9c0f3d8829
This was untested and didn't function without a dbus patch which wasn't applied to the system dbus package, so it wasn't used at all. Also, it creates a weird cyclic dependency if we want systemd to depend on libapparmor (for AppArmorProfiles= support), because libapparmor then wants dbus, and dbus wants systemd. Oof. Luckily, this feature and whatnot will probably all be irrelevant in the glorious kdbus-based future, and the dbus patches aren't even upstream I think. So we can just drop it. Signed-off-by: Austin Seipp <aseipp@pobox.com>
182 lines
4.6 KiB
Nix
182 lines
4.6 KiB
Nix
{ stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, perl, which
|
|
, glibc, flex, bison, python27, swig, pam
|
|
}:
|
|
|
|
let
|
|
apparmor-series = "2.9";
|
|
apparmor-patchver = "1";
|
|
apparmor-version = "${apparmor-series}.${apparmor-patchver}";
|
|
|
|
apparmor-meta = component: with stdenv.lib; {
|
|
homepage = http://apparmor.net/;
|
|
description = "Linux application security system - ${component}";
|
|
license = licenses.gpl2;
|
|
maintainers = with maintainers; [ phreedom thoughtpolice joachifm ];
|
|
platforms = platforms.linux;
|
|
};
|
|
|
|
apparmor-sources = fetchurl {
|
|
url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz";
|
|
sha256 = "08ha7aigl40vm80f742rljcckdpfpw1s8g4yii1ysabcqcj8ffx6";
|
|
};
|
|
|
|
prePatchCommon = ''
|
|
substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man"
|
|
substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html"
|
|
substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
|
|
substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man"
|
|
'';
|
|
|
|
libapparmor = stdenv.mkDerivation {
|
|
name = "libapparmor-${apparmor-version}";
|
|
src = apparmor-sources;
|
|
|
|
buildInputs = [
|
|
autoconf
|
|
automake
|
|
bison
|
|
flex
|
|
glibc
|
|
libtool
|
|
perl
|
|
pkgconfig
|
|
python27
|
|
swig
|
|
which
|
|
];
|
|
|
|
prePatch = prePatchCommon + ''
|
|
substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"
|
|
substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"
|
|
'';
|
|
|
|
buildPhase = ''
|
|
cd ./libraries/libapparmor
|
|
./autogen.sh
|
|
./configure --prefix="$out" --with-python --with-perl
|
|
make
|
|
'';
|
|
|
|
installPhase = ''
|
|
make install
|
|
'';
|
|
|
|
meta = apparmor-meta "library";
|
|
};
|
|
|
|
apparmor-utils = stdenv.mkDerivation {
|
|
name = "apparmor-utils-${apparmor-version}";
|
|
src = apparmor-sources;
|
|
|
|
buildInputs = [
|
|
python27
|
|
libapparmor
|
|
which
|
|
];
|
|
|
|
prePatch = prePatchCommon;
|
|
|
|
buildPhase = ''
|
|
cd ./utils
|
|
make LANGS=""
|
|
'';
|
|
|
|
installPhase = ''
|
|
make install LANGS="" DESTDIR="$out" BINDIR="$out/bin" VIM_INSTALL_PATH="$out/share" PYPREFIX=""
|
|
'';
|
|
|
|
meta = apparmor-meta "user-land utilities";
|
|
};
|
|
|
|
apparmor-parser = stdenv.mkDerivation {
|
|
name = "apparmor-parser-${apparmor-version}";
|
|
src = apparmor-sources;
|
|
|
|
buildInputs = [
|
|
libapparmor
|
|
bison
|
|
flex
|
|
which
|
|
];
|
|
|
|
prePatch = prePatchCommon + ''
|
|
substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison"
|
|
substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex"
|
|
substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
|
|
## techdoc.pdf still doesn't build ...
|
|
substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
|
|
'';
|
|
|
|
buildPhase = ''
|
|
cd ./parser
|
|
make LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include
|
|
'';
|
|
|
|
installPhase = ''
|
|
make install LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include DESTDIR="$out" DISTRO="unknown"
|
|
'';
|
|
|
|
meta = apparmor-meta "rule parser";
|
|
};
|
|
|
|
apparmor-pam = stdenv.mkDerivation {
|
|
name = "apparmor-pam-${apparmor-version}";
|
|
src = apparmor-sources;
|
|
|
|
buildInputs = [
|
|
libapparmor
|
|
pam
|
|
pkgconfig
|
|
which
|
|
];
|
|
|
|
buildPhase = ''
|
|
cd ./changehat/pam_apparmor
|
|
make USE_SYSTEM=1
|
|
'';
|
|
|
|
installPhase = ''
|
|
make install DESTDIR="$out"
|
|
'';
|
|
|
|
meta = apparmor-meta "PAM service";
|
|
};
|
|
|
|
apparmor-profiles = stdenv.mkDerivation {
|
|
name = "apparmor-profiles-${apparmor-version}";
|
|
src = apparmor-sources;
|
|
|
|
buildInputs = [ which ];
|
|
|
|
buildPhase = ''
|
|
cd ./profiles
|
|
make
|
|
'';
|
|
|
|
installPhase = ''
|
|
make install DESTDIR="$out" EXTRAS_DEST="$out/share/apparmor/extra-profiles"
|
|
'';
|
|
|
|
meta = apparmor-meta "profiles";
|
|
};
|
|
|
|
apparmor-kernel-patches = stdenv.mkDerivation {
|
|
name = "apparmor-kernel-patches-${apparmor-version}";
|
|
src = apparmor-sources;
|
|
|
|
phases = ''unpackPhase installPhase'';
|
|
|
|
installPhase = ''
|
|
mkdir "$out"
|
|
cp -R ./kernel-patches "$out"
|
|
'';
|
|
|
|
meta = apparmor-meta "kernel patches";
|
|
};
|
|
|
|
in
|
|
|
|
{
|
|
inherit libapparmor apparmor-utils apparmor-parser apparmor-pam
|
|
apparmor-profiles apparmor-kernel-patches;
|
|
}
|