From 7785ff628fd54258acbbcfe3666903649f1472cb Mon Sep 17 00:00:00 2001 From: Olivier Mauras Date: Mon, 13 Mar 2017 21:53:43 +0100 Subject: [PATCH] New package: apparmor-2.12.0 --- common/shlibs | 1 + srcpkgs/apparmor-vim | 1 + srcpkgs/apparmor/INSTALL.msg | 2 + srcpkgs/apparmor/files/apparmor/finish | 7 ++ srcpkgs/apparmor/files/apparmor/run | 8 ++ .../patches/correct_paths_logprofconf.patch | 29 +++++ srcpkgs/apparmor/template | 111 ++++++++++++++++++ srcpkgs/libapparmor | 1 + srcpkgs/libapparmor-devel | 1 + 9 files changed, 161 insertions(+) create mode 120000 srcpkgs/apparmor-vim create mode 100644 srcpkgs/apparmor/INSTALL.msg create mode 100755 srcpkgs/apparmor/files/apparmor/finish create mode 100755 srcpkgs/apparmor/files/apparmor/run create mode 100644 srcpkgs/apparmor/patches/correct_paths_logprofconf.patch create mode 100644 srcpkgs/apparmor/template create mode 120000 srcpkgs/libapparmor create mode 120000 srcpkgs/libapparmor-devel diff --git a/common/shlibs b/common/shlibs index 08c0b8be98..4a1bfdff46 100644 --- a/common/shlibs +++ b/common/shlibs @@ -3342,3 +3342,4 @@ libeditorconfig.so.0 editorconfig-0.12.2_1 libkid3-core.so.3.6.0 kid3-3.6.0_1 libkid3-gui.so.3.6.0 kid3-3.6.0_1 libcfitsio.so.3 cfitsio-3.450_1 +libapparmor.so.1 libapparmor-2.12.0_1 diff --git a/srcpkgs/apparmor-vim b/srcpkgs/apparmor-vim new file mode 120000 index 0000000000..ea0b7d2282 --- /dev/null +++ b/srcpkgs/apparmor-vim @@ -0,0 +1 @@ +apparmor \ No newline at end of file diff --git a/srcpkgs/apparmor/INSTALL.msg b/srcpkgs/apparmor/INSTALL.msg new file mode 100644 index 0000000000..45af844deb --- /dev/null +++ b/srcpkgs/apparmor/INSTALL.msg @@ -0,0 +1,2 @@ +To ensure AppArmor is enabled upon reboot add 'apparmor=1 security=apparmor' to your grub CMDLINE and rebuild your grub config with 'grub-mkconfig -o /boot/grub/grub.cfg'. +You'll also need to swith 'APPARMOR' setting in /etc/rc.apparmor to your taste. diff --git a/srcpkgs/apparmor/files/apparmor/finish b/srcpkgs/apparmor/files/apparmor/finish new file mode 100755 index 0000000000..34eee2b63b --- /dev/null +++ b/srcpkgs/apparmor/files/apparmor/finish @@ -0,0 +1,7 @@ +#!/bin/sh +[ -r /etc/rc.apparmor ] && . /etc/rc.apparmor || exit 1 + +# Find all profiles in $APPARMORD and unload them +for profile in $(find ${APPARMORD} -maxdepth 1 -type f); do + apparmor_parser -R $profile +done diff --git a/srcpkgs/apparmor/files/apparmor/run b/srcpkgs/apparmor/files/apparmor/run new file mode 100755 index 0000000000..c76e57c6df --- /dev/null +++ b/srcpkgs/apparmor/files/apparmor/run @@ -0,0 +1,8 @@ +#!/bin/sh +[ -r /etc/rc.apparmor ] && . /etc/rc.apparmor || exit 1 + +# Find all profiles in $APPARMORD and load them +for profile in $(find ${APPARMORD} -maxdepth 1 -type f); do + apparmor_parser -a $profile +done +exec chpst -b apparmor pause diff --git a/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch b/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch new file mode 100644 index 0000000000..0f25758486 --- /dev/null +++ b/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch @@ -0,0 +1,29 @@ +diff --git a/utils/logprof.conf b/utils/logprof.conf +index a3d7a31..296dd8b 100644 +--- a/utils/logprof.conf ++++ b/utils/logprof.conf +@@ -14,7 +14,7 @@ + inactive_profiledir = /usr/share/apparmor/extra-profiles + logfiles = /var/log/audit/audit.log /var/log/syslog /var/log/messages + +- parser = /sbin/apparmor_parser /sbin/subdomain_parser ++ parser = /usr/bin/apparmor_parser /usr/bin/subdomain_parser + ldd = /usr/bin/ldd + logger = /bin/logger /usr/bin/logger + +@@ -36,10 +36,10 @@ + custom_includes = + + +-[repository] +- distro = ubuntu-intrepid +- url = http://apparmor.test.opensuse.org/backend/api +- preferred_user = ubuntu ++#[repository] ++# distro = ubuntu-intrepid ++# url = http://apparmor.test.opensuse.org/backend/api ++# preferred_user = ubuntu + + [qualifiers] + # things will be painfully broken if bash has a profile + diff --git a/srcpkgs/apparmor/template b/srcpkgs/apparmor/template new file mode 100644 index 0000000000..e51f7b7986 --- /dev/null +++ b/srcpkgs/apparmor/template @@ -0,0 +1,111 @@ +# Template file for 'apparmor' +pkgname=apparmor +version=2.12.0 +revision=1 +_short_ver=${version%\.*} +_profilesversion=0.6 +wrksrc="${pkgname}-${_short_ver}" +configure_args="--prefix=/usr --with-perl --with-python" +patch_args="-Np1" +hostmakedepends="bison flex autoconf automake libtool" +makedepends="perl python3-devel swig" +depends="runit-void-apparmor python3 libapparmor" +only_for_archs="x86_64 i686" +short_desc="Mandatory access control to restrict programs" +maintainer="Olivier Mauras " +license="GPL-3" +homepage="https://launchpad.net/apparmor/" +distfiles=" + https://launchpad.net/apparmor/${_short_ver}/${version}/+download/${pkgname}-${_short_ver}.tar.gz + https://github.com/coredumb/void-apparmor-profiles/archive/v${_profilesversion}.tar.gz" +checksum=" + 8a2b0cd083faa4d0640f579024be3a629faa7db3b99540798a1a050e2eaba056 + 00d1e005561e72376604fb1fe69a42062773759646b4fb5e998eaeaf172807e7" + +pre_build() { + # Replace release profiles by our owns + cd ${wrksrc} + rm -rf profiles/ + cp -r ../void-apparmor-profiles-${_profilesversion}/profiles/ ./ +} + +do_build() { + cd ${wrksrc}/libraries/libapparmor + NOCONFIGURE=1 ./autogen.sh + ./configure ${configure_args} + make ${makejobs} + + export CFLAGS+="-fPIC" + export LDFLAGS+="-fPIE -pie" + + cd ${wrksrc}/binutils + make ${makejobs} + + cd ${wrksrc}/utils + make ${makejobs} + + cd ${wrksrc}/parser + sed -i 's#$(DESTDIR)/sbin#$(DESTDIR)/usr/bin#g' Makefile + sed -i 's#${DESTDIR}/lib#${DESTDIR}/usr/lib#g' Makefile + make ${makejobs} + + cd ${wrksrc}/profiles + make ${makejobs} +} + +do_install() { + cd ${wrksrc}/libraries/libapparmor + make DESTDIR=${DESTDIR} install + + cd ${wrksrc}/binutils + make DESTDIR=${DESTDIR} install + + cd ${wrksrc}/utils + make DESTDIR=${DESTDIR} BINDIR=${DESTDIR}/usr/bin install + + cd ${wrksrc}/parser + make DESTDIR=${DESTDIR} install + + cd ${wrksrc}/profiles + make DESTDIR=${DESTDIR} install +} + +post_install() { + # Put Vim syntax in the correct place + mkdir -p ${DESTDIR}/usr/share/vim/vim80/syntax/ + mv ${DESTDIR}/usr/share/apparmor/apparmor.vim ${DESTDIR}/usr/share/vim/vim80/syntax/ + + # We want to keep this empty directory + touch ${DESTDIR}/etc/apparmor.d/disable/.empty +} + +apparmor-vim_package() { + short_desc+=" - Vim syntax" + depends="vim" + pkg_install() { + vmove usr/share/vim/vim80/syntax/apparmor.vim + vmove usr/share/man/man5/apparmor.vim.5 + } +} + +libapparmor_package() { + short_desc+=" - Library" + pkg_install() { + vmove "usr/lib/libapparmor.so*" + vmove usr/lib/perl5 + vmove "usr/lib/python3.6/site-packages/LibAppArmor*" + vmove usr/share/man/man2 + vmove usr/share/man/man3 + } +} + +libapparmor-devel_package() { + short_desc+=" - Library development files" + depends="${sourcepkg}-${version}_${revision}" + pkg_install() { + vmove usr/include/ + vmove "usr/lib/*.a" + vmove usr/lib/pkgconfig + } +} + diff --git a/srcpkgs/libapparmor b/srcpkgs/libapparmor new file mode 120000 index 0000000000..3586dedef9 --- /dev/null +++ b/srcpkgs/libapparmor @@ -0,0 +1 @@ +apparmor/ \ No newline at end of file diff --git a/srcpkgs/libapparmor-devel b/srcpkgs/libapparmor-devel new file mode 120000 index 0000000000..3586dedef9 --- /dev/null +++ b/srcpkgs/libapparmor-devel @@ -0,0 +1 @@ +apparmor/ \ No newline at end of file