project-lakitu: sys-process/audit: apply the initial COS modification
When sys-process/audit was first created in COS by commit f56a9bfa5b75
("add audit tools in sys-process/audit") in
src/private-overlays/overlay-lakitu-private repository, its ebuild
file was different from the upstream Gentoo's ebuild file. This commit
applies those differences to 3.0.2
BUG=b/186856398
TEST=See the last commit in this series.
RELEASE_NOTE=None
Change-Id: I4e0788979962a8fe53f452b93dff979586a20b95
Reviewed-on: https://cos-review.googlesource.com/c/cos/overlays/board-overlays/+/19800
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Robert Kolchmeyer <rkolchmeyer@google.com>
diff --git a/project-lakitu/sys-process/audit/audit-3.0.2-r1.ebuild b/project-lakitu/sys-process/audit/audit-3.0.2-r2.ebuild
similarity index 100%
rename from project-lakitu/sys-process/audit/audit-3.0.2-r1.ebuild
rename to project-lakitu/sys-process/audit/audit-3.0.2-r2.ebuild
diff --git a/project-lakitu/sys-process/audit/audit-3.0.2.ebuild b/project-lakitu/sys-process/audit/audit-3.0.2.ebuild
index 0688724..e327cff 100644
--- a/project-lakitu/sys-process/audit/audit-3.0.2.ebuild
+++ b/project-lakitu/sys-process/audit/audit-3.0.2.ebuild
@@ -14,17 +14,20 @@
LICENSE="GPL-2+ LGPL-2.1+"
SLOT="0"
KEYWORDS="*"
-IUSE="gssapi ldap python static-libs"
+IUSE="daemon gssapi ldap python static-libs"
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+REQUIRED_USE="ldap? ( daemon )
+ python? ( ${PYTHON_REQUIRED_USE} )"
# Testcases are pretty useless as they are built for RedHat users/groups and kernels.
RESTRICT="test"
RDEPEND="gssapi? ( virtual/krb5 )
ldap? ( net-nds/openldap )
+ sys-apps/diffutils
sys-libs/libcap-ng
python? ( ${PYTHON_DEPS} )"
DEPEND="${RDEPEND}
+ python? ( dev-lang/swig )
>=sys-kernel/linux-headers-2.6.34" # This is linux specific.
BDEPEND="python? ( dev-lang/swig:0 )"
@@ -39,6 +42,18 @@
# Disable installing sample rules so they can be installed as docs.
echo -e '%:\n\t:' | tee rules/Makefile.{am,in} >/dev/null
+ if ! use daemon; then
+ sed -e '/^SUBDIRS =/s/audisp//' \
+ -i Makefile.am || die
+ sed -e '/${DESTDIR}${initdir}/d' \
+ -e '/${DESTDIR}${legacydir}/d' \
+ -i init.d/Makefile.am || die
+ sed -e '/^sbin_PROGRAMS =/s/auditd//' \
+ -e '/^sbin_PROGRAMS =/s/aureport//' \
+ -e '/^sbin_PROGRAMS =/s/ausearch//' \
+ -i src/Makefile.am || die
+ fi
+
default
eautoreconf
}
@@ -113,43 +128,28 @@
multilib_src_install_all() {
dodoc AUTHORS ChangeLog README* THANKS
- docinto contrib
- dodoc contrib/avc_snap
- docinto contrib/plugin
- dodoc contrib/plugin/*
- docinto rules
- dodoc rules/*rules
+
+ if use daemon; then
+ docinto contrib/plugin
+ dodoc contrib/plugin/*
+ docinto rules
+ dodoc rules/*rules
- newinitd "${FILESDIR}"/auditd-init.d-2.4.3 auditd
- newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd
+ newinitd "${FILESDIR}"/auditd-init.d-2.4.3 auditd
+ newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd
- [ -f "${ED}"/sbin/audisp-remote ] && \
- dodir /usr/sbin && \
- mv "${ED}"/{sbin,usr/sbin}/audisp-remote || die
+ [ -f "${ED}"/sbin/audisp-remote ] && \
+ dodir /usr/sbin && \
+ mv "${ED}"/{sbin,usr/sbin}/audisp-remote || die
- # Gentoo rules
- insinto /etc/audit
- newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules
- doins "${FILESDIR}"/audit.rules.stop*
+ # audit logs go here
+ keepdir /var/log/audit
+ fi
- # audit logs go here
- keepdir /var/log/audit
+ insinto /usr/share/audit/rules.d
+ doins "${FILESDIR}"/rules.d/*.rules
- find "${ED}" -type f -name '*.la' -delete || die
-
- # Security
- lockdown_perms "${ED}"
-}
-
-pkg_postinst() {
- lockdown_perms "${EROOT}"
-}
-
-lockdown_perms() {
- # Upstream wants these to have restrictive perms.
- # Should not || die as not all paths may exist.
- local basedir="$1"
- chmod 0750 "${basedir}"/sbin/au{ditctl,ditd,report,search,trace} 2>/dev/null
- chmod 0750 "${basedir}"/var/log/audit 2>/dev/null
- chmod 0640 "${basedir}"/etc/audit/{auditd.conf,audit*.rules*} 2>/dev/null
+ systemd_newtmpfilesd "${FILESDIR}"/audit-rules.tmpfiles audit-rules.conf
+ systemd_dounit "${FILESDIR}"/audit-rules.service
+ systemd_enable_service multi-user.target audit-rules.service
}
diff --git a/project-lakitu/sys-process/audit/files/audit.rules-2.1.3 b/project-lakitu/sys-process/audit/files/audit.rules-2.1.3
deleted file mode 100644
index 25dbedf..0000000
--- a/project-lakitu/sys-process/audit/files/audit.rules-2.1.3
+++ /dev/null
@@ -1,25 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-#
-# This file contains the auditctl rules that are loaded
-# whenever the audit daemon is started via the initscripts.
-# The rules are simply the parameters that would be passed
-# to auditctl.
-
-# First rule - delete all
-# This is to clear out old rules, so we don't append to them.
--D
-
-# Feel free to add below this line. See auditctl man page
-
-# The following rule would cause all of the syscalls listed to be ignored in logging.
--a exit,never -F arch=b32 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
--a exit,never -F arch=b64 -S read -S write -S open -S fstat -S mmap -S brk -S munmap -S nanosleep -S fcntl -S close -S dup2 -S rt_sigaction -S stat
-
-# The following rule would cause the capture of all systems not caught above.
-# -a exit,always -S all
-
-# Increase the buffers to survive stress events
--b 8192
-
-# vim:ft=conf:
diff --git a/project-lakitu/sys-process/audit/files/audit.rules.stop.post b/project-lakitu/sys-process/audit/files/audit.rules.stop.post
deleted file mode 100644
index 29ae197..0000000
--- a/project-lakitu/sys-process/audit/files/audit.rules.stop.post
+++ /dev/null
@@ -1,12 +0,0 @@
-# Copyright 1999-2005 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-#
-# This file contains the auditctl rules that are loaded immediately after the
-# audit deamon is stopped via the initscripts.
-# The rules are simply the parameters that would be passed
-# to auditctl.
-
-# Not used for the default Gentoo configuration as of v1.2.3
-# Paranoid security types might wish to reconfigure kauditd here.
-
-# vim:ft=conf:
diff --git a/project-lakitu/sys-process/audit/files/audit.rules.stop.pre b/project-lakitu/sys-process/audit/files/audit.rules.stop.pre
deleted file mode 100644
index 1f34173..0000000
--- a/project-lakitu/sys-process/audit/files/audit.rules.stop.pre
+++ /dev/null
@@ -1,15 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-#
-# This file contains the auditctl rules that are loaded immediately before the
-# audit deamon is stopped via the initscripts.
-# The rules are simply the parameters that would be passed
-# to auditctl.
-
-# auditd is stopping, don't capture events anymore
--D
-
-# Disable kernel generating audit events
--e 0
-
-# vim:ft=conf: