Avoid setting executable bits for apparmor.service. This gets rid of a
corresponding warning during installation:
Configuration file ../target/usr/lib/systemd/system/apparmor.service
is marked executable. Please remove executable permission bits.
Proceeding anyway.
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fix build of version 3.0.0 with musl. Since the apparmor and
libapparmor packages share the same sources, we also share their
patches: this is why the patch is added in package/libapparmor/3.0.0,
and a symlink package/apparmor/3.0.0 -> package/libapparmor/3.0.0 is
added.
Fixes:
- http://autobuild.buildroot.org/results/22fb440240aa698acc68f026be790d5366c8f908
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This patch bumps apparmor and libapparmor to version 3.0.0
Of all our patches, one was already a backport, one is no longer
applicable (file largely rewritten), and the four others have been
applied upstream now.
The hash for the tarball is available on the homepage, so use that
as a reference.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- expand commit log to explain why we drop all the patches
- add a reference for the hash for the source tarball
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Per-package build of apparmor with apache fails on:
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apparmor/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/apxs -c mod_apparmor.c -L/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apparmor/host/bin/../x86_64-buildroot-linux-musl/sysroot/usr/lib -lapparmor
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../usr/build-1/libtool --silent --mode=compile /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/bin/x86_64-linux-gcc -prefer-pic -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g2 -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/include -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../usr/include/apr-1 -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../usr/include/apr-1 -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../../../x86_64-buildroot-lin
ux-musl/sysroot/usr/include -c -o mod_apparmor.lo mod_apparmor.c && touch mod_apparmor.slo
mod_apparmor.c:28:10: fatal error: sys/apparmor.h: No such file or directory
#include <sys/apparmor.h>
^~~~~~~~~~~~~~~~
The issue is that sys/appamor.h is not installed in the apache
per-package directory which is mangled by
APACHE_FIX_STAGING_APACHE_CONFIG, i.e.
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/include
So implement the same workaround made on apache to replace those wrong
apache paths by apparmor paths in apxs binary and its configuration file
(i.e. config_vars.mk) as suggested by Thomas Petazzoni and Yann E. Morin
during review of the first iteration of this patch
Fixes:
- http://autobuild.buildroot.org/results/ef1fcd57e0c09a2806bf2272bb21df6d3300b45b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
aa-unconfied requires the full version of netstat provided by the net-tools
package. Without the full version, running aa-unconfined will result in the
error:
netstat: invalid option -- 'p'
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr:
- net-ttols is a runtime depednency
- select BB_SHOW_OTHERS
- reorder depends
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The following regex string in rc.apparmor.functions
"^/.*[ \t]+flags[ \t]*=[ \t]*\([ \t]*complain[ \t]*\)[ \t]+{" is broken due to
the unescaped { at the end of the regex pattern.
GNU grep ignors the error. However, the Busybox grep does not and throws the
error "unescaped character {"
Escape the "{" character to fix this issue.
Note: Upstream has rewritten large sections of the rc.apparmor.functions file
and the function this patch fixes will no longer be necessary after the next
version is released. However, it is not possible to easily backport the
upstream patches as the rewrite comes with new features that would not be
possible with a simple patch such as this one.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When pod2man and pod2html are missing, building now exits with an
error.
Building of man pages and documentation should be skipped in buildroot,
setting both executables to the "true" command it's sufficient to skip
them.
Fixes:
http://autobuild.buildroot.net/results/ca8d3071d888b5c1cfa3e275afaf05415e19627f
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Actually the install target of some tools like the parser tries to do
an os detection to understand what install and where.
Incidentally, when the install is invoked on SuSE, this will trig a bug
in parallel install which manifests as "target/lib/apparmor: File exists"
error. For this problem, a patch is already sent upstream.
For buildroot instead, the os detection is useless so we disable it
and use a generic install method.
Fixes:
http://autobuild.buildroot.net/results/b18c6a9ce67065dcb7968c6f473b3b403d2925d2
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr: split off to its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr: split off to its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
The apparmor packages comes with a set of profiles for a class of usual,
mostly server-class programs and daemons.
Even though an embedded device will mostly require custom profiles, the
generic ones may come handy, as they also provide "abstractions", that
can serve as templates for custom profiles.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr: split off into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Most utilities are written in python3, except a few that are written in
a mixture of POSIX shell, bash, perl and awk.
The Makefile does not allow installing parts of it, but requiring all of
python3, bash, and perl to install the utils is too much of a
requirement.
Instead, we split the set in two, on one hand the python ones, which we
install when python3 is enabled, and on the other hand, the rest of the
script which we call 'extras', and which we install when all the extra
requirements (bash, perl, and busybox or gawk) are met; if not, then we
remove these extras utils as a post-install hook.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- split into its own patch
- re-arrange the conditions
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr: split off to its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
The various AppArmor utilities are spread in a few sub-directories of
the apparmor source tree. For now, we build only the parser, but we'll
soon introduce support for a few other utilities, so we prepare the
package to be able to build more than just the parser, hence the
slightly convoluted build and install commands, and the use of the
APPARMOR_TOOLS and APPARMOR_MAKE_OPTS variables, which will come handy
in the following commits.
We must ensure the version matches that of libapparmor, but there is not
much we can do to enforce that, so as we do for various other packages,
we just add a comment to that effect.
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
- make it a separate package
- split into its own patch, write a commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>