# Maintainer: David P. # Maintainer (AUR): Gordian Edenhofer # Contributor: Marcin Wieczorek # Contributor: Thomas Kuther # Contributor: Gianni Vialetto # Contributor: Paul N. Maxwell # Contributor: Thomas Mudrunka # Contributor: Max Fierke pkgbase=apparmor pkgname=("${pkgbase}" 'apparmor-parser' 'apparmor-libapparmor' 'apparmor-utils' 'apparmor-profiles' 'apparmor-pam' 'apparmor-vim') pkgver=2.13.0 _majorver="$(expr "${pkgver}" : '\([0-9]*\.[0-9]*\)\.')" pkgrel=1 pkgdesc='Linux application security framework - mandatory access control for programs' arch=(armv7h i686 x86_64) url='https://launchpad.net/apparmor' license=(GPL) makedepends=(flex swig perl python perl-locale-gettext perl-rpc-xml audit) source=("https://launchpad.net/${pkgbase}/${_majorver}/${pkgver}/+download/${pkgbase}-${_majorver}.tar.gz"{,.asc}) sha512sums=('f98914713153d4c823a3ea7e96291cc4528bf7c8d3a139286ae0ecd806613e9c34b0ad81f2b258df2193cf6f3157d3252ef72d32d339427948a3fd8ba5651827' 'SKIP') validpgpkeys=('3ECDCBA5FB34D254961CC53F6689E64E3D3664BB') # AppArmor Development Team _core_perl_dir='/usr/bin/core_perl' _vendorarch_perl_dir="$(perl -V:vendorarch | sed "s/^vendorarch='\(.*\)';$/\1/g")" export MAKEFLAGS+=" POD2MAN=${_core_perl_dir}/pod2man" export MAKEFLAGS+=" POD2HTML=${_core_perl_dir}/pod2html" export MAKEFLAGS+=" PODCHECKER=${_core_perl_dir}/podchecker" export MAKEFLAGS+=" PROVE=${_core_perl_dir}/prove" export MAKEFLAGS+=" PYTHON=python3" prepare() { cd "${srcdir}/${pkgbase}-${_majorver}/parser" # Skip compiling LaTex documents and hence avoid an additional dependency on texlive-latex sed -i -e 's/pdflatex/true/g' Makefile cd "${srcdir}/${pkgbase}-${_majorver}/utils" # Adapt logprof paths to Arch Linux defaults sed -e '/logfiles/ s/syslog /syslog.log /g' \ -e '/logfiles/ s/messages/messages.log/g' \ -e '/parser/ s# /sbin/# /usr/bin/#g' \ -i logprof.conf # Skip building and installing vim related files within the utils package # becuase of false references to $srcdir and non-default file locations sed -i '/vim/d' Makefile cd "${srcdir}/${pkgbase}-${_majorver}/profiles/apparmor.d" # Adapt profile names to Arch linux defaults find . -name "*sbin*" -print0 | while read -r -d $'\0' i; do sed -i -e 's@sbin@bin@g' "${i}" mv "${i}" "${i/sbin/bin}" done for i in klogd ping syslog-ng syslogd; do sed -e "s@/bin/${i}@/usr/bin/${i}@g" \ -e "s@bin\.${i}@usr\.bin\.${i}@g" \ -i "bin.${i}" mv "bin.${i}" "usr.bin.${i}" done } build() { cd "${srcdir}/${pkgbase}-${_majorver}/libraries/libapparmor" unset PERL_MM_OPT NOCONFIGURE=1 ./autogen.sh ./configure \ --prefix=/usr \ --sbindir=/usr/bin \ --with-perl \ --with-python make cd "${srcdir}/${pkgbase}-${_majorver}" make -C parser make -C utils make -C profiles make -C changehat/pam_apparmor make -C utils/vim -j1 } package_apparmor() { pkgdesc='Linux application security framework - mandatory access control for programs (metapackage)' depends=('apparmor-parser' 'apparmor-libapparmor' 'apparmor-utils' 'apparmor-profiles' 'apparmor-pam' 'apparmor-vim') optdepends=('linux-libre-lts-xtreme: an LTS kernel with AppArmor enabled by default' 'linux-libre-xtreme: a stable kernel with AppArmor enabled by default' 'apparmor-openrc: OpenRC init script') install='apparmor.install' } package_apparmor-parser() { pkgdesc='AppArmor parser - loads AA profiles to kernel module' depends=('apparmor-libapparmor') backup=('etc/apparmor/parser.conf' 'etc/apparmor/subdomain.conf') cd "${srcdir}/${pkgbase}-${_majorver}" make -C parser DESTDIR="${pkgdir}" install mv "${pkgdir}/lib" "${pkgdir}/usr/lib" mv "${pkgdir}/sbin" "${pkgdir}/usr/bin" } package_apparmor-libapparmor() { pkgdesc='AppArmor library' makedepends=('swig' 'perl' 'python') depends=('python') cd "${srcdir}/${pkgbase}-${_majorver}" make -C libraries/libapparmor DESTDIR="${pkgdir}" install install -D -m644 "libraries/libapparmor/swig/perl/LibAppArmor.pm" "${pkgdir}/${_vendorarch_perl_dir}" } package_apparmor-utils() { pkgdesc='AppArmor userspace utilities' depends=('perl' 'perl-locale-gettext' 'perl-term-readkey' 'perl-file-tail' 'perl-rpc-xml' 'python') backup=('etc/apparmor/easyprof.conf' 'etc/apparmor/logprof.conf' 'etc/apparmor/notify.conf' 'etc/apparmor/severity.db') cd "${srcdir}/${pkgbase}-${_majorver}" make -C utils DESTDIR="${pkgdir}" BINDIR="${pkgdir}/usr/bin" install install -D -m755 "parser/apparmor.systemd" "${pkgdir}/usr/lib/apparmor/apparmor.systemd" install -D -m755 "parser/aa-teardown" "${pkgdir}/usr/bin/aa-teardown" install -D -m644 "parser/apparmor.service" "${pkgdir}/usr/lib/systemd/system/apparmor.service" } package_apparmor-profiles() { pkgdesc='AppArmor sample pre-made profiles, without profiles for nonfree software' depends=('apparmor-parser') # Add default profiles to the backup array cd "${srcdir}/${pkgbase}-${_majorver}/profiles/apparmor.d" # Without the PKGBUILD check the following command would confuse `makepkg --printsrcinfo` [[ -f "./PKGBUILD" ]] || backup=($(find . -type f | sed 's@./@etc/apparmor.d/@')) cd "${srcdir}/${pkgbase}-${_majorver}" make -C profiles DESTDIR="${pkgdir}" install # Remove profiles for non-FSDG software # https://labs.parabola.nu/issues/1371 rm -r ${pkgdir}/etc/apparmor.d/abstractions/ubuntu* \ ${pkgdir}/etc/apparmor.d/abstractions/nvidia \ ${pkgdir}/usr/share/apparmor/extra-profiles/usr.lib.firefox.mozilla-xremote-client \ ${pkgdir}/usr/share/apparmor/extra-profiles/usr.bin.{opera,skype} # Adapt firefox profiles for iceweasel # Does this really works? Many files and dirs that I don't see . . . cd ${pkgdir}/usr/share/apparmor/extra-profiles/ for f in usr.lib.firefox.firefox usr.lib.firefox.firefox.sh; do sed 's|firefox|iceweasel|g' -i $f mv $f ${f/firefox.firefox/iceweasel.iceweasel} done } package_apparmor-pam() { pkgdesc='AppArmor PAM library' depends=('apparmor-libapparmor' 'pam') cd "${srcdir}/${pkgbase}-${_majorver}" make -C changehat/pam_apparmor DESTDIR="${pkgdir}/usr" install install -D -m644 changehat/pam_apparmor/README "${pkgdir}/usr/share/doc/apparmor/README.pam_apparmor" } package_apparmor-vim() { pkgdesc='AppArmor VIM support' depends=('vim') cd "${srcdir}/${pkgbase}-${_majorver}/utils/vim" install -D -m644 apparmor.vim "${pkgdir}/usr/share/vim/vimfiles/syntax/apparmor.vim" }