package/apparmor: new package

The various AppArmor utilities are spread in a few sub-directories of the apparmor source tree. For now, we build only the parser, but we'll soon introduce support for a few other utilities, so we prepare the package to be able to build more than just the parser, hence the slightly convoluted build and install commands, and the use of the APPARMOR_TOOLS and APPARMOR_MAKE_OPTS variables, which will come handy in the following commits. We must ensure the version matches that of libapparmor, but there is not much we can do to enforce that, so as we do for various other packages, we just add a comment to that effect. Signed-off-by: Angelo Compagnucci <angelo@amarulasolutions.com> [yann.morin.1998@free.fr: - make it a separate package - split into its own patch, write a commit log ] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> Tested-by: Angelo Compagnucci <angelo@amarulasolutions.com>
2020-03-27 21:38:37 +01:00 · 2020-03-27 21:38:37 +01:00 · 007ee0765e
parent 67e576fab5
commit 007ee0765e
5 changed files with 79 additions and 0 deletions
--- a/package/Config.in
+++ b/package/Config.in
@ -2260,6 +2260,7 @@ menu "Real-Time"
 endmenu

 menu "Security"
+	source "package/apparmor/Config.in"
 	source "package/checkpolicy/Config.in"
 	source "package/ima-evm-utils/Config.in"
 	source "package/optee-benchmark/Config.in"
--- a/package/apparmor/Config.in
+++ b/package/apparmor/Config.in
@ -0,0 +1,25 @@
+config BR2_PACKAGE_APPARMOR
+	bool "apparmor"
+	depends on BR2_USE_MMU # fork()
+	depends on BR2_INSTALL_LIBSTDCPP
+	depends on BR2_TOOLCHAIN_HAS_SYNC_4 # libapparmor
+	depends on BR2_TOOLCHAIN_HAS_THREADS # libapparmor
+	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_16 # libapparmor
+	select BR2_PACKAGE_LIBAPPARMOR
+	help
+	  AppArmor is an effective and easy-to-use Linux application
+	  security system. AppArmor proactively protects the operating
+	  system and applications from external or internal threats,
+	  even zero-day attacks, by enforcing good behavior and
+	  preventing even unknown application flaws from being
+	  exploited.
+
+	  This package builds the parser (which can load profiles).
+
+	  http://wiki.apparmor.net
+
+comment "apparmor needs a toolchain w/ headers >= 3.16, threads, C++"
+	depends on BR2_USE_MMU
+	depends on BR2_TOOLCHAIN_HAS_SYNC_4
+	depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS \
+		|| !BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_16
--- a/package/apparmor/apparmor.hash
+++ b/package/apparmor/apparmor.hash
@ -0,0 +1,4 @@
+# locally computed
+sha256  267053234c68cdb122c5294d7c276b6e2f5fa7e75c6c2d23e3ce69f95d9a7639  apparmor-2.13.3.tar.gz
+sha256  a7e0cdcbea5c14927cedfc600d46526bdcbb1eb0a4d951e2ea53c2a6de159cb4  LICENSE
+sha256  dd54950fa69a3096fe907a466a454d217ccca9bca77398d5232704766d5a0040  parser/COPYING.GPL
--- a/package/apparmor/apparmor.mk
+++ b/package/apparmor/apparmor.mk
@ -0,0 +1,48 @@
+################################################################################
+#
+# apparmor
+#
+################################################################################
+
+# When updating the version here, please also update the libapparmor package
+APPARMOR_VERSION_MAJOR = 2.13
+APPARMOR_VERSION = $(APPARMOR_VERSION_MAJOR).3
+APPARMOR_SITE = https://launchpad.net/apparmor/$(APPARMOR_VERSION_MAJOR)/$(APPARMOR_VERSION)/+download
+APPARMOR_DL_SUBDIR = libapparmor
+APPARMOR_LICENSE = GPL-2.0
+APPARMOR_LICENSE_FILES = LICENSE parser/COPYING.GPL
+
+APPARMOR_DEPENDENCIES = libapparmor
+
+APPARMOR_TOOLS = parser
+APPARMOR_MAKE_OPTS = USE_SYSTEM=1
+
+define APPARMOR_BUILD_CMDS
+	$(foreach tool,$(APPARMOR_TOOLS),\
+		$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) \
+		$(MAKE) -C $(@D)/$(tool) $(APPARMOR_MAKE_OPTS)
+	)
+endef
+
+define APPARMOR_INSTALL_TARGET_CMDS
+	$(foreach tool,$(APPARMOR_TOOLS),\
+		$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) \
+		$(MAKE) -C $(@D)/$(tool) $(APPARMOR_MAKE_OPTS) \
+			DESTDIR=$(TARGET_DIR) install
+	)
+endef
+
+# Despite its name, apparmor.systemd is a sysv-init compatible startup script
+define APPARMOR_INSTALL_INIT_SYSV
+	$(INSTALL) -D -m 0755 $(@D)/parser/apparmor.systemd \
+		$(TARGET_DIR)/etc/init.d/S00apparmor
+endef
+
+define APPARMOR_INSTALL_INIT_SYSTEMD
+	$(INSTALL) -D -m 0755 $(@D)/parser/apparmor.systemd \
+		$(TARGET_DIR)/lib/apparmor/apparmor.systemd
+	$(INSTALL) -D -m 0755 $(@D)/parser/apparmor.service \
+		$(TARGET_DIR)/usr/lib/systemd/system/apparmor.service
+endef
+
+$(eval $(generic-package))
--- a/package/libapparmor/libapparmor.mk
+++ b/package/libapparmor/libapparmor.mk
@ -4,6 +4,7 @@
 #
 ################################################################################

+# When updating the version here, please also update the apparmor package
 LIBAPPARMOR_VERSION_MAJOR = 2.13
 LIBAPPARMOR_VERSION = $(LIBAPPARMOR_VERSION_MAJOR).3
 LIBAPPARMOR_SOURCE = apparmor-$(LIBAPPARMOR_VERSION).tar.gz