project-lakitu/app-admin/localtoast/localtoast-1.1.4.3.ebuild

#
# Copyright 2022 Google LLC
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# version 2 as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#

EAPI=7

inherit go-module systemd

DESCRIPTION="Google CIS Scanner"
HOMEPAGE="https://github.com/google/localtoast"

EGO_SUM=(
	"bitbucket.org/creachadair/stringset v0.0.10"
	"bitbucket.org/creachadair/stringset v0.0.10/go.mod"
	"github.com/BurntSushi/toml v0.4.1/go.mod"
	"github.com/go-sql-driver/mysql v1.6.0"
	"github.com/go-sql-driver/mysql v1.6.0/go.mod"
	"github.com/golang/protobuf v1.5.0"
	"github.com/golang/protobuf v1.5.0/go.mod"
	"github.com/google/go-cmp v0.5.5/go.mod"
	"github.com/google/go-cmp v0.5.6"
	"github.com/google/go-cmp v0.5.6/go.mod"
	"golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod"
	"golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1"
	"golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod"
	"google.golang.org/protobuf v1.26.0-rc.1/go.mod"
	"google.golang.org/protobuf v1.27.1"
	"google.golang.org/protobuf v1.27.1/go.mod"
)

go-module_set_globals

SRC_URI="https://github.com/google/localtoast/archive/${PV}.tar.gz -> ${P}.tar.gz
	${EGO_SUM_SRC_URI}"

# In order to list licenses of dependencies, build the package and run
# `go-licenses csv "github.com/google/localtoast"`
LICENSE="Apache-2.0 BSD MPL-2.0"
SLOT="0"
KEYWORDS="*"
IUSE=""
DEPEND=""
RDEPEND="${DEPEND}
	app-admin/cis-compliance
"


src_compile() {
	export GOTRACEBACK="crash"
	GO=$(tc-getGO)
	export GO

	# Install protoc-gen-go v1.27.1 to ${S}/bin.
	# TODO: Remove the following once we upgrade default protoc-gen-go above
	# v1.20.0 according to https://github.com/golang/protobuf/issues/39
	mkdir "${S}"/bin
	go build -o "${S}"/bin/protoc-gen-go google.golang.org/protobuf/cmd/protoc-gen-go

	# Compile proto files with the installed protoc-gen-go
	# They are created at github.com/google/localtoast/scannerlib/proto/*.
	# Then we move them to scannerlib/proto where localtoast expects to find
	# them.
	PROTOC_GEN_GO="${S}"/bin/protoc-gen-go
	protoc -I=. --go_out=. --plugin="${PROTOC_GEN_GO}" scannerlib/proto/*.proto
	mv github.com/google/localtoast/scannerlib/proto/* scannerlib/proto/
	rm -r github.com

	# Build the CIS Scanner
	CGO_ENABLED=0 ${GO} build localtoast.go || die
}

src_install() {
	ebegin "Installing CIS Scanner"
	newbin localtoast cis_scanner

	# Install the cis scanner config
	CONFIG_PATH=/usr/share/google/security/cis-compliance/
	insinto ${CONFIG_PATH}
	newins "${S}"/configs/cos_97/instance_scanning.textproto cis_config.textproto

	# Envionment variables used by cis-compliance-scanner services
	insinto /etc/cis-scanner
	doins "${FILESDIR}"/env_vars

	if [ "${ARCH}" = "arm64" ]; then
		systemd_newunit "${FILESDIR}"/cis-compliance-scanner-arm64.service cis-compliance-scanner.service
		systemd_newunit "${FILESDIR}"/cis-level1-arm64.service cis-level1.service
		systemd_newunit "${FILESDIR}"/cis-level2-arm64.service cis-level2.service
	elif [ "${ARCH}" = "amd64" ]; then
		systemd_newunit "${FILESDIR}"/cis-compliance-scanner-amd64.service cis-compliance-scanner.service
		systemd_newunit "${FILESDIR}"/cis-level1-amd64.service cis-level1.service
		systemd_newunit "${FILESDIR}"/cis-level2-amd64.service cis-level2.service
	else
		eerror "unsupported architecture: ${ARCH}"
		die
	fi
	systemd_dounit "${FILESDIR}"/cis-compliance-scanner.timer

	# Start cis-level1.service at bootup time
	systemd_enable_service multi-user.target cis-level1.service
}