From 192a1ada247923c1169257fd31c6480585bfa7ea Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sun, 17 Apr 2016 21:43:48 +0200 Subject: [PATCH] apparmor: cleanups - Move build tools to nativeBuildInputs - capability.h should come from linuxHeaders not glibc - Delete v2.9 --- .../linux/apparmor/2.9/default.nix | 183 ------------------ pkgs/os-specific/linux/apparmor/default.nix | 67 ++++--- pkgs/top-level/all-packages.nix | 2 +- 3 files changed, 34 insertions(+), 218 deletions(-) delete mode 100644 pkgs/os-specific/linux/apparmor/2.9/default.nix diff --git a/pkgs/os-specific/linux/apparmor/2.9/default.nix b/pkgs/os-specific/linux/apparmor/2.9/default.nix deleted file mode 100644 index 5e8ccc75691..00000000000 --- a/pkgs/os-specific/linux/apparmor/2.9/default.nix +++ /dev/null @@ -1,183 +0,0 @@ -{ stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, perl, which -, glibc, flex, bison, python27, swig, dbus, pam -}: - -let - apparmor-series = "2.9"; - apparmor-patchver = "2"; - apparmor-version = "${apparmor-series}.${apparmor-patchver}"; - - apparmor-meta = component: with stdenv.lib; { - homepage = http://apparmor.net/; - description = "Linux application security system - ${component}"; - license = licenses.gpl2; - maintainers = with maintainers; [ phreedom thoughtpolice joachifm ]; - platforms = platforms.linux; - }; - - apparmor-sources = fetchurl { - url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz"; - sha256 = "1mayly7d7w959fya7z8q6kab2x3jcwhqhkpx36jsvpjhxkhmc4fh"; - }; - - prePatchCommon = '' - substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" - substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" - substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc.dev}/include/linux/capability.h" - substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man" - ''; - - libapparmor = stdenv.mkDerivation { - name = "libapparmor-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - autoconf - automake - bison - flex - dbus # requires patch to dbus ... - glibc - libtool - perl - pkgconfig - python27 - swig - which - ]; - - prePatch = prePatchCommon + '' - substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc.dev}/include/netinet/in.h" - substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc.dev}/include/netinet/in.h" - ''; - - buildPhase = '' - cd ./libraries/libapparmor - ./autogen.sh - ./configure --prefix="$out" --with-python --with-perl - make - ''; - - installPhase = '' - make install - ''; - - meta = apparmor-meta "library"; - }; - - apparmor-utils = stdenv.mkDerivation { - name = "apparmor-utils-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - python27 - libapparmor - which - ]; - - prePatch = prePatchCommon; - - buildPhase = '' - cd ./utils - make LANGS="" - ''; - - installPhase = '' - make install LANGS="" DESTDIR="$out" BINDIR="$out/bin" VIM_INSTALL_PATH="$out/share" PYPREFIX="" - ''; - - meta = apparmor-meta "user-land utilities"; - }; - - apparmor-parser = stdenv.mkDerivation { - name = "apparmor-parser-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - libapparmor - bison - flex - which - ]; - - prePatch = prePatchCommon + '' - substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" - substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" - substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc.dev}/include/linux/capability.h" - ## techdoc.pdf still doesn't build ... - substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" - ''; - - buildPhase = '' - cd ./parser - make LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include - ''; - - installPhase = '' - make install LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include DESTDIR="$out" DISTRO="unknown" - ''; - - meta = apparmor-meta "rule parser"; - }; - - apparmor-pam = stdenv.mkDerivation { - name = "apparmor-pam-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - libapparmor - pam - pkgconfig - which - ]; - - buildPhase = '' - cd ./changehat/pam_apparmor - make USE_SYSTEM=1 - ''; - - installPhase = '' - make install DESTDIR="$out" - ''; - - meta = apparmor-meta "PAM service"; - }; - - apparmor-profiles = stdenv.mkDerivation { - name = "apparmor-profiles-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ which ]; - - buildPhase = '' - cd ./profiles - make - ''; - - installPhase = '' - make install DESTDIR="$out" EXTRAS_DEST="$out/share/apparmor/extra-profiles" - ''; - - meta = apparmor-meta "profiles"; - }; - - apparmor-kernel-patches = stdenv.mkDerivation { - name = "apparmor-kernel-patches-${apparmor-version}"; - src = apparmor-sources; - - phases = ''unpackPhase installPhase''; - - installPhase = '' - mkdir "$out" - cp -R ./kernel-patches "$out" - ''; - - meta = apparmor-meta "kernel patches"; - }; - -in - -{ - inherit libapparmor apparmor-utils apparmor-parser apparmor-pam - apparmor-profiles apparmor-kernel-patches; -} diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index 49fdbab24ca..f9060107340 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -1,5 +1,11 @@ -{ stdenv, fetchurl, makeWrapper, autoconf, autoreconfHook, automake, libtool, pkgconfig, perl, which -, glibc, flex, bison, python27Packages, swig, pam +{ stdenv, fetchurl, makeWrapper, autoreconfHook +, pkgconfig, which +, flex, bison +, linuxHeaders ? stdenv.cc.libc.linuxHeaders +, pythonPackages +, perl +, swig +, pam }: let @@ -8,7 +14,7 @@ let apparmor-meta = component: with stdenv.lib; { homepage = http://apparmor.net/; - description = "Linux application security system - ${component}"; + description = "A mandatory access control system - ${component}"; license = licenses.gpl2; maintainers = with maintainers; [ phreedom thoughtpolice joachifm ]; platforms = platforms.linux; @@ -22,7 +28,7 @@ let prePatchCommon = '' substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" - substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc.dev}/include/linux/capability.h" + substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${linuxHeaders}/include/linux/capability.h" substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man" ''; @@ -30,28 +36,27 @@ let name = "libapparmor-${apparmor-version}"; src = apparmor-sources; - buildInputs = [ - autoconf - automake + nativeBuildInputs = [ autoreconfHook bison flex - glibc - libtool - perl pkgconfig - python27Packages.python swig which ]; + buildInputs = [ + perl + pythonPackages.python + ]; + # required to build apparmor-parser dontDisableStatic = true; prePatch = prePatchCommon + '' - substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc.dev}/include/netinet/in.h" - substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc.dev}/include/netinet/in.h" - ''; + substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${stdenv.cc.libc.dev}/include/netinet/in.h" + substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${stdenv.cc.libc.dev}/include/netinet/in.h" + ''; postPatch = "cd ./libraries/libapparmor"; configureFlags = "--with-python --with-perl"; @@ -63,13 +68,13 @@ let name = "apparmor-utils-${apparmor-version}"; src = apparmor-sources; + nativeBuildInputs = [ makeWrapper which ]; + buildInputs = [ perl - python27Packages.python - python27Packages.readline + pythonPackages.python + pythonPackages.readline libapparmor - makeWrapper - which ]; prePatch = prePatchCommon; @@ -79,7 +84,7 @@ let postInstall = '' for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-status aa-unconfined ; do - wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python27Packages.python.libPrefix}/site-packages:$PYTHONPATH" + wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${pythonPackages.python.libPrefix}/site-packages:$PYTHONPATH" done for prog in aa-exec aa-notify ; do @@ -94,17 +99,14 @@ let name = "apparmor-parser-${apparmor-version}"; src = apparmor-sources; - buildInputs = [ - libapparmor - bison - flex - which - ]; + nativeBuildInputs = [ bison flex which ]; + + buildInputs = [ libapparmor ]; prePatch = prePatchCommon + '' substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" - substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc.dev}/include/linux/capability.h" + substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${linuxHeaders}/include/linux/capability.h" ## techdoc.pdf still doesn't build ... substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" ''; @@ -119,12 +121,9 @@ let name = "apparmor-pam-${apparmor-version}"; src = apparmor-sources; - buildInputs = [ - libapparmor - pam - pkgconfig - which - ]; + nativeBuildInputs = [ pkgconfig which ]; + + buildInputs = [ libapparmor pam ]; postPatch = "cd ./changehat/pam_apparmor"; makeFlags = ''USE_SYSTEM=1''; @@ -137,7 +136,7 @@ let name = "apparmor-profiles-${apparmor-version}"; src = apparmor-sources; - buildInputs = [ which ]; + nativeBuildInputs = [ which ]; postPatch = "cd ./profiles"; installFlags = ''DESTDIR=$(out) EXTRAS_DEST=$(out)/share/apparmor/extra-profiles''; @@ -153,7 +152,7 @@ let installPhase = '' mkdir "$out" - cp -R ./kernel-patches "$out" + cp -R ./kernel-patches/* "$out" ''; meta = apparmor-meta "kernel patches"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index fec7abe7dd4..027efa8dcda 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10110,7 +10110,7 @@ in microcodeIntel = callPackage ../os-specific/linux/microcode/intel.nix { }; - inherit (callPackages ../os-specific/linux/apparmor { swig = swig2; }) + inherit (callPackages ../os-specific/linux/apparmor { pythonPackages = python27Packages; swig = swig2; }) libapparmor apparmor-pam apparmor-parser apparmor-profiles apparmor-utils; atop = callPackage ../os-specific/linux/atop { };