project-lakitu/app-admin/localtoast/localtoast-1.1.5.1.ebuild - cos/overlays/board-overlays - Git at Google

 #
 # Copyright 2023 Google LLC
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # version 2 as published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #

 EAPI=7

 inherit go-module systemd

 DESCRIPTION="Google CIS Scanner"
 HOMEPAGE="https://github.com/google/localtoast"

 EGO_SUM=(
 	"bitbucket.org/creachadair/stringset v0.0.10"
 	"bitbucket.org/creachadair/stringset v0.0.10/go.mod"
 	"github.com/BurntSushi/toml v0.4.1/go.mod"
 	"github.com/go-sql-driver/mysql v1.6.0"
 	"github.com/go-sql-driver/mysql v1.6.0/go.mod"
 	"github.com/golang/protobuf v1.5.0"
 	"github.com/golang/protobuf v1.5.0/go.mod"
 	"github.com/google/go-cmp v0.5.5/go.mod"
 	"github.com/google/go-cmp v0.5.6"
 	"github.com/google/go-cmp v0.5.6/go.mod"
 	"golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod"
 	"golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1"
 	"golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod"
 	"google.golang.org/protobuf v1.26.0-rc.1/go.mod"
 	"google.golang.org/protobuf v1.27.1"
 	"google.golang.org/protobuf v1.27.1/go.mod"
 )

 go-module_set_globals

 SRC_URI="https://github.com/google/localtoast/archive/${PV}.tar.gz -> ${P}.tar.gz
 	grafeas-0163b5bb2ff5afbf059ddf472fb4d128faae85e3.tar.gz
 	${EGO_SUM_SRC_URI}"

 # In order to list licenses of dependencies, build the package and run
 # `go-licenses csv "github.com/google/localtoast"`
 LICENSE="Apache-2.0 BSD MPL-2.0"
 SLOT="0"
 KEYWORDS="*"
 IUSE=""
 DEPEND=""
 RDEPEND="${DEPEND}
 	app-admin/cis-compliance
 "

 PATCHES=(
 	# patch for changing system account range to 101:999
 	"${FILESDIR}"/system-accounts-secured.patch
 )

 src_compile() {
 	export GOTRACEBACK="crash"
 	GO=$(tc-getGO)
 	export GO

 	# There is a dependency to download grafeas separately as they don't provide
 	# compiled versions to be included in the go.sum. Add the grafeas version
 	# found in the localtoast build_protos.sh file to the local mirror and
 	# update accrodingly here and in SRC_URI.
 	mv "${WORKDIR}"/grafeas-0163b5bb2ff5afbf059ddf472fb4d128faae85e3/proto/v1 scannerlib/proto
 	rm -r "${WORKDIR}"/0163b5bb2ff5afbf059ddf472fb4d128faae85e3
 	sed -i 's\option go_package = ".*";\option go_package = "github.com/google/localtoast/scannerlib/proto/compliance_go_proto";\g' scannerlib/proto/v1/compliance.proto
 	sed -i 's\option go_package = ".*";\option go_package = "github.com/google/localtoast/scannerlib/proto/severity_go_proto";\g' scannerlib/proto/v1/severity.proto

 	# Compile protos.
 	protoc -I=scannerlib --go_out=scannerlib/proto scannerlib/proto/*.proto scannerlib/proto/v1/compliance.proto scannerlib/proto/v1/severity.proto

 	# Clean up.
 	mv scannerlib/proto/github.com/google/localtoast/scannerlib/proto/* scannerlib/proto/
 	rm -r scannerlib/proto/github.com

 	# Build the CIS Scanner
 	CGO_ENABLED=0 ${GO} build localtoast.go || die
 }


 src_install() {
 	ebegin "Installing CIS Scanner"
 	newbin localtoast cis_scanner

 	# Make the cis scanner config
 	# This is needed as the configs are split into general_linux and cos specific
 	# benchmarks. This creates the full cos config combining both of those for the
 	# specific branch that the config is meant for.
 	emake configs
 	# Install the cis scanner config
 	CONFIG_PATH=/usr/share/google/security/cis-compliance/
 	insinto ${CONFIG_PATH}
 	# Path uses cos_97 as that is currently the latest
 	# May need to be changed when updates occur to the scanner
 	newins configs/full/cos_97/instance_scanning.textproto cis_config.textproto

 	# Envionment variables used by cis-compliance-scanner services
 	insinto /etc/cis-scanner
 	doins "${FILESDIR}"/env_vars

 	if [ "${ARCH}" = "arm64" ]; then
 		systemd_newunit "${FILESDIR}"/cis-compliance-scanner-arm64.service cis-compliance-scanner.service
 		systemd_newunit "${FILESDIR}"/cis-level1-arm64.service cis-level1.service
 		systemd_newunit "${FILESDIR}"/cis-level2-arm64.service cis-level2.service
 	elif [ "${ARCH}" = "amd64" ]; then
 		systemd_newunit "${FILESDIR}"/cis-compliance-scanner-amd64.service cis-compliance-scanner.service
 		systemd_newunit "${FILESDIR}"/cis-level1-amd64.service cis-level1.service
 		systemd_newunit "${FILESDIR}"/cis-level2-amd64.service cis-level2.service
 	else
 		eerror "unsupported architecture: ${ARCH}"
 		die
 	fi
 	systemd_dounit "${FILESDIR}"/cis-compliance-scanner.timer

 	# Start cis-level1.service at bootup time
 	systemd_enable_service multi-user.target cis-level1.service
 }
	#
	# Copyright 2023 Google LLC
	#
	# This program is free software; you can redistribute it and/or
	# modify it under the terms of the GNU General Public License
	# version 2 as published by the Free Software Foundation.
	#
	# This program is distributed in the hope that it will be useful,
	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	# GNU General Public License for more details.
	#

	EAPI=7

	inherit go-module systemd

	DESCRIPTION="Google CIS Scanner"
	HOMEPAGE="https://github.com/google/localtoast"

	EGO_SUM=(
	"bitbucket.org/creachadair/stringset v0.0.10"
	"bitbucket.org/creachadair/stringset v0.0.10/go.mod"
	"github.com/BurntSushi/toml v0.4.1/go.mod"
	"github.com/go-sql-driver/mysql v1.6.0"
	"github.com/go-sql-driver/mysql v1.6.0/go.mod"
	"github.com/golang/protobuf v1.5.0"
	"github.com/golang/protobuf v1.5.0/go.mod"
	"github.com/google/go-cmp v0.5.5/go.mod"
	"github.com/google/go-cmp v0.5.6"
	"github.com/google/go-cmp v0.5.6/go.mod"
	"golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod"
	"golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1"
	"golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod"
	"google.golang.org/protobuf v1.26.0-rc.1/go.mod"
	"google.golang.org/protobuf v1.27.1"
	"google.golang.org/protobuf v1.27.1/go.mod"
	)

	go-module_set_globals

	SRC_URI="https://github.com/google/localtoast/archive/${PV}.tar.gz -> ${P}.tar.gz
	grafeas-0163b5bb2ff5afbf059ddf472fb4d128faae85e3.tar.gz
	${EGO_SUM_SRC_URI}"

	# In order to list licenses of dependencies, build the package and run
	# `go-licenses csv "github.com/google/localtoast"`
	LICENSE="Apache-2.0 BSD MPL-2.0"
	SLOT="0"
	KEYWORDS="*"
	IUSE=""
	DEPEND=""
	RDEPEND="${DEPEND}
	app-admin/cis-compliance
	"

	PATCHES=(
	# patch for changing system account range to 101:999
	"${FILESDIR}"/system-accounts-secured.patch
	)

	src_compile() {
	export GOTRACEBACK="crash"
	GO=$(tc-getGO)
	export GO

	# There is a dependency to download grafeas separately as they don't provide
	# compiled versions to be included in the go.sum. Add the grafeas version
	# found in the localtoast build_protos.sh file to the local mirror and
	# update accrodingly here and in SRC_URI.
	mv "${WORKDIR}"/grafeas-0163b5bb2ff5afbf059ddf472fb4d128faae85e3/proto/v1 scannerlib/proto
	rm -r "${WORKDIR}"/0163b5bb2ff5afbf059ddf472fb4d128faae85e3
	sed -i 's\option go_package = ".*";\option go_package = "github.com/google/localtoast/scannerlib/proto/compliance_go_proto";\g' scannerlib/proto/v1/compliance.proto
	sed -i 's\option go_package = ".*";\option go_package = "github.com/google/localtoast/scannerlib/proto/severity_go_proto";\g' scannerlib/proto/v1/severity.proto

	# Compile protos.
	protoc -I=scannerlib --go_out=scannerlib/proto scannerlib/proto/*.proto scannerlib/proto/v1/compliance.proto scannerlib/proto/v1/severity.proto

	# Clean up.
	mv scannerlib/proto/github.com/google/localtoast/scannerlib/proto/* scannerlib/proto/
	rm -r scannerlib/proto/github.com

	# Build the CIS Scanner
	CGO_ENABLED=0 ${GO} build localtoast.go \|\| die
	}


	src_install() {
	ebegin "Installing CIS Scanner"
	newbin localtoast cis_scanner

	# Make the cis scanner config
	# This is needed as the configs are split into general_linux and cos specific
	# benchmarks. This creates the full cos config combining both of those for the
	# specific branch that the config is meant for.
	emake configs
	# Install the cis scanner config
	CONFIG_PATH=/usr/share/google/security/cis-compliance/
	insinto ${CONFIG_PATH}
	# Path uses cos_97 as that is currently the latest
	# May need to be changed when updates occur to the scanner
	newins configs/full/cos_97/instance_scanning.textproto cis_config.textproto

	# Envionment variables used by cis-compliance-scanner services
	insinto /etc/cis-scanner
	doins "${FILESDIR}"/env_vars

	if [ "${ARCH}" = "arm64" ]; then
	systemd_newunit "${FILESDIR}"/cis-compliance-scanner-arm64.service cis-compliance-scanner.service
	systemd_newunit "${FILESDIR}"/cis-level1-arm64.service cis-level1.service
	systemd_newunit "${FILESDIR}"/cis-level2-arm64.service cis-level2.service
	elif [ "${ARCH}" = "amd64" ]; then
	systemd_newunit "${FILESDIR}"/cis-compliance-scanner-amd64.service cis-compliance-scanner.service
	systemd_newunit "${FILESDIR}"/cis-level1-amd64.service cis-level1.service
	systemd_newunit "${FILESDIR}"/cis-level2-amd64.service cis-level2.service
	else
	eerror "unsupported architecture: ${ARCH}"
	die
	fi
	systemd_dounit "${FILESDIR}"/cis-compliance-scanner.timer

	# Start cis-level1.service at bootup time
	systemd_enable_service multi-user.target cis-level1.service
	}