Merge commit staging+systemd into closure-size

Many non-conflict problems weren't (fully) resolved in this commit yet.

2 files changed, 159 insertions, 106 deletions

diff --git a/pkgs/os-specific/linux/apparmor/capability.patch b/pkgs/os-specific/linux/apparmor/capability.patch
deleted file mode 100644
index c8f2b511d95..00000000000
--- a/pkgs/os-specific/linux/apparmor/capability.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: allow parser to build even when not on Linux.
-Author: Kees Cook <kees@debian.org>
-
-Index: apparmor-debian/common/Make.rules
-===================================================================
---- apparmor-debian.orig/common/Make.rules	2012-05-05 14:41:25.967259523 -0700
-+++ apparmor-debian/common/Make.rules	2012-05-05 14:41:28.451291053 -0700
-@@ -160,7 +160,7 @@
- CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort)
- 
- .PHONY: list_capabilities
--list_capabilities: /usr/include/linux/capability.h
-+list_capabilities:
- 	@echo "$(CAPABILITIES)"
- 
- # =====================
diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix
index bfd6b533bb2..64c6f66575b 100644
--- a/pkgs/os-specific/linux/apparmor/default.nix
+++ b/pkgs/os-specific/linux/apparmor/default.nix
@@ -1,98 +1,167 @@
-{ stdenv, fetchurl
-, autoconf, automake, libtool, makeWrapper
-, perl, bison, flex, glibc, gettext, which, rpm, tetex, LocaleGettext
-, bash, pam, TermReadKey, RpcXML, swig, python}:
-stdenv.mkDerivation rec {
-
-  name = "apparmor-${version}";
-  version = "2.8.4";
-
-  src = fetchurl {
-    url = "http://launchpad.net/apparmor/2.8/${version}/+download/${name}.tar.gz";
-    sha256 = "1mki4c44ljmr7dpn55grzn33929kdjx149jx00s80yp1war83jwq";
+{ stdenv, fetchurl, makeWrapper, autoconf, autoreconfHook, automake, libtool, pkgconfig, perl, which
+, glibc, flex, bison, python27Packages, swig, pam
+}:
+
+let
+  apparmor-series = "2.10";
+  apparmor-version = apparmor-series;
+
+  apparmor-meta = component: with stdenv.lib; {
+    homepage = http://apparmor.net/;
+    description = "Linux application security system - ${component}";
+    license = licenses.gpl2;
+    maintainers = with maintainers; [ phreedom thoughtpolice joachifm ];
+    platforms = platforms.linux;
   };
 
-  buildInputs = [
-    autoconf automake libtool perl bison flex gettext which rpm tetex
-    LocaleGettext pam TermReadKey RpcXML swig makeWrapper python ];
-
-  prePatch = ''
-    substituteInPlace libraries/libapparmor/src/Makefile.in --replace "/usr/include" "${glibc.dev}/include"
-    substituteInPlace libraries/libapparmor/src/Makefile.am --replace "/usr/include" "${glibc.dev}/include"
-    substituteInPlace common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man"
-    substituteInPlace common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html"
-    substituteInPlace common/Make.rules --replace "cpp -dM" "cpp -dM -I${glibc.dev}/include"
-
-    substituteInPlace parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison"
-    substituteInPlace parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex"
-    substituteInPlace parser/Makefile --replace "/usr/include/bits/socket.h" "${glibc.dev}/include/bits/socket.h"
-    substituteInPlace parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc.dev}/include/linux/capability.h"
-    #substituteInPlace parser/utils/vim/Makefile --replace "/usr/include/linux/capability.h" "${glibc.dev}/include/linux/capability.h"
-
-    # for some reason pdf documentation doesn't build
-    substituteInPlace parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
-
-    substituteInPlace parser/tst/gen-xtrans.pl --replace "/usr/bin/perl" "${perl}/bin/perl"
-    substituteInPlace parser/tst/Makefile --replace "/usr/bin/prove" "${perl}/bin/prove"
-    substituteInPlace parser/tst/Makefile --replace "./caching.sh" "${bash}/bin/bash ./caching.sh"
-  '';
+  apparmor-sources = fetchurl {
+    url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz";
+    sha256 = "1x06qmmbha9krx7880pxj2k3l8fxy3nm945xjjv735m2ax1243jd";
+  };
 
-  patches = ./capability.patch;
-
-  buildPhase =''
-    PERL5LIB=$PERL5LIB:$out/lib/perl5/site_perl:$out/lib
-
-    cd libraries/libapparmor
-    ./autogen.sh
-    ./configure --prefix=$out --with-perl	# see below
-    make
-    make check
-    make install
-    mkdir -p $out/lib/perl5/site_perl/
-    cp swig/perl/LibAppArmor.pm $out/lib/perl5/site_perl/
-    cp swig/perl/LibAppArmor.bs $out/lib/perl5/site_perl/
-    # this is automatically copied elsewhere....
-
-    cd ../../utils
-    make
-    make install DESTDIR=$out BINDIR=$out/bin VENDOR_PERL=/lib/perl5/site_perl
-
-    cd ../parser
-    make
-    make install DESTDIR=$out DISTRO=unknown
-
-#    cd ../changehat/mod_apparmor
-#    make		# depends on libapparmor having been built first
-#    make install
-
-    cd ../changehat/pam_apparmor
-    make		# depends on libapparmor having been built first
-    make install DESTDIR=$out
-
-    cd ../../profiles
-    LD_LIBRARY_PATH=$out/lib    make
-    #LD_LIBRARY_PATH=$out/lib    make check	# depends on the parser having been built first
-    make install DESTDIR=$out
-
-    cd ..
-    cp -r  kernel-patches $out
+  prePatchCommon = ''
+    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man"
+    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html"
+    substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
+    substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man"
   '';
 
-  installPhase = let
-    perlVersion = (builtins.parseDrvName perl.name).version;
-  in ''
-    for i in $out/bin/*;  do
-      wrapProgram $i --prefix PERL5LIB : \
-        "$PERL5LIB:$out/lib/perl5/${perlVersion}/${stdenv.system}-thread-multi/"
-    done
-  '';
+  libapparmor = stdenv.mkDerivation {
+    name = "libapparmor-${apparmor-version}";
+    src = apparmor-sources;
+
+    buildInputs = [
+      autoconf
+      automake
+      autoreconfHook
+      bison
+      flex
+      glibc
+      libtool
+      perl
+      pkgconfig
+      python27Packages.python
+      swig
+      which
+    ];
+
+    # required to build apparmor-parser
+    dontDisableStatic = true;
+
+    prePatch = prePatchCommon + ''
+      substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"
+      substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"
+      '';
+
+    postPatch = "cd ./libraries/libapparmor";
+    configureFlags = "--with-python --with-perl";
+
+    meta = apparmor-meta "library";
+  };
 
-  meta = with stdenv.lib; {
-    homepage = http://apparmor.net/;
-    description = "Linux application security system";
-    license = licenses.gpl2;
-    maintainers = [ maintainers.phreedom maintainers.thoughtpolice ];
-    platforms = platforms.linux;
+  apparmor-utils = stdenv.mkDerivation {
+    name = "apparmor-utils-${apparmor-version}";
+    src = apparmor-sources;
+
+    buildInputs = [
+      perl
+      python27Packages.python
+      python27Packages.readline
+      libapparmor
+      makeWrapper
+      which
+    ];
+
+    prePatch = prePatchCommon;
+    postPatch = "cd ./utils";
+    makeFlags = ''LANGS='';
+    installFlags = ''DESTDIR=$(out) BINDIR=$(out)/bin VIM_INSTALL_PATH=$(out)/share PYPREFIX='';
+
+    postInstall = ''
+      for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-status aa-unconfined ; do
+        wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python27Packages.python.libPrefix}/site-packages:$PYTHONPATH"
+      done
+
+      for prog in aa-exec aa-notify ; do
+        wrapProgram $out/bin/$prog --prefix PERL5LIB : "${libapparmor}/lib/perl5:$PERL5LIB"
+      done
+    '';
+
+    meta = apparmor-meta "user-land utilities";
   };
-}
 
+  apparmor-parser = stdenv.mkDerivation {
+    name = "apparmor-parser-${apparmor-version}";
+    src = apparmor-sources;
+
+    buildInputs = [
+      libapparmor
+      bison
+      flex
+      which
+    ];
+
+    prePatch = prePatchCommon + ''
+      substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison"
+      substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex"
+      substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
+      ## techdoc.pdf still doesn't build ...
+      substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
+    '';
+    postPatch = "cd ./parser";
+    makeFlags = ''LANGS= USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include'';
+    installFlags = ''DESTDIR=$(out) DISTRO=unknown'';
+
+    meta = apparmor-meta "rule parser";
+  };
+
+  apparmor-pam = stdenv.mkDerivation {
+    name = "apparmor-pam-${apparmor-version}";
+    src = apparmor-sources;
+
+    buildInputs = [
+      libapparmor
+      pam
+      pkgconfig
+      which
+    ];
+
+    postPatch = "cd ./changehat/pam_apparmor";
+    makeFlags = ''USE_SYSTEM=1'';
+    installFlags = ''DESTDIR=$(out)'';
+
+    meta = apparmor-meta "PAM service";
+  };
+
+  apparmor-profiles = stdenv.mkDerivation {
+    name = "apparmor-profiles-${apparmor-version}";
+    src = apparmor-sources;
+
+    buildInputs = [ which ];
+
+    postPatch = "cd ./profiles";
+    installFlags = ''DESTDIR=$(out) EXTRAS_DEST=$(out)/share/apparmor/extra-profiles'';
+
+    meta = apparmor-meta "profiles";
+  };
+
+  apparmor-kernel-patches = stdenv.mkDerivation {
+    name = "apparmor-kernel-patches-${apparmor-version}";
+    src = apparmor-sources;
+
+    phases = ''unpackPhase installPhase'';
+
+    installPhase = ''
+      mkdir "$out"
+      cp -R ./kernel-patches "$out"
+    '';
+
+    meta = apparmor-meta "kernel patches";
+  };
+
+in
+
+{
+  inherit libapparmor apparmor-utils apparmor-parser apparmor-pam
+  apparmor-profiles apparmor-kernel-patches;
+}