sys-process/audit/audit-2.8.5.ebuild

   1 # Copyright 1999-2019 Gentoo Authors
   2 # Distributed under the terms of the GNU General Public License v2
   3
   4 EAPI="6"
   5
   6 PYTHON_COMPAT=( python{2_7,3_5,3_6,3_7} )
   7
   8 inherit autotools multilib multilib-minimal toolchain-funcs preserve-libs python-r1 linux-info systemd usr-ldscript
   9
  10 DESCRIPTION="Userspace utilities for storing and processing auditing records"
  11 HOMEPAGE="https://people.redhat.com/sgrubb/audit/"
  12 SRC_URI="https://people.redhat.com/sgrubb/audit/${P}.tar.gz"
  13
  14 LICENSE="GPL-2+ LGPL-2.1+"
  15 SLOT="0"
  16 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86"
  17 IUSE="gssapi ldap python static-libs"
  18 REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
  19 # Testcases are pretty useless as they are built for RedHat users/groups and kernels.
  20 RESTRICT="test"
  21
  22 RDEPEND="gssapi? ( virtual/krb5 )
  23         ldap? ( net-nds/openldap )
  24         sys-libs/libcap-ng
  25         python? ( ${PYTHON_DEPS} )"
  26 DEPEND="${RDEPEND}
  27         >=sys-kernel/linux-headers-2.6.34
  28         python? ( dev-lang/swig:0 )"
  29 # Do not use os-headers as this is linux specific
  30
  31 CONFIG_CHECK="~AUDIT"
  32
  33 pkg_setup() {
  34         linux-info_pkg_setup
  35 }
  36
  37 src_prepare() {
  38         # Do not build GUI tools
  39         sed -i \
  40                 -e '/AC_CONFIG_SUBDIRS.*system-config-audit/d' \
  41                 "${S}"/configure.ac || die
  42         sed -i \
  43                 -e 's,system-config-audit,,g' \
  44                 "${S}"/Makefile.am || die
  45         rm -rf "${S}"/system-config-audit
  46
  47         # audisp-remote moved in multilib_src_install_all
  48         sed -i \
  49                 -e "s,/sbin/audisp-remote,${EPREFIX}/usr/sbin/audisp-remote," \
  50                 "${S}"/audisp/plugins/remote/au-remote.conf || die
  51
  52         # Don't build static version of Python module.
  53         eapply "${FILESDIR}"/${PN}-2.4.3-python.patch
  54
  55         # glibc/kernel upstreams suck with both defining ia64_fpreg
  56         # This patch is a horribly workaround that is only valid as long as you
  57         # don't need the OTHER definitions in fpu.h.
  58         eapply "${FILESDIR}"/${PN}-2.8.4-ia64-compile-fix.patch
  59
  60         # there is no --without-golang conf option
  61         sed -e "/^SUBDIRS =/s/ @gobind_dir@//" -i bindings/Makefile.am || die
  62
  63         eapply_user
  64
  65         # Regenerate autotooling
  66         eautoreconf
  67 }
  68
  69 multilib_src_configure() {
  70         local ECONF_SOURCE=${S}
  71         local my_conf="$(use_enable ldap zos-remote)"
  72         econf \
  73                 ${my_conf} \
  74                 --sbindir="${EPREFIX}/sbin" \
  75                 $(use_enable gssapi gssapi-krb5) \
  76                 $(use_enable static-libs static) \
  77                 --enable-systemd \
  78                 --without-python \
  79                 --without-python3
  80
  81         if multilib_is_native_abi; then
  82                 python_configure() {
  83                         mkdir -p "${BUILD_DIR}" || die
  84                         cd "${BUILD_DIR}" || die
  85
  86                         if python_is_python3; then
  87                                 econf ${my_conf} --without-python --with-python3
  88                         else
  89                                 econf ${my_conf} --with-python --without-python3
  90                         fi
  91                 }
  92
  93                 use python && python_foreach_impl python_configure
  94         fi
  95 }
  96
  97 src_configure() {
  98         tc-export_build_env BUILD_{CC,CPP}
  99         export CC_FOR_BUILD="${BUILD_CC}"
 100         export CPP_FOR_BUILD="${BUILD_CPP}"
 101
 102         multilib-minimal_src_configure
 103 }
 104
 105 multilib_src_compile() {
 106         if multilib_is_native_abi; then
 107                 default
 108
 109                 python_compile() {
 110                         local pysuffix pydef
 111                         if python_is_python3; then
 112                                 pysuffix=3
 113                                 pydef='USE_PYTHON3=true'
 114                         else
 115                                 pysuffix=2
 116                                 pydef='HAVE_PYTHON=true'
 117                         fi
 118
 119                         emake -C "${BUILD_DIR}"/bindings/swig \
 120                                 VPATH="${native_build}/lib" \
 121                                 LIBS="${native_build}/lib/libaudit.la" \
 122                                 _audit_la_LIBADD="${native_build}/lib/libaudit.la" \
 123                                 _audit_la_DEPENDENCIES="${S}/lib/libaudit.h ${native_build}/lib/libaudit.la" \
 124                                 ${pydef}
 125                         emake -C "${BUILD_DIR}"/bindings/python/python${pysuffix} \
 126                                 VPATH="${S}/bindings/python/python${pysuffix}:${native_build}/bindings/python/python${pysuffix}" \
 127                                 auparse_la_LIBADD="${native_build}/auparse/libauparse.la ${native_build}/lib/libaudit.la" \
 128                                 ${pydef}
 129                 }
 130
 131                 local native_build="${BUILD_DIR}"
 132                 use python && python_foreach_impl python_compile
 133         else
 134                 emake -C lib
 135                 emake -C auparse
 136         fi
 137 }
 138
 139 multilib_src_install() {
 140         if multilib_is_native_abi; then
 141                 emake DESTDIR="${D}" initdir="$(systemd_get_systemunitdir)" install
 142
 143                 python_install() {
 144                         local pysuffix pydef
 145                         if python_is_python3; then
 146                                 pysuffix=3
 147                                 pydef='USE_PYTHON3=true'
 148                         else
 149                                 pysuffix=2
 150                                 pydef='HAVE_PYTHON=true'
 151                         fi
 152
 153                         emake -C "${BUILD_DIR}"/bindings/swig \
 154                                 VPATH="${native_build}/lib" \
 155                                 LIBS="${native_build}/lib/libaudit.la" \
 156                                 _audit_la_LIBADD="${native_build}/lib/libaudit.la" \
 157                                 _audit_la_DEPENDENCIES="${S}/lib/libaudit.h ${native_build}/lib/libaudit.la" \
 158                                 ${pydef} \
 159                                 DESTDIR="${D}" install
 160                         emake -C "${BUILD_DIR}"/bindings/python/python${pysuffix} \
 161                                 VPATH="${S}/bindings/python/python${pysuffix}:${native_build}/bindings/python/python${pysuffix}" \
 162                                 auparse_la_LIBADD="${native_build}/auparse/libauparse.la ${native_build}/lib/libaudit.la" \
 163                                 ${pydef} \
 164                                 DESTDIR="${D}" install
 165                 }
 166
 167                 local native_build=${BUILD_DIR}
 168                 use python && python_foreach_impl python_install
 169
 170                 # things like shadow use this so we need to be in /
 171                 gen_usr_ldscript -a audit auparse
 172         else
 173                 emake -C lib DESTDIR="${D}" install
 174                 emake -C auparse DESTDIR="${D}" install
 175         fi
 176 }
 177
 178 multilib_src_install_all() {
 179         dodoc AUTHORS ChangeLog README* THANKS
 180         docinto contrib
 181         dodoc contrib/{avc_snap,skeleton.c}
 182         docinto contrib/plugin
 183         dodoc contrib/plugin/*
 184         docinto rules
 185         dodoc rules/*
 186
 187         newinitd "${FILESDIR}"/auditd-init.d-2.4.3 auditd
 188         newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd
 189
 190         [ -f "${ED}"/sbin/audisp-remote ] && \
 191         dodir /usr/sbin && \
 192         mv "${ED}"/{sbin,usr/sbin}/audisp-remote || die
 193
 194         # Gentoo rules
 195         insinto /etc/audit/
 196         newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules
 197         doins "${FILESDIR}"/audit.rules.stop*
 198
 199         # audit logs go here
 200         keepdir /var/log/audit/
 201
 202         find "${D}" -name '*.la' -delete || die
 203
 204         # Security
 205         lockdown_perms "${ED}"
 206 }
 207
 208 pkg_preinst() {
 209         # Preserve from the audit-1 series
 210         preserve_old_lib /$(get_libdir)/libaudit.so.0
 211 }
 212
 213 pkg_postinst() {
 214         lockdown_perms "${EROOT}"
 215         # Preserve from the audit-1 series
 216         preserve_old_lib_notify /$(get_libdir)/libaudit.so.0
 217 }
 218
 219 lockdown_perms() {
 220         # Upstream wants these to have restrictive perms.
 221         # Should not || die as not all paths may exist.
 222         local basedir="$1"
 223         chmod 0750 "${basedir}"/sbin/au{ditctl,report,dispd,ditd,search,trace} 2>/dev/null
 224         chmod 0750 "${basedir}"/var/log/audit/ 2>/dev/null
 225         chmod 0640 "${basedir}"/etc/{audit/,}{auditd.conf,audit.rules*} 2>/dev/null
 226 }