mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-01-11 15:00:34 +00:00
Code Issues Projects Releases Wiki Activity
Files
master
meta-security/recipes-ids/samhain/samhain.inc
Haixiao Yan 06bd60600e samhain: Adapt test output to Automake format for ptest compatibility 
Convert CuTest output to follow Automake-compatible format
(PASS:/FAIL:) so that ptest-runner can correctly parse and
report test results.

root@qemux86-64:~# ptest-runner samhain-standalone -t 3600
START: ptest-runner
2025-07-06T09:38
BEGIN: /usr/lib64/samhain-standalone/ptest
PASS: Test_quote_string_ok
PASS: Test_unquote_string_ok
PASS: Test_csv_escape_ok
PASS: Test_tiger
PASS: Test_tiger_file
PASS: Test_tiger_file_with_length
PASS: Test_sh_tools_safe_name_01
PASS: Test_sh_tools_safe_name_02
PASS: Test_sh_tools_safe_name_03
PASS: Test_sh_tools_safe_name_04
PASS: Test_sh_tools_safe_name_05
PASS: Test_sh_tools_safe_name_06
PASS: Test_sh_tools_safe_name_07
PASS: Test_is_numeric_01
PASS: Test_dnmalloc
PASS: Test_sh_unix_lookup_page
PASS: Test_sl_strlcpy
PASS: Test_sl_strlcat
PASS: Test_sh_util_acl_compact
PASS: Test_sh_util_strdup_ok
PASS: Test_sh_util_strconcat_ok
PASS: Test_sh_util_base64_enc_ok
PASS: Test_sh_util_dirname_ok
PASS: Test_sh_util_basename_ok
PASS: Test_sh_util_utf8_ok
PASS: Test_sh_util_obscure_ok
PASS: Test_sl_stale
PASS: Test_sl_snprintf
PASS: Test_sl_ts_strncmp
PASS: Test_sl_strcasecmp
PASS: Test_zAVLTree
PASS: Test_sha256
PASS: Test_entropy
PASS: Test_fifo
PASS: Test_file_lists
PASS: Test_file_dequote
PASS: Test_uuid
PASS: Test_ignore_ok
PASS: Test_inotify
PASS: Test_ipvx
PASS: Test_login
PASS: Test_login
PASS: Test_portcheck_lists
PASS: Test_processcheck_watchlist_ok
PASS: Test_processcheck_listhandle_ok
PASS: Test_restrict
PASS: Test_cmdlist
PASS: Test_srp
PASS: Test_string

DURATION: 0
END: /usr/lib64/samhain-standalone/ptest
2025-07-06T09:38
STOP: ptest-runner
TOTAL: 1 FAIL: 0
root@qemux86-64:~#

Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
2025-07-18 09:48:20 -04:00

166 lines
5.8 KiB
PHP
Raw Permalink Blame History

DESCRIPTION = "Provides file integrity checking and log file monitoring/analysis"
HOMEPAGE = "http://www.la-samhna.de/samhain/"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://LICENSE;md5=8ca43cbc842c2336e835926c2166c28b"
PV = "4.5.2"
SRC_URI = "https://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
file://${INITSCRIPT_NAME}.init \
file://${INITSCRIPT_NAME}.default \
file://samhain.service \
file://0001-Hash-fix-for-MIPS64-and-AARCH64.patch \
file://0002-Make-samhainrc-OE-friendly.patch \
file://0003-fix-real-path-for-some-files-dirs.patch \
file://0004-Set-the-PID-Lock-path-for-samhain.pid.patch \
file://0005-Fix-sha256-for-big-endian-machines.patch \
file://0006-configure-add-option-for-ps.patch \
file://0007-configure.ac-avoid-searching-host-for-postgresql.patch \
file://0008-Add-LDFLAGS-variable-for-compiling-samhain_setpwd.patch \
file://0009-fix-build-with-new-version-attr.patch \
file://0010-Fix-initializer-element-is-not-constant.patch \
file://0001-Format-test-output-to-match-Automake-standards.patch \
"
SRC_URI[sha256sum] = "0b5d3534fd60ecf45dfd79bd415e81f7a56eba7f1755771735e204f334033578"
UPSTREAM_CHECK_URI = "https://www.la-samhna.de/samhain/archive.html"
UPSTREAM_CHECK_REGEX = "samhain_signed-(?P<pver>(\d+(\.\d+)+))\.tar"
S = "${UNPACKDIR}/samhain-${PV}"
inherit autotools-brokensep update-rc.d pkgconfig systemd
SAMHAIN_PORT ??= "49777"
SAMHAIN_SERVER ??= "NULL"
INITSCRIPT_NAME = "${BPN}"
INITSCRIPT_PARAMS ?= "defaults"
SYSTEMD_PACKAGES = "${PN}"
SYSTEMD_SERVICE:${PN} = "${INITSCRIPT_NAME}.service"
SYSTEMD_AUTO_ENABLE = "disable"
# supports mysql|postgresql|oracle|odbc but postgresql is the only one available
PACKAGECONFIG ??= "postgresql ps \
${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)} \
"
PACKAGECONFIG[postgresql] = "--with-database=postgresql --enable-xml-log PGSQL_INC_DIR=${STAGING_INCDIR} PGSQL_LIB_DIR=${STAGING_LIBDIR}, , postgresql"
PACKAGECONFIG[suidcheck] = "--enable-suidcheck, , "
PACKAGECONFIG[logwatch] = "--enable-login-watch, , "
PACKAGECONFIG[mounts] = "--enable-mounts-check, , "
PACKAGECONFIG[userfiles] = "--enable-userfiles, , "
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux attr"
PACKAGECONFIG[acl] = " --enable-posix-acl , --disable-posix-acl, acl"
PACKAGECONFIG[audit] = "ac_cv_header_auparse_h=yes,ac_cv_header_auparse_h=no,audit"
PACKAGECONFIG[ps] = "--with-ps-path=${base_bindir}/ps,,,procps"
EXTRA_OECONF += "INSTALL='install -p'"
EXTRA_OEMAKE:append:aarch64 = " CPPFLAGS+=-DCONFIG_ARCH_AARCH64=1"
EXTRA_OEMAKE:append:mips64 = " CPPFLAGS+=-DCONFIG_ARCH_MIPS64=1"
do_unpack_samhain() {
cd ${UNPACKDIR}
tar -xzvf samhain-${PV}.tar.gz -C ${UNPACKDIR}
}
python do_unpack:append() {
bb.build.exec_func('do_unpack_samhain', d)
}
do_configure:prepend:arm() {
export sh_cv___va_copy=yes
}
do_configure:prepend:aarch64() {
export sh_cv___va_copy=yes
}
# If we use oe_runconf in do_configure() it will by default
# use the prefix --oldincludedir=/usr/include which is not
# recognized by Samhain's configure script and would invariably
# throw back the error "unrecognized option: --oldincludedir=/usr/include"
do_configure:prepend () {
cat << EOF > ${S}/config-site.${BP}
ssp_cv_lib=no
sh_cv_va_copy=yes
EOF
export CONFIG_SITE=${S}/config-site.${BP}
# remove the buildpath
sed -i -e 's;mydefarg;mydefargholder;g' ${S}/scripts/samhain.ebuild.in
sed -i -e 's;mydefarg;mydefargholder;g' ${S}/scripts/samhain.ebuild-light.in
}
do_configure () {
autoconf -f
./configure \
--build=${BUILD_SYS} \
--host=${HOST_SYS} \
--target=${TARGET_SYS} \
--prefix=${prefix} \
--exec_prefix=${exec_prefix} \
--bindir=${bindir} \
--sbindir=${sbindir} \
--libexecdir=${libexecdir} \
--datadir=${datadir} \
--sysconfdir=${sysconfdir} \
--sharedstatedir=${sharedstatedir} \
--localstatedir=${localstatedir} \
--libdir=${libdir} \
--includedir=${includedir} \
--infodir=${infodir} \
--mandir=${mandir} \
--enable-network=${SAMHAIN_MODE} \
--with-pid-file=${localstatedir}/run/samhain.pid \
--with-data-file=${localstatedir}/lib/samhain/samhain_file \
${EXTRA_OECONF}
}
do_compile:prepend:libc-musl () {
sed -i 's/^#define HAVE_MALLOC_H.*//' ${B}/config.h
}
# Install the init script, it's default file, and the extraneous
# documentation.
do_install:append () {
oe_runmake install DESTDIR='${D}' INSTALL=install-boot
install -D -m 755 ${UNPACKDIR}/${INITSCRIPT_NAME}.init \
${D}${sysconfdir}/init.d/${INITSCRIPT_NAME}
install -D -m 755 ${UNPACKDIR}/${INITSCRIPT_NAME}.default \
${D}${sysconfdir}/default/${INITSCRIPT_NAME}
if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
if [ "${SAMHAIN_MODE}" = "no" ]; then
install -D -m 0644 ${UNPACKDIR}/samhain.service ${D}/${systemd_system_unitdir}/samhain.service
else
install -D -m 0644 ${UNPACKDIR}/samhain.service ${D}/${systemd_system_unitdir}/${BPN}.service
fi
install -D -m 0755 ${UNPACKDIR}/${BPN}.init ${D}/${libexecdir}/${BPN}
sed -i -e 's,@LIBDIR@,${libexecdir},' \
-e 's,@SAMHAIN_HELPER@,${BPN},' \
-e 's,@MODE_NAME@,${MODE_NAME},' \
${D}${systemd_system_unitdir}/samhain*.service
fi
install -d ${D}${docdir}/${BPN}
cp -r docs/* ${D}${docdir}/${BPN}
cp -r scripts ${D}${docdir}/${BPN}
install -d -m 755 ${D}${localstatedir}/samhain
# Prevent QA warnings about installed ${localstatedir}/run
if [ -d ${D}${localstatedir}/run ]; then
rmdir ${D}${localstatedir}/run
fi
rm -rf ${D}${localstatedir}/log
}
FILES:${PN} += "${systemd_system_unitdir}"
Reference in New Issue View Git Blame Copy Permalink