From ac8db19e5027320a1ba1b99e41424bcbe566e40b Mon Sep 17 00:00:00 2001 From: Tom Rini Date: Tue, 13 Jun 2017 22:18:45 -0400 Subject: apparmor: Rework such that the utilities are functional by default This introduces a number of changes: - Fix the python PACKAGECONFIG knob - The included python support is python3-based, so use those classes. - When set, make sure to RDEPEND on the python modules the tools use. - Fix the perl PACKAGECONFIG knob - Add two patches so that configure will find perl and then compile will cross-compile the library correctly. - So that we place perl modules in the correct location we need cpan to be inherited. - When disabled, remove the RDEPENDS on perl as the RDEPENDS comes in via inherit. - Default to enabling the python and perl PACKAGECONFIG knobs as the majority of the userspace tools are python3 based, and the few that aren't that nor C based are perl based. - Because of the above we must drop the -python package because it's required for the utilities in the main package. Signed-off-by: Tom Rini Signed-off-by: Armin Kuster --- recipes-security/AppArmor/apparmor_2.11.0.bb | 17 +++++++++------ .../files/crosscompile_perl_bindings.patch | 25 ++++++++++++++++++++++ .../AppArmor/files/disable_perl_h_check.patch | 19 ++++++++++++++++ 3 files changed, 54 insertions(+), 7 deletions(-) create mode 100644 recipes-security/AppArmor/files/crosscompile_perl_bindings.patch create mode 100644 recipes-security/AppArmor/files/disable_perl_h_check.patch (limited to 'recipes-security') diff --git a/recipes-security/AppArmor/apparmor_2.11.0.bb b/recipes-security/AppArmor/apparmor_2.11.0.bb index 591a673..647ab12 100644 --- a/recipes-security/AppArmor/apparmor_2.11.0.bb +++ b/recipes-security/AppArmor/apparmor_2.11.0.bb @@ -15,6 +15,8 @@ DEPENDS = "bison-native apr apache2 gettext-native coreutils-native" SRC_URI = " \ http://archive.ubuntu.com/ubuntu/pool/main/a/${BPN}/${BPN}_${PV}.orig.tar.gz \ + file://disable_perl_h_check.patch \ + file://crosscompile_perl_bindings.patch \ file://apparmor.rc \ file://functions \ file://apparmor \ @@ -27,15 +29,15 @@ SRC_URI[sha256sum] = "b1c489ea11e7771b8e6b181532cafbf9ebe6603e3cb00e2558f21b7a5b PARALLEL_MAKE = "" -inherit pkgconfig autotools-brokensep update-rc.d python-dir perlnative ptest +inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative ptest cpan inherit ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)} S = "${WORKDIR}/apparmor-${PV}" -PACKAGECONFIG ?="man" +PACKAGECONFIG ?="man python perl" PACKAGECONFIG[man] = "--enable-man-pages, --disable-man-pages" -PACKAGECONFIG[python] = "--with-python, --without-python, python swig-native" -PACKAGECONFIG[perl] = "--with-perl, --without-perl, perl perl-native" +PACKAGECONFIG[python] = "--with-python, --without-python, python3 swig-native" +PACKAGECONFIG[perl] = "--with-perl, --without-perl, perl perl-native swig-native" PAMLIB="${@bb.utils.contains('DISTRO_FEATURES', 'pam', '1', '0', d)}" @@ -116,11 +118,12 @@ SYSTEMD_PACKAGES = "${PN}" SYSTEMD_SERVICE_${PN} = "apparmor.service" SYSTEMD_AUTO_ENABLE = "disable" -PACKAGES += "python-${PN} mod-${PN}" +PACKAGES += "mod-${PN}" -FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor" +FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor ${PYTHON_SITEPACKAGES_DIR}" FILES_mod-${PN} = "${libdir}/apache2/modules/*" -FILES_python-${PN} = "${PYTHON_SITEPACKAGES_DIR}" RDEPENDS_${PN} += "bash lsb" +RDEPENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','python','python3 python3-argparse python3-json','', d)}" +RDEPENDS_${PN}_remove += "${@bb.utils.contains('PACKAGECONFIG','perl','','perl', d)}" RDEPENDS_${PN}-ptest += "coreutils dbus-lib" diff --git a/recipes-security/AppArmor/files/crosscompile_perl_bindings.patch b/recipes-security/AppArmor/files/crosscompile_perl_bindings.patch new file mode 100644 index 0000000..ef55de7 --- /dev/null +++ b/recipes-security/AppArmor/files/crosscompile_perl_bindings.patch @@ -0,0 +1,25 @@ +Upstream-Status: Inappropriate [configuration] + +As we're cross-compiling here we need to override CC/LD that MakeMaker has +stuck in the generated Makefile with our cross tools. In this case, linking is +done via the compiler rather than the linker directly so pass in CC not LD +here. + +Signed-Off-By: Tom Rini + +--- a/libraries/libapparmor/swig/perl/Makefile.am.orig 2017-06-13 19:04:43.296676212 -0400 ++++ b/libraries/libapparmor/swig/perl/Makefile.am 2017-06-13 19:05:03.488676693 -0400 +@@ -16,11 +16,11 @@ + + LibAppArmor.so: libapparmor_wrap.c Makefile.perl + if test ! -f libapparmor_wrap.c; then cp $(srcdir)/libapparmor_wrap.c . ; fi +- $(MAKE) -fMakefile.perl ++ $(MAKE) -fMakefile.perl CC='$(CC)' LD='$(CC)' + if test $(top_srcdir) != $(top_builddir) ; then rm -f libapparmor_wrap.c ; fi + + install-exec-local: Makefile.perl +- $(MAKE) -fMakefile.perl install_vendor ++ $(MAKE) -fMakefile.perl install_vendor CC='$(CC)' LD='$(CC)' + + # sadly there is no make uninstall for perl + #uninstall-local: Makefile.perl diff --git a/recipes-security/AppArmor/files/disable_perl_h_check.patch b/recipes-security/AppArmor/files/disable_perl_h_check.patch new file mode 100644 index 0000000..cf2640f --- /dev/null +++ b/recipes-security/AppArmor/files/disable_perl_h_check.patch @@ -0,0 +1,19 @@ +Upstream-Status: Inappropriate [configuration] + +Remove file check for $perl_includedir/perl.h. AC_CHECK_FILE will fail on +cross compilation. Rather than try and get a compile check to work here, +we know that we have what's required via our metadata so remove only this +check. + +Signed-Off-By: Tom Rini + +--- a/libraries/libapparmor/configure.ac.orig 2017-06-13 16:41:38.668471495 -0400 ++++ b/libraries/libapparmor/configure.ac 2017-06-13 16:41:40.708471543 -0400 +@@ -58,7 +58,6 @@ + AC_PATH_PROG(PERL, perl) + test -z "$PERL" && AC_MSG_ERROR([perl is required when enabling perl bindings]) + perl_includedir="`$PERL -e 'use Config; print $Config{archlib}'`/CORE" +- AC_CHECK_FILE($perl_includedir/perl.h, enable_perl=yes, enable_perl=no) + fi + + -- cgit v1.2.3-54-g00ecf