about summary refs log tree commit diff
path: root/nixpkgs/pkgs/os-specific/linux/apparmor/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux/apparmor/default.nix')
-rw-r--r--nixpkgs/pkgs/os-specific/linux/apparmor/default.nix104
1 files changed, 70 insertions, 34 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/apparmor/default.nix b/nixpkgs/pkgs/os-specific/linux/apparmor/default.nix
index 344913888d57..8e95c44f95cd 100644
--- a/nixpkgs/pkgs/os-specific/linux/apparmor/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/apparmor/default.nix
@@ -4,13 +4,14 @@
 , linuxHeaders ? stdenv.cc.libc.linuxHeaders
 , gawk
 , withPerl ? stdenv.hostPlatform == stdenv.buildPlatform && lib.meta.availableOn stdenv.hostPlatform perl, perl
-, withPython ? stdenv.hostPlatform == stdenv.buildPlatform && lib.meta.availableOn stdenv.hostPlatform python, python
+, withPython ? stdenv.hostPlatform == stdenv.buildPlatform && lib.meta.availableOn stdenv.hostPlatform python3, python3
 , swig
 , ncurses
 , pam
 , libnotify
 , buildPackages
 , coreutils
+, bash
 , gnugrep
 , gnused
 , kmod
@@ -26,7 +27,7 @@ let
     homepage = "https://apparmor.net/";
     description = "A mandatory access control system - ${component}";
     license = licenses.gpl2;
-    maintainers = with maintainers; [ joachifm julm phreedom thoughtpolice ];
+    maintainers = with maintainers; [ joachifm julm thoughtpolice ];
     platforms = platforms.linux;
   };
 
@@ -44,10 +45,11 @@ let
   prePatchCommon = ''
     chmod a+x ./common/list_capabilities.sh ./common/list_af_names.sh
     patchShebangs ./common/list_capabilities.sh ./common/list_af_names.sh
-    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${buildPackages.perl}/bin/pod2man"
-    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${buildPackages.perl}/bin/pod2html"
-    substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${linuxHeaders}/include/linux/capability.h"
-    substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man"
+    substituteInPlace ./common/Make.rules \
+      --replace "/usr/bin/pod2man" "${buildPackages.perl}/bin/pod2man" \
+      --replace "/usr/bin/pod2html" "${buildPackages.perl}/bin/pod2html" \
+      --replace "/usr/include/linux/capability.h" "${linuxHeaders}/include/linux/capability.h" \
+      --replace "/usr/share/man" "share/man"
   '';
 
   patches = lib.optionals stdenv.hostPlatform.isMusl [
@@ -65,9 +67,16 @@ let
   # FIXME: convert these to a single multiple-outputs package?
 
   libapparmor = stdenv.mkDerivation {
-    name = "libapparmor-${apparmor-version}";
+    pname = "libapparmor";
+    version = apparmor-version;
+
     src = apparmor-sources;
 
+   # checking whether python bindings are enabled... yes
+   # checking for python3... no
+   # configure: error: python is required when enabling python bindings
+    strictDeps = false;
+
     nativeBuildInputs = [
       autoreconfHook
       bison
@@ -77,11 +86,10 @@ let
       ncurses
       which
       perl
-    ];
+    ] ++ lib.optional withPython python3;
 
-    buildInputs = []
-      ++ lib.optional withPerl perl
-      ++ lib.optional withPython python;
+    buildInputs = lib.optional withPerl perl
+      ++ lib.optional withPython python3;
 
     # required to build apparmor-parser
     dontDisableStatic = true;
@@ -94,7 +102,10 @@ let
     '';
     inherit patches;
 
-    postPatch = "cd ./libraries/libapparmor";
+    postPatch = ''
+      cd ./libraries/libapparmor
+    '';
+
     # https://gitlab.com/apparmor/apparmor/issues/1
     configureFlags = [
       (lib.withFeature withPerl "perl")
@@ -114,14 +125,19 @@ let
   };
 
   apparmor-utils = stdenv.mkDerivation {
-    name = "apparmor-utils-${apparmor-version}";
+    pname = "apparmor-utils";
+    version = apparmor-version;
+
     src = apparmor-sources;
 
-    nativeBuildInputs = [ makeWrapper which ];
+    strictDeps = true;
+
+    nativeBuildInputs = [ makeWrapper which python3 ];
 
     buildInputs = [
+      bash
       perl
-      python
+      python3
       libapparmor
       libapparmor.python
     ];
@@ -131,9 +147,9 @@ let
       lib.optionalString stdenv.hostPlatform.isMusl ''
         sed -i ./utils/Makefile -e "/\<vim\>/d"
       '' + ''
-      substituteInPlace ./utils/apparmor/easyprof.py --replace "/sbin/apparmor_parser" "${apparmor-parser}/bin/apparmor_parser"
-      substituteInPlace ./utils/apparmor/aa.py --replace "/sbin/apparmor_parser" "${apparmor-parser}/bin/apparmor_parser"
-      substituteInPlace ./utils/logprof.conf --replace "/sbin/apparmor_parser" "${apparmor-parser}/bin/apparmor_parser"
+      for file in utils/apparmor/easyprof.py utils/apparmor/aa.py utils/logprof.conf; do
+        substituteInPlace $file --replace "/sbin/apparmor_parser" "${apparmor-parser}/bin/apparmor_parser"
+      done
     '';
     inherit patches;
     postPatch = "cd ./utils";
@@ -143,7 +159,7 @@ let
     postInstall = ''
       sed -i $out/bin/aa-unconfined -e "/my_env\['PATH'\]/d"
       for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-unconfined ; do
-        wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python.libPrefix}/site-packages:$PYTHONPATH"
+        wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python3.libPrefix}/site-packages:$PYTHONPATH"
       done
 
       substituteInPlace $out/bin/aa-notify \
@@ -153,7 +169,7 @@ let
       substituteInPlace $out/bin/aa-remove-unknown \
        --replace "/lib/apparmor/rc.apparmor.functions" "${apparmor-parser}/lib/apparmor/rc.apparmor.functions"
       wrapProgram $out/bin/aa-remove-unknown \
-       --prefix PATH : ${lib.makeBinPath [gawk]}
+       --prefix PATH : ${lib.makeBinPath [ gawk ]}
 
       ln -s ${aa-teardown} $out/bin/aa-teardown
     '';
@@ -166,7 +182,9 @@ let
   };
 
   apparmor-bin-utils = stdenv.mkDerivation {
-    name = "apparmor-bin-utils-${apparmor-version}";
+    pname = "apparmor-bin-utils";
+    version = apparmor-version;
+
     src = apparmor-sources;
 
     nativeBuildInputs = [
@@ -181,7 +199,9 @@ let
     ];
 
     prePatch = prePatchCommon;
-    postPatch = "cd ./binutils";
+    postPatch = ''
+      cd ./binutils
+    '';
     makeFlags = [ "LANGS=" "USE_SYSTEM=1" ];
     installFlags = [ "DESTDIR=$(out)" "BINDIR=$(out)/bin" "SBINDIR=$(out)/bin" ];
 
@@ -191,7 +211,9 @@ let
   };
 
   apparmor-parser = stdenv.mkDerivation {
-    name = "apparmor-parser-${apparmor-version}";
+    name = "apparmor-parser";
+    version = apparmor-version;
+
     src = apparmor-sources;
 
     nativeBuildInputs = [ bison flex which ];
@@ -199,17 +221,20 @@ let
     buildInputs = [ libapparmor ];
 
     prePatch = prePatchCommon + ''
-      substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison"
-      substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex"
-      substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${linuxHeaders}/include/linux/capability.h"
       ## techdoc.pdf still doesn't build ...
-      substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
+      substituteInPlace ./parser/Makefile \
+        --replace "/usr/bin/bison" "${bison}/bin/bison" \
+        --replace "/usr/bin/flex" "${flex}/bin/flex" \
+        --replace "/usr/include/linux/capability.h" "${linuxHeaders}/include/linux/capability.h" \
+        --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
       substituteInPlace parser/rc.apparmor.functions \
        --replace "/sbin/apparmor_parser" "$out/bin/apparmor_parser"
       sed -i parser/rc.apparmor.functions -e '2i . ${./fix-rc.apparmor.functions.sh}'
     '';
     inherit patches;
-    postPatch = "cd ./parser";
+    postPatch = ''
+      cd ./parser
+    '';
     makeFlags = [
       "LANGS=" "USE_SYSTEM=1" "INCLUDEDIR=${libapparmor}/include"
       "AR=${stdenv.cc.bintools.targetPrefix}ar"
@@ -222,14 +247,18 @@ let
   };
 
   apparmor-pam = stdenv.mkDerivation {
-    name = "apparmor-pam-${apparmor-version}";
+    pname = "apparmor-pam";
+    version = apparmor-version;
+
     src = apparmor-sources;
 
     nativeBuildInputs = [ pkg-config which ];
 
     buildInputs = [ libapparmor pam ];
 
-    postPatch = "cd ./changehat/pam_apparmor";
+    postPatch = ''
+      cd ./changehat/pam_apparmor
+    '';
     makeFlags = [ "USE_SYSTEM=1" ];
     installFlags = [ "DESTDIR=$(out)" ];
 
@@ -239,12 +268,17 @@ let
   };
 
   apparmor-profiles = stdenv.mkDerivation {
-    name = "apparmor-profiles-${apparmor-version}";
+    pname = "apparmor-profiles";
+    version = apparmor-version;
+
     src = apparmor-sources;
 
     nativeBuildInputs = [ which ];
 
-    postPatch = "cd ./profiles";
+    postPatch = ''
+      cd ./profiles
+    '';
+
     installFlags = [ "DESTDIR=$(out)" "EXTRAS_DEST=$(out)/share/apparmor/extra-profiles" ];
 
     inherit doCheck;
@@ -253,7 +287,9 @@ let
   };
 
   apparmor-kernel-patches = stdenv.mkDerivation {
-    name = "apparmor-kernel-patches-${apparmor-version}";
+    pname = "apparmor-kernel-patches";
+    version = apparmor-version;
+
     src = apparmor-sources;
 
     dontBuild = true;
@@ -294,7 +330,7 @@ let
     touch $out
     while read -r path
     do printf >>$out "%s,\n" ${lib.concatMapStringsSep " " (x: "\"${x}\"") (baseRules ++ additionalRules)}
-    done <${closureInfo {inherit rootPaths;}}/store-paths
+    done <${closureInfo { inherit rootPaths; }}/store-paths
   '';
 in
 {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-10 19:13:55 +0000