summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2023-08-07 06:15:55 +0100
committerSam James <sam@gentoo.org>2023-08-07 06:15:55 +0100
commit7592691cb3b0e238180f0259e47577926a4cfca2 (patch)
tree04a769cd707bfe32cf3154751065ad4602e146b4 /sys-process/audit
parentsys-process/audit: add PR link to musl patch (diff)
downloadgentoo-7592691cb3b0e238180f0259e47577926a4cfca2.tar.gz
gentoo-7592691cb3b0e238180f0259e47577926a4cfca2.tar.bz2
gentoo-7592691cb3b0e238180f0259e47577926a4cfca2.zip
sys-process/audit: add 3.1.2
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'sys-process/audit')
-rw-r--r--sys-process/audit/Manifest1
-rw-r--r--sys-process/audit/audit-3.1.2.ebuild181
2 files changed, 182 insertions, 0 deletions
diff --git a/sys-process/audit/Manifest b/sys-process/audit/Manifest
index 94290d8e8c3c..43342b9191b4 100644
--- a/sys-process/audit/Manifest
+++ b/sys-process/audit/Manifest
@@ -1,2 +1,3 @@
DIST audit-3.0.9.tar.gz 1210655 BLAKE2B a6b17ee61f506878cd70827b6ca2040762c762f10bdab7a253300d926cda59b300571c6df0e852ffb56db94620868de7dd22267ba1e8d1281e4ae1f702914b23 SHA512 5219eb0b41746eca3406008a97731c0083e7be50ec88563a39537de22cb69fe88490f5fe5a11535930f360b11a62538e2ff6cbe39e059cd760038363954ef4d6
DIST audit-3.1.1.tar.gz 1218111 BLAKE2B a804684e438efc5f35b387708b3dc91bf857eeb56624261e0f75543556c436bfe638b792f63289f049c11541b10b2dc0e9f17b22f44b913da0168b1cf20684fc SHA512 4917970cc4c7f786c464a6d101bf66d55d55ac4716cf415ff97177f08176a6301e946716d28cf5b16054538469b3140b97db99d55a28686a9a807eea60c070f3
+DIST audit-3.1.2.tar.gz 1219860 BLAKE2B dfdec470bf12cce6c570b3d260e65e2b49e8ac0761e6a6fbf7b4f4a57f92e88367cd74bfcb88e6d718619b88fea27ce963a977c9f4346c95d18a5310e217accb SHA512 a97003a294ed3671df01e2952688e7d5eef59a35f6891feb53e67c4c7eab9ae8c2d18de41a5b5b20e0ad7156fac93aec05f32f6bc5eea706b42b6f27f676446a
diff --git a/sys-process/audit/audit-3.1.2.ebuild b/sys-process/audit/audit-3.1.2.ebuild
new file mode 100644
index 000000000000..d2b9730673da
--- /dev/null
+++ b/sys-process/audit/audit-3.1.2.ebuild
@@ -0,0 +1,181 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# As with sys-libs/libcap-ng, same maintainer in Fedora as upstream, so
+# check Fedora's packaging (https://src.fedoraproject.org/rpms/audit/tree/rawhide)
+# on bumps (or if hitting a bug) to see what they've done there.
+
+PYTHON_COMPAT=( python3_{9..11} )
+
+inherit autotools multilib-minimal toolchain-funcs python-r1 linux-info systemd usr-ldscript
+
+DESCRIPTION="Userspace utilities for storing and processing auditing records"
+HOMEPAGE="https://people.redhat.com/sgrubb/audit/"
+SRC_URI="https://people.redhat.com/sgrubb/audit/${P}.tar.gz"
+
+LICENSE="GPL-2+ LGPL-2.1+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="gssapi io-uring ldap python static-libs test"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ sys-libs/libcap-ng
+ gssapi? ( virtual/krb5 )
+ ldap? ( net-nds/openldap:= )
+ python? ( ${PYTHON_DEPS} )
+"
+DEPEND="
+ ${RDEPEND}
+ >=sys-kernel/linux-headers-2.6.34
+ test? ( dev-libs/check )
+"
+BDEPEND="python? ( dev-lang/swig )"
+
+CONFIG_CHECK="~AUDIT"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-3.0.8-musl-malloc.patch
+)
+
+src_prepare() {
+ # audisp-remote moved in multilib_src_install_all
+ sed -i \
+ -e "s,/sbin/audisp-remote,${EPREFIX}/usr/sbin/audisp-remote," \
+ audisp/plugins/remote/au-remote.conf || die
+
+ # Disable installing sample rules so they can be installed as docs.
+ echo -e '%:\n\t:' | tee rules/Makefile.{am,in} >/dev/null || die
+
+ default
+ eautoreconf
+}
+
+multilib_src_configure() {
+ local myeconfargs=(
+ --sbindir="${EPREFIX}"/sbin
+ $(use_enable gssapi gssapi-krb5)
+ $(use_enable ldap zos-remote)
+ $(use_enable static-libs static)
+ $(use_with io-uring io_uring)
+ --enable-systemd
+ --without-golang
+ --without-libwrap
+ --without-python
+ --without-python3
+ )
+
+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+
+ if multilib_is_native_abi && use python; then
+ python_configure() {
+ mkdir -p "${BUILD_DIR}" || die
+ pushd "${BUILD_DIR}" &>/dev/null || die
+
+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" --with-python3
+
+ popd &>/dev/null || die
+ }
+
+ python_foreach_impl python_configure
+ fi
+}
+
+src_configure() {
+ tc-export_build_env BUILD_{CC,CPP}
+
+ local -x CC_FOR_BUILD="${BUILD_CC}"
+ local -x CPP_FOR_BUILD="${BUILD_CPP}"
+
+ multilib-minimal_src_configure
+}
+
+multilib_src_compile() {
+ if multilib_is_native_abi; then
+ default
+
+ local native_build="${BUILD_DIR}"
+
+ python_compile() {
+ emake -C "${BUILD_DIR}"/bindings/swig top_builddir="${native_build}"
+ emake -C "${BUILD_DIR}"/bindings/python/python3 top_builddir="${native_build}"
+ }
+
+ use python && python_foreach_impl python_compile
+ else
+ emake -C common
+ emake -C lib
+ emake -C auparse
+ fi
+}
+
+multilib_src_install() {
+ if multilib_is_native_abi; then
+ emake DESTDIR="${D}" initdir="$(systemd_get_systemunitdir)" install
+
+ local native_build="${BUILD_DIR}"
+
+ python_install() {
+ emake -C "${BUILD_DIR}"/bindings/swig DESTDIR="${D}" top_builddir="${native_build}" install
+ emake -C "${BUILD_DIR}"/bindings/python/python3 DESTDIR="${D}" top_builddir="${native_build}" install
+ python_optimize
+ }
+
+ use python && python_foreach_impl python_install
+
+ # Things like shadow use this so we need to be in /
+ gen_usr_ldscript -a audit auparse
+ else
+ emake -C lib DESTDIR="${D}" install
+ emake -C auparse DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc AUTHORS ChangeLog README* THANKS
+ docinto contrib
+ dodoc contrib/avc_snap
+ docinto contrib/plugin
+ dodoc contrib/plugin/*
+ docinto rules
+ dodoc rules/*rules
+
+ newinitd "${FILESDIR}"/auditd-init.d-2.4.3 auditd
+ newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd
+
+ if [[ -f "${ED}"/sbin/audisp-remote ]] ; then
+ dodir /usr/sbin
+ mv "${ED}"/{sbin,usr/sbin}/audisp-remote || die
+ fi
+
+ # Gentoo rules
+ insinto /etc/audit
+ newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules
+ doins "${FILESDIR}"/audit.rules.stop*
+ keepdir /etc/audit/rules.d
+
+ # audit logs go here
+ keepdir /var/log/audit
+
+ find "${ED}" -type f -name '*.la' -delete || die
+
+ # Security
+ lockdown_perms "${ED}"
+}
+
+pkg_postinst() {
+ lockdown_perms "${EROOT}"
+}
+
+lockdown_perms() {
+ # Upstream wants these to have restrictive perms.
+ # Should not || die as not all paths may exist.
+ local basedir="${1}"
+ chmod 0750 "${basedir}"/sbin/au{ditctl,ditd,report,search,trace} 2>/dev/null
+ chmod 0750 "${basedir}"/var/log/audit 2>/dev/null
+ chmod 0640 "${basedir}"/etc/audit/{auditd.conf,audit*.rules*} 2>/dev/null
+}