1 |
commit: cc83c96f2c3663bd1f99b7c4f5206a093236a5ba |
2 |
Author: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Jun 4 06:52:39 2018 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Jun 4 07:50:07 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cc83c96f |
7 |
|
8 |
sys-process/audit: bump to 2.8.3 |
9 |
|
10 |
Package-Manager: Portage-2.3.40, Repoman-2.3.9 |
11 |
|
12 |
sys-process/audit/Manifest | 1 + |
13 |
sys-process/audit/audit-2.8.3.ebuild | 230 +++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 231 insertions(+) |
15 |
|
16 |
diff --git a/sys-process/audit/Manifest b/sys-process/audit/Manifest |
17 |
index 7303bc7843e..b95d1676625 100644 |
18 |
--- a/sys-process/audit/Manifest |
19 |
+++ b/sys-process/audit/Manifest |
20 |
@@ -1,3 +1,4 @@ |
21 |
DIST audit-2.6.4.tar.gz 1078677 BLAKE2B 056d9f269926d9b0d74f7187f833f1e94d4e03a5137750fe4ff87b71fa0ce0e0a8569b97ecbd671f951061cfb088dff17b46e37cc14122864c37615356646fc5 SHA512 69b5d3987d2b8b189d1242fde639af3d7d366e901733133e47ee71223caf73aa7da40b7811298f0af861969b0ab482c5ef9830b711bdd15bd5f4d0ebc88a1224 |
22 |
DIST audit-2.7.1.tar.gz 1099083 BLAKE2B 10f72ac3273ce9e23e1fb8ad8d57dcae772ba1f861f519867399d95e14f4809897637969de45566d62a73a35e5674260155773daf8de00481fcbd1b9c3138f96 SHA512 37964d81deee8608fde5f90d5d096727d3eb009e084be34749adcb0662e607e35c49c80bd83ce38b17161f11363b691721c8a8aa5dea832d320c53ab0ebb7483 |
23 |
DIST audit-2.8.2.tar.gz 1121970 BLAKE2B bbec694ed1177a8590d035c2d6d197e49343fc370b101589e58736042c3b12cabb68fe796422f3133feb79068ab7d5931efa5414d22edead10c8871fefcd2549 SHA512 888ebf5e8e9d285b82d87377fc8836886d7a8b089c1be4091420a77a0250c9baf09aebb7a6330ff5043fb35f51eb6baf8d4491e26da7ad0811f0087e395b5012 |
24 |
+DIST audit-2.8.3.tar.gz 1107583 BLAKE2B 21c2b8543a31c0ca4319af40b844f4400615108a59195a95ea79499ff2923d7dbbc840716d60dfba311bfc451983cd4cd0f7cb27c2444825df2c0dfb50f9614f SHA512 aa939b81a66111f4e466208d7a38414bd186d00ccd374b420439764905b4707bbfcdc2331a6179a080fca981d19171696ecabd26674205b2f9339c44954db933 |
25 |
|
26 |
diff --git a/sys-process/audit/audit-2.8.3.ebuild b/sys-process/audit/audit-2.8.3.ebuild |
27 |
new file mode 100644 |
28 |
index 00000000000..c03f103ef2f |
29 |
--- /dev/null |
30 |
+++ b/sys-process/audit/audit-2.8.3.ebuild |
31 |
@@ -0,0 +1,230 @@ |
32 |
+# Copyright 1999-2018 Gentoo Foundation |
33 |
+# Distributed under the terms of the GNU General Public License v2 |
34 |
+ |
35 |
+EAPI="6" |
36 |
+ |
37 |
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} ) |
38 |
+ |
39 |
+inherit autotools multilib multilib-minimal toolchain-funcs preserve-libs python-r1 linux-info systemd |
40 |
+ |
41 |
+DESCRIPTION="Userspace utilities for storing and processing auditing records" |
42 |
+HOMEPAGE="https://people.redhat.com/sgrubb/audit/" |
43 |
+SRC_URI="https://people.redhat.com/sgrubb/audit/${P}.tar.gz" |
44 |
+ |
45 |
+LICENSE="GPL-2" |
46 |
+SLOT="0" |
47 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" |
48 |
+IUSE="gssapi ldap python static-libs" |
49 |
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" |
50 |
+# Testcases are pretty useless as they are built for RedHat users/groups and kernels. |
51 |
+RESTRICT="test" |
52 |
+ |
53 |
+RDEPEND="gssapi? ( virtual/krb5 ) |
54 |
+ ldap? ( net-nds/openldap ) |
55 |
+ sys-libs/libcap-ng |
56 |
+ python? ( ${PYTHON_DEPS} )" |
57 |
+DEPEND="${RDEPEND} |
58 |
+ >=sys-kernel/linux-headers-2.6.34 |
59 |
+ python? ( dev-lang/swig:0 )" |
60 |
+# Do not use os-headers as this is linux specific |
61 |
+ |
62 |
+CONFIG_CHECK="~AUDIT" |
63 |
+ |
64 |
+pkg_setup() { |
65 |
+ linux-info_pkg_setup |
66 |
+} |
67 |
+ |
68 |
+src_prepare() { |
69 |
+ eapply_user |
70 |
+ |
71 |
+ # Do not build GUI tools |
72 |
+ sed -i \ |
73 |
+ -e '/AC_CONFIG_SUBDIRS.*system-config-audit/d' \ |
74 |
+ "${S}"/configure.ac || die |
75 |
+ sed -i \ |
76 |
+ -e 's,system-config-audit,,g' \ |
77 |
+ "${S}"/Makefile.am || die |
78 |
+ rm -rf "${S}"/system-config-audit |
79 |
+ |
80 |
+ if ! use ldap; then |
81 |
+ sed -i \ |
82 |
+ -e '/^AC_OUTPUT/s,audisp/plugins/zos-remote/Makefile,,g' \ |
83 |
+ "${S}"/configure.ac || die |
84 |
+ sed -i \ |
85 |
+ -e '/^SUBDIRS/s,zos-remote,,g' \ |
86 |
+ "${S}"/audisp/plugins/Makefile.am || die |
87 |
+ fi |
88 |
+ |
89 |
+ # Don't build static version of Python module. |
90 |
+ eapply "${FILESDIR}"/${PN}-2.4.3-python.patch |
91 |
+ |
92 |
+ # glibc/kernel upstreams suck with both defining ia64_fpreg |
93 |
+ # This patch is a horribly workaround that is only valid as long as you |
94 |
+ # don't need the OTHER definitions in fpu.h. |
95 |
+ eapply "${FILESDIR}"/${PN}-2.1.3-ia64-compile-fix.patch |
96 |
+ |
97 |
+ # there is no --without-golang conf option |
98 |
+ sed -e "/^SUBDIRS =/s/ @gobind_dir@//" -i bindings/Makefile.am || die |
99 |
+ |
100 |
+ # Regenerate autotooling |
101 |
+ eautoreconf |
102 |
+} |
103 |
+ |
104 |
+multilib_src_configure() { |
105 |
+ local ECONF_SOURCE=${S} |
106 |
+ econf \ |
107 |
+ --sbindir="${EPREFIX}/sbin" \ |
108 |
+ $(use_enable gssapi gssapi-krb5) \ |
109 |
+ $(use_enable static-libs static) \ |
110 |
+ --enable-systemd \ |
111 |
+ --without-python \ |
112 |
+ --without-python3 |
113 |
+ |
114 |
+ if multilib_is_native_abi; then |
115 |
+ python_configure() { |
116 |
+ mkdir -p "${BUILD_DIR}" || die |
117 |
+ cd "${BUILD_DIR}" || die |
118 |
+ |
119 |
+ if python_is_python3; then |
120 |
+ econf --without-python --with-python3 |
121 |
+ else |
122 |
+ econf --with-python --without-python3 |
123 |
+ fi |
124 |
+ } |
125 |
+ |
126 |
+ use python && python_foreach_impl python_configure |
127 |
+ fi |
128 |
+} |
129 |
+ |
130 |
+src_configure() { |
131 |
+ tc-export_build_env BUILD_{CC,CPP} |
132 |
+ export CC_FOR_BUILD="${BUILD_CC}" |
133 |
+ export CPP_FOR_BUILD="${BUILD_CPP}" |
134 |
+ |
135 |
+ multilib-minimal_src_configure |
136 |
+} |
137 |
+ |
138 |
+multilib_src_compile() { |
139 |
+ if multilib_is_native_abi; then |
140 |
+ default |
141 |
+ |
142 |
+ python_compile() { |
143 |
+ local pysuffix pydef |
144 |
+ if python_is_python3; then |
145 |
+ pysuffix=3 |
146 |
+ pydef='USE_PYTHON3=true' |
147 |
+ else |
148 |
+ pysuffix=2 |
149 |
+ pydef='HAVE_PYTHON=true' |
150 |
+ fi |
151 |
+ |
152 |
+ emake -C "${BUILD_DIR}"/bindings/swig \ |
153 |
+ VPATH="${native_build}/lib" \ |
154 |
+ LIBS="${native_build}/lib/libaudit.la" \ |
155 |
+ _audit_la_LIBADD="${native_build}/lib/libaudit.la" \ |
156 |
+ _audit_la_DEPENDENCIES="${S}/lib/libaudit.h ${native_build}/lib/libaudit.la" \ |
157 |
+ ${pydef} |
158 |
+ emake -C "${BUILD_DIR}"/bindings/python/python${pysuffix} \ |
159 |
+ VPATH="${S}/bindings/python/python${pysuffix}:${native_build}/bindings/python/python${pysuffix}" \ |
160 |
+ auparse_la_LIBADD="${native_build}/auparse/libauparse.la ${native_build}/lib/libaudit.la" \ |
161 |
+ ${pydef} |
162 |
+ } |
163 |
+ |
164 |
+ local native_build="${BUILD_DIR}" |
165 |
+ use python && python_foreach_impl python_compile |
166 |
+ else |
167 |
+ emake -C lib |
168 |
+ emake -C auparse |
169 |
+ fi |
170 |
+} |
171 |
+ |
172 |
+multilib_src_install() { |
173 |
+ if multilib_is_native_abi; then |
174 |
+ emake DESTDIR="${D}" initdir="$(systemd_get_systemunitdir)" install |
175 |
+ |
176 |
+ python_install() { |
177 |
+ local pysuffix pydef |
178 |
+ if python_is_python3; then |
179 |
+ pysuffix=3 |
180 |
+ pydef='USE_PYTHON3=true' |
181 |
+ else |
182 |
+ pysuffix=2 |
183 |
+ pydef='HAVE_PYTHON=true' |
184 |
+ fi |
185 |
+ |
186 |
+ emake -C "${BUILD_DIR}"/bindings/swig \ |
187 |
+ VPATH="${native_build}/lib" \ |
188 |
+ LIBS="${native_build}/lib/libaudit.la" \ |
189 |
+ _audit_la_LIBADD="${native_build}/lib/libaudit.la" \ |
190 |
+ _audit_la_DEPENDENCIES="${S}/lib/libaudit.h ${native_build}/lib/libaudit.la" \ |
191 |
+ ${pydef} \ |
192 |
+ DESTDIR="${D}" install |
193 |
+ emake -C "${BUILD_DIR}"/bindings/python/python${pysuffix} \ |
194 |
+ VPATH="${S}/bindings/python/python${pysuffix}:${native_build}/bindings/python/python${pysuffix}" \ |
195 |
+ auparse_la_LIBADD="${native_build}/auparse/libauparse.la ${native_build}/lib/libaudit.la" \ |
196 |
+ ${pydef} \ |
197 |
+ DESTDIR="${D}" install |
198 |
+ } |
199 |
+ |
200 |
+ local native_build=${BUILD_DIR} |
201 |
+ use python && python_foreach_impl python_install |
202 |
+ |
203 |
+ # things like shadow use this so we need to be in / |
204 |
+ gen_usr_ldscript -a audit auparse |
205 |
+ else |
206 |
+ emake -C lib DESTDIR="${D}" install |
207 |
+ emake -C auparse DESTDIR="${D}" install |
208 |
+ fi |
209 |
+} |
210 |
+ |
211 |
+multilib_src_install_all() { |
212 |
+ dodoc AUTHORS ChangeLog README* THANKS TODO |
213 |
+ docinto contrib |
214 |
+ dodoc contrib/{avc_snap,skeleton.c} |
215 |
+ docinto contrib/plugin |
216 |
+ dodoc contrib/plugin/* |
217 |
+ docinto rules |
218 |
+ dodoc rules/* |
219 |
+ |
220 |
+ newinitd "${FILESDIR}"/auditd-init.d-2.4.3 auditd |
221 |
+ newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd |
222 |
+ |
223 |
+ fperms 644 "$(systemd_get_systemunitdir)"/auditd.service # 556436 |
224 |
+ |
225 |
+ [ -f "${ED}"/sbin/audisp-remote ] && \ |
226 |
+ dodir /usr/sbin && \ |
227 |
+ mv "${ED}"/{sbin,usr/sbin}/audisp-remote || die |
228 |
+ |
229 |
+ # Gentoo rules |
230 |
+ insinto /etc/audit/ |
231 |
+ newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules |
232 |
+ doins "${FILESDIR}"/audit.rules.stop* |
233 |
+ |
234 |
+ # audit logs go here |
235 |
+ keepdir /var/log/audit/ |
236 |
+ |
237 |
+ find "${D}" -name '*.la' -delete || die |
238 |
+ |
239 |
+ # Security |
240 |
+ lockdown_perms "${ED}" |
241 |
+} |
242 |
+ |
243 |
+pkg_preinst() { |
244 |
+ # Preserve from the audit-1 series |
245 |
+ preserve_old_lib /$(get_libdir)/libaudit.so.0 |
246 |
+} |
247 |
+ |
248 |
+pkg_postinst() { |
249 |
+ lockdown_perms "${EROOT}" |
250 |
+ # Preserve from the audit-1 series |
251 |
+ preserve_old_lib_notify /$(get_libdir)/libaudit.so.0 |
252 |
+} |
253 |
+ |
254 |
+lockdown_perms() { |
255 |
+ # Upstream wants these to have restrictive perms. |
256 |
+ # Should not || die as not all paths may exist. |
257 |
+ local basedir="$1" |
258 |
+ chmod 0750 "${basedir}"/sbin/au{ditctl,report,dispd,ditd,search,trace} 2>/dev/null |
259 |
+ chmod 0750 "${basedir}"/var/log/audit/ 2>/dev/null |
260 |
+ chmod 0640 "${basedir}"/etc/{audit/,}{auditd.conf,audit.rules*} 2>/dev/null |
261 |
+} |