Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

apparmor: updating utilities to fresh python #34049

Merged
merged 3 commits into from Jan 20, 2018
Merged

apparmor: updating utilities to fresh python #34049

merged 3 commits into from Jan 20, 2018

Conversation

corpix
Copy link
Contributor

@corpix corpix commented Jan 19, 2018
edited

Motivation for this change

Apparmor utils are broken(I use 9ab7768 at the moment). For example, this is aa-audit --help output:

Traceback (most recent call last):
  File "/nix/store/jwc12pm1shfkp4bnp8yrf0w74xnryfn5-apparmor-utils-2.10/bin/.aa-audit-wrapped", line 17, in <module>
    import apparmor.tools
  File "/nix/store/jwc12pm1shfkp4bnp8yrf0w74xnryfn5-apparmor-utils-2.10/lib/python2.7/site-packages/apparmor/tools.py", line 17, in <module>
    import apparmor.aa as apparmor
  File "/nix/store/jwc12pm1shfkp4bnp8yrf0w74xnryfn5-apparmor-utils-2.10/lib/python2.7/site-packages/apparmor/aa.py", line 4345, in <module>
    if cfg['settings'].get('default_owner_prompt', False):
  File "/nix/store/jwc12pm1shfkp4bnp8yrf0w74xnryfn5-apparmor-utils-2.10/lib/python2.7/site-packages/apparmor/config.py", line 27, in __getitem__
    section_val = self.items(section)
  File "/nix/store/6yb5rvr6rvgvx8ylpchwz808djfw07rb-python-2.7.14/lib/python2.7/ConfigParser.py", line 642, in items
    raise NoSectionError(section)
ConfigParser.NoSectionError: No section: 'settings'
Error in atexit._run_exitfuncs:
Traceback (most recent call last):
  File "/nix/store/6yb5rvr6rvgvx8ylpchwz808djfw07rb-python-2.7.14/lib/python2.7/atexit.py", line 24, in _run_exitfuncs
    func(*targs, **kargs)
  File "/nix/store/jwc12pm1shfkp4bnp8yrf0w74xnryfn5-apparmor-utils-2.10/lib/python2.7/site-packages/apparmor/aa.py", line 128, in on_exit
    debug_logger.debug('Exiting..')
AttributeError: 'NoneType' object has no attribute 'debug'
Error in sys.exitfunc:
Traceback (most recent call last):
  File "/nix/store/6yb5rvr6rvgvx8ylpchwz808djfw07rb-python-2.7.14/lib/python2.7/atexit.py", line 24, in _run_exitfuncs
    func(*targs, **kargs)
  File "/nix/store/jwc12pm1shfkp4bnp8yrf0w74xnryfn5-apparmor-utils-2.10/lib/python2.7/site-packages/apparmor/aa.py", line 128, in on_exit
    debug_logger.debug('Exiting..')
AttributeError: 'NoneType' object has no attribute 'debug'

I was trying to fix them, and decided to update apparmor. Found this PR #33222, but it does not fix the tools, just made an update. Apparmor utils have moved to python 3, so I have updated the python version(python 2 is deprecated in apparmor since 2.11) and added separate derivation for aa-exec(it was moved to binutils directory inside apparmor source tree).

Mostly all tools are running successfully now, except two:

  • aa-notify probably perl(?) complains about ERROR: bad programe name '.aa-notify-wrapped', I tried to give .aa-notify-wrapped different name, after that it failed with Cannot read '/var/log/kern.log'. Probably we should have a patch so this tool could work with journald?
  • aa-remove-unknown fails with line 25: /lib/apparmor/rc.apparmor.functions: No such file or directory. I have no idea what could be done to fix this.

Based my changes on staging because #33222 is based on staging, feel free to contact me for a rebase :)

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

FRidh
FRidh reviewed Jan 19, 2018
View reviewed changes
pkgs/os-specific/linux/apparmor/default.nix Outdated
@@ -2,13 +2,16 @@
, pkgconfig, which
, flex, bison
, linuxHeaders ? stdenv.cc.libc.linuxHeaders
, pythonPackages
, python3Packages
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just pass in python3

pkgs/os-specific/linux/apparmor/default.nix Outdated
, pam
}:

let
python = python3Packages.python;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and drop this

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, pkgs.python3 and pkgs.python3Packages.python are redundant, didn't know about that. This is confusing a little bit :)

@FRidh FRidh merged commit 0db68e5 into NixOS:staging Jan 20, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FRidh FRidh FRidh left review comments

Assignees
No one assigned
Labels
6.topic: python 10.rebuild-darwin: 1-10 10.rebuild-linux: 501+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@corpix @FRidh @GrahamcOfBorg