{
  fetchFromGitLab
, stdenv, lib
, makeWrapper, writeShellScript
, which, bash, libapparmor, apparmor-parser, libnotify, perl, gawk, python3
, coreutils, gnused, gnugrep
}:

let
  apparmor-version = "3.0.4";
  apparmor-sources = fetchFromGitLab {
    owner = "apparmor";
    repo = "apparmor";
    rev = "v${apparmor-version}";
    sha256 = "1a217j28rgfq4lsmpn0wv1xgmdr9ba8iysv9i6q477kj6z77zrb9";
  };
  apparmor-meta = component: with lib; {
    homepage = "https://apparmor.net/";
    description = "A mandatory access control system - ${component}";
    license = licenses.gpl2;
    maintainers = with maintainers; [ joachifm julm thoughtpolice ];
    platforms = platforms.linux;
  };
  aa-teardown = writeShellScript "aa-teardown" ''
    PATH="${lib.makeBinPath [coreutils gnused gnugrep]}:$PATH"
    . ${apparmor-parser}/lib/apparmor/rc.apparmor.functions
    remove_profiles
  '';

  setupPython = python3.withPackages (ps: with ps; [ setuptools ]);
  prePatchCommon = ''
    chmod a+x ./common/list_capabilities.sh ./common/list_af_names.sh
    patchShebangs ./common/list_capabilities.sh ./common/list_af_names.sh
    substituteInPlace ./common/Make.rules \
      --replace "/usr/bin/pod2man" "${perl}/bin/pod2man" \
      --replace "/usr/bin/pod2html" "${perl}/bin/pod2html" \
      --replace "/usr/share/man" "share/man"
    substituteInPlace ./utils/Makefile \
      --replace "/usr/include/linux/capability.h" "${stdenv.cc.libc.linuxHeaders}/include/linux/capability.h"

    sed --in-place ./utils/Makefile -e 's|''${PYTHON}|${setupPython}/bin/python|g'

    cat ./utils/Makefile
  '';
in stdenv.mkDerivation {
  pname = "apparmor-utils";
  version = apparmor-version;

  src = apparmor-sources;

  strictDeps = true;

  nativeBuildInputs = [ makeWrapper which python3 ];

  buildInputs = [
    bash
    perl
    python3
    libapparmor
    libapparmor.python
  ];

  prePatch = prePatchCommon +
    # Do not build vim file
    ''
      sed -i ./utils/Makefile -e "/\<vim\>/d"
    '' + ''
    for file in utils/apparmor/easyprof.py utils/apparmor/aa.py utils/logprof.conf; do
      substituteInPlace $file --replace "/sbin/apparmor_parser" "${apparmor-parser}/bin/apparmor_parser"
    done
  '';
  postPatch = "cd ./utils";
  makeFlags = [ "LANGS=" ];
  installFlags = [ "DESTDIR=$(out)" "BINDIR=$(out)/bin" "VIM_INSTALL_PATH=$(out)/share" "PYPREFIX=" ];

  preInstall = ''
    ls -l
  '';
  
  postInstall = ''
    sed -i $out/bin/aa-unconfined -e "/my_env\['PATH'\]/d"
    for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-unconfined ; do
      wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/${python3.sitePackages}:$PYTHONPATH"
    done

    substituteInPlace $out/bin/aa-notify \
      --replace /usr/bin/notify-send ${libnotify}/bin/notify-send \
      --replace /usr/bin/perl "${perl}/bin/perl -I ${libapparmor}/${perl.libPrefix}"

    substituteInPlace $out/bin/aa-remove-unknown \
     --replace "/lib/apparmor/rc.apparmor.functions" "${apparmor-parser}/lib/apparmor/rc.apparmor.functions"
    wrapProgram $out/bin/aa-remove-unknown \
     --prefix PATH : ${lib.makeBinPath [ gawk ]}

    ln -s ${aa-teardown} $out/bin/aa-teardown
  '';

  doCheck = false;

  meta = apparmor-meta "user-land utilities";
}