,.old} rw,
+
+ # When running without a kernel mode-setting (KMS) driver, Xorg may need
+ # these additional permissions. DO NOT enable these unless necessary!
+ #nokms#/dev/mem rw,
+ #nokms#@{sys}/devices/pci[0-9]*/*/*/resource[0-9] w,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/Xorg>
+}
diff --git a/profiles/apparmor.d/abi/4.0 b/profiles/apparmor.d/abi/4.0
new file mode 100644
index 0000000000000000000000000000000000000000..9e61fe3d0314097b93eed4d2b976f998317761a3
--- /dev/null
+++ b/profiles/apparmor.d/abi/4.0
@@ -0,0 +1,91 @@
+capability {0xffffff
+}
+caps {mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf checkpoint_restore
+}
+}
+dbus {mask {acquire send receive
+}
+}
+domain {attach_conditions {xattr {yes
+}
+}
+change_hat {yes
+}
+change_hatv {yes
+}
+change_onexec {yes
+}
+change_profile {yes
+}
+computed_longest_left {yes
+}
+fix_binfmt_elf_mmap {yes
+}
+post_nnp_subset {yes
+}
+stack {yes
+}
+version {1.2
+}
+}
+file {mask {create read write exec append mmap_exec link lock
+}
+}
+ipc {posix_mqueue {create read write open delete setattr getattr
+}
+}
+mount {mask {mount umount pivot_root
+}
+}
+namespaces {mask {userns_create
+}
+pivot_root {no
+}
+profile {yes
+}
+}
+network {af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp
+}
+af_unix {yes
+}
+}
+network_v8 {af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp
+}
+}
+policy {outofband {0x000001
+}
+permstable32 {allow deny subtree cond kill complain prompt audit quiet hide xindex tag label
+}
+permstable32_version {0x000002
+}
+set_load {yes
+}
+versions {v5 {yes
+}
+v6 {yes
+}
+v7 {yes
+}
+v8 {yes
+}
+v9 {yes
+}
+}
+}
+ptrace {mask {read trace
+}
+}
+query {label {data {yes
+}
+multi_transaction {yes
+}
+perms {allow deny audit quiet
+}
+}
+}
+rlimit {mask {cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
+}
+}
+signal {mask {hup int quit ill trap abrt bus fpe kill usr1 segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg xcpu xfsz vtalrm prof winch io pwr sys emt lost
+}
+}
diff --git a/profiles/apparmor.d/abstractions/X b/profiles/apparmor.d/abstractions/X
index ead10d9ad4f4d8358b09c936c4b83a92cdfa7207..6df891185a8592f746ad8895217f32dab58df833 100644
--- a/profiles/apparmor.d/abstractions/X
+++ b/profiles/apparmor.d/abstractions/X
@@ -10,7 +10,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <abstractions/dri-common>
@@ -28,6 +28,7 @@
owner @{run}/user/*/gdm/Xauthority r,
owner @{run}/user/*/X11/Xauthority r,
owner @{run}/user/*/xauth_* r,
+ owner /tmp/xauth_?????? r,
# the unix socket to use to connect to the display
/tmp/.X11-unix/* rw,
diff --git a/profiles/apparmor.d/abstractions/apache2-common b/profiles/apparmor.d/abstractions/apache2-common
index e6bcc5eb1b45d7bdc76f46f34a1a188524e72c11..09826352de68fd05622f1e1d9fe49099e61b317b 100644
--- a/profiles/apparmor.d/abstractions/apache2-common
+++ b/profiles/apparmor.d/abstractions/apache2-common
@@ -2,7 +2,7 @@
# This file contains basic permissions for Apache and every vHost
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <abstractions/nameservice>
diff --git a/profiles/apparmor.d/abstractions/apparmor_api/change_profile b/profiles/apparmor.d/abstractions/apparmor_api/change_profile
index c2dfcba5d2b49bfe5527b6f77bcc6de0bb8f7689..13df61aa3295cb167fa21024fb3ea0c20177f0fd 100644
--- a/profiles/apparmor.d/abstractions/apparmor_api/change_profile
+++ b/profiles/apparmor.d/abstractions/apparmor_api/change_profile
@@ -6,7 +6,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <abstractions/apparmor_api/introspect>
diff --git a/profiles/apparmor.d/abstractions/apparmor_api/examine b/profiles/apparmor.d/abstractions/apparmor_api/examine
index 655708bfaa0996e167023413dc362bbd5f6cfa7e..f90a364f05fd8d6052c4bc67c8e7751205c5011a 100644
--- a/profiles/apparmor.d/abstractions/apparmor_api/examine
+++ b/profiles/apparmor.d/abstractions/apparmor_api/examine
@@ -9,6 +9,6 @@
# Make sure to include at least tunables/proc and tunables/kernelvars
# when using this abstraction, if not tunables/global.
-abi <abi/3.0>,
+abi <abi/4.0>,
@{PROC}/@{pids}/attr/{apparmor/,}{current,prev,exec} r,
diff --git a/profiles/apparmor.d/abstractions/apparmor_api/find_mountpoint b/profiles/apparmor.d/abstractions/apparmor_api/find_mountpoint
index d75970e5595818a73fd1c224b8e6d567cd246785..dae90c9cee20c824d04754749eb856922c92014e 100644
--- a/profiles/apparmor.d/abstractions/apparmor_api/find_mountpoint
+++ b/profiles/apparmor.d/abstractions/apparmor_api/find_mountpoint
@@ -6,7 +6,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
#permissions needed for aa_find_mountpoint
diff --git a/profiles/apparmor.d/abstractions/apparmor_api/introspect b/profiles/apparmor.d/abstractions/apparmor_api/introspect
index b88da0a4762f13321b4955d54e5e15a7a0b1b53c..00934fb6d031f4118652c37ad0246d3512dd484e 100644
--- a/profiles/apparmor.d/abstractions/apparmor_api/introspect
+++ b/profiles/apparmor.d/abstractions/apparmor_api/introspect
@@ -6,7 +6,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
# Make sure to include at least tunables/proc and tunables/kernelvars
# when using this abstraction, if not tunables/global.
diff --git a/profiles/apparmor.d/abstractions/apparmor_api/is_enabled b/profiles/apparmor.d/abstractions/apparmor_api/is_enabled
index b91e3fa9f25bfec5a892439c89642a249b7d0462..a47b3d4f80652c55aef8644da5cb5ba308aff0ec 100644
--- a/profiles/apparmor.d/abstractions/apparmor_api/is_enabled
+++ b/profiles/apparmor.d/abstractions/apparmor_api/is_enabled
@@ -6,7 +6,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
# permissions needed for aa_is_enabled
diff --git a/profiles/apparmor.d/abstractions/aspell b/profiles/apparmor.d/abstractions/aspell
index eff252bd35601acf7e2db71b1f8b9808fc20f359..f6989d722d5a1e19a55e9738cc5db8b6f9eef74c 100644
--- a/profiles/apparmor.d/abstractions/aspell
+++ b/profiles/apparmor.d/abstractions/aspell
@@ -1,7 +1,7 @@
# vim:syntax=apparmor
# aspell permissions
- abi <abi/3.0>,
+ abi <abi/4.0>,
# per-user settings and dictionaries
owner @{HOME}/.aspell.*.{pws,prepl} rwk,
diff --git a/profiles/apparmor.d/abstractions/audio b/profiles/apparmor.d/abstractions/audio
index 89d3965c691339e72260bc163cce18c9c0175973..59655596589fec817ae9005a34f33a6c19e220ae 100644
--- a/profiles/apparmor.d/abstractions/audio
+++ b/profiles/apparmor.d/abstractions/audio
@@ -10,7 +10,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
/dev/admmidi* rw,
@@ -39,6 +39,7 @@ abi <abi/3.0>,
@{PROC}/asound/** rw,
/usr/share/alsa/** r,
+/usr/share/sounds/ r,
/usr/share/sounds/** r,
owner @{HOME}/.esd_auth r,
diff --git a/profiles/apparmor.d/abstractions/authentication b/profiles/apparmor.d/abstractions/authentication
index 65cd0d72f09b57325635ba2a79f046fd37e79b01..094f235868fec0545206e5768af34ece3d71eed2 100644
--- a/profiles/apparmor.d/abstractions/authentication
+++ b/profiles/apparmor.d/abstractions/authentication
@@ -10,7 +10,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# Some services need to perform authentication of users
@@ -31,6 +31,17 @@
/{usr/,}lib/@{multiarch}/security/pam_*.so mr,
/{usr/,}lib/@{multiarch}/security/ r,
+ # pam_unix
+ owner /proc/@{pid}/loginuid r,
+ /{,usr/}{,s}bin/unix_chkpwd Px,
+
+ # pam_env
+ @{etc_ro}/environment r,
+
+ # pam_limit
+ @{etc_ro}/security/limits.d/ r,
+ @{etc_ro}/security/limits.d/*.conf r,
+
# gssapi
@{etc_ro}/gss/mech r,
@{etc_ro}/gss/mech.d/ r,
diff --git a/profiles/apparmor.d/abstractions/base b/profiles/apparmor.d/abstractions/base
index 0bd7fda301d7b128de98d01b2702f5f967f386de..bf3f3184e7fa57e1bbcdbea04efb0da648347324 100644
--- a/profiles/apparmor.d/abstractions/base
+++ b/profiles/apparmor.d/abstractions/base
@@ -10,7 +10,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <abstractions/crypto>
@@ -32,8 +32,10 @@
@{etc_ro}/locale/** r,
@{etc_ro}/locale.alias r,
@{etc_ro}/localtime r,
+ @{etc_rw}/localtime r,
/usr/share/locale-bundle/** r,
/usr/share/locale-langpack/** r,
+ /usr/share/locale/ r,
/usr/share/locale/** r,
/usr/share/**/locale/** r,
/usr/share/zoneinfo{,-icu}/ r,
@@ -96,6 +98,9 @@
# best place -- but many profiles require it, and it is quite harmless.
@{PROC}/sys/kernel/ngroups_max r,
+ # Used to determine if Linux is running in FIPS mode
+ @{PROC}/sys/crypto/fips_enabled r,
+
# glibc's sysconf(3) routine to determine free memory, etc
@{PROC}/meminfo r,
@{PROC}/stat r,
diff --git a/profiles/apparmor.d/abstractions/bash b/profiles/apparmor.d/abstractions/bash
index 89c1cf1e4d257d55f7a6af5445d92382e64e9c29..ba2c4e3bcd2fa79850d1d015ff1a2ffa120ebc9e 100644
--- a/profiles/apparmor.d/abstractions/bash
+++ b/profiles/apparmor.d/abstractions/bash
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# user-specific bash files
@{HOMEDIRS} r,
diff --git a/profiles/apparmor.d/abstractions/consoles b/profiles/apparmor.d/abstractions/consoles
index aabf3dd51e0f16b427aea3eb83043009c2b6a449..267cb037afaddb09e003f4b2d796988cfba948fb 100644
--- a/profiles/apparmor.d/abstractions/consoles
+++ b/profiles/apparmor.d/abstractions/consoles
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# there are three common ways to refer to consoles
diff --git a/profiles/apparmor.d/abstractions/crypto b/profiles/apparmor.d/abstractions/crypto
index 50852e8af1688c8e5f1cb4d5c24e5305e2b3c370..9d466089191f053f9fdca928482e8572d4ffa1f2 100644
--- a/profiles/apparmor.d/abstractions/crypto
+++ b/profiles/apparmor.d/abstractions/crypto
@@ -11,7 +11,10 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
+
+ # Global config of openssl
+ include <abstractions/openssl>
@{etc_ro}/gcrypt/hwf.deny r,
@{etc_ro}/gcrypt/random.conf r,
@@ -24,4 +27,8 @@
/etc/crypto-policies/*/*.txt r,
/usr/share/crypto-policies/*/*.txt r,
+ # Global gnutls config
+ @{etc_ro}/gnutls/config r,
+ @{etc_ro}/gnutls/pkcs11.conf r,
+
include if exists <abstractions/crypto.d>
diff --git a/profiles/apparmor.d/abstractions/cups-client b/profiles/apparmor.d/abstractions/cups-client
index 44f36e2b60583c8bd40d19d9d3676520c04ec909..a085bd40413b4b74bb330c9b00c23fbf5b9cd0dd 100644
--- a/profiles/apparmor.d/abstractions/cups-client
+++ b/profiles/apparmor.d/abstractions/cups-client
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# discoverable system configuration for non-local cupsd
/etc/cups/client.conf r,
diff --git a/profiles/apparmor.d/abstractions/dbus b/profiles/apparmor.d/abstractions/dbus
index b96ca09ac0af158fb8b9e46edfe3e58e3f55254b..83d44e4989f582586b702e9a0157acfce798f89f 100644
--- a/profiles/apparmor.d/abstractions/dbus
+++ b/profiles/apparmor.d/abstractions/dbus
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# This abstraction grants full system bus access. Consider using the
# dbus-strict abstraction for fine-grained bus mediation.
diff --git a/profiles/apparmor.d/abstractions/dbus-accessibility b/profiles/apparmor.d/abstractions/dbus-accessibility
index 3c49a32ff8fbe44d5cb3873a38f11fd75c1758e6..cade13ee36e6fa091333abada0c4b46bb898d105 100644
--- a/profiles/apparmor.d/abstractions/dbus-accessibility
+++ b/profiles/apparmor.d/abstractions/dbus-accessibility
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# This abstraction grants full accessibility bus access. Consider using the
# dbus-accessibility-strict abstraction for fine-grained bus mediation.
diff --git a/profiles/apparmor.d/abstractions/dbus-accessibility-strict b/profiles/apparmor.d/abstractions/dbus-accessibility-strict
index 8fe06ea63f7be8ccdeb3a857978f7602b83dc02d..1a0a2937cd571c7e1855677d1bdbb8706a2e30fd 100644
--- a/profiles/apparmor.d/abstractions/dbus-accessibility-strict
+++ b/profiles/apparmor.d/abstractions/dbus-accessibility-strict
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
dbus send
bus=accessibility
diff --git a/profiles/apparmor.d/abstractions/dbus-network-manager-strict b/profiles/apparmor.d/abstractions/dbus-network-manager-strict
index 9930c80da3d6c915694423538dbf5b3aa55e75f3..849d6ecb5a2f98aee441560661bf76802185141f 100644
--- a/profiles/apparmor.d/abstractions/dbus-network-manager-strict
+++ b/profiles/apparmor.d/abstractions/dbus-network-manager-strict
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
dbus send
bus=system
diff --git a/profiles/apparmor.d/abstractions/dbus-session b/profiles/apparmor.d/abstractions/dbus-session
index 9b8b979e7909d84e6a5d56b5fe38ee8a84c0bc00..99104c279ef68068381161cf5647dc7a71efb8de 100644
--- a/profiles/apparmor.d/abstractions/dbus-session
+++ b/profiles/apparmor.d/abstractions/dbus-session
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# This abstraction grants full session bus access. Consider using the
# dbus-session-strict abstraction for fine-grained bus mediation.
diff --git a/profiles/apparmor.d/abstractions/dbus-session-strict b/profiles/apparmor.d/abstractions/dbus-session-strict
index a301d45f6c3888d72bee3fdbde13095c9d4cf5e7..1796a5583aa81e2718dc59b962fb01b62ffad068 100644
--- a/profiles/apparmor.d/abstractions/dbus-session-strict
+++ b/profiles/apparmor.d/abstractions/dbus-session-strict
@@ -9,15 +9,16 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# unique per-machine identifier
/etc/machine-id r,
/var/lib/dbus/machine-id r,
- unix (connect, receive, send)
- type=stream
- peer=(addr="@/tmp/dbus-*"),
+ unix (connect, receive, send, accept) type=stream peer=(addr="@/tmp/dbus-*"),
+
+ unix (connect, send, receive, accept) type=stream addr="@/tmp/dbus-*",
+ unix (bind, listen) type=stream addr="@/tmp/dbus-*",
# dbus with systemd and --enable-user-session
owner @{run}/user/[0-9]*/bus rw,
@@ -29,5 +30,10 @@
member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
peer=(name=org.freedesktop.DBus),
+ owner @{run}/user/@{uid}/at-spi/ rw,
+ owner @{run}/user/@{uid}/at-spi/bus{,_[0-9]*} rw,
+
+ owner /tmp/dbus-[0-9a-zA-Z]* rw,
+
# Include additions to the abstraction
include if exists <abstractions/dbus-session-strict.d>
diff --git a/profiles/apparmor.d/abstractions/dbus-strict b/profiles/apparmor.d/abstractions/dbus-strict
index 915195d2840385770132f8ad99a78ce5f9987d8e..60b5d19ad562ea24689acd5997f2ae2be6d23a44 100644
--- a/profiles/apparmor.d/abstractions/dbus-strict
+++ b/profiles/apparmor.d/abstractions/dbus-strict
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
@{run}/dbus/system_bus_socket rw,
diff --git a/profiles/apparmor.d/abstractions/dconf b/profiles/apparmor.d/abstractions/dconf
index fc3b3dbd44c2ff39428f2930096910cfd6628336..959cfd48b7d5537ec84494bb9859e9d06c8a8f16 100644
--- a/profiles/apparmor.d/abstractions/dconf
+++ b/profiles/apparmor.d/abstractions/dconf
@@ -1,12 +1,13 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# permissions for querying dconf settings; granting write access should
# be specified in a specific application's profile.
- /etc/dconf/** r,
- owner @{run}/user/*/dconf/user r,
+ @{etc_ro}/dconf/** r,
+ # TODO: make w conditional when an override is available, so it can be moved to a portal.
+ owner @{run}/user/*/dconf/user rw,
owner @{HOME}/.config/dconf/user r,
# Include additions to the abstraction
diff --git a/profiles/apparmor.d/abstractions/devices-usb b/profiles/apparmor.d/abstractions/devices-usb
new file mode 100644
index 0000000000000000000000000000000000000000..9c3d5bbb6d02919c36d05421f67ad9403eb970b1
--- /dev/null
+++ b/profiles/apparmor.d/abstractions/devices-usb
@@ -0,0 +1,22 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2021 Mikhail Morfikov
+# Copyright (C) 2021-2025 Alexandre Pujol <alexandre@pujol.io>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ abi <abi/4.0>,
+
+ include <abstractions/devices-usb-read>
+
+ /dev/bus/usb/@{int}/@{int} wk,
+
+ @{sys}/devices/**/usb@{int}/{,**} w,
+
+ include if exists <abstractions/devices-usb.d>
+
+# vim:syntax=apparmor
diff --git a/profiles/apparmor.d/abstractions/devices-usb-read b/profiles/apparmor.d/abstractions/devices-usb-read
new file mode 100644
index 0000000000000000000000000000000000000000..3fdb7090ae833c5e5a0dd04c7676ef6bcea7fdcd
--- /dev/null
+++ b/profiles/apparmor.d/abstractions/devices-usb-read
@@ -0,0 +1,35 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2021 Mikhail Morfikov
+# Copyright (C) 2021-2025 Alexandre Pujol <alexandre@pujol.io>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ abi <abi/4.0>,
+
+ /dev/ r,
+ /dev/bus/usb/ r,
+ /dev/bus/usb/@{int}/ r,
+ /dev/bus/usb/@{int}/@{int} r,
+
+ @{sys}/class/ r,
+ @{sys}/class/usbmisc/ r,
+
+ @{sys}/bus/ r,
+ @{sys}/bus/usb/ r,
+ @{sys}/bus/usb/devices/{,**} r,
+
+ @{sys}/devices/**/usb@{int}/{,**} r,
+
+ # Udev data about usb devices (~equal to content of lsusb -v)
+ @{run}/udev/data/+usb:* r,
+ @{run}/udev/data/c16[6,7]:@{int} r, # USB modems
+ @{run}/udev/data/c18[0,8,9]:@{int} r, # USB devices & USB serial converters
+
+ include if exists <abstractions/devices-usb-read.d>
+
+# vim:syntax=apparmor
diff --git a/profiles/apparmor.d/abstractions/dovecot-common b/profiles/apparmor.d/abstractions/dovecot-common
index 35d3cb11acc4143f120eb2b6eb8618db72c5d1e7..d0722eb145d387cabd581f1a01848ed9ca6858d1 100644
--- a/profiles/apparmor.d/abstractions/dovecot-common
+++ b/profiles/apparmor.d/abstractions/dovecot-common
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# used with dovecot/*
- abi <abi/3.0>,
+ abi <abi/4.0>,
capability setgid,
diff --git a/profiles/apparmor.d/abstractions/dri-common b/profiles/apparmor.d/abstractions/dri-common
index cd9542b0b411288d8a48a447595e3a8f5abcd624..fb82b8d36eaa9d8522393aa2dbece13157232aaa 100644
--- a/profiles/apparmor.d/abstractions/dri-common
+++ b/profiles/apparmor.d/abstractions/dri-common
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# This file contains common DRI-specific rules useful for GUI applications
# (needed by libdrm and similar).
diff --git a/profiles/apparmor.d/abstractions/dri-enumerate b/profiles/apparmor.d/abstractions/dri-enumerate
index b5717cd2120de37ac69d87ac0c3bdfe2e20956e7..4774cee1e9333d2a4e1e1164624520d8bf04c03f 100644
--- a/profiles/apparmor.d/abstractions/dri-enumerate
+++ b/profiles/apparmor.d/abstractions/dri-enumerate
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# This file contains common DRI-specific rules useful for GUI applications that
# needs to enumerate graphic devices (as with drmParsePciDeviceInfo() from
diff --git a/profiles/apparmor.d/abstractions/enchant b/profiles/apparmor.d/abstractions/enchant
index e80373b2c5885f247f6d62a4bbe65675f0761f01..ecfbe0e339f128531d831c0d0c1d15c03e0c08df 100644
--- a/profiles/apparmor.d/abstractions/enchant
+++ b/profiles/apparmor.d/abstractions/enchant
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# abstraction for Enchant spellchecking frontend
diff --git a/profiles/apparmor.d/abstractions/exo-open b/profiles/apparmor.d/abstractions/exo-open
index 0927f2d5f3ab58d5239442d1c4c51b6cbb6b7ded..a6b50c4371e8882534064f31abb4f725e2e4ff3a 100644
--- a/profiles/apparmor.d/abstractions/exo-open
+++ b/profiles/apparmor.d/abstractions/exo-open
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# This abstraction is designed to be used in a child profile to limit what
# confined application can invoke via exo-open helper.
diff --git a/profiles/apparmor.d/abstractions/fcitx b/profiles/apparmor.d/abstractions/fcitx
index 9321bfcd2aa28d7ed9d3a964b230f4a04b2e9257..63173a05c47eee9404fa3f3c348bc887e9d24e14 100644
--- a/profiles/apparmor.d/abstractions/fcitx
+++ b/profiles/apparmor.d/abstractions/fcitx
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <abstractions/fcitx-strict>
dbus bus=fcitx,
diff --git a/profiles/apparmor.d/abstractions/fcitx-strict b/profiles/apparmor.d/abstractions/fcitx-strict
index 19d2191df2d6dd3c49d0e2819834451a97bd7c0c..c4e7301b2f0f36fb6d51b3c0d224252452987406 100644
--- a/profiles/apparmor.d/abstractions/fcitx-strict
+++ b/profiles/apparmor.d/abstractions/fcitx-strict
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <abstractions/dbus-session-strict>
@@ -22,5 +22,18 @@
owner @{HOME}/.config/fcitx/dbus/* r,
+ # Allow access to the Fcitx portal, supported by fcitx/fcitx5
+ dbus (send)
+ bus=session
+ path=/{,org/freedesktop/portal/}inputmethod
+ interface=org.fcitx.Fcitx.InputMethod1
+ member={CreateInputContext,Version}
+ peer=(name=org.freedesktop.portal.Fcitx),
+
+ dbus (send, receive)
+ bus=session
+ path=/{,org/freedesktop/portal/}inputcontext/**
+ interface=org.fcitx.Fcitx.InputContext1,
+
# Include additions to the abstraction
include if exists <abstractions/fcitx-strict.d>
diff --git a/profiles/apparmor.d/abstractions/fonts b/profiles/apparmor.d/abstractions/fonts
index 7070a2b864108cc011e2d190ab98f0f58147b4ae..d86d2308942506cfb5c62813b5c730473b2171f4 100644
--- a/profiles/apparmor.d/abstractions/fonts
+++ b/profiles/apparmor.d/abstractions/fonts
@@ -10,7 +10,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
/usr/share/AbiSuite/fonts/** r,
diff --git a/profiles/apparmor.d/abstractions/freedesktop.org b/profiles/apparmor.d/abstractions/freedesktop.org
index a8580fde177a66e3dfcf0fb87278d9b0e1fd5847..cb5e1ecfb8c5cc1471ba525f93298feeb27f3973 100644
--- a/profiles/apparmor.d/abstractions/freedesktop.org
+++ b/profiles/apparmor.d/abstractions/freedesktop.org
@@ -9,16 +9,24 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# system configuration
@{system_share_dirs}/applications/{**,} r,
+ @{system_share_dirs}/*ubuntu/applications/{**,} r,
+ @{system_share_dirs}/gnome/applications/{**,} r,
+ @{system_share_dirs}/xfce4/applications/{**,} r,
@{system_share_dirs}/icons/{**,} r,
@{system_share_dirs}/pixmaps/{**,} r,
# this should probably go elsewhere
@{system_share_dirs}/mime/** r,
+ @{system_share_dirs}/glib-2.0/schemas/gschemas.compiled r,
+
+ /etc/gnome/defaults.list r,
+ /etc/xfce4/defaults.list r,
+
# per-user configurations
owner @{HOME}/.icons/{,**} r,
owner @{HOME}/.recently-used.xbel* rw,
diff --git a/profiles/apparmor.d/abstractions/gio-open b/profiles/apparmor.d/abstractions/gio-open
index fda1fb9e3de044d591c0f761de6cd93b29502d60..f21171732f9914e821c8f4990e438a6178c9bacd 100644
--- a/profiles/apparmor.d/abstractions/gio-open
+++ b/profiles/apparmor.d/abstractions/gio-open
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# This abstraction is designed to be used in a child profile to limit what
# confined application can invoke via gio helper.
diff --git a/profiles/apparmor.d/abstractions/gnome b/profiles/apparmor.d/abstractions/gnome
index 94f3da63054861b3fbd9247fdb5cc1ba0bb31092..ca2eb394f45f658673ac4aee30addb0f08cf0a25 100644
--- a/profiles/apparmor.d/abstractions/gnome
+++ b/profiles/apparmor.d/abstractions/gnome
@@ -10,7 +10,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <abstractions/base>
include <abstractions/fonts>
diff --git a/profiles/apparmor.d/abstractions/gnupg b/profiles/apparmor.d/abstractions/gnupg
index 050f043542947cbcaba57cc7f70bee00cb9b5e3d..e94f3bc5183b876d0479b361f0bad8bf5b40f0b9 100644
--- a/profiles/apparmor.d/abstractions/gnupg
+++ b/profiles/apparmor.d/abstractions/gnupg
@@ -1,7 +1,7 @@
# vim:syntax=apparmor
# gnupg sub-process running permissions
- abi <abi/3.0>,
+ abi <abi/4.0>,
# user configurations
owner @{HOME}/.gnupg/options r,
diff --git a/profiles/apparmor.d/abstractions/gtk b/profiles/apparmor.d/abstractions/gtk
index 26c388bcf69463689b18a317af3cb23479d9039a..99f46edb9b0997efa3ef8853094c7ffdc72ae420 100644
--- a/profiles/apparmor.d/abstractions/gtk
+++ b/profiles/apparmor.d/abstractions/gtk
@@ -7,7 +7,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
/usr/share/themes/{,**} r,
@@ -24,6 +24,7 @@
/etc/gtk-{3,4}.0/ r,
/etc/gtk-{3,4}.0/*.conf r,
+ /etc/gtk-{3,4}.0/settings.ini r,
/etc/gtk/gtkrc r,
@@ -40,6 +41,8 @@
owner @{HOME}/.config/gtk-{3,4}.0/settings.ini r,
owner @{HOME}/.config/gtk-{3,4}.0/bookmarks r,
owner @{HOME}/.config/gtk-{3,4}.0/gtk.css r,
+ owner @{HOME}/.config/gtk-{3,4}.0/colors.css r,
+ owner @{HOME}/.config/gtk-{3,4}.0/servers r,
# for gtk file dialog
owner @{HOME}/.config/gtk-2.0/ rw,
diff --git a/profiles/apparmor.d/abstractions/gvfs-open b/profiles/apparmor.d/abstractions/gvfs-open
index 32653148a12c1156d6acae8abf4c0b8b119e7848..06b35850d06dbe6aa92d506b32f67766da9cb847 100644
--- a/profiles/apparmor.d/abstractions/gvfs-open
+++ b/profiles/apparmor.d/abstractions/gvfs-open
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# This abstraction is designed to be used in a child profile to limit what
# confined application can invoke via gvfs-open helper.
diff --git a/profiles/apparmor.d/abstractions/hosts_access b/profiles/apparmor.d/abstractions/hosts_access
index e5ea88c11eaca650f4c2f43a3e83323ca198d6bc..bc498140192f861d1f8bb4795197dcd2c931019d 100644
--- a/profiles/apparmor.d/abstractions/hosts_access
+++ b/profiles/apparmor.d/abstractions/hosts_access
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
/etc/hosts.deny r,
/etc/hosts.allow r,
diff --git a/profiles/apparmor.d/abstractions/ibus b/profiles/apparmor.d/abstractions/ibus
index a8b2bf182fda06b605d1b7993e2d02be3a375f7b..9de24de50e66bd31da380052d3c94b8d60a583db 100644
--- a/profiles/apparmor.d/abstractions/ibus
+++ b/profiles/apparmor.d/abstractions/ibus
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# abstraction for ibus input methods
owner @{HOME}/.config/ibus/ r,
diff --git a/profiles/apparmor.d/abstractions/kde b/profiles/apparmor.d/abstractions/kde
index f8cb314018b2b1642f57bce2c396d8fa2f5a9914..9ba93ce56a7033b565d6361c862d89c823e7c7f9 100644
--- a/profiles/apparmor.d/abstractions/kde
+++ b/profiles/apparmor.d/abstractions/kde
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <abstractions/base>
include <abstractions/fonts>
diff --git a/profiles/apparmor.d/abstractions/kde-globals-write b/profiles/apparmor.d/abstractions/kde-globals-write
index 5db20a35894a0f65938f502871340bf5fb9a58ca..b3142d87866809c677066587bebfc41abbdd8749 100644
--- a/profiles/apparmor.d/abstractions/kde-globals-write
+++ b/profiles/apparmor.d/abstractions/kde-globals-write
@@ -1,7 +1,7 @@
# vim:syntax=apparmor
# Rules for changing KDE settings (for KFileDialog and other).
- abi <abi/3.0>,
+ abi <abi/4.0>,
# User files
diff --git a/profiles/apparmor.d/abstractions/kde-icon-cache-write b/profiles/apparmor.d/abstractions/kde-icon-cache-write
index df3793e1a968a88b0da497d120f63c52a65f740f..9f01985a9a9a559dbca8008e1162c0f2ec91d3d8 100644
--- a/profiles/apparmor.d/abstractions/kde-icon-cache-write
+++ b/profiles/apparmor.d/abstractions/kde-icon-cache-write
@@ -1,7 +1,7 @@
# vim:syntax=apparmor
# Rules for writing KDE icon cache
- abi <abi/3.0>,
+ abi <abi/4.0>,
# User files
diff --git a/profiles/apparmor.d/abstractions/kde-language-write b/profiles/apparmor.d/abstractions/kde-language-write
index 1314d21c6afd281b7a1221fc7564f7053e2d4666..ad124b775fd605925ffa14c3e188f96a4514a49e 100644
--- a/profiles/apparmor.d/abstractions/kde-language-write
+++ b/profiles/apparmor.d/abstractions/kde-language-write
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# Rules for changing per-application language settings on KDE. Some KDE
# applications have "Help -> Switch Application Language..." option, that needs
diff --git a/profiles/apparmor.d/abstractions/kde-open5 b/profiles/apparmor.d/abstractions/kde-open5
index d3adae2982362eb25bd4409f16cb2b9eacdb5aa2..546a8f2d01f7213fabb4319265e143e7b56dfffc 100644
--- a/profiles/apparmor.d/abstractions/kde-open5
+++ b/profiles/apparmor.d/abstractions/kde-open5
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# This abstraction is designed to be used in a child profile to limit what
# confined application can invoke via kde-open5 helper.
@@ -50,7 +50,6 @@
include <abstractions/kde-icon-cache-write>
include <abstractions/kde>
include <abstractions/nameservice> # for IceProcessMessages () from libICE.so (called by libQtCore.so)
- include <abstractions/openssl>
include <abstractions/qt5>
include <abstractions/recent-documents-write>
include <abstractions/X>
diff --git a/profiles/apparmor.d/abstractions/kerberosclient b/profiles/apparmor.d/abstractions/kerberosclient
index a4452c21e6810a7d067cbc03300f951ec3cb45c4..e5f3a934f4c526891d50a8888d822a19f81ff3e0 100644
--- a/profiles/apparmor.d/abstractions/kerberosclient
+++ b/profiles/apparmor.d/abstractions/kerberosclient
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# files required by kerberos client programs
/usr/lib{,32,64}/krb5/plugins/libkrb5/ r,
diff --git a/profiles/apparmor.d/abstractions/ldapclient b/profiles/apparmor.d/abstractions/ldapclient
index 550963c43561b03a770055c67b9e437f63172202..ecc403f6d1212862d6b7a7b5a97e95fa95bf7619 100644
--- a/profiles/apparmor.d/abstractions/ldapclient
+++ b/profiles/apparmor.d/abstractions/ldapclient
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# files required by LDAP clients (e.g. nss_ldap/pam_ldap)
/etc/ldap.conf r,
diff --git a/profiles/apparmor.d/abstractions/libpam-systemd b/profiles/apparmor.d/abstractions/libpam-systemd
index b99765f98d201a00117e6c8fc3109a349ba2cf2a..5d69abe21cb022108518cbfeb8371cf20310fd56 100644
--- a/profiles/apparmor.d/abstractions/libpam-systemd
+++ b/profiles/apparmor.d/abstractions/libpam-systemd
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <abstractions/dbus-strict>
diff --git a/profiles/apparmor.d/abstractions/likewise b/profiles/apparmor.d/abstractions/likewise
index 3cf9c92c6830cdb5edf54f4a6dc2895fc309e7d7..1985f368cdc40dcd1f63b2cfd7a3b020c875bcac 100644
--- a/profiles/apparmor.d/abstractions/likewise
+++ b/profiles/apparmor.d/abstractions/likewise
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
/tmp/.lwidentity/pipe rw,
/var/lib/likewise-open/lwidentity_privileged/pipe rw,
diff --git a/profiles/apparmor.d/abstractions/mdns b/profiles/apparmor.d/abstractions/mdns
index 0e4a5dc010212c625aba1c7ff8f0062a097f497a..5024b7a52381a199becd7b82c620ac6ea39f91f6 100644
--- a/profiles/apparmor.d/abstractions/mdns
+++ b/profiles/apparmor.d/abstractions/mdns
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# mdnsd
/etc/mdns.allow r,
diff --git a/profiles/apparmor.d/abstractions/mesa b/profiles/apparmor.d/abstractions/mesa
index 381c12f6057e34e5e6fcc22a5210c9ffb5428a4b..c401a8eee37770b6714234e40937af99f69a5746 100644
--- a/profiles/apparmor.d/abstractions/mesa
+++ b/profiles/apparmor.d/abstractions/mesa
@@ -1,7 +1,7 @@
# vim:syntax=apparmor
# Rules for Mesa implementation of the OpenGL API
- abi <abi/3.0>,
+ abi <abi/4.0>,
# System files
/dev/dri/ r, # libGLX_mesa.so calls drmGetDevice2()
@@ -20,6 +20,12 @@
owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]* rw,
owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]*.tmp rwk,
+ owner @{HOME}/.cache/mesa_shader_cache_db/ rw,
+ owner @{HOME}/.cache/mesa_shader_cache_db/index rwk,
+ owner @{HOME}/.cache/mesa_shader_cache_db/part*/ rw,
+ owner @{HOME}/.cache/mesa_shader_cache_db/part*/mesa_cache.db rwk,
+ owner @{HOME}/.cache/mesa_shader_cache_db/part*/mesa_cache.idx rwk,
+
# Fallback location when @{HOME}/.cache is not available
owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/ rw,
owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/index rw,
diff --git a/profiles/apparmor.d/abstractions/mir b/profiles/apparmor.d/abstractions/mir
index 4ccc22ee97dfb2d6ca62998965a9beaeb8d2e653..85ebde716fb1c319026352c349da1aadb2690ed0 100644
--- a/profiles/apparmor.d/abstractions/mir
+++ b/profiles/apparmor.d/abstractions/mir
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# mir libraries sometimes do not have a lib prefix
# see LP: #1422521
diff --git a/profiles/apparmor.d/abstractions/mozc b/profiles/apparmor.d/abstractions/mozc
index e7480c2e615937705a632a74b43f930cdddd2859..6ca1a84d95aec272bb06e67695e51e3e8539647b 100644
--- a/profiles/apparmor.d/abstractions/mozc
+++ b/profiles/apparmor.d/abstractions/mozc
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
unix (connect, receive, send) type=stream peer=(addr="@tmp/.mozc.*"),
diff --git a/profiles/apparmor.d/abstractions/mysql b/profiles/apparmor.d/abstractions/mysql
index 4feccb44bd78218e4a8d3ccffba1b68a96a70a39..5643953e79cc560e7a98a6e18bcd78e19845bcd6 100644
--- a/profiles/apparmor.d/abstractions/mysql
+++ b/profiles/apparmor.d/abstractions/mysql
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
/var/lib/mysql{,d}/mysql{,d}.sock rw,
@{run}/mysql{,d}/mysql{,d}.sock rw,
diff --git a/profiles/apparmor.d/abstractions/nameservice b/profiles/apparmor.d/abstractions/nameservice
index 12b5602115c5c4d01199c0769a27e1e01e9faa9c..efba4acc422d013f27163f58c266aa8ad7597ec2 100644
--- a/profiles/apparmor.d/abstractions/nameservice
+++ b/profiles/apparmor.d/abstractions/nameservice
@@ -2,6 +2,7 @@
#
# Copyright (C) 2002-2009 Novell/SUSE
# Copyright (C) 2009-2011 Canonical Ltd.
+# Copyright (C) 2011-2024 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -9,31 +10,13 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
- # Many programs wish to perform nameservice-like operations, such as
- # looking up users by name or id, groups by name or id, hosts by name
- # or IP, etc. These operations may be performed through files, dns,
- # NIS, NIS+, LDAP, hesiod, wins, etc. Allow them all here.
- @{etc_ro}/group r,
- @{etc_ro}/host.conf r,
- @{etc_ro}/hosts r,
- @{etc_ro}/nsswitch.conf r,
- @{etc_ro}/gai.conf r,
- @{etc_ro}/passwd r,
- @{etc_ro}/protocols r,
-
- # On systems with authselect installed, /etc/nsswitch.conf is a symlink to /etc/authselect/nsswitch.conf
- @{etc_ro}/authselect/nsswitch.conf r,
+ include <abstractions/nameservice-strict>
# libtirpc (used for NIS/YP login) needs this
@{etc_ro}/netconfig r,
- # When using libnss-extrausers, the passwd and group files are merged from
- # an alternate path
- /var/lib/extrausers/group r,
- /var/lib/extrausers/passwd r,
-
# When using sssd, the passwd and group files are stored in an alternate path
# and the nss plugin also needs to talk to a pipe
/var/lib/sss/mc/group r,
@@ -41,16 +24,13 @@
/var/lib/sss/mc/passwd r,
/var/lib/sss/pipes/nss rw,
- @{etc_ro}/resolv.conf r,
# On systems where /etc/resolv.conf is managed programmatically, it is
# a symlink to @{run}/(whatever program is managing it)/resolv.conf.
- @{run}/{resolvconf,NetworkManager,systemd/resolve,connman,netconfig}/resolv.conf r,
+ @{run}/{NetworkManager,connman,netconfig}/resolv.conf r,
@{etc_ro}/resolvconf/run/resolv.conf r,
- @{run}/systemd/resolve/stub-resolv.conf r,
/mnt/wsl/resolv.conf r,
@{etc_ro}/samba/lmhosts r,
- @{etc_ro}/services r,
# db backend
/var/lib/misc/*.db r,
# The Name Service Cache Daemon can cache lookups, sometimes leading
@@ -60,13 +40,19 @@
/{var/db,var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts} r,
# nscd renames and unlinks files in it's operation that clients will
# have open
- @{run}/nscd/db* rmix,
+ @{run}/nscd/db* mix,
+
+ # make libnss-libvirt name resolution work.
+ /var/lib/libvirt/dnsmasq/* r,
+
+ # make libnss-libvirt name resolution work.
+ /var/lib/libvirt/dnsmasq/ r,
+ /var/lib/libvirt/dnsmasq/*.status r,
# The nss libraries are sometimes used in addition to PAM; make sure
# they are available
/{usr/,}lib{,32,64}/libnss_*.so* mr,
/{usr/,}lib/@{multiarch}/libnss_*.so* mr,
- @{etc_ro}/default/nss r,
# avahi-daemon is used for mdns4 resolution
@{run}/avahi-daemon/socket rw,
@@ -93,9 +79,6 @@
# kerberos
include <abstractions/kerberosclient>
- #libnss-systemd
- include <abstractions/nss-systemd>
-
# Also allow lookups for systemd-exec's DynamicUsers via D-Bus
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html
dbus send
@@ -116,6 +99,7 @@
network netlink raw,
# interface details
+ @{PROC}/@{pid}/net/ipv6_route r,
@{PROC}/@{pid}/net/route r,
# Include additions to the abstraction
diff --git a/profiles/apparmor.d/abstractions/nameservice-strict b/profiles/apparmor.d/abstractions/nameservice-strict
new file mode 100644
index 0000000000000000000000000000000000000000..5f49a63d99980dad9f43864c5624a7d5d5a314f2
--- /dev/null
+++ b/profiles/apparmor.d/abstractions/nameservice-strict
@@ -0,0 +1,40 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2019-2022 Mikhail Morfikov
+# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# Many programs wish to perform nameservice-like operations, such as looking up
+# users by name or id, groups by name or id, hosts by name or IP, etc.
+
+ abi <abi/4.0>,
+
+ include <abstractions/nss-systemd>
+
+ @{etc_ro}/default/nss r,
+ @{etc_ro}/gai.conf r,
+ @{etc_ro}/group r,
+ @{etc_ro}/host.conf r,
+ @{etc_ro}/hosts r,
+ @{etc_ro}/nsswitch.conf r,
+ @{etc_ro}/passwd r,
+ @{etc_ro}/protocols r,
+ @{etc_ro}/resolv.conf r,
+ @{etc_ro}/services r,
+
+ # On systems with authselect installed, /etc/nsswitch.conf is a symlink to /etc/authselect/nsswitch.conf
+ @{etc_ro}/authselect/nsswitch.conf r,
+
+ # Alternative location for group & passwd files
+ /var/lib/extrausers/group r,
+ /var/lib/extrausers/passwd r,
+ /var/lib/nscd/group r,
+ /var/lib/nscd/passwd r,
+
+ @{run}/nscd/db* r,
+ @{run}/resolvconf/resolv.conf r,
+ @{run}/systemd/resolve/resolv.conf r,
+ @{run}/systemd/resolve/stub-resolv.conf r,
+
+ include if exists <abstractions/nameservice-strict.d>
+
+# vim:syntax=apparmor
diff --git a/profiles/apparmor.d/abstractions/nis b/profiles/apparmor.d/abstractions/nis
index 1aea3f14d7278730b6585deaab10697a2becc2c6..70c426b30e730c136fde7877f80674cf7b1e1e4a 100644
--- a/profiles/apparmor.d/abstractions/nis
+++ b/profiles/apparmor.d/abstractions/nis
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# NIS rules
/var/yp/binding/* r,
diff --git a/profiles/apparmor.d/abstractions/nss-systemd b/profiles/apparmor.d/abstractions/nss-systemd
index 7116fdf1e0298c0779f05133d68abf497ae6ee1c..0d2683c88cbebde928dcbb91ee214489ab4a9585 100644
--- a/profiles/apparmor.d/abstractions/nss-systemd
+++ b/profiles/apparmor.d/abstractions/nss-systemd
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# libnss-systemd
#
diff --git a/profiles/apparmor.d/abstractions/nvidia b/profiles/apparmor.d/abstractions/nvidia
index 13d56d3d23d1e9d9b0b36f410cdf5a702533867c..fb1ffafd2660c97a5a48cfe768eac9722cde25f3 100644
--- a/profiles/apparmor.d/abstractions/nvidia
+++ b/profiles/apparmor.d/abstractions/nvidia
@@ -1,11 +1,12 @@
# vim:syntax=apparmor
# nvidia access requirements
- abi <abi/3.0>,
+ abi <abi/4.0>,
# configuration queries
capability ipc_lock,
+ /etc/nvidia/nvidia-application-profiles* r,
/usr/share/nvidia/nvidia-application-profiles* r,
# libvdpau config file for nvidia workarounds
@@ -29,9 +30,11 @@
owner @{HOME}/.nv/ w,
owner @{HOME}/.nv/GLCache/ rw,
owner @{HOME}/.nv/GLCache/** rwk,
+ owner @{HOME}/.nv/nvidia-application-profiles* r,
owner @{PROC}/@{pid}/comm r, # somehwere in libnvidia-glcore.so
unix (send, receive) type=dgram peer=(addr="@nvidia[0-9a-f]*"),
+ unix (send, receive) type=dgram peer=(addr="@var/run/nvidia-xdriver-*"),
# Include additions to the abstraction
include if exists <abstractions/nvidia.d>
diff --git a/profiles/apparmor.d/abstractions/opencl b/profiles/apparmor.d/abstractions/opencl
index 58b353238a8c36fb75fd14b045c3114c31b88594..6dc3c5a09e02e257a330b36263841f95d67f2890 100644
--- a/profiles/apparmor.d/abstractions/opencl
+++ b/profiles/apparmor.d/abstractions/opencl
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# OpenCL access requirements
diff --git a/profiles/apparmor.d/abstractions/opencl-common b/profiles/apparmor.d/abstractions/opencl-common
index a80b4ba2c612221f212740685c7bc844c65892e6..52b40d358777adcbd0e0a5ece7b08f00dae07644 100644
--- a/profiles/apparmor.d/abstractions/opencl-common
+++ b/profiles/apparmor.d/abstractions/opencl-common
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# implementation-independent OpenCL access requirements
diff --git a/profiles/apparmor.d/abstractions/opencl-intel b/profiles/apparmor.d/abstractions/opencl-intel
index 4d04723306335a650c6894770247fa47f10e1ddd..b584af27c5a8050f9b50bb247baac9df68bd5042 100644
--- a/profiles/apparmor.d/abstractions/opencl-intel
+++ b/profiles/apparmor.d/abstractions/opencl-intel
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# OpenCL access requirements for Intel implementation
diff --git a/profiles/apparmor.d/abstractions/opencl-mesa b/profiles/apparmor.d/abstractions/opencl-mesa
index a5cada61436dbf6549f39486afd564a85ca9d0b6..35792770a52ec38b8e70c0f6d535e275098940a8 100644
--- a/profiles/apparmor.d/abstractions/opencl-mesa
+++ b/profiles/apparmor.d/abstractions/opencl-mesa
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# OpenCL access requirements for Mesa implementation
diff --git a/profiles/apparmor.d/abstractions/opencl-nvidia b/profiles/apparmor.d/abstractions/opencl-nvidia
index bbd432b1448f6c7d797d9d07be1d583212bc5ba1..5ad69b3ff80e7d2797af9b5369ff66694abb63a7 100644
--- a/profiles/apparmor.d/abstractions/opencl-nvidia
+++ b/profiles/apparmor.d/abstractions/opencl-nvidia
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# OpenCL access requirements for NVIDIA implementation
diff --git a/profiles/apparmor.d/abstractions/opencl-pocl b/profiles/apparmor.d/abstractions/opencl-pocl
index 8b93b0dc300ec2092f283d8ed28764bbe3c55f09..c69e7e6e107d58028dc780fb1cd8928b0fa075ec 100644
--- a/profiles/apparmor.d/abstractions/opencl-pocl
+++ b/profiles/apparmor.d/abstractions/opencl-pocl
@@ -1,7 +1,7 @@
# vim:syntax=apparmor
# OpenCL access requirements for POCL implementation
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <abstractions/opencl-common>
diff --git a/profiles/apparmor.d/abstractions/openssl b/profiles/apparmor.d/abstractions/openssl
index 65939ae44d7790af6429f8b25787abd3a02610fd..b4483b006a5f9044b4b8d493024346897d7666c8 100644
--- a/profiles/apparmor.d/abstractions/openssl
+++ b/profiles/apparmor.d/abstractions/openssl
@@ -8,12 +8,12 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
/etc/ssl/openssl.cnf r,
/etc/ssl/openssl-*.cnf r,
- /etc/ssl/{engdef,engines}.d/ r,
- /etc/ssl/{engdef,engines}.d/*.cnf r,
+ /etc/ssl/{engdef*,engines*}.d/ r,
+ /etc/ssl/{engdef*,engines*}.d/*.cnf r,
/usr/share/ssl/openssl.cnf r,
# Include additions to the abstraction
diff --git a/profiles/apparmor.d/abstractions/orbit2 b/profiles/apparmor.d/abstractions/orbit2
index 6e27461f5e713b171c40fc4667bef5f2729d8214..20e6b6f42d3e37585018fc3bb528a4627d7b9011 100644
--- a/profiles/apparmor.d/abstractions/orbit2
+++ b/profiles/apparmor.d/abstractions/orbit2
@@ -1,7 +1,7 @@
# vim:syntax=apparmor
# orbit2 permissions
- abi <abi/3.0>,
+ abi <abi/4.0>,
# system library
/usr/lib/orbit-2.0/*.so mr,
diff --git a/profiles/apparmor.d/abstractions/p11-kit b/profiles/apparmor.d/abstractions/p11-kit
index 29696815e761665a9484a1c45af38504660062f6..57b8f886a83c59e8ef5912be1c79e73ada9e4eda 100644
--- a/profiles/apparmor.d/abstractions/p11-kit
+++ b/profiles/apparmor.d/abstractions/p11-kit
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
/etc/pkcs11/ r,
/etc/pkcs11/pkcs11.conf r,
diff --git a/profiles/apparmor.d/abstractions/perl b/profiles/apparmor.d/abstractions/perl
index 39718535a65575c4cdc71ff346a965d6efb3c0f7..d69fc54d1546723e0bd271ae31464a54f617d5e9 100644
--- a/profiles/apparmor.d/abstractions/perl
+++ b/profiles/apparmor.d/abstractions/perl
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# a few files typically required for perl scripts
/usr/bin/perl rmix,
diff --git a/profiles/apparmor.d/abstractions/php b/profiles/apparmor.d/abstractions/php
index 6bf0dc7981abbcd5bb61bff98d26f3a9e7c791c1..ca7ca370f3714b387b0e74fb074e15665b725455 100644
--- a/profiles/apparmor.d/abstractions/php
+++ b/profiles/apparmor.d/abstractions/php
@@ -10,28 +10,28 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# shared snippets for config files
- /etc/php{,5,7,8}/** r,
+ /etc/php{,5,7,8,-legacy}/** r,
# Xlibs
/usr/X11R6/lib{,32,64}/lib*.so* mr,
# php extensions
- /usr/lib{64,}/php{,5,7,8}/*/*.so mr,
+ /usr/lib{64,}/php{,5,7,8,-legacy}/*/*.so mr,
# ICU (unicode support) data tables
/usr/share/icu/*/*.dat r,
# php session mmap socket
- /var/lib/php{,5,7,8}/session_mm_* rwlk,
+ /var/lib/php{,5,7,8,-legacy}/session_mm_* rwlk,
# file based session handler
- /var/lib/php{,5,7,8}/sess_* rwlk,
- /var/lib/php{,5,7,8}/sessions/* rwlk,
+ /var/lib/php{,5,7,8,-legacy}/sess_* rwlk,
+ /var/lib/php{,5,7,8,-legacy}/sessions/* rwlk,
# php libraries
- /usr/share/php{,5,7,8}/ r,
- /usr/share/php{,5,7,8}/** mr,
+ /usr/share/php{,5,7,8,-legacy}/ r,
+ /usr/share/php{,5,7,8,-legacy}/** mr,
# MySQL extension
/usr/share/mysql/** r,
diff --git a/profiles/apparmor.d/abstractions/php-worker b/profiles/apparmor.d/abstractions/php-worker
index a476e4071d1483159ef3d8f184185c4628bbf239..40f63adb5d5424fe454f6657fc1748f8b4cd3b65 100644
--- a/profiles/apparmor.d/abstractions/php-worker
+++ b/profiles/apparmor.d/abstractions/php-worker
@@ -2,7 +2,7 @@
# This file contains basic permissions for php-fpm workers
- abi <abi/3.0>,
+ abi <abi/4.0>,
# load common libraries and their support files
include <abstractions/base>
diff --git a/profiles/apparmor.d/abstractions/php5 b/profiles/apparmor.d/abstractions/php5
index 25f8001e8906bb05a8b0adfa622a7c55d7b6d03b..222968c886b124e3bd5252b52e8c774f36fffb7f 100644
--- a/profiles/apparmor.d/abstractions/php5
+++ b/profiles/apparmor.d/abstractions/php5
@@ -1,6 +1,6 @@
#backwards compatibility include, actual abstraction moved from php5 to php
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <abstractions/php>
diff --git a/profiles/apparmor.d/abstractions/postfix-common b/profiles/apparmor.d/abstractions/postfix-common
index 68d4f7a82c40cf41fcdc9680a268f5b964db6b10..2691de8e408ae4430280953aa67c2ed20f92a9b3 100644
--- a/profiles/apparmor.d/abstractions/postfix-common
+++ b/profiles/apparmor.d/abstractions/postfix-common
@@ -11,7 +11,7 @@
# ------------------------------------------------------------------
# used with postfix/*
- abi <abi/3.0>,
+ abi <abi/4.0>,
capability setuid,
diff --git a/profiles/apparmor.d/abstractions/private-files b/profiles/apparmor.d/abstractions/private-files
index 5f0504178339273f4222e9aa9ed6953b43f99d9d..00ad5f16d1c1097ca0d4dc83a8fc73dce2b89f3d 100644
--- a/profiles/apparmor.d/abstractions/private-files
+++ b/profiles/apparmor.d/abstractions/private-files
@@ -2,7 +2,7 @@
# privacy-violations contains rules for common files that you want to
# explicitly deny access
- abi <abi/3.0>,
+ abi <abi/4.0>,
# privacy violations (don't audit files under $HOME otherwise get a
# lot of false positives when reading contents of directories)
diff --git a/profiles/apparmor.d/abstractions/private-files-strict b/profiles/apparmor.d/abstractions/private-files-strict
index b8ab40e0c8325fe462b37ee3f5c5dc00faf714b0..28d3ab1e83e850fd8817c9ee9d6104e15e725aaf 100644
--- a/profiles/apparmor.d/abstractions/private-files-strict
+++ b/profiles/apparmor.d/abstractions/private-files-strict
@@ -2,7 +2,7 @@
# privacy-violations-strict contains additional rules for sensitive
# files that you want to explicitly deny access
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <abstractions/private-files>
diff --git a/profiles/apparmor.d/abstractions/python b/profiles/apparmor.d/abstractions/python
index 87f7f2b0725680afb1708c9c0de9c602b221a13f..9289df6189d8f58662a4314fe1e072a6a15d166a 100644
--- a/profiles/apparmor.d/abstractions/python
+++ b/profiles/apparmor.d/abstractions/python
@@ -10,7 +10,10 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
+
+ /{usr/,}bin/ r,
+ /{usr/,}bin/python{2.[4-7],3,3.[0-9],3.1[0-9]} r,
/usr/{local/,}lib{,32,64}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/**.{pyc,so,so.*[0-9]} mr,
/usr/{local/,}lib{,32,64}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/**.{egg,py,pth} r,
@@ -37,5 +40,15 @@
# python build configuration and headers
/usr/include/python{2.[4-7],3.[0-9],3.1[0-9]}*/pyconfig.h r,
+ owner @{HOME}/.local/lib/python{2.[4-7],3,3.[0-9],3.1[0-9]}/**.{pyc,so} mr,
+ owner @{HOME}/.local/lib/python{2.[4-7],3,3.[0-9],3.1[0-9]}/**.{egg,py,pth} r,
+ owner @{HOME}/.local/lib/python{2.[4-7],3,3.[0-9],3.1[0-9]}/{site,dist}-packages/ r,
+ owner @{HOME}/.local/lib/python{2.[4-7],3,3.[0-9],3.1[0-9]}/{site,dist}-packages/**/ r,
+
+ # Starting with Python 3.8, you can use the PYTHONPYCACHEPREFIX environment
+ # variable to define a cache directory for Python.
+ owner @{HOME}/.cache/Python/ rw,
+ owner @{HOME}/.cache/Python/** rw,
+
# Include additions to the abstraction
include if exists <abstractions/python.d>
diff --git a/profiles/apparmor.d/abstractions/qt5 b/profiles/apparmor.d/abstractions/qt5
index 83dc00c4e8fda21787ed8c3152ba9a55e08ac7dc..d9d53ba9e7b61ea6c7f9de0d46e122ccbedc00fb 100644
--- a/profiles/apparmor.d/abstractions/qt5
+++ b/profiles/apparmor.d/abstractions/qt5
@@ -1,7 +1,7 @@
# vim:syntax=apparmor
# Common rules for Qt5-based applications
- abi <abi/3.0>,
+ abi <abi/4.0>,
# Additional libraries
diff --git a/profiles/apparmor.d/abstractions/qt5-compose-cache-write b/profiles/apparmor.d/abstractions/qt5-compose-cache-write
index 5322ea031ecc59ffa10f4e2362f7fc93b881b44c..a34178b24305104d22bda79d6aa66b1d5a9efc71 100644
--- a/profiles/apparmor.d/abstractions/qt5-compose-cache-write
+++ b/profiles/apparmor.d/abstractions/qt5-compose-cache-write
@@ -1,7 +1,7 @@
# vim:syntax=apparmor
# Allow writing cache for Qt5 "platforminputcontexts" plugins
- abi <abi/3.0>,
+ abi <abi/4.0>,
# User files
diff --git a/profiles/apparmor.d/abstractions/qt5-settings-write b/profiles/apparmor.d/abstractions/qt5-settings-write
index 327390ace9138e16f7f018a0615683f5145cd385..fe592dc35cb2bd31f31947a4d63d1506e6412006 100644
--- a/profiles/apparmor.d/abstractions/qt5-settings-write
+++ b/profiles/apparmor.d/abstractions/qt5-settings-write
@@ -1,7 +1,7 @@
# vim:syntax=apparmor
# Allow writing shared settings for Qt-based applications
- abi <abi/3.0>,
+ abi <abi/4.0>,
# User files
diff --git a/profiles/apparmor.d/abstractions/recent-documents-write b/profiles/apparmor.d/abstractions/recent-documents-write
index 02962e4c733af2fd59f1f10992c828187498ee95..93c90cab9fc8317eb3ad141bbc99937242843426 100644
--- a/profiles/apparmor.d/abstractions/recent-documents-write
+++ b/profiles/apparmor.d/abstractions/recent-documents-write
@@ -1,7 +1,7 @@
# vim:syntax=apparmor
# Allow updating recent documents
- abi <abi/3.0>,
+ abi <abi/4.0>,
# User files
diff --git a/profiles/apparmor.d/abstractions/ruby b/profiles/apparmor.d/abstractions/ruby
index a71a2043b561d7b2b4cbf8838f5ae1bc0b1ba4a9..2f35e6707ad64fcad33475788cc8c2d7fc419e43 100644
--- a/profiles/apparmor.d/abstractions/ruby
+++ b/profiles/apparmor.d/abstractions/ruby
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
/usr/lib{,32,64}/ruby/1.[89]{.[0-9],}/ r,
/usr/lib{,32,64}/ruby/1.[89]{.[0-9],}/**.rb r,
diff --git a/profiles/apparmor.d/abstractions/samba b/profiles/apparmor.d/abstractions/samba
index a17e31a18d37c350d260f70749c2107fca067fff..48637201c979ecdc6c5d6efdff75af3858b8abea 100644
--- a/profiles/apparmor.d/abstractions/samba
+++ b/profiles/apparmor.d/abstractions/samba
@@ -9,9 +9,10 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
/etc/samba/* r,
+ /etc/gnutls/config r,
/usr/lib*/ldb/*.so mr,
/usr/lib*/ldb2/*.so mr,
/usr/lib*/ldb2/modules/ldb/*.so mr,
diff --git a/profiles/apparmor.d/abstractions/samba-rpcd b/profiles/apparmor.d/abstractions/samba-rpcd
index 4c83091ad9dd90d989bb1c313ef026360a018d65..fca361a17dcdcb3917c0fbfafd0df3b6042ed1c0 100644
--- a/profiles/apparmor.d/abstractions/samba-rpcd
+++ b/profiles/apparmor.d/abstractions/samba-rpcd
@@ -11,7 +11,7 @@
# This file contains basic permissions for samba rpcd_xyz services
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <abstractions/base>
include <abstractions/nameservice>
diff --git a/profiles/apparmor.d/abstractions/smbpass b/profiles/apparmor.d/abstractions/smbpass
index 89534d4646c8814e16c333f10fe8e53b1dc7e7df..0a7f60d3a8f4b213f3db9e56815a2ab95745edcc 100644
--- a/profiles/apparmor.d/abstractions/smbpass
+++ b/profiles/apparmor.d/abstractions/smbpass
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# libpam-smbpass/pam_smbpass.so permissions
/var/lib/samba/*.[lt]db rwk,
diff --git a/profiles/apparmor.d/abstractions/snap_browsers b/profiles/apparmor.d/abstractions/snap_browsers
index 98fdeed29af5395bad401ea129ab82146197afa0..b6ee4ee8fcab6fe1586d3968b6839a191a8f04ec 100644
--- a/profiles/apparmor.d/abstractions/snap_browsers
+++ b/profiles/apparmor.d/abstractions/snap_browsers
@@ -33,11 +33,7 @@ profile snap_browsers {
/sys/kernel/security/apparmor/features/ r,
# allow launching official browser snaps.
- /snap/chromium/[0-9]*/meta/{snap.yaml,hooks/} r,
- /snap/firefox/[0-9]*/meta/{snap.yaml,hooks/} r,
- /snap/opera/[0-9]*/meta/{snap.yaml,hooks/} r,
-
- /var/lib/snapd/sequence/{chromium,firefox,opera}.json r,
- /var/lib/snapd/inhibit/{chromium,firefox,opera}.lock rk,
- # add other browsers here
+ /snap/{brave,chromium,firefox,opera}/[0-9]*/meta/{snap.yaml,hooks/} r,
+ /var/lib/snapd/sequence/{brave,chromium,firefox,opera}.json r,
+ /var/lib/snapd/inhibit/{brave,chromium,firefox,opera}.lock rk,
}
diff --git a/profiles/apparmor.d/abstractions/ssl_certs b/profiles/apparmor.d/abstractions/ssl_certs
index edb39646b579caa0dec0b2ec91f695c4ee8577a4..3db31fa21bb32f60ad8042e68b6c1595b6925570 100644
--- a/profiles/apparmor.d/abstractions/ssl_certs
+++ b/profiles/apparmor.d/abstractions/ssl_certs
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
/etc/ca-certificates/{,**} r,
/etc/{,libre}ssl/ r,
diff --git a/profiles/apparmor.d/abstractions/ssl_keys b/profiles/apparmor.d/abstractions/ssl_keys
index f310bb5a164dc65403bc411bdb69f49e5cbfb469..21e4727bc71d6c17cffa5a98c3cc617fa04bc52e 100644
--- a/profiles/apparmor.d/abstractions/ssl_keys
+++ b/profiles/apparmor.d/abstractions/ssl_keys
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# private ssl permissions
diff --git a/profiles/apparmor.d/abstractions/svn-repositories b/profiles/apparmor.d/abstractions/svn-repositories
index ca9f990c270be3f7a1c7c3877c08b034e67c523a..8a1c7b6ffb118dd50e464e2a4e3ade6850623f16 100644
--- a/profiles/apparmor.d/abstractions/svn-repositories
+++ b/profiles/apparmor.d/abstractions/svn-repositories
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# This little snippet should abstract the read/write access to a repository.
# it is intended to be included in profiles for svnserve/apache2 and maybe
diff --git a/profiles/apparmor.d/abstractions/transmission-common b/profiles/apparmor.d/abstractions/transmission-common
new file mode 100644
index 0000000000000000000000000000000000000000..038e65e2926e1ab147680948b580958f2ee50ab6
--- /dev/null
+++ b/profiles/apparmor.d/abstractions/transmission-common
@@ -0,0 +1,153 @@
+# vim:syntax=apparmor
+# LOGPROF-SUGGEST: no
+# Author: Daniel Richard G. <skunk@iSKUNK.ORG>
+
+ include <abstractions/base>
+ include <abstractions/freedesktop.org>
+ include <abstractions/nameservice>
+ include <abstractions/openssl>
+
+ network inet dgram,
+ network inet6 dgram,
+ network netlink dgram,
+ network inet stream,
+ network inet6 stream,
+
+ dbus (bind)
+ bus=session
+ name=com.transmissionbt.Transmission,
+ dbus (bind)
+ bus=session
+ name=com.transmissionbt.transmission_*,
+
+ dbus (receive)
+ bus=session
+ path=/ca/desrt/dconf/Writer/user
+ interface=ca.desrt.dconf.Writer
+ member=Notify,
+ dbus (send)
+ bus=session
+ path=/ca/desrt/dconf/Writer/user
+ interface=ca.desrt.dconf.Writer
+ member=Change
+ peer=(name=ca.desrt.dconf),
+
+ dbus (receive)
+ bus=accessibility
+ path=/org/a11y/atspi/accessible/root
+ interface=org.freedesktop.DBus.Properties
+ member=Set,
+ dbus (send)
+ bus=accessibility
+ path=/org/a11y/atspi/accessible/root
+ interface=org.a11y.atspi.Socket
+ member=Embed
+ peer=(name=org.a11y.atspi.Registry),
+ dbus (send)
+ bus=accessibility
+ path=/org/a11y/atspi/registry
+ interface=org.a11y.atspi.Registry
+ member=GetRegisteredEvents
+ peer=(name=org.a11y.atspi.Registry),
+ dbus (send)
+ bus=accessibility
+ path=/org/a11y/atspi/registry/deviceeventcontroller
+ interface=org.a11y.atspi.DeviceEventController
+ member={GetDeviceEventListeners,GetKeystrokeListeners}
+ peer=(name=org.a11y.atspi.Registry),
+
+ dbus (send)
+ bus={accessibility,session}
+ path=/org/freedesktop/DBus
+ interface=org.freedesktop.DBus
+ member={AddMatch,GetNameOwner,Hello,ReleaseName,RemoveMatch,RequestName,StartServiceByName}
+ peer=(name=org.freedesktop.DBus),
+ dbus (send)
+ bus=session
+ interface=org.freedesktop.DBus.Introspectable
+ path=/StatusNotifierWatcher
+ member=Introspect
+ peer=(name=org.kde.StatusNotifierWatcher),
+ dbus (send)
+ bus=session
+ interface=org.freedesktop.DBus.Properties
+ path=/StatusNotifierWatcher
+ member=Get
+ peer=(name=org.kde.StatusNotifierWatcher),
+ dbus (send)
+ bus=session
+ interface=org.freedesktop.DBus.Properties
+ path=/org/a11y/bus
+ member=Get
+ peer=(name=org.a11y.Bus),
+ dbus (send)
+ bus=system
+ interface=org.freedesktop.DBus.Properties
+ path=/org/freedesktop/hostname1
+ member=GetAll,
+
+ dbus (send)
+ bus=session
+ interface=org.freedesktop.Notifications
+ path=/org/freedesktop/Notifications
+ member={GetCapabilities,Notify},
+
+ dbus (send)
+ bus=session
+ path=/org/gtk/Private/RemoteVolumeMonitor
+ interface=org.gtk.Private.RemoteVolumeMonitor
+ member={IsSupported,List},
+ dbus (send)
+ bus=session
+ path=/org/gtk/vfs/Daemon
+ interface=org.gtk.vfs.Daemon
+ member={GetConnection,ListMonitorImplementations},
+ dbus (send)
+ bus=session
+ path=/org/gtk/vfs/mount/[1-9]*
+ interface=org.gtk.vfs.Mount
+ member={CreateFileMonitor,Enumerate,QueryInfo},
+ dbus (receive)
+ bus=session
+ path=/org/gtk/vfs/mounttracker
+ interface=org.gtk.vfs.MountTracker
+ member=Mounted,
+ dbus (send)
+ bus=session
+ path=/org/gtk/vfs/mounttracker
+ interface=org.gtk.vfs.MountTracker
+ member={ListMountableInfo,ListMounts2,LookupMount},
+
+ @{PROC}/sys/kernel/random/uuid r,
+
+ owner @{PROC}/@{pid}/mountinfo r,
+ owner @{PROC}/@{pid}/mounts r,
+
+ owner @{run}/user/@{uid}/gvfsd/socket-* rw,
+
+ @{etc_ro}/fstab r,
+
+ @{system_share_dirs}/hwdata/** r,
+ @{system_share_dirs}/lxqt/** r,
+
+ owner /tmp/tr_session_id_* rwk,
+
+ # allow a top-level directory listing
+ @{HOME}/ r,
+
+ owner @{HOME}/.cache/transmission/ w,
+ owner @{HOME}/.cache/transmission/** rw,
+ owner @{HOME}/.config/transmission/ w,
+ owner @{HOME}/.config/transmission/** rw,
+
+ owner @{HOME}/.config/lxqt/lxqt.conf r,
+
+ owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ r,
+ owner @{HOME}/@{XDG_DOWNLOAD_DIR}/** rw,
+
+ # exclude these for now
+ deny /usr/share/thumbnailers/ r,
+ deny @{HOME}/.local/share/gvfs-metadata/** r,
+ deny @{HOME}/.config/lxqt/** rw,
+
+ include if exists <abstractions/transmission-common.d>
diff --git a/profiles/apparmor.d/abstractions/trash b/profiles/apparmor.d/abstractions/trash
index 68a43c067c4fe71bb28d5d1188171d988cd2ec6a..96d80ed635dbdc0d9f3973c362e1e316e8724e30 100644
--- a/profiles/apparmor.d/abstractions/trash
+++ b/profiles/apparmor.d/abstractions/trash
@@ -1,4 +1,4 @@
-abi <abi/3.0>,
+abi <abi/4.0>,
# requires <tunables/home>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-bittorrent-clients b/profiles/apparmor.d/abstractions/ubuntu-bittorrent-clients
index 0d929ad61d1d21a004a1e594c344e071d34363bd..36378e49dd47d1de95cfa490bac987cc0b461dab 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-bittorrent-clients
+++ b/profiles/apparmor.d/abstractions/ubuntu-bittorrent-clients
@@ -6,7 +6,7 @@
# in the toplevel profile. Eg:
# include <abstractions/ubuntu-helpers>
- abi <abi/3.0>,
+ abi <abi/4.0>,
/usr/bin/azureus Cxr -> sanitized_helper,
/usr/bin/bitstormlite Cxr -> sanitized_helper,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers b/profiles/apparmor.d/abstractions/ubuntu-browsers
index c2c710a110fbf77c865fc5881e93bb6d1860b60e..a85203e0279b63c333fa56a5b6ca77e19ebd2170 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers
@@ -6,7 +6,7 @@
# in the toplevel profile. Eg:
# include <abstractions/ubuntu-helpers>
- abi <abi/3.0>,
+ abi <abi/4.0>,
/usr/bin/arora Cx -> sanitized_helper,
/usr/bin/dillo Cx -> sanitized_helper,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser
index 95724f1a4a735084005e8d97f362d90ad4d65cbc..7c4a3a5fa0833ec45d18b21cc637302e0c3249ea 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser
@@ -13,7 +13,7 @@
# For site-specific adjustments, please see:
# /etc/apparmor.d/local/chromium-browser
-abi <abi/3.0>,
+abi <abi/4.0>,
include <abstractions/ubuntu-browsers.d/plugins-common>
include <abstractions/ubuntu-browsers.d/mailto>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
index 507d62a0a4d7b79d23ffcba5288f15b980d70143..b9d19d25b1f9c49581c69b3f4844fd5b0cc6e517 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# Java plugin
owner @{HOME}/.java/deployment/deployment.properties k,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/kde b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/kde
index 62db4f3996e5f3114ed9d6d192fbaf699c1c6e00..044786219bd27429f83026f176041b3384ad2a7c 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/kde
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/kde
@@ -3,7 +3,7 @@
# in the toplevel profile. Eg:
# include <abstractions/ubuntu-helpers>
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <abstractions/kde>
/usr/bin/kde4-config Cx -> sanitized_helper,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/mailto b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/mailto
index 8d157098666998a7396922b417acca1a74280547..c09b501b0578e1685141552220e20bbdf80a8dbc 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/mailto
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/mailto
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# for mailto:
include <abstractions/ubuntu-email>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/multimedia b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/multimedia
index f2eb23ef31ec4a26a180ac58978176fd885fc8e6..37fae70198981677246e356974bc271f800bf4d3 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/multimedia
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/multimedia
@@ -3,7 +3,7 @@
# in the toplevel profile. Eg:
# include <abstractions/ubuntu-helpers>
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <abstractions/X>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/plugins-common b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/plugins-common
index 5d93b262efd55312f91178b14083f61ac04adb07..b4c4b37e698389c648415cbccd4d8ebca3446404 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/plugins-common
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/plugins-common
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
#
# Plugins/helpers
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/productivity b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/productivity
index 1fc67a84ad11c09dc80c06e952b7a1ec9196dd6f..f778ce28f41cb6049c58dadcda8b3c9e2ca77097 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/productivity
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/productivity
@@ -3,7 +3,7 @@
# in the toplevel profile. Eg:
# include <abstractions/ubuntu-helpers>
- abi <abi/3.0>,
+ abi <abi/4.0>,
# Openoffice.org
/usr/bin/ooffice Cxr -> sanitized_helper,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/text-editors b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/text-editors
index e04c6b80b6a51d09e4cf8a2492fd9a291dd37f01..6280b4d9d12855d8b0a66552d3b24ef9a2cc2c40 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/text-editors
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/text-editors
@@ -3,7 +3,7 @@
# in the toplevel profile. Eg:
# include <abstractions/ubuntu-helpers>
- abi <abi/3.0>,
+ abi <abi/4.0>,
# Text editors (It's All Text [https://addons.mozilla.org/en-US/firefox/addon/4125])
/usr/bin/emacsclient.emacs-snapshot Cxr -> sanitized_helper,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration
index cdbd47cd3ddda01e7a2e0f76cd94245bd303bd03..8e73ec2d459642ee784725762b59a3a73e8a1005 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration
@@ -3,7 +3,7 @@
# in the toplevel profile. Eg:
# include <abstractions/ubuntu-helpers>
- abi <abi/3.0>,
+ abi <abi/4.0>,
# Apport
/usr/bin/apport-bug Cx -> sanitized_helper,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration-xul b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration-xul
index c6a8eedddfad11fa2179a4e49e1814a13c234f9b..c1e4f7a74bf9b0ccb5d566f8b3bee19629ed7356 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration-xul
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration-xul
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# firefox-notify
include <abstractions/python>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files
index f045455286591cdead38476438e55fa82a331407..fa731520d00253e5f80552966d62560a03c25e07 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# Allow read to all files user has DAC access to and write access to all
# files owned by the user in $HOME.
diff --git a/profiles/apparmor.d/abstractions/ubuntu-console-browsers b/profiles/apparmor.d/abstractions/ubuntu-console-browsers
index 8f6687ae13ad1374f5425b05ad6ec41c62f45f0f..f05585894476de23a92ebfa13ffecfce04f78a12 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-console-browsers
+++ b/profiles/apparmor.d/abstractions/ubuntu-console-browsers
@@ -10,7 +10,7 @@
# in the toplevel profile. Eg:
# include <abstractions/ubuntu-helpers>
- abi <abi/3.0>,
+ abi <abi/4.0>,
/usr/bin/elinks Cx -> sanitized_helper,
/usr/bin/links Cx -> sanitized_helper,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-console-email b/profiles/apparmor.d/abstractions/ubuntu-console-email
index ee741fdfdd9f83773682c45dddb7e9ec2f450cf3..dee7feed9bee363bf2d47fa5f51aa67d31bb7d87 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-console-email
+++ b/profiles/apparmor.d/abstractions/ubuntu-console-email
@@ -10,7 +10,7 @@
# in the toplevel profile. Eg:
# include <abstractions/ubuntu-helpers>
- abi <abi/3.0>,
+ abi <abi/4.0>,
/usr/bin/alpine Cx -> sanitized_helper,
/usr/bin/citadel Cx -> sanitized_helper,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-email b/profiles/apparmor.d/abstractions/ubuntu-email
index 45f02eba2a5d543c10ce391b0c1b084f113960ea..6ebc26e1bd3d700b7d1a2732979e96f09b7589f6 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-email
+++ b/profiles/apparmor.d/abstractions/ubuntu-email
@@ -6,7 +6,7 @@
# in the toplevel profile. Eg:
# include <abstractions/ubuntu-helpers>
- abi <abi/3.0>,
+ abi <abi/4.0>,
/usr/bin/anjal Cx -> sanitized_helper,
/usr/bin/balsa Cx -> sanitized_helper,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-feed-readers b/profiles/apparmor.d/abstractions/ubuntu-feed-readers
index e8b89b1d375fb6939f193afbc31e8dc1e5003946..9e2e116da4984a048f18762fb15c4c42fc995358 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-feed-readers
+++ b/profiles/apparmor.d/abstractions/ubuntu-feed-readers
@@ -6,7 +6,7 @@
# in the toplevel profile. Eg:
# include <abstractions/ubuntu-helpers>
- abi <abi/3.0>,
+ abi <abi/4.0>,
/usr/bin/akregator Cxr -> sanitized_helper,
/usr/bin/liferea-add-feed Cxr -> sanitized_helper,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-gnome-terminal b/profiles/apparmor.d/abstractions/ubuntu-gnome-terminal
index c6280b0ef31fd86a4bb5bb9a44632554047cc24a..46318f44a16e8a9bd5a2bd5c867a56274bb6b96c 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-gnome-terminal
+++ b/profiles/apparmor.d/abstractions/ubuntu-gnome-terminal
@@ -3,7 +3,7 @@
# for allowing access to gnome-terminal
#
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <abstractions/gnome>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-helpers b/profiles/apparmor.d/abstractions/ubuntu-helpers
index 8484a411b62b811e669d66b3b398e4379d084a88..d561436ec8c352e975d5cb7dc29eb7b4de6e61dc 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-helpers
+++ b/profiles/apparmor.d/abstractions/ubuntu-helpers
@@ -31,7 +31,7 @@
# Use at your own risk. This profile was developed as an interim workaround for
# LP: #851986 until AppArmor utilizes proper environment filtering.
- abi <abi/3.0>,
+ abi <abi/4.0>,
profile sanitized_helper {
include <abstractions/base>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-konsole b/profiles/apparmor.d/abstractions/ubuntu-konsole
index 4ece2bd373e0d6c6edc9d98e253a5d57ec91643c..2a40e381721aa944f3a826d04af958cafa9496d1 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-konsole
+++ b/profiles/apparmor.d/abstractions/ubuntu-konsole
@@ -3,7 +3,7 @@
# for allowing access to konsole
#
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <abstractions/consoles>
include <abstractions/kde>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-media-players b/profiles/apparmor.d/abstractions/ubuntu-media-players
index 5fa48e75bb2f497ab4f8f0822dd226c2fea12e96..86ec80ab5f89c8383bb2dbf902dcbd732fe3238e 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-media-players
+++ b/profiles/apparmor.d/abstractions/ubuntu-media-players
@@ -6,7 +6,7 @@
# in the toplevel profile. Eg:
# include <abstractions/ubuntu-helpers>
- abi <abi/3.0>,
+ abi <abi/4.0>,
/usr/bin/amarok Cxr -> sanitized_helper,
/usr/bin/audacious2 Cxr -> sanitized_helper,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-unity7-base b/profiles/apparmor.d/abstractions/ubuntu-unity7-base
index 6e207b28725617840a93f2d1590c56d6c3cc5491..c8305d8796ddebfcb85a48a9653f186877fe3049 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-unity7-base
+++ b/profiles/apparmor.d/abstractions/ubuntu-unity7-base
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
#
# Rules common to applications running under Unity 7
diff --git a/profiles/apparmor.d/abstractions/ubuntu-unity7-launcher b/profiles/apparmor.d/abstractions/ubuntu-unity7-launcher
index eb2f070d39920c1de3a5ecab91ed1083e11af392..d73edfc8f286b046bf9e56af1d5f00f0dfb221bd 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-unity7-launcher
+++ b/profiles/apparmor.d/abstractions/ubuntu-unity7-launcher
@@ -1,4 +1,4 @@
- abi <abi/3.0>,
+ abi <abi/4.0>,
#
# Access required for connecting to/communicating with the Unity Launcher
diff --git a/profiles/apparmor.d/abstractions/ubuntu-unity7-messaging b/profiles/apparmor.d/abstractions/ubuntu-unity7-messaging
index 21de3ff0d53a718b2e098d3743aa73b819820776..7e2ff3aa853b82001755d666854f3ea071dc25e4 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-unity7-messaging
+++ b/profiles/apparmor.d/abstractions/ubuntu-unity7-messaging
@@ -1,4 +1,4 @@
- abi <abi/3.0>,
+ abi <abi/4.0>,
#
# Access required for connecting to/communicating with the Unity messaging
diff --git a/profiles/apparmor.d/abstractions/ubuntu-xterm b/profiles/apparmor.d/abstractions/ubuntu-xterm
index 07eacaba96d50cb25dfcfef3ad9ffa4ca009c3cf..932f85a4154367576bd9c91391c529c550ebff6c 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-xterm
+++ b/profiles/apparmor.d/abstractions/ubuntu-xterm
@@ -3,7 +3,7 @@
# for allowing access to xterm
#
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <abstractions/consoles>
/dev/ptmx rw,
diff --git a/profiles/apparmor.d/abstractions/user-download b/profiles/apparmor.d/abstractions/user-download
index 765402947354ce3095c1fcb085647e34811e9056..0f8e30af21dc917aec4ebbbbd7fee5efb5dad8f4 100644
--- a/profiles/apparmor.d/abstractions/user-download
+++ b/profiles/apparmor.d/abstractions/user-download
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# Description: Where common programs should allow users to download
# files
diff --git a/profiles/apparmor.d/abstractions/user-mail b/profiles/apparmor.d/abstractions/user-mail
index 4156dfaacf6da27ec189cc4a9dc8e1168a8340c3..366c7b22af4471c49179da825cd7ff9c243933cf 100644
--- a/profiles/apparmor.d/abstractions/user-mail
+++ b/profiles/apparmor.d/abstractions/user-mail
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# location of user mail, spool and mboxes
owner @{HOME}/[mM]ail/ r,
diff --git a/profiles/apparmor.d/abstractions/user-manpages b/profiles/apparmor.d/abstractions/user-manpages
index 3178a4d60f35da53f96b0c0bcae18429655cb3aa..66a4013332e3a8bff3d8b3a2cefce0c3f37c75e0 100644
--- a/profiles/apparmor.d/abstractions/user-manpages
+++ b/profiles/apparmor.d/abstractions/user-manpages
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# perhaps your configuration has users elsewhere, or you don't wish
# them to read their own manpages
diff --git a/profiles/apparmor.d/abstractions/user-tmp b/profiles/apparmor.d/abstractions/user-tmp
index 6d651c5dc4864bba4c329d4ab4afaa9d1a650f56..804135fa3b7af672d631925926fe0627250dbcaf 100644
--- a/profiles/apparmor.d/abstractions/user-tmp
+++ b/profiles/apparmor.d/abstractions/user-tmp
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# per-user tmp directories
owner @{HOME}/tmp/** rwkl,
diff --git a/profiles/apparmor.d/abstractions/user-write b/profiles/apparmor.d/abstractions/user-write
index 604b60b7a3ff8a0546be78b6535bae7a94b1052f..b94ce170f11f4490c4620b549fc82d89619a77b4 100644
--- a/profiles/apparmor.d/abstractions/user-write
+++ b/profiles/apparmor.d/abstractions/user-write
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# per-user write directories
owner @{HOME}/ r,
diff --git a/profiles/apparmor.d/abstractions/video b/profiles/apparmor.d/abstractions/video
index 2b5634824d7eb13b658e86ab95092305de6ae5be..0495388d823e56cef37b85aaf0be82750081f9ae 100644
--- a/profiles/apparmor.d/abstractions/video
+++ b/profiles/apparmor.d/abstractions/video
@@ -1,7 +1,7 @@
# vim:syntax=apparmor
# video device access
- abi <abi/3.0>,
+ abi <abi/4.0>,
# System devices
@{sys}/class/video4linux/ r,
diff --git a/profiles/apparmor.d/abstractions/vulkan b/profiles/apparmor.d/abstractions/vulkan
index 479a9dcb70e4e66ca6f1e343e357c4b8c970423d..aede3757c7037e3545c310f05000f6bfd204df77 100644
--- a/profiles/apparmor.d/abstractions/vulkan
+++ b/profiles/apparmor.d/abstractions/vulkan
@@ -1,11 +1,11 @@
# vim:syntax=apparmor
# Vulkan access requirements
- abi <abi/3.0>,
+ abi <abi/4.0>,
# System files
/dev/dri/ r, # libvulkan_radeon.so, libvulkan_intel.so (Mesa)
- /etc/glvnd/egl_vendor.d/{*,.json} r,
+ /etc/glvnd/egl_vendor.d/{,*.json} r,
/etc/vulkan/icd.d/{,*.json} r,
/etc/vulkan/{explicit,implicit}_layer.d/{,*.json} r,
# for drmGetMinorNameForFD() from libvulkan_intel.so (Mesa)
@@ -13,7 +13,8 @@
@{sys}/devices/pci[0-9]*/*/drm/card[0-9]/gt_{max,min}_freq_mhz r, # anv_enumerate_physical_devices() from libvulkan_intel.so
@{sys}/devices/pci[0-9]*/*/drm/card[0-9]/metrics/ r, # anv_enumerate_physical_devices() from libvulkan_intel.so
@{sys}/devices/pci[0-9]*/*/drm/card[0-9]/metrics/????????-????-????-????-????????????/id r, # anv_enumerate_physical_devices() from libvulkan_intel.so
- /usr/share/glvnd/egl_vendor.d/{,*.json} r,
+ /usr/share/egl/egl_external_platform.d/{,*} r,
+ /usr/share/glvnd/egl_vendor.d/{,*} r,
/usr/share/vulkan/icd.d/{,*.json} r,
/usr/share/vulkan/{explicit,implicit}_layer.d/{,*.json} r,
diff --git a/profiles/apparmor.d/abstractions/wayland b/profiles/apparmor.d/abstractions/wayland
index 368e2f77c3df6ccc61c38591fe17e3996c23e034..27563d5cf65f2402fe27abc96299806e318b1b3c 100644
--- a/profiles/apparmor.d/abstractions/wayland
+++ b/profiles/apparmor.d/abstractions/wayland
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
owner @{run}/user/*/wayland-[0-9]* rw,
owner @{run}/user/*/{mesa,mutter,sdl,wayland-cursor,weston,xwayland}-shared-* rw,
diff --git a/profiles/apparmor.d/abstractions/web-data b/profiles/apparmor.d/abstractions/web-data
index 8459eee354cf4f965cf0e496600f980c21c2c361..f7849b8438e6944bc297b2681a7fcaa70873245d 100644
--- a/profiles/apparmor.d/abstractions/web-data
+++ b/profiles/apparmor.d/abstractions/web-data
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
/srv/www/htdocs/ r,
/srv/www/htdocs/** r,
diff --git a/profiles/apparmor.d/abstractions/winbind b/profiles/apparmor.d/abstractions/winbind
index 3503e5a00cdeaae89f3b3426d55f71ec0d5a0d0d..9b5b9ab3ef423ba6f745bd3107d1909ba8bd2147 100644
--- a/profiles/apparmor.d/abstractions/winbind
+++ b/profiles/apparmor.d/abstractions/winbind
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# pam_winbindd
/tmp/.winbindd/pipe rw,
diff --git a/profiles/apparmor.d/abstractions/wutmp b/profiles/apparmor.d/abstractions/wutmp
index a085c3c91d66ea240e3160f97476dd6fd8402c93..937ca77c1d56610bdde45c9bb72356ea36202270 100644
--- a/profiles/apparmor.d/abstractions/wutmp
+++ b/profiles/apparmor.d/abstractions/wutmp
@@ -9,10 +9,12 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# some services update wtmp, utmp, and lastlog with per-user
# connection information
+ /var/lib/wtmpdb/ r,
+ /var/lib/wtmpdb/wtmp.db{,-journal} rwlk,
/var/log/lastlog rwk,
/var/log/wtmp rwk,
/var/log/btmp rwk,
diff --git a/profiles/apparmor.d/abstractions/xad b/profiles/apparmor.d/abstractions/xad
index f5f6e720414cca2da8a82bf65fd694da00dea241..5969f2c7c22435fd57fbaa553f9118086242fa0e 100644
--- a/profiles/apparmor.d/abstractions/xad
+++ b/profiles/apparmor.d/abstractions/xad
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
/opt/novell/xad/lib/ r,
/opt/novell/xad/lib/lib*.so* mr,
diff --git a/profiles/apparmor.d/abstractions/xdg-desktop b/profiles/apparmor.d/abstractions/xdg-desktop
index 9f7f4ae2a2597cc90cd34814c38196eadfbbad0b..19c3e6257f21cacc375c8c64df0e1069094d0d2b 100644
--- a/profiles/apparmor.d/abstractions/xdg-desktop
+++ b/profiles/apparmor.d/abstractions/xdg-desktop
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
# Entries based on:
# http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
diff --git a/profiles/apparmor.d/abstractions/xdg-open b/profiles/apparmor.d/abstractions/xdg-open
index 11cf410531b062098c08e72d171f5069c13aa68a..5e539e1de11288a32b2177212d2ef2a2890347d2 100644
--- a/profiles/apparmor.d/abstractions/xdg-open
+++ b/profiles/apparmor.d/abstractions/xdg-open
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
# This abstraction is designed to be used in a child profile to limit what
# confined application can invoke via xdg-open helper. xdg-open abstraction
diff --git a/profiles/apparmor.d/apache2.d/phpsysinfo b/profiles/apparmor.d/apache2.d/phpsysinfo
index afd1ff34038b1369dcbae06de9744a5577d90366..087b064a990e00a9c464e503d9983bf74be2d328 100644
--- a/profiles/apparmor.d/apache2.d/phpsysinfo
+++ b/profiles/apparmor.d/apache2.d/phpsysinfo
@@ -1,7 +1,7 @@
# Last Modified: Fri Sep 11 13:27:22 2009
# Author: Marc Deslauriers <marc.deslauriers@ubuntu.com>
- abi <abi/3.0>,
+ abi <abi/4.0>,
^phpsysinfo {
include <abstractions/apache2-common>
diff --git a/profiles/apparmor.d/balena-etcher b/profiles/apparmor.d/balena-etcher
new file mode 100644
index 0000000000000000000000000000000000000000..9a55bcd2f37a02bc56f332832751af75a20ad934
--- /dev/null
+++ b/profiles/apparmor.d/balena-etcher
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile balena-etcher /usr/lib/balena-etcher/balena-etcher flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/balena-etcher>
+}
diff --git a/profiles/apparmor.d/bin.ping b/profiles/apparmor.d/bin.ping
index 149b802d6a46b189c9a3d872745d64c1f8425083..14c48989781420340862d2a917e59b5d84fc4eb5 100644
--- a/profiles/apparmor.d/bin.ping
+++ b/profiles/apparmor.d/bin.ping
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
profile ping /{usr/,}bin/{,iputils-}ping {
@@ -24,6 +24,7 @@ profile ping /{usr/,}bin/{,iputils-}ping {
/{,usr/}bin/{,iputils-}ping mixr,
/etc/modules.conf r,
+ @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/bin.ping>
diff --git a/profiles/apparmor.d/brave b/profiles/apparmor.d/brave
new file mode 100644
index 0000000000000000000000000000000000000000..4aba1a312e44b24e6f1085e25105579ef277e619
--- /dev/null
+++ b/profiles/apparmor.d/brave
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile brave /opt/brave.com/brave/brave flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/brave>
+}
diff --git a/profiles/apparmor.d/buildah b/profiles/apparmor.d/buildah
new file mode 100644
index 0000000000000000000000000000000000000000..4281dc6c1b65cc8fbb42d1b706c11a7b367d305d
--- /dev/null
+++ b/profiles/apparmor.d/buildah
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile buildah /usr/bin/buildah flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/buildah>
+}
diff --git a/profiles/apparmor.d/busybox b/profiles/apparmor.d/busybox
new file mode 100644
index 0000000000000000000000000000000000000000..d726ddf0a64029a164770e93bd5b3c83c66a8274
--- /dev/null
+++ b/profiles/apparmor.d/busybox
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile busybox /usr/bin/busybox flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/busybox>
+}
diff --git a/profiles/apparmor.d/cam b/profiles/apparmor.d/cam
new file mode 100644
index 0000000000000000000000000000000000000000..d56c55a0c974f21b86775fbe9c5ddf18dc594a28
--- /dev/null
+++ b/profiles/apparmor.d/cam
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile cam /usr/bin/cam flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/cam>
+}
diff --git a/profiles/apparmor.d/ch-checkns b/profiles/apparmor.d/ch-checkns
new file mode 100644
index 0000000000000000000000000000000000000000..eafb5568673c70388b97a1a2f09707a85e5d2d77
--- /dev/null
+++ b/profiles/apparmor.d/ch-checkns
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile ch-checkns /usr/bin/ch-checkns flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/ch-checkns>
+}
diff --git a/profiles/apparmor.d/ch-run b/profiles/apparmor.d/ch-run
new file mode 100644
index 0000000000000000000000000000000000000000..2d20b4391c3e44a1443857e47807da5274d8807d
--- /dev/null
+++ b/profiles/apparmor.d/ch-run
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile ch-run /usr/bin/ch-run flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/ch-run>
+}
diff --git a/profiles/apparmor.d/chrome b/profiles/apparmor.d/chrome
new file mode 100644
index 0000000000000000000000000000000000000000..085c19897714af2b9b27ea21512652fcba479173
--- /dev/null
+++ b/profiles/apparmor.d/chrome
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile chrome /opt/google/chrome/chrome flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/chrome>
+}
diff --git a/profiles/apparmor.d/chromium b/profiles/apparmor.d/chromium
new file mode 100644
index 0000000000000000000000000000000000000000..61132bb813838593d3426d6a5a7de3b90a2164b8
--- /dev/null
+++ b/profiles/apparmor.d/chromium
@@ -0,0 +1,14 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+@{chromium} = {,ungoogled-}chromium{,-browser}
+
+profile chromium /usr/lib/@{chromium}/@{chromium} flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/chromium>
+}
diff --git a/profiles/apparmor.d/code b/profiles/apparmor.d/code
new file mode 100644
index 0000000000000000000000000000000000000000..d990544515805b291447579683835fd44c601a47
--- /dev/null
+++ b/profiles/apparmor.d/code
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile vscode /usr/share/code{/bin,}/code flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/code>
+}
diff --git a/profiles/apparmor.d/crun b/profiles/apparmor.d/crun
new file mode 100644
index 0000000000000000000000000000000000000000..04c9f4fdc7b12e4d763219ec52ac405a019804f2
--- /dev/null
+++ b/profiles/apparmor.d/crun
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile crun /usr/bin/crun flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/crun>
+}
diff --git a/profiles/apparmor.d/devhelp b/profiles/apparmor.d/devhelp
new file mode 100644
index 0000000000000000000000000000000000000000..ed7891a13eb5803df574a2fe191525b2f379155f
--- /dev/null
+++ b/profiles/apparmor.d/devhelp
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile devhelp /usr/bin/devhelp flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/devhelp>
+}
diff --git a/profiles/apparmor.d/element-desktop b/profiles/apparmor.d/element-desktop
new file mode 100644
index 0000000000000000000000000000000000000000..937a5b0073ab8915598bd8ac43271d745af8d023
--- /dev/null
+++ b/profiles/apparmor.d/element-desktop
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile element-desktop /opt/Element/element-desktop flags=(unconfined) {
+ userns,
+
+# Site-specific additions and overrides. See local/README for details.
+ include if exists <local/element-desktop>
+}
diff --git a/profiles/apparmor.d/epiphany b/profiles/apparmor.d/epiphany
new file mode 100644
index 0000000000000000000000000000000000000000..7a412d20f396d8014b91171ce5b229f37349835d
--- /dev/null
+++ b/profiles/apparmor.d/epiphany
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile epiphany /usr/bin/epiphany{,-browser} flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/epiphany>
+}
diff --git a/profiles/apparmor.d/evolution b/profiles/apparmor.d/evolution
new file mode 100644
index 0000000000000000000000000000000000000000..48b842bfb5ccae4786e56ad02525305ad85458f2
--- /dev/null
+++ b/profiles/apparmor.d/evolution
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile evolution /usr/bin/evolution flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/evolution>
+}
diff --git a/profiles/apparmor.d/firefox b/profiles/apparmor.d/firefox
new file mode 100644
index 0000000000000000000000000000000000000000..4071c3453dc943b4218e2b706f7b671ee24d74a3
--- /dev/null
+++ b/profiles/apparmor.d/firefox
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile firefox /{usr/lib/firefox{,-esr,-beta,-devedition,-nightly},opt/firefox}/firefox{,-esr,-bin} flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/firefox>
+}
diff --git a/profiles/apparmor.d/flatpak b/profiles/apparmor.d/flatpak
new file mode 100644
index 0000000000000000000000000000000000000000..846978470c7a4cf1e458cf8e537a0301bccb4dcc
--- /dev/null
+++ b/profiles/apparmor.d/flatpak
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile flatpak /usr/bin/flatpak flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/flatpak>
+}
diff --git a/profiles/apparmor.d/foliate b/profiles/apparmor.d/foliate
new file mode 100644
index 0000000000000000000000000000000000000000..efc3af14f3ce0a8a22b6945b47019b3adeececb6
--- /dev/null
+++ b/profiles/apparmor.d/foliate
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile foliate /usr/bin/foliate flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/foliate>
+}
diff --git a/profiles/apparmor.d/geary b/profiles/apparmor.d/geary
new file mode 100644
index 0000000000000000000000000000000000000000..6e65176cece82a9bbc5baa890a13d3d3571dbf85
--- /dev/null
+++ b/profiles/apparmor.d/geary
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile geary /usr/bin/geary flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/geary>
+}
diff --git a/profiles/apparmor.d/github-desktop b/profiles/apparmor.d/github-desktop
new file mode 100644
index 0000000000000000000000000000000000000000..d2c090874864e086581f11b9c3c939eae775244e
--- /dev/null
+++ b/profiles/apparmor.d/github-desktop
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile github-desktop /usr/lib/github-desktop/github-desktop flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/github-desktop>
+}
diff --git a/profiles/apparmor.d/goldendict b/profiles/apparmor.d/goldendict
new file mode 100644
index 0000000000000000000000000000000000000000..bb81eb914f86f38d83c8eceffcf2af839a35f9ff
--- /dev/null
+++ b/profiles/apparmor.d/goldendict
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile goldendict /usr/bin/goldendict flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/goldendict>
+}
diff --git a/profiles/apparmor.d/ipa_verify b/profiles/apparmor.d/ipa_verify
new file mode 100644
index 0000000000000000000000000000000000000000..c9772422cc10aac883f4bbe974e2fc4caf016afe
--- /dev/null
+++ b/profiles/apparmor.d/ipa_verify
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile ipa_verify /usr/bin/ipa_verify flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/ipa_verify>
+}
diff --git a/profiles/apparmor.d/kchmviewer b/profiles/apparmor.d/kchmviewer
new file mode 100644
index 0000000000000000000000000000000000000000..a604d90a89d4ab6c6613ce8715b13e0dc9d85fc2
--- /dev/null
+++ b/profiles/apparmor.d/kchmviewer
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile kchmviewer /usr/bin/kchmviewer flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/kchmviewer>
+}
diff --git a/profiles/apparmor.d/keybase b/profiles/apparmor.d/keybase
new file mode 100644
index 0000000000000000000000000000000000000000..1cd646d66ccf4ad3114d276b7b8051301ada8c4e
--- /dev/null
+++ b/profiles/apparmor.d/keybase
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile keybase /opt/keybase/Keybase flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/keybase>
+}
diff --git a/profiles/apparmor.d/lc-compliance b/profiles/apparmor.d/lc-compliance
new file mode 100644
index 0000000000000000000000000000000000000000..e7eb13ae087b6b43b24fe61a1a7d0fd4f918c1e3
--- /dev/null
+++ b/profiles/apparmor.d/lc-compliance
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile lc-compliance /usr/bin/lc-compliance flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/lc-compliance>
+}
diff --git a/profiles/apparmor.d/libcamerify b/profiles/apparmor.d/libcamerify
new file mode 100644
index 0000000000000000000000000000000000000000..3751b941c59a50b0ea759ebd79f7b5e33eb6d5ed
--- /dev/null
+++ b/profiles/apparmor.d/libcamerify
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile libcamerify /usr/bin/libcamerify flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/libcamerify>
+}
diff --git a/profiles/apparmor.d/linux-sandbox b/profiles/apparmor.d/linux-sandbox
new file mode 100644
index 0000000000000000000000000000000000000000..94f365a00ef59bb1514afdd58f578ed500dd8114
--- /dev/null
+++ b/profiles/apparmor.d/linux-sandbox
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile linux-sandbox /usr/libexec/@{multiarch}/bazel/linux-sandbox flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/linux-sandbox>
+}
diff --git a/profiles/apparmor.d/local/README b/profiles/apparmor.d/local/README
index b2db5c1860acaec677e9e2cb36f0e976ef28d2e2..688ed42349b8d93c9cfbe48a2c1ae65d060c44fb 100644
--- a/profiles/apparmor.d/local/README
+++ b/profiles/apparmor.d/local/README
@@ -13,9 +13,12 @@
#
# For example, if the shipped /etc/apparmor.d/usr.sbin.smbd profile has:
# include <local/usr.sbin.smbd>
+# or
+# include if exists <local/usr.sbin.smbd>
#
-# then an administrator can adjust /etc/apparmor.d/local/usr.sbin.smbd to
-# contain any additional paths to be allowed, such as:
+# then an administrator can adjust /etc/apparmor.d/local/usr.sbin.smbd
+# (create the file if it doesn't exist yet) to contain any additional paths
+# to be allowed, such as:
#
# /var/exports/** lrwk,
#
diff --git a/profiles/apparmor.d/loupe b/profiles/apparmor.d/loupe
new file mode 100644
index 0000000000000000000000000000000000000000..f1beaac75c9f0d8cc5bc3af523d8b4e716672589
--- /dev/null
+++ b/profiles/apparmor.d/loupe
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile loupe /usr/bin/loupe flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/loupe>
+}
diff --git a/profiles/apparmor.d/lsb_release b/profiles/apparmor.d/lsb_release
index 421a52f7e81f7367063c8c6ed6496be2e8039977..a3285bbe7873ccb106438fbf6a4468cb87fc6586 100644
--- a/profiles/apparmor.d/lsb_release
+++ b/profiles/apparmor.d/lsb_release
@@ -4,7 +4,7 @@
# is invoked from other confined applications, but not when it is used
# in regular (unconfined) shell scripts or run directly by the user.
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor.d/lxc-attach b/profiles/apparmor.d/lxc-attach
new file mode 100644
index 0000000000000000000000000000000000000000..f3846106a561a547d8be3bf6cdbf57d437ac5e03
--- /dev/null
+++ b/profiles/apparmor.d/lxc-attach
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile lxc-attach /usr/bin/lxc-attach flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/lxc-attach>
+}
diff --git a/profiles/apparmor.d/lxc-create b/profiles/apparmor.d/lxc-create
new file mode 100644
index 0000000000000000000000000000000000000000..44c5038a0d05955c0324aca698d7bde915d7b3b6
--- /dev/null
+++ b/profiles/apparmor.d/lxc-create
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile lxc-create /usr/bin/lxc-create flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/lxc-create>
+}
diff --git a/profiles/apparmor.d/lxc-destroy b/profiles/apparmor.d/lxc-destroy
new file mode 100644
index 0000000000000000000000000000000000000000..862b946fddfa7ce9c543ed61b3230e026ddae30a
--- /dev/null
+++ b/profiles/apparmor.d/lxc-destroy
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile lxc-destroy /usr/bin/lxc-destroy flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/lxc-destroy>
+}
diff --git a/profiles/apparmor.d/lxc-execute b/profiles/apparmor.d/lxc-execute
new file mode 100644
index 0000000000000000000000000000000000000000..8629fa4da94a8d75d4066c7f576548e574e12653
--- /dev/null
+++ b/profiles/apparmor.d/lxc-execute
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile lxc-execute /usr/bin/lxc-execute flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/lxc-execute>
+}
diff --git a/profiles/apparmor.d/lxc-stop b/profiles/apparmor.d/lxc-stop
new file mode 100644
index 0000000000000000000000000000000000000000..cb769df3e52584e53c014a8aab6f6c438a1d756c
--- /dev/null
+++ b/profiles/apparmor.d/lxc-stop
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile lxc-stop /usr/bin/lxc-stop flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/lxc-stop>
+}
diff --git a/profiles/apparmor.d/lxc-unshare b/profiles/apparmor.d/lxc-unshare
new file mode 100644
index 0000000000000000000000000000000000000000..36ca0ea91029f6f8ca33ceb72d1dc40e6fd8dc8f
--- /dev/null
+++ b/profiles/apparmor.d/lxc-unshare
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile lxc-unshare /usr/bin/lxc-unshare flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/lxc-unshare>
+}
diff --git a/profiles/apparmor.d/lxc-usernsexec b/profiles/apparmor.d/lxc-usernsexec
new file mode 100644
index 0000000000000000000000000000000000000000..4295abcc741abe4f5a5412483a3c6e1b29528d9c
--- /dev/null
+++ b/profiles/apparmor.d/lxc-usernsexec
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile lxc-usernsexec /usr/bin/lxc-usernsexec flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/lxc-usernsexec>
+}
diff --git a/profiles/apparmor.d/mmdebstrap b/profiles/apparmor.d/mmdebstrap
new file mode 100644
index 0000000000000000000000000000000000000000..d7fea3c28b35c3fdc41c962af01ff2e77786a064
--- /dev/null
+++ b/profiles/apparmor.d/mmdebstrap
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile mmdebstrap /usr/bin/mmdebstrap flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/mmdebstrap>
+}
diff --git a/profiles/apparmor.d/msedge b/profiles/apparmor.d/msedge
new file mode 100644
index 0000000000000000000000000000000000000000..0e3a1b3367f82ca950a62e275bf1588c05fcc186
--- /dev/null
+++ b/profiles/apparmor.d/msedge
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile msedge /opt/microsoft/msedge/msedge flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/msedge>
+}
diff --git a/profiles/apparmor.d/nautilus b/profiles/apparmor.d/nautilus
new file mode 100644
index 0000000000000000000000000000000000000000..d4031a0ea2631847c093a74c0095acaf33e8dfdf
--- /dev/null
+++ b/profiles/apparmor.d/nautilus
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile nautilus /usr/bin/nautilus flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/nautilus>
+}
diff --git a/profiles/apparmor.d/notepadqq b/profiles/apparmor.d/notepadqq
new file mode 100644
index 0000000000000000000000000000000000000000..e1d4160edac6d127ecd1970e6da16e5eaee04a5e
--- /dev/null
+++ b/profiles/apparmor.d/notepadqq
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile notepadqq /{{usr/bin,etc/alternatives}/notepadqq,usr/lib/notepadqq/notepadqq.sh} flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/notepadqq>
+}
diff --git a/profiles/apparmor.d/nvidia_modprobe b/profiles/apparmor.d/nvidia_modprobe
index 558f482076cef4da785d24b459df3f7e974608e9..c9642fdcac97d9968bd33b4c04abcd96952aa4f4 100644
--- a/profiles/apparmor.d/nvidia_modprobe
+++ b/profiles/apparmor.d/nvidia_modprobe
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor.d/obsidian b/profiles/apparmor.d/obsidian
new file mode 100644
index 0000000000000000000000000000000000000000..3d6ef7f44b60ea62b570015c651754030f2e8d90
--- /dev/null
+++ b/profiles/apparmor.d/obsidian
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile obsidian /opt/Obsidian/obsidian flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/obsidian>
+}
diff --git a/profiles/apparmor.d/opam b/profiles/apparmor.d/opam
new file mode 100644
index 0000000000000000000000000000000000000000..b0cd7a6618e6d483962e3113219b3a808642d333
--- /dev/null
+++ b/profiles/apparmor.d/opam
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile opam /usr/bin/opam flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/opam>
+}
diff --git a/profiles/apparmor.d/opera b/profiles/apparmor.d/opera
new file mode 100644
index 0000000000000000000000000000000000000000..cbf88c661cb05bc77231ff71fc89f9f69e0973aa
--- /dev/null
+++ b/profiles/apparmor.d/opera
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile opera /usr/lib/@{multiarch}/opera/opera flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/opera>
+}
diff --git a/profiles/apparmor.d/pageedit b/profiles/apparmor.d/pageedit
new file mode 100644
index 0000000000000000000000000000000000000000..baa0da7b45cc92972299ef119e6f241fc05899c5
--- /dev/null
+++ b/profiles/apparmor.d/pageedit
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile pageedit /usr/bin/pageedit flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/pageedit>
+}
diff --git a/profiles/apparmor.d/php-fpm b/profiles/apparmor.d/php-fpm
index 0dcc8c7df6bfafad70f81e5088f4b21bbd3b6662..29dd205d7475ecfd5dd8c5d1d01d3ba08065bfb2 100644
--- a/profiles/apparmor.d/php-fpm
+++ b/profiles/apparmor.d/php-fpm
@@ -1,18 +1,16 @@
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile php-fpm /usr/sbin/php-fpm* flags=(attach_disconnected) {
+profile php-fpm /usr/{bin,sbin}/php-fpm* flags=(attach_disconnected) {
# load common libraries and their support files
include <abstractions/base>
# resolve hostnames/usernames
include <abstractions/nameservice>
# common php files and support files that php needs
include <abstractions/php>
- # read openssl configuration
- include <abstractions/openssl>
# read the system certificates
include <abstractions/ssl_certs>
@@ -34,12 +32,15 @@ profile php-fpm /usr/sbin/php-fpm* flags=(attach_disconnected) {
/var/log/php*-fpm.log rw,
# we need to be able to create all sockets
- @{run}/php{,-fpm}/php*-fpm.pid rw,
+ @{run}/php{,-fpm,-fpm-legacy}/php*-fpm.pid rw,
@{run}/php*-fpm.pid rw,
- @{run}/php{,-fpm}/php*-fpm.sock rwlk,
+ @{run}/php{,-fpm,-fpm-legacy}/*.sock{,et} rwlk,
+
+ # LP: #2061113
+ owner @{run}/systemd/notify w,
# to reload
- /usr/sbin/php-fpm* rix,
+ /usr/{bin,sbin}/php-fpm* rix,
# no idea why php tries to open / read/write
deny / rw,
diff --git a/profiles/apparmor.d/plasmashell b/profiles/apparmor.d/plasmashell
new file mode 100644
index 0000000000000000000000000000000000000000..51c50a6894a64a11c3868544ed275666a33e05d4
--- /dev/null
+++ b/profiles/apparmor.d/plasmashell
@@ -0,0 +1,47 @@
+abi <abi/4.0>,
+
+include <tunables/global>
+
+profile plasmashell /usr/bin/plasmashell {
+ include <abstractions/dbus-session>
+
+ capability,
+ userns,
+ network,
+ dbus,
+ mount,
+ umount,
+ remount,
+ signal,
+ mqueue,
+ unix,
+ ptrace,
+
+ # allow executing QtWebEngineProcess with full permissions including userns (using profile stacking to avoid no_new_privs issues)
+ /usr/lib/x86_64-linux-gnu/qt[56]/libexec/QtWebEngineProcess cx -> &plasmashell//QtWebEngineProcess,
+ /usr/libexec/qt[56]/QtWebEngineProcess cx -> &plasmashell//QtWebEngineProcess,
+
+ # allow to execute all other programs under their own profile, or to run unconfined
+ /** pux,
+
+ /{,**} mrwlk,
+
+ profile QtWebEngineProcess {
+ capability,
+ userns,
+ network,
+ dbus,
+ mount,
+ umount,
+ remount,
+ signal,
+ mqueue,
+ unix,
+ ptrace,
+ /** pux,
+ /{,**} mrwlk,
+ }
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/plasmashell>
+}
diff --git a/profiles/apparmor.d/podman b/profiles/apparmor.d/podman
new file mode 100644
index 0000000000000000000000000000000000000000..54e29e2200176bc13d492422856057f175189f3f
--- /dev/null
+++ b/profiles/apparmor.d/podman
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile podman /usr/bin/podman flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/podman>
+}
diff --git a/profiles/apparmor.d/polypane b/profiles/apparmor.d/polypane
new file mode 100644
index 0000000000000000000000000000000000000000..ebe60e04d6aabf535ddea013488b2939f0e81b99
--- /dev/null
+++ b/profiles/apparmor.d/polypane
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile polypane /opt/Polypane/polypane flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/polypane>
+}
diff --git a/profiles/apparmor.d/privacybrowser b/profiles/apparmor.d/privacybrowser
new file mode 100644
index 0000000000000000000000000000000000000000..ee010b7a25d62d22c6f03d2f519f3a95146c371f
--- /dev/null
+++ b/profiles/apparmor.d/privacybrowser
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile privacybrowser /usr/bin/privacybrowser flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/privacybrowser>
+}
diff --git a/profiles/apparmor.d/qcam b/profiles/apparmor.d/qcam
new file mode 100644
index 0000000000000000000000000000000000000000..5da2f7bddaaf9d956395b457284f5f5eaf82da67
--- /dev/null
+++ b/profiles/apparmor.d/qcam
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile qcam /usr/bin/qcam flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/qcam>
+}
diff --git a/profiles/apparmor.d/qmapshack b/profiles/apparmor.d/qmapshack
new file mode 100644
index 0000000000000000000000000000000000000000..20ffad16946823db48fcb3f6b4abf86e8fc21f80
--- /dev/null
+++ b/profiles/apparmor.d/qmapshack
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile qmapshack /usr/bin/qmapshack flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/qmapshack>
+}
diff --git a/profiles/apparmor.d/qutebrowser b/profiles/apparmor.d/qutebrowser
new file mode 100644
index 0000000000000000000000000000000000000000..bc92a9910df8c75b3489c99b255fd45bdbc4427d
--- /dev/null
+++ b/profiles/apparmor.d/qutebrowser
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile qutebrowser /usr/bin/qutebrowser flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/qutebrowser>
+}
diff --git a/profiles/apparmor.d/rootlesskit b/profiles/apparmor.d/rootlesskit
new file mode 100644
index 0000000000000000000000000000000000000000..d5f4ac9635e2874d85938cf877ecfc30b3879a4d
--- /dev/null
+++ b/profiles/apparmor.d/rootlesskit
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile rootlesskit /usr/bin/rootlesskit flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/rootlesskit>
+}
diff --git a/profiles/apparmor.d/rpm b/profiles/apparmor.d/rpm
new file mode 100644
index 0000000000000000000000000000000000000000..04c95a629709f0a44214f9b9b6d6ffc10ec45c95
--- /dev/null
+++ b/profiles/apparmor.d/rpm
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile rpm /usr/bin/rpm flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/rpm>
+}
diff --git a/profiles/apparmor.d/rssguard b/profiles/apparmor.d/rssguard
new file mode 100644
index 0000000000000000000000000000000000000000..33b7d338ee5ebfa5d8c354bdbdb9fca3b714f0a5
--- /dev/null
+++ b/profiles/apparmor.d/rssguard
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile rssguard /usr/bin/rssguard flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/rssguard>
+}
diff --git a/profiles/apparmor.d/runc b/profiles/apparmor.d/runc
new file mode 100644
index 0000000000000000000000000000000000000000..d425495032d012ab9001264f2a2765de2cb09a56
--- /dev/null
+++ b/profiles/apparmor.d/runc
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile runc /usr/{bin,sbin}/runc flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/runc>
+}
diff --git a/profiles/apparmor.d/samba-bgqd b/profiles/apparmor.d/samba-bgqd
index a630213280e9758f38103c412c6a8e9b510c13a0..81d4953cd0d2d90c1ff4cefd453aef60be68fd2a 100644
--- a/profiles/apparmor.d/samba-bgqd
+++ b/profiles/apparmor.d/samba-bgqd
@@ -1,4 +1,4 @@
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -6,7 +6,6 @@ profile samba-bgqd /usr/lib*/samba/{,samba/}samba-bgqd {
include <abstractions/base>
include <abstractions/cups-client>
include <abstractions/nameservice>
- include <abstractions/openssl>
include <abstractions/samba>
signal receive set=term peer=smbd,
diff --git a/profiles/apparmor.d/samba-dcerpcd b/profiles/apparmor.d/samba-dcerpcd
index 12ea0f557d541131399eaab0a94ffd744d80483d..a118825e0cef1c8c3c12e6a3d46b46911fca3c34 100644
--- a/profiles/apparmor.d/samba-dcerpcd
+++ b/profiles/apparmor.d/samba-dcerpcd
@@ -9,19 +9,21 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
profile samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {
include <abstractions/samba-rpcd>
+ capability sys_resource,
+
@{run}/{,samba/}samba-dcerpcd.pid rwk,
/usr/lib*/samba/{,samba/}samba-dcerpcd mr,
/usr/lib*/samba/ r,
- /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} Px -> samba-rpcd,
+ /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg,witness} Px -> samba-rpcd,
/usr/lib*/samba/{,samba/}rpcd_classic Px -> samba-rpcd-classic,
/usr/lib*/samba/{,samba/}rpcd_spoolss Px -> samba-rpcd-spoolss,
diff --git a/profiles/apparmor.d/samba-rpcd b/profiles/apparmor.d/samba-rpcd
index 76bc3662a5694f78572f66b79860c9562ad97454..703447ae1d3b9c26a530b8604285fb9313300762 100644
--- a/profiles/apparmor.d/samba-rpcd
+++ b/profiles/apparmor.d/samba-rpcd
@@ -9,14 +9,19 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile samba-rpcd /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} {
+profile samba-rpcd /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg,witness} {
include <abstractions/samba-rpcd>
- /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} mr,
+ capability sys_resource,
+
+ /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg,witness} mr,
+
+ @{run}/samba/ncalrpc/np/lsarpc wr,
+ @{run}/samba/ncalrpc/np/mdssvc wr,
@{run}/samba/ncalrpc/np/winreg wr,
# Site-specific additions and overrides. See local/README for details.
diff --git a/profiles/apparmor.d/samba-rpcd-classic b/profiles/apparmor.d/samba-rpcd-classic
index 84a61f31206008de57720a16743a60243e70f137..eb1a642811ea269a80708e7d85ef1ad473ff8329 100644
--- a/profiles/apparmor.d/samba-rpcd-classic
+++ b/profiles/apparmor.d/samba-rpcd-classic
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -17,8 +17,18 @@ profile samba-rpcd-classic /usr/lib*/samba/{,samba/}rpcd_classic {
include <abstractions/samba-rpcd>
include <abstractions/wutmp>
+ capability sys_resource,
+
/usr/lib*/samba/{,samba/}rpcd_classic mr,
+ @{run}/samba/ncalrpc/np/srvsvc wr,
+ @{run}/samba/ncalrpc/np/winreg wr,
+ /dev/urandom rw,
+
+ /usr/lib*/samba/{,samba/}samba-dcerpcd Px -> samba-dcerpcd,
+
+ @{HOMEDIRS}/** lrwk,
+
# Site-specific additions and overrides. See local/README for details.
include if exists <local/samba-rpcd-classic>
}
diff --git a/profiles/apparmor.d/samba-rpcd-spoolss b/profiles/apparmor.d/samba-rpcd-spoolss
index 904fa01969ec177925bf30ed8ccc5f8150ac3e92..eda65fa9a879766ae5937ed54f513c8d2d61996a 100644
--- a/profiles/apparmor.d/samba-rpcd-spoolss
+++ b/profiles/apparmor.d/samba-rpcd-spoolss
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor.d/sbin.klogd b/profiles/apparmor.d/sbin.klogd
index cd0cfbb20bc4f092e0f002e1a9caeb9c28bd7d8a..918a38e52d8188be14cc5b055ab5c56fd1643027 100644
--- a/profiles/apparmor.d/sbin.klogd
+++ b/profiles/apparmor.d/sbin.klogd
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor.d/sbin.syslog-ng b/profiles/apparmor.d/sbin.syslog-ng
index 5ae85875b234670800ac2d34719a679e8673bcef..4936fadd10b6fbcd0eda330a8f635ac6a78a536d 100644
--- a/profiles/apparmor.d/sbin.syslog-ng
+++ b/profiles/apparmor.d/sbin.syslog-ng
@@ -10,7 +10,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -22,7 +22,6 @@ profile syslog-ng /{usr/,}{bin,sbin}/syslog-ng {
include <abstractions/consoles>
include <abstractions/nameservice>
include <abstractions/mysql>
- include <abstractions/openssl>
include <abstractions/python>
include <abstractions/hosts_access>
diff --git a/profiles/apparmor.d/sbin.syslogd b/profiles/apparmor.d/sbin.syslogd
index 33c0e7ce4d4145dbfa0ec515091150226a9aac5f..847c0c1a6030f04136b5c84bbb11aa5b6b5d4f32 100644
--- a/profiles/apparmor.d/sbin.syslogd
+++ b/profiles/apparmor.d/sbin.syslogd
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor.d/sbuild b/profiles/apparmor.d/sbuild
new file mode 100644
index 0000000000000000000000000000000000000000..1b9bae9998f95429419ab44a869f8195be35437e
--- /dev/null
+++ b/profiles/apparmor.d/sbuild
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile sbuild /usr/bin/sbuild flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/sbuild>
+}
diff --git a/profiles/apparmor.d/sbuild-abort b/profiles/apparmor.d/sbuild-abort
new file mode 100644
index 0000000000000000000000000000000000000000..b147d5b3b0624fa733751a979282a47eac9d85de
--- /dev/null
+++ b/profiles/apparmor.d/sbuild-abort
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile sbuild-abort /usr/bin/sbuild-abort flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/sbuild-abort>
+}
diff --git a/profiles/apparmor.d/sbuild-adduser b/profiles/apparmor.d/sbuild-adduser
new file mode 100644
index 0000000000000000000000000000000000000000..a7f1322baeb540785ec9d6cc602bdb9af471f6f6
--- /dev/null
+++ b/profiles/apparmor.d/sbuild-adduser
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile sbuild-adduser /usr/sbin/sbuild-adduser flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/sbuild-adduser>
+}
diff --git a/profiles/apparmor.d/sbuild-apt b/profiles/apparmor.d/sbuild-apt
new file mode 100644
index 0000000000000000000000000000000000000000..0257e4574d31131aa1296b4aa09b3cb8080acf82
--- /dev/null
+++ b/profiles/apparmor.d/sbuild-apt
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile sbuild-apt /usr/bin/sbuild-apt flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/sbuild-apt>
+}
diff --git a/profiles/apparmor.d/sbuild-checkpackages b/profiles/apparmor.d/sbuild-checkpackages
new file mode 100644
index 0000000000000000000000000000000000000000..aa52207eb843ec889d795bcdf8a5439b24c90291
--- /dev/null
+++ b/profiles/apparmor.d/sbuild-checkpackages
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile sbuild-checkpackages /usr/bin/sbuild-checkpackages flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/sbuild-checkpackages>
+}
diff --git a/profiles/apparmor.d/sbuild-clean b/profiles/apparmor.d/sbuild-clean
new file mode 100644
index 0000000000000000000000000000000000000000..c2ecc9cf76a059e75a46fdc2063f076ad5830995
--- /dev/null
+++ b/profiles/apparmor.d/sbuild-clean
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile sbuild-clean /usr/bin/sbuild-clean flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/sbuild-clean>
+}
diff --git a/profiles/apparmor.d/sbuild-createchroot b/profiles/apparmor.d/sbuild-createchroot
new file mode 100644
index 0000000000000000000000000000000000000000..e58b130c3c0a160185b01684b7d7639c6e344402
--- /dev/null
+++ b/profiles/apparmor.d/sbuild-createchroot
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile sbuild-createchroot /usr/bin/sbuild-createchroot flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/sbuild-createchroot>
+}
diff --git a/profiles/apparmor.d/sbuild-destroychroot b/profiles/apparmor.d/sbuild-destroychroot
new file mode 100644
index 0000000000000000000000000000000000000000..217809723b5a48dacd1c0b892eb89c52a7710447
--- /dev/null
+++ b/profiles/apparmor.d/sbuild-destroychroot
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile sbuild-destroychroot /usr/sbin/sbuild-destroychroot flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/sbuild-destroychroot>
+}
diff --git a/profiles/apparmor.d/sbuild-distupgrade b/profiles/apparmor.d/sbuild-distupgrade
new file mode 100644
index 0000000000000000000000000000000000000000..c5c6f7dfd4cca99e71937f9c8b3369d5b62a6330
--- /dev/null
+++ b/profiles/apparmor.d/sbuild-distupgrade
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile sbuild-distupgrade /usr/bin/sbuild-distupgrade flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/sbuild-distupgrade>
+}
diff --git a/profiles/apparmor.d/sbuild-hold b/profiles/apparmor.d/sbuild-hold
new file mode 100644
index 0000000000000000000000000000000000000000..7f592f1ccc5c7738b99704a0118d7ed3981b338b
--- /dev/null
+++ b/profiles/apparmor.d/sbuild-hold
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile sbuild-hold /usr/bin/sbuild-hold flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/sbuild-hold>
+}
diff --git a/profiles/apparmor.d/sbuild-shell b/profiles/apparmor.d/sbuild-shell
new file mode 100644
index 0000000000000000000000000000000000000000..be97320fd866fa243131e886bd044fc6a1dd2aaf
--- /dev/null
+++ b/profiles/apparmor.d/sbuild-shell
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile sbuild-shell /usr/bin/sbuild-shell flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/sbuild-shell>
+}
diff --git a/profiles/apparmor.d/sbuild-unhold b/profiles/apparmor.d/sbuild-unhold
new file mode 100644
index 0000000000000000000000000000000000000000..c06f56deb5055d6a2521b1ab6cd6624a4e2253f7
--- /dev/null
+++ b/profiles/apparmor.d/sbuild-unhold
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile sbuild-unhold /usr/bin/sbuild-unhold flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/sbuild-unhold>
+}
diff --git a/profiles/apparmor.d/sbuild-update b/profiles/apparmor.d/sbuild-update
new file mode 100644
index 0000000000000000000000000000000000000000..dcca130df050121aa1bcdd59484394e0e663fd24
--- /dev/null
+++ b/profiles/apparmor.d/sbuild-update
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile sbuild-update /usr/bin/sbuild-update flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/sbuild-update>
+}
diff --git a/profiles/apparmor.d/sbuild-upgrade b/profiles/apparmor.d/sbuild-upgrade
new file mode 100644
index 0000000000000000000000000000000000000000..be154b03e9946e8194c685e1266f2d560b0620d8
--- /dev/null
+++ b/profiles/apparmor.d/sbuild-upgrade
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile sbuild-upgrade /usr/bin/sbuild-upgrade flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/sbuild-upgrade>
+}
diff --git a/profiles/apparmor.d/scide b/profiles/apparmor.d/scide
new file mode 100644
index 0000000000000000000000000000000000000000..4cbde8bfbd77b504d9ff3d42d70275bedb47a7ad
--- /dev/null
+++ b/profiles/apparmor.d/scide
@@ -0,0 +1,13 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+#supercollider-ide
+profile scide /usr/bin/scide flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/scide>
+}
diff --git a/profiles/apparmor.d/signal-desktop b/profiles/apparmor.d/signal-desktop
new file mode 100644
index 0000000000000000000000000000000000000000..05738b995795d2c72b830d4eb7325ef301d4e210
--- /dev/null
+++ b/profiles/apparmor.d/signal-desktop
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile signal-desktop /opt/Signal/signal-desktop flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/signal-desktop>
+}
diff --git a/profiles/apparmor.d/slack b/profiles/apparmor.d/slack
new file mode 100644
index 0000000000000000000000000000000000000000..158b3d3c7c2fade36650356cfdc51113b8df847b
--- /dev/null
+++ b/profiles/apparmor.d/slack
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile slack /usr/lib/slack/slack flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/slack>
+}
diff --git a/profiles/apparmor.d/slirp4netns b/profiles/apparmor.d/slirp4netns
new file mode 100644
index 0000000000000000000000000000000000000000..014819edc1aefded7d0e07d68465513ee11e265c
--- /dev/null
+++ b/profiles/apparmor.d/slirp4netns
@@ -0,0 +1,16 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile slirp4netns /usr/bin/slirp4netns flags=(unconfined) {
+ userns,
+
+ # pivot_root is required for running `slirp4netns --enable-sandbox` inside LXD.
+ # https://github.com/rootless-containers/slirp4netns/issues/348
+ pivot_root,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/slirp4netns>
+}
diff --git a/profiles/apparmor.d/steam b/profiles/apparmor.d/steam
new file mode 100644
index 0000000000000000000000000000000000000000..ebd06f71dfbc89674036cd4c3066959254c44e5f
--- /dev/null
+++ b/profiles/apparmor.d/steam
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile steam /usr/{lib/steam/bin_steam.sh,games/steam} flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/steam>
+}
diff --git a/profiles/apparmor.d/stress-ng b/profiles/apparmor.d/stress-ng
new file mode 100644
index 0000000000000000000000000000000000000000..314b8156367df70fa99d5377ad74547dfc9f421b
--- /dev/null
+++ b/profiles/apparmor.d/stress-ng
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile stress-ng /usr/bin/stress-ng flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/stress-ng>
+}
diff --git a/profiles/apparmor.d/surfshark b/profiles/apparmor.d/surfshark
new file mode 100644
index 0000000000000000000000000000000000000000..adbd896d598154680b4d55b87ae73e8a17460975
--- /dev/null
+++ b/profiles/apparmor.d/surfshark
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile surfshark /opt/Surfshark/surfshark flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/surfshark>
+}
diff --git a/profiles/apparmor.d/systemd-coredump b/profiles/apparmor.d/systemd-coredump
new file mode 100644
index 0000000000000000000000000000000000000000..5b89dcd08fc2b54c15fe2c46dad5cf4832cae40a
--- /dev/null
+++ b/profiles/apparmor.d/systemd-coredump
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile systemd-coredump /usr/lib/systemd/systemd-coredump flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/systemd-coredump>
+}
diff --git a/profiles/apparmor.d/thunderbird b/profiles/apparmor.d/thunderbird
new file mode 100644
index 0000000000000000000000000000000000000000..060eb24da28910d1a870ff1de3691b81cd08ea66
--- /dev/null
+++ b/profiles/apparmor.d/thunderbird
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile thunderbird /usr/bin/thunderbird flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/thunderbird>
+}
diff --git a/profiles/apparmor.d/toybox b/profiles/apparmor.d/toybox
new file mode 100644
index 0000000000000000000000000000000000000000..e384606e33d80561a4ad756607ccfd6220fe9a12
--- /dev/null
+++ b/profiles/apparmor.d/toybox
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile toybox /usr/bin/toybox flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/toybox>
+}
diff --git a/profiles/apparmor.d/transmission b/profiles/apparmor.d/transmission
new file mode 100644
index 0000000000000000000000000000000000000000..5b05af30407e33d59aec64149f73a43d4f0d4843
--- /dev/null
+++ b/profiles/apparmor.d/transmission
@@ -0,0 +1,76 @@
+# vim:syntax=apparmor
+# Author: Daniel Richard G. <skunk@iSKUNK.ORG>
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+profile transmission-daemon /usr/bin/transmission-daemon flags=(complain,attach_disconnected) {
+ # Don't use abstractions/transmission-common here, as the
+ # access needed is narrower than the user applications
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/openssl>
+
+ network inet dgram,
+ network inet6 dgram,
+ network inet stream,
+ network inet6 stream,
+
+ owner @{PROC}/@{pid}/mounts r,
+ @{PROC}/sys/kernel/random/uuid r,
+
+ @{run}/systemd/notify w,
+
+ /etc/transmission-daemon/** r,
+ owner /etc/transmission-daemon/settings.json{,.tmp.*} rw,
+
+ owner /tmp/tr_session_id_* rwk,
+
+ /usr/share/transmission/web/** r,
+
+ owner /var/lib/transmission-daemon/.config/transmission-daemon/** rw,
+ owner /var/lib/transmission-daemon/downloads/** rw,
+ owner /var/lib/transmission-daemon/info/** rw,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/transmission>
+ include if exists <local/transmission-daemon>
+}
+
+profile transmission-cli /usr/bin/transmission-cli flags=(complain) {
+ include <abstractions/transmission-common>
+ include <abstractions/consoles>
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/transmission>
+ include if exists <local/transmission-cli>
+}
+
+profile transmission-gtk /usr/bin/transmission-gtk flags=(complain,attach_disconnected) {
+ include <abstractions/transmission-common>
+ include <abstractions/dbus-session-strict>
+ include <abstractions/dconf>
+ include <abstractions/gnome>
+
+ owner @{run}/user/*/dconf/user w,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/transmission>
+ include if exists <local/transmission-gtk>
+}
+
+profile transmission-qt /usr/bin/transmission-qt flags=(complain) {
+ include <abstractions/transmission-common>
+ include <abstractions/dbus-accessibility-strict>
+ include <abstractions/dbus-network-manager-strict>
+ include <abstractions/dbus-session-strict>
+ include <abstractions/fonts>
+ include <abstractions/X>
+ include <abstractions/qt5>
+ include <abstractions/qt5-settings-write>
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/transmission>
+ include if exists <local/transmission-qt>
+}
diff --git a/profiles/apparmor.d/trinity b/profiles/apparmor.d/trinity
new file mode 100644
index 0000000000000000000000000000000000000000..41e2346adf9b328eb9f563be6aeb82d43d05e193
--- /dev/null
+++ b/profiles/apparmor.d/trinity
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile trinity /usr/bin/trinity flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/trinity>
+}
diff --git a/profiles/apparmor.d/tunables/alias b/profiles/apparmor.d/tunables/alias
index a0c55c4f815e8b8bffc9e6dea44fc1cd5b625281..15385aa7cc11ce3f576c4424a4a039ed6bcefa63 100644
--- a/profiles/apparmor.d/tunables/alias
+++ b/profiles/apparmor.d/tunables/alias
@@ -14,3 +14,6 @@
#
# Or if mysql databases are stored in /home:
# alias /var/lib/mysql/ -> /home/mysql/,
+
+# Also, include files in tunables/alias.d for site-specific adjustments
+include if exists <tunables/alias.d>
diff --git a/profiles/apparmor.d/tunables/apparmorfs b/profiles/apparmor.d/tunables/apparmorfs
index 2028097f5ab5495d76eb7de9c5c89562c74df89f..ff30e8f8bc43e034fba5bbbb9ca0b8909d3227cb 100644
--- a/profiles/apparmor.d/tunables/apparmorfs
+++ b/profiles/apparmor.d/tunables/apparmorfs
@@ -9,3 +9,6 @@
include <tunables/securityfs>
@{apparmorfs}=@{securityfs}/apparmor/
+
+# Also, include files in tunables/apparmorfs.d for site-specific adjustments
+include if exists <tunables/apparmorfs.d>
diff --git a/profiles/apparmor.d/tunables/dovecot b/profiles/apparmor.d/tunables/dovecot
index 702da58e07cdea132491e823c8bf1f11c2e83f5b..6779a9a19df36bfe7121788ddb8de96796ceac86 100644
--- a/profiles/apparmor.d/tunables/dovecot
+++ b/profiles/apparmor.d/tunables/dovecot
@@ -18,3 +18,5 @@
@{DOVECOT_MAILSTORE}=@{HOME}/Maildir/ @{HOME}/mail/ @{HOME}/Mail/ /var/vmail/ /var/mail/ /var/spool/mail/
+# Also, include files in tunables/dovecot.d for site-specific adjustments
+include if exists <tunables/dovecot.d>
diff --git a/profiles/apparmor.d/tunables/etc b/profiles/apparmor.d/tunables/etc
index 142874af8de249b9572a7dd33e923413c87c0efc..353cb57eb3ecd5842e96337a13c87643a476954e 100644
--- a/profiles/apparmor.d/tunables/etc
+++ b/profiles/apparmor.d/tunables/etc
@@ -24,6 +24,5 @@
# For rules that only allows read access, use @{etc_ro}.
@{etc_rw}=/etc/
-# Also, include files in tunables/etc.d/ for site-specific adjustments to
-# @{etc_ro} and @{etc_rw}.
+# Also, include files in tunables/etc.d for site-specific adjustments
include if exists <tunables/etc.d>
diff --git a/profiles/apparmor.d/tunables/global b/profiles/apparmor.d/tunables/global
index 3dd4bfdb1746816ce7ceebe8d70130645dc9ebda..70e88641305892837f7b4d4e7e8d093b55b9cb09 100644
--- a/profiles/apparmor.d/tunables/global
+++ b/profiles/apparmor.d/tunables/global
@@ -17,7 +17,11 @@ include <tunables/multiarch>
include <tunables/proc>
include <tunables/alias>
include <tunables/kernelvars>
+include <tunables/system>
include <tunables/xdg-user-dirs>
include <tunables/share>
include <tunables/etc>
include <tunables/run>
+
+# Also, include files in tunables/global.d for site-specific adjustments
+include if exists <tunables/global.d>
diff --git a/profiles/apparmor.d/tunables/home b/profiles/apparmor.d/tunables/home
index b99cd491cea557e10da03bbc8080460363d7ebd6..468adb3e0f35eb703cc3fa5deab3b02a25042fe5 100644
--- a/profiles/apparmor.d/tunables/home
+++ b/profiles/apparmor.d/tunables/home
@@ -20,6 +20,5 @@
# refer to a specific home directory
@{HOME}=@{HOMEDIRS}/*/ /root/
-# Also, include files in tunables/home.d for site-specific adjustments to
-# @{HOMEDIRS}.
-include <tunables/home.d>
+# Also, include files in tunables/home.d for site-specific adjustments
+include if exists <tunables/home.d>
diff --git a/profiles/apparmor.d/tunables/kernelvars b/profiles/apparmor.d/tunables/kernelvars
index 65ee2667f26054c2cf0c3a696eba496e056fc948..0edd9e0ad916ff85d916d9c3ce34b5529cca92b0 100644
--- a/profiles/apparmor.d/tunables/kernelvars
+++ b/profiles/apparmor.d/tunables/kernelvars
@@ -31,3 +31,6 @@
# until kernel var is implemented
@{sys}=/sys/
+
+# Also, include files in tunables/kernelvars.d for site-specific adjustments
+include if exists <tunables/kernelvars.d>
diff --git a/profiles/apparmor.d/tunables/multiarch b/profiles/apparmor.d/tunables/multiarch
index 32fd1aa105ecbb26c7fea9ddc9c2c2bdd3cb0fb0..5075e8dc49f610538b0e87f04253c2630199fda4 100644
--- a/profiles/apparmor.d/tunables/multiarch
+++ b/profiles/apparmor.d/tunables/multiarch
@@ -12,6 +12,5 @@
# install prefixes.
@{multiarch}=*-linux-gnu*
-# Also, include files in tunables/multiarch.d for site and packaging
-# specific adjustments to @{multiarch}.
-include <tunables/multiarch.d>
+# Also, include files in tunables/multiarch.d for site-specific adjustments
+include if exists <tunables/multiarch.d>
diff --git a/profiles/apparmor.d/tunables/ntpd b/profiles/apparmor.d/tunables/ntpd
index dbede22e3d7b18d4ab608933e7413e9407f9ca27..e5d5bc838ccc7ac4bc58a65be978f23bdffcb0ce 100644
--- a/profiles/apparmor.d/tunables/ntpd
+++ b/profiles/apparmor.d/tunables/ntpd
@@ -12,3 +12,6 @@
#Add your ntpd devices here eg. if you have a DCF clock
# @{NTPD_DEVICE}=/dev/ttyS*
@{NTPD_DEVICE}="/dev/tty10"
+
+# Also, include files in tunables/ntpd.d for site-specific adjustments
+include if exists <tunables/ntpd.d>
diff --git a/profiles/apparmor.d/tunables/proc b/profiles/apparmor.d/tunables/proc
index 25a1964ded6a9ba0ad832746852cbbbbf27fade3..a0e4b5057ccf1cdcec59c23db4e15a0dbcbe1c61 100644
--- a/profiles/apparmor.d/tunables/proc
+++ b/profiles/apparmor.d/tunables/proc
@@ -10,3 +10,6 @@
# @{PROC} is the location where procfs is mounted.
@{PROC}=/proc/
+
+# Also, include files in tunables/proc.d for site-specific adjustments
+include if exists <tunables/proc.d>
diff --git a/profiles/apparmor.d/tunables/run b/profiles/apparmor.d/tunables/run
index 5b81925e7b50e87f693b659a4cb7e6beeee82dff..5a5b97b05af02572f8096fc21659e7d55866e8cf 100644
--- a/profiles/apparmor.d/tunables/run
+++ b/profiles/apparmor.d/tunables/run
@@ -1 +1,4 @@
@{run}=/run/ /var/run/
+
+# Also, include files in tunables/run.d for site-specific adjustments
+include if exists <tunables/run.d>
diff --git a/profiles/apparmor.d/tunables/securityfs b/profiles/apparmor.d/tunables/securityfs
index c572139fb57a069e69b75da68aa4fe0733527339..652f92d7f499f04600d0f2b4c8c1e013cf93d234 100644
--- a/profiles/apparmor.d/tunables/securityfs
+++ b/profiles/apparmor.d/tunables/securityfs
@@ -8,3 +8,6 @@
# @{securityfs} is the location where securityfs is mounted.
@{securityfs}=@{sys}/kernel/security/
+
+# Also, include files in tunables/securityfs.d for site-specific adjustments
+include if exists <tunables/securityfs.d>
diff --git a/profiles/apparmor.d/tunables/share b/profiles/apparmor.d/tunables/share
index f41121c8ac4046018710887c28ea29881f351105..8aa5fba98591b407aeb5fa292501fcc7ccb1a123 100644
--- a/profiles/apparmor.d/tunables/share
+++ b/profiles/apparmor.d/tunables/share
@@ -13,3 +13,6 @@
# XDG_DATA_DIRS or XDG_DATA_HOME, and are the parent directory
# for the same subdirectories as @{system_share_dirs}
@{user_share_dirs} = @{HOME}/.local{,/share/@{flatpak_exports_root}}/share
+
+# Also, include files in tunables/share.d for site-specific adjustments
+include if exists <tunables/share.d>
diff --git a/profiles/apparmor.d/tunables/system b/profiles/apparmor.d/tunables/system
new file mode 100644
index 0000000000000000000000000000000000000000..2b5e6cce227dca32fb6f2f254224a0673b227784
--- /dev/null
+++ b/profiles/apparmor.d/tunables/system
@@ -0,0 +1,99 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# Any digit
+@{d}=[0-9]
+
+# Any letter
+@{l}=[a-zA-Z]
+
+# Single alphanumeric character
+@{c}=[0-9a-zA-Z]
+
+# Word character: matches any letter, digit or underscore.
+@{w}=[a-zA-Z0-9_]
+
+# Single hexadecimal character
+@{h}=[0-9a-fA-F]
+
+# Integer up to 10 digits (0-9999999999)
+@{int}=@{d}{@{d},}{@{d},}{@{d},}{@{d},}{@{d},}{@{d},}{@{d},}{@{d},}{@{d},}
+
+# hexadecimal, alphanumeric and word up to 64 characters
+@{hex}=@{h}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}{@{h},}
+@{rand}=@{c}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}
+@{word}=@{w}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}{@{w},}
+
+# Unsigned integer over 8 bits (0...255)
+@{u8}=[0-9]{[0-9],} 1[0-9][0-9] 2[0-4][0-9] 25[0-5]
+
+# Unsigned integer over 16 bits (0...65,535 5 digits)
+@{u16}={@{d},[1-9]@{d},[1-9][@{d}@{d},[1-9]@{d}@{d}@{d},[1-6]@{d}@{d}@{d}@{d}}
+
+# Unsigned integer over 32 bits (0...4,294,967,295 10 digits)
+@{u32}={@{d},[1-9]@{d},[1-9]@{d}@{d},[1-9]@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-4]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}}
+
+# Unsigned integer over 64 bits (0...18,446,744,073,709,551,615 20 digits).
+@{u64}={@{d},[1-9]@{d},[1-9]@{d}@{d},[1-9]@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},[1-9]@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d},1@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}@{d}}
+
+# Any x digits characters
+@{int2}=@{d}@{d}
+@{int4}=@{int2}@{int2}
+@{int6}=@{int4}@{int2}
+@{int8}=@{int4}@{int4}
+@{int9}=@{int8}@{d}
+@{int10}=@{int8}@{int2}
+@{int12}=@{int8}@{int4}
+@{int15}=@{int8}@{int4}@{int2}@{d}
+@{int16}=@{int8}@{int8}
+@{int32}=@{int16}@{int16}
+@{int64}=@{int32}@{int32}
+
+# Any x hexadecimal characters
+@{hex2}=@{h}@{h}
+@{hex4}=@{hex2}@{hex2}
+@{hex6}=@{hex4}@{hex2}
+@{hex8}=@{hex4}@{hex4}
+@{hex9}=@{hex8}@{h}
+@{hex10}=@{hex8}@{hex2}
+@{hex12}=@{hex8}@{hex4}
+@{hex15}=@{hex8}@{hex4}@{hex2}@{h}
+@{hex16}=@{hex8}@{hex8}
+@{hex32}=@{hex16}@{hex16}
+@{hex38}=@{hex32}@{hex6}
+@{hex64}=@{hex32}@{hex32}
+
+# Any x alphanumeric characters
+@{rand2}=@{c}@{c}
+@{rand4}=@{rand2}@{rand2}
+@{rand6}=@{rand4}@{rand2}
+@{rand8}=@{rand4}@{rand4}
+@{rand9}=@{rand8}@{c}
+@{rand10}=@{rand8}@{rand2}
+@{rand12}=@{rand8}@{rand4}
+@{rand15}=@{rand8}@{rand4}@{rand2}@{c}
+@{rand16}=@{rand8}@{rand8}
+@{rand32}=@{rand16}@{rand16}
+@{rand64}=@{rand32}@{rand32}
+
+# Any x word characters
+@{word2}=@{w}@{w}
+@{word4}=@{word2}@{word2}
+@{word6}=@{word4}@{word2}
+@{word8}=@{word4}@{word4}
+@{word9}=@{word8}@{w}
+@{word10}=@{word8}@{word2}
+@{word12}=@{word8}@{word4}
+@{word15}=@{word8}@{word4}@{word2}@{w}
+@{word16}=@{word8}@{word8}
+@{word32}=@{word16}@{word16}
+@{word64}=@{word32}@{word32}
+
+include if exists <tunables/system.d>
diff --git a/profiles/apparmor.d/tunables/xdg-user-dirs b/profiles/apparmor.d/tunables/xdg-user-dirs
index 9488f96a29eebd3d507cbe098764203e1a4d7cc4..a73f4d732729963c85b40b6c6099a4689d21735c 100644
--- a/profiles/apparmor.d/tunables/xdg-user-dirs
+++ b/profiles/apparmor.d/tunables/xdg-user-dirs
@@ -20,5 +20,4 @@
@{XDG_VIDEOS_DIR}="Videos"
# Also, include files in tunables/xdg-user-dirs.d for site-specific adjustments
-# to the various XDG directories
-include <tunables/xdg-user-dirs.d>
+include if exists <tunables/xdg-user-dirs.d>
diff --git a/profiles/apparmor.d/tup b/profiles/apparmor.d/tup
new file mode 100644
index 0000000000000000000000000000000000000000..482a0d326ebd11f58da587ac9ef9e36f9d410b55
--- /dev/null
+++ b/profiles/apparmor.d/tup
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile tup /usr/bin/tup flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/tup>
+}
diff --git a/profiles/apparmor.d/tuxedo-control-center b/profiles/apparmor.d/tuxedo-control-center
new file mode 100644
index 0000000000000000000000000000000000000000..d64c762af21e598053d6198539443f90ef4e2b53
--- /dev/null
+++ b/profiles/apparmor.d/tuxedo-control-center
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label unconfined
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile tuxedo-control-center /opt/tuxedo-control-center/tuxedo-control-center flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/tuxedo-control-center>
+}
diff --git a/profiles/apparmor.d/unix-chkpwd b/profiles/apparmor.d/unix-chkpwd
new file mode 100644
index 0000000000000000000000000000000000000000..a8ec8d43fe80b328684d17b78878e8e5a78a91d5
--- /dev/null
+++ b/profiles/apparmor.d/unix-chkpwd
@@ -0,0 +1,35 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2019-2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+# The apparmor.d project comes with several variables and abstractions
+# that are not part of upstream AppArmor yet. Therefore this profile was
+# adopted to use abstractions and variables that are available.
+# Copyright (C) Christian Boltz 2024
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+profile unix-chkpwd /{,usr/}{,s}bin/unix_chkpwd {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+
+ # To write records to the kernel auditing log.
+ capability audit_write,
+
+ network netlink raw,
+
+ /{,usr/}{,s}bin/unix_chkpwd mr,
+
+ /etc/shadow r,
+
+ # systemd userdb, used in nspawn
+ /run/host/userdb/*.user r,
+ /run/host/userdb/*.user-privileged r,
+
+ # file_inherit
+ owner /dev/tty[0-9]* rw,
+
+ include if exists <local/unix-chkpwd>
+}
diff --git a/profiles/apparmor.d/unprivileged_userns b/profiles/apparmor.d/unprivileged_userns
new file mode 100644
index 0000000000000000000000000000000000000000..a131c9ce8881c96f543922e3a321fcb689b24765
--- /dev/null
+++ b/profiles/apparmor.d/unprivileged_userns
@@ -0,0 +1,27 @@
+# Special profile transitioned to by unconfined when creating an unprivileged
+# user namespace.
+#
+abi <abi/4.0>,
+include <tunables/global>
+
+profile unprivileged_userns {
+ audit deny capability,
+ audit deny change_profile,
+
+ # allow block to be replaced by allow when x dominance test is fixed
+ #allow all,
+ allow network,
+ allow signal,
+ allow dbus,
+ allow file rwlkm /**,
+ allow unix,
+ allow mqueue,
+ allow ptrace,
+ allow userns,
+
+ # stack children to strip capabilities
+ allow pix /** -> &unprivileged_userns ,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/unprivileged_userns>
+}
diff --git a/profiles/apparmor.d/userbindmount b/profiles/apparmor.d/userbindmount
new file mode 100644
index 0000000000000000000000000000000000000000..406f494c7d4fa69eaa04fa5d76a79542e3bc03de
--- /dev/null
+++ b/profiles/apparmor.d/userbindmount
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile userbindmount /usr/bin/userbindmount flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/userbindmount>
+}
diff --git a/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 b/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
index 7126bdc7644a182bb0a46278b71fbea1500eca7f..fdc1f40e59fb56c91f8c6b19072bda87e8c40622 100644
--- a/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
+++ b/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
@@ -1,6 +1,6 @@
# Author: Marc Deslauriers <marc.deslauriers@ubuntu.com>
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
/usr/lib/apache2/mpm-prefork/apache2 {
diff --git a/profiles/apparmor.d/usr.lib.dovecot.anvil b/profiles/apparmor.d/usr.lib.dovecot.anvil
index e5f3d16ac6bb473d2847c17dc9a4737e7d874142..3e240cd706ca5ad783115373b37d64197749e1ed 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.anvil
+++ b/profiles/apparmor.d/usr.lib.dovecot.anvil
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor.d/usr.lib.dovecot.auth b/profiles/apparmor.d/usr.lib.dovecot.auth
index 1b49f72c02cd9acee00861d8df5d38c6554f03a8..5e464e385c05c12c6d2f0ce722219c7592d376eb 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.auth
+++ b/profiles/apparmor.d/usr.lib.dovecot.auth
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -19,7 +19,6 @@ profile dovecot-auth /usr/lib*/dovecot/auth {
include <abstractions/base>
include <abstractions/mysql>
include <abstractions/nameservice>
- include <abstractions/openssl>
include <abstractions/wutmp>
include <abstractions/dovecot-common>
diff --git a/profiles/apparmor.d/usr.lib.dovecot.config b/profiles/apparmor.d/usr.lib.dovecot.config
index c9beadc69cf73326797cdc70c898c4c05cd2600d..06ff4b8633192723c2dc74a481078cbe4c228996 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.config
+++ b/profiles/apparmor.d/usr.lib.dovecot.config
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor.d/usr.lib.dovecot.deliver b/profiles/apparmor.d/usr.lib.dovecot.deliver
index f801b9be4568c9a494ca4b3f18f7c3b54e5d7604..dc90b6a0e702123fafaf7f443c357e2b0ceea61b 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.deliver
+++ b/profiles/apparmor.d/usr.lib.dovecot.deliver
@@ -11,7 +11,7 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
include <tunables/dovecot>
diff --git a/profiles/apparmor.d/usr.lib.dovecot.dict b/profiles/apparmor.d/usr.lib.dovecot.dict
index 5c88f08c9e286c9206bcc19106bbbb222d931680..840f91c2e1eeb297b8c56b025b9ad321e35cb9d1 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.dict
+++ b/profiles/apparmor.d/usr.lib.dovecot.dict
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -17,7 +17,6 @@ profile dovecot-dict /usr/lib*/dovecot/dict {
include <abstractions/base>
include <abstractions/mysql>
include <abstractions/nameservice>
- include <abstractions/openssl>
include <abstractions/dovecot-common>
capability setuid,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth b/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth
index 65a14b37ecfe516ea8ed6358675ba96c015ba50a..3a53ee3baf27b0c9a024ea9232231df9ade81f5c 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth
+++ b/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda b/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
index fa208f0b8831535693800b4e05f441b20f989e3d..7a568c166abc5cac5cb32a4d3ea4a471dd9bbc9b 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
+++ b/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
include <tunables/dovecot>
diff --git a/profiles/apparmor.d/usr.lib.dovecot.imap b/profiles/apparmor.d/usr.lib.dovecot.imap
index cc5d2e14a071e46c8b3a2fba8661ac6883375d44..383a80dadb7897d008f07af68d121bb2a3ca65dc 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.imap
+++ b/profiles/apparmor.d/usr.lib.dovecot.imap
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
include <tunables/dovecot>
diff --git a/profiles/apparmor.d/usr.lib.dovecot.imap-login b/profiles/apparmor.d/usr.lib.dovecot.imap-login
index 96fce2a3e3327041174d7cad07cf2e4a06710c1a..f62d2731ae4a2200c05d9dbd3356738e62b657f8 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.imap-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.imap-login
@@ -10,14 +10,13 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
profile dovecot-imap-login /usr/lib*/dovecot/imap-login {
include <abstractions/base>
include <abstractions/dovecot-common>
- include <abstractions/openssl>
capability setuid,
capability sys_chroot,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.lmtp b/profiles/apparmor.d/usr.lib.dovecot.lmtp
index 462d5e6b7fbf598372bee307c0a7a5d4b381752d..2c179b903b15466a6ff67f07244d48eeb607ec89 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.lmtp
+++ b/profiles/apparmor.d/usr.lib.dovecot.lmtp
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
include <tunables/dovecot>
@@ -18,7 +18,6 @@ profile dovecot-lmtp /usr/lib*/dovecot/lmtp {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/dovecot-common>
- include <abstractions/openssl>
include <abstractions/ssl_certs>
include <abstractions/ssl_keys>
diff --git a/profiles/apparmor.d/usr.lib.dovecot.log b/profiles/apparmor.d/usr.lib.dovecot.log
index e527f290d07606a356ba749b513f122d30ba33df..44420fa328004096e1e56c374346b634f9c77367 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.log
+++ b/profiles/apparmor.d/usr.lib.dovecot.log
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor.d/usr.lib.dovecot.managesieve b/profiles/apparmor.d/usr.lib.dovecot.managesieve
index 83d4926d0df481c29dfc266d6bd4e463b052c9f5..2dfe2738d5071933f4c06645ec792623a698fb5c 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.managesieve
+++ b/profiles/apparmor.d/usr.lib.dovecot.managesieve
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
include <tunables/dovecot>
diff --git a/profiles/apparmor.d/usr.lib.dovecot.managesieve-login b/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
index b5ca9053a37852727d761b4e3104156bc480d9e6..f3a89ee52cee3c83f287c80cc09a6d74a568262e 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
@@ -12,14 +12,13 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
profile dovecot-managesieve-login /usr/lib*/dovecot/managesieve-login {
include <abstractions/base>
include <abstractions/dovecot-common>
- include <abstractions/openssl>
capability setuid,
capability sys_chroot,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.pop3 b/profiles/apparmor.d/usr.lib.dovecot.pop3
index bef8d923a0141ab2a2c719e18ee4f3a83e18d2a8..99f6aae306e9bd94154906a5c002d86524761963 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.pop3
+++ b/profiles/apparmor.d/usr.lib.dovecot.pop3
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
include <tunables/dovecot>
diff --git a/profiles/apparmor.d/usr.lib.dovecot.pop3-login b/profiles/apparmor.d/usr.lib.dovecot.pop3-login
index 457a0f637129c22388776579f289209e06cde6cb..753727e60ceb98e3182241d4ae4c5abaca6d9aca 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.pop3-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.pop3-login
@@ -10,14 +10,13 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
profile dovecot-pop3-login /usr/lib*/dovecot/pop3-login {
include <abstractions/base>
include <abstractions/dovecot-common>
- include <abstractions/openssl>
capability setuid,
capability sys_chroot,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.script-login b/profiles/apparmor.d/usr.lib.dovecot.script-login
index 4b5c37a12a1db5b6ba2d078df38dc0be57afeb6b..0ce6d93771886515cd920db09fa8cdac93699ef6 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.script-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.script-login
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor.d/usr.lib.dovecot.ssl-params b/profiles/apparmor.d/usr.lib.dovecot.ssl-params
index f31b9f37ea8d8972ba5edf2d9395a134d55733ef..a00b7f12752063cf265ae2c41aa404cdd75ad9b1 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.ssl-params
+++ b/profiles/apparmor.d/usr.lib.dovecot.ssl-params
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor.d/usr.lib.dovecot.stats b/profiles/apparmor.d/usr.lib.dovecot.stats
index c4e9fec7013ba1b620536b5ea62a0c39cac58fe3..1190cf96dc149af5c58f96a9c512ade7d67d72f4 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.stats
+++ b/profiles/apparmor.d/usr.lib.dovecot.stats
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor.d/usr.sbin.apache2 b/profiles/apparmor.d/usr.sbin.apache2
index 6c9ae7b4195222a84ca8d5654afa3f946c2c9554..17841715c3a35e372778180fa9447eb67876bb88 100644
--- a/profiles/apparmor.d/usr.sbin.apache2
+++ b/profiles/apparmor.d/usr.sbin.apache2
@@ -1,6 +1,6 @@
# Author: Marc Deslauriers <marc.deslauriers@ubuntu.com>
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
profile apache2 /usr/{bin,sbin}/apache2 flags=(attach_disconnected) {
diff --git a/profiles/apparmor.d/usr.sbin.avahi-daemon b/profiles/apparmor.d/usr.sbin.avahi-daemon
index af31aec49e0f37b8c51e610bdebd68df4447011f..fe713efde32ff9521cdc1abba57d001106c02181 100644
--- a/profiles/apparmor.d/usr.sbin.avahi-daemon
+++ b/profiles/apparmor.d/usr.sbin.avahi-daemon
@@ -1,4 +1,4 @@
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
profile avahi-daemon /usr/{bin,sbin}/avahi-daemon flags=(attach_disconnected) {
diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
index 6c4f20904f6f3fb370e8f8e91bebbe839d1889ab..f0cc01373747aa6f9ad3be9104a990a49907b0af 100644
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
@{TFTP_DIR}=/var/tftp /srv/tftp /srv/tftpboot
@@ -127,10 +127,7 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
/usr/libexec/libvirt_leaseshelper mr,
owner @{PROC}/@{pid}/net/psched r,
- owner @{PROC}/@{pid}/status r,
- @{sys}/devices/system/cpu/ r,
- @{sys}/devices/system/cpu/possible r,
@{sys}/devices/system/node/ r,
@{sys}/devices/system/node/*/meminfo r,
diff --git a/profiles/apparmor.d/usr.sbin.dovecot b/profiles/apparmor.d/usr.sbin.dovecot
index bb15a7b7f1364a86f4835fe7e18d19230a0836b3..cb13a10967c1e456d81aea71b7c386c0429965dd 100644
--- a/profiles/apparmor.d/usr.sbin.dovecot
+++ b/profiles/apparmor.d/usr.sbin.dovecot
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -45,6 +45,7 @@ profile dovecot /usr/{bin,sbin}/dovecot flags=(attach_disconnected) {
/etc/SuSE-release r,
@{PROC}/@{pid}/mounts r,
@{PROC}/sys/fs/suid_dumpable r,
+ @{PROC}/sys/kernel/core_pattern r,
/usr/bin/doveconf rix,
/usr/lib*/dovecot/anvil mrPx,
/usr/lib*/dovecot/auth mrPx,
diff --git a/profiles/apparmor.d/usr.sbin.identd b/profiles/apparmor.d/usr.sbin.identd
index 8dc869dc05e97f553992efff99003abfa6e3c34a..f4f7d580cf21a15c7e15be32dad97f141bf1eaa6 100644
--- a/profiles/apparmor.d/usr.sbin.identd
+++ b/profiles/apparmor.d/usr.sbin.identd
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor.d/usr.sbin.mdnsd b/profiles/apparmor.d/usr.sbin.mdnsd
index af934cbf6452f07e613f288847ea4786ae537f53..ff093bb718b54389c24627a65c1b973d13b6f05a 100644
--- a/profiles/apparmor.d/usr.sbin.mdnsd
+++ b/profiles/apparmor.d/usr.sbin.mdnsd
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor.d/usr.sbin.nmbd b/profiles/apparmor.d/usr.sbin.nmbd
index 1c8c1a9e9a570ef02a49c22390d19f2d9e1ed439..cee04e7e28f1a9ce58664f1188dce4b661afd9ba 100644
--- a/profiles/apparmor.d/usr.sbin.nmbd
+++ b/profiles/apparmor.d/usr.sbin.nmbd
@@ -1,4 +1,4 @@
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -8,14 +8,12 @@ profile nmbd /usr/{bin,sbin}/nmbd {
include <abstractions/samba>
capability net_bind_service,
+ capability sys_resource,
@{PROC}/sys/kernel/core_pattern r,
/usr/{bin,sbin}/nmbd mr,
- /var/cache/samba/gencache.tdb rwk,
- /var/cache/samba/gencache_notrans.tdb rwk,
- /var/cache/samba/names.tdb rwk,
/var/{cache,lib}/samba/browse.dat* rw,
/var/{cache,lib}/samba/gencache.dat rw,
/var/{cache,lib}/samba/wins.dat* rw,
diff --git a/profiles/apparmor.d/usr.sbin.nscd b/profiles/apparmor.d/usr.sbin.nscd
index 4b7b3b9a29f2f866c0a361a2a8765a327c644309..34aa13fc67af0bb7f6d8bfb3916d18bb25e8c93b 100644
--- a/profiles/apparmor.d/usr.sbin.nscd
+++ b/profiles/apparmor.d/usr.sbin.nscd
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
profile nscd /usr/{bin,sbin}/nscd {
diff --git a/profiles/apparmor.d/usr.sbin.ntpd b/profiles/apparmor.d/usr.sbin.ntpd
index 062adf4d6ecbdac9278ffe5b762f0649c858dd0d..774038a737f64d12b1ccaa9dbe4fd2ba4ef0bf14 100644
--- a/profiles/apparmor.d/usr.sbin.ntpd
+++ b/profiles/apparmor.d/usr.sbin.ntpd
@@ -9,14 +9,13 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
include <tunables/ntpd>
profile ntpd /usr/{bin,sbin}/{,open}ntpd flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/nameservice>
- include <abstractions/openssl>
include <abstractions/ssl_certs>
include <abstractions/xad>
diff --git a/profiles/apparmor.d/usr.sbin.smbd b/profiles/apparmor.d/usr.sbin.smbd
index c4e6d70c718fb449213d61c721ee77abb2aab5fb..149743eedc74779d058cca69c461eac46bc8a244 100644
--- a/profiles/apparmor.d/usr.sbin.smbd
+++ b/profiles/apparmor.d/usr.sbin.smbd
@@ -1,4 +1,4 @@
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -8,12 +8,12 @@ profile smbd /usr/{bin,sbin}/smbd {
include <abstractions/consoles>
include <abstractions/cups-client>
include <abstractions/nameservice>
- include <abstractions/openssl>
include <abstractions/samba>
include <abstractions/user-tmp>
include <abstractions/wutmp>
capability audit_write,
+ capability chown,
capability dac_override,
capability dac_read_search,
capability fowner,
diff --git a/profiles/apparmor.d/usr.sbin.smbldap-useradd b/profiles/apparmor.d/usr.sbin.smbldap-useradd
index c89f9d7b631d30510ff9f149a8bad16c42c3f250..3956562101965f541f8a6bf72a7e633c4b020979 100644
--- a/profiles/apparmor.d/usr.sbin.smbldap-useradd
+++ b/profiles/apparmor.d/usr.sbin.smbldap-useradd
@@ -1,6 +1,6 @@
# Last Modified: Tue Jan 3 00:17:40 2012
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor.d/usr.sbin.traceroute b/profiles/apparmor.d/usr.sbin.traceroute
index 926ccdafe6d1da0d35258903b432f17994e7df01..d3c885b2969b596b123f832de2f5eb9469355868 100644
--- a/profiles/apparmor.d/usr.sbin.traceroute
+++ b/profiles/apparmor.d/usr.sbin.traceroute
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
profile traceroute /usr/{{bin,sbin}/traceroute,bin/linux-traceroute,bin/traceroute.db} {
diff --git a/profiles/apparmor.d/usr.sbin.winbindd b/profiles/apparmor.d/usr.sbin.winbindd
index b33d754d444a4b19586d69ef210fdd25d02b46c7..9283dfa159ac1b1378e16aac4ffa1927806b5473 100644
--- a/profiles/apparmor.d/usr.sbin.winbindd
+++ b/profiles/apparmor.d/usr.sbin.winbindd
@@ -1,4 +1,4 @@
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -30,7 +30,6 @@ profile winbindd /usr/{bin,sbin}/winbindd {
/usr/lib*/samba/{,samba/}samba-dcerpcd Px -> samba-dcerpcd,
/usr/{bin,sbin}/winbindd mr,
/var/cache/krb5rcache/* rwk,
- /var/cache/samba/*.tdb rwk,
/var/lib/sss/pubconf/kdcinfo.* r,
/var/log/samba/log.winbindd rw,
@{run}/{samba/,}winbindd.pid rwk,
diff --git a/profiles/apparmor.d/uwsgi-core b/profiles/apparmor.d/uwsgi-core
new file mode 100644
index 0000000000000000000000000000000000000000..0ffcca5f8ea5c5a6ba86a434d8d5694d534d50c0
--- /dev/null
+++ b/profiles/apparmor.d/uwsgi-core
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile uwsgi-core /usr/bin/uwsgi-core flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/uwsgi-core>
+}
diff --git a/profiles/apparmor.d/vdens b/profiles/apparmor.d/vdens
new file mode 100644
index 0000000000000000000000000000000000000000..643b29547a1879366f34edc75101fc5460c249ec
--- /dev/null
+++ b/profiles/apparmor.d/vdens
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile vdens /usr/bin/vdens flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/vdens>
+}
diff --git a/profiles/apparmor.d/virtiofsd b/profiles/apparmor.d/virtiofsd
new file mode 100644
index 0000000000000000000000000000000000000000..380a840dea501ff116aafcb3b3cc272a97e00ed8
--- /dev/null
+++ b/profiles/apparmor.d/virtiofsd
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile virtiofsd /usr/libexec/virtiofsd flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/virtiofsd>
+}
diff --git a/profiles/apparmor.d/vivaldi-bin b/profiles/apparmor.d/vivaldi-bin
new file mode 100644
index 0000000000000000000000000000000000000000..200c567dd4d7d8a99637d82ac4c8ee1f63a2d8e5
--- /dev/null
+++ b/profiles/apparmor.d/vivaldi-bin
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile vivaldi-bin /opt/vivaldi/vivaldi-bin flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/vivaldi-bin>
+}
diff --git a/profiles/apparmor.d/vpnns b/profiles/apparmor.d/vpnns
new file mode 100644
index 0000000000000000000000000000000000000000..8fea23718641eaba0966af27187f91c370590048
--- /dev/null
+++ b/profiles/apparmor.d/vpnns
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile vpnns /usr/bin/vpnns flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/vpnns>
+}
diff --git a/profiles/apparmor.d/wike b/profiles/apparmor.d/wike
new file mode 100644
index 0000000000000000000000000000000000000000..5abb253994aad81ae6094c31d3c3020fac7aab24
--- /dev/null
+++ b/profiles/apparmor.d/wike
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile wike /usr/bin/wike flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/wike>
+}
diff --git a/profiles/apparmor.d/wpcom b/profiles/apparmor.d/wpcom
new file mode 100644
index 0000000000000000000000000000000000000000..301f37b80f2885a82fd15127adc90eede0bf9b67
--- /dev/null
+++ b/profiles/apparmor.d/wpcom
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile wpcom /opt/WordPress.com/wpcom flags=(unconfined) {
+ userns,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/wpcom>
+}
diff --git a/profiles/apparmor.d/zgrep b/profiles/apparmor.d/zgrep
index ed342b20d7c46a8344058bccd26dbbf5c88f1f1c..ee98076fb1e25a4b15c03b0e8e51398e33a97840 100644
--- a/profiles/apparmor.d/zgrep
+++ b/profiles/apparmor.d/zgrep
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -17,6 +17,8 @@ profile zgrep /usr/bin/{x,}zgrep {
include <abstractions/bash>
/dev/tty rw,
+ @{etc_ro}/nsswitch.conf r,
+ /etc/passwd r,
/usr/bin/{ba,da,}sh ix,
/usr/bin/bzip2 Cx -> helper,
/usr/bin/cat ix,
@@ -35,6 +37,9 @@ profile zgrep /usr/bin/{x,}zgrep {
owner /tmp/zgrep* rw,
/usr/bin/zgrep r,
+ deny /etc/nsswitch.conf r,
+ deny /etc/passwd r,
+
include if exists <local/zgrep>
profile helper {
diff --git a/profiles/apparmor/profiles/extras/bin.netstat b/profiles/apparmor/profiles/extras/bin.netstat
index 41ab5e6c909c93b5964d73fbdcdab9af73230d65..a2156cd78f8964d300ba2bbd9a69280b9bcf18ca 100644
--- a/profiles/apparmor/profiles/extras/bin.netstat
+++ b/profiles/apparmor/profiles/extras/bin.netstat
@@ -13,7 +13,7 @@
# give evolution access to significant chunks of /proc
#
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/bwrap-userns-restrict b/profiles/apparmor/profiles/extras/bwrap-userns-restrict
new file mode 100644
index 0000000000000000000000000000000000000000..9de2afc639b06ef4f22e3242c4304f8ca36a6b52
--- /dev/null
+++ b/profiles/apparmor/profiles/extras/bwrap-userns-restrict
@@ -0,0 +1,85 @@
+# This profile allows almost everything and only exists to allow bwrap
+# to work on a system with user namespace restrictions being enforced.
+# bwrap is allowed access to user namespaces and capabilities within
+# the user namespace, but its children do not have capabilities,
+# blocking bwrap from being able to be used to arbitrarily by-pass the
+# user namespace restrictions.
+
+# Note: the bwrap child is stacked against the bwrap profile due to
+# bwraps use of no-new-privs.
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+profile bwrap /usr/bin/bwrap flags=(attach_disconnected,mediate_deleted) {
+ allow capability,
+ # not allow all, to allow for pix stack on systems that don't support
+ # rule priority.
+ #
+ # sadly we have to allow 'm' every where to allow children to work under
+ # profile stacking atm.
+ allow file rwlkm /{**,},
+ allow network,
+ allow unix,
+ allow ptrace,
+ allow signal,
+ allow mqueue,
+ allow io_uring,
+ allow userns,
+ allow mount,
+ allow umount,
+ allow pivot_root,
+ allow dbus,
+
+ # stacked like this due to no-new-privs restriction
+ # this will stack a target profile against bwrap and unpriv_bwrap
+ # Ideally
+ # - there would be a transition at userns creation first. This would allow
+ # for the bwrap profile to be tighter, and looser within the user
+ # ns. bwrap will still have to fairly loose until a transition at
+ # namespacing in general (not just user ns) is available.
+ # - there would be an independent second target as fallback
+ # This would allow for select target profiles to be used, and not
+ # necessarily stack the unpriv_bwrap in cases where this is desired
+ #
+ # the ix works here because stack will apply to ix fallback
+ # Ideally we would sanitize the environment across a privilege boundry
+ # (leaving bwarp into application) but flatpak etc use environment glibc
+ # sanitized environment variables as part of the sandbox setup.
+ allow pix /** -> &bwrap//&unpriv_bwrap,
+
+ # the local include should not be used without understanding the userns
+ # restriction.
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/bwrap-userns-restrict>
+}
+
+# The unpriv_bwrap profile is used to strip capabilities within the userns
+profile unpriv_bwrap flags=(attach_disconnected,mediate_deleted) {
+ # not allow all, to allow for pix stack
+ allow file rwlkm /{**,},
+ allow network,
+ allow unix,
+ allow ptrace,
+ allow signal,
+ allow mqueue,
+ allow io_uring,
+ allow userns,
+ allow mount,
+ allow umount,
+ allow pivot_root,
+ allow dbus,
+
+ # bwrap profile does stacking against itself this will keep the target
+ # profile from having elevated privileges in the container.
+ # If done recursively the stack will remove any duplicate
+ allow pix /** -> &unpriv_bwrap,
+
+ audit deny capability,
+
+ # the local include should not be used without understanding the userns
+ # restriction.
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/unpriv_bwrap>
+}
diff --git a/profiles/apparmor/profiles/extras/chromium_browser b/profiles/apparmor/profiles/extras/chromium_browser
index b47b6f72175442f07d4b9e4da12d1590c978d7a6..bd75a9ec3ab6384c5c2c03860de79f984ac53467 100644
--- a/profiles/apparmor/profiles/extras/chromium_browser
+++ b/profiles/apparmor/profiles/extras/chromium_browser
@@ -10,11 +10,11 @@
# ------------------------------------------------------------------
# Author: Jamie Strandboge <jamie@canonical.com>
-abi <abi/3.0>,
+abi <abi/4.0>,
-#include <tunables/global>
+include <tunables/global>
-@{chromium} = chromium{,-browser}
+@{chromium} = {,ungoogled-}chromium{,-browser}
# We need 'flags=(attach_disconnected)' in newer chromium versions
profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconnected) {
@@ -22,10 +22,13 @@ profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconne
include <abstractions/cups-client>
include <abstractions/dbus-session>
include <abstractions/dbus-strict>
+ include <abstractions/fonts>
include <abstractions/gnome>
include <abstractions/ibus>
+ include <abstractions/mesa>
include <abstractions/nameservice>
include <abstractions/user-tmp>
+ include <abstractions/vulkan>
# This include specifies which ubuntu-browsers.d abstractions to use. Eg, if
# you want access to productivity applications, adjust the following file
@@ -36,6 +39,8 @@ profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconne
capability sys_chroot,
capability sys_ptrace,
+ userns,
+
# UPower
# Not sure why these are needed, so deny for now
deny dbus (send)
@@ -57,43 +62,84 @@ profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconne
member={EnumerateDevices,GetDisplayDevice}
peer=(label=unconfined),
- # ???
- deny dbus (send)
+ dbus (send)
bus=system
path=/org/freedesktop/hostname1
interface=org.freedesktop.DBus.Properties
member=GetAll
peer=(label=unconfined),
+ dbus (receive)
+ bus=system
+ path=/org/freedesktop/login1
+ interface=org.freedesktop.login1.Manager
+ member={SessionNew,SessionRemoved}
+ peer=(label=unconfined),
+
+ dbus (send)
+ bus=session
+ path=/org/freedesktop/DBus
+ interface=org.freedesktop.DBus
+ member={AddMatch,GetNameOwner,Hello,NameHasOwner,RemoveMatch,StartServiceByName}
+ peer=(name=org.freedesktop.DBus),
+
+ dbus (send)
+ bus=session
+ path=/org/freedesktop/portal/desktop
+ interface=org.freedesktop.DBus.Properties
+ member=Get
+ peer=(name=org.freedesktop.portal.Desktop),
+
+ dbus (send)
+ bus=session
+ path=/org/freedesktop/Notifications
+ interface=org.freedesktop.Notifications
+ member={GetCapabilities,GetServerInformation}
+ peer=(name=org.freedesktop.Notifications),
+
+ dbus (send)
+ bus=session
+ path=/org/gtk/vfs/mounttracker
+ interface=org.gtk.vfs.MountTracker
+ member=ListMountableInfo
+ peer=(label=unconfined),
+
# Networking
network inet stream,
network inet6 stream,
- @{PROC}/[0-9]*/net/if_inet6 r,
- @{PROC}/[0-9]*/net/ipv6_route r,
+ @{PROC}/@{pid}/net/if_inet6 r,
+ @{PROC}/@{pid}/net/ipv6_route r,
# Should maybe be in abstractions
+ /etc/fstab r,
/etc/mime.types r,
/etc/mailcap r,
/etc/mtab r,
/etc/xdg/xubuntu/applications/defaults.list r,
+ owner @{HOME}/.cache/thumbnails/** r,
owner @{HOME}/.local/share/applications/defaults.list r,
owner @{HOME}/.local/share/applications/mimeinfo.cache r,
/tmp/.X[0-9]*-lock r,
@{PROC}/self/exe ixr,
- @{PROC}/[0-9]*/fd/ r,
+ @{PROC}/filesystems r,
+ @{PROC}/pressure/{cpu,io,memory} r,
@{PROC}/vmstat r,
@{PROC}/ r,
- @{PROC}/[0-9]*/task/[0-9]*/stat r,
- owner @{PROC}/[0-9]*/cmdline r,
- owner @{PROC}/[0-9]*/io r,
- owner @{PROC}/[0-9]*/setgroups w,
- owner @{PROC}/[0-9]*/{uid,gid}_map w,
- @{PROC}/[0-9]*/smaps r,
- @{PROC}/[0-9]*/stat r,
- @{PROC}/[0-9]*/statm r,
- owner @{PROC}/[0-9]*/task/[0-9]*/status r,
- deny @{PROC}/[0-9]*/oom_{,score_}adj w,
+ owner @{PROC}/@{pid}/task/@{tid}/stat r,
+ owner @{PROC}/@{pid}/clear_refs w,
+ owner @{PROC}/@{pid}/cmdline r,
+ owner @{PROC}/@{pid}/io r,
+ owner @{PROC}/@{pid}/mountinfo r,
+ owner @{PROC}/@{pid}/setgroups w,
+ owner @{PROC}/@{pid}/{uid,gid}_map w,
+ owner @{PROC}/@{pid}/smaps r,
+ @{PROC}/@{pid}/stat r,
+ @{PROC}/@{pid}/statm r,
+ owner @{PROC}/@{pid}/status r,
+ owner @{PROC}/@{pid}/task/@{tid}/status r,
+ deny @{PROC}/@{pid}/oom_{,score_}adj w,
+ @{PROC}/sys/fs/inotify/max_user_watches r,
@{PROC}/sys/kernel/yama/ptrace_scope r,
@{PROC}/sys/net/ipv4/tcp_fastopen r,
@@ -103,13 +149,24 @@ profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconne
/sys/devices/**/uevent r,
/sys/devices/system/cpu/cpufreq/policy*/cpuinfo_max_freq r,
/sys/devices/system/cpu/cpu*/cpufreq/cpuinfo_max_freq r,
+ /sys/devices/system/cpu/kernel_max r,
+ /sys/devices/system/cpu/possible r,
+ /sys/devices/system/cpu/present r,
/sys/devices/system/node/node*/meminfo r,
+ /sys/devices/pci[0-9]*/**/bConfigurationValue r,
+ /sys/devices/pci[0-9]*/**/boot_vga r,
+ /sys/devices/pci[0-9]*/**/busnum r,
/sys/devices/pci[0-9]*/**/class r,
/sys/devices/pci[0-9]*/**/config r,
+ /sys/devices/pci[0-9]*/**/descriptors r,
/sys/devices/pci[0-9]*/**/device r,
+ /sys/devices/pci[0-9]*/**/devnum r,
/sys/devices/pci[0-9]*/**/irq r,
+ /sys/devices/pci[0-9]*/**/manufacturer r,
+ /sys/devices/pci[0-9]*/**/product r,
/sys/devices/pci[0-9]*/**/resource r,
/sys/devices/pci[0-9]*/**/revision r,
+ /sys/devices/pci[0-9]*/**/serial r,
/sys/devices/pci[0-9]*/**/subsystem_device r,
/sys/devices/pci[0-9]*/**/subsystem_vendor r,
/sys/devices/pci[0-9]*/**/vendor r,
@@ -120,9 +177,10 @@ profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconne
/sys/devices/virtual/tty/tty*/active r,
# This is requested, but doesn't seem to actually be needed so deny for now
deny /run/udev/data/** r,
+ deny /sys/devices/virtual/dmi/id/* r,
# Needed for the crash reporter
- owner @{PROC}/[0-9]*/auxv r,
+ owner @{PROC}/@{pid}/auxv r,
# chromium mmaps all kinds of things for speed.
/etc/passwd m,
@@ -130,13 +188,13 @@ profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconne
/usr/share/fonts/**/*.pfb m,
/usr/share/mime/mime.cache m,
/usr/share/icons/**/*.cache m,
- owner /{dev,run}/shm/pulse-shm* m,
+ owner /{dev,run,var/run}/shm/pulse-shm* m,
owner @{HOME}/.local/share/mime/mime.cache m,
owner /tmp/** m,
@{PROC}/sys/kernel/shmmax r,
- owner /{dev,run}/shm/{,.}org.chromium.* mrw,
- owner /{,var/}run/shm/shmfd-* mrw,
+ owner /{dev,run,var/run}/shm/{,.}org.chromium.* mrw,
+ owner /{dev,run,var/run}/shm/shmfd-* mrw,
/usr/lib/@{chromium}/*.pak mr,
/usr/lib/@{chromium}/locales/* mr,
@@ -147,8 +205,8 @@ profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconne
# Allow ptracing ourselves and our helpers
ptrace (trace) peer=@{profile_name},
- ptrace (trace) peer=@{profile_name}//lsb_release,
- ptrace (trace) peer=@{profile_name}//xdgsettings,
+ ptrace (read, trace) peer=@{profile_name}//xdgsettings,
+ ptrace (read, trace) peer=lsb_release,
# Make browsing directories work
/ r,
@@ -181,10 +239,9 @@ profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconne
/etc/firefox/profile/bookmarks.html r,
owner @{HOME}/.mozilla/** k,
- # Chromium Policies
- /etc/@{chromium}/policies/** r,
-
# Chromium configuration
+ /etc/@{chromium}/** r,
+ # Note: "~/.pki/{,nssdb/} w" is denied by private-files abstraction
owner @{HOME}/.pki/nssdb/* rwk,
owner @{HOME}/.cache/chromium/ rw,
owner @{HOME}/.cache/chromium/** rw,
@@ -195,23 +252,32 @@ profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconne
owner @{HOME}/.config/chromium/Dictionaries/*.bdic mr,
owner @{HOME}/.config/chromium/**/Dictionaries/*.bdic mr,
- # Allow transitions to ourself and our sandbox
+ # Widevine CDM plugin
+ owner @{HOME}/.config/chromium/WidevineCdm/*/_platform_specific/*/libwidevinecdm.so mr,
+
+ # Allow transitions to ourself, our sandbox, and crash handler
/usr/lib/@{chromium}/@{chromium} ix,
/usr/lib/@{chromium}/chrome-sandbox cx -> sandbox,
+ /usr/lib/@{chromium}/chrome_crashpad_handler Cxr -> crashpad_handler,
- # Allow communicating with sandbox
+ # Allow communicating with sandbox and crash handler
unix (receive, send) peer=(label=@{profile_name}//sandbox),
+ unix (receive, send) peer=(label=@{profile_name}//crashpad_handler),
+ signal (receive) set=(cont) peer=@{profile_name}//crashpad_handler,
/{usr/,}bin/ps Uxr,
/usr/lib/@{chromium}/xdg-settings Cxr -> xdgsettings,
/usr/bin/xdg-settings Cxr -> xdgsettings,
- /usr/bin/lsb_release Cxr -> lsb_release,
+ /usr/bin/lsb_release Pxr -> lsb_release,
# GSettings
- owner /{,var/}run/user/*/dconf/ rw,
- owner /{,var/}run/user/*/dconf/user rw,
+ owner @{run}/user/[0-9]*/dconf/ rw,
+ owner @{run}/user/[0-9]*/dconf/user rw,
owner @{HOME}/.config/dconf/user r,
+ # GVfs
+ owner @{run}/user/[0-9]*/gvfsd/socket-* rw,
+
# Magnet links
/usr/bin/gio ixr,
@@ -228,7 +294,7 @@ profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconne
/etc/ld.so.cache r,
/etc/xdg/** r,
/usr/bin/xdg-settings r,
- /{usr/,}lib{,32,64}/@{chromium}/xdg-settings r,
+ /usr/lib/@{chromium}/xdg-settings r,
/usr/share/applications/*.desktop r,
/usr/share/applications/*.list r,
@@ -254,24 +320,6 @@ profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconne
owner @{HOME}/.local/share/applications/mimeapps.list* rw,
}
- profile lsb_release {
- include <abstractions/base>
- include <abstractions/python>
- /usr/bin/lsb_release r,
- /{usr/,}bin/dash ixr,
- /usr/bin/dpkg-query ixr,
- /usr/include/python2.[4567]/pyconfig.h r,
- /etc/lsb-release r,
- /etc/debian_version r,
- /etc/dpkg/origins/** r,
- /usr/share/distro-info/** r,
- /var/lib/dpkg/** r,
-
- /usr/local/lib/python3.{1,}[0-9]/dist-packages/ r,
- /usr/bin/ r,
- /usr/bin/python3.{1,}[0-9] mr,
- }
-
profile sandbox {
# Be fanatical since it is setuid root and don't use an abstraction
/{usr/,}lib{,32,64}/libgcc_s.so* mr,
@@ -280,10 +328,18 @@ profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconne
/{usr/,}lib/@{multiarch}/libm-*.so* mr,
/{usr/,}lib{,32,64}/libpthread-*.so* mr,
/{usr/,}lib/@{multiarch}/libpthread-*.so* mr,
+ /{usr/,}lib{,32,64}/libatomic.so* mr,
+ /{usr/,}lib/@{multiarch}/libatomic.so* mr,
+ /{usr/,}lib{,32,64}/libc.so.* mr,
+ /{usr/,}lib/@{multiarch}/libc.so.* mr,
/{usr/,}lib{,32,64}/libc-*.so* mr,
/{usr/,}lib/@{multiarch}/libc-*.so* mr,
+ /{usr/,}lib{,32,64}/libdl-*.so* mr,
+ /{usr/,}lib/@{multiarch}/libdl-*.so* mr,
/{usr/,}lib{,32,64}/libld-*.so* mr,
/{usr/,}lib/@{multiarch}/libld-*.so* mr,
+ /{usr/,}lib{,32,64}/librt-*.so* mr,
+ /{usr/,}lib/@{multiarch}/librt-*.so* mr,
/{usr/,}lib{,32,64}/ld-*.so* mr,
/{usr/,}lib{,32,64}/@{multiarch}/ld-*.so* mr,
/{usr/,}lib{,32,64}/tls/*/{cmov,nosegneg}/libm-*.so* mr,
@@ -320,12 +376,12 @@ profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconne
unix (getattr, getopt, setopt, shutdown) addr=none,
@{PROC}/ r,
- @{PROC}/[0-9]*/ r,
- @{PROC}/[0-9]*/fd/ r,
- deny @{PROC}/[0-9]*/oom_adj w,
- deny @{PROC}/[0-9]*/oom_score_adj w,
- @{PROC}/[0-9]*/status r,
- @{PROC}/[0-9]*/task/[0-9]*/stat r,
+ @{PROC}/@{pid}/ r,
+ @{PROC}/@{pid}/fd/ r,
+ deny @{PROC}/@{pid}/oom_adj w,
+ deny @{PROC}/@{pid}/oom_score_adj w,
+ @{PROC}/@{pid}/status r,
+ @{PROC}/@{pid}/task/@{tid}/stat r,
/usr/bin/@{chromium} r,
/usr/lib/@{chromium}/@{chromium} Px,
@@ -336,7 +392,32 @@ profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconne
owner /tmp/** rw,
}
+ profile crashpad_handler {
+ include <abstractions/base>
+
+ capability sys_ptrace,
+
+ ptrace (read, trace) peer=chromium_browser,
+
+ signal (send) set=(cont) peer=chromium_browser,
+
+ unix (receive, send) peer=(label=chromium_browser),
+
+ /usr/lib/@{chromium}/chrome_crashpad_handler ixr,
+
+ /sys/devices/system/cpu/cpufreq/policy[0-9]*/scaling_{cur,max}_freq r,
+
+ @{PROC}/sys/kernel/yama/ptrace_scope r,
+
+ owner @{PROC}/@{pid}/fd/ r,
+ owner @{PROC}/@{pid}/mem r,
+ owner @{PROC}/@{pid}/stat r,
+ owner @{PROC}/@{pid}/task/ r,
+ owner @{PROC}/@{pid}/task/@{tid}/comm r,
+
+ owner @{HOME}/.config/chromium/Crash?Reports/** rwk,
+ }
+
# Site-specific additions and overrides. See local/README for details.
include if exists <local/chromium_browser>
-
}
diff --git a/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate b/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate
index 079c8c11a0f3251d526811e3ca920acc7c4883ed..a5c4f3e42348f4071c1703a6164f7075e3c2cc65 100644
--- a/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate
+++ b/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate
@@ -11,7 +11,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron b/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron
index de731c44fdb6faad11e074d7cd1bb13923229b7a..0131fbb303c8dd0d5be7063fb218f46c03323e91 100644
--- a/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron
+++ b/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron
@@ -12,7 +12,7 @@
# that it can traverse the whole filesystem.
#
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch b/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch
index ee4e5c673fcbb97816abb9508ed9ab4e2a40849e..833c0cca5831da8601f4590a63beb89abe3529f3 100644
--- a/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch
+++ b/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/firefox b/profiles/apparmor/profiles/extras/firefox
index 051a4b45dbef26fd418ce4283b879299ff2bc9d9..34773de32c428321bf2c3c1cd5e3fe58a2beb2b6 100644
--- a/profiles/apparmor/profiles/extras/firefox
+++ b/profiles/apparmor/profiles/extras/firefox
@@ -9,83 +9,215 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
+# Declare some variables to help with variants
+@{MOZ_APP_NAME}=firefox{,-esr}
+@{MOZ_LIBDIR}=/usr/lib/@{MOZ_APP_NAME}{,-[0-9]*}
+@{MOZ_ADDONDIR}=/usr/lib/{@{MOZ_APP_NAME},xulrunner}-addons
+
# We want to confine the binaries that match:
# /usr/lib/firefox-4.0b8/firefox
-# /usr/lib/firefox-4.0b8/firefox
# but not:
# /usr/lib/firefox-4.0b8/firefox.sh
-profile firefox /usr/lib/firefox{,-[0-9]*}/firefox{,*[^s][^h]} {
+profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
include <abstractions/audio>
include <abstractions/cups-client>
- include <abstractions/dbus-session>
+ include <abstractions/dbus-strict>
+ include <abstractions/dbus-session-strict>
+ include <abstractions/dconf>
+ include <abstractions/fcitx>
+ include <abstractions/fonts>
include <abstractions/gnome>
include <abstractions/ibus>
- include <abstractions/kde>
+ include <abstractions/mesa>
include <abstractions/nameservice>
+ include <abstractions/openssl>
+ include <abstractions/p11-kit>
+ include <abstractions/ubuntu-unity7-base>
+ include <abstractions/ubuntu-unity7-launcher>
+ include <abstractions/vulkan>
+
+ # needed for sandbox user namespaces (see about:support#sandbox)
+ capability sys_admin,
+
+ capability sys_chroot,
+ capability sys_ptrace,
+
+ userns,
+
+ include <abstractions/dbus-accessibility-strict>
+ dbus (send)
+ bus=session
+ peer=(name=org.a11y.Bus),
+ dbus (receive)
+ bus=session
+ interface=org.a11y.atspi**,
+ dbus (receive, send)
+ bus=accessibility,
# for networking
network inet stream,
network inet6 stream,
+ @{PROC}/@{pid}/net/arp r,
@{PROC}/@{pid}/net/if_inet6 r,
@{PROC}/@{pid}/net/ipv6_route r,
+ @{PROC}/@{pid}/net/dev r,
+ @{PROC}/@{pid}/net/wireless r,
+ dbus (send)
+ bus=system
+ path=/org/freedesktop/NetworkManager
+ member=state,
+ dbus (receive)
+ bus=system
+ path=/org/freedesktop/NetworkManager,
+ dbus (send)
+ bus=system
+ path=/org/freedesktop/hostname1
+ interface=org.freedesktop.DBus.Properties
+ member=GetAll
+ peer=(label=unconfined),
+
+ # used by third_party/rust/audio_thread_priority
+ dbus (send)
+ bus=system
+ path=/org/freedesktop/RealtimeKit1,
+
+ dbus (receive)
+ bus=system
+ path=/org/freedesktop/login1
+ interface=org.freedesktop.DBus.Properties
+ member=PropertiesChanged
+ peer=(label=unconfined),
+ dbus (send)
+ bus=system
+ path=/org/freedesktop/login1
+ interface=org.freedesktop.DBus.Properties
+ member=GetAll
+ peer=(label=unconfined),
+ dbus (receive)
+ bus=system
+ path=/org/freedesktop/login1
+ interface=org.freedesktop.login1.Manager
+ member={SessionNew,SessionRemoved,UserNew}
+ peer=(label=unconfined),
+ dbus (send)
+ bus=system
+ path=/org/freedesktop/timedate1
+ interface=org.freedesktop.DBus.Properties
+ member=GetAll
+ peer=(label=unconfined),
# should maybe be in abstractions
+ /etc/ r,
+ /etc/mime.types r,
+ /etc/mailcap r,
+ /etc/xdg/*buntu/applications/defaults.list r, # for all derivatives
+ /etc/xfce4/defaults.list r,
/usr/share/xubuntu/applications/defaults.list r,
+ #owner @{HOME}/.config/mimeapps.list{,.*} rw,
+ owner @{HOME}/.local/share/applications/defaults.list r,
+ owner @{HOME}/.local/share/applications/mimeapps.list r,
+ owner @{HOME}/.local/share/applications/mimeinfo.cache r,
+ #owner @{HOME}/.local/share/mime/ w,
+ #owner @{HOME}/.local/share/mime/packages/ w,
+ #owner @{HOME}/.local/share/mime/packages/user-extension-{htm,html,shtml,xht,xhtml}.xml{,.*} w,
+ /var/lib/snapd/desktop/applications/mimeinfo.cache r,
+ /var/lib/snapd/desktop/applications/*.desktop r,
owner /tmp/** m,
owner /var/tmp/** m,
+ owner /{dev,run,var/run}/shm/shmfd-* rw,
+ owner /{dev,run,var/run}/shm/org.{chromium,mozilla}.* rwk,
+ owner /{dev,run,var/run}/shm/wayland.mozilla.ipc.[0-9]* rw,
/tmp/.X[0-9]*-lock r,
+ /etc/udev/udev.conf r,
+ # Doesn't seem to be required, but noisy. Maybe allow 'r' for 'b*' if needed.
+ # Possibly move to an abstraction if anything else needs it.
+ deny @{run}/udev/data/** r,
+ # let the shell know we launched something
+ dbus (send)
+ bus=session
+ interface=org.gtk.gio.DesktopAppInfo
+ member=Launched,
- /etc/timezone r,
+ /etc/{,writable/}timezone r,
/etc/wildmidi/wildmidi.cfg r,
# firefox specific
+ /etc/firefox*/ r,
/etc/firefox*/** r,
/etc/xul-ext/** r,
+ /etc/xulrunner{,-[0-9]*}/ r,
/etc/xulrunner{,-[0-9]*}/** r,
+ /etc/gre.d/ r,
/etc/gre.d/* r,
- /etc/mailcap r,
- /etc/mime.types r,
# noisy
- deny /usr/lib/firefox{,-[0-9]*}/** w,
- deny /usr/lib/{firefox,xulrunner}-addons/** w,
+ deny @{MOZ_LIBDIR}/** w,
+ deny @{MOZ_ADDONDIR}/** w,
deny /usr/lib/xulrunner-*/components/*.tmp w,
deny /.suspended r,
deny /boot/initrd.img* r,
deny /boot/vmlinuz* r,
+ deny /etc/** w,
deny /var/cache/fontconfig/ w,
+ deny @{HOME}/.local/share/recently-used.xbel r,
+ # TODO: investigate
deny /usr/bin/gconftool-2 x,
# These are needed when a new user starts firefox and firefox.sh is used
- /usr/lib/firefox{,-[0-9]*}/** ixr,
- deny /usr/lib/firefox/firefox.sh x,
+ @{MOZ_LIBDIR}/** ixr,
+ deny @{MOZ_LIBDIR}/firefox.sh x,
/usr/bin/basename ixr,
/usr/bin/dirname ixr,
/usr/bin/pwd ixr,
/{usr/,}sbin/killall5 ixr,
/{usr/,}bin/which ixr,
/usr/bin/tr ixr,
- @{PROC}/@{pid}/cmdline r,
- @{PROC}/@{pid}/mountinfo r,
- @{PROC}/@{pid}/stat r,
- @{PROC}/@{pid}/status r,
+ @{PROC}/ r,
+ owner @{PROC}/@{pid}/cmdline r,
+ owner @{PROC}/@{pid}/mountinfo r,
+ owner @{PROC}/@{pid}/stat r,
+ owner @{PROC}/@{pid}/task/@{tid}/comm r,
+ owner @{PROC}/@{pid}/task/@{tid}/stat r,
+ owner @{PROC}/@{pid}/status r,
+ owner @{PROC}/@{pid}/cgroup r,
+ owner @{PROC}/@{pid}/oom_score_adj w,
+ owner @{PROC}/@{pid}/setgroups w,
+ owner @{PROC}/@{pid}/{uid,gid}_map w,
+ @{PROC}/filesystems r,
+ @{PROC}/sys/vm/overcommit_memory r,
+ @{sys}/fs/cgroup/user.slice/user-[0-9]*.slice/session-{,c}[0-9]*.scope/cpu.max r,
+ # prevent crash LP: #1931602
+ /sys/devices/pci[0-9]*/**/{uevent,resource,irq,class} r,
+ /sys/devices/platform/**/uevent r,
+ /sys/devices/pci*/**/{boot_vga,busnum,config,idVendor,idProduct,revision} r,
+ /sys/devices/pci*/**/{,subsystem_}device r,
+ /sys/devices/pci*/**/{,subsystem_}vendor r,
+ /sys/devices/system/node/node[0-9]*/meminfo r,
+ owner @{HOME}/.cache/thumbnails/** rw,
/etc/mtab r,
/etc/fstab r,
# Needed for the crash reporter
+ ptrace (trace) peer=@{profile_name},
owner @{PROC}/@{pid}/environ r,
owner @{PROC}/@{pid}/auxv r,
/etc/lsb-release r,
/usr/bin/expr ix,
+ /sys/devices/system/cpu/ r,
+ /sys/devices/system/cpu/** r,
+
+ # about:memory
+ owner @{PROC}/@{pid}/statm r,
+ owner @{PROC}/@{pid}/smaps r,
# Needed for container to work in xul builds
- /usr/lib/xulrunner-*/plugin-container ixr,
+ @{MOZ_LIBDIR}/plugin-container ixr,
# Make browsing directories work
/ r,
@@ -109,7 +241,202 @@ profile firefox /usr/lib/firefox{,-[0-9]*}/firefox{,*[^s][^h]} {
owner @{HOME}/.{firefox,mozilla}/**/*.{db,parentlock,sqlite}* k,
owner @{HOME}/.{firefox,mozilla}/plugins/** rm,
owner @{HOME}/.{firefox,mozilla}/**/plugins/** rm,
- owner @{HOME}/.gnome2/firefox*-bin-* rw,
+ owner @{HOME}/.gnome2/firefox* rwk,
+ owner @{HOME}/.cache/mozilla/{,@{MOZ_APP_NAME}/} rw,
+ owner @{HOME}/.cache/mozilla/@{MOZ_APP_NAME}/** rw,
+ owner @{HOME}/.cache/mozilla/@{MOZ_APP_NAME}/**/*.sqlite{,-shm} k,
+ owner @{HOME}/.config/gtk-3.0/bookmarks r,
+ owner @{HOME}/.config/dconf/user w,
+ owner @{run}/user/[0-9]*/dconf/ w,
+ owner @{run}/user/[0-9]*/dconf/user w,
+ owner @{run}/user/[0-9]*/gvfsd/socket-* rw,
+ owner @{run}/user/[0-9]*/speech-dispatcher/speechd.sock rw,
+ dbus (receive)
+ bus=session
+ path=/ca/desrt/dconf/Writer/user
+ interface=ca.desrt.dconf.Writer
+ member=Notify
+ peer=(label=unconfined),
+ dbus (send)
+ bus=session
+ path=/ca/desrt/dconf/Writer/user
+ interface=ca.desrt.dconf.Writer
+ member=Change
+ peer=(name=ca.desrt.dconf),
+ dbus (send)
+ bus=session
+ path=/org/gnome/GConf/Server
+ member=GetDefaultDatabase
+ peer=(label=unconfined),
+ dbus (send)
+ bus=session
+ path=/org/gnome/GConf/Database/*
+ member={AddMatch,AddNotify,AllEntries,LookupExtended,RemoveNotify}
+ peer=(label=unconfined),
+ dbus (send)
+ bus=session
+ path=/org/gtk/Private/RemoteVolumeMonitor
+ interface=org.gtk.Private.RemoteVolumeMonitor
+ member={IsSupported,List}
+ peer=(label=unconfined),
+ dbus (send)
+ bus=session
+ path=/org/gtk/vfs/Daemon
+ interface=org.gtk.vfs.Daemon
+ member={GetConnection,ListMonitorImplementations}
+ peer=(label=unconfined),
+ dbus (send)
+ bus=session
+ path=/org/gtk/vfs/client/enumerator/[0-9]*
+ interface=org.gtk.vfs.Enumerator
+ member={Done,GotInfo}
+ peer=(label=unconfined),
+ dbus (send)
+ bus=session
+ path=/org/gtk/vfs/metadata
+ interface=org.gtk.vfs.Metadata
+ member=Set
+ peer=(label=unconfined),
+ dbus (send)
+ bus=session
+ path=/org/gtk/vfs/mount/[0-9]*
+ interface=org.gtk.vfs.Mount
+ member={CreateFileMonitor,Enumerate,QueryInfo}
+ peer=(label=unconfined),
+ dbus (receive)
+ bus=session
+ path=/org/gtk/vfs/mounttracker
+ interface=org.gtk.vfs.MountTracker
+ member=Mounted
+ peer=(label=unconfined),
+ dbus (send)
+ bus=session
+ path=/org/gtk/vfs/mounttracker
+ interface=org.gtk.vfs.MountTracker
+ member={ListMountableInfo,ListMounts2,LookupMount}
+ peer=(label=unconfined),
+
+ # Allow access to xdg-desktop-portal and xdg-document-portal (LP: #1974449)
+ dbus (receive, send)
+ bus=session
+ interface=org.freedesktop.portal.*
+ path=/org/freedesktop/portal/{desktop,documents}{,/**}
+ peer=(label=unconfined),
+
+ dbus (receive, send)
+ bus=session
+ interface=org.freedesktop.DBus.Properties
+ path=/org/freedesktop/portal/{desktop,documents}{,/**}
+ peer=(label=unconfined),
+
+ # Allow remote control when running on Wayland
+ dbus (send)
+ bus=session
+ path=/org/freedesktop/DBus
+ interface=org.freedesktop.DBus
+ member={ReleaseName,RequestName}
+ peer=(name=org.freedesktop.DBus),
+ dbus (bind)
+ bus=session
+ name=org.mozilla.firefox.*,
+ dbus (send, receive)
+ bus=session
+ path=/org/mozilla/firefox/Remote
+ interface=org.mozilla.firefox
+ member=OpenURL
+ peer=(label=firefox),
+
+ # gnome-session
+ dbus (send)
+ bus=session
+ path=/org/gnome/SessionManager
+ interface=org.gnome.SessionManager
+ member={Inhibit,Uninhibit}
+ peer=(label=unconfined),
+
+ # unity screen API
+ dbus (send)
+ bus=system
+ interface="org.freedesktop.DBus.Introspectable"
+ path="/com/canonical/Unity/Screen"
+ member="Introspect"
+ peer=(label=unconfined),
+ dbus (send)
+ bus=system
+ interface="com.canonical.Unity.Screen"
+ path="/com/canonical/Unity/Screen"
+ member={keepDisplayOn,removeDisplayOnRequest}
+ peer=(label=unconfined),
+
+ # freedesktop.org ScreenSaver
+ dbus (send)
+ bus=session
+ path=/{,org/freedesktop/,org.gnome/}Screen{s,S}aver
+ interface=org.freedesktop.ScreenSaver
+ member={Inhibit,UnInhibit,SimulateUserActivity}
+ peer=(label=unconfined),
+ # power-management-spec is obsolete
+ deny dbus (send)
+ bus=session
+ path=/org/freedesktop/PowerManagement/Inhibit
+ interface=org.freedesktop.PowerManagement.Inhibit
+ member={Inhibit,UnInhibit}
+ peer=(label=unconfined),
+
+ # gnome, kde and cinnamon screensaver
+ dbus (send)
+ bus=session
+ path=/{,ScreenSaver}
+ interface=org.{gnome.ScreenSaver,kde.screensaver,cinnamon.ScreenSaver}
+ member=SimulateUserActivity
+ peer=(label=unconfined),
+
+ # MPRIS D-Bus Interface Specification
+ dbus (bind)
+ bus=session
+ name=org.mpris.MediaPlayer2.firefox.instance{,_}[0-9]*,
+ dbus (receive)
+ bus=session
+ path=/org/mpris/MediaPlayer2
+ interface=org.freedesktop.DBus.Properties
+ member={GetAll,Set}
+ peer=(label=unconfined),
+ dbus (send)
+ bus=session
+ path=/org/mpris/MediaPlayer2
+ interface=org.freedesktop.DBus.Properties
+ member=PropertiesChanged
+ peer=(label=unconfined),
+ dbus (receive)
+ bus=session
+ path=/org/mpris/MediaPlayer2
+ interface=org.mpris.MediaPlayer2.Player
+ member={Pause,Play,PlayPause,Stop}
+ peer=(label=unconfined),
+
+ # UPower
+ dbus (send)
+ bus=system
+ path=/org/freedesktop/UPower
+ interface=org.freedesktop.UPower
+ member=EnumerateDevices,
+ dbus (send)
+ bus=system
+ path=/org/freedesktop/UPower
+ interface=org.freedesktop.DBus.Properties
+ member=GetAll,
+ dbus (send)
+ bus=system
+ path=/org/freedesktop/UPower/devices/*
+ interface=org.freedesktop.DBus.Properties
+ member=GetAll,
+
+ # File browser
+ dbus (send)
+ bus=session
+ interface=org.freedesktop.FileManager1
+ path=/org/freedesktop/FileManager1
+ member=ShowItems,
#
# Extensions
@@ -117,15 +444,31 @@ profile firefox /usr/lib/firefox{,-[0-9]*}/firefox{,*[^s][^h]} {
# Allow 'x' for downloaded extensions, but inherit policy for safety
owner @{HOME}/.mozilla/**/extensions/** mixr,
- deny /usr/lib/firefox{,-[0-9]*}/update.test w,
+ # Widevine CDM plugin (LP: #1777070)
+ owner @{HOME}/.mozilla/firefox/*/gmp-widevinecdm/*/libwidevinecdm.so m,
+
+ deny @{MOZ_LIBDIR}/update.test w,
deny /usr/lib/mozilla/extensions/**/ w,
deny /usr/lib/xulrunner-addons/extensions/**/ w,
deny /usr/share/mozilla/extensions/**/ w,
deny /usr/share/mozilla/ w,
- # needed by widevine
- ptrace (trace) peer=@{profile_name},
- @{HOME}/.mozilla/firefox/*/gmp-widevinecdm/*/lib*so m,
+ # Miscellaneous (to be abstracted)
+ # Ideally these would use a child profile. They are all ELF executables
+ # so running with 'Ux', while not ideal, is ok because we will at least
+ # benefit from glibc's secure execute.
+ /usr/bin/mkfifo Uxr, # investigate
+ /bin/ps Uxr,
+ /bin/uname Uxr,
+
+ /usr/bin/lsb_release Pxr -> lsb_release,
+
+ # These should be started outside of Firefox
+ deny /usr/bin/dbus-launch x,
+ deny /usr/bin/speech-dispatcher x,
+
+ # Addons
+ include if exists <abstractions/ubuntu-browsers.d/firefox>
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.bin.firefox>
diff --git a/profiles/apparmor/profiles/extras/firefox.sh b/profiles/apparmor/profiles/extras/firefox.sh
index 352fa36cb3d22813aa502aa8c3aa7e0b2cd4bf32..fb75c5b64b3b9e081c0a579c4948cec7709e7f8a 100644
--- a/profiles/apparmor/profiles/extras/firefox.sh
+++ b/profiles/apparmor/profiles/extras/firefox.sh
@@ -1,6 +1,6 @@
# Last Modified: Wed Nov 5 03:32:59 2008
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/postfix-anvil b/profiles/apparmor/profiles/extras/postfix-anvil
index b0b165da329bf05f4cc41ae42558f6c6dce03a49..e29127b276817f334c6d7faaf13ba7973c682081 100644
--- a/profiles/apparmor/profiles/extras/postfix-anvil
+++ b/profiles/apparmor/profiles/extras/postfix-anvil
@@ -9,16 +9,16 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <tunables/global>
-profile postfix-anvil /usr/lib/postfix/{bin/,sbin/,}anvil {
+profile postfix-anvil /usr/lib{,exec}/postfix/{bin/,sbin/,}anvil {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}anvil mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}anvil mrix,
/etc/postfix/main.cf r,
/{var/spool/postfix/,}private/anvil rw,
diff --git a/profiles/apparmor/profiles/extras/postfix-bounce b/profiles/apparmor/profiles/extras/postfix-bounce
index ffe69461b2db3d92e8b357a2bb02c8cdfd1898f6..93cda1f0df34bc747356736f1382d92a677d4a61 100644
--- a/profiles/apparmor/profiles/extras/postfix-bounce
+++ b/profiles/apparmor/profiles/extras/postfix-bounce
@@ -10,16 +10,16 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <tunables/global>
-profile postfix-bounce /usr/lib/postfix/{bin/,sbin/,}bounce {
+profile postfix-bounce /usr/lib{,exec}/postfix/{bin/,sbin/,}bounce {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}bounce mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}bounce mrix,
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rwkl,
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ rwl,
diff --git a/profiles/apparmor/profiles/extras/postfix-cleanup b/profiles/apparmor/profiles/extras/postfix-cleanup
index 6789ae149381f7ccaedbdbc754b45c8458e0bc5a..ac802ef294da592551dc8de9c16241bf7c535d73 100644
--- a/profiles/apparmor/profiles/extras/postfix-cleanup
+++ b/profiles/apparmor/profiles/extras/postfix-cleanup
@@ -10,11 +10,11 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <tunables/global>
-profile postfix-cleanup /usr/lib/postfix/{bin/,sbin/,}cleanup {
+profile postfix-cleanup /usr/lib{,exec}/postfix/{bin/,sbin/,}cleanup {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
@@ -22,7 +22,7 @@ profile postfix-cleanup /usr/lib/postfix/{bin/,sbin/,}cleanup {
capability net_bind_service,
capability dac_read_search,
- /usr/lib/postfix/{bin/,sbin/,}cleanup mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}cleanup mrix,
/{var/spool/postfix/,}incoming/[0-9]*.[0-9]* rwl,
/{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/* rwl,
diff --git a/profiles/apparmor/profiles/extras/postfix-discard b/profiles/apparmor/profiles/extras/postfix-discard
index c236c386ae663df4ea2b20e6be9e41b3504fe0db..0846ae06fdf50cc5abc9dea96131b583b948fd05 100644
--- a/profiles/apparmor/profiles/extras/postfix-discard
+++ b/profiles/apparmor/profiles/extras/postfix-discard
@@ -10,14 +10,14 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <tunables/global>
-profile postfix-discard /usr/lib/postfix/{bin/,sbin/,}discard {
+profile postfix-discard /usr/lib{,exec}/postfix/{bin/,sbin/,}discard {
include <abstractions/base>
- /usr/lib/postfix/{bin/,sbin/,}discard mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}discard mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-discard>
diff --git a/profiles/apparmor/profiles/extras/postfix-dnsblog b/profiles/apparmor/profiles/extras/postfix-dnsblog
index 05c6a5f95bda48112b164740439e19581e977f49..a16be29aee6df3f5cdbd8441827fe49f7943fe9c 100644
--- a/profiles/apparmor/profiles/extras/postfix-dnsblog
+++ b/profiles/apparmor/profiles/extras/postfix-dnsblog
@@ -9,14 +9,14 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <tunables/global>
-profile postfix-dnsblog /usr/lib/postfix/{bin/,sbin/,}dnsblog {
+profile postfix-dnsblog /usr/lib{,exec}/postfix/{bin/,sbin/,}dnsblog {
include <abstractions/base>
- /usr/lib/postfix/{bin/,sbin/,}dnsblog mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}dnsblog mrix,
/var/spool/postfix/private/dnsblog rw,
diff --git a/profiles/apparmor/profiles/extras/postfix-error b/profiles/apparmor/profiles/extras/postfix-error
index 709875515a61f1a761ac4ad3d2889bbf454b9b02..609a23b3ae850834c43fde66958a9fef2c22bdb7 100644
--- a/profiles/apparmor/profiles/extras/postfix-error
+++ b/profiles/apparmor/profiles/extras/postfix-error
@@ -10,16 +10,16 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <tunables/global>
-profile postfix-error /usr/lib/postfix/{bin/,sbin/,}error {
+profile postfix-error /usr/lib{,exec}/postfix/{bin/,sbin/,}error {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}error mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}error mrix,
owner /var/spool/postfix/active/* rwk,
/var/spool/postfix/pid/unix.error rwk,
diff --git a/profiles/apparmor/profiles/extras/postfix-flush b/profiles/apparmor/profiles/extras/postfix-flush
index c51478e322042e113abe02fc9ca44c462b41df82..6080dc5595478c748fc3e4c88e5ac9e406d12fcd 100644
--- a/profiles/apparmor/profiles/extras/postfix-flush
+++ b/profiles/apparmor/profiles/extras/postfix-flush
@@ -10,16 +10,16 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <tunables/global>
-profile postfix-flush /usr/lib/postfix/{bin/,sbin/,}flush {
+profile postfix-flush /usr/lib{,exec}/postfix/{bin/,sbin/,}flush {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}flush mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}flush mrix,
/{var/spool/postfix/,}deferred/ r,
/{var/spool/postfix/,}deferred/[0-9A-F]/[0-9A-F]/* rwl,
diff --git a/profiles/apparmor/profiles/extras/postfix-lmtp b/profiles/apparmor/profiles/extras/postfix-lmtp
index 9ffbc74bd89e516b3ed89032248d11d10ac9d6c5..0dc6bf9492c283546ce6d7c4de829dacd7521770 100644
--- a/profiles/apparmor/profiles/extras/postfix-lmtp
+++ b/profiles/apparmor/profiles/extras/postfix-lmtp
@@ -10,16 +10,16 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <tunables/global>
-profile postfix-lmtp /usr/lib/postfix/{bin/,sbin/,}lmtp {
+profile postfix-lmtp /usr/lib{,exec}/postfix/{bin/,sbin/,}lmtp {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}lmtp mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}lmtp mrix,
/var/spool/postfix/active/* rwk,
/var/spool/postfix/pid/unix.lmtp rwk,
diff --git a/profiles/apparmor/profiles/extras/postfix-local b/profiles/apparmor/profiles/extras/postfix-local
index 72b7a57423f198e51fd604d1a53639266e7ad89a..145961783b676e930e75c5f22fb88ab0593a019b 100644
--- a/profiles/apparmor/profiles/extras/postfix-local
+++ b/profiles/apparmor/profiles/extras/postfix-local
@@ -10,11 +10,11 @@
#
# ------------------------------------------------------------------
- abi <abi/3.0>,
+ abi <abi/4.0>,
include <tunables/global>
-profile postfix-local /usr/lib/postfix/{bin/,sbin/,}local {
+profile postfix-local /usr/lib{,exec}/postfix/{bin/,sbin/,}local {
include <abstractions/base>
include <abstractions/bash>
include <abstractions/nameservice>
@@ -27,7 +27,7 @@ profile postfix-local /usr/lib/postfix/{bin/,sbin/,}local {
/var/mailman/mail/wrapper Px,
/usr/bin/mlmmj-recieve Px,
- /usr/lib/postfix/{bin/,sbin/,}local mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}local mrix,
/{usr/,}bin/bash mixr,
/{usr/,}bin/date mixr,
diff --git a/profiles/apparmor/profiles/extras/postfix-master b/profiles/apparmor/profiles/extras/postfix-master
index e06c45506cf68293897216491e4d16a7e28c864d..6d8e7856d446ba7a554f52b5e8dcc73956a51732 100644
--- a/profiles/apparmor/profiles/extras/postfix-master
+++ b/profiles/apparmor/profiles/extras/postfix-master
@@ -10,11 +10,11 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-master /usr/lib/postfix/{bin/,sbin/,}master {
+profile postfix-master /usr/lib{,exec}/postfix/{bin/,sbin/,}master {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
@@ -37,25 +37,28 @@ profile postfix-master /usr/lib/postfix/{bin/,sbin/,}master {
/{var/spool/postfix/,}private/tlsmgr rwl,
/{var/spool/postfix/,}public/{cleanup,flush,pickup,postlog,qmgr,showq,tlsmgr} rwl,
- /usr/lib/postfix/{bin/,sbin/,}anvil Px,
- /usr/lib/postfix/{bin/,sbin/,}bounce Px,
- /usr/lib/postfix/{bin/,sbin/,}cleanup Px,
- /usr/lib/postfix/{bin/,sbin/,}error Px,
- /usr/lib/postfix/{bin/,sbin/,}flush Px,
- /usr/lib/postfix/{bin/,sbin/,}local Px,
- /usr/lib/postfix/{bin/,sbin/,}lmtp mrPx,
- /usr/lib/postfix/{bin/,sbin/,}master mrix,
- /usr/lib/postfix/{bin/,sbin/,}nqmgr Px,
- /usr/lib/postfix/{bin/,sbin/,}proxymap Px,
- /usr/lib/postfix/{bin/,sbin/,}pickup Px,
- /usr/lib/postfix/{bin/,sbin/,}pipe Px,
- /usr/lib/postfix/{bin/,sbin/,}qmgr Px,
- /usr/lib/postfix/{bin/,sbin/,}scache Px,
- /usr/lib/postfix/{bin/,sbin/,}showq Px,
- /usr/lib/postfix/{bin/,sbin/,}smtp Px,
- /usr/lib/postfix/{bin/,sbin/,}smtpd Px,
- /usr/lib/postfix/{bin/,sbin/,}tlsmgr Px,
- /usr/lib/postfix/{bin/,sbin/,}trivial-rewrite Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}anvil Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}bounce Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}cleanup Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}error Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}flush Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}local Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}lmtp mrPx,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}master mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}nqmgr Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}proxymap Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}pickup Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}pipe Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}postfix-tlsproxy Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}postscreen Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}qmgr Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}scache Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}showq Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}smtp Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}smtpd Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}spawn Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}tlsmgr Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}trivial-rewrite Px,
owner /var/lib/postfix/master.lock rwk,
diff --git a/profiles/apparmor/profiles/extras/postfix-nqmgr b/profiles/apparmor/profiles/extras/postfix-nqmgr
index 0a293917683e399a234d56af1a5a4bbeb17260d2..e537e1155b1b822aad22ba7e2023948e081085e0 100644
--- a/profiles/apparmor/profiles/extras/postfix-nqmgr
+++ b/profiles/apparmor/profiles/extras/postfix-nqmgr
@@ -9,16 +9,16 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-nqmgr /usr/lib/postfix/{bin/,sbin/,}nqmgr {
+profile postfix-nqmgr /usr/lib{,exec}/postfix/{bin/,sbin/,}nqmgr {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}nqmgr mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}nqmgr mrix,
/{var/spool/postfix/,}active/ r,
/{var/spool/postfix/,}active/[0-9A-F]/ r,
diff --git a/profiles/apparmor/profiles/extras/postfix-oqmgr b/profiles/apparmor/profiles/extras/postfix-oqmgr
index 443243c37e624053fd7fa45596d4d5f0c77d1196..34e7135563e566e2f3cbfa05e9ab3f4f8aaabde3 100644
--- a/profiles/apparmor/profiles/extras/postfix-oqmgr
+++ b/profiles/apparmor/profiles/extras/postfix-oqmgr
@@ -10,16 +10,16 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-oqmgr /usr/lib/postfix/{bin/,sbin/,}oqmgr {
+profile postfix-oqmgr /usr/lib{,exec}/postfix/{bin/,sbin/,}oqmgr {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}oqmgr mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}oqmgr mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-oqmgr>
diff --git a/profiles/apparmor/profiles/extras/postfix-pickup b/profiles/apparmor/profiles/extras/postfix-pickup
index 6bd5af916028ad1f3df683fc6d7fe73e165ba146..a0cba743e4da24a775f4dfa145921f5291ff8522 100644
--- a/profiles/apparmor/profiles/extras/postfix-pickup
+++ b/profiles/apparmor/profiles/extras/postfix-pickup
@@ -9,16 +9,16 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-pickup /usr/lib/postfix/{bin/,sbin/,}pickup {
+profile postfix-pickup /usr/lib{,exec}/postfix/{bin/,sbin/,}pickup {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}pickup mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}pickup mrix,
/{var/spool/postfix/,}public/cleanup rw,
/{var/spool/postfix/,}public/pickup r,
diff --git a/profiles/apparmor/profiles/extras/postfix-pipe b/profiles/apparmor/profiles/extras/postfix-pipe
index 6567568bcdb2a03c154c921c4e092e3080950650..dc4944ba1f4e1de43b16887f7d9f0b8402cb242b 100644
--- a/profiles/apparmor/profiles/extras/postfix-pipe
+++ b/profiles/apparmor/profiles/extras/postfix-pipe
@@ -10,16 +10,16 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-pipe /usr/lib/postfix/{bin/,sbin/,}pipe {
+profile postfix-pipe /usr/lib{,exec}/postfix/{bin/,sbin/,}pipe {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}pipe mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}pipe mrix,
/var/spool/postfix/active/* rwk,
/var/spool/postfix/private/bounce w,
diff --git a/profiles/apparmor/profiles/extras/postfix-postscreen b/profiles/apparmor/profiles/extras/postfix-postscreen
index ace8edb6c41ab48df733cc5d377f7c6d4ab4db03..b11bd8fc03654c1b4854f2a0e2789cc311b6e546 100644
--- a/profiles/apparmor/profiles/extras/postfix-postscreen
+++ b/profiles/apparmor/profiles/extras/postfix-postscreen
@@ -8,14 +8,17 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-postscreen /usr/lib/postfix/{bin/,sbin/,}postscreen {
+profile postfix-postscreen /usr/lib{,exec}/postfix/{bin/,sbin/,}postscreen {
include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}postscreen mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}postscreen mrix,
+ owner /var/lib/postfix/{,__db.}postscreen_cache.db rwk,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-postscreen>
diff --git a/profiles/apparmor/profiles/extras/postfix-proxymap b/profiles/apparmor/profiles/extras/postfix-proxymap
index 18f0f73de1a8ed27a5ef22f5642595f833cdebb9..e41e2f4727ad580d4e478eafc6c007f93f589bdb 100644
--- a/profiles/apparmor/profiles/extras/postfix-proxymap
+++ b/profiles/apparmor/profiles/extras/postfix-proxymap
@@ -10,19 +10,18 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-proxymap /usr/lib/postfix/{bin/,sbin/,}proxymap {
+profile postfix-proxymap /usr/lib{,exec}/postfix/{bin/,sbin/,}proxymap {
include <abstractions/base>
include <abstractions/nameservice>
- include <abstractions/openssl>
include <abstractions/postfix-common>
/etc/my.cnf r,
- /usr/lib/postfix/{bin/,sbin/,}proxymap mrix,
- /{var/spool/postfix/,}private/proxymap rw,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}proxymap mrix,
+ /{var/spool/postfix/,}private/proxymap rw,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-proxymap>
diff --git a/profiles/apparmor/profiles/extras/postfix-qmgr b/profiles/apparmor/profiles/extras/postfix-qmgr
index 93f74e70b3a56e187ebaa412d8491e31784c09f2..336200409312f0ca3938b105d87ba1c1064a729f 100644
--- a/profiles/apparmor/profiles/extras/postfix-qmgr
+++ b/profiles/apparmor/profiles/extras/postfix-qmgr
@@ -9,16 +9,16 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-qmgr /usr/lib/postfix/{bin/,sbin/,}qmgr {
+profile postfix-qmgr /usr/lib{,exec}/postfix/{bin/,sbin/,}qmgr {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}qmgr mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}qmgr mrix,
/{var/spool/postfix/,}active/ r,
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rwl,
diff --git a/profiles/apparmor/profiles/extras/postfix-qmqpd b/profiles/apparmor/profiles/extras/postfix-qmqpd
index fbcdd9aeea31f6b475d19e3cf251b94afa720205..6b9ef925895d2de6438cc0f103a27ae37bda6f58 100644
--- a/profiles/apparmor/profiles/extras/postfix-qmqpd
+++ b/profiles/apparmor/profiles/extras/postfix-qmqpd
@@ -9,16 +9,16 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-qmqpd /usr/lib/postfix/{bin/,sbin/,}qmqpd {
+profile postfix-qmqpd /usr/lib{,exec}/postfix/{bin/,sbin/,}qmqpd {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}qmqpd mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}qmqpd mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-qmqpd>
diff --git a/profiles/apparmor/profiles/extras/postfix-scache b/profiles/apparmor/profiles/extras/postfix-scache
index 070171cab2aa78c1940e1a480deeb3e43851422f..20e9b92059c4c30d3a691c8a58b4d7849f9609b1 100644
--- a/profiles/apparmor/profiles/extras/postfix-scache
+++ b/profiles/apparmor/profiles/extras/postfix-scache
@@ -11,16 +11,16 @@
# vim:syntax=apparmor
# Last Modified: Tue May 31 09:46:20 2005
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-scache /usr/lib/postfix/{bin/,sbin/,}scache {
+profile postfix-scache /usr/lib{,exec}/postfix/{bin/,sbin/,}scache {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}scache mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}scache mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-scache>
diff --git a/profiles/apparmor/profiles/extras/postfix-showq b/profiles/apparmor/profiles/extras/postfix-showq
index be2ed2fa71f2ee6dae26dc63eb30cf750873c5dc..bcfddd435b33645bdb46485428183948bd810044 100644
--- a/profiles/apparmor/profiles/extras/postfix-showq
+++ b/profiles/apparmor/profiles/extras/postfix-showq
@@ -10,16 +10,16 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-showq /usr/lib/postfix/{bin/,sbin/,}showq {
+profile postfix-showq /usr/lib{,exec}/postfix/{bin/,sbin/,}showq {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}showq mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}showq mrix,
/{var/spool/postfix/,}active/ r,
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* r,
@@ -38,10 +38,12 @@ profile postfix-showq /usr/lib/postfix/{bin/,sbin/,}showq {
/{var/spool/postfix/,}hold/[0-9A-F]/[0-9A-F]/* r,
/{var/spool/postfix/,}hold/[0-9A-F]/[0-9A-F]/ r,
/{var/spool/postfix/,}hold/[0-9A-F]/ r,
+ /{var/spool/postfix/,}hold/[0-9A-F]* r,
/{var/spool/postfix/,}incoming/ r,
/{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/* r,
/{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/ r,
/{var/spool/postfix/,}incoming/[0-9A-F]/ r,
+ /{var/spool/postfix/,}incoming/[0-9A-F]* r,
/{var/spool/postfix/,}maildrop/ r,
/{var/spool/postfix/,}maildrop/[0-9A-F]*[0-9A-F] r,
/{var/spool/postfix/,}maildrop/[0-9A-F]/ r,
diff --git a/profiles/apparmor/profiles/extras/postfix-smtp b/profiles/apparmor/profiles/extras/postfix-smtp
index bf26529d428be1304b0e672c51f57926c377c607..dbef2c9e749f002c912770e05314dada63687d03 100644
--- a/profiles/apparmor/profiles/extras/postfix-smtp
+++ b/profiles/apparmor/profiles/extras/postfix-smtp
@@ -10,21 +10,20 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-smtp /usr/lib/postfix/{bin/,sbin/,}smtp {
+profile postfix-smtp /usr/lib{,exec}/postfix/{bin/,sbin/,}smtp {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- include <abstractions/openssl>
capability dac_override,
capability dac_read_search,
capability net_bind_service,
- /usr/lib/postfix/{bin/,sbin/,}smtp mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}smtp mrix,
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rwl,
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ rwl,
@@ -40,7 +39,7 @@ profile postfix-smtp /usr/lib/postfix/{bin/,sbin/,}smtp {
/{var/spool/postfix/,}private/trace w,
/{var/spool/postfix/,}public/flush w,
/{var/spool/postfix/,}pid/unix.smtp rwk,
- /{var/spool/postfix/,}pid/unix.relay rw,
+ /{var/spool/postfix/,}pid/unix.relay rwk,
/etc/postfix/{ssl/,}*.pem r,
/etc/postfix/prng_exch rw,
/usr/share/ssl/certs/ca-bundle.crt r,
diff --git a/profiles/apparmor/profiles/extras/postfix-smtpd b/profiles/apparmor/profiles/extras/postfix-smtpd
index 8b397f32b4602cbda5149e538ed77995635ec06b..ca7e570720dd09b50736139732c2529f4b39975f 100644
--- a/profiles/apparmor/profiles/extras/postfix-smtpd
+++ b/profiles/apparmor/profiles/extras/postfix-smtpd
@@ -10,22 +10,21 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-smtpd /usr/lib/postfix/{bin/,sbin/,}smtpd {
+profile postfix-smtpd /usr/lib{,exec}/postfix/{bin/,sbin/,}smtpd {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- include <abstractions/openssl>
include <abstractions/ssl_certs>
include <abstractions/ssl_keys>
capability dac_override,
capability dac_read_search,
- /usr/lib/postfix/{bin/,sbin/,}smtpd mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}smtpd mrix,
/usr/sbin/postdrop rPx,
/dev/urandom r,
@@ -45,6 +44,7 @@ profile postfix-smtpd /usr/lib/postfix/{bin/,sbin/,}smtpd {
/{var/spool/postfix/,}incoming/* rw,
/{var/spool/postfix/,}pid/inet.* rwk,
+ /{var/spool/postfix/,}pid/pass.smtpd rwk,
/{var/spool/postfix/,}private/anvil rw,
/{var/spool/postfix/,}private/proxymap rw,
/{var/spool/postfix/,}private/rewrite rw,
diff --git a/profiles/apparmor/profiles/extras/postfix-spawn b/profiles/apparmor/profiles/extras/postfix-spawn
index 721849ad59fcbd7947b6ceecd72ff2633a8acb33..0f44e28f8b871de502a8b119cfa3d5f8af1cd326 100644
--- a/profiles/apparmor/profiles/extras/postfix-spawn
+++ b/profiles/apparmor/profiles/extras/postfix-spawn
@@ -9,16 +9,16 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-spawn /usr/lib/postfix/{bin/,sbin/,}spawn {
+profile postfix-spawn /usr/lib{,exec}/postfix/{bin/,sbin/,}spawn {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}spawn mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}spawn mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-spawn>
diff --git a/profiles/apparmor/profiles/extras/postfix-tlsmgr b/profiles/apparmor/profiles/extras/postfix-tlsmgr
index f74c39333572722d21cbafdcd81d16928ccbbf71..7d14f960aa0ba318cbd84195c8dd51fe1423c849 100644
--- a/profiles/apparmor/profiles/extras/postfix-tlsmgr
+++ b/profiles/apparmor/profiles/extras/postfix-tlsmgr
@@ -10,17 +10,16 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-tlsmgr /usr/lib/postfix/{bin/,sbin/,}tlsmgr {
+profile postfix-tlsmgr /usr/lib{,exec}/postfix/{bin/,sbin/,}tlsmgr {
include <abstractions/base>
include <abstractions/nameservice>
- include <abstractions/openssl>
include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}tlsmgr mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}tlsmgr mrix,
/var/spool/postfix/dev/urandom r,
/{etc,var/lib}/postfix/prng_exch rwk,
diff --git a/profiles/apparmor/profiles/extras/postfix-tlsproxy b/profiles/apparmor/profiles/extras/postfix-tlsproxy
new file mode 100644
index 0000000000000000000000000000000000000000..2f94edb1737cc864d5ffa367517509614c8d11c3
--- /dev/null
+++ b/profiles/apparmor/profiles/extras/postfix-tlsproxy
@@ -0,0 +1,27 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2024 pyllyukko
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+profile postfix-tlsproxy /usr/lib{,exec}/postfix/{bin/,sbin/,}tlsproxy {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
+ include <abstractions/ssl_keys>
+
+ capability dac_read_search,
+
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}tlsproxy mrix,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/postfix-tlsproxy>
+}
diff --git a/profiles/apparmor/profiles/extras/postfix-trivial-rewrite b/profiles/apparmor/profiles/extras/postfix-trivial-rewrite
index 59fc6b4d7cb755aaf3ff43a30e340ba8da526d22..c6ec25b7b582091333d6684293e98027e7c96b32 100644
--- a/profiles/apparmor/profiles/extras/postfix-trivial-rewrite
+++ b/profiles/apparmor/profiles/extras/postfix-trivial-rewrite
@@ -10,18 +10,18 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-trivial-rewrite /usr/lib/postfix/{bin/,sbin/,}trivial-rewrite {
+profile postfix-trivial-rewrite /usr/lib{,exec}/postfix/{bin/,sbin/,}trivial-rewrite {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
capability dac_read_search,
- /usr/lib/postfix/{bin/,sbin/,}trivial-rewrite mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}trivial-rewrite mrix,
/etc/{m,fs}tab r,
/var/spool/postfix/pid/unix.rewrite rw,
diff --git a/profiles/apparmor/profiles/extras/postfix-verify b/profiles/apparmor/profiles/extras/postfix-verify
index b2f52d950840ecd0112925159a3ab501a73dd8b5..4b4a337216c87f63721011f1001aeac396ad012c 100644
--- a/profiles/apparmor/profiles/extras/postfix-verify
+++ b/profiles/apparmor/profiles/extras/postfix-verify
@@ -9,16 +9,16 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-verify /usr/lib/postfix/{bin/,sbin/,}verify {
+profile postfix-verify /usr/lib{,exec}/postfix/{bin/,sbin/,}verify {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}verify mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}verify mrix,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/postfix-verify>
diff --git a/profiles/apparmor/profiles/extras/postfix-virtual b/profiles/apparmor/profiles/extras/postfix-virtual
index 89b2f59d43b52cbb6dd1528c3ff813e062b045c2..b42df4ce455f2133614b05784fd4a567067befdb 100644
--- a/profiles/apparmor/profiles/extras/postfix-virtual
+++ b/profiles/apparmor/profiles/extras/postfix-virtual
@@ -9,16 +9,16 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
-profile postfix-virtual /usr/lib/postfix/{bin/,sbin/,}virtual {
+profile postfix-virtual /usr/lib{,exec}/postfix/{bin/,sbin/,}virtual {
include <abstractions/base>
include <abstractions/nameservice>
include <abstractions/postfix-common>
- /usr/lib/postfix/{bin/,sbin/,}virtual mrix,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}virtual mrix,
/var/spool/postfix/active/* rw,
/var/spool/postfix/pid/unix.virtual rw,
diff --git a/profiles/apparmor/profiles/extras/rpcbind b/profiles/apparmor/profiles/extras/rpcbind
new file mode 100644
index 0000000000000000000000000000000000000000..634fc5f96603a7d6afb63a65a31eb87d6de9d408
--- /dev/null
+++ b/profiles/apparmor/profiles/extras/rpcbind
@@ -0,0 +1,32 @@
+# vim:syntax=apparmor
+# Author: Daniel Richard G. <skunk@iSKUNK.ORG>
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+profile rpcbind /{usr/,}sbin/rpcbind {
+ include <abstractions/base>
+ include <abstractions/hosts_access>
+ include <abstractions/nameservice>
+
+ # needed to sanely drop privileges
+ capability setgid,
+ capability setuid,
+
+ network inet dgram,
+ network inet6 dgram,
+
+ /etc/default/rpcbind r,
+ /etc/netconfig r,
+ /etc/rpcbind.conf r,
+ /{usr/,}sbin/rpcbind mrix,
+ @{run}/rpcbind.lock rwk,
+ @{run}/rpcbind.sock rwk,
+ @{run}/rpcbind/portmap.xdr rw,
+ @{run}/rpcbind/rpcbind.xdr rw,
+ @{run}/systemd/notify w,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/rpcbind>
+}
diff --git a/profiles/apparmor/profiles/extras/sbin.dhclient b/profiles/apparmor/profiles/extras/sbin.dhclient
index 095615a9754cfa3eda64882549a477d99b78888c..285c07e8bdb63188b66cfbd5760c066474f4a5e8 100644
--- a/profiles/apparmor/profiles/extras/sbin.dhclient
+++ b/profiles/apparmor/profiles/extras/sbin.dhclient
@@ -19,14 +19,13 @@
# /usr/bin/vmstat mrix,
# /usr/bin/w mrix,
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
profile dhclient /{usr/,}sbin/dhclient {
include <abstractions/base>
include <abstractions/bash>
- include <abstractions/openssl>
include <abstractions/nameservice>
capability net_raw,
diff --git a/profiles/apparmor/profiles/extras/sbin.dhclient-script b/profiles/apparmor/profiles/extras/sbin.dhclient-script
index 16a9a5e8f8443a25cd5e6d93ef74c29c476ff523..a73809e87663ca9bd3431113a18d0104fb06fd62 100644
--- a/profiles/apparmor/profiles/extras/sbin.dhclient-script
+++ b/profiles/apparmor/profiles/extras/sbin.dhclient-script
@@ -1,6 +1,6 @@
# Last Modified: Tue Jan 25 16:48:30 2011
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/sbin.dhcpcd b/profiles/apparmor/profiles/extras/sbin.dhcpcd
index 60745d30966772cbaefd78e779d3f4c56394eaf7..5c485ec26ccc5ed67cdbf4bf3be3ddc32a0c6284 100644
--- a/profiles/apparmor/profiles/extras/sbin.dhcpcd
+++ b/profiles/apparmor/profiles/extras/sbin.dhcpcd
@@ -16,7 +16,7 @@
#
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/sbin.portmap b/profiles/apparmor/profiles/extras/sbin.portmap
index c1beff557204a8498a7a318929d60316c608b928..e2783fd3f433733a7e7f4f8e5ab8848de951cc92 100644
--- a/profiles/apparmor/profiles/extras/sbin.portmap
+++ b/profiles/apparmor/profiles/extras/sbin.portmap
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/sbin.resmgrd b/profiles/apparmor/profiles/extras/sbin.resmgrd
index aee87796fe2df0e9d0db38715e19029fca89055e..bbbc4021f70f3c219737e2dbe3c697cf05091929 100644
--- a/profiles/apparmor/profiles/extras/sbin.resmgrd
+++ b/profiles/apparmor/profiles/extras/sbin.resmgrd
@@ -10,7 +10,7 @@
# vim:syntax=apparmor
# Last Modified: Mon Mar 13 15:55:30 2006
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/sbin.rpc.lockd b/profiles/apparmor/profiles/extras/sbin.rpc.lockd
index dab9dfc079cc6399aef427f561332b4a853b4dde..772e12551e9a831ef011a9a1c3dcb10bf764776a 100644
--- a/profiles/apparmor/profiles/extras/sbin.rpc.lockd
+++ b/profiles/apparmor/profiles/extras/sbin.rpc.lockd
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/sbin.rpc.statd b/profiles/apparmor/profiles/extras/sbin.rpc.statd
index ec0d8570541318de5fb31b57e2f4b7f390be2f52..42ba0ce29fe9fa8a6bf4a26316a3e3965571d297 100644
--- a/profiles/apparmor/profiles/extras/sbin.rpc.statd
+++ b/profiles/apparmor/profiles/extras/sbin.rpc.statd
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/unshare-userns-restrict b/profiles/apparmor/profiles/extras/unshare-userns-restrict
new file mode 100644
index 0000000000000000000000000000000000000000..731f18b9c387985826daf3da9788bdfdc8472fcb
--- /dev/null
+++ b/profiles/apparmor/profiles/extras/unshare-userns-restrict
@@ -0,0 +1,75 @@
+# This profile allows almost everything and only exists to allow
+# unshare to work on a system with user namespace restrictions
+# being enforced.
+# unshare is allowed access to user namespaces and capabilities
+# within the user namespace, but its children do not have
+# capabilities, blocking unshare from being able to be used to
+# arbitrarily by-pass the user namespace restrictions.
+# We restrict x mapping of any code that is unknown while unshare
+# has privilige within the namespace. To help ensure unshare can't
+# be used to attack the kernel.
+#
+# disabled by default as it can break some use cases on a system that
+# doesn't have or has disable user namespace restrictions for unconfined
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+profile unshare /usr/bin/unshare flags=(attach_disconnected mediate_deleted) {
+ # not allow all, to allow for pix stack on systems that don't support
+ # rule priority.
+ #
+ # sadly we have to allow 'm' every where to allow children to work under
+ # profile stacking atm.
+ allow capability,
+ allow file rwmlk /{**,},
+ allow network,
+ allow unix,
+ allow ptrace,
+ allow signal,
+ allow mqueue,
+ allow io_uring,
+ allow userns,
+ allow mount,
+ allow umount,
+ allow pivot_root,
+ allow dbus,
+ # This will stack a target profile against unpriv_unshare
+ # Most of the comments for the pix transition in bwrap-userns-restrict
+ # also apply here, with the exception of unshare not using no-new-privs
+ # Thus, we only need a two-layer stack instead of a three-layer stack
+ audit allow pix /** -> &unpriv_unshare,
+
+ # the local include should not be used without understanding the userns
+ # restriction.
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/unshare-userns-restrict>
+}
+
+profile unpriv_unshare flags=(attach_disconnected mediate_deleted) {
+ # not allow all, to allow for pix stack
+ allow file rwlkm /{**,},
+ allow network,
+ allow unix,
+ allow ptrace,
+ allow signal,
+ allow mqueue,
+ allow io_uring,
+ allow userns,
+ allow mount,
+ allow umount,
+ allow pivot_root,
+ allow dbus,
+
+ # Maintain the stack against itself for further transitions
+ # If done recursively the stack will remove any duplicate
+ allow pix /** -> &unpriv_unshare,
+
+ audit deny capability,
+
+ # the local include should not be used without understanding the userns
+ # restriction.
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/unpriv_unshare>
+}
diff --git a/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient b/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient
index d1244f39acd600362c3d376553500adef678031c..c820903809a39b7bba1c71b9d0963f1425e6f7fb 100644
--- a/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient
+++ b/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.acroread b/profiles/apparmor/profiles/extras/usr.bin.acroread
index d88aaadf781c7c3e3d68285799e6146b247ec015..75de6889bb9058f62f2e7aa9463d4ade14356813 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.acroread
+++ b/profiles/apparmor/profiles/extras/usr.bin.acroread
@@ -10,7 +10,7 @@
# vim:syntax=apparmor
# Last Modified: Wed Aug 24 16:21:32 2005
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.apropos b/profiles/apparmor/profiles/extras/usr.bin.apropos
index 0ac126cc1ca8849d7fb944b680efcf69ec4178c0..a39edb466a3d3320bbb8cad73acc6fb48bdebe2a 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.apropos
+++ b/profiles/apparmor/profiles/extras/usr.bin.apropos
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.dumpcap b/profiles/apparmor/profiles/extras/usr.bin.dumpcap
index c23c378c669afd37e3b1567a4da3d6b60d6ab1f6..68dbb47e51582669a889c790790e228e1298de0b 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.dumpcap
+++ b/profiles/apparmor/profiles/extras/usr.bin.dumpcap
@@ -1,6 +1,6 @@
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10 b/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10
index 50e8e64c47eb061eb2061e98247c0d0d036857d7..c98318e409f4ce37510d36cbaec1391ea6952b4d 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10
+++ b/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10
@@ -38,7 +38,7 @@
#
#
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.fam b/profiles/apparmor/profiles/extras/usr.bin.fam
index 3981ef42002e0e5bd4ae6180ec61734587190eeb..fa50df548734b72266cc445a4e4bda43ec28e840 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.fam
+++ b/profiles/apparmor/profiles/extras/usr.bin.fam
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.freshclam b/profiles/apparmor/profiles/extras/usr.bin.freshclam
index 69ce3a56ac74fd22add2021809f6dade83e03f8e..8ddbb5aa31a4e06067324ece6359d9b0dc6673bd 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.freshclam
+++ b/profiles/apparmor/profiles/extras/usr.bin.freshclam
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -17,7 +17,6 @@ include <tunables/global>
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice>
- include <abstractions/openssl>
capability setgid,
capability setuid,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.gaim b/profiles/apparmor/profiles/extras/usr.bin.gaim
index 0ed2fb8e084cbd9b1be9ea231955be84197602e0..67a2ea640735abfb012055e42d320d2b8318a9cc 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.gaim
+++ b/profiles/apparmor/profiles/extras/usr.bin.gaim
@@ -10,7 +10,7 @@
# vim:syntax=apparmor
# Last Modified: Fri Sep 2 19:07:43 2005
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.man b/profiles/apparmor/profiles/extras/usr.bin.man
index ffc3adf078ab132c5c3c311d822a5959fa39bc27..a76d170963fd5457367de917302df5c8aaea481c 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.man
+++ b/profiles/apparmor/profiles/extras/usr.bin.man
@@ -12,7 +12,7 @@
# vim:syntax=apparmor
#
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
index 6eaa4aba7c2e443bffa73fd1badd9ace9a374042..10a14975cdf0c1dc3b5c4940eb5c62524acefdaa 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
index bf300e676fbbd65fafaeea7600704f5bf5ed82cd..27374208fa1b4d116241f623fb4beee80d384369 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh
index 3ca7b9abf699ae5b98131efbff9d85331cddf2b3..24f3e56f65f36f0d79019e79ee29ddaf3d3a9c49 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
index abeb56ada265702496cacf94dcea1b1a8c3bbe44..21ac1bb937dc8aadec08dbc3ca32dd6158cf44e0 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
index 78f11b6bb18dcf30ad991822bdcfceb034ab5011..ac142976af990889b3dc73105bafd2f58b975aa0 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve
index 5337b256dcefcf72fc049eee58060be3772f3e75..2a1261ec36f71f8f5cc05236997575e1b3467a72 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve
@@ -13,7 +13,7 @@
# mlmmj upstream renamed the (misspelled) mlmmj-recieve to mlmmj-receive,
# so this profile is probably superfluous
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
index f399af93038f625f6b7fc0823ccefaf59ae4a565..097fce4401cca36485851422b987d6b1038a8c6f 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
index 248a14a6f3951fe3e501076545a2f9c3394b3aa6..bdc77803b16d66c921b3c1885cea2dbfc817a980 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
index f6a4d5e706b70f81488a92cf5447fa310da9bc90..51c97e9148e97d31bd2af5c6441e95c7744883b0 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
@@ -10,7 +10,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.opera b/profiles/apparmor/profiles/extras/usr.bin.opera
index 1bda4ba3d450a8ca0c65860e3b284c5680c54a95..66e6d5cfce8cf328c305612cc2b9723cb3dd3c2c 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.opera
+++ b/profiles/apparmor/profiles/extras/usr.bin.opera
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
/usr/bin/opera {
diff --git a/profiles/apparmor/profiles/extras/usr.bin.passwd b/profiles/apparmor/profiles/extras/usr.bin.passwd
index 80ca9c180ef7a4eb30903e52187b65ad839b3f66..a137517c189cfc7e88ea6ac9ab058ffce71e478c 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.passwd
+++ b/profiles/apparmor/profiles/extras/usr.bin.passwd
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.procmail b/profiles/apparmor/profiles/extras/usr.bin.procmail
index c3a758a5587b7f18456ba93ef21fc6f4c1caadfb..eb7ed544a2cc119bed57f5b200d5e336e7663127 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.procmail
+++ b/profiles/apparmor/profiles/extras/usr.bin.procmail
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.skype b/profiles/apparmor/profiles/extras/usr.bin.skype
index 776f6c59c24fae0674cba7d63e4e4ead8d012e39..a49cba1ceeef93c80fdf70e11ddb8bf5b5f490a3 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.skype
+++ b/profiles/apparmor/profiles/extras/usr.bin.skype
@@ -3,7 +3,7 @@
# - Ðндрей Калинин, LP: #226624
# - Jamie Strandboge and Ivan Frederiks, LP: #933440
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
/usr/bin/skype flags=(complain) {
diff --git a/profiles/apparmor/profiles/extras/usr.bin.spamc b/profiles/apparmor/profiles/extras/usr.bin.spamc
index 00189384e4727719ffa8aa0577d3daa22212a4f9..ef7b09f4cf118fdc893086ecb9681578b6c65c8d 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.spamc
+++ b/profiles/apparmor/profiles/extras/usr.bin.spamc
@@ -10,7 +10,7 @@
# vim:syntax=apparmor
# Last Modified: Wed Feb 23 11:03:18 2005
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.svnserve b/profiles/apparmor/profiles/extras/usr.bin.svnserve
index e5d96861a6bfa99c640f975a1c1ae72628cae734..b7599250c7cc01c81d9554240cce4282481e40e7 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.svnserve
+++ b/profiles/apparmor/profiles/extras/usr.bin.svnserve
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.wireshark b/profiles/apparmor/profiles/extras/usr.bin.wireshark
index 261ca763c55769a9bc0851c63783ad6a5bd729a2..b05823dc2508ef72c693a68429145b2b7be4097d 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.wireshark
+++ b/profiles/apparmor/profiles/extras/usr.bin.wireshark
@@ -10,7 +10,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.bin.xfs b/profiles/apparmor/profiles/extras/usr.bin.xfs
index 4cebe704376a207806829f44c85945d3b1784984..05437dc52a4554c4704d701e632bd374c3f0ed12 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.xfs
+++ b/profiles/apparmor/profiles/extras/usr.bin.xfs
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2 b/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2
index d9bee8e3591cf53ccecc0c7b78bd4596be74bcc0..385b39e7a035480aa303243f1cc32b0aeb3d01ea 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2
+++ b/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2
@@ -10,7 +10,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay b/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay
index b0b5b9024c49676bbaf3f8f1ee05cea3fc3385eb..d9190b08c6e288fdbd0c75f9158d57783ed236af 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay
+++ b/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay
@@ -10,7 +10,7 @@
# vim:syntax=apparmor
# Last Modified: Wed Aug 31 11:14:09 2005
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server b/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server
index 156cb2fa4b55afea85da2cc4c3c9f6e61350b955..1d5209220df85f779035d009885cdabe11e4cf9e 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server
+++ b/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server
@@ -10,7 +10,7 @@
# vim:syntax=apparmor
# Last Modified: Mon Aug 29 10:49:30 2005
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10 b/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10
index c0f80a07635dc81770f0b3c3dfc6680e766ddf2a..57e328c4a31e69d7ff7d460fbf41478016aa0fd5 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10
+++ b/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10
@@ -10,7 +10,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client b/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client
index 2d9a50d6c046b9a7635ab0e11374a2d344841b93..c33c97c7769b7dbb492b3aeabd02a2b3340aace9 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client
+++ b/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client
@@ -10,7 +10,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.lib.man-db.man b/profiles/apparmor/profiles/extras/usr.lib.man-db.man
index 8fcf466044aefbe0c45e630343f260239852d658..5b099be2eca0c285b35cdae4ef5eb86c4f24838f 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.man-db.man
+++ b/profiles/apparmor/profiles/extras/usr.lib.man-db.man
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2 b/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2
index 0c4b367dec8a5a8ecf6065bc32457cb8be33de61..f932f57d4ab6dd05478a93580f7b061d1fbb2d52 100644
--- a/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2
+++ b/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2
@@ -10,7 +10,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.clamd b/profiles/apparmor/profiles/extras/usr.sbin.clamd
index 512a211b496036f24b679cdac0284de421e36e8d..9177046897c951f86634f3112d4713e66d074c99 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.clamd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.clamd
@@ -13,7 +13,6 @@ include <tunables/global>
profile clamd /usr/sbin/clamd {
include <abstractions/base>
include <abstractions/nameservice>
- include <abstractions/openssl>
capability setgid,
capability setuid,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.cupsd b/profiles/apparmor/profiles/extras/usr.sbin.cupsd
index d059ec97a0862d9d335db741a2e9c29dd38e2b51..b5bb1ea9b6d959441a29bfad9a5877545820cd4e 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.cupsd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.cupsd
@@ -1,6 +1,6 @@
# Last Modified: Sun Sep 16 18:11:15 2007
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
/usr/sbin/cupsd {
@@ -23,28 +23,28 @@ include <tunables/global>
/{usr/,}bin/cat ix,
/usr/bin/foomatic-rip ixr,
- /etc/foomatic/** r,
+ @{etc_ro}/foomatic/** r,
/usr/bin/gs ix,
/usr/lib/ghostscript/** m,
/usr/lib64/ghostscript/** m,
/usr/share/ghostscript/** r,
- /etc/ghostscript/** r,
+ @{etc_ro}/ghostscript/** r,
/dev/lp0 rw,
/dev/tty rw,
/dev/ttyS? w,
- /etc/cups rw,
- /etc/cups/ r,
- /etc/cups/** r,
- /etc/cups/certs w,
- /etc/cups/certs/* w,
- /etc/cups/*.conf* rw,
- /etc/cups/ppd rw,
- /etc/printcap rw,
- /etc/cups/printcap rw,
- /etc/cups/ssl rw,
- /etc/cups/yes/* rw,
+ @{etc_rw}/cups rw,
+ @{etc_rw}/cups/ r,
+ @{etc_rw}/cups/** r,
+ @{etc_rw}/cups/certs w,
+ @{etc_rw}/cups/certs/* w,
+ @{etc_rw}/cups/*.conf* rw,
+ @{etc_rw}/cups/ppd rw,
+ @{etc_rw}/printcap rw,
+ @{etc_rw}/cups/printcap rw,
+ @{etc_rw}/cups/ssl rw,
+ @{etc_rw}/cups/yes/* rw,
@{PROC}/meminfo r,
@{PROC}/sys/dev/parport/** r,
/sys/class/usb r,
@@ -65,6 +65,8 @@ include <tunables/global>
/var/cache/cups/ rw,
/var/cache/cups/** rw,
+ @{etc_ro}/paperspecs r,
+
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.cupsd>
}
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.dhcpd b/profiles/apparmor/profiles/extras/usr.sbin.dhcpd
index 19e511d14ec6e2bedbbfd8ee9862f1958ca0402a..2080af22836528963954d3c10f6a73310d3c5cb6 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.dhcpd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.dhcpd
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.haproxy b/profiles/apparmor/profiles/extras/usr.sbin.haproxy
index 99a92696f0c034eaa059a32fe4775bafaf740071..d99665687ba9a7a592470e9e409d670068a9295a 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.haproxy
+++ b/profiles/apparmor/profiles/extras/usr.sbin.haproxy
@@ -13,7 +13,6 @@ include <tunables/global>
profile haproxy /usr/sbin/haproxy {
include <abstractions/base>
include <abstractions/nameservice>
- include <abstractions/openssl>
capability net_admin,
capability net_bind_service,
capability setgid,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork b/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork
index b9ff89a35eab23e84b2263f8ec3fcc191fb532cd..1baa61d0330c82a38187e7c540f6c9e63bb79bf4 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork
+++ b/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -20,7 +20,6 @@ include <tunables/global>
include <abstractions/kerberosclient>
include <abstractions/nameservice>
include <abstractions/perl>
- include <abstractions/openssl>
capability kill,
capability net_bind_service,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.imapd b/profiles/apparmor/profiles/extras/usr.sbin.imapd
index c1277bbb7d10b6ed1909dccd80a23121cec59dd9..af41f7f1b96355e5134863d1baceb2ef9e0dcc88 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.imapd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.imapd
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -17,7 +17,6 @@ include <tunables/global>
include <abstractions/nameservice>
include <abstractions/authentication>
include <abstractions/user-mail>
- include <abstractions/openssl>
/dev/urandom r,
/tmp/* rwl,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd b/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd
index 685a123c03890f9fdd4af8f148d9c1f66be79a9a..43f6bc71dc47621680b2914b24e2979cf1acb1a6 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd b/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd
index d28986cca3e3570b10e7c93254a72166ec232749..04762d8f963297be71ff2cbd53a8c453d88e76d6 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd b/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd
index f33033df724b134419862c2f4dd348c012e705b7..eb00551421bdffba1deddfcb15efb5b53803db15 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.ipop2d b/profiles/apparmor/profiles/extras/usr.sbin.ipop2d
index ca0c4c7703d9713eb4f8704f0588a95226afae0e..0496cd37b65b0ffa1a065f235a0039f5e7fef1ce 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.ipop2d
+++ b/profiles/apparmor/profiles/extras/usr.sbin.ipop2d
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -17,7 +17,6 @@ include <tunables/global>
include <abstractions/nameservice>
include <abstractions/authentication>
include <abstractions/user-mail>
- include <abstractions/openssl>
/dev/urandom r ,
/tmp/.* rwl ,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.ipop3d b/profiles/apparmor/profiles/extras/usr.sbin.ipop3d
index e94ffc5cc53226a23e966b1b8fe8930a1a64e495..84963c588ab428b1ded92cac58f19ace9ccc2775 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.ipop3d
+++ b/profiles/apparmor/profiles/extras/usr.sbin.ipop3d
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -17,7 +17,6 @@ include <tunables/global>
include <abstractions/nameservice>
include <abstractions/authentication>
include <abstractions/user-mail>
- include <abstractions/openssl>
/dev/urandom r ,
/tmp/.* rwl ,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.lighttpd b/profiles/apparmor/profiles/extras/usr.sbin.lighttpd
index b331509c6795013c724692320d7ceb05a74c27f5..a6c4e7b139e8ed51db5cf5458993cb95de624bda 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.lighttpd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.lighttpd
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.mysqld b/profiles/apparmor/profiles/extras/usr.sbin.mysqld
index 6c93b1582f60a35af3416b8b30316b7a2ba2268c..44828dee44ed0c75ae460a9a0ff3ceb2181f39d8 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.mysqld
+++ b/profiles/apparmor/profiles/extras/usr.sbin.mysqld
@@ -12,7 +12,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.oidentd b/profiles/apparmor/profiles/extras/usr.sbin.oidentd
index 6353b6b5e28e4acbcec50bd96ad73b9c00b579d8..447021939f1b977167db8700a73f5f70fd60adc7 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.oidentd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.oidentd
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.popper b/profiles/apparmor/profiles/extras/usr.sbin.popper
index 0c6eb5d5fd1d43c24978c4156a10dee825bccf97..c7fcc5b77f54efe8c4aed1928d588b06036c3306 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.popper
+++ b/profiles/apparmor/profiles/extras/usr.sbin.popper
@@ -10,7 +10,7 @@
# vim:syntax=apparmor
# Last Modified: Wed Aug 31 11:14:09 2005
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.postalias b/profiles/apparmor/profiles/extras/usr.sbin.postalias
index c78c35f7f23c14325cdbce270a87d6d83a6cf89b..644b2ec2bc18dcdcd897119bcc7c47ea5f20b26d 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.postalias
+++ b/profiles/apparmor/profiles/extras/usr.sbin.postalias
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.postdrop b/profiles/apparmor/profiles/extras/usr.sbin.postdrop
index 8ec1843992ff447f61d42302402fd9a5e48b1c49..65186e158343f9145d34a908d7991e899f6744e8 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.postdrop
+++ b/profiles/apparmor/profiles/extras/usr.sbin.postdrop
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.postmap b/profiles/apparmor/profiles/extras/usr.sbin.postmap
index 656f10233c80355d996041d6de65c5f1c9218966..6501a34a2f44c19d9a1b322375c310380b83a7a3 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.postmap
+++ b/profiles/apparmor/profiles/extras/usr.sbin.postmap
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.postqueue b/profiles/apparmor/profiles/extras/usr.sbin.postqueue
index 9e1355f31983451bf16c470b6fc6d16d01a90112..dbaa49448ea3e26cc5e1989df23792e07718e3da 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.postqueue
+++ b/profiles/apparmor/profiles/extras/usr.sbin.postqueue
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -24,7 +24,7 @@ include <tunables/global>
/etc/postfix r,
/usr/sbin/postqueue rmix,
- /usr/lib/postfix/{bin/,sbin/,}showq Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}showq Px,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
/var/spool/postfix r,
/var/spool/postfix/maildrop r,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.sendmail b/profiles/apparmor/profiles/extras/usr.sbin.sendmail
index 75e903018c48fc9213b6171b91dcdba9c3d557f6..46ab43df972c76ba2bf50424a327e7fab024491b 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.sendmail
+++ b/profiles/apparmor/profiles/extras/usr.sbin.sendmail
@@ -11,7 +11,7 @@
# support /etc/alternatives/ -- SuSE has no such mechanism. So, this
# file supports _BOTH_ sendmail's sendmail and postfix's sendmail.
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -46,10 +46,10 @@ include <tunables/global>
/root/dead.letter w,
/root/.forward rw,
/usr/kerberos/lib/lib*.so* mr,
- /usr/lib/postfix/{bin/,sbin/,}master Px,
- /usr/lib/postfix/{bin/,sbin/,}smtpd Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}master Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}smtpd Px,
/usr/lib/postfix r,
- /usr/lib/postfix/{bin/,sbin/,}showq Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}showq Px,
/usr/lib/sasl2 r,
/usr/lib/sasl2/* mr,
/usr/lib/sasl r,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix
index 413e1bea67db1d38e1273f635042ff63b305f0d9..efbe3bfb41200dc52e140e6f3773c98356babfe7 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix
+++ b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -28,8 +28,8 @@ include <tunables/global>
/etc/postfix/postfix-script Px,
@{PROC}/net/if_inet6 r,
/usr/lib/postfix r,
- /usr/lib/postfix/{bin/,sbin/,}master Px,
- /usr/lib/postfix/{bin/,sbin/,}showq Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}master Px,
+ /usr/lib{,exec}/postfix/{bin/,sbin/,}showq Px,
/usr/sbin/postalias Px,
/usr/sbin/postdrop Px,
/usr/sbin/postqueue Px,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail
index bf923f83e5d42236a54589c57839e929e85152ec..04da74786f2bd0ff5c29cd1cceb4ce0dfac07ff5 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail
+++ b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.spamd b/profiles/apparmor/profiles/extras/usr.sbin.spamd
index 84b485eb5966f418b9068ec2515dce9f5379869e..dd0d8cfe37f8dabbc74515483a2414985ab18ea9 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.spamd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.spamd
@@ -10,7 +10,7 @@
# vim:syntax=apparmor
# Last Modified: Wed Feb 23 11:03:18 2005
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.squid b/profiles/apparmor/profiles/extras/usr.sbin.squid
index 15f8252d8013d0e6a8f1b033f99f16197f8b654d..20208716f5a8f005a9b7e96c74928f58f9db45cd 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.squid
+++ b/profiles/apparmor/profiles/extras/usr.sbin.squid
@@ -9,7 +9,7 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.sshd b/profiles/apparmor/profiles/extras/usr.sbin.sshd
index 98927ddd59425913e1a868d769325c777eefa31c..e925a76d3fa09c70fd2b9eb217fcf1e78e359fee 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.sshd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.sshd
@@ -14,7 +14,7 @@
#
# vim:syntax=apparmor
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
@@ -50,6 +50,15 @@ include <tunables/global>
# needed when /proc is mounted with hidepid>=1
ptrace (read,trace) peer="unconfined",
+ unix (bind) type=stream addr="@*/bus/sshd/system",
+
+ dbus (send)
+ bus=system
+ path=/org/freedesktop/login1
+ interface=org.freedesktop.login1.Manager
+ member=CreateSessionWithPIDFD
+ peer=(label=unconfined),
+
/dev/ptmx rw,
/dev/pts/[0-9]* rw,
/dev/urandom r,
@@ -62,7 +71,7 @@ include <tunables/global>
/usr/sbin/sshd mrix,
/usr/share/ssh/blacklist.* r,
/var/log/btmp rw,
- owner /{,var/}run/sshd{,.init}.pid wl,
+ owner @{run}/sshd{,.init}.pid wl,
@{HOME}/.ssh/authorized_keys{,2} r,
@{PROC}/cmdline r,
@@ -75,8 +84,10 @@ include <tunables/global>
owner @{PROC}/@{pid}/oom_adj rw,
owner @{PROC}/@{pid}/oom_score_adj rw,
- /sys/fs/cgroup/*/user/*/[0-9]*/ rw,
- /sys/fs/cgroup/systemd/user.slice/user-[0-9]*.slice/session-c[0-9]*.scope/ rw,
+ @{run}/systemd/notify w,
+
+ @{sys}/fs/cgroup/*/user/*/[0-9]*/ rw,
+ @{sys}/fs/cgroup/systemd/user.slice/user-[0-9]*.slice/session-c[0-9]*.scope/ rw,
/{usr/,}bin/ash Uxr,
/{usr/,}bin/bash Uxr,
@@ -112,7 +123,7 @@ include <tunables/global>
/usr/bin/passwd r,
/dev/pts/[0-9]* rw,
- /{,var/}run/utmp rwk,
+ @{run}/utmp rwk,
owner /etc/.pwd.lock rwk,
owner /etc/nshadow rw,
@@ -127,9 +138,13 @@ include <tunables/global>
owner @{HOME}/.cache/keyring-*/control rw,
}
- /etc.legal r,
+ /etc/legal r,
/etc/motd r,
- /{,var/}run/motd{,.dynamic}{,.new} rw,
+ @{run}/motd{,.dynamic}{,.new} rw,
+ @{run}/motd.d/ r,
+ @{run}/motd.d/* r,
+ owner @{HOME}/.cache/ w,
+ owner @{HOME}/.cache/motd.legal-displayed w,
/tmp/krb5cc* wk,
/tmp/ssh-[a-zA-Z0-9]*/ w,
/tmp/ssh-[a-zA-Z0-9]*/agent.[0-9]* wl,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.useradd b/profiles/apparmor/profiles/extras/usr.sbin.useradd
index 2f59f6d6fde5ad55fdcf5dc6c4664b7c7a3b42c6..0f8d255fa98e604cafff10e168988f759a2d8bfa 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.useradd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.useradd
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.userdel b/profiles/apparmor/profiles/extras/usr.sbin.userdel
index 5014c9c7fafc8b749015c77cffe270d230f459a9..56a013d5b4fe261afc31cf02a797513d9b4998a4 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.userdel
+++ b/profiles/apparmor/profiles/extras/usr.sbin.userdel
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.vsftpd b/profiles/apparmor/profiles/extras/usr.sbin.vsftpd
index 994fad61c9cc74b193d033b710c110c956ddd4b1..e081e6d08fe86a99f5722877011b29a4d8ce0497 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.vsftpd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.vsftpd
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.xinetd b/profiles/apparmor/profiles/extras/usr.sbin.xinetd
index 844f156cc46f04649baa50d0639d92dbd224b51f..0a66ad10db99546d7433267c4149028aba993d1d 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.xinetd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.xinetd
@@ -8,7 +8,7 @@
#
# ------------------------------------------------------------------
-abi <abi/3.0>,
+abi <abi/4.0>,
include <tunables/global>
diff --git a/run-spread.sh b/run-spread.sh
new file mode 100755
index 0000000000000000000000000000000000000000..da9ac89cfef7e764644551553279a90510382f64
--- /dev/null
+++ b/run-spread.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+# Run integration tests with spread sequentially on all the systems, using
+# multiple workers per system. This mode is suitable to run on a single
+# quad-core CPU with 8GB of RAM and no desktop session.
+set -xeu
+
+if test -z "$(command -v spread)"; then
+ echo "You need to install spread from https://github.com/snapcore/spread with the Go compiler and the command: go install github.com/snapcore/spread/cmd/spread@latest" >&2
+ exit 1
+fi
+
+if test -z "$(command -v image-garden)"; then
+ echo "You need to install image-garden from https://gitlab.com/zygoon/image-garden: make install prefix=/usr/local" >&2
+ exit 1
+fi
+
+rm -rf spread-logs spread-artifacts
+mkdir -p spread-logs
+for system in \
+ opensuse-cloud-tumbleweed \
+ debian-cloud-12 \
+ debian-cloud-13 \
+ ubuntu-cloud-22.04 \
+ ubuntu-cloud-24.04 \
+ ubuntu-cloud-24.10; do
+ if ! spread -artifacts ./spread-artifacts -v "$system" | tee spread-logs/"$system".log; then
+ echo "Spread exited with code $?" >spread-logs/"$system".failed
+ fi
+done
diff --git a/spread.yaml b/spread.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ee1ad81ed6c8d55397421c13a2f707f87630d2aa
--- /dev/null
+++ b/spread.yaml
@@ -0,0 +1,287 @@
+project: apparmor
+backends:
+ garden:
+ # The garden backend relies on https://gitlab.com/zygoon/image-garden
+ # TODO: Switch to a released version for better stability.
+ type: adhoc
+ allocate: |
+ # Use just enough RAM to link the parser on a virtual system with
+ # two cores. Using more cores may easily consume more memory, due
+ # to make -j$(nproc), used below than a small CI/CD system is
+ # typically granted. It is better to have more workers than to
+ # have one big worker with lots of resources.
+ export QEMU_MEM_OPTION="-m 1536"
+ export QEMU_SMP_OPTION="-smp 2"
+ ARCH="$(uname -m)"
+ # If a locally built kernel image exist then use it for booting.
+ # Care needs to be taken to make sure the kernel is compatible with
+ # loadable modules present in the file system.
+ if [ -f bzImage ]; then
+ # Create the qcow2/run files before setting custom kernel
+ # options, so that first boot and initialization happen in a
+ # standardized manner.
+ image-garden make "$SPREAD_SYSTEM"."$ARCH".run "$SPREAD_SYSTEM"."$ARCH".qcow2 1>&2
+ # Pass a simple drive instead of the more elaborate virtio
+ # configuration that is used by default. Some images may not
+ # support virtio enough for booting.
+ export QEMU_STORAGE_OPTION="-drive file=$SPREAD_SYSTEM.$ARCH.qcow2,format=qcow2"
+ # Refrain from passing EFI firmware to qemu so that we boot a
+ # kernel directly and bypass both EFI and BIOS.
+ export QEMU_BOOT_FIRMWARE_OPTION=""
+ # Pass the kernel and cmdline by hand. At present this is tuned
+ # to the Ubuntu cloud images that have the rootfs as the first
+ # partition.
+ exec image-garden allocate "$SPREAD_SYSTEM"."$ARCH" \
+ -kernel bzImage \
+ -append 'root=/dev/sda1 ro console=tty1 console=ttyS0'
+ fi
+ # Ask image garden to allocate the system and relay the result back
+ # to spread as either success of failure.
+ exec image-garden allocate "$SPREAD_SYSTEM"."$ARCH"
+ discard: image-garden discard "$SPREAD_SYSTEM_ADDRESS"
+ systems:
+ # All systems except for the one Ubuntu system are marked as
+ # manual. This way we don't accidentally spin up everything when
+ # someone runs spread without knowing better.
+ - opensuse-cloud-tumbleweed:
+ username: opensuse
+ password: opensuse
+ workers: 4
+ manual: true
+ - debian-cloud-12:
+ username: debian
+ password: debian
+ workers: 4
+ manual: true
+ - debian-cloud-13:
+ username: debian
+ password: debian
+ workers: 4
+ manual: true
+ - ubuntu-cloud-22.04:
+ username: ubuntu
+ password: ubuntu
+ workers: 4
+ manual: true
+ - ubuntu-cloud-24.04:
+ username: ubuntu
+ password: ubuntu
+ manual: true
+ - ubuntu-cloud-24.10:
+ username: ubuntu
+ password: ubuntu
+ workers: 4
+ - fedora-cloud-41:
+ username: fedora
+ password: fedora
+
+exclude:
+ - .git
+ - "*.o"
+ # Files related to spread and image-garden.
+ - "*.qcow2"
+ - "*.iso"
+ - "*.img"
+ - "*.log"
+ - "*.run"
+ - "*.lock"
+ - spread-logs
+ - spread-artifacts
+ # Locally provided kernel image. See allocate section in system backends,
+ # this image, if present, is passed directly to qemu.
+ - bzImage
+
+# Copy the project to this path on the test system.
+# This is also available as $SPREAD_PATH.
+path: /tmp/apparmor
+
+prepare: |
+ # Configure libapparmor but only if a makefile is not already present.
+ # This makes repeated iteration with -reuse much faster, as the chain of
+ # invocations of make below are efficient if nothing needs to be done.
+ if [ ! -f "$SPREAD_PATH"/libraries/libapparmor/Makefile ]; then
+ (
+ cd "$SPREAD_PATH"/libraries/libapparmor || exit 1
+ if ! sh ./autogen.sh; then
+ echo "The autogen.sh script has failed"
+ exit 1
+ fi
+ if ! sh ./configure --prefix=/usr --with-perl --with-python; then
+ echo "The generated configure script has failed"
+ cat config.log
+ exit 1
+ fi
+ )
+ fi
+ # Build libapparmor.
+ make -C "$SPREAD_PATH"/libraries/libapparmor -j"$(nproc)"
+ # Build apparmor_parser.
+ make -C "$SPREAD_PATH"/parser -j"$(nproc)"
+ # Build binary utilities (aa-exec and firends).
+ make -C "$SPREAD_PATH"/binutils -j"$(nproc)"
+ # Build python utilities.
+ make -C "$SPREAD_PATH"/utils -j"$(nproc)"
+ # Build apache and pam modules.
+ make -C "$SPREAD_PATH"/changehat/mod_apparmor -j"$(nproc)"
+ make -C "$SPREAD_PATH"/changehat/pam_apparmor -j"$(nproc)"
+
+# In case of failure, include the kernel version in the log.
+debug-each: |
+ uname -a
+
+suites:
+ tests/profiles/:
+ summary: Tests that exercise specific application profiles
+ systems:
+ # AppArmor is not enabled in the kernel.
+ - -fedora-cloud-*
+ # variables:
+ # PROFILE_NAME: name of the profile on disk
+ # PROGRAM_NAME: name of the program to execute
+ prepare-each: |
+ rm -f denials.txt
+
+ # Disable rate-limiting so that we see all denials.
+ sysctl --values kernel.printk_ratelimit >old-ratelimit.txt
+ sysctl --write kernel.printk_ratelimit=0
+
+ # Stop auditd so that all denials end up in the ring buffer.
+ if [ "$(systemctl is-active auditd.service)" != inactive ]; then
+ systemctl stop auditd.service
+ touch did-stop-auditd.txt
+ fi
+
+ # Clear the kernel ring buffer.
+ dmesg --clear
+
+ # Compute profile name from the name of the task.
+ echo "PROFILE_NAME=${PROFILE_NAME:=$(basename "$SPREAD_TASK")}"
+
+ "$SPREAD_PATH"/parser/apparmor_parser \
+ --warn=all \
+ --replace \
+ --skip-cache \
+ --base="$SPREAD_PATH"/profiles/apparmor.d \
+ "$SPREAD_PATH"/profiles/apparmor.d/"$PROFILE_NAME" 2>parser.txt
+ if [ -s parser.txt ]; then
+ echo "Parser produced warnings:"
+ cat parser.txt
+ exit 1
+ fi
+
+ restore-each: |
+ # Compute profile name from the name of the task.
+ echo "PROFILE_NAME=${PROFILE_NAME:=$(basename "$SPREAD_TASK")}"
+
+ "$SPREAD_PATH"/parser/apparmor_parser \
+ --base="$SPREAD_PATH"/profiles/apparmor.d \
+ --remove \
+ "$SPREAD_PATH"/profiles/apparmor.d/"$PROFILE_NAME"
+
+ # Restore auditd and old rate-limit.
+ if [ -f did-stop-auditd.txt ]; then
+ systemctl start auditd.service
+ rm -f did-stop-auditd.txt
+ fi
+ if [ -f old-ratelimit.txt ]; then
+ sysctl -w kernel.printk_ratelimit="$(cat old-ratelimit.txt)"
+ rm -f old-ratelimit.txt
+ fi
+
+ # Check if running the test resulted in any logged denials.
+ if dmesg | grep DENIED > denials.txt; then
+ if [ -z "${EXPECT_DENIALS:-}" ]; then
+ echo "Denials were emitted during the test."
+ cat denials.txt
+ exit 1
+ else
+ readarray -t regexes <<< $(printf "%b" "$EXPECT_DENIALS")
+ declare -a found_regex_array
+
+ # Check if all generated denials match the expected ones
+ while read denial; do
+ found=0
+ for i in "${!regexes[@]}"; do
+ if grep -E -q "${regexes[i]}" <<< "$denial"; then
+ found_regex_array[$i]=1
+ found=1
+ fi
+ done
+
+ if [ $found -eq 0 ]; then
+ echo "Unexpected denial: $denial"
+ exit 1
+ fi
+ done <denials.txt
+
+ # Check if all denials correspond to a regex
+ for i in "${!regexes[@]}"; do
+ if [ -z ${found_regex_array[$i]:-} ] ; then
+ echo "Exected denial ${regexes[i]} was not found"
+ exit 1
+ fi
+ done
+ fi
+ fi
+ debug-each: |
+ echo "PROGRAM_NAME=${PROGRAM_NAME:=$(basename "$SPREAD_TASK")}"
+ command -v "$PROGRAM_NAME"
+
+ utils/:
+ summary: Unit tests for the Python utilities.
+ prepare: |
+ # Generate apparmor profiles that the tests rely on.
+ make -C "$SPREAD_PATH"/parser/tst gen_xtrans gen_dbus
+ # Spread does not support programmatically generated test variants.
+ # Ensure that the list baked into utils/test/task.yaml contains all
+ # the files matching utils/test/test-*.py
+ fail=0
+ for V in $SPREAD_PATH/utils/test/test-*.py; do
+ Vdash="$(basename "$V" | sed -e 's,^test-,,' -e 's,\.py$,,')"
+ Vunder="$(basename "$V" | sed -e 's,^test-,,' -e 's,\.py$,,' -e 's,-,_,g')"
+ if ! grep -xF ' TEST/'"$Vunder"': '"$Vdash" "$SPREAD_PATH"/utils/test/task.yaml; then
+ echo "utils/test/task.yaml: missing test variant: TEST/$Vunder: $Vdash" >&2
+ fail=1
+ fi
+ done
+ if [ "$fail" -ne 0 ]; then
+ echo "exiting due to missing variants listed above" >&2
+ exit 1
+ fi
+ tests/unit/:
+ summary: Unit tests that do not exercise the kernel layer.
+ tests/regression/:
+ summary: Regression tests for parser-kernel interaction.
+ systems:
+ # AppArmor is not enabled in the kernel.
+ - -fedora-cloud-*
+ prepare: |
+ # Spread does not support programmatically generated test variants.
+ # Ensure that the list baked into tests/regression/apparmor/task.yaml
+ # contains all the tests defined in tests/regression/apparmor/Makefile.
+ echo '$(foreach t,$(TESTS),$(info TEST/$t))' | \
+ make -n -f "$SPREAD_PATH"/tests/regression/apparmor/Makefile -f /dev/stdin | \
+ grep -F TEST/ | \
+ cut -d / -f 2 | \
+ tee apparmor-regression-tests.txt
+ fail=0
+ while read -r V; do
+ if ! grep -xF ' TEST/'"$V"': 1' "$SPREAD_PATH"/tests/regression/apparmor/task.yaml; then
+ echo "tests/regression/task.yaml: missing test variant: TEST/$V" >&2
+ fail=1
+ fi
+ done <apparmor-regression-tests.txt
+ if [ "$fail" -ne 0 ]; then
+ echo "exiting due to missing variants listed above" >&2
+ exit 1
+ fi
+
+ # Build all the apparmor regression test programs.
+ make -C "$SPREAD_PATH"/tests/regression/apparmor -j"$(nproc)"
+ restore: |
+ rm -f apparmor-regression-tests.txt
+ tests/snapd/:
+ summary: Tests exercising a subset of behavior of snapd
+ systems:
+ # AppArmor is not enabled in the kernel.
+ - -fedora-cloud-*
diff --git a/tests/bin/actual-profile-of b/tests/bin/actual-profile-of
new file mode 100755
index 0000000000000000000000000000000000000000..4c717072c5e182a84de8fdee66071554b933dcdf
--- /dev/null
+++ b/tests/bin/actual-profile-of
@@ -0,0 +1,9 @@
+#!/bin/sh
+exec gdb \
+ --quiet \
+ --batch \
+ --eval-command='set breakpoint pending on' \
+ --eval-command='break _start' \
+ --eval-command='run' \
+ --eval-command='python import os; os.fdopen(3, "wt").write(open("/proc/{}/attr/current".format(gdb.selected_inferior().pid), "rt").read())' \
+ "$@" 3>/dev/stdout 1>/dev/null 2>/dev/null
diff --git a/tests/profiles/toybox/task.yaml b/tests/profiles/toybox/task.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..47b1003ce14ad69e6c82dc185dccc56f5d225fd0
--- /dev/null
+++ b/tests/profiles/toybox/task.yaml
@@ -0,0 +1,15 @@
+summary: smoke test for the toybox profile
+systems:
+ # Toybox is not packaged on openSUSE
+ - -opensuse-*
+ # Those fail with:
+ # Warning from profile toybox (/tmp/apparmor/profiles/apparmor.d/toybox): userns rules not enforced
+ # TODO: consider passing different options so that unavailable kernel features do not emit warnings.
+ - -debian-cloud-13
+ - -debian-cloud-12
+execute: |
+ # Toybox works (this is a very basic test).
+ test "$(toybox id -u)" -eq 0
+
+ # The profile is attached based on the program path.
+ "$SPREAD_PATH"/tests/bin/actual-profile-of toybox | MATCH 'toybox \(unconfined\)'
diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile
index 871afd57641bb3f7320c36a03f2bff4352e9ad83..0bf82645e107a38c6fcc211f293946c0b149e7f2 100644
--- a/tests/regression/apparmor/Makefile
+++ b/tests/regression/apparmor/Makefile
@@ -27,7 +27,7 @@ manually, or build against in-tree libapparmor.${nl}\
endif # LIBAPPARMOR not set
LDLIBS += $(LIBAPPARMOR)
- AA_EXEC = $(shell which aa-exec)
+ AA_EXEC = $(shell command -v aa-exec)
ifeq ($(AA_EXEC),)
AA_EXEC_ERROR_MESSAGE = $(error ${nl}\
************************************************************************${nl}\
@@ -67,6 +67,21 @@ system aa-exec by adding USE_SYSTEM=1 to your make command.${nl}\
LDLIBS += -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
endif # USE_SYSTEM
+# the test suite is run as root but many of the tests restrict root
+# capabilities like dac_override and dac_readsearch so the test
+# suite needs recursive other rx perms from / on all dirs not owned by
+# root
+DIRCHECK_MESSAGE = $(shell ./check_dac_perms.sh)
+ifneq ($(strip $(DIRCHECK_MESSAGE)),)
+ DIR_PERM_ERROR_MESSAGE = $(error ${nl}\
+************************************************************************${nl}\
+The regression test suite at times is run as root but with restricted${nl}\
+capabilities. In these situations it needs to be able to still access${nl}\
+the test suite files.${nl}\
+${DIRCHECK_MESSAGE}${nl}\
+************************************************************************${nl})
+endif
+
SYSCTL_INCLUDE="\#include <sys/sysctl.h>"
USE_SYSCTL:=$(shell echo $(SYSCTL_INCLUDE) | cpp -dM >/dev/null 2>/dev/null && echo true)
@@ -90,6 +105,7 @@ SRC=access.c \
chmod.c \
chown.c \
clone.c \
+ complain.c \
coredump.c \
deleted.c \
environ.c \
@@ -109,12 +125,17 @@ SRC=access.c \
mmap.c \
mkdir.c \
mount.c \
+ move_mount.c \
named_pipe.c \
+ net_inet_rcv.c \
+ net_inet_snd.c \
net_raw.c \
open.c \
openat.c \
pipe.c \
pivot_root.c \
+ posix_mq_rcv.c \
+ posix_mq_snd.c \
ptrace.c \
ptrace_helper.c \
pwrite.c \
@@ -135,6 +156,8 @@ SRC=access.c \
syscall_setdomainname.c \
syscall_setscheduler.c \
sysctl_proc.c \
+ sysv_mq_rcv.c \
+ sysv_mq_snd.c \
tcp.c \
transition.c \
unix_fd_client.c \
@@ -142,8 +165,9 @@ SRC=access.c \
unix_socket.c \
unix_socket_client.c \
unlink.c \
- xattrs.c \
- xattrs_profile.c
+ userns.c \
+ userns_setns.c \
+ xattrs.c
#only do the ioperm/iopl tests for x86 derived architectures
ifneq (,$(findstring $(shell uname -i),i386 i486 i586 i686 x86 x86_64))
@@ -156,6 +180,26 @@ ifeq ($(USE_SYSCTL),true)
SRC+=syscall_sysctl.c
endif
+# Only do xattrs_profile test if we have the required setfattr binary
+ifneq (,$(shell command -v setfattr))
+SRC+=xattrs_profile.c
+else
+$(warning ${nl}\
+************************************************************************${nl}\
+No setfattr skipping xattrs_profile tests ...${nl}\
+Install attr or equivalent package to build and run this test${nl}\
+************************************************************************${nl})
+endif
+
+# Only do overlayfs_fuse test if we have the required fuse-overlayfs binary
+ifeq (,$(shell command -v fuse-overlayfs))
+$(warning ${nl}\
+************************************************************************${nl}\
+No fuse-overlayfs skipping overlayfs_fuse tests ...${nl}\
+Install fuse-overlayfs or equivalent package to build and run this test${nl}\
+************************************************************************${nl})
+endif
+
#only do dbus if proper libs are installl
ifneq (,$(shell pkg-config --exists dbus-1 && echo TRUE))
SRC+=dbus_eavesdrop.c dbus_message.c dbus_service.c dbus_unrequested_reply.c
@@ -167,6 +211,17 @@ Install libdbus-1-dev or equivalent package to build and run these tests${nl}\
************************************************************************${nl})
endif
+#only do io_uring if proper lib is installed
+ifneq (,$(shell pkg-config --exists liburing && echo TRUE))
+SRC+=io_uring.c
+else
+$(warning ${nl}\
+************************************************************************${nl}\
+No liburing pkg-config skipping io_uring tests ...${nl}\
+Install liburing-dev or equivalent package to build and run this test${nl}\
+************************************************************************${nl})
+endif
+
TRANSITION_CFLAGS=
AA_POLICY_CACHE_CFLAGS=
ifdef USE_SYSTEM
@@ -212,13 +267,16 @@ TESTS=aa_exec \
changehat_misc \
chdir \
clone \
+ complain \
coredump \
deleted \
+ e2e \
environ \
exec \
exec_qual \
fchdir \
fd_inheritance \
+ file_unbindable_mount \
fork \
i18n \
link \
@@ -230,10 +288,12 @@ TESTS=aa_exec \
named_pipe \
namespaces \
net_raw \
+ overlayfs_kernel \
open \
openat \
pipe \
pivot_root \
+ posix_ipc \
ptrace \
pwrite \
query_label \
@@ -247,6 +307,7 @@ TESTS=aa_exec \
setattr \
symlink \
syscall \
+ sysv_ipc \
tcp \
unix_fd_server \
unix_socket_pathname \
@@ -254,15 +315,31 @@ TESTS=aa_exec \
unix_socket_unnamed \
unix_socket_autobind \
unlink\
+ userns\
xattrs\
- xattrs_profile\
- longpath
+ longpath \
+ nfs
+
+# Only do overlayfs_fuse test if we have the required fuse-overlayfs binary
+ifneq (,$(shell command -v fuse-overlayfs))
+TESTS+=overlayfs_fuse
+endif
+
+# Only do xattrs_profile test if we have the required setfattr binary
+ifneq (,$(shell command -v setfattr))
+TESTS+=xattrs_profile
+endif
#only do dbus if proper libs are installl
ifneq (,$(shell pkg-config --exists dbus-1 && echo TRUE))
TESTS+=dbus_eavesdrop dbus_message dbus_service dbus_unrequested_reply
endif
+#only do io_uring if proper lib is installed
+ifneq (,$(shell pkg-config --exists liburing && echo TRUE))
+TESTS+=io_uring
+endif
+
TESTS+=$(CONDITIONAL_TESTS)
# Tests that can crash the kernel should be placed here
@@ -274,6 +351,9 @@ libapparmor_check: ; $(LIBAPPARMOR_ERROR_MESSAGE)
aa_exec_check: ; $(AA_EXEC_ERROR_MESSAGE)
+dirperm_check: ; $(DIR_PERM_ERROR_MESSAGE)
+
+
all: libapparmor_check aa_exec_check $(EXEC) changehat.h uservars.inc
uservars.inc: uservars.inc.source uservars.inc.system
@@ -307,6 +387,12 @@ dbus_service: dbus_message dbus_service.c dbus_common.o
dbus_unrequested_reply: dbus_service dbus_unrequested_reply.c dbus_common.o
${CC} ${CFLAGS} ${LDFLAGS} $(filter-out dbus_service, $^) -o $@ ${LDLIBS} $(shell pkg-config --cflags --libs dbus-1)
+posix_mq_rcv: posix_mq_rcv.c
+ ${CC} ${CFLAGS} ${LDFLAGS} $< -o $@ ${LDLIBS} -lrt
+
+posix_mq_snd: posix_mq_snd.c
+ ${CC} ${CFLAGS} ${LDFLAGS} $< -o $@ ${LDLIBS} -lrt
+
transition: transition.c
${CC} ${CFLAGS} ${TRANSITION_CFLAGS} ${LDFLAGS} $< -o $@ ${LDLIBS}
@@ -328,9 +414,18 @@ unix_fd_client: unix_fd_client.c unix_fd_common.o
attach_disconnected: attach_disconnected.c unix_fd_common.o
${CC} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
+userns: userns.c pipe_helper.h
+ ${CC} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
+
+userns_setns: userns_setns.c pipe_helper.h
+ ${CC} ${CFLAGS} ${LDFLAGS} $^ -o $@ ${LDLIBS}
+
mount: mount.c
${CC} ${CFLAGS} -std=gnu99 ${LDFLAGS} $^ -o $@ ${LDLIBS}
+io_uring: io_uring.c
+ ${CC} ${CFLAGS} ${LDFLAGS} $< -o $@ ${LDLIBS} -luring
+
build-dep:
@if [ `whoami` = "root" ] ;\
then \
@@ -352,29 +447,16 @@ build-dep:
exit 1;\
fi
-tests: all
- @if [ `whoami` = "root" ] ;\
- then \
- rc=0; \
- for i in $(TESTS) ;\
- do \
- echo ;\
- echo "running $$i" ;\
- bash $$i.sh ;\
- if [ $$? -ne 0 ] ; then \
- rc=1;\
- fi;\
- done ;\
- exit $$rc;\
- else \
- echo "must be root to run tests" ;\
- exit 1;\
- fi
+# RISKY_TESTS may crash the kernel, so clear it for the normal test target
+tests: RISKY_TESTS=
+tests: alltests
-alltests: all
+alltests: all dirperm_check check_dac_perms.sh
@if [ `whoami` = "root" ] ;\
then \
rc=0; \
+ pass="PASSED:";\
+ fail="FAILED:";\
for i in $(TESTS) $(RISKY_TESTS) ;\
do \
echo ;\
@@ -382,8 +464,14 @@ alltests: all
bash $$i.sh ;\
if [ $$? -ne 0 ] ; then \
rc=1;\
+ fail="$$fail $$i";\
+ else\
+ pass="$$pass $$i";\
fi;\
done ;\
+ echo ;\
+ echo "$$pass";\
+ echo "$$fail";\
exit $$rc;\
else \
echo "must be root to run tests" ;\
diff --git a/tests/regression/apparmor/aa_exec.sh b/tests/regression/apparmor/aa_exec.sh
index daaefee9b8e7062a9613b163ac5ccb6c08ac28f6..b65f357f518a9855513e3ce6bd9ef8f18e3744b3 100755
--- a/tests/regression/apparmor/aa_exec.sh
+++ b/tests/regression/apparmor/aa_exec.sh
@@ -19,7 +19,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
ns=aa_exec_ns
@@ -31,18 +31,19 @@ genprofile_aa_exec()
mode="(complain) "
fi
fi
- genprofile --stdin <<EOF
+ genprofile image=$1 --stdin <<EOF
$1 ${mode}{
file,
}
-
+EOF
+ genprofile --append image=:${ns}:${1} --stdin <<EOF
:${ns}:${1} ${mode}{
file,
}
EOF
}
-settest aa_exec_profile ${bin}/aa_exec_wrapper.sh
+settest aa_exec_profile "${bin}/aa_exec_wrapper.sh"
genprofile_aa_exec "$test" 0
runchecktest "unconfined" pass "$aa_exec" "unconfined"
@@ -79,3 +80,17 @@ runchecktest "complain (--namespace=${ns})" pass "$aa_exec -n $ns -p $test" "$te
genprofile_aa_exec "$test" 0
runchecktest "negative test: bad ns (--namespace=${ns}XXX)" fail "$aa_exec -n ${ns}XXX -p $test" "$test (enforce)"
+
+if [ "$(parser_supports 'all,')" = "true" ]; then
+ genprofile image=$test --stdin <<EOF
+$test {
+ all,
+}
+EOF
+ genprofile --append image=:${ns}:${test} --stdin <<EOF
+:${ns}:${test} {
+ all,
+}
+EOF
+ runchecktest "allow all" pass "$aa_exec -p $test" "$test (enforce)"
+fi
diff --git a/tests/regression/apparmor/aa_policy_cache.sh b/tests/regression/apparmor/aa_policy_cache.sh
index 1bac452e62c7adad396394a40b3f9961ce17bd0c..72c9760ffb3db631e7ebef4225225a5e17edaafc 100755
--- a/tests/regression/apparmor/aa_policy_cache.sh
+++ b/tests/regression/apparmor/aa_policy_cache.sh
@@ -16,7 +16,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
# cacheloc is the top level directory of cache directories
cacheloc="$tmpdir/cache"
diff --git a/tests/regression/apparmor/access.sh b/tests/regression/apparmor/access.sh
index 6b0c9675c5d2f9e51d69efc05f6a0ea5fa71b0d8..56252f6b4ee8dd9fe2b72fa679f44cac0c9480c6 100644
--- a/tests/regression/apparmor/access.sh
+++ b/tests/regression/apparmor/access.sh
@@ -16,7 +16,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file=$tmpdir/file
@@ -28,7 +28,14 @@ wxperm=wix
touch $file
chmod 777 $file # full perms so discretionary access checks succeed
-# PASS TEST
+# PASS TEST
+if [ "$(parser_supports 'all,')" = "true" ]; then
+ genprofile "all"
+ runchecktest "ACCESS allow all r (rwx)" pass $file r
+ runchecktest "ACCESS allow all rx (rwx)" pass $file rx
+ runchecktest "ACCESS allow all rwx (rwx)" pass $file rwx
+fi
+
genprofile $file:$rwxperm
runchecktest "ACCESS file r (rwx)" pass $file r
runchecktest "ACCESS file rx (rwx)" pass $file rx
diff --git a/tests/regression/apparmor/at_secure.sh b/tests/regression/apparmor/at_secure.sh
index 452114e8cd56ebeb91241959fa39506512d949b2..7a05983eb851fa03e524c5c132b87b831b9ead52 100755
--- a/tests/regression/apparmor/at_secure.sh
+++ b/tests/regression/apparmor/at_secure.sh
@@ -16,7 +16,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
settest transition
at_secure=$pwd/at_secure
diff --git a/tests/regression/apparmor/attach_disconnected.sh b/tests/regression/apparmor/attach_disconnected.sh
index be0977c0af12f6d23bf9797d55d10a509a670481..74a1a213cb6eeded47c2145325cf24cdeb115bee 100644
--- a/tests/regression/apparmor/attach_disconnected.sh
+++ b/tests/regression/apparmor/attach_disconnected.sh
@@ -17,18 +17,19 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
settest unix_fd_server
disk_img=$tmpdir/disk_img
new_root=$tmpdir/new_root/
put_old=${new_root}put_old/
-root_was_shared="no"
fstype="ext2"
file=$tmpdir/file
socket=$tmpdir/unix_fd_test
att_dis_client=$pwd/attach_disconnected
+. "$bin/mount.inc"
+
attach_disconnected_cleanup() {
if [ ! -z "$loop_device" ]; then
losetup -d $loop_device
@@ -39,10 +40,7 @@ attach_disconnected_cleanup() {
umount "$new_root"
fi
- if [ "$root_was_shared" = "yes" ] ; then
- [ -n "$VERBOSE" ] && echo 'notice: re-mounting / as shared'
- mount --make-shared /
- fi
+ prop_cleanup
}
do_onexit="attach_disconnected_cleanup"
@@ -50,24 +48,6 @@ if [ ! -b /dev/loop0 ] ; then
modprobe loop
fi
-# systemd mounts / and everything under it MS_SHARED. This breaks
-# pivot_root entirely, so attempt to detect it, and remount /
-# MS_PRIVATE temporarily.
-FINDMNT=/bin/findmnt
-if [ -x "${FINDMNT}" ] && ${FINDMNT} -no PROPAGATION / > /dev/null 2>&1 ; then
- if [ "$(${FINDMNT} -no PROPAGATION /)" = "shared" ] ; then
- root_was_shared="yes"
- fi
-elif [ "$(ps hp1 -ocomm)" = "systemd" ] ; then
- # no findmnt or findmnt doesn't know the PROPAGATION column,
- # but init is systemd so assume rootfs is shared
- root_was_shared="yes"
-fi
-if [ "${root_was_shared}" = "yes" ] ; then
- [ -n "$VERBOSE" ] && echo 'notice: re-mounting / as private'
- mount --make-private /
-fi
-
dd if=/dev/zero of="$disk_img" bs=1024 count=512 2> /dev/null
/sbin/mkfs -t "$fstype" -F "$disk_img" > /dev/null 2> /dev/null
# mounting will be done by the test binary
@@ -96,22 +76,42 @@ do_test()
# Needed for clone(CLONE_NEWNS) and pivot_root()
cap=capability:sys_admin
-file_perm="$file:rw /put_old/$file:rw"
+file_perm="$file:rw $put_old/$file:rw"
+socket_perm="$socket:rw $put_old/$socket:rw"
create_dir="$new_root:w $put_old:w"
# Ensure everything works as expected when unconfined
do_test "attach_disconnected" pass $file $att_dis_client $socket $loop_device $new_root $put_old
-genprofile $file_perm unix:create $socket:rw $att_dis_client:px -- image=$att_dis_client $file_perm unix:create $socket:rw $create_dir $cap "pivot_root:ALL" "mount:ALL" flag:attach_disconnected
+# TODO: adding attach_disconnected.path to a replaced unconfined
+
+# ALLOW ALL does not include attach_disconnected
+if [ "$(parser_supports 'all,')" = "true" ]; then
+ genprofile "all" flag:attach_disconnected -- image=$att_dis_client "all"
+ do_test "attach_disconnected allow all" pass $file $att_dis_client $socket $loop_device $new_root $put_old
+
+ genprofile "all" -- image=$att_dis_client "all"
+ do_test "attach_disconnected allow all no flag" fail $file $att_dis_client $socket $loop_device $new_root $put_old
+fi
+
+genprofile $file_perm unix:create $socket_perm $att_dis_client:px -- image=$att_dis_client $file_perm unix:create $socket_perm $create_dir $cap "pivot_root:ALL" "mount:ALL" flag:attach_disconnected
do_test "attach_disconnected" pass $file $att_dis_client $socket $loop_device $new_root $put_old
-genprofile $file_perm unix:create $socket:rw $att_dis_client:px -- image=$att_dis_client $file_perm unix:create $socket:rw $create_dir $cap "pivot_root:ALL" "mount:ALL" flag:no_attach_disconnected
+genprofile $file_perm unix:create $socket_perm $att_dis_client:px -- image=$att_dis_client $file_perm unix:create $socket_perm $create_dir $cap "pivot_root:ALL" "mount:ALL" flag:attach_disconnected.path=/foo/
+
+do_test "attach_disconnected.path rule at /" fail $file $att_dis_client $socket $loop_device $new_root $put_old
+
+genprofile $file_perm unix:create $socket_perm $att_dis_client:px -- image=$att_dis_client $file_perm unix:create $socket_perm $create_dir $cap "pivot_root:ALL" "mount:ALL" flag:attach_disconnected.path=$put_old
+
+do_test "attach_disconnected.path" pass $file $att_dis_client $socket $loop_device $new_root $put_old
+
+genprofile $file_perm unix:create $socket_perm $att_dis_client:px -- image=$att_dis_client $file_perm unix:create $socket_perm $create_dir $cap "pivot_root:ALL" "mount:ALL" flag:no_attach_disconnected
do_test "no_attach_disconnected" fail $file $att_dis_client $socket $loop_device $new_root $put_old
# Ensure default is no_attach_disconnected - no flags set
-genprofile $file_perm unix:create $socket:rw $att_dis_client:px -- image=$att_dis_client $file_perm unix:create $socket:rw $create_dir $cap "pivot_root:ALL" "mount:ALL"
+genprofile $file_perm unix:create $socket_perm $att_dis_client:px -- image=$att_dis_client $file_perm unix:create $socket_perm $create_dir $cap "pivot_root:ALL" "mount:ALL"
do_test "no_attach_disconnected" fail $file $att_dis_client $socket $loop_device $new_root $put_old
diff --git a/tests/regression/apparmor/capabilities.sh b/tests/regression/apparmor/capabilities.sh
index 446a283728b6566ca8948818c097bfca28c00bfb..c3ff7d61cfed5e0b1c81df6a45da3d67abf9e61c 100755
--- a/tests/regression/apparmor/capabilities.sh
+++ b/tests/regression/apparmor/capabilities.sh
@@ -27,7 +27,7 @@ pwd=`dirname $0`
pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
TESTS="syscall_ptrace syscall_sethostname \
syscall_setdomainname syscall_setpriority syscall_setscheduler \
@@ -139,18 +139,18 @@ for TEST in ${TESTS} ; do
# okay, now check to see if the capability functions from within
# a subprofile.
settest ${testwrapper}
- genprofile hat:$bin/${TEST} addimage:${bin}/${TEST} ${my_entries}
+ genprofile "hat:$bin/${TEST}" "addimage:${bin}/${TEST}" ${my_entries}
if [ "${TEST}" = "syscall_ptrace" -a "$(kernel_features ptrace)" = "true" ] ; then
# ptrace between profiles confining tasks of same pid is controlled by the ptrace rule
# capability + ptrace rule needed between pids
- runchecktest "${TEST} changehat -- no caps" pass $bin/${TEST} ${my_arg}
+ runchecktest "${TEST} changehat -- no caps" pass "$bin/${TEST}" ${my_arg}
else
- runchecktest "${TEST} changehat -- no caps" fail $bin/${TEST} ${my_arg}
+ runchecktest "${TEST} changehat -- no caps" fail "$bin/${TEST}" ${my_arg}
fi
# all capabilities allowed
- genprofile hat:$bin/${TEST} addimage:${bin}/${TEST} cap:ALL ${my_entries}
- runchecktest "${TEST} changehat -- all caps" ${expected} $bin/${TEST} ${my_arg}
+ genprofile "hat:$bin/${TEST}" "addimage:${bin}/${TEST}" cap:ALL ${my_entries}
+ runchecktest "${TEST} changehat -- all caps" ${expected} "$bin/${TEST}" ${my_arg}
for cap in ${CAPABILITIES} ; do
if [ ${expected} = "fail" ]; then
@@ -162,8 +162,8 @@ for TEST in ${TESTS} ; do
else
expected_result=fail
fi
- genprofile hat:$bin/${TEST} addimage:${bin}/${TEST} cap:${cap} ${my_entries}
- runchecktest "${TEST} changehat -- capability ${cap}" ${expected_result} $bin/${TEST} ${my_arg}
+ genprofile "hat:$bin/${TEST}" "addimage:${bin}/${TEST}" cap:${cap} ${my_entries}
+ runchecktest "${TEST} changehat -- capability ${cap}" ${expected_result} "$bin/${TEST}" ${my_arg}
done
done
diff --git a/tests/regression/apparmor/changehat.sh b/tests/regression/apparmor/changehat.sh
index 64f74eb400d48171a7b0b3dc9af3614785a19f1a..53a4aab09e18298299f18df1f5d82c0fe98d026b 100755
--- a/tests/regression/apparmor/changehat.sh
+++ b/tests/regression/apparmor/changehat.sh
@@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file=$tmpdir/file
subfile=$tmpdir/file2
diff --git a/tests/regression/apparmor/changehat_fork.sh b/tests/regression/apparmor/changehat_fork.sh
index ecf0151de79faa9c3fd68470036b563cc55ba85f..240e856437d0ace3001d5d50ced9eaaaca3f9a3a 100755
--- a/tests/regression/apparmor/changehat_fork.sh
+++ b/tests/regression/apparmor/changehat_fork.sh
@@ -16,7 +16,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file=$tmpdir/file
subfile=$tmpdir/file2
diff --git a/tests/regression/apparmor/changehat_misc.sh b/tests/regression/apparmor/changehat_misc.sh
index d6876a1dcd3d7eaec26ca55b30f2a249b54159be..5ccba2794f76269c21f878036c8ade47e76d7fbf 100755
--- a/tests/regression/apparmor/changehat_misc.sh
+++ b/tests/regression/apparmor/changehat_misc.sh
@@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file=$tmpdir/file
subfile=$tmpdir/file2
@@ -77,7 +77,7 @@ runchecktest "CHANGEHAT (bad token)" signal9 ${subtest}
settest changehat_wrapper
-genprofile hat:open addimage:${bin}/open ${file}:${okperm}
+genprofile hat:open "addimage:${bin}/open" ${file}:${okperm}
runchecktest "CHANGEHAT (noexit subprofile (token=0))" pass --token=0 open ${file}
runchecktest "CHANGEHAT (exit noexit subprofile (token=0))" fail --token=0 --exit_hat open ${file}
diff --git a/tests/regression/apparmor/changeprofile.sh b/tests/regression/apparmor/changeprofile.sh
index 2c57e210f49e179b1d930d23754606a9a43da716..31786cccdb8be0298155289d803c4fcad2ecd404 100755
--- a/tests/regression/apparmor/changeprofile.sh
+++ b/tests/regression/apparmor/changeprofile.sh
@@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file=$tmpdir/file
subfile=$tmpdir/file2
@@ -80,8 +80,10 @@ runchecktest_errno EACCES "CHANGEPROFILE_RE (nochange access subfile)" fail noch
runchecktest_errno EACCES "CHANGEPROFILE_RE (access file)" fail $fqsubtest $file
runchecktest "CHANGEPROFILE_RE (access sub file)" pass $fqsubtest $subfile
-genprofile --stdin <<EOF
+genprofile image=$test --stdin <<EOF
$test { file, change_profile -> ${nstest}, }
+EOF
+genprofile --append image=$nstest --stdin <<EOF
$nstest { $subfile ${okperm}, }
EOF
expected_result=pass
@@ -103,8 +105,10 @@ else
runchecktest "CHANGEPROFILE_STACK (access file)" fail "&$othertest" $file
runchecktest "CHANGEPROFILE_STACK (access stack file)" pass "&$othertest" $stackfile
- genprofile --stdin <<EOF
+ genprofile image=$test --stdin <<EOF
$test { file, audit deny $subfile $okperm, $stackfile $okperm, change_profile -> &${nstest}, }
+EOF
+ genprofile --append image=$nstest --stdin <<EOF
$nstest { $subfile $okperm, $stackfile $okperm, }
EOF
runchecktest "CHANGEPROFILE_NS_STACK (nochange access file)" pass nochange $file
diff --git a/tests/regression/apparmor/chdir.sh b/tests/regression/apparmor/chdir.sh
index 63ae62f45b49fccc658cbbbd87164280c6203799..96d799b2f35dfede7ce0b0188c1a229db64542d8 100755
--- a/tests/regression/apparmor/chdir.sh
+++ b/tests/regression/apparmor/chdir.sh
@@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
dir=$tmpdir/tmpdir
diff --git a/tests/regression/apparmor/check_dac_perms.sh b/tests/regression/apparmor/check_dac_perms.sh
new file mode 100755
index 0000000000000000000000000000000000000000..bcb2e811a74f7cbbb338ef66232d754dfea7b0e8
--- /dev/null
+++ b/tests/regression/apparmor/check_dac_perms.sh
@@ -0,0 +1,29 @@
+#! /bin/bash
+
+# simple test to check DAC permissions in the directory hierarchy so that
+# we know whether the testsuite can be run.
+#
+# TODO:
+# 1. add user parameter to do the check for a specific user/group
+# currently we just use other, but it could be finer grained.
+# and opening up dir hierarchy to everyone to just run the
+# test suite is bad form.
+# 2. check that built tests can be run by a given user not just
+# the dir hierarchy
+#
+
+check_dac_perm()
+{
+ if [ "$1" != "/" ] ; then
+ local d=$(dirname "$1")
+ check_dac_perm "$d"
+ fi
+
+ # don't check first char is "d" as it could be a symlink
+ if ! stat -c "%A" "$1" | grep -q '^.r.x...r.[xt]' ; then
+ echo "Missing o+rx permissions on '$1'"
+ exit 1
+ fi
+}
+
+check_dac_perm "$(pwd)"
diff --git a/tests/regression/apparmor/clone.sh b/tests/regression/apparmor/clone.sh
index feec8a1547dfeac95222f9d6391ff1eb06342708..411e9e0ce71ba376c7a350be7fc72a475f4266a9 100644
--- a/tests/regression/apparmor/clone.sh
+++ b/tests/regression/apparmor/clone.sh
@@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
# TEST1 unconfined
diff --git a/tests/regression/apparmor/complain.c b/tests/regression/apparmor/complain.c
new file mode 100644
index 0000000000000000000000000000000000000000..0709162078aa0b43ee0b1dfb283e9500bae600e9
--- /dev/null
+++ b/tests/regression/apparmor/complain.c
@@ -0,0 +1,94 @@
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <sys/stat.h>
+#include <sys/xattr.h>
+
+void print_usage() {
+ fprintf(stderr, "Usage: ./complain (operation) [args]\n");
+}
+
+int main(int argc, char **argv) {
+ if (argc < 3) {
+ print_usage();
+ return 1;
+ }
+ if (strcmp(argv[1], "read") == 0) {
+ FILE *file = fopen(argv[2], "r");
+ if (file == NULL) {
+ perror("FAIL: Could not open file");
+ return 2;
+ }
+ long file_len = ftell(file);
+ if (file_len == -1) {
+ perror("FAIL: Could not get file len");
+ fclose(file);
+ return 1;
+ }
+ unsigned char* discard_read_buf[8];
+ fread(discard_read_buf, 8, 1, file);
+ if (ferror(file)) {
+ perror("FAIL: Could not perform file read");
+ fclose(file);
+ return 1;
+ }
+ fclose(file);
+ } else if (strcmp(argv[1], "write") == 0) {
+ FILE *file = fopen(argv[2], "w");
+ if (file == NULL) {
+ perror("FAIL: Could not open file");
+ return 2;
+ }
+ long file_len = ftell(file);
+ if (file_len == -1) {
+ perror("FAIL: Could not get file len");
+ fclose(file);
+ return 1;
+ }
+ const char* write_buf = "pahoehoe";
+ fwrite(write_buf, 9, 1, file);
+ if (ferror(file)) {
+ perror("FAIL: Could not perform file write");
+ fclose(file);
+ return 1;
+ }
+ fclose(file);
+ } else if (strcmp(argv[1], "exec") == 0) {
+ execvp(argv[2], &argv[2]);
+ // execvp failed
+ fprintf(stderr, "FAIL: execvp of %s failed\n", argv[1]);
+ return 1;
+ } else if (strcmp(argv[1], "stat") == 0) {
+ struct stat unused;
+ if (stat(argv[2], &unused) == -1) {
+ perror("FAIL: Could not perform file stat");
+ return 1;
+ }
+ } else if (strcmp(argv[1], "xattr") == 0) {
+ // Only query the size-that should be enough to exercise the syscall
+ if (listxattr(argv[2], NULL, 0) < 0) {
+ perror("FAIL: Could not get file xattrs");
+ return 1;
+ }
+ } else if (strcmp(argv[1], "rename") == 0) {
+ if (argc < 4) {
+ fprintf(stderr, "Error: rename operation needs two arguments\n");
+ return 1;
+ }
+ if (rename(argv[2], argv[3]) == -1) {
+ perror("FAIL: Could not perform file rename");
+ return 1;
+ }
+ } else if (strcmp(argv[1], "unlink") == 0) {
+ if (unlink(argv[2]) == -1) {
+ perror("FAIL: Could not perform file removal");
+ return 1;
+ }
+ } else {
+ print_usage();
+ return 1;
+ }
+ fprintf(stderr, "PASS\n");
+ return 0;
+}
\ No newline at end of file
diff --git a/tests/regression/apparmor/complain.sh b/tests/regression/apparmor/complain.sh
new file mode 100644
index 0000000000000000000000000000000000000000..6b9b137d620bdee69bc2dc7399597742ae191a11
--- /dev/null
+++ b/tests/regression/apparmor/complain.sh
@@ -0,0 +1,33 @@
+#! /bin/bash
+# Copyright (C) 2024 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation, version 2 of the
+# License.
+
+#=NAME complain
+#=DESCRIPTION
+# Verifies that complain-mode profiles work as expected and do not block
+# operations disallowed by policy
+#=END
+
+pwd=`dirname $0`
+pwd=`cd $pwd ; /bin/pwd`
+
+bin=$pwd
+
+. "$bin/prologue.inc"
+
+tmpfile=$tmpdir/file
+
+touch $tmpfile
+
+genprofile -C
+runchecktest "Complain mode profile (file read)" pass read $tmpfile
+runchecktest "Complain mode profile (file exec no permission entry)" pass exec echo PASS
+
+# This test will fail on a kernel that doesn't have
+# https://lists.ubuntu.com/archives/apparmor/2024-August/013338.html applied
+genprofile -C $(command -v echo):cx
+runchecktest "Complain mode profile (file exec cx permission entry)" pass exec echo PASS
diff --git a/tests/regression/apparmor/coredump.sh b/tests/regression/apparmor/coredump.sh
index acfd89c990ea4b124e0f16231d96f97d32561d69..a8e22e0c25c54ecb949f68505ce7acb724e50aa8 100644
--- a/tests/regression/apparmor/coredump.sh
+++ b/tests/regression/apparmor/coredump.sh
@@ -63,7 +63,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
coreperm=r
nocoreperm=ix
diff --git a/tests/regression/apparmor/dbus.inc b/tests/regression/apparmor/dbus.inc
index d30113235fde1582c44d2d25bde379f157fa1174..72e2090d5ec30ff59874a16828949981a61c7d94 100755
--- a/tests/regression/apparmor/dbus.inc
+++ b/tests/regression/apparmor/dbus.inc
@@ -9,7 +9,7 @@
gendbusprofile()
{
- genprofile --stdin <<EOF
+ genprofile image=$test --stdin <<EOF
${__dbus_var_decl}
$test {
@{gen $test}
diff --git a/tests/regression/apparmor/dbus_eavesdrop.sh b/tests/regression/apparmor/dbus_eavesdrop.sh
index 32746a9b1161e6c6c9dca102fb7549f8b27930cf..2022667fb2288b37a976ef85ce4190562aa863a0 100755
--- a/tests/regression/apparmor/dbus_eavesdrop.sh
+++ b/tests/regression/apparmor/dbus_eavesdrop.sh
@@ -17,10 +17,10 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
requires_kernel_features dbus
requires_parser_support "dbus,"
-. $bin/dbus.inc
+. "$bin/dbus.inc"
args="--session"
@@ -45,6 +45,11 @@ run_tests()
# Make sure we're okay when confined with appropriate permissions
+ if [ "$(parser_supports 'all,')" = "true" ]; then
+ gendbusprofile "all,"
+ runchecktest "eavesdrop (allow all)" pass $args
+ fi
+
gendbusprofile "dbus,"
runchecktest "eavesdrop (dbus allowed)" pass $args
diff --git a/tests/regression/apparmor/dbus_message.sh b/tests/regression/apparmor/dbus_message.sh
index 14bd1e5228fcafcf309bd48abbc4ae5f1059625d..dda03cc23f268f83120798846eb7059e5bec3fe4 100755
--- a/tests/regression/apparmor/dbus_message.sh
+++ b/tests/regression/apparmor/dbus_message.sh
@@ -17,10 +17,10 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
requires_kernel_features dbus
requires_parser_support "dbus,"
-. $bin/dbus.inc
+. "$bin/dbus.inc"
listnames="--type=method_call --session --name=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.ListNames"
@@ -60,6 +60,12 @@ run_tests()
# Make sure send is allowed when confined with appropriate permissions
+ if [ "$(parser_supports 'all,')" = "true" ]; then
+ message_gendbusprofile "all,"
+ runtestfg "message (allow all)" pass $confined_args
+ checktestfg "compare_logs $unconfined_log eq $confined_log"
+ fi
+
message_gendbusprofile "dbus,"
runtestfg "message (dbus allowed)" pass $confined_args
checktestfg "compare_logs $unconfined_log eq $confined_log"
diff --git a/tests/regression/apparmor/dbus_service.sh b/tests/regression/apparmor/dbus_service.sh
index 10b61484ab30668fc34bb3545ce6c06467f5357f..d44965af468041896c2a8c2e18f95f89f4330bee 100755
--- a/tests/regression/apparmor/dbus_service.sh
+++ b/tests/regression/apparmor/dbus_service.sh
@@ -16,10 +16,10 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
requires_kernel_features dbus
requires_parser_support "dbus,"
-. $bin/dbus.inc
+. "$bin/dbus.inc"
service="--$bus --name=$dest $path $iface"
unconfined_log="${tmpdir}/unconfined.log"
@@ -92,6 +92,14 @@ run_tests()
# Make sure we're okay when confined with appropriate permissions
+ if [ "$(parser_supports 'all,')" = "true" ]; then
+ service_gendbusprofile "all,"
+ service_runtestbg "service (allow all)" pass $unconfined_log
+ sendmethod
+ sendsignal
+ service_checktestbg "compare_logs $unconfined_log eq $confined_log"
+ fi
+
service_gendbusprofile "dbus,"
service_runtestbg "service (dbus allowed)" pass $unconfined_log
sendmethod
diff --git a/tests/regression/apparmor/dbus_unrequested_reply.sh b/tests/regression/apparmor/dbus_unrequested_reply.sh
index 626554f3d280550a2416bd5098c2133fe0fd590d..3b926065356ae6c5ad247a24f3d966ef915d647f 100644
--- a/tests/regression/apparmor/dbus_unrequested_reply.sh
+++ b/tests/regression/apparmor/dbus_unrequested_reply.sh
@@ -16,10 +16,10 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
requires_kernel_features dbus
requires_parser_support "dbus,"
-. $bin/dbus.inc
+. "$bin/dbus.inc"
service="--$bus --name=$dest $path $iface"
unconfined_log="${tmpdir}/unconfined.log"
@@ -80,6 +80,14 @@ run_tests()
sendmethodreturn
ur_checktestbg
+ if [ "$(parser_supports 'all,')" = "true" ]; then
+ # All perms are granted so the logs should be equal
+ ur_gendbusprofile "all,"
+ ur_runtestbg "unrequested_reply (method_return, dbus allowed)" pass $confined_log
+ sendmethodreturn
+ ur_checktestbg "compare_logs $unconfined_log eq $confined_log"
+ fi
+
# All dbus perms are granted so the logs should be equal
ur_gendbusprofile "dbus,"
ur_runtestbg "unrequested_reply (method_return, dbus allowed)" pass $confined_log
diff --git a/tests/regression/apparmor/deleted.sh b/tests/regression/apparmor/deleted.sh
index 01bb035a2f4124fa31007b913083808b4d870641..cef2c3950824523e1b9bda47ae15aae801ae9b91 100755
--- a/tests/regression/apparmor/deleted.sh
+++ b/tests/regression/apparmor/deleted.sh
@@ -20,7 +20,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file=$tmpdir/file
file2="$tmpdir/file (deleted)"
diff --git a/tests/regression/apparmor/e2e.sh b/tests/regression/apparmor/e2e.sh
new file mode 100755
index 0000000000000000000000000000000000000000..911ec992884cecfd29be377382997c4e4b333a2b
--- /dev/null
+++ b/tests/regression/apparmor/e2e.sh
@@ -0,0 +1,60 @@
+#! /bin/bash
+# Copyright (C) 2022 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation, version 2 of the
+# License.
+
+#=NAME e2e
+#=DESCRIPTION
+# Verifies basic parser functionality.
+#=END
+
+pwd=`dirname $0`
+pwd=`cd $pwd ; /bin/pwd`
+
+bin=$pwd
+
+. "$bin/prologue.inc"
+
+# load_and_verify - Generate and load a profile, then verify that raw_data
+# matches the generated cached policy
+# $1: A description of this test
+load_and_verify() {
+ local desc=$1
+ local prof="dummy_test"
+ local cache_dir=$(${subdomain} --print-cache-dir)
+ local cache_md5
+ local kernel_md5
+
+ # Since we're not testing any binary, force test global var to our dummy profile
+ test="$prof"
+
+ # Write to cache
+ parser_args="${parser_config} -q -W"
+
+ echo "profile $prof {}" | genprofile image=$prof --stdin
+
+ cache_md5=$(cat $cache_dir/profile | md5sum | awk '{ print $1 }')
+
+ local matching=0
+ for binary_policy in /sys/kernel/security/apparmor/policy/profiles/$prof*/raw_data; do
+ kernel_md5=$(cat $binary_policy | md5sum | awk '{ print $1 }')
+ if [ $kernel_md5 = $cache_md5 ]; then
+ matching=1
+ break
+ fi
+ done
+
+ if [ $matching -eq 0 ]; then
+ echo "Error: ${testname}, ${desc} failed. raw_data profile doesn't match the generated cached one"
+ testfailed
+ elif [ -n "$VERBOSE" ]; then
+ echo "ok: ${desc}"
+ fi
+
+ removeprofile
+}
+
+load_and_verify "E2E load profile and read from kernel"
diff --git a/tests/regression/apparmor/environ.sh b/tests/regression/apparmor/environ.sh
index 60ae16536205f772cb10bc5759c22e13f55c7523..fe6f4905335313c25fbc047835325da0fb0769c2 100644
--- a/tests/regression/apparmor/environ.sh
+++ b/tests/regression/apparmor/environ.sh
@@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
helper=$pwd/env_check
setuid_helper=${tmpdir}/env_check
@@ -85,6 +85,32 @@ runchecktest "ENVIRON (shell script): confined/complain & sensitive env" pass ${
# TEST environment filtering still works on setuid apps
removeprofile
+tmpfs_dir=${tmpdir}/tmpfs_dir
+remove_mnt() {
+ mountpoint -q "$tmpfs_dir"
+ if [ $? -eq 0 ] ; then
+ umount "$tmpfs_dir"
+ fi
+}
+do_onexit="remove_mnt"
+
+# setuid apps mounted in a fs with "nosuid" option do not honor those
+# bits during execution, so run the test in a mounted tmpdir without nosuid
+FINDMNT=/bin/findmnt
+if [ -x "${FINDMNT}" ] && ${FINDMNT} -no TARGET,OPTIONS -T $tmpdir > /dev/null 2>&1 ; then
+ output="$(${FINDMNT} -no TARGET,OPTIONS -T $tmpdir)"
+ target="$(echo $output | cut -d' ' -f1)"
+ options="$(echo $output | cut -d' ' -f2)"
+ case "$options" in
+ *nosuid* )
+ echo " $target is mounted with nosuid, creating a new mountpoint..."
+ setuid_helper=${tmpfs_dir}/env_check
+ mkdir ${tmpfs_dir}
+ mount -t tmpfs tmpfs ${tmpfs_dir}
+ ;;
+ esac
+fi
+
cp $helper ${setuid_helper}
chown nobody ${setuid_helper}
chmod u+s ${setuid_helper}
diff --git a/tests/regression/apparmor/epilogue.inc b/tests/regression/apparmor/epilogue.inc
index 345c5497fa6e17703249e0f71e0b64880452db3d..b30ba4542b4fcaf2a879f6418cc0eec789147eed 100755
--- a/tests/regression/apparmor/epilogue.inc
+++ b/tests/regression/apparmor/epilogue.inc
@@ -15,6 +15,11 @@ else
rm -rf $tmpdir
fi
+# Remove temporary users that were created
+for testuser in $testusers; do
+ deluser $testuser >/dev/null
+done
+
if [ -n "$_fatal" ] ; then
exit 127
else
diff --git a/tests/regression/apparmor/exec.sh b/tests/regression/apparmor/exec.sh
index 07a80090c1e62f0640ae687ae070e1af4eae252f..366baa80cbb5b2659e63a576105328e416299e1e 100755
--- a/tests/regression/apparmor/exec.sh
+++ b/tests/regression/apparmor/exec.sh
@@ -14,9 +14,10 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
-file=/bin/true
+cp -pL /bin/true ${tmpdir}/true
+file=${tmpdir}/true
ok_ix_perm=rix
badperm=r
ok_ux_perm=ux
diff --git a/tests/regression/apparmor/exec_qual.sh b/tests/regression/apparmor/exec_qual.sh
index 5f80735eb46ebf8f19b5099a556924ea997897af..d1088f056d99b2c98a24808d30855a739bda3712 100755
--- a/tests/regression/apparmor/exec_qual.sh
+++ b/tests/regression/apparmor/exec_qual.sh
@@ -19,7 +19,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file=/etc/group
@@ -72,71 +72,71 @@ local_runchecktest()
# child profile grants access
# expected behaviour: child should be able to access resource
-genprofile $test2:px $file:$fileperm signal:receive:peer=unconfined -- image=$test2 $file:$fileperm signal:receive
-local_runchecktest "enforce px case1" pass $test2 $test2 $file
+genprofile "$test2:px" $file:$fileperm signal:receive:peer=unconfined -- "image=$test2" $file:$fileperm signal:receive
+local_runchecktest "enforce px case1" pass "$test2" "$test2" $file
# case 2: parent profile grants access (should be irrelevant)
# child profile disallows access
# expected behaviour: child should be unable to access resource
-genprofile $test2:px $file:$fileperm signal:receive:peer=unconfined -- image=$test2 signal:receive
-local_runchecktest "enforce px case2" fail $test2 $test2 $file
+genprofile "$test2:px" $file:$fileperm signal:receive:peer=unconfined -- "image=$test2" signal:receive
+local_runchecktest "enforce px case2" fail "$test2" "$test2" $file
# case 3: parent profile disallows access (should be irrelevant)
# child profile allows access
# expected behaviour: child should be able to access resource
-genprofile $test2:px signal:receive:peer=unconfined -- image=$test2 $file:$fileperm signal:receive
-local_runchecktest "enforce px case3" pass $test2 $test2 $file
+genprofile "$test2:px" signal:receive:peer=unconfined -- "image=$test2" $file:$fileperm signal:receive
+local_runchecktest "enforce px case3" pass "$test2" "$test2" $file
# case 4: parent profile grants access (should be irrelevant)
# missing child profile
# expected behaviour: exec of child fails
-genprofile $test2:px $file:$fileperm signal:receive:peer=unconfined
-local_runchecktest "enforce px case4" fail "n/a" $test2 $file
+genprofile "$test2:px" $file:$fileperm signal:receive:peer=unconfined
+local_runchecktest "enforce px case4" fail "n/a" "$test2" $file
# confined parent, exec child with 'ix'
# case 1: parent profile grants access
# child profile grants access (should be irrelevant)
# expected behaviour: child should be able to access resource
-genprofile $test2:rix $file:$fileperm signal:receive:peer=unconfined -- image=$test2 $file:$fileperm signal:receive
-local_runchecktest "enforce ix case1" pass $test1 $test2 $file
+genprofile "$test2:rix" $file:$fileperm signal:receive:peer=unconfined -- "image=$test2" $file:$fileperm signal:receive
+local_runchecktest "enforce ix case1" pass "$test1" "$test2" $file
# case 2: parent profile grants access
# child profile disallows access (should be irrelevant)
# expected behaviour: child should be able to access resource
-genprofile $test2:rix $file:$fileperm signal:receive:peer=unconfined -- image=$test2 signal:receive
-local_runchecktest "enforce ix case2" pass $test1 $test2 $file
+genprofile "$test2:rix" $file:$fileperm signal:receive:peer=unconfined -- "image=$test2" signal:receive
+local_runchecktest "enforce ix case2" pass "$test1" "$test2" $file
# case 3: parent profile disallows access
# child profile allows access (should be irrelevant)
# expected behaviour: child should be unable to access resource
-genprofile $test2:rix signal:receive:peer=unconfined -- image=$test2 $file:$fileperm signal:receive
-local_runchecktest "enforce ix case3" fail $test1 $test2 $file
+genprofile "$test2:rix" signal:receive:peer=unconfined -- "image=$test2" $file:$fileperm signal:receive
+local_runchecktest "enforce ix case3" fail "$test1" "$test2" $file
# case 4: parent profile grants access
# missing child profile (irrelevant)
# expected behaviour: child should be able to access resource
-genprofile $test2:rix $file:$fileperm signal:receive:peer=unconfined
-local_runchecktest "enforce ix case4" pass $test1 $test2 $file
+genprofile "$test2:rix" $file:$fileperm signal:receive:peer=unconfined
+local_runchecktest "enforce ix case4" pass "$test1" "$test2" $file
# confined parent, exec child with 'ux'
# case 1: parent profile grants access (should be irrelevant)
# expected behaviour, child should be able to access resource
genprofile $test2:ux $file:$fileperm signal:receive:peer=unconfined
-local_runchecktest "enforce ux case1" pass "unconfined" $test2 $file
+local_runchecktest "enforce ux case1" pass "unconfined" "$test2" $file
# case 2: parent profile denies access (should be irrelevant)
# expected behaviour, child should be able to access resource
genprofile $test2:ux signal:receive:peer=unconfined
-local_runchecktest "enforce ux case1" pass "unconfined" $test2 $file
+local_runchecktest "enforce ux case1" pass "unconfined" "$test2" $file
# confined parent, exec child with conflicting exec qualifiers
# that overlap in such away that px is preferred (ix is glob, px is exact
@@ -144,27 +144,27 @@ local_runchecktest "enforce ux case1" pass "unconfined" $test2 $file
# case 1:
# expected behaviour: exec of child passes
-genprofile $test2:px $test2_rex1:ix signal:receive:peer=unconfined -- image=$test2 $file:$fileperm signal:receive
-local_runchecktest "enforce conflicting exec qual" pass $test2 $test2 $file
+genprofile "$test2:px" "$test2_rex1:ix" signal:receive:peer=unconfined -- "image=$test2" $file:$fileperm signal:receive
+local_runchecktest "enforce conflicting exec qual" pass "$test2" "$test2" $file
# unconfined parent
# case 1: child profile exists, child profile grants access
# expected behaviour: child should be able to access resource
-genprofile image=$test2 $file:$fileperm signal:receive:peer=unconfined
-local_runchecktest "enforce unconfined case1" pass $test2 $test2 $file
+genprofile "image=$test2" $file:$fileperm signal:receive:peer=unconfined
+local_runchecktest "enforce unconfined case1" pass "$test2" "$test2" $file
# case 2: child profile exists, child profile denies access
# expected behaviour: child should be unable to access resource
-genprofile image=$test2 signal:receive:peer=unconfined
-local_runchecktest "enforce unconfined case2" fail $test2 $test2 $file
+genprofile "image=$test2" signal:receive:peer=unconfined
+local_runchecktest "enforce unconfined case2" fail "$test2" "$test2" $file
# case 3: no child profile exists, unconfined
# expected behaviour: child should be able to access resource
removeprofile
-local_runchecktest "enforce unconfined case3" pass "unconfined" $test2 $file
+local_runchecktest "enforce unconfined case3" pass "unconfined" "$test2" $file
# -----------------------------------------------------------------------
diff --git a/tests/regression/apparmor/exec_stack.sh b/tests/regression/apparmor/exec_stack.sh
index 21f639ab0efcc8d24136cbbaede67ef496e6b45d..e688e60a77d61b8301b715584cac4dc0a1cd367d 100755
--- a/tests/regression/apparmor/exec_stack.sh
+++ b/tests/regression/apparmor/exec_stack.sh
@@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
requires_kernel_features domain/stack
settest transition
@@ -33,7 +33,7 @@ otherok="${otherfile}:${okperm}"
thirdok="${thirdfile}:${okperm}"
sharedok="${sharedfile}:${okperm}"
-getcon="/proc/*/attr/current:r"
+getcon="/proc/*/attr/{apparmor/,}current:r"
othertest="$pwd/rename"
thirdtest="$pwd/exec"
@@ -111,14 +111,16 @@ ns="ns"
prof="stackprofile"
nstest=":${ns}:${prof}"
# Verify file access and contexts by stacking a profile with a namespaced profile
-genprofile --stdin <<EOF
+genprofile image=$test --stdin <<EOF
$test {
file,
audit deny $otherfile $okperm,
audit deny $thirdfile $okperm,
$test ix -> &$nstest,
}
+EOF
+genprofile --append image=$nstest --stdin <<EOF
$nstest {
file,
audit deny $file $okperm,
diff --git a/tests/regression/apparmor/fchdir.sh b/tests/regression/apparmor/fchdir.sh
index 0db338e77d8d61668c63b624a0123debaf71a138..4dd92ca69fcf1468c48731bbe6eb3ec8794ff400 100755
--- a/tests/regression/apparmor/fchdir.sh
+++ b/tests/regression/apparmor/fchdir.sh
@@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
dir=$tmpdir/tmpdir/
diff --git a/tests/regression/apparmor/fd_inheritance.c b/tests/regression/apparmor/fd_inheritance.c
index 43d7a14b3108fa25a3a51078b53f4cb4675c02d9..d4e70400fc63e490d436bde91ebe01e1df482f04 100644
--- a/tests/regression/apparmor/fd_inheritance.c
+++ b/tests/regression/apparmor/fd_inheritance.c
@@ -25,7 +25,7 @@
#include <unistd.h>
#define BUF_LEN 128
-#define FD_STR_LEN 4
+#define FD_STR_LEN 16
int main(int argc, char *argv[])
{
diff --git a/tests/regression/apparmor/fd_inheritance.sh b/tests/regression/apparmor/fd_inheritance.sh
index 1356ae8231f5abb077f4dcb48d38e4b27774b014..6f2725a903f087cd1018b4a3a8bd5e19403ea3da 100755
--- a/tests/regression/apparmor/fd_inheritance.sh
+++ b/tests/regression/apparmor/fd_inheritance.sh
@@ -29,7 +29,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file=$tmpdir/file
inheritor=$bin/fd_inheritor
@@ -43,34 +43,34 @@ d3e773e2a4a0cc9d7e28eb217a4241ce
1437d6c55ef788d3bcd27ab14e9382a9
EOF
-runchecktest "fd inheritance; unconfined -> unconfined" pass $file $inheritor
+runchecktest "fd inheritance; unconfined -> unconfined" pass $file "$inheritor"
-genprofile $file:$okperm $inheritor:Ux
-runchecktest "fd inheritance; confined -> unconfined" pass $file $inheritor
+genprofile $file:$okperm "$inheritor:Ux"
+runchecktest "fd inheritance; confined -> unconfined" pass $file "$inheritor"
-genprofile $file:$badperm $inheritor:Ux
-runchecktest "fd inheritance; confined (bad perm) -> unconfined" fail $file $inheritor
+genprofile $file:$badperm "$inheritor:Ux"
+runchecktest "fd inheritance; confined (bad perm) -> unconfined" fail $file "$inheritor"
-genprofile $inheritor:Ux
-runchecktest "fd inheritance; confined (no perm) -> unconfined" fail $file $inheritor
+genprofile "$inheritor:Ux"
+runchecktest "fd inheritance; confined (no perm) -> unconfined" fail $file "$inheritor"
-genprofile image=$inheritor $file:$okperm
-runchecktest "fd inheritance; unconfined -> confined" pass $file $inheritor
+genprofile "image=$inheritor" $file:$okperm
+runchecktest "fd inheritance; unconfined -> confined" pass $file "$inheritor"
-genprofile image=$inheritor
-runchecktest "fd inheritance; unconfined -> confined (no perm)" pass $file $inheritor
+genprofile "image=$inheritor"
+runchecktest "fd inheritance; unconfined -> confined (no perm)" pass $file "$inheritor"
-genprofile $file:$okperm $inheritor:Px -- image=$inheritor $file:$okperm
-runchecktest "fd inheritance; confined -> confined" pass $file $inheritor
+genprofile $file:$okperm "$inheritor:Px" -- "image=$inheritor" $file:$okperm
+runchecktest "fd inheritance; confined -> confined" pass $file "$inheritor"
-genprofile $file:$badperm $inheritor:Px -- image=$inheritor $file:$okperm
-runchecktest "fd inheritance; confined (bad perm) -> confined" fail $file $inheritor
+genprofile $file:$badperm "$inheritor:Px" -- "image=$inheritor" $file:$okperm
+runchecktest "fd inheritance; confined (bad perm) -> confined" fail $file "$inheritor"
-genprofile $inheritor:Px -- image=$inheritor $file:$okperm
-runchecktest "fd inheritance; confined (no perm) -> confined" fail $file $inheritor
+genprofile "$inheritor:Px" -- "image=$inheritor" $file:$okperm
+runchecktest "fd inheritance; confined (no perm) -> confined" fail $file "$inheritor"
-genprofile $file:$okperm $inheritor:Px -- image=$inheritor $file:$badperm
-runchecktest "fd inheritance; confined -> confined (bad perm)" fail $file $inheritor
+genprofile $file:$okperm "$inheritor:Px" -- "image=$inheritor" $file:$badperm
+runchecktest "fd inheritance; confined -> confined (bad perm)" fail $file "$inheritor"
-genprofile $file:$okperm $inheritor:Px -- image=$inheritor
-runchecktest "fd inheritance; confined -> confined (no perm)" fail $file $inheritor
+genprofile $file:$okperm "$inheritor:Px" -- "image=$inheritor"
+runchecktest "fd inheritance; confined -> confined (no perm)" fail $file "$inheritor"
diff --git a/tests/regression/apparmor/file_unbindable_mount.sh b/tests/regression/apparmor/file_unbindable_mount.sh
new file mode 100644
index 0000000000000000000000000000000000000000..bb9c08a0ceebd5e5ed02993789ae81196545701a
--- /dev/null
+++ b/tests/regression/apparmor/file_unbindable_mount.sh
@@ -0,0 +1,45 @@
+#! /bin/bash
+# Copyright (C) 2024 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation, version 2 of the
+# License.
+
+#=NAME file_unbindable_mount
+#=DESCRIPTION
+# Verifies that file rules work across unbindable mounts
+#=END
+
+pwd=$(dirname "$0")
+pwd=$(cd "$pwd" || exit ; /bin/pwd)
+
+bin=$pwd
+
+. "$bin/prologue.inc"
+
+backing_file="$tmpdir/loop_file"
+mount_target="$tmpdir/mount_target"
+
+mkdir "${mount_target}"
+fallocate -l 4M "${backing_file}"
+mkfs.fat -F 32 "${backing_file}" > /dev/null 2> /dev/null
+
+losetup -f "${backing_file}" || fatalerror 'Unable to set up a loop device'
+loop_device="$(/sbin/losetup -n -O NAME -l -j "${backing_file}")"
+
+mount --make-unbindable "${loop_device}" "${mount_target}"
+fallocate -l 2M "${mount_target}/a_file"
+# echo is also a builtin, making things a bit more complicated
+cp "$(type -P echo)" "${mount_target}/echo"
+
+settest file_unbindable_mount "${bin}/complain"
+
+genprofile "${mount_target}/a_file:r" "${mount_target}/echo:ix"
+runchecktest "Read file in unbindable mount" pass read "${mount_target}/a_file"
+runchecktest "Exec in unbindable mount" pass exec "${mount_target}/echo" PASS
+
+umount "${loop_device}"
+
+losetup -d "${loop_device}"
+rm "${backing_file}"
diff --git a/tests/regression/apparmor/fork.sh b/tests/regression/apparmor/fork.sh
index 36fddf32fb9da247dc559b7510585306b6aee4dc..efc52feb2f750e720a04d3dc7331aaea89cdac6f 100755
--- a/tests/regression/apparmor/fork.sh
+++ b/tests/regression/apparmor/fork.sh
@@ -19,7 +19,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file1=$tmpdir/file1
file2=$tmpdir/file2
diff --git a/tests/regression/apparmor/i18n.sh b/tests/regression/apparmor/i18n.sh
index 43e4fab23ae729bcef0d3d922ad8d42e8c96ce94..f8ae8d43fd6fb7de5e1e9c120b37a8be61bc3ac2 100755
--- a/tests/regression/apparmor/i18n.sh
+++ b/tests/regression/apparmor/i18n.sh
@@ -20,7 +20,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
okperm=rw
badperm1=r
diff --git a/tests/regression/apparmor/introspect.sh b/tests/regression/apparmor/introspect.sh
index e397da4f0f2a4064a413d675ef325fdd7514cc32..87a11fd406bef5ca340819d2a6b890985c14cf30 100644
--- a/tests/regression/apparmor/introspect.sh
+++ b/tests/regression/apparmor/introspect.sh
@@ -14,7 +14,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
ok_ix_perm=rix
badperm=r
diff --git a/tests/regression/apparmor/io_uring.c b/tests/regression/apparmor/io_uring.c
new file mode 100644
index 0000000000000000000000000000000000000000..b9fb7f5a7044deb45edc8f54aae9a87bb16f123c
--- /dev/null
+++ b/tests/regression/apparmor/io_uring.c
@@ -0,0 +1,204 @@
+/*
+ * Copyright (C) 2023 Canonical, Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Canonical Ltd.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <fcntl.h>
+#include <liburing.h>
+
+#define DEFAULT_FILENAME "/tmp/io_uring_test"
+#define DEFAULT_UID 1000
+
+static int no_personality;
+
+static int open_file(struct io_uring *ring, int cred_id, char *filename)
+{
+ struct io_uring_cqe *cqe;
+ struct io_uring_sqe *sqe;
+ int ret, i, to_submit = 1;
+
+ sqe = io_uring_get_sqe(ring);
+ if (!sqe) {
+ fprintf(stderr, "FAIL - could not get sqe.\n");
+ return 1;
+ }
+ io_uring_prep_openat(sqe, -1, filename, O_RDONLY, 0);
+ sqe->user_data = 1;
+
+ if (cred_id != -1)
+ sqe->personality = cred_id;
+
+ ret = io_uring_submit(ring);
+ if (ret != to_submit) {
+ fprintf(stderr, "FAIL - could not submit: %s\n", strerror(-ret));
+ goto err;
+ }
+
+ for (i = 0; i < to_submit; i++) {
+ ret = io_uring_wait_cqe(ring, &cqe);
+ if (ret < 0) {
+ fprintf(stderr, "FAIL - wait cqe failed %s\n", strerror(-ret));
+ goto err;
+ }
+
+ ret = cqe->res;
+ io_uring_cqe_seen(ring, cqe);
+ }
+err:
+ return ret;
+}
+
+static int test_personality(struct io_uring *ring, char *filename, uid_t uid)
+{
+ int ret, cred_id;
+ ret = io_uring_register_personality(ring);
+ if (ret < 0) {
+ if (ret == -EINVAL) {
+ no_personality = 1;
+ goto out;
+ }
+ fprintf(stderr, "FAIL - could not register personality: %s\n", strerror(-ret));
+ goto err;
+ }
+ cred_id = ret;
+
+ /* create file only owner can open */
+ ret = open(filename, O_RDONLY | O_CREAT, 0600);
+ if (ret < 0) {
+ perror("open");
+ goto err;
+ }
+ close(ret);
+
+ /* verify we can open it */
+ ret = open_file(ring, -1, filename);
+ if (ret < 0) {
+ fprintf(stderr, "FAIL - root could not open file: %d\n", ret);
+ goto err;
+ }
+
+ if (seteuid(uid) < 0) {
+ fprintf(stdout, "FAIL - could not switch to uid %u\n", uid);
+ goto out;
+ }
+
+ /* verify we can't open it with current credentials */
+ ret = open_file(ring, -1, filename);
+ if (ret != -EACCES) {
+ fprintf(stderr, "FAIL - opened with regular credential: %d\n", ret);
+ goto err;
+ }
+
+ /* verify we can open with registered credentials */
+ ret = open_file(ring, cred_id, filename);
+ if (ret < 0) {
+ fprintf(stderr, "FAIL - could not open with registered credentials: %d\n", ret);
+ goto err;
+ }
+ close(ret);
+
+ if (seteuid(0))
+ perror("FAIL - seteuid");
+
+ ret = io_uring_unregister_personality(ring, cred_id);
+ if (ret) {
+ fprintf(stderr, "FAIL - could not unregister personality: %s\n",
+ strerror(-ret));
+ goto err;
+ }
+
+out:
+ unlink(filename);
+ return 0;
+err:
+ unlink(filename);
+ return 1;
+}
+
+static void usage(char *pname)
+{
+ fprintf(stderr, "Usage: %s [options]\n", pname);
+ fprintf(stderr, "Options can be:\n");
+ fprintf(stderr, " -s create ring using IORING_SETUP_SQPOLL\n");
+ fprintf(stderr, " -o use io_uring personality to open a file\n");
+ fprintf(stderr, " -u specify UID for option -s (default is %d)\n", DEFAULT_UID);
+ fprintf(stderr, " -f specify file opened by option -s (default is %s)\n", DEFAULT_FILENAME);
+ exit(EXIT_FAILURE);
+}
+
+enum op {
+ SQPOLL,
+ OVERRIDE_CREDS,
+ INVALID_OP,
+};
+
+int main(int argc, char *argv[])
+{
+ struct io_uring ring;
+ int opt, ret = 0, op = INVALID_OP;
+ char *filename = DEFAULT_FILENAME;
+ uid_t uid = DEFAULT_UID;
+
+ while ((opt = getopt(argc, argv, "sou:f:")) != -1) {
+ switch (opt) {
+ case 's': op = SQPOLL; break;
+ case 'o': op = OVERRIDE_CREDS; break;
+ case 'u': uid = atoi(optarg); break;
+ case 'f': filename = optarg; break;
+ default: usage(argv[0]);
+ }
+ }
+
+ if (op == INVALID_OP) {
+ printf("FAIL - operation not selected\n");
+ return 1;
+ }
+
+ if (op == SQPOLL) {
+ ret = io_uring_queue_init(8, &ring, IORING_SETUP_SQPOLL);
+ if (ret) {
+ fprintf(stderr, "FAIL - failed to create sqpoll ring: %s\n",
+ strerror(-ret));
+ return 1;
+ }
+ io_uring_queue_exit(&ring);
+ }
+
+ if (op == OVERRIDE_CREDS) {
+ ret = io_uring_queue_init(8, &ring, 0);
+ if (ret) {
+ fprintf(stderr, "FAIL - failed to create override_creds ring: %s\n",
+ strerror(-ret));
+ return 1;
+ }
+
+ ret = test_personality(&ring, filename, uid);
+ if (no_personality) {
+ /* personality was added in kernel 5.6 */
+ printf("Personalities not supported, skipping...\n");
+ } else if (ret) {
+ fprintf(stderr, "FAIL - override_creds failed\n");
+ return ret;
+ }
+ io_uring_queue_exit(&ring);
+ }
+
+ printf("PASS\n");
+ return 0;
+}
diff --git a/tests/regression/apparmor/io_uring.sh b/tests/regression/apparmor/io_uring.sh
new file mode 100755
index 0000000000000000000000000000000000000000..a399c62bedf1ee8633b68ef3ac5dedf78edb7f91
--- /dev/null
+++ b/tests/regression/apparmor/io_uring.sh
@@ -0,0 +1,88 @@
+#! /bin/bash
+#Copyright (C) 2023 Canonical, Ltd.
+#
+#This program is free software; you can redistribute it and/or
+#modify it under the terms of the GNU General Public License as
+#published by the Free Software Foundation, version 2 of the
+#License.
+
+#=NAME io_uring
+#=DESCRIPTION
+# This test verifies if mediation of io_uring is working
+#=END
+
+pwd=`dirname $0`
+pwd=`cd $pwd ; /bin/pwd`
+
+bin=$pwd
+
+. "$bin/prologue.inc"
+
+requires_kernel_features io_uring
+requires_parser_support "io_uring,"
+
+settest io_uring
+
+uid=1000
+file=$tmpdir/io_uring_test
+label=$bin/io_uring
+
+required_perms="$file:rw cap:setuid cap:ipc_lock"
+
+do_test()
+{
+ local desc="IO_URING ($1)"
+ shift
+ runchecktest "$desc" "$@"
+}
+
+do_tests()
+{
+ prefix=$1
+ expect_sqpoll=$2
+ expect_override_creds=$3
+
+ do_test "$prefix - test sqpoll" $expect_sqpoll -s
+ do_test "$prefix - test override_creds" $expect_override_creds -o -u $uid -f $file
+}
+
+# make sure it works unconfined
+do_tests "unconfined" pass pass
+
+genprofile $required_perms
+do_tests "no perms" fail fail
+
+genprofile $required_perms "qual=deny:io_uring"
+do_tests "deny perms" fail fail
+
+if [ "$(parser_supports 'all,')" = "true" ]; then
+ genprofile "all"
+ do_tests "allow all" pass pass
+fi
+
+genprofile $required_perms "io_uring"
+do_tests "generic perms" pass pass
+
+genprofile $required_perms "io_uring:sqpoll"
+do_tests "only sqpoll perm" pass fail
+
+genprofile $required_perms "io_uring:override_creds"
+do_tests "only override_creds perm" fail pass
+
+genprofile $required_perms "io_uring:(sqpoll, override_creds)"
+do_tests "explicit perms" pass pass
+
+genprofile $required_perms "io_uring:sqpoll:label=$label"
+do_tests "specify label without override_creds perm" pass fail
+
+genprofile $required_perms "io_uring:label=$label"
+do_tests "all perms specify label" pass pass
+
+genprofile $required_perms "io_uring:(sqpoll, override_creds):label=$label"
+do_tests "specify perms specify label" pass pass
+
+genprofile $required_perms "io_uring:override_creds:label=$label"
+do_tests "specify label" fail pass
+
+genprofile $required_perms "io_uring:override_creds:label=/foo"
+do_tests "invalid label" fail fail
diff --git a/tests/regression/apparmor/link.sh b/tests/regression/apparmor/link.sh
index d670c463acdd15dd5b40ec711fca9afb905392ec..ef6114ff065a4c0c6f93bb2a13855166d7997050 100755
--- a/tests/regression/apparmor/link.sh
+++ b/tests/regression/apparmor/link.sh
@@ -20,7 +20,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
target=$tmpdir/target
linkfile=$tmpdir/linkfile
diff --git a/tests/regression/apparmor/link_subset.sh b/tests/regression/apparmor/link_subset.sh
index 73b3a1881ed45356b7065be80025097415b6e4b7..6ab723fa6e6b2bc7a23ef50e4e1046d74e9aeefd 100644
--- a/tests/regression/apparmor/link_subset.sh
+++ b/tests/regression/apparmor/link_subset.sh
@@ -20,13 +20,13 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
target=$tmpdir/target_
linkfile=$tmpdir/link_
-tfiles=`$bin/link_subset --filenames $target`
-lfiles=`$bin/link_subset --filenames $linkfile`
+tfiles=`"$bin/link_subset" --filenames $target`
+lfiles=`"$bin/link_subset" --filenames $linkfile`
# unconfined test - no target file
#runchecktest "unconfined - no target" fail $target $linkfile
diff --git a/tests/regression/apparmor/longpath.sh b/tests/regression/apparmor/longpath.sh
index e10e1a4b4f70bb130b26d7e406ce3ea8cc29db5c..2fb5bd848d0863a7c0e0d0b148cee3ee599231c9 100644
--- a/tests/regression/apparmor/longpath.sh
+++ b/tests/regression/apparmor/longpath.sh
@@ -16,7 +16,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
genrandname()
{
diff --git a/tests/regression/apparmor/mkdir.sh b/tests/regression/apparmor/mkdir.sh
index beb027855f46f0474dfa606f7e2908f1b73064e7..ce31b59bc9e873599438a4ab86ca6cd150d929fe 100755
--- a/tests/regression/apparmor/mkdir.sh
+++ b/tests/regression/apparmor/mkdir.sh
@@ -14,7 +14,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
dir=$tmpdir/tmpdir/
perms=w
diff --git a/tests/regression/apparmor/mkprofile.pl b/tests/regression/apparmor/mkprofile.pl
index 5e9132619b5ac27ff7e0d2a3225ca905a5d4c085..271b46ede880ce7c3d2d9fef455632f8146cc73d 100755
--- a/tests/regression/apparmor/mkprofile.pl
+++ b/tests/regression/apparmor/mkprofile.pl
@@ -164,8 +164,14 @@ sub gen_netdomain($@) {
sub gen_network($@) {
my ($rule, $qualifier) = @_;
- my @rules = split (/:/, $rule);
- push (@{$output_rules{$hat}}, " ${qualifier}@rules,\n");
+ if ($rule =~ /^network:/) {
+ my @rules = split (/:/, $rule);
+ push (@{$output_rules{$hat}}, " ${qualifier}@rules,\n");
+ } else {
+ # if using fine grained mediation, separator needs to be ; because of ipv6
+ my @rules = split (/;/, $rule);
+ push (@{$output_rules{$hat}}, " ${qualifier}@rules,\n");
+ }
}
sub gen_unix($@) {
@@ -310,6 +316,20 @@ sub gen_pivot_root($@) {
}
}
+sub gen_userns($@) {
+ my ($rule, $qualifier) = @_;
+ my @rules = split (/:/, $rule);
+ if (@rules == 2) {
+ if ($rules[1] =~ /^ALL$/) {
+ push (@{$output_rules{$hat}}, " ${qualifier}userns,\n");
+ } else {
+ push (@{$output_rules{$hat}}, " ${qualifier}userns $rules[1],\n");
+ }
+ } else {
+ (!$nowarn) && print STDERR "Warning: invalid userns description '$rule', ignored\n";
+ }
+}
+
sub gen_file($@) {
my ($rule, $qualifier) = @_;
if (!$qualifier) {
@@ -409,6 +429,42 @@ sub gen_path($) {
}
}
+sub gen_mqueue($@) {
+ my ($rule, $qualifier) = @_;
+ my @rules = split (/:/, $rule);
+ if (@rules == 2) {
+ if ($rules[1] =~ /^ALL$/) {
+ push (@{$output_rules{$hat}}, " ${qualifier}mqueue,\n");
+ } else {
+ push (@{$output_rules{$hat}}, " ${qualifier}mqueue $rules[1],\n");
+ }
+ } elsif (@rules == 3) {
+ push (@{$output_rules{$hat}}, " ${qualifier}mqueue $rules[1] $rules[2],\n");
+ } elsif (@rules == 4) {
+ push (@{$output_rules{$hat}}, " ${qualifier}mqueue $rules[1] $rules[2] $rules[3],\n");
+ } elsif (@rules == 5) {
+ push (@{$output_rules{$hat}}, " ${qualifier}mqueue $rules[1] $rules[2] $rules[3] $rules[4],\n");
+ } else {
+ (!$nowarn) && print STDERR "Warning: invalid mqueue description '$rule', ignored\n";
+ }
+}
+
+sub gen_io_uring($@) {
+ my ($rule, $qualifier) = @_;
+ my @rules = split (/:/, $rule);
+ if (@rules == 2) {
+ if ($rules[1] =~ /^ALL$/) {
+ push (@{$output_rules{$hat}}, " ${qualifier}io_uring,\n");
+ } else {
+ push (@{$output_rules{$hat}}, " ${qualifier}io_uring $rules[1],\n");
+ }
+ } elsif (@rules == 3) {
+ push (@{$output_rules{$hat}}, " ${qualifier}io_uring $rules[1] $rules[2],\n");
+ } else {
+ (!$nowarn) && print STDERR "Warning: invalid io_uring description '$rule', ignored\n";
+ }
+}
+
sub emit_flags($) {
my $hat = shift;
@@ -445,7 +501,7 @@ sub gen_from_args() {
if ($rule =~ /^(tcp|udp)/) {
# netdomain rules
gen_netdomain($rule, $qualifier);
- } elsif ($rule =~ /^network:/) {
+ } elsif ($rule =~ /^network(:|;)/) {
gen_network($rule, $qualifier);
} elsif ($rule =~ /^unix:/) {
gen_unix($rule, $qualifier);
@@ -463,6 +519,8 @@ sub gen_from_args() {
gen_umount($rule, $qualifier);
} elsif ($rule =~ /^pivot_root:/) {
gen_pivot_root($rule, $qualifier);
+ } elsif ($rule =~ /^userns:/) {
+ gen_userns($rule, $qualifier)
} elsif ($rule =~ /^flag:/) {
gen_flag($rule);
} elsif ($rule =~ /^hat:/) {
@@ -476,6 +534,10 @@ sub gen_from_args() {
gen_xattr($rule);
} elsif ($rule =~ /^path:/) {
gen_path($rule);
+ } elsif ($rule =~ /^mqueue:/) {
+ gen_mqueue($rule, $qualifier);
+ } elsif ($rule =~ /^io_uring:/) {
+ gen_io_uring($rule, $qualifier);
} else {
gen_file($rule, $qualifier);
}
diff --git a/tests/regression/apparmor/mmap.sh b/tests/regression/apparmor/mmap.sh
index 1d3a902890373c6817d696ee83407ebd083de6f3..c181627612b2fc0985feb2d635d2314c2f0ae62f 100755
--- a/tests/regression/apparmor/mmap.sh
+++ b/tests/regression/apparmor/mmap.sh
@@ -21,7 +21,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file=$tmpdir/src
okperm=rw
diff --git a/tests/regression/apparmor/mount.c b/tests/regression/apparmor/mount.c
index 73e771eecd9c53d419e2e1ef71c0557ca5c5db26..9c66be204844b3dadb1eeef32a60c4a11bd9289c 100644
--- a/tests/regression/apparmor/mount.c
+++ b/tests/regression/apparmor/mount.c
@@ -114,6 +114,7 @@ static void usage(char *prog_name)
fprintf(stderr, "Options are:\n");
fprintf(stderr, "-o flags sent to the mount syscall\n");
fprintf(stderr, "-d data sent to the mount syscall\n");
+ fprintf(stderr, "-t type of synthetic filesystem (e.g. proc) for mount syscall\n");
exit(1);
}
@@ -121,12 +122,13 @@ int main(int argc, char *argv[])
{
char *options = NULL;
char *data = NULL;
+ char *type = NULL;
int index;
int c;
char *op, *source, *target, *token;
unsigned long flags = 0;
- while ((c = getopt (argc, argv, "o:d:h")) != -1) {
+ while ((c = getopt (argc, argv, "o:d:t:h")) != -1) {
switch (c)
{
case 'o':
@@ -135,6 +137,9 @@ int main(int argc, char *argv[])
case 'd':
data = optarg;
break;
+ case 't':
+ type = optarg;
+ break;
case 'h':
usage(argv[0]);
break;
@@ -162,10 +167,18 @@ int main(int argc, char *argv[])
}
if (strcmp(op, "mount") == 0) {
- if (mount(source, target, "ext2", flags, data) == -1) {
- fprintf(stderr, "FAIL: mount %s on %s failed - %s\n",
- source, target, strerror(errno));
- return errno;
+ if (!type) {
+ if (mount(source, target, "ext2", flags, data) == -1) {
+ fprintf(stderr, "FAIL: mount %s on %s failed - %s\n",
+ source, target, strerror(errno));
+ return errno;
+ }
+ } else {
+ if (mount(source, target, type, flags, data) == -1) {
+ fprintf(stderr, "FAIL: mount %s on %s failed - %s\n",
+ source, target, strerror(errno));
+ return errno;
+ }
}
} else if (strcmp(op, "umount") == 0) {
if (umount(target) == -1) {
diff --git a/tests/regression/apparmor/mount.inc b/tests/regression/apparmor/mount.inc
new file mode 100644
index 0000000000000000000000000000000000000000..a22b017c420855944e7904662e7dc9d028292298
--- /dev/null
+++ b/tests/regression/apparmor/mount.inc
@@ -0,0 +1,30 @@
+root_was_shared="no"
+root="/"
+
+# systemd mounts / and everything under it MS_SHARED. This breaks
+# pivot_root and mount "move" operations entirely, so attempt to
+# detect from which mount point the test is running from, and remount
+# it MS_PRIVATE temporarily.
+FINDMNT=/bin/findmnt
+if [ -x "${FINDMNT}" ] && ${FINDMNT} -no TARGET,PROPAGATION -T $tmpdir > /dev/null 2>&1 ; then
+ output="$(${FINDMNT} -no TARGET,PROPAGATION -T $tmpdir)"
+ root="$(echo $output | cut -d' ' -f1)"
+ if [ "$(echo $output | cut -d' ' -f2)" == "shared" ] ; then
+ root_was_shared="yes"
+ fi
+elif [ "$(ps hp1 -ocomm)" = "systemd" ] ; then
+ # no findmnt or findmnt doesn't know the PROPAGATION column,
+ # but init is systemd so assume rootfs is shared
+ root_was_shared="yes"
+fi
+if [ "${root_was_shared}" = "yes" ] ; then
+ [ -n "$VERBOSE" ] && echo "notice: re-mounting $root as private"
+ mount --make-private $root
+fi
+
+prop_cleanup() {
+ if [ "${root_was_shared}" = "yes" ] ; then
+ [ -n "$VERBOSE" ] && echo "notice: re-mounting $root as shared"
+ mount --make-shared $root
+ fi
+}
diff --git a/tests/regression/apparmor/mount.sh b/tests/regression/apparmor/mount.sh
index eef8e57dc0408626f1da5222916859223918dd46..6c1a00debd65f4ddabf52ff931cf98ad5a60b54e 100755
--- a/tests/regression/apparmor/mount.sh
+++ b/tests/regression/apparmor/mount.sh
@@ -20,7 +20,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
##
## A. MOUNT
@@ -32,7 +32,8 @@ mount_point2=$tmpdir/mountpoint2
mount_bad=$tmpdir/mountbad
loop_device="unset"
fstype="ext2"
-root_was_shared="no"
+
+. "$bin/mount.inc"
setup_mnt() {
/bin/mount -n -t${fstype} ${loop_device} ${mount_point}
@@ -59,13 +60,11 @@ mount_cleanup() {
then
/sbin/losetup -d ${loop_device} &> /dev/null
fi
- if [ "${root_was_shared}" = "yes" ] ; then
- mount --make-shared /
- fi
+ prop_cleanup
}
do_onexit="mount_cleanup"
-dd if=/dev/zero of=${mount_file} bs=1024 count=512 2> /dev/null
+fallocate -l 512K ${mount_file}
/sbin/mkfs -t${fstype} -F ${mount_file} > /dev/null 2> /dev/null
/bin/mkdir ${mount_point}
/bin/mkdir ${mount_point2}
@@ -78,25 +77,8 @@ if [ ! -b /dev/loop0 ] ; then
fi
# find the next free loop device and mount it
-loop_device=$(losetup -f) || fatalerror 'Unable to find a free loop device'
-/sbin/losetup "$loop_device" ${mount_file} > /dev/null 2> /dev/null
-
-# systemd mounts / and everything under it MS_SHARED which does
-# not work with "move", so attempt to detect it, and remount /
-# MS_PRIVATE temporarily. snippet from pivot_root.sh
-FINDMNT=/bin/findmnt
-if [ -x "${FINDMNT}" ] && ${FINDMNT} -no PROPAGATION / > /dev/null 2>&1 ; then
- if [ "$(${FINDMNT} -no PROPAGATION /)" == "shared" ] ; then
- root_was_shared="yes"
- fi
-elif [ "$(ps hp1 -ocomm)" = "systemd" ] ; then
- # no findmnt or findmnt doesn't know the PROPAGATION column,
- # but init is systemd so assume rootfs is shared
- root_was_shared="yes"
-fi
-if [ "${root_was_shared}" = "yes" ] ; then
- mount --make-private /
-fi
+/sbin/losetup -f ${mount_file} || fatalerror 'Unable to set up a loop device'
+loop_device="$(/sbin/losetup -n -O NAME -l -j ${mount_file})"
options=(
# default and non-default options
@@ -275,6 +257,183 @@ test_options() {
# run_all_combinations_test
}
+open_tree_test() {
+ desc=$1
+ qualifier=$2
+ additional_perms=$3
+ result=$4
+
+ genprofile cap:sys_admin ${qualifier}mount:ALL ${additional_perms}
+ mount ${loop_device} ${mnt_source}
+ runchecktest "MOVE_MOUNT (confined${desc}: mount,)" ${result} open_tree ${mnt_source} ${mnt_target} ${fsname}
+ remove_mnt
+
+ genprofile cap:sys_admin "${qualifier}mount:-> ${mnt_target}/" ${additional_perms}
+ mount ${loop_device} ${mnt_source}
+ runchecktest "MOVE_MOUNT (confined${desc}: mount -> ${mnt_target}/,)" ${result} open_tree ${mnt_source} ${mnt_target} ${fsname}
+ remove_mnt
+
+ genprofile cap:sys_admin "${qualifier}mount: options=(move) -> ${mnt_target}/" ${additional_perms}
+ mount ${loop_device} ${mnt_source}
+ runchecktest "MOVE_MOUNT (confined${desc}: mount options=(move) -> ${mnt_target}/,)" ${result} open_tree ${mnt_source} ${mnt_target} ${fsname}
+ remove_mnt
+
+ # genprofile cap:sys_admin "${qualifier}mount: detached -> ${mnt_target}/" ${additional_perms}
+ # mount ${loop_device} ${mnt_source}
+ # runchecktest "MOVE_MOUNT (confined${desc}: mount detached -> ${mnt_target}/,)" ${result} open_tree ${mnt_source} ${mnt_target} ${fsname}
+ # remove_mnt
+
+ # genprofile cap:sys_admin "${qualifier}mount: options=(move) detached -> ${mnt_target}/" ${additional_perms}
+ # mount ${loop_device} ${mnt_source}
+ # runchecktest "MOVE_MOUNT (confined${desc}: mount options=(move) detached -> ${mnt_target}/,)" ${result} open_tree ${mnt_source} ${mnt_target} ${fsname}
+ # remove_mnt
+
+ genprofile cap:sys_admin "${qualifier}mount: \"\" -> ${mnt_target}/" ${additional_perms}
+ mount ${loop_device} ${mnt_source}
+ runchecktest "MOVE_MOUNT (confined${desc}: mount \"\" -> ${mnt_target}/,)" ${result} open_tree ${mnt_source} ${mnt_target} ${fsname}
+ remove_mnt
+
+ genprofile cap:sys_admin "${qualifier}mount: options=(move) \"\" -> ${mnt_target}/" ${additional_perms}
+ mount ${loop_device} ${mnt_source}
+ runchecktest "MOVE_MOUNT (confined${desc}: mount options=(move) \"\" -> ${mnt_target}/,)" ${result} open_tree ${mnt_source} ${mnt_target} ${fsname}
+ remove_mnt
+
+}
+
+open_tree_tests() {
+ mnt_source=$1
+ mnt_target=$2
+ fsname=$3
+ settest move_mount
+ # TODO: check for move_mount syscall support
+ # TODO: check that parser supports detached
+ # eg. move_mount tmpfs /tmp/move_mount_test tmpfs
+
+ success=pass
+ should_fail=fail
+ if [ "$(kernel_features mount/move_mount)" != "true" ] ; then
+ # kernels that don't have move_mount should fail on with disconnected path
+ success=fail
+ # addresses kernels that are not mediating move_mount
+ should_fail=xfail
+ fi
+
+ mount ${loop_device} ${mnt_source}
+ runchecktest "MOVE_MOUNT (unconfined open_tree)" pass open_tree ${mnt_source} ${mnt_target} ${fsname}
+ remove_mnt
+
+ genprofile cap:sys_admin
+ mount ${loop_device} ${mnt_source}
+ runchecktest "MOVE_MOUNT (confined open_tree: no mount rule)" ${should_fail} open_tree ${mnt_source} ${mnt_target} ${fsname}
+ remove_mnt
+
+ # desc qual add_perms pass/fail
+ open_tree_test " open_tree" "" "" pass
+ open_tree_test " open_tree deny" "qual=deny:" "" ${should_fail}
+ # now some attach_disconnected with move_mount tests
+ # attach_disconnected should not affect move_mount mediation
+ open_tree_test " open_tree att_dis" "" "flag:attach_disconnected" pass
+ open_tree_test " open_tree deny att_dis" "qual=deny:" "flag:attach_disconnected" ${should_fail}
+}
+
+fsmount_test() {
+ desc=$1
+ qualifier=$2
+ additional_perms=$3
+ result=$4
+
+ genprofile cap:sys_admin ${qualifier}mount:ALL ${additional_perms}
+ runchecktest "MOVE_MOUNT (confined${desc}: mount,)" ${result} fsmount ${mnt_source} ${mnt_target} ${fsname}
+ remove_mnt
+
+ genprofile cap:sys_admin "${qualifier}mount:-> ${mnt_target}/" ${additional_perms}
+ runchecktest "MOVE_MOUNT (confined${desc}: mount -> ${mnt_target}/,)" ${result} fsmount ${mnt_source} ${mnt_target} ${fsname}
+ remove_mnt
+
+ genprofile cap:sys_admin "${qualifier}mount: options=(move) -> ${mnt_target}/" ${additional_perms}
+ runchecktest "MOVE_MOUNT (confined${desc}: mount options=(move) -> ${mnt_target}/,)" ${result} fsmount ${mnt_source} ${mnt_target} ${fsname}
+ remove_mnt
+
+ # genprofile cap:sys_admin "${qualifier}mount: detached -> ${mnt_target}/" ${additional_perms}
+ # runchecktest "MOVE_MOUNT (confined${desc}: mount detached -> ${mnt_target}/,)" ${result} fsmount ${mnt_source} ${mnt_target} ${fsname}
+ # remove_mnt
+
+ # genprofile cap:sys_admin "${qualifier}mount: options=(move) detached -> ${mnt_target}/" ${additional_perms}
+ # runchecktest "MOVE_MOUNT (confined${desc}: mount options=(move) detached -> ${mnt_target}/,)" ${result} fsmount ${mnt_source} ${mnt_target} ${fsname}
+ # remove_mnt
+
+ genprofile cap:sys_admin "${qualifier}mount: \"\" -> ${mnt_target}/" ${additional_perms}
+ runchecktest "MOVE_MOUNT (confined${desc}: mount \"\" -> ${mnt_target}/,)" ${result} fsmount ${mnt_source} ${mnt_target} ${fsname}
+ remove_mnt
+
+ genprofile cap:sys_admin "${qualifier}mount: options=(move) \"\" -> ${mnt_target}/" ${additional_perms}
+ runchecktest "MOVE_MOUNT (confined${desc}: mount options=(move) \"\" -> ${mnt_target}/,)" ${result} fsmount ${mnt_source} ${mnt_target} ${fsname}
+ remove_mnt
+
+}
+
+fsmount_tests() {
+ mnt_source=$1
+ mnt_target=$2
+ fsname=$3
+ settest move_mount
+ # TODO: check for move_mount syscall support
+ # TODO: check that parser supports detached
+ # eg. move_mount tmpfs /tmp/move_mount_test tmpfs
+
+ success=pass
+ should_fail=fail
+ if [ "$(kernel_features mount/move_mount)" != "true" ] ; then
+ # kernels that don't have move_mount should fail on with disconnected path
+ success=fail
+ # addresses kernels that are not mediating move_mount
+ should_fail=xfail
+ fi
+
+ runchecktest "MOVE_MOUNT (unconfined fsmount)" pass fsmount ${mnt_source} ${mnt_target} ${fsname}
+ remove_mnt
+
+ genprofile cap:sys_admin
+ runchecktest "MOVE_MOUNT (confined fsmount: no mount rule)" ${should_fail} fsmount ${mnt_source} ${mnt_target} ${fsname}
+ remove_mnt
+
+ # desc qual add_perms pass/fail
+ fsmount_test " fsmount" "" "" pass
+ fsmount_test " fsmount deny" "qual=deny:" "" ${should_fail}
+ # now some attach_disconnected with move_mount tests
+ # attach_disconnected should not affect move_mount mediation
+ fsmount_test " fsmount att_dis" "" "flag:attach_disconnected" pass
+ fsmount_test " fsmount deny att_dis" "qual=deny:" "flag:attach_disconnected" ${should_fail}
+}
+
+all_rule() {
+ if [ "$(parser_supports 'all,')" != "true" ]; then
+ echo " not supported by parser - skipping allow all,"
+ return
+ fi
+
+ settest mount
+ genprofile "all"
+
+ runchecktest "MOUNT (confined allow all)" pass mount ${loop_device} ${mount_point}
+
+ runchecktest "UMOUNT (confined allow all)" pass umount ${loop_device} ${mount_point}
+
+ runchecktest "MOUNT (confined allow all remount setup)" pass mount ${loop_device} ${mount_point}
+ runchecktest "MOUNT (confined allow all remount)" pass mount ${loop_device} ${mount_point} -o remount
+ remove_mnt
+
+ settest move_mount
+ genprofile "all"
+
+ runchecktest "MOVE_MOUNT (confined fsmount: allow all)" pass fsmount ${loop_device} ${mount_point} ${fstype}
+ remove_mnt
+
+ mount ${loop_device} ${mnt_source}
+ runchecktest "MOVE_MOUNT (confined open_tree: allow all)" pass open_tree ${mount_point2} ${mount_point} ${fstype}
+ remove_mnt
+}
+
# TEST 1. Make sure can mount and umount unconfined
runchecktest "MOUNT (unconfined)" pass mount ${loop_device} ${mount_point}
remove_mnt
@@ -398,6 +557,12 @@ else
runchecktest "UMOUNT (confined cap umount:ALL)" pass umount ${loop_device} ${mount_point}
remove_mnt
+ # https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1597017
+ # CVE-2016-1585
+ genprofile cap:sys_admin "mount:options=(rw,make-slave) -> **"
+ runchecktest "MOUNT (confined cap mount -> mntpnt, CVE-2016-1585)" fail mount -t proc proc ${mount_point}
+ remove_mnt
+
# MR:https://gitlab.com/apparmor/apparmor/-/merge_requests/1054
# https://bugs.launchpad.net/apparmor/+bug/2023814
# https://bugzilla.opensuse.org/show_bug.cgi?id=1211989
@@ -408,7 +573,23 @@ else
runchecktest "MOUNT (confined cap bind mount with deny mount that doesn't overlap)" pass mount ${mount_point2} ${mount_point} -o bind
remove_mnt
+ # MR:https://gitlab.com/apparmor/apparmor/-/merge_requests/1466
+ # https://bugs.launchpad.net/apparmor/+bug/2091424
+ # Specify mount propgatation with remount, a conflict that we still allow
+ # The kernel ignored the conflict and us disallowing it broke userspace
+ genprofile cap:sys_admin "mount:ALL"
+ runchecktest "MOUNT (confined cap bind mount rprivate conflict)" pass mount ${mount_point2} ${mount_point} -o bind,rprivate,noexec
+ runchecktest "MOUNT (confined cap bind mount remount rprivate conflict)" pass mount ${mount_point2} ${mount_point} -o remount,bind,rprivate,noexec
+ remove_mnt
+
test_options
+
+ # test new mount interface
+ fsmount_tests tmpfs ${mount_point} tmpfs
+ fsmount_tests ${loop_device} ${mount_point} ${fstype}
+ open_tree_tests ${mount_point2} ${mount_point} ${fstype}
+
+ all_rule
fi
#need tests for chroot
diff --git a/tests/regression/apparmor/move_mount.c b/tests/regression/apparmor/move_mount.c
new file mode 100644
index 0000000000000000000000000000000000000000..ea9e83114c685162ff8884f7201a1e7968ee9c05
--- /dev/null
+++ b/tests/regression/apparmor/move_mount.c
@@ -0,0 +1,244 @@
+#define _GNU_SOURCE
+#include <err.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <linux/mount.h>
+#include <linux/types.h>
+#include <sys/syscall.h>
+
+#ifndef open_tree
+/* fs/namespace.c
+ *
+ * SYSCALL_DEFINE3(open_tree, int, dfd, const char __user *, filename,
+ * unsigned, flags)
+ */
+static inline int open_tree(int dirfd, const char *filename, unsigned int flags)
+{
+ return syscall(SYS_open_tree, dirfd, filename, flags);
+}
+#endif
+
+#ifndef move_mount
+/* fs/namespace.c
+ *
+ * SYSCALL_DEFINE5(move_mount,
+ * int, from_dfd, const char __user *, from_pathname,
+ * int, to_dfd, const char __user *, to_pathname,
+ * unsigned int, flags)
+ *
+ * Move a mount from one place to another. In combination with
+ * fsopen()/fsmount() this is used to install a new mount and in combination
+ * with open_tree(OPEN_TREE_CLONE [| AT_RECURSIVE]) it can be used to copy
+ * a mount subtree.
+ *
+ * Note the flags value is a combination of MOVE_MOUNT_* flags.
+ *
+ * #define MOVE_MOUNT_F_SYMLINKS 0x00000001 // Follow symlinks on from path
+ * #define MOVE_MOUNT_F_AUTOMOUNTS 0x00000002 // Follow automounts on from path
+ * #define MOVE_MOUNT_F_EMPTY_PATH 0x00000004 // Empty from path permitted
+ * #define MOVE_MOUNT_T_SYMLINKS 0x00000010 // Follow symlinks on to path
+ * #define MOVE_MOUNT_T_AUTOMOUNTS 0x00000020//Follow automounts on to path
+ * #define MOVE_MOUNT_T_EMPTY_PATH 0x00000040 // Empty to path permitted
+ * #define MOVE_MOUNT_SET_GROUP 0x00000100 // Set sharing group instead
+ * #define MOVE_MOUNT_BENEATH 0x00000200 // Mount beneath top mount
+ * #define MOVE_MOUNT__MASK 0x00000377
+ */
+static inline int move_mount(int from_dirfd, const char *from_pathname,
+ int to_dirfd, const char *to_pathname,
+ unsigned int flags)
+{
+ return syscall(SYS_move_mount, from_dirfd, from_pathname,
+ to_dirfd, to_pathname, flags);
+}
+#endif
+
+#ifndef fsmount
+/* fs/namespace.c
+ *
+ * SYSCALL_DEFINE3(fsmount, int, fs_fd, unsigned int, flags,
+ * unsigned int, attr_flags)
+ *
+ * Create a kernel mount representation for a new, prepared superblock
+ * (specified by fs_fd) and attach to an open_tree-like file descriptor.
+ *
+ * #define FSMOUNT_CLOEXEC 0x00000001
+ */
+static inline int fsmount(int fs_fd, unsigned int flags,
+ unsigned int attr_flags)
+{
+ return syscall(SYS_fsmount, fs_fd, flags, attr_flags);
+}
+#endif
+
+#ifndef fsconfig
+/* fs/fsopen.c
+ *
+ * SYSCALL_DEFINE5(fsconfig,
+ * int, fd,
+ * unsigned int, cmd,
+ * const char __user *, _key,
+ * const void __user *, _value,
+ * int, aux)
+ *
+ * @fd: The filesystem context to act upon
+ * @cmd: The action to take
+ * @_key: Where appropriate, the parameter key to set
+ * @_value: Where appropriate, the parameter value to set
+ * @aux: Additional information for the value
+ *
+ * This system call is used to set parameters on a context, including
+ * superblock settings, data source and security labelling.
+ *
+ * Actions include triggering the creation of a superblock and the
+ * reconfiguration of the superblock attached to the specified context.
+ *
+ * When setting a parameter, @cmd indicates the type of value being proposed
+ * and @_key indicates the parameter to be altered.
+ *
+ * @_value and @aux are used to specify the value, should a value be required:
+ *
+ * (*) fsconfig_set_flag: No value is specified. The parameter must be boolean
+ * in nature. The key may be prefixed with "no" to invert the
+ * setting. @_value must be NULL and @aux must be 0.
+ *
+ * (*) fsconfig_set_string: A string value is specified. The parameter can be
+ * expecting boolean, integer, string or take a path. A conversion to an
+ * appropriate type will be attempted (which may include looking up as a
+ * path). @_value points to a NUL-terminated string and @aux must be 0.
+ *
+ * (*) fsconfig_set_binary: A binary blob is specified. @_value points to the
+ * blob and @aux indicates its size. The parameter must be expecting a
+ * blob.
+ *
+ * (*) fsconfig_set_path: A non-empty path is specified. The parameter must be
+ * expecting a path object. @_value points to a NUL-terminated string that
+ * is the path and @aux is a file descriptor at which to start a relative
+ * lookup or AT_FDCWD.
+ *
+ * (*) fsconfig_set_path_empty: As fsconfig_set_path, but with AT_EMPTY_PATH
+ * implied.
+ *
+ * (*) fsconfig_set_fd: An open file descriptor is specified. @_value must be
+ * NULL and @aux indicates the file descriptor.
+ */
+static inline int fsconfig(int fs_fd, unsigned int cmd, const char *key,
+ const void *value, int aux)
+{
+ return syscall(SYS_fsconfig, fs_fd, cmd, key, value, aux);
+}
+#endif
+
+#ifndef fsopen
+/* fs/fsopen.c
+ *
+ * SYSCALL_DEFINE2(fsopen, const char __user *, _fs_name, unsigned int, flags)
+ *
+ * Open a filesystem by name so that it can be configured for mounting.
+ *
+ * We are allowed to specify a container in which the filesystem will be
+ * opened, thereby indicating which namespaces will be used (notably, which
+ * network namespace will be used for network filesystems).
+ *
+ * #define FSOPEN_CLOEXEC 0x00000001
+ */
+static inline int fsopen(const char *fs_name, unsigned int flags)
+{
+ return syscall(SYS_fsopen, fs_name, flags);
+}
+#endif
+
+int do_open_tree_move_mount(const char *source, const char *target)
+{
+ int fd = -1, ret = 0;
+
+ fd = open_tree(AT_FDCWD, source, OPEN_TREE_CLONE |
+ OPEN_TREE_CLOEXEC | AT_EMPTY_PATH);
+ if (fd == -1) {
+ perror("FAIL - open_tree");
+ return -1;
+ }
+
+ ret = move_mount(fd, "", AT_FDCWD, target, MOVE_MOUNT_F_EMPTY_PATH);
+ if (ret == -1)
+ perror("FAIL - move_mount");
+
+ close(fd);
+ return ret;
+}
+
+int do_fsmount_move_mount(const char *fsname, const char *source, const char *target)
+{
+ int fd = -1, mfd = -1, ret = 0;
+
+ fd = fsopen(fsname, FSOPEN_CLOEXEC);
+ if (fd == -1) {
+ perror("FAIL - fsopen");
+ return -1;
+ }
+ ret = fsconfig(fd, FSCONFIG_SET_STRING, "source", source, 0);
+ if (ret == -1) {
+ perror("FAIL - fsconfig source");
+ goto fail;
+ }
+ ret = fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0);
+ if (ret == -1) {
+ perror("FAIL - fsconfig cmd create");
+ goto fail;
+ }
+
+ ret = fsmount(fd, FSMOUNT_CLOEXEC, 0);
+ if (ret == -1) {
+ perror("FAIL - fsmount");
+ goto fail;
+ }
+ mfd = ret;
+
+ ret = move_mount(mfd, "", AT_FDCWD, target, MOVE_MOUNT_F_EMPTY_PATH);
+ if (ret == -1) {
+ perror("FAIL - move_mount");
+ }
+
+fail:
+ if (fd != -1)
+ close(fd);
+ if (mfd != -1)
+ close(mfd);
+ return ret;
+}
+
+void usage(const char *prog_name)
+{
+ fprintf(stderr, "Usage: %s <fsmount|open_tree> <source> <target> <fs name>\n", prog_name);
+ exit(1);
+}
+
+int main(int argc, char *argv[])
+{
+ const char *source, *target, *fsname, *op;
+ int ret = 0;
+
+ if (argc < 5) {
+ fprintf(stderr, "Missing operation, or source or target mount point, or filesystem name\n");
+ usage(argv[0]);
+ }
+
+ op = argv[1];
+ source = argv[2];
+ target = argv[3];
+ fsname = argv[4];
+
+ if (strcmp(op, "fsmount") == 0)
+ ret = do_fsmount_move_mount(fsname, source, target);
+ else if (strcmp(op, "open_tree") == 0)
+ ret = do_open_tree_move_mount(source, target);
+ else {
+ fprintf(stderr, "Invalid operation %s\n", op);
+ usage(argv[0]);
+ }
+ if (ret == 0)
+ printf("PASS\n");
+ exit(ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE);
+}
diff --git a/tests/regression/apparmor/mult_mount.sh b/tests/regression/apparmor/mult_mount.sh
index ae4749a3eb56984b01accd57f7b623a6177a55a9..945d537e2559730786e34b76c96eaf12b82d6e6c 100644
--- a/tests/regression/apparmor/mult_mount.sh
+++ b/tests/regression/apparmor/mult_mount.sh
@@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
cleandir()
{
@@ -55,7 +55,7 @@ mkdirperm_fail=r
linkperm=rl
readperm=r
-dd if=/dev/zero of=$image bs=4096 count=128 > /dev/null 2>&1
+dd if=/dev/zero of=$image bs=4096 count=4096 > /dev/null 2>&1
mkfs.ext2 -F -m 0 -N 10 $image > /dev/null 2>&1
mkdir $mp1 $mp2
diff --git a/tests/regression/apparmor/named_pipe.sh b/tests/regression/apparmor/named_pipe.sh
index ded5f199067c11d4ce7c08beef0647e5d85d6786..a8859aa30159fc347e59dbeeb83bd1c04e481b59 100755
--- a/tests/regression/apparmor/named_pipe.sh
+++ b/tests/regression/apparmor/named_pipe.sh
@@ -20,7 +20,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
fifo=${tmpdir}/pipe
diff --git a/tests/regression/apparmor/namespaces.sh b/tests/regression/apparmor/namespaces.sh
index 9cd2bc3dd06894d37ad1bcfa46224a08ee31ff48..1ab0564a03105a9069aaa81e008dbb4eb1d59bd8 100755
--- a/tests/regression/apparmor/namespaces.sh
+++ b/tests/regression/apparmor/namespaces.sh
@@ -16,7 +16,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
requires_namespace_interface
# unique_ns - Print a randomly generated, unused namespace identifier to stdout
@@ -42,7 +42,7 @@ genprofile_ns() {
# override the sys_profiles variable with a bad path so that genprofile
# doesn't perform profile load checking in the wrong policy namespace
- echo "${prefix}:${ns}:${prof} {}" | sys_profiles="${sys_profiles}XXX" genprofile --stdin
+ echo "${prefix}:${ns}:${prof} {}" | sys_profiles="${sys_profiles}XXX" genprofile image=:${ns}:${prof} --stdin
echo "$ns"
}
diff --git a/tests/regression/apparmor/net_inet.h b/tests/regression/apparmor/net_inet.h
new file mode 100644
index 0000000000000000000000000000000000000000..414cfd59d2b02acf3d409d84d17b7ea242324925
--- /dev/null
+++ b/tests/regression/apparmor/net_inet.h
@@ -0,0 +1,60 @@
+
+#include <arpa/inet.h>
+
+struct ip_address {
+ union {
+ uint8_t address_v6[16];
+ uint32_t address_v4;
+ } address;
+ uint16_t family;
+ uint16_t port;
+ uint8_t subnet_mask;
+};
+
+int parse_ipv4_address(const char *ip, const char *port, struct ip_address *result)
+{
+ struct in_addr addr;
+ if (inet_pton(AF_INET, ip, &addr) == 1) {
+ result->family = AF_INET;
+ result->address.address_v4 = addr.s_addr;
+ result->port = htons(atoi(port));
+ return 1;
+ }
+ return 0;
+}
+
+int parse_ipv6_address(const char *ip, const char *port, struct ip_address *result)
+{
+ struct in6_addr addr;
+ if (inet_pton(AF_INET6, ip, &addr) == 1) {
+ result->family = AF_INET6;
+ memcpy(result->address.address_v6, addr.s6_addr, 16);
+ result->port = htons(atoi(port));
+ return 1;
+ }
+ return 0;
+}
+
+int parse_ip(const char *ip, const char *port, struct ip_address *result)
+{
+ return parse_ipv6_address(ip, port, result) ||
+ parse_ipv4_address(ip, port, result);
+}
+
+struct sockaddr_in convert_to_sockaddr_in(struct ip_address result)
+{
+ struct sockaddr_in sockaddr;
+ sockaddr.sin_family = result.family;
+ sockaddr.sin_port = result.port;
+ sockaddr.sin_addr.s_addr = result.address.address_v4;
+ return sockaddr;
+}
+
+struct sockaddr_in6 convert_to_sockaddr_in6(struct ip_address result)
+{
+ struct sockaddr_in6 sockaddr;
+ sockaddr.sin6_family = result.family;
+ sockaddr.sin6_port = result.port;
+ memcpy(sockaddr.sin6_addr.s6_addr, result.address.address_v6, 16);
+ return sockaddr;
+}
diff --git a/tests/regression/apparmor/net_inet.sh b/tests/regression/apparmor/net_inet.sh
new file mode 100644
index 0000000000000000000000000000000000000000..8451c9c1284ba69c0ca5588a8017129d541ccfc3
--- /dev/null
+++ b/tests/regression/apparmor/net_inet.sh
@@ -0,0 +1,168 @@
+#! /bin/bash
+#Copyright (C) 2022 Canonical, Ltd.
+#
+#This program is free software; you can redistribute it and/or
+#modify it under the terms of the GNU General Public License as
+#published by the Free Software Foundation, version 2 of the
+#License.
+
+#=NAME net_inet
+#=DESCRIPTION
+# This test verifies if finegrained inet mediation is working
+#=END
+
+pwd=`dirname $0`
+pwd=`cd $pwd ; /bin/pwd`
+
+bin=$pwd
+
+. "$bin/prologue.inc"
+
+requires_kernel_features network_v8/af_inet
+requires_parser_support "network ip=::1,"
+
+settest net_inet_rcv
+
+sender="$bin/net_inet_snd"
+receiver="$bin/net_inet_rcv"
+
+# local ipv6 address generated according to https://www.rfc-editor.org/rfc/rfc4193.html
+#ipv6_subnet=fd74:1820:b03a:b361::/64
+bind_ipv6=fd74:1820:b03a:b361::cf32
+remote_ipv6=fd74:1820:b03a:b361::a0f9
+
+bind_ipv4=127.0.97.3
+remote_ipv4=127.187.243.54
+
+ip -6 addr add $bind_ipv6 dev lo || true
+ip -6 addr add $remote_ipv6 dev lo || true
+
+cleanup()
+{
+ ip -6 addr del $bind_ipv6 dev lo || true
+ ip -6 addr del $remote_ipv6 dev lo || true
+}
+
+do_onexit="cleanup"
+
+do_test()
+{
+ local desc="NETWORK INET ($1)"
+ shift
+ runchecktest "$desc" "$@"
+}
+
+
+do_tests()
+{
+ prefix="$1"
+ expect_rcv=$2
+ expect_snd=$3
+ bind_ip=$4
+ bind_port=$5
+ remote_ip=$6
+ remote_port=$7
+ protocol=$8
+ generate_profile=$9
+
+ settest net_inet_rcv
+ $generate_profile
+ do_test "$prefix - root" $expect_rcv --bind_ip $bind_ip --bind_port $bind_port --remote_ip $remote_ip --remote_port $remote_port --protocol $protocol --timeout 5 --sender "$sender"
+
+ settest -u "foo" net_inet_rcv
+ $generate_profile
+ do_test "$prefix - user" $expect_rcv --bind_ip $bind_ip --bind_port $bind_port --remote_ip $remote_ip --remote_port $remote_port --protocol $protocol --timeout 5 --sender "$sender"
+
+
+}
+
+bind_port=3456
+while lsof -i:$bind_port >/dev/null; do
+ let bind_port=$bind_port+1
+done
+
+let remote_port=$bind_port+50
+while lsof -i:$remote_port >/dev/null; do
+ let remote_port=$remote_port+1
+done
+
+generate_profile=""
+do_tests "ipv4 udp unconfined" pass pass $bind_ipv4 $bind_port $remote_ipv4 $remote_port udp "$generate_profile"
+do_tests "ipv4 tcp unconfined" pass pass $bind_ipv4 $bind_port $remote_ipv4 $remote_port tcp "$generate_profile"
+
+generate_profile="genprofile network $sender:px -- image=$sender network"
+do_tests "ipv4 udp no conds" pass pass $bind_ipv4 $bind_port $remote_ipv4 $remote_port udp "$generate_profile"
+
+generate_profile="genprofile network $sender:px -- image=$sender network"
+do_tests "ipv4 tcp no conds" pass pass $bind_ipv4 $bind_port $remote_ipv4 $remote_port tcp "$generate_profile"
+
+setsockopt_rules="network;(setopt,getopt);ip=0.0.0.0;port=0" # INADDR_ANY
+rcv_rules="network;ip=$bind_ipv4;peer=(ip=none)"
+snd_rules="network;ip=$remote_ipv4;peer=(ip=none)"
+
+# port range tests
+let invalid1=$bind_port-1
+let end_range=$bind_port+10
+let invalid2=$bind_port+11
+
+for test_port in $(seq $bind_port $end_range); do
+ generate_profile="genprofile network;ip=$bind_ipv4;port=$bind_port-$end_range $setsockopt_rules $sender:px -- image=$sender network $setsockopt_rules $snd_rules"
+ do_tests "ipv4 udp port range $test_port generic perms" pass pass $bind_ipv4 $test_port $remote_ipv4 $remote_port udp "$generate_profile"
+done
+
+generate_profile="genprofile network;ip=$bind_ipv4;port=$bind_port-$end_range $setsockopt_rules $sender:px -- image=$sender network $setsockopt_rules $snd_rules"
+do_tests "ipv4 udp port range $invalid1 generic perms" fail fail $bind_ipv4 $invalid1 $remote_ipv4 $remote_port udp "$generate_profile"
+
+generate_profile="genprofile network;ip=$bind_ipv4;port=$bind_port-$end_range $setsockopt_rules $sender:px -- image=$sender network $setsockopt_rules $snd_rules"
+do_tests "ipv4 udp port range $invalid2 generic perms" fail fail $bind_ipv4 $invalid2 $remote_ipv4 $remote_port udp "$generate_profile"
+# end of port range tests
+
+generate_profile="genprofile network;ip=$bind_ipv4;port=$bind_port;peer=(ip=$remote_ipv4,port=$remote_port) $setsockopt_rules $rcv_rules $sender:px -- image=$sender network;ip=$remote_ipv4;port=$remote_port;peer=(ip=$bind_ipv4,port=$bind_port) $setsockopt_rules $snd_rules"
+do_tests "ipv4 udp generic perms" pass pass $bind_ipv4 $bind_port $remote_ipv4 $remote_port udp "$generate_profile"
+
+generate_profile="genprofile network;ip=$bind_ipv4;port=$bind_port;peer=(ip=$remote_ipv4,port=$remote_port) $setsockopt_rules $rcv_rules $sender:px -- image=$sender network;ip=$remote_ipv4;port=$remote_port;peer=(ip=$bind_ipv4,port=$bind_port) $setsockopt_rules $snd_rules"
+do_tests "ipv4 tcp generic perms" pass pass $bind_ipv4 $bind_port $remote_ipv4 $remote_port tcp "$generate_profile"
+
+generate_profile="genprofile network;(connect,receive,send);ip=$bind_ipv4;port=$bind_port;peer=(ip=$remote_ipv4,port=$remote_port) $setsockopt_rules $rcv_rules $sender:px -- image=$sender network;ip=$remote_ipv4;port=$remote_port;peer=(ip=$bind_ipv4,port=$bind_port) $setsockopt_rules $snd_rules"
+do_tests "ipv4 udp specific perms" pass pass $bind_ipv4 $bind_port $remote_ipv4 $remote_port udp "$generate_profile"
+
+generate_profile="genprofile network;(connect,receive,send);ip=$bind_ipv4;port=$bind_port;peer=(ip=$remote_ipv4,port=$remote_port) $setsockopt_rules $rcv_rules $sender:px -- image=$sender network;ip=$remote_ipv4;port=$remote_port;peer=(ip=$bind_ipv4,port=$bind_port) $setsockopt_rules $snd_rules"
+do_tests "ipv4 tcp specific perms" pass pass $bind_ipv4 $bind_port $remote_ipv4 $remote_port tcp "$generate_profile"
+
+removeprofile
+# ipv6 tests
+
+generate_profile=""
+do_tests "ipv6 udp unconfined" pass pass $bind_ipv6 $bind_port $remote_ipv6 $remote_port udp "$generate_profile"
+do_tests "ipv6 tcp unconfined" pass pass $bind_ipv6 $bind_port $remote_ipv6 $remote_port tcp "$generate_profile"
+
+generate_profile="genprofile network $sender:px -- image=$sender network"
+do_tests "ipv6 udp no conds" pass pass $bind_ipv6 $bind_port $remote_ipv6 $remote_port udp "$generate_profile"
+
+generate_profile="genprofile network $sender:px -- image=$sender network"
+do_tests "ipv6 tcp no conds" pass pass $bind_ipv6 $bind_port $remote_ipv6 $remote_port tcp "$generate_profile"
+
+setsockopt_rules="network;(setopt,getopt);ip=::0;port=0" # IN6ADDR_ANY_INIT
+rcv_rules="network;ip=$bind_ipv6;peer=(ip=none)"
+snd_rules="network;ip=$remote_ipv6;peer=(ip=none)"
+
+generate_profile="genprofile network;ip=$bind_ipv6;port=$bind_port;peer=(ip=$remote_ipv6,port=$remote_port) $setsockopt_rules $rcv_rules $sender:px -- image=$sender network;ip=$remote_ipv6;port=$remote_port;peer=(ip=$bind_ipv6,port=$bind_port) $setsockopt_rules $snd_rules"
+do_tests "ipv6 udp generic perms" pass pass $bind_ipv6 $bind_port $remote_ipv6 $remote_port udp "$generate_profile"
+
+generate_profile="genprofile network;ip=$bind_ipv6;port=$bind_port;peer=(ip=$remote_ipv6,port=$remote_port) $setsockopt_rules $rcv_rules $sender:px -- image=$sender network;ip=$remote_ipv6;port=$remote_port;peer=(ip=$bind_ipv6,port=$bind_port) $setsockopt_rules $snd_rules"
+do_tests "ipv6 tcp generic perms" pass pass $bind_ipv6 $bind_port $remote_ipv6 $remote_port tcp "$generate_profile"
+
+
+if [ "$(parser_supports 'all,')" = "true" ]; then
+ generate_profile="genprofile all -- image=$sender all"
+ do_tests "ipv4 udp allow all" pass pass $bind_ipv4 $bind_port $remote_ipv4 $remote_port udp "$generate_profile"
+
+ generate_profile="genprofile all -- image=$sender all"
+ do_tests "ipv4 tcp allow all" pass pass $bind_ipv4 $bind_port $remote_ipv4 $remote_port tcp "$generate_profile"
+
+ generate_profile="genprofile all -- image=$sender all"
+ do_tests "ipv6 udp allow all" pass pass $bind_ipv6 $bind_port $remote_ipv6 $remote_port udp "$generate_profile"
+
+ generate_profile="genprofile all -- image=$sender all"
+ do_tests "ipv6 tcp allow all" pass pass $bind_ipv6 $bind_port $remote_ipv6 $remote_port tcp "$generate_profile"
+fi
diff --git a/tests/regression/apparmor/net_inet_rcv.c b/tests/regression/apparmor/net_inet_rcv.c
new file mode 100644
index 0000000000000000000000000000000000000000..214070a3da11d8fb87deaded088fae0639a0bc80
--- /dev/null
+++ b/tests/regression/apparmor/net_inet_rcv.c
@@ -0,0 +1,335 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <arpa/inet.h>
+#include <errno.h>
+#include <signal.h>
+#include <string.h>
+#include <getopt.h>
+#include <sys/stat.h>
+#include "net_inet.h"
+
+enum protocol {
+ UDP,
+ TCP,
+ ICMP
+};
+
+struct connection_info {
+ char *bind_ip;
+ char *bind_port;
+ char *remote_ip;
+ char *remote_port;
+ char *protocol;
+ enum protocol prot;
+ int timeout;
+} net_info;
+
+int receive_bind()
+{
+ int sock;
+ struct sockaddr_in local;
+ struct sockaddr_in6 local6;
+
+ struct ip_address bind_addr;
+
+ if (!parse_ip(net_info.bind_ip, net_info.bind_port, &bind_addr)) {
+ fprintf(stderr, "FAIL - could not parse bind ip address\n");
+ return -1;
+ }
+
+ switch(net_info.prot) {
+ case UDP:
+ sock = socket(bind_addr.family, SOCK_DGRAM, 0);
+ break;
+ case TCP:
+ sock = socket(bind_addr.family, SOCK_STREAM, 0);
+ break;
+ case ICMP:
+ sock = socket(bind_addr.family, SOCK_DGRAM, IPPROTO_ICMP);
+ break;
+ }
+
+ if (sock < 0) {
+ perror("FAIL - Socket error: ");
+ return -1;
+ }
+
+ const int enable = 1;
+ if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR | SO_REUSEPORT, &enable, sizeof(int)) < 0)
+ perror("FAIL - setsockopt(SO_REUSEADDR) failed");
+
+ if (bind_addr.family == AF_INET) {
+ local = convert_to_sockaddr_in(bind_addr);
+ if (bind(sock, (struct sockaddr *) &local, sizeof(local)) < 0) {
+ perror("FAIL - Bind error: ");
+ return -1;
+ }
+ } else {
+ local6 = convert_to_sockaddr_in6(bind_addr);
+ if (bind(sock, (struct sockaddr *) &local6, sizeof(local6)) < 0) {
+ perror("FAIL - Bind error: ");
+ return -1;
+ }
+ }
+
+ if (net_info.prot == TCP) {
+ if (listen(sock, 5) == -1) {
+ perror("FAIL - Could not listen: ");
+ return -1;
+ }
+ }
+
+ return sock;
+}
+
+int receive_udp(int sock)
+{
+
+ char *buf;
+ int ret = -1;
+ int select_return;
+
+ fd_set read_set, err_set;
+ struct timeval timeout;
+
+ buf = (char *) malloc(255);
+ memset(buf, '\0', 255);
+
+ FD_ZERO(&read_set);
+ FD_SET(sock, &read_set);
+ FD_ZERO(&err_set);
+ FD_SET(sock, &err_set);
+ timeout.tv_sec = net_info.timeout;
+ timeout.tv_usec = 0;
+
+ select_return = select(sock + 1, &read_set, NULL, &err_set, &timeout);
+ if (select_return < 0) {
+ perror("FAIL - Select error: ");
+ ret = -1;
+ } else if (select_return == 0) {
+ printf("FAIL - select timeout\n");
+ } else if (select_return > 0 && FD_ISSET(sock, &read_set) && !FD_ISSET(sock, &err_set)) {
+ if (recvfrom(sock, buf, 255, 0, NULL, NULL) >= 1) {
+ //printf("MESSAGE: %s\n", buf);
+ ret = 0;
+ } else {
+ printf("FAIL - recvfrom failed\n");
+ ret = -1;
+ }
+ }
+
+ free(buf);
+ return(ret);
+
+}
+
+int receive_tcp(int sock)
+{
+ int cli_sock;
+ char *buf;
+ int ret = -1;
+ int select_return;
+
+ fd_set read_set, err_set;
+ struct timeval timeout;
+
+ buf = (char *) malloc(255);
+ memset(buf, '\0', 255);
+
+ FD_ZERO(&read_set);
+ FD_SET(sock, &read_set);
+ FD_ZERO(&err_set);
+ FD_SET(sock, &err_set);
+ timeout.tv_sec = net_info.timeout;
+ timeout.tv_usec = 0;
+
+ select_return = select(sock + 1, &read_set, NULL, &err_set, &timeout);
+ if (select_return < 0) {
+ perror("FAIL - Select failed: ");
+ ret = -1;
+ } else if (select_return == 0) {
+ printf("FAIL - select timeout\n");
+ } else if (select_return > 0 && FD_ISSET(sock, &read_set) && !FD_ISSET(sock, &err_set)) {
+ if ((cli_sock = accept(sock, NULL, NULL)) < 0) {
+ perror("FAIL - Accept failed: ");
+ ret = -1;
+ } else {
+ if (recv(cli_sock, buf, 255, 0) >= 1) {
+ //printf("MESSAGE: %s\n", buf);
+ ret = 0;
+ } else {
+ perror("FAIL - recv failure: ");
+ ret = -1;
+ }
+ }
+ }
+
+ free(buf);
+ return(ret);
+}
+
+int receive_icmp(int sock)
+{
+ char *buf;
+ int ret = -1;
+ int select_return;
+
+ fd_set read_set, err_set;
+ struct timeval timeout;
+
+ buf = (char *) malloc(255);
+ memset(buf, '\0', 255);
+
+ FD_ZERO(&read_set);
+ FD_SET(sock, &read_set);
+ FD_ZERO(&err_set);
+ FD_SET(sock, &err_set);
+ timeout.tv_sec = net_info.timeout;
+ timeout.tv_usec = 0;
+
+ select_return = select(sock + 1, &read_set, NULL, &err_set, &timeout);
+ if (select_return < 0) {
+ perror("FAIL - Select error: ");
+ ret = -1;
+ } else if (select_return == 0) {
+ printf("FAIL - select timeout\n");
+ } else if (select_return > 0 && FD_ISSET(sock, &read_set) && !FD_ISSET(sock, &err_set)) {
+ if (recvfrom(sock, buf, 255, 0, NULL, NULL) >= 1) {
+ //printf("MESSAGE: %s\n", buf);
+ ret = 0;
+ } else {
+ printf("FAIL - recvfrom failed\n");
+ ret = -1;
+ }
+ }
+
+ free(buf);
+ return(ret);
+
+}
+
+static void usage(char *prog_name, char *msg)
+{
+ if (msg != NULL)
+ fprintf(stderr, "%s\n", msg);
+
+ fprintf(stderr, "Usage: %s [options]\n", prog_name);
+ fprintf(stderr, "Options are:\n");
+ fprintf(stderr, "--bind_ip local ip address\n");
+ fprintf(stderr, "--bind_port local port\n");
+ fprintf(stderr, "--remote_ip remote ip address\n");
+ fprintf(stderr, "--remote_port remote port\n");
+ fprintf(stderr, "--protocol protocol: udp or tcp\n");
+ fprintf(stderr, "--sender path of the sender\n");
+ fprintf(stderr, "--timeout timeout in seconds\n");
+ exit(EXIT_FAILURE);
+}
+
+
+int main(int argc, char *argv[])
+{
+ int opt = 0;
+ int pid, ret = -1;
+ char *sender;
+
+ static struct option long_options[] = {
+ {"bind_ip", required_argument, 0, 'i' },
+ {"bind_port", required_argument, 0, 'o' },
+ {"remote_ip", required_argument, 0, 'r' },
+ {"remote_port", required_argument, 0, 'e' },
+ {"protocol", required_argument, 0, 'p' },
+ {"timeout", required_argument, 0, 't' },
+ {"sender", required_argument, 0, 's' },
+ {0, 0, 0, 0 }
+ };
+
+ while ((opt = getopt_long(argc, argv,"i:o:r:e:p:t:s:", long_options, 0)) != -1) {
+ switch (opt) {
+ case 'i':
+ net_info.bind_ip = optarg;
+ break;
+ case 'o':
+ net_info.bind_port = optarg;
+ break;
+ case 'r':
+ net_info.remote_ip = optarg;
+ break;
+ case 'e':
+ net_info.remote_port = optarg;
+ break;
+ case 'p':
+ net_info.protocol = optarg;
+ if (strcmp(net_info.protocol, "udp") == 0)
+ net_info.prot = UDP;
+ else if (strcmp(net_info.protocol, "tcp") == 0)
+ net_info.prot = TCP;
+ else if (strcmp(net_info.protocol, "icmp") == 0)
+ net_info.prot = ICMP;
+ else
+ printf("FAIL - Unknown protocol.\n");
+ break;
+ case 't':
+ net_info.timeout = atoi(optarg);
+ break;
+ case 's':
+ sender = optarg;
+ break;
+ default:
+ usage(argv[0], "Unrecognized option\n");
+ }
+ }
+
+ /* get the server to bind/listen, so the child has something
+ * to connect to if it wins the race. */
+ int sockfd = receive_bind();
+ if (sockfd == -1) {
+ exit(1);
+ }
+
+ /* exec the sender */
+ pid = fork();
+ if (pid == -1) {
+ perror("FAIL - could not fork");
+ exit(EXIT_FAILURE);
+ } else if (!pid) {
+ if (sender == NULL) {
+ usage(argv[0], "sender not specified");
+ exit(EXIT_FAILURE);
+ /* execution of the main thread continues
+ * in case the sender will be manually executed
+ */
+ }
+ /* invert remote x local ips to sender */
+ execl(sender, sender, net_info.remote_ip, net_info.remote_port,
+ net_info.bind_ip, net_info.bind_port,
+ net_info.protocol, NULL);
+ printf("FAIL %d - execlp %s --bind_ip %s --bind_port %s "
+ "--remote_ip %s --remote_port %s --protocol %s - %m\n",
+ getuid(), sender, net_info.bind_ip, net_info.bind_port,
+ net_info.remote_ip, net_info.remote_port, net_info.protocol);
+ exit(EXIT_FAILURE);
+ }
+
+ switch(net_info.prot) {
+ case UDP:
+ ret = receive_udp(sockfd);
+ break;
+ case TCP:
+ ret = receive_tcp(sockfd);
+ break;
+ case ICMP:
+ ret = receive_icmp(sockfd);
+ break;
+ }
+
+ if (ret == -1) {
+ printf("FAIL - Receive message failed.\n");
+ exit(1);
+ }
+
+ printf("PASS\n");
+ return 0;
+}
diff --git a/tests/regression/apparmor/net_inet_snd.c b/tests/regression/apparmor/net_inet_snd.c
new file mode 100644
index 0000000000000000000000000000000000000000..76bac0f35eb5005aac6b43090ecc0bf270730567
--- /dev/null
+++ b/tests/regression/apparmor/net_inet_snd.c
@@ -0,0 +1,247 @@
+/* Multiple iteration sending test. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <arpa/inet.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <netinet/ip_icmp.h>
+#include <arpa/inet.h>
+#include <errno.h>
+#include <string.h>
+#include "net_inet.h"
+
+struct connection_info {
+ char *bind_ip;
+ char *bind_port;
+ char *remote_ip;
+ char *remote_port;
+ char *protocol;
+} net_info;
+
+int send_udp(char *message)
+{
+ int sock;
+ struct sockaddr_in remote, local;
+ struct sockaddr_in6 remote6, local6;
+
+ struct ip_address bind_addr;
+ if (!parse_ip(net_info.bind_ip, net_info.bind_port, &bind_addr)) {
+ fprintf(stderr, "FAIL SND - could not parse bind ip address\n");
+ return -1;
+ }
+
+ struct ip_address remote_addr;
+ if (!parse_ip(net_info.remote_ip, net_info.remote_port, &remote_addr)) {
+ fprintf(stderr, "FAIL SND - could not parse remote ip address\n");
+ return -1;
+ }
+
+ if ((sock = socket(bind_addr.family, SOCK_DGRAM, 0)) < 0) {
+ perror("FAIL SND - Could not open socket: ");
+ return(-1);
+ }
+
+ const int enable = 1;
+ if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR | SO_REUSEPORT, &enable, sizeof(int)) < 0)
+ perror("FAIL SND - setsockopt(SO_REUSEADDR) failed");
+
+
+ if (bind_addr.family == AF_INET) {
+ local = convert_to_sockaddr_in(bind_addr);
+ if (bind(sock, (struct sockaddr *) &local, sizeof(local)) < 0) {
+ perror("FAIL SND - Bind error: ");
+ return(-1);
+ }
+ } else {
+ local6 = convert_to_sockaddr_in6(bind_addr);
+ if (bind(sock, (struct sockaddr *) &local6, sizeof(local6)) < 0) {
+ perror("FAIL SND - Bind error: ");
+ return(-1);
+ }
+ }
+
+ if (remote_addr.family == AF_INET) {
+ remote = convert_to_sockaddr_in(remote_addr);
+ //printf("Sending \"%s\"\n", message);
+ if (sendto(sock, message, strlen(message), 0, (struct sockaddr *) &remote, sizeof(remote)) <= 0) {
+ perror("FAIL SND - Send failed: ");
+ return(-1);
+ }
+ } else {
+ remote6 = convert_to_sockaddr_in6(remote_addr);
+ //printf("Sending \"%s\"\n", message);
+ if (sendto(sock, message, strlen(message), 0, (struct sockaddr *) &remote6, sizeof(remote6)) <= 0) {
+ perror("FAIL SND - Send failed: ");
+ return(-1);
+ }
+ }
+
+ close(sock);
+ return(0);
+
+}
+
+int send_tcp(char *message)
+{
+ int sock;
+ struct sockaddr_in remote, local;
+ struct sockaddr_in6 remote6, local6;
+
+ struct ip_address bind_addr;
+ if (!parse_ip(net_info.bind_ip, net_info.bind_port, &bind_addr)) {
+ fprintf(stderr, "FAIL SND - could not parse bind ip address\n");
+ return -1;
+ }
+
+ struct ip_address remote_addr;
+ if (!parse_ip(net_info.remote_ip, net_info.remote_port, &remote_addr)) {
+ fprintf(stderr, "FAIL SND - could not parse remote ip address\n");
+ return -1;
+ }
+
+ if ((sock = socket(bind_addr.family, SOCK_STREAM, 0)) < 0)
+ {
+ perror("FAIL SND - Could not open socket: ");
+ return(-1);
+ }
+
+ const int enable = 1;
+ if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR | SO_REUSEPORT, &enable, sizeof(int)) < 0)
+ perror("FAIL SND - setsockopt(SO_REUSEADDR) failed");
+
+ if (bind_addr.family == AF_INET) {
+ local = convert_to_sockaddr_in(bind_addr);
+ if (bind(sock, (struct sockaddr *) &local, sizeof(local)) < 0) {
+ perror("FAIL SND - Bind error: ");
+ return(-1);
+ }
+ } else {
+ local6 = convert_to_sockaddr_in6(bind_addr);
+ if (bind(sock, (struct sockaddr *) &local6, sizeof(local6)) < 0) {
+ perror("FAIL SND - Bind error: ");
+ return(-1);
+ }
+ }
+
+ if (remote_addr.family == AF_INET) {
+ remote = convert_to_sockaddr_in(remote_addr);
+ //printf("Sending \"%s\"\n", message);
+ if (connect(sock, (struct sockaddr *) &remote, sizeof(remote)) < 0) {
+ perror("FAIL SND - Could not connect: ");
+ return(-1);
+ }
+ } else {
+ remote6 = convert_to_sockaddr_in6(remote_addr);
+ //printf("Sending \"%s\"\n", message);
+ if (connect(sock, (struct sockaddr *) &remote6, sizeof(remote6)) < 0) {
+ perror("FAIL SND - Could not connect: ");
+ return(-1);
+ }
+ }
+
+ //printf("Sending \"%s\"\n", message);
+ if (send(sock, message, strlen(message), 0) <= 0) {
+ perror("FAIL SND - Send failed: ");
+ return(-1);
+ }
+ close(sock);
+ return(0);
+}
+
+int send_icmp(char *message)
+{
+ int sock;
+ struct sockaddr_in remote, local;
+ struct icmphdr icmp_hdr;
+ char packetdata[sizeof(icmp_hdr) + 4];
+
+
+ if ((sock = socket(AF_INET | AF_INET6, SOCK_DGRAM, IPPROTO_ICMP)) < 0) {
+ perror("FAIL SND - Could not open socket: ");
+ return(-1);
+ }
+
+ const int enable = 1;
+ if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR | SO_REUSEPORT, &enable, sizeof(int)) < 0)
+ perror("FAIL SND - setsockopt(SO_REUSEADDR) failed");
+
+ remote.sin_family = AF_INET;
+ remote.sin_port = htons(atoi(net_info.remote_port));
+ inet_aton(net_info.remote_ip, &remote.sin_addr);
+
+ local.sin_family = AF_INET;
+ local.sin_port = htons(atoi(net_info.bind_port));
+ inet_aton(net_info.bind_ip, &local.sin_addr);
+
+ // Initialize the ICMP header
+ memset(&icmp_hdr, 0, sizeof(icmp_hdr));
+ icmp_hdr.type = ICMP_ECHO;
+ icmp_hdr.un.echo.id = 1234;
+ icmp_hdr.un.echo.sequence = 1;
+
+ // Initialize the packet data (header and payload)
+ memcpy(packetdata, &icmp_hdr, sizeof(icmp_hdr));
+ memcpy(packetdata + sizeof(icmp_hdr), message, strlen(message));
+
+ if (bind(sock, (struct sockaddr *) &local, sizeof(local)) < 0) {
+ perror("FAIL SND - Could not bind: ");
+ return(-1);
+ }
+
+ //printf("Sending \"%s\"\n", message);
+
+ // Send the packet
+ if(sendto(sock, packetdata, sizeof(packetdata), 0, (struct sockaddr*) &remote, sizeof(remote)) < 0) {
+ perror("FAIL SND - Send failed: ");
+ close(sock);
+ return(-1);
+ }
+
+ //printf("Sent \"%s\"\n", message);
+
+ /* if (send(sock, packetdata, strlen(packetdata), 0) <= 0) */
+ /* { */
+ /* perror("FAIL SND - Send failed: "); */
+ /* close(sock); */
+ /* return(-1); */
+ /* } */
+ close(sock);
+ return(0);
+}
+
+int main(int argc, char *argv[])
+{
+ int send_ret;
+
+ if (argc < 6) {
+ printf("Usage: %s bind_ip bind_port remote_ip remote_port proto\n", argv[0]);
+ exit(1);
+ }
+
+ net_info.bind_ip = argv[1];
+ net_info.bind_port = argv[2];
+ net_info.remote_ip = argv[3];
+ net_info.remote_port = argv[4];
+ net_info.protocol = argv[5];
+
+ send_ret = -1;
+ if (strcmp(net_info.protocol, "udp") == 0)
+ send_ret = send_udp("test");
+ else if (strcmp(net_info.protocol, "tcp") == 0)
+ send_ret = send_tcp("test");
+ else if (strcmp(net_info.protocol, "icmp") == 0)
+ send_ret = send_icmp("test");
+ else
+ printf("FAIL SND - Unknown protocol.\n");
+
+ if (send_ret == -1) {
+ printf("FAIL SND - Send message failed.\n");
+ exit(1);
+ }
+
+ exit(0);
+}
diff --git a/tests/regression/apparmor/net_raw.sh b/tests/regression/apparmor/net_raw.sh
index ca42e56a46fd6753b9519ca33853b8b1017c85b0..61ecfad2a05dc3efafa5f4b30a536481fcfbd30e 100755
--- a/tests/regression/apparmor/net_raw.sh
+++ b/tests/regression/apparmor/net_raw.sh
@@ -17,7 +17,7 @@ pwd=$(cd $pwd ; /bin/pwd)
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
dir=$tmpdir/tmpdir
@@ -29,3 +29,7 @@ runchecktest "RAW SOCKET (no cap)" fail
genprofile cap:net_raw network:
runchecktest "RAW SOCKET (cap net_raw)" pass
+if [ "$(parser_supports 'all,')" = "true" ]; then
+ genprofile "all"
+ runchecktest "RAW SOCKET (allow all)" pass
+fi
diff --git a/tests/regression/apparmor/nfs.sh b/tests/regression/apparmor/nfs.sh
new file mode 100755
index 0000000000000000000000000000000000000000..43d16e243eec0066eb16e65274e0a46bbc205de8
--- /dev/null
+++ b/tests/regression/apparmor/nfs.sh
@@ -0,0 +1,95 @@
+#! /bin/bash
+# Copyright (C) 2022 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation, version 2 of the
+# License.
+
+#=NAME nfs
+#=DESCRIPTION
+# This test verifies that file access on a mounted NFS share is determined
+# by file rules and not network rules.
+# https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1784499
+#=END
+
+pwd=`dirname $0`
+pwd=`cd $pwd ; /bin/pwd`
+
+bin=$pwd
+
+. "$bin/prologue.inc"
+
+srcdir=$tmpdir/src
+mntdir=$tmpdir/mnt
+file1=$mntdir/file1
+file2=$mntdir/file2
+file3=$mntdir/file3
+file4=$mntdir/file4
+newdir=$mntdir/dir/
+exportline="$srcdir localhost(rw,sync,no_subtree_check)"
+fileperm=rw
+dirperm=w
+nfsport1=111
+nfsport2=2049
+
+cleanup_nfs()
+{
+ umount -fq "$mntdir"
+ sed -i "\|^$srcdir|d" "/etc/exports" 2>/dev/null
+ exportfs -ar >/dev/null 2>&1
+}
+
+# Skip this test if NFS server is not available
+nfs_not_available()
+{
+ echo "NFS server not available. Skipping tests ..."
+ exit 0
+}
+
+do_onexit="cleanup_nfs"
+mkdir -p $srcdir
+chmod 777 $srcdir
+mkdir -p $mntdir
+
+# Export and mount directory over NFS
+systemctl --quiet is-active nfs-server || nfs_not_available
+echo "$exportline" >> "/etc/exports"
+exportfs -ar || nfs_not_available
+mount "localhost:$srcdir" "$mntdir" || nfs_not_available
+
+settest open
+
+# PASS TEST
+# Caching can cause this test to pass even on kernels where the nfs bug is
+# present.
+genprofile $file1:$fileperm
+runchecktest "OPEN RW (nfs file create) " xpass $file1
+
+# PASS TEST
+# Dropping caches should only pass on kernels where the nfs bug has been fixed.
+genprofile $file2:$fileperm
+sync; echo 3 > /proc/sys/vm/drop_caches
+runchecktest "OPEN RW (nfs file create after cache drop) " xpass $file2
+
+if [ "$(kernel_features network)" = "true" -o \
+ "$(kernel_features network_v8)" = "true" ]; then
+ # PASS TEST
+ # Allowing network streams and file access should pass regardless
+ genprofile "network:inet stream" $file3:$fileperm
+ sync; echo 3 > /proc/sys/vm/drop_caches
+ runchecktest "OPEN RW (nfs file create with net permissions) " pass $file3
+
+ # FAIL TEST
+ # Allowing only network streams should fail regardless
+ genprofile "network:inet stream"
+ sync; echo 3 > /proc/sys/vm/drop_caches
+ runchecktest "OPEN RW (nfs file create with net permissions without file permissions) " fail $file4
+fi
+
+# PASS TEST
+# Verify directory creation behaves as expected over nfs
+settest mkdir
+genprofile $newdir:$dirperm
+sync; echo 3 > /proc/sys/vm/drop_caches
+runchecktest "MKDIR (nfs confined)" xpass mkdir $newdir
diff --git a/tests/regression/apparmor/nnp.sh b/tests/regression/apparmor/nnp.sh
index b948f894707802b355c0979bc893e1e8df1fe56f..fc6c598a91bdec0ffcb7fdcf01653abafc2cd59f 100755
--- a/tests/regression/apparmor/nnp.sh
+++ b/tests/regression/apparmor/nnp.sh
@@ -16,7 +16,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
settest transition
@@ -99,7 +99,7 @@ else
#Verify that NNP allows stacking a new policy namespace
#must use stdin with genprofile for namespaces
- genprofile --stdin <<EOF
+ genprofile image=$test --stdin <<EOF
$test {
@{gen_bin $test}
@{gen_def}
@@ -107,6 +107,8 @@ $test {
/proc/*/attr/current w,
change_profile-> &:nnp:unconfined,
}
+EOF
+ genprofile --append image=:nnp:$bin/open --stdin <<EOF
:nnp:$bin/open {
@{gen_bin $bin/open}
@{gen_def}
@@ -120,7 +122,7 @@ EOF
runchecktest "NNP (stack :nnp:open - no NNP)" fail -p ":nnp:$bin/open" -f "$file"
runchecktest "NNP (stack :nnp:open - NNP)" fail -n -p ":nnp:$bin/open" -f "$file"
- genprofile --stdin <<EOF
+ genprofile image=$test --stdin <<EOF
$test {
@{gen_bin $test}
@{gen_def}
@@ -128,6 +130,8 @@ $test {
/proc/*/attr/current w,
change_profile-> &:nnp:$bin/open,
}
+EOF
+ genprofile --append image=:nnp:$bin/open --stdin <<EOF
:nnp:$bin/open {
@{gen_bin $bin/open}
@{gen_def}
diff --git a/tests/regression/apparmor/onexec.sh b/tests/regression/apparmor/onexec.sh
index a1223b317825eb69827cfa35935c3a585ba5db7c..df2566ea5f88e69511b1ad8444c265a43016065a 100644
--- a/tests/regression/apparmor/onexec.sh
+++ b/tests/regression/apparmor/onexec.sh
@@ -16,7 +16,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
settest transition
file=$tmpdir/file
@@ -53,75 +53,75 @@ do_test()
# ONEXEC from UNCONFINED - don't change profile
-do_test "" unconfined nochange pass $bin/open $file
+do_test "" unconfined nochange pass "$bin/open" $file
# ONEXEC from UNCONFINED - target does NOT exist
-genprofile image=$bin/rw $bin/open:rix $file:rw -- image=$bin/open
-do_test "" unconfined noexist fail $bin/open $file
+genprofile "image=$bin/rw" "$bin/open:rix" $file:rw -- "image=$bin/open"
+do_test "" unconfined noexist fail "$bin/open" $file
# ONEXEC from UNCONFINED - change to rw profile, no exec profile to override
-genprofile image=$bin/rw $bin/open:rix $file:rw
-do_test "no px profile" unconfined $bin/rw pass $bin/open $file
+genprofile "image=$bin/rw" "$bin/open:rix" $file:rw
+do_test "no px profile" unconfined "$bin/rw" pass "$bin/open" $file
# ONEXEC from UNCONFINED - don't change profile, make sure exec profile is applied
-genprofile image=$bin/rw $bin/open:px $file:rw -- image=$bin/open $file:rw
-do_test "nochange px" unconfined nochange pass $bin/open $file
+genprofile "image=$bin/rw" "$bin/open:px" $file:rw -- "image=$bin/open" $file:rw
+do_test "nochange px" unconfined nochange pass "$bin/open" $file
# ONEXEC from UNCONFINED - change to rw profile, override regular exec profile, exec profile doesn't have perms
-genprofile image=$bin/rw $bin/open:px $file:rw -- image=$bin/open
-do_test "override px" unconfined $bin/rw pass $bin/open $file
+genprofile "image=$bin/rw" "$bin/open:px" $file:rw -- "image=$bin/open"
+do_test "override px" unconfined "$bin/rw" pass "$bin/open" $file
#------
# ONEXEC from CONFINED - don't change profile, open can't exec
-genprofile 'change_profile->':$bin/rw $exec_w $attrs_r
-do_test "no px perm" $test nochange fail $bin/open $file
+genprofile "change_profile->:$bin/rw" $exec_w $attrs_r
+do_test "no px perm" $test nochange fail "$bin/open" $file
# ONEXEC from CONFINED - don't change profile, open is run unconfined
-genprofile 'change_profile->':$bin/rw $bin/open:rux $exec_w $attrs_r
-do_test "nochange rux" $test nochange pass $bin/open $file
+genprofile "change_profile->:$bin/rw" "$bin/open:rux" $exec_w $attrs_r
+do_test "nochange rux" $test nochange pass "$bin/open" $file
# ONEXEC from CONFINED - don't change profile, open is run confined without necessary perms
-genprofile 'change_profile->':$bin/rw $exec_w $attrs_r -- image=$bin/open $file:rw
-do_test "nochange px - no px perm" $test nochange fail $bin/open $file
+genprofile "change_profile->:$bin/rw" $exec_w $attrs_r -- "image=$bin/open" $file:rw
+do_test "nochange px - no px perm" $test nochange fail "$bin/open" $file
# ONEXEC from CONFINED - don't change profile, open is run confined without necessary perms
-genprofile 'change_profile->':$bin/rw $bin/open:rpx $exec_w $attrs_r -- image=$bin/open
-do_test "nochange px - no file perm" $test nochange fail $bin/open $file
+genprofile "change_profile->:$bin/rw" "$bin/open:rpx" $exec_w $attrs_r -- "image=$bin/open"
+do_test "nochange px - no file perm" $test nochange fail "$bin/open" $file
# ONEXEC from CONFINED - target does NOT exist
-genprofile 'change_profile->':$bin/open $exec_w $attrs_r -- image=$bin/rw $bin/open:rix $file:rw -- image=$bin/open
-do_test "noexist px" $test noexist fail $bin/open $file
+genprofile "change_profile->:$bin/open" $exec_w $attrs_r -- "image=$bin/rw" "$bin/open:rix" $file:rw -- "image=$bin/open"
+do_test "noexist px" $test noexist fail "$bin/open" $file
# ONEXEC from CONFINED - change to rw profile, no exec profile to override
-genprofile 'change_profile->':$bin/rw $exec_w $attrs_r -- image=$bin/rw $bin/open:rix $file:rw
-do_test "change profile - override rix" $test $bin/rw pass $bin/open $file
+genprofile "change_profile->:$bin/rw" $exec_w $attrs_r -- "image=$bin/rw" "$bin/open:rix" $file:rw
+do_test "change profile - override rix" $test "$bin/rw" pass "$bin/open" $file
# ONEXEC from CONFINED - change to rw profile, no exec profile to override, no explicit write access to /proc/*/attr/exec
-genprofile 'change_profile->':$bin/rw $attrs_r -- image=$bin/rw $bin/open:rix $file:rw
-do_test "change profile - no exec_w" $test $bin/rw pass $bin/open $file
+genprofile "change_profile->:$bin/rw" $attrs_r -- "image=$bin/rw" "$bin/open:rix" $file:rw
+do_test "change profile - no exec_w" $test "$bin/rw" pass "$bin/open" $file
# ONEXEC from CONFINED - don't change profile, make sure exec profile is applied
-genprofile 'change_profile->':$bin/rw $exec_w $attrs_r $bin/open:rpx -- image=$bin/rw $bin/open:rix $file:rw -- image=$bin/open $file:rw
-do_test "nochange px" $test nochange pass $bin/open $file
+genprofile "change_profile->:$bin/rw" $exec_w $attrs_r "$bin/open:rpx" -- "image=$bin/rw" "$bin/open:rix" $file:rw -- "image=$bin/open" $file:rw
+do_test "nochange px" $test nochange pass "$bin/open" $file
# ONEXEC from CONFINED - change to rw profile, override regular exec profile, exec profile doesn't have perms
-genprofile 'change_profile->':$bin/rw $exec_w $attrs_r -- image=$bin/rw $bin/open:rix $file:rw -- image=$bin/open
-do_test "override px" $test $bin/rw pass $bin/open $file
+genprofile "change_profile->:$bin/rw" $exec_w $attrs_r -- "image=$bin/rw" "$bin/open:rix" $file:rw -- "image=$bin/open"
+do_test "override px" $test "$bin/rw" pass "$bin/open" $file
# ONEXEC from - change to rw profile, override regular exec profile, exec profile has perms, rw doesn't
-genprofile 'change_profile->':$bin/rw $exec_w $attrs_r -- image=$bin/rw $bin/open:rix -- image=$bin/open $file:rw
-do_test "override px" $test $bin/rw fail $bin/open $file
+genprofile "change_profile->:$bin/rw" $exec_w $attrs_r -- "image=$bin/rw" "$bin/open:rix" -- "image=$bin/open" $file:rw
+do_test "override px" $test "$bin/rw" fail "$bin/open" $file
# ONEXEC from COFINED - change to rw profile via glob rule, override exec profile, exec profile doesn't have perms
-genprofile 'change_profile->':/** $exec_w $attrs_r -- image=$bin/rw $bin/open:rix $file:rw -- image=$bin/open
-do_test "glob override px" $test $bin/rw pass $bin/open $file
+genprofile 'change_profile->':/** $exec_w $attrs_r -- "image=$bin/rw" "$bin/open:rix" $file:rw -- "image=$bin/open"
+do_test "glob override px" $test "$bin/rw" pass "$bin/open" $file
# ONEXEC from COFINED - change to exec profile via glob rule, override exec profile, exec profile doesn't have perms
-genprofile 'change_profile->':/** $exec_w $attrs_r -- image=$bin/rw $bin/open:rix $file:rw -- image=$bin/open
-do_test "glob override px" $test $bin/open fail $bin/open $file
+genprofile 'change_profile->':/** $exec_w $attrs_r -- "image=$bin/rw" "$bin/open:rix" $file:rw -- "image=$bin/open"
+do_test "glob override px" $test "$bin/open" fail "$bin/open" $file
# ONEXEC from COFINED - change to exec profile via glob rule, override exec profile, exec profile has perms
-genprofile 'change_profile->':/** $exec_w $attrs_r -- image=$bin/rw $bin/open:rix $file:rw -- image=$bin/open $file:rw
-do_test "glob override px" $test $bin/rw pass $bin/open $file
+genprofile 'change_profile->':/** $exec_w $attrs_r -- "image=$bin/rw" "$bin/open:rix" $file:rw -- "image=$bin/open" $file:rw
+do_test "glob override px" $test "$bin/rw" pass "$bin/open" $file
diff --git a/tests/regression/apparmor/open.sh b/tests/regression/apparmor/open.sh
index 0c8b0c2a6367ca50b6abbbb0908bc91cc4a4f047..1d666fd47d21944d529d99509533ea32ebbbfdf2 100755
--- a/tests/regression/apparmor/open.sh
+++ b/tests/regression/apparmor/open.sh
@@ -16,7 +16,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file=$tmpdir/file
okperm=rw
diff --git a/tests/regression/apparmor/openat.sh b/tests/regression/apparmor/openat.sh
index d814ba0c473510a3aa69d59ad49d16ba860e42c5..a681466bb4cd5ec08f7161b8f709d921623a11f5 100755
--- a/tests/regression/apparmor/openat.sh
+++ b/tests/regression/apparmor/openat.sh
@@ -16,7 +16,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
dir=${tmpdir}
subdir=deleteme
diff --git a/tests/regression/apparmor/overlayfs_common.inc b/tests/regression/apparmor/overlayfs_common.inc
new file mode 100644
index 0000000000000000000000000000000000000000..432cdb8ceb3aa099680af20e1ef0b03e849fe134
--- /dev/null
+++ b/tests/regression/apparmor/overlayfs_common.inc
@@ -0,0 +1,136 @@
+#! /bin/bash
+# Copyright (C) 2024 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation, version 2 of the
+# License.
+
+#=NAME overlayfs
+#=DESCRIPTION
+# Verifies that file rules work in an overlayfs
+#=END
+
+if [ "$1" != "kernel" ] && [ "$1" != "fuse" ]; then
+ echo "FAIL: no parameter/invalid parameter specified"
+ echo "(expected 'kernel' or 'fuse')"
+ exit 1
+fi
+
+pwd=$(dirname "$0")
+pwd=$(cd "$pwd" || exit ; /bin/pwd)
+
+bin=$pwd
+
+. "$bin/prologue.inc"
+
+backing_file_lower="$tmpdir/loop_file_lower"
+backing_file_upper="$tmpdir/loop_file_upper"
+
+overlayfs_lower="$tmpdir/overlay_lower"
+overlayfs_other="$tmpdir/overlay_other"
+overlayfs_upper="$tmpdir/overlay_other/upper"
+overlayfs_workdir="$tmpdir/overlay_other/work"
+
+mount_target="$tmpdir/mount_target"
+
+mkdir "${mount_target}"
+mkdir "${overlayfs_lower}"
+mkdir "${overlayfs_other}"
+
+fallocate -l 512K "${backing_file_lower}"
+mkfs.ext4 -F "${backing_file_lower}" > /dev/null 2> /dev/null
+fallocate -l 512K "${backing_file_upper}"
+mkfs.ext4 -F "${backing_file_upper}" > /dev/null 2> /dev/null
+
+losetup -f "${backing_file_lower}" || fatalerror 'Unable to set up lower loop device'
+loop_device_lower="$(/sbin/losetup -n -O NAME -l -j "${backing_file_lower}")"
+losetup -f "${backing_file_upper}" || fatalerror 'Unable to set up upper loop device'
+loop_device_other="$(/sbin/losetup -n -O NAME -l -j "${backing_file_upper}")"
+
+mount "${loop_device_lower}" "${overlayfs_lower}"
+mount "${loop_device_other}" "${overlayfs_other}"
+
+# These directories are made in the overlayfs_other mount
+mkdir "${overlayfs_upper}"
+mkdir "${overlayfs_workdir}"
+
+# The behavior when changing the contents of lowerdir or upperdir
+# after mounting the overlay is described as "undefined"
+# Hopefully this isn't UB in the C standard/compiler sense
+# Concretely: kernel overlayfs propagates changes, fuse-overlayfs doesn't
+fallocate -l 16K "${overlayfs_lower}/lower_file"
+touch "${overlayfs_lower}/lower_file_2"
+fallocate -l 16K "${overlayfs_upper}/upper_file"
+touch "${overlayfs_upper}/upper_file_2"
+# echo is also a builtin, making things a bit more complicated
+cp "$(type -P echo)" "${overlayfs_lower}/lower_echo"
+cp "$(type -P echo)" "${overlayfs_upper}/upper_echo"
+
+if [ "$1" == "fuse" ]; then
+ fuse-overlayfs -o lowerdir="${overlayfs_lower}",upperdir="${overlayfs_upper}",workdir="${overlayfs_workdir}" "${mount_target}"|| fatalerror 'Unable to set up overlayfs'
+else
+ mount -t overlay -o lowerdir="${overlayfs_lower}",upperdir="${overlayfs_upper}",workdir="${overlayfs_workdir}" none "${mount_target}"|| fatalerror 'Unable to set up overlayfs'
+fi
+
+fallocate -l 16K "${mount_target}/overlay_file"
+
+settest overlayfs "${bin}/complain"
+
+genprofile "${mount_target}/lower_file:r" "${mount_target}/upper_file:r" "${mount_target}/overlay_file:r"
+runchecktest "Read file in overlayfs mount (lower)" pass read "${mount_target}/lower_file"
+runchecktest "Stat file in overlayfs mount (lower)" pass stat "${mount_target}/lower_file"
+runchecktest "Xattr file in overlayfs mount (lower)" pass xattr "${mount_target}/lower_file"
+runchecktest "Read file in overlayfs mount (upper)" pass read "${mount_target}/upper_file"
+runchecktest "Stat file in overlayfs mount (upper)" pass stat "${mount_target}/upper_file"
+runchecktest "Xattr file in overlayfs mount (upper)" pass xattr "${mount_target}/upper_file"
+runchecktest "Read file in overlayfs mount (overlay)" pass read "${mount_target}/overlay_file"
+runchecktest "Stat file in overlayfs mount (overlay)" pass stat "${mount_target}/overlay_file"
+runchecktest "Xattr file in overlayfs mount (overlay)" pass xattr "${mount_target}/overlay_file"
+
+genprofile "${mount_target}/lower_file:w" "${mount_target}/upper_file:w" "${mount_target}/overlay_file:w" "${mount_target}/overlay_file_new:w"
+runchecktest "Write file in overlayfs mount (lower)" pass write "${mount_target}/lower_file"
+runchecktest "Write file in overlayfs mount (upper)" pass write "${mount_target}/upper_file"
+runchecktest "Write file in overlayfs mount (creat)" pass write "${mount_target}/overlay_file_new"
+
+genprofile "${mount_target}/old_overlay_file:rw" "${mount_target}/new_overlay_file:w"
+touch "${mount_target}/old_overlay_file"
+runchecktest "Rename file in overlayfs mount (overlay)" pass rename "${mount_target}/old_overlay_file" "${mount_target}/new_overlay_file"
+rm -f "${mount_target}/old_overlay_file" "${mount_target}/new_overlay_file"
+
+genprofile "${mount_target}/lower_file:rw" "${mount_target}/lower_mv_file:w"
+runchecktest "Rename file in overlayfs mount (lower)" pass rename "${mount_target}/lower_file" "${mount_target}/lower_mv_file"
+genprofile "${mount_target}/upper_file:rw" "${mount_target}/upper_mv_file:w"
+runchecktest "Rename file in overlayfs mount (upper)" pass rename "${mount_target}/upper_file" "${mount_target}/upper_mv_file"
+
+genprofile "${mount_target}/lower_file_2:w"
+runchecktest "Remove file in overlayfs mount (lower)" pass unlink "${mount_target}/lower_file_2"
+rm -f "${mount_target}/lower_file_2"
+
+genprofile "${mount_target}/upper_file_2:w"
+runchecktest "Remove file in overlayfs mount (upper)" pass unlink "${mount_target}/upper_file_2"
+rm -f "${mount_target}/upper_file_2"
+
+touch "${mount_target}/overlay_file_new" # in case the write (creat) test failed
+genprofile "${mount_target}/overlay_file_new:w"
+runchecktest "Remove file in overlayfs mount (overlay)" pass unlink "${mount_target}/overlay_file_new"
+rm -f "${mount_target}/overlay_file_new"
+
+cp --preserve=all "${mount_target}/upper_echo" "${mount_target}/overlay_echo"
+genprofile "${mount_target}/*_echo:ix"
+runchecktest "Exec in overlayfs mount (lower)" pass exec "${mount_target}/lower_echo" PASS
+runchecktest "Exec in overlayfs mount (upper)" pass exec "${mount_target}/upper_echo" PASS
+runchecktest "Exec in overlayfs mount (overlay)" pass exec "${mount_target}/overlay_echo" PASS
+
+if [ "$1" == "fuse" ]; then
+ fusermount -u "${mount_target}" && rmdir "${mount_target}"
+else
+ umount "${mount_target}" && rmdir "${mount_target}"
+fi
+umount "${loop_device_lower}" && rm -r "${overlayfs_lower}"
+umount "${loop_device_other}" && rm -r "${overlayfs_other}"
+
+losetup -d "${loop_device_lower}"
+losetup -d "${loop_device_other}"
+rm "${backing_file_lower}"
+rm "${backing_file_upper}"
diff --git a/tests/regression/apparmor/overlayfs_fuse.sh b/tests/regression/apparmor/overlayfs_fuse.sh
new file mode 100644
index 0000000000000000000000000000000000000000..7f358b50969ff79229237431f85177496633868c
--- /dev/null
+++ b/tests/regression/apparmor/overlayfs_fuse.sh
@@ -0,0 +1,14 @@
+#! /bin/bash
+# Copyright (C) 2024 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation, version 2 of the
+# License.
+
+#=NAME overlayfs_fuse
+#=DESCRIPTION
+# Verifies that file rules work in a (fuse) overlayfs
+#=END
+
+source "./overlayfs_common.inc" fuse
\ No newline at end of file
diff --git a/tests/regression/apparmor/overlayfs_kernel.sh b/tests/regression/apparmor/overlayfs_kernel.sh
new file mode 100644
index 0000000000000000000000000000000000000000..d7876d500ad7e799b9946a5224265b792f14bee7
--- /dev/null
+++ b/tests/regression/apparmor/overlayfs_kernel.sh
@@ -0,0 +1,14 @@
+#! /bin/bash
+# Copyright (C) 2024 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation, version 2 of the
+# License.
+
+#=NAME overlayfs_kernel
+#=DESCRIPTION
+# Verifies that file rules work in a (kernel) overlayfs
+#=END
+
+source "./overlayfs_common.inc" kernel
\ No newline at end of file
diff --git a/tests/regression/apparmor/owlsm.sh b/tests/regression/apparmor/owlsm.sh
index f25937d339f9c286feb76829842c4edd7fb99556..282a9e9996d08bb99e1f50fa4c5896e8d7f40a8d 100644
--- a/tests/regression/apparmor/owlsm.sh
+++ b/tests/regression/apparmor/owlsm.sh
@@ -26,7 +26,7 @@ pwd=$(cd ${pwd} ; /bin/pwd)
bin=${pwd}
-. ${bin}/prologue.inc
+. "${bin}/prologue.inc"
target=file1
source=file2
diff --git a/tests/regression/apparmor/pipe.sh b/tests/regression/apparmor/pipe.sh
index de8bd23bd0f62ecbb7fe66c5d134ad2911a7d675..11b9b960ce10ebdc5a1d837fd13914d330e541bb 100755
--- a/tests/regression/apparmor/pipe.sh
+++ b/tests/regression/apparmor/pipe.sh
@@ -21,7 +21,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
subtest=sub
diff --git a/tests/regression/apparmor/pipe_helper.h b/tests/regression/apparmor/pipe_helper.h
new file mode 100644
index 0000000000000000000000000000000000000000..b3bb699f3c4d59a5e28602978000d7bd017dde45
--- /dev/null
+++ b/tests/regression/apparmor/pipe_helper.h
@@ -0,0 +1,77 @@
+#define _GNU_SOURCE
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <fcntl.h>
+
+int get_pipes(const char *pipename, char **parentpipe, char **childpipe)
+{
+ if (asprintf(parentpipe, "%s1", pipename) == -1)
+ return -1;
+ if (asprintf(childpipe, "%s2", pipename) == -1)
+ return -1;
+ return 0;
+}
+
+int open_read_pipe(char *pipename)
+{
+ int fd;
+ fd = open(pipename, O_RDONLY | O_NONBLOCK);
+ if (fd == -1) {
+ perror("FAIL - open read pipe");
+ return EXIT_FAILURE;
+ }
+ return fd;
+}
+
+int read_from_pipe(int fd)
+{
+ int ret;
+ char buf;
+ fd_set set;
+ struct timeval timeout;
+
+ if (fd == -1) {
+ fprintf(stderr, "FAIL - invalid read fd\n");
+ return EXIT_FAILURE;
+ }
+
+ FD_ZERO(&set);
+ FD_SET(fd, &set);
+
+ timeout.tv_sec = 3;
+ timeout.tv_usec = 0;
+
+ ret = select(fd + 1, &set, NULL, NULL, &timeout);
+ if (ret == -1) {
+ perror("FAIL - select");
+ goto err;
+ } else if (ret == 0) {
+ fprintf(stderr, "FAIL - read timeout\n");
+ goto err;
+ } else {
+ if (read(fd, &buf, 1) == -1) { // wait for client to unshare
+ perror("FAIL - read pipe");
+ close(fd);
+ return EXIT_FAILURE;
+ }
+ }
+ return EXIT_SUCCESS;
+err:
+ return EXIT_FAILURE;
+}
+
+int write_to_pipe(char *pipename)
+{
+ int fd;
+
+ fd = open(pipename, O_WRONLY | O_NONBLOCK);
+ if (fd == -1) {
+ fprintf(stderr, "FAIL - open write pipe %s - %m\n", pipename);
+ return EXIT_FAILURE;
+ }
+ close(fd);
+ return EXIT_SUCCESS;
+}
diff --git a/tests/regression/apparmor/pivot_root.c b/tests/regression/apparmor/pivot_root.c
index c078d2cf40f9886bc8a378076056fd7e09988b9f..3532f3fc4c37afaf2e73bfe96896d08ab0c7bf7c 100644
--- a/tests/regression/apparmor/pivot_root.c
+++ b/tests/regression/apparmor/pivot_root.c
@@ -86,10 +86,10 @@ static pid_t _clone(int (*fn)(void *), void *arg)
void *stack = alloca(stack_size);
#ifdef __ia64__
- return __clone2(pivot_and_verify_label, stack, stack_size,
+ return __clone2(fn, stack, stack_size,
CLONE_NEWNS | SIGCHLD, arg);
#else
- return clone(pivot_and_verify_label, stack + stack_size,
+ return clone(fn, stack + stack_size,
CLONE_NEWNS | SIGCHLD, arg);
#endif
}
diff --git a/tests/regression/apparmor/pivot_root.sh b/tests/regression/apparmor/pivot_root.sh
index dd7104edc3567e32c10f08e1d6befedd7317ba72..ee13cc97ec19a7d217885210bdbb428bbe8da5e3 100755
--- a/tests/regression/apparmor/pivot_root.sh
+++ b/tests/regression/apparmor/pivot_root.sh
@@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
disk_img=$tmpdir/disk_img
new_root=$tmpdir/new_root/
@@ -25,7 +25,8 @@ put_old=${new_root}put_old/
bad=$tmpdir/BAD/
proc=$new_root/proc
fstype="ext2"
-root_was_shared="no"
+
+. "$bin/mount.inc"
pivot_root_cleanup() {
mountpoint -q "$proc"
@@ -38,10 +39,7 @@ pivot_root_cleanup() {
umount "$new_root"
fi
- if [ "${root_was_shared}" = "yes" ] ; then
- [ -n "$VERBOSE" ] && echo 'notice: re-mounting / as shared'
- mount --make-shared /
- fi
+ prop_cleanup
}
do_onexit="pivot_root_cleanup"
@@ -50,24 +48,6 @@ if [ ! -b /dev/loop0 ] ; then
modprobe loop
fi
-# systemd mounts / and everything under it MS_SHARED. This breaks
-# pivot_root entirely, so attempt to detect it, and remount /
-# MS_PRIVATE temporarily.
-FINDMNT=/bin/findmnt
-if [ -x "${FINDMNT}" ] && ${FINDMNT} -no PROPAGATION / > /dev/null 2>&1 ; then
- if [ "$(${FINDMNT} -no PROPAGATION /)" = "shared" ] ; then
- root_was_shared="yes"
- fi
-elif [ "$(ps hp1 -ocomm)" = "systemd" ] ; then
- # no findmnt or findmnt doesn't know the PROPAGATION column,
- # but init is systemd so assume rootfs is shared
- root_was_shared="yes"
-fi
-if [ "${root_was_shared}" = "yes" ] ; then
- [ -n "$VERBOSE" ] && echo 'notice: re-mounting / as private'
- mount --make-private /
-fi
-
# Create disk image since pivot_root doesn't allow old root and new root to be
# on the same filesystem
dd if=/dev/zero of="$disk_img" bs=1024 count=512 2> /dev/null
@@ -120,6 +100,11 @@ if [ "$(kernel_features mount)" != "true" -o "$(parser_supports 'mount,')" != "t
exit
fi
+if [ "$(parser_supports 'all,')" = "true" ]; then
+ genprofile "all"
+ do_test "allow all rule" pass "$put_old" "$new_root" "$test"
+fi
+
# Ensure failure when no pivot_root perms are granted
genprofile $cur $cap
do_test "cap only" fail "$put_old" "$new_root" "$test"
diff --git a/tests/regression/apparmor/posix_ipc.sh b/tests/regression/apparmor/posix_ipc.sh
new file mode 100644
index 0000000000000000000000000000000000000000..5fd10bc751514e022f720862d921dcc0d1086f30
--- /dev/null
+++ b/tests/regression/apparmor/posix_ipc.sh
@@ -0,0 +1,12 @@
+
+# Test semaphores first, as they could be used for synchronization
+
+## TODO
+# posix_sem.sh
+
+## TODO
+# posix_shm.sh
+
+./posix_mq.sh
+
+
diff --git a/tests/regression/apparmor/posix_mq.h b/tests/regression/apparmor/posix_mq.h
new file mode 100644
index 0000000000000000000000000000000000000000..7088af80f95e71e1993c964d02418c48600c3299
--- /dev/null
+++ b/tests/regression/apparmor/posix_mq.h
@@ -0,0 +1,32 @@
+#ifndef POSIX_MQ_H_
+#define POSIX_MQ_H_
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#include <string.h>
+#include <semaphore.h>
+
+#define QNAME "/testmq"
+#define SHM_PATH "/unnamedsemtest"
+#define SEM_PATH "/namedsemtest"
+#define PIPENAME "/tmp/mqueuepipe";
+#define OBJ_PERMS (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH)
+
+#define BUF_SIZE 1024
+struct shmbuf { // Buffer in shared memory
+ sem_t sem;
+ int cnt; // Number of bytes used in 'buf'
+ char buf[BUF_SIZE]; // Data being transferred
+};
+
+struct msgbuf {
+ long mtype;
+ char mtext[BUF_SIZE];
+};
+
+char *msg = "hello world";
+
+#endif /* #ifndef POSIX_MQ_H_ */
diff --git a/tests/regression/apparmor/posix_mq.sh b/tests/regression/apparmor/posix_mq.sh
new file mode 100755
index 0000000000000000000000000000000000000000..40c3919d78fc2d3302fa13356f2e6d2cb9540397
--- /dev/null
+++ b/tests/regression/apparmor/posix_mq.sh
@@ -0,0 +1,185 @@
+#! /bin/bash
+#Copyright (C) 2022 Canonical, Ltd.
+#
+#This program is free software; you can redistribute it and/or
+#modify it under the terms of the GNU General Public License as
+#published by the Free Software Foundation, version 2 of the
+#License.
+
+#=NAME posix_mq
+#=DESCRIPTION
+# This test verifies if mediation of posix message queues is working
+#=END
+
+pwd=`dirname $0`
+pwd=`cd $pwd ; /bin/pwd`
+
+bin=$pwd
+
+. "$bin/prologue.inc"
+
+requires_kernel_features ipc/posix_mqueue
+requires_parser_support "mqueue,"
+
+settest posix_mq_rcv
+
+sender="$bin/posix_mq_snd"
+receiver="$bin/posix_mq_rcv"
+queuename="/queuename"
+queuename2="/queuename2"
+pipe="/tmp/mqueuepipe"
+
+user="foo"
+adduser --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --no-create-home --disabled-password $user >/dev/null
+echo "$user:password" | sudo chpasswd
+userid=$(id -u $user)
+
+# workaround to not have to set o+x
+chmod 6755 "$receiver"
+setcap cap_dac_read_search+pie "$receiver"
+
+cleanup()
+{
+ rm -f /dev/mqueue/$queuename
+ rm -f /dev/mqueue/$queuename2
+ rm -f $pipe
+ deluser foo >/dev/null
+}
+do_onexit="cleanup"
+
+do_test()
+{
+ local desc="POSIX MQUEUE ($1)"
+ shift
+ runchecktest "$desc" "$@"
+}
+
+
+do_tests()
+{
+ prefix=$1
+ expect_send=$2
+ expect_recv=$3
+ expect_open=$4
+
+ all_args=("$@")
+ rest_args=("${all_args[@]:5}")
+
+ do_test "$prefix" "$expect_send" "$sender" "$expect_recv" -c "$sender" -k $queuename "${rest_args[@]}"
+
+ # notify requires netlink permissions
+ do_test "$prefix : mq_notify" "$expect_send" "$sender" "$expect_recv" -c "$sender" -k $queuename -n mq_notify -p $pipe "${rest_args[@]}"
+
+ do_test "$prefix : select" "$expect_open" -c "$sender" -k $queuename -n select "${rest_args[@]}"
+
+ do_test "$prefix : poll" "$expect_open" -c "$sender" -k $queuename -n poll "${rest_args[@]}"
+
+ do_test "$prefix : epoll" "$expect_open" -c "$sender" -k $queuename -n epoll "${rest_args[@]}"
+}
+
+
+for username in "root" "$userid" ; do
+ if [ $username = "root" ] ; then
+ usercmd=""
+ else
+ usercmd="-u $userid"
+ fi
+
+ do_tests "unconfined $username" pass pass pass pass $usercmd
+
+ # No mqueue perms
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "$sender:px" "$pipe:rw" -- "image=$sender" "$pipe:rw"
+ do_tests "confined $username - no perms" fail fail fail fail $usercmd
+
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "deny:mqueue" "$sender:px" "$pipe:rw" -- "image=$sender" "deny mqueue" "$pipe:rw"
+ do_tests "confined $username - deny perms" fail fail fail fail $usercmd
+
+ if [ "$(parser_supports 'all,')" = "true" ]; then
+ genprofile "all" -- "image=$sender" "all"
+ do_tests "confined $username - allow all" pass pass pass pass $usercmd
+ fi
+
+ # generic mqueue
+ # 2 Potential failures caused by missing other x permission in path
+ # to tests. Usually on the user home dir as it is now default to
+ # create a user without that
+ # * if you seen a capability dac_read_search denied failure from
+ # apparmor when doing "root" username tests
+ # * if doing the $userid set of tests and you see
+ # Permission denied in the test output
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue" "$sender:px" "$pipe:rw" -- "image=$sender" "mqueue" "$pipe:rw"
+ do_tests "confined $username - mqueue" pass pass pass pass $usercmd
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue:type=posix" "$sender:px" "$pipe:rw" -- "image=$sender" "mqueue:type=posix" "$pipe:rw"
+ do_tests "confined $username - mqueue type=posix" pass pass pass pass $usercmd
+
+ # queue name
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue:$queuename" "$sender:px" "$pipe:rw" -- "image=$sender" "mqueue:$queuename" "$pipe:rw"
+ do_tests "confined $username - mqueue /name 1" pass pass pass pass $usercmd
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue" "$sender:px" "$pipe:rw" -- "image=$sender" "mqueue:$queuename" "$pipe:rw"
+ do_tests "confined $username - mqueue /name 2" pass pass pass pass $usercmd
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue:$queuename" "$sender:px" "$pipe:rw" -- "image=$sender" "mqueue" "$pipe:rw"
+ do_tests "confined $username - mqueue /name 3" pass pass pass pass $usercmd
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue:$queuename" "$sender:px" "$pipe:rw" -- "image=$sender" "mqueue:$queuename2" "$pipe:rw"
+ do_tests "confined $username - mqueue /name 4" fail fail fail fail $usercmd -t 1
+
+
+ # specific permissions
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue:(create,read,delete,getattr,setattr)" "$sender:px" "$pipe:rw" -- "image=$sender" "mqueue:write" "$pipe:rw"
+ do_tests "confined $username - specific 1" pass pass pass pass $usercmd
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue:(read,delete,getattr,setattr)" "$sender:px" "$pipe:rw" -- "image=$sender" "mqueue:write" "$pipe:rw"
+ do_tests "confined $username - specific 2" fail fail fail fail $usercmd -t 1
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue:(create,delete,getattr,setattr)" "$sender:px" "$pipe:rw" -- "image=$sender" "mqueue:write" "$pipe:rw"
+ do_tests "confined $username - specific 3" fail fail fail fail $usercmd -t 1
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue:(create,read,getattr,setattr)" "$sender:px" "$pipe:rw" -- "image=$sender" "mqueue:write" "$pipe:rw"
+ do_tests "confined $username - specific 4" fail fail fail fail $usercmd -t 1
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue:(create,read,delete,setattr)" "$sender:px" "$pipe:rw" -- "image=$sender" "mqueue:write" "$pipe:rw"
+ do_tests "confined $username - specific 5" pass pass pass pass $usercmd
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue:(create,read,delete,getattr)" "$sender:px" "$pipe:rw" -- "image=$sender" "mqueue:write" "$pipe:rw"
+ do_tests "confined $username - specific 6" pass pass pass pass $usercmd
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue:(create,read,delete,getattr,setattr)" "$sender:px" "$pipe:rw" -- "image=$sender" "mqueue:read" "$pipe:rw"
+ do_tests "confined $username - specific 7" fail fail fail fail $usercmd -t 1
+
+ # unconfined receiver
+ genprofile "image=$sender" "mqueue"
+ do_tests "confined sender $username - unconfined receiver" pass pass pass pass $usercmd
+
+
+ # unconfined sender
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue" "$sender:ux" "$pipe:rw"
+ do_tests "confined receiver $username - unconfined sender" pass pass pass pass $usercmd
+
+
+ # queue label
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue:label=$receiver" "$sender:px" "$pipe:rw" -- "image=$sender" "mqueue:label=$receiver" "$pipe:rw"
+ do_tests "confined $username - mqueue label 1" xpass xpass xpass xpass $usercmd
+
+
+ # queue name and label
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "network:netlink" "mqueue:(create,read,delete):type=posix:label=$receiver:$queuename" "$sender:px" "$pipe:rw" -- "image=$sender" "mqueue:(open,write):type=posix:label=$receiver:$queuename" "$pipe:rw"
+ do_tests "confined $username - mqueue label 2" xpass xpass xpass xpass $usercmd
+
+ # ensure we are cleaned up for next pass
+ removeprofile
+ rm -f /dev/mqueue/$queuename
+ rm -f /dev/mqueue/$queuename2
+done
+
+# cross user tests
+
+
+# confined root with cap ??override
+
+
+# confined root without cap ??override
+
diff --git a/tests/regression/apparmor/posix_mq_rcv.c b/tests/regression/apparmor/posix_mq_rcv.c
new file mode 100644
index 0000000000000000000000000000000000000000..5f7a84621dd2848c3c9d4748e6352f61b9bcc883
--- /dev/null
+++ b/tests/regression/apparmor/posix_mq_rcv.c
@@ -0,0 +1,344 @@
+#define _GNU_SOURCE
+#include <mqueue.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <poll.h>
+#include <sys/epoll.h>
+#include <time.h>
+
+#include "posix_mq.h"
+#include "pipe_helper.h"
+
+int timeout = 5; //seconds
+char *queuename = QNAME;
+char *pipepath = PIPENAME;
+
+enum notify_options {
+ DO_NOT_NOTIFY,
+ MQ_NOTIFY,
+ SELECT,
+ POLL,
+ EPOLL
+};
+
+enum notify_options notify = DO_NOT_NOTIFY;
+
+int receive_message(mqd_t mqd, char needs_timeout) {
+ ssize_t nbytes;
+ struct mq_attr attr;
+ char *buf = NULL;
+ int ret = EXIT_FAILURE;
+
+ if (mq_getattr(mqd, &attr) == -1) {
+ perror("FAIL - could not mq_getattr");
+ goto out;
+ }
+
+ buf = malloc(attr.mq_msgsize);
+ if (buf == NULL) {
+ perror("FAIL - could not malloc");
+ goto out;
+ }
+
+ if (needs_timeout) { /* do we need this or should we just use mq_timedreceive always? */
+ struct timespec ts;
+ clock_gettime(CLOCK_REALTIME, &ts);
+ ts.tv_sec += timeout;
+ nbytes = mq_timedreceive(mqd, buf, attr.mq_msgsize,
+ NULL, &ts);
+ } else {
+ attr.mq_flags |= O_NONBLOCK;
+ if (mq_setattr(mqd, &attr, NULL) == -1){
+ perror("FAIL - could not mq_setattr");
+ goto out;
+ }
+ nbytes = mq_receive(mqd, buf, attr.mq_msgsize, NULL);
+ }
+
+ if (nbytes < 0) {
+ perror("FAIL - could not receive msg");
+ goto out;
+ }
+
+ buf[nbytes] = 0;
+
+ if (strncmp(buf, msg, BUF_SIZE) != 0) {
+ fprintf(stderr, "FAIL - msg received does not match: %s - %s\n", buf, msg);
+ goto out;
+ }
+
+ printf("PASS\n");
+ ret = EXIT_SUCCESS;
+
+out:
+ free(buf);
+
+ if (mq_close(mqd) == (mqd_t) -1) {
+ perror("FAIL - could not close mq");
+ ret = EXIT_FAILURE;
+ }
+ if (mq_unlink(queuename) == (mqd_t) -1) {
+ perror("FAIL - could not unlink mq");
+ ret = EXIT_FAILURE;
+ }
+ if (notify == MQ_NOTIFY && unlink(pipepath) == -1) {
+ perror("FAIL - could not remove pipe");
+ ret = EXIT_FAILURE;
+ }
+ exit(ret);
+}
+
+static void handle_signal(union sigval sv) {
+ mqd_t mqd = *((mqd_t *) sv.sival_ptr);
+ receive_message(mqd, 0);
+}
+
+static void usage(char *prog_name, char *msg)
+{
+ if (msg != NULL)
+ fprintf(stderr, "%s\n", msg);
+
+ fprintf(stderr, "Usage: %s [options]\n", prog_name);
+ fprintf(stderr, "Options are:\n");
+ fprintf(stderr, "-n get notified if there's an item in the queue\n");
+ fprintf(stderr, " available options are: mq_notify, select, poll and epoll\n");
+ fprintf(stderr, "-k message queue name (default is %s)\n", QNAME);
+ fprintf(stderr, "-c path of the client binary\n");
+ fprintf(stderr, "-u run test as specified UID\n");
+ fprintf(stderr, "-t timeout in seconds\n");
+ fprintf(stderr, "-p named pipe path. used by mq_notify\n");
+ exit(EXIT_FAILURE);
+}
+
+void receive_mq_notify(mqd_t mqd)
+{
+ struct sigevent sev;
+ sev.sigev_notify = SIGEV_THREAD;
+ sev.sigev_notify_function = handle_signal;
+ sev.sigev_notify_attributes = NULL;
+ sev.sigev_value.sival_ptr = &mqd;
+
+ if (mq_notify(mqd, &sev) == -1) {
+ perror("FAIL - could not mq_notify");
+ return;
+ }
+
+ if (write_to_pipe(pipepath) == -1) { // let sender know mq_notify is ready
+ fprintf(stderr, "FAIL - could not write to pipe\n");
+ return;
+ }
+
+ sleep(timeout);
+ fprintf(stderr, "FAIL - could not mq_notify: Connection timed out\n");
+}
+
+void receive_select(mqd_t mqd)
+{
+ fd_set read_fds;
+ struct timeval tv;
+ tv.tv_sec = timeout;
+ tv.tv_usec = 0;
+
+ FD_ZERO(&read_fds);
+ FD_SET(mqd, &read_fds);
+
+ if (select(mqd + 1, &read_fds, NULL, NULL, &tv) == -1) {
+ perror("FAIL - could not select");
+ return;
+ } else {
+ if (FD_ISSET(mqd, &read_fds))
+ receive_message(mqd, 0);
+ }
+}
+
+void receive_poll(mqd_t mqd)
+{
+ struct pollfd fds[1];
+ fds[0].fd = mqd;
+ fds[0].events = POLLIN;
+
+ if (poll(fds, 1, timeout * 1000) == -1) {
+ perror("FAIL - could not poll");
+ return;
+ } else {
+ if (fds[0].revents & POLLIN)
+ receive_message(mqd, 0);
+ }
+}
+
+void receive_epoll(mqd_t mqd)
+{
+ int epfd = epoll_create(1);
+ if (epfd == -1) {
+ perror("FAIL - could not create epoll");
+ return;
+ }
+
+ struct epoll_event ev, rev[1];
+ ev.events = EPOLLIN;
+ ev.data.fd = mqd;
+ if (epoll_ctl(epfd, EPOLL_CTL_ADD, mqd, &ev) == -1) {
+ perror("FAIL - could not add mqd to epoll");
+ return;
+ }
+
+ if (epoll_wait(epfd, rev, 1, timeout * 1000) == -1) {
+ perror("FAIL - could not epoll_wait");
+ return;
+ } else {
+ if (rev[0].data.fd == mqd && rev[0].events & EPOLLIN)
+ receive_message(mqd, 0);
+ }
+}
+
+void receive(enum notify_options notify, mqd_t mqd)
+{
+ switch(notify) {
+ case DO_NOT_NOTIFY:
+ receive_message(mqd, 1);
+ return;
+ case MQ_NOTIFY:
+ receive_mq_notify(mqd);
+ break;
+ case SELECT:
+ receive_select(mqd);
+ break;
+ case POLL:
+ receive_poll(mqd);
+ break;
+ case EPOLL:
+ receive_epoll(mqd);
+ break;
+ }
+}
+
+int main(int argc, char *argv[])
+{
+ int opt = 0;
+ mqd_t mqd;
+ char *client = NULL;
+ int uid;
+ int pipefd;
+ struct mq_attr attr;
+ attr.mq_flags = 0;
+ attr.mq_maxmsg = 10;
+ attr.mq_msgsize = BUF_SIZE;
+ attr.mq_curmsgs = 0;
+
+ while ((opt = getopt(argc, argv, "n:k:c:u:t:p:")) != -1) {
+ switch (opt) {
+ case 'n':
+ if (strcmp(optarg, "mq_notify") == 0)
+ notify = MQ_NOTIFY;
+ else if (strcmp(optarg, "select") == 0)
+ notify = SELECT;
+ else if (strcmp(optarg, "poll") == 0)
+ notify = POLL;
+ else if (strcmp(optarg, "epoll") == 0)
+ notify = EPOLL;
+ else
+ usage(argv[0], "invalid option for -n");
+ break;
+ case 'k':
+ queuename = optarg;
+ if (queuename == NULL)
+ usage(argv[0], "-k option must specify the queue name\n");
+ break;
+ case 'c':
+ client = optarg;
+ if (client == NULL)
+ usage(argv[0], "-c option must specify the client binary\n");
+ break;
+ case 'u':
+ /* change file mode on output before setuid drops
+ * privs. This is required to make sure we can
+ * write to the output file and in some cases
+ * even exec with our inherited output file
+ *
+ * This assume test infrastructure creates the
+ * file as root and dups stderr to stdout
+ */
+ if (fchmod(fileno(stdout), 0666) == -1) {
+ perror("FAIL - could not set output file mode");
+ exit(EXIT_FAILURE);
+ }
+ if (fchmod(fileno(stderr), 0666) == -1) {
+ perror("FAIL - could not set output file mode");
+ exit(EXIT_FAILURE);
+ }
+ uid = atoi(optarg);
+ if (setuid(uid) < 0) {
+ perror("FAIL - could not setuid");
+ exit(EXIT_FAILURE);
+ }
+ break;
+ case 't':
+ timeout = atoi(optarg);
+ break;
+ case 'p':
+ pipepath = optarg;
+ break;
+ default:
+ usage(argv[0], "Unrecognized option\n");
+ }
+ }
+
+ mqd = mq_open(queuename, O_CREAT | O_RDONLY, OBJ_PERMS, &attr);
+ if (mqd == (mqd_t) -1) {
+ perror("FAIL - could not open mq");
+ exit(EXIT_FAILURE);
+ }
+
+ if (notify == MQ_NOTIFY) {
+ if (mkfifo(pipepath, 0666) == -1) {
+ perror("FAIL - could not mkfifo");
+ goto nopipeout;
+ }
+
+ pipefd = open_read_pipe(pipepath);
+ if (pipefd == -1) {
+ fprintf(stderr, "FAIL - couldn't open pipe\n");
+ goto out;
+ }
+ }
+
+ /* exec the client */
+ int pid = fork();
+ if (pid == -1) {
+ perror("FAIL - could not fork");
+ goto out;
+ } else if (!pid) {
+ if (client == NULL) {
+ usage(argv[0], "client not specified");
+ exit(EXIT_FAILURE);
+ /* execution of the main thread continues
+ * in case the client will be manually executed
+ */
+ }
+ if (notify == MQ_NOTIFY) {
+ char strpipefd[12];
+ sprintf(strpipefd, "%d", pipefd);
+ execl(client, client, queuename, strpipefd, NULL);
+ printf("FAIL %d - execlp %s %s %s- %m\n", getuid(), client, queuename, strpipefd);
+ } else {
+ execl(client, client, queuename, NULL);
+ printf("FAIL %d - execlp %s %s- %m\n", getuid(), client, queuename);
+ }
+ exit(EXIT_FAILURE);
+ }
+
+ receive(notify, mqd);
+
+ /* when the notification fails because of timeout, it ends up here
+ * so, clean up the mqueue and exit_failure
+ */
+out:
+ if (notify == MQ_NOTIFY && unlink(pipepath) == -1)
+ perror("FAIL - could not remove pipe");
+nopipeout:
+ if (mq_close(mqd) == (mqd_t) -1)
+ perror("FAIL - could not close mq");
+ if (mq_unlink(queuename) == (mqd_t) -1)
+ perror("FAIL - could unlink mq");
+ return EXIT_FAILURE;
+}
diff --git a/tests/regression/apparmor/posix_mq_snd.c b/tests/regression/apparmor/posix_mq_snd.c
new file mode 100644
index 0000000000000000000000000000000000000000..e0a69a1e6772995cc4966f4b28e2fbd2df60dbae
--- /dev/null
+++ b/tests/regression/apparmor/posix_mq_snd.c
@@ -0,0 +1,43 @@
+#define _GNU_SOURCE
+#include <mqueue.h>
+#include <stdlib.h>
+
+#include "posix_mq.h"
+#include "pipe_helper.h"
+
+int main(int argc, char * argv[])
+{
+ mqd_t mqd;
+ char *queuename = QNAME;
+ int pipefd;
+
+ if (argc > 1) {
+ queuename = argv[1];
+ }
+ if (argc > 2) {
+ pipefd = atoi(argv[2]);
+ if (read_from_pipe(pipefd) == -1) { // wait for receiver to mq_notify
+ fprintf(stderr, "FAIL - could not read from pipe\n");
+ return 1;
+ }
+ }
+
+ mqd = mq_open(queuename, O_WRONLY);
+ if (mqd == (mqd_t) -1) {
+ perror("FAIL sender - could not open mq");
+ return 1;
+ }
+
+ if (mq_send(mqd, msg, strnlen(msg, BUF_SIZE), 0) == -1) {
+ perror("FAIL sender - could not send");
+ return 1;
+ }
+
+ if (mq_close(mqd) == (mqd_t) -1) {
+ perror("FAIL sender - could not close mq");
+ return 1;
+ }
+
+ //printf("PASS client\n");
+ return 0;
+}
diff --git a/tests/regression/apparmor/prologue.inc b/tests/regression/apparmor/prologue.inc
index 1135b9c102c663e7c7cbaf95bfa00e593487a9b1..cc85648888caf73134d7aa9906c9b353c82f05fd 100755
--- a/tests/regression/apparmor/prologue.inc
+++ b/tests/regression/apparmor/prologue.inc
@@ -59,15 +59,26 @@ kernel_features_istrue()
# 2 and error message if path does not exist
kernel_features()
{
- if [ ! -e "/sys/kernel/security/apparmor/features/" ] ; then
+ features_dir="/sys/kernel/security/apparmor/features/"
+ if [ ! -e "$features_dir" ] ; then
echo "Kernel feature masks not supported."
return 1;
fi
for f in $@ ; do
- if [ ! -e "/sys/kernel/security/apparmor/features/$f" ] ; then
- echo "Required feature '$f' not available."
- return 2;
+ if [ ! -e "$features_dir/$f" ] ; then
+ # check if feature is in file
+ feature=$(basename "$features_dir/$f")
+ file=$(dirname "$features_dir/$f")
+ if [ -f $file ]; then
+ if ! grep -q $feature $file; then
+ echo "Required feature '$f' not available."
+ return 2;
+ fi
+ else
+ echo "Required feature '$f' not available."
+ return 3;
+ fi
fi
done
@@ -141,7 +152,7 @@ parser_supports()
# $@: rules to test
requires_parser_support()
{
- local res=$(parser_supports $@)
+ local res=$(parser_supports "$@")
if [ "$res" != "true" ] ; then
echo "$res. Skipping tests ..."
exit 0
@@ -190,7 +201,7 @@ exit_handler()
# global bin
if [ -d "$bin" ]
then
- . $bin/epilogue.inc
+ . "$bin/epilogue.inc"
fi
}
@@ -289,46 +300,48 @@ checktestfg()
ret=`cat $outfile 2>/dev/null`
teststatus=pass
-
- case "$ret" in
- PASS) if [ "$_pfmode" != "pass" -a -z "${_known}" ]
- then
- echo "Error: ${testname} passed. Test '${_testdesc}' was expected to '${_pfmode}'"
- testfailed
- return
- elif [ "$_pfmode" == "pass" -a -n "${_known}" ]
- then
- echo "Alert: ${testname} passed. Test '${_testdesc}' was marked as expected pass but known problem (xpass)"
- fi
- ;;
- FAIL*) if [ "$_pfmode" != "fail" -a -z "${_known}" ]
- then
- echo "Error: ${testname} failed. Test '${_testdesc}' was expected to '${_pfmode}'. Reason for failure '${ret}'"
- testfailed
- return
- elif [ "$_pfmode" == "fail" -a -n "${_known}" ]
- then
- echo "Alert: ${testname} failed. Test '${_testdesc}' was marked as expected fail but known problem (xfail)."
- fi
- ;;
- SIGNAL*) killedsig=`echo $ret | sed 's/SIGNAL//'`
- case "$_pfmode" in
- signal*) expectedsig=`echo ${_pfmode} | sed 's/signal//'`
- if [ -n "${expectedsig}" -a ${expectedsig} != ${killedsig} ]
- then
- echo "Error: ${testname} failed. Test '${_testdesc}' was expected to terminate with signal ${expectedsig}${_known}. Instead it terminated with signal ${killedsig}"
+ testresult=pass
+ failurereason=""
+ while IFS= read -r line; do
+ case "$line" in
+ PASS) ;;
+ FAIL*) testresult=fail
+ failurereason=". Reason for failure '${line}'"
+ break
+ ;;
+ SIGNAL*) killedsig=`echo $line | sed 's/SIGNAL//'`
+ case "$_pfmode" in
+ signal*) expectedsig=`echo ${_pfmode} | sed 's/signal//'`
+ if [ -n "${expectedsig}" -a ${expectedsig} != ${killedsig} ]
+ then
+ echo "Error: ${testname} failed. Test '${_testdesc}' was expected to terminate with signal ${expectedsig}${_known}. Instead it terminated with signal ${killedsig}"
+ testfailed
+ return
+ fi
+ ;;
+ *) echo "Error: ${testname} failed. Test '${_testdesc}' was expected to '${_pfmode}'${_known}. Reason for failure 'killed by signal ${killedsig}'"
testfailed
return
- fi
+ ;;
+ esac
+ ;;
+ *) testerror
+ return
;;
- *) echo "Error: ${testname} failed. Test '${_testdesc}' was expected to '${_pfmode}'${_known}. Reason for failure 'killed by signal ${killedsig}'"
+ esac
+ done <<< "$ret"
+
+ case "$_pfmode" in
+ signal*) ;;
+ *) if [ "$_pfmode" != "$testresult" -a -z "${_known}" ]
+ then
+ echo "Error: ${testname} ${testresult}ed. Test '${_testdesc}' was expected to '${_pfmode}'$failurereason"
testfailed
return
- ;;
- esac
- ;;
- *) testerror
- return
+ elif [ "$_pfmode" == "$testresult" -a -n "${_known}" ]
+ then
+ echo "Alert: ${testname} ${testresult}ed. Test '${_testdesc}' was marked as expected $_pfmode but known problem (x$_pfmode)"
+ fi
;;
esac
@@ -390,7 +403,7 @@ emit_profile()
name=$1; shift 1
- $bin/mkprofile.pl ${mkflags} "$name" ${outfile}:w "$@" >> $profile
+ "$bin/mkprofile.pl" ${mkflags} "$name" ${outfile}:w "$@" >> $profile
echo $name >> $profilenames
}
@@ -407,6 +420,7 @@ fi
complainflag=""
mkflags=""
+ append="false"
while /bin/true
do
case "$1" in
@@ -418,25 +432,31 @@ fi
;;
"-I") mkflags="${mkflags} -I"
;;
+ "--append") append="true"
+ ;;
*) break
;;
esac
shift
done
- # save previous profile
- if [ -f $profile ]
- then
- mv $profile ${profile}.old
- mv $profilenames ${profilenames}.old
- fi
+ if [ "$append" = "false" ]; then
+ # save previous profile
+ if [ -f $profile ]
+ then
+ mv $profile ${profile}.old
+ mv $profilenames ${profilenames}.old
+ fi
- echo "abi <kernel>," >$profile
- num_emitted=0
+ echo "abi <kernel>," >$profile
+ num_emitted=0
+ else
+ num_emmited=$(wc -l < "$profilenames")
+ fi
while /bin/true
do
- imagename=$test
+ imagename=$testbin
# image/subhat allows overriding of the default
# imagename which is based on the testname
@@ -444,7 +464,7 @@ fi
# it is most often used after --, in fact it is basically
# mandatory after --
case "$1" in
- image=*) imagename=`echo $1 | sed 's/^image=\([^:]*\).*$/\1/'`
+ image=*) imagename=`echo $1 | sed 's/^image=\(.*\)$/\1/'`
num_emitted=0
shift
;;
@@ -482,9 +502,12 @@ fi
break
done
+ if [ $append == "true" ]
+ then
+ replaceprofile
# if old and new profiles consist of the same entries
# we can do a replace, else remove/reload
- if [ $profileloaded -eq 1 ]
+ elif [ $profileloaded -eq 1 ]
then
names1=$tmpdir/sorted1
names2=$tmpdir/sorted2
@@ -494,13 +517,13 @@ fi
if cmp -s $names1 $names2
then
replaceprofile
- else
+ else
removeprofile ${profile}.old
loadprofile
fi
rm -f $names1 $names2
-
+
else
loadprofile
fi
@@ -524,7 +547,7 @@ loadprofile()
{
#global complainflaf profile profileloaded
- $subdomain ${parser_args} $complainflag $profile > /dev/null
+ "$subdomain" ${parser_args} $complainflag $profile > /dev/null
if [ $? -ne 0 ]
then
removeprofile
@@ -538,7 +561,7 @@ replaceprofile()
{
#global complainflag profile
- $subdomain ${parser_args} -r $complainflag $profile > /dev/null
+ "$subdomain" ${parser_args} -r $complainflag $profile > /dev/null
if [ $? -ne 0 ]
then
fatalerror "Unable to replace profile $profile"
@@ -557,7 +580,7 @@ removeprofile()
remprofile=$profile
fi
- $subdomain ${parser_args} -R $remprofile > /dev/null
+ "$subdomain" ${parser_args} -R $remprofile > /dev/null
if [ $? -ne 0 ]
then
fatalerror "Unable to remove profile $remprofile"
@@ -582,6 +605,18 @@ settest()
# will run the test. In this case 'settest <testname> "wrapper {}'
# will result in testexec invoking wrapper. {} will be replaced with
# $test
+ #settest can run the test as a different user with:
+ # settest -u <username> <testname>
+ # settest -u <username> <testname> "wrapper {}"
+
+ username=''
+ if [ $# -gt 2 -a "$1" == "-u" -a ! -z "$2" ]
+ then
+ username="$2"
+ addtestuser "$username"
+ shift
+ shift
+ fi
testname=$1
@@ -597,6 +632,16 @@ settest()
fatalerror "settest, illegal usage"
fi
+ # store testbin name from testexec so that testexec represents
+ # what will be executed - allowing for a change of username
+ # with sudo -u
+ testbin=$testexec
+
+ if [ ! -z "$username" ]
+ then
+ testexec="sudo -u $username $testexec"
+ fi
+
outfile=$tmpdir/output.$1
# Remove any current profile if loaded
@@ -606,6 +651,23 @@ settest()
fi
}
+# Add a temporary user with name=$1 that will be deleted on exit
+addtestuser()
+{
+ #global testusers
+
+ if ! echo "$testusers" | grep -q "$1"
+ then
+ if adduser --gecos "First Last,RoomNumber,WorkPhone,HomePhone" \
+ --no-create-home --disabled-password "$1" >/dev/null
+ then
+ testusers="$testusers $1"
+ else
+ fatalerror "Unable to add user '$1'"
+ fi
+ fi
+}
+
# ----------------------------------------------------------------------------
# MAIN
@@ -638,9 +700,9 @@ else
fi
# load user changeable variables
-. $bin/uservars.inc
+. "$bin/uservars.inc"
-if [ ! -x $subdomain ]
+if [ ! -x "$subdomain" ]
then
fatalerror "AppArmor parser '$subdomain' is not executable"
fi
diff --git a/tests/regression/apparmor/ptrace.sh b/tests/regression/apparmor/ptrace.sh
index ab025c84628f6bbd63072a9eade16ef537c708a9..2dfc60e81abcaf61586a5368e925b22698ade69a 100755
--- a/tests/regression/apparmor/ptrace.sh
+++ b/tests/regression/apparmor/ptrace.sh
@@ -21,7 +21,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
# Read permission was required for a confined process to be able to be traced
# using ptrace. This stopped being required or functioning correctly
@@ -56,7 +56,7 @@ runchecktest "test 2 -hc prog" pass -h -c -n 100 $helper ${bin_true}
if [ "$(kernel_features ptrace)" = "true" -a "$(parser_supports 'ptrace,')" = "true" ] ; then
- . $bin/ptrace_v6.inc
+ . "$bin/ptrace_v6.inc"
else
- . $bin/ptrace_v5.inc
+ . "$bin/ptrace_v5.inc"
fi
diff --git a/tests/regression/apparmor/ptrace_v6.inc b/tests/regression/apparmor/ptrace_v6.inc
index b0cf983ad811fc2f3d8ed598c98f1631d2973fa7..5065a2e8ff534f60c7984f5f46c8769d6dac8904 100644
--- a/tests/regression/apparmor/ptrace_v6.inc
+++ b/tests/regression/apparmor/ptrace_v6.inc
@@ -235,6 +235,15 @@ runchecktest "test 12p2 -hc" fail -h -c -n 100 $helper
runchecktest "test 12p2 -h prog" fail -h -n 100 $helper ${bin_true}
runchecktest "test 12p2 -hc prog" fail -h -c -n 100 $helper ${bin_true}
+if [ "$(parser_supports 'all,')" = "true" ]; then
+ genprofile "all"
+ runchecktest "test allow all" pass -n 100 ${bin_true}
+ runchecktest "test allow all -c" pass -c -n 100 ${bin_true}
+ runchecktest "test allow all -h" pass -h -n 100 $helper
+ runchecktest "test allow all -hc" pass -h -c -n 100 $helper
+ runchecktest "test allow all -h prog" pass -h -n 100 $helper ${bin_true}
+ runchecktest "test allow all -hc prog" pass -h -c -n 100 $helper ${bin_true}
+fi
#ptraced confined app traced by profile can px
genprofile ${bin_true}:rpx $helper:rix signal:ALL ptrace:peer=$test ptrace:peer=${bin_true} -- image=${bin_true} ${bin_true}:rix
diff --git a/tests/regression/apparmor/pwrite.sh b/tests/regression/apparmor/pwrite.sh
index f86310d99e970f5031db9a92c620aa4244f4f368..5e0198f0fd350c9705afdb3eec23b231266bcc78 100755
--- a/tests/regression/apparmor/pwrite.sh
+++ b/tests/regression/apparmor/pwrite.sh
@@ -14,7 +14,7 @@ pwd=`cd $pwd ; pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file=${tmpdir}/pwrite
okperm=rw
diff --git a/tests/regression/apparmor/query_label.sh b/tests/regression/apparmor/query_label.sh
index 6547727359dc574d3491ab23af1ba7bc42f5c0a3..080f9b5aaff26ab90e6dfbb18a3447e4daac6b7d 100755
--- a/tests/regression/apparmor/query_label.sh
+++ b/tests/regression/apparmor/query_label.sh
@@ -16,7 +16,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
requires_query_interface
settest query_label
@@ -40,11 +40,12 @@ dbus_svc_query="session com.foo.baz"
# granting anything specified in $@.
genqueryprofile()
{
- genprofile --stdin <<EOF
+ genprofile image=$test --stdin <<EOF
$test {
file,
}
-
+EOF
+ genprofile --append image=$qprof --stdin <<EOF
$qprof {
$@
}
diff --git a/tests/regression/apparmor/readdir.sh b/tests/regression/apparmor/readdir.sh
index 87cc4aae773d5710d149a7e955b6dd5b3b1df023..a50910f1b7bda5709b96eff55ea349081adc145d 100755
--- a/tests/regression/apparmor/readdir.sh
+++ b/tests/regression/apparmor/readdir.sh
@@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
dir=$tmpdir/tmpdir
# x is not really needed, see chdir.sh
diff --git a/tests/regression/apparmor/regex.sh b/tests/regression/apparmor/regex.sh
index 2bd764a688b7191bcaf45995468b9a0884c537b2..9a0f1bdc114562a2c0261354d0c1f092a363f2af 100755
--- a/tests/regression/apparmor/regex.sh
+++ b/tests/regression/apparmor/regex.sh
@@ -22,7 +22,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file=$tmpdir/file
file2=$tmpdir/filealpha
@@ -119,32 +119,38 @@ genprofile "${tmpdir}/file\*/beta**:$okperm"
runchecktest "GLOB FOLLOWED BY DOUBLE TAILGLOB (fail)" fail ${file2}
settest exec
-file=/bin/true
+cp -pL /bin/true ${tmpdir}/true
+cp -pL /bin/false ${tmpdir}/false
+file=${tmpdir}/true
okperm=rix
baderm=r
# PASS TEST - looking for *
-genprofile /bin/\*:$okperm
+genprofile ${tmpdir}/\*:$okperm
runchecktest "SINGLE TAILGLOB (exec)" pass $file
+tmpdir_len=${#tmpdir}
+# remove 2 characters from the end of tmpdir
+partial_tmpdir=${tmpdir:0:$((tmpdir_len - 2))}
+
# PASS TEST - looking for **
-genprofile /bi\*\*:$okperm
+genprofile ${partial_tmpdir}\*\*:$okperm
runchecktest "DOUBLE TAILGLOB (exec)" pass $file
# PASS TEST - looking for { , }
-genprofile /bin/\{true,false\}:$okperm
+genprofile ${tmpdir}/\{true,false\}:$okperm
runchecktest "CURLY BRACES (exec)" pass $file
# PASS TEST - looking for []
-genprofile /bin/\[aeft\]rue:$okperm
+genprofile ${tmpdir}/\[aeft\]rue:$okperm
runchecktest "SQUARE BRACES 1 (exec)" pass $file
# PASS TEST - looking for []
-genprofile /bin/\[s-v\]rue:$okperm
+genprofile ${tmpdir}/\[s-v\]rue:$okperm
runchecktest "SQUARE BRACES 2 (exec)" pass $file
# PASS TEST - looking for ?
-genprofile /bin/t\?ue:$okperm
+genprofile ${tmpdir}/t\?ue:$okperm
runchecktest "QUESTION MARK (exec)" pass $file
# FAIL TEST - looking for *
@@ -156,17 +162,17 @@ genprofile /sbi\*\*:$okperm signal:ALL
runchecktest "DOUBLE TAILGLOB (exec, fail)" fail $file
# FAIL TEST - looking for { , }
-genprofile /bin/\{flase,false\}:$okperm signal:ALL
+genprofile ${tmpdir}/\{flase,false\}:$okperm signal:ALL
runchecktest "CURLY BRACES (exec, fail)" fail $file
# FAIL TEST - looking for []
-genprofile /bin/\[aef\]rue:$okperm signal:ALL
+genprofile ${tmpdir}/\[aef\]rue:$okperm signal:ALL
runchecktest "SQUARE BRACES 1 (exec, fail)" fail $file
# FAIL TEST - looking for []
-genprofile /bin/\[u-x\]rue:$okperm signal:ALL
+genprofile ${tmpdir}/\[u-x\]rue:$okperm signal:ALL
runchecktest "SQUARE BRACES 2 (exec, fail)" fail $file
# FAIL TEST - looking for ?
-genprofile /bin/b\?ue:$okperm signal:ALL
+genprofile ${tmpdir}/b\?ue:$okperm signal:ALL
runchecktest "QUESTION MARK (exec, fail)" fail $file
diff --git a/tests/regression/apparmor/rename.sh b/tests/regression/apparmor/rename.sh
index c5a24a0960b13a8b674270b56aba2169d80e8372..75a494961c89282ed30d51eee9583d400dadde34 100644
--- a/tests/regression/apparmor/rename.sh
+++ b/tests/regression/apparmor/rename.sh
@@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file1=$tmpdir/file1
file2=$tmpdir/file2
diff --git a/tests/regression/apparmor/rw.sh b/tests/regression/apparmor/rw.sh
index 309b44439f624bc8806457a597d199abbab917bf..09fb8c3b09e05b8df89550d3fb25fafa1f3bfe0a 100755
--- a/tests/regression/apparmor/rw.sh
+++ b/tests/regression/apparmor/rw.sh
@@ -21,7 +21,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file=$tmpdir/src
okperm=rw
diff --git a/tests/regression/apparmor/sd_flags.sh b/tests/regression/apparmor/sd_flags.sh
index f08211810d0ef8a77002cd46e1242a1ef953e216..41481219c7a70a53e18e38bb5998f3dc8b8256cc 100755
--- a/tests/regression/apparmor/sd_flags.sh
+++ b/tests/regression/apparmor/sd_flags.sh
@@ -14,7 +14,7 @@ pwd=$(cd $pwd ; /bin/pwd)
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
settest open
@@ -58,56 +58,56 @@ settest changehat_wrapper
# audit alone
# PASS TEST (noflags)
-genprofile hat:open addimage:${bin}/open $file:$okperm
+genprofile hat:open "addimage:${bin}/open" $file:$okperm
runchecktest "SD_FLAGS HAT/OPEN RW (noflags)" pass open $file
# PASS TEST 1 (audit)
-genprofile flag:audit hat:open addimage:${bin}/open $file:$okperm
+genprofile flag:audit hat:open "addimage:${bin}/open" $file:$okperm
runchecktest "SD_FLAGS HAT/OPEN RW (audit)" pass open $file
# PASS TEST 2 (audit)
-genprofile hat:open addimage:${bin}/open $file:$okperm flag:audit
+genprofile hat:open "addimage:${bin}/open" $file:$okperm flag:audit
runchecktest "SD_FLAGS HAT/OPEN RW (audit)" pass open $file
# PASS TEST 3 (audit)
-genprofile flag:audit hat:open addimage:${bin}/open $file:$okperm flag:audit
+genprofile flag:audit hat:open "addimage:${bin}/open" $file:$okperm flag:audit
runchecktest "SD_FLAGS HAT/OPEN RW (audit)" pass open $file
# FAILURE TEST 1 (audit)
-genprofile flag:audit hat:open addimage:${bin}/open $file:$badperm1
+genprofile flag:audit hat:open "addimage:${bin}/open" $file:$badperm1
runchecktest "SD_FLAGS HAT/OPEN R (audit)" fail open $file
# FAILURE TEST 2 (audit)
-genprofile hat:open addimage:${bin}/open $file:$badperm1 flag:audit
+genprofile hat:open "addimage:${bin}/open" $file:$badperm1 flag:audit
runchecktest "SD_FLAGS HAT/OPEN R (audit)" fail open $file
# FAILURE TEST 3 (audit)
-genprofile flag:audit hat:open addimage:${bin}/open $file:$badperm1 flag:audit
+genprofile flag:audit hat:open "addimage:${bin}/open" $file:$badperm1 flag:audit
runchecktest "SD_FLAGS HAT/OPEN R (audit)" fail open $file
# complain alone
# PASS TEST 1 (complain)
-genprofile flag:complain hat:open addimage:${bin}/open $file:$okperm
+genprofile flag:complain hat:open "addimage:${bin}/open" $file:$okperm
runchecktest "SD_FLAGS HAT/OPEN RW (complain)" pass open $file
# PASS TEST 2 (complain)
-genprofile hat:open addimage:${bin}/open $file:$okperm flag:complain
+genprofile hat:open "addimage:${bin}/open" $file:$okperm flag:complain
runchecktest "SD_FLAGS HAT/OPEN RW (complain)" pass open $file
# PASS TEST 3 (complain)
-genprofile flag:complain hat:open addimage:${bin}/open $file:$okperm flag:complain
+genprofile flag:complain hat:open "addimage:${bin}/open" $file:$okperm flag:complain
runchecktest "SD_FLAGS HAT/OPEN RW (complain)" pass open $file
# FAILURE TEST 1 (complain)
-genprofile flag:complain hat:open addimage:${bin}/open $file:$badperm1
+genprofile flag:complain hat:open "addimage:${bin}/open" $file:$badperm1
runchecktest "SD_FLAGS HAT/OPEN R (complain)" fail open $file
# PASS TEST 4 (complain)
-genprofile hat:open addimage:${bin}/open $file:$badperm1 flag:complain
+genprofile hat:open "addimage:${bin}/open" $file:$badperm1 flag:complain
runchecktest "SD_FLAGS HAT/OPEN R (complain)" pass open $file
# PASS TEST 5 (complain)
-genprofile flag:complain hat:open addimage:${bin}/open $file:$badperm1 flag:complain
+genprofile flag:complain hat:open "addimage:${bin}/open" $file:$badperm1 flag:complain
runchecktest "SD_FLAGS HAT/OPEN R (complain)" pass open $file
# PASS TEST 6 (complain) no hat defined
@@ -116,10 +116,10 @@ runchecktest "SD_FLAGS HAT/OPEN R (complain)" pass open $file
# audit + complain
# PASS TEST 3 (audit+complain)
-genprofile flag:audit hat:open addimage:${bin}/open $file:$badperm1 flag:complain
+genprofile flag:audit hat:open "addimage:${bin}/open" $file:$badperm1 flag:complain
runchecktest "SD_FLAGS HAT/OPEN RW (audit+complain)" pass open $file
# FAILURE TEST 3 (complain+audit)
-genprofile flag:complain hat:open addimage:${bin}/open $file:$badperm1 flag:audit
+genprofile flag:complain hat:open "addimage:${bin}/open" $file:$badperm1 flag:audit
runchecktest "SD_FLAGS HAT/OPEN R (complain+audit)" fail open $file
diff --git a/tests/regression/apparmor/setattr.sh b/tests/regression/apparmor/setattr.sh
index b49fcd9bee527d5e744a655380540685926abb04..2c9b88e1edefec63ba141dfaf15288f6f8f82853 100644
--- a/tests/regression/apparmor/setattr.sh
+++ b/tests/regression/apparmor/setattr.sh
@@ -47,7 +47,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file=$tmpdir/file
dir="$tmpdir/dir/"
diff --git a/tests/regression/apparmor/socketpair.sh b/tests/regression/apparmor/socketpair.sh
index 5d94f4c1e4f33b361fe190edf2afb77f77223ba2..69839906b76e4f7d08c1247c54db6bb46a9bafc7 100755
--- a/tests/regression/apparmor/socketpair.sh
+++ b/tests/regression/apparmor/socketpair.sh
@@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
requires_kernel_features network/af_unix
diff --git a/tests/regression/apparmor/stackonexec.sh b/tests/regression/apparmor/stackonexec.sh
index b1e24062a0300f46a248d5a1ead64fc1de8b9cd7..e720e678dcf8bc4b715611fb2c8dcf5c7999c68d 100755
--- a/tests/regression/apparmor/stackonexec.sh
+++ b/tests/regression/apparmor/stackonexec.sh
@@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
requires_kernel_features domain/stack
settest transition
@@ -33,8 +33,8 @@ otherok="${otherfile}:${okperm}"
thirdok="${thirdfile}:${okperm}"
sharedok="${sharedfile}:${okperm}"
-getcon="/proc/*/attr/current:r"
-onexec="/proc/*/attr/exec:w"
+getcon="/proc/*/attr/{apparmor/,}current:r"
+onexec="/proc/*/attr/{apparmor/,}exec:w"
othertest="$pwd/rename"
thirdtest="$pwd/exec"
@@ -116,14 +116,16 @@ ns="ns"
prof="stackonexec"
nstest=":${ns}:${prof}"
# Verify file access and contexts by stacking a profile with a namespaced profile
-genprofile --stdin <<EOF
+genprofile image=$test --stdin <<EOF
$test {
file,
audit deny $otherfile $okperm,
audit deny $thirdfile $okperm,
change_profile -> &$nstest,
}
+EOF
+genprofile --append image=$nstest --stdin <<EOF
$nstest {
file,
audit deny $file $okperm,
@@ -166,8 +168,10 @@ runchecktest "STACKONEXEC (complain mode - okcon)" pass -o $othertest -- $test -
# Verify that stacking with a bare namespace is handled. The process is placed
# into the default profile of the namespace, which is unconfined.
-genprofile --stdin <<EOF
+genprofile image=$test --stdin <<EOF
$test { file, change_profile, }
+EOF
+genprofile --append image=$nstest --stdin <<EOF
$nstest { }
EOF
runchecktest "STACKONEXEC (bare :ns:)" pass -o ":${ns}:" -- $test -l unconfined -m "(null)"
diff --git a/tests/regression/apparmor/stackprofile.sh b/tests/regression/apparmor/stackprofile.sh
index 82cc3bb7ae37cb8e5d44649efd088ec1e35069cc..025332ca9f404170d0addb002de7d7ad1871c20a 100755
--- a/tests/regression/apparmor/stackprofile.sh
+++ b/tests/regression/apparmor/stackprofile.sh
@@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
requires_kernel_features domain/stack
settest transition
@@ -115,13 +115,15 @@ ns="ns"
prof="stackprofile"
nstest=":${ns}:${prof}"
# Verify file access and contexts by stacking a profile with a namespaced profile
-genprofile --stdin <<EOF
+genprofile image=$test --stdin <<EOF
$test {
file,
audit deny $otherfile $okperm,
change_profile -> &$nstest,
}
+EOF
+genprofile --append image=$nstest --stdin <<EOF
$nstest {
$otherfile $okperm,
$sharedfile $okperm,
@@ -167,8 +169,10 @@ runchecktest "STACKPROFILE (complain mode - file)" pass -p $othertest -f $file
runchecktest "STACKPROFILE (complain mode - okcon)" pass -p $othertest -l "${test}//&${othertest}" -m complain
# Verify that stacking with a bare namespace is handled
-genprofile --stdin <<EOF
+genprofile image=$test --stdin <<EOF
$test { file, change_profile, }
+EOF
+genprofile --append image=$nstest --stdin <<EOF
$nstest { }
EOF
runchecktest "STACKPROFILE (bare :ns:)" pass -p ":${ns}:"
diff --git a/tests/regression/apparmor/swap.sh b/tests/regression/apparmor/swap.sh
index 87b5c5c0b82b315dcf28710854da0cb3527b46ea..b12553ea63590d025a1441cac3ae476c67dedd88 100755
--- a/tests/regression/apparmor/swap.sh
+++ b/tests/regression/apparmor/swap.sh
@@ -21,22 +21,45 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
##
## A. SWAP
##
-# check if we can run the test at all
+swap_file=$tmpdir/swapfile
+
+# check if we can run the test in tmpdir
fstype=$(stat -f --format '%T' "${tmpdir}")
-if [ "${fstype}" = "tmpfs" ] ; then
- echo "ERROR: tmpdir '${tmpdir}' is of type tmpfs; can't mount a swapfile on it" 1>&2
- echo "ERROR: skipping swap tests" 1>&2
- num_testfailures=1
- exit
+if [ "${fstype}" = "tmpfs" ] || [ "${fstype}" = "zfs" ] \
+ || [ "${fstype}" = "btrfs" ]; then
+ # create a mountpoint not tmpfs, zfs, or btrfs
+ mount_file=$tmpdir/mountfile
+ mount_point=$tmpdir/mountpoint
+ fstype="ext2"
+ dd if=/dev/zero of=${mount_file} bs=1024 count=900 2> /dev/null
+ /sbin/mkfs -t${fstype} -F ${mount_file} > /dev/null 2> /dev/null
+ /bin/mkdir ${mount_point}
+
+ loop_device=$(losetup -f) || fatalerror 'Unable to find a free loop device'
+ /sbin/losetup "$loop_device" ${mount_file} > /dev/null 2> /dev/null
+
+ /bin/mount -n -t${fstype} ${loop_device} ${mount_point}
+
+ swap_file=$mount_point/swapfile
fi
-swap_file=$tmpdir/swapfile
+remove_mnt() {
+ mountpoint -q "${mount_point}"
+ if [ $? -eq 0 ] ; then
+ /bin/umount -t${fstype} ${mount_point}
+ fi
+ if [ -n "$loop_device" ]
+ then
+ /sbin/losetup -d ${loop_device} &> /dev/null
+ fi
+}
+do_onexit="remove_mnt"
# ppc64el wants this to be larger than 640KiB
# arm/small machines want this as small as possible
diff --git a/tests/regression/apparmor/symlink.sh b/tests/regression/apparmor/symlink.sh
index f288a754f4b8cb25f8676aa9709714e726b23271..d3f426c51ca9bbbb9216740534d24d0b135118f8 100755
--- a/tests/regression/apparmor/symlink.sh
+++ b/tests/regression/apparmor/symlink.sh
@@ -14,7 +14,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
src=$tmpdir/src1
target=$tmpdir/target
diff --git a/tests/regression/apparmor/syscall.sh b/tests/regression/apparmor/syscall.sh
index b9d68d4714cf6c19a69d2f68d316c1c363505280..721db98e3ea38b8d56c4c38f9a8949055a86b4d7 100755
--- a/tests/regression/apparmor/syscall.sh
+++ b/tests/regression/apparmor/syscall.sh
@@ -20,7 +20,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
##
## A. PTRACE
diff --git a/tests/regression/apparmor/syscall_sysctl.sh b/tests/regression/apparmor/syscall_sysctl.sh
index 647df403f59a3de1212951b753f7f250b29aa5b7..77742ec9d75a5b6fe462a5695c3ffd4b5eccf2df 100644
--- a/tests/regression/apparmor/syscall_sysctl.sh
+++ b/tests/regression/apparmor/syscall_sysctl.sh
@@ -20,7 +20,7 @@ sysctlbad=/proc/sys/kernel/sysrq
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
##
## C. SYSCTL
diff --git a/tests/regression/apparmor/sysv_ipc.sh b/tests/regression/apparmor/sysv_ipc.sh
new file mode 100755
index 0000000000000000000000000000000000000000..d68fcd594d65a84bf2fff3803460db9565f7bf47
--- /dev/null
+++ b/tests/regression/apparmor/sysv_ipc.sh
@@ -0,0 +1,9 @@
+# Test semaphores first, as they could be used for synchronization
+
+## TODO
+# sysv_sem.sh
+
+## TODO
+# sysv_shm.sh
+
+./sysv_mq.sh
diff --git a/tests/regression/apparmor/sysv_mq.h b/tests/regression/apparmor/sysv_mq.h
new file mode 100644
index 0000000000000000000000000000000000000000..d716947c7752e8b022a734cd39b8887f5244840b
--- /dev/null
+++ b/tests/regression/apparmor/sysv_mq.h
@@ -0,0 +1,35 @@
+#ifndef SYSV_MQ_H_
+#define SYSV_MQ_H_
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/ipc.h>
+#include <sys/sem.h>
+#include <sys/msg.h>
+#include <sys/stat.h>
+
+#define MQ_KEY (123)
+#define MQ_TYPE (0)
+#define SHM_KEY (456)
+#define SEM_KEY (789)
+#define OBJ_PERMS (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH)
+
+#define BUF_SIZE 1024
+struct msg_buf {
+ long mtype;
+ char mtext[BUF_SIZE];
+};
+
+union semun {
+ int val;
+ struct semid_ds *buf;
+ unsigned short *array;
+ struct seminfo *__buf;
+};
+
+
+char *msg = "hello world";
+
+#endif /* #ifndef SYSV_MQ_H_ */
diff --git a/tests/regression/apparmor/sysv_mq.sh b/tests/regression/apparmor/sysv_mq.sh
new file mode 100755
index 0000000000000000000000000000000000000000..3f83f3bb29606b3489cc55992c7db9632f946813
--- /dev/null
+++ b/tests/regression/apparmor/sysv_mq.sh
@@ -0,0 +1,171 @@
+#! /bin/bash
+#Copyright (C) 2022 Canonical, Ltd.
+#
+#This program is free software; you can redistribute it and/or
+#modify it under the terms of the GNU General Public License as
+#published by the Free Software Foundation, version 2 of the
+#License.
+
+#=NAME sysv_mq
+#=DESCRIPTION
+# This test verifies if mediation of sysv message queues is working
+#=END
+
+pwd=`dirname $0`
+pwd=`cd $pwd ; /bin/pwd`
+
+bin=$pwd
+
+. "$bin/prologue.inc"
+
+requires_kernel_features ipc/sysv_mqueue
+requires_parser_support "mqueue,"
+
+settest sysv_mq_rcv
+
+sender="$bin/sysv_mq_snd"
+receiver="$bin/sysv_mq_rcv"
+qkey=123
+qkey2=124
+semaphore=456
+
+user="foo"
+adduser --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --no-create-home --disabled-password $user >/dev/null
+echo "$user:password" | sudo chpasswd
+userid=$(id -u $user)
+
+# workaround to not have to set o+x
+chmod 6755 "$receiver"
+setcap cap_dac_read_search+pie "$receiver"
+
+cleanup()
+{
+ ipcrm --queue-key $qkey >/dev/null 2>&1
+ ipcrm --queue-key $qkey2 >/dev/null 2>&1
+ ipcrm --semaphore-key $semaphore >/dev/null 2>&1
+ deluser foo >/dev/null
+}
+do_onexit="cleanup"
+
+do_test()
+{
+ local desc="SYSV MQUEUE ($1)"
+ shift
+ runchecktest "$desc" "$@"
+}
+
+do_tests()
+{
+ prefix=$1
+ expect_send=$2
+
+ all_args=("$@")
+ rest_args=("${all_args[@]:2}")
+
+ do_test "$prefix" "$expect_send" -c "$sender" -k $qkey -s $semaphore "${rest_args[@]}"
+}
+
+for username in "root" "$userid" ; do
+ if [ $username = "root" ] ; then
+ usercmd=""
+ else
+ usercmd="-u $userid"
+ fi
+
+ do_tests "unconfined $username" pass $usercmd
+
+ # No mqueue perms
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "$sender:px" -- "image=$sender"
+ do_tests "confined $username - no perms" fail $usercmd
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "deny:mqueue" "$sender:px" -- "image=$sender" "deny mqueue"
+ do_tests "confined $username - deny perms" fail $usercmd
+
+ # generic mqueue
+ # 2 Potential failures caused by missing other x permission in path
+ # to tests. Usually on the user home dir as it is now default to
+ # create a user without that
+ # * if you seen a capability dac_read_search denied failure from
+ # apparmor when doing "root" username tests
+ # * if doing the $userid set of tests and you see
+ # Permission denied in the test output
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "mqueue" "$sender:px" -- "image=$sender" "mqueue"
+ do_tests "confined $username - mqueue" pass $usercmd
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "mqueue:type=sysv" "$sender:px" -- "image=$sender" "mqueue:type=sysv"
+ do_tests "confined $username - mqueue type=sysv" pass $usercmd
+
+ # queue name
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "mqueue:$qkey" "$sender:px" -- "image=$sender" "mqueue:$qkey"
+ do_tests "confined $username - mqueue /name 1" pass $usercmd
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "mqueue" "$sender:px" -- "image=$sender" "mqueue:$qkey"
+ do_tests "confined $username - mqueue /name 2" pass $usercmd
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "mqueue:$qkey" "$sender:px" -- "image=$sender" "mqueue"
+ do_tests "confined $username - mqueue /name 3" pass $usercmd
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "mqueue:$qkey" "$sender:px" -- "image=$sender" "mqueue:$qkey2"
+ do_tests "confined $username - mqueue /name 4" fail $usercmd -t 1
+
+
+ # specific permissions
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "mqueue:(create,read,delete,getattr,setattr)" "$sender:px" -- "image=$sender" "mqueue:(open,write)"
+ do_tests "confined $username - specific 1" pass $usercmd
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "mqueue:(read,delete,getattr,setattr)" "$sender:px" -- "image=$sender" "mqueue:(open,write)"
+ do_tests "confined $username - specific 2" fail $usercmd -t 1
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "mqueue:(create,delete,getattr,setattr)" "$sender:px" -- "image=$sender" "mqueue:(open,write)"
+ do_tests "confined $username - specific 3" fail $usercmd -t 1
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "mqueue:(create,read,getattr,setattr)" "$sender:px" -- "image=$sender" "mqueue:(open,write)"
+ do_tests "confined $username - specific 4" fail $usercmd -t 1
+ # we need to remove queue since the previous test didn't
+ ipcrm --queue-key $qkey >/dev/null 2>&1
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "mqueue:(create,read,delete,setattr)" "$sender:px" -- "image=$sender" "mqueue:(open,write)"
+ do_tests "confined $username - specific 5" pass $usercmd
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "mqueue:(create,read,delete,getattr)" "$sender:px" -- "image=$sender" "mqueue:(open,write)"
+ do_tests "confined $username - specific 6" pass $usercmd
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "mqueue:(create,read,delete,getattr,setattr)" "$sender:px" -- "image=$sender" "mqueue:(open,read)"
+ do_tests "confined $username - specific 7" fail $usercmd -t 1
+
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "mqueue:(create,read,delete,getattr,setattr)" "$sender:px" -- "image=$sender" "mqueue:write"
+ do_tests "confined $username - specific 7" fail $usercmd -t 1
+
+
+ # unconfined receiver
+ genprofile "image=$sender" "mqueue"
+ do_tests "confined sender $username - unconfined receiver" pass $usercmd
+
+
+ # unconfined sender
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "mqueue" "$sender:ux"
+ do_tests "confined receiver $username - unconfined sender" pass $usercmd
+
+
+ # queue label
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "mqueue:label=$receiver" "$sender:px" -- "image=$sender" "mqueue:label=$receiver"
+ do_tests "confined $username - mqueue label 1" xpass $usercmd
+
+
+ # queue name and label
+ genprofile "qual=deny:cap:sys_resource" "cap:setuid" "cap:fowner" "mqueue:(create,read,delete):type=sysv:label=$receiver:$qkey" "$sender:px" -- "image=$sender" "mqueue:(open,write):type=sysv:label=$receiver:$qkey"
+ do_tests "confined $username - mqueue label 2" xpass $usercmd
+
+
+ # ensure we are cleaned up for next pass
+ removeprofile
+done
+
+
+# confined root with cap ??override
+
+
+# confined root without cap ??override
+
+
+# deliver message by mtype (posix lacks this)
diff --git a/tests/regression/apparmor/sysv_mq_rcv.c b/tests/regression/apparmor/sysv_mq_rcv.c
new file mode 100644
index 0000000000000000000000000000000000000000..3fa1361be4a76b7ac8f9a0c9c4aeb9d7f496c1d9
--- /dev/null
+++ b/tests/regression/apparmor/sysv_mq_rcv.c
@@ -0,0 +1,187 @@
+#define _GNU_SOURCE
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+
+#include "sysv_mq.h"
+
+int timeout = 5; //seconds
+key_t mqkey = MQ_KEY;
+long mqtype = MQ_TYPE;
+key_t semkey = SEM_KEY;
+
+// missing getattr and setattr
+int receive_message(int qid, long qtype)
+{
+ struct msg_buf mb;
+ ssize_t nbytes;
+
+ nbytes = msgrcv(qid, &mb, sizeof(mb.mtext), qtype,
+ MSG_NOERROR | IPC_NOWAIT);
+ if (nbytes < 0) {
+ perror("FAIL - could not receive msg");
+ return EXIT_FAILURE;
+ }
+
+ mb.mtext[nbytes] = 0;
+
+ if (strncmp(mb.mtext, msg, BUF_SIZE) != 0) {
+ fprintf(stderr, "FAIL - msg received does not match: %s - %s\n", mb.mtext, msg);
+ return EXIT_FAILURE;
+ }
+
+ printf("PASS\n");
+ return EXIT_SUCCESS;
+}
+
+int receive(int qid, long qtype, int semid)
+{
+ struct sembuf sop;
+ sop.sem_num = 0;
+ sop.sem_op = 0;
+ sop.sem_flg = 0;
+
+ struct timespec ts;
+ ts.tv_sec = timeout;
+ ts.tv_nsec = 0;
+
+ if (semtimedop(semid, &sop, 1, &ts) < 0) {
+ perror("FAIL - could not wait for semaphore");
+ return EXIT_FAILURE;
+ }
+
+ return receive_message(qid, qtype);
+}
+
+static void usage(char *prog_name, char *msg)
+{
+ if (msg != NULL)
+ fprintf(stderr, "%s\n", msg);
+
+ fprintf(stderr, "Usage: %s [options]\n", prog_name);
+ fprintf(stderr, "Options are:\n");
+ fprintf(stderr, "-k message queue key (default is %d)\n", MQ_KEY);
+ fprintf(stderr, "-e message queue type (default is %d)\n", MQ_TYPE);
+ fprintf(stderr, "-c path of the client binary\n");
+ fprintf(stderr, "-u run test as specified UID\n");
+ fprintf(stderr, "-t timeout in seconds\n");
+ fprintf(stderr, "-s semaphore key (default is %d)\n", SEM_KEY);
+ exit(EXIT_FAILURE);
+}
+
+int main(int argc, char *argv[])
+{
+ int opt = 0;
+ char *client = NULL;
+ int uid;
+ int qid;
+ int semid;
+ int rc = EXIT_SUCCESS;
+ const int stringsize = 50;
+ char smqkey[stringsize];
+ char ssemkey[stringsize];
+
+ while ((opt = getopt(argc, argv, "k:c:u:t:e:s:")) != -1) {
+ switch (opt) {
+ case 'k':
+ mqkey = atoi(optarg);
+ break;
+ case 'c':
+ client = optarg;
+ if (client == NULL)
+ usage(argv[0], "-c option must specify the client binary\n");
+ break;
+ case 'u':
+ /* change file mode on output before setuid drops
+ * privs. This is required to make sure we can
+ * write to the output file and in some cases
+ * even exec with our inherited output file
+ *
+ * This assume test infrastructure creates the
+ * file as root and dups stderr to stdout
+ */
+ if (fchmod(fileno(stdout), 0666) == -1) {
+ perror("FAIL - could not set output file mode");
+ exit(EXIT_FAILURE);
+ }
+ if (fchmod(fileno(stderr), 0666) == -1) {
+ perror("FAIL - could not set output file mode");
+ exit(EXIT_FAILURE);
+ }
+ uid = atoi(optarg);
+ if (setuid(uid) < 0) {
+ perror("FAIL - could not setuid");
+ exit(EXIT_FAILURE);
+ }
+ break;
+ case 't':
+ timeout = atoi(optarg);
+ break;
+ case 'e':
+ mqtype = atoi(optarg);
+ break;
+ case 's':
+ semkey = atoi(optarg);
+ break;
+ default:
+ usage(argv[0], "Unrecognized option\n");
+ }
+ }
+
+
+ qid = msgget(mqkey, IPC_CREAT | OBJ_PERMS);
+ if (qid == -1) {
+ perror("FAIL - could not msgget");
+ return EXIT_FAILURE;
+ }
+
+ semid = semget(semkey, 1, IPC_CREAT | OBJ_PERMS);
+ if (semid == -1) {
+ perror("FAIL - could not get semaphore");
+ rc = EXIT_FAILURE;
+ goto out_mq;
+ }
+
+ union semun arg;
+ arg.val = 1;
+ if (semctl(semid, 0, SETVAL, arg) == -1) {
+ perror("FAIL - could not get semaphore");
+ rc = EXIT_FAILURE;
+ goto out;
+ }
+
+ /* exec the client */
+ int pid = fork();
+ if (pid == -1) {
+ perror("FAIL - could not fork");
+ rc = EXIT_FAILURE;
+ goto out;
+ } else if (!pid) {
+ if (client == NULL) {
+ usage(argv[0], "client not specified");
+ exit(EXIT_FAILURE);
+ /* execution of the main thread continues
+ * in case the client will be manually executed
+ */
+ }
+ snprintf(smqkey, stringsize - 1, "%d", mqkey);
+ snprintf(ssemkey, stringsize - 1, "%d", semkey);
+ execl(client, client, smqkey, ssemkey, NULL);
+ printf("FAIL %d - execl %s %d - %m\n", getuid(), client, mqkey);
+ exit(EXIT_FAILURE);
+ }
+
+ rc = receive(qid, mqtype, semid);
+out:
+ if (semctl(semid, 0, IPC_RMID) == -1) {
+ perror("FAIL - could not remove semaphore");
+ rc = EXIT_FAILURE;
+ }
+out_mq:
+ if (msgctl(qid, IPC_RMID, NULL) < 0) {
+ perror("FAIL - could not remove msg queue");
+ rc = EXIT_FAILURE;
+ }
+
+ return rc;
+}
diff --git a/tests/regression/apparmor/sysv_mq_snd.c b/tests/regression/apparmor/sysv_mq_snd.c
new file mode 100644
index 0000000000000000000000000000000000000000..35296072c21a51c3e716bb77e5f57a8822eca579
--- /dev/null
+++ b/tests/regression/apparmor/sysv_mq_snd.c
@@ -0,0 +1,55 @@
+#include "sysv_mq.h"
+
+int main(int argc, char *argv[])
+{
+ key_t mqkey = MQ_KEY;
+ key_t semkey = SEM_KEY;
+ long qtype = 1;
+ int qid, semid;
+ struct msg_buf mb;
+
+ if (argc != 1 && argc != 3) {
+ fprintf(stderr, "FAIL sender - specify values for message queue"
+ " key and semaphore key, respectively \n");
+ return EXIT_FAILURE;
+ }
+ if (argc > 1) {
+ mqkey = atoi(argv[1]);
+ semkey = atoi(argv[2]);
+ }
+
+ qid = msgget(mqkey, IPC_CREAT | OBJ_PERMS);
+ if (qid == -1) {
+ perror("FAIL sender - could not msgget");
+ exit(EXIT_FAILURE);
+ }
+
+ semid = semget(semkey, 1, IPC_CREAT | OBJ_PERMS);
+ if (semid == -1) {
+ perror("FAIL sender - could not get semaphore");
+ exit(EXIT_FAILURE);
+ }
+
+ snprintf(mb.mtext, sizeof(mb.mtext), "%s", msg);
+ mb.mtype = qtype;
+
+ if (msgsnd(qid, &mb, sizeof(struct msg_buf),
+ IPC_NOWAIT) == -1) {
+ perror("FAIL sender - could not msgsnd");
+ exit(EXIT_FAILURE);
+ }
+
+ /* notify using semaphore */
+
+ struct sembuf sop;
+ sop.sem_num = 0;
+ sop.sem_op = -1;
+ sop.sem_flg = 0;
+
+ if (semop(semid, &sop, 1) == -1) {
+ perror("FAIL sender - could not notify using semaphore");
+ exit(EXIT_FAILURE);
+ }
+
+ return EXIT_SUCCESS;
+}
diff --git a/tests/regression/apparmor/task.yaml b/tests/regression/apparmor/task.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..cb1ff391eca21f0d6acd73583ce5fab79d3afea9
--- /dev/null
+++ b/tests/regression/apparmor/task.yaml
@@ -0,0 +1,136 @@
+summary: run all of the apparmor regression test suite
+# See spread.yaml for the code which verifies that nothing is missing from this list of variants
+environment:
+ TEST/aa_exec: 1
+ TEST/aa_policy_cache: 1
+ TEST/access: 1
+ TEST/at_secure: 1
+ TEST/attach_disconnected: 1
+ TEST/capabilities: 1
+ TEST/changehat: 1
+ TEST/changehat_fork: 1
+ TEST/changehat_misc: 1
+ TEST/changeprofile: 1
+ TEST/chdir: 1
+ TEST/clone: 1
+ TEST/complain: 1
+ TEST/coredump: 1
+ TEST/dbus_eavesdrop: 1
+ TEST/dbus_message: 1
+ TEST/dbus_service: 1
+ TEST/dbus_unrequested_reply: 1
+ TEST/deleted: 1
+ TEST/e2e: 1
+ TEST/environ: 1
+ TEST/exec: 1
+ TEST/exec_qual: 1
+ TEST/exec_stack: 1
+ TEST/fchdir: 1
+ TEST/fd_inheritance: 1
+ TEST/file_unbindable_mount: 1
+ TEST/fork: 1
+ TEST/i18n: 1
+ TEST/introspect: 1
+ TEST/io_uring: 1
+ TEST/link: 1
+ TEST/link_subset: 1
+ TEST/longpath: 1
+ TEST/mkdir: 1
+ TEST/mmap: 1
+ TEST/mount: 1
+ TEST/mult_mount: 1
+ TEST/named_pipe: 1
+ TEST/namespaces: 1
+ TEST/net_raw: 1
+ TEST/nfs: 1
+ TEST/nnp: 1
+ TEST/onexec: 1
+ TEST/open: 1
+ TEST/openat: 1
+ TEST/overlayfs_fuse: 1
+ TEST/overlayfs_kernel: 1
+ TEST/pipe: 1
+ TEST/pivot_root: 1
+ TEST/posix_ipc: 1
+ TEST/ptrace: 1
+ TEST/pwrite: 1
+ TEST/query_label: 1
+ TEST/readdir: 1
+ TEST/regex: 1
+ TEST/rename: 1
+ TEST/rw: 1
+ TEST/sd_flags: 1
+ TEST/setattr: 1
+ TEST/socketpair: 1
+ TEST/stackonexec: 1
+ TEST/stackprofile: 1
+ TEST/swap: 1
+ TEST/symlink: 1
+ TEST/syscall: 1
+ TEST/sysv_ipc: 1
+ TEST/tcp: 1
+ TEST/unix_fd_server: 1
+ TEST/unix_socket_abstract: 1
+ TEST/unix_socket_autobind: 1
+ TEST/unix_socket_pathname: 1
+ TEST/unix_socket_unnamed: 1
+ TEST/unlink: 1
+ TEST/userns: 1
+ TEST/xattrs: 1
+ TEST/xattrs_profile: 1
+ # Some tests are currently failing. Those are listed below. For each variant
+ # listed above, the XFAIL variable contains a list of spread systems where this
+ # test is expected to fail.
+ #
+ # Error: unix_fd_server passed. Test 'ATTACH_DISCONNECTED (attach_disconnected.path rule at /)' was expected to 'fail'
+ XFAIL/attach_disconnected: opensuse-cloud-tumbleweed debian-cloud-12 debian-cloud-13 ubuntu-cloud-22.04
+ # Error: unix_fd_server failed. Test 'fd passing; unconfined client' was expected to 'pass'. Reason for failure 'FAIL - bind failed: Permission denied'
+ # Error: unix_fd_server failed. Test 'fd passing; confined client w/ rw' was expected to 'pass'. Reason for failure 'FAIL - bind failed: Permission denied'
+ XFAIL/deleted: opensuse-cloud-tumbleweed debian-cloud-12 debian-cloud-13
+ # Error: unix_fd_server failed. Test 'fd passing; confined -> unconfined' was expected to 'pass'. Reason for failure 'FAIL - bind failed: Permission denied'
+ # Error: unix_fd_server failed. Test 'fd passing; unconfined -> confined' was expected to 'pass'. Reason for failure 'FAIL CLIENT - connect Permission denied'
+ # Error: unix_fd_server failed. Test 'fd passing; unconfined -> confined (no perm)' was expected to 'pass'. Reason for failure 'FAIL CLIENT - connect Permission denied'
+ # Error: unix_fd_server failed. Test 'fd passing; confined -> confined' was expected to 'pass'. Reason for failure 'FAIL - bind failed: Permission denied'
+ XFAIL/unix_fd_server: opensuse-cloud-tumbleweed debian-cloud-12 debian-cloud-13
+ # Error: unix_socket failed. Test 'AF_UNIX pathname socket (stream); confined server w/ access (rw)' was expected to 'pass'. Reason for failure 'FAIL - setsockopt (SO_RCVTIMEO): Permission denied'
+ # Error: unix_socket passed. Test 'AF_UNIX pathname socket (stream); confined server w/ a missing af_unix access (create)' was expected to 'fail'
+ # Error: unix_socket failed. Test 'AF_UNIX pathname socket (stream); confined client w/ access (rw)' was expected to 'pass'. Reason for failure 'FAIL - setsockopt (SO_RCVTIMEO): Permission denied'
+ # xpass: AF_UNIX pathname socket (dgram); confined server w/ access (rw)
+ # Error: unix_socket passed. Test 'AF_UNIX pathname socket (dgram); confined server w/ a missing af_unix access (create)' was expected to 'fail'
+ # xpass: AF_UNIX pathname socket (dgram); confined client w/ access (rw)
+ # Error: unix_socket failed. Test 'AF_UNIX pathname socket (seqpacket); confined server w/ access (rw)' was expected to 'pass'. Reason for failure 'FAIL - setsockopt (SO_RCVTIMEO): Permission denied'
+ # Error: unix_socket passed. Test 'AF_UNIX pathname socket (seqpacket); confined server w/ a missing af_unix access (create)' was expected to 'fail'
+ # Error: unix_socket failed. Test 'AF_UNIX pathname socket (seqpacket); confined client w/ access (rw)' was expected to 'pass'. Reason for failure 'FAIL - setsockopt (SO_RCVTIMEO): Permission denied'
+ XFAIL/unix_socket_pathname: opensuse-cloud-tumbleweed debian-cloud-12 debian-cloud-13
+artifacts:
+ - bash.log
+ - bash.err
+ - bash.trace
+execute: |
+ # Run the shell script that is named after the spread variant we are running
+ # now. The makefile runs them all sequentially via the "alltests" goal. Here
+ # we can parallelize it through spread and also have a way to run precisely
+ # the test we want, especially for debugging.
+ if ! BASH_XTRACEFD=42 bash -x "$SPREAD_VARIANT".sh >bash.log 2>bash.err 42>bash.trace; then
+ for xfail in ${XFAIL:-}; do
+ if [ "$SPREAD_SYSTEM" = "$xfail" ]; then
+ echo "Ignoring expected failure of $SPREAD_TASK on $SPREAD_SYSTEM"
+ exit 0
+ fi
+ done
+
+ echo "Test $SPREAD_VARIANT has unexpectedly failed"
+ echo "Test execution logs are in the files bash.{log,err,trace} and are collected as artifacts"
+ echo "Bash errors are listed below:"
+ cat bash.err
+ echo "Tail of the trace is:"
+ tail bash.trace
+ exit 1
+ else
+ for xfail in ${XFAIL:-}; do
+ if [ "$SPREAD_SYSTEM" = "$xfail" ]; then
+ echo "Test $SPREAD_VARIANT has unexpectedly passed"
+ exit 1
+ fi
+ done
+ fi
diff --git a/tests/regression/apparmor/tcp.sh b/tests/regression/apparmor/tcp.sh
index 4d27b7bb4cb6d8bb4ef80de252bd2fbd9bb790d5..4e5ea68823035fed7fa38691fa45c20bd0c024e1 100755
--- a/tests/regression/apparmor/tcp.sh
+++ b/tests/regression/apparmor/tcp.sh
@@ -20,7 +20,7 @@ bin=$pwd
# kernel feature supported
# need to be able to query the parser if it supports the
# kernel feature
-. $bin/prologue.inc
+. "$bin/prologue.inc"
requires_any_of_kernel_features network network_v8
port=34567
@@ -35,6 +35,12 @@ runchecktest "TCP (no apparmor)" pass $port
genprofile
runchecktest "TCP (accept, connect) no network rules" fail $port
+if [ "$(parser_supports 'all,')" = "true" ]; then
+ # PASS TEST - allow all
+ genprofile "all"
+ runchecktest "TCP (allow all)" pass $port
+fi
+
# PASS TEST - allow tcp
genprofile network:tcp
runchecktest "TCP (accept, connect) allow tcp" pass $port
diff --git a/tests/regression/apparmor/unix_fd_server.sh b/tests/regression/apparmor/unix_fd_server.sh
index 6bf966c09c8bb43782e73a25d1bdf262c5ae86d9..92624f3fe8f19b3bc8a508657a2c606611fc992a 100755
--- a/tests/regression/apparmor/unix_fd_server.sh
+++ b/tests/regression/apparmor/unix_fd_server.sh
@@ -18,7 +18,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file=${tmpdir}/file
socket=${tmpdir}/unix_fd_test
@@ -100,7 +100,6 @@ sleep 1
rm -f ${socket}
# PASS - confined -> confined
-echo "PASS-----------------------------------------"
genprofile $file:$okperm $af_unix $socket:rw $fd_client:px -- image=$fd_client $file:$okperm $af_unix $socket:rw
runchecktest "fd passing; confined -> confined" pass $file $fd_client $socket
diff --git a/tests/regression/apparmor/unix_socket.inc b/tests/regression/apparmor/unix_socket.inc
index 905c99c6f23934381340a76d1f5e291cf3b0971a..6d6c60fd46f62198027abba99cc912ce9ac232e3 100644
--- a/tests/regression/apparmor/unix_socket.inc
+++ b/tests/regression/apparmor/unix_socket.inc
@@ -71,6 +71,11 @@ do_test()
desc+=" confined $test_prog"
+ if [ "$(parser_supports 'all,')" = "true" ]; then
+ $genprof "all"
+ runchecktest "$desc (allow all)" pass $args
+ fi
+
$genprof "unix:ALL"
runchecktest "$desc (implicit perms)" pass $args
diff --git a/tests/regression/apparmor/unix_socket_abstract.sh b/tests/regression/apparmor/unix_socket_abstract.sh
index 21c35e2630ad8dade66be8508a961a38fad40d0e..a1e4969503a12a6aeeb7a510b6d92736eb176a33 100644
--- a/tests/regression/apparmor/unix_socket_abstract.sh
+++ b/tests/regression/apparmor/unix_socket_abstract.sh
@@ -26,8 +26,8 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
-. $bin/unix_socket.inc
+. "$bin/prologue.inc"
+. "$bin/unix_socket.inc"
requires_kernel_features policy/versions/v7
requires_kernel_features network/af_unix
requires_parser_support "unix,"
diff --git a/tests/regression/apparmor/unix_socket_autobind.sh b/tests/regression/apparmor/unix_socket_autobind.sh
index 3a183d7534298f4ead52f456163e4b10092106be..de0a3774f71051159c1dea2cf7e6787f632d53ce 100644
--- a/tests/regression/apparmor/unix_socket_autobind.sh
+++ b/tests/regression/apparmor/unix_socket_autobind.sh
@@ -31,8 +31,8 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
-. $bin/unix_socket.inc
+. "$bin/prologue.inc"
+. "$bin/unix_socket.inc"
requires_kernel_features policy/versions/v7
requires_kernel_features network/af_unix
requires_parser_support "unix,"
diff --git a/tests/regression/apparmor/unix_socket_pathname.sh b/tests/regression/apparmor/unix_socket_pathname.sh
index 1566ec1368194666bda3c0549ef4db1db6d1bea2..379786d4a1cf3964b9c610ce50fb080bb3bac5f4 100755
--- a/tests/regression/apparmor/unix_socket_pathname.sh
+++ b/tests/regression/apparmor/unix_socket_pathname.sh
@@ -26,7 +26,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
requires_kernel_features policy/versions/v6
#af_mask for downgrade test af_unix for full test
requires_any_of_kernel_features network/af_mask network_v8/af_mask
@@ -112,19 +112,19 @@ testsocktype()
# PASS - server w/ access to the file
- genprofile $sockpath:$okserver $af_unix $client:Ux
+ genprofile $sockpath:$okserver $af_unix "$client:Ux"
runchecktest "$testdesc; confined server w/ access ($okserver)" $ex_result $args
removesockets $sockpath $client_sockpath
# FAIL - server w/o access to the file
- genprofile $af_unix $client:Ux
+ genprofile $af_unix "$client:Ux"
runchecktest "$testdesc; confined server w/o access" fail $args
removesockets $sockpath $client_sockpath
# FAIL - server w/ bad access to the file
- genprofile $sockpath:$badserver1 $af_unix $client:Ux
+ genprofile $sockpath:$badserver1 $af_unix "$client:Ux"
runchecktest "$testdesc; confined server w/ bad access ($badserver1)" fail $args
removesockets $sockpath $client_sockpath
@@ -133,7 +133,7 @@ testsocktype()
if [ -n "$badserver2" ] ; then
# FAIL - server w/ bad access to the file
- genprofile $sockpath:$badserver2 $af_unix $client:Ux
+ genprofile $sockpath:$badserver2 $af_unix "$client:Ux"
runchecktest "$testdesc; confined server w/ bad access ($badserver2)" fail $args
removesockets $sockpath $client_sockpath
@@ -142,7 +142,7 @@ testsocktype()
if [ -n "$af_unix_okserver" ] ; then
# FAIL - server w/o af_unix access
- genprofile $sockpath:$okserver $client:Ux
+ genprofile $sockpath:$okserver "$client:Ux"
runchecktest "$testdesc; confined server w/o af_unix" fail $args
removesockets $sockpath $client_sockpath
@@ -152,7 +152,7 @@ testsocktype()
for access in ${af_unix_okserver//,/ }; do
# FAIL - server w/ a missing af_unix access
- genprofile $sockpath:$okserver "unix:(${af_unix_okserver//$access/})" $client:Ux
+ genprofile $sockpath:$okserver "unix:(${af_unix_okserver//$access/})" "$client:Ux"
runchecktest "$testdesc; confined server w/ a missing af_unix access ($access)" fail $args
removesockets $sockpath $client_sockpath
done
@@ -170,32 +170,32 @@ testsocktype()
# PASS - client w/ access to the file
- genprofile $server -- image=$client $sockpath:$okclient $af_unix
+ genprofile $server -- "image=$client" $sockpath:$okclient $af_unix
runchecktest "$testdesc; confined client w/ access ($okclient)" $ex_result $args
removesockets $sockpath $client_sockpath
# FAIL - client w/o access to the file
- genprofile $server -- image=$client $af_unix
+ genprofile $server -- "image=$client" $af_unix
runchecktest "$testdesc; confined client w/o access" fail $args
removesockets $sockpath $client_sockpath
# FAIL - client w/ bad access to the file
- genprofile $server -- image=$client $sockpath:$badclient1 $af_unix
+ genprofile $server -- "image=$client" $sockpath:$badclient1 $af_unix
runchecktest "$testdesc; confined client w/ bad access ($badclient1)" fail $args
removesockets $sockpath $client_sockpath
# FAIL - client w/ bad access to the file
- genprofile $server -- image=$client $sockpath:$badclient2
+ genprofile $server -- "image=$client" $sockpath:$badclient2
runchecktest "$testdesc; confined client w/ bad access ($badclient2)" fail $args
removesockets $sockpath $client_sockpath
if [ -n "$af_unix_okclient" ] ; then
# FAIL - client w/o af_unix access
- genprofile $server -- image=$client $sockpath:$okclient
+ genprofile $server -- "image=$client" $sockpath:$okclient
runchecktest "$testdesc; confined client w/o af_unix" fail $args
removesockets $sockpath $client_sockpath
@@ -205,7 +205,7 @@ testsocktype()
for access in ${af_unix_okclient//,/ }; do
# FAIL - client w/ a missing af_unix access
- genprofile $server -- image=$client $sockpath:$okclient "unix:(${af_unix_okclient//$access/})"
+ genprofile $server -- "image=$client" $sockpath:$okclient "unix:(${af_unix_okclient//$access/})"
runchecktest "$testdesc; confined client w/ a missing af_unix access ($access)" fail $args
removesockets $sockpath $client_sockpath
done
diff --git a/tests/regression/apparmor/unix_socket_unnamed.sh b/tests/regression/apparmor/unix_socket_unnamed.sh
index 66bea0a5cc45d5e7b4d917c88f15fde3899c1a98..f1b3102c0a9644ad7a82afab30b4f6022194c7fc 100644
--- a/tests/regression/apparmor/unix_socket_unnamed.sh
+++ b/tests/regression/apparmor/unix_socket_unnamed.sh
@@ -26,8 +26,8 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
-. $bin/unix_socket.inc
+. "$bin/prologue.inc"
+. "$bin/unix_socket.inc"
requires_kernel_features policy/versions/v7
requires_kernel_features network/af_unix
requires_parser_support "unix,"
diff --git a/tests/regression/apparmor/unlink.sh b/tests/regression/apparmor/unlink.sh
index 2683a3a134cf2d742a35d71755e8de7ab16cad6f..34821513bdac1ba64a4a0e0a4fab17edf2782628 100755
--- a/tests/regression/apparmor/unlink.sh
+++ b/tests/regression/apparmor/unlink.sh
@@ -17,7 +17,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file=$tmpdir/file
okperm=rwix
diff --git a/tests/regression/apparmor/userns.c b/tests/regression/apparmor/userns.c
new file mode 100644
index 0000000000000000000000000000000000000000..6827dac10e46d660666cef18a96a418ca8e23701
--- /dev/null
+++ b/tests/regression/apparmor/userns.c
@@ -0,0 +1,216 @@
+/*
+ * Copyright (C) 2022 Canonical, Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Canonical Ltd.
+ */
+
+#define _GNU_SOURCE
+#include <sched.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <linux/limits.h>
+#include "pipe_helper.h"
+
+static void usage(char *pname)
+{
+ fprintf(stderr, "Usage: %s [options]\n", pname);
+ fprintf(stderr, "Options can be:\n");
+ fprintf(stderr, " -c create user namespace using clone\n");
+ fprintf(stderr, " -u create user namespace using unshare\n");
+ fprintf(stderr, " -s create user namespace using setns. requires the path of binary that will create the user namespace\n");
+ fprintf(stderr, " -p named pipe path. used by setns\n");
+ exit(EXIT_FAILURE);
+}
+
+#define STACK_SIZE (1024 * 1024)
+static char child_stack[STACK_SIZE];
+
+static int child(void *arg)
+{
+ return EXIT_SUCCESS;
+}
+
+#ifndef __NR_pidfd_open
+#define __NR_pidfd_open 434 /* System call # on most architectures */
+#endif
+
+static int
+pidfd_open(pid_t pid, unsigned int flags)
+{
+ return syscall(__NR_pidfd_open, pid, flags);
+}
+
+int userns_setns(char *client, char *pipename)
+{
+ int userns, exit_status, ret;
+ char *parentpipe = NULL, *childpipe = NULL;
+ int parentpipefd;
+
+ if (get_pipes(pipename, &parentpipe, &childpipe) == -1) {
+ fprintf(stderr, "FAIL - failed to allocate pipes\n");
+ ret = EXIT_FAILURE;
+ goto out;
+ }
+
+ if (mkfifo(parentpipe, 0666) == -1)
+ perror("FAIL - setns parent mkfifo");
+
+ /* exec the client */
+ int pid = fork();
+ if (pid == -1) {
+ perror("FAIL - could not fork");
+ ret = EXIT_FAILURE;
+ goto out;
+ } else if (!pid) {
+ execl(client, client, pipename, NULL);
+ printf("FAIL %d - execlp %s %s- %m\n", getuid(), client, pipename);
+ ret = EXIT_FAILURE;
+ goto out;
+ }
+
+ parentpipefd = open_read_pipe(parentpipe);
+ if (parentpipefd == -1) {
+ fprintf(stderr, "FAIL - couldn't open parent pipe\n");
+ ret = EXIT_FAILURE;
+ goto out;
+ }
+
+ if (read_from_pipe(parentpipefd) == -1) { // wait for child to unshare
+ fprintf(stderr, "FAIL - parent could not read from pipe\n");
+ ret = EXIT_FAILURE;
+ goto out;
+ }
+
+ userns = pidfd_open(pid, 0);
+ if (userns == -1) {
+ perror("FAIL - pidfd_open");
+ ret = EXIT_FAILURE;
+ goto out;
+ }
+
+ // enter child namespace
+ if (setns(userns, CLONE_NEWUSER) == -1) {
+ perror("FAIL - setns");
+ ret = EXIT_FAILURE;
+ }
+
+ if (write_to_pipe(childpipe) == -1) { // let child finish
+ fprintf(stderr, "FAIL - child could not write in pipe\n");
+ ret = EXIT_FAILURE;
+ goto out;
+ }
+
+ if (waitpid(pid, &exit_status, 0) == -1) {
+ perror("FAIL - setns waitpid");
+ ret = EXIT_FAILURE;
+ goto out;
+ }
+
+ if (WIFEXITED(exit_status)) {
+ if (WEXITSTATUS(exit_status) != 0) {
+ fprintf(stderr, "FAIL - setns child ended with failure %d\n", exit_status);
+ ret = EXIT_FAILURE;
+ goto out;
+ }
+ }
+
+ ret = EXIT_SUCCESS;
+out:
+ if (unlink(parentpipe) == -1)
+ perror("FAIL - could not remove parentpipe");
+ free(parentpipe);
+ free(childpipe);
+ return ret;
+}
+
+int userns_unshare()
+{
+ if (unshare(CLONE_NEWUSER) == -1) {
+ perror("FAIL - unshare");
+ return EXIT_FAILURE;
+ }
+ return child(NULL);
+}
+
+int userns_clone()
+{
+ pid_t child_pid;
+ int child_exit;
+
+ child_pid = clone(child, child_stack + STACK_SIZE,
+ CLONE_NEWUSER | SIGCHLD, NULL);
+ if (child_pid == -1) {
+ perror("FAIL - clone");
+ return EXIT_FAILURE;
+ }
+
+ if (waitpid(child_pid, &child_exit, 0) == -1) {
+ perror("FAIL - clone waitpid");
+ return EXIT_FAILURE;
+ }
+
+ if (WIFEXITED(child_exit)) {
+ if (WEXITSTATUS(child_exit) != EXIT_SUCCESS) {
+ fprintf(stderr, "FAIL - child ended with failure %d\n", child_exit);
+ return EXIT_FAILURE;
+ }
+ }
+
+ return EXIT_SUCCESS;
+}
+
+enum op {
+ CLONE,
+ UNSHARE,
+ SETNS,
+};
+
+int main(int argc, char *argv[])
+{
+ int opt, ret = 0, op;
+ char *client = "userns_setns";
+ char *pipename = "/tmp/userns_pipe";
+
+ while ((opt = getopt(argc, argv, "us:cp:")) != -1) {
+ switch (opt) {
+ case 'c': op = CLONE; break;
+ case 'u': op = UNSHARE; break;
+ case 's':
+ op = SETNS;
+ client = optarg;
+ break;
+ case 'p':
+ pipename = optarg;
+ break;
+ default: usage(argv[0]);
+ }
+ }
+
+ if (op == CLONE)
+ ret = userns_clone();
+ else if (op == UNSHARE)
+ ret = userns_unshare();
+ else if (op == SETNS) {
+ ret = userns_setns(client, pipename);
+ }
+ else
+ fprintf(stderr, "FAIL - user namespace method not defined\n");
+
+ if (ret == EXIT_SUCCESS)
+ printf("PASS\n");
+ return ret;
+}
diff --git a/tests/regression/apparmor/userns.sh b/tests/regression/apparmor/userns.sh
new file mode 100755
index 0000000000000000000000000000000000000000..097ba96c543057a2f6e2544e4649fb75d9ee7e29
--- /dev/null
+++ b/tests/regression/apparmor/userns.sh
@@ -0,0 +1,160 @@
+#! /bin/bash
+#Copyright (C) 2022 Canonical, Ltd.
+#
+#This program is free software; you can redistribute it and/or
+#modify it under the terms of the GNU General Public License as
+#published by the Free Software Foundation, version 2 of the
+#License.
+
+#=NAME userns
+#=DESCRIPTION
+# This test verifies if mediation of user namespaces is working
+#=END
+
+pwd=`dirname $0`
+pwd=`cd $pwd ; /bin/pwd`
+
+bin=$pwd
+
+. "$bin/prologue.inc"
+
+requires_kernel_features namespaces/mask/userns_create
+requires_parser_support "userns,"
+
+userns_bin=$bin/userns
+userns_setns_bin=$bin/userns_setns
+pipe=/tmp/pipe
+parentpipe="$pipe"1
+childpipe="$pipe"2
+
+apparmor_restrict_unprivileged_userns_path=/proc/sys/kernel/apparmor_restrict_unprivileged_userns
+if [ ! -e $apparmor_restrict_unprivileged_userns_path ]; then
+ echo "$apparmor_restrict_unprivileged_userns_path not available. Skipping tests ..."
+ exit 0
+fi
+
+apparmor_restrict_unprivileged_userns=$(cat $apparmor_restrict_unprivileged_userns_path)
+
+unprivileged_userns_clone_path=/proc/sys/kernel/unprivileged_userns_clone
+if [ -e $unprivileged_userns_clone_path ]; then
+ unprivileged_userns_clone=$(cat $unprivileged_userns_clone_path)
+fi
+
+restore_userns()
+{
+ echo $apparmor_restrict_unprivileged_userns > $apparmor_restrict_unprivileged_userns_path
+}
+do_onexit="restore_userns"
+
+do_test()
+{
+ local desc="USERNS ($1)"
+ expect_root=$2
+ expect_user=$3
+ expect_setns_root=$4
+ expect_setns_user=$5
+ generate_profile=$6
+
+ if [ ! -z "$generate_profile" ]; then
+ # add profile for userns_setns_bin
+ # ptrace is needed because userns_bin needs to
+ # access userns_setns_bin's /proc/pid/ns/user
+ generate_setns_profile="$generate_profile $userns_setns_bin:px $parentpipe:rw $childpipe:rw cap:sys_ptrace ptrace:read -- image=$userns_setns_bin userns $parentpipe:rw $childpipe:wr ptrace:readby cap:sys_admin"
+ fi
+
+ settest userns
+ $generate_profile # settest removes the profile, so load it here
+ runchecktest "$desc clone - root" $expect_root -c # clone
+ runchecktest "$desc unshare - root" $expect_root -u # unshare
+
+ $generate_setns_profile
+ runchecktest "$desc setns - root" $expect_setns_root -s "$userns_setns_bin" -p $pipe # setns
+
+ settest -u "foo" userns # run tests as user foo
+ $generate_profile # settest removes the profile, so load it here
+ runchecktest "$desc clone - user" $expect_user -c # clone
+ runchecktest "$desc unshare - user" $expect_user -u # unshare
+
+ $generate_setns_profile
+ runchecktest "$desc setns - user" $expect_setns_user -s "$userns_setns_bin" -p $pipe # setns
+}
+
+if [ -e $unprivileged_userns_clone_path ] && [ $unprivileged_userns_clone -eq 0 ]; then
+ echo "WARN: unprivileged_userns_clone is enabled. Both confined and unconfined unprivileged user namespaces are not allowed"
+
+ detail="unprivileged_userns_clone disabled"
+ do_test "unconfined - $detail" pass fail pass fail
+
+ generate_profile="genprofile userns cap:sys_admin"
+ do_test "confined all perms $detail" pass fail pass fail "$generate_profile"
+
+ generate_profile="genprofile cap:sys_admin"
+ do_test "confined no perms $detail" fail fail pass fail "$generate_profile"
+
+ generate_profile="genprofile userns:create cap:sys_admin"
+ do_test "confined specific perms $detail" pass fail pass fail "$generate_profile"
+
+ exit 0
+fi
+
+
+# confined tests should have the same results if apparmor_restrict_unprivileged_userns is enabled or not
+run_confined_tests()
+{
+ if [ "$(parser_supports 'all,')" = "true" ]; then
+ generate_profile="genprofile all"
+ do_test "confined allow all $1" pass pass pass pass "$generate_profile"
+ fi
+
+ generate_profile="genprofile userns"
+ do_test "confined all perms $1" pass pass fail fail "$generate_profile"
+
+ generate_profile="genprofile"
+ do_test "confined no perms $1" fail fail fail fail "$generate_profile"
+
+ generate_profile="genprofile userns:create"
+ do_test "confined specific perms $1" pass pass fail fail "$generate_profile"
+
+ # setns tests only pass is cap_sys_admin regardless of apparmor permissions
+ # it only associates to the already created user namespace
+ generate_profile="genprofile userns cap:sys_admin"
+ do_test "confined specific perms $1" pass pass pass pass "$generate_profile"
+
+ generate_profile="genprofile cap:sys_admin"
+ do_test "confined specific perms $1" fail fail pass pass "$generate_profile"
+}
+
+# ----------------------------------------------------
+# disable restrictions on unprivileged user namespaces
+echo 0 > $apparmor_restrict_unprivileged_userns_path
+
+detail="apparmor_restrict_unprivileged_userns disabled"
+do_test "unconfined - $detail" pass pass pass pass
+
+run_confined_tests "$detail"
+
+# ----------------------------------------------------
+# enable restrictions on unprivileged user namespaces
+echo 1 > $apparmor_restrict_unprivileged_userns_path
+
+user_testresult=fail
+# check if kernel supports the transition of unconfined to
+# unprivileged_userns on unprivileged unshare/clone.
+# the unprivileged_userns profile also needs to be loaded
+if [ "$(kernel_features namespaces/userns_create/pciu&)" == "true" ] && \
+ grep -q unprivileged_userns /sys/kernel/security/apparmor/profiles; then
+ user_testresult=pass
+fi
+
+detail="apparmor_restrict_unprivileged_userns enabled"
+# user cannot create user namespace unless cap_sys_admin
+# exceptions described above
+do_test "unconfined $detail" pass $user_testresult pass pass
+
+# it should work when running as user with cap_sys_admin
+setcap cap_sys_admin+pie "$bin/userns"
+do_test "unconfined cap_sys_admin $detail" pass pass pass pass
+# remove cap_sys_admin from binary
+setcap cap_sys_admin= "$bin/userns"
+
+run_confined_tests "$detail"
diff --git a/tests/regression/apparmor/userns_setns.c b/tests/regression/apparmor/userns_setns.c
new file mode 100644
index 0000000000000000000000000000000000000000..789e47387fd76d9acc1872aa886d198c8ae7acad
--- /dev/null
+++ b/tests/regression/apparmor/userns_setns.c
@@ -0,0 +1,58 @@
+#define _GNU_SOURCE
+#include <sched.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include "pipe_helper.h"
+
+int main(int argc, char *argv[])
+{
+ int ret = EXIT_FAILURE;
+ char *pipename = "/tmp/userns_pipe";
+ char *parentpipe = NULL, *childpipe = NULL;
+ int childpipefd;
+
+ if (argc > 1)
+ pipename = argv[1];
+
+ if (get_pipes(pipename, &parentpipe, &childpipe) == -1) {
+ fprintf(stderr, "FAIL - failed to allocate pipes\n");
+ goto out;
+ }
+
+ if (mkfifo(childpipe, 0666) == -1) {
+ perror("FAIL - setns child mkfifo");
+ goto out;
+ }
+
+ childpipefd = open_read_pipe(childpipe);
+ if (childpipefd == -1) {
+ fprintf(stderr, "FAIL - couldn't open child pipe\n");
+ goto out;
+ }
+
+ if (unshare(CLONE_NEWUSER) == -1) {
+ perror("FAIL - unshare");
+ goto out;
+ }
+
+ if (write_to_pipe(parentpipe) == -1) { // let parent know user namespace is created
+ fprintf(stderr, "FAIL - child could not write in pipe\n");
+ goto out;
+ }
+ if (read_from_pipe(childpipefd) == -1) { // wait for parent tell child can finish
+ fprintf(stderr, "FAIL - child could not read from pipe\n");
+ goto out;
+ }
+
+ ret = EXIT_SUCCESS;
+out:
+ if (unlink(childpipe) == -1)
+ perror("FAIL - could not remove childpipe");
+ free(parentpipe);
+ free(childpipe);
+ return ret;
+}
diff --git a/tests/regression/apparmor/xattrs.sh b/tests/regression/apparmor/xattrs.sh
index 341695aa333dcf1f90c065542dbac64785caaad4..c053a4fe760d35ead9c8e15745a99abba00cac89 100755
--- a/tests/regression/apparmor/xattrs.sh
+++ b/tests/regression/apparmor/xattrs.sh
@@ -34,7 +34,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
requires_kernel_features file/xattr
diff --git a/tests/regression/apparmor/xattrs_profile.sh b/tests/regression/apparmor/xattrs_profile.sh
index 41116ad15c15e9f18bbf117011744b9cb0fc42f9..71183bd3e42208a67a6f13df11d85d40000afa1d 100755
--- a/tests/regression/apparmor/xattrs_profile.sh
+++ b/tests/regression/apparmor/xattrs_profile.sh
@@ -16,7 +16,7 @@ pwd=`cd $pwd ; /bin/pwd`
bin=$pwd
-. $bin/prologue.inc
+. "$bin/prologue.inc"
file="$bin/xattrs_profile"
@@ -26,14 +26,14 @@ requires_kernel_features policy/outofband
# Clean up existing xattrs
clean_xattr()
{
- setfattr --remove=user.foo $file 2> /dev/null || true
- setfattr --remove=user.bar $file 2> /dev/null || true
- setfattr --remove=user.spam $file 2> /dev/null || true
+ setfattr --remove=user.foo "$file" 2> /dev/null || true
+ setfattr --remove=user.bar "$file" 2> /dev/null || true
+ setfattr --remove=user.spam "$file" 2> /dev/null || true
}
set_xattr()
{
- setfattr --name="$1" --value="$2" $file
+ setfattr --name="$1" --value="$2" "$file"
}
clean_xattr
diff --git a/tests/snapd/mount-control/mount-tmpfs-rw.profile b/tests/snapd/mount-control/mount-tmpfs-rw.profile
new file mode 100644
index 0000000000000000000000000000000000000000..5c81289c0bf34c12252adfb22a546c07e86098c7
--- /dev/null
+++ b/tests/snapd/mount-control/mount-tmpfs-rw.profile
@@ -0,0 +1,62 @@
+abi <abi/4.0>,
+
+profile "test-mount-tmpfs-rw" flags=(attach_disconnected,mediate_deleted) {
+ # See parser/mount.cc for implementation details.
+ #
+ # Note that on newer kernels, e.g. on Debian 13, with new-enough libmount,
+ # this will be a sequence of fsopen, mount_setattr, fsconfig, fsmount,
+ # mount_setattr and mount_move. As such we need to allow the move flag for
+ # the final operation and we need to allow the source of the move to be the
+ # empty string. The following strace log illustrates the details:
+ #
+ # fsopen("tmpfs", FSOPEN_CLOEXEC) = 3
+ # mount_setattr(-1, NULL, 0, NULL, 0) = -1 EINVAL (Invalid argument)
+ # fsconfig(3, FSCONFIG_SET_STRING, "source", "none", 0) = 0
+ # fsconfig(3, FSCONFIG_SET_FLAG, "rw", NULL, 0) = 0
+ # fsconfig(3, FSCONFIG_CMD_CREATE, NULL, NULL, 0) = 0
+ # fsmount(3, FSMOUNT_CLOEXEC, 0) = 4
+ # statx(4, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_MNT_ID, {stx_mask=STATX_BASIC_STATS|STATX_MNT_ID, stx_attributes=STATX_ATTR_MOUNT_ROOT, stx_mode=S_IFDIR|S_ISVTX|0777, stx_size=40, ...}) = 0
+ # mount_setattr(4, "", AT_EMPTY_PATH, {attr_set=0, attr_clr=MOUNT_ATTR_RDONLY, propagation=0 /* MS_??? */, userns_fd=0}, 32) = 0
+ # move_mount(4, "", AT_FDCWD, "/tmp/dir", MOVE_MOUNT_F_EMPTY_PATH) = 0
+ # close(3) = 0
+ # close(4) = 0
+ mount fstype=tmpfs options=(rw) none -> /tmp/**,
+ mount options=(rw, move) -> /tmp/**,
+
+ capability sys_admin,
+
+ # Remaining permissions required to run mount. We are _not_ using any
+ # abstractions to avoid getting confused by what is really needed. This
+ # approach helps both in understanding the test and in helping shape mount
+ # profiles generated by snapd.
+ /etc/ld.so.cache r,
+ /etc/locale.alias r,
+ /usr/share/locale/locale.alias r,
+ /proc/*/mountinfo r,
+ /proc/*/mounts r,
+ /proc/filesystems r,
+ /run/mount/utab r,
+ /usr/lib{64,/*-linux-gnu}/gconv/gconv-modules.cache r,
+ /usr/lib64/gconv/gconv-modules r,
+ /usr/lib64/gconv/gconv-modules.d/ r,
+ /usr/lib{64,/*-linux-gnu}/libblkid.so.* rm,
+ /usr/lib{64,/*-linux-gnu}/libc.so.* rm,
+ /usr/lib{64,/*-linux-gnu}/libmount.so.* rm,
+ /usr/lib{64,/*-linux-gnu}/libpcre2-*.so.* rm,
+ /usr/lib{64,/*-linux-gnu}/libselinux.so.* rm,
+ /usr/lib{64,/*-linux-gnu}/libeconf.so.* rm,
+ /usr/lib/locale/*/LC_ADDRESS r,
+ /usr/lib/locale/*/LC_COLLATE r,
+ /usr/lib/locale/*/LC_CTYPE r,
+ /usr/lib/locale/*/LC_IDENTIFICATION r,
+ /usr/lib/locale/*/LC_MEASUREMENT r,
+ /usr/lib/locale/*/LC_MESSAGES/ r,
+ /usr/lib/locale/*/LC_MESSAGES/SYS_LC_MESSAGES r,
+ /usr/lib/locale/*/LC_MONETARY r,
+ /usr/lib/locale/*/LC_NAME r,
+ /usr/lib/locale/*/LC_NUMERIC r,
+ /usr/lib/locale/*/LC_PAPER r,
+ /usr/lib/locale/*/LC_TELEPHONE r,
+ /usr/lib/locale/*/LC_TIME r,
+ /usr/lib/locale/locale-archive r,
+}
diff --git a/tests/snapd/mount-control/task.yaml b/tests/snapd/mount-control/task.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..2d78387929e0d816a5c045eece5eee5eb3a402e5
--- /dev/null
+++ b/tests/snapd/mount-control/task.yaml
@@ -0,0 +1,70 @@
+summary: Tests mimicking what snapd mount-control interface is doing
+details: |
+ The mount-control interface allows snap applications to issue limited calls
+ to the mount system call. The set of file systems, flags, source and target
+ paths is carefully controlled. Snapd generates apparmor profiles with rules
+ that look like this:
+
+ mount fstype=(
+ aufs,autofs,btrfs,ext2,ext3,ext4,hfs,iso9660,jfs,msdos,ntfs,ramfs,
+ reiserfs,squashfs,tmpfs,ubifs,udf,ufs,vfat,xfs,zfs
+ ) options=(ro) "/dev/sda{0,1}" -> "/var/snap/consumer/common/**{,/}",
+
+ Verify that such profiles can be compiled and loaded into the kernel, and
+ that they allow mounts to actually happen.
+environment:
+ PROFILE: mount-tmpfs-rw.profile
+ PROFILE_NAME: test-mount-tmpfs-rw
+ MOUNT_FS: tmpfs
+ MOUNT_WHAT: none
+ MOUNT_OPTS: rw
+artifacts:
+ - parser.txt
+ - denials.txt
+prepare: |
+ rm -f parser.txt denials.txt
+ "$SPREAD_PATH"/parser/apparmor_parser --base="$SPREAD_PATH"/profiles/apparmor.d --warn=all --replace "$PROFILE" 2>parser.txt
+ if [ -s parser.txt ]; then
+ echo "Parser produced warnings:"
+ cat parser.txt
+ fi
+ mkdir -p /tmp/dir
+ dmesg --clear # Clear ring buffer
+ sysctl --values kernel.printk_ratelimit >old-ratelimit.txt
+ sysctl --write kernel.printk_ratelimit=0
+
+ if [ "$(systemctl is-active auditd.service)" != inactive ]; then
+ systemctl stop auditd.service
+ touch did-stop-auditd.txt
+ fi
+execute: |
+ if ! "$SPREAD_PATH"/binutils/aa-exec -p "$PROFILE_NAME" mount -t "$MOUNT_FS" "$MOUNT_WHAT" /tmp/dir -o "$MOUNT_OPTS"; then
+ echo "Mount failed, looking for denials"
+ if dmesg | grep DENIED > denials.txt; then
+ echo "Profile caused fatal denials"
+ cat denials.txt
+ fi
+ exit 1
+ elif dmesg | grep DENIED > denials.txt; then
+ echo "Profile caused non-fatal denials"
+ cat denials.txt
+ exit 1
+ fi
+restore: |
+ if [ -f did-stop-auditd.txt ]; then
+ systemctl start auditd.service
+ rm -f did-stop-auditd.txt
+ fi
+ if [ -f old-ratelimit.txt ]; then
+ sysctl -w kernel.printk_ratelimit="$(cat old-ratelimit.txt)"
+ rm -f old-ratelimit.txt
+ fi
+
+ "$SPREAD_PATH"/parser/apparmor_parser --base="$SPREAD_PATH"/profiles/apparmor.d --remove "$PROFILE"
+
+ if [ -d /tmp/dir ]; then
+ if mountpoint /tmp/dir; then
+ umount /tmp/dir
+ fi
+ rmdir /tmp/dir
+ fi
diff --git a/tests/unit/binutils/task.yaml b/tests/unit/binutils/task.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..a9b0973a3569fca855e8d1b219cc5209c398d80d
--- /dev/null
+++ b/tests/unit/binutils/task.yaml
@@ -0,0 +1,3 @@
+summary: Run unit tests of AppArmor binary utilities
+execute: |
+ make -C "$SPREAD_PATH"/binutils check
diff --git a/tests/unit/libapparmor/task.yaml b/tests/unit/libapparmor/task.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8a5f89cb449218afd7567e9e11c548fe2ce05d66
--- /dev/null
+++ b/tests/unit/libapparmor/task.yaml
@@ -0,0 +1,3 @@
+summary: Run unit tests of libapparmor
+execute: |
+ make -C "$SPREAD_PATH"/libraries/libapparmor check VERBOSE=1
diff --git a/tests/unit/parser-tst-caching/task.yaml b/tests/unit/parser-tst-caching/task.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..4c013936516facccf065edfc878e9485b2eecf72
--- /dev/null
+++ b/tests/unit/parser-tst-caching/task.yaml
@@ -0,0 +1,3 @@
+summary: Run apparmor_parser caching test from parser/tst
+execute: |
+ make -C "$SPREAD_PATH"/parser/tst -j"$(nproc)" caching VERBOSE=1
diff --git a/tests/unit/parser-tst-dirtest/task.yaml b/tests/unit/parser-tst-dirtest/task.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e74907a6c0c9d8f1cc26e5890157dfef44bb26c5
--- /dev/null
+++ b/tests/unit/parser-tst-dirtest/task.yaml
@@ -0,0 +1,3 @@
+summary: Run apparmor_parser dirtest test from parser/tst
+execute: |
+ make -C "$SPREAD_PATH"/parser/tst -j"$(nproc)" dirtest VERBOSE=1
diff --git a/tests/unit/parser-tst-equality/task.yaml b/tests/unit/parser-tst-equality/task.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..514d5ccdd47261f964ddf2e8051bdc8a49491919
--- /dev/null
+++ b/tests/unit/parser-tst-equality/task.yaml
@@ -0,0 +1,11 @@
+summary: Run apparmor_parser tests from parser/tst
+# This test is particularly slow. Those values are aimed at running fast enough
+# on a Raspberry Pi 5, representing a slower-ish computer.
+#
+# TODO: figure out how to make this test more parallelizable.
+warn-timeout: 20m
+kill-timeout: 30m
+# Start this task sooner rather than later.
+priority: 100
+execute: |
+ make -C "$SPREAD_PATH"/parser/tst -j"$(nproc)" equality VERBOSE=1
diff --git a/tests/unit/parser-tst-error-output/task.yaml b/tests/unit/parser-tst-error-output/task.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..14a04b136d71b3a7bfe77bf097feaa492f14421a
--- /dev/null
+++ b/tests/unit/parser-tst-error-output/task.yaml
@@ -0,0 +1,3 @@
+summary: Run apparmor_parser error_output test from parser/tst
+execute: |
+ make -C "$SPREAD_PATH"/parser/tst -j"$(nproc)" error_output VERBOSE=1
diff --git a/tests/unit/parser-tst-minimize/task.yaml b/tests/unit/parser-tst-minimize/task.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..274068bdae7282a9f4234d9fb524d25d944781af
--- /dev/null
+++ b/tests/unit/parser-tst-minimize/task.yaml
@@ -0,0 +1,3 @@
+summary: Run apparmor_parser minimize test from parser/tst
+execute: |
+ make -C "$SPREAD_PATH"/parser/tst -j"$(nproc)" minimize VERBOSE=1
diff --git a/tests/unit/parser-tst-parser-sanity/task.yaml b/tests/unit/parser-tst-parser-sanity/task.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..17c3e3d3e71302afcbe6ee360436af5901f5eae1
--- /dev/null
+++ b/tests/unit/parser-tst-parser-sanity/task.yaml
@@ -0,0 +1,11 @@
+summary: Run apparmor_parser parser_sanity test from parser/tst
+# This test is particularly slow. Those values are aimed at running fast enough
+# on a Raspberry Pi 5, representing a slower-ish computer.
+#
+# TODO: figure out how to make this test more parallelizable.
+warn-timeout: 20m
+kill-timeout: 30m
+# Start this task sooner rather than later.
+priority: 100
+execute: |
+ make -C "$SPREAD_PATH"/parser/tst -j"$(nproc)" parser_sanity VERBOSE=1
diff --git a/tests/unit/parser/task.yaml b/tests/unit/parser/task.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ea0b66ddebfbc8140c6172dcba27196cc3dc77df
--- /dev/null
+++ b/tests/unit/parser/task.yaml
@@ -0,0 +1,16 @@
+summary: Run apparmor_parser unit tests from parser/
+details: |
+ The parser has a number of different tests. Those are all represented as
+ spread task variants so that they are directly visible and runnable.
+environment:
+ TEST/tst_regex: 1
+ TEST/tst_misc: 1
+ TEST/tst_symtab: 1
+ TEST/tst_variable: 1
+ TEST/tst_lib: 1
+prepare: |
+ # The test relies on make to build a binary.
+ make -C "$SPREAD_PATH"/parser -j"$(nproc)" "$SPREAD_VARIANT" VERBOSE=1
+execute: |
+ cd "$SPREAD_PATH"/parser
+ ./"$SPREAD_VARIANT"
diff --git a/utils/Makefile b/utils/Makefile
index 91a15107b2257e4d014e90e55d9afbb4c740cb11..f406e08e3130271d9a7336bece0fd3a71c179685 100644
--- a/utils/Makefile
+++ b/utils/Makefile
@@ -29,7 +29,7 @@ PYMODULES = $(wildcard apparmor/*.py apparmor/rule/*.py)
MANPAGES = ${TOOLS:=.8} logprof.conf.5
-PYFLAKES ?= pyflakes3
+PYFLAKES ?= flake8 --ignore E501,E241,W503
all: docs
$(MAKE) -C po all
@@ -39,10 +39,10 @@ all: docs
docs: ${MANPAGES} ${HTMLMANPAGES}
# need some better way of determining this
-DESTDIR=/
-BINDIR=${DESTDIR}/usr/sbin
-CONFDIR=${DESTDIR}/etc/apparmor
-PYPREFIX=/usr
+DESTDIR?=/
+BINDIR?=${DESTDIR}/usr/sbin
+CONFDIR?=${DESTDIR}/etc/apparmor
+PYPREFIX?=/usr
po/${NAME}.pot: ${TOOLS} ${PYMODULES}
@@ -51,7 +51,7 @@ po/${NAME}.pot: ${TOOLS} ${PYMODULES}
.PHONY: install
install: ${MANPAGES} ${HTMLMANPAGES}
install -d ${CONFDIR}
- install -m 644 logprof.conf severity.db notify.conf ${CONFDIR}
+ install -m 644 logprof.conf severity.db notify.conf default_unconfined.template ${CONFDIR}
install -d ${BINDIR}
# aa-easyprof is installed by python-tools-setup.py
install -m 755 $(filter-out aa-easyprof, ${TOOLS}) ${BINDIR}
diff --git a/utils/aa-audit.8 b/utils/aa-audit.8
deleted file mode 100644
index 5cce8aaf18f7c92640daa3be426b7c6226abffee..0000000000000000000000000000000000000000
--- a/utils/aa-audit.8
+++ /dev/null
@@ -1,176 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-AUDIT 8"
-.TH AA-AUDIT 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-audit \- set an AppArmor security profile to audit mode.
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-audit \f(BI<executable>\fB [\f(BI<executable>\fB ...] [\f(BI\-d /path/to/profiles\fB] [\f(BI\-\-no\-reload\fB] [\f(BI\-r\fB]\fR
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-\&\fB\-d \-\-dir /path/to/profiles\fR
-.PP
-.Vb 2
-\& Specifies where to look for the AppArmor security profile set.
-\& Defaults to /etc/apparmor.d.
-.Ve
-.PP
-\&\fB\-\-no\-reload\fR
- Do not reload the profile after modifying it.
-.PP
-\&\fB\-r \-\-remove\fR
-.PP
-.Vb 1
-\& Removes the audit mode for the profile.
-.Ve
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBaa-audit\fR is used to set one or more profiles to audit mode.
-In this mode security policy is enforced and all access (successes and failures) are logged to the system log.
-.PP
-The \fI\-\-remove\fR option can be used to remove the audit mode for the profile.
-.SH "BUGS"
-.IX Header "BUGS"
-If you find any bugs, please report them at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa\-enforce\fR\|(1), \fBaa\-complain\fR\|(1), \fBaa\-disable\fR\|(1),
-\&\fBaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
diff --git a/utils/aa-audit.8.html b/utils/aa-audit.8.html
deleted file mode 100644
index cde341a9c7324a344d824be7e6bdff86e98e5ed9..0000000000000000000000000000000000000000
--- a/utils/aa-audit.8.html
+++ /dev/null
@@ -1,74 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title></title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
- <li><a href="#OPTIONS">OPTIONS</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>aa-audit - set an AppArmor security profile to <i>audit</i> mode.</p>
-
-<h1 id="SYNOPSIS">SYNOPSIS</h1>
-
-<p><b>aa-audit <i><executable></i> [<i><executable></i> ...] [<i>-d /path/to/profiles</i>] [<i>--no-reload</i>] [<i>-r</i>]</b></p>
-
-<h1 id="OPTIONS">OPTIONS</h1>
-
-<p><b>-d --dir /path/to/profiles</b></p>
-
-<pre><code>Specifies where to look for the AppArmor security profile set.
-Defaults to /etc/apparmor.d.</code></pre>
-
-<p><b>--no-reload</b> Do not reload the profile after modifying it.</p>
-
-<p><b>-r --remove</b></p>
-
-<pre><code>Removes the audit mode for the profile.</code></pre>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p><b>aa-audit</b> is used to set one or more profiles to audit mode. In this mode security policy is enforced and all access (successes and failures) are logged to the system log.</p>
-
-<p>The <i>--remove</i> option can be used to remove the audit mode for the profile.</p>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7), apparmor.d(5), aa-enforce(1), aa-complain(1), aa-disable(1), aa_change_hat(2), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/utils/aa-autodep.8 b/utils/aa-autodep.8
deleted file mode 100644
index c7dff9929be9c3788dcc1eb44db8651597eaacca..0000000000000000000000000000000000000000
--- a/utils/aa-autodep.8
+++ /dev/null
@@ -1,180 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-AUTODEP 8"
-.TH AA-AUTODEP 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-autodep \- guess basic AppArmor profile requirements
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-autodep \f(BI<executable>\fB [\f(BI<executable>\fB ...] [\f(BI\-d /path/to/profiles\fB] [\f(BI\-f\fB]\fR
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-\&\fB\-d \-\-dir /path/to/profiles\fR
-.PP
-.Vb 2
-\& Specifies where to look for the AppArmor security profile set.
-\& Defaults to /etc/apparmor.d.
-.Ve
-.PP
-\&\fB\-f \-\-force\fR
-.PP
-.Vb 1
-\& Overwrites any existing AppArmor profile for the executable with the generated minimal AppArmor profile.
-.Ve
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBaa-autodep\fR is used to generate a minimal AppArmor profile for a set of
-executables. This program will generate a profile for binary executable
-as well as interpreted script programs. At a minimum aa-autodep will provide
-a base profile containing a base include directive which includes basic
-profile entries needed by most programs. The profile is generated by
-recursively calling \fBldd\fR\|(1) on the executables listed on the command line.
-.PP
-The \fI\-\-force\fR option will overwrite any existing profile for the executable with
-the newly generated minimal AppArmor profile.
-.SH "BUGS"
-.IX Header "BUGS"
-This program does not perform full static analysis of executables, so
-the profiles generated are necessarily incomplete. If you find any bugs,
-please report them at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa\-complain\fR\|(1), \fBaa\-enforce\fR\|(1), \fBaa\-disable\fR\|(1),
-\&\fBaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
diff --git a/utils/aa-autodep.8.html b/utils/aa-autodep.8.html
deleted file mode 100644
index 6eb1b41de8c0666d8ef019fe8b97aceed36c1d64..0000000000000000000000000000000000000000
--- a/utils/aa-autodep.8.html
+++ /dev/null
@@ -1,72 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>aa-autodep - guess basic AppArmor profile requirements</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-autodep - guess basic AppArmor profile requirements</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
- <li><a href="#OPTIONS">OPTIONS</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>aa-autodep - guess basic AppArmor profile requirements</p>
-
-<h1 id="SYNOPSIS">SYNOPSIS</h1>
-
-<p><b>aa-autodep <i><executable></i> [<i><executable></i> ...] [<i>-d /path/to/profiles</i>] [<i>-f</i>]</b></p>
-
-<h1 id="OPTIONS">OPTIONS</h1>
-
-<p><b>-d --dir /path/to/profiles</b></p>
-
-<pre><code>Specifies where to look for the AppArmor security profile set.
-Defaults to /etc/apparmor.d.</code></pre>
-
-<p><b>-f --force</b></p>
-
-<pre><code>Overwrites any existing AppArmor profile for the executable with the generated minimal AppArmor profile.</code></pre>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p><b>aa-autodep</b> is used to generate a minimal AppArmor profile for a set of executables. This program will generate a profile for binary executable as well as interpreted script programs. At a minimum aa-autodep will provide a base profile containing a base include directive which includes basic profile entries needed by most programs. The profile is generated by recursively calling ldd(1) on the executables listed on the command line.</p>
-
-<p>The <i>--force</i> option will overwrite any existing profile for the executable with the newly generated minimal AppArmor profile.</p>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p>This program does not perform full static analysis of executables, so the profiles generated are necessarily incomplete. If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7), apparmor.d(5), aa-complain(1), aa-enforce(1), aa-disable(1), aa_change_hat(2), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-autodep - guess basic AppArmor profile requirements</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/utils/aa-autodep.pod b/utils/aa-autodep.pod
index 109eba2660ca3acfb7b79f91eb91347efb464db1..f3b41916726a115095fd5116c712a54716497647 100644
--- a/utils/aa-autodep.pod
+++ b/utils/aa-autodep.pod
@@ -45,8 +45,7 @@ B<aa-autodep> is used to generate a minimal AppArmor profile for a set of
executables. This program will generate a profile for binary executable
as well as interpreted script programs. At a minimum aa-autodep will provide
a base profile containing a base include directive which includes basic
-profile entries needed by most programs. The profile is generated by
-recursively calling ldd(1) on the executables listed on the command line.
+profile entries needed by most programs.
The I<--force> option will overwrite any existing profile for the executable with
the newly generated minimal AppArmor profile.
diff --git a/utils/aa-cleanprof.8 b/utils/aa-cleanprof.8
deleted file mode 100644
index 3d28a09fa4dcf41832256ebb7c7f1d8fc8f61278..0000000000000000000000000000000000000000
--- a/utils/aa-cleanprof.8
+++ /dev/null
@@ -1,176 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-CLEANPROF 8"
-.TH AA-CLEANPROF 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-cleanprof \- clean an existing AppArmor security profile.
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-cleanprof \f(BI<executable>\fB [\f(BI<executable>\fB ...] [\f(BI\-d /path/to/profiles\fB] [\f(BI\-\-no\-reload]\fB [\f(BI\-s\fB]\fR
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-\&\fB\-d \-\-dir /path/to/profiles\fR
-.PP
-.Vb 2
-\& Specifies where to look for the AppArmor security profile set.
-\& Defaults to /etc/apparmor.d.
-.Ve
-.PP
-\&\fB\-\-no\-reload\fR
- Do not reload the profile after modifying it.
-.PP
-\&\fB\-s \-\-silent\fR
-.PP
-.Vb 1
-\& Silently overwrites the profile without user prompt.
-.Ve
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBaa-cleanprof\fR is used to perform a cleanup on one or more profiles.
-The tool removes any existing superfluous rules (rules that are covered
-under an include or another rule), reorders the rules to group similar rules
-together and removes all comments from the file.
-.SH "BUGS"
-.IX Header "BUGS"
-If you find any bugs, please report them at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa\-enforce\fR\|(1), \fBaa\-complain\fR\|(1), \fBaa\-disable\fR\|(1),
-\&\fBaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
diff --git a/utils/aa-cleanprof.8.html b/utils/aa-cleanprof.8.html
deleted file mode 100644
index 27f6f328ff2bf520e4c6e923125f99837f7216ca..0000000000000000000000000000000000000000
--- a/utils/aa-cleanprof.8.html
+++ /dev/null
@@ -1,72 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>aa-cleanprof - clean an existing AppArmor security profile.</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-cleanprof - clean an existing AppArmor security profile.</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
- <li><a href="#OPTIONS">OPTIONS</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>aa-cleanprof - clean an existing AppArmor security profile.</p>
-
-<h1 id="SYNOPSIS">SYNOPSIS</h1>
-
-<p><b>aa-cleanprof <i><executable></i> [<i><executable></i> ...] [<i>-d /path/to/profiles</i>] [<i>--no-reload]</i> [<i>-s</i>]</b></p>
-
-<h1 id="OPTIONS">OPTIONS</h1>
-
-<p><b>-d --dir /path/to/profiles</b></p>
-
-<pre><code>Specifies where to look for the AppArmor security profile set.
-Defaults to /etc/apparmor.d.</code></pre>
-
-<p><b>--no-reload</b> Do not reload the profile after modifying it.</p>
-
-<p><b>-s --silent</b></p>
-
-<pre><code>Silently overwrites the profile without user prompt.</code></pre>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p><b>aa-cleanprof</b> is used to perform a cleanup on one or more profiles. The tool removes any existing superfluous rules (rules that are covered under an include or another rule), reorders the rules to group similar rules together and removes all comments from the file.</p>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7), apparmor.d(5), aa-enforce(1), aa-complain(1), aa-disable(1), aa_change_hat(2), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-cleanprof - clean an existing AppArmor security profile.</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/utils/aa-complain.8 b/utils/aa-complain.8
deleted file mode 100644
index 16c975a4e6e4e177620bc82798f7a6487f9a9dbd..0000000000000000000000000000000000000000
--- a/utils/aa-complain.8
+++ /dev/null
@@ -1,171 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-COMPLAIN 8"
-.TH AA-COMPLAIN 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-complain \- set an AppArmor security profile to complain mode.
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-complain \f(BI<executable>\fB [\f(BI<executable>\fB ...] [\f(BI\-d /path/to/profiles\fB] [\f(BI\-\-no\-reload\fB]\fR
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-\&\fB\-d \-\-dir /path/to/profiles\fR
-.PP
-.Vb 2
-\& Specifies where to look for the AppArmor security profile set.
-\& Defaults to /etc/apparmor.d.
-.Ve
-.PP
-\&\fB\-\-no\-reload\fR
- Do not reload the profile after modifying it.
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBaa-complain\fR is used to set the enforcement mode for one or more profiles to \fIcomplain\fR mode.
-In this mode security policy is not enforced but rather access violations
-are logged to the system log.
-.PP
-Note that 'deny' rules will be enforced even in complain mode.
-.SH "BUGS"
-.IX Header "BUGS"
-If you find any bugs, please report them at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa\-enforce\fR\|(1), \fBaa\-disable\fR\|(1),
-\&\fBaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
diff --git a/utils/aa-complain.8.html b/utils/aa-complain.8.html
deleted file mode 100644
index d255af91c6e56cba35ee965794ce34153f06773d..0000000000000000000000000000000000000000
--- a/utils/aa-complain.8.html
+++ /dev/null
@@ -1,70 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title></title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
- <li><a href="#OPTIONS">OPTIONS</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>aa-complain - set an AppArmor security profile to <i>complain</i> mode.</p>
-
-<h1 id="SYNOPSIS">SYNOPSIS</h1>
-
-<p><b>aa-complain <i><executable></i> [<i><executable></i> ...] [<i>-d /path/to/profiles</i>] [<i>--no-reload</i>]</b></p>
-
-<h1 id="OPTIONS">OPTIONS</h1>
-
-<p><b>-d --dir /path/to/profiles</b></p>
-
-<pre><code>Specifies where to look for the AppArmor security profile set.
-Defaults to /etc/apparmor.d.</code></pre>
-
-<p><b>--no-reload</b> Do not reload the profile after modifying it.</p>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p><b>aa-complain</b> is used to set the enforcement mode for one or more profiles to <i>complain</i> mode. In this mode security policy is not enforced but rather access violations are logged to the system log.</p>
-
-<p>Note that 'deny' rules will be enforced even in complain mode.</p>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7), apparmor.d(5), aa-enforce(1), aa-disable(1), aa_change_hat(2), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/utils/aa-decode.8 b/utils/aa-decode.8
deleted file mode 100644
index e9a94e386524b1d7ebc1a83bc5c1a4e7d8dec385..0000000000000000000000000000000000000000
--- a/utils/aa-decode.8
+++ /dev/null
@@ -1,172 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-DECODE 8"
-.TH AA-DECODE 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-decode \- decode hex\-encoded in AppArmor log files
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-decode\fR [option] <\s-1HEX STRING\s0>
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBaa-decode\fR will decode hex-encoded strings as seen in AppArmor log
-output. It will also take an audit log on standard input and convert
-any hex-encoded AppArmor log entries and display them on standard
-output.
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-.IP "\-\-help" 4
-.IX Item "--help"
-displays a short usage statement.
-.SH "EXAMPLES"
-.IX Header "EXAMPLES"
-.Vb 2
-\& $ aa\-decode 2F746D702F666F6F20626172
-\& Decoded: /tmp/foo bar
-\&
-\& $ cat /var/log/kern.log | aa\-decode
-\& ... denied_mask="r::" fsuid=1000 ouid=1000 name=/tmp/foo bar
-.Ve
-.SH "BUGS"
-.IX Header "BUGS"
-None. Please report any you find to gitlab at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7)
diff --git a/utils/aa-decode.8.html b/utils/aa-decode.8.html
deleted file mode 100644
index 28f3fd84cce31a76cee526d7296ddf0b4499eb70..0000000000000000000000000000000000000000
--- a/utils/aa-decode.8.html
+++ /dev/null
@@ -1,80 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>aa-decode - decode hex-encoded in AppArmor log files</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-decode - decode hex-encoded in AppArmor log files</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#OPTIONS">OPTIONS</a></li>
- <li><a href="#EXAMPLES">EXAMPLES</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>aa-decode - decode hex-encoded in AppArmor log files</p>
-
-<h1 id="SYNOPSIS">SYNOPSIS</h1>
-
-<p><b>aa-decode</b> [option] <HEX STRING></p>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p><b>aa-decode</b> will decode hex-encoded strings as seen in AppArmor log output. It will also take an audit log on standard input and convert any hex-encoded AppArmor log entries and display them on standard output.</p>
-
-<h1 id="OPTIONS">OPTIONS</h1>
-
-<dl>
-
-<dt id="help">--help</dt>
-<dd>
-
-<p>displays a short usage statement.</p>
-
-</dd>
-</dl>
-
-<h1 id="EXAMPLES">EXAMPLES</h1>
-
-<pre><code>$ aa-decode 2F746D702F666F6F20626172
-Decoded: /tmp/foo bar
-
-$ cat /var/log/kern.log | aa-decode
-... denied_mask="r::" fsuid=1000 ouid=1000 name=/tmp/foo bar</code></pre>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p>None. Please report any you find to gitlab at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7)</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-decode - decode hex-encoded in AppArmor log files</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/utils/aa-disable.8 b/utils/aa-disable.8
deleted file mode 100644
index 61a689179862e6ee0131f7df19bf6ac541d157de..0000000000000000000000000000000000000000
--- a/utils/aa-disable.8
+++ /dev/null
@@ -1,171 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-DISABLE 8"
-.TH AA-DISABLE 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-disable \- disable an AppArmor security profile
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-disable \f(BI<executable>\fB [\f(BI<executable>\fB ...] [\f(BI\-d /path/to/profiles\fB] [\f(BI\-\-no\-reload\fB] [\f(BI\-r\fB]\fR
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-\&\fB\-d \-\-dir /path/to/profiles\fR
-.PP
-.Vb 2
-\& Specifies where to look for the AppArmor security profile set.
-\& Defaults to /etc/apparmor.d.
-.Ve
-.PP
-\&\fB\-\-no\-reload\fR
- Do not unreload the profile after modifying it.
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBaa-disable\fR is used to \fIdisable\fR one or more profiles.
-This command will unload the profile from the kernel and prevent the
-profile from being loaded on AppArmor startup.
-The \fIaa-enforce\fR and \fIaa-complain\fR utilities may be used to to change
-this behavior.
-.SH "BUGS"
-.IX Header "BUGS"
-If you find any bugs, please report them at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa\-enforce\fR\|(1), \fBaa\-complain\fR\|(1),
-\&\fBaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
diff --git a/utils/aa-disable.8.html b/utils/aa-disable.8.html
deleted file mode 100644
index 08a02803c83e33e682bdb462565d9758063ed32c..0000000000000000000000000000000000000000
--- a/utils/aa-disable.8.html
+++ /dev/null
@@ -1,68 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>aa-disable - disable an AppArmor security profile</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-disable - disable an AppArmor security profile</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
- <li><a href="#OPTIONS">OPTIONS</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>aa-disable - disable an AppArmor security profile</p>
-
-<h1 id="SYNOPSIS">SYNOPSIS</h1>
-
-<p><b>aa-disable <i><executable></i> [<i><executable></i> ...] [<i>-d /path/to/profiles</i>] [<i>--no-reload</i>] [<i>-r</i>]</b></p>
-
-<h1 id="OPTIONS">OPTIONS</h1>
-
-<p><b>-d --dir /path/to/profiles</b></p>
-
-<pre><code>Specifies where to look for the AppArmor security profile set.
-Defaults to /etc/apparmor.d.</code></pre>
-
-<p><b>--no-reload</b> Do not unreload the profile after modifying it.</p>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p><b>aa-disable</b> is used to <i>disable</i> one or more profiles. This command will unload the profile from the kernel and prevent the profile from being loaded on AppArmor startup. The <i>aa-enforce</i> and <i>aa-complain</i> utilities may be used to to change this behavior.</p>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7), apparmor.d(5), aa-enforce(1), aa-complain(1), aa_change_hat(2), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-disable - disable an AppArmor security profile</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/utils/aa-easyprof.8 b/utils/aa-easyprof.8
deleted file mode 100644
index c5310ff11f99303b9d8a35e63a49db331753811b..0000000000000000000000000000000000000000
--- a/utils/aa-easyprof.8
+++ /dev/null
@@ -1,416 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-EASYPROF 8"
-.TH AA-EASYPROF 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-easyprof \- AppArmor profile generation made easy.
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-easyprof\fR [option] <path to binary>
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBaa-easyprof\fR provides an easy to use interface for AppArmor policy
-generation. \fBaa-easyprof\fR supports the use of templates and policy groups to
-quickly profile an application. Please note that while this tool can help
-with policy generation, its utility is dependent on the quality of the
-templates, policy groups and abstractions used. Also, this tool may create
-policy which is less restricted than creating policy by hand or with
-\&\fBaa-genprof\fR and \fBaa-logprof\fR.
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-\&\fBaa-easyprof\fR accepts the following arguments:
-.IP "\-t \s-1TEMPLATE,\s0 \-\-template=TEMPLATE" 4
-.IX Item "-t TEMPLATE, --template=TEMPLATE"
-Specify which template to use. May specify either a system template from
-/usr/share/apparmor/easyprof/templates or a filename for the template to
-use. If not specified, use /usr/share/apparmor/easyprof/templates/default.
-.IP "\-p \s-1POLICYGROUPS,\s0 \-\-policy\-groups=POLICYGROUPS" 4
-.IX Item "-p POLICYGROUPS, --policy-groups=POLICYGROUPS"
-Specify \s-1POLICY\s0 as a comma-separated list of policy groups. See \-\-list\-templates
-for supported policy groups. The available policy groups are in
-/usr/share/apparmor/easyprof/policy. Policy groups are simply groupings of
-AppArmor rules or policies. They are similar to AppArmor abstractions, but
-usually encompass more policy rules.
-.IP "\-\-parser \s-1PATH\s0" 4
-.IX Item "--parser PATH"
-Specify the \s-1PATH\s0 of the apparmor_parser binary to use when verifying
-policy. If this option is not specified, aa-easyprof will attempt to
-locate the path starting with /sbin/apparmor_parser.
-.IP "\-a \s-1ABSTRACTIONS,\s0 \-\-abstractions=ABSTRACTIONS" 4
-.IX Item "-a ABSTRACTIONS, --abstractions=ABSTRACTIONS"
-Specify \s-1ABSTRACTIONS\s0 as a comma-separated list of AppArmor abstractions. It is
-usually recommended you use policy groups instead, but this is provided as a
-convenience. AppArmor abstractions are located in /etc/apparmor.d/abstractions.
-See \fBapparmor.d\fR\|(5) for details.
-.IP "\-b \s-1PATH,\s0 \-\-base=PATH" 4
-.IX Item "-b PATH, --base=PATH"
-Set the base \s-1PATH\s0 for resolving abstractions specified by \-\-abstractions.
-See the same option in \fBapparmor_parser\fR\|(8) for details.
-.IP "\-I \s-1PATH,\s0 \-\-Include=PATH" 4
-.IX Item "-I PATH, --Include=PATH"
-Add \s-1PATH\s0 to the search paths used for resolving abstractions specified by
-\&\-\-abstractions. See the same option in \fBapparmor_parser\fR\|(8) for details.
-.IP "\-r \s-1PATH,\s0 \-\-read\-path=PATH" 4
-.IX Item "-r PATH, --read-path=PATH"
-Specify a \s-1PATH\s0 to allow owner reads. May be specified multiple times. If the
-\&\s-1PATH\s0 ends in a '/', then \s-1PATH\s0 is treated as a directory and reads are allowed
-to all files under this directory. Can optionally use '/*' at the end of the
-\&\s-1PATH\s0 to only allow reads to files directly in \s-1PATH.\s0
-.IP "\-w \s-1PATH,\s0 \-\-write\-dir=PATH" 4
-.IX Item "-w PATH, --write-dir=PATH"
-Like \-\-read\-path but also allow owner writes in additions to reads.
-.IP "\-n \s-1NAME,\s0 \-\-name=NAME" 4
-.IX Item "-n NAME, --name=NAME"
-Specify \s-1NAME\s0 of policy. If not specified, \s-1NAME\s0 is set to the name of the
-binary. The \s-1NAME\s0 of the policy is typically only used for profile meta
-data and does not specify the AppArmor profile name.
-.IP "\-\-profile\-name=PROFILENAME" 4
-.IX Item "--profile-name=PROFILENAME"
-Specify the AppArmor profile name. When set, uses 'profile \s-1PROFILENAME\s0' in the
-profile. When set and specifying a binary, uses 'profile \s-1PROFILENAME BINARY\s0'
-in the profile. If not set, the binary will be used as the profile name and
-profile attachment.
-.ie n .IP "\-\-template\-var=""@{\s-1VAR\s0}=VALUE""" 4
-.el .IP "\-\-template\-var=``@{\s-1VAR\s0}=VALUE''" 4
-.IX Item "--template-var=@{VAR}=VALUE"
-Set \s-1VAR\s0 to \s-1VALUE\s0 in the resulting policy. This typically only makes sense if
-the specified template uses this value. May be specified multiple times.
-.IP "\-\-list\-templates" 4
-.IX Item "--list-templates"
-List available templates.
-.IP "\-\-show\-template" 4
-.IX Item "--show-template"
-Display template specified with \-\-template.
-.IP "\-\-templates\-dir=PATH" 4
-.IX Item "--templates-dir=PATH"
-Use \s-1PATH\s0 instead of system templates directory.
-.IP "\-\-include\-templates\-dir=PATH" 4
-.IX Item "--include-templates-dir=PATH"
-Include \s-1PATH\s0 when searching for templates in addition to the system templates
-directory (or the one specified with \-\-templates\-dir). System templates will
-match before those in \s-1PATH.\s0
-.IP "\-\-list\-policy\-groups" 4
-.IX Item "--list-policy-groups"
-List available policy groups.
-.IP "\-\-show\-policy\-group" 4
-.IX Item "--show-policy-group"
-Display policy groups specified with \-\-policy\-groups.
-.IP "\-\-policy\-groups\-dir=PATH" 4
-.IX Item "--policy-groups-dir=PATH"
-Use \s-1PATH\s0 instead of system policy-groups directory.
-.IP "\-\-include\-policy\-groups\-dir=PATH" 4
-.IX Item "--include-policy-groups-dir=PATH"
-Include \s-1PATH\s0 when searching for policy groups in addition to the system
-policy-groups directory (or the one specified with \-\-policy\-groups\-dir). System
-policy-groups will match before those in \s-1PATH.\s0
-.IP "\-\-policy\-version=VERSION" 4
-.IX Item "--policy-version=VERSION"
-Must be used with \-\-policy\-vendor and is used to specify the version of policy
-groups and templates. When specified, \fBaa-easyprof\fR looks for the subdirectory
-\&\s-1VENDOR/VERSION\s0 within the policy-groups and templates directory. The specified
-version must be a positive decimal number compatible with the \s-1JSON\s0 Number type.
-Eg, when using:
-.Sp
-.Vb 4
-\& $ aa\-easyprof \-\-templates\-dir=/usr/share/apparmor/easyprof/templates \e
-\& \-\-policy\-groups\-dir=/usr/share/apparmor/easyprof/policygroups \e
-\& \-\-policy\-vendor="foo" \e
-\& \-\-policy\-version=1.0
-.Ve
-.Sp
-Then /usr/share/apparmor/easyprof/templates/foo/1.0 will be searched for
-templates and /usr/share/apparmor/easyprof/policygroups/foo/1.0 for policy
-groups.
-.IP "\-\-policy\-vendor=VENDOR" 4
-.IX Item "--policy-vendor=VENDOR"
-Must be used with \-\-policy\-version and is used to specify the vendor for policy
-groups and templates. See \-\-policy\-version for more information.
-.IP "\-\-author" 4
-.IX Item "--author"
-Specify author of the policy.
-.IP "\-\-copyright" 4
-.IX Item "--copyright"
-Specify copyright of the policy.
-.IP "\-\-comment" 4
-.IX Item "--comment"
-Specify comment for the policy.
-.IP "\-m \s-1MANIFEST,\s0 \-\-manifest=MANIFEST" 4
-.IX Item "-m MANIFEST, --manifest=MANIFEST"
-\&\fBaa-easyprof\fR also supports using a \s-1JSON\s0 manifest file for specifying options
-related to policy. Unlike command line arguments, the \s-1JSON\s0 file may specify
-multiple profiles. The structure of the \s-1JSON\s0 is:
-.Sp
-.Vb 12
-\& {
-\& "security": {
-\& "profiles": {
-\& "<profile name 1>": {
-\& ... attributes specific to this profile ...
-\& },
-\& "<profile name 2>": {
-\& ...
-\& }
-\& }
-\& }
-\& }
-.Ve
-.Sp
-Each profile \s-1JSON\s0 object (ie, everything under a profile name) may specify any
-fields related to policy. The \*(L"security\*(R" \s-1JSON\s0 container object is optional and
-may be omitted. An example manifest file demonstrating all fields is:
-.Sp
-.Vb 10
-\& {
-\& "security": {
-\& "profiles": {
-\& "com.example.foo": {
-\& "abstractions": [
-\& "audio",
-\& "gnome"
-\& ],
-\& "author": "Your Name",
-\& "binary": "/opt/foo/**",
-\& "comment": "Unstructured single\-line comment",
-\& "copyright": "Unstructured single\-line copyright statement",
-\& "name": "My Foo App",
-\& "policy_groups": [
-\& "networking",
-\& "user\-application"
-\& ],
-\& "policy_vendor": "somevendor",
-\& "policy_version": 1.0,
-\& "read_path": [
-\& "/tmp/foo_r",
-\& "/tmp/bar_r/"
-\& ],
-\& "template": "user\-application",
-\& "template_variables": {
-\& "APPNAME": "foo",
-\& "VAR1": "bar",
-\& "VAR2": "baz"
-\& },
-\& "write_path": [
-\& "/tmp/foo_w",
-\& "/tmp/bar_w/"
-\& ]
-\& }
-\& }
-\& }
-\& }
-.Ve
-.Sp
-A manifest file does not have to include all the fields. Eg, a manifest file
-for an Ubuntu \s-1SDK\s0 application might be:
-.Sp
-.Vb 10
-\& {
-\& "security": {
-\& "profiles": {
-\& "com.ubuntu.developer.myusername.MyCoolApp": {
-\& "policy_groups": [
-\& "networking",
-\& "online\-accounts"
-\& ],
-\& "policy_vendor": "ubuntu",
-\& "policy_version": 1.0,
-\& "template": "ubuntu\-sdk",
-\& "template_variables": {
-\& "APPNAME": "MyCoolApp",
-\& "APPVERSION": "0.1.2"
-\& }
-\& }
-\& }
-\& }
-\& }
-.Ve
-.IP "\-\-verify\-manifest" 4
-.IX Item "--verify-manifest"
-When used with \-\-manifest, warn about potentially unsafe definitions in the
-manifest file.
-.IP "\-\-output\-format=FORMAT" 4
-.IX Item "--output-format=FORMAT"
-Specify either \fBtext\fR (default if unspecified) for AppArmor policy output or
-\&\fBjson\fR for \s-1JSON\s0 manifest format.
-.IP "\-\-output\-directory=DIR" 4
-.IX Item "--output-directory=DIR"
-Specify output directory for profile. If unspecified, policy is sent to stdout.
-.SH "EXAMPLES"
-.IX Header "EXAMPLES"
-Example usage for a program named 'foo' which is installed in /opt/foo:
-.PP
-.Vb 3
-\& $ aa\-easyprof \-\-template=user\-application \-\-template\-var="@{APPNAME}=foo" \e
-\& \-\-policy\-groups=opt\-application,user\-application \e
-\& /opt/foo/bin/FooApp
-.Ve
-.PP
-When using a manifest file:
-.PP
-.Vb 1
-\& $ aa\-easyprof \-\-manifest=manifest.json
-.Ve
-.PP
-To output a manifest file based on aa-easyprof arguments:
-.PP
-.Vb 10
-\& $ aa\-easyprof \-\-output\-format=json \e
-\& \-\-author="Your Name" \e
-\& \-\-comment="Unstructured single\-line comment" \e
-\& \-\-copyright="Unstructured single\-line copyright statement" \e
-\& \-\-name="My Foo App" \e
-\& \-\-profile\-name="com.example.foo" \e
-\& \-\-template="user\-application" \e
-\& \-\-policy\-groups="user\-application,networking" \e
-\& \-\-abstractions="audio,gnome" \e
-\& \-\-read\-path="/tmp/foo_r" \e
-\& \-\-read\-path="/tmp/bar_r/" \e
-\& \-\-write\-path="/tmp/foo_w" \e
-\& \-\-write\-path=/tmp/bar_w/ \e
-\& \-\-template\-var="@{APPNAME}=foo" \e
-\& \-\-template\-var="@{VAR1}=bar" \e
-\& \-\-template\-var="@{VAR2}=baz" \e
-\& "/opt/foo/**"
-.Ve
-.SH "BUGS"
-.IX Header "BUGS"
-If you find any additional bugs, please report them to GitLab at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7) \fBapparmor.d\fR\|(5)
diff --git a/utils/aa-easyprof.8.html b/utils/aa-easyprof.8.html
deleted file mode 100644
index ce10b09b261bd784ef5d471cb70d55bf9880fdfb..0000000000000000000000000000000000000000
--- a/utils/aa-easyprof.8.html
+++ /dev/null
@@ -1,350 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>aa-easyprof - AppArmor profile generation made easy.</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-easyprof - AppArmor profile generation made easy.</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#OPTIONS">OPTIONS</a></li>
- <li><a href="#EXAMPLES">EXAMPLES</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>aa-easyprof - AppArmor profile generation made easy.</p>
-
-<h1 id="SYNOPSIS">SYNOPSIS</h1>
-
-<p><b>aa-easyprof</b> [option] <path to binary></p>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p><b>aa-easyprof</b> provides an easy to use interface for AppArmor policy generation. <b>aa-easyprof</b> supports the use of templates and policy groups to quickly profile an application. Please note that while this tool can help with policy generation, its utility is dependent on the quality of the templates, policy groups and abstractions used. Also, this tool may create policy which is less restricted than creating policy by hand or with <b>aa-genprof</b> and <b>aa-logprof</b>.</p>
-
-<h1 id="OPTIONS">OPTIONS</h1>
-
-<p><b>aa-easyprof</b> accepts the following arguments:</p>
-
-<dl>
-
-<dt id="t-TEMPLATE---template-TEMPLATE">-t TEMPLATE, --template=TEMPLATE</dt>
-<dd>
-
-<p>Specify which template to use. May specify either a system template from /usr/share/apparmor/easyprof/templates or a filename for the template to use. If not specified, use /usr/share/apparmor/easyprof/templates/default.</p>
-
-</dd>
-<dt id="p-POLICYGROUPS---policy-groups-POLICYGROUPS">-p POLICYGROUPS, --policy-groups=POLICYGROUPS</dt>
-<dd>
-
-<p>Specify POLICY as a comma-separated list of policy groups. See --list-templates for supported policy groups. The available policy groups are in /usr/share/apparmor/easyprof/policy. Policy groups are simply groupings of AppArmor rules or policies. They are similar to AppArmor abstractions, but usually encompass more policy rules.</p>
-
-</dd>
-<dt id="parser-PATH">--parser PATH</dt>
-<dd>
-
-<p>Specify the PATH of the apparmor_parser binary to use when verifying policy. If this option is not specified, aa-easyprof will attempt to locate the path starting with /sbin/apparmor_parser.</p>
-
-</dd>
-<dt id="a-ABSTRACTIONS---abstractions-ABSTRACTIONS">-a ABSTRACTIONS, --abstractions=ABSTRACTIONS</dt>
-<dd>
-
-<p>Specify ABSTRACTIONS as a comma-separated list of AppArmor abstractions. It is usually recommended you use policy groups instead, but this is provided as a convenience. AppArmor abstractions are located in /etc/apparmor.d/abstractions. See apparmor.d(5) for details.</p>
-
-</dd>
-<dt id="b-PATH---base-PATH">-b PATH, --base=PATH</dt>
-<dd>
-
-<p>Set the base PATH for resolving abstractions specified by --abstractions. See the same option in apparmor_parser(8) for details.</p>
-
-</dd>
-<dt id="I-PATH---Include-PATH">-I PATH, --Include=PATH</dt>
-<dd>
-
-<p>Add PATH to the search paths used for resolving abstractions specified by --abstractions. See the same option in apparmor_parser(8) for details.</p>
-
-</dd>
-<dt id="r-PATH---read-path-PATH">-r PATH, --read-path=PATH</dt>
-<dd>
-
-<p>Specify a PATH to allow owner reads. May be specified multiple times. If the PATH ends in a '/', then PATH is treated as a directory and reads are allowed to all files under this directory. Can optionally use '/*' at the end of the PATH to only allow reads to files directly in PATH.</p>
-
-</dd>
-<dt id="w-PATH---write-dir-PATH">-w PATH, --write-dir=PATH</dt>
-<dd>
-
-<p>Like --read-path but also allow owner writes in additions to reads.</p>
-
-</dd>
-<dt id="n-NAME---name-NAME">-n NAME, --name=NAME</dt>
-<dd>
-
-<p>Specify NAME of policy. If not specified, NAME is set to the name of the binary. The NAME of the policy is typically only used for profile meta data and does not specify the AppArmor profile name.</p>
-
-</dd>
-<dt id="profile-name-PROFILENAME">--profile-name=PROFILENAME</dt>
-<dd>
-
-<p>Specify the AppArmor profile name. When set, uses 'profile PROFILENAME' in the profile. When set and specifying a binary, uses 'profile PROFILENAME BINARY' in the profile. If not set, the binary will be used as the profile name and profile attachment.</p>
-
-</dd>
-<dt id="template-var-VAR-VALUE">--template-var="@{VAR}=VALUE"</dt>
-<dd>
-
-<p>Set VAR to VALUE in the resulting policy. This typically only makes sense if the specified template uses this value. May be specified multiple times.</p>
-
-</dd>
-<dt id="list-templates">--list-templates</dt>
-<dd>
-
-<p>List available templates.</p>
-
-</dd>
-<dt id="show-template">--show-template</dt>
-<dd>
-
-<p>Display template specified with --template.</p>
-
-</dd>
-<dt id="templates-dir-PATH">--templates-dir=PATH</dt>
-<dd>
-
-<p>Use PATH instead of system templates directory.</p>
-
-</dd>
-<dt id="include-templates-dir-PATH">--include-templates-dir=PATH</dt>
-<dd>
-
-<p>Include PATH when searching for templates in addition to the system templates directory (or the one specified with --templates-dir). System templates will match before those in PATH.</p>
-
-</dd>
-<dt id="list-policy-groups">--list-policy-groups</dt>
-<dd>
-
-<p>List available policy groups.</p>
-
-</dd>
-<dt id="show-policy-group">--show-policy-group</dt>
-<dd>
-
-<p>Display policy groups specified with --policy-groups.</p>
-
-</dd>
-<dt id="policy-groups-dir-PATH">--policy-groups-dir=PATH</dt>
-<dd>
-
-<p>Use PATH instead of system policy-groups directory.</p>
-
-</dd>
-<dt id="include-policy-groups-dir-PATH">--include-policy-groups-dir=PATH</dt>
-<dd>
-
-<p>Include PATH when searching for policy groups in addition to the system policy-groups directory (or the one specified with --policy-groups-dir). System policy-groups will match before those in PATH.</p>
-
-</dd>
-<dt id="policy-version-VERSION">--policy-version=VERSION</dt>
-<dd>
-
-<p>Must be used with --policy-vendor and is used to specify the version of policy groups and templates. When specified, <b>aa-easyprof</b> looks for the subdirectory VENDOR/VERSION within the policy-groups and templates directory. The specified version must be a positive decimal number compatible with the JSON Number type. Eg, when using:</p>
-
-<pre><code>$ aa-easyprof --templates-dir=/usr/share/apparmor/easyprof/templates \
- --policy-groups-dir=/usr/share/apparmor/easyprof/policygroups \
- --policy-vendor="foo" \
- --policy-version=1.0</code></pre>
-
-<p>Then /usr/share/apparmor/easyprof/templates/foo/1.0 will be searched for templates and /usr/share/apparmor/easyprof/policygroups/foo/1.0 for policy groups.</p>
-
-</dd>
-<dt id="policy-vendor-VENDOR">--policy-vendor=VENDOR</dt>
-<dd>
-
-<p>Must be used with --policy-version and is used to specify the vendor for policy groups and templates. See --policy-version for more information.</p>
-
-</dd>
-<dt id="author">--author</dt>
-<dd>
-
-<p>Specify author of the policy.</p>
-
-</dd>
-<dt id="copyright">--copyright</dt>
-<dd>
-
-<p>Specify copyright of the policy.</p>
-
-</dd>
-<dt id="comment">--comment</dt>
-<dd>
-
-<p>Specify comment for the policy.</p>
-
-</dd>
-<dt id="m-MANIFEST---manifest-MANIFEST">-m MANIFEST, --manifest=MANIFEST</dt>
-<dd>
-
-<p><b>aa-easyprof</b> also supports using a JSON manifest file for specifying options related to policy. Unlike command line arguments, the JSON file may specify multiple profiles. The structure of the JSON is:</p>
-
-<pre><code>{
- "security": {
- "profiles": {
- "<profile name 1>": {
- ... attributes specific to this profile ...
- },
- "<profile name 2>": {
- ...
- }
- }
- }
-}</code></pre>
-
-<p>Each profile JSON object (ie, everything under a profile name) may specify any fields related to policy. The "security" JSON container object is optional and may be omitted. An example manifest file demonstrating all fields is:</p>
-
-<pre><code>{
- "security": {
- "profiles": {
- "com.example.foo": {
- "abstractions": [
- "audio",
- "gnome"
- ],
- "author": "Your Name",
- "binary": "/opt/foo/**",
- "comment": "Unstructured single-line comment",
- "copyright": "Unstructured single-line copyright statement",
- "name": "My Foo App",
- "policy_groups": [
- "networking",
- "user-application"
- ],
- "policy_vendor": "somevendor",
- "policy_version": 1.0,
- "read_path": [
- "/tmp/foo_r",
- "/tmp/bar_r/"
- ],
- "template": "user-application",
- "template_variables": {
- "APPNAME": "foo",
- "VAR1": "bar",
- "VAR2": "baz"
- },
- "write_path": [
- "/tmp/foo_w",
- "/tmp/bar_w/"
- ]
- }
- }
- }
-}</code></pre>
-
-<p>A manifest file does not have to include all the fields. Eg, a manifest file for an Ubuntu SDK application might be:</p>
-
-<pre><code>{
- "security": {
- "profiles": {
- "com.ubuntu.developer.myusername.MyCoolApp": {
- "policy_groups": [
- "networking",
- "online-accounts"
- ],
- "policy_vendor": "ubuntu",
- "policy_version": 1.0,
- "template": "ubuntu-sdk",
- "template_variables": {
- "APPNAME": "MyCoolApp",
- "APPVERSION": "0.1.2"
- }
- }
- }
- }
-}</code></pre>
-
-</dd>
-<dt id="verify-manifest">--verify-manifest</dt>
-<dd>
-
-<p>When used with --manifest, warn about potentially unsafe definitions in the manifest file.</p>
-
-</dd>
-<dt id="output-format-FORMAT">--output-format=FORMAT</dt>
-<dd>
-
-<p>Specify either <b>text</b> (default if unspecified) for AppArmor policy output or <b>json</b> for JSON manifest format.</p>
-
-</dd>
-<dt id="output-directory-DIR">--output-directory=DIR</dt>
-<dd>
-
-<p>Specify output directory for profile. If unspecified, policy is sent to stdout.</p>
-
-</dd>
-</dl>
-
-<h1 id="EXAMPLES">EXAMPLES</h1>
-
-<p>Example usage for a program named 'foo' which is installed in /opt/foo:</p>
-
-<pre><code>$ aa-easyprof --template=user-application --template-var="@{APPNAME}=foo" \
- --policy-groups=opt-application,user-application \
- /opt/foo/bin/FooApp</code></pre>
-
-<p>When using a manifest file:</p>
-
-<pre><code>$ aa-easyprof --manifest=manifest.json</code></pre>
-
-<p>To output a manifest file based on aa-easyprof arguments:</p>
-
-<pre><code>$ aa-easyprof --output-format=json \
- --author="Your Name" \
- --comment="Unstructured single-line comment" \
- --copyright="Unstructured single-line copyright statement" \
- --name="My Foo App" \
- --profile-name="com.example.foo" \
- --template="user-application" \
- --policy-groups="user-application,networking" \
- --abstractions="audio,gnome" \
- --read-path="/tmp/foo_r" \
- --read-path="/tmp/bar_r/" \
- --write-path="/tmp/foo_w" \
- --write-path=/tmp/bar_w/ \
- --template-var="@{APPNAME}=foo" \
- --template-var="@{VAR1}=bar" \
- --template-var="@{VAR2}=baz" \
- "/opt/foo/**"</code></pre>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p>If you find any additional bugs, please report them to GitLab at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7) apparmor.d(5)</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-easyprof - AppArmor profile generation made easy.</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/utils/aa-enforce.8 b/utils/aa-enforce.8
deleted file mode 100644
index 0232dafb38a68a2bd00103aa83583e5c4da3d54d..0000000000000000000000000000000000000000
--- a/utils/aa-enforce.8
+++ /dev/null
@@ -1,173 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-ENFORCE 8"
-.TH AA-ENFORCE 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-enforce \- set an AppArmor security profile to enforce mode from
-being disabled or complain mode.
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-enforce \f(BI<executable>\fB [\f(BI<executable>\fB ...] [\f(BI\-d /path/to/profiles\fB] [\f(BI\-\-no\-reload\fB]\fR
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-\&\fB\-d \-\-dir / path/to/profiles\fR
-.PP
-.Vb 2
-\& Specifies where to look for the AppArmor security profile set.
-\& Defaults to /etc/apparmor.d.
-.Ve
-.PP
-\&\fB\-\-no\-reload\fR
- Do not reload the profile after modifying it.
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBaa-enforce\fR is used to set one or more profiles to \fIenforce\fR mode.
-This command is only relevant in conjunction with the \fIaa-complain\fR utility
-which sets a profile to complain mode and the \fIaa-disable\fR utility which
-unloads and disables a profile.
-The default mode for a security policy is enforce and the \fIaa-complain\fR
-utility must be run to change this behavior.
-.SH "BUGS"
-.IX Header "BUGS"
-If you find any bugs, please report them at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa\-complain\fR\|(1), \fBaa\-disable\fR\|(1),
-\&\fBaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
diff --git a/utils/aa-enforce.8.html b/utils/aa-enforce.8.html
deleted file mode 100644
index 997d5775a4a2e2b81151b0f64a022865e15b0112..0000000000000000000000000000000000000000
--- a/utils/aa-enforce.8.html
+++ /dev/null
@@ -1,68 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title></title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
- <li><a href="#OPTIONS">OPTIONS</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>aa-enforce - set an AppArmor security profile to <i>enforce</i> mode from being disabled or <i>complain</i> mode.</p>
-
-<h1 id="SYNOPSIS">SYNOPSIS</h1>
-
-<p><b>aa-enforce <i><executable></i> [<i><executable></i> ...] [<i>-d /path/to/profiles</i>] [<i>--no-reload</i>]</b></p>
-
-<h1 id="OPTIONS">OPTIONS</h1>
-
-<p><b>-d --dir / path/to/profiles</b></p>
-
-<pre><code>Specifies where to look for the AppArmor security profile set.
-Defaults to /etc/apparmor.d.</code></pre>
-
-<p><b>--no-reload</b> Do not reload the profile after modifying it.</p>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p><b>aa-enforce</b> is used to set one or more profiles to <i>enforce</i> mode. This command is only relevant in conjunction with the <i>aa-complain</i> utility which sets a profile to complain mode and the <i>aa-disable</i> utility which unloads and disables a profile. The default mode for a security policy is enforce and the <i>aa-complain</i> utility must be run to change this behavior.</p>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7), apparmor.d(5), aa-complain(1), aa-disable(1), aa_change_hat(2), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/utils/aa-genprof b/utils/aa-genprof
index 21988cdeb550afe8c1a829cb90ccc7abf6c458c5..8d1e69979b21c40a0245a4503ca08ccd85b995de 100755
--- a/utils/aa-genprof
+++ b/utils/aa-genprof
@@ -69,15 +69,22 @@ parser.add_argument('-d', '--dir', type=str, help=_('path to profiles'))
parser.add_argument('-f', '--file', type=str, help=_('path to logfile'))
parser.add_argument('program', type=str, help=_('name of program to profile'))
parser.add_argument('-j', '--json', action="store_true", help=_('Input and Output in JSON'))
+parser.add_argument('--no-abstraction', action='store_true', help=_('Do not use any abstractions in profiles'))
+parser.add_argument('-o', '--output-dir', type=str, help=_('Output Directory for profiles'))
parser.add_argument('--configdir', type=str, help=argparse.SUPPRESS)
args = parser.parse_args()
-if args.json:
- aaui.set_json_mode()
-
profiling = args.program
apparmor.init_aa(confdir=args.configdir, profiledir=args.dir)
+
+if args.json:
+ aaui.set_json_mode(apparmor.cfg)
+if args.output_dir:
+ apparmor.check_output_dir(args.output_dir)
+if args.no_abstraction:
+ apparmor.disable_abstractions()
+
apparmor.set_logfile(args.file)
aa_mountpoint = apparmor.check_for_apparmor()
@@ -132,7 +139,7 @@ ratelimit_saved = sysctl_read(ratelimit_sysctl)
try:
sysctl_write(ratelimit_sysctl, 0)
-except PermissionError: # will fail in lxd
+except OSError: # will fail in lxd
warn("Can't set printk_ratelimit, some events might be lost")
atexit.register(restore_ratelimit)
@@ -173,7 +180,7 @@ while not done_profiling:
ans, arg = q.promptUser('noexit')
if ans == 'CMD_SCAN':
- apparmor.do_logprof_pass(logmark)
+ apparmor.do_logprof_pass(logmark, out_dir=args.output_dir)
else:
done_profiling = True
@@ -184,7 +191,7 @@ for p in sorted(apparmor.helpers.keys()):
aaui.UI_Info(_('\nReloaded AppArmor profiles in enforce mode.'))
aaui.UI_Info(_('\nPlease consider contributing your new profile!\n'
- 'See the following wiki page for more information:')
- + '\nhttps://gitlab.com/apparmor/apparmor/wikis/Profiles\n')
+ 'See the following wiki page for more information:')
+ + '\nhttps://gitlab.com/apparmor/apparmor/wikis/Profiles\n') # noqa: W503
aaui.UI_Info(_('Finished generating profile for %s.') % program)
sys.exit(0)
diff --git a/utils/aa-genprof.8 b/utils/aa-genprof.8
deleted file mode 100644
index f3d7e8c12624de4c6313f822449678219c7a8153..0000000000000000000000000000000000000000
--- a/utils/aa-genprof.8
+++ /dev/null
@@ -1,208 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-GENPROF 8"
-.TH AA-GENPROF 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-genprof \- profile generation utility for AppArmor
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-genprof \f(BI<executable>\fB [\f(BI\-d /path/to/profiles\fB] [\f(BI\-f /path/to/logfile\fB]\fR
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-\&\fB\-d \-\-dir /path/to/profiles\fR
-.PP
-.Vb 2
-\& Specifies where to look for the AppArmor security profile set.
-\& Defaults to /etc/apparmor.d.
-.Ve
-.PP
-\&\fB\-f \-\-file /path/to/logfile\fR
-.PP
-.Vb 6
-\& Specifies the location of logfile.
-\& Default locations are read from F</etc/apparmor/logprof.conf>.
-\& Typical defaults are:
-\& /var/log/audit/audit.log
-\& /var/log/syslog
-\& /var/log/messages
-.Ve
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-When running aa-genprof, you must specify a program to profile. If the
-specified program is not a fully-qualified path, aa-genprof will search \f(CW$PATH\fR
-in order to find the program.
-.PP
-If a profile does not exist for the program, aa-genprof will create one using
-\&\fBaa\-autodep\fR\|(1).
-.PP
-Genprof will then:
-.PP
-.Vb 1
-\& \- set the profile to complain mode
-\&
-\& \- write a mark to the system log
-\&
-\& \- instruct the user to start the application to
-\& be profiled in another window and exercise its functionality
-.Ve
-.PP
-It then presents the user with two options, (S)can system log for entries
-to add to profile and (F)inish.
-.PP
-If the user selects (S)can or hits return, aa-genprof will parse
-the complain mode logs and iterate through generated violations
-using \fBaa\-logprof\fR\|(1).
-.PP
-After the user finishes selecting profile entries based on violations
-that were detected during the program execution, aa-genprof will reload
-the updated profiles in complain mode and again prompt the user for (S)can and
-(F)inish. This cycle can then be repeated as necessary until all application
-functionality has been exercised without generating access violations.
-.PP
-When the user eventually hits (F)inish, aa-genprof will set the main profile,
-and any other profiles that were generated, into enforce mode and exit.
-.SH "BUGS"
-.IX Header "BUGS"
-If you find any bugs, please report them at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa\-enforce\fR\|(1), \fBaa\-complain\fR\|(1), \fBaa\-disable\fR\|(1),
-\&\fBaa_change_hat\fR\|(2), \fBaa\-logprof\fR\|(1), \fBlogprof.conf\fR\|(5), and
-<https://wiki.apparmor.net>.
diff --git a/utils/aa-genprof.8.html b/utils/aa-genprof.8.html
deleted file mode 100644
index 3c55e7070d8b5ea9fae1ed959c1af6584c691ca3..0000000000000000000000000000000000000000
--- a/utils/aa-genprof.8.html
+++ /dev/null
@@ -1,94 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>aa-genprof - profile generation utility for AppArmor</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-genprof - profile generation utility for AppArmor</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
- <li><a href="#OPTIONS">OPTIONS</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>aa-genprof - profile generation utility for AppArmor</p>
-
-<h1 id="SYNOPSIS">SYNOPSIS</h1>
-
-<p><b>aa-genprof <i><executable></i> [<i>-d /path/to/profiles</i>] [<i>-f /path/to/logfile</i>]</b></p>
-
-<h1 id="OPTIONS">OPTIONS</h1>
-
-<p><b>-d --dir /path/to/profiles</b></p>
-
-<pre><code>Specifies where to look for the AppArmor security profile set.
-Defaults to /etc/apparmor.d.</code></pre>
-
-<p><b>-f --file /path/to/logfile</b></p>
-
-<pre><code>Specifies the location of logfile.
-Default locations are read from F</etc/apparmor/logprof.conf>.
-Typical defaults are:
- /var/log/audit/audit.log
- /var/log/syslog
- /var/log/messages</code></pre>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p>When running aa-genprof, you must specify a program to profile. If the specified program is not a fully-qualified path, aa-genprof will search $PATH in order to find the program.</p>
-
-<p>If a profile does not exist for the program, aa-genprof will create one using aa-autodep(1).</p>
-
-<p>Genprof will then:</p>
-
-<pre><code>- set the profile to complain mode
-
-- write a mark to the system log
-
-- instruct the user to start the application to
- be profiled in another window and exercise its functionality</code></pre>
-
-<p>It then presents the user with two options, (S)can system log for entries to add to profile and (F)inish.</p>
-
-<p>If the user selects (S)can or hits return, aa-genprof will parse the complain mode logs and iterate through generated violations using aa-logprof(1).</p>
-
-<p>After the user finishes selecting profile entries based on violations that were detected during the program execution, aa-genprof will reload the updated profiles in complain mode and again prompt the user for (S)can and (F)inish. This cycle can then be repeated as necessary until all application functionality has been exercised without generating access violations.</p>
-
-<p>When the user eventually hits (F)inish, aa-genprof will set the main profile, and any other profiles that were generated, into enforce mode and exit.</p>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7), apparmor.d(5), aa-enforce(1), aa-complain(1), aa-disable(1), aa_change_hat(2), aa-logprof(1), logprof.conf(5), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-genprof - profile generation utility for AppArmor</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/utils/aa-logprof b/utils/aa-logprof
index 4513e35fd3e914ada9adce62bde0754b8a12a584..5ebd048b925fbcca58f0486244c8ac14430ae294 100755
--- a/utils/aa-logprof
+++ b/utils/aa-logprof
@@ -28,23 +28,34 @@ parser.add_argument('-d', '--dir', type=str, help=_('path to profiles'))
parser.add_argument('-f', '--file', type=str, help=_('path to logfile'))
parser.add_argument('-m', '--mark', type=str, help=_('mark in the log to start processing after'))
parser.add_argument('-j', '--json', action='store_true', help=_('Input and Output in JSON'))
+parser.add_argument('-a', '--allow-all', action='store_true', help=_('Accept silently all rules'))
+parser.add_argument('--no-abstraction', action='store_true', help=_('Do not use any abstractions in profiles'))
+parser.add_argument('-o', '--output-dir', type=str, help=_('Output Directory for profiles'))
parser.add_argument('--configdir', type=str, help=argparse.SUPPRESS)
+parser.add_argument('--no-check-mountpoint', action='store_true', help=argparse.SUPPRESS)
args = parser.parse_args()
-if args.json:
- aaui.set_json_mode()
logmark = args.mark or ''
apparmor.init_aa(confdir=args.configdir, profiledir=args.dir)
+if args.json:
+ aaui.set_json_mode(apparmor.cfg)
+if args.allow_all:
+ aaui.set_allow_all_mode()
+if args.no_abstraction:
+ apparmor.disable_abstractions()
+if args.output_dir:
+ apparmor.check_output_dir(args.output_dir)
+
apparmor.set_logfile(args.file)
aa_mountpoint = apparmor.check_for_apparmor()
-if not aa_mountpoint:
+if not aa_mountpoint and not args.no_check_mountpoint:
raise AppArmorException(_('It seems AppArmor was not started. Please enable AppArmor and try again.'))
apparmor.loadincludes()
apparmor.read_profiles(True)
-apparmor.do_logprof_pass(logmark)
+apparmor.do_logprof_pass(logmark, out_dir=args.output_dir)
diff --git a/utils/aa-logprof.8 b/utils/aa-logprof.8
deleted file mode 100644
index 544a4f4589affab8f107e6c74be52af20023bc73..0000000000000000000000000000000000000000
--- a/utils/aa-logprof.8
+++ /dev/null
@@ -1,292 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-LOGPROF 8"
-.TH AA-LOGPROF 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-logprof \- utility for updating AppArmor security profiles
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-logprof [\f(BI\-d /path/to/profiles\fB] [\f(BI\-f /path/to/logfile\fB] [\f(BI\-m <mark in logfile>\fB]\fR
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-\&\fB\-d \-\-dir /path/to/profiles\fR
-.PP
-.Vb 2
-\& Specifies where to look for the AppArmor security profile set.
-\& Defaults to /etc/apparmor.d.
-.Ve
-.PP
-\&\fB\-f \-\-file /path/to/logfile\fR
-.PP
-.Vb 6
-\& Specifies the location of logfile that contains AppArmor security events.
-\& Default locations are read from F</etc/apparmor/logprof.conf>.
-\& Typical defaults are:
-\& /var/log/audit/audit.log
-\& /var/log/syslog
-\& /var/log/messages
-.Ve
-.PP
-\&\fB \-m \-\-logmark \*(L"mark\*(R"\fR
-.PP
-.Vb 3
-\& aa\-logprof will ignore all events in the system log before the
-\& specified mark is seen. If the mark contains spaces, it must
-\& be surrounded with quotes to work correctly.
-.Ve
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBaa-logprof\fR is an interactive tool used to review AppArmor generated
-messages and update AppArmor security profiles.
-.PP
-Running aa-logprof will scan the log file and if there are new AppArmor
-events that are not covered by the existing profile set, the user will
-be prompted with suggested modifications to augment the profile.
-.PP
-When aa-logprof exits profile changes are saved to disk. If AppArmor is
-running, the updated profiles are reloaded and if any processes that
-generated AppArmor events are still running in the null-complain-profile,
-those processes are set to run under their proper profiles.
-.SS "Responding to AppArmor Events"
-.IX Subsection "Responding to AppArmor Events"
-\&\fBaa-logprof\fR will generate a list of suggested profile changes that
-the user can choose from, or they can create their own, to modify the
-permission set of the profile so that the generated access violation
-will not re-occur.
-.PP
-The user is then presented with info about the access including profile,
-path, old mode if there was a previous entry in the profile for this path,
-new mode, the suggestion list, and given these options:
-.PP
-.Vb 1
-\& (A)llow, (D)eny, (I)gnore, (N)ew, (G)lob last piece, (Q)uit
-.Ve
-.PP
-If the AppArmor profile was in complain mode when the event was generated,
-the default for this option is (A)llow, otherwise, it's (D)eny.
-.PP
-The (D)eny option adds a \*(L"deny\*(R" rule to the AppArmor profile, which
-silences logging.
-.PP
-The (I)gnore option allows user to ignore the event, without making any
-changes to the AppArmor profile.
-.PP
-The suggestion list is presented as a numbered list with includes
-at the top, the literal path in the middle, and the suggested globs
-at the bottom. If any globs are being suggested, the shortest glob
-is the selected option, otherwise, the literal path is selected.
-Picking includes from the list must be done manually.
-.PP
-Hitting a numbered key will change the selected option to the
-corresponding numbered entry in the list.
-.PP
-If the user selects (N)ew, they'll be prompted to enter their own globbed
-entry to match the path. If the user-entered glob does not match the
-path for this event, they'll be informed and have the option to fix it.
-.PP
-If the user selects (G)lob last piece then, taking the currently selected
-option, aa-logprof will remove the last path element and replace it with /*.
-.PP
-If the last path element already was /*, aa-logprof will go up a directory
-level and replace it with /**.
-.PP
-This new globbed entry is then added to the suggestion list and marked
-as the selected option.
-.PP
-So /usr/share/themes/foo/bar/baz.gif can be turned into
-/usr/share/themes/** by hitting \*(L"g\*(R" three times.
-.PP
-If the user selects (A)llow, aa-logprof will take the current selection
-and add it to the profile, deleting other entries in the profile that
-are matched by the new entry.
-.PP
-Adding r access to /usr/share/themes/** would delete an entry for r
-access to /usr/share/themes/foo/*.gif if it exists in the profile.
-.PP
-If (Q)uit is selected at this point, aa-logprof will ignore all new pending
-accesses.
-.PP
-After all of the accesses have been handled, logrof will write all
-updated profiles to the disk and reload them if AppArmor is running.
-.SS "New Process (Execution) Events"
-.IX Subsection "New Process (Execution) Events"
-If there are unhandled x accesses generated by the \fBexecve\fR\|(2) of a
-new process, aa-logprof will display the parent profile and the target
-program that's being executed and prompt the user to select an execute
-modifier. These modifiers will allow a choice for the target to: have it's
-own profile (px), inherit the parent's profile (ix), run unconstrained
-(ux), or deny access for the target. See \fBapparmor.d\fR\|(5) for details.
-.PP
-If there is a corresponding entry for the target in the qualifiers
-section of /etc/apparmor/logprof.conf, the presented list will contain only the
-allowed modes.
-.PP
-The default option for this question is selected using this logic\*(--
-.PP
-.Vb 6
-\& # if px mode is allowed and profile exists for the target
-\& # px is default.
-\& # else if ix mode is allowed
-\& # ix is default
-\& # else
-\& # deny is default
-.Ve
-.PP
-aa-logprof will never suggest \*(L"ux\*(R" as the default.
-.SS "ChangeHat Events"
-.IX Subsection "ChangeHat Events"
-If unknown \fBaa_change_hat\fR\|(2) events are found, the user is prompted to add a new
-hat, if the events should go into the default hat for this profile based
-on the corresponding entry in the defaulthat section of logprof.conf,
-or if the following events that run under that hat should be denied
-altogether.
-.SS "Capability Events"
-.IX Subsection "Capability Events"
-If there are capability accesses, the user is shown each capability
-access and asked if the capability should be allowed, denied, or if the
-user wants to quit. See \fBcapability\fR\|(7) for details.
-.SH "BUGS"
-.IX Header "BUGS"
-If you find any bugs, please report them at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBklogd\fR\|(8), \fBauditd\fR\|(8), \fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa_change_hat\fR\|(2),
-\&\fBlogprof.conf\fR\|(5), \fBaa\-genprof\fR\|(1), \fBaa\-enforce\fR\|(1), \fBaa\-complain\fR\|(1),
-\&\fBaa\-disable\fR\|(1), and <https://wiki.apparmor.net>.
diff --git a/utils/aa-logprof.8.html b/utils/aa-logprof.8.html
deleted file mode 100644
index ec1a72631298a77da137470e32387be8ccf79b22..0000000000000000000000000000000000000000
--- a/utils/aa-logprof.8.html
+++ /dev/null
@@ -1,153 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>aa-logprof - utility for updating AppArmor security profiles</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-logprof - utility for updating AppArmor security profiles</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
- <li><a href="#OPTIONS">OPTIONS</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a>
- <ul>
- <li><a href="#Responding-to-AppArmor-Events">Responding to AppArmor Events</a></li>
- <li><a href="#New-Process-Execution-Events">New Process (Execution) Events</a></li>
- <li><a href="#ChangeHat-Events">ChangeHat Events</a></li>
- <li><a href="#Capability-Events">Capability Events</a></li>
- </ul>
- </li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>aa-logprof - utility for updating AppArmor security profiles</p>
-
-<h1 id="SYNOPSIS">SYNOPSIS</h1>
-
-<p><b>aa-logprof [<i>-d /path/to/profiles</i>] [<i>-f /path/to/logfile</i>] [<i>-m <mark in logfile></i>]</b></p>
-
-<h1 id="OPTIONS">OPTIONS</h1>
-
-<p><b>-d --dir /path/to/profiles</b></p>
-
-<pre><code>Specifies where to look for the AppArmor security profile set.
-Defaults to /etc/apparmor.d.</code></pre>
-
-<p><b>-f --file /path/to/logfile</b></p>
-
-<pre><code>Specifies the location of logfile that contains AppArmor security events.
- Default locations are read from F</etc/apparmor/logprof.conf>.
- Typical defaults are:
- /var/log/audit/audit.log
- /var/log/syslog
- /var/log/messages</code></pre>
-
-<p><b> -m --logmark "mark"</b></p>
-
-<pre><code>aa-logprof will ignore all events in the system log before the
-specified mark is seen. If the mark contains spaces, it must
-be surrounded with quotes to work correctly.</code></pre>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p><b>aa-logprof</b> is an interactive tool used to review AppArmor generated messages and update AppArmor security profiles.</p>
-
-<p>Running aa-logprof will scan the log file and if there are new AppArmor events that are not covered by the existing profile set, the user will be prompted with suggested modifications to augment the profile.</p>
-
-<p>When aa-logprof exits profile changes are saved to disk. If AppArmor is running, the updated profiles are reloaded and if any processes that generated AppArmor events are still running in the null-complain-profile, those processes are set to run under their proper profiles.</p>
-
-<h2 id="Responding-to-AppArmor-Events">Responding to AppArmor Events</h2>
-
-<p><b>aa-logprof</b> will generate a list of suggested profile changes that the user can choose from, or they can create their own, to modify the permission set of the profile so that the generated access violation will not re-occur.</p>
-
-<p>The user is then presented with info about the access including profile, path, old mode if there was a previous entry in the profile for this path, new mode, the suggestion list, and given these options:</p>
-
-<pre><code>(A)llow, (D)eny, (I)gnore, (N)ew, (G)lob last piece, (Q)uit</code></pre>
-
-<p>If the AppArmor profile was in complain mode when the event was generated, the default for this option is (A)llow, otherwise, it's (D)eny.</p>
-
-<p>The (D)eny option adds a "deny" rule to the AppArmor profile, which silences logging.</p>
-
-<p>The (I)gnore option allows user to ignore the event, without making any changes to the AppArmor profile.</p>
-
-<p>The suggestion list is presented as a numbered list with includes at the top, the literal path in the middle, and the suggested globs at the bottom. If any globs are being suggested, the shortest glob is the selected option, otherwise, the literal path is selected. Picking includes from the list must be done manually.</p>
-
-<p>Hitting a numbered key will change the selected option to the corresponding numbered entry in the list.</p>
-
-<p>If the user selects (N)ew, they'll be prompted to enter their own globbed entry to match the path. If the user-entered glob does not match the path for this event, they'll be informed and have the option to fix it.</p>
-
-<p>If the user selects (G)lob last piece then, taking the currently selected option, aa-logprof will remove the last path element and replace it with /*.</p>
-
-<p>If the last path element already was /*, aa-logprof will go up a directory level and replace it with /**.</p>
-
-<p>This new globbed entry is then added to the suggestion list and marked as the selected option.</p>
-
-<p>So /usr/share/themes/foo/bar/baz.gif can be turned into /usr/share/themes/** by hitting "g" three times.</p>
-
-<p>If the user selects (A)llow, aa-logprof will take the current selection and add it to the profile, deleting other entries in the profile that are matched by the new entry.</p>
-
-<p>Adding r access to /usr/share/themes/** would delete an entry for r access to /usr/share/themes/foo/*.gif if it exists in the profile.</p>
-
-<p>If (Q)uit is selected at this point, aa-logprof will ignore all new pending accesses.</p>
-
-<p>After all of the accesses have been handled, logrof will write all updated profiles to the disk and reload them if AppArmor is running.</p>
-
-<h2 id="New-Process-Execution-Events">New Process (Execution) Events</h2>
-
-<p>If there are unhandled x accesses generated by the execve(2) of a new process, aa-logprof will display the parent profile and the target program that's being executed and prompt the user to select an execute modifier. These modifiers will allow a choice for the target to: have it's own profile (px), inherit the parent's profile (ix), run unconstrained (ux), or deny access for the target. See apparmor.d(5) for details.</p>
-
-<p>If there is a corresponding entry for the target in the qualifiers section of /etc/apparmor/logprof.conf, the presented list will contain only the allowed modes.</p>
-
-<p>The default option for this question is selected using this logic--</p>
-
-<pre><code># if px mode is allowed and profile exists for the target
-# px is default.
-# else if ix mode is allowed
-# ix is default
-# else
-# deny is default</code></pre>
-
-<p>aa-logprof will never suggest "ux" as the default.</p>
-
-<h2 id="ChangeHat-Events">ChangeHat Events</h2>
-
-<p>If unknown aa_change_hat(2) events are found, the user is prompted to add a new hat, if the events should go into the default hat for this profile based on the corresponding entry in the defaulthat section of logprof.conf, or if the following events that run under that hat should be denied altogether.</p>
-
-<h2 id="Capability-Events">Capability Events</h2>
-
-<p>If there are capability accesses, the user is shown each capability access and asked if the capability should be allowed, denied, or if the user wants to quit. See capability(7) for details.</p>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>klogd(8), auditd(8), apparmor(7), apparmor.d(5), aa_change_hat(2), logprof.conf(5), aa-genprof(1), aa-enforce(1), aa-complain(1), aa-disable(1), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-logprof - utility for updating AppArmor security profiles</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/utils/aa-mergeprof b/utils/aa-mergeprof
index 2091bff93f0ae181a27db0d63c16b72d5b3fff70..b409cbe5ba4e1b570dc585d0425420a48b88a49d 100755
--- a/utils/aa-mergeprof
+++ b/utils/aa-mergeprof
@@ -42,9 +42,12 @@ profiles = args.files
def find_profiles_from_files(files):
profile_to_filename = dict()
for file_name in files:
- apparmor.aa.read_profile(file_name, True)
- for profile_name in apparmor.aa.active_profiles.profiles_in_file(file_name):
- profile_to_filename[profile_name] = file_name
+ try:
+ apparmor.aa.read_profile(file_name, True, read_error_fatal=True)
+ for profile_name in apparmor.aa.active_profiles.profiles_in_file(file_name):
+ profile_to_filename[profile_name] = file_name
+ except IOError:
+ pass
apparmor.aa.reset_aa()
return profile_to_filename
@@ -120,10 +123,10 @@ class Merge(object):
# ask about preamble rules
apparmor.aa.ask_rule_questions(
- other.active_profiles.files[other.filename], # prof_events aka log_dict
- '[preamble]', # displayed profile name
- self.user.active_profiles.files[self.user.filename], # profile to update
- ['abi', 'inc_ie'] # rule types - TODO: don't hardcode
+ other.active_profiles.files[other.filename], # prof_events aka log_dict
+ '[preamble]', # displayed profile name
+ self.user.active_profiles.files[self.user.filename], # profile to update
+ ['abi', 'inc_ie'] # rule types - TODO: don't hardcode
)
apparmor.aa.ask_the_questions(log_dict)
diff --git a/utils/aa-mergeprof.8 b/utils/aa-mergeprof.8
deleted file mode 100644
index c7d74e0c8f6709d5b4241cf053ec6fa685bcb06f..0000000000000000000000000000000000000000
--- a/utils/aa-mergeprof.8
+++ /dev/null
@@ -1,171 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-MERGEPROF 8"
-.TH AA-MERGEPROF 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-mergeprof \- merge AppArmor security profiles.
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-mergeprof \f(BIfile\fB [\f(BIfile\fB ...] [\f(BI\-d /path/to/profiles\fB]\fR
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-\&\fBfile\fR
-.PP
-.Vb 1
-\& One or more files containing profiles to merge into the profile directory (see \-d).
-.Ve
-.PP
-\&\fB\-d \-\-dir /path/to/profiles\fR
-.PP
-.Vb 2
-\& Specifies the target directory for the merged AppArmor security profile set.
-\& Defaults to /etc/apparmor.d.
-.Ve
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBaa-mergeprof\fR
-.SH "BUGS"
-.IX Header "BUGS"
-If you find any bugs, please report them at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa_change_hat\fR\|(2), \fBaa\-genprof\fR\|(1),
-\&\fBaa\-logprof\fR\|(1), \fBaa\-enforce\fR\|(1), \fBaa\-audit\fR\|(1), \fBaa\-complain\fR\|(1),
-\&\fBaa\-disable\fR\|(1), and <https://wiki.apparmor.net>.
diff --git a/utils/aa-mergeprof.8.html b/utils/aa-mergeprof.8.html
deleted file mode 100644
index e5065755813afb476a917d58436377cd3773ae5a..0000000000000000000000000000000000000000
--- a/utils/aa-mergeprof.8.html
+++ /dev/null
@@ -1,70 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>aa-mergeprof - merge AppArmor security profiles.</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-mergeprof - merge AppArmor security profiles.</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
- <li><a href="#OPTIONS">OPTIONS</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>aa-mergeprof - merge AppArmor security profiles.</p>
-
-<h1 id="SYNOPSIS">SYNOPSIS</h1>
-
-<p><b>aa-mergeprof <i>file</i> [<i>file</i> ...] [<i>-d /path/to/profiles</i>]</b></p>
-
-<h1 id="OPTIONS">OPTIONS</h1>
-
-<p><b>file</b></p>
-
-<pre><code>One or more files containing profiles to merge into the profile directory (see -d).</code></pre>
-
-<p><b>-d --dir /path/to/profiles</b></p>
-
-<pre><code>Specifies the target directory for the merged AppArmor security profile set.
-Defaults to /etc/apparmor.d.</code></pre>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p><b>aa-mergeprof</b></p>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7), apparmor.d(5), aa_change_hat(2), aa-genprof(1), aa-logprof(1), aa-enforce(1), aa-audit(1), aa-complain(1), aa-disable(1), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-mergeprof - merge AppArmor security profiles.</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/utils/aa-notify b/utils/aa-notify
index a4db7c9e21be62688688aa0676e239639210b40d..30b71c3695c303b8f9813375bc1b086b0e26d105 100755
--- a/utils/aa-notify
+++ b/utils/aa-notify
@@ -1,6 +1,6 @@
#! /usr/bin/python3
# ----------------------------------------------------------------------
-# Copyright (C) 2018–2019 Otto Kekäläinen <otto@kekalainen.net>
+# Copyright (C) 2018–2022 Otto Kekäläinen <otto@kekalainen.net>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -27,6 +27,8 @@
# In a typical desktop environment one would run as a service the
# command:
# /usr/bin/aa-notify -p -w 10
+#
+"""Show AppArmor events on command line or as desktop notifications."""
import argparse
import atexit
@@ -37,22 +39,38 @@ import re
import sys
import time
+import subprocess
+
import notify2
import psutil
import apparmor.aa as aa
import apparmor.ui as aaui
import apparmor.config as aaconfig
+import apparmor.update_profile as update_profile
import LibAppArmor # C-library to parse one log line
from apparmor.common import DebugLogger, open_file_read
from apparmor.fail import enable_aa_exception_handler
from apparmor.notify import get_last_login_timestamp
from apparmor.translations import init_translation
+from apparmor.logparser import ReadLog
+from apparmor.gui import UsernsGUI, ErrorGUI, ShowMoreGUI, set_interface_theme
+from apparmor.rule.file import FileRule
+
+from dbus import DBusException
+import gi
+from gi.repository import GLib
+import threading
+
+gi.require_version('GLib', '2.0')
def get_user_login():
- """Portable function to get username. Should not trigger any
- "OSError: [Errno 25] Inappropriate ioctl for device" errors in Giltab-CI"""
+ """Portable function to get username.
+
+ Should not trigger any
+ "OSError: [Errno 25] Inappropriate ioctl for device" errors in Giltab-CI.
+ """
if os.name == "posix":
username = pwd.getpwuid(os.geteuid()).pw_name
else:
@@ -63,6 +81,7 @@ def get_user_login():
def format_event(event, logsource):
+ """Generate the notification text contents."""
output = []
if 'message_body' in config['']:
@@ -85,7 +104,25 @@ def format_event(event, logsource):
return "\n".join(output)
-def notify_about_new_entries(logfile, wait=0):
+def is_event_in_filter(event, filters):
+ """Checks if event is in filter"""
+ if filters['profile'] and event.profile and not filters['profile_re'].match(event.profile):
+ return False
+ if filters['operation'] and event.operation and not filters['operation_re'].match(event.operation):
+ return False
+ if filters['name'] and event.name and not filters['name_re'].match(event.name):
+ return False
+ if filters['denied_mask'] and event.denied_mask and not filters['denied_mask_re'].match(event.denied_mask):
+ return False
+ if filters['net_family'] and event.net_family and not filters['net_family_re'].match(event.net_family):
+ return False
+ if filters['net_sock_type'] and event.net_sock_type and not filters['net_sock_type_re'].match(event.net_sock_type):
+ return False
+ return True
+
+
+def notify_about_new_entries(logfile, filters, wait=0):
+ """Run the notification daemon in the background."""
# Kill other instances of aa-notify if already running
for process in psutil.process_iter():
# Find the process that has the same name as this script, e.g. aa-notify.py
@@ -100,11 +137,25 @@ def notify_about_new_entries(logfile, wait=0):
# Follow the logfile and stream notifications
# Rate limit to not show too many notifications
try:
+ # Before use, notify2 must be initialized and the DBUS channel
+ # should be opened using the non-root user. This step needs to
+ # be executed after the drop_privileges().
+ notify2.init('aa-notify', mainloop='glib')
+ except DBusException:
+ sys.exit(_('Cannot initialize notify2. Please check that your terminal can use a graphical interface'))
+
+ try:
+ thread = threading.Thread(target=start_glib_loop)
+ thread.daemon = True
+ thread.start()
+
for event in follow_apparmor_events(logfile, wait):
+ if not is_event_in_filter(event, filters):
+ continue
debug_logger.info(format_event(event, logfile))
- yield(format_event(event, logfile))
+ yield event, format_event(event, logfile)
except PermissionError:
- sys.exit(_("ERROR: Cannot read {}. Please check permissions.".format(logfile)))
+ sys.exit(_("ERROR: Cannot read {}. Please check permissions.").format(logfile))
else:
print(_('Notification emitter started in the background'))
@@ -113,21 +164,23 @@ def notify_about_new_entries(logfile, wait=0):
os._exit(0) # Exit child without calling exit handlers etc
-def show_entries_since_epoch(logfile, epoch_since):
+def show_entries_since_epoch(logfile, epoch_since, filters):
+ """Show AppArmor notifications since given timestamp."""
count = 0
for event in get_apparmor_events(logfile, epoch_since):
+ if not is_event_in_filter(event, filters):
+ continue
count += 1
if args.verbose:
print(format_event(event, logfile))
print() # Print a newline after each entry for better readability
aaui.UI_Info(_('AppArmor denials: {count} (since {date})').format(
- **{
- 'count': count,
- 'date': time.strftime(timeformat, time.localtime(epoch_since))
- }
- )
- )
+ **{
+ 'count': count,
+ 'date': time.strftime(timeformat, time.localtime(epoch_since))
+ }
+ ))
if args.verbose:
if 'message_footer' in config['']:
@@ -136,7 +189,8 @@ def show_entries_since_epoch(logfile, epoch_since):
print(_('For more information, please see: {}').format(debug_docs_url))
-def show_entries_since_last_login(logfile, username=get_user_login()):
+def show_entries_since_last_login(logfile, filters, username=get_user_login()):
+ """Show AppArmor notifications since last login of user."""
# If running as sudo, use username of sudo user instead of root
if 'SUDO_USER' in os.environ.keys():
username = os.environ['SUDO_USER']
@@ -148,19 +202,19 @@ def show_entries_since_last_login(logfile, username=get_user_login()):
if epoch_since == 0:
print(_('ERROR: Could not find last login'), file=sys.stderr)
sys.exit(1)
- show_entries_since_epoch(logfile, epoch_since)
+ show_entries_since_epoch(logfile, epoch_since, filters)
-def show_entries_since_days(logfile, since_days):
- day_in_seconds = 60*60*24
+def show_entries_since_days(logfile, since_days, filters):
+ """Show AppArmor notifications since the given amount of days."""
+ day_in_seconds = 60 * 60 * 24
epoch_now = int(time.time())
epoch_since = epoch_now - day_in_seconds * since_days
- show_entries_since_epoch(logfile, epoch_since)
+ show_entries_since_epoch(logfile, epoch_since, filters)
def follow_apparmor_events(logfile, wait=0):
- """Follow AppArmor events and yield relevant entries until process stops"""
-
+ """Follow AppArmor events and yield relevant entries until process stops."""
# If wait was given as argument but was type None (from ArgumentParser)
# ensure it's type int and zero
if not wait:
@@ -239,7 +293,7 @@ def reopen_logfile_if_needed(logfile, logdata, log_inode, log_size):
def get_apparmor_events(logfile, since=0):
- """Read audit events from log source and yield all relevant events"""
+ """Read audit events from log source and yield all relevant events."""
# Get logdata from file
# @TODO Implement more log sources in addition to just the logfile
@@ -253,11 +307,19 @@ def get_apparmor_events(logfile, since=0):
def parse_logdata(logsource):
- """Traverse any iterable log source and extract relevant AppArmor events"""
+ """Traverse any iterable log source and extract relevant AppArmor events.
+
+ Expects log lines like:
+ Feb 16 20:22:28 XPS-13-9370 kernel: [520374.926882] audit: type=1400
+ audit(1581877348.868:657): apparmor="ALLOWED" operation="open"
+ profile="libreoffice-soffice"
+ name="/usr/share/drirc.d/00-mesa-defaults.conf" pid=22690
+ comm="soffice.bin" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
+ """
re_audit_time_id = r'(msg=)?audit\([\d\.\:]+\):\s+' # 'audit(1282626827.320:411): '
re_kernel_time = r'\[[\d\.\s]+\]' # '[ 1612.746129]'
- re_type_num = '1[45][0-9][0-9]' # 1400..1599
+ re_type_num = '1[45][0-9][0-9]' # 1400..1599
re_aa_or_op = '(apparmor=|operation=)'
re_log_parts = [
@@ -287,8 +349,11 @@ def parse_logdata(logsource):
def drop_privileges():
- """If running as root, drop privileges to USER if known, or fall-back to nobody_user/group"""
+ """Drop privileges of process.
+ If running as root, drop privileges to USER if known, or fall-back to
+ nobody_user/group.
+ """
if os.geteuid() == 0:
if 'SUDO_USER' in os.environ.keys():
@@ -315,8 +380,10 @@ def drop_privileges():
def raise_privileges():
- """If was running as user with saved user ID 0, raise back to root privileges"""
+ """Raise privileges of process.
+ If was running as user with saved user ID 0, raise back to root privileges.
+ """
if os.geteuid() != 0 and original_effective_user == 0:
debug_logger.debug('Rasing privileges from UID {} back to UID 0 (root)'.format(os.geteuid()))
@@ -326,6 +393,7 @@ def raise_privileges():
def read_notify_conf(path, shell_config):
+ """Read notify.conf."""
try:
shell_config.CONF_DIR = path
conf_dict = shell_config.read_config('notify.conf')
@@ -335,12 +403,224 @@ def read_notify_conf(path, shell_config):
return {}
-def main():
- """
- Main function of aa-notify that parses command line
- arguments and starts the requested operations.
+def compile_filter_regex(filters):
+ """Compile each filter regex and add it to filters"""
+ if filters['profile']:
+ filters['profile_re'] = re.compile(filters['profile'])
+ if filters['operation']:
+ filters['operation_re'] = re.compile(filters['operation'])
+ if filters['name']:
+ filters['name_re'] = re.compile(filters['name'])
+ if filters['denied_mask']:
+ filters['denied_mask_re'] = re.compile(filters['denied_mask'])
+ if filters['net_family']:
+ filters['net_family_re'] = re.compile(filters['net_family'])
+ if filters['net_sock_type']:
+ filters['net_sock_type_re'] = re.compile(filters['net_sock_type'])
+
+ return filters
+
+
+def can_allow_rule(ev, special_profiles):
+ if customized_message['userns']['cond'](ev, special_profiles):
+ return not aa.get_profile_filename_from_profile_name(ev['comm'])
+ else:
+ return aa.get_profile_filename_from_profile_name(ev['profile']) is not None
+
+
+def is_special_profile_userns(ev, special_profiles):
+ if not special_profiles or ev['profile'] not in special_profiles:
+ return False # We don't use special profiles or there is already a profile defined: we don't ask to add userns
+
+ if 'execpath' not in ev or not ev['execpath']:
+ ev['execpath'] = aa.find_executable(ev['comm'])
+
+ return True
+
+
+def create_userns_profile(name, path, ans):
+ update_profile_path = update_profile.__file__
+
+ local_template_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'default_unconfined.template')
+ if os.path.exists(local_template_path): # We are using local aa-notify -> we use local template
+ template_path = local_template_path
+ else:
+ template_path = aa.CONFDIR + '/default_unconfined.template'
+
+ if path is None:
+ UsernsGUI.show_error_cannot_find_execpath(name, template_path)
+ return
+
+ profile_path = aa.get_profile_filename_from_profile_name(name, True)
+ if not profile_path:
+ ErrorGUI(_('Cannot get profile path for {}.').format(name), False).show()
+ return
+
+ command = ['pkexec', '--keep-cwd', update_profile_path, 'create_userns', template_path, name, path, profile_path, ans]
+
+ try:
+ subprocess.run(command, check=True)
+ except subprocess.CalledProcessError as e:
+ if e.returncode != 126: # return code 126 means the user cancelled the request
+ UsernsGUI.show_error_cannot_reload_profile(profile_path, e.returncode)
+
+
+def ask_for_user_ns_denied(path, name, interactive=True):
+ if interactive:
+ gui = UsernsGUI(name, path)
+ ans = gui.show()
+ else:
+ ans = 'allow'
+ if ans in {'allow', 'deny'}:
+ create_userns_profile(name, path, ans)
+ else:
+ debug_logger.debug('No action from the user for {}'.format(path))
+
+
+def prompt_userns(ev, special_profiles):
+ """If the user namespace creation denial was generated by an unconfined binary, displays a graphical notification.
+ Creates a new profile to allow userns if the user wants it. Returns whether a notification was displayed to the user
"""
+ if not is_special_profile_userns(ev, special_profiles):
+ return False
+
+ if ev['execpath'] is None:
+ UsernsGUI.show_error_cannot_find_execpath(ev['comm'], os.path.dirname(os.path.abspath(__file__)) + '/default_unconfined.template')
+ return True
+
+ aa.update_profiles()
+
+ if aa.get_profile_filename_from_profile_name(ev['comm']):
+ # There is already a profile with this name: we show an error to the user.
+ # We could use the full path as profile name like for the old profiles if we want to handle this case
+ # but if execpath is not supported by the kernel it could also mean that we inferred a bad path
+ # So we do nothing beyond showing this error.
+ ErrorGUI(
+ _('Application {profile} tried to create an user namespace, but a profile already exists with this name.\n'
+ 'This is likely because there is several binaries named {profile} thus the path inferred by AppArmor ({inferred_path}) is not correct.\n'
+ 'You should review your profiles (in {profile_dir}).').format(profile=ev['comm'], inferred_path=ev['execpath'], profile_dir=aa.profile_dir),
+ False).show()
+ return True
+
+ ask_for_user_ns_denied(ev['execpath'], ev['comm'])
+
+ return True
+
+# TODO reuse more code from aa-logprof in callbacks
+def cb_more_info(notification, action, _args):
+ (raw_ev, rl, special_profiles) = _args
+ notification.close()
+
+ parsed_event = rl.parse_record(raw_ev)
+ out = _('Operation denied by AppArmor\n\n')
+
+ for key, value in parsed_event.items():
+ if value:
+ out += '\t{} = {}\n'.format(_(key), value)
+
+ out += _('\nThe software that declined this operation is {}\n').format(parsed_event['profile'])
+
+ rule = rl.create_rule_from_ev(parsed_event)
+
+ # Exec events are created with the default FileRule.ANY_EXEC. We use Pix for actual rules
+ if type(rule) is FileRule and rule.exec_perms == FileRule.ANY_EXEC:
+ rule.exec_perms = 'Pix'
+
+ if rule:
+ aa.update_profiles()
+ if customized_message['userns']['cond'](parsed_event, special_profiles):
+ profile_path = None
+ out += _('You may allow it through a dedicated unconfined profile for {}.').format(parsed_event['comm'])
+ else:
+ profile_path = aa.get_profile_filename_from_profile_name(parsed_event['profile'])
+ if profile_path:
+ out += _('If you want to allow this operation you can add the line below in profile {}\n').format(profile_path)
+ out += rule.get_clean()
+ else:
+ out += _('However {profile} is not in {profile_dir}\nIt is likely that the profile was not stored in {profile_dir} or was removed.\n').format(profile=parsed_event['profile'], profile_dir=aa.profile_dir)
+ else: # Should not happen
+ out += _('ERROR: Could not create rule from event.')
+ return
+
+ ans = ShowMoreGUI(profile_path, out, rule.get_clean(), parsed_event['profile'], profile_path is not None).show()
+ if ans == 'add_rule':
+ add_to_profile(rule.get_clean(), parsed_event['profile'])
+ elif ans in {'allow', 'deny'}:
+ create_userns_profile(parsed_event['comm'], parsed_event['execpath'], ans)
+
+
+def add_to_profile(rule, profile_name):
+ # We get update_profile.py through this import so that it works in all cases
+ profile_path = aa.get_profile_filename_from_profile_name(profile_name)
+
+ if not profile_path:
+ ErrorGUI(
+ _(
+ 'Cannot find profile for {}\n\n'
+ 'It is likely that the profile was not stored in {} or was removed.'
+ ).format(profile_name, aa.profile_dir),
+ False
+ ).show()
+ return
+
+ update_profile_path = update_profile.__file__
+ command = ['pkexec', '--keep-cwd', update_profile_path, 'add_rule', rule, profile_name]
+ try:
+ subprocess.run(command, check=True)
+ except subprocess.CalledProcessError as e:
+ if e.returncode != 126: # return code 126 means the user cancelled the request
+ ErrorGUI(_('Failed to add rule {rule} to {profile}\nError code = {retcode}').format(rule=rule, profile=profile_name, retcode=e.returncode), False).show()
+
+
+def cb_add_to_profile(notification, action, _args):
+ (raw_ev, rl, special_profiles) = _args
+ notification.close()
+ parsed_event = rl.parse_record(raw_ev)
+
+ rule = rl.create_rule_from_ev(parsed_event)
+
+ # Exec events are created with the default FileRule.ANY_EXEC. We use Pix for actual rules
+ if type(rule) is FileRule and rule.exec_perms == FileRule.ANY_EXEC:
+ rule.exec_perms = 'Pix'
+
+ if not rule:
+ ErrorGUI(_('ERROR: Could not create rule from event.'), False).show()
+ return
+
+ aa.update_profiles()
+
+ if customized_message['userns']['cond'](parsed_event, special_profiles):
+ ask_for_user_ns_denied(parsed_event['execpath'], parsed_event['comm'], False)
+ else:
+ add_to_profile(rule.get_clean(), parsed_event['profile'])
+
+
+customized_message = {
+ 'userns': {
+ 'cond': lambda ev, special_profiles: (ev['operation'] == 'userns_create' or ev['operation'] == 'capable') and is_special_profile_userns(ev, special_profiles),
+ 'msg': 'Application {0} wants to create an user namespace which could be used to compromise your system\nDo you want to allow it next time {0} is run?'
+ }
+}
+
+
+def customize_notification_message(ev, msg, special_profiles):
+ if customized_message['userns']['cond'](ev, special_profiles):
+ msg = _(customized_message['userns']['msg']).format(ev['comm'])
+
+ return msg
+
+
+def start_glib_loop():
+ loop = GLib.MainLoop()
+ loop.run()
+
+
+def main():
+ """Run aa-notify.
+
+ Parse command line arguments and starts the requested operations.
+ """
global _, debug_logger, config, args
global debug_docs_url, nobody_user, original_effective_user, timeformat
@@ -372,9 +652,21 @@ def main():
parser.add_argument('-v', '--verbose', action='store_true', help=_('show messages with stats'))
parser.add_argument('-u', '--user', type=str, help=_('user to drop privileges to when not using sudo'))
parser.add_argument('-w', '--wait', type=int, metavar=('NUM'), help=_('wait NUM seconds before displaying notifications (with -p)'))
+ parser.add_argument('--prompt-filter', type=str, metavar=('PF'), help=_('kind of operations which display a popup prompt'))
parser.add_argument('--debug', action='store_true', help=_('debug mode'))
parser.add_argument('--configdir', type=str, help=argparse.SUPPRESS)
+ filter_group = parser.add_argument_group('Filtering options',
+ description=('Filters are used to reduce the output of information to only '
+ 'those entries that will match the filter. Filters use Python\'s regular '
+ 'expression syntax.'))
+ filter_group.add_argument('--filter.profile', metavar='PROFILE', help=_('regular expression to match the profile'))
+ filter_group.add_argument('--filter.operation', metavar='OPERATION', help=_('regular expression to match the operation'))
+ filter_group.add_argument('--filter.name', metavar='NAME', help=_('regular expression to match the name'))
+ filter_group.add_argument('--filter.denied', metavar='DENIED', help=_('regular expression to match the denied mask'))
+ filter_group.add_argument('--filter.family', metavar='FAMILY', help=_('regular expression to match the network family'))
+ filter_group.add_argument('--filter.socket', metavar='SOCKET', help=_('regular expression to match the network socket type'))
+
# If a TTY then assume running in test mode and fix output width
if not sys.stdout.isatty():
parser.formatter_class = lambda prog: argparse.HelpFormatter(prog, width=80)
@@ -440,6 +732,16 @@ def main():
- message_body
- message_footer
- use_group
+ - userns_special_profiles
+ - ignore_denied_capability
+ - interface_theme
+ - prompt_filter
+ - filter.profile,
+ - filter.operation,
+ - filter.name,
+ - filter.denied,
+ - filter.family,
+ - filter.socket,
"""
# # Config checks
@@ -447,15 +749,65 @@ def main():
# Warn about unknown keys in the config
allowed_config_keys = [
'use_group',
+ 'userns_special_profiles',
+ 'ignore_denied_capability',
+ 'interface_theme',
+ 'prompt_filter',
'show_notifications',
'message_body',
- 'message_footer'
+ 'message_footer',
+ 'filter.profile',
+ 'filter.operation',
+ 'filter.name',
+ 'filter.denied',
+ 'filter.family',
+ 'filter.socket',
]
found_config_keys = config[''].keys()
- unknown_keys = [item for item in found_config_keys if item not in allowed_config_keys]
+ unknown_keys = [
+ item for item in found_config_keys if item not in allowed_config_keys
+ ]
for item in unknown_keys:
print(_('Warning! Configuration item "{}" is unknown!').format(item))
+ filters = {
+ 'profile': '',
+ 'operation': '',
+ 'name': '',
+ 'denied_mask': '',
+ 'net_family': '',
+ 'net_sock_type': '',
+ }
+
+ if 'filter.profile' in config['']:
+ filters['profile'] = config['']['filter.profile']
+ if 'filter.operation' in config['']:
+ filters['operation'] = config['']['filter.operation']
+ if 'filter.name' in config['']:
+ filters['name'] = config['']['filter.name']
+ if 'filter.denied' in config['']:
+ filters['denied_mask'] = config['']['filter.denied']
+ if 'filter.family' in config['']:
+ filters['net_family'] = config['']['filter.family']
+ if 'filter.socket' in config['']:
+ filters['net_sock_type'] = config['']['filter.socket']
+
+ # command line filters override notify.conf
+ if getattr(args, 'filter.profile'):
+ filters['profile'] = getattr(args, 'filter.profile')
+ if getattr(args, 'filter.operation'):
+ filters['operation'] = getattr(args, 'filter.operation')
+ if getattr(args, 'filter.name'):
+ filters['name'] = getattr(args, 'filter.name')
+ if getattr(args, 'filter.denied'):
+ filters['denied_mask'] = getattr(args, 'filter.denied')
+ if getattr(args, 'filter.family'):
+ filters['net_family'] = getattr(args, 'filter.family')
+ if getattr(args, 'filter.socket'):
+ filters['net_sock_type'] = getattr(args, 'filter.socket')
+
+ filters = compile_filter_regex(filters)
+
# Warn if use_group is defined and current group does not match defined
if 'use_group' in config['']:
user = pwd.getpwuid(os.geteuid())[0]
@@ -475,6 +827,31 @@ def main():
# @TODO: Extend UI lib to have warning and error functions that
# can be used in an uniform way with both text and JSON output.
+ if 'userns_special_profiles' in config['']:
+ userns_special_profiles = config['']['userns_special_profiles'].strip().split(',')
+ else:
+ userns_special_profiles = ['unconfined'] # By default, unconfined is the only special profile
+
+ if 'ignore_denied_capability' in config['']:
+ ignore_denied_capability = config['']['ignore_denied_capability'].strip().split(',')
+ else:
+ ignore_denied_capability = ['sudo', 'su']
+
+ if 'interface_theme' in config['']:
+ set_interface_theme(config['']['interface_theme'].strip())
+ else:
+ set_interface_theme('ubuntu')
+
+ # Todo: add more kinds of notifications
+ supported_prompt_filter = {'userns'}
+ if not args.prompt_filter and 'prompt_filter' in config['']:
+ args.prompt_filter = config['']['prompt_filter']
+ if args.prompt_filter:
+ args.prompt_filter = set(args.prompt_filter.strip().split(','))
+ unsupported = args.prompt_filter - supported_prompt_filter
+ if unsupported:
+ sys.exit(_('ERROR: using an unsupported prompt filter: {}\nSupported values: {}').format(', '.join(unsupported), ', '.join(supported_prompt_filter)))
+
if args.file:
logfile = args.file
elif os.path.isfile('/var/run/auditd.pid') and os.path.isfile('/var/log/audit/audit.log'):
@@ -505,12 +882,29 @@ def main():
if not args.user and os.getuid() == 0 and 'SUDO_USER' not in os.environ.keys():
sys.exit("ERROR: Cannot be started a real root user. Use --user to define what user to use.")
+ # Required to parse_record.
+ rl = ReadLog('', '', '')
+
+ # Initialize the list of profiles for can_allow_rule
+ aa.read_profiles()
+
# At this point this script needs to be able to read 'logfile' but once
# the for loop starts, privileges can be dropped since the file descriptor
# has been opened and access granted. Further reads of the file will not
# trigger any new permission checks.
# @TODO Plan to catch PermissionError here or..?
- for message in notify_about_new_entries(logfile, args.wait):
+ for (event, message) in notify_about_new_entries(logfile, filters, args.wait):
+ ev = rl.parse_record(event)
+
+ # @TODO redo special behaviours with a more regular function
+ # We ignore capability denials for binaries in ignore_denied_capability
+ if ev['operation'] == 'capable' and ev['comm'] in ignore_denied_capability:
+ continue
+
+ # Special behaivor for userns:
+ if args.prompt_filter and 'userns' in args.prompt_filter and customized_message['userns']['cond'](ev, userns_special_profiles):
+ if prompt_userns(ev, userns_special_profiles):
+ continue # Notification already displayed for this event, we go to the next one.
# Notifications should not be run as root, since root probably is
# the wrong desktop user and not the one getting the notifications.
@@ -520,16 +914,18 @@ def main():
if 'DBUS_SESSION_BUS_ADDRESS' not in os.environ:
os.environ['DBUS_SESSION_BUS_ADDRESS'] = 'unix:path=/run/user/{}/bus'.format(os.geteuid())
- # Before use, notify2 must be initialized and the DBUS channel
- # should be opened using the non-root user. This step needs to
- # be executed after the drop_privileges().
- notify2.init('AppArmor')
+ message = customize_notification_message(ev, message, userns_special_profiles)
n = notify2.Notification(
- _('AppArmor notification'),
+ _('AppArmor security notice'),
message,
'gtk-dialog-warning'
)
+
+ if can_allow_rule(ev, userns_special_profiles):
+ n.add_action('clicked', 'Allow', cb_add_to_profile, (event, rl, userns_special_profiles))
+ n.add_action('more_clicked', 'Show More', cb_more_info, (event, rl, userns_special_profiles))
+
n.show()
# When notification is sent, raise privileged back to root if the
@@ -537,9 +933,9 @@ def main():
raise_privileges()
elif args.since_last:
- show_entries_since_last_login(logfile)
+ show_entries_since_last_login(logfile, filters)
elif args.since_days:
- show_entries_since_days(logfile, args.since_days)
+ show_entries_since_days(logfile, args.since_days, filters)
else:
parser.print_help()
diff --git a/utils/aa-notify.8 b/utils/aa-notify.8
deleted file mode 100644
index 49fc6b0dd16fb29cb7e84431b2d4419e70c55454..0000000000000000000000000000000000000000
--- a/utils/aa-notify.8
+++ /dev/null
@@ -1,220 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-NOTIFY 8"
-.TH AA-NOTIFY 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-notify \- display information about logged AppArmor messages.
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-notify\fR [option]
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBaa-notify\fR will display a summary or provide desktop notifications
-for AppArmor \s-1DENIED\s0 messages.
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-\&\fBaa-notify\fR accepts the following arguments:
-.IP "\-p, \-\-poll" 4
-.IX Item "-p, --poll"
-poll AppArmor logs and display desktop notifications. Can be used with '\-s'
-option to display a summary on startup.
-.ie n .IP "\-\-display $DISPLAY" 4
-.el .IP "\-\-display \f(CW$DISPLAY\fR" 4
-.IX Item "--display $DISPLAY"
-set the \s-1DISPLAY\s0 environment variable to \f(CW$DISPLAY\fR
-(might be needed if sudo resets \f(CW$DISPLAY\fR)
-.IP "\-f \s-1FILE,\s0 \-\-file=FILE" 4
-.IX Item "-f FILE, --file=FILE"
-search \s-1FILE\s0 for AppArmor messages
-.IP "\-l, \-\-since\-last" 4
-.IX Item "-l, --since-last"
-show summary since last login.
-.IP "\-s \s-1NUM,\s0 \-\-since\-days=NUM" 4
-.IX Item "-s NUM, --since-days=NUM"
-show summary for last \s-1NUM\s0 of days.
-.IP "\-u \s-1USER,\s0 \-\-user=USER" 4
-.IX Item "-u USER, --user=USER"
-user to drop privileges to when running privileged. When used with the \-p
-option, this should be set to the user that will receive desktop notifications.
-This has no effect when running under sudo.
-.IP "\-w \s-1NUM,\s0 \-\-wait=NUM" 4
-.IX Item "-w NUM, --wait=NUM"
-wait \s-1NUM\s0 seconds before displaying notifications (for use with \-p)
-.IP "\-v, \-\-verbose" 4
-.IX Item "-v, --verbose"
-show messages with summaries.
-.IP "\-h, \-\-help" 4
-.IX Item "-h, --help"
-displays a short usage statement.
-.SH "CONFIGURATION"
-.IX Header "CONFIGURATION"
-System-wide configuration for \fBaa-notify\fR is done via
-/etc/apparmor/notify.conf:
-.PP
-.Vb 2
-\& # set to \*(Aqyes\*(Aq to enable AppArmor DENIED notifications
-\& show_notifications="yes"
-\&
-\& # only people in use_group can use aa\-notify
-\& use_group="admin"
-\&
-\& # OPTIONAL \- custom notification message body
-\& message_body="This is a custom notification message."
-\&
-\& # OPTIONAL \- custom notification message footer
-\& message_footer="For more information visit https://foo.com"
-.Ve
-.PP
-Per-user configuration is done via \f(CW$XDG_CONFIG_HOME\fR/apparmor/notify.conf (or
-the deprecated ~/.apparmor/notify.conf if it exists):
-.PP
-.Vb 2
-\& # set to \*(Aqyes\*(Aq to enable AppArmor DENIED notifications
-\& show_notifications="yes"
-.Ve
-.SH "BUGS"
-.IX Header "BUGS"
-\&\fBaa-notify\fR needs to be able to read the logfiles containing the
-AppArmor \s-1DENIED\s0 messages.
-.PP
-If you find any additional bugs, please report them to Gitlab at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7)
diff --git a/utils/aa-notify.8.html b/utils/aa-notify.8.html
deleted file mode 100644
index aa89b6ea6081bc38a273c7db3f630dc6eb2e1b24..0000000000000000000000000000000000000000
--- a/utils/aa-notify.8.html
+++ /dev/null
@@ -1,145 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>aa-notify - display information about logged AppArmor messages.</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-notify - display information about logged AppArmor messages.</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#OPTIONS">OPTIONS</a></li>
- <li><a href="#CONFIGURATION">CONFIGURATION</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>aa-notify - display information about logged AppArmor messages.</p>
-
-<h1 id="SYNOPSIS">SYNOPSIS</h1>
-
-<p><b>aa-notify</b> [option]</p>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p><b>aa-notify</b> will display a summary or provide desktop notifications for AppArmor DENIED messages.</p>
-
-<h1 id="OPTIONS">OPTIONS</h1>
-
-<p><b>aa-notify</b> accepts the following arguments:</p>
-
-<dl>
-
-<dt id="p---poll">-p, --poll</dt>
-<dd>
-
-<p>poll AppArmor logs and display desktop notifications. Can be used with '-s' option to display a summary on startup.</p>
-
-</dd>
-<dt id="display-DISPLAY">--display $DISPLAY</dt>
-<dd>
-
-<p>set the DISPLAY environment variable to $DISPLAY (might be needed if sudo resets $DISPLAY)</p>
-
-</dd>
-<dt id="f-FILE---file-FILE">-f FILE, --file=FILE</dt>
-<dd>
-
-<p>search FILE for AppArmor messages</p>
-
-</dd>
-<dt id="l---since-last">-l, --since-last</dt>
-<dd>
-
-<p>show summary since last login.</p>
-
-</dd>
-<dt id="s-NUM---since-days-NUM">-s NUM, --since-days=NUM</dt>
-<dd>
-
-<p>show summary for last NUM of days.</p>
-
-</dd>
-<dt id="u-USER---user-USER">-u USER, --user=USER</dt>
-<dd>
-
-<p>user to drop privileges to when running privileged. When used with the -p option, this should be set to the user that will receive desktop notifications. This has no effect when running under sudo.</p>
-
-</dd>
-<dt id="w-NUM---wait-NUM">-w NUM, --wait=NUM</dt>
-<dd>
-
-<p>wait NUM seconds before displaying notifications (for use with -p)</p>
-
-</dd>
-<dt id="v---verbose">-v, --verbose</dt>
-<dd>
-
-<p>show messages with summaries.</p>
-
-</dd>
-<dt id="h---help">-h, --help</dt>
-<dd>
-
-<p>displays a short usage statement.</p>
-
-</dd>
-</dl>
-
-<h1 id="CONFIGURATION">CONFIGURATION</h1>
-
-<p>System-wide configuration for <b>aa-notify</b> is done via /etc/apparmor/notify.conf:</p>
-
-<pre><code># set to 'yes' to enable AppArmor DENIED notifications
-show_notifications="yes"
-
-# only people in use_group can use aa-notify
-use_group="admin"
-
-# OPTIONAL - custom notification message body
-message_body="This is a custom notification message."
-
-# OPTIONAL - custom notification message footer
-message_footer="For more information visit https://foo.com"</code></pre>
-
-<p>Per-user configuration is done via $XDG_CONFIG_HOME/apparmor/notify.conf (or the deprecated ~/.apparmor/notify.conf if it exists):</p>
-
-<pre><code># set to 'yes' to enable AppArmor DENIED notifications
-show_notifications="yes"</code></pre>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p><b>aa-notify</b> needs to be able to read the logfiles containing the AppArmor DENIED messages.</p>
-
-<p>If you find any additional bugs, please report them to Gitlab at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7)</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-notify - display information about logged AppArmor messages.</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/utils/aa-notify.pod b/utils/aa-notify.pod
index 591385c75bea6dfa6f09f48b6cdf173bdfa574b8..fea8a25ee75a63b2a31bfaeb4e4bef42052c1695 100644
--- a/utils/aa-notify.pod
+++ b/utils/aa-notify.pod
@@ -86,11 +86,24 @@ displays a short usage statement.
System-wide configuration for B<aa-notify> is done via
/etc/apparmor/notify.conf:
- # set to 'yes' to enable AppArmor DENIED notifications
+ # Set to 'no' to disable AppArmor notifications globally
show_notifications="yes"
- # only people in use_group can use aa-notify
- use_group="admin"
+ # Special profiles used to remove privileges for unconfined binaries using user namespaces. If unsure, leave as is.
+ userns_special_profiles="unconfined,unprivileged_userns"
+
+ # Theme for aa-notify GUI. See https://ttkthemes.readthedocs.io/en/latest/themes.html for available themes.
+ interface_theme="ubuntu"
+
+ # Binaries for which we ignore userns-related capability denials
+ ignore_denied_capability="sudo,su"
+
+ # OPTIONAL - kind of operations which display a popup prompt.
+ prompt_filter="userns"
+
+ # OPTIONAL - restrict using aa-notify to users in the given group
+ # (if not set, everybody who has permissions to read the logfile can use it)
+ # use_group="admin"
# OPTIONAL - custom notification message body
message_body="This is a custom notification message."
@@ -98,6 +111,15 @@ System-wide configuration for B<aa-notify> is done via
# OPTIONAL - custom notification message footer
message_footer="For more information visit https://foo.com"
+ # OPTIONAL - custom notification filtering
+ # Filters are used to reduce the output of information to only those entries that will match the filter. Filters use Python's regular expression syntax.
+ filter.profile="^(foo|bar)$" # Match the profile: Only shows notifications for profiles "foo" or "bar"
+ filter.operation="^open$" # Match the operation: Only shows notifications for "open" operation
+ filter.name="^(?!/usr/lib/)" # Match the name: Excludes notifications for names starting by "/usr/lib/"
+ filter.denied="^r$" # Match the denied_mask: Only shows notifications where "r", and only "r", was denied
+ filter.family="^inet$" # Match the network family: Only shows notifications for "inet" family
+ filter.socket="stream" # Match the network socket type: Only shows notifications for "stream" sockets
+
Per-user configuration is done via $XDG_CONFIG_HOME/apparmor/notify.conf (or
the deprecated ~/.apparmor/notify.conf if it exists):
diff --git a/utils/aa-remove-unknown b/utils/aa-remove-unknown
index 0e00d6a0327bf98b594b6d9b5c455a0a1b7537f3..0011a9081036ed3c63b33613a1bc32f1014a6566 100755
--- a/utils/aa-remove-unknown
+++ b/utils/aa-remove-unknown
@@ -63,7 +63,7 @@ fi
# We have to do this check because error checking awk's getline() below is
# tricky and, as is, results in an infinite loop when apparmorfs returns an
# error from open().
-if ! IFS= read -r _ < "$PROFILES" ; then
+if ! true < "$PROFILES" ; then
echo "ERROR: Unable to read apparmorfs profiles file" 1>&2
exit 1
elif [ ! -w "$REMOVE" ] ; then
@@ -89,9 +89,9 @@ LOADED_PROFILES=$("$PARSER" -N $PROFILE_DIRS) || {
echo "$LOADED_PROFILES" | awk '
BEGIN {
while (getline < "'${PROFILES}'" ) {
- str = sub(/ \((enforce|complain)\)$/, "", $0);
+ sub(/ \((enforce|complain|prompt|kill|unconfined)\)$/, "", $0);
if (match($0, /^libvirt-[0-9a-f\-]+$/) == 0)
- arr[$str] = $str
+ arr[$0] = $0
}
}
diff --git a/utils/aa-remove-unknown.8 b/utils/aa-remove-unknown.8
deleted file mode 100644
index b045e06b8e2ca65fe1bda6250c8bc7ea5dfbf1af..0000000000000000000000000000000000000000
--- a/utils/aa-remove-unknown.8
+++ /dev/null
@@ -1,177 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-REMOVE-UNKNOWN 8"
-.TH AA-REMOVE-UNKNOWN 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-remove\-unknown \- remove unknown AppArmor profiles
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-remove-unknown\fR [option]
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBaa-remove-unknown\fR will inventory all profiles in /etc/apparmor.d/, compare
-that list to the profiles currently loaded into the kernel, and then remove all
-of the loaded profiles that were not found in /etc/apparmor.d/. It will also
-report the name of each profile that it removes on standard out.
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-.IP "\-h, \-\-help" 4
-.IX Item "-h, --help"
-displays a short usage statement.
-.IP "\-n" 4
-.IX Item "-n"
-dry run; only prints the names of profiles that would be removed
-.SH "EXAMPLES"
-.IX Header "EXAMPLES"
-.Vb 3
-\& $ sudo ./aa\-remove\-unknown \-n
-\& Would remove \*(Aqtest//null\-/usr/bin/whoami\*(Aq
-\& Would remove \*(Aqtest\*(Aq
-\&
-\& $ sudo ./aa\-remove\-unknown
-\& Removing \*(Aqtest//null\-/usr/bin/whoami\*(Aq
-\& Removing \*(Aqtest\*(Aq
-.Ve
-.SH "BUGS"
-.IX Header "BUGS"
-None. Please report any you find to Gitlab at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7)
diff --git a/utils/aa-remove-unknown.8.html b/utils/aa-remove-unknown.8.html
deleted file mode 100644
index ebd25447314e56ecf0d8c2696f9197078c3dc805..0000000000000000000000000000000000000000
--- a/utils/aa-remove-unknown.8.html
+++ /dev/null
@@ -1,88 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>aa-remove-unknown - remove unknown AppArmor profiles</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-remove-unknown - remove unknown AppArmor profiles</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#OPTIONS">OPTIONS</a></li>
- <li><a href="#EXAMPLES">EXAMPLES</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>aa-remove-unknown - remove unknown AppArmor profiles</p>
-
-<h1 id="SYNOPSIS">SYNOPSIS</h1>
-
-<p><b>aa-remove-unknown</b> [option]</p>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p><b>aa-remove-unknown</b> will inventory all profiles in /etc/apparmor.d/, compare that list to the profiles currently loaded into the kernel, and then remove all of the loaded profiles that were not found in /etc/apparmor.d/. It will also report the name of each profile that it removes on standard out.</p>
-
-<h1 id="OPTIONS">OPTIONS</h1>
-
-<dl>
-
-<dt id="h---help">-h, --help</dt>
-<dd>
-
-<p>displays a short usage statement.</p>
-
-</dd>
-<dt id="n">-n</dt>
-<dd>
-
-<p>dry run; only prints the names of profiles that would be removed</p>
-
-</dd>
-</dl>
-
-<h1 id="EXAMPLES">EXAMPLES</h1>
-
-<pre><code>$ sudo ./aa-remove-unknown -n
-Would remove 'test//null-/usr/bin/whoami'
-Would remove 'test'
-
-$ sudo ./aa-remove-unknown
-Removing 'test//null-/usr/bin/whoami'
-Removing 'test'</code></pre>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p>None. Please report any you find to Gitlab at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7)</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-remove-unknown - remove unknown AppArmor profiles</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/utils/aa-unconfined b/utils/aa-unconfined
index 2660c582645634f682484f20fa6b32effd2cc800..0e4c963a29ac2ce1976c04201fb66e03c4089a5b 100755
--- a/utils/aa-unconfined
+++ b/utils/aa-unconfined
@@ -29,14 +29,26 @@ enable_aa_exception_handler() # setup exception handling
_ = init_translation() # setup module translations
parser = argparse.ArgumentParser(description=_("Lists unconfined processes having tcp or udp ports"))
-parser.add_argument("--paranoid", action="store_true", help=_("scan all processes from /proc"))
+parser.add_argument("--paranoid", action="store_true", help=_("scan all processes"))
+parser.add_argument("--show", default=None, type=str, help=_("all | network | server | client"))
+parser.add_argument("--short", action="store_true", help=_("only display processes that are unconfined"))
parser.add_argument('--configdir', type=str, help=argparse.SUPPRESS)
bin_group = parser.add_mutually_exclusive_group()
bin_group.add_argument("--with-ss", action='store_true', help=_("use ss(8) to find listening processes (default)"))
bin_group.add_argument("--with-netstat", action='store_true', help=_("use netstat(8) to find listening processes"))
args = parser.parse_args()
-paranoid = args.paranoid
+# set default set of processes to show
+show = 'server'
+
+if args.paranoid:
+ if args.show is not None and args.show != 'all':
+ raise AppArmorException(_("Arguments --paranoid and --show=%s conflict") % args.show)
+ show = 'all'
+if args.show is not None:
+ if not args.show or args.show not in ['all', 'network', 'server', 'client']:
+ raise AppArmorException(_("Argument --show invalid value '%s'") % args.show)
+ show = args.show
aa.init_aa(confdir=args.configdir)
@@ -45,12 +57,21 @@ if not aa_mountpoint:
raise AppArmorException(_("It seems AppArmor was not started. Please enable AppArmor and try again."))
+def map_show_to_flags(show):
+ flags = '-nlp'
+ if show == 'client':
+ flags = '-np'
+ elif show == 'network':
+ flags = '-nap'
+ return flags
+
+
def get_all_pids():
"""Return a set of all pids via walking /proc"""
return set(filter(lambda x: re.search(r"^\d+$", x), aa.get_subdirectories("/proc")))
-def get_pids_ss(ss='ss'):
+def get_pids_ss(flags, ss='ss'):
"""Get a set of pids listening on network sockets via ss(8)"""
regex_lines = re.compile(r"^(tcp|udp|raw|p_dgr)\s.+\s+users:(?P<users>\(\(.*\)\))$")
regex_users_pids = re.compile(r'(\("[^"]+",(pid=)?(\d+),[^)]+\))')
@@ -60,7 +81,7 @@ def get_pids_ss(ss='ss'):
my_env['LANG'] = 'C'
my_env['PATH'] = '/bin:/usr/bin:/sbin:/usr/sbin'
for family in ['inet', 'inet6', 'link']:
- cmd = [ss, '-nlp', '--family', family]
+ cmd = [ss, flags, '--family', family]
if sys.version_info < (3, 0):
output = subprocess.check_output(cmd, shell=False, env=my_env).split("\n")
else:
@@ -76,11 +97,11 @@ def get_pids_ss(ss='ss'):
return pids
-def get_pids_netstat(netstat='netstat'):
+def get_pids_netstat(flags, netstat='netstat'):
"""Get a set of pids listening on network sockets via netstat(8)"""
regex_tcp_udp = re.compile(r"^(tcp|udp|raw)6?\s+\d+\s+\d+\s+\S+:(\d+)\s+\S+:(\*|\d+)\s+(LISTEN|\d+|\s+)\s+(?P<pid>\d+)/(\S+)")
- cmd = [netstat, '-nlp', '--protocol', 'inet,inet6']
+ cmd = [netstat, flags, '--protocol', 'inet,inet6']
my_env = os.environ.copy()
my_env['LANG'] = 'C'
my_env['PATH'] = '/bin:/usr/bin:/sbin:/usr/sbin'
@@ -101,13 +122,18 @@ def get_pids_netstat(netstat='netstat'):
def read_proc_current(filename):
attr = None
- if os.path.exists(filename):
+ try:
+ # don't bother with if os.path.exists(filename): there is always a race
with open_file_read(filename) as current:
for line in current:
line = line.strip()
- if line.endswith(' (complain)', 1) or line.endswith(' (enforce)', 1) or line.endswith(' (kill)', 1): # enforce at least one char as profile name
+ if line.endswith(' (complain)', 1) or line.endswith(' (enforce)', 1) or line.endswith(' (kill)', 1) or line.endswith(' (user)', 1) or line.endswith(' (mixed)', 1): # enforce at least one char as profile name
# intentionally not checking for '(unconfined)', because $binary confined by $profile (unconfined) would look very confusing
attr = line
+ except OSError:
+ # just ignore errors atm
+ # print("Error trying to open {filename}")
+ return None
return attr
@@ -122,12 +148,12 @@ def escape_special_chars(data):
pids = set()
-if paranoid:
+if show == 'all':
pids = get_all_pids()
elif args.with_ss or (not args.with_netstat and (aa.which("ss") is not None)):
- pids = get_pids_ss()
+ pids = get_pids_ss(map_show_to_flags(show))
else:
- pids = get_pids_netstat()
+ pids = get_pids_netstat(map_show_to_flags(show))
for pid in sorted(map(int, pids)):
try:
@@ -164,7 +190,7 @@ for pid in sorted(map(int, pids)):
if pname and pname[-1] == ')':
pname = ' ' + pname
ui.UI_Info(_("%(pid)s %(program)s%(pname)s not confined") % {'pid': pid, 'program': prog, 'pname': pname})
- else:
+ elif not args.short:
if regex_interpreter.search(prog):
cmdline = re.sub(r"\0", " ", cmdline)
cmdline = re.sub(r"\s+$", "", cmdline).strip()
diff --git a/utils/aa-unconfined.8 b/utils/aa-unconfined.8
deleted file mode 100644
index 1260dd75986f7a2aed978c2d4828647e03466fc7..0000000000000000000000000000000000000000
--- a/utils/aa-unconfined.8
+++ /dev/null
@@ -1,183 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "AA-UNCONFINED 8"
-.TH AA-UNCONFINED 8 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-aa\-unconfined \- output a list of processes with tcp or udp ports that do
-not have AppArmor profiles loaded
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBaa-unconfined [\f(BI\-\-paranoid\fB] [\f(BI\-\-with\-ss\fB | \f(BI\-\-with\-netstat\fB]\fR
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-.IP "\fB\-\-paranoid\fR" 4
-.IX Item "--paranoid"
-Displays all processes from \fI/proc\fR filesystem with tcp or udp ports
-that do not have AppArmor profiles loaded.
-.IP "\fB\-\-with\-ss\fR" 4
-.IX Item "--with-ss"
-Use the \fBss\fR\|(8) command to find processes listening on network sockets
-(the default).
-.IP "\fB\-\-with\-netstat\fR" 4
-.IX Item "--with-netstat"
-Use the \fBnetstat\fR\|(8) command to find processes listening on network
-sockets. This is also what aa-unconfined will fall back to when \fBss\fR\|(8)
-is not available.
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fBaa-unconfined\fR will use \fBnetstat\fR\|(8) to determine which processes have open
-network sockets and do not have AppArmor profiles loaded into the kernel.
-.SH "BUGS"
-.IX Header "BUGS"
-\&\fBaa-unconfined\fR must be run as root to retrieve the process executable
-link from the \fI/proc\fR filesystem. This program is susceptible to race
-conditions of several flavours: an unlinked executable will be mishandled;
-an executable started before an AppArmor profile is loaded will not
-appear in the output, despite running without confinement; a process that dies
-between the \fBnetstat\fR\|(8) and further checks will be mishandled. This
-program only lists processes using \s-1TCP\s0 and \s-1UDP.\s0 In short, this
-program is unsuitable for forensics use and is provided only as an aid
-to profiling all network-accessible processes in the lab.
-.PP
-If you find any bugs, please report them at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBss\fR\|(8), \fBnetstat\fR\|(8), \fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa_change_hat\fR\|(2), and
-<https://wiki.apparmor.net>.
diff --git a/utils/aa-unconfined.8.html b/utils/aa-unconfined.8.html
deleted file mode 100644
index 6840327f0c6a114cab9b4d0c11fc2de82dd9b37b..0000000000000000000000000000000000000000
--- a/utils/aa-unconfined.8.html
+++ /dev/null
@@ -1,85 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>aa-unconfined - output a list of processes with tcp or udp ports that do not have AppArmor profiles loaded</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-unconfined - output a list of processes with tcp or udp ports that do not have AppArmor profiles loaded</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
- <li><a href="#OPTIONS">OPTIONS</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>aa-unconfined - output a list of processes with tcp or udp ports that do not have AppArmor profiles loaded</p>
-
-<h1 id="SYNOPSIS">SYNOPSIS</h1>
-
-<p><b>aa-unconfined [<i>--paranoid</i>] [<i>--with-ss</i> | <i>--with-netstat</i>]</b></p>
-
-<h1 id="OPTIONS">OPTIONS</h1>
-
-<dl>
-
-<dt id="paranoid"><b>--paranoid</b></dt>
-<dd>
-
-<p>Displays all processes from <i>/proc</i> filesystem with tcp or udp ports that do not have AppArmor profiles loaded.</p>
-
-</dd>
-<dt id="with-ss"><b>--with-ss</b></dt>
-<dd>
-
-<p>Use the ss(8) command to find processes listening on network sockets (the default).</p>
-
-</dd>
-<dt id="with-netstat"><b>--with-netstat</b></dt>
-<dd>
-
-<p>Use the netstat(8) command to find processes listening on network sockets. This is also what aa-unconfined will fall back to when ss(8) is not available.</p>
-
-</dd>
-</dl>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p><b>aa-unconfined</b> will use netstat(8) to determine which processes have open network sockets and do not have AppArmor profiles loaded into the kernel.</p>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p><b>aa-unconfined</b> must be run as root to retrieve the process executable link from the <i>/proc</i> filesystem. This program is susceptible to race conditions of several flavours: an unlinked executable will be mishandled; an executable started before an AppArmor profile is loaded will not appear in the output, despite running without confinement; a process that dies between the netstat(8) and further checks will be mishandled. This program only lists processes using TCP and UDP. In short, this program is unsuitable for forensics use and is provided only as an aid to profiling all network-accessible processes in the lab.</p>
-
-<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>ss(8), netstat(8), apparmor(7), apparmor.d(5), aa_change_hat(2), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> aa-unconfined - output a list of processes with tcp or udp ports that do not have AppArmor profiles loaded</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/utils/aa-unconfined.pod b/utils/aa-unconfined.pod
index 469c5ae445c17723195c44d8e316ab66c1b80e4b..fd111488a0a2dc59233874708476b5169b6d5517 100644
--- a/utils/aa-unconfined.pod
+++ b/utils/aa-unconfined.pod
@@ -27,7 +27,7 @@ not have AppArmor profiles loaded
=head1 SYNOPSIS
-B<aa-unconfined [I<--paranoid>] [I<--with-ss> | I<--with-netstat>]>
+B<aa-unconfined [options] [I<--with-ss> | I<--with-netstat>]>
=head1 OPTIONS
@@ -35,8 +35,22 @@ B<aa-unconfined [I<--paranoid>] [I<--with-ss> | I<--with-netstat>]>
=item B<--paranoid>
-Displays all processes from F</proc> filesystem with tcp or udp ports
-that do not have AppArmor profiles loaded.
+Displays all processes visible from F</proc> filesystem, and whether they
+are confined by a profile or "not confined". Equivalent to
+I<--show=all>.
+
+=item B<--show=(all|network|server|client)>
+
+Determines the set of processes to be displayed.
+
+I<--show=all> show all processes is equivalent to I<--paranoid>
+
+I<--show=network> show only process with any sockets open.
+
+I<--show=server> show only processes with listening sockets open. This is
+the B<default> value if I<--show=> or I<--paranoid> are not specified.
+
+I<--show=client> show only processes with non-listening sockets open.
=item B<--with-ss>
diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index 2dfeb3541cebc35c6e390cacbf11d4cc9094ff14..48178f99acf4767c9d8f9870b09131d25909f15e 100644
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -17,7 +17,6 @@ import atexit
import os
import re
import shutil
-import subprocess # nosec
import sys
import time
import traceback
@@ -27,7 +26,6 @@ from tempfile import NamedTemporaryFile
import apparmor.config
import apparmor.logparser
-import apparmor.rules as aarules
import apparmor.severity
import apparmor.ui as aaui
from apparmor.aare import AARE
@@ -39,17 +37,12 @@ from apparmor.profile_storage import ProfileStorage, add_or_remove_flag, ruletyp
from apparmor.regex import (
RE_HAS_COMMENT_SPLIT, RE_PROFILE_CHANGE_HAT, RE_PROFILE_CONDITIONAL,
RE_PROFILE_CONDITIONAL_BOOLEAN, RE_PROFILE_CONDITIONAL_VARIABLE, RE_PROFILE_END,
- RE_PROFILE_HAT_DEF, RE_PROFILE_MOUNT, RE_PROFILE_PIVOT_ROOT, RE_PROFILE_START,
- RE_PROFILE_UNIX, RE_RULE_HAS_COMMA, parse_profile_start_line, re_match_include)
+ RE_PROFILE_HAT_DEF, RE_PROFILE_START,
+ RE_RULE_HAS_COMMA, parse_profile_start_line, re_match_include)
from apparmor.rule.abi import AbiRule
-from apparmor.rule.capability import CapabilityRule
-from apparmor.rule.change_profile import ChangeProfileRule
-from apparmor.rule.dbus import DbusRule
from apparmor.rule.file import FileRule
from apparmor.rule.include import IncludeRule
-from apparmor.rule.network import NetworkRule
-from apparmor.rule.ptrace import PtraceRule
-from apparmor.rule.signal import SignalRule
+from apparmor.logparser import ReadLog
from apparmor.translations import init_translation
_ = init_translation()
@@ -60,7 +53,6 @@ debug_logger = DebugLogger('aa')
# The database for severity
sev_db = None
# The file to read log messages from
-### Was our
logfile = None
CONFDIR = None
@@ -70,7 +62,9 @@ cfg = None
parser = None
profile_dir = None
extra_profile_dir = None
-### end our
+
+use_abstractions = True
+
# To keep track of previously included profile fragments
include = dict()
@@ -86,12 +80,10 @@ transitions = {}
aa = {} # Profiles originally in sd, replace by aa
original_aa = hasher()
-### end our
changed = dict()
created = []
helpers = dict() # Preserve this between passes # was our
-### logprof ends
def reset_aa():
@@ -235,7 +227,7 @@ def get_new_profile_filename(profile):
# Remove leading /
filename = profile[1:]
else:
- filename = "profile_" + profile
+ filename = profile
filename = filename.replace('/', '.')
filename = os.path.join(profile_dir, filename)
return filename
@@ -278,7 +270,7 @@ def set_complain(filename, program):
# a force-complain symlink is more packaging-friendly, but breaks caching
# create_symlink('force-complain', filename)
delete_symlink('disable', filename)
- change_profile_flags(filename, program, ['enforce', 'kill', 'unconfined', 'prompt'], False) # remove conflicting mode flags
+ change_profile_flags(filename, program, ['enforce', 'kill', 'unconfined', 'prompt', 'default_allow'], False) # remove conflicting mode flags
change_profile_flags(filename, program, 'complain', True)
@@ -287,7 +279,12 @@ def set_enforce(filename, program):
aaui.UI_Info(_('Setting %s to enforce mode.') % (filename if program is None else program))
delete_symlink('force-complain', filename)
delete_symlink('disable', filename)
- change_profile_flags(filename, program, ['complain', 'kill', 'unconfined', 'prompt'], False) # remove conflicting and complain mode flags
+ change_profile_flags(filename, program, ['complain', 'kill', 'unconfined', 'prompt', 'default_allow'], False) # remove conflicting and complain mode flags
+
+
+def disable_abstractions():
+ global use_abstractions
+ use_abstractions = False
def delete_symlink(subdir, filename):
@@ -315,7 +312,7 @@ def create_symlink(subdir, filename):
if not os.path.exists(link):
try:
os.symlink(filename, link)
- except:
+ except OSError:
raise AppArmorException(
_('Could not create %(link)s symlink to %(file)s.')
% {'link': link, 'file': filename})
@@ -323,91 +320,29 @@ def create_symlink(subdir, filename):
def head(file):
"""Returns the first/head line of the file"""
- first = ''
if os.path.isfile(file):
with open_file_read(file) as f_in:
try:
first = f_in.readline().rstrip()
except UnicodeDecodeError:
- pass
+ first = ''
return first
else:
raise AppArmorException(_('Unable to read first line from %s: File Not Found') % file)
-def get_output(params):
- """Runs the program with the given args and returns the return code and stdout (as list of lines)"""
+def check_output_dir(output_dir):
+ if os.path.isdir(output_dir):
+ return True
+ elif os.path.exists(output_dir):
+ raise AppArmorException(_("%(dir) exists and is not a directory") % {'dir': output_dir})
try:
- # Get the output of the program
- output = subprocess.check_output(params) # nosec
- ret = 0
+ os.mkdir(output_dir, mode=0o700)
except OSError as e:
raise AppArmorException(
- _("Unable to fork: %(program)s\n\t%(error)s")
- % {'program': params[0], 'error': str(e)})
- except subprocess.CalledProcessError as e: # If exit code != 0
- output = e.output
- ret = e.returncode
-
- output = output.decode('utf-8').split('\n')
-
- # Remove the extra empty string caused due to \n if present
- if not output[-1]:
- output.pop()
-
- return (ret, output)
-
-
-def get_reqs(file):
- """Returns a list of paths from ldd output"""
- pattern1 = re.compile(r'^\s*\S+ => (/\S+)')
- pattern2 = re.compile(r'^\s*(/\S+)')
- reqs = []
-
- ldd = conf.find_first_file(cfg['settings'].get('ldd')) or '/usr/bin/ldd'
- if not os.path.isfile(ldd) or not os.access(ldd, os.EX_OK):
- raise AppArmorException("Can't find ldd")
-
- ret, ldd_out = get_output((ldd, file))
- if ret == 0 or ret == 1:
- for line in ldd_out:
- if 'not a dynamic executable' in line: # comes with ret == 1
- break
- if 'cannot read header' in line:
- break
- if 'statically linked' in line:
- break
- match = pattern1.search(line)
- if match:
- reqs.append(match.groups()[0])
- else:
- match = pattern2.search(line)
- if match:
- reqs.append(match.groups()[0])
- return reqs
-
-
-def handle_binfmt(profile, path):
- """Modifies the profile to add the requirements"""
- reqs_processed = dict()
- reqs = get_reqs(path)
- while reqs:
- library = reqs.pop()
- library = get_full_path(library) # resolve symlinks
- if not reqs_processed.get(library, False):
- if get_reqs(library):
- reqs.extend(get_reqs(library))
- reqs_processed[library] = True
-
- library_rule = FileRule(library, 'mr', None, FileRule.ALL, owner=False, log_event=True)
-
- if not is_known_rule(profile, 'file', library_rule):
- globbed_library = glob_common(library)
- if globbed_library:
- # glob_common returns a list, just use the first element (typically '/lib/libfoo.so.*')
- library_rule = FileRule(globbed_library[0], 'mr', None, FileRule.ALL, owner=False)
-
- profile['file'].add(library_rule)
+ _("Unable to create output directory %(dir)s\n\t%(error)s")
+ % {'dir': output_dir, 'error': str(e)}
+ )
def get_interpreter_and_abstraction(exec_target):
@@ -472,16 +407,14 @@ def create_new_profile(localfile, is_stub=False):
else:
aaui.UI_Important(_("WARNING: Can't find %s, therefore not adding it to the new profile.") % abstraction)
- handle_binfmt(local_profile[localfile], interpreter_path)
else:
local_profile[localfile]['file'].add(FileRule(localfile, 'mr', None, FileRule.ALL, owner=False))
- handle_binfmt(local_profile[localfile], localfile)
# Add required hats to the profile if they match the localfile
for hatglob in cfg['required_hats'].keys():
if re.search(hatglob, localfile):
for hat in sorted(cfg['required_hats'][hatglob].split()):
- full_hat = combine_profname([localfile, hat])
+ full_hat = combine_profname((localfile, hat))
if not local_profile.get(full_hat, False):
local_profile[full_hat] = ProfileStorage('NEW', hat, 'create_new_profile() required_hats')
local_profile[full_hat]['is_hat'] = True
@@ -491,7 +424,7 @@ def create_new_profile(localfile, is_stub=False):
created.append(localfile)
changed[localfile] = True
- debug_logger.debug("Profile for %s:\n\t%s" % (localfile, local_profile.__str__()))
+ debug_logger.debug("Profile for %s:\n\t%s", localfile, local_profile)
return local_profile
@@ -600,8 +533,8 @@ def autodep(bin_name, pname=''):
active_profiles.add_profile(file, pname, attachment)
- if os.path.isfile(profile_dir + '/abi/3.0'):
- active_profiles.add_abi(file, AbiRule('abi/3.0', False, True))
+ if os.path.isfile(profile_dir + '/abi/4.0'):
+ active_profiles.add_abi(file, AbiRule('abi/4.0', False, True))
if os.path.isfile(profile_dir + '/tunables/global'):
active_profiles.add_inc_ie(file, IncludeRule('tunables/global', False, True))
write_profile_ui_feedback(pname)
@@ -637,7 +570,7 @@ def change_profile_flags(prof_filename, program, flag, set_flag):
found = False
depth = -1
- if not flag or (type(flag) is str and not flag.strip()):
+ if not flag or (isinstance(flag, str) and not flag.strip()):
raise AppArmorBug('New flag for %s is empty' % prof_filename)
with open_file_read(prof_filename) as f_in:
@@ -830,9 +763,12 @@ def ask_exec(hashlog):
raise AppArmorBug(
'exec permissions requested for directory %s (profile %s). This should not happen - please open a bugreport!' % (exec_target, full_profile))
- if not aa[profile].get(hat):
+ if not aa.get(profile):
continue # ignore log entries for non-existing profiles
+ if not aa[profile].get(hat):
+ continue # ignore log entries for non-existing hats
+
exec_event = FileRule(exec_target, None, FileRule.ANY_EXEC, FileRule.ALL, owner=False, log_event=True)
if is_known_rule(aa[profile][hat], 'file', exec_event):
continue
@@ -843,181 +779,179 @@ def ask_exec(hashlog):
exec_mode = False
file_perm = None
- if True:
- options = cfg['qualifiers'].get(exec_target, 'ipcnu')
-
- # If profiled program executes itself only 'ix' option
- # if exec_target == profile:
- # options = 'i'
-
- # Don't allow hats to cx?
- if '//' in hashlog[aamode][full_profile]['final_name'] and hashlog[aamode][full_profile]['exec'].keys():
- options = options.replace('c', '')
-
- # Add deny to options
- options += 'd'
- # Define the default option
- default = None
- if 'p' in options and os.path.exists(get_profile_filename_from_attachment(exec_target, True)):
- default = 'CMD_px'
- sys.stdout.write(_('Target profile exists: %s\n') % get_profile_filename_from_attachment(exec_target, True))
- elif 'i' in options:
- default = 'CMD_ix'
- elif 'c' in options:
- default = 'CMD_cx'
- elif 'n' in options:
- default = 'CMD_nx'
- else:
- default = 'DENY'
+ options = cfg['qualifiers'].get(exec_target, 'ipcnu')
+
+ # If profiled program executes itself only 'ix' option
+ # if exec_target == profile:
+ # options = 'i'
+
+ # Don't allow hats to cx (nested profiles not supported by aa-logprof yet)
+ if '//' in hashlog[aamode][full_profile]['final_name'] and hashlog[aamode][full_profile]['exec'].keys():
+ options = options.replace('c', '')
+
+ # Add deny to options
+ options += 'd'
+ # Define the default option
+ default = None
+ if 'p' in options and os.path.exists(get_profile_filename_from_attachment(exec_target, True)):
+ default = 'CMD_px'
+ sys.stdout.write(_('Target profile exists: %s\n') % get_profile_filename_from_attachment(exec_target, True))
+ elif 'i' in options:
+ default = 'CMD_ix'
+ elif 'c' in options:
+ default = 'CMD_cx'
+ elif 'n' in options:
+ default = 'CMD_nx'
+ else:
+ default = 'DENY'
- #
- parent_uses_ld_xxx = check_for_LD_XXX(profile)
+ #
+ parent_uses_ld_xxx = check_for_LD_XXX(profile)
- prof_filename = get_profile_filename_from_profile_name(profile)
- if prof_filename and active_profiles.files.get(prof_filename):
- sev_db.set_variables(active_profiles.get_all_merged_variables(
- prof_filename,
- include_list_recursive(active_profiles.files[prof_filename], True)))
- else:
- sev_db.set_variables({})
+ prof_filename = get_profile_filename_from_profile_name(profile)
+ if prof_filename and active_profiles.files.get(prof_filename):
+ sev_db.set_variables(active_profiles.get_all_merged_variables(
+ prof_filename,
+ include_list_recursive(active_profiles.files[prof_filename], True)))
+ else:
+ sev_db.set_variables({})
- severity = sev_db.rank_path(exec_target, 'x')
+ severity = sev_db.rank_path(exec_target, 'x')
- # Prompt portion starts
- q = aaui.PromptQuestion()
+ # Prompt portion starts
+ q = aaui.PromptQuestion()
- q.headers.extend((
- _('Profile'), combine_name(profile, hat),
+ q.headers.extend((
+ _('Profile'), combine_name(profile, hat),
- # to_name should not exist here since, transitioning is already handled
- _('Execute'), exec_target,
- _('Severity'), severity,
- ))
+ # to_name should not exist here since, transitioning is already handled
+ _('Execute'), exec_target,
+ _('Severity'), severity,
+ ))
- exec_toggle = False
- q.functions.extend(build_x_functions(default, options, exec_toggle))
+ exec_toggle = False
+ q.functions.extend(build_x_functions(default, options, exec_toggle))
+ q.already_have_profile = get_profile_filename_from_attachment(exec_target)
- # ask user about the exec mode to use
- ans = ''
- while ans not in ('CMD_ix', 'CMD_px', 'CMD_cx', 'CMD_nx', 'CMD_pix', 'CMD_cix', 'CMD_nix', 'CMD_ux', 'CMD_DENY'): # add '(I)gnore'? (hotkey conflict with '(i)x'!)
- ans = q.promptUser()[0]
+ # ask user about the exec mode to use
+ ans = ''
+ while ans not in ('CMD_ix', 'CMD_px', 'CMD_cx', 'CMD_nx', 'CMD_pix', 'CMD_cix', 'CMD_nix', 'CMD_ux', 'CMD_DENY'): # add '(I)gnore'? (hotkey conflict with '(i)x'!)
+ ans = q.promptUser()[0]
- if ans.startswith('CMD_EXEC_IX_'):
- exec_toggle = not exec_toggle
- q.functions = build_x_functions(default, options, exec_toggle)
- ans = ''
- continue
+ if ans.startswith('CMD_EXEC_IX_'):
+ exec_toggle = not exec_toggle
+ q.functions = build_x_functions(default, options, exec_toggle)
+ ans = ''
+ continue
- if ans == 'CMD_FINISHED':
- save_profiles()
- return
+ if ans == 'CMD_FINISHED':
+ save_profiles()
+ return
- if ans == 'CMD_nx' or ans == 'CMD_nix':
- arg = exec_target
- ynans = 'n'
- if profile == hat:
- ynans = aaui.UI_YesNo(_('Are you specifying a transition to a local profile?'), 'n')
- if ynans == 'y':
- if ans == 'CMD_nx':
- ans = 'CMD_cx'
- else:
- ans = 'CMD_cix'
+ if ans == 'CMD_nx' or ans == 'CMD_nix':
+ arg = exec_target
+ ynans = 'n'
+ if profile == hat:
+ ynans = aaui.UI_YesNo(_('Are you specifying a transition to a local profile?'), 'n')
+ if ynans == 'y':
+ if ans == 'CMD_nx':
+ ans = 'CMD_cx'
else:
- if ans == 'CMD_nx':
- ans = 'CMD_px'
- else:
- ans = 'CMD_pix'
-
- to_name = aaui.UI_GetString(_('Enter profile name to transition to: '), arg)
-
- if ans == 'CMD_ix':
- exec_mode = 'ix'
- elif ans in ('CMD_px', 'CMD_cx', 'CMD_pix', 'CMD_cix'):
- exec_mode = ans.replace('CMD_', '')
+ ans = 'CMD_cix'
+ else:
+ if ans == 'CMD_nx':
+ ans = 'CMD_px'
+ else:
+ ans = 'CMD_pix'
+
+ to_name = aaui.UI_GetString(_('Enter profile name to transition to: '), arg)
+
+ if ans == 'CMD_ix':
+ exec_mode = 'ix'
+ elif ans in ('CMD_px', 'CMD_cx', 'CMD_pix', 'CMD_cix'):
+ exec_mode = ans.replace('CMD_', '')
+ px_msg = _(
+ "Should AppArmor sanitise the environment when\n"
+ "switching profiles?\n"
+ "\n"
+ "Sanitising environment is more secure,\n"
+ "but some applications depend on the presence\n"
+ "of LD_PRELOAD or LD_LIBRARY_PATH.")
+ if parent_uses_ld_xxx:
px_msg = _(
"Should AppArmor sanitise the environment when\n"
"switching profiles?\n"
"\n"
"Sanitising environment is more secure,\n"
- "but some applications depend on the presence\n"
- "of LD_PRELOAD or LD_LIBRARY_PATH.")
- if parent_uses_ld_xxx:
- px_msg = _(
- "Should AppArmor sanitise the environment when\n"
- "switching profiles?\n"
- "\n"
- "Sanitising environment is more secure,\n"
- "but this application appears to be using LD_PRELOAD\n"
- "or LD_LIBRARY_PATH and sanitising the environment\n"
- "could cause functionality problems.")
-
- ynans = aaui.UI_YesNo(px_msg, 'y')
- if ynans == 'y':
- # Disable the unsafe mode
- exec_mode = exec_mode.capitalize()
- elif ans == 'CMD_ux':
- exec_mode = 'ux'
+ "but this application appears to be using LD_PRELOAD\n"
+ "or LD_LIBRARY_PATH and sanitising the environment\n"
+ "could cause functionality problems.")
+
+ ynans = aaui.UI_YesNo(px_msg, 'y')
+ if ynans == 'y':
+ # Disable the unsafe mode
+ exec_mode = exec_mode.capitalize()
+ elif ans == 'CMD_ux':
+ exec_mode = 'ux'
+ ynans = aaui.UI_YesNo(_(
+ "Launching processes in an unconfined state is a very\n"
+ "dangerous operation and can cause serious security holes.\n"
+ "\n"
+ "Are you absolutely certain you wish to remove all\n"
+ "AppArmor protection when executing %s ?") % exec_target, 'n')
+ if ynans == 'y':
ynans = aaui.UI_YesNo(_(
- "Launching processes in an unconfined state is a very\n"
- "dangerous operation and can cause serious security holes.\n"
+ "Should AppArmor sanitise the environment when\n"
+ "running this program unconfined?\n"
"\n"
- "Are you absolutely certain you wish to remove all\n"
- "AppArmor protection when executing %s ?") % exec_target, 'n')
+ "Not sanitising the environment when unconfining\n"
+ "a program opens up significant security holes\n"
+ "and should be avoided if at all possible."), 'y')
if ynans == 'y':
- ynans = aaui.UI_YesNo(_(
- "Should AppArmor sanitise the environment when\n"
- "running this program unconfined?\n"
- "\n"
- "Not sanitising the environment when unconfining\n"
- "a program opens up significant security holes\n"
- "and should be avoided if at all possible."), 'y')
- if ynans == 'y':
- # Disable the unsafe mode
- exec_mode = exec_mode.capitalize()
- else:
- ans = 'INVALID'
-
- if exec_mode and 'i' in exec_mode:
- # For inherit we need mr
- file_perm = 'mr'
- else:
- if ans == 'CMD_DENY':
- aa[profile][hat]['file'].add(FileRule(exec_target, None, 'x', FileRule.ALL, owner=False, log_event=True, deny=True))
- changed[profile] = True
- if target_profile and hashlog[aamode].get(target_profile):
- hashlog[aamode][target_profile]['final_name'] = ''
- # Skip remaining events if they ask to deny exec
- continue
-
- if ans != 'CMD_DENY':
- if to_name:
- rule_to_name = to_name
+ # Disable the unsafe mode
+ exec_mode = exec_mode.capitalize()
else:
- rule_to_name = FileRule.ALL
-
- aa[profile][hat]['file'].add(FileRule(exec_target, file_perm, exec_mode, rule_to_name, owner=False, log_event=True))
+ ans = 'INVALID'
+ if exec_mode and 'i' in exec_mode:
+ # For inherit we need mr
+ file_perm = 'mr'
+ else:
+ if ans == 'CMD_DENY':
+ aa[profile][hat]['file'].add(FileRule(exec_target, None, 'x', FileRule.ALL, owner=False, log_event=True, deny=True))
changed[profile] = True
+ if target_profile and hashlog[aamode].get(target_profile):
+ hashlog[aamode][target_profile]['final_name'] = ''
+ # Skip remaining events if they ask to deny exec
+ continue
- if 'i' in exec_mode:
- interpreter_path, abstraction = get_interpreter_and_abstraction(exec_target)
+ if ans != 'CMD_DENY':
+ if to_name:
+ rule_to_name = to_name
+ else:
+ rule_to_name = FileRule.ALL
- if interpreter_path:
- exec_target_rule = FileRule(exec_target, 'r', None, FileRule.ALL, owner=False)
- interpreter_rule = FileRule(interpreter_path, None, 'ix', FileRule.ALL, owner=False)
+ aa[profile][hat]['file'].add(FileRule(exec_target, file_perm, exec_mode, rule_to_name, owner=False, log_event=True))
+
+ changed[profile] = True
- if not is_known_rule(aa[profile][hat], 'file', exec_target_rule):
- aa[profile][hat]['file'].add(exec_target_rule)
- if not is_known_rule(aa[profile][hat], 'file', interpreter_rule):
- aa[profile][hat]['file'].add(interpreter_rule)
+ if 'i' in exec_mode:
+ interpreter_path, abstraction = get_interpreter_and_abstraction(exec_target)
- if abstraction:
- abstraction_rule = IncludeRule(abstraction, False, True)
+ if interpreter_path:
+ exec_target_rule = FileRule(exec_target, 'r', None, FileRule.ALL, owner=False)
+ interpreter_rule = FileRule(interpreter_path, None, 'ix', FileRule.ALL, owner=False)
- if not aa[profile][hat]['inc_ie'].is_covered(abstraction_rule):
- aa[profile][hat]['inc_ie'].add(abstraction_rule)
+ if not is_known_rule(aa[profile][hat], 'file', exec_target_rule):
+ aa[profile][hat]['file'].add(exec_target_rule)
+ if not is_known_rule(aa[profile][hat], 'file', interpreter_rule):
+ aa[profile][hat]['file'].add(interpreter_rule)
- handle_binfmt(aa[profile][hat], interpreter_path)
+ if abstraction:
+ abstraction_rule = IncludeRule(abstraction, False, True)
+
+ if not aa[profile][hat]['inc_ie'].is_covered(abstraction_rule):
+ aa[profile][hat]['inc_ie'].add(abstraction_rule)
# Update tracking info based on kind of change
@@ -1025,7 +959,7 @@ def ask_exec(hashlog):
if target_profile and hashlog[aamode].get(target_profile):
hashlog[aamode][target_profile]['final_name'] = profile
- elif re.search('^CMD_(px|nx|pix|nix)', ans):
+ elif ans.startswith('CMD_px') or ans.startswith('CMD_pix'):
if to_name:
exec_target = to_name
@@ -1034,9 +968,9 @@ def ask_exec(hashlog):
# Check profile exists for px
if exec_target.startswith(('/', '@', '{')):
- prof_filename = get_profile_filename_from_attachment(exec_target, True)
+ prof_filename = get_profile_filename_from_attachment(exec_target, True)
else: # named exec
- prof_filename = get_profile_filename_from_profile_name(exec_target, True)
+ prof_filename = get_profile_filename_from_profile_name(exec_target, True)
if not os.path.exists(prof_filename):
ynans = 'y'
@@ -1081,6 +1015,9 @@ def ask_exec(hashlog):
elif ans.startswith('CMD_ux'):
continue
+ else:
+ raise AppArmorBug('Unhandled ans %s, please open a bugreport!' % ans)
+
def order_globs(globs, original_path):
"""Returns the globs in sorted order, more specific behind"""
@@ -1125,7 +1062,7 @@ def ask_the_questions(log_dict):
# Ignore log events for a non-existing profile or child profile. Such events can occur
# after deleting a profile or hat manually, or when processing a foreign log.
# (Checking for 'file' is a simplified way to check if it's a ProfileStorage.)
- debug_logger.debug("Ignoring events for non-existing profile %s" % full_profile)
+ debug_logger.debug("Ignoring events for non-existing profile %s", full_profile)
continue
ans = ''
@@ -1198,7 +1135,8 @@ def ask_rule_questions(prof_events, profile_name, the_profile, r_types):
newincludes = match_includes(the_profile, ruletype, rule_obj)
q = aaui.PromptQuestion()
if newincludes:
- options.extend(map(lambda inc: 'include <%s>' % inc, sorted(set(newincludes))))
+ if use_abstractions:
+ options.extend(map(lambda inc: 'include <%s>' % inc, sorted(set(newincludes))))
if ruletype == 'file' and rule_obj.path:
options += propose_file_rules(the_profile, rule_obj)
@@ -1264,17 +1202,22 @@ def ask_rule_questions(prof_events, profile_name, the_profile, r_types):
if inc:
deleted = delete_all_duplicates(the_profile, inc, r_types)
- the_profile['inc_ie'].add(IncludeRule.parse(selection))
+ the_profile['inc_ie'].add(IncludeRule.create_instance(selection))
- aaui.UI_Info(_('Adding %s to profile.') % selection)
+ if aaui.UI_mode == 'allow_all':
+ aaui.UI_Info(_('Adding %s to profile %s.') % (selection, profile_name))
+ else:
+ aaui.UI_Info(_('Adding %s to profile.') % selection)
if deleted:
aaui.UI_Info(_('Deleted %s previous matching profile entries.') % deleted)
else:
- rule_obj = selection_to_rule_obj(rule_obj, selection)
+ rule_obj = rule_obj.create_instance(selection)
deleted = the_profile[ruletype].add(rule_obj, cleanup=True)
-
- aaui.UI_Info(_('Adding %s to profile.') % rule_obj.get_clean())
+ if aaui.UI_mode == 'allow_all':
+ aaui.UI_Info(_('Adding %s to profile %s.') % (rule_obj.get_clean(), profile_name))
+ else:
+ aaui.UI_Info(_('Adding %s to profile.') % rule_obj.get_clean())
if deleted:
aaui.UI_Info(_('Deleted %s previous matching profile entries.') % deleted)
@@ -1286,7 +1229,7 @@ def ask_rule_questions(prof_events, profile_name, the_profile, r_types):
done = True
changed = True
- rule_obj = selection_to_rule_obj(rule_obj, selection)
+ rule_obj = rule_obj.create_instance(selection)
rule_obj.deny = True
rule_obj.raw_rule = None # reset raw rule after manually modifying rule_obj
deleted = the_profile[ruletype].add(rule_obj, cleanup=True)
@@ -1296,19 +1239,19 @@ def ask_rule_questions(prof_events, profile_name, the_profile, r_types):
elif ans == 'CMD_GLOB':
if not re_match_include(selection):
- globbed_rule_obj = selection_to_rule_obj(rule_obj, selection)
+ globbed_rule_obj = rule_obj.create_instance(selection)
globbed_rule_obj.glob()
options, default_option = add_to_options(options, globbed_rule_obj.get_raw())
elif ans == 'CMD_GLOBEXT':
if not re_match_include(selection):
- globbed_rule_obj = selection_to_rule_obj(rule_obj, selection)
+ globbed_rule_obj = rule_obj.create_instance(selection)
globbed_rule_obj.glob_ext()
options, default_option = add_to_options(options, globbed_rule_obj.get_raw())
elif ans == 'CMD_NEW':
if not re_match_include(selection):
- edit_rule_obj = selection_to_rule_obj(rule_obj, selection)
+ edit_rule_obj = rule_obj.create_instance(selection)
prompt, oldpath = edit_rule_obj.edit_header()
newpath = aaui.UI_GetString(prompt, oldpath)
@@ -1341,11 +1284,6 @@ def ask_rule_questions(prof_events, profile_name, the_profile, r_types):
return changed, False
-def selection_to_rule_obj(rule_obj, selection):
- rule_type = type(rule_obj)
- return rule_type.parse(selection)
-
-
def set_options_audit_mode(rule_obj, options):
"""change audit state in options (proposed rules) to audit state in rule_obj.
#include options will be kept unchanged
@@ -1368,7 +1306,7 @@ def set_options_mode(rule_obj, options, what):
if re_match_include(rule):
new_options.append(rule)
else:
- parsed_rule = selection_to_rule_obj(rule_obj, rule)
+ parsed_rule = rule_obj.create_instance(rule)
if what == 'audit':
parsed_rule.audit = rule_obj.audit
elif what == 'owner':
@@ -1540,7 +1478,7 @@ def set_logfile(filename):
raise AppArmorException(_('%s is a directory. Please specify a file as logfile') % logfile)
-def do_logprof_pass(logmark=''):
+def do_logprof_pass(logmark='', out_dir=None):
# set up variables for this pass
global active_profiles
global sev_db
@@ -1564,10 +1502,10 @@ def do_logprof_pass(logmark=''):
ask_the_questions(log_dict)
- save_profiles()
+ save_profiles(out_dir=out_dir)
-def save_profiles(is_mergeprof=False):
+def save_profiles(is_mergeprof=False, out_dir=None):
# Ensure the changed profiles are actual active profiles
for prof_name in changed.keys():
if not aa.get(prof_name, False):
@@ -1601,7 +1539,7 @@ def save_profiles(is_mergeprof=False):
profile_name = options[arg]
if ans == 'CMD_SAVE_SELECTED':
- write_profile_ui_feedback(profile_name)
+ write_profile_ui_feedback(profile_name, out_dir=out_dir)
reload_base(profile_name)
q.selected = 0 # saving the selected profile removes it from the list, therefore reset selection
@@ -1627,7 +1565,7 @@ def save_profiles(is_mergeprof=False):
changed.pop(options[arg])
for profile_name in sorted(changed.keys()):
- write_profile_ui_feedback(profile_name)
+ write_profile_ui_feedback(profile_name, out_dir=out_dir)
reload_base(profile_name)
@@ -1657,89 +1595,26 @@ def collapse_log(hashlog, ignore_null_profiles=True):
if aa.get(profile) and aa[profile].get(hat):
hat_exists = True
- if True:
- if not log_dict[aamode].get(final_name):
- # with execs in ix mode, we already have ProfileStorage initialized and should keep the content it already has
- log_dict[aamode][final_name] = ProfileStorage(profile, hat, 'collapse_log()')
-
- for path in hashlog[aamode][full_profile]['path'].keys():
- for owner in hashlog[aamode][full_profile]['path'][path]:
- mode = set(hashlog[aamode][full_profile]['path'][path][owner].keys())
-
- # logparser sums up multiple log events, so both 'a' and 'w' can be present
- if 'a' in mode and 'w' in mode:
- mode.remove('a')
-
- file_event = FileRule(path, mode, None, FileRule.ALL, owner=owner, log_event=True)
-
- if not hat_exists or not is_known_rule(aa[profile][hat], 'file', file_event):
- log_dict[aamode][final_name]['file'].add(file_event)
- # TODO: check for existing rules with this path, and merge them into one rule
-
- for cap in hashlog[aamode][full_profile]['capability'].keys():
- cap_event = CapabilityRule(cap, log_event=True)
- if not hat_exists or not is_known_rule(aa[profile][hat], 'capability', cap_event):
- log_dict[aamode][final_name]['capability'].add(cap_event)
-
- for cp in hashlog[aamode][full_profile]['change_profile'].keys():
- cp_event = ChangeProfileRule(None, ChangeProfileRule.ALL, cp, log_event=True)
- if not hat_exists or not is_known_rule(aa[profile][hat], 'change_profile', cp_event):
- log_dict[aamode][final_name]['change_profile'].add(cp_event)
-
- dbus = hashlog[aamode][full_profile]['dbus']
- for access in dbus: # noqa: E271
- for bus in dbus[access]: # noqa: E271
- for path in dbus[access][bus]: # noqa: E271
- for name in dbus[access][bus][path]: # noqa: E271
- for interface in dbus[access][bus][path][name]: # noqa: E271
- for member in dbus[access][bus][path][name][interface]: # noqa: E271
- for peer_profile in dbus[access][bus][path][name][interface][member]:
- # Depending on the access type, not all parameters are allowed.
- # Ignore them, even if some of them appear in the log.
- # Also, the log doesn't provide a peer name, therefore always use ALL.
- if access in ('send', 'receive'):
- dbus_event = DbusRule(access, bus, path, DbusRule.ALL, interface, member, DbusRule.ALL, peer_profile, log_event=True)
- elif access == 'bind':
- dbus_event = DbusRule(access, bus, DbusRule.ALL, name, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, log_event=True)
- elif access == 'eavesdrop':
- dbus_event = DbusRule(access, bus, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, log_event=True)
- else:
- raise AppArmorBug('unexpected dbus access: {}'.format(access))
-
- if not hat_exists or not is_known_rule(aa[profile][hat], 'dbus', dbus_event):
- log_dict[aamode][final_name]['dbus'].add(dbus_event)
-
- nd = hashlog[aamode][full_profile]['network']
- for family in nd.keys():
- for sock_type in nd[family].keys():
- net_event = NetworkRule(family, sock_type, log_event=True)
- if not hat_exists or not is_known_rule(aa[profile][hat], 'network', net_event):
- log_dict[aamode][final_name]['network'].add(net_event)
-
- ptrace = hashlog[aamode][full_profile]['ptrace']
- for peer in ptrace.keys():
- if '//null-' in peer:
- continue # ignore null-* peers
-
- for access in ptrace[peer].keys():
- ptrace_event = PtraceRule(access, peer, log_event=True)
- if not hat_exists or not is_known_rule(aa[profile][hat], 'ptrace', ptrace_event):
- log_dict[aamode][final_name]['ptrace'].add(ptrace_event)
-
- sig = hashlog[aamode][full_profile]['signal']
- for peer in sig.keys():
- if '//null-' in peer:
- continue # ignore null-* peers
-
- for access in sig[peer].keys():
- for signal in sig[peer][access].keys():
- signal_event = SignalRule(access, signal, peer, log_event=True)
- if not hat_exists or not is_known_rule(aa[profile][hat], 'signal', signal_event):
- log_dict[aamode][final_name]['signal'].add(signal_event)
+ if not log_dict[aamode].get(final_name):
+ # with execs in ix mode, we already have ProfileStorage initialized and should keep the content it already has
+ log_dict[aamode][final_name] = ProfileStorage(profile, hat, 'collapse_log()')
+
+ for ev_type, ev_class in ReadLog.ruletypes.items():
+ for rule in ev_class.from_hashlog(hashlog[aamode][full_profile][ev_type]):
+ if not hat_exists or not is_known_rule(aa[profile][hat], ev_type, rule):
+ log_dict[aamode][final_name][ev_type].add(rule)
return log_dict
+def update_profiles(ui_msg=False, skip_profiles=()):
+ reset_aa()
+ try:
+ read_profiles(ui_msg, skip_profiles)
+ except AppArmorException as e:
+ print(_("Error while loading profiles: {}").format(e))
+
+
def read_profiles(ui_msg=False, skip_profiles=()):
# we'll read all profiles from disk, so reset the storage first (autodep() might have created/stored
# a profile already, which would cause a 'Conflicting profile' error in attach_profile_data())
@@ -1755,7 +1630,7 @@ def read_profiles(ui_msg=False, skip_profiles=()):
try:
os.listdir(profile_dir)
- except:
+ except (OSError, TypeError):
fatal_error(_("Can't read AppArmor profiles in %s") % profile_dir)
for file in os.listdir(profile_dir):
@@ -1763,6 +1638,9 @@ def read_profiles(ui_msg=False, skip_profiles=()):
if os.path.isfile(full_file):
if is_skippable_file(file):
continue
+ elif os.path.exists(f'{profile_dir}/disable/{file}'):
+ aaui.UI_Info("skipping disabled profile %s" % file)
+ continue
elif file in skip_profiles:
aaui.UI_Info("skipping profile %s" % full_file)
continue
@@ -1784,7 +1662,7 @@ def read_inactive_profiles(skip_profiles=()):
return
try:
os.listdir(profile_dir)
- except:
+ except (OSError, TypeError):
fatal_error(_("Can't read AppArmor profiles in %s") % extra_profile_dir)
for file in os.listdir(extra_profile_dir):
@@ -1799,15 +1677,18 @@ def read_inactive_profiles(skip_profiles=()):
read_profile(full_file, False)
-def read_profile(file, active_profile):
+def read_profile(file, active_profile, read_error_fatal=False):
data = None
try:
with open_file_read(file) as f_in:
data = f_in.readlines()
except IOError as e:
aaui.UI_Important('WARNING: Error reading file %s, skipping.\n %s' % (file, e))
- debug_logger.debug("read_profile: can't read %s - skipping" % file)
- return
+ debug_logger.debug("read_profile: can't read %s - skipping", file)
+ if read_error_fatal:
+ raise (e)
+ else:
+ return
profile_data = parse_profile_data(data, file, 0, True)
@@ -1871,7 +1752,7 @@ def parse_profile_data(data, file, do_include, in_preamble):
if do_include:
profile = file
hat = None
- profname = combine_profname([profile, hat])
+ profname = combine_profname((profile, hat))
profile_data[profname] = ProfileStorage(profile, hat, 'parse_profile_data() do_include')
profile_data[profname]['filename'] = file
@@ -1896,7 +1777,7 @@ def parse_profile_data(data, file, do_include, in_preamble):
for incname in rule_obj.get_full_paths(profile_dir):
if incname == file:
# warn about endless loop, and don't call load_include() (again) for this file
- aaui.UI_Important(_('WARNING: endless loop detected: file %s includes itsself' % incname))
+ aaui.UI_Important(_('WARNING: endless loop detected: file %s includes itself' % incname))
else:
load_include(incname, in_preamble)
@@ -1915,7 +1796,7 @@ def parse_profile_data(data, file, do_include, in_preamble):
if profile == hat:
hat = None
- profname = combine_profname([profile, hat])
+ profname = combine_profname((profile, hat))
if profile_data.get(profname, False):
raise AppArmorException(
@@ -1940,7 +1821,7 @@ def parse_profile_data(data, file, do_include, in_preamble):
if in_contained_hat:
hat = None
in_contained_hat = False
- profname = combine_profname([profile, hat])
+ profname = combine_profname((profile, hat))
else:
parsed_profiles.append(profile)
profile = None
@@ -1961,75 +1842,6 @@ def parse_profile_data(data, file, do_include, in_preamble):
# Conditional Boolean defined
pass
- elif RE_PROFILE_MOUNT.search(line):
- matches = RE_PROFILE_MOUNT.search(line).groups()
-
- if not profile:
- raise AppArmorException(_('Syntax Error: Unexpected mount entry found in file: %(file)s line: %(line)s')
- % {'file': file, 'line': lineno + 1})
-
- audit = False
- if matches[0]:
- audit = True
- allow = 'allow'
- if matches[1] and matches[1].strip() == 'deny':
- allow = 'deny'
- mount = matches[2]
-
- mount_rule = parse_mount_rule(mount)
- mount_rule.audit = audit
- mount_rule.deny = (allow == 'deny')
-
- mount_rules = profile_data[profname][allow].get('mount', [])
- mount_rules.append(mount_rule)
- profile_data[profname][allow]['mount'] = mount_rules
-
- elif RE_PROFILE_PIVOT_ROOT.search(line):
- matches = RE_PROFILE_PIVOT_ROOT.search(line).groups()
-
- if not profile:
- raise AppArmorException(_('Syntax Error: Unexpected pivot_root entry found in file: %(file)s line: %(line)s')
- % {'file': file, 'line': lineno + 1})
-
- audit = False
- if matches[0]:
- audit = True
- allow = 'allow'
- if matches[1] and matches[1].strip() == 'deny':
- allow = 'deny'
- pivot_root = matches[2].strip()
-
- pivot_root_rule = parse_pivot_root_rule(pivot_root)
- pivot_root_rule.audit = audit
- pivot_root_rule.deny = (allow == 'deny')
-
- pivot_root_rules = profile_data[profname][allow].get('pivot_root', [])
- pivot_root_rules.append(pivot_root_rule)
- profile_data[profname][allow]['pivot_root'] = pivot_root_rules
-
- elif RE_PROFILE_UNIX.search(line):
- matches = RE_PROFILE_UNIX.search(line).groups()
-
- if not profile:
- raise AppArmorException(_('Syntax Error: Unexpected unix entry found in file: %(file)s line: %(line)s')
- % {'file': file, 'line': lineno + 1})
-
- audit = False
- if matches[0]:
- audit = True
- allow = 'allow'
- if matches[1] and matches[1].strip() == 'deny':
- allow = 'deny'
- unix = matches[2].strip()
-
- unix_rule = parse_unix_rule(unix)
- unix_rule.audit = audit
- unix_rule.deny = (allow == 'deny')
-
- unix_rules = profile_data[profname][allow].get('unix', [])
- unix_rules.append(unix_rule)
- profile_data[profname][allow]['unix'] = unix_rules
-
elif RE_PROFILE_CHANGE_HAT.search(line):
matches = RE_PROFILE_CHANGE_HAT.search(line).groups()
@@ -2081,7 +1893,7 @@ def parse_profile_data(data, file, do_include, in_preamble):
for parsed_prof in sorted(parsed_profiles):
if re.search(hatglob, parsed_prof):
for hat in cfg['required_hats'][hatglob].split():
- profname = combine_profname([parsed_prof, hat])
+ profname = combine_profname((parsed_prof, hat))
if not profile_data.get(profname, False):
profile_data[profname] = ProfileStorage(parsed_prof, hat, 'parse_profile_data() required_hats')
profile_data[profname]['is_hat'] = True
@@ -2100,6 +1912,7 @@ def match_line_against_rule_classes(line, profile, file, lineno, in_preamble):
for rule_name in (
'abi',
+ 'all',
'alias',
'boolean',
'variable',
@@ -2112,6 +1925,12 @@ def match_line_against_rule_classes(line, profile, file, lineno, in_preamble):
'ptrace',
'rlimit',
'signal',
+ 'userns',
+ 'mqueue',
+ 'io_uring',
+ 'mount',
+ 'pivot_root',
+ 'unix',
):
if rule_name in ruletypes:
@@ -2130,7 +1949,7 @@ def match_line_against_rule_classes(line, profile, file, lineno, in_preamble):
_('Syntax Error: Unexpected %(rule)s entry found in file: %(file)s line: %(line)s')
% {'file': file, 'line': lineno + 1, 'rule': rule_name})
- rule_obj = rule_class.parse(line)
+ rule_obj = rule_class.create_instance(line)
return (rule_name, rule_obj)
return (None, None)
@@ -2156,28 +1975,13 @@ def split_to_merged(profile_data):
if profile == hat:
merged_name = profile
else:
- merged_name = combine_profname([profile, hat])
+ merged_name = combine_profname((profile, hat))
merged[merged_name] = profile_data[profile][hat]
return merged
-def parse_mount_rule(line):
- # XXX Do real parsing here
- return aarules.Raw_Mount_Rule(line)
-
-
-def parse_pivot_root_rule(line):
- # XXX Do real parsing here
- return aarules.Raw_Pivot_Root_Rule(line)
-
-
-def parse_unix_rule(line):
- # XXX Do real parsing here
- return aarules.Raw_Unix_Rule(line)
-
-
def write_piece(profile_data, depth, name, nhat):
pre = ' ' * depth
data = []
@@ -2229,7 +2033,7 @@ def serialize_profile(profile_data, name, options):
string = ''
data = []
- if type(options) is not dict:
+ if not isinstance(options, dict):
raise AppArmorBug('serialize_profile(): options is not a dict: %s' % options)
include_metadata = options.get('METADATA', False)
@@ -2270,12 +2074,12 @@ def serialize_profile(profile_data, name, options):
return string + '\n'
-def write_profile_ui_feedback(profile, is_attachment=False):
+def write_profile_ui_feedback(profile, is_attachment=False, out_dir=None):
aaui.UI_Info(_('Writing updated profile for %s.') % profile)
- write_profile(profile, is_attachment)
+ write_profile(profile, is_attachment, out_dir=out_dir)
-def write_profile(profile, is_attachment=False):
+def write_profile(profile, is_attachment=False, out_dir=None):
if aa[profile][profile].get('filename', False):
prof_filename = aa[profile][profile]['filename']
elif is_attachment:
@@ -2285,8 +2089,9 @@ def write_profile(profile, is_attachment=False):
serialize_options = {'METADATA': True, 'is_attachment': is_attachment}
profile_string = serialize_profile(split_to_merged(aa), profile, serialize_options)
+
try:
- with NamedTemporaryFile('w', suffix='~', delete=False, dir=profile_dir) as newprof:
+ with NamedTemporaryFile('w', suffix='~', delete=False, dir=out_dir or profile_dir) as newprof:
if os.path.exists(prof_filename):
shutil.copymode(prof_filename, newprof.name)
else:
@@ -2297,12 +2102,16 @@ def write_profile(profile, is_attachment=False):
except PermissionError as e:
raise AppArmorException(e)
- os.rename(newprof.name, prof_filename)
+ if out_dir is None:
+ os.rename(newprof.name, prof_filename)
+ else:
+ out_filename = out_dir + "/" + prof_filename.split('/')[-1]
+ os.rename(newprof.name, out_filename)
if profile in changed:
changed.pop(profile)
else:
- debug_logger.info("Unchanged profile written: %s (not listed in 'changed' list)" % profile)
+ debug_logger.info("Unchanged profile written: %s (not listed in 'changed' list)", profile)
original_aa[profile] = deepcopy(aa[profile])
@@ -2565,7 +2374,7 @@ def logger_path():
return logger
-######Initialisations######
+# ------ Initialisations ------ #
def init_aa(confdir=None, profiledir=None):
global CONFDIR
diff --git a/utils/apparmor/aare.py b/utils/apparmor/aare.py
index 573c46637434ef3f9991e105ae926bee2d70e5f9..c38423baf623afd212f09bee0b8b27cc7d32f249 100644
--- a/utils/apparmor/aare.py
+++ b/utils/apparmor/aare.py
@@ -21,7 +21,7 @@ class AARE:
"""AARE (AppArmor Regular Expression) wrapper class"""
def __init__(self, regex, is_path, log_event=None):
- """create an AARE instance for the given AppArmor regex
+ """Initialize instance for the given AppArmor regex.
If is_path is true, the regex is expected to be a path and therefore must start with / or a variable."""
# using the specified variables when matching.
@@ -44,24 +44,33 @@ class AARE:
# self.variables = variables # XXX
def __repr__(self):
- """returns a "printable" representation of AARE"""
- return "AARE('%s')" % self.regex
+ """returns a "printable" representation of object"""
+ return type(self).__name__ + "('%s')" % self.regex
+
+ def __eq__(self, other):
+ """check if the given object is equal
+ Note that the == check is more strict than is_equal() - it doesn't accept if other is a string instead of AARE"""
+
+ if isinstance(other, type(self)):
+ return self.regex == other.regex
+
+ return False
def __deepcopy__(self, memo):
# thanks to http://bugs.python.org/issue10076, we need to implement this ourself
if self.orig_regex:
- return AARE(self.orig_regex, is_path=False, log_event=True)
+ return type(self)(self.orig_regex, is_path=False, log_event=True)
else:
- return AARE(self.regex, is_path=False)
+ return type(self)(self.regex, is_path=False)
# check if a regex is a plain path (not containing variables, alternations or wildcards)
# some special characters are probably not covered by the plain_path regex (if in doubt, better error out on the safe side)
plain_path = re.compile('^[0-9a-zA-Z/._-]+$')
def match(self, expression):
- """check if the given expression (string or AARE) matches the regex"""
+ """check if the given expression (string or instance of this class) matches the regex"""
- if type(expression) == AARE:
+ if isinstance(expression, type(self)):
if expression.orig_regex:
expression = expression.orig_regex
elif self.plain_path.match(expression.regex):
@@ -69,8 +78,8 @@ class AARE:
expression = expression.regex
else:
return self.is_equal(expression) # better safe than sorry
- elif type(expression) is not str:
- raise AppArmorBug('AARE.match() called with unknown object: %s' % str(expression))
+ elif not isinstance(expression, str):
+ raise AppArmorBug('match() called with unknown object: %s' % str(expression))
if self._regex_compiled is None:
self._regex_compiled = re.compile(convert_regexp(self.regex))
@@ -80,12 +89,12 @@ class AARE:
def is_equal(self, expression):
"""check if the given expression is equal"""
- if type(expression) == AARE:
+ if isinstance(expression, type(self)):
return self.regex == expression.regex
- elif type(expression) is str:
+ elif isinstance(expression, str):
return self.regex == expression
else:
- raise AppArmorBug('AARE.is_equal() called with unknown object: %s' % str(expression))
+ raise AppArmorBug('is_equal() called with unknown object: %s' % str(expression))
def glob_path(self):
"""Glob the given file or directory path"""
@@ -113,7 +122,7 @@ class AARE:
newpath = re.sub(r'/[^/]+\*\*$', '/**', self.regex)
else:
newpath = re.sub('/[^/]+$', '/*', self.regex)
- return AARE(newpath, False)
+ return type(self)(newpath, False)
def glob_path_withext(self):
"""Glob given file path with extension
diff --git a/utils/apparmor/common.py b/utils/apparmor/common.py
index 21612bf06997f64b64920dbede4a633eb2434da4..da426acd88e5ae8b77487a7cd3eb629c9767e8d3 100644
--- a/utils/apparmor/common.py
+++ b/utils/apparmor/common.py
@@ -20,8 +20,6 @@ import termios
import tty
from tempfile import NamedTemporaryFile
-import apparmor.rules as rules
-
DEBUGGING = False
@@ -106,8 +104,6 @@ def recursive_print(src, dpth=0, key=''):
for litem in src:
recursive_print(litem, dpth + 1)
print(tabs + "]")
- elif isinstance(src, rules._Raw_Rule):
- src.recursive_print(dpth)
else:
if key:
print(tabs + '%s = %s' % (key, src))
@@ -144,9 +140,8 @@ def cmd_pipe(command1, command2):
def valid_path(path):
"""Valid path"""
- # No relative paths
m = "Invalid path: %s" % (path)
- if not path.startswith('/'):
+ if not path.startswith('/'): # No relative paths
debug("%s (relative)" % (m))
return False
@@ -154,11 +149,6 @@ def valid_path(path):
debug("%s (contains quote)" % (m))
return False
- try:
- os.path.normpath(path)
- except Exception:
- debug("%s (could not normalize)" % (m))
- return False
return True
@@ -167,12 +157,7 @@ def get_directory_contents(path):
if not valid_path(path):
return None
- files = []
- for f in glob.glob(path + "/*"):
- files.append(f)
-
- files.sort()
- return files
+ return sorted(glob.glob(path + "/*"))
def is_skippable_file(path):
@@ -288,12 +273,12 @@ def split_name(full_profile):
def combine_profname(name_parts):
"""combine name_parts (main profile, child) into a joint main//child profile name"""
- if type(name_parts) is not list:
- raise AppArmorBug('combine_name() called with parameter of type %s, must be a list' % type(name_parts))
+ if not isinstance(name_parts, (list, tuple)):
+ raise AppArmorBug('combine_profname() called with parameter of type %s, must be a list or tuple' % type(name_parts))
# if last item is None, drop it (can happen when called with [profile, hat] when hat is None)
- if name_parts[len(name_parts)-1] is None:
- name_parts.pop(-1)
+ if name_parts[-1] is None:
+ name_parts = name_parts[:-1]
return '//'.join(name_parts)
@@ -314,7 +299,7 @@ class DebugLogger:
self.debugging = os.getenv('LOGPROF_DEBUG')
try:
self.debugging = int(self.debugging)
- except Exception:
+ except (TypeError, ValueError):
self.debugging = False
if self.debugging not in range(0, 4):
sys.stdout.write('Environment Variable: LOGPROF_DEBUG contains invalid value: %s'
@@ -351,17 +336,17 @@ class DebugLogger:
)
self.logger = logging.getLogger(__name__)
- def error(self, message):
+ def error(self, message, *args):
if self.debugging:
- self.logger.error(message)
+ self.logger.error(message, *args)
- def info(self, message):
+ def info(self, message, *args):
if self.debugging:
- self.logger.info(message)
+ self.logger.info(message, *args)
- def debug(self, message):
+ def debug(self, message, *args):
if self.debugging:
- self.logger.debug(message)
+ self.logger.debug(message, *args)
def shutdown(self):
logging.shutdown()
diff --git a/utils/apparmor/config.py b/utils/apparmor/config.py
index 7226819f05043cd7f8584d7a188e57313f5e2092..04dd38b0bf567338f02943fc55ca985465efc364 100644
--- a/utils/apparmor/config.py
+++ b/utils/apparmor/config.py
@@ -19,6 +19,11 @@ from configparser import ConfigParser
from tempfile import NamedTemporaryFile
from apparmor.common import AppArmorException, open_file_read # , warn, msg,
+import apparmor.ui as aaui
+
+from apparmor.translations import init_translation
+
+_ = init_translation()
# CFG = None
@@ -103,7 +108,11 @@ class Config:
config = {'': dict()}
with open_file_read(filepath) as conf_file:
for line in conf_file:
- result = shlex.split(line, True)
+ try:
+ result = shlex.split(line, True)
+ except ValueError as e:
+ aaui.UI_Important(_('Warning! invalid line \'{line}\' in config file: {err}').format(line=line[:-1], err=e))
+ continue
# If not a comment of empty line
if result:
# option="value" or option=value type
diff --git a/utils/apparmor/easyprof.py b/utils/apparmor/easyprof.py
index 74b04316e57b12ccc2f956139b375fe2dc91c5b9..1f87bfa58a119b35b441258bae61f01f8fab7e9d 100644
--- a/utils/apparmor/easyprof.py
+++ b/utils/apparmor/easyprof.py
@@ -105,7 +105,7 @@ def valid_variable(v):
debug("Checking '%s'" % v)
try:
(key, value) = v.split('=')
- except Exception:
+ except ValueError:
return False
if not re.search(r'^@\{[a-zA-Z0-9_]+\}$', key):
@@ -169,12 +169,10 @@ def valid_policy_vendor(s):
def valid_policy_version(v):
"""Verify the policy version"""
try:
- float(v)
+ f = float(v)
except ValueError:
return False
- if float(v) < 0:
- return False
- return True
+ return f >= 0
def valid_template_name(s, strict=False):
@@ -318,7 +316,7 @@ class AppArmorEasyProfile:
self.policy_version)
if not os.path.isdir(d):
raise AppArmorException(
- "Could not find %s directory '%s'" % (i, d))
+ "Could not find %s directory '%s'" % (i, d))
self.dirs[i] = d
if 'templates' not in self.dirs:
@@ -745,7 +743,7 @@ def print_basefilenames(files):
def print_files(files):
for i in files:
with open(i) as f:
- sys.stdout.write(f.read()+"\n")
+ sys.stdout.write(f.read() + "\n")
def check_manifest_conflict_args(option, opt_str, value, parser):
diff --git a/utils/apparmor/fail.py b/utils/apparmor/fail.py
index ece6efc43409fcfbfd8470985fb46c70f385796d..a71ceb66a2326789561c33f1ef0abcd7bc58e966 100644
--- a/utils/apparmor/fail.py
+++ b/utils/apparmor/fail.py
@@ -8,7 +8,11 @@
#
# ------------------------------------------------------------------
-import cgitb
+try:
+ import cgitb
+except ImportError:
+ cgitb = None
+ pass
import sys
import traceback
from tempfile import NamedTemporaryFile
@@ -32,20 +36,21 @@ def handle_exception(*exc_info):
print('', file=sys.stderr)
error(ex.value)
else:
- with NamedTemporaryFile('w', prefix='apparmor-bugreport-', suffix='.txt', delete=False) as file:
- cgitb_hook = cgitb.Hook(display=1, file=file, format='text', context=10)
- cgitb_hook.handle(exc_info)
-
- file.write('Please consider reporting a bug at https://gitlab.com/apparmor/apparmor/-/issues\n')
- file.write('and attach this file.\n')
+ if cgitb:
+ with NamedTemporaryFile('w', prefix='apparmor-bugreport-', suffix='.txt', delete=False) as file:
+ cgitb_hook = cgitb.Hook(display=1, file=file, format='text', context=10)
+ cgitb_hook.handle(exc_info)
+ file.write('Please consider reporting a bug at https://gitlab.com/apparmor/apparmor/-/issues\n')
+ file.write('and attach this file.\n')
print(''.join(traceback.format_exception(*exc_info)), file=sys.stderr)
- print('', file=sys.stderr)
print('An unexpected error occurred!', file=sys.stderr)
print('', file=sys.stderr)
- print('For details, see %s' % file.name, file=sys.stderr)
+ if cgitb:
+ print('For details, see %s' % file.name, file=sys.stderr)
print('Please consider reporting a bug at https://gitlab.com/apparmor/apparmor/-/issues', file=sys.stderr)
- print('and attach this file.', file=sys.stderr)
+ if cgitb:
+ print('and attach this file.', file=sys.stderr)
def enable_aa_exception_handler():
diff --git a/utils/apparmor/gui.py b/utils/apparmor/gui.py
new file mode 100644
index 0000000000000000000000000000000000000000..f7df3290ecfc083f0cec2610eeccaf2931e01bd8
--- /dev/null
+++ b/utils/apparmor/gui.py
@@ -0,0 +1,184 @@
+import os
+import tkinter as tk
+import tkinter.ttk as ttk
+import subprocess
+
+try: # We use tk without themes as a fallback which makes the GUI uglier but functional.
+ import ttkthemes
+except ImportError:
+ ttkthemes = None
+
+
+import apparmor.aa as aa
+
+from apparmor.translations import init_translation
+
+_ = init_translation()
+
+notification_custom_msg = {
+ 'userns': _('Application {0} wants to create an user namespace which could be used to compromise your system\nDo you want to allow it next time {0} is run?')
+}
+
+global interface_theme
+
+
+class GUI:
+ def __init__(self):
+ try:
+ self.master = tk.Tk()
+ except tk.TclError:
+ print(_('ERROR: Cannot initialize Tkinter. Please check that your terminal can use a graphical interface'))
+ os._exit(1)
+
+ self.result = None
+ if ttkthemes:
+ style = ttkthemes.ThemedStyle(self.master)
+ style.theme_use(interface_theme)
+ self.bg_color = style.lookup('TLabel', 'background')
+ self.fg_color = style.lookup('TLabel', 'foreground')
+ self.master.configure(background=self.bg_color)
+ self.label_frame = ttk.Frame(self.master, padding=(20, 10))
+ self.label_frame.pack()
+
+ self.button_frame = ttk.Frame(self.master, padding=(0, 10))
+ self.button_frame.pack()
+
+ def show(self):
+ self.master.mainloop()
+ return self.result
+
+ def set_result(self, result):
+ self.result = result
+ self.master.destroy()
+
+
+class ShowMoreGUI(GUI):
+ def __init__(self, profile_path, msg, rule, profile_name, profile_found=True):
+ self.rule = rule
+ self.profile_name = profile_name
+ self.profile_path = profile_path
+ self.msg = msg
+ self.profile_found = profile_found
+
+ super().__init__()
+
+ self.master.title(_('AppArmor - More info'))
+
+ self.label = tk.Label(self.label_frame, text=self.msg, anchor='w', justify=tk.LEFT, wraplength=460)
+ if ttkthemes:
+ self.label.configure(background=self.bg_color, foreground=self.fg_color)
+ self.label.pack(pady=(0, 10) if not self.profile_found else (0, 0))
+
+ if self.profile_found:
+ self.show_profile_button = ttk.Button(self.button_frame, text=_('Show Current Profile'), command=lambda: open_with_default_editor(self.profile_path))
+ self.show_profile_button.pack(side=tk.LEFT, fill=tk.BOTH, expand=True, padx=5, pady=5)
+
+ self.add_to_profile_button = ttk.Button(self.button_frame, text=_('Allow'), command=lambda: self.set_result('add_rule'))
+ self.add_to_profile_button.pack(side=tk.LEFT, fill=tk.BOTH, expand=True, padx=5, pady=5)
+ elif rule == 'userns create,':
+ self.add_policy_button = ttk.Button(self.master, text=_('Allow'), command=lambda: self.set_result('allow'))
+ self.add_policy_button.pack(side=tk.LEFT, fill=tk.BOTH, expand=True, padx=5, pady=5)
+
+ self.never_ask_button = ttk.Button(self.master, text=_('Deny'), command=lambda: self.set_result('deny'))
+ self.never_ask_button.pack(side=tk.LEFT, fill=tk.BOTH, expand=True, padx=5, pady=5)
+
+ self.do_nothing_button = ttk.Button(self.master, text=_('Do nothing'), command=self.master.destroy)
+ self.do_nothing_button.pack(side=tk.LEFT, fill=tk.BOTH, expand=True, padx=5, pady=5)
+
+
+class UsernsGUI(GUI):
+ def __init__(self, name, path):
+ self.name = name
+ self.path = path
+
+ super().__init__()
+
+ self.master.title(_('AppArmor - User namespace creation restricted'))
+
+ label_text = notification_custom_msg['userns'].format(name)
+ self.label = ttk.Label(self.label_frame, text=label_text, wraplength=460)
+ self.label.pack()
+ link = ttk.Label(self.master, text=_('More information'), foreground='blue', cursor='hand2')
+ link.pack()
+ link.bind('<Button-1>', self.more_info)
+
+ self.add_policy_button = ttk.Button(self.master, text=_('Allow'), command=lambda: self.set_result('allow'))
+ self.add_policy_button.pack(side=tk.LEFT, fill=tk.BOTH, expand=True, padx=5, pady=5)
+
+ self.never_ask_button = ttk.Button(self.master, text=_('Deny'), command=lambda: self.set_result('deny'))
+ self.never_ask_button.pack(side=tk.LEFT, fill=tk.BOTH, expand=True, padx=5, pady=5)
+
+ self.do_nothing_button = ttk.Button(self.master, text=_('Do nothing'), command=self.master.destroy)
+ self.do_nothing_button.pack(side=tk.LEFT, fill=tk.BOTH, expand=True, padx=5, pady=5)
+
+ def more_info(self, ev):
+ more_info_text = _("""
+In Linux, user namespaces enable non-root users to perform certain privileged operations. This feature can be useful for several legitimate use cases.
+
+However, this feature also introduces security risks, (e.g. privilege escalation exploits).
+
+This dialog allows you to choose whether you want to enable user namespaces for this application.
+
+The application path is {}""".format(self.path))
+ # Rule=None so we don't show redundant buttons in ShowMoreGUI.
+ more_gui = ShowMoreGUI(self.path, more_info_text, None, self.name, profile_found=False)
+ more_gui.show()
+
+ @staticmethod
+ def show_error_cannot_reload_profile(profile_path, error):
+ ErrorGUI(_('Failed to create or load profile {}\n Error code = {}').format(profile_path, error), False).show()
+
+ @staticmethod
+ def show_error_cannot_find_execpath(name, template_path):
+ ErrorGUI(
+ _(
+ 'Application {0} wants to create an user namespace which could be used to compromise your system\n\n'
+ 'However, apparmor cannot find {0}. If you want to allow it, please create a profile for it.\n\n'
+ 'A profile template is in {1}\n Profiles are in {2}'
+ ).format(name, template_path, aa.profile_dir),
+ False
+ ).show()
+
+
+class ErrorGUI(GUI):
+ def __init__(self, msg, is_fatal):
+ self.msg = msg
+ self.is_fatal = is_fatal
+
+ super().__init__()
+
+ self.master.title('AppArmor Error')
+
+ self.label = ttk.Label(self.label_frame, text=self.msg, wraplength=460)
+ if ttkthemes:
+ self.label.configure(background=self.bg_color)
+ self.label.pack()
+
+ self.button = ttk.Button(self.button_frame, text='OK', command=self.destroy)
+ self.button.pack()
+
+ def destroy(self):
+ self.master.destroy()
+
+ if self.is_fatal:
+ os._exit(1)
+
+ def show(self):
+ self.master.mainloop()
+ if self.is_fatal:
+ os._exit(1)
+
+
+def set_interface_theme(theme):
+ global interface_theme
+ interface_theme = theme
+
+
+def open_with_default_editor(profile_path):
+ try:
+ default_app = subprocess.run(['xdg-mime', 'query', 'default', 'text/plain'], capture_output=True, text=True, check=True).stdout.strip()
+ subprocess.run(['gtk-launch', default_app, profile_path], check=True)
+ except subprocess.CalledProcessError:
+ ErrorGUI(_('Failed to launch default editor'), False).show()
+ except FileNotFoundError as e:
+ ErrorGUI(_('Failed to open file: {}').format(e), False).show()
diff --git a/utils/apparmor/logparser.py b/utils/apparmor/logparser.py
index d1d21023f9a061971b5fe06e10d7fdad1d5a5aa1..082314f0456610e0399e83289d629151ca05453a 100644
--- a/utils/apparmor/logparser.py
+++ b/utils/apparmor/logparser.py
@@ -18,7 +18,21 @@ import sys
import time
import LibAppArmor
+import apparmor.ui as aaui
from apparmor.common import AppArmorBug, AppArmorException, DebugLogger, hasher, open_file_read, split_name
+from apparmor.rule.capability import CapabilityRule
+from apparmor.rule.change_profile import ChangeProfileRule
+from apparmor.rule.dbus import DbusRule
+from apparmor.rule.file import FileRule
+from apparmor.rule.io_uring import IOUringRule
+from apparmor.rule.mount import MountRule
+from apparmor.rule.mqueue import MessageQueueRule
+from apparmor.rule.network import NetworkRule
+from apparmor.rule.pivot_root import PivotRootRule
+from apparmor.rule.ptrace import PtraceRule
+from apparmor.rule.signal import SignalRule
+from apparmor.rule.unix import UnixRule
+from apparmor.rule.userns import UserNamespaceRule
from apparmor.translations import init_translation
_ = init_translation()
@@ -29,12 +43,28 @@ class ReadLog:
# used to pre-filter log lines so that we hand over only relevant lines to LibAppArmor parsing
RE_LOG_ALL = re.compile('apparmor=|operation=|type=AVC')
+ ruletypes = {
+ 'capability': CapabilityRule,
+ 'change_profile': ChangeProfileRule,
+ 'dbus': DbusRule,
+ 'file': FileRule,
+ 'ptrace': PtraceRule,
+ 'signal': SignalRule,
+ 'userns': UserNamespaceRule,
+ 'mqueue': MessageQueueRule,
+ 'io_uring': IOUringRule,
+ 'mount': MountRule,
+ 'unix': UnixRule,
+ 'network': NetworkRule,
+ 'pivot_root': PivotRootRule,
+ }
+
def __init__(self, filename, active_profiles, profile_dir):
self.filename = filename
self.profile_dir = profile_dir
self.active_profiles = active_profiles
self.hashlog = {'PERMITTING': {}, 'REJECTING': {}} # structure inside {}: {'profilename': init_hashlog(aamode, profilename), 'profilename2': init_hashlog(...), ...}
- self.debug_logger = DebugLogger('ReadLog')
+ self.debug_logger = DebugLogger(type(self).__name__)
self.LOG = None
self.logmark = ''
self.seenmark = None
@@ -53,10 +83,16 @@ class ReadLog:
'change_profile': {}, # flat, no hasher needed (at least in logparser which doesn't support EXEC MODE and EXEC COND)
'dbus': hasher(),
'exec': hasher(),
+ 'file': hasher(),
'network': hasher(),
- 'path': hasher(),
+ 'pivot_root': hasher(),
'ptrace': hasher(),
'signal': hasher(),
+ 'userns': hasher(),
+ 'mqueue': hasher(),
+ 'io_uring': hasher(),
+ 'mount': hasher(),
+ 'unix': hasher(),
}
def prefetch_next_log_entry(self):
@@ -76,11 +112,66 @@ class ReadLog:
self.next_log_entry = None
return log_entry
- def parse_event(self, msg):
- """Parse the event from log into key value pairs"""
- msg = msg.strip()
- self.debug_logger.info('parse_event: %s' % msg)
- event = LibAppArmor.parse_record(msg)
+ def get_event_type(self, e):
+
+ if e['operation'] == 'exec':
+ return 'file'
+ elif e['class'] and e['class'] == 'namespace':
+ if e['denied_mask'] and e['denied_mask'].startswith('userns_'):
+ return 'userns'
+ elif not e['denied_mask'] and e['request_mask'].startswith('userns_'): # To support transition to special userns profiles
+ return 'userns'
+ elif e['class'] and e['class'].endswith('mqueue'):
+ return 'mqueue'
+ elif e['class'] and e['class'] == 'io_uring':
+ return 'io_uring'
+ elif e['class'] and e['class'] == 'mount' or e['operation'] == 'mount':
+ return 'mount'
+ elif e['operation'] and e['operation'] == 'pivotroot':
+ return 'pivot_root'
+ elif e['class'] and e['class'] == 'net' and e['family'] and e['family'] == 'unix':
+ return 'unix'
+ elif e['class'] == 'file' or self.op_type(e) == 'file':
+ return 'file'
+ elif e['operation'] == 'capable':
+ return 'capability'
+ elif self.op_type(e) == 'net':
+ return 'network'
+ elif e['operation'] == 'change_hat':
+ return 'change_hat'
+ elif e['operation'] == 'change_profile':
+ return 'change_profile'
+ elif e['operation'] == 'ptrace':
+ return 'ptrace'
+ elif e['operation'] == 'signal':
+ return 'signal'
+ elif e['operation'] and e['operation'].startswith('dbus_'):
+ return 'dbus'
+
+ else:
+ self.debug_logger.debug('UNHANDLED: %s', e)
+
+ return None
+
+ def get_rule_type(self, r):
+ for k, v in self.ruletypes.items():
+ if v.match(r):
+ return k, v
+ return None
+
+ def create_rule_from_ev(self, ev):
+ event_type = self.get_event_type(ev)
+ if not event_type:
+ return None
+ ruletype = self.ruletypes[event_type]
+
+ try:
+ return ruletype.create_from_ev(ev)
+ except (AppArmorException, AppArmorBug):
+ return None
+
+ def parse_record(self, event):
+ """Parse the record from LibAppArmor into key value pairs"""
ev = dict()
ev['resource'] = event.info
ev['active_hat'] = event.active_hat
@@ -108,19 +199,49 @@ class ReadLog:
ev['fsuid'] = event.fsuid
ev['ouid'] = event.ouid
- if ev['operation'] and ev['operation'] == 'signal':
+ event_type = self.get_event_type(ev)
+ if event_type == 'signal':
ev['signal'] = event.signal
ev['peer'] = event.peer
- elif ev['operation'] and ev['operation'] == 'ptrace':
+ elif event_type == 'ptrace':
+ ev['peer'] = event.peer
+ elif event_type == 'pivot_root':
+ ev['src_name'] = event.src_name
+ elif event_type == 'mount':
+ ev['flags'] = event.flags
+ ev['fs_type'] = event.fs_type
+ if ev['operation'] and ev['operation'] == 'mount':
+ ev['src_name'] = event.src_name # mount can have a source but not umount.
+ elif event_type == 'userns':
+ ev['execpath'] = event.execpath
+ ev['comm'] = event.comm
+ elif event_type == 'network':
+ ev['accesses'] = event.requested_mask
+ ev['port'] = event.net_local_port or None
+ ev['remote_port'] = event.net_foreign_port or None
+ ev['addr'] = event.net_local_addr
+ ev['peer_addr'] = event.net_foreign_addr
+ ev['addr'] = event.net_local_addr
+ ev['peer_addr'] = event.net_foreign_addr
+ elif event_type == 'unix':
+ ev['accesses'] = event.requested_mask
+ ev['port'] = event.net_local_port or None
+ ev['remote_port'] = event.net_foreign_port or None
+ ev['addr'] = event.net_addr
+ ev['peer_addr'] = event.peer_addr
ev['peer'] = event.peer
- elif ev['operation'] and ev['operation'].startswith('dbus_'):
+ ev['peer_profile'] = event.peer_profile
+ elif event_type == 'dbus':
ev['peer_profile'] = event.peer_profile
ev['bus'] = event.dbus_bus
ev['path'] = event.dbus_path
ev['interface'] = event.dbus_interface
ev['member'] = event.dbus_member
- LibAppArmor.free_record(event)
+ elif event_type == 'io_uring':
+ ev['peer_profile'] = event.peer_profile
+ elif event_type == 'capability':
+ ev['comm'] = event.comm
if not ev['time']:
ev['time'] = int(time.time())
@@ -150,6 +271,20 @@ class ReadLog:
else:
return None
+ def parse_event(self, msg):
+ """Parse the event from log into key value pairs"""
+ msg = msg.strip()
+ self.debug_logger.info('parse_event: %s', msg)
+ try:
+ event = LibAppArmor.parse_record(msg)
+ except TypeError:
+ aaui.UI_Important(_("WARNING: Cannot process log message, skipping entry. Make sure log is plaintext."))
+ return None
+
+ ev = self.parse_record(event)
+ LibAppArmor.free_record(event)
+ return ev
+
def parse_event_for_tree(self, e):
aamode = e.get('aamode', 'UNKNOWN')
@@ -174,56 +309,43 @@ class ReadLog:
if profile != 'null-complain-profile' and not self.profile_exists(profile):
return
+ # TODO: replace all the if conditions with a loop over 'ruletypes'
if e['operation'] == 'exec':
- if not e['name']:
- raise AppArmorException('exec without executed binary')
+ FileRule.hashlog_from_event(self.hashlog[aamode][full_profile]['exec'], e)
+ return
+
+ elif e['class'] and e['class'] == 'namespace':
+ if e['denied_mask'].startswith('userns_'):
+ UserNamespaceRule.hashlog_from_event(self.hashlog[aamode][full_profile]['userns'], e)
+ return
- if not e['name2']:
- e['name2'] = '' # exec events in enforce mode don't have target=...
+ elif e['class'] and e['class'].endswith('mqueue'):
+ MessageQueueRule.hashlog_from_event(self.hashlog[aamode][full_profile]['mqueue'], e)
+ return
- self.hashlog[aamode][full_profile]['exec'][e['name']][e['name2']] = True
+ elif e['class'] and e['class'] == 'io_uring':
+ IOUringRule.hashlog_from_event(self.hashlog[aamode][full_profile]['io_uring'], e)
return
- elif self.op_type(e) == 'file':
- # Map c (create) and d (delete) to w (logging is more detailed than the profile language)
- dmask = e['denied_mask']
- dmask = dmask.replace('c', 'w')
- dmask = dmask.replace('d', 'w')
-
- owner = False
-
- if '::' in dmask:
- # old log styles used :: to indicate if permissions are meant for owner or other
- (owner_d, other_d) = dmask.split('::')
- if owner_d and other_d:
- raise AppArmorException('Found log event with both owner and other permissions. Please open a bugreport!')
- if owner_d:
- dmask = owner_d
- owner = True
- else:
- dmask = other_d
-
- if e.get('ouid') is not None and e['fsuid'] == e['ouid']:
- # in current log style, owner permissions are indicated by a match of fsuid and ouid
- owner = True
-
- if 'x' in dmask and dmask != 'x':
- dmask = dmask.replace('x', '') # if dmask contains x and another mode, drop x here - we should see a separate exec event
-
- for perm in dmask:
- if perm in 'mrwalk': # intentionally not allowing 'x' here
- self.hashlog[aamode][full_profile]['path'][e['name']][owner][perm] = True
- else:
- raise AppArmorException(_('Log contains unknown mode %s') % dmask)
+ elif e['class'] and e['class'] == 'mount' or e['operation'] == 'mount':
+ MountRule.hashlog_from_event(self.hashlog[aamode][full_profile]['mount'], e)
+
+ elif e['operation'] and e['operation'] == 'pivotroot':
+ PivotRootRule.hashlog_from_event(self.hashlog[aamode][full_profile]['pivot_root'], e)
+ elif e['class'] and e['class'] == 'net' and e['family'] and e['family'] == 'unix':
+ UnixRule.hashlog_from_event(self.hashlog[aamode][full_profile]['unix'], e)
return
+ elif e['class'] == 'file' or self.op_type(e) == 'file':
+ FileRule.hashlog_from_event(self.hashlog[aamode][full_profile]['file'], e)
+
elif e['operation'] == 'capable':
- self.hashlog[aamode][full_profile]['capability'][e['name']] = True
+ CapabilityRule.hashlog_from_event(self.hashlog[aamode][full_profile]['capability'], e)
return
elif self.op_type(e) == 'net':
- self.hashlog[aamode][full_profile]['network'][e['family']][e['sock_type']][e['protocol']] = True
+ NetworkRule.hashlog_from_event(self.hashlog[aamode][full_profile]['network'], e)
return
elif e['operation'] == 'change_hat':
@@ -234,7 +356,7 @@ class ReadLog:
return
elif e['operation'] == 'change_profile':
- self.hashlog[aamode][full_profile]['change_profile'][e['name2']] = True
+ ChangeProfileRule.hashlog_from_event(self.hashlog[aamode][full_profile]['change_profile'], e)
return
elif e['operation'] == 'ptrace':
@@ -245,19 +367,19 @@ class ReadLog:
self.debug_logger.debug('ignored garbage ptrace event with empty denied_mask')
return
- self.hashlog[aamode][full_profile]['ptrace'][e['peer']][e['denied_mask']] = True
+ PtraceRule.hashlog_from_event(self.hashlog[aamode][full_profile]['ptrace'], e)
return
elif e['operation'] == 'signal':
- self.hashlog[aamode][full_profile]['signal'][e['peer']][e['denied_mask']][e['signal']] = True
+ SignalRule.hashlog_from_event(self.hashlog[aamode][full_profile]['signal'], e)
return
elif e['operation'] and e['operation'].startswith('dbus_'):
- self.hashlog[aamode][full_profile]['dbus'][e['denied_mask']][e['bus']][e['path']][e['name']][e['interface']][e['member']][e['peer_profile']] = True
+ DbusRule.hashlog_from_event(self.hashlog[aamode][full_profile]['dbus'], e)
return
else:
- self.debug_logger.debug('UNHANDLED: %s' % e)
+ self.debug_logger.debug('UNHANDLED: %s', e)
def read_log(self, logmark):
self.logmark = logmark
@@ -275,11 +397,11 @@ class ReadLog:
if not line:
break
line = line.strip()
- self.debug_logger.debug('read_log: %s' % line)
+ self.debug_logger.debug('read_log: %s', line)
if self.logmark in line:
seenmark = True
- self.debug_logger.debug('read_log: seenmark = %s' % seenmark)
+ self.debug_logger.debug('read_log: seenmark = %s', seenmark)
if not seenmark:
continue
@@ -287,7 +409,6 @@ class ReadLog:
if event:
try:
self.parse_event_for_tree(event)
-
except AppArmorException as e:
ex_msg = ('%(msg)s\n\nThis error was caused by the log line:\n%(logline)s'
% {'msg': e.value, 'logline': line})
@@ -337,14 +458,14 @@ class ReadLog:
def op_type(self, event):
"""Returns the operation type if known, unknown otherwise"""
- if event['operation'] and (event['operation'].startswith('file_') or
- event['operation'].startswith('inode_') or
- event['operation'] in self.OP_TYPE_FILE_OR_NET):
+ if event['operation'] and (event['operation'].startswith('file_')
+ or event['operation'].startswith('inode_')
+ or event['operation'] in self.OP_TYPE_FILE_OR_NET):
# file or network event?
if event['family'] and event['protocol'] and event['sock_type']:
# 'unix' events also use keywords like 'connect', but protocol is 0 and should therefore be filtered out
return 'net'
- elif event['denied_mask']:
+ elif event['denied_mask'] or event['operation'] == 'file_lock':
return 'file'
else:
raise AppArmorException('unknown file or network event type')
diff --git a/utils/apparmor/notify.py b/utils/apparmor/notify.py
index 84aaaf3e1d3746a9d39be4f0de8f94de96306686..f4d883ced0ede5d63c61d555a58b9631a3da1c0a 100644
--- a/utils/apparmor/notify.py
+++ b/utils/apparmor/notify.py
@@ -15,12 +15,35 @@
import os
import struct
+import sqlite3
from apparmor.common import AppArmorBug, DebugLogger
debug_logger = DebugLogger('apparmor.notify')
+def get_last_login_timestamp(username, filename='/var/log/wtmp', lastlog2_db='/var/lib/lastlog/lastlog2.db'):
+ """Get last login for user as epoch timestamp"""
+
+ if os.access(lastlog2_db, os.R_OK):
+ return get_last_login_timestamp_lastlog2(username, lastlog2_db)
+ else:
+ return get_last_login_timestamp_wtmp(username, filename)
+
+
+def get_last_login_timestamp_lastlog2(username, lastlog2_db='/var/lib/lastlog/lastlog2.db'):
+ """Execute lastlog2 and get last login for user as epoch timestamp"""
+
+ db = sqlite3.connect('file:%s?mode=ro' % lastlog2_db, uri=True)
+ cur = db.cursor()
+ timestamp = cur.execute('SELECT Time FROM Lastlog2 WHERE Name == ?;', [username]).fetchone()
+
+ if timestamp:
+ return timestamp[0]
+ else:
+ return 0
+
+
def sane_timestamp(timestamp):
"""Check if the given timestamp is in a date range that makes sense for a wtmp file"""
@@ -32,17 +55,17 @@ def sane_timestamp(timestamp):
return True
-def get_last_login_timestamp(username, filename='/var/log/wtmp'):
+def get_last_login_timestamp_wtmp(username, filename='/var/log/wtmp'):
"""Directly read wtmp and get last login for user as epoch timestamp"""
timestamp = 0
last_login = 0
- debug_logger.debug('Username: {}'.format(username))
+ debug_logger.debug('Username: %s', username)
with open(filename, "rb") as wtmp_file:
offset = 0
wtmp_filesize = os.path.getsize(filename)
- debug_logger.debug('WTMP filesize: {}'.format(wtmp_filesize))
+ debug_logger.debug('WTMP filesize: %s', wtmp_filesize)
if wtmp_filesize < 356:
return 0 # (nearly) empty wtmp file, no entries
@@ -52,8 +75,8 @@ def get_last_login_timestamp(username, filename='/var/log/wtmp'):
timestamp_x86_64 = struct.unpack("<L", wtmp_file.read(4))[0] # noqa: E221
timestamp_aarch64 = struct.unpack("<L", wtmp_file.read(4))[0]
timestamp_s390x = struct.unpack(">L", wtmp_file.read(4))[0] # noqa: E221
- debug_logger.debug('WTMP timestamps: x86_64 %s, aarch64 %s, s390x %s'
- % (timestamp_x86_64, timestamp_aarch64, timestamp_s390x))
+ debug_logger.debug('WTMP timestamps: x86_64 %s, aarch64 %s, s390x %s',
+ timestamp_x86_64, timestamp_aarch64, timestamp_s390x)
if sane_timestamp(timestamp_x86_64):
endianness = '<' # little endian
@@ -77,7 +100,7 @@ def get_last_login_timestamp(username, filename='/var/log/wtmp'):
offset += 384 + extra_offset_before + extra_offset_after # Increment for next entry
type = struct.unpack('%sH' % endianness, wtmp_file.read(2))[0]
- debug_logger.debug('WTMP entry type: {}'.format(type))
+ debug_logger.debug('WTMP entry type: %s', type)
wtmp_file.read(2) # skip padding
# Only parse USER lines
@@ -98,7 +121,7 @@ def get_last_login_timestamp(username, filename='/var/log/wtmp'):
wtmp_file.read(extra_offset_after)
usec = struct.unpack("<L", wtmp_file.read(4))[0]
entry = (pid, line, id, user, host, term, exit, session, timestamp, usec)
- debug_logger.debug('WTMP entry: {}'.format(entry))
+ debug_logger.debug('WTMP entry: %s', entry)
# Store login timestamp for requested user
if user == username:
diff --git a/utils/apparmor/profile_list.py b/utils/apparmor/profile_list.py
index cdeed5fa4f4f92759e6c75620891abf0302be1b6..dcc42ec0bd474ca1cd6e494e19ba1bbb96f17e6e 100644
--- a/utils/apparmor/profile_list.py
+++ b/utils/apparmor/profile_list.py
@@ -44,13 +44,13 @@ class ProfileList:
def __init__(self):
self.profile_names = {} # profile name -> filename
- self.attachments = {} # attachment -> {'f': filename, 'p': profile}
- self.attachments_AARE = {} # attachment -> AARE(attachment)
+ self.attachments = {} # attachment -> {'f': filename, 'p': profile, 're': AARE(attachment)}
self.files = {} # filename -> content - see init_file()
self.profiles = {} # profile_name -> ProfileStorage
def __repr__(self):
- return ('\n<ProfileList>\n%s\n</ProfileList>\n' % '\n'.join(self.files))
+ name = type(self).__name__
+ return '\n<%s>\n%s\n</%s>\n' % (name, '\n'.join(self.files), name)
def init_file(self, filename):
if self.files.get(filename):
@@ -67,7 +67,7 @@ class ProfileList:
"""Add the given profile and attachment to the list"""
if not filename:
- raise AppArmorBug('Empty filename given to ProfileList')
+ raise AppArmorBug('Empty filename given to ' + type(self).__name__)
if not profile_name and not attachment:
raise AppArmorBug('Neither profile name or attachment given')
@@ -90,7 +90,7 @@ class ProfileList:
if attachment:
self.attachments[attachment] = {'f': filename, 'p': profile_name or attachment} # if a profile doesn't have a name, the attachment is stored as profile name
- self.attachments_AARE[attachment] = AARE(attachment, True)
+ self.attachments[attachment]['re'] = AARE(attachment, True)
self.init_file(filename)
@@ -112,7 +112,7 @@ class ProfileList:
"""Store the given abi rule for the given profile filename preamble"""
if type(abi_rule) is not AbiRule:
- raise AppArmorBug('Wrong type given to ProfileList: %s' % abi_rule)
+ raise AppArmorBug('Wrong type given to %s: %s' % (type(self).__name__, abi_rule))
self.init_file(filename)
@@ -122,7 +122,7 @@ class ProfileList:
"""Store the given alias rule for the given profile filename preamble"""
if type(alias_rule) is not AliasRule:
- raise AppArmorBug('Wrong type given to ProfileList: %s' % alias_rule)
+ raise AppArmorBug('Wrong type given to %s: %s' % (type(self).__name__, alias_rule))
self.init_file(filename)
@@ -131,7 +131,7 @@ class ProfileList:
def add_inc_ie(self, filename, inc_rule):
"""Store the given include / include if exists rule for the given profile filename preamble"""
if type(inc_rule) is not IncludeRule:
- raise AppArmorBug('Wrong type given to ProfileList: %s' % inc_rule)
+ raise AppArmorBug('Wrong type given to %s: %s' % (type(self).__name__, inc_rule))
self.init_file(filename)
@@ -140,7 +140,7 @@ class ProfileList:
def add_variable(self, filename, var_rule):
"""Store the given variable rule for the given profile filename preamble"""
if type(var_rule) is not VariableRule:
- raise AppArmorBug('Wrong type given to ProfileList: %s' % var_rule)
+ raise AppArmorBug('Wrong type given to %s: %s' % (type(self).__name__, var_rule))
self.init_file(filename)
@@ -149,7 +149,7 @@ class ProfileList:
def add_boolean(self, filename, bool_rule):
"""Store the given boolean variable rule for the given profile filename preamble"""
if type(bool_rule) is not BooleanRule:
- raise AppArmorBug('Wrong type given to ProfileList: %s' % bool_rule)
+ raise AppArmorBug('Wrong type given to %s: %s' % (type(self).__name__, bool_rule))
self.init_file(filename)
@@ -159,7 +159,7 @@ class ProfileList:
"""Delete duplicates in the preamble of the given profile file"""
if not self.files.get(filename):
- raise AppArmorBug('%s not listed in ProfileList files' % filename)
+ raise AppArmorBug('%s not listed in %s files' % (filename, type(self).__name__))
deleted = 0
@@ -179,7 +179,7 @@ class ProfileList:
def get_raw(self, filename, depth=0):
"""Get the preamble for the given profile filename (in original formatting)"""
if not self.files.get(filename):
- raise AppArmorBug('%s not listed in ProfileList files' % filename)
+ raise AppArmorBug('%s not listed in %s files' % (filename, type(self).__name__))
data = []
for rule_type in header_rule_write_order:
@@ -189,7 +189,7 @@ class ProfileList:
def get_clean(self, filename, depth=0):
"""Get the preamble for the given profile filename (in clean formatting)"""
if not self.files.get(filename):
- raise AppArmorBug('%s not listed in ProfileList files' % filename)
+ raise AppArmorBug('%s not listed in %s files' % (filename, type(self).__name__))
data = []
for rule_type in header_rule_write_order:
@@ -223,7 +223,7 @@ class ProfileList:
# try AARE matches to cover profile names with alternations and wildcards
for path in self.attachments.keys():
- if self.attachments_AARE[path].match(attachment):
+ if self.attachments[path]['re'].match(attachment):
return self.attachments[path][thing] # XXX this returns the first match, not necessarily the best one
return None # nothing found
@@ -238,7 +238,7 @@ class ProfileList:
"""
if not self.files.get(filename):
- raise AppArmorBug('%s not listed in ProfileList files' % filename)
+ raise AppArmorBug('%s not listed in %s files' % (filename, type(self).__name__))
merged_variables = {}
@@ -286,6 +286,6 @@ class ProfileList:
def profiles_in_file(self, filename):
"""Return list of profiles in the given file"""
if not self.files.get(filename):
- raise AppArmorBug('%s not listed in ProfileList files' % filename)
+ raise AppArmorBug('%s not listed in %s files' % (filename, type(self).__name__))
return self.files[filename]['profiles']
diff --git a/utils/apparmor/profile_storage.py b/utils/apparmor/profile_storage.py
index bd8040dfebc5cf4e4f5c86f3136f0f90d011e8c9..09c2430efc861d69e70ea84be9372723426ce89e 100644
--- a/utils/apparmor/profile_storage.py
+++ b/utils/apparmor/profile_storage.py
@@ -18,6 +18,7 @@ from apparmor.common import AppArmorBug, AppArmorException
from apparmor.regex import parse_profile_start_line
from apparmor.rule import quote_if_needed
from apparmor.rule.abi import AbiRule, AbiRuleset
+from apparmor.rule.all import AllRule, AllRuleset
from apparmor.rule.capability import CapabilityRule, CapabilityRuleset
from apparmor.rule.change_profile import ChangeProfileRule, ChangeProfileRuleset
from apparmor.rule.dbus import DbusRule, DbusRuleset
@@ -27,6 +28,13 @@ from apparmor.rule.network import NetworkRule, NetworkRuleset
from apparmor.rule.ptrace import PtraceRule, PtraceRuleset
from apparmor.rule.rlimit import RlimitRule, RlimitRuleset
from apparmor.rule.signal import SignalRule, SignalRuleset
+from apparmor.rule.userns import UserNamespaceRule, UserNamespaceRuleset
+from apparmor.rule.mqueue import MessageQueueRule, MessageQueueRuleset
+from apparmor.rule.io_uring import IOUringRule, IOUringRuleset
+from apparmor.rule.mount import MountRule, MountRuleset
+from apparmor.rule.pivot_root import PivotRootRule, PivotRootRuleset
+from apparmor.rule.unix import UnixRule, UnixRuleset
+
from apparmor.translations import init_translation
_ = init_translation()
@@ -34,6 +42,7 @@ _ = init_translation()
ruletypes = {
'abi': {'rule': AbiRule, 'ruleset': AbiRuleset},
'inc_ie': {'rule': IncludeRule, 'ruleset': IncludeRuleset},
+ 'all': {'rule': AllRule, 'ruleset': AllRuleset},
'capability': {'rule': CapabilityRule, 'ruleset': CapabilityRuleset},
'change_profile': {'rule': ChangeProfileRule, 'ruleset': ChangeProfileRuleset},
'dbus': {'rule': DbusRule, 'ruleset': DbusRuleset},
@@ -42,6 +51,12 @@ ruletypes = {
'ptrace': {'rule': PtraceRule, 'ruleset': PtraceRuleset},
'rlimit': {'rule': RlimitRule, 'ruleset': RlimitRuleset},
'signal': {'rule': SignalRule, 'ruleset': SignalRuleset},
+ 'userns': {'rule': UserNamespaceRule, 'ruleset': UserNamespaceRuleset},
+ 'mqueue': {'rule': MessageQueueRule, 'ruleset': MessageQueueRuleset},
+ 'io_uring': {'rule': IOUringRule, 'ruleset': IOUringRuleset},
+ 'mount': {'rule': MountRule, 'ruleset': MountRuleset},
+ 'pivot_root': {'rule': PivotRootRule, 'ruleset': PivotRootRuleset},
+ 'unix': {'rule': UnixRule, 'ruleset': UnixRuleset},
}
@@ -73,17 +88,6 @@ class ProfileStorage:
data['is_hat'] = False # profile or hat?
data['hat_keyword'] = False # True for 'hat foo', False for '^foo'
- data['allow'] = dict()
- data['deny'] = dict()
-
- # mount, pivot_root, unix have a .get() fallback to list() - initialize them nevertheless
- data['allow']['mount'] = []
- data['deny']['mount'] = []
- data['allow']['pivot_root'] = []
- data['deny']['pivot_root'] = []
- data['allow']['unix'] = []
- data['deny']['unix'] = []
-
self.data = data
def __getitem__(self, key):
@@ -97,22 +101,22 @@ class ProfileStorage:
raise AppArmorBug('attempt to set unknown key %s' % key)
# allow writing bool values
- if type(self.data[key]) == bool:
- if type(value) == bool:
+ if isinstance(self.data[key], bool):
+ if isinstance(value, bool):
self.data[key] = value
else:
raise AppArmorBug('Attempt to change type of "%s" from %s to %s, value %s' % (key, type(self.data[key]), type(value), value))
# allow writing str or None to some keys
elif key in ('flags', 'filename'):
- if type(value) is str or value is None:
+ if isinstance(value, str) or value is None:
self.data[key] = value
else:
raise AppArmorBug('Attempt to change type of "%s" from %s to %s, value %s' % (key, type(self.data[key]), type(value), value))
# allow writing str values
- elif type(self.data[key]) is str:
- if type(value) is str:
+ elif isinstance(self.data[key], str):
+ if isinstance(value, str):
self.data[key] = value
else:
raise AppArmorBug('Attempt to change type of "%s" from %s to %s, value %s' % (key, type(self.data[key]), type(value), value))
@@ -122,7 +126,11 @@ class ProfileStorage:
raise AppArmorBug('Attempt to overwrite "%s" with %s, type %s' % (key, value, type(value)))
def __repr__(self):
- return ('\n<ProfileStorage>\n%s\n</ProfileStorage>\n' % '\n'.join(self.get_rules_clean(1)))
+ classname = type(self).__name__
+ header = '\n'.join(self.get_header(0, self['name'], False))
+ rules = '\n'.join(self.get_rules_clean(1))
+ endprofile = '}'
+ return f'\n<{classname}>\n{header}\n{rules}\n{endprofile}\n</{classname}>\n'
def get(self, key, fallback=None):
if key in self.data:
@@ -170,13 +178,6 @@ class ProfileStorage:
Note that the profile header and the closing "}" are _not_ included.
"""
- # "old" write functions for rule types not implemented as *Rule class yet
- write_functions = {
- 'mount': write_mount,
- 'pivot_root': write_pivot_root,
- 'unix': write_unix,
- }
-
write_order = [
'abi',
'inc_ie',
@@ -185,27 +186,27 @@ class ProfileStorage:
'network',
'dbus',
'mount',
+ 'mqueue',
'signal',
'ptrace',
'pivot_root',
'unix',
'file',
'change_profile',
+ 'userns',
+ 'io_uring',
]
data = []
for ruletype in write_order:
- if write_functions.get(ruletype):
- data.extend(write_functions[ruletype](self.data, depth))
- else:
- data.extend(self.data[ruletype].get_clean(depth))
+ data.extend(self.data[ruletype].get_clean(depth))
return data
@classmethod
def parse(cls, line, file, lineno, profile, hat):
- """parse a profile start line (using parse_profile_startline()) and convert it to a ProfileStorage"""
+ """parse a profile start line (using parse_profile_startline()) and convert it to an instance of this class"""
matches = parse_profile_start_line(line, file)
@@ -221,10 +222,12 @@ class ProfileStorage:
% {'profile': profile, 'file': file, 'line': lineno + 1})
hat = matches['profile']
+ prof_or_hat_name = hat
pps_set_hat_external = False
else: # stand-alone profile
profile = matches['profile']
+ prof_or_hat_name = profile
if len(profile.split('//')) > 2:
raise AppArmorException(
"Nested child profiles ('%(profile)s', found in %(file)s) are not supported by the AppArmor tools yet."
@@ -236,9 +239,9 @@ class ProfileStorage:
hat = profile
pps_set_hat_external = False
- prof_storage = ProfileStorage(profile, hat, 'ProfileStorage.parse()')
+ prof_storage = cls(profile, hat, cls.__name__ + '.parse()')
- prof_storage['name'] = profile
+ prof_storage['name'] = prof_or_hat_name
prof_storage['filename'] = file
prof_storage['external'] = pps_set_hat_external
prof_storage['flags'] = matches['flags']
@@ -270,10 +273,10 @@ def split_flags(flags):
def add_or_remove_flag(flags, flags_to_change, set_flag):
"""add (if set_flag is True) or remove the given flags_to_change to flags"""
- if type(flags) is str or flags is None:
+ if isinstance(flags, str) or flags is None:
flags = split_flags(flags)
- if type(flags_to_change) is str or flags_to_change is None:
+ if isinstance(flags_to_change, str) or flags_to_change is None:
flags_to_change = split_flags(flags_to_change)
if set_flag:
@@ -295,63 +298,3 @@ def var_transform(ref):
value = '""'
data.append(quote_if_needed(value))
return ' '.join(data)
-
-
-def write_mount_rules(prof_data, depth, allow):
- pre = ' ' * depth
- data = []
-
- # no mount rules, so return
- if not prof_data[allow].get('mount', False):
- return data
-
- for mount_rule in prof_data[allow]['mount']:
- data.append('%s%s' % (pre, mount_rule.serialize()))
- data.append('')
- return data
-
-
-def write_mount(prof_data, depth):
- data = write_mount_rules(prof_data, depth, 'deny')
- data.extend(write_mount_rules(prof_data, depth, 'allow'))
- return data
-
-
-def write_pivot_root_rules(prof_data, depth, allow):
- pre = ' ' * depth
- data = []
-
- # no pivot_root rules, so return
- if not prof_data[allow].get('pivot_root', False):
- return data
-
- for pivot_root_rule in prof_data[allow]['pivot_root']:
- data.append('%s%s' % (pre, pivot_root_rule.serialize()))
- data.append('')
- return data
-
-
-def write_pivot_root(prof_data, depth):
- data = write_pivot_root_rules(prof_data, depth, 'deny')
- data.extend(write_pivot_root_rules(prof_data, depth, 'allow'))
- return data
-
-
-def write_unix(prof_data, depth):
- data = write_unix_rules(prof_data, depth, 'deny')
- data.extend(write_unix_rules(prof_data, depth, 'allow'))
- return data
-
-
-def write_unix_rules(prof_data, depth, allow):
- pre = ' ' * depth
- data = []
-
- # no unix rules, so return
- if not prof_data[allow].get('unix', False):
- return data
-
- for unix_rule in prof_data[allow]['unix']:
- data.append('%s%s' % (pre, unix_rule.serialize()))
- data.append('')
- return data
diff --git a/utils/apparmor/regex.py b/utils/apparmor/regex.py
index 216e41407c41301a598ecfb96db73363ba7e825b..256b5acb1b5c1659d95afa96e5597a57f03e96e9 100644
--- a/utils/apparmor/regex.py
+++ b/utils/apparmor/regex.py
@@ -34,6 +34,7 @@ RE_XATTRS = r'(\s+xattrs\s*=\s*\((?P<xattrs>([^)=]+(=[^)=]+)?\s?)+)\)\s*)?'
RE_FLAGS = r'(\s+(flags\s*=\s*)?\((?P<flags>[^)]+)\))?'
RE_PROFILE_END = re.compile(r'^\s*\}' + RE_EOL)
+RE_PROFILE_ALL = re.compile(RE_AUDIT_DENY + r'all' + RE_COMMA_EOL)
RE_PROFILE_CAP = re.compile(RE_AUDIT_DENY + r'capability(?P<capability>(\s+\S+)+)?' + RE_COMMA_EOL)
RE_PROFILE_ALIAS = re.compile(r'^\s*alias\s+(?P<orig_path>"??.+?"??)\s+->\s*(?P<target>"??.+?"??)' + RE_COMMA_EOL)
RE_PROFILE_RLIMIT = re.compile(r'^\s*set\s+rlimit\s+(?P<rlimit>[a-z]+)\s*<=\s*(?P<value>[^ ]+(\s+[a-zA-Z]+)?)' + RE_COMMA_EOL)
@@ -46,11 +47,14 @@ RE_PROFILE_NETWORK = re.compile(RE_AUDIT_DENY + r'network(?P<details>\s+.*)?' +
RE_PROFILE_CHANGE_HAT = re.compile(r'^\s*\^("??.+?"??)' + RE_COMMA_EOL)
RE_PROFILE_HAT_DEF = re.compile(r'^(?P<leadingspace>\s*)(?P<hat_keyword>\^|hat\s+)(?P<hat>"??[^)]+?"??)' + RE_FLAGS + r'\s*\{' + RE_EOL)
RE_PROFILE_DBUS = re.compile(RE_AUDIT_DENY + r'(dbus\s*,|dbus(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
-RE_PROFILE_MOUNT = re.compile(RE_AUDIT_DENY + r'((mount|remount|umount|unmount)(\s+[^#]*)?\s*,)' + RE_EOL)
+RE_PROFILE_MOUNT = re.compile(RE_AUDIT_DENY + r'((?P<operation>mount|remount|umount|unmount)(?P<details>\s+[^#]*)?\s*,)' + RE_EOL)
RE_PROFILE_SIGNAL = re.compile(RE_AUDIT_DENY + r'(signal\s*,|signal(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
RE_PROFILE_PTRACE = re.compile(RE_AUDIT_DENY + r'(ptrace\s*,|ptrace(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
-RE_PROFILE_PIVOT_ROOT = re.compile(RE_AUDIT_DENY + r'(pivot_root\s*,|pivot_root\s+[^#]*\s*,)' + RE_EOL)
-RE_PROFILE_UNIX = re.compile(RE_AUDIT_DENY + r'(unix\s*,|unix\s+[^#]*\s*,)' + RE_EOL)
+RE_PROFILE_PIVOT_ROOT = re.compile(RE_AUDIT_DENY + r'(pivot_root\s*,|pivot_root(?P<details>\s+[^#]*),)' + RE_EOL)
+RE_PROFILE_UNIX = re.compile(RE_AUDIT_DENY + r'(unix\s*,|unix(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
+RE_PROFILE_USERNS = re.compile(RE_AUDIT_DENY + r'(userns\s*,|userns(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
+RE_PROFILE_MQUEUE = re.compile(RE_AUDIT_DENY + r'(mqueue\s*,|mqueue(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
+RE_PROFILE_IO_URING = re.compile(RE_AUDIT_DENY + r'(io_uring\s*,|io_uring(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
# match anything that's not " or #, or matching quotes with anything except quotes inside
__re_no_or_quoted_hash = '([^#"]|"[^"]*")*'
@@ -66,7 +70,7 @@ RE_HAS_COMMENT_SPLIT = re.compile(
RE_PROFILE_START = re.compile(
r'^(?P<leadingspace>\s*)'
+ '('
- + RE_PROFILE_PATH_OR_VAR % 'plainprofile' # just a path
+ + RE_PROFILE_PATH_OR_VAR % 'plainprofile' # just a path # noqa: E131
+ '|' # or
+ '(' + 'profile' + r'\s+' + RE_PROFILE_NAME % 'namedprofile' + r'(\s+' + RE_PROFILE_PATH_OR_VAR % 'attachment' + ')?' + ')' # 'profile', profile name, optionally attachment
+ ')'
@@ -93,7 +97,7 @@ RE_PROFILE_FILE_ENTRY = re.compile(
RE_AUDIT_DENY
+ r'(?P<owner>owner\s+)?' # optionally: <owner>
+ '('
- + '(?P<bare_file>file)' # bare 'file,'
+ + '(?P<bare_file>file)' # bare 'file,' # noqa: E131
+ '|' # or
+ r'(?P<file_keyword>file\s+)?' # optional 'file' keyword
+ '('
diff --git a/utils/apparmor/rule/__init__.py b/utils/apparmor/rule/__init__.py
index 41230dbd875bf819d9a90d53985b3d059d8f25fe..d0fdf80bc6c414df6714da75eecda064d5f05ec6 100644
--- a/utils/apparmor/rule/__init__.py
+++ b/utils/apparmor/rule/__init__.py
@@ -13,33 +13,19 @@
#
# ----------------------------------------------------------------------
-from abc import abstractmethod
+from abc import ABCMeta, abstractmethod
from apparmor.aare import AARE
-from apparmor.common import AppArmorBug
+from apparmor.common import AppArmorBug, AppArmorException, hasher
+from apparmor.regex import strip_quotes
from apparmor.translations import init_translation
_ = init_translation()
-class BaseRule:
+class BaseRule(metaclass=ABCMeta):
"""Base class to handle and store a single rule"""
- # type specific rules should inherit from this class.
- # Methods that subclasses need to implement:
- # __init__
- # _match(cls, raw_rule) (as a class method)
- # - parses a raw rule and returns a regex match object
- # _parse(cls, raw_rule) (as a class method)
- # - parses a raw rule and returns an object of the Rule subclass
- # get_clean(depth)
- # - return rule in clean format
- # is_covered(self, other_rule)
- # - check if other_rule is covered by this rule (i.e. is a
- # subset of this rule's permissions)
- # is_equal_localvars(self, other_rule)
- # - equality check for the rule-specific fields
-
# decides if the (G)lob and Glob w/ (E)xt options are displayed
can_glob = False
can_glob_ext = False
@@ -50,6 +36,10 @@ class BaseRule:
# defines if the '(O)wner permissions on/off' option is displayed
can_owner = False
+ rule_name = 'base'
+
+ _match_re = None
+
def __init__(self, audit=False, deny=False, allow_keyword=False,
comment='', log_event=None):
"""initialize variables needed by all rule types"""
@@ -62,7 +52,7 @@ class BaseRule:
# Set only in the parse() class method
self.raw_rule = None
- def _aare_or_all(self, rulepart, partname, is_path, log_event):
+ def _aare_or_all(self, rulepart, partname, is_path, log_event, empty_ok=False):
"""checks rulepart and returns
- (AARE, False) if rulepart is a (non-empty) string
- (None, True) if rulepart is all_obj (typically *Rule.ALL)
@@ -77,8 +67,8 @@ class BaseRule:
if rulepart == self.ALL:
return None, True
- elif type(rulepart) is str:
- if not rulepart.strip():
+ elif isinstance(rulepart, str):
+ if not rulepart.strip() and not empty_ok:
raise AppArmorBug(
'Passed empty %(partname)s to %(classname)s: %(rulepart)s'
% {'partname': partname, 'classname': self.__class__.__name__, 'rulepart': str(rulepart)})
@@ -89,48 +79,78 @@ class BaseRule:
% {'partname': partname, 'classname': self.__class__.__name__, 'rulepart': str(rulepart)})
def __repr__(self):
- classname = self.__class__.__name__
- try:
- raw_content = self.get_raw() # will fail for BaseRule
- return '<%s> %s' % (classname, raw_content)
- except NotImplementedError:
- return '<%s (NotImplementedError - get_clean() not implemented?)>' % classname
+ return '<%s> %s' % (self.__class__.__name__, self.get_raw())
@classmethod
def match(cls, raw_rule):
"""return True if raw_rule matches the class (main) regex, False otherwise
Note: This function just provides an answer to "is this your job?".
It does not guarantee that the rule is completely valid."""
-
- if cls._match(raw_rule):
- return True
- else:
- return False
+ return bool(cls._match(raw_rule))
@classmethod
- @abstractmethod
def _match(cls, raw_rule):
"""parse raw_rule and return regex match object"""
- raise NotImplementedError("'%s' needs to implement _match(), but didn't" % (str(cls)))
+ if cls._match_re is None:
+ if cls is BaseRule:
+ raise AppArmorBug("BaseRule class methods should not be called directly.")
+ else:
+ raise NotImplementedError("'%s' needs to implement _match(), but didn't" % (str(cls)))
+ return cls._match_re.search(raw_rule)
@classmethod
- def parse(cls, raw_rule):
- """parse raw_rule and return a rule object"""
- rule = cls._parse(raw_rule)
+ def create_instance(cls, raw_rule):
+ """parse raw_rule and return instance of this class"""
+ matches = cls._match(raw_rule)
+ if not matches:
+ raise AppArmorException(_("Invalid %s rule '%s'") % (cls.rule_name, raw_rule))
+
+ rule = cls._create_instance(raw_rule, matches)
rule.raw_rule = raw_rule.strip()
return rule
@classmethod
@abstractmethod
- def _parse(cls, raw_rule):
+ def _create_instance(cls, raw_rule, matches):
"""returns a Rule object created from parsing the raw rule.
required to be implemented by subclasses; raise exception if not"""
- raise NotImplementedError("'%s' needs to implement _parse(), but didn't" % (str(cls)))
+ raise NotImplementedError("'%s' needs to implement _create_instance(), but didn't" % (str(cls)))
+
+ @staticmethod
+ def generate_rules_from_hashlog(hashlog, nb_keys):
+ """yields all key sequences from a hashlog of depth nb_keys"""
+ stack = [(hashlog, [], nb_keys)]
+
+ while stack:
+ items, path, depth = stack.pop()
+
+ if depth == 0:
+ yield path
+ continue
+
+ for next_key in items:
+ stack.append((items[next_key], path + [next_key], depth - 1))
+
+ @classmethod
+ def create_from_ev(cls, ev):
+ """returns a rule that would allow an event"""
+ hl = hasher()
+ cls.hashlog_from_event(hl, ev)
+ return next(cls.from_hashlog(hl))
+
+ @staticmethod
+ def hashlog_from_event(hl, ev):
+ """stores an event in the hashlog"""
+ raise NotImplementedError('hashlog_from_event should be called on a rule class and not directly on BaseRule.')
+
+ @classmethod
+ def from_hashlog(cls, hl):
+ """constructs and yields all rules that would allow denials stored in a hashlog"""
+ raise NotImplementedError("'%s' needs to implement from_hashlog(), but didn't" % (str(cls)))
@abstractmethod
def get_clean(self, depth=0):
"""return clean rule (with default formatting, and leading whitespace as specified in the depth parameter)"""
- raise NotImplementedError("'%s' needs to implement get_clean(), but didn't" % (str(self.__class__)))
def get_raw(self, depth=0):
"""return raw rule (with original formatting, and leading whitespace in the depth parameter)"""
@@ -142,7 +162,7 @@ class BaseRule:
def is_covered(self, other_rule, check_allow_deny=True, check_audit=False):
"""check if other_rule is covered by this rule object"""
- if not type(other_rule) == type(self):
+ if type(other_rule) is not type(self):
raise AppArmorBug('Passes %s instead of %s' % (str(other_rule), self.__class__.__name__))
if check_allow_deny and self.deny != other_rule.deny:
@@ -158,12 +178,11 @@ class BaseRule:
return False
# still here? -> then the common part is covered, check rule-specific things now
- return self.is_covered_localvars(other_rule)
+ return self._is_covered_localvars(other_rule)
@abstractmethod
- def is_covered_localvars(self, other_rule):
+ def _is_covered_localvars(self, other_rule):
"""check if the rule-specific parts of other_rule is covered by this rule object"""
- raise NotImplementedError("'%s' needs to implement is_covered_localvars(), but didn't" % (str(self)))
def _is_covered_plain(self, self_value, self_all, other_value, other_all, cond_name):
"""check if other_* is covered by self_* - for plain str, int etc."""
@@ -212,7 +231,7 @@ class BaseRule:
def is_equal(self, rule_obj, strict=False):
"""compare if rule_obj == self
- Calls is_equal_localvars() to compare rule-specific variables"""
+ Calls _is_equal_localvars() to compare rule-specific variables"""
if self.audit != rule_obj.audit or self.deny != rule_obj.deny:
return False
@@ -224,7 +243,10 @@ class BaseRule:
):
return False
- return self.is_equal_localvars(rule_obj, strict)
+ if type(rule_obj) is not type(self):
+ raise AppArmorBug('Passed non-{} rule: {}'.format(self.rule_name, rule_obj))
+
+ return self._is_equal_localvars(rule_obj, strict)
def _is_equal_aare(self, self_value, self_all, other_value, other_all, cond_name):
"""check if other_* is the same as self_* - for AARE"""
@@ -242,9 +264,8 @@ class BaseRule:
return True
@abstractmethod
- def is_equal_localvars(self, other_rule, strict):
+ def _is_equal_localvars(self, other_rule, strict):
"""compare if rule-specific variables are equal"""
- raise NotImplementedError("'%s' needs to implement is_equal_localvars(), but didn't" % (str(self)))
def severity(self, sev_db):
"""return severity of this rule, which can be:
@@ -272,28 +293,25 @@ class BaseRule:
if qualifier:
headers.extend((_('Qualifier'), ' '.join(qualifier)))
- headers.extend(self.logprof_header_localvars())
+ headers.extend(self._logprof_header_localvars())
return headers
@abstractmethod
- def logprof_header_localvars(self):
+ def _logprof_header_localvars(self):
"""return the headers (human-readable version of the rule) to display in aa-logprof for this rule object
returns {'label1': 'value1', 'label2': 'value2'}"""
- raise NotImplementedError("'%s' needs to implement logprof_header(), but didn't" % (str(self)))
- @abstractmethod
+ # NOTE: edit_header, validate_edit, and store_edit are not implemented by every subclass.
def edit_header(self):
"""return the prompt for, and the path to edit when using '(N)ew'"""
raise NotImplementedError("'%s' needs to implement edit_header(), but didn't" % (str(self)))
- @abstractmethod
def validate_edit(self, newpath):
"""validate the new path.
Returns True if it covers the previous path, False if it doesn't."""
raise NotImplementedError("'%s' needs to implement validate_edit(), but didn't" % (str(self)))
- @abstractmethod
def store_edit(self, newpath):
"""store the changed path.
This is done even if the new path doesn't match the original one."""
@@ -501,9 +519,9 @@ def check_and_split_list(lst, allowed_keywords, all_obj, classname, keyword_name
if lst == all_obj:
return None, True, None
- elif type(lst) is str:
+ elif isinstance(lst, str):
result_list = {lst}
- elif type(lst) in (list, tuple, set) and (lst or allow_empty_list):
+ elif isinstance(lst, (list, tuple, set)) and (lst or allow_empty_list):
result_list = set(lst)
else:
raise AppArmorBug(
@@ -529,9 +547,9 @@ def logprof_value_or_all(value, all_values):
if all_values:
return _('ALL')
- if type(value) == AARE:
+ if isinstance(value, AARE):
return value.regex
- elif type(value) == set or type(value) == list or type(value) == tuple:
+ elif isinstance(value, (set, list, tuple)):
return ' '.join(sorted(value))
else:
return value
@@ -576,3 +594,39 @@ def quote_if_needed(data):
if ' ' in data:
data = '"' + data + '"'
return data
+
+
+def check_dict_keys(d, possible_keys, type_all):
+ """Check that all keys in dictionary are among possible keys"""
+ if d == type_all or d == {}:
+ return type_all
+ if not possible_keys >= d.keys():
+ raise AppArmorException(f'Incorrect key in dict {d}. Possible keys are {possible_keys},')
+ return d
+
+
+def initialize_cond_dict(d, keys, suffix, type_all):
+ out = {
+ key: strip_quotes(d[f'{key}{suffix}'])
+ for key in keys
+ if f'{key}{suffix}' in d and d[f'{key}{suffix}'] is not None
+ }
+ return out if out != {} else type_all
+
+
+def tuple_to_dict(t, keys):
+ d = {}
+ for idx, k in enumerate(keys):
+ if t[idx] is not None:
+ d[k] = t[idx]
+ return d
+
+
+def print_dict_values(d, type_all, prefix=None):
+ if d == type_all:
+ return ''
+ to_print = ' '.join(f'{k}={quote_if_needed(str(v))}' for k, v in d.items())
+ if prefix:
+ return f' {prefix}=({to_print})'
+ else:
+ return f' {to_print}'
diff --git a/utils/apparmor/rule/abi.py b/utils/apparmor/rule/abi.py
index f985b78f4c1b247b952c38e6ba743f31215e9bbe..586db84281f699a58f7d4138bdd3445f96f8a310 100644
--- a/utils/apparmor/rule/abi.py
+++ b/utils/apparmor/rule/abi.py
@@ -26,6 +26,7 @@ class AbiRule(IncludeRule):
"""Class to handle and store a single abi rule"""
rule_name = 'abi'
+ _match_re = RE_ABI
def __init__(self, path, ifexists, ismagic, audit=False, deny=False, allow_keyword=False,
comment='', log_event=None):
@@ -38,10 +39,6 @@ class AbiRule(IncludeRule):
if ifexists:
raise AppArmorBug('Attempt to use %s rule with if exists flag' % self.__class__.__name__)
- @classmethod
- def _match(cls, raw_rule):
- return RE_ABI.search(raw_rule)
-
def get_clean(self, depth=0):
"""return rule (in clean/default formatting)"""
@@ -52,8 +49,8 @@ class AbiRule(IncludeRule):
else:
return ('%s%s "%s",%s' % (space, self.rule_name, self.path, self.comment))
- def logprof_header_localvars(self):
- return [_('Abi'), self.get_clean()]
+ def _logprof_header_localvars(self):
+ return _('Abi'), self.get_clean()
class AbiRuleset(IncludeRuleset):
diff --git a/utils/apparmor/rule/alias.py b/utils/apparmor/rule/alias.py
index 6cfc7796af100b3c4d6c649f70f496e55b4bbae8..aca4c530a2752e4c596292eb7a7714eefc6f9389 100644
--- a/utils/apparmor/rule/alias.py
+++ b/utils/apparmor/rule/alias.py
@@ -24,6 +24,7 @@ class AliasRule(BaseRule):
"""Class to handle and store a single alias rule"""
rule_name = 'alias'
+ _match_re = RE_PROFILE_ALIAS
def __init__(self, orig_path, target, audit=False, deny=False, allow_keyword=False,
comment='', log_event=None):
@@ -31,20 +32,20 @@ class AliasRule(BaseRule):
super().__init__(audit=audit, deny=deny, allow_keyword=allow_keyword,
comment=comment, log_event=log_event)
- # aliass don't support audit or deny
+ # aliases don't support audit or deny
if audit:
raise AppArmorBug('Attempt to initialize %s with audit flag' % self.__class__.__name__)
if deny:
raise AppArmorBug('Attempt to initialize %s with deny flag' % self.__class__.__name__)
- if type(orig_path) is not str:
+ if not isinstance(orig_path, str):
raise AppArmorBug('Passed unknown type for orig_path to %s: %s' % (self.__class__.__name__, orig_path))
if not orig_path:
raise AppArmorException('Passed empty orig_path to %s: %s' % (self.__class__.__name__, orig_path))
if not orig_path.startswith('/'):
raise AppArmorException("Alias path doesn't start with '/'")
- if type(target) is not str:
+ if not isinstance(target, str):
raise AppArmorBug('Passed unknown type for target to %s: %s' % (self.__class__.__name__, target))
if not target:
raise AppArmorException('Passed empty target to %s: %s' % (self.__class__.__name__, target))
@@ -55,24 +56,16 @@ class AliasRule(BaseRule):
self.target = target
@classmethod
- def _match(cls, raw_rule):
- return RE_PROFILE_ALIAS.search(raw_rule)
-
- @classmethod
- def _parse(cls, raw_rule):
- """parse raw_rule and return AliasRule"""
-
- matches = cls._match(raw_rule)
- if not matches:
- raise AppArmorException(_("Invalid alias rule '%s'") % raw_rule)
+ def _create_instance(cls, raw_rule, matches):
+ """parse raw_rule and return instance of this class"""
comment = parse_comment(matches)
orig_path = strip_quotes(matches.group('orig_path').strip())
target = strip_quotes(matches.group('target').strip())
- return AliasRule(orig_path, target,
- audit=False, deny=False, allow_keyword=False, comment=comment)
+ return cls(orig_path, target,
+ audit=False, deny=False, allow_keyword=False, comment=comment)
def get_clean(self, depth=0):
"""return rule (in clean/default formatting)"""
@@ -81,17 +74,14 @@ class AliasRule(BaseRule):
return '%salias %s -> %s,' % (space, quote_if_needed(self.orig_path), quote_if_needed(self.target))
- def is_covered_localvars(self, other_rule):
+ def _is_covered_localvars(self, other_rule):
"""check if other_rule is covered by this rule object"""
# the only way aliases can be covered are exact duplicates
- return self.is_equal_localvars(other_rule, False)
+ return self._is_equal_localvars(other_rule, False)
- def is_equal_localvars(self, rule_obj, strict):
- """compare if rule-specific aliass are equal"""
-
- if not type(rule_obj) == AliasRule:
- raise AppArmorBug('Passed non-alias rule: %s' % str(rule_obj))
+ def _is_equal_localvars(self, rule_obj, strict):
+ """compare if rule-specific aliases are equal"""
if self.orig_path != rule_obj.orig_path:
return False
@@ -101,12 +91,8 @@ class AliasRule(BaseRule):
return True
- def logprof_header_localvars(self):
- headers = []
-
- return headers + [
- _('Alias'), '%s -> %s' % (self.orig_path, self.target),
- ]
+ def _logprof_header_localvars(self):
+ return _('Alias'), '%s -> %s' % (self.orig_path, self.target)
class AliasRuleset(BaseRuleset):
diff --git a/utils/apparmor/rule/all.py b/utils/apparmor/rule/all.py
new file mode 100644
index 0000000000000000000000000000000000000000..4a859cfccd1d917ef3c8422c04c1615fafb08c22
--- /dev/null
+++ b/utils/apparmor/rule/all.py
@@ -0,0 +1,83 @@
+# ----------------------------------------------------------------------
+# Copyright (C) 2023 Christian Boltz <apparmor@cboltz.de>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+from apparmor.regex import RE_PROFILE_ALL
+from apparmor.rule import BaseRule, BaseRuleset, parse_modifiers
+from apparmor.translations import init_translation
+
+_ = init_translation()
+
+
+class AllRule(BaseRule):
+ """Class to handle and store a single all rule"""
+
+ # This class doesn't have any localvars, therefore it doesn't need 'ALL'
+
+ can_glob = False
+ rule_name = 'all'
+ _match_re = RE_PROFILE_ALL
+
+ def __init__(self, audit=False, deny=False, allow_keyword=False,
+ comment='', log_event=None):
+
+ super().__init__(audit=audit, deny=deny, allow_keyword=allow_keyword,
+ comment=comment, log_event=log_event)
+
+ # no localvars -> nothing more to do
+
+ @classmethod
+ def _create_instance(cls, raw_rule, matches):
+ """parse raw_rule and return instance of this class"""
+
+ audit, deny, allow_keyword, comment = parse_modifiers(matches)
+
+ return cls(audit=audit, deny=deny,
+ allow_keyword=allow_keyword,
+ comment=comment)
+
+ def get_clean(self, depth=0):
+ """return rule (in clean/default formatting)"""
+
+ space = ' ' * depth
+
+ return ('%s%sall,%s' % (space, self.modifiers_str(), self.comment))
+
+ def _is_covered_localvars(self, other_rule):
+ """check if other_rule is covered by this rule object"""
+
+ # no localvars, so there can't be a difference
+ return True
+
+ def _is_equal_localvars(self, rule_obj, strict):
+ """compare if rule-specific variables are equal"""
+
+ # no localvars, so there can't be a difference
+ return True
+
+ def severity(self, sev_db):
+ # allowing _everything_ is the worst thing you could do, therefore hardcode highest severity
+ severity = 10
+
+ return severity
+
+ def _logprof_header_localvars(self):
+ return _('All'), _('Allow everything')
+
+
+class AllRuleset(BaseRuleset):
+ """Class to handle and store a collection of all rules"""
+
+ def get_glob(self, path_or_rule):
+ # There's nothing to glob in all rules
+ raise NotImplementedError
diff --git a/utils/apparmor/rule/boolean.py b/utils/apparmor/rule/boolean.py
index c59fa762805ded48acb6d61e24489b2502619487..7d24ddda7d2594ff111bf9c3c324c6da3a610ba1 100644
--- a/utils/apparmor/rule/boolean.py
+++ b/utils/apparmor/rule/boolean.py
@@ -25,6 +25,7 @@ class BooleanRule(BaseRule):
"""Class to handle and store a single variable rule"""
rule_name = 'boolean'
+ _match_re = RE_PROFILE_BOOLEAN
def __init__(self, varname, value, audit=False, deny=False, allow_keyword=False,
comment='', log_event=None):
@@ -38,12 +39,12 @@ class BooleanRule(BaseRule):
if deny:
raise AppArmorBug('Attempt to initialize %s with deny flag' % self.__class__.__name__)
- if type(varname) is not str:
+ if not isinstance(varname, str):
raise AppArmorBug('Passed unknown type for boolean variable to %s: %s' % (self.__class__.__name__, varname))
if not varname.startswith('$'):
raise AppArmorException("Passed invalid boolean to %s (doesn't start with '$'): %s" % (self.__class__.__name__, varname))
- if type(value) is not str:
+ if not isinstance(value, str):
raise AppArmorBug('Passed unknown type for value to %s: %s' % (self.__class__.__name__, value))
if not value:
raise AppArmorException('Passed empty value to %s: %s' % (self.__class__.__name__, value))
@@ -56,24 +57,16 @@ class BooleanRule(BaseRule):
self.value = value
@classmethod
- def _match(cls, raw_rule):
- return RE_PROFILE_BOOLEAN.search(raw_rule)
-
- @classmethod
- def _parse(cls, raw_rule):
- """parse raw_rule and return BooleanRule"""
-
- matches = cls._match(raw_rule)
- if not matches:
- raise AppArmorException(_("Invalid boolean variable rule '%s'") % raw_rule)
+ def _create_instance(cls, raw_rule, matches):
+ """parse raw_rule and return instance of this class"""
comment = parse_comment(matches)
varname = matches.group('varname')
value = matches.group('value')
- return BooleanRule(varname, value,
- audit=False, deny=False, allow_keyword=False, comment=comment)
+ return cls(varname, value,
+ audit=False, deny=False, allow_keyword=False, comment=comment)
def get_clean(self, depth=0):
"""return rule (in clean/default formatting)"""
@@ -82,7 +75,7 @@ class BooleanRule(BaseRule):
return '%s%s = %s' % (space, self.varname, self.value)
- def is_covered_localvars(self, other_rule):
+ def _is_covered_localvars(self, other_rule):
"""check if other_rule is covered by this rule object"""
if self.varname != other_rule.varname:
@@ -94,12 +87,9 @@ class BooleanRule(BaseRule):
# still here? -> then it is covered
return True
- def is_equal_localvars(self, rule_obj, strict):
+ def _is_equal_localvars(self, rule_obj, strict):
"""compare if rule-specific variables are equal"""
- if not type(rule_obj) == BooleanRule:
- raise AppArmorBug('Passed non-boolean rule: %s' % str(rule_obj))
-
if self.varname != rule_obj.varname:
return False
@@ -108,12 +98,8 @@ class BooleanRule(BaseRule):
return True
- def logprof_header_localvars(self):
- headers = []
-
- return headers + [
- _('Boolean Variable'), self.get_clean(),
- ]
+ def _logprof_header_localvars(self):
+ return _('Boolean Variable'), self.get_clean()
class BooleanRuleset(BaseRuleset):
diff --git a/utils/apparmor/rule/capability.py b/utils/apparmor/rule/capability.py
index bcd78d2166a76899552e5cef67c9c3598d125010..ce00eb839f6b581e85361d52825604de4b018fd5 100644
--- a/utils/apparmor/rule/capability.py
+++ b/utils/apparmor/rule/capability.py
@@ -22,6 +22,15 @@ from apparmor.translations import init_translation
_ = init_translation()
+capability_keywords = [
+ 'audit_control', 'audit_read', 'audit_write', 'block_suspend', 'bpf', 'checkpoint_restore',
+ 'chown', 'dac_override', 'dac_read_search', 'fowner', 'fsetid', 'ipc_lock', 'ipc_owner',
+ 'kill', 'lease', 'linux_immutable', 'mac_admin', 'mac_override', 'mknod', 'net_admin',
+ 'net_bind_service', 'net_broadcast', 'net_raw', 'perfmon', 'setfcap', 'setgid', 'setpcap',
+ 'setuid', 'syslog', 'sys_admin', 'sys_boot', 'sys_chroot', 'sys_module', 'sys_nice',
+ 'sys_pacct', 'sys_ptrace', 'sys_rawio', 'sys_resource', 'sys_time', 'sys_tty_config',
+ 'wake_alarm']
+
class CapabilityRule(BaseRule):
"""Class to handle and store a single capability rule"""
@@ -34,6 +43,7 @@ class CapabilityRule(BaseRule):
ALL = __CapabilityAll
rule_name = 'capability'
+ _match_re = RE_PROFILE_CAP
def __init__(self, cap_list, audit=False, deny=False, allow_keyword=False,
comment='', log_event=None):
@@ -43,47 +53,42 @@ class CapabilityRule(BaseRule):
# Because we support having multiple caps in one rule,
# initializer needs to accept a list of caps.
self.all_caps = False
- if cap_list == CapabilityRule.ALL:
+ if cap_list == self.ALL:
self.all_caps = True
self.capability = set()
else:
- if type(cap_list) is str:
- self.capability = {cap_list}
- elif type(cap_list) == list and cap_list:
+ if isinstance(cap_list, str):
+ cap_list = [cap_list]
+
+ if isinstance(cap_list, list):
+ if not cap_list:
+ raise AppArmorBug('Passed empty capability list to %s: %s' % (type(self).__name__, str(cap_list)))
+ for cap in cap_list:
+ if not cap.strip():
+ # make sure none of the cap_list arguments are blank, in
+ # case we decide to return one cap per output line
+ raise AppArmorBug('Passed empty capability to %s: %s' % (type(self).__name__, str(cap_list)))
+ if cap not in capability_keywords:
+ raise AppArmorException('Passed unknown capability to %s: %s' % (type(self).__name__, cap))
self.capability = set(cap_list)
else:
- raise AppArmorBug('Passed unknown object to CapabilityRule: %s' % str(cap_list))
- # make sure none of the cap_list arguments are blank, in
- # case we decide to return one cap per output line
- for cap in self.capability:
- if not cap.strip():
- raise AppArmorBug('Passed empty capability to CapabilityRule: %s' % str(cap_list))
+ raise AppArmorBug('Passed unknown object to %s: %s' % (type(self).__name__, str(cap_list)))
@classmethod
- def _match(cls, raw_rule):
- return RE_PROFILE_CAP.search(raw_rule)
-
- @classmethod
- def _parse(cls, raw_rule):
- """parse raw_rule and return CapabilityRule"""
-
- matches = cls._match(raw_rule)
- if not matches:
- raise AppArmorException(_("Invalid capability rule '%s'") % raw_rule)
+ def _create_instance(cls, raw_rule, matches):
+ """parse raw_rule and return instance of this class"""
audit, deny, allow_keyword, comment = parse_modifiers(matches)
- capability = []
-
if matches.group('capability'):
capability = matches.group('capability').strip()
capability = re.split("[ \t]+", capability)
else:
- capability = CapabilityRule.ALL
+ capability = cls.ALL
- return CapabilityRule(capability, audit=audit, deny=deny,
- allow_keyword=allow_keyword,
- comment=comment)
+ return cls(capability, audit=audit, deny=deny,
+ allow_keyword=allow_keyword,
+ comment=comment)
def get_clean(self, depth=0):
"""return rule (in clean/default formatting)"""
@@ -98,7 +103,7 @@ class CapabilityRule(BaseRule):
else:
raise AppArmorBug("Empty capability rule")
- def is_covered_localvars(self, other_rule):
+ def _is_covered_localvars(self, other_rule):
"""check if other_rule is covered by this rule object"""
if not self._is_covered_list(self.capability, self.all_caps, other_rule.capability, other_rule.all_caps, 'capability'):
@@ -107,12 +112,9 @@ class CapabilityRule(BaseRule):
# still here? -> then it is covered
return True
- def is_equal_localvars(self, rule_obj, strict):
+ def _is_equal_localvars(self, rule_obj, strict):
"""compare if rule-specific variables are equal"""
- if not type(rule_obj) == CapabilityRule:
- raise AppArmorBug('Passed non-capability rule: %s' % str(rule_obj))
-
if (self.capability != rule_obj.capability
or self.all_caps != rule_obj.all_caps):
return False
@@ -134,12 +136,19 @@ class CapabilityRule(BaseRule):
return severity
- def logprof_header_localvars(self):
+ def _logprof_header_localvars(self):
cap_txt = logprof_value_or_all(self.capability, self.all_caps)
- return [
- _('Capability'), cap_txt,
- ]
+ return _('Capability'), cap_txt
+
+ @staticmethod
+ def hashlog_from_event(hl, e):
+ hl[e['name']] = True
+
+ @classmethod
+ def from_hashlog(cls, hl):
+ for cap in hl.keys():
+ yield cls(cap, log_event=True)
class CapabilityRuleset(BaseRuleset):
diff --git a/utils/apparmor/rule/change_profile.py b/utils/apparmor/rule/change_profile.py
index 321fe392f1b8430f76cfae648d4f4f43a04fde76..70858891bb22e6c5557a3d949aa13c76b52ad84b 100644
--- a/utils/apparmor/rule/change_profile.py
+++ b/utils/apparmor/rule/change_profile.py
@@ -33,8 +33,8 @@ class ChangeProfileRule(BaseRule):
ALL = __ChangeProfileAll
rule_name = 'change_profile'
-
equiv_execmodes = ['safe', '', None]
+ _match_re = RE_PROFILE_CHANGE_PROFILE
def __init__(self, execmode, execcond, targetprofile, audit=False, deny=False, allow_keyword=False,
comment='', log_event=None):
@@ -46,15 +46,15 @@ class ChangeProfileRule(BaseRule):
if execmode:
if execmode != 'safe' and execmode != 'unsafe':
raise AppArmorBug('Unknown exec mode (%s) in change_profile rule' % execmode)
- elif not execcond or execcond == ChangeProfileRule.ALL:
+ elif not execcond or execcond == self.ALL:
raise AppArmorException('Exec condition is required when unsafe or safe keywords are present')
self.execmode = execmode
self.execcond = None
self.all_execconds = False
- if execcond == ChangeProfileRule.ALL:
+ if execcond == self.ALL:
self.all_execconds = True
- elif type(execcond) is str:
+ elif isinstance(execcond, str):
if not execcond.strip():
raise AppArmorBug('Empty exec condition in change_profile rule')
elif execcond.startswith('/') or execcond.startswith('@'):
@@ -62,31 +62,23 @@ class ChangeProfileRule(BaseRule):
else:
raise AppArmorException('Exec condition in change_profile rule does not start with /: %s' % str(execcond))
else:
- raise AppArmorBug('Passed unknown object to ChangeProfileRule: %s' % str(execcond))
+ raise AppArmorBug('Passed unknown object to %s: %s' % (type(self).__name__, str(execcond)))
self.targetprofile = None
self.all_targetprofiles = False
- if targetprofile == ChangeProfileRule.ALL:
+ if targetprofile == self.ALL:
self.all_targetprofiles = True
- elif type(targetprofile) is str:
+ elif isinstance(targetprofile, str):
if targetprofile.strip():
self.targetprofile = targetprofile
else:
raise AppArmorBug('Empty target profile in change_profile rule')
else:
- raise AppArmorBug('Passed unknown object to ChangeProfileRule: %s' % str(targetprofile))
-
- @classmethod
- def _match(cls, raw_rule):
- return RE_PROFILE_CHANGE_PROFILE.search(raw_rule)
+ raise AppArmorBug('Passed unknown object to %s: %s' % (type(self).__name__, str(targetprofile)))
@classmethod
- def _parse(cls, raw_rule):
- """parse raw_rule and return ChangeProfileRule"""
-
- matches = cls._match(raw_rule)
- if not matches:
- raise AppArmorException(_("Invalid change_profile rule '%s'") % raw_rule)
+ def _create_instance(cls, raw_rule, matches):
+ """parse raw_rule and return instance of this class"""
audit, deny, allow_keyword, comment = parse_modifiers(matches)
@@ -95,15 +87,15 @@ class ChangeProfileRule(BaseRule):
if matches.group('execcond'):
execcond = strip_quotes(matches.group('execcond'))
else:
- execcond = ChangeProfileRule.ALL
+ execcond = cls.ALL
if matches.group('targetprofile'):
targetprofile = strip_quotes(matches.group('targetprofile'))
else:
- targetprofile = ChangeProfileRule.ALL
+ targetprofile = cls.ALL
- return ChangeProfileRule(execmode, execcond, targetprofile,
- audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
+ return cls(execmode, execcond, targetprofile,
+ audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
def get_clean(self, depth=0):
"""return rule (in clean/default formatting)"""
@@ -131,12 +123,12 @@ class ChangeProfileRule(BaseRule):
return ('%s%schange_profile%s%s%s,%s' % (space, self.modifiers_str(), execmode, execcond, targetprofile, self.comment))
- def is_covered_localvars(self, other_rule):
+ def _is_covered_localvars(self, other_rule):
"""check if other_rule is covered by this rule object"""
if (self.execmode != other_rule.execmode
- and (self.execmode not in ChangeProfileRule.equiv_execmodes
- or other_rule.execmode not in ChangeProfileRule.equiv_execmodes)):
+ and (self.execmode not in self.equiv_execmodes
+ or other_rule.execmode not in self.equiv_execmodes)):
return False
if not self._is_covered_plain(self.execcond, self.all_execconds, other_rule.execcond, other_rule.all_execconds, 'exec condition'):
@@ -149,15 +141,12 @@ class ChangeProfileRule(BaseRule):
# still here? -> then it is covered
return True
- def is_equal_localvars(self, rule_obj, strict):
+ def _is_equal_localvars(self, rule_obj, strict):
"""compare if rule-specific variables are equal"""
- if not type(rule_obj) == ChangeProfileRule:
- raise AppArmorBug('Passed non-change_profile rule: %s' % str(rule_obj))
-
if (self.execmode != rule_obj.execmode
- and (self.execmode not in ChangeProfileRule.equiv_execmodes
- or rule_obj.execmode not in ChangeProfileRule.equiv_execmodes)):
+ and (self.execmode not in self.equiv_execmodes
+ or rule_obj.execmode not in self.equiv_execmodes)):
return False
if (self.execcond != rule_obj.execcond
@@ -170,7 +159,7 @@ class ChangeProfileRule(BaseRule):
return True
- def logprof_header_localvars(self):
+ def _logprof_header_localvars(self):
headers = []
if self.execmode:
@@ -185,6 +174,15 @@ class ChangeProfileRule(BaseRule):
))
return headers
+ @staticmethod
+ def hashlog_from_event(hl, e):
+ hl[e['name2']] = True
+
+ @classmethod
+ def from_hashlog(cls, hl):
+ for cp in hl.keys():
+ yield cls(None, cls.ALL, cp, log_event=True)
+
class ChangeProfileRuleset(BaseRuleset):
"""Class to handle and store a collection of change_profile rules"""
diff --git a/utils/apparmor/rule/dbus.py b/utils/apparmor/rule/dbus.py
index 4a595795d28a627c055f7d5c7fdc4c5f336e19ca..4a6fd5293279522ae7560fe4b5b5316599423b9f 100644
--- a/utils/apparmor/rule/dbus.py
+++ b/utils/apparmor/rule/dbus.py
@@ -43,24 +43,24 @@ RE_FLAG = r'(?P<%s>(\S+|"[^"]+"|\(\s*\S+\s*\)|\(\s*"[^"]+"\)\s*))' # string wit
RE_DBUS_DETAILS = re.compile(
'^'
+ r'(\s+(?P<access>' + RE_ACCESS_KEYWORDS + '))?' # optional access keyword(s)
- + '('
- + r'(\s+(bus\s*=\s*' + RE_FLAG % 'bus' + '))?|' # optional bus= system | session | AARE, (...) optional
- + r'(\s+(path\s*=\s*' + RE_FLAG % 'path' + '))?|' # optional path=AARE, (...) optional
- + r'(\s+(name\s*=\s*' + RE_FLAG % 'name' + '))?|' # optional name=AARE, (...) optional
+ + '(' # noqa: E131
+ + r'(\s+(bus\s*=\s*' + RE_FLAG % 'bus' + '))?|' # optional bus= system | session | AARE, (...) optional # noqa: E131,E221
+ + r'(\s+(path\s*=\s*' + RE_FLAG % 'path' + '))?|' # optional path=AARE, (...) optional # noqa: E221
+ + r'(\s+(name\s*=\s*' + RE_FLAG % 'name' + '))?|' # optional name=AARE, (...) optional # noqa: E221
+ r'(\s+(interface\s*=\s*' + RE_FLAG % 'interface' + '))?|' # optional interface=AARE, (...) optional
- + r'(\s+(member\s*=\s*' + RE_FLAG % 'member' + '))?|' # optional member=AARE, (...) optional
+ + r'(\s+(member\s*=\s*' + RE_FLAG % 'member' + '))?|' # optional member=AARE, (...) optional # noqa: E221
+ r'(\s+(peer\s*=\s*\((,|\s)*' # optional peer=(name=AARE and/or label=AARE), (...) required
- + '('
- + '(' + r'(,|\s)*' + ')' # empty peer=()
- + '|' # or
- + '(' + r'name\s*=\s*' + RE_PROFILE_NAME % 'peername1' + ')' # only peer name (match group peername1)
- + '|' # or
- + '(' r'label\s*=\s*' + RE_PROFILE_NAME % 'peerlabel1' + ')' # only peer label (match group peerlabel1)
- + '|' # or
- + '(' + r'name\s*=\s*' + RE_PROFILE_NAME % 'peername2' + r'(,|\s)+' + r'label\s*=\s*' + RE_PROFILE_NAME % 'peerlabel2' + ')' # peer name + label (match name peername2/peerlabel2)
- + '|' # or
- + '(' + r'label\s*=\s*' + RE_PROFILE_NAME % 'peerlabel3' + r'(,|\s)+' + r'name\s*=\s*' + RE_PROFILE_NAME % 'peername3' + ')' # peer label + name (match name peername3/peerlabel3)
- + ')'
+ + '(' # noqa: E131
+ + '(' + r'(,|\s)*' + ')' # empty peer=() # noqa: E131
+ + '|' # or # noqa: E131
+ + '(' + r'name\s*=\s*' + RE_PROFILE_NAME % 'peername1' + ')' # only peer name (match group peername1) # noqa: E131
+ + '|' # or # noqa: E131
+ + '(' r'label\s*=\s*' + RE_PROFILE_NAME % 'peerlabel1' + ')' # only peer label (match group peerlabel1) # noqa: E131
+ + '|' # or # noqa: E131
+ + '(' + r'name\s*=\s*' + RE_PROFILE_NAME % 'peername2' + r'(,|\s)+' + r'label\s*=\s*' + RE_PROFILE_NAME % 'peerlabel2' + ')' # peer name + label (match name peername2/peerlabel2) # noqa: E131,E221
+ + '|' # or # noqa: E131
+ + '(' + r'label\s*=\s*' + RE_PROFILE_NAME % 'peerlabel3' + r'(,|\s)+' + r'name\s*=\s*' + RE_PROFILE_NAME % 'peername3' + ')' # peer label + name (match name peername3/peerlabel3) # noqa: E131,E221
+ + ')' # noqa: E131
+ r'(,|\s)*\)))?'
+ '){0,6}'
+ r'\s*$')
@@ -77,6 +77,7 @@ class DbusRule(BaseRule):
ALL = __DbusAll
rule_name = 'dbus'
+ _match_re = RE_PROFILE_DBUS
def __init__(self, access, bus, path, name, interface, member, peername, peerlabel,
audit=False, deny=False, allow_keyword=False, comment='', log_event=None):
@@ -84,18 +85,18 @@ class DbusRule(BaseRule):
super().__init__(audit=audit, deny=deny, allow_keyword=allow_keyword,
comment=comment, log_event=log_event)
- self.access, self.all_access, unknown_items = check_and_split_list(access, access_keywords, DbusRule.ALL, 'DbusRule', 'access')
+ self.access, self.all_access, unknown_items = check_and_split_list(access, access_keywords, self.ALL, type(self).__name__, 'access')
if unknown_items:
- raise AppArmorException(_('Passed unknown access keyword to DbusRule: %s') % ' '.join(unknown_items))
+ raise AppArmorException(_('Passed unknown access keyword to %s: %s') % (type(self).__name__, ' '.join(unknown_items)))
# rulepart partname is_path log_event
- self.bus, self.all_buses = self._aare_or_all(bus, 'bus', False, log_event)
- self.path, self.all_paths = self._aare_or_all(path, 'path', True, log_event)
- self.name, self.all_names = self._aare_or_all(name, 'name', False, log_event)
- self.interface, self.all_interfaces = self._aare_or_all(interface, 'interface', False, log_event)
- self.member, self.all_members = self._aare_or_all(member, 'member', False, log_event)
- self.peername, self.all_peernames = self._aare_or_all(peername, 'peer name', False, log_event)
- self.peerlabel, self.all_peerlabels = self._aare_or_all(peerlabel, 'peer label', False, log_event)
+ self.bus, self.all_buses = self._aare_or_all(bus, 'bus', False, log_event) # noqa: E221
+ self.path, self.all_paths = self._aare_or_all(path, 'path', True, log_event) # noqa: E221
+ self.name, self.all_names = self._aare_or_all(name, 'name', False, log_event) # noqa: E221
+ self.interface, self.all_interfaces = self._aare_or_all(interface, 'interface', False, log_event) # noqa: E221
+ self.member, self.all_members = self._aare_or_all(member, 'member', False, log_event) # noqa: E221
+ self.peername, self.all_peernames = self._aare_or_all(peername, 'peer name', False, log_event) # noqa: E221
+ self.peerlabel, self.all_peerlabels = self._aare_or_all(peerlabel, 'peer label', False, log_event) # noqa: E221
# not all combinations are allowed
if self.access and 'bind' in self.access and (self.path or self.interface or self.member or self.peername or self.peerlabel):
@@ -108,16 +109,8 @@ class DbusRule(BaseRule):
raise AppArmorException(_('dbus %s rules must not contain a name conditional') % '/'.join(self.access))
@classmethod
- def _match(cls, raw_rule):
- return RE_PROFILE_DBUS.search(raw_rule)
-
- @classmethod
- def _parse(cls, raw_rule):
- """parse raw_rule and return DbusRule"""
-
- matches = cls._match(raw_rule)
- if not matches:
- raise AppArmorException(_("Invalid dbus rule '%s'") % raw_rule)
+ def _create_instance(cls, raw_rule, matches):
+ """parse raw_rule and return instance of this class"""
audit, deny, allow_keyword, comment = parse_modifiers(matches)
@@ -135,34 +128,34 @@ class DbusRule(BaseRule):
access = strip_parenthesis(details.group('access'))
access = access.replace(',', ' ').split() # split by ',' or whitespace
if not access: # XXX that happens for "dbus ( )," rules - correct behaviour? (also: same for signal rules?)
- access = DbusRule.ALL
+ access = cls.ALL
else:
- access = DbusRule.ALL
+ access = cls.ALL
if details.group('bus'):
bus = strip_parenthesis(strip_quotes(details.group('bus')))
else:
- bus = DbusRule.ALL
+ bus = cls.ALL
if details.group('path'):
path = strip_parenthesis(strip_quotes(details.group('path')))
else:
- path = DbusRule.ALL
+ path = cls.ALL
if details.group('name'):
name = strip_parenthesis(strip_quotes(details.group('name')))
else:
- name = DbusRule.ALL
+ name = cls.ALL
if details.group('interface'):
interface = strip_parenthesis(strip_quotes(details.group('interface')))
else:
- interface = DbusRule.ALL
+ interface = cls.ALL
if details.group('member'):
member = strip_parenthesis(strip_quotes(details.group('member')))
else:
- member = DbusRule.ALL
+ member = cls.ALL
if details.group('peername1'):
peername = strip_parenthesis(strip_quotes(details.group('peername1')))
@@ -171,7 +164,7 @@ class DbusRule(BaseRule):
elif details.group('peername3'):
peername = strip_parenthesis(strip_quotes(details.group('peername3')))
else:
- peername = DbusRule.ALL
+ peername = cls.ALL
if details.group('peerlabel1'):
peerlabel = strip_parenthesis(strip_quotes(details.group('peerlabel1')))
@@ -180,20 +173,20 @@ class DbusRule(BaseRule):
elif details.group('peerlabel3'):
peerlabel = strip_parenthesis(strip_quotes(details.group('peerlabel3')))
else:
- peerlabel = DbusRule.ALL
+ peerlabel = cls.ALL
else:
- access = DbusRule.ALL
- bus = DbusRule.ALL
- path = DbusRule.ALL
- name = DbusRule.ALL
- interface = DbusRule.ALL
- member = DbusRule.ALL
- peername = DbusRule.ALL
- peerlabel = DbusRule.ALL
-
- return DbusRule(access, bus, path, name, interface, member, peername, peerlabel,
- audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
+ access = cls.ALL
+ bus = cls.ALL
+ path = cls.ALL
+ name = cls.ALL
+ interface = cls.ALL
+ member = cls.ALL
+ peername = cls.ALL
+ peerlabel = cls.ALL
+
+ return cls(access, bus, path, name, interface, member, peername, peerlabel,
+ audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
def get_clean(self, depth=0):
"""return rule (in clean/default formatting)"""
@@ -210,14 +203,14 @@ class DbusRule(BaseRule):
else:
raise AppArmorBug('Empty access in dbus rule')
- bus = self._get_aare_rule_part('bus', self.bus, self.all_buses)
- path = self._get_aare_rule_part('path', self.path, self.all_paths)
- name = self._get_aare_rule_part('name', self.name, self.all_names)
- interface = self._get_aare_rule_part('interface', self.interface, self.all_interfaces)
- member = self._get_aare_rule_part('member', self.member, self.all_members)
+ bus = self._get_aare_rule_part('bus', self.bus, self.all_buses) # noqa: E221
+ path = self._get_aare_rule_part('path', self.path, self.all_paths) # noqa: E221
+ name = self._get_aare_rule_part('name', self.name, self.all_names) # noqa: E221
+ interface = self._get_aare_rule_part('interface', self.interface, self.all_interfaces) # noqa: E221
+ member = self._get_aare_rule_part('member', self.member, self.all_members) # noqa: E221
- peername = self._get_aare_rule_part('name', self.peername, self.all_peernames)
- peerlabel = self._get_aare_rule_part('label', self.peerlabel, self.all_peerlabels)
+ peername = self._get_aare_rule_part('name', self.peername, self.all_peernames) # noqa: E221
+ peerlabel = self._get_aare_rule_part('label', self.peerlabel, self.all_peerlabels) # noqa: E221
peer = peername + peerlabel
if peer:
peer = ' peer=(%s)' % peer.strip()
@@ -234,7 +227,7 @@ class DbusRule(BaseRule):
else:
raise AppArmorBug('Empty %(prefix_name)s in %(rule_name)s rule' % {'prefix_name': prefix, 'rule_name': self.rule_name})
- def is_covered_localvars(self, other_rule):
+ def _is_covered_localvars(self, other_rule):
"""check if other_rule is covered by this rule object"""
if not self._is_covered_list(self.access, self.all_access, other_rule.access, other_rule.all_access, 'access'):
@@ -264,12 +257,9 @@ class DbusRule(BaseRule):
# still here? -> then it is covered
return True
- def is_equal_localvars(self, rule_obj, strict):
+ def _is_equal_localvars(self, rule_obj, strict):
"""compare if rule-specific variables are equal"""
- if not type(rule_obj) == DbusRule:
- raise AppArmorBug('Passed non-dbus rule: %s' % str(rule_obj))
-
if (self.access != rule_obj.access
or self.all_access != rule_obj.all_access):
return False
@@ -297,26 +287,45 @@ class DbusRule(BaseRule):
return True
- def logprof_header_localvars(self):
- access = logprof_value_or_all(self.access, self.all_access)
- bus = logprof_value_or_all(self.bus, self.all_buses)
- path = logprof_value_or_all(self.path, self.all_paths)
- name = logprof_value_or_all(self.name, self.all_names)
- interface = logprof_value_or_all(self.interface, self.all_interfaces)
- member = logprof_value_or_all(self.member, self.all_members)
- peername = logprof_value_or_all(self.peername, self.all_peernames)
- peerlabel = logprof_value_or_all(self.peerlabel, self.all_peerlabels)
-
- return [
- _('Access mode'), access,
- _('Bus'), bus,
- _('Path'), path,
- _('Name'), name,
- _('Interface'), interface,
- _('Member'), member,
- _('Peer name'), peername,
- _('Peer label'), peerlabel,
- ]
+ def _logprof_header_localvars(self):
+ access = logprof_value_or_all(self.access, self.all_access) # noqa: E221
+ bus = logprof_value_or_all(self.bus, self.all_buses) # noqa: E221
+ path = logprof_value_or_all(self.path, self.all_paths) # noqa: E221
+ name = logprof_value_or_all(self.name, self.all_names) # noqa: E221
+ interface = logprof_value_or_all(self.interface, self.all_interfaces)
+ member = logprof_value_or_all(self.member, self.all_members) # noqa: E221
+ peername = logprof_value_or_all(self.peername, self.all_peernames) # noqa: E221
+ peerlabel = logprof_value_or_all(self.peerlabel, self.all_peerlabels)
+
+ return (
+ _('Access mode'), access,
+ _('Bus'), bus,
+ _('Path'), path,
+ _('Name'), name,
+ _('Interface'), interface,
+ _('Member'), member,
+ _('Peer name'), peername,
+ _('Peer label'), peerlabel,
+ )
+
+ @staticmethod
+ def hashlog_from_event(hl, e):
+ hl[e['denied_mask']][e['bus']][e['path']][e['name']][e['interface']][e['member']][e['peer_profile']] = True
+
+ @classmethod
+ def from_hashlog(cls, hl):
+ for access, bus, path, name, interface, member, peer_profile in BaseRule.generate_rules_from_hashlog(hl, 7):
+ # Depending on the access type, not all parameters are allowed.
+ # Ignore them, even if some of them appear in the log.
+ # Also, the log doesn't provide a peer name, therefore always use ALL.
+ if access in ('send', 'receive'):
+ yield cls(access, bus, path, cls.ALL, interface, member, cls.ALL, peer_profile, log_event=True)
+ elif access == 'bind':
+ yield cls(access, bus, cls.ALL, name, cls.ALL, cls.ALL, cls.ALL, cls.ALL, log_event=True)
+ elif access == 'eavesdrop':
+ yield cls(access, bus, cls.ALL, cls.ALL, cls.ALL, cls.ALL, cls.ALL, cls.ALL, log_event=True)
+ else:
+ raise AppArmorBug('unexpected dbus access: {}'.format(access))
class DbusRuleset(BaseRuleset):
diff --git a/utils/apparmor/rule/file.py b/utils/apparmor/rule/file.py
index 425e466ea59657114b238bb0ac38b9dedcbf63ad..6a92a82da66da930e6be6072f71b6a8615d1cb6c 100644
--- a/utils/apparmor/rule/file.py
+++ b/utils/apparmor/rule/file.py
@@ -26,6 +26,7 @@ allow_exec_transitions = ('ix', 'ux', 'Ux', 'px', 'Px', 'cx', 'Cx') # 2 chars -
allow_exec_fallback_transitions = ('pix', 'Pix', 'cix', 'Cix', 'pux', 'PUx', 'cux', 'CUx') # 3 chars - len relevant for split_perms()
deny_exec_transitions = ('x')
file_permissions = ('m', 'r', 'w', 'a', 'l', 'k', 'link', 'subset') # also defines the write order
+implicit_all_permissions = ('m', 'r', 'w', 'l', 'k')
class FileRule(BaseRule):
@@ -43,10 +44,11 @@ class FileRule(BaseRule):
ANY_EXEC = __FileAnyExec
rule_name = 'file'
+ _match_re = RE_PROFILE_FILE_ENTRY
def __init__(self, path, perms, exec_perms, target, owner, file_keyword=False, leading_perms=False,
audit=False, deny=False, allow_keyword=False, comment='', log_event=None):
- """Initialize FileRule
+ """Initialize object
Parameters:
- path: string, AARE or FileRule.ALL
@@ -62,14 +64,14 @@ class FileRule(BaseRule):
comment=comment, log_event=log_event)
# rulepart partperms is_path log_event
- self.path, self.all_paths = self._aare_or_all(path, 'path', True, log_event)
+ self.path, self.all_paths = self._aare_or_all(path, 'path', True, log_event) # noqa: E221
self.target, self.all_targets = self._aare_or_all(target, 'target', False, log_event)
self.can_glob = not self.all_paths
self.can_glob_ext = not self.all_paths
self.can_edit = not self.all_paths
- if type(perms) is str:
+ if isinstance(perms, str):
perms, tmp_exec_perms = split_perms(perms, deny)
if tmp_exec_perms:
raise AppArmorBug('perms must not contain exec perms')
@@ -83,9 +85,9 @@ class FileRule(BaseRule):
self.all_perms = False
else:
self.perms, self.all_perms, unknown_items = check_and_split_list(
- perms, file_permissions, FileRule.ALL, 'FileRule', 'permissions', allow_empty_list=True)
+ perms, file_permissions, self.ALL, type(self).__name__, 'permissions', allow_empty_list=True)
if unknown_items:
- raise AppArmorBug('Passed unknown perms to FileRule: %s' % str(unknown_items))
+ raise AppArmorBug('Passed unknown perms to %s: %s' % (type(self).__name__, str(unknown_items)))
if self.perms and 'a' in self.perms and 'w' in self.perms:
raise AppArmorException("Conflicting permissions found: 'a' and 'w'")
@@ -97,7 +99,7 @@ class FileRule(BaseRule):
raise AppArmorBug("link rules can't have execute permissions")
elif exec_perms == self.ANY_EXEC:
self.exec_perms = exec_perms
- elif type(exec_perms) is str:
+ elif isinstance(exec_perms, str):
if deny:
if exec_perms != 'x':
raise AppArmorException(_("file deny rules only allow to use 'x' as execute mode, but not %s" % exec_perms))
@@ -108,18 +110,18 @@ class FileRule(BaseRule):
raise AppArmorBug('Unknown execute mode specified in file rule: %s' % exec_perms)
self.exec_perms = exec_perms
else:
- raise AppArmorBug('Passed unknown perms object to FileRule: %s' % str(perms))
+ raise AppArmorBug('Passed unknown perms object to %s: %s' % (type(self).__name__, str(perms)))
- if type(owner) is not bool:
+ if not isinstance(owner, bool):
raise AppArmorBug('non-boolean value passed to owner flag')
self.owner = owner
self.can_owner = owner # offer '(O)wner permissions on/off' buttons only if the rule has the owner flag
- if type(file_keyword) is not bool:
+ if not isinstance(file_keyword, bool):
raise AppArmorBug('non-boolean value passed to file keyword flag')
self.file_keyword = file_keyword
- if type(leading_perms) is not bool:
+ if not isinstance(leading_perms, bool):
raise AppArmorBug('non-boolean value passed to leading permissions flag')
self.leading_perms = leading_perms
@@ -133,16 +135,8 @@ class FileRule(BaseRule):
raise AppArmorBug('exec perms or target specified for bare file rule')
@classmethod
- def _match(cls, raw_rule):
- return RE_PROFILE_FILE_ENTRY.search(raw_rule)
-
- @classmethod
- def _parse(cls, raw_rule):
- """parse raw_rule and return FileRule"""
-
- matches = cls._match(raw_rule)
- if not matches:
- raise AppArmorException(_("Invalid file rule '%s'") % raw_rule)
+ def _create_instance(cls, raw_rule, matches):
+ """parse raw_rule and return instance of this class"""
audit, deny, allow_keyword, comment = parse_modifiers(matches)
@@ -159,7 +153,7 @@ class FileRule(BaseRule):
path = strip_quotes(matches.group('link_path'))
leading_perms = True
else:
- path = FileRule.ALL
+ path = cls.ALL
if matches.group('perms'):
perms = matches.group('perms')
@@ -176,7 +170,7 @@ class FileRule(BaseRule):
exec_perms = None
leading_perms = True
else:
- perms = FileRule.ALL
+ perms = cls.ALL
exec_perms = None
if matches.group('target'):
@@ -184,12 +178,12 @@ class FileRule(BaseRule):
elif matches.group('link_target'):
target = strip_quotes(matches.group('link_target'))
else:
- target = FileRule.ALL
+ target = cls.ALL
file_keyword = bool(matches.group('file_keyword'))
- return FileRule(path, perms, exec_perms, target, owner, file_keyword, leading_perms,
- audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
+ return cls(path, perms, exec_perms, target, owner, file_keyword, leading_perms,
+ audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
def get_clean(self, depth=0):
"""return rule (in clean/default formatting)"""
@@ -235,7 +229,7 @@ class FileRule(BaseRule):
if self.all_paths and self.all_perms and not path and not perms and not target:
return ('%s%s%sfile,%s' % (space, self.modifiers_str(), owner, self.comment)) # plain 'file,' rule
elif not self.all_paths and not self.all_perms and path and perms:
- return ('%s%s%s%s%s%s,%s' % (space, self.modifiers_str(), file_keyword, owner, path_and_perms, target, self.comment))
+ return ('%s%s%s%s%s%s,%s' % (space, self.modifiers_str(), owner, file_keyword, path_and_perms, target, self.comment))
else:
raise AppArmorBug('Invalid combination of path and perms in file rule - either specify path and perms, or none of them')
@@ -253,13 +247,13 @@ class FileRule(BaseRule):
perm_string = perm_string + perm
if exec_perms == self.ANY_EXEC:
- raise AppArmorBug("FileRule.ANY_EXEC can't be used for actual rules")
+ raise AppArmorBug(type(self).__name__ + ".ANY_EXEC can't be used for actual rules")
if exec_perms:
perm_string = perm_string + exec_perms
return perm_string
- def is_covered_localvars(self, other_rule):
+ def _is_covered_localvars(self, other_rule):
"""check if other_rule is covered by this rule object"""
if not self._is_covered_aare(self.path, self.all_paths, other_rule.path, other_rule.all_paths, 'path'):
@@ -310,12 +304,9 @@ class FileRule(BaseRule):
# still here? -> then it is covered
return True
- def is_equal_localvars(self, rule_obj, strict):
+ def _is_equal_localvars(self, rule_obj, strict):
"""compare if rule-specific variables are equal"""
- if not type(rule_obj) == FileRule:
- raise AppArmorBug('Passed non-file rule: %s' % str(rule_obj))
-
if self.owner != rule_obj.owner:
return False
@@ -358,7 +349,7 @@ class FileRule(BaseRule):
return severity
- def logprof_header_localvars(self):
+ def _logprof_header_localvars(self):
headers = []
path = logprof_value_or_all(self.path, self.all_paths)
@@ -366,9 +357,21 @@ class FileRule(BaseRule):
old_mode = ''
if self.original_perms:
- original_perms_all = self._join_given_perms(self.original_perms['allow']['all'], None)
+ original_perms_set = {}
+ for who in ['all', 'owner']:
+ original_perms_set[who] = {}
+ original_perms_set[who]['perms'] = self.original_perms['allow'][who]
+ original_perms_set[who]['exec_perms'] = None
+
+ if self.original_perms['allow'][who] == FileRule.ALL:
+ original_perms_set[who]['perms'] = set(implicit_all_permissions)
+ original_perms_set[who]['exec_perms'] = 'ix'
+
+ original_perms_all = self._join_given_perms(original_perms_set['all']['perms'],
+ original_perms_set['all']['exec_perms'])
original_perms_owner = self._join_given_perms(
- self.original_perms['allow']['owner'] - self.original_perms['allow']['all'], None) # only list owner perms that are not covered by other perms
+ original_perms_set['owner']['perms'] - original_perms_set['all']['perms'], # only list owner perms that are not covered by other perms
+ original_perms_set['owner']['exec_perms'])
if original_perms_all and original_perms_owner:
old_mode = '%s + owner %s' % (original_perms_all, original_perms_owner)
@@ -435,6 +438,68 @@ class FileRule(BaseRule):
self.path = AARE(newpath, True) # might raise AppArmorException if the new path doesn't start with / or a variable
self.raw_rule = None
+ @staticmethod
+ def hashlog_from_event(hl, e):
+ # FileRule can be of two types, "file" or "exec"
+ if e['operation'] == 'exec':
+ if not e['name']:
+ raise AppArmorException('exec without executed binary')
+
+ if not e['name2']:
+ e['name2'] = '' # exec events in enforce mode don't have target=...
+
+ hl[e['name']][e['name2']] = True
+ return
+
+ # Map c (create) and d (delete) to w (logging is more detailed than the profile language)
+ dmask = e['denied_mask']
+ dmask = dmask.replace('c', 'w')
+ dmask = dmask.replace('d', 'w')
+
+ owner = False
+
+ if '::' in dmask:
+ # old log styles used :: to indicate if permissions are meant for owner or other
+ (owner_d, other_d) = dmask.split('::')
+ if owner_d and other_d:
+ raise AppArmorException(
+ 'Found log event with both owner and other permissions. Please open a bugreport!')
+ if owner_d:
+ dmask = owner_d
+ owner = True
+ else:
+ dmask = other_d
+
+ if e.get('ouid') is not None and e['fsuid'] == e['ouid']:
+ # in current log style, owner permissions are indicated by a match of fsuid and ouid
+ owner = True
+
+ if 'x' in dmask and dmask != 'x':
+ dmask = dmask.replace('x', '') # if dmask contains x and another mode, drop x here - we should see a separate exec event
+
+ for perm in dmask:
+ if perm in 'mrwalk': # intentionally not allowing 'x' here
+ hl[e['name']][owner][perm] = True
+ else:
+ raise AppArmorException(_('Log contains unknown mode %s') % dmask)
+
+ @classmethod
+ def from_hashlog(cls, hl):
+ for h1, h2 in BaseRule.generate_rules_from_hashlog(hl, 2):
+ # FileRule can be either a 'normal' or an 'exec' file rule. These rules are encoded in hashlog differently.
+ if hl[h1][h2] is True: # Exec Rule
+ name = h1
+ yield FileRule(name, None, FileRule.ANY_EXEC, FileRule.ALL, owner=False, log_event=True)
+ else:
+ path = h1
+ owner = h2
+ mode = set(hl[path][owner].keys())
+ # logparser sums up multiple log events, so both 'a' and 'w' can be present
+ if 'a' in mode and 'w' in mode:
+ mode.remove('a')
+ yield cls(path, mode, None, FileRule.ALL, owner=owner, log_event=True)
+ # TODO: check for existing rules with this path, and merge them into one rule
+
class FileRuleset(BaseRuleset):
"""Class to handle and store a collection of file rules"""
@@ -445,7 +510,7 @@ class FileRuleset(BaseRuleset):
If audit is True, only return rules with the audit flag set.
If deny is True, only return matching deny rules"""
- matching_rules = FileRuleset()
+ matching_rules = type(self)()
for rule in self.rules:
if (rule.all_paths or rule.path.match(path)) and ((not deny) or rule.deny) and ((not audit) or rule.audit):
matching_rules.add(rule)
@@ -510,7 +575,7 @@ class FileRuleset(BaseRuleset):
"""Get all rules matching the given path that contain exec permissions
path can be str or AARE"""
- matches = FileRuleset()
+ matches = type(self)()
for rule in self.get_rules_for_path(path).rules:
if rule.exec_perms:
@@ -524,7 +589,7 @@ class FileRuleset(BaseRuleset):
def get_exec_conflict_rules(self, oldrule):
"""check if one of the exec rules conflict with oldrule. If yes, return the conflicting rules."""
- conflictingrules = FileRuleset()
+ conflictingrules = type(self)()
if oldrule.exec_perms:
execrules = self.get_exec_rules_for_path(oldrule.path)
@@ -573,10 +638,10 @@ def perms_with_a(perms):
"""if perms includes 'w', add 'a' perms
- perms: the original permissions
"""
- perms_with_a = set()
- if perms:
- perms_with_a = set(perms)
- if 'w' in perms_with_a:
- perms_with_a.add('a')
+ if not perms or 'w' not in perms:
+ return perms # no need to change anything
+
+ perms_with_a = set(perms)
+ perms_with_a.add('a')
return perms_with_a
diff --git a/utils/apparmor/rule/include.py b/utils/apparmor/rule/include.py
index e1eea7e35aff76009a954a68dd592d99fc4928b1..6ade58874bfc5696cc8376f1ec0b4ddb4a739659 100644
--- a/utils/apparmor/rule/include.py
+++ b/utils/apparmor/rule/include.py
@@ -13,7 +13,7 @@
# ----------------------------------------------------------------------
import os
-from apparmor.common import AppArmorBug, AppArmorException, is_skippable_file
+from apparmor.common import AppArmorBug, is_skippable_file
from apparmor.regex import RE_INCLUDE, re_match_include_parse
from apparmor.rule import BaseRule, BaseRuleset, parse_comment
from apparmor.translations import init_translation
@@ -25,6 +25,7 @@ class IncludeRule(BaseRule):
"""Class to handle and store a single include rule"""
rule_name = 'include'
+ _match_re = RE_INCLUDE
def __init__(self, path, ifexists, ismagic, audit=False, deny=False, allow_keyword=False,
comment='', log_event=None):
@@ -38,11 +39,11 @@ class IncludeRule(BaseRule):
if deny:
raise AppArmorBug('Attempt to initialize %s with deny flag' % self.__class__.__name__)
- if type(ifexists) is not bool:
+ if not isinstance(ifexists, bool):
raise AppArmorBug('Passed unknown type for ifexists to %s: %s' % (self.__class__.__name__, ifexists))
- if type(ismagic) is not bool:
+ if not isinstance(ismagic, bool):
raise AppArmorBug('Passed unknown type for ismagic to %s: %s' % (self.__class__.__name__, ismagic))
- if type(path) is not str:
+ if not isinstance(path, str):
raise AppArmorBug('Passed unknown type for path to %s: %s' % (self.__class__.__name__, path))
if not path:
raise AppArmorBug('Passed empty path to %s: %s' % (self.__class__.__name__, path))
@@ -52,16 +53,8 @@ class IncludeRule(BaseRule):
self.ismagic = ismagic
@classmethod
- def _match(cls, raw_rule):
- return RE_INCLUDE.search(raw_rule)
-
- @classmethod
- def _parse(cls, raw_rule):
- """parse raw_rule and return IncludeRule"""
-
- matches = cls._match(raw_rule)
- if not matches:
- raise AppArmorException(_("Invalid %s rule '%s'") % (cls.rule_name, raw_rule))
+ def _create_instance(cls, raw_rule, matches):
+ """parse raw_rule and return instance of this class"""
comment = parse_comment(matches)
@@ -85,7 +78,7 @@ class IncludeRule(BaseRule):
else:
return ('%s%s%s "%s"%s' % (space, self.rule_name, ifexists_txt, self.path, self.comment))
- def is_covered_localvars(self, other_rule):
+ def _is_covered_localvars(self, other_rule):
"""check if other_rule is covered by this rule object"""
if (self.path != other_rule.path):
@@ -100,25 +93,22 @@ class IncludeRule(BaseRule):
# still here? -> then it is covered
return True
- def is_equal_localvars(self, rule_obj, strict):
+ def _is_equal_localvars(self, rule_obj, strict):
"""compare if rule-specific variables are equal"""
- if not type(rule_obj) == type(self):
- raise AppArmorBug('Passed non-%s rule: %s' % (self.rule_name, str(rule_obj)))
-
- if (self.path != rule_obj.path):
+ if self.path != rule_obj.path:
return False
- if (self.ifexists != rule_obj.ifexists):
+ if self.ifexists != rule_obj.ifexists:
return False
- if (self.ismagic != rule_obj.ismagic):
+ if self.ismagic != rule_obj.ismagic:
return False
return True
- def logprof_header_localvars(self):
- return [_('Include'), self.get_clean()]
+ def _logprof_header_localvars(self):
+ return _('Include'), self.get_clean()
def get_full_paths(self, profile_dir):
"""get list of full paths of an include (can contain multiple paths if self.path is a directory)"""
diff --git a/utils/apparmor/rule/io_uring.py b/utils/apparmor/rule/io_uring.py
new file mode 100644
index 0000000000000000000000000000000000000000..599f99e86291f05c2534bf08851debd1c01e8924
--- /dev/null
+++ b/utils/apparmor/rule/io_uring.py
@@ -0,0 +1,174 @@
+# ----------------------------------------------------------------------
+# Copyright (C) 2023 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+import re
+
+from apparmor.regex import RE_PROFILE_IO_URING, RE_PROFILE_NAME
+from apparmor.common import AppArmorBug, AppArmorException
+from apparmor.rule import BaseRule, BaseRuleset, check_and_split_list, logprof_value_or_all, parse_modifiers, quote_if_needed
+
+# setup module translations
+from apparmor.translations import init_translation
+_ = init_translation()
+
+
+access_keywords = ['sqpoll', 'override_creds']
+
+joint_access_keyword = r'\s*(' + '|'.join(access_keywords) + r')\s*'
+RE_ACCESS_KEYWORDS = (joint_access_keyword # one of the access_keyword or
+ + '|' # or
+ + r'\(' + joint_access_keyword + '(' + r'(\s|,)+' + joint_access_keyword + ')*' + r'\)' # one or more access_keyword in (...)
+ )
+RE_IO_URING_DETAILS = re.compile(
+ r'^'
+ + r'(\s+(?P<access>' + RE_ACCESS_KEYWORDS + r'))?' # optional access keyword(s)
+ + r'(\s+(label\s*=\s*' + RE_PROFILE_NAME % 'label' + r'))?' # optional label
+ + r'\s*$')
+
+
+class IOUringRule(BaseRule):
+ '''Class to handle and store a single io_uring rule'''
+
+ # Nothing external should reference this class, all external users
+ # should reference the class field IOUringRule.ALL
+ class __IOUringAll(object):
+ pass
+
+ ALL = __IOUringAll
+
+ rule_name = 'io_uring'
+ _match_re = RE_PROFILE_IO_URING
+
+ def __init__(self, access, label, audit=False, deny=False,
+ allow_keyword=False, comment='', log_event=None):
+
+ super().__init__(audit=audit, deny=deny,
+ allow_keyword=allow_keyword,
+ comment=comment,
+ log_event=log_event)
+
+ self.access, self.all_access, unknown_items = check_and_split_list(access, access_keywords, self.ALL, type(self).__name__, 'access')
+ if unknown_items:
+ raise AppArmorException(_('Passed unknown access keyword to %s: %s') % (type(self).__name__, ' '.join(unknown_items)))
+
+ self.label, self.all_labels = self._aare_or_all(label, 'label', is_path=False, log_event=log_event)
+
+ @classmethod
+ def _create_instance(cls, raw_rule, matches):
+ '''parse raw_rule and return instance of this class'''
+
+ audit, deny, allow_keyword, comment = parse_modifiers(matches)
+
+ rule_details = ''
+ if matches.group('details'):
+ rule_details = matches.group('details')
+
+ if rule_details:
+ details = RE_IO_URING_DETAILS.search(rule_details)
+ if not details:
+ raise AppArmorException(_("Invalid or unknown keywords in 'io_uring %s" % rule_details))
+
+ if details.group('access'):
+ access = details.group('access')
+ if access.startswith('(') and access.endswith(')'):
+ access = access[1:-1]
+ access = access.replace(',', ' ').split() # split by ',' or whitespace
+ else:
+ access = cls.ALL
+
+ if details.group('label'):
+ label = details.group('label')
+ else:
+ label = cls.ALL
+ else:
+ access = cls.ALL
+ label = cls.ALL
+
+ return cls(access, label, audit=audit, deny=deny,
+ allow_keyword=allow_keyword, comment=comment)
+
+ def get_clean(self, depth=0):
+ '''return rule (in clean/default formatting)'''
+
+ space = ' ' * depth
+
+ if self.all_access:
+ access = ''
+ elif len(self.access) == 1:
+ access = ' %s' % ' '.join(self.access)
+ elif self.access:
+ access = ' (%s)' % ' '.join(sorted(self.access))
+ else:
+ raise AppArmorBug('Empty access in io_uring rule')
+
+ if self.all_labels:
+ label = ''
+ elif self.label:
+ label = ' label=%s' % quote_if_needed(self.label.regex)
+ else:
+ raise AppArmorBug('Empty label in io_uring rule')
+
+ return '%s%sio_uring%s%s,%s' % (space, self.modifiers_str(), access, label, self.comment)
+
+ def _is_covered_localvars(self, other_rule):
+ '''check if other_rule is covered by this rule object'''
+
+ if not self._is_covered_list(self.access, self.all_access, other_rule.access, other_rule.all_access, 'access'):
+ return False
+
+ if not self._is_covered_aare(self.label, self.all_labels, other_rule.label, other_rule.all_labels, 'label'):
+ return False
+
+ # still here? -> then it is covered
+ return True
+
+ def _is_equal_localvars(self, rule_obj, strict):
+ '''compare if rule-specific variables are equal'''
+
+ if (self.access != rule_obj.access or self.all_access != rule_obj.all_access):
+ return False
+
+ if not self._is_equal_aare(self.label, self.all_labels, rule_obj.label, rule_obj.all_labels, 'label'):
+ return False
+
+ return True
+
+ def _logprof_header_localvars(self):
+ access = logprof_value_or_all(self.access, self.all_access)
+ label = logprof_value_or_all(self.label, self.all_labels)
+
+ return (
+ _('Access mode'), access,
+ _('Label'), label,
+ )
+
+ @staticmethod
+ def hashlog_from_event(hl, e):
+ hl[e['denied_mask']][e['peer_profile']] = True
+
+ @classmethod
+ def from_hashlog(cls, hl):
+ for access, label in BaseRule.generate_rules_from_hashlog(hl, 2):
+ if not label:
+ label = IOUringRule.ALL
+ yield cls(access, label, log_event=True)
+
+
+class IOUringRuleset(BaseRuleset):
+ '''Class to handle and store a collection of io_uring rules'''
+
+ def get_glob(self, path_or_rule):
+ '''Return the next possible glob. For io_uring rules, that means removing access and label'''
+ # XXX only remove one part, not all
+ return 'io_uring,'
diff --git a/utils/apparmor/rule/mount.py b/utils/apparmor/rule/mount.py
new file mode 100644
index 0000000000000000000000000000000000000000..dd09ad24dd63a94e15cdc5b04189c5923b7a2564
--- /dev/null
+++ b/utils/apparmor/rule/mount.py
@@ -0,0 +1,361 @@
+# ----------------------------------------------------------------------
+# Copyright (C) 2024 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+import re
+
+from apparmor.common import AppArmorBug, AppArmorException
+
+from apparmor.regex import RE_PROFILE_MOUNT, strip_parenthesis, strip_quotes
+from apparmor.rule import AARE
+from apparmor.rule import BaseRule, BaseRuleset, parse_modifiers, logprof_value_or_all, check_and_split_list
+
+from apparmor.translations import init_translation
+
+_ = init_translation()
+
+# TODO : Apparmor remount logs are displayed as mount (with remount flag). Profiles generated with aa-genprof are therefore mount rules. It could be interesting to make them remount rules.
+
+flags_bind_mount = {'B', 'bind', 'R', 'rbind'}
+flags_change_propagation = {
+ 'remount', 'unbindable', 'shared', 'private', 'slave', 'runbindable', 'rshared', 'rprivate', 'rslave',
+ 'make-unbindable', 'make-shared', 'make-private', 'make-slave', 'make-runbindable', 'make-rshared', 'make-rprivate',
+ 'make-rslave'
+}
+# keep in sync with parser/mount.cc mnt_opts_table!
+flags_keywords = list(flags_bind_mount) + list(flags_change_propagation) + [
+ 'ro', 'r', 'read-only', 'rw', 'w', 'suid', 'nosuid', 'dev', 'nodev', 'exec', 'noexec', 'sync', 'async', 'mand',
+ 'nomand', 'dirsync', 'symfollow', 'nosymfollow', 'atime', 'noatime', 'diratime', 'nodiratime', 'move', 'M',
+ 'verbose', 'silent', 'loud', 'acl', 'noacl', 'relatime', 'norelatime', 'iversion', 'noiversion', 'strictatime',
+ 'nostrictatime', 'lazytime', 'nolazytime', 'user', 'nouser', '([A-Za-z0-9])',
+]
+join_valid_flags = '|'.join(flags_keywords)
+
+sep = r'\s*[\s,]\s*'
+
+# We aim to be a bit more restrictive than \S+ used in regex.py
+FS_AARE = r'([][".*@{}\w^-]+)'
+
+fs_type_pattern = r'\b(?P<fstype_or_vfstype>fstype|vfstype)\b\s*(?P<fstype_equals_or_in>=|in)\s*'\
+ r'(?P<fstype>\(\s*(' + FS_AARE + r')(' + sep + r'(' + FS_AARE + r'))*\s*\)|'\
+ r'\{\s*(' + FS_AARE + r')(' + sep + r'(' + FS_AARE + r'))*\s*\}|(\s*' + FS_AARE + r'))'\
+
+
+option_pattern = r'\s*(\boption(s?)\b\s*(?P<options_equals_or_in>=|in)\s*'\
+ r'(?P<options>\(\s*(' + join_valid_flags + r')(' + sep + r'(' + join_valid_flags + r'))*\s*\)|' \
+ r'(\s*' + join_valid_flags + r')'\
+ r'))?'
+mount_condition_pattern = rf'({fs_type_pattern})?\s*({option_pattern})?'
+
+# Source can either be
+# - A path : /foo
+# - A globbed Path : {,/usr}/lib{,32,64,x32}/modules/
+# - A filesystem : sysfs (sudo mount -t tmpfs tmpfs /tmp/bar)
+# - Any label : mntlabel (sudo mount -t tmpfs mntlabel /tmp/bar)
+# Thus we cannot use directly RE_PROFILE_PATH_OR_VAR
+# Destination can also be
+# - A path : /foo
+# - A globbed Path : **
+
+glob_pattern = r'(\s*(?P<%s>(([/{]|\*\*)\S*|"([/{]|\*\*)[^"]*"|@{\S+}\S*|"@{\S+}[^"]*"|"")|\w+))'
+source_fileglob_pattern = glob_pattern % 'source_file'
+dest_fileglob_pattern = glob_pattern % 'dest_file'
+
+RE_MOUNT_DETAILS = re.compile(r'^\s*' + mount_condition_pattern + rf'(\s+{source_fileglob_pattern})?' + rf'(\s+->\s+{dest_fileglob_pattern})?\s*' + r'$')
+RE_UMOUNT_DETAILS = re.compile(r'^\s*' + mount_condition_pattern + rf'(\s+{dest_fileglob_pattern})?\s*' + r'$')
+
+
+class MountRule(BaseRule):
+ '''Class to handle and store a single mount rule'''
+
+ # Nothing external should reference this class, all external users
+ # should reference the class field MountRule.ALL
+ class __MountAll(object):
+ pass
+
+ ALL = __MountAll
+
+ rule_name = 'mount'
+ _match_re = RE_PROFILE_MOUNT
+
+ def __init__(self, operation, fstype, options, source, dest, audit=False, deny=False, allow_keyword=False, comment='', log_event=None):
+
+ super().__init__(audit=audit, deny=deny,
+ allow_keyword=allow_keyword,
+ comment=comment,
+ log_event=log_event)
+
+ self.operation = operation
+
+ if fstype == self.ALL or fstype[1] == self.ALL:
+ self.all_fstype = True
+ self.fstype = None
+ self.is_fstype_equal = None
+ else:
+ self.all_fstype = False
+ for it in fstype[1]:
+ aare_len, unused = parse_aare(it, 0, 'fstype')
+ if aare_len != len(it):
+ raise AppArmorException(f'Invalid aare : {it}')
+ self.fstype = fstype[1]
+ self.is_fstype_equal = fstype[0]
+
+ self.options, self.all_options, unknown_items = check_and_split_list(options[1] if options != self.ALL else options, flags_keywords, self.ALL, type(self).__name__, 'options')
+ if unknown_items:
+ raise AppArmorException(_('Passed unknown options keyword to %s: %s') % (type(self).__name__, ' '.join(unknown_items)))
+ self.is_options_equal = options[0] if not self.all_options else None
+
+ self.source, self.all_source = self._aare_or_all(source, 'source', is_path=False, log_event=log_event, empty_ok=True)
+ self.dest, self.all_dest = self._aare_or_all(dest, 'dest', is_path=False, log_event=log_event)
+
+ if not self.all_fstype and self.is_fstype_equal not in ('=', 'in'):
+ raise AppArmorBug(f'Invalid is_fstype_equal : {self.is_fstype_equal}')
+ if not self.all_options and self.is_options_equal not in ('=', 'in'):
+ raise AppArmorBug(f'Invalid is_options_equal : {self.is_options_equal}')
+ if self.operation != 'mount' and not self.all_source:
+ raise AppArmorException(f'Operation {self.operation} cannot have a source')
+
+ if self.operation == 'mount' and not self.all_options and flags_change_propagation & self.options != set():
+ if not (self.all_source or self.all_dest):
+ raise AppArmorException(f'Operation {flags_change_propagation & self.options} cannot specify a source. Source = {self.source}')
+ elif not self.all_fstype:
+ raise AppArmorException(f'Operation {flags_change_propagation & self.options} cannot specify a fstype. Fstype = {self.fstype}')
+
+ if self.operation == 'mount' and not self.all_options and flags_bind_mount & self.options != set() and not self.all_fstype:
+ raise AppArmorException(f'Bind mount rules cannot specify a fstype. Fstype = {self.fstype}')
+
+ self.can_glob = not self.all_source and not self.all_dest and not self.all_options
+
+ @classmethod
+ def _create_instance(cls, raw_rule, matches):
+ '''parse raw_rule and return instance of this class'''
+
+ audit, deny, allow_keyword, comment = parse_modifiers(matches)
+
+ operation = matches.group('operation')
+
+ rule_details = ''
+ if matches.group('details'):
+ rule_details = matches.group('details')
+
+ if operation == 'mount':
+ parsed = RE_MOUNT_DETAILS.search(rule_details)
+ else:
+ parsed = RE_UMOUNT_DETAILS.search(rule_details)
+
+ r = parsed.groupdict() if parsed else None
+ if not r:
+ raise AppArmorException('Can\'t parse mount rule ' + raw_rule)
+
+ if r['fstype'] is not None:
+ is_fstype_equal = r['fstype_equals_or_in']
+ fstype = parse_aare_list(strip_parenthesis(r['fstype']), 'fstype')
+ else:
+ is_fstype_equal = None
+ fstype = cls.ALL
+
+ if r['options'] is not None:
+ is_options_equal = r['options_equals_or_in']
+ options = strip_parenthesis(r['options']).replace(',', ' ').split()
+ else:
+ is_options_equal = None
+ options = cls.ALL
+
+ if operation == 'mount' and r['source_file'] is not None: # Umount cannot have a source
+ source = strip_quotes(r['source_file'])
+ else:
+ source = cls.ALL
+
+ if r['dest_file'] is not None:
+ dest = strip_quotes(r['dest_file'])
+ else:
+ dest = cls.ALL
+
+ else:
+ is_fstype_equal = None
+ is_options_equal = None
+ fstype = cls.ALL
+ options = cls.ALL
+ source = cls.ALL
+ dest = cls.ALL
+
+ return cls(operation=operation, fstype=(is_fstype_equal, fstype), options=(is_options_equal, options), source=source, dest=dest, audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
+
+ def get_clean(self, depth=0):
+ space = ' ' * depth
+
+ fstype = ' fstype%s(%s)' % (wrap_in_with_spaces(self.is_fstype_equal), ', '.join(sorted(self.fstype))) if not self.all_fstype else ''
+ options = ' options%s(%s)' % (wrap_in_with_spaces(self.is_options_equal), ', '.join(sorted(self.options))) if not self.all_options else ''
+
+ source = ''
+ dest = ''
+
+ if self.operation == 'mount':
+ if not self.all_source:
+ source = ' ' + str(self.source.regex)
+
+ if not self.all_dest:
+ dest = ' -> ' + str(self.dest.regex)
+
+ else:
+ if not self.all_dest:
+ dest = ' ' + str(self.dest.regex)
+
+ return ('%s%s%s%s%s%s%s,%s' % (self.modifiers_str(),
+ space,
+ self.operation,
+ fstype,
+ options,
+ source,
+ dest,
+ self.comment,
+ ))
+
+ def _is_covered_localvars(self, other_rule):
+ if self.operation != other_rule.operation:
+ return False
+ if self.is_fstype_equal != other_rule.is_fstype_equal:
+ return False
+ if self.is_options_equal != other_rule.is_options_equal:
+ return False
+
+ for o_it in other_rule.fstype or []:
+ found = False
+ for s_it in self.fstype or []:
+ if self._is_covered_aare(AARE(s_it, False), self.all_fstype, AARE(o_it, False), other_rule.all_fstype, 'fstype'):
+ found = True
+
+ if not found:
+ return False
+ if not self._is_covered_list(self.options, self.all_options, other_rule.options, other_rule.all_options, 'options'):
+ return False
+ if not self._is_covered_aare(self.source, self.all_source, other_rule.source, other_rule.all_source, 'source'):
+ return False
+ if not self._is_covered_aare(self.dest, self.all_dest, other_rule.dest, other_rule.all_dest, 'dest'):
+ return False
+
+ return True
+
+ def _is_equal_localvars(self, rule_obj, strict):
+ if self.operation != rule_obj.operation:
+ return False
+ if self.is_fstype_equal != rule_obj.is_fstype_equal:
+ return False
+ if self.is_options_equal != rule_obj.is_options_equal:
+ return False
+ if self.fstype != rule_obj.fstype or self.options != rule_obj.options:
+ return False
+ if not self._is_equal_aare(self.source, self.all_source, rule_obj.source, rule_obj.all_source, 'source'):
+ return False
+ if not self._is_equal_aare(self.dest, self.all_dest, rule_obj.dest, rule_obj.all_dest, 'dest'):
+ return False
+
+ return True
+
+ @staticmethod
+ def hashlog_from_event(hl, e):
+ if e['flags'] is not None:
+ e['flags'] = ('=', e['flags'])
+ if e['fs_type'] is not None:
+ e['fs_type'] = ('=', e['fs_type'])
+ if e['operation'] == 'mount':
+ hl[e['operation']][e['flags']][e['fs_type']][e['name']][e['src_name']] = True
+ else: # Umount
+ hl[e['operation']][e['flags']][e['fs_type']][e['name']][None] = True
+
+ @classmethod
+ def from_hashlog(cls, hl):
+ for operation, options, fstype, dest, source in cls.generate_rules_from_hashlog(hl, 5):
+ _options = (options[0], options[1].split(', ')) if options is not None else MountRule.ALL
+ _fstype = (fstype[0], fstype[1].split(', ')) if fstype is not None else MountRule.ALL
+ _source = source if source is not None else MountRule.ALL
+ _dest = dest if dest is not None else MountRule.ALL
+ yield cls(operation=operation, fstype=_fstype, options=_options, source=_source, dest=_dest)
+
+ def glob(self):
+ '''Change path to next possible glob'''
+ if self.all_source and self.all_options:
+ return
+
+ if not self.all_dest:
+ self.all_dest = True
+ self.dest = self.ALL
+ elif not self.all_source and type(self.source) is not str:
+ self.source = self.source.glob_path()
+ if self.source.is_equal('/**/'):
+ self.all_source = True
+ self.source = self.ALL
+
+ else:
+ self.options = self.ALL
+ self.all_options = True
+ self.raw_rule = None
+
+ def _logprof_header_localvars(self):
+ operation = self.operation
+ fstype = logprof_value_or_all(self.fstype, self.all_fstype)
+ options = logprof_value_or_all(self.options, self.all_options)
+ source = logprof_value_or_all(self.source, self.all_source)
+ dest = logprof_value_or_all(self.dest, self.all_dest)
+
+ return (
+ _('Operation'), operation,
+ _('Fstype'), (self.is_fstype_equal, fstype) if fstype != 'ALL' else fstype,
+ _('Options'), (self.is_options_equal, options) if options != 'ALL' else options,
+ _('Source'), source,
+ _('Destination'), dest,
+
+ )
+
+
+class MountRuleset(BaseRuleset):
+ '''Class to handle and store a collection of Mount rules'''
+
+
+def parse_aare(s, offset, param):
+ parsed = ''
+ brace_count = 0
+ for i, c in enumerate(s[offset:], start=offset):
+ if c in [' ', ',', '\t'] and brace_count == 0:
+ break
+ parsed += c
+ if c == '{':
+ brace_count += 1
+ elif c == '}':
+ brace_count -= 1
+ if brace_count < 0:
+ raise AppArmorException(f"Unmatched closing brace in {param}: {s[offset:]}")
+ offset = i
+
+ if brace_count != 0:
+ raise AppArmorException(f"Unmatched opening brace in {param}: {s[offset:]}")
+
+ return offset + 1, parsed
+
+
+def parse_aare_list(s, param):
+ res = []
+ offset = 0
+ while offset <= len(s):
+ offset, part = parse_aare(s, offset, param)
+ if part.translate(' ,\t') != '':
+ res.append(part)
+ return res
+
+
+def wrap_in_with_spaces(value):
+ ''' wrap 'in' keyword in spaces, and leave everything else unchanged '''
+
+ if value == 'in':
+ value = ' in '
+
+ return value
diff --git a/utils/apparmor/rule/mqueue.py b/utils/apparmor/rule/mqueue.py
new file mode 100644
index 0000000000000000000000000000000000000000..eca5fa36ee9c73dc4366df19791ed66932a77bb2
--- /dev/null
+++ b/utils/apparmor/rule/mqueue.py
@@ -0,0 +1,239 @@
+# ----------------------------------------------------------------------
+# Copyright (C) 2022 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+import re
+
+from apparmor.regex import RE_PROFILE_MQUEUE, RE_PROFILE_NAME
+from apparmor.common import AppArmorBug, AppArmorException
+from apparmor.rule import BaseRule, BaseRuleset, check_and_split_list, logprof_value_or_all, parse_modifiers, quote_if_needed
+
+# setup module translations
+from apparmor.translations import init_translation
+_ = init_translation()
+
+
+access_keywords_read = ['r', 'read']
+access_keywords_write = ['w', 'write']
+access_keywords_rw = ['rw', 'wr']
+access_keywords_other = ['create', 'open', 'delete', 'getattr', 'setattr']
+access_keywords = access_keywords_read + access_keywords_write + access_keywords_rw + access_keywords_other
+
+joint_access_keyword = r'\s*(' + '|'.join(access_keywords) + r')\s*'
+RE_ACCESS_KEYWORDS = (joint_access_keyword # one of the access_keyword or
+ + '|' # or
+ + r'\(' + joint_access_keyword + '(' + r'(\s|,)+' + joint_access_keyword + ')*' + r'\)' # one or more access_keyword in (...)
+ )
+
+RE_MQUEUE_NAME = r'(?P<%s>(/\S*|\d*))' # / + string for posix, or digits for sys
+RE_MQUEUE_TYPE = r'(?P<%s>(sysv|posix))' # type can be sysv or posix
+
+RE_MQUEUE_DETAILS = re.compile(
+ '^'
+ + r'(\s+(?P<access>' + RE_ACCESS_KEYWORDS + '))?' # optional access keyword(s)
+ + r'(\s+(type=' + RE_MQUEUE_TYPE % 'mqueue_type' + '))?' # optional type
+ + r'(\s+(label=' + RE_PROFILE_NAME % 'label' + '))?' # optional label
+ + r'(\s+(' + RE_MQUEUE_NAME % 'mqueue_name' + '))?' # optional mqueue name
+ + r'\s*$')
+
+
+class MessageQueueRule(BaseRule):
+ '''Class to handle and store a single mqueue rule'''
+
+ # Nothing external should reference this class, all external users
+ # should reference the class field MessageQueueRule.ALL
+ class __MessageQueueAll(object):
+ pass
+
+ ALL = __MessageQueueAll
+
+ rule_name = 'mqueue'
+ _match_re = RE_PROFILE_MQUEUE
+
+ def __init__(self, access, mqueue_type, label, mqueue_name,
+ audit=False, deny=False, allow_keyword=False,
+ comment='', log_event=None):
+
+ super().__init__(audit=audit, deny=deny,
+ allow_keyword=allow_keyword,
+ comment=comment,
+ log_event=log_event)
+
+ self.access, self.all_access, unknown_items = check_and_split_list(access, access_keywords, self.ALL, type(self).__name__, 'access')
+ if unknown_items:
+ raise AppArmorException(_('Passed unknown access keyword to %s: %s') % (type(self).__name__, ' '.join(unknown_items)))
+
+ self.label, self.all_labels = self._aare_or_all(label, 'label', is_path=False, log_event=log_event)
+ self.mqueue_type, self.all_mqueue_types = self._aare_or_all(mqueue_type, 'type', is_path=False, log_event=log_event)
+ self.mqueue_name, self.all_mqueue_names = self._aare_or_all(mqueue_name, 'mqueue_name', is_path=False, log_event=log_event)
+ self.validate_mqueue_name()
+
+ def validate_mqueue_name(self):
+ # The regex checks if it starts with / or if it's numeric
+ if self.all_mqueue_types or self.all_mqueue_names:
+ return
+
+ if self.mqueue_type.regex == 'sysv' and not self.mqueue_name.regex.isnumeric():
+ raise AppArmorException(_('Queue name for SYSV must be a positive integer'))
+ elif self.mqueue_type.regex == 'posix' and not self.mqueue_name.regex.startswith('/'):
+ raise AppArmorException(_('Queue name for POSIX must begin with /'))
+
+ @classmethod
+ def _create_instance(cls, raw_rule, matches):
+ '''parse raw_rule and return instance of this class'''
+
+ audit, deny, allow_keyword, comment = parse_modifiers(matches)
+
+ rule_details = ''
+ if matches.group('details'):
+ rule_details = matches.group('details')
+
+ if rule_details:
+ details = RE_MQUEUE_DETAILS.search(rule_details)
+ if not details:
+ raise AppArmorException(_("Invalid or unknown keywords in 'mqueue %s" % rule_details))
+
+ if details.group('access'):
+ access = details.group('access')
+ if access.startswith('(') and access.endswith(')'):
+ access = access[1:-1]
+ access = access.replace(',', ' ').split() # split by ',' or whitespace
+ else:
+ access = cls.ALL
+
+ if details.group('mqueue_type'):
+ mqueue_type = details.group('mqueue_type')
+ else:
+ mqueue_type = cls.ALL
+
+ if details.group('label'):
+ label = details.group('label')
+ else:
+ label = cls.ALL
+
+ if details.group('mqueue_name'):
+ mqueue_name = details.group('mqueue_name')
+ else:
+ mqueue_name = cls.ALL
+ else:
+ access = cls.ALL
+ mqueue_type = cls.ALL
+ label = cls.ALL
+ mqueue_name = cls.ALL
+
+ return cls(access, mqueue_type, label, mqueue_name,
+ audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
+
+ def get_clean(self, depth=0):
+ '''return rule (in clean/default formatting)'''
+
+ space = ' ' * depth
+
+ if self.all_access:
+ access = ''
+ elif len(self.access) == 1:
+ access = ' %s' % ' '.join(self.access)
+ elif self.access:
+ access = ' (%s)' % ' '.join(sorted(self.access))
+ else:
+ raise AppArmorBug('Empty access in mqueue rule')
+
+ if self.all_mqueue_types:
+ mqueue_type = ''
+ elif self.mqueue_type:
+ mqueue_type = ' type=%s' % self.mqueue_type.regex
+ else:
+ raise AppArmorBug('Empty type in mqueue rule')
+
+ if self.all_labels:
+ label = ''
+ elif self.label:
+ label = ' label=%s' % quote_if_needed(self.label.regex)
+ else:
+ raise AppArmorBug('Empty label in mqueue rule')
+
+ if self.all_mqueue_names:
+ mqueue_name = ''
+ elif self.mqueue_name:
+ mqueue_name = ' %s' % self.mqueue_name.regex
+ else:
+ raise AppArmorBug('Empty mqueue_name in mqueue rule')
+
+ return '%s%smqueue%s%s%s%s,%s' % (space, self.modifiers_str(), access, mqueue_type, label, mqueue_name, self.comment)
+
+ def _is_covered_localvars(self, other_rule):
+ '''check if other_rule is covered by this rule object'''
+
+ if not self._is_covered_list(self.access, self.all_access, other_rule.access, other_rule.all_access, 'access'):
+ return False
+
+ if not self._is_covered_aare(self.mqueue_type, self.all_mqueue_types, other_rule.mqueue_type, other_rule.all_mqueue_types, 'mqueue_type'):
+ return False
+
+ if not self._is_covered_aare(self.label, self.all_labels, other_rule.label, other_rule.all_labels, 'label'):
+ return False
+
+ if not self._is_covered_aare(self.mqueue_name, self.all_mqueue_names, other_rule.mqueue_name, other_rule.all_mqueue_names, 'mqueue_name'):
+ return False
+
+ # still here? -> then it is covered
+ return True
+
+ def _is_equal_localvars(self, rule_obj, strict):
+ '''compare if rule-specific variables are equal'''
+
+ if (self.access != rule_obj.access or self.all_access != rule_obj.all_access):
+ return False
+
+ if not self._is_equal_aare(self.mqueue_type, self.all_mqueue_types, rule_obj.mqueue_type, rule_obj.all_mqueue_types, 'mqueue_type'):
+ return False
+
+ if not self._is_equal_aare(self.label, self.all_labels, rule_obj.label, rule_obj.all_labels, 'label'):
+ return False
+
+ if not self._is_equal_aare(self.mqueue_name, self.all_mqueue_names, rule_obj.mqueue_name, rule_obj.all_mqueue_names, 'mqueue_name'):
+ return False
+
+ return True
+
+ def _logprof_header_localvars(self):
+ access = logprof_value_or_all(self.access, self.all_access)
+ mqueue_type = logprof_value_or_all(self.mqueue_type, self.all_mqueue_types)
+ label = logprof_value_or_all(self.label, self.all_labels)
+ mqueue_name = logprof_value_or_all(self.mqueue_name, self.all_mqueue_names)
+
+ return (
+ _('Access mode'), access,
+ _('Type'), mqueue_type,
+ _('Label'), label,
+ _('Message queue name'), mqueue_name
+ )
+
+ @staticmethod
+ def hashlog_from_event(hl, e):
+ mqueue_type = e['class'].partition('_')[0]
+ hl[e['denied_mask']][mqueue_type][e['name']] = True
+
+ @classmethod
+ def from_hashlog(cls, hl):
+ for access, mqueue_type, mqueue_name in BaseRule.generate_rules_from_hashlog(hl, 3):
+ yield cls(access, mqueue_type, MessageQueueRule.ALL, mqueue_name, log_event=True)
+
+
+class MessageQueueRuleset(BaseRuleset):
+ '''Class to handle and store a collection of mqueue rules'''
+
+ def get_glob(self, path_or_rule):
+ '''Return the next possible glob. For mqueue rules, that means removing access, label or mqueue_name'''
+ # XXX only remove one part, not all
+ return 'mqueue,'
diff --git a/utils/apparmor/rule/network.py b/utils/apparmor/rule/network.py
index 713bed61b89816c0580c78d2c2beba68dd5b007e..f788e1b9c1dc14cfd5e9a4e636c4f999ca6d89c3 100644
--- a/utils/apparmor/rule/network.py
+++ b/utils/apparmor/rule/network.py
@@ -16,9 +16,13 @@
import re
from apparmor.common import AppArmorBug, AppArmorException
-from apparmor.regex import RE_PROFILE_NETWORK
-from apparmor.rule import BaseRule, BaseRuleset, logprof_value_or_all, parse_modifiers
+from apparmor.regex import RE_PROFILE_NETWORK, strip_parenthesis
+from apparmor.rule import BaseRule, BaseRuleset, logprof_value_or_all, parse_modifiers, check_dict_keys, \
+ check_and_split_list, initialize_cond_dict, print_dict_values, tuple_to_dict
from apparmor.translations import init_translation
+from apparmor.rule.unix import unix_accesses as network_accesses
+from apparmor.rule.unix import access_flags
+import ipaddress
_ = init_translation()
@@ -31,6 +35,32 @@ network_domain_keywords = [
network_type_keywords = ['stream', 'dgram', 'seqpacket', 'rdm', 'raw', 'packet']
network_protocol_keywords = ['tcp', 'udp', 'icmp']
+byte = r'(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'
+network_ipv4 = fr'{byte}\.{byte}\.{byte}\.{byte}'
+
+network_ipv6 = (
+ r'('
+ r'([0-9a-f]{1,4}:){7}[0-9a-f]{1,4}|'
+ r'([0-9a-f]{1,4}:){1,7}:|'
+ r'([0-9a-f]{1,4}:){1,6}:[0-9a-f]{1,4}|'
+ r'([0-9a-f]{1,4}:){1,5}(:[0-9a-f]{1,4}){1,2}|'
+ r'([0-9a-f]{1,4}:){1,4}(:[0-9a-f]{1,4}){1,3}|'
+ r'([0-9a-f]{1,4}:){1,3}(:[0-9a-f]{1,4}){1,4}|'
+ r'([0-9a-f]{1,4}:){1,2}(:[0-9a-f]{1,4}){1,5}|'
+ r'[0-9a-f]{1,4}:((:[0-9a-f]{1,4}){1,6})|'
+ r':((:[0-9a-f]{1,4}){1,7}|:)|'
+ r'fe80:(:[0-9a-f]{0,4}){0,4}%%[0-9a-zA-Z]{1,}|'
+ r'::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|'
+ r'([0-9a-f]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])'
+ r')(%%[0-9a-zA-Z]{1,})?'
+)
+
+network_port = r'(port\s*=\s*(?P<%s>\d+))\s*'
+ip_cond = fr'\s*ip\s*=\s*(?P<%s>(({network_ipv4})|({network_ipv6})|none))\s*'
+
+RE_LOCAL_EXPR = f'((({ip_cond % "ip"})|({network_port % "port"}))*)'
+RE_PEER_EXPR = fr'(peer\s*=\s*\(\s*(({ip_cond % "ip_peer"})|({network_port % "port_peer"}))+\s*\))'
+
RE_NETWORK_DOMAIN = '(' + '|'.join(network_domain_keywords) + ')'
RE_NETWORK_TYPE = '(' + '|'.join(network_type_keywords) + ')'
@@ -38,9 +68,14 @@ RE_NETWORK_PROTOCOL = '(' + '|'.join(network_protocol_keywords) + ')'
RE_NETWORK_DETAILS = re.compile(
r'^\s*'
- + '(?P<domain>' + RE_NETWORK_DOMAIN + ')?' # optional domain
- + r'(\s+(?P<type_or_protocol>' + RE_NETWORK_TYPE + '|' + RE_NETWORK_PROTOCOL + '))?' # optional type or protocol
- + r'\s*$')
+ + r'(\s*' + network_accesses + r')?\s*'
+ + '(?P<domain>' + RE_NETWORK_DOMAIN + r')?\s*' # optional domain
+ + r'(\s+(?P<type_or_protocol>' + RE_NETWORK_TYPE + '|' + RE_NETWORK_PROTOCOL + r'))?\s*' # optional type or protocol
+ + '(' + RE_LOCAL_EXPR + r')?\s*'
+ + '(' + RE_PEER_EXPR + r')?\s*'
+ + r'$')
+
+non_peer_accesses = {'create', 'bind', 'listen', 'shutdown', 'getattr', 'setattr', 'getopt', 'setopt'}
class NetworkRule(BaseRule):
@@ -54,50 +89,75 @@ class NetworkRule(BaseRule):
ALL = __NetworkAll
rule_name = 'network'
+ _match_re = RE_PROFILE_NETWORK
- def __init__(self, domain, type_or_protocol, audit=False, deny=False, allow_keyword=False,
- comment='', log_event=None):
+ def __init__(self, accesses, domain, type_or_protocol, local_expr, peer_expr, audit=False, deny=False,
+ allow_keyword=False, comment='', log_event=None):
super().__init__(audit=audit, deny=deny, allow_keyword=allow_keyword,
comment=comment, log_event=log_event)
+ if type(local_expr) is tuple:
+ if accesses is None:
+ accesses = self.ALL
+ else:
+ accesses = accesses.split()
+ local_expr = tuple_to_dict(local_expr, ['ip', 'port'])
+ peer_expr = tuple_to_dict(peer_expr, ['ip', 'port'])
+
+ self.accesses, self.all_accesses, unknown_items = check_and_split_list(accesses, access_flags, self.ALL, type(self).__name__, 'accesses')
+
+ if unknown_items:
+ raise AppArmorException(f'Invalid access in Network rule: {unknown_items}')
+
+ self.local_expr = check_dict_keys(local_expr, {'ip', 'port'}, self.ALL)
+ self.peer_expr = check_dict_keys(peer_expr, {'ip', 'port'}, self.ALL)
+
+ if self.local_expr != self.ALL and 'port' in self.local_expr and int(self.local_expr['port']) > 65535:
+ raise AppArmorException(f'Invalid port: {self.local_expr["port"]}')
+ if self.peer_expr != self.ALL and 'port' in self.peer_expr and int(self.peer_expr['port']) > 65535:
+ raise AppArmorException(f'Invalid remote port: {self.peer_expr["port"]}')
+
+ if self.local_expr != self.ALL and 'ip' in self.local_expr and not is_valid_ip(self.local_expr['ip']):
+ raise AppArmorException(f'Invalid ip: {self.local_expr["ip"]}')
+ if self.peer_expr != self.ALL and 'ip' in self.peer_expr and not is_valid_ip(self.peer_expr['ip']):
+ raise AppArmorException(f'Invalid ip: {self.peer_expr["ip"]}')
+
+ if not self.all_accesses and self.peer_expr != self.ALL and self.accesses & non_peer_accesses:
+ raise AppArmorException('Cannot use a peer_expr and an access in the set (%s) simultaneously' % ', '.join(non_peer_accesses))
+
self.domain = None
self.all_domains = False
- if domain == NetworkRule.ALL:
+ if domain == self.ALL:
self.all_domains = True
- elif type(domain) is str:
+ elif isinstance(domain, str):
if domain in network_domain_keywords:
self.domain = domain
+
+ if not self.domain.startswith('inet') and (self.local_expr != self.ALL or self.peer_expr != self.ALL):
+ raise AppArmorException('Cannot use a local expression or a peer expression for non-inet domains')
else:
- raise AppArmorBug('Passed unknown domain to NetworkRule: %s' % domain)
+ raise AppArmorBug('Passed unknown domain to %s: %s' % (type(self).__name__, domain))
else:
- raise AppArmorBug('Passed unknown object to NetworkRule: %s' % str(domain))
+ raise AppArmorBug('Passed unknown object to %s: %s' % (type(self).__name__, str(domain)))
self.type_or_protocol = None
self.all_type_or_protocols = False
- if type_or_protocol == NetworkRule.ALL:
+ if type_or_protocol == self.ALL:
self.all_type_or_protocols = True
- elif type(type_or_protocol) is str:
+ elif isinstance(type_or_protocol, str):
if type_or_protocol in network_protocol_keywords:
self.type_or_protocol = type_or_protocol
elif type_or_protocol in network_type_keywords:
self.type_or_protocol = type_or_protocol
else:
- raise AppArmorBug('Passed unknown type_or_protocol to NetworkRule: %s' % type_or_protocol)
+ raise AppArmorBug('Passed unknown type_or_protocol to %s: %s' % (type(self).__name__, type_or_protocol))
else:
- raise AppArmorBug('Passed unknown object to NetworkRule: %s' % str(type_or_protocol))
+ raise AppArmorBug('Passed unknown object to %s: %s' % (type(self).__name__, str(type_or_protocol)))
@classmethod
- def _match(cls, raw_rule):
- return RE_PROFILE_NETWORK.search(raw_rule)
-
- @classmethod
- def _parse(cls, raw_rule):
- """parse raw_rule and return NetworkRule"""
-
- matches = cls._match(raw_rule)
- if not matches:
- raise AppArmorException(_("Invalid network rule '%s'") % raw_rule)
+ def _create_instance(cls, raw_rule, matches):
+ """parse raw_rule and return instance of this class"""
audit, deny, allow_keyword, comment = parse_modifiers(matches)
@@ -108,29 +168,38 @@ class NetworkRule(BaseRule):
if rule_details:
details = RE_NETWORK_DETAILS.search(rule_details)
if not details:
- raise AppArmorException(_("Invalid or unknown keywords in 'network %s" % rule_details))
+ raise AppArmorException(_("Invalid or unknown keywords in 'network %s'" % rule_details))
- if details.group('domain'):
- domain = details.group('domain')
- else:
- domain = NetworkRule.ALL
+ r = details.groupdict()
- if details.group('type_or_protocol'):
- type_or_protocol = details.group('type_or_protocol')
+ domain = r['domain'] or cls.ALL
+ type_or_protocol = r['type_or_protocol'] or cls.ALL
+
+ if r['accesses']:
+ accesses = strip_parenthesis(r['accesses']).replace(',', ' ').split()
else:
- type_or_protocol = NetworkRule.ALL
+ accesses = cls.ALL
+
+ local_expr = initialize_cond_dict(r, ['ip', 'port'], '', cls.ALL)
+ peer_expr = initialize_cond_dict(r, ['ip', 'port'], '_peer', cls.ALL)
+
else:
- domain = NetworkRule.ALL
- type_or_protocol = NetworkRule.ALL
+ accesses = cls.ALL
+ domain = cls.ALL
+ type_or_protocol = cls.ALL
+ local_expr = cls.ALL
+ peer_expr = cls.ALL
- return NetworkRule(domain, type_or_protocol,
- audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
+ return cls(accesses, domain, type_or_protocol, local_expr, peer_expr,
+ audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
def get_clean(self, depth=0):
"""return rule (in clean/default formatting)"""
space = ' ' * depth
+ accesses = ' (%s)' % (', '.join(sorted(self.accesses))) if not self.all_accesses else ''
+
if self.all_domains:
domain = ''
elif self.domain:
@@ -145,25 +214,52 @@ class NetworkRule(BaseRule):
else:
raise AppArmorBug('Empty type or protocol in network rule')
- return ('%s%snetwork%s%s,%s' % (space, self.modifiers_str(), domain, type_or_protocol, self.comment))
+ local_expr = print_dict_values(self.local_expr, self.ALL)
+ peer_expr = print_dict_values(self.peer_expr, self.ALL, 'peer')
+
+ return ('%s%snetwork%s%s%s%s%s,%s' % (space, self.modifiers_str(), accesses, domain, type_or_protocol, local_expr, peer_expr, self.comment))
- def is_covered_localvars(self, other_rule):
+ def _is_covered_localvars(self, other_rule):
"""check if other_rule is covered by this rule object"""
+ if not self._is_covered_list(self.accesses, self.all_accesses, other_rule.accesses, other_rule.all_accesses, 'accesses'):
+ return False
+
if not self._is_covered_plain(self.domain, self.all_domains, other_rule.domain, other_rule.all_domains, 'domain'):
return False
if not self._is_covered_plain(self.type_or_protocol, self.all_type_or_protocols, other_rule.type_or_protocol, other_rule.all_type_or_protocols, 'type or protocol'):
return False
+ if not self._is_covered_dict(self.local_expr, other_rule.local_expr):
+ return False
+ if not self._is_covered_dict(self.peer_expr, other_rule.peer_expr):
+ return False
+
# still here? -> then it is covered
return True
- def is_equal_localvars(self, rule_obj, strict):
+ def _is_covered_dict(self, d, other):
+
+ if d is self.ALL:
+ return True
+ elif other is self.ALL:
+ return False
+
+ for it in other:
+ if it not in d:
+ continue # No constraints on this item.
+ else:
+ if not self._is_covered_plain(d[it], False, other[it], False, it):
+ return False
+
+ return True
+
+ def _is_equal_localvars(self, rule_obj, strict):
"""compare if rule-specific variables are equal"""
- if not type(rule_obj) == NetworkRule:
- raise AppArmorBug('Passed non-network rule: %s' % str(rule_obj))
+ if self.accesses != rule_obj.accesses:
+ return False
if (self.domain != rule_obj.domain
or self.all_domains != rule_obj.all_domains):
@@ -173,16 +269,42 @@ class NetworkRule(BaseRule):
or self.all_type_or_protocols != rule_obj.all_type_or_protocols):
return False
+ if self.local_expr != rule_obj.local_expr:
+ return False
+
+ if self.peer_expr != rule_obj.peer_expr:
+ return False
+
return True
- def logprof_header_localvars(self):
+ def _logprof_header_localvars(self):
+ accesses = logprof_value_or_all(self.accesses, self.all_accesses)
family = logprof_value_or_all(self.domain, self.all_domains) # noqa: E221
sock_type = logprof_value_or_all(self.type_or_protocol, self.all_type_or_protocols)
- return [
+ local_expr = logprof_value_or_all(self.local_expr, self.local_expr == self.ALL)
+ peer_expr = logprof_value_or_all(self.peer_expr, self.peer_expr == self.ALL)
+
+ return (
+ _('Accesses'), accesses,
_('Network Family'), family,
_('Socket Type'), sock_type,
- ]
+ _('Local'), local_expr,
+ _('Peer'), peer_expr,
+ )
+
+ @staticmethod
+ def hashlog_from_event(hl, e):
+ local = (e['addr'], e['port'])
+ peer = (e['peer_addr'], e['remote_port'])
+ hl[e['accesses']][e['family']][e['sock_type']][e['protocol']][local][peer] = True
+
+ @classmethod
+ def from_hashlog(cls, hl):
+ for access, family, sock_type, protocol, local_event, peer_event in BaseRule.generate_rules_from_hashlog(hl, 6):
+ if access and set(access.split()) & non_peer_accesses:
+ peer_event = (None, None)
+ yield cls(access, family, sock_type, local_event, peer_event, log_event=True)
class NetworkRuleset(BaseRuleset):
@@ -192,3 +314,13 @@ class NetworkRuleset(BaseRuleset):
"""Return the next possible glob. For network rules, that's "network DOMAIN," or "network," (all network)"""
# XXX return 'network DOMAIN,' if 'network DOMAIN TYPE_OR_PROTOCOL' was given
return 'network,'
+
+
+def is_valid_ip(ip):
+ if ip == 'none':
+ return True
+ try:
+ ipaddress.ip_address(ip)
+ return True
+ except ValueError:
+ return False
diff --git a/utils/apparmor/rule/pivot_root.py b/utils/apparmor/rule/pivot_root.py
new file mode 100644
index 0000000000000000000000000000000000000000..06f951d0ae058dad0b70a6bfa4e0b4293b357c99
--- /dev/null
+++ b/utils/apparmor/rule/pivot_root.py
@@ -0,0 +1,208 @@
+# ----------------------------------------------------------------------
+# Copyright (C) 2024 Christian Boltz
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+import re
+
+from apparmor.common import AppArmorBug, AppArmorException
+
+from apparmor.aare import AARE
+from apparmor.regex import RE_PROFILE_PIVOT_ROOT, RE_PROFILE_NAME, RE_PROFILE_PATH_OR_VAR, strip_quotes
+from apparmor.rule import BaseRule, BaseRuleset, parse_modifiers, logprof_value_or_all, quote_if_needed
+
+from apparmor.translations import init_translation
+
+_ = init_translation()
+
+RE_PIVOT_ROOT_DETAILS = re.compile(
+ r'^\s*'
+ + r'(\s+oldroot=' + RE_PROFILE_PATH_OR_VAR % 'oldroot' + r')?' # noqa: E221
+ + r'(\s+' + RE_PROFILE_PATH_OR_VAR % 'newroot' + r')?' # noqa: E221
+ + r'(\s+->\s+' + RE_PROFILE_NAME % 'profile_name' + r')?' # noqa: E221
+ + r'\s*$'
+)
+
+
+class PivotRootRule(BaseRule):
+ '''Class to handle and store a single pivot_root rule'''
+
+ # Nothing external should reference this class, all external users
+ # should reference the class field PivotRootRule.ALL
+ class __PivotRootAll(object):
+ pass
+
+ ALL = __PivotRootAll
+
+ rule_name = 'pivot_root'
+ _match_re = RE_PROFILE_PIVOT_ROOT
+
+# PIVOT ROOT RULE = [ QUALIFIERS ] pivot_root [ oldroot=OLD PUT FILEGLOB ] [ NEW ROOT FILEGLOB ] [ ’->’ PROFILE NAME ]
+ def __init__(self, oldroot, newroot, profile_name, audit=False, deny=False, allow_keyword=False, comment='', log_event=None):
+
+ super().__init__(audit=audit, deny=deny,
+ allow_keyword=allow_keyword,
+ comment=comment,
+ log_event=log_event)
+
+ self.oldroot, self.all_oldroots = self._aare_or_all(oldroot, 'oldroot', True, log_event) # noqa: E221
+ self.newroot, self.all_newroots = self._aare_or_all(newroot, 'newroot', True, log_event) # noqa: E221
+ self.profile_name, self.all_profile_names = self._aare_or_all(profile_name, 'profile_name', False, log_event) # noqa: E221
+
+ self.can_glob = not self.all_newroots
+ self.can_glob_ext = False
+ self.can_edit = not self.all_newroots
+
+ @classmethod
+ def _create_instance(cls, raw_rule, matches):
+ '''parse raw_rule and return instance of this class'''
+
+ audit, deny, allow_keyword, comment = parse_modifiers(matches)
+
+ rule_details = ''
+ if matches.group('details'):
+ rule_details = matches.group('details')
+
+ parsed = RE_PIVOT_ROOT_DETAILS.search(rule_details)
+
+ if not parsed:
+ raise AppArmorException('Cannot parse pivot_root rule ' + raw_rule)
+
+ r = parsed.groupdict()
+
+ if r['oldroot']:
+ oldroot = strip_quotes(r['oldroot'])
+ else:
+ oldroot = cls.ALL
+
+ if r['newroot']:
+ newroot = strip_quotes(r['newroot'])
+ else:
+ newroot = cls.ALL
+
+ if r['profile_name']:
+ profile_name = strip_quotes(r['profile_name'])
+ else:
+ profile_name = cls.ALL
+
+ else:
+ oldroot = cls.ALL
+ newroot = cls.ALL
+ profile_name = cls.ALL
+
+ return cls(oldroot=oldroot, newroot=newroot, profile_name=profile_name,
+ audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
+
+ def get_clean(self, depth=0):
+ space = ' ' * depth
+
+ if self.all_oldroots:
+ oldroot = ''
+ elif self.oldroot:
+ oldroot = ' oldroot=' + quote_if_needed(self.oldroot.regex)
+ else:
+ raise AppArmorBug('Empty oldroot in pivot_root rule')
+
+ if self.all_newroots:
+ newroot = ''
+ elif self.newroot:
+ newroot = ' ' + quote_if_needed(self.newroot.regex)
+ else:
+ raise AppArmorBug('Empty newroot in pivot_root rule')
+
+ if self.all_profile_names:
+ profile_name = ''
+ elif self.profile_name:
+ profile_name = ' -> ' + quote_if_needed(self.profile_name.regex)
+ else:
+ raise AppArmorBug('Empty profile_name in pivot_root rule')
+
+ return f'{space}{self.modifiers_str()}pivot_root{oldroot}{newroot}{profile_name},{self.comment}'
+
+ def _is_covered_localvars(self, other_rule):
+ if not self._is_covered_aare(self.oldroot, self.all_oldroots, other_rule.oldroot, other_rule.all_oldroots, 'oldroot'):
+ return False
+
+ if not self._is_covered_aare(self.newroot, self.all_newroots, other_rule.newroot, other_rule.all_newroots, 'newroot'):
+ return False
+
+ if not self._is_covered_aare(self.profile_name, self.all_profile_names, other_rule.profile_name, other_rule.all_profile_names, 'profile_name'):
+ return False
+
+ # still here? -> then it is covered
+ return True
+
+ def _is_equal_localvars(self, rule_obj, strict):
+ if not self._is_equal_aare(self.oldroot, self.all_oldroots, rule_obj.oldroot, rule_obj.all_oldroots, 'oldroot'):
+ return False
+
+ if not self._is_equal_aare(self.newroot, self.all_newroots, rule_obj.newroot, rule_obj.all_newroots, 'newroot'):
+ return False
+
+ if not self._is_equal_aare(self.profile_name, self.all_profile_names, rule_obj.profile_name, rule_obj.all_profile_names, 'profile_name'):
+ return False
+
+ return True
+
+ def glob(self):
+ '''Change newroot path to next possible glob'''
+ if self.all_newroots:
+ return
+
+ self.newroot = self.newroot.glob_path()
+ self.raw_rule = None
+
+ def edit_header(self):
+ if self.all_newroots:
+ raise AppArmorBug('Attemp to edit pivot_root rule without newroot limitations')
+
+ return (_('Enter new newroot: '), self.newroot.regex)
+
+ def validate_edit(self, newpath):
+ if self.all_newroots:
+ raise AppArmorBug('Attemp to edit pivot_root rule without newroot limitations')
+
+ newpath = AARE(newpath, True) # might raise AppArmorException if the new path doesn't start with / or a variable
+ return newpath.match(self.newroot)
+
+ def store_edit(self, newpath):
+ if self.all_newroots:
+ raise AppArmorBug('Attemp to edit pivot_root rule without newroot limitations')
+
+ self.newroot = AARE(newpath, True) # might raise AppArmorException if the new path doesn't start with / or a variable
+ self.raw_rule = None
+
+ def _logprof_header_localvars(self):
+
+ oldroot = logprof_value_or_all(self.oldroot, self.all_oldroots)
+ newroot = logprof_value_or_all(self.newroot, self.all_newroots)
+ profile_name = logprof_value_or_all(self.profile_name, self.all_profile_names)
+
+ return (
+ _('Old root'), oldroot,
+ _('New root'), newroot,
+ _('Target profile'), profile_name,
+ )
+
+ @staticmethod
+ def hashlog_from_event(hl, e):
+ # TODO: can the log contain the target profile?
+ hl[e['src_name']][e['name']] = True
+
+ @classmethod
+ def from_hashlog(cls, hl):
+ for oldroot, newroot in BaseRule.generate_rules_from_hashlog(hl, 2):
+ yield cls(oldroot, newroot, cls.ALL, log_event=True)
+
+
+class PivotRootRuleset(BaseRuleset):
+ '''Class to handle and store a collection of pivot_root rules'''
diff --git a/utils/apparmor/rule/ptrace.py b/utils/apparmor/rule/ptrace.py
index 57e3822988f34ee4cfd7182fe74c9f71ade622a7..8ec41f1a0302365375fdf3a4b27b5c5ef2a5f75e 100644
--- a/utils/apparmor/rule/ptrace.py
+++ b/utils/apparmor/rule/ptrace.py
@@ -50,6 +50,7 @@ class PtraceRule(BaseRule):
ALL = __PtraceAll
rule_name = 'ptrace'
+ _match_re = RE_PROFILE_PTRACE
def __init__(self, access, peer, audit=False, deny=False, allow_keyword=False,
comment='', log_event=None):
@@ -58,23 +59,15 @@ class PtraceRule(BaseRule):
comment=comment, log_event=log_event)
self.access, self.all_access, unknown_items = check_and_split_list(
- access, access_keywords, PtraceRule.ALL, 'PtraceRule', 'access')
+ access, access_keywords, self.ALL, type(self).__name__, 'access')
if unknown_items:
- raise AppArmorException(_('Passed unknown access keyword to PtraceRule: %s') % ' '.join(unknown_items))
+ raise AppArmorException(_('Passed unknown access keyword to %s: %s') % (type(self).__name__, ' '.join(unknown_items)))
self.peer, self.all_peers = self._aare_or_all(peer, 'peer', is_path=False, log_event=log_event)
@classmethod
- def _match(cls, raw_rule):
- return RE_PROFILE_PTRACE.search(raw_rule)
-
- @classmethod
- def _parse(cls, raw_rule):
- """parse raw_rule and return PtraceRule"""
-
- matches = cls._match(raw_rule)
- if not matches:
- raise AppArmorException(_("Invalid ptrace rule '%s'") % raw_rule)
+ def _create_instance(cls, raw_rule, matches):
+ """parse raw_rule and return instance of this class"""
audit, deny, allow_keyword, comment = parse_modifiers(matches)
@@ -94,18 +87,18 @@ class PtraceRule(BaseRule):
access = access[1:-1]
access = access.replace(',', ' ').split() # split by ',' or whitespace
else:
- access = PtraceRule.ALL
+ access = cls.ALL
if details.group('peer'):
peer = strip_quotes(details.group('peer'))
else:
- peer = PtraceRule.ALL
+ peer = cls.ALL
else:
- access = PtraceRule.ALL
- peer = PtraceRule.ALL
+ access = cls.ALL
+ peer = cls.ALL
- return PtraceRule(access, peer,
- audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
+ return cls(access, peer,
+ audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
def get_clean(self, depth=0):
"""return rule (in clean/default formatting)"""
@@ -130,7 +123,7 @@ class PtraceRule(BaseRule):
return ('%s%sptrace%s%s,%s' % (space, self.modifiers_str(), access, peer, self.comment))
- def is_covered_localvars(self, other_rule):
+ def _is_covered_localvars(self, other_rule):
"""check if other_rule is covered by this rule object"""
if not self._is_covered_list(self.access, self.all_access, other_rule.access, other_rule.all_access, 'access'):
@@ -142,12 +135,9 @@ class PtraceRule(BaseRule):
# still here? -> then it is covered
return True
- def is_equal_localvars(self, rule_obj, strict):
+ def _is_equal_localvars(self, rule_obj, strict):
"""compare if rule-specific variables are equal"""
- if not type(rule_obj) == PtraceRule:
- raise AppArmorBug('Passed non-ptrace rule: %s' % str(rule_obj))
-
if (self.access != rule_obj.access
or self.all_access != rule_obj.all_access):
return False
@@ -157,14 +147,27 @@ class PtraceRule(BaseRule):
return True
- def logprof_header_localvars(self):
+ def _logprof_header_localvars(self):
access = logprof_value_or_all(self.access, self.all_access)
peer = logprof_value_or_all(self.peer, self.all_peers) # noqa: E221
- return [
+ return (
_('Access mode'), access,
_('Peer'), peer,
- ]
+ )
+
+ @staticmethod
+ def hashlog_from_event(hl, e):
+ hl[e['peer']][e['denied_mask']] = True
+
+ @classmethod
+ def from_hashlog(cls, hl):
+ for peer in hl.keys():
+ if '//null-' in peer:
+ continue # ignore null-* peers
+
+ for access in hl[peer].keys():
+ yield cls(access, peer, log_event=True)
class PtraceRuleset(BaseRuleset):
diff --git a/utils/apparmor/rule/rlimit.py b/utils/apparmor/rule/rlimit.py
index 12d1d45bcb67d60799466310edbfc895b890199d..4bc810563ad540ab547f45aa9b1537cf92c74034 100644
--- a/utils/apparmor/rule/rlimit.py
+++ b/utils/apparmor/rule/rlimit.py
@@ -46,6 +46,7 @@ class RlimitRule(BaseRule):
ALL = __RlimitAll
rule_name = 'rlimit'
+ _match_re = RE_PROFILE_RLIMIT
def __init__(self, rlimit, value, audit=False, deny=False, allow_keyword=False,
comment='', log_event=None):
@@ -56,20 +57,20 @@ class RlimitRule(BaseRule):
if audit or deny or allow_keyword:
raise AppArmorBug('The audit, allow or deny keywords are not allowed in rlimit rules.')
- if type(rlimit) is str:
+ if isinstance(rlimit, str):
if rlimit in rlimit_all:
self.rlimit = rlimit
else:
raise AppArmorException('Unknown rlimit keyword in rlimit rule: %s' % rlimit)
else:
- raise AppArmorBug('Passed unknown object to RlimitRule: %s' % str(rlimit))
+ raise AppArmorBug('Passed unknown object to %s: %s' % (type(self).__name__, str(rlimit)))
self.value = None
self.value_as_int = None
self.all_values = False
- if value == RlimitRule.ALL:
+ if value == self.ALL:
self.all_values = True
- elif type(value) is str:
+ elif isinstance(value, str):
if not value.strip():
raise AppArmorBug('Empty value in rlimit rule')
@@ -101,19 +102,11 @@ class RlimitRule(BaseRule):
# still here? fine :-)
self.value = value
else:
- raise AppArmorBug('Passed unknown object to RlimitRule: %s' % str(value))
+ raise AppArmorBug('Passed unknown object to %s: %s' % (type(self).__name__, str(value)))
@classmethod
- def _match(cls, raw_rule):
- return RE_PROFILE_RLIMIT.search(raw_rule)
-
- @classmethod
- def _parse(cls, raw_rule):
- """parse raw_rule and return RlimitRule"""
-
- matches = cls._match(raw_rule)
- if not matches:
- raise AppArmorException(_("Invalid rlimit rule '%s'") % raw_rule)
+ def _create_instance(cls, raw_rule, matches):
+ """parse raw_rule and return instance of this class"""
comment = parse_comment(matches)
@@ -124,13 +117,13 @@ class RlimitRule(BaseRule):
if matches.group('value'):
if matches.group('value') == 'infinity':
- value = RlimitRule.ALL
+ value = cls.ALL
else:
value = strip_quotes(matches.group('value'))
else:
raise AppArmorException(_("Invalid rlimit rule '%s' - value missing") % raw_rule) # pragma: no cover - would need breaking the regex
- return RlimitRule(rlimit, value, comment=comment)
+ return cls(rlimit, value, comment=comment)
def get_clean(self, depth=0):
"""return rule (in clean/default formatting)"""
@@ -196,7 +189,7 @@ class RlimitRule(BaseRule):
return number
- def is_covered_localvars(self, other_rule):
+ def _is_covered_localvars(self, other_rule):
"""check if other_rule is covered by this rule object"""
if not self._is_covered_plain(self.rlimit, False, other_rule.rlimit, False, 'rlimit'): # rlimit can't be ALL, therefore using False
@@ -214,13 +207,10 @@ class RlimitRule(BaseRule):
# still here? -> then it is covered
return True
- def is_equal_localvars(self, rule_obj, strict):
+ def _is_equal_localvars(self, rule_obj, strict):
"""compare if rule-specific variables are equal"""
- if not type(rule_obj) == RlimitRule:
- raise AppArmorBug('Passed non-rlimit rule: %s' % str(rule_obj))
-
- if (self.rlimit != rule_obj.rlimit):
+ if self.rlimit != rule_obj.rlimit:
return False
if (self.value_as_int != rule_obj.value_as_int
@@ -229,18 +219,16 @@ class RlimitRule(BaseRule):
return True
- def logprof_header_localvars(self):
- rlimit_txt = self.rlimit
-
+ def _logprof_header_localvars(self):
if self.all_values:
values_txt = 'infinity'
else:
values_txt = self.value
- return [
- _('Rlimit'), rlimit_txt,
+ return (
+ _('Rlimit'), self.rlimit,
_('Value'), values_txt,
- ]
+ )
class RlimitRuleset(BaseRuleset):
diff --git a/utils/apparmor/rule/signal.py b/utils/apparmor/rule/signal.py
index 3eb50b15de781836f5a24cfadf1260260585a6aa..e803ec2239406b79bcda948a8c26513aa334ed5e 100644
--- a/utils/apparmor/rule/signal.py
+++ b/utils/apparmor/rule/signal.py
@@ -75,6 +75,7 @@ class SignalRule(BaseRule):
ALL = __SignalAll
rule_name = 'signal'
+ _match_re = RE_PROFILE_SIGNAL
def __init__(self, access, signal, peer, audit=False, deny=False, allow_keyword=False,
comment='', log_event=None):
@@ -83,32 +84,24 @@ class SignalRule(BaseRule):
comment=comment, log_event=log_event)
self.access, self.all_access, unknown_items = check_and_split_list(
- access, access_keywords, SignalRule.ALL, 'SignalRule', 'access')
+ access, access_keywords, self.ALL, type(self).__name__, 'access')
if unknown_items:
- raise AppArmorException(_('Passed unknown access keyword to SignalRule: %s') % ' '.join(unknown_items))
+ raise AppArmorException(_('Passed unknown access keyword to %s: %s') % (type(self).__name__, ' '.join(unknown_items)))
self.signal, self.all_signals, unknown_items = check_and_split_list(
- signal, signal_keywords, SignalRule.ALL, 'SignalRule', 'signal')
+ signal, signal_keywords, self.ALL, type(self).__name__, 'signal')
if unknown_items:
for item in unknown_items:
if RE_SIGNAL_REALTIME.match(item):
self.signal.add(item)
else:
- raise AppArmorException(_('Passed unknown signal keyword to SignalRule: %s') % item)
+ raise AppArmorException(_('Passed unknown signal keyword to %s: %s') % (type(self).__name__, item))
self.peer, self.all_peers = self._aare_or_all(peer, 'peer', is_path=False, log_event=log_event)
@classmethod
- def _match(cls, raw_rule):
- return RE_PROFILE_SIGNAL.search(raw_rule)
-
- @classmethod
- def _parse(cls, raw_rule):
- """parse raw_rule and return SignalRule"""
-
- matches = cls._match(raw_rule)
- if not matches:
- raise AppArmorException(_("Invalid signal rule '%s'") % raw_rule)
+ def _create_instance(cls, raw_rule, matches):
+ """parse raw_rule and return instance of this class"""
audit, deny, allow_keyword, comment = parse_modifiers(matches)
@@ -127,7 +120,7 @@ class SignalRule(BaseRule):
access = access[1:-1]
access = access.replace(',', ' ').split() # split by ',' or whitespace
else:
- access = SignalRule.ALL
+ access = cls.ALL
if details.group('signal'):
signal = details.group('signal')
@@ -136,19 +129,19 @@ class SignalRule(BaseRule):
signal = RE_FILTER_QUOTES.sub(r' \1 ', signal) # filter out quote pairs
signal = signal.replace(',', ' ').split() # split at ',' or whitespace
else:
- signal = SignalRule.ALL
+ signal = cls.ALL
if details.group('peer'):
peer = details.group('peer')
else:
- peer = SignalRule.ALL
+ peer = cls.ALL
else:
- access = SignalRule.ALL
- signal = SignalRule.ALL
- peer = SignalRule.ALL
+ access = cls.ALL
+ signal = cls.ALL
+ peer = cls.ALL
- return SignalRule(access, signal, peer,
- audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
+ return cls(access, signal, peer,
+ audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
def get_clean(self, depth=0):
"""return rule (in clean/default formatting)"""
@@ -182,7 +175,7 @@ class SignalRule(BaseRule):
return ('%s%ssignal%s%s%s,%s' % (space, self.modifiers_str(), access, signal, peer, self.comment))
- def is_covered_localvars(self, other_rule):
+ def _is_covered_localvars(self, other_rule):
"""check if other_rule is covered by this rule object"""
if not self._is_covered_list(self.access, self.all_access, other_rule.access, other_rule.all_access, 'access'):
@@ -197,12 +190,9 @@ class SignalRule(BaseRule):
# still here? -> then it is covered
return True
- def is_equal_localvars(self, rule_obj, strict):
+ def _is_equal_localvars(self, rule_obj, strict):
"""compare if rule-specific variables are equal"""
- if not type(rule_obj) == SignalRule:
- raise AppArmorBug('Passed non-signal rule: %s' % str(rule_obj))
-
if (self.access != rule_obj.access
or self.all_access != rule_obj.all_access):
return False
@@ -216,16 +206,29 @@ class SignalRule(BaseRule):
return True
- def logprof_header_localvars(self):
+ def _logprof_header_localvars(self):
access = logprof_value_or_all(self.access, self.all_access)
signal = logprof_value_or_all(self.signal, self.all_signals)
peer = logprof_value_or_all(self.peer, self.all_peers) # noqa: E221
- return [
+ return (
_('Access mode'), access,
_('Signal'), signal,
- _('Peer'), peer
- ]
+ _('Peer'), peer,
+ )
+
+ @staticmethod
+ def hashlog_from_event(hl, e):
+ hl[e['peer']][e['denied_mask']][e['signal']] = True
+
+ @classmethod
+ def from_hashlog(cls, hl):
+ for peer in hl.keys():
+ if '//null-' in peer:
+ continue # ignore null-* peers
+
+ for access, signal in BaseRule.generate_rules_from_hashlog(hl[peer], 2):
+ yield cls(access, signal, peer, log_event=True)
class SignalRuleset(BaseRuleset):
diff --git a/utils/apparmor/rule/unix.py b/utils/apparmor/rule/unix.py
new file mode 100644
index 0000000000000000000000000000000000000000..c071a216a37f3ed4fa7dba28408fb7000704a290
--- /dev/null
+++ b/utils/apparmor/rule/unix.py
@@ -0,0 +1,219 @@
+# ----------------------------------------------------------------------
+# Copyright (C) 2024 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+import re
+
+from apparmor.common import AppArmorException
+
+from apparmor.regex import RE_PROFILE_UNIX, strip_parenthesis
+from apparmor.rule import (BaseRule, BaseRuleset, parse_modifiers, logprof_value_or_all, check_and_split_list,
+ check_dict_keys, tuple_to_dict, print_dict_values, initialize_cond_dict, AARE)
+
+from apparmor.translations import init_translation
+
+_ = init_translation()
+
+_aare = r'([][!/\\\,().*?@{}\w^-]+)'
+_quoted_aare = r'"([][!/\\\,().*?@{}\w\s^-]+)"'
+aare = rf'({_aare}|{_quoted_aare}|\(({_aare}|{_quoted_aare})\))'
+aare_set = rf'({_aare}|{_quoted_aare}|\(({_aare}|{_quoted_aare})+\))'
+
+
+def re_cond_set(x, y=None):
+ return rf'\s*({x}\s*=\s*(?P<{y or x}_cond_set>{aare_set}))\s*'
+
+
+def re_cond(x, y=None):
+ return rf'\s*({x}\s*=\s*(?P<{y or x}_cond>{aare}))\s*'
+
+
+access_flags = [
+ 'create', 'bind', 'listen', 'accept', 'connect', 'shutdown', 'getattr', 'setattr', 'getopt', 'setopt', 'send',
+ 'receive', 'r', 'w', 'rw'
+]
+join_access = r'(\s*(' + '|'.join(access_flags) + '))'
+sep = r'\s*[\s,]\s*'
+
+unix_accesses = rf'\s*(\s*(?P<accesses>\({join_access}({sep}{join_access})*\s*\)|{join_access}))?'
+unix_rule_conds = rf'(\s*({re_cond_set("type")}|{re_cond_set("protocol")}))*'
+unix_local_expr = rf'(\s*({re_cond("addr")}|{re_cond("label")}|{re_cond("attr")}|{re_cond("opt")}))*'
+unix_peer_expr = rf'peer\s*=\s*\((\s*({re_cond("addr", "addr_peer")}|{re_cond("label", "label_peer")}))*\)'
+
+RE_UNIX_DETAILS = re.compile(rf'^(\s*{unix_accesses})?(\s*{unix_rule_conds})?(\s*{unix_local_expr})?(\s*{unix_peer_expr})?\s*$')
+
+
+class UnixRule(BaseRule):
+ '''Class to handle and store a single unix rule'''
+
+ # Nothing external should reference this class, all external users
+ # should reference the class field UnixRule.ALL
+ class __UnixAll(object):
+ pass
+
+ ALL = __UnixAll
+
+ rule_name = 'unix'
+ _match_re = RE_PROFILE_UNIX
+
+ def __init__(self, accesses, rule_conds, local_expr, peer_expr, audit=False, deny=False, allow_keyword=False, comment='', log_event=None):
+
+ super().__init__(audit=audit, deny=deny,
+ allow_keyword=allow_keyword,
+ comment=comment,
+ log_event=log_event)
+
+ if type(rule_conds) is tuple: # This comes from the logparser, we convert it to dicts
+ accesses = strip_parenthesis(accesses).replace(',', ' ').split()
+ rule_conds = tuple_to_dict(rule_conds, ['type', 'protocol'])
+ local_expr = tuple_to_dict(local_expr, ['addr', 'label', 'attr', 'opt'])
+ peer_expr = tuple_to_dict(peer_expr, ['addr', 'label'])
+
+ self.accesses, self.all_accesses, unknown_items = check_and_split_list(accesses, access_flags, self.ALL, type(self).__name__, 'accesses')
+
+ if unknown_items:
+ raise AppArmorException(f'Invalid access in Unix rule: {unknown_items}')
+
+ self.rule_conds = check_dict_keys(rule_conds, {'type', 'protocol'}, self.ALL)
+ self.local_expr = check_dict_keys(local_expr, {'addr', 'label', 'attr', 'opt'}, self.ALL)
+ self.peer_expr = check_dict_keys(peer_expr, {'addr', 'label'}, self.ALL)
+
+ if not self.all_accesses and self.peer_expr != self.ALL and self.accesses & {'create', 'bind', 'listen', 'shutdown', 'getattr', 'setattr', 'getopt', 'setopt'}:
+ raise AppArmorException('Cannot use a peer_expr and an access in {create, bind, listen, shutdown, getattr, setattr, getopt, setopt} simultaneously')
+
+ self.can_glob = not (self.accesses or self.rule_conds or self.local_expr or self.peer_expr)
+
+ @classmethod
+ def _create_instance(cls, raw_rule, matches):
+ '''parse raw_rule and return instance of this class'''
+
+ audit, deny, allow_keyword, comment = parse_modifiers(matches)
+
+ rule_details = ''
+ if matches.group('details'):
+ rule_details = matches.group('details')
+
+ parsed = RE_UNIX_DETAILS.search(rule_details)
+
+ if not parsed:
+ raise AppArmorException('Cannot parse unix rule ' + raw_rule)
+
+ r = parsed.groupdict()
+
+ if r['accesses']:
+ accesses = strip_parenthesis(r['accesses']).replace(',', ' ').split()
+ else:
+ accesses = cls.ALL
+
+ rule_conds = initialize_cond_dict(r, ['type', 'protocol'], '_cond_set', cls.ALL)
+ local_expr = initialize_cond_dict(r, ['addr', 'label', 'attr', 'opt'], '_cond', cls.ALL)
+ peer_expr = initialize_cond_dict(r, ['addr', 'label'], '_peer_cond', cls.ALL)
+
+ else:
+ accesses = cls.ALL
+ rule_conds = cls.ALL
+ local_expr = cls.ALL
+ peer_expr = cls.ALL
+
+ return cls(accesses=accesses, rule_conds=rule_conds, local_expr=local_expr, peer_expr=peer_expr, audit=audit, deny=deny, allow_keyword=allow_keyword, comment=comment)
+
+ def get_clean(self, depth=0):
+ space = ' ' * depth
+
+ accesses = ' (%s)' % (', '.join(sorted(self.accesses))) if not self.all_accesses else ''
+ rule_conds = print_dict_values(self.rule_conds, self.ALL)
+ local_expr = print_dict_values(self.local_expr, self.ALL)
+ peer_expr = print_dict_values(self.peer_expr, self.ALL, 'peer')
+ return f'{space}unix{self.modifiers_str()}{accesses}{rule_conds}{local_expr}{peer_expr},{self.comment}'
+
+ def _is_covered_localvars(self, other_rule):
+ if not self._is_covered_list(self.accesses, self.all_accesses, other_rule.accesses, other_rule.all_accesses, 'accesses'):
+ return False
+ if not self._is_covered_dict(self.rule_conds, other_rule.rule_conds):
+ return False
+ if not self._is_covered_dict(self.local_expr, other_rule.local_expr):
+ return False
+ if not self._is_covered_dict(self.peer_expr, other_rule.peer_expr):
+ return False
+ return True
+
+ def _is_equal_localvars(self, rule_obj, strict):
+ if self.accesses != rule_obj.accesses:
+ return False
+ if self.rule_conds != rule_obj.rule_conds:
+ return False
+ if self.local_expr != rule_obj.local_expr:
+ return False
+ if self.peer_expr != rule_obj.peer_expr:
+ return False
+
+ return True
+
+ @staticmethod
+ def hashlog_from_event(hl, e):
+ rule = (e['sock_type'], None) # Protocol is not supported yet.
+ local = (e['addr'], None, e['attr'], None)
+ peer = (e['peer_addr'], e['peer_profile'])
+
+ hl[e['denied_mask']][rule][local][peer] = True
+
+ @classmethod
+ def from_hashlog(cls, hl):
+ for denied_mask, rule, local, peer in BaseRule.generate_rules_from_hashlog(hl, 4):
+ yield cls(denied_mask, rule, local, peer)
+
+ def glob(self):
+ '''Change path to next possible glob'''
+ if self.peer_expr != self.ALL:
+ self.peer_expr = self.ALL
+ elif self.local_expr != self.ALL:
+ self.local_expr = self.ALL
+ elif self.rule_conds != self.ALL:
+ self.rule_conds = self.ALL
+ else: # not self.all_accesses:
+ self.accesses = None
+ self.all_accesses = True
+
+ self.raw_rule = None
+
+ def _logprof_header_localvars(self):
+
+ accesses = logprof_value_or_all(self.accesses, self.all_accesses)
+ rule_conds = logprof_value_or_all(self.rule_conds, self.rule_conds == UnixRule.ALL)
+ local_expr = logprof_value_or_all(self.local_expr, self.local_expr == UnixRule.ALL)
+ peer_expr = logprof_value_or_all(self.peer_expr, self.peer_expr == UnixRule.ALL)
+ return (
+ _('Accesses'), accesses,
+ _('Rule'), rule_conds,
+ _('Local'), local_expr,
+ _('Peer'), peer_expr,
+ )
+
+ def _is_covered_dict(self, d, other):
+
+ if d is self.ALL:
+ return True
+ elif other is self.ALL:
+ return False
+
+ for it in other:
+ if it not in d:
+ continue # No constraints on this item.
+ else:
+ if not self._is_covered_aare(AARE(d[it], False), False, AARE(other[it], False), False, it):
+ return False
+
+ return True
+
+
+class UnixRuleset(BaseRuleset):
+ '''Class to handle and store a collection of Unix rules'''
diff --git a/utils/apparmor/rule/userns.py b/utils/apparmor/rule/userns.py
new file mode 100644
index 0000000000000000000000000000000000000000..2fc1df89b8d2ee13d1b891697d29de5adbeceabf
--- /dev/null
+++ b/utils/apparmor/rule/userns.py
@@ -0,0 +1,134 @@
+# ----------------------------------------------------------------------
+# Copyright (C) 2022 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+import re
+
+from apparmor.regex import RE_PROFILE_USERNS
+from apparmor.common import AppArmorBug, AppArmorException
+from apparmor.rule import BaseRule, BaseRuleset, check_and_split_list, logprof_value_or_all, parse_modifiers
+
+# setup module translations
+from apparmor.translations import init_translation
+_ = init_translation()
+
+access_keyword = 'create'
+
+RE_USERNS_DETAILS = re.compile(
+ '^'
+ + r'\s+(?P<access>' + access_keyword + ')?' # optional access keyword
+ + r'\s*$')
+
+
+class UserNamespaceRule(BaseRule):
+ '''Class to handle and store a single userns rule'''
+
+ # Nothing external should reference this class, all external users
+ # should reference the class field UserNamespaceRule.ALL
+ class __UserNamespaceAll(object):
+ pass
+
+ ALL = __UserNamespaceAll
+
+ rule_name = 'userns'
+ _match_re = RE_PROFILE_USERNS
+
+ def __init__(self, access, audit=False, deny=False,
+ allow_keyword=False, comment='', log_event=None):
+
+ super().__init__(audit=audit, deny=deny,
+ allow_keyword=allow_keyword,
+ comment=comment,
+ log_event=log_event)
+
+ self.access, self.all_access, unknown_items = check_and_split_list(access, access_keyword, self.ALL, type(self).__name__, 'access')
+ if unknown_items:
+ raise AppArmorException(_('Passed unknown access keyword to %s: %s') % (type(self).__name__, ' '.join(unknown_items)))
+
+ @classmethod
+ def _create_instance(cls, raw_rule, matches):
+ '''parse raw_rule and return instance of this class'''
+
+ audit, deny, allow_keyword, comment = parse_modifiers(matches)
+
+ rule_details = ''
+ if matches.group('details'):
+ rule_details = matches.group('details')
+
+ if rule_details:
+ details = RE_USERNS_DETAILS.search(rule_details)
+ if not details:
+ raise AppArmorException(_("Invalid or unknown keywords in 'userns %s" % rule_details))
+
+ access = details.group('access')
+ else:
+ access = cls.ALL
+
+ return cls(access, audit=audit, deny=deny,
+ allow_keyword=allow_keyword, comment=comment)
+
+ @staticmethod
+ def hashlog_from_event(hl, e):
+ if e['denied_mask']:
+ hl[e['denied_mask'][7:]] = True # [7:] removes the 'userns_' prefix
+ else:
+ hl[e['request_mask'][7:]] = True # To support transition to special profiles
+
+ @classmethod
+ def from_hashlog(cls, hl):
+ for access in BaseRule.generate_rules_from_hashlog(hl, 1):
+ yield cls(access)
+
+ def get_clean(self, depth=0):
+ '''return rule (in clean/default formatting)'''
+
+ space = ' ' * depth
+
+ if self.all_access:
+ access = ''
+ elif self.access:
+ access = ' %s' % ' '.join(self.access)
+ else:
+ raise AppArmorBug('Empty access in userns rule')
+
+ return '%s%suserns%s,%s' % (space, self.modifiers_str(), access, self.comment)
+
+ def _is_covered_localvars(self, other_rule):
+ '''check if other_rule is covered by this rule object'''
+
+ if not self._is_covered_list(self.access, self.all_access, other_rule.access, other_rule.all_access, 'access'):
+ return False
+
+ # still here? -> then it is covered
+ return True
+
+ def _is_equal_localvars(self, rule_obj, strict):
+ '''compare if rule-specific variables are equal'''
+
+ if (self.access != rule_obj.access or self.all_access != rule_obj.all_access):
+ return False
+
+ return True
+
+ def _logprof_header_localvars(self):
+ access = logprof_value_or_all(self.access, self.all_access)
+
+ return _('Access mode'), access
+
+
+class UserNamespaceRuleset(BaseRuleset):
+ '''Class to handle and store a collection of userns rules'''
+
+ def get_glob(self, path_or_rule):
+ '''Return the next possible glob. For userns rules, that means removing access'''
+ return 'userns,'
diff --git a/utils/apparmor/rule/variable.py b/utils/apparmor/rule/variable.py
index 90eee9ba1d6cfcaa605c088a4a03534f6c442110..52d63dd958da118ae8a4aae28bc7b6ade5b0526b 100644
--- a/utils/apparmor/rule/variable.py
+++ b/utils/apparmor/rule/variable.py
@@ -27,6 +27,7 @@ class VariableRule(BaseRule):
"""Class to handle and store a single variable rule"""
rule_name = 'variable'
+ _match_re = RE_PROFILE_VARIABLE
def __init__(self, varname, mode, values, audit=False, deny=False, allow_keyword=False,
comment='', log_event=None):
@@ -40,19 +41,19 @@ class VariableRule(BaseRule):
if deny:
raise AppArmorBug('Attempt to initialize %s with deny flag' % self.__class__.__name__)
- if type(varname) is not str:
+ if not isinstance(varname, str):
raise AppArmorBug('Passed unknown type for varname to %s: %s' % (self.__class__.__name__, varname))
if not varname.startswith('@{'):
raise AppArmorException("Passed invalid varname to %s (doesn't start with '@{'): %s" % (self.__class__.__name__, varname))
if not varname.endswith('}'):
raise AppArmorException("Passed invalid varname to %s (doesn't end with '}'): %s" % (self.__class__.__name__, varname))
- if type(mode) is not str:
+ if not isinstance(mode, str):
raise AppArmorBug('Passed unknown type for variable assignment mode to %s: %s' % (self.__class__.__name__, mode))
if mode not in ('=', '+='):
raise AppArmorBug('Passed unknown variable assignment mode to %s: %s' % (self.__class__.__name__, mode))
- if type(values) is not set:
+ if not isinstance(values, set):
raise AppArmorBug('Passed unknown type for values to %s: %s' % (self.__class__.__name__, values))
if not values:
raise AppArmorException('Passed empty list of values to %s: %s' % (self.__class__.__name__, values))
@@ -62,16 +63,8 @@ class VariableRule(BaseRule):
self.values = values
@classmethod
- def _match(cls, raw_rule):
- return RE_PROFILE_VARIABLE.search(raw_rule)
-
- @classmethod
- def _parse(cls, raw_rule):
- """parse raw_rule and return VariableRule"""
-
- matches = cls._match(raw_rule)
- if not matches:
- raise AppArmorException(_("Invalid variable rule '%s'") % raw_rule)
+ def _create_instance(cls, raw_rule, matches):
+ """parse raw_rule and return instance of this class"""
comment = parse_comment(matches)
@@ -79,8 +72,8 @@ class VariableRule(BaseRule):
mode = matches.group('mode')
values = separate_vars(matches.group('values'))
- return VariableRule(varname, mode, values,
- audit=False, deny=False, allow_keyword=False, comment=comment)
+ return cls(varname, mode, values,
+ audit=False, deny=False, allow_keyword=False, comment=comment)
def get_clean(self, depth=0):
"""return rule (in clean/default formatting)"""
@@ -95,7 +88,7 @@ class VariableRule(BaseRule):
return '%s%s %s %s' % (space, self.varname, self.mode, ' '.join(data))
- def is_covered_localvars(self, other_rule):
+ def _is_covered_localvars(self, other_rule):
"""check if other_rule is covered by this rule object"""
if self.varname != other_rule.varname:
@@ -110,12 +103,9 @@ class VariableRule(BaseRule):
# still here? -> then it is covered
return True
- def is_equal_localvars(self, rule_obj, strict):
+ def _is_equal_localvars(self, rule_obj, strict):
"""compare if rule-specific variables are equal"""
- if not type(rule_obj) == VariableRule:
- raise AppArmorBug('Passed non-variable rule: %s' % str(rule_obj))
-
if self.varname != rule_obj.varname:
return False
@@ -127,12 +117,8 @@ class VariableRule(BaseRule):
return True
- def logprof_header_localvars(self):
- headers = []
-
- return headers + [
- _('Variable'), self.get_clean(),
- ]
+ def _logprof_header_localvars(self):
+ return _('Variable'), self.get_clean()
class VariableRuleset(BaseRuleset):
@@ -154,7 +140,7 @@ class VariableRuleset(BaseRuleset):
super().add(rule, cleanup)
def get_merged_variables(self):
- """Get merged variables of this VariableRuleset.
+ """Get merged variables of this object.
Note that no error checking is done because variables can be defined in one file and extended in another.
"""
diff --git a/utils/apparmor/rules.py b/utils/apparmor/rules.py
deleted file mode 100644
index b17a103219d1b66948b53d382a0b43e1144937e7..0000000000000000000000000000000000000000
--- a/utils/apparmor/rules.py
+++ /dev/null
@@ -1,41 +0,0 @@
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2014 Canonical Ltd.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-class _Raw_Rule:
- audit = False
- deny = False
-
- def __init__(self, rule):
- self.rule = rule
-
- def serialize(self):
- return "%s%s%s" % ('audit ' if self.audit else '',
- 'deny ' if self.deny else '',
- self.rule)
-
- def recursive_print(self, depth):
- tabs = ' ' * depth * 4
- print('%s[%s]' % (tabs, type(self).__name__))
- tabs += ' ' * 4
- print('%saudit = %s' % (tabs, self.audit))
- print('%sdeny = %s' % (tabs, self.deny))
- print('%sraw rule = %s' % (tabs, self.rule))
-
-
-class Raw_Mount_Rule(_Raw_Rule):
- pass
-
-
-class Raw_Pivot_Root_Rule(_Raw_Rule):
- pass
-
-
-class Raw_Unix_Rule(_Raw_Rule):
- pass
diff --git a/utils/apparmor/sandbox.py b/utils/apparmor/sandbox.py
index 447cc88367d478a237a3b6904e145550e8bc9db7..c352c8cbe5d94da60058c78e7575e3ea65f827d6 100644
--- a/utils/apparmor/sandbox.py
+++ b/utils/apparmor/sandbox.py
@@ -313,7 +313,7 @@ class SandboxXephyr(SandboxXserver):
raise AppArmorException("Could not find '%s'" % e)
# Run any setup code
- SandboxXserver.start(self)
+ super().start()
# Start a Xephyr server
listener_x = os.fork()
@@ -387,7 +387,7 @@ class SandboxXpra(SandboxXserver):
if '-for-Xpra-%s' % self.display in line:
self.pids.append(int(line.split()[1]))
- SandboxXserver.cleanup(self)
+ super().cleanup()
def _get_xvfb_args(self):
"""Setup xvfb arguments"""
@@ -578,7 +578,7 @@ EndSection
raise AppArmorException("Could not find '%s'" % drv)
# Run any setup code
- SandboxXserver.start(self)
+ super().start()
xvfb_args = self._get_xvfb_args()
listener_x = os.fork()
@@ -693,10 +693,8 @@ def run_xsandbox(command, opt):
x.verify_host_setup()
# Debug: show old environment
- keys = x.old_environ.keys()
- keys.sort()
- for k in keys:
- debug("Old: %s=%s" % (k, x.old_environ[k]))
+ for k, v in sorted(x.old_environ.items()):
+ debug("Old: %s=%s" % (k, v))
try:
x.start()
@@ -714,9 +712,7 @@ def run_xsandbox(command, opt):
# aa-exec
try:
rc, report = aa_exec(command, opt, x.new_environ, required_rules)
- except Exception:
+ finally:
x.cleanup()
- raise
- x.cleanup()
return rc, report
diff --git a/utils/apparmor/tools.py b/utils/apparmor/tools.py
index d4cd0b3b3bd3b43f721a71cf89abcc61893387c3..9433e19b4929572a8727dd8ac766d9abf2d5f3da 100644
--- a/utils/apparmor/tools.py
+++ b/utils/apparmor/tools.py
@@ -1,6 +1,6 @@
# ----------------------------------------------------------------------
# Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com>
-# Copyright (C) 2015-2022 Christian Boltz <apparmor@cboltz.de>
+# Copyright (C) 2015-2023 Christian Boltz <apparmor@cboltz.de>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -27,6 +27,7 @@ _ = init_translation()
class aa_tools:
def __init__(self, tool_name, args):
apparmor.init_aa(profiledir=args.dir, confdir=args.configdir)
+ apparmor.read_profiles()
if not user_perm(apparmor.profile_dir):
raise AppArmorException("Cannot write to profile directory: %s" % (apparmor.profile_dir))
@@ -51,55 +52,59 @@ class aa_tools:
if not p:
continue
- program = None
- profile = None
if os.path.exists(p) or p.startswith('/'):
fq_path = apparmor.get_full_path(p).strip()
if os.path.commonprefix([apparmor.profile_dir, fq_path]) == apparmor.profile_dir:
program = None
- profile = fq_path
+ prof_filename = fq_path
+ profile = None
else:
program = fq_path
- if self.name == 'cleanprof':
- profile = apparmor.active_profiles.profile_from_attachment(fq_path)
- else:
- profile = apparmor.get_profile_filename_from_attachment(fq_path, True)
+ profile = apparmor.active_profiles.profile_from_attachment(fq_path)
+ prof_filename = apparmor.get_profile_filename_from_attachment(fq_path, True)
else:
which_ = which(p)
if self.name == 'cleanprof' and p in apparmor.aa:
program = p # not really correct, but works
profile = p
+ prof_filename = apparmor.get_profile_filename_from_profile_name(profile)
elif which_ is not None:
program = apparmor.get_full_path(which_)
- if self.name == 'cleanprof':
- profile = program
- else:
- profile = apparmor.get_profile_filename_from_attachment(program, True)
+ profile = program
+ prof_filename = apparmor.get_profile_filename_from_attachment(program, True)
elif os.path.exists(os.path.join(apparmor.profile_dir, p)):
program = None
- if self.name == 'cleanprof':
- profile = p
- else:
- profile = apparmor.get_full_path(os.path.join(apparmor.profile_dir, p)).strip()
+ profile = p
+ prof_filename = apparmor.get_full_path(os.path.join(apparmor.profile_dir, p)).strip()
else:
if '/' not in p:
aaui.UI_Info(_("Can't find %(program)s in the system path list. If the name of the application\nis correct, please run 'which %(program)s' as a user with correct PATH\nenvironment set up in order to find the fully-qualified path and\nuse the full path as parameter.")
% {'program': p})
else:
aaui.UI_Info(_("%s does not exist, please double-check the path.") % p)
+
continue
- yield (program, profile)
+ yield (program, profile, prof_filename)
- def cleanprof_act(self):
- # used by aa-cleanprof
- apparmor.read_profiles()
+ def get_next_for_modechange(self):
+ """common code for mode/flags changes"""
+
+ for (program, _ignored, prof_filename) in self.get_next_to_profile():
+ output_name = prof_filename if program is None else program
+
+ if not os.path.isfile(prof_filename) or is_skippable_file(prof_filename):
+ aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
+ continue
+
+ yield (program, prof_filename, output_name)
- for (program, profile) in self.get_next_to_profile():
+ def cleanprof_act(self):
+ for (program, profile, prof_filename) in self.get_next_to_profile():
if program is None:
program = profile
- if not program or not(os.path.exists(program) or profile in apparmor.aa):
+ if not program or not (os.path.exists(program) or profile in apparmor.aa):
if program and not program.startswith('/'):
program = aaui.UI_GetString(_('The given program cannot be found, please try with the fully qualified path name of the program: '), '')
else:
@@ -107,7 +112,7 @@ class aa_tools:
sys.exit(1)
if program and profile in apparmor.aa:
- self.clean_profile(program, profile)
+ self.clean_profile(program, profile, prof_filename)
else:
if '/' not in program:
@@ -118,83 +123,48 @@ class aa_tools:
sys.exit(1)
def cmd_disable(self):
- apparmor.read_profiles()
-
- for (program, profile) in self.get_next_to_profile():
-
- output_name = profile if program is None else program
-
- if not os.path.isfile(profile) or is_skippable_file(profile):
- aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
- continue
-
+ for (program, prof_filename, output_name) in self.get_next_for_modechange():
aaui.UI_Info(_('Disabling %s.') % output_name)
- self.disable_profile(profile)
-
- self.unload_profile(profile)
-
- def cmd_enforce(self):
- apparmor.read_profiles()
- for (program, profile) in self.get_next_to_profile():
+ apparmor.create_symlink('disable', prof_filename)
- output_name = profile if program is None else program
+ self.unload_profile(prof_filename)
- if not os.path.isfile(profile) or is_skippable_file(profile):
- aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
- continue
-
- apparmor.set_enforce(profile, program)
+ def cmd_enforce(self):
+ for (program, prof_filename, output_name) in self.get_next_for_modechange():
+ apparmor.set_enforce(prof_filename, program)
- self.reload_profile(profile)
+ self.reload_profile(prof_filename)
def cmd_complain(self):
- apparmor.read_profiles()
-
- for (program, profile) in self.get_next_to_profile():
+ for (program, prof_filename, output_name) in self.get_next_for_modechange():
+ apparmor.set_complain(prof_filename, program)
- output_name = profile if program is None else program
-
- if not os.path.isfile(profile) or is_skippable_file(profile):
- aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
- continue
-
- apparmor.set_complain(profile, program)
-
- self.reload_profile(profile)
+ self.reload_profile(prof_filename)
def cmd_audit(self):
- apparmor.read_profiles()
-
- for (program, profile) in self.get_next_to_profile():
-
- output_name = profile if program is None else program
-
- if not os.path.isfile(profile) or is_skippable_file(profile):
- aaui.UI_Info(_('Profile for %s not found, skipping') % output_name)
- continue
+ for (program, prof_filename, output_name) in self.get_next_for_modechange():
# keep this to allow toggling 'audit' flags
if not self.remove:
aaui.UI_Info(_('Setting %s to audit mode.') % output_name)
else:
aaui.UI_Info(_('Removing audit mode from %s.') % output_name)
- apparmor.change_profile_flags(profile, program, 'audit', not self.remove)
+ apparmor.change_profile_flags(prof_filename, program, 'audit', not self.remove)
- disable_link = '%s/disable/%s' % (apparmor.profile_dir, os.path.basename(profile))
+ disable_link = '%s/disable/%s' % (apparmor.profile_dir, os.path.basename(prof_filename))
if os.path.exists(disable_link):
- aaui.UI_Info(_('\nWarning: the profile %s is disabled. Use aa-enforce or aa-complain to enable it.') % os.path.basename(profile))
+ aaui.UI_Info(_('\nWarning: the profile %s is disabled. Use aa-enforce or aa-complain to enable it.') % os.path.basename(prof_filename))
- self.reload_profile(profile)
+ self.reload_profile(prof_filename)
def cmd_autodep(self):
- apparmor.read_profiles()
apparmor.loadincludes()
- for (program, profile) in self.get_next_to_profile():
+ for (program, _ignored, prof_filename) in self.get_next_to_profile():
if not program:
- aaui.UI_Info(_('Please pass an application to generate a profile for, not a profile itself - skipping %s.') % profile)
+ aaui.UI_Info(_('Please pass an application to generate a profile for, not a profile itself - skipping %s.') % prof_filename)
continue
apparmor.check_qualifiers(program)
@@ -206,59 +176,53 @@ class aa_tools:
if self.aa_mountpoint:
apparmor.reload(program)
- def clean_profile(self, program, profile):
- filename = apparmor.get_profile_filename_from_profile_name(profile)
+ def clean_profile(self, program, profile, prof_filename):
import apparmor.cleanprofile as cleanprofile
- prof = cleanprofile.Prof(filename)
+
+ prof = cleanprofile.Prof(prof_filename)
cleanprof = cleanprofile.CleanProf(True, prof, prof)
deleted = cleanprof.remove_duplicate_rules(profile)
aaui.UI_Info(_("\nDeleted %s rules.") % deleted)
apparmor.changed[profile] = True
- if filename:
- if not self.silent:
- q = aaui.PromptQuestion()
- q.title = 'Changed Local Profiles'
- q.explanation = _('The local profile for %(program)s in file %(file)s was changed. Would you like to save it?') % {'program': program, 'file': filename}
- q.functions = ['CMD_SAVE_CHANGES', 'CMD_VIEW_CHANGES', 'CMD_ABORT']
- q.default = 'CMD_VIEW_CHANGES'
- q.options = []
- q.selected = 0
- ans = ''
- arg = None
- while ans != 'CMD_SAVE_CHANGES':
- ans, arg = q.promptUser()
- if ans == 'CMD_SAVE_CHANGES':
- apparmor.write_profile_ui_feedback(profile)
- self.reload_profile(filename)
- elif ans == 'CMD_VIEW_CHANGES':
- # oldprofile = apparmor.serialize_profile(apparmor.split_to_merged(apparmor.original_aa), profile, {})
- newprofile = apparmor.serialize_profile(apparmor.split_to_merged(apparmor.aa), profile, {}) # , {'is_attachment': True})
- aaui.UI_Changes(filename, newprofile, comments=True)
- else:
- apparmor.write_profile_ui_feedback(profile, True)
- self.reload_profile(filename)
- else:
+ if not prof_filename:
raise AppArmorException(_('The profile for %s does not exists. Nothing to clean.') % program)
- def enable_profile(self, filename):
- apparmor.delete_symlink('disable', filename)
-
- def disable_profile(self, filename):
- apparmor.create_symlink('disable', filename)
-
- def unload_profile(self, profile):
+ if self.silent:
+ apparmor.write_profile_ui_feedback(profile, True)
+ self.reload_profile(prof_filename)
+ else:
+ q = aaui.PromptQuestion()
+ q.title = 'Changed Local Profiles'
+ q.explanation = _('The local profile for %(program)s in file %(file)s was changed. Would you like to save it?') % {'program': program, 'file': prof_filename}
+ q.functions = ['CMD_SAVE_CHANGES', 'CMD_VIEW_CHANGES', 'CMD_ABORT']
+ q.default = 'CMD_VIEW_CHANGES'
+ q.options = []
+ q.selected = 0
+ ans = ''
+ arg = None
+ while ans != 'CMD_SAVE_CHANGES':
+ ans, arg = q.promptUser()
+ if ans == 'CMD_SAVE_CHANGES':
+ apparmor.write_profile_ui_feedback(profile)
+ self.reload_profile(prof_filename)
+ elif ans == 'CMD_VIEW_CHANGES':
+ # oldprofile = apparmor.serialize_profile(apparmor.split_to_merged(apparmor.original_aa), profile, {})
+ newprofile = apparmor.serialize_profile(apparmor.split_to_merged(apparmor.aa), profile, {}) # , {'is_attachment': True})
+ aaui.UI_Changes(prof_filename, newprofile, comments=True)
+
+ def unload_profile(self, prof_filename):
if not self.do_reload:
return
# FIXME: should ensure profile is loaded before unloading
- cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '--base', apparmor.profile_dir, '-R', profile])
+ cmd_info = cmd([apparmor.parser, '-I%s' % apparmor.profile_dir, '--base', apparmor.profile_dir, '-R', prof_filename])
if cmd_info[0] != 0:
raise AppArmorException(cmd_info[1])
- def reload_profile(self, profile):
+ def reload_profile(self, prof_filename):
if not self.do_reload:
return
- apparmor.reload_profile(profile, raise_exc=True)
+ apparmor.reload_profile(prof_filename, raise_exc=True)
diff --git a/utils/apparmor/ui.py b/utils/apparmor/ui.py
index 7c3e73ac08b41815be2d1777a83ca16e425d6756..bd128c90462e6ce45d936e8c20d0eeec456d027b 100644
--- a/utils/apparmor/ui.py
+++ b/utils/apparmor/ui.py
@@ -33,14 +33,20 @@ debug_logger = DebugLogger('UI')
ARROWS = {'A': 'UP', 'B': 'DOWN', 'C': 'RIGHT', 'D': 'LEFT'}
UI_mode = 'text'
+jsonlog = None
def write_json(jsonout):
- print(json.dumps(jsonout, sort_keys=False, separators=(',', ': ')))
+ jtxt = json.dumps(jsonout, sort_keys=False, separators=(',', ': '))
+
+ if jsonlog:
+ jsonlog.write('o ' + jtxt + '\n')
+
+ print(jtxt)
sys.stdout.flush()
-def set_json_mode():
+def set_json_mode(cfg):
"""
Currently this is only used by aa-genprof and aa-logprof, while e.g.
aa-status generates its own JSON output.
@@ -50,8 +56,14 @@ def set_json_mode():
Current known consumers of the JSON output:
- YaST
+
+ The cfg parameter expects the parsed logprof.conf aka apparmor.aa.cfg.
"""
- global UI_mode
+ global UI_mode, jsonlog
+
+ if int(cfg['settings'].get('json_log', False)):
+ jsonlog = NamedTemporaryFile('w', prefix='aa-jsonlog-', delete=False, encoding='utf-8')
+
UI_mode = 'json'
jsonout = {'dialog': 'apparmor-json-version', 'data': '2.12'}
write_json(jsonout)
@@ -63,10 +75,19 @@ def set_text_mode():
UI_mode = 'text'
+def set_allow_all_mode():
+ global UI_mode
+ UI_mode = 'allow_all'
+
+
# reads the response on command line for json and verifies the response
# for the dialog type
def json_response(dialog_type):
string = input('\n')
+
+ if jsonlog:
+ jsonlog.write('i ' + string + '\n')
+
rh = json.loads(string.strip())
if rh["dialog"] != dialog_type:
raise AppArmorException('Expected response %s got %s.' % (dialog_type, string))
@@ -79,7 +100,7 @@ def getkey():
key = readkey()
if key == '[':
key = readkey()
- if(ARROWS.get(key, False)):
+ if ARROWS.get(key, False):
key = ARROWS[key]
return key.strip()
@@ -105,25 +126,23 @@ def UI_Important(text):
def get_translated_hotkey(translated, cmsg=''):
- msg = 'PromptUser: ' + _('Invalid hotkey for')
-
# Originally (\S) was used but with translations it would not work :(
- if re.search(r'\((\S+)\)', translated):
- return re.search(r'\((\S+)\)', translated).groups()[0]
- else:
- if cmsg:
- raise AppArmorException(cmsg)
- else:
- raise AppArmorException('%s %s' % (msg, translated))
+ match = re.search(r'\((\S+)\)', translated)
+ if match:
+ return match.groups()[0].lower()
+
+ if not cmsg:
+ cmsg = 'PromptUser: %s %s' % (_('Invalid hotkey for'), translated)
+ raise AppArmorException(cmsg)
def UI_YesNo(text, default):
- debug_logger.debug('UI_YesNo: %s: %s %s' % (UI_mode, text, default))
+ debug_logger.debug('UI_YesNo: %s: %s %s', UI_mode, text, default)
default = default.lower()
yes = CMDS['CMD_YES']
no = CMDS['CMD_NO']
- yeskey = get_translated_hotkey(yes).lower()
- nokey = get_translated_hotkey(no).lower()
+ yeskey = get_translated_hotkey(yes)
+ nokey = get_translated_hotkey(no)
ans = 'XXXINVALIDXXX'
while ans not in ('y', 'n'):
if UI_mode == 'json':
@@ -137,7 +156,10 @@ def UI_YesNo(text, default):
sys.stdout.write('\n[%s] / %s\n' % (yes, no))
else:
sys.stdout.write('\n%s / [%s]\n' % (yes, no))
- ans = getkey()
+ if UI_mode == 'allow_all':
+ ans = nokey
+ else:
+ ans = getkey()
if ans:
# Get back to english from localised answer
ans = ans.lower()
@@ -158,15 +180,15 @@ def UI_YesNo(text, default):
def UI_YesNoCancel(text, default):
- debug_logger.debug('UI_YesNoCancel: %s: %s %s' % (UI_mode, text, default))
+ debug_logger.debug('UI_YesNoCancel: %s: %s %s', UI_mode, text, default)
default = default.lower()
yes = CMDS['CMD_YES']
no = CMDS['CMD_NO']
cancel = CMDS['CMD_CANCEL']
- yeskey = get_translated_hotkey(yes).lower()
- nokey = get_translated_hotkey(no).lower()
- cancelkey = get_translated_hotkey(cancel).lower()
+ yeskey = get_translated_hotkey(yes)
+ nokey = get_translated_hotkey(no)
+ cancelkey = get_translated_hotkey(cancel)
ans = 'XXXINVALIDXXX'
while ans not in ('c', 'n', 'y'):
@@ -183,7 +205,10 @@ def UI_YesNoCancel(text, default):
sys.stdout.write('\n%s / [%s] / %s\n' % (yes, no, cancel))
else:
sys.stdout.write('\n%s / %s / [%s]\n' % (yes, no, cancel))
- ans = getkey()
+ if UI_mode == 'allow_all':
+ ans = nokey
+ else:
+ ans = getkey()
if ans:
# Get back to english from localised answer
ans = ans.lower()
@@ -209,7 +234,7 @@ def UI_YesNoCancel(text, default):
def UI_GetString(text, default):
- debug_logger.debug('UI_GetString: %s: %s %s' % (UI_mode, text, default))
+ debug_logger.debug('UI_GetString: %s: %s %s', UI_mode, text, default)
string = default
if UI_mode == 'json':
jsonout = {'dialog': 'getstring', 'text': text, 'default': default}
@@ -227,7 +252,7 @@ def UI_GetString(text, default):
def UI_GetFile(file):
- debug_logger.debug('UI_GetFile: %s' % UI_mode)
+ debug_logger.debug('UI_GetFile: %s', UI_mode)
filename = None
if UI_mode == 'json':
jsonout = {'dialog': 'getfile', 'text': file['description']}
@@ -240,12 +265,12 @@ def UI_GetFile(file):
def UI_BusyStart(message):
- debug_logger.debug('UI_BusyStart: %s' % UI_mode)
+ debug_logger.debug('UI_BusyStart: %s', UI_mode)
UI_Info(message)
def UI_BusyStop():
- debug_logger.debug('UI_BusyStop: %s' % UI_mode)
+ debug_logger.debug('UI_BusyStop: %s', UI_mode)
def diff(oldprofile, newprofile):
@@ -363,6 +388,7 @@ class PromptQuestion:
default = None
selected = None
helptext = None
+ already_have_profile = False
def __init__(self):
self.headers = []
@@ -401,7 +427,7 @@ class PromptQuestion:
menutext = CMDS[cmd]
- key = get_translated_hotkey(menutext).lower()
+ key = get_translated_hotkey(menutext)
# Duplicate hotkey
if keys.get(key, False):
raise AppArmorException(
@@ -420,7 +446,7 @@ class PromptQuestion:
defaulttext = CMDS[default]
defmsg = _('PromptUser: Invalid hotkey in default item')
- default_key = get_translated_hotkey(defaulttext, defmsg).lower()
+ default_key = get_translated_hotkey(defaulttext, defmsg)
if not keys.get(default_key, False):
raise AppArmorException(_('PromptUser: Invalid default %s') % default)
@@ -488,6 +514,17 @@ class PromptQuestion:
hm = json_response('promptuser')
ans = hm["response_key"]
selected = hm["selected"]
+
+ elif UI_mode == 'allow_all':
+ if self.already_have_profile:
+ expected_keys = ['CMD_px', 'CMD_ix', 'CMD_ALLOW', 'CMD_SAVE_CHANGES']
+ else:
+ expected_keys = ['CMD_ix', 'CMD_ALLOW', 'CMD_SAVE_CHANGES']
+ for exp in expected_keys:
+ if exp in functions:
+ ans = get_translated_hotkey(CMDS[exp])
+ break
+
else: # text mode
sys.stdout.write(prompt + '\n')
ans = getkey().lower()
@@ -537,5 +574,5 @@ def confirm_and_abort():
def is_number(number):
try:
return int(number)
- except:
+ except (TypeError, ValueError):
return False
diff --git a/utils/apparmor/update_profile.py b/utils/apparmor/update_profile.py
new file mode 100755
index 0000000000000000000000000000000000000000..02c24f14683ea9f2f87d517e2c49b5d4b8493d15
--- /dev/null
+++ b/utils/apparmor/update_profile.py
@@ -0,0 +1,79 @@
+#!/usr/bin/python3
+
+import subprocess
+import sys
+
+# TODO: transform this script to a package to use local imports so that if called with ./aa-notify, we use ./apparmor.*
+from apparmor import aa
+from apparmor.logparser import ReadLog
+
+from apparmor.translations import init_translation
+_ = init_translation()
+
+
+def create_userns(template_path, name, bin_path, profile_path, decision):
+ with open(template_path, 'r') as f:
+ profile_template = f.read()
+
+ rule = 'userns create' if decision == 'allow' else 'audit deny userns create'
+ profile = profile_template.format(rule=rule, name=name, path=bin_path)
+
+ with open(profile_path, 'w') as file:
+ file.write(profile)
+
+ try:
+ subprocess.run(['apparmor_parser', '-r', profile_path], check=True)
+ except subprocess.CalledProcessError:
+ exit(_('Cannot reload updated profile'))
+
+
+def add_to_profile(rule, profile_name):
+ aa.init_aa()
+ aa.read_profiles()
+
+ rule_type, rule_class = ReadLog('', '', '').get_rule_type(rule)
+
+ rule_obj = rule_class.create_instance(rule)
+
+ if profile_name not in aa.aa or profile_name not in aa.aa[profile_name]:
+ exit(_('Cannot find {} in profiles').format(profile_name))
+ aa.aa[profile_name][profile_name][rule_type].add(rule_obj, cleanup=True)
+
+ # Save changes
+ aa.write_profile_ui_feedback(profile_name)
+ aa.reload_base(profile_name)
+
+
+def usage(is_help):
+ print('This tool is a low level tool - do not use it directly')
+ print('{} create_userns <template_path> <name> <bin_path> <profile_path> <decision>'.format(sys.argv[0]))
+ print('{} add_rule <rule> <profile_name>'.format(sys.argv[0]))
+
+ if is_help:
+ exit(0)
+ else:
+ exit(1)
+
+
+def main():
+ if len(sys.argv) > 1:
+ command = sys.argv[1]
+ else:
+ command = None # Handle the case where no command is provided
+
+ if command == 'create_userns':
+ if not len(sys.argv) == 7:
+ usage(False)
+ create_userns(sys.argv[2], sys.argv[3], sys.argv[4], sys.argv[5], sys.argv[6])
+ elif command == 'add_rule':
+ if not len(sys.argv) == 4:
+ usage(False)
+ add_to_profile(sys.argv[2], sys.argv[3])
+ elif command == 'help':
+ usage(True)
+ else:
+ usage(False)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/utils/default_unconfined.template b/utils/default_unconfined.template
new file mode 100644
index 0000000000000000000000000000000000000000..43779041e4dcdd5601b3798c026f07f06d9f7daa
--- /dev/null
+++ b/utils/default_unconfined.template
@@ -0,0 +1,14 @@
+# This profile was auto-generated by AppArmor
+# This profile allows everything and only exists to give the
+# application the possibility to use unprivileged user namespaces
+
+abi <abi/4.0>,
+include <tunables/global>
+
+
+profile {name} {path} flags=(unconfined) {{
+ {rule},
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/{name}>
+}}
diff --git a/utils/emacs/apparmor-mode.el b/utils/emacs/apparmor-mode.el
new file mode 100644
index 0000000000000000000000000000000000000000..7cf7201853a27de55ef9a06d076ab0d36944a95b
--- /dev/null
+++ b/utils/emacs/apparmor-mode.el
@@ -0,0 +1,424 @@
+;;; apparmor-mode.el --- Major mode for editing AppArmor policy files -*- lexical-binding: t; -*-
+
+;; Copyright (c) 2018 Alex Murray
+
+;; Author: Alex Murray <murray.alex@gmail.com>
+;; Maintainer: Alex Murray <murray.alex@gmail.com>
+;; URL: https://gitlab.com/apparmor/apparmor
+;; Version: 0.8.2
+;; Package-Requires: ((emacs "26.1"))
+
+;; This file is not part of GNU Emacs.
+
+;; This program is free software: you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation, either version 3 of the License, or
+;; (at your option) any later version.
+
+;; This program is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;; GNU General Public License for more details.
+
+;; You should have received a copy of the GNU General Public License
+;; along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+;;; Commentary:
+
+;; The following documentation sources were used:
+;; https://gitlab.com/apparmor/apparmor/wikis/QuickProfileLanguage
+;; https://gitlab.com/apparmor/apparmor/wikis/ProfileLanguage
+
+;; TODO:
+;; - do smarter completion syntactically via regexps
+;; - decide if to use entire line regexp for statements or
+;; - not (ie just a subset?) if we use regexps above then
+;; - should probably keep full regexps here so can reuse
+;; - expand highlighting of mount rules (options=...) similar to dbus
+;; - add tests via ert etc
+
+;;;; Setup
+
+;; (require 'apparmor-mode)
+
+;;; Code:
+
+;; for flycheck integration
+(declare-function flycheck-define-command-checker "ext:flycheck.el"
+ (symbol docstring &rest properties))
+(declare-function flycheck-valid-checker-p "ext:flycheck.el")
+(defvar flycheck-checkers)
+
+(defgroup apparmor nil
+ "Major mode for editing AppArmor policies."
+ :group 'tools)
+
+(defcustom apparmor-mode-indent-offset 2
+ "Indentation offset in `apparmor-mode' buffers."
+ :type 'integer
+ :group 'apparmor)
+
+(defvar apparmor-mode-keywords '("all" "audit" "capability" "chmod" "delegate"
+ "dbus" "deny" "file" "flags" "io_uring" "include"
+ "include if exists" "link" "mount" "mqueue"
+ "network" "on" "owner" "pivot_root" "profile"
+ "quiet" "remount" "rlimit" "safe" "subset" "to"
+ "umount" "unsafe" "userns"))
+
+(defvar apparmor-mode-profile-flags '("enforce" "complain" "debug" "kill"
+ "chroot_relative" "namespace_relative"
+ "attach_disconnected" "no_attach_disconnected"
+ "chroot_attach" "chroot_no_attach"
+ "unconfined"))
+
+(defvar apparmor-mode-capabilities '("audit_control" "audit_write" "chown"
+ "dac_override" "dac_read_search" "fowner"
+ "fsetid" "ipc_lock" "ipc_owner" "kill"
+ "lease" "linux_immutable" "mac_admin"
+ "mac_override" "mknod" "net_admin"
+ "net_bind_service" "net_broadcast"
+ "net_raw" "setfcap" "setgid" "setpcap"
+ "setuid" "syslog" "sys_admin" "sys_boot"
+ "sys_chroot" "sys_module" "sys_nice"
+ "sys_pacct" "sys_ptrace" "sys_rawio"
+ "sys_resource" "sys_time"
+ "sys_tty_config"))
+
+(defvar apparmor-mode-network-permissions '("create" "accept" "bind" "connect"
+ "listen" "read" "write" "send"
+ "receive" "getsockname" "getpeername"
+ "getsockopt" "setsockopt" "fcntl"
+ "ioctl" "shutdown" "getpeersec"
+ "sqpoll" "override_creds"))
+
+(defvar apparmor-mode-network-domains '("inet" "ax25" "ipx" "appletalk" "netrom"
+ "bridge" "atmpvc" "x25" "inet6" "rose"
+ "netbeui" "security" "key" "packet"
+ "ash" "econet" "atmsvc" "sna" "irda"
+ "pppox" "wanpipe" "bluetooth" "unix"))
+
+(defvar apparmor-mode-network-types '("stream" "dgram" "seqpacket" "raw" "rdm"
+ "packet" "dccp"))
+
+;; TODO: this is not complete since is not fully documented
+(defvar apparmor-mode-network-protocols '("tcp" "udp" "icmp"))
+
+(defvar apparmor-mode-dbus-permissions '("r" "w" "rw" "send" "receive"
+ "acquire" "bind" "read" "write"))
+
+(defvar apparmor-mode-rlimit-types '("fsize" "data" "stack" "core" "rss" "as"
+ "memlock" "msgqueue" "nofile" "locks"
+ "sigpending" "nproc" "rtprio" "cpu"
+ "nice"))
+
+(defvar apparmor-mode-abi-regexp "^\\s-*\\(#?abi\\)\\s-+\\([<\"][[:graph:]]+[\">]\\)")
+
+(defvar apparmor-mode-include-regexp "^\\s-*\\(#?include\\( if exists\\)?\\)\\s-+\\([<\"][[:graph:]]+[\">]\\)")
+
+(defvar apparmor-mode-capability-regexp (concat "^\\s-*\\(capability\\)\\s-+\\("
+ (regexp-opt apparmor-mode-capabilities)
+ "\\s-*\\)*"))
+
+(defvar apparmor-mode-variable-name-regexp "@{[[:alpha:]_]+}")
+
+(defvar apparmor-mode-variable-regexp
+ (concat "^\\s-*\\(" apparmor-mode-variable-name-regexp "\\)\\s-*\\(\\+?=\\)\\s-*\\([[:graph:]]+\\)\\(\\s-+\\([[:graph:]]+\\)\\)?\\s-*\\(#.*\\)?$"))
+
+(defvar apparmor-mode-profile-name-regexp "[[:alnum:]]+")
+
+(defvar apparmor-mode-profile-attachment-regexp "[][[:alnum:]*@/_{},-.?]+")
+
+(defvar apparmor-mode-profile-flags-regexp
+ (concat "\\(flags\\)=(\\(" (regexp-opt apparmor-mode-profile-flags) "\\s-*\\)*)") )
+
+(defvar apparmor-mode-profile-regexp
+ (concat "^\\s-*\\(\\(profile\\)\\s-+\\(\\(" apparmor-mode-profile-name-regexp "\\)\\s-+\\)?\\)?\\(\\^?" apparmor-mode-profile-attachment-regexp "\\)\\(\\s-+" apparmor-mode-profile-flags-regexp "\\)?\\s-+{\\s-*$"))
+
+(defvar apparmor-mode-file-rule-permissions-regexp "[CPUaciklmpruwx]+")
+
+(defvar apparmor-mode-file-rule-permissions-prefix-regexp
+ (concat "^\\s-*\\(\\(audit\\|owner\\|deny\\)\\s-+\\)*\\(file\\s-+\\)?"
+ "\\(" apparmor-mode-file-rule-permissions-regexp "\\)\\s-+"
+ "\\(" apparmor-mode-profile-attachment-regexp "\\)\\s-*"
+ "\\(->\\s-+\\(" apparmor-mode-profile-attachment-regexp "\\)\\)?\\s-*"
+ ","))
+
+(defvar apparmor-mode-file-rule-permissions-suffix-regexp
+ (concat "^\\s-*\\(\\(audit\\|owner\\|deny\\)\\s-+\\)*\\(file\\s-+\\)?"
+ "\\(" apparmor-mode-profile-attachment-regexp "\\)\\s-+"
+ "\\(" apparmor-mode-file-rule-permissions-regexp "\\)\\s-*"
+ "\\(->\\s-+\\(" apparmor-mode-profile-attachment-regexp "\\)\\)?\\s-*"
+ ","))
+
+(defvar apparmor-mode-network-rule-regexp
+ (concat
+ "^\\s-*\\(\\(audit\\|quiet\\|deny\\)\\s-+\\)*network\\s-*"
+ "\\(" (regexp-opt apparmor-mode-network-permissions 'words) "\\)?\\s-*"
+ "\\(" (regexp-opt apparmor-mode-network-domains 'words) "\\)?\\s-*"
+ "\\(" (regexp-opt apparmor-mode-network-types 'words) "\\)?\\s-*"
+ "\\(" (regexp-opt apparmor-mode-network-protocols 'words) "\\)?\\s-*"
+ ;; TODO: address expression
+ "\\(delegate to\\s-+\\(" apparmor-mode-profile-attachment-regexp "\\)\\)?\\s-*"
+ ","))
+
+(defvar apparmor-mode-dbus-rule-regexp
+ (concat
+ "^\\s-*\\(\\(audit\\|deny\\)\\s-+\\)?dbus\\s-*"
+ "\\(\\(bus\\)=\\(system\\|session\\)\\)?\\s-*"
+ "\\(\\(dest\\)=\\([[:alpha:].]+\\)\\)?\\s-*"
+ "\\(\\(path\\)=\\([[:alpha:]/]+\\)\\)?\\s-*"
+ "\\(\\(interface\\)=\\([[:alpha:].]+\\)\\)?\\s-*"
+ "\\(\\(method\\)=\\([[:alpha:]_]+\\)\\)?\\s-*"
+ ;; permissions - either a single permission or multiple permissions in
+ ;; parentheses with commas and whitespace separating
+ "\\("
+ (regexp-opt apparmor-mode-dbus-permissions 'words)
+ "\\|"
+ "("
+ (regexp-opt apparmor-mode-dbus-permissions 'words)
+ "\\("
+ (regexp-opt apparmor-mode-dbus-permissions 'words) ",\\s-+"
+ "\\)"
+ "\\)?\\s-*"
+ ","))
+
+(defvar apparmor-mode-font-lock-defaults
+ `(((,(regexp-opt apparmor-mode-keywords 'symbols) . font-lock-keyword-face)
+ (,(regexp-opt apparmor-mode-rlimit-types 'symbols) . font-lock-type-face)
+ ;; comma at end-of-line
+ (",\\s-*$" . 'font-lock-builtin-face)
+ ;; TODO be more specific about where these are valid
+ ("->" . 'font-lock-builtin-face)
+ ("[=\\+()]" . 'font-lock-builtin-face)
+ ("+=" . 'font-lock-builtin-face)
+ ("<=" . 'font-lock-builtin-face) ; rlimit
+ ;; abi
+ (,apparmor-mode-abi-regexp
+ (1 font-lock-preprocessor-face t)
+ (2 font-lock-string-face t))
+ ;; includes
+ (,apparmor-mode-include-regexp
+ (1 font-lock-preprocessor-face t)
+ (3 font-lock-string-face t))
+ ;; variables
+ (,apparmor-mode-variable-name-regexp 0 font-lock-variable-name-face t)
+ ;; profiles
+ (,apparmor-mode-profile-regexp
+ (4 font-lock-function-name-face t nil)
+ (5 font-lock-variable-name-face t))
+ ;; capabilities
+ (,apparmor-mode-capability-regexp 2 font-lock-type-face t)
+ ;; file rules
+ (,apparmor-mode-file-rule-permissions-prefix-regexp
+ (3 font-lock-keyword-face nil t) ; class
+ (4 font-lock-constant-face t) ; permissions
+ (7 font-lock-function-name-face nil t)) ;profile
+ (,apparmor-mode-file-rule-permissions-suffix-regexp
+ (3 font-lock-keyword-face nil t) ; class
+ (5 font-lock-constant-face t) ; permissions
+ (7 font-lock-function-name-face nil t)) ;profile
+ ;; network rules
+ (,apparmor-mode-network-rule-regexp
+ (3 font-lock-constant-face t) ;permissions
+ (4 font-lock-function-name-face t) ;domain
+ (5 font-lock-variable-name-face t) ;type
+ (6 font-lock-type-face t)) ; protocol
+ ;; dbus rules
+ (,apparmor-mode-dbus-rule-regexp
+ (4 font-lock-variable-name-face t) ;bus
+ (5 font-lock-constant-face t) ;system/session
+ (7 font-lock-variable-name-face t) ;dest
+ (10 font-lock-variable-name-face t)
+ (13 font-lock-variable-name-face t)
+ (16 font-lock-variable-name-face t)))))
+
+(defvar apparmor-mode-syntax-table
+ (let ((table (make-syntax-table)))
+ ;; # is comment start
+ (modify-syntax-entry ?# "<" table)
+ ;; newline finishes comment line
+ (modify-syntax-entry ?\n ">" table)
+ ;; / and + is used in path names which we want to treat as an entire word
+ (modify-syntax-entry ?/ "w" table)
+ (modify-syntax-entry ?+ "w" table)
+ table))
+
+(defun apparmor-mode-complete-include (prefix &optional local)
+ "Return list of completions of include for PREFIX which could be LOCAL."
+ (let* ((file-name (file-name-base prefix))
+ (parent (file-name-directory prefix))
+ (directory (concat (if local default-directory "/etc/apparmor.d") "/"
+ parent)))
+ ;; need to prepend all of directory part of prefix
+ (mapcar (lambda (f) (concat parent f))
+ (file-name-all-completions file-name directory))))
+
+;; TODO - make a lot smarter than just keywords - complete paths from the
+;; system if we look like a path, do sub-completion based on the current lines
+;; keyword etc - ie match against syntax highlighting regexes and use those to
+;; further complete etc
+(defun apparmor-mode-completion-at-point ()
+ "`completion-at-point' function for `apparmor-mode'."
+ (let ((prefix (or (thing-at-point 'word t) ""))
+ (bounds (bounds-of-thing-at-point 'word))
+ (bol (save-excursion (beginning-of-line) (point)))
+ (candidates nil))
+ (setq candidates
+ (cond ((looking-back "#?include\\s-+\\([<\"]\\)[[:graph:]]*" bol)
+ (apparmor-mode-complete-include
+ prefix (string= (match-string 1) "\"")))
+ (t apparmor-mode-keywords)))
+ (list (car bounds) ; start
+ (cdr bounds) ; end
+ candidates
+ :company-docsig #'identity)))
+
+(defun apparmor-mode-indent-line ()
+ "Indent current line in `apparmor-mode'."
+ (interactive)
+ (if (bolp)
+ (apparmor-mode--indent-line)
+ (save-excursion
+ (apparmor-mode--indent-line))))
+
+(defun apparmor-mode--indent-line ()
+ "Indent current line in `apparmor-mode'."
+ (beginning-of-line)
+ (cond
+ ((bobp)
+ ;; simple case indent to 0
+ (indent-line-to 0))
+ ((looking-at "^\\s-*}\\s-*$")
+ ;; block closing, deindent relative to previous line
+ (indent-line-to (save-excursion
+ (forward-line -1)
+ (max 0 (- (current-indentation) apparmor-mode-indent-offset)))))
+ ;; other cases need to look at previous lines
+ (t
+ (indent-line-to (save-excursion
+ (forward-line -1)
+ ;; keep going backwards until we have a line with actual
+ ;; content since blank lines don't count
+ (while (and (looking-at "^\\s-*$")
+ (not (bobp)))
+ (forward-line -1))
+ (cond
+ ((looking-at "\\(^.*{[^}]*$\\)")
+ ;; previous line opened a block, indent to that line
+ (+ (current-indentation) apparmor-mode-indent-offset))
+ (t
+ ;; default case, indent the same as previous line
+ (current-indentation))))))))
+
+;;;###autoload
+(define-derived-mode apparmor-mode prog-mode "AppArmor"
+ "Major mode for editing AppArmor profiles."
+ :syntax-table apparmor-mode-syntax-table
+ (setq font-lock-defaults apparmor-mode-font-lock-defaults)
+ (setq-local indent-line-function #'apparmor-mode-indent-line)
+ (add-to-list 'completion-at-point-functions #'apparmor-mode-completion-at-point)
+ (setq imenu-generic-expression `(("Profiles" ,apparmor-mode-profile-regexp 5)))
+ (setq comment-start "#")
+ (setq comment-end "")
+ (when (require 'flycheck nil t)
+ (unless (flycheck-valid-checker-p 'apparmor)
+ (flycheck-define-command-checker 'apparmor
+ "A checker using apparmor_parser. "
+ :command '("apparmor_parser"
+ "-Q" ;; skip kernel load
+ "-K" ;; skip cache
+ source)
+ :error-patterns '((error line-start "AppArmor parser error at line "
+ line ": " (message)
+ line-end)
+ (error line-start "AppArmor parser error for "
+ (one-or-more not-newline)
+ " in profile " (file-name)
+ " at line " line ": " (message)
+ line-end))
+ :modes '(apparmor-mode)))
+ (add-to-list 'flycheck-checkers 'apparmor t)))
+
+;; flymake integration
+(defvar-local apparmor-mode--flymake-proc nil)
+
+(defun apparmor-mode-flymake (report-fn &rest _args)
+ "`flymake' backend function for `apparmor-mode' to report errors via REPORT-FN."
+ ;; disable if apparmor_parser is not available
+ (unless (executable-find "apparmor_parser")
+ (error "Cannot find apparmor_parser"))
+
+ ;; kill any existing running instance
+ (when (process-live-p apparmor-mode--flymake-proc)
+ (kill-process apparmor-mode--flymake-proc))
+
+ (let ((source (current-buffer))
+ (contents (buffer-substring (point-min) (point-max))))
+ ;; when the current buffer is an abstraction then fake a profile around it so
+ ;; we can check it
+ (when (and (buffer-file-name)
+ (string-match-p ".*/abstractions/.*" (buffer-file-name)))
+ (setq contents (format "profile %s { %s }" (buffer-name) contents)))
+ (save-restriction
+ (widen)
+ ;; Reset the `apparmor-mode--flymake-proc' process to a new process
+ ;; calling check-syntax.
+ (setq
+ apparmor-mode--flymake-proc
+ (make-process
+ :name "apparmor-mode-flymake" :noquery t :connection-type 'pipe
+ ;; Make output go to a temporary buffer.
+ :buffer (generate-new-buffer " *apparmor-mode-flymake*")
+ ;; TODO: specify the base directory so that includes resolve correctly
+ ;; rather than using the system ones
+ :command '("apparmor_parser" "-Q" "-K" "/dev/stdin")
+ :sentinel
+ (lambda (proc _event)
+ (when (memq (process-status proc) '(exit signal))
+ (unwind-protect
+ ;; Only proceed if `proc' is the same as
+ ;; `apparmor-mode--flymake-proc', which indicates that
+ ;; `proc' is not an obsolete process.
+ ;;
+ (if (with-current-buffer source (eq proc apparmor-mode--flymake-proc))
+ (with-current-buffer (process-buffer proc)
+ (goto-char (point-min))
+ ;; Parse the output buffer for diagnostic's
+ ;; messages and locations, collect them in a list
+ ;; of objects, and call `report-fn'.
+ ;;
+ (cl-loop
+ while (search-forward-regexp
+ "^\\(AppArmor parser error \\(?:for /dev/stdin in profile .*\\)?at line \\)\\([0-9]+\\): \\(.*\\)$"
+ nil t)
+ for msg = (match-string 3)
+ for (beg . end) = (flymake-diag-region
+ source
+ (string-to-number (match-string 2)))
+ for type = :error
+ collect (flymake-make-diagnostic source beg end type msg)
+ into diags
+ finally (funcall report-fn diags)))
+ (flymake-log :warning "Cancelling obsolete check %s" proc))
+ ;; Cleanup the temporary buffer used to hold the
+ ;; check's output.
+ (kill-buffer (process-buffer proc)))))))
+ (process-send-string apparmor-mode--flymake-proc contents)
+ (process-send-eof apparmor-mode--flymake-proc))))
+
+;;;###autoload
+(defun apparmor-mode-setup-flymake-backend ()
+ "Setup the `flymake' backend for `apparmor-mode'."
+ (add-hook 'flymake-diagnostic-functions 'apparmor-mode-flymake nil t))
+
+;;;###autoload
+(add-hook 'apparmor-mode-hook 'apparmor-mode-setup-flymake-backend)
+
+;;;###autoload
+(add-to-list 'auto-mode-alist '("\\`/etc/apparmor\\.d/" . apparmor-mode))
+;;;###autoload
+(add-to-list 'auto-mode-alist '("\\`/var/lib/snapd/apparmor/profiles/" . apparmor-mode))
+
+
+(provide 'apparmor-mode)
+;;; apparmor-mode.el ends here
diff --git a/utils/logprof.conf b/utils/logprof.conf
index fd804c0ab2c8611e1c1cfcb8ae45454d2420c08c..f458c8a3e5989d6543516fc5dc1370e29f2c66a0 100644
--- a/utils/logprof.conf
+++ b/utils/logprof.conf
@@ -11,11 +11,10 @@
[settings]
profiledir = /etc/apparmor.d /etc/subdomain.d
- inactive_profiledir = /usr/share/apparmor/extra-profiles
+ inactive_profiledir = /usr/share/apparmor/extra-profiles
logfiles = /var/log/audit/audit.log /var/log/syslog /var/log/messages
parser = /sbin/apparmor_parser /sbin/subdomain_parser
- ldd = /usr/bin/ldd
logger = /bin/logger /usr/bin/logger
# customize how file ownership permissions are presented
@@ -35,6 +34,10 @@
# files.
custom_includes =
+ # When called with --json, log all input and output to a tempfile (/tmp/aa-jsonlog-*)
+ # Only enable for debugging.
+ # Note that aa-logprof will not display any hint that aa-jsonlog-* gets written.
+ json_log = 0
[qualifiers]
# things will be painfully broken if bash has a profile
diff --git a/utils/logprof.conf.5 b/utils/logprof.conf.5
deleted file mode 100644
index ab60167ef8cfe19061540516007f04cfc955cabd..0000000000000000000000000000000000000000
--- a/utils/logprof.conf.5
+++ /dev/null
@@ -1,226 +0,0 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-. ds C`
-. ds C'
-'br\}
-.\"
-.\" Escape single quotes in literal strings from groff's Unicode transform.
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\"
-.\" If the F register is >0, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.\"
-.\" Avoid warning from groff about undefined register 'F'.
-.de IX
-..
-.nr rF 0
-.if \n(.g .if rF .nr rF 1
-.if (\n(rF:(\n(.g==0)) \{\
-. if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
-. \}
-. \}
-.\}
-.rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "LOGPROF.CONF 5"
-.TH LOGPROF.CONF 5 "2024-02-02" "AppArmor 3.1.7" "AppArmor"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.if n .ad l
-.nh
-.SH "NAME"
-logprof.conf \- configuration file for expert options that modify the
-behavior of the AppArmor aa\-logprof(1) program.
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-The \fBaa\-logprof\fR\|(1) program can be configured to have certain default behavior
-by the contents of logprof.conf.
-.PP
-The \fB[qualifiers]\fR section lists specific programs that should have
-a subset of the full ix/px/ux list when asking what mode to execute
-it using.
-.PP
-Since creating a separate profile for /bin/bash is dangerous, we can
-specify that for /bin/bash, only (I)nherit, (U)nconstrained, and (D)eny
-should be allowed options and only those will show up in the prompt when
-we're asking about adding that to a profile.
-.PP
-Likewise, if someone currently exec's /bin/mount in ix or px mode, things
-won't work, so we can provide only (U)nconstrained and (D)eny as options.
-.PP
-And certain apps like grep, awk, sed, cp, and mkdir should always
-inherit the parent profile rather than having their own profile or
-running unconfined, so for them we can specify that only (I)nherit and
-(D)eny are the allowed options.
-.PP
-Any programs that are not listed in the qualifiers section get the full
-(I)nherit / (P)rofile / (U)nconstrained / (D)eny option set.
-.PP
-If the user is doing something tricky and wants different behavior,
-they can tweak or remove the corresponding line in the conf file.
-.PP
-The \fB[defaulthat]\fR section lists changehat-aware programs and what hat
-\&\fBaa\-logprof\fR\|(1) will collapse the entries to for that program if the user
-specifies that the access should be allowed, but should not have it's
-own hat.
-.PP
-The \fB[globs]\fR section allows modification of the logprof rule engine
-with respect to globbing suggestions that the user will be prompted with.
-.PP
-The format of each line is\*(-- \*(L"<perl glob> = <apparmor glob>\*(R".
-.PP
-When \fBaa\-logprof\fR\|(1) asks about a specific path, if the perl glob matches the
-path, it replaces the part of the path that matched with the corresponding
-apparmor glob and adds it to the list of globbing suggestions.
-.PP
-Lines starting with # are comments and are ignored.
-.SH "EXAMPLE"
-.IX Header "EXAMPLE"
-.Vb 3
-\& [qualifiers]
-\& # things will very likely be painfully broken if bash has it\*(Aqs own profile
-\& /bin/bash = iu
-\&
-\& # mount doesn\*(Aqt work if it\*(Aqs confined
-\& /bin/mount = u
-\&
-\& # these helper utilities should inherit the parent profile and
-\& # shouldn\*(Aqt have their own profiles
-\& /bin/awk = i
-\& /bin/grep = i
-\& /bin/sed = i
-\&
-\& [defaulthat]
-\& /usr/sbin/sshd = EXEC
-\& /usr/sbin/httpd2 = DEFAULT_URI
-\& /usr/sbin/httpd2\-prefork = DEFAULT_URI
-\&
-\& [globs]
-\& # /foo/bar/lib/libbaz.so \-> /foo/bar/lib/lib*
-\& /lib/lib[^\e/]+so[^\e/]*$ = /lib/lib*so*
-\&
-\& # strip kernel version numbers from kernel module accesses
-\& ^/lib/modules/[^\e/]+\e/ = /lib/modules/*/
-\&
-\& # strip pid numbers from /proc accesses
-\& ^/proc/\ed+/ = /proc/*/
-.Ve
-.SH "BUGS"
-.IX Header "BUGS"
-If you find any bugs, please report them at
-<https://gitlab.com/apparmor/apparmor/\-/issues>.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa\-enforce\fR\|(1), \fBaa\-complain\fR\|(1),
-\&\fBaa\-disable\fR\|(1), \fBaa_change_hat\fR\|(2), \fBaa\-logprof\fR\|(1), \fBaa\-genprof\fR\|(1), and
-<https://wiki.apparmor.net>.
diff --git a/utils/logprof.conf.5.html b/utils/logprof.conf.5.html
deleted file mode 100644
index 8a678db3622b9be49d1dcdb203a6b008d6e366d4..0000000000000000000000000000000000000000
--- a/utils/logprof.conf.5.html
+++ /dev/null
@@ -1,106 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>logprof.conf - configuration file for expert options that modify the behavior of the AppArmor aa-logprof(1) program.</title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> logprof.conf - configuration file for expert options that modify the behavior of the AppArmor aa-logprof(1) program.</span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#EXAMPLE">EXAMPLE</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>logprof.conf - configuration file for expert options that modify the behavior of the AppArmor aa-logprof(1) program.</p>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p>The aa-logprof(1) program can be configured to have certain default behavior by the contents of logprof.conf.</p>
-
-<p>The <b>[qualifiers]</b> section lists specific programs that should have a subset of the full ix/px/ux list when asking what mode to execute it using.</p>
-
-<p>Since creating a separate profile for /bin/bash is dangerous, we can specify that for /bin/bash, only (I)nherit, (U)nconstrained, and (D)eny should be allowed options and only those will show up in the prompt when we're asking about adding that to a profile.</p>
-
-<p>Likewise, if someone currently exec's /bin/mount in ix or px mode, things won't work, so we can provide only (U)nconstrained and (D)eny as options.</p>
-
-<p>And certain apps like grep, awk, sed, cp, and mkdir should always inherit the parent profile rather than having their own profile or running unconfined, so for them we can specify that only (I)nherit and (D)eny are the allowed options.</p>
-
-<p>Any programs that are not listed in the qualifiers section get the full (I)nherit / (P)rofile / (U)nconstrained / (D)eny option set.</p>
-
-<p>If the user is doing something tricky and wants different behavior, they can tweak or remove the corresponding line in the conf file.</p>
-
-<p>The <b>[defaulthat]</b> section lists changehat-aware programs and what hat aa-logprof(1) will collapse the entries to for that program if the user specifies that the access should be allowed, but should not have it's own hat.</p>
-
-<p>The <b>[globs]</b> section allows modification of the logprof rule engine with respect to globbing suggestions that the user will be prompted with.</p>
-
-<p>The format of each line is-- "<perl glob> = <apparmor glob>".</p>
-
-<p>When aa-logprof(1) asks about a specific path, if the perl glob matches the path, it replaces the part of the path that matched with the corresponding apparmor glob and adds it to the list of globbing suggestions.</p>
-
-<p>Lines starting with # are comments and are ignored.</p>
-
-<h1 id="EXAMPLE">EXAMPLE</h1>
-
-<pre><code>[qualifiers]
- # things will very likely be painfully broken if bash has it's own profile
- /bin/bash = iu
-
- # mount doesn't work if it's confined
- /bin/mount = u
-
- # these helper utilities should inherit the parent profile and
- # shouldn't have their own profiles
- /bin/awk = i
- /bin/grep = i
- /bin/sed = i
-
-[defaulthat]
- /usr/sbin/sshd = EXEC
- /usr/sbin/httpd2 = DEFAULT_URI
- /usr/sbin/httpd2-prefork = DEFAULT_URI
-
-[globs]
- # /foo/bar/lib/libbaz.so -> /foo/bar/lib/lib*
- /lib/lib[^\/]+so[^\/]*$ = /lib/lib*so*
-
- # strip kernel version numbers from kernel module accesses
- ^/lib/modules/[^\/]+\/ = /lib/modules/*/
-
- # strip pid numbers from /proc accesses
- ^/proc/\d+/ = /proc/*/</code></pre>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7), apparmor.d(5), aa-enforce(1), aa-complain(1), aa-disable(1), aa_change_hat(2), aa-logprof(1), aa-genprof(1), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> logprof.conf - configuration file for expert options that modify the behavior of the AppArmor aa-logprof(1) program.</span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/utils/net.apparmor.pkexec.aa-notify.policy b/utils/net.apparmor.pkexec.aa-notify.policy
new file mode 100644
index 0000000000000000000000000000000000000000..1497329277c998abe78614c435a4b2663500064e
--- /dev/null
+++ b/utils/net.apparmor.pkexec.aa-notify.policy
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+ <action id="net.apparmor.pkexec.aa-notify.modify_profile">
+ <description>AppArmor: modifying security profile</description>
+ <message>To modify an AppArmor security profile, you need to authenticate.</message>
+ <defaults>
+ <allow_any>auth_admin</allow_any>
+ <allow_inactive>auth_admin</allow_inactive>
+ <allow_active>auth_admin</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.exec.path">{LIB_PATH}apparmor/update_profile.py</annotate>
+ <annotate key="org.freedesktop.policykit.exec.argv1">add_rule</annotate>
+ </action>
+ <action id="net.apparmor.pkexec.aa-notify.create_userns">
+ <description>AppArmor: adding userns profile</description>
+ <message>To allow a program to use unprivileged user namespaces, you need to authenticate.</message>
+ <defaults>
+ <allow_any>auth_admin</allow_any>
+ <allow_inactive>auth_admin</allow_inactive>
+ <allow_active>auth_admin</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.exec.path">{LIB_PATH}apparmor/update_profile.py</annotate>
+ <annotate key="org.freedesktop.policykit.exec.argv1">create_userns</annotate>
+ </action>
+
+</policyconfig>
diff --git a/utils/notify.conf b/utils/notify.conf
index 03854838e6bd49b9bda1a82ded3427117a4d83b1..1524a45d46c9b8db9e6f6ef5cf41d672e4fae09b 100644
--- a/utils/notify.conf
+++ b/utils/notify.conf
@@ -11,6 +11,18 @@
# Set to 'no' to disable AppArmor notifications globally
show_notifications="yes"
+# Special profiles used to remove privileges for unconfined binaries using user namespaces. If unsure, leave as is.
+userns_special_profiles="unconfined,unprivileged_userns"
+
+# Theme to use for aa-notify GUI themes. See https://ttkthemes.readthedocs.io/en/latest/themes.html for available themes.
+interface_theme="ubuntu"
+
+# Binaries for which we ignore userns-related capability denials
+ignore_denied_capability="sudo,su"
+
+# OPTIONAL - kind of operations which display a popup prompt.
+# prompt_filter="userns"
+
# OPTIONAL - restrict using aa-notify to users in the given group
# (if not set, everybody who has permissions to read the logfile can use it)
# use_group="admin"
@@ -20,3 +32,11 @@ show_notifications="yes"
# OPTIONAL - custom notification message footer
# message_footer="For more information visit https://foo.com"
+
+# OPTIONAL - custom notification filtering
+# filter.profile=""
+# filter.operation=""
+# filter.name=""
+# filter.denied=""
+# filter.family=""
+# filter.socket=""
diff --git a/utils/po/af.po b/utils/po/af.po
index a93d0ceafcd8f59233958ef01427ab6e5380fce2..780ff8862c36bbf3a774bfbfe1c49c244afc0897 100644
--- a/utils/po/af.po
+++ b/utils/po/af.po
@@ -8,14 +8,14 @@ msgstr ""
"Project-Id-Version: apparmor\n"
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
"POT-Creation-Date: 2014-09-14 19:29+0530\n"
-"PO-Revision-Date: 2020-03-06 01:24+0000\n"
-"Last-Translator: bernard stafford <Unknown>\n"
+"PO-Revision-Date: 2023-01-29 16:16+0000\n"
+"Last-Translator: Mark Grassi <Unknown>\n"
"Language-Team: Afrikaans <af@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2020-03-06 05:43+0000\n"
-"X-Generator: Launchpad (build e0878392dc799b267dea80578fa65500a5d74155)\n"
+"X-Launchpad-Export-Date: 2023-01-30 06:25+0000\n"
+"X-Generator: Launchpad (build 20dbca4abd50eb567cd11c349e7e914443a145a1)\n"
#: ../aa-genprof:56
msgid "Generate profile for the given program"
@@ -503,23 +503,23 @@ msgstr "%s het oorgangsnaam maar nie oorgangsmodus"
#: ../apparmor/aa.py:1232
#, python-format
msgid "Target profile exists: %s\n"
-msgstr ""
+msgstr "Teiken profiel bestaan: %s\n"
#: ../apparmor/aa.py:1254
msgid "Program"
-msgstr ""
+msgstr "Program"
#: ../apparmor/aa.py:1257
msgid "Execute"
-msgstr ""
+msgstr "Teregstel"
#: ../apparmor/aa.py:1287
msgid "Are you specifying a transition to a local profile?"
-msgstr ""
+msgstr "Is jy spesifiseer 'n oorgang na 'n plaaslike profiel?"
#: ../apparmor/aa.py:1299
msgid "Enter profile name to transition to: "
-msgstr ""
+msgstr "Betree profiel naam om oorgang na: "
#: ../apparmor/aa.py:1308
msgid ""
@@ -530,6 +530,12 @@ msgid ""
"but some applications depend on the presence\n"
"of LD_PRELOAD or LD_LIBRARY_PATH."
msgstr ""
+"Behoort AppArmor sanitize die omgewing wanneer\n"
+"oorskakel tans profiele?\n"
+"\n"
+"Sanitising omgewing is meer beveilig,\n"
+"maar sommige toepassings hang af van die teenwoordigheid\n"
+"van LD_PRELOAD or LD_LIBRARY_PATH."
#: ../apparmor/aa.py:1310
msgid ""
@@ -541,6 +547,13 @@ msgid ""
"or LD_LIBRARY_PATH and sanitising the environment\n"
"could cause functionality problems."
msgstr ""
+"Behoort AppArmor sanitize die omgewing wanneer\n"
+"oorskakel tans profiele?\n"
+"\n"
+"Sanitising omgewing is meer beveilig,\n"
+"maar hierdie toepassing verskyn om deur gebruik van LD_PRELOAD\n"
+"of LD_LIBRARY_PATH en die omgewing te sanitiseer\n"
+"kon funksionaliteit probleme- veroorsaak."
#: ../apparmor/aa.py:1318
#, python-format
@@ -551,6 +564,11 @@ msgid ""
"Are you absolutely certain you wish to remove all\n"
"AppArmor protection when executing %s ?"
msgstr ""
+"Lancering tans prosesse in 'n unconfined staat is 'n heel\n"
+"gevaarlike operasie en kan ernstige sekuriteitsgate veroorsaak.\n"
+"\n"
+"Is jy absoluut seker jy wil alle verwyder\n"
+"AppArmor beskerming wanneer teregstel %s?"
#: ../apparmor/aa.py:1320
msgid ""
@@ -561,6 +579,12 @@ msgid ""
"a program opens up significant security holes\n"
"and should be avoided if at all possible."
msgstr ""
+"Behoort AppArmor sanitize die omgewing wanneer\n"
+"hardlooping hierdie program unconfined?\n"
+"\n"
+"Nie sanitising die omgewing wanneer unconfining\n"
+"'n program oop op beduidende sekuriteit gate\n"
+"en behoort deur vermy indien enigsins moontlik."
#: ../apparmor/aa.py:1396 ../apparmor/aa.py:1414
#, python-format
@@ -568,24 +592,26 @@ msgid ""
"A profile for %s does not exist.\n"
"Do you want to create one?"
msgstr ""
+"'N Profiel vir %s bestaan nie.\n"
+"Wil jy om een te skep?"
#: ../apparmor/aa.py:1523
msgid "Complain-mode changes:"
-msgstr ""
+msgstr "Klagte-modus veranderinge:"
#: ../apparmor/aa.py:1525
msgid "Enforce-mode changes:"
-msgstr ""
+msgstr "Afdwing-modus veranderinge:"
#: ../apparmor/aa.py:1528
#, python-format
msgid "Invalid mode found: %s"
-msgstr ""
+msgstr "Ongeldige modus gevind: %s"
#: ../apparmor/aa.py:1897
#, python-format
msgid "Adding %(path)s %(mode)s to profile"
-msgstr ""
+msgstr "Byvoeg tans %(path)s %(mode)s om profiel"
#: ../apparmor/aa.py:1918
#, python-format
@@ -596,46 +622,54 @@ msgid ""
" Entered Path: %(ans)s\n"
"Do you really want to use this path?"
msgstr ""
+"Die gespesifiseerde pad kom nie ooreen met dié log inskrywing:\n"
+"\n"
+" Log Inskrywing: %(path)s\n"
+" Betreeed Pad: %(ans)s\n"
+"Wil jy regtig hierdie pad gebruik?"
#: ../apparmor/aa.py:2251
#, python-format
msgid "Reading log entries from %s."
-msgstr ""
+msgstr "Lees tans log inskrywings vanaf %s."
#: ../apparmor/aa.py:2254
#, python-format
msgid "Updating AppArmor profiles in %s."
-msgstr ""
+msgstr "Opdatering tans van AppArmor profiele in %s."
#: ../apparmor/aa.py:2323
msgid ""
"Select which profile changes you would like to save to the\n"
"local profile set."
msgstr ""
+"Selekteer watter profielveranderings jy aan wil stoor om die\n"
+"plaaslike profiel stel."
#: ../apparmor/aa.py:2324
msgid "Local profile changes"
-msgstr ""
+msgstr "Plaaslike profiel veranderinge"
#: ../apparmor/aa.py:2418
msgid "Profile Changes"
-msgstr ""
+msgstr "Profiel Veranderinge"
#: ../apparmor/aa.py:2428
#, python-format
msgid "Can't find existing profile %s to compare changes."
-msgstr ""
+msgstr "Kon nie bestaande profiel vind %s om vergelyk veranderinge."
#: ../apparmor/aa.py:2566 ../apparmor/aa.py:2581
#, python-format
msgid "Can't read AppArmor profiles in %s"
-msgstr ""
+msgstr "Kon nie AppArmor profiele in lees %s"
#: ../apparmor/aa.py:2677
#, python-format
msgid ""
"%(profile)s profile in %(file)s contains syntax errors in line: %(line)s."
msgstr ""
+"%(profile)s profiel in %(file)s bevat sintaks foute in lyn: %(line)s."
#: ../apparmor/aa.py:2734
#, python-format
@@ -643,6 +677,8 @@ msgid ""
"Syntax Error: Unexpected End of Profile reached in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Sintaks Fout: Onverwagte Einde van Profiel bereik in lêer: %(file)s lyn: "
+"%(line)s"
#: ../apparmor/aa.py:2749
#, python-format
@@ -650,12 +686,16 @@ msgid ""
"Syntax Error: Unexpected capability entry found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Sintaks Fout: Onverwagte capvermoë inskrywing gevind in lêer: %(file)s lyn: "
+"%(line)s"
#: ../apparmor/aa.py:2770
#, python-format
msgid ""
"Syntax Error: Unexpected link entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Sintaks Fout: Onverwagte skakel inskrywing gevind in lêer: %(file)s lyn: "
+"%(line)s"
#: ../apparmor/aa.py:2798
#, python-format
@@ -663,12 +703,16 @@ msgid ""
"Syntax Error: Unexpected change profile entry found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Sintaks Fout: Onverwagte verandering profiel inskrywing gevind in lêer: "
+"%(file)s lyn: %(line)s"
#: ../apparmor/aa.py:2820
#, python-format
msgid ""
"Syntax Error: Unexpected rlimit entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Sintaks Fout: Onverwagte rlimit inskrywing gevind in lêer: %(file)s lyn: "
+"%(line)s"
#: ../apparmor/aa.py:2831
#, python-format
@@ -676,6 +720,8 @@ msgid ""
"Syntax Error: Unexpected boolean definition found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Sintaks Fout: Onverwagte boolean definisie gevind in lêer: %(file)s lyn: "
+"%(line)s"
#: ../apparmor/aa.py:2871
#, python-format
@@ -683,52 +729,66 @@ msgid ""
"Syntax Error: Unexpected bare file rule found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Sintaks Fout: Onverwagte kaal lêer reël gevind in lêer: %(file)s lyn: "
+"%(line)s"
#: ../apparmor/aa.py:2894
#, python-format
msgid ""
"Syntax Error: Unexpected path entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Sintaks Fout: Onverwags pad inskrywing in lêer gevind: %(file)s lyn: %(line)s"
#: ../apparmor/aa.py:2922
#, python-format
msgid "Syntax Error: Invalid Regex %(path)s in file: %(file)s line: %(line)s"
msgstr ""
+"Sintaks Fout: Ongeldige Regex %(path)s in lêer: %(file)s lyn: %(line)s"
#: ../apparmor/aa.py:2925
#, python-format
msgid "Invalid mode %(mode)s in file: %(file)s line: %(line)s"
-msgstr ""
+msgstr "Ongeldige modus %(mode)s in lêer: %(file)s lyn: %(line)s"
#: ../apparmor/aa.py:2977
#, python-format
msgid ""
"Syntax Error: Unexpected network entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Sintaks Fout: Onverwags netwerk inskrywing gevind in lêer: %(file)s lyn: "
+"%(line)s"
#: ../apparmor/aa.py:3007
#, python-format
msgid ""
"Syntax Error: Unexpected dbus entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Sintaks Fout: Onverwags dbus inskrywing gevind in lêer: %(file)s lyn: "
+"%(line)s"
#: ../apparmor/aa.py:3030
#, python-format
msgid ""
"Syntax Error: Unexpected mount entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Sintaks Fout: Onverwags monteer inskrywing in lêer gevind: %(file)s lyn: "
+"%(line)s"
#: ../apparmor/aa.py:3052
#, python-format
msgid ""
"Syntax Error: Unexpected signal entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Sintaks Fout: Onverwags sein inskrywing gevind in lêer: %(file)s lyn: "
+"%(line)s"
#: ../apparmor/aa.py:3074
#, python-format
msgid ""
"Syntax Error: Unexpected ptrace entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Sintaks Fout: Onverwags ptrace inskrywing gevind in lêer: %(file)s lyn "
+"%(line)s"
#: ../apparmor/aa.py:3096
#, python-format
@@ -736,12 +796,16 @@ msgid ""
"Syntax Error: Unexpected pivot_root entry found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Sintaks Fout: Onverwags pivot_root inskrywing gevind in lêer: %(file)s lyn: "
+"%(line)s"
#: ../apparmor/aa.py:3118
#, python-format
msgid ""
"Syntax Error: Unexpected unix entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Sintaks Fout: Onverwags unix inskrywing gevind in lêer: %(file)s lyn: "
+"%(line)s"
#: ../apparmor/aa.py:3140
#, python-format
@@ -749,6 +813,8 @@ msgid ""
"Syntax Error: Unexpected change hat declaration found in file: %(file)s "
"line: %(line)s"
msgstr ""
+"Sintaks Fout: Onverwagte verander hoed deklarasie gevind in lêer: %(file)s "
+"lyn: %(line)s"
#: ../apparmor/aa.py:3152
#, python-format
@@ -756,21 +822,24 @@ msgid ""
"Syntax Error: Unexpected hat definition found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Sintaks Fout: Onverwagte hoed definisie gevind in lêer: %(file)s lyn: "
+"%(line)s"
#: ../apparmor/aa.py:3168
#, python-format
msgid "Error: Multiple definitions for hat %(hat)s in profile %(profile)s."
msgstr ""
+"Fout: Veelvuldige definisies vir hoed %(hat)s in profiel %(profile)s."
#: ../apparmor/aa.py:3185
#, python-format
msgid "Warning: invalid \"REPOSITORY:\" line in %s, ignoring."
-msgstr ""
+msgstr "Waarskuwing: ongeldig \"REPOSITORY:\" lyn in %s, ignoreer tans."
#: ../apparmor/aa.py:3198
#, python-format
msgid "Syntax Error: Unknown line found in file: %(file)s line: %(line)s"
-msgstr ""
+msgstr "Sintaks Fout: Onbekende lyn gevind in lêer: %(file)s lyn: %(line)s"
#: ../apparmor/aa.py:3211
#, python-format
@@ -778,17 +847,22 @@ msgid ""
"Syntax Error: Missing '}' or ','. Reached end of file %(file)s while inside "
"profile %(profile)s"
msgstr ""
+"Sintaks Fout: Ontbreek '}' of ','. Bereikd einde van lêer %(file)s terwyl "
+"binnekant profiel %(profile)s"
#: ../apparmor/aa.py:3277
#, python-format
msgid "Redefining existing variable %(variable)s: %(value)s in %(file)s"
msgstr ""
+"Herdefiniëring bestaande veranderlike %(variable)s: %(value)s in %(file)s"
#: ../apparmor/aa.py:3282
#, python-format
msgid ""
"Values added to a non-existing variable %(variable)s: %(value)s in %(file)s"
msgstr ""
+"Waardes bygevoeg tot a nie-bestaande veranderlike %(variable)s: %(value)s in "
+"%(file)s"
#: ../apparmor/aa.py:3284
#, python-format
@@ -796,25 +870,27 @@ msgid ""
"Unknown variable operation %(operation)s for variable %(variable)s in "
"%(file)s"
msgstr ""
+"Onbekende veranderlike bewerking %(operation)s vir veranderlike %(variable)s "
+"in %(file)s"
#: ../apparmor/aa.py:3343
#, python-format
msgid "Invalid allow string: %(allow)s"
-msgstr ""
+msgstr "Ongeldig toelaat string: %(allow)s"
#: ../apparmor/aa.py:3778
msgid "Can't find existing profile to modify"
-msgstr ""
+msgstr "Kon nie bestaande profiel vind modify"
#: ../apparmor/aa.py:4347
#, python-format
msgid "Writing updated profile for %s."
-msgstr ""
+msgstr "Skryf opgedateer profiel vir %s."
#: ../apparmor/aa.py:4481
#, python-format
msgid "File Not Found: %s"
-msgstr ""
+msgstr "Lêer nie gevind: %s"
#: ../apparmor/aa.py:4591
#, python-format
@@ -826,11 +902,18 @@ msgid ""
"the corresponding entry in the [qualifiers] section in "
"/etc/apparmor/logprof.conf."
msgstr ""
+"%s is tans gemerk as 'n program wat nie sy eie moet hê\n"
+"profiel. Gewoonlik, programme word op hierdie manier gemerk indien 'n "
+"profiel vir \n"
+"hulle sal waarskynlik die res van die stelsel breek. Indien jy weet wat jy\n"
+"doen en sekere jy wil 'n profiel te skep vir hierdie program, wysig\n"
+"die ooreenstemmende inskrywing in die [qualifiers] gedeelte in "
+"/etc/apparmor/logprof.conf."
#: ../apparmor/logparser.py:127 ../apparmor/logparser.py:132
#, python-format
msgid "Log contains unknown mode %s"
-msgstr ""
+msgstr "Log bevat onbekende modus %s"
#: ../apparmor/tools.py:84 ../apparmor/tools.py:126
#, python-format
@@ -841,38 +924,45 @@ msgid ""
"environment set up in order to find the fully-qualified path and\n"
"use the full path as parameter."
msgstr ""
+"Kan nie vind %(program)s in die stelselpadlys. As die naam van die aansoek\n"
+"is korrek, asseblief hardloop 'which %(program)s' as gebruiker met korrekte "
+"PATH\n"
+"omgewing opgestel ten einde om vind die volledig gekwalifiseerde pad en\n"
+"gebruik die volledige pad as parameter."
#: ../apparmor/tools.py:86 ../apparmor/tools.py:102 ../apparmor/tools.py:128
#, python-format
msgid "%s does not exist, please double-check the path."
-msgstr ""
+msgstr "%s bestaan nie, asseblief dubbel seker die pad."
#: ../apparmor/tools.py:100
msgid ""
"The given program cannot be found, please try with the fully qualified path "
"name of the program: "
msgstr ""
+"Die gegewe programe kan nie gevind, probeer asseblief met die volledig "
+"gekwalifiseerde pad naam van die program: "
#: ../apparmor/tools.py:113 ../apparmor/tools.py:137 ../apparmor/tools.py:157
#: ../apparmor/tools.py:175 ../apparmor/tools.py:193
#, python-format
msgid "Profile for %s not found, skipping"
-msgstr ""
+msgstr "Profiel vir %s nie gevind, oorslaan"
#: ../apparmor/tools.py:140
#, python-format
msgid "Disabling %s."
-msgstr ""
+msgstr "Deaktiveer tans %s."
#: ../apparmor/tools.py:198
#, python-format
msgid "Setting %s to audit mode."
-msgstr ""
+msgstr "Instelling %s om oudit modus."
#: ../apparmor/tools.py:200
#, python-format
msgid "Removing audit mode from %s."
-msgstr ""
+msgstr "Verwyder tans oudit modus vanaf %s."
#: ../apparmor/tools.py:212
#, python-format
@@ -880,11 +970,13 @@ msgid ""
"Please pass an application to generate a profile for, not a profile itself - "
"skipping %s."
msgstr ""
+"Asseblief slaag 'n program om 'n profiel vir, nie 'n profiel self - huppel "
+"tans %s."
#: ../apparmor/tools.py:220
#, python-format
msgid "Profile for %s already exists - skipping."
-msgstr ""
+msgstr "Profiel vir %s bestaan alreeds - huppel tans."
#: ../apparmor/tools.py:232
#, python-format
@@ -892,6 +984,8 @@ msgid ""
"\n"
"Deleted %s rules."
msgstr ""
+"\n"
+"Geskrap %s reëls."
#: ../apparmor/tools.py:240
#, python-format
@@ -899,267 +993,269 @@ msgid ""
"The local profile for %(program)s in file %(file)s was changed. Would you "
"like to save it?"
msgstr ""
+"Die plaaslike profiel vir %(program)s in lêer %(file)s was verander. Sou jy "
+"hou om dit stoor?"
#: ../apparmor/tools.py:260
#, python-format
msgid "The profile for %s does not exists. Nothing to clean."
-msgstr ""
+msgstr "Die profiel vir %s doen nie bestaan. Niks om skoon maak."
#: ../apparmor/ui.py:61
msgid "Invalid hotkey for"
-msgstr ""
+msgstr "Ongeldig hotkey vir"
#: ../apparmor/ui.py:77 ../apparmor/ui.py:121 ../apparmor/ui.py:275
msgid "(Y)es"
-msgstr ""
+msgstr "(J)a"
#: ../apparmor/ui.py:78 ../apparmor/ui.py:122 ../apparmor/ui.py:276
msgid "(N)o"
-msgstr ""
+msgstr "(G)een"
#: ../apparmor/ui.py:123
msgid "(C)ancel"
-msgstr ""
+msgstr "(K)anselleer"
#: ../apparmor/ui.py:223
msgid "(A)llow"
-msgstr ""
+msgstr "(T)oelaat"
#: ../apparmor/ui.py:224
msgid "(M)ore"
-msgstr ""
+msgstr "(M)eer"
#: ../apparmor/ui.py:225
msgid "Audi(t)"
-msgstr ""
+msgstr "O(u)dit"
#: ../apparmor/ui.py:226
msgid "Audi(t) off"
-msgstr ""
+msgstr "O(u)dit af"
#: ../apparmor/ui.py:227
msgid "Audit (A)ll"
-msgstr ""
+msgstr "Oudit (A)lle"
#: ../apparmor/ui.py:229
msgid "(O)wner permissions on"
-msgstr ""
+msgstr "Eienaar(s) toestemmings op"
#: ../apparmor/ui.py:230
msgid "(O)wner permissions off"
-msgstr ""
+msgstr "Eienaar(s) toestemmings af"
#: ../apparmor/ui.py:231
msgid "(D)eny"
-msgstr ""
+msgstr "(O)ntken"
#: ../apparmor/ui.py:232
msgid "Abo(r)t"
-msgstr ""
+msgstr "Abo(r)teer"
#: ../apparmor/ui.py:233
msgid "(F)inish"
-msgstr ""
+msgstr "A(f)werking"
#: ../apparmor/ui.py:234
msgid "(I)nherit"
-msgstr ""
+msgstr "(B)eërwe"
#: ../apparmor/ui.py:235
msgid "(P)rofile"
-msgstr ""
+msgstr "(P)rofiel"
#: ../apparmor/ui.py:236
msgid "(P)rofile Clean Exec"
-msgstr ""
+msgstr "(P)rofiel Skoon Exec"
#: ../apparmor/ui.py:237
msgid "(C)hild"
-msgstr ""
+msgstr "(K)ind"
#: ../apparmor/ui.py:238
msgid "(C)hild Clean Exec"
-msgstr ""
+msgstr "(K)ind Skoon Exec"
#: ../apparmor/ui.py:239
msgid "(N)amed"
-msgstr ""
+msgstr "(N)amed"
#: ../apparmor/ui.py:240
msgid "(N)amed Clean Exec"
-msgstr ""
+msgstr "(N)amed Skoon Exec"
#: ../apparmor/ui.py:241
msgid "(U)nconfined"
-msgstr ""
+msgstr "(U)nconfined"
#: ../apparmor/ui.py:242
msgid "(U)nconfined Clean Exec"
-msgstr ""
+msgstr "(U)nconfined Skoon Exec"
#: ../apparmor/ui.py:243
msgid "(P)rofile Inherit"
-msgstr ""
+msgstr "(P)rofiel Inherit"
#: ../apparmor/ui.py:244
msgid "(P)rofile Inherit Clean Exec"
-msgstr ""
+msgstr "(P)rofiel Inherit Skoon Exec"
#: ../apparmor/ui.py:245
msgid "(C)hild Inherit"
-msgstr ""
+msgstr "(K)ind Inherit"
#: ../apparmor/ui.py:246
msgid "(C)hild Inherit Clean Exec"
-msgstr ""
+msgstr "(K)ind Inherit Skoon Exec"
#: ../apparmor/ui.py:247
msgid "(N)amed Inherit"
-msgstr ""
+msgstr "(V)ernoem Inherit"
#: ../apparmor/ui.py:248
msgid "(N)amed Inherit Clean Exec"
-msgstr ""
+msgstr "(V)ernoem Inherit Skoon Exec"
#: ../apparmor/ui.py:249
msgid "(X) ix On"
-msgstr ""
+msgstr "(X) ix Op"
#: ../apparmor/ui.py:250
msgid "(X) ix Off"
-msgstr ""
+msgstr "(X) ix Af"
#: ../apparmor/ui.py:251 ../apparmor/ui.py:265
msgid "(S)ave Changes"
-msgstr ""
+msgstr "(S)toor Veranderinge"
#: ../apparmor/ui.py:252
msgid "(C)ontinue Profiling"
-msgstr ""
+msgstr "(V)oortgaan Profilering"
#: ../apparmor/ui.py:253
msgid "(N)ew"
-msgstr ""
+msgstr "(N)uwe"
#: ../apparmor/ui.py:254
msgid "(G)lob"
-msgstr ""
+msgstr "(G)lob"
#: ../apparmor/ui.py:255
msgid "Glob with (E)xtension"
-msgstr ""
+msgstr "Glob with (E)kstensie"
#: ../apparmor/ui.py:256
msgid "(A)dd Requested Hat"
-msgstr ""
+msgstr "(V)oeg Gevraagde Hoed"
#: ../apparmor/ui.py:257
msgid "(U)se Default Hat"
-msgstr ""
+msgstr "(G)ebruik Verstek Hoed"
#: ../apparmor/ui.py:258
msgid "(S)can system log for AppArmor events"
-msgstr ""
+msgstr "(S)kandering stelsel log vir AppArmor gebeure"
#: ../apparmor/ui.py:259
msgid "(H)elp"
-msgstr ""
+msgstr "(H)ulp"
#: ../apparmor/ui.py:260
msgid "(V)iew Profile"
-msgstr ""
+msgstr "(B)esigtig Profiel"
#: ../apparmor/ui.py:261
msgid "(U)se Profile"
-msgstr ""
+msgstr "(G)ebruik Profiel"
#: ../apparmor/ui.py:262
msgid "(C)reate New Profile"
-msgstr ""
+msgstr "(S)kep Nuwe Profiel"
#: ../apparmor/ui.py:263
msgid "(U)pdate Profile"
-msgstr ""
+msgstr "(O)pdateer Profiel"
#: ../apparmor/ui.py:264
msgid "(I)gnore Update"
-msgstr ""
+msgstr "(I)gnoreer Opdatering"
#: ../apparmor/ui.py:266
msgid "Save Selec(t)ed Profile"
-msgstr ""
+msgstr "Stoor Gekos(e) Profiel"
#: ../apparmor/ui.py:267
msgid "(U)pload Changes"
-msgstr ""
+msgstr "(O)plaai Wysigings"
#: ../apparmor/ui.py:268
msgid "(V)iew Changes"
-msgstr ""
+msgstr "(U)itsig Veranderinge"
#: ../apparmor/ui.py:269
msgid "View Changes b/w (C)lean profiles"
-msgstr ""
+msgstr "Uitsig Veranderinge b/w Skoon (p)rofiele"
#: ../apparmor/ui.py:270
msgid "(V)iew"
-msgstr ""
+msgstr "(U)itsig"
#: ../apparmor/ui.py:271
msgid "(E)nable Repository"
-msgstr ""
+msgstr "(A)ktiveer Bewaarplek"
#: ../apparmor/ui.py:272
msgid "(D)isable Repository"
-msgstr ""
+msgstr "(D)eaktiveer Bewaarplek"
#: ../apparmor/ui.py:273
msgid "(N)ever Ask Again"
-msgstr ""
+msgstr "(V)ra Nooit Weer"
#: ../apparmor/ui.py:274
msgid "Ask Me (L)ater"
-msgstr ""
+msgstr "Vra My (L)ater"
#: ../apparmor/ui.py:277
msgid "Allow All (N)etwork"
-msgstr ""
+msgstr "Toelaat Alle (N)etwerk"
#: ../apparmor/ui.py:278
msgid "Allow Network Fa(m)ily"
-msgstr ""
+msgstr "Toelaat Netwerk Fa(m)ilie"
#: ../apparmor/ui.py:279
msgid "(O)verwrite Profile"
-msgstr ""
+msgstr "(O)orskryf Profiel"
#: ../apparmor/ui.py:280
msgid "(K)eep Profile"
-msgstr ""
+msgstr "(B)ewaar Profiel"
#: ../apparmor/ui.py:281
msgid "(C)ontinue"
-msgstr ""
+msgstr "(V)oortgaan"
#: ../apparmor/ui.py:282
msgid "(I)gnore"
-msgstr ""
+msgstr "(I)gnoreer"
#: ../apparmor/ui.py:344
#, python-format
msgid "PromptUser: Unknown command %s"
-msgstr ""
+msgstr "VinnigeGebruiker: Onbekende bevel %s"
#: ../apparmor/ui.py:351
#, python-format
msgid "PromptUser: Duplicate hotkey for %(command)s: %(menutext)s "
-msgstr ""
+msgstr "Prompt Gebruiker: Duplikaat sneltoets vir %(command)s: %(menutext)s "
#: ../apparmor/ui.py:363
msgid "PromptUser: Invalid hotkey in default item"
-msgstr ""
+msgstr "PromptGebruiker: Ongeldige sneltoets in verstek item"
#: ../apparmor/ui.py:368
#, python-format
msgid "PromptUser: Invalid default %s"
-msgstr ""
+msgstr "PromptGebruiker: Ongeldige verstek %s"
diff --git a/utils/po/be.po b/utils/po/be.po
new file mode 100644
index 0000000000000000000000000000000000000000..ba73e4377c5b19fac16cecb27b5fb708f20a2da4
--- /dev/null
+++ b/utils/po/be.po
@@ -0,0 +1,1126 @@
+# Belarusian translation for apparmor
+# Copyright (c) 2020 Rosetta Contributors and Canonical Ltd 2020
+# This file is distributed under the same license as the apparmor package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2020.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: apparmor\n"
+"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
+"POT-Creation-Date: 2014-09-14 19:29+0530\n"
+"PO-Revision-Date: 2020-05-03 16:54+0000\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: Belarusian <be@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2020-05-04 04:32+0000\n"
+"X-Generator: Launchpad (build fbdff7602bd10fb883bf7e2ddcc7fd5a16f60398)\n"
+
+#: ../aa-genprof:56
+msgid "Generate profile for the given program"
+msgstr ""
+
+#: ../aa-genprof:57 ../aa-logprof:25 ../aa-cleanprof:24 ../aa-mergeprof:34
+#: ../aa-autodep:25 ../aa-audit:25 ../aa-complain:24 ../aa-enforce:24
+#: ../aa-disable:24
+msgid "path to profiles"
+msgstr ""
+
+#: ../aa-genprof:58 ../aa-logprof:26
+msgid "path to logfile"
+msgstr ""
+
+#: ../aa-genprof:59
+msgid "name of program to profile"
+msgstr ""
+
+#: ../aa-genprof:69 ../aa-logprof:37
+#, python-format
+msgid "The logfile %s does not exist. Please check the path"
+msgstr ""
+
+#: ../aa-genprof:75 ../aa-logprof:43 ../aa-unconfined:36
+msgid ""
+"It seems AppArmor was not started. Please enable AppArmor and try again."
+msgstr ""
+
+#: ../aa-genprof:80 ../aa-mergeprof:47
+#, python-format
+msgid "%s is not a directory."
+msgstr ""
+
+#: ../aa-genprof:94
+#, python-format
+msgid ""
+"Can't find %(profiling)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(profiling)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+
+#: ../aa-genprof:96
+#, python-format
+msgid "%s does not exists, please double-check the path."
+msgstr ""
+
+#: ../aa-genprof:124
+msgid ""
+"\n"
+"Before you begin, you may wish to check if a\n"
+"profile already exists for the application you\n"
+"wish to confine. See the following wiki page for\n"
+"more information:"
+msgstr ""
+
+#: ../aa-genprof:126
+msgid ""
+"Please start the application to be profiled in\n"
+"another window and exercise its functionality now.\n"
+"\n"
+"Once completed, select the \"Scan\" option below in \n"
+"order to scan the system logs for AppArmor events. \n"
+"\n"
+"For each AppArmor event, you will be given the \n"
+"opportunity to choose whether the access should be \n"
+"allowed or denied."
+msgstr ""
+
+#: ../aa-genprof:147
+msgid "Profiling"
+msgstr ""
+
+#: ../aa-genprof:165
+msgid ""
+"\n"
+"Reloaded AppArmor profiles in enforce mode."
+msgstr ""
+
+#: ../aa-genprof:166
+msgid ""
+"\n"
+"Please consider contributing your new profile!\n"
+"See the following wiki page for more information:"
+msgstr ""
+
+#: ../aa-genprof:167
+#, python-format
+msgid "Finished generating profile for %s."
+msgstr ""
+
+#: ../aa-logprof:24
+msgid "Process log entries to generate profiles"
+msgstr ""
+
+#: ../aa-logprof:27
+msgid "mark in the log to start processing after"
+msgstr ""
+
+#: ../aa-cleanprof:23
+msgid "Cleanup the profiles for the given programs"
+msgstr ""
+
+#: ../aa-cleanprof:25 ../aa-autodep:26 ../aa-audit:27 ../aa-complain:25
+#: ../aa-enforce:25 ../aa-disable:25
+msgid "name of program"
+msgstr ""
+
+#: ../aa-cleanprof:26
+msgid "Silently overwrite with a clean profile"
+msgstr ""
+
+#: ../aa-mergeprof:29
+msgid "Perform a 2-way or 3-way merge on the given profiles"
+msgstr ""
+
+#: ../aa-mergeprof:31
+msgid "your profile"
+msgstr ""
+
+#: ../aa-mergeprof:32
+msgid "base profile"
+msgstr ""
+
+#: ../aa-mergeprof:33
+msgid "other profile"
+msgstr ""
+
+#: ../aa-mergeprof:67 ../apparmor/aa.py:2345
+msgid ""
+"The following local profiles were changed. Would you like to save them?"
+msgstr ""
+
+#: ../aa-mergeprof:148 ../aa-mergeprof:430 ../apparmor/aa.py:1767
+msgid "Path"
+msgstr ""
+
+#: ../aa-mergeprof:149
+msgid "Select the appropriate mode"
+msgstr ""
+
+#: ../aa-mergeprof:166
+msgid "Unknown selection"
+msgstr ""
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "File includes"
+msgstr ""
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "Select the ones you wish to add"
+msgstr ""
+
+#: ../aa-mergeprof:195 ../aa-mergeprof:222
+#, python-format
+msgid "Adding %s to the file."
+msgstr ""
+
+#: ../aa-mergeprof:199 ../apparmor/aa.py:2258
+msgid "unknown"
+msgstr ""
+
+#: ../aa-mergeprof:224 ../aa-mergeprof:275 ../aa-mergeprof:516
+#: ../aa-mergeprof:558 ../aa-mergeprof:675 ../apparmor/aa.py:1620
+#: ../apparmor/aa.py:1859 ../apparmor/aa.py:1899 ../apparmor/aa.py:2012
+#, python-format
+msgid "Deleted %s previous matching profile entries."
+msgstr ""
+
+#: ../aa-mergeprof:244 ../aa-mergeprof:429 ../aa-mergeprof:629
+#: ../aa-mergeprof:656 ../apparmor/aa.py:992 ../apparmor/aa.py:1252
+#: ../apparmor/aa.py:1562 ../apparmor/aa.py:1603 ../apparmor/aa.py:1766
+#: ../apparmor/aa.py:1958 ../apparmor/aa.py:1994
+msgid "Profile"
+msgstr ""
+
+#: ../aa-mergeprof:245 ../apparmor/aa.py:1563 ../apparmor/aa.py:1604
+msgid "Capability"
+msgstr ""
+
+#: ../aa-mergeprof:246 ../aa-mergeprof:480 ../apparmor/aa.py:1258
+#: ../apparmor/aa.py:1564 ../apparmor/aa.py:1605 ../apparmor/aa.py:1817
+msgid "Severity"
+msgstr ""
+
+#: ../aa-mergeprof:273 ../aa-mergeprof:514 ../apparmor/aa.py:1618
+#: ../apparmor/aa.py:1857
+#, python-format
+msgid "Adding %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:282 ../apparmor/aa.py:1627
+#, python-format
+msgid "Adding capability %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:289 ../apparmor/aa.py:1634
+#, python-format
+msgid "Denying capability %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:439 ../aa-mergeprof:470 ../apparmor/aa.py:1776
+#: ../apparmor/aa.py:1807
+msgid "(owner permissions off)"
+msgstr ""
+
+#: ../aa-mergeprof:444 ../apparmor/aa.py:1781
+msgid "(force new perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:447 ../apparmor/aa.py:1784
+msgid "(force all rule perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:459 ../apparmor/aa.py:1796
+msgid "Old Mode"
+msgstr ""
+
+#: ../aa-mergeprof:460 ../apparmor/aa.py:1797
+msgid "New Mode"
+msgstr ""
+
+#: ../aa-mergeprof:475 ../apparmor/aa.py:1812
+msgid "(force perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:478 ../apparmor/aa.py:1815
+msgid "Mode"
+msgstr ""
+
+#: ../aa-mergeprof:556
+#, python-format
+msgid "Adding %(path)s %(mod)s to profile"
+msgstr ""
+
+#: ../aa-mergeprof:574 ../apparmor/aa.py:1915
+msgid "Enter new path: "
+msgstr ""
+
+#: ../aa-mergeprof:630 ../aa-mergeprof:657 ../apparmor/aa.py:1959
+#: ../apparmor/aa.py:1995
+msgid "Network Family"
+msgstr ""
+
+#: ../aa-mergeprof:631 ../aa-mergeprof:658 ../apparmor/aa.py:1960
+#: ../apparmor/aa.py:1996
+msgid "Socket Type"
+msgstr ""
+
+#: ../aa-mergeprof:673 ../apparmor/aa.py:2010
+#, python-format
+msgid "Adding %s to profile"
+msgstr ""
+
+#: ../aa-mergeprof:683 ../apparmor/aa.py:2020
+#, python-format
+msgid "Adding network access %(family)s %(type)s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:689 ../apparmor/aa.py:2026
+#, python-format
+msgid "Denying network access %(family)s %(type)s to profile"
+msgstr ""
+
+#: ../aa-autodep:23
+msgid "Generate a basic AppArmor profile by guessing requirements"
+msgstr ""
+
+#: ../aa-autodep:24
+msgid "overwrite existing profile"
+msgstr ""
+
+#: ../aa-audit:24
+msgid "Switch the given programs to audit mode"
+msgstr ""
+
+#: ../aa-audit:26
+msgid "remove audit mode"
+msgstr ""
+
+#: ../aa-audit:28
+msgid "Show full trace"
+msgstr ""
+
+#: ../aa-complain:23
+msgid "Switch the given program to complain mode"
+msgstr ""
+
+#: ../aa-enforce:23
+msgid "Switch the given program to enforce mode"
+msgstr ""
+
+#: ../aa-disable:23
+msgid "Disable the profile for the given programs"
+msgstr ""
+
+#: ../aa-unconfined:28
+msgid "Lists unconfined processes having tcp or udp ports"
+msgstr ""
+
+#: ../aa-unconfined:29
+msgid "scan all processes from /proc"
+msgstr ""
+
+#: ../aa-unconfined:81
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) not confined"
+msgstr ""
+
+#: ../aa-unconfined:85
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s not confined"
+msgstr ""
+
+#: ../aa-unconfined:90
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) confined by '%(attribute)s'"
+msgstr ""
+
+#: ../aa-unconfined:94
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s confined by '%(attribute)s'"
+msgstr ""
+
+#: ../apparmor/aa.py:196
+#, python-format
+msgid "Followed too many links while resolving %s"
+msgstr ""
+
+#: ../apparmor/aa.py:252 ../apparmor/aa.py:259
+#, python-format
+msgid "Can't find %s"
+msgstr ""
+
+#: ../apparmor/aa.py:264 ../apparmor/aa.py:548
+#, python-format
+msgid "Setting %s to complain mode."
+msgstr ""
+
+#: ../apparmor/aa.py:271
+#, python-format
+msgid "Setting %s to enforce mode."
+msgstr ""
+
+#: ../apparmor/aa.py:286
+#, python-format
+msgid "Unable to find basename for %s."
+msgstr ""
+
+#: ../apparmor/aa.py:301
+#, python-format
+msgid "Could not create %(link)s symlink to %(filename)s."
+msgstr ""
+
+#: ../apparmor/aa.py:314
+#, python-format
+msgid "Unable to read first line from %s: File Not Found"
+msgstr ""
+
+#: ../apparmor/aa.py:328
+#, python-format
+msgid ""
+"Unable to fork: %(program)s\n"
+"\t%(error)s"
+msgstr ""
+
+#: ../apparmor/aa.py:449 ../apparmor/ui.py:303
+msgid ""
+"Are you sure you want to abandon this set of profile changes and exit?"
+msgstr ""
+
+#: ../apparmor/aa.py:451 ../apparmor/ui.py:305
+msgid "Abandoning all changes."
+msgstr ""
+
+#: ../apparmor/aa.py:464
+msgid "Connecting to repository..."
+msgstr ""
+
+#: ../apparmor/aa.py:470
+msgid "WARNING: Error fetching profiles from the repository"
+msgstr ""
+
+#: ../apparmor/aa.py:550
+#, python-format
+msgid "Error activating profiles: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:605
+#, python-format
+msgid "%s contains no profile"
+msgstr ""
+
+#: ../apparmor/aa.py:706
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository:\n"
+"%s\n"
+msgstr ""
+
+#: ../apparmor/aa.py:744
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository\n"
+"%s"
+msgstr ""
+
+#: ../apparmor/aa.py:832 ../apparmor/aa.py:883
+#, python-format
+msgid ""
+"WARNING: An error occurred while uploading the profile %(profile)s\n"
+"%(ret)s"
+msgstr ""
+
+#: ../apparmor/aa.py:833
+msgid "Uploaded changes to repository."
+msgstr ""
+
+#: ../apparmor/aa.py:865
+msgid "Changelog Entry: "
+msgstr ""
+
+#: ../apparmor/aa.py:885
+msgid ""
+"Repository Error\n"
+"Registration or Signin was unsuccessful. User login\n"
+"information is required to upload profiles to the repository.\n"
+"These changes could not be sent."
+msgstr ""
+
+#: ../apparmor/aa.py:995
+msgid "Default Hat"
+msgstr ""
+
+#: ../apparmor/aa.py:997
+msgid "Requested Hat"
+msgstr ""
+
+#: ../apparmor/aa.py:1218
+#, python-format
+msgid "%s has transition name but not transition mode"
+msgstr ""
+
+#: ../apparmor/aa.py:1232
+#, python-format
+msgid "Target profile exists: %s\n"
+msgstr ""
+
+#: ../apparmor/aa.py:1254
+msgid "Program"
+msgstr ""
+
+#: ../apparmor/aa.py:1257
+msgid "Execute"
+msgstr ""
+
+#: ../apparmor/aa.py:1287
+msgid "Are you specifying a transition to a local profile?"
+msgstr ""
+
+#: ../apparmor/aa.py:1299
+msgid "Enter profile name to transition to: "
+msgstr ""
+
+#: ../apparmor/aa.py:1308
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but some applications depend on the presence\n"
+"of LD_PRELOAD or LD_LIBRARY_PATH."
+msgstr ""
+
+#: ../apparmor/aa.py:1310
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but this application appears to be using LD_PRELOAD\n"
+"or LD_LIBRARY_PATH and sanitising the environment\n"
+"could cause functionality problems."
+msgstr ""
+
+#: ../apparmor/aa.py:1318
+#, python-format
+msgid ""
+"Launching processes in an unconfined state is a very\n"
+"dangerous operation and can cause serious security holes.\n"
+"\n"
+"Are you absolutely certain you wish to remove all\n"
+"AppArmor protection when executing %s ?"
+msgstr ""
+
+#: ../apparmor/aa.py:1320
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"running this program unconfined?\n"
+"\n"
+"Not sanitising the environment when unconfining\n"
+"a program opens up significant security holes\n"
+"and should be avoided if at all possible."
+msgstr ""
+
+#: ../apparmor/aa.py:1396 ../apparmor/aa.py:1414
+#, python-format
+msgid ""
+"A profile for %s does not exist.\n"
+"Do you want to create one?"
+msgstr ""
+
+#: ../apparmor/aa.py:1523
+msgid "Complain-mode changes:"
+msgstr ""
+
+#: ../apparmor/aa.py:1525
+msgid "Enforce-mode changes:"
+msgstr ""
+
+#: ../apparmor/aa.py:1528
+#, python-format
+msgid "Invalid mode found: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:1897
+#, python-format
+msgid "Adding %(path)s %(mode)s to profile"
+msgstr ""
+
+#: ../apparmor/aa.py:1918
+#, python-format
+msgid ""
+"The specified path does not match this log entry:\n"
+"\n"
+" Log Entry: %(path)s\n"
+" Entered Path: %(ans)s\n"
+"Do you really want to use this path?"
+msgstr ""
+
+#: ../apparmor/aa.py:2251
+#, python-format
+msgid "Reading log entries from %s."
+msgstr ""
+
+#: ../apparmor/aa.py:2254
+#, python-format
+msgid "Updating AppArmor profiles in %s."
+msgstr ""
+
+#: ../apparmor/aa.py:2323
+msgid ""
+"Select which profile changes you would like to save to the\n"
+"local profile set."
+msgstr ""
+
+#: ../apparmor/aa.py:2324
+msgid "Local profile changes"
+msgstr ""
+
+#: ../apparmor/aa.py:2418
+msgid "Profile Changes"
+msgstr ""
+
+#: ../apparmor/aa.py:2428
+#, python-format
+msgid "Can't find existing profile %s to compare changes."
+msgstr ""
+
+#: ../apparmor/aa.py:2566 ../apparmor/aa.py:2581
+#, python-format
+msgid "Can't read AppArmor profiles in %s"
+msgstr ""
+
+#: ../apparmor/aa.py:2677
+#, python-format
+msgid ""
+"%(profile)s profile in %(file)s contains syntax errors in line: %(line)s."
+msgstr ""
+
+#: ../apparmor/aa.py:2734
+#, python-format
+msgid ""
+"Syntax Error: Unexpected End of Profile reached in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2749
+#, python-format
+msgid ""
+"Syntax Error: Unexpected capability entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2770
+#, python-format
+msgid ""
+"Syntax Error: Unexpected link entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2798
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change profile entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2820
+#, python-format
+msgid ""
+"Syntax Error: Unexpected rlimit entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2831
+#, python-format
+msgid ""
+"Syntax Error: Unexpected boolean definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2871
+#, python-format
+msgid ""
+"Syntax Error: Unexpected bare file rule found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2894
+#, python-format
+msgid ""
+"Syntax Error: Unexpected path entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2922
+#, python-format
+msgid "Syntax Error: Invalid Regex %(path)s in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2925
+#, python-format
+msgid "Invalid mode %(mode)s in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2977
+#, python-format
+msgid ""
+"Syntax Error: Unexpected network entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3007
+#, python-format
+msgid ""
+"Syntax Error: Unexpected dbus entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3030
+#, python-format
+msgid ""
+"Syntax Error: Unexpected mount entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3052
+#, python-format
+msgid ""
+"Syntax Error: Unexpected signal entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3074
+#, python-format
+msgid ""
+"Syntax Error: Unexpected ptrace entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3096
+#, python-format
+msgid ""
+"Syntax Error: Unexpected pivot_root entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3118
+#, python-format
+msgid ""
+"Syntax Error: Unexpected unix entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3140
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change hat declaration found in file: %(file)s "
+"line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3152
+#, python-format
+msgid ""
+"Syntax Error: Unexpected hat definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3168
+#, python-format
+msgid "Error: Multiple definitions for hat %(hat)s in profile %(profile)s."
+msgstr ""
+
+#: ../apparmor/aa.py:3185
+#, python-format
+msgid "Warning: invalid \"REPOSITORY:\" line in %s, ignoring."
+msgstr ""
+
+#: ../apparmor/aa.py:3198
+#, python-format
+msgid "Syntax Error: Unknown line found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3211
+#, python-format
+msgid ""
+"Syntax Error: Missing '}' or ','. Reached end of file %(file)s while inside "
+"profile %(profile)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3277
+#, python-format
+msgid "Redefining existing variable %(variable)s: %(value)s in %(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3282
+#, python-format
+msgid ""
+"Values added to a non-existing variable %(variable)s: %(value)s in %(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3284
+#, python-format
+msgid ""
+"Unknown variable operation %(operation)s for variable %(variable)s in "
+"%(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3343
+#, python-format
+msgid "Invalid allow string: %(allow)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3778
+msgid "Can't find existing profile to modify"
+msgstr ""
+
+#: ../apparmor/aa.py:4347
+#, python-format
+msgid "Writing updated profile for %s."
+msgstr ""
+
+#: ../apparmor/aa.py:4481
+#, python-format
+msgid "File Not Found: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:4591
+#, python-format
+msgid ""
+"%s is currently marked as a program that should not have its own\n"
+"profile. Usually, programs are marked this way if creating a profile for \n"
+"them is likely to break the rest of the system. If you know what you're\n"
+"doing and are certain you want to create a profile for this program, edit\n"
+"the corresponding entry in the [qualifiers] section in "
+"/etc/apparmor/logprof.conf."
+msgstr ""
+
+#: ../apparmor/logparser.py:127 ../apparmor/logparser.py:132
+#, python-format
+msgid "Log contains unknown mode %s"
+msgstr ""
+
+#: ../apparmor/tools.py:84 ../apparmor/tools.py:126
+#, python-format
+msgid ""
+"Can't find %(program)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(program)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+
+#: ../apparmor/tools.py:86 ../apparmor/tools.py:102 ../apparmor/tools.py:128
+#, python-format
+msgid "%s does not exist, please double-check the path."
+msgstr ""
+
+#: ../apparmor/tools.py:100
+msgid ""
+"The given program cannot be found, please try with the fully qualified path "
+"name of the program: "
+msgstr ""
+
+#: ../apparmor/tools.py:113 ../apparmor/tools.py:137 ../apparmor/tools.py:157
+#: ../apparmor/tools.py:175 ../apparmor/tools.py:193
+#, python-format
+msgid "Profile for %s not found, skipping"
+msgstr ""
+
+#: ../apparmor/tools.py:140
+#, python-format
+msgid "Disabling %s."
+msgstr ""
+
+#: ../apparmor/tools.py:198
+#, python-format
+msgid "Setting %s to audit mode."
+msgstr ""
+
+#: ../apparmor/tools.py:200
+#, python-format
+msgid "Removing audit mode from %s."
+msgstr ""
+
+#: ../apparmor/tools.py:212
+#, python-format
+msgid ""
+"Please pass an application to generate a profile for, not a profile itself - "
+"skipping %s."
+msgstr ""
+
+#: ../apparmor/tools.py:220
+#, python-format
+msgid "Profile for %s already exists - skipping."
+msgstr ""
+
+#: ../apparmor/tools.py:232
+#, python-format
+msgid ""
+"\n"
+"Deleted %s rules."
+msgstr ""
+
+#: ../apparmor/tools.py:240
+#, python-format
+msgid ""
+"The local profile for %(program)s in file %(file)s was changed. Would you "
+"like to save it?"
+msgstr ""
+
+#: ../apparmor/tools.py:260
+#, python-format
+msgid "The profile for %s does not exists. Nothing to clean."
+msgstr ""
+
+#: ../apparmor/ui.py:61
+msgid "Invalid hotkey for"
+msgstr ""
+
+#: ../apparmor/ui.py:77 ../apparmor/ui.py:121 ../apparmor/ui.py:275
+msgid "(Y)es"
+msgstr ""
+
+#: ../apparmor/ui.py:78 ../apparmor/ui.py:122 ../apparmor/ui.py:276
+msgid "(N)o"
+msgstr ""
+
+#: ../apparmor/ui.py:123
+msgid "(C)ancel"
+msgstr ""
+
+#: ../apparmor/ui.py:223
+msgid "(A)llow"
+msgstr ""
+
+#: ../apparmor/ui.py:224
+msgid "(M)ore"
+msgstr ""
+
+#: ../apparmor/ui.py:225
+msgid "Audi(t)"
+msgstr ""
+
+#: ../apparmor/ui.py:226
+msgid "Audi(t) off"
+msgstr ""
+
+#: ../apparmor/ui.py:227
+msgid "Audit (A)ll"
+msgstr ""
+
+#: ../apparmor/ui.py:229
+msgid "(O)wner permissions on"
+msgstr ""
+
+#: ../apparmor/ui.py:230
+msgid "(O)wner permissions off"
+msgstr ""
+
+#: ../apparmor/ui.py:231
+msgid "(D)eny"
+msgstr ""
+
+#: ../apparmor/ui.py:232
+msgid "Abo(r)t"
+msgstr ""
+
+#: ../apparmor/ui.py:233
+msgid "(F)inish"
+msgstr ""
+
+#: ../apparmor/ui.py:234
+msgid "(I)nherit"
+msgstr ""
+
+#: ../apparmor/ui.py:235
+msgid "(P)rofile"
+msgstr ""
+
+#: ../apparmor/ui.py:236
+msgid "(P)rofile Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:237
+msgid "(C)hild"
+msgstr ""
+
+#: ../apparmor/ui.py:238
+msgid "(C)hild Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:239
+msgid "(N)amed"
+msgstr ""
+
+#: ../apparmor/ui.py:240
+msgid "(N)amed Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:241
+msgid "(U)nconfined"
+msgstr ""
+
+#: ../apparmor/ui.py:242
+msgid "(U)nconfined Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:243
+msgid "(P)rofile Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:244
+msgid "(P)rofile Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:245
+msgid "(C)hild Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:246
+msgid "(C)hild Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:247
+msgid "(N)amed Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:248
+msgid "(N)amed Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:249
+msgid "(X) ix On"
+msgstr ""
+
+#: ../apparmor/ui.py:250
+msgid "(X) ix Off"
+msgstr ""
+
+#: ../apparmor/ui.py:251 ../apparmor/ui.py:265
+msgid "(S)ave Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:252
+msgid "(C)ontinue Profiling"
+msgstr ""
+
+#: ../apparmor/ui.py:253
+msgid "(N)ew"
+msgstr ""
+
+#: ../apparmor/ui.py:254
+msgid "(G)lob"
+msgstr ""
+
+#: ../apparmor/ui.py:255
+msgid "Glob with (E)xtension"
+msgstr ""
+
+#: ../apparmor/ui.py:256
+msgid "(A)dd Requested Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:257
+msgid "(U)se Default Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:258
+msgid "(S)can system log for AppArmor events"
+msgstr ""
+
+#: ../apparmor/ui.py:259
+msgid "(H)elp"
+msgstr ""
+
+#: ../apparmor/ui.py:260
+msgid "(V)iew Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:261
+msgid "(U)se Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:262
+msgid "(C)reate New Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:263
+msgid "(U)pdate Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:264
+msgid "(I)gnore Update"
+msgstr ""
+
+#: ../apparmor/ui.py:266
+msgid "Save Selec(t)ed Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:267
+msgid "(U)pload Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:268
+msgid "(V)iew Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:269
+msgid "View Changes b/w (C)lean profiles"
+msgstr ""
+
+#: ../apparmor/ui.py:270
+msgid "(V)iew"
+msgstr ""
+
+#: ../apparmor/ui.py:271
+msgid "(E)nable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:272
+msgid "(D)isable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:273
+msgid "(N)ever Ask Again"
+msgstr ""
+
+#: ../apparmor/ui.py:274
+msgid "Ask Me (L)ater"
+msgstr ""
+
+#: ../apparmor/ui.py:277
+msgid "Allow All (N)etwork"
+msgstr ""
+
+#: ../apparmor/ui.py:278
+msgid "Allow Network Fa(m)ily"
+msgstr ""
+
+#: ../apparmor/ui.py:279
+msgid "(O)verwrite Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:280
+msgid "(K)eep Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:281
+msgid "(C)ontinue"
+msgstr ""
+
+#: ../apparmor/ui.py:282
+msgid "(I)gnore"
+msgstr ""
+
+#: ../apparmor/ui.py:344
+#, python-format
+msgid "PromptUser: Unknown command %s"
+msgstr ""
+
+#: ../apparmor/ui.py:351
+#, python-format
+msgid "PromptUser: Duplicate hotkey for %(command)s: %(menutext)s "
+msgstr ""
+
+#: ../apparmor/ui.py:363
+msgid "PromptUser: Invalid hotkey in default item"
+msgstr ""
+
+#: ../apparmor/ui.py:368
+#, python-format
+msgid "PromptUser: Invalid default %s"
+msgstr ""
diff --git a/utils/po/cs.po b/utils/po/cs.po
new file mode 100644
index 0000000000000000000000000000000000000000..fa2ccf4e876d3993df3ff1f3901159716b32b051
--- /dev/null
+++ b/utils/po/cs.po
@@ -0,0 +1,1178 @@
+# Czech translation for apparmor
+# Copyright (c) 2022 Rosetta Contributors and Canonical Ltd 2022
+# This file is distributed under the same license as the apparmor package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2022.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: apparmor\n"
+"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
+"POT-Creation-Date: 2014-09-14 19:29+0530\n"
+"PO-Revision-Date: 2022-11-19 14:00+0000\n"
+"Last-Translator: Marek HladÃk <mhladik@seznam.cz>\n"
+"Language-Team: Czech <cs@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2022-11-20 04:32+0000\n"
+"X-Generator: Launchpad (build 58312c50d0ade23d24f71d3daeac191f58b3ed83)\n"
+
+#: ../aa-genprof:56
+msgid "Generate profile for the given program"
+msgstr "Vygenerovat profil pro daný program"
+
+#: ../aa-genprof:57 ../aa-logprof:25 ../aa-cleanprof:24 ../aa-mergeprof:34
+#: ../aa-autodep:25 ../aa-audit:25 ../aa-complain:24 ../aa-enforce:24
+#: ../aa-disable:24
+msgid "path to profiles"
+msgstr "cesta k profilům"
+
+#: ../aa-genprof:58 ../aa-logprof:26
+msgid "path to logfile"
+msgstr "cesta k souboru protokolu"
+
+#: ../aa-genprof:59
+msgid "name of program to profile"
+msgstr "název programu do profilu"
+
+#: ../aa-genprof:69 ../aa-logprof:37
+#, python-format
+msgid "The logfile %s does not exist. Please check the path"
+msgstr "Soubor protokolu %s neexistuje. Zkontrolujte prosÃm cestu"
+
+#: ../aa-genprof:75 ../aa-logprof:43 ../aa-unconfined:36
+msgid ""
+"It seems AppArmor was not started. Please enable AppArmor and try again."
+msgstr ""
+"Zdá se, že AppArmor nebyl spuÅ¡tÄ›n. Povolte prosÃm AppArmor a zkuste to znovu."
+
+#: ../aa-genprof:80 ../aa-mergeprof:47
+#, python-format
+msgid "%s is not a directory."
+msgstr "%s nenà adresář."
+
+#: ../aa-genprof:94
+#, python-format
+msgid ""
+"Can't find %(profiling)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(profiling)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+"V seznamu systémových cest nelze najÃt %(profiling)s. Pokud je název "
+"aplikace\n"
+"správný, spusÅ¥te prosÃm 'who %(profiling)s' jako uživatel se správným\n"
+"nastaveným prostÅ™edÃm PATH, abyste naÅ¡li plnÄ› kvalifikovanou cestu\n"
+"a použili úplnou cestu jako parametr."
+
+#: ../aa-genprof:96
+#, python-format
+msgid "%s does not exists, please double-check the path."
+msgstr "%s neexistuje, prosÃm znovu zkontrolujte cestu."
+
+#: ../aa-genprof:124
+msgid ""
+"\n"
+"Before you begin, you may wish to check if a\n"
+"profile already exists for the application you\n"
+"wish to confine. See the following wiki page for\n"
+"more information:"
+msgstr ""
+"\n"
+"Než zaÄnete, možná budete chtÃt zkontrolovat, zda\n"
+"již existuje profil pro aplikaci, kterou chcete omezit.\n"
+"DalÅ¡Ã informace naleznete na následujÃcÃ\n"
+"wiki stránce:"
+
+#: ../aa-genprof:126
+msgid ""
+"Please start the application to be profiled in\n"
+"another window and exercise its functionality now.\n"
+"\n"
+"Once completed, select the \"Scan\" option below in \n"
+"order to scan the system logs for AppArmor events. \n"
+"\n"
+"For each AppArmor event, you will be given the \n"
+"opportunity to choose whether the access should be \n"
+"allowed or denied."
+msgstr ""
+
+#: ../aa-genprof:147
+msgid "Profiling"
+msgstr "ProfilovánÃ"
+
+#: ../aa-genprof:165
+msgid ""
+"\n"
+"Reloaded AppArmor profiles in enforce mode."
+msgstr ""
+"\n"
+"Znovu naÄtené profily AppArmor v režimu vynucenÃ."
+
+#: ../aa-genprof:166
+msgid ""
+"\n"
+"Please consider contributing your new profile!\n"
+"See the following wiki page for more information:"
+msgstr ""
+"\n"
+"Zvažte prosÃm pÅ™ispÄ›nà svým novým profilem!\n"
+"Dalšà informace naleznete na wiki stránce:"
+
+#: ../aa-genprof:167
+#, python-format
+msgid "Finished generating profile for %s."
+msgstr "DokonÄeno generovánà profilu pro %s."
+
+#: ../aa-logprof:24
+msgid "Process log entries to generate profiles"
+msgstr "Zpracovánà záznamů protokolu pro generovánà profilů"
+
+#: ../aa-logprof:27
+msgid "mark in the log to start processing after"
+msgstr "oznaÄte v protokolu pro zahájenà zpracovánà po"
+
+#: ../aa-cleanprof:23
+msgid "Cleanup the profiles for the given programs"
+msgstr "VyÄistÄ›te profily pro dané programy"
+
+#: ../aa-cleanprof:25 ../aa-autodep:26 ../aa-audit:27 ../aa-complain:25
+#: ../aa-enforce:25 ../aa-disable:25
+msgid "name of program"
+msgstr "název programu"
+
+#: ../aa-cleanprof:26
+msgid "Silently overwrite with a clean profile"
+msgstr "PÅ™epsánà Äistým profilem bez upozornÄ›nÃ"
+
+#: ../aa-mergeprof:29
+msgid "Perform a 2-way or 3-way merge on the given profiles"
+msgstr "Provést 2-cestné nebo 3-cestné slouÄenà na daných profilech"
+
+#: ../aa-mergeprof:31
+msgid "your profile"
+msgstr "váš profil"
+
+#: ../aa-mergeprof:32
+msgid "base profile"
+msgstr "základnà profil"
+
+#: ../aa-mergeprof:33
+msgid "other profile"
+msgstr "jiný profil"
+
+#: ../aa-mergeprof:67 ../apparmor/aa.py:2345
+msgid ""
+"The following local profiles were changed. Would you like to save them?"
+msgstr "NásledujÃcà mÃstnà profily byly zmÄ›nÄ›ny. Chcete je uložit?"
+
+#: ../aa-mergeprof:148 ../aa-mergeprof:430 ../apparmor/aa.py:1767
+msgid "Path"
+msgstr "UmÃstÄ›nÃ"
+
+#: ../aa-mergeprof:149
+msgid "Select the appropriate mode"
+msgstr "Vyberte vhodný režim"
+
+#: ../aa-mergeprof:166
+msgid "Unknown selection"
+msgstr "Neznámý výběr"
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "File includes"
+msgstr "Soubor obsahuje"
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "Select the ones you wish to add"
+msgstr "Vyberte ty, které chcete přidat"
+
+#: ../aa-mergeprof:195 ../aa-mergeprof:222
+#, python-format
+msgid "Adding %s to the file."
+msgstr "Přidánà %s do souboru."
+
+#: ../aa-mergeprof:199 ../apparmor/aa.py:2258
+msgid "unknown"
+msgstr "neznámý"
+
+#: ../aa-mergeprof:224 ../aa-mergeprof:275 ../aa-mergeprof:516
+#: ../aa-mergeprof:558 ../aa-mergeprof:675 ../apparmor/aa.py:1620
+#: ../apparmor/aa.py:1859 ../apparmor/aa.py:1899 ../apparmor/aa.py:2012
+#, python-format
+msgid "Deleted %s previous matching profile entries."
+msgstr "Smazáno %s pÅ™edchozÃch odpovÃdajÃcÃch záznamů profilu."
+
+#: ../aa-mergeprof:244 ../aa-mergeprof:429 ../aa-mergeprof:629
+#: ../aa-mergeprof:656 ../apparmor/aa.py:992 ../apparmor/aa.py:1252
+#: ../apparmor/aa.py:1562 ../apparmor/aa.py:1603 ../apparmor/aa.py:1766
+#: ../apparmor/aa.py:1958 ../apparmor/aa.py:1994
+msgid "Profile"
+msgstr "Profil"
+
+#: ../aa-mergeprof:245 ../apparmor/aa.py:1563 ../apparmor/aa.py:1604
+msgid "Capability"
+msgstr "Možnost"
+
+#: ../aa-mergeprof:246 ../aa-mergeprof:480 ../apparmor/aa.py:1258
+#: ../apparmor/aa.py:1564 ../apparmor/aa.py:1605 ../apparmor/aa.py:1817
+msgid "Severity"
+msgstr "Důležitost"
+
+#: ../aa-mergeprof:273 ../aa-mergeprof:514 ../apparmor/aa.py:1618
+#: ../apparmor/aa.py:1857
+#, python-format
+msgid "Adding %s to profile."
+msgstr "Přidánà %s do profilu."
+
+#: ../aa-mergeprof:282 ../apparmor/aa.py:1627
+#, python-format
+msgid "Adding capability %s to profile."
+msgstr "Přidánà možnosti %s do profilu."
+
+#: ../aa-mergeprof:289 ../apparmor/aa.py:1634
+#, python-format
+msgid "Denying capability %s to profile."
+msgstr "Odepřenà možnosti %s v profilu."
+
+#: ../aa-mergeprof:439 ../aa-mergeprof:470 ../apparmor/aa.py:1776
+#: ../apparmor/aa.py:1807
+msgid "(owner permissions off)"
+msgstr "(oprávnÄ›nà vlastnÃka vypnuto)"
+
+#: ../aa-mergeprof:444 ../apparmor/aa.py:1781
+msgid "(force new perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:447 ../apparmor/aa.py:1784
+msgid "(force all rule perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:459 ../apparmor/aa.py:1796
+msgid "Old Mode"
+msgstr "Starý režim"
+
+#: ../aa-mergeprof:460 ../apparmor/aa.py:1797
+msgid "New Mode"
+msgstr "Nový režim"
+
+#: ../aa-mergeprof:475 ../apparmor/aa.py:1812
+msgid "(force perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:478 ../apparmor/aa.py:1815
+msgid "Mode"
+msgstr "Režim"
+
+#: ../aa-mergeprof:556
+#, python-format
+msgid "Adding %(path)s %(mod)s to profile"
+msgstr "Přidánà %(path)s %(mod)s do profilu"
+
+#: ../aa-mergeprof:574 ../apparmor/aa.py:1915
+msgid "Enter new path: "
+msgstr "Zadejte novou cestu: "
+
+#: ../aa-mergeprof:630 ../aa-mergeprof:657 ../apparmor/aa.py:1959
+#: ../apparmor/aa.py:1995
+msgid "Network Family"
+msgstr ""
+
+#: ../aa-mergeprof:631 ../aa-mergeprof:658 ../apparmor/aa.py:1960
+#: ../apparmor/aa.py:1996
+msgid "Socket Type"
+msgstr "Typ socketu"
+
+#: ../aa-mergeprof:673 ../apparmor/aa.py:2010
+#, python-format
+msgid "Adding %s to profile"
+msgstr "Přidánà %s do profilu"
+
+#: ../aa-mergeprof:683 ../apparmor/aa.py:2020
+#, python-format
+msgid "Adding network access %(family)s %(type)s to profile."
+msgstr "PÅ™idánà sÃÅ¥ového pÅ™Ãstupu %(family)s %(type)s do profilu."
+
+#: ../aa-mergeprof:689 ../apparmor/aa.py:2026
+#, python-format
+msgid "Denying network access %(family)s %(type)s to profile"
+msgstr "OdepÅ™enà pÅ™Ãstupu k sÃti %(family)s %(type)s do profilu"
+
+#: ../aa-autodep:23
+msgid "Generate a basic AppArmor profile by guessing requirements"
+msgstr "Vygenerovat základnà profil AppArmor odhadem požadavků"
+
+#: ../aa-autodep:24
+msgid "overwrite existing profile"
+msgstr "pÅ™epsat existujÃcà profil"
+
+#: ../aa-audit:24
+msgid "Switch the given programs to audit mode"
+msgstr "Přepnout dané programy do režimu auditu"
+
+#: ../aa-audit:26
+msgid "remove audit mode"
+msgstr "odebrat režim auditu"
+
+#: ../aa-audit:28
+msgid "Show full trace"
+msgstr "Zobrazit celou stopu"
+
+#: ../aa-complain:23
+msgid "Switch the given program to complain mode"
+msgstr "Přepnout daný program do režimu sledovánà (complain)"
+
+#: ../aa-enforce:23
+msgid "Switch the given program to enforce mode"
+msgstr "Přepnout daný program do režimu vynucenà (enforce)"
+
+#: ../aa-disable:23
+msgid "Disable the profile for the given programs"
+msgstr "Zakázat profil pro dané programy"
+
+#: ../aa-unconfined:28
+msgid "Lists unconfined processes having tcp or udp ports"
+msgstr "Vypisuje neomezené procesy s porty tcp nebo udp"
+
+#: ../aa-unconfined:29
+msgid "scan all processes from /proc"
+msgstr "skenovat všechny procesy z /proc"
+
+#: ../aa-unconfined:81
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) not confined"
+msgstr "%(pid)s %(program)s (%(commandline)s) nenà omezen"
+
+#: ../aa-unconfined:85
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s not confined"
+msgstr "%(pid)s %(program)s%(pname)s nenà omezen"
+
+#: ../aa-unconfined:90
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) confined by '%(attribute)s'"
+msgstr "%(pid)s %(program)s (%(commandline)s) omezeno podle '%(attribute)s'"
+
+#: ../aa-unconfined:94
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s confined by '%(attribute)s'"
+msgstr "%(pid)s %(program)s%(pname)s omezeno podle '%(attribute)s'"
+
+#: ../apparmor/aa.py:196
+#, python-format
+msgid "Followed too many links while resolving %s"
+msgstr "PÅ™i Å™eÅ¡enà %s jste sledovali pÅ™ÃliÅ¡ mnoho odkazů"
+
+#: ../apparmor/aa.py:252 ../apparmor/aa.py:259
+#, python-format
+msgid "Can't find %s"
+msgstr "Nezle nalézt %s"
+
+#: ../apparmor/aa.py:264 ../apparmor/aa.py:548
+#, python-format
+msgid "Setting %s to complain mode."
+msgstr "Nastavenà %s do režimu sledovánà (complain)."
+
+#: ../apparmor/aa.py:271
+#, python-format
+msgid "Setting %s to enforce mode."
+msgstr "Nastavenà %s do režimu vynucenà (enforce)."
+
+#: ../apparmor/aa.py:286
+#, python-format
+msgid "Unable to find basename for %s."
+msgstr "Nelze najÃt základnà jméno pro %s."
+
+#: ../apparmor/aa.py:301
+#, python-format
+msgid "Could not create %(link)s symlink to %(filename)s."
+msgstr "Nelze vytvořit %(link)s symbolický odkaz na %(filename)s."
+
+#: ../apparmor/aa.py:314
+#, python-format
+msgid "Unable to read first line from %s: File Not Found"
+msgstr "Nelze pÅ™eÄÃst prvnà řádek z %s: Soubor nenalezen"
+
+#: ../apparmor/aa.py:328
+#, python-format
+msgid ""
+"Unable to fork: %(program)s\n"
+"\t%(error)s"
+msgstr ""
+
+#: ../apparmor/aa.py:449 ../apparmor/ui.py:303
+msgid ""
+"Are you sure you want to abandon this set of profile changes and exit?"
+msgstr "Opravdu chcete zahodit tuto sadu zmÄ›n profilu a odejÃt?"
+
+#: ../apparmor/aa.py:451 ../apparmor/ui.py:305
+msgid "Abandoning all changes."
+msgstr "Zahodit všechny změny."
+
+#: ../apparmor/aa.py:464
+msgid "Connecting to repository..."
+msgstr "Připojovánà k repozitáři..."
+
+#: ../apparmor/aa.py:470
+msgid "WARNING: Error fetching profiles from the repository"
+msgstr "VAROVÃNÃ: Chyba pÅ™i naÄÃtánà profilů z repozitáře"
+
+#: ../apparmor/aa.py:550
+#, python-format
+msgid "Error activating profiles: %s"
+msgstr "Chyba při aktivaci profilů: %s"
+
+#: ../apparmor/aa.py:605
+#, python-format
+msgid "%s contains no profile"
+msgstr "%s neobsahuje žádný profil"
+
+#: ../apparmor/aa.py:706
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository:\n"
+"%s\n"
+msgstr ""
+"VAROVÃNÃ: Chyba pÅ™i synchronizaci profilů s repozitářem:\n"
+"%s\n"
+
+#: ../apparmor/aa.py:744
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository\n"
+"%s"
+msgstr ""
+"VAROVÃNÃ: Chyba pÅ™i synchronizaci profilů s repozitářem\n"
+"%s"
+
+#: ../apparmor/aa.py:832 ../apparmor/aa.py:883
+#, python-format
+msgid ""
+"WARNING: An error occurred while uploading the profile %(profile)s\n"
+"%(ret)s"
+msgstr ""
+"VAROVÃNÃ: PÅ™i nahrávánà profilu %(profile)s doÅ¡lo k chybÄ›\n"
+"%(ret)s"
+
+#: ../apparmor/aa.py:833
+msgid "Uploaded changes to repository."
+msgstr "Změny byly nahrány do repozitáře."
+
+#: ../apparmor/aa.py:865
+msgid "Changelog Entry: "
+msgstr ""
+
+#: ../apparmor/aa.py:885
+msgid ""
+"Repository Error\n"
+"Registration or Signin was unsuccessful. User login\n"
+"information is required to upload profiles to the repository.\n"
+"These changes could not be sent."
+msgstr ""
+"Chyba repozitáře\n"
+"Registrace nebo přihlášenà se nezdařilo. Přihlášenà uživatele\n"
+"informace jsou nutné k nahránà profilů do repozitáře.\n"
+"Tyto změny nebylo možné odeslat."
+
+#: ../apparmor/aa.py:995
+msgid "Default Hat"
+msgstr ""
+
+#: ../apparmor/aa.py:997
+msgid "Requested Hat"
+msgstr ""
+
+#: ../apparmor/aa.py:1218
+#, python-format
+msgid "%s has transition name but not transition mode"
+msgstr ""
+
+#: ../apparmor/aa.py:1232
+#, python-format
+msgid "Target profile exists: %s\n"
+msgstr "CÃlový profil existuje: %s\n"
+
+#: ../apparmor/aa.py:1254
+msgid "Program"
+msgstr "Aplikace"
+
+#: ../apparmor/aa.py:1257
+msgid "Execute"
+msgstr "SpuÅ¡tÄ›nÃ"
+
+#: ../apparmor/aa.py:1287
+msgid "Are you specifying a transition to a local profile?"
+msgstr "Chcete pÅ™ejÃt na mÃstnà profil?"
+
+#: ../apparmor/aa.py:1299
+msgid "Enter profile name to transition to: "
+msgstr "Zadejte název profilu, na který chcete pÅ™ejÃt: "
+
+#: ../apparmor/aa.py:1308
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but some applications depend on the presence\n"
+"of LD_PRELOAD or LD_LIBRARY_PATH."
+msgstr ""
+"MÄ›l by AppArmor vyÄistit prostÅ™edÃ, pÅ™i\n"
+"pÅ™epÃnánà profilů?\n"
+"\n"
+"VyÄiÅ¡tÄ›né prostÅ™edà je bezpeÄnÄ›jÅ¡Ã,\n"
+"ale nÄ›které aplikace jsou závislé na pÅ™Ãtomnosti\n"
+"LD_PRELOAD nebo LD_LIBRARY_PATH."
+
+#: ../apparmor/aa.py:1310
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but this application appears to be using LD_PRELOAD\n"
+"or LD_LIBRARY_PATH and sanitising the environment\n"
+"could cause functionality problems."
+msgstr ""
+"MÄ›l by AppArmor vyÄistit prostÅ™edÃ, pÅ™i\n"
+"pÅ™epÃnánà profilů?\n"
+"\n"
+"VyÄiÅ¡tÄ›né prostÅ™edà je bezpeÄnÄ›jÅ¡Ã,\n"
+"ale zdá se, že tato aplikace použÃvá LD_PRELOAD\n"
+"nebo LD_LIBRARY_PATH a vyÄiÅ¡tÄ›nà prostÅ™edÃ\n"
+"může způsobit funkÄnà problémy."
+
+#: ../apparmor/aa.py:1318
+#, python-format
+msgid ""
+"Launching processes in an unconfined state is a very\n"
+"dangerous operation and can cause serious security holes.\n"
+"\n"
+"Are you absolutely certain you wish to remove all\n"
+"AppArmor protection when executing %s ?"
+msgstr ""
+
+#: ../apparmor/aa.py:1320
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"running this program unconfined?\n"
+"\n"
+"Not sanitising the environment when unconfining\n"
+"a program opens up significant security holes\n"
+"and should be avoided if at all possible."
+msgstr ""
+
+#: ../apparmor/aa.py:1396 ../apparmor/aa.py:1414
+#, python-format
+msgid ""
+"A profile for %s does not exist.\n"
+"Do you want to create one?"
+msgstr ""
+"Profil pro %s neexistuje.\n"
+"Chcete jej vytvořit?"
+
+#: ../apparmor/aa.py:1523
+msgid "Complain-mode changes:"
+msgstr "ZmÄ›ny v režimu sledovánÃ:"
+
+#: ../apparmor/aa.py:1525
+msgid "Enforce-mode changes:"
+msgstr "ZmÄ›ny v režimu vynucenÃ:"
+
+#: ../apparmor/aa.py:1528
+#, python-format
+msgid "Invalid mode found: %s"
+msgstr "Nalezen neplatný režim: %s"
+
+#: ../apparmor/aa.py:1897
+#, python-format
+msgid "Adding %(path)s %(mode)s to profile"
+msgstr "Přidánà %(path)s %(mode)s do profilu"
+
+#: ../apparmor/aa.py:1918
+#, python-format
+msgid ""
+"The specified path does not match this log entry:\n"
+"\n"
+" Log Entry: %(path)s\n"
+" Entered Path: %(ans)s\n"
+"Do you really want to use this path?"
+msgstr ""
+
+#: ../apparmor/aa.py:2251
+#, python-format
+msgid "Reading log entries from %s."
+msgstr "Čtenà záznamů protokolu z %s."
+
+#: ../apparmor/aa.py:2254
+#, python-format
+msgid "Updating AppArmor profiles in %s."
+msgstr "Aktualizace profilů AppArmor v %s."
+
+#: ../apparmor/aa.py:2323
+msgid ""
+"Select which profile changes you would like to save to the\n"
+"local profile set."
+msgstr ""
+"Vyberte, které změny profilu chcete uložit do\n"
+"nastavenà mÃstnÃho profilu."
+
+#: ../apparmor/aa.py:2324
+msgid "Local profile changes"
+msgstr "ZmÄ›ny lokálnÃho profilu"
+
+#: ../apparmor/aa.py:2418
+msgid "Profile Changes"
+msgstr "Změny profilu"
+
+#: ../apparmor/aa.py:2428
+#, python-format
+msgid "Can't find existing profile %s to compare changes."
+msgstr "Nelze najÃt existujÃcà profil %s pro porovnánà zmÄ›n."
+
+#: ../apparmor/aa.py:2566 ../apparmor/aa.py:2581
+#, python-format
+msgid "Can't read AppArmor profiles in %s"
+msgstr "Nelze naÄÃst profily AppArmor v %s"
+
+#: ../apparmor/aa.py:2677
+#, python-format
+msgid ""
+"%(profile)s profile in %(file)s contains syntax errors in line: %(line)s."
+msgstr ""
+"Profil %(profile)s v %(file)s obsahuje chyby syntaxe na řádku: %(line)s."
+
+#: ../apparmor/aa.py:2734
+#, python-format
+msgid ""
+"Syntax Error: Unexpected End of Profile reached in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+"Chyba syntaxe: Bylo dosaženo neÄekanÄ› konce profilu v souboru: %(file)s na "
+"řádku: %(line)s"
+
+#: ../apparmor/aa.py:2749
+#, python-format
+msgid ""
+"Syntax Error: Unexpected capability entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+"Chyba syntaxe: V souboru: %(file)s na řádku: %(line)s byl nalezen "
+"neoÄekávaný záznam"
+
+#: ../apparmor/aa.py:2770
+#, python-format
+msgid ""
+"Syntax Error: Unexpected link entry found in file: %(file)s line: %(line)s"
+msgstr ""
+"Chyba syntaxe: V souboru byl nalezen neoÄekávaný záznam odkazu: %(file)s na "
+"řádku: %(line)s"
+
+#: ../apparmor/aa.py:2798
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change profile entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+"Chyba syntaxe: V souboru: %(file)s na řádku: %(line)s nalezen záznam "
+"neoÄekávané zmÄ›ny profilu"
+
+#: ../apparmor/aa.py:2820
+#, python-format
+msgid ""
+"Syntax Error: Unexpected rlimit entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2831
+#, python-format
+msgid ""
+"Syntax Error: Unexpected boolean definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2871
+#, python-format
+msgid ""
+"Syntax Error: Unexpected bare file rule found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2894
+#, python-format
+msgid ""
+"Syntax Error: Unexpected path entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2922
+#, python-format
+msgid "Syntax Error: Invalid Regex %(path)s in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2925
+#, python-format
+msgid "Invalid mode %(mode)s in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2977
+#, python-format
+msgid ""
+"Syntax Error: Unexpected network entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3007
+#, python-format
+msgid ""
+"Syntax Error: Unexpected dbus entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3030
+#, python-format
+msgid ""
+"Syntax Error: Unexpected mount entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3052
+#, python-format
+msgid ""
+"Syntax Error: Unexpected signal entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3074
+#, python-format
+msgid ""
+"Syntax Error: Unexpected ptrace entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3096
+#, python-format
+msgid ""
+"Syntax Error: Unexpected pivot_root entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3118
+#, python-format
+msgid ""
+"Syntax Error: Unexpected unix entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3140
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change hat declaration found in file: %(file)s "
+"line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3152
+#, python-format
+msgid ""
+"Syntax Error: Unexpected hat definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3168
+#, python-format
+msgid "Error: Multiple definitions for hat %(hat)s in profile %(profile)s."
+msgstr ""
+
+#: ../apparmor/aa.py:3185
+#, python-format
+msgid "Warning: invalid \"REPOSITORY:\" line in %s, ignoring."
+msgstr ""
+
+#: ../apparmor/aa.py:3198
+#, python-format
+msgid "Syntax Error: Unknown line found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3211
+#, python-format
+msgid ""
+"Syntax Error: Missing '}' or ','. Reached end of file %(file)s while inside "
+"profile %(profile)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3277
+#, python-format
+msgid "Redefining existing variable %(variable)s: %(value)s in %(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3282
+#, python-format
+msgid ""
+"Values added to a non-existing variable %(variable)s: %(value)s in %(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3284
+#, python-format
+msgid ""
+"Unknown variable operation %(operation)s for variable %(variable)s in "
+"%(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3343
+#, python-format
+msgid "Invalid allow string: %(allow)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3778
+msgid "Can't find existing profile to modify"
+msgstr ""
+
+#: ../apparmor/aa.py:4347
+#, python-format
+msgid "Writing updated profile for %s."
+msgstr ""
+
+#: ../apparmor/aa.py:4481
+#, python-format
+msgid "File Not Found: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:4591
+#, python-format
+msgid ""
+"%s is currently marked as a program that should not have its own\n"
+"profile. Usually, programs are marked this way if creating a profile for \n"
+"them is likely to break the rest of the system. If you know what you're\n"
+"doing and are certain you want to create a profile for this program, edit\n"
+"the corresponding entry in the [qualifiers] section in "
+"/etc/apparmor/logprof.conf."
+msgstr ""
+
+#: ../apparmor/logparser.py:127 ../apparmor/logparser.py:132
+#, python-format
+msgid "Log contains unknown mode %s"
+msgstr ""
+
+#: ../apparmor/tools.py:84 ../apparmor/tools.py:126
+#, python-format
+msgid ""
+"Can't find %(program)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(program)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+
+#: ../apparmor/tools.py:86 ../apparmor/tools.py:102 ../apparmor/tools.py:128
+#, python-format
+msgid "%s does not exist, please double-check the path."
+msgstr ""
+
+#: ../apparmor/tools.py:100
+msgid ""
+"The given program cannot be found, please try with the fully qualified path "
+"name of the program: "
+msgstr ""
+
+#: ../apparmor/tools.py:113 ../apparmor/tools.py:137 ../apparmor/tools.py:157
+#: ../apparmor/tools.py:175 ../apparmor/tools.py:193
+#, python-format
+msgid "Profile for %s not found, skipping"
+msgstr ""
+
+#: ../apparmor/tools.py:140
+#, python-format
+msgid "Disabling %s."
+msgstr ""
+
+#: ../apparmor/tools.py:198
+#, python-format
+msgid "Setting %s to audit mode."
+msgstr ""
+
+#: ../apparmor/tools.py:200
+#, python-format
+msgid "Removing audit mode from %s."
+msgstr ""
+
+#: ../apparmor/tools.py:212
+#, python-format
+msgid ""
+"Please pass an application to generate a profile for, not a profile itself - "
+"skipping %s."
+msgstr ""
+
+#: ../apparmor/tools.py:220
+#, python-format
+msgid "Profile for %s already exists - skipping."
+msgstr ""
+
+#: ../apparmor/tools.py:232
+#, python-format
+msgid ""
+"\n"
+"Deleted %s rules."
+msgstr ""
+
+#: ../apparmor/tools.py:240
+#, python-format
+msgid ""
+"The local profile for %(program)s in file %(file)s was changed. Would you "
+"like to save it?"
+msgstr ""
+
+#: ../apparmor/tools.py:260
+#, python-format
+msgid "The profile for %s does not exists. Nothing to clean."
+msgstr ""
+
+#: ../apparmor/ui.py:61
+msgid "Invalid hotkey for"
+msgstr ""
+
+#: ../apparmor/ui.py:77 ../apparmor/ui.py:121 ../apparmor/ui.py:275
+msgid "(Y)es"
+msgstr ""
+
+#: ../apparmor/ui.py:78 ../apparmor/ui.py:122 ../apparmor/ui.py:276
+msgid "(N)o"
+msgstr ""
+
+#: ../apparmor/ui.py:123
+msgid "(C)ancel"
+msgstr ""
+
+#: ../apparmor/ui.py:223
+msgid "(A)llow"
+msgstr ""
+
+#: ../apparmor/ui.py:224
+msgid "(M)ore"
+msgstr ""
+
+#: ../apparmor/ui.py:225
+msgid "Audi(t)"
+msgstr ""
+
+#: ../apparmor/ui.py:226
+msgid "Audi(t) off"
+msgstr ""
+
+#: ../apparmor/ui.py:227
+msgid "Audit (A)ll"
+msgstr ""
+
+#: ../apparmor/ui.py:229
+msgid "(O)wner permissions on"
+msgstr ""
+
+#: ../apparmor/ui.py:230
+msgid "(O)wner permissions off"
+msgstr ""
+
+#: ../apparmor/ui.py:231
+msgid "(D)eny"
+msgstr ""
+
+#: ../apparmor/ui.py:232
+msgid "Abo(r)t"
+msgstr ""
+
+#: ../apparmor/ui.py:233
+msgid "(F)inish"
+msgstr ""
+
+#: ../apparmor/ui.py:234
+msgid "(I)nherit"
+msgstr ""
+
+#: ../apparmor/ui.py:235
+msgid "(P)rofile"
+msgstr ""
+
+#: ../apparmor/ui.py:236
+msgid "(P)rofile Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:237
+msgid "(C)hild"
+msgstr ""
+
+#: ../apparmor/ui.py:238
+msgid "(C)hild Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:239
+msgid "(N)amed"
+msgstr ""
+
+#: ../apparmor/ui.py:240
+msgid "(N)amed Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:241
+msgid "(U)nconfined"
+msgstr ""
+
+#: ../apparmor/ui.py:242
+msgid "(U)nconfined Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:243
+msgid "(P)rofile Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:244
+msgid "(P)rofile Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:245
+msgid "(C)hild Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:246
+msgid "(C)hild Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:247
+msgid "(N)amed Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:248
+msgid "(N)amed Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:249
+msgid "(X) ix On"
+msgstr ""
+
+#: ../apparmor/ui.py:250
+msgid "(X) ix Off"
+msgstr ""
+
+#: ../apparmor/ui.py:251 ../apparmor/ui.py:265
+msgid "(S)ave Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:252
+msgid "(C)ontinue Profiling"
+msgstr ""
+
+#: ../apparmor/ui.py:253
+msgid "(N)ew"
+msgstr ""
+
+#: ../apparmor/ui.py:254
+msgid "(G)lob"
+msgstr ""
+
+#: ../apparmor/ui.py:255
+msgid "Glob with (E)xtension"
+msgstr ""
+
+#: ../apparmor/ui.py:256
+msgid "(A)dd Requested Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:257
+msgid "(U)se Default Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:258
+msgid "(S)can system log for AppArmor events"
+msgstr ""
+
+#: ../apparmor/ui.py:259
+msgid "(H)elp"
+msgstr ""
+
+#: ../apparmor/ui.py:260
+msgid "(V)iew Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:261
+msgid "(U)se Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:262
+msgid "(C)reate New Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:263
+msgid "(U)pdate Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:264
+msgid "(I)gnore Update"
+msgstr ""
+
+#: ../apparmor/ui.py:266
+msgid "Save Selec(t)ed Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:267
+msgid "(U)pload Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:268
+msgid "(V)iew Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:269
+msgid "View Changes b/w (C)lean profiles"
+msgstr ""
+
+#: ../apparmor/ui.py:270
+msgid "(V)iew"
+msgstr ""
+
+#: ../apparmor/ui.py:271
+msgid "(E)nable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:272
+msgid "(D)isable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:273
+msgid "(N)ever Ask Again"
+msgstr ""
+
+#: ../apparmor/ui.py:274
+msgid "Ask Me (L)ater"
+msgstr ""
+
+#: ../apparmor/ui.py:277
+msgid "Allow All (N)etwork"
+msgstr ""
+
+#: ../apparmor/ui.py:278
+msgid "Allow Network Fa(m)ily"
+msgstr ""
+
+#: ../apparmor/ui.py:279
+msgid "(O)verwrite Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:280
+msgid "(K)eep Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:281
+msgid "(C)ontinue"
+msgstr ""
+
+#: ../apparmor/ui.py:282
+msgid "(I)gnore"
+msgstr ""
+
+#: ../apparmor/ui.py:344
+#, python-format
+msgid "PromptUser: Unknown command %s"
+msgstr ""
+
+#: ../apparmor/ui.py:351
+#, python-format
+msgid "PromptUser: Duplicate hotkey for %(command)s: %(menutext)s "
+msgstr ""
+
+#: ../apparmor/ui.py:363
+msgid "PromptUser: Invalid hotkey in default item"
+msgstr ""
+
+#: ../apparmor/ui.py:368
+#, python-format
+msgid "PromptUser: Invalid default %s"
+msgstr ""
diff --git a/utils/po/de.po b/utils/po/de.po
index ecafc5dad0c12af418aa0c94279f238fa66b758a..d6ca36b4ae589ee818c1bc9bf7c92eb6bc5846c9 100644
--- a/utils/po/de.po
+++ b/utils/po/de.po
@@ -7,14 +7,14 @@ msgstr ""
"Project-Id-Version: apparmor-utils\n"
"Report-Msgid-Bugs-To: <apparmor@lists.ubuntu.com>\n"
"POT-Creation-Date: 2014-09-14 19:29+0530\n"
-"PO-Revision-Date: 2020-02-21 16:45+0000\n"
-"Last-Translator: Stephan Woidowski <swoidowski@t-online.de>\n"
+"PO-Revision-Date: 2023-01-30 09:55+0000\n"
+"Last-Translator: Christian Boltz <Unknown>\n"
"Language-Team: German <de@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2020-02-22 05:41+0000\n"
-"X-Generator: Launchpad (build 19413b719a8df7423ab1390528edadce9e0e4aca)\n"
+"X-Launchpad-Export-Date: 2023-01-31 06:21+0000\n"
+"X-Generator: Launchpad (build 37f563e5839786fe8704ac9cf25657dfd53c73fd)\n"
"Language: de\n"
#: ../aa-genprof:56
@@ -868,6 +868,8 @@ msgstr ""
msgid ""
"Values added to a non-existing variable %(variable)s: %(value)s in %(file)s"
msgstr ""
+"Werte zur nicht existierenden Variablen %(variable)s hinzugefügt: %(value)s "
+"in %(file)s"
#: ../apparmor/aa.py:3284
#, python-format
@@ -931,6 +933,11 @@ msgid ""
"environment set up in order to find the fully-qualified path and\n"
"use the full path as parameter."
msgstr ""
+"Kann %(program)s in der Systempfadliste nicht finden. Wenn der Name der "
+"Anwendung\n"
+"korrekt ist, definieren Sie bitte ' %(program)s' des Benutzers mit korrekter "
+"Pfad-\n"
+"Umgebung, um den vollständigen Pfad als Parameter verwenden."
#: ../apparmor/tools.py:86 ../apparmor/tools.py:102 ../apparmor/tools.py:128
#, python-format
@@ -972,6 +979,8 @@ msgid ""
"Please pass an application to generate a profile for, not a profile itself - "
"skipping %s."
msgstr ""
+"Bitte geben Sie eine Anwendung zur Erstellung eines Profils an, nicht ein "
+"Profil selbst - %s überspringen."
#: ../apparmor/tools.py:220
#, python-format
@@ -1067,7 +1076,7 @@ msgstr "(P)rofil"
#: ../apparmor/ui.py:236
msgid "(P)rofile Clean Exec"
-msgstr ""
+msgstr "(P)rofil sauber ausführen"
#: ../apparmor/ui.py:237
msgid "(C)hild"
@@ -1075,7 +1084,7 @@ msgstr "(K)ind"
#: ../apparmor/ui.py:238
msgid "(C)hild Clean Exec"
-msgstr "(C)hild sauber ausführen"
+msgstr "(K)ind sauber ausführen"
#: ../apparmor/ui.py:239
msgid "(N)amed"
@@ -1107,7 +1116,7 @@ msgstr "(K)ind erben"
#: ../apparmor/ui.py:246
msgid "(C)hild Inherit Clean Exec"
-msgstr "(C)hild vererbt saubere Ausführung"
+msgstr "(K)ind erben saubere Ausführung"
#: ../apparmor/ui.py:247
msgid "(N)amed Inherit"
@@ -1115,7 +1124,7 @@ msgstr "Be(n)annte Vererbung"
#: ../apparmor/ui.py:248
msgid "(N)amed Inherit Clean Exec"
-msgstr "Be(n)annte Vererbung sauber ausführen"
+msgstr "Be(n)nannte Vererbung sauber ausführen"
#: ../apparmor/ui.py:249
msgid "(X) ix On"
@@ -1139,11 +1148,11 @@ msgstr "(N)eu"
#: ../apparmor/ui.py:254
msgid "(G)lob"
-msgstr ""
+msgstr "(G)lob"
#: ../apparmor/ui.py:255
msgid "Glob with (E)xtension"
-msgstr ""
+msgstr "Glob mit (E)rweiterung"
#: ../apparmor/ui.py:256
msgid "(A)dd Requested Hat"
@@ -1250,6 +1259,7 @@ msgstr "PromptUser: Unbekannter Befehl %s"
#, python-format
msgid "PromptUser: Duplicate hotkey for %(command)s: %(menutext)s "
msgstr ""
+"Eingabeaufforderung: Doppelt belegter Hotkey für %(command)s: %(menutext)s "
#: ../apparmor/ui.py:363
msgid "PromptUser: Invalid hotkey in default item"
diff --git a/utils/po/gl.po b/utils/po/gl.po
new file mode 100644
index 0000000000000000000000000000000000000000..117bcc7cab6e6194770a2713f92ee1eb263346a0
--- /dev/null
+++ b/utils/po/gl.po
@@ -0,0 +1,1126 @@
+# Galician translation for apparmor
+# Copyright (c) 2020 Rosetta Contributors and Canonical Ltd 2020
+# This file is distributed under the same license as the apparmor package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2020.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: apparmor\n"
+"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
+"POT-Creation-Date: 2014-09-14 19:29+0530\n"
+"PO-Revision-Date: 2020-04-21 14:57+0000\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: Galician <gl@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2020-04-22 06:10+0000\n"
+"X-Generator: Launchpad (build aad6b57d58e2f621954298e262c1cc904860f5d2)\n"
+
+#: ../aa-genprof:56
+msgid "Generate profile for the given program"
+msgstr ""
+
+#: ../aa-genprof:57 ../aa-logprof:25 ../aa-cleanprof:24 ../aa-mergeprof:34
+#: ../aa-autodep:25 ../aa-audit:25 ../aa-complain:24 ../aa-enforce:24
+#: ../aa-disable:24
+msgid "path to profiles"
+msgstr ""
+
+#: ../aa-genprof:58 ../aa-logprof:26
+msgid "path to logfile"
+msgstr ""
+
+#: ../aa-genprof:59
+msgid "name of program to profile"
+msgstr ""
+
+#: ../aa-genprof:69 ../aa-logprof:37
+#, python-format
+msgid "The logfile %s does not exist. Please check the path"
+msgstr ""
+
+#: ../aa-genprof:75 ../aa-logprof:43 ../aa-unconfined:36
+msgid ""
+"It seems AppArmor was not started. Please enable AppArmor and try again."
+msgstr ""
+
+#: ../aa-genprof:80 ../aa-mergeprof:47
+#, python-format
+msgid "%s is not a directory."
+msgstr ""
+
+#: ../aa-genprof:94
+#, python-format
+msgid ""
+"Can't find %(profiling)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(profiling)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+
+#: ../aa-genprof:96
+#, python-format
+msgid "%s does not exists, please double-check the path."
+msgstr ""
+
+#: ../aa-genprof:124
+msgid ""
+"\n"
+"Before you begin, you may wish to check if a\n"
+"profile already exists for the application you\n"
+"wish to confine. See the following wiki page for\n"
+"more information:"
+msgstr ""
+
+#: ../aa-genprof:126
+msgid ""
+"Please start the application to be profiled in\n"
+"another window and exercise its functionality now.\n"
+"\n"
+"Once completed, select the \"Scan\" option below in \n"
+"order to scan the system logs for AppArmor events. \n"
+"\n"
+"For each AppArmor event, you will be given the \n"
+"opportunity to choose whether the access should be \n"
+"allowed or denied."
+msgstr ""
+
+#: ../aa-genprof:147
+msgid "Profiling"
+msgstr ""
+
+#: ../aa-genprof:165
+msgid ""
+"\n"
+"Reloaded AppArmor profiles in enforce mode."
+msgstr ""
+
+#: ../aa-genprof:166
+msgid ""
+"\n"
+"Please consider contributing your new profile!\n"
+"See the following wiki page for more information:"
+msgstr ""
+
+#: ../aa-genprof:167
+#, python-format
+msgid "Finished generating profile for %s."
+msgstr ""
+
+#: ../aa-logprof:24
+msgid "Process log entries to generate profiles"
+msgstr ""
+
+#: ../aa-logprof:27
+msgid "mark in the log to start processing after"
+msgstr ""
+
+#: ../aa-cleanprof:23
+msgid "Cleanup the profiles for the given programs"
+msgstr ""
+
+#: ../aa-cleanprof:25 ../aa-autodep:26 ../aa-audit:27 ../aa-complain:25
+#: ../aa-enforce:25 ../aa-disable:25
+msgid "name of program"
+msgstr ""
+
+#: ../aa-cleanprof:26
+msgid "Silently overwrite with a clean profile"
+msgstr ""
+
+#: ../aa-mergeprof:29
+msgid "Perform a 2-way or 3-way merge on the given profiles"
+msgstr ""
+
+#: ../aa-mergeprof:31
+msgid "your profile"
+msgstr ""
+
+#: ../aa-mergeprof:32
+msgid "base profile"
+msgstr ""
+
+#: ../aa-mergeprof:33
+msgid "other profile"
+msgstr ""
+
+#: ../aa-mergeprof:67 ../apparmor/aa.py:2345
+msgid ""
+"The following local profiles were changed. Would you like to save them?"
+msgstr ""
+
+#: ../aa-mergeprof:148 ../aa-mergeprof:430 ../apparmor/aa.py:1767
+msgid "Path"
+msgstr ""
+
+#: ../aa-mergeprof:149
+msgid "Select the appropriate mode"
+msgstr ""
+
+#: ../aa-mergeprof:166
+msgid "Unknown selection"
+msgstr ""
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "File includes"
+msgstr ""
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "Select the ones you wish to add"
+msgstr ""
+
+#: ../aa-mergeprof:195 ../aa-mergeprof:222
+#, python-format
+msgid "Adding %s to the file."
+msgstr ""
+
+#: ../aa-mergeprof:199 ../apparmor/aa.py:2258
+msgid "unknown"
+msgstr ""
+
+#: ../aa-mergeprof:224 ../aa-mergeprof:275 ../aa-mergeprof:516
+#: ../aa-mergeprof:558 ../aa-mergeprof:675 ../apparmor/aa.py:1620
+#: ../apparmor/aa.py:1859 ../apparmor/aa.py:1899 ../apparmor/aa.py:2012
+#, python-format
+msgid "Deleted %s previous matching profile entries."
+msgstr ""
+
+#: ../aa-mergeprof:244 ../aa-mergeprof:429 ../aa-mergeprof:629
+#: ../aa-mergeprof:656 ../apparmor/aa.py:992 ../apparmor/aa.py:1252
+#: ../apparmor/aa.py:1562 ../apparmor/aa.py:1603 ../apparmor/aa.py:1766
+#: ../apparmor/aa.py:1958 ../apparmor/aa.py:1994
+msgid "Profile"
+msgstr ""
+
+#: ../aa-mergeprof:245 ../apparmor/aa.py:1563 ../apparmor/aa.py:1604
+msgid "Capability"
+msgstr ""
+
+#: ../aa-mergeprof:246 ../aa-mergeprof:480 ../apparmor/aa.py:1258
+#: ../apparmor/aa.py:1564 ../apparmor/aa.py:1605 ../apparmor/aa.py:1817
+msgid "Severity"
+msgstr ""
+
+#: ../aa-mergeprof:273 ../aa-mergeprof:514 ../apparmor/aa.py:1618
+#: ../apparmor/aa.py:1857
+#, python-format
+msgid "Adding %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:282 ../apparmor/aa.py:1627
+#, python-format
+msgid "Adding capability %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:289 ../apparmor/aa.py:1634
+#, python-format
+msgid "Denying capability %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:439 ../aa-mergeprof:470 ../apparmor/aa.py:1776
+#: ../apparmor/aa.py:1807
+msgid "(owner permissions off)"
+msgstr ""
+
+#: ../aa-mergeprof:444 ../apparmor/aa.py:1781
+msgid "(force new perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:447 ../apparmor/aa.py:1784
+msgid "(force all rule perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:459 ../apparmor/aa.py:1796
+msgid "Old Mode"
+msgstr ""
+
+#: ../aa-mergeprof:460 ../apparmor/aa.py:1797
+msgid "New Mode"
+msgstr ""
+
+#: ../aa-mergeprof:475 ../apparmor/aa.py:1812
+msgid "(force perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:478 ../apparmor/aa.py:1815
+msgid "Mode"
+msgstr ""
+
+#: ../aa-mergeprof:556
+#, python-format
+msgid "Adding %(path)s %(mod)s to profile"
+msgstr ""
+
+#: ../aa-mergeprof:574 ../apparmor/aa.py:1915
+msgid "Enter new path: "
+msgstr ""
+
+#: ../aa-mergeprof:630 ../aa-mergeprof:657 ../apparmor/aa.py:1959
+#: ../apparmor/aa.py:1995
+msgid "Network Family"
+msgstr ""
+
+#: ../aa-mergeprof:631 ../aa-mergeprof:658 ../apparmor/aa.py:1960
+#: ../apparmor/aa.py:1996
+msgid "Socket Type"
+msgstr ""
+
+#: ../aa-mergeprof:673 ../apparmor/aa.py:2010
+#, python-format
+msgid "Adding %s to profile"
+msgstr ""
+
+#: ../aa-mergeprof:683 ../apparmor/aa.py:2020
+#, python-format
+msgid "Adding network access %(family)s %(type)s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:689 ../apparmor/aa.py:2026
+#, python-format
+msgid "Denying network access %(family)s %(type)s to profile"
+msgstr ""
+
+#: ../aa-autodep:23
+msgid "Generate a basic AppArmor profile by guessing requirements"
+msgstr ""
+
+#: ../aa-autodep:24
+msgid "overwrite existing profile"
+msgstr ""
+
+#: ../aa-audit:24
+msgid "Switch the given programs to audit mode"
+msgstr ""
+
+#: ../aa-audit:26
+msgid "remove audit mode"
+msgstr ""
+
+#: ../aa-audit:28
+msgid "Show full trace"
+msgstr ""
+
+#: ../aa-complain:23
+msgid "Switch the given program to complain mode"
+msgstr ""
+
+#: ../aa-enforce:23
+msgid "Switch the given program to enforce mode"
+msgstr ""
+
+#: ../aa-disable:23
+msgid "Disable the profile for the given programs"
+msgstr ""
+
+#: ../aa-unconfined:28
+msgid "Lists unconfined processes having tcp or udp ports"
+msgstr ""
+
+#: ../aa-unconfined:29
+msgid "scan all processes from /proc"
+msgstr ""
+
+#: ../aa-unconfined:81
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) not confined"
+msgstr ""
+
+#: ../aa-unconfined:85
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s not confined"
+msgstr ""
+
+#: ../aa-unconfined:90
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) confined by '%(attribute)s'"
+msgstr ""
+
+#: ../aa-unconfined:94
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s confined by '%(attribute)s'"
+msgstr ""
+
+#: ../apparmor/aa.py:196
+#, python-format
+msgid "Followed too many links while resolving %s"
+msgstr ""
+
+#: ../apparmor/aa.py:252 ../apparmor/aa.py:259
+#, python-format
+msgid "Can't find %s"
+msgstr ""
+
+#: ../apparmor/aa.py:264 ../apparmor/aa.py:548
+#, python-format
+msgid "Setting %s to complain mode."
+msgstr ""
+
+#: ../apparmor/aa.py:271
+#, python-format
+msgid "Setting %s to enforce mode."
+msgstr ""
+
+#: ../apparmor/aa.py:286
+#, python-format
+msgid "Unable to find basename for %s."
+msgstr ""
+
+#: ../apparmor/aa.py:301
+#, python-format
+msgid "Could not create %(link)s symlink to %(filename)s."
+msgstr ""
+
+#: ../apparmor/aa.py:314
+#, python-format
+msgid "Unable to read first line from %s: File Not Found"
+msgstr ""
+
+#: ../apparmor/aa.py:328
+#, python-format
+msgid ""
+"Unable to fork: %(program)s\n"
+"\t%(error)s"
+msgstr ""
+
+#: ../apparmor/aa.py:449 ../apparmor/ui.py:303
+msgid ""
+"Are you sure you want to abandon this set of profile changes and exit?"
+msgstr ""
+
+#: ../apparmor/aa.py:451 ../apparmor/ui.py:305
+msgid "Abandoning all changes."
+msgstr ""
+
+#: ../apparmor/aa.py:464
+msgid "Connecting to repository..."
+msgstr ""
+
+#: ../apparmor/aa.py:470
+msgid "WARNING: Error fetching profiles from the repository"
+msgstr ""
+
+#: ../apparmor/aa.py:550
+#, python-format
+msgid "Error activating profiles: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:605
+#, python-format
+msgid "%s contains no profile"
+msgstr ""
+
+#: ../apparmor/aa.py:706
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository:\n"
+"%s\n"
+msgstr ""
+
+#: ../apparmor/aa.py:744
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository\n"
+"%s"
+msgstr ""
+
+#: ../apparmor/aa.py:832 ../apparmor/aa.py:883
+#, python-format
+msgid ""
+"WARNING: An error occurred while uploading the profile %(profile)s\n"
+"%(ret)s"
+msgstr ""
+
+#: ../apparmor/aa.py:833
+msgid "Uploaded changes to repository."
+msgstr ""
+
+#: ../apparmor/aa.py:865
+msgid "Changelog Entry: "
+msgstr ""
+
+#: ../apparmor/aa.py:885
+msgid ""
+"Repository Error\n"
+"Registration or Signin was unsuccessful. User login\n"
+"information is required to upload profiles to the repository.\n"
+"These changes could not be sent."
+msgstr ""
+
+#: ../apparmor/aa.py:995
+msgid "Default Hat"
+msgstr ""
+
+#: ../apparmor/aa.py:997
+msgid "Requested Hat"
+msgstr ""
+
+#: ../apparmor/aa.py:1218
+#, python-format
+msgid "%s has transition name but not transition mode"
+msgstr ""
+
+#: ../apparmor/aa.py:1232
+#, python-format
+msgid "Target profile exists: %s\n"
+msgstr ""
+
+#: ../apparmor/aa.py:1254
+msgid "Program"
+msgstr ""
+
+#: ../apparmor/aa.py:1257
+msgid "Execute"
+msgstr ""
+
+#: ../apparmor/aa.py:1287
+msgid "Are you specifying a transition to a local profile?"
+msgstr ""
+
+#: ../apparmor/aa.py:1299
+msgid "Enter profile name to transition to: "
+msgstr ""
+
+#: ../apparmor/aa.py:1308
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but some applications depend on the presence\n"
+"of LD_PRELOAD or LD_LIBRARY_PATH."
+msgstr ""
+
+#: ../apparmor/aa.py:1310
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but this application appears to be using LD_PRELOAD\n"
+"or LD_LIBRARY_PATH and sanitising the environment\n"
+"could cause functionality problems."
+msgstr ""
+
+#: ../apparmor/aa.py:1318
+#, python-format
+msgid ""
+"Launching processes in an unconfined state is a very\n"
+"dangerous operation and can cause serious security holes.\n"
+"\n"
+"Are you absolutely certain you wish to remove all\n"
+"AppArmor protection when executing %s ?"
+msgstr ""
+
+#: ../apparmor/aa.py:1320
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"running this program unconfined?\n"
+"\n"
+"Not sanitising the environment when unconfining\n"
+"a program opens up significant security holes\n"
+"and should be avoided if at all possible."
+msgstr ""
+
+#: ../apparmor/aa.py:1396 ../apparmor/aa.py:1414
+#, python-format
+msgid ""
+"A profile for %s does not exist.\n"
+"Do you want to create one?"
+msgstr ""
+
+#: ../apparmor/aa.py:1523
+msgid "Complain-mode changes:"
+msgstr ""
+
+#: ../apparmor/aa.py:1525
+msgid "Enforce-mode changes:"
+msgstr ""
+
+#: ../apparmor/aa.py:1528
+#, python-format
+msgid "Invalid mode found: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:1897
+#, python-format
+msgid "Adding %(path)s %(mode)s to profile"
+msgstr ""
+
+#: ../apparmor/aa.py:1918
+#, python-format
+msgid ""
+"The specified path does not match this log entry:\n"
+"\n"
+" Log Entry: %(path)s\n"
+" Entered Path: %(ans)s\n"
+"Do you really want to use this path?"
+msgstr ""
+
+#: ../apparmor/aa.py:2251
+#, python-format
+msgid "Reading log entries from %s."
+msgstr ""
+
+#: ../apparmor/aa.py:2254
+#, python-format
+msgid "Updating AppArmor profiles in %s."
+msgstr ""
+
+#: ../apparmor/aa.py:2323
+msgid ""
+"Select which profile changes you would like to save to the\n"
+"local profile set."
+msgstr ""
+
+#: ../apparmor/aa.py:2324
+msgid "Local profile changes"
+msgstr ""
+
+#: ../apparmor/aa.py:2418
+msgid "Profile Changes"
+msgstr ""
+
+#: ../apparmor/aa.py:2428
+#, python-format
+msgid "Can't find existing profile %s to compare changes."
+msgstr ""
+
+#: ../apparmor/aa.py:2566 ../apparmor/aa.py:2581
+#, python-format
+msgid "Can't read AppArmor profiles in %s"
+msgstr ""
+
+#: ../apparmor/aa.py:2677
+#, python-format
+msgid ""
+"%(profile)s profile in %(file)s contains syntax errors in line: %(line)s."
+msgstr ""
+
+#: ../apparmor/aa.py:2734
+#, python-format
+msgid ""
+"Syntax Error: Unexpected End of Profile reached in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2749
+#, python-format
+msgid ""
+"Syntax Error: Unexpected capability entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2770
+#, python-format
+msgid ""
+"Syntax Error: Unexpected link entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2798
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change profile entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2820
+#, python-format
+msgid ""
+"Syntax Error: Unexpected rlimit entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2831
+#, python-format
+msgid ""
+"Syntax Error: Unexpected boolean definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2871
+#, python-format
+msgid ""
+"Syntax Error: Unexpected bare file rule found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2894
+#, python-format
+msgid ""
+"Syntax Error: Unexpected path entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2922
+#, python-format
+msgid "Syntax Error: Invalid Regex %(path)s in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2925
+#, python-format
+msgid "Invalid mode %(mode)s in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2977
+#, python-format
+msgid ""
+"Syntax Error: Unexpected network entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3007
+#, python-format
+msgid ""
+"Syntax Error: Unexpected dbus entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3030
+#, python-format
+msgid ""
+"Syntax Error: Unexpected mount entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3052
+#, python-format
+msgid ""
+"Syntax Error: Unexpected signal entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3074
+#, python-format
+msgid ""
+"Syntax Error: Unexpected ptrace entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3096
+#, python-format
+msgid ""
+"Syntax Error: Unexpected pivot_root entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3118
+#, python-format
+msgid ""
+"Syntax Error: Unexpected unix entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3140
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change hat declaration found in file: %(file)s "
+"line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3152
+#, python-format
+msgid ""
+"Syntax Error: Unexpected hat definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3168
+#, python-format
+msgid "Error: Multiple definitions for hat %(hat)s in profile %(profile)s."
+msgstr ""
+
+#: ../apparmor/aa.py:3185
+#, python-format
+msgid "Warning: invalid \"REPOSITORY:\" line in %s, ignoring."
+msgstr ""
+
+#: ../apparmor/aa.py:3198
+#, python-format
+msgid "Syntax Error: Unknown line found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3211
+#, python-format
+msgid ""
+"Syntax Error: Missing '}' or ','. Reached end of file %(file)s while inside "
+"profile %(profile)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3277
+#, python-format
+msgid "Redefining existing variable %(variable)s: %(value)s in %(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3282
+#, python-format
+msgid ""
+"Values added to a non-existing variable %(variable)s: %(value)s in %(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3284
+#, python-format
+msgid ""
+"Unknown variable operation %(operation)s for variable %(variable)s in "
+"%(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3343
+#, python-format
+msgid "Invalid allow string: %(allow)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3778
+msgid "Can't find existing profile to modify"
+msgstr ""
+
+#: ../apparmor/aa.py:4347
+#, python-format
+msgid "Writing updated profile for %s."
+msgstr ""
+
+#: ../apparmor/aa.py:4481
+#, python-format
+msgid "File Not Found: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:4591
+#, python-format
+msgid ""
+"%s is currently marked as a program that should not have its own\n"
+"profile. Usually, programs are marked this way if creating a profile for \n"
+"them is likely to break the rest of the system. If you know what you're\n"
+"doing and are certain you want to create a profile for this program, edit\n"
+"the corresponding entry in the [qualifiers] section in "
+"/etc/apparmor/logprof.conf."
+msgstr ""
+
+#: ../apparmor/logparser.py:127 ../apparmor/logparser.py:132
+#, python-format
+msgid "Log contains unknown mode %s"
+msgstr ""
+
+#: ../apparmor/tools.py:84 ../apparmor/tools.py:126
+#, python-format
+msgid ""
+"Can't find %(program)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(program)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+
+#: ../apparmor/tools.py:86 ../apparmor/tools.py:102 ../apparmor/tools.py:128
+#, python-format
+msgid "%s does not exist, please double-check the path."
+msgstr ""
+
+#: ../apparmor/tools.py:100
+msgid ""
+"The given program cannot be found, please try with the fully qualified path "
+"name of the program: "
+msgstr ""
+
+#: ../apparmor/tools.py:113 ../apparmor/tools.py:137 ../apparmor/tools.py:157
+#: ../apparmor/tools.py:175 ../apparmor/tools.py:193
+#, python-format
+msgid "Profile for %s not found, skipping"
+msgstr ""
+
+#: ../apparmor/tools.py:140
+#, python-format
+msgid "Disabling %s."
+msgstr ""
+
+#: ../apparmor/tools.py:198
+#, python-format
+msgid "Setting %s to audit mode."
+msgstr ""
+
+#: ../apparmor/tools.py:200
+#, python-format
+msgid "Removing audit mode from %s."
+msgstr ""
+
+#: ../apparmor/tools.py:212
+#, python-format
+msgid ""
+"Please pass an application to generate a profile for, not a profile itself - "
+"skipping %s."
+msgstr ""
+
+#: ../apparmor/tools.py:220
+#, python-format
+msgid "Profile for %s already exists - skipping."
+msgstr ""
+
+#: ../apparmor/tools.py:232
+#, python-format
+msgid ""
+"\n"
+"Deleted %s rules."
+msgstr ""
+
+#: ../apparmor/tools.py:240
+#, python-format
+msgid ""
+"The local profile for %(program)s in file %(file)s was changed. Would you "
+"like to save it?"
+msgstr ""
+
+#: ../apparmor/tools.py:260
+#, python-format
+msgid "The profile for %s does not exists. Nothing to clean."
+msgstr ""
+
+#: ../apparmor/ui.py:61
+msgid "Invalid hotkey for"
+msgstr ""
+
+#: ../apparmor/ui.py:77 ../apparmor/ui.py:121 ../apparmor/ui.py:275
+msgid "(Y)es"
+msgstr ""
+
+#: ../apparmor/ui.py:78 ../apparmor/ui.py:122 ../apparmor/ui.py:276
+msgid "(N)o"
+msgstr ""
+
+#: ../apparmor/ui.py:123
+msgid "(C)ancel"
+msgstr ""
+
+#: ../apparmor/ui.py:223
+msgid "(A)llow"
+msgstr ""
+
+#: ../apparmor/ui.py:224
+msgid "(M)ore"
+msgstr ""
+
+#: ../apparmor/ui.py:225
+msgid "Audi(t)"
+msgstr ""
+
+#: ../apparmor/ui.py:226
+msgid "Audi(t) off"
+msgstr ""
+
+#: ../apparmor/ui.py:227
+msgid "Audit (A)ll"
+msgstr ""
+
+#: ../apparmor/ui.py:229
+msgid "(O)wner permissions on"
+msgstr ""
+
+#: ../apparmor/ui.py:230
+msgid "(O)wner permissions off"
+msgstr ""
+
+#: ../apparmor/ui.py:231
+msgid "(D)eny"
+msgstr ""
+
+#: ../apparmor/ui.py:232
+msgid "Abo(r)t"
+msgstr ""
+
+#: ../apparmor/ui.py:233
+msgid "(F)inish"
+msgstr ""
+
+#: ../apparmor/ui.py:234
+msgid "(I)nherit"
+msgstr ""
+
+#: ../apparmor/ui.py:235
+msgid "(P)rofile"
+msgstr ""
+
+#: ../apparmor/ui.py:236
+msgid "(P)rofile Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:237
+msgid "(C)hild"
+msgstr ""
+
+#: ../apparmor/ui.py:238
+msgid "(C)hild Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:239
+msgid "(N)amed"
+msgstr ""
+
+#: ../apparmor/ui.py:240
+msgid "(N)amed Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:241
+msgid "(U)nconfined"
+msgstr ""
+
+#: ../apparmor/ui.py:242
+msgid "(U)nconfined Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:243
+msgid "(P)rofile Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:244
+msgid "(P)rofile Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:245
+msgid "(C)hild Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:246
+msgid "(C)hild Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:247
+msgid "(N)amed Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:248
+msgid "(N)amed Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:249
+msgid "(X) ix On"
+msgstr ""
+
+#: ../apparmor/ui.py:250
+msgid "(X) ix Off"
+msgstr ""
+
+#: ../apparmor/ui.py:251 ../apparmor/ui.py:265
+msgid "(S)ave Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:252
+msgid "(C)ontinue Profiling"
+msgstr ""
+
+#: ../apparmor/ui.py:253
+msgid "(N)ew"
+msgstr ""
+
+#: ../apparmor/ui.py:254
+msgid "(G)lob"
+msgstr ""
+
+#: ../apparmor/ui.py:255
+msgid "Glob with (E)xtension"
+msgstr ""
+
+#: ../apparmor/ui.py:256
+msgid "(A)dd Requested Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:257
+msgid "(U)se Default Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:258
+msgid "(S)can system log for AppArmor events"
+msgstr ""
+
+#: ../apparmor/ui.py:259
+msgid "(H)elp"
+msgstr ""
+
+#: ../apparmor/ui.py:260
+msgid "(V)iew Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:261
+msgid "(U)se Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:262
+msgid "(C)reate New Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:263
+msgid "(U)pdate Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:264
+msgid "(I)gnore Update"
+msgstr ""
+
+#: ../apparmor/ui.py:266
+msgid "Save Selec(t)ed Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:267
+msgid "(U)pload Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:268
+msgid "(V)iew Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:269
+msgid "View Changes b/w (C)lean profiles"
+msgstr ""
+
+#: ../apparmor/ui.py:270
+msgid "(V)iew"
+msgstr ""
+
+#: ../apparmor/ui.py:271
+msgid "(E)nable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:272
+msgid "(D)isable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:273
+msgid "(N)ever Ask Again"
+msgstr ""
+
+#: ../apparmor/ui.py:274
+msgid "Ask Me (L)ater"
+msgstr ""
+
+#: ../apparmor/ui.py:277
+msgid "Allow All (N)etwork"
+msgstr ""
+
+#: ../apparmor/ui.py:278
+msgid "Allow Network Fa(m)ily"
+msgstr ""
+
+#: ../apparmor/ui.py:279
+msgid "(O)verwrite Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:280
+msgid "(K)eep Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:281
+msgid "(C)ontinue"
+msgstr ""
+
+#: ../apparmor/ui.py:282
+msgid "(I)gnore"
+msgstr ""
+
+#: ../apparmor/ui.py:344
+#, python-format
+msgid "PromptUser: Unknown command %s"
+msgstr ""
+
+#: ../apparmor/ui.py:351
+#, python-format
+msgid "PromptUser: Duplicate hotkey for %(command)s: %(menutext)s "
+msgstr ""
+
+#: ../apparmor/ui.py:363
+msgid "PromptUser: Invalid hotkey in default item"
+msgstr ""
+
+#: ../apparmor/ui.py:368
+#, python-format
+msgid "PromptUser: Invalid default %s"
+msgstr ""
diff --git a/utils/po/id.po b/utils/po/id.po
index c88a1895d64c68357a74bce32d898fba00cc9cec..c4a92eaf27110a18776ac8a3eca7ad31fd94299a 100644
--- a/utils/po/id.po
+++ b/utils/po/id.po
@@ -8,14 +8,14 @@ msgstr ""
"Project-Id-Version: apparmor\n"
"Report-Msgid-Bugs-To: AppArmor list <apparmor@lists.ubuntu.com>\n"
"POT-Creation-Date: 2014-09-14 19:29+0530\n"
-"PO-Revision-Date: 2017-10-10 18:33+0000\n"
-"Last-Translator: Christian Boltz <Unknown>\n"
+"PO-Revision-Date: 2023-01-31 01:30+0000\n"
+"Last-Translator: Mark Grassi <Unknown>\n"
"Language-Team: Indonesian <id@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2019-04-18 05:33+0000\n"
-"X-Generator: Launchpad (build 18928)\n"
+"X-Launchpad-Export-Date: 2023-02-01 04:34+0000\n"
+"X-Generator: Launchpad (build 37f563e5839786fe8704ac9cf25657dfd53c73fd)\n"
"Language: id\n"
#: ../aa-genprof:56
@@ -1039,7 +1039,7 @@ msgstr "Audi(t)"
#: ../apparmor/ui.py:226
msgid "Audi(t) off"
-msgstr "Audi(t) nonaktif"
+msgstr "Audit (n)onaktif"
#: ../apparmor/ui.py:227
msgid "Audit (A)ll"
@@ -1059,11 +1059,11 @@ msgstr "T(o)lak"
#: ../apparmor/ui.py:232
msgid "Abo(r)t"
-msgstr "Tin(g)galkan"
+msgstr "Tinggal(k)an"
#: ../apparmor/ui.py:233
msgid "(F)inish"
-msgstr "S(e)lesai"
+msgstr "(S)elesai"
#: ../apparmor/ui.py:234
msgid "(I)nherit"
@@ -1147,11 +1147,11 @@ msgstr "(B)aru"
#: ../apparmor/ui.py:254
msgid "(G)lob"
-msgstr "G(u)mpal"
+msgstr "(G)umpal"
#: ../apparmor/ui.py:255
msgid "Glob with (E)xtension"
-msgstr "Gumpal dengan E(k)stensi"
+msgstr "Gumpal dengan (E)kstensi"
#: ../apparmor/ui.py:256
msgid "(A)dd Requested Hat"
@@ -1159,7 +1159,7 @@ msgstr "(T)ambahkan Topi yang Diminta"
#: ../apparmor/ui.py:257
msgid "(U)se Default Hat"
-msgstr "Gunakan Topi (D)efault"
+msgstr "(G)unakan Topi Default"
#: ../apparmor/ui.py:258
msgid "(S)can system log for AppArmor events"
@@ -1175,7 +1175,7 @@ msgstr "(L)ihat Profil"
#: ../apparmor/ui.py:261
msgid "(U)se Profile"
-msgstr "Gunakan (P)rofil"
+msgstr "(G)unakan Profil"
#: ../apparmor/ui.py:262
msgid "(C)reate New Profile"
diff --git a/utils/po/it.po b/utils/po/it.po
index 0f757c53332b7db8d5a84687f401cdf3db1268ee..032e0b3cc696eafa3d0011c6a0f496b8dc224ee4 100644
--- a/utils/po/it.po
+++ b/utils/po/it.po
@@ -8,14 +8,14 @@ msgstr ""
"Project-Id-Version: apparmor\n"
"Report-Msgid-Bugs-To: AppArmor list <apparmor@lists.ubuntu.com>\n"
"POT-Creation-Date: 2014-09-14 19:29+0530\n"
-"PO-Revision-Date: 2014-10-27 20:25+0000\n"
-"Last-Translator: Milo Casagrande <milo.casagrande@gmail.com>\n"
+"PO-Revision-Date: 2023-01-29 16:22+0000\n"
+"Last-Translator: Mark Grassi <Unknown>\n"
"Language-Team: Italian <it@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2019-04-18 05:33+0000\n"
-"X-Generator: Launchpad (build 18928)\n"
+"X-Launchpad-Export-Date: 2023-01-30 06:25+0000\n"
+"X-Generator: Launchpad (build 20dbca4abd50eb567cd11c349e7e914443a145a1)\n"
"Language: it\n"
#: ../aa-genprof:56
@@ -99,6 +99,15 @@ msgid ""
"opportunity to choose whether the access should be \n"
"allowed or denied."
msgstr ""
+"Si prega di avviare l'applicazione in cui essere profilati\n"
+"un'altra finestra ed esercita ora la sua funzionalità .\n"
+"\n"
+"Una volta completato, seleziona l'opzione \"Scansione\" di seguito in\n"
+"per scansionare i registri di sistema per gli eventi AppArmor.\n"
+"\n"
+"Per ogni evento AppArmor, ti verrà dato il\n"
+"possibilità di scegliere se l'accesso deve essere\n"
+"consentito o negato."
#: ../aa-genprof:147
msgid "Profiling"
@@ -109,6 +118,8 @@ msgid ""
"\n"
"Reloaded AppArmor profiles in enforce mode."
msgstr ""
+"\n"
+"Profili AppArmor ricaricati in modalità di applicazione."
#: ../aa-genprof:166
msgid ""
@@ -116,6 +127,9 @@ msgid ""
"Please consider contributing your new profile!\n"
"See the following wiki page for more information:"
msgstr ""
+"\n"
+"Per favore, considera di contribuire con il tuo nuovo profilo!\n"
+"Vedere la seguente pagina wiki per ulteriori informazioni:"
#: ../aa-genprof:167
#, python-format
@@ -124,11 +138,11 @@ msgstr "Creazione profilo per %s completata."
#: ../aa-logprof:24
msgid "Process log entries to generate profiles"
-msgstr ""
+msgstr "Elabora voci di registro per generare profili"
#: ../aa-logprof:27
msgid "mark in the log to start processing after"
-msgstr ""
+msgstr "contrassegnare nel registro per avviare l'elaborazione dopo"
#: ../aa-cleanprof:23
msgid "Cleanup the profiles for the given programs"
@@ -141,7 +155,7 @@ msgstr "nome del programma"
#: ../aa-cleanprof:26
msgid "Silently overwrite with a clean profile"
-msgstr ""
+msgstr "Sovrascrivi silenziosamente con un profilo pulito"
#: ../aa-mergeprof:29
msgid "Perform a 2-way or 3-way merge on the given profiles"
@@ -170,7 +184,7 @@ msgstr "Percorso"
#: ../aa-mergeprof:149
msgid "Select the appropriate mode"
-msgstr ""
+msgstr "Seleziona la modalità appropriata"
#: ../aa-mergeprof:166
msgid "Unknown selection"
@@ -178,7 +192,7 @@ msgstr "Selezione sconosciuta"
#: ../aa-mergeprof:183 ../aa-mergeprof:209
msgid "File includes"
-msgstr ""
+msgstr "Il file include"
#: ../aa-mergeprof:183 ../aa-mergeprof:209
msgid "Select the ones you wish to add"
@@ -198,7 +212,7 @@ msgstr "sconosciuto"
#: ../apparmor/aa.py:1859 ../apparmor/aa.py:1899 ../apparmor/aa.py:2012
#, python-format
msgid "Deleted %s previous matching profile entries."
-msgstr ""
+msgstr "Eliminate %s voci del profilo corrispondenti precedenti."
#: ../aa-mergeprof:244 ../aa-mergeprof:429 ../aa-mergeprof:629
#: ../aa-mergeprof:656 ../apparmor/aa.py:992 ../apparmor/aa.py:1252
@@ -230,20 +244,20 @@ msgstr "Aggiunta capacità %s al profilo."
#: ../aa-mergeprof:289 ../apparmor/aa.py:1634
#, python-format
msgid "Denying capability %s to profile."
-msgstr ""
+msgstr "Negare la capacità %s al profilo."
#: ../aa-mergeprof:439 ../aa-mergeprof:470 ../apparmor/aa.py:1776
#: ../apparmor/aa.py:1807
msgid "(owner permissions off)"
-msgstr ""
+msgstr "(autorizzazioni del proprietario disattivate)"
#: ../aa-mergeprof:444 ../apparmor/aa.py:1781
msgid "(force new perms to owner)"
-msgstr ""
+msgstr "(forzare i nuovi permessi al proprietario)"
#: ../aa-mergeprof:447 ../apparmor/aa.py:1784
msgid "(force all rule perms to owner)"
-msgstr ""
+msgstr "(forza tutti i permessi delle regole al proprietario)"
#: ../aa-mergeprof:459 ../apparmor/aa.py:1796
msgid "Old Mode"
@@ -255,7 +269,7 @@ msgstr "Modalità nuova"
#: ../aa-mergeprof:475 ../apparmor/aa.py:1812
msgid "(force perms to owner)"
-msgstr ""
+msgstr "(forzare i permessi al proprietario)"
#: ../aa-mergeprof:478 ../apparmor/aa.py:1815
msgid "Mode"
@@ -264,7 +278,7 @@ msgstr "Modalità "
#: ../aa-mergeprof:556
#, python-format
msgid "Adding %(path)s %(mod)s to profile"
-msgstr ""
+msgstr "Aggiunta di %(path)s %(mod)s al profilo"
#: ../aa-mergeprof:574 ../apparmor/aa.py:1915
msgid "Enter new path: "
@@ -288,107 +302,108 @@ msgstr "Aggiunta di %s al profilo"
#: ../aa-mergeprof:683 ../apparmor/aa.py:2020
#, python-format
msgid "Adding network access %(family)s %(type)s to profile."
-msgstr ""
+msgstr "Aggiunta dell'accesso alla rete %(family)s %(type)s al profilo."
#: ../aa-mergeprof:689 ../apparmor/aa.py:2026
#, python-format
msgid "Denying network access %(family)s %(type)s to profile"
-msgstr ""
+msgstr "Negare l'accesso alla rete %(family)s %(type)s al profilo"
#: ../aa-autodep:23
msgid "Generate a basic AppArmor profile by guessing requirements"
-msgstr ""
+msgstr "Genera un profilo AppArmor di base indovinando i requisiti"
#: ../aa-autodep:24
msgid "overwrite existing profile"
-msgstr ""
+msgstr "sovrascrivere il profilo esistente"
#: ../aa-audit:24
msgid "Switch the given programs to audit mode"
-msgstr ""
+msgstr "Passa i programmi forniti in modalità di controllo"
#: ../aa-audit:26
msgid "remove audit mode"
-msgstr ""
+msgstr "rimuovere la modalità di controllo"
#: ../aa-audit:28
msgid "Show full trace"
-msgstr ""
+msgstr "Mostra traccia completa"
#: ../aa-complain:23
msgid "Switch the given program to complain mode"
-msgstr ""
+msgstr "Passa il programma indicato in modalità reclamo"
#: ../aa-enforce:23
msgid "Switch the given program to enforce mode"
-msgstr ""
+msgstr "Passa il programma indicato in modalità reclamo"
#: ../aa-disable:23
msgid "Disable the profile for the given programs"
-msgstr ""
+msgstr "Disabilita il profilo per i programmi indicati"
#: ../aa-unconfined:28
msgid "Lists unconfined processes having tcp or udp ports"
-msgstr ""
+msgstr "Elenca i processi non confinati con porte TCP o UDP"
#: ../aa-unconfined:29
msgid "scan all processes from /proc"
-msgstr ""
+msgstr "scansiona tutti i processi da /proc"
#: ../aa-unconfined:81
#, python-format
msgid "%(pid)s %(program)s (%(commandline)s) not confined"
-msgstr ""
+msgstr "%(pid)s %(program)s (%(commandline)s) non limitato"
#: ../aa-unconfined:85
#, python-format
msgid "%(pid)s %(program)s%(pname)s not confined"
-msgstr ""
+msgstr "%(pid)s %(program)s%(pname)s non limitato"
#: ../aa-unconfined:90
#, python-format
msgid "%(pid)s %(program)s (%(commandline)s) confined by '%(attribute)s'"
-msgstr ""
+msgstr "%(pid)s %(program)s (%(commandline)s) delimitato da '%(attribute)s'"
#: ../aa-unconfined:94
#, python-format
msgid "%(pid)s %(program)s%(pname)s confined by '%(attribute)s'"
-msgstr ""
+msgstr "%(pid)s %(program)s%(pname)s limitato da '%(attribute)s'"
#: ../apparmor/aa.py:196
#, python-format
msgid "Followed too many links while resolving %s"
-msgstr ""
+msgstr "Ho seguito troppi link durante la risoluzione di %s"
#: ../apparmor/aa.py:252 ../apparmor/aa.py:259
#, python-format
msgid "Can't find %s"
-msgstr ""
+msgstr "Impossibile trovare %s"
#: ../apparmor/aa.py:264 ../apparmor/aa.py:548
#, python-format
msgid "Setting %s to complain mode."
-msgstr ""
+msgstr "Impostazione di %s in modalità reclamo."
#: ../apparmor/aa.py:271
#, python-format
msgid "Setting %s to enforce mode."
-msgstr ""
+msgstr "Impostazione di %s per la modalità forzata."
#: ../apparmor/aa.py:286
#, python-format
msgid "Unable to find basename for %s."
-msgstr ""
+msgstr "Impossibile trovare il nome di base per %s."
#: ../apparmor/aa.py:301
#, python-format
msgid "Could not create %(link)s symlink to %(filename)s."
msgstr ""
+"Impossibile creare il collegamento simbolico di %(link)s a %(filename)s."
#: ../apparmor/aa.py:314
#, python-format
msgid "Unable to read first line from %s: File Not Found"
-msgstr ""
+msgstr "Impossibile leggere la prima riga da %s: File non trovato"
#: ../apparmor/aa.py:328
#, python-format
@@ -396,33 +411,37 @@ msgid ""
"Unable to fork: %(program)s\n"
"\t%(error)s"
msgstr ""
+"Impossibile eseguire il fork: %(program)s\n"
+"\t%(error)s"
#: ../apparmor/aa.py:449 ../apparmor/ui.py:303
msgid ""
"Are you sure you want to abandon this set of profile changes and exit?"
msgstr ""
+"Sei sicuro di voler abbandonare questo insieme di modifiche al profilo e "
+"uscire?"
#: ../apparmor/aa.py:451 ../apparmor/ui.py:305
msgid "Abandoning all changes."
-msgstr ""
+msgstr "Abbandonare tutte le modifiche."
#: ../apparmor/aa.py:464
msgid "Connecting to repository..."
-msgstr ""
+msgstr "Connessione al repository..."
#: ../apparmor/aa.py:470
msgid "WARNING: Error fetching profiles from the repository"
-msgstr ""
+msgstr "ATTENZIONE: errore durante il recupero dei profili dal repository"
#: ../apparmor/aa.py:550
#, python-format
msgid "Error activating profiles: %s"
-msgstr ""
+msgstr "Errore durante l'attivazione dei profili: %s"
#: ../apparmor/aa.py:605
#, python-format
msgid "%s contains no profile"
-msgstr ""
+msgstr "%s non contiene alcun profilo"
#: ../apparmor/aa.py:706
#, python-format
@@ -430,6 +449,9 @@ msgid ""
"WARNING: Error synchronizing profiles with the repository:\n"
"%s\n"
msgstr ""
+"ATTENZIONE: Errore durante la sincronizzazione dei profili con il "
+"repository:\n"
+"%s\n"
#: ../apparmor/aa.py:744
#, python-format
@@ -437,6 +459,9 @@ msgid ""
"WARNING: Error synchronizing profiles with the repository\n"
"%s"
msgstr ""
+"ATTENZIONE: Errore durante la sincronizzazione dei profili con il "
+"repository\n"
+"%s"
#: ../apparmor/aa.py:832 ../apparmor/aa.py:883
#, python-format
@@ -444,14 +469,17 @@ msgid ""
"WARNING: An error occurred while uploading the profile %(profile)s\n"
"%(ret)s"
msgstr ""
+"ATTENZIONE: si è verificato un errore durante il caricamento del profilo "
+"%(profile)s\n"
+"%(ret)s"
#: ../apparmor/aa.py:833
msgid "Uploaded changes to repository."
-msgstr ""
+msgstr "Modifiche caricate nel repository."
#: ../apparmor/aa.py:865
msgid "Changelog Entry: "
-msgstr ""
+msgstr "Voce del registro delle modifiche: "
#: ../apparmor/aa.py:885
msgid ""
@@ -460,40 +488,44 @@ msgid ""
"information is required to upload profiles to the repository.\n"
"These changes could not be sent."
msgstr ""
+"Errore di repository\n"
+"La registrazione o l'accesso non sono riusciti. Login utente\n"
+"le informazioni sono necessarie per caricare i profili nel repository.\n"
+"Impossibile inviare queste modifiche."
#: ../apparmor/aa.py:995
msgid "Default Hat"
-msgstr ""
+msgstr "Cappello predefinito"
#: ../apparmor/aa.py:997
msgid "Requested Hat"
-msgstr ""
+msgstr "Cappello richiesto"
#: ../apparmor/aa.py:1218
#, python-format
msgid "%s has transition name but not transition mode"
-msgstr ""
+msgstr "%s ha il nome della transizione ma non la modalità di transizione"
#: ../apparmor/aa.py:1232
#, python-format
msgid "Target profile exists: %s\n"
-msgstr ""
+msgstr "Il profilo di destinazione esiste: %s\n"
#: ../apparmor/aa.py:1254
msgid "Program"
-msgstr ""
+msgstr "Programma"
#: ../apparmor/aa.py:1257
msgid "Execute"
-msgstr ""
+msgstr "Esegui"
#: ../apparmor/aa.py:1287
msgid "Are you specifying a transition to a local profile?"
-msgstr ""
+msgstr "Stai specificando una transizione a un profilo locale?"
#: ../apparmor/aa.py:1299
msgid "Enter profile name to transition to: "
-msgstr ""
+msgstr "Inserisci il nome del profilo a cui passare: "
#: ../apparmor/aa.py:1308
msgid ""
@@ -504,6 +536,12 @@ msgid ""
"but some applications depend on the presence\n"
"of LD_PRELOAD or LD_LIBRARY_PATH."
msgstr ""
+"AppArmor dovrebbe sanificare l'ambiente quando\n"
+"cambiare profilo?\n"
+"\n"
+"La sanificazione dell'ambiente è più sicura,\n"
+"ma alcune applicazioni dipendono dalla presenza\n"
+"di LD_PRELOAD o LD_LIBRARY_PATH."
#: ../apparmor/aa.py:1310
msgid ""
@@ -515,6 +553,13 @@ msgid ""
"or LD_LIBRARY_PATH and sanitising the environment\n"
"could cause functionality problems."
msgstr ""
+"AppArmor dovrebbe sanificare l'ambiente quando\n"
+"cambiare profilo?\n"
+"\n"
+"La sanificazione dell'ambiente è più sicura,\n"
+"ma questa applicazione sembra utilizzare LD_PRELOAD\n"
+"o LD_LIBRARY_PATH e sanificando l'ambiente\n"
+"potrebbe causare problemi di funzionalità ."
#: ../apparmor/aa.py:1318
#, python-format
@@ -525,6 +570,11 @@ msgid ""
"Are you absolutely certain you wish to remove all\n"
"AppArmor protection when executing %s ?"
msgstr ""
+"Avviare processi in uno stato non confinato è molto\n"
+"operazione pericolosa e può causare gravi falle di sicurezza.\n"
+"\n"
+"Sei assolutamente certo di voler rimuovere tutto\n"
+"Protezione AppArmor durante l'esecuzione di %s?"
#: ../apparmor/aa.py:1320
msgid ""
@@ -535,6 +585,12 @@ msgid ""
"a program opens up significant security holes\n"
"and should be avoided if at all possible."
msgstr ""
+"AppArmor dovrebbe sanificare l'ambiente quando\n"
+"eseguire questo programma non confinato?\n"
+"\n"
+"Non igienizzare l'ambiente durante il deconfinamento\n"
+"un programma apre significative falle di sicurezza\n"
+"e dovrebbe essere evitato se possibile."
#: ../apparmor/aa.py:1396 ../apparmor/aa.py:1414
#, python-format
@@ -542,24 +598,26 @@ msgid ""
"A profile for %s does not exist.\n"
"Do you want to create one?"
msgstr ""
+"Non esiste un profilo per %s.\n"
+"Vuoi crearne uno?"
#: ../apparmor/aa.py:1523
msgid "Complain-mode changes:"
-msgstr ""
+msgstr "Modifiche alla modalità di reclamo:"
#: ../apparmor/aa.py:1525
msgid "Enforce-mode changes:"
-msgstr ""
+msgstr "Modifiche alla modalità di applicazione:"
#: ../apparmor/aa.py:1528
#, python-format
msgid "Invalid mode found: %s"
-msgstr ""
+msgstr "Modalità non valida trovata: %s"
#: ../apparmor/aa.py:1897
#, python-format
msgid "Adding %(path)s %(mode)s to profile"
-msgstr ""
+msgstr "Aggiunta di %(path)s %(mode)s al profilo"
#: ../apparmor/aa.py:1918
#, python-format
@@ -570,46 +628,56 @@ msgid ""
" Entered Path: %(ans)s\n"
"Do you really want to use this path?"
msgstr ""
+"Il percorso specificato non corrisponde a questa voce di registro:\n"
+"\n"
+" Voce di registro: %(path)s\n"
+" Percorso inserito: %(ans)s\n"
+"Vuoi davvero usare questo percorso?"
#: ../apparmor/aa.py:2251
#, python-format
msgid "Reading log entries from %s."
-msgstr ""
+msgstr "Lettura delle voci di registro da %s."
#: ../apparmor/aa.py:2254
#, python-format
msgid "Updating AppArmor profiles in %s."
-msgstr ""
+msgstr "Aggiornamento dei profili AppArmor in %s."
#: ../apparmor/aa.py:2323
msgid ""
"Select which profile changes you would like to save to the\n"
"local profile set."
msgstr ""
+"Seleziona le modifiche al profilo in cui desideri salvare\n"
+"set di profili locali."
#: ../apparmor/aa.py:2324
msgid "Local profile changes"
-msgstr ""
+msgstr "Modifiche al profilo locale"
#: ../apparmor/aa.py:2418
msgid "Profile Changes"
-msgstr ""
+msgstr "Modifiche al profilo"
#: ../apparmor/aa.py:2428
#, python-format
msgid "Can't find existing profile %s to compare changes."
msgstr ""
+"Impossibile trovare il profilo esistente %s per confrontare le modifiche."
#: ../apparmor/aa.py:2566 ../apparmor/aa.py:2581
#, python-format
msgid "Can't read AppArmor profiles in %s"
-msgstr ""
+msgstr "Impossibile leggere i profili AppArmor in %s"
#: ../apparmor/aa.py:2677
#, python-format
msgid ""
"%(profile)s profile in %(file)s contains syntax errors in line: %(line)s."
msgstr ""
+"Il profilo %(profile)s in %(file)s contiene errori di sintassi nella riga: "
+"%(line)s."
#: ../apparmor/aa.py:2734
#, python-format
@@ -617,6 +685,8 @@ msgid ""
"Syntax Error: Unexpected End of Profile reached in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Errore di sintassi: Fine del profilo imprevista raggiunta nel file: %(file)s "
+"line: %(line)s"
#: ../apparmor/aa.py:2749
#, python-format
@@ -624,12 +694,16 @@ msgid ""
"Syntax Error: Unexpected capability entry found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Errore di sintassi: voce di capacità imprevista trovata nel file: %(file)s "
+"line: %(line)s"
#: ../apparmor/aa.py:2770
#, python-format
msgid ""
"Syntax Error: Unexpected link entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Errore di sintassi: trovata una voce di collegamento imprevista nel file: "
+"%(file)s line: %(line)s"
#: ../apparmor/aa.py:2798
#, python-format
@@ -637,12 +711,16 @@ msgid ""
"Syntax Error: Unexpected change profile entry found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Errore di sintassi: è stata trovata una voce di profilo di modifica "
+"imprevista nel file: %(file)s line: %(line)s"
#: ../apparmor/aa.py:2820
#, python-format
msgid ""
"Syntax Error: Unexpected rlimit entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Errore di sintassi: voce rlimit imprevista trovata nel file: %(file)s line: "
+"%(line)s"
#: ../apparmor/aa.py:2831
#, python-format
@@ -650,6 +728,8 @@ msgid ""
"Syntax Error: Unexpected boolean definition found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Errore di sintassi: trovata una definizione booleana imprevista nel file: "
+"%(file)s line: %(line)s"
#: ../apparmor/aa.py:2871
#, python-format
@@ -657,52 +737,68 @@ msgid ""
"Syntax Error: Unexpected bare file rule found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Errore di sintassi: regola del file bare imprevista trovata nel file: "
+"%(file)s line: %(line)s"
#: ../apparmor/aa.py:2894
#, python-format
msgid ""
"Syntax Error: Unexpected path entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Errore di sintassi: nel file è stata trovata una voce di percorso "
+"imprevista: %(file)s line: %(line)s"
#: ../apparmor/aa.py:2922
#, python-format
msgid "Syntax Error: Invalid Regex %(path)s in file: %(file)s line: %(line)s"
msgstr ""
+"Errore di sintassi: espressione regolare non valida %(path)s nel file: riga "
+"%(file)s: %(line)s"
#: ../apparmor/aa.py:2925
#, python-format
msgid "Invalid mode %(mode)s in file: %(file)s line: %(line)s"
-msgstr ""
+msgstr "Modalità non valida %(mode)s nel file: %(file)s line: %(line)s"
#: ../apparmor/aa.py:2977
#, python-format
msgid ""
"Syntax Error: Unexpected network entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Errore di sintassi: voce di rete imprevista trovata nel file: %(file)s line: "
+"%(line)s"
#: ../apparmor/aa.py:3007
#, python-format
msgid ""
"Syntax Error: Unexpected dbus entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Errore di sintassi: voce dbus imprevista trovata nel file: %(file)s line: "
+"%(line)s"
#: ../apparmor/aa.py:3030
#, python-format
msgid ""
"Syntax Error: Unexpected mount entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Errore di sintassi: voce di montaggio imprevista trovata nel file: %(file)s "
+"line: %(line)s"
#: ../apparmor/aa.py:3052
#, python-format
msgid ""
"Syntax Error: Unexpected signal entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Errore di sintassi: nel file è stata trovata una voce di segnale imprevista: "
+"%(file)s line: %(line)s"
#: ../apparmor/aa.py:3074
#, python-format
msgid ""
"Syntax Error: Unexpected ptrace entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Errore di sintassi: voce ptrace non prevista trovata nel file: %(file)s "
+"line: %(line)s"
#: ../apparmor/aa.py:3096
#, python-format
@@ -710,12 +806,16 @@ msgid ""
"Syntax Error: Unexpected pivot_root entry found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Errore di sintassi: voce pivot_root non prevista trovata nel file: %(file)s "
+"line: %(line)s"
#: ../apparmor/aa.py:3118
#, python-format
msgid ""
"Syntax Error: Unexpected unix entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Errore di sintassi: trovata una voce unix imprevista nel file: %(file)s "
+"line: %(line)s"
#: ../apparmor/aa.py:3140
#, python-format
@@ -723,6 +823,8 @@ msgid ""
"Syntax Error: Unexpected change hat declaration found in file: %(file)s "
"line: %(line)s"
msgstr ""
+"Errore di sintassi: dichiarazione del cappello di modifica imprevista "
+"trovata nel file: %(file)s line: %(line)s"
#: ../apparmor/aa.py:3152
#, python-format
@@ -730,21 +832,26 @@ msgid ""
"Syntax Error: Unexpected hat definition found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Errore di sintassi: trovata una definizione del cappello imprevista nel "
+"file: %(file)s line: %(line)s"
#: ../apparmor/aa.py:3168
#, python-format
msgid "Error: Multiple definitions for hat %(hat)s in profile %(profile)s."
msgstr ""
+"Errore: più definizioni per il cappello %(hat)s nel profilo %(profile)s."
#: ../apparmor/aa.py:3185
#, python-format
msgid "Warning: invalid \"REPOSITORY:\" line in %s, ignoring."
-msgstr ""
+msgstr "Avviso: riga \"REPOSITORY:\" non valida in %s, ignorando."
#: ../apparmor/aa.py:3198
#, python-format
msgid "Syntax Error: Unknown line found in file: %(file)s line: %(line)s"
msgstr ""
+"Errore di sintassi: riga sconosciuta trovata nel file: riga %(file)s: "
+"%(line)s"
#: ../apparmor/aa.py:3211
#, python-format
@@ -752,17 +859,22 @@ msgid ""
"Syntax Error: Missing '}' or ','. Reached end of file %(file)s while inside "
"profile %(profile)s"
msgstr ""
+"Errore di sintassi: '}' o ',' mancanti. È stata raggiunta la fine del file "
+"%(file)s all'interno del profilo %(profile)s"
#: ../apparmor/aa.py:3277
#, python-format
msgid "Redefining existing variable %(variable)s: %(value)s in %(file)s"
msgstr ""
+"Ridefinizione della variabile esistente %(variable)s: %(value)s in %(file)s"
#: ../apparmor/aa.py:3282
#, python-format
msgid ""
"Values added to a non-existing variable %(variable)s: %(value)s in %(file)s"
msgstr ""
+"Valori aggiunti a una variabile inesistente %(variable)s: %(value)s in "
+"%(file)s"
#: ../apparmor/aa.py:3284
#, python-format
@@ -770,25 +882,27 @@ msgid ""
"Unknown variable operation %(operation)s for variable %(variable)s in "
"%(file)s"
msgstr ""
+"Operazione variabile sconosciuta %(operation)s per la variabile %(variable)s "
+"in %(file)s"
#: ../apparmor/aa.py:3343
#, python-format
msgid "Invalid allow string: %(allow)s"
-msgstr ""
+msgstr "Stringa di autorizzazione non valida: %(allow)s"
#: ../apparmor/aa.py:3778
msgid "Can't find existing profile to modify"
-msgstr ""
+msgstr "Impossibile trovare il profilo esistente da modificare"
#: ../apparmor/aa.py:4347
#, python-format
msgid "Writing updated profile for %s."
-msgstr ""
+msgstr "Scrittura del profilo aggiornato per %s."
#: ../apparmor/aa.py:4481
#, python-format
msgid "File Not Found: %s"
-msgstr ""
+msgstr "File non trovato: %s"
#: ../apparmor/aa.py:4591
#, python-format
@@ -800,11 +914,20 @@ msgid ""
"the corresponding entry in the [qualifiers] section in "
"/etc/apparmor/logprof.conf."
msgstr ""
+"%s è attualmente contrassegnato come un programma che non dovrebbe avere il "
+"proprio\n"
+"profilo. Di solito, i programmi sono contrassegnati in questo modo se si "
+"crea un profilo per\n"
+"è probabile che rompano il resto del sistema. Se sai cosa sei\n"
+"facendo e sei certo di voler creare un profilo per questo programma, "
+"modifica\n"
+"la voce corrispondente nella sezione [qualifiers] in "
+"/etc/apparmor/logprof.conf."
#: ../apparmor/logparser.py:127 ../apparmor/logparser.py:132
#, python-format
msgid "Log contains unknown mode %s"
-msgstr ""
+msgstr "Il registro contiene la modalità sconosciuta %s"
#: ../apparmor/tools.py:84 ../apparmor/tools.py:126
#, python-format
@@ -815,38 +938,45 @@ msgid ""
"environment set up in order to find the fully-qualified path and\n"
"use the full path as parameter."
msgstr ""
+"Impossibile trovare %(program)s nell'elenco dei percorsi di sistema. Se il "
+"nome dell'applicazione\n"
+"è corretto, eseguire 'quale %(program)s' come utente con PERCORSO corretto\n"
+"ambiente predisposto per trovare il percorso pienamente qualificato e\n"
+"utilizzare il percorso completo come parametro."
#: ../apparmor/tools.py:86 ../apparmor/tools.py:102 ../apparmor/tools.py:128
#, python-format
msgid "%s does not exist, please double-check the path."
-msgstr ""
+msgstr "%s non esiste, per favore ricontrolla il percorso."
#: ../apparmor/tools.py:100
msgid ""
"The given program cannot be found, please try with the fully qualified path "
"name of the program: "
msgstr ""
+"Impossibile trovare il programma indicato, provare con il nome del percorso "
+"completo del programma: "
#: ../apparmor/tools.py:113 ../apparmor/tools.py:137 ../apparmor/tools.py:157
#: ../apparmor/tools.py:175 ../apparmor/tools.py:193
#, python-format
msgid "Profile for %s not found, skipping"
-msgstr ""
+msgstr "Profilo per %s non trovato, sto saltando"
#: ../apparmor/tools.py:140
#, python-format
msgid "Disabling %s."
-msgstr ""
+msgstr "Disattivazione di %s."
#: ../apparmor/tools.py:198
#, python-format
msgid "Setting %s to audit mode."
-msgstr ""
+msgstr "Impostazione di %s in modalità di controllo."
#: ../apparmor/tools.py:200
#, python-format
msgid "Removing audit mode from %s."
-msgstr ""
+msgstr "Rimozione della modalità di controllo da %s."
#: ../apparmor/tools.py:212
#, python-format
@@ -854,11 +984,13 @@ msgid ""
"Please pass an application to generate a profile for, not a profile itself - "
"skipping %s."
msgstr ""
+"Passa un'applicazione per la generazione di un profilo, non un profilo "
+"stesso, saltando %s."
#: ../apparmor/tools.py:220
#, python-format
msgid "Profile for %s already exists - skipping."
-msgstr ""
+msgstr "Il profilo per %s esiste già - sto saltando."
#: ../apparmor/tools.py:232
#, python-format
@@ -866,6 +998,8 @@ msgid ""
"\n"
"Deleted %s rules."
msgstr ""
+"\n"
+"%s regole eliminate."
#: ../apparmor/tools.py:240
#, python-format
@@ -873,83 +1007,85 @@ msgid ""
"The local profile for %(program)s in file %(file)s was changed. Would you "
"like to save it?"
msgstr ""
+"Il profilo locale per %(program)s nel file %(file)s è stato modificato. Vuoi "
+"salvarlo?"
#: ../apparmor/tools.py:260
#, python-format
msgid "The profile for %s does not exists. Nothing to clean."
-msgstr ""
+msgstr "Il profilo per %s non esiste. Niente da pulire."
#: ../apparmor/ui.py:61
msgid "Invalid hotkey for"
-msgstr ""
+msgstr "Tasto di scelta rapida non valido per"
#: ../apparmor/ui.py:77 ../apparmor/ui.py:121 ../apparmor/ui.py:275
msgid "(Y)es"
-msgstr ""
+msgstr "(S)i"
#: ../apparmor/ui.py:78 ../apparmor/ui.py:122 ../apparmor/ui.py:276
msgid "(N)o"
-msgstr ""
+msgstr "(N)o"
#: ../apparmor/ui.py:123
msgid "(C)ancel"
-msgstr ""
+msgstr "(C)ancella"
#: ../apparmor/ui.py:223
msgid "(A)llow"
-msgstr ""
+msgstr "(C)onsenti"
#: ../apparmor/ui.py:224
msgid "(M)ore"
-msgstr ""
+msgstr "(A)ltro"
#: ../apparmor/ui.py:225
msgid "Audi(t)"
-msgstr ""
+msgstr "(V)erifica"
#: ../apparmor/ui.py:226
msgid "Audi(t) off"
-msgstr ""
+msgstr "Audi(t) off"
#: ../apparmor/ui.py:227
msgid "Audit (A)ll"
-msgstr ""
+msgstr "Verifica (T)utto"
#: ../apparmor/ui.py:229
msgid "(O)wner permissions on"
-msgstr ""
+msgstr "(P)ermessi proprietario attivate"
#: ../apparmor/ui.py:230
msgid "(O)wner permissions off"
-msgstr ""
+msgstr "(P)ermessi proprietario disattivate"
#: ../apparmor/ui.py:231
msgid "(D)eny"
-msgstr ""
+msgstr "Negat(o)"
#: ../apparmor/ui.py:232
msgid "Abo(r)t"
-msgstr ""
+msgstr "Fa(l)lito"
#: ../apparmor/ui.py:233
msgid "(F)inish"
-msgstr ""
+msgstr "Te(r)minato"
#: ../apparmor/ui.py:234
msgid "(I)nherit"
-msgstr ""
+msgstr "(E)reditato"
#: ../apparmor/ui.py:235
msgid "(P)rofile"
-msgstr ""
+msgstr "(P)rofilo"
#: ../apparmor/ui.py:236
msgid "(P)rofile Clean Exec"
-msgstr ""
+msgstr "(P)rofilo Pulito Exec"
#: ../apparmor/ui.py:237
msgid "(C)hild"
-msgstr ""
+msgstr "(F)iglio"
#: ../apparmor/ui.py:238
msgid "(C)hild Clean Exec"
@@ -965,7 +1101,7 @@ msgstr ""
#: ../apparmor/ui.py:241
msgid "(U)nconfined"
-msgstr ""
+msgstr "Non conf(i)nato"
#: ../apparmor/ui.py:242
msgid "(U)nconfined Clean Exec"
@@ -1061,15 +1197,15 @@ msgstr ""
#: ../apparmor/ui.py:266
msgid "Save Selec(t)ed Profile"
-msgstr ""
+msgstr "Salva (p)rofilo selezionato"
#: ../apparmor/ui.py:267
msgid "(U)pload Changes"
-msgstr ""
+msgstr "(C)arica modifiche"
#: ../apparmor/ui.py:268
msgid "(V)iew Changes"
-msgstr ""
+msgstr "(V)isualizza modifiche"
#: ../apparmor/ui.py:269
msgid "View Changes b/w (C)lean profiles"
diff --git a/utils/po/oc.po b/utils/po/oc.po
new file mode 100644
index 0000000000000000000000000000000000000000..ed4c4f3b58b0d9c92493e6131eb325e6f49f89e1
--- /dev/null
+++ b/utils/po/oc.po
@@ -0,0 +1,1126 @@
+# Occitan (post 1500) translation for apparmor
+# Copyright (c) 2021 Rosetta Contributors and Canonical Ltd 2021
+# This file is distributed under the same license as the apparmor package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2021.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: apparmor\n"
+"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
+"POT-Creation-Date: 2014-09-14 19:29+0530\n"
+"PO-Revision-Date: 2021-01-30 17:50+0000\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: Occitan (post 1500) <oc@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2021-01-31 04:32+0000\n"
+"X-Generator: Launchpad (build e00fb96b2e64b75333d0178ec15cb78e5aadb64d)\n"
+
+#: ../aa-genprof:56
+msgid "Generate profile for the given program"
+msgstr ""
+
+#: ../aa-genprof:57 ../aa-logprof:25 ../aa-cleanprof:24 ../aa-mergeprof:34
+#: ../aa-autodep:25 ../aa-audit:25 ../aa-complain:24 ../aa-enforce:24
+#: ../aa-disable:24
+msgid "path to profiles"
+msgstr ""
+
+#: ../aa-genprof:58 ../aa-logprof:26
+msgid "path to logfile"
+msgstr ""
+
+#: ../aa-genprof:59
+msgid "name of program to profile"
+msgstr ""
+
+#: ../aa-genprof:69 ../aa-logprof:37
+#, python-format
+msgid "The logfile %s does not exist. Please check the path"
+msgstr ""
+
+#: ../aa-genprof:75 ../aa-logprof:43 ../aa-unconfined:36
+msgid ""
+"It seems AppArmor was not started. Please enable AppArmor and try again."
+msgstr ""
+
+#: ../aa-genprof:80 ../aa-mergeprof:47
+#, python-format
+msgid "%s is not a directory."
+msgstr ""
+
+#: ../aa-genprof:94
+#, python-format
+msgid ""
+"Can't find %(profiling)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(profiling)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+
+#: ../aa-genprof:96
+#, python-format
+msgid "%s does not exists, please double-check the path."
+msgstr ""
+
+#: ../aa-genprof:124
+msgid ""
+"\n"
+"Before you begin, you may wish to check if a\n"
+"profile already exists for the application you\n"
+"wish to confine. See the following wiki page for\n"
+"more information:"
+msgstr ""
+
+#: ../aa-genprof:126
+msgid ""
+"Please start the application to be profiled in\n"
+"another window and exercise its functionality now.\n"
+"\n"
+"Once completed, select the \"Scan\" option below in \n"
+"order to scan the system logs for AppArmor events. \n"
+"\n"
+"For each AppArmor event, you will be given the \n"
+"opportunity to choose whether the access should be \n"
+"allowed or denied."
+msgstr ""
+
+#: ../aa-genprof:147
+msgid "Profiling"
+msgstr ""
+
+#: ../aa-genprof:165
+msgid ""
+"\n"
+"Reloaded AppArmor profiles in enforce mode."
+msgstr ""
+
+#: ../aa-genprof:166
+msgid ""
+"\n"
+"Please consider contributing your new profile!\n"
+"See the following wiki page for more information:"
+msgstr ""
+
+#: ../aa-genprof:167
+#, python-format
+msgid "Finished generating profile for %s."
+msgstr ""
+
+#: ../aa-logprof:24
+msgid "Process log entries to generate profiles"
+msgstr ""
+
+#: ../aa-logprof:27
+msgid "mark in the log to start processing after"
+msgstr ""
+
+#: ../aa-cleanprof:23
+msgid "Cleanup the profiles for the given programs"
+msgstr ""
+
+#: ../aa-cleanprof:25 ../aa-autodep:26 ../aa-audit:27 ../aa-complain:25
+#: ../aa-enforce:25 ../aa-disable:25
+msgid "name of program"
+msgstr ""
+
+#: ../aa-cleanprof:26
+msgid "Silently overwrite with a clean profile"
+msgstr ""
+
+#: ../aa-mergeprof:29
+msgid "Perform a 2-way or 3-way merge on the given profiles"
+msgstr ""
+
+#: ../aa-mergeprof:31
+msgid "your profile"
+msgstr ""
+
+#: ../aa-mergeprof:32
+msgid "base profile"
+msgstr ""
+
+#: ../aa-mergeprof:33
+msgid "other profile"
+msgstr ""
+
+#: ../aa-mergeprof:67 ../apparmor/aa.py:2345
+msgid ""
+"The following local profiles were changed. Would you like to save them?"
+msgstr ""
+
+#: ../aa-mergeprof:148 ../aa-mergeprof:430 ../apparmor/aa.py:1767
+msgid "Path"
+msgstr ""
+
+#: ../aa-mergeprof:149
+msgid "Select the appropriate mode"
+msgstr ""
+
+#: ../aa-mergeprof:166
+msgid "Unknown selection"
+msgstr ""
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "File includes"
+msgstr ""
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "Select the ones you wish to add"
+msgstr ""
+
+#: ../aa-mergeprof:195 ../aa-mergeprof:222
+#, python-format
+msgid "Adding %s to the file."
+msgstr ""
+
+#: ../aa-mergeprof:199 ../apparmor/aa.py:2258
+msgid "unknown"
+msgstr ""
+
+#: ../aa-mergeprof:224 ../aa-mergeprof:275 ../aa-mergeprof:516
+#: ../aa-mergeprof:558 ../aa-mergeprof:675 ../apparmor/aa.py:1620
+#: ../apparmor/aa.py:1859 ../apparmor/aa.py:1899 ../apparmor/aa.py:2012
+#, python-format
+msgid "Deleted %s previous matching profile entries."
+msgstr ""
+
+#: ../aa-mergeprof:244 ../aa-mergeprof:429 ../aa-mergeprof:629
+#: ../aa-mergeprof:656 ../apparmor/aa.py:992 ../apparmor/aa.py:1252
+#: ../apparmor/aa.py:1562 ../apparmor/aa.py:1603 ../apparmor/aa.py:1766
+#: ../apparmor/aa.py:1958 ../apparmor/aa.py:1994
+msgid "Profile"
+msgstr ""
+
+#: ../aa-mergeprof:245 ../apparmor/aa.py:1563 ../apparmor/aa.py:1604
+msgid "Capability"
+msgstr ""
+
+#: ../aa-mergeprof:246 ../aa-mergeprof:480 ../apparmor/aa.py:1258
+#: ../apparmor/aa.py:1564 ../apparmor/aa.py:1605 ../apparmor/aa.py:1817
+msgid "Severity"
+msgstr ""
+
+#: ../aa-mergeprof:273 ../aa-mergeprof:514 ../apparmor/aa.py:1618
+#: ../apparmor/aa.py:1857
+#, python-format
+msgid "Adding %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:282 ../apparmor/aa.py:1627
+#, python-format
+msgid "Adding capability %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:289 ../apparmor/aa.py:1634
+#, python-format
+msgid "Denying capability %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:439 ../aa-mergeprof:470 ../apparmor/aa.py:1776
+#: ../apparmor/aa.py:1807
+msgid "(owner permissions off)"
+msgstr ""
+
+#: ../aa-mergeprof:444 ../apparmor/aa.py:1781
+msgid "(force new perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:447 ../apparmor/aa.py:1784
+msgid "(force all rule perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:459 ../apparmor/aa.py:1796
+msgid "Old Mode"
+msgstr ""
+
+#: ../aa-mergeprof:460 ../apparmor/aa.py:1797
+msgid "New Mode"
+msgstr ""
+
+#: ../aa-mergeprof:475 ../apparmor/aa.py:1812
+msgid "(force perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:478 ../apparmor/aa.py:1815
+msgid "Mode"
+msgstr ""
+
+#: ../aa-mergeprof:556
+#, python-format
+msgid "Adding %(path)s %(mod)s to profile"
+msgstr ""
+
+#: ../aa-mergeprof:574 ../apparmor/aa.py:1915
+msgid "Enter new path: "
+msgstr ""
+
+#: ../aa-mergeprof:630 ../aa-mergeprof:657 ../apparmor/aa.py:1959
+#: ../apparmor/aa.py:1995
+msgid "Network Family"
+msgstr ""
+
+#: ../aa-mergeprof:631 ../aa-mergeprof:658 ../apparmor/aa.py:1960
+#: ../apparmor/aa.py:1996
+msgid "Socket Type"
+msgstr ""
+
+#: ../aa-mergeprof:673 ../apparmor/aa.py:2010
+#, python-format
+msgid "Adding %s to profile"
+msgstr ""
+
+#: ../aa-mergeprof:683 ../apparmor/aa.py:2020
+#, python-format
+msgid "Adding network access %(family)s %(type)s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:689 ../apparmor/aa.py:2026
+#, python-format
+msgid "Denying network access %(family)s %(type)s to profile"
+msgstr ""
+
+#: ../aa-autodep:23
+msgid "Generate a basic AppArmor profile by guessing requirements"
+msgstr ""
+
+#: ../aa-autodep:24
+msgid "overwrite existing profile"
+msgstr ""
+
+#: ../aa-audit:24
+msgid "Switch the given programs to audit mode"
+msgstr ""
+
+#: ../aa-audit:26
+msgid "remove audit mode"
+msgstr ""
+
+#: ../aa-audit:28
+msgid "Show full trace"
+msgstr ""
+
+#: ../aa-complain:23
+msgid "Switch the given program to complain mode"
+msgstr ""
+
+#: ../aa-enforce:23
+msgid "Switch the given program to enforce mode"
+msgstr ""
+
+#: ../aa-disable:23
+msgid "Disable the profile for the given programs"
+msgstr ""
+
+#: ../aa-unconfined:28
+msgid "Lists unconfined processes having tcp or udp ports"
+msgstr ""
+
+#: ../aa-unconfined:29
+msgid "scan all processes from /proc"
+msgstr ""
+
+#: ../aa-unconfined:81
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) not confined"
+msgstr ""
+
+#: ../aa-unconfined:85
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s not confined"
+msgstr ""
+
+#: ../aa-unconfined:90
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) confined by '%(attribute)s'"
+msgstr ""
+
+#: ../aa-unconfined:94
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s confined by '%(attribute)s'"
+msgstr ""
+
+#: ../apparmor/aa.py:196
+#, python-format
+msgid "Followed too many links while resolving %s"
+msgstr ""
+
+#: ../apparmor/aa.py:252 ../apparmor/aa.py:259
+#, python-format
+msgid "Can't find %s"
+msgstr ""
+
+#: ../apparmor/aa.py:264 ../apparmor/aa.py:548
+#, python-format
+msgid "Setting %s to complain mode."
+msgstr ""
+
+#: ../apparmor/aa.py:271
+#, python-format
+msgid "Setting %s to enforce mode."
+msgstr ""
+
+#: ../apparmor/aa.py:286
+#, python-format
+msgid "Unable to find basename for %s."
+msgstr ""
+
+#: ../apparmor/aa.py:301
+#, python-format
+msgid "Could not create %(link)s symlink to %(filename)s."
+msgstr ""
+
+#: ../apparmor/aa.py:314
+#, python-format
+msgid "Unable to read first line from %s: File Not Found"
+msgstr ""
+
+#: ../apparmor/aa.py:328
+#, python-format
+msgid ""
+"Unable to fork: %(program)s\n"
+"\t%(error)s"
+msgstr ""
+
+#: ../apparmor/aa.py:449 ../apparmor/ui.py:303
+msgid ""
+"Are you sure you want to abandon this set of profile changes and exit?"
+msgstr ""
+
+#: ../apparmor/aa.py:451 ../apparmor/ui.py:305
+msgid "Abandoning all changes."
+msgstr ""
+
+#: ../apparmor/aa.py:464
+msgid "Connecting to repository..."
+msgstr ""
+
+#: ../apparmor/aa.py:470
+msgid "WARNING: Error fetching profiles from the repository"
+msgstr ""
+
+#: ../apparmor/aa.py:550
+#, python-format
+msgid "Error activating profiles: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:605
+#, python-format
+msgid "%s contains no profile"
+msgstr ""
+
+#: ../apparmor/aa.py:706
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository:\n"
+"%s\n"
+msgstr ""
+
+#: ../apparmor/aa.py:744
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository\n"
+"%s"
+msgstr ""
+
+#: ../apparmor/aa.py:832 ../apparmor/aa.py:883
+#, python-format
+msgid ""
+"WARNING: An error occurred while uploading the profile %(profile)s\n"
+"%(ret)s"
+msgstr ""
+
+#: ../apparmor/aa.py:833
+msgid "Uploaded changes to repository."
+msgstr ""
+
+#: ../apparmor/aa.py:865
+msgid "Changelog Entry: "
+msgstr ""
+
+#: ../apparmor/aa.py:885
+msgid ""
+"Repository Error\n"
+"Registration or Signin was unsuccessful. User login\n"
+"information is required to upload profiles to the repository.\n"
+"These changes could not be sent."
+msgstr ""
+
+#: ../apparmor/aa.py:995
+msgid "Default Hat"
+msgstr ""
+
+#: ../apparmor/aa.py:997
+msgid "Requested Hat"
+msgstr ""
+
+#: ../apparmor/aa.py:1218
+#, python-format
+msgid "%s has transition name but not transition mode"
+msgstr ""
+
+#: ../apparmor/aa.py:1232
+#, python-format
+msgid "Target profile exists: %s\n"
+msgstr ""
+
+#: ../apparmor/aa.py:1254
+msgid "Program"
+msgstr ""
+
+#: ../apparmor/aa.py:1257
+msgid "Execute"
+msgstr ""
+
+#: ../apparmor/aa.py:1287
+msgid "Are you specifying a transition to a local profile?"
+msgstr ""
+
+#: ../apparmor/aa.py:1299
+msgid "Enter profile name to transition to: "
+msgstr ""
+
+#: ../apparmor/aa.py:1308
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but some applications depend on the presence\n"
+"of LD_PRELOAD or LD_LIBRARY_PATH."
+msgstr ""
+
+#: ../apparmor/aa.py:1310
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but this application appears to be using LD_PRELOAD\n"
+"or LD_LIBRARY_PATH and sanitising the environment\n"
+"could cause functionality problems."
+msgstr ""
+
+#: ../apparmor/aa.py:1318
+#, python-format
+msgid ""
+"Launching processes in an unconfined state is a very\n"
+"dangerous operation and can cause serious security holes.\n"
+"\n"
+"Are you absolutely certain you wish to remove all\n"
+"AppArmor protection when executing %s ?"
+msgstr ""
+
+#: ../apparmor/aa.py:1320
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"running this program unconfined?\n"
+"\n"
+"Not sanitising the environment when unconfining\n"
+"a program opens up significant security holes\n"
+"and should be avoided if at all possible."
+msgstr ""
+
+#: ../apparmor/aa.py:1396 ../apparmor/aa.py:1414
+#, python-format
+msgid ""
+"A profile for %s does not exist.\n"
+"Do you want to create one?"
+msgstr ""
+
+#: ../apparmor/aa.py:1523
+msgid "Complain-mode changes:"
+msgstr ""
+
+#: ../apparmor/aa.py:1525
+msgid "Enforce-mode changes:"
+msgstr ""
+
+#: ../apparmor/aa.py:1528
+#, python-format
+msgid "Invalid mode found: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:1897
+#, python-format
+msgid "Adding %(path)s %(mode)s to profile"
+msgstr ""
+
+#: ../apparmor/aa.py:1918
+#, python-format
+msgid ""
+"The specified path does not match this log entry:\n"
+"\n"
+" Log Entry: %(path)s\n"
+" Entered Path: %(ans)s\n"
+"Do you really want to use this path?"
+msgstr ""
+
+#: ../apparmor/aa.py:2251
+#, python-format
+msgid "Reading log entries from %s."
+msgstr ""
+
+#: ../apparmor/aa.py:2254
+#, python-format
+msgid "Updating AppArmor profiles in %s."
+msgstr ""
+
+#: ../apparmor/aa.py:2323
+msgid ""
+"Select which profile changes you would like to save to the\n"
+"local profile set."
+msgstr ""
+
+#: ../apparmor/aa.py:2324
+msgid "Local profile changes"
+msgstr ""
+
+#: ../apparmor/aa.py:2418
+msgid "Profile Changes"
+msgstr ""
+
+#: ../apparmor/aa.py:2428
+#, python-format
+msgid "Can't find existing profile %s to compare changes."
+msgstr ""
+
+#: ../apparmor/aa.py:2566 ../apparmor/aa.py:2581
+#, python-format
+msgid "Can't read AppArmor profiles in %s"
+msgstr ""
+
+#: ../apparmor/aa.py:2677
+#, python-format
+msgid ""
+"%(profile)s profile in %(file)s contains syntax errors in line: %(line)s."
+msgstr ""
+
+#: ../apparmor/aa.py:2734
+#, python-format
+msgid ""
+"Syntax Error: Unexpected End of Profile reached in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2749
+#, python-format
+msgid ""
+"Syntax Error: Unexpected capability entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2770
+#, python-format
+msgid ""
+"Syntax Error: Unexpected link entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2798
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change profile entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2820
+#, python-format
+msgid ""
+"Syntax Error: Unexpected rlimit entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2831
+#, python-format
+msgid ""
+"Syntax Error: Unexpected boolean definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2871
+#, python-format
+msgid ""
+"Syntax Error: Unexpected bare file rule found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2894
+#, python-format
+msgid ""
+"Syntax Error: Unexpected path entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2922
+#, python-format
+msgid "Syntax Error: Invalid Regex %(path)s in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2925
+#, python-format
+msgid "Invalid mode %(mode)s in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2977
+#, python-format
+msgid ""
+"Syntax Error: Unexpected network entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3007
+#, python-format
+msgid ""
+"Syntax Error: Unexpected dbus entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3030
+#, python-format
+msgid ""
+"Syntax Error: Unexpected mount entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3052
+#, python-format
+msgid ""
+"Syntax Error: Unexpected signal entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3074
+#, python-format
+msgid ""
+"Syntax Error: Unexpected ptrace entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3096
+#, python-format
+msgid ""
+"Syntax Error: Unexpected pivot_root entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3118
+#, python-format
+msgid ""
+"Syntax Error: Unexpected unix entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3140
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change hat declaration found in file: %(file)s "
+"line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3152
+#, python-format
+msgid ""
+"Syntax Error: Unexpected hat definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3168
+#, python-format
+msgid "Error: Multiple definitions for hat %(hat)s in profile %(profile)s."
+msgstr ""
+
+#: ../apparmor/aa.py:3185
+#, python-format
+msgid "Warning: invalid \"REPOSITORY:\" line in %s, ignoring."
+msgstr ""
+
+#: ../apparmor/aa.py:3198
+#, python-format
+msgid "Syntax Error: Unknown line found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3211
+#, python-format
+msgid ""
+"Syntax Error: Missing '}' or ','. Reached end of file %(file)s while inside "
+"profile %(profile)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3277
+#, python-format
+msgid "Redefining existing variable %(variable)s: %(value)s in %(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3282
+#, python-format
+msgid ""
+"Values added to a non-existing variable %(variable)s: %(value)s in %(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3284
+#, python-format
+msgid ""
+"Unknown variable operation %(operation)s for variable %(variable)s in "
+"%(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3343
+#, python-format
+msgid "Invalid allow string: %(allow)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3778
+msgid "Can't find existing profile to modify"
+msgstr ""
+
+#: ../apparmor/aa.py:4347
+#, python-format
+msgid "Writing updated profile for %s."
+msgstr ""
+
+#: ../apparmor/aa.py:4481
+#, python-format
+msgid "File Not Found: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:4591
+#, python-format
+msgid ""
+"%s is currently marked as a program that should not have its own\n"
+"profile. Usually, programs are marked this way if creating a profile for \n"
+"them is likely to break the rest of the system. If you know what you're\n"
+"doing and are certain you want to create a profile for this program, edit\n"
+"the corresponding entry in the [qualifiers] section in "
+"/etc/apparmor/logprof.conf."
+msgstr ""
+
+#: ../apparmor/logparser.py:127 ../apparmor/logparser.py:132
+#, python-format
+msgid "Log contains unknown mode %s"
+msgstr ""
+
+#: ../apparmor/tools.py:84 ../apparmor/tools.py:126
+#, python-format
+msgid ""
+"Can't find %(program)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(program)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+
+#: ../apparmor/tools.py:86 ../apparmor/tools.py:102 ../apparmor/tools.py:128
+#, python-format
+msgid "%s does not exist, please double-check the path."
+msgstr ""
+
+#: ../apparmor/tools.py:100
+msgid ""
+"The given program cannot be found, please try with the fully qualified path "
+"name of the program: "
+msgstr ""
+
+#: ../apparmor/tools.py:113 ../apparmor/tools.py:137 ../apparmor/tools.py:157
+#: ../apparmor/tools.py:175 ../apparmor/tools.py:193
+#, python-format
+msgid "Profile for %s not found, skipping"
+msgstr ""
+
+#: ../apparmor/tools.py:140
+#, python-format
+msgid "Disabling %s."
+msgstr ""
+
+#: ../apparmor/tools.py:198
+#, python-format
+msgid "Setting %s to audit mode."
+msgstr ""
+
+#: ../apparmor/tools.py:200
+#, python-format
+msgid "Removing audit mode from %s."
+msgstr ""
+
+#: ../apparmor/tools.py:212
+#, python-format
+msgid ""
+"Please pass an application to generate a profile for, not a profile itself - "
+"skipping %s."
+msgstr ""
+
+#: ../apparmor/tools.py:220
+#, python-format
+msgid "Profile for %s already exists - skipping."
+msgstr ""
+
+#: ../apparmor/tools.py:232
+#, python-format
+msgid ""
+"\n"
+"Deleted %s rules."
+msgstr ""
+
+#: ../apparmor/tools.py:240
+#, python-format
+msgid ""
+"The local profile for %(program)s in file %(file)s was changed. Would you "
+"like to save it?"
+msgstr ""
+
+#: ../apparmor/tools.py:260
+#, python-format
+msgid "The profile for %s does not exists. Nothing to clean."
+msgstr ""
+
+#: ../apparmor/ui.py:61
+msgid "Invalid hotkey for"
+msgstr ""
+
+#: ../apparmor/ui.py:77 ../apparmor/ui.py:121 ../apparmor/ui.py:275
+msgid "(Y)es"
+msgstr ""
+
+#: ../apparmor/ui.py:78 ../apparmor/ui.py:122 ../apparmor/ui.py:276
+msgid "(N)o"
+msgstr ""
+
+#: ../apparmor/ui.py:123
+msgid "(C)ancel"
+msgstr ""
+
+#: ../apparmor/ui.py:223
+msgid "(A)llow"
+msgstr ""
+
+#: ../apparmor/ui.py:224
+msgid "(M)ore"
+msgstr ""
+
+#: ../apparmor/ui.py:225
+msgid "Audi(t)"
+msgstr ""
+
+#: ../apparmor/ui.py:226
+msgid "Audi(t) off"
+msgstr ""
+
+#: ../apparmor/ui.py:227
+msgid "Audit (A)ll"
+msgstr ""
+
+#: ../apparmor/ui.py:229
+msgid "(O)wner permissions on"
+msgstr ""
+
+#: ../apparmor/ui.py:230
+msgid "(O)wner permissions off"
+msgstr ""
+
+#: ../apparmor/ui.py:231
+msgid "(D)eny"
+msgstr ""
+
+#: ../apparmor/ui.py:232
+msgid "Abo(r)t"
+msgstr ""
+
+#: ../apparmor/ui.py:233
+msgid "(F)inish"
+msgstr ""
+
+#: ../apparmor/ui.py:234
+msgid "(I)nherit"
+msgstr ""
+
+#: ../apparmor/ui.py:235
+msgid "(P)rofile"
+msgstr ""
+
+#: ../apparmor/ui.py:236
+msgid "(P)rofile Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:237
+msgid "(C)hild"
+msgstr ""
+
+#: ../apparmor/ui.py:238
+msgid "(C)hild Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:239
+msgid "(N)amed"
+msgstr ""
+
+#: ../apparmor/ui.py:240
+msgid "(N)amed Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:241
+msgid "(U)nconfined"
+msgstr ""
+
+#: ../apparmor/ui.py:242
+msgid "(U)nconfined Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:243
+msgid "(P)rofile Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:244
+msgid "(P)rofile Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:245
+msgid "(C)hild Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:246
+msgid "(C)hild Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:247
+msgid "(N)amed Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:248
+msgid "(N)amed Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:249
+msgid "(X) ix On"
+msgstr ""
+
+#: ../apparmor/ui.py:250
+msgid "(X) ix Off"
+msgstr ""
+
+#: ../apparmor/ui.py:251 ../apparmor/ui.py:265
+msgid "(S)ave Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:252
+msgid "(C)ontinue Profiling"
+msgstr ""
+
+#: ../apparmor/ui.py:253
+msgid "(N)ew"
+msgstr ""
+
+#: ../apparmor/ui.py:254
+msgid "(G)lob"
+msgstr ""
+
+#: ../apparmor/ui.py:255
+msgid "Glob with (E)xtension"
+msgstr ""
+
+#: ../apparmor/ui.py:256
+msgid "(A)dd Requested Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:257
+msgid "(U)se Default Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:258
+msgid "(S)can system log for AppArmor events"
+msgstr ""
+
+#: ../apparmor/ui.py:259
+msgid "(H)elp"
+msgstr ""
+
+#: ../apparmor/ui.py:260
+msgid "(V)iew Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:261
+msgid "(U)se Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:262
+msgid "(C)reate New Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:263
+msgid "(U)pdate Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:264
+msgid "(I)gnore Update"
+msgstr ""
+
+#: ../apparmor/ui.py:266
+msgid "Save Selec(t)ed Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:267
+msgid "(U)pload Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:268
+msgid "(V)iew Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:269
+msgid "View Changes b/w (C)lean profiles"
+msgstr ""
+
+#: ../apparmor/ui.py:270
+msgid "(V)iew"
+msgstr ""
+
+#: ../apparmor/ui.py:271
+msgid "(E)nable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:272
+msgid "(D)isable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:273
+msgid "(N)ever Ask Again"
+msgstr ""
+
+#: ../apparmor/ui.py:274
+msgid "Ask Me (L)ater"
+msgstr ""
+
+#: ../apparmor/ui.py:277
+msgid "Allow All (N)etwork"
+msgstr ""
+
+#: ../apparmor/ui.py:278
+msgid "Allow Network Fa(m)ily"
+msgstr ""
+
+#: ../apparmor/ui.py:279
+msgid "(O)verwrite Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:280
+msgid "(K)eep Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:281
+msgid "(C)ontinue"
+msgstr ""
+
+#: ../apparmor/ui.py:282
+msgid "(I)gnore"
+msgstr ""
+
+#: ../apparmor/ui.py:344
+#, python-format
+msgid "PromptUser: Unknown command %s"
+msgstr ""
+
+#: ../apparmor/ui.py:351
+#, python-format
+msgid "PromptUser: Duplicate hotkey for %(command)s: %(menutext)s "
+msgstr ""
+
+#: ../apparmor/ui.py:363
+msgid "PromptUser: Invalid hotkey in default item"
+msgstr ""
+
+#: ../apparmor/ui.py:368
+#, python-format
+msgid "PromptUser: Invalid default %s"
+msgstr ""
diff --git a/utils/po/pt.po b/utils/po/pt.po
index 58d9023324d3b2b440687c4e80813fac5c8b77b5..0479f6e4173b2b85e56c96ecadb6d29d54734a7c 100644
--- a/utils/po/pt.po
+++ b/utils/po/pt.po
@@ -8,19 +8,19 @@ msgstr ""
"Project-Id-Version: apparmor\n"
"Report-Msgid-Bugs-To: AppArmor list <apparmor@lists.ubuntu.com>\n"
"POT-Creation-Date: 2014-09-14 19:29+0530\n"
-"PO-Revision-Date: 2016-03-03 11:01+0000\n"
-"Last-Translator: Ivo Xavier <ivofernandes12@gmail.com>\n"
+"PO-Revision-Date: 2022-11-23 23:42+0000\n"
+"Last-Translator: Carlos Martins <Unknown>\n"
"Language-Team: Portuguese <pt@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2019-04-18 05:33+0000\n"
-"X-Generator: Launchpad (build 18928)\n"
+"X-Launchpad-Export-Date: 2022-11-24 06:37+0000\n"
+"X-Generator: Launchpad (build 58312c50d0ade23d24f71d3daeac191f58b3ed83)\n"
"Language: po\n"
#: ../aa-genprof:56
msgid "Generate profile for the given program"
-msgstr ""
+msgstr "Gerar perfil para o programa em questão"
#: ../aa-genprof:57 ../aa-logprof:25 ../aa-cleanprof:24 ../aa-mergeprof:34
#: ../aa-autodep:25 ../aa-audit:25 ../aa-complain:24 ../aa-enforce:24
@@ -30,21 +30,23 @@ msgstr "caminho para perfis"
#: ../aa-genprof:58 ../aa-logprof:26
msgid "path to logfile"
-msgstr ""
+msgstr "caminho para o ficheiro de registo"
#: ../aa-genprof:59
msgid "name of program to profile"
-msgstr ""
+msgstr "nome do programa a ser perfilado"
#: ../aa-genprof:69 ../aa-logprof:37
#, python-format
msgid "The logfile %s does not exist. Please check the path"
-msgstr ""
+msgstr "O ficheiro de registo %s não existe. Por favor, verifique o caminho"
#: ../aa-genprof:75 ../aa-logprof:43 ../aa-unconfined:36
msgid ""
"It seems AppArmor was not started. Please enable AppArmor and try again."
msgstr ""
+"Parece que a AppArmor não foi iniciada. Por favor, ativar a AppArmor e "
+"tentar novamente."
#: ../aa-genprof:80 ../aa-mergeprof:47
#, python-format
@@ -60,11 +62,18 @@ msgid ""
"environment set up in order to find the fully-qualified path and\n"
"use the full path as parameter."
msgstr ""
+"Não se encontram %(profiling)s na lista de caminhos do sistema. Se o nome da "
+"aplicação\n"
+"estiver correto, por favor executar 'which %(profiling)s' como um usuário "
+"com a variável\n"
+"de ambiente PATH configurada corretamente para encontrar o caminho "
+"qualificado\n"
+"totalmente e utilizá-lo como parâmetro."
#: ../aa-genprof:96
#, python-format
msgid "%s does not exists, please double-check the path."
-msgstr ""
+msgstr "%s não existe, por favor verifique mais uma vez o caminho."
#: ../aa-genprof:124
msgid ""
@@ -74,6 +83,11 @@ msgid ""
"wish to confine. See the following wiki page for\n"
"more information:"
msgstr ""
+"\n"
+"Antes de começar, você pode querer verificar se\n"
+"já existe um perfil para a aplicação que você\n"
+"deseja confinar. Consulte a página wiki seguinte\n"
+"para mais informações:"
#: ../aa-genprof:126
msgid ""
@@ -90,7 +104,7 @@ msgstr ""
#: ../aa-genprof:147
msgid "Profiling"
-msgstr ""
+msgstr "Traçar perfil"
#: ../aa-genprof:165
msgid ""
@@ -104,6 +118,9 @@ msgid ""
"Please consider contributing your new profile!\n"
"See the following wiki page for more information:"
msgstr ""
+"\n"
+"Considere contribuir com o seu novo perfil!\n"
+"Consulte a seguinte página wiki para mais informações:"
#: ../aa-genprof:167
#, python-format
@@ -125,7 +142,7 @@ msgstr ""
#: ../aa-cleanprof:25 ../aa-autodep:26 ../aa-audit:27 ../aa-complain:25
#: ../aa-enforce:25 ../aa-disable:25
msgid "name of program"
-msgstr ""
+msgstr "nome do programa"
#: ../aa-cleanprof:26
msgid "Silently overwrite with a clean profile"
@@ -137,15 +154,15 @@ msgstr ""
#: ../aa-mergeprof:31
msgid "your profile"
-msgstr ""
+msgstr "o seu perfil"
#: ../aa-mergeprof:32
msgid "base profile"
-msgstr ""
+msgstr "perfil base"
#: ../aa-mergeprof:33
msgid "other profile"
-msgstr ""
+msgstr "outro perfil"
#: ../aa-mergeprof:67 ../apparmor/aa.py:2345
msgid ""
@@ -166,7 +183,7 @@ msgstr ""
#: ../aa-mergeprof:183 ../aa-mergeprof:209
msgid "File includes"
-msgstr ""
+msgstr "Ficheiro inclui"
#: ../aa-mergeprof:183 ../aa-mergeprof:209
msgid "Select the ones you wish to add"
@@ -175,7 +192,7 @@ msgstr ""
#: ../aa-mergeprof:195 ../aa-mergeprof:222
#, python-format
msgid "Adding %s to the file."
-msgstr ""
+msgstr "Adicionando %s ao ficheiro."
#: ../aa-mergeprof:199 ../apparmor/aa.py:2258
msgid "unknown"
@@ -208,7 +225,7 @@ msgstr ""
#: ../apparmor/aa.py:1857
#, python-format
msgid "Adding %s to profile."
-msgstr ""
+msgstr "Adicionando %s ao perfil."
#: ../aa-mergeprof:282 ../apparmor/aa.py:1627
#, python-format
@@ -271,7 +288,7 @@ msgstr ""
#: ../aa-mergeprof:673 ../apparmor/aa.py:2010
#, python-format
msgid "Adding %s to profile"
-msgstr ""
+msgstr "Adicionando %s ao perfil"
#: ../aa-mergeprof:683 ../apparmor/aa.py:2020
#, python-format
diff --git a/utils/po/pt_BR.po b/utils/po/pt_BR.po
index 702c9159db22819d9e4d1e02f1880975e73e4b3c..372d05deb511a06d93d87534c91aafd13cdb820d 100644
--- a/utils/po/pt_BR.po
+++ b/utils/po/pt_BR.po
@@ -8,47 +8,49 @@ msgstr ""
"Project-Id-Version: apparmor\n"
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
"POT-Creation-Date: 2014-09-14 19:29+0530\n"
-"PO-Revision-Date: 2018-12-03 23:25+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"PO-Revision-Date: 2022-11-15 21:22+0000\n"
+"Last-Translator: Christian Boltz <Unknown>\n"
"Language-Team: Brazilian Portuguese <pt_BR@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2019-04-18 05:33+0000\n"
-"X-Generator: Launchpad (build 18928)\n"
+"X-Launchpad-Export-Date: 2022-11-16 06:30+0000\n"
+"X-Generator: Launchpad (build 58312c50d0ade23d24f71d3daeac191f58b3ed83)\n"
#: ../aa-genprof:56
msgid "Generate profile for the given program"
-msgstr ""
+msgstr "Gerar perfil para o programa alvo"
#: ../aa-genprof:57 ../aa-logprof:25 ../aa-cleanprof:24 ../aa-mergeprof:34
#: ../aa-autodep:25 ../aa-audit:25 ../aa-complain:24 ../aa-enforce:24
#: ../aa-disable:24
msgid "path to profiles"
-msgstr ""
+msgstr "Caminho para os perfis"
#: ../aa-genprof:58 ../aa-logprof:26
msgid "path to logfile"
-msgstr ""
+msgstr "Caminho para arquivos de log"
#: ../aa-genprof:59
msgid "name of program to profile"
-msgstr ""
+msgstr "Nome do programa a gerar perfil"
#: ../aa-genprof:69 ../aa-logprof:37
#, python-format
msgid "The logfile %s does not exist. Please check the path"
-msgstr ""
+msgstr "O arquivo de log %s não existe. Favor verificar o caminho"
#: ../aa-genprof:75 ../aa-logprof:43 ../aa-unconfined:36
msgid ""
"It seems AppArmor was not started. Please enable AppArmor and try again."
msgstr ""
+"O AppArmor não foi inicializado. Favor habilitar o AppArmor e tentar "
+"novamente."
#: ../aa-genprof:80 ../aa-mergeprof:47
#, python-format
msgid "%s is not a directory."
-msgstr ""
+msgstr "%s não é um diretório."
#: ../aa-genprof:94
#, python-format
@@ -59,11 +61,18 @@ msgid ""
"environment set up in order to find the fully-qualified path and\n"
"use the full path as parameter."
msgstr ""
+"Não foi possÃvel encontrar %(profiling)s na lista de caminho do sistema. Se "
+"o nome da aplicação\n"
+"estiver correto, favor executar o comando 'which %(profiling)s' como um "
+"usuário e com a variável\n"
+"de ambiente PATH corretamente configurada, para assim encontrar o caminho "
+"completo até a \n"
+"aplicação e usar o mesmo como parâmetro."
#: ../aa-genprof:96
#, python-format
msgid "%s does not exists, please double-check the path."
-msgstr ""
+msgstr "%s não existe, favor verficar novamente o caminho."
#: ../aa-genprof:124
msgid ""
@@ -73,6 +82,10 @@ msgid ""
"wish to confine. See the following wiki page for\n"
"more information:"
msgstr ""
+"\n"
+"Antes que você inicie, você talvez queira verificar se\n"
+"o perfil já existe para a aplicação que você deseja\n"
+"confinar. Veja a seguinte página para mais informações:"
#: ../aa-genprof:126
msgid ""
@@ -86,16 +99,27 @@ msgid ""
"opportunity to choose whether the access should be \n"
"allowed or denied."
msgstr ""
+"Inicie o aplicativo a ser perfilado em \n"
+"outra janela e exerça sua funcionalidade agora. \n"
+"\n"
+"Uma vez concluÃdo, selecione a opção \"Scan\" abaixo em \n"
+"para verificar os logs do sistema em busca de eventos do AppArmor. \n"
+"\n"
+"Para cada evento do AppArmor, você receberá o \n"
+"oportunidade de escolher se o acesso deve ser \n"
+"permitido ou negado."
#: ../aa-genprof:147
msgid "Profiling"
-msgstr ""
+msgstr "Perfil"
#: ../aa-genprof:165
msgid ""
"\n"
"Reloaded AppArmor profiles in enforce mode."
msgstr ""
+"\n"
+"Perfis do AppArmor recarregados no modo de imposição."
#: ../aa-genprof:166
msgid ""
@@ -103,279 +127,283 @@ msgid ""
"Please consider contributing your new profile!\n"
"See the following wiki page for more information:"
msgstr ""
+"\n"
+"Por favor, considere contribuir com seu novo perfil! \n"
+"Consulte a seguinte página wiki para obter mais informações:"
#: ../aa-genprof:167
#, python-format
msgid "Finished generating profile for %s."
-msgstr ""
+msgstr "Perfil de geração concluÃdo para %s."
#: ../aa-logprof:24
msgid "Process log entries to generate profiles"
-msgstr ""
+msgstr "Processar entradas de log para gerar perfis"
#: ../aa-logprof:27
msgid "mark in the log to start processing after"
-msgstr ""
+msgstr "marque no log para iniciar o processamento após"
#: ../aa-cleanprof:23
msgid "Cleanup the profiles for the given programs"
-msgstr ""
+msgstr "Limpe os perfis para os programas fornecidos"
#: ../aa-cleanprof:25 ../aa-autodep:26 ../aa-audit:27 ../aa-complain:25
#: ../aa-enforce:25 ../aa-disable:25
msgid "name of program"
-msgstr ""
+msgstr "nome do programa"
#: ../aa-cleanprof:26
msgid "Silently overwrite with a clean profile"
-msgstr ""
+msgstr "Substituir silenciosamente com um perfil limpo"
#: ../aa-mergeprof:29
msgid "Perform a 2-way or 3-way merge on the given profiles"
-msgstr ""
+msgstr "Execute uma mesclagem de 2 ou 3 vias nos perfis fornecidos"
#: ../aa-mergeprof:31
msgid "your profile"
-msgstr ""
+msgstr "seu perfil"
#: ../aa-mergeprof:32
msgid "base profile"
-msgstr ""
+msgstr "perfil básico"
#: ../aa-mergeprof:33
msgid "other profile"
-msgstr ""
+msgstr "outro perfil"
#: ../aa-mergeprof:67 ../apparmor/aa.py:2345
msgid ""
"The following local profiles were changed. Would you like to save them?"
msgstr ""
+"Os seguintes perfis locais foram alterados. Você gostaria de salvá-los?"
#: ../aa-mergeprof:148 ../aa-mergeprof:430 ../apparmor/aa.py:1767
msgid "Path"
-msgstr ""
+msgstr "Caminho"
#: ../aa-mergeprof:149
msgid "Select the appropriate mode"
-msgstr ""
+msgstr "Selecione o modo apropriado"
#: ../aa-mergeprof:166
msgid "Unknown selection"
-msgstr ""
+msgstr "Seleção desconhecida"
#: ../aa-mergeprof:183 ../aa-mergeprof:209
msgid "File includes"
-msgstr ""
+msgstr "O arquivo inclui"
#: ../aa-mergeprof:183 ../aa-mergeprof:209
msgid "Select the ones you wish to add"
-msgstr ""
+msgstr "Selecione o que deseja adicionar"
#: ../aa-mergeprof:195 ../aa-mergeprof:222
#, python-format
msgid "Adding %s to the file."
-msgstr ""
+msgstr "Adicionando %s ao arquivo."
#: ../aa-mergeprof:199 ../apparmor/aa.py:2258
msgid "unknown"
-msgstr ""
+msgstr "desconhecido"
#: ../aa-mergeprof:224 ../aa-mergeprof:275 ../aa-mergeprof:516
#: ../aa-mergeprof:558 ../aa-mergeprof:675 ../apparmor/aa.py:1620
#: ../apparmor/aa.py:1859 ../apparmor/aa.py:1899 ../apparmor/aa.py:2012
#, python-format
msgid "Deleted %s previous matching profile entries."
-msgstr ""
+msgstr "ExcluÃdas %s entradas de perfil correspondentes anteriores."
#: ../aa-mergeprof:244 ../aa-mergeprof:429 ../aa-mergeprof:629
#: ../aa-mergeprof:656 ../apparmor/aa.py:992 ../apparmor/aa.py:1252
#: ../apparmor/aa.py:1562 ../apparmor/aa.py:1603 ../apparmor/aa.py:1766
#: ../apparmor/aa.py:1958 ../apparmor/aa.py:1994
msgid "Profile"
-msgstr ""
+msgstr "Perfil"
#: ../aa-mergeprof:245 ../apparmor/aa.py:1563 ../apparmor/aa.py:1604
msgid "Capability"
-msgstr ""
+msgstr "Capacidade"
#: ../aa-mergeprof:246 ../aa-mergeprof:480 ../apparmor/aa.py:1258
#: ../apparmor/aa.py:1564 ../apparmor/aa.py:1605 ../apparmor/aa.py:1817
msgid "Severity"
-msgstr ""
+msgstr "Gravidade"
#: ../aa-mergeprof:273 ../aa-mergeprof:514 ../apparmor/aa.py:1618
#: ../apparmor/aa.py:1857
#, python-format
msgid "Adding %s to profile."
-msgstr ""
+msgstr "Adicionando %s ao perfil."
#: ../aa-mergeprof:282 ../apparmor/aa.py:1627
#, python-format
msgid "Adding capability %s to profile."
-msgstr ""
+msgstr "Adicionando capacidade %s ao perfil."
#: ../aa-mergeprof:289 ../apparmor/aa.py:1634
#, python-format
msgid "Denying capability %s to profile."
-msgstr ""
+msgstr "Negando a capacidade %s para o perfil."
#: ../aa-mergeprof:439 ../aa-mergeprof:470 ../apparmor/aa.py:1776
#: ../apparmor/aa.py:1807
msgid "(owner permissions off)"
-msgstr ""
+msgstr "(permissões de proprietário desativadas)"
#: ../aa-mergeprof:444 ../apparmor/aa.py:1781
msgid "(force new perms to owner)"
-msgstr ""
+msgstr "(forçar novas permissões ao proprietário)"
#: ../aa-mergeprof:447 ../apparmor/aa.py:1784
msgid "(force all rule perms to owner)"
-msgstr ""
+msgstr "(forçar todas as permissões de regra para o proprietário)"
#: ../aa-mergeprof:459 ../apparmor/aa.py:1796
msgid "Old Mode"
-msgstr ""
+msgstr "Modo antigo"
#: ../aa-mergeprof:460 ../apparmor/aa.py:1797
msgid "New Mode"
-msgstr ""
+msgstr "Novo modo"
#: ../aa-mergeprof:475 ../apparmor/aa.py:1812
msgid "(force perms to owner)"
-msgstr ""
+msgstr "(forçar permissão ao proprietário)"
#: ../aa-mergeprof:478 ../apparmor/aa.py:1815
msgid "Mode"
-msgstr ""
+msgstr "Modo"
#: ../aa-mergeprof:556
#, python-format
msgid "Adding %(path)s %(mod)s to profile"
-msgstr ""
+msgstr "Adicionando %(path)s %(mod)s ao perfil"
#: ../aa-mergeprof:574 ../apparmor/aa.py:1915
msgid "Enter new path: "
-msgstr ""
+msgstr "Insira um novo caminho: "
#: ../aa-mergeprof:630 ../aa-mergeprof:657 ../apparmor/aa.py:1959
#: ../apparmor/aa.py:1995
msgid "Network Family"
-msgstr ""
+msgstr "FamÃlia de rede"
#: ../aa-mergeprof:631 ../aa-mergeprof:658 ../apparmor/aa.py:1960
#: ../apparmor/aa.py:1996
msgid "Socket Type"
-msgstr ""
+msgstr "Tipo de soquete"
#: ../aa-mergeprof:673 ../apparmor/aa.py:2010
#, python-format
msgid "Adding %s to profile"
-msgstr ""
+msgstr "Adicionando %s ao perfil"
#: ../aa-mergeprof:683 ../apparmor/aa.py:2020
#, python-format
msgid "Adding network access %(family)s %(type)s to profile."
-msgstr ""
+msgstr "Adicionando acesso à rede %(family)s %(type)s ao perfil."
#: ../aa-mergeprof:689 ../apparmor/aa.py:2026
#, python-format
msgid "Denying network access %(family)s %(type)s to profile"
-msgstr ""
+msgstr "Negando acesso à rede %(family)s %(type)s ao perfil"
#: ../aa-autodep:23
msgid "Generate a basic AppArmor profile by guessing requirements"
-msgstr ""
+msgstr "Gere um perfil básico do AppArmor adivinhando os requisitos"
#: ../aa-autodep:24
msgid "overwrite existing profile"
-msgstr ""
+msgstr "perfil substituir existente"
#: ../aa-audit:24
msgid "Switch the given programs to audit mode"
-msgstr ""
+msgstr "Alternar os programas fornecidos para o modo de auditório"
#: ../aa-audit:26
msgid "remove audit mode"
-msgstr ""
+msgstr "removedor modo de auditoria"
#: ../aa-audit:28
msgid "Show full trace"
-msgstr ""
+msgstr "Mostrar rastreamento completo"
#: ../aa-complain:23
msgid "Switch the given program to complain mode"
-msgstr ""
+msgstr "Mude o programa fornecido para o modo de reclamação"
#: ../aa-enforce:23
msgid "Switch the given program to enforce mode"
-msgstr ""
+msgstr "Altere o programa fornecido para o modo de implementação"
#: ../aa-disable:23
msgid "Disable the profile for the given programs"
-msgstr ""
+msgstr "Desative o perfil para os programas fornecidos"
#: ../aa-unconfined:28
msgid "Lists unconfined processes having tcp or udp ports"
-msgstr ""
+msgstr "Lista processos não confinados com portas tcp ou udp"
#: ../aa-unconfined:29
msgid "scan all processes from /proc"
-msgstr ""
+msgstr "escaneie todos os processos de /proc"
#: ../aa-unconfined:81
#, python-format
msgid "%(pid)s %(program)s (%(commandline)s) not confined"
-msgstr ""
+msgstr "%(pid)s %(program)s (%(commandline)s) não confinado"
#: ../aa-unconfined:85
#, python-format
msgid "%(pid)s %(program)s%(pname)s not confined"
-msgstr ""
+msgstr "%(pid)s %(program)s%(pname)s não confinado"
#: ../aa-unconfined:90
#, python-format
msgid "%(pid)s %(program)s (%(commandline)s) confined by '%(attribute)s'"
-msgstr ""
+msgstr "%(pid)s %(program)s (%(commandline)s) confinado por '%(attribute)s'"
#: ../aa-unconfined:94
#, python-format
msgid "%(pid)s %(program)s%(pname)s confined by '%(attribute)s'"
-msgstr ""
+msgstr "%(pid)s %(program)s%(pname)s confinado por '%(attribute)s'"
#: ../apparmor/aa.py:196
#, python-format
msgid "Followed too many links while resolving %s"
-msgstr ""
+msgstr "Seguiu muitos links ao resolver %s"
#: ../apparmor/aa.py:252 ../apparmor/aa.py:259
#, python-format
msgid "Can't find %s"
-msgstr ""
+msgstr "Não é possÃvel encontrar %s"
#: ../apparmor/aa.py:264 ../apparmor/aa.py:548
#, python-format
msgid "Setting %s to complain mode."
-msgstr ""
+msgstr "Configurando %s para o modo de reclamação."
#: ../apparmor/aa.py:271
#, python-format
msgid "Setting %s to enforce mode."
-msgstr ""
+msgstr "Configurando %s para aplicar o modo."
#: ../apparmor/aa.py:286
#, python-format
msgid "Unable to find basename for %s."
-msgstr ""
+msgstr "Não foi possÃvel encontrar o nome base para %s."
#: ../apparmor/aa.py:301
#, python-format
msgid "Could not create %(link)s symlink to %(filename)s."
-msgstr ""
+msgstr "Não foi possÃvel criar %(link)s link simbólico para %(filename)s."
#: ../apparmor/aa.py:314
#, python-format
msgid "Unable to read first line from %s: File Not Found"
-msgstr ""
+msgstr "Não foi possÃvel ler a primeira linha de %s: Arquivo não encontrado"
#: ../apparmor/aa.py:328
#, python-format
@@ -383,33 +411,37 @@ msgid ""
"Unable to fork: %(program)s\n"
"\t%(error)s"
msgstr ""
+"Não foi possÃvel bifurcar: %(program)s \n"
+"\t%(error)s"
#: ../apparmor/aa.py:449 ../apparmor/ui.py:303
msgid ""
"Are you sure you want to abandon this set of profile changes and exit?"
msgstr ""
+"Tem certeza de que deseja abandonar este conjunto de alterações de perfil e "
+"sair?"
#: ../apparmor/aa.py:451 ../apparmor/ui.py:305
msgid "Abandoning all changes."
-msgstr ""
+msgstr "Abandonando todas as mudanças."
#: ../apparmor/aa.py:464
msgid "Connecting to repository..."
-msgstr ""
+msgstr "Conectando ao recurso..."
#: ../apparmor/aa.py:470
msgid "WARNING: Error fetching profiles from the repository"
-msgstr ""
+msgstr "AVISO: Erro ao buscar perfis do repositório"
#: ../apparmor/aa.py:550
#, python-format
msgid "Error activating profiles: %s"
-msgstr ""
+msgstr "Erro ao ativar perfis: %s"
#: ../apparmor/aa.py:605
#, python-format
msgid "%s contains no profile"
-msgstr ""
+msgstr "%s não contém perfil"
#: ../apparmor/aa.py:706
#, python-format
@@ -417,6 +449,8 @@ msgid ""
"WARNING: Error synchronizing profiles with the repository:\n"
"%s\n"
msgstr ""
+"AVISO: Erro ao sincronizar perfis com o repositório: \n"
+"%s\n"
#: ../apparmor/aa.py:744
#, python-format
@@ -424,6 +458,8 @@ msgid ""
"WARNING: Error synchronizing profiles with the repository\n"
"%s"
msgstr ""
+"AVISO: Erro ao sincronizar perfis com o repositório \n"
+"%s"
#: ../apparmor/aa.py:832 ../apparmor/aa.py:883
#, python-format
@@ -431,14 +467,16 @@ msgid ""
"WARNING: An error occurred while uploading the profile %(profile)s\n"
"%(ret)s"
msgstr ""
+"AVISO: ocorreu um erro ao carregar o perfil %(profile)s \n"
+"%(ret)s"
#: ../apparmor/aa.py:833
msgid "Uploaded changes to repository."
-msgstr ""
+msgstr "carregados não."
#: ../apparmor/aa.py:865
msgid "Changelog Entry: "
-msgstr ""
+msgstr "Entrada de registro de alterações: "
#: ../apparmor/aa.py:885
msgid ""
@@ -447,40 +485,44 @@ msgid ""
"information is required to upload profiles to the repository.\n"
"These changes could not be sent."
msgstr ""
+"Erro de repositório O \n"
+"registro ou login não foi bem-sucedido. As informações de login do usuário \n"
+"são necessárias para fazer upload de perfis para o repositório. \n"
+"Essas alterações não puderam ser enviadas."
#: ../apparmor/aa.py:995
msgid "Default Hat"
-msgstr ""
+msgstr "Chapéu padrão"
#: ../apparmor/aa.py:997
msgid "Requested Hat"
-msgstr ""
+msgstr "Chapéu solicitado"
#: ../apparmor/aa.py:1218
#, python-format
msgid "%s has transition name but not transition mode"
-msgstr ""
+msgstr "%s tem nome de transição mas não tem modo de transição"
#: ../apparmor/aa.py:1232
#, python-format
msgid "Target profile exists: %s\n"
-msgstr ""
+msgstr "O perfil de destino existe: %s\n"
#: ../apparmor/aa.py:1254
msgid "Program"
-msgstr ""
+msgstr "Programa"
#: ../apparmor/aa.py:1257
msgid "Execute"
-msgstr ""
+msgstr "Executar"
#: ../apparmor/aa.py:1287
msgid "Are you specifying a transition to a local profile?"
-msgstr ""
+msgstr "Você está especificando uma transição para um perfil local?"
#: ../apparmor/aa.py:1299
msgid "Enter profile name to transition to: "
-msgstr ""
+msgstr "Digite o nome do perfil para fazer a transição para: "
#: ../apparmor/aa.py:1308
msgid ""
@@ -491,6 +533,12 @@ msgid ""
"but some applications depend on the presence\n"
"of LD_PRELOAD or LD_LIBRARY_PATH."
msgstr ""
+"O AppArmor deve higienizar o ambiente ao \n"
+"alternar perfis? \n"
+"\n"
+"A higienização do ambiente é mais segura, \n"
+"mas algumas aplicações dependem da presença \n"
+"de LD_PRELOAD ou LD_LIBRARY_PATH."
#: ../apparmor/aa.py:1310
msgid ""
@@ -502,6 +550,13 @@ msgid ""
"or LD_LIBRARY_PATH and sanitising the environment\n"
"could cause functionality problems."
msgstr ""
+"O AppArmor deve higienizar o ambiente ao \n"
+"alternar perfis? \n"
+"\n"
+"A higienização do ambiente é mais segura, \n"
+"mas este aplicativo parece estar usando LD_PRELOAD \n"
+"ou LD_LIBRARY_PATH e a higienização do ambiente \n"
+"pode causar problemas de funcionalidade."
#: ../apparmor/aa.py:1318
#, python-format
@@ -512,6 +567,11 @@ msgid ""
"Are you absolutely certain you wish to remove all\n"
"AppArmor protection when executing %s ?"
msgstr ""
+"Iniciar processos em um estado não confinado é uma \n"
+"operação muito perigosa e pode causar sérias falhas de segurança. \n"
+"\n"
+"Você tem certeza absoluta de que deseja remover toda a \n"
+"proteção do AppArmor ao executar %s?"
#: ../apparmor/aa.py:1320
msgid ""
@@ -522,6 +582,12 @@ msgid ""
"a program opens up significant security holes\n"
"and should be avoided if at all possible."
msgstr ""
+"O AppArmor deve higienizar o ambiente ao \n"
+"executar este programa sem confinamento? \n"
+"\n"
+"Não higienizar o ambiente ao desconfinar \n"
+"um programa abre brechas de segurança significativas \n"
+"e deve ser evitado, se possÃvel."
#: ../apparmor/aa.py:1396 ../apparmor/aa.py:1414
#, python-format
@@ -529,24 +595,26 @@ msgid ""
"A profile for %s does not exist.\n"
"Do you want to create one?"
msgstr ""
+"Não existe um perfil para %s. \n"
+"Você quer criar um?"
#: ../apparmor/aa.py:1523
msgid "Complain-mode changes:"
-msgstr ""
+msgstr "Mudanças no modo de reclamação:"
#: ../apparmor/aa.py:1525
msgid "Enforce-mode changes:"
-msgstr ""
+msgstr "Alterações no modo de imposição:"
#: ../apparmor/aa.py:1528
#, python-format
msgid "Invalid mode found: %s"
-msgstr ""
+msgstr "Modo inválido encontrado: %s"
#: ../apparmor/aa.py:1897
#, python-format
msgid "Adding %(path)s %(mode)s to profile"
-msgstr ""
+msgstr "Adicionando %(path)s %(mode)s ao perfil"
#: ../apparmor/aa.py:1918
#, python-format
@@ -557,46 +625,56 @@ msgid ""
" Entered Path: %(ans)s\n"
"Do you really want to use this path?"
msgstr ""
+"O caminho especificado não corresponde a esta entrada de log:\n"
+"\n"
+" Entrada de registro: %(path)s\n"
+" Caminho inserido: %(ans)s \n"
+"Você realmente deseja usar este caminho?"
#: ../apparmor/aa.py:2251
#, python-format
msgid "Reading log entries from %s."
-msgstr ""
+msgstr "Lendo entradas de log de %s."
#: ../apparmor/aa.py:2254
#, python-format
msgid "Updating AppArmor profiles in %s."
-msgstr ""
+msgstr "Atualizando perfis do AppArmor em %s."
#: ../apparmor/aa.py:2323
msgid ""
"Select which profile changes you would like to save to the\n"
"local profile set."
msgstr ""
+"Selecione quais alterações de perfil você gostaria de salvar no \n"
+"conjunto de perfis local."
#: ../apparmor/aa.py:2324
msgid "Local profile changes"
-msgstr ""
+msgstr "Alterações de perfil local"
#: ../apparmor/aa.py:2418
msgid "Profile Changes"
-msgstr ""
+msgstr "Alterações de perfil"
#: ../apparmor/aa.py:2428
#, python-format
msgid "Can't find existing profile %s to compare changes."
msgstr ""
+"Não é possÃvel encontrar o perfil %s existente para comparar as alterações."
#: ../apparmor/aa.py:2566 ../apparmor/aa.py:2581
#, python-format
msgid "Can't read AppArmor profiles in %s"
-msgstr ""
+msgstr "Não é possÃvel ler perfis do AppArmor em %s"
#: ../apparmor/aa.py:2677
#, python-format
msgid ""
"%(profile)s profile in %(file)s contains syntax errors in line: %(line)s."
msgstr ""
+"O perfil de %(profile)s em %(file)s contém erros de sintaxe na linha: "
+"%(line)s."
#: ../apparmor/aa.py:2734
#, python-format
@@ -604,6 +682,8 @@ msgid ""
"Syntax Error: Unexpected End of Profile reached in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Erro de sintaxe: Fim inesperado do perfil alcançado no arquivo: %(file)s "
+"linha: %(line)s"
#: ../apparmor/aa.py:2749
#, python-format
@@ -611,12 +691,16 @@ msgid ""
"Syntax Error: Unexpected capability entry found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Erro de sintaxe: entrada de recurso inesperada encontrada no arquivo: "
+"%(file)s line: %(line)s"
#: ../apparmor/aa.py:2770
#, python-format
msgid ""
"Syntax Error: Unexpected link entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Erro de sintaxe: entrada de link inesperada encontrada no arquivo: %(file)s "
+"line: %(line)s"
#: ../apparmor/aa.py:2798
#, python-format
@@ -624,12 +708,16 @@ msgid ""
"Syntax Error: Unexpected change profile entry found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Erro de sintaxe: entrada de perfil de alteração inesperada encontrada no "
+"arquivo: %(file)s line: %(line)s"
#: ../apparmor/aa.py:2820
#, python-format
msgid ""
"Syntax Error: Unexpected rlimit entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Erro de sintaxe: entrada rlimit inesperada encontrada no arquivo: %(file)s "
+"line: %(line)s"
#: ../apparmor/aa.py:2831
#, python-format
@@ -637,6 +725,8 @@ msgid ""
"Syntax Error: Unexpected boolean definition found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Erro de sintaxe: definição booleana inesperada encontrada no arquivo: "
+"%(file)s line: %(line)s"
#: ../apparmor/aa.py:2871
#, python-format
@@ -644,52 +734,67 @@ msgid ""
"Syntax Error: Unexpected bare file rule found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Erro de sintaxe: regra de arquivo vazio inesperada encontrada no arquivo: "
+"%(file)s line: %(line)s"
#: ../apparmor/aa.py:2894
#, python-format
msgid ""
"Syntax Error: Unexpected path entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Erro de sintaxe: entrada de caminho inesperada encontrada no arquivo: "
+"%(file)s line: %(line)s"
#: ../apparmor/aa.py:2922
#, python-format
msgid "Syntax Error: Invalid Regex %(path)s in file: %(file)s line: %(line)s"
msgstr ""
+"Erro de sintaxe: Regex %(path)s inválida no arquivo: %(file)s line: %(line)s"
#: ../apparmor/aa.py:2925
#, python-format
msgid "Invalid mode %(mode)s in file: %(file)s line: %(line)s"
-msgstr ""
+msgstr "Modo inválido %(mode)s no arquivo: %(file)s linha: %(line)s"
#: ../apparmor/aa.py:2977
#, python-format
msgid ""
"Syntax Error: Unexpected network entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Erro de sintaxe: entrada de rede inesperada encontrada no arquivo: %(file)s "
+"line: %(line)s"
#: ../apparmor/aa.py:3007
#, python-format
msgid ""
"Syntax Error: Unexpected dbus entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Erro de sintaxe: entrada dbus inesperada encontrada no arquivo: %(file)s "
+"line: %(line)s"
#: ../apparmor/aa.py:3030
#, python-format
msgid ""
"Syntax Error: Unexpected mount entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Erro de sintaxe: entrada de montagem inesperada encontrada no arquivo: "
+"%(file)s line: %(line)s"
#: ../apparmor/aa.py:3052
#, python-format
msgid ""
"Syntax Error: Unexpected signal entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Erro de sintaxe: entrada de sinal inesperada encontrada no arquivo: %(file)s "
+"line: %(line)s"
#: ../apparmor/aa.py:3074
#, python-format
msgid ""
"Syntax Error: Unexpected ptrace entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Erro de sintaxe: entrada ptrace inesperada encontrada no arquivo: %(file)s "
+"line: %(line)s"
#: ../apparmor/aa.py:3096
#, python-format
@@ -697,12 +802,16 @@ msgid ""
"Syntax Error: Unexpected pivot_root entry found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Erro de sintaxe: entrada pivot_root inesperada encontrada no arquivo: "
+"%(file)s line: %(line)s"
#: ../apparmor/aa.py:3118
#, python-format
msgid ""
"Syntax Error: Unexpected unix entry found in file: %(file)s line: %(line)s"
msgstr ""
+"Erro de sintaxe: entrada unix inesperada encontrada no arquivo: %(file)s "
+"line: %(line)s"
#: ../apparmor/aa.py:3140
#, python-format
@@ -710,6 +819,8 @@ msgid ""
"Syntax Error: Unexpected change hat declaration found in file: %(file)s "
"line: %(line)s"
msgstr ""
+"Erro de sintaxe: declaração de mudança inesperada encontrada no arquivo: "
+"%(file)s line: %(line)s"
#: ../apparmor/aa.py:3152
#, python-format
@@ -717,21 +828,25 @@ msgid ""
"Syntax Error: Unexpected hat definition found in file: %(file)s line: "
"%(line)s"
msgstr ""
+"Erro de sintaxe: definição de hat inesperada encontrada no arquivo: %(file)s "
+"line: %(line)s"
#: ../apparmor/aa.py:3168
#, python-format
msgid "Error: Multiple definitions for hat %(hat)s in profile %(profile)s."
-msgstr ""
+msgstr "Erro: várias definições para hat %(hat)s no perfil %(profile)s."
#: ../apparmor/aa.py:3185
#, python-format
msgid "Warning: invalid \"REPOSITORY:\" line in %s, ignoring."
-msgstr ""
+msgstr "Aviso: linha \"REPOSITORY:\" inválida em %s, ignorando."
#: ../apparmor/aa.py:3198
#, python-format
msgid "Syntax Error: Unknown line found in file: %(file)s line: %(line)s"
msgstr ""
+"Erro de sintaxe: linha desconhecida encontrada no arquivo: %(file)s line: "
+"%(line)s"
#: ../apparmor/aa.py:3211
#, python-format
@@ -739,17 +854,21 @@ msgid ""
"Syntax Error: Missing '}' or ','. Reached end of file %(file)s while inside "
"profile %(profile)s"
msgstr ""
+"Erro de sintaxe: Falta '}' ou ','. Atingiu o fim do arquivo %(file)s "
+"enquanto estava dentro do perfil %(profile)s"
#: ../apparmor/aa.py:3277
#, python-format
msgid "Redefining existing variable %(variable)s: %(value)s in %(file)s"
-msgstr ""
+msgstr "Redefinindo a variável existente %(variable)s: %(value)s em %(file)s"
#: ../apparmor/aa.py:3282
#, python-format
msgid ""
"Values added to a non-existing variable %(variable)s: %(value)s in %(file)s"
msgstr ""
+"Valores adicionados a uma variável inexistente %(variable)s: %(value)s em "
+"%(file)s"
#: ../apparmor/aa.py:3284
#, python-format
@@ -757,25 +876,27 @@ msgid ""
"Unknown variable operation %(operation)s for variable %(variable)s in "
"%(file)s"
msgstr ""
+"Operação de variável desconhecida %(operation)s para a variável %(variable)s "
+"em %(file)s"
#: ../apparmor/aa.py:3343
#, python-format
msgid "Invalid allow string: %(allow)s"
-msgstr ""
+msgstr "String de permissão inválida: %(allow)s"
#: ../apparmor/aa.py:3778
msgid "Can't find existing profile to modify"
-msgstr ""
+msgstr "Não é possÃvel encontrar o perfil existente para modificar"
#: ../apparmor/aa.py:4347
#, python-format
msgid "Writing updated profile for %s."
-msgstr ""
+msgstr "Escrevendo perfil atualizado para %s."
#: ../apparmor/aa.py:4481
#, python-format
msgid "File Not Found: %s"
-msgstr ""
+msgstr "Arquivo não encontrado: %s"
#: ../apparmor/aa.py:4591
#, python-format
@@ -787,11 +908,19 @@ msgid ""
"the corresponding entry in the [qualifiers] section in "
"/etc/apparmor/logprof.conf."
msgstr ""
+"%s está atualmente marcado como um programa que não deveria ter seu próprio "
+"\n"
+"perfil. Normalmente, os programas são marcados desta forma se criar um "
+"perfil para \n"
+"eles provavelmente quebrarão o resto do sistema. Se você sabe o que está \n"
+"fazendo e tem certeza de que deseja criar um perfil para este programa, "
+"edite \n"
+"a entrada correspondente na seção [qualifiers] em /etc/apparmor/logprof.conf."
#: ../apparmor/logparser.py:127 ../apparmor/logparser.py:132
#, python-format
msgid "Log contains unknown mode %s"
-msgstr ""
+msgstr "O log contém o modo desconhecido %s"
#: ../apparmor/tools.py:84 ../apparmor/tools.py:126
#, python-format
@@ -802,38 +931,45 @@ msgid ""
"environment set up in order to find the fully-qualified path and\n"
"use the full path as parameter."
msgstr ""
+"Não é possÃvel encontrar %(program)s na lista de caminhos do sistema. Se o "
+"nome do aplicativo \n"
+"estiver correto, execute 'which %(program)s' como um usuário com o \n"
+"ambiente PATH correto configurado para encontrar o caminho completo e \n"
+"usar o caminho completo como parâmetro."
#: ../apparmor/tools.py:86 ../apparmor/tools.py:102 ../apparmor/tools.py:128
#, python-format
msgid "%s does not exist, please double-check the path."
-msgstr ""
+msgstr "%s não existe, confirmado o caminho."
#: ../apparmor/tools.py:100
msgid ""
"The given program cannot be found, please try with the fully qualified path "
"name of the program: "
msgstr ""
+"O programa fornecido não pode ser encontrado, tente com o nome do caminho "
+"totalmente qualificado do programa: "
#: ../apparmor/tools.py:113 ../apparmor/tools.py:137 ../apparmor/tools.py:157
#: ../apparmor/tools.py:175 ../apparmor/tools.py:193
#, python-format
msgid "Profile for %s not found, skipping"
-msgstr ""
+msgstr "Perfil de %s não encontrado, pulando"
#: ../apparmor/tools.py:140
#, python-format
msgid "Disabling %s."
-msgstr ""
+msgstr "Desativando %s."
#: ../apparmor/tools.py:198
#, python-format
msgid "Setting %s to audit mode."
-msgstr ""
+msgstr "Configurando %s para o modo de auditoria."
#: ../apparmor/tools.py:200
#, python-format
msgid "Removing audit mode from %s."
-msgstr ""
+msgstr "Removendo o modo de auditoria de %s."
#: ../apparmor/tools.py:212
#, python-format
@@ -841,11 +977,13 @@ msgid ""
"Please pass an application to generate a profile for, not a profile itself - "
"skipping %s."
msgstr ""
+"Por favor, passe um aplicativo para gerar um perfil, não um perfil em si - "
+"pulando %s."
#: ../apparmor/tools.py:220
#, python-format
msgid "Profile for %s already exists - skipping."
-msgstr ""
+msgstr "O perfil para %s já existe - pulando."
#: ../apparmor/tools.py:232
#, python-format
@@ -853,6 +991,8 @@ msgid ""
"\n"
"Deleted %s rules."
msgstr ""
+"\n"
+"Regras de %s excluÃdas."
#: ../apparmor/tools.py:240
#, python-format
@@ -860,267 +1000,270 @@ msgid ""
"The local profile for %(program)s in file %(file)s was changed. Would you "
"like to save it?"
msgstr ""
+"O perfil local para %(program)s no arquivo %(file)s foi alterado. Você "
+"gostaria de salvá-lo?"
#: ../apparmor/tools.py:260
#, python-format
msgid "The profile for %s does not exists. Nothing to clean."
-msgstr ""
+msgstr "O perfil para %s não existe. Nada para limpar."
#: ../apparmor/ui.py:61
msgid "Invalid hotkey for"
-msgstr ""
+msgstr "Tecla de atalho inválida para"
#: ../apparmor/ui.py:77 ../apparmor/ui.py:121 ../apparmor/ui.py:275
msgid "(Y)es"
-msgstr ""
+msgstr "(S)im"
#: ../apparmor/ui.py:78 ../apparmor/ui.py:122 ../apparmor/ui.py:276
msgid "(N)o"
-msgstr ""
+msgstr "(N)ão"
#: ../apparmor/ui.py:123
msgid "(C)ancel"
-msgstr ""
+msgstr "(C)ancelar"
#: ../apparmor/ui.py:223
msgid "(A)llow"
-msgstr ""
+msgstr "(A)Permitido"
#: ../apparmor/ui.py:224
msgid "(M)ore"
-msgstr ""
+msgstr "(M)ais"
#: ../apparmor/ui.py:225
msgid "Audi(t)"
-msgstr ""
+msgstr "Audi(t)oria"
#: ../apparmor/ui.py:226
msgid "Audi(t) off"
-msgstr ""
+msgstr "Audi(t) desligado"
#: ../apparmor/ui.py:227
msgid "Audit (A)ll"
-msgstr ""
+msgstr "Auditório (A)ll"
#: ../apparmor/ui.py:229
msgid "(O)wner permissions on"
-msgstr ""
+msgstr "(O) proprietário permissões em"
#: ../apparmor/ui.py:230
msgid "(O)wner permissions off"
-msgstr ""
+msgstr "(O)permissões de proprietário desativadas"
#: ../apparmor/ui.py:231
msgid "(D)eny"
-msgstr ""
+msgstr "(D)Negar"
#: ../apparmor/ui.py:232
msgid "Abo(r)t"
-msgstr ""
+msgstr "Abo(r)tar"
#: ../apparmor/ui.py:233
msgid "(F)inish"
-msgstr ""
+msgstr "(F)inalizar"
#: ../apparmor/ui.py:234
msgid "(I)nherit"
-msgstr ""
+msgstr "(I)Herdar"
#: ../apparmor/ui.py:235
msgid "(P)rofile"
-msgstr ""
+msgstr "(P)erfil"
#: ../apparmor/ui.py:236
msgid "(P)rofile Clean Exec"
-msgstr ""
+msgstr "(P)Limpar perfil executado"
#: ../apparmor/ui.py:237
msgid "(C)hild"
-msgstr ""
+msgstr "(C)FIlho"
#: ../apparmor/ui.py:238
msgid "(C)hild Clean Exec"
-msgstr ""
+msgstr "(C)Limpar execução do filho"
#: ../apparmor/ui.py:239
msgid "(N)amed"
-msgstr ""
+msgstr "(N)Omeado"
#: ../apparmor/ui.py:240
msgid "(N)amed Clean Exec"
-msgstr ""
+msgstr "(N)Limpar perfil nomeado"
#: ../apparmor/ui.py:241
msgid "(U)nconfined"
-msgstr ""
+msgstr "(U)Não confirmado"
#: ../apparmor/ui.py:242
msgid "(U)nconfined Clean Exec"
-msgstr ""
+msgstr "Execução Limpa (U) não confinada"
#: ../apparmor/ui.py:243
msgid "(P)rofile Inherit"
-msgstr ""
+msgstr "(P)erfil Herdar"
#: ../apparmor/ui.py:244
msgid "(P)rofile Inherit Clean Exec"
-msgstr ""
+msgstr "(P)Limpar perfil de herança executado"
#: ../apparmor/ui.py:245
msgid "(C)hild Inherit"
-msgstr ""
+msgstr "(C) Herdar filho"
#: ../apparmor/ui.py:246
msgid "(C)hild Inherit Clean Exec"
-msgstr ""
+msgstr "(C)Limpar execução de conclusão de herança"
#: ../apparmor/ui.py:247
msgid "(N)amed Inherit"
-msgstr ""
+msgstr "(N)Omear herança"
#: ../apparmor/ui.py:248
msgid "(N)amed Inherit Clean Exec"
-msgstr ""
+msgstr "(N)Limpar nomeação de conclusão"
#: ../apparmor/ui.py:249
msgid "(X) ix On"
-msgstr ""
+msgstr "(X) ix Ligar"
#: ../apparmor/ui.py:250
msgid "(X) ix Off"
-msgstr ""
+msgstr "(X) ix Desligar"
#: ../apparmor/ui.py:251 ../apparmor/ui.py:265
msgid "(S)ave Changes"
-msgstr ""
+msgstr "(S)alver alterações"
#: ../apparmor/ui.py:252
msgid "(C)ontinue Profiling"
-msgstr ""
+msgstr "(C)ontinuar a criação de perfis"
#: ../apparmor/ui.py:253
msgid "(N)ew"
-msgstr ""
+msgstr "(N)ovo"
#: ../apparmor/ui.py:254
msgid "(G)lob"
-msgstr ""
+msgstr "(G)lobo"
#: ../apparmor/ui.py:255
msgid "Glob with (E)xtension"
-msgstr ""
+msgstr "Globo com (E)xtensão"
#: ../apparmor/ui.py:256
msgid "(A)dd Requested Hat"
-msgstr ""
+msgstr "(A)dicionar mais solicitado"
#: ../apparmor/ui.py:257
msgid "(U)se Default Hat"
-msgstr ""
+msgstr "(U)se Chapéu Padrão"
#: ../apparmor/ui.py:258
msgid "(S)can system log for AppArmor events"
-msgstr ""
+msgstr "(S)pode registrar o sistema para eventos do AppArmor"
#: ../apparmor/ui.py:259
msgid "(H)elp"
-msgstr ""
+msgstr "(H)Ajuda"
#: ../apparmor/ui.py:260
msgid "(V)iew Profile"
-msgstr ""
+msgstr "(V)er perfil"
#: ../apparmor/ui.py:261
msgid "(U)se Profile"
-msgstr ""
+msgstr "(U)se Perfil"
#: ../apparmor/ui.py:262
msgid "(C)reate New Profile"
-msgstr ""
+msgstr "(C)riar novo perfil"
#: ../apparmor/ui.py:263
msgid "(U)pdate Profile"
-msgstr ""
+msgstr "(U)atualizar perfil"
#: ../apparmor/ui.py:264
msgid "(I)gnore Update"
-msgstr ""
+msgstr "(I)gnorar atualização"
#: ../apparmor/ui.py:266
msgid "Save Selec(t)ed Profile"
-msgstr ""
+msgstr "Salvar Perfil Se(l)ecionado"
#: ../apparmor/ui.py:267
msgid "(U)pload Changes"
-msgstr ""
+msgstr "(U)carregar mudanças"
#: ../apparmor/ui.py:268
msgid "(V)iew Changes"
-msgstr ""
+msgstr "(V)er mudanças"
#: ../apparmor/ui.py:269
msgid "View Changes b/w (C)lean profiles"
-msgstr ""
+msgstr "Exibir alterações p/b (C) perfis enxutos"
#: ../apparmor/ui.py:270
msgid "(V)iew"
-msgstr ""
+msgstr "(V)er"
#: ../apparmor/ui.py:271
msgid "(E)nable Repository"
-msgstr ""
+msgstr "(E) Repositório habilitado"
#: ../apparmor/ui.py:272
msgid "(D)isable Repository"
-msgstr ""
+msgstr "(D) Repositório desabilitado"
#: ../apparmor/ui.py:273
msgid "(N)ever Ask Again"
-msgstr ""
+msgstr "(N)unca pergunte novamente"
#: ../apparmor/ui.py:274
msgid "Ask Me (L)ater"
-msgstr ""
+msgstr "Pergunte-me (L)ater"
#: ../apparmor/ui.py:277
msgid "Allow All (N)etwork"
-msgstr ""
+msgstr "Permitir toda (N)rede"
#: ../apparmor/ui.py:278
msgid "Allow Network Fa(m)ily"
-msgstr ""
+msgstr "Permitir Rede Fa(m)mente"
#: ../apparmor/ui.py:279
msgid "(O)verwrite Profile"
-msgstr ""
+msgstr "(O) substituir o perfil"
#: ../apparmor/ui.py:280
msgid "(K)eep Profile"
-msgstr ""
+msgstr "(K)eep Perfil"
#: ../apparmor/ui.py:281
msgid "(C)ontinue"
-msgstr ""
+msgstr "(C)ontinuar"
#: ../apparmor/ui.py:282
msgid "(I)gnore"
-msgstr ""
+msgstr "(I)gnorar"
#: ../apparmor/ui.py:344
#, python-format
msgid "PromptUser: Unknown command %s"
-msgstr ""
+msgstr "PromptUser: comando desconhecido %s"
#: ../apparmor/ui.py:351
#, python-format
msgid "PromptUser: Duplicate hotkey for %(command)s: %(menutext)s "
msgstr ""
+"PromptUser: Tecla de atalho duplicada para %(command)s: %(menutext)s "
#: ../apparmor/ui.py:363
msgid "PromptUser: Invalid hotkey in default item"
-msgstr ""
+msgstr "PromptUser: tecla de atalho inválida no item padrão"
#: ../apparmor/ui.py:368
#, python-format
msgid "PromptUser: Invalid default %s"
-msgstr ""
+msgstr "PromptUser: padrão inválido %s"
diff --git a/utils/po/ro.po b/utils/po/ro.po
new file mode 100644
index 0000000000000000000000000000000000000000..046e50d272fc16bf3d600960666089f6376282ea
--- /dev/null
+++ b/utils/po/ro.po
@@ -0,0 +1,1267 @@
+# Romanian translation for apparmor
+# Copyright (c) 2020 Rosetta Contributors and Canonical Ltd 2020
+# This file is distributed under the same license as the apparmor package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2020.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: apparmor\n"
+"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
+"POT-Creation-Date: 2014-09-14 19:29+0530\n"
+"PO-Revision-Date: 2020-04-19 16:01+0000\n"
+"Last-Translator: Daniel Slavu <Unknown>\n"
+"Language-Team: Romanian <ro@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2020-04-20 06:09+0000\n"
+"X-Generator: Launchpad (build 2e26c9bbd21cdca248baaea29aeffb920afcc32a)\n"
+
+#: ../aa-genprof:56
+msgid "Generate profile for the given program"
+msgstr "Generați profilul pentru programul dat"
+
+#: ../aa-genprof:57 ../aa-logprof:25 ../aa-cleanprof:24 ../aa-mergeprof:34
+#: ../aa-autodep:25 ../aa-audit:25 ../aa-complain:24 ../aa-enforce:24
+#: ../aa-disable:24
+msgid "path to profiles"
+msgstr "calea către profiluri"
+
+#: ../aa-genprof:58 ../aa-logprof:26
+msgid "path to logfile"
+msgstr "calea către fișierul de înregistrare"
+
+#: ../aa-genprof:59
+msgid "name of program to profile"
+msgstr "numele programului la profil"
+
+#: ../aa-genprof:69 ../aa-logprof:37
+#, python-format
+msgid "The logfile %s does not exist. Please check the path"
+msgstr "Fișierul de înregistrare %s nu există. Vă rugăm să verificați calea"
+
+#: ../aa-genprof:75 ../aa-logprof:43 ../aa-unconfined:36
+msgid ""
+"It seems AppArmor was not started. Please enable AppArmor and try again."
+msgstr ""
+"Se pare că AppArmor nu a fost pornit. Vă rugăm să activați AppArmor și "
+"încercați din nou."
+
+#: ../aa-genprof:80 ../aa-mergeprof:47
+#, python-format
+msgid "%s is not a directory."
+msgstr "%s nu este un director."
+
+#: ../aa-genprof:94
+#, python-format
+msgid ""
+"Can't find %(profiling)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(profiling)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+"Nu pot găsi %(profiling)s în lista căilor de sistem. Dacă numele aplicației\n"
+"este corect, vă rugăm să rulați 'cu care %(profiling)s' ca utilizator cu "
+"CALE corectă\n"
+"a mediului creat, pentru a găsi calea complet calificată și\n"
+"utiliza calea completă ca parametru."
+
+#: ../aa-genprof:96
+#, python-format
+msgid "%s does not exists, please double-check the path."
+msgstr "%s nu există, vă rugăm verificați de două ori calea."
+
+#: ../aa-genprof:124
+msgid ""
+"\n"
+"Before you begin, you may wish to check if a\n"
+"profile already exists for the application you\n"
+"wish to confine. See the following wiki page for\n"
+"more information:"
+msgstr ""
+"\n"
+"Înainte de a începe, poate vreți să verificați dacă\n"
+"profilul există deja pentru aplicația pe care o aveți,\n"
+"doriți să se limiteze. Consultați următoarea pagină wiki pentru\n"
+"mai multe informatii:"
+
+#: ../aa-genprof:126
+msgid ""
+"Please start the application to be profiled in\n"
+"another window and exercise its functionality now.\n"
+"\n"
+"Once completed, select the \"Scan\" option below in \n"
+"order to scan the system logs for AppArmor events. \n"
+"\n"
+"For each AppArmor event, you will be given the \n"
+"opportunity to choose whether the access should be \n"
+"allowed or denied."
+msgstr ""
+"Vă rugăm să porniți aplicația, pentru a fi creată\n"
+"o altă fereastră și unde acum vă exercitați funcționalitatea.\n"
+"\n"
+"Odată finalizată, selectați opțiunea de mai jos „Scanare†\n"
+"pentru a scana jurnalele sistemului și evenimentele AppArmor. \n"
+"\n"
+"Pentru fiecare eveniment AppArmor, vi se va da \n"
+"ocazia de a alege dacă accesul ar trebui să fie \n"
+"permis sau refuzat."
+
+#: ../aa-genprof:147
+msgid "Profiling"
+msgstr "Stabilirea profilului"
+
+#: ../aa-genprof:165
+msgid ""
+"\n"
+"Reloaded AppArmor profiles in enforce mode."
+msgstr ""
+"\n"
+"Profilele AppArmor reîncărcate în modul de aplicare."
+
+#: ../aa-genprof:166
+msgid ""
+"\n"
+"Please consider contributing your new profile!\n"
+"See the following wiki page for more information:"
+msgstr ""
+"\n"
+"Vă rugăm să luați în considerare contribuția noului dvs. profil!\n"
+"Vedeți următoarea pagină wiki pentru mai multe informații:"
+
+#: ../aa-genprof:167
+#, python-format
+msgid "Finished generating profile for %s."
+msgstr "Generarea profilului finalizat pentru %s."
+
+#: ../aa-logprof:24
+msgid "Process log entries to generate profiles"
+msgstr "Procesați intrările de jurnal pentru a genera profiluri"
+
+#: ../aa-logprof:27
+msgid "mark in the log to start processing after"
+msgstr "după ce marcați în jurnal va începe procesarea"
+
+#: ../aa-cleanprof:23
+msgid "Cleanup the profiles for the given programs"
+msgstr "Curățarea profilurilor pentru programele date"
+
+#: ../aa-cleanprof:25 ../aa-autodep:26 ../aa-audit:27 ../aa-complain:25
+#: ../aa-enforce:25 ../aa-disable:25
+msgid "name of program"
+msgstr "numele programului"
+
+#: ../aa-cleanprof:26
+msgid "Silently overwrite with a clean profile"
+msgstr "Suprascrieți în tăcere cu un profil curat"
+
+#: ../aa-mergeprof:29
+msgid "Perform a 2-way or 3-way merge on the given profiles"
+msgstr "Efectuați o îmbinare cu 2 sau 3 căi pe profilurile date"
+
+#: ../aa-mergeprof:31
+msgid "your profile"
+msgstr "profilul tău"
+
+#: ../aa-mergeprof:32
+msgid "base profile"
+msgstr "profil de bază"
+
+#: ../aa-mergeprof:33
+msgid "other profile"
+msgstr "alt profil"
+
+#: ../aa-mergeprof:67 ../apparmor/aa.py:2345
+msgid ""
+"The following local profiles were changed. Would you like to save them?"
+msgstr ""
+"Au fost modificate următoarele profiluri locale. Ați dori să le salvați?"
+
+#: ../aa-mergeprof:148 ../aa-mergeprof:430 ../apparmor/aa.py:1767
+msgid "Path"
+msgstr "Cale"
+
+#: ../aa-mergeprof:149
+msgid "Select the appropriate mode"
+msgstr "Selectați modul corespunzător"
+
+#: ../aa-mergeprof:166
+msgid "Unknown selection"
+msgstr "Selecție necunoscută"
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "File includes"
+msgstr "Fișierul include"
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "Select the ones you wish to add"
+msgstr "Selectați cele pe care doriți să le adăugați"
+
+#: ../aa-mergeprof:195 ../aa-mergeprof:222
+#, python-format
+msgid "Adding %s to the file."
+msgstr "Adăugarea %s la fișier."
+
+#: ../aa-mergeprof:199 ../apparmor/aa.py:2258
+msgid "unknown"
+msgstr "necunoscut"
+
+#: ../aa-mergeprof:224 ../aa-mergeprof:275 ../aa-mergeprof:516
+#: ../aa-mergeprof:558 ../aa-mergeprof:675 ../apparmor/aa.py:1620
+#: ../apparmor/aa.py:1859 ../apparmor/aa.py:1899 ../apparmor/aa.py:2012
+#, python-format
+msgid "Deleted %s previous matching profile entries."
+msgstr "Înregistrările profilului de potrivire anterioare %s șterse."
+
+#: ../aa-mergeprof:244 ../aa-mergeprof:429 ../aa-mergeprof:629
+#: ../aa-mergeprof:656 ../apparmor/aa.py:992 ../apparmor/aa.py:1252
+#: ../apparmor/aa.py:1562 ../apparmor/aa.py:1603 ../apparmor/aa.py:1766
+#: ../apparmor/aa.py:1958 ../apparmor/aa.py:1994
+msgid "Profile"
+msgstr "Profil"
+
+#: ../aa-mergeprof:245 ../apparmor/aa.py:1563 ../apparmor/aa.py:1604
+msgid "Capability"
+msgstr "Capacitate"
+
+#: ../aa-mergeprof:246 ../aa-mergeprof:480 ../apparmor/aa.py:1258
+#: ../apparmor/aa.py:1564 ../apparmor/aa.py:1605 ../apparmor/aa.py:1817
+msgid "Severity"
+msgstr "Severitate"
+
+#: ../aa-mergeprof:273 ../aa-mergeprof:514 ../apparmor/aa.py:1618
+#: ../apparmor/aa.py:1857
+#, python-format
+msgid "Adding %s to profile."
+msgstr "Adăugarea %s la profil."
+
+#: ../aa-mergeprof:282 ../apparmor/aa.py:1627
+#, python-format
+msgid "Adding capability %s to profile."
+msgstr "Adăugarea capacității %s la profil."
+
+#: ../aa-mergeprof:289 ../apparmor/aa.py:1634
+#, python-format
+msgid "Denying capability %s to profile."
+msgstr "Negarea capacității %s la profil."
+
+#: ../aa-mergeprof:439 ../aa-mergeprof:470 ../apparmor/aa.py:1776
+#: ../apparmor/aa.py:1807
+msgid "(owner permissions off)"
+msgstr "(permisiunile proprietarului oprite)"
+
+#: ../aa-mergeprof:444 ../apparmor/aa.py:1781
+msgid "(force new perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:447 ../apparmor/aa.py:1784
+msgid "(force all rule perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:459 ../apparmor/aa.py:1796
+msgid "Old Mode"
+msgstr "Mod Vechi"
+
+#: ../aa-mergeprof:460 ../apparmor/aa.py:1797
+msgid "New Mode"
+msgstr "Mod nou"
+
+#: ../aa-mergeprof:475 ../apparmor/aa.py:1812
+msgid "(force perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:478 ../apparmor/aa.py:1815
+msgid "Mode"
+msgstr "Mod"
+
+#: ../aa-mergeprof:556
+#, python-format
+msgid "Adding %(path)s %(mod)s to profile"
+msgstr "Adăugarea %(path)s %(mod)s la profil"
+
+#: ../aa-mergeprof:574 ../apparmor/aa.py:1915
+msgid "Enter new path: "
+msgstr "Introduceți o cale nouă: "
+
+#: ../aa-mergeprof:630 ../aa-mergeprof:657 ../apparmor/aa.py:1959
+#: ../apparmor/aa.py:1995
+msgid "Network Family"
+msgstr "Familia Network"
+
+#: ../aa-mergeprof:631 ../aa-mergeprof:658 ../apparmor/aa.py:1960
+#: ../apparmor/aa.py:1996
+msgid "Socket Type"
+msgstr "Tip soclu"
+
+#: ../aa-mergeprof:673 ../apparmor/aa.py:2010
+#, python-format
+msgid "Adding %s to profile"
+msgstr "Adăugarea %s la profil"
+
+#: ../aa-mergeprof:683 ../apparmor/aa.py:2020
+#, python-format
+msgid "Adding network access %(family)s %(type)s to profile."
+msgstr "Adăugarea accesului la rețea %(family)s %(type)s la profil."
+
+#: ../aa-mergeprof:689 ../apparmor/aa.py:2026
+#, python-format
+msgid "Denying network access %(family)s %(type)s to profile"
+msgstr "Refuzarea accesului la rețea %(family)s %(type)s la profil"
+
+#: ../aa-autodep:23
+msgid "Generate a basic AppArmor profile by guessing requirements"
+msgstr "Generați un profil AppArmor de bază ghicind cerințele"
+
+#: ../aa-autodep:24
+msgid "overwrite existing profile"
+msgstr "suprascrie profilul existent"
+
+#: ../aa-audit:24
+msgid "Switch the given programs to audit mode"
+msgstr "Comutați programele date în modul de audit"
+
+#: ../aa-audit:26
+msgid "remove audit mode"
+msgstr "eliminați modul audit"
+
+#: ../aa-audit:28
+msgid "Show full trace"
+msgstr "Afișează urmă completă"
+
+#: ../aa-complain:23
+msgid "Switch the given program to complain mode"
+msgstr "Comutați programul dat în modul de reclamație"
+
+#: ../aa-enforce:23
+msgid "Switch the given program to enforce mode"
+msgstr "Comutați programul dat în modul de aplicare"
+
+#: ../aa-disable:23
+msgid "Disable the profile for the given programs"
+msgstr "Dezactivați profilul pentru programele date"
+
+#: ../aa-unconfined:28
+msgid "Lists unconfined processes having tcp or udp ports"
+msgstr "Listează procesele neconfigurate cu porturi tcp sau udp"
+
+#: ../aa-unconfined:29
+msgid "scan all processes from /proc"
+msgstr "scanează toate procesele din /proc"
+
+#: ../aa-unconfined:81
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) not confined"
+msgstr "%(pid)s %(program)s (%(commandline)s) nu sunt limitate"
+
+#: ../aa-unconfined:85
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s not confined"
+msgstr "%(pid)s %(program)s%(pname)s nu este limitat"
+
+#: ../aa-unconfined:90
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) confined by '%(attribute)s'"
+msgstr "%(pid)s %(program)s (%(commandline)s) limitat de '%(attribute)s'"
+
+#: ../aa-unconfined:94
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s confined by '%(attribute)s'"
+msgstr "%(pid)s %(program)s%(pname)s limitat de '%(attribute)s'"
+
+#: ../apparmor/aa.py:196
+#, python-format
+msgid "Followed too many links while resolving %s"
+msgstr "A urmat prea multe legături în timp ce rezolvați %s"
+
+#: ../apparmor/aa.py:252 ../apparmor/aa.py:259
+#, python-format
+msgid "Can't find %s"
+msgstr "Nu pot găsi %s"
+
+#: ../apparmor/aa.py:264 ../apparmor/aa.py:548
+#, python-format
+msgid "Setting %s to complain mode."
+msgstr "Setarea %s în modul de reclamație."
+
+#: ../apparmor/aa.py:271
+#, python-format
+msgid "Setting %s to enforce mode."
+msgstr "Setarea %s la modul de aplicare."
+
+#: ../apparmor/aa.py:286
+#, python-format
+msgid "Unable to find basename for %s."
+msgstr "Imposibil de găsit numele de bază pentru %s."
+
+#: ../apparmor/aa.py:301
+#, python-format
+msgid "Could not create %(link)s symlink to %(filename)s."
+msgstr "Nu s-a putut crea %(link)s simbolistică la %(filename)s."
+
+#: ../apparmor/aa.py:314
+#, python-format
+msgid "Unable to read first line from %s: File Not Found"
+msgstr "Imposibil de citit prima linie din %s: Fișierul nu a fost găsit"
+
+#: ../apparmor/aa.py:328
+#, python-format
+msgid ""
+"Unable to fork: %(program)s\n"
+"\t%(error)s"
+msgstr ""
+"Imposibil de bifurcat: %(program)s\n"
+"\t%(error)s"
+
+#: ../apparmor/aa.py:449 ../apparmor/ui.py:303
+msgid ""
+"Are you sure you want to abandon this set of profile changes and exit?"
+msgstr ""
+"Sigur doriți să abandonați acest set de modificări de profil și să ieșiți?"
+
+#: ../apparmor/aa.py:451 ../apparmor/ui.py:305
+msgid "Abandoning all changes."
+msgstr "Abandonarea tuturor modificărilor."
+
+#: ../apparmor/aa.py:464
+msgid "Connecting to repository..."
+msgstr "Conectarea la depozit ..."
+
+#: ../apparmor/aa.py:470
+msgid "WARNING: Error fetching profiles from the repository"
+msgstr "AVERTIZARE: Eroare la preluarea profilurilor din depozit"
+
+#: ../apparmor/aa.py:550
+#, python-format
+msgid "Error activating profiles: %s"
+msgstr "Eroare la activarea profilurilor: %s"
+
+#: ../apparmor/aa.py:605
+#, python-format
+msgid "%s contains no profile"
+msgstr "%s nu conține niciun profil"
+
+#: ../apparmor/aa.py:706
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository:\n"
+"%s\n"
+msgstr ""
+"AVERTIZARE: Eroare la sincronizarea profilurilor cu depozitul:\n"
+"%s\n"
+
+#: ../apparmor/aa.py:744
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository\n"
+"%s"
+msgstr ""
+"AVERTIZARE: Eroare la sincronizarea profilurilor cu depozitul\n"
+"%s"
+
+#: ../apparmor/aa.py:832 ../apparmor/aa.py:883
+#, python-format
+msgid ""
+"WARNING: An error occurred while uploading the profile %(profile)s\n"
+"%(ret)s"
+msgstr ""
+"AVERTIZARE: A apărut o eroare la încărcarea profilului %(profile)s\n"
+"%(ret)s"
+
+#: ../apparmor/aa.py:833
+msgid "Uploaded changes to repository."
+msgstr "Modificări încărcate în depozit."
+
+#: ../apparmor/aa.py:865
+msgid "Changelog Entry: "
+msgstr "Intrare Changelog: "
+
+#: ../apparmor/aa.py:885
+msgid ""
+"Repository Error\n"
+"Registration or Signin was unsuccessful. User login\n"
+"information is required to upload profiles to the repository.\n"
+"These changes could not be sent."
+msgstr ""
+"Eroare a depozitului\n"
+"Înregistrarea sau conectarea nu au reușit. Logare utilizator\n"
+"informații sunt necesare pentru a încărca profiluri în depozit.\n"
+"Aceste modificări nu au putut fi trimise."
+
+#: ../apparmor/aa.py:995
+msgid "Default Hat"
+msgstr "Pălăria implicită"
+
+#: ../apparmor/aa.py:997
+msgid "Requested Hat"
+msgstr "Pălăria cerută"
+
+#: ../apparmor/aa.py:1218
+#, python-format
+msgid "%s has transition name but not transition mode"
+msgstr "%s are nume de tranziție, dar nu mod de tranziție"
+
+#: ../apparmor/aa.py:1232
+#, python-format
+msgid "Target profile exists: %s\n"
+msgstr "Există un profil țintă: %s\n"
+
+#: ../apparmor/aa.py:1254
+msgid "Program"
+msgstr "Program"
+
+#: ../apparmor/aa.py:1257
+msgid "Execute"
+msgstr "Execută"
+
+#: ../apparmor/aa.py:1287
+msgid "Are you specifying a transition to a local profile?"
+msgstr "Precizați o tranziție la un profil local?"
+
+#: ../apparmor/aa.py:1299
+msgid "Enter profile name to transition to: "
+msgstr "Introduceți numele profilului pentru a trece la: "
+
+#: ../apparmor/aa.py:1308
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but some applications depend on the presence\n"
+"of LD_PRELOAD or LD_LIBRARY_PATH."
+msgstr ""
+"Dacă AppArmor igienizează mediul atunci când se face\n"
+"schimbarea profilurilor?\n"
+"\n"
+"Mediul de igienizare este mai sigur,\n"
+"dar unele aplicații depind de prezența\n"
+"din LD_PRELOAD sau LD_LIBRARY_PATH."
+
+#: ../apparmor/aa.py:1310
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but this application appears to be using LD_PRELOAD\n"
+"or LD_LIBRARY_PATH and sanitising the environment\n"
+"could cause functionality problems."
+msgstr ""
+"Dacă AppArmor igienizează mediul atunci când se face\n"
+"schimbarea profilurilor?\n"
+"\n"
+"Mediul de igienizare este mai sigur,\n"
+"dar această aplicație pare să folosească LD_PRELOAD\n"
+"sau LD_LIBRARY_PATH și igienizarea mediului\n"
+"ar putea cauza probleme de funcționalitate."
+
+#: ../apparmor/aa.py:1318
+#, python-format
+msgid ""
+"Launching processes in an unconfined state is a very\n"
+"dangerous operation and can cause serious security holes.\n"
+"\n"
+"Are you absolutely certain you wish to remove all\n"
+"AppArmor protection when executing %s ?"
+msgstr ""
+"Lansarea proceselor într-o stare neconfigurată este foarte\n"
+"periculoasă și poate provoca gauri grave de securitate.\n"
+"\n"
+"Sunteți absolut sigur că doriți să eliminați toate\n"
+"Protecție AppArmor la executare %s ?"
+
+#: ../apparmor/aa.py:1320
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"running this program unconfined?\n"
+"\n"
+"Not sanitising the environment when unconfining\n"
+"a program opens up significant security holes\n"
+"and should be avoided if at all possible."
+msgstr ""
+"Sigur AppArmor igienizează mediul atunci când\n"
+"rularea acestui program este neconfigurat?\n"
+"\n"
+"Nu igienizați mediul înconjurător\n"
+"când un program deschide gauri semnificative de securitate\n"
+"și ar trebui evitate dacă este posibil."
+
+#: ../apparmor/aa.py:1396 ../apparmor/aa.py:1414
+#, python-format
+msgid ""
+"A profile for %s does not exist.\n"
+"Do you want to create one?"
+msgstr ""
+"Un profil pentru %s nu exista.\n"
+"Vrei să creezi una?"
+
+#: ../apparmor/aa.py:1523
+msgid "Complain-mode changes:"
+msgstr "Modificări în modul de sesizare:"
+
+#: ../apparmor/aa.py:1525
+msgid "Enforce-mode changes:"
+msgstr "Modificări în modul de aplicare:"
+
+#: ../apparmor/aa.py:1528
+#, python-format
+msgid "Invalid mode found: %s"
+msgstr "Modul nevalid este găsit: %s"
+
+#: ../apparmor/aa.py:1897
+#, python-format
+msgid "Adding %(path)s %(mode)s to profile"
+msgstr "Adăugarea %(path)s %(mode)s la profil"
+
+#: ../apparmor/aa.py:1918
+#, python-format
+msgid ""
+"The specified path does not match this log entry:\n"
+"\n"
+" Log Entry: %(path)s\n"
+" Entered Path: %(ans)s\n"
+"Do you really want to use this path?"
+msgstr ""
+"Calea specificată nu se potrivește cu această intrare de jurnal:\n"
+"\n"
+" Intrare jurnal: %(path)s\n"
+" Calea introdusă: %(ans)s\n"
+"Chiar vrei să folosești această cale?"
+
+#: ../apparmor/aa.py:2251
+#, python-format
+msgid "Reading log entries from %s."
+msgstr "Citirea înregistrărilor din jurnal %s."
+
+#: ../apparmor/aa.py:2254
+#, python-format
+msgid "Updating AppArmor profiles in %s."
+msgstr "Actualizarea profilurilor AppArmor în %s."
+
+#: ../apparmor/aa.py:2323
+msgid ""
+"Select which profile changes you would like to save to the\n"
+"local profile set."
+msgstr ""
+"Selectați ce modificări de profil doriți să salvați în\n"
+"set de profil local"
+
+#: ../apparmor/aa.py:2324
+msgid "Local profile changes"
+msgstr "Profilurile locale se schimbă"
+
+#: ../apparmor/aa.py:2418
+msgid "Profile Changes"
+msgstr "Schimbări de profil"
+
+#: ../apparmor/aa.py:2428
+#, python-format
+msgid "Can't find existing profile %s to compare changes."
+msgstr "Nu puteți găsi profilul existent %s pentru a compara modificările."
+
+#: ../apparmor/aa.py:2566 ../apparmor/aa.py:2581
+#, python-format
+msgid "Can't read AppArmor profiles in %s"
+msgstr "Nu pot citi profilurile AppArmor în %s"
+
+#: ../apparmor/aa.py:2677
+#, python-format
+msgid ""
+"%(profile)s profile in %(file)s contains syntax errors in line: %(line)s."
+msgstr ""
+"%(profile)s profil în %(file)s conține erori de sintaxă în linie: %(line)s."
+
+#: ../apparmor/aa.py:2734
+#, python-format
+msgid ""
+"Syntax Error: Unexpected End of Profile reached in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+"Eroare sintaxă: Sfârșitul neașteptat al profilului găsit în fișier: %(file)s "
+"linia: %(line)s"
+
+#: ../apparmor/aa.py:2749
+#, python-format
+msgid ""
+"Syntax Error: Unexpected capability entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+"Eroare sintaxă: Intrarea neașteptată a capabilității găsită în fișier: "
+"%(file)s linia: %(line)s"
+
+#: ../apparmor/aa.py:2770
+#, python-format
+msgid ""
+"Syntax Error: Unexpected link entry found in file: %(file)s line: %(line)s"
+msgstr ""
+"Eroare sintaxă: Intrarea neașteptată a legăturii găsită în fișier: %(file)s "
+"linia: %(line)s"
+
+#: ../apparmor/aa.py:2798
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change profile entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+"Eroare sintaxă: intrarea neașteptată a modificării profilului găsită în "
+"fișier: %(file)s linia: %(line)s"
+
+#: ../apparmor/aa.py:2820
+#, python-format
+msgid ""
+"Syntax Error: Unexpected rlimit entry found in file: %(file)s line: %(line)s"
+msgstr ""
+"Eroare sintaxă: intrare neașteptată rlimit găsită în fișier: %(file)s linia: "
+"%(line)s"
+
+#: ../apparmor/aa.py:2831
+#, python-format
+msgid ""
+"Syntax Error: Unexpected boolean definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+"Eroare sintaxă: Definiție neașteptată booleană găsită în fișier: %(file)s "
+"linia: %(line)s"
+
+#: ../apparmor/aa.py:2871
+#, python-format
+msgid ""
+"Syntax Error: Unexpected bare file rule found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+"Eroare sintaxă: Regula de fișier gol neașteptată găsită în fișier: %(file)s "
+"linia: %(line)s"
+
+#: ../apparmor/aa.py:2894
+#, python-format
+msgid ""
+"Syntax Error: Unexpected path entry found in file: %(file)s line: %(line)s"
+msgstr ""
+"Eroare sintaxă : Intrare neașteptată a căii găsită în fișier: %(file)s "
+"linia: %(line)s"
+
+#: ../apparmor/aa.py:2922
+#, python-format
+msgid "Syntax Error: Invalid Regex %(path)s in file: %(file)s line: %(line)s"
+msgstr ""
+"Eroare sintaxă: Regex nevalid %(path)s în fișier: %(file)s linia: %(line)s"
+
+#: ../apparmor/aa.py:2925
+#, python-format
+msgid "Invalid mode %(mode)s in file: %(file)s line: %(line)s"
+msgstr "Mod nevalid %(mode)s în fișier: %(file)s linia: %(line)s"
+
+#: ../apparmor/aa.py:2977
+#, python-format
+msgid ""
+"Syntax Error: Unexpected network entry found in file: %(file)s line: %(line)s"
+msgstr ""
+"Eroare sintaxă: Intrarea neașteptată a rețelei găsită în fișier: %(file)s "
+"linia: %(line)s"
+
+#: ../apparmor/aa.py:3007
+#, python-format
+msgid ""
+"Syntax Error: Unexpected dbus entry found in file: %(file)s line: %(line)s"
+msgstr ""
+"Eroare sintaxă: Intrare neașteptată dbus găsită în fișier: %(file)s linia: "
+"%(line)s"
+
+#: ../apparmor/aa.py:3030
+#, python-format
+msgid ""
+"Syntax Error: Unexpected mount entry found in file: %(file)s line: %(line)s"
+msgstr ""
+"Eroare sintaxă: Intrare neașteptată de montaj găsită în fișier: %(file)s "
+"linia: %(line)s"
+
+#: ../apparmor/aa.py:3052
+#, python-format
+msgid ""
+"Syntax Error: Unexpected signal entry found in file: %(file)s line: %(line)s"
+msgstr ""
+"Eroare sintaxă: Intrarea neașteptată a semnalului găsită în fișier: %(file)s "
+"linia: %(line)s"
+
+#: ../apparmor/aa.py:3074
+#, python-format
+msgid ""
+"Syntax Error: Unexpected ptrace entry found in file: %(file)s line: %(line)s"
+msgstr ""
+"Eroare sintaxă: Intrare neașteptată ptrace găsită în fișier: %(file)s linia: "
+"%(line)s"
+
+#: ../apparmor/aa.py:3096
+#, python-format
+msgid ""
+"Syntax Error: Unexpected pivot_root entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+"Eroare sintaxă: Intrare neașteptată pivot_root găsită în fișier: %(file)s "
+"linia: %(line)s"
+
+#: ../apparmor/aa.py:3118
+#, python-format
+msgid ""
+"Syntax Error: Unexpected unix entry found in file: %(file)s line: %(line)s"
+msgstr ""
+"Eroare sintaxă: Intrare neașteptată unix găsită în fișier: %(file)s linia: "
+"%(line)s"
+
+#: ../apparmor/aa.py:3140
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change hat declaration found in file: %(file)s "
+"line: %(line)s"
+msgstr ""
+"Eroare de sintaxă: Declarație neașteptată de schimbare pălărie găsită în "
+"fișier: %(file)s linia: %(line)s"
+
+#: ../apparmor/aa.py:3152
+#, python-format
+msgid ""
+"Syntax Error: Unexpected hat definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+"Eroare de sintaxă: Definiția neașteptată a pălăriei găsită în fișier: "
+"%(file)s linia: %(line)s"
+
+#: ../apparmor/aa.py:3168
+#, python-format
+msgid "Error: Multiple definitions for hat %(hat)s in profile %(profile)s."
+msgstr ""
+"Eroare: Definiții multiple pentru pălărie %(hat)s în profil %(profile)s."
+
+#: ../apparmor/aa.py:3185
+#, python-format
+msgid "Warning: invalid \"REPOSITORY:\" line in %s, ignoring."
+msgstr "Avertisment: linie nevalidă în \"REPOSITORY:\" ignorând, %s."
+
+#: ../apparmor/aa.py:3198
+#, python-format
+msgid "Syntax Error: Unknown line found in file: %(file)s line: %(line)s"
+msgstr ""
+"Eroare de sintaxă: Linie necunoscută găsită în fișier: %(file)s lina: "
+"%(line)s"
+
+#: ../apparmor/aa.py:3211
+#, python-format
+msgid ""
+"Syntax Error: Missing '}' or ','. Reached end of file %(file)s while inside "
+"profile %(profile)s"
+msgstr ""
+"Eroare de sintaxă: Lipsește '}' sau ','. Capătul fișierului a fost atins "
+"%(file)s în interiorul profilului %(profile)s"
+
+#: ../apparmor/aa.py:3277
+#, python-format
+msgid "Redefining existing variable %(variable)s: %(value)s in %(file)s"
+msgstr "Redefinirea variabilei existente %(variable)s: %(value)s in %(file)s"
+
+#: ../apparmor/aa.py:3282
+#, python-format
+msgid ""
+"Values added to a non-existing variable %(variable)s: %(value)s in %(file)s"
+msgstr ""
+"Valori adăugate unei variabile inexistente %(variable)s: %(value)s in "
+"%(file)s"
+
+#: ../apparmor/aa.py:3284
+#, python-format
+msgid ""
+"Unknown variable operation %(operation)s for variable %(variable)s in "
+"%(file)s"
+msgstr ""
+"Operație variabilă necunoscută %(operation)s pentru variabilă %(variable)s "
+"în %(file)s"
+
+#: ../apparmor/aa.py:3343
+#, python-format
+msgid "Invalid allow string: %(allow)s"
+msgstr "Șir de permis nevalid: %(allow)s"
+
+#: ../apparmor/aa.py:3778
+msgid "Can't find existing profile to modify"
+msgstr "Nu pote fi găsit profilul existent pentru modificare"
+
+#: ../apparmor/aa.py:4347
+#, python-format
+msgid "Writing updated profile for %s."
+msgstr "Scrierea unui profil actualizat pentru %s."
+
+#: ../apparmor/aa.py:4481
+#, python-format
+msgid "File Not Found: %s"
+msgstr "Fișierul nu a fost găsit: %s"
+
+#: ../apparmor/aa.py:4591
+#, python-format
+msgid ""
+"%s is currently marked as a program that should not have its own\n"
+"profile. Usually, programs are marked this way if creating a profile for \n"
+"them is likely to break the rest of the system. If you know what you're\n"
+"doing and are certain you want to create a profile for this program, edit\n"
+"the corresponding entry in the [qualifiers] section in "
+"/etc/apparmor/logprof.conf."
+msgstr ""
+"%s este în prezent marcat ca un program care nu ar trebui să aibă propriul "
+"său\n"
+"profil. De obicei, programele sunt marcate în acest fel, dacă se creează un "
+"profil pentru \n"
+"programe, este probabil să rupă restul sistemului. Dacă știți ce\n"
+"faceți și sunteți sigur că doriți să creați un profil pentru acest program, "
+"editați\n"
+"intrarea corespunzătoare în secțiunea din [qualifiers] "
+"/etc/apparmor/logprof.conf."
+
+#: ../apparmor/logparser.py:127 ../apparmor/logparser.py:132
+#, python-format
+msgid "Log contains unknown mode %s"
+msgstr "Jurnalul conține modul necunoscut %s"
+
+#: ../apparmor/tools.py:84 ../apparmor/tools.py:126
+#, python-format
+msgid ""
+"Can't find %(program)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(program)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+"Nu pot găsi %(program)s în lista căilor de sistem. Dacă numele aplicației\n"
+"este corect, vă rugăm să rulați 'which %(program)s' ca utilizator cu PATH "
+"corect\n"
+"și mediu creat, pentru a găsi calea complet calificată,\n"
+"utilizați calea completă ca parametru."
+
+#: ../apparmor/tools.py:86 ../apparmor/tools.py:102 ../apparmor/tools.py:128
+#, python-format
+msgid "%s does not exist, please double-check the path."
+msgstr "%s nu există, vă rugăm să verificați de două ori calea."
+
+#: ../apparmor/tools.py:100
+msgid ""
+"The given program cannot be found, please try with the fully qualified path "
+"name of the program: "
+msgstr ""
+"Programul dat nu poate fi găsit, vă rugăm să încercați cu numele calificat "
+"complet al programului: "
+
+#: ../apparmor/tools.py:113 ../apparmor/tools.py:137 ../apparmor/tools.py:157
+#: ../apparmor/tools.py:175 ../apparmor/tools.py:193
+#, python-format
+msgid "Profile for %s not found, skipping"
+msgstr "Profil pentru %s nu a fost găsit, săriți"
+
+#: ../apparmor/tools.py:140
+#, python-format
+msgid "Disabling %s."
+msgstr "Dezactivarea %s.Setarea"
+
+#: ../apparmor/tools.py:198
+#, python-format
+msgid "Setting %s to audit mode."
+msgstr "Setarea %s la modul de audit."
+
+#: ../apparmor/tools.py:200
+#, python-format
+msgid "Removing audit mode from %s."
+msgstr "Eliminarea modului de audit din %s."
+
+#: ../apparmor/tools.py:212
+#, python-format
+msgid ""
+"Please pass an application to generate a profile for, not a profile itself - "
+"skipping %s."
+msgstr ""
+"Vă rugăm să treceți de aplicație pentru a genera un profil, nu un profil în "
+"sine - săriți peste %s."
+
+#: ../apparmor/tools.py:220
+#, python-format
+msgid "Profile for %s already exists - skipping."
+msgstr "Profil pentru %s există deja - săriți peste."
+
+#: ../apparmor/tools.py:232
+#, python-format
+msgid ""
+"\n"
+"Deleted %s rules."
+msgstr ""
+"\n"
+"Reguli șterse %s."
+
+#: ../apparmor/tools.py:240
+#, python-format
+msgid ""
+"The local profile for %(program)s in file %(file)s was changed. Would you "
+"like to save it?"
+msgstr ""
+"Profilul local pentru %(program)s fișier %(file)s a fost modificat. Ați dori "
+"să îl salvați?"
+
+#: ../apparmor/tools.py:260
+#, python-format
+msgid "The profile for %s does not exists. Nothing to clean."
+msgstr "Profilul pentru %s nu există. Nimic de curățat."
+
+#: ../apparmor/ui.py:61
+msgid "Invalid hotkey for"
+msgstr "Cheie rapidă nevalidă pentru"
+
+#: ../apparmor/ui.py:77 ../apparmor/ui.py:121 ../apparmor/ui.py:275
+msgid "(Y)es"
+msgstr "(D)a"
+
+#: ../apparmor/ui.py:78 ../apparmor/ui.py:122 ../apparmor/ui.py:276
+msgid "(N)o"
+msgstr "(N)u"
+
+#: ../apparmor/ui.py:123
+msgid "(C)ancel"
+msgstr "(A)nulare"
+
+#: ../apparmor/ui.py:223
+msgid "(A)llow"
+msgstr "(P)ermite"
+
+#: ../apparmor/ui.py:224
+msgid "(M)ore"
+msgstr "(M)ult"
+
+#: ../apparmor/ui.py:225
+msgid "Audi(t)"
+msgstr "(V)erificare"
+
+#: ../apparmor/ui.py:226
+msgid "Audi(t) off"
+msgstr "(V)erificare oprită"
+
+#: ../apparmor/ui.py:227
+msgid "Audit (A)ll"
+msgstr "Verifică (T)ot"
+
+#: ../apparmor/ui.py:229
+msgid "(O)wner permissions on"
+msgstr "Permisii de pr(O)prietar la"
+
+#: ../apparmor/ui.py:230
+msgid "(O)wner permissions off"
+msgstr ""
+
+#: ../apparmor/ui.py:231
+msgid "(D)eny"
+msgstr ""
+
+#: ../apparmor/ui.py:232
+msgid "Abo(r)t"
+msgstr ""
+
+#: ../apparmor/ui.py:233
+msgid "(F)inish"
+msgstr ""
+
+#: ../apparmor/ui.py:234
+msgid "(I)nherit"
+msgstr ""
+
+#: ../apparmor/ui.py:235
+msgid "(P)rofile"
+msgstr ""
+
+#: ../apparmor/ui.py:236
+msgid "(P)rofile Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:237
+msgid "(C)hild"
+msgstr ""
+
+#: ../apparmor/ui.py:238
+msgid "(C)hild Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:239
+msgid "(N)amed"
+msgstr ""
+
+#: ../apparmor/ui.py:240
+msgid "(N)amed Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:241
+msgid "(U)nconfined"
+msgstr ""
+
+#: ../apparmor/ui.py:242
+msgid "(U)nconfined Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:243
+msgid "(P)rofile Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:244
+msgid "(P)rofile Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:245
+msgid "(C)hild Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:246
+msgid "(C)hild Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:247
+msgid "(N)amed Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:248
+msgid "(N)amed Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:249
+msgid "(X) ix On"
+msgstr ""
+
+#: ../apparmor/ui.py:250
+msgid "(X) ix Off"
+msgstr ""
+
+#: ../apparmor/ui.py:251 ../apparmor/ui.py:265
+msgid "(S)ave Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:252
+msgid "(C)ontinue Profiling"
+msgstr ""
+
+#: ../apparmor/ui.py:253
+msgid "(N)ew"
+msgstr ""
+
+#: ../apparmor/ui.py:254
+msgid "(G)lob"
+msgstr ""
+
+#: ../apparmor/ui.py:255
+msgid "Glob with (E)xtension"
+msgstr ""
+
+#: ../apparmor/ui.py:256
+msgid "(A)dd Requested Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:257
+msgid "(U)se Default Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:258
+msgid "(S)can system log for AppArmor events"
+msgstr ""
+
+#: ../apparmor/ui.py:259
+msgid "(H)elp"
+msgstr ""
+
+#: ../apparmor/ui.py:260
+msgid "(V)iew Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:261
+msgid "(U)se Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:262
+msgid "(C)reate New Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:263
+msgid "(U)pdate Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:264
+msgid "(I)gnore Update"
+msgstr ""
+
+#: ../apparmor/ui.py:266
+msgid "Save Selec(t)ed Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:267
+msgid "(U)pload Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:268
+msgid "(V)iew Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:269
+msgid "View Changes b/w (C)lean profiles"
+msgstr ""
+
+#: ../apparmor/ui.py:270
+msgid "(V)iew"
+msgstr ""
+
+#: ../apparmor/ui.py:271
+msgid "(E)nable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:272
+msgid "(D)isable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:273
+msgid "(N)ever Ask Again"
+msgstr ""
+
+#: ../apparmor/ui.py:274
+msgid "Ask Me (L)ater"
+msgstr ""
+
+#: ../apparmor/ui.py:277
+msgid "Allow All (N)etwork"
+msgstr ""
+
+#: ../apparmor/ui.py:278
+msgid "Allow Network Fa(m)ily"
+msgstr ""
+
+#: ../apparmor/ui.py:279
+msgid "(O)verwrite Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:280
+msgid "(K)eep Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:281
+msgid "(C)ontinue"
+msgstr ""
+
+#: ../apparmor/ui.py:282
+msgid "(I)gnore"
+msgstr ""
+
+#: ../apparmor/ui.py:344
+#, python-format
+msgid "PromptUser: Unknown command %s"
+msgstr "Utilizator prompt: Comandă necunoscută %s"
+
+#: ../apparmor/ui.py:351
+#, python-format
+msgid "PromptUser: Duplicate hotkey for %(command)s: %(menutext)s "
+msgstr ""
+"Utilizator prompt: cheie rapidă duplicată pentru %(command)s: %(menutext)s "
+
+#: ../apparmor/ui.py:363
+msgid "PromptUser: Invalid hotkey in default item"
+msgstr "Utilizator prompt: Cheie rapidă nevalidă în elementul implicit"
+
+#: ../apparmor/ui.py:368
+#, python-format
+msgid "PromptUser: Invalid default %s"
+msgstr "Utilizator prompt: implicit nevalid %s"
diff --git a/utils/po/sv.po b/utils/po/sv.po
index e128ffda589f7d43e1e988ea6bf10f1e27b588ac..a1125f6a7fc5c378ee2fbe6f96efb4c18384fb1b 100644
--- a/utils/po/sv.po
+++ b/utils/po/sv.po
@@ -8,14 +8,14 @@ msgstr ""
"Project-Id-Version: apparmor\n"
"Report-Msgid-Bugs-To: AppArmor list <apparmor@lists.ubuntu.com>\n"
"POT-Creation-Date: 2014-09-14 19:29+0530\n"
-"PO-Revision-Date: 2019-11-01 09:51+0000\n"
-"Last-Translator: Jonatan Nyberg <Unknown>\n"
+"PO-Revision-Date: 2023-02-01 01:54+0000\n"
+"Last-Translator: Alex Murray <alex.murray@canonical.com>\n"
"Language-Team: Swedish <sv@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2019-11-02 05:45+0000\n"
-"X-Generator: Launchpad (build 469f241f4e73cc0bdffa4e30654052a2af068e06)\n"
+"X-Launchpad-Export-Date: 2023-02-01 04:34+0000\n"
+"X-Generator: Launchpad (build 37f563e5839786fe8704ac9cf25657dfd53c73fd)\n"
"Language: sv\n"
#: ../aa-genprof:56
@@ -45,8 +45,8 @@ msgstr "Loggfilen %s existerar inte. Vänligen kontrollera sökvägen."
msgid ""
"It seems AppArmor was not started. Please enable AppArmor and try again."
msgstr ""
-"Det verkar som AppArmor inte startades. Vänligen aktivera AppArmor och "
-"försök igen."
+"Det verkar som att AppArmor inte startades. Aktivera AppArmor och försök "
+"igen."
#: ../aa-genprof:80 ../aa-mergeprof:47
#, python-format
@@ -1032,7 +1032,7 @@ msgstr ""
#: ../apparmor/ui.py:231
msgid "(D)eny"
-msgstr ""
+msgstr "Förne(k)a"
#: ../apparmor/ui.py:232
msgid "Abo(r)t"
@@ -1120,7 +1120,7 @@ msgstr ""
#: ../apparmor/ui.py:253
msgid "(N)ew"
-msgstr "(N)y"
+msgstr "N(y)"
#: ../apparmor/ui.py:254
msgid "(G)lob"
diff --git a/utils/po/zh_CN.po b/utils/po/zh_CN.po
index 1c9c1d2b4d3399614bcb212c4a323b7a0b7495fb..fdb2ea64839fe3ffec29e9363eb6dc5f6aa359ce 100644
--- a/utils/po/zh_CN.po
+++ b/utils/po/zh_CN.po
@@ -8,47 +8,47 @@ msgstr ""
"Project-Id-Version: apparmor\n"
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
"POT-Creation-Date: 2014-09-14 19:29+0530\n"
-"PO-Revision-Date: 2019-12-24 02:58+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"PO-Revision-Date: 2022-08-25 04:53+0000\n"
+"Last-Translator: Yulin Yang <yylteam@hotmail.com>\n"
"Language-Team: Chinese (Simplified) <zh_CN@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2019-12-25 05:41+0000\n"
-"X-Generator: Launchpad (build bceb5ef013b87ef7aafe0755545ceb689ca7ac60)\n"
+"X-Launchpad-Export-Date: 2022-08-26 04:33+0000\n"
+"X-Generator: Launchpad (build 813bec7783fe35df624c0e68cd38fcaa442fb8d1)\n"
#: ../aa-genprof:56
msgid "Generate profile for the given program"
-msgstr ""
+msgstr "生æˆç»™å®šç¨‹åºçš„é…置文件"
#: ../aa-genprof:57 ../aa-logprof:25 ../aa-cleanprof:24 ../aa-mergeprof:34
#: ../aa-autodep:25 ../aa-audit:25 ../aa-complain:24 ../aa-enforce:24
#: ../aa-disable:24
msgid "path to profiles"
-msgstr ""
+msgstr "é…置文件的路径"
#: ../aa-genprof:58 ../aa-logprof:26
msgid "path to logfile"
-msgstr ""
+msgstr "日志文件的路径"
#: ../aa-genprof:59
msgid "name of program to profile"
-msgstr ""
+msgstr "è¦é…置文件的程åºå"
#: ../aa-genprof:69 ../aa-logprof:37
#, python-format
msgid "The logfile %s does not exist. Please check the path"
-msgstr ""
+msgstr "日志文件 %s ä¸å˜åœ¨ã€‚请检查路径"
#: ../aa-genprof:75 ../aa-logprof:43 ../aa-unconfined:36
msgid ""
"It seems AppArmor was not started. Please enable AppArmor and try again."
-msgstr ""
+msgstr "çœ‹èµ·æ¥ AppArmor ä¸åœ¨è¿è¡Œï¼Œè¯·å¯ç”¨ AppArmor åŽå†è¯•ä¸€æ¬¡ã€‚"
#: ../aa-genprof:80 ../aa-mergeprof:47
#, python-format
msgid "%s is not a directory."
-msgstr ""
+msgstr "%s ä¸æ˜¯ä¸€ä¸ªç›®å½•ã€‚"
#: ../aa-genprof:94
#, python-format
@@ -59,11 +59,15 @@ msgid ""
"environment set up in order to find the fully-qualified path and\n"
"use the full path as parameter."
msgstr ""
+"在系统路径列表ä¸æ‰¾ä¸åˆ°%(profiling)s。如果应用程åºçš„å称\n"
+"æ£ç¡®ï¼Œè¯·ä»¥è®¾ç½®äº†æ£ç¡®è·¯å¾„\n"
+"环境的用户身份è¿è¡Œâ€œwhich %(profiling)sâ€ï¼Œä»¥æŸ¥æ‰¾å®Œå…¨é™å®šè·¯å¾„并\n"
+"使用完整路径作为å‚数。"
#: ../aa-genprof:96
#, python-format
msgid "%s does not exists, please double-check the path."
-msgstr ""
+msgstr "%s ä¸å˜åœ¨ï¼Œè¯·ç¡®è®¤è·¯å¾„æ£ç¡®ã€‚"
#: ../aa-genprof:124
msgid ""
@@ -73,6 +77,11 @@ msgid ""
"wish to confine. See the following wiki page for\n"
"more information:"
msgstr ""
+"\n"
+"在开始之å‰ï¼Œæ‚¨å¯èƒ½å¸Œæœ›æ£€æŸ¥\n"
+"您希望é™åˆ¶çš„应用程åºçš„é…置文件\n"
+"是å¦å·²ç»å˜åœ¨ã€‚有关详细信æ¯ï¼Œè¯·å‚考\n"
+"以下维基页é¢ï¼š"
#: ../aa-genprof:126
msgid ""
@@ -86,16 +95,23 @@ msgid ""
"opportunity to choose whether the access should be \n"
"allowed or denied."
msgstr ""
+"请å¯åŠ¨è¦åœ¨å¦ä¸€ä¸ªçª—å£ä¸åˆ†æžçš„应用程åºï¼Œå¹¶ç«‹å³æ‰§è¡Œå…¶åŠŸèƒ½ã€‚\n"
+"\n"
+"完æˆåŽï¼Œé€‰æ‹©ä¸‹é¢çš„“扫æâ€é€‰é¡¹ï¼Œä»¥æ‰«æ系统日志ä¸çš„AppArmor事件。\n"
+"\n"
+"对于æ¯ä¸ª AppArmor 事件,您将有机会选择是应å…许还是拒ç»è®¿é—®ã€‚"
#: ../aa-genprof:147
msgid "Profiling"
-msgstr ""
+msgstr "分æžä¸"
#: ../aa-genprof:165
msgid ""
"\n"
"Reloaded AppArmor profiles in enforce mode."
msgstr ""
+"\n"
+"é‡å¯ AppArmor 到强制模å¼"
#: ../aa-genprof:166
msgid ""
@@ -103,279 +119,282 @@ msgid ""
"Please consider contributing your new profile!\n"
"See the following wiki page for more information:"
msgstr ""
+"\n"
+"请考虑贡献您的新é…置文件ï¼\n"
+"å‚阅以下 wiki 页é¢èŽ·å–更多信æ¯ï¼š"
#: ../aa-genprof:167
#, python-format
msgid "Finished generating profile for %s."
-msgstr ""
+msgstr "已完æˆä¸º %s 生æˆé…置文件。"
#: ../aa-logprof:24
msgid "Process log entries to generate profiles"
-msgstr ""
+msgstr "处ç†æ—¥å¿—æ¡ç›®ä»¥ç”Ÿæˆé…置文件"
#: ../aa-logprof:27
msgid "mark in the log to start processing after"
-msgstr ""
+msgstr "在日志ä¸è¿›è¡Œæ ‡è®°ï¼Œä»¥ä¾¿åœ¨"
#: ../aa-cleanprof:23
msgid "Cleanup the profiles for the given programs"
-msgstr ""
+msgstr "清ç†æŒ‡å®šç¨‹åºçš„é…置文件"
#: ../aa-cleanprof:25 ../aa-autodep:26 ../aa-audit:27 ../aa-complain:25
#: ../aa-enforce:25 ../aa-disable:25
msgid "name of program"
-msgstr ""
+msgstr "程åºå称"
#: ../aa-cleanprof:26
msgid "Silently overwrite with a clean profile"
-msgstr ""
+msgstr "使用干净的é…置文件以é™é»˜æ–¹å¼è¦†ç›–"
#: ../aa-mergeprof:29
msgid "Perform a 2-way or 3-way merge on the given profiles"
-msgstr ""
+msgstr "对给定的é…置文件执行åŒå‘或三å‘åˆå¹¶"
#: ../aa-mergeprof:31
msgid "your profile"
-msgstr ""
+msgstr "您的é…置文件"
#: ../aa-mergeprof:32
msgid "base profile"
-msgstr ""
+msgstr "基础é…置文件"
#: ../aa-mergeprof:33
msgid "other profile"
-msgstr ""
+msgstr "其他é…置文件"
#: ../aa-mergeprof:67 ../apparmor/aa.py:2345
msgid ""
"The following local profiles were changed. Would you like to save them?"
-msgstr ""
+msgstr "以下本地é…ç½®æ–‡ä»¶å·²æ›´æ”¹ã€‚ä½ æƒ³ä¿å˜å®ƒä»¬å—?"
#: ../aa-mergeprof:148 ../aa-mergeprof:430 ../apparmor/aa.py:1767
msgid "Path"
-msgstr ""
+msgstr "路径"
#: ../aa-mergeprof:149
msgid "Select the appropriate mode"
-msgstr ""
+msgstr "选择åˆé€‚的模å¼"
#: ../aa-mergeprof:166
msgid "Unknown selection"
-msgstr ""
+msgstr "未知选择"
#: ../aa-mergeprof:183 ../aa-mergeprof:209
msgid "File includes"
-msgstr ""
+msgstr "包括的文件"
#: ../aa-mergeprof:183 ../aa-mergeprof:209
msgid "Select the ones you wish to add"
-msgstr ""
+msgstr "选择è¦æ·»åŠ 的内容"
#: ../aa-mergeprof:195 ../aa-mergeprof:222
#, python-format
msgid "Adding %s to the file."
-msgstr ""
+msgstr "æ£åœ¨æ·»åŠ %s到文件。"
#: ../aa-mergeprof:199 ../apparmor/aa.py:2258
msgid "unknown"
-msgstr ""
+msgstr "未知"
#: ../aa-mergeprof:224 ../aa-mergeprof:275 ../aa-mergeprof:516
#: ../aa-mergeprof:558 ../aa-mergeprof:675 ../apparmor/aa.py:1620
#: ../apparmor/aa.py:1859 ../apparmor/aa.py:1899 ../apparmor/aa.py:2012
#, python-format
msgid "Deleted %s previous matching profile entries."
-msgstr ""
+msgstr "å·²åˆ é™¤ %s 个以å‰çš„匹é…é…置文件æ¡ç›®ã€‚"
#: ../aa-mergeprof:244 ../aa-mergeprof:429 ../aa-mergeprof:629
#: ../aa-mergeprof:656 ../apparmor/aa.py:992 ../apparmor/aa.py:1252
#: ../apparmor/aa.py:1562 ../apparmor/aa.py:1603 ../apparmor/aa.py:1766
#: ../apparmor/aa.py:1958 ../apparmor/aa.py:1994
msgid "Profile"
-msgstr ""
+msgstr "é…置文件"
#: ../aa-mergeprof:245 ../apparmor/aa.py:1563 ../apparmor/aa.py:1604
msgid "Capability"
-msgstr ""
+msgstr "特性"
#: ../aa-mergeprof:246 ../aa-mergeprof:480 ../apparmor/aa.py:1258
#: ../apparmor/aa.py:1564 ../apparmor/aa.py:1605 ../apparmor/aa.py:1817
msgid "Severity"
-msgstr ""
+msgstr "严é‡æ€§"
#: ../aa-mergeprof:273 ../aa-mergeprof:514 ../apparmor/aa.py:1618
#: ../apparmor/aa.py:1857
#, python-format
msgid "Adding %s to profile."
-msgstr ""
+msgstr "æ£åœ¨æ·»åŠ %s 到é…置文件"
#: ../aa-mergeprof:282 ../apparmor/aa.py:1627
#, python-format
msgid "Adding capability %s to profile."
-msgstr ""
+msgstr "将功能 %s æ·»åŠ åˆ°é…置文件。"
#: ../aa-mergeprof:289 ../apparmor/aa.py:1634
#, python-format
msgid "Denying capability %s to profile."
-msgstr ""
+msgstr "æ‹’ç»åŠŸèƒ½ %s 到é…置文件。"
#: ../aa-mergeprof:439 ../aa-mergeprof:470 ../apparmor/aa.py:1776
#: ../apparmor/aa.py:1807
msgid "(owner permissions off)"
-msgstr ""
+msgstr "(å…³é—所有者æƒé™)"
#: ../aa-mergeprof:444 ../apparmor/aa.py:1781
msgid "(force new perms to owner)"
-msgstr ""
+msgstr "(强制对所有者使用新的 perm)"
#: ../aa-mergeprof:447 ../apparmor/aa.py:1784
msgid "(force all rule perms to owner)"
-msgstr ""
+msgstr "(强制将所有规则分é…给所有者)"
#: ../aa-mergeprof:459 ../apparmor/aa.py:1796
msgid "Old Mode"
-msgstr ""
+msgstr "旧版模å¼"
#: ../aa-mergeprof:460 ../apparmor/aa.py:1797
msgid "New Mode"
-msgstr ""
+msgstr "新版模å¼"
#: ../aa-mergeprof:475 ../apparmor/aa.py:1812
msgid "(force perms to owner)"
-msgstr ""
+msgstr "(强制分é…给所有者)"
#: ../aa-mergeprof:478 ../apparmor/aa.py:1815
msgid "Mode"
-msgstr ""
+msgstr "模å¼"
#: ../aa-mergeprof:556
#, python-format
msgid "Adding %(path)s %(mod)s to profile"
-msgstr ""
+msgstr "æ·»åŠ %(path)s %(mod)s 到é…置文件"
#: ../aa-mergeprof:574 ../apparmor/aa.py:1915
msgid "Enter new path: "
-msgstr ""
+msgstr "输入新目录: "
#: ../aa-mergeprof:630 ../aa-mergeprof:657 ../apparmor/aa.py:1959
#: ../apparmor/aa.py:1995
msgid "Network Family"
-msgstr ""
+msgstr "家åºç½‘络"
#: ../aa-mergeprof:631 ../aa-mergeprof:658 ../apparmor/aa.py:1960
#: ../apparmor/aa.py:1996
msgid "Socket Type"
-msgstr ""
+msgstr "接å£ç±»åž‹"
#: ../aa-mergeprof:673 ../apparmor/aa.py:2010
#, python-format
msgid "Adding %s to profile"
-msgstr ""
+msgstr "å°† %s æ·»åŠ åˆ°é…置文件"
#: ../aa-mergeprof:683 ../apparmor/aa.py:2020
#, python-format
msgid "Adding network access %(family)s %(type)s to profile."
-msgstr ""
+msgstr "æ·»åŠ ç½‘ç»œè®¿é—® %(family)s %(type)s 到é…置文件。"
#: ../aa-mergeprof:689 ../apparmor/aa.py:2026
#, python-format
msgid "Denying network access %(family)s %(type)s to profile"
-msgstr ""
+msgstr "æ‹’ç»ç½‘络访问 %(family)s %(type)s 到é…置文件。"
#: ../aa-autodep:23
msgid "Generate a basic AppArmor profile by guessing requirements"
-msgstr ""
+msgstr "通过猜测需求生æˆåŸºæœ¬çš„ AppArmor é…置文件"
#: ../aa-autodep:24
msgid "overwrite existing profile"
-msgstr ""
+msgstr "覆盖现å˜é…ç½®"
#: ../aa-audit:24
msgid "Switch the given programs to audit mode"
-msgstr ""
+msgstr "将给定程åºåˆ‡æ¢åˆ°å®¡è®¡æ¨¡å¼"
#: ../aa-audit:26
msgid "remove audit mode"
-msgstr ""
+msgstr "移除审计模å¼"
#: ../aa-audit:28
msgid "Show full trace"
-msgstr ""
+msgstr "显示完整跟踪"
#: ../aa-complain:23
msgid "Switch the given program to complain mode"
-msgstr ""
+msgstr "将给定的程åºåˆ‡æ¢åˆ°æŠ•è¯‰æ¨¡å¼"
#: ../aa-enforce:23
msgid "Switch the given program to enforce mode"
-msgstr ""
+msgstr "将给定程åºåˆ‡æ¢åˆ°å¼ºåˆ¶æ¨¡å¼"
#: ../aa-disable:23
msgid "Disable the profile for the given programs"
-msgstr ""
+msgstr "ç¦ç”¨ç»™å®šç¨‹åºçš„é…置文件"
#: ../aa-unconfined:28
msgid "Lists unconfined processes having tcp or udp ports"
-msgstr ""
+msgstr "列出具有 TCP 或 UDP 端å£çš„ä¸å—é™åˆ¶çš„进程"
#: ../aa-unconfined:29
msgid "scan all processes from /proc"
-msgstr ""
+msgstr "从 /proc ä¸æ‰«æ所有进程"
#: ../aa-unconfined:81
#, python-format
msgid "%(pid)s %(program)s (%(commandline)s) not confined"
-msgstr ""
+msgstr "%(pid)s %(program)s (%(commandline)s) ä¸å—é™åˆ¶"
#: ../aa-unconfined:85
#, python-format
msgid "%(pid)s %(program)s%(pname)s not confined"
-msgstr ""
+msgstr "%(pid)s %(program)s%(pname)s ä¸å—é™åˆ¶"
#: ../aa-unconfined:90
#, python-format
msgid "%(pid)s %(program)s (%(commandline)s) confined by '%(attribute)s'"
-msgstr ""
+msgstr "%(pid)s %(program)s (%(commandline)s) ç”± '%(attribute)s' é™åˆ¶"
#: ../aa-unconfined:94
#, python-format
msgid "%(pid)s %(program)s%(pname)s confined by '%(attribute)s'"
-msgstr ""
+msgstr "%(pid)s %(program)s%(pname)s ç”± '%(attribute)s' é™åˆ¶"
#: ../apparmor/aa.py:196
#, python-format
msgid "Followed too many links while resolving %s"
-msgstr ""
+msgstr "è§£æž %s 时跟踪的链接过多"
#: ../apparmor/aa.py:252 ../apparmor/aa.py:259
#, python-format
msgid "Can't find %s"
-msgstr ""
+msgstr "找ä¸åˆ° %s"
#: ../apparmor/aa.py:264 ../apparmor/aa.py:548
#, python-format
msgid "Setting %s to complain mode."
-msgstr ""
+msgstr "æ£åœ¨å°† %s 设置为投诉模å¼ã€‚"
#: ../apparmor/aa.py:271
#, python-format
msgid "Setting %s to enforce mode."
-msgstr ""
+msgstr "æ£åœ¨è®¾ç½® %s 到强制模å¼"
#: ../apparmor/aa.py:286
#, python-format
msgid "Unable to find basename for %s."
-msgstr ""
+msgstr "找ä¸åˆ° %s 的基本å称。"
#: ../apparmor/aa.py:301
#, python-format
msgid "Could not create %(link)s symlink to %(filename)s."
-msgstr ""
+msgstr "æ— æ³•åˆ›å»ºç¬¦å·é“¾æŽ¥ %(link)s 至 %(filename)s 文件。"
#: ../apparmor/aa.py:314
#, python-format
msgid "Unable to read first line from %s: File Not Found"
-msgstr ""
+msgstr "æ— æ³•ä»Ž %s 读å–第一行:找ä¸åˆ°æ–‡ä»¶"
#: ../apparmor/aa.py:328
#, python-format
@@ -383,47 +402,49 @@ msgid ""
"Unable to fork: %(program)s\n"
"\t%(error)s"
msgstr ""
+"æ— æ³• fork:%(program)s\n"
+"\t%(error)s"
#: ../apparmor/aa.py:449 ../apparmor/ui.py:303
msgid ""
"Are you sure you want to abandon this set of profile changes and exit?"
-msgstr ""
+msgstr "您确定è¦æ”¾å¼ƒè¿™ç»„é…置文件更改并退出å—?"
#: ../apparmor/aa.py:451 ../apparmor/ui.py:305
msgid "Abandoning all changes."
-msgstr ""
+msgstr "æ£åœ¨æ”¾å¼ƒæ‰€æœ‰æ›´æ”¹ã€‚"
#: ../apparmor/aa.py:464
msgid "Connecting to repository..."
-msgstr ""
+msgstr "æ£åœ¨è¿žæŽ¥åˆ°å˜å‚¨åº“..."
#: ../apparmor/aa.py:470
msgid "WARNING: Error fetching profiles from the repository"
-msgstr ""
+msgstr "è¦å‘Šï¼šä»Žå˜å‚¨åº“获å–é…置文件时出错"
#: ../apparmor/aa.py:550
#, python-format
msgid "Error activating profiles: %s"
-msgstr ""
+msgstr "激活é…置文件时出错: %s"
#: ../apparmor/aa.py:605
#, python-format
msgid "%s contains no profile"
-msgstr ""
+msgstr "%s ä¸åŒ…å«é…置文件"
#: ../apparmor/aa.py:706
#, python-format
msgid ""
"WARNING: Error synchronizing profiles with the repository:\n"
"%s\n"
-msgstr ""
+msgstr "è¦å‘Šï¼šå°†é…置文件与å˜å‚¨åº“åŒæ¥æ—¶å‡ºé”™ï¼š%s\n"
#: ../apparmor/aa.py:744
#, python-format
msgid ""
"WARNING: Error synchronizing profiles with the repository\n"
"%s"
-msgstr ""
+msgstr "è¦å‘Šï¼šå°†é…置文件与å˜å‚¨åº“ %s åŒæ¥æ—¶å‡ºé”™"
#: ../apparmor/aa.py:832 ../apparmor/aa.py:883
#, python-format
@@ -431,14 +452,16 @@ msgid ""
"WARNING: An error occurred while uploading the profile %(profile)s\n"
"%(ret)s"
msgstr ""
+"è¦å‘Šï¼šåœ¨ä¸Šä¼ é…置文件 %(profile)s æ—¶å‘生错误\n"
+"%(ret)s"
#: ../apparmor/aa.py:833
msgid "Uploaded changes to repository."
-msgstr ""
+msgstr "å·²å°†æ›´æ”¹ä¸Šä¼ åˆ°å˜å‚¨åº“"
#: ../apparmor/aa.py:865
msgid "Changelog Entry: "
-msgstr ""
+msgstr "更新日志æ¡ç›®ï¼š "
#: ../apparmor/aa.py:885
msgid ""
@@ -447,40 +470,43 @@ msgid ""
"information is required to upload profiles to the repository.\n"
"These changes could not be sent."
msgstr ""
+"å˜å‚¨åº“错误\n"
+"注册或登录失败。需è¦ç”¨æˆ·ç™»å½•ä¿¡æ¯æ‰èƒ½å°†é…置文件上载到å˜å‚¨åº“。\n"
+"æ— æ³•ä¼ é€è¿™äº›æ›´æ”¹ã€‚"
#: ../apparmor/aa.py:995
msgid "Default Hat"
-msgstr ""
+msgstr "默认帽å"
#: ../apparmor/aa.py:997
msgid "Requested Hat"
-msgstr ""
+msgstr "已请求帽å"
#: ../apparmor/aa.py:1218
#, python-format
msgid "%s has transition name but not transition mode"
-msgstr ""
+msgstr "%s 具有转æ¢å称,但没有转æ¢æ¨¡å¼"
#: ../apparmor/aa.py:1232
#, python-format
msgid "Target profile exists: %s\n"
-msgstr ""
+msgstr "ç›®æ ‡é…置文件已å˜åœ¨ï¼š%s\n"
#: ../apparmor/aa.py:1254
msgid "Program"
-msgstr ""
+msgstr "程åº"
#: ../apparmor/aa.py:1257
msgid "Execute"
-msgstr ""
+msgstr "è¿è¡Œ"
#: ../apparmor/aa.py:1287
msgid "Are you specifying a transition to a local profile?"
-msgstr ""
+msgstr "是å¦æŒ‡å®šäº†åˆ°æœ¬åœ°é…置文件的转æ¢ï¼Ÿ"
#: ../apparmor/aa.py:1299
msgid "Enter profile name to transition to: "
-msgstr ""
+msgstr "输入è¦è½¬æ¢ä¸ºçš„é…置文件å称: "
#: ../apparmor/aa.py:1308
msgid ""
@@ -491,6 +517,10 @@ msgid ""
"but some applications depend on the presence\n"
"of LD_PRELOAD or LD_LIBRARY_PATH."
msgstr ""
+"AppArmor 在切æ¢é…置文件时是å¦åº”该对环境进行清ç†ï¼Ÿ\n"
+"\n"
+"清ç†çŽ¯å¢ƒæ›´å®‰å…¨ï¼Œä½†æœ‰äº›åº”用ä¾èµ–于是å¦å˜åœ¨\n"
+"LD_PRELOAD 或 LD_LIBRARY_PATH。"
#: ../apparmor/aa.py:1310
msgid ""
@@ -502,6 +532,10 @@ msgid ""
"or LD_LIBRARY_PATH and sanitising the environment\n"
"could cause functionality problems."
msgstr ""
+"AppArmor 在切æ¢é…置文件时是å¦åº”该对环境进行清ç†ï¼Ÿ\n"
+"\n"
+"清ç†çŽ¯å¢ƒæ›´å®‰å…¨ï¼Œä½†æ¤åº”用程åºä¼¼ä¹Žæ£åœ¨ä½¿ç”¨ LD_PRELOAD\n"
+" 或 LD_LIBRARY_PATH 并且清ç†çŽ¯å¢ƒå¯èƒ½ä¼šå¯¼è‡´åŠŸèƒ½é—®é¢˜ã€‚"
#: ../apparmor/aa.py:1318
#, python-format
@@ -512,6 +546,11 @@ msgid ""
"Are you absolutely certain you wish to remove all\n"
"AppArmor protection when executing %s ?"
msgstr ""
+"在ä¸å—é™åˆ¶çš„状æ€ä¸‹å¯åŠ¨è¿›ç¨‹æ˜¯ä¸€ç§éžå¸¸\n"
+"å±é™©çš„æ“作,å¯èƒ½ä¼šå¯¼è‡´ä¸¥é‡çš„安全æ¼æ´žã€‚\n"
+"\n"
+"您是å¦ç»å¯¹ç¡®å®šåœ¨æ‰§è¡Œ %s æ—¶è¦åˆ 除\n"
+"所有 AppArmor ä¿æŠ¤ï¼Ÿ"
#: ../apparmor/aa.py:1320
msgid ""
@@ -522,6 +561,12 @@ msgid ""
"a program opens up significant security holes\n"
"and should be avoided if at all possible."
msgstr ""
+"AppArmor是å¦åº”è¯¥åœ¨æ— é™åˆ¶åœ°\n"
+"è¿è¡Œæ¤ç¨‹åºæ—¶å¯¹çŽ¯å¢ƒè¿›è¡Œæ¸…ç†ï¼Ÿ\n"
+"\n"
+"在å–消约æŸç¨‹åºæ—¶ä¸å¯¹çŽ¯å¢ƒè¿›è¡Œ\n"
+"清ç†ä¼šé€ æˆé‡å¤§çš„安全æ¼æ´žï¼Œ\n"
+"如果å¯èƒ½çš„è¯ï¼Œåº”é¿å…使用。"
#: ../apparmor/aa.py:1396 ../apparmor/aa.py:1414
#, python-format
@@ -529,24 +574,26 @@ msgid ""
"A profile for %s does not exist.\n"
"Do you want to create one?"
msgstr ""
+"针对 %s çš„é…置文件ä¸å˜åœ¨ã€‚\n"
+"您想创建一个å—?"
#: ../apparmor/aa.py:1523
msgid "Complain-mode changes:"
-msgstr ""
+msgstr "投诉模å¼æ›´æ”¹ï¼š"
#: ../apparmor/aa.py:1525
msgid "Enforce-mode changes:"
-msgstr ""
+msgstr "强制模å¼æ›´æ”¹ï¼š"
#: ../apparmor/aa.py:1528
#, python-format
msgid "Invalid mode found: %s"
-msgstr ""
+msgstr "å‘çŽ°æ— æ•ˆæ¨¡å¼ï¼š%s"
#: ../apparmor/aa.py:1897
#, python-format
msgid "Adding %(path)s %(mode)s to profile"
-msgstr ""
+msgstr "æ£åœ¨æ·»åŠ %(path)s %(mode)s 到é…置文件"
#: ../apparmor/aa.py:1918
#, python-format
@@ -557,73 +604,78 @@ msgid ""
" Entered Path: %(ans)s\n"
"Do you really want to use this path?"
msgstr ""
+"指定的路径与æ¤æ—¥å¿—æ¡ç›®ä¸åŒ¹é…:\n"
+"\n"
+" 日志æ¡ç›®ï¼š%(path)s\n"
+" 输入的路径:%(ans)s\n"
+"是å¦ç¡®å®žè¦ä½¿ç”¨æ¤è·¯å¾„?"
#: ../apparmor/aa.py:2251
#, python-format
msgid "Reading log entries from %s."
-msgstr ""
+msgstr "从 %s 读å–日志æ¡ç›®ã€‚"
#: ../apparmor/aa.py:2254
#, python-format
msgid "Updating AppArmor profiles in %s."
-msgstr ""
+msgstr "æ£åœ¨åœ¨ %s ä¸æ›´æ–° AppArmor é…置文件。"
#: ../apparmor/aa.py:2323
msgid ""
"Select which profile changes you would like to save to the\n"
"local profile set."
-msgstr ""
+msgstr "é€‰æ‹©ä½ æƒ³ä¿å˜åˆ°æœ¬åœ°é…置文件集的哪些é…置文件å˜åŒ–。"
#: ../apparmor/aa.py:2324
msgid "Local profile changes"
-msgstr ""
+msgstr "本地é…置文件更改"
#: ../apparmor/aa.py:2418
msgid "Profile Changes"
-msgstr ""
+msgstr "é…置文件更改"
#: ../apparmor/aa.py:2428
#, python-format
msgid "Can't find existing profile %s to compare changes."
-msgstr ""
+msgstr "找ä¸åˆ°çŽ°æœ‰çš„é…置文件 %sï¼Œæ— æ³•æ¯”è¾ƒå˜åŒ–。"
#: ../apparmor/aa.py:2566 ../apparmor/aa.py:2581
#, python-format
msgid "Can't read AppArmor profiles in %s"
-msgstr ""
+msgstr "æ— æ³•è¯»å– %s ä¸çš„ AppArmor é…置文件"
#: ../apparmor/aa.py:2677
#, python-format
msgid ""
"%(profile)s profile in %(file)s contains syntax errors in line: %(line)s."
-msgstr ""
+msgstr "%(file)s ä¸çš„ %(profile)s é…置文件在以下行ä¸åŒ…å«è¯æ³•é”™è¯¯ï¼š%(line)s。"
#: ../apparmor/aa.py:2734
#, python-format
msgid ""
"Syntax Error: Unexpected End of Profile reached in file: %(file)s line: "
"%(line)s"
-msgstr ""
+msgstr "è¯æ³•é”™è¯¯ï¼šåœ¨æ–‡ä»¶ %(file)s 第 %(line)s è¡Œä¸çš„é…置文件æ„外结æŸ"
#: ../apparmor/aa.py:2749
#, python-format
msgid ""
"Syntax Error: Unexpected capability entry found in file: %(file)s line: "
"%(line)s"
-msgstr ""
+msgstr "è¯æ³•é”™è¯¯ï¼šåœ¨æ–‡ä»¶ %(file)s 第 %(line)s è¡Œä¸å‘现æ„外的功能æ¡ç›®"
#: ../apparmor/aa.py:2770
#, python-format
msgid ""
"Syntax Error: Unexpected link entry found in file: %(file)s line: %(line)s"
-msgstr ""
+msgstr "è¯æ³•é”™è¯¯ï¼šåœ¨æ–‡ä»¶ %(file)s 第 %(line)s è¡Œä¸å‘现æ„外的链接æ¡ç›®"
#: ../apparmor/aa.py:2798
#, python-format
msgid ""
"Syntax Error: Unexpected change profile entry found in file: %(file)s line: "
"%(line)s"
-msgstr ""
+msgstr "è¯æ³•é”™è¯¯ï¼šåœ¨æ–‡ä»¶ %(file)s 第 %(line)s è¡Œä¸å‘现æ„外的更改é…置文件æ¡ç›®"
#: ../apparmor/aa.py:2820
#, python-format
@@ -636,7 +688,7 @@ msgstr ""
msgid ""
"Syntax Error: Unexpected boolean definition found in file: %(file)s line: "
"%(line)s"
-msgstr ""
+msgstr "è¯æ³•é”™è¯¯ï¼šå‘çŽ°æ— æ•ˆçš„å¸ƒå°”æ ‡è¯†ç¬¦åœ¨æ–‡ä»¶ï¼š%(file)s 行:%(line)s"
#: ../apparmor/aa.py:2871
#, python-format
@@ -654,7 +706,7 @@ msgstr ""
#: ../apparmor/aa.py:2922
#, python-format
msgid "Syntax Error: Invalid Regex %(path)s in file: %(file)s line: %(line)s"
-msgstr ""
+msgstr "è¯æ³•é”™è¯¯ï¼šæ— 效的æ£åˆ™è¡¨è¾¾å¼ %(path)s 在文件:%(file)s 行:%(line)s"
#: ../apparmor/aa.py:2925
#, python-format
@@ -775,7 +827,7 @@ msgstr ""
#: ../apparmor/aa.py:4481
#, python-format
msgid "File Not Found: %s"
-msgstr ""
+msgstr "文件未找到:%s"
#: ../apparmor/aa.py:4591
#, python-format
@@ -791,7 +843,7 @@ msgstr ""
#: ../apparmor/logparser.py:127 ../apparmor/logparser.py:132
#, python-format
msgid "Log contains unknown mode %s"
-msgstr ""
+msgstr "日志包å«æœªçŸ¥æ¨¡å¼ %s"
#: ../apparmor/tools.py:84 ../apparmor/tools.py:126
#, python-format
@@ -864,91 +916,91 @@ msgstr ""
#: ../apparmor/tools.py:260
#, python-format
msgid "The profile for %s does not exists. Nothing to clean."
-msgstr ""
+msgstr "%s çš„é…置文件ä¸å˜åœ¨ã€‚没什么å¯æ¸…ç†çš„。"
#: ../apparmor/ui.py:61
msgid "Invalid hotkey for"
-msgstr ""
+msgstr "æ— æ•ˆçƒé”®"
#: ../apparmor/ui.py:77 ../apparmor/ui.py:121 ../apparmor/ui.py:275
msgid "(Y)es"
-msgstr ""
+msgstr "是(Y)"
#: ../apparmor/ui.py:78 ../apparmor/ui.py:122 ../apparmor/ui.py:276
msgid "(N)o"
-msgstr ""
+msgstr "å¦(N)"
#: ../apparmor/ui.py:123
msgid "(C)ancel"
-msgstr ""
+msgstr "å–消(C)"
#: ../apparmor/ui.py:223
msgid "(A)llow"
-msgstr ""
+msgstr "å…许(A)"
#: ../apparmor/ui.py:224
msgid "(M)ore"
-msgstr ""
+msgstr "更多(M)"
#: ../apparmor/ui.py:225
msgid "Audi(t)"
-msgstr ""
+msgstr "审计(T)"
#: ../apparmor/ui.py:226
msgid "Audi(t) off"
-msgstr ""
+msgstr "å…³é—审计(T)"
#: ../apparmor/ui.py:227
msgid "Audit (A)ll"
-msgstr ""
+msgstr "审计全部(A)"
#: ../apparmor/ui.py:229
msgid "(O)wner permissions on"
-msgstr ""
+msgstr "打开所有者æƒé™(O)"
#: ../apparmor/ui.py:230
msgid "(O)wner permissions off"
-msgstr ""
+msgstr "å…³é—所有者æƒé™(O)"
#: ../apparmor/ui.py:231
msgid "(D)eny"
-msgstr ""
+msgstr "æ‹’ç»(D)"
#: ../apparmor/ui.py:232
msgid "Abo(r)t"
-msgstr ""
+msgstr "ä¸æ¢(R)"
#: ../apparmor/ui.py:233
msgid "(F)inish"
-msgstr ""
+msgstr "完æˆ(F)"
#: ../apparmor/ui.py:234
msgid "(I)nherit"
-msgstr ""
+msgstr "继承(I)"
#: ../apparmor/ui.py:235
msgid "(P)rofile"
-msgstr ""
+msgstr "é…置文件(P)"
#: ../apparmor/ui.py:236
msgid "(P)rofile Clean Exec"
-msgstr ""
+msgstr "é…置文件清ç†æ‰§è¡Œ(P)"
#: ../apparmor/ui.py:237
msgid "(C)hild"
-msgstr ""
+msgstr "儿童模å¼(C)"
#: ../apparmor/ui.py:238
msgid "(C)hild Clean Exec"
-msgstr ""
+msgstr "å项清ç†æ‰§è¡Œ(C)"
#: ../apparmor/ui.py:239
msgid "(N)amed"
-msgstr ""
+msgstr "命å(N)"
#: ../apparmor/ui.py:240
msgid "(N)amed Clean Exec"
-msgstr ""
+msgstr "命å清ç†æ‰§è¡Œ(N)"
#: ../apparmor/ui.py:241
msgid "(U)nconfined"
@@ -960,11 +1012,11 @@ msgstr ""
#: ../apparmor/ui.py:243
msgid "(P)rofile Inherit"
-msgstr ""
+msgstr "é…置文件继承(P)"
#: ../apparmor/ui.py:244
msgid "(P)rofile Inherit Clean Exec"
-msgstr ""
+msgstr "é…置文件继承清ç†æ‰§è¡Œ(P)"
#: ../apparmor/ui.py:245
msgid "(C)hild Inherit"
@@ -976,11 +1028,11 @@ msgstr ""
#: ../apparmor/ui.py:247
msgid "(N)amed Inherit"
-msgstr ""
+msgstr "命å继承(N)"
#: ../apparmor/ui.py:248
msgid "(N)amed Inherit Clean Exec"
-msgstr ""
+msgstr "命å继承清ç†æ‰§è¡Œ(N)"
#: ../apparmor/ui.py:249
msgid "(X) ix On"
@@ -992,15 +1044,15 @@ msgstr ""
#: ../apparmor/ui.py:251 ../apparmor/ui.py:265
msgid "(S)ave Changes"
-msgstr ""
+msgstr "ä¿å˜æ›´æ”¹(S)"
#: ../apparmor/ui.py:252
msgid "(C)ontinue Profiling"
-msgstr ""
+msgstr "继ç»åˆ†æž(C)"
#: ../apparmor/ui.py:253
msgid "(N)ew"
-msgstr ""
+msgstr "新建(N)"
#: ../apparmor/ui.py:254
msgid "(G)lob"
@@ -1012,115 +1064,115 @@ msgstr ""
#: ../apparmor/ui.py:256
msgid "(A)dd Requested Hat"
-msgstr ""
+msgstr "æ·»åŠ è¯·æ±‚çš„å¸½å(A)"
#: ../apparmor/ui.py:257
msgid "(U)se Default Hat"
-msgstr ""
+msgstr "使用默认帽å(U)"
#: ../apparmor/ui.py:258
msgid "(S)can system log for AppArmor events"
-msgstr ""
+msgstr "扫æ系统日志以查找 AppArmor 事件(S)"
#: ../apparmor/ui.py:259
msgid "(H)elp"
-msgstr ""
+msgstr "帮助(H)"
#: ../apparmor/ui.py:260
msgid "(V)iew Profile"
-msgstr ""
+msgstr "查看é…置文件(V)"
#: ../apparmor/ui.py:261
msgid "(U)se Profile"
-msgstr ""
+msgstr "使用é…置文件(U)"
#: ../apparmor/ui.py:262
msgid "(C)reate New Profile"
-msgstr ""
+msgstr "新建é…置文件(C)"
#: ../apparmor/ui.py:263
msgid "(U)pdate Profile"
-msgstr ""
+msgstr "æ›´æ–°é…置文件(U)"
#: ../apparmor/ui.py:264
msgid "(I)gnore Update"
-msgstr ""
+msgstr "忽略更新(I)"
#: ../apparmor/ui.py:266
msgid "Save Selec(t)ed Profile"
-msgstr ""
+msgstr "ä¿å˜é€‰æ‹©çš„é…置文件(T)"
#: ../apparmor/ui.py:267
msgid "(U)pload Changes"
-msgstr ""
+msgstr "ä¸Šä¼ æ›´æ”¹(U)"
#: ../apparmor/ui.py:268
msgid "(V)iew Changes"
-msgstr ""
+msgstr "查看更改(V)"
#: ../apparmor/ui.py:269
msgid "View Changes b/w (C)lean profiles"
-msgstr ""
+msgstr "查看更改黑白并清ç†é…置文件(C)"
#: ../apparmor/ui.py:270
msgid "(V)iew"
-msgstr ""
+msgstr "查看(V)"
#: ../apparmor/ui.py:271
msgid "(E)nable Repository"
-msgstr ""
+msgstr "å¯ç”¨å˜å‚¨åº“(E)"
#: ../apparmor/ui.py:272
msgid "(D)isable Repository"
-msgstr ""
+msgstr "ç¦ç”¨å˜å‚¨åº“(D)"
#: ../apparmor/ui.py:273
msgid "(N)ever Ask Again"
-msgstr ""
+msgstr "ä¸å†æ醒(N)"
#: ../apparmor/ui.py:274
msgid "Ask Me (L)ater"
-msgstr ""
+msgstr "ç¨åŽæ醒(L)"
#: ../apparmor/ui.py:277
msgid "Allow All (N)etwork"
-msgstr ""
+msgstr "å…许所有网络(N)"
#: ../apparmor/ui.py:278
msgid "Allow Network Fa(m)ily"
-msgstr ""
+msgstr "å…许网络家æ—(M)"
#: ../apparmor/ui.py:279
msgid "(O)verwrite Profile"
-msgstr ""
+msgstr "覆盖é…置文件(O)"
#: ../apparmor/ui.py:280
msgid "(K)eep Profile"
-msgstr ""
+msgstr "ä¿ç•™é…置文件(K)"
#: ../apparmor/ui.py:281
msgid "(C)ontinue"
-msgstr ""
+msgstr "继ç»(C)"
#: ../apparmor/ui.py:282
msgid "(I)gnore"
-msgstr ""
+msgstr "忽略(I)"
#: ../apparmor/ui.py:344
#, python-format
msgid "PromptUser: Unknown command %s"
-msgstr ""
+msgstr "PromptUser: 未知命令 %s"
#: ../apparmor/ui.py:351
#, python-format
msgid "PromptUser: Duplicate hotkey for %(command)s: %(menutext)s "
-msgstr ""
+msgstr "PromptUser: %(command)s: %(menutext)s çš„é‡å¤çƒé”® "
#: ../apparmor/ui.py:363
msgid "PromptUser: Invalid hotkey in default item"
-msgstr ""
+msgstr "PromptUser: 默认项ä¸çš„çƒé”®æ— 效"
#: ../apparmor/ui.py:368
#, python-format
msgid "PromptUser: Invalid default %s"
-msgstr ""
+msgstr "PromptUser: æ— æ•ˆçš„é»˜è®¤å€¼ %s"
diff --git a/utils/pod2htmd.tmp b/utils/pod2htmd.tmp
deleted file mode 100644
index 61e86d9f1b8a5072b5e67872d7c2f8b1e9a79cee..0000000000000000000000000000000000000000
--- a/utils/pod2htmd.tmp
+++ /dev/null
@@ -1,2 +0,0 @@
-
-.
diff --git a/utils/python-tools-setup.py b/utils/python-tools-setup.py
index 8efe6ce9aabada89a394ab5bf9c446f78b5ac500..5c3966b366ac26bed8e1d3e01ac4e7cbfbebae54 100644
--- a/utils/python-tools-setup.py
+++ b/utils/python-tools-setup.py
@@ -27,6 +27,14 @@ import sys
from setuptools import setup
from setuptools.command.install import install as _install
+# removeprefix is only in python 3.9+ support older python versions
+def replace_path_prefix(text, prefix):
+ if text.startswith(prefix):
+ suffix = text[len(prefix):]
+ if not suffix.startswith("/"):
+ suffix = "/" + suffix
+ return suffix
+ return text
class Install(_install):
"""Override setuptools to install the files where we want them."""
@@ -55,6 +63,25 @@ class Install(_install):
for d in data:
self.copy_tree(d, os.path.join(prefix + "/usr/share/apparmor/easyprof", os.path.basename(d)))
+ # Make update_profile.py executable
+ update_profile_path = os.path.join(self.install_lib, 'apparmor/update_profile.py')
+ print('changing mode of {} to 755'.format(update_profile_path))
+ os.chmod(update_profile_path, 0o755)
+
+ pkexec_action_name = 'net.apparmor.pkexec.aa-notify.policy'
+ print('Installing {} to /usr/share/polkit-1/actions/ mode 644'.format(pkexec_action_name))
+ with open(pkexec_action_name, 'r') as f:
+ polkit_template = f.read()
+
+ # don't leak the buildroot into the polkit files
+ polkit = polkit_template.format(LIB_PATH=replace_path_prefix(self.install_lib, prefix))
+
+ if not os.path.exists(prefix + '/usr/share/polkit-1/actions/'):
+ self.mkpath(prefix + '/usr/share/polkit-1/actions/')
+ with open(prefix + '/usr/share/polkit-1/actions/' + pkexec_action_name, 'w') as f:
+ f.write(polkit)
+ os.chmod(prefix + '/usr/share/polkit-1/actions/' + pkexec_action_name, 0o644)
+
if os.path.exists('staging'):
shutil.rmtree('staging')
@@ -63,7 +90,7 @@ shutil.copytree('apparmor', 'staging')
# Support the --version=... since this will be part of a Makefile
version = "unknown-version"
if "--version=" in sys.argv[-1]:
- version = sys.argv[-1].split('=')[1]
+ version = sys.argv[-1].split('=')[1].replace('~', '-')
sys.argv = sys.argv[0:-1]
setup(
diff --git a/utils/test/Makefile b/utils/test/Makefile
index c86c4256afaebb09a7bcf7020bb3b62498d6d6d2..5c38cd3516097ec4080dcf8ae5b74fec4aecec28 100644
--- a/utils/test/Makefile
+++ b/utils/test/Makefile
@@ -21,20 +21,21 @@ COMMONDIR=../../common/
include $(COMMONDIR)/Make.rules
# files that don't have 100% test coverage
-INCOMPLETE_COVERAGE=libraries/libapparmor/swig/python/.*/LibAppArmor/LibAppArmor.py|utils/apparmor/aa.py|utils/apparmor/common.py|utils/apparmor/config.py|utils/apparmor/easyprof.py|utils/apparmor/fail.py|utils/apparmor/logparser.py|utils/apparmor/profile_storage.py|utils/apparmor/rules.py|utils/apparmor/ui.py|minitools_test.py
+INCOMPLETE_COVERAGE=libraries/libapparmor/swig/python/.*/LibAppArmor/LibAppArmor.py|utils/aa-logprof|utils/apparmor/aa.py|utils/apparmor/common.py|utils/apparmor/config.py|utils/apparmor/easyprof.py|utils/apparmor/fail.py|utils/apparmor/logparser.py|utils/apparmor/ui.py|minitools_test.py
ifdef USE_SYSTEM
- LD_LIBRARY_PATH=
- PYTHONPATH=
+ LD_LIBRARY_PATH?=
+ PYTHONPATH?=
CONFDIR=
BASEDIR=
PARSER=
else
- PYTHON_DIST_BUILD_PATH = ../../libraries/libapparmor/swig/python/build/$$($(PYTHON) ../../libraries/libapparmor/swig/python/test/buildpath.py)
- LIBAPPARMOR_PATH=../../libraries/libapparmor/src/.libs/
- LD_LIBRARY_PATH=$(LIBAPPARMOR_PATH):$(PYTHON_DIST_BUILD_PATH)
- PYTHONPATH=..:$(PYTHON_DIST_BUILD_PATH)
+ LIBAPPARMOR_BASEDIR?=../../libraries/libapparmor
+ PYTHON_DIST_BUILD_PATH ?= $(LIBAPPARMOR_BASEDIR)/swig/python/build/$$($(PYTHON) $(LIBAPPARMOR_BASEDIR)/swig/python/test/buildpath.py)
+ LIBAPPARMOR_PATH?=$(LIBAPPARMOR_BASEDIR)/src/.libs/
+ LD_LIBRARY_PATH:=$(LD_LIBRARY_PATH):$(LIBAPPARMOR_PATH):$(PYTHON_DIST_BUILD_PATH)
+ PYTHONPATH:=$(PYTHONPATH):..:$(PYTHON_DIST_BUILD_PATH)
CONFDIR=$(CURDIR)
BASEDIR=../../profiles/apparmor.d
PARSER=../../parser/apparmor_parser
@@ -61,7 +62,7 @@ ifndef USE_SYSTEM
fi
endif
-COVERAGE_OMIT=test-*.py,common_test.py
+COVERAGE_OMIT=test-*.py,common_test.py,*/dist-packages/*
ifneq ($(COVERAGE_OUT), )
HTML_COVR_ARGS=-d $(COVERAGE_OUT)
endif
@@ -84,6 +85,16 @@ clean:
check: __libapparmor __parser
export PYTHONPATH=$(PYTHONPATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) LC_ALL=C __AA_CONFDIR=$(CONFDIR) __AA_BASEDIR=$(BASEDIR) __AA_PARSER=$(PARSER) ; $(foreach test, $(wildcard test-*.py), echo ; echo === $(test) === ; $(call pyalldo, $(test)))
+# FIXME: passing -v to test-$*.py below makes some tests fail.
+#
+# This is a static pattern rule that allows running individual tests via the
+# check-one-test-NAME target, where NAME matches an exciting file test-NAME.py.
+# The way it is coded allows make <tab><tab> to complete it, making it easier
+# to use interactively.
+check-one-test-%: PYTHON ?= python3
+$(foreach t,$(wildcard test-*.py),check-one-test-$(patsubst test-%.py,%,$t)): check-one-test-%: __libapparmor __parser
+ PYTHONPATH=$(PYTHONPATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) LC_ALL=C __AA_CONFDIR=$(CONFDIR) __AA_BASEDIR=$(BASEDIR) __AA_PARSER=$(PARSER) $(PYTHON) test-$*.py
+
.coverage: $(wildcard ../aa-* ../apparmor/*.py test-*.py) __libapparmor __parser
export PYTHONPATH=$(PYTHONPATH) LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) LC_ALL=C __AA_CONFDIR=$(CONFDIR) __AA_BASEDIR=$(BASEDIR) __AA_PARSER=$(PARSER) ; $(COVERAGE_IGNORE_FAILURES_CMD) ; $(foreach test, $(wildcard test-*.py), echo ; echo === $(test) === ; $(PYTHON) -m coverage run --branch -p $(test); )
$(PYTHON) -m coverage combine
diff --git a/utils/test/cleanprof_test.in b/utils/test/cleanprof_test.in
index a7f91b2e638e4958a3966f937cdbd257fc4daf98..0c7c5835eb27b8abf75c91351abaed3c4868d2c5 100644
--- a/utils/test/cleanprof_test.in
+++ b/utils/test/cleanprof_test.in
@@ -76,7 +76,7 @@ $foo = false
pivot_root oldroot=/mnt/root/old/,
deny owner link /some/thing -> /foo/bar ,
- unix shutdown addr=@HypotheticalServiceDaemon,
+ unix shutdown addr=@HypotheticalServiceDaemon, # covered in abstractions/base, will be removed
link subset /alpha/beta -> /tmp/**,
diff --git a/utils/test/cleanprof_test.out b/utils/test/cleanprof_test.out
index d9865d7dc9ffc8ffb5f754cd7e70ab7174babb98..b61c6fa4bfeb4db396cfde7b115476ba71030c58 100644
--- a/utils/test/cleanprof_test.out
+++ b/utils/test/cleanprof_test.out
@@ -28,14 +28,13 @@ $bar = true
dbus send bus=session,
- mount options=(rw,suid) /c -> /3,
+ mount options=(rw, suid) /c -> /3,
signal set=(abrt alrm bus chld fpe hup ill int kill pipe quit segv stkflt term trap usr1 usr2),
pivot_root oldroot=/mnt/root/old/,
unix (receive) type=dgram,
- unix shutdown addr=@HypotheticalServiceDaemon,
deny owner link /some/thing -> /foo/bar,
diff --git a/utils/test/common_test.py b/utils/test/common_test.py
index 958cbdc137a5761c6af0bd832b5d0a4484bffc1d..9318f0d0ae66114e2fc3619a9da74474f01188a3 100755
--- a/utils/test/common_test.py
+++ b/utils/test/common_test.py
@@ -62,8 +62,8 @@ class AAParseTest(unittest.TestCase):
parsed = self.parse_function(rule)
self.assertEqual(
rule, parsed.serialize(),
- 'parse object %s returned "%s", expected "%s"'
- % (self.parse_function.__doc__, parsed.serialize(), rule))
+ 'parse object {} returned "{}", expected "{}"'.format(
+ self.parse_function.__doc__, parsed.serialize(), rule))
def setup_all_loops(module_name):
@@ -89,8 +89,8 @@ def setup_tests_loop(test_class):
def stub_test(self, test_data=test_data, expected=expected):
self._run_test(test_data, expected)
- stub_test.__doc__ = "test '%s'" % str(test_data)
- setattr(test_class, 'test_%d' % (i), stub_test)
+ stub_test.__doc__ = "test '{}'".format(test_data)
+ setattr(test_class, 'test_{}'.format(i), stub_test)
def setup_regex_tests(test_class):
@@ -102,8 +102,8 @@ def setup_regex_tests(test_class):
def stub_test(self, line=line):
self._test_parse_rule(line)
- stub_test.__doc__ = "test '%s': %s" % (line, desc)
- setattr(test_class, 'test_%d' % (i), stub_test)
+ stub_test.__doc__ = "test '{}': {}".format(line, desc)
+ setattr(test_class, 'test_{}'.format(i), stub_test)
def setup_aa(aa):
diff --git a/utils/test/fake_ldd b/utils/test/fake_ldd
deleted file mode 100755
index afec6eba9de49caf62bb3b9791791231cead6519..0000000000000000000000000000000000000000
--- a/utils/test/fake_ldd
+++ /dev/null
@@ -1,60 +0,0 @@
-#!/usr/bin/python3
-
-import sys
-
-if len(sys.argv) != 2:
- raise Exception('wrong number of arguments in fake_ldd')
-
-if sys.argv[1] in ['/AATest/bin/bash', '/bin/bash', '/usr/bin/bash']:
- print(' linux-vdso.so.1 (0x00007ffcf97f4000)')
- print(' libreadline.so.6 => /AATest/lib64/libreadline.so.6 (0x00007f2c41324000)')
- print(' libtinfo.so.6 => /AATest/lib64/libtinfo.so.6 (0x00007f2c410f9000)')
- print(' libdl.so.2 => /AATest/lib64/libdl.so.2 (0x00007f2c40ef5000)')
- print(' libc.so.6 => /AATest/lib64/libc.so.6 (0x00007f2c40b50000)')
- print(' /AATest/lib64/ld-linux-x86-64.so.2 (0x000055782c473000)')
-
-elif sys.argv[1] == '/AATest/lib64/ld-2.22.so':
- print(' linux-vdso.so.1 (0x00007ffcf97f4000)')
-
-elif sys.argv[1] == '/AATest/lib64/libc-2.22.so':
- print(' /AATest/lib64/ld-linux-x86-64.so.2 (0x0000556858473000)')
- print(' linux-vdso.so.1 (0x00007ffe98912000)')
-
-elif sys.argv[1] == '/AATest/lib64/libdl.so.2':
- print(' linux-vdso.so.1 (0x00007ffec2538000)')
- print(' libc.so.6 => /AATest/lib64/libc.so.6 (0x00007f8865346000)')
- print(' /AATest/lib64/ld-linux-x86-64.so.2 (0x0000560c3bcee000)')
-
-elif sys.argv[1] == '/AATest/lib64/libtinfo.so.6':
- print(' linux-vdso.so.1 (0x00007fff30518000)')
- print(' libc.so.6 => /AATest/lib64/libc.so.6 (0x00007fb6f2ea3000)')
- print(' /AATest/lib64/ld-linux-x86-64.so.2 (0x00005631fe8d3000)')
-
-elif sys.argv[1] == '/AATest/lib64/libreadline.so.6':
- print(' linux-vdso.so.1 (0x00007ffcb5b62000)')
- print(' libtinfo.so.6 => /AATest/lib64/libtinfo.so.6 (0x00007f2a4ed07000)')
- print(' libc.so.6 => /AATest/lib64/libc.so.6 (0x00007f2a4e961000)')
- print(' /AATest/lib64/ld-linux-x86-64.so.2 (0x000055f749c89000)')
-
-elif sys.argv[1] == '/AATest/lib64/ld-linux-x86-64.so.2':
- print(' statically linked')
-
-elif sys.argv[1] == '/AATest/lib64/libc.so.6':
- print(' /AATest/lib64/ld-linux-x86-64.so.2 (0x000055b65f7a9000)')
- print(' linux-vdso.so.1 (0x00007ffde132b000)')
-
-
-elif sys.argv[1] == '/AATest/sbin/ldconfig':
- print(' not a dynamic executable')
- sys.exit(1) # ldd exits with $? == 1 in this case
-
-elif sys.argv[1].startswith('/tmp/aa-test-'): # test file generated by test-aa.py
- print(' not a dynamic executable')
-
-elif sys.argv[1] == 'TEMPLATE':
- print('')
- print('')
- print('')
-
-else:
- raise Exception('unknown parameter in fake_ldd: %s' % sys.argv[1])
diff --git a/utils/test/logprof.conf b/utils/test/logprof.conf
index 0276bfea67dd0b37b62fbf77be7a2013c19040e4..4012c7ea7f774df39fa5c306344d5a16f7801deb 100644
--- a/utils/test/logprof.conf
+++ b/utils/test/logprof.conf
@@ -15,7 +15,6 @@
logfiles = /var/log/audit/audit.log /var/log/syslog /var/log/messages
parser = ../../parser/apparmor_parser ../parser/apparmor_parser
- ldd = /usr/bin/ldd
logger = /bin/logger /usr/bin/logger
# customize how file ownership permissions are presented
diff --git a/utils/test/logprof/ping.allowlog b/utils/test/logprof/ping.allowlog
new file mode 100644
index 0000000000000000000000000000000000000000..2442e18ae75aa8047a26a808e4585cdbb36c8b7c
--- /dev/null
+++ b/utils/test/logprof/ping.allowlog
@@ -0,0 +1,6 @@
+Updating AppArmor profiles in /etc/apparmor.d.
+Reading log entries from /var/log/audit/audit.log.
+Complain-mode changes:
+Enforce-mode changes:
+Adding owner /proc/*/cmdline r, to profile ping.
+Writing updated profile for ping.
diff --git a/utils/test/logprof/ping.auditlog b/utils/test/logprof/ping.auditlog
new file mode 100644
index 0000000000000000000000000000000000000000..dc0a319d04479cbd69d52adb0b58393d68887350
--- /dev/null
+++ b/utils/test/logprof/ping.auditlog
@@ -0,0 +1,3 @@
+type=AVC msg=audit(1691930856.284:29963): apparmor="DENIED" operation="open" class="file" profile="ping" name="/proc/21622/cmdline" pid=9136 comm="cat" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
+type=SYSCALL msg=audit(1691930856.284:29963): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffc4539abf8 a2=0 a3=0 items=0 ppid=21622 pid=9136 auid=1000 uid=1000 gid=100 euid=1000 suid=1000 fsuid=1000 egid=100 sgid=100 fsgid=100 tty=pts4 ses=2 comm="cat" exe="/usr/bin/cat" subj=ping key=(null)
+type=AVC msg=audit(1691930881.661:29975): apparmor="STATUS" operation="profile_replace" profile="apparmor_parser" name="ping" pid=10005 comm="apparmor_parser"
diff --git a/utils/test/logprof/ping.bin.ping b/utils/test/logprof/ping.bin.ping
new file mode 100644
index 0000000000000000000000000000000000000000..e1302bfe2ac850ebeca0f8049fbb4908ca36240f
--- /dev/null
+++ b/utils/test/logprof/ping.bin.ping
@@ -0,0 +1,34 @@
+abi <abi/4.0>,
+
+include <tunables/global>
+
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2009 Novell/SUSE
+# Copyright (C) 2010 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+
+profile ping /{usr/,}bin/{,iputils-}ping {
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/nameservice>
+ include if exists <local/bin.ping>
+
+ capability net_raw,
+ capability setuid,
+
+ network inet raw,
+ network inet6 raw,
+
+ /etc/modules.conf r,
+ /proc/21622/cmdline r,
+ /{,usr/}bin/{,iputils-}ping mrix,
+ @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
+
+}
diff --git a/utils/test/logprof/ping.jsonlog b/utils/test/logprof/ping.jsonlog
new file mode 100644
index 0000000000000000000000000000000000000000..dfe91cd89b5c5997d911b5a6c0c39c67dfada00f
--- /dev/null
+++ b/utils/test/logprof/ping.jsonlog
@@ -0,0 +1,13 @@
+o {"dialog": "apparmor-json-version","data": "2.12"}
+o {"dialog": "info","data": "Updating AppArmor profiles in /etc/apparmor.d."}
+o {"dialog": "info","data": "Reading log entries from /var/log/audit/audit.log."}
+o {"dialog": "info","data": "Complain-mode changes:"}
+o {"dialog": "info","data": "Enforce-mode changes:"}
+o {"dialog": "promptuser","title": null,"headers": {"Profile": "ping","Path": "/proc/21622/cmdline","New Mode": "owner r","Severity": 6},"explanation": null,"options": ["owner /proc/*/cmdline r,","owner /proc/21622/cmdline r,"],"menu_items": ["(A)llow","[(D)eny]","(I)gnore","(G)lob","Glob with (E)xtension","(N)ew","Audi(t)","(O)wner permissions off","Abo(r)t","(F)inish"],"default_key": "d"}
+i {"dialog":"promptuser","selected":0,"response_key":"o"}
+o {"dialog": "promptuser","title": null,"headers": {"Profile": "ping","Path": "/proc/21622/cmdline","New Mode": "r","Severity": 6},"explanation": null,"options": ["/proc/*/cmdline r,","/proc/21622/cmdline r,"],"menu_items": ["(A)llow","[(D)eny]","(I)gnore","(G)lob","Glob with (E)xtension","(N)ew","Audi(t)","(O)wner permissions on","Abo(r)t","(F)inish"],"default_key": "d"}
+i {"dialog":"promptuser","selected":1,"response_key":"a"}
+o {"dialog": "info","data": "Adding /proc/21622/cmdline r, to profile."}
+o {"dialog": "promptuser","title": "Changed Local Profiles","headers": {},"explanation": "The following local profiles were changed. Would you like to save them?","options": ["ping"],"menu_items": ["(S)ave Changes","Save Selec(t)ed Profile","[(V)iew Changes]","View Changes b/w (C)lean profiles","Abo(r)t"],"default_key": "v"}
+i {"dialog":"promptuser","selected":0,"response_key":"t"}
+o {"dialog": "info","data": "Writing updated profile for ping."}
diff --git a/utils/test/severity.db b/utils/test/severity.db
new file mode 120000
index 0000000000000000000000000000000000000000..267eadc3607750e570ddf85693700e23ef08ce95
--- /dev/null
+++ b/utils/test/severity.db
@@ -0,0 +1 @@
+../severity.db
\ No newline at end of file
diff --git a/utils/test/task.yaml b/utils/test/task.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1595f8e6baced669f46e9c67efc8830b0d566df1
--- /dev/null
+++ b/utils/test/task.yaml
@@ -0,0 +1,50 @@
+summary: Run "make check" broken down by test name
+systems:
+ - -opensuse-cloud-15.6
+environment:
+ # FIXME: Spread disallows dashes in variant names, most likely as a bug.
+ # As such we map the all_under_score variant name to actual test name.
+ TEST/aa_cli_bootstrap: aa-cli-bootstrap
+ TEST/aa_decode: aa-decode
+ TEST/aa_easyprof: aa-easyprof
+ TEST/aa_notify: aa-notify
+ TEST/aa: aa
+ TEST/aare: aare
+ TEST/abi: abi
+ TEST/alias: alias
+ TEST/all: all
+ TEST/baserule: baserule
+ TEST/boolean: boolean
+ TEST/capability: capability
+ TEST/change_profile: change_profile
+ TEST/common: common
+ TEST/config: config
+ TEST/dbus: dbus
+ TEST/example: example
+ TEST/file: file
+ TEST/include: include
+ TEST/io_uring: io_uring
+ TEST/libapparmor_test_multi: libapparmor-test_multi
+ TEST/logparser: logparser
+ TEST/logprof: logprof
+ TEST/minitools: minitools
+ TEST/mount: mount
+ TEST/mqueue: mqueue
+ TEST/network: network
+ TEST/notify: notify
+ TEST/parser_simple_tests: parser-simple-tests
+ TEST/pivot_root: pivot_root
+ TEST/profile_list: profile-list
+ TEST/profile_storage: profile-storage
+ TEST/profiles: profiles
+ TEST/ptrace: ptrace
+ TEST/regex_matches: regex_matches
+ TEST/rlimit: rlimit
+ TEST/severity: severity
+ TEST/signal: signal
+ TEST/translations: translations
+ TEST/unix: unix
+ TEST/userns: userns
+ TEST/variable: variable
+execute: |
+ make --warn-undefined-variables check-one-test-"$TEST"
diff --git a/utils/test/test-aa-cli-bootstrap.py b/utils/test/test-aa-cli-bootstrap.py
index 206445260ef7d6fd45ec78015b5704d3f0724ce3..b784e7564c4391ca7b5db616d21d06f1870e1729 100644
--- a/utils/test/test-aa-cli-bootstrap.py
+++ b/utils/test/test-aa-cli-bootstrap.py
@@ -61,7 +61,7 @@ class AACliBootstrapTest(AATest):
self.assertEqual(sys.stdout.getvalue(), 'Test string\n')
def test_aa_ui_info_json(self):
- aaui.set_json_mode()
+ aaui.set_json_mode({'settings': {}})
sys.stdout.getvalue()
aaui.UI_Info('Test string')
self.assertEqual(
diff --git a/utils/test/test-aa-decode.py b/utils/test/test-aa-decode.py
index 3abac701a9ef74802cbeb5c09e2243a3902c2cf7..10589ed1fb6b614d919a4de7d43e77cb881fe34e 100755
--- a/utils/test/test-aa-decode.py
+++ b/utils/test/test-aa-decode.py
@@ -66,7 +66,7 @@ class AADecodeTest(unittest.TestCase):
expected = 0
rc, report = cmd((aadecode_bin, "--help"))
- result = 'Got exit code %d, expected %d\n' % (rc, expected)
+ result = 'Got exit code {}, expected {}\n'.format(rc, expected)
self.assertEqual(expected, rc, result + report)
def _run_file_test(self, content, expected):
@@ -82,10 +82,10 @@ class AADecodeTest(unittest.TestCase):
temp_file.seek(0)
rc, report = cmd((aadecode_bin,), stdin=temp_file)
- result = 'Got exit code %d, expected %d\n' % (rc, expected_return_code)
+ result = 'Got exit code {}, expected {}\n'.format(rc, expected_return_code)
self.assertEqual(expected_return_code, rc, result + report)
for expected_string in expected:
- result = 'could not find expected %s in output:\n' % (expected_string)
+ result = 'could not find expected {} in output:\n'.format(expected_string)
self.assertIn(expected_string, report, result + report)
def test_simple_decode(self):
@@ -96,9 +96,9 @@ class AADecodeTest(unittest.TestCase):
test_code = '2F746D702F666F6F20626172'
rc, report = cmd((aadecode_bin, test_code))
- result = 'Got exit code %d, expected %d\n' % (rc, expected)
+ result = 'Got exit code {}, expected {}\n'.format(rc, expected)
self.assertEqual(expected, rc, result + report)
- result = 'Got output "%s", expected "%s"\n' % (report, expected_output)
+ result = 'Got output "{}", expected "{}"\n'.format(report, expected_output)
self.assertIn(expected_output, report, result + report)
def test_simple_filter(self):
@@ -107,7 +107,7 @@ class AADecodeTest(unittest.TestCase):
expected_string = 'name="/tmp/foo bar"'
content = \
'''type=AVC msg=audit(1348982151.183:2934): apparmor="DENIED" operation="open" parent=30751 profile="/usr/lib/firefox/firefox{,*[^s] [^h]}" name=2F746D702F666F6F20626172 pid=30833 comm="plugin-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
-'''
+''' # noqa: E128
self._run_file_test(content, (expected_string,))
@@ -123,7 +123,7 @@ class AADecodeTest(unittest.TestCase):
''' type=LOGIN msg=audit(1348980001.155:2925): login pid=17875 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=2762
type=AVC msg=audit(1348982151.183:2934): apparmor="DENIED" operation="open" parent=30751 profile="/usr/lib/firefox/firefox{,*[^s] [^h]}" name=2F746D702F666F6F20626172 pid=30833 comm="plugin-containe" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
type=AVC msg=audit(1348982148.195:2933): apparmor="DENIED" operation="file_lock" parent=5490 profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name=2F686F6D652F73746576652F746D702F6D7920746573742066696C65 pid=30737 comm="firefox" requested_mask="k" denied_mask="k" fsuid=1000 ouid=1000
-'''
+''' # noqa: E128
self._run_file_test(content, expected_strings)
@@ -135,7 +135,7 @@ type=AVC msg=audit(1348982148.195:2933): apparmor="DENIED" operation="file_lock"
'name="/lib/x86_64-linux-gnu/libdl-2.13.so"', 'profile="/test space"')
content = \
'''[289763.843292] type=1400 audit(1322614912.304:857): apparmor="ALLOWED" operation="getattr" parent=16001 profile=2F74657374207370616365 name="/lib/x86_64-linux-gnu/libdl-2.13.so" pid=17011 comm="bash" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
-'''
+''' # noqa: E128
self._run_file_test(content, expected_strings)
@@ -147,7 +147,7 @@ type=AVC msg=audit(1348982148.195:2933): apparmor="DENIED" operation="file_lock"
'profile="/home/steve/tmp/my prog.sh"')
content = \
'''type=AVC msg=audit(1349805073.402:6857): apparmor="DENIED" operation="mknod" parent=5890 profile=2F686F6D652F73746576652F746D702F6D792070726F672E7368 name=2F686F6D652F73746576652F746D702F6D7920746573742066696C65 pid=5891 comm="touch" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
-'''
+''' # noqa: E128
self._run_file_test(content, expected_strings)
@@ -157,7 +157,7 @@ type=AVC msg=audit(1348982148.195:2933): apparmor="DENIED" operation="file_lock"
expected_strings = ('name="/home/steve/tmp/my test ^file"',)
content = \
'''type=AVC msg=audit(1349805073.402:6857): apparmor="DENIED" operation="mknod" parent=5890 profile="/usr/bin/test_profile" name=2F686F6D652F73746576652F746D702F6D792074657374205E66696C65 pid=5891 comm="touch" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
-'''
+''' # noqa: E128
self._run_file_test(content, expected_strings)
@@ -167,7 +167,7 @@ type=AVC msg=audit(1348982148.195:2933): apparmor="DENIED" operation="file_lock"
expected_strings = (r'name="/home/steve/tmp/my test \^file"',)
content = \
'''type=AVC msg=audit(1349805073.402:6857): apparmor="DENIED" operation="mknod" parent=5890 profile="/usr/bin/test_profile" name=2F686F6D652F73746576652F746D702F6D792074657374205C5E66696C65 pid=5891 comm="touch" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
-'''
+''' # noqa: E128
self._run_file_test(content, expected_strings)
@@ -177,7 +177,7 @@ type=AVC msg=audit(1348982148.195:2933): apparmor="DENIED" operation="file_lock"
expected_strings = ('name="/home/steve/tmp/my test \'file"',)
content = \
'''type=AVC msg=audit(1349805073.402:6857): apparmor="DENIED" operation="mknod" parent=5890 profile="/usr/bin/test_profile" name=2F686F6D652F73746576652F746D702F6D792074657374202766696C65 pid=5891 comm="touch" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
-'''
+''' # noqa: E128
self._run_file_test(content, expected_strings)
@@ -187,7 +187,7 @@ type=AVC msg=audit(1348982148.195:2933): apparmor="DENIED" operation="file_lock"
expected_strings = ('name="/lib/x86_64-linux-gnu/libdl-2.13.so"', 'profile="test space"')
content = \
'''[289763.843292] type=1400 audit(1322614912.304:857): apparmor="ALLOWED" operation="getattr" parent=16001 profile=74657374207370616365 name="/lib/x86_64-linux-gnu/libdl-2.13.so" pid=17011 comm="bash" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
-'''
+''' # noqa: E128
self._run_file_test(content, expected_strings)
diff --git a/utils/test/test-aa-easyprof.py b/utils/test/test-aa-easyprof.py
index eb4ea0a857bac0faf66a2617cdbef03f812321a1..ee12777f27f0afc6ce71be20d37d43c888f972ea 100755
--- a/utils/test/test-aa-easyprof.py
+++ b/utils/test/test-aa-easyprof.py
@@ -146,26 +146,26 @@ class T(unittest.TestCase):
###WRITES###
}
-''' % (self.test_template)
+''' % (self.test_template,)
with open(os.path.join(self.tmpdir, 'templates', self.test_template), 'w') as f:
f.write(contents)
# Create a test policygroup
self.test_policygroup = "test-policygroup"
contents = '''
- # %s
+ # {}
#include <abstractions/gnome>
#include <abstractions/nameservice>
-''' % (self.test_policygroup)
+'''.format(self.test_policygroup)
with open(os.path.join(self.tmpdir, 'policygroups', self.test_policygroup), 'w') as f:
f.write(contents)
# setup our conffile
self.conffile = os.path.join(self.tmpdir, 'easyprof.conf')
contents = '''
-POLICYGROUPS_DIR="%s/policygroups"
-TEMPLATES_DIR="%s/templates"
-''' % (self.tmpdir, self.tmpdir)
+POLICYGROUPS_DIR="{}/policygroups"
+TEMPLATES_DIR="{}/templates"
+'''.format(self.tmpdir, self.tmpdir)
with open(self.conffile, 'w') as f:
f.write(contents)
@@ -180,14 +180,14 @@ TEMPLATES_DIR="%s/templates"
# args list and override a base path set here
base = os.getenv('__AA_BASEDIR')
if base:
- self.full_args.append('--base=%s' % base)
+ self.full_args.append('--base=' + base)
# Check __AA_PARSER, which may be set by the Makefile, to see if
# we should use a non-default apparmor_parser path to verify
# policy
parser = os.getenv('__AA_PARSER')
if parser:
- self.full_args.append('--parser=%s' % parser)
+ self.full_args.append('--parser=' + parser)
if debugging:
self.full_args.append('-d')
@@ -203,13 +203,13 @@ TEMPLATES_DIR="%s/templates"
for f in easyprof.get_directory_contents(os.path.join(
self.tmpdir, d)):
shutil.copy(f, os.path.join(self.test_include_dir, d,
- "inc_%s" % os.path.basename(f)))
+ "inc_" + os.path.basename(f)))
def tearDown(self):
"""Teardown for tests"""
if os.path.exists(self.tmpdir):
if debugging:
- sys.stdout.write("%s\n" % self.tmpdir)
+ sys.stdout.write(self.tmpdir + "\n")
else:
recursive_rm(self.tmpdir)
@@ -220,8 +220,8 @@ TEMPLATES_DIR="%s/templates"
"""Test config parsing (invalid POLICYGROUPS_DIR)"""
contents = '''
POLICYGROUPS_DIR=
-TEMPLATES_DIR="%s/templates"
-''' % (self.tmpdir)
+TEMPLATES_DIR="{}/templates"
+'''.format(self.tmpdir)
with open(self.conffile, 'w') as f:
f.write(contents)
@@ -229,17 +229,15 @@ TEMPLATES_DIR="%s/templates"
easyprof.AppArmorEasyProfile(self.binary, self.options)
except AppArmorException:
return
- except Exception:
- raise
raise Exception("File should have been invalid")
def test_configuration_file_p_empty(self):
"""Test config parsing (empty POLICYGROUPS_DIR)"""
contents = '''
-POLICYGROUPS_DIR="%s"
-TEMPLATES_DIR="%s/templates"
-''' % ('', self.tmpdir)
+POLICYGROUPS_DIR=""
+TEMPLATES_DIR="{}/templates"
+'''.format(self.tmpdir)
with open(self.conffile, 'w') as f:
f.write(contents)
@@ -247,17 +245,15 @@ TEMPLATES_DIR="%s/templates"
easyprof.AppArmorEasyProfile(self.binary, self.options)
except AppArmorException:
return
- except Exception:
- raise
raise Exception("File should have been invalid")
def test_configuration_file_p_nonexistent(self):
"""Test config parsing (nonexistent POLICYGROUPS_DIR)"""
contents = '''
-POLICYGROUPS_DIR="%s/policygroups"
-TEMPLATES_DIR="%s/templates"
-''' % ('/nonexistent', self.tmpdir)
+POLICYGROUPS_DIR="/nonexistent/policygroups"
+TEMPLATES_DIR="{}/templates"
+'''.format(self.tmpdir)
with open(self.conffile, 'w') as f:
f.write(contents)
@@ -265,8 +261,6 @@ TEMPLATES_DIR="%s/templates"
easyprof.AppArmorEasyProfile(self.binary, self.options)
except AppArmorException:
return
- except Exception:
- raise
raise Exception("File should have been invalid")
@@ -278,14 +272,14 @@ TEMPLATES_DIR="%s/templates"
shutil.copy(os.path.join(self.tmpdir, 'policygroups', self.test_policygroup), os.path.join(rel, self.test_policygroup))
args = self.full_args
- args += ['--policy-groups-dir', './relative', '--show-policy-group', '--policy-groups=%s' % self.test_policygroup]
+ args += ['--policy-groups-dir', './relative', '--show-policy-group', '--policy-groups=' + self.test_policygroup]
(self.options, self.args) = easyprof.parse_args(args)
easyp = easyprof.AppArmorEasyProfile(self.binary, self.options)
# no fallback
self.assertTrue(easyp.dirs['policygroups'] == rel,
"Not using specified --policy-groups-dir\n"
- "Specified dir: %s\nActual dir: %s" % (rel, str(easyp.dirs['policygroups'])))
+ "Specified dir: {}\nActual dir: {}".format(rel, easyp.dirs['policygroups']))
self.assertFalse(easyp.get_policy_groups() is None, "Could not find policy-groups")
def test_policygroups_dir_nonexistent(self):
@@ -294,7 +288,7 @@ TEMPLATES_DIR="%s/templates"
rel = os.path.join(self.tmpdir, 'nonexistent')
args = self.full_args
- args += ['--policy-groups-dir', rel, '--show-policy-group', '--policy-groups=%s' % self.test_policygroup]
+ args += ['--policy-groups-dir', rel, '--show-policy-group', '--policy-groups=' + self.test_policygroup]
(self.options, self.args) = easyprof.parse_args(args)
easyp = easyprof.AppArmorEasyProfile(self.binary, self.options)
@@ -312,7 +306,7 @@ TEMPLATES_DIR="%s/templates"
shutil.copy(os.path.join(self.tmpdir, 'policygroups', self.test_policygroup), os.path.join(valid, self.test_policygroup))
args = self.full_args
- args += ['--policy-groups-dir', valid, '--show-policy-group', '--policy-groups=%s' % self.test_policygroup]
+ args += ['--policy-groups-dir', valid, '--show-policy-group', '--policy-groups=' + self.test_policygroup]
(self.options, self.args) = easyprof.parse_args(args)
easyp = easyprof.AppArmorEasyProfile(self.binary, self.options)
@@ -336,21 +330,21 @@ TEMPLATES_DIR="%s/templates"
shutil.copy(os.path.join(self.tmpdir, 'policygroups', self.test_policygroup), valid_distro)
args = self.full_args
- args += ['--policy-groups-dir', valid, '--show-policy-group', '--policy-groups=%s' % self.test_policygroup]
+ args += ['--policy-groups-dir', valid, '--show-policy-group', '--policy-groups=' + self.test_policygroup]
(self.options, self.args) = easyprof.parse_args(args)
easyp = easyprof.AppArmorEasyProfile(self.binary, self.options)
self.assertTrue(easyp.dirs['policygroups'] == valid, "Not using specified --policy-groups-dir")
self.assertFalse(easyp.get_policy_groups() is None, "Could not find policy-groups")
for f in easyp.get_policy_groups():
- self.assertFalse(os.path.basename(f) == vendor, "Found '%s' in %s" % (vendor, f))
+ self.assertFalse(os.path.basename(f) == vendor, "Found '{}' in {}".format(vendor, f))
def test_configuration_file_t_invalid(self):
"""Test config parsing (invalid TEMPLATES_DIR)"""
contents = '''
TEMPLATES_DIR=
-POLICYGROUPS_DIR="%s/templates"
-''' % (self.tmpdir)
+POLICYGROUPS_DIR="{}/templates"
+'''.format(self.tmpdir)
with open(self.conffile, 'w') as f:
f.write(contents)
@@ -358,17 +352,15 @@ POLICYGROUPS_DIR="%s/templates"
easyprof.AppArmorEasyProfile(self.binary, self.options)
except AppArmorException:
return
- except Exception:
- raise
raise Exception("File should have been invalid")
def test_configuration_file_t_empty(self):
"""Test config parsing (empty TEMPLATES_DIR)"""
contents = '''
-TEMPLATES_DIR="%s"
-POLICYGROUPS_DIR="%s/templates"
-''' % ('', self.tmpdir)
+TEMPLATES_DIR=""
+POLICYGROUPS_DIR="{}/templates"
+'''.format(self.tmpdir)
with open(self.conffile, 'w') as f:
f.write(contents)
@@ -376,17 +368,15 @@ POLICYGROUPS_DIR="%s/templates"
easyprof.AppArmorEasyProfile(self.binary, self.options)
except AppArmorException:
return
- except Exception:
- raise
raise Exception("File should have been invalid")
def test_configuration_file_t_nonexistent(self):
"""Test config parsing (nonexistent TEMPLATES_DIR)"""
contents = '''
-TEMPLATES_DIR="%s/policygroups"
-POLICYGROUPS_DIR="%s/templates"
-''' % ('/nonexistent', self.tmpdir)
+TEMPLATES_DIR="/nonexistent/policygroups"
+POLICYGROUPS_DIR="{}/templates"
+'''.format(self.tmpdir)
with open(self.conffile, 'w') as f:
f.write(contents)
@@ -394,8 +384,6 @@ POLICYGROUPS_DIR="%s/templates"
easyprof.AppArmorEasyProfile(self.binary, self.options)
except AppArmorException:
return
- except Exception:
- raise
raise Exception("File should have been invalid")
@@ -407,14 +395,14 @@ POLICYGROUPS_DIR="%s/templates"
shutil.copy(os.path.join(self.tmpdir, 'templates', self.test_template), os.path.join(rel, self.test_template))
args = self.full_args
- args += ['--templates-dir', './relative', '--show-template', '--template=%s' % self.test_template]
+ args += ['--templates-dir', './relative', '--show-template', '--template=' + self.test_template]
(self.options, self.args) = easyprof.parse_args(args)
easyp = easyprof.AppArmorEasyProfile(self.binary, self.options)
# no fallback
self.assertTrue(easyp.dirs['templates'] == rel,
"Not using specified --template-dir\n"
- "Specified dir: %s\nActual dir: %s" % (rel, str(easyp.dirs['templates'])))
+ "Specified dir: {}\nActual dir: {}".format(rel, easyp.dirs['templates']))
self.assertFalse(easyp.get_templates() is None, "Could not find templates")
def test_templates_dir_nonexistent(self):
@@ -423,7 +411,7 @@ POLICYGROUPS_DIR="%s/templates"
rel = os.path.join(self.tmpdir, 'nonexistent')
args = self.full_args
- args += ['--templates-dir', rel, '--show-template', '--template=%s' % self.test_template]
+ args += ['--templates-dir', rel, '--show-template', '--template=' + self.test_template]
(self.options, self.args) = easyprof.parse_args(args)
easyp = easyprof.AppArmorEasyProfile(self.binary, self.options)
@@ -441,7 +429,7 @@ POLICYGROUPS_DIR="%s/templates"
shutil.copy(os.path.join(self.tmpdir, 'templates', self.test_template), os.path.join(valid, self.test_template))
args = self.full_args
- args += ['--templates-dir', valid, '--show-template', '--template=%s' % self.test_template]
+ args += ['--templates-dir', valid, '--show-template', '--template=' + self.test_template]
(self.options, self.args) = easyprof.parse_args(args)
easyp = easyprof.AppArmorEasyProfile(self.binary, self.options)
@@ -464,14 +452,14 @@ POLICYGROUPS_DIR="%s/templates"
shutil.copy(os.path.join(self.tmpdir, 'templates', self.test_template), valid_distro)
args = self.full_args
- args += ['--templates-dir', valid, '--show-template', '--template=%s' % self.test_template]
+ args += ['--templates-dir', valid, '--show-template', '--template=' + self.test_template]
(self.options, self.args) = easyprof.parse_args(args)
easyp = easyprof.AppArmorEasyProfile(self.binary, self.options)
self.assertTrue(easyp.dirs['templates'] == valid, "Not using specified --template-dir")
self.assertFalse(easyp.get_templates() is None, "Could not find templates")
for f in easyp.get_templates():
- self.assertFalse(os.path.basename(f) == vendor, "Found '%s' in %s" % (vendor, f))
+ self.assertFalse(os.path.basename(f) == vendor, "Found '{}' in {}".format(vendor, f))
#
# Binary file tests
@@ -504,8 +492,6 @@ POLICYGROUPS_DIR="%s/templates"
easyprof.AppArmorEasyProfile('./foo', self.options)
except AppArmorException:
return
- except Exception:
- raise
raise Exception("Binary should have been invalid")
def test_binary_symlink(self):
@@ -519,8 +505,6 @@ POLICYGROUPS_DIR="%s/templates"
easyprof.AppArmorEasyProfile(symlink, self.options)
except AppArmorException:
return
- except Exception:
- raise
raise Exception("Binary should have been invalid")
#
@@ -534,11 +518,11 @@ POLICYGROUPS_DIR="%s/templates"
easyp = easyprof.AppArmorEasyProfile(None, self.options)
for i in easyp.get_templates():
- self.assertTrue(os.path.exists(i), "Could not find '%s'" % i)
+ self.assertTrue(os.path.exists(i), "Could not find '{}'".format(i))
def test_templates_show(self):
"""Test templates (show)"""
- files = glob.glob("%s/templates/*" % self.tmpdir)
+ files = glob.glob(self.tmpdir + "/templates/*")
for f in files:
args = self.full_args
args += ['--show-template', '--template', f]
@@ -546,7 +530,7 @@ POLICYGROUPS_DIR="%s/templates"
easyp = easyprof.AppArmorEasyProfile(None, self.options)
path = os.path.join(easyp.dirs['templates'], f)
- self.assertTrue(os.path.exists(path), "Could not find '%s'" % path)
+ self.assertTrue(os.path.exists(path), "Could not find '{}'".format(path))
with open(path) as fd:
fd.read()
@@ -561,39 +545,39 @@ POLICYGROUPS_DIR="%s/templates"
args = self.full_args
args.append('--list-templates')
- args.append('--include-templates-dir=%s'
- % os.path.join(self.test_include_dir, 'templates'))
+ args.append('--include-templates-dir='
+ + os.path.join(self.test_include_dir, 'templates'))
(self.options, self.args) = easyprof.parse_args(args)
easyp = easyprof.AppArmorEasyProfile(None, self.options)
inc_templates = easyp.get_templates()
self.assertTrue(len(inc_templates) == len(orig_templates) * 2,
- "templates missing: %s" % inc_templates)
+ "templates missing: {}".format(inc_templates))
for i in inc_templates:
- self.assertTrue(os.path.exists(i), "Could not find '%s'" % i)
+ self.assertTrue(os.path.exists(i), "Could not find '{}'".format(i))
def test_templates_show_include(self):
"""Test templates (show with --include-templates-dir)"""
- files = glob.glob("%s/templates/*" % self.test_include_dir)
+ files = glob.glob(self.test_include_dir + "/templates/*")
for f in files:
args = self.full_args
args += ['--show-template',
'--template', f,
- '--include-templates-dir=%s'
- % os.path.join(self.test_include_dir, 'templates')]
+ '--include-templates-dir='
+ + os.path.join(self.test_include_dir, 'templates')]
(self.options, self.args) = easyprof.parse_args(args)
easyp = easyprof.AppArmorEasyProfile(None, self.options)
path = os.path.join(easyp.dirs['templates_include'], f)
- self.assertTrue(os.path.exists(path), "Could not find '%s'" % path)
+ self.assertTrue(os.path.exists(path), "Could not find '{}'".format(path))
with open(path) as fd:
fd.read()
bn = os.path.basename(f)
# setup() copies everything in the include prefixed with inc_
self.assertTrue(bn.startswith('inc_'),
- "'%s' does not start with 'inc_'" % bn)
+ "'{}' does not start with 'inc_'".format(bn))
#
# Policygroups tests
@@ -606,11 +590,11 @@ POLICYGROUPS_DIR="%s/templates"
easyp = easyprof.AppArmorEasyProfile(None, self.options)
for i in easyp.get_policy_groups():
- self.assertTrue(os.path.exists(i), "Could not find '%s'" % i)
+ self.assertTrue(os.path.exists(i), "Could not find '{}'".format(i))
def test_policygroups_show(self):
"""Test policygroups (show)"""
- files = glob.glob("%s/policygroups/*" % self.tmpdir)
+ files = glob.glob(self.tmpdir + "/policygroups/*")
for f in files:
args = self.full_args
args += ['--show-policy-group',
@@ -619,7 +603,7 @@ POLICYGROUPS_DIR="%s/templates"
easyp = easyprof.AppArmorEasyProfile(None, self.options)
path = os.path.join(easyp.dirs['policygroups'], f)
- self.assertTrue(os.path.exists(path), "Could not find '%s'" % path)
+ self.assertTrue(os.path.exists(path), "Could not find '{}'".format(path))
with open(path) as fd:
fd.read()
@@ -634,39 +618,39 @@ POLICYGROUPS_DIR="%s/templates"
args = self.full_args
args.append('--list-policy-groups')
- args.append('--include-policy-groups-dir=%s'
- % os.path.join(self.test_include_dir, 'policygroups'))
+ args.append('--include-policy-groups-dir='
+ + os.path.join(self.test_include_dir, 'policygroups'))
(self.options, self.args) = easyprof.parse_args(args)
easyp = easyprof.AppArmorEasyProfile(None, self.options)
inc_policy_groups = easyp.get_policy_groups()
self.assertTrue(len(inc_policy_groups) == len(orig_policy_groups) * 2,
- "policy_groups missing: %s" % inc_policy_groups)
+ "policy_groups missing: {}".format(inc_policy_groups))
for i in inc_policy_groups:
- self.assertTrue(os.path.exists(i), "Could not find '%s'" % i)
+ self.assertTrue(os.path.exists(i), "Could not find '{}'".format(i))
def test_policygroups_show_include(self):
"""Test policygroups (show with --include-policy-groups-dir)"""
- files = glob.glob("%s/policygroups/*" % self.test_include_dir)
+ files = glob.glob(self.test_include_dir + "/policygroups/*")
for f in files:
args = self.full_args
args += ['--show-policy-group',
'--policy-groups', os.path.basename(f),
- '--include-policy-groups-dir=%s'
- % os.path.join(self.test_include_dir, 'policygroups')]
+ '--include-policy-groups-dir='
+ + os.path.join(self.test_include_dir, 'policygroups')]
(self.options, self.args) = easyprof.parse_args(args)
easyp = easyprof.AppArmorEasyProfile(None, self.options)
path = os.path.join(easyp.dirs['policygroups_include'], f)
- self.assertTrue(os.path.exists(path), "Could not find '%s'" % path)
+ self.assertTrue(os.path.exists(path), "Could not find '{}'".format(path))
with open(path) as fd:
fd.read()
bn = os.path.basename(f)
# setup() copies everything in the include prefixed with inc_
self.assertTrue(bn.startswith('inc_'),
- "'%s' does not start with 'inc_'" % bn)
+ "'{}' does not start with 'inc_'".format(bn))
#
# Manifest file argument tests
@@ -705,8 +689,8 @@ POLICYGROUPS_DIR="%s/templates"
except InterceptedError:
raised = True
- self.assertTrue(raised, msg="%s and manifest arguments did not "
- "raise a parse error" % opt)
+ self.assertTrue(raised, msg=opt + " and manifest arguments did not "
+ "raise a parse error")
# manifest first
args = self.full_args
@@ -717,8 +701,8 @@ POLICYGROUPS_DIR="%s/templates"
except InterceptedError:
raised = True
- self.assertTrue(raised, msg="%s and manifest arguments did not "
- "raise a parse error" % opt)
+ self.assertTrue(raised, msg=opt + " and manifest arguments did not "
+ "raise a parse error")
def test_manifest_conflicts_profilename(self):
"""Test manifest arg conflicts with profile_name arg"""
@@ -777,12 +761,12 @@ POLICYGROUPS_DIR="%s/templates"
args = self.full_args
if template is None:
- args.append('--template=%s' % self.test_template)
+ args.append('--template=' + self.test_template)
else:
- args.append('--template=%s' % template)
+ args.append('--template=' + template)
if name is not None:
- args.append('--name=%s' % name)
+ args.append('--name=' + name)
if extra_args:
args += extra_args
@@ -804,14 +788,14 @@ POLICYGROUPS_DIR="%s/templates"
search_terms.append(self.test_template)
for s in search_terms:
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
# ###NAME### should be replaced with self.binary or 'name'. Check for that
inv_s = '###NAME###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
if debugging:
- sys.stdout.write("%s\n" % p)
+ sys.stdout.write(p + "\n")
return p
@@ -828,10 +812,10 @@ POLICYGROUPS_DIR="%s/templates"
# ###NAME### should be replaced with self.binary or 'name'. Check for that
inv_s = '###NAME###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
if debugging:
- sys.stdout.write("%s\n" % p)
+ sys.stdout.write(p + "\n")
return p
@@ -847,7 +831,7 @@ POLICYGROUPS_DIR="%s/templates"
'foo"bar',
)
for s in bad:
- self.assertFalse(easyprof._is_safe(s), "'%s' should be bad" % s)
+ self.assertFalse(easyprof._is_safe(s), "'{}' should be bad".format(s))
def test_genpolicy_templates_abspath(self):
"""Test genpolicy (abspath to template)"""
@@ -858,12 +842,12 @@ POLICYGROUPS_DIR="%s/templates"
contents = f.read()
test_string = "#teststring"
with open(template, 'w') as f:
- f.write(contents + "\n%s\n" % test_string)
+ f.write(contents + "\n{}\n".format(test_string))
p = self._gen_policy(template=template)
for s in (self.test_template, test_string):
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
def test_genpolicy_templates_system(self):
"""Test genpolicy (system template)"""
@@ -875,8 +859,6 @@ POLICYGROUPS_DIR="%s/templates"
self._gen_policy(template=os.path.join(self.tmpdir, "/nonexistent"))
except AppArmorException:
return
- except Exception:
- raise
raise Exception("template should be invalid")
def test_genpolicy_name(self):
@@ -886,67 +868,65 @@ POLICYGROUPS_DIR="%s/templates"
def test_genpolicy_comment(self):
"""Test genpolicy (comment)"""
s = "test comment"
- p = self._gen_policy(extra_args=['--comment=%s' % s])
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ p = self._gen_policy(extra_args=['--comment=' + s])
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
inv_s = '###COMMENT###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_author(self):
"""Test genpolicy (author)"""
s = "Archibald Poindexter"
- p = self._gen_policy(extra_args=['--author=%s' % s])
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ p = self._gen_policy(extra_args=['--author=' + s])
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
inv_s = '###AUTHOR###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_copyright(self):
"""Test genpolicy (copyright)"""
s = "2112/01/01"
- p = self._gen_policy(extra_args=['--copyright=%s' % s])
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ p = self._gen_policy(extra_args=['--copyright=' + s])
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
inv_s = '###COPYRIGHT###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_abstractions(self):
"""Test genpolicy (single abstraction)"""
s = "nameservice"
- p = self._gen_policy(extra_args=['--abstractions=%s' % s])
- search = "#include <abstractions/%s>" % s
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ p = self._gen_policy(extra_args=['--abstractions=' + s])
+ search = "#include <abstractions/{}>".format(s)
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###ABSTRACTIONS###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_abstractions_multiple(self):
"""Test genpolicy (multiple abstractions)"""
abstractions = "authentication,X,user-tmp"
- p = self._gen_policy(extra_args=['--abstractions=%s' % abstractions])
+ p = self._gen_policy(extra_args=['--abstractions=' + abstractions])
for s in abstractions.split(','):
- search = "#include <abstractions/%s>" % s
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ search = "#include <abstractions/{}>".format(s)
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###ABSTRACTIONS###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_abstractions_bad(self):
"""Test genpolicy (abstractions - bad values)"""
bad = (
- "nonexistent",
- "/../../../../etc/passwd",
- "abstraction with spaces",
- )
+ "nonexistent",
+ "/../../../../etc/passwd",
+ "abstraction with spaces",
+ )
for s in bad:
try:
- self._gen_policy(extra_args=['--abstractions=%s' % s])
+ self._gen_policy(extra_args=['--abstractions=' + s])
except AppArmorException:
continue
- except Exception:
- raise
- raise Exception("abstraction '%s' should be invalid" % s)
+ raise Exception("abstraction '{}' should be invalid".format(s))
def _create_tmp_base_dir(self, prefix='', abstractions=(), tunables=()):
"""Create a temporary base dir layout"""
base_name = 'apparmor.d'
if prefix:
- base_name = '%s-%s' % (prefix, base_name)
+ base_name = '{}-{}'.format(prefix, base_name)
base_dir = os.path.join(self.tmpdir, base_name)
abstractions_dir = os.path.join(base_dir, 'abstractions')
tunables_dir = os.path.join(base_dir, 'tunables')
@@ -958,8 +938,8 @@ POLICYGROUPS_DIR="%s/templates"
for f in abstractions:
contents = '''
# Abstraction file for testing
- /%s r,
-''' % (f)
+ /{} r,
+'''.format(f)
with open(os.path.join(abstractions_dir, f), 'w') as fd:
fd.write(contents)
@@ -967,7 +947,7 @@ POLICYGROUPS_DIR="%s/templates"
contents = '''
# Tunable file for testing
@{AA_TEST_%s}=foo
-''' % (f)
+''' % (f,)
with open(os.path.join(tunables_dir, f), 'w') as fd:
fd.write(contents)
@@ -979,13 +959,13 @@ POLICYGROUPS_DIR="%s/templates"
# The default template #includes the base abstraction and global
# tunable so we need to create placeholders
base = self._create_tmp_base_dir(abstractions=['base', abstraction], tunables=['global'])
- args = ['--abstractions=%s' % abstraction, '--base=%s' % base]
+ args = ['--abstractions=' + abstraction, '--base=' + base]
p = self._gen_policy(extra_args=args)
- search = "#include <abstractions/%s>" % abstraction
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ search = "#include <abstractions/{}>".format(abstraction)
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###ABSTRACTIONS###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_abstractions_custom_base_bad(self):
"""Test genpolicy (custom base dir - bad base dirs)"""
@@ -993,15 +973,13 @@ POLICYGROUPS_DIR="%s/templates"
bad = [None, '/etc/apparmor.d', '/']
for base in bad:
try:
- args = ['--abstractions=%s' % abstraction]
+ args = ['--abstractions=' + abstraction]
if base:
- args.append('--base=%s' % base)
+ args.append('--base={}'.format(base))
self._gen_policy(extra_args=args)
except AppArmorException:
continue
- except Exception:
- raise
- raise Exception("abstraction '%s' should be invalid" % abstraction)
+ raise Exception("abstraction '{}' should be invalid".format(abstraction))
def test_genpolicy_abstractions_custom_include(self):
"""Test genpolicy (custom include dir)"""
@@ -1009,12 +987,12 @@ POLICYGROUPS_DIR="%s/templates"
# No need to create placeholders for the base abstraction or global
# tunable since we're not adjusting the base directory
include = self._create_tmp_base_dir(abstractions=[abstraction])
- args = ['--abstractions=%s' % abstraction, '--Include=%s' % include]
+ args = ['--abstractions=' + abstraction, '--Include=' + include]
p = self._gen_policy(extra_args=args)
- search = "#include <abstractions/%s>" % abstraction
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ search = "#include <abstractions/{}>".format(abstraction)
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###ABSTRACTIONS###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_abstractions_custom_include_bad(self):
"""Test genpolicy (custom include dir - bad include dirs)"""
@@ -1022,15 +1000,13 @@ POLICYGROUPS_DIR="%s/templates"
bad = [None, '/etc/apparmor.d', '/']
for include in bad:
try:
- args = ['--abstractions=%s' % abstraction]
+ args = ['--abstractions=' + abstraction]
if include:
- args.append('--Include=%s' % include)
+ args.append('--Include={}'.format(include))
self._gen_policy(extra_args=args)
except AppArmorException:
continue
- except Exception:
- raise
- raise Exception("abstraction '%s' should be invalid" % abstraction)
+ raise Exception("abstraction '{}' should be invalid".format(abstraction))
def test_genpolicy_profile_name_bad(self):
"""Test genpolicy (profile name - bad values)"""
@@ -1041,12 +1017,10 @@ POLICYGROUPS_DIR="%s/templates"
]
for s in bad:
try:
- self._gen_policy(extra_args=['--profile-name=%s' % s])
+ self._gen_policy(extra_args=['--profile-name=' + s])
except AppArmorException:
continue
- except Exception:
- raise
- raise Exception("profile_name '%s' should be invalid" % s)
+ raise Exception("profile_name '{}' should be invalid".format(s))
def test_genpolicy_policy_group_bad(self):
"""Test genpolicy (policy group - bad values)"""
@@ -1057,44 +1031,42 @@ POLICYGROUPS_DIR="%s/templates"
]
for s in bad:
try:
- self._gen_policy(extra_args=['--policy-groups=%s' % s])
+ self._gen_policy(extra_args=['--policy-groups=' + s])
except AppArmorException:
continue
- except Exception:
- raise
- raise Exception("policy group '%s' should be invalid" % s)
+ raise Exception("policy group '{}' should be invalid".format(s))
def test_genpolicy_policygroups(self):
"""Test genpolicy (single policygroup)"""
groups = self.test_policygroup
- p = self._gen_policy(extra_args=['--policy-groups=%s' % groups])
+ p = self._gen_policy(extra_args=['--policy-groups=' + groups])
for s in ('#include <abstractions/nameservice>', '#include <abstractions/gnome>'):
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
inv_s = '###POLICYGROUPS###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_policygroups_multiple(self):
"""Test genpolicy (multiple policygroups)"""
test_policygroup2 = "test-policygroup2"
contents = '''
- # %s
+ # {}
#include <abstractions/kde>
#include <abstractions/openssl>
-''' % (self.test_policygroup)
+'''.format(self.test_policygroup)
with open(os.path.join(self.tmpdir, 'policygroups', test_policygroup2), 'w') as f:
f.write(contents)
- groups = "%s,%s" % (self.test_policygroup, test_policygroup2)
- p = self._gen_policy(extra_args=['--policy-groups=%s' % groups])
+ groups = "{},{}".format(self.test_policygroup, test_policygroup2)
+ p = self._gen_policy(extra_args=['--policy-groups=' + groups])
for s in ('#include <abstractions/nameservice>',
'#include <abstractions/gnome>',
'#include <abstractions/kde>',
'#include <abstractions/openssl>'):
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
inv_s = '###POLICYGROUPS###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_policygroups_nonexistent(self):
"""Test genpolicy (nonexistent policygroup)"""
@@ -1102,75 +1074,73 @@ POLICYGROUPS_DIR="%s/templates"
self._gen_policy(extra_args=['--policy-groups=nonexistent'])
except AppArmorException:
return
- except Exception:
- raise
raise Exception("policygroup should be invalid")
def test_genpolicy_readpath_file(self):
"""Test genpolicy (read-path file)"""
s = "/opt/test-foo"
- p = self._gen_policy(extra_args=['--read-path=%s' % s])
- search = "%s rk," % s
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ p = self._gen_policy(extra_args=['--read-path=' + s])
+ search = "{} rk,".format(s)
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###READPATH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_readpath_home_file(self):
"""Test genpolicy (read-path file in /home)"""
s = "/home/*/test-foo"
- p = self._gen_policy(extra_args=['--read-path=%s' % s])
- search = "owner %s rk," % s
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ p = self._gen_policy(extra_args=['--read-path=' + s])
+ search = "owner {} rk,".format(s)
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###READPATH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_readpath_homevar_file(self):
"""Test genpolicy (read-path file in @{HOME})"""
s = "@{HOME}/test-foo"
- p = self._gen_policy(extra_args=['--read-path=%s' % s])
- search = "owner %s rk," % s
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ p = self._gen_policy(extra_args=['--read-path=' + s])
+ search = "owner {} rk,".format(s)
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###READPATH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_readpath_homedirs_file(self):
"""Test genpolicy (read-path file in @{HOMEDIRS})"""
s = "@{HOMEDIRS}/test-foo"
- p = self._gen_policy(extra_args=['--read-path=%s' % s])
- search = "owner %s rk," % s
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ p = self._gen_policy(extra_args=['--read-path=' + s])
+ search = "owner {} rk,".format(s)
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###READPATH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_readpath_dir(self):
"""Test genpolicy (read-path directory/)"""
s = "/opt/test-foo-dir/"
- p = self._gen_policy(extra_args=['--read-path=%s' % s])
- search_terms = ["%s rk," % s, "%s** rk," % s]
+ p = self._gen_policy(extra_args=['--read-path=' + s])
+ search_terms = ["{} rk,".format(s), "{}** rk,".format(s)]
for search in search_terms:
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###READPATH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_readpath_dir_glob(self):
"""Test genpolicy (read-path directory/*)"""
s = "/opt/test-foo-dir/*"
- p = self._gen_policy(extra_args=['--read-path=%s' % s])
- search_terms = ["%s rk," % os.path.dirname(s), "%s rk," % s]
+ p = self._gen_policy(extra_args=['--read-path=' + s])
+ search_terms = ["{} rk,".format(os.path.dirname(s)), "{} rk,".format(s)]
for search in search_terms:
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###READPATH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_readpath_dir_glob_all(self):
"""Test genpolicy (read-path directory/**)"""
s = "/opt/test-foo-dir/**"
- p = self._gen_policy(extra_args=['--read-path=%s' % s])
- search_terms = ["%s rk," % os.path.dirname(s), "%s rk," % s]
+ p = self._gen_policy(extra_args=['--read-path=' + s])
+ search_terms = ["{} rk,".format(os.path.dirname(s)), "{} rk,".format(s)]
for search in search_terms:
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###READPATH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_readpath_multiple(self):
"""Test genpolicy (read-path multiple)"""
@@ -1186,102 +1156,100 @@ POLICYGROUPS_DIR="%s/templates"
args = []
search_terms = []
for s in paths:
- args.append('--read-path=%s' % s)
+ args.append('--read-path=' + s)
# This mimics easyprof.gen_path_rule()
owner = ""
if s.startswith('/home/') or s.startswith("@{HOME"):
owner = "owner "
if s.endswith('/'):
- search_terms.append("%s rk," % (s))
- search_terms.append("%s%s** rk," % (owner, s))
+ search_terms.append("{} rk,".format(s))
+ search_terms.append("{}{}** rk,".format(owner, s))
elif s.endswith('/**') or s.endswith('/*'):
- search_terms.append("%s rk," % (os.path.dirname(s)))
- search_terms.append("%s%s rk," % (owner, s))
+ search_terms.append("{} rk,".format(os.path.dirname(s)))
+ search_terms.append("{}{} rk,".format(owner, s))
else:
- search_terms.append("%s%s rk," % (owner, s))
+ search_terms.append("{}{} rk,".format(owner, s))
p = self._gen_policy(extra_args=args)
for search in search_terms:
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###READPATH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_readpath_bad(self):
"""Test genpolicy (read-path bad)"""
s = "bar"
try:
- self._gen_policy(extra_args=['--read-path=%s' % s])
+ self._gen_policy(extra_args=['--read-path=' + s])
except AppArmorException:
return
- except Exception:
- raise
raise Exception("read-path should be invalid")
def test_genpolicy_writepath_file(self):
"""Test genpolicy (write-path file)"""
s = "/opt/test-foo"
- p = self._gen_policy(extra_args=['--write-path=%s' % s])
- search = "%s rwk," % s
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ p = self._gen_policy(extra_args=['--write-path=' + s])
+ search = "{} rwk,".format(s)
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###READPATH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_writepath_home_file(self):
"""Test genpolicy (write-path file in /home)"""
s = "/home/*/test-foo"
- p = self._gen_policy(extra_args=['--write-path=%s' % s])
- search = "owner %s rwk," % s
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ p = self._gen_policy(extra_args=['--write-path=' + s])
+ search = "owner {} rwk,".format(s)
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###READPATH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_writepath_homevar_file(self):
"""Test genpolicy (write-path file in @{HOME})"""
s = "@{HOME}/test-foo"
- p = self._gen_policy(extra_args=['--write-path=%s' % s])
- search = "owner %s rwk," % s
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ p = self._gen_policy(extra_args=['--write-path=' + s])
+ search = "owner {} rwk,".format(s)
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###READPATH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_writepath_homedirs_file(self):
"""Test genpolicy (write-path file in @{HOMEDIRS})"""
s = "@{HOMEDIRS}/test-foo"
- p = self._gen_policy(extra_args=['--write-path=%s' % s])
- search = "owner %s rwk," % s
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ p = self._gen_policy(extra_args=['--write-path=' + s])
+ search = "owner {} rwk,".format(s)
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###READPATH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_writepath_dir(self):
"""Test genpolicy (write-path directory/)"""
s = "/opt/test-foo-dir/"
- p = self._gen_policy(extra_args=['--write-path=%s' % s])
- search_terms = ["%s rwk," % s, "%s** rwk," % s]
+ p = self._gen_policy(extra_args=['--write-path=' + s])
+ search_terms = ["{} rwk,".format(s), "{}** rwk,".format(s)]
for search in search_terms:
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###READPATH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_writepath_dir_glob(self):
"""Test genpolicy (write-path directory/*)"""
s = "/opt/test-foo-dir/*"
- p = self._gen_policy(extra_args=['--write-path=%s' % s])
- search_terms = ["%s rwk," % os.path.dirname(s), "%s rwk," % s]
+ p = self._gen_policy(extra_args=['--write-path=' + s])
+ search_terms = ["{} rwk,".format(os.path.dirname(s)), "{} rwk,".format(s)]
for search in search_terms:
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###READPATH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_writepath_dir_glob_all(self):
"""Test genpolicy (write-path directory/**)"""
s = "/opt/test-foo-dir/**"
- p = self._gen_policy(extra_args=['--write-path=%s' % s])
- search_terms = ["%s rwk," % os.path.dirname(s), "%s rwk," % s]
+ p = self._gen_policy(extra_args=['--write-path=' + s])
+ search_terms = ["{} rwk,".format(os.path.dirname(s)), "{} rwk,".format(s)]
for search in search_terms:
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###READPATH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_writepath_multiple(self):
"""Test genpolicy (write-path multiple)"""
@@ -1297,82 +1265,78 @@ POLICYGROUPS_DIR="%s/templates"
args = []
search_terms = []
for s in paths:
- args.append('--write-path=%s' % s)
+ args.append('--write-path=' + s)
# This mimics easyprof.gen_path_rule()
owner = ""
if s.startswith('/home/') or s.startswith("@{HOME"):
owner = "owner "
if s.endswith('/'):
- search_terms.append("%s rwk," % (s))
- search_terms.append("%s%s** rwk," % (owner, s))
+ search_terms.append("{} rwk,".format(s))
+ search_terms.append("{}{}** rwk,".format(owner, s))
elif s.endswith('/**') or s.endswith('/*'):
- search_terms.append("%s rwk," % (os.path.dirname(s)))
- search_terms.append("%s%s rwk," % (owner, s))
+ search_terms.append("{} rwk,".format(os.path.dirname(s)))
+ search_terms.append("{}{} rwk,".format(owner, s))
else:
- search_terms.append("%s%s rwk," % (owner, s))
+ search_terms.append("{}{} rwk,".format(owner, s))
p = self._gen_policy(extra_args=args)
for search in search_terms:
- self.assertTrue(search in p, "Could not find '%s' in:\n%s" % (search, p))
+ self.assertTrue(search in p, "Could not find '{}' in:\n{}".format(search, p))
inv_s = '###READPATH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_writepath_bad(self):
"""Test genpolicy (write-path bad)"""
s = "bar"
try:
- self._gen_policy(extra_args=['--write-path=%s' % s])
+ self._gen_policy(extra_args=['--write-path=' + s])
except AppArmorException:
return
- except Exception:
- raise
raise Exception("write-path should be invalid")
def test_genpolicy_templatevar(self):
"""Test genpolicy (template-var single)"""
s = "@{FOO}=bar"
- p = self._gen_policy(extra_args=['--template-var=%s' % s])
+ p = self._gen_policy(extra_args=['--template-var=' + s])
k, v = s.split('=')
- s = '%s="%s"' % (k, v)
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ s = '{}="{}"'.format(k, v)
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
inv_s = '###TEMPLATEVAR###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_templatevar_multiple(self):
"""Test genpolicy (template-var multiple)"""
variables = ['@{FOO}=bar', '@{BAR}=baz']
args = []
for s in variables:
- args.append('--template-var=%s' % s)
+ args.append('--template-var=' + s)
p = self._gen_policy(extra_args=args)
for s in variables:
k, v = s.split('=')
- s = '%s="%s"' % (k, v)
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ s = '{}="{}"'.format(k, v)
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
inv_s = '###TEMPLATEVAR###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_templatevar_bad(self):
"""Test genpolicy (template-var - bad values)"""
bad = [
- "{FOO}=bar",
- "@FOO}=bar",
- "@{FOO=bar",
- "FOO=bar",
- "@FOO=bar",
- "@{FOO}=/../../../etc/passwd",
- "@{FOO}=bar=foo",
- "@{FOO;BAZ}=bar",
- '@{FOO}=bar"baz',
- ]
+ "{FOO}=bar",
+ "@FOO}=bar",
+ "@{FOO=bar",
+ "FOO=bar",
+ "@FOO=bar",
+ "@{FOO}=/../../../etc/passwd",
+ "@{FOO}=bar=foo",
+ "@{FOO;BAZ}=bar",
+ '@{FOO}=bar"baz',
+ ]
for s in bad:
try:
- self._gen_policy(extra_args=['--template-var=%s' % s])
+ self._gen_policy(extra_args=['--template-var=' + s])
except AppArmorException:
continue
- except Exception:
- raise
raise Exception("template-var should be invalid")
def test_genpolicy_invalid_template_policy(self):
@@ -1396,8 +1360,6 @@ POLICYGROUPS_DIR="%s/templates"
self._gen_policy(template=template)
except AppArmorException:
return
- except Exception:
- raise
raise Exception("policy should be invalid")
def test_genpolicy_no_binary_without_profile_name(self):
@@ -1406,40 +1368,38 @@ POLICYGROUPS_DIR="%s/templates"
easyprof.gen_policy_params(None, self.options)
except AppArmorException:
return
- except Exception:
- raise
raise Exception("No binary or profile name should have been invalid")
def test_genpolicy_with_binary_with_profile_name(self):
"""Test genpolicy (binary with profile name)"""
profile_name = "some-profile-name"
- p = self._gen_policy(extra_args=['--profile-name=%s' % profile_name])
+ p = self._gen_policy(extra_args=['--profile-name=' + profile_name])
s = 'profile "%s" "%s" {' % (profile_name, self.binary)
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
inv_s = '###PROFILEATTACH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_with_binary_without_profile_name(self):
"""Test genpolicy (binary without profile name)"""
p = self._gen_policy()
- s = '"%s" {' % (self.binary)
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ s = '"%s" {' % (self.binary,)
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
inv_s = '###PROFILEATTACH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_genpolicy_without_binary_with_profile_name(self):
"""Test genpolicy (no binary with profile name)"""
profile_name = "some-profile-name"
args = self.full_args
- args.append('--profile-name=%s' % profile_name)
+ args.append('--profile-name=' + profile_name)
(self.options, self.args) = easyprof.parse_args(args)
easyp = easyprof.AppArmorEasyProfile(None, self.options)
params = easyprof.gen_policy_params(None, self.options)
p = easyp.gen_policy(**params)
- s = 'profile "%s" {' % (profile_name)
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ s = 'profile "%s" {' % (profile_name,)
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
inv_s = '###PROFILEATTACH###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
# manifest tests
@@ -1474,8 +1434,6 @@ POLICYGROUPS_DIR="%s/templates"
self._gen_manifest_policy(m)
except AppArmorException:
return
- except Exception:
- raise
raise Exception("abs path template name should be invalid")
def test_gen_manifest_escape_path_templates(self):
@@ -1486,8 +1444,6 @@ POLICYGROUPS_DIR="%s/templates"
self._gen_manifest_policy(m)
except AppArmorException:
return
- except Exception:
- raise
raise Exception("../ template name should be invalid")
def test_gen_manifest_policy_templates_nonexistent(self):
@@ -1498,8 +1454,6 @@ POLICYGROUPS_DIR="%s/templates"
self._gen_manifest_policy(m)
except AppArmorException:
return
- except Exception:
- raise
raise Exception("template should be invalid")
def test_gen_manifest_policy_comment(self):
@@ -1508,9 +1462,9 @@ POLICYGROUPS_DIR="%s/templates"
m = Manifest("test_gen_manifest_policy")
m.add_comment(s)
p = self._gen_manifest_policy(m)
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
inv_s = '###COMMENT###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_gen_manifest_policy_author(self):
"""Test gen manifest policy (author)"""
@@ -1518,9 +1472,9 @@ POLICYGROUPS_DIR="%s/templates"
m = Manifest("test_gen_manifest_policy")
m.add_author(s)
p = self._gen_manifest_policy(m)
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
inv_s = '###AUTHOR###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_gen_manifest_policy_copyright(self):
"""Test genpolicy (copyright)"""
@@ -1528,9 +1482,9 @@ POLICYGROUPS_DIR="%s/templates"
m = Manifest("test_gen_manifest_policy")
m.add_copyright(s)
p = self._gen_manifest_policy(m)
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
inv_s = '###COPYRIGHT###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_gen_manifest_policy_policygroups(self):
"""Test gen manifest policy (single policygroup)"""
@@ -1540,22 +1494,22 @@ POLICYGROUPS_DIR="%s/templates"
p = self._gen_manifest_policy(m)
for s in ('#include <abstractions/nameservice>', '#include <abstractions/gnome>'):
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
inv_s = '###POLICYGROUPS###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_gen_manifest_policy_policygroups_multiple(self):
"""Test genpolicy (multiple policygroups)"""
test_policygroup2 = "test-policygroup2"
contents = '''
- # %s
+ # {}
#include <abstractions/kde>
#include <abstractions/openssl>
-''' % (self.test_policygroup)
+'''.format(self.test_policygroup)
with open(os.path.join(self.tmpdir, 'policygroups', test_policygroup2), 'w') as f:
f.write(contents)
- groups = "%s,%s" % (self.test_policygroup, test_policygroup2)
+ groups = "{},{}".format(self.test_policygroup, test_policygroup2)
m = Manifest("test_gen_manifest_policy")
m.add_policygroups(groups)
p = self._gen_manifest_policy(m)
@@ -1564,9 +1518,9 @@ POLICYGROUPS_DIR="%s/templates"
'#include <abstractions/gnome>',
'#include <abstractions/kde>',
'#include <abstractions/openssl>'):
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
inv_s = '###POLICYGROUPS###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_gen_manifest_policy_policygroups_nonexistent(self):
"""Test gen manifest policy (nonexistent policygroup)"""
@@ -1577,8 +1531,6 @@ POLICYGROUPS_DIR="%s/templates"
self._gen_manifest_policy(m)
except AppArmorException:
return
- except Exception:
- raise
raise Exception("policygroup should be invalid")
def test_gen_manifest_policy_templatevar(self):
@@ -1587,9 +1539,9 @@ POLICYGROUPS_DIR="%s/templates"
m.add_template_variable("FOO", "bar")
p = self._gen_manifest_policy(m)
s = '@{FOO}="bar"'
- self.assertTrue(s in p, "Could not find '%s' in:\n%s" % (s, p))
+ self.assertTrue(s in p, "Could not find '{}' in:\n{}".format(s, p))
inv_s = '###TEMPLATEVAR###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_gen_manifest_policy_templatevar_multiple(self):
"""Test gen manifest policy (template-var multiple)"""
@@ -1601,9 +1553,9 @@ POLICYGROUPS_DIR="%s/templates"
p = self._gen_manifest_policy(m)
for s in variables:
str_s = '@{%s}="%s"' % (s[0], s[1])
- self.assertTrue(str_s in p, "Could not find '%s' in:\n%s" % (str_s, p))
+ self.assertTrue(str_s in p, "Could not find '{}' in:\n{}".format(str_s, p))
inv_s = '###TEMPLATEVAR###'
- self.assertFalse(inv_s in p, "Found '%s' in :\n%s" % (inv_s, p))
+ self.assertFalse(inv_s in p, "Found '{}' in :\n{}".format(inv_s, p))
def test_gen_manifest_policy_invalid_keys(self):
"""Test gen manifest policy (invalid keys)"""
@@ -1639,7 +1591,7 @@ POLICYGROUPS_DIR="%s/templates"
easyprof.parse_manifest(j, self.options)
except AppArmorException:
continue
- raise Exception("'%s' should be invalid" % k)
+ raise Exception("'{}' should be invalid".format(k))
def test_gen_manifest(self):
"""Test gen_manifest"""
@@ -1878,9 +1830,9 @@ POLICYGROUPS_DIR="%s/templates"
raise
params = easyprof.gen_policy_params(binary, options)
if expected:
- self.assertTrue(easyprof.verify_manifest(params, args), "params=%s\nmanifest=%s" % (params, m))
+ self.assertTrue(easyprof.verify_manifest(params, args), "params={}\nmanifest={}".format(params, m))
else:
- self.assertFalse(easyprof.verify_manifest(params, args), "params=%s\nmanifest=%s" % (params, m))
+ self.assertFalse(easyprof.verify_manifest(params, args), "params={}\nmanifest={}".format(params, m))
def test_verify_manifest_full(self):
"""Test verify_manifest (full)"""
@@ -2088,7 +2040,7 @@ POLICYGROUPS_DIR="%s/templates"
}
}
}
-}''' % v
+}''' % (v,)
self._verify_manifest(m, expected=False)
def test_manifest_invalid(self):
@@ -2150,7 +2102,7 @@ POLICYGROUPS_DIR="%s/templates"
}
}
}
-}''' % v
+}''' % (v,)
args = self.full_args
args.append("--manifest=/dev/null")
(self.options, self.args) = easyprof.parse_args(args)
@@ -2195,7 +2147,7 @@ POLICYGROUPS_DIR="%s/templates"
"""Test policy version via manifest (good)"""
policy_vendor = "somevendor"
policy_version = "1.0"
- policy_subdir = "%s/%s" % (policy_vendor, policy_version)
+ policy_subdir = "{}/{}".format(policy_vendor, policy_version)
m = '''{
"security": {
"profiles": {
@@ -2235,7 +2187,7 @@ POLICYGROUPS_DIR="%s/templates"
"""Test policy vendor and version via command line args (good)"""
policy_version = "1.0"
policy_vendor = "somevendor"
- policy_subdir = "%s/%s" % (policy_vendor, policy_version)
+ policy_subdir = "{}/{}".format(policy_vendor, policy_version)
# Create the directories
for d in ('policygroups', 'templates'):
@@ -2244,8 +2196,8 @@ POLICYGROUPS_DIR="%s/templates"
# Build up our args
args = self.full_args
- args.append("--policy-version=%s" % policy_version)
- args.append("--policy-vendor=%s" % policy_vendor)
+ args.append("--policy-version=" + policy_version)
+ args.append("--policy-vendor=" + policy_vendor)
(self.options, self.args) = easyprof.parse_args(args)
(self.options, self.args) = easyprof.parse_args(self.full_args + [self.binary])
@@ -2254,12 +2206,12 @@ POLICYGROUPS_DIR="%s/templates"
tdir = os.path.join(self.tmpdir, 'templates', policy_subdir)
for t in easyp.get_templates():
self.assertTrue(t.startswith(tdir),
- "'%s' does not start with '%s'" % (t, tdir))
+ "'{}' does not start with '{}'".format(t, tdir))
pdir = os.path.join(self.tmpdir, 'policygroups', policy_subdir)
for p in easyp.get_policy_groups():
self.assertTrue(p.startswith(pdir),
- "'%s' does not start with '%s'" % (p, pdir))
+ "'{}' does not start with '{}'".format(p, pdir))
params = easyprof.gen_policy_params(self.binary, self.options)
easyp.gen_policy(**params)
@@ -2269,8 +2221,8 @@ POLICYGROUPS_DIR="%s/templates"
policy_vendor = "nonexistent"
policy_version = "1.0"
args = self.full_args
- args.append("--policy-version=%s" % policy_version)
- args.append("--policy-vendor=%s" % policy_vendor)
+ args.append("--policy-version=" + policy_version)
+ args.append("--policy-vendor=" + policy_vendor)
(self.options, self.args) = easyprof.parse_args(args)
(self.options, self.args) = easyprof.parse_args(self.full_args + [self.binary])
@@ -2291,7 +2243,7 @@ POLICYGROUPS_DIR="%s/templates"
]
for policy_version in bad:
args = self.full_args
- args.append("--policy-version=%s" % policy_version)
+ args.append("--policy-version=" + policy_version)
args.append("--policy-vendor=somevendor")
(self.options, self.args) = easyprof.parse_args(args)
@@ -2312,7 +2264,7 @@ POLICYGROUPS_DIR="%s/templates"
]
for policy_vendor in bad:
args = self.full_args
- args.append("--policy-vendor=%s" % policy_vendor)
+ args.append("--policy-vendor=" + policy_vendor)
args.append("--policy-version=1.0")
(self.options, self.args) = easyprof.parse_args(args)
@@ -2387,9 +2339,11 @@ POLICYGROUPS_DIR="%s/templates"
}
}
}
-}''' % (files["com.example.foo"],
- files["com.ubuntu.developer.myusername.MyCoolApp"],
- files["usr.bin.baz"])
+}''' % (
+ files["com.example.foo"],
+ files["com.ubuntu.developer.myusername.MyCoolApp"],
+ files["usr.bin.baz"]
+ )
out_dir = os.path.join(self.tmpdir, "output")
@@ -2404,7 +2358,7 @@ POLICYGROUPS_DIR="%s/templates"
for fn in files:
f = os.path.join(out_dir, fn)
- self.assertTrue(os.path.exists(f), "Could not find '%s'" % f)
+ self.assertTrue(os.path.exists(f), "Could not find '{}'".format(f))
def test_output_directory_single(self):
"""Test output_directory (single)"""
@@ -2444,7 +2398,7 @@ POLICYGROUPS_DIR="%s/templates"
}
}
}
-}''' % (files["com.example.foo"])
+}''' % (files["com.example.foo"],)
out_dir = os.path.join(self.tmpdir, "output")
@@ -2459,7 +2413,7 @@ POLICYGROUPS_DIR="%s/templates"
for fn in files:
f = os.path.join(out_dir, fn)
- self.assertTrue(os.path.exists(f), "Could not find '%s'" % f)
+ self.assertTrue(os.path.exists(f), "Could not find '{}'".format(f))
def test_output_directory_invalid(self):
"""Test output_directory (output directory exists as file)"""
@@ -2481,7 +2435,7 @@ POLICYGROUPS_DIR="%s/templates"
}
}
}
-}''' % files["usr.bin.baz"]
+}''' % (files["usr.bin.baz"],)
out_dir = os.path.join(self.tmpdir, "output")
open(out_dir, 'w').close()
@@ -2518,7 +2472,7 @@ POLICYGROUPS_DIR="%s/templates"
}
}
}
-}''' % files["usr.bin.baz"]
+}''' % (files["usr.bin.baz"],)
out_dir = os.path.join(self.tmpdir, "output")
@@ -2555,7 +2509,7 @@ POLICYGROUPS_DIR="%s/templates"
}
}
}
-}''' % files["usr.bin.baz"]
+}''' % (files["usr.bin.baz"],)
out_dir = os.path.join(self.tmpdir, "output")
os.mkdir(out_dir)
@@ -2580,8 +2534,8 @@ POLICYGROUPS_DIR="%s/templates"
# Build up our args
args = self.full_args
- args.append('--template=%s' % self.test_template)
- args.append('--name=%s' % 'foo')
+ args.append('--template=' + self.test_template)
+ args.append('--name=foo')
args.append(files["usr.bin.baz"])
out_dir = os.path.join(self.tmpdir, "output")
@@ -2594,7 +2548,7 @@ POLICYGROUPS_DIR="%s/templates"
for fn in files:
f = os.path.join(out_dir, fn)
- self.assertTrue(os.path.exists(f), "Could not find '%s'" % f)
+ self.assertTrue(os.path.exists(f), "Could not find '{}'".format(f))
#
# utility classes
@@ -2608,7 +2562,7 @@ POLICYGROUPS_DIR="%s/templates"
'com.example.app_myapp_1:2.3+ab12~foo',
]
for n in names:
- self.assertTrue(easyprof.valid_profile_name(n), "'%s' should be valid" % n)
+ self.assertTrue(easyprof.valid_profile_name(n), "'{}' should be valid".format(n))
def test_valid_profile_name_invalid(self):
"""Test valid_profile_name (invalid)"""
@@ -2650,7 +2604,7 @@ POLICYGROUPS_DIR="%s/templates"
'_foo',
]
for n in names:
- self.assertFalse(easyprof.valid_profile_name(n), "'%s' should be invalid" % n)
+ self.assertFalse(easyprof.valid_profile_name(n), "'{}' should be invalid".format(n))
def test_valid_path(self):
"""Test valid_path"""
@@ -2664,9 +2618,9 @@ POLICYGROUPS_DIR="%s/templates"
'com.example.app_myapp_1:2.3+ab12~foo',
]
for n in names:
- self.assertTrue(easyprof.valid_path(n), "'%s' should be valid" % n)
+ self.assertTrue(easyprof.valid_path(n), "'{}' should be valid".format(n))
for n in names_rel:
- self.assertTrue(easyprof.valid_path(n, relative_ok=True), "'%s' should be valid" % n)
+ self.assertTrue(easyprof.valid_path(n, relative_ok=True), "'{}' should be valid".format(n))
def test_zz_valid_path_invalid(self):
"""Test valid_path (invalid)"""
@@ -2683,9 +2637,9 @@ POLICYGROUPS_DIR="%s/templates"
'com.example.app_"myapp_1:2.3+ab12~foo',
]
for n in names:
- self.assertFalse(easyprof.valid_path(n, relative_ok=False), "'%s' should be invalid" % n)
+ self.assertFalse(easyprof.valid_path(n, relative_ok=False), "'{}' should be invalid".format(n))
for n in names_rel:
- self.assertFalse(easyprof.valid_path(n, relative_ok=True), "'%s' should be invalid" % n)
+ self.assertFalse(easyprof.valid_path(n, relative_ok=True), "'{}' should be invalid".format(n))
#
diff --git a/utils/test/test-aa-notify.py b/utils/test/test-aa-notify.py
index d87e56193b4de49a3ced6efe0005bac833c18169..804d5c66ad56b25c191c72424ec9398826fb20b2 100644
--- a/utils/test/test-aa-notify.py
+++ b/utils/test/test-aa-notify.py
@@ -11,11 +11,14 @@
# ------------------------------------------------------------------
import os
+import pwd
import signal
import subprocess
+import sys
import time
import unittest
from tempfile import NamedTemporaryFile
+from datetime import datetime
import apparmor.aa as aa
from common_test import AATest, setup_aa, setup_all_loops
@@ -63,10 +66,10 @@ def cmd(command):
return sp.returncode, out.decode('utf-8')
-class AANotifyTest(AATest):
+class AANotifyBase(AATest):
- def AASetup(self):
- """Create temporary log file with 30 enties of different age"""
+ def create_logfile_contents(_time):
+ """Create temporary log file with 30 entries of different age"""
test_logfile_contents_999_days_old = \
'''Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834382] audit: type=1400 audit({epoch}:113): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/bin/uname" pid=4097 comm="sh" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/bin/uname"
@@ -79,7 +82,7 @@ Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835421] audit: type=1400 audit({epoc
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835696] audit: type=1400 audit({epoch}:120): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/usr/lib/locale/locale-archive" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.875891] audit: type=1400 audit({epoch}:121): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/usr/bin/file" pid=4111 comm="soffice.bin" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/usr/bin/file"
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.880347] audit: type=1400 audit({epoch}:122): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/usr/bin/file" name="/usr/bin/file" pid=4111 comm="file" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
-'''.format(epoch=round(time.time(), 3) - 60*60*24*999)
+'''.format(epoch=round(_time, 3) - 60 * 60 * 24 * 999) # noqa: E128
test_logfile_contents_30_days_old = \
'''Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834382] audit: type=1400 audit({epoch}:113): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/bin/uname" pid=4097 comm="sh" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/bin/uname"
@@ -92,13 +95,13 @@ Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835421] audit: type=1400 audit({epoc
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835696] audit: type=1400 audit({epoch}:120): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/usr/lib/locale/locale-archive" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.875891] audit: type=1400 audit({epoch}:121): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/usr/bin/file" pid=4111 comm="soffice.bin" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/usr/bin/file"
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.880347] audit: type=1400 audit({epoch}:122): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/usr/bin/file" name="/usr/bin/file" pid=4111 comm="file" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
-'''.format(epoch=round(time.time(), 3) - 60*60*24*30)
+'''.format(epoch=round(_time, 3) - 60 * 60 * 24 * 30) # noqa: E128
test_logfile_contents_unrelevant_entries = \
'''Feb 1 19:35:44 XPS-13-9370 kernel: [99848.048761] audit: type=1400 audit(1549042544.968:72): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/snap/core/6350/usr/lib/snapd/snap-confine" pid=12871 comm="apparmor_parser"
Feb 2 00:40:09 XPS-13-9370 kernel: [103014.549071] audit: type=1400 audit(1549060809.600:89): apparmor="STATUS" operation="profile_load" profile="unconfined" name="docker-default" pid=17195 comm="apparmor_parser"
Feb 4 20:05:42 XPS-13-9370 kernel: [132557.202931] audit: type=1400 audit(1549303542.661:136): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.atom.apm" pid=11306 comm="apparmor_parser"
-'''
+''' # noqa: E128
test_logfile_contents_0_seconds_old = \
'''Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834382] audit: type=1400 audit({epoch}:113): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/bin/uname" pid=4097 comm="sh" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/bin/uname"
@@ -111,22 +114,65 @@ Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835421] audit: type=1400 audit({epoc
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835696] audit: type=1400 audit({epoch}:120): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/usr/lib/locale/locale-archive" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.875891] audit: type=1400 audit({epoch}:121): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/usr/bin/file" pid=4111 comm="soffice.bin" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/usr/bin/file"
Feb 4 13:40:38 XPS-13-9370 kernel: [128552.880347] audit: type=1400 audit({epoch}:122): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/usr/bin/file" name="/usr/bin/file" pid=4111 comm="file" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
-'''.format(epoch=round(time.time(), 3))
-
- with NamedTemporaryFile("w+", prefix='test-aa-notify-', delete=False) as temp_file:
- self.test_logfile = temp_file.name
- temp_file.write(
- test_logfile_contents_999_days_old
- + test_logfile_contents_30_days_old
- + test_logfile_contents_unrelevant_entries
- + test_logfile_contents_0_seconds_old
- )
-
- def AATeardown(self):
+'''.format(epoch=round(_time, 3)) # noqa: E128
+
+ return test_logfile_contents_999_days_old \
+ + test_logfile_contents_30_days_old \
+ + test_logfile_contents_unrelevant_entries \
+ + test_logfile_contents_0_seconds_old
+
+ @classmethod
+ def setUpClass(cls):
+ file_current = NamedTemporaryFile("w+", prefix='test-aa-notify-', delete=False)
+ file_last_login = NamedTemporaryFile("w+", prefix='test-aa-notify-', delete=False)
+ cls.test_logfile_current = file_current.name
+ cls.test_logfile_last_login = file_last_login.name
+
+ current_time_contents = cls.create_logfile_contents(time.time())
+ file_current.write(current_time_contents)
+
+ if os.path.isfile('/var/log/wtmp'):
+ if os.name == "posix":
+ username = pwd.getpwuid(os.geteuid()).pw_name
+ else:
+ username = os.environ.get('USER')
+ if not username and hasattr(os, 'getlogin'):
+ username = os.getlogin()
+ if 'SUDO_USER' in os.environ:
+ username = os.environ.get('SUDO_USER')
+
+ return_code, output = cmd(['last', username, '--fullnames', '--time-format', 'iso'])
+ output = output.split('\n')[0] # the first line is enough
+ # example of output (util-linux last command):
+ # ubuntu tty7 :0 2024-01-05T14:29:11-03:00 gone - no logout
+ # example of output (wtmpdb last command, local login):
+ # ubuntu tty7 2025-01-15T09:32:49-0800 - still logged in
+ # example of output (wtmpdb last command, remote login)
+ # ubuntu tty7 192.168.122.1 2024-01-05T14:29:11-03:00 gone - no logout
+ if output.startswith(username):
+ # Check both possible columns for the date
+ try:
+ last_login = output.split()[3]
+ last_login_epoch = datetime.fromisoformat(last_login).timestamp()
+ except (IndexError, ValueError):
+ last_login = output.split()[2]
+ last_login_epoch = datetime.fromisoformat(last_login).timestamp()
+
+ # add 60 seconds to the epoch so that the time in the logs are AFTER login time
+ last_login_contents = cls.create_logfile_contents(last_login_epoch + 60)
+ file_last_login.write(last_login_contents)
+
+ @classmethod
+ def tearDownClass(cls):
"""Remove temporary log file after tests ended"""
- if self.test_logfile and os.path.exists(self.test_logfile):
- os.remove(self.test_logfile)
+ if cls.test_logfile_current and os.path.exists(cls.test_logfile_current):
+ os.remove(cls.test_logfile_current)
+ if cls.test_logfile_last_login and os.path.exists(cls.test_logfile_last_login):
+ os.remove(cls.test_logfile_last_login)
+
+
+class AANotifyTest(AANotifyBase):
# The Perl aa-notify script was written so, that it will checked for kern.log
# before printing help when invoked without arguments (sic!).
@@ -138,9 +184,9 @@ Feb 4 13:40:38 XPS-13-9370 kernel: [128552.880347] audit: type=1400 audit({epoc
expected_output_has = 'usage: aa-notify'
return_code, output = cmd(aanotify_bin)
- result = 'Got return code %d, expected %d\n' % (return_code, expected_return_code)
+ result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
self.assertEqual(expected_return_code, return_code, result + output)
- result = 'Got output "%s", expected "%s"\n' % (output, expected_output_has)
+ result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
self.assertIn(expected_output_has, output, result + output)
def test_help_contents(self):
@@ -149,10 +195,13 @@ Feb 4 13:40:38 XPS-13-9370 kernel: [128552.880347] audit: type=1400 audit({epoc
expected_return_code = 0
expected_output_1 = \
'''usage: aa-notify [-h] [-p] [--display DISPLAY] [-f FILE] [-l] [-s NUM] [-v]
- [-u USER] [-w NUM] [--debug]
+ [-u USER] [-w NUM] [--prompt-filter PF] [--debug]
+ [--filter.profile PROFILE] [--filter.operation OPERATION]
+ [--filter.name NAME] [--filter.denied DENIED]
+ [--filter.family FAMILY] [--filter.socket SOCKET]
Display AppArmor notifications or messages for DENIED entries.
-'''
+''' # noqa: E128
expected_output_2 = \
'''
@@ -160,20 +209,58 @@ Display AppArmor notifications or messages for DENIED entries.
-p, --poll poll AppArmor logs and display notifications
--display DISPLAY set the DISPLAY environment variable (might be needed if
sudo resets $DISPLAY)
- -f FILE, --file FILE search FILE for AppArmor messages
+ -f, --file FILE search FILE for AppArmor messages
-l, --since-last display stats since last login
- -s NUM, --since-days NUM
- show stats for last NUM days (can be used alone or with
+ -s, --since-days NUM show stats for last NUM days (can be used alone or with
-p)
-v, --verbose show messages with stats
- -u USER, --user USER user to drop privileges to when not using sudo
- -w NUM, --wait NUM wait NUM seconds before displaying notifications (with
+ -u, --user USER user to drop privileges to when not using sudo
+ -w, --wait NUM wait NUM seconds before displaying notifications (with
-p)
+ --prompt-filter PF kind of operations which display a popup prompt
--debug debug mode
-'''
+
+Filtering options:
+ Filters are used to reduce the output of information to only those entries
+ that will match the filter. Filters use Python's regular expression syntax.
+
+ --filter.profile PROFILE
+ regular expression to match the profile
+ --filter.operation OPERATION
+ regular expression to match the operation
+ --filter.name NAME regular expression to match the name
+ --filter.denied DENIED
+ regular expression to match the denied mask
+ --filter.family FAMILY
+ regular expression to match the network family
+ --filter.socket SOCKET
+ regular expression to match the network socket type
+''' # noqa: E128
+
+ if sys.version_info[:2] < (3, 13):
+ # Python 3.13 tweaked argparse output [1]. When running on older
+ # Python versions, we adapt the expected output to match.
+ #
+ # https://github.com/python/cpython/pull/103372
+ patches = [(
+ ', --file FILE ',
+ ' FILE, --file FILE',
+ ), (
+ ', --since-days NUM show stats for last NUM days (can be used alone or with',
+ ' NUM, --since-days NUM\n'
+ + ' show stats for last NUM days (can be used alone or with',
+ ), (
+ ', --user USER ',
+ ' USER, --user USER',
+ ), (
+ ', --wait NUM ',
+ ' NUM, --wait NUM',
+ )]
+ for patch in patches:
+ expected_output_2 = expected_output_2.replace(patch[0], patch[1])
return_code, output = cmd(aanotify_bin + ['--help'])
- result = 'Got return code %d, expected %d\n' % (return_code, expected_return_code)
+ result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
self.assertEqual(expected_return_code, return_code, result + output)
self.assertIn(expected_output_1, output)
@@ -185,10 +272,10 @@ Display AppArmor notifications or messages for DENIED entries.
expected_return_code = 0
expected_output_has = 'AppArmor denials: 20 (since'
- return_code, output = cmd(aanotify_bin + ['-f', self.test_logfile, '-s', '100'])
- result = 'Got return code %d, expected %d\n' % (return_code, expected_return_code)
+ return_code, output = cmd(aanotify_bin + ['-f', self.test_logfile_current, '-s', '100'])
+ result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
self.assertEqual(expected_return_code, return_code, result + output)
- result = 'Got output "%s", expected "%s"\n' % (output, expected_output_has)
+ result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
self.assertIn(expected_output_has, output, result + output)
@unittest.skipUnless(os.path.isfile('/var/log/wtmp'), 'Requires wtmp on system')
@@ -198,12 +285,12 @@ Display AppArmor notifications or messages for DENIED entries.
expected_return_code = 0
expected_output_has = 'AppArmor denials: 10 (since'
- return_code, output = cmd(aanotify_bin + ['-f', self.test_logfile, '-l'])
+ return_code, output = cmd(aanotify_bin + ['-f', self.test_logfile_last_login, '-l'])
if "ERROR: Could not find last login" in output:
self.skipTest('Could not find last login')
- result = 'Got return code %d, expected %d\n' % (return_code, expected_return_code)
+ result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
self.assertEqual(expected_return_code, return_code, result + output)
- result = 'Got output "%s", expected "%s"\n' % (output, expected_output_has)
+ result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
self.assertIn(expected_output_has, output, result + output)
@unittest.skipUnless(os.path.isfile('/var/log/wtmp'), 'Requires wtmp on system')
@@ -272,22 +359,283 @@ Name: /usr/bin/file
Denied: rm
Logfile: {logfile}
-AppArmor denials: 10 (since'''.format(logfile=self.test_logfile)
+AppArmor denials: 10 (since'''.format(logfile=self.test_logfile_last_login) # noqa: E128
- return_code, output = cmd(aanotify_bin + ['-f', self.test_logfile, '-l', '-v'])
+ return_code, output = cmd(aanotify_bin + ['-f', self.test_logfile_last_login, '-l', '-v'])
if "ERROR: Could not find last login" in output:
self.skipTest('Could not find last login')
- result = 'Got return code %d, expected %d\n' % (return_code, expected_return_code)
+ result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
self.assertEqual(expected_return_code, return_code, result + output)
- result = 'Got output "%s", expected "%s"\n' % (output, expected_output_has)
+ result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
self.assertIn(expected_output_has, output, result + output)
+class AANotifyProfileFilterTest(AANotifyBase):
+
+ def test_profile_regex_since_100_days(self):
+ profile_tests = (
+ (['--filter.profile', 'libreoffice'], (0, 'AppArmor denials: 20 (since')),
+ (['--filter.profile', 'libreoffice-soffice'], (0, 'AppArmor denials: 20 (since')),
+ (['--filter.profile', 'libreoffice-soffice$'], (0, 'AppArmor denials: 4 (since')),
+ (['--filter.profile', '^libreoffice-soffice$'], (0, 'AppArmor denials: 4 (since')),
+ (['--filter.profile', 'libreoffice-soffice//null-/bin/uname'], (0, 'AppArmor denials: 14 (since')),
+ (['--filter.profile', 'uname'], (0, 'AppArmor denials: 0 (since')),
+ (['--filter.profile', '.*uname'], (0, 'AppArmor denials: 14 (since')),
+ (['--filter.profile', 'libreoffice-soffice//null-/.*'], (0, 'AppArmor denials: 16 (since')),
+ (['--filter.profile', 'libreoffice-soffice//null-/foo'], (0, 'AppArmor denials: 0 (since')),
+ (['--filter.profile', 'libreoffice-soffice/foo'], (0, 'AppArmor denials: 0 (since')),
+ (['--filter.profile', 'bar'], (0, 'AppArmor denials: 0 (since')),
+ )
+ days_params = ['-f', self.test_logfile_current, '-s', '100']
+
+ for test in profile_tests:
+ params = test[0]
+ expected = test[1]
+
+ with self.subTest(params=params, expected=expected):
+ expected_return_code = expected[0]
+ expected_output_has = expected[1]
+
+ return_code, output = cmd(aanotify_bin + days_params + params)
+ result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
+ self.assertEqual(expected_return_code, return_code, result + output)
+ result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
+ self.assertIn(expected_output_has, output, result + output)
+
+ @unittest.skipUnless(os.path.isfile('/var/log/wtmp'), 'Requires wtmp on system')
+ def test_profile_regex_since_login(self):
+ profile_tests = (
+ (['--filter.profile', 'libreoffice'], (0, 'AppArmor denials: 10 (since')),
+ (['--filter.profile', 'libreoffice-soffice'], (0, 'AppArmor denials: 10 (since')),
+ (['--filter.profile', 'libreoffice-soffice$'], (0, 'AppArmor denials: 2 (since')),
+ (['--filter.profile', '^libreoffice-soffice$'], (0, 'AppArmor denials: 2 (since')),
+ (['--filter.profile', 'libreoffice-soffice//null-/bin/uname'], (0, 'AppArmor denials: 7 (since')),
+ (['--filter.profile', 'uname'], (0, 'AppArmor denials: 0 (since')),
+ (['--filter.profile', '.*uname'], (0, 'AppArmor denials: 7 (since')),
+ (['--filter.profile', 'libreoffice-soffice//null-/.*'], (0, 'AppArmor denials: 8 (since')),
+ (['--filter.profile', 'libreoffice-soffice//null-/foo'], (0, 'AppArmor denials: 0 (since')),
+ (['--filter.profile', 'libreoffice-soffice/foo'], (0, 'AppArmor denials: 0 (since')),
+ (['--filter.profile', 'bar'], (0, 'AppArmor denials: 0 (since')),
+ )
+ login_params = ['-f', self.test_logfile_last_login, '-l']
+
+ for test in profile_tests:
+ params = test[0]
+ expected = test[1]
+
+ with self.subTest(params=params, expected=expected):
+ expected_return_code = expected[0]
+ expected_output_has = expected[1]
+
+ return_code, output = cmd(aanotify_bin + login_params + params)
+ if 'ERROR: Could not find last login' in output:
+ self.skipTest('Could not find last login')
+ result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
+ self.assertEqual(expected_return_code, return_code, result + output)
+ result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
+ self.assertIn(expected_output_has, output, result + output)
+
+
+class AANotifyOperationFilterTest(AANotifyBase):
+
+ def test_operation_regex_since_100_days(self):
+ operation_tests = (
+ (['--filter.operation', 'exec'], (0, 'AppArmor denials: 4 (since')),
+ (['--filter.operation', 'file_inherit'], (0, 'AppArmor denials: 2 (since')),
+ (['--filter.operation', 'file_mmap'], (0, 'AppArmor denials: 8 (since')),
+ (['--filter.operation', 'open'], (0, 'AppArmor denials: 6 (since')),
+ (['--filter.operation', 'file.*'], (0, 'AppArmor denials: 10 (since')),
+ (['--filter.operation', 'profile_load'], (0, 'AppArmor denials: 0 (since')),
+ (['--filter.operation', 'profile_replace'], (0, 'AppArmor denials: 0 (since')),
+ (['--filter.operation', 'bar'], (0, 'AppArmor denials: 0 (since')),
+ (['--filter.operation', 'userns_create'], (0, 'AppArmor denials: 0 (since')),
+ )
+ days_params = ['-f', self.test_logfile_current, '-s', '100']
+
+ for test in operation_tests:
+ params = test[0]
+ expected = test[1]
+
+ with self.subTest(params=params, expected=expected):
+ expected_return_code = expected[0]
+ expected_output_has = expected[1]
+
+ return_code, output = cmd(aanotify_bin + days_params + params)
+ result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
+ self.assertEqual(expected_return_code, return_code, result + output)
+ result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
+ self.assertIn(expected_output_has, output, result + output)
+
+ @unittest.skipUnless(os.path.isfile('/var/log/wtmp'), 'Requires wtmp on system')
+ def test_operation_regex_since_login(self):
+ operation_tests = (
+ (['--filter.operation', 'exec'], (0, 'AppArmor denials: 2 (since')),
+ (['--filter.operation', 'file_inherit'], (0, 'AppArmor denials: 1 (since')),
+ (['--filter.operation', 'file_mmap'], (0, 'AppArmor denials: 4 (since')),
+ (['--filter.operation', 'open'], (0, 'AppArmor denials: 3 (since')),
+ (['--filter.operation', 'file.*'], (0, 'AppArmor denials: 5 (since')),
+ (['--filter.operation', 'profile_load'], (0, 'AppArmor denials: 0 (since')),
+ (['--filter.operation', 'profile_replace'], (0, 'AppArmor denials: 0 (since')),
+ (['--filter.operation', 'bar'], (0, 'AppArmor denials: 0 (since')),
+ (['--filter.operation', 'userns_create'], (0, 'AppArmor denials: 0 (since')),
+ )
+ login_params = ['-f', self.test_logfile_last_login, '-l']
+
+ for test in operation_tests:
+ params = test[0]
+ expected = test[1]
+
+ with self.subTest(params=params, expected=expected):
+ expected_return_code = expected[0]
+ expected_output_has = expected[1]
+
+ return_code, output = cmd(aanotify_bin + login_params + params)
+ if 'ERROR: Could not find last login' in output:
+ self.skipTest('Could not find last login')
+ result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
+ self.assertEqual(expected_return_code, return_code, result + output)
+ result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
+ self.assertIn(expected_output_has, output, result + output)
+
+
+class AANotifyNameFilterTest(AANotifyBase):
+
+ def test_name_regex_since_100_days(self):
+ name_tests = (
+ (['--filter.name', '/bin/uname'], (0, 'AppArmor denials: 4 (since')),
+ (['--filter.name', '/dev/null'], (0, 'AppArmor denials: 2 (since')),
+ (['--filter.name', '/lib/x86_64-linux-gnu/ld-2.27.so'], (0, 'AppArmor denials: 2 (since')),
+ (['--filter.name', '/lib/x86_64-linux-gnu/libc-2.27.so'], (0, 'AppArmor denials: 4 (since')),
+ (['--filter.name', '/etc/ld.so.cache'], (0, 'AppArmor denials: 2 (since')),
+ (['--filter.name', '/usr/lib/locale/locale-archive'], (0, 'AppArmor denials: 2 (since')),
+ (['--filter.name', '/usr/bin/file'], (0, 'AppArmor denials: 4 (since')),
+ (['--filter.name', '/'], (0, 'AppArmor denials: 20 (since')),
+ (['--filter.name', '/.*'], (0, 'AppArmor denials: 20 (since')),
+ (['--filter.name', '.*bin.*'], (0, 'AppArmor denials: 8 (since')),
+ (['--filter.name', '/(usr/)?bin.*'], (0, 'AppArmor denials: 8 (since')),
+ (['--filter.name', '/foo'], (0, 'AppArmor denials: 0 (since')),
+ )
+ days_params = ['-f', self.test_logfile_current, '-s', '100']
+
+ for test in name_tests:
+ params = test[0]
+ expected = test[1]
+
+ with self.subTest(params=params, expected=expected):
+ expected_return_code = expected[0]
+ expected_output_has = expected[1]
+
+ return_code, output = cmd(aanotify_bin + days_params + params)
+ result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
+ self.assertEqual(expected_return_code, return_code, result + output)
+ result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
+ self.assertIn(expected_output_has, output, result + output)
+
+ @unittest.skipUnless(os.path.isfile('/var/log/wtmp'), 'Requires wtmp on system')
+ def test_name_regex_since_login(self):
+ name_tests = (
+ (['--filter.name', '/bin/uname'], (0, 'AppArmor denials: 2 (since')),
+ (['--filter.name', '/dev/null'], (0, 'AppArmor denials: 1 (since')),
+ (['--filter.name', '/lib/x86_64-linux-gnu/ld-2.27.so'], (0, 'AppArmor denials: 1 (since')),
+ (['--filter.name', '/lib/x86_64-linux-gnu/libc-2.27.so'], (0, 'AppArmor denials: 2 (since')),
+ (['--filter.name', '/etc/ld.so.cache'], (0, 'AppArmor denials: 1 (since')),
+ (['--filter.name', '/usr/lib/locale/locale-archive'], (0, 'AppArmor denials: 1 (since')),
+ (['--filter.name', '/usr/bin/file'], (0, 'AppArmor denials: 2 (since')),
+ (['--filter.name', '/'], (0, 'AppArmor denials: 10 (since')),
+ (['--filter.name', '/.*'], (0, 'AppArmor denials: 10 (since')),
+ (['--filter.name', '.*bin.*'], (0, 'AppArmor denials: 4 (since')),
+ (['--filter.name', '/(usr/)?bin.*'], (0, 'AppArmor denials: 4 (since')),
+ (['--filter.name', '/foo'], (0, 'AppArmor denials: 0 (since')),
+ )
+ login_params = ['-f', self.test_logfile_last_login, '-l']
+
+ for test in name_tests:
+ params = test[0]
+ expected = test[1]
+
+ with self.subTest(params=params, expected=expected):
+ expected_return_code = expected[0]
+ expected_output_has = expected[1]
+
+ return_code, output = cmd(aanotify_bin + login_params + params)
+ if 'ERROR: Could not find last login' in output:
+ self.skipTest('Could not find last login')
+ result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
+ self.assertEqual(expected_return_code, return_code, result + output)
+ result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
+ self.assertIn(expected_output_has, output, result + output)
+
+
+class AANotifyDeniedFilterTest(AANotifyBase):
+
+ def test_denied_regex_since_100_days(self):
+ denied_tests = (
+ (['--filter.denied', 'x'], (0, 'AppArmor denials: 4 (since')),
+ (['--filter.denied', 'w'], (0, 'AppArmor denials: 2 (since')),
+ (['--filter.denied', 'rm'], (0, 'AppArmor denials: 8 (since')),
+ (['--filter.denied', 'r'], (0, 'AppArmor denials: 14 (since')),
+ (['--filter.denied', '^r$'], (0, 'AppArmor denials: 6 (since')),
+ (['--filter.denied', 'x|w'], (0, 'AppArmor denials: 6 (since')),
+ (['--filter.denied', '^(?!rm).*'], (0, 'AppArmor denials: 12 (since')),
+ (['--filter.denied', '.(?!m).*'], (0, 'AppArmor denials: 12 (since')),
+ (['--filter.denied', 'r.?'], (0, 'AppArmor denials: 14 (since')),
+ )
+ days_params = ['-f', self.test_logfile_current, '-s', '100']
+
+ for test in denied_tests:
+ params = test[0]
+ expected = test[1]
+
+ with self.subTest(params=params, expected=expected):
+ expected_return_code = expected[0]
+ expected_output_has = expected[1]
+
+ return_code, output = cmd(aanotify_bin + days_params + params)
+ result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
+ self.assertEqual(expected_return_code, return_code, result + output)
+ result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
+ self.assertIn(expected_output_has, output, result + output)
+
+ @unittest.skipUnless(os.path.isfile('/var/log/wtmp'), 'Requires wtmp on system')
+ def test_denied_regex_since_login(self):
+ denied_tests = (
+ (['--filter.denied', 'x'], (0, 'AppArmor denials: 2 (since')),
+ (['--filter.denied', 'w'], (0, 'AppArmor denials: 1 (since')),
+ (['--filter.denied', 'rm'], (0, 'AppArmor denials: 4 (since')),
+ (['--filter.denied', 'r'], (0, 'AppArmor denials: 7 (since')),
+ (['--filter.denied', '^r$'], (0, 'AppArmor denials: 3 (since')),
+ (['--filter.denied', 'x|w'], (0, 'AppArmor denials: 3 (since')),
+ (['--filter.denied', '^(?!rm).*'], (0, 'AppArmor denials: 6 (since')),
+ (['--filter.denied', '.(?!m).*'], (0, 'AppArmor denials: 6 (since')),
+ (['--filter.denied', 'r.?'], (0, 'AppArmor denials: 7 (since')),
+ )
+ login_params = ['-f', self.test_logfile_last_login, '-l']
+
+ for test in denied_tests:
+ params = test[0]
+ expected = test[1]
+
+ with self.subTest(params=params, expected=expected):
+ expected_return_code = expected[0]
+ expected_output_has = expected[1]
+
+ return_code, output = cmd(aanotify_bin + login_params + params)
+ if 'ERROR: Could not find last login' in output:
+ self.skipTest('Could not find last login')
+ result = 'Got return code {}, expected {}\n'.format(return_code, expected_return_code)
+ self.assertEqual(expected_return_code, return_code, result + output)
+ result = 'Got output "{}", expected "{}"\n'.format(output, expected_output_has)
+ self.assertIn(expected_output_has, output, result + output)
+
+
setup_aa(aa) # Wrapper for aa.init_aa()
setup_all_loops(__name__)
if __name__ == '__main__':
if 'APPARMOR_NOTIFY' in os.environ:
- aanotify_bin = os.environ['APPARMOR_NOTIFY']
+ aanotify_bin = [os.environ['APPARMOR_NOTIFY']]
+
+ if sys.executable:
+ aanotify_bin = [sys.executable] + aanotify_bin
if '__AA_CONFDIR' in os.environ:
aanotify_bin = aanotify_bin + ['--configdir', os.getenv('__AA_CONFDIR')]
diff --git a/utils/test/test-aa.py b/utils/test/test-aa.py
index 13f203bd11af2d524fc67825b9bdbfd62172fad4..9ca9f59f91a855936a04b9b436bdbfce1db73d24 100644
--- a/utils/test/test-aa.py
+++ b/utils/test/test-aa.py
@@ -15,7 +15,7 @@ import unittest
import apparmor.aa # needed to set global vars in some tests
from apparmor.aa import (
- change_profile_flags, check_for_apparmor, create_new_profile, get_file_perms, get_interpreter_and_abstraction, get_output, get_profile_flags, get_reqs,
+ change_profile_flags, check_for_apparmor, create_new_profile, get_file_perms, get_interpreter_and_abstraction, get_profile_flags,
merged_to_split, parse_profile_data, propose_file_rules, set_options_audit_mode, set_options_owner_mode, split_to_merged)
from apparmor.aare import AARE
from apparmor.common import AppArmorBug, AppArmorException, is_skippable_file
@@ -59,7 +59,7 @@ class AaTest_check_for_apparmor(AaTestWithTempdir):
def test_check_for_apparmor_securityfs_invalid_filesystems(self):
filesystems = ''
- mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS % self.tmpdir)
+ mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS % (self.tmpdir,))
self.assertEqual(None, check_for_apparmor(filesystems, mounts))
def test_check_for_apparmor_securityfs_invalid_mounts(self):
@@ -69,40 +69,13 @@ class AaTest_check_for_apparmor(AaTestWithTempdir):
def test_check_for_apparmor_invalid_securityfs_path(self):
filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITH_SECURITYFS)
- mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS % 'xxx')
+ mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS % ('xxx',))
self.assertEqual(None, check_for_apparmor(filesystems, mounts))
def test_check_for_apparmor_securityfs_mounted(self):
filesystems = write_file(self.tmpdir, 'filesystems', self.FILESYSTEMS_WITH_SECURITYFS)
- mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS % self.tmpdir)
- self.assertEqual('%s/security/apparmor' % self.tmpdir, check_for_apparmor(filesystems, mounts))
-
-
-class AATest_get_output(AATest):
- tests = (
- (('./fake_ldd', '/AATest/lib64/libc-2.22.so'), (0, [' /AATest/lib64/ld-linux-x86-64.so.2 (0x0000556858473000)', ' linux-vdso.so.1 (0x00007ffe98912000)'])),
- (('./fake_ldd', '/tmp/aa-test-foo'), (0, [' not a dynamic executable'])),
- (('./fake_ldd', 'invalid'), (1, [])), # stderr is not part of output
- )
-
- def _run_test(self, params, expected):
- self.assertEqual(get_output(params), expected)
-
- def test_get_output_nonexisting(self):
- with self.assertRaises(AppArmorException):
- ret, output = get_output(('./_file_/_not_/_found_',))
-
-
-class AATest_get_reqs(AATest):
- tests = (
- ('/AATest/bin/bash', ['/AATest/lib64/libreadline.so.6', '/AATest/lib64/libtinfo.so.6', '/AATest/lib64/libdl.so.2', '/AATest/lib64/libc.so.6', '/AATest/lib64/ld-linux-x86-64.so.2']),
- ('/tmp/aa-test-foo', []),
- ('/AATest/sbin/ldconfig', []), # comes with $? == 1
- )
-
- def _run_test(self, params, expected):
- apparmor.aa.cfg['settings']['ldd'] = './fake_ldd'
- self.assertEqual(get_reqs(params), expected)
+ mounts = write_file(self.tmpdir, 'mounts', self.MOUNTS_WITH_SECURITYFS % (self.tmpdir,))
+ self.assertEqual(self.tmpdir + '/security/apparmor', check_for_apparmor(filesystems, mounts))
class AaTest_create_new_profile(AATest):
@@ -114,12 +87,10 @@ class AaTest_create_new_profile(AATest):
)
def _run_test(self, params, expected):
- apparmor.aa.cfg['settings']['ldd'] = './fake_ldd'
-
self.createTmpdir()
# copy the local profiles to the test directory
- self.profile_dir = '%s/profiles' % self.tmpdir
+ self.profile_dir = self.tmpdir + '/profiles'
shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
# load the abstractions we need in the test
@@ -139,22 +110,19 @@ class AaTest_create_new_profile(AATest):
expected_profiles = []
for prof in exp_profiles:
- expected_profiles.append('%s/%s' % (self.tmpdir, prof)) # actual profile names start with tmpdir, prepend it to the expected profile names
+ expected_profiles.append('{}/{}'.format(self.tmpdir, prof)) # actual profile names start with tmpdir, prepend it to the expected profile names
self.assertEqual(list(profile.keys()), expected_profiles)
if exp_interpreter_path:
self.assertEqual(
set(profile[program]['file'].get_clean()),
- {'%s ix,' % exp_interpreter_path, '%s r,' % program, '',
- '/AATest/lib64/libtinfo.so.* mr,', '/AATest/lib64/libc.so.* mr,',
- '/AATest/lib64/libdl.so.* mr,', '/AATest/lib64/libreadline.so.* mr,',
- '/AATest/lib64/ld-linux-x86-64.so.* mr,'})
+ {'{} ix,'.format(exp_interpreter_path), '{} r,'.format(program), ''})
else:
- self.assertEqual(set(profile[program]['file'].get_clean()), {'%s mr,' % program, ''})
+ self.assertEqual(set(profile[program]['file'].get_clean()), {'{} mr,'.format(program), ''})
if exp_abstraction:
- self.assertEqual(profile[program]['inc_ie'].get_clean(), ['include <abstractions/base>', 'include <%s>' % exp_abstraction, ''])
+ self.assertEqual(profile[program]['inc_ie'].get_clean(), ['include <abstractions/base>', 'include <{}>'.format(exp_abstraction), ''])
else:
self.assertEqual(profile[program]['inc_ie'].get_clean(), ['include <abstractions/base>', ''])
@@ -183,7 +151,7 @@ class AaTest_get_interpreter_and_abstraction(AATest):
def _run_test(self, params, expected):
exp_interpreter_path, exp_abstraction = expected
- program = self.writeTmpfile('program', "%s\nfoo\nbar" % params)
+ program = self.writeTmpfile('program', params + "\nfoo\nbar")
interpreter_path, abstraction = get_interpreter_and_abstraction(program)
# damn symlinks!
@@ -198,32 +166,38 @@ class AaTest_get_interpreter_and_abstraction(AATest):
def test_file_not_found(self):
self.createTmpdir()
- self.assertEqual((None, None), get_interpreter_and_abstraction('%s/file-not-found' % self.tmpdir))
+ self.assertEqual((None, None), get_interpreter_and_abstraction(self.tmpdir + '/file-not-found'))
class AaTest_get_profile_flags(AaTestWithTempdir):
def _test_get_flags(self, profile_header, expected_flags):
- file = write_file(self.tmpdir, 'profile', '%s {\n}\n' % profile_header)
+ file = write_file(self.tmpdir, 'profile', profile_header + ' {\n}\n')
flags = get_profile_flags(file, '/foo')
self.assertEqual(flags, expected_flags)
def test_get_flags_01(self):
self._test_get_flags('/foo', None)
+
def test_get_flags_02(self):
self._test_get_flags('/foo ( complain )', ' complain ')
+
def test_get_flags_04(self):
self._test_get_flags('/foo (complain)', 'complain')
+
def test_get_flags_05(self):
self._test_get_flags('/foo flags=(complain)', 'complain')
+
def test_get_flags_06(self):
self._test_get_flags('/foo flags=(complain, audit)', 'complain, audit')
def test_get_flags_invalid_01(self):
with self.assertRaises(AppArmorException):
self._test_get_flags('/foo ()', None)
+
def test_get_flags_invalid_02(self):
with self.assertRaises(AppArmorException):
self._test_get_flags('/foo flags=()', None)
+
def test_get_flags_invalid_03(self):
with self.assertRaises(AppArmorException):
self._test_get_flags('/foo ( )', ' ')
@@ -238,10 +212,10 @@ class AaTest_change_profile_flags(AaTestWithTempdir):
self, profile, old_flags, flags_to_change, set_flag, expected_flags, whitespace='',
comment='', more_rules='', expected_more_rules='@-@-@', check_new_flags=True, profile_name='/foo'):
if old_flags:
- old_flags = ' %s' % old_flags
+ old_flags = ' ' + old_flags
if expected_flags:
- expected_flags = ' flags=(%s)' % (expected_flags)
+ expected_flags = ' flags=({})'.format(expected_flags)
else:
expected_flags = ''
@@ -249,7 +223,7 @@ class AaTest_change_profile_flags(AaTestWithTempdir):
expected_more_rules = more_rules
if comment:
- comment = ' %s' % comment
+ comment = ' ' + comment
dummy_profile_content = ' #include <abstractions/base>\n capability chown,\n /bar r,'
prof_template = '%s%s%s {%s\n%s\n%s\n}\n'
@@ -265,24 +239,34 @@ class AaTest_change_profile_flags(AaTestWithTempdir):
# tests that actually don't change the flags
def test_change_profile_flags_nochange_02(self):
self._test_change_profile_flags('/foo', '( complain )', 'complain', True, 'complain', whitespace=' ')
+
def test_change_profile_flags_nochange_03(self):
self._test_change_profile_flags('/foo', '(complain)', 'complain', True, 'complain')
+
def test_change_profile_flags_nochange_04(self):
self._test_change_profile_flags('/foo', 'flags=(complain)', 'complain', True, 'complain')
+
def test_change_profile_flags_nochange_05(self):
self._test_change_profile_flags('/foo', 'flags=(complain, audit)', 'complain', True, 'audit, complain', whitespace=' ')
+
def test_change_profile_flags_nochange_06(self):
self._test_change_profile_flags('/foo', 'flags=(complain, audit)', 'complain', True, 'audit, complain', whitespace=' ', comment='# a comment')
+
def test_change_profile_flags_nochange_07(self):
self._test_change_profile_flags('/foo', 'flags=(complain, audit)', 'audit', True, 'audit, complain', whitespace=' ', more_rules=' # a comment\n#another comment')
+
def test_change_profile_flags_nochange_08(self):
self._test_change_profile_flags('profile /foo', 'flags=(complain)', 'complain', True, 'complain')
+
def test_change_profile_flags_nochange_09(self):
self._test_change_profile_flags('profile xy /foo', 'flags=(complain)', 'complain', True, 'complain', profile_name='xy')
+
def test_change_profile_flags_nochange_10(self):
self._test_change_profile_flags('profile "/foo bar"', 'flags=(complain)', 'complain', True, 'complain', profile_name='/foo bar')
+
def test_change_profile_flags_nochange_11(self):
self._test_change_profile_flags('/foo', '(complain)', 'complain', True, 'complain', profile_name=None)
+
def test_change_profile_flags_nochange_12(self):
# XXX changes the flags for the child profile (which happens to have the same profile name) to 'complain'
self._test_change_profile_flags('/foo', 'flags=(complain)', 'complain', True, 'complain', more_rules=' profile /foo {\n}', expected_more_rules=' profile /foo flags=(complain) {\n}')
@@ -290,26 +274,37 @@ class AaTest_change_profile_flags(AaTestWithTempdir):
# tests that change the flags
def test_change_profile_flags_01(self):
self._test_change_profile_flags('/foo', '', 'audit', True, 'audit')
+
def test_change_profile_flags_02(self):
self._test_change_profile_flags('/foo', '( complain )', 'audit', True, 'audit, complain', whitespace=' ')
+
def test_change_profile_flags_04(self):
self._test_change_profile_flags('/foo', '(complain)', 'audit', True, 'audit, complain')
+
def test_change_profile_flags_05(self):
self._test_change_profile_flags('/foo', 'flags=(complain)', 'audit', True, 'audit, complain')
+
def test_change_profile_flags_06(self):
self._test_change_profile_flags('/foo', 'flags=(complain, audit)', 'complain', False, 'audit', whitespace=' ')
+
def test_change_profile_flags_07(self):
self._test_change_profile_flags('/foo', 'flags=(complain, audit)', 'audit', False, 'complain')
+
def test_change_profile_flags_08(self):
self._test_change_profile_flags('/foo', '( complain )', 'audit', True, 'audit, complain', whitespace=' ', profile_name=None)
+
def test_change_profile_flags_09(self):
self._test_change_profile_flags('profile /foo', 'flags=(complain)', 'audit', True, 'audit, complain')
+
def test_change_profile_flags_10(self):
self._test_change_profile_flags('profile xy /foo', 'flags=(complain)', 'audit', True, 'audit, complain', profile_name='xy')
+
def test_change_profile_flags_11(self):
self._test_change_profile_flags('profile "/foo bar"', 'flags=(complain)', 'audit', True, 'audit, complain', profile_name='/foo bar')
+
def test_change_profile_flags_12(self):
self._test_change_profile_flags('profile xy "/foo bar"', 'flags=(complain)', 'audit', True, 'audit, complain', profile_name='xy')
+
def test_change_profile_flags_13(self):
self._test_change_profile_flags('/foo', '(audit)', 'audit', False, '')
@@ -370,12 +365,15 @@ class AaTest_change_profile_flags(AaTestWithTempdir):
def test_change_profile_flags_invalid_01(self):
with self.assertRaises(AppArmorBug):
self._test_change_profile_flags('/foo', '()', None, False, '', check_new_flags=False)
+
def test_change_profile_flags_invalid_02(self):
with self.assertRaises(AppArmorBug):
self._test_change_profile_flags('/foo', 'flags=()', None, True, '', check_new_flags=False)
+
def test_change_profile_flags_invalid_03(self):
with self.assertRaises(AppArmorBug):
self._test_change_profile_flags('/foo', '( )', '', True, '', check_new_flags=False)
+
def test_change_profile_flags_invalid_04(self):
with self.assertRaises(AppArmorBug):
self._test_change_profile_flags('/foo', 'flags=(complain, audit)', ' ', True, 'audit, complain', check_new_flags=False) # whitespace-only newflags
@@ -406,16 +404,16 @@ class AaTest_change_profile_flags(AaTestWithTempdir):
def test_change_profile_flags_file_not_found(self):
with self.assertRaises(IOError):
- change_profile_flags('%s/file-not-found' % self.tmpdir, '/foo', 'audit', True)
+ change_profile_flags(self.tmpdir + '/file-not-found', '/foo', 'audit', True)
class AaTest_set_options_audit_mode(AATest):
tests = (
- ((FileRule.parse('audit /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']),
- ((FileRule.parse('audit /foo/bar r,'), ['/foo/bar r,', 'audit /foo/* r,', 'audit /** r,']), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']),
- ((FileRule.parse('/foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
- ((FileRule.parse('/foo/bar r,'), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
- ((FileRule.parse('audit /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '#include <abstractions/base>']), ['audit /foo/bar r,', 'audit /foo/* r,', '#include <abstractions/base>']),
+ ((FileRule.create_instance('audit /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']),
+ ((FileRule.create_instance('audit /foo/bar r,'), ['/foo/bar r,', 'audit /foo/* r,', 'audit /** r,']), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']),
+ ((FileRule.create_instance('/foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
+ ((FileRule.create_instance('/foo/bar r,'), ['audit /foo/bar r,', 'audit /foo/* r,', 'audit /** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
+ ((FileRule.create_instance('audit /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '#include <abstractions/base>']), ['audit /foo/bar r,', 'audit /foo/* r,', '#include <abstractions/base>']),
)
def _run_test(self, params, expected):
@@ -426,11 +424,11 @@ class AaTest_set_options_audit_mode(AATest):
class AaTest_set_options_owner_mode(AATest):
tests = (
- ((FileRule.parse('owner /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']),
- ((FileRule.parse('owner /foo/bar r,'), ['/foo/bar r,', 'owner /foo/* r,', 'owner /** r,']), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']),
- ((FileRule.parse('/foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
- ((FileRule.parse('/foo/bar r,'), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
- ((FileRule.parse('audit owner /foo/bar r,'), ['audit /foo/bar r,', 'audit /foo/* r,', '#include <abstractions/base>']), ['audit owner /foo/bar r,', 'audit owner /foo/* r,', '#include <abstractions/base>']),
+ ((FileRule.create_instance('owner /foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']),
+ ((FileRule.create_instance('owner /foo/bar r,'), ['/foo/bar r,', 'owner /foo/* r,', 'owner /** r,']), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']),
+ ((FileRule.create_instance('/foo/bar r,'), ['/foo/bar r,', '/foo/* r,', '/** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
+ ((FileRule.create_instance('/foo/bar r,'), ['owner /foo/bar r,', 'owner /foo/* r,', 'owner /** r,']), ['/foo/bar r,', '/foo/* r,', '/** r,']),
+ ((FileRule.create_instance('audit owner /foo/bar r,'), ['audit /foo/bar r,', 'audit /foo/* r,', '#include <abstractions/base>']), ['audit owner /foo/bar r,', 'audit owner /foo/* r,', '#include <abstractions/base>']),
)
def _run_test(self, params, expected):
@@ -442,48 +440,68 @@ class AaTest_set_options_owner_mode(AATest):
class AaTest_is_skippable_file(AATest):
def test_not_skippable_01(self):
self.assertFalse(is_skippable_file('bin.ping'))
+
def test_not_skippable_02(self):
self.assertFalse(is_skippable_file('usr.lib.dovecot.anvil'))
+
def test_not_skippable_03(self):
self.assertFalse(is_skippable_file('bin.~ping'))
+
def test_not_skippable_04(self):
self.assertFalse(is_skippable_file('bin.rpmsave.ping'))
+
def test_not_skippable_05(self):
# normally is_skippable_file should be called without directory, but it shouldn't hurt too much
self.assertFalse(is_skippable_file('/etc/apparmor.d/bin.ping'))
+
def test_not_skippable_06(self):
self.assertFalse(is_skippable_file('bin.pingrej'))
def test_skippable_01(self):
self.assertTrue(is_skippable_file('bin.ping.dpkg-new'))
+
def test_skippable_02(self):
self.assertTrue(is_skippable_file('bin.ping.dpkg-old'))
+
def test_skippable_03(self):
self.assertTrue(is_skippable_file('bin.ping..dpkg-dist'))
+
def test_skippable_04(self):
self.assertTrue(is_skippable_file('bin.ping..dpkg-bak'))
+
def test_skippable_05(self):
self.assertTrue(is_skippable_file('bin.ping.dpkg-remove'))
+
def test_skippable_06(self):
self.assertTrue(is_skippable_file('bin.ping.pacsave'))
+
def test_skippable_07(self):
self.assertTrue(is_skippable_file('bin.ping.pacnew'))
+
def test_skippable_08(self):
self.assertTrue(is_skippable_file('bin.ping.rpmnew'))
+
def test_skippable_09(self):
self.assertTrue(is_skippable_file('bin.ping.rpmsave'))
+
def test_skippable_10(self):
self.assertTrue(is_skippable_file('bin.ping.orig'))
+
def test_skippable_11(self):
self.assertTrue(is_skippable_file('bin.ping.rej'))
+
def test_skippable_12(self):
self.assertTrue(is_skippable_file('bin.ping~'))
+
def test_skippable_13(self):
self.assertTrue(is_skippable_file('.bin.ping'))
+
def test_skippable_14(self):
self.assertTrue(is_skippable_file('')) # empty filename
+
def test_skippable_15(self):
self.assertTrue(is_skippable_file('/etc/apparmor.d/')) # directory without filename
+
def test_skippable_16(self):
self.assertTrue(is_skippable_file('README'))
@@ -561,15 +579,15 @@ class AaTest_get_file_perms_1(AATest):
self.createTmpdir()
# copy the local profiles to the test directory
- self.profile_dir = '%s/profiles' % self.tmpdir
+ self.profile_dir = self.tmpdir + '/profiles'
shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
# simple profile without any includes
- profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/** w,'))
- profile['file'].add(FileRule.parse('/dev/null rwk,'))
- profile['file'].add(FileRule.parse('/foo/bar rwix,'))
+ profile['file'].add(FileRule.create_instance('owner /usr/share/common-licenses/** w,'))
+ profile['file'].add(FileRule.create_instance('/dev/null rwk,'))
+ profile['file'].add(FileRule.create_instance('/foo/bar rwix,'))
perms = get_file_perms(profile, params, False, False) # only testing with audit and deny = False
self.assertEqual(perms, expected)
@@ -590,7 +608,7 @@ class AaTest_get_file_perms_2(AATest):
self.createTmpdir()
# copy the local profiles to the test directory
- self.profile_dir = '%s/profiles' % self.tmpdir
+ self.profile_dir = self.tmpdir + '/profiles'
shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
# load the abstractions we need in the test
@@ -601,14 +619,14 @@ class AaTest_get_file_perms_2(AATest):
apparmor.aa.load_include(os.path.join(self.profile_dir, 'abstractions/aspell'))
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
- profile['inc_ie'].add(IncludeRule.parse('include <abstractions/base>'))
- profile['inc_ie'].add(IncludeRule.parse('include <abstractions/bash>'))
- profile['inc_ie'].add(IncludeRule.parse('include <abstractions/enchant>'))
+ profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/base>'))
+ profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/bash>'))
+ profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/enchant>'))
- profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/** w,'))
- profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/what/ever a,')) # covered by the above 'w' rule, so 'a' should be ignored
- profile['file'].add(FileRule.parse('/dev/null rwk,'))
- profile['file'].add(FileRule.parse('/foo/bar rwix,'))
+ profile['file'].add(FileRule.create_instance('owner /usr/share/common-licenses/** w,'))
+ profile['file'].add(FileRule.create_instance('owner /usr/share/common-licenses/what/ever a,')) # covered by the above 'w' rule, so 'a' should be ignored
+ profile['file'].add(FileRule.create_instance('/dev/null rwk,'))
+ profile['file'].add(FileRule.create_instance('/foo/bar rwix,'))
perms = get_file_perms(profile, params, False, False) # only testing with audit and deny = False
self.assertEqual(perms, expected)
@@ -629,7 +647,7 @@ class AaTest_propose_file_rules(AATest):
self.createTmpdir()
# copy the local profiles to the test directory
- self.profile_dir = '%s/profiles' % self.tmpdir
+ self.profile_dir = self.tmpdir + '/profiles'
shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
# load the abstractions we need in the test
@@ -644,14 +662,14 @@ class AaTest_propose_file_rules(AATest):
apparmor.aa.user_globs['/no/thi*ng'] = AARE('/no/thi*ng', True)
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
- profile['inc_ie'].add(IncludeRule.parse('include <abstractions/base>'))
- profile['inc_ie'].add(IncludeRule.parse('include <abstractions/bash>'))
- profile['inc_ie'].add(IncludeRule.parse('include <abstractions/enchant>'))
+ profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/base>'))
+ profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/bash>'))
+ profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/enchant>'))
- profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/** w,'))
- profile['file'].add(FileRule.parse('/dev/null rwk,'))
- profile['file'].add(FileRule.parse('/foo/bar rwix,'))
- profile['file'].add(FileRule.parse('/foo/log a,')) # will be replaced with '/foo/log w,' (not 'wa')
+ profile['file'].add(FileRule.create_instance('owner /usr/share/common-licenses/** w,'))
+ profile['file'].add(FileRule.create_instance('/dev/null rwk,'))
+ profile['file'].add(FileRule.create_instance('/foo/bar rwix,'))
+ profile['file'].add(FileRule.create_instance('/foo/log a,')) # will be replaced with '/foo/log w,' (not 'wa')
rule_obj = FileRule(params[0], params[1], None, FileRule.ALL, owner=False, log_event=True)
proposals = propose_file_rules(profile, rule_obj)
@@ -671,7 +689,7 @@ class AaTest_propose_file_rules_with_absolute_includes(AATest):
self.createTmpdir()
# copy the local profiles to the test directory
- self.profile_dir = '%s/profiles' % self.tmpdir
+ self.profile_dir = self.tmpdir + '/profiles'
shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
# load the abstractions we need in the test
@@ -688,10 +706,10 @@ class AaTest_propose_file_rules_with_absolute_includes(AATest):
apparmor.aa.load_include(abs_include3)
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
- profile['inc_ie'].add(IncludeRule.parse('include <abstractions/base>'))
- profile['inc_ie'].add(IncludeRule.parse('include "%s"' % abs_include1))
- profile['inc_ie'].add(IncludeRule.parse('include "%s"' % abs_include2))
- profile['inc_ie'].add(IncludeRule.parse('include "%s"' % abs_include3))
+ profile['inc_ie'].add(IncludeRule.create_instance('include <abstractions/base>'))
+ profile['inc_ie'].add(IncludeRule.create_instance('include "{}"'.format(abs_include1)))
+ profile['inc_ie'].add(IncludeRule.create_instance('include "{}"'.format(abs_include2)))
+ profile['inc_ie'].add(IncludeRule.create_instance('include "{}"'.format(abs_include3)))
rule_obj = FileRule(params[0], params[1], None, FileRule.ALL, owner=False, log_event=True)
proposals = propose_file_rules(profile, rule_obj)
diff --git a/utils/test/test-aare.py b/utils/test/test-aare.py
index 7198470bbb07fe5363798e9e3b346908085b93ef..1593bfca298902a427aad727955e53cd50ea85cd 100644
--- a/utils/test/test-aare.py
+++ b/utils/test/test-aare.py
@@ -138,12 +138,12 @@ class TestConvert_regexpAndAAREMatch(AATest):
def _run_test(self, params, expected):
regex, path = params
parsed_regex = re.compile(convert_regexp(regex))
- self.assertEqual(bool(parsed_regex.search(path)), expected, 'Incorrectly Parsed regex: %s' % regex)
+ self.assertEqual(bool(parsed_regex.search(path)), expected, 'Incorrectly Parsed regex: ' + regex)
aare_obj = AARE(regex, True)
- self.assertEqual(aare_obj.match(path), expected, 'Incorrectly parsed AARE object: %s' % regex)
+ self.assertEqual(aare_obj.match(path), expected, 'Incorrectly parsed AARE object: ' + regex)
if not ('*' in path or '{' in path or '}' in path or '?' in path):
- self.assertEqual(aare_obj.match(AARE(path, False)), expected, 'Incorrectly parsed AARE object: AARE(%s)' % regex)
+ self.assertEqual(aare_obj.match(AARE(path, False)), expected, 'Incorrectly parsed AARE object: AARE({})'.format(regex))
def test_multi_usage(self):
aare_obj = AARE('/foo/*', True)
@@ -211,6 +211,27 @@ class TestAAREIsEqual(AATest):
aare_obj.is_equal(42)
+class TestAAREIs_eq(AATest):
+ tests = (
+ # regex is path? check for expected
+ (('/foo', True, '/foo'), True),
+ (('@{foo}', True, '@{foo}'), True),
+ (('/**', True, '/foo'), False),
+ )
+
+ def _run_test(self, params, expected):
+ regex, is_path, check_for = params
+ aare_obj_1 = AARE(regex, is_path)
+ aare_obj_2 = AARE(check_for, is_path)
+
+ self.assertEqual(aare_obj_1 == aare_obj_2, expected)
+ self.assertFalse(aare_obj_1 == check_for)
+
+ def test_is_eq_invalid_1(self):
+ aare_obj = AARE('/foo/**', True)
+ self.assertFalse(aare_obj == 42)
+
+
class TestAAREIsPath(AATest):
tests = (
# regex is path? match for expected
diff --git a/utils/test/test-abi.py b/utils/test/test-abi.py
index 5fad6d72b3d14386c5d7400adb6b6682fee59e24..339da00a1f7612e1b19f354c32ea2d4a7032100d 100644
--- a/utils/test/test-abi.py
+++ b/utils/test/test-abi.py
@@ -18,8 +18,6 @@ from collections import namedtuple
from common_test import AATest, setup_all_loops
from apparmor.common import AppArmorBug, AppArmorException
-# from apparmor.logparser import ReadLog
-# from apparmor.rule import BaseRule
from apparmor.rule.abi import AbiRule, AbiRuleset
from apparmor.translations import init_translation
@@ -27,7 +25,7 @@ _ = init_translation()
exp = namedtuple(
'exp', ( # 'audit', 'allow_keyword', 'deny',
- 'comment', 'path', 'ifexists', 'ismagic'))
+ 'comment', 'path', 'ifexists', 'ismagic'))
# --- tests for single AbiRule --- #
@@ -60,7 +58,7 @@ class AbiTestParse(AbiTest):
def _run_test(self, rawrule, expected):
self.assertTrue(AbiRule.match(rawrule))
- obj = AbiRule.parse(rawrule)
+ obj = AbiRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@@ -76,7 +74,7 @@ class AbiTestParseInvalid(AbiTest):
def _run_test(self, rawrule, expected):
self.assertTrue(AbiRule.match(rawrule)) # the above invalid rules still match the main regex!
with self.assertRaises(expected):
- AbiRule.parse(rawrule)
+ AbiRule.create_instance(rawrule)
# class AbiTestParseFromLog(AbiTest): # we'll never have log events for abi
@@ -142,7 +140,7 @@ class InvalidAbiTest(AATest):
obj = None
self.assertEqual(AbiRule.match(rawrule), matches_regex)
with self.assertRaises(AppArmorException):
- obj = AbiRule.parse(rawrule)
+ obj = AbiRule.create_instance(rawrule)
self.assertIsNone(obj, 'AbiRule handed back an object unexpectedly')
@@ -163,7 +161,7 @@ class InvalidAbiTest(AATest):
class WriteAbiTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(AbiRule.match(rawrule))
- obj = AbiRule.parse(rawrule)
+ obj = AbiRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@@ -196,16 +194,16 @@ class WriteAbiTestAATest(AATest):
class AbiCoveredTest(AATest):
def _run_test(self, param, expected):
- obj = AbiRule.parse(self.rule)
- check_obj = AbiRule.parse(param)
+ obj = AbiRule.create_instance(self.rule)
+ check_obj = AbiRule.create_instance(param)
self.assertTrue(AbiRule.match(param))
- self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected %s' % expected[0])
- self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected %s' % expected[1])
+ self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected {}'.format(expected[0]))
+ self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected {}'.format(expected[1]))
- self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected %s' % expected[2])
- self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected %s' % expected[3])
+ self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected {}'.format(expected[2]))
+ self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected {}'.format(expected[3]))
class AbiCoveredTest_01(AbiCoveredTest):
@@ -234,7 +232,7 @@ class AbiCoveredTest_02(AbiCoveredTest):
# class AbiCoveredTest_Invalid(AATest):
# def test_borked_obj_is_covered_1(self):
-# obj = AbiRule.parse('abi <foo>')
+# obj = AbiRule.create_instance('abi <foo>')
#
# testobj = AbiRule('foo', True, True)
# testobj.path = ''
@@ -243,7 +241,7 @@ class AbiCoveredTest_02(AbiCoveredTest):
# obj.is_covered(testobj)
#
# def test_borked_obj_is_covered_2(self):
-# obj = AbiRule.parse('abi send set=quit peer=/foo,')
+# obj = AbiRule.create_instance('abi send set=quit peer=/foo,')
#
# testobj = AbiRule('send', 'quit', '/foo')
# testobj.abi = ''
@@ -252,7 +250,7 @@ class AbiCoveredTest_02(AbiCoveredTest):
# obj.is_covered(testobj)
#
# def test_borked_obj_is_covered_3(self):
-# obj = AbiRule.parse('abi send set=quit peer=/foo,')
+# obj = AbiRule.create_instance('abi send set=quit peer=/foo,')
#
# testobj = AbiRule('send', 'quit', '/foo')
# testobj.peer = ''
@@ -261,18 +259,22 @@ class AbiCoveredTest_02(AbiCoveredTest):
# obj.is_covered(testobj)
#
# def test_invalid_is_covered(self):
-# obj = AbiRule.parse('abi send,')
-#
-# testobj = BaseRule() # different type
+# raw_rule = 'abi send,'
+# class SomeOtherClass(AbiRule):
+# pass
#
+# obj = AbiRule.create_instance(raw_rule)
+# testobj = SomeOtherClass.create_instance(raw_rule) # different type
# with self.assertRaises(AppArmorBug):
# obj.is_covered(testobj)
#
# def test_invalid_is_equal(self):
-# obj = AbiRule.parse('abi send,')
-#
-# testobj = BaseRule() # different type
+# raw_rule = 'abi send,'
+# class SomeOtherClass(AbiRule):
+# pass
#
+# obj = AbiRule.create_instance(raw_rule)
+# testobj = SomeOtherClass.create_instance(raw_rule) # different type
# with self.assertRaises(AppArmorBug):
# obj.is_equal(testobj)
@@ -284,11 +286,11 @@ class AbiLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
- obj = AbiRule.parse(params)
+ obj = AbiRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
-## --- tests for AbiRuleset --- #
+# --- tests for AbiRuleset --- #
class AbiRulesTest(AATest):
def test_empty_ruleset(self):
@@ -326,7 +328,7 @@ class AbiRulesTest(AATest):
]
for rule in rules:
- ruleset.add(AbiRule.parse(rule))
+ ruleset.add(AbiRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
diff --git a/utils/test/test-alias.py b/utils/test/test-alias.py
index 6448ab2e207d89b806ae90a12a9a27442b452f72..74f72bcc79bf1fea5221bc9bfef973b5f2757cbb 100644
--- a/utils/test/test-alias.py
+++ b/utils/test/test-alias.py
@@ -17,7 +17,6 @@ import unittest
from collections import namedtuple
from apparmor.common import AppArmorBug, AppArmorException
-from apparmor.rule import BaseRule
from apparmor.rule.alias import AliasRule, AliasRuleset
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -51,7 +50,7 @@ class AliasTestParse(AliasTest):
def _run_test(self, rawrule, expected):
self.assertTrue(AliasRule.match(rawrule))
- obj = AliasRule.parse(rawrule)
+ obj = AliasRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@@ -69,7 +68,7 @@ class AliasTestParseInvalid(AliasTest):
def _run_test(self, rawrule, expected):
self.assertEqual(AliasRule.match(rawrule), expected[0])
with self.assertRaises(expected[1]):
- AliasRule.parse(rawrule)
+ AliasRule.create_instance(rawrule)
class AliasFromInit(AliasTest):
@@ -121,7 +120,7 @@ class InvalidAliasTest(AATest):
obj = None
self.assertEqual(AliasRule.match(rawrule), matches_regex)
with self.assertRaises(AppArmorException):
- obj = AliasRule.parse(rawrule)
+ obj = AliasRule.create_instance(rawrule)
self.assertIsNone(obj, 'AliasRule handed back an object unexpectedly')
@@ -146,7 +145,7 @@ class WriteAliasTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(AliasRule.match(rawrule))
- obj = AliasRule.parse(rawrule)
+ obj = AliasRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@@ -172,16 +171,16 @@ class WriteAliasTestAATest(AATest):
class AliasCoveredTest(AATest):
def _run_test(self, param, expected):
- obj = AliasRule.parse(self.rule)
- check_obj = AliasRule.parse(param)
+ obj = AliasRule.create_instance(self.rule)
+ check_obj = AliasRule.create_instance(param)
self.assertTrue(AliasRule.match(param))
- self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected %s' % expected[0])
- self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected %s' % expected[1])
+ self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected {}'.format(expected[0]))
+ self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected {}'.format(expected[1]))
- self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected %s' % expected[2])
- self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected %s' % expected[3])
+ self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected {}'.format(expected[2]))
+ self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected {}'.format(expected[3]))
class AliasCoveredTest_01(AliasCoveredTest):
@@ -201,7 +200,7 @@ class AliasCoveredTest_01(AliasCoveredTest):
class AliasCoveredTest_Invalid(AATest):
# def test_borked_obj_is_covered_1(self):
- # obj = AliasRule.parse('alias /foo -> /bar,')
+ # obj = AliasRule.create_instance('alias /foo -> /bar,')
#
# testobj = AliasRule('/foo', '/bar')
#
@@ -209,7 +208,7 @@ class AliasCoveredTest_Invalid(AATest):
# obj.is_covered(testobj)
#
# def test_borked_obj_is_covered_2(self):
- # obj = AliasRule.parse('alias /foo -> /bar,')
+ # obj = AliasRule.create_instance('alias /foo -> /bar,')
#
# testobj = AliasRule('/foo', '/bar')
# testobj.target = ''
@@ -218,18 +217,24 @@ class AliasCoveredTest_Invalid(AATest):
# obj.is_covered(testobj)
def test_invalid_is_covered_3(self):
- obj = AliasRule.parse('alias /foo -> /bar,')
+ raw_rule = 'alias /foo -> /bar,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(AliasRule):
+ pass
+ obj = AliasRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
- obj = AliasRule.parse('alias /foo -> /bar,')
+ raw_rule = 'alias /foo -> /bar,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(AliasRule):
+ pass
+ obj = AliasRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)
@@ -240,7 +245,7 @@ class AliasLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
- obj = AliasRule.parse(params)
+ obj = AliasRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
@@ -289,7 +294,7 @@ class AliasRulesTest(AATest):
]
for rule in rules:
- ruleset.add(AliasRule.parse(rule))
+ ruleset.add(AliasRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
diff --git a/utils/test/test-all.py b/utils/test/test-all.py
new file mode 100644
index 0000000000000000000000000000000000000000..476291df19e27d540ba6ca846164fee4c5a77a8f
--- /dev/null
+++ b/utils/test/test-all.py
@@ -0,0 +1,323 @@
+#!/usr/bin/python3
+# ----------------------------------------------------------------------
+# Copyright (C) 2023 Christian Boltz <apparmor@cboltz.de>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+import unittest
+from collections import namedtuple
+
+import apparmor.severity as severity
+
+from apparmor.common import AppArmorBug, AppArmorException
+from apparmor.rule.all import AllRule, AllRuleset
+from apparmor.translations import init_translation
+from common_test import AATest, setup_all_loops
+
+_ = init_translation()
+
+exp = namedtuple(
+ 'exp', ('audit', 'allow_keyword', 'deny', 'comment',
+ # no localvars
+ ))
+
+# --- tests for single AllRule --- #
+
+
+class AllTest(AATest):
+ def _compare_obj(self, obj, expected):
+ self.assertEqual(expected.allow_keyword, obj.allow_keyword)
+ self.assertEqual(expected.audit, obj.audit)
+ self.assertEqual(expected.deny, obj.deny)
+ self.assertEqual(expected.comment, obj.comment)
+
+
+class AllTestParse(AllTest):
+ tests = (
+ # rawrule audit allow deny comment
+ ('all,', exp(False, False, False, '')),
+ ('deny all, # comment', exp(False, False, True, ' # comment')),
+ ('audit allow all,', exp(True, True, False, '')),
+ ('audit allow all,', exp(True, True, False, '')),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(AllRule.match(rawrule))
+ obj = AllRule.create_instance(rawrule)
+ self.assertEqual(rawrule.strip(), obj.raw_rule)
+ self._compare_obj(obj, expected)
+
+
+class AllTestParseInvalid(AllTest):
+ tests = (
+ ('all -> ,', AppArmorException),
+ ('owner all,', AppArmorException),
+ ('all foo ,', AppArmorException),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertFalse(AllRule.match(rawrule))
+ with self.assertRaises(expected):
+ AllRule.create_instance(rawrule)
+
+
+# we won't ever support converting a log event to an 'all,' rule
+# class AllTestParseFromLog(AllTest):
+
+
+class AllFromInit(AllTest):
+ tests = (
+ # AllRule object audit allow deny comment
+ (AllRule(deny=True), exp(False, False, True, '')),
+ (AllRule(), exp(False, False, False, '')),
+ )
+
+ def _run_test(self, obj, expected):
+ self._compare_obj(obj, expected)
+
+
+# no localvars -> no way to hand over invalid values, or to miss a required parameter
+# class InvalidAllInit(AATest):
+
+
+class InvalidAllTest(AATest):
+ def _check_invalid_rawrule(self, rawrule):
+ obj = None
+ self.assertFalse(AllRule.match(rawrule))
+ with self.assertRaises(AppArmorException):
+ obj = AllRule.create_instance(rawrule)
+
+ self.assertIsNone(obj, 'AllRule handed back an object unexpectedly')
+
+ def test_invalid_net_missing_comma(self):
+ self._check_invalid_rawrule('all') # missing comma
+
+ def test_invalid_net_non_AllRule(self):
+ self._check_invalid_rawrule('dbus,') # not a all rule
+
+ # no localvars, therefore we can't break anything inside the class variables
+ # def test_empty_all_data_1(self):
+
+
+class WriteAllTestAATest(AATest):
+ tests = (
+ # raw rule clean rule
+ (' all , # foo ', 'all, # foo'),
+ (' audit all ,', 'audit all,'),
+ (' deny all ,# foo bar', 'deny all, # foo bar'),
+ (' allow all ,# foo bar', 'allow all, # foo bar'),
+ (' allow all ,', 'allow all,'),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(AllRule.match(rawrule))
+ obj = AllRule.create_instance(rawrule)
+ clean = obj.get_clean()
+ raw = obj.get_raw()
+
+ self.assertEqual(expected.strip(), clean, 'unexpected clean rule')
+ self.assertEqual(rawrule.strip(), raw, 'unexpected raw rule')
+
+ def test_write_manually(self):
+ obj = AllRule(allow_keyword=True)
+
+ expected = ' allow all,'
+
+ self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule')
+ self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')
+
+
+class AllCoveredTest(AATest):
+ def _run_test(self, param, expected):
+ obj = AllRule.create_instance(self.rule)
+ check_obj = AllRule.create_instance(param)
+
+ self.assertTrue(AllRule.match(param))
+
+ self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected {}'.format(expected[0]))
+ self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected {}'.format(expected[1]))
+
+ self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected {}'.format(expected[2]))
+ self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected {}'.format(expected[3]))
+
+
+class AllCoveredTest_01(AllCoveredTest):
+ rule = 'all,'
+
+ tests = (
+ # rule equal strict equal covered covered exact
+ (' all,', (True, True, True, True)),
+ (' allow all,', (True, False, True, True)),
+ ('audit all,', (False, False, False, False)),
+ ('audit deny all,', (False, False, False, False)),
+ (' deny all,', (False, False, False, False)),
+ )
+
+
+class AllCoveredTest_02(AllCoveredTest):
+ rule = 'audit all,'
+
+ tests = (
+ # rule equal strict equal covered covered exact
+ (' all,', (False, False, True, False)),
+ ('audit all,', (True, True, True, True)),
+ )
+
+
+class AllCoveredTest_03(AllCoveredTest):
+ rule = 'deny all,'
+
+ tests = (
+ # rule equal strict equal covered covered exact
+ (' deny all,', (True, True, True, True)),
+ ('audit deny all,', (False, False, False, False)),
+ (' all,', (False, False, False, False)), # XXX should covered be true here?
+ )
+
+
+class AllCoveredTest_Invalid(AATest):
+ def test_invalid_is_covered(self):
+ raw_rule = 'all,'
+
+ class SomeOtherClass(AllRule):
+ pass
+
+ obj = AllRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
+ with self.assertRaises(AppArmorBug):
+ obj.is_covered(testobj)
+
+ def test_invalid_is_equal(self):
+ raw_rule = 'all,'
+
+ class SomeOtherClass(AllRule):
+ pass
+
+ obj = AllRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
+ with self.assertRaises(AppArmorBug):
+ obj.is_equal(testobj)
+
+
+class AllSeverityTest(AATest):
+ tests = (
+ ('all,', 10),
+ )
+
+ def _run_test(self, params, expected):
+ sev_db = severity.Severity('../severity.db', 'unknown')
+ obj = AllRule.create_instance(params)
+ rank = obj.severity(sev_db)
+ self.assertEqual(rank, expected)
+
+
+class AllLogprofHeaderTest(AATest):
+ tests = (
+ ('all,', [ 'All', _('Allow everything')]), # noqa: E201
+ ('deny all,', [_('Qualifier'), 'deny', 'All', _('Allow everything')]),
+ ('allow all,', [_('Qualifier'), 'allow', 'All', _('Allow everything')]),
+ ('audit deny all,', [_('Qualifier'), 'audit deny', 'All', _('Allow everything')]),
+ )
+
+ def _run_test(self, params, expected):
+ obj = AllRule.create_instance(params)
+ self.assertEqual(obj.logprof_header(), expected)
+
+
+# --- tests for AllRuleset --- #
+
+class AllRulesTest(AATest):
+ def test_empty_ruleset(self):
+ ruleset = AllRuleset()
+ ruleset_2 = AllRuleset()
+ self.assertEqual([], ruleset.get_raw(2))
+ self.assertEqual([], ruleset.get_clean(2))
+ self.assertEqual([], ruleset_2.get_raw(2))
+ self.assertEqual([], ruleset_2.get_clean(2))
+
+ def test_ruleset_1(self):
+ ruleset = AllRuleset()
+ rules = (
+ 'all,',
+ 'all,',
+ )
+
+ expected_raw = [
+ 'all,',
+ 'all,',
+ '',
+ ]
+
+ expected_clean = [
+ 'all,',
+ 'all,',
+ '',
+ ]
+
+ for rule in rules:
+ ruleset.add(AllRule.create_instance(rule))
+
+ self.assertEqual(expected_raw, ruleset.get_raw())
+ self.assertEqual(expected_clean, ruleset.get_clean())
+
+ def test_ruleset_2(self):
+ ruleset = AllRuleset()
+ rules = (
+ 'all,',
+ 'allow all,',
+ 'deny all, # example comment',
+ )
+
+ expected_raw = [
+ ' all,',
+ ' allow all,',
+ ' deny all, # example comment',
+ '',
+ ]
+
+ expected_clean = [
+ ' deny all, # example comment',
+ '',
+ ' all,',
+ ' allow all,',
+ '',
+ ]
+
+ for rule in rules:
+ ruleset.add(AllRule.create_instance(rule))
+
+ self.assertEqual(expected_raw, ruleset.get_raw(1))
+ self.assertEqual(expected_clean, ruleset.get_clean(1))
+
+
+class AllGlobTestAATest(AATest):
+ def setUp(self):
+ self.ruleset = AllRuleset()
+
+ def test_glob(self):
+ with self.assertRaises(NotImplementedError):
+ # get_glob is not available for all rules
+ self.ruleset.get_glob('all,')
+
+ def test_glob_ext(self):
+ with self.assertRaises(NotImplementedError):
+ # get_glob_ext is not available for all rules
+ self.ruleset.get_glob_ext('all,')
+
+
+class AllDeleteTestAATest(AATest):
+ pass
+
+
+setup_all_loops(__name__)
+if __name__ == '__main__':
+ unittest.main(verbosity=1)
diff --git a/utils/test/test-baserule.py b/utils/test/test-baserule.py
index aff7d637ec77e6324b5bd8d384e1fcaf77861101..83ef1732140e9cdc0a4de1a767f3acc4da4b0593 100644
--- a/utils/test/test-baserule.py
+++ b/utils/test/test-baserule.py
@@ -13,42 +13,62 @@ import re
import unittest
import apparmor.severity as severity
-from apparmor.common import AppArmorBug
+from apparmor.common import AppArmorBug, hasher
from apparmor.rule import BaseRule, parse_modifiers
from common_test import AATest, setup_all_loops
class TestBaserule(AATest):
- def test_abstract__parse(self):
- with self.assertRaises(NotImplementedError):
- BaseRule._parse('foo')
- def test_abstract__parse_2(self):
+ class ValidSubclass(BaseRule):
+ @classmethod
+ def _create_instance(cls, raw_rule, matches):
+ pass
+
+ def get_clean(self, depth=0):
+ pass
+
+ def _is_covered_localvars(self, other_rule):
+ pass
+
+ def _is_equal_localvars(self, other_rule, strict):
+ pass
+
+ def _logprof_header_localvars(self):
+ pass
+
+ def test_implemented_abstract_methods(self):
+ self.ValidSubclass()
+
+ def test_unimplemented_abstract_methods(self):
+ with self.assertRaises(TypeError):
+ BaseRule()
+
+ class InvalidSubclass(BaseRule):
+ pass
+
+ with self.assertRaises(TypeError):
+ InvalidSubclass()
+
+ def test_abstract__create_instance(self):
with self.assertRaises(NotImplementedError):
- BaseRule.parse('foo')
+ BaseRule._create_instance('foo', None)
+
+ def test_abstract__create_instance_2(self):
+ with self.assertRaises(AppArmorBug):
+ BaseRule.create_instance('foo')
def test_abstract__match(self):
- with self.assertRaises(NotImplementedError):
+ with self.assertRaises(AppArmorBug):
BaseRule._match('foo')
def test_abstract__match2(self):
- with self.assertRaises(NotImplementedError):
+ with self.assertRaises(AppArmorBug):
BaseRule.match('foo')
- def test_abstract_get_clean(self):
- obj = BaseRule()
- with self.assertRaises(NotImplementedError):
- obj.get_clean()
-
- def test_is_equal_localvars(self):
- obj = BaseRule()
- with self.assertRaises(NotImplementedError):
- obj.is_equal_localvars(BaseRule(), False)
-
- def test_is_covered_localvars(self):
- obj = BaseRule()
+ def test_abstract__match3(self):
with self.assertRaises(NotImplementedError):
- obj.is_covered_localvars(None)
+ self.ValidSubclass.match('foo')
def test_parse_modifiers_invalid(self):
regex = re.compile(r'^\s*(?P<audit>audit\s+)?(?P<allow>allow\s+|deny\s+|invalid\s+)?')
@@ -59,30 +79,34 @@ class TestBaserule(AATest):
def test_default_severity(self):
sev_db = severity.Severity('../severity.db', 'unknown')
- obj = BaseRule()
+ obj = self.ValidSubclass()
rank = obj.severity(sev_db)
self.assertEqual(rank, sev_db.NOT_IMPLEMENTED)
- def test_logprof_header_localvars(self):
- obj = BaseRule()
- with self.assertRaises(NotImplementedError):
- obj.logprof_header_localvars()
-
def test_edit_header_localvars(self):
- obj = BaseRule()
+ obj = self.ValidSubclass()
with self.assertRaises(NotImplementedError):
obj.edit_header()
def test_validate_edit_localvars(self):
- obj = BaseRule()
+ obj = self.ValidSubclass()
with self.assertRaises(NotImplementedError):
obj.validate_edit('/foo')
def test_store_edit_localvars(self):
- obj = BaseRule()
+ obj = self.ValidSubclass()
with self.assertRaises(NotImplementedError):
obj.store_edit('/foo')
+ def test_from_hashlog(self):
+ obj = self.ValidSubclass()
+ with self.assertRaises(NotImplementedError):
+ obj.from_hashlog(hasher())
+
+ def test_hashlog_from_event(self):
+ with self.assertRaises(NotImplementedError):
+ BaseRule.hashlog_from_event(None, None)
+
setup_all_loops(__name__)
if __name__ == '__main__':
diff --git a/utils/test/test-boolean.py b/utils/test/test-boolean.py
index a6f35ba6579e70705bfd06f83dc3153a7570ba55..fc746f1b4da2157faf20da9850dd813534191968 100644
--- a/utils/test/test-boolean.py
+++ b/utils/test/test-boolean.py
@@ -17,7 +17,6 @@ import unittest
from collections import namedtuple
from apparmor.common import AppArmorBug, AppArmorException
-from apparmor.rule import BaseRule
from apparmor.rule.boolean import BooleanRule, BooleanRuleset
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -54,7 +53,7 @@ class BooleanTestParse(BooleanTest):
def _run_test(self, rawrule, expected):
self.assertTrue(BooleanRule.match(rawrule))
- obj = BooleanRule.parse(rawrule)
+ obj = BooleanRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@@ -74,7 +73,7 @@ class BooleanTestParseInvalid(BooleanTest):
def _run_test(self, rawrule, expected):
self.assertEqual(BooleanRule.match(rawrule), expected[0])
with self.assertRaises(expected[1]):
- BooleanRule.parse(rawrule)
+ BooleanRule.create_instance(rawrule)
class BooleanFromInit(BooleanTest):
@@ -129,7 +128,7 @@ class InvalidBooleanTest(AATest):
obj = None
self.assertEqual(BooleanRule.match(rawrule), matches_regex)
with self.assertRaises(AppArmorException):
- obj = BooleanRule.parse(rawrule)
+ obj = BooleanRule.create_instance(rawrule)
self.assertIsNone(obj, 'BooleanRule handed back an object unexpectedly')
@@ -151,7 +150,7 @@ class WriteBooleanTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(BooleanRule.match(rawrule))
- obj = BooleanRule.parse(rawrule)
+ obj = BooleanRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@@ -177,16 +176,16 @@ class WriteBooleanTestAATest(AATest):
class BooleanCoveredTest(AATest):
def _run_test(self, param, expected):
- obj = BooleanRule.parse(self.rule)
- check_obj = BooleanRule.parse(param)
+ obj = BooleanRule.create_instance(self.rule)
+ check_obj = BooleanRule.create_instance(param)
self.assertTrue(BooleanRule.match(param))
- self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected %s' % expected[0])
- self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected %s' % expected[1])
+ self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected {}'.format(expected[0]))
+ self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected {}'.format(expected[1]))
- self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected %s' % expected[2])
- self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected %s' % expected[3])
+ self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected {}'.format(expected[2]))
+ self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected {}'.format(expected[3]))
class BooleanCoveredTest_01(BooleanCoveredTest):
@@ -218,7 +217,7 @@ class BooleanCoveredTest_02(BooleanCoveredTest):
class BooleanCoveredTest_Invalid(AATest):
def test_borked_obj_is_covered_2(self):
- obj = BooleanRule.parse('$foo = true')
+ obj = BooleanRule.create_instance('$foo = true')
testobj = BooleanRule('$foo', 'true')
testobj.value = ''
@@ -227,18 +226,24 @@ class BooleanCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered_3(self):
- obj = BooleanRule.parse('$foo = true')
+ raw_rule = '$foo = true'
- testobj = BaseRule() # different type
+ class SomeOtherClass(BooleanRule):
+ pass
+ obj = BooleanRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
- obj = BooleanRule.parse('$foo = true')
+ raw_rule = '$foo = true'
- testobj = BaseRule() # different type
+ class SomeOtherClass(BooleanRule):
+ pass
+ obj = BooleanRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)
@@ -249,7 +254,7 @@ class BooleanLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
- obj = BooleanRule.parse(params)
+ obj = BooleanRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
@@ -290,7 +295,7 @@ class BooleanRulesTest(AATest):
]
for rule in rules:
- ruleset.add(BooleanRule.parse(rule))
+ ruleset.add(BooleanRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@@ -299,9 +304,9 @@ class BooleanRulesTest(AATest):
def test_ruleset_overwrite(self):
ruleset = BooleanRuleset()
- ruleset.add(BooleanRule.parse('$foo = true'))
+ ruleset.add(BooleanRule.create_instance('$foo = true'))
with self.assertRaises(AppArmorException):
- ruleset.add(BooleanRule.parse('$foo = false')) # attempt to redefine @{foo}
+ ruleset.add(BooleanRule.create_instance('$foo = false')) # attempt to redefine @{foo}
class BooleanGlobTestAATest(AATest):
diff --git a/utils/test/test-capability.py b/utils/test/test-capability.py
index 3bb64b81741d23926a40393f64004d6f841f2f9e..1858df74504e5f1f715878653ea97f83416273d7 100644
--- a/utils/test/test-capability.py
+++ b/utils/test/test-capability.py
@@ -16,22 +16,42 @@
import unittest
import apparmor.severity as severity
-from apparmor.common import AppArmorBug, AppArmorException, hasher
+from apparmor.common import AppArmorBug, AppArmorException, cmd, hasher
from apparmor.logparser import ReadLog
-from apparmor.rule import BaseRule
-from apparmor.rule.capability import CapabilityRule, CapabilityRuleset
+from apparmor.rule.capability import CapabilityRule, CapabilityRuleset, capability_keywords
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
_ = init_translation()
-# --- tests for single CapabilityRule --- #
+# --- check if the keyword list is up to date --- #
+
+class CapabilityKeywordsTest(AATest):
+ def test_capability_keyword_list(self):
+ rc, output = cmd('../../common/list_capabilities.sh')
+ self.assertEqual(rc, 0)
+
+ cap_list = output.replace('CAP_', '').strip().lower().split('\n')
+
+ missing_caps = []
+ for keyword in cap_list:
+ if keyword not in capability_keywords:
+ # keywords missing in the system are ok (= older kernel), but cap_list needs to have the full list
+ missing_caps.append(keyword)
+
+ self.assertEqual(
+ missing_caps, [],
+ 'Missing capabilities in CapabilityRule capabilities list. This test is likely running '
+ 'on an newer kernel and will require updating the list of capability keywords in '
+ 'utils/apparmor/rule/capability.py')
+
+# --- tests for single CapabilityRule --- #
class CapabilityTest(AATest):
def _compare_obj_with_rawrule(self, rawrule, expected):
- obj = CapabilityRule.parse(rawrule)
+ obj = CapabilityRule.create_instance(rawrule)
self.assertTrue(CapabilityRule.match(rawrule))
self.assertEqual(rawrule.strip(), obj.raw_rule)
@@ -118,6 +138,7 @@ class CapabilityTest(AATest):
'active_hat': None,
'pid': 15454,
'task': 0,
+ 'comm': 'ping',
'attr': None,
'name2': None,
'name': 'net_raw',
@@ -223,7 +244,7 @@ class InvalidCapabilityTest(AATest):
def _check_invalid_rawrule(self, rawrule):
obj = None
with self.assertRaises(AppArmorException):
- obj = CapabilityRule.parse(rawrule)
+ obj = CapabilityRule.create_instance(rawrule)
self.assertFalse(CapabilityRule.match(rawrule))
self.assertIsNone(obj, 'CapbilityRule handed back an object unexpectedly')
@@ -268,7 +289,7 @@ class InvalidCapabilityTest(AATest):
class WriteCapabilityTest(AATest):
def _check_write_rule(self, rawrule, cleanrule):
- obj = CapabilityRule.parse(rawrule)
+ obj = CapabilityRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@@ -286,9 +307,9 @@ class WriteCapabilityTest(AATest):
self._check_write_rule(' deny capability sys_admin audit_write,# foo bar', 'deny capability audit_write sys_admin, # foo bar')
def test_write_manually(self):
- obj = CapabilityRule(['ptrace', 'audit_write'], allow_keyword=True)
+ obj = CapabilityRule(['sys_ptrace', 'audit_write'], allow_keyword=True)
- expected = ' allow capability audit_write ptrace,'
+ expected = ' allow capability audit_write sys_ptrace,'
self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule')
self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')
@@ -297,18 +318,18 @@ class WriteCapabilityTest(AATest):
class CapabilityCoveredTest(AATest):
def _is_covered(self, obj, rule_to_test):
self.assertTrue(CapabilityRule.match(rule_to_test))
- return obj.is_covered(CapabilityRule.parse(rule_to_test))
+ return obj.is_covered(CapabilityRule.create_instance(rule_to_test))
def _is_covered_exact(self, obj, rule_to_test):
self.assertTrue(CapabilityRule.match(rule_to_test))
- return obj.is_covered(CapabilityRule.parse(rule_to_test), True, True)
+ return obj.is_covered(CapabilityRule.create_instance(rule_to_test), True, True)
def _is_equal(self, obj, rule_to_test, strict):
self.assertTrue(CapabilityRule.match(rule_to_test))
- return obj.is_equal(CapabilityRule.parse(rule_to_test), strict)
+ return obj.is_equal(CapabilityRule.create_instance(rule_to_test), strict)
def test_covered_single(self):
- obj = CapabilityRule.parse('capability sys_admin,')
+ obj = CapabilityRule.create_instance('capability sys_admin,')
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
@@ -318,7 +339,7 @@ class CapabilityCoveredTest(AATest):
self.assertFalse(self._is_covered(obj, 'capability,'))
def test_covered_audit(self):
- obj = CapabilityRule.parse('audit capability sys_admin,')
+ obj = CapabilityRule.create_instance('audit capability sys_admin,')
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
self.assertTrue(self._is_covered(obj, 'audit capability sys_admin,'))
@@ -328,7 +349,7 @@ class CapabilityCoveredTest(AATest):
self.assertFalse(self._is_covered(obj, 'capability,'))
def test_covered_check_audit(self):
- obj = CapabilityRule.parse('audit capability sys_admin,')
+ obj = CapabilityRule.create_instance('audit capability sys_admin,')
self.assertFalse(self._is_covered_exact(obj, 'capability sys_admin,'))
self.assertTrue(self._is_covered_exact(obj, 'audit capability sys_admin,'))
@@ -338,7 +359,7 @@ class CapabilityCoveredTest(AATest):
self.assertFalse(self._is_covered_exact(obj, 'capability,'))
def test_equal(self):
- obj = CapabilityRule.parse('capability sys_admin,')
+ obj = CapabilityRule.create_instance('capability sys_admin,')
self.assertTrue(self._is_equal(obj, 'capability sys_admin,', True))
self.assertFalse(self._is_equal(obj, 'allow capability sys_admin,', True))
@@ -350,7 +371,7 @@ class CapabilityCoveredTest(AATest):
self.assertFalse(self._is_equal(obj, 'audit capability sys_admin,', False))
def test_covered_multi(self):
- obj = CapabilityRule.parse('capability audit_write sys_admin,')
+ obj = CapabilityRule.create_instance('capability audit_write sys_admin,')
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
self.assertTrue(self._is_covered(obj, 'capability audit_write,'))
@@ -362,7 +383,7 @@ class CapabilityCoveredTest(AATest):
self.assertFalse(self._is_covered(obj, 'capability,'))
def test_covered_all(self):
- obj = CapabilityRule.parse('capability,')
+ obj = CapabilityRule.create_instance('capability,')
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
self.assertTrue(self._is_covered(obj, 'capability audit_write,'))
@@ -373,7 +394,7 @@ class CapabilityCoveredTest(AATest):
self.assertFalse(self._is_covered(obj, 'audit capability,'))
def test_covered_deny(self):
- obj = CapabilityRule.parse('capability sys_admin,')
+ obj = CapabilityRule.create_instance('capability sys_admin,')
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
@@ -383,7 +404,7 @@ class CapabilityCoveredTest(AATest):
self.assertFalse(self._is_covered(obj, 'capability,'))
def test_covered_deny_2(self):
- obj = CapabilityRule.parse('deny capability sys_admin,')
+ obj = CapabilityRule.create_instance('deny capability sys_admin,')
self.assertTrue(self._is_covered(obj, 'deny capability sys_admin,'))
@@ -393,15 +414,18 @@ class CapabilityCoveredTest(AATest):
self.assertFalse(self._is_covered(obj, 'deny capability,'))
def test_invalid_is_covered(self):
- obj = CapabilityRule.parse('capability sys_admin,')
+ raw_rule = 'capability sys_admin,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(CapabilityRule):
+ pass
+ obj = CapabilityRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_borked_obj_is_covered(self):
- obj = CapabilityRule.parse('capability sys_admin,')
+ obj = CapabilityRule.create_instance('capability sys_admin,')
testobj = CapabilityRule('chown')
testobj.capability.clear()
@@ -410,10 +434,13 @@ class CapabilityCoveredTest(AATest):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
- obj = CapabilityRule.parse('capability sys_admin,')
+ raw_rule = 'capability sys_admin,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(CapabilityRule):
+ pass
+ obj = CapabilityRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)
@@ -422,12 +449,12 @@ class CapabilityCoveredTest(AATest):
obj = CapabilityRule('fsetid')
obj2 = CapabilityRule('fsetid')
obj.capability.add('sys_admin')
- obj2.capability.add('ptrace')
+ obj2.capability.add('sys_ptrace')
self.assertTrue(self._is_covered(obj, 'capability sys_admin,'))
- self.assertFalse(self._is_covered(obj, 'capability ptrace,'))
+ self.assertFalse(self._is_covered(obj, 'capability sys_ptrace,'))
self.assertFalse(self._is_covered(obj2, 'capability sys_admin,'))
- self.assertTrue(self._is_covered(obj2, 'capability ptrace,'))
+ self.assertTrue(self._is_covered(obj2, 'capability sys_ptrace,'))
class CapabiliySeverityTest(AATest):
@@ -436,7 +463,6 @@ class CapabiliySeverityTest(AATest):
('dac_read_search', 7),
(['fsetid', 'dac_read_search'], 9),
(CapabilityRule.ALL, 10),
- ('foo', 'unknown'),
)
def _run_test(self, params, expected):
@@ -445,12 +471,31 @@ class CapabiliySeverityTest(AATest):
rank = obj.severity(sev_db)
self.assertEqual(rank, expected)
+ def test_all_caps(self):
+ ''' make sure all capabilities have a severity defined '''
+
+ sev_db = severity.Severity('../severity.db', 'unknown')
+
+ for cap in capability_keywords:
+ obj = CapabilityRule(cap)
+ rank = obj.severity(sev_db)
+ # capabilities have a severity of 7..10, with the exception of 0 for the unused CAP_NET_BROADCAST
+ # (might need adjustment if a new capability gets a different severity assigned)
+ self.assertTrue(rank in [0, 7, 8, 9, 10], 'unexpected severity for capability %s: %s' % (cap, rank))
+
+ def test_unknown_cap(self):
+ sev_db = severity.Severity('../severity.db', 'unknown')
+ obj = CapabilityRule('sys_admin')
+ obj.capability = {'unknown_and_broken'} # override capability with an unknown one to test for 'unknown' severity (creating obj with this invalid capability would raise an error)
+ rank = obj.severity(sev_db)
+ self.assertEqual(rank, 'unknown')
+
class CapabilityLogprofHeaderTest(AATest):
tests = (
- ('capability,', [ _('Capability'), _('ALL')]),
- ('capability chown,', [ _('Capability'), 'chown']),
- ('capability chown fsetid,', [ _('Capability'), 'chown fsetid']),
+ ('capability,', [ _('Capability'), _('ALL')]), # noqa: E201
+ ('capability chown,', [ _('Capability'), 'chown']), # noqa: E201
+ ('capability chown fsetid,', [ _('Capability'), 'chown fsetid']), # noqa: E201
('audit capability,', [_('Qualifier'), 'audit', _('Capability'), _('ALL')]),
('deny capability chown,', [_('Qualifier'), 'deny', _('Capability'), 'chown']),
('allow capability chown fsetid,', [_('Qualifier'), 'allow', _('Capability'), 'chown fsetid']),
@@ -458,12 +503,11 @@ class CapabilityLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
- obj = CapabilityRule.parse(params)
+ obj = CapabilityRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
# --- tests for CapabilityRuleset --- #
-
class CapabilityRulesTest(AATest):
def test_empty_ruleset(self):
ruleset = CapabilityRuleset()
@@ -493,7 +537,7 @@ class CapabilityRulesTest(AATest):
]
for rule in rules:
- ruleset.add(CapabilityRule.parse(rule))
+ ruleset.add(CapabilityRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@@ -503,18 +547,18 @@ class CapabilityRulesTest(AATest):
rules = [
'capability chown,',
'allow capability sys_admin,',
- 'deny capability chgrp, # example comment',
+ 'deny capability fowner, # example comment',
]
expected_raw = [
' capability chown,',
' allow capability sys_admin,',
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
'',
]
expected_clean = [
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
'',
' allow capability sys_admin,',
' capability chown,',
@@ -522,19 +566,19 @@ class CapabilityRulesTest(AATest):
]
for rule in rules:
- ruleset.add(CapabilityRule.parse(rule))
+ ruleset.add(CapabilityRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw(1))
self.assertEqual(expected_clean, ruleset.get_clean(1))
def test_ruleset_add(self):
- rule = CapabilityRule('chgrp', comment=' # example comment')
+ rule = CapabilityRule('fowner', comment=' # example comment')
ruleset = CapabilityRuleset()
ruleset.add(rule)
expected_raw = [
- ' capability chgrp, # example comment',
+ ' capability fowner, # example comment',
'',
]
@@ -552,63 +596,86 @@ class CapabilityRulesCoveredTest(AATest):
'capability setuid setgid,',
'allow capability sys_admin,',
'audit capability kill,',
- 'deny capability chgrp, # example comment',
+ 'deny capability fowner, # example comment',
]
for rule in rules:
- self.ruleset.add(CapabilityRule.parse(rule))
+ self.ruleset.add(CapabilityRule.create_instance(rule))
def test_ruleset_is_covered_1(self):
- self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability chown,')))
+ self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability chown,')))
+
def test_ruleset_is_covered_2(self):
- self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability sys_admin,')))
+ self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability sys_admin,')))
+
def test_ruleset_is_covered_3(self):
- self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('allow capability sys_admin,')))
+ self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('allow capability sys_admin,')))
+
def test_ruleset_is_covered_4(self):
- self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability setuid,')))
+ self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability setuid,')))
+
def test_ruleset_is_covered_5(self):
- self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('allow capability setgid,')))
+ self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('allow capability setgid,')))
+
def test_ruleset_is_covered_6(self):
- self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability setgid setuid,')))
+ self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability setgid setuid,')))
+
def test_ruleset_is_covered_7(self):
- pass # self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability sys_admin chown,'))) # fails because it is split over two rule objects internally
+ pass # self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability sys_admin chown,'))) # fails because it is split over two rule objects internally
+
def test_ruleset_is_covered_8(self):
- self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability kill,')))
+ self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability kill,')))
+ # deny
def test_ruleset_is_covered_9(self):
- self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability chown,')))
+ self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability chown,')))
+
def test_ruleset_is_covered_10(self):
- self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability sys_admin,')))
+ self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability sys_admin,')))
+
def test_ruleset_is_covered_11(self):
- self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability sys_admin chown,')))
+ self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability sys_admin chown,')))
+
def test_ruleset_is_covered_12(self):
- self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability setgid,')))
+ self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability setgid,')))
+
def test_ruleset_is_covered_13(self):
- self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability kill,')))
+ self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability kill,')))
+ # audit
def test_ruleset_is_covered_14(self):
- self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability chown,')))
+ self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability chown,')))
+
def test_ruleset_is_covered_15(self):
- self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability sys_admin,')))
+ self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability sys_admin,')))
+
def test_ruleset_is_covered_16(self):
- self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability sys_admin chown,')))
+ self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability sys_admin chown,')))
+
def test_ruleset_is_covered_17(self):
- self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability setgid,')))
+ self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability setgid,')))
+
def test_ruleset_is_covered_18(self):
- self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('audit capability kill,')))
+ self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability kill,')))
+ # combined flags
def test_ruleset_is_covered_19(self):
- self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('deny capability chgrp,')))
+ self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability fowner,')))
+
def test_ruleset_is_covered_20(self):
- self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit deny capability chgrp,')))
+ self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit deny capability fowner,')))
+
def test_ruleset_is_covered_21(self):
- self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('audit capability chgrp,')))
+ self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('audit capability fowner,')))
+
def test_ruleset_is_covered_22(self):
- self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('capability chgrp,')))
+ self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('capability fowner,')))
+
def test_ruleset_is_covered_23(self):
- self.assertTrue(self.ruleset.is_covered(CapabilityRule.parse('capability chgrp,'), check_allow_deny=False))
+ self.assertTrue(self.ruleset.is_covered(CapabilityRule.create_instance('capability fowner,'), check_allow_deny=False))
+
def test_ruleset_is_covered_24(self):
- self.assertFalse(self.ruleset.is_covered(CapabilityRule.parse('deny capability chown,'), check_allow_deny=False))
+ self.assertFalse(self.ruleset.is_covered(CapabilityRule.create_instance('deny capability chown,'), check_allow_deny=False))
# XXX - disabling these until we decide whether or not checking whether
# a log is covered by rules should be a separate entry point, possibly
@@ -631,12 +698,12 @@ class CapabilityRulesCoveredTest(AATest):
# def test_ruleset_is_log_covered_4(self):
# self._test_log_covered(True, 'kill')
# def test_ruleset_is_log_covered_5(self):
-# self._test_log_covered(False, 'chgrp')
+# self._test_log_covered(False, 'fowner')
# def test_ruleset_is_log_covered_6(self):
# event_base = 'type=AVC msg=audit(1415403814.628:662): apparmor="ALLOWED" operation="capable" profile="/bin/ping" pid=15454 comm="ping" capability=13 capname="%s"'
#
# parser = ReadLog('', '', '')
-# self.assertEqual(True, self.ruleset.is_log_covered(parser.parse_event(event_base%'chgrp'), False)) # ignores allow/deny
+# self.assertEqual(True, self.ruleset.is_log_covered(parser.parse_event(event_base%'fowner'), False)) # ignores allow/deny
class CapabilityGlobTest(AATest):
@@ -657,21 +724,21 @@ class CapabilityDeleteTest(AATest):
rules = [
'capability chown,',
'allow capability sys_admin,',
- 'deny capability chgrp, # example comment',
+ 'deny capability fowner, # example comment',
]
for rule in rules:
- self.ruleset.add(CapabilityRule.parse(rule))
+ self.ruleset.add(CapabilityRule.create_instance(rule))
def test_delete(self):
expected_raw = [
' capability chown,',
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
'',
]
expected_clean = [
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
'',
' capability chown,',
'',
@@ -685,13 +752,13 @@ class CapabilityDeleteTest(AATest):
def test_delete_with_allcaps(self):
expected_raw = [
' capability chown,',
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
' capability,',
'',
]
expected_clean = [
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
'',
' capability chown,',
' capability,',
@@ -708,12 +775,12 @@ class CapabilityDeleteTest(AATest):
expected_raw = [
' capability chown,',
' allow capability sys_admin,',
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
'',
]
expected_clean = [
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
'',
' allow capability sys_admin,',
' capability chown,',
@@ -742,11 +809,11 @@ class CapabilityDeleteTest(AATest):
inc = CapabilityRuleset()
rules = [
'capability chown,',
- 'deny capability chgrp, # example comment',
+ 'deny capability fowner, # example comment',
]
for rule in rules:
- inc.add(CapabilityRule.parse(rule))
+ inc.add(CapabilityRule.create_instance(rule))
expected_raw = [
' allow capability sys_admin,',
@@ -763,21 +830,21 @@ class CapabilityDeleteTest(AATest):
inc = CapabilityRuleset()
rules = [
'capability audit_write,',
- 'capability chgrp, # example comment',
+ 'capability fowner, # example comment',
]
for rule in rules:
- inc.add(CapabilityRule.parse(rule))
+ inc.add(CapabilityRule.create_instance(rule))
expected_raw = [
' capability chown,',
' allow capability sys_admin,',
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
'',
]
expected_clean = [
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
'',
' allow capability sys_admin,',
' capability chown,',
@@ -789,7 +856,7 @@ class CapabilityDeleteTest(AATest):
self.assertEqual(expected_clean, self.ruleset.get_clean(1))
def test_delete_duplicates_3(self):
- self.ruleset.add(CapabilityRule.parse('audit capability dac_override,'))
+ self.ruleset.add(CapabilityRule.create_instance('audit capability dac_override,'))
inc = CapabilityRuleset()
rules = [
@@ -797,18 +864,18 @@ class CapabilityDeleteTest(AATest):
]
for rule in rules:
- inc.add(CapabilityRule.parse(rule))
+ inc.add(CapabilityRule.create_instance(rule))
expected_raw = [
' capability chown,',
' allow capability sys_admin,',
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
' audit capability dac_override,',
'',
]
expected_clean = [
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
'',
' allow capability sys_admin,',
' audit capability dac_override,',
@@ -825,15 +892,15 @@ class CapabilityDeleteTest(AATest):
rules = ['capability,']
for rule in rules:
- inc.add(CapabilityRule.parse(rule))
+ inc.add(CapabilityRule.create_instance(rule))
expected_raw = [
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
'',
]
expected_clean = [
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
'',
]
@@ -845,12 +912,12 @@ class CapabilityDeleteTest(AATest):
expected_raw = [
' capability chown,',
' allow capability sys_admin,',
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
'',
]
expected_clean = [
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
'',
' allow capability sys_admin,',
' capability chown,',
@@ -865,12 +932,12 @@ class CapabilityDeleteTest(AATest):
expected_raw = [
' capability chown,',
' allow capability sys_admin,',
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
'',
]
expected_clean = [
- ' deny capability chgrp, # example comment',
+ ' deny capability fowner, # example comment',
'',
' allow capability sys_admin,',
' capability chown,',
@@ -885,7 +952,7 @@ class CapabilityDeleteTest(AATest):
obj = CapabilityRuleset()
for rule in rules:
- obj.add(CapabilityRule.parse(rule))
+ obj.add(CapabilityRule.create_instance(rule))
deleted = obj.delete_duplicates(None)
diff --git a/utils/test/test-change_profile.py b/utils/test/test-change_profile.py
index 4268848687a53d48894c59fff23c1ab49e97133b..27289483856bb6135ca2289683b2023fdda33416 100644
--- a/utils/test/test-change_profile.py
+++ b/utils/test/test-change_profile.py
@@ -18,7 +18,6 @@ from collections import namedtuple
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.logparser import ReadLog
-from apparmor.rule import BaseRule
from apparmor.rule.change_profile import ChangeProfileRule, ChangeProfileRuleset
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -78,7 +77,7 @@ class ChangeProfileTestParse(ChangeProfileTest):
def _run_test(self, rawrule, expected):
self.assertTrue(ChangeProfileRule.match(rawrule))
- obj = ChangeProfileRule.parse(rawrule)
+ obj = ChangeProfileRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@@ -94,7 +93,7 @@ class ChangeProfileTestParseInvalid(ChangeProfileTest):
def _run_test(self, rawrule, expected):
self.assertFalse(ChangeProfileRule.match(rawrule))
with self.assertRaises(expected):
- ChangeProfileRule.parse(rawrule)
+ ChangeProfileRule.create_instance(rawrule)
class ChangeProfileTestParseFromLog(ChangeProfileTest):
@@ -191,7 +190,7 @@ class InvalidChangeProfileTest(AATest):
obj = None
self.assertFalse(ChangeProfileRule.match(rawrule))
with self.assertRaises(AppArmorException):
- obj = ChangeProfileRule.parse(rawrule)
+ obj = ChangeProfileRule.create_instance(rawrule)
self.assertIsNone(obj, 'ChangeProfileRule handed back an object unexpectedly')
@@ -230,7 +229,7 @@ class WriteChangeProfileTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(ChangeProfileRule.match(rawrule))
- obj = ChangeProfileRule.parse(rawrule)
+ obj = ChangeProfileRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@@ -248,16 +247,16 @@ class WriteChangeProfileTestAATest(AATest):
class ChangeProfileCoveredTest(AATest):
def _run_test(self, param, expected):
- obj = ChangeProfileRule.parse(self.rule)
- check_obj = ChangeProfileRule.parse(param)
+ obj = ChangeProfileRule.create_instance(self.rule)
+ check_obj = ChangeProfileRule.create_instance(param)
self.assertTrue(ChangeProfileRule.match(param))
- self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected %s' % expected[0])
- self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected %s' % expected[1])
+ self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected {}'.format(expected[0]))
+ self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected {}'.format(expected[1]))
- self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected %s' % expected[2])
- self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected %s' % expected[3])
+ self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected {}'.format(expected[2]))
+ self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected {}'.format(expected[3]))
class ChangeProfileCoveredTest_01(ChangeProfileCoveredTest):
@@ -288,12 +287,12 @@ class ChangeProfileCoveredTest_02(ChangeProfileCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'change_profile /foo,', (False, False, True, False)),
+ (' change_profile /foo,', (False, False, True, False)),
('audit change_profile /foo,', (True, True, True, True)),
- ( 'change_profile /foo -> /bar,', (False, False, True, False)),
- ( 'change_profile safe /foo -> /bar,', (False, False, True, False)),
+ (' change_profile /foo -> /bar,', (False, False, True, False)),
+ (' change_profile safe /foo -> /bar,', (False, False, True, False)),
('audit change_profile /foo -> /bar,', (False, False, True, True)), # XXX is "covered exact" correct here?
- ( 'change_profile,', (False, False, False, False)),
+ (' change_profile,', (False, False, False, False)),
('audit change_profile,', (False, False, False, False)),
(' change_profile -> /bar,', (False, False, False, False)),
)
@@ -304,15 +303,15 @@ class ChangeProfileCoveredTest_03(ChangeProfileCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'change_profile /foo -> /bar,', (True, True, True, True)),
+ (' change_profile /foo -> /bar,', (True, True, True, True)),
('allow change_profile /foo -> /bar,', (True, False, True, True)),
- ( 'change_profile /foo,', (False, False, False, False)),
- ( 'change_profile,', (False, False, False, False)),
- ( 'change_profile /foo -> /xyz,', (False, False, False, False)),
+ (' change_profile /foo,', (False, False, False, False)),
+ (' change_profile,', (False, False, False, False)),
+ (' change_profile /foo -> /xyz,', (False, False, False, False)),
('audit change_profile,', (False, False, False, False)),
('audit change_profile /foo -> /bar,', (False, False, False, False)),
- ( 'change_profile -> /bar,', (False, False, False, False)),
- ( 'change_profile,', (False, False, False, False)),
+ (' change_profile -> /bar,', (False, False, False, False)),
+ (' change_profile,', (False, False, False, False)),
)
@@ -321,12 +320,12 @@ class ChangeProfileCoveredTest_04(ChangeProfileCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'change_profile,', (True, True, True, True)),
+ (' change_profile,', (True, True, True, True)),
('allow change_profile,', (True, False, True, True)),
- ( 'change_profile /foo,', (False, False, True, True)),
- ( 'change_profile /xyz -> bar,', (False, False, True, True)),
- ( 'change_profile -> /bar,', (False, False, True, True)),
- ( 'change_profile /foo -> /bar,', (False, False, True, True)),
+ (' change_profile /foo,', (False, False, True, True)),
+ (' change_profile /xyz -> bar,', (False, False, True, True)),
+ (' change_profile -> /bar,', (False, False, True, True)),
+ (' change_profile /foo -> /bar,', (False, False, True, True)),
('audit change_profile,', (False, False, False, False)),
('deny change_profile,', (False, False, False, False)),
)
@@ -337,11 +336,11 @@ class ChangeProfileCoveredTest_05(ChangeProfileCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'deny change_profile /foo,', (True, True, True, True)),
+ (' deny change_profile /foo,', (True, True, True, True)),
('audit deny change_profile /foo,', (False, False, False, False)),
- ( 'change_profile /foo,', (False, False, False, False)), # XXX should covered be true here?
- ( 'deny change_profile /bar,', (False, False, False, False)),
- ( 'deny change_profile,', (False, False, False, False)),
+ (' change_profile /foo,', (False, False, False, False)), # XXX should covered be true here?
+ (' deny change_profile /bar,', (False, False, False, False)),
+ (' deny change_profile,', (False, False, False, False)),
)
@@ -350,17 +349,17 @@ class ChangeProfileCoveredTest_06(ChangeProfileCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'deny change_profile /foo,', (False, False, False, False)),
+ (' deny change_profile /foo,', (False, False, False, False)),
('audit deny change_profile /foo,', (False, False, False, False)),
- ( 'change_profile /foo,', (True, False, True, True)),
- ( 'deny change_profile /bar,', (False, False, False, False)),
- ( 'deny change_profile,', (False, False, False, False)),
+ (' change_profile /foo,', (True, False, True, True)),
+ (' deny change_profile /bar,', (False, False, False, False)),
+ (' deny change_profile,', (False, False, False, False)),
)
class ChangeProfileCoveredTest_Invalid(AATest):
def test_borked_obj_is_covered_1(self):
- obj = ChangeProfileRule.parse('change_profile /foo,')
+ obj = ChangeProfileRule.create_instance('change_profile /foo,')
testobj = ChangeProfileRule(None, '/foo', '/bar')
testobj.execcond = ''
@@ -369,7 +368,7 @@ class ChangeProfileCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_borked_obj_is_covered_2(self):
- obj = ChangeProfileRule.parse('change_profile /foo,')
+ obj = ChangeProfileRule.create_instance('change_profile /foo,')
testobj = ChangeProfileRule(None, '/foo', '/bar')
testobj.targetprofile = ''
@@ -378,28 +377,34 @@ class ChangeProfileCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered(self):
- obj = ChangeProfileRule.parse('change_profile /foo,')
+ raw_rule = 'change_profile /foo,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(ChangeProfileRule):
+ pass
+ obj = ChangeProfileRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
- obj = ChangeProfileRule.parse('change_profile -> /bar,')
+ raw_rule = 'change_profile -> /bar,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(ChangeProfileRule):
+ pass
+ obj = ChangeProfileRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)
class ChangeProfileLogprofHeaderTest(AATest):
tests = (
- ('change_profile,', [ _('Exec Condition'), _('ALL'), _('Target Profile'), _('ALL')]),
- ('change_profile -> /bin/ping,', [ _('Exec Condition'), _('ALL'), _('Target Profile'), '/bin/ping']),
- ('change_profile /bar -> /bin/bar,', [ _('Exec Condition'), '/bar', _('Target Profile'), '/bin/bar']),
- ('change_profile safe /foo,', [ _('Exec Mode'), 'safe', _('Exec Condition'), '/foo', _('Target Profile'), _('ALL')]),
+ ('change_profile,', [ _('Exec Condition'), _('ALL'), _('Target Profile'), _('ALL')]), # noqa: E201
+ ('change_profile -> /bin/ping,', [ _('Exec Condition'), _('ALL'), _('Target Profile'), '/bin/ping']), # noqa: E201
+ ('change_profile /bar -> /bin/bar,', [ _('Exec Condition'), '/bar', _('Target Profile'), '/bin/bar']), # noqa: E201
+ ('change_profile safe /foo,', [ _('Exec Mode'), 'safe', _('Exec Condition'), '/foo', _('Target Profile'), _('ALL')]), # noqa: E201
('audit change_profile -> /bin/ping,', [_('Qualifier'), 'audit', _('Exec Condition'), _('ALL'), _('Target Profile'), '/bin/ping']),
('deny change_profile /bar -> /bin/bar,', [_('Qualifier'), 'deny', _('Exec Condition'), '/bar', _('Target Profile'), '/bin/bar']),
('allow change_profile unsafe /foo,', [_('Qualifier'), 'allow', _('Exec Mode'), 'unsafe', _('Exec Condition'), '/foo', _('Target Profile'), _('ALL')]),
@@ -407,7 +412,7 @@ class ChangeProfileLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
- obj = ChangeProfileRule.parse(params)
+ obj = ChangeProfileRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
@@ -442,7 +447,7 @@ class ChangeProfileRulesTest(AATest):
]
for rule in rules:
- ruleset.add(ChangeProfileRule.parse(rule))
+ ruleset.add(ChangeProfileRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@@ -471,7 +476,7 @@ class ChangeProfileRulesTest(AATest):
]
for rule in rules:
- ruleset.add(ChangeProfileRule.parse(rule))
+ ruleset.add(ChangeProfileRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw(1))
self.assertEqual(expected_clean, ruleset.get_clean(1))
diff --git a/utils/test/test-common.py b/utils/test/test-common.py
index 7f885da1886e1b75d3534ab4d319f671a60d348f..99706fa25af7627297918b4959b34b0ef7697a38 100644
--- a/utils/test/test-common.py
+++ b/utils/test/test-common.py
@@ -30,11 +30,11 @@ class AaTest_split_name(AATest):
class AaTest_combine_profname(AATest):
tests = (
# name parts expected full profile name
- (['foo'], 'foo'),
- (['foo', 'bar'], 'foo//bar'),
- (['foo', 'bar', 'baz'], 'foo//bar//baz'),
- (['foo', 'bar', None], 'foo//bar'),
- (['foo', 'bar', 'baz', None], 'foo//bar//baz'),
+ (('foo',), 'foo'),
+ (('foo', 'bar'), 'foo//bar'),
+ (('foo', 'bar', 'baz'), 'foo//bar//baz'),
+ (('foo', 'bar', None), 'foo//bar'),
+ (('foo', 'bar', 'baz', None), 'foo//bar//baz'),
)
def _run_test(self, params, expected):
diff --git a/utils/test/test-config.py b/utils/test/test-config.py
index 66e5749789586e5757cdfce2f4430a6c2a853b25..8542cb59acea869206c780a8fe125ed7ac309375 100755
--- a/utils/test/test-config.py
+++ b/utils/test/test-config.py
@@ -24,7 +24,7 @@ class Test(unittest.TestCase):
conf = ini_config.read_config('logprof.conf')
logprof_sections = ['settings', 'qualifiers', 'required_hats', 'defaulthat', 'globs']
logprof_sections_options = [
- 'profiledir', 'inactive_profiledir', 'logfiles', 'parser', 'ldd',
+ 'profiledir', 'inactive_profiledir', 'logfiles', 'parser',
'logger', 'default_owner_prompt', 'custom_includes']
logprof_settings_parser = '../../parser/apparmor_parser ../parser/apparmor_parser'
diff --git a/utils/test/test-dbus.py b/utils/test/test-dbus.py
index 5ff8f90ccb08e98dd3e7be413681c987c2c18398..9273024a89149155aa296c81a648b503b3b4390c 100644
--- a/utils/test/test-dbus.py
+++ b/utils/test/test-dbus.py
@@ -18,7 +18,6 @@ from collections import namedtuple
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.logparser import ReadLog
-from apparmor.rule import BaseRule
from apparmor.rule.dbus import DbusRule, DbusRuleset
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -103,7 +102,7 @@ class DbusTestParse(DbusTest):
def _run_test(self, rawrule, expected):
self.assertTrue(DbusRule.match(rawrule))
- obj = DbusRule.parse(rawrule)
+ obj = DbusRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@@ -126,7 +125,7 @@ class DbusTestParseInvalid(DbusTest):
def _run_test(self, rawrule, expected):
self.assertTrue(DbusRule.match(rawrule)) # the above invalid rules still match the main regex!
with self.assertRaises(expected):
- DbusRule.parse(rawrule)
+ DbusRule.create_instance(rawrule)
class DbusTestParseFromLog(DbusTest):
@@ -182,18 +181,18 @@ class DbusFromInit(DbusTest):
tests = (
# access bus path name interface member peername peerlabel audit=, deny=, allow_keyword, comment=, log_event)
(DbusRule('send', 'session', DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL),
- # audit allow deny comment access all? bus all? path all? name all? interface all? member all? peername all? peerlabel all?
- exp(False, False, False, '', {'send'}, False, 'session', False, None, True, None, True, None, True, None, True, None, True, None, True)),
+ # audit allow deny comment access all? bus all? path all? name all? interface all? member all? peername all? peerlabel all?
+ exp(False, False, False, '', {'send'}, False, 'session', False, None, True, None, True, None, True, None, True, None, True, None, True)),
# access bus path name interface member peername peerlabel audit=, deny=, allow_keyword, comment=, log_event)
(DbusRule(('send', 'receive'), 'session', DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL),
- # audit allow deny comment access all? bus all? path all? name all? interface all? member all? peername all? peerlabel all?
- exp(False, False, False, '', {'send', 'receive'}, False, 'session', False, None, True, None, True, None, True, None, True, None, True, None, True)),
+ # audit allow deny comment access all? bus all? path all? name all? interface all? member all? peername all? peerlabel all?
+ exp(False, False, False, '', {'send', 'receive'}, False, 'session', False, None, True, None, True, None, True, None, True, None, True, None, True)),
# access bus path name interface member peername peerlabel audit=, deny=, allow_keyword, comment=, log_event)
(DbusRule(DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, '/int/face', '/mem/ber', '/peer/name', '/peer/label'),
- # audit allow deny comment access all? bus all? path all? name all? interface all? member all? peername all? peerlabel all?
- exp(False, False, False, '', None, True, None, True, None, True, None, True, '/int/face', False, '/mem/ber', False, '/peer/name', False, '/peer/label', False)),
+ # audit allow deny comment access all? bus all? path all? name all? interface all? member all? peername all? peerlabel all?
+ exp(False, False, False, '', None, True, None, True, None, True, None, True, '/int/face', False, '/mem/ber', False, '/peer/name', False, '/peer/label', False)),
)
def _run_test(self, obj, expected):
@@ -310,7 +309,7 @@ class InvalidDbusTest(AATest):
obj = None
self.assertFalse(DbusRule.match(rawrule))
with self.assertRaises(AppArmorException):
- obj = DbusRule.parse(rawrule)
+ obj = DbusRule.create_instance(rawrule)
self.assertIsNone(obj, 'DbusRule handed back an object unexpectedly')
@@ -377,11 +376,18 @@ class InvalidDbusTest(AATest):
with self.assertRaises(AppArmorBug):
obj.get_clean(1)
+ def test_invalid_event_access(self):
+ parser = ReadLog('', '', '')
+ event = 'type=USER_AVC msg=audit(1375323372.644:157): pid=363 uid=102 auid=4294967295 ses=4294967295 msg=\'apparmor="DENIED" operation="dbus_method_call" bus="system" name="org.freedesktop.DBus" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="invalid_access" pid=2833 profile="/tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service" peer_profile="unconfined" exe="/bin/dbus-daemon" sauid=102 hostname=? addr=? terminal=?\''
+ ev = parser.parse_event(event)
+ with self.assertRaises(AppArmorBug):
+ DbusRule.create_from_ev(ev)
+
class WriteDbusTest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(DbusRule.match(rawrule), 'DbusRule.match() failed')
- obj = DbusRule.parse(rawrule)
+ obj = DbusRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@@ -437,16 +443,16 @@ class WriteDbusTest(AATest):
class DbusCoveredTest(AATest):
def _run_test(self, param, expected):
- obj = DbusRule.parse(self.rule)
- check_obj = DbusRule.parse(param)
+ obj = DbusRule.create_instance(self.rule)
+ check_obj = DbusRule.create_instance(param)
self.assertTrue(DbusRule.match(param))
- self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected %s' % expected[0])
- self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected %s' % expected[1])
+ self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected {}'.format(expected[0]))
+ self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected {}'.format(expected[1]))
- self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected %s' % expected[2])
- self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected %s' % expected[3])
+ self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected {}'.format(expected[2]))
+ self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected {}'.format(expected[3]))
class DbusCoveredTest_01(DbusCoveredTest):
@@ -476,11 +482,11 @@ class DbusCoveredTest_02(DbusCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'dbus send,', (False, False, True, False)),
+ (' dbus send,', (False, False, True, False)),
('audit dbus send,', (True, True, True, True)),
- ( 'dbus send bus=session,', (False, False, True, False)),
+ (' dbus send bus=session,', (False, False, True, False)),
('audit dbus send bus=session,', (False, False, True, True)),
- ( 'dbus,', (False, False, False, False)),
+ (' dbus,', (False, False, False, False)),
('audit dbus,', (False, False, False, False)),
('dbus receive,', (False, False, False, False)),
)
@@ -491,16 +497,16 @@ class DbusCoveredTest_03(DbusCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'dbus send bus=session,', (True, True, True, True)),
+ (' dbus send bus=session,', (True, True, True, True)),
('allow dbus send bus=session,', (True, False, True, True)),
- ( 'dbus send,', (False, False, False, False)),
- ( 'dbus,', (False, False, False, False)),
- ( 'dbus send member=(label=foo),', (False, False, False, False)),
+ (' dbus send,', (False, False, False, False)),
+ (' dbus,', (False, False, False, False)),
+ (' dbus send member=(label=foo),', (False, False, False, False)),
('audit dbus,', (False, False, False, False)),
('audit dbus send bus=session,', (False, False, False, False)),
('audit dbus bus=session,', (False, False, False, False)),
- ( 'dbus send,', (False, False, False, False)),
- ( 'dbus,', (False, False, False, False)),
+ (' dbus send,', (False, False, False, False)),
+ (' dbus,', (False, False, False, False)),
)
@@ -509,12 +515,12 @@ class DbusCoveredTest_04(DbusCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'dbus,', (True, True, True, True)),
+ (' dbus,', (True, True, True, True)),
('allow dbus,', (True, False, True, True)),
- ( 'dbus send,', (False, False, True, True)),
- ( 'dbus receive bus=session,', (False, False, True, True)),
- ( 'dbus member=(label=foo),', (False, False, True, True)),
- ( 'dbus send bus=session,', (False, False, True, True)),
+ (' dbus send,', (False, False, True, True)),
+ (' dbus receive bus=session,', (False, False, True, True)),
+ (' dbus member=(label=foo),', (False, False, True, True)),
+ (' dbus send bus=session,', (False, False, True, True)),
('audit dbus,', (False, False, False, False)),
('deny dbus,', (False, False, False, False)),
)
@@ -525,11 +531,11 @@ class DbusCoveredTest_05(DbusCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'deny dbus send,', (True, True, True, True)),
+ (' deny dbus send,', (True, True, True, True)),
('audit deny dbus send,', (False, False, False, False)),
- ( 'dbus send,', (False, False, False, False)), # XXX should covered be true here?
- ( 'deny dbus receive,', (False, False, False, False)),
- ( 'deny dbus,', (False, False, False, False)),
+ (' dbus send,', (False, False, False, False)), # XXX should covered be true here?
+ (' deny dbus receive,', (False, False, False, False)),
+ (' deny dbus,', (False, False, False, False)),
)
@@ -712,7 +718,7 @@ class DbusCoveredTest_11(DbusCoveredTest):
class DbusCoveredTest_Invalid(AATest):
def AASetup(self):
# access bus path name interface member peername peerlabel
- self.obj = DbusRule(('send', 'receive'), 'session', '/org/test', DbusRule.ALL, '/int/face', DbusRule.ALL, '/peer/name', '/peer/label', allow_keyword=True)
+ self.obj = DbusRule(('send', 'receive'), 'session', '/org/test', DbusRule.ALL, '/int/face', DbusRule.ALL, '/peer/name', '/peer/label', allow_keyword=True) # noqa: E221
self.testobj = DbusRule(('send'), 'session', '/org/test', DbusRule.ALL, '/int/face', '/mem/ber', '/peer/name', '/peer/label', allow_keyword=True)
def test_borked_obj_is_covered_1(self):
@@ -735,7 +741,7 @@ class DbusCoveredTest_Invalid(AATest):
def test_borked_obj_is_covered_4(self):
# we need a different 'victim' because dbus send doesn't allow the name conditional we want to test here
- self.obj = DbusRule( ('bind'), 'session', DbusRule.ALL, '/name', DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, allow_keyword=True)
+ self.obj = DbusRule(('bind'), 'session', DbusRule.ALL, '/name', DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, allow_keyword=True) # noqa: E221
self.testobj = DbusRule(('bind'), 'session', DbusRule.ALL, '/name', DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, DbusRule.ALL, allow_keyword=True)
self.testobj.name = ''
@@ -767,43 +773,49 @@ class DbusCoveredTest_Invalid(AATest):
self.obj.is_covered(self.testobj)
def test_invalid_is_covered(self):
- obj = DbusRule.parse('dbus send,')
+ raw_rule = 'dbus send,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(DbusRule):
+ pass
+ obj = DbusRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
- obj = DbusRule.parse('dbus send,')
+ raw_rule = 'dbus send,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(DbusRule):
+ pass
+ obj = DbusRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)
class DbusLogprofHeaderTest(AATest):
tests = (
- ('dbus,', [ _('Access mode'), _('ALL'), _('Bus'), _('ALL'), _('Path'), _('ALL'), _('Name'), _('ALL'), _('Interface'), _('ALL'), _('Member'), _('ALL'), _('Peer name'), _('ALL'), _('Peer label'), _('ALL')]),
- ('dbus (send receive),', [ _('Access mode'), 'receive send', _('Bus'), _('ALL'), _('Path'), _('ALL'), _('Name'), _('ALL'), _('Interface'), _('ALL'), _('Member'), _('ALL'), _('Peer name'), _('ALL'), _('Peer label'), _('ALL')]),
- ('dbus send bus=session,', [ _('Access mode'), 'send', _('Bus'), 'session', _('Path'), _('ALL'), _('Name'), _('ALL'), _('Interface'), _('ALL'), _('Member'), _('ALL'), _('Peer name'), _('ALL'), _('Peer label'), _('ALL')]),
+ ('dbus,', [ _('Access mode'), _('ALL'), _('Bus'), _('ALL'), _('Path'), _('ALL'), _('Name'), _('ALL'), _('Interface'), _('ALL'), _('Member'), _('ALL'), _('Peer name'), _('ALL'), _('Peer label'), _('ALL')]), # noqa: E201
+ ('dbus (send receive),', [ _('Access mode'), 'receive send', _('Bus'), _('ALL'), _('Path'), _('ALL'), _('Name'), _('ALL'), _('Interface'), _('ALL'), _('Member'), _('ALL'), _('Peer name'), _('ALL'), _('Peer label'), _('ALL')]), # noqa: E201
+ ('dbus send bus=session,', [ _('Access mode'), 'send', _('Bus'), 'session', _('Path'), _('ALL'), _('Name'), _('ALL'), _('Interface'), _('ALL'), _('Member'), _('ALL'), _('Peer name'), _('ALL'), _('Peer label'), _('ALL')]), # noqa: E201
('deny dbus,', [_('Qualifier'), 'deny', _('Access mode'), _('ALL'), _('Bus'), _('ALL'), _('Path'), _('ALL'), _('Name'), _('ALL'), _('Interface'), _('ALL'), _('Member'), _('ALL'), _('Peer name'), _('ALL'), _('Peer label'), _('ALL')]),
('allow dbus send,', [_('Qualifier'), 'allow', _('Access mode'), 'send', _('Bus'), _('ALL'), _('Path'), _('ALL'), _('Name'), _('ALL'), _('Interface'), _('ALL'), _('Member'), _('ALL'), _('Peer name'), _('ALL'), _('Peer label'), _('ALL')]),
('audit dbus send bus=session,', [_('Qualifier'), 'audit', _('Access mode'), 'send', _('Bus'), 'session', _('Path'), _('ALL'), _('Name'), _('ALL'), _('Interface'), _('ALL'), _('Member'), _('ALL'), _('Peer name'), _('ALL'), _('Peer label'), _('ALL')]),
('audit deny dbus send,', [_('Qualifier'), 'audit deny', _('Access mode'), 'send', _('Bus'), _('ALL'), _('Path'), _('ALL'), _('Name'), _('ALL'), _('Interface'), _('ALL'), _('Member'), _('ALL'), _('Peer name'), _('ALL'), _('Peer label'), _('ALL')]),
- ('dbus bind name=bind.name,', [ _('Access mode'), 'bind', _('Bus'), _('ALL'), _('Path'), _('ALL'), _('Name'), 'bind.name', _('Interface'), _('ALL'), _('Member'), _('ALL'), _('Peer name'), _('ALL'), _('Peer label'), _('ALL')]),
+ ('dbus bind name=bind.name,', [ _('Access mode'), 'bind', _('Bus'), _('ALL'), _('Path'), _('ALL'), _('Name'), 'bind.name', _('Interface'), _('ALL'), _('Member'), _('ALL'), _('Peer name'), _('ALL'), _('Peer label'), _('ALL')]), # noqa: E201
('dbus send bus=session path=/path interface=aa.test member=ExMbr peer=(name=(peer.name)),',
- [ _('Access mode'), 'send', _('Bus'), 'session', _('Path'), '/path', _('Name'), _('ALL'), _('Interface'), 'aa.test', _('Member'), 'ExMbr', _('Peer name'), 'peer.name', _('Peer label'), _('ALL')]),
- ('dbus send peer=(label=foo),', [ _('Access mode'), 'send', _('Bus'), _('ALL'), _('Path'), _('ALL'), _('Name'), _('ALL'), _('Interface'), _('ALL'), _('Member'), _('ALL'), _('Peer name'), _('ALL'), _('Peer label'), 'foo']),
+ [ _('Access mode'), 'send', _('Bus'), 'session', _('Path'), '/path', _('Name'), _('ALL'), _('Interface'), 'aa.test', _('Member'), 'ExMbr', _('Peer name'), 'peer.name', _('Peer label'), _('ALL')]), # noqa: E201,E127
+ ('dbus send peer=(label=foo),', [ _('Access mode'), 'send', _('Bus'), _('ALL'), _('Path'), _('ALL'), _('Name'), _('ALL'), _('Interface'), _('ALL'), _('Member'), _('ALL'), _('Peer name'), _('ALL'), _('Peer label'), 'foo']), # noqa: E201
)
def _run_test(self, params, expected):
- obj = DbusRule.parse(params)
+ obj = DbusRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
-## --- tests for DbusRuleset --- #
+# --- tests for DbusRuleset --- #
class DbusRulesTest(AATest):
def test_empty_ruleset(self):
@@ -834,7 +846,7 @@ class DbusRulesTest(AATest):
]
for rule in rules:
- ruleset.add(DbusRule.parse(rule))
+ ruleset.add(DbusRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@@ -863,7 +875,7 @@ class DbusRulesTest(AATest):
]
for rule in rules:
- ruleset.add(DbusRule.parse(rule))
+ ruleset.add(DbusRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw(1))
self.assertEqual(expected_clean, ruleset.get_clean(1))
diff --git a/utils/test/test-file.py b/utils/test/test-file.py
index 227e4380ebb168c4f97165b0dc62652e9563e419..06441e8206901864ba653885b1231b78c6c279ee 100644
--- a/utils/test/test-file.py
+++ b/utils/test/test-file.py
@@ -17,9 +17,8 @@ import unittest
from collections import namedtuple
import apparmor.severity as severity
-from apparmor.common import AppArmorBug, AppArmorException
+from apparmor.common import AppArmorBug, AppArmorException, hasher
from apparmor.logparser import ReadLog
-from apparmor.rule import BaseRule
from apparmor.rule.file import FileRule, FileRuleset
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -105,7 +104,7 @@ class FileTestParse(FileTest):
def _run_test(self, rawrule, expected):
self.assertTrue(FileRule.match(rawrule))
- obj = FileRule.parse(rawrule)
+ obj = FileRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@@ -128,7 +127,7 @@ class FileTestParseInvalid(FileTest):
def _run_test(self, rawrule, expected):
self.assertTrue(FileRule.match(rawrule)) # the above invalid rules still match the main regex!
with self.assertRaises(expected):
- FileRule.parse(rawrule)
+ FileRule.create_instance(rawrule)
class FileTestNonMatch(AATest):
@@ -201,18 +200,18 @@ class FileFromInit(FileTest):
# path, perms, exec_perms, target, owner, file_keyword, leading_perms
(FileRule('/foo', 'rw', None, FileRule.ALL, False, False, False, audit=True, deny=True),
- # audit allow deny comment path all_paths perms all? exec_perms target all? owner file keyword leading perms
- exp(True, False, True, '', '/foo', False, {'r', 'w'}, False, None, None, True, False, False, False)),
+ # audit allow deny comment path all_paths perms all? exec_perms target all? owner file keyword leading perms
+ exp(True, False, True, '', '/foo', False, {'r', 'w'}, False, None, None, True, False, False, False)),
# path, perms, exec_perms, target, owner, file_keyword, leading_perms
(FileRule('/foo', None, 'Pix', 'bar_prof', True, True, True, allow_keyword=True),
- # audit allow deny comment path all_paths perms all? exec_perms target all? owner file keyword leading perms
- exp(False, True, False, '', '/foo', False, set(), False, 'Pix', 'bar_prof', False, True, True, True)),
+ # audit allow deny comment path all_paths perms all? exec_perms target all? owner file keyword leading perms
+ exp(False, True, False, '', '/foo', False, set(), False, 'Pix', 'bar_prof', False, True, True, True)),
# path, perms, exec_perms, target, owner, file_keyword, leading_perms
(FileRule('/foo', {'link', 'subset'}, None, '/bar', False, False, True, audit=True, deny=True),
- # audit allow deny comment path all_paths perms all? exec_perms target all? owner file keyword leading perms
- exp(True, False, True, '', '/foo', False, {'link', 'subset'}, False, None, '/bar', False, False, False, True)),
+ # audit allow deny comment path all_paths perms all? exec_perms target all? owner file keyword leading perms
+ exp(True, False, True, '', '/foo', False, {'link', 'subset'}, False, None, '/bar', False, False, False, True)),
)
@@ -225,55 +224,55 @@ class InvalidFileInit(AATest):
# path, perms, exec_perms, target, owner, file_keyword, leading_perms expected exception
# empty fields
- ( ('', 'rw', 'ix', '/bar', False, False, False), AppArmorBug),
- # OK ('/foo', '', 'ix', '/bar', False, False, False), AppArmorBug),
- ( ('/foo', 'rw', '', '/bar', False, False, False), AppArmorBug),
- ( ('/foo', 'rw', 'ix', '', False, False, False), AppArmorBug),
+ ( ('', 'rw', 'ix', '/bar', False, False, False), AppArmorBug), # noqa: E201
+ # OK ('/foo', '', 'ix', '/bar', False, False, False), AppArmorBug), # noqa: E201
+ ( ('/foo', 'rw', '', '/bar', False, False, False), AppArmorBug), # noqa: E201
+ ( ('/foo', 'rw', 'ix', '', False, False, False), AppArmorBug), # noqa: E201
# whitespace fields
- ( (' ', 'rw', 'ix', '/bar', False, False, False), AppArmorBug),
- ( ('/foo', ' ', 'ix', '/bar', False, False, False), AppArmorException),
- ( ('/foo', 'rw', ' ', '/bar', False, False, False), AppArmorBug),
- ( ('/foo', 'rw', 'ix', ' ', False, False, False), AppArmorBug),
+ ( (' ', 'rw', 'ix', '/bar', False, False, False), AppArmorBug), # noqa: E201
+ ( ('/foo', ' ', 'ix', '/bar', False, False, False), AppArmorException), # noqa: E201
+ ( ('/foo', 'rw', ' ', '/bar', False, False, False), AppArmorBug), # noqa: E201
+ ( ('/foo', 'rw', 'ix', ' ', False, False, False), AppArmorBug), # noqa: E201
# wrong type - dict()
- ( (dict(), 'rw', 'ix', '/bar', False, False, False), AppArmorBug),
- ( ('/foo', dict(), 'ix', '/bar', False, False, False), AppArmorBug),
- ( ('/foo', 'rw', dict(), '/bar', False, False, False), AppArmorBug),
- ( ('/foo', 'rw', 'ix', dict(), False, False, False), AppArmorBug),
- ( ('/foo', 'rw', 'ix', '/bar', dict(), False, False), AppArmorBug),
- ( ('/foo', 'rw', 'ix', '/bar', False, dict(), False), AppArmorBug),
- ( ('/foo', 'rw', 'ix', '/bar', False, False, dict()), AppArmorBug),
+ ( (dict(), 'rw', 'ix', '/bar', False, False, False), AppArmorBug), # noqa: E201
+ ( ('/foo', dict(), 'ix', '/bar', False, False, False), AppArmorBug), # noqa: E201
+ ( ('/foo', 'rw', dict(), '/bar', False, False, False), AppArmorBug), # noqa: E201
+ ( ('/foo', 'rw', 'ix', dict(), False, False, False), AppArmorBug), # noqa: E201
+ ( ('/foo', 'rw', 'ix', '/bar', dict(), False, False), AppArmorBug), # noqa: E201
+ ( ('/foo', 'rw', 'ix', '/bar', False, dict(), False), AppArmorBug), # noqa: E201
+ ( ('/foo', 'rw', 'ix', '/bar', False, False, dict()), AppArmorBug), # noqa: E201
# wrong type - None
- ( (None, 'rw', 'ix', '/bar', False, False, False), AppArmorBug),
- # OK ('/foo', None, 'ix', '/bar', False, False, False), AppArmorBug),
- # OK ('/foo', 'rw', None, '/bar', False, False, False), AppArmorBug),
- ( ('/foo', 'rw', 'ix', None, False, False, False), AppArmorBug),
- ( ('/foo', 'rw', 'ix', '/bar', None, False, False), AppArmorBug),
- ( ('/foo', 'rw', 'ix', '/bar', False, None, False), AppArmorBug),
- ( ('/foo', 'rw', 'ix', '/bar', False, False, None), AppArmorBug),
+ ( (None, 'rw', 'ix', '/bar', False, False, False), AppArmorBug), # noqa: E201
+ # OK ('/foo', None, 'ix', '/bar', False, False, False), AppArmorBug), # noqa: E201
+ # OK ('/foo', 'rw', None, '/bar', False, False, False), AppArmorBug), # noqa: E201
+ ( ('/foo', 'rw', 'ix', None, False, False, False), AppArmorBug), # noqa: E201
+ ( ('/foo', 'rw', 'ix', '/bar', None, False, False), AppArmorBug), # noqa: E201
+ ( ('/foo', 'rw', 'ix', '/bar', False, None, False), AppArmorBug), # noqa: E201
+ ( ('/foo', 'rw', 'ix', '/bar', False, False, None), AppArmorBug), # noqa: E201
# misc
- ( ('/foo', 'rwa', 'ix', '/bar', False, False, False), AppArmorException), # 'r' and 'a' conflict
- ( ('/foo', None, 'rw', '/bar', False, False, False), AppArmorBug), # file perms in exec perms parameter
- ( ('/foo', 'ix', None, '/bar', False, False, False), AppArmorBug), # exec perms in file perms parameter
- ( ('foo', 'rw', 'ix', '/bar', False, False, False), AppArmorException), # path doesn't start with /
- ( ('/foo', 'rb', 'ix', '/bar', False, False, False), AppArmorException), # invalid file mode 'b' (str)
- ( ('/foo', {'b'}, 'ix', '/bar', False, False, False), AppArmorBug), # invalid file mode 'b' (str)
- ( ('/foo', 'rw', 'ax', '/bar', False, False, False), AppArmorBug), # invalid exec mode 'ax'
- ( ('/foo', 'rw', 'x', '/bar', False, False, False), AppArmorException), # plain 'x' is only allowed in deny rules
- ( (FileRule.ALL, FileRule.ALL, None, '/bar', False, False, False), AppArmorBug), # plain 'file,' doesn't allow exec target
+ ( ('/foo', 'rwa', 'ix', '/bar', False, False, False), AppArmorException), # 'r' and 'a' conflict # noqa: E201
+ ( ('/foo', None, 'rw', '/bar', False, False, False), AppArmorBug), # file perms in exec perms parameter # noqa: E201
+ ( ('/foo', 'ix', None, '/bar', False, False, False), AppArmorBug), # exec perms in file perms parameter # noqa: E201
+ ( ('foo', 'rw', 'ix', '/bar', False, False, False), AppArmorException), # path doesn't start with / # noqa: E201
+ ( ('/foo', 'rb', 'ix', '/bar', False, False, False), AppArmorException), # invalid file mode 'b' (str) # noqa: E201
+ ( ('/foo', {'b'}, 'ix', '/bar', False, False, False), AppArmorBug), # invalid file mode 'b' (str) # noqa: E201
+ ( ('/foo', 'rw', 'ax', '/bar', False, False, False), AppArmorBug), # invalid exec mode 'ax' # noqa: E201
+ ( ('/foo', 'rw', 'x', '/bar', False, False, False), AppArmorException), # plain 'x' is only allowed in deny rules # noqa: E201
+ ( (FileRule.ALL, FileRule.ALL, None, '/bar', False, False, False), AppArmorBug), # plain 'file,' doesn't allow exec target # noqa: E201
# link rules
- ( (None, {'link'}, None, None, False, False, False), AppArmorBug), # missing path and target
- ( ('/foo', {'link'}, None, None, False, False, False), AppArmorBug), # missing target
- ( ( None, {'link'}, None, '/bar', False, False, False), AppArmorBug), # missing path
- ( ('/foo', {'subset'}, None, '/bar', False, False, False), AppArmorBug), # subset without link
- ( ('/foo', {'link'}, 'ix', '/bar', False, False, False), AppArmorBug), # link rule with exec perms
- ( ('/foo', {'link', 'subset'}, 'ix', '/bar', False, False, False), AppArmorBug), # link subset rule with exec perms
+ ( (None, {'link'}, None, None, False, False, False), AppArmorBug), # missing path and target # noqa: E201
+ ( ('/foo', {'link'}, None, None, False, False, False), AppArmorBug), # missing target # noqa: E201
+ ( ( None, {'link'}, None, '/bar', False, False, False), AppArmorBug), # missing path # noqa: E201
+ ( ('/foo', {'subset'}, None, '/bar', False, False, False), AppArmorBug), # subset without link # noqa: E201
+ ( ('/foo', {'link'}, 'ix', '/bar', False, False, False), AppArmorBug), # link rule with exec perms # noqa: E201
+ ( ('/foo', {'link', 'subset'}, 'ix', '/bar', False, False, False), AppArmorBug), # link subset rule with exec perms # noqa: E201
)
def _run_test(self, params, expected):
@@ -306,7 +305,7 @@ class InvalidFileTest(AATest):
obj = None
self.assertFalse(FileRule.match(rawrule))
with self.assertRaises(AppArmorException):
- obj = FileRule.parse(rawrule)
+ obj = FileRule.create_instance(rawrule)
self.assertIsNone(obj, 'FileRule handed back an object unexpectedly')
@@ -359,7 +358,7 @@ class FileGlobTest(AATest):
exp_can_glob, exp_can_glob_ext, exp_rule_glob, exp_rule_glob_ext = expected
# test glob()
- rule_obj = FileRule.parse(params)
+ rule_obj = FileRule.create_instance(params)
self.assertEqual(exp_can_glob, rule_obj.can_glob)
self.assertEqual(exp_can_glob_ext, rule_obj.can_glob_ext)
@@ -367,7 +366,7 @@ class FileGlobTest(AATest):
self.assertEqual(rule_obj.get_clean(), exp_rule_glob)
# test glob_ext()
- rule_obj = FileRule.parse(params)
+ rule_obj = FileRule.create_instance(params)
self.assertEqual(exp_can_glob, rule_obj.can_glob)
self.assertEqual(exp_can_glob_ext, rule_obj.can_glob_ext)
@@ -390,7 +389,7 @@ class FileGlobTest(AATest):
class WriteFileTest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(FileRule.match(rawrule), 'FileRule.match() failed')
- obj = FileRule.parse(rawrule)
+ obj = FileRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@@ -407,6 +406,9 @@ class WriteFileTest(AATest):
(' deny file /foo r,', 'deny file /foo r,'),
(' deny file /foo wr,', 'deny file /foo rw,'),
(' allow file /foo Pxrm -> bar,', 'allow file /foo mrPx -> bar,'),
+ (' deny owner file /foo r,', 'deny owner file /foo r,'),
+ (' deny owner file /foo wr,', 'deny owner file /foo rw,'),
+ (' allow owner file /foo Pxrm -> bar,', 'allow owner file /foo mrPx -> bar,'),
(' deny owner /foo r,', 'deny owner /foo r,'),
(' deny owner /foo wr,', 'deny owner /foo rw,'),
(' allow owner /foo Pxrm -> bar,', 'allow owner /foo mrPx -> bar,'),
@@ -421,6 +423,9 @@ class WriteFileTest(AATest):
(' deny file r /foo,', 'deny file r /foo,'),
(' deny file wr /foo ,', 'deny file rw /foo,'),
(' allow file Pxmr /foo -> bar,', 'allow file mrPx /foo -> bar,'),
+ (' deny owner file r /foo ,', 'deny owner file r /foo,'),
+ (' deny owner file wr /foo ,', 'deny owner file rw /foo,'),
+ (' allow owner file Pxrm /foo -> bar,', 'allow owner file mrPx /foo -> bar,'),
(' deny owner r /foo ,', 'deny owner r /foo,'),
(' deny owner wr /foo ,', 'deny owner rw /foo,'),
(' allow owner Pxrm /foo -> bar,', 'allow owner mrPx /foo -> bar,'),
@@ -460,48 +465,48 @@ class WriteFileTest(AATest):
class FileCoveredTest(AATest):
def _run_test(self, param, expected):
- obj = FileRule.parse(self.rule)
- check_obj = FileRule.parse(param)
+ obj = FileRule.create_instance(self.rule)
+ check_obj = FileRule.create_instance(param)
self.assertTrue(FileRule.match(param))
- self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected %s' % expected[0])
- self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected %s' % expected[1])
+ self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected {}'.format(expected[0]))
+ self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected {}'.format(expected[1]))
- self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected %s' % expected[2])
- self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected %s' % expected[3])
+ self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected {}'.format(expected[2]))
+ self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected {}'.format(expected[3]))
class FileCoveredTest_01(FileCoveredTest):
rule = 'file /foo r,'
-tests = (
- # rule equal strict equal covered covered exact
- ('file /foo r,', (True, True, True, True)),
- ('file /foo r ,', (True, False, True, True)),
- ('allow file /foo r,', (True, False, True, True)),
- ('allow /foo r, # comment', (True, False, True, True)),
- ('allow owner /foo r,', (False, False, True, True)),
- ('/foo r -> bar,', (False, False, True, True)),
- ('file r /foo,', (True, False, True, True)),
- ('allow file r /foo,', (True, False, True, True)),
- ('allow r /foo, # comment', (True, False, True, True)),
- ('allow owner r /foo,', (False, False, True, True)),
- ('r /foo -> bar,', (False, False, True, True)),
- ('file,', (False, False, False, False)),
- ('file /foo w,', (False, False, False, False)),
- ('file /foo rw,', (False, False, False, False)),
- ('file /bar r,', (False, False, False, False)),
- ('audit /foo r,', (False, False, False, False)),
- ('audit file,', (False, False, False, False)),
- ('audit deny /foo r,', (False, False, False, False)),
- ('deny file /foo r,', (False, False, False, False)),
- ('/foo rPx,', (False, False, False, False)),
- ('/foo Pxr,', (False, False, False, False)),
- ('/foo Px,', (False, False, False, False)),
- ('/foo ix,', (False, False, False, False)),
- ('/foo ix -> bar,', (False, False, False, False)),
- ('/foo rPx -> bar,', (False, False, False, False)),
-)
+ tests = (
+ # rule equal strict equal covered covered exact
+ ('file /foo r,', (True, True, True, True)),
+ ('file /foo r ,', (True, False, True, True)),
+ ('allow file /foo r,', (True, False, True, True)),
+ ('allow /foo r, # comment', (True, False, True, True)),
+ ('allow owner /foo r,', (False, False, True, True)),
+ ('/foo r -> bar,', (False, False, True, True)),
+ ('file r /foo,', (True, False, True, True)),
+ ('allow file r /foo,', (True, False, True, True)),
+ ('allow r /foo, # comment', (True, False, True, True)),
+ ('allow owner r /foo,', (False, False, True, True)),
+ ('r /foo -> bar,', (False, False, True, True)),
+ ('file,', (False, False, False, False)),
+ ('file /foo w,', (False, False, False, False)),
+ ('file /foo rw,', (False, False, False, False)),
+ ('file /bar r,', (False, False, False, False)),
+ ('audit /foo r,', (False, False, False, False)),
+ ('audit file,', (False, False, False, False)),
+ ('audit deny /foo r,', (False, False, False, False)),
+ ('deny file /foo r,', (False, False, False, False)),
+ ('/foo rPx,', (False, False, False, False)),
+ ('/foo Pxr,', (False, False, False, False)),
+ ('/foo Px,', (False, False, False, False)),
+ ('/foo ix,', (False, False, False, False)),
+ ('/foo ix -> bar,', (False, False, False, False)),
+ ('/foo rPx -> bar,', (False, False, False, False)),
+ )
class FileCoveredTest_02(FileCoveredTest):
@@ -791,18 +796,24 @@ class FileCoveredTest_ManualOrInvalid(AATest):
self.obj.is_covered(self.testobj)
def test_invalid_is_covered(self):
- obj = FileRule.parse('file,')
+ raw_rule = 'file,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(FileRule):
+ pass
+ obj = FileRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
- obj = FileRule.parse('file,')
+ raw_rule = 'file,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(FileRule):
+ pass
+ obj = FileRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)
@@ -825,7 +836,7 @@ class FileSeverityTest(AATest):
def _run_test(self, params, expected):
sev_db = severity.Severity('../severity.db', 'unknown')
- obj = FileRule.parse(params)
+ obj = FileRule.create_instance(params)
rank = obj.severity(sev_db)
self.assertEqual(rank, expected)
@@ -833,38 +844,48 @@ class FileSeverityTest(AATest):
class FileLogprofHeaderTest(AATest):
tests = (
# log event old perms ALL / owner
- (('file,', set(), set()), [ _('Path'), _('ALL'), _('New Mode'), _('ALL')]),
- (('/foo r,', set(), set()), [ _('Path'), '/foo', _('New Mode'), 'r']),
- (('file /bar Px -> foo,', set(), set()), [ _('Path'), '/bar', _('New Mode'), 'Px -> foo']),
+ (('file,', set(), set()), [ _('Path'), _('ALL'), _('New Mode'), _('ALL')]), # noqa: E201
+ (('/foo r,', set(), set()), [ _('Path'), '/foo', _('New Mode'), 'r']), # noqa: E201
+ (('file /bar Px -> foo,', set(), set()), [ _('Path'), '/bar', _('New Mode'), 'Px -> foo']), # noqa: E201
(('deny file,', set(), set()), [_('Qualifier'), 'deny', _('Path'), _('ALL'), _('New Mode'), _('ALL')]),
(('allow file /baz rwk,', set(), set()), [_('Qualifier'), 'allow', _('Path'), '/baz', _('New Mode'), 'rwk']),
(('audit file /foo mr,', set(), set()), [_('Qualifier'), 'audit', _('Path'), '/foo', _('New Mode'), 'mr']),
(('audit deny /foo wk,', set(), set()), [_('Qualifier'), 'audit deny', _('Path'), '/foo', _('New Mode'), 'wk']),
- (('owner file /foo ix,', set(), set()), [ _('Path'), '/foo', _('New Mode'), 'owner ix']),
+ (('owner file /foo ix,', set(), set()), [ _('Path'), '/foo', _('New Mode'), 'owner ix']), # noqa: E201
(('audit deny file /foo rlx -> /baz,', set(), set()), [_('Qualifier'), 'audit deny', _('Path'), '/foo', _('New Mode'), 'rlx -> /baz']),
- (('/foo rw,', set('r'), set()), [ _('Path'), '/foo', _('Old Mode'), _('r'), _('New Mode'), _('rw')]),
- (('/foo rw,', set(), set('rw')), [ _('Path'), '/foo', _('Old Mode'), _('owner rw'), _('New Mode'), _('rw')]),
- (('/foo mrw,', set('r'), set('k')), [ _('Path'), '/foo', _('Old Mode'), _('r + owner k'), _('New Mode'), _('mrw')]),
- (('/foo mrw,', set('r'), set('rk')), [ _('Path'), '/foo', _('Old Mode'), _('r + owner k'), _('New Mode'), _('mrw')]),
- (('link /foo -> /bar,', set(), set()), [ _('Path'), '/foo', _('New Mode'), 'link -> /bar']),
- (('link subset /foo -> /bar,', set(), set()), [ _('Path'), '/foo', _('New Mode'), 'link subset -> /bar']),
+ (('/foo rw,', set('r'), set()), [ _('Path'), '/foo', _('Old Mode'), _('r'), _('New Mode'), _('rw')]), # noqa: E201
+ (('/foo rw,', set(), set('rw')), [ _('Path'), '/foo', _('Old Mode'), _('owner rw'), _('New Mode'), _('rw')]), # noqa: E201
+ (('/foo mrw,', set('r'), set('k')), [ _('Path'), '/foo', _('Old Mode'), _('r + owner k'), _('New Mode'), _('mrw')]), # noqa: E201
+ (('/foo mrw,', set('r'), set('rk')), [ _('Path'), '/foo', _('Old Mode'), _('r + owner k'), _('New Mode'), _('mrw')]), # noqa: E201
+ (('link /foo -> /bar,', set(), set()), [ _('Path'), '/foo', _('New Mode'), 'link -> /bar']), # noqa: E201
+ (('link subset /foo -> /bar,', set(), set()), [ _('Path'), '/foo', _('New Mode'), 'link subset -> /bar']), # noqa: E201
)
def _run_test(self, params, expected):
- obj = FileRule.parse(params[0])
+ obj = FileRule.create_instance(params[0])
if params[1] or params[2]:
obj.original_perms = {'allow': {'all': params[1], 'owner': params[2]}}
self.assertEqual(obj.logprof_header(), expected)
def test_empty_original_perms(self):
- obj = FileRule.parse('/foo rw,')
+ obj = FileRule.create_instance('/foo rw,')
obj.original_perms = {'allow': {'all': set(), 'owner': set()}}
self.assertEqual(obj.logprof_header(), [_('Path'), '/foo', _('New Mode'), _('rw')])
+ def test_implicit_original_perms(self):
+ obj = FileRule.create_instance('/foo rw,')
+ obj.original_perms = {'allow': {'all': FileRule.ALL, 'owner': set()}}
+ self.assertEqual(obj.logprof_header(), [_('Path'), '/foo', _('Old Mode'), _('mrwlkix'), _('New Mode'), _('rw')])
+
+ def test_owner_implicit_original_perms(self):
+ obj = FileRule.create_instance('/foo rw,')
+ obj.original_perms = {'allow': {'all': set(), 'owner': FileRule.ALL}}
+ self.assertEqual(obj.logprof_header(), [_('Path'), '/foo', _('Old Mode'), _('owner mrwlkix'), _('New Mode'), _('rw')])
+
class FileEditHeaderTest(AATest):
def _run_test(self, params, expected):
- rule_obj = FileRule.parse(params)
+ rule_obj = FileRule.create_instance(params)
self.assertEqual(rule_obj.can_edit, True)
prompt, path_to_edit = rule_obj.edit_header()
self.assertEqual(path_to_edit, expected)
@@ -876,7 +897,7 @@ class FileEditHeaderTest(AATest):
)
def test_edit_header_bare_file(self):
- rule_obj = FileRule.parse('file,')
+ rule_obj = FileRule.create_instance('file,')
self.assertEqual(rule_obj.can_edit, False)
with self.assertRaises(AppArmorBug):
rule_obj.edit_header()
@@ -889,7 +910,7 @@ class FileValidateAndStoreEditTest(AATest):
self.assertEqual(rule_obj.validate_edit(params), expected)
rule_obj.store_edit(params)
- self.assertEqual(rule_obj.get_raw(), '%s r,' % params)
+ self.assertEqual(rule_obj.get_raw(), params + ' r,')
tests = (
# edited path match
@@ -901,7 +922,7 @@ class FileValidateAndStoreEditTest(AATest):
)
def test_validate_not_a_path(self):
- rule_obj = FileRule.parse('/foo/bar/baz r,')
+ rule_obj = FileRule.create_instance('/foo/bar/baz r,')
with self.assertRaises(AppArmorException):
rule_obj.validate_edit('foo/bar/baz')
@@ -910,7 +931,7 @@ class FileValidateAndStoreEditTest(AATest):
rule_obj.store_edit('foo/bar/baz')
def test_validate_edit_bare_file(self):
- rule_obj = FileRule.parse('file,')
+ rule_obj = FileRule.create_instance('file,')
self.assertEqual(rule_obj.can_edit, False)
with self.assertRaises(AppArmorBug):
@@ -920,7 +941,7 @@ class FileValidateAndStoreEditTest(AATest):
rule_obj.store_edit('/foo/bar')
-## --- tests for FileRuleset --- #
+# --- tests for FileRuleset --- #
class FileRulesTest(AATest):
def test_empty_ruleset(self):
@@ -955,7 +976,7 @@ class FileRulesTest(AATest):
deleted = 0
for rule in rules:
- deleted += ruleset.add(FileRule.parse(rule))
+ deleted += ruleset.add(FileRule.create_instance(rule))
self.assertEqual(deleted, 0)
self.assertEqual(expected_raw, ruleset.get_raw())
@@ -986,7 +1007,7 @@ class FileRulesTest(AATest):
deleted = 0
for rule in rules:
- deleted += ruleset.add(FileRule.parse(rule))
+ deleted += ruleset.add(FileRule.create_instance(rule))
self.assertEqual(deleted, 0)
self.assertEqual(expected_raw, ruleset.get_raw(1))
@@ -1020,12 +1041,12 @@ class FileRulesTest(AATest):
deleted = 0
for rule in rules:
- deleted += ruleset.add(FileRule.parse(rule))
+ deleted += ruleset.add(FileRule.create_instance(rule))
self.assertEqual(deleted, 0) # rules[] are added without cleanup mode, so the superfluous '/foo/baz rw,' should be kept
for rule in rules_with_cleanup:
- deleted += ruleset.add(FileRule.parse(rule), cleanup=True)
+ deleted += ruleset.add(FileRule.create_instance(rule), cleanup=True)
self.assertEqual(deleted, 1) # rules_with_cleanup made '/foo/bar r,' superfluous
self.assertEqual(expected_raw, ruleset.get_raw(1))
@@ -1044,9 +1065,9 @@ class FileGetRulesForPath(AATest):
(('/etc/foo/dovecot-database.conf.ext', False, False), ['/etc/foo/* r,', '/etc/foo/dovecot-database.conf.ext w,', '']),
(('/etc/foo/auth.d/authfoo.conf', False, False), ['/etc/foo/{auth,conf}.d/*.conf r,', '/etc/foo/{auth,conf}.d/authfoo.conf w,', '']),
(('/etc/foo/dovecot-deny.conf', False, False), ['deny /etc/foo/dovecot-deny.conf r,', '', '/etc/foo/* r,', '']),
- (('/foo/bar', False, True), [ ]),
+ (('/foo/bar', False, True), [ ]), # noqa: E201,E202
(('/etc/foo/dovecot-deny.conf', False, True), ['deny /etc/foo/dovecot-deny.conf r,', '']),
- (('/etc/foo/foo.conf', False, True), [ ]),
+ (('/etc/foo/foo.conf', False, True), [ ]), # noqa: E201,E202
(('/etc/foo/owner.conf', False, False), ['/etc/foo/* r,', 'owner /etc/foo/owner.conf w,', '']),
)
@@ -1063,7 +1084,7 @@ class FileGetRulesForPath(AATest):
ruleset = FileRuleset()
for rule in rules:
- ruleset.add(FileRule.parse(rule))
+ ruleset.add(FileRule.create_instance(rule))
matching = ruleset.get_rules_for_path(*params)
self. assertEqual(matching.get_clean(), expected)
@@ -1096,7 +1117,7 @@ class FileGetPermsForPath_1(AATest):
ruleset = FileRuleset()
for rule in rules:
- ruleset.add(FileRule.parse(rule))
+ ruleset.add(FileRule.create_instance(rule))
perms = ruleset.get_perms_for_path(*params)
self. assertEqual(perms, expected)
@@ -1133,7 +1154,7 @@ class FileGetPermsForPath_2(AATest):
ruleset = FileRuleset()
for rule in rules:
- ruleset.add(FileRule.parse(rule))
+ ruleset.add(FileRule.create_instance(rule))
perms = ruleset.get_perms_for_path(*params)
self. assertEqual(perms, expected)
@@ -1156,7 +1177,7 @@ class FileGetExecRulesForPath_1(AATest):
ruleset = FileRuleset()
for rule in rules:
- ruleset.add(FileRule.parse(rule))
+ ruleset.add(FileRule.create_instance(rule))
perms = ruleset.get_exec_rules_for_path(params)
matches = perms.get_clean()
@@ -1180,7 +1201,7 @@ class FileGetExecRulesForPath_2(AATest):
ruleset = FileRuleset()
for rule in rules:
- ruleset.add(FileRule.parse(rule))
+ ruleset.add(FileRule.create_instance(rule))
perms = ruleset.get_exec_rules_for_path(params, only_exact_matches=False)
matches = perms.get_clean()
@@ -1207,13 +1228,66 @@ class FileGetExecConflictRules_1(AATest):
ruleset = FileRuleset()
for rule in rules:
- ruleset.add(FileRule.parse(rule))
+ ruleset.add(FileRule.create_instance(rule))
- rule_obj = FileRule.parse(params)
+ rule_obj = FileRule.create_instance(params)
conflicts = ruleset.get_exec_conflict_rules(rule_obj)
self. assertEqual(conflicts.get_clean(), expected)
+class FileCreateFromEvent(AATest):
+
+ def test_exec_rule(self):
+ parser = ReadLog('', '', '')
+ raw_ev = '[258945.534540] audit: type=1400 audit(1725865139.443:401): apparmor="DENIED" operation="exec" class="file" profile="foo" name="/usr/bin/ls" pid=130888 comm="foo" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0'
+ hl = hasher()
+ ev = parser.parse_event(raw_ev)
+ FileRule.hashlog_from_event(hl, ev)
+
+ expected = {'/usr/bin/ls': {'': True}}
+ self.assertEqual(hl, expected)
+
+ fr = FileRule.from_hashlog(hl)
+
+ expected = FileRule('/usr/bin/ls', None, FileRule.ANY_EXEC, FileRule.ALL, False)
+
+ self.assertTrue(expected.is_equal(next(fr)))
+ with self.assertRaises(StopIteration):
+ next(fr)
+
+ def test_filemode_write_append(self):
+ parser = ReadLog('', '', '')
+ events = [
+ '[ 9614.885136] audit: type=1400 audit(1720429924.397:191): apparmor="DENIED" operation="open" class="file" profile="/home/user/test/a" name="/home/user/test/foo" pid=24460 comm="a" requested_mask="w" denied_mask="w" fsuid=1000 ouid=1000',
+ '[ 9614.885149] audit: type=1400 audit(1720429924.397:192): apparmor="DENIED" operation="open" class="file" profile="/home/user/test/a" name="/home/user/test/foo" pid=24460 comm="a" requested_mask="a" denied_mask="a" fsuid=1000 ouid=1000'
+ ]
+ hl = hasher()
+ for raw_ev in events:
+ ev = parser.parse_event(raw_ev)
+ FileRule.hashlog_from_event(hl, ev)
+
+ expected = {'/home/user/test/foo': {True: {'w': True, 'a': True}}}
+ self.assertEqual(hl, expected)
+
+ fr = FileRule.from_hashlog(hl)
+
+ expected = FileRule('/home/user/test/foo', 'w', None, FileRule.ALL, True)
+
+ self.assertTrue(expected.is_equal(next(fr)))
+ with self.assertRaises(StopIteration):
+ next(fr)
+
+
+class FileInvalidCreateFromEvent(AATest):
+ def test_write_append(self):
+ parser = ReadLog('', '', '')
+ raw_ev = '[258145.094974] audit: type=1400 audit(1725864339.004:396): apparmor="DENIED" operation="exec" class="file" profile="foo" name="" pid=125456 comm="foo" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000' # Name is empty
+ hl = hasher()
+ ev = parser.parse_event(raw_ev)
+ with self.assertRaises(AppArmorException):
+ FileRule.hashlog_from_event(hl, ev)
+
+
setup_all_loops(__name__)
if __name__ == '__main__':
unittest.main(verbosity=1)
diff --git a/utils/test/test-include.py b/utils/test/test-include.py
index 6b5d57b250a124c2232a53588f2a064b17d0927f..db67adafa4611d22bdc22cfcaa19424bd62d97f0 100644
--- a/utils/test/test-include.py
+++ b/utils/test/test-include.py
@@ -19,8 +19,6 @@ import unittest
from collections import namedtuple
from apparmor.common import AppArmorBug, AppArmorException
-# from apparmor.logparser import ReadLog
-from apparmor.rule import BaseRule
from apparmor.rule.include import IncludeRule, IncludeRuleset
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops, write_file
@@ -29,7 +27,7 @@ _ = init_translation()
exp = namedtuple(
'exp', ( # 'audit', 'allow_keyword', 'deny',
- 'comment', 'path', 'ifexists', 'ismagic'))
+ 'comment', 'path', 'ifexists', 'ismagic'))
# --- tests for single IncludeRule --- #
@@ -89,23 +87,23 @@ class IncludeTestParse(IncludeTest):
def _run_test(self, rawrule, expected):
self.assertTrue(IncludeRule.match(rawrule))
- obj = IncludeRule.parse(rawrule)
+ obj = IncludeRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
class IncludeTestParseInvalid(IncludeTest):
tests = (
- # (' some #include if exists <abstractions/base>', AppArmorException),
- # (' /etc/fstab r,', AppArmorException),
- # ('/usr/include r,', AppArmorException),
- # ('/include r,', AppArmorException),
+ # (' some #include if exists <abstractions/base>', AppArmorException),
+ # (' /etc/fstab r,', AppArmorException),
+ # ('/usr/include r,', AppArmorException),
+ # ('/include r,', AppArmorException),
)
def _run_test(self, rawrule, expected):
self.assertTrue(IncludeRule.match(rawrule)) # the above invalid rules still match the main regex!
with self.assertRaises(expected):
- IncludeRule.parse(rawrule)
+ IncludeRule.create_instance(rawrule)
# class IncludeTestParseFromLog(IncludeTest): # we'll never have log events for includes
@@ -167,7 +165,7 @@ class InvalidIncludeTest(AATest):
obj = None
self.assertEqual(IncludeRule.match(rawrule), matches_regex)
with self.assertRaises(AppArmorException):
- obj = IncludeRule.parse(rawrule)
+ obj = IncludeRule.create_instance(rawrule)
self.assertIsNone(obj, 'IncludeRule handed back an object unexpectedly')
@@ -188,7 +186,7 @@ class InvalidIncludeTest(AATest):
class WriteIncludeTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(IncludeRule.match(rawrule))
- obj = IncludeRule.parse(rawrule)
+ obj = IncludeRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@@ -246,16 +244,16 @@ class WriteIncludeTestAATest(AATest):
class IncludeCoveredTest(AATest):
def _run_test(self, param, expected):
- obj = IncludeRule.parse(self.rule)
- check_obj = IncludeRule.parse(param)
+ obj = IncludeRule.create_instance(self.rule)
+ check_obj = IncludeRule.create_instance(param)
self.assertTrue(IncludeRule.match(param))
- self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected %s' % expected[0])
- self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected %s' % expected[1])
+ self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected {}'.format(expected[0]))
+ self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected {}'.format(expected[1]))
- self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected %s' % expected[2])
- self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected %s' % expected[3])
+ self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected {}'.format(expected[2]))
+ self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected {}'.format(expected[3]))
class IncludeCoveredTest_01(IncludeCoveredTest):
@@ -289,7 +287,7 @@ class IncludeCoveredTest_02(IncludeCoveredTest):
class IncludeCoveredTest_Invalid(AATest):
# def test_borked_obj_is_covered_1(self):
- # obj = IncludeRule.parse('include <foo>')
+ # obj = IncludeRule.create_instance('include <foo>')
#
# testobj = IncludeRule('foo', True, True)
# testobj.path = ''
@@ -298,18 +296,24 @@ class IncludeCoveredTest_Invalid(AATest):
# obj.is_covered(testobj)
def test_invalid_is_covered(self):
- obj = IncludeRule.parse('include <abstractions/base>')
+ raw_rule = 'include <abstractions/base>'
- testobj = BaseRule() # different type
+ class SomeOtherClass(IncludeRule):
+ pass
+ obj = IncludeRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
- obj = IncludeRule.parse('include <abstractions/base>')
+ raw_rule = 'include <abstractions/base>'
- testobj = BaseRule() # different type
+ class SomeOtherClass(IncludeRule):
+ pass
+ obj = IncludeRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)
@@ -321,7 +325,7 @@ class IncludeLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
- obj = IncludeRule.parse(params)
+ obj = IncludeRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
@@ -330,7 +334,7 @@ class IncludeFullPathsTest(AATest):
self.createTmpdir()
# copy the local profiles to the test directory
- self.profile_dir = '%s/profiles' % self.tmpdir
+ self.profile_dir = self.tmpdir + '/profiles'
shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
inc_dir = os.path.join(self.profile_dir, 'abstractions/inc.d')
@@ -361,18 +365,18 @@ class IncludeFullPathsTest(AATest):
for path in expected:
exp2.append(path.replace('@@', self.profile_dir))
- obj = IncludeRule.parse(params)
+ obj = IncludeRule.create_instance(params)
self.assertEqual(obj.get_full_paths(self.profile_dir), exp2)
-## --- tests for IncludeRuleset --- #
+# --- tests for IncludeRuleset --- #
class IncludeRulesTest(AATest):
def AASetup(self):
self.createTmpdir()
# copy the local profiles to the test directory
- self.profile_dir = '%s/profiles' % self.tmpdir
+ self.profile_dir = self.tmpdir + '/profiles'
shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
write_file(self.profile_dir, 'baz', '/baz r,')
@@ -418,7 +422,7 @@ class IncludeRulesTest(AATest):
]
for rule in rules:
- ruleset.add(IncludeRule.parse(rule))
+ ruleset.add(IncludeRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@@ -465,7 +469,7 @@ class IncludeRulesTest(AATest):
]
for rule in rules:
- ruleset.add(IncludeRule.parse(rule))
+ ruleset.add(IncludeRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
diff --git a/utils/test/test-io_uring.py b/utils/test/test-io_uring.py
new file mode 100644
index 0000000000000000000000000000000000000000..f4763495c85fff6e131b55e7b9abc70567ab8831
--- /dev/null
+++ b/utils/test/test-io_uring.py
@@ -0,0 +1,194 @@
+#!/usr/bin/python3
+# ----------------------------------------------------------------------
+# Copyright (C) 2023 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+import unittest
+from collections import namedtuple
+from common_test import AATest, setup_all_loops
+
+from apparmor.rule.io_uring import IOUringRule, IOUringRuleset
+from apparmor.common import AppArmorException, AppArmorBug
+from apparmor.translations import init_translation
+_ = init_translation()
+
+
+class IOUringTestParse(AATest):
+ tests = (
+ # access label audit deny allow comment
+ ('io_uring,', IOUringRule(IOUringRule.ALL, IOUringRule.ALL, False, False, False, '')),
+ ('io_uring sqpoll,', IOUringRule(('sqpoll'), IOUringRule.ALL, False, False, False, '')),
+ ('io_uring override_creds,', IOUringRule(('override_creds'), IOUringRule.ALL, False, False, False, '')),
+ ('io_uring override_creds label=/foo,', IOUringRule(('override_creds'), '/foo', False, False, False, '')),
+ ('io_uring sqpoll label=bar,', IOUringRule(('sqpoll'), 'bar', False, False, False, '')),
+ ('io_uring (override_creds, sqpoll) label=/foo,', IOUringRule(('override_creds', 'sqpoll'), '/foo', False, False, False, '')),
+ ('audit io_uring sqpoll,', IOUringRule(('sqpoll'), IOUringRule.ALL, True, False, False, '')),
+ ('deny io_uring,', IOUringRule(IOUringRule.ALL, IOUringRule.ALL, False, True, False, '')),
+ ('deny io_uring (sqpoll, override_creds),', IOUringRule(('sqpoll', 'override_creds'), IOUringRule.ALL, False, True, False, '')),
+ ('audit allow io_uring,', IOUringRule(IOUringRule.ALL, IOUringRule.ALL, True, False, True, '')),
+ ('io_uring override_creds, # cmt', IOUringRule(('override_creds'), IOUringRule.ALL, False, False, False, ' # cmt')),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(IOUringRule.match(rawrule))
+ obj = IOUringRule.create_instance(rawrule)
+ expected.raw_rule = rawrule.strip()
+ self.assertTrue(obj.is_equal(expected, True))
+
+
+class IOUringTestParseInvalid(AATest):
+ tests = (
+ ('io_uring invalidaccess,', AppArmorException),
+ ('io_uring label=,', AppArmorException),
+ ('io_uring invalidaccess label=foo,', AppArmorException),
+ ('io_uring sqpoll label=,', AppArmorException),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(IOUringRule.match(rawrule)) # the above invalid rules still match the main regex!
+ with self.assertRaises(expected):
+ IOUringRule.create_instance(rawrule)
+
+ def test_parse_fail(self):
+ with self.assertRaises(AppArmorException):
+ IOUringRule.create_instance('foo,')
+
+ def test_diff_non_iouringrule(self):
+ exp = namedtuple('exp', ('audit', 'deny'))
+ obj = IOUringRule(('sqpoll'), IOUringRule.ALL)
+ with self.assertRaises(AppArmorBug):
+ obj.is_equal(exp(False, False), False)
+
+ def test_diff_access(self):
+ obj1 = IOUringRule(IOUringRule.ALL, IOUringRule.ALL)
+ obj2 = IOUringRule(('sqpoll'), IOUringRule.ALL)
+ self.assertFalse(obj1.is_equal(obj2, False))
+
+ def test_diff_label(self):
+ obj1 = IOUringRule(IOUringRule.ALL, 'foo')
+ obj2 = IOUringRule(IOUringRule.ALL, '/bar')
+ self.assertFalse(obj1.is_equal(obj2, False))
+
+
+class InvalidIOUringInit(AATest):
+ tests = (
+ # access label expected exception
+ (('', 'label'), AppArmorBug), # empty access
+ ((' ', 'label'), AppArmorBug), # whitespace access
+ (('xyxy', 'label'), AppArmorException), # invalid access
+ ((dict(), 'label'), AppArmorBug), # wrong type for access
+ ((None, 'label'), AppArmorBug), # wrong type for access
+ (('sqpoll', ''), AppArmorBug), # empty label
+ (('sqpoll', ' '), AppArmorBug), # whitespace label
+ (('sqpoll', dict()), AppArmorBug), # wrong type for label
+ (('sqpoll', None), AppArmorBug), # wrong type for label
+ )
+
+ def _run_test(self, params, expected):
+ with self.assertRaises(expected):
+ IOUringRule(*params)
+
+ def test_missing_params1(self):
+ with self.assertRaises(TypeError):
+ IOUringRule()
+
+ def test_missing_params2(self):
+ with self.assertRaises(TypeError):
+ IOUringRule('override_creds')
+
+
+class WriteIOUringTestAATest(AATest):
+ tests = (
+ # raw rule clean rule
+ (' io_uring , # foo ', 'io_uring, # foo'),
+ (' audit io_uring sqpoll,', 'audit io_uring sqpoll,'),
+ (' audit io_uring (override_creds ),', 'audit io_uring override_creds,'),
+ (' audit io_uring (sqpoll , override_creds ),', 'audit io_uring (override_creds sqpoll),'),
+ (' deny io_uring sqpoll label=bar,# foo bar', 'deny io_uring sqpoll label=bar, # foo bar'),
+ (' deny io_uring override_creds ,# foo bar', 'deny io_uring override_creds, # foo bar'),
+ (' allow io_uring label=tst ,# foo bar', 'allow io_uring label=tst, # foo bar'),
+ ('io_uring,', 'io_uring,'),
+ ('io_uring (override_creds),', 'io_uring override_creds,'),
+ ('io_uring (sqpoll),', 'io_uring sqpoll,'),
+ ('io_uring (sqpoll override_creds),', 'io_uring (override_creds sqpoll),'),
+ ('io_uring sqpoll label="tst",', 'io_uring sqpoll label="tst",'),
+ ('io_uring (override_creds) label=bar,', 'io_uring override_creds label=bar,'),
+ ('io_uring (sqpoll override_creds) label=/foo,', 'io_uring (override_creds sqpoll) label=/foo,'),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(IOUringRule.match(rawrule))
+ obj = IOUringRule.create_instance(rawrule)
+ clean = obj.get_clean()
+ raw = obj.get_raw()
+
+ self.assertEqual(expected.strip(), clean, 'unexpected clean rule')
+ self.assertEqual(rawrule.strip(), raw, 'unexpected raw rule')
+
+ def test_write_manually(self):
+ obj = IOUringRule('sqpoll', IOUringRule.ALL, allow_keyword=True)
+
+ expected = ' allow io_uring sqpoll,'
+
+ self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule')
+ self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')
+
+ def test_write_invalid_access(self):
+ obj = IOUringRule('sqpoll', IOUringRule.ALL)
+ obj.access = ''
+ with self.assertRaises(AppArmorBug):
+ obj.get_clean()
+
+ def test_write_invalid_label(self):
+ obj = IOUringRule(IOUringRule.ALL, 'bar')
+ obj.label = ''
+ with self.assertRaises(AppArmorBug):
+ obj.get_clean()
+
+
+class IOUringIsCoveredTest(AATest):
+ def test_is_covered(self):
+ obj = IOUringRule(IOUringRule.ALL, 'ba*')
+ self.assertTrue(obj.is_covered(IOUringRule(('sqpoll'), 'ba')))
+ self.assertTrue(obj.is_covered(IOUringRule(IOUringRule.ALL, 'baz')))
+
+ def test_is_not_covered(self):
+ obj = IOUringRule(('sqpoll'), 'foo')
+ self.assertFalse(obj.is_covered(IOUringRule(IOUringRule.ALL, 'foo')))
+ self.assertFalse(obj.is_covered(IOUringRule(('sqpoll'), IOUringRule.ALL)))
+
+
+class IOUringLogprofHeaderTest(AATest):
+ tests = (
+ ('io_uring,', [_('Access mode'), _('ALL'), _('Label'), _('ALL')]),
+ ('io_uring sqpoll,', [_('Access mode'), 'sqpoll', _('Label'), _('ALL')]),
+ ('io_uring override_creds,', [_('Access mode'), 'override_creds', _('Label'), _('ALL')]),
+ ('io_uring (sqpoll,override_creds),', [_('Access mode'), 'override_creds sqpoll', _('Label'), _('ALL')]),
+ ('io_uring sqpoll label=/foo,', [_('Access mode'), 'sqpoll', _('Label'), '/foo']),
+ ('io_uring override_creds label=bar,', [_('Access mode'), 'override_creds', _('Label'), 'bar']),
+ ('io_uring (sqpoll,override_creds) label=baz,', [_('Access mode'), 'override_creds sqpoll', _('Label'), 'baz']),
+ )
+
+ def _run_test(self, params, expected):
+ obj = IOUringRule.create_instance(params)
+ self.assertEqual(obj.logprof_header(), expected)
+
+
+class IOUringGlobTestAATest(AATest):
+ def test_glob(self):
+ self.assertEqual(IOUringRuleset().get_glob('io_uring sqpoll,'), 'io_uring,')
+
+
+setup_all_loops(__name__)
+if __name__ == '__main__':
+ unittest.main(verbosity=1)
diff --git a/utils/test/test-libapparmor-test_multi.py b/utils/test/test-libapparmor-test_multi.py
index 715af66a3a4c06e74720631611fa2889b9f93794..b9c08261f294ed674d30a6e4e025e3425238661e 100644
--- a/utils/test/test-libapparmor-test_multi.py
+++ b/utils/test/test-libapparmor-test_multi.py
@@ -33,12 +33,12 @@ class TestLibapparmorTestMulti(AATest):
expected = self._parse_libapparmor_test_multi(params)
loglines = []
- with open_file_read('%s.in' % params) as f_in:
+ with open_file_read(params + '.in') as f_in:
for line in f_in:
if line.strip():
loglines.append(line)
- self.assertEqual(len(loglines), 1, '%s.in should only contain one line!' % params)
+ self.assertEqual(len(loglines), 1, params + '.in should only contain one line!')
parser = ReadLog('', '', '')
parsed_event = parser.parse_event(loglines[0])
@@ -65,6 +65,8 @@ class TestLibapparmorTestMulti(AATest):
'src_name', # pivotroot
'dbus_bus', 'dbus_interface', 'dbus_member', 'dbus_path', # dbus
'peer_pid', 'peer_profile', # dbus
+ 'net_addr', 'peer_addr', # unix
+
):
pass
elif parsed_items['operation'] == 'exec' and label in ('sock_type', 'family', 'protocol'):
@@ -72,11 +74,11 @@ class TestLibapparmorTestMulti(AATest):
elif parsed_items['operation'] == 'ptrace' and label == 'name2' and params.endswith('/ptrace_garbage_lp1689667_1'):
pass # libapparmor would better qualify this case as invalid event
elif not parsed_items.get(label, None):
- raise Exception('parsed_items[%s] not set' % label)
+ raise Exception('parsed_items[{}] not set'.format(label))
elif not expected.get(label, None):
- raise Exception('expected[%s] not set' % label)
+ raise Exception('expected[{}] not set'.format(label))
else:
- self.assertEqual(str(parsed_items[label]), expected[label], '%s differs' % label)
+ self.assertEqual(str(parsed_items[label]), expected[label], label + ' differs')
elif expected:
self.assertIsNone(parsed_event) # that's why we end up here
self.assertEqual(dict(), expected, 'parsed_event is none') # effectively print the content of expected
@@ -109,12 +111,12 @@ class TestLibapparmorTestMulti(AATest):
def _parse_libapparmor_test_multi(self, file_with_path):
"""parse the libapparmor test_multi *.in tests and their expected result in *.out"""
- with open_file_read('%s.out' % file_with_path) as f_in:
+ with open_file_read(file_with_path + '.out') as f_in:
expected = f_in.readlines()
if expected[0].rstrip('\n') != 'START':
- raise Exception("%s.out doesn't have 'START' in its first line! (%s)"
- % (file_with_path, expected[0]))
+ raise Exception("{}.out doesn't have 'START' in its first line! ({})".format(
+ file_with_path, expected[0]))
expected.pop(0)
@@ -129,8 +131,8 @@ class TestLibapparmorTestMulti(AATest):
exresult[label] = value.strip()
if not exresult['event_type'].startswith('AA_RECORD_'):
- raise Exception("event_type doesn't start with AA_RECORD_: %s in file %s"
- % (exresult['event_type'], file_with_path))
+ raise Exception("event_type doesn't start with AA_RECORD_: {} in file {}".format(
+ exresult['event_type'], file_with_path))
exresult['aamode'] = exresult['event_type'].replace('AA_RECORD_', '')
if exresult['aamode'] == 'ALLOWED':
@@ -151,10 +153,6 @@ log_to_skip = [
# tests that do not produce the expected profile (checked with assertNotEqual)
log_to_profile_known_failures = [
- 'testcase_mount_01', # mount rules not yet supported in logparser
-
- 'testcase_pivotroot_01', # pivot_rot not yet supported in logparser
-
# exec events
'testcase01',
'testcase12',
@@ -175,8 +173,6 @@ log_to_profile_skip = [
# tests that cause an empty log
log_to_profile_known_empty_log = [
'change_onexec_lp1648143', # change_onexec not supported in logparser.py yet (and the log is about "no new privs" error)
- 'testcase_mount_01', # mount rules not supported in logparser
- 'testcase_pivotroot_01', # pivotroot not yet supported in logparser
'ptrace_garbage_lp1689667_1', # no denied= in log
'ptrace_no_denied_mask', # no denied= in log
'unconfined-change_hat', # unconfined trying to change_hat, which isn't allowed
@@ -189,7 +185,7 @@ class TestLogToProfile(AATest):
tests = 'invalid' # filled by parse_test_profiles()
def _run_test(self, params, expected):
- logfile = '%s.in' % params
+ logfile = params + '.in'
if params.split('/')[-1] in log_to_profile_skip:
return
@@ -198,7 +194,7 @@ class TestLogToProfile(AATest):
if profile is None:
return
- expected_profile = read_file('%s.profile' % params)
+ expected_profile = read_file(params + '.profile')
if params.split('/')[-1] in log_to_profile_known_failures:
self.assertNotEqual(new_profile, expected_profile) # known failure
@@ -222,7 +218,7 @@ def logfile_to_profile(logfile):
return None, aamode
if aamode not in ('PERMITTING', 'REJECTING'):
- raise Exception('Unexpected aamode %s' % parsed_event['aamode'])
+ raise Exception('Unexpected aamode {}'.format(parsed_event['aamode']))
# cleanup apparmor.aa storage
apparmor.aa.log = dict()
@@ -249,7 +245,7 @@ def logfile_to_profile(logfile):
log_dict = apparmor.aa.collapse_log(hashlog, ignore_null_profiles=False)
if list(log_dict[aamode].keys()) != [parsed_event['profile']]:
- raise Exception('log_dict[%s] contains unexpected keys. Logfile: %s, keys %s' % (aamode, logfile, log_dict.keys()))
+ raise Exception('log_dict[{}] contains unexpected keys. Logfile: {}, keys {}'.format(aamode, logfile, log_dict.keys()))
if '//' in parsed_event['profile']:
# log event for a child profile means log_dict only contains the child profile
@@ -272,10 +268,10 @@ def logfile_to_profile(logfile):
if logfile.split('/')[-1][:-3] in log_to_profile_known_empty_log:
# unfortunately this function might be called outside Unittest.TestCase, therefore we can't use assertEqual / assertNotEqual
if not log_is_empty:
- raise Exception('got non-empty log for logfile in log_to_profile_known_empty_log: %s %s' % (logfile, hashlog))
+ raise Exception('got non-empty log for logfile in log_to_profile_known_empty_log: {} {}'.format(logfile, hashlog))
else:
if log_is_empty:
- raise Exception('got empty log for logfile not in log_to_profile_known_empty_log: %s %s' % (logfile, hashlog))
+ raise Exception('got empty log for logfile not in log_to_profile_known_empty_log: {} {}'.format(logfile, hashlog))
new_profile = apparmor.aa.serialize_profile(log_dict[aamode], profile, {})
@@ -297,7 +293,7 @@ def find_test_multi(log_dir):
elif file.endswith('.out') or file.endswith('.err') or file.endswith('.profile'):
pass
else:
- raise Exception('Found unknown file %s in libapparmor test_multi' % file)
+ raise Exception('Found unknown file {} in libapparmor test_multi'.format(file))
return tests
@@ -305,7 +301,7 @@ def find_test_multi(log_dir):
# if a logfile is given as parameter, print the resulting profile and exit (with $? = 42 to make sure tests break if the caller accidentally hands over a parameter)
if __name__ == '__main__' and len(sys.argv) == 2:
print(logfile_to_profile(sys.argv[1])[1])
- exit(42)
+ sys.exit(42)
# still here? That means a normal test run
print('Testing libapparmor test_multi tests...')
diff --git a/utils/test/test-logparser.py b/utils/test/test-logparser.py
index 39acae0e5ef32e491d02ceb2a114de3b76f56ad1..87c23f6581bd5c4f2e1aff0d97ddba3f1f5866eb 100644
--- a/utils/test/test-logparser.py
+++ b/utils/test/test-logparser.py
@@ -100,6 +100,55 @@ class TestParseEvent(AATest):
self.assertIsNotNone(ReadLog.RE_LOG_ALL.search(event))
+ def test_get_rule_type(self):
+ rules = [
+ ('mount fstype=bpf options=(rw) random_label -> /sys/fs/bpf/,', 'mount'),
+ ('unix send addr=@foo{a,b} peer=(label=splat),', 'unix'),
+ ('userns create, # cmt', 'userns'),
+ ('allow /tmp/foo ra,', 'file'),
+ ('file rwix /foo,', 'file'),
+ ('signal set=quit peer=unconfined,', 'signal')
+ ]
+ for r, exp in rules:
+ self.assertEqual(self.parser.get_rule_type(r)[0], exp)
+
+ self.assertEqual(self.parser.get_rule_type('invalid rule,'), None)
+
+ def test_create_rule_from_ev(self):
+ events = [
+ ('Sep 9 12:51:50 ubuntu-desktop kernel: [ 1612.746129] type=1400 audit(1284061910.975:672): apparmor="DENIED" operation="capable" parent=2663 profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/syscall_setpriority" pid=7292 comm="syscall_setprio" capability=23 capname="sys_nice"', 'capability', 'capability sys_nice,'),
+ ('[ 1612.746129] audit: type=1400 audit(1284061910.975:672): apparmor="DENIED" operation="capable" parent=2663 profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/syscall_setpriority" pid=7292 comm="syscall_setprio" capability=23 capname="sys_nice"', 'capability', 'capability sys_nice,'),
+ ('Sep 9 12:51:36 ubuntu-desktop kernel: [ 97.492562] audit: type=1400 audit(1431116353.523:77): apparmor="DENIED" operation="change_profile" profile="/tests/regression/apparmor/changeprofile" pid=3459 comm="changeprofile" target="/tests/regression/apparmor/rename"', 'change_profile', 'change_profile -> /tests/regression/apparmor/rename,'),
+ ('Jul 31 17:10:35 dbusdev-saucy-amd64 dbus[1692]: apparmor="DENIED" operation="dbus_method_call" bus="session" name="org.freedesktop.DBus" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" pid=2922 profile="/tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service" peer_profile="unconfined"', 'dbus', 'dbus send bus=session path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=Hello peer=(label=unconfined),'),
+ ('Jul 31 17:11:16 dbusdev-saucy-amd64 dbus[1692]: apparmor="DENIED" operation="dbus_bind" bus="session" name="com.apparmor.Test" mask="bind" pid=2940 profile="/tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service"', 'dbus', 'dbus bind bus=session name=com.apparmor.Test,'),
+ ('type=AVC msg=audit(1345027352.096:499): apparmor="ALLOWED" operation="rename_dest" parent=6974 profile="/usr/sbin/httpd2-prefork//vhost_foo" name=2F686F6D652F7777772F666F6F2E6261722E696E2F68747470646F63732F61707061726D6F722F696D616765732F746573742F696D61676520312E6A7067 pid=20143 comm="httpd2-prefork" requested_mask="wc" denied_mask="wc" fsuid=30 ouid=30',
+ 'file', 'owner "/home/www/foo.bar.in/httpdocs/apparmor/images/test/image 1.jpg" w,'), # noqa: E127
+ ('2014-06-09T20:37:28.975070+02:00 geeko kernel: [21028.143765] type=1400 audit(1402339048.973:1421): apparmor="ALLOWED" operation="open" profile="/home/cb/linuxtag/apparmor/scripts/hello" name="/dev/tty" pid=14335 comm="hello" requested_mask="rw" denied_mask="rw" fsuid=1000 ouid=0', 'file', '/dev/tty rw,'),
+ ('[ 4584.703379] audit: type=1400 audit(1680266735.359:69): apparmor="DENIED" operation="uring_sqpoll" class="io_uring" profile="/root/apparmor/tests/regression/apparmor/io_uring" pid=1320 comm="io_uring" requested="sqpoll" denied="sqpoll"', 'io_uring', 'io_uring sqpoll,'),
+ ('[ 4584.491076] audit: type=1400 audit(1680266735.147:63): apparmor="DENIED" operation="uring_override" class="io_uring" profile="/root/apparmor/tests/regression/apparmor/io_uring" pid=1193 comm="io_uring" requested="override_creds" denied="override_creds" tcontext="/root/apparmor/tests/regression/apparmor/io_uring"', 'io_uring', 'io_uring override_creds label=/root/apparmor/tests/regression/apparmor/io_uring,'),
+ ('type=AVC msg=audit(1409700640.016:547457): apparmor="DENIED" operation="mount" info="failed mntpnt match" error=-13 profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/mount" name="/tmp/sdtest.19033-29001-MPfz98/mountpoint/" pid=19085 comm="mount" fstype="ext2" srcname="/dev/loop0/" flags="rw, mand"', 'mount', 'mount fstype=(ext2) options=(mand, rw) /dev/loop0/ -> /tmp/sdtest.19033-29001-MPfz98/mountpoint/,'),
+ ('type=AVC msg=audit(1709108389.303:12383): apparmor="DENIED" operation="mount" class="mount" info="failed mntpnt match" error=-13 profile="/home/user/test/testmount" name="/tmp/foo/" pid=14155 comm="testmount" flags="ro, remount"', 'mount', 'mount options=(remount, ro) -> /tmp/foo/,'),
+ ('type=AVC msg=audit(1709025786.045:43147): apparmor="DENIED" operation="umount" class="mount" profile="/home/user/test/testmount" name="/mnt/a/" pid=26697 comm="testmount"', 'mount', 'umount /mnt/a/,'),
+ ('Apr 05 19:36:19 ubuntu kernel: audit: type=1400 audit(1649187379.660:255): apparmor="DENIED" operation="create" profile="/root/apparmor/tests/regression/apparmor/posix_mq_rcv" name="/queuename" pid=791 comm="posix_mq_rcv" requested="create" denied="create" class="posix_mqueue" fsuid=0 ouid=0', 'mqueue', 'mqueue create type=posix /queuename,'),
+ ('Apr 05 19:36:29 ubuntu kernel: audit: type=1400 audit(1649187389.828:262): apparmor="DENIED" operation="open" profile="/root/apparmor/tests/regression/apparmor/posix_mq_rcv" name="/queuename" pid=848 comm="posix_mq_rcv" requested="read create" denied="read" class="posix_mqueue" fsuid=0 ouid=0', 'mqueue', 'mqueue read type=posix /queuename,'),
+ ('Apr 5 19:30:56 precise-amd64 kernel: [153073.826757] type=1400 audit(1308766940.698:3704): apparmor="DENIED" operation="sendmsg" parent=24737 profile="/usr/bin/evince-thumbnailer" pid=24743 comm="evince-thumbnai" laddr=192.168.66.150 lport=765 faddr=192.168.66.200 fport=2049 family="inet" sock_type="stream" protocol=6', 'network', 'network inet stream ip=192.168.66.150 port=765 peer=(ip=192.168.66.200 port=2049),'),
+ ('Apr 5 19:31:04 precise-amd64 kernel: [153073.826757] type=1400 audit(1308766940.698:3704): apparmor="DENIED" operation="sendmsg" parent=24737 profile="/usr/bin/evince-thumbnailer" pid=24743 comm="evince-thumbnai" lport=765 fport=2049 family="inet" sock_type="stream" protocol=6', 'network', 'network inet stream port=765 peer=(port=2049),'),
+ ('type=AVC msg=audit(1409700678.384:547594): apparmor="DENIED" operation="pivotroot" profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/pivot_root" name="/tmp/sdtest.21082-7446-EeefO6/new_root/" pid=21162 comm="pivot_root" srcname="/tmp/sdtest.21082-7446-EeefO6/new_root/put_old/"', 'pivot_root', 'pivot_root oldroot=/tmp/sdtest.21082-7446-EeefO6/new_root/put_old/ /tmp/sdtest.21082-7446-EeefO6/new_root/,'),
+ ('type=AVC msg=audit(1409700683.304:547661): apparmor="DENIED" operation="ptrace" profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace" pid=22465 comm="ptrace" requested_mask="tracedby" denied_mask="tracedby" peer="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace"', 'ptrace', 'ptrace tracedby peer=/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace,'),
+ ('type=AVC msg=audit(1409438250.564:201): apparmor="DENIED" operation="signal" profile="/usr/bin/pulseaudio" pid=2531 comm="pulseaudio" requested_mask="send" denied_mask="send" signal=term peer="/usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper"', 'signal', 'signal send set=term peer=/usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper,'),
+ ('type=AVC msg=audit(1711454639.955:322): apparmor="DENIED" operation="connect" class="net" profile="/home/user/test/client.py" pid=80819 comm="client.py" family="unix" sock_type="stream" protocol=0 requested="send receive connect" denied="send receive connect" addr=none peer_addr="@test_abstract_socket" peer="/home/user/test/server.py"', 'unix', 'unix (connect, receive, send) type=stream peer=(addr=@test_abstract_socket),'),
+ ('type=AVC msg=audit(1711214183.107:298): apparmor="DENIED" operation="connect" class="net" profile="/home/user/test/client.py" pid=65262 comm="server.py" family="unix" sock_type="stream" protocol=0 requested="send receive accept" denied="send accept" addr="@test_abstract_socket" peer_addr=none peer="unconfined"', 'unix', 'unix (accept, send) type=stream addr=@test_abstract_socket,'),
+ ('[ 176.385388] audit: type=1400 audit(1666891380.570:78): apparmor="DENIED" operation="userns_create" class="namespace" profile="/usr/bin/userns_child_exec" pid=1785 comm="userns_child_ex" requested="userns_create" denied="userns_create"', 'userns', 'userns create,'),
+ ('[ 429.272003] audit: type=1400 audit(1720613712.153:168): apparmor="AUDIT" operation="userns_create" class="namespace" info="Userns create - transitioning profile" profile="unconfined" pid=5630 comm="unshare" requested="userns_create" target="unprivileged_userns" execpath="/usr/bin/unshare"', 'userns', 'userns create,'),
+ ]
+ for ev, expected_type, expected_rule in events:
+ parsed_event = self.parser.parse_event(ev)
+ r = self.parser.create_rule_from_ev(parsed_event)
+ self.assertIsNotNone(r)
+ clean_rule = r.get_clean()
+ self.assertEqual(self.parser.get_rule_type(clean_rule)[0], expected_type)
+ self.assertEqual(expected_rule, clean_rule)
+
class TestParseEventForTreeInvalid(AATest):
tests = (
@@ -107,11 +156,24 @@ class TestParseEventForTreeInvalid(AATest):
('type=AVC msg=audit(1556742870.707:3614): apparmor="ALLOWED" operation="open" profile="/bin/hello" name="/dev/tty" pid=12856 comm="hello" requested_mask="wr" denied_mask="wr::w" fsuid=1000 ouid=0', AppArmorException), # "wr::w" mixes owner and other
)
+ def setUp(self):
+ self.parser = ReadLog('', '', '')
+
def _fake_profile_exists(self, program):
return True
+ def test_invalid_create_rule_from_ev(self):
+ events = [
+ 'Jul 31 17:11:16 dbusdev-saucy-amd64 dbus[1692]: apparmor="DENIED" operation="invalid" bus="session" name="com.apparmor.Test" mask="bind" pid=2940 profile="/tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service"', # operation is invalid
+ 'type=AVC msg=audit(1709108389.303:12383): apparmor="DENIED" operation="mount" class="mount" info="failed mntpnt match" error=-13 profile="/home/user/test/testmount" name="/tmp/foo/" pid=14155 comm="testmount" flags="invalid"', # invalid flag
+ '[ 176.385388] audit: type=1400 audit(1666891380.570:78): apparmor="DENIED" operation="userns_create" class="namespace" profile="/usr/bin/userns_child_exec" pid=1785 comm="userns_child_ex" requested="userns_create" denied="invalid"' # invalid denied
+ ]
+ for ev in events:
+ parsed_event = self.parser.parse_event(ev)
+ r = self.parser.create_rule_from_ev(parsed_event)
+ self.assertEqual(r, None)
+
def _run_test(self, params, expected):
- self.parser = ReadLog('', '', '')
self.parser.profile_exists = self._fake_profile_exists # inject fake function that always returns True - much easier than handing over a ProfileList object to __init__
parsed_event = self.parser.parse_event(params)
with self.assertRaises(expected):
diff --git a/utils/test/test-logprof.py b/utils/test/test-logprof.py
new file mode 100644
index 0000000000000000000000000000000000000000..f821798440d34e2738205fc97bd2730d03b8aba0
--- /dev/null
+++ b/utils/test/test-logprof.py
@@ -0,0 +1,137 @@
+#! /usr/bin/python3
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2023 Christian Boltz <apparmor@cboltz.de>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+import os
+import shutil
+import subprocess
+import sys
+import unittest
+
+# import apparmor.aa as aa # see the setup_aa() call for details
+from common_test import AATest, read_file, setup_all_loops # , setup_aa
+
+
+class TestLogprof(AATest):
+ # This test expects a set of files:
+ # - logprof/TESTNAME.auditlog - audit.log
+ # - logprof/TESTNAME.jsonlog - expected aa-logprof --json input and output (gathered with json_log=1 in logprof.conf)
+ # - logprof/TESTNAME.PROFILE - one or more profiles in the expected state
+ # where TESTNAME is the name given in the first column of 'tests'
+ tests = (
+ # test name # profiles to verify
+ ('ping', ['bin.ping']),
+ )
+
+ def AASetup(self):
+ self.createTmpdir()
+
+ # copy the local profiles to the test directory
+ self.profile_dir = self.tmpdir + '/profiles'
+ shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
+
+ def AATeardown(self):
+ self._terminate()
+
+ def _startLogprof(self, auditlog, mode):
+ exe = [sys.executable]
+
+ if 'coverage' in sys.modules:
+ exe = exe + ['-m', 'coverage', 'run', '--branch', '-p']
+
+ exe = exe + ['../aa-logprof', '--' + mode, '--configdir', './', '-f', auditlog, '-d', self.profile_dir, '--no-check-mountpoint', '--output-dir', self.tmpdir]
+
+ process = subprocess.Popen(
+ exe,
+ stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE,
+ # stderr=subprocess.STDOUT,
+ env={'LANG': 'C',
+ 'PYTHONPATH': os.environ.get('PYTHONPATH', ''),
+ 'LD_LIBRARY_PATH': os.environ.get('LD_LIBRARY_PATH', ''),
+ },
+ )
+
+ return process
+
+ def _terminate(self):
+ self.process.stdin.close()
+ self.process.stdout.close()
+ self.process.terminate()
+ self.process.wait(timeout=0.3)
+
+ def _run_test(self, params, expected):
+ auditlog = './logprof/%s.auditlog' % params
+ jsonlog = './logprof/%s.jsonlog' % params
+
+ jlog = read_file(jsonlog)
+ jlog = jlog.replace('/etc/apparmor.d', self.profile_dir)
+ jlog = jlog.replace('/var/log/audit/audit.log', auditlog)
+ jlog = jlog.strip().split('\n')
+
+ self.process = self._startLogprof(auditlog, 'json')
+
+ for line in jlog:
+ if line.startswith('o '): # read from stdout
+ output = self.process.stdout.readline().decode("utf-8").strip()
+ self.assertEqual(output, line[2:])
+
+ elif line.startswith('i '): # send to stdin
+ # expect an empty prompt line
+ output = self.process.stdout.readline().decode("utf-8").strip()
+ self.assertEqual(output, '')
+
+ # "type" answer
+ self.process.stdin.write(line[2:].encode("utf-8") + b"\n")
+ self.process.stdin.flush()
+
+ else:
+ raise Exception('Unknown line in json log %s: %s' % (jsonlog, line))
+
+ # give logprof some time to write the updated profile and terminate
+ self.process.wait(timeout=10)
+ self.assertEqual(self.process.returncode, 0)
+
+ for file in expected:
+ exp = read_file('./logprof/%s.%s' % (params, file))
+ actual = read_file(os.path.join(self.tmpdir, file))
+
+ # remove '# Last Modified:' line from updated profile
+ actual = actual.split('\n')
+ if actual[0].startswith('# Last Modified:'):
+ actual = actual[1:]
+ actual = '\n'.join(actual)
+
+ self.assertEqual(actual, exp)
+
+ def test_allow_all(self):
+ auditlog = './logprof/%s.auditlog' % 'ping'
+ allowlog = './logprof/%s.allowlog' % 'ping'
+
+ slog = read_file(allowlog)
+ slog = slog.replace('/etc/apparmor.d', self.profile_dir)
+ slog = slog.replace('/var/log/audit/audit.log', auditlog)
+ slog = slog.strip().split('\n')
+
+ self.process = self._startLogprof(auditlog, 'allow-all')
+
+ for line in slog:
+ output = self.process.stdout.readline().decode("utf-8").strip()
+ self.assertEqual(output, line)
+ # give logprof some time to write the updated profile and terminate
+ self.process.wait(timeout=0.3)
+ self.assertEqual(self.process.returncode, 0)
+
+
+# if you import apparmor.aa and call init_aa() in your tests, uncomment this
+# setup_aa(aa)
+setup_all_loops(__name__)
+if __name__ == '__main__':
+ unittest.main(verbosity=1)
diff --git a/utils/test/test-minitools.py b/utils/test/test-minitools.py
index f99fc4de7f35d4041ec878bd4ae064c423bb0073..3f86f518d01a330b6d47f242e310f43bac241f6a 100755
--- a/utils/test/test-minitools.py
+++ b/utils/test/test-minitools.py
@@ -14,12 +14,16 @@
import os
import shutil
import subprocess
+import sys
import unittest
import apparmor.aa as apparmor
from common_test import AATest, read_file, setup_aa, setup_all_loops
-python_interpreter = 'python3'
+# Use the same python as the one this script is being run with
+python_interpreter = sys.executable
+if not python_interpreter:
+ python_interpreter = 'python3'
class MinitoolsTest(AATest):
@@ -29,7 +33,7 @@ class MinitoolsTest(AATest):
# copy the local profiles to the test directory
# Should be the set of cleanprofile
- self.profile_dir = '%s/profiles' % self.tmpdir
+ self.profile_dir = self.tmpdir + '/profiles'
shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
apparmor.profile_dir = self.profile_dir
@@ -37,143 +41,152 @@ class MinitoolsTest(AATest):
# Path for the program
self.test_path = '/usr/sbin/winbindd'
# Path for the target file containing profile
- self.local_profilename = '%s/usr.sbin.winbindd' % self.profile_dir
+ self.local_profilename = self.profile_dir + '/usr.sbin.winbindd'
def test_audit(self):
# Set test profile to audit mode and check if it was correctly set
- str(subprocess.check_output(
- '%s ./../aa-audit --no-reload -d %s %s --configdir ./'
- % (python_interpreter, self.profile_dir, self.test_path), shell=True))
+ subprocess.check_output(
+ '{} ./../aa-audit --no-reload -d {} {} --configdir ./'.format(
+ python_interpreter, self.profile_dir, self.test_path),
+ shell=True)
self.assertEqual(
apparmor.get_profile_flags(self.local_profilename, self.test_path),
'audit',
- 'Audit flag could not be set in profile %s' % self.local_profilename)
+ 'Audit flag could not be set in profile ' + self.local_profilename)
# Remove audit mode from test profile and check if it was correctly removed
subprocess.check_output(
- '%s ./../aa-audit --no-reload -d %s -r %s --configdir ./'
- % (python_interpreter, self.profile_dir, self.test_path), shell=True)
+ '{} ./../aa-audit --no-reload -d {} -r {} --configdir ./'.format(
+ python_interpreter, self.profile_dir, self.test_path), shell=True)
self.assertEqual(
apparmor.get_profile_flags(self.local_profilename, self.test_path),
None,
- 'Audit flag could not be removed in profile %s' % self.local_profilename)
+ 'Audit flag could not be removed in profile ' + self.local_profilename)
def test_complain(self):
# Set test profile to complain mode and check if it was correctly set
subprocess.check_output(
- '%s ./../aa-complain --no-reload -d %s %s --configdir ./'
- % (python_interpreter, self.profile_dir, self.test_path), shell=True)
+ '{} ./../aa-complain --no-reload -d {} {} --configdir ./'.format(
+ python_interpreter, self.profile_dir, self.test_path),
+ shell=True)
# "manually" create a force-complain symlink (will be deleted by aa-enforce later)
- force_complain_dir = '%s/force-complain' % self.profile_dir
+ force_complain_dir = self.profile_dir + '/force-complain'
if not os.path.isdir(force_complain_dir):
os.mkdir(force_complain_dir)
os.symlink(
self.local_profilename,
- '%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename)))
+ '{}/{}'.format(force_complain_dir, os.path.basename(self.local_profilename)))
self.assertEqual(
- os.path.islink('%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename))),
+ os.path.islink('{}/{}'.format(force_complain_dir, os.path.basename(self.local_profilename))),
True,
- 'Failed to create a symlink for %s in force-complain' % self.local_profilename)
+ 'Failed to create a symlink for {} in force-complain'.format(self.local_profilename))
self.assertEqual(
apparmor.get_profile_flags(self.local_profilename, self.test_path),
'complain',
- 'Complain flag could not be set in profile %s' % self.local_profilename)
+ 'Complain flag could not be set in profile ' + self.local_profilename)
# Set test profile to enforce mode and check if it was correctly set
subprocess.check_output(
- '%s ./../aa-enforce --no-reload -d %s %s --configdir ./'
- % (python_interpreter, self.profile_dir, self.test_path), shell=True)
+ '{} ./../aa-enforce --no-reload -d {} {} --configdir ./'.format(
+ python_interpreter, self.profile_dir, self.test_path),
+ shell=True)
self.assertEqual(
- os.path.islink('%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename))),
+ os.path.islink('{}/{}'.format(force_complain_dir, os.path.basename(self.local_profilename))),
False,
- 'Failed to remove symlink for %s from force-complain' % self.local_profilename)
+ 'Failed to remove symlink for {} from force-complain'.format(self.local_profilename))
self.assertEqual(
- os.path.islink('%s/disable/%s' % (self.profile_dir, os.path.basename(self.local_profilename))),
+ os.path.islink('{}/disable/{}'.format(self.profile_dir, os.path.basename(self.local_profilename))),
False,
- 'Failed to remove symlink for %s from disable' % self.local_profilename)
+ 'Failed to remove symlink for {} from disable'.format(self.local_profilename))
self.assertEqual(
apparmor.get_profile_flags(self.local_profilename, self.test_path),
None,
- 'Complain flag could not be removed in profile %s' % self.local_profilename)
+ 'Complain flag could not be removed in profile ' + self.local_profilename)
# Set audit flag and then complain flag in a profile
subprocess.check_output(
- '%s ./../aa-audit --no-reload -d %s %s --configdir ./'
- % (python_interpreter, self.profile_dir, self.test_path), shell=True)
+ '{} ./../aa-audit --no-reload -d {} {} --configdir ./'.format(
+ python_interpreter, self.profile_dir, self.test_path),
+ shell=True)
subprocess.check_output(
- '%s ./../aa-complain --no-reload -d %s %s --configdir ./'
- % (python_interpreter, self.profile_dir, self.test_path), shell=True)
+ '{} ./../aa-complain --no-reload -d {} {} --configdir ./'.format(
+ python_interpreter, self.profile_dir, self.test_path),
+ shell=True)
# "manually" create a force-complain symlink (will be deleted by aa-enforce later)
os.symlink(
self.local_profilename,
- '%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename)))
+ '{}/{}'.format(force_complain_dir, os.path.basename(self.local_profilename)))
self.assertEqual(
- os.path.islink('%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename))),
+ os.path.islink('{}/{}'.format(force_complain_dir, os.path.basename(self.local_profilename))),
True,
- 'Failed to create a symlink for %s in force-complain' % self.local_profilename)
+ 'Failed to create a symlink for {} in force-complain'.format(self.local_profilename))
self.assertEqual(
apparmor.get_profile_flags(self.local_profilename, self.test_path),
'audit, complain',
- 'Complain flag could not be set in profile %s' % self.local_profilename)
+ 'Complain flag could not be set in profile ' + self.local_profilename)
# Remove complain flag first i.e. set to enforce mode
subprocess.check_output(
- '%s ./../aa-enforce --no-reload -d %s %s --configdir ./'
- % (python_interpreter, self.profile_dir, self.test_path), shell=True)
+ '{} ./../aa-enforce --no-reload -d {} {} --configdir ./'.format(
+ python_interpreter, self.profile_dir, self.test_path),
+ shell=True)
self.assertEqual(
- os.path.islink('%s/%s' % (force_complain_dir, os.path.basename(self.local_profilename))),
+ os.path.islink('{}/{}'.format(force_complain_dir, os.path.basename(self.local_profilename))),
False,
- 'Failed to remove symlink for %s from force-complain' % self.local_profilename)
+ 'Failed to remove symlink for {} from force-complain'.format(self.local_profilename))
self.assertEqual(
- os.path.islink('%s/disable/%s' % (self.profile_dir, os.path.basename(self.local_profilename))),
+ os.path.islink('{}/disable/{}'.format(self.profile_dir, os.path.basename(self.local_profilename))),
False,
- 'Failed to remove symlink for %s from disable' % self.local_profilename)
+ 'Failed to remove symlink for {} from disable'.format(self.local_profilename))
self.assertEqual(
apparmor.get_profile_flags(self.local_profilename, self.test_path),
'audit',
- 'Complain flag could not be removed in profile %s' % self.local_profilename)
+ 'Complain flag could not be removed in profile ' + self.local_profilename)
# Remove audit flag
subprocess.check_output(
- '%s ./../aa-audit --no-reload -d %s -r %s --configdir ./'
- % (python_interpreter, self.profile_dir, self.test_path), shell=True)
+ '{} ./../aa-audit --no-reload -d {} -r {} --configdir ./'.format(
+ python_interpreter, self.profile_dir, self.test_path),
+ shell=True)
def test_enforce(self):
# Set test profile to enforce mode and check if it was correctly set
subprocess.check_output(
- '%s ./../aa-enforce --no-reload -d %s %s --configdir ./'
- % (python_interpreter, self.profile_dir, self.test_path), shell=True)
+ '{} ./../aa-enforce --no-reload -d {} {} --configdir ./'.format(
+ python_interpreter, self.profile_dir, self.test_path),
+ shell=True)
self.assertEqual(
- os.path.islink('%s/force-complain/%s' % (self.profile_dir, os.path.basename(self.local_profilename))),
+ os.path.islink('{}/force-complain/{}'.format(self.profile_dir, os.path.basename(self.local_profilename))),
False,
- 'Failed to remove symlink for %s from force-complain' % self.local_profilename)
+ 'Failed to remove symlink for {} from force-complain'.format(self.local_profilename))
self.assertEqual(
- os.path.islink('%s/disable/%s' % (self.profile_dir, os.path.basename(self.local_profilename))),
+ os.path.islink('{}/disable/{}'.format(self.profile_dir, os.path.basename(self.local_profilename))),
False,
- 'Failed to remove symlink for %s from disable' % self.local_profilename)
+ 'Failed to remove symlink for {} from disable'.format(self.local_profilename))
self.assertEqual(
apparmor.get_profile_flags(self.local_profilename, self.test_path),
None,
- 'Complain flag could not be removed in profile %s' % self.local_profilename)
+ 'Complain flag could not be removed in profile {}'.format(self.local_profilename))
def test_disable(self):
# Disable the test profile and check if it was correctly disabled
subprocess.check_output(
- '%s ./../aa-disable --no-reload -d %s %s --configdir ./'
- % (python_interpreter, self.profile_dir, self.test_path), shell=True)
+ '{} ./../aa-disable --no-reload -d {} {} --configdir ./'.format(
+ python_interpreter, self.profile_dir, self.test_path),
+ shell=True)
self.assertEqual(
- os.path.islink('%s/disable/%s' % (self.profile_dir, os.path.basename(self.local_profilename))),
+ os.path.islink('{}/disable/{}'.format(self.profile_dir, os.path.basename(self.local_profilename))),
True,
- 'Failed to create a symlink for %s in disable' % self.local_profilename)
+ 'Failed to create a symlink for {} in disable'.format(self.local_profilename))
def test_autodep(self):
pass
@@ -181,10 +194,10 @@ class MinitoolsTest(AATest):
@unittest.skipIf(apparmor.check_for_apparmor() is None, "Securityfs not mounted or doesn't have the apparmor directory.")
def test_unconfined(self):
output = subprocess.check_output(
- '%s ./../aa-unconfined --configdir ./' % python_interpreter, shell=True)
+ python_interpreter + ' ./../aa-unconfined --configdir ./', shell=True)
output_force = subprocess.check_output(
- '%s ./../aa-unconfined --paranoid --configdir ./' % python_interpreter, shell=True)
+ python_interpreter + ' ./../aa-unconfined --paranoid --configdir ./', shell=True)
self.assertIsNot(output, '', 'Failed to run aa-unconfined')
@@ -194,19 +207,20 @@ class MinitoolsTest(AATest):
input_file = 'cleanprof_test.in'
output_file = 'cleanprof_test.out'
# We position the local testfile
- shutil.copy('./%s' % input_file, self.profile_dir)
+ shutil.copy('./' + input_file, self.profile_dir)
# Our silly test program whose profile we wish to clean
cleanprof_test = '/usr/bin/a/simple/cleanprof/test/profile'
subprocess.check_output(
- '%s ./../aa-cleanprof --no-reload -d %s -s %s --configdir ./'
- % (python_interpreter, self.profile_dir, cleanprof_test), shell=True)
+ '{} ./../aa-cleanprof --no-reload -d {} -s {} --configdir ./'.format(
+ python_interpreter, self.profile_dir, cleanprof_test),
+ shell=True)
# Strip off the first line (#modified line)
- subprocess.check_output('sed -i 1d %s/%s' % (self.profile_dir, input_file), shell=True)
+ subprocess.check_output('sed -i 1d {}/{}'.format(self.profile_dir, input_file), shell=True)
- exp_content = read_file('./%s' % output_file)
- real_content = read_file('%s/%s' % (self.profile_dir, input_file))
+ exp_content = read_file('./' + output_file)
+ real_content = read_file('{}/{}'.format(self.profile_dir, input_file))
self.maxDiff = None
self.assertEqual(exp_content, real_content, 'Failed to cleanup profile properly')
diff --git a/utils/test/test-mount.py b/utils/test/test-mount.py
new file mode 100644
index 0000000000000000000000000000000000000000..8ec57148a946eaabe9204968278a43f4efa56a53
--- /dev/null
+++ b/utils/test/test-mount.py
@@ -0,0 +1,303 @@
+#!/usr/bin/python3
+# ----------------------------------------------------------------------
+# Copyright (C) 2024 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+import unittest
+from collections import namedtuple
+from common_test import AATest, setup_all_loops
+
+from apparmor.common import AppArmorException, AppArmorBug
+from apparmor.translations import init_translation
+
+from apparmor.rule.mount import MountRule
+
+_ = init_translation()
+
+
+class MountTestParse(AATest):
+
+ tests = (
+ # Rule Operation Filesystem Options Source Destination Audit Deny Allow Comment
+ ('mount -> **,', MountRule('mount', MountRule.ALL, MountRule.ALL, MountRule.ALL, '**', False, False, False, '')),
+ ('mount options=(rw, shared) -> **,', MountRule('mount', MountRule.ALL, ('=', ('rw', 'shared')), MountRule.ALL, '**', False, False, False, '')),
+ ('mount fstype=bpf options=rw bpf -> /sys/fs/bpf/,', MountRule('mount', ('=', ['bpf']), ('=', ('rw')), 'bpf', '/sys/fs/bpf/', False, False, False, '')),
+ ('mount fstype=fuse.obex* options=rw bpf -> /sys/fs/bpf/,', MountRule('mount', ('=', ['fuse.obex*']), ('=', ('rw')), 'bpf', '/sys/fs/bpf/', False, False, False, '')),
+ ('mount fstype=fuse.* options=rw bpf -> /sys/fs/bpf/,', MountRule('mount', ('=', ['fuse.*']), ('=', ('rw')), 'bpf', '/sys/fs/bpf/', False, False, False, '')),
+ ('mount fstype=bpf options=(rw) random_label -> /sys/fs/bpf/,', MountRule('mount', ('=', ['bpf']), ('=', ('rw')), 'random_label', '/sys/fs/bpf/', False, False, False, '')),
+ ('mount,', MountRule('mount', MountRule.ALL, MountRule.ALL, MountRule.ALL, MountRule.ALL, False, False, False, '')),
+ ('mount fstype=(ext3, ext4),', MountRule('mount', ('=', ['ext3', 'ext4']), MountRule.ALL, MountRule.ALL, MountRule.ALL, False, False, False, '')),
+ ('mount bpf,', MountRule('mount', MountRule.ALL, MountRule.ALL, 'bpf', MountRule.ALL, False, False, False, '')),
+ ('mount none,', MountRule('mount', MountRule.ALL, MountRule.ALL, 'none', MountRule.ALL, False, False, False, '')),
+ ('mount fstype=(ext3, ext4) options=(ro),', MountRule('mount', ('=', ['ext3', 'ext4']), ('=', ('ro')), MountRule.ALL, MountRule.ALL, False, False, False, '')),
+ ('mount @{mntpnt},', MountRule('mount', MountRule.ALL, MountRule.ALL, '@{mntpnt}', MountRule.ALL, False, False, False, '')),
+ ('mount /a,', MountRule('mount', MountRule.ALL, MountRule.ALL, '/a', MountRule.ALL, False, False, False, '')),
+ ('mount "/a space",', MountRule('mount', MountRule.ALL, MountRule.ALL, '/a space', MountRule.ALL, False, False, False, '')),
+ ('mount fstype=(ext3, ext4) /a -> /b,', MountRule('mount', ('=', ['ext3', 'ext4']), MountRule.ALL, '/a', '/b', False, False, False, '')),
+ ('mount fstype=(ext3, ext4) /a -> "/bar space",', MountRule('mount', ('=', ['ext3', 'ext4']), MountRule.ALL, '/a', '/bar space', False, False, False, '')),
+ ('mount fstype=(ext3, ext4) options=(ro, sync) /a -> /b,', MountRule('mount', ('=', ['ext3', 'ext4']), ('=', ('ro', 'sync')), '/a', '/b', False, False, False, '')),
+ ('mount fstype=(ext3, ext4) options=(ro, sync) /a -> /b, #cmt', MountRule('mount', ('=', ['ext3', 'ext4']), ('=', ('ro', 'sync')), '/a', '/b', False, False, False, ' #cmt')),
+ ('mount fstype=({ext3,ext4}) options in (ro, sync) /a -> /b,', MountRule('mount', ('=', ['{ext3,ext4}']), ('in', ('ro', 'sync')), '/a', '/b', False, False, False, '')),
+ ('mount fstype in (ext3, ext4) options=(ro, sync) /a -> /b, #cmt', MountRule('mount', ('in', ['ext3', 'ext4']), ('=', ('ro', 'sync')), '/a', '/b', False, False, False, ' #cmt')),
+ ('mount fstype in (ext3, ext4) option in (ro, sync) /a, #cmt', MountRule('mount', ('in', ['ext3', 'ext4']), ('in', ('ro', 'sync')), '/a', MountRule.ALL, False, False, False, ' #cmt')),
+ ('mount fstype=(ext3, ext4) option=(ro, sync) /a -> /b, #cmt', MountRule('mount', ('=', ['ext3', 'ext4']), ('=', ('ro', 'sync')), '/a', '/b', False, False, False, ' #cmt')),
+ ('mount options=(rw, rbind) {,/usr}/lib{,32,64,x32}/modules/ -> /tmp/snap.rootfs_*{,/usr}/lib/modules/,',
+ MountRule('mount', MountRule.ALL, ('=', ('rw', 'rbind')), '{,/usr}/lib{,32,64,x32}/modules/', # noqa: E127
+ '/tmp/snap.rootfs_*{,/usr}/lib/modules/', # noqa: E127
+ False, False, False, '')), # noqa: E127
+ ('mount options=(runbindable, rw) -> /,', MountRule('mount', MountRule.ALL, ('=', ['runbindable', 'rw']), MountRule.ALL, '/', False, False, False, '')),
+ ('mount "" -> /,', MountRule('mount', MountRule.ALL, MountRule.ALL, '', '/', False, False, False, '')),
+ ('umount,', MountRule('umount', MountRule.ALL, MountRule.ALL, MountRule.ALL, MountRule.ALL, False, False, False, '')),
+ ('umount fstype=ext3,', MountRule('umount', ('=', ['ext3']), MountRule.ALL, MountRule.ALL, MountRule.ALL, False, False, False, '')),
+ ('umount /a,', MountRule('umount', MountRule.ALL, MountRule.ALL, MountRule.ALL, '/a', False, False, False, '')),
+
+ ('remount,', MountRule('remount', MountRule.ALL, MountRule.ALL, MountRule.ALL, MountRule.ALL, False, False, False, '')),
+ ('remount fstype=ext4,', MountRule('remount', ('=', ['ext4']), MountRule.ALL, MountRule.ALL, MountRule.ALL, False, False, False, '')),
+ ('remount /b,', MountRule('remount', MountRule.ALL, MountRule.ALL, MountRule.ALL, '/b', False, False, False, '')),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(MountRule.match(rawrule))
+ obj = MountRule.create_instance(rawrule)
+ expected.raw_rule = rawrule.strip()
+ self.assertTrue(obj.is_equal(expected, True), f'\n {rawrule} expected,\n {obj.get_clean()} returned by obj.get_clean()\n {expected.get_clean()} returned by expected.get_clean()')
+
+ def test_valid_mount_changing_propagation(self):
+ # Rules changing propagation type can either specify a source or a dest (these are equivalent for apparmor_parser in this specific case) but not both.
+ MountRule('mount', MountRule.ALL, ('=', ('runbindable')), '/foo', MountRule.ALL)
+ MountRule('mount', MountRule.ALL, ('=', ('runbindable')), MountRule.ALL, '/foo')
+
+ def test_valid_bind_mount(self):
+ # Fstype must remain empty in bind rules
+ MountRule('mount', MountRule.ALL, ('=', ('bind')), '/foo', MountRule.ALL)
+ MountRule('mount', MountRule.ALL, ('=', ('bind')), MountRule.ALL, '/bar')
+ MountRule('mount', MountRule.ALL, ('=', ('bind')), '/foo', '/bar')
+
+
+class MountTestParseInvalid(AATest):
+ tests = (
+ ('mount fstype=,', AppArmorException),
+ ('mount fstype=(),', AppArmorException),
+ ('mount options=(),', AppArmorException),
+ ('mount option=(invalid),', AppArmorException),
+ ('mount option=(ext3ext4),', AppArmorException),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(MountRule.match(rawrule)) # the above invalid rules still match the main regex!
+ with self.assertRaises(expected):
+ MountRule.create_instance(rawrule)
+
+ def test_parse_fail(self):
+ with self.assertRaises(AppArmorException):
+ MountRule.create_instance('foo,')
+
+ def test_diff_non_mountrule(self):
+ exp = namedtuple('exp', ('audit', 'deny'))
+ obj = MountRule('mount', ('=', ['ext4']), MountRule.ALL, MountRule.ALL, MountRule.ALL)
+ with self.assertRaises(AppArmorBug):
+ obj.is_equal(exp(False, False), False)
+
+ def test_diff_invalid_fstype_equals_or_in(self):
+ with self.assertRaises(AppArmorBug):
+ MountRule('mount', ('ext3', 'ext4'), MountRule.ALL, MountRule.ALL, MountRule.ALL) # fstype[0] should be '=' or 'in'
+
+ def test_diff_invalid_fstype_aare(self):
+ tests = [
+ 'mount fstype=({unclosed_regex),',
+ 'mount fstype=({closed}twice}),',
+ ]
+
+ for t in tests:
+ with self.assertRaises(AppArmorException):
+ MountRule.create_instance(t)
+
+ def test_diff_invalid_fstype_aare_2(self):
+ fslists = [
+ ['invalid_{_regex'],
+ ['ext4', 'invalid_}_regex'],
+ ['ext4', '{invalid} {regex}']
+ ]
+ for fslist in fslists:
+ with self.assertRaises(AppArmorException):
+ MountRule('mount', ('=', fslist), MountRule.ALL, MountRule.ALL, MountRule.ALL)
+
+ def test_diff_invalid_options_equals_or_in(self):
+ with self.assertRaises(AppArmorBug):
+ MountRule('mount', MountRule.ALL, ('rbind', 'rw'), MountRule.ALL, MountRule.ALL) # fstype[0] should be '=' or 'in'
+
+ def test_diff_invalid_options_keyword(self):
+ with self.assertRaises(AppArmorException):
+ MountRule('mount', MountRule.ALL, ('=', 'invalid'), MountRule.ALL, MountRule.ALL) # fstype[0] should be '=' or 'in'
+
+ def test_diff_fstype(self):
+ obj1 = MountRule('mount', ('=', ['ext4']), MountRule.ALL, MountRule.ALL, MountRule.ALL)
+ obj2 = MountRule('mount', MountRule.ALL, MountRule.ALL, MountRule.ALL, MountRule.ALL)
+ self.assertFalse(obj1.is_equal(obj2, False))
+
+ def test_diff_source(self):
+ obj1 = MountRule('mount', MountRule.ALL, MountRule.ALL, '/foo', MountRule.ALL)
+ obj2 = MountRule('mount', MountRule.ALL, MountRule.ALL, '/bar', MountRule.ALL)
+ self.assertFalse(obj1.is_equal(obj2, False))
+
+ def test_invalid_umount_with_source(self):
+ with self.assertRaises(AppArmorException):
+ MountRule('umount', MountRule.ALL, MountRule.ALL, '/foo', MountRule.ALL) # Umount and remount shall not have a source
+
+ def test_invalid_remount_with_source(self):
+ with self.assertRaises(AppArmorException):
+ MountRule('remount', MountRule.ALL, MountRule.ALL, '/foo', MountRule.ALL)
+
+ def test_invalid_mount_changing_propagation(self):
+ # Rules changing propagation type can either specify a source or a dest (these are equivalent for apparmor_parser in this specific case) but not both.
+ with self.assertRaises(AppArmorException):
+ MountRule('mount', MountRule.ALL, ('=', ('runbindable')), '/foo', '/bar')
+
+ # Rules changing propagation type cannot specify a fstype.
+ with self.assertRaises(AppArmorException):
+ MountRule('mount', ('=', ('ext4')), ('=', ('runbindable')), MountRule.ALL, '/foo')
+
+ def test_invalid_bind_mount(self):
+ # Bind mount rules cannot specify a fstype.
+ with self.assertRaises(AppArmorException):
+ MountRule('mount', ('=', ('ext4')), ('=', ('bind')), MountRule.ALL, '/foo')
+
+
+class MountTestGlob(AATest):
+ def test_glob(self):
+ globList = [(
+ 'mount options=(bind, rw) /home/user/Downloads/ -> /mnt/a/,',
+ 'mount options=(bind, rw) /home/user/Downloads/,',
+ 'mount options=(bind, rw) /home/user/*/,',
+ 'mount options=(bind, rw) /home/**/,',
+ 'mount options=(bind, rw),',
+ 'mount,',
+ 'mount,',
+ )]
+ for globs in globList:
+ for i in range(len(globs) - 1):
+ rule = MountRule.create_instance(globs[i])
+ rule.glob()
+ self.assertEqual(rule.get_clean(), globs[i + 1])
+
+
+class MountTestClean(AATest):
+ tests = (
+ # raw rule clean rule
+ (' mount , # foo ', 'mount, # foo'),
+ (' mount fstype = ( sysfs ) , ', 'mount fstype=(sysfs),'),
+ (' mount fstype = ( sysfs , procfs ) , ', 'mount fstype=(procfs, sysfs),'),
+ (' mount options = ( rw ) , ', 'mount options=(rw),'),
+ (' mount options = ( rw , noatime ) , ', 'mount options=(noatime, rw),'),
+ (' mount fstype in ( sysfs ) , ', 'mount fstype in (sysfs),'),
+ (' mount fstype in ( sysfs , procfs ) , ', 'mount fstype in (procfs, sysfs),'),
+ (' mount options in ( rw ) , ', 'mount options in (rw),'),
+ (' mount options in ( rw , noatime ) , ', 'mount options in (noatime, rw),'),
+ (' umount , ', 'umount,'),
+ (' umount /foo , ', 'umount /foo,'),
+ (' remount , ', 'remount,'),
+ (' remount /foo , ', 'remount /foo,'),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(MountRule.match(rawrule))
+ obj = MountRule.create_instance(rawrule)
+ clean = obj.get_clean()
+ raw = obj.get_raw()
+
+ self.assertEqual(expected, clean, 'unexpected clean rule')
+ self.assertEqual(rawrule.strip(), raw, 'unexpected raw rule')
+
+
+class MountLogprofHeaderTest(AATest):
+ tests = (
+ ('mount,', [_('Operation'), _('mount'), _('Fstype'), _('ALL'), _('Options'), _('ALL'), _('Source'), _('ALL'), _('Destination'), _('ALL')]),
+ ('mount options=(ro, nosuid) /a,', [_('Operation'), _('mount'), _('Fstype'), _('ALL'), _('Options'), ('=', _('nosuid ro')), _('Source'), _('/a'), _('Destination'), _('ALL')]),
+ ('mount fstype=(ext3, ext4) options=(ro, nosuid) /a -> /b,', [_('Operation'), _('mount'), _('Fstype'), ('=', _('ext3 ext4')), _('Options'), ('=', _('nosuid ro')), _('Source'), _('/a'), _('Destination'), _('/b')])
+ )
+
+ def _run_test(self, params, expected):
+ obj = MountRule.create_instance(params)
+ self.assertEqual(obj.logprof_header(), expected)
+
+
+class MountIsCoveredTest(AATest):
+ def test_is_covered(self):
+ obj = MountRule('mount', ('=', ('ext3', 'ext4')), ('=', ('ro')), '/foo/b*', '/b*')
+ tests = [
+ ('mount', ('=', ['ext3', 'ext4']), ('=', ('ro')), '/foo/b', '/bar'),
+ ('mount', ('=', ['ext3', 'ext4']), ('=', ('ro')), '/foo/bar', '/b')
+ ]
+ for test in tests:
+ self.assertTrue(obj.is_covered(MountRule(*test)))
+ self.assertFalse(obj.is_equal(MountRule(*test)))
+
+ def test_is_covered_fs_source(self):
+ obj = MountRule('mount', ('=', ['ext3', 'ext4']), ('=', ('ro')), 'tmpfs', MountRule.ALL)
+ self.assertTrue(obj.is_covered(MountRule('mount', ('=', ['ext3']), ('=', ('ro')), 'tmpfs', MountRule.ALL)))
+ self.assertFalse(obj.is_equal(MountRule('mount', ('=', ['ext3']), ('=', ('ro')), 'tmpfs', MountRule.ALL)))
+
+ def test_is_covered_aare_1(self):
+ obj = MountRule('mount', ('=', ['sys*', 'fuse.*']), ('=', ('ro')), 'tmpfs', MountRule.ALL)
+ tests = [
+ ('mount', ('=', ['sysfs', 'fuse.s3fs']), ('=', ('ro')), 'tmpfs', MountRule.ALL),
+ ('mount', ('=', ['sysfs', 'fuse.jmtpfs', 'fuse.s3fs', 'fuse.obexfs', 'fuse.obexautofs', 'fuse.fuseiso']), ('=', ('ro')), 'tmpfs', MountRule.ALL)
+ ]
+ for test in tests:
+ self.assertTrue(obj.is_covered(MountRule(*test)))
+ self.assertFalse(obj.is_equal(MountRule(*test)))
+
+ def test_is_covered_aare_2(self):
+ obj = MountRule('mount', ('=', ['ext{3,4}', '{cgroup*,fuse.*}']), ('=', ('ro')), 'tmpfs', MountRule.ALL)
+ tests = [
+ ('mount', ('=', ['ext3']), ('=', ('ro')), 'tmpfs', MountRule.ALL),
+ ('mount', ('=', ['ext3', 'ext4', 'cgroup', 'cgroup2', 'fuse.jmtpfs', 'fuse.s3fs', 'fuse.obexfs', 'fuse.obexautofs', 'fuse.fuseiso']), ('=', ('ro')), 'tmpfs', MountRule.ALL)
+ ]
+ for test in tests:
+ self.assertTrue(obj.is_covered(MountRule(*test)))
+ self.assertFalse(obj.is_equal(MountRule(*test)))
+
+ def test_is_notcovered(self):
+ obj = MountRule('mount', ('=', ['ext3', 'ext4']), ('=', ('ro')), '/foo/b*', '/b*')
+ tests = [
+ ('mount', ('in', ['ext3', 'ext4']), ('=', ('ro')), '/foo/bar', '/bar'),
+ ('mount', ('=', ['procfs', 'ext4']), ('=', ('ro')), '/foo/bar', '/bar'),
+ ('mount', ('=', ['ext3']), ('=', ('rw')), '/foo/bar', '/bar'),
+ ('mount', ('=', ['ext3', 'ext4']), MountRule.ALL, '/foo/b*', '/bar'),
+ ('mount', MountRule.ALL, ('=', ('ro')), '/foo/b*', '/bar'),
+ ('mount', ('=', ['ext3', 'ext4']), ('=', ('ro')), '/invalid/bar', '/bar'),
+ ('umount', MountRule.ALL, MountRule.ALL, MountRule.ALL, '/bar'),
+ ('remount', MountRule.ALL, MountRule.ALL, MountRule.ALL, '/bar'),
+ ('mount', ('=', ['ext3', 'ext4']), ('=', ('ro')), 'tmpfs', '/bar'),
+ ('mount', ('=', ['ext3', 'ext4']), ('=', ('ro')), '/foo/b*', '/invalid'),
+ ]
+ for test in tests:
+ self.assertFalse(obj.is_covered(MountRule(*test)))
+ self.assertFalse(obj.is_equal(MountRule(*test)))
+
+ def test_is_not_covered_fs_source(self):
+ obj = MountRule('mount', ('=', ['ext3', 'ext4']), ('=', ('ro')), 'tmpfs', MountRule.ALL)
+ test = ('mount', ('=', ['ext3', 'ext4']), ('=', ('ro')), 'procfs', MountRule.ALL)
+ self.assertFalse(obj.is_covered(MountRule(*test)))
+ self.assertFalse(obj.is_equal(MountRule(*test)))
+
+ def test_is_not_covered_fs_options(self):
+ obj = MountRule('mount', MountRule.ALL, ('=', ('ro')), 'tmpfs', MountRule.ALL)
+ test = ('mount', MountRule.ALL, ('=', ('rw')), 'procfs', MountRule.ALL)
+ self.assertFalse(obj.is_covered(MountRule(*test)))
+ self.assertFalse(obj.is_equal(MountRule(*test)))
+
+
+setup_all_loops(__name__)
+if __name__ == '__main__':
+ unittest.main(verbosity=1)
diff --git a/utils/test/test-mount_parse.py b/utils/test/test-mount_parse.py
deleted file mode 100644
index 81c364092608a7f0e2085dc485185aad7e8bb7f0..0000000000000000000000000000000000000000
--- a/utils/test/test-mount_parse.py
+++ /dev/null
@@ -1,53 +0,0 @@
-#! /usr/bin/python3
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2014 Canonical Ltd.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-import unittest
-
-import apparmor.aa as aa
-from common_test import AAParseTest, setup_aa, setup_regex_tests
-
-
-class BaseAAParseMountTest(AAParseTest):
- def setUp(self):
- self.parse_function = aa.parse_mount_rule
-
-
-class AAParseMountTest(BaseAAParseMountTest):
- tests = (
- ('mount,', 'mount base keyword rule'),
- ('mount -o ro,', 'mount ro rule'),
- ('mount -o rw /dev/sdb1 -> /mnt/external,', 'mount rw with mount point'),
- )
-
-
-class AAParseRemountTest(BaseAAParseMountTest):
- tests = (
- ('remount,', 'remount base keyword rule'),
- ('remount -o ro,', 'remount ro rule'),
- ('remount -o ro /,', 'remount ro with mountpoint'),
- )
-
-
-class AAParseUmountTest(BaseAAParseMountTest):
- tests = (
- ('umount,', 'umount base keyword rule'),
- ('umount /mnt/external,', 'umount with mount point'),
- ('unmount,', 'unmount base keyword rule'),
- ('unmount /mnt/external,', 'unmount with mount point'),
- )
-
-
-setup_aa(aa)
-if __name__ == '__main__':
- setup_regex_tests(AAParseMountTest)
- setup_regex_tests(AAParseRemountTest)
- setup_regex_tests(AAParseUmountTest)
- unittest.main(verbosity=1)
diff --git a/utils/test/test-mqueue.py b/utils/test/test-mqueue.py
new file mode 100644
index 0000000000000000000000000000000000000000..c737726f3f0e9572be2ed5a76deb4fd76d1e361e
--- /dev/null
+++ b/utils/test/test-mqueue.py
@@ -0,0 +1,259 @@
+#!/usr/bin/python3
+# ----------------------------------------------------------------------
+# Copyright (C) 2022 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+import unittest
+from collections import namedtuple
+from common_test import AATest, setup_all_loops
+
+from apparmor.rule.mqueue import MessageQueueRule, MessageQueueRuleset
+from apparmor.common import AppArmorException, AppArmorBug
+from apparmor.translations import init_translation
+_ = init_translation()
+
+
+class MessageQueueTestParse(AATest):
+ tests = (
+ # access type label mqueue_name audit deny allow comment
+ ('mqueue,', MessageQueueRule(MessageQueueRule.ALL, MessageQueueRule.ALL, MessageQueueRule.ALL, MessageQueueRule.ALL, False, False, False, '')),
+ ('mqueue create,', MessageQueueRule(('create'), MessageQueueRule.ALL, MessageQueueRule.ALL, MessageQueueRule.ALL, False, False, False, '')),
+ ('mqueue (create,open,delete),', MessageQueueRule(('create', 'open', 'delete'), MessageQueueRule.ALL, MessageQueueRule.ALL, MessageQueueRule.ALL, False, False, False, '')),
+ ('mqueue (getattr,setattr),', MessageQueueRule(('getattr', 'setattr'), MessageQueueRule.ALL, MessageQueueRule.ALL, MessageQueueRule.ALL, False, False, False, '')),
+ ('mqueue (write,read),', MessageQueueRule(('write', 'read'), MessageQueueRule.ALL, MessageQueueRule.ALL, MessageQueueRule.ALL, False, False, False, '')),
+ ('mqueue (open,delete),', MessageQueueRule(('open', 'delete'), MessageQueueRule.ALL, MessageQueueRule.ALL, MessageQueueRule.ALL, False, False, False, '')),
+ ('mqueue write label=foo,', MessageQueueRule(('write'), MessageQueueRule.ALL, 'foo', MessageQueueRule.ALL, False, False, False, '')),
+ ('mqueue read label=foo /queue,', MessageQueueRule(('read'), MessageQueueRule.ALL, 'foo', '/queue', False, False, False, '')),
+ ('audit mqueue read label=foo /queue,', MessageQueueRule(('read'), MessageQueueRule.ALL, 'foo', '/queue', True, False, False, '')),
+ ('deny mqueue rw label=foo /queue,', MessageQueueRule(('rw'), MessageQueueRule.ALL, 'foo', '/queue', False, True, False, '')),
+ ('audit allow mqueue r label=foo /queue,', MessageQueueRule(('r'), MessageQueueRule.ALL, 'foo', '/queue', True, False, True, '')),
+ ('mqueue w label=foo 1234, # cmt', MessageQueueRule(('w'), MessageQueueRule.ALL, 'foo', '1234', False, False, False, ' # cmt')),
+ ('mqueue wr 1234,', MessageQueueRule(('wr'), MessageQueueRule.ALL, MessageQueueRule.ALL, '1234', False, False, False, '')),
+ ('mqueue 1234,', MessageQueueRule(MessageQueueRule.ALL, MessageQueueRule.ALL, MessageQueueRule.ALL, '1234', False, False, False, '')),
+ ('mqueue type=sysv,', MessageQueueRule(MessageQueueRule.ALL, 'sysv', MessageQueueRule.ALL, MessageQueueRule.ALL, False, False, False, '')),
+ ('mqueue type=posix,', MessageQueueRule(MessageQueueRule.ALL, 'posix', MessageQueueRule.ALL, MessageQueueRule.ALL, False, False, False, '')),
+ ('mqueue type=sysv 1234,', MessageQueueRule(MessageQueueRule.ALL, 'sysv', MessageQueueRule.ALL, '1234', False, False, False, '')),
+ ('mqueue type=posix /queue,', MessageQueueRule(MessageQueueRule.ALL, 'posix', MessageQueueRule.ALL, '/queue', False, False, False, '')),
+ ('mqueue open type=sysv label=foo 1234,', MessageQueueRule(('open'), 'sysv', 'foo', '1234', False, False, False, '')),
+ ('mqueue r type=posix /,', MessageQueueRule(('r'), 'posix', MessageQueueRule.ALL, '/', False, False, False, '')),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(MessageQueueRule.match(rawrule))
+ obj = MessageQueueRule.create_instance(rawrule)
+ expected.raw_rule = rawrule.strip()
+ self.assertTrue(obj.is_equal(expected, True))
+
+
+class MessageQueueTestParseInvalid(AATest):
+ tests = (
+ ('mqueue label=,', AppArmorException),
+ ('mqueue invalidaccess /queuename,', AppArmorException),
+ ('mqueue invalidqueuename,', AppArmorException),
+ ('mqueue invalidqueuename1234,', AppArmorException),
+ ('mqueue foo label foo bar,', AppArmorException),
+ ('mqueue type=,', AppArmorException),
+ ('mqueue type=sysv /foo,', AppArmorException),
+ ('mqueue type=posix 1234,', AppArmorException),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(MessageQueueRule.match(rawrule)) # the above invalid rules still match the main regex!
+ with self.assertRaises(expected):
+ MessageQueueRule.create_instance(rawrule)
+
+ def test_parse_fail(self):
+ with self.assertRaises(AppArmorException):
+ MessageQueueRule.create_instance('foo,')
+
+ def test_diff_non_mqueuerule(self):
+ exp = namedtuple('exp', ('audit', 'deny'))
+ obj = MessageQueueRule(('open'), 'posix', 'bar', '/foo')
+ with self.assertRaises(AppArmorBug):
+ obj.is_equal(exp(False, False), False)
+
+ def test_diff_access(self):
+ obj1 = MessageQueueRule(('open'), 'posix', 'bar', '/foo')
+ obj2 = MessageQueueRule(('create'), 'posix', 'bar', '/foo')
+ self.assertFalse(obj1.is_equal(obj2, False))
+
+ def test_diff_type(self):
+ obj1 = MessageQueueRule(('open'), 'sysv', 'bar', MessageQueueRule.ALL)
+ obj2 = MessageQueueRule(('open'), 'posix', 'inv', MessageQueueRule.ALL)
+ self.assertFalse(obj1.is_equal(obj2, False))
+
+ def test_diff_label(self):
+ obj1 = MessageQueueRule(('open'), 'posix', 'bar', '/foo')
+ obj2 = MessageQueueRule(('open'), 'posix', 'inv', '/foo')
+ self.assertFalse(obj1.is_equal(obj2, False))
+
+ def test_diff_mqueue_name(self):
+ obj1 = MessageQueueRule(('open'), MessageQueueRule.ALL, 'bar', '/foo')
+ obj2 = MessageQueueRule(('open'), MessageQueueRule.ALL, 'bar', '123')
+ self.assertFalse(obj1.is_equal(obj2, False))
+
+
+class InvalidMessageQueueInit(AATest):
+ tests = (
+ # init params expected exception
+ (('write', 'sysv', '', '/foo'), AppArmorBug), # empty label
+ (('write', '', 'bar', '/foo'), AppArmorBug), # empty type
+ (('', 'sysv', 'bar', '/foo'), AppArmorBug), # empty access
+ (('write', 'sysv', 'bar', ''), AppArmorBug), # empty mqueue_name
+ ((' ', 'sysv', 'bar', '/foo'), AppArmorBug), # whitespace access
+ (('write', ' ', 'bar', '/foo'), AppArmorBug), # whitespace type
+ (('write', 'sysv', ' ', '/foo'), AppArmorBug), # whitespace label
+ (('write', 'sysv', 'bar', ' '), AppArmorBug), # whitespace mqueue_name
+ (('xyxy', 'sysv', 'bar', '/foo'), AppArmorException), # invalid access
+ ((dict(), '', 'bar', '/foo'), AppArmorBug), # wrong type for access
+ ((None, '', 'bar', '/foo'), AppArmorBug), # wrong type for access
+ (('write', dict(), 'bar', '/foo'), AppArmorBug), # wrong type for type
+ (('write', None, 'bar', '/foo'), AppArmorBug), # wrong type for type
+ (('write', '', dict(), '/foo'), AppArmorBug), # wrong type for label
+ (('write', '', None, '/foo'), AppArmorBug), # wrong type for label
+ (('write', '', 'bar', dict()), AppArmorBug), # wrong type for mqueue_name
+ (('write', '', 'bar', None), AppArmorBug), # wrong type for mqueue_name
+ )
+
+ def _run_test(self, params, expected):
+ with self.assertRaises(expected):
+ MessageQueueRule(*params)
+
+ def test_missing_params_1(self):
+ with self.assertRaises(TypeError):
+ MessageQueueRule()
+
+ def test_missing_params_2(self):
+ with self.assertRaises(TypeError):
+ MessageQueueRule('r')
+
+ def test_missing_params_3(self):
+ with self.assertRaises(TypeError):
+ MessageQueueRule('r', 'sysv')
+
+ def test_missing_params_4(self):
+ with self.assertRaises(TypeError):
+ MessageQueueRule('r', 'sysv', 'foo')
+
+
+class WriteMessageQueueTestAATest(AATest):
+ tests = (
+ # raw rule clean rule
+ (' mqueue , # foo ', 'mqueue, # foo'),
+ (' audit mqueue create,', 'audit mqueue create,'),
+ (' audit mqueue (open ),', 'audit mqueue open,'),
+ (' audit mqueue (delete , read ),', 'audit mqueue (delete read),'),
+ (' deny mqueue write label=bar,# foo bar', 'deny mqueue write label=bar, # foo bar'),
+ (' deny mqueue open ,# foo bar', 'deny mqueue open, # foo bar'),
+ (' allow mqueue label=tst ,# foo bar', 'allow mqueue label=tst, # foo bar'),
+ ('mqueue,', 'mqueue,'),
+ ('mqueue (read),', 'mqueue read,'),
+ ('mqueue (create),', 'mqueue create,'),
+ ('mqueue (write read),', 'mqueue (read write),'),
+ ('mqueue (open,create,open,delete,write,read),', 'mqueue (create delete open read write),'),
+ ('mqueue r,', 'mqueue r,'),
+ ('mqueue w,', 'mqueue w,'),
+ ('mqueue rw,', 'mqueue rw,'),
+ ('mqueue delete label="tst",', 'mqueue delete label="tst",'),
+ ('mqueue (getattr) label=bar,', 'mqueue getattr label=bar,'),
+ ('mqueue getattr /foo,', 'mqueue getattr /foo,'),
+ ('mqueue (setattr getattr) 1234,', 'mqueue (getattr setattr) 1234,'),
+ ('mqueue wr label=tst 1234,', 'mqueue wr label=tst 1234,'),
+ ('mqueue wr type=sysv label=tst 1234,', 'mqueue wr type=sysv label=tst 1234,'),
+ ('mqueue wr type=posix label=tst /foo,', 'mqueue wr type=posix label=tst /foo,'),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(MessageQueueRule.match(rawrule))
+ obj = MessageQueueRule.create_instance(rawrule)
+ clean = obj.get_clean()
+ raw = obj.get_raw()
+
+ self.assertEqual(expected.strip(), clean, 'unexpected clean rule')
+ self.assertEqual(rawrule.strip(), raw, 'unexpected raw rule')
+
+ def test_write_manually(self):
+ obj = MessageQueueRule('setattr', 'posix', 'bar', '/foo', allow_keyword=True)
+
+ expected = ' allow mqueue setattr type=posix label=bar /foo,'
+
+ self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule')
+ self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')
+
+ def test_write_invalid_access(self):
+ obj = MessageQueueRule('setattr', 'posix', 'bar', '/foo')
+ obj.access = ''
+ with self.assertRaises(AppArmorBug):
+ obj.get_clean()
+
+ def test_write_invalid_type(self):
+ obj = MessageQueueRule('setattr', 'posix', 'bar', '/foo')
+ obj.mqueue_type = ''
+ with self.assertRaises(AppArmorBug):
+ obj.get_clean()
+
+ def test_write_invalid_label(self):
+ obj = MessageQueueRule('setattr', 'posix', 'bar', '/foo')
+ obj.label = ''
+ with self.assertRaises(AppArmorBug):
+ obj.get_clean()
+
+ def test_write_invalid_mqueue_name(self):
+ obj = MessageQueueRule('setattr', 'posix', 'bar', '/foo')
+ obj.mqueue_name = ''
+ with self.assertRaises(AppArmorBug):
+ obj.get_clean()
+
+
+class MessageQueueIsCoveredTest(AATest):
+ def test_is_covered(self):
+ obj = MessageQueueRule(('create'), MessageQueueRule.ALL, 'f*', MessageQueueRule.ALL)
+ self.assertTrue(obj.is_covered(MessageQueueRule(('create'), 'sysv', 'f*', '1234')))
+ self.assertTrue(obj.is_covered(MessageQueueRule(('create'), 'posix', 'f*', MessageQueueRule.ALL)))
+ self.assertTrue(obj.is_covered(MessageQueueRule(('create'), 'sysv', 'foo', MessageQueueRule.ALL)))
+ self.assertTrue(obj.is_covered(MessageQueueRule(('create'), 'sysv', 'foo', '1234')))
+
+ def test_is_not_covered(self):
+ obj = MessageQueueRule(('getattr'), 'sysv', 'f*', '1234')
+ self.assertFalse(obj.is_covered(MessageQueueRule(('create'), 'sysv', 'foo', MessageQueueRule.ALL)))
+ self.assertFalse(obj.is_covered(MessageQueueRule(('getattr'), 'posix', 'foo', MessageQueueRule.ALL)))
+ self.assertFalse(obj.is_covered(MessageQueueRule(('getattr'), 'sysv', 'bar', MessageQueueRule.ALL)))
+ self.assertFalse(obj.is_covered(MessageQueueRule(('getattr'), 'sysv', 'foo', '123')))
+
+
+class MessageQueueLogprofHeaderTest(AATest):
+ tests = (
+ ('mqueue,', [ _('Access mode'), _('ALL'), _('Type'), _('ALL'), _('Label'), _('ALL'), _('Message queue name'), _('ALL'), ]), # noqa: E201
+ ('mqueue (create,getattr) 12,', [ _('Access mode'), 'create getattr', _('Type'), _('ALL'), _('Label'), _('ALL'), _('Message queue name'), '12', ]), # noqa: E201
+ ('mqueue write label=bar,', [ _('Access mode'), 'write', _('Type'), _('ALL'), _('Label'), 'bar', _('Message queue name'), _('ALL'), ]), # noqa: E201
+ ('mqueue write type=sysv,', [ _('Access mode'), 'write', _('Type'), 'sysv', _('Label'), _('ALL'), _('Message queue name'), _('ALL'), ]), # noqa: E201
+ ('mqueue read type=posix,', [ _('Access mode'), 'read', _('Type'), 'posix', _('Label'), _('ALL'), _('Message queue name'), _('ALL'), ]), # noqa: E201
+ ('deny mqueue read /foo,', [_('Qualifier'), 'deny', _('Access mode'), 'read', _('Type'), _('ALL'), _('Label'), _('ALL'), _('Message queue name'), '/foo', ]),
+ ('allow mqueue setattr,', [_('Qualifier'), 'allow', _('Access mode'), 'setattr', _('Type'), _('ALL'), _('Label'), _('ALL'), _('Message queue name'), _('ALL'), ]),
+ ('audit mqueue r label=ba 12,', [_('Qualifier'), 'audit', _('Access mode'), 'r', _('Type'), _('ALL'), _('Label'), 'ba', _('Message queue name'), '12', ]),
+ ('audit deny mqueue rw,', [_('Qualifier'), 'audit deny', _('Access mode'), 'rw', _('Type'), _('ALL'), _('Label'), _('ALL'), _('Message queue name'), _('ALL'), ]),
+ )
+
+ def _run_test(self, params, expected):
+ obj = MessageQueueRule.create_instance(params)
+ self.assertEqual(obj.logprof_header(), expected)
+
+
+class MessageQueueGlobTestAATest(AATest):
+ def test_glob(self):
+ self.assertEqual(MessageQueueRuleset().get_glob('mqueue create,'), 'mqueue,')
+
+
+setup_all_loops(__name__)
+if __name__ == '__main__':
+ unittest.main(verbosity=1)
diff --git a/utils/test/test-network.py b/utils/test/test-network.py
index d9858cd05f7775caade5bbe6f0bf52ce9bfc5979..db3b341e8dfb509feeb9f6e1f004c6fb942abd2d 100644
--- a/utils/test/test-network.py
+++ b/utils/test/test-network.py
@@ -18,16 +18,16 @@ from collections import namedtuple
from apparmor.common import AppArmorBug, AppArmorException, cmd
from apparmor.logparser import ReadLog
-from apparmor.rule import BaseRule
-from apparmor.rule.network import NetworkRule, NetworkRuleset, network_domain_keywords
+from apparmor.rule.network import NetworkRule, NetworkRuleset, network_domain_keywords, network_ipv6
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
+import re
_ = init_translation()
-exp = namedtuple(
- 'exp', ('audit', 'allow_keyword', 'deny', 'comment',
- 'domain', 'all_domains', 'type_or_protocol', 'all_type_or_protocols'))
+exp = namedtuple('exp', ('audit', 'allow_keyword', 'deny', 'comment',
+ 'accesses', 'domain', 'all_domains', 'type_or_protocol',
+ 'all_type_or_protocols', 'local_expr', 'peer_expr'))
# --- check if the keyword list is up to date --- #
@@ -57,57 +57,90 @@ class NetworkKeywordsTest(AATest):
'on an newer kernel and will require updating the list of network domain keywords in '
'utils/apparmor/rule/network.py')
-# --- tests for single NetworkRule --- #
+class NetworkPV6Test(AATest):
+ def test_ipv6(self):
+ tests = [
+ ("2001:0db8:85a3:0000:0000:8a2e:0370:7334", True), # Standard IPv6
+ ("2001:db8::8a2e:370:7334", True), # Zero Compression
+ ("::1", True), # IPv6 Loopback
+ ("::", True), # IPv6 Unspecified
+ ("::ffff:192.168.236.159", True), # IPv6-mapped IPv4
+ ("fe80::1ff:fe23:4567:890a%eth0", True), # IPv6 with Zone Identifier
+ ("1234:5678::abcd:ef12:3456", True), # Mixed groups and zero compression
+ ("12345::6789", False), # Erroneous IP (invalid hex group length)
+ ("192.168.1.1", False), # IPv4 only
+ ]
+
+ for test in tests:
+ self.assertEqual(bool(re.match(network_ipv6, test[0])), test[1])
+
+# --- tests for single NetworkRule --- #
class NetworkTest(AATest):
def _compare_obj(self, obj, expected):
self.assertEqual(expected.allow_keyword, obj.allow_keyword)
self.assertEqual(expected.audit, obj.audit)
+ self.assertEqual(expected.accesses, obj.accesses)
self.assertEqual(expected.domain, obj.domain)
self.assertEqual(expected.type_or_protocol, obj.type_or_protocol)
self.assertEqual(expected.all_domains, obj.all_domains)
self.assertEqual(expected.all_type_or_protocols, obj.all_type_or_protocols)
self.assertEqual(expected.deny, obj.deny)
self.assertEqual(expected.comment, obj.comment)
+ self.assertEqual(expected.local_expr, obj.local_expr)
+ self.assertEqual(expected.peer_expr, obj.peer_expr)
class NetworkTestParse(NetworkTest):
tests = (
- # rawrule audit allow deny comment domain all? type/proto all?
- ('network,', exp(False, False, False, '', None, True, None, True)),
- ('network inet,', exp(False, False, False, '', 'inet', False, None, True)),
- ('network inet stream,', exp(False, False, False, '', 'inet', False, 'stream', False)),
- ('deny network inet stream, # comment', exp(False, False, True, ' # comment', 'inet', False, 'stream', False)),
- ('audit allow network tcp,', exp(True, True, False, '', None, True, 'tcp', False)),
- ('network stream,', exp(False, False, False, '', None, True, 'stream', False)),
+ # rawrule audit allow deny comment access domain all? type/proto all? local_expr peer_expr
+ ('network,', exp(False, False, False, '', None, None, True, None, True, NetworkRule.ALL, NetworkRule.ALL)),
+ ('network inet,', exp(False, False, False, '', None, 'inet', False, None, True, NetworkRule.ALL, NetworkRule.ALL)),
+ ('network inet stream,', exp(False, False, False, '', None, 'inet', False, 'stream', False, NetworkRule.ALL, NetworkRule.ALL)),
+ ('deny network inet stream, # comment', exp(False, False, True, ' # comment', None, 'inet', False, 'stream', False, NetworkRule.ALL, NetworkRule.ALL)),
+ ('audit allow network tcp,', exp(True, True, False, '', None, None, True, 'tcp', False, NetworkRule.ALL, NetworkRule.ALL)),
+ ('network stream,', exp(False, False, False, '', None, None, True, 'stream', False, NetworkRule.ALL, NetworkRule.ALL)),
+ ('network stream peer=(ip=::1 port=22),', exp(False, False, False, '', None, None, True, 'stream', False, NetworkRule.ALL, {"ip": "::1", 'port': '22'},)),
+ ('network stream ip=::1 port=22,', exp(False, False, False, '', None, None, True, 'stream', False, {"ip": "::1", 'port': '22'}, NetworkRule.ALL)),
+ ('network (bind,listen) stream,', exp(False, False, False, '', {'listen', 'bind'}, None, True, 'stream', False, NetworkRule.ALL, NetworkRule.ALL)),
+ ('network (connect, rw) stream ip=192.168.122.2 port=22 peer=(ip=192.168.122.3 port=22),',
+ exp(False, False, False, '', {'connect', 'rw'}, None, True, 'stream', False, {'ip': '192.168.122.2', 'port': '22'}, {"ip": "192.168.122.3", 'port': '22'})), # noqa: E127
)
def _run_test(self, rawrule, expected):
self.assertTrue(NetworkRule.match(rawrule))
- obj = NetworkRule.parse(rawrule)
+ obj = NetworkRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
class NetworkTestParseInvalid(NetworkTest):
tests = (
- ('network foo,', AppArmorException),
- ('network foo bar,', AppArmorException),
- ('network foo tcp,', AppArmorException),
- ('network inet bar,', AppArmorException),
+ ('network foo,', AppArmorException),
+ ('network foo bar,', AppArmorException),
+ ('network foo tcp,', AppArmorException),
+ ('network inet bar,', AppArmorException),
+ ('network ip=999.999.999.999,', AppArmorException),
+ ('network port=99999,', AppArmorException),
+ ('network inet ip=in:va::li:d0,', AppArmorException),
+ ('network inet ip=in:va::li:d0,', AppArmorException),
+ ('network inet ip=1:2:3:4:5:6:7:8:9:0:0:0,', AppArmorException), # too many segments
+ ('network inet peer=(ip=1:2:3:4:5:6:7:8:9:0:0:0),', AppArmorException), # too many segments
+ ('network packet ip=1::,', AppArmorException), # Only inet[6] domains can be used in conjunction with a local expression
+ ('network packet peer=(ip=1::),', AppArmorException), # Only inet[6] domains can be used in conjunction with a peer expression
)
def _run_test(self, rawrule, expected):
self.assertTrue(NetworkRule.match(rawrule)) # the above invalid rules still match the main regex!
with self.assertRaises(expected):
- NetworkRule.parse(rawrule)
+ NetworkRule.create_instance(rawrule)
class NetworkTestParseFromLog(NetworkTest):
def test_net_from_log(self):
parser = ReadLog('', '', '')
- event = 'type=AVC msg=audit(1428699242.551:386): apparmor="DENIED" operation="create" profile="/bin/ping" pid=10589 comm="ping" family="inet" sock_type="raw" protocol=1'
+ event = 'type=AVC msg=audit(1428699242.551:386): apparmor="DENIED" operation="create" profile="/bin/ping" pid=10589 comm="ping" family="inet" sock_type="raw" protocol=1 lport=1234'
parsed_event = parser.parse_event(event)
@@ -125,6 +158,11 @@ class NetworkTestParseFromLog(NetworkTest):
'resource': None,
'info': None,
'aamode': 'REJECTING',
+ 'accesses': None,
+ 'addr': None,
+ 'peer_addr': None,
+ 'port': 1234,
+ 'remote_port': None,
'time': 1428699242,
'active_hat': None,
'pid': 10589,
@@ -135,10 +173,10 @@ class NetworkTestParseFromLog(NetworkTest):
'class': None,
})
- obj = NetworkRule(parsed_event['family'], parsed_event['sock_type'], log_event=parsed_event)
+ obj = NetworkRule(NetworkRule.ALL, parsed_event['family'], parsed_event['sock_type'], NetworkRule.ALL, NetworkRule.ALL, log_event=parsed_event)
# audit allow deny comment domain all? type/proto all?
- expected = exp(False, False, False, '', 'inet', False, 'raw', False)
+ expected = exp(False, False, False, '', None, 'inet', False, 'raw', False, NetworkRule.ALL, NetworkRule.ALL)
self._compare_obj(obj, expected)
@@ -147,13 +185,17 @@ class NetworkTestParseFromLog(NetworkTest):
class NetworkFromInit(NetworkTest):
tests = (
- # NetworkRule object audit allow deny comment domain all? type/proto all?
- (NetworkRule('inet', 'raw', deny=True), exp(False, False, True, '', 'inet', False, 'raw', False)),
- (NetworkRule('inet', 'raw'), exp(False, False, False, '', 'inet', False, 'raw', False)),
- (NetworkRule('inet', NetworkRule.ALL), exp(False, False, False, '', 'inet', False, None, True)),
- (NetworkRule(NetworkRule.ALL, NetworkRule.ALL), exp(False, False, False, '', None, True, None, True)),
- (NetworkRule(NetworkRule.ALL, 'tcp'), exp(False, False, False, '', None, True, 'tcp', False)),
- (NetworkRule(NetworkRule.ALL, 'stream'), exp(False, False, False, '', None, True, 'stream', False)),
+ # NetworkRule object audit allow deny comment access domain all? type/proto all? Local expr Peer expr
+ (NetworkRule(NetworkRule.ALL, 'inet', 'raw', NetworkRule.ALL, NetworkRule.ALL, deny=True), exp(False, False, True, '', None, 'inet', False, 'raw', False, NetworkRule.ALL, NetworkRule.ALL)),
+ (NetworkRule(NetworkRule.ALL, 'inet', 'raw', NetworkRule.ALL, NetworkRule.ALL), exp(False, False, False, '', None, 'inet', False, 'raw', False, NetworkRule.ALL, NetworkRule.ALL)),
+ (NetworkRule(NetworkRule.ALL, 'inet', NetworkRule.ALL, NetworkRule.ALL, NetworkRule.ALL), exp(False, False, False, '', None, 'inet', False, None, True, NetworkRule.ALL, NetworkRule.ALL)),
+ (NetworkRule(NetworkRule.ALL, NetworkRule.ALL, NetworkRule.ALL, NetworkRule.ALL, NetworkRule.ALL), exp(False, False, False, '', None, None, True, None, True, NetworkRule.ALL, NetworkRule.ALL)),
+ (NetworkRule(NetworkRule.ALL, NetworkRule.ALL, 'tcp', NetworkRule.ALL, NetworkRule.ALL), exp(False, False, False, '', None, None, True, 'tcp', False, NetworkRule.ALL, NetworkRule.ALL)),
+ (NetworkRule(NetworkRule.ALL, NetworkRule.ALL, 'stream', NetworkRule.ALL, NetworkRule.ALL), exp(False, False, False, '', None, None, True, 'stream', False, NetworkRule.ALL, NetworkRule.ALL)),
+ (NetworkRule('bind', NetworkRule.ALL, 'stream', NetworkRule.ALL, NetworkRule.ALL), exp(False, False, False, '', {'bind'}, None, True, 'stream', False, NetworkRule.ALL, NetworkRule.ALL)),
+ (NetworkRule({'bind', 'listen'}, NetworkRule.ALL, 'stream', {'port': '22'}, NetworkRule.ALL), exp(False, False, False, '', {'bind', 'listen'}, None, True, 'stream', False, {'port': '22'}, NetworkRule.ALL)),
+ (NetworkRule(NetworkRule.ALL, NetworkRule.ALL, 'stream', NetworkRule.ALL, {'port': '22'}), exp(False, False, False, '', None, None, True, 'stream', False, NetworkRule.ALL, {'port': '22'})),
+ (NetworkRule(NetworkRule.ALL, NetworkRule.ALL, 'stream', NetworkRule.ALL, {'ip': '::1', 'port': '22'}), exp(False, False, False, '', None, None, True, 'stream', False, NetworkRule.ALL, {'ip': '::1', 'port': '22'})),
)
def _run_test(self, obj, expected):
@@ -162,17 +204,23 @@ class NetworkFromInit(NetworkTest):
class InvalidNetworkInit(AATest):
tests = (
- # init params expected exception
- (('inet', ''), AppArmorBug), # empty type_or_protocol
- (('', 'tcp'), AppArmorBug), # empty domain
- ((' ', 'tcp'), AppArmorBug), # whitespace domain
- (('inet', ' '), AppArmorBug), # whitespace type_or_protocol
- (('xyxy', 'tcp'), AppArmorBug), # invalid domain
- (('inet', 'xyxy'), AppArmorBug), # invalid type_or_protocol
- ((dict(), 'tcp'), AppArmorBug), # wrong type for domain
- ((None, 'tcp'), AppArmorBug), # wrong type for domain
- (('inet', dict()), AppArmorBug), # wrong type for type_or_protocol
- (('inet', None), AppArmorBug), # wrong type for type_or_protocol
+ # init params expected exception
+ ((NetworkRule.ALL, 'inet', '', NetworkRule.ALL, NetworkRule.ALL), AppArmorBug), # empty type_or_protocol
+ ((NetworkRule.ALL, '', 'tcp', NetworkRule.ALL, NetworkRule.ALL), AppArmorBug), # empty domain
+ ((NetworkRule.ALL, ' ', 'tcp', NetworkRule.ALL, NetworkRule.ALL), AppArmorBug), # whitespace domain
+ ((NetworkRule.ALL, 'inet', ' ', NetworkRule.ALL, NetworkRule.ALL), AppArmorBug), # whitespace type_or_protocol
+ ((NetworkRule.ALL, 'xyxy', 'tcp', NetworkRule.ALL, NetworkRule.ALL), AppArmorBug), # invalid domain
+ ((NetworkRule.ALL, 'inet', 'xyxy', NetworkRule.ALL, NetworkRule.ALL), AppArmorBug), # invalid type_or_protocol
+ ((NetworkRule.ALL, dict(), 'tcp', NetworkRule.ALL, NetworkRule.ALL), AppArmorBug), # wrong type for domain
+ ((NetworkRule.ALL, None, 'tcp', NetworkRule.ALL, NetworkRule.ALL), AppArmorBug), # wrong type for domain
+ ((NetworkRule.ALL, 'inet', dict(), NetworkRule.ALL, NetworkRule.ALL), AppArmorBug), # wrong type for type_or_protocol
+ ((NetworkRule.ALL, 'inet', None, NetworkRule.ALL, NetworkRule.ALL), AppArmorBug), # wrong type for type_or_protocol
+ (('invalid_access', 'inet', None, NetworkRule.ALL, NetworkRule.ALL), AppArmorException), # Invalid Access
+ (({'bind', 'invld'}, 'inet', None, NetworkRule.ALL, NetworkRule.ALL), AppArmorException), # Invalid Access
+ ((NetworkRule.ALL, 'inet', None, {'ip': ':::::'}, NetworkRule.ALL), AppArmorException), # Invalid ip in local expression
+ ((NetworkRule.ALL, 'inet', None, NetworkRule.ALL, {'ip': ':::::'}), AppArmorException), # Invalid ip in peer expression
+ ((NetworkRule.ALL, 'inet', None, {'invld': '0'}, NetworkRule.ALL), AppArmorException), # Invalid keyword in local expression
+ ((NetworkRule.ALL, 'inet', None, NetworkRule.ALL, {'invld': '0'}), AppArmorException), # Invalid keyword in peer expression
)
def _run_test(self, params, expected):
@@ -193,7 +241,7 @@ class InvalidNetworkTest(AATest):
obj = None
self.assertFalse(NetworkRule.match(rawrule))
with self.assertRaises(AppArmorException):
- obj = NetworkRule.parse(rawrule)
+ obj = NetworkRule.create_instance(rawrule)
self.assertIsNone(obj, 'NetworkRule handed back an object unexpectedly')
@@ -204,14 +252,14 @@ class InvalidNetworkTest(AATest):
self._check_invalid_rawrule('dbus,') # not a network rule
def test_empty_net_data_1(self):
- obj = NetworkRule('inet', 'stream')
+ obj = NetworkRule(NetworkRule.ALL, 'inet', 'stream', NetworkRule.ALL, NetworkRule.ALL)
obj.domain = ''
# no domain set, and ALL not set
with self.assertRaises(AppArmorBug):
obj.get_clean(1)
def test_empty_net_data_2(self):
- obj = NetworkRule('inet', 'stream')
+ obj = NetworkRule(NetworkRule.ALL, 'inet', 'stream', NetworkRule.ALL, NetworkRule.ALL)
obj.type_or_protocol = ''
# no type_or_protocol set, and ALL not set
with self.assertRaises(AppArmorBug):
@@ -221,7 +269,7 @@ class InvalidNetworkTest(AATest):
class WriteNetworkTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(NetworkRule.match(rawrule))
- obj = NetworkRule.parse(rawrule)
+ obj = NetworkRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@@ -229,16 +277,20 @@ class WriteNetworkTestAATest(AATest):
self.assertEqual(rawrule.strip(), raw, 'unexpected raw rule')
tests = (
- # raw rule clean rule
- (' network , # foo ', 'network, # foo'),
- (' audit network inet,', 'audit network inet,'),
- (' deny network inet stream,# foo bar', 'deny network inet stream, # foo bar'),
- (' deny network inet ,# foo bar', 'deny network inet, # foo bar'),
- (' allow network tcp ,# foo bar', 'allow network tcp, # foo bar'),
+ # raw rule clean rule
+ (' network , # foo ', 'network, # foo'),
+ (' audit network inet,', 'audit network inet,'),
+ (' deny network inet stream,# foo bar', 'deny network inet stream, # foo bar'),
+ (' deny network inet ,# foo bar', 'deny network inet, # foo bar'),
+ (' allow network tcp ,# foo bar', 'allow network tcp, # foo bar'),
+ (' network stream peer = ( ip=::1 port=22 ) ,', 'network stream peer=(ip=::1 port=22),'),
+ (' network ( bind , listen ) stream ip = ::1 port = 22 ,', 'network (bind, listen) stream ip=::1 port=22,'),
+ (' allow network tcp ,# foo bar', 'allow network tcp, # foo bar'),
+
)
def test_write_manually(self):
- obj = NetworkRule('inet', 'stream', allow_keyword=True)
+ obj = NetworkRule(NetworkRule.ALL, 'inet', 'stream', NetworkRule.ALL, NetworkRule.ALL, allow_keyword=True)
expected = ' allow network inet stream,'
@@ -248,24 +300,24 @@ class WriteNetworkTestAATest(AATest):
class NetworkCoveredTest(AATest):
def _run_test(self, param, expected):
- obj = NetworkRule.parse(self.rule)
- check_obj = NetworkRule.parse(param)
+ obj = NetworkRule.create_instance(self.rule)
+ check_obj = NetworkRule.create_instance(param)
self.assertTrue(NetworkRule.match(param))
self.assertEqual(
obj.is_equal(check_obj), expected[0],
- 'Mismatch in is_equal, expected %s' % expected[0])
+ 'Mismatch in is_equal, expected {}'.format(expected[0]))
self.assertEqual(
obj.is_equal(check_obj, True), expected[1],
- 'Mismatch in is_equal/strict, expected %s' % expected[1])
+ 'Mismatch in is_equal/strict, expected {}'.format(expected[1]))
self.assertEqual(
obj.is_covered(check_obj), expected[2],
- 'Mismatch in is_covered, expected %s' % expected[2])
+ 'Mismatch in is_covered, expected {}'.format(expected[2]))
self.assertEqual(
obj.is_covered(check_obj, True, True), expected[3],
- 'Mismatch in is_covered/exact, expected %s' % expected[3])
+ 'Mismatch in is_covered/exact, expected {}'.format(expected[3]))
class NetworkCoveredTest_01(NetworkCoveredTest):
@@ -294,13 +346,13 @@ class NetworkCoveredTest_02(NetworkCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'network inet,', (False, False, True, False)),
+ (' network inet,', (False, False, True, False)),
('audit network inet,', (True, True, True, True)),
- ( 'network inet stream,', (False, False, True, False)),
+ (' network inet stream,', (False, False, True, False)),
('audit network inet stream,', (False, False, True, True)),
- ( 'network,', (False, False, False, False)),
+ (' network,', (False, False, False, False)),
('audit network,', (False, False, False, False)),
- ('network unix,', (False, False, False, False)),
+ (' network unix,', (False, False, False, False)),
)
@@ -309,15 +361,15 @@ class NetworkCoveredTest_03(NetworkCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'network inet stream,', (True, True, True, True)),
+ (' network inet stream,', (True, True, True, True)),
('allow network inet stream,', (True, False, True, True)),
- ( 'network inet,', (False, False, False, False)),
- ( 'network,', (False, False, False, False)),
- ( 'network inet tcp,', (False, False, False, False)),
+ (' network inet,', (False, False, False, False)),
+ (' network,', (False, False, False, False)),
+ (' network inet tcp,', (False, False, False, False)),
('audit network,', (False, False, False, False)),
('audit network inet stream,', (False, False, False, False)),
- ( 'network unix,', (False, False, False, False)),
- ( 'network,', (False, False, False, False)),
+ (' network unix,', (False, False, False, False)),
+ (' network,', (False, False, False, False)),
)
@@ -326,12 +378,12 @@ class NetworkCoveredTest_04(NetworkCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'network,', (True, True, True, True)),
+ (' network,', (True, True, True, True)),
('allow network,', (True, False, True, True)),
- ( 'network inet,', (False, False, True, True)),
- ( 'network inet6 stream,', (False, False, True, True)),
- ( 'network tcp,', (False, False, True, True)),
- ( 'network inet raw,', (False, False, True, True)),
+ (' network inet,', (False, False, True, True)),
+ (' network inet6 stream,', (False, False, True, True)),
+ (' network tcp,', (False, False, True, True)),
+ (' network inet raw,', (False, False, True, True)),
('audit network,', (False, False, False, False)),
('deny network,', (False, False, False, False)),
)
@@ -342,78 +394,103 @@ class NetworkCoveredTest_05(NetworkCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'deny network inet,', (True, True, True, True)),
+ (' deny network inet,', (True, True, True, True)),
('audit deny network inet,', (False, False, False, False)),
- ( 'network inet,', (False, False, False, False)), # XXX should covered be true here?
- ( 'deny network unix,', (False, False, False, False)),
- ( 'deny network,', (False, False, False, False)),
+ (' network inet,', (False, False, False, False)), # XXX should covered be true here?
+ (' deny network unix,', (False, False, False, False)),
+ (' deny network,', (False, False, False, False)),
+ )
+
+
+class NetworkCoveredTest_06(NetworkCoveredTest):
+ rule = 'network (rw, connect) port=127 peer=(ip=192.168.122.3),'
+
+ tests = (
+ # rule equal strict equal covered covered exact
+ ('network (rw, connect) port=127 peer=(ip=192.168.122.3),', (True, True, True, True)),
+ ('network (rw, connect) port=127 ip=192.168.122.2 peer=(ip=192.168.122.3),', (False, False, True, True)),
+ ('network (rw, connect) inet port=127 ip=192.168.122.2 peer=(ip=192.168.122.3),', (False, False, True, True)),
+ ('network (rw, connect) port=127 ip=192.168.122.2 peer=(ip=192.168.122.3 port=12345),', (False, False, True, True)),
+ ('network (rw, connect) inet port=127 ip=192.168.122.2 peer=(ip=192.168.122.3 port=12345),', (False, False, True, True)),
+ ('network connect port=12345 ip=192.168.122.2 peer=(ip=192.168.122.3),', (False, False, False, False)),
+ ('network (r, connect) port=12345 ip=192.168.122.2 peer=(ip=192.168.122.3),', (False, False, False, False)),
+ ('network (r, connect) port=128 peer=(ip=192.168.122.3),', (False, False, False, False)),
+ ('network (rw, connect) port=127 peer=(ip=127.0.0.1),', (False, False, False, False)),
+ ('network (rw, connect) port=127,', (False, False, False, False)),
)
class NetworkCoveredTest_Invalid(AATest):
def test_borked_obj_is_covered_1(self):
- obj = NetworkRule.parse('network inet,')
+ obj = NetworkRule.create_instance('network inet,')
- testobj = NetworkRule('inet', 'stream')
+ testobj = NetworkRule(NetworkRule.ALL, 'inet', 'stream', NetworkRule.ALL, NetworkRule.ALL)
testobj.domain = ''
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_borked_obj_is_covered_2(self):
- obj = NetworkRule.parse('network inet,')
+ obj = NetworkRule.create_instance('network inet,')
- testobj = NetworkRule('inet', 'stream')
+ testobj = NetworkRule(NetworkRule.ALL, 'inet', 'stream', NetworkRule.ALL, NetworkRule.ALL)
testobj.type_or_protocol = ''
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_covered(self):
- obj = NetworkRule.parse('network inet,')
+ raw_rule = 'network inet,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(NetworkRule):
+ pass
+ obj = NetworkRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
- obj = NetworkRule.parse('network inet,')
+ raw_rule = 'network inet,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(NetworkRule):
+ pass
+ obj = NetworkRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)
class NetworkLogprofHeaderTest(AATest):
tests = (
- ('network,', [ _('Network Family'), _('ALL'), _('Socket Type'), _('ALL')]),
- ('network inet,', [ _('Network Family'), 'inet', _('Socket Type'), _('ALL')]),
- ('network inet stream,', [ _('Network Family'), 'inet', _('Socket Type'), 'stream']),
- ('deny network,', [_('Qualifier'), 'deny', _('Network Family'), _('ALL'), _('Socket Type'), _('ALL')]),
- ('allow network inet,', [_('Qualifier'), 'allow', _('Network Family'), 'inet', _('Socket Type'), _('ALL')]),
- ('audit network inet stream,', [_('Qualifier'), 'audit', _('Network Family'), 'inet', _('Socket Type'), 'stream']),
- ('audit deny network inet,', [_('Qualifier'), 'audit deny', _('Network Family'), 'inet', _('Socket Type'), _('ALL')]),
+ ('network,', [ _('Accesses'), _('ALL'), _('Network Family'), _('ALL'), _('Socket Type'), _('ALL'), _('Local'), _('ALL'), _('Peer'), _('ALL')]), # noqa: E201
+ ('network inet,', [ _('Accesses'), _('ALL'), _('Network Family'), 'inet', _('Socket Type'), _('ALL'), _('Local'), _('ALL'), _('Peer'), _('ALL')]), # noqa: E201
+ ('network inet stream,', [ _('Accesses'), _('ALL'), _('Network Family'), 'inet', _('Socket Type'), 'stream', _('Local'), _('ALL'), _('Peer'), _('ALL')]), # noqa: E201
+ ('deny network,', [_('Qualifier'), 'deny', _('Accesses'), _('ALL'), _('Network Family'), _('ALL'), _('Socket Type'), _('ALL'), _('Local'), _('ALL'), _('Peer'), _('ALL')]),
+ ('allow network inet,', [_('Qualifier'), 'allow', _('Accesses'), _('ALL'), _('Network Family'), 'inet', _('Socket Type'), _('ALL'), _('Local'), _('ALL'), _('Peer'), _('ALL')]),
+ ('audit network inet stream,', [_('Qualifier'), 'audit', _('Accesses'), _('ALL'), _('Network Family'), 'inet', _('Socket Type'), 'stream', _('Local'), _('ALL'), _('Peer'), _('ALL')]),
+ ('audit deny network inet,', [_('Qualifier'), 'audit deny', _('Accesses'), _('ALL'), _('Network Family'), 'inet', _('Socket Type'), _('ALL'), _('Local'), _('ALL'), _('Peer'), _('ALL')]),
+ ('network (bind, listen) stream ip=::1 port=22,', [ _('Accesses'), 'bind listen', _('Network Family'), _('ALL'), _('Socket Type'), 'stream', _('Local'), {'ip': '::1', 'port': '22'}, _('Peer'), _('ALL')]), # noqa: E201
+ ('audit deny network inet peer=(ip=::1),', [_('Qualifier'), 'audit deny', _('Accesses'), _('ALL'), _('Network Family'), 'inet', _('Socket Type'), _('ALL'), _('Local'), _('ALL'), _('Peer'), {'ip': '::1'}]),
)
def _run_test(self, params, expected):
- obj = NetworkRule.parse(params)
+ obj = NetworkRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
class NetworkRuleReprTest(AATest):
tests = (
- (NetworkRule('inet', 'stream'), '<NetworkRule> network inet stream,'),
- (NetworkRule.parse(' allow network inet stream, # foo'), '<NetworkRule> allow network inet stream, # foo'),
+ (NetworkRule(NetworkRule.ALL, 'inet', 'stream', NetworkRule.ALL, NetworkRule.ALL), '<NetworkRule> network inet stream,'),
+ (NetworkRule.create_instance(' allow network inet stream, # foo'), '<NetworkRule> allow network inet stream, # foo'),
)
def _run_test(self, params, expected):
self.assertEqual(str(params), expected)
-## --- tests for NetworkRuleset --- #
-
+# --- tests for NetworkRuleset --- #
class NetworkRulesTest(AATest):
def test_empty_ruleset(self):
ruleset = NetworkRuleset()
@@ -443,7 +520,7 @@ class NetworkRulesTest(AATest):
]
for rule in rules:
- ruleset.add(NetworkRule.parse(rule))
+ ruleset.add(NetworkRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@@ -472,7 +549,7 @@ class NetworkRulesTest(AATest):
]
for rule in rules:
- ruleset.add(NetworkRule.parse(rule))
+ ruleset.add(NetworkRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw(1))
self.assertEqual(expected_clean, ruleset.get_clean(1))
@@ -503,8 +580,8 @@ class NetworkDeleteTestAATest(AATest):
class NetworkRulesetReprTest(AATest):
def test_network_ruleset_repr(self):
obj = NetworkRuleset()
- obj.add(NetworkRule('inet', 'stream'))
- obj.add(NetworkRule.parse(' allow network inet stream, # foo'))
+ obj.add(NetworkRule(NetworkRule.ALL, 'inet', 'stream', NetworkRule.ALL, NetworkRule.ALL))
+ obj.add(NetworkRule.create_instance(' allow network inet stream, # foo'))
expected = '<NetworkRuleset>\n network inet stream,\n allow network inet stream, # foo\n</NetworkRuleset>'
self.assertEqual(str(obj), expected)
diff --git a/utils/test/test-notify.py b/utils/test/test-notify.py
index bb2b123d20c4799d1adecdc9ceec72c9f5112490..4afd354392c3841db7c06f3a4317effa580925f9 100644
--- a/utils/test/test-notify.py
+++ b/utils/test/test-notify.py
@@ -12,10 +12,46 @@
import unittest
from apparmor.common import AppArmorBug
-from apparmor.notify import get_last_login_timestamp, sane_timestamp
+from apparmor.notify import get_last_login_timestamp, get_last_login_timestamp_wtmp, sane_timestamp
from common_test import AATest, setup_all_loops
+class TestGet_last_login_timestamp(AATest):
+ tests = (
+ # wtmp file lastlog2 db user expected login timestamp
+ (('wtmp-x86_64', 'lastlog2.db', 'root'), 1723749426), # Thu Aug 15 19:17:06 UTC 2024
+ (('wtmp-x86_64', 'lastlog2.db', 'whoever'), 0),
+ (('wtmp-x86_64', 'lastlog2.db', 'cb'), 1726995194), # Sun Sep 22 08:53:14 UTC 2024
+ (('wtmp-x86_64', 'lastlog2.db', 'sddm'), 1721084423), # Mon Jul 15 23:00:23 UTC 2024
+
+ (('wtmp-x86_64', 'does-not-exist', 'root'), 1635070346), # Sun Oct 24 12:12:26 CEST 2021
+ (('wtmp-x86_64', 'does-not-exist', 'whoever'), 0),
+
+ (('wtmp-s390x', 'lastlog2.db', 'root'), 1723749426), # Thu Aug 15 19:17:06 UTC 2024
+ (('wtmp-s390x', 'lastlog2.db', 'whoever'), 0),
+ (('wtmp-s390x', 'does-not-exist', 'linux1'), 1626368772), # Thu Jul 15 19:06:12 CEST 2021
+ (('wtmp-s390x', 'does-not-exist', 'whoever'), 0),
+
+ (('wtmp-aarch64', 'lastlog2.db', 'whoever'), 0),
+ (('wtmp-aarch64', 'does-not-exist', 'guillaume'), 1611562789), # Mon Jan 25 09:19:49 CET 2021
+ (('wtmp-aarch64', 'does-not-exist', 'whoever'), 0),
+
+ (('wtmp-truncated', 'does-not-exist', 'root'), 0),
+ (('wtmp-truncated', 'does-not-exist', 'whoever'), 0),
+ )
+
+ def _run_test(self, params, expected):
+ wtmpdb, lastlog2_db, user = params
+ wtmpdb = 'wtmp-examples/' + wtmpdb
+ lastlog2_db = 'wtmp-examples/' + lastlog2_db
+ self.assertEqual(get_last_login_timestamp(user, wtmpdb, lastlog2_db), expected)
+
+ def test_date_1999(self):
+ with self.assertRaises(AppArmorBug):
+ # wtmp-x86_64-past is hand-edited to Thu Dec 30 00:00:00 CET 1999, which is outside the expected data range
+ get_last_login_timestamp('root', 'wtmp-examples/wtmp-x86_64-past', 'wtmp-examples/does-not-exist')
+
+
class TestSane_timestamp(AATest):
tests = (
(2524704400, False), # Sun Jan 2 03:46:40 CET 2050
@@ -27,7 +63,7 @@ class TestSane_timestamp(AATest):
self.assertEqual(sane_timestamp(params), expected)
-class TestGet_last_login_timestamp(AATest):
+class TestGet_last_login_timestamp_wtmp(AATest):
tests = (
(('wtmp-x86_64', 'root'), 1635070346), # Sun Oct 24 12:12:26 CEST 2021
(('wtmp-x86_64', 'whoever'), 0),
@@ -42,13 +78,13 @@ class TestGet_last_login_timestamp(AATest):
def _run_test(self, params, expected):
filename, user = params
- filename = 'wtmp-examples/%s' % filename
- self.assertEqual(get_last_login_timestamp(user, filename), expected)
+ filename = 'wtmp-examples/' + filename
+ self.assertEqual(get_last_login_timestamp_wtmp(user, filename), expected)
def test_date_1999(self):
with self.assertRaises(AppArmorBug):
# wtmp-x86_64-past is hand-edited to Thu Dec 30 00:00:00 CET 1999, which is outside the expected data range
- get_last_login_timestamp('root', 'wtmp-examples/wtmp-x86_64-past')
+ get_last_login_timestamp_wtmp('root', 'wtmp-examples/wtmp-x86_64-past')
setup_all_loops(__name__)
diff --git a/utils/test/test-parser-simple-tests.py b/utils/test/test-parser-simple-tests.py
index 00c2fde2a88fd1e5088bdc493fb49603a70f6cc9..5e56e10f7e01acff7a18479afbbc7ae2a070bc00 100644
--- a/utils/test/test-parser-simple-tests.py
+++ b/utils/test/test-parser-simple-tests.py
@@ -35,6 +35,9 @@ skip_startswith = (
# Pux and Cux (which actually mean PUx and CUx) get rejected by the tools
'generated_x/exact-',
+
+ # don't handle rule priorities yet
+ 'file/priority/',
)
# testcases that should raise an exception, but don't
@@ -44,15 +47,16 @@ exception_not_raised = (
'abi/bad_11.sd',
'abi/bad_12.sd',
- # invalid capabilities (like "foobar"), but syntactically correct
- 'capability/bad_1.sd',
- 'capability/bad_2.sd',
- 'capability/bad_3.sd',
- 'capability/bad_4.sd',
-
# interesting[tm] profile name
'change_hat/bad_parsing.sd',
+ 'dbus/bad_regex_04.sd',
+ 'dbus/bad_regex_05.sd',
+ 'dbus/bad_regex_06.sd',
+ 'file/bad_re_brace_1.sd',
+ 'file/bad_re_brace_2.sd',
+ 'file/bad_re_brace_3.sd',
+
# The tools don't detect conflicting change_profile exec modes
'change_profile/onx_conflict_unsafe1.sd',
'change_profile/onx_conflict_unsafe2.sd',
@@ -76,49 +80,14 @@ exception_not_raised = (
'file/bad_re_brace_1.sd',
'file/bad_re_brace_2.sd',
'file/bad_re_brace_3.sd',
- 'mount/bad_1.sd',
- 'mount/bad_2.sd',
- 'mount/bad_3.sd',
- 'mount/bad_4.sd',
- 'mount/bad_opt_10.sd',
- 'mount/bad_opt_11.sd',
- 'mount/bad_opt_12.sd',
- 'mount/bad_opt_13.sd',
- 'mount/bad_opt_14.sd',
- 'mount/bad_opt_15.sd',
- 'mount/bad_opt_16.sd',
- 'mount/bad_opt_17.sd',
- 'mount/bad_opt_18.sd',
- 'mount/bad_opt_19.sd',
- 'mount/bad_opt_1.sd',
- 'mount/bad_opt_20.sd',
- 'mount/bad_opt_21.sd',
- 'mount/bad_opt_22.sd',
- 'mount/bad_opt_23.sd',
- 'mount/bad_opt_24.sd',
- 'mount/bad_opt_2.sd',
- 'mount/bad_opt_3.sd',
- 'mount/bad_opt_4.sd',
- 'mount/bad_opt_5.sd',
- 'mount/bad_opt_6.sd',
- 'mount/bad_opt_7.sd',
- 'mount/bad_opt_8.sd',
- 'mount/bad_opt_9.sd',
- 'mount/bad_opt_25.sd',
- 'mount/bad_opt_26.sd',
- 'mount/bad_opt_27.sd',
- 'mount/bad_opt_28.sd',
+
+ # We do not check that options are compatible
'mount/bad_opt_29.sd',
'mount/bad_opt_30.sd',
'mount/bad_opt_31.sd',
- 'mount/bad_opt_32.sd',
- 'mount/bad_opt_35.sd',
- 'mount/bad_opt_36.sd',
- 'mount/bad_opt_37.sd',
- 'mount/bad_opt_38.sd',
- 'mount/bad_opt_39.sd',
- 'mount/bad_opt_40.sd',
- 'mount/bad_opt_41.sd',
+ 'mount/bad_1.sd',
+ 'mount/bad_2.sd',
+
'profile/flags/flags_bad10.sd',
'profile/flags/flags_bad11.sd',
'profile/flags/flags_bad12.sd',
@@ -126,7 +95,6 @@ exception_not_raised = (
'profile/flags/flags_bad15.sd',
'profile/flags/flags_bad18.sd',
'profile/flags/flags_bad19.sd',
- 'profile/flags/flags_bad20.sd',
'profile/flags/flags_bad2.sd',
'profile/flags/flags_bad3.sd',
'profile/flags/flags_bad4.sd',
@@ -137,7 +105,6 @@ exception_not_raised = (
'profile/flags/flags_bad_debug_1.sd',
'profile/flags/flags_bad_debug_2.sd',
'profile/flags/flags_bad_debug_3.sd',
- 'profile/flags/flags_bad_debug_4.sd',
# detection of conflicting flags not supported
'profile/flags/flags_bad30.sd',
'profile/flags/flags_bad31.sd',
@@ -156,40 +123,62 @@ exception_not_raised = (
'profile/flags/flags_bad44.sd',
'profile/flags/flags_bad45.sd',
'profile/flags/flags_bad46.sd',
+ 'profile/flags/flags_bad47.sd',
+ 'profile/flags/flags_bad48.sd',
+ 'profile/flags/flags_bad49.sd',
+ 'profile/flags/flags_bad50.sd',
+ 'profile/flags/flags_bad51.sd',
+ 'profile/flags/flags_bad52.sd',
+ 'profile/flags/flags_bad53.sd',
+ 'profile/flags/flags_bad54.sd',
+ 'profile/flags/flags_bad55.sd',
+ 'profile/flags/flags_bad56.sd',
+ 'profile/flags/flags_bad64.sd',
+ 'profile/flags/flags_bad65.sd',
+ 'profile/flags/flags_bad66.sd',
+ 'profile/flags/flags_bad67.sd',
+ 'profile/flags/flags_bad68.sd',
+ 'profile/flags/flags_bad69.sd',
+ 'profile/flags/flags_bad70.sd',
+ 'profile/flags/flags_bad71.sd',
+ 'profile/flags/flags_bad72.sd',
+ 'profile/flags/flags_bad73.sd',
+ 'profile/flags/flags_bad74.sd',
+ 'profile/flags/flags_bad75.sd',
+ 'profile/flags/flags_bad76.sd',
+ 'profile/flags/flags_bad77.sd',
+ 'profile/flags/flags_bad78.sd',
+ 'profile/flags/flags_bad79.sd',
+ 'profile/flags/flags_bad80.sd',
+ 'profile/flags/flags_bad81.sd',
+ 'profile/flags/flags_bad82.sd',
+ 'profile/flags/flags_bad83.sd',
+ 'profile/flags/flags_bad84.sd',
+ 'profile/flags/flags_bad85.sd',
+ 'profile/flags/flags_bad86.sd',
+ # flags=(error=EXX)
+ 'profile/flags/flags_bad87.sd',
+ 'profile/flags/flags_bad88.sd',
+ 'profile/flags/flags_bad89.sd',
+
+ 'profile/flags/flags_bad_disconnected_path1.sd',
+ 'profile/flags/flags_bad_disconnected_path2.sd',
+ 'profile/flags/flags_bad_disconnected_path3.sd',
+ 'profile/flags/flags_bad_disconnected_path4.sd',
+ 'profile/flags/flags_bad_disconnected_path5.sd',
'profile/profile_ns_bad8.sd', # 'profile :ns/t' without terminating ':'
- 'ptrace/bad_05.sd', # actually contains a capability rule with invalid (ptrace-related) keyword
- 'ptrace/bad_06.sd', # actually contains a capability rule with invalid (ptrace-related) keyword
'ptrace/bad_10.sd', # peer with invalid regex
'signal/bad_21.sd', # invalid regex
- 'unix/bad_attr_1.sd',
- 'unix/bad_attr_2.sd',
- 'unix/bad_attr_3.sd',
- 'unix/bad_attr_4.sd',
- 'unix/bad_bind_1.sd',
- 'unix/bad_bind_2.sd',
- 'unix/bad_create_1.sd',
- 'unix/bad_create_2.sd',
- 'unix/bad_listen_1.sd',
- 'unix/bad_listen_2.sd',
- 'unix/bad_modifier_1.sd',
- 'unix/bad_modifier_2.sd',
- 'unix/bad_modifier_3.sd',
- 'unix/bad_modifier_4.sd',
- 'unix/bad_opt_1.sd',
- 'unix/bad_opt_2.sd',
- 'unix/bad_opt_3.sd',
- 'unix/bad_opt_4.sd',
- 'unix/bad_peer_1.sd',
+
+ # Invalid regexes
'unix/bad_regex_01.sd',
'unix/bad_regex_02.sd',
'unix/bad_regex_03.sd',
'unix/bad_regex_04.sd',
- 'unix/bad_shutdown_1.sd',
- 'unix/bad_shutdown_2.sd',
- 'unix/bad_peer_2.sd',
- 'unix/bad_attr_5.sd',
- 'unix/bad_opt_5.sd',
- 'unix/bad_shutdown_3.sd',
+
+ 'unix/bad_modifier_2.sd', # We do not check for duplicated keywords
+ 'unix/bad_bind_2.sd', # We do not check bind coherency
+
'vars/vars_bad_3.sd',
'vars/vars_bad_4.sd',
'vars/vars_bad_5.sd',
@@ -233,6 +222,8 @@ exception_not_raised = (
'xtrans/simple_bad_conflicting_x_6.sd',
'xtrans/simple_bad_conflicting_x_8.sd',
'xtrans/x-conflict.sd',
+
+ 'network/perms/bad_modifier_2.sd',
)
# testcases with lines that don't match any regex and end up as "unknown line"
@@ -313,6 +304,22 @@ unknown_line = (
'bare_include_tests/ok_84.sd',
'bare_include_tests/ok_85.sd',
'bare_include_tests/ok_86.sd',
+
+ # According to spec mount should be in the form fstype=... options=... and NOT in the form options=... fstype=...
+ 'mount/ok_opt_combo_3.sd',
+ 'mount/ok_opt_combo_2.sd',
+ 'mount/ok_opt_combo_1.sd',
+ 'mount/ok_opt_combo_4.sd',
+
+ # Options should be comma separated
+ 'mount/in_4.sd', # also order option then fstype is invalid
+
+ # Unsupported \\" in unix AARE
+ 'unix/ok_regex_03.sd',
+ 'unix/ok_regex_09.sd',
+ 'unix/ok_regex_13.sd',
+ 'unix/ok_regex_19.sd',
+
)
# testcases with various unexpected failures
@@ -410,7 +417,7 @@ syntax_failure = (
'generated_perms_leading/dominate-Cuxtarget.sd',
'generated_perms_leading/dominate-ownerPuxtarget2.sd',
- # escaping with \
+ # escaping with "\"
'file/ok_embedded_spaces_4.sd', # \-escaped space
'file/file/ok_embedded_spaces_4.sd', # \-escaped space
'file/ok_quoted_4.sd', # quoted string including \"
@@ -419,6 +426,9 @@ syntax_failure = (
'vars/vars_dbus_8.sd', # Path doesn't start with / or variable: {/@{TLDS}/foo,/com/@{DOMAINS}}
'vars/vars_simple_assignment_12.sd', # Redefining existing variable @{BAR} ('\' not handled)
'bare_include_tests/ok_2.sd', # two #include<...> in one line
+
+ # network port range
+ 'network/network_ok_17.sd',
)
@@ -474,7 +484,7 @@ def parse_test_profiles(file_with_path):
exresult = False
exresult_found = True
else:
- raise Exception('%s contains unknown EXRESULT %s' % (file_with_path, exresult))
+ raise Exception('{} contains unknown EXRESULT {}'.format(file_with_path, exresult))
elif line.upper().startswith('#=DESCRIPTION '):
description = line.split()[1]
@@ -486,25 +496,25 @@ def parse_test_profiles(file_with_path):
disabled = True
if not exresult_found:
- raise Exception('%s does not contain EXRESULT' % file_with_path)
+ raise Exception(file_with_path + ' does not contain EXRESULT')
if not description:
- raise Exception('%s does not contain description' % file_with_path)
+ raise Exception(file_with_path + ' does not contain description')
tools_wrong = False
if relfile in exception_not_raised:
if exresult:
- raise Exception("%s listed in exception_not_raised, but has EXRESULT PASS" % file_with_path)
+ raise Exception(file_with_path + " listed in exception_not_raised, but has EXRESULT PASS")
tools_wrong = 'EXCEPTION_NOT_RAISED'
elif relfile.startswith(skip_startswith):
return 1 # XXX *** SKIP *** those tests
elif relfile in unknown_line:
if not exresult:
- raise Exception("%s listed in unknown_line, but has EXRESULT FAIL" % file_with_path)
+ raise Exception(file_with_path + " listed in unknown_line, but has EXRESULT FAIL")
tools_wrong = 'UNKNOWN_LINE'
elif relfile in syntax_failure:
if not exresult:
- raise Exception("%s listed in syntax_failure, but has EXRESULT FAIL" % file_with_path)
+ raise Exception(file_with_path + " listed in syntax_failure, but has EXRESULT FAIL")
tools_wrong = 'SYNTAX_FAILURE'
params = {
@@ -549,9 +559,9 @@ def find_and_setup_test_profiles(profile_dir):
skipped += parse_test_profiles(file_with_path)
if skipped:
- print('Skipping %s test profiles listed in skip_startswith.' % skipped)
+ print('Skipping {} test profiles listed in skip_startswith.'.format(skipped))
- print('Running %s parser simple_tests...' % len(TestParseParserTests.tests))
+ print('Running {} parser simple_tests...'.format(len(TestParseParserTests.tests)))
setup_aa(apparmor)
diff --git a/utils/test/test-pivot_root.py b/utils/test/test-pivot_root.py
new file mode 100644
index 0000000000000000000000000000000000000000..ceaf59ab728a4cea45630d099cb9645af92d469f
--- /dev/null
+++ b/utils/test/test-pivot_root.py
@@ -0,0 +1,572 @@
+#!/usr/bin/python3
+# ----------------------------------------------------------------------
+# Copyright (C) 2015 Christian Boltz <apparmor@cboltz.de>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+import unittest
+from collections import namedtuple
+
+from apparmor.common import AppArmorBug, AppArmorException
+from apparmor.logparser import ReadLog
+from apparmor.aare import AARE
+from apparmor.rule.pivot_root import PivotRootRule, PivotRootRuleset
+from apparmor.translations import init_translation
+from common_test import AATest, setup_all_loops
+
+_ = init_translation()
+
+exp = namedtuple(
+ 'exp', ('audit', 'allow_keyword', 'deny', 'comment', 'oldroot', 'all_oldroots', 'newroot',
+ 'all_newroots', 'profile_name', 'all_profile_names'),
+)
+
+
+# # --- tests for single PivotRootRule --- #
+
+class PivotRootTest(AATest):
+ def _compare_obj(self, obj, expected):
+ self.assertEqual(expected.audit, obj.audit)
+ self.assertEqual(expected.allow_keyword, obj.allow_keyword)
+ self.assertEqual(expected.deny, obj.deny)
+ self.assertEqual(expected.comment, obj.comment)
+
+ if type(obj.oldroot) is AARE:
+ self.assertEqual(expected.oldroot, obj.oldroot.regex)
+ else:
+ self.assertEqual(expected.oldroot, obj.oldroot)
+
+ self.assertEqual(expected.all_oldroots, obj.all_oldroots)
+
+ if type(obj.newroot) is AARE:
+ self.assertEqual(expected.newroot, obj.newroot.regex)
+ else:
+ self.assertEqual(expected.newroot, obj.newroot)
+
+ self.assertEqual(expected.all_newroots, obj.all_newroots)
+
+ if type(obj.profile_name) is AARE:
+ self.assertEqual(expected.profile_name, obj.profile_name.regex)
+ else:
+ self.assertEqual(expected.profile_name, obj.profile_name)
+
+ self.assertEqual(expected.all_profile_names, obj.all_profile_names)
+
+
+class PivotRootTestParse(PivotRootTest):
+ tests = (
+ # PivotRootRule object audit allow deny comment oldroot all? newroot all? profile_name all?
+ ('pivot_root,', exp(False, False, False, '', None, True, None, True, None, True)),
+ ('pivot_root oldroot=/oldroot, # cmt', exp(False, False, False, ' # cmt', '/oldroot', False, None, True, None, True)),
+ ('pivot_root oldroot=/oldroot /new/root, # cmt', exp(False, False, False, ' # cmt', '/oldroot', False, '/new/root', False, None, True)),
+ ('pivot_root oldroot=/oldroot /new/root -> targetprof, # cmt', exp(False, False, False, ' # cmt', '/oldroot', False, '/new/root', False, 'targetprof', False)),
+ ('pivot_root oldroot=/oldroot -> targetprof, # cmt', exp(False, False, False, ' # cmt', '/oldroot', False, None, True, 'targetprof', False)),
+ ('pivot_root /new/root, # cmt', exp(False, False, False, ' # cmt', None, True, '/new/root', False, None, True)),
+ ('pivot_root /new/root -> targetprof, # cmt', exp(False, False, False, ' # cmt', None, True, '/new/root', False, 'targetprof', False)),
+ ('pivot_root -> targetprof, # cmt', exp(False, False, False, ' # cmt', None, True, None, True, 'targetprof', False)),
+ ('pivot_root oldroot="/oldroot", # cmt', exp(False, False, False, ' # cmt', '/oldroot', False, None, True, None, True)),
+ ('pivot_root "/new/root", # cmt', exp(False, False, False, ' # cmt', None, True, '/new/root', False, None, True)),
+ ('pivot_root -> "targetprof", # cmt', exp(False, False, False, ' # cmt', None, True, None, True, 'targetprof', False)),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(PivotRootRule.match(rawrule))
+ obj = PivotRootRule.create_instance(rawrule)
+ self.assertEqual(rawrule.strip(), obj.raw_rule)
+ self._compare_obj(obj, expected)
+
+
+class PivotRootTestParseInvalid(PivotRootTest):
+ tests = (
+ ('pivot_root foo,', AppArmorException),
+ ('pivot_root foo bar,', AppArmorException),
+ ('pivot_root oldroot= ,', AppArmorException),
+ ('pivot_root -> ,', AppArmorException),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(PivotRootRule.match(rawrule)) # the above invalid rules still match the main regex!
+ with self.assertRaises(expected):
+ PivotRootRule.create_instance(rawrule)
+
+ def test_invalid_rule_name(self):
+ self.assertFalse(PivotRootRule.match('pivot_rootbeer,'))
+ with self.assertRaises(AppArmorException):
+ PivotRootRule.create_instance('pivot_rootbeer,')
+
+
+class PivotRootTestParseFromLog(PivotRootTest):
+ def test_pivot_root_from_log(self):
+ parser = ReadLog('', '', '')
+ event = 'type=AVC msg=audit(1409700678.384:547594): apparmor="DENIED" operation="pivotroot" profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/pivot_root" name="/tmp/sdtest.21082-7446-EeefO6/new_root/" pid=21162 comm="pivot_root" srcname="/tmp/sdtest.21082-7446-EeefO6/new_root/put_old/"'
+
+ parsed_event = parser.parse_event(event)
+
+ self.assertEqual(parsed_event, {
+ 'request_mask': None,
+ 'denied_mask': None,
+ 'error_code': 0,
+ 'magic_token': 0,
+ 'parent': 0,
+ 'profile': '/home/ubuntu/bzr/apparmor/tests/regression/apparmor/pivot_root',
+ 'operation': 'pivotroot',
+ 'resource': None,
+ 'info': None,
+ 'aamode': 'REJECTING',
+ 'time': 1409700678,
+ 'active_hat': None,
+ 'pid': 21162,
+ 'task': 0,
+ 'attr': None,
+ 'name2': None,
+ 'src_name': '/tmp/sdtest.21082-7446-EeefO6/new_root/put_old/',
+ 'name': '/tmp/sdtest.21082-7446-EeefO6/new_root/',
+ 'family': None,
+ 'protocol': None,
+ 'sock_type': None,
+ 'class': None,
+ })
+
+ obj = PivotRootRule(parsed_event['src_name'], parsed_event['name'], PivotRootRule.ALL, log_event=parsed_event)
+
+ # audit allow deny comment oldroot all? newroot all? target all?
+ expected = exp(False, False, False, '', '/tmp/sdtest.21082-7446-EeefO6/new_root/put_old/', False, '/tmp/sdtest.21082-7446-EeefO6/new_root/', False, None, True)
+
+ self._compare_obj(obj, expected)
+
+ self.assertEqual(
+ obj.get_raw(1),
+ ' pivot_root oldroot=/tmp/sdtest.21082-7446-EeefO6/new_root/put_old/ /tmp/sdtest.21082-7446-EeefO6/new_root/,')
+
+
+class PivotRootFromInit(PivotRootTest):
+ tests = (
+ # PivotRootRule object audit allow deny comment oldroot all? newroot all? profile_name all?
+ (PivotRootRule('/oldroot', '/new/root', 'some_profile', deny=True), exp(False, False, True, '', '/oldroot', False, '/new/root', False, 'some_profile', False)),
+ (PivotRootRule('/oldroot', '/new/root', PivotRootRule.ALL, deny=True), exp(False, False, True, '', '/oldroot', False, '/new/root', False, None, True)),
+ (PivotRootRule('/oldroot', PivotRootRule.ALL, '/someprofile', deny=True), exp(False, False, True, '', '/oldroot', False, None, True, '/someprofile', False)),
+ (PivotRootRule(PivotRootRule.ALL, '/new/root', '/someprofile', deny=True), exp(False, False, True, '', None, True, '/new/root', False, '/someprofile', False)),
+ (PivotRootRule('/oldroot', PivotRootRule.ALL, PivotRootRule.ALL, deny=True), exp(False, False, True, '', '/oldroot', False, None, True, None, True)),
+ (PivotRootRule(PivotRootRule.ALL, '/new/root', PivotRootRule.ALL, deny=True), exp(False, False, True, '', None, True, '/new/root', False, None, True)),
+ (PivotRootRule(PivotRootRule.ALL, PivotRootRule.ALL, 'some_profile', deny=True), exp(False, False, True, '', None, True, None, True, 'some_profile', False)),
+ (PivotRootRule(PivotRootRule.ALL, PivotRootRule.ALL, PivotRootRule.ALL, deny=True), exp(False, False, True, '', None, True, None, True, None, True)),
+ )
+
+ def _run_test(self, obj, expected):
+ self._compare_obj(obj, expected)
+
+
+class InvalidPivotRootInit(AATest):
+ tests = (
+ # (init params, expected exception)
+ (('', '/foo', 'bar'), AppArmorBug), # empty oldroot
+ (('/old', '', 'bar'), AppArmorBug), # empty newroot
+ (('/old', '/foo', '' ), AppArmorBug), # empty targetprof # noqa: E202
+
+ (('old', '/foo', 'bar'), AppArmorException), # oldroot is not a path
+ (('/old', 'foo', 'bar'), AppArmorException), # newroot is not a path
+
+
+ ((None, '/foo', 'bar'), AppArmorBug), # wrong type
+ (('/old', None, 'bar'), AppArmorBug), #
+ (('/old', '/foo', None ), AppArmorBug), # noqa: E202
+
+ ((dict(), '/foo', 'bar'), AppArmorBug), # wrong type
+ (('/old', dict(), 'bar'), AppArmorBug), #
+ (('/old', '/foo', dict()), AppArmorBug), #
+ )
+
+ def _run_test(self, params, expected):
+ with self.assertRaises(expected):
+ PivotRootRule(*params)
+
+ def test_missing_params_1(self):
+ with self.assertRaises(TypeError):
+ PivotRootRule()
+
+ def test_missing_params_2(self):
+ with self.assertRaises(TypeError):
+ PivotRootRule('/foo')
+
+ def test_missing_params_3(self):
+ with self.assertRaises(TypeError):
+ PivotRootRule('/foo', '/bar')
+
+
+class InvalidPivotRootTest(AATest):
+ def _check_invalid_rawrule(self, rawrule):
+ obj = None
+ self.assertFalse(PivotRootRule.match(rawrule))
+ with self.assertRaises(AppArmorException):
+ obj = PivotRootRule.create_instance(rawrule)
+
+ self.assertIsNone(obj, 'PivotRootRule handed back an object unexpectedly')
+
+ def test_invalid_pivot_root_missing_comma(self):
+ self._check_invalid_rawrule('pivot_root') # missing comma
+
+ def test_invalid_non_PivotRootRule(self):
+ self._check_invalid_rawrule('dbus,') # not a pivot_root rule
+
+ def test_empty_data_1(self):
+ obj = PivotRootRule('/foo', '/bar', 'prof')
+ obj.oldroot = ''
+ # no oldroot set, and ALL not set
+ with self.assertRaises(AppArmorBug):
+ obj.get_clean(1)
+
+ def test_empty_data_2(self):
+ obj = PivotRootRule('/foo', '/bar', 'prof')
+ obj.newroot = ''
+ # no newroot set, and ALL not set
+ with self.assertRaises(AppArmorBug):
+ obj.get_clean(1)
+
+ def test_empty_data_3(self):
+ obj = PivotRootRule('/foo', '/bar', 'prof')
+ obj.profile_name = ''
+ # no profile_name set, and ALL not set
+ with self.assertRaises(AppArmorBug):
+ obj.get_clean(1)
+
+
+class WritePivotRootTestAATest(AATest):
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(PivotRootRule.match(rawrule))
+ obj = PivotRootRule.create_instance(rawrule)
+ clean = obj.get_clean()
+ raw = obj.get_raw()
+
+ self.assertEqual(expected.strip(), clean, 'unexpected clean rule')
+ self.assertEqual(rawrule.strip(), raw, 'unexpected raw rule')
+
+ tests = (
+ # raw rule clean rule
+ ('pivot_root,', 'pivot_root,'),
+ (' pivot_root , # foo ', 'pivot_root, # foo'),
+ (' audit pivot_root /foo,', 'audit pivot_root /foo,'),
+ (' deny pivot_root /foo ,# foo bar', 'deny pivot_root /foo, # foo bar'),
+ (' deny pivot_root "/foo" ,# foo bar', 'deny pivot_root /foo, # foo bar'),
+ (' allow pivot_root ,# foo bar', 'allow pivot_root, # foo bar'),
+ (' pivot_root oldroot=/old , # foo ', 'pivot_root oldroot=/old, # foo'),
+ (' pivot_root oldroot="/old" , # foo ', 'pivot_root oldroot=/old, # foo'),
+ (' pivot_root oldroot=/old -> some_profile , ', 'pivot_root oldroot=/old -> some_profile,'),
+ (' pivot_root oldroot=/old /new -> some_profile , ', 'pivot_root oldroot=/old /new -> some_profile,'),
+ )
+
+ def test_write_manually(self):
+ obj = PivotRootRule('/old', '/new', 'target', allow_keyword=True)
+
+ expected = ' allow pivot_root oldroot=/old /new -> target,'
+
+ self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule')
+ self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')
+
+
+class PivotRootCoveredTest(AATest):
+ def _run_test(self, param, expected):
+ obj = PivotRootRule.create_instance(self.rule)
+ check_obj = PivotRootRule.create_instance(param)
+
+ self.assertTrue(PivotRootRule.match(param))
+
+ self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected {}'.format(expected[0]))
+ self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected {}'.format(expected[1]))
+
+ self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected {}'.format(expected[2]))
+ self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected {}'.format(expected[3]))
+
+
+class PivotRootCoveredTest_01(PivotRootCoveredTest):
+ rule = 'pivot_root /new,'
+
+ tests = (
+ # rule equal strict equal covered covered exact
+ ('pivot_root,', (False, False, False, False)),
+ ('pivot_root /n*,', (False, False, False, False)),
+ ('pivot_root oldroot=/old,', (False, False, False, False)),
+ ('pivot_root /new,', (True, False, True, True)),
+ ('pivot_root -> target,', (False, False, False, False)),
+ ('pivot_root oldroot=/old /new,', (False, False, True, True)),
+ ('pivot_root /new -> target,', (False, False, True, True)),
+ ('pivot_root oldroot=/old -> target,', (False, False, False, False)),
+ ('pivot_root oldroot=/old /new -> target,', (False, False, True, True)),
+ )
+
+
+class PivotRootCoveredTest_02(PivotRootCoveredTest):
+ rule = 'audit pivot_root oldroot=/ol*,'
+
+ tests = (
+ # rule equal strict equal covered covered exact
+ ('audit pivot_root,', (False, False, False, False)),
+ ('audit pivot_root oldroot=/ol*,', (True, True, True, True)),
+ ('audit pivot_root oldroot=/old,', (False, False, True, True)),
+ ('audit pivot_root /new,', (False, False, False, False)),
+ ('audit pivot_root -> target,', (False, False, False, False)),
+ ('audit pivot_root oldroot=/old /new,', (False, False, True, True)),
+ ('audit pivot_root /new -> target,', (False, False, False, False)),
+ ('audit pivot_root oldroot=/old -> target,', (False, False, True, True)), # covered exact - really?
+ ('audit pivot_root oldroot=/old /new -> target,', (False, False, True, True)), # covered exact - really?
+ )
+
+
+class PivotRootCoveredTest_03(PivotRootCoveredTest):
+ rule = 'pivot_root -> target,'
+
+ tests = (
+ # rule equal strict equal covered covered exact
+ ('pivot_root,', (False, False, False, False)),
+ ('pivot_root oldroot=/ol*,', (False, False, False, False)),
+ ('pivot_root oldroot=/old,', (False, False, False, False)),
+ ('pivot_root /new,', (False, False, False, False)),
+ ('pivot_root -> target,', (True, False, True, True)),
+ ('pivot_root oldroot=/old /new,', (False, False, False, False)),
+ ('pivot_root /new -> target,', (False, False, True, True)),
+ ('pivot_root oldroot=/old -> target,', (False, False, True, True)),
+ ('pivot_root oldroot=/old /new -> target,', (False, False, True, True)),
+ )
+
+
+class PivotRootCoveredTest_04(PivotRootCoveredTest):
+ rule = 'deny pivot_root /foo,'
+
+ tests = (
+ # rule equal strict equal covered covered exact
+ (' deny pivot_root /foo,', (True, True, True, True)),
+ ('audit deny pivot_root /foo,', (False, False, False, False)),
+ (' pivot_root /foo,', (False, False, False, False)), # XXX should covered be true here?
+ (' deny pivot_root /bar,', (False, False, False, False)),
+ (' deny pivot_root,', (False, False, False, False)),
+ )
+
+
+class PivotRootCoveredTest_Invalid(AATest):
+ # TODO: should this be detected?
+ # def test_borked_obj_is_covered_1(self):
+ # obj = PivotRootRule.create_instance('pivot_root oldroot=/old /new -> target,')
+
+ # testobj = PivotRootRule('/old', '/foo', 'targetprof')
+ # testobj.oldrooot = None
+
+ # with self.assertRaises(AppArmorBug):
+ # obj.is_covered(testobj)
+
+ def test_borked_obj_is_covered_2(self):
+ obj = PivotRootRule.create_instance('pivot_root oldroot=/old /new -> target,')
+
+ testobj = PivotRootRule('/old', '/foo', 'targetprof')
+ testobj.newroot = ''
+
+ with self.assertRaises(AppArmorBug):
+ obj.is_covered(testobj)
+
+ # def test_borked_obj_is_covered_3(self):
+ # TODO: should this be detected?
+ # obj = PivotRootRule.create_instance('pivot_root oldroot=/old /new -> target,')
+
+ # testobj = PivotRootRule('/old', '/foo', 'targetprof')
+ # testobj.profile_name = ''
+
+ # with self.assertRaises(AppArmorBug):
+ # obj.is_covered(testobj)
+
+ def test_invalid_is_covered(self):
+ raw_rule = 'pivot_root oldroot=/old /new -> target,'
+
+ class SomeOtherClass(PivotRootRule):
+ pass
+
+ obj = PivotRootRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
+ with self.assertRaises(AppArmorBug):
+ obj.is_covered(testobj)
+
+ def test_invalid_is_equal_1(self):
+ raw_rule = 'pivot_root oldroot=/old /new -> target,'
+
+ class SomeOtherClass(PivotRootRule):
+ pass
+
+ obj = PivotRootRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
+ with self.assertRaises(AppArmorBug):
+ obj.is_equal(testobj)
+
+# def test_invalid_is_equal_2(self):
+ # TODO: should this be detected?
+# obj = PivotRootRule.create_instance('pivot_root oldroot=/old /new -> target,')
+
+# testobj = PivotRootRule.create_instance('pivot_root oldroot=/old /new -> target,')
+# testobj.all_oldroots = False # make testobj invalid (should trigger exception in _is_equal_aare())
+
+# with self.assertRaises(AppArmorBug):
+# obj.is_equal(testobj)
+
+
+class PivotRootLogprofHeaderTest(AATest):
+ tests = (
+ ('pivot_root,', [ _('Old root'), _('ALL'), _('New root'), _('ALL'), _('Target profile'), _('ALL')]), # noqa: E201
+ ('pivot_root oldroot=/old,', [ _('Old root'), '/old', _('New root'), _('ALL'), _('Target profile'), _('ALL')]), # noqa: E201
+ ('deny pivot_root,', [_('Qualifier'), 'deny', _('Old root'), _('ALL'), _('New root'), _('ALL'), _('Target profile'), _('ALL')]),
+ ('allow pivot_root oldroot=/old,', [_('Qualifier'), 'allow', _('Old root'), '/old', _('New root'), _('ALL'), _('Target profile'), _('ALL')]),
+ ('audit pivot_root /new,', [_('Qualifier'), 'audit', _('Old root'), _('ALL'), _('New root'), '/new', _('Target profile'), _('ALL')]),
+ ('audit deny pivot_root /new -> target,', [_('Qualifier'), 'audit deny', _('Old root'), _('ALL'), _('New root'), '/new', _('Target profile'), 'target']),
+ ('pivot_root oldroot=/old /new -> target,', [ _('Old root'), '/old', _('New root'), '/new', _('Target profile'), 'target']), # noqa: E201
+ )
+
+ def _run_test(self, params, expected):
+ obj = PivotRootRule.create_instance(params)
+ self.assertEqual(obj.logprof_header(), expected)
+
+
+class PivotRootEditHeaderTest(AATest):
+ def _run_test(self, params, expected):
+ rule_obj = PivotRootRule.create_instance(params)
+ self.assertEqual(rule_obj.can_edit, True)
+ prompt, path_to_edit = rule_obj.edit_header()
+ self.assertEqual(path_to_edit, expected)
+
+ tests = (
+ ('pivot_root oldroot=/old /foo/bar/baz -> target,', '/foo/bar/baz'),
+ ('pivot_root /foo/**/baz,', '/foo/**/baz'),
+ ('pivot_root /foo/** -> /bar,', '/foo/**'),
+ )
+
+ def test_edit_header_bare_pivot_root(self):
+ rule_obj = PivotRootRule.create_instance('pivot_root,')
+ self.assertEqual(rule_obj.can_edit, False)
+ with self.assertRaises(AppArmorBug):
+ rule_obj.edit_header()
+
+
+class PivotRootValidateAndStoreEditTest(AATest):
+ def _run_test(self, params, expected):
+ rule_obj = PivotRootRule('/old/', '/foo/bar/baz', 'target', log_event=True)
+
+ self.assertEqual(rule_obj.validate_edit(params), expected)
+
+ rule_obj.store_edit(params)
+ self.assertEqual(rule_obj.get_raw(), 'pivot_root oldroot=/old/ ' + params + ' -> target,')
+
+ tests = (
+ # edited path match
+ ('/foo/bar/baz', True),
+ ('/foo/bar/*', True),
+ ('/foo/bar/???', True),
+ ('/foo/xy**', False),
+ ('/foo/bar/baz/', False),
+ )
+
+ def test_validate_not_a_path(self):
+ rule_obj = PivotRootRule.create_instance('pivot_root /foo/bar/baz,')
+
+ with self.assertRaises(AppArmorException):
+ rule_obj.validate_edit('foo/bar/baz')
+
+ with self.assertRaises(AppArmorException):
+ rule_obj.store_edit('foo/bar/baz')
+
+ def test_validate_edit_bare_pivot_root(self):
+ rule_obj = PivotRootRule.create_instance('pivot_root,')
+ self.assertEqual(rule_obj.can_edit, False)
+
+ with self.assertRaises(AppArmorBug):
+ rule_obj.validate_edit('/foo/bar')
+
+ with self.assertRaises(AppArmorBug):
+ rule_obj.store_edit('/foo/bar')
+
+
+# --- tests for PivotRootRuleset --- #
+
+class PivotRootRulesTest(AATest):
+ def test_empty_ruleset(self):
+ ruleset = PivotRootRuleset()
+ ruleset_2 = PivotRootRuleset()
+ self.assertEqual([], ruleset.get_raw(2))
+ self.assertEqual([], ruleset.get_clean(2))
+ self.assertEqual([], ruleset_2.get_raw(2))
+ self.assertEqual([], ruleset_2.get_clean(2))
+
+ # test __repr__() for empty ruleset
+ self.assertEqual(str(ruleset), '<PivotRootRuleset (empty) />')
+
+ def test_ruleset_1(self):
+ ruleset = PivotRootRuleset()
+ rules = (
+ 'pivot_root oldroot=/foo,',
+ 'pivot_root /new,',
+ )
+
+ expected_raw = [
+ 'pivot_root oldroot=/foo,',
+ 'pivot_root /new,',
+ '',
+ ]
+
+ expected_clean = [
+ 'pivot_root /new,',
+ 'pivot_root oldroot=/foo,',
+ '',
+ ]
+
+ for rule in rules:
+ ruleset.add(PivotRootRule.create_instance(rule))
+
+ self.assertEqual(expected_raw, ruleset.get_raw())
+ self.assertEqual(expected_clean, ruleset.get_clean())
+
+ # test __repr__() for non-empty ruleset
+ self.assertEqual(
+ str(ruleset), '<PivotRootRuleset>\n pivot_root oldroot=/foo,\n pivot_root /new,\n</PivotRootRuleset>')
+
+
+class PivotRootGlobTestAATest(AATest):
+ def test_glob(self):
+ glob_list = [(
+ 'pivot_root /foo/bar,',
+ 'pivot_root /foo/*,',
+ 'pivot_root /**,',
+ )]
+ for globs in glob_list:
+ for i in range(len(globs) - 1):
+ rule = PivotRootRule.create_instance(globs[i])
+ rule.glob()
+ self.assertEqual(rule.get_clean(), globs[i + 1])
+
+ def test_glob_all(self):
+ glob_list = [(
+ 'pivot_root,',
+ 'pivot_root,',
+ )]
+ for globs in glob_list:
+ for i in range(len(globs) - 1):
+ rule = PivotRootRule.create_instance(globs[i])
+ rule.glob()
+ self.assertEqual(rule.get_clean(), globs[i + 1])
+
+
+# def test_glob_ext(self):
+# # rule = PivotRootRule.create_instance('pivot_root /foo/bar,')
+# with self.assertRaises(NotImplementedError):
+# # get_glob_ext is not available for pivot_root rules
+# self.ruleset.get_glob_ext('pivot_root /foo,')
+
+
+# class PivotRootDeleteTestAATest(AATest):
+# pass
+
+
+setup_all_loops(__name__)
+if __name__ == '__main__':
+ unittest.main(verbosity=1)
diff --git a/utils/test/test-pivot_root_parse.py b/utils/test/test-pivot_root_parse.py
deleted file mode 100644
index d33532595f662ab5f76cc19e18a2dbb18681a859..0000000000000000000000000000000000000000
--- a/utils/test/test-pivot_root_parse.py
+++ /dev/null
@@ -1,33 +0,0 @@
-#! /usr/bin/python3
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2014 Canonical Ltd.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-import unittest
-
-import apparmor.aa as aa
-from common_test import AAParseTest, setup_aa, setup_regex_tests
-
-
-class AAParsePivotRootTest(AAParseTest):
- def setUp(self):
- self.parse_function = aa.parse_pivot_root_rule
-
- tests = (
- ('pivot_root,', 'pivot_root base keyword'),
- ('pivot_root /old,', 'pivot_root oldroot rule'),
- ('pivot_root /old /new,', 'pivot_root old and new root rule'),
- ('pivot_root /old /new -> /usr/bin/child,', 'pivot_root child rule'),
- )
-
-
-setup_aa(aa)
-if __name__ == '__main__':
- setup_regex_tests(AAParsePivotRootTest)
- unittest.main(verbosity=1)
diff --git a/utils/test/test-profile-list.py b/utils/test/test-profile-list.py
index 3b5bb3e29580954b7a622c16c162b5218032737c..cc306a22646aaca5b22234f9eefbd12776ff5784 100644
--- a/utils/test/test-profile-list.py
+++ b/utils/test/test-profile-list.py
@@ -17,6 +17,7 @@ import apparmor.aa
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.profile_list import ProfileList
from apparmor.profile_storage import ProfileStorage
+from apparmor.aare import AARE
from apparmor.rule.abi import AbiRule
from apparmor.rule.alias import AliasRule
from apparmor.rule.boolean import BooleanRule
@@ -33,28 +34,28 @@ class TestAdd_profile(AATest):
def testEmpty(self):
self.assertEqual(self.pl.profile_names, {})
self.assertEqual(self.pl.attachments, {})
- self.assertEqual('%s' % self.pl, "\n".join(['', '<ProfileList>', '', '</ProfileList>', '']))
+ self.assertEqual(str(self.pl), "\n".join(['', '<ProfileList>', '', '</ProfileList>', '']))
def testAdd_profile_1(self):
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo', self.dummy_profile)
self.assertEqual(self.pl.profile_names, {'foo': '/etc/apparmor.d/bin.foo'})
- self.assertEqual(self.pl.attachments, {'/bin/foo': {'f': '/etc/apparmor.d/bin.foo', 'p': 'foo'}})
+ self.assertEqual(self.pl.attachments, {'/bin/foo': {'f': '/etc/apparmor.d/bin.foo', 'p': 'foo', 're': AARE('/bin/foo', True)}})
self.assertEqual(self.pl.profiles_in_file('/etc/apparmor.d/bin.foo'), ['foo'])
- self.assertEqual('%s' % self.pl, '\n<ProfileList>\n/etc/apparmor.d/bin.foo\n</ProfileList>\n')
+ self.assertEqual(str(self.pl), '\n<ProfileList>\n/etc/apparmor.d/bin.foo\n</ProfileList>\n')
def testAdd_profile_2(self):
self.pl.add_profile('/etc/apparmor.d/bin.foo', None, '/bin/foo', self.dummy_profile)
self.assertEqual(self.pl.profile_names, {})
- self.assertEqual(self.pl.attachments, {'/bin/foo': {'f': '/etc/apparmor.d/bin.foo', 'p': '/bin/foo'}})
+ self.assertEqual(self.pl.attachments, {'/bin/foo': {'f': '/etc/apparmor.d/bin.foo', 'p': '/bin/foo', 're': AARE('/bin/foo', True)}})
self.assertEqual(self.pl.profiles_in_file('/etc/apparmor.d/bin.foo'), ['/bin/foo'])
- self.assertEqual('%s' % self.pl, '\n<ProfileList>\n/etc/apparmor.d/bin.foo\n</ProfileList>\n')
+ self.assertEqual(str(self.pl), '\n<ProfileList>\n/etc/apparmor.d/bin.foo\n</ProfileList>\n')
def testAdd_profile_3(self):
self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', None, self.dummy_profile)
self.assertEqual(self.pl.profile_names, {'foo': '/etc/apparmor.d/bin.foo'})
self.assertEqual(self.pl.attachments, {})
self.assertEqual(self.pl.profiles_in_file('/etc/apparmor.d/bin.foo'), ['foo'])
- self.assertEqual('%s' % self.pl, '\n<ProfileList>\n/etc/apparmor.d/bin.foo\n</ProfileList>\n')
+ self.assertEqual(str(self.pl), '\n<ProfileList>\n/etc/apparmor.d/bin.foo\n</ProfileList>\n')
def testAdd_profileError_1(self):
with self.assertRaises(AppArmorBug):
@@ -153,6 +154,7 @@ class TestFilename_from_attachment(AATest):
with self.assertRaises(AppArmorBug):
self.pl.filename_from_attachment('foo')
+
class TestProfile_from_attachment(TestFilename_from_attachment):
# uses AASetup from TestFilename_from_attachment
tests = (
@@ -197,9 +199,9 @@ class TestAdd_inc_ie(AATest):
self.assertEqual(list(self.pl.files.keys()), [])
def test_dedup_inc_ie_1(self):
- self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.parse('include <tunables/global>'))
- self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.parse('#include if exists <tunables/global> # comment'))
- self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.parse(' #include <tunables/global> '))
+ self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.create_instance('include <tunables/global>'))
+ self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.create_instance('#include if exists <tunables/global> # comment'))
+ self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.create_instance(' #include <tunables/global> '))
deleted = self.pl.delete_preamble_duplicates('/etc/apparmor.d/bin.foo')
self.assertEqual(deleted, 2)
self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
@@ -235,8 +237,8 @@ class TestAdd_abi(AATest):
self.assertEqual(list(self.pl.files.keys()), [])
def test_dedup_abi_1(self):
- self.pl.add_abi('/etc/apparmor.d/bin.foo', AbiRule.parse('abi <abi/4.19>,'))
- self.pl.add_abi('/etc/apparmor.d/bin.foo', AbiRule.parse(' abi <abi/4.19> , # comment'))
+ self.pl.add_abi('/etc/apparmor.d/bin.foo', AbiRule.create_instance('abi <abi/4.19>,'))
+ self.pl.add_abi('/etc/apparmor.d/bin.foo', AbiRule.create_instance(' abi <abi/4.19> , # comment'))
self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
deleted = self.pl.delete_preamble_duplicates('/etc/apparmor.d/bin.foo')
self.assertEqual(deleted, 1)
@@ -317,9 +319,9 @@ class TestAdd_variable(AATest):
self.assertEqual(list(self.pl.files.keys()), [])
def test_dedup_variable_1(self):
- self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.parse('@{foo} = /foo'))
- self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.parse('@{foo} += /bar # comment'))
- self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.parse('@{foo} += /bar /baz'))
+ self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.create_instance('@{foo} = /foo'))
+ self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.create_instance('@{foo} += /bar # comment'))
+ self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.create_instance('@{foo} += /bar /baz'))
deleted = self.pl.delete_preamble_duplicates('/etc/apparmor.d/bin.foo')
self.assertEqual(deleted, 1)
self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
@@ -375,7 +377,7 @@ class AaTest_get_all_merged_variables(AATest):
self.createTmpdir()
# copy the local profiles to the test directory
- self.profile_dir = '%s/profiles' % self.tmpdir
+ self.profile_dir = self.tmpdir + '/profiles'
apparmor.aa.profile_dir = self.profile_dir
shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
diff --git a/utils/test/test-profile-storage.py b/utils/test/test-profile-storage.py
index a970a1457f2900ef54032d38a552ed5c06bb6fe5..376089a16a32521ed02e66fc51e1bda819e49030 100644
--- a/utils/test/test-profile-storage.py
+++ b/utils/test/test-profile-storage.py
@@ -13,6 +13,7 @@ import unittest
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.profile_storage import ProfileStorage, add_or_remove_flag, split_flags, var_transform
+from apparmor.rule.capability import CapabilityRule
from common_test import AATest, setup_all_loops
@@ -84,10 +85,10 @@ class AaTest_get_header(AATest):
class AaTest_get_header_01(AATest):
tests = (
- ({'name': '/foo', 'depth': 1, 'flags': 'complain' }, ' /foo flags=(complain) {'),
- ({'name': '/foo', 'depth': 1, 'flags': 'complain', 'profile_keyword': True }, ' profile /foo flags=(complain) {'),
- ({'name': '/foo', 'flags': 'complain' }, '/foo flags=(complain) {'),
- ({'name': '/foo', 'xattrs': 'user.foo=bar', 'flags': 'complain' }, '/foo xattrs=(user.foo=bar) flags=(complain) {'),
+ ({'name': '/foo', 'depth': 1, 'flags': 'complain'}, ' /foo flags=(complain) {'),
+ ({'name': '/foo', 'depth': 1, 'flags': 'complain', 'profile_keyword': True}, ' profile /foo flags=(complain) {'),
+ ({'name': '/foo', 'flags': 'complain'}, '/foo flags=(complain) {'),
+ ({'name': '/foo', 'xattrs': 'user.foo=bar', 'flags': 'complain'}, '/foo xattrs=(user.foo=bar) flags=(complain) {'),
({'name': '/foo', 'xattrs': 'user.foo=bar', 'embedded_hat': True}, 'profile /foo xattrs=(user.foo=bar) {'),
)
@@ -121,31 +122,48 @@ class TestSetInvalid(AATest):
with self.assertRaises(expected):
self.storage[params[0]] = params[1]
+ def testInvalidTypeChange(self):
+ storage = ProfileStorage('/test/foo', 'hat', 'TEST')
+ storage.data['invalid'] = 42 # manually set behind __setitem__'s back to avoid checks
+ with self.assertRaises(AppArmorBug):
+ storage['invalid'] = 'foo' # attempt to change type from int to str
+
+
+class AaTest_repr(AATest):
+ def testRepr(self):
+ prof_storage = ProfileStorage('/test/foo', 'hat', 'TEST')
+ prof_storage['name'] = 'foo'
+ prof_storage['xattrs'] = 'user.bar=bar'
+ prof_storage['capability'].add(CapabilityRule('dac_override'))
+
+ self.assertEqual(str(prof_storage), '\n<ProfileStorage>\nprofile foo xattrs=(user.bar=bar) {\n capability dac_override,\n\n}\n</ProfileStorage>\n')
+
class AaTest_parse_profile_start(AATest):
tests = (
- # profile start line profile hat profile hat attachment xattrs flags pps_set_hat_external
- (('/foo {', None, None), ('/foo', '/foo', '', '', None, False)),
- (('/foo (complain) {', None, None), ('/foo', '/foo', '', '', 'complain', False)),
- (('profile foo /foo {', None, None), ('foo', 'foo', '/foo', '', None, False)), # named profile
- (('profile /foo {', '/bar', None), ('/bar', '/foo', '', '', None, False)), # child profile
- (('/foo//bar {', None, None), ('/foo', 'bar', '', '', None, True)), # external hat
- (('profile "/foo" (complain) {', None, None), ('/foo', '/foo', '', '', 'complain', False)),
- (('profile "/foo" xattrs=(user.bar=bar) {', None, None), ('/foo', '/foo', '', 'user.bar=bar', None, False)),
- (('profile "/foo" xattrs=(user.bar=bar user.foo=*) {', None, None), ('/foo', '/foo', '', 'user.bar=bar user.foo=*', None, False)),
- (('/usr/bin/xattrs-test xattrs=(myvalue="foo.bar") {', None, None), ('/usr/bin/xattrs-test', '/usr/bin/xattrs-test', '', 'myvalue="foo.bar"', None, False)),
+ # profile start line profile hat name profile hat attachment xattrs flags pps_set_hat_external
+ (('/foo {', None, None), ('/foo', '/foo', '/foo', '', '', None, False)),
+ (('/foo (complain) {', None, None), ('/foo', '/foo', '/foo', '', '', 'complain', False)),
+ (('profile foo /foo {', None, None), ('foo', 'foo', 'foo', '/foo', '', None, False)), # named profile
+ (('profile /foo {', '/bar', None), ('/foo', '/bar', '/foo', '', '', None, False)), # child profile
+ (('/foo//bar {', None, None), ('/foo//bar', '/foo', 'bar', '', '', None, True)), # external hat
+ (('profile "/foo" (complain) {', None, None), ('/foo', '/foo', '/foo', '', '', 'complain', False)),
+ (('profile "/foo" xattrs=(user.bar=bar) {', None, None), ('/foo', '/foo', '/foo', '', 'user.bar=bar', None, False)),
+ (('profile "/foo" xattrs=(user.bar=bar user.foo=*) {', None, None), ('/foo', '/foo', '/foo', '', 'user.bar=bar user.foo=*', None, False)),
+ (('/usr/bin/xattrs-test xattrs=(myvalue="foo.bar") {', None, None), ('/usr/bin/xattrs-test', '/usr/bin/xattrs-test', '/usr/bin/xattrs-test', '', 'myvalue="foo.bar"', None, False)),
)
def _run_test(self, params, expected):
(profile, hat, prof_storage) = ProfileStorage.parse(params[0], 'somefile', 1, params[1], params[2])
- self.assertEqual(profile, expected[0])
- self.assertEqual(hat, expected[1])
- self.assertEqual(prof_storage['attachment'], expected[2])
- self.assertEqual(prof_storage['xattrs'], expected[3])
- self.assertEqual(prof_storage['flags'], expected[4])
+ self.assertEqual(prof_storage['name'], expected[0])
+ self.assertEqual(profile, expected[1])
+ self.assertEqual(hat, expected[2])
+ self.assertEqual(prof_storage['attachment'], expected[3])
+ self.assertEqual(prof_storage['xattrs'], expected[4])
+ self.assertEqual(prof_storage['flags'], expected[5])
self.assertEqual(prof_storage['is_hat'], False)
- self.assertEqual(prof_storage['external'], expected[5])
+ self.assertEqual(prof_storage['external'], expected[6])
class AaTest_parse_profile_start_errors(AATest):
diff --git a/utils/test/test-ptrace.py b/utils/test/test-ptrace.py
index 6eac4bb021d04cf2b294f39b16783f810b5fbf9f..18362f262883cbcf4aed2843dc1308e41e430b23 100644
--- a/utils/test/test-ptrace.py
+++ b/utils/test/test-ptrace.py
@@ -16,9 +16,8 @@
import unittest
from collections import namedtuple
-from apparmor.common import AppArmorBug, AppArmorException
+from apparmor.common import AppArmorBug, AppArmorException, hasher
from apparmor.logparser import ReadLog
-from apparmor.rule import BaseRule
from apparmor.rule.ptrace import PtraceRule, PtraceRuleset
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -68,7 +67,7 @@ class PtraceTestParse(PtraceTest):
def _run_test(self, rawrule, expected):
self.assertTrue(PtraceRule.match(rawrule))
- obj = PtraceRule.parse(rawrule)
+ obj = PtraceRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@@ -86,7 +85,7 @@ class PtraceTestParseInvalid(PtraceTest):
def _run_test(self, rawrule, expected):
self.assertTrue(PtraceRule.match(rawrule)) # the above invalid rules still match the main regex!
with self.assertRaises(expected):
- PtraceRule.parse(rawrule)
+ PtraceRule.create_instance(rawrule)
class PtraceTestParseFromLog(PtraceTest):
@@ -132,6 +131,23 @@ class PtraceTestParseFromLog(PtraceTest):
obj.get_raw(1),
' ptrace tracedby peer=/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace,')
+ def test_null_ptrace_from(self):
+ log = 'type=AVC msg=audit(1495217772.047:4471): apparmor="DENIED" operation="ptrace" profile="/usr/bin/pidgin" pid=21704 comm="pidgin" peer="//null-"'
+ parser = ReadLog('', '', '')
+
+ hl = hasher()
+
+ ev = parser.parse_event(log)
+ PtraceRule.hashlog_from_event(hl, ev)
+
+ expected = {'//null-': {None: True}}
+ self.assertEqual(hl, expected)
+
+ sr = PtraceRule.from_hashlog(hl)
+
+ with self.assertRaises(StopIteration):
+ next(sr)
+
class PtraceFromInit(PtraceTest):
tests = (
@@ -181,7 +197,7 @@ class InvalidPtraceTest(AATest):
obj = None
self.assertFalse(PtraceRule.match(rawrule))
with self.assertRaises(AppArmorException):
- obj = PtraceRule.parse(rawrule)
+ obj = PtraceRule.create_instance(rawrule)
self.assertIsNone(obj, 'PtraceRule handed back an object unexpectedly')
@@ -209,7 +225,7 @@ class InvalidPtraceTest(AATest):
class WritePtraceTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(PtraceRule.match(rawrule))
- obj = PtraceRule.parse(rawrule)
+ obj = PtraceRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@@ -257,16 +273,16 @@ class WritePtraceTestAATest(AATest):
class PtraceCoveredTest(AATest):
def _run_test(self, param, expected):
- obj = PtraceRule.parse(self.rule)
- check_obj = PtraceRule.parse(param)
+ obj = PtraceRule.create_instance(self.rule)
+ check_obj = PtraceRule.create_instance(param)
self.assertTrue(PtraceRule.match(param))
- self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected %s' % expected[0])
- self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected %s' % expected[1])
+ self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected {}'.format(expected[0]))
+ self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected {}'.format(expected[1]))
- self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected %s' % expected[2])
- self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected %s' % expected[3])
+ self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected {}'.format(expected[2]))
+ self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected {}'.format(expected[3]))
class PtraceCoveredTest_01(PtraceCoveredTest):
@@ -293,9 +309,9 @@ class PtraceCoveredTest_02(PtraceCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'ptrace read,', (False, False, True, False)),
+ (' ptrace read,', (False, False, True, False)),
('audit ptrace read,', (True, True, True, True)),
- ( 'ptrace,', (False, False, False, False)),
+ (' ptrace,', (False, False, False, False)),
('audit ptrace,', (False, False, False, False)),
('ptrace tracedby,', (False, False, False, False)),
)
@@ -306,10 +322,10 @@ class PtraceCoveredTest_03(PtraceCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'ptrace,', (True, True, True, True)),
+ (' ptrace,', (True, True, True, True)),
('allow ptrace,', (True, False, True, True)),
- ( 'ptrace read,', (False, False, True, True)),
- ( 'ptrace w,', (False, False, True, True)),
+ (' ptrace read,', (False, False, True, True)),
+ (' ptrace w,', (False, False, True, True)),
('audit ptrace,', (False, False, False, False)),
('deny ptrace,', (False, False, False, False)),
)
@@ -320,11 +336,11 @@ class PtraceCoveredTest_04(PtraceCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'deny ptrace read,', (True, True, True, True)),
+ (' deny ptrace read,', (True, True, True, True)),
('audit deny ptrace read,', (False, False, False, False)),
- ( 'ptrace read,', (False, False, False, False)), # XXX should covered be true here?
- ( 'deny ptrace tracedby,', (False, False, False, False)),
- ( 'deny ptrace,', (False, False, False, False)),
+ (' ptrace read,', (False, False, False, False)), # XXX should covered be true here?
+ (' deny ptrace tracedby,', (False, False, False, False)),
+ (' deny ptrace,', (False, False, False, False)),
)
@@ -437,7 +453,7 @@ class PtraceCoveredTest_08(PtraceCoveredTest):
class PtraceCoveredTest_Invalid(AATest):
def test_borked_obj_is_covered_1(self):
- obj = PtraceRule.parse('ptrace read peer=/foo,')
+ obj = PtraceRule.create_instance('ptrace read peer=/foo,')
testobj = PtraceRule('read', '/foo')
testobj.access = ''
@@ -446,7 +462,7 @@ class PtraceCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_borked_obj_is_covered_2(self):
- obj = PtraceRule.parse('ptrace read peer=/foo,')
+ obj = PtraceRule.create_instance('ptrace read peer=/foo,')
testobj = PtraceRule('read', '/foo')
testobj.peer = ''
@@ -455,25 +471,31 @@ class PtraceCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered(self):
- obj = PtraceRule.parse('ptrace read,')
+ raw_rule = 'ptrace read,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(PtraceRule):
+ pass
+ obj = PtraceRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal_1(self):
- obj = PtraceRule.parse('ptrace read,')
+ raw_rule = 'ptrace read,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(PtraceRule):
+ pass
+ obj = PtraceRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)
def test_invalid_is_equal_2(self):
- obj = PtraceRule.parse('ptrace read,')
+ obj = PtraceRule.create_instance('ptrace read,')
- testobj = PtraceRule.parse('ptrace read,')
+ testobj = PtraceRule.create_instance('ptrace read,')
testobj.all_peers = False # make testobj invalid (should trigger exception in _is_equal_aare())
with self.assertRaises(AppArmorBug):
@@ -482,21 +504,21 @@ class PtraceCoveredTest_Invalid(AATest):
class PtraceLogprofHeaderTest(AATest):
tests = (
- ('ptrace,', [ _('Access mode'), _('ALL'), _('Peer'), _('ALL')]),
- ('ptrace read,', [ _('Access mode'), 'read', _('Peer'), _('ALL')]),
- ('deny ptrace,', [_('Qualifier'), 'deny', _('Access mode'), _('ALL'), _('Peer'), _('ALL')]),
+ ('ptrace,', [ _('Access mode'), _('ALL'), _('Peer'), _('ALL')]), # noqa: E201
+ ('ptrace read,', [ _('Access mode'), 'read', _('Peer'), _('ALL')]), # noqa: E201
+ ('deny ptrace,', [_('Qualifier'), 'deny', _('Access mode'), _('ALL'), _('Peer'), _('ALL')]), # noqa: E201
('allow ptrace read,', [_('Qualifier'), 'allow', _('Access mode'), 'read', _('Peer'), _('ALL')]),
('audit ptrace read,', [_('Qualifier'), 'audit', _('Access mode'), 'read', _('Peer'), _('ALL')]),
('audit deny ptrace read,', [_('Qualifier'), 'audit deny', _('Access mode'), 'read', _('Peer'), _('ALL')]),
- ('ptrace (read, tracedby) peer=/foo,', [ _('Access mode'), 'read tracedby', _('Peer'), '/foo']),
+ ('ptrace (read, tracedby) peer=/foo,', [ _('Access mode'), 'read tracedby', _('Peer'), '/foo']), # noqa: E201
)
def _run_test(self, params, expected):
- obj = PtraceRule.parse(params)
+ obj = PtraceRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
-## --- tests for PtraceRuleset --- #
+# --- tests for PtraceRuleset --- #
class PtraceRulesTest(AATest):
def test_empty_ruleset(self):
@@ -508,8 +530,7 @@ class PtraceRulesTest(AATest):
self.assertEqual([], ruleset_2.get_clean(2))
# test __repr__() for empty ruleset
- as_string = '%s' % ruleset
- self.assertEqual(as_string, '<PtraceRuleset (empty) />')
+ self.assertEqual(str(ruleset), '<PtraceRuleset (empty) />')
def test_ruleset_1(self):
ruleset = PtraceRuleset()
@@ -531,15 +552,14 @@ class PtraceRulesTest(AATest):
]
for rule in rules:
- ruleset.add(PtraceRule.parse(rule))
+ ruleset.add(PtraceRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
# test __repr__() for non-empty ruleset
- as_string = '%s' % ruleset
self.assertEqual(
- as_string, '<PtraceRuleset>\n ptrace peer=/foo,\n ptrace read,\n</PtraceRuleset>')
+ str(ruleset), '<PtraceRuleset>\n ptrace peer=/foo,\n ptrace read,\n</PtraceRuleset>')
def test_ruleset_2(self):
ruleset = PtraceRuleset()
@@ -565,7 +585,7 @@ class PtraceRulesTest(AATest):
]
for rule in rules:
- ruleset.add(PtraceRule.parse(rule))
+ ruleset.add(PtraceRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw(1))
self.assertEqual(expected_clean, ruleset.get_clean(1))
diff --git a/utils/test/test-regex_matches.py b/utils/test/test-regex_matches.py
index f084dad3c14f85ea318a6b0d4cab1e90d212192f..97120fad336f23a0e69b23d623d621e663e67e36 100644
--- a/utils/test/test-regex_matches.py
+++ b/utils/test/test-regex_matches.py
@@ -14,8 +14,9 @@ import unittest
import apparmor.aa as aa
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.regex import (
- RE_PROFILE_CAP, RE_PROFILE_DBUS, RE_PROFILE_PTRACE, RE_PROFILE_SIGNAL,
- RE_PROFILE_START, parse_profile_start_line, re_match_include,
+ RE_PROFILE_CAP, RE_PROFILE_DBUS, RE_PROFILE_MOUNT, RE_PROFILE_PTRACE, RE_PROFILE_SIGNAL,
+ RE_PROFILE_START, parse_profile_start_line, re_match_include, RE_PROFILE_UNIX,
+ RE_PROFILE_PIVOT_ROOT,
re_match_include_parse, strip_parenthesis, strip_quotes)
from common_test import AATest, setup_aa, setup_all_loops
@@ -45,7 +46,7 @@ class AANamedRegexTest(AATest):
match = matches.group(exp)
if match:
match = match
- self.assertEqual(match, expected[exp], 'Group %s mismatch in rule %s' % (exp, line))
+ self.assertEqual(match, expected[exp], 'Group {} mismatch in rule {}'.format(exp, line))
class AARegexHasComma(AATest):
@@ -54,9 +55,9 @@ class AARegexHasComma(AATest):
def _check(self, line, expected=True):
result = aa.RE_RULE_HAS_COMMA.search(line)
if expected:
- self.assertTrue(result, 'Couldn\'t find a comma in "%s"' % line)
+ self.assertTrue(result, 'Couldn\'t find a comma in "{}"'.format(line))
else:
- self.assertEqual(None, result, 'Found an unexpected comma in "%s"' % line)
+ self.assertEqual(None, result, 'Found an unexpected comma in "{}"'.format(line))
regex_has_comma_testcases = (
@@ -128,10 +129,10 @@ def setup_has_comma_testcases():
def stub_test_no_comma(self, test_string=test_string):
self._check(test_string % ' ', False)
- stub_test_comma.__doc__ = "test %s (w/comma)" % (description)
- stub_test_no_comma.__doc__ = "test %s (no comma)" % (description)
- setattr(AARegexHasComma, 'test_comma_%d' % (i), stub_test_comma)
- setattr(AARegexHasComma, 'test_no_comma_%d' % (i), stub_test_no_comma)
+ stub_test_comma.__doc__ = "test {} (w/comma)".format(description)
+ stub_test_no_comma.__doc__ = "test {} (no comma)".format(description)
+ setattr(AARegexHasComma, 'test_comma_{}'.format(i), stub_test_comma)
+ setattr(AARegexHasComma, 'test_no_comma_{}'.format(i), stub_test_no_comma)
class AARegexSplitComment(AATest):
@@ -140,16 +141,16 @@ class AARegexSplitComment(AATest):
def _check(self, line, expected, comment=None, not_comment=None):
result = aa.RE_HAS_COMMENT_SPLIT.search(line)
if expected:
- self.assertTrue(result, 'Couldn\'t find a comment in "%s"' % line)
+ self.assertTrue(result, 'Couldn\'t find a comment in "{}"'.format(line))
self.assertEqual(
result.group('comment'), comment,
- 'Expected comment "%s", got "%s"' % (comment, result.group('comment')))
+ 'Expected comment "{}", got "{}"'.format(comment, result.group('comment')))
self.assertEqual(
result.group('not_comment'), not_comment,
- 'Expected not comment "%s", got "%s"' % (not_comment, result.group('not_comment')))
+ 'Expected not comment "{}", got "{}"'.format(not_comment, result.group('not_comment')))
else:
- self.assertEqual(None, result, 'Found an unexpected comment "%s" in "%s"'
- % ("" if result is None else result.group('comment'), line))
+ self.assertEqual(None, result, 'Found an unexpected comment "{}" in "{}"'.format(
+ "" if result is None else result.group('comment'), line))
# Tuples of (string, expected result), where expected result is False if
@@ -184,8 +185,8 @@ def setup_split_comment_testcases():
else:
self._check(test_string, True, not_comment=result[0], comment=result[1])
- stub_test.__doc__ = "test '%s'" % (test_string)
- setattr(AARegexSplitComment, 'test_split_comment_%d' % (i), stub_test)
+ stub_test.__doc__ = "test '{}'".format(test_string)
+ setattr(AARegexSplitComment, 'test_split_comment_{}'.format(i), stub_test)
def _regex_test(self, line, expected):
@@ -209,7 +210,7 @@ def _regex_test(self, line, expected):
for (i, group) in enumerate(groups):
if group:
group = group.strip()
- self.assertEqual(group, expected[i], 'Group %d mismatch in rule %s' % (i, line))
+ self.assertEqual(group, expected[i], 'Group {} mismatch in rule {}'.format(i, line))
class AARegexCapability(AARegexTest):
@@ -248,7 +249,7 @@ class AARegexMount(AARegexTest):
"""Tests for RE_PROFILE_MOUNT"""
def AASetup(self):
- self.regex = aa.RE_PROFILE_MOUNT
+ self.regex = RE_PROFILE_MOUNT
tests = (
(' mount,', (None, None, 'mount,', 'mount', None, None)),
@@ -313,15 +314,15 @@ class AARegexPivotRoot(AARegexTest):
"""Tests for RE_PROFILE_PIVOT_ROOT"""
def AASetup(self):
- self.regex = aa.RE_PROFILE_PIVOT_ROOT
+ self.regex = RE_PROFILE_PIVOT_ROOT
tests = (
- (' pivot_root,', (None, None, 'pivot_root,', None)),
- (' audit pivot_root,', ('audit', None, 'pivot_root,', None)),
- (' pivot_root oldroot=/new/old,', (None, None, 'pivot_root oldroot=/new/old,', None)),
- (' pivot_root oldroot=/new/old /new,', (None, None, 'pivot_root oldroot=/new/old /new,', None)),
- (' pivot_root oldroot=/new/old /new -> child,', (None, None, 'pivot_root oldroot=/new/old /new -> child,', None)),
- (' audit pivot_root oldroot=/new/old /new -> child,', ('audit', None, 'pivot_root oldroot=/new/old /new -> child,', None)),
+ (' pivot_root,', (None, None, 'pivot_root,', None, None)),
+ (' audit pivot_root,', ('audit', None, 'pivot_root,', None, None)),
+ (' pivot_root oldroot=/new/old,', (None, None, 'pivot_root oldroot=/new/old,', 'oldroot=/new/old', None)),
+ (' pivot_root oldroot=/new/old /new,', (None, None, 'pivot_root oldroot=/new/old /new,', 'oldroot=/new/old /new', None)),
+ (' pivot_root oldroot=/new/old /new -> child,', (None, None, 'pivot_root oldroot=/new/old /new -> child,', 'oldroot=/new/old /new -> child', None)),
+ (' audit pivot_root oldroot=/new/old /new -> child,', ('audit', None, 'pivot_root oldroot=/new/old /new -> child,', 'oldroot=/new/old /new -> child', None)),
('pivot_root', False), # comma missing
@@ -337,19 +338,21 @@ class AARegexUnix(AARegexTest):
"""Tests for RE_PROFILE_UNIX"""
def AASetup(self):
- self.regex = aa.RE_PROFILE_UNIX
+ self.regex = RE_PROFILE_UNIX
tests = (
- (' unix,', (None, None, 'unix,', None)),
- (' audit unix,', ('audit', None, 'unix,', None)),
- (' unix accept,', (None, None, 'unix accept,', None)),
- (' allow unix connect,', (None, 'allow', 'unix connect,', None)),
- (' audit allow unix bind,', ('audit', 'allow', 'unix bind,', None)),
- (' deny unix bind,', (None, 'deny', 'unix bind,', None)),
- ('unix peer=(label=@{profile_name}),', (None, None, 'unix peer=(label=@{profile_name}),', None)),
- ('unix (receive) peer=(label=unconfined),', (None, None, 'unix (receive) peer=(label=unconfined),', None)),
- (' unix (getattr, shutdown) peer=(addr=none),', (None, None, 'unix (getattr, shutdown) peer=(addr=none),', None)),
- ('unix (connect, receive, send) type=stream peer=(label=unconfined,addr="@/tmp/dbus-*"),', (None, None, 'unix (connect, receive, send) type=stream peer=(label=unconfined,addr="@/tmp/dbus-*"),', None)),
+ (' unix,', (None, None, 'unix,', None, None)),
+ (' audit unix,', ('audit', None, 'unix,', None, None)),
+ (' unix accept,', (None, None, 'unix accept,', 'accept', None)),
+ (' allow unix connect,', (None, 'allow', 'unix connect,', 'connect', None)),
+ (' audit allow unix bind,', ('audit', 'allow', 'unix bind,', 'bind', None)),
+ (' deny unix bind,', (None, 'deny', 'unix bind,', 'bind', None)),
+ ('unix peer=(label=@{profile_name}),', (None, None, 'unix peer=(label=@{profile_name}),', 'peer=(label=@{profile_name})', None)),
+ ('unix (receive) peer=(label=unconfined),', (None, None, 'unix (receive) peer=(label=unconfined),', '(receive) peer=(label=unconfined)', None)),
+ (' unix (getattr, shutdown) peer=(addr=none),', (None, None, 'unix (getattr, shutdown) peer=(addr=none),', '(getattr, shutdown) peer=(addr=none)', None)),
+ ('unix (connect, receive, send) type=stream peer=(label=unconfined,addr="@/tmp/dbus-*"),', (None, None, 'unix (connect, receive, send) type=stream peer=(label=unconfined,addr="@/tmp/dbus-*"),',
+ '(connect, receive, send) type=stream peer=(label=unconfined,addr="@/tmp/dbus-*")', # noqa: E127
+ None)), # noqa: E127
('unixlike', False),
('deny unixlike,', False),
)
@@ -428,7 +431,7 @@ class Test_parse_profile_start_line(AATest):
for exp in expected:
self.assertEqual(
matches[exp], expected[exp],
- 'Group %s mismatch in rule %s' % (exp, line))
+ 'Group {} mismatch in rule {}'.format(exp, line))
class TestInvalid_parse_profile_start_line(AATest):
diff --git a/utils/test/test-rlimit.py b/utils/test/test-rlimit.py
index be3ddebd57379de23c0c1cce540a602cb5954081..532d5349227135d9d550bddeb046a5fbb6cf3fdf 100644
--- a/utils/test/test-rlimit.py
+++ b/utils/test/test-rlimit.py
@@ -18,7 +18,6 @@ from collections import namedtuple
from apparmor.common import AppArmorBug, AppArmorException
# from apparmor.logparser import ReadLog
-from apparmor.rule import BaseRule
from apparmor.rule.rlimit import RlimitRule, RlimitRuleset, split_unit
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -71,7 +70,7 @@ class RlimitTestParse(RlimitTest):
def _run_test(self, rawrule, expected):
self.assertTrue(RlimitRule.match(rawrule))
- obj = RlimitRule.parse(rawrule)
+ obj = RlimitRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@@ -95,7 +94,7 @@ class RlimitTestParseInvalid(RlimitTest):
def _run_test(self, rawrule, expected):
# self.assertFalse(RlimitRule.match(rawrule)) # the main regex isn't very strict
with self.assertRaises(expected):
- RlimitRule.parse(rawrule)
+ RlimitRule.create_instance(rawrule)
class RlimitTestParseFromLog(RlimitTest):
@@ -181,7 +180,7 @@ class InvalidRlimitTest(AATest):
obj = None
self.assertFalse(RlimitRule.match(rawrule))
with self.assertRaises(AppArmorException):
- obj = RlimitRule.parse(rawrule)
+ obj = RlimitRule.create_instance(rawrule)
self.assertIsNone(obj, 'RlimitRule handed back an object unexpectedly')
@@ -220,7 +219,7 @@ class WriteRlimitTest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(RlimitRule.match(rawrule))
- obj = RlimitRule.parse(rawrule)
+ obj = RlimitRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@@ -238,24 +237,24 @@ class WriteRlimitTest(AATest):
class RlimitCoveredTest(AATest):
def _run_test(self, param, expected):
- obj = RlimitRule.parse(self.rule)
- check_obj = RlimitRule.parse(param)
+ obj = RlimitRule.create_instance(self.rule)
+ check_obj = RlimitRule.create_instance(param)
self.assertTrue(RlimitRule.match(param))
self.assertEqual(
obj.is_equal(check_obj), expected[0],
- 'Mismatch in is_equal, expected %s' % expected[0])
+ 'Mismatch in is_equal, expected {}'.format(expected[0]))
self.assertEqual(
obj.is_equal(check_obj, True), expected[1],
- 'Mismatch in is_equal/strict, expected %s' % expected[1])
+ 'Mismatch in is_equal/strict, expected {}'.format(expected[1]))
self.assertEqual(
obj.is_covered(check_obj), expected[2],
- 'Mismatch in is_covered, expected %s' % expected[2])
+ 'Mismatch in is_covered, expected {}'.format(expected[2]))
self.assertEqual(
obj.is_covered(check_obj, True, True), expected[3],
- 'Mismatch in is_covered/exact, expected %s' % expected[3])
+ 'Mismatch in is_covered/exact, expected {}'.format(expected[3]))
class RlimitCoveredTest_01(RlimitCoveredTest):
@@ -336,7 +335,7 @@ class RlimitCoveredTest_05(RlimitCoveredTest):
class RlimitCoveredTest_Invalid(AATest):
def test_borked_obj_is_covered_1(self):
- obj = RlimitRule.parse('set rlimit cpu <= 1024,')
+ obj = RlimitRule.create_instance('set rlimit cpu <= 1024,')
testobj = RlimitRule('cpu', '1024')
testobj.rlimit = ''
@@ -345,7 +344,7 @@ class RlimitCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_borked_obj_is_covered_2(self):
- obj = RlimitRule.parse('set rlimit cpu <= 1024,')
+ obj = RlimitRule.create_instance('set rlimit cpu <= 1024,')
testobj = RlimitRule('cpu', '1024')
testobj.value = ''
@@ -354,18 +353,24 @@ class RlimitCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered(self):
- obj = RlimitRule.parse('set rlimit cpu <= 1024,')
+ raw_rule = 'set rlimit cpu <= 1024,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(RlimitRule):
+ pass
+ obj = RlimitRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
- obj = RlimitRule.parse('set rlimit cpu <= 1024,')
+ raw_rule = 'set rlimit cpu <= 1024,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(RlimitRule):
+ pass
+ obj = RlimitRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)
@@ -379,7 +384,7 @@ class RlimitLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
- obj = RlimitRule.parse(params)
+ obj = RlimitRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
@@ -414,7 +419,7 @@ class RlimitRulesTest(AATest):
]
for rule in rules:
- ruleset.add(RlimitRule.parse(rule))
+ ruleset.add(RlimitRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@@ -489,10 +494,10 @@ class RlimitTime_to_intTest(AATest):
('30us', 0.00003),
('40ms', 0.04),
('40seconds', 40),
- ('2minutes', 2*60),
- ('2hours', 2*60*60),
- ('1 day', 1*60*60*24),
- ('2 weeks', 2*60*60*24*7),
+ ('2minutes', 2 * 60),
+ ('2hours', 2 * 60 * 60),
+ ('1 day', 1 * 60 * 60 * 24),
+ ('2 weeks', 2 * 60 * 60 * 24 * 7),
)
def _run_test(self, params, expected):
diff --git a/utils/test/test-severity.py b/utils/test/test-severity.py
index 0d720066d82343882d34d557837fa277ddcfe388..67d98c0ff7ddd26f7b51b6578d26598c09ca6696 100755
--- a/utils/test/test-severity.py
+++ b/utils/test/test-severity.py
@@ -29,12 +29,12 @@ class SeverityBaseTest(AATest):
def _capability_severity_test(self, cap, expected_rank):
rank = self.sev_db.rank_capability(cap)
self.assertEqual(rank, expected_rank,
- 'expected rank %s, got %s' % (expected_rank, rank))
+ 'expected rank {}, got {}'.format(expected_rank, rank))
def _simple_severity_w_perm(self, path, perm, expected_rank):
rank = self.sev_db.rank_path(path, perm)
self.assertEqual(rank, expected_rank,
- 'expected rank %s, got %s' % (expected_rank, rank))
+ 'expected rank {}, got {}'.format(expected_rank, rank))
class SeverityTest(SeverityBaseTest):
@@ -77,7 +77,7 @@ class SeverityTestCap(SeverityBaseTest):
self._capability_severity_test(params, expected)
rank = self.sev_db.rank_capability(params)
- self.assertEqual(rank, expected, 'expected rank %s, got %s' % (expected, rank))
+ self.assertEqual(rank, expected, 'expected rank {}, got {}'.format(expected, rank))
class SeverityVarsTest(SeverityBaseTest):
diff --git a/utils/test/test-signal.py b/utils/test/test-signal.py
index e272adedf13834b4387611ef6ddd4036e6333fe9..58c6af44e492c4b7e83d6f478371eff1dbd4ae26 100644
--- a/utils/test/test-signal.py
+++ b/utils/test/test-signal.py
@@ -16,9 +16,8 @@
import unittest
from collections import namedtuple
-from apparmor.common import AppArmorBug, AppArmorException
+from apparmor.common import AppArmorBug, AppArmorException, hasher
from apparmor.logparser import ReadLog
-from apparmor.rule import BaseRule
from apparmor.rule.signal import SignalRule, SignalRuleset
from apparmor.translations import init_translation
from common_test import AATest, setup_all_loops
@@ -69,7 +68,7 @@ class SignalTestParse(SignalTest):
def _run_test(self, rawrule, expected):
self.assertTrue(SignalRule.match(rawrule))
- obj = SignalRule.parse(rawrule)
+ obj = SignalRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@@ -90,7 +89,7 @@ class SignalTestParseInvalid(SignalTest):
def _run_test(self, rawrule, expected):
self.assertTrue(SignalRule.match(rawrule)) # the above invalid rules still match the main regex!
with self.assertRaises(expected):
- SignalRule.parse(rawrule)
+ SignalRule.create_instance(rawrule)
class SignalTestParseFromLog(SignalTest):
@@ -135,6 +134,24 @@ class SignalTestParseFromLog(SignalTest):
self.assertEqual(obj.get_raw(1), ' signal send set=term peer=/usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper,')
+ def test_null_signal_from_log(self):
+
+ log = 'type=AVC msg=audit(1409438250.564:201): apparmor="DENIED" operation="signal" profile="/usr/bin/pulseaudio" pid=2531 comm="pulseaudio" requested_mask="send" denied_mask="send" signal=term peer="//null-"'
+ parser = ReadLog('', '', '')
+
+ hl = hasher()
+
+ ev = parser.parse_event(log)
+ SignalRule.hashlog_from_event(hl, ev)
+
+ expected = {'//null-': {'send': {'term': True}}}
+ self.assertEqual(hl, expected)
+
+ sr = SignalRule.from_hashlog(hl)
+
+ with self.assertRaises(StopIteration):
+ next(sr)
+
class SignalFromInit(SignalTest):
tests = (
@@ -193,7 +210,7 @@ class InvalidSignalTest(AATest):
obj = None
self.assertFalse(SignalRule.match(rawrule))
with self.assertRaises(AppArmorException):
- obj = SignalRule.parse(rawrule)
+ obj = SignalRule.create_instance(rawrule)
self.assertIsNone(obj, 'SignalRule handed back an object unexpectedly')
@@ -228,7 +245,7 @@ class InvalidSignalTest(AATest):
class WriteSignalTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(SignalRule.match(rawrule))
- obj = SignalRule.parse(rawrule)
+ obj = SignalRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@@ -273,24 +290,24 @@ class WriteSignalTestAATest(AATest):
class SignalCoveredTest(AATest):
def _run_test(self, param, expected):
- obj = SignalRule.parse(self.rule)
- check_obj = SignalRule.parse(param)
+ obj = SignalRule.create_instance(self.rule)
+ check_obj = SignalRule.create_instance(param)
self.assertTrue(SignalRule.match(param))
self.assertEqual(
obj.is_equal(check_obj), expected[0],
- 'Mismatch in is_equal, expected %s' % expected[0])
+ 'Mismatch in is_equal, expected {}'.format(expected[0]))
self.assertEqual(
obj.is_equal(check_obj, True), expected[1],
- 'Mismatch in is_equal/strict, expected %s' % expected[1])
+ 'Mismatch in is_equal/strict, expected {}'.format(expected[1]))
self.assertEqual(
obj.is_covered(check_obj), expected[2],
- 'Mismatch in is_covered, expected %s' % expected[2])
+ 'Mismatch in is_covered, expected {}'.format(expected[2]))
self.assertEqual(
obj.is_covered(check_obj, True, True), expected[3],
- 'Mismatch in is_covered/exact, expected %s' % expected[3])
+ 'Mismatch in is_covered/exact, expected {}'.format(expected[3]))
class SignalCoveredTest_01(SignalCoveredTest):
@@ -320,11 +337,11 @@ class SignalCoveredTest_02(SignalCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'signal send,', (False, False, True, False)),
+ (' signal send,', (False, False, True, False)),
('audit signal send,', (True, True, True, True)),
- ( 'signal send set=quit,', (False, False, True, False)),
+ (' signal send set=quit,', (False, False, True, False)),
('audit signal send set=quit,', (False, False, True, True)),
- ( 'signal,', (False, False, False, False)),
+ (' signal,', (False, False, False, False)),
('audit signal,', (False, False, False, False)),
('signal receive,', (False, False, False, False)),
)
@@ -335,16 +352,16 @@ class SignalCoveredTest_03(SignalCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'signal send set=quit,', (True, True, True, True)),
+ (' signal send set=quit,', (True, True, True, True)),
('allow signal send set=quit,', (True, False, True, True)),
- ( 'signal send,', (False, False, False, False)),
- ( 'signal,', (False, False, False, False)),
- ( 'signal send set=int,', (False, False, False, False)),
+ (' signal send,', (False, False, False, False)),
+ (' signal,', (False, False, False, False)),
+ (' signal send set=int,', (False, False, False, False)),
('audit signal,', (False, False, False, False)),
('audit signal send set=quit,', (False, False, False, False)),
('audit signal set=quit,', (False, False, False, False)),
- ( 'signal send,', (False, False, False, False)),
- ( 'signal,', (False, False, False, False)),
+ (' signal send,', (False, False, False, False)),
+ (' signal,', (False, False, False, False)),
)
@@ -353,12 +370,12 @@ class SignalCoveredTest_04(SignalCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'signal,', (True, True, True, True)),
+ (' signal,', (True, True, True, True)),
('allow signal,', (True, False, True, True)),
- ( 'signal send,', (False, False, True, True)),
- ( 'signal w set=quit,', (False, False, True, True)),
- ( 'signal set=int,', (False, False, True, True)),
- ( 'signal send set=quit,', (False, False, True, True)),
+ (' signal send,', (False, False, True, True)),
+ (' signal w set=quit,', (False, False, True, True)),
+ (' signal set=int,', (False, False, True, True)),
+ (' signal send set=quit,', (False, False, True, True)),
('audit signal,', (False, False, False, False)),
('deny signal,', (False, False, False, False)),
)
@@ -369,11 +386,11 @@ class SignalCoveredTest_05(SignalCoveredTest):
tests = (
# rule equal strict equal covered covered exact
- ( 'deny signal send,', (True, True, True, True)),
+ (' deny signal send,', (True, True, True, True)),
('audit deny signal send,', (False, False, False, False)),
- ( 'signal send,', (False, False, False, False)), # XXX should covered be true here?
- ( 'deny signal receive,', (False, False, False, False)),
- ( 'deny signal,', (False, False, False, False)),
+ (' signal send,', (False, False, False, False)), # XXX should covered be true here?
+ (' deny signal receive,', (False, False, False, False)),
+ (' deny signal,', (False, False, False, False)),
)
@@ -499,7 +516,7 @@ class SignalCoveredTest_09(SignalCoveredTest):
class SignalCoveredTest_Invalid(AATest):
def test_borked_obj_is_covered_1(self):
- obj = SignalRule.parse('signal send peer=/foo,')
+ obj = SignalRule.create_instance('signal send peer=/foo,')
testobj = SignalRule('send', 'quit', '/foo')
testobj.access = ''
@@ -508,7 +525,7 @@ class SignalCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_borked_obj_is_covered_2(self):
- obj = SignalRule.parse('signal send set=quit peer=/foo,')
+ obj = SignalRule.create_instance('signal send set=quit peer=/foo,')
testobj = SignalRule('send', 'quit', '/foo')
testobj.signal = ''
@@ -517,7 +534,7 @@ class SignalCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_borked_obj_is_covered_3(self):
- obj = SignalRule.parse('signal send set=quit peer=/foo,')
+ obj = SignalRule.create_instance('signal send set=quit peer=/foo,')
testobj = SignalRule('send', 'quit', '/foo')
testobj.peer = ''
@@ -526,42 +543,48 @@ class SignalCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered(self):
- obj = SignalRule.parse('signal send,')
+ raw_rule = 'signal send,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(SignalRule):
+ pass
+ obj = SignalRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
- obj = SignalRule.parse('signal send,')
+ raw_rule = 'signal send,'
- testobj = BaseRule() # different type
+ class SomeOtherClass(SignalRule):
+ pass
+ obj = SignalRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)
class SignalLogprofHeaderTest(AATest):
tests = (
- ('signal,', [ _('Access mode'), _('ALL'), _('Signal'), _('ALL'), _('Peer'), _('ALL')]),
- ('signal send,', [ _('Access mode'), 'send', _('Signal'), _('ALL'), _('Peer'), _('ALL')]),
- ('signal send set=quit,', [ _('Access mode'), 'send', _('Signal'), 'quit', _('Peer'), _('ALL')]),
+ ('signal,', [ _('Access mode'), _('ALL'), _('Signal'), _('ALL'), _('Peer'), _('ALL')]), # noqa: E201
+ ('signal send,', [ _('Access mode'), 'send', _('Signal'), _('ALL'), _('Peer'), _('ALL')]), # noqa: E201
+ ('signal send set=quit,', [ _('Access mode'), 'send', _('Signal'), 'quit', _('Peer'), _('ALL')]), # noqa: E201
('deny signal,', [_('Qualifier'), 'deny', _('Access mode'), _('ALL'), _('Signal'), _('ALL'), _('Peer'), _('ALL')]),
('allow signal send,', [_('Qualifier'), 'allow', _('Access mode'), 'send', _('Signal'), _('ALL'), _('Peer'), _('ALL')]),
('audit signal send set=quit,', [_('Qualifier'), 'audit', _('Access mode'), 'send', _('Signal'), 'quit', _('Peer'), _('ALL')]),
('audit deny signal send,', [_('Qualifier'), 'audit deny', _('Access mode'), 'send', _('Signal'), _('ALL'), _('Peer'), _('ALL')]),
- ('signal set=(int, quit),', [ _('Access mode'), _('ALL'), _('Signal'), 'int quit', _('Peer'), _('ALL')]),
- ('signal set=( quit, int),', [ _('Access mode'), _('ALL'), _('Signal'), 'int quit', _('Peer'), _('ALL')]),
- ('signal (send, receive) set=( quit, int) peer=/foo,', [ _('Access mode'), 'receive send', _('Signal'), 'int quit', _('Peer'), '/foo']),
+ ('signal set=(int, quit),', [ _('Access mode'), _('ALL'), _('Signal'), 'int quit', _('Peer'), _('ALL')]), # noqa: E201
+ ('signal set=( quit, int),', [ _('Access mode'), _('ALL'), _('Signal'), 'int quit', _('Peer'), _('ALL')]), # noqa: E201
+ ('signal (send, receive) set=( quit, int) peer=/foo,', [_('Access mode'), 'receive send', _('Signal'), 'int quit', _('Peer'), '/foo']),
)
def _run_test(self, params, expected):
- obj = SignalRule.parse(params)
+ obj = SignalRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
-## --- tests for SignalRuleset --- #
+# --- tests for SignalRuleset --- #
class SignalRulesTest(AATest):
def test_empty_ruleset(self):
@@ -592,7 +615,7 @@ class SignalRulesTest(AATest):
]
for rule in rules:
- ruleset.add(SignalRule.parse(rule))
+ ruleset.add(SignalRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@@ -621,7 +644,7 @@ class SignalRulesTest(AATest):
]
for rule in rules:
- ruleset.add(SignalRule.parse(rule))
+ ruleset.add(SignalRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw(1))
self.assertEqual(expected_clean, ruleset.get_clean(1))
diff --git a/utils/test/test-translations.py b/utils/test/test-translations.py
index 9e7493586bfcab622a13f386d8977cd4f053ddda..a8c86f277067eb3ce14bed773cba76fe31bf6129 100644
--- a/utils/test/test-translations.py
+++ b/utils/test/test-translations.py
@@ -42,31 +42,39 @@ class TestHotkeyConflicts(AATest):
def _run_test(self, params, expected):
self.createTmpdir()
- subprocess.call("make -C ../po >/dev/null", shell=True)
- subprocess.call("DESTDIR=%s NAME=apparmor-utils make -C ../po install >/dev/null" % self.tmpdir, shell=True)
+ subprocess.run("make -C ../po >/dev/null", shell=True, check=True)
+ subprocess.run(
+ "DESTDIR={} NAME=apparmor-utils make -C ../po install >/dev/null".format(self.tmpdir),
+ shell=True, check=True,
+ )
- self.localedir = '%s/usr/share/locale' % self.tmpdir
+ self.localedir = '{}/usr/share/locale'.format(self.tmpdir)
self.languages = os.listdir(self.localedir)
# make sure we found all translations
if len(self.languages) < 15:
- raise Exception('None or not all languages found, only %s' % self.languages)
+ raise Exception('None or not all languages found, only {}'.format(self.languages))
- self.languages.append('C') # we also want to detect hotkey conflicts in the untranslated english strings
+ # we also want to detect hotkey conflicts in the untranslated english strings
+ self.languages.append('C')
for language in self.languages:
- t = gettext.translation('apparmor-utils', fallback=True, localedir=self.localedir, languages=[language])
+ with self.subTest(language=language):
+ t = gettext.translation(
+ 'apparmor-utils', fallback=True,
+ localedir=self.localedir, languages=(language,),
+ )
- keys = dict()
- for key in params:
- text = t.gettext(CMDS[key])
- hotkey = get_translated_hotkey(text).lower()
+ keys = {}
+ for key in params:
+ text = t.gettext(CMDS[key])
+ hotkey = get_translated_hotkey(text)
- if keys.get(hotkey):
- raise Exception("Hotkey conflict: '%s' and '%s' in language %s" % (keys[hotkey], text, language))
- else:
- keys[hotkey] = text
+ if keys.get(hotkey):
+ raise Exception("Hotkey conflict: '{}' and '{}'".format(keys[hotkey], text))
+ else:
+ keys[hotkey] = text
setup_all_loops(__name__)
diff --git a/utils/test/test-unix.py b/utils/test/test-unix.py
new file mode 100644
index 0000000000000000000000000000000000000000..4a4cf0568bb0a6b4a4f1a9e6e2447eb26d78176b
--- /dev/null
+++ b/utils/test/test-unix.py
@@ -0,0 +1,183 @@
+#!/usr/bin/python3
+# ----------------------------------------------------------------------
+# Copyright (C) 2024 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+import unittest
+from common_test import AATest, setup_all_loops
+
+from apparmor.common import AppArmorException
+from apparmor.translations import init_translation
+
+from apparmor.rule.unix import UnixRule
+
+_ = init_translation()
+
+
+class UnixTestParse(AATest):
+
+ tests = (
+ # Rule Accesses Rule conds Local expr Peer expr Audit Deny Allow Comment
+ ('unix,', UnixRule(UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, False, False, False, '')),
+ ('unix rw,', UnixRule('rw', UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, False, False, False, '')),
+ ('unix (accept, rw),', UnixRule(('accept', 'rw'), UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, False, False, False, '')),
+ ('unix peer=(addr=AA label=bb),', UnixRule(UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, {'addr': 'AA', 'label': 'bb'}, False, False, False, '')),
+ ('unix opt=AA label=bb,', UnixRule(UnixRule.ALL, UnixRule.ALL, {'opt': 'AA', 'label': 'bb'}, UnixRule.ALL, False, False, False, '')),
+ ('unix (accept rw) type=AA protocol=BB,', UnixRule(('accept', 'rw'), {'type': 'AA', 'protocol': 'BB'}, UnixRule.ALL, UnixRule.ALL, False, False, False, '')),
+ ('unix (accept, rw) protocol=AA type=BB,', UnixRule(('accept', 'rw'), {'type': 'BB', 'protocol': 'AA'}, UnixRule.ALL, UnixRule.ALL, False, False, False, '')),
+ ('unix shutdown addr=@srv,', UnixRule('shutdown', UnixRule.ALL, {'addr': '@srv'}, UnixRule.ALL, False, False, False, '')),
+ ('unix send addr=@foo{a,b} peer=(label=splat),', UnixRule('send', UnixRule.ALL, {'addr': '@foo{a,b}'}, {'label': 'splat'}, False, False, False, '')),
+ ('unix peer=(addr=@/tmp/foo-??????),', UnixRule(UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, {'addr': '@/tmp/foo-??????'}, False, False, False, '')),
+ ('unix peer=(addr="@/tmp/f o-??????"),', UnixRule(UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, {'addr': '@/tmp/f o-??????'}, False, False, False, '')),
+ ('unix peer=(addr=@/tmp/foo-*),', UnixRule(UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, {'addr': '@/tmp/foo-*'}, False, False, False, '')),
+ ('unix (accept, rw) protocol=AA type=BB opt=AA label=bb peer=(addr=a label=bb),',
+ UnixRule(('accept', 'rw'), {'type': 'BB', 'protocol': 'AA'}, {'opt': 'AA', 'label': 'bb'}, {'addr': 'a', 'label': 'bb'}, False, False, False, '')), # noqa: E127
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(UnixRule.match(rawrule))
+ obj = UnixRule.create_instance(rawrule)
+ expected.raw_rule = rawrule.strip()
+ self.assertTrue(obj.is_equal(expected, True), f'\n {rawrule} expected,\n {obj.get_clean()} returned by obj.get_clean()\n {expected.get_clean()} returned by expected.get_clean()')
+
+ def test_diff_local(self):
+ obj1 = UnixRule('send', UnixRule.ALL, {'addr': 'foo'}, UnixRule.ALL, )
+ obj2 = UnixRule('send', UnixRule.ALL, UnixRule.ALL, {'addr': 'bar'})
+ self.assertFalse(obj1.is_equal(obj2, False))
+
+ def test_diff_peer(self):
+ obj1 = UnixRule('send', UnixRule.ALL, UnixRule.ALL, {'addr': 'foo'})
+ obj2 = UnixRule('send', UnixRule.ALL, UnixRule.ALL, {'addr': 'bar'})
+ self.assertFalse(obj1.is_equal(obj2, False))
+
+
+class UnixTestParseInvalid(AATest):
+ tests = (
+ ('unix invalid,', AppArmorException),
+ ('unix (invalid),', AppArmorException),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(UnixRule.match(rawrule)) # the above invalid rules still match the main regex!
+ with self.assertRaises(expected):
+ UnixRule.create_instance(rawrule)
+
+ def test_parse_fail(self):
+ with self.assertRaises(AppArmorException):
+ UnixRule.create_instance('foo,')
+
+ def test_invalid_key(self):
+ with self.assertRaises(AppArmorException):
+ UnixRule('send', UnixRule.ALL, {'invalid': 'whatever'}, UnixRule.ALL, False, False, False, '')
+
+ def test_invalid_access(self):
+ with self.assertRaises(AppArmorException):
+ UnixRule('invalid', UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, False, False, False, '')
+
+ def test_invalid_access2(self):
+ with self.assertRaises(AppArmorException):
+ UnixRule(('rw', 'invalid'), UnixRule.ALL, UnixRule.ALL, UnixRule.ALL, False, False, False, '')
+
+ def test_invalid_peer_expr(self):
+ with self.assertRaises(AppArmorException):
+ UnixRule('create', UnixRule.ALL, UnixRule.ALL, {'addr': 'foo'}, False, False, False, '')
+
+
+class UnixIsCoveredTest(AATest):
+ def test_is_covered(self):
+ obj = UnixRule(('accept', 'rw'), {'type': 'F*', 'protocol': 'AA'}, {'addr': 'AA'}, {'addr': 'AA', 'label': 'bb'})
+ tests = [
+ (('accept',), {'type': 'F*', 'protocol': 'AA'}, {'opt': 'AA', 'label': 'bb'}, {'addr': 'AA', 'label': 'bb'}),
+ (('accept', 'rw'), {'type': 'F*'}, {'opt': 'AA', 'label': 'bb'}, {'addr': 'AA', 'label': 'bb'}),
+ (('accept', 'rw'), {'type': 'Foo'}, {'addr': 'AA'}, {'addr': 'AA', 'label': 'bb'}),
+ (('accept', 'rw'), {'type': 'Foo'}, {'addr': 'AA', 'opt': 'BB'}, {'addr': 'AA', 'label': 'bb'})
+ ]
+ for test in tests:
+ self.assertTrue(obj.is_covered(UnixRule(*test)))
+ self.assertFalse(obj.is_equal(UnixRule(*test)))
+
+ def test_is_covered2(self):
+ obj = UnixRule(('accept', 'rw'), UnixRule.ALL, {'addr': 'AA'}, {'addr': 'AA', 'label': 'bb'})
+ tests = [
+ (('accept',), {'type': 'F*', 'protocol': 'AA'}, {'opt': 'AA', 'label': 'bb'}, {'addr': 'AA', 'label': 'bb'}),
+ (('accept', 'rw'), {'type': 'F*'}, {'opt': 'AA', 'label': 'bb'}, {'addr': 'AA', 'label': 'bb'}),
+ (('accept', 'rw'), {'type': 'Foo'}, {'addr': 'AA'}, {'addr': 'AA', 'label': 'bb'}),
+ (('accept', 'rw'), {'type': 'Foo'}, {'addr': 'AA', 'opt': 'BB'}, {'addr': 'AA', 'label': 'bb'})
+ ]
+ for test in tests:
+ self.assertTrue(obj.is_covered(UnixRule(*test)))
+ self.assertFalse(obj.is_equal(UnixRule(*test)))
+
+ def test_is_not_covered(self):
+ obj = UnixRule(('accept', 'rw'), {'type': 'F'}, {'opt': 'AA'}, {'addr': 'AA', 'label': 'bb'})
+ tests = [
+ (('r',), {'type': 'F*', 'protocol': 'AA'}, {'opt': 'AA', 'label': 'bb'}, {'addr': 'AA', 'label': 'bb'}),
+ (('accept', 'rw'), {'type': 'B'}, {'opt': 'AA', 'label': 'bb'}, {'addr': 'AA', 'label': 'bb'}),
+ (('accept', 'rw'), {'type': 'F'}, {'opt': 'AA', 'label': 'bb'}, UnixRule.ALL),
+ (('accept', 'rw'), {'type': 'F'}, {'opt': 'notcovered'}, {'addr': 'AA', 'label': 'bb'}),
+ (('accept', 'rw'), {'type': 'F'}, {'opt': 'AA'}, {'addr': 'notcovered'}),
+ ]
+ for test in tests:
+ self.assertFalse(obj.is_covered(UnixRule(*test)), test)
+ self.assertFalse(obj.is_equal(UnixRule(*test)))
+
+
+class UnixLogprofHeaderTest(AATest):
+ tests = (
+ ('unix,', [_('Accesses'), 'ALL', _('Rule'), 'ALL', _('Local'), 'ALL', _('Peer'), 'ALL']),
+ ('unix rw,', [_('Accesses'), 'rw', _('Rule'), 'ALL', _('Local'), 'ALL', _('Peer'), 'ALL']),
+ ('unix send addr=@foo{one,two peer=(label=splat),', [_('Accesses'), 'send', _('Rule'), 'ALL', _('Local'), {'addr': '@foo{one,two'}, _('Peer'), {'label': 'splat'}])
+ )
+
+ def _run_test(self, params, expected):
+ obj = UnixRule.create_instance(params)
+ self.assertEqual(obj.logprof_header(), expected)
+
+
+class UnixTestGlob(AATest):
+ def test_glob(self):
+ glob_list = [(
+ 'unix (accept, rw) type=BB protocol=AA label=bb opt=AA peer=(addr=a label=bb),',
+ 'unix (accept, rw) type=BB protocol=AA label=bb opt=AA,',
+ 'unix (accept, rw) type=BB protocol=AA,',
+ 'unix (accept, rw),',
+ 'unix,',
+ )]
+ for globs in glob_list:
+ for i in range(len(globs) - 1):
+ rule = UnixRule.create_instance(globs[i])
+ rule.glob()
+ self.assertEqual(rule.get_clean(), globs[i + 1])
+
+
+class UnixTestClean(AATest):
+ tests = (
+ (' unix , # foo ', 'unix, # foo'),
+ (' unix addr = foo , ', 'unix addr=foo,'),
+ (' unix ( accept , rw) protocol = AA type = BB opt = myopt label = bb peer = (addr = a label = bb ) , ', 'unix (accept, rw) type=BB protocol=AA label=bb opt=myopt peer=(addr=a label=bb),'),
+
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(UnixRule.match(rawrule))
+ obj = UnixRule.create_instance(rawrule)
+ clean = obj.get_clean()
+ raw = obj.get_raw()
+
+ self.assertEqual(expected, clean, 'unexpected clean rule')
+ self.assertEqual(rawrule.strip(), raw, 'unexpected raw rule')
+
+
+setup_all_loops(__name__)
+if __name__ == '__main__':
+ unittest.main(verbosity=1)
diff --git a/utils/test/test-unix_parse.py b/utils/test/test-unix_parse.py
deleted file mode 100644
index 5faadc874d7888364b87e78ff28da5910c2839ce..0000000000000000000000000000000000000000
--- a/utils/test/test-unix_parse.py
+++ /dev/null
@@ -1,42 +0,0 @@
-#! /usr/bin/python3
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2014 Canonical Ltd.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-import apparmor.aa as aa
-import unittest
-
-from common_test import AAParseTest, setup_aa, setup_regex_tests
-
-
-class AAParseUnixTest(AAParseTest):
-
- def setUp(self):
- self.parse_function = aa.parse_unix_rule
-
- tests = (
- ('unix,', 'unix base keyword'),
- ('unix r,', 'unix r rule'),
- ('unix w,', 'unix w rule'),
- ('unix rw,', 'unix rw rule'),
- ('unix send,', 'unix send rule'),
- ('unix receive,', 'unix receive rule'),
- ('unix (r),', 'unix (r) rule'),
- ('unix (w),', 'unix (w) rule'),
- ('unix (rw),', 'unix (rw) rule'),
- ('unix (send),', 'unix (send) rule'),
- ('unix (receive),', 'unix (receive) rule'),
- ('unix (connect, receive, send) type=stream peer=(label=unconfined,addr="@/tmp/.X11-unix/X[0-9]*"),', 'complex unix rule'),
- )
-
-
-setup_aa(aa)
-if __name__ == '__main__':
- setup_regex_tests(AAParseUnixTest)
- unittest.main(verbosity=1)
diff --git a/utils/test/test-userns.py b/utils/test/test-userns.py
new file mode 100644
index 0000000000000000000000000000000000000000..82e523fd088537ec76a6bd2549c66183af9715cd
--- /dev/null
+++ b/utils/test/test-userns.py
@@ -0,0 +1,177 @@
+#!/usr/bin/python3
+# ----------------------------------------------------------------------
+# Copyright (C) 2022 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+import unittest
+from collections import namedtuple
+
+from apparmor.logparser import ReadLog
+
+from common_test import AATest, setup_all_loops
+
+from apparmor.rule.userns import UserNamespaceRule, UserNamespaceRuleset
+from apparmor.common import AppArmorException, AppArmorBug, hasher
+from apparmor.translations import init_translation
+_ = init_translation()
+
+
+class UserNamespaceTestParse(AATest):
+ tests = (
+ # access audit deny allow comment
+ ('userns,', UserNamespaceRule(UserNamespaceRule.ALL, False, False, False, '')),
+ ('userns create,', UserNamespaceRule(('create'), False, False, False, '')),
+ ('audit userns create,', UserNamespaceRule(('create'), True, False, False, '')),
+ ('deny userns,', UserNamespaceRule(UserNamespaceRule.ALL, False, True, False, '')),
+ ('audit allow userns,', UserNamespaceRule(UserNamespaceRule.ALL, True, False, True, '')),
+ ('userns create, # cmt', UserNamespaceRule(('create'), False, False, False, ' # cmt')),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(UserNamespaceRule.match(rawrule))
+ obj = UserNamespaceRule.create_instance(rawrule)
+ expected.raw_rule = rawrule.strip()
+ self.assertTrue(obj.is_equal(expected, True))
+
+
+class UserNamespaceTestParseInvalid(AATest):
+ tests = (
+ ('userns invalidaccess,', AppArmorException),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(UserNamespaceRule.match(rawrule)) # the above invalid rules still match the main regex!
+ with self.assertRaises(expected):
+ UserNamespaceRule.create_instance(rawrule)
+
+ def test_parse_fail(self):
+ with self.assertRaises(AppArmorException):
+ UserNamespaceRule.create_instance('foo,')
+
+ def test_diff_non_usernsrule(self):
+ exp = namedtuple('exp', ('audit', 'deny'))
+ obj = UserNamespaceRule(('create'))
+ with self.assertRaises(AppArmorBug):
+ obj.is_equal(exp(False, False), False)
+
+ def test_diff_access(self):
+ obj1 = UserNamespaceRule(UserNamespaceRule.ALL)
+ obj2 = UserNamespaceRule(('create'))
+ self.assertFalse(obj1.is_equal(obj2, False))
+
+
+class InvalidUserNamespaceInit(AATest):
+ tests = (
+ # init params expected exception
+ ((''), TypeError), # empty access
+ ((' '), AppArmorBug), # whitespace access
+ (('xyxy'), AppArmorException), # invalid access
+ (dict(), TypeError), # wrong type for access
+ (None, TypeError), # wrong type for access
+ )
+
+ def _run_test(self, params, expected):
+ with self.assertRaises(expected):
+ UserNamespaceRule(*params)
+
+ def test_missing_params(self):
+ with self.assertRaises(TypeError):
+ UserNamespaceRule()
+
+
+class WriteUserNamespaceTestAATest(AATest):
+ tests = (
+ # raw rule clean rule
+ (' userns , # foo ', 'userns, # foo'),
+ (' audit userns create,', 'audit userns create,'),
+ (' deny userns ,# foo bar', 'deny userns, # foo bar'),
+ (' allow userns create ,# foo bar', 'allow userns create, # foo bar'),
+ ('userns,', 'userns,'),
+ ('userns create,', 'userns create,'),
+ )
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(UserNamespaceRule.match(rawrule))
+ obj = UserNamespaceRule.create_instance(rawrule)
+ clean = obj.get_clean()
+ raw = obj.get_raw()
+
+ self.assertEqual(expected.strip(), clean, 'unexpected clean rule')
+ self.assertEqual(rawrule.strip(), raw, 'unexpected raw rule')
+
+ def test_write_manually(self):
+ obj = UserNamespaceRule('create', allow_keyword=True)
+
+ expected = ' allow userns create,'
+
+ self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule')
+ self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')
+
+ def test_write_invalid_access(self):
+ obj = UserNamespaceRule('create')
+ obj.access = ''
+ with self.assertRaises(AppArmorBug):
+ obj.get_clean()
+
+
+class UserNamespaceIsCoveredTest(AATest):
+ def test_is_covered(self):
+ obj = UserNamespaceRule(UserNamespaceRule.ALL)
+ self.assertTrue(obj.is_covered(UserNamespaceRule(('create'))))
+ self.assertTrue(obj.is_covered(UserNamespaceRule(UserNamespaceRule.ALL)))
+
+ def test_is_not_covered(self):
+ obj = UserNamespaceRule(('create'))
+ self.assertFalse(obj.is_covered(UserNamespaceRule(UserNamespaceRule.ALL)))
+
+
+class UserNamespaceLogprofHeaderTest(AATest):
+ tests = (
+ ('userns,', [_('Access mode'), _('ALL')]),
+ ('userns create,', [_('Access mode'), 'create']),
+ )
+
+ def _run_test(self, params, expected):
+ obj = UserNamespaceRule.create_instance(params)
+ self.assertEqual(obj.logprof_header(), expected)
+
+ def test_unconfined_usens_from_log(self):
+
+ log = 'type=AVC msg=audit(1720613712.153:168): apparmor="AUDIT" operation="userns_create" class="namespace" info="Userns create - transitioning profile" profile="unconfined" pid=5630 comm="unshare" requested="userns_create" target="unprivileged_userns" execpath="/usr/bin/unshare"'
+ parser = ReadLog('', '', '')
+
+ hl = hasher()
+
+ ev = parser.parse_event(log)
+ UserNamespaceRule.hashlog_from_event(hl, ev)
+
+ expected = {'create': True}
+ self.assertEqual(hl, expected)
+
+ ur = UserNamespaceRule.from_hashlog(hl)
+
+ expected = UserNamespaceRule('create')
+
+ self.assertTrue(expected.is_equal(next(ur)))
+ with self.assertRaises(StopIteration):
+ next(ur)
+
+
+class UserNamespaceGlobTestAATest(AATest):
+ def test_glob(self):
+ self.assertEqual(UserNamespaceRuleset().get_glob('userns create,'), 'userns,')
+
+
+setup_all_loops(__name__)
+if __name__ == '__main__':
+ unittest.main(verbosity=1)
diff --git a/utils/test/test-variable.py b/utils/test/test-variable.py
index 8e1c4b4ba019c298acee34600702b03fc82ada42..1dcedc3dd4b737115c278627406fc4ad2686f286 100644
--- a/utils/test/test-variable.py
+++ b/utils/test/test-variable.py
@@ -18,7 +18,6 @@ from collections import namedtuple
from common_test import AATest, setup_all_loops
from apparmor.common import AppArmorBug, AppArmorException
-from apparmor.rule import BaseRule
from apparmor.rule.variable import VariableRule, VariableRuleset, separate_vars
from apparmor.translations import init_translation
@@ -87,7 +86,7 @@ class VariableTestParse(VariableTest):
def _run_test(self, rawrule, expected):
self.assertTrue(VariableRule.match(rawrule))
- obj = VariableRule.parse(rawrule)
+ obj = VariableRule.create_instance(rawrule)
self.assertEqual(rawrule.strip(), obj.raw_rule)
self._compare_obj(obj, expected)
@@ -108,7 +107,7 @@ class VariableTestParseInvalid(VariableTest):
def _run_test(self, rawrule, expected):
self.assertEqual(VariableRule.match(rawrule), expected[0])
with self.assertRaises(expected[1]):
- VariableRule.parse(rawrule)
+ VariableRule.create_instance(rawrule)
class VariableFromInit(VariableTest):
@@ -173,7 +172,7 @@ class InvalidVariableTest(AATest):
obj = None
self.assertEqual(VariableRule.match(rawrule), matches_regex)
with self.assertRaises(AppArmorException):
- obj = VariableRule.parse(rawrule)
+ obj = VariableRule.create_instance(rawrule)
self.assertIsNone(obj, 'VariableRule handed back an object unexpectedly')
@@ -200,7 +199,7 @@ class WriteVariableTestAATest(AATest):
def _run_test(self, rawrule, expected):
self.assertTrue(VariableRule.match(rawrule))
- obj = VariableRule.parse(rawrule)
+ obj = VariableRule.create_instance(rawrule)
clean = obj.get_clean()
raw = obj.get_raw()
@@ -226,16 +225,16 @@ class WriteVariableTestAATest(AATest):
class VariableCoveredTest(AATest):
def _run_test(self, param, expected):
- obj = VariableRule.parse(self.rule)
- check_obj = VariableRule.parse(param)
+ obj = VariableRule.create_instance(self.rule)
+ check_obj = VariableRule.create_instance(param)
self.assertTrue(VariableRule.match(param))
- self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected %s' % expected[0])
- self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected %s' % expected[1])
+ self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected {}'.format(expected[0]))
+ self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected {}'.format(expected[1]))
- self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected %s' % expected[2])
- self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected %s' % expected[3])
+ self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected {}'.format(expected[2]))
+ self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected {}'.format(expected[3]))
class VariableCoveredTest_01(VariableCoveredTest):
@@ -280,7 +279,7 @@ class VariableCoveredTest_02(VariableCoveredTest):
class VariableCoveredTest_Invalid(AATest):
# def test_borked_obj_is_covered_1(self):
- # obj = VariableRule.parse('@{foo} = /bar')
+ # obj = VariableRule.create_instance('@{foo} = /bar')
#
# testobj = VariableRule('@{foo}', '=', '/bar')
# testobj.mode = ''
@@ -289,7 +288,7 @@ class VariableCoveredTest_Invalid(AATest):
# obj.is_covered(testobj)
def test_borked_obj_is_covered_2(self):
- obj = VariableRule.parse('@{foo} = /bar')
+ obj = VariableRule.create_instance('@{foo} = /bar')
testobj = VariableRule('@{foo}', '=', {'/bar'})
testobj.values = ''
@@ -298,18 +297,24 @@ class VariableCoveredTest_Invalid(AATest):
obj.is_covered(testobj)
def test_invalid_is_covered_3(self):
- obj = VariableRule.parse('@{foo} = /bar')
+ raw_rule = '@{foo} = /bar'
- testobj = BaseRule() # different type
+ class SomeOtherClass(VariableRule):
+ pass
+ obj = VariableRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
def test_invalid_is_equal(self):
- obj = VariableRule.parse('@{foo} = /bar')
+ raw_rule = '@{foo} = /bar'
- testobj = BaseRule() # different type
+ class SomeOtherClass(VariableRule):
+ pass
+ obj = VariableRule.create_instance(raw_rule)
+ testobj = SomeOtherClass.create_instance(raw_rule) # different type
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)
@@ -320,7 +325,7 @@ class VariableLogprofHeaderTest(AATest):
)
def _run_test(self, params, expected):
- obj = VariableRule.parse(params)
+ obj = VariableRule.create_instance(params)
self.assertEqual(obj.logprof_header(), expected)
# --- tests for VariableRuleset --- #
@@ -380,7 +385,7 @@ class VariableRulesTest(AATest):
}
for rule in rules:
- ruleset.add(VariableRule.parse(rule))
+ ruleset.add(VariableRule.create_instance(rule))
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
@@ -390,9 +395,9 @@ class VariableRulesTest(AATest):
def test_ruleset_overwrite(self):
ruleset = VariableRuleset()
- ruleset.add(VariableRule.parse('@{foo} = /bar'))
+ ruleset.add(VariableRule.create_instance('@{foo} = /bar'))
with self.assertRaises(AppArmorException):
- ruleset.add(VariableRule.parse('@{foo} = /asdf')) # attempt to redefine @{foo}
+ ruleset.add(VariableRule.create_instance('@{foo} = /asdf')) # attempt to redefine @{foo}
self.assertEqual({'=': {'@{foo}': {'/bar'}}, '+=': {}}, ruleset.get_merged_variables())
diff --git a/utils/test/wtmp-examples/lastlog2.db b/utils/test/wtmp-examples/lastlog2.db
new file mode 100644
index 0000000000000000000000000000000000000000..42ecc58ef26345d7005b7e70372b5eacbe371f00
Binary files /dev/null and b/utils/test/wtmp-examples/lastlog2.db differ
diff --git a/utils/vim/apparmor.vim.in b/utils/vim/apparmor.vim.in
index cf943359c191bb9a9fec70bae2e16b8ff091a38b..53f0a73dc75397a529f6d2913aeed8c4bdeeef14 100644
--- a/utils/vim/apparmor.vim.in
+++ b/utils/vim/apparmor.vim.in
@@ -1,30 +1,25 @@
" ----------------------------------------------------------------------
" Copyright (c) 2005 Novell, Inc. All Rights Reserved.
-" Copyright (c) 2006-2012 Christian Boltz. All Rights Reserved.
-"
+" Copyright (c) 2006-2023 Christian Boltz. All Rights Reserved.
+"
" This program is free software; you can redistribute it and/or
" modify it under the terms of version 2 of the GNU General Public
" License as published by the Free Software Foundation.
-"
+"
" This program is distributed in the hope that it will be useful,
" but WITHOUT ANY WARRANTY; without even the implied warranty of
" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
" GNU General Public License for more details.
-"
+"
" You should have received a copy of the GNU General Public License
" along with this program; if not, contact Novell, Inc.
-"
-" To contact Novell about this file by physical or electronic mail,
-" you may find current contact information at www.novell.com.
-"
-" To contact Christian Boltz about this file by physical or electronic
-" mail, you may find current contact information at www.cboltz.de/en/kontakt.
"
-" If you want to report a bug via bugzilla.novell.com, please assign it
-" to suse-beta[AT]cboltz.de (replace [AT] with @).
+" If you want to report a bug for apparmor.vim, please do so at
+" - https://gitlab.com/apparmor/apparmor/ or
+" - https://bugzilla.opensuse.org (assign it to suse-beta[AT]cboltz.de)
" ----------------------------------------------------------------------
"
-" stick this file into ~/.vim/syntax/ and add these commands into your .vimrc
+" stick this file into ~/.vim/syntax/ and add these commands into your .vimrc
" to have vim automagically use this syntax file for these directories:
"
" autocmd BufNewFile,BufRead /etc/apparmor.d/* set syntax=apparmor
@@ -49,6 +44,7 @@ syntax case match
" hi sdComment2 ctermfg=darkblue
hi sdGlob ctermfg=darkmagenta
hi sdAlias ctermfg=darkmagenta
+ hi sdAll ctermfg=darkred ctermbg=yellow
hi sdEntryWriteExec ctermfg=black ctermbg=yellow
hi sdEntryUX ctermfg=darkred cterm=underline
hi sdEntryUXe ctermfg=darkred
@@ -64,6 +60,7 @@ syntax case match
hi sdCapKey cterm=underline ctermfg=lightblue
hi sdCapDanger ctermfg=darkred
hi sdRLimit ctermfg=lightblue
+ hi sdUserns ctermfg=darkred
hi def link sdEntryR Normal
hi def link sdEntryK Normal
hi def link sdFlags Normal
@@ -117,12 +114,19 @@ syn match sdAlias /\v^\s*alias\s+@@FILENAME@@\s+-\>\s+@@FILENAME@@@@EOL@@/ conta
" syn match sdComment /#.*/
-syn cluster sdEntry contains=sdEntryWriteExec,sdEntryR,sdEntryW,sdEntryIX,sdEntryPX,sdEntryPXe,sdEntryUX,sdEntryUXe,sdEntryM,sdCap,sdSetCap,sdExtHat,sdRLimit,sdNetwork,sdNetworkDanger,sdEntryChangeProfile
+" List of all (supported) rules inside a profile.
+" XXX When adding support for a new rule type, also add it here. XXX
+" XXX Otherwise it will be highlighted as an error. XXX
+syn cluster sdEntry contains=sdAll,sdEntryWriteExec,sdEntryR,sdEntryW,sdEntryIX,sdEntryPX,sdEntryPXe,sdEntryUX,sdEntryUXe,sdEntryM,sdCap,sdSetCap,sdExtHat,sdRLimit,sdNetwork,sdNetworkDanger,sdEntryChangeProfile,sdUserns
" TODO: support audit and deny keywords for all rules (not only for files)
" TODO: highlight audit and deny keywords everywhere
+" 'all' rule
+syn match sdAll /\v^\s*@@auditdeny@@all@@EOL@@/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+
" Capability line
" normal capabilities - really keep this list? syn match sdCap should be enough... (difference: sdCapKey words would loose underlining)
@@ -159,10 +163,13 @@ syn match sdRLimit /\v^\s*set\s+rlimit\s+(nofile|ofile|nproc|rtprio)\s+\<\=\s+[0
syn match sdRLimit /\v^\s*set\s+rlimit\s+(locks|sigpending)\s+\<\=\s+[0-9]+@@EOL@@/ contains=sdComment
syn match sdRLimit /\v^\s*set\s+rlimit\s+(fsize|data|stack|core|rss|as|memlock|msgqueue)\s+\<\=\s+[0-9]+([KMG]B)?@@EOL@@/ contains=sdComment
syn match sdRLimit /\v^\s*set\s+rlimit\s+nice\s+\<\=\s+(-1?[0-9]|-20|1?[0-9])@@EOL@@/ contains=sdComment
-syn match sdRLimit /\v^\s*set\s+rlimit\s+cpu\s+\<\=\s+[0-9]+(seconds|minutes|hours|days)?@@EOL@@/ contains=sdComment
-syn match sdRLimit /\v^\s*set\s+rlimit\s+rttime\s+\<\=\s+[0-9]+(ms|seconds|minutes)?@@EOL@@/ contains=sdComment
+syn match sdRLimit /\v^\s*set\s+rlimit\s+cpu\s+\<\=\s+[0-9]+\s*(s|sec|second|seconds|min|minute|minutes|h|hour|hours|d|day|days|week|weeks)?@@EOL@@/ contains=sdComment
+syn match sdRLimit /\v^\s*set\s+rlimit\s+rttime\s+\<\=\s+[0-9]+\s*(us|microsecond|microseconds|ms|millisecond|milliseconds|s|sec|second|seconds|min|minute|minutes|h|hour|hours|d|day|days|week|weeks)?@@EOL@@/ contains=sdComment
syn match sdRLimit /\v^\s*set\s+rlimit\s+(cpu|rttime|nofile|nproc|rtprio|locks|sigpending|fsize|data|stack|core|rss|as|memlock|msgqueue|nice)\s+\<\=\s+infinity@@EOL@@/ contains=sdComment
+" userns
+syn match sdUserns /\v^\s*@@auditdeny@@userns(\s+create)?@@EOL@@/ contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
" link rules
syn match sdEntryW /\v^\s+@@auditdenyowner@@link\s+(subset\s+)?@@FILENAME@@\s+-\>\s+@@FILENAME@@@@EOL@@/ contains=sdGlob,sdComment
diff --git a/utils/vim/create-apparmor.vim.py b/utils/vim/create-apparmor.vim.py
index b5bec693edec2a9af1f1bccc6be7c31687275415..b514942f0617d339b14687d210a8a771bb089234 100644
--- a/utils/vim/create-apparmor.vim.py
+++ b/utils/vim/create-apparmor.vim.py
@@ -48,7 +48,7 @@ def cmd(command, input=None, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, s
(rc, output, outerr) = cmd(('../../common/list_capabilities.sh',))
if rc != 0:
sys.stderr.write("make list_capabilities failed: " + output + outerr)
- exit(rc)
+ sys.exit(rc)
capabilities = re.sub('CAP_', '', output.strip()).lower().split('\n')
benign_caps = []
@@ -60,7 +60,7 @@ for cap in capabilities:
(rc, output, outerr) = cmd(('../../common/list_af_names.sh',))
if rc != 0:
sys.stderr.write("make list_af_names failed: " + output + outerr)
- exit(rc)
+ sys.exit(rc)
af_names = []
af_pairs = re.sub('AF_', '', output.strip()).lower().split(",")
@@ -77,6 +77,7 @@ for af_pair in af_pairs:
aa_network_types = r'\s+tcp|\s+udp|\s+icmp'
aa_flags = ('complain',
+ 'unconfined',
'audit',
'attach_disconnected',
'no_attach_disconnected',
@@ -173,7 +174,7 @@ sys.stdout.write('" do not edit this file - edit apparmor.vim.in or create-appar
with open("apparmor.vim.in") as template:
for line in template:
line = re.sub(regex, my_repl, line.rstrip())
- sys.stdout.write('%s\n' % line)
+ sys.stdout.write(line + '\n')
sys.stdout.write("\n\n\n\n")
diff --git a/utils/vim/task.yaml b/utils/vim/task.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..dfe75c2d7d8762eaa9ab7ef18e22683b07fbcf0c
--- /dev/null
+++ b/utils/vim/task.yaml
@@ -0,0 +1,3 @@
+summary: Run "make check"
+execute: |
+ make --warn-undefined-variables check