Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 1 | DESCRIPTION = "Provides file integrity checking and log file monitoring/analysis" |
| 2 | HOMEPAGE = "http://www.la-samhna.de/samhain/" |
| 3 | LICENSE = "GPLv2" |
| 4 | LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b" |
| 5 | |
Brad Bishop | 26bdd44 | 2019-08-16 17:08:17 -0400 | [diff] [blame^] | 6 | PV = "4.3.3" |
Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 7 | |
| 8 | SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \ |
Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 9 | file://samhain-mips64-aarch64-dnmalloc-hash-fix.patch \ |
| 10 | file://samhain-samhainrc.patch \ |
| 11 | file://samhain-samhainrc-fix-files-dirs-path.patch \ |
| 12 | file://samhain-pid-path.patch \ |
| 13 | file://samhain-sha256-big-endian.patch \ |
| 14 | file://samhain-configure-add-option-for-ps.patch \ |
| 15 | file://samhain-avoid-searching-host-for-postgresql.patch \ |
| 16 | file://samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch \ |
| 17 | file://${INITSCRIPT_NAME}.init \ |
| 18 | file://${INITSCRIPT_NAME}.default \ |
| 19 | file://samhain.service \ |
| 20 | " |
| 21 | |
Brad Bishop | 26bdd44 | 2019-08-16 17:08:17 -0400 | [diff] [blame^] | 22 | SRC_URI[md5sum] = "7be46ae7d03f53ba21afafd41cff8926" |
| 23 | SRC_URI[sha256sum] = "33ad4bc3dad4699694553bd9635a6b5827939f965d1f0f05fce0b4e9cdadf21b" |
Brad Bishop | 1932369 | 2019-04-05 15:28:33 -0400 | [diff] [blame] | 24 | |
| 25 | UPSTREAM_CHECK_URI = "https://www.la-samhna.de/samhain/archive.html" |
| 26 | UPSTREAM_CHECK_REGEX = "samhain_signed-(?P<pver>(\d+(\.\d+)+))\.tar" |
| 27 | |
| 28 | S = "${WORKDIR}/samhain-${PV}" |
| 29 | |
| 30 | inherit autotools-brokensep update-rc.d pkgconfig systemd |
| 31 | |
| 32 | SAMHAIN_PORT ??= "49777" |
| 33 | SAMHAIN_SERVER ??= "NULL" |
| 34 | |
| 35 | INITSCRIPT_NAME = "${BPN}" |
| 36 | INITSCRIPT_PARAMS ?= "defaults" |
| 37 | |
| 38 | SYSTEMD_PACKAGES = "${PN}" |
| 39 | SYSTEMD_SERVICE_${PN} = "${INITSCRIPT_NAME}.service" |
| 40 | SYSTEMD_AUTO_ENABLE = "disable" |
| 41 | |
| 42 | # mode mapping: |
| 43 | # BPN MODE_NAME SAMHAIN_MODE |
| 44 | # samhain-standalone standalone no |
| 45 | # samhain-client client client |
| 46 | # samhain-server server server |
| 47 | MODE_NAME = "${@d.getVar('BPN').split('-')[1]}" |
| 48 | SAMHAIN_MODE = "${@oe.utils.ifelse(d.getVar('MODE_NAME') == 'standalone', 'no', '${MODE_NAME}')}" |
| 49 | |
| 50 | # supports mysql|postgresql|oracle|odbc but postgresql is the only one available |
| 51 | |
| 52 | PACKAGECONFIG ??= "postgresql ps \ |
| 53 | ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \ |
| 54 | ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)} \ |
| 55 | ${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)} \ |
| 56 | " |
| 57 | |
| 58 | PACKAGECONFIG[postgresql] = "--with-database=postgresql --enable-xml-log PGSQL_INC_DIR=${STAGING_INCDIR} PGSQL_LIB_DIR=${STAGING_LIBDIR}, , postgresql" |
| 59 | PACKAGECONFIG[suidcheck] = "--enable-suidcheck, , " |
| 60 | PACKAGECONFIG[logwatch] = "--enable-login-watch, , " |
| 61 | PACKAGECONFIG[mounts] = "--enable-mounts-check, , " |
| 62 | PACKAGECONFIG[userfiles] = "--enable-userfiles, , " |
| 63 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," |
| 64 | PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux attr" |
| 65 | PACKAGECONFIG[acl] = " --enable-posix-acl , --disable-posix-acl, acl" |
| 66 | PACKAGECONFIG[audit] = "ac_cv_header_auparse_h=yes,ac_cv_header_auparse_h=no,audit" |
| 67 | PACKAGECONFIG[ps] = "--with-ps-path=${base_bindir}/ps,,,procps" |
| 68 | |
| 69 | do_unpack_samhain() { |
| 70 | cd ${WORKDIR} |
| 71 | tar -xzvf samhain-${PV}.tar.gz |
| 72 | } |
| 73 | |
| 74 | python do_unpack_append() { |
| 75 | bb.build.exec_func('do_unpack_samhain', d) |
| 76 | } |
| 77 | |
| 78 | do_configure_prepend_arm() { |
| 79 | export sh_cv___va_copy=yes |
| 80 | } |
| 81 | |
| 82 | do_configure_prepend_aarch64() { |
| 83 | export sh_cv___va_copy=yes |
| 84 | } |
| 85 | |
| 86 | # If we use oe_runconf in do_configure() it will by default |
| 87 | # use the prefix --oldincludedir=/usr/include which is not |
| 88 | # recognized by Samhain's configure script and would invariably |
| 89 | # throw back the error "unrecognized option: --oldincludedir=/usr/include" |
| 90 | do_configure_prepend () { |
| 91 | cat << EOF > ${S}/config-site.${BP} |
| 92 | ssp_cv_lib=no |
| 93 | sh_cv_va_copy=yes |
| 94 | EOF |
| 95 | export CONFIG_SITE=${S}/config-site.${BP} |
| 96 | } |
| 97 | |
| 98 | do_configure () { |
| 99 | autoconf -f |
| 100 | ./configure \ |
| 101 | --build=${BUILD_SYS} \ |
| 102 | --host=${HOST_SYS} \ |
| 103 | --target=${TARGET_SYS} \ |
| 104 | --prefix=${prefix} \ |
| 105 | --exec_prefix=${exec_prefix} \ |
| 106 | --bindir=${bindir} \ |
| 107 | --sbindir=${sbindir} \ |
| 108 | --libexecdir=${libexecdir} \ |
| 109 | --datadir=${datadir} \ |
| 110 | --sysconfdir=${sysconfdir} \ |
| 111 | --sharedstatedir=${sharedstatedir} \ |
| 112 | --localstatedir=${localstatedir} \ |
| 113 | --libdir=${libdir} \ |
| 114 | --includedir=${includedir} \ |
| 115 | --infodir=${infodir} \ |
| 116 | --mandir=${mandir} \ |
| 117 | --enable-network=${SAMHAIN_MODE} \ |
| 118 | --with-pid-file=${localstatedir}/run/samhain.pid \ |
| 119 | --with-data-file=${localstatedir}/lib/samhain/samhain_file \ |
| 120 | --disable-dnmalloc \ |
| 121 | ${EXTRA_OECONF} |
| 122 | } |
| 123 | |
| 124 | do_compile_prepend_libc-musl () { |
| 125 | sed -i 's/^#define HAVE_MALLOC_H.*//' ${B}/config.h |
| 126 | } |
| 127 | |
| 128 | # Install the init script, it's default file, and the extraneous |
| 129 | # documentation. |
| 130 | do_install_append () { |
| 131 | oe_runmake install DESTDIR='${D}' INSTALL=install-boot |
| 132 | |
| 133 | install -D -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.init \ |
| 134 | ${D}${sysconfdir}/init.d/${INITSCRIPT_NAME} |
| 135 | |
| 136 | install -D -m 755 ${WORKDIR}/${INITSCRIPT_NAME}.default \ |
| 137 | ${D}${sysconfdir}/default/${INITSCRIPT_NAME} |
| 138 | |
| 139 | if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then |
| 140 | if [ "${SAMHAIN_MODE}" = "no" ]; then |
| 141 | install -D -m 0644 ${WORKDIR}/samhain.service ${D}/${systemd_system_unitdir}/samhain.service |
| 142 | else |
| 143 | install -D -m 0644 ${WORKDIR}/samhain.service ${D}/${systemd_system_unitdir}/${BPN}.service |
| 144 | fi |
| 145 | install -D -m 0755 ${WORKDIR}/${BPN}.init ${D}/${libexecdir}/${BPN} |
| 146 | sed -i -e 's,@LIBDIR@,${libexecdir},' \ |
| 147 | -e 's,@SAMHAIN_HELPER@,${BPN},' \ |
| 148 | -e 's,@MODE_NAME@,${MODE_NAME},' \ |
| 149 | ${D}${systemd_system_unitdir}/samhain*.service |
| 150 | fi |
| 151 | |
| 152 | install -d ${D}${docdir}/${BPN} |
| 153 | cp -r docs/* ${D}${docdir}/${BPN} |
| 154 | cp -r scripts ${D}${docdir}/${BPN} |
| 155 | install -d -m 755 ${D}${localstatedir}/samhain |
| 156 | |
| 157 | # Prevent QA warnings about installed ${localstatedir}/run |
| 158 | if [ -d ${D}${localstatedir}/run ]; then |
| 159 | rmdir ${D}${localstatedir}/run |
| 160 | fi |
| 161 | } |
| 162 | |
| 163 | FILES_${PN} += "${systemd_system_unitdir}" |