diff options
Diffstat (limited to 'pcr/apparmor')
-rw-r--r-- | pcr/apparmor/PKGBUILD | 49 | ||||
-rw-r--r-- | pcr/apparmor/aa-teardown | 10 | ||||
-rw-r--r-- | pcr/apparmor/apparmor.service | 25 | ||||
-rw-r--r-- | pcr/apparmor/apparmor.systemd | 85 |
4 files changed, 21 insertions, 148 deletions
diff --git a/pcr/apparmor/PKGBUILD b/pcr/apparmor/PKGBUILD index 6bad6a5a0..ef7220930 100644 --- a/pcr/apparmor/PKGBUILD +++ b/pcr/apparmor/PKGBUILD @@ -2,33 +2,25 @@ # Maintainer (AUR): Gordian Edenhofer <gordian.edenhofer@gmail.com> # Contributor: Marcin Wieczorek <marcin@marcin.co> # Contributor: Thomas Kuther <archlinux@kuther.net> -# Contributor: Gianni Vialetto <gianni at rootcube dot net> -# Contributor: Paul N. Maxwell <msg dot maxwel at gmail dot com> -# Contributor: Thomas Mudrunka <harvie@@email..cz> +# Contributor: Gianni Vialetto <gianni@rootcube.net> +# Contributor: Paul N. Maxwell <msg.maxwel@gmail.com> +# Contributor: Thomas Mudrunka <harvie@email.cz> # Contributor: Max Fierke <max@maxfierke.com> pkgbase=apparmor pkgname=("${pkgbase}" 'apparmor-parser' 'apparmor-libapparmor' 'apparmor-utils' 'apparmor-profiles' 'apparmor-pam' 'apparmor-vim') -pkgver=2.12.0 +pkgver=2.13.0 _majorver="$(expr "${pkgver}" : '\([0-9]*\.[0-9]*\)\.')" pkgrel=1 pkgdesc='Linux application security framework - mandatory access control for programs' -arch=('i686' 'x86_64') +arch=(armv7h i686 x86_64) url='https://launchpad.net/apparmor' -license=('GPL') -makedepends=('flex' 'swig' 'perl' 'python' 'perl-locale-gettext' 'perl-rpc-xml' 'audit') -source=("https://launchpad.net/${pkgbase}/${_majorver}/${pkgver}/+download/${pkgbase}-${_majorver}.tar.gz"{,.asc} - "apparmor.systemd" - "aa-teardown" - "apparmor.service") -sha512sums=('d85fd47c66333fe5658ee5e977b32142697f6e36c575550712ee2ace2ad0fbf2aa59c8fd3b82ad8821c0190adf8cc150cf623ea09a84d5b32bde050a03dd6e9a' - 'SKIP' - '5fc5135ffae07c4cfa125c819b67ea812626e13201fde70d15c0d7b09bceadbd4cea9383b8af07c871173fb4d273edb4bbe926871d674565a19958cc08ac9d3a' - '47666085482c899d64f73109d50eacd704db33b1726f985edfed0319326e147df177d9cc4cd7d3f45bb7bed348f8fedd03374fc53dde2a42a12c899b88d5ce6b' - 'e7bfb69d6f98842caba1da9790b14b9368b1e5c65fc726e8226e776c8d42f06c0c051329e048a994d06908a365ad3c078745b7d09376d29639e9175b2c2b4c0d') -validpgpkeys=( - '3ECDCBA5FB34D254961CC53F6689E64E3D3664BB' # AppArmor Development Team - ) +license=(GPL) +makedepends=(flex swig perl python perl-locale-gettext perl-rpc-xml audit) +source=("https://launchpad.net/${pkgbase}/${_majorver}/${pkgver}/+download/${pkgbase}-${_majorver}.tar.gz"{,.asc}) +sha512sums=('f98914713153d4c823a3ea7e96291cc4528bf7c8d3a139286ae0ecd806613e9c34b0ad81f2b258df2193cf6f3157d3252ef72d32d339427948a3fd8ba5651827' + 'SKIP') +validpgpkeys=('3ECDCBA5FB34D254961CC53F6689E64E3D3664BB') # AppArmor Development Team _core_perl_dir='/usr/bin/core_perl' _vendorarch_perl_dir="$(perl -V:vendorarch | sed "s/^vendorarch='\(.*\)';$/\1/g")" @@ -94,8 +86,8 @@ build() { package_apparmor() { pkgdesc='Linux application security framework - mandatory access control for programs (metapackage)' depends=('apparmor-parser' 'apparmor-libapparmor' 'apparmor-utils' 'apparmor-profiles' 'apparmor-pam' 'apparmor-vim') - optdepends=('linux-libre-lts-xtreme: an LTS kernel with AppArmor enabled' - 'linux-libre-xtreme: a stable kernel with AppArmor enabled' + optdepends=('linux-libre-lts-xtreme: an LTS kernel with AppArmor enabled by default' + 'linux-libre-xtreme: a stable kernel with AppArmor enabled by default' 'apparmor-openrc: OpenRC init script') install='apparmor.install' } @@ -128,9 +120,9 @@ package_apparmor-utils() { cd "${srcdir}/${pkgbase}-${_majorver}" make -C utils DESTDIR="${pkgdir}" BINDIR="${pkgdir}/usr/bin" install - install -D -m755 "${srcdir}/apparmor.systemd" "${pkgdir}/usr/lib/apparmor/apparmor.systemd" - install -D -m755 "${srcdir}/aa-teardown" "${pkgdir}/usr/bin/aa-teardown" - install -D -m644 "${srcdir}/apparmor.service" "${pkgdir}/usr/lib/systemd/system/apparmor.service" + install -D -m755 "parser/apparmor.systemd" "${pkgdir}/usr/lib/apparmor/apparmor.systemd" + install -D -m755 "parser/aa-teardown" "${pkgdir}/usr/bin/aa-teardown" + install -D -m644 "parser/apparmor.service" "${pkgdir}/usr/lib/systemd/system/apparmor.service" } package_apparmor-profiles() { @@ -144,7 +136,7 @@ package_apparmor-profiles() { cd "${srcdir}/${pkgbase}-${_majorver}" make -C profiles DESTDIR="${pkgdir}" install - + # Remove profiles for non-FSDG software # https://labs.parabola.nu/issues/1371 rm -r ${pkgdir}/etc/apparmor.d/abstractions/ubuntu* \ @@ -155,9 +147,10 @@ package_apparmor-profiles() { # Adapt firefox profiles for iceweasel # Does this really works? Many files and dirs that I don't see . . . cd ${pkgdir}/usr/share/apparmor/extra-profiles/ - mv usr.lib.firefox.firefox usr.lib.iceweasel.iceweasel - mv usr.lib.firefox.firefox.sh usr.lib.iceweasel.iceweasel.sh - sed 's|firefox|iceweasel|g' -i usr.lib.iceweasel.iceweasel* + for f in usr.lib.firefox.firefox usr.lib.firefox.firefox.sh; do + sed 's|firefox|iceweasel|g' -i $f + mv $f ${f/firefox.firefox/iceweasel.iceweasel} + done } package_apparmor-pam() { diff --git a/pcr/apparmor/aa-teardown b/pcr/apparmor/aa-teardown deleted file mode 100644 index 44288569e..000000000 --- a/pcr/apparmor/aa-teardown +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/bash - -test $# = 0 || { - echo "Usage: $0" - echo - echo "Unloads all AppArmor profiles" - exit 1 -} - -/usr/lib/apparmor/apparmor.systemd stop diff --git a/pcr/apparmor/apparmor.service b/pcr/apparmor/apparmor.service deleted file mode 100644 index 2490d1bb8..000000000 --- a/pcr/apparmor/apparmor.service +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=Load AppArmor profiles -DefaultDependencies=no -Before=sysinit.target -After=systemd-journald-audit.socket -After=var.mount var-lib.mount -ConditionSecurity=apparmor - -[Service] -Type=oneshot -ExecStart=/usr/lib/apparmor/apparmor.systemd reload -ExecReload=/usr/lib/apparmor/apparmor.systemd reload - -# systemd maps 'restart' to 'stop; start' which means removing AppArmor confinement -# from running processes (and not being able to re-apply it later). -# Upstream systemd developers refused to implement an option that allows overriding -# this behaviour, therefore we have to make ExecStop a no-op to error out on the -# safe side. -# -# If you really want to unload all AppArmor profiles, run aa-teardown -ExecStop=/usr/bin/true -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target diff --git a/pcr/apparmor/apparmor.systemd b/pcr/apparmor/apparmor.systemd deleted file mode 100644 index 17794c1ac..000000000 --- a/pcr/apparmor/apparmor.systemd +++ /dev/null @@ -1,85 +0,0 @@ -#!/usr/bin/sh - -APPARMOR_FUNCTIONS='/usr/lib/apparmor/rc.apparmor.functions' - -aa_action() -{ - echo $1 - shift - "$@" - return $? -} - -aa_log_warning_msg() -{ - echo "Warning: $@" -} - -aa_log_failure_msg() -{ - echo "Error: $@" -} - -aa_log_action_start() -{ - echo "$@" -} - -aa_log_action_end() -{ - echo -n -} - -aa_log_daemon_msg() -{ - echo "$@" -} - -aa_log_skipped_msg() -{ - echo "Skipped: $@" -} - -aa_log_end_msg() -{ - echo -n -} - -# source apparmor function library -if [ -f "${APPARMOR_FUNCTIONS}" ]; then - . ${APPARMOR_FUNCTIONS} -else - aa_log_failure_msg "Unable to find AppArmor initscript functions" - exit 1 -fi - -case "$1" in - start) - apparmor_start - rc=$? - ;; - stop) - apparmor_stop - rc=$? - ;; - restart|reload|force-reload) - apparmor_restart - rc=$? - ;; - try-restart) - apparmor_try_restart - rc=$? - ;; - kill) - apparmor_kill - rc=$? - ;; - status) - apparmor_status - rc=$? - ;; - *) - exit 1 - ;; -esac -exit $rc |