Package: guix-patches;
Reported by: Hilton Chain <hako <at> ultrarare.space>
Date: Thu, 17 Nov 2022 16:29:02 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 59336 in the body.
You can then email your comments to 59336 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
guix-patches <at> gnu.org
:bug#59336
; Package guix-patches
.
(Thu, 17 Nov 2022 16:29:02 GMT) Full text and rfc822 format available.Hilton Chain <hako <at> ultrarare.space>
:guix-patches <at> gnu.org
.
(Thu, 17 Nov 2022 16:29:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Hilton Chain <hako <at> ultrarare.space> To: guix-patches <at> gnu.org Subject: [PATCH 0/6] gnu: Add apparmor. Date: Fri, 18 Nov 2022 00:27:23 +0800
Hi Guix, This patchset adds the AppArmor project, excluding the Apache and Tomcat parts. Further tests are surely needed as I'm not an AppArmor user (yet)... Tests for two packages are disabled, one is apparmor-profiles, which needs an AppArmor-enforced system, the other is apparmor-utils, which wants Python libraries to be installed, this later one might be easier to solve (I tried to set GUIX_PYTHONPATH, but it fails either). Thanks! Hilton Chain (6): gnu: Add libapparmor. gnu: Add apparmor. gnu: Add apparmor-parser. gnu: Add apparmor-utils. gnu: Add apparmor-profiles. gnu: Add pam-apparmor. gnu/local.mk | 1 + gnu/packages/apparmor.scm | 219 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 220 insertions(+) create mode 100644 gnu/packages/apparmor.scm base-commit: 8e42bfaffa3ecee4c3f0ee6ff257f4fcd90d4677 -- 2.38.1
guix-patches <at> gnu.org
:bug#59336
; Package guix-patches
.
(Thu, 17 Nov 2022 16:31:01 GMT) Full text and rfc822 format available.Message #8 received at 59336 <at> debbugs.gnu.org (full text, mbox):
From: Hilton Chain <hako <at> ultrarare.space> To: 59336 <at> debbugs.gnu.org Subject: [PATCH 1/6] gnu: Add libapparmor. Date: Fri, 18 Nov 2022 00:30:02 +0800
* gnu/packages/apparmor.scm: New file. (libapparmor): New variable. * gnu/local.mk (GNU_SYSTEM_MODULES): Add the file. --- gnu/local.mk | 1 + gnu/packages/apparmor.scm | 90 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 91 insertions(+) create mode 100644 gnu/packages/apparmor.scm diff --git a/gnu/local.mk b/gnu/local.mk index b154caaaaa..8907ca625b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -115,6 +115,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/anthy.scm \ %D%/packages/antivirus.scm \ %D%/packages/apl.scm \ + %D%/packages/apparmor.scm \ %D%/packages/apr.scm \ %D%/packages/arcan.scm \ %D%/packages/aspell.scm \ diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm new file mode 100644 index 0000000000..8cb4c7e94d --- /dev/null +++ b/gnu/packages/apparmor.scm @@ -0,0 +1,90 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2022 Hilton Chain <hako <at> ultrarare.space> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (gnu packages apparmor) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (gnu packages autotools) + #:use-module (gnu packages base) + #:use-module (gnu packages bison) + #:use-module (gnu packages dejagnu) + #:use-module (gnu packages flex) + #:use-module (gnu packages gawk) + #:use-module (gnu packages gettext) + #:use-module (gnu packages linux) + #:use-module (gnu packages perl) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages python) + #:use-module (gnu packages python-xyz) + #:use-module (gnu packages ruby) + #:use-module (gnu packages swig) + #:use-module (guix build-system gnu) + #:use-module (guix gexp) + #:use-module (guix git-download) + #:use-module (guix packages) + #:use-module (guix utils)) + +(define-public libapparmor + (package + (name "libapparmor") + (version "3.1.2") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://gitlab.com/apparmor/apparmor") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1h77a7ww0rxfv5nsi1iy4fffklxdr2vq6r7kdsqm15yysglhbjyi")))) + (build-system gnu-build-system) + (arguments + (list #:configure-flags + #~(list (string-append "LDFLAGS=-Wl,-rpath=" #$output "/lib") + "--with-perl" "--with-python") + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'change-directory + (lambda _ + (chdir "libraries/libapparmor")))))) + (native-inputs + (list autoconf + automake + bison + dejagnu + flex + libtool + perl + python-minimal + swig + which)) + (home-page "https://apparmor.net") + (synopsis "Linux kernel security module") + (description + "AppArmor is an effective and easy-to-use Linux application security +system. + +AppArmor proactively protects the operating system and applications from +external or internal threats, even zero-day attacks, by enforcing good +behavior and preventing both known and unknown application flaws from being +exploited. + +AppArmor supplements the traditional Unix discretionary access control (DAC) +model by providing mandatory access control (MAC). It has been included in +the mainline Linux kernel since version 2.6.36 and its development has been +supported by Canonical since 2009.") + (license license:lgpl2.1))) -- 2.38.1
guix-patches <at> gnu.org
:bug#59336
; Package guix-patches
.
(Thu, 17 Nov 2022 16:32:01 GMT) Full text and rfc822 format available.Message #11 received at 59336 <at> debbugs.gnu.org (full text, mbox):
From: Hilton Chain <hako <at> ultrarare.space> To: 59336 <at> debbugs.gnu.org Subject: [PATCH 2/6] gnu: Add apparmor. Date: Fri, 18 Nov 2022 00:30:48 +0800
* gnu/packages/apparmor.scm (apparmor): New variable. --- gnu/packages/apparmor.scm | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm index 8cb4c7e94d..742414e18b 100644 --- a/gnu/packages/apparmor.scm +++ b/gnu/packages/apparmor.scm @@ -88,3 +88,40 @@ (define-public libapparmor the mainline Linux kernel since version 2.6.36 and its development has been supported by Canonical since 2009.") (license license:lgpl2.1))) + +(define-public apparmor + (package + (inherit libapparmor) + (name "apparmor") + (arguments + (list #:make-flags + #~(list (string-append "CC=" #$(cc-for-target)) + (string-append "DESTDIR=" #$output) + "USE_SYSTEM=1") + #:phases + #~(modify-phases %standard-phases + (delete 'configure) + (add-after 'unpack 'fix-makefile-paths + (lambda _ + (for-each patch-shebang + '("common/list_af_names.sh" + "common/list_capabilities.sh")) + (for-each (lambda (file) + (substitute* file + (("/usr/bin/\\<(pod2man|pod2html|prove)\\>" all cmd) cmd) + (("/usr") ""))) + '("common/Make-po.rules" + "common/Make.rules" + "binutils/Makefile" + "parser/Makefile" + "parser/tst/Makefile" + "profiles/Makefile" + "utils/Makefile" + "utils/python-tools-setup.py" + "utils/vim/Makefile")))) + (add-after 'fix-makefile-paths 'change-directory + (lambda _ + (chdir "binutils")))))) + (native-inputs (list gettext-minimal perl which)) + (inputs (list libapparmor)) + (license license:gpl2))) -- 2.38.1
guix-patches <at> gnu.org
:bug#59336
; Package guix-patches
.
(Thu, 17 Nov 2022 16:33:02 GMT) Full text and rfc822 format available.Message #14 received at 59336 <at> debbugs.gnu.org (full text, mbox):
From: Hilton Chain <hako <at> ultrarare.space> To: 59336 <at> debbugs.gnu.org Subject: [PATCH 3/6] gnu: Add apparmor-parser. Date: Fri, 18 Nov 2022 00:31:26 +0800
* gnu/packages/apparmor.scm (apparmor-parser): New variable. --- gnu/packages/apparmor.scm | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm index 742414e18b..8648a2213f 100644 --- a/gnu/packages/apparmor.scm +++ b/gnu/packages/apparmor.scm @@ -125,3 +125,24 @@ (define-public apparmor (native-inputs (list gettext-minimal perl which)) (inputs (list libapparmor)) (license license:gpl2))) + +(define-public apparmor-parser + (let ((base apparmor)) + (package + (inherit base) + (name "apparmor-parser") + (arguments + (substitute-keyword-arguments (package-arguments base) + ((#:phases phases) + #~(modify-phases #$phases + (replace 'change-directory + (lambda _ + (chdir "parser"))) + (add-after 'change-directory 'fix-kernel-header-path + (lambda* (#:key inputs #:allow-other-keys) + (substitute* "Makefile" + (("/include/linux/capability.h" path) + (search-input-file inputs path))))))))) + (native-inputs + (modify-inputs (package-native-inputs base) + (append bison flex python-minimal)))))) -- 2.38.1
guix-patches <at> gnu.org
:bug#59336
; Package guix-patches
.
(Thu, 17 Nov 2022 16:33:03 GMT) Full text and rfc822 format available.Message #17 received at 59336 <at> debbugs.gnu.org (full text, mbox):
From: Hilton Chain <hako <at> ultrarare.space> To: 59336 <at> debbugs.gnu.org Subject: [PATCH 4/6] gnu: Add apparmor-utils. Date: Fri, 18 Nov 2022 00:32:00 +0800
* gnu/packages/apparmor.scm (apparmor-utils): New variable. --- gnu/packages/apparmor.scm | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm index 8648a2213f..b753ffc88a 100644 --- a/gnu/packages/apparmor.scm +++ b/gnu/packages/apparmor.scm @@ -146,3 +146,39 @@ (define-public apparmor-parser (native-inputs (modify-inputs (package-native-inputs base) (append bison flex python-minimal)))))) + +(define-public apparmor-utils + (let ((base apparmor)) + (package + (inherit base) + (name "apparmor-utils") + (arguments + (append + ;; FIXME: Tests required Python library from this package (itself). + (list #:tests? #f) + (substitute-keyword-arguments (package-arguments base) + ((#:phases phases) + #~(modify-phases #$phases + (replace 'change-directory + (lambda _ + (chdir "utils"))) + (add-after 'change-directory 'fix-paths + (lambda* (#:key inputs #:allow-other-keys) + ;; Fix kernel header path + (substitute* "Makefile" + (("/include/linux/capability.h" path) + (search-input-file inputs path))) + ;; Fix apparmor_parser path + (for-each (lambda (file) + (substitute* file + (("/sbin/apparmor_parser" path) + (search-input-file inputs path)))) + '("apparmor/aa.py" + "apparmor/easyprof.py" + "logprof.conf"))))))))) + (native-inputs + (modify-inputs (package-native-inputs base) + (append python-minimal))) + (inputs + (modify-inputs (package-inputs base) + (append apparmor-parser)))))) -- 2.38.1
guix-patches <at> gnu.org
:bug#59336
; Package guix-patches
.
(Thu, 17 Nov 2022 16:34:01 GMT) Full text and rfc822 format available.Message #20 received at 59336 <at> debbugs.gnu.org (full text, mbox):
From: Hilton Chain <hako <at> ultrarare.space> To: 59336 <at> debbugs.gnu.org Subject: [PATCH 5/6] gnu: Add apparmor-profiles. Date: Fri, 18 Nov 2022 00:32:39 +0800
* gnu/packages/apparmor.scm (apparmor-profiles): New variable. --- gnu/packages/apparmor.scm | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm index b753ffc88a..573666c27f 100644 --- a/gnu/packages/apparmor.scm +++ b/gnu/packages/apparmor.scm @@ -182,3 +182,20 @@ (define-public apparmor-utils (inputs (modify-inputs (package-inputs base) (append apparmor-parser)))))) + +(define-public apparmor-profiles + (let ((base apparmor)) + (package + (inherit base) + (name "apparmor-profiles") + (arguments + (append + (list #:tests? #f) ;Needs an AppArmor-enabled system. + (substitute-keyword-arguments (package-arguments base) + ((#:phases phases) + #~(modify-phases #$phases + (replace 'change-directory + (lambda _ + (chdir "profiles")))))))) + (native-inputs (list which)) + (inputs '())))) -- 2.38.1
guix-patches <at> gnu.org
:bug#59336
; Package guix-patches
.
(Thu, 17 Nov 2022 16:34:02 GMT) Full text and rfc822 format available.Message #23 received at 59336 <at> debbugs.gnu.org (full text, mbox):
From: Hilton Chain <hako <at> ultrarare.space> To: 59336 <at> debbugs.gnu.org Subject: [PATCH 6/6] gnu: Add pam-apparmor. Date: Fri, 18 Nov 2022 00:33:10 +0800
* gnu/packages/apparmor.scm (pam-apparmor): New variable. --- gnu/packages/apparmor.scm | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm index 573666c27f..85f3e9c6ae 100644 --- a/gnu/packages/apparmor.scm +++ b/gnu/packages/apparmor.scm @@ -199,3 +199,21 @@ (define-public apparmor-profiles (chdir "profiles")))))))) (native-inputs (list which)) (inputs '())))) + +(define-public pam-apparmor + (let ((base apparmor)) + (package + (inherit base) + (name "pam-apparmor") + (arguments + (append + (list #:tests? #f) ;no tests + (substitute-keyword-arguments (package-arguments base) + ((#:phases phases) + #~(modify-phases #$phases + (replace 'change-directory + (lambda _ + (chdir "changehat/pam_apparmor")))))))) + (native-inputs (list pkg-config which)) + (inputs (list libapparmor linux-pam)) + (license license:bsd-3)))) -- 2.38.1
guix-patches <at> gnu.org
:bug#59336
; Package guix-patches
.
(Fri, 18 Nov 2022 04:30:02 GMT) Full text and rfc822 format available.Message #26 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Hilton Chain <hako <at> ultrarare.space> To: guix-patches <at> gnu.org Subject: [PATCH v2 0/3] gnu: Add apparmor. Date: Fri, 18 Nov 2022 12:28:17 +0800
v1 -> v2: 1. Build Ruby bindings for libapparmor. 2. Build the original apparmor, apparmor-parser, apparmor-utils, apparmor-profiles into a single package, apparmor. 3. Fix paths in aa-easyprof's config file. Hilton Chain (3): gnu: Add libapparmor. gnu: Add apparmor. gnu: Add pam-apparmor. gnu/local.mk | 1 + gnu/packages/apparmor.scm | 196 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 197 insertions(+) create mode 100644 gnu/packages/apparmor.scm The following is the diff range from v1 to v2: diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm index 85f3e9c6ae..3136091747 100644 --- a/gnu/packages/apparmor.scm +++ b/gnu/packages/apparmor.scm @@ -55,10 +55,31 @@ (define-public libapparmor (arguments (list #:configure-flags #~(list (string-append "LDFLAGS=-Wl,-rpath=" #$output "/lib") - "--with-perl" "--with-python") + "--with-perl" "--with-python" "--with-ruby") #:phases #~(modify-phases %standard-phases - (add-after 'unpack 'change-directory + (add-after 'unpack 'fix-paths + (lambda* (#:key inputs #:allow-other-keys) + (for-each patch-shebang + '("common/list_af_names.sh" + "common/list_capabilities.sh")) + (for-each (lambda (file) + (substitute* file + (("/usr") "") + (("/bin/\\<(pod2man|pod2html|podchecker|prove)\\>" path) + (search-input-file inputs path)) + (("/include/linux/capability.h" path) + (search-input-file inputs path)))) + '("common/Make-po.rules" + "common/Make.rules" + "binutils/Makefile" + "parser/Makefile" + "parser/tst/Makefile" + "profiles/Makefile" + "utils/Makefile" + "utils/python-tools-setup.py" + "utils/vim/Makefile")))) + (add-after 'fix-paths 'change-directory (lambda _ (chdir "libraries/libapparmor")))))) (native-inputs @@ -70,6 +91,7 @@ (define-public libapparmor libtool perl python-minimal + ruby swig which)) (home-page "https://apparmor.net") @@ -90,112 +112,67 @@ (define-public libapparmor (license license:lgpl2.1))) (define-public apparmor - (package - (inherit libapparmor) - (name "apparmor") - (arguments - (list #:make-flags - #~(list (string-append "CC=" #$(cc-for-target)) - (string-append "DESTDIR=" #$output) - "USE_SYSTEM=1") - #:phases - #~(modify-phases %standard-phases + (let ((base libapparmor)) + (package + (inherit base) + (name "apparmor") + (arguments + (append + (list #:make-flags + #~(list (string-append "CC=" #$(cc-for-target)) + (string-append "DESTDIR=" #$output) + "USE_SYSTEM=1" + ;; No need to run the linter + "PYFLAKES=true")) + (substitute-keyword-arguments (package-arguments base) + ((#:phases phases) + #~(modify-phases #$phases (delete 'configure) - (add-after 'unpack 'fix-makefile-paths - (lambda _ - (for-each patch-shebang - '("common/list_af_names.sh" - "common/list_capabilities.sh")) - (for-each (lambda (file) - (substitute* file - (("/usr/bin/\\<(pod2man|pod2html|prove)\\>" all cmd) cmd) - (("/usr") ""))) - '("common/Make-po.rules" - "common/Make.rules" - "binutils/Makefile" - "parser/Makefile" - "parser/tst/Makefile" - "profiles/Makefile" - "utils/Makefile" - "utils/python-tools-setup.py" - "utils/vim/Makefile")))) - (add-after 'fix-makefile-paths 'change-directory + ;; apparmor-binutils + (replace 'change-directory (lambda _ - (chdir "binutils")))))) - (native-inputs (list gettext-minimal perl which)) - (inputs (list libapparmor)) - (license license:gpl2))) + (chdir "binutils"))) -(define-public apparmor-parser - (let ((base apparmor)) - (package - (inherit base) - (name "apparmor-parser") - (arguments - (substitute-keyword-arguments (package-arguments base) - ((#:phases phases) - #~(modify-phases #$phases - (replace 'change-directory - (lambda _ - (chdir "parser"))) - (add-after 'change-directory 'fix-kernel-header-path - (lambda* (#:key inputs #:allow-other-keys) - (substitute* "Makefile" - (("/include/linux/capability.h" path) - (search-input-file inputs path))))))))) - (native-inputs - (modify-inputs (package-native-inputs base) - (append bison flex python-minimal)))))) + ;; apparmor-parser + (add-after 'install 'chdir-parser + (lambda _ + (chdir "../parser"))) + (add-after 'chdir-parser 'patch-source-shebangs-parser + (assoc-ref %standard-phases 'patch-source-shebangs)) + (add-after 'patch-source-shebangs-parser 'build-parser + (assoc-ref %standard-phases 'build)) + (add-after 'build-parser 'check-parser + (assoc-ref %standard-phases 'check)) + (add-after 'check-parser 'install-parser + (assoc-ref %standard-phases 'install)) -(define-public apparmor-utils - (let ((base apparmor)) - (package - (inherit base) - (name "apparmor-utils") - (arguments - (append - ;; FIXME: Tests required Python library from this package (itself). - (list #:tests? #f) - (substitute-keyword-arguments (package-arguments base) - ((#:phases phases) - #~(modify-phases #$phases - (replace 'change-directory + ;; apparmor-utils + ;; FIXME: Tests required Python library from this package + ;; (itself). + (add-after 'install-parser 'chdir-utils (lambda _ - (chdir "utils"))) - (add-after 'change-directory 'fix-paths - (lambda* (#:key inputs #:allow-other-keys) - ;; Fix kernel header path - (substitute* "Makefile" - (("/include/linux/capability.h" path) - (search-input-file inputs path))) - ;; Fix apparmor_parser path - (for-each (lambda (file) - (substitute* file - (("/sbin/apparmor_parser" path) - (search-input-file inputs path)))) - '("apparmor/aa.py" - "apparmor/easyprof.py" - "logprof.conf"))))))))) - (native-inputs - (modify-inputs (package-native-inputs base) - (append python-minimal))) - (inputs - (modify-inputs (package-inputs base) - (append apparmor-parser)))))) + (chdir "../utils") + ;; Fix paths to installed policygroups and templates for + ;; easyprof. + (substitute* "easyprof/easyprof.conf" + (("/usr") #$output)))) + (add-after 'chdir-utils 'build-utils + (assoc-ref %standard-phases 'build)) + (add-after 'build-utils 'install-utils + (assoc-ref %standard-phases 'install)) -(define-public apparmor-profiles - (let ((base apparmor)) - (package - (inherit base) - (name "apparmor-profiles") - (arguments - (append - (list #:tests? #f) ;Needs an AppArmor-enabled system. - (substitute-keyword-arguments (package-arguments base) - ((#:phases phases) - #~(modify-phases #$phases - (replace 'change-directory + ;; apparmor-profiles + ;; FIXME: Tests need an AppArmor-enabled system. + (add-after 'install-utils 'chdir-profiles (lambda _ - (chdir "profiles")))))))) - (native-inputs (list which)) - (inputs '())))) + (chdir "../profiles"))) + (add-after 'chdir-profiles 'build-profiles + (assoc-ref %standard-phases 'build)) + (add-after 'check-build 'install-profiles + (assoc-ref %standard-phases 'install))))))) + (propagated-inputs + (list libapparmor)) + ;; Python module `readline' needed + (native-inputs + (list bison flex gettext-minimal perl python which)) + (license license:gpl2)))) (define-public pam-apparmor (let ((base apparmor)) base-commit: 8e42bfaffa3ecee4c3f0ee6ff257f4fcd90d4677 -- 2.38.1
guix-patches <at> gnu.org
:bug#59336
; Package guix-patches
.
(Fri, 18 Nov 2022 04:30:03 GMT) Full text and rfc822 format available.Message #29 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Hilton Chain <hako <at> ultrarare.space> To: guix-patches <at> gnu.org Subject: [PATCH v2 1/3] gnu: Add libapparmor. Date: Fri, 18 Nov 2022 12:29:24 +0800
* gnu/packages/apparmor.scm: New file. (libapparmor): New variable. * gnu/local.mk (GNU_SYSTEM_MODULES): Add the file. --- gnu/local.mk | 1 + gnu/packages/apparmor.scm | 112 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 113 insertions(+) create mode 100644 gnu/packages/apparmor.scm diff --git a/gnu/local.mk b/gnu/local.mk index b154caaaaa..8907ca625b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -115,6 +115,7 @@ GNU_SYSTEM_MODULES = \ %D%/packages/anthy.scm \ %D%/packages/antivirus.scm \ %D%/packages/apl.scm \ + %D%/packages/apparmor.scm \ %D%/packages/apr.scm \ %D%/packages/arcan.scm \ %D%/packages/aspell.scm \ diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm new file mode 100644 index 0000000000..ac97580640 --- /dev/null +++ b/gnu/packages/apparmor.scm @@ -0,0 +1,112 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2022 Hilton Chain <hako <at> ultrarare.space> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (gnu packages apparmor) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (gnu packages autotools) + #:use-module (gnu packages base) + #:use-module (gnu packages bison) + #:use-module (gnu packages dejagnu) + #:use-module (gnu packages flex) + #:use-module (gnu packages gawk) + #:use-module (gnu packages gettext) + #:use-module (gnu packages linux) + #:use-module (gnu packages perl) + #:use-module (gnu packages pkg-config) + #:use-module (gnu packages python) + #:use-module (gnu packages python-xyz) + #:use-module (gnu packages ruby) + #:use-module (gnu packages swig) + #:use-module (guix build-system gnu) + #:use-module (guix gexp) + #:use-module (guix git-download) + #:use-module (guix packages) + #:use-module (guix utils)) + +(define-public libapparmor + (package + (name "libapparmor") + (version "3.1.2") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://gitlab.com/apparmor/apparmor") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1h77a7ww0rxfv5nsi1iy4fffklxdr2vq6r7kdsqm15yysglhbjyi")))) + (build-system gnu-build-system) + (arguments + (list #:configure-flags + #~(list (string-append "LDFLAGS=-Wl,-rpath=" #$output "/lib") + "--with-perl" "--with-python" "--with-ruby") + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'fix-paths + (lambda* (#:key inputs #:allow-other-keys) + (for-each patch-shebang + '("common/list_af_names.sh" + "common/list_capabilities.sh")) + (for-each (lambda (file) + (substitute* file + (("/usr") "") + (("/bin/\\<(pod2man|pod2html|podchecker|prove)\\>" path) + (search-input-file inputs path)) + (("/include/linux/capability.h" path) + (search-input-file inputs path)))) + '("common/Make-po.rules" + "common/Make.rules" + "binutils/Makefile" + "parser/Makefile" + "parser/tst/Makefile" + "profiles/Makefile" + "utils/Makefile" + "utils/python-tools-setup.py" + "utils/vim/Makefile")))) + (add-after 'fix-paths 'change-directory + (lambda _ + (chdir "libraries/libapparmor")))))) + (native-inputs + (list autoconf + automake + bison + dejagnu + flex + libtool + perl + python-minimal + ruby + swig + which)) + (home-page "https://apparmor.net") + (synopsis "Linux kernel security module") + (description + "AppArmor is an effective and easy-to-use Linux application security +system. + +AppArmor proactively protects the operating system and applications from +external or internal threats, even zero-day attacks, by enforcing good +behavior and preventing both known and unknown application flaws from being +exploited. + +AppArmor supplements the traditional Unix discretionary access control (DAC) +model by providing mandatory access control (MAC). It has been included in +the mainline Linux kernel since version 2.6.36 and its development has been +supported by Canonical since 2009.") + (license license:lgpl2.1))) -- 2.38.1
guix-patches <at> gnu.org
:bug#59336
; Package guix-patches
.
(Fri, 18 Nov 2022 04:31:02 GMT) Full text and rfc822 format available.Message #32 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Hilton Chain <hako <at> ultrarare.space> To: guix-patches <at> gnu.org Subject: [PATCH v2 2/3] gnu: Add apparmor. Date: Fri, 18 Nov 2022 12:30:14 +0800
* gnu/packages/apparmor.scm (apparmor): New variable. --- gnu/packages/apparmor.scm | 66 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm index ac97580640..82c00ebb0e 100644 --- a/gnu/packages/apparmor.scm +++ b/gnu/packages/apparmor.scm @@ -110,3 +110,69 @@ (define-public libapparmor the mainline Linux kernel since version 2.6.36 and its development has been supported by Canonical since 2009.") (license license:lgpl2.1))) + +(define-public apparmor + (let ((base libapparmor)) + (package + (inherit base) + (name "apparmor") + (arguments + (append + (list #:make-flags + #~(list (string-append "CC=" #$(cc-for-target)) + (string-append "DESTDIR=" #$output) + "USE_SYSTEM=1" + ;; No need to run the linter + "PYFLAKES=true")) + (substitute-keyword-arguments (package-arguments base) + ((#:phases phases) + #~(modify-phases #$phases + (delete 'configure) + ;; apparmor-binutils + (replace 'change-directory + (lambda _ + (chdir "binutils"))) + + ;; apparmor-parser + (add-after 'install 'chdir-parser + (lambda _ + (chdir "../parser"))) + (add-after 'chdir-parser 'patch-source-shebangs-parser + (assoc-ref %standard-phases 'patch-source-shebangs)) + (add-after 'patch-source-shebangs-parser 'build-parser + (assoc-ref %standard-phases 'build)) + (add-after 'build-parser 'check-parser + (assoc-ref %standard-phases 'check)) + (add-after 'check-parser 'install-parser + (assoc-ref %standard-phases 'install)) + + ;; apparmor-utils + ;; FIXME: Tests required Python library from this package + ;; (itself). + (add-after 'install-parser 'chdir-utils + (lambda _ + (chdir "../utils") + ;; Fix paths to installed policygroups and templates for + ;; easyprof. + (substitute* "easyprof/easyprof.conf" + (("/usr") #$output)))) + (add-after 'chdir-utils 'build-utils + (assoc-ref %standard-phases 'build)) + (add-after 'build-utils 'install-utils + (assoc-ref %standard-phases 'install)) + + ;; apparmor-profiles + ;; FIXME: Tests need an AppArmor-enabled system. + (add-after 'install-utils 'chdir-profiles + (lambda _ + (chdir "../profiles"))) + (add-after 'chdir-profiles 'build-profiles + (assoc-ref %standard-phases 'build)) + (add-after 'check-build 'install-profiles + (assoc-ref %standard-phases 'install))))))) + (propagated-inputs + (list libapparmor)) + ;; Python module `readline' needed + (native-inputs + (list bison flex gettext-minimal perl python which)) + (license license:gpl2)))) -- 2.38.1
guix-patches <at> gnu.org
:bug#59336
; Package guix-patches
.
(Fri, 18 Nov 2022 04:32:01 GMT) Full text and rfc822 format available.Message #35 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Hilton Chain <hako <at> ultrarare.space> To: guix-patches <at> gnu.org Subject: [PATCH v2 3/3] gnu: Add pam-apparmor. Date: Fri, 18 Nov 2022 12:30:50 +0800
* gnu/packages/apparmor.scm (pam-apparmor): New variable. --- gnu/packages/apparmor.scm | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm index 82c00ebb0e..3136091747 100644 --- a/gnu/packages/apparmor.scm +++ b/gnu/packages/apparmor.scm @@ -176,3 +176,21 @@ (define-public apparmor (native-inputs (list bison flex gettext-minimal perl python which)) (license license:gpl2)))) + +(define-public pam-apparmor + (let ((base apparmor)) + (package + (inherit base) + (name "pam-apparmor") + (arguments + (append + (list #:tests? #f) ;no tests + (substitute-keyword-arguments (package-arguments base) + ((#:phases phases) + #~(modify-phases #$phases + (replace 'change-directory + (lambda _ + (chdir "changehat/pam_apparmor")))))))) + (native-inputs (list pkg-config which)) + (inputs (list libapparmor linux-pam)) + (license license:bsd-3)))) -- 2.38.1
Ludovic Courtès <ludo <at> gnu.org>
:Hilton Chain <hako <at> ultrarare.space>
:Message #40 received at 59336-done <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Hilton Chain <hako <at> ultrarare.space> Cc: 59336-done <at> debbugs.gnu.org Subject: Re: bug#59336: [PATCH 0/6] gnu: Add apparmor. Date: Sun, 04 Dec 2022 22:16:28 +0100
[Message part 1 (text/plain, inline)]
Hi, Hilton Chain <hako <at> ultrarare.space> skribis: > * gnu/packages/apparmor.scm (pam-apparmor): New variable. I had to make the following change to get ‘pam-apparmor’ to build. Applied all of v2 with these changes. I followed up with a patch to restrict libapparmor to *-linux systems. Thanks! Ludo’.
[Message part 2 (text/x-patch, inline)]
diff --git a/gnu/packages/apparmor.scm b/gnu/packages/apparmor.scm index 3136091747..ddbd9eb7a9 100644 @@ -188,9 +191,12 @@ (define-public pam-apparmor (substitute-keyword-arguments (package-arguments base) ((#:phases phases) #~(modify-phases #$phases + (delete 'chdir-parser) + (delete 'chdir-utils) + (delete 'chdir-profiles) (replace 'change-directory (lambda _ (chdir "changehat/pam_apparmor")))))))) - (native-inputs (list pkg-config which)) + (native-inputs (list pkg-config perl which)) (inputs (list libapparmor linux-pam)) (license license:bsd-3))))
Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org
.
(Mon, 02 Jan 2023 12:24:05 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.