--- /dev/null
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+PYTHON_COMPAT=( python{2_7,3_3,3_4} )
+
+inherit autotools multilib multilib-minimal toolchain-funcs python-r1 linux-info eutils systemd
+
+DESCRIPTION="Userspace utilities for storing and processing auditing records"
+HOMEPAGE="http://people.redhat.com/sgrubb/audit/"
+SRC_URI="http://people.redhat.com/sgrubb/audit/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
+IUSE="ldap python"
+# Testcases are pretty useless as they are built for RedHat users/groups and
+# kernels.
+RESTRICT="test"
+
+RDEPEND="ldap? ( net-nds/openldap )
+ sys-libs/libcap-ng"
+DEPEND="${RDEPEND}
+ >=sys-kernel/linux-headers-2.6.34
+ python? (
+ ${PYTHON_DEPS}
+ dev-lang/swig:0
+ )"
+# Do not use os-headers as this is linux specific
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+CONFIG_CHECK="~AUDIT"
+
+pkg_setup() {
+ linux-info_pkg_setup
+}
+
+src_prepare() {
+ epatch_user
+
+ # Do not build GUI tools
+ sed -i \
+ -e '/AC_CONFIG_SUBDIRS.*system-config-audit/d' \
+ "${S}"/configure.ac || die
+ sed -i \
+ -e 's,system-config-audit,,g' \
+ "${S}"/Makefile.am || die
+ rm -rf "${S}"/system-config-audit
+
+ if ! use ldap; then
+ sed -i \
+ -e '/^AC_OUTPUT/s,audisp/plugins/zos-remote/Makefile,,g' \
+ "${S}"/configure.ac || die
+ sed -i \
+ -e '/^SUBDIRS/s,zos-remote,,g' \
+ "${S}"/audisp/plugins/Makefile.am || die
+ fi
+
+ # Don't build static version of Python module.
+ epatch "${FILESDIR}"/${PN}-2.4.3-python.patch
+
+ # glibc/kernel upstreams suck with both defining ia64_fpreg
+ # This patch is a horribly workaround that is only valid as long as you
+ # don't need the OTHER definitions in fpu.h.
+ epatch "${FILESDIR}"/${PN}-2.1.3-ia64-compile-fix.patch
+
+ # there is no --without-golang conf option
+ sed -e "/^SUBDIRS =/s/ @gobind_dir@//" -i bindings/Makefile.am || die
+
+ # Regenerate autotooling
+ eautoreconf
+
+ # Bug 352198: Avoid parallel build fail
+ cd "${S}"/src/mt
+ [[ ! -s private.h ]] && ln -s ../../lib/private.h .
+}
+
+multilib_src_configure() {
+ local ECONF_SOURCE=${S}
+ econf \
+ --sbindir=/sbin \
+ --enable-systemd \
+ --without-python \
+ --without-python3
+
+ if multilib_is_native_abi; then
+ python_configure() {
+ mkdir -p "${BUILD_DIR}" || die
+ cd "${BUILD_DIR}" || die
+
+ if python_is_python3; then
+ econf --without-python --with-python3
+ else
+ econf --with-python --without-python3
+ fi
+ }
+
+ use python && python_foreach_impl python_configure
+ fi
+}
+
+multilib_src_compile() {
+ if multilib_is_native_abi; then
+ default
+
+ python_compile() {
+ local pysuffix pydef
+ if python_is_python3; then
+ pysuffix=3
+ pydef='USE_PYTHON3=true'
+ else
+ pysuffix=2
+ pydef='HAVE_PYTHON=true'
+ fi
+
+ emake -C "${BUILD_DIR}"/bindings/swig \
+ VPATH="${native_build}/lib" \
+ LIBS="${native_build}/lib/libaudit.la" \
+ _audit_la_LIBADD="${native_build}/lib/libaudit.la" \
+ _audit_la_DEPENDENCIES="${S}/lib/libaudit.h ${native_build}/lib/libaudit.la" \
+ ${pydef}
+ emake -C "${BUILD_DIR}"/bindings/python/python${pysuffix} \
+ VPATH="${S}/bindings/python/python${pysuffix}:${native_build}/bindings/python/python${pysuffix}" \
+ auparse_la_LIBADD="${native_build}/auparse/libauparse.la ${native_build}/lib/libaudit.la" \
+ ${pydef}
+ }
+
+ local native_build="${BUILD_DIR}"
+ use python && python_foreach_impl python_compile
+ else
+ emake -C lib
+ emake -C auparse
+ fi
+}
+
+multilib_src_install() {
+ if multilib_is_native_abi; then
+ emake DESTDIR="${D}" initdir="$(systemd_get_unitdir)" install
+
+ python_install() {
+ local pysuffix pydef
+ if python_is_python3; then
+ pysuffix=3
+ pydef='USE_PYTHON3=true'
+ else
+ pysuffix=2
+ pydef='HAVE_PYTHON=true'
+ fi
+
+ emake -C "${BUILD_DIR}"/bindings/swig \
+ VPATH="${native_build}/lib" \
+ LIBS="${native_build}/lib/libaudit.la" \
+ _audit_la_LIBADD="${native_build}/lib/libaudit.la" \
+ _audit_la_DEPENDENCIES="${S}/lib/libaudit.h ${native_build}/lib/libaudit.la" \
+ ${pydef} \
+ DESTDIR="${D}" install
+ emake -C "${BUILD_DIR}"/bindings/python/python${pysuffix} \
+ VPATH="${S}/bindings/python/python${pysuffix}:${native_build}/bindings/python/python${pysuffix}" \
+ auparse_la_LIBADD="${native_build}/auparse/libauparse.la ${native_build}/lib/libaudit.la" \
+ ${pydef} \
+ DESTDIR="${D}" install
+ }
+
+ local native_build=${BUILD_DIR}
+ use python && python_foreach_impl python_install
+
+ # things like shadow use this so we need to be in /
+ gen_usr_ldscript -a audit auparse
+ else
+ emake -C lib DESTDIR="${D}" install
+ emake -C auparse DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc AUTHORS ChangeLog README* THANKS TODO
+ docinto contrib
+ dodoc contrib/{*.rules,avc_snap,skeleton.c}
+ docinto contrib/plugin
+ dodoc contrib/plugin/*
+
+ newinitd "${FILESDIR}"/auditd-init.d-2.4.3 auditd
+ newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd
+
+ chmod 644 "${D}/$(systemd_get_unitdir)"/auditd.service || die # 556436
+
+ [ -f "${D}"/sbin/audisp-remote ] && \
+ dodir /usr/sbin && \
+ mv "${D}"/{sbin,usr/sbin}/audisp-remote || die
+
+ # Gentoo rules
+ insinto /etc/audit/
+ newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules
+ doins "${FILESDIR}"/audit.rules.stop*
+
+ # audit logs go here
+ keepdir /var/log/audit/
+
+ # Security
+ lockdown_perms "${D}"
+
+ prune_libtool_files --modules
+}
+
+pkg_preinst() {
+ # Preserve from the audit-1 series
+ preserve_old_lib /$(get_libdir)/libaudit.so.0
+}
+
+pkg_postinst() {
+ lockdown_perms "${ROOT}"
+ # Preserve from the audit-1 series
+ preserve_old_lib_notify /$(get_libdir)/libaudit.so.0
+}
+
+lockdown_perms() {
+ # upstream wants these to have restrictive perms
+ basedir="$1"
+ chmod 0750 "${basedir}"/sbin/au{ditctl,report,dispd,ditd,search,trace} 2>/dev/null
+ chmod 0750 "${basedir}"/var/log/audit/ 2>/dev/null
+ chmod 0640 "${basedir}"/etc/{audit/,}{auditd.conf,audit.rules*} 2>/dev/null
+}
--- /dev/null
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_started_commands='reload reload_auditd reload_rules'
+description='Linux Auditing System'
+description_reload='Reload daemon configuration and rules'
+description_reload_rules='Reload daemon rules'
+description_reload_auditd='Reload daemon configuration'
+
+name='auditd'
+pidfile='/var/run/auditd.pid'
+command='/sbin/auditd'
+
+start_auditd() {
+ # Env handling taken from the upstream init script
+ if [ -z "$AUDITD_LANG" -o "$AUDITD_LANG" = "none" -o "$AUDITD_LANG" = "NONE" ]; then
+ unset LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+ else
+ LANG="$AUDITD_LANG"
+ LC_TIME="$AUDITD_LANG"
+ LC_ALL="$AUDITD_LANG"
+ LC_MESSAGES="$AUDITD_LANG"
+ LC_NUMERIC="$AUDITD_LANG"
+ LC_MONETARY="$AUDITD_LANG"
+ LC_COLLATE="$AUDITD_LANG"
+ export LANG LC_TIME LC_ALL LC_MESSAGES LC_NUMERIC LC_MONETARY LC_COLLATE
+ fi
+ unset HOME MAIL USER USERNAME
+
+ ebegin "Starting ${name}"
+ start-stop-daemon \
+ --start --quiet --pidfile ${pidfile} \
+ --exec ${command} -- ${EXTRAOPTIONS}
+ local ret=$?
+ eend $ret
+ return $ret
+}
+
+stop_auditd() {
+ ebegin "Stopping ${name}"
+ start-stop-daemon --stop --quiet --pidfile ${pidfile}
+ local ret=$?
+ eend $ret
+ return $ret
+}
+
+loadfile() {
+ local rules="$1"
+ if [ -n "${rules}" -a -f "${rules}" ]; then
+ einfo "Loading audit rules from ${rules}"
+ /sbin/auditctl -R "${rules}" >/dev/null
+ return $?
+ else
+ return 0
+ fi
+}
+
+start() {
+ start_auditd
+ local ret=$?
+ if [ $ret -eq 0 -a "${RC_CMD}" != "restart" ]; then
+ loadfile "${RULEFILE_STARTUP}"
+ fi
+ return $ret
+}
+
+reload_rules() {
+ loadfile "${RULEFILE_STARTUP}"
+}
+
+reload_auditd() {
+ ebegin "Reloading ${SVCNAME}"
+ start-stop-daemon --signal HUP \
+ --exec "${command}" --pidfile "${pidfile}"
+ eend $?
+}
+
+reload() {
+ reload_auditd
+ reload_rules
+}
+
+stop() {
+ [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_PRE}"
+ stop_auditd
+ local ret=$?
+ [ "${RC_CMD}" != "restart" ] && loadfile "${RULEFILE_STOP_POST}"
+ return $ret
+}
projects / gentoo.git / commitdiff