pkgs/os-specific/linux/apparmor/default.nix at v206 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / os-specific / linux / apparmor / default.nix
at v206 167 lines 5.0 kB view raw
  1{ stdenv, fetchurl, makeWrapper, autoconf, autoreconfHook, automake, libtool, pkgconfig, perl, which
  2, glibc, flex, bison, python27Packages, swig, pam
  3}:
  4
  5let
  6  apparmor-series = "2.10";
  7  apparmor-version = apparmor-series;
  8
  9  apparmor-meta = component: with stdenv.lib; {
 10    homepage = http://apparmor.net/;
 11    description = "Linux application security system - ${component}";
 12    license = licenses.gpl2;
 13    maintainers = with maintainers; [ phreedom thoughtpolice joachifm ];
 14    platforms = platforms.linux;
 15  };
 16
 17  apparmor-sources = fetchurl {
 18    url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz";
 19    sha256 = "1x06qmmbha9krx7880pxj2k3l8fxy3nm945xjjv735m2ax1243jd";
 20  };
 21
 22  prePatchCommon = ''
 23    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man"
 24    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html"
 25    substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
 26    substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man"
 27  '';
 28
 29  libapparmor = stdenv.mkDerivation {
 30    name = "libapparmor-${apparmor-version}";
 31    src = apparmor-sources;
 32
 33    buildInputs = [
 34      autoconf
 35      automake
 36      autoreconfHook
 37      bison
 38      flex
 39      glibc
 40      libtool
 41      perl
 42      pkgconfig
 43      python27Packages.python
 44      swig
 45      which
 46    ];
 47
 48    # required to build apparmor-parser
 49    dontDisableStatic = true;
 50
 51    prePatch = prePatchCommon + ''
 52      substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"
 53      substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"
 54      '';
 55
 56    postPatch = "cd ./libraries/libapparmor";
 57    configureFlags = "--with-python --with-perl";
 58
 59    meta = apparmor-meta "library";
 60  };
 61
 62  apparmor-utils = stdenv.mkDerivation {
 63    name = "apparmor-utils-${apparmor-version}";
 64    src = apparmor-sources;
 65
 66    buildInputs = [
 67      perl
 68      python27Packages.python
 69      python27Packages.readline
 70      libapparmor
 71      makeWrapper
 72      which
 73    ];
 74
 75    prePatch = prePatchCommon;
 76    postPatch = "cd ./utils";
 77    makeFlags = ''LANGS='';
 78    installFlags = ''DESTDIR=$(out) BINDIR=$(out)/bin VIM_INSTALL_PATH=$(out)/share PYPREFIX='';
 79
 80    postInstall = ''
 81      for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-status aa-unconfined ; do
 82        wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python27Packages.python.libPrefix}/site-packages:$PYTHONPATH"
 83      done
 84
 85      for prog in aa-exec aa-notify ; do
 86        wrapProgram $out/bin/$prog --prefix PERL5LIB : "${libapparmor}/lib/perl5:$PERL5LIB"
 87      done
 88    '';
 89
 90    meta = apparmor-meta "user-land utilities";
 91  };
 92
 93  apparmor-parser = stdenv.mkDerivation {
 94    name = "apparmor-parser-${apparmor-version}";
 95    src = apparmor-sources;
 96
 97    buildInputs = [
 98      libapparmor
 99      bison
100      flex
101      which
102    ];
103
104    prePatch = prePatchCommon + ''
105      substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison"
106      substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex"
107      substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
108      ## techdoc.pdf still doesn't build ...
109      substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
110    '';
111    postPatch = "cd ./parser";
112    makeFlags = ''LANGS= USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include'';
113    installFlags = ''DESTDIR=$(out) DISTRO=unknown'';
114
115    meta = apparmor-meta "rule parser";
116  };
117
118  apparmor-pam = stdenv.mkDerivation {
119    name = "apparmor-pam-${apparmor-version}";
120    src = apparmor-sources;
121
122    buildInputs = [
123      libapparmor
124      pam
125      pkgconfig
126      which
127    ];
128
129    postPatch = "cd ./changehat/pam_apparmor";
130    makeFlags = ''USE_SYSTEM=1'';
131    installFlags = ''DESTDIR=$(out)'';
132
133    meta = apparmor-meta "PAM service";
134  };
135
136  apparmor-profiles = stdenv.mkDerivation {
137    name = "apparmor-profiles-${apparmor-version}";
138    src = apparmor-sources;
139
140    buildInputs = [ which ];
141
142    postPatch = "cd ./profiles";
143    installFlags = ''DESTDIR=$(out) EXTRAS_DEST=$(out)/share/apparmor/extra-profiles'';
144
145    meta = apparmor-meta "profiles";
146  };
147
148  apparmor-kernel-patches = stdenv.mkDerivation {
149    name = "apparmor-kernel-patches-${apparmor-version}";
150    src = apparmor-sources;
151
152    phases = ''unpackPhase installPhase'';
153
154    installPhase = ''
155      mkdir "$out"
156      cp -R ./kernel-patches "$out"
157    '';
158
159    meta = apparmor-meta "kernel patches";
160  };
161
162in
163
164{
165  inherit libapparmor apparmor-utils apparmor-parser apparmor-pam
166  apparmor-profiles apparmor-kernel-patches;
167}