Accepting request 1207244 from security

OBS-URL: https://build.opensuse.org/request/show/1207244
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/audit?expand=0&rev=108

audit-secondary.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Oct  4 16:06:06 UTC 2024 - Enzo Matsumiya <ematsumiya@suse.com>
+
+- Update audit.spec (bsc#1231236):
+  * add requirement for 'awk' package
+  * move some %post logic from audit to audit-rules
+
 -------------------------------------------------------------------
 Wed Oct  2 11:15:07 UTC 2024 - Enzo Matsumiya <ematsumiya@suse.com>
 

audit-secondary.spec

@@ -83,6 +83,7 @@ Linux kernel.
 %package -n	audit-rules
 Summary:        Rules and utilities for audit
 License:        LGPL-2.1-or-later
+Requires:       gawk
 Recommends:     audit = %{version}-%{release}
 
 %description -n audit-rules
@@ -183,7 +184,7 @@ install -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/
 mkdir -p %{buildroot}%{_sysconfdir}/%{_name}/
 mkdir -p %{buildroot}%{_sysconfdir}/%{_name}/rules.d/
 mkdir -p %{buildroot}%{_datadir}/%{_name}-rules
-touch %{buildroot}%{_sysconfdir}/{auditd.conf,audit.rules} %{buildroot}%{_sysconfdir}/audit/auditd.conf
+touch %{buildroot}%{_sysconfdir}/audit/{auditd.conf,audit.rules}
 # On platforms with 32 & 64 bit libs, we need to coordinate the timestamp
 touch -r ./audit.spec %{buildroot}%{_sysconfdir}/libaudit.conf
 # Starting with audit 2.5 no config is installed so start with no rules
@@ -226,29 +227,31 @@ chmod 0644 %{buildroot}%{_unitdir}/auditd.service
 %make_build check
 
 %post -n audit
-# Save existing audit files if any (from old locations)
+# Save existing auditd.conf if any (from old locations)
 if [ -f %{_sysconfdir}/auditd.conf ]; then
    mv %{_sysconfdir}/audit/auditd.conf %{_sysconfdir}/audit/auditd.conf.new
    mv %{_sysconfdir}/auditd.conf %{_sysconfdir}/audit/auditd.conf
 fi
-if [ -f %{_sysconfdir}/audit.rules ]; then
-   mv %{_sysconfdir}/audit.rules %{_sysconfdir}/audit/audit.rules
-elif [ ! -f %{_sysconfdir}/audit/audit.rules ]; then
-   cp %{_sysconfdir}/audit/rules.d/audit.rules %{_sysconfdir}/audit/audit.rules
-fi
 %service_add_post auditd.service
-%service_add_post audit-rules.service
 
 %post -n audit-rules
-%systemd_post audit-rules.service
+if [ -f %{_sysconfdir}/audit.rules ]; then
-# Copy default rules into place on new installation
+   # If /etc/audit.rules exists, move into the expected default place /etc/audit/audit.rules.
-files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w`
+   mv %{_sysconfdir}/audit.rules %{_sysconfdir}/%{_name}/audit.rules
-if [ "$files" -eq 0 ] ; then
+else
-	touch %{_sysconfdir}/audit.rules
+   # We only expect /etc/audit/audit.rules to exist.  If it doesn't, augenrules --load will create
+   # it with the rules in /etc/audit/rules.d.
+   #
+   # If /etc/audit/rules.d is empty, copy the default rules file (no-rules).
+   files=`ls /etc/audit/rules.d/ 2>/dev/null | wc -w`
+   if [ "$files" -eq 0 ] ; then
+      touch %{_sysconfdir}/%{_name}/audit.rules
       install -m 0600 %{_datadir}/audit-rules/10-no-audit.rules %{_sysconfdir}/%{_name}/rules.d/audit.rules
       # Make the new rules active
+   fi
    augenrules --load
 fi
+%service_add_post audit-rules.service
 
 %pre -n audit
 %service_add_pre auditd.service

audit.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Oct  4 16:04:56 UTC 2024 - Enzo Matsumiya <ematsumiya@suse.com>
+
+- Update audit.spec: add requirement for 'awk' package (bsc#1231236)
+
 -------------------------------------------------------------------
 Tue Sep 17 18:20:58 UTC 2024 - Enzo Matsumiya <ematsumiya@suse.com>
 

audit.spec

@@ -39,6 +39,7 @@ BuildRequires:  kernel-headers >= 2.6.30
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
 BuildRequires:  tcpd-devel
+Requires:       gawk
 Requires:       libaudit1 = %{version}
 Requires:       libauparse0 = %{version}
 Provides:       bundled(libev) = 4.33