commit: 20088a61587075bef265bed5192ae5ccd22cdbb6 Author: Milkey Mouse <milkeymouse <AT> meme <DOT> institute> AuthorDate: Fri Apr 27 20:30:29 2018 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Fri Apr 27 22:04:14 2018 +0000 URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=20088a61
sys-apps/apparmor: add new package stdio_filebuf.h is only available from glibc. Fortunately the header is completely standalone, so it can just be copied here. Package-Manager: Portage-2.3.31, Repoman-2.3.9 Manifest-Sign-Key: C6EF5A02F5647987 sys-apps/apparmor/Manifest | 21 +++ sys-apps/apparmor/apparmor-2.11.1-r2.ebuild | 71 +++++++++ sys-apps/apparmor/apparmor-2.12.0.ebuild | 71 +++++++++ .../apparmor/files/apparmor-2.10-makefile.patch | 25 ++++ .../files/apparmor-2.11.1-dynamic-link.patch | 11 ++ .../apparmor/files/apparmor-2.12-missingdefs.patch | 32 ++++ .../files/apparmor-2.12-musl-filebuf.patch | 15 ++ sys-apps/apparmor/files/apparmor-init | 91 ++++++++++++ sys-apps/apparmor/files/apparmor.service | 14 ++ sys-apps/apparmor/files/apparmor_load.sh | 2 + sys-apps/apparmor/files/apparmor_unload.sh | 2 + sys-apps/apparmor/files/stdio_filebuf.h | 163 +++++++++++++++++++++ sys-apps/apparmor/metadata.xml | 14 ++ 13 files changed, 532 insertions(+) diff --git a/sys-apps/apparmor/Manifest b/sys-apps/apparmor/Manifest new file mode 100644 index 0000000..61fdce2 --- /dev/null +++ b/sys-apps/apparmor/Manifest @@ -0,0 +1,21 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +DIST apparmor-2.11.1.tar.gz 5017646 BLAKE2B ee0176c87b2800eb562c136ff324f08e444c412117c4593ff97c4b0e4c63db2aea0721c6ed38f3c733e3c95024165f329e520acf838c4798a8285b8dedf0d51e SHA512 f088157cc116987e56c0e02127497b1ec6241f3d761ec3b53211fa188f5f02c9408d6b903f2d275328ede88ebfd1393e00aad9f68cbe78fa9ab3711ba0f9c00c +DIST apparmor-2.12.tar.gz 7258450 BLAKE2B c1d4e01d836c5f567ddb7c5ecf36dde6efccf1e59ae219824129fd5c92162a3fed7ebdc492f181ae132b07db068660078a9631543d40fd20ab0b44cd4c646d4c SHA512 d85fd47c66333fe5658ee5e977b32142697f6e36c575550712ee2ace2ad0fbf2aa59c8fd3b82ad8821c0190adf8cc150cf623ea09a84d5b32bde050a03dd6e9a +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCAAdFiEE8JaD5QHaZGPThRiKxu9aAvVkeYcFAlrjiF8ACgkQxu9aAvVk +eYfQExAAqPJRck/9/iWZreBmvRW6Yh2U9xKdvffLKTD/7fneuJXNH2NwsoNnx2ed +xF+4KHkKSUkwelx9h7ca47cMg3eETUTKQ/ND4OdISutLD1aAwzrItKDkNtZQKViF +2cGoVjoq/4vDHip/llau0y5cA4RoC+aWhHA3JE6F+9kpwjQDoQEn2MBgJnl7tpGH +7pyNJSRdxgV8NML67cKQFSmdOHGJLVOy6p7DVlC2YeA12qSjQ5R4kqZYnyG/KPCQ +3bJCpFSuSoAdtvoTVC7kS5euuool4wt8VWEGVc4FPtkphBC7TsOo9jZ3Yr5PtSnj +5Z33WCSgUe01XFe2n2qV/JFGl9EKM8NWYaWpu0hEF/nFwPZuobpamaym+FuEwPp3 +Jj86hK7onSYmGDhf5m34+Qe3ROLDeRTYY+qQrWXFlFUbcTOcOW73OC4817fkGm3H +OcEjv6vOUdKJ5JaO8ZT6VrpFR7cSWTbj6zwY5KhOD9b1O9S8b/0+lvQ32xgw3T+2 +YpenqfBF+PAvepy/Y0mTV1EQteFEarscBEcpxLV9b8pYOjXBi1VIO8dp5RHhro5k +02X4/8Gu4/DpoP8o2loYmVDqCWR847LO8/AD12BfHjZ1k3BMQxsGWgBo5Li8Hwup +4sZoogyOrCBT5k45rxjkZV3CdDxaUmROA/bTPJgCevzYowcDiEs= +=ApQv +-----END PGP SIGNATURE----- diff --git a/sys-apps/apparmor/apparmor-2.11.1-r2.ebuild b/sys-apps/apparmor/apparmor-2.11.1-r2.ebuild new file mode 100644 index 0000000..8d5819a --- /dev/null +++ b/sys-apps/apparmor/apparmor-2.11.1-r2.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit systemd toolchain-funcs versionator flag-o-matic + +MY_PV="$(get_version_component_range 1-2)" + +DESCRIPTION="Userspace utils and init scripts for the AppArmor application security system" +HOMEPAGE="http://apparmor.net/" +SRC_URI="https://launchpad.net/${PN}/${MY_PV}/${PV}/+download/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64" +IUSE="doc" + +RDEPEND="~sys-libs/libapparmor-${PV}" +DEPEND="${RDEPEND} + dev-lang/perl + sys-devel/bison + sys-devel/flex + doc? ( dev-tex/latex2html ) +" + +S=${WORKDIR}/apparmor-${PV}/parser + +PATCHES=( + "${FILESDIR}/${PN}-2.10-makefile.patch" + "${FILESDIR}/${PN}-2.11.1-dynamic-link.patch" + "${FILESDIR}/${PN}-2.12-missingdefs.patch" + "${FILESDIR}/${PN}-2.12-musl-filebuf.patch" +) + +src_prepare() { + default + + # remove warning about missing file that controls features + # we don't currently support + sed -e "/installation problem/ctrue" -i rc.apparmor.functions || die + + cp "${FILESDIR}/stdio_filebuf.h" libapparmor_re +} + +src_compile() { + # for some reason this isn't included? + append-libs -lunwind + + emake CC="$(tc-getCC)" CXX="$(tc-getCXX)" USE_SYSTEM=1 arch manpages + use doc && emake pdf +} + +src_test() { + emake CXX="$(tc-getCXX)" USE_SYSTEM=1 check +} + +src_install() { + emake DESTDIR="${D}" DISTRO="unknown" USE_SYSTEM=1 install + + dodir /etc/apparmor.d/disable + + newinitd "${FILESDIR}/${PN}-init" ${PN} + systemd_newunit "${FILESDIR}/apparmor.service" apparmor.service + + use doc && dodoc techdoc.pdf + + exeinto /usr/share/apparmor + doexe "${FILESDIR}/apparmor_load.sh" + doexe "${FILESDIR}/apparmor_unload.sh" +} diff --git a/sys-apps/apparmor/apparmor-2.12.0.ebuild b/sys-apps/apparmor/apparmor-2.12.0.ebuild new file mode 100644 index 0000000..10b1125 --- /dev/null +++ b/sys-apps/apparmor/apparmor-2.12.0.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit systemd toolchain-funcs versionator flag-o-matic + +MY_PV="$(get_version_component_range 1-2)" + +DESCRIPTION="Userspace utils and init scripts for the AppArmor application security system" +HOMEPAGE="http://apparmor.net/" +SRC_URI="https://launchpad.net/${PN}/${MY_PV}/${PV}/+download/${PN}-${MY_PV}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64" +IUSE="doc" + +RDEPEND="~sys-libs/libapparmor-${PV}" +DEPEND="${RDEPEND} + dev-lang/perl + sys-devel/bison + sys-devel/flex + doc? ( dev-tex/latex2html ) +" + +S=${WORKDIR}/apparmor-${MY_PV}/parser + +PATCHES=( + "${FILESDIR}/${PN}-2.10-makefile.patch" + "${FILESDIR}/${PN}-2.11.1-dynamic-link.patch" + "${FILESDIR}/${PN}-2.12-missingdefs.patch" + "${FILESDIR}/${PN}-2.12-musl-filebuf.patch" +) + +src_prepare() { + default + + # remove warning about missing file that controls features + # we don't currently support + sed -e "/installation problem/ctrue" -i rc.apparmor.functions || die + + cp "${FILESDIR}/stdio_filebuf.h" libapparmor_re +} + +src_compile() { + # for some reason this isn't included? + append-libs -lunwind + + emake CC="$(tc-getCC)" CXX="$(tc-getCXX)" USE_SYSTEM=1 arch manpages + use doc && emake pdf +} + +src_test() { + emake CXX="$(tc-getCXX)" USE_SYSTEM=1 check +} + +src_install() { + emake DESTDIR="${D}" DISTRO="unknown" USE_SYSTEM=1 install + + dodir /etc/apparmor.d/disable + + newinitd "${FILESDIR}/${PN}-init" ${PN} + systemd_newunit "${FILESDIR}/apparmor.service" apparmor.service + + use doc && dodoc techdoc.pdf + + exeinto /usr/share/apparmor + doexe "${FILESDIR}/apparmor_load.sh" + doexe "${FILESDIR}/apparmor_unload.sh" +} diff --git a/sys-apps/apparmor/files/apparmor-2.10-makefile.patch b/sys-apps/apparmor/files/apparmor-2.10-makefile.patch new file mode 100644 index 0000000..397534a --- /dev/null +++ b/sys-apps/apparmor/files/apparmor-2.10-makefile.patch @@ -0,0 +1,25 @@ +--- a/Makefile ++++ b/Makefile +@@ -31,7 +31,7 @@ + CONFDIR=/etc/apparmor + INSTALL_CONFDIR=${DESTDIR}${CONFDIR} + LOCALEDIR=/usr/share/locale +-MANPAGES=apparmor.d.5 apparmor.7 apparmor_parser.8 subdomain.conf.5 ++MANPAGES=apparmor.d.5 apparmor.7 apparmor_parser.8 + + YACC := /usr/bin/bison + YFLAGS := -d +@@ -284,11 +284,9 @@ + .PHONY: install-indep + install-indep: + install -m 755 -d $(INSTALL_CONFDIR) +- install -m 644 subdomain.conf $(INSTALL_CONFDIR) ++ install -m 755 -d ${DESTDIR}/usr/libexec + install -m 644 parser.conf $(INSTALL_CONFDIR) +- install -m 755 -d ${DESTDIR}/var/lib/apparmor +- install -m 755 -d $(APPARMOR_BIN_PREFIX) +- install -m 755 rc.apparmor.functions $(APPARMOR_BIN_PREFIX) ++ install -m 755 rc.apparmor.functions ${DESTDIR}/usr/libexec + $(MAKE) -C po install NAME=${NAME} DESTDIR=${DESTDIR} + $(MAKE) install_manpages DESTDIR=${DESTDIR} + diff --git a/sys-apps/apparmor/files/apparmor-2.11.1-dynamic-link.patch b/sys-apps/apparmor/files/apparmor-2.11.1-dynamic-link.patch new file mode 100644 index 0000000..bde21c3 --- /dev/null +++ b/sys-apps/apparmor/files/apparmor-2.11.1-dynamic-link.patch @@ -0,0 +1,11 @@ +--- a/Makefile ++++ b/Makefile +@@ -87,7 +87,7 @@ + AAREOBJECT = ${AAREDIR}/libapparmor_re.a + AAREOBJECTS = $(AAREOBJECT) + AARE_LDFLAGS = -static-libgcc -static-libstdc++ -L. $(LDFLAGS) +-AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread ++AALIB = -Wl,-Bdynamic -lapparmor -Wl,-Bdynamic -lpthread + + ifdef USE_SYSTEM + # Using the system libapparmor so Makefile dependencies can't be used diff --git a/sys-apps/apparmor/files/apparmor-2.12-missingdefs.patch b/sys-apps/apparmor/files/apparmor-2.12-missingdefs.patch new file mode 100644 index 0000000..9ed8a9f --- /dev/null +++ b/sys-apps/apparmor/files/apparmor-2.12-missingdefs.patch @@ -0,0 +1,32 @@ +--- /dev/null ++++ b/missingdefs.h +@@ -0,0 +1,9 @@ ++#ifndef PARSER_MISSINGDEFS_H ++#define PARSER_MISSINGDEFS_H ++ ++typedef int (*__compar_fn_t) (const void *, const void *); ++typedef __compar_fn_t comparison_fn_t; ++typedef void (*__free_fn_t) (void *__nodep); ++ ++#endif ++ +--- a/parser_alias.c ++++ b/parser_alias.c +@@ -24,6 +24,7 @@ + #include "immunix.h" + #include "parser.h" + #include "profile.h" ++#include "missingdefs.h" + + struct alias_rule { + char *from; +--- a/parser_symtab.c ++++ b/parser_symtab.c +@@ -24,6 +24,7 @@ + + #include "immunix.h" + #include "parser.h" ++#include "missingdefs.h" + + enum var_type { + sd_boolean, diff --git a/sys-apps/apparmor/files/apparmor-2.12-musl-filebuf.patch b/sys-apps/apparmor/files/apparmor-2.12-musl-filebuf.patch new file mode 100644 index 0000000..446bff1 --- /dev/null +++ b/sys-apps/apparmor/files/apparmor-2.12-musl-filebuf.patch @@ -0,0 +1,15 @@ +--- a/libapparmor_re/aare_rules.cc ++++ b/libapparmor_re/aare_rules.cc +@@ -23,7 +23,11 @@ + #include <iostream> + #include <fstream> + #include <sstream> +-#include <ext/stdio_filebuf.h> ++#ifdef __GLIBC__ ++ #include <ext/stdio_filebuf.h> ++#else ++ #include "stdio_filebuf.h" ++#endif + #include <assert.h> + #include <stdlib.h> + diff --git a/sys-apps/apparmor/files/apparmor-init b/sys-apps/apparmor/files/apparmor-init new file mode 100644 index 0000000..3e1cf35 --- /dev/null +++ b/sys-apps/apparmor/files/apparmor-init @@ -0,0 +1,91 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +description="Load all configured profiles for the AppArmor security module." +description_reload="Reload all profiles" + +extra_started_commands="reload" + +aa_action() { + local arg=$1 + local return + + shift + $* + return=$? + + if [ ${return} -eq 0 ]; then + aa_log_success_msg $arg + else + aa_log_failure_msg arg + fi + + return $return +} + +aa_log_action_start() { + ebegin $1 +} + +aa_log_action_end() { + eend $1 +} + +aa_log_success_msg() { + einfo $1 +} + +aa_log_warning_msg() { + ewarn $1 +} + +aa_log_failure_msg() { + eerror $1 +} + +aa_log_skipped_msg() { + einfo $1 +} + +aa_log_daemon_msg() { + einfo $1 +} + +aa_log_end_msg() { + eend $1 +} + +. /usr/libexec/rc.apparmor.functions + +start() { + ebegin "Starting AppArmor" + eindent + + if ! is_apparmor_loaded ; then + load_module + if [ $? -ne 0 ]; then + eerror "AppArmor kernel support is not present" + eend 1 + return 1 + fi + fi + + parse_profiles load + + eoutdent +} + +stop() { + ebegin "Stopping AppArmor" + eindent + apparmor_stop + eoutdent +} + +reload() { + # todo: split out clean_profiles into its own function upstream + # so we can do parse_profiles reload && clean_profiles + # and do a proper reload instead of restart + apparmor_restart +} diff --git a/sys-apps/apparmor/files/apparmor.service b/sys-apps/apparmor/files/apparmor.service new file mode 100644 index 0000000..89f14fe --- /dev/null +++ b/sys-apps/apparmor/files/apparmor.service @@ -0,0 +1,14 @@ +[Unit] +Description=AppArmor profiles +DefaultDependencies=no +After=local-fs.target +Before=sysinit.target + +[Service] +Type=oneshot +ExecStart=/usr/share/apparmor/apparmor_load.sh +ExecStop=/usr/share/apparmor/apparmor_unload.sh +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/sys-apps/apparmor/files/apparmor_load.sh b/sys-apps/apparmor/files/apparmor_load.sh new file mode 100755 index 0000000..e6fe6b6 --- /dev/null +++ b/sys-apps/apparmor/files/apparmor_load.sh @@ -0,0 +1,2 @@ +#!/bin/sh +find "/etc/apparmor.d/" -maxdepth 1 -type f -exec apparmor_parser -r {} + diff --git a/sys-apps/apparmor/files/apparmor_unload.sh b/sys-apps/apparmor/files/apparmor_unload.sh new file mode 100755 index 0000000..19e598b --- /dev/null +++ b/sys-apps/apparmor/files/apparmor_unload.sh @@ -0,0 +1,2 @@ +#!/bin/sh +find "/etc/apparmor.d/" -maxdepth 1 -type f -exec apparmor_parser -R {} \; diff --git a/sys-apps/apparmor/files/stdio_filebuf.h b/sys-apps/apparmor/files/stdio_filebuf.h new file mode 100644 index 0000000..7e5625f --- /dev/null +++ b/sys-apps/apparmor/files/stdio_filebuf.h @@ -0,0 +1,163 @@ +// File descriptor layer for filebuf -*- C++ -*- + +// Copyright (C) 2002-2018 Free Software Foundation, Inc. +// +// This file is part of the GNU ISO C++ Library. This library is free +// software; you can redistribute it and/or modify it under the +// terms of the GNU General Public License as published by the +// Free Software Foundation; either version 3, or (at your option) +// any later version. + +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// Under Section 7 of GPL version 3, you are granted additional +// permissions described in the GCC Runtime Library Exception, version +// 3.1, as published by the Free Software Foundation. + +// You should have received a copy of the GNU General Public License and +// a copy of the GCC Runtime Library Exception along with this program; +// see the files COPYING3 and COPYING.RUNTIME respectively. If not, see +// <http://www.gnu.org/licenses/>. + +/** @file ext/stdio_filebuf.h + * This file is a GNU extension to the Standard C++ Library. + */ + +#pragma once + +#include <fstream> +#include <cstdio> + +namespace __gnu_cxx +{ + /** + * @brief Provides a layer of compatibility for C/POSIX. + * @ingroup io + * + * This GNU extension provides extensions for working with standard C + * FILE*'s and POSIX file descriptors. It must be instantiated by the + * user with the type of character used in the file stream, e.g., + * stdio_filebuf<char>. + */ + template<typename _CharT, typename _Traits = std::char_traits<_CharT> > + class stdio_filebuf : public std::basic_filebuf<_CharT, _Traits> + { + public: + // Types: + typedef _CharT char_type; + typedef _Traits traits_type; + typedef typename traits_type::int_type int_type; + typedef typename traits_type::pos_type pos_type; + typedef typename traits_type::off_type off_type; + typedef std::size_t size_t; + + public: + /** + * deferred initialization + */ + stdio_filebuf() : std::basic_filebuf<_CharT, _Traits>() {} + + /** + * @param __fd An open file descriptor. + * @param __mode Same meaning as in a standard filebuf. + * @param __size Optimal or preferred size of internal buffer, + * in chars. + * + * This constructor associates a file stream buffer with an open + * POSIX file descriptor. The file descriptor will be automatically + * closed when the stdio_filebuf is closed/destroyed. + */ + stdio_filebuf(int __fd, std::ios_base::openmode __mode, + size_t __size = static_cast<size_t>(BUFSIZ)); + + /** + * @param __f An open @c FILE*. + * @param __mode Same meaning as in a standard filebuf. + * @param __size Optimal or preferred size of internal buffer, + * in chars. Defaults to system's @c BUFSIZ. + * + * This constructor associates a file stream buffer with an open + * C @c FILE*. The @c FILE* will not be automatically closed when the + * stdio_filebuf is closed/destroyed. + */ + stdio_filebuf(std::FILE* __f, std::ios_base::openmode __mode, + size_t __size = static_cast<size_t>(BUFSIZ)); + + /** + * Closes the external data stream if the file descriptor constructor + * was used. + */ + virtual + ~stdio_filebuf(); + +#if __cplusplus >= 201103L + stdio_filebuf(stdio_filebuf&&) = default; + stdio_filebuf& operator=(stdio_filebuf&&) = default; + + void + swap(stdio_filebuf& __fb) + { std::basic_filebuf<_CharT, _Traits>::swap(__fb); } +#endif + + /** + * @return The underlying file descriptor. + * + * Once associated with an external data stream, this function can be + * used to access the underlying POSIX file descriptor. Note that + * there is no way for the library to track what you do with the + * descriptor, so be careful. + */ + int + fd() { return this->_M_file.fd(); } + + /** + * @return The underlying FILE*. + * + * This function can be used to access the underlying "C" file pointer. + * Note that there is no way for the library to track what you do + * with the file, so be careful. + */ + std::FILE* + file() { return this->_M_file.file(); } + }; + + template<typename _CharT, typename _Traits> + stdio_filebuf<_CharT, _Traits>::~stdio_filebuf() + { } + + template<typename _CharT, typename _Traits> + stdio_filebuf<_CharT, _Traits>:: + stdio_filebuf(int __fd, std::ios_base::openmode __mode, size_t __size) + { + this->_M_file.sys_open(__fd, __mode); + if (this->is_open()) + { + this->_M_mode = __mode; + this->_M_buf_size = __size; + this->_M_allocate_internal_buffer(); + this->_M_reading = false; + this->_M_writing = false; + this->_M_set_buffer(-1); + } + } + + template<typename _CharT, typename _Traits> + stdio_filebuf<_CharT, _Traits>:: + stdio_filebuf(std::FILE* __f, std::ios_base::openmode __mode, + size_t __size) + { + this->_M_file.sys_open(__f, __mode); + if (this->is_open()) + { + this->_M_mode = __mode; + this->_M_buf_size = __size; + this->_M_allocate_internal_buffer(); + this->_M_reading = false; + this->_M_writing = false; + this->_M_set_buffer(-1); + } + } +} diff --git a/sys-apps/apparmor/metadata.xml b/sys-apps/apparmor/metadata.xml new file mode 100644 index 0000000..42d1e8f --- /dev/null +++ b/sys-apps/apparmor/metadata.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>kensing...@gentoo.org</email> + </maintainer> + <maintainer type="project"> + <email>harde...@gentoo.org</email> + <name>Gentoo Hardened</name> + </maintainer> + <upstream> + <remote-id type="launchpad">apparmor</remote-id> + </upstream> +</pkgmetadata>