[gentoo-commits] dev/anarchy:master commit in: sys-process/audit/files/, sys-process/audit/

["Jory Pratt" <anarchy@gentoo.org>]

commit:     16f725a14336246eae50efed42123803e206cd71
Author:     Jory A. Pratt <anarchy <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 10 14:02:35 2011 +0000
Commit:     Jory Pratt <anarchy <AT> gentoo <DOT> org>
CommitDate: Sun Apr 10 14:02:35 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=dev/anarchy.git;a=commit;h=16f725a1

Fix support for gcc-4.6

---
 sys-process/audit/Manifest                         |   10 ++
 sys-process/audit/audit-1.7.4.ebuild               |  135 ++++++++++++++++++++
 .../audit/files/audit-1.6.8-subdirs-fix.patch      |   12 ++
 sys-process/audit/files/audit-1.7.4-glibc212.patch |   13 ++
 sys-process/audit/files/audit-1.7.4-python.patch   |   12 ++
 sys-process/audit/files/audit.rules                |   25 ++++
 sys-process/audit/files/audit.rules.stop.post      |   13 ++
 sys-process/audit/files/audit.rules.stop.pre       |   13 ++
 sys-process/audit/files/auditd-conf.d-1.2.3        |   16 +++
 sys-process/audit/files/auditd-init.d-1.2.3        |   58 +++++++++
 10 files changed, 307 insertions(+), 0 deletions(-)

diff --git a/sys-process/audit/Manifest b/sys-process/audit/Manifest
new file mode 100644
index 0000000..8d4d4cf
--- /dev/null
+++ b/sys-process/audit/Manifest
@@ -0,0 +1,10 @@
+AUX audit-1.6.8-subdirs-fix.patch 548 RMD160 e17fef17c9f5d19a19ec912e9e693080436af938 SHA1 efe094b98380a34d840910f8a0375c21c8fb052b SHA256 26b3ce2f56ce792924be534a43e4c455b9067898642419a1411c4048f1da6c47
+AUX audit-1.7.4-glibc212.patch 316 RMD160 55963c994f336a04b975b019573721d809ab52a4 SHA1 6fbcf866ae273e7f5542cd68ddfd389f68068837 SHA256 248eaa9e69ab50d766a05bf4ba26efbee84396fb34e321d562dc47a7a95f4e28
+AUX audit-1.7.4-python.patch 456 RMD160 b370a77902853dd2280cffe452a33969adb3a360 SHA1 11e25141cfcdc81becd9c95fea14e04be5a0db74 SHA256 c457c9f35956ebdb960bbf9288bf2c0acfaf224a87a0ec7d243d1566e783f018
+AUX audit.rules 997 RMD160 bfa56758dd5f2caa8835f8d01a465124f4591c69 SHA1 f487461c83c6a732ebbe2c9811911550c92468ec SHA256 adc4779fd55919ca32b2de0d955779b7950a159c449a46ea7c0c6654a9049ee9
+AUX audit.rules.stop.post 573 RMD160 2e6503fc7ee07c4c1e58fb9ddf4b13eec6d95044 SHA1 4ef80c15f2792f17c1764eb2e21654ede46e482d SHA256 4c2e0be1a63b6800396e31153a899d4e3f2db1cee41b4dd271064dc97521edfe
+AUX audit.rules.stop.pre 500 RMD160 6b56a9522e140b48b7f7e67570596ba298a51dc7 SHA1 032921fc3ee730139b39f019b0268a2f1b1962ad SHA256 044cf06cea49f9d38ea114eb16b0a1428465fa2158aea713ef92e67e07e13c48
+AUX auditd-conf.d-1.2.3 686 RMD160 7963d2ac1ec7878db5fc29b6512742ceb0bc2ef5 SHA1 95f171317014f6e2435186953ad21d68a7f3f471 SHA256 5e0ffdc1c446bb906d25c977b0e9adb813610a15dc4d60b52d25026816adb602
+AUX auditd-init.d-1.2.3 1136 RMD160 ceddd2ce12be248183722b59240d662f507a16eb SHA1 f6fa0da5640bfa234219ebd3304d9f343c97371c SHA256 fd5e01b4aa83d848a2e97832b0ff0610610b7857ec7f0201f0f7cbeff8eec725
+DIST audit-1.7.4.tar.gz 840298 RMD160 08d57fc039021f05763920603c435747fe51c954 SHA1 5348fc1f310fd8eb068480c6b6d61e3c24c58207 SHA256 db5412852aa36ee25eb174e4f4a4676cc2d0b93cbe41a740eebf903b49b4d593
+EBUILD audit-1.7.4.ebuild 3544 RMD160 5999a689762575300ebeb8e5dfc464c643747b4d SHA1 a6e470f1d433d4f84bedae4e733e3e472474c230 SHA256 f3d1a18fa2b24d38a7db4e2789cb635476531ce6a31ccc0957a8924902a48591

diff --git a/sys-process/audit/audit-1.7.4.ebuild b/sys-process/audit/audit-1.7.4.ebuild
new file mode 100644
index 0000000..23f6d5a
--- /dev/null
+++ b/sys-process/audit/audit-1.7.4.ebuild
@@ -0,0 +1,135 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/audit-1.7.4.ebuild,v 1.7 2011/04/04 23:02:19 jer Exp $
+
+EAPI="3"
+PYTHON_DEPEND="2"
+
+inherit autotools multilib toolchain-funcs python
+
+DESCRIPTION="Userspace utilities for storing and processing auditing records"
+HOMEPAGE="http://people.redhat.com/sgrubb/audit/"
+SRC_URI="http://people.redhat.com/sgrubb/audit/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="ldap"
+# Testcases are pretty useless as they are built for RedHat users/groups and
+# kernels.
+RESTRICT="test"
+
+RDEPEND="ldap? ( net-nds/openldap )"
+DEPEND="${RDEPEND}
+	dev-lang/swig
+	>=sys-kernel/linux-headers-2.6.23"
+# Do not use os-headers as this is linux specific
+
+pkg_setup() {
+	python_set_active_version 2
+	python_pkg_setup
+}
+
+src_prepare() {
+	# Old patch applies fine
+	#EPATCH_OPTS="-p0 -d${S}" epatch "${FILESDIR}"/${PN}-1.5.4-build.patch
+
+	# Applied by upstream
+	#EPATCH_OPTS="-p1 -d${S}" epatch "${FILESDIR}"/${PN}-1.5.4-swig-gcc-attribute.patch
+
+	# Do not build GUI tools
+	sed -i \
+		-e '/AC_CONFIG_SUBDIRS.*system-config-audit/d' \
+		"${S}"/configure.ac
+	sed -i \
+		-e 's,system-config-audit,,g' \
+		-e '/^SUBDIRS/s,\\$,,g' \
+		"${S}"/Makefile.am
+	rm -rf "${S}"/system-config-audit
+
+	# Probably goes away in 1.6.9
+	EPATCH_OPTS="-p1 -d${S}" epatch "${FILESDIR}"/audit-1.6.8-subdirs-fix.patch
+
+	if ! use ldap; then
+		sed -i \
+			-e '/^AC_OUTPUT/s,audisp/plugins/zos-remote/Makefile,,g' \
+			"${S}"/configure.ac
+		sed -i \
+			-e '/^SUBDIRS/s,zos-remote,,g' \
+			"${S}"/audisp/plugins/Makefile.am
+	fi
+
+	epatch "${FILESDIR}"/${P}-glibc212.patch
+
+	# Don't build static version of Python module.
+	epatch "${FILESDIR}"/${P}-python.patch
+
+	# Regenerate autotooling
+	eautoreconf
+
+	# Bug #362037 Fix compilation with gcc-4.6.0
+	sed -i -e "s:mode_t:rmode_t:" ${S}/audisp/plugins/remote/remote-config.h ||
+		die "Failed to correct use of mode_t"
+
+	# Disable byte-compilation of Python modules.
+	echo "#!/bin/sh" > py-compile
+
+	# Bug 352198: Avoid parallel build fail
+	cd "${S}"/src/mt
+	[[ ! -s private.h ]] && ln -s ../../lib/private.h .
+}
+
+src_configure() {
+	#append-flags -D'__attribute__(x)='
+	econf --sbindir=/sbin --without-prelude
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "emake install failed"
+	dodoc AUTHORS ChangeLog README* THANKS TODO
+	docinto contrib
+	dodoc contrib/*
+	docinto contrib/plugin
+	dodoc contrib/plugin/*
+
+	newinitd "${FILESDIR}"/auditd-init.d-1.2.3 auditd
+	newconfd "${FILESDIR}"/auditd-conf.d-1.2.3 auditd
+
+	# things like shadow use this so we need to be in /
+	dodir /$(get_libdir)
+	mv "${D}"/usr/$(get_libdir)/lib*.so* "${D}"/$(get_libdir)/ || die
+	gen_usr_ldscript libaudit.so libauparse.so
+
+	# remove RedHat garbage
+	rm -r "${D}"/etc/{rc.d,sysconfig} || die
+
+	# Gentoo rules
+	insinto /etc/audit/
+	doins "${FILESDIR}"/audit.rules*
+
+	# audit logs go here
+	keepdir /var/log/audit/
+
+	# Security
+	lockdown_perms "${D}"
+
+	# Don't install .la files in Python directories.
+	python_clean_installation_image
+}
+
+pkg_postinst() {
+	lockdown_perms "${ROOT}"
+	python_mod_optimize audit.py
+}
+
+pkg_postrm() {
+	python_mod_cleanup audit.py
+}
+
+lockdown_perms() {
+	# upstream wants these to have restrictive perms
+	basedir="$1"
+	chmod 0750 "${basedir}"/sbin/au{ditctl,report,dispd,ditd,search,trace} 2>/dev/null
+	chmod 0750 "${basedir}"/var/log/audit/ 2>/dev/null
+	chmod 0640 "${basedir}"/etc/{audit/,}{auditd.conf,audit.rules*} 2>/dev/null
+}

diff --git a/sys-process/audit/files/audit-1.6.8-subdirs-fix.patch b/sys-process/audit/files/audit-1.6.8-subdirs-fix.patch
new file mode 100644
index 0000000..662e376
--- /dev/null
+++ b/sys-process/audit/files/audit-1.6.8-subdirs-fix.patch
@@ -0,0 +1,12 @@
+--- audit-1.6.8/Makefile.am.orig	2008-02-20 14:33:51.034127088 -0800
++++ audit-1.6.8/Makefile.am	2008-02-20 14:33:57.640162864 -0800
+@@ -21,8 +21,7 @@
+ #   Rickard E. (Rik) Faith <faith@redhat.com>
+ #
+ 
+-SUBDIRS = lib auparse src/mt src audisp tools swig bindings init.d 
+-	docs 
++SUBDIRS = lib auparse src/mt src audisp tools swig bindings init.d docs 
+ EXTRA_DIST = ChangeLog AUTHORS NEWS README README-install audit.spec \
+ 	contrib/capp.rules contrib/nispom.rules contrib/lspp.rules \
+ 	contrib/skeleton.c contrib/avc_snap contrib/avc_syslog \

diff --git a/sys-process/audit/files/audit-1.7.4-glibc212.patch b/sys-process/audit/files/audit-1.7.4-glibc212.patch
new file mode 100644
index 0000000..e167849
--- /dev/null
+++ b/sys-process/audit/files/audit-1.7.4-glibc212.patch
@@ -0,0 +1,13 @@
+http://bugs.gentoo.org/334147
+
+--- lib/libaudit.c
++++ lib/libaudit.c
+@@ -36,6 +36,8 @@
+ #include <sys/utsname.h>
+ #include <fcntl.h>	/* O_NOFOLLOW needs gnu defined */
+ #include <limits.h>	/* for PATH_MAX */
++#include <sys/types.h>
++#include <sys/stat.h>	/* S_ISREG */
+ 
+ #include "libaudit.h"
+ #include "private.h"

diff --git a/sys-process/audit/files/audit-1.7.4-python.patch b/sys-process/audit/files/audit-1.7.4-python.patch
new file mode 100644
index 0000000..32fca2a
--- /dev/null
+++ b/sys-process/audit/files/audit-1.7.4-python.patch
@@ -0,0 +1,12 @@
+--- swig/Makefile.am
++++ swig/Makefile.am
+@@ -27,7 +27,8 @@
+ LIBS = $(top_builddir)/lib/libaudit.la
+ python_PYTHON = audit.py
+ pyexec_LTLIBRARIES = _audit.la
+-_audit_la_LDFLAGS = -module -avoid-version
++_audit_la_CFLAGS = -shared
++_audit_la_LDFLAGS = -module -avoid-version -shared
+ _audit_la_HEADERS: $(top_builddir)/config.h 
+ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudit.la
+ nodist__audit_la_SOURCES  = audit_wrap.c

diff --git a/sys-process/audit/files/audit.rules b/sys-process/audit/files/audit.rules
new file mode 100644
index 0000000..9d9578e
--- /dev/null
+++ b/sys-process/audit/files/audit.rules
@@ -0,0 +1,25 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+#
+# This file contains the auditctl rules that are loaded
+# whenever the audit daemon is started via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# First rule - delete all
+# This is to clear out old rules, so we don't append to them.
+-D
+
+# Feel free to add below this line. See auditctl man page
+
+# The following rule would cause all of the syscalls listed to be ignored in logging.
+# -a entry,never -S read -S write -S open -S fstat -S fstat64 -S mmap -S brk -S munmap -S _llseek -S nanosleep -S fcntl64 -S close -S dup2 -S rt_sigaction -S stat64 -S stat
+
+# The following rule would cause the capture of all systems not caught above.
+# -a entry,always -S all
+
+# Increase the buffers to survive stress events
+-b 256
+
+# vim:ft=conf:

diff --git a/sys-process/audit/files/audit.rules.stop.post b/sys-process/audit/files/audit.rules.stop.post
new file mode 100644
index 0000000..34db08c
--- /dev/null
+++ b/sys-process/audit/files/audit.rules.stop.post
@@ -0,0 +1,13 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules.stop.post,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+#
+# This file contains the auditctl rules that are loaded immediately after the
+# audit deamon is stopped via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# Not used for the default Gentoo configuration as of v1.2.3
+# Paranoid security types might wish to reconfigure kauditd here.
+
+# vim:ft=conf:

diff --git a/sys-process/audit/files/audit.rules.stop.pre b/sys-process/audit/files/audit.rules.stop.pre
new file mode 100644
index 0000000..c404b51
--- /dev/null
+++ b/sys-process/audit/files/audit.rules.stop.pre
@@ -0,0 +1,13 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/audit.rules.stop.pre,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+#
+# This file contains the auditctl rules that are loaded immediately before the
+# audit deamon is stopped via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# auditd is stopping, don't capture events anymore
+-D
+
+# vim:ft=conf:

diff --git a/sys-process/audit/files/auditd-conf.d-1.2.3 b/sys-process/audit/files/auditd-conf.d-1.2.3
new file mode 100644
index 0000000..e722286
--- /dev/null
+++ b/sys-process/audit/files/auditd-conf.d-1.2.3
@@ -0,0 +1,16 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/auditd-conf.d-1.2.3,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+
+# Configuration options for auditd
+# -f for foreground mode
+# There are some other options as well, but you'll have to look in the source
+# code to find them as they aren't ready for use yet.
+EXTRAOPTIONS=''
+
+# Audit rules file to run after starting auditd
+RULEFILE_STARTUP=/etc/audit/audit.rules
+
+# Audit rules file to run before and after stopping auditd
+RULEFILE_STOP_PRE=/etc/audit/audit.rules.stop.pre
+RULEFILE_STOP_POST=/etc/audit/audit.rules.stop.post

diff --git a/sys-process/audit/files/auditd-init.d-1.2.3 b/sys-process/audit/files/auditd-init.d-1.2.3
new file mode 100644
index 0000000..862a6be
--- /dev/null
+++ b/sys-process/audit/files/auditd-init.d-1.2.3
@@ -0,0 +1,58 @@
+#!/sbin/runscript
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-process/audit/files/auditd-init.d-1.2.3,v 1.1 2006/06/22 07:41:46 robbat2 Exp $
+
+start_auditd() {
+	ebegin "Starting auditd"
+	start-stop-daemon \
+		--start --quiet --pidfile /var/run/auditd.pid \
+		--exec /sbin/auditd -- ${EXTRAOPTIONS}
+	local ret=$?
+	eend $ret
+	return $ret
+}
+
+stop_auditd() {	
+	ebegin "Stopping auditd"
+	start-stop-daemon \
+		--stop --quiet --pidfile /var/run/auditd.pid
+	local ret=$?
+	eend $ret
+	return $ret
+}
+
+
+loadfile() {
+	local rules="$1"
+	if [ -n "${rules}" -a -f "${rules}" ]; then
+		einfo "Loading audit rules from ${rules}"
+		/sbin/auditctl -R "${rules}" 1>/dev/null
+		return $?
+	else
+		return 0
+	fi
+}
+
+start() {
+	start_auditd
+	local ret=$?
+	if [ $ret -eq 0 ]; then
+		loadfile "${RULEFILE_STARTUP}"
+	fi
+	return $ret
+}
+
+stop() {
+	loadfile "${RULEFILE_STOP_PRE}"
+	stop_auditd
+	local ret=$?
+	loadfile "${RULEFILE_STOP_POST}"
+	return $ret
+}
+
+# This is a special case, we do not want to touch the rules at all
+restart() {
+	stop_auditd
+	start_auditd
+}