From patchwork Mon May 28 15:35:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Angelo Compagnucci X-Patchwork-Id: 921598 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=amarulasolutions.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=amarulasolutions.com header.i=@amarulasolutions.com header.b="cRmeMw3J"; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40vgsp4MHNz9s16 for ; Tue, 29 May 2018 01:35:25 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 43B80855D7; Mon, 28 May 2018 15:35:22 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6-mFi_rH9qwR; Mon, 28 May 2018 15:35:20 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id 0008985184; Mon, 28 May 2018 15:35:19 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 82D0A1C0927 for ; Mon, 28 May 2018 15:35:18 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 8039D8788B for ; Mon, 28 May 2018 15:35:18 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0FmvKWnq-tmH for ; Mon, 28 May 2018 15:35:17 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm0-f65.google.com (mail-wm0-f65.google.com [74.125.82.65]) by hemlock.osuosl.org (Postfix) with ESMTPS id 3212A87883 for ; Mon, 28 May 2018 15:35:16 +0000 (UTC) Received: by mail-wm0-f65.google.com with SMTP id 18-v6so27572017wml.2 for ; Mon, 28 May 2018 08:35:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amarulasolutions.com; s=google; h=from:to:cc:subject:date:message-id; bh=yj/XZsVd34zCj6CLrBlzYm3Dg2PmgrV0sH1MicNj4LE=; b=cRmeMw3JEdXtuSbxmaCEt/a2UwhSionnBuytlNsbet77lG73TMW8r6Cxw02lzYOJEP 6TZG8uQSbbkQ8DXxOxmfewWxO+w+QiHCLkDmuAEIo7xKj2CZQ/n8OZDOg3MafP6/dkTG l7T9ZwWnTkAh57s/W2Jlh0i7fmAQYXRCj1+7I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=yj/XZsVd34zCj6CLrBlzYm3Dg2PmgrV0sH1MicNj4LE=; b=SqQW45LjkyxokZ2NCtb9Lffdby4WlYt3ptpx8OZ9skRB3Lo6RMZLq3tSoZA42LOJvl i6JeJxB658MbcDAgnY++BpKEI+bld0gwUAkWJUprDyRNTOxVU6XihcIA1oobnMIyLe7F +ZqusEfpm841sukGrUmLh7HUn+n1NZidZAfU+0bosAbyyUcIxond3ghebgn8WGSl5TQw kBUi1L6E6vsKuX0CWuEr6trzu4TwG4XIOy18+MIsJvf+EaWg6BRXCsyeyxfYo4mu6kL2 GRrFPmB05gZwsYX/OE14rlL5OyZoU8a5xrOP/WrsdcGlrMy2g13/88vh73/05acWitd9 os6g== X-Gm-Message-State: ALKqPwfDXqfb3LhSSeUbJLSIg5KraDpvcI3lzhwBVgkfIv7RyJx5N5fM bM7adQI12yzLgAVyQaclcpWVLJFAMwA= X-Google-Smtp-Source: ADUXVKLncBlUlgh3CkSH3eGQt5pLVQo5hWFdCV7EU7CcUEzpTmc2Mgq784p04n5B7elJW6n4eJxRrQ== X-Received: by 2002:a1c:5b88:: with SMTP id p130-v6mr10262599wmb.100.1527521714774; Mon, 28 May 2018 08:35:14 -0700 (PDT) Received: from localhost.localdomain ([89.202.204.147]) by smtp.gmail.com with ESMTPSA id 123-v6sm22848749wmt.19.2018.05.28.08.35.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 28 May 2018 08:35:14 -0700 (PDT) From: Angelo Compagnucci To: buildroot@buildroot.org Date: Mon, 28 May 2018 17:35:11 +0200 Message-Id: <1527521711-17270-1-git-send-email-angelo@amarulasolutions.com> X-Mailer: git-send-email 2.7.4 Subject: [Buildroot] [PATCH] package/libapparmor: new package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Angelo Compagnucci MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This patch adds libapparmor and it's related tools. Signed-off-by: Angelo Compagnucci --- package/Config.in | 1 + package/libapparmor/Config.in | 57 ++++++++++++++++++++++++++++++++++++ package/libapparmor/libapparmor.hash | 2 ++ package/libapparmor/libapparmor.mk | 53 +++++++++++++++++++++++++++++++++ 4 files changed, 113 insertions(+) create mode 100644 package/libapparmor/Config.in create mode 100644 package/libapparmor/libapparmor.hash create mode 100644 package/libapparmor/libapparmor.mk diff --git a/package/Config.in b/package/Config.in index ecee493..834e898 100644 --- a/package/Config.in +++ b/package/Config.in @@ -1590,6 +1590,7 @@ endif endmenu menu "Security" + source "package/libapparmor/Config.in" source "package/libselinux/Config.in" source "package/libsemanage/Config.in" source "package/libsepol/Config.in" diff --git a/package/libapparmor/Config.in b/package/libapparmor/Config.in new file mode 100644 index 0000000..edc624b --- /dev/null +++ b/package/libapparmor/Config.in @@ -0,0 +1,57 @@ +config BR2_PACKAGE_LIBAPPARMOR + depends on BR2_TOOLCHAIN_USES_GLIBC + depends on BR2_USE_WCHAR + bool "libapparmor" + help + AppArmor is an effective and easy-to-use Linux application + security system. AppArmor proactively protects the operating + system and applications from external or internal threats, + even zero-day attacks, by enforcing good behavior and + preventing even unknown application flaws from being exploited. + AppArmor security policies completely define what system + resources individual applications can access, and with what + privileges. A number of default policies are included with + AppArmor, and using a combination of advanced static analysis + and learning-based tools, AppArmor policies for even very + complex applications can be deployed successfully in a + matter of hours. + + http://wiki.apparmor.net + +comment "AppArmor needs a glibc w/ wchar" + depends on !BR2_USE_WCHAR + depends on !BR2_TOOLCHAIN_USES_GLIBC + +if BR2_PACKAGE_LIBAPPARMOR + +config BR2_PACKAGE_LIBAPPARMOR_APACHE + depends on BR2_PACKAGE_APACHE + bool "Apache mod_apparmor" + help + AppArmor module for Apache + +config BR2_PACKAGE_LIBAPPARMOR_BINUTILS + bool "AppArmor binutils" + default y + help + AppArmor binary utilities + +config BR2_PACKAGE_LIBAPPARMOR_PAM + depends on BR2_PACKAGE_LINUX_PAM + bool "AppArmor PAM" + help + AppArmor module for Linux PAM + +config BR2_PACKAGE_LIBAPPARMOR_PROFILES + bool "AppArmor profiles" + default y + help + Apparmor profiles + +config BR2_PACKAGE_LIBAPPARMOR_UTILS + bool "AppArmor utils" + default y + help + AppArmor utilities + +endif diff --git a/package/libapparmor/libapparmor.hash b/package/libapparmor/libapparmor.hash new file mode 100644 index 0000000..f19a13c --- /dev/null +++ b/package/libapparmor/libapparmor.hash @@ -0,0 +1,2 @@ +# locally computed +sha256 49f0b65a60c1eb5b7b4316023811bf1785875567e0e0c4c8a26cb1f1c3ac5858 apparmor-2.13.tar.gz diff --git a/package/libapparmor/libapparmor.mk b/package/libapparmor/libapparmor.mk new file mode 100644 index 0000000..73a2adb --- /dev/null +++ b/package/libapparmor/libapparmor.mk @@ -0,0 +1,53 @@ +################################################################################ +# +# libapparmor +# +################################################################################ + +LIBAPPARMOR_BASE_VERSION = 2.13 +LIBAPPARMOR_VERSION = $(LIBAPPARMOR_BASE_VERSION).0 +LIBAPPARMOR_SOURCE = apparmor-$(LIBAPPARMOR_BASE_VERSION).tar.gz +LIBAPPARMOR_SITE = https://launchpad.net/apparmor/$(LIBAPPARMOR_BASE_VERSION)/$(LIBAPPARMOR_VERSION)/+download +LIBAPPARMOR_LICENSE = GPL-2.0 +LIBAPPARMOR_LICENSE_FILES = LICENSE +LIBAPPARMOR_SUBDIR = libraries/libapparmor +LIBAPPARMOR_AUTORECONF = YES +LIBAPPARMOR_INSTALL_STAGING = YES +LIBAPPARMOR_CONF_OPTS = --enable-static --enable-man-pages=no + +LIBAPPARMOR_DEPENDENCIES += \ + $(if $(BR2_PACKAGE_APPARMOR_APACHE),apache) \ + $(if $(BR2_PACKAGE_APPARMOR_PAM),linux-pam) \ + +APPARMOR_DIRS = parser \ + $(if $(BR2_PACKAGE_APPARMOR_APACHE),changehat/mod_apparmor) \ + $(if $(BR2_PACKAGE_APPARMOR_BINUTILS),binutils) \ + $(if $(BR2_PACKAGE_APPARMOR_PAM),changehat/pam_apparmor) \ + $(if $(BR2_PACKAGE_APPARMOR_PROFILES),profiles) \ + $(if $(BR2_PACKAGE_APPARMOR_UTILS),utils) + +APPARMOR_BUILD_OPTS += \ + $(if $(BR2_PACKAGE_APPARMOR_APACHE),APXS=$(STAGING_DIR)/usr/bin/apxs) + +define APPARMOR_BUILD_CMDS + $(foreach d,$(APPARMOR_DIRS), + ### AppArmor building $d ### + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) \ + $(LIBAPPARMOR_MAKE) -C $(@D)/$(d) $(APPARMOR_BUILD_OPTS) + ) +endef + +LIBAPPARMOR_POST_INSTALL_STAGING_HOOKS += APPARMOR_BUILD_CMDS + +define APPARMOR_INSTALL_TARGET_CMDS + $(foreach d,$(APPARMOR_DIRS), + ### AppArmor installing $d ### + $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) \ + $(LIBAPPARMOR_MAKE) -C $(@D)/$(d) DESTDIR=$(TARGET_DIR) \ + $(APPARMOR_BUILD_OPTS) install + ) +endef + +LIBAPPARMOR_POST_INSTALL_TARGET_HOOKS += APPARMOR_INSTALL_TARGET_CMDS + +$(eval $(autotools-package))