sys-process/audit/audit-2.8.3.ebuild

   1 # Copyright 1999-2020 Gentoo Authors
   2 # Distributed under the terms of the GNU General Public License v2
   3
   4 EAPI="6"
   5
   6 PYTHON_COMPAT=( python3_6 )
   7
   8 inherit autotools multilib multilib-minimal toolchain-funcs preserve-libs python-r1 linux-info systemd usr-ldscript
   9
  10 DESCRIPTION="Userspace utilities for storing and processing auditing records"
  11 HOMEPAGE="https://people.redhat.com/sgrubb/audit/"
  12 SRC_URI="https://people.redhat.com/sgrubb/audit/${P}.tar.gz"
  13
  14 LICENSE="GPL-2+ LGPL-2.1+"
  15 SLOT="0"
  16 KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~mips ppc ppc64 s390 sparc x86"
  17 IUSE="gssapi ldap python static-libs"
  18 REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
  19 # Testcases are pretty useless as they are built for RedHat users/groups and kernels.
  20 RESTRICT="test"
  21
  22 RDEPEND="gssapi? ( virtual/krb5 )
  23         ldap? ( net-nds/openldap )
  24         sys-libs/libcap-ng
  25         python? ( ${PYTHON_DEPS} )"
  26 DEPEND="${RDEPEND}
  27         >=sys-kernel/linux-headers-2.6.34
  28         python? ( dev-lang/swig:0 )"
  29 # Do not use os-headers as this is linux specific
  30
  31 CONFIG_CHECK="~AUDIT"
  32
  33 pkg_setup() {
  34         linux-info_pkg_setup
  35 }
  36
  37 src_prepare() {
  38         eapply_user
  39
  40         # Do not build GUI tools
  41         sed -i \
  42                 -e '/AC_CONFIG_SUBDIRS.*system-config-audit/d' \
  43                 "${S}"/configure.ac || die
  44         sed -i \
  45                 -e 's,system-config-audit,,g' \
  46                 "${S}"/Makefile.am || die
  47         rm -rf "${S}"/system-config-audit
  48
  49         if ! use ldap; then
  50                 sed -i \
  51                         -e '/^AC_OUTPUT/s,audisp/plugins/zos-remote/Makefile,,g' \
  52                         "${S}"/configure.ac || die
  53                 sed -i \
  54                         -e '/^SUBDIRS/s,zos-remote,,g' \
  55                         "${S}"/audisp/plugins/Makefile.am || die
  56         fi
  57
  58         # Don't build static version of Python module.
  59         eapply "${FILESDIR}"/${PN}-2.4.3-python.patch
  60
  61         # glibc/kernel upstreams suck with both defining ia64_fpreg
  62         # This patch is a horribly workaround that is only valid as long as you
  63         # don't need the OTHER definitions in fpu.h.
  64         eapply "${FILESDIR}"/${PN}-2.1.3-ia64-compile-fix.patch
  65
  66         # there is no --without-golang conf option
  67         sed -e "/^SUBDIRS =/s/ @gobind_dir@//" -i bindings/Makefile.am || die
  68
  69         # Regenerate autotooling
  70         eautoreconf
  71 }
  72
  73 multilib_src_configure() {
  74         local ECONF_SOURCE=${S}
  75         econf \
  76                 --sbindir="${EPREFIX}/sbin" \
  77                 $(use_enable gssapi gssapi-krb5) \
  78                 $(use_enable static-libs static) \
  79                 --enable-systemd \
  80                 --without-python \
  81                 --without-python3
  82
  83         if multilib_is_native_abi; then
  84                 python_configure() {
  85                         mkdir -p "${BUILD_DIR}" || die
  86                         cd "${BUILD_DIR}" || die
  87
  88                         if python_is_python3; then
  89                                 econf --without-python --with-python3
  90                         else
  91                                 econf --with-python --without-python3
  92                         fi
  93                 }
  94
  95                 use python && python_foreach_impl python_configure
  96         fi
  97 }
  98
  99 src_configure() {
 100         tc-export_build_env BUILD_{CC,CPP}
 101         export CC_FOR_BUILD="${BUILD_CC}"
 102         export CPP_FOR_BUILD="${BUILD_CPP}"
 103
 104         multilib-minimal_src_configure
 105 }
 106
 107 multilib_src_compile() {
 108         if multilib_is_native_abi; then
 109                 default
 110
 111                 python_compile() {
 112                         local pysuffix pydef
 113                         if python_is_python3; then
 114                                 pysuffix=3
 115                                 pydef='USE_PYTHON3=true'
 116                         else
 117                                 pysuffix=2
 118                                 pydef='HAVE_PYTHON=true'
 119                         fi
 120
 121                         emake -C "${BUILD_DIR}"/bindings/swig \
 122                                 VPATH="${native_build}/lib" \
 123                                 LIBS="${native_build}/lib/libaudit.la" \
 124                                 _audit_la_LIBADD="${native_build}/lib/libaudit.la" \
 125                                 _audit_la_DEPENDENCIES="${S}/lib/libaudit.h ${native_build}/lib/libaudit.la" \
 126                                 ${pydef}
 127                         emake -C "${BUILD_DIR}"/bindings/python/python${pysuffix} \
 128                                 VPATH="${S}/bindings/python/python${pysuffix}:${native_build}/bindings/python/python${pysuffix}" \
 129                                 auparse_la_LIBADD="${native_build}/auparse/libauparse.la ${native_build}/lib/libaudit.la" \
 130                                 ${pydef}
 131                 }
 132
 133                 local native_build="${BUILD_DIR}"
 134                 use python && python_foreach_impl python_compile
 135         else
 136                 emake -C lib
 137                 emake -C auparse
 138         fi
 139 }
 140
 141 multilib_src_install() {
 142         if multilib_is_native_abi; then
 143                 emake DESTDIR="${D}" initdir="$(systemd_get_systemunitdir)" install
 144
 145                 python_install() {
 146                         local pysuffix pydef
 147                         if python_is_python3; then
 148                                 pysuffix=3
 149                                 pydef='USE_PYTHON3=true'
 150                         else
 151                                 pysuffix=2
 152                                 pydef='HAVE_PYTHON=true'
 153                         fi
 154
 155                         emake -C "${BUILD_DIR}"/bindings/swig \
 156                                 VPATH="${native_build}/lib" \
 157                                 LIBS="${native_build}/lib/libaudit.la" \
 158                                 _audit_la_LIBADD="${native_build}/lib/libaudit.la" \
 159                                 _audit_la_DEPENDENCIES="${S}/lib/libaudit.h ${native_build}/lib/libaudit.la" \
 160                                 ${pydef} \
 161                                 DESTDIR="${D}" install
 162                         emake -C "${BUILD_DIR}"/bindings/python/python${pysuffix} \
 163                                 VPATH="${S}/bindings/python/python${pysuffix}:${native_build}/bindings/python/python${pysuffix}" \
 164                                 auparse_la_LIBADD="${native_build}/auparse/libauparse.la ${native_build}/lib/libaudit.la" \
 165                                 ${pydef} \
 166                                 DESTDIR="${D}" install
 167                 }
 168
 169                 local native_build=${BUILD_DIR}
 170                 use python && python_foreach_impl python_install
 171
 172                 # things like shadow use this so we need to be in /
 173                 gen_usr_ldscript -a audit auparse
 174         else
 175                 emake -C lib DESTDIR="${D}" install
 176                 emake -C auparse DESTDIR="${D}" install
 177         fi
 178 }
 179
 180 multilib_src_install_all() {
 181         dodoc AUTHORS ChangeLog README* THANKS TODO
 182         docinto contrib
 183         dodoc contrib/{avc_snap,skeleton.c}
 184         docinto contrib/plugin
 185         dodoc contrib/plugin/*
 186         docinto rules
 187         dodoc rules/*
 188
 189         newinitd "${FILESDIR}"/auditd-init.d-2.4.3 auditd
 190         newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd
 191
 192         [ -f "${ED}"/sbin/audisp-remote ] && \
 193         dodir /usr/sbin && \
 194         mv "${ED}"/{sbin,usr/sbin}/audisp-remote || die
 195
 196         # Gentoo rules
 197         insinto /etc/audit/
 198         newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules
 199         doins "${FILESDIR}"/audit.rules.stop*
 200
 201         # audit logs go here
 202         keepdir /var/log/audit/
 203
 204         find "${D}" -name '*.la' -delete || die
 205
 206         # Security
 207         lockdown_perms "${ED}"
 208 }
 209
 210 pkg_preinst() {
 211         # Preserve from the audit-1 series
 212         preserve_old_lib /$(get_libdir)/libaudit.so.0
 213 }
 214
 215 pkg_postinst() {
 216         lockdown_perms "${EROOT}"
 217         # Preserve from the audit-1 series
 218         preserve_old_lib_notify /$(get_libdir)/libaudit.so.0
 219 }
 220
 221 lockdown_perms() {
 222         # Upstream wants these to have restrictive perms.
 223         # Should not || die as not all paths may exist.
 224         local basedir="$1"
 225         chmod 0750 "${basedir}"/sbin/au{ditctl,report,dispd,ditd,search,trace} 2>/dev/null
 226         chmod 0750 "${basedir}"/var/log/audit/ 2>/dev/null
 227         chmod 0640 "${basedir}"/etc/{audit/,}{auditd.conf,audit.rules*} 2>/dev/null
 228 }