pkgs/os-specific/linux/apparmor/default.nix at 18.03-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / os-specific / linux / apparmor / default.nix
at 18.03-beta 232 lines 7.2 kB view raw
  1{ stdenv, fetchurl, fetchpatch, makeWrapper, autoreconfHook
  2, pkgconfig, which
  3, flex, bison
  4, linuxHeaders ? stdenv.cc.libc.linuxHeaders
  5, python
  6, gawk
  7, perl
  8, swig
  9, ncurses
 10, pam
 11}:
 12
 13let
 14  apparmor-series = "2.12";
 15  apparmor-patchver = "0";
 16  apparmor-version = apparmor-series + "." + apparmor-patchver;
 17
 18  apparmor-meta = component: with stdenv.lib; {
 19    homepage = http://apparmor.net/;
 20    description = "A mandatory access control system - ${component}";
 21    license = licenses.gpl2;
 22    maintainers = with maintainers; [ phreedom thoughtpolice joachifm ];
 23    platforms = platforms.linux;
 24  };
 25
 26  apparmor-sources = fetchurl {
 27    url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-series}.tar.gz";
 28    sha256 = "0mm0mcp0w18si9wl15drndysm7v27az2942p1xjd197shg80qawa";
 29  };
 30
 31  prePatchCommon = ''
 32    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man"
 33    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html"
 34    substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${linuxHeaders}/include/linux/capability.h"
 35    substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man"
 36  '';
 37
 38  # use 'if c then x else null' to avoid rebuilding
 39  # patches = stdenv.lib.optionals stdenv.hostPlatform.isMusl [
 40  patches = if stdenv.hostPlatform.isMusl then [
 41    (fetchpatch {
 42      url = "https://git.alpinelinux.org/cgit/aports/plain/testing/apparmor/0002-Provide-missing-secure_getenv-and-scandirat-function.patch?id=74b8427cc21f04e32030d047ae92caa618105b53";
 43      name = "0002-Provide-missing-secure_getenv-and-scandirat-function.patch";
 44      sha256 = "0pj1bzifghxwxlc39j8hyy17dkjr9fk64kkj94ayymyprz4i4nac";
 45    })
 46    (fetchpatch {
 47      url = "https://git.alpinelinux.org/cgit/aports/plain/testing/apparmor/0003-Added-missing-typedef-definitions-on-parser.patch?id=74b8427cc21f04e32030d047ae92caa618105b53";
 48      name = "0003-Added-missing-typedef-definitions-on-parser.patch";
 49      sha256 = "0yyaqz8jlmn1bm37arggprqz0njb4lhjni2d9c8qfqj0kll0bam0";
 50    })
 51    (fetchpatch {
 52      url = "https://git.alpinelinux.org/cgit/aports/plain/testing/apparmor/0007-Do-not-build-install-vim-file-with-utils-package.patch?id=74b8427cc21f04e32030d047ae92caa618105b53";
 53      name = "0007-Do-not-build-install-vim-file-with-utils-package.patch";
 54      sha256 = "1m4dx901biqgnr4w4wz8a2z9r9dxyw7wv6m6mqglqwf2lxinqmp4";
 55    })
 56    # (alpine patches {1,4,5,6,8} are needed for apparmor 2.11, but not 2.12)
 57  ] else null;
 58
 59  # FIXME: convert these to a single multiple-outputs package?
 60
 61  libapparmor = stdenv.mkDerivation {
 62    name = "libapparmor-${apparmor-version}";
 63    src = apparmor-sources;
 64
 65    nativeBuildInputs = [
 66      autoreconfHook
 67      bison
 68      flex
 69      pkgconfig
 70      swig
 71      ncurses
 72      which
 73    ];
 74
 75    buildInputs = [
 76      perl
 77      python
 78    ];
 79
 80    # required to build apparmor-parser
 81    dontDisableStatic = true;
 82
 83    prePatch = prePatchCommon + ''
 84      substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${stdenv.cc.libc.dev}/include/netinet/in.h"
 85      substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${stdenv.cc.libc.dev}/include/netinet/in.h"
 86    '';
 87    inherit patches;
 88
 89    postPatch = "cd ./libraries/libapparmor";
 90    configureFlags = "--with-python --with-perl";
 91
 92    outputs = [ "out" "python" ];
 93
 94    postInstall = ''
 95      mkdir -p $python/lib
 96      mv $out/lib/python* $python/lib/
 97    '';
 98
 99    meta = apparmor-meta "library";
100  };
101
102  apparmor-utils = stdenv.mkDerivation {
103    name = "apparmor-utils-${apparmor-version}";
104    src = apparmor-sources;
105
106    nativeBuildInputs = [ makeWrapper which ];
107
108    buildInputs = [
109      perl
110      python
111      libapparmor
112      libapparmor.python
113    ];
114
115    prePatch = prePatchCommon;
116    inherit patches;
117    postPatch = "cd ./utils";
118    makeFlags = ''LANGS='';
119    installFlags = ''DESTDIR=$(out) BINDIR=$(out)/bin VIM_INSTALL_PATH=$(out)/share PYPREFIX='';
120
121    postInstall = ''
122      for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-status aa-unconfined ; do
123        wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python.libPrefix}/site-packages:$PYTHONPATH"
124      done
125
126      for prog in aa-notify ; do
127        wrapProgram $out/bin/$prog --prefix PERL5LIB : "${libapparmor}/lib/perl5:$PERL5LIB"
128      done
129    '';
130
131    meta = apparmor-meta "user-land utilities";
132  };
133
134  apparmor-bin-utils = stdenv.mkDerivation {
135    name = "apparmor-bin-utils-${apparmor-version}";
136    src = apparmor-sources;
137
138    nativeBuildInputs = [
139      pkgconfig
140      libapparmor
141      gawk
142      which
143    ];
144
145    buildInputs = [
146      libapparmor
147    ];
148
149    prePatch = prePatchCommon;
150    postPatch = "cd ./binutils";
151    makeFlags = ''LANGS= USE_SYSTEM=1'';
152    installFlags = ''DESTDIR=$(out) BINDIR=$(out)/bin'';
153
154    meta = apparmor-meta "binary user-land utilities";
155  };
156
157  apparmor-parser = stdenv.mkDerivation {
158    name = "apparmor-parser-${apparmor-version}";
159    src = apparmor-sources;
160
161    nativeBuildInputs = [ bison flex which ];
162
163    buildInputs = [ libapparmor ];
164
165    prePatch = prePatchCommon + ''
166      substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison"
167      substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex"
168      substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${linuxHeaders}/include/linux/capability.h"
169      ## techdoc.pdf still doesn't build ...
170      substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
171    '';
172    inherit patches;
173    postPatch = "cd ./parser";
174    makeFlags = ''LANGS= USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include'';
175    installFlags = ''DESTDIR=$(out) DISTRO=unknown'';
176
177    meta = apparmor-meta "rule parser";
178  };
179
180  apparmor-pam = stdenv.mkDerivation {
181    name = "apparmor-pam-${apparmor-version}";
182    src = apparmor-sources;
183
184    nativeBuildInputs = [ pkgconfig which ];
185
186    buildInputs = [ libapparmor pam ];
187
188    postPatch = "cd ./changehat/pam_apparmor";
189    makeFlags = ''USE_SYSTEM=1'';
190    installFlags = ''DESTDIR=$(out)'';
191
192    meta = apparmor-meta "PAM service";
193  };
194
195  apparmor-profiles = stdenv.mkDerivation {
196    name = "apparmor-profiles-${apparmor-version}";
197    src = apparmor-sources;
198
199    nativeBuildInputs = [ which ];
200
201    postPatch = "cd ./profiles";
202    installFlags = ''DESTDIR=$(out) EXTRAS_DEST=$(out)/share/apparmor/extra-profiles'';
203
204    meta = apparmor-meta "profiles";
205  };
206
207  apparmor-kernel-patches = stdenv.mkDerivation {
208    name = "apparmor-kernel-patches-${apparmor-version}";
209    src = apparmor-sources;
210
211    phases = ''unpackPhase installPhase'';
212
213    installPhase = ''
214      mkdir "$out"
215      cp -R ./kernel-patches/* "$out"
216    '';
217
218    meta = apparmor-meta "kernel patches";
219  };
220
221in
222
223{
224  inherit
225    libapparmor
226    apparmor-utils
227    apparmor-bin-utils
228    apparmor-parser
229    apparmor-pam
230    apparmor-profiles
231    apparmor-kernel-patches;
232}