Merge from bittboy/buildroot@26c91a9

package/apparmor/Config.in

@@ -0,0 +1,77 @@
+config BR2_PACKAGE_APPARMOR
+	bool "apparmor"
+	depends on BR2_USE_MMU # fork()
+	depends on BR2_INSTALL_LIBSTDCPP
+	depends on BR2_TOOLCHAIN_HAS_SYNC_4 # libapparmor
+	depends on BR2_TOOLCHAIN_HAS_THREADS # libapparmor
+	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_16 # libapparmor
+	select BR2_PACKAGE_LIBAPPARMOR
+	help
+	  AppArmor is an effective and easy-to-use Linux application
+	  security system. AppArmor proactively protects the operating
+	  system and applications from external or internal threats,
+	  even zero-day attacks, by enforcing good behavior and
+	  preventing even unknown application flaws from being
+	  exploited.
+
+	  This package builds the parser (which can load profiles).
+
+	  http://wiki.apparmor.net
+
+if BR2_PACKAGE_APPARMOR
+
+config BR2_PACKAGE_APPARMOR_BINUTILS
+	bool "binutils"
+	help
+	  A set of utilities (written in C):
+	    aa-enabled    aa-exec
+
+comment "utils need python3"
+	depends on !BR2_PACKAGE_PYTHON3
+
+config BR2_PACKAGE_APPARMOR_UTILS
+	bool "utils"
+	depends on BR2_PACKAGE_PYTHON3
+	select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS # net-tools
+	select BR2_PACKAGE_NET_TOOLS # runtime (aa-unconfined)
+	select BR2_PACKAGE_PYTHON3_READLINE
+	help
+	  A set of utilities (written in python):
+	    aa-audit          aa-disable      aa-logprof
+	    aa-autodep        aa-easyprof     aa-mergeprof
+	    aa-cleanprof      aa-enforce      aa-status
+	    aa-complain       aa-genprof      aa-unconfined
+
+if BR2_PACKAGE_APPARMOR_UTILS
+
+comment "utils (extras) need bash and perl, and busybox or gawk"
+	depends on !BR2_PACKAGE_BASH || !BR2_PACKAGE_PERL \
+		|| !(BR2_PACKAGE_BUSYBOX || BR2_PACKAGE_GAWK)
+
+config BR2_PACKAGE_APPARMOR_UTILS_EXTRA
+	bool "utils (extras)"
+	depends on BR2_PACKAGE_BASH
+	depends on BR2_PACKAGE_PERL
+	depends on BR2_PACKAGE_BUSYBOX || BR2_PACKAGE_GAWK
+	help
+	  An extra set of utilities (written in a mixture of sh,
+	  bash, perl, and awk):
+	    aa-decode          (bash + perl)
+	    aa-notify          (perl)
+	    aa-remove-unknown  (sh + awk)
+
+endif # BR2_PACKAGE_APPARMOR_UTILS
+
+config BR2_PACKAGE_APPARMOR_PROFILES
+	bool "profiles"
+	help
+	  Installs server-class profiles for a wide range of
+	  usual programs and daemons.
+
+endif # BR2_PACKAGE_APPARMOR
+
+comment "apparmor needs a toolchain w/ headers >= 3.16, threads, C++"
+	depends on BR2_USE_MMU
+	depends on BR2_TOOLCHAIN_HAS_SYNC_4
+	depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS \
+		|| !BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_16

package/apparmor/apparmor.hash

@@ -0,0 +1,6 @@
+# From: https://gitlab.com/apparmor/apparmor/-/wikis/home#userspace
+sha256  66fd751fe51eb427d2aa864ee035b12d01d212fd595579275219b0148c43755e  apparmor-3.0.0.tar.gz
+
+# locally computed
+sha256  a7e0cdcbea5c14927cedfc600d46526bdcbb1eb0a4d951e2ea53c2a6de159cb4  LICENSE
+sha256  dd54950fa69a3096fe907a466a454d217ccca9bca77398d5232704766d5a0040  parser/COPYING.GPL

package/apparmor/apparmor.mk

@@ -0,0 +1,95 @@
+################################################################################
+#
+# apparmor
+#
+################################################################################
+
+# When updating the version here, please also update the libapparmor package
+APPARMOR_VERSION_MAJOR = 3.0
+APPARMOR_VERSION = $(APPARMOR_VERSION_MAJOR).0
+APPARMOR_SITE = https://launchpad.net/apparmor/$(APPARMOR_VERSION_MAJOR)/$(APPARMOR_VERSION_MAJOR)/+download
+APPARMOR_DL_SUBDIR = libapparmor
+APPARMOR_LICENSE = GPL-2.0
+APPARMOR_LICENSE_FILES = LICENSE parser/COPYING.GPL
+
+APPARMOR_DEPENDENCIES = libapparmor
+
+APPARMOR_TOOLS = parser
+APPARMOR_MAKE_OPTS = USE_SYSTEM=1 DISTRO=unknown POD2MAN=true POD2HTML=true
+
+ifeq ($(BR2_PACKAGE_GETTEXT_PROVIDES_LIBINTL),y)
+APPARMOR_DEPENDENCIES += gettext
+APPARMOR_MAKE_OPTS += WITH_LIBINTL=1
+endif
+
+ifeq ($(BR2_PACKAGE_APPARMOR_BINUTILS),y)
+APPARMOR_TOOLS += binutils
+endif
+
+ifeq ($(BR2_PACKAGE_APPARMOR_UTILS),y)
+APPARMOR_DEPENDENCIES += host-python3 python3
+APPARMOR_TOOLS += utils
+APPARMOR_MAKE_OPTS += PYTHON=$(HOST_DIR)/bin/python3
+
+ifeq ($(BR2_PACKAGE_APPARMOR_UTILS_EXTRA),)
+define APPARMOR_UTILS_NO_EXTRA
+	$(Q)rm -f $(addprefix $(TARGET_DIR)/usr/sbin/,aa-decode aa-notify aa-remove-unknown)
+endef
+APPARMOR_POST_INSTALL_TARGET_HOOKS += APPARMOR_UTILS_NO_EXTRA
+endif # BR2_PACKAGE_APPARMOR_UTILS_EXTRA
+
+endif # BR2_PACKAGE_APPARMOR_UTILS
+
+ifeq ($(BR2_PACKAGE_APPARMOR_PROFILES),y)
+APPARMOR_TOOLS += profiles
+endif
+
+ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
+APPARMOR_DEPENDENCIES += linux-pam
+APPARMOR_TOOLS += changehat/pam_apparmor
+endif
+
+ifeq ($(BR2_PACKAGE_APACHE),y)
+APPARMOR_DEPENDENCIES += apache
+APPARMOR_TOOLS += changehat/mod_apparmor
+APPARMOR_MAKE_OPTS += APXS=$(STAGING_DIR)/usr/bin/apxs
+
+ifeq ($(BR2_PER_PACKAGE_DIRECTORIES),y)
+define APPARMOR_FIXUP_APXS
+	$(SED) "s@$(PER_PACKAGE_DIR)/[^/]\+/@$(PER_PACKAGE_DIR)/apparmor/@g" \
+		$(STAGING_DIR)/usr/bin/apxs \
+		$(STAGING_DIR)/usr/build/config_vars.mk
+endef
+APPARMOR_POST_CONFIGURE_HOOKS += APPARMOR_FIXUP_APXS
+endif
+endif
+
+define APPARMOR_BUILD_CMDS
+	$(foreach tool,$(APPARMOR_TOOLS),\
+		$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) \
+		$(MAKE) -C $(@D)/$(tool) $(APPARMOR_MAKE_OPTS)
+	)
+endef
+
+define APPARMOR_INSTALL_TARGET_CMDS
+	$(foreach tool,$(APPARMOR_TOOLS),\
+		$(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) \
+		$(MAKE) -C $(@D)/$(tool) $(APPARMOR_MAKE_OPTS) \
+			DESTDIR=$(TARGET_DIR) install
+	)
+endef
+
+# Despite its name, apparmor.systemd is a sysv-init compatible startup script
+define APPARMOR_INSTALL_INIT_SYSV
+	$(INSTALL) -D -m 0755 $(@D)/parser/apparmor.systemd \
+		$(TARGET_DIR)/etc/init.d/S00apparmor
+endef
+
+define APPARMOR_INSTALL_INIT_SYSTEMD
+	$(INSTALL) -D -m 0755 $(@D)/parser/apparmor.systemd \
+		$(TARGET_DIR)/lib/apparmor/apparmor.systemd
+	$(INSTALL) -D -m 0755 $(@D)/parser/apparmor.service \
+		$(TARGET_DIR)/usr/lib/systemd/system/apparmor.service
+endef
+
+$(eval $(generic-package))