Initial commit

2026-04-23 17:07:55 +08:00
commit b7e39e063b
16725 changed files with 1625565 additions and 0 deletions
@@ -0,0 +1,174 @@
+SUMMARY = "AppArmor another MAC control system"
+DESCRIPTION = "user-space parser utility for AppArmor \
+ This provides the system initialization scripts needed to use the \
+ AppArmor Mandatory Access Control system, including the AppArmor Parser \
+ which is required to convert AppArmor text profiles into machine-readable \
+ policies that are loaded into the kernel for use with the AppArmor Linux \
+ Security Module."
+HOMEPAGE = "http://apparmor.net/"
+SECTION = "admin"
+
+LICENSE = "GPL-2.0-only & GPL-2.0-or-later & BSD-3-Clause & LGPL-2.1-or-later"
+LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=fd57a4b0bc782d7b80fd431f10bbf9d0"
+
+DEPENDS = "bison-native apr gettext-native coreutils-native swig-native"
+
+SRC_URI = " \
+    git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-3.1 \
+    file://run-ptest \
+    file://crosscompile_perl_bindings.patch \
+    file://0001-Makefile.am-suppress-perllocal.pod.patch \
+    file://0001-Makefile-fix-hardcoded-installation-directories.patch \
+    "
+
+SRCREV = "e69cb5047946818e6a9df326851483bb075a5cfe"
+S = "${WORKDIR}/git"
+
+PARALLEL_MAKE = ""
+
+COMPATIBLE_MACHINE:mips64 = "(!.*mips64).*"
+
+inherit pkgconfig autotools-brokensep update-rc.d python3native python3targetconfig perlnative cpan systemd features_check bash-completion setuptools3
+
+REQUIRED_DISTRO_FEATURES = "apparmor"
+
+PACKAGECONFIG ?= "python perl aa-decode"
+PACKAGECONFIG[manpages] = "--enable-man-pages, --disable-man-pages"
+PACKAGECONFIG[python] = "--with-python, --without-python, python3 , python3-core python3-modules"
+PACKAGECONFIG[perl] = "--with-perl, --without-perl, "
+PACKAGECONFIG[apache2] = ",,apache2,"
+PACKAGECONFIG[aa-decode] = ",,,bash"
+
+python() {
+    if 'apache2' in d.getVar('PACKAGECONFIG').split() and \
+       'webserver' not in d.getVar('BBFILE_COLLECTIONS').split():
+        raise bb.parse.SkipRecipe('Requires meta-webserver to be present.')
+}
+
+DISABLE_STATIC = ""
+
+do_configure() {
+    cd ${S}/libraries/libapparmor
+    aclocal
+    autoconf --force
+    libtoolize --automake -c --force
+    automake -ac
+    ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
+}
+
+do_compile () {
+    sed -i "s@sed -ie 's///g' Makefile.perl@@" ${S}/libraries/libapparmor/swig/perl/Makefile
+    oe_runmake -C ${B}/libraries/libapparmor
+    oe_runmake -C ${B}/binutils
+    oe_runmake -C ${B}/utils
+    oe_runmake -C ${B}/parser
+    oe_runmake -C ${B}/profiles
+
+    if ${@bb.utils.contains('PACKAGECONFIG','apache2','true','false', d)}; then
+        oe_runmake -C ${B}/changehat/mod_apparmor
+    fi
+
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then
+        oe_runmake -C ${B}/changehat/pam_apparmor
+    fi
+}
+
+do_install () {
+    oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install
+    oe_runmake -C ${B}/binutils DESTDIR="${D}" install
+    oe_runmake -C ${B}/utils DESTDIR="${D}" install
+    oe_runmake -C ${B}/parser DESTDIR="${D}" install
+    oe_runmake -C ${B}/profiles DESTDIR="${D}" install
+
+    if ! ${@bb.utils.contains('PACKAGECONFIG','aa-decode','true','false', d)}; then
+        rm -f ${D}${sbindir}/aa-decode
+    fi
+
+    if ${@bb.utils.contains('PACKAGECONFIG','apache2','true','false', d)}; then
+        oe_runmake -C ${B}/changehat/mod_apparmor DESTDIR="${D}" install
+    fi
+
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then
+        oe_runmake -C ${B}/changehat/pam_apparmor DESTDIR="${D}" install
+    fi
+
+    if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then
+        install -d ${D}${sysconfdir}/init.d
+        install -m 755 ${B}/parser/rc.apparmor.functions ${D}${sysconfdir}/init.d/apparmor
+    fi
+
+    if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+        oe_runmake -C ${B}/parser DESTDIR="${D}" install-systemd
+    fi
+    chown root:root -R ${D}/${sysconfdir}/apparmor.d
+    chown root:root -R ${D}/${datadir}/apparmor
+}
+
+#Building ptest on arm fails.
+do_compile_ptest:aarch64 () {
+  :
+}
+
+do_compile_ptest:arm () {
+  :
+}
+
+do_compile_ptest () {
+    sed -i -e 's/cpp \-dM/${HOST_PREFIX}gcc \-dM/' ${B}/tests/regression/apparmor/Makefile
+    oe_runmake -C ${B}/tests/regression/apparmor USE_SYSTEM=0
+    oe_runmake -C ${B}/libraries/libapparmor 
+}
+
+do_install_ptest () {
+    t=${D}/${PTEST_PATH}/testsuite
+    install -d ${t}
+    install -d ${t}/tests/regression/apparmor
+    cp -rf ${B}/tests/regression/apparmor ${t}/tests/regression
+
+    cp ${B}/parser/apparmor_parser ${t}/parser
+    cp ${B}/parser/frob_slack_rc ${t}/parser
+
+    install -d ${t}/libraries/libapparmor
+    cp -rf ${B}/libraries/libapparmor ${t}/libraries
+
+    install -d ${t}/common
+    cp -rf ${B}/common ${t}
+
+    install -d ${t}/binutils
+    cp -rf ${B}/binutils ${t}
+}
+
+#Building ptest on arm fails.
+do_install_ptest:aarch64 () {
+  :
+}
+
+do_install_ptest:arm() {
+  :
+}
+
+INITSCRIPT_PACKAGES = "${PN}"
+INITSCRIPT_NAME = "apparmor"
+INITSCRIPT_PARAMS = "start 16 2 3 4 5 . stop 35 0 1 6 ."
+
+SYSTEMD_PACKAGES = "${PN}"
+SYSTEMD_SERVICE:${PN} = "apparmor.service"
+SYSTEMD_AUTO_ENABLE ?= "enable"
+
+PACKAGES += "mod-${PN}"
+
+FILES:${PN} += "${nonarch_base_libdir}/apparmor/ ${base_libdir}/security/ ${sysconfdir}/apparmor ${nonarch_libdir}/${PYTHON_DIR}/site-packages"
+FILES:mod-${PN} = "${libdir}/apache2/modules/*"
+FILES:${PN}-dbg += "${base_libdir}/security/.debug"
+
+DEPENDS:append:libc-musl = " fts "
+RDEPENDS:${PN}:libc-musl +=  "musl-utils"
+RDEPENDS:${PN}:libc-glibc +=  "glibc-utils"
+
+# Add coreutils and findutils only if sysvinit scripts are in use
+RDEPENDS:${PN} +=  "${@["coreutils findutils", ""][(d.getVar('VIRTUAL-RUNTIME_init_manager') == 'systemd')]} ${@bb.utils.contains('PACKAGECONFIG','python','python3-core python3-modules','', d)}"
+RDEPENDS:${PN}:remove = "${@bb.utils.contains('PACKAGECONFIG','perl','','perl', d)}"
+RDEPENDS:${PN}-ptest += "perl coreutils dbus-lib bash"
+
+INSANE_SKIP:${PN} = "ldflags"
+PRIVATE_LIBS:${PN}-ptest = "libapparmor.so*"
@@ -0,0 +1,51 @@
+From 363114dcd72abf1c0dcd637c66037227b8be229b Mon Sep 17 00:00:00 2001
+From: Yi Zhao <yi.zhao@windriver.com>
+Date: Mon, 21 Jun 2021 14:18:30 +0800
+Subject: [PATCH 1/2] Makefile: fix hardcoded installation directories
+
+Update the installation directories to fix the do_install error for
+multilib and usrmerge.
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ changehat/pam_apparmor/Makefile | 2 +-
+ parser/Makefile                 | 8 ++++----
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/changehat/pam_apparmor/Makefile b/changehat/pam_apparmor/Makefile
+index f6ece2d1..0143ae9f 100644
+--- a/changehat/pam_apparmor/Makefile
+++ b/changehat/pam_apparmor/Makefile
+@@ -77,7 +77,7 @@ $(NAME).so: ${OBJECTS}
+ 
+ # need some better way of determining this
+ DESTDIR=/
+-SECDIR ?= ${DESTDIR}/lib/security
+SECDIR ?= ${DESTDIR}/${base_libdir}/security
+ 
+ .PHONY: install
+ install: $(NAME).so
+diff --git a/parser/Makefile b/parser/Makefile
+index 8250ac45..cf18bc11 100644
+--- a/parser/Makefile
+++ b/parser/Makefile
+@@ -23,10 +23,10 @@ COMMONDIR=../common/
+ include $(COMMONDIR)/Make.rules
+ 
+ DESTDIR=/
+-APPARMOR_BIN_PREFIX=${DESTDIR}/lib/apparmor
+-SBINDIR=${DESTDIR}/sbin
+-USR_SBINDIR=${DESTDIR}/usr/sbin
+-SYSTEMD_UNIT_DIR=${DESTDIR}/usr/lib/systemd/system
+APPARMOR_BIN_PREFIX=${DESTDIR}/${nonarch_base_libdir}/apparmor
+SBINDIR=${DESTDIR}/${base_sbindir}
+USR_SBINDIR=${DESTDIR}/${sbindir}
+SYSTEMD_UNIT_DIR=${DESTDIR}/${systemd_system_unitdir}
+ CONFDIR=/etc/apparmor
+ INSTALL_CONFDIR=${DESTDIR}${CONFDIR}
+ LOCALEDIR=/usr/share/locale
+-- 
+2.17.1
+
@@ -0,0 +1,28 @@
+From 9f9cfbf07214ac68a55372a3c2777192765cbeb9 Mon Sep 17 00:00:00 2001
+From: Naveen Saini <naveen.kumar.saini@intel.com>
+Date: Fri, 20 Sep 2019 18:53:53 +0800
+Subject: [PATCH] Makefile.am: suppress perllocal.pod
+
+Upstream-Status: Inappropriate [OE-Specific]
+
+Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
+---
+ libraries/libapparmor/swig/perl/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libraries/libapparmor/swig/perl/Makefile.am b/libraries/libapparmor/swig/perl/Makefile.am
+index 6ae4e30c..be00dc7f 100644
+--- a/libraries/libapparmor/swig/perl/Makefile.am
+++ b/libraries/libapparmor/swig/perl/Makefile.am
+@@ -11,7 +11,7 @@ MOSTLYCLEANFILES=libapparmor_wrap.c LibAppArmor.pm
+ LibAppArmor.pm: libapparmor_wrap.c
+ 
+ Makefile.perl: Makefile.PL LibAppArmor.pm
+-	$(PERL) $< PREFIX=$(prefix) MAKEFILE=$@
+	$(PERL) $< PREFIX=$(prefix) MAKEFILE=$@ NO_PERLLOCAL=1
+ 	sed -ie 's/LD_RUN_PATH="\x24(LD_RUN_PATH)"//g' Makefile.perl
+ 	sed -ie 's/^LD_RUN_PATH.*//g' Makefile.perl
+ 
+-- 
+2.17.1
+
@@ -0,0 +1,25 @@
+Upstream-Status: Inappropriate [configuration]
+
+As we're cross-compiling here we need to override CC/LD that MakeMaker has
+stuck in the generated Makefile with our cross tools.  In this case, linking is
+done via the compiler rather than the linker directly so pass in CC not LD
+here.
+
+Signed-off-by: Tom Rini <trini@konsulko.com>
+
+--- a/libraries/libapparmor/swig/perl/Makefile.am.orig	2017-06-13 19:04:43.296676212 -0400
+++ b/libraries/libapparmor/swig/perl/Makefile.am	2017-06-13 19:05:03.488676693 -0400
+@@ -16,11 +16,11 @@
+ 
+ LibAppArmor.so: libapparmor_wrap.c Makefile.perl
+ 	if test ! -f libapparmor_wrap.c; then cp $(srcdir)/libapparmor_wrap.c . ; fi
+-	$(MAKE) -fMakefile.perl
+	$(MAKE) -fMakefile.perl CC='$(CC)' LD='$(CC)'
+ 	if test $(top_srcdir) != $(top_builddir) ; then rm -f libapparmor_wrap.c ; fi
+ 
+ install-exec-local: Makefile.perl
+-	$(MAKE) -fMakefile.perl install_vendor
+	$(MAKE) -fMakefile.perl install_vendor CC='$(CC)' LD='$(CC)'
+ 
+ # sadly there is no make uninstall for perl
+ #uninstall-local: Makefile.perl
@@ -0,0 +1,4 @@
+#! /bin/sh
+cd testsuite
+
+make -C  tests/regression/apparmor tests