summaryrefslogtreecommitdiff
path: root/pcr/apparmor
diff options
context:
space:
mode:
Diffstat (limited to 'pcr/apparmor')
-rw-r--r--pcr/apparmor/PKGBUILD240
1 files changed, 125 insertions, 115 deletions
diff --git a/pcr/apparmor/PKGBUILD b/pcr/apparmor/PKGBUILD
index e537fcd3b..8f81b952f 100644
--- a/pcr/apparmor/PKGBUILD
+++ b/pcr/apparmor/PKGBUILD
@@ -1,5 +1,5 @@
# Maintainer: David P. <megver83@parabola.nu>
-# Contributor: Omar Vega Ramos <ovruni@gnu.org.pe>
+# Contributor: Gordian Edenhofer <gordian.edenhofer@gmail.com>
# Contributor: Marcin Wieczorek <marcin@marcin.co>
# Contributor: Thomas Kuther <archlinux@kuther.net>
# Contributor: Gianni Vialetto <gianni at rootcube dot net>
@@ -8,159 +8,169 @@
# Contributor: Max Fierke <max@maxfierke.com>
pkgbase=apparmor
-pkgname=($pkgbase apparmor-parser apparmor-libapparmor apparmor-utils apparmor-profiles apparmor-pam apparmor-vim)
-pkgver=2.11.0
-#_majorver=${pkgver%.*} # bleh, AUR...
-_majorver=2.11
+pkgname=("${pkgbase}" 'apparmor-parser' 'apparmor-libapparmor' 'apparmor-utils' 'apparmor-profiles' 'apparmor-pam' 'apparmor-vim')
+_pkgbasever=2.11
+pkgver="${_pkgbasever}.1"
pkgrel=1
pkgdesc='Linux application security framework - mandatory access control for programs'
arch=('i686' 'x86_64')
-license=('GPL')
url='http://wiki.apparmor.net/index.php/Main_Page'
+license=('GPL')
makedepends=('flex' 'swig' 'perl' 'python' 'perl-locale-gettext' 'perl-rpc-xml' 'audit')
-
-source=(https://launchpad.net/$pkgname/${_majorver}/${_majorver}/+download/${pkgname}-${pkgver}.tar.gz{,.asc}
- "apparmor_load.sh"
- "apparmor_unload.sh"
- "apparmor.service")
-
-sha256sums=('b1c489ea11e7771b8e6b181532cafbf9ebe6603e3cb00e2558f21b7a5bdd739a'
+source=("https://launchpad.net/${pkgbase}/${_pkgbasever}/${pkgver}/+download/${pkgbase}-${pkgver}.tar.gz"{,.asc}
+ "apparmor_load.sh"
+ "apparmor_unload.sh"
+ "apparmor.service")
+sha512sums=('f088157cc116987e56c0e02127497b1ec6241f3d761ec3b53211fa188f5f02c9408d6b903f2d275328ede88ebfd1393e00aad9f68cbe78fa9ab3711ba0f9c00c'
'SKIP'
- '124300162dab2a923c024b91c5a977dbee901376a22eefc64cad2f91319876d5'
- '9704478ae13fe1c3fb2747afac86c31b1b4593493f0e1425ae2b77d47878e32e'
- 'eea47ec2a3fb0c1104193bed91586cfccda745f2e0a473f6d1d2a0d2fe42c413')
-
-# 3D3664BB: AppArmor Development Team (AppArmor signing key) <apparmor@lists.ubuntu.com>
-validpgpkeys=('3ECDCBA5FB34D254961CC53F6689E64E3D3664BB')
-
-#Configuration
-core_perl_dir='/usr/bin/core_perl'
-export MAKEFLAGS+=" POD2MAN=${core_perl_dir}/pod2man"
-export MAKEFLAGS+=" POD2HTML=${core_perl_dir}/pod2html"
-export MAKEFLAGS+=" PODCHECKER=${core_perl_dir}/podchecker"
-export MAKEFLAGS+=" PROVE=${core_perl_dir}/prove"
+ 'ae9598c2f7c7e04697ef542ef09b816eff0cdb32182a133769760d0669cdceb7ebf896f7c0523d6499394d2ac20d2d3ddec2189ead7ea3d98534c7b9fccdae25'
+ '9f729a2d838cc48065ba3758b4c021e9ab57210a351724cc1a96819169d3f08efba13469483227f5bb482e5f4ea6a48f8cb682996716137e0c1fd0876b2b9a2d'
+ 'a288614318b35ac5ed50897d6064ee4c81f3f1628e171c6b5229261045d4b31aa977795584f7ed2753170ae8ce023ef7dafeb38fd12f07ab35ba78d020972b5b')
+validpgpkeys=(
+ '3ECDCBA5FB34D254961CC53F6689E64E3D3664BB' # AppArmor Development Team
+ )
+
+_core_perl_dir='/usr/bin/core_perl'
+_vendorarch_perl_dir="$(perl -V:vendorarch | sed "s/^vendorarch='\(.*\)';$/\1/g")"
+export MAKEFLAGS+=" POD2MAN=${_core_perl_dir}/pod2man"
+export MAKEFLAGS+=" POD2HTML=${_core_perl_dir}/pod2html"
+export MAKEFLAGS+=" PODCHECKER=${_core_perl_dir}/podchecker"
+export MAKEFLAGS+=" PROVE=${_core_perl_dir}/prove"
export MAKEFLAGS+=" PYTHON=python3"
-
prepare() {
- cd "${srcdir}/${pkgbase}-${pkgver}/parser"
- # avoid depend on texlive-latex
- sed -i -e 's/pdflatex/true/g' Makefile
-
- cd "${srcdir}/${pkgbase}-${pkgver}/utils"
- # Set Arch paths
- sed -e '/logfiles/ s/syslog /syslog.log /g' \
- -e '/logfiles/ s/messages/messages.log/g' \
- -e '/parser/ s# /sbin/# /usr/bin/#g' \
- -i logprof.conf
- # do not build/install vim file with utils package (causes ref to $srcdir and wrong location)
- sed -i '/vim/d' Makefile
-
- cd "${srcdir}/${pkgbase}-${pkgver}/profiles/apparmor.d"
- # /usr merge vs. profiles
- for i in `find . -name "*sbin*"`; do sed -i -e 's@sbin@bin@g' ${i} && mv ${i} ${i/sbin/bin}; done
- for i in klogd ping syslog-ng syslogd; do
- sed -e "s@/bin/${i}@/usr/bin/${i}@g" \
- -e "s@bin\.${i}@usr\.bin\.${i}@g" \
- -i bin.${i} && \
- mv bin.${i} usr.bin.${i}
- done
+ cd "${srcdir}/${pkgbase}-${pkgver}/parser"
+ # Skip compiling LaTex documents and hence avoid an additional dependency on texlive-latex
+ sed -i -e 's/pdflatex/true/g' Makefile
+
+ cd "${srcdir}/${pkgbase}-${pkgver}/utils"
+ # Adapt logprof paths to Arch Linux defaults
+ sed -e '/logfiles/ s/syslog /syslog.log /g' \
+ -e '/logfiles/ s/messages/messages.log/g' \
+ -e '/parser/ s# /sbin/# /usr/bin/#g' \
+ -i logprof.conf
+ # Skip building and installing vim related files within the utils package
+ # becuase of false references to $srcdir and non-default file locations
+ sed -i '/vim/d' Makefile
+
+ cd "${srcdir}/${pkgbase}-${pkgver}/profiles/apparmor.d"
+ # Adapt profile names to Arch linux defaults
+ find . -name "*sbin*" -print0 | while read -r -d $'\0' i; do
+ sed -i -e 's@sbin@bin@g' "${i}"
+ mv "${i}" "${i/sbin/bin}"
+ done
+ for i in klogd ping syslog-ng syslogd; do
+ sed -e "s@/bin/${i}@/usr/bin/${i}@g" \
+ -e "s@bin\.${i}@usr\.bin\.${i}@g" \
+ -i "bin.${i}"
+ mv "bin.${i}" "usr.bin.${i}"
+ done
}
build() {
- msg2 "Building: apparmor-libapparmor"
- cd "${srcdir}/${pkgbase}-${pkgver}/libraries/libapparmor"
- unset PERL_MM_OPT
- NOCONFIGURE=1 ./autogen.sh
- ./configure --prefix=/usr --sbindir=/usr/bin --with-perl --with-python
- make
+ cd "${srcdir}/${pkgbase}-${pkgver}/libraries/libapparmor"
+ unset PERL_MM_OPT
+ NOCONFIGURE=1 ./autogen.sh
+ ./configure \
+ --prefix=/usr \
+ --sbindir=/usr/bin \
+ --with-perl \
+ --with-python
+ make
- cd "${srcdir}/${pkgbase}-${pkgver}"
- msg2 "Building: apparmor-parser"
- make -C parser
+ cd "${srcdir}/${pkgbase}-${pkgver}"
- msg2 "Building: apparmor-utils"
- make -C utils
+ make -C parser
- msg2 "Building: apparmor-profiles"
- make -C profiles
+ make -C utils
- msg2 "Building: apparmor-pam"
- make -C changehat/pam_apparmor
+ make -C profiles
- msg2 "Building: apparmor-vim"
- make -C utils/vim -j1
+ make -C changehat/pam_apparmor
+
+ make -C utils/vim -j1
}
package_apparmor() {
- pkgdesc='Linux application security framework - mandatory access control for programs (metapackage)'
- depends=(apparmor-parser apparmor-libapparmor apparmor-utils apparmor-profiles apparmor-pam apparmor-vim)
- optdepends=('linux-libre-apparmor: a kernel with AppArmor patches'
- 'linux-libre-lts-apparmor: a LTS kernel with AppArmor patches')
- install='apparmor.install'
+ pkgdesc='Linux application security framework - mandatory access control for programs (metapackage)'
+ depends=('apparmor-parser' 'apparmor-libapparmor' 'apparmor-utils' 'apparmor-profiles' 'apparmor-pam' 'apparmor-vim')
+ optdepends=('linux-libre-lts-apparmor: a LTS kernel with AppArmor enabled'
+ 'linux-libre-xtreme: a mainline kernel with AppArmor enabled'
+ 'apparmor-openrc: OpenRC init script')
+ install='apparmor.install'
}
package_apparmor-parser() {
- pkgdesc='AppArmor parser - loads AA profiles to kernel module'
- depends=('apparmor-libapparmor')
+ pkgdesc='AppArmor parser - loads AA profiles to kernel module'
+ depends=('apparmor-libapparmor')
- cd "${srcdir}/${pkgbase}-${pkgver}"
- make -C parser install DESTDIR=${pkgdir}
- mv "${pkgdir}/lib" "${pkgdir}/usr/lib"
- mv "${pkgdir}/sbin" "${pkgdir}/usr/bin"
+ cd "${srcdir}/${pkgbase}-${pkgver}"
+ make -C parser DESTDIR="${pkgdir}" install
+ mv "${pkgdir}/lib" "${pkgdir}/usr/lib"
+ mv "${pkgdir}/sbin" "${pkgdir}/usr/bin"
}
package_apparmor-libapparmor() {
- pkgdesc='AppArmor library'
- makedepends=('swig' 'perl' 'python')
- depends=('python')
+ pkgdesc='AppArmor library'
+ makedepends=('swig' 'perl' 'python')
+ depends=('python')
- cd "${srcdir}/${pkgbase}-${pkgver}"
- make -C libraries/libapparmor install DESTDIR="${pkgdir}"
- install -D -m644 "libraries/libapparmor/swig/perl/LibAppArmor.pm" "${pkgdir}/usr/lib/perl5/vendor_perl/"
+ cd "${srcdir}/${pkgbase}-${pkgver}"
+ make -C libraries/libapparmor DESTDIR="${pkgdir}" install
+ install -D -m644 "libraries/libapparmor/swig/perl/LibAppArmor.pm" "${pkgdir}/${_vendorarch_perl_dir}"
}
package_apparmor-utils() {
- pkgdesc='AppArmor userspace utilities'
- depends=('perl' 'perl-locale-gettext' 'perl-term-readkey'
- 'perl-file-tail' 'perl-rpc-xml' 'python')
- install='apparmor-utils.install'
-
- cd "${srcdir}/${pkgbase}-${pkgver}"
- make -C utils install DESTDIR="${pkgdir}" BINDIR="${pkgdir}/usr/bin"
- install -D -m755 "${srcdir}/apparmor_load.sh" "${pkgdir}/usr/bin/apparmor_load.sh"
- install -D -m755 "${srcdir}/apparmor_unload.sh" "${pkgdir}/usr/bin/apparmor_unload.sh"
- install -D -m644 "${srcdir}/apparmor.service" "${pkgdir}/usr/lib/systemd/system/apparmor.service"
+ pkgdesc='AppArmor userspace utilities'
+ depends=('perl' 'perl-locale-gettext' 'perl-term-readkey' 'perl-file-tail' 'perl-rpc-xml' 'python')
+
+ cd "${srcdir}/${pkgbase}-${pkgver}"
+ make -C utils DESTDIR="${pkgdir}" BINDIR="${pkgdir}/usr/bin" install
+ install -D -m755 "${srcdir}/apparmor_load.sh" "${pkgdir}/usr/bin/apparmor_load.sh"
+ install -D -m755 "${srcdir}/apparmor_unload.sh" "${pkgdir}/usr/bin/apparmor_unload.sh"
+ install -D -m644 "${srcdir}/apparmor.service" "${pkgdir}/usr/lib/systemd/system/apparmor.service"
}
package_apparmor-profiles() {
- pkgdesc='AppArmor sample pre-made profiles'
- depends=(apparmor-parser)
-
- # backup /etc/apparmor.d/* so using logprof is safe
- cd "${srcdir}/${pkgbase}-${pkgver}/profiles/apparmor.d"
- declare -a _profiles=(`find -type f|sed 's@./@etc/apparmor.d/@'`)
- backup=(`echo ${_profiles[@]}`)
-
- cd "${srcdir}/${pkgbase}-${pkgver}"
- make -C profiles install DESTDIR="${pkgdir}"
+ pkgdesc='AppArmor sample pre-made profiles'
+ depends=('apparmor-parser')
+
+ # Add default profiles to the backup array
+ cd "${srcdir}/${pkgbase}-${pkgver}/profiles/apparmor.d"
+ # Without the PKGBUILD check the following command would confuse `makepkg --printsrcinfo`
+ [[ -f "./PKGBUILD" ]] || backup=($(find . -type f | sed 's@./@etc/apparmor.d/@'))
+
+ cd "${srcdir}/${pkgbase}-${pkgver}"
+ make -C profiles DESTDIR="${pkgdir}" install
+
+ # Remove profiles for non-FSDG software
+ # https://labs.parabola.nu/issues/1371
+ rm -r ${pkgdir}/etc/apparmor.d/abstractions/ubuntu* \
+ ${pkgdir}/etc/apparmor.d/abstractions/nvidia \
+ ${pkgdir}/usr/share/apparmor/extra-profiles/usr.lib.firefox.mozilla-xremote-client \
+ ${pkgdir}/usr/share/apparmor/extra-profiles/usr.bin.{opera,skype}
+
+ # Adapt firefox profiles for iceweasel
+ # Do this really works? Many files and dirs that I don't see . . .
+ cd ${pkgdir}/usr/share/apparmor/extra-profiles/
+ mv usr.lib.firefox.firefox usr.lib.iceweasel.iceweasel
+ mv usr.lib.firefox.firefox.sh usr.lib.iceweasel.iceweasel.sh
+ sed 's|firefox|iceweasel|g' -i usr.lib.iceweasel.iceweasel*
}
package_apparmor-pam() {
- pkgdesc='AppArmor PAM library'
- depends=('apparmor-libapparmor' 'pam')
+ pkgdesc='AppArmor PAM library'
+ depends=('apparmor-libapparmor' 'pam')
- cd "${srcdir}/${pkgbase}-${pkgver}"
- make -C changehat/pam_apparmor install DESTDIR="${pkgdir}/usr"
- install -D -m644 changehat/pam_apparmor/README "${pkgdir}/usr/share/doc/apparmor/README.pam_apparmor"
+ cd "${srcdir}/${pkgbase}-${pkgver}"
+ make -C changehat/pam_apparmor DESTDIR="${pkgdir}/usr" install
+ install -D -m644 changehat/pam_apparmor/README "${pkgdir}/usr/share/doc/apparmor/README.pam_apparmor"
}
+
package_apparmor-vim() {
- pkgdesc='AppArmor VIM support'
- depends=('vim')
+ pkgdesc='AppArmor VIM support'
+ depends=('vim')
- cd "${srcdir}/${pkgbase}-${pkgver}/utils/vim"
- install -D -m644 apparmor.vim \
- "${pkgdir}/usr/share/vim/vimfiles/syntax/apparmor.vim"
+ cd "${srcdir}/${pkgbase}-${pkgver}/utils/vim"
+ install -D -m644 apparmor.vim "${pkgdir}/usr/share/vim/vimfiles/syntax/apparmor.vim"
}
-
-# vim:set ts=2 sw=2 et: