From 8c2f7fcfeda241e891b6913166ab0c7f2caab5fa Mon Sep 17 00:00:00 2001 From: Vladimír Čunát Date: Wed, 26 Aug 2015 20:33:29 +0200 Subject: apparmor: don't depend on tetex It seemed unused - no mention in the log, and builds without it. /cc maintainers: @phreedom, @thoughtpolice. --- pkgs/os-specific/linux/apparmor/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific/linux/apparmor') diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index f68b436bed1..22413b2ed31 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchurl , autoconf, automake, libtool, makeWrapper -, perl, bison, flex, glibc, gettext, which, rpm, tetex, LocaleGettext +, perl, bison, flex, glibc, gettext, which, rpm, LocaleGettext , bash, pam, TermReadKey, RpcXML, swig, python}: stdenv.mkDerivation rec { @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { }; buildInputs = [ - autoconf automake libtool perl bison flex gettext which rpm tetex + autoconf automake libtool perl bison flex gettext which rpm LocaleGettext pam TermReadKey RpcXML swig makeWrapper python ]; prePatch = '' -- cgit 1.4.1 From cbacab73ed018e456d2e63c37ac5e25ac4d28acf Mon Sep 17 00:00:00 2001 From: Austin Seipp Date: Sun, 12 Apr 2015 02:43:23 -0500 Subject: nixpkgs: default to apparmor 2.9 (#7220) Signed-off-by: Austin Seipp --- pkgs/os-specific/linux/apparmor/2.9/default.nix | 183 ---------------- pkgs/os-specific/linux/apparmor/capability.patch | 16 -- pkgs/os-specific/linux/apparmor/default.nix | 265 +++++++++++++++-------- pkgs/top-level/all-packages.nix | 18 +- 4 files changed, 181 insertions(+), 301 deletions(-) delete mode 100644 pkgs/os-specific/linux/apparmor/2.9/default.nix delete mode 100644 pkgs/os-specific/linux/apparmor/capability.patch (limited to 'pkgs/os-specific/linux/apparmor') diff --git a/pkgs/os-specific/linux/apparmor/2.9/default.nix b/pkgs/os-specific/linux/apparmor/2.9/default.nix deleted file mode 100644 index 1b1d9a3d1ca..00000000000 --- a/pkgs/os-specific/linux/apparmor/2.9/default.nix +++ /dev/null @@ -1,183 +0,0 @@ -{ stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, perl, which -, glibc, flex, bison, python27, swig, dbus, pam -}: - -let - apparmor-series = "2.9"; - apparmor-patchver = "2"; - apparmor-version = "${apparmor-series}.${apparmor-patchver}"; - - apparmor-meta = component: with stdenv.lib; { - homepage = http://apparmor.net/; - description = "Linux application security system - ${component}"; - license = licenses.gpl2; - maintainers = with maintainers; [ phreedom thoughtpolice joachifm ]; - platforms = platforms.linux; - }; - - apparmor-sources = fetchurl { - url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz"; - sha256 = "1mayly7d7w959fya7z8q6kab2x3jcwhqhkpx36jsvpjhxkhmc4fh"; - }; - - prePatchCommon = '' - substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" - substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" - substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" - substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man" - ''; - - libapparmor = stdenv.mkDerivation { - name = "libapparmor-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - autoconf - automake - bison - flex - dbus # requires patch to dbus ... - glibc - libtool - perl - pkgconfig - python27 - swig - which - ]; - - prePatch = prePatchCommon + '' - substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" - substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" - ''; - - buildPhase = '' - cd ./libraries/libapparmor - ./autogen.sh - ./configure --prefix="$out" --with-python --with-perl - make - ''; - - installPhase = '' - make install - ''; - - meta = apparmor-meta "library"; - }; - - apparmor-utils = stdenv.mkDerivation { - name = "apparmor-utils-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - python27 - libapparmor - which - ]; - - prePatch = prePatchCommon; - - buildPhase = '' - cd ./utils - make LANGS="" - ''; - - installPhase = '' - make install LANGS="" DESTDIR="$out" BINDIR="$out/bin" VIM_INSTALL_PATH="$out/share" PYPREFIX="" - ''; - - meta = apparmor-meta "user-land utilities"; - }; - - apparmor-parser = stdenv.mkDerivation { - name = "apparmor-parser-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - libapparmor - bison - flex - which - ]; - - prePatch = prePatchCommon + '' - substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" - substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" - substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" - ## techdoc.pdf still doesn't build ... - substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" - ''; - - buildPhase = '' - cd ./parser - make LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include - ''; - - installPhase = '' - make install LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include DESTDIR="$out" DISTRO="unknown" - ''; - - meta = apparmor-meta "rule parser"; - }; - - apparmor-pam = stdenv.mkDerivation { - name = "apparmor-pam-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - libapparmor - pam - pkgconfig - which - ]; - - buildPhase = '' - cd ./changehat/pam_apparmor - make USE_SYSTEM=1 - ''; - - installPhase = '' - make install DESTDIR="$out" - ''; - - meta = apparmor-meta "PAM service"; - }; - - apparmor-profiles = stdenv.mkDerivation { - name = "apparmor-profiles-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ which ]; - - buildPhase = '' - cd ./profiles - make - ''; - - installPhase = '' - make install DESTDIR="$out" EXTRAS_DEST="$out/share/apparmor/extra-profiles" - ''; - - meta = apparmor-meta "profiles"; - }; - - apparmor-kernel-patches = stdenv.mkDerivation { - name = "apparmor-kernel-patches-${apparmor-version}"; - src = apparmor-sources; - - phases = ''unpackPhase installPhase''; - - installPhase = '' - mkdir "$out" - cp -R ./kernel-patches "$out" - ''; - - meta = apparmor-meta "kernel patches"; - }; - -in - -{ - inherit libapparmor apparmor-utils apparmor-parser apparmor-pam - apparmor-profiles apparmor-kernel-patches; -} diff --git a/pkgs/os-specific/linux/apparmor/capability.patch b/pkgs/os-specific/linux/apparmor/capability.patch deleted file mode 100644 index c8f2b511d95..00000000000 --- a/pkgs/os-specific/linux/apparmor/capability.patch +++ /dev/null @@ -1,16 +0,0 @@ -Description: allow parser to build even when not on Linux. -Author: Kees Cook - -Index: apparmor-debian/common/Make.rules -=================================================================== ---- apparmor-debian.orig/common/Make.rules 2012-05-05 14:41:25.967259523 -0700 -+++ apparmor-debian/common/Make.rules 2012-05-05 14:41:28.451291053 -0700 -@@ -160,7 +160,7 @@ - CAPABILITIES=$(shell echo "\#include " | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort) - - .PHONY: list_capabilities --list_capabilities: /usr/include/linux/capability.h -+list_capabilities: - @echo "$(CAPABILITIES)" - - # ===================== diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index 22413b2ed31..cf02ee763f6 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -1,98 +1,183 @@ -{ stdenv, fetchurl -, autoconf, automake, libtool, makeWrapper -, perl, bison, flex, glibc, gettext, which, rpm, LocaleGettext -, bash, pam, TermReadKey, RpcXML, swig, python}: -stdenv.mkDerivation rec { - - name = "apparmor-${version}"; - version = "2.8.4"; - - src = fetchurl { - url = "http://launchpad.net/apparmor/2.8/${version}/+download/${name}.tar.gz"; - sha256 = "1mki4c44ljmr7dpn55grzn33929kdjx149jx00s80yp1war83jwq"; +{ stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, perl, which +, glibc, flex, bison, python27, swig, dbus, pam +}: + +let + apparmor-series = "2.9"; + apparmor-patchver = "1"; + apparmor-version = "${apparmor-series}.${apparmor-patchver}"; + + apparmor-meta = component: with stdenv.lib; { + homepage = http://apparmor.net/; + description = "Linux application security system - ${component}"; + license = licenses.gpl2; + maintainers = with maintainers; [ phreedom thoughtpolice joachifm ]; + platforms = platforms.linux; }; - buildInputs = [ - autoconf automake libtool perl bison flex gettext which rpm - LocaleGettext pam TermReadKey RpcXML swig makeWrapper python ]; - - prePatch = '' - substituteInPlace libraries/libapparmor/src/Makefile.in --replace "/usr/include" "${glibc}/include" - substituteInPlace libraries/libapparmor/src/Makefile.am --replace "/usr/include" "${glibc}/include" - substituteInPlace common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" - substituteInPlace common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" - substituteInPlace common/Make.rules --replace "cpp -dM" "cpp -dM -I${glibc}/include" - - substituteInPlace parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" - substituteInPlace parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" - substituteInPlace parser/Makefile --replace "/usr/include/bits/socket.h" "${glibc}/include/bits/socket.h" - substituteInPlace parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" - #substituteInPlace parser/utils/vim/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" - - # for some reason pdf documentation doesn't build - substituteInPlace parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" - - substituteInPlace parser/tst/gen-xtrans.pl --replace "/usr/bin/perl" "${perl}/bin/perl" - substituteInPlace parser/tst/Makefile --replace "/usr/bin/prove" "${perl}/bin/prove" - substituteInPlace parser/tst/Makefile --replace "./caching.sh" "${bash}/bin/bash ./caching.sh" - ''; + apparmor-sources = fetchurl { + url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz"; + sha256 = "08ha7aigl40vm80f742rljcckdpfpw1s8g4yii1ysabcqcj8ffx6"; + }; - patches = ./capability.patch; - - buildPhase ='' - PERL5LIB=$PERL5LIB:$out/lib/perl5/site_perl:$out/lib - - cd libraries/libapparmor - ./autogen.sh - ./configure --prefix=$out --with-perl # see below - make - make check - make install - mkdir -p $out/lib/perl5/site_perl/ - cp swig/perl/LibAppArmor.pm $out/lib/perl5/site_perl/ - cp swig/perl/LibAppArmor.bs $out/lib/perl5/site_perl/ - # this is automatically copied elsewhere.... - - cd ../../utils - make - make install DESTDIR=$out BINDIR=$out/bin VENDOR_PERL=/lib/perl5/site_perl - - cd ../parser - make - make install DESTDIR=$out DISTRO=unknown - -# cd ../changehat/mod_apparmor -# make # depends on libapparmor having been built first -# make install - - cd ../changehat/pam_apparmor - make # depends on libapparmor having been built first - make install DESTDIR=$out - - cd ../../profiles - LD_LIBRARY_PATH=$out/lib make - #LD_LIBRARY_PATH=$out/lib make check # depends on the parser having been built first - make install DESTDIR=$out - - cd .. - cp -r kernel-patches $out + prePatchCommon = '' + substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" + substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" + substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" + substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man" ''; - installPhase = let - perlVersion = (builtins.parseDrvName perl.name).version; - in '' - for i in $out/bin/*; do - wrapProgram $i --prefix PERL5LIB : \ - "$PERL5LIB:$out/lib/perl5/${perlVersion}/${stdenv.system}-thread-multi/" - done - ''; + libapparmor = stdenv.mkDerivation { + name = "libapparmor-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ + autoconf + automake + bison + flex + dbus # requires patch to dbus ... + glibc + libtool + perl + pkgconfig + python27 + swig + which + ]; + + prePatch = prePatchCommon + '' + substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" + substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" + ''; + + buildPhase = '' + cd ./libraries/libapparmor + ./autogen.sh + ./configure --prefix="$out" --with-python --with-perl + make + ''; + + installPhase = '' + make install + ''; + + meta = apparmor-meta "library"; + }; - meta = with stdenv.lib; { - homepage = http://apparmor.net/; - description = "Linux application security system"; - license = licenses.gpl2; - maintainers = [ maintainers.phreedom maintainers.thoughtpolice ]; - platforms = platforms.linux; + apparmor-utils = stdenv.mkDerivation { + name = "apparmor-utils-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ + python27 + libapparmor + which + ]; + + prePatch = prePatchCommon; + + buildPhase = '' + cd ./utils + make LANGS="" + ''; + + installPhase = '' + make install LANGS="" DESTDIR="$out" BINDIR="$out/bin" VIM_INSTALL_PATH="$out/share" PYPREFIX="" + ''; + + meta = apparmor-meta "user-land utilities"; + }; + + apparmor-parser = stdenv.mkDerivation { + name = "apparmor-parser-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ + libapparmor + bison + flex + which + ]; + + prePatch = prePatchCommon + '' + substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" + substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" + substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" + ## techdoc.pdf still doesn't build ... + substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" + ''; + + buildPhase = '' + cd ./parser + make LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include + ''; + + installPhase = '' + make install LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include DESTDIR="$out" DISTRO="unknown" + ''; + + meta = apparmor-meta "rule parser"; }; -} + apparmor-pam = stdenv.mkDerivation { + name = "apparmor-pam-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ + libapparmor + pam + pkgconfig + which + ]; + + buildPhase = '' + cd ./changehat/pam_apparmor + make USE_SYSTEM=1 + ''; + + installPhase = '' + make install DESTDIR="$out" + ''; + + meta = apparmor-meta "PAM service"; + }; + + apparmor-profiles = stdenv.mkDerivation { + name = "apparmor-profiles-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ which ]; + + buildPhase = '' + cd ./profiles + make + ''; + + installPhase = '' + make install DESTDIR="$out" EXTRAS_DEST="$out/share/apparmor/extra-profiles" + ''; + + meta = apparmor-meta "profiles"; + }; + + apparmor-kernel-patches = stdenv.mkDerivation { + name = "apparmor-kernel-patches-${apparmor-version}"; + src = apparmor-sources; + + phases = ''unpackPhase installPhase''; + + installPhase = '' + mkdir "$out" + cp -R ./kernel-patches "$out" + ''; + + meta = apparmor-meta "kernel patches"; + }; + +in + +{ + inherit libapparmor apparmor-utils apparmor-parser apparmor-pam + apparmor-profiles apparmor-kernel-patches; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3e5d073941d..509b247f7a1 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9430,18 +9430,12 @@ let microcodeIntel = callPackage ../os-specific/linux/microcode/intel.nix { }; - apparmor = callPackage ../os-specific/linux/apparmor { - inherit (perlPackages) LocaleGettext TermReadKey RpcXML; - bison = bison2; - perl = perl516; # ${perl}/.../CORE/handy.h:124:34: error: 'bool' undeclared - }; - - apparmor_2_9 = callPackage ../os-specific/linux/apparmor/2.9 { }; - libapparmor = apparmor_2_9.libapparmor; - apparmor-pam = apparmor_2_9.apparmor-pam; - apparmor-parser = apparmor_2_9.apparmor-parser; - apparmor-profiles = apparmor_2_9.apparmor-profiles; - apparmor-utils = apparmor_2_9.apparmor-utils; + apparmor = callPackage ../os-specific/linux/apparmor { swig = swig2; }; + libapparmor = apparmor.libapparmor; + apparmor-pam = apparmor.apparmor-pam; + apparmor-parser = apparmor.apparmor-parser; + apparmor-profiles = apparmor.apparmor-profiles; + apparmor-utils = apparmor.apparmor-utils; atop = callPackage ../os-specific/linux/atop { }; -- cgit 1.4.1 From 9c0f3d88299ea334c3e15c88034a20df27f3b828 Mon Sep 17 00:00:00 2001 From: Austin Seipp Date: Sun, 12 Apr 2015 14:45:30 -0500 Subject: nixpkgs: apparmor - remove dbus dependency This was untested and didn't function without a dbus patch which wasn't applied to the system dbus package, so it wasn't used at all. Also, it creates a weird cyclic dependency if we want systemd to depend on libapparmor (for AppArmorProfiles= support), because libapparmor then wants dbus, and dbus wants systemd. Oof. Luckily, this feature and whatnot will probably all be irrelevant in the glorious kdbus-based future, and the dbus patches aren't even upstream I think. So we can just drop it. Signed-off-by: Austin Seipp --- pkgs/os-specific/linux/apparmor/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'pkgs/os-specific/linux/apparmor') diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index cf02ee763f6..f69eafae7ea 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, perl, which -, glibc, flex, bison, python27, swig, dbus, pam +, glibc, flex, bison, python27, swig, pam }: let @@ -36,7 +36,6 @@ let automake bison flex - dbus # requires patch to dbus ... glibc libtool perl -- cgit 1.4.1 From 1dd8dd4ca8c86f9b3b8b14783dd3390e6b239ef5 Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Wed, 15 Jul 2015 07:29:50 +0200 Subject: apparmor: 2.9.1 -> 2.10 An incremental release, including several fixes to the parser, library, and userspace management tools. See [1] for a comprehensive changelog. [1]: http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 --- pkgs/os-specific/linux/apparmor/default.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'pkgs/os-specific/linux/apparmor') diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index f69eafae7ea..d770314ee68 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -3,9 +3,8 @@ }: let - apparmor-series = "2.9"; - apparmor-patchver = "1"; - apparmor-version = "${apparmor-series}.${apparmor-patchver}"; + apparmor-series = "2.10"; + apparmor-version = apparmor-series; apparmor-meta = component: with stdenv.lib; { homepage = http://apparmor.net/; @@ -17,7 +16,7 @@ let apparmor-sources = fetchurl { url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz"; - sha256 = "08ha7aigl40vm80f742rljcckdpfpw1s8g4yii1ysabcqcj8ffx6"; + sha256 = "1x06qmmbha9krx7880pxj2k3l8fxy3nm945xjjv735m2ax1243jd"; }; prePatchCommon = '' -- cgit 1.4.1 From ed5f6be317176d9a9eeeb2081744050027d77410 Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Wed, 15 Jul 2015 09:31:40 +0200 Subject: apparmor: use standard phase hooks --- pkgs/os-specific/linux/apparmor/default.nix | 63 +++++++++-------------------- 1 file changed, 18 insertions(+), 45 deletions(-) (limited to 'pkgs/os-specific/linux/apparmor') diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index d770314ee68..33625cc3681 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, perl, which +{ stdenv, fetchurl, autoconf, autoreconfHook, automake, libtool, pkgconfig, perl, which , glibc, flex, bison, python27, swig, pam }: @@ -33,6 +33,7 @@ let buildInputs = [ autoconf automake + autoreconfHook bison flex glibc @@ -44,21 +45,16 @@ let which ]; + # required to build apparmor-parser + dontDisableStatic = true; + prePatch = prePatchCommon + '' substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" ''; - buildPhase = '' - cd ./libraries/libapparmor - ./autogen.sh - ./configure --prefix="$out" --with-python --with-perl - make - ''; - - installPhase = '' - make install - ''; + postPatch = "cd ./libraries/libapparmor"; + configureFlags = "--with-python --with-perl"; meta = apparmor-meta "library"; }; @@ -74,15 +70,9 @@ let ]; prePatch = prePatchCommon; - - buildPhase = '' - cd ./utils - make LANGS="" - ''; - - installPhase = '' - make install LANGS="" DESTDIR="$out" BINDIR="$out/bin" VIM_INSTALL_PATH="$out/share" PYPREFIX="" - ''; + postPatch = "cd ./utils"; + makeFlags = ''LANGS=''; + installFlags = ''DESTDIR=$(out) BINDIR=$(out)/bin VIM_INSTALL_PATH=$(out)/share PYPREFIX=''; meta = apparmor-meta "user-land utilities"; }; @@ -105,15 +95,9 @@ let ## techdoc.pdf still doesn't build ... substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" ''; - - buildPhase = '' - cd ./parser - make LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include - ''; - - installPhase = '' - make install LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include DESTDIR="$out" DISTRO="unknown" - ''; + postPatch = "cd ./parser"; + makeFlags = ''LANGS= USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include''; + installFlags = ''DESTDIR=$(out) DISTRO=unknown''; meta = apparmor-meta "rule parser"; }; @@ -129,14 +113,9 @@ let which ]; - buildPhase = '' - cd ./changehat/pam_apparmor - make USE_SYSTEM=1 - ''; - - installPhase = '' - make install DESTDIR="$out" - ''; + postPatch = "cd ./changehat/pam_apparmor"; + makeFlags = ''USE_SYSTEM=1''; + installFlags = ''DESTDIR=$(out)''; meta = apparmor-meta "PAM service"; }; @@ -147,14 +126,8 @@ let buildInputs = [ which ]; - buildPhase = '' - cd ./profiles - make - ''; - - installPhase = '' - make install DESTDIR="$out" EXTRAS_DEST="$out/share/apparmor/extra-profiles" - ''; + postPatch = "cd ./profiles"; + installFlags = ''DESTDIR=$(out) EXTRAS_DEST=$(out)/share/apparmor/extra-profiles''; meta = apparmor-meta "profiles"; }; -- cgit 1.4.1 From fdb4633e4bcaf99fafe42a86455e7f9bff771cbd Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Wed, 15 Jul 2015 09:45:22 +0200 Subject: apparmor-utils: wrap python and perl scripts This allows all utilties to at least run, though most still fail because they expect to be able to read a non-existent config file. Also, aa-notify refuses to run due to a self-check on the filename, which cannot be preceded by a '.'. This has to be patched or we need to set PERL5LIB some other way. --- pkgs/os-specific/linux/apparmor/default.nix | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) (limited to 'pkgs/os-specific/linux/apparmor') diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index 33625cc3681..64c6f66575b 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -1,5 +1,5 @@ -{ stdenv, fetchurl, autoconf, autoreconfHook, automake, libtool, pkgconfig, perl, which -, glibc, flex, bison, python27, swig, pam +{ stdenv, fetchurl, makeWrapper, autoconf, autoreconfHook, automake, libtool, pkgconfig, perl, which +, glibc, flex, bison, python27Packages, swig, pam }: let @@ -40,7 +40,7 @@ let libtool perl pkgconfig - python27 + python27Packages.python swig which ]; @@ -64,8 +64,11 @@ let src = apparmor-sources; buildInputs = [ - python27 + perl + python27Packages.python + python27Packages.readline libapparmor + makeWrapper which ]; @@ -74,6 +77,16 @@ let makeFlags = ''LANGS=''; installFlags = ''DESTDIR=$(out) BINDIR=$(out)/bin VIM_INSTALL_PATH=$(out)/share PYPREFIX=''; + postInstall = '' + for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-status aa-unconfined ; do + wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python27Packages.python.libPrefix}/site-packages:$PYTHONPATH" + done + + for prog in aa-exec aa-notify ; do + wrapProgram $out/bin/$prog --prefix PERL5LIB : "${libapparmor}/lib/perl5:$PERL5LIB" + done + ''; + meta = apparmor-meta "user-land utilities"; }; -- cgit 1.4.1