packages: Add a hacky apparmor-utils
This commit is contained in:
parent
8f646f9161
commit
79de594c6c
@ -56,7 +56,7 @@
|
||||
];
|
||||
};
|
||||
in {
|
||||
inherit (pkgs) gamescope;
|
||||
inherit (pkgs) gamescope custom-apparmor-utils;
|
||||
};
|
||||
});
|
||||
}
|
||||
|
@ -90,4 +90,6 @@ in {
|
||||
sddm-sugar-dark = prev.callPackage themes/sddm/sugar-dark {};
|
||||
|
||||
gamescope = prev.callPackage temp/gamescope.nix {};
|
||||
|
||||
custom-apparmor-utils = prev.callPackage temp/apparmor-utils.nix {};
|
||||
}
|
||||
|
101
packages/temp/apparmor-utils.nix
Normal file
101
packages/temp/apparmor-utils.nix
Normal file
@ -0,0 +1,101 @@
|
||||
{
|
||||
fetchFromGitLab
|
||||
, stdenv, lib
|
||||
, makeWrapper, writeShellScript
|
||||
, which, bash, libapparmor, apparmor-parser, libnotify, perl, gawk, python3
|
||||
, coreutils, gnused, gnugrep
|
||||
}:
|
||||
|
||||
let
|
||||
apparmor-version = "3.0.4";
|
||||
apparmor-sources = fetchFromGitLab {
|
||||
owner = "apparmor";
|
||||
repo = "apparmor";
|
||||
rev = "v${apparmor-version}";
|
||||
sha256 = "1a217j28rgfq4lsmpn0wv1xgmdr9ba8iysv9i6q477kj6z77zrb9";
|
||||
};
|
||||
apparmor-meta = component: with lib; {
|
||||
homepage = "https://apparmor.net/";
|
||||
description = "A mandatory access control system - ${component}";
|
||||
license = licenses.gpl2;
|
||||
maintainers = with maintainers; [ joachifm julm thoughtpolice ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
aa-teardown = writeShellScript "aa-teardown" ''
|
||||
PATH="${lib.makeBinPath [coreutils gnused gnugrep]}:$PATH"
|
||||
. ${apparmor-parser}/lib/apparmor/rc.apparmor.functions
|
||||
remove_profiles
|
||||
'';
|
||||
|
||||
setupPython = python3.withPackages (ps: with ps; [ setuptools ]);
|
||||
prePatchCommon = ''
|
||||
chmod a+x ./common/list_capabilities.sh ./common/list_af_names.sh
|
||||
patchShebangs ./common/list_capabilities.sh ./common/list_af_names.sh
|
||||
substituteInPlace ./common/Make.rules \
|
||||
--replace "/usr/bin/pod2man" "${perl}/bin/pod2man" \
|
||||
--replace "/usr/bin/pod2html" "${perl}/bin/pod2html" \
|
||||
--replace "/usr/share/man" "share/man"
|
||||
substituteInPlace ./utils/Makefile \
|
||||
--replace "/usr/include/linux/capability.h" "${stdenv.cc.libc.linuxHeaders}/include/linux/capability.h"
|
||||
|
||||
sed --in-place ./utils/Makefile -e 's|''${PYTHON}|${setupPython}/bin/python|g'
|
||||
|
||||
cat ./utils/Makefile
|
||||
'';
|
||||
in stdenv.mkDerivation {
|
||||
pname = "apparmor-utils";
|
||||
version = apparmor-version;
|
||||
|
||||
src = apparmor-sources;
|
||||
|
||||
strictDeps = true;
|
||||
|
||||
nativeBuildInputs = [ makeWrapper which python3 ];
|
||||
|
||||
buildInputs = [
|
||||
bash
|
||||
perl
|
||||
python3
|
||||
libapparmor
|
||||
libapparmor.python
|
||||
];
|
||||
|
||||
prePatch = prePatchCommon +
|
||||
# Do not build vim file
|
||||
''
|
||||
sed -i ./utils/Makefile -e "/\<vim\>/d"
|
||||
'' + ''
|
||||
for file in utils/apparmor/easyprof.py utils/apparmor/aa.py utils/logprof.conf; do
|
||||
substituteInPlace $file --replace "/sbin/apparmor_parser" "${apparmor-parser}/bin/apparmor_parser"
|
||||
done
|
||||
'';
|
||||
postPatch = "cd ./utils";
|
||||
makeFlags = [ "LANGS=" ];
|
||||
installFlags = [ "DESTDIR=$(out)" "BINDIR=$(out)/bin" "VIM_INSTALL_PATH=$(out)/share" "PYPREFIX=" ];
|
||||
|
||||
preInstall = ''
|
||||
ls -l
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
sed -i $out/bin/aa-unconfined -e "/my_env\['PATH'\]/d"
|
||||
for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-unconfined ; do
|
||||
wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/${python3.sitePackages}:$PYTHONPATH"
|
||||
done
|
||||
|
||||
substituteInPlace $out/bin/aa-notify \
|
||||
--replace /usr/bin/notify-send ${libnotify}/bin/notify-send \
|
||||
--replace /usr/bin/perl "${perl}/bin/perl -I ${libapparmor}/${perl.libPrefix}"
|
||||
|
||||
substituteInPlace $out/bin/aa-remove-unknown \
|
||||
--replace "/lib/apparmor/rc.apparmor.functions" "${apparmor-parser}/lib/apparmor/rc.apparmor.functions"
|
||||
wrapProgram $out/bin/aa-remove-unknown \
|
||||
--prefix PATH : ${lib.makeBinPath [ gawk ]}
|
||||
|
||||
ln -s ${aa-teardown} $out/bin/aa-teardown
|
||||
'';
|
||||
|
||||
doCheck = false;
|
||||
|
||||
meta = apparmor-meta "user-land utilities";
|
||||
}
|
Loading…
Reference in New Issue
Block a user