[PR PATCH] apparmor: add missing dependency

[PR PATCH] apparmor: add missing dependency

[paper42]

[-- Attachment #1: Type: text/plain, Size: 1654 bytes --]

There is a new pull request by paper42 against master on the void-packages repository

https://github.com/paper42/void-packages 0001-apparmor-add-missing-dependency.patch
https://github.com/void-linux/void-packages/pull/28448

apparmor: add missing dependency
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

required by aa-notify

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/28448.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-0001-apparmor-add-missing-dependency.patch-28448.patch --]
[-- Type: text/x-diff, Size: 1144 bytes --]

From 6dd87acbc64061b91cdae36be955044a80e98733 Mon Sep 17 00:00:00 2001
From: Paper <paper@tilde.institute>
Date: Wed, 3 Feb 2021 20:13:56 +0100
Subject: [PATCH] apparmor: add missing dependency

---
 srcpkgs/apparmor/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/apparmor/template b/srcpkgs/apparmor/template
index f6f5bff6aae..be0d6b80234 100644
--- a/srcpkgs/apparmor/template
+++ b/srcpkgs/apparmor/template
@@ -1,7 +1,7 @@
 # Template file for 'apparmor'
 pkgname=apparmor
 version=3.0.1
-revision=1
+revision=2
 wrksrc="${pkgname}-v${version}"
 build_wrksrc=libraries/libapparmor
 build_style=gnu-configure
@@ -9,7 +9,7 @@ conf_files="/etc/apparmor.d/local/* /etc/apparmor/*"
 make_dirs="/etc/apparmor.d/disable 0755 root root"
 hostmakedepends="bison flex autoconf automake libtool gettext swig python3 which"
 makedepends="perl python3-devel"
-depends="runit-void-apparmor python3 libapparmor"
+depends="runit-void-apparmor python3 libapparmor python3-notify2"
 checkdepends="dejagnu"
 short_desc="Mandatory access control to restrict programs"
 maintainer="Olivier Mauras <olivier@mauras.ch>"

Re: apparmor: add missing dependency

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 249 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/28448#issuecomment-772778007

Comment:
I will hold onto this for a bit while I try to figure out the linux 5.4 issue, so we can push a single time.

Re: [PR PATCH] [Updated] apparmor: add missing dependency

[paper42]

[-- Attachment #1: Type: text/plain, Size: 1659 bytes --]

There is an updated pull request by paper42 against master on the void-packages repository

https://github.com/paper42/void-packages 0001-apparmor-add-missing-dependency.patch
https://github.com/void-linux/void-packages/pull/28448

apparmor: add missing dependency
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

required by aa-notify

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/28448.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-0001-apparmor-add-missing-dependency.patch-28448.patch --]
[-- Type: text/x-diff, Size: 4179 bytes --]

From 27432a16805b7769710bd2900c803ad1597079a9 Mon Sep 17 00:00:00 2001
From: Paper <paper@tilde.institute>
Date: Wed, 3 Feb 2021 20:13:56 +0100
Subject: [PATCH] apparmor: various fixes

* add missing dependency python3-notify2 for aa-notify
* do not rewrite logfiles option in logprof.conf aggressively
* remove an old patch
---
 .../add-missing-typedef-definitions.patch     | 49 -------------------
 .../patches/correct_paths_logprofconf.patch   |  9 ----
 srcpkgs/apparmor/template                     |  6 +--
 3 files changed, 3 insertions(+), 61 deletions(-)
 delete mode 100644 srcpkgs/apparmor/patches/add-missing-typedef-definitions.patch

diff --git a/srcpkgs/apparmor/patches/add-missing-typedef-definitions.patch b/srcpkgs/apparmor/patches/add-missing-typedef-definitions.patch
deleted file mode 100644
index 30925916350..00000000000
--- a/srcpkgs/apparmor/patches/add-missing-typedef-definitions.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Source: Alpine Linux
-Upstream: Unknown
-Reason: Fixes compilation with musl libc
----
-
-diff --git a/parser/missingdefs.h b/parser/missingdefs.h
-new file mode 100644
-index 0000000..8097aef
---- /dev/null
-+++ b/parser/missingdefs.h
-@@ -0,0 +1,8 @@
-+#ifndef PARSER_MISSINGDEFS_H
-+#define PARSER_MISSINGDEFS_H
-+
-+typedef int (*__compar_fn_t) (const void *, const void *);
-+typedef __compar_fn_t comparison_fn_t;
-+typedef void (*__free_fn_t) (void *__nodep);
-+
-+#endif
-diff --git a/parser/parser_alias.c b/parser/parser_alias.c
-index f5b6da4..d57f580 100644
---- a/parser/parser_alias.c
-+++ b/parser/parser_alias.c
-@@ -25,6 +25,10 @@
- #include "parser.h"
- #include "profile.h"
- 
-+#ifndef __GLIBC__
-+#include "missingdefs.h"
-+#endif
-+
- struct alias_rule {
- 	char *from;
- 	char *to;
-diff --git a/parser/parser_symtab.c b/parser/parser_symtab.c
-index 3e667d8..e109f4d 100644
---- a/parser/parser_symtab.c
-+++ b/parser/parser_symtab.c
-@@ -25,6 +25,10 @@
- #include "immunix.h"
- #include "parser.h"
- 
-+#ifndef __GLIBC__
-+#include "missingdefs.h"
-+#endif
-+
- enum var_type {
- 	sd_boolean,
- 	sd_set,
diff --git a/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch b/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch
index fb6ce53ffdc..d1d1f93336f 100644
--- a/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch
+++ b/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch
@@ -11,15 +11,6 @@ diff --git a/utils/logprof.conf b/utils/logprof.conf
 index a778792..a9f7b79 100644
 --- a/utils/logprof.conf
 +++ b/utils/logprof.conf
-@@ -14,7 +14,7 @@
-   inactive_profiledir = /usr/share/apparmor/extra-profiles 
-   logfiles = /var/log/audit/audit.log /var/log/syslog /var/log/messages
- 
--  parser = /sbin/apparmor_parser /sbin/subdomain_parser
-+  parser = /usr/bin/apparmor_parser /usr/bin/subdomain_parser
-   ldd = /usr/bin/ldd
-   logger = /bin/logger /usr/bin/logger
- 
 @@ -51,12 +51,10 @@
    /bin/mount    = u
    /usr/bin/mount = u
diff --git a/srcpkgs/apparmor/template b/srcpkgs/apparmor/template
index f6f5bff6aae..c21a2a032cc 100644
--- a/srcpkgs/apparmor/template
+++ b/srcpkgs/apparmor/template
@@ -1,7 +1,7 @@
 # Template file for 'apparmor'
 pkgname=apparmor
 version=3.0.1
-revision=1
+revision=2
 wrksrc="${pkgname}-v${version}"
 build_wrksrc=libraries/libapparmor
 build_style=gnu-configure
@@ -9,7 +9,7 @@ conf_files="/etc/apparmor.d/local/* /etc/apparmor/*"
 make_dirs="/etc/apparmor.d/disable 0755 root root"
 hostmakedepends="bison flex autoconf automake libtool gettext swig python3 which"
 makedepends="perl python3-devel"
-depends="runit-void-apparmor python3 libapparmor"
+depends="runit-void-apparmor python3 libapparmor python3-notify2"
 checkdepends="dejagnu"
 short_desc="Mandatory access control to restrict programs"
 maintainer="Olivier Mauras <olivier@mauras.ch>"
@@ -34,7 +34,7 @@ pre_build() {
 	cp ${FILESDIR}/profiles/* profiles/apparmor.d/
 
 	# use the correct syslog path
-	vsed -i utils/logprof.conf -e 's,logfiles = .*,logfiles = /var/log/socklog/kernel/current,'
+	vsed -i utils/logprof.conf -e 's,logfiles = .*,logfiles = /var/log/audit/audit.log /var/log/socklog/kernel/current /var/log/syslog /var/log/messages,'
 }
 
 post_build() {

Re: apparmor: add missing dependency

[paper42]

[-- Attachment #1: Type: text/plain, Size: 336 bytes --]

New comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/28448#issuecomment-772871782

Comment:
then I will add some more improvements into this PR

* add missing dependency python3-notify2 for aa-notify
* do not rewrite logfiles option in logprof.conf aggressively
* remove an old patch

Re: [PR REVIEW] apparmor: various fixes

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 193 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/28448#discussion_r569872359

Comment:
Please split the expression into its own line.

Re: apparmor: various fixes

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 402 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/28448#issuecomment-773001329

Comment:
Just pull this patch (thankfully someone noticed the issue, because I wasn't sure how I would solve it) https://gitlab.com/apparmor/apparmor/-/commit/cc113f4820721808c9efec8b075a5482e6f9a3ad

And put in the commit/PR description that it fixes #28127

Thanks

Re: [PR PATCH] [Updated] apparmor: various fixes

[paper42]

[-- Attachment #1: Type: text/plain, Size: 1650 bytes --]

There is an updated pull request by paper42 against master on the void-packages repository

https://github.com/paper42/void-packages 0001-apparmor-add-missing-dependency.patch
https://github.com/void-linux/void-packages/pull/28448

apparmor: various fixes
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

required by aa-notify

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/28448.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-0001-apparmor-add-missing-dependency.patch-28448.patch --]
[-- Type: text/x-diff, Size: 6660 bytes --]

From 3b64ee48d3683e472af528399da0252d3dd26e87 Mon Sep 17 00:00:00 2001
From: Paper <paper@tilde.institute>
Date: Wed, 3 Feb 2021 20:13:56 +0100
Subject: [PATCH] apparmor: various fixes

* add missing dependency python3-notify2 for aa-notify
* do not rewrite logfiles option in logprof.conf aggressively
* remove an old patch
---
 .../add-missing-typedef-definitions.patch     | 49 -----------------
 .../patches/correct_paths_logprofconf.patch   |  9 ++--
 .../patches/fix-setting-proc_attr_base.patch  | 52 +++++++++++++++++++
 srcpkgs/apparmor/template                     |  7 +--
 4 files changed, 60 insertions(+), 57 deletions(-)
 delete mode 100644 srcpkgs/apparmor/patches/add-missing-typedef-definitions.patch
 create mode 100644 srcpkgs/apparmor/patches/fix-setting-proc_attr_base.patch

diff --git a/srcpkgs/apparmor/patches/add-missing-typedef-definitions.patch b/srcpkgs/apparmor/patches/add-missing-typedef-definitions.patch
deleted file mode 100644
index 30925916350..00000000000
--- a/srcpkgs/apparmor/patches/add-missing-typedef-definitions.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Source: Alpine Linux
-Upstream: Unknown
-Reason: Fixes compilation with musl libc
----
-
-diff --git a/parser/missingdefs.h b/parser/missingdefs.h
-new file mode 100644
-index 0000000..8097aef
---- /dev/null
-+++ b/parser/missingdefs.h
-@@ -0,0 +1,8 @@
-+#ifndef PARSER_MISSINGDEFS_H
-+#define PARSER_MISSINGDEFS_H
-+
-+typedef int (*__compar_fn_t) (const void *, const void *);
-+typedef __compar_fn_t comparison_fn_t;
-+typedef void (*__free_fn_t) (void *__nodep);
-+
-+#endif
-diff --git a/parser/parser_alias.c b/parser/parser_alias.c
-index f5b6da4..d57f580 100644
---- a/parser/parser_alias.c
-+++ b/parser/parser_alias.c
-@@ -25,6 +25,10 @@
- #include "parser.h"
- #include "profile.h"
- 
-+#ifndef __GLIBC__
-+#include "missingdefs.h"
-+#endif
-+
- struct alias_rule {
- 	char *from;
- 	char *to;
-diff --git a/parser/parser_symtab.c b/parser/parser_symtab.c
-index 3e667d8..e109f4d 100644
---- a/parser/parser_symtab.c
-+++ b/parser/parser_symtab.c
-@@ -25,6 +25,10 @@
- #include "immunix.h"
- #include "parser.h"
- 
-+#ifndef __GLIBC__
-+#include "missingdefs.h"
-+#endif
-+
- enum var_type {
- 	sd_boolean,
- 	sd_set,
diff --git a/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch b/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch
index fb6ce53ffdc..e34e69af8bf 100644
--- a/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch
+++ b/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch
@@ -11,15 +11,18 @@ diff --git a/utils/logprof.conf b/utils/logprof.conf
 index a778792..a9f7b79 100644
 --- a/utils/logprof.conf
 +++ b/utils/logprof.conf
-@@ -14,7 +14,7 @@
+@@ -12,9 +12,9 @@
+ [settings]
+   profiledir = /etc/apparmor.d /etc/subdomain.d
    inactive_profiledir = /usr/share/apparmor/extra-profiles 
-   logfiles = /var/log/audit/audit.log /var/log/syslog /var/log/messages
+-  logfiles = /var/log/audit/audit.log /var/log/syslog /var/log/messages
++  logfiles = /var/log/audit/audit.log /var/log/socklog/kernel/current /var/log/syslog /var/log/messages
  
 -  parser = /sbin/apparmor_parser /sbin/subdomain_parser
 +  parser = /usr/bin/apparmor_parser /usr/bin/subdomain_parser
    ldd = /usr/bin/ldd
    logger = /bin/logger /usr/bin/logger
- 
+
 @@ -51,12 +51,10 @@
    /bin/mount    = u
    /usr/bin/mount = u
diff --git a/srcpkgs/apparmor/patches/fix-setting-proc_attr_base.patch b/srcpkgs/apparmor/patches/fix-setting-proc_attr_base.patch
new file mode 100644
index 00000000000..35e9101f81b
--- /dev/null
+++ b/srcpkgs/apparmor/patches/fix-setting-proc_attr_base.patch
@@ -0,0 +1,52 @@
+upstream: yes
+From cc113f4820721808c9efec8b075a5482e6f9a3ad Mon Sep 17 00:00:00 2001
+From: Aaron U'Ren <aauren@users.noreply.gitlab.com>
+Date: Wed, 20 Jan 2021 17:26:37 -0600
+Subject: [PATCH] fix setting proc_attr_base
+
+There is currently a case in which proc_attr_base won't get set when
+asprintf is able to generate the path, but the file doesn't exist, it
+will exit proc_attr_base_init_once() without proc_attr_base having been
+set as the fall-through if/else logic will get bypassed when asprintf is
+successful.
+---
+ libraries/libapparmor/src/kernel.c | 19 +++++++++++--------
+ 1 file changed, 11 insertions(+), 8 deletions(-)
+
+diff --git a/libraries/libapparmor/src/kernel.c b/libraries/libapparmor/src/kernel.c
+index 0fa77b014..6ba028614 100644
+--- a/libraries/libapparmor/src/kernel.c
++++ b/libraries/libapparmor/src/kernel.c
+@@ -239,18 +239,21 @@ static void proc_attr_base_init_once(void)
+ 	/* if we fail we just fall back to the default value */
+ 	if (asprintf(&tmp, "/proc/%d/attr/apparmor/current", aa_gettid())) {
+ 		autoclose int fd = open(tmp, O_RDONLY);
+-		if (fd != -1)
++		if (fd != -1) {
+ 			proc_attr_base = proc_attr_base_stacking;
+-	} else if (!is_enabled() && is_private_enabled()) {
++			return;
++		}
++	}
++	if (!is_enabled() && is_private_enabled()) {
+ 		/* new stacking interfaces aren't available and apparmor
+-		 * is disabled, but available. do not use the
+-		 * /proc/<pid>/attr/ * interfaces as they could be
+-		 * in use by another LSM
+-		 */
++		* is disabled, but available. do not use the
++		* /proc/<pid>/attr/ * interfaces as they could be
++		* in use by another LSM
++		*/
+ 		proc_attr_base = proc_attr_base_unavailable;
+-	} else {
+-		proc_attr_base = proc_attr_base_old;
++		return;
+ 	}
++	proc_attr_base = proc_attr_base_old;
+ }
+ 
+ static char *procattr_path(pid_t pid, const char *attr)
+-- 
+GitLab
+
diff --git a/srcpkgs/apparmor/template b/srcpkgs/apparmor/template
index f6f5bff6aae..27029962cf0 100644
--- a/srcpkgs/apparmor/template
+++ b/srcpkgs/apparmor/template
@@ -1,7 +1,7 @@
 # Template file for 'apparmor'
 pkgname=apparmor
 version=3.0.1
-revision=1
+revision=2
 wrksrc="${pkgname}-v${version}"
 build_wrksrc=libraries/libapparmor
 build_style=gnu-configure
@@ -9,7 +9,7 @@ conf_files="/etc/apparmor.d/local/* /etc/apparmor/*"
 make_dirs="/etc/apparmor.d/disable 0755 root root"
 hostmakedepends="bison flex autoconf automake libtool gettext swig python3 which"
 makedepends="perl python3-devel"
-depends="runit-void-apparmor python3 libapparmor"
+depends="runit-void-apparmor python3 libapparmor python3-notify2"
 checkdepends="dejagnu"
 short_desc="Mandatory access control to restrict programs"
 maintainer="Olivier Mauras <olivier@mauras.ch>"
@@ -32,9 +32,6 @@ pre_build() {
 	# Replace release profiles with our own
 	cd ${wrksrc}
 	cp ${FILESDIR}/profiles/* profiles/apparmor.d/
-
-	# use the correct syslog path
-	vsed -i utils/logprof.conf -e 's,logfiles = .*,logfiles = /var/log/socklog/kernel/current,'
 }
 
 post_build() {

Re: [PR REVIEW] apparmor: various fixes

[paper42]

[-- Attachment #1: Type: text/plain, Size: 173 bytes --]

New review comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/28448#discussion_r570122931

Comment:
moved to the logprof patch

Re: [PR PATCH] [Updated] apparmor: various fixes

[paper42]

[-- Attachment #1: Type: text/plain, Size: 1650 bytes --]

There is an updated pull request by paper42 against master on the void-packages repository

https://github.com/paper42/void-packages 0001-apparmor-add-missing-dependency.patch
https://github.com/void-linux/void-packages/pull/28448

apparmor: various fixes
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

required by aa-notify

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/28448.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-0001-apparmor-add-missing-dependency.patch-28448.patch --]
[-- Type: text/x-diff, Size: 6698 bytes --]

From 8ee3409a38512574e7c6cfa49f1ceeb33a416ce4 Mon Sep 17 00:00:00 2001
From: Paper <paper@tilde.institute>
Date: Wed, 3 Feb 2021 20:13:56 +0100
Subject: [PATCH] apparmor: various fixes

* add missing dependency python3-notify2 for aa-notify
* do not rewrite logfiles option in logprof.conf aggressively
* remove an old patch
* fix segfault on musl

closes #28127
---
 .../add-missing-typedef-definitions.patch     | 49 -----------------
 .../patches/correct_paths_logprofconf.patch   |  9 ++--
 .../patches/fix-setting-proc_attr_base.patch  | 52 +++++++++++++++++++
 srcpkgs/apparmor/template                     |  7 +--
 4 files changed, 60 insertions(+), 57 deletions(-)
 delete mode 100644 srcpkgs/apparmor/patches/add-missing-typedef-definitions.patch
 create mode 100644 srcpkgs/apparmor/patches/fix-setting-proc_attr_base.patch

diff --git a/srcpkgs/apparmor/patches/add-missing-typedef-definitions.patch b/srcpkgs/apparmor/patches/add-missing-typedef-definitions.patch
deleted file mode 100644
index 30925916350..00000000000
--- a/srcpkgs/apparmor/patches/add-missing-typedef-definitions.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Source: Alpine Linux
-Upstream: Unknown
-Reason: Fixes compilation with musl libc
----
-
-diff --git a/parser/missingdefs.h b/parser/missingdefs.h
-new file mode 100644
-index 0000000..8097aef
---- /dev/null
-+++ b/parser/missingdefs.h
-@@ -0,0 +1,8 @@
-+#ifndef PARSER_MISSINGDEFS_H
-+#define PARSER_MISSINGDEFS_H
-+
-+typedef int (*__compar_fn_t) (const void *, const void *);
-+typedef __compar_fn_t comparison_fn_t;
-+typedef void (*__free_fn_t) (void *__nodep);
-+
-+#endif
-diff --git a/parser/parser_alias.c b/parser/parser_alias.c
-index f5b6da4..d57f580 100644
---- a/parser/parser_alias.c
-+++ b/parser/parser_alias.c
-@@ -25,6 +25,10 @@
- #include "parser.h"
- #include "profile.h"
- 
-+#ifndef __GLIBC__
-+#include "missingdefs.h"
-+#endif
-+
- struct alias_rule {
- 	char *from;
- 	char *to;
-diff --git a/parser/parser_symtab.c b/parser/parser_symtab.c
-index 3e667d8..e109f4d 100644
---- a/parser/parser_symtab.c
-+++ b/parser/parser_symtab.c
-@@ -25,6 +25,10 @@
- #include "immunix.h"
- #include "parser.h"
- 
-+#ifndef __GLIBC__
-+#include "missingdefs.h"
-+#endif
-+
- enum var_type {
- 	sd_boolean,
- 	sd_set,
diff --git a/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch b/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch
index fb6ce53ffdc..e34e69af8bf 100644
--- a/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch
+++ b/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch
@@ -11,15 +11,18 @@ diff --git a/utils/logprof.conf b/utils/logprof.conf
 index a778792..a9f7b79 100644
 --- a/utils/logprof.conf
 +++ b/utils/logprof.conf
-@@ -14,7 +14,7 @@
+@@ -12,9 +12,9 @@
+ [settings]
+   profiledir = /etc/apparmor.d /etc/subdomain.d
    inactive_profiledir = /usr/share/apparmor/extra-profiles 
-   logfiles = /var/log/audit/audit.log /var/log/syslog /var/log/messages
+-  logfiles = /var/log/audit/audit.log /var/log/syslog /var/log/messages
++  logfiles = /var/log/audit/audit.log /var/log/socklog/kernel/current /var/log/syslog /var/log/messages
  
 -  parser = /sbin/apparmor_parser /sbin/subdomain_parser
 +  parser = /usr/bin/apparmor_parser /usr/bin/subdomain_parser
    ldd = /usr/bin/ldd
    logger = /bin/logger /usr/bin/logger
- 
+
 @@ -51,12 +51,10 @@
    /bin/mount    = u
    /usr/bin/mount = u
diff --git a/srcpkgs/apparmor/patches/fix-setting-proc_attr_base.patch b/srcpkgs/apparmor/patches/fix-setting-proc_attr_base.patch
new file mode 100644
index 00000000000..35e9101f81b
--- /dev/null
+++ b/srcpkgs/apparmor/patches/fix-setting-proc_attr_base.patch
@@ -0,0 +1,52 @@
+upstream: yes
+From cc113f4820721808c9efec8b075a5482e6f9a3ad Mon Sep 17 00:00:00 2001
+From: Aaron U'Ren <aauren@users.noreply.gitlab.com>
+Date: Wed, 20 Jan 2021 17:26:37 -0600
+Subject: [PATCH] fix setting proc_attr_base
+
+There is currently a case in which proc_attr_base won't get set when
+asprintf is able to generate the path, but the file doesn't exist, it
+will exit proc_attr_base_init_once() without proc_attr_base having been
+set as the fall-through if/else logic will get bypassed when asprintf is
+successful.
+---
+ libraries/libapparmor/src/kernel.c | 19 +++++++++++--------
+ 1 file changed, 11 insertions(+), 8 deletions(-)
+
+diff --git a/libraries/libapparmor/src/kernel.c b/libraries/libapparmor/src/kernel.c
+index 0fa77b014..6ba028614 100644
+--- a/libraries/libapparmor/src/kernel.c
++++ b/libraries/libapparmor/src/kernel.c
+@@ -239,18 +239,21 @@ static void proc_attr_base_init_once(void)
+ 	/* if we fail we just fall back to the default value */
+ 	if (asprintf(&tmp, "/proc/%d/attr/apparmor/current", aa_gettid())) {
+ 		autoclose int fd = open(tmp, O_RDONLY);
+-		if (fd != -1)
++		if (fd != -1) {
+ 			proc_attr_base = proc_attr_base_stacking;
+-	} else if (!is_enabled() && is_private_enabled()) {
++			return;
++		}
++	}
++	if (!is_enabled() && is_private_enabled()) {
+ 		/* new stacking interfaces aren't available and apparmor
+-		 * is disabled, but available. do not use the
+-		 * /proc/<pid>/attr/ * interfaces as they could be
+-		 * in use by another LSM
+-		 */
++		* is disabled, but available. do not use the
++		* /proc/<pid>/attr/ * interfaces as they could be
++		* in use by another LSM
++		*/
+ 		proc_attr_base = proc_attr_base_unavailable;
+-	} else {
+-		proc_attr_base = proc_attr_base_old;
++		return;
+ 	}
++	proc_attr_base = proc_attr_base_old;
+ }
+ 
+ static char *procattr_path(pid_t pid, const char *attr)
+-- 
+GitLab
+
diff --git a/srcpkgs/apparmor/template b/srcpkgs/apparmor/template
index f6f5bff6aae..27029962cf0 100644
--- a/srcpkgs/apparmor/template
+++ b/srcpkgs/apparmor/template
@@ -1,7 +1,7 @@
 # Template file for 'apparmor'
 pkgname=apparmor
 version=3.0.1
-revision=1
+revision=2
 wrksrc="${pkgname}-v${version}"
 build_wrksrc=libraries/libapparmor
 build_style=gnu-configure
@@ -9,7 +9,7 @@ conf_files="/etc/apparmor.d/local/* /etc/apparmor/*"
 make_dirs="/etc/apparmor.d/disable 0755 root root"
 hostmakedepends="bison flex autoconf automake libtool gettext swig python3 which"
 makedepends="perl python3-devel"
-depends="runit-void-apparmor python3 libapparmor"
+depends="runit-void-apparmor python3 libapparmor python3-notify2"
 checkdepends="dejagnu"
 short_desc="Mandatory access control to restrict programs"
 maintainer="Olivier Mauras <olivier@mauras.ch>"
@@ -32,9 +32,6 @@ pre_build() {
 	# Replace release profiles with our own
 	cd ${wrksrc}
 	cp ${FILESDIR}/profiles/* profiles/apparmor.d/
-
-	# use the correct syslog path
-	vsed -i utils/logprof.conf -e 's,logfiles = .*,logfiles = /var/log/socklog/kernel/current,'
 }
 
 post_build() {

Re: [PR REVIEW] apparmor: various fixes

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 194 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/28448#discussion_r570202736

Comment:
Turns out you also need `python3-psutils` here.

Re: [PR PATCH] [Closed]: apparmor: various fixes

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 1459 bytes --]

There's a closed pull request on the void-packages repository

apparmor: various fixes
https://github.com/void-linux/void-packages/pull/28448

Description:
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

required by aa-notify

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->