summaryrefslogtreecommitdiff
path: root/pcr/apparmor
diff options
context:
space:
mode:
Diffstat (limited to 'pcr/apparmor')
-rw-r--r--pcr/apparmor/PKGBUILD49
-rw-r--r--pcr/apparmor/aa-teardown10
-rw-r--r--pcr/apparmor/apparmor.service25
-rw-r--r--pcr/apparmor/apparmor.systemd85
4 files changed, 21 insertions, 148 deletions
diff --git a/pcr/apparmor/PKGBUILD b/pcr/apparmor/PKGBUILD
index 6bad6a5a0..ef7220930 100644
--- a/pcr/apparmor/PKGBUILD
+++ b/pcr/apparmor/PKGBUILD
@@ -2,33 +2,25 @@
# Maintainer (AUR): Gordian Edenhofer <gordian.edenhofer@gmail.com>
# Contributor: Marcin Wieczorek <marcin@marcin.co>
# Contributor: Thomas Kuther <archlinux@kuther.net>
-# Contributor: Gianni Vialetto <gianni at rootcube dot net>
-# Contributor: Paul N. Maxwell <msg dot maxwel at gmail dot com>
-# Contributor: Thomas Mudrunka <harvie@@email..cz>
+# Contributor: Gianni Vialetto <gianni@rootcube.net>
+# Contributor: Paul N. Maxwell <msg.maxwel@gmail.com>
+# Contributor: Thomas Mudrunka <harvie@email.cz>
# Contributor: Max Fierke <max@maxfierke.com>
pkgbase=apparmor
pkgname=("${pkgbase}" 'apparmor-parser' 'apparmor-libapparmor' 'apparmor-utils' 'apparmor-profiles' 'apparmor-pam' 'apparmor-vim')
-pkgver=2.12.0
+pkgver=2.13.0
_majorver="$(expr "${pkgver}" : '\([0-9]*\.[0-9]*\)\.')"
pkgrel=1
pkgdesc='Linux application security framework - mandatory access control for programs'
-arch=('i686' 'x86_64')
+arch=(armv7h i686 x86_64)
url='https://launchpad.net/apparmor'
-license=('GPL')
-makedepends=('flex' 'swig' 'perl' 'python' 'perl-locale-gettext' 'perl-rpc-xml' 'audit')
-source=("https://launchpad.net/${pkgbase}/${_majorver}/${pkgver}/+download/${pkgbase}-${_majorver}.tar.gz"{,.asc}
- "apparmor.systemd"
- "aa-teardown"
- "apparmor.service")
-sha512sums=('d85fd47c66333fe5658ee5e977b32142697f6e36c575550712ee2ace2ad0fbf2aa59c8fd3b82ad8821c0190adf8cc150cf623ea09a84d5b32bde050a03dd6e9a'
- 'SKIP'
- '5fc5135ffae07c4cfa125c819b67ea812626e13201fde70d15c0d7b09bceadbd4cea9383b8af07c871173fb4d273edb4bbe926871d674565a19958cc08ac9d3a'
- '47666085482c899d64f73109d50eacd704db33b1726f985edfed0319326e147df177d9cc4cd7d3f45bb7bed348f8fedd03374fc53dde2a42a12c899b88d5ce6b'
- 'e7bfb69d6f98842caba1da9790b14b9368b1e5c65fc726e8226e776c8d42f06c0c051329e048a994d06908a365ad3c078745b7d09376d29639e9175b2c2b4c0d')
-validpgpkeys=(
- '3ECDCBA5FB34D254961CC53F6689E64E3D3664BB' # AppArmor Development Team
- )
+license=(GPL)
+makedepends=(flex swig perl python perl-locale-gettext perl-rpc-xml audit)
+source=("https://launchpad.net/${pkgbase}/${_majorver}/${pkgver}/+download/${pkgbase}-${_majorver}.tar.gz"{,.asc})
+sha512sums=('f98914713153d4c823a3ea7e96291cc4528bf7c8d3a139286ae0ecd806613e9c34b0ad81f2b258df2193cf6f3157d3252ef72d32d339427948a3fd8ba5651827'
+ 'SKIP')
+validpgpkeys=('3ECDCBA5FB34D254961CC53F6689E64E3D3664BB') # AppArmor Development Team
_core_perl_dir='/usr/bin/core_perl'
_vendorarch_perl_dir="$(perl -V:vendorarch | sed "s/^vendorarch='\(.*\)';$/\1/g")"
@@ -94,8 +86,8 @@ build() {
package_apparmor() {
pkgdesc='Linux application security framework - mandatory access control for programs (metapackage)'
depends=('apparmor-parser' 'apparmor-libapparmor' 'apparmor-utils' 'apparmor-profiles' 'apparmor-pam' 'apparmor-vim')
- optdepends=('linux-libre-lts-xtreme: an LTS kernel with AppArmor enabled'
- 'linux-libre-xtreme: a stable kernel with AppArmor enabled'
+ optdepends=('linux-libre-lts-xtreme: an LTS kernel with AppArmor enabled by default'
+ 'linux-libre-xtreme: a stable kernel with AppArmor enabled by default'
'apparmor-openrc: OpenRC init script')
install='apparmor.install'
}
@@ -128,9 +120,9 @@ package_apparmor-utils() {
cd "${srcdir}/${pkgbase}-${_majorver}"
make -C utils DESTDIR="${pkgdir}" BINDIR="${pkgdir}/usr/bin" install
- install -D -m755 "${srcdir}/apparmor.systemd" "${pkgdir}/usr/lib/apparmor/apparmor.systemd"
- install -D -m755 "${srcdir}/aa-teardown" "${pkgdir}/usr/bin/aa-teardown"
- install -D -m644 "${srcdir}/apparmor.service" "${pkgdir}/usr/lib/systemd/system/apparmor.service"
+ install -D -m755 "parser/apparmor.systemd" "${pkgdir}/usr/lib/apparmor/apparmor.systemd"
+ install -D -m755 "parser/aa-teardown" "${pkgdir}/usr/bin/aa-teardown"
+ install -D -m644 "parser/apparmor.service" "${pkgdir}/usr/lib/systemd/system/apparmor.service"
}
package_apparmor-profiles() {
@@ -144,7 +136,7 @@ package_apparmor-profiles() {
cd "${srcdir}/${pkgbase}-${_majorver}"
make -C profiles DESTDIR="${pkgdir}" install
-
+
# Remove profiles for non-FSDG software
# https://labs.parabola.nu/issues/1371
rm -r ${pkgdir}/etc/apparmor.d/abstractions/ubuntu* \
@@ -155,9 +147,10 @@ package_apparmor-profiles() {
# Adapt firefox profiles for iceweasel
# Does this really works? Many files and dirs that I don't see . . .
cd ${pkgdir}/usr/share/apparmor/extra-profiles/
- mv usr.lib.firefox.firefox usr.lib.iceweasel.iceweasel
- mv usr.lib.firefox.firefox.sh usr.lib.iceweasel.iceweasel.sh
- sed 's|firefox|iceweasel|g' -i usr.lib.iceweasel.iceweasel*
+ for f in usr.lib.firefox.firefox usr.lib.firefox.firefox.sh; do
+ sed 's|firefox|iceweasel|g' -i $f
+ mv $f ${f/firefox.firefox/iceweasel.iceweasel}
+ done
}
package_apparmor-pam() {
diff --git a/pcr/apparmor/aa-teardown b/pcr/apparmor/aa-teardown
deleted file mode 100644
index 44288569e..000000000
--- a/pcr/apparmor/aa-teardown
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/usr/bin/bash
-
-test $# = 0 || {
- echo "Usage: $0"
- echo
- echo "Unloads all AppArmor profiles"
- exit 1
-}
-
-/usr/lib/apparmor/apparmor.systemd stop
diff --git a/pcr/apparmor/apparmor.service b/pcr/apparmor/apparmor.service
deleted file mode 100644
index 2490d1bb8..000000000
--- a/pcr/apparmor/apparmor.service
+++ /dev/null
@@ -1,25 +0,0 @@
-[Unit]
-Description=Load AppArmor profiles
-DefaultDependencies=no
-Before=sysinit.target
-After=systemd-journald-audit.socket
-After=var.mount var-lib.mount
-ConditionSecurity=apparmor
-
-[Service]
-Type=oneshot
-ExecStart=/usr/lib/apparmor/apparmor.systemd reload
-ExecReload=/usr/lib/apparmor/apparmor.systemd reload
-
-# systemd maps 'restart' to 'stop; start' which means removing AppArmor confinement
-# from running processes (and not being able to re-apply it later).
-# Upstream systemd developers refused to implement an option that allows overriding
-# this behaviour, therefore we have to make ExecStop a no-op to error out on the
-# safe side.
-#
-# If you really want to unload all AppArmor profiles, run aa-teardown
-ExecStop=/usr/bin/true
-RemainAfterExit=yes
-
-[Install]
-WantedBy=multi-user.target
diff --git a/pcr/apparmor/apparmor.systemd b/pcr/apparmor/apparmor.systemd
deleted file mode 100644
index 17794c1ac..000000000
--- a/pcr/apparmor/apparmor.systemd
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/usr/bin/sh
-
-APPARMOR_FUNCTIONS='/usr/lib/apparmor/rc.apparmor.functions'
-
-aa_action()
-{
- echo $1
- shift
- "$@"
- return $?
-}
-
-aa_log_warning_msg()
-{
- echo "Warning: $@"
-}
-
-aa_log_failure_msg()
-{
- echo "Error: $@"
-}
-
-aa_log_action_start()
-{
- echo "$@"
-}
-
-aa_log_action_end()
-{
- echo -n
-}
-
-aa_log_daemon_msg()
-{
- echo "$@"
-}
-
-aa_log_skipped_msg()
-{
- echo "Skipped: $@"
-}
-
-aa_log_end_msg()
-{
- echo -n
-}
-
-# source apparmor function library
-if [ -f "${APPARMOR_FUNCTIONS}" ]; then
- . ${APPARMOR_FUNCTIONS}
-else
- aa_log_failure_msg "Unable to find AppArmor initscript functions"
- exit 1
-fi
-
-case "$1" in
- start)
- apparmor_start
- rc=$?
- ;;
- stop)
- apparmor_stop
- rc=$?
- ;;
- restart|reload|force-reload)
- apparmor_restart
- rc=$?
- ;;
- try-restart)
- apparmor_try_restart
- rc=$?
- ;;
- kill)
- apparmor_kill
- rc=$?
- ;;
- status)
- apparmor_status
- rc=$?
- ;;
- *)
- exit 1
- ;;
-esac
-exit $rc