apparmor: fix build issue with ptest enabled.

minor spacing cleanup Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 2a7963df18e7f43c6209387b6e1a1e75ff74b6ca)
author: Armin Kuster <akuster808@gmail.com> 2020-10-01 21:41:09 -0700
committer: Armin Kuster <akuster808@gmail.com> 2020-10-16 07:23:21 -0700
commit: f01129b22ef61843e91524afbee3198fcd003e9b (patch)
tree: 55ca5a83b6fc4b8eee208314f71143c8da7bb412
parent: 29fd9f98b33c5c54dc5fd889785c72eba105a06c (diff)
download: meta-security-f01129b22ef61843e91524afbee3198fcd003e9b.tar.gz
2 files changed, 186 insertions, 91 deletions
diff --git a/recipes-mac/AppArmor/apparmor_2.13.4.bb b/recipes-mac/AppArmor/apparmor_2.13.4.bb
index dcdc1f7..6ba1ea8 100644
--- a/recipes-mac/AppArmor/apparmor_2.13.4.bb
+++ b/recipes-mac/AppArmor/apparmor_2.13.4.bb
@@ -14,16 +14,17 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=fd57a4b0bc782d7b80fd431f10bbf9d0"
 DEPENDS = "bison-native apr gettext-native coreutils-native"
 SRC_URI = " \
-        git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-2.13 \
+    git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-2.13 \
-        file://disable_perl_h_check.patch \
+    file://disable_perl_h_check.patch \
-        file://crosscompile_perl_bindings.patch \
+    file://crosscompile_perl_bindings.patch \
-        file://apparmor.rc \
+    file://apparmor.rc \
-        file://functions \
+    file://functions \
-        file://apparmor \
+    file://apparmor \
-        file://apparmor.service \
+    file://apparmor.service \
-        file://0001-Makefile.am-suppress-perllocal.pod.patch \
+    file://0001-Makefile.am-suppress-perllocal.pod.patch \
-        file://run-ptest \
+    file://run-ptest \
-        "
+    file://0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch \
+    "
 SRCREV = "df0ac742f7a1146181d8734d03334494f2015134"
 S = "${WORKDIR}/git"
@@ -54,76 +55,76 @@ python() {
 DISABLE_STATIC = ""
 do_configure() {
-        cd ${S}/libraries/libapparmor
+    cd ${S}/libraries/libapparmor
-        aclocal
+    aclocal
-        autoconf --force
+    autoconf --force
-        libtoolize --automake -c --force
+    libtoolize --automake -c --force
-        automake -ac
+    automake -ac
-        ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
+    ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
 }
 do_compile () {
-        # Fixes:
+    # Fixes:
-        # | sed -ie 's///g' Makefile.perl
+    # | sed -ie 's///g' Makefile.perl
-        # | sed: -e expression #1, char 0: no previous regular expression
+    # | sed: -e expression #1, char 0: no previous regular expression
-        #| Makefile:478: recipe for target 'Makefile.perl' failed
+    #| Makefile:478: recipe for target 'Makefile.perl' failed
-        sed -i "s@sed -ie 's///g' Makefile.perl@@" ${S}/libraries/libapparmor/swig/perl/Makefile
+    sed -i "s@sed -ie 's///g' Makefile.perl@@" ${S}/libraries/libapparmor/swig/perl/Makefile
-        oe_runmake -C ${B}/libraries/libapparmor
+    oe_runmake -C ${B}/libraries/libapparmor
-        oe_runmake -C ${B}/binutils
+    oe_runmake -C ${B}/binutils
-        oe_runmake -C ${B}/utils
+    oe_runmake -C ${B}/utils
-        oe_runmake -C ${B}/parser
+    oe_runmake -C ${B}/parser
-        oe_runmake -C ${B}/profiles
+    oe_runmake -C ${B}/profiles
-        if test -z "${HTTPD}" ; then
+    if test -z "${HTTPD}" ; then
-                oe_runmake -C ${B}/changehat/mod_apparmor
+        oe_runmake -C ${B}/changehat/mod_apparmor
-        fi      
+    fi
-        if test -z "${PAMLIB}" ; then
+    if test -z "${PAMLIB}" ; then
-                oe_runmake -C ${B}/changehat/pam_apparmor
+        oe_runmake -C ${B}/changehat/pam_apparmor
-        fi
+    fi
 }
 do_install () {
-        install -d ${D}/${INIT_D_DIR}
+    install -d ${D}/${INIT_D_DIR}
-        install -d ${D}/lib/apparmor
+    install -d ${D}/lib/apparmor
-        oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install
+    oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install
-        oe_runmake -C ${B}/binutils DESTDIR="${D}" install
+    oe_runmake -C ${B}/binutils DESTDIR="${D}" install
-        oe_runmake -C ${B}/utils DESTDIR="${D}" install
+    oe_runmake -C ${B}/utils DESTDIR="${D}" install
-        oe_runmake -C ${B}/parser DESTDIR="${D}" install
+    oe_runmake -C ${B}/parser DESTDIR="${D}" install
-        oe_runmake -C ${B}/profiles DESTDIR="${D}" install
+    oe_runmake -C ${B}/profiles DESTDIR="${D}" install
-        # If perl is disabled this script won't be any good
+    # If perl is disabled this script won't be any good
-        if ! ${@bb.utils.contains('PACKAGECONFIG','perl','true','false', d)}; then
+    if ! ${@bb.utils.contains('PACKAGECONFIG','perl','true','false', d)}; then
-                rm -f ${D}${sbindir}/aa-notify
+        rm -f ${D}${sbindir}/aa-notify
-        fi
+    fi
-        if ! ${@bb.utils.contains('PACKAGECONFIG','aa-decode','true','false', d)}; then
+    if ! ${@bb.utils.contains('PACKAGECONFIG','aa-decode','true','false', d)}; then
-                rm -f ${D}${sbindir}/aa-decode
+        rm -f ${D}${sbindir}/aa-decode
-        fi
+    fi
-        if test -z "${HTTPD}" ; then
+    if test -z "${HTTPD}" ; then
-                oe_runmake -C ${B}/changehat/mod_apparmor DESTDIR="${D}" install
+        oe_runmake -C ${B}/changehat/mod_apparmor DESTDIR="${D}" install
-        fi
+    fi
-        if test -z "${PAMLIB}" ; then
+    if test -z "${PAMLIB}" ; then
-                oe_runmake -C ${B}/changehat/pam_apparmor DESTDIR="${D}" install
+        oe_runmake -C ${B}/changehat/pam_apparmor DESTDIR="${D}" install
-        fi
+    fi
-        # aa-easyprof is installed by python-tools-setup.py, fix it up
+    # aa-easyprof is installed by python-tools-setup.py, fix it up
-        sed -i -e 's:/usr/bin/env.*:/usr/bin/python3:' ${D}${bindir}/aa-easyprof
+    sed -i -e 's:/usr/bin/env.*:/usr/bin/python3:' ${D}${bindir}/aa-easyprof
-        chmod 0755 ${D}${bindir}/aa-easyprof
+    chmod 0755 ${D}${bindir}/aa-easyprof
-        install ${WORKDIR}/apparmor ${D}/${INIT_D_DIR}/apparmor
+    install ${WORKDIR}/apparmor ${D}/${INIT_D_DIR}/apparmor
-        install ${WORKDIR}/functions ${D}/lib/apparmor
+    install ${WORKDIR}/functions ${D}/lib/apparmor
-        sed -i -e 's/getconf _NPROCESSORS_ONLN/nproc/' ${D}/lib/apparmor/functions
+    sed -i -e 's/getconf _NPROCESSORS_ONLN/nproc/' ${D}/lib/apparmor/functions
-        sed -i -e 's/ls -AU/ls -A/' ${D}/lib/apparmor/functions  
+    sed -i -e 's/ls -AU/ls -A/' ${D}/lib/apparmor/functions  
-        if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+    if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
-                install -d ${D}${systemd_system_unitdir}
+        install -d ${D}${systemd_system_unitdir}
-                install -m 0644 ${WORKDIR}/apparmor.service ${D}${systemd_system_unitdir}
+        install -m 0644 ${WORKDIR}/apparmor.service ${D}${systemd_system_unitdir}
-        fi
+    fi
 }
 #Building ptest on arm fails.
@@ -136,30 +137,28 @@ do_compile_ptest_arm () {
 }
 do_compile_ptest () {
-        oe_runmake -C ${B}/tests/regression/apparmor
+    sed -i -e 's/cpp \-dM/${HOST_PREFIX}gcc \-dM/' ${B}/tests/regression/apparmor/Makefile
-        oe_runmake -C ${B}/parser/tst
+    oe_runmake -C ${B}/tests/regression/apparmor
-        oe_runmake -C ${B}/libraries/libapparmor
+    oe_runmake -C ${B}/libraries/libapparmor
 }
 do_install_ptest () {
-        t=${D}/${PTEST_PATH}/testsuite
+    t=${D}/${PTEST_PATH}/testsuite
-        install -d ${t}
+    install -d ${t}
-        install -d ${t}/tests/regression/apparmor
+    install -d ${t}/tests/regression/apparmor
-        cp -rf ${B}/tests/regression/apparmor ${t}/tests/regression
+    cp -rf ${B}/tests/regression/apparmor ${t}/tests/regression
-        install -d ${t}/parser/tst
+    cp ${B}/parser/apparmor_parser ${t}/parser
-        cp -rf ${B}/parser/tst ${t}/parser
+    cp ${B}/parser/frob_slack_rc ${t}/parser
-        cp ${B}/parser/apparmor_parser ${t}/parser
-        cp ${B}/parser/frob_slack_rc ${t}/parser
-        install -d ${t}/libraries/libapparmor
+    install -d ${t}/libraries/libapparmor
-        cp -rf ${B}/libraries/libapparmor ${t}/libraries
+    cp -rf ${B}/libraries/libapparmor ${t}/libraries
-        install -d ${t}/common
+    install -d ${t}/common
-        cp -rf ${B}/common ${t}
+    cp -rf ${B}/common ${t}
-        install -d ${t}/binutils
+    install -d ${t}/binutils
-        cp -rf ${B}/binutils ${t}
+    cp -rf ${B}/binutils ${t}
 }
 #Building ptest on arm fails.
diff --git a/recipes-mac/AppArmor/files/0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch b/recipes-mac/AppArmor/files/0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch
new file mode 100644
index 0000000..3cd1e88
--- /dev/null
+++ b/recipes-mac/AppArmor/files/0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch
@@ -0,0 +1,96 @@
+From 7a7c7fb346ded6f017c8df44486778a5f032d41a Mon Sep 17 00:00:00 2001
+From: John Johansen <john.johansen@canonical.com>
+Date: Tue, 29 Sep 2020 03:05:22 -0700
+Subject: [PATCH] regression tests: Don't build syscall_sysctl if missing
+ kernel headers
+sys/sysctl.h is not guaranteed to exist anymore since
+https://sourceware.org/pipermail/glibc-cvs/2020q2/069366.html
+which is a follow on to the kernel commit
+61a47c1ad3a4 sysctl: Remove the sysctl system call
+While the syscall_sysctl currently checks if the kernel supports
+sysctrs before running the tests. The tests can't even build if the
+kernel headers don't have the sysctl defines.
+Fixes: https://gitlab.com/apparmor/apparmor/-/issues/119
+Fixes: https://bugs.launchpad.net/apparmor/+bug/1897288
+MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/637
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+Acked-by: Steve Beattie <steve.beattie@canonical.com>
+(cherry picked from commit 2e5a266eb715fc7e526520235a6450444775791f)
+Upstream-Status: Backport
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+---
+ tests/regression/apparmor/Makefile          | 10 +++++++++-
+ tests/regression/apparmor/syscall_sysctl.sh | 15 +++++++++++----
+ 2 files changed, 20 insertions(+), 5 deletions(-)
+diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile
+index 198ca421..c3d0cfb7 100644
+--- a/tests/regression/apparmor/Makefile
+++ b/tests/regression/apparmor/Makefile
+@@ -69,6 +69,9 @@ endif # USE_SYSTEM
+ 
+ CFLAGS += -g -O0 -Wall -Wstrict-prototypes
+ 
+USE_SYSCTL:=$(shell echo "#include <sys/sysctl.h>" | cpp -dM >/dev/null 2>/dev/null && echo true)
+
+
+ SRC=access.c \
+     at_secure.c \
+     introspect.c \
+@@ -130,7 +133,6 @@ SRC=access.c \
+     syscall_sethostname.c \
+     syscall_setdomainname.c \
+     syscall_setscheduler.c \
+-    syscall_sysctl.c \
+     sysctl_proc.c \
+     tcp.c \
+     transition.c \
+@@ -146,6 +148,12 @@ ifneq (,$(findstring $(shell uname -i),i386 i486 i586 i686 x86 x86_64))
+ SRC+=syscall_ioperm.c syscall_iopl.c
+ endif
+ 
+#only do sysctl syscall test if defines installed and OR supported by the
+# kernel
+ifeq ($(USE_SYSCTL),true)
+SRC+=syscall_sysctl.c
+endif
+
+ #only do dbus if proper libs are installl
+ ifneq (,$(shell pkg-config --exists dbus-1 && echo TRUE))
+ SRC+=dbus_eavesdrop.c dbus_message.c dbus_service.c dbus_unrequested_reply.c
+diff --git a/tests/regression/apparmor/syscall_sysctl.sh b/tests/regression/apparmor/syscall_sysctl.sh
+index f93946f3..5f856984 100644
+--- a/tests/regression/apparmor/syscall_sysctl.sh
+++ b/tests/regression/apparmor/syscall_sysctl.sh
+@@ -148,11 +148,18 @@ test_sysctl_proc()
+ # check if the kernel supports CONFIG_SYSCTL_SYSCALL
+ # generally we want to encourage kernels to disable it, but if it's
+ # enabled we want to test against it
+-settest syscall_sysctl
+-if ! res="$(${test} ro 2>&1)" && [ "$res" = "FAIL: sysctl read failed - Function not implemented" ] ; then
+-    echo "     WARNING: syscall sysctl not implemented, skipping tests ..."
+# In addition test that sysctl exists in the kernel headers, if it does't
+# then we can't even built the syscall_sysctl test
+if  echo "#include <sys/sysctl.h>" | cpp -dM >/dev/null 2>/dev/null ; then
+    settest syscall_sysctl
+
+    if ! res="$(${test} ro 2>&1)" && [ "$res" = "FAIL: sysctl read failed - Function not implemented" ] ; then
+       echo "  WARNING: syscall sysctl not implemented, skipping tests ..."
+    else
+       test_syscall_sysctl
+    fi
+ else
+-    test_syscall_sysctl
+    echo "     WARNING: syscall sysctl not supported by kernel headers, skipping tests ..."
+ fi
+ 
+ # now test /proc/sys/ paths
+-- 
+2.17.1
author	Armin Kuster <akuster808@gmail.com>	2020-10-01 21:41:09 -0700
committer	Armin Kuster <akuster808@gmail.com>	2020-10-16 07:23:21 -0700
commit	f01129b22ef61843e91524afbee3198fcd003e9b (patch)
tree	55ca5a83b6fc4b8eee208314f71143c8da7bb412
parent	29fd9f98b33c5c54dc5fd889785c72eba105a06c (diff)
download	meta-security-f01129b22ef61843e91524afbee3198fcd003e9b.tar.gz

diff --git a/recipes-mac/AppArmor/apparmor_2.13.4.bb b/recipes-mac/AppArmor/apparmor_2.13.4.bb index dcdc1f7..6ba1ea8 100644 --- a/recipes-mac/AppArmor/apparmor_2.13.4.bb +++ b/recipes-mac/AppArmor/apparmor_2.13.4.bb
@@ -14,16 +14,17 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=fd57a4b0bc782d7b80fd431f10bbf9d0"
14	DEPENDS = "bison-native apr gettext-native coreutils-native"	14	DEPENDS = "bison-native apr gettext-native coreutils-native"
15		15
16	SRC_URI = " \	16	SRC_URI = " \
17	git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-2.13 \	17	git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-2.13 \
18	file://disable_perl_h_check.patch \	18	file://disable_perl_h_check.patch \
19	file://crosscompile_perl_bindings.patch \	19	file://crosscompile_perl_bindings.patch \
20	file://apparmor.rc \	20	file://apparmor.rc \
21	file://functions \	21	file://functions \
22	file://apparmor \	22	file://apparmor \
23	file://apparmor.service \	23	file://apparmor.service \
24	file://0001-Makefile.am-suppress-perllocal.pod.patch \	24	file://0001-Makefile.am-suppress-perllocal.pod.patch \
25	file://run-ptest \	25	file://run-ptest \
26	"	26	file://0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch \
		27	"
27		28
28	SRCREV = "df0ac742f7a1146181d8734d03334494f2015134"	29	SRCREV = "df0ac742f7a1146181d8734d03334494f2015134"
29	S = "${WORKDIR}/git"	30	S = "${WORKDIR}/git"
@@ -54,76 +55,76 @@ python() {
54	DISABLE_STATIC = ""	55	DISABLE_STATIC = ""
55		56
56	do_configure() {	57	do_configure() {
57	cd ${S}/libraries/libapparmor	58	cd ${S}/libraries/libapparmor
58	aclocal	59	aclocal
59	autoconf --force	60	autoconf --force
60	libtoolize --automake -c --force	61	libtoolize --automake -c --force
61	automake -ac	62	automake -ac
62	./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}	63	./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
63	}	64	}
64		65
65	do_compile () {	66	do_compile () {
66	# Fixes:	67	# Fixes:
67	# \| sed -ie 's///g' Makefile.perl	68	# \| sed -ie 's///g' Makefile.perl
68	# \| sed: -e expression #1, char 0: no previous regular expression	69	# \| sed: -e expression #1, char 0: no previous regular expression
69	#\| Makefile:478: recipe for target 'Makefile.perl' failed	70	#\| Makefile:478: recipe for target 'Makefile.perl' failed
70	sed -i "s@sed -ie 's///g' Makefile.perl@@" ${S}/libraries/libapparmor/swig/perl/Makefile	71	sed -i "s@sed -ie 's///g' Makefile.perl@@" ${S}/libraries/libapparmor/swig/perl/Makefile
71		72
72		73
73	oe_runmake -C ${B}/libraries/libapparmor	74	oe_runmake -C ${B}/libraries/libapparmor
74	oe_runmake -C ${B}/binutils	75	oe_runmake -C ${B}/binutils
75	oe_runmake -C ${B}/utils	76	oe_runmake -C ${B}/utils
76	oe_runmake -C ${B}/parser	77	oe_runmake -C ${B}/parser
77	oe_runmake -C ${B}/profiles	78	oe_runmake -C ${B}/profiles
78		79
79	if test -z "${HTTPD}" ; then	80	if test -z "${HTTPD}" ; then
80	oe_runmake -C ${B}/changehat/mod_apparmor	81	oe_runmake -C ${B}/changehat/mod_apparmor
81	fi	82	fi
82		83
83	if test -z "${PAMLIB}" ; then	84	if test -z "${PAMLIB}" ; then
84	oe_runmake -C ${B}/changehat/pam_apparmor	85	oe_runmake -C ${B}/changehat/pam_apparmor
85	fi	86	fi
86	}	87	}
87		88
88	do_install () {	89	do_install () {
89	install -d ${D}/${INIT_D_DIR}	90	install -d ${D}/${INIT_D_DIR}
90	install -d ${D}/lib/apparmor	91	install -d ${D}/lib/apparmor
91	oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install	92	oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install
92	oe_runmake -C ${B}/binutils DESTDIR="${D}" install	93	oe_runmake -C ${B}/binutils DESTDIR="${D}" install
93	oe_runmake -C ${B}/utils DESTDIR="${D}" install	94	oe_runmake -C ${B}/utils DESTDIR="${D}" install
94	oe_runmake -C ${B}/parser DESTDIR="${D}" install	95	oe_runmake -C ${B}/parser DESTDIR="${D}" install
95	oe_runmake -C ${B}/profiles DESTDIR="${D}" install	96	oe_runmake -C ${B}/profiles DESTDIR="${D}" install
96		97
97	# If perl is disabled this script won't be any good	98	# If perl is disabled this script won't be any good
98	if ! ${@bb.utils.contains('PACKAGECONFIG','perl','true','false', d)}; then	99	if ! ${@bb.utils.contains('PACKAGECONFIG','perl','true','false', d)}; then
99	rm -f ${D}${sbindir}/aa-notify	100	rm -f ${D}${sbindir}/aa-notify
100	fi	101	fi
101		102
102	if ! ${@bb.utils.contains('PACKAGECONFIG','aa-decode','true','false', d)}; then	103	if ! ${@bb.utils.contains('PACKAGECONFIG','aa-decode','true','false', d)}; then
103	rm -f ${D}${sbindir}/aa-decode	104	rm -f ${D}${sbindir}/aa-decode
104	fi	105	fi
105		106
106	if test -z "${HTTPD}" ; then	107	if test -z "${HTTPD}" ; then
107	oe_runmake -C ${B}/changehat/mod_apparmor DESTDIR="${D}" install	108	oe_runmake -C ${B}/changehat/mod_apparmor DESTDIR="${D}" install
108	fi	109	fi
109		110
110	if test -z "${PAMLIB}" ; then	111	if test -z "${PAMLIB}" ; then
111	oe_runmake -C ${B}/changehat/pam_apparmor DESTDIR="${D}" install	112	oe_runmake -C ${B}/changehat/pam_apparmor DESTDIR="${D}" install
112	fi	113	fi
113		114
114	# aa-easyprof is installed by python-tools-setup.py, fix it up	115	# aa-easyprof is installed by python-tools-setup.py, fix it up
115	sed -i -e 's:/usr/bin/env.*:/usr/bin/python3:' ${D}${bindir}/aa-easyprof	116	sed -i -e 's:/usr/bin/env.*:/usr/bin/python3:' ${D}${bindir}/aa-easyprof
116	chmod 0755 ${D}${bindir}/aa-easyprof	117	chmod 0755 ${D}${bindir}/aa-easyprof
117		118
118	install ${WORKDIR}/apparmor ${D}/${INIT_D_DIR}/apparmor	119	install ${WORKDIR}/apparmor ${D}/${INIT_D_DIR}/apparmor
119	install ${WORKDIR}/functions ${D}/lib/apparmor	120	install ${WORKDIR}/functions ${D}/lib/apparmor
120	sed -i -e 's/getconf _NPROCESSORS_ONLN/nproc/' ${D}/lib/apparmor/functions	121	sed -i -e 's/getconf _NPROCESSORS_ONLN/nproc/' ${D}/lib/apparmor/functions
121	sed -i -e 's/ls -AU/ls -A/' ${D}/lib/apparmor/functions	122	sed -i -e 's/ls -AU/ls -A/' ${D}/lib/apparmor/functions
122		123
123	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then	124	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
124	install -d ${D}${systemd_system_unitdir}	125	install -d ${D}${systemd_system_unitdir}
125	install -m 0644 ${WORKDIR}/apparmor.service ${D}${systemd_system_unitdir}	126	install -m 0644 ${WORKDIR}/apparmor.service ${D}${systemd_system_unitdir}
126	fi	127	fi
127	}	128	}
128		129
129	#Building ptest on arm fails.	130	#Building ptest on arm fails.
@@ -136,30 +137,28 @@ do_compile_ptest_arm () {
136	}	137	}
137		138
138	do_compile_ptest () {	139	do_compile_ptest () {
139	oe_runmake -C ${B}/tests/regression/apparmor	140	sed -i -e 's/cpp \-dM/${HOST_PREFIX}gcc \-dM/' ${B}/tests/regression/apparmor/Makefile
140	oe_runmake -C ${B}/parser/tst	141	oe_runmake -C ${B}/tests/regression/apparmor
141	oe_runmake -C ${B}/libraries/libapparmor	142	oe_runmake -C ${B}/libraries/libapparmor
142	}	143	}
143		144
144	do_install_ptest () {	145	do_install_ptest () {
145	t=${D}/${PTEST_PATH}/testsuite	146	t=${D}/${PTEST_PATH}/testsuite
146	install -d ${t}	147	install -d ${t}
147	install -d ${t}/tests/regression/apparmor	148	install -d ${t}/tests/regression/apparmor
148	cp -rf ${B}/tests/regression/apparmor ${t}/tests/regression	149	cp -rf ${B}/tests/regression/apparmor ${t}/tests/regression
149		150
150	install -d ${t}/parser/tst	151	cp ${B}/parser/apparmor_parser ${t}/parser
151	cp -rf ${B}/parser/tst ${t}/parser	152	cp ${B}/parser/frob_slack_rc ${t}/parser
152	cp ${B}/parser/apparmor_parser ${t}/parser
153	cp ${B}/parser/frob_slack_rc ${t}/parser
154		153
155	install -d ${t}/libraries/libapparmor	154	install -d ${t}/libraries/libapparmor
156	cp -rf ${B}/libraries/libapparmor ${t}/libraries	155	cp -rf ${B}/libraries/libapparmor ${t}/libraries
157		156
158	install -d ${t}/common	157	install -d ${t}/common
159	cp -rf ${B}/common ${t}	158	cp -rf ${B}/common ${t}
160		159
161	install -d ${t}/binutils	160	install -d ${t}/binutils
162	cp -rf ${B}/binutils ${t}	161	cp -rf ${B}/binutils ${t}
163	}	162	}
164		163
165	#Building ptest on arm fails.	164	#Building ptest on arm fails.


diff --git a/recipes-mac/AppArmor/files/0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch b/recipes-mac/AppArmor/files/0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch new file mode 100644 index 0000000..3cd1e88 --- /dev/null +++ b/recipes-mac/AppArmor/files/0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch
@@ -0,0 +1,96 @@
		1	From 7a7c7fb346ded6f017c8df44486778a5f032d41a Mon Sep 17 00:00:00 2001
		2	From: John Johansen <john.johansen@canonical.com>
		3	Date: Tue, 29 Sep 2020 03:05:22 -0700
		4	Subject: [PATCH] regression tests: Don't build syscall_sysctl if missing
		5	kernel headers
		6
		7	sys/sysctl.h is not guaranteed to exist anymore since
		8	https://sourceware.org/pipermail/glibc-cvs/2020q2/069366.html
		9
		10	which is a follow on to the kernel commit
		11	61a47c1ad3a4 sysctl: Remove the sysctl system call
		12
		13	While the syscall_sysctl currently checks if the kernel supports
		14	sysctrs before running the tests. The tests can't even build if the
		15	kernel headers don't have the sysctl defines.
		16
		17	Fixes: https://gitlab.com/apparmor/apparmor/-/issues/119
		18	Fixes: https://bugs.launchpad.net/apparmor/+bug/1897288
		19	MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/637
		20	Signed-off-by: John Johansen <john.johansen@canonical.com>
		21	Acked-by: Steve Beattie <steve.beattie@canonical.com>
		22	(cherry picked from commit 2e5a266eb715fc7e526520235a6450444775791f)
		23
		24	Upstream-Status: Backport
		25	Signed-off-by: Armin Kuster <akuster808@gmail.com>
		26
		27	---
		28	tests/regression/apparmor/Makefile \| 10 +++++++++-
		29	tests/regression/apparmor/syscall_sysctl.sh \| 15 +++++++++++----
		30	2 files changed, 20 insertions(+), 5 deletions(-)
		31
		32	diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile
		33	index 198ca421..c3d0cfb7 100644
		34	--- a/tests/regression/apparmor/Makefile
		35	+++ b/tests/regression/apparmor/Makefile
		36	@@ -69,6 +69,9 @@ endif # USE_SYSTEM
		37
		38	CFLAGS += -g -O0 -Wall -Wstrict-prototypes
		39
		40	+USE_SYSCTL:=$(shell echo "#include <sys/sysctl.h>" \| cpp -dM >/dev/null 2>/dev/null && echo true)
		41	+
		42	+
		43	SRC=access.c \
		44	at_secure.c \
		45	introspect.c \
		46	@@ -130,7 +133,6 @@ SRC=access.c \
		47	syscall_sethostname.c \
		48	syscall_setdomainname.c \
		49	syscall_setscheduler.c \
		50	- syscall_sysctl.c \
		51	sysctl_proc.c \
		52	tcp.c \
		53	transition.c \
		54	@@ -146,6 +148,12 @@ ifneq (,$(findstring $(shell uname -i),i386 i486 i586 i686 x86 x86_64))
		55	SRC+=syscall_ioperm.c syscall_iopl.c
		56	endif
		57
		58	+#only do sysctl syscall test if defines installed and OR supported by the
		59	+# kernel
		60	+ifeq ($(USE_SYSCTL),true)
		61	+SRC+=syscall_sysctl.c
		62	+endif
		63	+
		64	#only do dbus if proper libs are installl
		65	ifneq (,$(shell pkg-config --exists dbus-1 && echo TRUE))
		66	SRC+=dbus_eavesdrop.c dbus_message.c dbus_service.c dbus_unrequested_reply.c
		67	diff --git a/tests/regression/apparmor/syscall_sysctl.sh b/tests/regression/apparmor/syscall_sysctl.sh
		68	index f93946f3..5f856984 100644
		69	--- a/tests/regression/apparmor/syscall_sysctl.sh
		70	+++ b/tests/regression/apparmor/syscall_sysctl.sh
		71	@@ -148,11 +148,18 @@ test_sysctl_proc()
		72	# check if the kernel supports CONFIG_SYSCTL_SYSCALL
		73	# generally we want to encourage kernels to disable it, but if it's
		74	# enabled we want to test against it
		75	-settest syscall_sysctl
		76	-if ! res="$(${test} ro 2>&1)" && [ "$res" = "FAIL: sysctl read failed - Function not implemented" ] ; then
		77	- echo " WARNING: syscall sysctl not implemented, skipping tests ..."
		78	+# In addition test that sysctl exists in the kernel headers, if it does't
		79	+# then we can't even built the syscall_sysctl test
		80	+if echo "#include <sys/sysctl.h>" \| cpp -dM >/dev/null 2>/dev/null ; then
		81	+ settest syscall_sysctl
		82	+
		83	+ if ! res="$(${test} ro 2>&1)" && [ "$res" = "FAIL: sysctl read failed - Function not implemented" ] ; then
		84	+ echo " WARNING: syscall sysctl not implemented, skipping tests ..."
		85	+ else
		86	+ test_syscall_sysctl
		87	+ fi
		88	else
		89	- test_syscall_sysctl
		90	+ echo " WARNING: syscall sysctl not supported by kernel headers, skipping tests ..."
		91	fi
		92
		93	# now test /proc/sys/ paths
		94	--
		95	2.17.1
		96