packages: Add a hacky apparmor-utils

flake.nix

@@ -56,7 +56,7 @@
         ];
       };
     in {
-      inherit (pkgs) gamescope;
+      inherit (pkgs) gamescope custom-apparmor-utils;
     };
   });
 }

packages/default.nix

@@ -90,4 +90,6 @@ in {
   sddm-sugar-dark = prev.callPackage themes/sddm/sugar-dark {};
 
   gamescope = prev.callPackage temp/gamescope.nix {};
+
+  custom-apparmor-utils = prev.callPackage temp/apparmor-utils.nix {};
 }

packages/temp/apparmor-utils.nix

@@ -0,0 +1,101 @@
+{
+  fetchFromGitLab
+, stdenv, lib
+, makeWrapper, writeShellScript
+, which, bash, libapparmor, apparmor-parser, libnotify, perl, gawk, python3
+, coreutils, gnused, gnugrep
+}:
+
+let
+  apparmor-version = "3.0.4";
+  apparmor-sources = fetchFromGitLab {
+    owner = "apparmor";
+    repo = "apparmor";
+    rev = "v${apparmor-version}";
+    sha256 = "1a217j28rgfq4lsmpn0wv1xgmdr9ba8iysv9i6q477kj6z77zrb9";
+  };
+  apparmor-meta = component: with lib; {
+    homepage = "https://apparmor.net/";
+    description = "A mandatory access control system - ${component}";
+    license = licenses.gpl2;
+    maintainers = with maintainers; [ joachifm julm thoughtpolice ];
+    platforms = platforms.linux;
+  };
+  aa-teardown = writeShellScript "aa-teardown" ''
+    PATH="${lib.makeBinPath [coreutils gnused gnugrep]}:$PATH"
+    . ${apparmor-parser}/lib/apparmor/rc.apparmor.functions
+    remove_profiles
+  '';
+
+  setupPython = python3.withPackages (ps: with ps; [ setuptools ]);
+  prePatchCommon = ''
+    chmod a+x ./common/list_capabilities.sh ./common/list_af_names.sh
+    patchShebangs ./common/list_capabilities.sh ./common/list_af_names.sh
+    substituteInPlace ./common/Make.rules \
+      --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" \
+      --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" \
+      --replace "/usr/share/man" "share/man"
+    substituteInPlace ./utils/Makefile \
+      --replace "/usr/include/linux/capability.h" "${stdenv.cc.libc.linuxHeaders}/include/linux/capability.h"
+
+    sed --in-place ./utils/Makefile -e 's|''${PYTHON}|${setupPython}/bin/python|g'
+
+    cat ./utils/Makefile
+  '';
+in stdenv.mkDerivation {
+  pname = "apparmor-utils";
+  version = apparmor-version;
+
+  src = apparmor-sources;
+
+  strictDeps = true;
+
+  nativeBuildInputs = [ makeWrapper which python3 ];
+
+  buildInputs = [
+    bash
+    perl
+    python3
+    libapparmor
+    libapparmor.python
+  ];
+
+  prePatch = prePatchCommon +
+    # Do not build vim file
+    ''
+      sed -i ./utils/Makefile -e "/\<vim\>/d"
+    '' + ''
+    for file in utils/apparmor/easyprof.py utils/apparmor/aa.py utils/logprof.conf; do
+      substituteInPlace $file --replace "/sbin/apparmor_parser" "${apparmor-parser}/bin/apparmor_parser"
+    done
+  '';
+  postPatch = "cd ./utils";
+  makeFlags = [ "LANGS=" ];
+  installFlags = [ "DESTDIR=$(out)" "BINDIR=$(out)/bin" "VIM_INSTALL_PATH=$(out)/share" "PYPREFIX=" ];
+
+  preInstall = ''
+    ls -l
+  '';
+  
+  postInstall = ''
+    sed -i $out/bin/aa-unconfined -e "/my_env\['PATH'\]/d"
+    for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-unconfined ; do
+      wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/${python3.sitePackages}:$PYTHONPATH"
+    done
+
+    substituteInPlace $out/bin/aa-notify \
+      --replace /usr/bin/notify-send ${libnotify}/bin/notify-send \
+      --replace /usr/bin/perl "${perl}/bin/perl -I ${libapparmor}/${perl.libPrefix}"
+
+    substituteInPlace $out/bin/aa-remove-unknown \
+     --replace "/lib/apparmor/rc.apparmor.functions" "${apparmor-parser}/lib/apparmor/rc.apparmor.functions"
+    wrapProgram $out/bin/aa-remove-unknown \
+     --prefix PATH : ${lib.makeBinPath [ gawk ]}
+
+    ln -s ${aa-teardown} $out/bin/aa-teardown
+  '';
+
+  doCheck = false;
+
+  meta = apparmor-meta "user-land utilities";
+}