grimm-nixos-laptop/hardening/apparmor/apparmor-d-package.nix

{
  buildGoModule,
  fetchFromGitHub,
  lib,
  unstableGitUpdater,
}:
buildGoModule {
  pname = "apparmor-d";
  version = "unstable-2025-02-18";

  src = fetchFromGitHub {
    rev = "af85db9148b17bb37b4d73454e78d4efec4c2db9";
    owner = "roddhjav";
    repo = "apparmor.d";
    hash = "sha256-mCc1DQXQvzeeA+sq67zK5o18tKByaB5dITmC77j9uEM=";
  };

  vendorHash = null;

  doCheck = false;
  dontCheckForBrokenSymlinks = true;

  patches = [
    ./apparmor-d-prebuild.patch
  ];

  subPackages = [
    "cmd/prebuild"
    "cmd/aa-log"
  ];

  passthru.updateScript = unstableGitUpdater { };

  postInstall = ''
    mkdir -p $out/etc

    DISTRIBUTION=nixos $out/bin/prebuild --abi 4 # fixme: replace with nixos support once available

    mv .build/apparmor.d $out/etc
    rm $out/bin/prebuild
  '';

  meta = {
    description = "Full set of AppArmor profiles (~ 1500 profiles) ";
    homepage = "https://github.com/roddhjav/apparmor.d";
    license = lib.licenses.gpl2Only;
    mainProgram = "aa-log";
    maintainers = with lib.maintainers; [ grimmauld ];
    platforms = lib.platforms.linux;
  };
}
nixfmt 2024-11-26 19:20:10 +01:00			`{`
			`buildGoModule,`
			`fetchFromGitHub,`
			`lib,`
			`unstableGitUpdater,`
			`}:`
use intended tooling: allows nixos-specific support in apparmor.d 2024-10-15 23:31:58 +02:00			`buildGoModule {`
experimental apparmor support 2024-10-12 18:19:18 +02:00			`pname = "apparmor-d";`
update 2025-02-19 23:30:28 +01:00			`version = "unstable-2025-02-18";`
experimental apparmor support 2024-10-12 18:19:18 +02:00
			`src = fetchFromGitHub {`
update 2025-02-19 23:30:28 +01:00			`rev = "af85db9148b17bb37b4d73454e78d4efec4c2db9";`
experimental apparmor support 2024-10-12 18:19:18 +02:00			`owner = "roddhjav";`
			`repo = "apparmor.d";`
update 2025-02-19 23:30:28 +01:00			`hash = "sha256-mCc1DQXQvzeeA+sq67zK5o18tKByaB5dITmC77j9uEM=";`
experimental apparmor support 2024-10-12 18:19:18 +02:00			`};`
use intended tooling: allows nixos-specific support in apparmor.d 2024-10-15 23:31:58 +02:00
nixfmt 2024-11-26 19:20:10 +01:00			`vendorHash = null;`

experimental apparmor support 2024-10-12 18:19:18 +02:00			`doCheck = false;`
update 2025-02-19 23:30:28 +01:00			`dontCheckForBrokenSymlinks = true;`
use intended tooling: allows nixos-specific support in apparmor.d 2024-10-15 23:31:58 +02:00
experimental apparmor support 2024-10-12 18:19:18 +02:00			`patches = [`
aa-alias-manager, lets go! 2024-10-25 13:47:17 +02:00			`./apparmor-d-prebuild.patch`
experimental apparmor support 2024-10-12 18:19:18 +02:00			`];`

clean up apparmor.d submodules 2024-10-16 09:06:29 +02:00			`subPackages = [`
			`"cmd/prebuild"`
			`"cmd/aa-log"`
			`];`

re-flake 2024-10-22 22:05:22 +02:00			`passthru.updateScript = unstableGitUpdater { };`

use intended tooling: allows nixos-specific support in apparmor.d 2024-10-15 23:31:58 +02:00			`postInstall = ''`
clean up apparmor.d submodules 2024-10-16 09:06:29 +02:00			`mkdir -p $out/etc`
nixfmt 2024-11-26 19:20:10 +01:00
aa-alias-manager, lets go! 2024-10-25 13:47:17 +02:00			`DISTRIBUTION=nixos $out/bin/prebuild --abi 4 # fixme: replace with nixos support once available`
nixfmt 2024-11-26 19:20:10 +01:00
use intended tooling: allows nixos-specific support in apparmor.d 2024-10-15 23:31:58 +02:00			`mv .build/apparmor.d $out/etc`
clean up apparmor.d submodules 2024-10-16 09:06:29 +02:00			`rm $out/bin/prebuild`
experimental apparmor support 2024-10-12 18:19:18 +02:00			`'';`
use intended tooling: allows nixos-specific support in apparmor.d 2024-10-15 23:31:58 +02:00
			`meta = {`
			`description = "Full set of AppArmor profiles (~ 1500 profiles) ";`
			`homepage = "https://github.com/roddhjav/apparmor.d";`
			`license = lib.licenses.gpl2Only;`
			`mainProgram = "aa-log";`
			`maintainers = with lib.maintainers; [ grimmauld ];`
			`platforms = lib.platforms.linux;`
			`};`
experimental apparmor support 2024-10-12 18:19:18 +02:00			`}`