From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1691881-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 59EA51581EC
	for <garchives@archives.gentoo.org>; Thu, 21 Nov 2024 12:23:42 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 8DE0DE07EF;
	Thu, 21 Nov 2024 12:23:41 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id DCA89E07EF
	for <gentoo-commits@lists.gentoo.org>; Thu, 21 Nov 2024 12:23:40 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 77C57340DC8
	for <gentoo-commits@lists.gentoo.org>; Thu, 21 Nov 2024 12:23:39 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 0FADB1E06
	for <gentoo-commits@lists.gentoo.org>; Thu, 21 Nov 2024 12:23:38 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1732191784.458883ad9493d90891034f57ea5458a1e61a6e03.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-process/audit/
X-VCS-Repository: repo/gentoo
X-VCS-Files: sys-process/audit/Manifest sys-process/audit/audit-4.0.2.ebuild
X-VCS-Directories: sys-process/audit/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: 458883ad9493d90891034f57ea5458a1e61a6e03
X-VCS-Branch: master
Date: Thu, 21 Nov 2024 12:23:38 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: bf40e472-2479-45bd-8e65-1af49822d874
X-Archives-Hash: 4de3a04816e969d84f245d69558863bc

commit:     458883ad9493d90891034f57ea5458a1e61a6e03
Author:     Quincy Fleming <quincyf467 <AT> protonmail <DOT> com>
AuthorDate: Sun Oct 27 23:04:02 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Nov 21 12:23:04 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=458883ad

sys-process/audit: add 4.0.2

Closes: https://bugs.gentoo.org/937278
Signed-off-by: Quincy Fleming <quincyf467 <AT> protonmail.com>
Closes: https://github.com/gentoo/gentoo/pull/38858
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-process/audit/Manifest           |   1 +
 sys-process/audit/audit-4.0.2.ebuild | 193 +++++++++++++++++++++++++++++++++++
 2 files changed, 194 insertions(+)

diff --git a/sys-process/audit/Manifest b/sys-process/audit/Manifest
index 317f73b539b9..9031bd696120 100644
--- a/sys-process/audit/Manifest
+++ b/sys-process/audit/Manifest
@@ -1 +1,2 @@
 DIST audit-4.0.1.tar.gz 1194961 BLAKE2B 590abf58e672921a432348f48936cfbff0b6ddfa47e77b3b20eaa00e5d1c4ce2fc8d10c1fc1cbc19d44c09a9f7dfbca76778c94d8d340485c2bb1bb3b5a3c95a SHA512 7fbc426d0ddea340a36ceab52ac090e8e3dfb3450ebf50b478324a097f19ab4bb2cf78a2532644acb17e6114b59b8fda718affda9da62fb84181e3abf76039df
+DIST audit-4.0.2.tar.gz 1198769 BLAKE2B f34fed7eebbc72d82d1051bbaf5ec29ebb8e1b9fe85dc0a0f8c71a94ede86578d58d16be9d91e643368fabe20e69c208fb7f374e19a70bf6dc7c0ab2448fb30a SHA512 13d4d07b316fc1380d75baefbb1345b34286015d52e758c14b2f82781cf4cffc16b6eb29d999563ff40caa6d005630a5dfc44741e49b71291c9beb84ddc452a4

diff --git a/sys-process/audit/audit-4.0.2.ebuild b/sys-process/audit/audit-4.0.2.ebuild
new file mode 100644
index 000000000000..76c791283887
--- /dev/null
+++ b/sys-process/audit/audit-4.0.2.ebuild
@@ -0,0 +1,193 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# As with sys-libs/libcap-ng, same maintainer in Fedora as upstream, so
+# check Fedora's packaging (https://src.fedoraproject.org/rpms/audit/tree/rawhide)
+# on bumps (or if hitting a bug) to see what they've done there.
+
+PYTHON_COMPAT=( python3_{10..13} )
+
+inherit autotools multilib-minimal toolchain-funcs python-r1 linux-info systemd usr-ldscript
+
+DESCRIPTION="Userspace utilities for storing and processing auditing records"
+HOMEPAGE="https://people.redhat.com/sgrubb/audit/"
+SRC_URI="https://people.redhat.com/sgrubb/audit/${P}.tar.gz"
+
+LICENSE="GPL-2+ LGPL-2.1+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="gssapi io-uring ldap python static-libs test"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+	sys-libs/libcap-ng
+	gssapi? ( virtual/krb5 )
+	ldap? ( net-nds/openldap:= )
+	python? ( ${PYTHON_DEPS} )
+"
+DEPEND="
+	${RDEPEND}
+	>=sys-kernel/linux-headers-2.6.34
+	test? ( dev-libs/check )
+"
+BDEPEND="
+	python? (
+		dev-lang/swig
+		$(python_gen_cond_dep '
+			dev-python/setuptools[${PYTHON_USEDEP}]
+		' python3_12)
+	)
+"
+
+CONFIG_CHECK="~AUDIT"
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+	# missing on musl. Uses handrolled AC_LINK_IFELSE but fails at link time
+	# for older compilers regardless. bug #898828
+	strndupa
+)
+
+src_prepare() {
+	# audisp-remote moved in multilib_src_install_all
+	sed -i \
+		-e "s,/sbin/audisp-remote,${EPREFIX}/usr/sbin/audisp-remote," \
+		audisp/plugins/remote/au-remote.conf || die
+
+	# Disable installing sample rules so they can be installed as docs.
+	echo -e '%:\n\t:' | tee rules/Makefile.{am,in} >/dev/null || die
+
+	default
+	eautoreconf
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		--sbindir="${EPREFIX}"/sbin
+		--localstatedir="${EPREFIX}"/var
+		--runstatedir="${EPREFIX}"/run
+		$(use_enable gssapi gssapi-krb5)
+		$(use_enable ldap zos-remote)
+		$(use_enable static-libs static)
+		$(use_with arm)
+		$(use_with arm64 aarch64)
+		$(use_with io-uring io_uring)
+		--without-golang
+		--without-libwrap
+		--without-python3
+	)
+
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+
+	if multilib_is_native_abi && use python; then
+		python_configure() {
+			mkdir -p "${BUILD_DIR}" || die
+			pushd "${BUILD_DIR}" &>/dev/null || die
+
+			ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" --with-python3
+			find . -type f -name 'Makefile' -exec sed -i "s;-I/usr/include/python;-I${SYSROOT}/usr/include/python;g" {} +
+
+			popd &>/dev/null || die
+		}
+
+		python_foreach_impl python_configure
+	fi
+}
+
+src_configure() {
+	tc-export_build_env BUILD_{CC,CPP}
+
+	local -x CC_FOR_BUILD="${BUILD_CC}"
+	local -x CPP_FOR_BUILD="${BUILD_CPP}"
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_compile() {
+	if multilib_is_native_abi; then
+		default
+
+		local native_build="${BUILD_DIR}"
+
+		python_compile() {
+			emake -C "${BUILD_DIR}"/bindings/swig top_builddir="${native_build}"
+			emake -C "${BUILD_DIR}"/bindings/python/python3 top_builddir="${native_build}"
+		}
+
+		use python && python_foreach_impl python_compile
+	else
+		emake -C common
+		emake -C lib
+		emake -C auparse
+	fi
+}
+
+multilib_src_install() {
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" initdir="$(systemd_get_systemunitdir)" install
+
+		local native_build="${BUILD_DIR}"
+
+		python_install() {
+			emake -C "${BUILD_DIR}"/bindings/swig DESTDIR="${D}" top_builddir="${native_build}" install
+			emake -C "${BUILD_DIR}"/bindings/python/python3 DESTDIR="${D}" top_builddir="${native_build}" install
+			python_optimize
+		}
+
+		use python && python_foreach_impl python_install
+
+		# Things like shadow use this so we need to be in /
+		gen_usr_ldscript -a audit auparse
+	else
+		emake -C lib DESTDIR="${D}" install
+		emake -C auparse DESTDIR="${D}" install
+	fi
+}
+
+multilib_src_install_all() {
+	dodoc AUTHORS ChangeLog README* THANKS
+	docinto contrib
+	dodoc contrib/avc_snap
+	docinto contrib/plugin
+	dodoc contrib/plugin/*
+	docinto rules
+	dodoc rules/*rules
+
+	newinitd "${FILESDIR}"/auditd-init.d-2.4.3 auditd
+	newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd
+
+	if [[ -f "${ED}"/sbin/audisp-remote ]] ; then
+		dodir /usr/sbin
+		mv "${ED}"/{sbin,usr/sbin}/audisp-remote || die
+	fi
+
+	# Gentoo rules
+	insinto /etc/audit
+	newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules
+	doins "${FILESDIR}"/audit.rules.stop*
+	keepdir /etc/audit/rules.d
+
+	# audit logs go here
+	keepdir /var/log/audit
+
+	find "${ED}" -type f -name '*.la' -delete || die
+
+	# Security
+	lockdown_perms "${ED}"
+}
+
+pkg_postinst() {
+	lockdown_perms "${EROOT}"
+}
+
+lockdown_perms() {
+	# Upstream wants these to have restrictive perms.
+	# Should not || die as not all paths may exist.
+	local basedir="${1}"
+	chmod 0750 "${basedir}"/sbin/au{ditctl,ditd,report,search,trace} 2>/dev/null
+	chmod 0750 "${basedir}"/var/log/audit 2>/dev/null
+	chmod 0640 "${basedir}"/etc/audit/{auditd.conf,audit*.rules*} 2>/dev/null
+}