From 5c98ff10a65534dffd2e6426ea8f5592f3957a2d Mon Sep 17 00:00:00 2001 From: Mikko Rapeli Date: Fri, 20 Dec 2024 16:04:27 +0200 Subject: apparmor: update from 3.1.3 to 4.0.3 Fixes python 3.13 support though needed one more patch which is also submitted upstream. oeqa runtime test passes on qemuarm and qemuarm64. Did not fix ptest compilation. Changes: https://apparmor.net/news/release-4.0.2/ https://gitlab.com/apparmor/apparmor/-/releases/v4.0.3 Signed-off-by: Mikko Rapeli Signed-off-by: Armin Kuster --- recipes-mac/AppArmor/apparmor_3.1.3.bb | 179 --------------------- recipes-mac/AppArmor/apparmor_4.0.3.bb | 179 +++++++++++++++++++++ .../files/0001-fail.py-handle-missing-cgitb.patch | 74 +++++++++ 3 files changed, 253 insertions(+), 179 deletions(-) delete mode 100644 recipes-mac/AppArmor/apparmor_3.1.3.bb create mode 100644 recipes-mac/AppArmor/apparmor_4.0.3.bb create mode 100644 recipes-mac/AppArmor/files/0001-fail.py-handle-missing-cgitb.patch diff --git a/recipes-mac/AppArmor/apparmor_3.1.3.bb b/recipes-mac/AppArmor/apparmor_3.1.3.bb deleted file mode 100644 index 49ab7a7..0000000 --- a/recipes-mac/AppArmor/apparmor_3.1.3.bb +++ /dev/null @@ -1,179 +0,0 @@ -SUMMARY = "AppArmor another MAC control system" -DESCRIPTION = "user-space parser utility for AppArmor \ - This provides the system initialization scripts needed to use the \ - AppArmor Mandatory Access Control system, including the AppArmor Parser \ - which is required to convert AppArmor text profiles into machine-readable \ - policies that are loaded into the kernel for use with the AppArmor Linux \ - Security Module." -HOMEPAGE = "http://apparmor.net/" -SECTION = "admin" - -LICENSE = "GPL-2.0-only & GPL-2.0-or-later & BSD-3-Clause & LGPL-2.1-or-later" -LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=fd57a4b0bc782d7b80fd431f10bbf9d0" - -DEPENDS = "bison-native apr gettext-native coreutils-native swig-native" - -SRC_URI = " \ - git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-3.1 \ - file://run-ptest \ - file://crosscompile_perl_bindings.patch \ - file://0001-Makefile.am-suppress-perllocal.pod.patch \ - file://0001-Makefile-fix-hardcoded-installation-directories.patch \ - " - -SRCREV = "e69cb5047946818e6a9df326851483bb075a5cfe" -S = "${UNPACKDIR}/git" - -PARALLEL_MAKE = "" - -COMPATIBLE_MACHINE:mips64 = "(!.*mips64).*" - -inherit pkgconfig autotools-brokensep update-rc.d python3native python3targetconfig perlnative cpan systemd features_check bash-completion setuptools3 - -REQUIRED_DISTRO_FEATURES = "apparmor" - -PACKAGECONFIG ?= "python perl aa-decode" -PACKAGECONFIG[manpages] = "--enable-man-pages, --disable-man-pages" -PACKAGECONFIG[python] = "--with-python, --without-python, python3 , python3-core python3-modules" -PACKAGECONFIG[perl] = "--with-perl, --without-perl, " -PACKAGECONFIG[apache2] = ",,apache2," -PACKAGECONFIG[aa-decode] = ",,,bash" - -python() { - if 'apache2' in d.getVar('PACKAGECONFIG').split() and \ - 'webserver' not in d.getVar('BBFILE_COLLECTIONS').split(): - raise bb.parse.SkipRecipe('Requires meta-webserver to be present.') -} - -DISABLE_STATIC = "" - -do_configure() { - cd ${S}/libraries/libapparmor - aclocal - autoconf --force - libtoolize --automake -c --force - automake -ac - ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF} -} - -do_compile () { - sed -i "s@sed -ie 's///g' Makefile.perl@@" ${S}/libraries/libapparmor/swig/perl/Makefile - oe_runmake -C ${B}/libraries/libapparmor - oe_runmake -C ${B}/binutils - oe_runmake -C ${B}/utils - oe_runmake -C ${B}/parser - oe_runmake -C ${B}/profiles - - if ${@bb.utils.contains('PACKAGECONFIG','apache2','true','false', d)}; then - oe_runmake -C ${B}/changehat/mod_apparmor - fi - - if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then - oe_runmake -C ${B}/changehat/pam_apparmor - fi -} - -do_install () { - sed -i -e 's#${RECIPE_SYSROOT}##g' ${B}/libraries/libapparmor/swig/perl/libapparmor_wrap.c - - oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install - oe_runmake -C ${B}/binutils DESTDIR="${D}" install - oe_runmake -C ${B}/utils DESTDIR="${D}" install - oe_runmake -C ${B}/parser DESTDIR="${D}" install - oe_runmake -C ${B}/profiles DESTDIR="${D}" install - - if ! ${@bb.utils.contains('PACKAGECONFIG','aa-decode','true','false', d)}; then - rm -f ${D}${sbindir}/aa-decode - fi - - if ${@bb.utils.contains('PACKAGECONFIG','apache2','true','false', d)}; then - oe_runmake -C ${B}/changehat/mod_apparmor DESTDIR="${D}" install - fi - - if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then - oe_runmake -C ${B}/changehat/pam_apparmor DESTDIR="${D}" install - fi - - if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then - install -d ${D}${sysconfdir}/init.d - install -m 755 ${B}/parser/rc.apparmor.functions ${D}${sysconfdir}/init.d/apparmor - fi - - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - oe_runmake -C ${B}/parser DESTDIR="${D}" install-systemd - fi - chown root:root -R ${D}/${sysconfdir}/apparmor.d - chown root:root -R ${D}/${datadir}/apparmor - - find ${D}${libdir}/perl5/ -type f -name ".packlist" -delete - find ${D}${PYTHON_SITEPACKAGES_DIR}/LibAppArmor/ -type f -name "_LibAppArmor*.so" -delete -} - -#Building ptest on arm fails. -do_compile_ptest:aarch64 () { - : -} - -do_compile_ptest:arm () { - : -} - -do_compile_ptest () { - sed -i -e 's/cpp \-dM/${HOST_PREFIX}gcc \-dM/' ${B}/tests/regression/apparmor/Makefile - oe_runmake -C ${B}/tests/regression/apparmor USE_SYSTEM=0 - oe_runmake -C ${B}/libraries/libapparmor -} - -do_install_ptest () { - t=${D}/${PTEST_PATH}/testsuite - install -d ${t} - install -d ${t}/tests/regression/apparmor - cp -rf ${B}/tests/regression/apparmor ${t}/tests/regression - - cp ${B}/parser/apparmor_parser ${t}/parser - cp ${B}/parser/frob_slack_rc ${t}/parser - - install -d ${t}/libraries/libapparmor - cp -rf ${B}/libraries/libapparmor ${t}/libraries - - install -d ${t}/common - cp -rf ${B}/common ${t} - - install -d ${t}/binutils - cp -rf ${B}/binutils ${t} -} - -#Building ptest on arm fails. -do_install_ptest:aarch64 () { - : -} - -do_install_ptest:arm() { - : -} - -INITSCRIPT_PACKAGES = "${PN}" -INITSCRIPT_NAME = "apparmor" -INITSCRIPT_PARAMS = "start 16 2 3 4 5 . stop 35 0 1 6 ." - -SYSTEMD_PACKAGES = "${PN}" -SYSTEMD_SERVICE:${PN} = "apparmor.service" -SYSTEMD_AUTO_ENABLE ?= "enable" - -PACKAGES += "mod-${PN}" - -FILES:${PN} += "${nonarch_base_libdir}/apparmor/ ${base_libdir}/security/ ${sysconfdir}/apparmor ${nonarch_libdir}/${PYTHON_DIR}/site-packages" -FILES:mod-${PN} = "${libdir}/apache2/modules/*" -FILES:${PN}-dbg += "${base_libdir}/security/.debug" - -DEPENDS:append:libc-musl = " fts " -RDEPENDS:${PN}:libc-musl += "musl-utils" -RDEPENDS:${PN}:libc-glibc += "glibc-utils" - -# Add coreutils and findutils only if sysvinit scripts are in use -RDEPENDS:${PN} += "${@["coreutils findutils", ""][(d.getVar('VIRTUAL-RUNTIME_init_manager') == 'systemd')]} ${@bb.utils.contains('PACKAGECONFIG','python','python3-core python3-modules','', d)}" -RDEPENDS:${PN}:remove = "${@bb.utils.contains('PACKAGECONFIG','perl','','perl', d)}" -RDEPENDS:${PN}-ptest += "perl coreutils dbus-lib bash" - -INSANE_SKIP:${PN} = "ldflags" -PRIVATE_LIBS:${PN}-ptest = "libapparmor.so*" diff --git a/recipes-mac/AppArmor/apparmor_4.0.3.bb b/recipes-mac/AppArmor/apparmor_4.0.3.bb new file mode 100644 index 0000000..06a5010 --- /dev/null +++ b/recipes-mac/AppArmor/apparmor_4.0.3.bb @@ -0,0 +1,179 @@ +SUMMARY = "AppArmor another MAC control system" +DESCRIPTION = "user-space parser utility for AppArmor \ + This provides the system initialization scripts needed to use the \ + AppArmor Mandatory Access Control system, including the AppArmor Parser \ + which is required to convert AppArmor text profiles into machine-readable \ + policies that are loaded into the kernel for use with the AppArmor Linux \ + Security Module." +HOMEPAGE = "http://apparmor.net/" +SECTION = "admin" + +LICENSE = "GPL-2.0-only & GPL-2.0-or-later & BSD-3-Clause & LGPL-2.1-or-later" +LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=fd57a4b0bc782d7b80fd431f10bbf9d0" + +DEPENDS = "bison-native apr autoconf-archive-native gettext-native coreutils-native swig-native" + +SRC_URI = " \ + git://gitlab.com/apparmor/apparmor.git;protocol=https;branch=apparmor-4.0 \ + file://run-ptest \ + file://crosscompile_perl_bindings.patch \ + file://0001-Makefile.am-suppress-perllocal.pod.patch \ + file://0001-Makefile-fix-hardcoded-installation-directories.patch \ + file://0001-fail.py-handle-missing-cgitb.patch \ + " + +SRCREV = "b4dfdf50f50ed1d64161424d036a2453645f0cfe" +S = "${UNPACKDIR}/git" + +PARALLEL_MAKE = "" + +COMPATIBLE_MACHINE:mips64 = "(!.*mips64).*" + +inherit pkgconfig autotools-brokensep update-rc.d python3native python3targetconfig perlnative cpan systemd features_check bash-completion setuptools3 + +REQUIRED_DISTRO_FEATURES = "apparmor" + +PACKAGECONFIG ?= "python perl aa-decode" +PACKAGECONFIG[manpages] = "--enable-man-pages, --disable-man-pages" +PACKAGECONFIG[python] = "--with-python, --without-python, python3 , python3-core python3-modules" +PACKAGECONFIG[perl] = "--with-perl, --without-perl, " +PACKAGECONFIG[apache2] = ",,apache2," +PACKAGECONFIG[aa-decode] = ",,,bash" + +python() { + if 'apache2' in d.getVar('PACKAGECONFIG').split() and \ + 'webserver' not in d.getVar('BBFILE_COLLECTIONS').split(): + raise bb.parse.SkipRecipe('Requires meta-webserver to be present.') +} + +DISABLE_STATIC = "" + +do_configure() { + cd ${S}/libraries/libapparmor + aclocal + autoconf --force + libtoolize --automake -c --force + automake -ac + ./configure ${CONFIGUREOPTS} ${EXTRA_OECONF} +} + +do_compile () { + sed -i "s@sed -ie 's///g' Makefile.perl@@" ${S}/libraries/libapparmor/swig/perl/Makefile + oe_runmake -C ${B}/libraries/libapparmor + oe_runmake -C ${B}/binutils + oe_runmake -C ${B}/utils + oe_runmake -C ${B}/parser + oe_runmake -C ${B}/profiles + + if ${@bb.utils.contains('PACKAGECONFIG','apache2','true','false', d)}; then + oe_runmake -C ${B}/changehat/mod_apparmor + fi + + if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then + oe_runmake -C ${B}/changehat/pam_apparmor + fi +} + +do_install () { + sed -i -e 's#${RECIPE_SYSROOT}##g' ${B}/libraries/libapparmor/swig/perl/libapparmor_wrap.c + + oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install + oe_runmake -C ${B}/binutils DESTDIR="${D}" install + oe_runmake -C ${B}/utils DESTDIR="${D}" install + oe_runmake -C ${B}/parser DESTDIR="${D}" install + oe_runmake -C ${B}/profiles DESTDIR="${D}" install + + if ! ${@bb.utils.contains('PACKAGECONFIG','aa-decode','true','false', d)}; then + rm -f ${D}${sbindir}/aa-decode + fi + + if ${@bb.utils.contains('PACKAGECONFIG','apache2','true','false', d)}; then + oe_runmake -C ${B}/changehat/mod_apparmor DESTDIR="${D}" install + fi + + if ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'true', 'false', d)}; then + oe_runmake -C ${B}/changehat/pam_apparmor DESTDIR="${D}" install + fi + + if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then + install -d ${D}${sysconfdir}/init.d + install -m 755 ${B}/parser/rc.apparmor.functions ${D}${sysconfdir}/init.d/apparmor + fi + + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + oe_runmake -C ${B}/parser DESTDIR="${D}" install-systemd + fi + chown root:root -R ${D}/${sysconfdir}/apparmor.d + chown root:root -R ${D}/${datadir}/apparmor + + find ${D}${libdir}/perl5/ -type f -name ".packlist" -delete +} + +#Building ptest on arm fails. +do_compile_ptest:aarch64 () { + : +} + +do_compile_ptest:arm () { + : +} + +do_compile_ptest () { + sed -i -e 's/cpp \-dM/${HOST_PREFIX}gcc \-dM/' ${B}/tests/regression/apparmor/Makefile + oe_runmake -C ${B}/tests/regression/apparmor USE_SYSTEM=0 + oe_runmake -C ${B}/libraries/libapparmor +} + +do_install_ptest () { + t=${D}/${PTEST_PATH}/testsuite + install -d ${t} + install -d ${t}/tests/regression/apparmor + cp -rf ${B}/tests/regression/apparmor ${t}/tests/regression + + cp ${B}/parser/apparmor_parser ${t}/parser + cp ${B}/parser/frob_slack_rc ${t}/parser + + install -d ${t}/libraries/libapparmor + cp -rf ${B}/libraries/libapparmor ${t}/libraries + + install -d ${t}/common + cp -rf ${B}/common ${t} + + install -d ${t}/binutils + cp -rf ${B}/binutils ${t} +} + +#Building ptest on arm fails. +do_install_ptest:aarch64 () { + : +} + +do_install_ptest:arm() { + : +} + +INITSCRIPT_PACKAGES = "${PN}" +INITSCRIPT_NAME = "apparmor" +INITSCRIPT_PARAMS = "start 16 2 3 4 5 . stop 35 0 1 6 ." + +SYSTEMD_PACKAGES = "${PN}" +SYSTEMD_SERVICE:${PN} = "apparmor.service" +SYSTEMD_AUTO_ENABLE ?= "enable" + +PACKAGES += "mod-${PN}" + +FILES:${PN} += "${nonarch_base_libdir}/apparmor/ ${base_libdir}/security/ ${sysconfdir}/apparmor ${nonarch_libdir}/${PYTHON_DIR}/site-packages" +FILES:mod-${PN} = "${libdir}/apache2/modules/*" +FILES:${PN}-dbg += "${base_libdir}/security/.debug" + +DEPENDS:append:libc-musl = " fts " +RDEPENDS:${PN}:libc-musl += "musl-utils" +RDEPENDS:${PN}:libc-glibc += "glibc-utils" + +# Add coreutils and findutils only if sysvinit scripts are in use +RDEPENDS:${PN} += "${@["coreutils findutils", ""][(d.getVar('VIRTUAL-RUNTIME_init_manager') == 'systemd')]} ${@bb.utils.contains('PACKAGECONFIG','python','python3-core python3-modules','', d)}" +RDEPENDS:${PN}:remove = "${@bb.utils.contains('PACKAGECONFIG','perl','','perl', d)}" +RDEPENDS:${PN}-ptest += "perl coreutils dbus-lib bash" + +INSANE_SKIP:${PN} = "ldflags" +PRIVATE_LIBS:${PN}-ptest = "libapparmor.so*" diff --git a/recipes-mac/AppArmor/files/0001-fail.py-handle-missing-cgitb.patch b/recipes-mac/AppArmor/files/0001-fail.py-handle-missing-cgitb.patch new file mode 100644 index 0000000..28c1d9e --- /dev/null +++ b/recipes-mac/AppArmor/files/0001-fail.py-handle-missing-cgitb.patch @@ -0,0 +1,74 @@ +From 434e34bb510b4cab04e64cd5b21d635c6be8c8ea Mon Sep 17 00:00:00 2001 +From: Mikko Rapeli +Date: Fri, 29 Nov 2024 13:46:32 +0000 +Subject: [PATCH] fail.py: handle missing cgitb + +It's no longer in python standard library starting +at version 3.13. Fixes: + +root@qemuarm64:~# aa-complain /etc/apparmor.d/* +Traceback (most recent call last): + File "/usr/sbin/aa-complain", line 18, in + from apparmor.fail import enable_aa_exception_handler + File "/usr/lib/python3.13/site-packages/apparmor/fail.py", line 12, in + import cgitb +ModuleNotFoundError: No module named 'cgitb' + +Signed-off-by: Mikko Rapeli +--- + utils/apparmor/fail.py | 25 +++++++++++++++---------- + 1 file changed, 15 insertions(+), 10 deletions(-) + +Upstream-Status: Backport + +diff --git a/utils/apparmor/fail.py b/utils/apparmor/fail.py +index ece6efc4..a71ceb66 100644 +--- a/utils/apparmor/fail.py ++++ b/utils/apparmor/fail.py +@@ -8,7 +8,11 @@ + # + # ------------------------------------------------------------------ + +-import cgitb ++try: ++ import cgitb ++except ImportError: ++ cgitb = None ++ pass + import sys + import traceback + from tempfile import NamedTemporaryFile +@@ -32,20 +36,21 @@ def handle_exception(*exc_info): + print('', file=sys.stderr) + error(ex.value) + else: +- with NamedTemporaryFile('w', prefix='apparmor-bugreport-', suffix='.txt', delete=False) as file: +- cgitb_hook = cgitb.Hook(display=1, file=file, format='text', context=10) +- cgitb_hook.handle(exc_info) +- +- file.write('Please consider reporting a bug at https://gitlab.com/apparmor/apparmor/-/issues\n') +- file.write('and attach this file.\n') ++ if cgitb: ++ with NamedTemporaryFile('w', prefix='apparmor-bugreport-', suffix='.txt', delete=False) as file: ++ cgitb_hook = cgitb.Hook(display=1, file=file, format='text', context=10) ++ cgitb_hook.handle(exc_info) ++ file.write('Please consider reporting a bug at https://gitlab.com/apparmor/apparmor/-/issues\n') ++ file.write('and attach this file.\n') + + print(''.join(traceback.format_exception(*exc_info)), file=sys.stderr) +- print('', file=sys.stderr) + print('An unexpected error occurred!', file=sys.stderr) + print('', file=sys.stderr) +- print('For details, see %s' % file.name, file=sys.stderr) ++ if cgitb: ++ print('For details, see %s' % file.name, file=sys.stderr) + print('Please consider reporting a bug at https://gitlab.com/apparmor/apparmor/-/issues', file=sys.stderr) +- print('and attach this file.', file=sys.stderr) ++ if cgitb: ++ print('and attach this file.', file=sys.stderr) + + + def enable_aa_exception_handler(): +-- +2.43.0 + -- cgit v1.2.3-54-g00ecf