summary refs log tree commit diff
path: root/pkgs/os-specific/linux/apparmor/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific/linux/apparmor/default.nix')
-rw-r--r--pkgs/os-specific/linux/apparmor/default.nix96
1 files changed, 78 insertions, 18 deletions
diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix
index b576ca71d58..c8e58dfbf6f 100644
--- a/pkgs/os-specific/linux/apparmor/default.nix
+++ b/pkgs/os-specific/linux/apparmor/default.nix
@@ -1,16 +1,20 @@
-{ stdenv, fetchurl, makeWrapper, autoreconfHook
+{ stdenv, fetchurl, fetchpatch, makeWrapper, autoreconfHook
 , pkgconfig, which
 , flex, bison
 , linuxHeaders ? stdenv.cc.libc.linuxHeaders
-, pythonPackages
+, python
+, gawk
 , perl
 , swig
+, ncurses
 , pam
+, buildPackages
 }:
 
 let
-  apparmor-series = "2.10";
-  apparmor-version = apparmor-series;
+  apparmor-series = "2.12";
+  apparmor-patchver = "0";
+  apparmor-version = apparmor-series + "." + apparmor-patchver;
 
   apparmor-meta = component: with stdenv.lib; {
     homepage = http://apparmor.net/;
@@ -21,17 +25,38 @@ let
   };
 
   apparmor-sources = fetchurl {
-    url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz";
-    sha256 = "1x06qmmbha9krx7880pxj2k3l8fxy3nm945xjjv735m2ax1243jd";
+    url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-series}.tar.gz";
+    sha256 = "0mm0mcp0w18si9wl15drndysm7v27az2942p1xjd197shg80qawa";
   };
 
   prePatchCommon = ''
-    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man"
-    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html"
+    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${buildPackages.perl}/bin/pod2man"
+    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${buildPackages.perl}/bin/pod2html"
     substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${linuxHeaders}/include/linux/capability.h"
     substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man"
   '';
 
+  # use 'if c then x else null' to avoid rebuilding
+  # patches = stdenv.lib.optionals stdenv.hostPlatform.isMusl [
+  patches = if stdenv.hostPlatform.isMusl then [
+    (fetchpatch {
+      url = "https://git.alpinelinux.org/cgit/aports/plain/testing/apparmor/0002-Provide-missing-secure_getenv-and-scandirat-function.patch?id=74b8427cc21f04e32030d047ae92caa618105b53";
+      name = "0002-Provide-missing-secure_getenv-and-scandirat-function.patch";
+      sha256 = "0pj1bzifghxwxlc39j8hyy17dkjr9fk64kkj94ayymyprz4i4nac";
+    })
+    (fetchpatch {
+      url = "https://git.alpinelinux.org/cgit/aports/plain/testing/apparmor/0003-Added-missing-typedef-definitions-on-parser.patch?id=74b8427cc21f04e32030d047ae92caa618105b53";
+      name = "0003-Added-missing-typedef-definitions-on-parser.patch";
+      sha256 = "0yyaqz8jlmn1bm37arggprqz0njb4lhjni2d9c8qfqj0kll0bam0";
+    })
+    (fetchpatch {
+      url = "https://git.alpinelinux.org/cgit/aports/plain/testing/apparmor/0007-Do-not-build-install-vim-file-with-utils-package.patch?id=74b8427cc21f04e32030d047ae92caa618105b53";
+      name = "0007-Do-not-build-install-vim-file-with-utils-package.patch";
+      sha256 = "1m4dx901biqgnr4w4wz8a2z9r9dxyw7wv6m6mqglqwf2lxinqmp4";
+    })
+    # (alpine patches {1,4,5,6,8} are needed for apparmor 2.11, but not 2.12)
+  ] else null;
+
   # FIXME: convert these to a single multiple-outputs package?
 
   libapparmor = stdenv.mkDerivation {
@@ -44,12 +69,14 @@ let
       flex
       pkgconfig
       swig
+      ncurses
       which
+      perl
     ];
 
-    buildInputs = [
+    buildInputs = stdenv.lib.optionals (!stdenv.isCross) [
       perl
-      pythonPackages.python
+      python
     ];
 
     # required to build apparmor-parser
@@ -59,13 +86,15 @@ let
       substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${stdenv.cc.libc.dev}/include/netinet/in.h"
       substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${stdenv.cc.libc.dev}/include/netinet/in.h"
     '';
+    inherit patches;
 
     postPatch = "cd ./libraries/libapparmor";
-    configureFlags = "--with-python --with-perl";
+    # https://gitlab.com/apparmor/apparmor/issues/1
+    configureFlags = stdenv.lib.optionalString (!stdenv.isCross) "--with-python --with-perl";
 
-    outputs = [ "out" "python" ];
+    outputs = if stdenv.isCross then [ "out" ] else [ "out" "python" ];
 
-    postInstall = ''
+    postInstall = stdenv.lib.optionalString (!stdenv.isCross) ''
       mkdir -p $python/lib
       mv $out/lib/python* $python/lib/
     '';
@@ -81,22 +110,23 @@ let
 
     buildInputs = [
       perl
-      pythonPackages.python
+      python
       libapparmor
       libapparmor.python
     ];
 
     prePatch = prePatchCommon;
+    inherit patches;
     postPatch = "cd ./utils";
     makeFlags = ''LANGS='';
     installFlags = ''DESTDIR=$(out) BINDIR=$(out)/bin VIM_INSTALL_PATH=$(out)/share PYPREFIX='';
 
     postInstall = ''
       for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-status aa-unconfined ; do
-        wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${pythonPackages.python.libPrefix}/site-packages:$PYTHONPATH"
+        wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python.libPrefix}/site-packages:$PYTHONPATH"
       done
 
-      for prog in aa-exec aa-notify ; do
+      for prog in aa-notify ; do
         wrapProgram $out/bin/$prog --prefix PERL5LIB : "${libapparmor}/lib/perl5:$PERL5LIB"
       done
     '';
@@ -104,6 +134,29 @@ let
     meta = apparmor-meta "user-land utilities";
   };
 
+  apparmor-bin-utils = stdenv.mkDerivation {
+    name = "apparmor-bin-utils-${apparmor-version}";
+    src = apparmor-sources;
+
+    nativeBuildInputs = [
+      pkgconfig
+      libapparmor
+      gawk
+      which
+    ];
+
+    buildInputs = [
+      libapparmor
+    ];
+
+    prePatch = prePatchCommon;
+    postPatch = "cd ./binutils";
+    makeFlags = ''LANGS= USE_SYSTEM=1'';
+    installFlags = ''DESTDIR=$(out) BINDIR=$(out)/bin'';
+
+    meta = apparmor-meta "binary user-land utilities";
+  };
+
   apparmor-parser = stdenv.mkDerivation {
     name = "apparmor-parser-${apparmor-version}";
     src = apparmor-sources;
@@ -119,6 +172,7 @@ let
       ## techdoc.pdf still doesn't build ...
       substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
     '';
+    inherit patches;
     postPatch = "cd ./parser";
     makeFlags = ''LANGS= USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include'';
     installFlags = ''DESTDIR=$(out) DISTRO=unknown'';
@@ -170,6 +224,12 @@ let
 in
 
 {
-  inherit libapparmor apparmor-utils apparmor-parser apparmor-pam
-  apparmor-profiles apparmor-kernel-patches;
+  inherit
+    libapparmor
+    apparmor-utils
+    apparmor-bin-utils
+    apparmor-parser
+    apparmor-pam
+    apparmor-profiles
+    apparmor-kernel-patches;
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-22 23:59:04 +0000