forked from pool/audit
d1358f4337
- Update to 3.1.1: * Add user friendly keywords for signals to auditctl * In ausearch, parse up URINGOP and DM_CTRL records * Harden auparse to better handle corrupt logs * Fix a CFLAGS propogation problem in the common directory * Move the audispd af_unix plugin to a standalone program - Update to 3.1.1: * Add user friendly keywords for signals to auditctl * In ausearch, parse up URINGOP and DM_CTRL records * Harden auparse to better handle corrupt logs * Fix a CFLAGS propogation problem in the common directory * Move the audispd af_unix plugin to a standalone program OBS-URL: https://build.opensuse.org/request/show/1096509 OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=148
189 lines
5.7 KiB
RPMSpec
189 lines
5.7 KiB
RPMSpec
#
|
|
# spec file for package audit
|
|
#
|
|
# Copyright (c) 2023 SUSE LLC
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
%ifarch x86_64
|
|
%bcond_without livepatching
|
|
%else
|
|
%bcond_with livepatching
|
|
%endif
|
|
|
|
Name: audit
|
|
Version: 3.1.1
|
|
Release: 0
|
|
Summary: Linux kernel audit subsystem utilities
|
|
License: GPL-2.0-or-later
|
|
Group: System/Monitoring
|
|
URL: https://people.redhat.com/sgrubb/audit/
|
|
Source0: https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
|
|
Source1: baselibs.conf
|
|
Source2: README-BEFORE-ADDING-PATCHES
|
|
Patch0: change-default-log_group.patch
|
|
BuildRequires: autoconf >= 2.12
|
|
BuildRequires: kernel-headers >= 2.6.30
|
|
BuildRequires: libtool
|
|
BuildRequires: pkgconfig
|
|
BuildRequires: tcpd-devel
|
|
Requires: libaudit1 = %{version}
|
|
Requires: libauparse0 = %{version}
|
|
Provides: bundled(libev) = 4.33
|
|
|
|
%description
|
|
The audit package contains the user space utilities for storing and
|
|
processing the records generated by the audit subsystem in the
|
|
Linux kernel.
|
|
|
|
%package -n libaudit1
|
|
Summary: Library for interfacing with the kernel audit subsystem
|
|
License: LGPL-2.1-or-later
|
|
Group: System/Libraries
|
|
Obsoletes: %{name}-libs < 2.0.4
|
|
Provides: %{name}-libs = %{version}
|
|
|
|
%description -n libaudit1
|
|
The libaudit package contains the shared libraries needed for
|
|
applications to use the audit framework.
|
|
|
|
%package -n libauparse0
|
|
Summary: Library for parsing and interpreting audit events
|
|
License: LGPL-2.1-or-later
|
|
Group: System/Libraries
|
|
|
|
%description -n libauparse0
|
|
The libauparse package contains the shared libraries needed to
|
|
parse audit records.
|
|
|
|
%package -n audit-devel
|
|
Summary: Header files for libaudit
|
|
License: LGPL-2.1-or-later
|
|
Group: Development/Libraries/C and C++
|
|
Requires: libaudit1 = %{version}
|
|
Requires: libauparse0 = %{version}
|
|
|
|
%description -n audit-devel
|
|
The audit-devel package contains the header files
|
|
needed for developing applications that need to use the audit framework
|
|
libraries.
|
|
|
|
%prep
|
|
%autosetup -p1
|
|
|
|
%build
|
|
autoreconf -fi
|
|
export CFLAGS="%{optflags} -fno-strict-aliasing"
|
|
%if %{with livepatching}
|
|
export CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones"
|
|
%endif
|
|
export CXXFLAGS="$CFLAGS"
|
|
export LDFLAGS="-Wl,-z,relro,-z,now"
|
|
# no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch
|
|
%configure \
|
|
%ifarch aarch64
|
|
--with-aarch64 \
|
|
%endif
|
|
%ifarch arm
|
|
--with-arm \
|
|
%endif
|
|
--enable-systemd \
|
|
--libexecdir=%{_libexecdir}/%{name} \
|
|
--with-apparmor \
|
|
--with-libcap-ng=no \
|
|
--disable-static \
|
|
--with-python=no \
|
|
--disable-zos-remote
|
|
|
|
%make_build -C common
|
|
%make_build -C lib
|
|
%make_build -C auparse
|
|
%make_build -C docs
|
|
|
|
%if %{with livepatching}
|
|
# Workaround bsc#1208721: remove _patchable_function_entry from static libs.
|
|
find . -name "*.a" -exec \
|
|
objcopy --remove-section "__patchable_function_entries" {} \;
|
|
|
|
%define tar_basename audit-livepatch-%{version}-%{release}
|
|
%define tar_package_name %{tar_basename}.%{_arch}.tar.xz
|
|
%define clones_dest_dir %{tar_basename}/%{_arch}
|
|
|
|
# Ipa-clones are files generated by gcc which logs changes made across
|
|
# functions, and we need to know such changes to build livepatches
|
|
# correctly. These files are intended to be used by the livepatch
|
|
# developers and may be retrieved by using `osc getbinaries`.
|
|
#
|
|
# Create ipa-clones destination folder and move clones there.
|
|
mkdir -p ipa-clones/%{clones_dest_dir}
|
|
find . -name "*.ipa-clones" ! -empty \
|
|
-exec cp -t ipa-clones/%{clones_dest_dir} --parents {} +
|
|
|
|
# Create tarball with ipa-clones.
|
|
tar -cJf %{tar_package_name} -C ipa-clones \
|
|
--owner root --group root --sort name %{tar_basename}
|
|
|
|
# Copy tarball to the OTHER folder to store it as artifact.
|
|
cp %{tar_package_name} %{_topdir}/OTHER
|
|
%endif
|
|
|
|
%install
|
|
%make_install -C common
|
|
%make_install -C lib
|
|
%make_install -C auparse
|
|
%make_install -C docs
|
|
rm -rf %{buildroot}/%{_mandir}/man[578]
|
|
mkdir -p %{buildroot}%{_sysconfdir}
|
|
mkdir -p %{buildroot}/%{_includedir}
|
|
mkdir -p %{buildroot}/%{_mandir}/man5
|
|
# We manually install this since Makefile doesn't
|
|
install -m 0644 lib/libaudit.h %{buildroot}/%{_includedir}
|
|
install -D -m 0644 ./m4/audit.m4 %{buildroot}%{_datadir}/aclocal/audit.m4
|
|
# Install libaudit.conf files by hand
|
|
install -m 0644 docs/libaudit.conf.5 %{buildroot}/%{_mandir}/man5
|
|
install -m 0644 init.d/libaudit.conf %{buildroot}%{_sysconfdir}
|
|
|
|
find %{buildroot} -type f -name "*.la" -delete -print
|
|
|
|
%check
|
|
%make_build -C lib check
|
|
%make_build -C auparse check
|
|
|
|
%post -n libaudit1 -p /sbin/ldconfig
|
|
%post -n libauparse0 -p /sbin/ldconfig
|
|
%postun -n libaudit1 -p /sbin/ldconfig
|
|
%postun -n libauparse0 -p /sbin/ldconfig
|
|
|
|
%files -n libaudit1
|
|
%{_libdir}/libaudit.so.*
|
|
%config(noreplace) %attr(640,root,root) %{_sysconfdir}/libaudit.conf
|
|
%{_mandir}/man5/libaudit.conf.5%{ext_man}
|
|
|
|
%files -n libauparse0
|
|
%{_libdir}/libauparse.so.*
|
|
|
|
%files -n audit-devel
|
|
%doc contrib/plugin
|
|
%{_libdir}/libaudit.so
|
|
%{_libdir}/libauparse.so
|
|
%{_includedir}/libaudit.h
|
|
%{_includedir}/auparse.h
|
|
%{_includedir}/auparse-defs.h
|
|
%{_mandir}/man3/*
|
|
%{_datadir}/aclocal/audit.m4
|
|
%{_libdir}/pkgconfig/audit.pc
|
|
%{_libdir}/pkgconfig/auparse.pc
|
|
|
|
%changelog
|