mirror of
https://git.yoctoproject.org/meta-security
synced 2026-05-07 04:58:47 +00:00
apparmor: Rework such that the utilities are functional by default
This introduces a number of changes:
- Fix the python PACKAGECONFIG knob
- The included python support is python3-based, so use those classes.
- When set, make sure to RDEPEND on the python modules the tools use.
- Fix the perl PACKAGECONFIG knob
- Add two patches so that configure will find perl and then compile
will cross-compile the library correctly.
- So that we place perl modules in the correct location we need cpan
to be inherited.
- When disabled, remove the RDEPENDS on perl as the RDEPENDS comes in
via inherit.
- Default to enabling the python and perl PACKAGECONFIG knobs as the
majority of the userspace tools are python3 based, and the few that
aren't that nor C based are perl based.
- Because of the above we must drop the -python package because it's
required for the utilities in the main package.
Signed-off-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Tom Rini
Armin Kuster
@@ -15,6 +15,8 @@ DEPENDS = "bison-native apr apache2 gettext-native coreutils-native"
|
||||
|
||||
SRC_URI = " \
|
||||
http://archive.ubuntu.com/ubuntu/pool/main/a/${BPN}/${BPN}_${PV}.orig.tar.gz \
|
||||
file://disable_perl_h_check.patch \
|
||||
file://crosscompile_perl_bindings.patch \
|
||||
file://apparmor.rc \
|
||||
file://functions \
|
||||
file://apparmor \
|
||||
@@ -27,15 +29,15 @@ SRC_URI[sha256sum] = "b1c489ea11e7771b8e6b181532cafbf9ebe6603e3cb00e2558f21b7a5b
|
||||
|
||||
PARALLEL_MAKE = ""
|
||||
|
||||
inherit pkgconfig autotools-brokensep update-rc.d python-dir perlnative ptest
|
||||
inherit pkgconfig autotools-brokensep update-rc.d python3native perlnative ptest cpan
|
||||
inherit ${@bb.utils.contains('VIRTUAL-RUNTIME_init_manager','systemd','systemd','', d)}
|
||||
|
||||
S = "${WORKDIR}/apparmor-${PV}"
|
||||
|
||||
PACKAGECONFIG ?="man"
|
||||
PACKAGECONFIG ?="man python perl"
|
||||
PACKAGECONFIG[man] = "--enable-man-pages, --disable-man-pages"
|
||||
PACKAGECONFIG[python] = "--with-python, --without-python, python swig-native"
|
||||
PACKAGECONFIG[perl] = "--with-perl, --without-perl, perl perl-native"
|
||||
PACKAGECONFIG[python] = "--with-python, --without-python, python3 swig-native"
|
||||
PACKAGECONFIG[perl] = "--with-perl, --without-perl, perl perl-native swig-native"
|
||||
|
||||
PAMLIB="${@bb.utils.contains('DISTRO_FEATURES', 'pam', '1', '0', d)}"
|
||||
|
||||
@@ -116,11 +118,12 @@ SYSTEMD_PACKAGES = "${PN}"
|
||||
SYSTEMD_SERVICE_${PN} = "apparmor.service"
|
||||
SYSTEMD_AUTO_ENABLE = "disable"
|
||||
|
||||
PACKAGES += "python-${PN} mod-${PN}"
|
||||
PACKAGES += "mod-${PN}"
|
||||
|
||||
FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor"
|
||||
FILES_${PN} += "/lib/apparmor/ ${sysconfdir}/apparmor ${PYTHON_SITEPACKAGES_DIR}"
|
||||
FILES_mod-${PN} = "${libdir}/apache2/modules/*"
|
||||
FILES_python-${PN} = "${PYTHON_SITEPACKAGES_DIR}"
|
||||
|
||||
RDEPENDS_${PN} += "bash lsb"
|
||||
RDEPENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','python','python3 python3-argparse python3-json','', d)}"
|
||||
RDEPENDS_${PN}_remove += "${@bb.utils.contains('PACKAGECONFIG','perl','','perl', d)}"
|
||||
RDEPENDS_${PN}-ptest += "coreutils dbus-lib"
|
||||
|
||||
@@ -0,0 +1,25 @@
|
||||
Upstream-Status: Inappropriate [configuration]
|
||||
|
||||
As we're cross-compiling here we need to override CC/LD that MakeMaker has
|
||||
stuck in the generated Makefile with our cross tools. In this case, linking is
|
||||
done via the compiler rather than the linker directly so pass in CC not LD
|
||||
here.
|
||||
|
||||
Signed-Off-By: Tom Rini <trini@konsulko.com>
|
||||
|
||||
--- a/libraries/libapparmor/swig/perl/Makefile.am.orig 2017-06-13 19:04:43.296676212 -0400
|
||||
+++ b/libraries/libapparmor/swig/perl/Makefile.am 2017-06-13 19:05:03.488676693 -0400
|
||||
@@ -16,11 +16,11 @@
|
||||
|
||||
LibAppArmor.so: libapparmor_wrap.c Makefile.perl
|
||||
if test ! -f libapparmor_wrap.c; then cp $(srcdir)/libapparmor_wrap.c . ; fi
|
||||
- $(MAKE) -fMakefile.perl
|
||||
+ $(MAKE) -fMakefile.perl CC='$(CC)' LD='$(CC)'
|
||||
if test $(top_srcdir) != $(top_builddir) ; then rm -f libapparmor_wrap.c ; fi
|
||||
|
||||
install-exec-local: Makefile.perl
|
||||
- $(MAKE) -fMakefile.perl install_vendor
|
||||
+ $(MAKE) -fMakefile.perl install_vendor CC='$(CC)' LD='$(CC)'
|
||||
|
||||
# sadly there is no make uninstall for perl
|
||||
#uninstall-local: Makefile.perl
|
||||
@@ -0,0 +1,19 @@
|
||||
Upstream-Status: Inappropriate [configuration]
|
||||
|
||||
Remove file check for $perl_includedir/perl.h. AC_CHECK_FILE will fail on
|
||||
cross compilation. Rather than try and get a compile check to work here,
|
||||
we know that we have what's required via our metadata so remove only this
|
||||
check.
|
||||
|
||||
Signed-Off-By: Tom Rini <trini@konsulko.com>
|
||||
|
||||
--- a/libraries/libapparmor/configure.ac.orig 2017-06-13 16:41:38.668471495 -0400
|
||||
+++ b/libraries/libapparmor/configure.ac 2017-06-13 16:41:40.708471543 -0400
|
||||
@@ -58,7 +58,6 @@
|
||||
AC_PATH_PROG(PERL, perl)
|
||||
test -z "$PERL" && AC_MSG_ERROR([perl is required when enabling perl bindings])
|
||||
perl_includedir="`$PERL -e 'use Config; print $Config{archlib}'`/CORE"
|
||||
- AC_CHECK_FILE($perl_includedir/perl.h, enable_perl=yes, enable_perl=no)
|
||||
fi
|
||||
|
||||
|
||||
Reference in New Issue
Block a user