| # |
| # Copyright 2022 Google LLC |
| # |
| # This program is free software; you can redistribute it and/or |
| # modify it under the terms of the GNU General Public License |
| # version 2 as published by the Free Software Foundation. |
| # |
| # This program is distributed in the hope that it will be useful, |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| # GNU General Public License for more details. |
| # |
| |
| EAPI=7 |
| |
| inherit go-module systemd |
| |
| DESCRIPTION="Google CIS Scanner" |
| HOMEPAGE="https://github.com/google/localtoast" |
| |
| EGO_SUM=( |
| "bitbucket.org/creachadair/stringset v0.0.10" |
| "bitbucket.org/creachadair/stringset v0.0.10/go.mod" |
| "github.com/BurntSushi/toml v0.4.1/go.mod" |
| "github.com/go-sql-driver/mysql v1.6.0" |
| "github.com/go-sql-driver/mysql v1.6.0/go.mod" |
| "github.com/golang/protobuf v1.5.0" |
| "github.com/golang/protobuf v1.5.0/go.mod" |
| "github.com/google/go-cmp v0.5.5/go.mod" |
| "github.com/google/go-cmp v0.5.6" |
| "github.com/google/go-cmp v0.5.6/go.mod" |
| "golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod" |
| "golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1" |
| "golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod" |
| "google.golang.org/protobuf v1.26.0-rc.1/go.mod" |
| "google.golang.org/protobuf v1.27.1" |
| "google.golang.org/protobuf v1.27.1/go.mod" |
| ) |
| |
| go-module_set_globals |
| |
| SRC_URI="https://github.com/google/localtoast/archive/${PV}.tar.gz -> ${P}.tar.gz |
| ${EGO_SUM_SRC_URI}" |
| |
| # In order to list licenses of dependencies, build the package and run |
| # `go-licenses csv "github.com/google/localtoast"` |
| LICENSE="Apache-2.0 BSD MPL-2.0" |
| SLOT="0" |
| KEYWORDS="*" |
| IUSE="" |
| DEPEND="" |
| RDEPEND="${DEPEND} |
| app-admin/cis-compliance |
| " |
| |
| |
| src_compile() { |
| export GOTRACEBACK="crash" |
| GO=$(tc-getGO) |
| export GO |
| |
| # Install protoc-gen-go v1.27.1 to ${S}/bin. |
| # TODO: Remove the following once we upgrade default protoc-gen-go above |
| # v1.20.0 according to https://github.com/golang/protobuf/issues/39 |
| mkdir "${S}"/bin |
| go build -o "${S}"/bin/protoc-gen-go google.golang.org/protobuf/cmd/protoc-gen-go |
| |
| # Compile proto files with the installed protoc-gen-go |
| # They are created at github.com/google/localtoast/scannerlib/proto/*. |
| # Then we move them to scannerlib/proto where localtoast expects to find |
| # them. |
| PROTOC_GEN_GO="${S}"/bin/protoc-gen-go |
| protoc -I=. --go_out=. --plugin="${PROTOC_GEN_GO}" scannerlib/proto/*.proto |
| mv github.com/google/localtoast/scannerlib/proto/* scannerlib/proto/ |
| rm -r github.com |
| |
| # Build the CIS Scanner |
| CGO_ENABLED=0 ${GO} build localtoast.go || die |
| } |
| |
| src_install() { |
| ebegin "Installing CIS Scanner" |
| newbin localtoast cis_scanner |
| |
| # Install the cis scanner config |
| CONFIG_PATH=/usr/share/google/security/cis-compliance/ |
| insinto ${CONFIG_PATH} |
| newins "${S}"/configs/cos_97/instance_scanning.textproto cis_config.textproto |
| |
| # Envionment variables used by cis-compliance-scanner services |
| insinto /etc/cis-scanner |
| doins "${FILESDIR}"/env_vars |
| |
| if [ "${ARCH}" = "arm64" ]; then |
| systemd_newunit "${FILESDIR}"/cis-compliance-scanner-arm64.service cis-compliance-scanner.service |
| systemd_newunit "${FILESDIR}"/cis-level1-arm64.service cis-level1.service |
| systemd_newunit "${FILESDIR}"/cis-level2-arm64.service cis-level2.service |
| elif [ "${ARCH}" = "amd64" ]; then |
| systemd_newunit "${FILESDIR}"/cis-compliance-scanner-amd64.service cis-compliance-scanner.service |
| systemd_newunit "${FILESDIR}"/cis-level1-amd64.service cis-level1.service |
| systemd_newunit "${FILESDIR}"/cis-level2-amd64.service cis-level2.service |
| else |
| eerror "unsupported architecture: ${ARCH}" |
| die |
| fi |
| systemd_dounit "${FILESDIR}"/cis-compliance-scanner.timer |
| |
| # Start cis-level1.service at bootup time |
| systemd_enable_service multi-user.target cis-level1.service |
| } |