diff options
author | Tom Rini <trini@konsulko.com> | 2017-06-13 22:18:45 -0400 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2017-07-31 08:14:38 -0700 |
commit | ac8db19e5027320a1ba1b99e41424bcbe566e40b (patch) | |
tree | 5d67658fe759864335befd10a61556c73d57ce1c /recipes-security/AppArmor | |
parent | 89683b4fee4616a08d249bc7afd7be55f3fa71a3 (diff) | |
download | meta-security-ac8db19e5027320a1ba1b99e41424bcbe566e40b.tar.gz |
apparmor: Rework such that the utilities are functional by default
This introduces a number of changes:
- Fix the python PACKAGECONFIG knob
- The included python support is python3-based, so use those classes.
- When set, make sure to RDEPEND on the python modules the tools use.
- Fix the perl PACKAGECONFIG knob
- Add two patches so that configure will find perl and then compile
will cross-compile the library correctly.
- So that we place perl modules in the correct location we need cpan
to be inherited.
- When disabled, remove the RDEPENDS on perl as the RDEPENDS comes in
via inherit.
- Default to enabling the python and perl PACKAGECONFIG knobs as the
majority of the userspace tools are python3 based, and the few that
aren't that nor C based are perl based.
- Because of the above we must drop the -python package because it's
required for the utilities in the main package.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'recipes-security/AppArmor')
3 files changed, 54 insertions, 7 deletions
diff --git a/recipes-security/AppArmor/apparmor_2.11.0.bb b/recipes-security/AppArmor/apparmor_2.11.0.bb index 591a673..647ab12 100644 --- a/recipes-security/AppArmor/apparmor_2.11.0.bb +++ b/recipes-security/AppArmor/apparmor_2.11.0.bb | |||
@@ -15,6 +15,8 @@ DEPENDS = "bison-native apr apache2 gettext-native coreutils-native" | |||
15 | 15 | ||
16 | SRC_URI = " \ | 16 | SRC_URI = " \ |
17 | http://archive.ubuntu.com/ubuntu/pool/main/a/${BPN}/${BPN}_${PV}.orig.tar.gz \ | 17 | http://archive.ubuntu.com/ubuntu/pool/main/a/${BPN}/${BPN}_${PV}.orig.tar.gz \ |
18 | file://disable_perl_h_check.patch \ | ||
19 | file://crosscompile_perl_bindings.patch \ | ||
18 | file://apparmor.rc \ | 20 | file://apparmor.rc \ |
19 | file://functions \ | 21 | file://functions \ |
20 | file://apparmor \ | 22 | file://apparmor \ |
@@ -27,15 +29,15 @@ SRC_URI[sha256sum] = "b1c489ea11e7771b8e6b181532cafbf9ebe6603e3cb00e2558f21b7a5b | |||
27 | 29 | ||
28 | PARALLEL_MAKE = "" | 30 | PARALLEL_MAKE = "" |
29 | 31 | ||
30 | inherit pkgconfig autotools-brokensep update-rc.d python-dir perlnative ptest | 32 | inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative ptest cpan |
31 | inherit ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)} | 33 | inherit ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)} |
32 | 34 | ||
33 | S = "${WORKDIR}/apparmor-${PV}" | 35 | S = "${WORKDIR}/apparmor-${PV}" |
34 | 36 | ||
35 | PACKAGECONFIG ?="man" | 37 | PACKAGECONFIG ?="man python perl" |
36 | PACKAGECONFIG[man] = "--enable-man-pages, --disable-man-pages" | 38 | PACKAGECONFIG[man] = "--enable-man-pages, --disable-man-pages" |
37 | PACKAGECONFIG[python] = "--with-python, --without-python, python swig-native" | 39 | PACKAGECONFIG[python] = "--with-python, --without-python, python3 swig-native" |
38 | PACKAGECONFIG[perl] = "--with-perl, --without-perl, perl perl-native" | 40 | PACKAGECONFIG[perl] = "--with-perl, --without-perl, perl perl-native swig-native" |
39 | 41 | ||
40 | PAMLIB="${@bb.utils.contains('DISTRO_FEATURES', 'pam', '1', '0', d)}" | 42 | PAMLIB="${@bb.utils.contains('DISTRO_FEATURES', 'pam', '1', '0', d)}" |
41 | 43 | ||
@@ -116,11 +118,12 @@ SYSTEMD_PACKAGES = "${PN}" | |||
116 | SYSTEMD_SERVICE_${PN} = "apparmor.service" | 118 | SYSTEMD_SERVICE_${PN} = "apparmor.service" |
117 | SYSTEMD_AUTO_ENABLE = "disable" | 119 | SYSTEMD_AUTO_ENABLE = "disable" |
118 | 120 | ||
119 | PACKAGES += "python-${PN} mod-${PN}" | 121 | PACKAGES += "mod-${PN}" |
120 | 122 | ||
121 | FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor" | 123 | FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor ${PYTHON_SITEPACKAGES_DIR}" |
122 | FILES_mod-${PN} = "${libdir}/apache2/modules/*" | 124 | FILES_mod-${PN} = "${libdir}/apache2/modules/*" |
123 | FILES_python-${PN} = "${PYTHON_SITEPACKAGES_DIR}" | ||
124 | 125 | ||
125 | RDEPENDS_${PN} += "bash lsb" | 126 | RDEPENDS_${PN} += "bash lsb" |
127 | RDEPENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','python','python3 python3-argparse python3-json','', d)}" | ||
128 | RDEPENDS_${PN}_remove += "${@bb.utils.contains('PACKAGECONFIG','perl','','perl', d)}" | ||
126 | RDEPENDS_${PN}-ptest += "coreutils dbus-lib" | 129 | RDEPENDS_${PN}-ptest += "coreutils dbus-lib" |
diff --git a/recipes-security/AppArmor/files/crosscompile_perl_bindings.patch b/recipes-security/AppArmor/files/crosscompile_perl_bindings.patch new file mode 100644 index 0000000..ef55de7 --- /dev/null +++ b/recipes-security/AppArmor/files/crosscompile_perl_bindings.patch | |||
@@ -0,0 +1,25 @@ | |||
1 | Upstream-Status: Inappropriate [configuration] | ||
2 | |||
3 | As we're cross-compiling here we need to override CC/LD that MakeMaker has | ||
4 | stuck in the generated Makefile with our cross tools. In this case, linking is | ||
5 | done via the compiler rather than the linker directly so pass in CC not LD | ||
6 | here. | ||
7 | |||
8 | Signed-Off-By: Tom Rini <trini@konsulko.com> | ||
9 | |||
10 | --- a/libraries/libapparmor/swig/perl/Makefile.am.orig 2017-06-13 19:04:43.296676212 -0400 | ||
11 | +++ b/libraries/libapparmor/swig/perl/Makefile.am 2017-06-13 19:05:03.488676693 -0400 | ||
12 | @@ -16,11 +16,11 @@ | ||
13 | |||
14 | LibAppArmor.so: libapparmor_wrap.c Makefile.perl | ||
15 | if test ! -f libapparmor_wrap.c; then cp $(srcdir)/libapparmor_wrap.c . ; fi | ||
16 | - $(MAKE) -fMakefile.perl | ||
17 | + $(MAKE) -fMakefile.perl CC='$(CC)' LD='$(CC)' | ||
18 | if test $(top_srcdir) != $(top_builddir) ; then rm -f libapparmor_wrap.c ; fi | ||
19 | |||
20 | install-exec-local: Makefile.perl | ||
21 | - $(MAKE) -fMakefile.perl install_vendor | ||
22 | + $(MAKE) -fMakefile.perl install_vendor CC='$(CC)' LD='$(CC)' | ||
23 | |||
24 | # sadly there is no make uninstall for perl | ||
25 | #uninstall-local: Makefile.perl | ||
diff --git a/recipes-security/AppArmor/files/disable_perl_h_check.patch b/recipes-security/AppArmor/files/disable_perl_h_check.patch new file mode 100644 index 0000000..cf2640f --- /dev/null +++ b/recipes-security/AppArmor/files/disable_perl_h_check.patch | |||
@@ -0,0 +1,19 @@ | |||
1 | Upstream-Status: Inappropriate [configuration] | ||
2 | |||
3 | Remove file check for $perl_includedir/perl.h. AC_CHECK_FILE will fail on | ||
4 | cross compilation. Rather than try and get a compile check to work here, | ||
5 | we know that we have what's required via our metadata so remove only this | ||
6 | check. | ||
7 | |||
8 | Signed-Off-By: Tom Rini <trini@konsulko.com> | ||
9 | |||
10 | --- a/libraries/libapparmor/configure.ac.orig 2017-06-13 16:41:38.668471495 -0400 | ||
11 | +++ b/libraries/libapparmor/configure.ac 2017-06-13 16:41:40.708471543 -0400 | ||
12 | @@ -58,7 +58,6 @@ | ||
13 | AC_PATH_PROG(PERL, perl) | ||
14 | test -z "$PERL" && AC_MSG_ERROR([perl is required when enabling perl bindings]) | ||
15 | perl_includedir="`$PERL -e 'use Config; print $Config{archlib}'`/CORE" | ||
16 | - AC_CHECK_FILE($perl_includedir/perl.h, enable_perl=yes, enable_perl=no) | ||
17 | fi | ||
18 | |||
19 | |||