gentoo auto-resync : 22:11:2024 - 03:03:01

3 files changed, 195 insertions, 0 deletions

diff --git a/sys-process/Manifest.gz b/sys-process/Manifest.gz
index 02500c8db38b..39025379f210 100644
--- a/sys-process/Manifest.gz
+++ b/sys-process/Manifest.gz
diff --git a/sys-process/audit/Manifest b/sys-process/audit/Manifest
index 46eba3ebda40..3139f7cf0ab6 100644
--- a/sys-process/audit/Manifest
+++ b/sys-process/audit/Manifest
@@ -6,5 +6,7 @@ AUX audit.rules.stop.pre 427 BLAKE2B ddf4ac16c3e1fd401c266287e792865adf8f4dd0b4b
 AUX auditd-conf.d-2.1.3 734 BLAKE2B 018677362bc82c2052885cdd0e2185050cf5e97722ead4acdc51d428b52c265317c7dd03d1459be38b781e78f857cd967e5a60b68360c3381c31c62e1d61d843 SHA512 69d8777772ded7a8c0db2bcf84961b121bb355fa0d4ba0e14e311f8a8bfe665cbd2b7ac632d73477f9dfa9a6eec357a7ed458fe9b3e7b5ede75b166f3f092ab7
 AUX auditd-init.d-2.4.3 2054 BLAKE2B 20e68ab676c925b8567a7e9a12d2ac055fd90477cbbd6444136b7198828798f7b6428948503c344639fab5fea54962682be7c986950c2cbae8b7c9dfeb321a4b SHA512 1b48c248db5d34f148f9c79f8b2a6acbf61c729230341b861f5e331bbfb0c8356305a09eb2cc5c82c14c4fd9a13c7c13957e1ed493834b8b3b9ee38978e4c31f
 DIST audit-4.0.1.tar.gz 1194961 BLAKE2B 590abf58e672921a432348f48936cfbff0b6ddfa47e77b3b20eaa00e5d1c4ce2fc8d10c1fc1cbc19d44c09a9f7dfbca76778c94d8d340485c2bb1bb3b5a3c95a SHA512 7fbc426d0ddea340a36ceab52ac090e8e3dfb3450ebf50b478324a097f19ab4bb2cf78a2532644acb17e6114b59b8fda718affda9da62fb84181e3abf76039df
+DIST audit-4.0.2.tar.gz 1198769 BLAKE2B f34fed7eebbc72d82d1051bbaf5ec29ebb8e1b9fe85dc0a0f8c71a94ede86578d58d16be9d91e643368fabe20e69c208fb7f374e19a70bf6dc7c0ab2448fb30a SHA512 13d4d07b316fc1380d75baefbb1345b34286015d52e758c14b2f82781cf4cffc16b6eb29d999563ff40caa6d005630a5dfc44741e49b71291c9beb84ddc452a4
 EBUILD audit-4.0.1-r1.ebuild 5033 BLAKE2B 4f750017e326fea193d9e592d8899d0a22bab89456777868d69487109e9047ca3ba3fba10d4ded56e8b02b14864d78f84a21514f69939ed7304e44ead36a4e2c SHA512 0814bd6e729ec278d541e4f634ffd0f6f90c3fde100872b02b73ff9a37e70709637b31c12ef12752f81df2ddca7293e70137d3591483fbe6841f731e178b538a
+EBUILD audit-4.0.2.ebuild 4938 BLAKE2B 50187ecbee3e3a3c8d4fef012054c34a12a9c5b6a002eab103e5313bd97818cf20dbad6b8bf8c63c4afeef06ee708fe1f2511ec3caa9f987b5a205ed3600616b SHA512 9023da2cde9735507a2dc7c26d5f74bb1164479e1066e6ed3b652de786aee9b9b2117f9b33326535d031aa3e61ead26e2868d94d4902cd940cb57cfa22b4629e
 MISC metadata.xml 628 BLAKE2B 1e927808210f4acff077f0c9e1a2d358c823fd5ce405b2ef5f0ed760cfa2ac059665f5a11cf1d87314012025844f21b3b9cb25f38a892f715ab2e7de47bbb86a SHA512 2bcb29cb5748ac22d0902dc616cf236eca7f5440c48a6f4bd2b7f2c65ec35cf63bda79252ea21d3553749146b9c84a6db7af256e01a84d347bfd4d8d60a204f6
diff --git a/sys-process/audit/audit-4.0.2.ebuild b/sys-process/audit/audit-4.0.2.ebuild
new file mode 100644
index 000000000000..76c791283887
--- /dev/null
+++ b/sys-process/audit/audit-4.0.2.ebuild
@@ -0,0 +1,193 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# As with sys-libs/libcap-ng, same maintainer in Fedora as upstream, so
+# check Fedora's packaging (https://src.fedoraproject.org/rpms/audit/tree/rawhide)
+# on bumps (or if hitting a bug) to see what they've done there.
+
+PYTHON_COMPAT=( python3_{10..13} )
+
+inherit autotools multilib-minimal toolchain-funcs python-r1 linux-info systemd usr-ldscript
+
+DESCRIPTION="Userspace utilities for storing and processing auditing records"
+HOMEPAGE="https://people.redhat.com/sgrubb/audit/"
+SRC_URI="https://people.redhat.com/sgrubb/audit/${P}.tar.gz"
+
+LICENSE="GPL-2+ LGPL-2.1+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="gssapi io-uring ldap python static-libs test"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+	sys-libs/libcap-ng
+	gssapi? ( virtual/krb5 )
+	ldap? ( net-nds/openldap:= )
+	python? ( ${PYTHON_DEPS} )
+"
+DEPEND="
+	${RDEPEND}
+	>=sys-kernel/linux-headers-2.6.34
+	test? ( dev-libs/check )
+"
+BDEPEND="
+	python? (
+		dev-lang/swig
+		$(python_gen_cond_dep '
+			dev-python/setuptools[${PYTHON_USEDEP}]
+		' python3_12)
+	)
+"
+
+CONFIG_CHECK="~AUDIT"
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+	# missing on musl. Uses handrolled AC_LINK_IFELSE but fails at link time
+	# for older compilers regardless. bug #898828
+	strndupa
+)
+
+src_prepare() {
+	# audisp-remote moved in multilib_src_install_all
+	sed -i \
+		-e "s,/sbin/audisp-remote,${EPREFIX}/usr/sbin/audisp-remote," \
+		audisp/plugins/remote/au-remote.conf || die
+
+	# Disable installing sample rules so they can be installed as docs.
+	echo -e '%:\n\t:' | tee rules/Makefile.{am,in} >/dev/null || die
+
+	default
+	eautoreconf
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		--sbindir="${EPREFIX}"/sbin
+		--localstatedir="${EPREFIX}"/var
+		--runstatedir="${EPREFIX}"/run
+		$(use_enable gssapi gssapi-krb5)
+		$(use_enable ldap zos-remote)
+		$(use_enable static-libs static)
+		$(use_with arm)
+		$(use_with arm64 aarch64)
+		$(use_with io-uring io_uring)
+		--without-golang
+		--without-libwrap
+		--without-python3
+	)
+
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+
+	if multilib_is_native_abi && use python; then
+		python_configure() {
+			mkdir -p "${BUILD_DIR}" || die
+			pushd "${BUILD_DIR}" &>/dev/null || die
+
+			ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" --with-python3
+			find . -type f -name 'Makefile' -exec sed -i "s;-I/usr/include/python;-I${SYSROOT}/usr/include/python;g" {} +
+
+			popd &>/dev/null || die
+		}
+
+		python_foreach_impl python_configure
+	fi
+}
+
+src_configure() {
+	tc-export_build_env BUILD_{CC,CPP}
+
+	local -x CC_FOR_BUILD="${BUILD_CC}"
+	local -x CPP_FOR_BUILD="${BUILD_CPP}"
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_compile() {
+	if multilib_is_native_abi; then
+		default
+
+		local native_build="${BUILD_DIR}"
+
+		python_compile() {
+			emake -C "${BUILD_DIR}"/bindings/swig top_builddir="${native_build}"
+			emake -C "${BUILD_DIR}"/bindings/python/python3 top_builddir="${native_build}"
+		}
+
+		use python && python_foreach_impl python_compile
+	else
+		emake -C common
+		emake -C lib
+		emake -C auparse
+	fi
+}
+
+multilib_src_install() {
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" initdir="$(systemd_get_systemunitdir)" install
+
+		local native_build="${BUILD_DIR}"
+
+		python_install() {
+			emake -C "${BUILD_DIR}"/bindings/swig DESTDIR="${D}" top_builddir="${native_build}" install
+			emake -C "${BUILD_DIR}"/bindings/python/python3 DESTDIR="${D}" top_builddir="${native_build}" install
+			python_optimize
+		}
+
+		use python && python_foreach_impl python_install
+
+		# Things like shadow use this so we need to be in /
+		gen_usr_ldscript -a audit auparse
+	else
+		emake -C lib DESTDIR="${D}" install
+		emake -C auparse DESTDIR="${D}" install
+	fi
+}
+
+multilib_src_install_all() {
+	dodoc AUTHORS ChangeLog README* THANKS
+	docinto contrib
+	dodoc contrib/avc_snap
+	docinto contrib/plugin
+	dodoc contrib/plugin/*
+	docinto rules
+	dodoc rules/*rules
+
+	newinitd "${FILESDIR}"/auditd-init.d-2.4.3 auditd
+	newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd
+
+	if [[ -f "${ED}"/sbin/audisp-remote ]] ; then
+		dodir /usr/sbin
+		mv "${ED}"/{sbin,usr/sbin}/audisp-remote || die
+	fi
+
+	# Gentoo rules
+	insinto /etc/audit
+	newins "${FILESDIR}"/audit.rules-2.1.3 audit.rules
+	doins "${FILESDIR}"/audit.rules.stop*
+	keepdir /etc/audit/rules.d
+
+	# audit logs go here
+	keepdir /var/log/audit
+
+	find "${ED}" -type f -name '*.la' -delete || die
+
+	# Security
+	lockdown_perms "${ED}"
+}
+
+pkg_postinst() {
+	lockdown_perms "${EROOT}"
+}
+
+lockdown_perms() {
+	# Upstream wants these to have restrictive perms.
+	# Should not || die as not all paths may exist.
+	local basedir="${1}"
+	chmod 0750 "${basedir}"/sbin/au{ditctl,ditd,report,search,trace} 2>/dev/null
+	chmod 0750 "${basedir}"/var/log/audit 2>/dev/null
+	chmod 0640 "${basedir}"/etc/audit/{auditd.conf,audit*.rules*} 2>/dev/null
+}