apparmor: fix build issue with ptest enabled.

minor spacing cleanup Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-01-11 15:00:34 +00:00 · 2020-10-01 21:41:09 -07:00
parent d9feafe991
commit 2a7963df18
2 changed files with 175 additions and 80 deletions
--- a/recipes-mac/AppArmor/apparmor_2.13.4.bb
+++ b/recipes-mac/AppArmor/apparmor_2.13.4.bb
@@ -14,16 +14,17 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=fd57a4b0bc782d7b80fd431f10bbf9d0"
 DEPENDS = "bison-native apr gettext-native coreutils-native"

 SRC_URI = " \
-	git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-2.13 \
-	file://disable_perl_h_check.patch \
-	file://crosscompile_perl_bindings.patch \
-	file://apparmor.rc \
-	file://functions \
-	file://apparmor \
-	file://apparmor.service \
-	file://0001-Makefile.am-suppress-perllocal.pod.patch \
-	file://run-ptest \
-	"
+    git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-2.13 \
+    file://disable_perl_h_check.patch \
+    file://crosscompile_perl_bindings.patch \
+    file://apparmor.rc \
+    file://functions \
+    file://apparmor \
+    file://apparmor.service \
+    file://0001-Makefile.am-suppress-perllocal.pod.patch \
+    file://run-ptest \
+    file://0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch \
+    "

 SRCREV = "df0ac742f7a1146181d8734d03334494f2015134"
 S = "${WORKDIR}/git"
@@ -54,76 +55,76 @@ python() {
 DISABLE_STATIC = ""

 do_configure() {
-	cd ${S}/libraries/libapparmor
-	aclocal
-	autoconf --force
-	libtoolize --automake -c --force
-	automake -ac
-	./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
+    cd ${S}/libraries/libapparmor
+    aclocal
+    autoconf --force
+    libtoolize --automake -c --force
+    automake -ac
+    ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF}
 }

 do_compile () {
-        # Fixes:
-        # | sed -ie 's///g' Makefile.perl
-        # | sed: -e expression #1, char 0: no previous regular expression
-        #| Makefile:478: recipe for target 'Makefile.perl' failed
-        sed -i "s@sed -ie 's///g' Makefile.perl@@" ${S}/libraries/libapparmor/swig/perl/Makefile
+    # Fixes:
+    # | sed -ie 's///g' Makefile.perl
+    # | sed: -e expression #1, char 0: no previous regular expression
+    #| Makefile:478: recipe for target 'Makefile.perl' failed
+    sed -i "s@sed -ie 's///g' Makefile.perl@@" ${S}/libraries/libapparmor/swig/perl/Makefile


-	oe_runmake -C ${B}/libraries/libapparmor
-        oe_runmake -C ${B}/binutils
-        oe_runmake -C ${B}/utils
-        oe_runmake -C ${B}/parser
-        oe_runmake -C ${B}/profiles
+    oe_runmake -C ${B}/libraries/libapparmor
+    oe_runmake -C ${B}/binutils
+    oe_runmake -C ${B}/utils
+    oe_runmake -C ${B}/parser
+    oe_runmake -C ${B}/profiles

-	if test -z "${HTTPD}" ; then
-        	oe_runmake -C ${B}/changehat/mod_apparmor
-	fi	
+    if test -z "${HTTPD}" ; then
+        oe_runmake -C ${B}/changehat/mod_apparmor
+    fi

-	if test -z "${PAMLIB}" ; then
-        	oe_runmake -C ${B}/changehat/pam_apparmor
-	fi
+    if test -z "${PAMLIB}" ; then
+        oe_runmake -C ${B}/changehat/pam_apparmor
+    fi
 }

 do_install () {
-	install -d ${D}/${INIT_D_DIR}
-	install -d ${D}/lib/apparmor
-	oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install
-	oe_runmake -C ${B}/binutils DESTDIR="${D}" install
-	oe_runmake -C ${B}/utils DESTDIR="${D}" install
-	oe_runmake -C ${B}/parser DESTDIR="${D}" install
-	oe_runmake -C ${B}/profiles DESTDIR="${D}" install
+    install -d ${D}/${INIT_D_DIR}
+    install -d ${D}/lib/apparmor
+    oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install
+    oe_runmake -C ${B}/binutils DESTDIR="${D}" install
+    oe_runmake -C ${B}/utils DESTDIR="${D}" install
+    oe_runmake -C ${B}/parser DESTDIR="${D}" install
+    oe_runmake -C ${B}/profiles DESTDIR="${D}" install

-	# If perl is disabled this script won't be any good
-	if ! ${@bb.utils.contains('PACKAGECONFIG','perl','true','false', d)}; then
-		rm -f ${D}${sbindir}/aa-notify
-	fi
+    # If perl is disabled this script won't be any good
+    if ! ${@bb.utils.contains('PACKAGECONFIG','perl','true','false', d)}; then
+        rm -f ${D}${sbindir}/aa-notify
+    fi

-	if ! ${@bb.utils.contains('PACKAGECONFIG','aa-decode','true','false', d)}; then
-		rm -f ${D}${sbindir}/aa-decode
-	fi
+    if ! ${@bb.utils.contains('PACKAGECONFIG','aa-decode','true','false', d)}; then
+        rm -f ${D}${sbindir}/aa-decode
+    fi

-	if test -z "${HTTPD}" ; then
-		oe_runmake -C ${B}/changehat/mod_apparmor DESTDIR="${D}" install
-	fi
+    if test -z "${HTTPD}" ; then
+        oe_runmake -C ${B}/changehat/mod_apparmor DESTDIR="${D}" install
+    fi

-	if test -z "${PAMLIB}" ; then
-		oe_runmake -C ${B}/changehat/pam_apparmor DESTDIR="${D}" install
-	fi
+    if test -z "${PAMLIB}" ; then
+        oe_runmake -C ${B}/changehat/pam_apparmor DESTDIR="${D}" install
+    fi

-	# aa-easyprof is installed by python-tools-setup.py, fix it up
-	sed -i -e 's:/usr/bin/env.*:/usr/bin/python3:' ${D}${bindir}/aa-easyprof
-	chmod 0755 ${D}${bindir}/aa-easyprof
+    # aa-easyprof is installed by python-tools-setup.py, fix it up
+    sed -i -e 's:/usr/bin/env.*:/usr/bin/python3:' ${D}${bindir}/aa-easyprof
+    chmod 0755 ${D}${bindir}/aa-easyprof

-	install ${WORKDIR}/apparmor ${D}/${INIT_D_DIR}/apparmor
-	install ${WORKDIR}/functions ${D}/lib/apparmor
-	sed -i -e 's/getconf _NPROCESSORS_ONLN/nproc/' ${D}/lib/apparmor/functions
-	sed -i -e 's/ls -AU/ls -A/' ${D}/lib/apparmor/functions  
+    install ${WORKDIR}/apparmor ${D}/${INIT_D_DIR}/apparmor
+    install ${WORKDIR}/functions ${D}/lib/apparmor
+    sed -i -e 's/getconf _NPROCESSORS_ONLN/nproc/' ${D}/lib/apparmor/functions
+    sed -i -e 's/ls -AU/ls -A/' ${D}/lib/apparmor/functions  

-	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
-		install -d ${D}${systemd_system_unitdir}
-		install -m 0644 ${WORKDIR}/apparmor.service ${D}${systemd_system_unitdir}
-	fi
+    if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+        install -d ${D}${systemd_system_unitdir}
+        install -m 0644 ${WORKDIR}/apparmor.service ${D}${systemd_system_unitdir}
+    fi
 }

 #Building ptest on arm fails.
@@ -136,30 +137,28 @@ do_compile_ptest_arm () {
 }

 do_compile_ptest () {
-        oe_runmake -C ${B}/tests/regression/apparmor
-        oe_runmake -C ${B}/parser/tst
-        oe_runmake -C ${B}/libraries/libapparmor
+    sed -i -e 's/cpp \-dM/${HOST_PREFIX}gcc \-dM/' ${B}/tests/regression/apparmor/Makefile
+    oe_runmake -C ${B}/tests/regression/apparmor
+    oe_runmake -C ${B}/libraries/libapparmor
 }

 do_install_ptest () {
-	t=${D}/${PTEST_PATH}/testsuite
-	install -d ${t}
-	install -d ${t}/tests/regression/apparmor
-	cp -rf ${B}/tests/regression/apparmor ${t}/tests/regression
+    t=${D}/${PTEST_PATH}/testsuite
+    install -d ${t}
+    install -d ${t}/tests/regression/apparmor
+    cp -rf ${B}/tests/regression/apparmor ${t}/tests/regression

-	install -d ${t}/parser/tst
-	cp -rf ${B}/parser/tst ${t}/parser
-	cp ${B}/parser/apparmor_parser ${t}/parser
-	cp ${B}/parser/frob_slack_rc ${t}/parser
+    cp ${B}/parser/apparmor_parser ${t}/parser
+    cp ${B}/parser/frob_slack_rc ${t}/parser

-	install -d ${t}/libraries/libapparmor
-	cp -rf ${B}/libraries/libapparmor ${t}/libraries
+    install -d ${t}/libraries/libapparmor
+    cp -rf ${B}/libraries/libapparmor ${t}/libraries

-	install -d ${t}/common
-	cp -rf ${B}/common ${t}
+    install -d ${t}/common
+    cp -rf ${B}/common ${t}

-	install -d ${t}/binutils
-	cp -rf ${B}/binutils ${t}
+    install -d ${t}/binutils
+    cp -rf ${B}/binutils ${t}
 }

 #Building ptest on arm fails.
--- a/recipes-mac/AppArmor/files/0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch
+++ b/recipes-mac/AppArmor/files/0001-regression-tests-Don-t-build-syscall_sysctl-if-missi.patch
@@ -0,0 +1,96 @@
+From 7a7c7fb346ded6f017c8df44486778a5f032d41a Mon Sep 17 00:00:00 2001
+From: John Johansen <john.johansen@canonical.com>
+Date: Tue, 29 Sep 2020 03:05:22 -0700
+Subject: [PATCH] regression tests: Don't build syscall_sysctl if missing
+ kernel headers
+
+sys/sysctl.h is not guaranteed to exist anymore since
+https://sourceware.org/pipermail/glibc-cvs/2020q2/069366.html
+
+which is a follow on to the kernel commit
+61a47c1ad3a4 sysctl: Remove the sysctl system call
+
+While the syscall_sysctl currently checks if the kernel supports
+sysctrs before running the tests. The tests can't even build if the
+kernel headers don't have the sysctl defines.
+
+Fixes: https://gitlab.com/apparmor/apparmor/-/issues/119
+Fixes: https://bugs.launchpad.net/apparmor/+bug/1897288
+MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/637
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+Acked-by: Steve Beattie <steve.beattie@canonical.com>
+(cherry picked from commit 2e5a266eb715fc7e526520235a6450444775791f)
+
+Upstream-Status: Backport
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+---
+ tests/regression/apparmor/Makefile          | 10 +++++++++-
+ tests/regression/apparmor/syscall_sysctl.sh | 15 +++++++++++----
+ 2 files changed, 20 insertions(+), 5 deletions(-)
+
+diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile
+index 198ca421..c3d0cfb7 100644
+--- a/tests/regression/apparmor/Makefile
+++ b/tests/regression/apparmor/Makefile
+@@ -69,6 +69,9 @@ endif # USE_SYSTEM
+ 
+ CFLAGS += -g -O0 -Wall -Wstrict-prototypes
+ 
+USE_SYSCTL:=$(shell echo "#include <sys/sysctl.h>" | cpp -dM >/dev/null 2>/dev/null && echo true)
+
+
+ SRC=access.c \
+     at_secure.c \
+     introspect.c \
+@@ -130,7 +133,6 @@ SRC=access.c \
+     syscall_sethostname.c \
+     syscall_setdomainname.c \
+     syscall_setscheduler.c \
+-    syscall_sysctl.c \
+     sysctl_proc.c \
+     tcp.c \
+     transition.c \
+@@ -146,6 +148,12 @@ ifneq (,$(findstring $(shell uname -i),i386 i486 i586 i686 x86 x86_64))
+ SRC+=syscall_ioperm.c syscall_iopl.c
+ endif
+ 
+#only do sysctl syscall test if defines installed and OR supported by the
+# kernel
+ifeq ($(USE_SYSCTL),true)
+SRC+=syscall_sysctl.c
+endif
+
+ #only do dbus if proper libs are installl
+ ifneq (,$(shell pkg-config --exists dbus-1 && echo TRUE))
+ SRC+=dbus_eavesdrop.c dbus_message.c dbus_service.c dbus_unrequested_reply.c
+diff --git a/tests/regression/apparmor/syscall_sysctl.sh b/tests/regression/apparmor/syscall_sysctl.sh
+index f93946f3..5f856984 100644
+--- a/tests/regression/apparmor/syscall_sysctl.sh
+++ b/tests/regression/apparmor/syscall_sysctl.sh
+@@ -148,11 +148,18 @@ test_sysctl_proc()
+ # check if the kernel supports CONFIG_SYSCTL_SYSCALL
+ # generally we want to encourage kernels to disable it, but if it's
+ # enabled we want to test against it
+-settest syscall_sysctl
+-if ! res="$(${test} ro 2>&1)" && [ "$res" = "FAIL: sysctl read failed - Function not implemented" ] ; then
+-    echo "	WARNING: syscall sysctl not implemented, skipping tests ..."
+# In addition test that sysctl exists in the kernel headers, if it does't
+# then we can't even built the syscall_sysctl test
+if  echo "#include <sys/sysctl.h>" | cpp -dM >/dev/null 2>/dev/null ; then
+    settest syscall_sysctl
+
+    if ! res="$(${test} ro 2>&1)" && [ "$res" = "FAIL: sysctl read failed - Function not implemented" ] ; then
+	echo "	WARNING: syscall sysctl not implemented, skipping tests ..."
+    else
+	test_syscall_sysctl
+    fi
+ else
+-    test_syscall_sysctl
+    echo "	WARNING: syscall sysctl not supported by kernel headers, skipping tests ..."
+ fi
+ 
+ # now test /proc/sys/ paths
+-- 
+2.17.1
+