[sys-process/audit] sync from tree, drop separate audit rule support, i don't care about it enough to keep it working.

2016-07-17 15:20:18 +02:00 · 2016-07-17 15:20:18 +02:00 · 8ec6e04dd7
parent d55db187e4
commit 8ec6e04dd7
4 changed files with 19 additions and 35 deletions
--- a/sys-process/audit/Manifest
+++ b/sys-process/audit/Manifest
@ -1 +1 @@
-DIST audit-2.4.3.tar.gz 998974 SHA256 9c914704fecc602e143e37152f3efbab2469692684c1a8cc1b801c1b49c7abc6 SHA512 2bbaa11ed5e2d8138711df325ec1997c4eb955123699fd330b5272b7f3475ca61c9753e1c103abfc9c49e1fc8aaf52dbd55545e3f1874214979ddece64ad79aa WHIRLPOOL 1a0c0a273fddc49d15322a2423d4038488738d6597d0641182befab91646355bbee393a5d09d446dc4cf2f4579dd7ea99928cadd77bc72c355db0a10d4964da5
+DIST audit-2.6.4.tar.gz 1078677 SHA256 b5a79cecd9593c368c9e42d5af72fcd14f046676657e906970b6c4a1aa5d06c7 SHA512 69b5d3987d2b8b189d1242fde639af3d7d366e901733133e47ee71223caf73aa7da40b7811298f0af861969b0ab482c5ef9830b711bdd15bd5f4d0ebc88a1224 WHIRLPOOL bda2f7bb754620b003c9c7df2e29d169e0421a9f0a1cf11396539fc3cae1d3907dc4265c3941e24a30eb206032a894989e74b803f2c4a7558057b879c41b2642
--- a/sys-process/audit/audit-2.4.3-r1.ebuild
+++ b/sys-process/audit/audit-2.4.3-r1.ebuild
@ -1,23 +1,22 @@
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$

-EAPI="5"
+EAPI="6"

-PYTHON_COMPAT=( python{2_7,3_3,3_4} )
+PYTHON_COMPAT=( python{2_7,3_3,3_4,3_5} )

-inherit autotools multilib multilib-minimal toolchain-funcs python-r1 linux-info eutils systemd
+inherit autotools multilib multilib-minimal toolchain-funcs python-r1 linux-info systemd

 DESCRIPTION="Userspace utilities for storing and processing auditing records"
-HOMEPAGE="http://people.redhat.com/sgrubb/audit/"
-SRC_URI="http://people.redhat.com/sgrubb/audit/${P}.tar.gz"
+HOMEPAGE="https://people.redhat.com/sgrubb/audit/"
+SRC_URI="https://people.redhat.com/sgrubb/audit/${P}.tar.gz"

 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
 IUSE="apparmor ldap python tcpd"
-# Testcases are pretty useless as they are built for RedHat users/groups and
-# kernels.
+# Testcases are pretty useless as they are built for RedHat users/groups and kernels.
 RESTRICT="test"

 RDEPEND="apparmor? ( sys-apps/apparmor )
@ -41,7 +40,7 @@ pkg_setup() {
 }

 src_prepare() {
-	epatch_user
+	eapply_user

 	# Do not build GUI tools
 	sed -i \
@ -62,22 +61,18 @@ src_prepare() {
 	fi

 	# Don't build static version of Python module.
-	epatch "${FILESDIR}"/${PN}-2.4.3-python.patch
+	eapply "${FILESDIR}"/${PN}-2.4.3-python.patch

 	# glibc/kernel upstreams suck with both defining ia64_fpreg
 	# This patch is a horribly workaround that is only valid as long as you
 	# don't need the OTHER definitions in fpu.h.
-	epatch "${FILESDIR}"/${PN}-2.1.3-ia64-compile-fix.patch
+	eapply "${FILESDIR}"/${PN}-2.1.3-ia64-compile-fix.patch

 	# there is no --without-golang conf option
 	sed -e "/^SUBDIRS =/s/ @gobind_dir@//" -i bindings/Makefile.am || die

 	# Regenerate autotooling
 	eautoreconf
-
-	# Bug 352198: Avoid parallel build fail
-	cd "${S}"/src/mt
-	[[ ! -s private.h ]] && ln -s ../../lib/private.h .
 }

 multilib_src_configure() {
@ -85,12 +80,8 @@ multilib_src_configure() {
 	econf \
 		--sbindir=/sbin \
 		--enable-systemd \
-		--without-prelude \
 		--without-python \
 		--without-python3 \
-		$(use_with arm64 aarch64) \
-		$(use_with alpha) \
-		$(use_with arm) \
 		$(use_with apparmor) \
 		$(multilib_native_use_with tcpd libwrap)

@ -146,7 +137,7 @@ multilib_src_compile() {

 multilib_src_install() {
 	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" initdir="$(systemd_get_unitdir)" install
+		emake DESTDIR="${D}" initdir="$(systemd_get_systemunitdir)" install

 		python_install() {
 			local pysuffix pydef
@ -186,14 +177,16 @@ multilib_src_install() {
 multilib_src_install_all() {
 	dodoc AUTHORS ChangeLog README* THANKS TODO
 	docinto contrib
-	dodoc contrib/{*.rules,avc_snap,skeleton.c}
+	dodoc contrib/{avc_snap,skeleton.c}
 	docinto contrib/plugin
 	dodoc contrib/plugin/*
+	docinto rules
+	dodoc rules/*

 	newinitd "${FILESDIR}"/auditd-init.d-2.4.3 auditd
-	newconfd "${FILESDIR}"/auditd-conf.d-2.3.6 auditd
+	newconfd "${FILESDIR}"/auditd-conf.d-2.1.3 auditd

-	chmod 644 "${D}/$(systemd_get_unitdir)"/auditd.service || die # 556436
+	fperms 644 "$(systemd_get_systemunitdir)"/auditd.service # 556436

 	[ -f "${D}"/sbin/audisp-remote ] && \
 	dodir /usr/sbin && \
@ -226,6 +219,7 @@ pkg_postinst() {

 lockdown_perms() {
 	# upstream wants these to have restrictive perms
+	# should not || die, maybe not all paths exist
 	basedir="$1"
 	chmod 0750 "${basedir}"/sbin/au{ditctl,report,dispd,ditd,search,trace} 2>/dev/null
 	chmod 0750 "${basedir}"/var/log/audit/ 2>/dev/null
--- a/sys-process/audit/files/auditd-conf.d-2.1.3
+++ b/sys-process/audit/files/auditd-conf.d-2.1.3
@ -21,10 +21,3 @@ RULEFILE_STOP_POST=/etc/audit/audit.rules.stop.post
 AUDITD_LANG=C
 #AUDITD_LANG=en_US
 #AUDITD_LANG=en_US.UTF-8
-
-# This option determines whether or not to call augenrules to compile the
-# audit.rule file from /etc/audit/rules.d. The default is "no" so that nothing
-# happens to existing rules. When setting this up, any existing rules need to
-# be copied into /etc/audit/rules.d or it will be lost when audit.rule gets
-# overwritten.
-USE_AUGENRULES="no"
--- a/sys-process/audit/files/auditd-init.d-2.4.3
+++ b/sys-process/audit/files/auditd-init.d-2.4.3
@ -61,9 +61,6 @@ start() {
 	start_auditd
 	local ret=$?
 	if [ $ret -eq 0 -a "${RC_CMD}" != "restart" ]; then
-		if yesno ${USE_AUGENRULES:-no}; then
-			test -d /etc/audit/rules.d && /sbin/augenrules
-		fi
 		loadfile "${RULEFILE_STARTUP}"
 	fi
 	return $ret