From 02ce1210290298c456bfa1796cde3c25e0230ff6 Mon Sep 17 00:00:00 2001
From: tobtoht <tob@featherwallet.org>
Date: Fri, 9 Aug 2024 13:10:26 +0200
Subject: [PATCH] ci: fix apparmor for 24.04

---
 .github/workflows/guix     | 11 +++++++++++
 .github/workflows/guix.yml |  2 ++
 2 files changed, 13 insertions(+)
 create mode 100644 .github/workflows/guix

diff --git a/.github/workflows/guix b/.github/workflows/guix
new file mode 100644
index 00000000..1d077103
--- /dev/null
+++ b/.github/workflows/guix
@@ -0,0 +1,11 @@
+abi <abi/4.0>,
+include <tunables/global>
+
+# https://bugs.launchpad.net/ubuntu/+source/guix/+bug/2064115
+
+profile guix /usr/bin/guix flags=(unconfined) {
+  userns,
+
+  # Site-specific additions and overrides. See local/README for details.
+  include if exists <local/guix>
+}
diff --git a/.github/workflows/guix.yml b/.github/workflows/guix.yml
index d7c102b0..c43ed370 100644
--- a/.github/workflows/guix.yml
+++ b/.github/workflows/guix.yml
@@ -53,6 +53,8 @@ jobs:
           key: sources-${{ hashFiles('contrib/depends/packages/*') }}
       - name: install dependencies
         run: sudo apt update; sudo apt -y install guix git ca-certificates
+      - name: fix apparmor
+        run: sudo cp .github/workflows/guix /etc/apparmor.d/guix; sudo /etc/init.d/apparmor reload; sudo aa-enforce guix
       - name: build
         run: SUBSTITUTE_URLS='http://bordeaux.guix.gnu.org http://ci.guix.gnu.org' HOSTS="${{ matrix.toolchain.target }}" ./contrib/guix/guix-build
       - uses: actions/upload-artifact@v4
-- 
2.52.0