This patch adds a new make target, check_severity_db, to the utils/Makefile. It greps the severity.db for the presence of each capability, as computed by the newly abstracted out variable in common/Make.rules, and issues a build time error if it finds any missing.
It also silences the check targets, so that only the output from them will be emitted. --- utils/Makefile | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) Index: b/utils/Makefile =================================================================== --- a/utils/Makefile +++ b/utils/Makefile @@ -68,7 +68,22 @@ clean: _clean rm -f Make.rules $(MAKE) -C po clean -check: +# ${CAPABILITIES} is defined in common/Make.rules +.PHONY: check_severity_db +.SILENT: check_severity_db +check_severity_db: /usr/include/sys/capability.h severity.db + # The sed statement is based on the one in the parser's makefile + RC=0 ; for cap in ${CAPABILITIES} ; do \ + if ! grep -q -w $${cap} severity.db ; then \ + echo "Warning! capability $${cap} not found in severity.db" ; \ + RC=1 ; \ + fi ;\ + done ; \ + test "$$RC" -eq 0 + +.PHONY: check +.SILENT: check +check: check_severity_db for i in ${MODULES} ${PERLTOOLS} ; do \ perl -c $$i || exit 1; \ done -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor