diff options
Diffstat (limited to 'recipes-ids/samhain')
11 files changed, 172 insertions, 90 deletions
diff --git a/recipes-ids/samhain/files/0001-Don-t-expose-configure-args.patch b/recipes-ids/samhain/files/0001-Don-t-expose-configure-args.patch new file mode 100644 index 0000000..fedbe5b --- /dev/null +++ b/recipes-ids/samhain/files/0001-Don-t-expose-configure-args.patch @@ -0,0 +1,44 @@ +From 111b1e8f35e989513d8961a45a806767109f6e1e Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Thu, 11 Aug 2022 17:15:30 +0800 +Subject: [PATCH] Don't expose configure args + +Don't expost configure args to fix buildpath issue. + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + scripts/samhain.ebuild-light.in | 2 +- + scripts/samhain.ebuild.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/scripts/samhain.ebuild-light.in b/scripts/samhain.ebuild-light.in +index 2b09cdb..b7f7062 100644 +--- a/scripts/samhain.ebuild-light.in ++++ b/scripts/samhain.ebuild-light.in +@@ -55,7 +55,7 @@ src_compile() { + # --with-state-dir=/var/lib/${PN} \ + # --with-log-file=/var/log/${PN}.log \ + +- ./configure ${myconf} @mydefargs@ || die ++ ./configure ${myconf} mydefargs || die + emake || die + + echo '#!/bin/sh' > ./sstrip +diff --git a/scripts/samhain.ebuild.in b/scripts/samhain.ebuild.in +index 635a746..b9a42e7 100644 +--- a/scripts/samhain.ebuild.in ++++ b/scripts/samhain.ebuild.in +@@ -55,7 +55,7 @@ src_compile() { + # --with-state-dir=/var/lib/${PN} \ + # --with-log-file=/var/log/${PN}.log \ + +- ./configure ${myconf} @mydefargs@ || die ++ ./configure ${myconf} mydefargs || die + emake || die + + echo '#!/bin/sh' > ./sstrip +-- +2.25.1 + diff --git a/recipes-ids/samhain/files/samhain-avoid-searching-host-for-postgresql.patch b/recipes-ids/samhain/files/samhain-avoid-searching-host-for-postgresql.patch index 6bf67e0..a84229e 100644 --- a/recipes-ids/samhain/files/samhain-avoid-searching-host-for-postgresql.patch +++ b/recipes-ids/samhain/files/samhain-avoid-searching-host-for-postgresql.patch @@ -10,11 +10,11 @@ Signed-off-by: Jackie Huang <jackie.huang@windriver.com> configure.ac | 101 +++-------------------------------------------------------- 1 file changed, 5 insertions(+), 96 deletions(-) -diff --git a/configure.ac b/configure.ac -index a224c68..f658d53 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1278,90 +1278,11 @@ AC_ARG_WITH(database, +Index: samhain-4.4.2/configure.ac +=================================================================== +--- samhain-4.4.2.orig/configure.ac ++++ samhain-4.4.2/configure.ac +@@ -1290,90 +1290,11 @@ AC_ARG_WITH(database, AC_DEFINE(WITH_POSTGRES) AC_DEFINE(WITH_DATABASE) # @@ -110,7 +110,7 @@ index a224c68..f658d53 100644 LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lm" if test x"$enable_static" = xyes; then LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lcrypt -lm" -@@ -1370,18 +1291,6 @@ AC_ARG_WITH(database, +@@ -1382,18 +1303,6 @@ AC_ARG_WITH(database, fi # CFLAGS="$CFLAGS -I${PGSQL_INC_DIR}" CPPFLAGS="$CPPFLAGS -I${PGSQL_INC_DIR}" @@ -129,6 +129,3 @@ index a224c68..f658d53 100644 fi elif test "x${withval}" = "xodbc"; then AC_MSG_CHECKING(for odbc in /usr /usr/local ODBC_HOME) --- -2.11.0 - diff --git a/recipes-ids/samhain/files/samhain-configure-add-option-for-ps.patch b/recipes-ids/samhain/files/samhain-configure-add-option-for-ps.patch index 8de0735..7e7f86e 100644 --- a/recipes-ids/samhain/files/samhain-configure-add-option-for-ps.patch +++ b/recipes-ids/samhain/files/samhain-configure-add-option-for-ps.patch @@ -14,29 +14,14 @@ to avoid host contamination. Upstream-Status: Inappropriate [cross compile specific] Signed-off-by: Jackie Huang <jackie.huang@windriver.com> ---- - aclocal.m4 | 2 +- - configure.ac | 60 ++++++++++-------------------------------------------------- - 2 files changed, 11 insertions(+), 51 deletions(-) +[AK: refactored for 4.4.3] +Signed-off-by: Armin Kuster <akuster808@gmail.com> -diff --git a/aclocal.m4 b/aclocal.m4 -index a2e59a6..cd20a2f 100644 ---- a/aclocal.m4 -+++ b/aclocal.m4 -@@ -409,7 +409,7 @@ x_includes=NONE - x_libraries=NONE - DESTDIR= - SH_ENABLE_OPTS="selinux posix-acl asm ssp db-reload xml-log message-queue login-watch process-check port-check mounts-check logfile-monitor userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc ipv6 shellexpand suid" --SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file" -+SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file ps-path" - - # Installation directory options. - # These are left unexpanded so users can "make install exec_prefix=/foo" -diff --git a/configure.ac b/configure.ac -index 5910b1f..8c3e087 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -730,56 +730,16 @@ then +Index: samhain-4.4.2/configure.ac +=================================================================== +--- samhain-4.4.2.orig/configure.ac ++++ samhain-4.4.2/configure.ac +@@ -743,56 +743,16 @@ then fi AC_CHECK_HEADERS(gmp.h) @@ -55,7 +40,16 @@ index 5910b1f..8c3e087 100644 - AC_MSG_ERROR([Cannot find ps in any of /usr/ucb /bin /usr/bin]) -fi -AC_DEFINE_UNQUOTED([PSPATH], _("$PS"), [Path to ps]) -- ++AC_ARG_WITH(ps-path, ++ [ --with-ps-path=PATH set path to ps command ], ++ [ ++ if test "x${withval}" != xno; then ++ pspath="${withval}" ++ AC_DEFINE_UNQUOTED([PSPATH], _("${pspath}"), [Path to ps]) ++ AC_DEFINE_UNQUOTED([PSARG], _("ax"), [Argument for ps]) ++ fi ++ ]) + -AC_MSG_CHECKING([how to use ps]) -$PS ax >/dev/null 2>&1 -if test $? -eq 0; then @@ -90,19 +84,19 @@ index 5910b1f..8c3e087 100644 - PSARG="-e" -fi -AC_DEFINE_UNQUOTED([PSARG], _("$PSARG"), [Argument for ps]) -+AC_ARG_WITH(ps-path, -+ [ --with-ps-path=PATH set path to ps command ], -+ [ -+ if test "x${withval}" != xno; then -+ pspath="${withval}" -+ AC_DEFINE_UNQUOTED([PSPATH], _("${pspath}"), [Path to ps]) -+ AC_DEFINE_UNQUOTED([PSARG], _("ax"), [Argument for ps]) -+ fi -+ ]) -+ AC_MSG_RESULT([$PS $PSARG]) dnl ***************************************** --- -1.9.1 - +Index: samhain-4.4.2/aclocal.m4 +=================================================================== +--- samhain-4.4.2.orig/aclocal.m4 ++++ samhain-4.4.2/aclocal.m4 +@@ -409,7 +409,7 @@ x_includes=NONE + x_libraries=NONE + DESTDIR= + SH_ENABLE_OPTS="selinux posix-acl asm ssp db-reload xml-log message-queue login-watch process-check port-check mounts-check logfile-monitor userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc ipv6 shellexpand suid" +-SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver signify pubkey-checksum gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file" ++SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file ps-path" + + # Installation directory options. + # These are left unexpanded so users can "make install exec_prefix=/foo" diff --git a/recipes-ids/samhain/files/samhain-fix-initializer-element-is-not-constant.patch b/recipes-ids/samhain/files/samhain-fix-initializer-element-is-not-constant.patch new file mode 100644 index 0000000..72cb880 --- /dev/null +++ b/recipes-ids/samhain/files/samhain-fix-initializer-element-is-not-constant.patch @@ -0,0 +1,28 @@ +Fix error when compile for powerpc: + +| x_sh_dbIO.c: In function 'swap_short': +| x_sh_dbIO.c:229:36: error: initializer element is not constant +| 229 | static unsigned short ooop = *iptr; +| | ^ + +Upstream-Status: Pending + +Signed-off-by: Kai Kang <kai.kang@windriver.com> +--- + src/sh_dbIO.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/sh_dbIO.c b/src/sh_dbIO.c +index b547ac5..23a9621 100644 +--- a/src/sh_dbIO.c ++++ b/src/sh_dbIO.c +@@ -226,7 +226,8 @@ static unsigned short * swap_short (unsigned short * iptr) + else + { + /* alignment problem */ +- static unsigned short ooop = *iptr; ++ static unsigned short ooop; ++ ooop = *iptr; + unsigned short hi = (ooop & 0xff00); + unsigned short lo = (ooop & 0xff); + ooop = (lo << 8) | (hi >> 8); diff --git a/recipes-ids/samhain/files/samhain-not-run-ptest-on-host.patch b/recipes-ids/samhain/files/samhain-not-run-ptest-on-host.patch index 5284313..e00fc2a 100644 --- a/recipes-ids/samhain/files/samhain-not-run-ptest-on-host.patch +++ b/recipes-ids/samhain/files/samhain-not-run-ptest-on-host.patch @@ -1,6 +1,6 @@ not run test on host, since we are doing cross-compile -Upstream-status: Inappropriate [cross compile specific] +Upstream-Status: Inappropriate [cross compile specific] Signed-off-by: Roy Li <rongqing.li@windriver.com> --- diff --git a/recipes-ids/samhain/files/samhain-pid-path.patch b/recipes-ids/samhain/files/samhain-pid-path.patch index 592bd16..8fdadd1 100644 --- a/recipes-ids/samhain/files/samhain-pid-path.patch +++ b/recipes-ids/samhain/files/samhain-pid-path.patch @@ -2,15 +2,15 @@ commit a932b03b65edeb02ccad2fce06bfa68a8f2fbb04 Author: Aws Ismail <aws.ismail@windriver.com> Date: Thu Jan 10 16:29:05 2013 -0500 - Set the PID Lock path for samhain.pid +Set the PID Lock path for samhain.pid - The explicit path for samhain.pid inorder - for samhain to work properly after it initial - database build. +The explicit path for samhain.pid inorder +for samhain to work properly after it initial +database build. - Upstream-Status: Inappropriate [configuration] +Upstream-Status: Inappropriate [configuration] - Signed-off-by: Aws Ismail <aws.ismail@windriver.com> +Signed-off-by: Aws Ismail <aws.ismail@windriver.com> diff --git a/samhainrc.linux b/samhainrc.linux index 10a8176..a7b06e6 100644 diff --git a/recipes-ids/samhain/files/samhain-server-volatiles.conf b/recipes-ids/samhain/files/samhain-server-volatiles.conf new file mode 100644 index 0000000..f2ea390 --- /dev/null +++ b/recipes-ids/samhain/files/samhain-server-volatiles.conf @@ -0,0 +1 @@ +d /var/log/yule 0775 daemon daemon - diff --git a/recipes-ids/samhain/samhain-client.bb b/recipes-ids/samhain/samhain-client.bb index 0f53a8c..0de9c34 100644 --- a/recipes-ids/samhain/samhain-client.bb +++ b/recipes-ids/samhain/samhain-client.bb @@ -8,5 +8,8 @@ EXTRA_OECONF += " \ --with-port=${SAMHAIN_PORT} \ " -RDEPENDS_${PN} = "acl zlib attr bash" -RCONFLICTS_${PN} = "samhain-standalone" +MODE_NAME = "client" +SAMHAIN_MODE = "client" + +RDEPENDS:${PN} = "acl zlib attr bash" +RCONFLICTS:${PN} = "samhain-standalone" diff --git a/recipes-ids/samhain/samhain-server.bb b/recipes-ids/samhain/samhain-server.bb index d304912..8bae2d2 100644 --- a/recipes-ids/samhain/samhain-server.bb +++ b/recipes-ids/samhain/samhain-server.bb @@ -4,18 +4,29 @@ require samhain.inc DEPENDS = "gmp" -SRC_URI += "file://samhain-server-volatiles" +SRC_URI += "file://samhain-server-volatiles \ + file://samhain-server-volatiles.conf \ + " + +MODE_NAME = "server" +SAMHAIN_MODE = "server" TARGET_CC_ARCH += "${LDFLAGS}" -do_install_append() { - install -d ${D}${sysconfdir}/default/volatiles - install -m 0644 ${WORKDIR}/samhain-server-volatiles \ - ${D}${sysconfdir}/default/volatiles/samhain-server +do_install:append() { + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + install -m 0644 ${WORKDIR}/samhain-server-volatiles.conf \ + ${D}${sysconfdir}/tmpfiles.d/samhain-server.conf + else + install -d ${D}${sysconfdir}/default/volatiles + install -m 0644 ${WORKDIR}/samhain-server-volatiles \ + ${D}${sysconfdir}/default/volatiles/samhain-server + fi install -m 700 samhain-install.sh init/samhain.startLinux \ init/samhain.startLSB ${D}/var/lib/samhain } -RDEPENDS_${PN} += "gmp bash perl" -RCONFLICTS_${PN} = "samhain-standalone" +RDEPENDS:${PN} += "gmp bash perl" +RCONFLICTS:${PN} = "samhain-standalone" diff --git a/recipes-ids/samhain/samhain-standalone.bb b/recipes-ids/samhain/samhain-standalone.bb index 4fed9e9..ae9ed2b 100644 --- a/recipes-ids/samhain/samhain-standalone.bb +++ b/recipes-ids/samhain/samhain-standalone.bb @@ -1,12 +1,16 @@ require samhain.inc SRC_URI += "file://samhain-not-run-ptest-on-host.patch \ + file://0001-Don-t-expose-configure-args.patch \ file://run-ptest \ " PROVIDES += "samhain" -SYSTEMD_SERVICE_${PN} = "samhain.service" +MODE_NAME = "standalone" +SAMHAIN_MODE = "no" + +SYSTEMD_SERVICE:${PN} = "samhain.service" inherit ptest @@ -18,7 +22,7 @@ do_compile() { oe_runmake "$@" } -do_install_append() { +do_install:append() { ln -sf ${INITSCRIPT_NAME} ${D}${sysconfdir}/init.d/samhain } @@ -27,5 +31,5 @@ do_install_ptest() { install ${S}/cutest ${D}${PTEST_PATH} } -RPROVIDES_${PN} += "samhain" -RCONFLICTS_${PN} = "samhain-client samhain-server" +RPROVIDES:${PN} += "samhain" +RCONFLICTS:${PN} = "samhain-client samhain-server" diff --git a/recipes-ids/samhain/samhain.inc b/recipes-ids/samhain/samhain.inc index 91eb697..f5bea1d 100644 --- a/recipes-ids/samhain/samhain.inc +++ b/recipes-ids/samhain/samhain.inc @@ -1,11 +1,14 @@ DESCRIPTION = "Provides file integrity checking and log file monitoring/analysis" HOMEPAGE = "http://www.la-samhna.de/samhain/" -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b" -PV = "4.3.3" +PV = "4.4.10" -SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \ +SRC_URI = "https://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \ + file://${INITSCRIPT_NAME}.init \ + file://${INITSCRIPT_NAME}.default \ + file://samhain.service \ file://samhain-mips64-aarch64-dnmalloc-hash-fix.patch \ file://samhain-samhainrc.patch \ file://samhain-samhainrc-fix-files-dirs-path.patch \ @@ -15,13 +18,10 @@ SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \ file://samhain-avoid-searching-host-for-postgresql.patch \ file://samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch \ file://fix-build-with-new-version-attr.patch \ - file://${INITSCRIPT_NAME}.init \ - file://${INITSCRIPT_NAME}.default \ - file://samhain.service \ + file://samhain-fix-initializer-element-is-not-constant.patch \ " -SRC_URI[md5sum] = "7be46ae7d03f53ba21afafd41cff8926" -SRC_URI[sha256sum] = "33ad4bc3dad4699694553bd9635a6b5827939f965d1f0f05fce0b4e9cdadf21b" +SRC_URI[sha256sum] = "ae6ee8eff3cb111b7fc14a57bcc258443dd0bcf1bfacfdf229935ed053c1ce3d" UPSTREAM_CHECK_URI = "https://www.la-samhna.de/samhain/archive.html" UPSTREAM_CHECK_REGEX = "samhain_signed-(?P<pver>(\d+(\.\d+)+))\.tar" @@ -37,17 +37,9 @@ INITSCRIPT_NAME = "${BPN}" INITSCRIPT_PARAMS ?= "defaults" SYSTEMD_PACKAGES = "${PN}" -SYSTEMD_SERVICE_${PN} = "${INITSCRIPT_NAME}.service" +SYSTEMD_SERVICE:${PN} = "${INITSCRIPT_NAME}.service" SYSTEMD_AUTO_ENABLE = "disable" -# mode mapping: -# BPN MODE_NAME SAMHAIN_MODE -# samhain-standalone standalone no -# samhain-client client client -# samhain-server server server -MODE_NAME = "${@d.getVar('BPN').split('-')[1]}" -SAMHAIN_MODE = "${@oe.utils.ifelse(d.getVar('MODE_NAME') == 'standalone', 'no', '${MODE_NAME}')}" - # supports mysql|postgresql|oracle|odbc but postgresql is the only one available PACKAGECONFIG ??= "postgresql ps \ @@ -67,20 +59,24 @@ PACKAGECONFIG[acl] = " --enable-posix-acl , --disable-posix-acl, acl" PACKAGECONFIG[audit] = "ac_cv_header_auparse_h=yes,ac_cv_header_auparse_h=no,audit" PACKAGECONFIG[ps] = "--with-ps-path=${base_bindir}/ps,,,procps" +EXTRA_OECONF += "INSTALL='install -p'" +EXTRA_OEMAKE:append:aarch64 = " CPPFLAGS+=-DCONFIG_ARCH_AARCH64=1" +EXTRA_OEMAKE:append:mips64 = " CPPFLAGS+=-DCONFIG_ARCH_MIPS64=1" + do_unpack_samhain() { cd ${WORKDIR} tar -xzvf samhain-${PV}.tar.gz } -python do_unpack_append() { +python do_unpack:append() { bb.build.exec_func('do_unpack_samhain', d) } -do_configure_prepend_arm() { +do_configure:prepend:arm() { export sh_cv___va_copy=yes } -do_configure_prepend_aarch64() { +do_configure:prepend:aarch64() { export sh_cv___va_copy=yes } @@ -88,12 +84,15 @@ do_configure_prepend_aarch64() { # use the prefix --oldincludedir=/usr/include which is not # recognized by Samhain's configure script and would invariably # throw back the error "unrecognized option: --oldincludedir=/usr/include" -do_configure_prepend () { +do_configure:prepend () { cat << EOF > ${S}/config-site.${BP} ssp_cv_lib=no sh_cv_va_copy=yes EOF export CONFIG_SITE=${S}/config-site.${BP} + # remove the buildpath + sed -i -e 's;mydefarg;mydefargholder;g' ${S}/scripts/samhain.ebuild.in + sed -i -e 's;mydefarg;mydefargholder;g' ${S}/scripts/samhain.ebuild-light.in } do_configure () { @@ -118,17 +117,16 @@ do_configure () { --enable-network=${SAMHAIN_MODE} \ --with-pid-file=${localstatedir}/run/samhain.pid \ --with-data-file=${localstatedir}/lib/samhain/samhain_file \ - --disable-dnmalloc \ ${EXTRA_OECONF} } -do_compile_prepend_libc-musl () { +do_compile:prepend:libc-musl () { sed -i 's/^#define HAVE_MALLOC_H.*//' ${B}/config.h } # Install the init script, it's default file, and the extraneous # documentation. -do_install_append () { +do_install:append () { oe_runmake install DESTDIR='${D}' INSTALL=install-boot install -D -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.init \ @@ -159,6 +157,8 @@ do_install_append () { if [ -d ${D}${localstatedir}/run ]; then rmdir ${D}${localstatedir}/run fi + + rm -rf ${D}${localstatedir}/log } -FILES_${PN} += "${systemd_system_unitdir}" +FILES:${PN} += "${systemd_system_unitdir}" |