1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
|
DESCRIPTION = "Provides file integrity checking and log file monitoring/analysis"
HOMEPAGE = "http://www.la-samhna.de/samhain/"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b"
PV = "4.3.3"
SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
file://samhain-mips64-aarch64-dnmalloc-hash-fix.patch \
file://samhain-samhainrc.patch \
file://samhain-samhainrc-fix-files-dirs-path.patch \
file://samhain-pid-path.patch \
file://samhain-sha256-big-endian.patch \
file://samhain-configure-add-option-for-ps.patch \
file://samhain-avoid-searching-host-for-postgresql.patch \
file://samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch \
file://${INITSCRIPT_NAME}.init \
file://${INITSCRIPT_NAME}.default \
file://samhain.service \
"
SRC_URI[md5sum] = "7be46ae7d03f53ba21afafd41cff8926"
SRC_URI[sha256sum] = "33ad4bc3dad4699694553bd9635a6b5827939f965d1f0f05fce0b4e9cdadf21b"
UPSTREAM_CHECK_URI = "https://www.la-samhna.de/samhain/archive.html"
UPSTREAM_CHECK_REGEX = "samhain_signed-(?P<pver>(\d+(\.\d+)+))\.tar"
S = "${WORKDIR}/samhain-${PV}"
inherit autotools-brokensep update-rc.d pkgconfig systemd
SAMHAIN_PORT ??= "49777"
SAMHAIN_SERVER ??= "NULL"
INITSCRIPT_NAME = "${BPN}"
INITSCRIPT_PARAMS ?= "defaults"
SYSTEMD_PACKAGES = "${PN}"
SYSTEMD_SERVICE_${PN} = "${INITSCRIPT_NAME}.service"
SYSTEMD_AUTO_ENABLE = "disable"
# mode mapping:
# BPN MODE_NAME SAMHAIN_MODE
# samhain-standalone standalone no
# samhain-client client client
# samhain-server server server
MODE_NAME = "${@d.getVar('BPN').split('-')[1]}"
SAMHAIN_MODE = "${@oe.utils.ifelse(d.getVar('MODE_NAME') == 'standalone', 'no', '${MODE_NAME}')}"
# supports mysql|postgresql|oracle|odbc but postgresql is the only one available
PACKAGECONFIG ??= "postgresql ps \
${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)} \
"
PACKAGECONFIG[postgresql] = "--with-database=postgresql --enable-xml-log PGSQL_INC_DIR=${STAGING_INCDIR} PGSQL_LIB_DIR=${STAGING_LIBDIR}, , postgresql"
PACKAGECONFIG[suidcheck] = "--enable-suidcheck, , "
PACKAGECONFIG[logwatch] = "--enable-login-watch, , "
PACKAGECONFIG[mounts] = "--enable-mounts-check, , "
PACKAGECONFIG[userfiles] = "--enable-userfiles, , "
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux attr"
PACKAGECONFIG[acl] = " --enable-posix-acl , --disable-posix-acl, acl"
PACKAGECONFIG[audit] = "ac_cv_header_auparse_h=yes,ac_cv_header_auparse_h=no,audit"
PACKAGECONFIG[ps] = "--with-ps-path=${base_bindir}/ps,,,procps"
do_unpack_samhain() {
cd ${WORKDIR}
tar -xzvf samhain-${PV}.tar.gz
}
python do_unpack_append() {
bb.build.exec_func('do_unpack_samhain', d)
}
do_configure_prepend_arm() {
export sh_cv___va_copy=yes
}
do_configure_prepend_aarch64() {
export sh_cv___va_copy=yes
}
# If we use oe_runconf in do_configure() it will by default
# use the prefix --oldincludedir=/usr/include which is not
# recognized by Samhain's configure script and would invariably
# throw back the error "unrecognized option: --oldincludedir=/usr/include"
do_configure_prepend () {
cat << EOF > ${S}/config-site.${BP}
ssp_cv_lib=no
sh_cv_va_copy=yes
EOF
export CONFIG_SITE=${S}/config-site.${BP}
}
do_configure () {
autoconf -f
./configure \
--build=${BUILD_SYS} \
--host=${HOST_SYS} \
--target=${TARGET_SYS} \
--prefix=${prefix} \
--exec_prefix=${exec_prefix} \
--bindir=${bindir} \
--sbindir=${sbindir} \
--libexecdir=${libexecdir} \
--datadir=${datadir} \
--sysconfdir=${sysconfdir} \
--sharedstatedir=${sharedstatedir} \
--localstatedir=${localstatedir} \
--libdir=${libdir} \
--includedir=${includedir} \
--infodir=${infodir} \
--mandir=${mandir} \
--enable-network=${SAMHAIN_MODE} \
--with-pid-file=${localstatedir}/run/samhain.pid \
--with-data-file=${localstatedir}/lib/samhain/samhain_file \
--disable-dnmalloc \
${EXTRA_OECONF}
}
do_compile_prepend_libc-musl () {
sed -i 's/^#define HAVE_MALLOC_H.*//' ${B}/config.h
}
# Install the init script, it's default file, and the extraneous
# documentation.
do_install_append () {
oe_runmake install DESTDIR='${D}' INSTALL=install-boot
install -D -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.init \
${D}${sysconfdir}/init.d/${INITSCRIPT_NAME}
install -D -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.default \
${D}${sysconfdir}/default/${INITSCRIPT_NAME}
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
if [ "${SAMHAIN_MODE}" = "no" ]; then
install -D -m 0644 ${WORKDIR}/samhain.service ${D}/${systemd_system_unitdir}/samhain.service
else
install -D -m 0644 ${WORKDIR}/samhain.service ${D}/${systemd_system_unitdir}/${BPN}.service
fi
install -D -m 0755 ${WORKDIR}/${BPN}.init ${D}/${libexecdir}/${BPN}
sed -i -e 's,@LIBDIR@,${libexecdir},' \
-e 's,@SAMHAIN_HELPER@,${BPN},' \
-e 's,@MODE_NAME@,${MODE_NAME},' \
${D}${systemd_system_unitdir}/samhain*.service
fi
install -d ${D}${docdir}/${BPN}
cp -r docs/* ${D}${docdir}/${BPN}
cp -r scripts ${D}${docdir}/${BPN}
install -d -m 755 ${D}${localstatedir}/samhain
# Prevent QA warnings about installed ${localstatedir}/run
if [ -d ${D}${localstatedir}/run ]; then
rmdir ${D}${localstatedir}/run
fi
}
FILES_${PN} += "${systemd_system_unitdir}"
|