project-lakitu: sys-process/audit: copy 3.0.2 from upstream Gentoo
BUG=b/186856398
TEST=See the last commit in this series.
RELEASE_NOTE=None
Change-Id: I1c8d9b49987bc9bb8b52135f41020e97082db760
Reviewed-on: https://cos-review.googlesource.com/c/cos/overlays/board-overlays/+/19797
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Robert Kolchmeyer <rkolchmeyer@google.com>
diff --git a/project-lakitu/sys-process/audit/Manifest b/project-lakitu/sys-process/audit/Manifest
index 1b2dae2..0dce07d 100644
--- a/project-lakitu/sys-process/audit/Manifest
+++ b/project-lakitu/sys-process/audit/Manifest
@@ -1,4 +1,3 @@
-DIST audit-2.5.tar.gz 1034200 SHA256 9b0a0760c6f37d80cbbfe46a74db722e60ac8100b28eb31953878ffca8ac14b4 SHA512 53b1bfa0765875aca60859c6f8e9db963144ed72e233110596fcfd7cb84efd8bc8e33a1eb1cbbe5cbec7352e0cd25c726a50abd850caecb9b4f3c35626bbe03d WHIRLPOOL bfefef5d07ba35da7a359f68f50b61302f5a38dae4d0a2b3a1939d33e282abbb787b24b0936ae0f9a186356ae0689faf123f95c1019d5cb263118c8b1e1c5099
DIST audit-017e6c6ab95df55f34e339d2139def83e5dada1f.patch 852 BLAKE2B 60d8b813f57338ce267a09913e68a0726acf5cf878cd2893fe2493f80d2b0ac1e0504dc7a72e85134ae2597b268cb1772b4e7c6c2f19149fc905f6928e2db47f SHA512 78e32c05b6896d37bacf0938954fbce7486a528dabd55421f1715438fe489171f9157059050abdcb3f673258aa28b4a11f643ddb7824f3499a195dbbe634f101
-DIST audit-2.8.5.tar.gz 1140694 BLAKE2B 64fd0cd93f934e3dd11faf21fcd765894a9c4336d8322179980bb7df1ef5a06d301a665860aeb84fefa0cf278940668023675b99ba7f33cdcfb542d869034358 SHA512 7d416aaa21c1a167f8e911ca82aecbaba804424f3243f505066c43ecc4a62a34feb2c27555e99d3268608404793dccca0f828c63670e3aa816016fb493f8174a
DIST audit-2.8.5_p80866dc78b5d.tar.gz 552094 BLAKE2B adb936a314ef2f11828ee00f3513631e06e2df09e37e68be27b1b694e278116d2f486dbde7ed57c77d9ff0bcd09309ea841959c7a66caed6770f367d65dd14f4 SHA512 7ec103bf076cfac7906748162e78835f1f65dd9d68e3a7466346e0473075beb47897adf88ab9ba0eb42db1953372aafb16cc040674b9a9c887730c062b82540a
+DIST audit-3.0.2.tar.gz 1184356 BLAKE2B 13f76e9c40bc8ffc53b5499076b5cb75c2690d95414a0e1942fa9725b9617f10327a2ee676dc10cc46ba76d223f77509d305bcd22344b678443b7707cc6d10cd SHA512 9e831ed6f30ac7d58f028cede97adba431bde18dfd9045c19f5e03eff52cd28db3a6792e5969f555ce51aa562662b59fa5cc5265586c6acf0b3aa1feae4d720f
diff --git a/project-lakitu/sys-process/audit/audit-3.0.2.ebuild b/project-lakitu/sys-process/audit/audit-3.0.2.ebuild
new file mode 100644
index 0000000..861a82a
--- /dev/null
+++ b/project-lakitu/sys-process/audit/audit-3.0.2.ebuild
@@ -0,0 +1,155 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7..9} )
+
+inherit autotools multilib multilib-minimal toolchain-funcs python-r1 linux-info systemd usr-ldscript
+
+DESCRIPTION="Userspace utilities for storing and processing auditing records"
+HOMEPAGE="https://people.redhat.com/sgrubb/audit/"
+SRC_URI="https://people.redhat.com/sgrubb/audit/${P}.tar.gz"
+
+LICENSE="GPL-2+ LGPL-2.1+"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="gssapi ldap python static-libs"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+# Testcases are pretty useless as they are built for RedHat users/groups and kernels.
+RESTRICT="test"
+
+RDEPEND="gssapi? ( virtual/krb5 )
+ ldap? ( net-nds/openldap )
+ sys-libs/libcap-ng
+ python? ( ${PYTHON_DEPS} )"
+DEPEND="${RDEPEND}
+ >=sys-kernel/linux-headers-2.6.34" # This is linux specific.
+BDEPEND="python? ( dev-lang/swig:0 )"
+
+CONFIG_CHECK="~AUDIT"
+
+src_prepare() {
+ # audisp-remote moved in multilib_src_install_all
+ sed -i \
+ -e "s,/sbin/audisp-remote,${EPREFIX}/usr/sbin/audisp-remote," \
+ audisp/plugins/remote/au-remote.conf || die
+
+ # Disable installing sample rules so they can be installed as docs.
+ echo -e '%:\n\t:' | tee rules/Makefile.{am,in} >/dev/null
+
+ default
+ eautoreconf
+}
+
+multilib_src_configure() {
+ local -a myeconfargs=(
+ --sbindir="${EPREFIX}/sbin"
+ $(use_enable gssapi gssapi-krb5)
+ $(use_enable ldap zos-remote)
+ $(use_enable static-libs static)
+ --enable-systemd
+ --without-golang
+ --without-python
+ --without-python3
+ )
+ ECONF_SOURCE=${S} econf "${myeconfargs[@]}"
+
+ if multilib_is_native_abi && use python; then
+ python_configure() {
+ mkdir -p "${BUILD_DIR}"
+ pushd "${BUILD_DIR}" &>/dev/null || die
+ ECONF_SOURCE=${S} econf "${myeconfargs[@]}" --with-python3
+ popd &>/dev/null || die
+ }
+ python_foreach_impl python_configure
+ fi
+}
+
+src_configure() {
+ tc-export_build_env BUILD_{CC,CPP}
+ local -x CC_FOR_BUILD="${BUILD_CC}"
+ local -x CPP_FOR_BUILD="${BUILD_CPP}"
+ multilib-minimal_src_configure
+}
+
+multilib_src_compile() {
+ if multilib_is_native_abi; then
+ default
+
+ local native_build="${BUILD_DIR}"
+ python_compile() {
+ emake -C "${BUILD_DIR}"/bindings/swig top_builddir="${native_build}"
+ emake -C "${BUILD_DIR}"/bindings/python/python3 top_builddir="${native_build}"
+ }
+ use python && python_foreach_impl python_compile
+ else
+ emake -C common
+ emake -C lib
+ emake -C auparse
+ fi
+}
+
+multilib_src_install() {
+ if multilib_is_native_abi; then
+ emake DESTDIR="${D}" initdir="$(systemd_get_systemunitdir)" install
+
+ local native_build="${BUILD_DIR}"
+ python_install() {
+ emake -C "${BUILD_DIR}"/bindings/swig DESTDIR="${D}" top_builddir="${native_build}" install
+ emake -C "${BUILD_DIR}"/bindings/python/python3 DESTDIR="${D}" top_builddir="${native_build}" install
+ python_optimize
+ }
+ use python && python_foreach_impl python_install
+
+ # things like shadow use this so we need to be in /
+ gen_usr_ldscript -a audit auparse
+ else
+ emake -C lib DESTDIR="${D}" install
+ emake -C auparse DESTDIR="${D}" install
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc AUTHORS ChangeLog README* THANKS
+ docinto contrib
+ dodoc contrib/avc_snap
+ docinto contrib/plugin
+ dodoc contrib/plugin/*
+ docinto rules
+ dodoc rules/*rules
+
+ newinitd "${FILESDIR}"/auditd-init.d-2.4.3 auditd
+ newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd
+
+ [ -f "${ED}"/sbin/audisp-remote ] && \
+ dodir /usr/sbin && \
+ mv "${ED}"/{sbin,usr/sbin}/audisp-remote || die
+
+ # Gentoo rules
+ insinto /etc/audit
+ newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules
+ doins "${FILESDIR}"/audit.rules.stop*
+
+ # audit logs go here
+ keepdir /var/log/audit
+
+ find "${ED}" -type f -name '*.la' -delete || die
+
+ # Security
+ lockdown_perms "${ED}"
+}
+
+pkg_postinst() {
+ lockdown_perms "${EROOT}"
+}
+
+lockdown_perms() {
+ # Upstream wants these to have restrictive perms.
+ # Should not || die as not all paths may exist.
+ local basedir="$1"
+ chmod 0750 "${basedir}"/sbin/au{ditctl,ditd,report,search,trace} 2>/dev/null
+ chmod 0750 "${basedir}"/var/log/audit 2>/dev/null
+ chmod 0640 "${basedir}"/etc/audit/{auditd.conf,audit*.rules*} 2>/dev/null
+}
diff --git a/project-lakitu/sys-process/audit/files/audit.rules-2.1.3 b/project-lakitu/sys-process/audit/files/audit.rules-2.1.3
new file mode 100644
index 0000000..25dbedf
--- /dev/null
+++ b/project-lakitu/sys-process/audit/files/audit.rules-2.1.3
@@ -0,0 +1,25 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+#
+# This file contains the auditctl rules that are loaded
+# whenever the audit daemon is started via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# First rule - delete all
+# This is to clear out old rules, so we don't append to them.
+-D
+
+# Feel free to add below this line. See auditctl man page
+
+# The following rule would cause all of the syscalls listed to be ignored in logging.
+-a exit,never -F arch=b32 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
+-a exit,never -F arch=b64 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
+
+# The following rule would cause the capture of all systems not caught above.
+# -a exit,always -S all
+
+# Increase the buffers to survive stress events
+-b 8192
+
+# vim:ft=conf:
diff --git a/project-lakitu/sys-process/audit/files/audit.rules.stop.post b/project-lakitu/sys-process/audit/files/audit.rules.stop.post
new file mode 100644
index 0000000..29ae197
--- /dev/null
+++ b/project-lakitu/sys-process/audit/files/audit.rules.stop.post
@@ -0,0 +1,12 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+#
+# This file contains the auditctl rules that are loaded immediately after the
+# audit deamon is stopped via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# Not used for the default Gentoo configuration as of v1.2.3
+# Paranoid security types might wish to reconfigure kauditd here.
+
+# vim:ft=conf:
diff --git a/project-lakitu/sys-process/audit/files/audit.rules.stop.pre b/project-lakitu/sys-process/audit/files/audit.rules.stop.pre
new file mode 100644
index 0000000..1f34173
--- /dev/null
+++ b/project-lakitu/sys-process/audit/files/audit.rules.stop.pre
@@ -0,0 +1,15 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+#
+# This file contains the auditctl rules that are loaded immediately before the
+# audit deamon is stopped via the initscripts.
+# The rules are simply the parameters that would be passed
+# to auditctl.
+
+# auditd is stopping, don't capture events anymore
+-D
+
+# Disable kernel generating audit events
+-e 0
+
+# vim:ft=conf:
