From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 59EA51581EC for ; Thu, 21 Nov 2024 12:23:42 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8DE0DE07EF; Thu, 21 Nov 2024 12:23:41 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id DCA89E07EF for ; Thu, 21 Nov 2024 12:23:40 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 77C57340DC8 for ; Thu, 21 Nov 2024 12:23:39 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 0FADB1E06 for ; Thu, 21 Nov 2024 12:23:38 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1732191784.458883ad9493d90891034f57ea5458a1e61a6e03.sam@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-process/audit/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-process/audit/Manifest sys-process/audit/audit-4.0.2.ebuild X-VCS-Directories: sys-process/audit/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 458883ad9493d90891034f57ea5458a1e61a6e03 X-VCS-Branch: master Date: Thu, 21 Nov 2024 12:23:38 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: bf40e472-2479-45bd-8e65-1af49822d874 X-Archives-Hash: 4de3a04816e969d84f245d69558863bc commit: 458883ad9493d90891034f57ea5458a1e61a6e03 Author: Quincy Fleming protonmail com> AuthorDate: Sun Oct 27 23:04:02 2024 +0000 Commit: Sam James gentoo org> CommitDate: Thu Nov 21 12:23:04 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=458883ad sys-process/audit: add 4.0.2 Closes: https://bugs.gentoo.org/937278 Signed-off-by: Quincy Fleming protonmail.com> Closes: https://github.com/gentoo/gentoo/pull/38858 Signed-off-by: Sam James gentoo.org> sys-process/audit/Manifest | 1 + sys-process/audit/audit-4.0.2.ebuild | 193 +++++++++++++++++++++++++++++++++++ 2 files changed, 194 insertions(+) diff --git a/sys-process/audit/Manifest b/sys-process/audit/Manifest index 317f73b539b9..9031bd696120 100644 --- a/sys-process/audit/Manifest +++ b/sys-process/audit/Manifest @@ -1 +1,2 @@ DIST audit-4.0.1.tar.gz 1194961 BLAKE2B 590abf58e672921a432348f48936cfbff0b6ddfa47e77b3b20eaa00e5d1c4ce2fc8d10c1fc1cbc19d44c09a9f7dfbca76778c94d8d340485c2bb1bb3b5a3c95a SHA512 7fbc426d0ddea340a36ceab52ac090e8e3dfb3450ebf50b478324a097f19ab4bb2cf78a2532644acb17e6114b59b8fda718affda9da62fb84181e3abf76039df +DIST audit-4.0.2.tar.gz 1198769 BLAKE2B f34fed7eebbc72d82d1051bbaf5ec29ebb8e1b9fe85dc0a0f8c71a94ede86578d58d16be9d91e643368fabe20e69c208fb7f374e19a70bf6dc7c0ab2448fb30a SHA512 13d4d07b316fc1380d75baefbb1345b34286015d52e758c14b2f82781cf4cffc16b6eb29d999563ff40caa6d005630a5dfc44741e49b71291c9beb84ddc452a4 diff --git a/sys-process/audit/audit-4.0.2.ebuild b/sys-process/audit/audit-4.0.2.ebuild new file mode 100644 index 000000000000..76c791283887 --- /dev/null +++ b/sys-process/audit/audit-4.0.2.ebuild @@ -0,0 +1,193 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# As with sys-libs/libcap-ng, same maintainer in Fedora as upstream, so +# check Fedora's packaging (https://src.fedoraproject.org/rpms/audit/tree/rawhide) +# on bumps (or if hitting a bug) to see what they've done there. + +PYTHON_COMPAT=( python3_{10..13} ) + +inherit autotools multilib-minimal toolchain-funcs python-r1 linux-info systemd usr-ldscript + +DESCRIPTION="Userspace utilities for storing and processing auditing records" +HOMEPAGE="https://people.redhat.com/sgrubb/audit/" +SRC_URI="https://people.redhat.com/sgrubb/audit/${P}.tar.gz" + +LICENSE="GPL-2+ LGPL-2.1+" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="gssapi io-uring ldap python static-libs test" + +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" +RESTRICT="!test? ( test )" + +RDEPEND=" + sys-libs/libcap-ng + gssapi? ( virtual/krb5 ) + ldap? ( net-nds/openldap:= ) + python? ( ${PYTHON_DEPS} ) +" +DEPEND=" + ${RDEPEND} + >=sys-kernel/linux-headers-2.6.34 + test? ( dev-libs/check ) +" +BDEPEND=" + python? ( + dev-lang/swig + $(python_gen_cond_dep ' + dev-python/setuptools[${PYTHON_USEDEP}] + ' python3_12) + ) +" + +CONFIG_CHECK="~AUDIT" + +QA_CONFIG_IMPL_DECL_SKIP=( + # missing on musl. Uses handrolled AC_LINK_IFELSE but fails at link time + # for older compilers regardless. bug #898828 + strndupa +) + +src_prepare() { + # audisp-remote moved in multilib_src_install_all + sed -i \ + -e "s,/sbin/audisp-remote,${EPREFIX}/usr/sbin/audisp-remote," \ + audisp/plugins/remote/au-remote.conf || die + + # Disable installing sample rules so they can be installed as docs. + echo -e '%:\n\t:' | tee rules/Makefile.{am,in} >/dev/null || die + + default + eautoreconf +} + +multilib_src_configure() { + local myeconfargs=( + --sbindir="${EPREFIX}"/sbin + --localstatedir="${EPREFIX}"/var + --runstatedir="${EPREFIX}"/run + $(use_enable gssapi gssapi-krb5) + $(use_enable ldap zos-remote) + $(use_enable static-libs static) + $(use_with arm) + $(use_with arm64 aarch64) + $(use_with io-uring io_uring) + --without-golang + --without-libwrap + --without-python3 + ) + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" + + if multilib_is_native_abi && use python; then + python_configure() { + mkdir -p "${BUILD_DIR}" || die + pushd "${BUILD_DIR}" &>/dev/null || die + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" --with-python3 + find . -type f -name 'Makefile' -exec sed -i "s;-I/usr/include/python;-I${SYSROOT}/usr/include/python;g" {} + + + popd &>/dev/null || die + } + + python_foreach_impl python_configure + fi +} + +src_configure() { + tc-export_build_env BUILD_{CC,CPP} + + local -x CC_FOR_BUILD="${BUILD_CC}" + local -x CPP_FOR_BUILD="${BUILD_CPP}" + + multilib-minimal_src_configure +} + +multilib_src_compile() { + if multilib_is_native_abi; then + default + + local native_build="${BUILD_DIR}" + + python_compile() { + emake -C "${BUILD_DIR}"/bindings/swig top_builddir="${native_build}" + emake -C "${BUILD_DIR}"/bindings/python/python3 top_builddir="${native_build}" + } + + use python && python_foreach_impl python_compile + else + emake -C common + emake -C lib + emake -C auparse + fi +} + +multilib_src_install() { + if multilib_is_native_abi; then + emake DESTDIR="${D}" initdir="$(systemd_get_systemunitdir)" install + + local native_build="${BUILD_DIR}" + + python_install() { + emake -C "${BUILD_DIR}"/bindings/swig DESTDIR="${D}" top_builddir="${native_build}" install + emake -C "${BUILD_DIR}"/bindings/python/python3 DESTDIR="${D}" top_builddir="${native_build}" install + python_optimize + } + + use python && python_foreach_impl python_install + + # Things like shadow use this so we need to be in / + gen_usr_ldscript -a audit auparse + else + emake -C lib DESTDIR="${D}" install + emake -C auparse DESTDIR="${D}" install + fi +} + +multilib_src_install_all() { + dodoc AUTHORS ChangeLog README* THANKS + docinto contrib + dodoc contrib/avc_snap + docinto contrib/plugin + dodoc contrib/plugin/* + docinto rules + dodoc rules/*rules + + newinitd "${FILESDIR}"/auditd-init.d-2.4.3 auditd + newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd + + if [[ -f "${ED}"/sbin/audisp-remote ]] ; then + dodir /usr/sbin + mv "${ED}"/{sbin,usr/sbin}/audisp-remote || die + fi + + # Gentoo rules + insinto /etc/audit + newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules + doins "${FILESDIR}"/audit.rules.stop* + keepdir /etc/audit/rules.d + + # audit logs go here + keepdir /var/log/audit + + find "${ED}" -type f -name '*.la' -delete || die + + # Security + lockdown_perms "${ED}" +} + +pkg_postinst() { + lockdown_perms "${EROOT}" +} + +lockdown_perms() { + # Upstream wants these to have restrictive perms. + # Should not || die as not all paths may exist. + local basedir="${1}" + chmod 0750 "${basedir}"/sbin/au{ditctl,ditd,report,search,trace} 2>/dev/null + chmod 0750 "${basedir}"/var/log/audit 2>/dev/null + chmod 0640 "${basedir}"/etc/audit/{auditd.conf,audit*.rules*} 2>/dev/null +}