GNU bug report logs - #59336
[PATCH 0/6] gnu: Add apparmor.

Previous Next

Package: guix-patches;

Reported by: Hilton Chain <hako <at> ultrarare.space>

Date: Thu, 17 Nov 2022 16:29:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 59336 in the body.
You can then email your comments to 59336 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to guix-patches <at> gnu.org:
bug#59336; Package guix-patches. (Thu, 17 Nov 2022 16:29:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hilton Chain <hako <at> ultrarare.space>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Thu, 17 Nov 2022 16:29:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Hilton Chain <hako <at> ultrarare.space>
To: guix-patches <at> gnu.org
Subject: [PATCH 0/6] gnu: Add apparmor.
Date: Fri, 18 Nov 2022 00:27:23 +0800
Hi Guix,

This patchset adds the AppArmor project, excluding the Apache and Tomcat parts.

Further tests are surely needed as I'm not an AppArmor user (yet)...

Tests for two packages are disabled, one is apparmor-profiles, which needs an
AppArmor-enforced system, the other is apparmor-utils, which wants Python
libraries to be installed, this later one might be easier to solve (I tried to
set GUIX_PYTHONPATH, but it fails either).

Thanks!

Hilton Chain (6):
  gnu: Add libapparmor.
  gnu: Add apparmor.
  gnu: Add apparmor-parser.
  gnu: Add apparmor-utils.
  gnu: Add apparmor-profiles.
  gnu: Add pam-apparmor.

 gnu/local.mk              |   1 +
 gnu/packages/apparmor.scm | 219 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 220 insertions(+)
 create mode 100644 gnu/packages/apparmor.scm


base-commit: 8e42bfaffa3ecee4c3f0ee6ff257f4fcd90d4677
--
2.38.1




Information forwarded to guix-patches <at> gnu.org:
bug#59336; Package guix-patches. (Thu, 17 Nov 2022 16:31:01 GMT) Full text and rfc822 format available.

Message #8 received at 59336 <at> debbugs.gnu.org (full text, mbox):

From: Hilton Chain <hako <at> ultrarare.space>
To: 59336 <at> debbugs.gnu.org
Subject: [PATCH 1/6] gnu: Add libapparmor.
Date: Fri, 18 Nov 2022 00:30:02 +0800
* gnu/packages/apparmor.scm: New file.
(libapparmor): New variable.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add the file.
---
 gnu/local.mk              |  1 +
 gnu/packages/apparmor.scm | 90 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 91 insertions(+)
 create mode 100644 gnu/packages/apparmor.scm

diff --git a/gnu/local.mk b/gnu/local.mk
index b154caaaaa..8907ca625b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -115,6 +115,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/anthy.scm			\
   %D%/packages/antivirus.scm			\
   %D%/packages/apl.scm				\
+  %D%/packages/apparmor.scm			\
   %D%/packages/apr.scm				\
   %D%/packages/arcan.scm			\
   %D%/packages/aspell.scm			\
diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm
new file mode 100644
index 0000000000..8cb4c7e94d
--- /dev/null
+++ b/gnu/packages/apparmor.scm
@@ -0,0 +1,90 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2022 Hilton Chain <hako <at> ultrarare.space>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages apparmor)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (gnu packages autotools)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages dejagnu)
+  #:use-module (gnu packages flex)
+  #:use-module (gnu packages gawk)
+  #:use-module (gnu packages gettext)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages python-xyz)
+  #:use-module (gnu packages ruby)
+  #:use-module (gnu packages swig)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix gexp)
+  #:use-module (guix git-download)
+  #:use-module (guix packages)
+  #:use-module (guix utils))
+
+(define-public libapparmor
+  (package
+    (name "libapparmor")
+    (version "3.1.2")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://gitlab.com/apparmor/apparmor")
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "1h77a7ww0rxfv5nsi1iy4fffklxdr2vq6r7kdsqm15yysglhbjyi"))))
+    (build-system gnu-build-system)
+    (arguments
+     (list #:configure-flags
+           #~(list (string-append "LDFLAGS=-Wl,-rpath=" #$output "/lib")
+                   "--with-perl" "--with-python")
+           #:phases
+           #~(modify-phases %standard-phases
+               (add-after 'unpack 'change-directory
+                 (lambda _
+                   (chdir "libraries/libapparmor"))))))
+    (native-inputs
+     (list autoconf
+           automake
+           bison
+           dejagnu
+           flex
+           libtool
+           perl
+           python-minimal
+           swig
+           which))
+    (home-page "https://apparmor.net")
+    (synopsis "Linux kernel security module")
+    (description
+     "AppArmor is an effective and easy-to-use Linux application security
+system.
+
+AppArmor proactively protects the operating system and applications from
+external or internal threats, even zero-day attacks, by enforcing good
+behavior and preventing both known and unknown application flaws from being
+exploited.
+
+AppArmor supplements the traditional Unix discretionary access control (DAC)
+model by providing mandatory access control (MAC).  It has been included in
+the mainline Linux kernel since version 2.6.36 and its development has been
+supported by Canonical since 2009.")
+    (license license:lgpl2.1)))
-- 
2.38.1





Information forwarded to guix-patches <at> gnu.org:
bug#59336; Package guix-patches. (Thu, 17 Nov 2022 16:32:01 GMT) Full text and rfc822 format available.

Message #11 received at 59336 <at> debbugs.gnu.org (full text, mbox):

From: Hilton Chain <hako <at> ultrarare.space>
To: 59336 <at> debbugs.gnu.org
Subject: [PATCH 2/6] gnu: Add apparmor.
Date: Fri, 18 Nov 2022 00:30:48 +0800
* gnu/packages/apparmor.scm (apparmor): New variable.
---
 gnu/packages/apparmor.scm | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm
index 8cb4c7e94d..742414e18b 100644
--- a/gnu/packages/apparmor.scm
+++ b/gnu/packages/apparmor.scm
@@ -88,3 +88,40 @@ (define-public libapparmor
 the mainline Linux kernel since version 2.6.36 and its development has been
 supported by Canonical since 2009.")
     (license license:lgpl2.1)))
+
+(define-public apparmor
+  (package
+    (inherit libapparmor)
+    (name "apparmor")
+    (arguments
+     (list #:make-flags
+           #~(list (string-append "CC=" #$(cc-for-target))
+                   (string-append "DESTDIR=" #$output)
+                   "USE_SYSTEM=1")
+           #:phases
+           #~(modify-phases %standard-phases
+               (delete 'configure)
+               (add-after 'unpack 'fix-makefile-paths
+                 (lambda _
+                   (for-each patch-shebang
+                             '("common/list_af_names.sh"
+                               "common/list_capabilities.sh"))
+                   (for-each (lambda (file)
+                               (substitute* file
+                                 (("/usr/bin/\\<(pod2man|pod2html|prove)\\>" all cmd) cmd)
+                                 (("/usr") "")))
+                             '("common/Make-po.rules"
+                               "common/Make.rules"
+                               "binutils/Makefile"
+                               "parser/Makefile"
+                               "parser/tst/Makefile"
+                               "profiles/Makefile"
+                               "utils/Makefile"
+                               "utils/python-tools-setup.py"
+                               "utils/vim/Makefile"))))
+               (add-after 'fix-makefile-paths 'change-directory
+                 (lambda _
+                   (chdir "binutils"))))))
+    (native-inputs (list gettext-minimal perl which))
+    (inputs (list libapparmor))
+    (license license:gpl2)))
-- 
2.38.1





Information forwarded to guix-patches <at> gnu.org:
bug#59336; Package guix-patches. (Thu, 17 Nov 2022 16:33:02 GMT) Full text and rfc822 format available.

Message #14 received at 59336 <at> debbugs.gnu.org (full text, mbox):

From: Hilton Chain <hako <at> ultrarare.space>
To: 59336 <at> debbugs.gnu.org
Subject: [PATCH 3/6] gnu: Add apparmor-parser.
Date: Fri, 18 Nov 2022 00:31:26 +0800
* gnu/packages/apparmor.scm (apparmor-parser): New variable.
---
 gnu/packages/apparmor.scm | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm
index 742414e18b..8648a2213f 100644
--- a/gnu/packages/apparmor.scm
+++ b/gnu/packages/apparmor.scm
@@ -125,3 +125,24 @@ (define-public apparmor
     (native-inputs (list gettext-minimal perl which))
     (inputs (list libapparmor))
     (license license:gpl2)))
+
+(define-public apparmor-parser
+  (let ((base apparmor))
+    (package
+      (inherit base)
+      (name "apparmor-parser")
+      (arguments
+       (substitute-keyword-arguments (package-arguments base)
+         ((#:phases phases)
+          #~(modify-phases #$phases
+              (replace 'change-directory
+                (lambda _
+                  (chdir "parser")))
+              (add-after 'change-directory 'fix-kernel-header-path
+                (lambda* (#:key inputs #:allow-other-keys)
+                  (substitute* "Makefile"
+                    (("/include/linux/capability.h" path)
+                     (search-input-file inputs path)))))))))
+      (native-inputs
+       (modify-inputs (package-native-inputs base)
+         (append bison flex python-minimal))))))
-- 
2.38.1





Information forwarded to guix-patches <at> gnu.org:
bug#59336; Package guix-patches. (Thu, 17 Nov 2022 16:33:03 GMT) Full text and rfc822 format available.

Message #17 received at 59336 <at> debbugs.gnu.org (full text, mbox):

From: Hilton Chain <hako <at> ultrarare.space>
To: 59336 <at> debbugs.gnu.org
Subject: [PATCH 4/6] gnu: Add apparmor-utils.
Date: Fri, 18 Nov 2022 00:32:00 +0800
* gnu/packages/apparmor.scm (apparmor-utils): New variable.
---
 gnu/packages/apparmor.scm | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm
index 8648a2213f..b753ffc88a 100644
--- a/gnu/packages/apparmor.scm
+++ b/gnu/packages/apparmor.scm
@@ -146,3 +146,39 @@ (define-public apparmor-parser
       (native-inputs
        (modify-inputs (package-native-inputs base)
          (append bison flex python-minimal))))))
+
+(define-public apparmor-utils
+  (let ((base apparmor))
+    (package
+      (inherit base)
+      (name "apparmor-utils")
+      (arguments
+       (append
+        ;; FIXME: Tests required Python library from this package (itself).
+        (list #:tests? #f)
+        (substitute-keyword-arguments (package-arguments base)
+          ((#:phases phases)
+           #~(modify-phases #$phases
+               (replace 'change-directory
+                 (lambda _
+                   (chdir "utils")))
+               (add-after 'change-directory 'fix-paths
+                 (lambda* (#:key inputs #:allow-other-keys)
+                   ;; Fix kernel header path
+                   (substitute* "Makefile"
+                     (("/include/linux/capability.h" path)
+                      (search-input-file inputs path)))
+                   ;; Fix apparmor_parser path
+                   (for-each (lambda (file)
+                               (substitute* file
+                                 (("/sbin/apparmor_parser" path)
+                                  (search-input-file inputs path))))
+                             '("apparmor/aa.py"
+                               "apparmor/easyprof.py"
+                               "logprof.conf")))))))))
+      (native-inputs
+       (modify-inputs (package-native-inputs base)
+         (append python-minimal)))
+      (inputs
+       (modify-inputs (package-inputs base)
+         (append apparmor-parser))))))
-- 
2.38.1





Information forwarded to guix-patches <at> gnu.org:
bug#59336; Package guix-patches. (Thu, 17 Nov 2022 16:34:01 GMT) Full text and rfc822 format available.

Message #20 received at 59336 <at> debbugs.gnu.org (full text, mbox):

From: Hilton Chain <hako <at> ultrarare.space>
To: 59336 <at> debbugs.gnu.org
Subject: [PATCH 5/6] gnu: Add apparmor-profiles.
Date: Fri, 18 Nov 2022 00:32:39 +0800
* gnu/packages/apparmor.scm (apparmor-profiles): New variable.
---
 gnu/packages/apparmor.scm | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm
index b753ffc88a..573666c27f 100644
--- a/gnu/packages/apparmor.scm
+++ b/gnu/packages/apparmor.scm
@@ -182,3 +182,20 @@ (define-public apparmor-utils
       (inputs
        (modify-inputs (package-inputs base)
          (append apparmor-parser))))))
+
+(define-public apparmor-profiles
+  (let ((base apparmor))
+    (package
+      (inherit base)
+      (name "apparmor-profiles")
+      (arguments
+       (append
+        (list #:tests? #f)              ;Needs an AppArmor-enabled system.
+        (substitute-keyword-arguments (package-arguments base)
+          ((#:phases phases)
+           #~(modify-phases #$phases
+               (replace 'change-directory
+                 (lambda _
+                   (chdir "profiles"))))))))
+      (native-inputs (list which))
+      (inputs '()))))
-- 
2.38.1





Information forwarded to guix-patches <at> gnu.org:
bug#59336; Package guix-patches. (Thu, 17 Nov 2022 16:34:02 GMT) Full text and rfc822 format available.

Message #23 received at 59336 <at> debbugs.gnu.org (full text, mbox):

From: Hilton Chain <hako <at> ultrarare.space>
To: 59336 <at> debbugs.gnu.org
Subject: [PATCH 6/6] gnu: Add pam-apparmor.
Date: Fri, 18 Nov 2022 00:33:10 +0800
* gnu/packages/apparmor.scm (pam-apparmor): New variable.
---
 gnu/packages/apparmor.scm | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm
index 573666c27f..85f3e9c6ae 100644
--- a/gnu/packages/apparmor.scm
+++ b/gnu/packages/apparmor.scm
@@ -199,3 +199,21 @@ (define-public apparmor-profiles
                    (chdir "profiles"))))))))
       (native-inputs (list which))
       (inputs '()))))
+
+(define-public pam-apparmor
+  (let ((base apparmor))
+    (package
+      (inherit base)
+      (name "pam-apparmor")
+      (arguments
+       (append
+        (list #:tests? #f)              ;no tests
+        (substitute-keyword-arguments (package-arguments base)
+          ((#:phases phases)
+           #~(modify-phases #$phases
+               (replace 'change-directory
+                 (lambda _
+                   (chdir "changehat/pam_apparmor"))))))))
+      (native-inputs (list pkg-config which))
+      (inputs (list libapparmor linux-pam))
+      (license license:bsd-3))))
-- 
2.38.1





Information forwarded to guix-patches <at> gnu.org:
bug#59336; Package guix-patches. (Fri, 18 Nov 2022 04:30:02 GMT) Full text and rfc822 format available.

Message #26 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Hilton Chain <hako <at> ultrarare.space>
To: guix-patches <at> gnu.org
Subject: [PATCH v2 0/3] gnu: Add apparmor.
Date: Fri, 18 Nov 2022 12:28:17 +0800
v1 -> v2:
1. Build Ruby bindings for libapparmor.
2. Build the original apparmor, apparmor-parser, apparmor-utils,
apparmor-profiles into a single package, apparmor.
3. Fix paths in aa-easyprof's config file.

Hilton Chain (3):
  gnu: Add libapparmor.
  gnu: Add apparmor.
  gnu: Add pam-apparmor.

 gnu/local.mk              |   1 +
 gnu/packages/apparmor.scm | 196 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 197 insertions(+)
 create mode 100644 gnu/packages/apparmor.scm

The following is the diff range from v1 to v2:
diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm
index 85f3e9c6ae..3136091747 100644
--- a/gnu/packages/apparmor.scm
+++ b/gnu/packages/apparmor.scm
@@ -55,10 +55,31 @@ (define-public libapparmor
     (arguments
      (list #:configure-flags
            #~(list (string-append "LDFLAGS=-Wl,-rpath=" #$output "/lib")
-                   "--with-perl" "--with-python")
+                   "--with-perl" "--with-python" "--with-ruby")
            #:phases
            #~(modify-phases %standard-phases
-               (add-after 'unpack 'change-directory
+               (add-after 'unpack 'fix-paths
+                 (lambda* (#:key inputs #:allow-other-keys)
+                   (for-each patch-shebang
+                             '("common/list_af_names.sh"
+                               "common/list_capabilities.sh"))
+                   (for-each (lambda (file)
+                               (substitute* file
+                                 (("/usr") "")
+                                 (("/bin/\\<(pod2man|pod2html|podchecker|prove)\\>" path)
+                                  (search-input-file inputs path))
+                                 (("/include/linux/capability.h" path)
+                                  (search-input-file inputs path))))
+                             '("common/Make-po.rules"
+                               "common/Make.rules"
+                               "binutils/Makefile"
+                               "parser/Makefile"
+                               "parser/tst/Makefile"
+                               "profiles/Makefile"
+                               "utils/Makefile"
+                               "utils/python-tools-setup.py"
+                               "utils/vim/Makefile"))))
+               (add-after 'fix-paths 'change-directory
                  (lambda _
                    (chdir "libraries/libapparmor"))))))
     (native-inputs
@@ -70,6 +91,7 @@ (define-public libapparmor
            libtool
            perl
            python-minimal
+           ruby
            swig
            which))
     (home-page "https://apparmor.net")
@@ -90,112 +112,67 @@ (define-public libapparmor
     (license license:lgpl2.1)))

 (define-public apparmor
-  (package
-    (inherit libapparmor)
-    (name "apparmor")
-    (arguments
-     (list #:make-flags
-           #~(list (string-append "CC=" #$(cc-for-target))
-                   (string-append "DESTDIR=" #$output)
-                   "USE_SYSTEM=1")
-           #:phases
-           #~(modify-phases %standard-phases
+  (let ((base libapparmor))
+    (package
+      (inherit base)
+      (name "apparmor")
+      (arguments
+       (append
+        (list #:make-flags
+              #~(list (string-append "CC=" #$(cc-for-target))
+                      (string-append "DESTDIR=" #$output)
+                      "USE_SYSTEM=1"
+                      ;; No need to run the linter
+                      "PYFLAKES=true"))
+        (substitute-keyword-arguments (package-arguments base)
+          ((#:phases phases)
+           #~(modify-phases #$phases
                (delete 'configure)
-               (add-after 'unpack 'fix-makefile-paths
-                 (lambda _
-                   (for-each patch-shebang
-                             '("common/list_af_names.sh"
-                               "common/list_capabilities.sh"))
-                   (for-each (lambda (file)
-                               (substitute* file
-                                 (("/usr/bin/\\<(pod2man|pod2html|prove)\\>" all cmd) cmd)
-                                 (("/usr") "")))
-                             '("common/Make-po.rules"
-                               "common/Make.rules"
-                               "binutils/Makefile"
-                               "parser/Makefile"
-                               "parser/tst/Makefile"
-                               "profiles/Makefile"
-                               "utils/Makefile"
-                               "utils/python-tools-setup.py"
-                               "utils/vim/Makefile"))))
-               (add-after 'fix-makefile-paths 'change-directory
+               ;; apparmor-binutils
+               (replace 'change-directory
                  (lambda _
-                   (chdir "binutils"))))))
-    (native-inputs (list gettext-minimal perl which))
-    (inputs (list libapparmor))
-    (license license:gpl2)))
+                   (chdir "binutils")))

-(define-public apparmor-parser
-  (let ((base apparmor))
-    (package
-      (inherit base)
-      (name "apparmor-parser")
-      (arguments
-       (substitute-keyword-arguments (package-arguments base)
-         ((#:phases phases)
-          #~(modify-phases #$phases
-              (replace 'change-directory
-                (lambda _
-                  (chdir "parser")))
-              (add-after 'change-directory 'fix-kernel-header-path
-                (lambda* (#:key inputs #:allow-other-keys)
-                  (substitute* "Makefile"
-                    (("/include/linux/capability.h" path)
-                     (search-input-file inputs path)))))))))
-      (native-inputs
-       (modify-inputs (package-native-inputs base)
-         (append bison flex python-minimal))))))
+               ;; apparmor-parser
+               (add-after 'install 'chdir-parser
+                 (lambda _
+                   (chdir "../parser")))
+               (add-after 'chdir-parser 'patch-source-shebangs-parser
+                 (assoc-ref %standard-phases 'patch-source-shebangs))
+               (add-after 'patch-source-shebangs-parser 'build-parser
+                 (assoc-ref %standard-phases 'build))
+               (add-after 'build-parser 'check-parser
+                 (assoc-ref %standard-phases 'check))
+               (add-after 'check-parser 'install-parser
+                 (assoc-ref %standard-phases 'install))

-(define-public apparmor-utils
-  (let ((base apparmor))
-    (package
-      (inherit base)
-      (name "apparmor-utils")
-      (arguments
-       (append
-        ;; FIXME: Tests required Python library from this package (itself).
-        (list #:tests? #f)
-        (substitute-keyword-arguments (package-arguments base)
-          ((#:phases phases)
-           #~(modify-phases #$phases
-               (replace 'change-directory
+               ;; apparmor-utils
+               ;; FIXME: Tests required Python library from this package
+               ;; (itself).
+               (add-after 'install-parser 'chdir-utils
                  (lambda _
-                   (chdir "utils")))
-               (add-after 'change-directory 'fix-paths
-                 (lambda* (#:key inputs #:allow-other-keys)
-                   ;; Fix kernel header path
-                   (substitute* "Makefile"
-                     (("/include/linux/capability.h" path)
-                      (search-input-file inputs path)))
-                   ;; Fix apparmor_parser path
-                   (for-each (lambda (file)
-                               (substitute* file
-                                 (("/sbin/apparmor_parser" path)
-                                  (search-input-file inputs path))))
-                             '("apparmor/aa.py"
-                               "apparmor/easyprof.py"
-                               "logprof.conf")))))))))
-      (native-inputs
-       (modify-inputs (package-native-inputs base)
-         (append python-minimal)))
-      (inputs
-       (modify-inputs (package-inputs base)
-         (append apparmor-parser))))))
+                   (chdir "../utils")
+                   ;; Fix paths to installed policygroups and templates for
+                   ;; easyprof.
+                   (substitute* "easyprof/easyprof.conf"
+                     (("/usr") #$output))))
+               (add-after 'chdir-utils 'build-utils
+                 (assoc-ref %standard-phases 'build))
+               (add-after 'build-utils 'install-utils
+                 (assoc-ref %standard-phases 'install))

-(define-public apparmor-profiles
-  (let ((base apparmor))
-    (package
-      (inherit base)
-      (name "apparmor-profiles")
-      (arguments
-       (append
-        (list #:tests? #f)              ;Needs an AppArmor-enabled system.
-        (substitute-keyword-arguments (package-arguments base)
-          ((#:phases phases)
-           #~(modify-phases #$phases
-               (replace 'change-directory
+               ;; apparmor-profiles
+               ;; FIXME: Tests need an AppArmor-enabled system.
+               (add-after 'install-utils 'chdir-profiles
                  (lambda _
-                   (chdir "profiles"))))))))
-      (native-inputs (list which))
-      (inputs '()))))
+                   (chdir "../profiles")))
+               (add-after 'chdir-profiles 'build-profiles
+                 (assoc-ref %standard-phases 'build))
+               (add-after 'check-build 'install-profiles
+                 (assoc-ref %standard-phases 'install)))))))
+      (propagated-inputs
+       (list libapparmor))
+      ;; Python module `readline' needed
+      (native-inputs
+       (list bison flex gettext-minimal perl python which))
+      (license license:gpl2))))

 (define-public pam-apparmor
   (let ((base apparmor))

base-commit: 8e42bfaffa3ecee4c3f0ee6ff257f4fcd90d4677
--
2.38.1




Information forwarded to guix-patches <at> gnu.org:
bug#59336; Package guix-patches. (Fri, 18 Nov 2022 04:30:03 GMT) Full text and rfc822 format available.

Message #29 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Hilton Chain <hako <at> ultrarare.space>
To: guix-patches <at> gnu.org
Subject: [PATCH v2 1/3] gnu: Add libapparmor.
Date: Fri, 18 Nov 2022 12:29:24 +0800
* gnu/packages/apparmor.scm: New file.
(libapparmor): New variable.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add the file.
---
 gnu/local.mk              |   1 +
 gnu/packages/apparmor.scm | 112 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 113 insertions(+)
 create mode 100644 gnu/packages/apparmor.scm

diff --git a/gnu/local.mk b/gnu/local.mk
index b154caaaaa..8907ca625b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -115,6 +115,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/anthy.scm			\
   %D%/packages/antivirus.scm			\
   %D%/packages/apl.scm				\
+  %D%/packages/apparmor.scm			\
   %D%/packages/apr.scm				\
   %D%/packages/arcan.scm			\
   %D%/packages/aspell.scm			\
diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm
new file mode 100644
index 0000000000..ac97580640
--- /dev/null
+++ b/gnu/packages/apparmor.scm
@@ -0,0 +1,112 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2022 Hilton Chain <hako <at> ultrarare.space>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages apparmor)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (gnu packages autotools)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages dejagnu)
+  #:use-module (gnu packages flex)
+  #:use-module (gnu packages gawk)
+  #:use-module (gnu packages gettext)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages python-xyz)
+  #:use-module (gnu packages ruby)
+  #:use-module (gnu packages swig)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix gexp)
+  #:use-module (guix git-download)
+  #:use-module (guix packages)
+  #:use-module (guix utils))
+
+(define-public libapparmor
+  (package
+    (name "libapparmor")
+    (version "3.1.2")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://gitlab.com/apparmor/apparmor")
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "1h77a7ww0rxfv5nsi1iy4fffklxdr2vq6r7kdsqm15yysglhbjyi"))))
+    (build-system gnu-build-system)
+    (arguments
+     (list #:configure-flags
+           #~(list (string-append "LDFLAGS=-Wl,-rpath=" #$output "/lib")
+                   "--with-perl" "--with-python" "--with-ruby")
+           #:phases
+           #~(modify-phases %standard-phases
+               (add-after 'unpack 'fix-paths
+                 (lambda* (#:key inputs #:allow-other-keys)
+                   (for-each patch-shebang
+                             '("common/list_af_names.sh"
+                               "common/list_capabilities.sh"))
+                   (for-each (lambda (file)
+                               (substitute* file
+                                 (("/usr") "")
+                                 (("/bin/\\<(pod2man|pod2html|podchecker|prove)\\>" path)
+                                  (search-input-file inputs path))
+                                 (("/include/linux/capability.h" path)
+                                  (search-input-file inputs path))))
+                             '("common/Make-po.rules"
+                               "common/Make.rules"
+                               "binutils/Makefile"
+                               "parser/Makefile"
+                               "parser/tst/Makefile"
+                               "profiles/Makefile"
+                               "utils/Makefile"
+                               "utils/python-tools-setup.py"
+                               "utils/vim/Makefile"))))
+               (add-after 'fix-paths 'change-directory
+                 (lambda _
+                   (chdir "libraries/libapparmor"))))))
+    (native-inputs
+     (list autoconf
+           automake
+           bison
+           dejagnu
+           flex
+           libtool
+           perl
+           python-minimal
+           ruby
+           swig
+           which))
+    (home-page "https://apparmor.net")
+    (synopsis "Linux kernel security module")
+    (description
+     "AppArmor is an effective and easy-to-use Linux application security
+system.
+
+AppArmor proactively protects the operating system and applications from
+external or internal threats, even zero-day attacks, by enforcing good
+behavior and preventing both known and unknown application flaws from being
+exploited.
+
+AppArmor supplements the traditional Unix discretionary access control (DAC)
+model by providing mandatory access control (MAC).  It has been included in
+the mainline Linux kernel since version 2.6.36 and its development has been
+supported by Canonical since 2009.")
+    (license license:lgpl2.1)))
-- 
2.38.1





Information forwarded to guix-patches <at> gnu.org:
bug#59336; Package guix-patches. (Fri, 18 Nov 2022 04:31:02 GMT) Full text and rfc822 format available.

Message #32 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Hilton Chain <hako <at> ultrarare.space>
To: guix-patches <at> gnu.org
Subject: [PATCH v2 2/3] gnu: Add apparmor.
Date: Fri, 18 Nov 2022 12:30:14 +0800
* gnu/packages/apparmor.scm (apparmor): New variable.
---
 gnu/packages/apparmor.scm | 66 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm
index ac97580640..82c00ebb0e 100644
--- a/gnu/packages/apparmor.scm
+++ b/gnu/packages/apparmor.scm
@@ -110,3 +110,69 @@ (define-public libapparmor
 the mainline Linux kernel since version 2.6.36 and its development has been
 supported by Canonical since 2009.")
     (license license:lgpl2.1)))
+
+(define-public apparmor
+  (let ((base libapparmor))
+    (package
+      (inherit base)
+      (name "apparmor")
+      (arguments
+       (append
+        (list #:make-flags
+              #~(list (string-append "CC=" #$(cc-for-target))
+                      (string-append "DESTDIR=" #$output)
+                      "USE_SYSTEM=1"
+                      ;; No need to run the linter
+                      "PYFLAKES=true"))
+        (substitute-keyword-arguments (package-arguments base)
+          ((#:phases phases)
+           #~(modify-phases #$phases
+               (delete 'configure)
+               ;; apparmor-binutils
+               (replace 'change-directory
+                 (lambda _
+                   (chdir "binutils")))
+
+               ;; apparmor-parser
+               (add-after 'install 'chdir-parser
+                 (lambda _
+                   (chdir "../parser")))
+               (add-after 'chdir-parser 'patch-source-shebangs-parser
+                 (assoc-ref %standard-phases 'patch-source-shebangs))
+               (add-after 'patch-source-shebangs-parser 'build-parser
+                 (assoc-ref %standard-phases 'build))
+               (add-after 'build-parser 'check-parser
+                 (assoc-ref %standard-phases 'check))
+               (add-after 'check-parser 'install-parser
+                 (assoc-ref %standard-phases 'install))
+
+               ;; apparmor-utils
+               ;; FIXME: Tests required Python library from this package
+               ;; (itself).
+               (add-after 'install-parser 'chdir-utils
+                 (lambda _
+                   (chdir "../utils")
+                   ;; Fix paths to installed policygroups and templates for
+                   ;; easyprof.
+                   (substitute* "easyprof/easyprof.conf"
+                     (("/usr") #$output))))
+               (add-after 'chdir-utils 'build-utils
+                 (assoc-ref %standard-phases 'build))
+               (add-after 'build-utils 'install-utils
+                 (assoc-ref %standard-phases 'install))
+
+               ;; apparmor-profiles
+               ;; FIXME: Tests need an AppArmor-enabled system.
+               (add-after 'install-utils 'chdir-profiles
+                 (lambda _
+                   (chdir "../profiles")))
+               (add-after 'chdir-profiles 'build-profiles
+                 (assoc-ref %standard-phases 'build))
+               (add-after 'check-build 'install-profiles
+                 (assoc-ref %standard-phases 'install)))))))
+      (propagated-inputs
+       (list libapparmor))
+      ;; Python module `readline' needed
+      (native-inputs
+       (list bison flex gettext-minimal perl python which))
+      (license license:gpl2))))
-- 
2.38.1





Information forwarded to guix-patches <at> gnu.org:
bug#59336; Package guix-patches. (Fri, 18 Nov 2022 04:32:01 GMT) Full text and rfc822 format available.

Message #35 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Hilton Chain <hako <at> ultrarare.space>
To: guix-patches <at> gnu.org
Subject: [PATCH v2 3/3] gnu: Add pam-apparmor.
Date: Fri, 18 Nov 2022 12:30:50 +0800
* gnu/packages/apparmor.scm (pam-apparmor): New variable.
---
 gnu/packages/apparmor.scm | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm
index 82c00ebb0e..3136091747 100644
--- a/gnu/packages/apparmor.scm
+++ b/gnu/packages/apparmor.scm
@@ -176,3 +176,21 @@ (define-public apparmor
       (native-inputs
        (list bison flex gettext-minimal perl python which))
       (license license:gpl2))))
+
+(define-public pam-apparmor
+  (let ((base apparmor))
+    (package
+      (inherit base)
+      (name "pam-apparmor")
+      (arguments
+       (append
+        (list #:tests? #f)              ;no tests
+        (substitute-keyword-arguments (package-arguments base)
+          ((#:phases phases)
+           #~(modify-phases #$phases
+               (replace 'change-directory
+                 (lambda _
+                   (chdir "changehat/pam_apparmor"))))))))
+      (native-inputs (list pkg-config which))
+      (inputs (list libapparmor linux-pam))
+      (license license:bsd-3))))
-- 
2.38.1





Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Sun, 04 Dec 2022 21:17:02 GMT) Full text and rfc822 format available.

Notification sent to Hilton Chain <hako <at> ultrarare.space>:
bug acknowledged by developer. (Sun, 04 Dec 2022 21:17:02 GMT) Full text and rfc822 format available.

Message #40 received at 59336-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Hilton Chain <hako <at> ultrarare.space>
Cc: 59336-done <at> debbugs.gnu.org
Subject: Re: bug#59336: [PATCH 0/6] gnu: Add apparmor.
Date: Sun, 04 Dec 2022 22:16:28 +0100
[Message part 1 (text/plain, inline)]
Hi,

Hilton Chain <hako <at> ultrarare.space> skribis:

> * gnu/packages/apparmor.scm (pam-apparmor): New variable.

I had to make the following change to get ‘pam-apparmor’ to build.

Applied all of v2 with these changes.  I followed up with a patch to
restrict libapparmor to *-linux systems.

Thanks!

Ludo’.

[Message part 2 (text/x-patch, inline)]
diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm
index 3136091747..ddbd9eb7a9 100644
@@ -188,9 +191,12 @@ (define-public pam-apparmor
         (substitute-keyword-arguments (package-arguments base)
           ((#:phases phases)
            #~(modify-phases #$phases
+               (delete 'chdir-parser)
+               (delete 'chdir-utils)
+               (delete 'chdir-profiles)
                (replace 'change-directory
                  (lambda _
                    (chdir "changehat/pam_apparmor"))))))))
-      (native-inputs (list pkg-config which))
+      (native-inputs (list pkg-config perl which))
       (inputs (list libapparmor linux-pam))
       (license license:bsd-3))))

bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Mon, 02 Jan 2023 12:24:05 GMT) Full text and rfc822 format available.

This bug report was last modified 2 years and 188 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.