From 53d405c37f5120d5c23147d025a1dca73ba045db Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Tue, 2 Jan 2024 14:10:37 +0100
Subject: [PATCH 1/2] pkg/aaparser: remove deprecated GetVersion utility

Commit e3e715666f95c056390a88e0f3d1033a1aac2762 (included in v24.0.0 through
bfffb0974e92928764845df935d092e6bdcb542d) deprecated GetVersion, as it was no
longer used.

This patch removes the deprecated utility, and inlines the remaining code into
the LoadProfile function.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 pkg/aaparser/aaparser.go      | 82 ++----------------------------
 pkg/aaparser/aaparser_test.go | 95 -----------------------------------
 2 files changed, 4 insertions(+), 173 deletions(-)
 delete mode 100644 pkg/aaparser/aaparser_test.go

diff --git a/pkg/aaparser/aaparser.go b/pkg/aaparser/aaparser.go
index 3d7c2c5a97b3c..75384adbda944 100644
--- a/pkg/aaparser/aaparser.go
+++ b/pkg/aaparser/aaparser.go
@@ -4,93 +4,19 @@ package aaparser // import "github.com/docker/docker/pkg/aaparser"
 import (
 	"fmt"
 	"os/exec"
-	"strconv"
 	"strings"
 )
 
-const (
-	binary = "apparmor_parser"
-)
-
-// GetVersion returns the major and minor version of apparmor_parser.
-//
-// Deprecated: no longer used, and will be removed in the next release.
-func GetVersion() (int, error) {
-	output, err := cmd("", "--version")
-	if err != nil {
-		return -1, err
-	}
-
-	return parseVersion(output)
-}
-
 // LoadProfile runs `apparmor_parser -Kr` on a specified apparmor profile to
 // replace the profile. The `-K` is necessary to make sure that apparmor_parser
 // doesn't try to write to a read-only filesystem.
 func LoadProfile(profilePath string) error {
-	_, err := cmd("", "-Kr", profilePath)
-	return err
-}
-
-// cmd runs `apparmor_parser` with the passed arguments.
-func cmd(dir string, arg ...string) (string, error) {
-	c := exec.Command(binary, arg...)
-	c.Dir = dir
+	c := exec.Command("apparmor_parser", "-Kr", profilePath)
+	c.Dir = ""
 
 	output, err := c.CombinedOutput()
 	if err != nil {
-		return "", fmt.Errorf("running `%s %s` failed with output: %s\nerror: %v", c.Path, strings.Join(c.Args, " "), output, err)
-	}
-
-	return string(output), nil
-}
-
-// parseVersion takes the output from `apparmor_parser --version` and returns
-// a representation of the {major, minor, patch} version as a single number of
-// the form MMmmPPP {major, minor, patch}.
-func parseVersion(output string) (int, error) {
-	// output is in the form of the following:
-	// AppArmor parser version 2.9.1
-	// Copyright (C) 1999-2008 Novell Inc.
-	// Copyright 2009-2012 Canonical Ltd.
-
-	lines := strings.SplitN(output, "\n", 2)
-	words := strings.Split(lines[0], " ")
-	version := words[len(words)-1]
-
-	// trim "-beta1" suffix from version="3.0.0-beta1" if exists
-	version = strings.SplitN(version, "-", 2)[0]
-	// also trim "~..." suffix used historically (https://gitlab.com/apparmor/apparmor/-/commit/bca67d3d27d219d11ce8c9cc70612bd637f88c10)
-	version = strings.SplitN(version, "~", 2)[0]
-
-	// split by major minor version
-	v := strings.Split(version, ".")
-	if len(v) == 0 || len(v) > 3 {
-		return -1, fmt.Errorf("parsing version failed for output: `%s`", output)
-	}
-
-	// Default the versions to 0.
-	var majorVersion, minorVersion, patchLevel int
-
-	majorVersion, err := strconv.Atoi(v[0])
-	if err != nil {
-		return -1, err
-	}
-
-	if len(v) > 1 {
-		minorVersion, err = strconv.Atoi(v[1])
-		if err != nil {
-			return -1, err
-		}
-	}
-	if len(v) > 2 {
-		patchLevel, err = strconv.Atoi(v[2])
-		if err != nil {
-			return -1, err
-		}
+		return fmt.Errorf("running `%s %s` failed with output: %s\nerror: %v", c.Path, strings.Join(c.Args, " "), output, err)
 	}
-
-	// major*10^5 + minor*10^3 + patch*10^0
-	numericVersion := majorVersion*1e5 + minorVersion*1e3 + patchLevel
-	return numericVersion, nil
+	return nil
 }
diff --git a/pkg/aaparser/aaparser_test.go b/pkg/aaparser/aaparser_test.go
deleted file mode 100644
index cf9280f5f56e1..0000000000000
--- a/pkg/aaparser/aaparser_test.go
+++ /dev/null
@@ -1,95 +0,0 @@
-package aaparser // import "github.com/docker/docker/pkg/aaparser"
-
-import (
-	"testing"
-)
-
-type versionExpected struct {
-	output  string
-	version int
-}
-
-func TestParseVersion(t *testing.T) {
-	versions := []versionExpected{
-		{
-			output: `AppArmor parser version 2.10
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2012 Canonical Ltd.
-
-`,
-			version: 210000,
-		},
-		{
-			output: `AppArmor parser version 2.8
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2012 Canonical Ltd.
-
-`,
-			version: 208000,
-		},
-		{
-			output: `AppArmor parser version 2.20
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2012 Canonical Ltd.
-
-`,
-			version: 220000,
-		},
-		{
-			output: `AppArmor parser version 2.05
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2012 Canonical Ltd.
-
-`,
-			version: 205000,
-		},
-		{
-			output: `AppArmor parser version 2.2.0~rc2
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2012 Canonical Ltd.
-
-`,
-			version: 202000,
-		},
-		{
-			output: `AppArmor parser version 2.9.95
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2012 Canonical Ltd.
-
-`,
-			version: 209095,
-		},
-		{
-			output: `AppArmor parser version 3.14.159
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2012 Canonical Ltd.
-
-`,
-			version: 314159,
-		},
-		{
-			output: `AppArmor parser version 3.0.0-beta1
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2018 Canonical Ltd.
-`,
-			version: 300000,
-		},
-		{
-			output: `AppArmor parser version 3.0.0-beta1-foo-bar
-Copyright (C) 1999-2008 Novell Inc.
-Copyright 2009-2018 Canonical Ltd.
-`,
-			version: 300000,
-		},
-	}
-
-	for _, v := range versions {
-		version, err := parseVersion(v.output)
-		if err != nil {
-			t.Fatalf("expected error to be nil for %#v, got: %v", v, err)
-		}
-		if version != v.version {
-			t.Fatalf("expected version to be %d, was %d, for: %#v\n", v.version, version, v)
-		}
-	}
-}

From 6fae583dba40d015e43b97bc6d8d9e480e627f7c Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Tue, 2 Jan 2024 13:56:16 +0100
Subject: [PATCH 2/2] pkg/aaparser: remove, and integrate into
 profiles/apparmor

This package provided utilities to obtain the apparmor_parser version, as well
as loading a profile.

Commit e3e715666f95c056390a88e0f3d1033a1aac2762 (included in v24.0.0 through
bfffb0974e92928764845df935d092e6bdcb542d) deprecated GetVersion, as it was no
longer used, which made LoadProfile the only utility remaining in this package.

LoadProfile appears to have no external consumers, and the only use in our code
is "profiles/apparmor".

This patch moves the remaining code (LoadProfile) to profiles/apparmor as a
non-exported function, and deletes the package.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 pkg/aaparser/aaparser.go      | 22 ----------------------
 profiles/apparmor/apparmor.go | 21 ++++++++++++++++++---
 2 files changed, 18 insertions(+), 25 deletions(-)
 delete mode 100644 pkg/aaparser/aaparser.go

diff --git a/pkg/aaparser/aaparser.go b/pkg/aaparser/aaparser.go
deleted file mode 100644
index 75384adbda944..0000000000000
--- a/pkg/aaparser/aaparser.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// Package aaparser is a convenience package interacting with `apparmor_parser`.
-package aaparser // import "github.com/docker/docker/pkg/aaparser"
-
-import (
-	"fmt"
-	"os/exec"
-	"strings"
-)
-
-// LoadProfile runs `apparmor_parser -Kr` on a specified apparmor profile to
-// replace the profile. The `-K` is necessary to make sure that apparmor_parser
-// doesn't try to write to a read-only filesystem.
-func LoadProfile(profilePath string) error {
-	c := exec.Command("apparmor_parser", "-Kr", profilePath)
-	c.Dir = ""
-
-	output, err := c.CombinedOutput()
-	if err != nil {
-		return fmt.Errorf("running `%s %s` failed with output: %s\nerror: %v", c.Path, strings.Join(c.Args, " "), output, err)
-	}
-	return nil
-}
diff --git a/profiles/apparmor/apparmor.go b/profiles/apparmor/apparmor.go
index f7ecb46a8f246..1edfc5300235c 100644
--- a/profiles/apparmor/apparmor.go
+++ b/profiles/apparmor/apparmor.go
@@ -4,13 +4,13 @@ package apparmor // import "github.com/docker/docker/profiles/apparmor"
 
 import (
 	"bufio"
+	"fmt"
 	"io"
 	"os"
+	"os/exec"
 	"path"
 	"strings"
 	"text/template"
-
-	"github.com/docker/docker/pkg/aaparser"
 )
 
 // profileDirectory is the file store for apparmor profiles and macros.
@@ -94,7 +94,7 @@ func InstallDefault(name string) error {
 		return err
 	}
 
-	return aaparser.LoadProfile(profilePath)
+	return loadProfile(profilePath)
 }
 
 // IsLoaded checks if a profile with the given name has been loaded into the
@@ -122,3 +122,18 @@ func IsLoaded(name string) (bool, error) {
 
 	return false, nil
 }
+
+// loadProfile runs `apparmor_parser -Kr` on a specified apparmor profile to
+// replace the profile. The `-K` is necessary to make sure that apparmor_parser
+// doesn't try to write to a read-only filesystem.
+func loadProfile(profilePath string) error {
+	c := exec.Command("apparmor_parser", "-Kr", profilePath)
+	c.Dir = ""
+
+	output, err := c.CombinedOutput()
+	if err != nil {
+		return fmt.Errorf("running `%s %s` failed with output: %s\nerror: %v", c.Path, strings.Join(c.Args, " "), output, err)
+	}
+
+	return nil
+}