apparmor: update to upstream nixpkgs#101071

author Julien Moutinho <julm@sourcephile.fr>

Tue, 1 Dec 2020 20:12:15 +0000 (21:12 +0100)

committer Julien Moutinho <julm@sourcephile.fr>

Tue, 1 Dec 2020 20:16:48 +0000 (21:16 +0100)
author Julien Moutinho <julm@sourcephile.fr>
Tue, 1 Dec 2020 20:12:15 +0000 (21:12 +0100)
committer Julien Moutinho <julm@sourcephile.fr>
Tue, 1 Dec 2020 20:16:48 +0000 (21:16 +0100)
diff --git a/nixpkgs/patches.nix b/nixpkgs/patches.nix

index 78f2162f8acd1053e1c04e56be363d242759b670..7b61630b36e8e4a622976029cac5b9f1ace7d310 100644 (file)
--- a/nixpkgs/patches.nix
+++ b/nixpkgs/patches.nix
@@ -12,10 +12,10 @@
  }
  */
  /*
-{
+{ # merged
    meta.description = "nixos/rspamd: add sandbox";
    url = "https://github.com/NixOS/nixpkgs/pull/93293.diff";
-  sha256 = "sha256-7OfBzJPeGVhHf4ziYLwOpqaYbElCsjLkT4Y/bbCOPx0=";
+  sha256 = "sha256-UBnEpI7TtECBsLwBTmEuvlR19A+F0MEw7ZhbA9o+wA8=";
  }
  */
  /*
@@ -63,7 +63,7 @@
  {
    meta.description = "apparmor: try again to fix and improve";
    url = "https://github.com/NixOS/nixpkgs/pull/101071.diff";
-  sha256 = "sha256-P83Qfw/wy1DrLF2yp5EfIqM4fq4xS54upi62dwEaRpM=";
+  sha256 = "sha256-/H23K8Cfkyy21xN8Vl8ylc+fcHJxCNFQok3GqAYXDbU=";
  }
  {
    meta.description = "Update public-inbox to 1.6.0 and add systemd services";
diff --git a/nixpkgs/patches.sh b/nixpkgs/patches.sh

index 3795e0bd48672b4e835ac3df2ff9f92b79c71ef8..91f9d2b40a89491236a047583f7a68fd3221a4a4 100755 (executable)
--- a/nixpkgs/patches.sh
+++ b/nixpkgs/patches.sh
@@ -1,6 +1,5 @@
  #!/usr/bin/env bash
  set -eux
-set -o pipefail
  githubToken=$(pass julm/github.com/token/nixpkgs-patches.sh)
  {
  echo '['
@@ -33,7 +32,8 @@ for pr in \
        sha256 = "0000000000000000000000000000000000000000000000000000";
      }
  EOF
-  hash=$(nix build -f "$nix" |& sed -ne 's/^ *got: *//p')
+  hash=$(nix -L build -f "$nix" |& sed -ne 's/^ *got: *//p')
+  test -n "$hash"
    # Token generated on https://github.com/settings/tokens
    info=$(curl -Ls -H "Authorization: token $githubToken" \
      https://api.github.com/repos/NixOS/nixpkgs/pulls/$PR)
diff --git a/nixpkgs/patches/apparmor.diff b/nixpkgs/patches/apparmor.diff

new file mode 100644 (file)

index 0000000..0993668
--- /dev/null
+++ b/nixpkgs/patches/apparmor.diff
@@ -0,0 +1,63 @@
+diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix
+index da8cfac3e07..c6c72cc4e52 100644
+--- a/pkgs/os-specific/linux/apparmor/default.nix
++++ b/pkgs/os-specific/linux/apparmor/default.nix
+@@ -20,8 +20,8 @@
+ }:
+ 
+ let
+-  apparmor-series = "2.13";
+-  apparmor-patchver = "5";
++  apparmor-series = "3.0";
++  apparmor-patchver = "0";
+   apparmor-version = apparmor-series + "." + apparmor-patchver;
+ 
+   apparmor-meta = component: with stdenv.lib; {
+@@ -33,8 +33,8 @@ let
+   };
+ 
+   apparmor-sources = fetchurl {
+-    url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-version}/+download/apparmor-${apparmor-version}.tar.gz";
+-    sha256 = "05x7r99k00r97v1cq2f711lv6yqzhbl8zp1i1c7kxra4v0a2lzk3";
++    url = "https://launchpad.net/apparmor/${apparmor-series}/${apparmor-series}/+download/apparmor-${apparmor-version}.tar.gz";
++    sha256 = "0pkm8f619c0ra8kpjmarzl9d409dn4sy0kl6mb92gd0ywlgpbzb6";
+   };
+ 
+   aa-teardown = writeShellScript "aa-teardown" ''
+@@ -146,7 +146,7 @@ let
+ 
+     postInstall = ''
+       sed -i $out/bin/aa-unconfined -e "/my_env\['PATH'\]/d"
+-      for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-status aa-unconfined ; do
++      for prog in aa-audit aa-autodep aa-cleanprof aa-complain aa-disable aa-enforce aa-genprof aa-logprof aa-mergeprof aa-unconfined ; do
+         wrapProgram $out/bin/$prog --prefix PYTHONPATH : "$out/lib/${python.libPrefix}/site-packages:$PYTHONPATH"
+       done
+ 
+@@ -156,8 +156,6 @@ let
+       makeWrapper ${perl}/bin/perl $out/bin/aa-notify --set PERL5LIB ${libapparmor}/${perl.libPrefix} --add-flags $out/bin/aa-notify-wrapped
+ 
+       substituteInPlace $out/bin/aa-remove-unknown \
+-       --replace "/usr/bin/aa-status" "$out/bin/aa-status" \
+-       --replace "/sbin/modprobe" "${kmod}/bin/modprobe" \
+        --replace "/lib/apparmor/rc.apparmor.functions" "${apparmor-parser}/lib/apparmor/rc.apparmor.functions"
+       wrapProgram $out/bin/aa-remove-unknown \
+        --prefix PATH : ${lib.makeBinPath [gawk]}
+@@ -190,7 +188,7 @@ let
+     prePatch = prePatchCommon;
+     postPatch = "cd ./binutils";
+     makeFlags = [ "LANGS=" "USE_SYSTEM=1" ];
+-    installFlags = [ "DESTDIR=$(out)" "BINDIR=$(out)/bin" ];
++    installFlags = [ "DESTDIR=$(out)" "BINDIR=$(out)/bin" "SBINDIR=$(out)/bin" ];
+ 
+     inherit doCheck;
+ 
+@@ -294,7 +292,8 @@ let
+         # eg. glibc-2.30/lib/gconv/gconv-modules
+         "r $path/lib/**"
+       ]
+-    }: rootPaths: runCommand "apparmor-closure-rules" {} ''
++    , name ? ""
++    }: rootPaths: runCommand "apparmor-closure-rules${optionalString (name != "") "-${name}"}" {} ''
+     touch $out
+     while read -r path
+     do printf >>$out "%s,\n" ${lib.concatMapStringsSep " " (x: "\"${x}\"") (baseRules ++ additionalRules)}
author	Julien Moutinho <julm@sourcephile.fr>
	Tue, 1 Dec 2020 20:12:15 +0000 (21:12 +0100)
committer	Julien Moutinho <julm@sourcephile.fr>
	Tue, 1 Dec 2020 20:16:48 +0000 (21:16 +0100)
nixpkgs/patches.nix		patch \| blob \| history
nixpkgs/patches.sh		patch \| blob \| history
nixpkgs/patches/apparmor.diff	[new file with mode: 0644]	patch \| blob