From e38ed3ab5ff1b9d05821001902087bbbe5c539698950a0e90f8aa17420a0933b Mon Sep 17 00:00:00 2001
From: Tony Jones <tonyj@suse.com>
Date: Fri, 28 Jun 2013 08:51:36 +0000
Subject: [PATCH] Accepting request 181246 from
 home:jones_tony:branches:security

OBS-URL: https://build.opensuse.org/request/show/181246
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=52
---
 audit-fix-implicit-defn.patch |  16 ++++
 audit-no_m4_dir.patch         |   4 +-
 audit-secondary.changes       |   8 ++
 audit-secondary.spec          | 161 +++++++++++++++++++++++++++++-----
 audit.changes                 |   6 ++
 audit.spec                    | 141 ++++++-----------------------
 6 files changed, 195 insertions(+), 141 deletions(-)
 create mode 100644 audit-fix-implicit-defn.patch

diff --git a/audit-fix-implicit-defn.patch b/audit-fix-implicit-defn.patch
new file mode 100644
index 0000000..e6dbb6d
--- /dev/null
+++ b/audit-fix-implicit-defn.patch
@@ -0,0 +1,16 @@
+From: Tony Jones <tonyj@suse.de>
+Subject: fix implicit definition warnings
+Upstream: pending
+
+Fixes "W: audit-secondary implicit-pointer-decl auvirt.c:984"
+
+--- a/tools/auvirt/auvirt.c
++++ b/tools/auvirt/auvirt.c
+@@ -25,6 +25,7 @@
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <errno.h>
++#include <ctype.h>
+ #include <locale.h>
+ #include <string.h>
+ #include <regex.h>
diff --git a/audit-no_m4_dir.patch b/audit-no_m4_dir.patch
index 2d5250a..bb2e5ce 100644
--- a/audit-no_m4_dir.patch
+++ b/audit-no_m4_dir.patch
@@ -3,8 +3,8 @@ Subject: Remove AC_CONFIG_MACRO_DIR([m4]) from configure.ac
 
 audit cannnot build with automake-1.13.1 when looking for a m4 directory
 
---- configure.ac.orig	2013-04-26 13:09:46.019388414 +0200
-+++ configure.ac	2013-04-26 13:10:54.607385058 +0200
+--- a/configure.ac	2013-04-26 13:09:46.019388414 +0200
++++ b/configure.ac	2013-04-26 13:10:54.607385058 +0200
 @@ -35,7 +35,6 @@
  
  echo Configuring auditd $VERSION
diff --git a/audit-secondary.changes b/audit-secondary.changes
index 5302325..02105bd 100644
--- a/audit-secondary.changes
+++ b/audit-secondary.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Jun 27 15:17:16 UTC 2013 - tonyj@suse.com
+
+- Eliminate build cycles. audit.spec now builds only libs/devel.
+  Remainder (including daemon) built from audit-secondary.spec
+- Add patch 'audit-fix-implicit-defn.patch' to fix implicit definition
+  warning.
+
 -------------------------------------------------------------------
 Mon Mar 25 17:27:47 UTC 2013 - crrodriguez@opensuse.org
 
diff --git a/audit-secondary.spec b/audit-secondary.spec
index 6adb510..1163a0c 100644
--- a/audit-secondary.spec
+++ b/audit-secondary.spec
@@ -16,7 +16,10 @@
 #
 
 
-%define		_name audit
+# This package contains all audit functionality except for audit-libs. 
+# The seperation is required to minimize unnecessary build cycles.
+
+%define 	_name audit
 
 Name:           audit-secondary
 BuildRequires:  gcc-c++
@@ -24,25 +27,42 @@ BuildRequires:  openldap2-devel
 BuildRequires:  pkg-config
 BuildRequires:  python-devel
 BuildRequires:  swig
-Summary:        Python Bindings for libaudit
+Summary:        Secondary packages for audit
 License:        GPL-2.0+
 Group:          System/Monitoring
 Version:        2.2.3
 Release:        0
 Url:            http://people.redhat.com/sgrubb/audit/
 Source0:        http://people.redhat.com/sgrubb/audit/%{_name}-%{version}.tar.gz
+Source2:        auditd.sysconfig
 Patch1:         audit-plugins-path.patch
-Requires:       audit = %{version}
+Patch2:         audit-no-gss.patch
+Patch3:         audit-no_m4_dir.patch
+Patch4:         audit-fix-implicit-defn.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         %insserv_prereq %fillup_prereq
 BuildRequires:  audit-devel = %{version}
 BuildRequires:  autoconf >= 2.12
+BuildRequires:  gcc-c++
+BuildRequires:  kernel-headers >= 2.6.30
 BuildRequires:  libtool
+BuildRequires:  systemd-rpm-macros
+BuildRequires:  tcpd-devel
 BuildRequires:  pkgconfig(libcap-ng)
 
 %description
-The audit-libs-python package contains the bindings for using libaudit
-by python.
+Secondary packages for system auditing.
+
+%package -n audit
+Summary:        User Space Tools for 2.6 Kernel Auditing
+License:        LGPL-2.1+
+Group:          System/Monitoring
+Requires:       %{_name}-libs = %{version}
+
+%description -n audit
+The audit package contains the user space utilities for storing and
+processing the audit records generated by the audit subsystem in the
+Linux 2.6 kernel.
 
 %package -n audit-libs-python
 Summary:        Python Bindings for libaudit
@@ -71,25 +91,43 @@ rm -rf audisp/plugins/zos-remote/policy
 rm -rf audisp/plugins/prelude
 %setup -q -n %{_name}-%{version}
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
 
 %build
 autoreconf -fi
 export CFLAGS="%{optflags} -fno-strict-aliasing"
 export CXXFLAGS="$CFLAGS"
-%configure --sbindir=/sbin \
-           --libdir=/%{_lib} --libexecdir=%{_prefix}/lib/%{name} \
-           --with-apparmor \
+export LDFLAGS="-Wl,-z,relro,-z,now"
+# no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch
+%configure --sbindir=/sbin --enable-systemd \
+           --libexecdir=%{_prefix}/lib/%{_name} \
+           --with-apparmor --with-libwrap --with-libcap-ng=yes \
 	   --disable-static --with-pic
 %{__make} %{?_smp_mflags}
 
 %install
-mkdir -p $RPM_BUILD_ROOT/usr/sbin 
-mkdir -p $RPM_BUILD_ROOT/_tmp
+mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,audispd/plugins.d,init.d}}
+mkdir -p $RPM_BUILD_ROOT/usr/sbin
 mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8}
-make DESTDIR=$RPM_BUILD_ROOT install -C swig
-make DESTDIR=$RPM_BUILD_ROOT install -C bindings
-make DESTDIR=$RPM_BUILD_ROOT install -C audisp/plugins
-make DESTDIR=$RPM_BUILD_ROOT/_tmp install -C docs
+make DESTDIR=$RPM_BUILD_ROOT install
+
+mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
+cp %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.auditd
+mkdir -p $RPM_BUILD_ROOT/var/log/audit/
+touch $RPM_BUILD_ROOT/var/log/audit/audit.log
+mkdir -p $RPM_BUILD_ROOT/var/spool/audit/
+# For ghost below, so that old location files will still be there when
+# post copy runs
+touch $RPM_BUILD_ROOT/etc/{auditd.conf,audit.rules}
+# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
+touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
+
+# delete redhat scripts, use ours
+rm -rf $RPM_BUILD_ROOT/etc/sysconfig/auditd
+rm -rf $RPM_BUILD_ROOT/etc/init.d/auditd
+rm -rf $RPM_BUILD_ROOT/etc/rc.d/init.d
 # Clean up some unneeded library files
 rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.a
 rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_audit.la
@@ -98,20 +136,97 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/_auparse.la
 rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/auparse.a
 rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/auparse.la
 rm -f $RPM_BUILD_ROOT/%{_libdir}/python%{py_ver}/site-packages/auparse-1.0-py%{py_ver}.egg-info
+# cleanup files handled by audit.spec
+rm -rf $RPM_BUILD_ROOT/%{_includedir}
+rm -f $RPM_BUILD_ROOT/%{_libdir}/lib{audit,auparse}.*
+rm -f $RPM_BUILD_ROOT/etc/libaudit.conf 
+rm -f $RPM_BUILD_ROOT/%{_mandir}/man5/libaudit.conf.5
+rm -rf $RPM_BUILD_ROOT/%{_mandir}/man3
 # Cleanup plugins
 # audispd-zos-remote uses ldap which is in /usr/lib so move to /usr/sbin
 # audisp-remote shouldn't be in /sbin either, it's not 'essential'
 mv $RPM_BUILD_ROOT/sbin/{audispd-zos-remote,audisp-remote} $RPM_BUILD_ROOT/usr/sbin
-# af_unix/syslog (builtin) is packaged by main spec file
-rm -f $RPM_BUILD_ROOT/etc/audisp/plugins.d/{af_unix,syslog}.conf
-# Just need selecteed man pages
-mv $RPM_BUILD_ROOT/_tmp/%{_mandir}/man8/audispd-zos-remote.8 $RPM_BUILD_ROOT/%{_mandir}/man8
-mv $RPM_BUILD_ROOT/_tmp/%{_mandir}/man5/zos-remote.conf.5 $RPM_BUILD_ROOT/%{_mandir}/man5
-rm -rf $RPM_BUILD_ROOT/_tmp
+#USR-MERGE
+for prog in auditctl auditd ausearch autrace audispd aureport; do
+  [ \! -f %{buildroot}/sbin/$prog ] || mv %{buildroot}/sbin/$prog %{buildroot}/usr/sbin/$prog
+  ln -s %{_prefix}/sbin/$prog %{buildroot}/sbin/$prog
+done
+#END-USR-MERGE
 
 %check
 make check
 
+%post -n audit
+%{fillup_only -n auditd}
+# Save existing audit files if any (from old location)
+if [ -f /etc/auditd.conf ]; then
+   mv /etc/audit/auditd.conf /etc/audit/auditd.conf.new
+   mv /etc/auditd.conf /etc/audit/auditd.conf
+fi
+if [ -f /etc/audit.rules ]; then
+   mv /etc/audit/audit.rules /etc/audit/audit.rules.new
+   mv /etc/audit.rules /etc/audit/audit.rules
+fi
+%service_add_post auditd.service
+
+%pre -n audit
+%service_add_pre auditd.service
+
+%preun -n audit
+%service_del_preun auditd.service
+
+%postun -n audit
+%service_del_postun auditd.service
+
+%files -n audit
+%defattr(-,root,root,-)
+%doc  README COPYING ChangeLog contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/stig.rules init.d/auditd.cron
+%attr(644,root,root) %{_mandir}/man8/audispd.8.gz
+%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
+%attr(644,root,root) %{_mandir}/man8/auditd.8.gz
+%attr(644,root,root) %{_mandir}/man8/aureport.8.gz
+%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz
+%attr(644,root,root) %{_mandir}/man8/autrace.8.gz
+%attr(644,root,root) %{_mandir}/man8/aulast.8.gz
+%attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz
+%attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz
+%attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz
+%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
+%attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz
+%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
+%attr(644,root,root) %{_mandir}/man8/auvirt.8.gz
+%attr(750,root,root) /sbin/auditctl
+%attr(750,root,root) /usr/sbin/auditctl
+%attr(750,root,root) /sbin/auditd
+%attr(750,root,root) /usr/sbin/auditd
+%attr(755,root,root) /sbin/ausearch
+%attr(755,root,root) /usr/sbin/ausearch
+%attr(750,root,root) /sbin/autrace
+%attr(750,root,root) /usr/sbin/autrace
+%attr(750,root,root) /sbin/audispd
+%attr(750,root,root) /usr/sbin/audispd
+%attr(755,root,root) /usr/bin/aulast
+%attr(755,root,root) /usr/bin/aulastlog
+%attr(755,root,root) /usr/bin/ausyscall
+%attr(755,root,root) /sbin/aureport
+%attr(755,root,root) /usr/sbin/aureport
+%attr(755,root,root) /usr/bin/auvirt
+%dir %attr(750,root,root) /etc/audit
+%attr(750,root,root) %dir /etc/audisp
+%attr(750,root,root) %dir /etc/audisp/plugins.d
+%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
+%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/syslog.conf
+%ghost /etc/auditd.conf
+%ghost /etc/audit.rules
+%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
+%config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
+%config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf
+/var/adm/fillup-templates/sysconfig.auditd
+%dir %attr(700,root,root) /var/log/audit
+%ghost %config(noreplace) /var/log/audit/audit.log
+%dir %attr(700,root,root) /var/spool/audit
+%{_unitdir}/auditd.service
+
 %files -n audit-libs-python
 %defattr(-,root,root,-)
 %attr(755,root,root) %{_libdir}/python%{py_ver}/site-packages/_audit.so
@@ -122,15 +237,15 @@ make check
 %defattr(-,root,root,-)
 %attr(644,root,root) %{_mandir}/man8/audispd-zos-remote.8.gz
 %attr(644,root,root) %{_mandir}/man5/zos-remote.conf.5.gz
+%attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz
+%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
 %attr(750,root,root) %dir /etc/audisp
 %attr(750,root,root) %dir /etc/audisp/plugins.d
 %config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/audispd-zos-remote.conf
 %config(noreplace) %attr(640,root,root) /etc/audisp/zos-remote.conf
+%attr(750,root,root) /usr/sbin/audisp-remote
 %attr(750,root,root) /usr/sbin/audispd-zos-remote
 %config(noreplace) %attr(640,root,root) /etc/audisp/audisp-remote.conf
 %config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/au-remote.conf
-%attr(750,root,root) /usr/sbin/audisp-remote
-%attr(644,root,root) %{_mandir}/man5/audisp-remote.conf.5.gz
-%attr(644,root,root) %{_mandir}/man8/audisp-remote.8.gz
 
 %changelog
diff --git a/audit.changes b/audit.changes
index 9125f69..46de5ea 100644
--- a/audit.changes
+++ b/audit.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Jun 27 15:15:07 UTC 2013 - tonyj@suse.com
+
+- Eliminate build cycles. audit.spec now builds only libs/devel.
+  Remainder (including daemon) built from audit-secondary.spec
+
 -------------------------------------------------------------------
 Fri Apr 26 11:14:39 UTC 2013 - mmeister@suse.com
 
diff --git a/audit.spec b/audit.spec
index 583af0a..6d335ba 100644
--- a/audit.spec
+++ b/audit.spec
@@ -16,8 +16,10 @@
 #
 
 
+#!BuildIgnore: util-linux
+
 Name:           audit
-Summary:        User Space Tools for 2.6 Kernel Auditing
+Summary:        First part of auditing package
 License:        GPL-2.0+
 Group:          System/Monitoring
 Version:        2.2.3
@@ -27,9 +29,7 @@ Source0:        http://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
 Source2:        auditd.sysconfig
 Source3:        baselibs.conf
 Source4:        README-BEFORE-ADDING-PATCHES
-Patch2:         audit-no_plugins.patch
-Patch3:         audit-no-gss.patch
-Patch4:         audit-no_m4_dir.patch
+Patch1:         audit-no_m4_dir.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  autoconf >= 2.12
 BuildRequires:  gcc-c++
@@ -37,7 +37,6 @@ BuildRequires:  kernel-headers >= 2.6.30
 BuildRequires:  libtool
 BuildRequires:  tcpd-devel
 BuildRequires:  pkgconfig(libcap-ng)
-BuildRequires:  pkgconfig(systemd)
 Requires:       %{name}-libs = %{version}
 PreReq:         %insserv_prereq %fillup_prereq
 
@@ -66,23 +65,21 @@ Group:          System/Monitoring
 The libauparse package contains the dynamic libraries needed to 
 parse audit records.
 
-%package devel
+%package -n audit-devel
 Summary:        Header files and static library for libaudit
 License:        LGPL-2.1+
 Group:          Development/Libraries/C and C++
 Requires:       libaudit1 = %{version}
 Requires:       libauparse0 = %{version}
 
-%description devel
+%description -n audit-devel
 The audit-devel package contains the static libraries and header files
 needed for developing applications that need to use the audit framework
 libraries.
 
 %prep
-%setup -q
-%patch2 -p1
-%patch3 -p1
-%patch4
+%setup -q -n %{name}-%{version}
+%patch1 -p1
 
 %build
 autoreconf -fi
@@ -93,45 +90,29 @@ export LDFLAGS="-Wl,-z,relro,-z,now"
 %configure --enable-systemd --libexecdir=%{_prefix}/lib/%{name} \
 	   --with-apparmor --with-libwrap --with-libcap-ng=yes \
 	   --disable-static --with-pic --without-python
-%{__make} %{?_smp_mflags}
+(cd lib ; %{__make} %{?_smp_mflags})
+(cd auparse ; %{__make} %{?_smp_mflags})
+(cd docs ; %{__make} %{?_smp_mflags})
 
 %install
-mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,audispd/plugins.d,init.d}}
-mkdir -p $RPM_BUILD_ROOT/usr/sbin
-mkdir -p $RPM_BUILD_ROOT/%{_mandir}/{man5,man8}
-mkdir -p $RPM_BUILD_ROOT/%{_lib}/security
-make DESTDIR=$RPM_BUILD_ROOT install
+(cd lib ; make DESTDIR=$RPM_BUILD_ROOT install)
+(cd auparse ; make DESTDIR=$RPM_BUILD_ROOT install)
+(cd docs ; make DESTDIR=$RPM_BUILD_ROOT install)
+rm -rf $RPM_BUILD_ROOT/%{_mandir}/man[578]
+mkdir -p $RPM_BUILD_ROOT/etc
 mkdir -p $RPM_BUILD_ROOT/%{_includedir}
-mkdir -p $RPM_BUILD_ROOT/%{_libdir}
+mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man5
 # We manually install this since Makefile doesn't
 install -m 0644 lib/libaudit.h $RPM_BUILD_ROOT/%{_includedir}
+# Install libaudit.conf files by hand
+install -m 0644 docs/libaudit.conf.5 $RPM_BUILD_ROOT/%{_mandir}/man5
+install -m 0644 init.d/libaudit.conf $RPM_BUILD_ROOT/etc
 
-for libname in libaudit libauparse;do
-  %{__rm} -v %{buildroot}/%{_libdir}/$libname.la
-done
-
-# USR-MERGE
-for prog in auditctl auditd ausearch autrace audispd aureport; do
-  ln -s %{_prefix}/sbin/$prog %{buildroot}/sbin/$prog
-done
-
-mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
-cp %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.auditd
-# delete redhat script, use ours
-rm -rf $RPM_BUILD_ROOT/etc/sysconfig/auditd
-rm -rf $RPM_BUILD_ROOT/etc/init.d/auditd
-rm -rf $RPM_BUILD_ROOT/etc/rc.d/init.d
-mkdir -p $RPM_BUILD_ROOT/var/log/audit/
-touch $RPM_BUILD_ROOT/var/log/audit/audit.log
-mkdir -p $RPM_BUILD_ROOT/var/spool/audit/
-# For ghost below, so that old location files will still be there when
-# post copy runs
-touch $RPM_BUILD_ROOT/etc/{auditd.conf,audit.rules}
-# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
-touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf
+%{__rm} -fv %{buildroot}/%{_libdir}/lib{audit,auparse}.la
 
 %check
-make check
+(cd lib ; make check)
+(cd auparse ; make check)
 
 %post -n libaudit1 -p /sbin/ldconfig
 
@@ -141,39 +122,17 @@ make check
 
 %postun -n libauparse0 -p /sbin/ldconfig
 
-%post
-%{fillup_only -n auditd}
-# Save existing audit files if any (from old location)
-if [ -f /etc/auditd.conf ]; then
-   mv /etc/audit/auditd.conf /etc/audit/auditd.conf.new
-   mv /etc/auditd.conf /etc/audit/auditd.conf
-fi
-if [ -f /etc/audit.rules ]; then
-   mv /etc/audit/audit.rules /etc/audit/audit.rules.new
-   mv /etc/audit.rules /etc/audit/audit.rules
-fi
-%service_add_post auditd.service
-
-%pre
-%service_add_pre auditd.service
-
-%preun
-%service_del_preun auditd.service
-
-%postun
-%service_del_postun auditd.service
-
 %files -n libaudit1
 %defattr(-,root,root)
 %{_libdir}/libaudit.so.*
 %config(noreplace) %attr(640,root,root) /etc/libaudit.conf
-%{_mandir}/man5/libaudit.conf.5*
+%{_mandir}/man5/libaudit.conf.5.gz
 
 %files -n libauparse0
 %defattr(-,root,root)
 %{_libdir}/libauparse.so.*
 
-%files devel
+%files -n audit-devel
 %defattr(-,root,root)
 %doc contrib/skeleton.c contrib/plugin
 %{_libdir}/libaudit.so
@@ -183,54 +142,4 @@ fi
 %{_includedir}/auparse-defs.h
 %{_mandir}/man3/*
 
-%files
-%defattr(-,root,root,-)
-%doc  README COPYING ChangeLog contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/stig.rules init.d/auditd.cron
-%attr(644,root,root) %{_mandir}/man8/audispd.8.gz
-%attr(644,root,root) %{_mandir}/man8/auditctl.8.gz
-%attr(644,root,root) %{_mandir}/man8/auditd.8.gz
-%attr(644,root,root) %{_mandir}/man8/aureport.8.gz
-%attr(644,root,root) %{_mandir}/man8/ausearch.8.gz
-%attr(644,root,root) %{_mandir}/man8/autrace.8.gz
-%attr(644,root,root) %{_mandir}/man8/aulast.8.gz
-%attr(644,root,root) %{_mandir}/man8/aulastlog.8.gz
-%attr(644,root,root) %{_mandir}/man8/ausyscall.8.gz
-%attr(644,root,root) %{_mandir}/man7/audit.rules.7.gz
-%attr(644,root,root) %{_mandir}/man5/auditd.conf.5.gz
-%attr(644,root,root) %{_mandir}/man5/audispd.conf.5.gz
-%attr(644,root,root) %{_mandir}/man5/ausearch-expression.5.gz
-%attr(644,root,root) %{_mandir}/man8/auvirt.8.gz
-%attr(750,root,root) /sbin/auditctl
-%attr(750,root,root) /usr/sbin/auditctl
-%attr(750,root,root) /sbin/auditd
-%attr(750,root,root) /usr/sbin/auditd
-%attr(755,root,root) /sbin/ausearch
-%attr(755,root,root) /usr/sbin/ausearch
-%attr(750,root,root) /sbin/autrace
-%attr(750,root,root) /usr/sbin/autrace
-%attr(750,root,root) /sbin/audispd
-%attr(750,root,root) /usr/sbin/audispd
-%attr(755,root,root) /usr/bin/aulast
-%attr(755,root,root) /usr/bin/aulastlog
-%attr(755,root,root) /usr/bin/ausyscall
-%attr(755,root,root) /sbin/aureport
-%attr(755,root,root) /usr/sbin/aureport
-%attr(755,root,root) /usr/bin/auvirt
-%dir %attr(750,root,root) /etc/audit
-%attr(750,root,root) %dir /etc/audisp
-%attr(750,root,root) %dir /etc/audisp/plugins.d
-%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/af_unix.conf
-%config(noreplace) %attr(640,root,root) /etc/audisp/plugins.d/syslog.conf
-%ghost /etc/auditd.conf
-%ghost /etc/audit.rules
-%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf
-%config(noreplace) %attr(640,root,root) /etc/audit/audit.rules
-%config(noreplace) %attr(640,root,root) /etc/audisp/audispd.conf
-/var/adm/fillup-templates/sysconfig.auditd
-%dir %attr(700,root,root) /var/log/audit
-%ghost %config(noreplace) /var/log/audit/audit.log
-%dir %attr(700,root,root) /var/spool/audit
-%attr(755,root,root) /usr/bin/ausyscall
-%{_unitdir}/auditd.service
-
 %changelog