From 0ef509b1e001ed6ff9eeb9772017641378be297f Mon Sep 17 00:00:00 2001 From: Evgeny Egorochkin Date: Fri, 10 May 2013 08:54:21 +0300 Subject: Apparmor: update to 2.8.1 --- pkgs/os-specific/linux/apparmor/capability.patch | 16 +++++++++++++++ pkgs/os-specific/linux/apparmor/default.nix | 26 +++++++++++++++++++----- 2 files changed, 37 insertions(+), 5 deletions(-) create mode 100644 pkgs/os-specific/linux/apparmor/capability.patch (limited to 'pkgs/os-specific/linux/apparmor') diff --git a/pkgs/os-specific/linux/apparmor/capability.patch b/pkgs/os-specific/linux/apparmor/capability.patch new file mode 100644 index 000000000000..c8f2b511d957 --- /dev/null +++ b/pkgs/os-specific/linux/apparmor/capability.patch @@ -0,0 +1,16 @@ +Description: allow parser to build even when not on Linux. +Author: Kees Cook + +Index: apparmor-debian/common/Make.rules +=================================================================== +--- apparmor-debian.orig/common/Make.rules 2012-05-05 14:41:25.967259523 -0700 ++++ apparmor-debian/common/Make.rules 2012-05-05 14:41:28.451291053 -0700 +@@ -160,7 +160,7 @@ + CAPABILITIES=$(shell echo "\#include " | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | sort) + + .PHONY: list_capabilities +-list_capabilities: /usr/include/linux/capability.h ++list_capabilities: + @echo "$(CAPABILITIES)" + + # ===================== diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix index 8a7d2b9e4581..221156555707 100644 --- a/pkgs/os-specific/linux/apparmor/default.nix +++ b/pkgs/os-specific/linux/apparmor/default.nix @@ -1,17 +1,20 @@ { stdenv, fetchurl , autoconf, automake, libtool, makeWrapper -, perl, bison, flex, glibc, gettext, which, rpm, tetex, LocaleGettext, bash, pam, TermReadKey, RpcXML, swig}: +, perl, bison, flex, glibc, gettext, which, rpm, tetex, LocaleGettext +, bash, pam, TermReadKey, RpcXML, swig, python }: stdenv.mkDerivation rec { name = "apparmor-${version}"; - version = "2.6.1"; + version = "2.8.1"; src = fetchurl { - url = "http://launchpad.net/apparmor/2.6/2.6.1/+download/${name}.tar.gz"; - sha256 = "1x7225xgzyc5agbn41xsip236anr1kmaw70xc94pag82q7c1bc4w"; + url = "http://launchpad.net/apparmor/2.8/${version}/+download/${name}.tar.gz"; + sha256 = "1r0a5k14jbiik28m5gql0f3dbxl252jya7i120rrsbzqqnvw6nw7"; }; - buildInputs = [ autoconf automake libtool perl bison flex gettext which rpm tetex LocaleGettext pam TermReadKey RpcXML swig makeWrapper ]; + buildInputs = [ + autoconf automake libtool perl bison flex gettext which rpm tetex + LocaleGettext pam TermReadKey RpcXML swig makeWrapper python ]; prePatch = '' substituteInPlace libraries/libapparmor/src/Makefile.in --replace "/usr/include" "${glibc}/include" @@ -24,11 +27,16 @@ stdenv.mkDerivation rec { substituteInPlace parser/Makefile --replace "/usr/include/bits/socket.h" "${glibc}/include/bits/socket.h" substituteInPlace parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h" + # for some reason pdf documentation doesn't build + substituteInPlace parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages" + substituteInPlace parser/tst/gen-xtrans.pl --replace "/usr/bin/perl" "${perl}/bin/perl" substituteInPlace parser/tst/Makefile --replace "/usr/bin/prove" "${perl}/bin/prove" substituteInPlace parser/tst/Makefile --replace "./caching.sh" "${bash}/bin/bash ./caching.sh" ''; + patches = ./capability.patch; + buildPhase ='' PERL5LIB=$PERL5LIB:$out/lib/perl5/site_perl:$out/lib @@ -80,6 +88,14 @@ LD_LIBRARY_PATH=$out/lib make "${src}/kernel-patches/2.6.37/0003-AppArmor-Allow-dfa-backward-compatibility-with-broke.patch" ]; }; + linux_3_2_patch = { + features.apparmor = true; + patch = [ + "${src}/kernel-patches/3.2/0001-AppArmor-compatibility-patch-for-v5-network-controll.patch" + "${src}/kernel-patches/3.2/0002-AppArmor-compatibility-patch-for-v5-interface.patch" + "${src}/kernel-patches/3.2/0003-AppArmor-Allow-dfa-backward-compatibility-with-broke.patch" + ]; + }; }; meta = with stdenv.lib; { -- cgit 1.4.1