public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

apparmor: cleanups

Browse Source 
- Move build tools to nativeBuildInputs
- capability.h should come from linuxHeaders not glibc
- Delete v2.9
This commit is contained in:
Joachim Fasting 2016-04-17 21:43:48 +02:00
parent beeb113eaf
commit 192a1ada24
No known key found for this signature in database
GPG Key ID: 4330820E1E04DCF4
3 changed files with 34 additions and 218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

183
pkgs/os-specific/linux/apparmor/2.9/default.nix
View File

@ -1,183 +0,0 @@
{ stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, perl, which
, glibc, flex, bison, python27, swig, dbus, pam
}:
let
apparmor-series = "2.9";
apparmor-patchver = "2";
apparmor-version = "${apparmor-series}.${apparmor-patchver}";
apparmor-meta = component: with stdenv.lib; {
homepage = http://apparmor.net/;
description = "Linux application security system - ${component}";
license = licenses.gpl2;
maintainers = with maintainers; [ phreedom thoughtpolice joachifm ];
platforms = platforms.linux;
};
apparmor-sources = fetchurl {
url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz";
sha256 = "1mayly7d7w959fya7z8q6kab2x3jcwhqhkpx36jsvpjhxkhmc4fh";
};
prePatchCommon = ''
substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man"
substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html"
substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc.dev}/include/linux/capability.h"
substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man"
'';
libapparmor = stdenv.mkDerivation {
name = "libapparmor-${apparmor-version}";
src = apparmor-sources;
buildInputs = [
autoconf
automake
bison
flex
dbus # requires patch to dbus ...
glibc
libtool
perl
pkgconfig
python27
swig
which
];
prePatch = prePatchCommon + ''
substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc.dev}/include/netinet/in.h"
substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc.dev}/include/netinet/in.h"
'';
buildPhase = ''
cd ./libraries/libapparmor
./autogen.sh
./configure --prefix="$out" --with-python --with-perl
make
'';
installPhase = ''
make install
'';
meta = apparmor-meta "library";
};
apparmor-utils = stdenv.mkDerivation {
name = "apparmor-utils-${apparmor-version}";
src = apparmor-sources;
buildInputs = [
python27
libapparmor
which
];
prePatch = prePatchCommon;
buildPhase = ''
cd ./utils
make LANGS=""
'';
installPhase = ''
make install LANGS="" DESTDIR="$out" BINDIR="$out/bin" VIM_INSTALL_PATH="$out/share" PYPREFIX=""
'';
meta = apparmor-meta "user-land utilities";
};
apparmor-parser = stdenv.mkDerivation {
name = "apparmor-parser-${apparmor-version}";
src = apparmor-sources;
buildInputs = [
libapparmor
bison
flex
which
];
prePatch = prePatchCommon + ''
substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison"
substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex"
substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc.dev}/include/linux/capability.h"
## techdoc.pdf still doesn't build ...
substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
'';
buildPhase = ''
cd ./parser
make LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include
'';
installPhase = ''
make install LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include DESTDIR="$out" DISTRO="unknown"
'';
meta = apparmor-meta "rule parser";
};
apparmor-pam = stdenv.mkDerivation {
name = "apparmor-pam-${apparmor-version}";
src = apparmor-sources;
buildInputs = [
libapparmor
pam
pkgconfig
which
];
buildPhase = ''
cd ./changehat/pam_apparmor
make USE_SYSTEM=1
'';
installPhase = ''
make install DESTDIR="$out"
'';
meta = apparmor-meta "PAM service";
};
apparmor-profiles = stdenv.mkDerivation {
name = "apparmor-profiles-${apparmor-version}";
src = apparmor-sources;
buildInputs = [ which ];
buildPhase = ''
cd ./profiles
make
'';
installPhase = ''
make install DESTDIR="$out" EXTRAS_DEST="$out/share/apparmor/extra-profiles"
'';
meta = apparmor-meta "profiles";
};
apparmor-kernel-patches = stdenv.mkDerivation {
name = "apparmor-kernel-patches-${apparmor-version}";
src = apparmor-sources;
phases = ''unpackPhase installPhase'';
installPhase = ''
mkdir "$out"
cp -R ./kernel-patches "$out"
'';
meta = apparmor-meta "kernel patches";
};
in
{
inherit libapparmor apparmor-utils apparmor-parser apparmor-pam
apparmor-profiles apparmor-kernel-patches;
}

65
pkgs/os-specific/linux/apparmor/default.nix
View File

@ -1,5 +1,11 @@
{ stdenv, fetchurl, makeWrapper, autoconf, autoreconfHook, automake, libtool, pkgconfig, perl, which { stdenv, fetchurl, makeWrapper, autoreconfHook
, glibc, flex, bison, python27Packages, swig, pam , pkgconfig, which
, flex, bison
, linuxHeaders ? stdenv.cc.libc.linuxHeaders
, pythonPackages
, perl
, swig
, pam
}: }:
let let
@ -8,7 +14,7 @@ let
apparmor-meta = component: with stdenv.lib; { apparmor-meta = component: with stdenv.lib; {
homepage = http://apparmor.net/; homepage = http://apparmor.net/;
description = "Linux application security system - ${component}"; description = "A mandatory access control system - ${component}";
license = licenses.gpl2; license = licenses.gpl2;
maintainers = with maintainers; [ phreedom thoughtpolice joachifm ]; maintainers = with maintainers; [ phreedom thoughtpolice joachifm ];
platforms = platforms.linux; platforms = platforms.linux;
@ -22,7 +28,7 @@ let
prePatchCommon = '' prePatchCommon = ''
substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man"
substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html"
substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc.dev}/include/linux/capability.h" substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${linuxHeaders}/include/linux/capability.h"
substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man" substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man"
''; '';
@ -30,27 +36,26 @@ let
name = "libapparmor-${apparmor-version}"; name = "libapparmor-${apparmor-version}";
src = apparmor-sources; src = apparmor-sources;
buildInputs = [ nativeBuildInputs = [
autoconf
automake
autoreconfHook autoreconfHook
bison bison
flex flex
glibc
libtool
perl
pkgconfig pkgconfig
python27Packages.python
swig swig
which which
]; ];
buildInputs = [
perl
pythonPackages.python
];
# required to build apparmor-parser # required to build apparmor-parser
dontDisableStatic = true; dontDisableStatic = true;
prePatch = prePatchCommon + '' prePatch = prePatchCommon + ''
substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc.dev}/include/netinet/in.h" substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${stdenv.cc.libc.dev}/include/netinet/in.h"
substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc.dev}/include/netinet/in.h" substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${stdenv.cc.libc.dev}/include/netinet/in.h"
''; '';
postPatch = "cd ./libraries/libapparmor"; postPatch = "cd ./libraries/libapparmor";
@ -63,13 +68,13 @@ let
name = "apparmor-utils-${apparmor-version}"; name = "apparmor-utils-${apparmor-version}";
src = apparmor-sources; src = apparmor-sources;
nativeBuildInputs = [ makeWrapper which ];
buildInputs = [ buildInputs = [
perl perl
python27Packages.python pythonPackages.python
python27Packages.readline pythonPackages.readline
libapparmor libapparmor
makeWrapper
which
]; ];
prePatch = prePatchCommon; prePatch = prePatchCommon;
@ -79,7 +84,7 @@ let
postInstall = '' postInstall = ''
for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-status aa-unconfined ; do for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-status aa-unconfined ; do
wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python27Packages.python.libPrefix}/site-packages:$PYTHONPATH" wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${pythonPackages.python.libPrefix}/site-packages:$PYTHONPATH"
done done
for prog in aa-exec aa-notify ; do for prog in aa-exec aa-notify ; do
@ -94,17 +99,14 @@ let
name = "apparmor-parser-${apparmor-version}"; name = "apparmor-parser-${apparmor-version}";
src = apparmor-sources; src = apparmor-sources;
buildInputs = [ nativeBuildInputs = [ bison flex which ];
libapparmor
bison buildInputs = [ libapparmor ];
flex
which
];
prePatch = prePatchCommon + '' prePatch = prePatchCommon + ''
substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison"
substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex"
substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc.dev}/include/linux/capability.h" substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${linuxHeaders}/include/linux/capability.h"
## techdoc.pdf still doesn't build ... ## techdoc.pdf still doesn't build ...
substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
''; '';
@ -119,12 +121,9 @@ let
name = "apparmor-pam-${apparmor-version}"; name = "apparmor-pam-${apparmor-version}";
src = apparmor-sources; src = apparmor-sources;
buildInputs = [ nativeBuildInputs = [ pkgconfig which ];
libapparmor
pam buildInputs = [ libapparmor pam ];
pkgconfig
which
];
postPatch = "cd ./changehat/pam_apparmor"; postPatch = "cd ./changehat/pam_apparmor";
makeFlags = ''USE_SYSTEM=1''; makeFlags = ''USE_SYSTEM=1'';
@ -137,7 +136,7 @@ let
name = "apparmor-profiles-${apparmor-version}"; name = "apparmor-profiles-${apparmor-version}";
src = apparmor-sources; src = apparmor-sources;
buildInputs = [ which ]; nativeBuildInputs = [ which ];
postPatch = "cd ./profiles"; postPatch = "cd ./profiles";
installFlags = ''DESTDIR=$(out) EXTRAS_DEST=$(out)/share/apparmor/extra-profiles''; installFlags = ''DESTDIR=$(out) EXTRAS_DEST=$(out)/share/apparmor/extra-profiles'';
@ -153,7 +152,7 @@ let
installPhase = '' installPhase = ''
mkdir "$out" mkdir "$out"
cp -R ./kernel-patches "$out" cp -R ./kernel-patches/* "$out"
''; '';
meta = apparmor-meta "kernel patches"; meta = apparmor-meta "kernel patches";

2
pkgs/top-level/all-packages.nix
View File

@ -10110,7 +10110,7 @@ in
microcodeIntel = callPackage ../os-specific/linux/microcode/intel.nix { }; microcodeIntel = callPackage ../os-specific/linux/microcode/intel.nix { };
inherit (callPackages ../os-specific/linux/apparmor { swig = swig2; }) inherit (callPackages ../os-specific/linux/apparmor { pythonPackages = python27Packages; swig = swig2; })
libapparmor apparmor-pam apparmor-parser apparmor-profiles apparmor-utils; libapparmor apparmor-pam apparmor-parser apparmor-profiles apparmor-utils;
atop = callPackage ../os-specific/linux/atop { }; atop = callPackage ../os-specific/linux/atop { };