From c6cf800d47749adeb5bc320496c57889aca1dfec Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Wed, 2 Dec 2020 00:37:51 +0000
Subject: sys-apps/apparmor : bugfix https://bugs.gentoo.org/750860

---
 sys-apps/apparmor/Manifest                         |  1 +
 sys-apps/apparmor/apparmor-3.0.0-r10.ebuild        | 73 +++++++++++++++++
 .../files/apparmor-2.11.1-dynamic-link.patch       | 11 +++
 .../apparmor/files/apparmor-3.0.0-makefile.patch   | 18 +++++
 sys-apps/apparmor/files/apparmor-init              | 91 ++++++++++++++++++++++
 sys-apps/apparmor/files/apparmor-init-1            | 88 +++++++++++++++++++++
 sys-apps/apparmor/files/apparmor.service           | 14 ++++
 sys-apps/apparmor/files/apparmor_load.sh           |  2 +
 sys-apps/apparmor/files/apparmor_unload.sh         |  2 +
 sys-apps/apparmor/files/fixcaps.patch              | 12 +++
 10 files changed, 312 insertions(+)
 create mode 100644 sys-apps/apparmor/Manifest
 create mode 100644 sys-apps/apparmor/apparmor-3.0.0-r10.ebuild
 create mode 100644 sys-apps/apparmor/files/apparmor-2.11.1-dynamic-link.patch
 create mode 100644 sys-apps/apparmor/files/apparmor-3.0.0-makefile.patch
 create mode 100644 sys-apps/apparmor/files/apparmor-init
 create mode 100644 sys-apps/apparmor/files/apparmor-init-1
 create mode 100644 sys-apps/apparmor/files/apparmor.service
 create mode 100644 sys-apps/apparmor/files/apparmor_load.sh
 create mode 100644 sys-apps/apparmor/files/apparmor_unload.sh
 create mode 100644 sys-apps/apparmor/files/fixcaps.patch

diff --git a/sys-apps/apparmor/Manifest b/sys-apps/apparmor/Manifest
new file mode 100644
index 00000000..ac4e4868
--- /dev/null
+++ b/sys-apps/apparmor/Manifest
@@ -0,0 +1 @@
+DIST apparmor-3.0.0.tar.gz 7780686 BLAKE2B a9d9edb4fd2cb32b3db322a3f145aac7cea40fac3401b82947b2c5183598cc326d70859466823e3ac0a2227483c7ed7ba0b2f727e9fb7fbf532468716ef8d18f SHA512 2465a8bc400e24e548b0589b7b022fb8325c53858429b9c54204f989d5589d7bd99c9507bde88a48f9965a55edcbac98efeeb6b93aeefe6a27afa0b7e851aea6
diff --git a/sys-apps/apparmor/apparmor-3.0.0-r10.ebuild b/sys-apps/apparmor/apparmor-3.0.0-r10.ebuild
new file mode 100644
index 00000000..1c67ddf6
--- /dev/null
+++ b/sys-apps/apparmor/apparmor-3.0.0-r10.ebuild
@@ -0,0 +1,73 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd toolchain-funcs
+
+MY_PV="$(ver_cut 1-2)"
+
+DESCRIPTION="Userspace utils and init scripts for the AppArmor application security system"
+HOMEPAGE="https://gitlab.com/apparmor/apparmor/wikis/home"
+SRC_URI="https://launchpad.net/${PN}/${MY_PV}/${MY_PV}/+download/${PN}-${PV}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="doc"
+
+RESTRICT="test" # bug 675854
+
+RDEPEND="~sys-libs/libapparmor-${PV}"
+DEPEND="${RDEPEND}
+	dev-lang/perl
+	sys-devel/bison
+	sys-devel/gettext
+	sys-devel/flex
+	doc? ( dev-tex/latex2html )
+"
+
+S=${WORKDIR}/apparmor-${PV}/parser
+
+PATCHES=(
+	"${FILESDIR}/${PN}-3.0.0-makefile.patch"
+	"${FILESDIR}/${PN}-2.11.1-dynamic-link.patch"
+	"${FILESDIR}/fixcaps.patch"
+)
+
+src_prepare() {
+	default
+
+	# remove warning about missing file that controls features
+	# we don't currently support
+	sed -e "/installation problem/ctrue" -i rc.apparmor.functions || die
+
+	# bug 634782
+	sed -e "s/cpp/$(tc-getCPP) -/" \
+		-i ../common/list_capabilities.sh \
+		-i ../common/list_af_names.sh || die
+}
+
+src_compile() {
+	emake CC="$(tc-getCC)" CXX="$(tc-getCXX)" USE_SYSTEM=1 arch manpages
+	use doc && emake pdf
+}
+
+src_test() {
+	emake CXX="$(tc-getCXX)" USE_SYSTEM=1 check
+}
+
+src_install() {
+	emake DESTDIR="${D}" DISTRO="unknown" USE_SYSTEM=1 install
+
+	dodir /etc/apparmor.d/disable
+
+	newinitd "${FILESDIR}/${PN}-init-1" ${PN}
+	systemd_newunit "${FILESDIR}/apparmor.service" apparmor.service
+
+	use doc && dodoc techdoc.pdf
+
+	exeinto /usr/share/apparmor
+	doexe "${FILESDIR}/apparmor_load.sh"
+	doexe "${FILESDIR}/apparmor_unload.sh"
+}
diff --git a/sys-apps/apparmor/files/apparmor-2.11.1-dynamic-link.patch b/sys-apps/apparmor/files/apparmor-2.11.1-dynamic-link.patch
new file mode 100644
index 00000000..bde21c30
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor-2.11.1-dynamic-link.patch
@@ -0,0 +1,11 @@
+--- a/Makefile
++++ b/Makefile
+@@ -87,7 +87,7 @@
+ AAREOBJECT = ${AAREDIR}/libapparmor_re.a
+ AAREOBJECTS = $(AAREOBJECT)
+ AARE_LDFLAGS = -static-libgcc -static-libstdc++ -L. $(LDFLAGS)
+-AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
++AALIB = -Wl,-Bdynamic -lapparmor -Wl,-Bdynamic -lpthread
+ 
+ ifdef USE_SYSTEM
+   # Using the system libapparmor so Makefile dependencies can't be used
diff --git a/sys-apps/apparmor/files/apparmor-3.0.0-makefile.patch b/sys-apps/apparmor/files/apparmor-3.0.0-makefile.patch
new file mode 100644
index 00000000..9c03a446
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor-3.0.0-makefile.patch
@@ -0,0 +1,18 @@
+* Avoid installing empty /var/lib/apparmor
+* Install rc.apparmor.functions to Gentoo-appropriate location
+
+--- a/Makefile
++++ b/Makefile
+@@ -407,10 +407,10 @@
+ .PHONY: install-indep
+ install-indep: indep
+ 	install -m 755 -d $(INSTALL_CONFDIR)
++	install -m 755 -d ${DESTDIR}/usr/libexec
+ 	install -m 644 parser.conf $(INSTALL_CONFDIR)
+-	install -m 755 -d ${DESTDIR}/var/lib/apparmor
+ 	install -m 755 -d $(APPARMOR_BIN_PREFIX)
+-	install -m 755 rc.apparmor.functions $(APPARMOR_BIN_PREFIX)
++	install -m 755 rc.apparmor.functions ${DESTDIR}/usr/libexec
+ 	$(MAKE) -C po install NAME=${NAME} DESTDIR=${DESTDIR}
+ 	$(MAKE) install_manpages DESTDIR=${DESTDIR}
+ 
diff --git a/sys-apps/apparmor/files/apparmor-init b/sys-apps/apparmor/files/apparmor-init
new file mode 100644
index 00000000..48877e4b
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor-init
@@ -0,0 +1,91 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+description="Load all configured profiles for the AppArmor security module."
+description_reload="Reload all profiles"
+
+extra_started_commands="reload"
+
+aa_action() {
+	local arg=$1
+	local return
+
+	shift
+	$*
+	return=$?
+
+	if [ ${return} -eq 0 ]; then
+		aa_log_success_msg $arg
+	else
+		aa_log_failure_msg arg
+	fi
+
+	return $return
+}
+
+aa_log_action_start() {
+	ebegin $1
+}
+
+aa_log_action_end() {
+	eend $1
+}
+
+aa_log_success_msg() {
+	einfo $1
+}
+
+aa_log_warning_msg() {
+	ewarn $1
+}
+
+aa_log_failure_msg() {
+	eerror $1
+}
+
+aa_log_skipped_msg() {
+	einfo $1
+}
+
+aa_log_daemon_msg() {
+	einfo $1
+}
+
+aa_log_end_msg() {
+	eend $1
+}
+
+. /usr/libexec/rc.apparmor.functions
+
+start() {
+	ebegin "Starting AppArmor"
+	eindent
+
+	if ! is_apparmor_loaded ; then
+		load_module
+		if [ $? -ne 0 ]; then
+			eerror "AppArmor kernel support is not present"
+			eend 1
+			return 1
+		fi
+	fi
+
+	parse_profiles load
+
+	eoutdent
+}
+
+stop() {
+	ebegin "Stopping AppArmor"
+	eindent
+	apparmor_stop
+	eoutdent
+}
+
+reload() {
+	# todo: split out clean_profiles into its own function upstream
+	# so we can do parse_profiles reload && clean_profiles
+	# and do a proper reload instead of restart
+	apparmor_restart
+}
diff --git a/sys-apps/apparmor/files/apparmor-init-1 b/sys-apps/apparmor/files/apparmor-init-1
new file mode 100644
index 00000000..4addaee2
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor-init-1
@@ -0,0 +1,88 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+description="Load all configured profiles for the AppArmor security module."
+description_reload="Reload all profiles"
+
+extra_started_commands="reload"
+
+aa_action() {
+	local arg=$1
+	local return
+
+	shift
+	$*
+	return=$?
+
+	if [ ${return} -eq 0 ]; then
+		aa_log_success_msg $arg
+	else
+		aa_log_failure_msg arg
+	fi
+
+	return $return
+}
+
+aa_log_action_start() {
+	ebegin $1
+}
+
+aa_log_action_end() {
+	eend $1
+}
+
+aa_log_success_msg() {
+	einfo $1
+}
+
+aa_log_warning_msg() {
+	ewarn $1
+}
+
+aa_log_failure_msg() {
+	eerror $1
+}
+
+aa_log_skipped_msg() {
+	einfo $1
+}
+
+aa_log_daemon_msg() {
+	einfo $1
+}
+
+aa_log_end_msg() {
+	eend $1
+}
+
+. /usr/libexec/rc.apparmor.functions
+
+start() {
+	ebegin "Starting AppArmor"
+	eindent
+
+	if ! is_apparmor_loaded ; then
+		eerror "AppArmor kernel support is not present"
+		eend 1
+		return 1
+	fi
+
+	parse_profiles load
+
+	eoutdent
+}
+
+stop() {
+	ebegin "Stopping AppArmor"
+	eindent
+	apparmor_stop
+	eoutdent
+}
+
+reload() {
+	# todo: split out clean_profiles into its own function upstream
+	# so we can do parse_profiles reload && clean_profiles
+	# and do a proper reload instead of restart
+	apparmor_restart
+}
diff --git a/sys-apps/apparmor/files/apparmor.service b/sys-apps/apparmor/files/apparmor.service
new file mode 100644
index 00000000..89f14fed
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=AppArmor profiles
+DefaultDependencies=no
+After=local-fs.target
+Before=sysinit.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/share/apparmor/apparmor_load.sh
+ExecStop=/usr/share/apparmor/apparmor_unload.sh
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sys-apps/apparmor/files/apparmor_load.sh b/sys-apps/apparmor/files/apparmor_load.sh
new file mode 100644
index 00000000..e6fe6b68
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor_load.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+find "/etc/apparmor.d/" -maxdepth 1 -type f -exec apparmor_parser -r {} +
diff --git a/sys-apps/apparmor/files/apparmor_unload.sh b/sys-apps/apparmor/files/apparmor_unload.sh
new file mode 100644
index 00000000..19e598bb
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor_unload.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+find "/etc/apparmor.d/" -maxdepth 1 -type f -exec apparmor_parser -R {} \;
diff --git a/sys-apps/apparmor/files/fixcaps.patch b/sys-apps/apparmor/files/fixcaps.patch
new file mode 100644
index 00000000..6b830e3c
--- /dev/null
+++ b/sys-apps/apparmor/files/fixcaps.patch
@@ -0,0 +1,12 @@
+diff -Nur a/base_cap_names.h b/base_cap_names.h
+--- a/base_cap_names.h	2020-10-01 17:50:10.000000000 +0100
++++ b/base_cap_names.h	2020-12-02 00:33:25.268531744 +0000
+@@ -8,6 +8,8 @@
+ 
+ {"bpf", CAP_BPF, CAP_SYS_ADMIN, CAPFLAG_BASE_FEATURE},
+ 
++{"checkpoint_restore", CAP_CHECKPOINT_RESTORE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
++
+ {"chown", CAP_CHOWN, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
+ 
+ {"dac_override", CAP_DAC_OVERRIDE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-- 
cgit v1.2.3