From 3ea19283556061881d28ee4e9fda12614f821a23 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Tue, 10 Aug 2021 23:13:46 +0200
Subject: [PATCH 1/2] apparmor: update to 3.0.3.

* adopt
* fix licenses
---
 .../patches/fix-dnsmasq-libvirt.patch         | 13 ----
 .../patches/fix-setting-proc_attr_base.patch  | 52 ---------------
 ...ogprofconf.patch => fix_logprofconf.patch} | 63 ++++++++++++-------
 srcpkgs/apparmor/template                     | 14 +++--
 4 files changed, 50 insertions(+), 92 deletions(-)
 delete mode 100644 srcpkgs/apparmor/patches/fix-dnsmasq-libvirt.patch
 delete mode 100644 srcpkgs/apparmor/patches/fix-setting-proc_attr_base.patch
 rename srcpkgs/apparmor/patches/{correct_paths_logprofconf.patch => fix_logprofconf.patch} (52%)

diff --git a/srcpkgs/apparmor/patches/fix-dnsmasq-libvirt.patch b/srcpkgs/apparmor/patches/fix-dnsmasq-libvirt.patch
deleted file mode 100644
index 99ba9d3b5ab9..000000000000
--- a/srcpkgs/apparmor/patches/fix-dnsmasq-libvirt.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
-index 7ae9a148..a32d24ca 100644
---- a/profiles/apparmor.d/usr.sbin.dnsmasq
-+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
-@@ -113,7 +113,7 @@ profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
-     /etc/libnl-3/classid r,
- 
-     /usr/lib{,64}/libvirt/libvirt_leaseshelper m,
--    /usr/libexec/libvirt_leaseshelper m,
-+    /usr/libexec/libvirt_leaseshelper mr,
- 
-     owner @{PROC}/@{pid}/net/psched r,
-     owner @{PROC}/@{pid}/status r,
diff --git a/srcpkgs/apparmor/patches/fix-setting-proc_attr_base.patch b/srcpkgs/apparmor/patches/fix-setting-proc_attr_base.patch
deleted file mode 100644
index 35e9101f81b9..000000000000
--- a/srcpkgs/apparmor/patches/fix-setting-proc_attr_base.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-upstream: yes
-From cc113f4820721808c9efec8b075a5482e6f9a3ad Mon Sep 17 00:00:00 2001
-From: Aaron U'Ren <aauren@users.noreply.gitlab.com>
-Date: Wed, 20 Jan 2021 17:26:37 -0600
-Subject: [PATCH] fix setting proc_attr_base
-
-There is currently a case in which proc_attr_base won't get set when
-asprintf is able to generate the path, but the file doesn't exist, it
-will exit proc_attr_base_init_once() without proc_attr_base having been
-set as the fall-through if/else logic will get bypassed when asprintf is
-successful.
----
- libraries/libapparmor/src/kernel.c | 19 +++++++++++--------
- 1 file changed, 11 insertions(+), 8 deletions(-)
-
-diff --git a/libraries/libapparmor/src/kernel.c b/libraries/libapparmor/src/kernel.c
-index 0fa77b014..6ba028614 100644
---- a/libraries/libapparmor/src/kernel.c
-+++ b/libraries/libapparmor/src/kernel.c
-@@ -239,18 +239,21 @@ static void proc_attr_base_init_once(void)
- 	/* if we fail we just fall back to the default value */
- 	if (asprintf(&tmp, "/proc/%d/attr/apparmor/current", aa_gettid())) {
- 		autoclose int fd = open(tmp, O_RDONLY);
--		if (fd != -1)
-+		if (fd != -1) {
- 			proc_attr_base = proc_attr_base_stacking;
--	} else if (!is_enabled() && is_private_enabled()) {
-+			return;
-+		}
-+	}
-+	if (!is_enabled() && is_private_enabled()) {
- 		/* new stacking interfaces aren't available and apparmor
--		 * is disabled, but available. do not use the
--		 * /proc/<pid>/attr/ * interfaces as they could be
--		 * in use by another LSM
--		 */
-+		* is disabled, but available. do not use the
-+		* /proc/<pid>/attr/ * interfaces as they could be
-+		* in use by another LSM
-+		*/
- 		proc_attr_base = proc_attr_base_unavailable;
--	} else {
--		proc_attr_base = proc_attr_base_old;
-+		return;
- 	}
-+	proc_attr_base = proc_attr_base_old;
- }
- 
- static char *procattr_path(pid_t pid, const char *attr)
--- 
-GitLab
-
diff --git a/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch b/srcpkgs/apparmor/patches/fix_logprofconf.patch
similarity index 52%
rename from srcpkgs/apparmor/patches/correct_paths_logprofconf.patch
rename to srcpkgs/apparmor/patches/fix_logprofconf.patch
index e34e69af8bfb..a702cce454f0 100644
--- a/srcpkgs/apparmor/patches/correct_paths_logprofconf.patch
+++ b/srcpkgs/apparmor/patches/fix_logprofconf.patch
@@ -1,17 +1,8 @@
-From 6f2649203d6bfc26b79f624b5b4625603923bccd Mon Sep 17 00:00:00 2001
-From: Paper <paper@tilde.institute>
-Date: Wed, 21 Oct 2020 10:20:47 +0200
-Subject: [PATCH] correct paths in logprof.conf
+modify logprof.conf for Void Linux
 
----
- utils/logprof.conf | 17 ++++++++---------
- 1 file changed, 8 insertions(+), 9 deletions(-)
-
-diff --git a/utils/logprof.conf b/utils/logprof.conf
-index a778792..a9f7b79 100644
 --- a/utils/logprof.conf
 +++ b/utils/logprof.conf
-@@ -12,9 +12,9 @@
+@@ -12,11 +12,11 @@
  [settings]
    profiledir = /etc/apparmor.d /etc/subdomain.d
    inactive_profiledir = /usr/share/apparmor/extra-profiles 
@@ -21,9 +12,39 @@ index a778792..a9f7b79 100644
 -  parser = /sbin/apparmor_parser /sbin/subdomain_parser
 +  parser = /usr/bin/apparmor_parser /usr/bin/subdomain_parser
    ldd = /usr/bin/ldd
-   logger = /bin/logger /usr/bin/logger
-
-@@ -51,12 +51,10 @@
+-  logger = /bin/logger /usr/bin/logger
++  logger = /usr/bin/logger
+ 
+   # customize how file ownership permissions are presented
+   # 0 - off
+@@ -38,27 +38,29 @@
+ 
+ [qualifiers]
+   # things will be painfully broken if bash has a profile
+-  /bin/bash     = icnu
+-  /usr/bin/bash = icnu
+-  /bin/ksh	    = icnu
+-  /usr/bin/ksh	= icnu
+-  /bin/dash	    = icnu
+-  /usr/bin/dash	= icnu
+-  /bin/zsh      = icnu
+-  /usr/bin/zsh  = icnu
++  /bin/bash      = icnu
++  /usr/bin/bash  = icnu
++  /bin/ksh	     = icnu
++  /usr/bin/ksh	 = icnu
++  /bin/dash	     = icnu
++  /usr/bin/dash	 = icnu
++  /bin/zsh       = icnu
++  /usr/bin/zsh   = icnu
++  /bin/fish      = icnu
++  /usr/bin/fish  = icnu
++  /bin/ash       = icnu
++  /usr/bin/ash   = icnu
++  /bin/rc        = icnu
++  /usr/bin/rc    = icnu
+ 
+   # these programs can't function if they're confined
    /bin/mount    = u
    /usr/bin/mount = u
    /etc/init.d/subdomain = u
@@ -33,14 +54,16 @@ index a778792..a9f7b79 100644
 -  /usr/sbin/subdomain_parser = u
 -  /usr/sbin/genprof = u
 -  /usr/sbin/logprof = u
+-  /usr/lib/YaST2/servers_non_y2/ag_genprof = u
+-  /usr/lib/YaST2/servers_non_y2/ag_logprof = u
 +  /usr/bin/cardmgr = u
 +  /usr/bin/subdomain_parser = u
 +  /usr/bin/genprof = u
 +  /usr/bin/logprof = u
-   /usr/lib/YaST2/servers_non_y2/ag_genprof = u
-   /usr/lib/YaST2/servers_non_y2/ag_logprof = u
  
-@@ -97,8 +95,7 @@
+   # these ones shouln't have their own profiles
+   /bin/awk      = icn
+@@ -97,8 +99,7 @@
    /usr/bin/sed  = icn
    /bin/touch    = icn
    /usr/bin/touch = icn
@@ -50,15 +73,13 @@ index a778792..a9f7b79 100644
    /usr/bin/find = icn
    /usr/bin/killall = icn
    /usr/bin/nice = icn
-@@ -112,6 +109,8 @@
+@@ -112,6 +113,9 @@
    /usr/bin/python3.5    = icn
    /usr/bin/python3.6    = icn
    /usr/bin/python3.7    = icn
 +  /usr/bin/python3.8    = icn
 +  /usr/bin/python3.9    = icn
++  /usr/bin/python3.10    = icn
    /usr/bin/tr   = icn
  
  [required_hats]
--- 
-2.29.0
-
diff --git a/srcpkgs/apparmor/template b/srcpkgs/apparmor/template
index 4b45ad3ee18d..2a9e373447b6 100644
--- a/srcpkgs/apparmor/template
+++ b/srcpkgs/apparmor/template
@@ -1,7 +1,7 @@
 # Template file for 'apparmor'
 pkgname=apparmor
-version=3.0.1
-revision=7
+version=3.0.3
+revision=1
 wrksrc="${pkgname}-v${version}"
 build_wrksrc=libraries/libapparmor
 build_style=gnu-configure
@@ -10,15 +10,15 @@ make_dirs="/etc/apparmor.d/disable 0755 root root"
 hostmakedepends="bison flex autoconf automake libtool gettext swig python3 which"
 makedepends="perl python3-devel"
 depends="runit-void-apparmor libapparmor-${version}_${revision} python3-notify2
- python3-psutil python3-dbus iproute2"
+ python3-psutil python3-dbus iproute2 which"
 checkdepends="dejagnu"
 short_desc="Mandatory access control to restrict programs"
-maintainer="Olivier Mauras <olivier@mauras.ch>"
-license="GPL-2.0-only, LGPL-2.1-only"
+maintainer="Michal Vasilek <michal@vasilek.cz>"
+license="GPL-2.0-only"
 homepage="https://gitlab.com/apparmor/apparmor"
 changelog="https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_${version}"
 distfiles="https://gitlab.com/apparmor/apparmor/-/archive/v${version}/apparmor-v${version}.tar.gz"
-checksum=5f9afc157c5e2610737186a31fc9bd6a1d339a2ee85ac4f2667dce59cf60f1c7
+checksum=51b1db60e962dd01856a1ec6a9d43b11ed4350dcc5738ef901097c999bcbf50e
 replaces="apparmor-vim>=0"
 
 if [ -z "$CROSS_BUILD" ]; then
@@ -68,6 +68,7 @@ post_install() {
 
 libapparmor_package() {
 	short_desc+=" - Library"
+	license="LGPL-2.1-only"
 	pkg_install() {
 		vmove "usr/lib/libapparmor.so*"
 		if [ -z "$CROSS_BUILD" ]; then
@@ -81,6 +82,7 @@ libapparmor_package() {
 
 libapparmor-devel_package() {
 	short_desc+=" - Library development files"
+	license="LGPL-2.1-only"
 	depends="lib${sourcepkg}-${version}_${revision}"
 	pkg_install() {
 		vmove usr/include

From 478d8a1a500883316df953db68c224ea1b81c871 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Wed, 11 Aug 2021 00:30:17 +0200
Subject: [PATCH 2/2] runit-void: set apparmor to complain mode by default

---
 srcpkgs/runit-void/files/apparmor | 2 +-
 srcpkgs/runit-void/template       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/runit-void/files/apparmor b/srcpkgs/runit-void/files/apparmor
index 980b5b3eecc7..b32ce11a11ef 100644
--- a/srcpkgs/runit-void/files/apparmor
+++ b/srcpkgs/runit-void/files/apparmor
@@ -4,4 +4,4 @@
 # - disable
 # - complain
 # - enforce
-#APPARMOR=disable
+APPARMOR=complain
diff --git a/srcpkgs/runit-void/template b/srcpkgs/runit-void/template
index 2ac215c253f1..0c98cadc9e18 100644
--- a/srcpkgs/runit-void/template
+++ b/srcpkgs/runit-void/template
@@ -1,7 +1,7 @@
 # Template file for 'runit-void'
 pkgname=runit-void
 version=20210314
-revision=1
+revision=2
 wrksrc="void-runit-${version}"
 build_style=gnu-makefile
 short_desc="Void Linux runit scripts"