diff options
Diffstat (limited to 'pcr/apparmor')
-rw-r--r-- | pcr/apparmor/PKGBUILD | 240 |
1 files changed, 125 insertions, 115 deletions
diff --git a/pcr/apparmor/PKGBUILD b/pcr/apparmor/PKGBUILD index e537fcd3b..8f81b952f 100644 --- a/pcr/apparmor/PKGBUILD +++ b/pcr/apparmor/PKGBUILD @@ -1,5 +1,5 @@ # Maintainer: David P. <megver83@parabola.nu> -# Contributor: Omar Vega Ramos <ovruni@gnu.org.pe> +# Contributor: Gordian Edenhofer <gordian.edenhofer@gmail.com> # Contributor: Marcin Wieczorek <marcin@marcin.co> # Contributor: Thomas Kuther <archlinux@kuther.net> # Contributor: Gianni Vialetto <gianni at rootcube dot net> @@ -8,159 +8,169 @@ # Contributor: Max Fierke <max@maxfierke.com> pkgbase=apparmor -pkgname=($pkgbase apparmor-parser apparmor-libapparmor apparmor-utils apparmor-profiles apparmor-pam apparmor-vim) -pkgver=2.11.0 -#_majorver=${pkgver%.*} # bleh, AUR... -_majorver=2.11 +pkgname=("${pkgbase}" 'apparmor-parser' 'apparmor-libapparmor' 'apparmor-utils' 'apparmor-profiles' 'apparmor-pam' 'apparmor-vim') +_pkgbasever=2.11 +pkgver="${_pkgbasever}.1" pkgrel=1 pkgdesc='Linux application security framework - mandatory access control for programs' arch=('i686' 'x86_64') -license=('GPL') url='http://wiki.apparmor.net/index.php/Main_Page' +license=('GPL') makedepends=('flex' 'swig' 'perl' 'python' 'perl-locale-gettext' 'perl-rpc-xml' 'audit') - -source=(https://launchpad.net/$pkgname/${_majorver}/${_majorver}/+download/${pkgname}-${pkgver}.tar.gz{,.asc} - "apparmor_load.sh" - "apparmor_unload.sh" - "apparmor.service") - -sha256sums=('b1c489ea11e7771b8e6b181532cafbf9ebe6603e3cb00e2558f21b7a5bdd739a' +source=("https://launchpad.net/${pkgbase}/${_pkgbasever}/${pkgver}/+download/${pkgbase}-${pkgver}.tar.gz"{,.asc} + "apparmor_load.sh" + "apparmor_unload.sh" + "apparmor.service") +sha512sums=('f088157cc116987e56c0e02127497b1ec6241f3d761ec3b53211fa188f5f02c9408d6b903f2d275328ede88ebfd1393e00aad9f68cbe78fa9ab3711ba0f9c00c' 'SKIP' - '124300162dab2a923c024b91c5a977dbee901376a22eefc64cad2f91319876d5' - '9704478ae13fe1c3fb2747afac86c31b1b4593493f0e1425ae2b77d47878e32e' - 'eea47ec2a3fb0c1104193bed91586cfccda745f2e0a473f6d1d2a0d2fe42c413') - -# 3D3664BB: AppArmor Development Team (AppArmor signing key) <apparmor@lists.ubuntu.com> -validpgpkeys=('3ECDCBA5FB34D254961CC53F6689E64E3D3664BB') - -#Configuration -core_perl_dir='/usr/bin/core_perl' -export MAKEFLAGS+=" POD2MAN=${core_perl_dir}/pod2man" -export MAKEFLAGS+=" POD2HTML=${core_perl_dir}/pod2html" -export MAKEFLAGS+=" PODCHECKER=${core_perl_dir}/podchecker" -export MAKEFLAGS+=" PROVE=${core_perl_dir}/prove" + 'ae9598c2f7c7e04697ef542ef09b816eff0cdb32182a133769760d0669cdceb7ebf896f7c0523d6499394d2ac20d2d3ddec2189ead7ea3d98534c7b9fccdae25' + '9f729a2d838cc48065ba3758b4c021e9ab57210a351724cc1a96819169d3f08efba13469483227f5bb482e5f4ea6a48f8cb682996716137e0c1fd0876b2b9a2d' + 'a288614318b35ac5ed50897d6064ee4c81f3f1628e171c6b5229261045d4b31aa977795584f7ed2753170ae8ce023ef7dafeb38fd12f07ab35ba78d020972b5b') +validpgpkeys=( + '3ECDCBA5FB34D254961CC53F6689E64E3D3664BB' # AppArmor Development Team + ) + +_core_perl_dir='/usr/bin/core_perl' +_vendorarch_perl_dir="$(perl -V:vendorarch | sed "s/^vendorarch='\(.*\)';$/\1/g")" +export MAKEFLAGS+=" POD2MAN=${_core_perl_dir}/pod2man" +export MAKEFLAGS+=" POD2HTML=${_core_perl_dir}/pod2html" +export MAKEFLAGS+=" PODCHECKER=${_core_perl_dir}/podchecker" +export MAKEFLAGS+=" PROVE=${_core_perl_dir}/prove" export MAKEFLAGS+=" PYTHON=python3" - prepare() { - cd "${srcdir}/${pkgbase}-${pkgver}/parser" - # avoid depend on texlive-latex - sed -i -e 's/pdflatex/true/g' Makefile - - cd "${srcdir}/${pkgbase}-${pkgver}/utils" - # Set Arch paths - sed -e '/logfiles/ s/syslog /syslog.log /g' \ - -e '/logfiles/ s/messages/messages.log/g' \ - -e '/parser/ s# /sbin/# /usr/bin/#g' \ - -i logprof.conf - # do not build/install vim file with utils package (causes ref to $srcdir and wrong location) - sed -i '/vim/d' Makefile - - cd "${srcdir}/${pkgbase}-${pkgver}/profiles/apparmor.d" - # /usr merge vs. profiles - for i in `find . -name "*sbin*"`; do sed -i -e 's@sbin@bin@g' ${i} && mv ${i} ${i/sbin/bin}; done - for i in klogd ping syslog-ng syslogd; do - sed -e "s@/bin/${i}@/usr/bin/${i}@g" \ - -e "s@bin\.${i}@usr\.bin\.${i}@g" \ - -i bin.${i} && \ - mv bin.${i} usr.bin.${i} - done + cd "${srcdir}/${pkgbase}-${pkgver}/parser" + # Skip compiling LaTex documents and hence avoid an additional dependency on texlive-latex + sed -i -e 's/pdflatex/true/g' Makefile + + cd "${srcdir}/${pkgbase}-${pkgver}/utils" + # Adapt logprof paths to Arch Linux defaults + sed -e '/logfiles/ s/syslog /syslog.log /g' \ + -e '/logfiles/ s/messages/messages.log/g' \ + -e '/parser/ s# /sbin/# /usr/bin/#g' \ + -i logprof.conf + # Skip building and installing vim related files within the utils package + # becuase of false references to $srcdir and non-default file locations + sed -i '/vim/d' Makefile + + cd "${srcdir}/${pkgbase}-${pkgver}/profiles/apparmor.d" + # Adapt profile names to Arch linux defaults + find . -name "*sbin*" -print0 | while read -r -d $'\0' i; do + sed -i -e 's@sbin@bin@g' "${i}" + mv "${i}" "${i/sbin/bin}" + done + for i in klogd ping syslog-ng syslogd; do + sed -e "s@/bin/${i}@/usr/bin/${i}@g" \ + -e "s@bin\.${i}@usr\.bin\.${i}@g" \ + -i "bin.${i}" + mv "bin.${i}" "usr.bin.${i}" + done } build() { - msg2 "Building: apparmor-libapparmor" - cd "${srcdir}/${pkgbase}-${pkgver}/libraries/libapparmor" - unset PERL_MM_OPT - NOCONFIGURE=1 ./autogen.sh - ./configure --prefix=/usr --sbindir=/usr/bin --with-perl --with-python - make + cd "${srcdir}/${pkgbase}-${pkgver}/libraries/libapparmor" + unset PERL_MM_OPT + NOCONFIGURE=1 ./autogen.sh + ./configure \ + --prefix=/usr \ + --sbindir=/usr/bin \ + --with-perl \ + --with-python + make - cd "${srcdir}/${pkgbase}-${pkgver}" - msg2 "Building: apparmor-parser" - make -C parser + cd "${srcdir}/${pkgbase}-${pkgver}" - msg2 "Building: apparmor-utils" - make -C utils + make -C parser - msg2 "Building: apparmor-profiles" - make -C profiles + make -C utils - msg2 "Building: apparmor-pam" - make -C changehat/pam_apparmor + make -C profiles - msg2 "Building: apparmor-vim" - make -C utils/vim -j1 + make -C changehat/pam_apparmor + + make -C utils/vim -j1 } package_apparmor() { - pkgdesc='Linux application security framework - mandatory access control for programs (metapackage)' - depends=(apparmor-parser apparmor-libapparmor apparmor-utils apparmor-profiles apparmor-pam apparmor-vim) - optdepends=('linux-libre-apparmor: a kernel with AppArmor patches' - 'linux-libre-lts-apparmor: a LTS kernel with AppArmor patches') - install='apparmor.install' + pkgdesc='Linux application security framework - mandatory access control for programs (metapackage)' + depends=('apparmor-parser' 'apparmor-libapparmor' 'apparmor-utils' 'apparmor-profiles' 'apparmor-pam' 'apparmor-vim') + optdepends=('linux-libre-lts-apparmor: a LTS kernel with AppArmor enabled' + 'linux-libre-xtreme: a mainline kernel with AppArmor enabled' + 'apparmor-openrc: OpenRC init script') + install='apparmor.install' } package_apparmor-parser() { - pkgdesc='AppArmor parser - loads AA profiles to kernel module' - depends=('apparmor-libapparmor') + pkgdesc='AppArmor parser - loads AA profiles to kernel module' + depends=('apparmor-libapparmor') - cd "${srcdir}/${pkgbase}-${pkgver}" - make -C parser install DESTDIR=${pkgdir} - mv "${pkgdir}/lib" "${pkgdir}/usr/lib" - mv "${pkgdir}/sbin" "${pkgdir}/usr/bin" + cd "${srcdir}/${pkgbase}-${pkgver}" + make -C parser DESTDIR="${pkgdir}" install + mv "${pkgdir}/lib" "${pkgdir}/usr/lib" + mv "${pkgdir}/sbin" "${pkgdir}/usr/bin" } package_apparmor-libapparmor() { - pkgdesc='AppArmor library' - makedepends=('swig' 'perl' 'python') - depends=('python') + pkgdesc='AppArmor library' + makedepends=('swig' 'perl' 'python') + depends=('python') - cd "${srcdir}/${pkgbase}-${pkgver}" - make -C libraries/libapparmor install DESTDIR="${pkgdir}" - install -D -m644 "libraries/libapparmor/swig/perl/LibAppArmor.pm" "${pkgdir}/usr/lib/perl5/vendor_perl/" + cd "${srcdir}/${pkgbase}-${pkgver}" + make -C libraries/libapparmor DESTDIR="${pkgdir}" install + install -D -m644 "libraries/libapparmor/swig/perl/LibAppArmor.pm" "${pkgdir}/${_vendorarch_perl_dir}" } package_apparmor-utils() { - pkgdesc='AppArmor userspace utilities' - depends=('perl' 'perl-locale-gettext' 'perl-term-readkey' - 'perl-file-tail' 'perl-rpc-xml' 'python') - install='apparmor-utils.install' - - cd "${srcdir}/${pkgbase}-${pkgver}" - make -C utils install DESTDIR="${pkgdir}" BINDIR="${pkgdir}/usr/bin" - install -D -m755 "${srcdir}/apparmor_load.sh" "${pkgdir}/usr/bin/apparmor_load.sh" - install -D -m755 "${srcdir}/apparmor_unload.sh" "${pkgdir}/usr/bin/apparmor_unload.sh" - install -D -m644 "${srcdir}/apparmor.service" "${pkgdir}/usr/lib/systemd/system/apparmor.service" + pkgdesc='AppArmor userspace utilities' + depends=('perl' 'perl-locale-gettext' 'perl-term-readkey' 'perl-file-tail' 'perl-rpc-xml' 'python') + + cd "${srcdir}/${pkgbase}-${pkgver}" + make -C utils DESTDIR="${pkgdir}" BINDIR="${pkgdir}/usr/bin" install + install -D -m755 "${srcdir}/apparmor_load.sh" "${pkgdir}/usr/bin/apparmor_load.sh" + install -D -m755 "${srcdir}/apparmor_unload.sh" "${pkgdir}/usr/bin/apparmor_unload.sh" + install -D -m644 "${srcdir}/apparmor.service" "${pkgdir}/usr/lib/systemd/system/apparmor.service" } package_apparmor-profiles() { - pkgdesc='AppArmor sample pre-made profiles' - depends=(apparmor-parser) - - # backup /etc/apparmor.d/* so using logprof is safe - cd "${srcdir}/${pkgbase}-${pkgver}/profiles/apparmor.d" - declare -a _profiles=(`find -type f|sed 's@./@etc/apparmor.d/@'`) - backup=(`echo ${_profiles[@]}`) - - cd "${srcdir}/${pkgbase}-${pkgver}" - make -C profiles install DESTDIR="${pkgdir}" + pkgdesc='AppArmor sample pre-made profiles' + depends=('apparmor-parser') + + # Add default profiles to the backup array + cd "${srcdir}/${pkgbase}-${pkgver}/profiles/apparmor.d" + # Without the PKGBUILD check the following command would confuse `makepkg --printsrcinfo` + [[ -f "./PKGBUILD" ]] || backup=($(find . -type f | sed 's@./@etc/apparmor.d/@')) + + cd "${srcdir}/${pkgbase}-${pkgver}" + make -C profiles DESTDIR="${pkgdir}" install + + # Remove profiles for non-FSDG software + # https://labs.parabola.nu/issues/1371 + rm -r ${pkgdir}/etc/apparmor.d/abstractions/ubuntu* \ + ${pkgdir}/etc/apparmor.d/abstractions/nvidia \ + ${pkgdir}/usr/share/apparmor/extra-profiles/usr.lib.firefox.mozilla-xremote-client \ + ${pkgdir}/usr/share/apparmor/extra-profiles/usr.bin.{opera,skype} + + # Adapt firefox profiles for iceweasel + # Do this really works? Many files and dirs that I don't see . . . + cd ${pkgdir}/usr/share/apparmor/extra-profiles/ + mv usr.lib.firefox.firefox usr.lib.iceweasel.iceweasel + mv usr.lib.firefox.firefox.sh usr.lib.iceweasel.iceweasel.sh + sed 's|firefox|iceweasel|g' -i usr.lib.iceweasel.iceweasel* } package_apparmor-pam() { - pkgdesc='AppArmor PAM library' - depends=('apparmor-libapparmor' 'pam') + pkgdesc='AppArmor PAM library' + depends=('apparmor-libapparmor' 'pam') - cd "${srcdir}/${pkgbase}-${pkgver}" - make -C changehat/pam_apparmor install DESTDIR="${pkgdir}/usr" - install -D -m644 changehat/pam_apparmor/README "${pkgdir}/usr/share/doc/apparmor/README.pam_apparmor" + cd "${srcdir}/${pkgbase}-${pkgver}" + make -C changehat/pam_apparmor DESTDIR="${pkgdir}/usr" install + install -D -m644 changehat/pam_apparmor/README "${pkgdir}/usr/share/doc/apparmor/README.pam_apparmor" } + package_apparmor-vim() { - pkgdesc='AppArmor VIM support' - depends=('vim') + pkgdesc='AppArmor VIM support' + depends=('vim') - cd "${srcdir}/${pkgbase}-${pkgver}/utils/vim" - install -D -m644 apparmor.vim \ - "${pkgdir}/usr/share/vim/vimfiles/syntax/apparmor.vim" + cd "${srcdir}/${pkgbase}-${pkgver}/utils/vim" + install -D -m644 apparmor.vim "${pkgdir}/usr/share/vim/vimfiles/syntax/apparmor.vim" } - -# vim:set ts=2 sw=2 et: |