upgpkg: samhain 4.4.5-1

* New upstream release * Split package now provides samhain-{standalone,client,server} * Proper systemd integration
author: George Rawlinson 2021-07-06 05:00:44 +0000
committer: George Rawlinson 2021-07-06 05:00:44 +0000
commit: 495c8dfb0a0d4f15b3266244d0ce24120ad011ea (patch)
tree: d939205e1c5734ecc31a490a901f9522f411d2ec
parent: 3e0e80c561bacaf92b3e50f3e065c46a62a549bc (diff)
download: aur-495c8dfb0a0d4f15b3266244d0ce24120ad011ea.tar.gz
8 files changed, 173 insertions, 49 deletions
diff --git a/.SRCINFO b/.SRCINFO
index c0759a17d0d0..073100fa8b29 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,16 +1,38 @@
 pkgbase = samhain
-	pkgdesc = file integrity / intrusion detection system
-	pkgver = 4.4.2
+	pkgdesc = Host Integrity Monitoring System
+	pkgver = 4.4.5
 	pkgrel = 1
-	url = http://www.la-samhna.de/
+	url = https://www.la-samhna.de/samhain/index.html
 	install = samhain.install
 	arch = x86_64
 	license = GPL
-	source = http://www.la-samhna.de/samhain/samhain-current.tar.gz
-	source = samhain.service
-	validpgpkeys = EF6CEF54701A0AFDB86AF4C31AAD26C80F571F6C
-	sha256sums = 2bb2750b32646be32517d0b2259402559c72b96979800f6c33774fcdea327fff
-	sha256sums = 7e53bee6bb9ba15db6e741ed3520491c747e57bb58ffc0da6c5d7e235ac720c9
+	depends = audit
+	depends = acl
+	depends = zlib
+	depends = systemd
+	depends = procps-ng
+	source = https://www.la-samhna.de/archive/samhain_signed-4.4.5.tar.gz
+	source = client-sysusers.conf
+	source = client-tmpfiles.conf
+	source = server-sysusers.conf
+	source = server-tmpfiles.conf
+	b2sums = 3b44cdcafb2bb1b0bad8b8748f030fb4a0689346f616b176cf0ddee6514b1596c89e6da8c1f185da8d1ac556726aa922bed0144d125af2b237b710b5706bd1ea
+	b2sums = d326dc086b296ec7c18ce186da608b11109e03d9e9e7b475485b3c8eb06e4f7be36d9e716449cdca90e324631600e100aed57dca35626c126eb9caa3a5a36a4b
+	b2sums = 35e2cdc7e3adee3f7453dd0e831c9f45221682ebe1c5ec3b29a5312622908bdc66e1b2efa0921a3e573c54f79c9862b81fa5c715962452b4c34efe6ffcf2254a
+	b2sums = 21abdadbda821db8b071904b6a3f0a2ff552ea8c0c3d038d6e9af101fce055b2194d733d3b9aa6879880cf11dc590911741dcfa21ec46e83c1ca28641865cefc
+	b2sums = 230651be72bb86979ce3a02d75e4e10025e90b0e20fd1f37df0005e0c2a559fedbb7afcb1e34728de9ce1a29b29c46e8f0b89d9e5bf3accc3b3e0fd639219b97
 
-pkgname = samhain
+pkgname = samhain-standalone
+	pkgdesc = Host Integrity Monitoring System (standalone)
+	conflicts = samhain-client
+	backup = etc/samhainrc
 
+pkgname = samhain-client
+	pkgdesc = Host Integrity Monitoring System (client)
+	conflicts = samhain-standalone
+	backup = etc/samhainrc
+
+pkgname = samhain-server
+	pkgdesc = Host Integrity Monitoring System (server)
+	optdepends = perl: for signing scripts
+	backup = etc/yulerc
diff --git a/PKGBUILD b/PKGBUILD
index 8781aec95ff4..030f823fb636 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,37 +1,138 @@
-# Maintainer: Deon Spengler <deon at spengler dot co dot za>
+# Maintainer: George Rawlinson <grawlinson@archlinux.org>
+# Contributor: Deon Spengler <deon at spengler dot co dot za>
 # Contributor: Luke R. <g4jc@bulletmail.org> GPG:  c25519/D85D2F527B0
 
-pkgname=samhain
-pkgver=4.4.2
+pkgbase=samhain
+pkgname=(
+  'samhain-standalone'
+  'samhain-client'
+  'samhain-server'
+)
+pkgver=4.4.5
 pkgrel=1
-pkgdesc="file integrity / intrusion detection system"
-arch=(x86_64)
-url="http://www.la-samhna.de/"
+pkgdesc="Host Integrity Monitoring System"
+arch=('x86_64')
+url="https://www.la-samhna.de/samhain/index.html"
 license=('GPL')
 install=samhain.install
-source=("http://www.la-samhna.de/samhain/${pkgname}-current.tar.gz"
-        "samhain.service")
-sha256sums=('2bb2750b32646be32517d0b2259402559c72b96979800f6c33774fcdea327fff'
-            '7e53bee6bb9ba15db6e741ed3520491c747e57bb58ffc0da6c5d7e235ac720c9')
-validpgpkeys=('EF6CEF54701A0AFDB86AF4C31AAD26C80F571F6C') # Rainer Wichmann
+depends=('audit' 'acl' 'zlib' 'systemd' 'procps-ng')
+source=("https://www.la-samhna.de/archive/samhain_signed-$pkgver.tar.gz"
+        'client-sysusers.conf'
+        'client-tmpfiles.conf'
+        'server-sysusers.conf'
+        'server-tmpfiles.conf')
+b2sums=('3b44cdcafb2bb1b0bad8b8748f030fb4a0689346f616b176cf0ddee6514b1596c89e6da8c1f185da8d1ac556726aa922bed0144d125af2b237b710b5706bd1ea'
+        'd326dc086b296ec7c18ce186da608b11109e03d9e9e7b475485b3c8eb06e4f7be36d9e716449cdca90e324631600e100aed57dca35626c126eb9caa3a5a36a4b'
+        '35e2cdc7e3adee3f7453dd0e831c9f45221682ebe1c5ec3b29a5312622908bdc66e1b2efa0921a3e573c54f79c9862b81fa5c715962452b4c34efe6ffcf2254a'
+        '21abdadbda821db8b071904b6a3f0a2ff552ea8c0c3d038d6e9af101fce055b2194d733d3b9aa6879880cf11dc590911741dcfa21ec46e83c1ca28641865cefc'
+        '230651be72bb86979ce3a02d75e4e10025e90b0e20fd1f37df0005e0c2a559fedbb7afcb1e34728de9ce1a29b29c46e8f0b89d9e5bf3accc3b3e0fd639219b97')
+
+prepare() {
+  # ensure each package has a copy of the source
+  for package in ${pkgname[@]}; do
+    mkdir "$package-$pkgver"
+    # upstream has an archive inside an archive
+    bsdtar \
+      --extract \
+      --strip-components 1 \
+      --directory "$package-$pkgver" \
+      --file "$pkgbase-$pkgver.tar.gz"
+  done
+
+  # generate systemd service from template
+  for service in samhain yule; do
+    sed \
+      -e "s:@install_name@:$service:" \
+      -e "s:@mylockfile@:/run/$service/$service.pid:" \
+      -e "s:@sbindir@:/usr/bin:" \
+      "samhain-standalone-$pkgver/init/samhain.startSystemd.in" \
+      > "$srcdir/$service.service"
+  done
+}
 
 build() {
-  echo "Note: If the GPG verification fails, import the Samhain GPG key: http://www.la-samhna.de/samhain/s_rkey.html"
-  gpg --verify samhain-${pkgver}.tar.gz.asc samhain-${pkgver}.tar.gz
-  tar -zxvf ${pkgname}-${pkgver}.tar.gz
-  cd "${pkgname}-${pkgver}"
-  # see samhain documentation, lots of other options available. e.g. use --enable-network=server to run in server mode.
-  ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc --sbindir=/usr/bin --disable-asm
+  local CONFIGURE_OPTS=(
+    --prefix=/usr
+    --sbindir=/usr/bin
+    --libexecdir=/usr/lib
+    --localstatedir=/var
+    --sysconfdir=/etc
+  )
+
+  # samhain-standalone
+  cd "samhain-standalone-$pkgver"
+  ./configure \
+    "${CONFIGURE_OPTS[@]}" \
+    --with-pid-file=/run/samhain/samhain.pid
+  make
+
+  # samhain-client
+  cd "$srcdir/samhain-client-$pkgver"
+  ./configure \
+    "${CONFIGURE_OPTS[@]}" \
+    --with-pid-file=/run/samhain/samhain.pid \
+    --enable-network=client
   make
+
+  # samhain-server
+  cd "$srcdir/samhain-server-$pkgver"
+  ./configure \
+    "${CONFIGURE_OPTS[@]}" \
+    --with-pid-file=/run/yule/yule.pid \
+    --enable-network=server
+  make
+}
+
+package_samhain-standalone() {
+  pkgdesc+=" (standalone)"
+  conflicts=('samhain-client')
+  backup=('etc/samhainrc')
+
+  # systemd integration
+  install -vDm644 client-sysusers.conf "$pkgdir/usr/lib/sysusers.d/$pkgname.conf"
+  install -vDm644 client-tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf"
+  install -vDm644 samhain.service -t "$pkgdir/usr/lib/systemd/system"
+
+  cd "$pkgname-$pkgver"
+  make DESTDIR="$pkgdir" install
+
+  # remove unnecessary directories
+  rm -rf "$pkgdir/"{var,run}
 }
 
-package() {
-  cd "${pkgname}-${pkgver}"
-  make DESTDIR="$pkgdir/" install
-  chmod 755 ${pkgdir}/usr/bin/samhain
-  chmod 644 ${pkgdir}/etc/samhainrc
-  install -m755 -d "${pkgdir}/usr/lib/systemd/system"
-  install -m644 "${srcdir}/samhain.service" "${pkgdir}/usr/lib/systemd/system/samhain.service"
-  rmdir ${pkgdir}/run
-  rmdir ${pkgdir}/var/log
+package_samhain-client() {
+  pkgdesc+=" (client)"
+  conflicts=('samhain-standalone')
+  backup=('etc/samhainrc')
+
+  # systemd integration
+  install -vDm644 client-sysusers.conf "$pkgdir/usr/lib/sysusers.d/$pkgname.conf"
+  install -vDm644 client-tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf"
+  install -vDm644 samhain.service -t "$pkgdir/usr/lib/systemd/system"
+
+  cd "$pkgname-$pkgver"
+  make DESTDIR="$pkgdir" install
+
+  # remove unnecessary directories
+  rm -rf "$pkgdir/"{var,run}
+}
+
+package_samhain-server() {
+  pkgdesc+=" (server)"
+  optdepends=('perl: for signing scripts')
+  backup=('etc/yulerc')
+
+  # systemd integration
+  install -vDm644 server-sysusers.conf "$pkgdir/usr/lib/sysusers.d/$pkgname.conf"
+  install -vDm644 server-tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf"
+  install -vDm644 yule.service -t "$pkgdir/usr/lib/systemd/system"
+
+  cd "$pkgname-$pkgver"
+  make DESTDIR="$pkgdir" install
+
+  # fix incorrect permissions
+  chown root:root "$pkgdir/etc/yulerc"
+
+  # remove unnecessary directories
+  rm -rf "$pkgdir/"{var,run}
 }
diff --git a/client-sysusers.conf b/client-sysusers.conf
new file mode 100644
index 000000000000..c50c38b8e1bb
--- /dev/null
+++ b/client-sysusers.conf
@@ -0,0 +1 @@
+u samhain - "Samhain client user" /var/lib/samhain
diff --git a/client-tmpfiles.conf b/client-tmpfiles.conf
new file mode 100644
index 000000000000..892223ff6f6f
--- /dev/null
+++ b/client-tmpfiles.conf
@@ -0,0 +1,3 @@
+d /var/lib/samhain 0750 samhain samhain
+d /run/samhain 0750 samhain samhain
+f /var/log/samhain_log 0750 samhain samhain
diff --git a/samhain.install b/samhain.install
index 6c08e223f66e..acacdd7a90df 100644
--- a/samhain.install
+++ b/samhain.install
@@ -1,6 +1,9 @@
 post_install() {
-  echo "NOTE: samhain works by comparing the present state of the filesystem agains a"
-  echo "baseline database. If this is the first time that you are using samhain you"
-  echo "will need to perform the initialization (i.e. create the baseline database)"
-  echo "type the following command: samhain -t init"
+  cat <<EOF
+
+Samhain requires extensive setup before it can operate properly.
+
+Reference: https://www.la-samhna.de/samhain/manual/
+
+EOF
 }
diff --git a/samhain.service b/samhain.service
deleted file mode 100644
index 711b987726e0..000000000000
--- a/samhain.service
+++ /dev/null
@@ -1,10 +0,0 @@
-[Unit]
-Description=Samhain HIDS
-
-[Service]
-Type=forking
-ExecStart=/usr/bin/samhain start
-ExecStop=/usr/bin/samhain stop
-
-[Install]
-WantedBy=multi-user.target
diff --git a/server-sysusers.conf b/server-sysusers.conf
new file mode 100644
index 000000000000..b2a66e8d82b4
--- /dev/null
+++ b/server-sysusers.conf
@@ -0,0 +1 @@
+u yule - "Samhain server user" /var/lib/yule
diff --git a/server-tmpfiles.conf b/server-tmpfiles.conf
new file mode 100644
index 000000000000..39d2b20d6471
--- /dev/null
+++ b/server-tmpfiles.conf
@@ -0,0 +1,3 @@
+d /var/lib/yule 0750 yule yule
+d /run/yule 0750 yule yule
+f /var/log/yule_log 0750 yule yule
author	George Rawlinson	2021-07-06 05:00:44 +0000
committer	George Rawlinson	2021-07-06 05:00:44 +0000
commit	495c8dfb0a0d4f15b3266244d0ce24120ad011ea (patch)
tree	d939205e1c5734ecc31a490a901f9522f411d2ec
parent	3e0e80c561bacaf92b3e50f3e065c46a62a549bc (diff)
download	aur-495c8dfb0a0d4f15b3266244d0ce24120ad011ea.tar.gz