diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2015-09-17 21:21:44 +0200 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2015-09-17 21:21:44 +0200 |
commit | f2d03ee0d034bb9eb9a6a9416925efde12d772a2 (patch) | |
tree | d81efc1cd411d0e53d040055a1e59c34ffe7802c /pkgs/os-specific | |
parent | 38d83144aaf5a784a7e9ecd85c852e362e549f2a (diff) | |
parent | fdb4633e4bcaf99fafe42a86455e7f9bff771cbd (diff) | |
download | nixpkgs-f2d03ee0d034bb9eb9a6a9416925efde12d772a2.tar nixpkgs-f2d03ee0d034bb9eb9a6a9416925efde12d772a2.tar.gz nixpkgs-f2d03ee0d034bb9eb9a6a9416925efde12d772a2.tar.bz2 nixpkgs-f2d03ee0d034bb9eb9a6a9416925efde12d772a2.tar.lz nixpkgs-f2d03ee0d034bb9eb9a6a9416925efde12d772a2.tar.xz nixpkgs-f2d03ee0d034bb9eb9a6a9416925efde12d772a2.tar.zst nixpkgs-f2d03ee0d034bb9eb9a6a9416925efde12d772a2.zip |
Merge #8897: AppArmor updates
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/linux/apparmor/2.9/default.nix | 183 | ||||
-rw-r--r-- | pkgs/os-specific/linux/apparmor/capability.patch | 16 | ||||
-rw-r--r-- | pkgs/os-specific/linux/apparmor/default.nix | 249 |
3 files changed, 159 insertions, 289 deletions
diff --git a/pkgs/os-specific/linux/apparmor/2.9/default.nix b/pkgs/os-specific/linux/apparmor/2.9/default.nix deleted file mode 100644 index 1b1d9a3d1ca..00000000000 --- a/pkgs/os-specific/linux/apparmor/2.9/default.nix +++ /dev/null @@ -1,183 +0,0 @@ -{ stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, perl, which -, glibc, flex, bison, python27, swig, dbus, pam -}: - -let - apparmor-series = "2.9"; - apparmor-patchver = "2"; - apparmor-version = "${apparmor-series}.${apparmor-patchver}"; - - apparmor-meta = component: with stdenv.lib; { - homepage = http://apparmor.net/; - description = "Linux application security system - ${component}"; - license = licenses.gpl2; - maintainers = with maintainers; [ phreedom thoughtpolice joachifm ]; - platforms = platforms.linux; - }; - - apparmor-sources = fetchurl { - url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz"; - sha256 = "1mayly7d7w959fya7z8q6kab2x3jcwhqhkpx36jsvpjhxkhmc4fh"; - }; - - prePatchCommon = '' - substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" - substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" - substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" - substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man" - ''; - - libapparmor = stdenv.mkDerivation { - name = "libapparmor-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - autoconf - automake - bison - flex - dbus # requires patch to dbus ... - glibc - libtool - perl - pkgconfig - python27 - swig - which - ]; - - prePatch = prePatchCommon + '' - substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" - substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" - ''; - - buildPhase = '' - cd ./libraries/libapparmor - ./autogen.sh - ./configure --prefix="$out" --with-python --with-perl - make - ''; - - installPhase = '' - make install - ''; - - meta = apparmor-meta "library"; - }; - - apparmor-utils = stdenv.mkDerivation { - name = "apparmor-utils-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - python27 - libapparmor - which - ]; - - prePatch = prePatchCommon; - - buildPhase = '' - cd ./utils - make LANGS="" - ''; - - installPhase = '' - make install LANGS="" DESTDIR="$out" BINDIR="$out/bin" VIM_INSTALL_PATH="$out/share" PYPREFIX="" - ''; - - meta = apparmor-meta "user-land utilities"; - }; - - apparmor-parser = stdenv.mkDerivation { - name = "apparmor-parser-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - libapparmor - bison - flex - which - ]; - - prePatch = prePatchCommon + '' - substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" - substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" - substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" - ## techdoc.pdf still doesn't build ... - substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" - ''; - - buildPhase = '' - cd ./parser - make LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include - ''; - - installPhase = '' - make install LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include DESTDIR="$out" DISTRO="unknown" - ''; - - meta = apparmor-meta "rule parser"; - }; - - apparmor-pam = stdenv.mkDerivation { - name = "apparmor-pam-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - libapparmor - pam - pkgconfig - which - ]; - - buildPhase = '' - cd ./changehat/pam_apparmor - make USE_SYSTEM=1 - ''; - - installPhase = '' - make install DESTDIR="$out" - ''; - - meta = apparmor-meta "PAM service"; - }; - - apparmor-profiles = stdenv.mkDerivation { - name = "apparmor-profiles-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ which ]; - - buildPhase = '' - cd ./profiles - make - ''; - - installPhase = '' - make install DESTDIR="$out" EXTRAS_DEST="$out/share/apparmor/extra-profiles" - ''; - - meta = apparmor-meta "profiles"; - }; - - apparmor-kernel-patches = stdenv.mkDerivation { - name = "apparmor-kernel-patches-${apparmor-version}"; - src = apparmor-sources; - - phases = ''unpackPhase installPhase''; - - installPhase = '' - mkdir "$out" - cp -R ./kernel-patches "$out" - ''; - - meta = apparmor-meta "kernel patches"; - }; - -in - -{ - inherit libapparmor apparmor-utils apparmor-parser apparmor-pam - apparmor-profiles apparmor-kernel-patches; -} diff --git a/pkgs/os-specific/linux/apparmor/capability.patch b/pkgs/os-specific/linux/apparmor/capability.patch deleted file mode 100644 index c8f2b511d95..00000000000 --- a/pkgs/os-specific/linux/apparmor/capability.patch +++ /dev/null @@ -1,16 +0,0 @@ -Description: allow parser to build even when not on Linux. -Author: Kees Cook <kees@debian.org> - -Index: apparmor-debian/common/Make.rules -=================================================================== ---- apparmor-debian.orig/common/Make.rules 2012-05-05 14:41:25.967259523 -0700 -+++ apparmor-debian/common/Make.rules 2012-05-05 14:41:28.451291053 -0700 -@@ -160,7 +160,7 @@ - CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort) - - .PHONY: list_capabilities --list_capabilities: /usr/include/linux/capability.h -+list_capabilities: - @echo "$(CAPABILITIES)" - - # ===================== diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index 22413b2ed31..64c6f66575b 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -1,98 +1,167 @@ -{ stdenv, fetchurl -, autoconf, automake, libtool, makeWrapper -, perl, bison, flex, glibc, gettext, which, rpm, LocaleGettext -, bash, pam, TermReadKey, RpcXML, swig, python}: -stdenv.mkDerivation rec { - - name = "apparmor-${version}"; - version = "2.8.4"; - - src = fetchurl { - url = "http://launchpad.net/apparmor/2.8/${version}/+download/${name}.tar.gz"; - sha256 = "1mki4c44ljmr7dpn55grzn33929kdjx149jx00s80yp1war83jwq"; +{ stdenv, fetchurl, makeWrapper, autoconf, autoreconfHook, automake, libtool, pkgconfig, perl, which +, glibc, flex, bison, python27Packages, swig, pam +}: + +let + apparmor-series = "2.10"; + apparmor-version = apparmor-series; + + apparmor-meta = component: with stdenv.lib; { + homepage = http://apparmor.net/; + description = "Linux application security system - ${component}"; + license = licenses.gpl2; + maintainers = with maintainers; [ phreedom thoughtpolice joachifm ]; + platforms = platforms.linux; }; - buildInputs = [ - autoconf automake libtool perl bison flex gettext which rpm - LocaleGettext pam TermReadKey RpcXML swig makeWrapper python ]; - - prePatch = '' - substituteInPlace libraries/libapparmor/src/Makefile.in --replace "/usr/include" "${glibc}/include" - substituteInPlace libraries/libapparmor/src/Makefile.am --replace "/usr/include" "${glibc}/include" - substituteInPlace common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" - substituteInPlace common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" - substituteInPlace common/Make.rules --replace "cpp -dM" "cpp -dM -I${glibc}/include" - - substituteInPlace parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" - substituteInPlace parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" - substituteInPlace parser/Makefile --replace "/usr/include/bits/socket.h" "${glibc}/include/bits/socket.h" - substituteInPlace parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" - #substituteInPlace parser/utils/vim/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" - - # for some reason pdf documentation doesn't build - substituteInPlace parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" - - substituteInPlace parser/tst/gen-xtrans.pl --replace "/usr/bin/perl" "${perl}/bin/perl" - substituteInPlace parser/tst/Makefile --replace "/usr/bin/prove" "${perl}/bin/prove" - substituteInPlace parser/tst/Makefile --replace "./caching.sh" "${bash}/bin/bash ./caching.sh" - ''; + apparmor-sources = fetchurl { + url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz"; + sha256 = "1x06qmmbha9krx7880pxj2k3l8fxy3nm945xjjv735m2ax1243jd"; + }; - patches = ./capability.patch; - - buildPhase ='' - PERL5LIB=$PERL5LIB:$out/lib/perl5/site_perl:$out/lib - - cd libraries/libapparmor - ./autogen.sh - ./configure --prefix=$out --with-perl # see below - make - make check - make install - mkdir -p $out/lib/perl5/site_perl/ - cp swig/perl/LibAppArmor.pm $out/lib/perl5/site_perl/ - cp swig/perl/LibAppArmor.bs $out/lib/perl5/site_perl/ - # this is automatically copied elsewhere.... - - cd ../../utils - make - make install DESTDIR=$out BINDIR=$out/bin VENDOR_PERL=/lib/perl5/site_perl - - cd ../parser - make - make install DESTDIR=$out DISTRO=unknown - -# cd ../changehat/mod_apparmor -# make # depends on libapparmor having been built first -# make install - - cd ../changehat/pam_apparmor - make # depends on libapparmor having been built first - make install DESTDIR=$out - - cd ../../profiles - LD_LIBRARY_PATH=$out/lib make - #LD_LIBRARY_PATH=$out/lib make check # depends on the parser having been built first - make install DESTDIR=$out - - cd .. - cp -r kernel-patches $out + prePatchCommon = '' + substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" + substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" + substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" + substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man" ''; - installPhase = let - perlVersion = (builtins.parseDrvName perl.name).version; - in '' - for i in $out/bin/*; do - wrapProgram $i --prefix PERL5LIB : \ - "$PERL5LIB:$out/lib/perl5/${perlVersion}/${stdenv.system}-thread-multi/" - done - ''; + libapparmor = stdenv.mkDerivation { + name = "libapparmor-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ + autoconf + automake + autoreconfHook + bison + flex + glibc + libtool + perl + pkgconfig + python27Packages.python + swig + which + ]; + + # required to build apparmor-parser + dontDisableStatic = true; + + prePatch = prePatchCommon + '' + substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" + substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" + ''; + + postPatch = "cd ./libraries/libapparmor"; + configureFlags = "--with-python --with-perl"; + + meta = apparmor-meta "library"; + }; - meta = with stdenv.lib; { - homepage = http://apparmor.net/; - description = "Linux application security system"; - license = licenses.gpl2; - maintainers = [ maintainers.phreedom maintainers.thoughtpolice ]; - platforms = platforms.linux; + apparmor-utils = stdenv.mkDerivation { + name = "apparmor-utils-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ + perl + python27Packages.python + python27Packages.readline + libapparmor + makeWrapper + which + ]; + + prePatch = prePatchCommon; + postPatch = "cd ./utils"; + makeFlags = ''LANGS=''; + installFlags = ''DESTDIR=$(out) BINDIR=$(out)/bin VIM_INSTALL_PATH=$(out)/share PYPREFIX=''; + + postInstall = '' + for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-status aa-unconfined ; do + wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python27Packages.python.libPrefix}/site-packages:$PYTHONPATH" + done + + for prog in aa-exec aa-notify ; do + wrapProgram $out/bin/$prog --prefix PERL5LIB : "${libapparmor}/lib/perl5:$PERL5LIB" + done + ''; + + meta = apparmor-meta "user-land utilities"; }; -} + apparmor-parser = stdenv.mkDerivation { + name = "apparmor-parser-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ + libapparmor + bison + flex + which + ]; + + prePatch = prePatchCommon + '' + substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" + substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" + substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" + ## techdoc.pdf still doesn't build ... + substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" + ''; + postPatch = "cd ./parser"; + makeFlags = ''LANGS= USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include''; + installFlags = ''DESTDIR=$(out) DISTRO=unknown''; + + meta = apparmor-meta "rule parser"; + }; + + apparmor-pam = stdenv.mkDerivation { + name = "apparmor-pam-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ + libapparmor + pam + pkgconfig + which + ]; + + postPatch = "cd ./changehat/pam_apparmor"; + makeFlags = ''USE_SYSTEM=1''; + installFlags = ''DESTDIR=$(out)''; + + meta = apparmor-meta "PAM service"; + }; + + apparmor-profiles = stdenv.mkDerivation { + name = "apparmor-profiles-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ which ]; + + postPatch = "cd ./profiles"; + installFlags = ''DESTDIR=$(out) EXTRAS_DEST=$(out)/share/apparmor/extra-profiles''; + + meta = apparmor-meta "profiles"; + }; + + apparmor-kernel-patches = stdenv.mkDerivation { + name = "apparmor-kernel-patches-${apparmor-version}"; + src = apparmor-sources; + + phases = ''unpackPhase installPhase''; + + installPhase = '' + mkdir "$out" + cp -R ./kernel-patches "$out" + ''; + + meta = apparmor-meta "kernel patches"; + }; + +in + +{ + inherit libapparmor apparmor-utils apparmor-parser apparmor-pam + apparmor-profiles apparmor-kernel-patches; +} |