commit: cef734e130eb7d9e83750ccf89c69c533b195747 Author: Ilya Tumaykin <itumaykin <AT> gmail <DOT> com> AuthorDate: Tue May 23 17:14:42 2017 +0000 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> CommitDate: Sat May 27 20:59:28 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cef734e1
app-forensics/aide: verbump to 0.16 Notable ebuild changes: - fix deps; - fix broken static USE; - add e2fs USE to check file attributes on ext2/ext3/ext4; - drop broken and completely useless nls USE; - modernize ebuild, EAPI=6; - drop useless dodoc, dohtml, fowners, fperms calls; - stop repeating to users about example configuration; - cleanup patches and send them upstream. Package-Manager: Portage-2.3.6, Repoman-2.3.2 app-forensics/aide/Manifest | 1 + app-forensics/aide/aide-0.16.ebuild | 141 +++++++++++++++++++++ .../aide/files/aide-0.16-add-missing-include.patch | 24 ++++ .../files/aide-0.16-fix-LIBS-LDFLAGS-mixing.patch | 23 ++++ .../files/aide-0.16-fix-acl-configure-option.patch | 23 ++++ app-forensics/aide/metadata.xml | 3 +- 6 files changed, 214 insertions(+), 1 deletion(-) diff --git a/app-forensics/aide/Manifest b/app-forensics/aide/Manifest index 6c9b019e22c..ed8aa2cff1c 100644 --- a/app-forensics/aide/Manifest +++ b/app-forensics/aide/Manifest @@ -1,2 +1,3 @@ DIST aide-0.14.2.tar.gz 418098 SHA256 bf4cd417b0f4778b4f9a618d23e0b0b7db10349ba6a0129394dc82fbc2fa8b9b SHA512 4ef96078fde057a54dda467fb55711e30d947969873715a02052362c57112f5bfd3155460ef353f70ce69fea3a3c491b7925bebbdb7034dbf618c63c360347df WHIRLPOOL fa91e4493bcac4cf11a8fedfd5e3c490752936f9ea04871d812b831f33089b694892e32ed19cef273926d3a8c091fb15a7b98a5e5303f08609f164773475d142 DIST aide-0.15.1.tar.gz 424970 SHA256 303e5c186257df8c86e418193199f4ea2183fc37d3d4a9098a614f61346059ef SHA512 6afe327474858c697ba017b02bd40717c33874e69b801c171c2496ff9042b557e840bef4a151bda0e4d835ddb0d972b88790237a72f250525dc1fc6b8fa673e7 WHIRLPOOL 4c21221cfbaeff3aa00a3f22c4e31c1fffd3f00d112828540ab6ab94dd019086244de71e5d19d1120078acc7b81b9efa5a36d55937292f523bcb4e064830ba6a +DIST aide-0.16.tar.gz 391009 SHA256 a81c53a131c4fd130b169b3a26ac35386a2f6e1e014f12807524cc273ed97345 SHA512 29ad97756e3e2fb21dc332ed03b494a1c73e621266f8622ec80bdba23092a38ee975b97f3cff2330e4c16e64e2f672259eea9291ca706a4009e7399b4e14e6a7 WHIRLPOOL d9ecba06d8367ed2ef622ee6b3ccf6a0ed37bad52548063c5c153bd31b856ed8a3379e6057cc1d4aebd29473ded71e9190c8c17dbeaa65eec3365be1d43d5f46 diff --git a/app-forensics/aide/aide-0.16.ebuild b/app-forensics/aide/aide-0.16.ebuild new file mode 100644 index 00000000000..be5144222bd --- /dev/null +++ b/app-forensics/aide/aide-0.16.ebuild @@ -0,0 +1,141 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools readme.gentoo-r1 + +DESCRIPTION="AIDE (Advanced Intrusion Detection Environment) is a file integrity checker" +HOMEPAGE="http://aide.sourceforge.net/"; +SRC_URI="mirror://sourceforge/aide/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="acl audit curl e2fs mhash postgres prelink selinux static xattr zlib" + +COMMON_DEPEND=" + !mhash? ( + dev-libs/libgcrypt:0= + dev-libs/libgpg-error + ) + mhash? ( app-crypt/mhash ) + dev-libs/libpcre + acl? ( virtual/acl ) + audit? ( sys-process/audit ) + curl? ( net-misc/curl ) + e2fs? ( sys-fs/e2fsprogs ) + postgres? ( dev-db/postgresql:= ) + prelink? ( dev-libs/elfutils ) + selinux? ( sys-libs/libselinux ) + xattr? ( sys-apps/attr ) + zlib? ( sys-libs/zlib ) +" +RDEPEND=" + !static? ( ${COMMON_DEPEND} ) + prelink? ( sys-devel/prelink ) + selinux? ( sec-policy/selinux-aide ) +" +DEPEND="${COMMON_DEPEND} + sys-devel/bison + sys-devel/flex + virtual/pkgconfig + static? ( + !mhash? ( + dev-libs/libgcrypt:0[static-libs] + dev-libs/libgpg-error[static-libs] + ) + mhash? ( app-crypt/mhash[static-libs] ) + dev-libs/libpcre[static-libs] + acl? ( virtual/acl[static-libs] ) + e2fs? ( sys-fs/e2fsprogs[static-libs] ) + prelink? ( dev-libs/elfutils[static-libs] ) + selinux? ( sys-libs/libselinux[static-libs] ) + xattr? ( sys-apps/attr[static-libs] ) + zlib? ( sys-libs/zlib[static-libs] ) + ) +" + +REQUIRED_USE=" + postgres? ( !mhash ) + static? ( !audit !curl !postgres ) +" + +HTML_DOCS=( doc/manual.html ) + +DISABLE_AUTOFORMATTING=1 +DOC_CONTENTS=" +Example configuration file was installed at '${EPREFIX}/etc/aide/aide.conf'. +Please edit it to meet your needs. Refer to aide.conf(5) manual page +for more information. + +A helper script, aideinit, was installed and can be used to make AIDE +management easier. Please run 'aideinit --help' for more information. +" + +PATCHES=( + "${FILESDIR}/${P}-add-missing-include.patch" + "${FILESDIR}/${P}-fix-LIBS-LDFLAGS-mixing.patch" + "${FILESDIR}/${P}-fix-acl-configure-option.patch" +) + +src_prepare() { + default_src_prepare + sed -i -e 's| -Werror||g' configure.ac || die + eautoreconf +} + +src_configure() { + local myeconfargs=( + --sysconfdir="${EPREFIX}/etc/${PN}" + --with-confighmactype="sha512" # Override default weak MD5 hash. + --with-dbhmackey="sha512" # Override default weak MD5 hash. + # Disable broken l10n support: https://sourceforge.net/p/aide/bugs/98/ + # This doesn't affect anything because there are no localizations yet. + --without-locale + $(use_enable static) + $(use_with zlib) + $(use_with curl) + $(use_with acl posix-acl) + $(use_with selinux) + $(use_with prelink prelink "${EPREFIX}/usr/sbin/prelink") + $(use_with xattr) + $(use_with e2fs e2fsattrs) + $(use_with mhash mhash) + $(use_with !mhash gcrypt) + $(use_with postgres psql) + $(use_with audit) + ) + econf "${myeconfargs[@]}" +} + +src_install() { + default_src_install + readme.gentoo_create_doc + + insinto /etc/${PN} + doins "${FILESDIR}"/aide.conf + + dosbin "${FILESDIR}"/aideinit + dodoc "${FILESDIR}"/aide.cron + + keepdir /var/{lib,log}/${PN} +} + +pkg_postinst() { + readme.gentoo_print_elog + + if use postgres; then + elog + elog "Due to a bad assumption by aide, you must issue the following" + elog "command after the database initialization (aide --init ...):" + elog + elog 'psql -c "update pg_index set indisunique=false from pg_class \\ ' + elog " where pg_class.relname='TABLE_pkey' and \ " + elog ' pg_class.oid=pg_index.indexrelid" -h HOSTNAME -p PORT DBASE USER' + elog + elog "where TABLE, HOSTNAME, PORT, DBASE, and USER are the same as" + elog "in your aide.conf." + elog + fi +} diff --git a/app-forensics/aide/files/aide-0.16-add-missing-include.patch b/app-forensics/aide/files/aide-0.16-add-missing-include.patch new file mode 100644 index 00000000000..75f0403c968 --- /dev/null +++ b/app-forensics/aide/files/aide-0.16-add-missing-include.patch @@ -0,0 +1,24 @@ +commit 1cbb888d55388d6bb88141c946bd6993b3e9872f +Author: Ilya Tumaykin <[email protected]> +Date: Tue May 23 17:24:29 2017 +0300 + +db: add missing include + +url_fclose() function used in this file is defined in fopen.h. +See https://sourceforge.net/p/aide/bugs/99/ + +diff --git a/src/db.c b/src/db.c +index dd133d4..858240d 100644 +--- a/src/db.c ++++ b/src/db.c +@@ -28,6 +28,10 @@ + #include "db_disk.h" + #include "md.h" + ++#ifdef WITH_CURL ++#include "fopen.h" ++#endif ++ + #ifdef WITH_PSQL + #include "db_sql.h" + #endif diff --git a/app-forensics/aide/files/aide-0.16-fix-LIBS-LDFLAGS-mixing.patch b/app-forensics/aide/files/aide-0.16-fix-LIBS-LDFLAGS-mixing.patch new file mode 100644 index 00000000000..453abe5f1ea --- /dev/null +++ b/app-forensics/aide/files/aide-0.16-fix-LIBS-LDFLAGS-mixing.patch @@ -0,0 +1,23 @@ +commit 6da37687ba7cf259ac19cae2e1c16115b6848143 +Author: Ilya Tumaykin <[email protected]> +Date: Thu May 25 13:34:55 2017 +0300 + +build: fix incorrect LIBS/LDFLAGS mixing + +Otherwise build with LDFLAGS='-Wl,--as-needed' and curl support fails. +See https://bugs.gentoo.org/show_bug.cgi?id=271326 +and https://sourceforge.net/p/aide/bugs/96/ + +diff --git a/configure.ac b/configure.ac +index 3598ebe..0c5cb0c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -713,7 +713,7 @@ if test x$with_curl = xyes; then + AC_CHECK_HEADERS(curl/curl.h,, + [AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])]) + CFLAGS="$CFLAGS $CURL_CFLAGS" +- LDFLAGS="$LDFLAGS $CURL_LIBS" ++ LIBS="$LIBS $CURL_LIBS" + AC_CHECK_LIB(curl,curl_easy_init,havecurl=yes, + [AC_MSG_ERROR([You don't have curl properly installed. Install it or try --without-curl.])] + ) diff --git a/app-forensics/aide/files/aide-0.16-fix-acl-configure-option.patch b/app-forensics/aide/files/aide-0.16-fix-acl-configure-option.patch new file mode 100644 index 00000000000..a989e379039 --- /dev/null +++ b/app-forensics/aide/files/aide-0.16-fix-acl-configure-option.patch @@ -0,0 +1,23 @@ +commit 3d9746bccbb50809e4c3de90ab5145a17af39aeb +Author: Ilya Tumaykin <[email protected]> +Date: Thu May 25 14:38:02 2017 +0300 + +build: respect user choice for posix-acl configure option + +Otherwise acl support is enabled automagically, which is bad. +See https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Automagic_dependencies +and https://sourceforge.net/p/aide/bugs/97/ + +diff --git a/configure.ac b/configure.ac +index 3598ebe..c45bbee 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -450,7 +450,7 @@ AC_MSG_CHECKING(for posix-acl-support) + AC_ARG_WITH([posix-acl], + [AC_HELP_STRING([--with-posix-acl], + [use POSIX ACLs (no checking)])], +- [], ++ [with_posix_acl_support="$withval"], + [with_posix_acl_support=no] + ) + diff --git a/app-forensics/aide/metadata.xml b/app-forensics/aide/metadata.xml index cfb8d84da80..b39aaf5590b 100644 --- a/app-forensics/aide/metadata.xml +++ b/app-forensics/aide/metadata.xml @@ -6,7 +6,8 @@ <name>Gentoo Forensics Project</name> </maintainer> <use> - <flag name="prelink">Enable support for <pkg>sys-devel/prelink</pkg></flag> + <flag name="e2fs">Enable support for checking file attributes on ext2/ext3/ext4 filesystems</flag> + <flag name="prelink">Bypass prelinking when calculating checksums</flag> </use> <upstream> <remote-id type="sourceforge">aide</remote-id>
