nixpkgs: default to apparmor 2.9 (#7220)

Signed-off-by: Austin Seipp <aseipp@pobox.com>

4 files changed, 181 insertions, 301 deletions

diff --git a/pkgs/os-specific/linux/apparmor/2.9/default.nix b/pkgs/os-specific/linux/apparmor/2.9/default.nix
deleted file mode 100644
index 1b1d9a3d1ca..00000000000
--- a/pkgs/os-specific/linux/apparmor/2.9/default.nix
+++ /dev/null
@@ -1,183 +0,0 @@
-{ stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, perl, which
-, glibc, flex, bison, python27, swig, dbus, pam
-}:
-
-let
-  apparmor-series = "2.9";
-  apparmor-patchver = "2";
-  apparmor-version = "${apparmor-series}.${apparmor-patchver}";
-
-  apparmor-meta = component: with stdenv.lib; {
-      homepage = http://apparmor.net/;
-      description = "Linux application security system - ${component}";
-      license = licenses.gpl2;
-      maintainers = with maintainers; [ phreedom thoughtpolice joachifm ];
-      platforms = platforms.linux;
-  };
-
-  apparmor-sources = fetchurl {
-    url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz";
-    sha256 = "1mayly7d7w959fya7z8q6kab2x3jcwhqhkpx36jsvpjhxkhmc4fh";
-  };
-
-  prePatchCommon = ''
-    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man"
-    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html"
-    substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
-    substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man"
-  '';
-
-  libapparmor = stdenv.mkDerivation {
-    name = "libapparmor-${apparmor-version}";
-    src = apparmor-sources;
-
-    buildInputs = [
-      autoconf
-      automake
-      bison
-      flex
-      dbus # requires patch to dbus ...
-      glibc
-      libtool
-      perl
-      pkgconfig
-      python27
-      swig
-      which
-    ];
-
-    prePatch = prePatchCommon + ''
-      substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"
-      substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"
-      '';
-
-    buildPhase = ''
-      cd ./libraries/libapparmor
-      ./autogen.sh
-      ./configure --prefix="$out" --with-python --with-perl
-      make
-      '';
-
-    installPhase = ''
-      make install
-    '';
-
-    meta = apparmor-meta "library";
-  };
-
-  apparmor-utils = stdenv.mkDerivation {
-    name = "apparmor-utils-${apparmor-version}";
-    src = apparmor-sources;
-
-    buildInputs = [
-      python27
-      libapparmor
-      which
-    ];
-
-    prePatch = prePatchCommon;
-
-    buildPhase = ''
-      cd ./utils
-      make LANGS=""
-    '';
-
-    installPhase = ''
-      make install LANGS="" DESTDIR="$out" BINDIR="$out/bin" VIM_INSTALL_PATH="$out/share" PYPREFIX=""
-    '';
-
-    meta = apparmor-meta "user-land utilities";
-  };
-
-  apparmor-parser = stdenv.mkDerivation {
-    name = "apparmor-parser-${apparmor-version}";
-    src = apparmor-sources;
-
-    buildInputs = [
-      libapparmor
-      bison
-      flex
-      which
-    ];
-
-    prePatch = prePatchCommon + ''
-      substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison"
-      substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex"
-      substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
-      ## techdoc.pdf still doesn't build ...
-      substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
-    '';
-
-    buildPhase = ''
-      cd ./parser
-      make LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include
-    '';
-
-    installPhase = ''
-      make install LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include DESTDIR="$out" DISTRO="unknown"
-    '';
-
-    meta = apparmor-meta "rule parser";
-  };
-
-  apparmor-pam = stdenv.mkDerivation {
-    name = "apparmor-pam-${apparmor-version}";
-    src = apparmor-sources;
-
-    buildInputs = [
-      libapparmor
-      pam
-      pkgconfig
-      which
-    ];
-
-    buildPhase = ''
-      cd ./changehat/pam_apparmor
-      make USE_SYSTEM=1
-    '';
-
-    installPhase = ''
-      make install DESTDIR="$out"
-    '';
-
-    meta = apparmor-meta "PAM service";
-  };
-
-  apparmor-profiles = stdenv.mkDerivation {
-    name = "apparmor-profiles-${apparmor-version}";
-    src = apparmor-sources;
-
-    buildInputs = [ which ];
-
-    buildPhase = ''
-      cd ./profiles
-      make
-    '';
-
-    installPhase = ''
-      make install DESTDIR="$out" EXTRAS_DEST="$out/share/apparmor/extra-profiles"
-    '';
-
-    meta = apparmor-meta "profiles";
-  };
-
-  apparmor-kernel-patches = stdenv.mkDerivation {
-    name = "apparmor-kernel-patches-${apparmor-version}";
-    src = apparmor-sources;
-
-    phases = ''unpackPhase installPhase'';
-
-    installPhase = ''
-      mkdir "$out"
-      cp -R ./kernel-patches "$out"
-    '';
-
-    meta = apparmor-meta "kernel patches";
-  };
-
-in
-
-{
-  inherit libapparmor apparmor-utils apparmor-parser apparmor-pam
-  apparmor-profiles apparmor-kernel-patches;
-}
diff --git a/pkgs/os-specific/linux/apparmor/capability.patch b/pkgs/os-specific/linux/apparmor/capability.patch
deleted file mode 100644
index c8f2b511d95..00000000000
--- a/pkgs/os-specific/linux/apparmor/capability.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Description: allow parser to build even when not on Linux.
-Author: Kees Cook <kees@debian.org>
-
-Index: apparmor-debian/common/Make.rules
-===================================================================
---- apparmor-debian.orig/common/Make.rules	2012-05-05 14:41:25.967259523 -0700
-+++ apparmor-debian/common/Make.rules	2012-05-05 14:41:28.451291053 -0700
-@@ -160,7 +160,7 @@
- CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort)
- 
- .PHONY: list_capabilities
--list_capabilities: /usr/include/linux/capability.h
-+list_capabilities:
- 	@echo "$(CAPABILITIES)"
- 
- # =====================
diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix
index 22413b2ed31..cf02ee763f6 100644
--- a/pkgs/os-specific/linux/apparmor/default.nix
+++ b/pkgs/os-specific/linux/apparmor/default.nix
@@ -1,98 +1,183 @@
-{ stdenv, fetchurl
-, autoconf, automake, libtool, makeWrapper
-, perl, bison, flex, glibc, gettext, which, rpm, LocaleGettext
-, bash, pam, TermReadKey, RpcXML, swig, python}:
-stdenv.mkDerivation rec {
-
-  name = "apparmor-${version}";
-  version = "2.8.4";
-
-  src = fetchurl {
-    url = "http://launchpad.net/apparmor/2.8/${version}/+download/${name}.tar.gz";
-    sha256 = "1mki4c44ljmr7dpn55grzn33929kdjx149jx00s80yp1war83jwq";
+{ stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, perl, which
+, glibc, flex, bison, python27, swig, dbus, pam
+}:
+
+let
+  apparmor-series = "2.9";
+  apparmor-patchver = "1";
+  apparmor-version = "${apparmor-series}.${apparmor-patchver}";
+
+  apparmor-meta = component: with stdenv.lib; {
+    homepage = http://apparmor.net/;
+    description = "Linux application security system - ${component}";
+    license = licenses.gpl2;
+    maintainers = with maintainers; [ phreedom thoughtpolice joachifm ];
+    platforms = platforms.linux;
   };
 
-  buildInputs = [
-    autoconf automake libtool perl bison flex gettext which rpm
-    LocaleGettext pam TermReadKey RpcXML swig makeWrapper python ];
-
-  prePatch = ''
-    substituteInPlace libraries/libapparmor/src/Makefile.in --replace "/usr/include" "${glibc}/include"
-    substituteInPlace libraries/libapparmor/src/Makefile.am --replace "/usr/include" "${glibc}/include"
-    substituteInPlace common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man"
-    substituteInPlace common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html"
-    substituteInPlace common/Make.rules --replace "cpp -dM" "cpp -dM -I${glibc}/include"
-
-    substituteInPlace parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison"
-    substituteInPlace parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex"
-    substituteInPlace parser/Makefile --replace "/usr/include/bits/socket.h" "${glibc}/include/bits/socket.h"
-    substituteInPlace parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
-    #substituteInPlace parser/utils/vim/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
-
-    # for some reason pdf documentation doesn't build
-    substituteInPlace parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
-
-    substituteInPlace parser/tst/gen-xtrans.pl --replace "/usr/bin/perl" "${perl}/bin/perl"
-    substituteInPlace parser/tst/Makefile --replace "/usr/bin/prove" "${perl}/bin/prove"
-    substituteInPlace parser/tst/Makefile --replace "./caching.sh" "${bash}/bin/bash ./caching.sh"
-  '';
+  apparmor-sources = fetchurl {
+    url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz";
+    sha256 = "08ha7aigl40vm80f742rljcckdpfpw1s8g4yii1ysabcqcj8ffx6";
+  };
 
-  patches = ./capability.patch;
-
-  buildPhase =''
-    PERL5LIB=$PERL5LIB:$out/lib/perl5/site_perl:$out/lib
-
-    cd libraries/libapparmor
-    ./autogen.sh
-    ./configure --prefix=$out --with-perl	# see below
-    make
-    make check
-    make install
-    mkdir -p $out/lib/perl5/site_perl/
-    cp swig/perl/LibAppArmor.pm $out/lib/perl5/site_perl/
-    cp swig/perl/LibAppArmor.bs $out/lib/perl5/site_perl/
-    # this is automatically copied elsewhere....
-
-    cd ../../utils
-    make
-    make install DESTDIR=$out BINDIR=$out/bin VENDOR_PERL=/lib/perl5/site_perl
-
-    cd ../parser
-    make
-    make install DESTDIR=$out DISTRO=unknown
-
-#    cd ../changehat/mod_apparmor
-#    make		# depends on libapparmor having been built first
-#    make install
-
-    cd ../changehat/pam_apparmor
-    make		# depends on libapparmor having been built first
-    make install DESTDIR=$out
-
-    cd ../../profiles
-    LD_LIBRARY_PATH=$out/lib    make
-    #LD_LIBRARY_PATH=$out/lib    make check	# depends on the parser having been built first
-    make install DESTDIR=$out
-
-    cd ..
-    cp -r  kernel-patches $out
+  prePatchCommon = ''
+    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man"
+    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html"
+    substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
+    substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man"
   '';
 
-  installPhase = let
-    perlVersion = (builtins.parseDrvName perl.name).version;
-  in ''
-    for i in $out/bin/*;  do
-      wrapProgram $i --prefix PERL5LIB : \
-        "$PERL5LIB:$out/lib/perl5/${perlVersion}/${stdenv.system}-thread-multi/"
-    done
-  '';
+  libapparmor = stdenv.mkDerivation {
+    name = "libapparmor-${apparmor-version}";
+    src = apparmor-sources;
+
+    buildInputs = [
+      autoconf
+      automake
+      bison
+      flex
+      dbus # requires patch to dbus ...
+      glibc
+      libtool
+      perl
+      pkgconfig
+      python27
+      swig
+      which
+    ];
+
+    prePatch = prePatchCommon + ''
+      substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"
+      substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"
+      '';
+
+    buildPhase = ''
+      cd ./libraries/libapparmor
+      ./autogen.sh
+      ./configure --prefix="$out" --with-python --with-perl
+      make
+      '';
+
+    installPhase = ''
+      make install
+    '';
+
+    meta = apparmor-meta "library";
+  };
 
-  meta = with stdenv.lib; {
-    homepage = http://apparmor.net/;
-    description = "Linux application security system";
-    license = licenses.gpl2;
-    maintainers = [ maintainers.phreedom maintainers.thoughtpolice ];
-    platforms = platforms.linux;
+  apparmor-utils = stdenv.mkDerivation {
+    name = "apparmor-utils-${apparmor-version}";
+    src = apparmor-sources;
+
+    buildInputs = [
+      python27
+      libapparmor
+      which
+    ];
+
+    prePatch = prePatchCommon;
+
+    buildPhase = ''
+      cd ./utils
+      make LANGS=""
+    '';
+
+    installPhase = ''
+      make install LANGS="" DESTDIR="$out" BINDIR="$out/bin" VIM_INSTALL_PATH="$out/share" PYPREFIX=""
+    '';
+
+    meta = apparmor-meta "user-land utilities";
+  };
+
+  apparmor-parser = stdenv.mkDerivation {
+    name = "apparmor-parser-${apparmor-version}";
+    src = apparmor-sources;
+
+    buildInputs = [
+      libapparmor
+      bison
+      flex
+      which
+    ];
+
+    prePatch = prePatchCommon + ''
+      substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison"
+      substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex"
+      substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
+      ## techdoc.pdf still doesn't build ...
+      substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
+    '';
+
+    buildPhase = ''
+      cd ./parser
+      make LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include
+    '';
+
+    installPhase = ''
+      make install LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include DESTDIR="$out" DISTRO="unknown"
+    '';
+
+    meta = apparmor-meta "rule parser";
   };
-}
 
+  apparmor-pam = stdenv.mkDerivation {
+    name = "apparmor-pam-${apparmor-version}";
+    src = apparmor-sources;
+
+    buildInputs = [
+      libapparmor
+      pam
+      pkgconfig
+      which
+    ];
+
+    buildPhase = ''
+      cd ./changehat/pam_apparmor
+      make USE_SYSTEM=1
+    '';
+
+    installPhase = ''
+      make install DESTDIR="$out"
+    '';
+
+    meta = apparmor-meta "PAM service";
+  };
+
+  apparmor-profiles = stdenv.mkDerivation {
+    name = "apparmor-profiles-${apparmor-version}";
+    src = apparmor-sources;
+
+    buildInputs = [ which ];
+
+    buildPhase = ''
+      cd ./profiles
+      make
+    '';
+
+    installPhase = ''
+      make install DESTDIR="$out" EXTRAS_DEST="$out/share/apparmor/extra-profiles"
+    '';
+
+    meta = apparmor-meta "profiles";
+  };
+
+  apparmor-kernel-patches = stdenv.mkDerivation {
+    name = "apparmor-kernel-patches-${apparmor-version}";
+    src = apparmor-sources;
+
+    phases = ''unpackPhase installPhase'';
+
+    installPhase = ''
+      mkdir "$out"
+      cp -R ./kernel-patches "$out"
+    '';
+
+    meta = apparmor-meta "kernel patches";
+  };
+
+in
+
+{
+  inherit libapparmor apparmor-utils apparmor-parser apparmor-pam
+  apparmor-profiles apparmor-kernel-patches;
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 3e5d073941d..509b247f7a1 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -9430,18 +9430,12 @@ let
 
   microcodeIntel = callPackage ../os-specific/linux/microcode/intel.nix { };
 
-  apparmor = callPackage ../os-specific/linux/apparmor {
-    inherit (perlPackages) LocaleGettext TermReadKey RpcXML;
-    bison = bison2;
-    perl = perl516; # ${perl}/.../CORE/handy.h:124:34: error: 'bool' undeclared
-  };
-
-  apparmor_2_9 = callPackage ../os-specific/linux/apparmor/2.9 { };
-  libapparmor = apparmor_2_9.libapparmor;
-  apparmor-pam = apparmor_2_9.apparmor-pam;
-  apparmor-parser = apparmor_2_9.apparmor-parser;
-  apparmor-profiles = apparmor_2_9.apparmor-profiles;
-  apparmor-utils = apparmor_2_9.apparmor-utils;
+  apparmor = callPackage ../os-specific/linux/apparmor { swig = swig2; };
+  libapparmor = apparmor.libapparmor;
+  apparmor-pam = apparmor.apparmor-pam;
+  apparmor-parser = apparmor.apparmor-parser;
+  apparmor-profiles = apparmor.apparmor-profiles;
+  apparmor-utils = apparmor.apparmor-utils;
 
   atop = callPackage ../os-specific/linux/atop { };