aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-ids/samhain/samhain.inc
blob: f5bea1de6b680302df4273c79fd06f10a1faec60 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
DESCRIPTION = "Provides file integrity checking and log file monitoring/analysis"
HOMEPAGE    = "http://www.la-samhna.de/samhain/"
LICENSE     = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b"

PV = "4.4.10"

SRC_URI = "https://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
           file://${INITSCRIPT_NAME}.init \
           file://${INITSCRIPT_NAME}.default \
           file://samhain.service \
           file://samhain-mips64-aarch64-dnmalloc-hash-fix.patch \
           file://samhain-samhainrc.patch \
           file://samhain-samhainrc-fix-files-dirs-path.patch \
           file://samhain-pid-path.patch \
           file://samhain-sha256-big-endian.patch \
           file://samhain-configure-add-option-for-ps.patch \
           file://samhain-avoid-searching-host-for-postgresql.patch \
           file://samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch \
           file://fix-build-with-new-version-attr.patch \
           file://samhain-fix-initializer-element-is-not-constant.patch \
           "

SRC_URI[sha256sum] = "ae6ee8eff3cb111b7fc14a57bcc258443dd0bcf1bfacfdf229935ed053c1ce3d"

UPSTREAM_CHECK_URI = "https://www.la-samhna.de/samhain/archive.html"
UPSTREAM_CHECK_REGEX = "samhain_signed-(?P<pver>(\d+(\.\d+)+))\.tar"

S = "${WORKDIR}/samhain-${PV}"

inherit autotools-brokensep update-rc.d pkgconfig systemd

SAMHAIN_PORT ??= "49777"
SAMHAIN_SERVER ??= "NULL"

INITSCRIPT_NAME = "${BPN}"
INITSCRIPT_PARAMS ?= "defaults"

SYSTEMD_PACKAGES = "${PN}"
SYSTEMD_SERVICE:${PN} = "${INITSCRIPT_NAME}.service"
SYSTEMD_AUTO_ENABLE = "disable"

# supports mysql|postgresql|oracle|odbc but postgresql is the only one available

PACKAGECONFIG ??= "postgresql ps \
    ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \
    ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)} \
    ${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)} \
"

PACKAGECONFIG[postgresql]  = "--with-database=postgresql --enable-xml-log PGSQL_INC_DIR=${STAGING_INCDIR} PGSQL_LIB_DIR=${STAGING_LIBDIR}, , postgresql"
PACKAGECONFIG[suidcheck]  = "--enable-suidcheck, , "
PACKAGECONFIG[logwatch]  = "--enable-login-watch, , "
PACKAGECONFIG[mounts]  = "--enable-mounts-check, , "
PACKAGECONFIG[userfiles]  = "--enable-userfiles, , "
PACKAGECONFIG[ipv6]  = "--enable-ipv6,--disable-ipv6,"
PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux attr"
PACKAGECONFIG[acl] = " --enable-posix-acl , --disable-posix-acl, acl"
PACKAGECONFIG[audit] = "ac_cv_header_auparse_h=yes,ac_cv_header_auparse_h=no,audit"
PACKAGECONFIG[ps] = "--with-ps-path=${base_bindir}/ps,,,procps"

EXTRA_OECONF += "INSTALL='install -p'"
EXTRA_OEMAKE:append:aarch64 = " CPPFLAGS+=-DCONFIG_ARCH_AARCH64=1"
EXTRA_OEMAKE:append:mips64 = " CPPFLAGS+=-DCONFIG_ARCH_MIPS64=1"

do_unpack_samhain() {
    cd ${WORKDIR}
    tar -xzvf samhain-${PV}.tar.gz
}

python do_unpack:append() {
    bb.build.exec_func('do_unpack_samhain', d)
}

do_configure:prepend:arm() {
    export sh_cv___va_copy=yes
}

do_configure:prepend:aarch64() {
    export sh_cv___va_copy=yes
}

# If we use oe_runconf in do_configure() it will by default
# use the prefix --oldincludedir=/usr/include which is not
# recognized by Samhain's configure script and would invariably
# throw back the error "unrecognized option: --oldincludedir=/usr/include"
do_configure:prepend () {
    cat << EOF > ${S}/config-site.${BP}
ssp_cv_lib=no
sh_cv_va_copy=yes
EOF
    export CONFIG_SITE=${S}/config-site.${BP}
    # remove the buildpath
    sed -i -e 's;mydefarg;mydefargholder;g' ${S}/scripts/samhain.ebuild.in
    sed -i -e 's;mydefarg;mydefargholder;g' ${S}/scripts/samhain.ebuild-light.in
}

do_configure () {
	autoconf -f
	./configure \
	--build=${BUILD_SYS} \
	--host=${HOST_SYS} \
	--target=${TARGET_SYS} \
	--prefix=${prefix} \
	--exec_prefix=${exec_prefix} \
	--bindir=${bindir} \
	--sbindir=${sbindir} \
	--libexecdir=${libexecdir} \
	--datadir=${datadir} \
	--sysconfdir=${sysconfdir} \
	--sharedstatedir=${sharedstatedir} \
	--localstatedir=${localstatedir} \
	--libdir=${libdir} \
	--includedir=${includedir} \
	--infodir=${infodir} \
	--mandir=${mandir} \
	--enable-network=${SAMHAIN_MODE} \
	--with-pid-file=${localstatedir}/run/samhain.pid \
	--with-data-file=${localstatedir}/lib/samhain/samhain_file \
	${EXTRA_OECONF}
}

do_compile:prepend:libc-musl () {
	sed -i 's/^#define HAVE_MALLOC_H.*//' ${B}/config.h
}

# Install the init script, it's default file, and the extraneous
# documentation.
do_install:append () {
	oe_runmake install DESTDIR='${D}' INSTALL=install-boot

	install -D -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.init \
		${D}${sysconfdir}/init.d/${INITSCRIPT_NAME}

	install -D -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.default \
		${D}${sysconfdir}/default/${INITSCRIPT_NAME}

	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
		if [ "${SAMHAIN_MODE}" = "no" ]; then
		    install -D -m 0644 ${WORKDIR}/samhain.service ${D}/${systemd_system_unitdir}/samhain.service
		else
		    install -D -m 0644 ${WORKDIR}/samhain.service ${D}/${systemd_system_unitdir}/${BPN}.service
		fi
		install -D -m 0755 ${WORKDIR}/${BPN}.init ${D}/${libexecdir}/${BPN}
		sed -i -e 's,@LIBDIR@,${libexecdir},' \
		       -e 's,@SAMHAIN_HELPER@,${BPN},' \
		       -e 's,@MODE_NAME@,${MODE_NAME},' \
		       ${D}${systemd_system_unitdir}/samhain*.service
    fi

	install -d ${D}${docdir}/${BPN}
	cp -r docs/* ${D}${docdir}/${BPN}
	cp -r scripts ${D}${docdir}/${BPN}
	install -d -m 755 ${D}${localstatedir}/samhain

	# Prevent QA warnings about installed ${localstatedir}/run
	if [ -d ${D}${localstatedir}/run ]; then
		rmdir ${D}${localstatedir}/run
	fi

	rm -rf ${D}${localstatedir}/log
}

FILES:${PN} += "${systemd_system_unitdir}"