Commit Graph

14 Commits

Author SHA1 Message Date
Adam Duskett
eb02ef549f package/apparmor: add a dependency on net-tools if utils is selected
aa-unconfied requires the full version of netstat provided by the net-tools
package. Without the full version, running aa-unconfined will result in the
error:
netstat: invalid option -- 'p'

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr:
  - net-ttols is a runtime depednency
  - select BB_SHOW_OTHERS
  - reorder depends
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-05-08 10:06:44 +02:00
Adam Duskett
ebea009ffd package/apparmor: fix typo in Config.in
pyhon should be python

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-05-08 09:58:36 +02:00
Adam Duskett
515751036c package/apparmor: fix compatibility with busybox grep
The following regex string in rc.apparmor.functions
"^/.*[ \t]+flags[ \t]*=[ \t]*\([ \t]*complain[ \t]*\)[ \t]+{" is broken due to
the unescaped { at the end of the regex pattern.
GNU grep ignors the error. However, the Busybox grep does not and throws the
error "unescaped character {"

Escape the "{" character to fix this issue.

Note: Upstream has rewritten large sections of the rc.apparmor.functions file
and the function this patch fixes will no longer be necessary after the next
version is released. However, it is not possible to easily backport the
upstream patches as the rewrite comes with new features that would not be
possible with a simple patch such as this one.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-05-08 09:58:28 +02:00
Adam Duskett
6569d76aea package/apparmor: replace deprecated egrep with grep -E
Upstream commit: 5f46dedd6e8109d845af118b36039a5d7dd05af9

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-05-08 09:58:22 +02:00
Angelo Compagnucci
047832a1f2 package/apparmor: skip docs building
When pod2man and pod2html are missing, building now exits with an
error.
Building of man pages and documentation should be skipped in buildroot,
setting both executables to the "true" command it's sufficient to skip
them.

Fixes:
http://autobuild.buildroot.net/results/ca8d3071d888b5c1cfa3e275afaf05415e19627f

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-05-07 22:47:16 +02:00
Angelo Compagnucci
4f064ef8ef package/apparmor: fix compilation with libintl
When libintl is enabled, Apparmor should link againts libintl.
The patch is already sent upstream.

Fixes:
http://autobuild.buildroot.net/results/8bf/8bf5ce74721f828b01fd708443d020cdf8dc7d3a

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-27 22:52:01 +02:00
Angelo Compagnucci
29acee6e65 package/{apparmor,libapparmor}: bump to version 2.13.4
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-25 15:30:58 +02:00
Angelo Compagnucci
cf56da5481 package/apparmor: fixing installation os detection
Actually the install target of some tools like the parser tries to do
an os detection to understand what install and where.
Incidentally, when the install is invoked on SuSE, this will trig a bug
in parallel install which manifests as "target/lib/apparmor: File exists"
error. For this problem, a patch is already sent upstream.

For buildroot instead, the os detection is useless so we disable it
and use a generic install method.

Fixes:
http://autobuild.buildroot.net/results/b18c6a9ce67065dcb7968c6f473b3b403d2925d2

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-04-24 13:06:03 +02:00
Yann E. MORIN
adc2376bbb package/apparmor: enable apache integration
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr: split off to its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-04-20 09:55:48 +02:00
Yann E. MORIN
f8a0fe4f3a package/apparmor: enable PAM integration
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr: split off to its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-04-20 09:55:48 +02:00
Yann E. MORIN
12b76b077a package/apparmor: add option to install generic profiles
The apparmor packages comes with a set of profiles for a class of usual,
mostly server-class programs and daemons.

Even though an embedded device will mostly require custom profiles, the
generic ones may come handy, as they also provide "abstractions", that
can serve as templates for custom profiles.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr: split off into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-04-20 09:55:48 +02:00
Yann E. MORIN
966a5265cb package/apparmor: add options to install utils
Most utilities are written in python3, except a few that are written in
a mixture of POSIX shell, bash, perl and awk.

The Makefile does not allow installing parts of it, but requiring all of
python3, bash, and perl to install the utils is too much of a
requirement.

Instead, we split the set in two, on one hand the python ones, which we
install when python3 is enabled, and on the other hand, the rest of the
script which we call 'extras', and which we install when all the extra
requirements (bash, perl, and busybox or gawk) are met; if not, then we
remove these extras utils as a post-install hook.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
  - split into its own patch
  - re-arrange the conditions
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-04-20 09:55:43 +02:00
Angelo Compagnucci
fa9466f5a4 package/apparmor: add option to install binutils
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr: split off to its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-04-20 09:53:05 +02:00
Angelo Compagnucci
007ee0765e package/apparmor: new package
The various AppArmor utilities are spread in a few sub-directories of
the apparmor source tree. For now, we build only the parser, but we'll
soon introduce support for a few other utilities, so we prepare the
package to be able to build more than just the parser, hence the
slightly convoluted build and install commands, and the use of the
APPARMOR_TOOLS and APPARMOR_MAKE_OPTS variables, which will come handy
in the following commits.

We must ensure the version matches that of libapparmor, but there is not
much we can do to enforce that, so as we do for various other packages,
we just add a comment to that effect.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
  - make it a separate package
  - split into its own patch, write a commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-04-20 09:53:05 +02:00