diff options
Diffstat (limited to 'app-forensics/aide')
-rw-r--r-- | app-forensics/aide/aide-0.17.4-r3.ebuild | 104 | ||||
-rw-r--r-- | app-forensics/aide/files/aide-0.17.4-configure.patch | 131 |
2 files changed, 235 insertions, 0 deletions
diff --git a/app-forensics/aide/aide-0.17.4-r3.ebuild b/app-forensics/aide/aide-0.17.4-r3.ebuild new file mode 100644 index 000000000000..98e483d06975 --- /dev/null +++ b/app-forensics/aide/aide-0.17.4-r3.ebuild @@ -0,0 +1,104 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools readme.gentoo-r1 + +DESCRIPTION="AIDE (Advanced Intrusion Detection Environment) is a file integrity checker" +HOMEPAGE="https://aide.github.io/ https://github.com/aide/aide" +SRC_URI="https://github.com/aide/aide/releases/download/v${PV}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~x86" +IUSE="acl audit curl e2fs mhash selinux xattr zlib" + +DEPEND="dev-libs/libpcre + acl? ( virtual/acl ) + audit? ( sys-process/audit ) + curl? ( net-misc/curl ) + e2fs? ( sys-fs/e2fsprogs ) + !mhash? ( + dev-libs/libgcrypt:0= + dev-libs/libgpg-error + ) + mhash? ( app-crypt/mhash ) + selinux? ( sys-libs/libselinux ) + xattr? ( sys-apps/attr ) + zlib? ( sys-libs/zlib )" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-aide )" +BDEPEND="sys-devel/bison + sys-devel/flex + virtual/pkgconfig" + +DISABLE_AUTOFORMATTING=1 +DOC_CONTENTS=" +Example configuration file was installed at '${EPREFIX}/etc/aide/aide.conf'. +Please edit it to meet your needs. Refer to aide.conf(5) manual page +for more information. + +A helper script, aideinit, was installed and can be used to make AIDE +management easier. Please run 'aideinit --help' for more information." + +PATCHES=( + "${FILESDIR}"/${PN}-0.16-fix-acl-configure-option.patch + "${FILESDIR}"/${PN}-0.17.4-configure.patch +) + +src_prepare() { + default + + sed -i -e 's| -Werror||g' configure.ac || die + + # Only needed for snapshots. + if [[ ${PV} == *_p* ]] ; then + echo "m4_define([AIDE_VERSION], [${PV}])" > version.m4 || die + fi + + # Can be dropped once Bashism patch is gone + eautoreconf +} + +src_configure() { + local myeconfargs=( + --sysconfdir="${EPREFIX}"/etc/${PN} + + # Disable broken l10n support: https://sourceforge.net/p/aide/bugs/98/ + # This doesn't affect anything because there are no localizations yet. + --without-locale + + --without-prelink + $(use_with zlib) + $(use_with curl) + $(use_with acl posix-acl) + $(use_with selinux) + $(use_with xattr) + $(use_with e2fs e2fsattrs) + $(use_with mhash mhash) + $(use_with !mhash gcrypt) + $(use_with audit) + ) + + econf "${myeconfargs[@]}" +} + +src_install() { + default + + readme.gentoo_create_doc + + insinto /etc/${PN} + insopts -m0600 + newins "${FILESDIR}"/aide.conf-r2 aide.conf + + dosbin "${FILESDIR}"/aideinit + dodoc -r contrib/ "${FILESDIR}"/aide.cron-r2 + + keepdir /var/{lib,log}/${PN} +} + +pkg_postinst() { + readme.gentoo_print_elog +} diff --git a/app-forensics/aide/files/aide-0.17.4-configure.patch b/app-forensics/aide/files/aide-0.17.4-configure.patch new file mode 100644 index 000000000000..adf9925d9458 --- /dev/null +++ b/app-forensics/aide/files/aide-0.17.4-configure.patch @@ -0,0 +1,131 @@ +https://github.com/aide/aide/pull/145 +https://bugs.gentoo.org/881707 + +From 0a7f36406f3f21e4fcdc0c410ff626c352f2d080 Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Fri, 18 Nov 2022 00:04:10 +0000 +Subject: [PATCH 1/2] Fix bashisms in build system +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +configure scripts need to be runnable with a POSIX-compliant /bin/sh. + +On many (but not all!) systems, /bin/sh is provided by Bash, so errors +like this aren't spotted. Notably Debian defaults to /bin/sh provided +by dash which doesn't tolerate such bashisms as '=='. + +This retains compatibility with bash. + +Signed-off-by: Sam James <sam@gentoo.org> +--- a/configure.ac ++++ b/configure.ac +@@ -329,7 +329,7 @@ fi + AC_CHECK_HEADERS(syslog.h inttypes.h fcntl.h ctype.h) + + PCRELIB="-lpcre" +-if test "$aide_static_choice" == "yes"; then ++if test "$aide_static_choice" = "yes"; then + PCRELIB="$PCRELIB -pthread" + fi + AC_CHECK_LIB(pcre, pcre_exec, [ +@@ -426,14 +426,14 @@ AS_IF([test "x$with_selinux_support" != xno], + AC_DEFINE(WITH_SELINUX,1,[use SELinux]) + [AC_MSG_RESULT(yes) + if test "x$PKG_CONFIG" != xno && $PKG_CONFIG --exists libselinux; then +- if test "$aide_static_choice" == "yes"; then ++ if test "$aide_static_choice" = "yes"; then + SELINUXLIB=$(${PKG_CONFIG} --libs libselinux --static) + else + SELINUXLIB=$(${PKG_CONFIG} --libs libselinux) + fi + else + SELINUXLIB="-lselinux" +- if test "$aide_static_choice" == "yes"; then ++ if test "$aide_static_choice" = "yes"; then + saveLIBS=$LIBS + LIBS="-static $SELINUXLIB" + AC_SEARCH_LIBS([lgetfilecon_raw], [], [], [SELINUXLIB="$SELINUXLIB -lpthread"]) +@@ -555,7 +555,7 @@ AC_ARG_ENABLE([default_db], + [do not set default values for database_in and database_out config options]), + [enable_default_db=$enableval],[enable_default_db=yes]) + +-if test "$enable_default_db" == "yes"; then ++if test "$enable_default_db" = "yes"; then + + if test "x$sysconfdir" != x'${prefix}/etc'; then + evalled_sysconfdir=`eval echo "$sysconfdir"` +@@ -592,7 +592,7 @@ AC_ARG_WITH([curl], + [use curl library for http, https and ftp database backend (default: no)]), + [with_curl=$withval], [with_curl=no]) + AS_IF([test "x$with_curl" = "xyes"], [ +- if test "$aide_static_choice" == "yes"; then ++ if test "$aide_static_choice" = "yes"; then + PKG_CHECK_MODULES_STATIC(CURL, [libcurl], , [AC_MSG_RESULT([libcurl not found by pkg-config - Try --without-curl or add directory containing libcurl.pc to PKG_CONFIG_PATH environment variable])]) + else + PKG_CHECK_MODULES(CURL, [libcurl], , [AC_MSG_RESULT([libcurl not found by pkg-config - Try --without-curl or add directory containing libcurl.pc to PKG_CONFIG_PATH environment variable])]) +@@ -671,7 +671,7 @@ AS_IF([test "x$with_audit" != xno], + AC_MSG_ERROR(You don't have libaudit properly installed. Install it if you need it.) + ) + AUDITLIB="-laudit" +- if test "$aide_static_choice" == "yes"; then ++ if test "$aide_static_choice" = "yes"; then + saveLIBS=$LIBS + LIBS="-static $AUDITLIB" + AC_CHECK_LIB([audit], [audit_log_user_message], [], [ + +From 67ad6efc7596c9b3ffdeb411bae942d757e2d96f Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Fri, 18 Nov 2022 00:04:53 +0000 +Subject: [PATCH 2/2] Fix configure.ac compatibility with Clang 16 + +Clang 16 makes -Wimplicit-function-declaration and -Wimplicit-int errors by default. + +Unfortunately, this can lead to misconfiguration or miscompilation of software as configure +tests may then return the wrong result. + +We also fix -Wstrict-prototypes while here as it's easy to do and it prepares +us for C23. + +For more information, see LWN.net [0] or LLVM's Discourse [1], the Gentoo wiki [2], +or the (new) c-std-porting mailing list [3]. + +[0] https://lwn.net/Articles/913505/ +[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213 +[2] https://wiki.gentoo.org/wiki/Modern_C_porting +[3] hosted at lists.linux.dev. + +Signed-off-by: Sam James <sam@gentoo.org> +--- a/configure.ac ++++ b/configure.ac +@@ -295,8 +295,11 @@ AC_CHECK_FUNCS(fcntl ftruncate posix_fadvise asprintf snprintf \ + AC_CACHE_CHECK([for open/O_NOATIME], db_cv_open_o_noatime, [ + echo "test for working open/O_NOATIME" > __o_noatime_file + AC_TRY_RUN([ +-#include <sys/types.h> + #include <fcntl.h> ++#include <stdlib.h> ++#include <sys/types.h> ++#include <sys/stat.h> ++#include <unistd.h> + #ifndef O_NOATIME + #if defined(__linux__) && (defined(__i386__) || defined(__PPC__)) + #define O_NOATIME 01000000 +@@ -304,13 +307,14 @@ AC_TRY_RUN([ + #define O_NOATIME 0 + #endif + #endif +-main() { ++int main(void) { + int c, fd = open("__o_noatime_file", O_RDONLY | O_NOATIME, 0); + exit ((!O_NOATIME) || (fd == -1) || (read(fd, &c, 1) != 1)); + }], [db_cv_open_o_noatime=yes], [db_cv_open_o_noatime=no], + AC_TRY_LINK([ +-#include <sys/types.h> + #include <fcntl.h> ++#include <sys/types.h ++#include <sys/stat.h> + #ifndef O_NOATIME + #if defined(__linux__) && (defined(__i386__) || defined(__PPC__)) + #define O_NOATIME 01000000 + |