sys-apps/apparmor: New Ebuild for bug #118779. Thanks to floppym & hwoarang for feedback.

svn path=/sunrise/; revision=12511
author: Michael Palimaka (kensington) <kensington@astralcloak.net> 2011-11-13 15:51:56 +0000
committer: Michael Palimaka (kensington) <kensington@astralcloak.net> 2011-11-13 15:51:56 +0000
commit: 083a3f874425ef3760b824835103addfea2dd4ec (patch)
tree: bcfc032e7d92eb6201fa61c3eb7ff9e2e3b38f7e /sys-apps
parent: media-tv/kmttg: Version bump for kmttg (diff)
download: sunrise-reviewed-083a3f874425ef3760b824835103addfea2dd4ec.tar.gz
sunrise-reviewed-083a3f874425ef3760b824835103addfea2dd4ec.tar.bz2
sunrise-reviewed-083a3f874425ef3760b824835103addfea2dd4ec.zip
7 files changed, 377 insertions, 0 deletions
diff --git a/sys-apps/apparmor/ChangeLog b/sys-apps/apparmor/ChangeLog
new file mode 100644
index 000000000..21a426b32
--- /dev/null
+++ b/sys-apps/apparmor/ChangeLog
@@ -0,0 +1,9 @@
+# ChangeLog for sys-apps/apparmor
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: $
+
+  13 Nov 2011; Michael Palimaka (kensington) <kensington@astralcloak.net>
+  +apparmor-2.6.1.ebuild, +files/apparmor-2.6.1-makefile.patch,
+  +files/apparmor-confd, +files/apparmor-init, +metadata.xml:
+  New Ebuild for bug #118779. Thanks to floppym & hwoarang for feedback.
+
diff --git a/sys-apps/apparmor/Manifest b/sys-apps/apparmor/Manifest
new file mode 100644
index 000000000..e6c91322f
--- /dev/null
+++ b/sys-apps/apparmor/Manifest
@@ -0,0 +1,7 @@
+AUX apparmor-2.6.1-makefile.patch 2556 RMD160 614eab68a68a847325ef43b1d92330d41ef7eb55 SHA1 95efd84a6b675f78d4a8bb982c331a57f8f186b5 SHA256 ff98a5a9e3593e959e578d07b89956476f79a1a0e139f4e12a2ae1e665b02881
+AUX apparmor-confd 336 RMD160 c1814e81038e4bf01a1f0570b77bc6a1cf10aacb SHA1 60089f51a68da6638a43ed823ac7460f606fe9e1 SHA256 d477eb288c1fbe00ea9714e9d16ba8cba658628aed3a1c4d6a1dc9cb32f005c5
+AUX apparmor-init 3776 RMD160 4a7f850d3e5c98f36aa8cab1191ba3633ef42353 SHA1 1fe748225a58d17bd5e7ebbf3e4ffb711ded4e1b SHA256 09f8daa692c7a07305ffea0e79b2815b655d69b618e2abb825a0857ab6009560
+DIST apparmor-2.6.1.tar.gz 1612637 RMD160 241f0ba363b7f7c2d7e25cba4f6d7f6eb2c6f3f9 SHA1 c8837b1e0c4bd90858579cb9758af203122889aa SHA256 9cb015d8c1023d7549621d1caeea0cd92a33c48dba0762d75385f9ff7a11e2f4
+EBUILD apparmor-2.6.1.ebuild 1003 RMD160 dfcbd71afb56902dd956fa72d0f6d17d029b3670 SHA1 9b81fd3103a9b5cac044c883c233ed7651183de1 SHA256 cd2ec215bf6b6876074aea94bf2939d9212005add15061d5317e81b0ef19fb15
+MISC ChangeLog 392 RMD160 5e557eae96c0947f0ee9b0d17538d9e64508df6b SHA1 2f5b34a77e17aafd7d9e5318b6fefbaeecc07cb6 SHA256 8e3882f501cb96109bb43f90e44ef1f131394aa59401083c7000330c1c5861a2
+MISC metadata.xml 209 RMD160 184537d7a401571abe0e5cbf9258ba3947d19382 SHA1 f2ea13baedca19e24be6ed7c3e6b765f7ff67cba SHA256 b0f0595f625235a62d9d40753827ae160e42156371fd9568bd2779042517f5e8
diff --git a/sys-apps/apparmor/apparmor-2.6.1.ebuild b/sys-apps/apparmor/apparmor-2.6.1.ebuild
new file mode 100644
index 000000000..9aaad91d1
--- /dev/null
+++ b/sys-apps/apparmor/apparmor-2.6.1.ebuild
@@ -0,0 +1,47 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+EAPI=4
+
+inherit eutils toolchain-funcs versionator
+
+DESCRIPTION="Userspace utils and init scripts for the AppArmor application security system"
+HOMEPAGE="http://apparmor.net/"
+SRC_URI="http://launchpad.net/${PN}/$(get_version_component_range 1-2)/${PV}/+download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="doc"
+
+DEPEND="dev-lang/perl
+	sys-devel/bison
+	sys-devel/flex
+	doc? ( dev-tex/latex2html )"
+RDEPEND=""
+
+RESTRICT="test"
+
+S=${WORKDIR}/apparmor-${PV}/parser
+
+src_prepare() {
+	epatch "${FILESDIR}"/apparmor-2.6.1-makefile.patch
+}
+
+src_compile()  {
+	emake CC="$(tc-getCC)" CXX="$(tc-getCXX)" main manpages
+	use doc && emake pdf
+}
+
+src_install() {
+	emake DISTRO=unknown DESTDIR="${D}" main manpages install
+
+	dodir /etc/apparmor.d
+
+	newinitd "${FILESDIR}"/${PN}-init ${PN}
+	newconfd "${FILESDIR}"/${PN}-confd ${PN}
+
+	dodoc README
+	use doc && dodoc techdoc.pdf
+}
diff --git a/sys-apps/apparmor/files/apparmor-2.6.1-makefile.patch b/sys-apps/apparmor/files/apparmor-2.6.1-makefile.patch
new file mode 100644
index 000000000..c6bddc2c2
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor-2.6.1-makefile.patch
@@ -0,0 +1,84 @@
+--- Makefile
++++ Makefile
+@@ -31,7 +31,7 @@
+ CONFDIR=/etc/apparmor
+ INSTALL_CONFDIR=${DESTDIR}${CONFDIR}
+ LOCALEDIR=/usr/share/locale
+-MANPAGES=apparmor.d.5 apparmor.7 apparmor_parser.8 subdomain.conf.5 apparmor.vim.5
++MANPAGES=apparmor.d.5 apparmor.7 apparmor_parser.8
+ 
+ YACC	:= /usr/bin/bison
+ YFLAGS	:= -d
+@@ -113,7 +113,7 @@
+ export Q VERBOSE BUILD_OUTPUT
+ 
+ po/${NAME}.pot: ${SRCS} ${HDRS}
+-	make -C po ${NAME}.pot NAME=${NAME} SOURCES="${SRCS} ${HDRS}"
++	$(MAKE) -C po ${NAME}.pot NAME=${NAME} SOURCES="${SRCS} ${HDRS}"
+ 
+ techdoc.pdf: techdoc.tex
+ 	while pdflatex $< ${BUILD_OUTPUT} || exit 1 ; \
+@@ -129,7 +129,7 @@
+ # targets arranged this way so that people who don't want full docs can
+ # pick specific targets they want.
+ main: 	$(TOOLS)
+-	$(Q)make -C po all
++	$(MAKE) -C po all
+ 
+ manpages:	$(MANPAGES)
+ 
+@@ -144,7 +144,7 @@
+ apparmor_parser: $(OBJECTS) $(AAREOBJECTS)
+ 	rm -f ./libstdc++.a
+ 	ln -s `g++ -print-file-name=libstdc++.a`
+-	g++ $(EXTRA_CFLAGS) -o $@ $(OBJECTS) $(LIBS) \
++	$(CXX) $(EXTRA_CFLAGS) $(LDFLAGS) -o $@ $(OBJECTS) $(LIBS) \
+ 	      ${LEXLIB}  $(AAREOBJECTS) -static-libgcc -L.
+ 
+ parser_yacc.c parser_yacc.h: parser_yacc.y parser.h
+@@ -227,7 +227,7 @@
+ .SILENT: tests
+ tests: ${TESTS}
+ 	sh -e -c 'for test in ${TESTS} ; do echo "*** running $${test}" && ./$${test} $(BUILD_OUTPUT) ; done'
+-	$(Q)make -s -C tst tests
++	$(MAKE) -s -C tst tests
+ 
+ .SILENT: check
+ check: tests
+@@ -236,7 +236,7 @@
+ .SILENT: $(AAREOBJECTS)
+ .PHONY: $(AAREOBJECTS)
+ $(AAREOBJECTS):
+-	make -C $(AAREDIR) CFLAGS="$(EXTRA_CXXFLAGS)"
++	$(MAKE) -C $(AAREDIR) CFLAGS="$(EXTRA_CXXFLAGS)"
+ 
+ .PHONY: install-rhel4
+ install-rhel4: install-redhat
+@@ -280,12 +280,8 @@
+ 	install -m 755 -d $(DESTDIR)/sbin
+ 	install -m 755 ${TOOLS} $(DESTDIR)/sbin
+ 	install -m 755 -d $(INSTALL_CONFDIR)
+-	install -m 644 subdomain.conf $(INSTALL_CONFDIR)
+-	install -m 755 -d ${DESTDIR}/var/lib/apparmor
+-	install -m 755 -d $(APPARMOR_BIN_PREFIX)
+-	install -m 755 rc.apparmor.functions $(APPARMOR_BIN_PREFIX)
+-	make -C po install NAME=${NAME} DESTDIR=${DESTDIR}
+-	make install_manpages DESTDIR=${DESTDIR}
++	$(MAKE) -C po install NAME=${NAME} DESTDIR=${DESTDIR}
++	$(MAKE) install_manpages DESTDIR=${DESTDIR}
+ 
+ .SILENT: clean
+ .PHONY: clean
+@@ -300,9 +296,9 @@
+ 	rm -f af_names.h
+ 	rm -f cap_names.h
+ 	rm -rf techdoc.aux techdoc.log techdoc.pdf techdoc.toc techdor.txt techdoc/
+-	make -s -C $(AAREDIR) clean
+-	make -s -C po clean
+-	make -s -C tst clean
++	$(MAKE) -s -C $(AAREDIR) clean
++	$(MAKE) -s -C po clean
++	$(MAKE) -s -C tst clean
+ 
+ .SILENT: dist_clean
+ dist_clean:
diff --git a/sys-apps/apparmor/files/apparmor-confd b/sys-apps/apparmor/files/apparmor-confd
new file mode 100644
index 000000000..11058073c
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor-confd
@@ -0,0 +1,14 @@
+# config file for /etc/init.d/apparmor
+
+# Location of parser
+PARSER=/sbin/apparmor_parser
+
+# Directory in which profiles are stored
+PROFILE_DIR=/etc/apparmor.d/
+
+# Directories within PROFILE_DIR to be ignored
+IGNORE_PROFILES=( "abstractions" "tunables" )
+
+# Where securityfs is/will be mounted
+SECURITYFS=/sys/kernel/security/apparmor
+
diff --git a/sys-apps/apparmor/files/apparmor-init b/sys-apps/apparmor/files/apparmor-init
new file mode 100755
index 000000000..6fac7b1ac
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor-init
@@ -0,0 +1,211 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+extra_started_commands="reload"
+
+start() {
+	ebegin "Starting ${SVCNAME}"
+	eindent
+
+	if ! check_config || ! remove_profiles || ! load_profiles load ; then
+		eend 1
+		return 1
+	fi
+
+	eoutdent
+	eend 0
+}
+
+stop() {
+	ebegin "Stopping ${SVCNAME}"
+
+	if ! check_config ; then
+		eend 1
+		return 1
+	fi
+
+	eindent
+	ebegin "Removing profiles"
+	remove_profiles
+	eoutdent
+	rc=$?
+	eend $rc
+	return $rc
+}
+
+reload() {
+	ebegin "Reloading ${SVCNAME} profiles"
+
+	if ! ( check_config && load_profiles reload && unload_obsolete_profiles ); then
+		eend 1
+		return 1
+	fi
+
+	eend 0
+	return 0
+}
+
+check_config() {
+
+	if [ -z "$PARSER" -o -z "$PROFILE_DIR" -o -z "$SECURITYFS" ]; then
+		eerror "/etc/conf.d/${SVCNAME} has missing variables"
+		return 1
+	fi
+
+	if ! is_securityfs_mounted ; then
+		if ! mount_securityfs ; then
+			eerror "Failed to mount securityfs"
+			return 1
+		fi
+	fi
+
+	if ! is_apparmor_present ; then
+		modprobe -q apparmor
+		if ! is_apparmor_present ; then
+			eerror "${SVCNAME} kernel support is not present"
+			return 1
+		fi
+	fi
+
+	if ! check_apparmor_compat ; then
+		eerror "${SVCNAME} compatibility is not present in the kernel"
+		return 1
+	fi
+}
+
+get_profile_files() {
+	if [[ "$PROFILE_DIR" != */ ]]; then
+		PROFILE_DIR="${PROFILE_DIR}/"
+	fi
+
+	ARGS=""
+	LENGTH=${#IGNORE_PROFILES[@]}
+
+	for ((I=1; I <= $LENGTH; I++)); do
+		ARGS="${ARGS} -path ${PROFILE_DIR}${IGNORE_PROFILES[$(($I-1))]} -prune"
+		if [ $LENGTH -gt 1 -a $I -lt $LENGTH ]; then
+			ARGS="${ARGS} -o"
+		fi
+	done
+
+	if [ -z "$ARGS" ]; then
+		PROFILES="find /etc/apparmor.d"
+	else
+		PROFILES="find /etc/apparmor.d "$ARGS" -o -type f -print"
+	fi
+
+	echo $( $PROFILES )
+}
+
+get_active_profiles() {
+	PROFILES=`sed -e "s/ (\(enforce\|complain\))//" "${SECURITYFS}/profiles"`
+	echo $PROFILES
+}
+
+load_profiles() {
+
+	case "$1" in
+		load)
+			PARSER_ARGS="--add"
+			MESSAGE="Loading ${SVCNAME} profiles"
+			;;
+		reload)
+			PARSER_ARGS="--replace"
+			MESSAGE="Reloading ${SVCNAME} profiles"
+			;;
+		*)
+			eerror "Invalid load_profile argument"
+			exit 1
+			;;
+	esac	
+
+	if [ ! -x "${PARSER}" ]; then
+		eerror "Could not find apparmor_parser"
+		return 1
+	fi
+
+	if [ ! -d "${PROFILE_DIR}" -o -z "$(ls $PROFILE_DIR 2> /dev/null)" ]; then
+		ewarn "No profiles found"
+		return 0
+	fi
+
+	PROFILES="$(get_profile_files)"
+	for PROFILE in $PROFILES; do
+		$PARSER $PARSER_ARGS $PROFILE
+		if [ $? -ne 0 ]; then
+			if [ "${PARSER_ARGS}" == "replace" ]; then
+				ewarn "Error loading '${PROFILE}', continuing"
+			else
+				eerror "Error loading '${PROFILE}', aborting"
+				remove_profiles
+				return 1
+			fi
+		fi
+	done
+
+	return 0
+}
+
+remove_profiles() {
+	PROFILES=$(get_active_profiles)
+	for PROFILE in $PROFILES; do
+		echo -n "$PROFILE" > "${SECURITYFS}/.remove"
+	done
+	return 0
+}
+
+is_securityfs_mounted() {
+	grep -q securityfs /proc/filesystems && grep -q securityfs /proc/mounts
+	return $?
+}
+
+mount_securityfs() {
+	if [ grep -q securityfs /proc/filesystems ]; then
+		mount -t securityfs securityfs "${SECURITYFS}"
+		return $?
+	else
+		return 1
+	fi
+}
+
+is_apparmor_present() {
+	grep -q "^apparmor" /proc/modules
+	[ $? -ne 0 -a -d /sys/module/apparmor ]
+	return $?
+}
+
+check_apparmor_compat() {
+	if [ -f "${SECURITYFS}/profiles" ]; then
+		return 0
+	else
+		return 1
+	fi
+}
+
+unload_obsolete_profiles() {
+
+	TEMPDIR=$(umask 0077 && mktemp -d)
+
+	if [ ! -d "${TEMPDIR}" ]; then
+		eerror "Failed to create temporary directory"
+		return 1
+	fi
+
+	cd $TEMPDIR
+
+	echo $(get_active_profiles) | tr ' ' '\n' | sort > old
+
+	for PROFILE in $(get_profile_files); do
+		echo $(${PARSER} -N "$PROFILE") >> new
+	done
+
+	for PROFILE in $(comm -2 -3 old new); do
+		echo -n "$PROFILE" > "${SECURITYFS}/.remove"
+	done
+
+	rm -rf "${TEMPDIR}"
+
+	return 0
+}
diff --git a/sys-apps/apparmor/metadata.xml b/sys-apps/apparmor/metadata.xml
new file mode 100644
index 000000000..f9d4a986f
--- /dev/null
+++ b/sys-apps/apparmor/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer><email>maintainer-wanted@gentoo.org</email></maintainer>
+</pkgmetadata>
author	Michael Palimaka (kensington) <kensington@astralcloak.net>	2011-11-13 15:51:56 +0000
committer	Michael Palimaka (kensington) <kensington@astralcloak.net>	2011-11-13 15:51:56 +0000
commit	083a3f874425ef3760b824835103addfea2dd4ec (patch)
tree	bcfc032e7d92eb6201fa61c3eb7ff9e2e3b38f7e /sys-apps
parent	media-tv/kmttg: Version bump for kmttg (diff)
download	sunrise-reviewed-083a3f874425ef3760b824835103addfea2dd4ec.tar.gz sunrise-reviewed-083a3f874425ef3760b824835103addfea2dd4ec.tar.bz2 sunrise-reviewed-083a3f874425ef3760b824835103addfea2dd4ec.zip