nixpkgs-suyu/pkgs/os-specific/linux/apparmor/2.9/default.nix

{ stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, perl, which
, glibc, flex, bison, python27, swig, dbus, pam
}:

let
  apparmor-series = "2.9";
  apparmor-patchver = "2";
  apparmor-version = "${apparmor-series}.${apparmor-patchver}";

  apparmor-meta = component: with stdenv.lib; {
      homepage = http://apparmor.net/;
      description = "Linux application security system - ${component}";
      license = licenses.gpl2;
      maintainers = with maintainers; [ phreedom thoughtpolice joachifm ];
      platforms = platforms.linux;
  };

  apparmor-sources = fetchurl {
    url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz";
    sha256 = "1mayly7d7w959fya7z8q6kab2x3jcwhqhkpx36jsvpjhxkhmc4fh";
  };

  prePatchCommon = ''
    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man"
    substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html"
    substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
    substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man"
  '';

  libapparmor = stdenv.mkDerivation {
    name = "libapparmor-${apparmor-version}";
    src = apparmor-sources;

    buildInputs = [
      autoconf
      automake
      bison
      flex
      dbus # requires patch to dbus ...
      glibc
      libtool
      perl
      pkgconfig
      python27
      swig
      which
    ];

    prePatch = prePatchCommon + ''
      substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"
      substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"
      '';

    buildPhase = ''
      cd ./libraries/libapparmor
      ./autogen.sh
      ./configure --prefix="$out" --with-python --with-perl
      make
      '';

    installPhase = ''
      make install
    '';

    meta = apparmor-meta "library";
  };

  apparmor-utils = stdenv.mkDerivation {
    name = "apparmor-utils-${apparmor-version}";
    src = apparmor-sources;

    buildInputs = [
      python27
      libapparmor
      which
    ];

    prePatch = prePatchCommon;

    buildPhase = ''
      cd ./utils
      make LANGS=""
    '';

    installPhase = ''
      make install LANGS="" DESTDIR="$out" BINDIR="$out/bin" VIM_INSTALL_PATH="$out/share" PYPREFIX=""
    '';

    meta = apparmor-meta "user-land utilities";
  };

  apparmor-parser = stdenv.mkDerivation {
    name = "apparmor-parser-${apparmor-version}";
    src = apparmor-sources;

    buildInputs = [
      libapparmor
      bison
      flex
      which
    ];

    prePatch = prePatchCommon + ''
      substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison"
      substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex"
      substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"
      ## techdoc.pdf still doesn't build ...
      substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"
    '';

    buildPhase = ''
      cd ./parser
      make LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include
    '';

    installPhase = ''
      make install LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include DESTDIR="$out" DISTRO="unknown"
    '';

    meta = apparmor-meta "rule parser";
  };

  apparmor-pam = stdenv.mkDerivation {
    name = "apparmor-pam-${apparmor-version}";
    src = apparmor-sources;

    buildInputs = [
      libapparmor
      pam
      pkgconfig
      which
    ];

    buildPhase = ''
      cd ./changehat/pam_apparmor
      make USE_SYSTEM=1
    '';

    installPhase = ''
      make install DESTDIR="$out"
    '';

    meta = apparmor-meta "PAM service";
  };

  apparmor-profiles = stdenv.mkDerivation {
    name = "apparmor-profiles-${apparmor-version}";
    src = apparmor-sources;

    buildInputs = [ which ];

    buildPhase = ''
      cd ./profiles
      make
    '';

    installPhase = ''
      make install DESTDIR="$out" EXTRAS_DEST="$out/share/apparmor/extra-profiles"
    '';

    meta = apparmor-meta "profiles";
  };

  apparmor-kernel-patches = stdenv.mkDerivation {
    name = "apparmor-kernel-patches-${apparmor-version}";
    src = apparmor-sources;

    phases = ''unpackPhase installPhase'';

    installPhase = ''
      mkdir "$out"
      cp -R ./kernel-patches "$out"
    '';

    meta = apparmor-meta "kernel patches";
  };

in

{
  inherit libapparmor apparmor-utils apparmor-parser apparmor-pam
  apparmor-profiles apparmor-kernel-patches;
}
Add AppArmor 2.9 The 2.9 series brings features such as support for dbus, unix abstract sockets, ptrace mediation, and replaces Perl tools with equivalents implemented in Python. See [1] for details. The package expression has been changed to build each component (library, parser) separately. Additionally, Perl is now only used to build man pages and locale support has been removed. The user-land tools are currently broken (fail to import the Python module), but this isn't really a regression, as only two or three of the tools installed by the previous version were functional. The most important tool, aa-status, works, however. Lastly, dbus support is compiled in, but is untested and probably requires patching of dbus. [1]: http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 2015-03-12 10:10:47 +01:00			`{ stdenv, fetchurl, autoconf, automake, libtool, pkgconfig, perl, which`
			`, glibc, flex, bison, python27, swig, dbus, pam`
			`}:`

			`let`
			`apparmor-series = "2.9";`
apparmor: 2.9.1 -> 2.9.2 Bugfixes & minor improvements 2015-04-24 12:42:58 +02:00			`apparmor-patchver = "2";`
Add AppArmor 2.9 The 2.9 series brings features such as support for dbus, unix abstract sockets, ptrace mediation, and replaces Perl tools with equivalents implemented in Python. See [1] for details. The package expression has been changed to build each component (library, parser) separately. Additionally, Perl is now only used to build man pages and locale support has been removed. The user-land tools are currently broken (fail to import the Python module), but this isn't really a regression, as only two or three of the tools installed by the previous version were functional. The most important tool, aa-status, works, however. Lastly, dbus support is compiled in, but is untested and probably requires patching of dbus. [1]: http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 2015-03-12 10:10:47 +01:00			`apparmor-version = "${apparmor-series}.${apparmor-patchver}";`

			`apparmor-meta = component: with stdenv.lib; {`
			`homepage = http://apparmor.net/;`
			`description = "Linux application security system - ${component}";`
			`license = licenses.gpl2;`
			`maintainers = with maintainers; [ phreedom thoughtpolice joachifm ];`
			`platforms = platforms.linux;`
			`};`

			`apparmor-sources = fetchurl {`
			`url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz";`
apparmor: 2.9.1 -> 2.9.2 Bugfixes & minor improvements 2015-04-24 12:42:58 +02:00			`sha256 = "1mayly7d7w959fya7z8q6kab2x3jcwhqhkpx36jsvpjhxkhmc4fh";`
Add AppArmor 2.9 The 2.9 series brings features such as support for dbus, unix abstract sockets, ptrace mediation, and replaces Perl tools with equivalents implemented in Python. See [1] for details. The package expression has been changed to build each component (library, parser) separately. Additionally, Perl is now only used to build man pages and locale support has been removed. The user-land tools are currently broken (fail to import the Python module), but this isn't really a regression, as only two or three of the tools installed by the previous version were functional. The most important tool, aa-status, works, however. Lastly, dbus support is compiled in, but is untested and probably requires patching of dbus. [1]: http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 2015-03-12 10:10:47 +01:00			`};`

apparmor: factor out common prePatch 2015-03-17 11:11:26 +01:00			`prePatchCommon = ''`
			`substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2man" "${perl}/bin/pod2man"`
			`substituteInPlace ./common/Make.rules --replace "/usr/bin/pod2html" "${perl}/bin/pod2html"`
			`substituteInPlace ./common/Make.rules --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"`
apparmor: fixup install locations This patch fixes install locations for man pages, python modules and vim scripts. This patch improves but does not fix the user-land AppArmor utilities (i.e., they can now import the modules they need but are broken in other ways still). 2015-03-17 11:28:20 +01:00			`substituteInPlace ./common/Make.rules --replace "/usr/share/man" "share/man"`
apparmor: factor out common prePatch 2015-03-17 11:11:26 +01:00			`'';`

Add AppArmor 2.9 The 2.9 series brings features such as support for dbus, unix abstract sockets, ptrace mediation, and replaces Perl tools with equivalents implemented in Python. See [1] for details. The package expression has been changed to build each component (library, parser) separately. Additionally, Perl is now only used to build man pages and locale support has been removed. The user-land tools are currently broken (fail to import the Python module), but this isn't really a regression, as only two or three of the tools installed by the previous version were functional. The most important tool, aa-status, works, however. Lastly, dbus support is compiled in, but is untested and probably requires patching of dbus. [1]: http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 2015-03-12 10:10:47 +01:00			`libapparmor = stdenv.mkDerivation {`
			`name = "libapparmor-${apparmor-version}";`
			`src = apparmor-sources;`

			`buildInputs = [`
			`autoconf`
			`automake`
			`bison`
			`flex`
			`dbus # requires patch to dbus ...`
			`glibc`
			`libtool`
			`perl`
			`pkgconfig`
			`python27`
			`swig`
			`which`
			`];`

apparmor: factor out common prePatch 2015-03-17 11:11:26 +01:00			`prePatch = prePatchCommon + ''`
Add AppArmor 2.9 The 2.9 series brings features such as support for dbus, unix abstract sockets, ptrace mediation, and replaces Perl tools with equivalents implemented in Python. See [1] for details. The package expression has been changed to build each component (library, parser) separately. Additionally, Perl is now only used to build man pages and locale support has been removed. The user-land tools are currently broken (fail to import the Python module), but this isn't really a regression, as only two or three of the tools installed by the previous version were functional. The most important tool, aa-status, works, however. Lastly, dbus support is compiled in, but is untested and probably requires patching of dbus. [1]: http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 2015-03-12 10:10:47 +01:00			`substituteInPlace ./libraries/libapparmor/src/Makefile.am --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"`
			`substituteInPlace ./libraries/libapparmor/src/Makefile.in --replace "/usr/include/netinet/in.h" "${glibc}/include/netinet/in.h"`
			`'';`

			`buildPhase = ''`
			`cd ./libraries/libapparmor`
			`./autogen.sh`
libapparmor: build perl bindings There are still a few utils which use Perl, though most have been ported to Python. Note that SWIG v2 is required to avoid the `error: 'bool' undeclared` build failure with Perl >=5.16 [1]. [1]: https://github.com/swig/swig/commit/4305a3cef9b210541c3b88ab2fd03d787c3bca66 2015-04-07 10:58:08 +02:00			`./configure --prefix="$out" --with-python --with-perl`
Add AppArmor 2.9 The 2.9 series brings features such as support for dbus, unix abstract sockets, ptrace mediation, and replaces Perl tools with equivalents implemented in Python. See [1] for details. The package expression has been changed to build each component (library, parser) separately. Additionally, Perl is now only used to build man pages and locale support has been removed. The user-land tools are currently broken (fail to import the Python module), but this isn't really a regression, as only two or three of the tools installed by the previous version were functional. The most important tool, aa-status, works, however. Lastly, dbus support is compiled in, but is untested and probably requires patching of dbus. [1]: http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 2015-03-12 10:10:47 +01:00			`make`
			`'';`

			`installPhase = ''`
			`make install`
			`'';`

			`meta = apparmor-meta "library";`
			`};`

			`apparmor-utils = stdenv.mkDerivation {`
			`name = "apparmor-utils-${apparmor-version}";`
			`src = apparmor-sources;`

			`buildInputs = [`
			`python27`
			`libapparmor`
			`which`
			`];`

apparmor: factor out common prePatch 2015-03-17 11:11:26 +01:00			`prePatch = prePatchCommon;`
Add AppArmor 2.9 The 2.9 series brings features such as support for dbus, unix abstract sockets, ptrace mediation, and replaces Perl tools with equivalents implemented in Python. See [1] for details. The package expression has been changed to build each component (library, parser) separately. Additionally, Perl is now only used to build man pages and locale support has been removed. The user-land tools are currently broken (fail to import the Python module), but this isn't really a regression, as only two or three of the tools installed by the previous version were functional. The most important tool, aa-status, works, however. Lastly, dbus support is compiled in, but is untested and probably requires patching of dbus. [1]: http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 2015-03-12 10:10:47 +01:00
			`buildPhase = ''`
			`cd ./utils`
			`make LANGS=""`
			`'';`

			`installPhase = ''`
apparmor: fixup install locations This patch fixes install locations for man pages, python modules and vim scripts. This patch improves but does not fix the user-land AppArmor utilities (i.e., they can now import the modules they need but are broken in other ways still). 2015-03-17 11:28:20 +01:00			`make install LANGS="" DESTDIR="$out" BINDIR="$out/bin" VIM_INSTALL_PATH="$out/share" PYPREFIX=""`
Add AppArmor 2.9 The 2.9 series brings features such as support for dbus, unix abstract sockets, ptrace mediation, and replaces Perl tools with equivalents implemented in Python. See [1] for details. The package expression has been changed to build each component (library, parser) separately. Additionally, Perl is now only used to build man pages and locale support has been removed. The user-land tools are currently broken (fail to import the Python module), but this isn't really a regression, as only two or three of the tools installed by the previous version were functional. The most important tool, aa-status, works, however. Lastly, dbus support is compiled in, but is untested and probably requires patching of dbus. [1]: http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 2015-03-12 10:10:47 +01:00			`'';`

			`meta = apparmor-meta "user-land utilities";`
			`};`

			`apparmor-parser = stdenv.mkDerivation {`
			`name = "apparmor-parser-${apparmor-version}";`
			`src = apparmor-sources;`

			`buildInputs = [`
			`libapparmor`
			`bison`
			`flex`
			`which`
			`];`

apparmor: factor out common prePatch 2015-03-17 11:11:26 +01:00			`prePatch = prePatchCommon + ''`
Add AppArmor 2.9 The 2.9 series brings features such as support for dbus, unix abstract sockets, ptrace mediation, and replaces Perl tools with equivalents implemented in Python. See [1] for details. The package expression has been changed to build each component (library, parser) separately. Additionally, Perl is now only used to build man pages and locale support has been removed. The user-land tools are currently broken (fail to import the Python module), but this isn't really a regression, as only two or three of the tools installed by the previous version were functional. The most important tool, aa-status, works, however. Lastly, dbus support is compiled in, but is untested and probably requires patching of dbus. [1]: http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 2015-03-12 10:10:47 +01:00			`substituteInPlace ./parser/Makefile --replace "/usr/bin/bison" "${bison}/bin/bison"`
			`substituteInPlace ./parser/Makefile --replace "/usr/bin/flex" "${flex}/bin/flex"`
			`substituteInPlace ./parser/Makefile --replace "/usr/include/linux/capability.h" "${glibc}/include/linux/capability.h"`
			`## techdoc.pdf still doesn't build ...`
			`substituteInPlace ./parser/Makefile --replace "manpages htmlmanpages pdf" "manpages htmlmanpages"`
			`'';`

			`buildPhase = ''`
			`cd ./parser`
			`make LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include`
			`'';`

			`installPhase = ''`
			`make install LANGS="" USE_SYSTEM=1 INCLUDEDIR=${libapparmor}/include DESTDIR="$out" DISTRO="unknown"`
			`'';`

			`meta = apparmor-meta "rule parser";`
			`};`

			`apparmor-pam = stdenv.mkDerivation {`
			`name = "apparmor-pam-${apparmor-version}";`
			`src = apparmor-sources;`

			`buildInputs = [`
			`libapparmor`
			`pam`
			`pkgconfig`
			`which`
			`];`

			`buildPhase = ''`
			`cd ./changehat/pam_apparmor`
			`make USE_SYSTEM=1`
			`'';`

			`installPhase = ''`
			`make install DESTDIR="$out"`
			`'';`

			`meta = apparmor-meta "PAM service";`
			`};`

			`apparmor-profiles = stdenv.mkDerivation {`
			`name = "apparmor-profiles-${apparmor-version}";`
			`src = apparmor-sources;`

Cleanup apparmor expression Remove excessive whitespace & comments. 2015-03-17 11:05:00 +01:00			`buildInputs = [ which ];`
Add AppArmor 2.9 The 2.9 series brings features such as support for dbus, unix abstract sockets, ptrace mediation, and replaces Perl tools with equivalents implemented in Python. See [1] for details. The package expression has been changed to build each component (library, parser) separately. Additionally, Perl is now only used to build man pages and locale support has been removed. The user-land tools are currently broken (fail to import the Python module), but this isn't really a regression, as only two or three of the tools installed by the previous version were functional. The most important tool, aa-status, works, however. Lastly, dbus support is compiled in, but is untested and probably requires patching of dbus. [1]: http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 2015-03-12 10:10:47 +01:00
			`buildPhase = ''`
			`cd ./profiles`
			`make`
			`'';`

			`installPhase = ''`
apparmor: fixup install locations This patch fixes install locations for man pages, python modules and vim scripts. This patch improves but does not fix the user-land AppArmor utilities (i.e., they can now import the modules they need but are broken in other ways still). 2015-03-17 11:28:20 +01:00			`make install DESTDIR="$out" EXTRAS_DEST="$out/share/apparmor/extra-profiles"`
Add AppArmor 2.9 The 2.9 series brings features such as support for dbus, unix abstract sockets, ptrace mediation, and replaces Perl tools with equivalents implemented in Python. See [1] for details. The package expression has been changed to build each component (library, parser) separately. Additionally, Perl is now only used to build man pages and locale support has been removed. The user-land tools are currently broken (fail to import the Python module), but this isn't really a regression, as only two or three of the tools installed by the previous version were functional. The most important tool, aa-status, works, however. Lastly, dbus support is compiled in, but is untested and probably requires patching of dbus. [1]: http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0 2015-03-12 10:10:47 +01:00			`'';`

			`meta = apparmor-meta "profiles";`
			`};`

			`apparmor-kernel-patches = stdenv.mkDerivation {`
			`name = "apparmor-kernel-patches-${apparmor-version}";`
			`src = apparmor-sources;`

			`phases = ''unpackPhase installPhase'';`

			`installPhase = ''`
			`mkdir "$out"`
			`cp -R ./kernel-patches "$out"`
			`'';`

			`meta = apparmor-meta "kernel patches";`
			`};`

			`in`

			`{`
			`inherit libapparmor apparmor-utils apparmor-parser apparmor-pam`
			`apparmor-profiles apparmor-kernel-patches;`
			`}`