diff --git a/pkgs/os-specific/linux/apparmor/2.9/default.nix b/pkgs/os-specific/linux/apparmor/2.9/default.nix deleted file mode 100644 index 1b1d9a3d1ca2..000000000000 --- a/pkgs/os-specific/linux/apparmor/2.9/default.nix +++ /dev/null @@ -1,183 +0,0 @@ -{ stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, perl, which -, glibc, flex, bison, python27, swig, dbus, pam -}: - -let - apparmor-series = "2.9"; - apparmor-patchver = "2"; - apparmor-version = "${apparmor-series}.${apparmor-patchver}"; - - apparmor-meta = component: with stdenv.lib; { - homepage = http://apparmor.net/; - description = "Linux application security system - ${component}"; - license = licenses.gpl2; - maintainers = with maintainers; [ phreedom thoughtpolice joachifm ]; - platforms = platforms.linux; - }; - - apparmor-sources = fetchurl { - url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz"; - sha256 = "1mayly7d7w959fya7z8q6kab2x3jcwhqhkpx36jsvpjhxkhmc4fh"; - }; - - prePatchCommon = '' - substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" - substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" - substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" - substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man" - ''; - - libapparmor = stdenv.mkDerivation { - name = "libapparmor-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - autoconf - automake - bison - flex - dbus # requires patch to dbus ... - glibc - libtool - perl - pkgconfig - python27 - swig - which - ]; - - prePatch = prePatchCommon + '' - substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" - substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" - ''; - - buildPhase = '' - cd ./libraries/libapparmor - ./autogen.sh - ./configure --prefix="$out" --with-python --with-perl - make - ''; - - installPhase = '' - make install - ''; - - meta = apparmor-meta "library"; - }; - - apparmor-utils = stdenv.mkDerivation { - name = "apparmor-utils-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - python27 - libapparmor - which - ]; - - prePatch = prePatchCommon; - - buildPhase = '' - cd ./utils - make LANGS="" - ''; - - installPhase = '' - make install LANGS="" DESTDIR="$out" BINDIR="$out/bin" VIM_INSTALL_PATH="$out/share" PYPREFIX="" - ''; - - meta = apparmor-meta "user-land utilities"; - }; - - apparmor-parser = stdenv.mkDerivation { - name = "apparmor-parser-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - libapparmor - bison - flex - which - ]; - - prePatch = prePatchCommon + '' - substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" - substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" - substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" - ## techdoc.pdf still doesn't build ... - substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" - ''; - - buildPhase = '' - cd ./parser - make LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include - ''; - - installPhase = '' - make install LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include DESTDIR="$out" DISTRO="unknown" - ''; - - meta = apparmor-meta "rule parser"; - }; - - apparmor-pam = stdenv.mkDerivation { - name = "apparmor-pam-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ - libapparmor - pam - pkgconfig - which - ]; - - buildPhase = '' - cd ./changehat/pam_apparmor - make USE_SYSTEM=1 - ''; - - installPhase = '' - make install DESTDIR="$out" - ''; - - meta = apparmor-meta "PAM service"; - }; - - apparmor-profiles = stdenv.mkDerivation { - name = "apparmor-profiles-${apparmor-version}"; - src = apparmor-sources; - - buildInputs = [ which ]; - - buildPhase = '' - cd ./profiles - make - ''; - - installPhase = '' - make install DESTDIR="$out" EXTRAS_DEST="$out/share/apparmor/extra-profiles" - ''; - - meta = apparmor-meta "profiles"; - }; - - apparmor-kernel-patches = stdenv.mkDerivation { - name = "apparmor-kernel-patches-${apparmor-version}"; - src = apparmor-sources; - - phases = ''unpackPhase installPhase''; - - installPhase = '' - mkdir "$out" - cp -R ./kernel-patches "$out" - ''; - - meta = apparmor-meta "kernel patches"; - }; - -in - -{ - inherit libapparmor apparmor-utils apparmor-parser apparmor-pam - apparmor-profiles apparmor-kernel-patches; -} diff --git a/pkgs/os-specific/linux/apparmor/capability.patch b/pkgs/os-specific/linux/apparmor/capability.patch deleted file mode 100644 index c8f2b511d957..000000000000 --- a/pkgs/os-specific/linux/apparmor/capability.patch +++ /dev/null @@ -1,16 +0,0 @@ -Description: allow parser to build even when not on Linux. -Author: Kees Cook - -Index: apparmor-debian/common/Make.rules -=================================================================== ---- apparmor-debian.orig/common/Make.rules 2012-05-05 14:41:25.967259523 -0700 -+++ apparmor-debian/common/Make.rules 2012-05-05 14:41:28.451291053 -0700 -@@ -160,7 +160,7 @@ - CAPABILITIES=$(shell echo "\#include " | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort) - - .PHONY: list_capabilities --list_capabilities: /usr/include/linux/capability.h -+list_capabilities: - @echo "$(CAPABILITIES)" - - # ===================== diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index 22413b2ed314..64c6f66575b6 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -1,98 +1,167 @@ -{ stdenv, fetchurl -, autoconf, automake, libtool, makeWrapper -, perl, bison, flex, glibc, gettext, which, rpm, LocaleGettext -, bash, pam, TermReadKey, RpcXML, swig, python}: -stdenv.mkDerivation rec { +{ stdenv, fetchurl, makeWrapper, autoconf, autoreconfHook, automake, libtool, pkgconfig, perl, which +, glibc, flex, bison, python27Packages, swig, pam +}: - name = "apparmor-${version}"; - version = "2.8.4"; +let + apparmor-series = "2.10"; + apparmor-version = apparmor-series; - src = fetchurl { - url = "http://launchpad.net/apparmor/2.8/${version}/+download/${name}.tar.gz"; - sha256 = "1mki4c44ljmr7dpn55grzn33929kdjx149jx00s80yp1war83jwq"; - }; - - buildInputs = [ - autoconf automake libtool perl bison flex gettext which rpm - LocaleGettext pam TermReadKey RpcXML swig makeWrapper python ]; - - prePatch = '' - substituteInPlace libraries/libapparmor/src/Makefile.in --replace "/usr/include" "${glibc}/include" - substituteInPlace libraries/libapparmor/src/Makefile.am --replace "/usr/include" "${glibc}/include" - substituteInPlace common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" - substituteInPlace common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" - substituteInPlace common/Make.rules --replace "cpp -dM" "cpp -dM -I${glibc}/include" - - substituteInPlace parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" - substituteInPlace parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" - substituteInPlace parser/Makefile --replace "/usr/include/bits/socket.h" "${glibc}/include/bits/socket.h" - substituteInPlace parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" - #substituteInPlace parser/utils/vim/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" - - # for some reason pdf documentation doesn't build - substituteInPlace parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" - - substituteInPlace parser/tst/gen-xtrans.pl --replace "/usr/bin/perl" "${perl}/bin/perl" - substituteInPlace parser/tst/Makefile --replace "/usr/bin/prove" "${perl}/bin/prove" - substituteInPlace parser/tst/Makefile --replace "./caching.sh" "${bash}/bin/bash ./caching.sh" - ''; - - patches = ./capability.patch; - - buildPhase ='' - PERL5LIB=$PERL5LIB:$out/lib/perl5/site_perl:$out/lib - - cd libraries/libapparmor - ./autogen.sh - ./configure --prefix=$out --with-perl # see below - make - make check - make install - mkdir -p $out/lib/perl5/site_perl/ - cp swig/perl/LibAppArmor.pm $out/lib/perl5/site_perl/ - cp swig/perl/LibAppArmor.bs $out/lib/perl5/site_perl/ - # this is automatically copied elsewhere.... - - cd ../../utils - make - make install DESTDIR=$out BINDIR=$out/bin VENDOR_PERL=/lib/perl5/site_perl - - cd ../parser - make - make install DESTDIR=$out DISTRO=unknown - -# cd ../changehat/mod_apparmor -# make # depends on libapparmor having been built first -# make install - - cd ../changehat/pam_apparmor - make # depends on libapparmor having been built first - make install DESTDIR=$out - - cd ../../profiles - LD_LIBRARY_PATH=$out/lib make - #LD_LIBRARY_PATH=$out/lib make check # depends on the parser having been built first - make install DESTDIR=$out - - cd .. - cp -r kernel-patches $out - ''; - - installPhase = let - perlVersion = (builtins.parseDrvName perl.name).version; - in '' - for i in $out/bin/*; do - wrapProgram $i --prefix PERL5LIB : \ - "$PERL5LIB:$out/lib/perl5/${perlVersion}/${stdenv.system}-thread-multi/" - done - ''; - - meta = with stdenv.lib; { + apparmor-meta = component: with stdenv.lib; { homepage = http://apparmor.net/; - description = "Linux application security system"; + description = "Linux application security system - ${component}"; license = licenses.gpl2; - maintainers = [ maintainers.phreedom maintainers.thoughtpolice ]; + maintainers = with maintainers; [ phreedom thoughtpolice joachifm ]; platforms = platforms.linux; }; -} + apparmor-sources = fetchurl { + url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz"; + sha256 = "1x06qmmbha9krx7880pxj2k3l8fxy3nm945xjjv735m2ax1243jd"; + }; + + prePatchCommon = '' + substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" + substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" + substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" + substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man" + ''; + + libapparmor = stdenv.mkDerivation { + name = "libapparmor-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ + autoconf + automake + autoreconfHook + bison + flex + glibc + libtool + perl + pkgconfig + python27Packages.python + swig + which + ]; + + # required to build apparmor-parser + dontDisableStatic = true; + + prePatch = prePatchCommon + '' + substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" + substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h" + ''; + + postPatch = "cd ./libraries/libapparmor"; + configureFlags = "--with-python --with-perl"; + + meta = apparmor-meta "library"; + }; + + apparmor-utils = stdenv.mkDerivation { + name = "apparmor-utils-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ + perl + python27Packages.python + python27Packages.readline + libapparmor + makeWrapper + which + ]; + + prePatch = prePatchCommon; + postPatch = "cd ./utils"; + makeFlags = ''LANGS=''; + installFlags = ''DESTDIR=$(out) BINDIR=$(out)/bin VIM_INSTALL_PATH=$(out)/share PYPREFIX=''; + + postInstall = '' + for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-status aa-unconfined ; do + wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python27Packages.python.libPrefix}/site-packages:$PYTHONPATH" + done + + for prog in aa-exec aa-notify ; do + wrapProgram $out/bin/$prog --prefix PERL5LIB : "${libapparmor}/lib/perl5:$PERL5LIB" + done + ''; + + meta = apparmor-meta "user-land utilities"; + }; + + apparmor-parser = stdenv.mkDerivation { + name = "apparmor-parser-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ + libapparmor + bison + flex + which + ]; + + prePatch = prePatchCommon + '' + substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison" + substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex" + substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" + ## techdoc.pdf still doesn't build ... + substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" + ''; + postPatch = "cd ./parser"; + makeFlags = ''LANGS= USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include''; + installFlags = ''DESTDIR=$(out) DISTRO=unknown''; + + meta = apparmor-meta "rule parser"; + }; + + apparmor-pam = stdenv.mkDerivation { + name = "apparmor-pam-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ + libapparmor + pam + pkgconfig + which + ]; + + postPatch = "cd ./changehat/pam_apparmor"; + makeFlags = ''USE_SYSTEM=1''; + installFlags = ''DESTDIR=$(out)''; + + meta = apparmor-meta "PAM service"; + }; + + apparmor-profiles = stdenv.mkDerivation { + name = "apparmor-profiles-${apparmor-version}"; + src = apparmor-sources; + + buildInputs = [ which ]; + + postPatch = "cd ./profiles"; + installFlags = ''DESTDIR=$(out) EXTRAS_DEST=$(out)/share/apparmor/extra-profiles''; + + meta = apparmor-meta "profiles"; + }; + + apparmor-kernel-patches = stdenv.mkDerivation { + name = "apparmor-kernel-patches-${apparmor-version}"; + src = apparmor-sources; + + phases = ''unpackPhase installPhase''; + + installPhase = '' + mkdir "$out" + cp -R ./kernel-patches "$out" + ''; + + meta = apparmor-meta "kernel patches"; + }; + +in + +{ + inherit libapparmor apparmor-utils apparmor-parser apparmor-pam + apparmor-profiles apparmor-kernel-patches; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index ce5b10995804..d35555e19953 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9291,18 +9291,12 @@ let microcodeIntel = callPackage ../os-specific/linux/microcode/intel.nix { }; - apparmor = callPackage ../os-specific/linux/apparmor { - inherit (perlPackages) LocaleGettext TermReadKey RpcXML; - bison = bison2; - perl = perl516; # ${perl}/.../CORE/handy.h:124:34: error: 'bool' undeclared - }; - - apparmor_2_9 = callPackage ../os-specific/linux/apparmor/2.9 { }; - libapparmor = apparmor_2_9.libapparmor; - apparmor-pam = apparmor_2_9.apparmor-pam; - apparmor-parser = apparmor_2_9.apparmor-parser; - apparmor-profiles = apparmor_2_9.apparmor-profiles; - apparmor-utils = apparmor_2_9.apparmor-utils; + apparmor = callPackage ../os-specific/linux/apparmor { swig = swig2; }; + libapparmor = apparmor.libapparmor; + apparmor-pam = apparmor.apparmor-pam; + apparmor-parser = apparmor.apparmor-parser; + apparmor-profiles = apparmor.apparmor-profiles; + apparmor-utils = apparmor.apparmor-utils; atop = callPackage ../os-specific/linux/atop { };