diff options
| author | Tom Rini <trini@konsulko.com> | 2017-06-13 22:18:45 -0400 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2017-07-31 08:14:38 -0700 |
| commit | ac8db19e5027320a1ba1b99e41424bcbe566e40b (patch) | |
| tree | 5d67658fe759864335befd10a61556c73d57ce1c /recipes-security | |
| parent | 89683b4fee4616a08d249bc7afd7be55f3fa71a3 (diff) | |
| download | meta-security-ac8db19e5027320a1ba1b99e41424bcbe566e40b.tar.gz | |
apparmor: Rework such that the utilities are functional by default
This introduces a number of changes:
- Fix the python PACKAGECONFIG knob
- The included python support is python3-based, so use those classes.
- When set, make sure to RDEPEND on the python modules the tools use.
- Fix the perl PACKAGECONFIG knob
- Add two patches so that configure will find perl and then compile
will cross-compile the library correctly.
- So that we place perl modules in the correct location we need cpan
to be inherited.
- When disabled, remove the RDEPENDS on perl as the RDEPENDS comes in
via inherit.
- Default to enabling the python and perl PACKAGECONFIG knobs as the
majority of the userspace tools are python3 based, and the few that
aren't that nor C based are perl based.
- Because of the above we must drop the -python package because it's
required for the utilities in the main package.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'recipes-security')
3 files changed, 54 insertions, 7 deletions
diff --git a/recipes-security/AppArmor/apparmor_2.11.0.bb b/recipes-security/AppArmor/apparmor_2.11.0.bb index 591a673..647ab12 100644 --- a/recipes-security/AppArmor/apparmor_2.11.0.bb +++ b/recipes-security/AppArmor/apparmor_2.11.0.bb | |||
| @@ -15,6 +15,8 @@ DEPENDS = "bison-native apr apache2 gettext-native coreutils-native" | |||
| 15 | 15 | ||
| 16 | SRC_URI = " \ | 16 | SRC_URI = " \ |
| 17 | http://archive.ubuntu.com/ubuntu/pool/main/a/${BPN}/${BPN}_${PV}.orig.tar.gz \ | 17 | http://archive.ubuntu.com/ubuntu/pool/main/a/${BPN}/${BPN}_${PV}.orig.tar.gz \ |
| 18 | file://disable_perl_h_check.patch \ | ||
| 19 | file://crosscompile_perl_bindings.patch \ | ||
| 18 | file://apparmor.rc \ | 20 | file://apparmor.rc \ |
| 19 | file://functions \ | 21 | file://functions \ |
| 20 | file://apparmor \ | 22 | file://apparmor \ |
| @@ -27,15 +29,15 @@ SRC_URI[sha256sum] = "b1c489ea11e7771b8e6b181532cafbf9ebe6603e3cb00e2558f21b7a5b | |||
| 27 | 29 | ||
| 28 | PARALLEL_MAKE = "" | 30 | PARALLEL_MAKE = "" |
| 29 | 31 | ||
| 30 | inherit pkgconfig autotools-brokensep update-rc.d python-dir perlnative ptest | 32 | inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative ptest cpan |
| 31 | inherit ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)} | 33 | inherit ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)} |
| 32 | 34 | ||
| 33 | S = "${WORKDIR}/apparmor-${PV}" | 35 | S = "${WORKDIR}/apparmor-${PV}" |
| 34 | 36 | ||
| 35 | PACKAGECONFIG ?="man" | 37 | PACKAGECONFIG ?="man python perl" |
| 36 | PACKAGECONFIG[man] = "--enable-man-pages, --disable-man-pages" | 38 | PACKAGECONFIG[man] = "--enable-man-pages, --disable-man-pages" |
| 37 | PACKAGECONFIG[python] = "--with-python, --without-python, python swig-native" | 39 | PACKAGECONFIG[python] = "--with-python, --without-python, python3 swig-native" |
| 38 | PACKAGECONFIG[perl] = "--with-perl, --without-perl, perl perl-native" | 40 | PACKAGECONFIG[perl] = "--with-perl, --without-perl, perl perl-native swig-native" |
| 39 | 41 | ||
| 40 | PAMLIB="${@bb.utils.contains('DISTRO_FEATURES', 'pam', '1', '0', d)}" | 42 | PAMLIB="${@bb.utils.contains('DISTRO_FEATURES', 'pam', '1', '0', d)}" |
| 41 | 43 | ||
| @@ -116,11 +118,12 @@ SYSTEMD_PACKAGES = "${PN}" | |||
| 116 | SYSTEMD_SERVICE_${PN} = "apparmor.service" | 118 | SYSTEMD_SERVICE_${PN} = "apparmor.service" |
| 117 | SYSTEMD_AUTO_ENABLE = "disable" | 119 | SYSTEMD_AUTO_ENABLE = "disable" |
| 118 | 120 | ||
| 119 | PACKAGES += "python-${PN} mod-${PN}" | 121 | PACKAGES += "mod-${PN}" |
| 120 | 122 | ||
| 121 | FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor" | 123 | FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor ${PYTHON_SITEPACKAGES_DIR}" |
| 122 | FILES_mod-${PN} = "${libdir}/apache2/modules/*" | 124 | FILES_mod-${PN} = "${libdir}/apache2/modules/*" |
| 123 | FILES_python-${PN} = "${PYTHON_SITEPACKAGES_DIR}" | ||
| 124 | 125 | ||
| 125 | RDEPENDS_${PN} += "bash lsb" | 126 | RDEPENDS_${PN} += "bash lsb" |
| 127 | RDEPENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','python','python3 python3-argparse python3-json','', d)}" | ||
| 128 | RDEPENDS_${PN}_remove += "${@bb.utils.contains('PACKAGECONFIG','perl','','perl', d)}" | ||
| 126 | RDEPENDS_${PN}-ptest += "coreutils dbus-lib" | 129 | RDEPENDS_${PN}-ptest += "coreutils dbus-lib" |
diff --git a/recipes-security/AppArmor/files/crosscompile_perl_bindings.patch b/recipes-security/AppArmor/files/crosscompile_perl_bindings.patch new file mode 100644 index 0000000..ef55de7 --- /dev/null +++ b/recipes-security/AppArmor/files/crosscompile_perl_bindings.patch | |||
| @@ -0,0 +1,25 @@ | |||
| 1 | Upstream-Status: Inappropriate [configuration] | ||
| 2 | |||
| 3 | As we're cross-compiling here we need to override CC/LD that MakeMaker has | ||
| 4 | stuck in the generated Makefile with our cross tools. In this case, linking is | ||
| 5 | done via the compiler rather than the linker directly so pass in CC not LD | ||
| 6 | here. | ||
| 7 | |||
| 8 | Signed-Off-By: Tom Rini <trini@konsulko.com> | ||
| 9 | |||
| 10 | --- a/libraries/libapparmor/swig/perl/Makefile.am.orig 2017-06-13 19:04:43.296676212 -0400 | ||
| 11 | +++ b/libraries/libapparmor/swig/perl/Makefile.am 2017-06-13 19:05:03.488676693 -0400 | ||
| 12 | @@ -16,11 +16,11 @@ | ||
| 13 | |||
| 14 | LibAppArmor.so: libapparmor_wrap.c Makefile.perl | ||
| 15 | if test ! -f libapparmor_wrap.c; then cp $(srcdir)/libapparmor_wrap.c . ; fi | ||
| 16 | - $(MAKE) -fMakefile.perl | ||
| 17 | + $(MAKE) -fMakefile.perl CC='$(CC)' LD='$(CC)' | ||
| 18 | if test $(top_srcdir) != $(top_builddir) ; then rm -f libapparmor_wrap.c ; fi | ||
| 19 | |||
| 20 | install-exec-local: Makefile.perl | ||
| 21 | - $(MAKE) -fMakefile.perl install_vendor | ||
| 22 | + $(MAKE) -fMakefile.perl install_vendor CC='$(CC)' LD='$(CC)' | ||
| 23 | |||
| 24 | # sadly there is no make uninstall for perl | ||
| 25 | #uninstall-local: Makefile.perl | ||
diff --git a/recipes-security/AppArmor/files/disable_perl_h_check.patch b/recipes-security/AppArmor/files/disable_perl_h_check.patch new file mode 100644 index 0000000..cf2640f --- /dev/null +++ b/recipes-security/AppArmor/files/disable_perl_h_check.patch | |||
| @@ -0,0 +1,19 @@ | |||
| 1 | Upstream-Status: Inappropriate [configuration] | ||
| 2 | |||
| 3 | Remove file check for $perl_includedir/perl.h. AC_CHECK_FILE will fail on | ||
| 4 | cross compilation. Rather than try and get a compile check to work here, | ||
| 5 | we know that we have what's required via our metadata so remove only this | ||
| 6 | check. | ||
| 7 | |||
| 8 | Signed-Off-By: Tom Rini <trini@konsulko.com> | ||
| 9 | |||
| 10 | --- a/libraries/libapparmor/configure.ac.orig 2017-06-13 16:41:38.668471495 -0400 | ||
| 11 | +++ b/libraries/libapparmor/configure.ac 2017-06-13 16:41:40.708471543 -0400 | ||
| 12 | @@ -58,7 +58,6 @@ | ||
| 13 | AC_PATH_PROG(PERL, perl) | ||
| 14 | test -z "$PERL" && AC_MSG_ERROR([perl is required when enabling perl bindings]) | ||
| 15 | perl_includedir="`$PERL -e 'use Config; print $Config{archlib}'`/CORE" | ||
| 16 | - AC_CHECK_FILE($perl_includedir/perl.h, enable_perl=yes, enable_perl=no) | ||
| 17 | fi | ||
| 18 | |||
| 19 | |||