mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-28 18:03:04 +00:00
Merge #8897: AppArmor updates
This commit is contained in:
commit
f2d03ee0d0
@ -1,183 +0,0 @@
|
||||
{ stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, perl, which
|
||||
, glibc, flex, bison, python27, swig, dbus, pam
|
||||
}:
|
||||
|
||||
let
|
||||
apparmor-series = "2.9";
|
||||
apparmor-patchver = "2";
|
||||
apparmor-version = "${apparmor-series}.${apparmor-patchver}";
|
||||
|
||||
apparmor-meta = component: with stdenv.lib; {
|
||||
homepage = http://apparmor.net/;
|
||||
description = "Linux application security system - ${component}";
|
||||
license = licenses.gpl2;
|
||||
maintainers = with maintainers; [ phreedom thoughtpolice joachifm ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
|
||||
apparmor-sources = fetchurl {
|
||||
url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz";
|
||||
sha256 = "1mayly7d7w959fya7z8q6kab2x3jcwhqhkpx36jsvpjhxkhmc4fh";
|
||||
};
|
||||
|
||||
prePatchCommon = ''
|
||||
substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man"
|
||||
substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html"
|
||||
substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
|
||||
substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man"
|
||||
'';
|
||||
|
||||
libapparmor = stdenv.mkDerivation {
|
||||
name = "libapparmor-${apparmor-version}";
|
||||
src = apparmor-sources;
|
||||
|
||||
buildInputs = [
|
||||
autoconf
|
||||
automake
|
||||
bison
|
||||
flex
|
||||
dbus # requires patch to dbus ...
|
||||
glibc
|
||||
libtool
|
||||
perl
|
||||
pkgconfig
|
||||
python27
|
||||
swig
|
||||
which
|
||||
];
|
||||
|
||||
prePatch = prePatchCommon + ''
|
||||
substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"
|
||||
substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"
|
||||
'';
|
||||
|
||||
buildPhase = ''
|
||||
cd ./libraries/libapparmor
|
||||
./autogen.sh
|
||||
./configure --prefix="$out" --with-python --with-perl
|
||||
make
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
make install
|
||||
'';
|
||||
|
||||
meta = apparmor-meta "library";
|
||||
};
|
||||
|
||||
apparmor-utils = stdenv.mkDerivation {
|
||||
name = "apparmor-utils-${apparmor-version}";
|
||||
src = apparmor-sources;
|
||||
|
||||
buildInputs = [
|
||||
python27
|
||||
libapparmor
|
||||
which
|
||||
];
|
||||
|
||||
prePatch = prePatchCommon;
|
||||
|
||||
buildPhase = ''
|
||||
cd ./utils
|
||||
make LANGS=""
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
make install LANGS="" DESTDIR="$out" BINDIR="$out/bin" VIM_INSTALL_PATH="$out/share" PYPREFIX=""
|
||||
'';
|
||||
|
||||
meta = apparmor-meta "user-land utilities";
|
||||
};
|
||||
|
||||
apparmor-parser = stdenv.mkDerivation {
|
||||
name = "apparmor-parser-${apparmor-version}";
|
||||
src = apparmor-sources;
|
||||
|
||||
buildInputs = [
|
||||
libapparmor
|
||||
bison
|
||||
flex
|
||||
which
|
||||
];
|
||||
|
||||
prePatch = prePatchCommon + ''
|
||||
substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison"
|
||||
substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex"
|
||||
substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
|
||||
## techdoc.pdf still doesn't build ...
|
||||
substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
|
||||
'';
|
||||
|
||||
buildPhase = ''
|
||||
cd ./parser
|
||||
make LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
make install LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include DESTDIR="$out" DISTRO="unknown"
|
||||
'';
|
||||
|
||||
meta = apparmor-meta "rule parser";
|
||||
};
|
||||
|
||||
apparmor-pam = stdenv.mkDerivation {
|
||||
name = "apparmor-pam-${apparmor-version}";
|
||||
src = apparmor-sources;
|
||||
|
||||
buildInputs = [
|
||||
libapparmor
|
||||
pam
|
||||
pkgconfig
|
||||
which
|
||||
];
|
||||
|
||||
buildPhase = ''
|
||||
cd ./changehat/pam_apparmor
|
||||
make USE_SYSTEM=1
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
make install DESTDIR="$out"
|
||||
'';
|
||||
|
||||
meta = apparmor-meta "PAM service";
|
||||
};
|
||||
|
||||
apparmor-profiles = stdenv.mkDerivation {
|
||||
name = "apparmor-profiles-${apparmor-version}";
|
||||
src = apparmor-sources;
|
||||
|
||||
buildInputs = [ which ];
|
||||
|
||||
buildPhase = ''
|
||||
cd ./profiles
|
||||
make
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
make install DESTDIR="$out" EXTRAS_DEST="$out/share/apparmor/extra-profiles"
|
||||
'';
|
||||
|
||||
meta = apparmor-meta "profiles";
|
||||
};
|
||||
|
||||
apparmor-kernel-patches = stdenv.mkDerivation {
|
||||
name = "apparmor-kernel-patches-${apparmor-version}";
|
||||
src = apparmor-sources;
|
||||
|
||||
phases = ''unpackPhase installPhase'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir "$out"
|
||||
cp -R ./kernel-patches "$out"
|
||||
'';
|
||||
|
||||
meta = apparmor-meta "kernel patches";
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
inherit libapparmor apparmor-utils apparmor-parser apparmor-pam
|
||||
apparmor-profiles apparmor-kernel-patches;
|
||||
}
|
@ -1,16 +0,0 @@
|
||||
Description: allow parser to build even when not on Linux.
|
||||
Author: Kees Cook <kees@debian.org>
|
||||
|
||||
Index: apparmor-debian/common/Make.rules
|
||||
===================================================================
|
||||
--- apparmor-debian.orig/common/Make.rules 2012-05-05 14:41:25.967259523 -0700
|
||||
+++ apparmor-debian/common/Make.rules 2012-05-05 14:41:28.451291053 -0700
|
||||
@@ -160,7 +160,7 @@
|
||||
CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort)
|
||||
|
||||
.PHONY: list_capabilities
|
||||
-list_capabilities: /usr/include/linux/capability.h
|
||||
+list_capabilities:
|
||||
@echo "$(CAPABILITIES)"
|
||||
|
||||
# =====================
|
@ -1,98 +1,167 @@
|
||||
{ stdenv, fetchurl
|
||||
, autoconf, automake, libtool, makeWrapper
|
||||
, perl, bison, flex, glibc, gettext, which, rpm, LocaleGettext
|
||||
, bash, pam, TermReadKey, RpcXML, swig, python}:
|
||||
stdenv.mkDerivation rec {
|
||||
{ stdenv, fetchurl, makeWrapper, autoconf, autoreconfHook, automake, libtool, pkgconfig, perl, which
|
||||
, glibc, flex, bison, python27Packages, swig, pam
|
||||
}:
|
||||
|
||||
name = "apparmor-${version}";
|
||||
version = "2.8.4";
|
||||
let
|
||||
apparmor-series = "2.10";
|
||||
apparmor-version = apparmor-series;
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://launchpad.net/apparmor/2.8/${version}/+download/${name}.tar.gz";
|
||||
sha256 = "1mki4c44ljmr7dpn55grzn33929kdjx149jx00s80yp1war83jwq";
|
||||
};
|
||||
|
||||
buildInputs = [
|
||||
autoconf automake libtool perl bison flex gettext which rpm
|
||||
LocaleGettext pam TermReadKey RpcXML swig makeWrapper python ];
|
||||
|
||||
prePatch = ''
|
||||
substituteInPlace libraries/libapparmor/src/Makefile.in --replace "/usr/include" "${glibc}/include"
|
||||
substituteInPlace libraries/libapparmor/src/Makefile.am --replace "/usr/include" "${glibc}/include"
|
||||
substituteInPlace common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man"
|
||||
substituteInPlace common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html"
|
||||
substituteInPlace common/Make.rules --replace "cpp -dM" "cpp -dM -I${glibc}/include"
|
||||
|
||||
substituteInPlace parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison"
|
||||
substituteInPlace parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex"
|
||||
substituteInPlace parser/Makefile --replace "/usr/include/bits/socket.h" "${glibc}/include/bits/socket.h"
|
||||
substituteInPlace parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
|
||||
#substituteInPlace parser/utils/vim/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
|
||||
|
||||
# for some reason pdf documentation doesn't build
|
||||
substituteInPlace parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
|
||||
|
||||
substituteInPlace parser/tst/gen-xtrans.pl --replace "/usr/bin/perl" "${perl}/bin/perl"
|
||||
substituteInPlace parser/tst/Makefile --replace "/usr/bin/prove" "${perl}/bin/prove"
|
||||
substituteInPlace parser/tst/Makefile --replace "./caching.sh" "${bash}/bin/bash ./caching.sh"
|
||||
'';
|
||||
|
||||
patches = ./capability.patch;
|
||||
|
||||
buildPhase =''
|
||||
PERL5LIB=$PERL5LIB:$out/lib/perl5/site_perl:$out/lib
|
||||
|
||||
cd libraries/libapparmor
|
||||
./autogen.sh
|
||||
./configure --prefix=$out --with-perl # see below
|
||||
make
|
||||
make check
|
||||
make install
|
||||
mkdir -p $out/lib/perl5/site_perl/
|
||||
cp swig/perl/LibAppArmor.pm $out/lib/perl5/site_perl/
|
||||
cp swig/perl/LibAppArmor.bs $out/lib/perl5/site_perl/
|
||||
# this is automatically copied elsewhere....
|
||||
|
||||
cd ../../utils
|
||||
make
|
||||
make install DESTDIR=$out BINDIR=$out/bin VENDOR_PERL=/lib/perl5/site_perl
|
||||
|
||||
cd ../parser
|
||||
make
|
||||
make install DESTDIR=$out DISTRO=unknown
|
||||
|
||||
# cd ../changehat/mod_apparmor
|
||||
# make # depends on libapparmor having been built first
|
||||
# make install
|
||||
|
||||
cd ../changehat/pam_apparmor
|
||||
make # depends on libapparmor having been built first
|
||||
make install DESTDIR=$out
|
||||
|
||||
cd ../../profiles
|
||||
LD_LIBRARY_PATH=$out/lib make
|
||||
#LD_LIBRARY_PATH=$out/lib make check # depends on the parser having been built first
|
||||
make install DESTDIR=$out
|
||||
|
||||
cd ..
|
||||
cp -r kernel-patches $out
|
||||
'';
|
||||
|
||||
installPhase = let
|
||||
perlVersion = (builtins.parseDrvName perl.name).version;
|
||||
in ''
|
||||
for i in $out/bin/*; do
|
||||
wrapProgram $i --prefix PERL5LIB : \
|
||||
"$PERL5LIB:$out/lib/perl5/${perlVersion}/${stdenv.system}-thread-multi/"
|
||||
done
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
apparmor-meta = component: with stdenv.lib; {
|
||||
homepage = http://apparmor.net/;
|
||||
description = "Linux application security system";
|
||||
description = "Linux application security system - ${component}";
|
||||
license = licenses.gpl2;
|
||||
maintainers = [ maintainers.phreedom maintainers.thoughtpolice ];
|
||||
maintainers = with maintainers; [ phreedom thoughtpolice joachifm ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
||||
|
||||
apparmor-sources = fetchurl {
|
||||
url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz";
|
||||
sha256 = "1x06qmmbha9krx7880pxj2k3l8fxy3nm945xjjv735m2ax1243jd";
|
||||
};
|
||||
|
||||
prePatchCommon = ''
|
||||
substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man"
|
||||
substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html"
|
||||
substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
|
||||
substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man"
|
||||
'';
|
||||
|
||||
libapparmor = stdenv.mkDerivation {
|
||||
name = "libapparmor-${apparmor-version}";
|
||||
src = apparmor-sources;
|
||||
|
||||
buildInputs = [
|
||||
autoconf
|
||||
automake
|
||||
autoreconfHook
|
||||
bison
|
||||
flex
|
||||
glibc
|
||||
libtool
|
||||
perl
|
||||
pkgconfig
|
||||
python27Packages.python
|
||||
swig
|
||||
which
|
||||
];
|
||||
|
||||
# required to build apparmor-parser
|
||||
dontDisableStatic = true;
|
||||
|
||||
prePatch = prePatchCommon + ''
|
||||
substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"
|
||||
substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"
|
||||
'';
|
||||
|
||||
postPatch = "cd ./libraries/libapparmor";
|
||||
configureFlags = "--with-python --with-perl";
|
||||
|
||||
meta = apparmor-meta "library";
|
||||
};
|
||||
|
||||
apparmor-utils = stdenv.mkDerivation {
|
||||
name = "apparmor-utils-${apparmor-version}";
|
||||
src = apparmor-sources;
|
||||
|
||||
buildInputs = [
|
||||
perl
|
||||
python27Packages.python
|
||||
python27Packages.readline
|
||||
libapparmor
|
||||
makeWrapper
|
||||
which
|
||||
];
|
||||
|
||||
prePatch = prePatchCommon;
|
||||
postPatch = "cd ./utils";
|
||||
makeFlags = ''LANGS='';
|
||||
installFlags = ''DESTDIR=$(out) BINDIR=$(out)/bin VIM_INSTALL_PATH=$(out)/share PYPREFIX='';
|
||||
|
||||
postInstall = ''
|
||||
for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-status aa-unconfined ; do
|
||||
wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python27Packages.python.libPrefix}/site-packages:$PYTHONPATH"
|
||||
done
|
||||
|
||||
for prog in aa-exec aa-notify ; do
|
||||
wrapProgram $out/bin/$prog --prefix PERL5LIB : "${libapparmor}/lib/perl5:$PERL5LIB"
|
||||
done
|
||||
'';
|
||||
|
||||
meta = apparmor-meta "user-land utilities";
|
||||
};
|
||||
|
||||
apparmor-parser = stdenv.mkDerivation {
|
||||
name = "apparmor-parser-${apparmor-version}";
|
||||
src = apparmor-sources;
|
||||
|
||||
buildInputs = [
|
||||
libapparmor
|
||||
bison
|
||||
flex
|
||||
which
|
||||
];
|
||||
|
||||
prePatch = prePatchCommon + ''
|
||||
substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison"
|
||||
substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex"
|
||||
substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
|
||||
## techdoc.pdf still doesn't build ...
|
||||
substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
|
||||
'';
|
||||
postPatch = "cd ./parser";
|
||||
makeFlags = ''LANGS= USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include'';
|
||||
installFlags = ''DESTDIR=$(out) DISTRO=unknown'';
|
||||
|
||||
meta = apparmor-meta "rule parser";
|
||||
};
|
||||
|
||||
apparmor-pam = stdenv.mkDerivation {
|
||||
name = "apparmor-pam-${apparmor-version}";
|
||||
src = apparmor-sources;
|
||||
|
||||
buildInputs = [
|
||||
libapparmor
|
||||
pam
|
||||
pkgconfig
|
||||
which
|
||||
];
|
||||
|
||||
postPatch = "cd ./changehat/pam_apparmor";
|
||||
makeFlags = ''USE_SYSTEM=1'';
|
||||
installFlags = ''DESTDIR=$(out)'';
|
||||
|
||||
meta = apparmor-meta "PAM service";
|
||||
};
|
||||
|
||||
apparmor-profiles = stdenv.mkDerivation {
|
||||
name = "apparmor-profiles-${apparmor-version}";
|
||||
src = apparmor-sources;
|
||||
|
||||
buildInputs = [ which ];
|
||||
|
||||
postPatch = "cd ./profiles";
|
||||
installFlags = ''DESTDIR=$(out) EXTRAS_DEST=$(out)/share/apparmor/extra-profiles'';
|
||||
|
||||
meta = apparmor-meta "profiles";
|
||||
};
|
||||
|
||||
apparmor-kernel-patches = stdenv.mkDerivation {
|
||||
name = "apparmor-kernel-patches-${apparmor-version}";
|
||||
src = apparmor-sources;
|
||||
|
||||
phases = ''unpackPhase installPhase'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir "$out"
|
||||
cp -R ./kernel-patches "$out"
|
||||
'';
|
||||
|
||||
meta = apparmor-meta "kernel patches";
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
inherit libapparmor apparmor-utils apparmor-parser apparmor-pam
|
||||
apparmor-profiles apparmor-kernel-patches;
|
||||
}
|
||||
|
@ -9291,18 +9291,12 @@ let
|
||||
|
||||
microcodeIntel = callPackage ../os-specific/linux/microcode/intel.nix { };
|
||||
|
||||
apparmor = callPackage ../os-specific/linux/apparmor {
|
||||
inherit (perlPackages) LocaleGettext TermReadKey RpcXML;
|
||||
bison = bison2;
|
||||
perl = perl516; # ${perl}/.../CORE/handy.h:124:34: error: 'bool' undeclared
|
||||
};
|
||||
|
||||
apparmor_2_9 = callPackage ../os-specific/linux/apparmor/2.9 { };
|
||||
libapparmor = apparmor_2_9.libapparmor;
|
||||
apparmor-pam = apparmor_2_9.apparmor-pam;
|
||||
apparmor-parser = apparmor_2_9.apparmor-parser;
|
||||
apparmor-profiles = apparmor_2_9.apparmor-profiles;
|
||||
apparmor-utils = apparmor_2_9.apparmor-utils;
|
||||
apparmor = callPackage ../os-specific/linux/apparmor { swig = swig2; };
|
||||
libapparmor = apparmor.libapparmor;
|
||||
apparmor-pam = apparmor.apparmor-pam;
|
||||
apparmor-parser = apparmor.apparmor-parser;
|
||||
apparmor-profiles = apparmor.apparmor-profiles;
|
||||
apparmor-utils = apparmor.apparmor-utils;
|
||||
|
||||
atop = callPackage ../os-specific/linux/atop { };
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user