Commit Graph

20 Commits

Author SHA1 Message Date
Bernd Kuhls
2cacda2591 package/{apparmor, libapparmor}: bump version to 3.0.1
Release notes:
https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.1

Removed patches which were applied upstream, updated _SITE.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-02-07 10:24:49 +01:00
Heiko Thiery
791b14a182 package/apparmor: add APPARMOR_CPE_ID_VENDOR
cpe:2.3🅰️canonical:apparmor is a valid CPE identifier for this package:

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Acanonical%3Aapparmor

Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-21 22:02:01 +01:00
Stefan Agner
a325eefc1b package/apparmor: fix permission bits for apparmor.service
Avoid setting executable bits for apparmor.service. This gets rid of a
corresponding warning during installation:
  Configuration file ../target/usr/lib/systemd/system/apparmor.service
  is marked executable. Please remove executable permission bits.
  Proceeding anyway.

Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-11-12 21:56:58 +01:00
Fabrice Fontaine
dad3f09b6b package/libapparmor: fix build on musl
Fix build of version 3.0.0 with musl. Since the apparmor and
libapparmor packages share the same sources, we also share their
patches: this is why the patch is added in package/libapparmor/3.0.0,
and a symlink package/apparmor/3.0.0 -> package/libapparmor/3.0.0 is
added.

Fixes:
 - http://autobuild.buildroot.org/results/22fb440240aa698acc68f026be790d5366c8f908

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-10-15 22:27:31 +02:00
Angelo Compagnucci
da9fc76c6c package/apparmor: bump to version 3.0.0
This patch bumps apparmor and libapparmor to version 3.0.0

Of all our patches, one was already a backport, one is no longer
applicable (file largely rewritten), and the four others have been
applied upstream now.

The hash for the tarball is available on the homepage, so use that
as a reference.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
  - expand commit log to explain why we drop all the patches
  - add a reference for the hash for the source tarball
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-10-12 21:33:05 +02:00
Fabrice Fontaine
3c836e5420 package/apparmor: fix per-package build with apache
Per-package build of apparmor with apache fails on:

/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apparmor/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/apxs  -c mod_apparmor.c -L/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apparmor/host/bin/../x86_64-buildroot-linux-musl/sysroot/usr/lib -lapparmor

/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../usr/build-1/libtool --silent --mode=compile /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/bin/x86_64-linux-gcc -prefer-pic -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g2    -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/include  -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../usr/include/apr-1   -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../usr/include/apr-1 -I/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/bin/../../../../x86_64-buildroot-lin
 ux-musl/sysroot/usr/include  -c -o mod_apparmor.lo mod_apparmor.c && touch mod_apparmor.slo
mod_apparmor.c:28:10: fatal error: sys/apparmor.h: No such file or directory
 #include <sys/apparmor.h>
          ^~~~~~~~~~~~~~~~

The issue is that sys/appamor.h is not installed in the apache
per-package directory which is mangled by
APACHE_FIX_STAGING_APACHE_CONFIG, i.e.
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-0/output-1/per-package/apache/host/x86_64-buildroot-linux-musl/sysroot/usr/include

So implement the same workaround made on apache to replace those wrong
apache paths by apparmor paths in apxs binary and its configuration file
(i.e. config_vars.mk) as suggested by Thomas Petazzoni and Yann E. Morin
during review of the first iteration of this patch

Fixes:
 - http://autobuild.buildroot.org/results/ef1fcd57e0c09a2806bf2272bb21df6d3300b45b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-09-06 09:55:31 +02:00
Adam Duskett
eb02ef549f package/apparmor: add a dependency on net-tools if utils is selected
aa-unconfied requires the full version of netstat provided by the net-tools
package. Without the full version, running aa-unconfined will result in the
error:
netstat: invalid option -- 'p'

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr:
  - net-ttols is a runtime depednency
  - select BB_SHOW_OTHERS
  - reorder depends
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-05-08 10:06:44 +02:00
Adam Duskett
ebea009ffd package/apparmor: fix typo in Config.in
pyhon should be python

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-05-08 09:58:36 +02:00
Adam Duskett
515751036c package/apparmor: fix compatibility with busybox grep
The following regex string in rc.apparmor.functions
"^/.*[ \t]+flags[ \t]*=[ \t]*\([ \t]*complain[ \t]*\)[ \t]+{" is broken due to
the unescaped { at the end of the regex pattern.
GNU grep ignors the error. However, the Busybox grep does not and throws the
error "unescaped character {"

Escape the "{" character to fix this issue.

Note: Upstream has rewritten large sections of the rc.apparmor.functions file
and the function this patch fixes will no longer be necessary after the next
version is released. However, it is not possible to easily backport the
upstream patches as the rewrite comes with new features that would not be
possible with a simple patch such as this one.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-05-08 09:58:28 +02:00
Adam Duskett
6569d76aea package/apparmor: replace deprecated egrep with grep -E
Upstream commit: 5f46dedd6e8109d845af118b36039a5d7dd05af9

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-05-08 09:58:22 +02:00
Angelo Compagnucci
047832a1f2 package/apparmor: skip docs building
When pod2man and pod2html are missing, building now exits with an
error.
Building of man pages and documentation should be skipped in buildroot,
setting both executables to the "true" command it's sufficient to skip
them.

Fixes:
http://autobuild.buildroot.net/results/ca8d3071d888b5c1cfa3e275afaf05415e19627f

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-05-07 22:47:16 +02:00
Angelo Compagnucci
4f064ef8ef package/apparmor: fix compilation with libintl
When libintl is enabled, Apparmor should link againts libintl.
The patch is already sent upstream.

Fixes:
http://autobuild.buildroot.net/results/8bf/8bf5ce74721f828b01fd708443d020cdf8dc7d3a

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-27 22:52:01 +02:00
Angelo Compagnucci
29acee6e65 package/{apparmor,libapparmor}: bump to version 2.13.4
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-25 15:30:58 +02:00
Angelo Compagnucci
cf56da5481 package/apparmor: fixing installation os detection
Actually the install target of some tools like the parser tries to do
an os detection to understand what install and where.
Incidentally, when the install is invoked on SuSE, this will trig a bug
in parallel install which manifests as "target/lib/apparmor: File exists"
error. For this problem, a patch is already sent upstream.

For buildroot instead, the os detection is useless so we disable it
and use a generic install method.

Fixes:
http://autobuild.buildroot.net/results/b18c6a9ce67065dcb7968c6f473b3b403d2925d2

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-04-24 13:06:03 +02:00
Yann E. MORIN
adc2376bbb package/apparmor: enable apache integration
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr: split off to its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-04-20 09:55:48 +02:00
Yann E. MORIN
f8a0fe4f3a package/apparmor: enable PAM integration
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr: split off to its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-04-20 09:55:48 +02:00
Yann E. MORIN
12b76b077a package/apparmor: add option to install generic profiles
The apparmor packages comes with a set of profiles for a class of usual,
mostly server-class programs and daemons.

Even though an embedded device will mostly require custom profiles, the
generic ones may come handy, as they also provide "abstractions", that
can serve as templates for custom profiles.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr: split off into its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-04-20 09:55:48 +02:00
Yann E. MORIN
966a5265cb package/apparmor: add options to install utils
Most utilities are written in python3, except a few that are written in
a mixture of POSIX shell, bash, perl and awk.

The Makefile does not allow installing parts of it, but requiring all of
python3, bash, and perl to install the utils is too much of a
requirement.

Instead, we split the set in two, on one hand the python ones, which we
install when python3 is enabled, and on the other hand, the rest of the
script which we call 'extras', and which we install when all the extra
requirements (bash, perl, and busybox or gawk) are met; if not, then we
remove these extras utils as a post-install hook.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
  - split into its own patch
  - re-arrange the conditions
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-04-20 09:55:43 +02:00
Angelo Compagnucci
fa9466f5a4 package/apparmor: add option to install binutils
Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr: split off to its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-04-20 09:53:05 +02:00
Angelo Compagnucci
007ee0765e package/apparmor: new package
The various AppArmor utilities are spread in a few sub-directories of
the apparmor source tree. For now, we build only the parser, but we'll
soon introduce support for a few other utilities, so we prepare the
package to be able to build more than just the parser, hence the
slightly convoluted build and install commands, and the use of the
APPARMOR_TOOLS and APPARMOR_MAKE_OPTS variables, which will come handy
in the following commits.

We must ensure the version matches that of libapparmor, but there is not
much we can do to enforce that, so as we do for various other packages,
we just add a comment to that effect.

Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com>
[yann.morin.1998@free.fr:
  - make it a separate package
  - split into its own patch, write a commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-04-20 09:53:05 +02:00