[yocto] [meta-security][thud][PATCH 2/3] apparmor: fix systemd support so it works

Mon Oct 28 14:59:26 PDT 2019

From: Armin Kuster <akuster808 at gmail.com>

[Yocto # 13568]

Signed-off-by: Armin Kuster <akuster808 at gmail.com>
(cherry picked from commit 5d049e7ef8a0a0a811e2ea1353521c6898e54e4d)
Signed-off-by: Anders Montonen <Anders.Montonen at iki.fi>
---
 recipes-security/AppArmor/apparmor_2.12.bb | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/recipes-security/AppArmor/apparmor_2.12.bb b/recipes-security/AppArmor/apparmor_2.12.bb
index 377d918..ad7f94e 100644
--- a/recipes-security/AppArmor/apparmor_2.12.bb
+++ b/recipes-security/AppArmor/apparmor_2.12.bb
@@ -43,7 +43,6 @@ PACKAGECONFIG[apache2] = ",,apache2,"
 PAMLIB="${@bb.utils.contains('DISTRO_FEATURES', 'pam', '1', '0', d)}"
 HTTPD="${@bb.utils.contains('PACKAGECONFIG', 'apache2', '1', '0', d)}"
 
-
 python() {
     if 'apache2' in d.getVar('PACKAGECONFIG').split() and \
             'webserver' not in d.getVar('BBFILE_COLLECTIONS').split():
@@ -83,7 +82,6 @@ do_compile () {
 do_install () {
 	install -d ${D}/${INIT_D_DIR}
 	install -d ${D}/lib/apparmor
-		
 	oe_runmake -C ${B}/libraries/libapparmor DESTDIR="${D}" install
 	oe_runmake -C ${B}/binutils DESTDIR="${D}" install
 	oe_runmake -C ${B}/utils DESTDIR="${D}" install
@@ -104,10 +102,12 @@ do_install () {
 
 	install ${WORKDIR}/apparmor ${D}/${INIT_D_DIR}/apparmor
 	install ${WORKDIR}/functions ${D}/lib/apparmor
-	if [ "${VIRTUAL-RUNTIME_init_manager}" = "systemd" ]; then
+	sed -i -e 's/getconf _NPROCESSORS_ONLN/nproc/' ${D}/lib/apparmor/functions
+	sed -i -e 's/ls -AU/ls -A/' ${D}/lib/apparmor/functions
+
+	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
 		install -d ${D}${systemd_system_unitdir}
-		install ${WORKDIR}/apparmor.service \
-			${D}${systemd_system_unitdir}
+		install ${WORKDIR}/apparmor.service ${D}${systemd_system_unitdir}
 	fi
 }
 
@@ -156,13 +156,19 @@ do_install_ptest_arm() {
   :
 }
 
+# We need the init script so don't rm it
+python() {
+    postfuncs = d.getVarFlags('do_install')['postfuncs'].replace('rm_sysvinit_initddir', '')
+    d.setVarFlags('do_install', { 'postfuncs': postfuncs })
+}
+
 INITSCRIPT_PACKAGES = "${PN}"
 INITSCRIPT_NAME = "apparmor"
 INITSCRIPT_PARAMS = "start 16 2 3 4 5 . stop 35 0 1 6 ."
 
 SYSTEMD_PACKAGES = "${PN}"
 SYSTEMD_SERVICE_${PN} = "apparmor.service"
-SYSTEMD_AUTO_ENABLE = "disable"
+SYSTEMD_AUTO_ENABLE ?= "enable"
 
 PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'apache2', 'mod-${PN}', '', d)}"
 
-- 
2.17.1

