From 9e9bed4ca47561f956808f356f850fa38ed7269e Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 22 Apr 2020 19:34:28 +0100 Subject: sys-apps/apparmor : import from gentoo, cherry-pick CAPS fix (https://gitlab.com/apparmor/apparmor/-/commit/e92da079ca12e776991bd36524430bd67c1cb72a) --- sys-apps/apparmor/Manifest | 1 + sys-apps/apparmor/apparmor-2.13.4-r10.ebuild | 67 ++++++++++++++++ .../files/apparmor-2.11.1-dynamic-link.patch | 11 +++ .../apparmor/files/apparmor-2.13.1-makefile.patch | 25 ++++++ sys-apps/apparmor/files/apparmor-init | 91 ++++++++++++++++++++++ sys-apps/apparmor/files/apparmor.service | 14 ++++ sys-apps/apparmor/files/apparmor_load.sh | 2 + sys-apps/apparmor/files/apparmor_unload.sh | 2 + 8 files changed, 213 insertions(+) create mode 100644 sys-apps/apparmor/Manifest create mode 100644 sys-apps/apparmor/apparmor-2.13.4-r10.ebuild create mode 100644 sys-apps/apparmor/files/apparmor-2.11.1-dynamic-link.patch create mode 100644 sys-apps/apparmor/files/apparmor-2.13.1-makefile.patch create mode 100644 sys-apps/apparmor/files/apparmor-init create mode 100644 sys-apps/apparmor/files/apparmor.service create mode 100644 sys-apps/apparmor/files/apparmor_load.sh create mode 100644 sys-apps/apparmor/files/apparmor_unload.sh diff --git a/sys-apps/apparmor/Manifest b/sys-apps/apparmor/Manifest new file mode 100644 index 00000000..ba3818a6 --- /dev/null +++ b/sys-apps/apparmor/Manifest @@ -0,0 +1 @@ +DIST apparmor-2.13.4.tar.xz 4256276 BLAKE2B ccdf6f465000faab578b7ea18738b51ce6b234acb9654d60f430fa3cd6a37782ad20877005415c92c23a6e224e9990b660c562989b672d4e36eeb9e93e844858 SHA512 e79ce182d67a21bd4c00d82f8be465526a6999b1a895ccbbbe10e3040183fcfa1380184f527d4549e5115739e3077878b1d5d6a7a1b5a4737daf6741db8493ac diff --git a/sys-apps/apparmor/apparmor-2.13.4-r10.ebuild b/sys-apps/apparmor/apparmor-2.13.4-r10.ebuild new file mode 100644 index 00000000..9621862c --- /dev/null +++ b/sys-apps/apparmor/apparmor-2.13.4-r10.ebuild @@ -0,0 +1,67 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit systemd toolchain-funcs + +MY_PV="$(ver_cut 1-2)" + +DESCRIPTION="Userspace utils and init scripts for the AppArmor application security system" +HOMEPAGE="https://gitlab.com/apparmor/apparmor/wikis/home" +SRC_URI="http://mirrors.redcorelinux.org/redcorelinux/distfiles-next/${P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64" +IUSE="doc" + +RESTRICT="test" # bug 675854 + +RDEPEND="~sys-libs/libapparmor-${PV}" +DEPEND="${RDEPEND} + dev-lang/perl + sys-devel/bison + sys-devel/gettext + sys-devel/flex + doc? ( dev-tex/latex2html ) +" + +S=${WORKDIR}/apparmor-${PV}/parser + +PATCHES=( + "${FILESDIR}/${PN}-2.13.1-makefile.patch" + "${FILESDIR}/${PN}-2.11.1-dynamic-link.patch" +) + +src_prepare() { + default + + # remove warning about missing file that controls features + # we don't currently support + sed -e "/installation problem/ctrue" -i rc.apparmor.functions || die +} + +src_compile() { + emake CC="$(tc-getCC)" CXX="$(tc-getCXX)" USE_SYSTEM=1 arch manpages + use doc && emake pdf +} + +src_test() { + emake CXX="$(tc-getCXX)" USE_SYSTEM=1 check +} + +src_install() { + emake DESTDIR="${D}" DISTRO="unknown" USE_SYSTEM=1 install + + dodir /etc/apparmor.d/disable + + newinitd "${FILESDIR}/${PN}-init" ${PN} + systemd_newunit "${FILESDIR}/apparmor.service" apparmor.service + + use doc && dodoc techdoc.pdf + + exeinto /usr/share/apparmor + doexe "${FILESDIR}/apparmor_load.sh" + doexe "${FILESDIR}/apparmor_unload.sh" +} diff --git a/sys-apps/apparmor/files/apparmor-2.11.1-dynamic-link.patch b/sys-apps/apparmor/files/apparmor-2.11.1-dynamic-link.patch new file mode 100644 index 00000000..bde21c30 --- /dev/null +++ b/sys-apps/apparmor/files/apparmor-2.11.1-dynamic-link.patch @@ -0,0 +1,11 @@ +--- a/Makefile ++++ b/Makefile +@@ -87,7 +87,7 @@ + AAREOBJECT = ${AAREDIR}/libapparmor_re.a + AAREOBJECTS = $(AAREOBJECT) + AARE_LDFLAGS = -static-libgcc -static-libstdc++ -L. $(LDFLAGS) +-AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread ++AALIB = -Wl,-Bdynamic -lapparmor -Wl,-Bdynamic -lpthread + + ifdef USE_SYSTEM + # Using the system libapparmor so Makefile dependencies can't be used diff --git a/sys-apps/apparmor/files/apparmor-2.13.1-makefile.patch b/sys-apps/apparmor/files/apparmor-2.13.1-makefile.patch new file mode 100644 index 00000000..239ff81f --- /dev/null +++ b/sys-apps/apparmor/files/apparmor-2.13.1-makefile.patch @@ -0,0 +1,25 @@ +--- a/Makefile ++++ b/Makefile +@@ -28,7 +28,7 @@ + CONFDIR=/etc/apparmor + INSTALL_CONFDIR=${DESTDIR}${CONFDIR} + LOCALEDIR=/usr/share/locale +-MANPAGES=apparmor.d.5 apparmor.7 apparmor_parser.8 subdomain.conf.5 aa-teardown.8 ++MANPAGES=apparmor.d.5 apparmor.7 apparmor_parser.8 aa-teardown.8 + + YACC := bison + YFLAGS := -d +@@ -371,11 +371,9 @@ + .PHONY: install-indep + install-indep: indep + install -m 755 -d $(INSTALL_CONFDIR) +- install -m 644 subdomain.conf $(INSTALL_CONFDIR) ++ install -m 755 -d ${DESTDIR}/usr/libexec + install -m 644 parser.conf $(INSTALL_CONFDIR) +- install -m 755 -d ${DESTDIR}/var/lib/apparmor +- install -m 755 -d $(APPARMOR_BIN_PREFIX) +- install -m 755 rc.apparmor.functions $(APPARMOR_BIN_PREFIX) ++ install -m 755 rc.apparmor.functions ${DESTDIR}/usr/libexec + $(MAKE) -C po install NAME=${NAME} DESTDIR=${DESTDIR} + $(MAKE) install_manpages DESTDIR=${DESTDIR} + diff --git a/sys-apps/apparmor/files/apparmor-init b/sys-apps/apparmor/files/apparmor-init new file mode 100644 index 00000000..48877e4b --- /dev/null +++ b/sys-apps/apparmor/files/apparmor-init @@ -0,0 +1,91 @@ +#!/sbin/openrc-run +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +description="Load all configured profiles for the AppArmor security module." +description_reload="Reload all profiles" + +extra_started_commands="reload" + +aa_action() { + local arg=$1 + local return + + shift + $* + return=$? + + if [ ${return} -eq 0 ]; then + aa_log_success_msg $arg + else + aa_log_failure_msg arg + fi + + return $return +} + +aa_log_action_start() { + ebegin $1 +} + +aa_log_action_end() { + eend $1 +} + +aa_log_success_msg() { + einfo $1 +} + +aa_log_warning_msg() { + ewarn $1 +} + +aa_log_failure_msg() { + eerror $1 +} + +aa_log_skipped_msg() { + einfo $1 +} + +aa_log_daemon_msg() { + einfo $1 +} + +aa_log_end_msg() { + eend $1 +} + +. /usr/libexec/rc.apparmor.functions + +start() { + ebegin "Starting AppArmor" + eindent + + if ! is_apparmor_loaded ; then + load_module + if [ $? -ne 0 ]; then + eerror "AppArmor kernel support is not present" + eend 1 + return 1 + fi + fi + + parse_profiles load + + eoutdent +} + +stop() { + ebegin "Stopping AppArmor" + eindent + apparmor_stop + eoutdent +} + +reload() { + # todo: split out clean_profiles into its own function upstream + # so we can do parse_profiles reload && clean_profiles + # and do a proper reload instead of restart + apparmor_restart +} diff --git a/sys-apps/apparmor/files/apparmor.service b/sys-apps/apparmor/files/apparmor.service new file mode 100644 index 00000000..89f14fed --- /dev/null +++ b/sys-apps/apparmor/files/apparmor.service @@ -0,0 +1,14 @@ +[Unit] +Description=AppArmor profiles +DefaultDependencies=no +After=local-fs.target +Before=sysinit.target + +[Service] +Type=oneshot +ExecStart=/usr/share/apparmor/apparmor_load.sh +ExecStop=/usr/share/apparmor/apparmor_unload.sh +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/sys-apps/apparmor/files/apparmor_load.sh b/sys-apps/apparmor/files/apparmor_load.sh new file mode 100644 index 00000000..e6fe6b68 --- /dev/null +++ b/sys-apps/apparmor/files/apparmor_load.sh @@ -0,0 +1,2 @@ +#!/bin/sh +find "/etc/apparmor.d/" -maxdepth 1 -type f -exec apparmor_parser -r {} + diff --git a/sys-apps/apparmor/files/apparmor_unload.sh b/sys-apps/apparmor/files/apparmor_unload.sh new file mode 100644 index 00000000..19e598bb --- /dev/null +++ b/sys-apps/apparmor/files/apparmor_unload.sh @@ -0,0 +1,2 @@ +#!/bin/sh +find "/etc/apparmor.d/" -maxdepth 1 -type f -exec apparmor_parser -R {} \; -- cgit v1.2.3