aboutsummaryrefslogtreecommitdiffstats
path: root/testing/apparmor
diff options
context:
space:
mode:
Diffstat (limited to 'testing/apparmor')
-rw-r--r--testing/apparmor/0001-Add-missing-secure_getenv-and-scandirat-functions.patch (renamed from testing/apparmor/0002-Provide-missing-secure_getenv-and-scandirat-function.patch)16
-rw-r--r--testing/apparmor/0001-Remove-__BEGIN_DECLS-and-__END_DECLS-identifiers.patch53
-rw-r--r--testing/apparmor/0002-Add-missing-typedef-definitions-on-parser.patch (renamed from testing/apparmor/0003-Added-missing-typedef-definitions-on-parser.patch)8
-rw-r--r--testing/apparmor/0003-Link-against-gettext-library.patch29
-rw-r--r--testing/apparmor/0004-Define-RLIMIT_OFILE-if-needed.patch17
-rw-r--r--testing/apparmor/0004-Remove-vim-from-default-utils-build.patch (renamed from testing/apparmor/0007-Do-not-build-install-vim-file-with-utils-package.patch)4
-rw-r--r--testing/apparmor/0005-Added-RLIMIT_RTTIME-option-conditionally.patch23
-rw-r--r--testing/apparmor/0005-Remove-parser-test-against-rttime.patch58
-rw-r--r--testing/apparmor/0006-Remove-ofile-tests-for-parser.patch16
-rw-r--r--testing/apparmor/0006-Use-gettext-and-remove-latex.patch25
-rw-r--r--testing/apparmor/0007-Adjust-several-utils-test-to-Alpine.patch24
-rw-r--r--testing/apparmor/0008-Add-missing-include-for-ppc64le.patch12
-rw-r--r--testing/apparmor/0008-Adjust-apparmor-functions-path.patch13
-rw-r--r--testing/apparmor/APKBUILD164
-rw-r--r--testing/apparmor/apparmor.initd91
15 files changed, 342 insertions, 211 deletions
diff --git a/testing/apparmor/0002-Provide-missing-secure_getenv-and-scandirat-function.patch b/testing/apparmor/0001-Add-missing-secure_getenv-and-scandirat-functions.patch
index 0d94d41516..3791d12882 100644
--- a/testing/apparmor/0002-Provide-missing-secure_getenv-and-scandirat-function.patch
+++ b/testing/apparmor/0001-Add-missing-secure_getenv-and-scandirat-functions.patch
@@ -1,5 +1,5 @@
diff --git a/libraries/libapparmor/configure.ac b/libraries/libapparmor/configure.ac
-index 479ba6d..afbb8e2 100644
+index 479ba6dd..afbb8e2d 100644
--- a/libraries/libapparmor/configure.ac
+++ b/libraries/libapparmor/configure.ac
@@ -81,7 +81,7 @@ AM_CONDITIONAL(HAVE_RUBY, test x$with_ruby = xyes)
@@ -12,7 +12,7 @@ index 479ba6d..afbb8e2 100644
AM_PROG_CC_C_O
AC_C_CONST
diff --git a/libraries/libapparmor/src/Makefile.am b/libraries/libapparmor/src/Makefile.am
-index dd393a9..b7452ab 100644
+index 6002017d..a3ae0703 100644
--- a/libraries/libapparmor/src/Makefile.am
+++ b/libraries/libapparmor/src/Makefile.am
@@ -46,9 +46,9 @@ af_protos.h: /usr/include/netinet/in.h
@@ -28,7 +28,7 @@ index dd393a9..b7452ab 100644
-Wl,--version-script=$(top_srcdir)/src/libapparmor.map
diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c
-index 9378e22..b1c4805 100644
+index 9378e224..b1c48051 100644
--- a/libraries/libapparmor/src/private.c
+++ b/libraries/libapparmor/src/private.c
@@ -39,10 +39,14 @@
@@ -49,7 +49,7 @@ index 9378e22..b1c4805 100644
int len;
diff --git a/libraries/libapparmor/src/scandirat.c b/libraries/libapparmor/src/scandirat.c
new file mode 100644
-index 0000000..1576a35
+index 00000000..1576a35f
--- /dev/null
+++ b/libraries/libapparmor/src/scandirat.c
@@ -0,0 +1,63 @@
@@ -118,7 +118,7 @@ index 0000000..1576a35
+
diff --git a/libraries/libapparmor/src/scandirat.h b/libraries/libapparmor/src/scandirat.h
new file mode 100644
-index 0000000..6f4bf03
+index 00000000..6f4bf037
--- /dev/null
+++ b/libraries/libapparmor/src/scandirat.h
@@ -0,0 +1,13 @@
@@ -137,7 +137,7 @@ index 0000000..6f4bf03
+
diff --git a/libraries/libapparmor/src/secure_getenv.c b/libraries/libapparmor/src/secure_getenv.c
new file mode 100644
-index 0000000..b5eb46e
+index 00000000..b5eb46e5
--- /dev/null
+++ b/libraries/libapparmor/src/secure_getenv.c
@@ -0,0 +1,15 @@
@@ -158,7 +158,7 @@ index 0000000..b5eb46e
+
diff --git a/libraries/libapparmor/src/secure_getenv.h b/libraries/libapparmor/src/secure_getenv.h
new file mode 100644
-index 0000000..b6269a8
+index 00000000..b6269a8f
--- /dev/null
+++ b/libraries/libapparmor/src/secure_getenv.h
@@ -0,0 +1,8 @@
@@ -171,5 +171,5 @@ index 0000000..b6269a8
+
+#endif
--
-2.11.2
+2.16.1
diff --git a/testing/apparmor/0001-Remove-__BEGIN_DECLS-and-__END_DECLS-identifiers.patch b/testing/apparmor/0001-Remove-__BEGIN_DECLS-and-__END_DECLS-identifiers.patch
deleted file mode 100644
index 49422e7b7d..0000000000
--- a/testing/apparmor/0001-Remove-__BEGIN_DECLS-and-__END_DECLS-identifiers.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-diff --git a/libraries/libapparmor/include/sys/apparmor.h b/libraries/libapparmor/include/sys/apparmor.h
-index 752a5bd..0944c4c 100644
---- a/libraries/libapparmor/include/sys/apparmor.h
-+++ b/libraries/libapparmor/include/sys/apparmor.h
-@@ -22,7 +22,9 @@
- #include <stdint.h>
- #include <sys/types.h>
-
--__BEGIN_DECLS
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-
- /*
- * Class of public mediation types in the AppArmor policy db
-@@ -191,6 +193,8 @@ extern int aa_policy_cache_remove(int dirfd, const char *path);
- extern int aa_policy_cache_replace_all(aa_policy_cache *policy_cache,
- aa_kernel_interface *kernel_interface);
-
--__END_DECLS
-+#ifdef __cplusplus
-+}
-+#endif
-
- #endif /* sys/apparmor.h */
-diff --git a/libraries/libapparmor/include/sys/apparmor_private.h b/libraries/libapparmor/include/sys/apparmor_private.h
-index 6472de9..00bbee4 100644
---- a/libraries/libapparmor/include/sys/apparmor_private.h
-+++ b/libraries/libapparmor/include/sys/apparmor_private.h
-@@ -20,7 +20,9 @@
- #include <stdio.h>
- #include <sys/stat.h>
-
--__BEGIN_DECLS
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-
- int _aa_is_blacklisted(const char *name);
-
-@@ -33,6 +35,8 @@ int _aa_asprintf(char **strp, const char *fmt, ...);
- int _aa_dirat_for_each(int dirfd, const char *name, void *data,
- int (* cb)(int, const char *, struct stat *, void *));
-
--__END_DECLS
-+#ifdef __cplusplus
-+}
-+#endif
-
- #endif /* sys/apparmor_private.h */
---
-2.11.2
-
diff --git a/testing/apparmor/0003-Added-missing-typedef-definitions-on-parser.patch b/testing/apparmor/0002-Add-missing-typedef-definitions-on-parser.patch
index 9d70e0dfa9..80caea6b8a 100644
--- a/testing/apparmor/0003-Added-missing-typedef-definitions-on-parser.patch
+++ b/testing/apparmor/0002-Add-missing-typedef-definitions-on-parser.patch
@@ -1,6 +1,6 @@
diff --git a/parser/missingdefs.h b/parser/missingdefs.h
new file mode 100644
-index 0000000..9b2057e
+index 00000000..9b2057e7
--- /dev/null
+++ b/parser/missingdefs.h
@@ -0,0 +1,9 @@
@@ -14,7 +14,7 @@ index 0000000..9b2057e
+#endif
+
diff --git a/parser/parser_alias.c b/parser/parser_alias.c
-index f5b6da4..d50a72b 100644
+index f5b6da4e..d50a72b5 100644
--- a/parser/parser_alias.c
+++ b/parser/parser_alias.c
@@ -24,6 +24,7 @@
@@ -26,7 +26,7 @@ index f5b6da4..d50a72b 100644
struct alias_rule {
char *from;
diff --git a/parser/parser_symtab.c b/parser/parser_symtab.c
-index 3e667d8..d5a8270 100644
+index 3e667d87..d5a82701 100644
--- a/parser/parser_symtab.c
+++ b/parser/parser_symtab.c
@@ -24,6 +24,7 @@
@@ -38,5 +38,5 @@ index 3e667d8..d5a8270 100644
enum var_type {
sd_boolean,
--
-2.11.2
+2.16.1
diff --git a/testing/apparmor/0003-Link-against-gettext-library.patch b/testing/apparmor/0003-Link-against-gettext-library.patch
new file mode 100644
index 0000000000..bab5374fba
--- /dev/null
+++ b/testing/apparmor/0003-Link-against-gettext-library.patch
@@ -0,0 +1,29 @@
+diff --git a/binutils/Makefile b/binutils/Makefile
+index 7fb71813..52e55f70 100644
+--- a/binutils/Makefile
++++ b/binutils/Makefile
+@@ -52,7 +52,7 @@ SRCS = aa_enabled.c
+ HDRS =
+ TOOLS = aa-enabled aa-exec
+
+-AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
++AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread -lintl
+
+ ifdef USE_SYSTEM
+ # Using the system libapparmor so Makefile dependencies can't be used
+diff --git a/parser/Makefile b/parser/Makefile
+index 4d370c36..0eca5702 100644
+--- a/parser/Makefile
++++ b/parser/Makefile
+@@ -87,7 +87,7 @@ AAREDIR= libapparmor_re
+ AAREOBJECT = ${AAREDIR}/libapparmor_re.a
+ AAREOBJECTS = $(AAREOBJECT)
+ AARE_LDFLAGS = -static-libgcc -static-libstdc++ -L. $(LDFLAGS)
+-AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
++AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread -lintl
+
+ ifdef USE_SYSTEM
+ # Using the system libapparmor so Makefile dependencies can't be used
+--
+2.16.1
+
diff --git a/testing/apparmor/0004-Define-RLIMIT_OFILE-if-needed.patch b/testing/apparmor/0004-Define-RLIMIT_OFILE-if-needed.patch
deleted file mode 100644
index 804550aa0e..0000000000
--- a/testing/apparmor/0004-Define-RLIMIT_OFILE-if-needed.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-diff --git a/parser/parser_misc.c b/parser/parser_misc.c
-index f7772e6..90e8b9c 100644
---- a/parser/parser_misc.c
-+++ b/parser/parser_misc.c
-@@ -124,6 +124,9 @@ static struct keyword_table rlimit_table[] = {
- {"core", RLIMIT_CORE},
- {"rss", RLIMIT_RSS},
- {"nofile", RLIMIT_NOFILE},
-+#ifndef RLIMIT_OFILE
-+#define RLIMIT_OFILE RLIMIT_NOFILE
-+#endif
- {"ofile", RLIMIT_OFILE},
- {"as", RLIMIT_AS},
- {"nproc", RLIMIT_NPROC},
---
-2.11.2
-
diff --git a/testing/apparmor/0007-Do-not-build-install-vim-file-with-utils-package.patch b/testing/apparmor/0004-Remove-vim-from-default-utils-build.patch
index bbaa092bd8..56845739c4 100644
--- a/testing/apparmor/0007-Do-not-build-install-vim-file-with-utils-package.patch
+++ b/testing/apparmor/0004-Remove-vim-from-default-utils-build.patch
@@ -1,5 +1,5 @@
diff --git a/utils/Makefile b/utils/Makefile
-index 67caa0d..98fb8d7 100644
+index 68f8c376..01604796 100644
--- a/utils/Makefile
+++ b/utils/Makefile
@@ -32,7 +32,6 @@ MANPAGES = ${TOOLS:=.8} logprof.conf.5
@@ -32,5 +32,5 @@ index 67caa0d..98fb8d7 100644
$(MAKE) -C test check
- $(MAKE) -C vim check
--
-2.11.2
+2.16.1
diff --git a/testing/apparmor/0005-Added-RLIMIT_RTTIME-option-conditionally.patch b/testing/apparmor/0005-Added-RLIMIT_RTTIME-option-conditionally.patch
deleted file mode 100644
index 18bd06dd0b..0000000000
--- a/testing/apparmor/0005-Added-RLIMIT_RTTIME-option-conditionally.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
-index 3e2bcd2..a6f12e5 100644
---- a/parser/parser_yacc.y
-+++ b/parser/parser_yacc.y
-@@ -902,6 +902,7 @@ rules: rules TOK_SET TOK_RLIMIT TOK_ID TOK_LE TOK_VALUE opt_id TOK_END_OF_RULE
- pwarn(_("RLIMIT 'cpu' no units specified using default units of seconds\n"));
- value = tmp;
- break;
-+#ifdef RLIMIT_RTTIME
- case RLIMIT_RTTIME:
- /* RTTIME is measured in microseconds */
- if (!end || $6 == end || tmp < 0)
-@@ -913,6 +914,7 @@ rules: rules TOK_SET TOK_RLIMIT TOK_ID TOK_LE TOK_VALUE opt_id TOK_END_OF_RULE
- pwarn(_("RLIMIT 'rttime' no units specified using default units of microseconds\n"));
- value = tmp;
- break;
-+#endif
- case RLIMIT_NOFILE:
- case RLIMIT_NPROC:
- case RLIMIT_LOCKS:
---
-2.11.2
-
diff --git a/testing/apparmor/0005-Remove-parser-test-against-rttime.patch b/testing/apparmor/0005-Remove-parser-test-against-rttime.patch
new file mode 100644
index 0000000000..5d9f2450f3
--- /dev/null
+++ b/testing/apparmor/0005-Remove-parser-test-against-rttime.patch
@@ -0,0 +1,58 @@
+diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh
+index 029eec46..3b2f0f9f 100755
+--- a/parser/tst/equality.sh
++++ b/parser/tst/equality.sh
+@@ -525,15 +525,15 @@ verify_binary_equality "@{profile_name} is literal in peer with esc alt sequence
+
+
+ # verify rlimit data conversions
+-verify_binary_equality "set rlimit rttime <= 12 weeks" \
+- "/t { set rlimit rttime <= 12 weeks, }" \
+- "/t { set rlimit rttime <= $((12 * 7)) days, }" \
+- "/t { set rlimit rttime <= $((12 * 7 * 24)) hours, }" \
+- "/t { set rlimit rttime <= $((12 * 7 * 24 * 60)) minutes, }" \
+- "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60)) seconds, }" \
+- "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000)) ms, }" \
+- "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000 * 1000)) us, }" \
+- "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000 * 1000)), }"
++#verify_binary_equality "set rlimit rttime <= 12 weeks" \
++# "/t { set rlimit rttime <= 12 weeks, }" \
++# "/t { set rlimit rttime <= $((12 * 7)) days, }" \
++# "/t { set rlimit rttime <= $((12 * 7 * 24)) hours, }" \
++# "/t { set rlimit rttime <= $((12 * 7 * 24 * 60)) minutes, }" \
++# "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60)) seconds, }" \
++# "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000)) ms, }" \
++# "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000 * 1000)) us, }" \
++# "/t { set rlimit rttime <= $((12 * 7 * 24 * 60 * 60 * 1000 * 1000)), }"
+
+ verify_binary_equality "set rlimit cpu <= 42 weeks" \
+ "/t { set rlimit cpu <= 42 weeks, }" \
+diff --git a/parser/tst/simple_tests/rlimits/ok_rlimit_13.sd b/parser/tst/simple_tests/rlimits/ok_rlimit_13.sd
+deleted file mode 100644
+index 50b9a6f3..00000000
+--- a/parser/tst/simple_tests/rlimits/ok_rlimit_13.sd
++++ /dev/null
+@@ -1,7 +0,0 @@
+-#
+-#=DESCRIPTION simple rttime rlimit allows default units
+-#=EXRESULT PASS
+-
+-profile rlimit {
+- set rlimit rttime <= 12,
+-}
+diff --git a/parser/tst/simple_tests/rlimits/ok_rlimit_18.sd b/parser/tst/simple_tests/rlimits/ok_rlimit_18.sd
+deleted file mode 100644
+index f2747f10..00000000
+--- a/parser/tst/simple_tests/rlimits/ok_rlimit_18.sd
++++ /dev/null
+@@ -1,7 +0,0 @@
+-#
+-#=DESCRIPTION simple realtime time rlimit test
+-#=EXRESULT PASS
+-
+-profile rlimit {
+- set rlimit rttime <= 60minutes,
+-}
+--
+2.16.1
+
diff --git a/testing/apparmor/0006-Remove-ofile-tests-for-parser.patch b/testing/apparmor/0006-Remove-ofile-tests-for-parser.patch
new file mode 100644
index 0000000000..494487a747
--- /dev/null
+++ b/testing/apparmor/0006-Remove-ofile-tests-for-parser.patch
@@ -0,0 +1,16 @@
+diff --git a/parser/tst/simple_tests/rlimits/ok_rlimit_09.sd b/parser/tst/simple_tests/rlimits/ok_rlimit_09.sd
+deleted file mode 100644
+index 6510ae72..00000000
+--- a/parser/tst/simple_tests/rlimits/ok_rlimit_09.sd
++++ /dev/null
+@@ -1,7 +0,0 @@
+-#
+-#=DESCRIPTION simple max open file (same as nofile) rlimit test
+-#=EXRESULT PASS
+-
+-profile rlimit {
+- set rlimit ofile <= 1234,
+-}
+--
+2.16.1
+
diff --git a/testing/apparmor/0006-Use-gettext-and-remove-latex.patch b/testing/apparmor/0006-Use-gettext-and-remove-latex.patch
deleted file mode 100644
index 1cabcb3641..0000000000
--- a/testing/apparmor/0006-Use-gettext-and-remove-latex.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-diff --git a/parser/Makefile b/parser/Makefile
-index 6709441..f7ec0bc 100644
---- a/parser/Makefile
-+++ b/parser/Makefile
-@@ -87,7 +87,7 @@ AAREDIR= libapparmor_re
- AAREOBJECT = ${AAREDIR}/libapparmor_re.a
- AAREOBJECTS = $(AAREOBJECT)
- AARE_LDFLAGS = -static-libgcc -static-libstdc++ -L.
--AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
-+AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread -lintl
-
- ifdef USE_SYSTEM
- # Using the system libapparmor so Makefile dependencies can't be used
-@@ -141,7 +141,7 @@ po/${NAME}.pot: ${SRCS} ${HDRS}
-
- techdoc.pdf: techdoc.tex
- timestamp=$(shell date --utc "+%Y%m%d%H%M%S%z" -r $< );\
-- while pdflatex "\def\fixedpdfdate{$$timestamp}\input $<" ${BUILD_OUTPUT} || exit 1 ; \
-+ while true "\def\fixedpdfdate{$$timestamp}\input $<" ${BUILD_OUTPUT} || exit 1 ; \
- grep -q "Label(s) may have changed" techdoc.log; \
- do :; done
-
---
-2.11.2
-
diff --git a/testing/apparmor/0007-Adjust-several-utils-test-to-Alpine.patch b/testing/apparmor/0007-Adjust-several-utils-test-to-Alpine.patch
new file mode 100644
index 0000000000..84f213a7ec
--- /dev/null
+++ b/testing/apparmor/0007-Adjust-several-utils-test-to-Alpine.patch
@@ -0,0 +1,24 @@
+diff --git a/utils/test/test-aa.py b/utils/test/test-aa.py
+index 94d29f91..5c5645fa 100644
+--- a/utils/test/test-aa.py
++++ b/utils/test/test-aa.py
+@@ -154,12 +154,12 @@ class AaTest_get_interpreter_and_abstraction(AATest):
+ tests = [
+ ('#!/bin/bash', ('/bin/bash', 'abstractions/bash')),
+ ('#!/bin/dash', ('/bin/dash', 'abstractions/bash')),
+- ('#!/bin/sh', ('/bin/sh', 'abstractions/bash')),
+- ('#! /bin/sh ', ('/bin/sh', 'abstractions/bash')),
+- ('#! /bin/sh -x ', ('/bin/sh', 'abstractions/bash')), # '-x' is not part of the interpreter path
++ ('#!/bin/sh', ('/bin/sh', None)),
++ ('#! /bin/sh ', ('/bin/sh', None)),
++ ('#! /bin/sh -x ', ('/bin/sh', None)), # '-x' is not part of the interpreter path
+ ('#!/usr/bin/perl', ('/usr/bin/perl', 'abstractions/perl')),
+ ('#!/usr/bin/perl -w', ('/usr/bin/perl', 'abstractions/perl')), # '-w' is not part of the interpreter path
+- ('#!/usr/bin/python', ('/usr/bin/python', 'abstractions/python')),
++ ('#!/usr/bin/python', ('/usr/bin/python2.7', 'abstractions/python')),
+ ('#!/usr/bin/python2', ('/usr/bin/python2', 'abstractions/python')),
+ ('#!/usr/bin/python2.7', ('/usr/bin/python2.7', 'abstractions/python')),
+ ('#!/usr/bin/python3', ('/usr/bin/python3', 'abstractions/python')),
+--
+2.16.1
+
diff --git a/testing/apparmor/0008-Add-missing-include-for-ppc64le.patch b/testing/apparmor/0008-Add-missing-include-for-ppc64le.patch
deleted file mode 100644
index 9e1955b66b..0000000000
--- a/testing/apparmor/0008-Add-missing-include-for-ppc64le.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- apparmor-2.11.0/parser/parser_include.c
-+++ apparmor-2.11.0/parser/parser_include.c
-@@ -45,6 +45,9 @@
- #include <unistd.h>
- #include <errno.h>
- #include <dirent.h>
-+#ifdef __powerpc64__
-+#include <limits.h>
-+#endif
-
- #include "lib.h"
- #include "parser.h"
diff --git a/testing/apparmor/0008-Adjust-apparmor-functions-path.patch b/testing/apparmor/0008-Adjust-apparmor-functions-path.patch
new file mode 100644
index 0000000000..6065154c05
--- /dev/null
+++ b/testing/apparmor/0008-Adjust-apparmor-functions-path.patch
@@ -0,0 +1,13 @@
+diff --git a/utils/aa-remove-unknown b/utils/aa-remove-unknown
+index d3bd9144..0b9ead7d 100644
+--- a/utils/aa-remove-unknown
++++ b/utils/aa-remove-unknown
+@@ -15,7 +15,7 @@
+ # along with this program. If not, see <http://www.gnu.org/licenses/>.
+ # ----------------------------------------------------------------------
+
+-APPARMOR_FUNCTIONS=/lib/apparmor/rc.apparmor.functions
++APPARMOR_FUNCTIONS=/usr/libexec/apparmor/rc.apparmor.functions
+ APPARMORFS=/sys/kernel/security/apparmor
+ PROFILES="${APPARMORFS}/profiles"
+ REMOVE="${APPARMORFS}/.remove"
diff --git a/testing/apparmor/APKBUILD b/testing/apparmor/APKBUILD
index 2d52518092..be81cd95cd 100644
--- a/testing/apparmor/APKBUILD
+++ b/testing/apparmor/APKBUILD
@@ -1,67 +1,66 @@
# Contributor: Allan Garret <allan.garret@gmail.com>
# Maintainer: Allan Garret <allan.garret@gmail.com>
pkgname=apparmor
-pkgver=2.11.0
-_majorver=2.11
+pkgver=2.12
pkgrel=0
pkgdesc="Linux application security framework - mandatory access control for programs"
-url="http://wiki.apparmor.net/index.php/Main_Page"
+url="https://gitlab.com/apparmor/apparmor/wikis/home"
arch="all"
license="GPL"
depends="bash"
-makedepends="bash sed python autoconf automake libtool bison flex swig gettext-dev python-dev linux-pam-dev linux-headers"
+makedepends="bash sed python3 autoconf automake libtool bison flex perl-dev swig gettext-dev python3-dev linux-pam-dev linux-headers"
+options="!check"
subpackages="
- libapparmor:libapparmor
- libapparmor-doc:libapparmor_doc
- libapparmor-dev:libapparmor_dev
- $pkgname-utils:apparmor_utils:noarch
- $pkgname-utils-doc:apparmor_utils_doc
- $pkgname-profiles:apparmor_profiles:noarch
- $pkgname-pam:apparmor_pam
- $pkgname-vim:apparmor_vim:noarch
+ libapparmor:_libapparmor
+ libapparmor-doc:_libapparmor_doc
+ libapparmor-dev:_libapparmor_dev
+ py3-$pkgname:_py3_apparmor
+ perl-$pkgname:_perl_apparmor
+ $pkgname-utils:_apparmor_utils
+ $pkgname-utils-doc:_apparmor_utils_doc
+ $pkgname-utils-lang:_apparmor_utils_lang
+ $pkgname-profiles:_apparmor_profiles:noarch
+ $pkgname-pam:_apparmor_pam
+ $pkgname-vim:_apparmor_vim:noarch
$pkgname-doc
$pkgname-lang
"
source="
- https://launchpad.net/$pkgname/$_majorver/$_majorver/+download/$pkgname-$pkgver.tar.gz
-
- https://gitweb.gentoo.org/repo/gentoo.git/plain/sys-apps/apparmor/files/apparmor-init
-
- 0001-Remove-__BEGIN_DECLS-and-__END_DECLS-identifiers.patch
- 0002-Provide-missing-secure_getenv-and-scandirat-function.patch
- 0003-Added-missing-typedef-definitions-on-parser.patch
- 0004-Define-RLIMIT_OFILE-if-needed.patch
- 0005-Added-RLIMIT_RTTIME-option-conditionally.patch
- 0006-Use-gettext-and-remove-latex.patch
- 0007-Do-not-build-install-vim-file-with-utils-package.patch
- 0008-Add-missing-include-for-ppc64le.patch
+ https://launchpad.net/$pkgname/$pkgver/$pkgver.0/+download/$pkgname-$pkgver.tar.gz
+
+ apparmor.initd
+
+ 0001-Add-missing-secure_getenv-and-scandirat-functions.patch
+ 0002-Add-missing-typedef-definitions-on-parser.patch
+ 0003-Link-against-gettext-library.patch
+ 0004-Remove-vim-from-default-utils-build.patch
+ 0005-Remove-parser-test-against-rttime.patch
+ 0006-Remove-ofile-tests-for-parser.patch
+ 0007-Adjust-several-utils-test-to-Alpine.patch
+ 0008-Adjust-apparmor-functions-path.patch
"
builddir="$srcdir"/$pkgname-$pkgver
-prepare() {
- local i
-
- cd "$builddir"
-
- for i in "$srcdir"/*.patch; do
- msg "Applying $i"
- patch -p1 -i $i || return 1
- done
-}
-
build() {
+ export PYTHON_VERSION=3
+ export PYTHON_VERSIONS=python3
+ export PYTHON=/usr/bin/python3
+
cd "$builddir"/libraries/libapparmor
msg "Building: libapparmor"
./autogen.sh
- ./configure --prefix=/usr --with-python
+ ./configure --prefix=/usr --with-python --with-perl
make
cd "$builddir"
- msg "Building: apparmor"
+ msg "Building: apparmor parser"
make -C parser
+ msg "Building: apparmor-binutils"
+ make -C binutils
+
msg "Building: apparmor-utils"
make -C utils
@@ -81,31 +80,43 @@ package() {
make -C parser install DESTDIR="$pkgdir"
mv "$pkgdir"/lib "$pkgdir"/usr/lib
mv "$pkgdir"/sbin "$pkgdir"/usr/sbin
- install -Dm755 "$srcdir"/apparmor-init \
+ mkdir -p "$pkgdir"/usr/libexec/apparmor
+ mv "$pkgdir"/usr/lib/apparmor/rc.apparmor.functions \
+ "$pkgdir"/usr/libexec/apparmor/
+ rmdir "$pkgdir"/usr/lib/apparmor
+ install -Dm755 "$srcdir"/apparmor.initd \
"$pkgdir"/etc/init.d/apparmor
}
-libapparmor() {
+_libapparmor() {
pkgdesc="AppArmor library"
- makedepends="swig python-dev"
- depends="bash sed python"
+ makedepends="swig python3-dev perl-dev"
+ depends="bash sed"
cd "$builddir"
make -C libraries/libapparmor install DESTDIR="$subpkgdir"
# Move development files
mkdir -p "$subpkgdir"-dev/usr
- mv "$subpkgdir"/usr/include "$subpkgdir"-dev/usr/ || return 1
+ mv "$subpkgdir"/usr/include "$subpkgdir"-dev/usr/
mkdir -p "$subpkgdir"-dev/usr/lib
- mv "$subpkgdir"/usr/lib/libapparmor.a "$subpkgdir"-dev/usr/lib/ || return 1
- mv "$subpkgdir"/usr/lib/pkgconfig "$subpkgdir"-dev/usr/lib/ || return 1
+ mv "$subpkgdir"/usr/lib/libapparmor.a "$subpkgdir"-dev/usr/lib/
+ mv "$subpkgdir"/usr/lib/pkgconfig "$subpkgdir"-dev/usr/lib/
+
+ # Move python3 files
+ mkdir -p "$subpkgdir"/../py3-$pkgname/usr/lib
+ mv "$subpkgdir"/usr/lib/python3.* "$subpkgdir"/../py3-$pkgname/usr/lib
+
+ # Move perl files
+ mkdir -p "$subpkgdir"/../perl-$pkgname/usr/lib
+ mv "$subpkgdir"/usr/lib/perl5 "$subpkgdir"/../perl-$pkgname/usr/lib
# Move doc files
mkdir -p "$subpkgdir-doc"/usr/share
mv "$subpkgdir"/usr/share/man "$subpkgdir-doc"/usr/share/
}
-libapparmor_doc() {
+_libapparmor_doc() {
pkgdesc="AppArmor Library (doc files)"
cd "$builddir"
@@ -114,35 +125,54 @@ libapparmor_doc() {
done
}
-libapparmor_dev() {
+_libapparmor_dev() {
pkgdesc="AppArmor Library (development files)"
}
+_py3_apparmor() {
+ pkgdesc="Python3 module for apparmor"
+ depends="libapparmor python3"
+}
-apparmor_utils() {
+_perl_apparmor() {
+ pkgdesc="Perl module for apparmor"
+ depends="libapparmor perl"
+}
+
+_apparmor_utils() {
pkgdesc="AppArmor userspace utilities"
- depends="perl python bash"
+ depends="libapparmor perl python3 bash"
cd "$builddir"
make -C utils install DESTDIR="$subpkgdir" BINDIR="$subpkgdir"/usr/bin
+ cd "$builddir"
+ make -C binutils install DESTDIR="$subpkgdir" BINDIR="$subpkgdir"/usr/bin
+
mkdir -p "$subpkgdir"-doc/usr/share
mv "$subpkgdir"/usr/share/man "$subpkgdir"-doc/usr/share/
+
+ mkdir -p "$subpkgdir"-lang/usr/share
+ mv "$subpkgdir"/usr/share/locale "$subpkgdir"-lang/usr/share/
}
-apparmor_utils_doc() {
+_apparmor_utils_doc() {
pkgdesc="AppArmor userspace utilites (doc files)"
cd "$builddir"
- for i in 5 8; do
+ for i in 1 5 8; do
find "$subpkgdir"/usr/share/man/man"$i" -type f -exec gzip -9v {} +
done
cd "$subpkgdir"/usr/share/man/man8
- rm apparmor_status.8 || return 1
- ln -s aa-status.8.gz apparmor_status.8.gz || return 1
+ rm apparmor_status.8
+ ln -s aa-status.8.gz apparmor_status.8.gz
+}
+
+_apparmor_utils_lang() {
+ pkgdesc="Languages for package $subpkgname"
}
-apparmor_profiles() {
+_apparmor_profiles() {
pkgdesc="AppArmor sample pre-made profiles"
depends="apparmor"
@@ -150,15 +180,15 @@ apparmor_profiles() {
make -C profiles install DESTDIR="$subpkgdir"
}
-apparmor_pam() {
+_apparmor_pam() {
pkgdesc="AppArmor PAM library"
- depends="apparmor-libapparmor pam"
+ depends="libapparmor pam"
cd "$builddir"
make -C changehat/pam_apparmor install DESTDIR="$subpkgdir"/usr
}
-apparmor_pam_doc() {
+_apparmor_pam_doc() {
pkgdesc="AppArmor PAM library (doc files)"
cd "$builddir"
@@ -167,7 +197,7 @@ apparmor_pam_doc() {
"$subpkgdir"/usr/share/doc/apparmor/README.pam_apparmor
}
-apparmor_vim() {
+_apparmor_vim() {
pkgdesc="AppArmor VIM support"
depends="vim"
@@ -178,13 +208,13 @@ apparmor_vim() {
-sha512sums="86b33c1cbbd256028dd5fdfaddc764c225845acd19c833223fce5cdd6164f997fe010d7b642791f834a3417b4ea847d77175fdfd89ea99ab2111933790d42b55 apparmor-2.11.0.tar.gz
-4ee4747ec98a0828beb690bf5e01bc112d958bff4c68d60fc0cbb9f0707bd8daecc011dba3916aa6e6368f460eedce7f2ce42aad9ccea49a5d898dcae3d01148 apparmor-init
-fbe93bfdc6469496aafddfe8f8c01d53adb5075a4547e40fb8fc5b5b972aa418a0a84e626e82602425ad48409fd078dabdf60132f5810f80aa3212e11cb7186e 0001-Remove-__BEGIN_DECLS-and-__END_DECLS-identifiers.patch
-988f4f6c27089ca68ef122066123099477e2e1dc7c849f93e3d0a92c2aa9a38ccbcd9e4d212329edad4ac4bbb7ee32dfbaab8b0039a661e2af391b6c830e6b54 0002-Provide-missing-secure_getenv-and-scandirat-function.patch
-029a94086ffa97b5eff55e23469ee199caf066761cad28a1f0d4b8c51c4ae927192651befc79505f0078cf81a79fa472c97bf8b0e5e4816fcd8f597ad129c431 0003-Added-missing-typedef-definitions-on-parser.patch
-3da30be6f964135c1fd85368f17bd503682af6a5dc3d3d3964f87d74330debdddbb9ada705aad35999904539e29d46118a58af88084646bf2faa8413b65e857c 0004-Define-RLIMIT_OFILE-if-needed.patch
-1606e18435ea8aec16546c9c15f1b4bdc9c15af0764b2f580c28b8597fbd3ea670a4fe6dcf16a6b97a340f4b6b52b578463b1359150141a37f668e7dc8f1b272 0005-Added-RLIMIT_RTTIME-option-conditionally.patch
-0e94e33cc919a76e7d59da578f0166ac9e6c2021b55d1a92ae1512e51f05d45a099a83a57625905112cf25e460e6078ae57bf7ee66da7caf0bc87fccdd0589ce 0006-Use-gettext-and-remove-latex.patch
-6d75ed791653457d58fea7ff29a8e8e52c4bf7e214daa1e1ad2dcd888521251c9a89279cecaed320d252b057f7db0c5440c0d8ca8f4e51af79f9511d44bbec16 0007-Do-not-build-install-vim-file-with-utils-package.patch
-9c9748e2b472b1b204b8ce1ad2c714ae2e296c083f14750f042b77055ec6c321e5ab8df402d41d57eff1c52cfa9dfab0dcb890db0be49403907e688d616b0c8c 0008-Add-missing-include-for-ppc64le.patch"
+sha512sums="d85fd47c66333fe5658ee5e977b32142697f6e36c575550712ee2ace2ad0fbf2aa59c8fd3b82ad8821c0190adf8cc150cf623ea09a84d5b32bde050a03dd6e9a apparmor-2.12.tar.gz
+1a57cc577ba3aedfbe10ef6148c1e8f5d0bbf65c99e60eec80c52409c9dab59ae002024500c6e4fd0e01e8c7aeb0c85e3e6b41cacee08c17fdd869d31bca614e apparmor.initd
+8e9f9914a3d0f5368811324a2be34ffebcb2d33add7289a37f2710497b8df0d95d7c33c792a844bae1e2fc320ff91e09313271aef1ad2bf5a37f2b634c652f73 0001-Add-missing-secure_getenv-and-scandirat-functions.patch
+e26fcb2f68fdba1cce076fdf37803175ab42ae2df4fccea74275bea7d0937e2992fd1e0dcb521b11f6c44a73bcf2819579f34a26e4e62e618e8259fee81cf302 0002-Add-missing-typedef-definitions-on-parser.patch
+949af1827ef533f60065fbbcdd72f15cb367ad69b0922a56011a31cd740f63c4834ba675c3686823f1f8319d2455498edb8fc626c02d2c8dfd0843e52ce0dbde 0003-Link-against-gettext-library.patch
+11b51b046c3acd83b6b0978ac3806ad3a65e5a678dd8ea01b910cd50c51c36a31c8e0f20223f4715dfe28d80e7d2b1d578dc632de8092d8700723af8188a4bf4 0004-Remove-vim-from-default-utils-build.patch
+b73fb44dc4649178d4aea8e491f74b025bde75bbdcf7b8fc1d17af30b562f58a743d7bde2a21db5c9dd71d863d1eb84d6b62143c90fff7ec7124d7b0ec590287 0005-Remove-parser-test-against-rttime.patch
+2e169df847af74c2bf8906a595afa785dbf293b4d753fbfbb8cc0c2c0d2e5f6a8dd63b2400df57ad1f03330e5d5a39d4f893a3ca0aedf7bc832db48da7d4e67c 0006-Remove-ofile-tests-for-parser.patch
+8949df983f36af91f887f13795681213758cf54a59c1ee710f7e2936a7a2e1e7551a1268c8abe0b95d852d24097ba52a39befd890126aa4d4c8e55656af64d2f 0007-Adjust-several-utils-test-to-Alpine.patch
+bd8a4ac30c6803e2bc219db925f0d577a56cf29f08a9b109d593b06d833351d49eeba67a243f0e1e696c94958b7df9afb0f4be02453c197892fde3b99803c89f 0008-Adjust-apparmor-functions-path.patch"
diff --git a/testing/apparmor/apparmor.initd b/testing/apparmor/apparmor.initd
new file mode 100644
index 0000000000..15058f2895
--- /dev/null
+++ b/testing/apparmor/apparmor.initd
@@ -0,0 +1,91 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+description="Load all configured profiles for the AppArmor security module."
+description_reload="Reload all profiles"
+
+extra_started_commands="reload"
+
+aa_action() {
+ local arg=$1
+ local return
+
+ shift
+ $*
+ return=$?
+
+ if [ ${return} -eq 0 ]; then
+ aa_log_success_msg $arg
+ else
+ aa_log_failure_msg arg
+ fi
+
+ return $return
+}
+
+aa_log_action_start() {
+ ebegin $1
+}
+
+aa_log_action_end() {
+ eend $1
+}
+
+aa_log_success_msg() {
+ einfo $1
+}
+
+aa_log_warning_msg() {
+ ewarn $1
+}
+
+aa_log_failure_msg() {
+ eerror $1
+}
+
+aa_log_skipped_msg() {
+ einfo $1
+}
+
+aa_log_daemon_msg() {
+ einfo $1
+}
+
+aa_log_end_msg() {
+ eend $1
+}
+
+. /usr/libexec/apparmor/rc.apparmor.functions
+
+start() {
+ ebegin "Starting AppArmor"
+ eindent
+
+ if ! is_apparmor_loaded ; then
+ load_module
+ if [ $? -ne 0 ]; then
+ eerror "AppArmor kernel support is not present"
+ eend 1
+ return 1
+ fi
+ fi
+
+ parse_profiles load
+
+ eoutdent
+}
+
+stop() {
+ ebegin "Stopping AppArmor"
+ eindent
+ apparmor_stop
+ eoutdent
+}
+
+reload() {
+ # todo: split out clean_profiles into its own function upstream
+ # so we can do parse_profiles reload && clean_profiles
+ # and do a proper reload instead of restart
+ apparmor_restart
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-02 11:59:10 +0000