pmbootstrap kconfig check: add apparmor check (MR 2133)

SECURITY_APPARMOR_BOOTPARAM_VALUE was required to enable it by default until 5.1 where the option was removed. Related: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0102fb83f90050b86ce37aec810ea17bb4448e0c Related: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/security/Kconfig?id=fe91c4725aeed35023ba4f7a1e1adfebb6878c23#n285
2020-08-18 10:49:10 +02:00 · 2020-08-18 10:49:10 +02:00 · 93e7a1d876
commit 93e7a1d876
parent dcedc4bc1f
4 changed files with 30 additions and 0 deletions
--- a/pmb/parse/kconfig.py
+++ b/pmb/parse/kconfig.py
@ -86,6 +86,7 @@ def check_option(component, details, config, config_path_pretty, option,

 def check_config(config_path, config_path_pretty, config_arch, pkgver,
                 anbox=False,
+                 apparmor=False,
                 nftables=False,
                 containers=False,
                 zram=False,
@ -97,6 +98,8 @@ def check_config(config_path, config_path_pretty, config_arch, pkgver,
    components = {"postmarketOS": pmb.config.necessary_kconfig_options}
    if anbox:
        components["anbox"] = pmb.config.necessary_kconfig_options_anbox
+    if apparmor:
+        components["apparmor"] = pmb.config.necessary_kconfig_options_apparmor
    if nftables:
        components["nftables"] = pmb.config.necessary_kconfig_options_nftables
    if containers:
@ -148,6 +151,7 @@ def check_config_options_set(config, config_path_pretty, config_arch, options,

 def check(args, pkgname,
          force_anbox_check=False,
+          force_apparmor_check=False,
          force_nftables_check=False,
          force_containers_check=False,
          force_zram_check=False,
@ -172,6 +176,8 @@ def check(args, pkgname,
    pkgver = apkbuild["pkgver"]
    check_anbox = force_anbox_check or (
        "pmb:kconfigcheck-anbox" in apkbuild["options"])
+    check_apparmor = force_apparmor_check or (
+        "pmb:kconfigcheck-apparmor" in apkbuild["options"])
    check_nftables = force_nftables_check or (
        "pmb:kconfigcheck-nftables" in apkbuild["options"])
    check_containers = force_containers_check or (
@ -186,6 +192,7 @@ def check(args, pkgname,
        ret &= check_config(config_path, config_path_pretty, config_arch,
                            pkgver,
                            anbox=check_anbox,
+                            apparmor=check_apparmor,
                            nftables=check_nftables,
                            containers=check_containers,
                            zram=check_zram,