summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2020-04-22 19:34:28 +0100
committerV3n3RiX <venerix@redcorelinux.org>2020-04-22 19:34:28 +0100
commit9e9bed4ca47561f956808f356f850fa38ed7269e (patch)
treef5dae6be42034aa9f031c8bfe80c33c969bf0446
parentf55f93498c7c0f16aa038a4fa01cb41fd01712cd (diff)
sys-apps/apparmor : import from gentoo, cherry-pick CAPS fix (https://gitlab.com/apparmor/apparmor/-/commit/e92da079ca12e776991bd36524430bd67c1cb72a)
-rw-r--r--sys-apps/apparmor/Manifest1
-rw-r--r--sys-apps/apparmor/apparmor-2.13.4-r10.ebuild67
-rw-r--r--sys-apps/apparmor/files/apparmor-2.11.1-dynamic-link.patch11
-rw-r--r--sys-apps/apparmor/files/apparmor-2.13.1-makefile.patch25
-rw-r--r--sys-apps/apparmor/files/apparmor-init91
-rw-r--r--sys-apps/apparmor/files/apparmor.service14
-rw-r--r--sys-apps/apparmor/files/apparmor_load.sh2
-rw-r--r--sys-apps/apparmor/files/apparmor_unload.sh2
8 files changed, 213 insertions, 0 deletions
diff --git a/sys-apps/apparmor/Manifest b/sys-apps/apparmor/Manifest
new file mode 100644
index 00000000..ba3818a6
--- /dev/null
+++ b/sys-apps/apparmor/Manifest
@@ -0,0 +1 @@
+DIST apparmor-2.13.4.tar.xz 4256276 BLAKE2B ccdf6f465000faab578b7ea18738b51ce6b234acb9654d60f430fa3cd6a37782ad20877005415c92c23a6e224e9990b660c562989b672d4e36eeb9e93e844858 SHA512 e79ce182d67a21bd4c00d82f8be465526a6999b1a895ccbbbe10e3040183fcfa1380184f527d4549e5115739e3077878b1d5d6a7a1b5a4737daf6741db8493ac
diff --git a/sys-apps/apparmor/apparmor-2.13.4-r10.ebuild b/sys-apps/apparmor/apparmor-2.13.4-r10.ebuild
new file mode 100644
index 00000000..9621862c
--- /dev/null
+++ b/sys-apps/apparmor/apparmor-2.13.4-r10.ebuild
@@ -0,0 +1,67 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd toolchain-funcs
+
+MY_PV="$(ver_cut 1-2)"
+
+DESCRIPTION="Userspace utils and init scripts for the AppArmor application security system"
+HOMEPAGE="https://gitlab.com/apparmor/apparmor/wikis/home"
+SRC_URI="http://mirrors.redcorelinux.org/redcorelinux/distfiles-next/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="doc"
+
+RESTRICT="test" # bug 675854
+
+RDEPEND="~sys-libs/libapparmor-${PV}"
+DEPEND="${RDEPEND}
+ dev-lang/perl
+ sys-devel/bison
+ sys-devel/gettext
+ sys-devel/flex
+ doc? ( dev-tex/latex2html )
+"
+
+S=${WORKDIR}/apparmor-${PV}/parser
+
+PATCHES=(
+ "${FILESDIR}/${PN}-2.13.1-makefile.patch"
+ "${FILESDIR}/${PN}-2.11.1-dynamic-link.patch"
+)
+
+src_prepare() {
+ default
+
+ # remove warning about missing file that controls features
+ # we don't currently support
+ sed -e "/installation problem/ctrue" -i rc.apparmor.functions || die
+}
+
+src_compile() {
+ emake CC="$(tc-getCC)" CXX="$(tc-getCXX)" USE_SYSTEM=1 arch manpages
+ use doc && emake pdf
+}
+
+src_test() {
+ emake CXX="$(tc-getCXX)" USE_SYSTEM=1 check
+}
+
+src_install() {
+ emake DESTDIR="${D}" DISTRO="unknown" USE_SYSTEM=1 install
+
+ dodir /etc/apparmor.d/disable
+
+ newinitd "${FILESDIR}/${PN}-init" ${PN}
+ systemd_newunit "${FILESDIR}/apparmor.service" apparmor.service
+
+ use doc && dodoc techdoc.pdf
+
+ exeinto /usr/share/apparmor
+ doexe "${FILESDIR}/apparmor_load.sh"
+ doexe "${FILESDIR}/apparmor_unload.sh"
+}
diff --git a/sys-apps/apparmor/files/apparmor-2.11.1-dynamic-link.patch b/sys-apps/apparmor/files/apparmor-2.11.1-dynamic-link.patch
new file mode 100644
index 00000000..bde21c30
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor-2.11.1-dynamic-link.patch
@@ -0,0 +1,11 @@
+--- a/Makefile
++++ b/Makefile
+@@ -87,7 +87,7 @@
+ AAREOBJECT = ${AAREDIR}/libapparmor_re.a
+ AAREOBJECTS = $(AAREOBJECT)
+ AARE_LDFLAGS = -static-libgcc -static-libstdc++ -L. $(LDFLAGS)
+-AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
++AALIB = -Wl,-Bdynamic -lapparmor -Wl,-Bdynamic -lpthread
+
+ ifdef USE_SYSTEM
+ # Using the system libapparmor so Makefile dependencies can't be used
diff --git a/sys-apps/apparmor/files/apparmor-2.13.1-makefile.patch b/sys-apps/apparmor/files/apparmor-2.13.1-makefile.patch
new file mode 100644
index 00000000..239ff81f
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor-2.13.1-makefile.patch
@@ -0,0 +1,25 @@
+--- a/Makefile
++++ b/Makefile
+@@ -28,7 +28,7 @@
+ CONFDIR=/etc/apparmor
+ INSTALL_CONFDIR=${DESTDIR}${CONFDIR}
+ LOCALEDIR=/usr/share/locale
+-MANPAGES=apparmor.d.5 apparmor.7 apparmor_parser.8 subdomain.conf.5 aa-teardown.8
++MANPAGES=apparmor.d.5 apparmor.7 apparmor_parser.8 aa-teardown.8
+
+ YACC := bison
+ YFLAGS := -d
+@@ -371,11 +371,9 @@
+ .PHONY: install-indep
+ install-indep: indep
+ install -m 755 -d $(INSTALL_CONFDIR)
+- install -m 644 subdomain.conf $(INSTALL_CONFDIR)
++ install -m 755 -d ${DESTDIR}/usr/libexec
+ install -m 644 parser.conf $(INSTALL_CONFDIR)
+- install -m 755 -d ${DESTDIR}/var/lib/apparmor
+- install -m 755 -d $(APPARMOR_BIN_PREFIX)
+- install -m 755 rc.apparmor.functions $(APPARMOR_BIN_PREFIX)
++ install -m 755 rc.apparmor.functions ${DESTDIR}/usr/libexec
+ $(MAKE) -C po install NAME=${NAME} DESTDIR=${DESTDIR}
+ $(MAKE) install_manpages DESTDIR=${DESTDIR}
+
diff --git a/sys-apps/apparmor/files/apparmor-init b/sys-apps/apparmor/files/apparmor-init
new file mode 100644
index 00000000..48877e4b
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor-init
@@ -0,0 +1,91 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+description="Load all configured profiles for the AppArmor security module."
+description_reload="Reload all profiles"
+
+extra_started_commands="reload"
+
+aa_action() {
+ local arg=$1
+ local return
+
+ shift
+ $*
+ return=$?
+
+ if [ ${return} -eq 0 ]; then
+ aa_log_success_msg $arg
+ else
+ aa_log_failure_msg arg
+ fi
+
+ return $return
+}
+
+aa_log_action_start() {
+ ebegin $1
+}
+
+aa_log_action_end() {
+ eend $1
+}
+
+aa_log_success_msg() {
+ einfo $1
+}
+
+aa_log_warning_msg() {
+ ewarn $1
+}
+
+aa_log_failure_msg() {
+ eerror $1
+}
+
+aa_log_skipped_msg() {
+ einfo $1
+}
+
+aa_log_daemon_msg() {
+ einfo $1
+}
+
+aa_log_end_msg() {
+ eend $1
+}
+
+. /usr/libexec/rc.apparmor.functions
+
+start() {
+ ebegin "Starting AppArmor"
+ eindent
+
+ if ! is_apparmor_loaded ; then
+ load_module
+ if [ $? -ne 0 ]; then
+ eerror "AppArmor kernel support is not present"
+ eend 1
+ return 1
+ fi
+ fi
+
+ parse_profiles load
+
+ eoutdent
+}
+
+stop() {
+ ebegin "Stopping AppArmor"
+ eindent
+ apparmor_stop
+ eoutdent
+}
+
+reload() {
+ # todo: split out clean_profiles into its own function upstream
+ # so we can do parse_profiles reload && clean_profiles
+ # and do a proper reload instead of restart
+ apparmor_restart
+}
diff --git a/sys-apps/apparmor/files/apparmor.service b/sys-apps/apparmor/files/apparmor.service
new file mode 100644
index 00000000..89f14fed
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=AppArmor profiles
+DefaultDependencies=no
+After=local-fs.target
+Before=sysinit.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/share/apparmor/apparmor_load.sh
+ExecStop=/usr/share/apparmor/apparmor_unload.sh
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sys-apps/apparmor/files/apparmor_load.sh b/sys-apps/apparmor/files/apparmor_load.sh
new file mode 100644
index 00000000..e6fe6b68
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor_load.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+find "/etc/apparmor.d/" -maxdepth 1 -type f -exec apparmor_parser -r {} +
diff --git a/sys-apps/apparmor/files/apparmor_unload.sh b/sys-apps/apparmor/files/apparmor_unload.sh
new file mode 100644
index 00000000..19e598bb
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor_unload.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+find "/etc/apparmor.d/" -maxdepth 1 -type f -exec apparmor_parser -R {} \;