package/apparmor: new package
The various AppArmor utilities are spread in a few sub-directories of
the apparmor source tree. For now, we build only the parser, but we'll
soon introduce support for a few other utilities, so we prepare the
package to be able to build more than just the parser, hence the
slightly convoluted build and install commands, and the use of the
APPARMOR_TOOLS and APPARMOR_MAKE_OPTS variables, which will come handy
in the following commits.
We must ensure the version matches that of libapparmor, but there is not
much we can do to enforce that, so as we do for various other packages,
we just add a comment to that effect.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- make it a separate package
- split into its own patch, write a commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-03-27 21:38:37 +01:00
|
|
|
################################################################################
|
|
|
|
|
#
|
|
|
|
|
# apparmor
|
|
|
|
|
#
|
|
|
|
|
################################################################################
|
|
|
|
|
|
|
|
|
|
# When updating the version here, please also update the libapparmor package
|
|
|
|
|
APPARMOR_VERSION_MAJOR = 2.13
|
|
|
|
|
APPARMOR_VERSION = $(APPARMOR_VERSION_MAJOR).3
|
|
|
|
|
APPARMOR_SITE = https://launchpad.net/apparmor/$(APPARMOR_VERSION_MAJOR)/$(APPARMOR_VERSION)/+download
|
|
|
|
|
APPARMOR_DL_SUBDIR = libapparmor
|
|
|
|
|
APPARMOR_LICENSE = GPL-2.0
|
|
|
|
|
APPARMOR_LICENSE_FILES = LICENSE parser/COPYING.GPL
|
|
|
|
|
|
|
|
|
|
APPARMOR_DEPENDENCIES = libapparmor
|
|
|
|
|
|
|
|
|
|
APPARMOR_TOOLS = parser
|
|
|
|
|
APPARMOR_MAKE_OPTS = USE_SYSTEM=1
|
|
|
|
|
|
2020-03-27 22:13:14 +01:00
|
|
|
ifeq ($(BR2_PACKAGE_APPARMOR_BINUTILS),y)
|
|
|
|
|
APPARMOR_TOOLS += binutils
|
|
|
|
|
endif
|
|
|
|
|
|
package/apparmor: add options to install utils
Most utilities are written in python3, except a few that are written in
a mixture of POSIX shell, bash, perl and awk.
The Makefile does not allow installing parts of it, but requiring all of
python3, bash, and perl to install the utils is too much of a
requirement.
Instead, we split the set in two, on one hand the python ones, which we
install when python3 is enabled, and on the other hand, the rest of the
script which we call 'extras', and which we install when all the extra
requirements (bash, perl, and busybox or gawk) are met; if not, then we
remove these extras utils as a post-install hook.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- split into its own patch
- re-arrange the conditions
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-03-29 09:55:01 +02:00
|
|
|
ifeq ($(BR2_PACKAGE_APPARMOR_UTILS),y)
|
|
|
|
|
APPARMOR_DEPENDENCIES += host-python3 python3
|
|
|
|
|
APPARMOR_TOOLS += utils
|
|
|
|
|
APPARMOR_MAKE_OPTS += PYTHON=$(HOST_DIR)/bin/python3
|
|
|
|
|
|
|
|
|
|
ifeq ($(BR2_PACKAGE_APPARMOR_UTILS_EXTRA),)
|
|
|
|
|
define APPARMOR_UTILS_NO_EXTRA
|
|
|
|
|
$(Q)rm -f $(addprefix $(TARGET_DIR)/usr/sbin/,aa-decode aa-notify aa-remove-unknown)
|
|
|
|
|
endef
|
|
|
|
|
APPARMOR_POST_INSTALL_TARGET_HOOKS += APPARMOR_UTILS_NO_EXTRA
|
|
|
|
|
endif # BR2_PACKAGE_APPARMOR_UTILS_EXTRA
|
|
|
|
|
|
|
|
|
|
endif # BR2_PACKAGE_APPARMOR_UTILS
|
|
|
|
|
|
2020-03-28 09:28:08 +01:00
|
|
|
ifeq ($(BR2_PACKAGE_APPARMOR_PROFILES),y)
|
|
|
|
|
APPARMOR_TOOLS += profiles
|
|
|
|
|
endif
|
|
|
|
|
|
2020-03-29 12:35:22 +02:00
|
|
|
ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
|
|
|
|
|
APPARMOR_DEPENDENCIES += linux-pam
|
|
|
|
|
APPARMOR_TOOLS += changehat/pam_apparmor
|
|
|
|
|
endif
|
|
|
|
|
|
package/apparmor: new package
The various AppArmor utilities are spread in a few sub-directories of
the apparmor source tree. For now, we build only the parser, but we'll
soon introduce support for a few other utilities, so we prepare the
package to be able to build more than just the parser, hence the
slightly convoluted build and install commands, and the use of the
APPARMOR_TOOLS and APPARMOR_MAKE_OPTS variables, which will come handy
in the following commits.
We must ensure the version matches that of libapparmor, but there is not
much we can do to enforce that, so as we do for various other packages,
we just add a comment to that effect.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- make it a separate package
- split into its own patch, write a commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-03-27 21:38:37 +01:00
|
|
|
define APPARMOR_BUILD_CMDS
|
|
|
|
|
$(foreach tool,$(APPARMOR_TOOLS),\
|
|
|
|
|
$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) \
|
|
|
|
|
$(MAKE) -C $(@D)/$(tool) $(APPARMOR_MAKE_OPTS)
|
|
|
|
|
)
|
|
|
|
|
endef
|
|
|
|
|
|
|
|
|
|
define APPARMOR_INSTALL_TARGET_CMDS
|
|
|
|
|
$(foreach tool,$(APPARMOR_TOOLS),\
|
|
|
|
|
$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) \
|
|
|
|
|
$(MAKE) -C $(@D)/$(tool) $(APPARMOR_MAKE_OPTS) \
|
|
|
|
|
DESTDIR=$(TARGET_DIR) install
|
|
|
|
|
)
|
|
|
|
|
endef
|
|
|
|
|
|
|
|
|
|
# Despite its name, apparmor.systemd is a sysv-init compatible startup script
|
|
|
|
|
define APPARMOR_INSTALL_INIT_SYSV
|
|
|
|
|
$(INSTALL) -D -m 0755 $(@D)/parser/apparmor.systemd \
|
|
|
|
|
$(TARGET_DIR)/etc/init.d/S00apparmor
|
|
|
|
|
endef
|
|
|
|
|
|
|
|
|
|
define APPARMOR_INSTALL_INIT_SYSTEMD
|
|
|
|
|
$(INSTALL) -D -m 0755 $(@D)/parser/apparmor.systemd \
|
|
|
|
|
$(TARGET_DIR)/lib/apparmor/apparmor.systemd
|
|
|
|
|
$(INSTALL) -D -m 0755 $(@D)/parser/apparmor.service \
|
|
|
|
|
$(TARGET_DIR)/usr/lib/systemd/system/apparmor.service
|
|
|
|
|
endef
|
|
|
|
|
|
|
|
|
|
$(eval $(generic-package))
|
