diff options
author | George Rawlinson | 2021-07-06 05:00:44 +0000 |
---|---|---|
committer | George Rawlinson | 2021-07-06 05:00:44 +0000 |
commit | 495c8dfb0a0d4f15b3266244d0ce24120ad011ea (patch) | |
tree | d939205e1c5734ecc31a490a901f9522f411d2ec /PKGBUILD | |
parent | 3e0e80c561bacaf92b3e50f3e065c46a62a549bc (diff) | |
download | aur-495c8dfb0a0d4f15b3266244d0ce24120ad011ea.tar.gz |
upgpkg: samhain 4.4.5-1
* New upstream release
* Split package now provides samhain-{standalone,client,server}
* Proper systemd integration
Diffstat (limited to 'PKGBUILD')
-rw-r--r-- | PKGBUILD | 153 |
1 files changed, 127 insertions, 26 deletions
@@ -1,37 +1,138 @@ -# Maintainer: Deon Spengler <deon at spengler dot co dot za> +# Maintainer: George Rawlinson <grawlinson@archlinux.org> +# Contributor: Deon Spengler <deon at spengler dot co dot za> # Contributor: Luke R. <g4jc@bulletmail.org> GPG: c25519/D85D2F527B0 -pkgname=samhain -pkgver=4.4.2 +pkgbase=samhain +pkgname=( + 'samhain-standalone' + 'samhain-client' + 'samhain-server' +) +pkgver=4.4.5 pkgrel=1 -pkgdesc="file integrity / intrusion detection system" -arch=(x86_64) -url="http://www.la-samhna.de/" +pkgdesc="Host Integrity Monitoring System" +arch=('x86_64') +url="https://www.la-samhna.de/samhain/index.html" license=('GPL') install=samhain.install -source=("http://www.la-samhna.de/samhain/${pkgname}-current.tar.gz" - "samhain.service") -sha256sums=('2bb2750b32646be32517d0b2259402559c72b96979800f6c33774fcdea327fff' - '7e53bee6bb9ba15db6e741ed3520491c747e57bb58ffc0da6c5d7e235ac720c9') -validpgpkeys=('EF6CEF54701A0AFDB86AF4C31AAD26C80F571F6C') # Rainer Wichmann +depends=('audit' 'acl' 'zlib' 'systemd' 'procps-ng') +source=("https://www.la-samhna.de/archive/samhain_signed-$pkgver.tar.gz" + 'client-sysusers.conf' + 'client-tmpfiles.conf' + 'server-sysusers.conf' + 'server-tmpfiles.conf') +b2sums=('3b44cdcafb2bb1b0bad8b8748f030fb4a0689346f616b176cf0ddee6514b1596c89e6da8c1f185da8d1ac556726aa922bed0144d125af2b237b710b5706bd1ea' + 'd326dc086b296ec7c18ce186da608b11109e03d9e9e7b475485b3c8eb06e4f7be36d9e716449cdca90e324631600e100aed57dca35626c126eb9caa3a5a36a4b' + '35e2cdc7e3adee3f7453dd0e831c9f45221682ebe1c5ec3b29a5312622908bdc66e1b2efa0921a3e573c54f79c9862b81fa5c715962452b4c34efe6ffcf2254a' + '21abdadbda821db8b071904b6a3f0a2ff552ea8c0c3d038d6e9af101fce055b2194d733d3b9aa6879880cf11dc590911741dcfa21ec46e83c1ca28641865cefc' + '230651be72bb86979ce3a02d75e4e10025e90b0e20fd1f37df0005e0c2a559fedbb7afcb1e34728de9ce1a29b29c46e8f0b89d9e5bf3accc3b3e0fd639219b97') + +prepare() { + # ensure each package has a copy of the source + for package in ${pkgname[@]}; do + mkdir "$package-$pkgver" + # upstream has an archive inside an archive + bsdtar \ + --extract \ + --strip-components 1 \ + --directory "$package-$pkgver" \ + --file "$pkgbase-$pkgver.tar.gz" + done + + # generate systemd service from template + for service in samhain yule; do + sed \ + -e "s:@install_name@:$service:" \ + -e "s:@mylockfile@:/run/$service/$service.pid:" \ + -e "s:@sbindir@:/usr/bin:" \ + "samhain-standalone-$pkgver/init/samhain.startSystemd.in" \ + > "$srcdir/$service.service" + done +} build() { - echo "Note: If the GPG verification fails, import the Samhain GPG key: http://www.la-samhna.de/samhain/s_rkey.html" - gpg --verify samhain-${pkgver}.tar.gz.asc samhain-${pkgver}.tar.gz - tar -zxvf ${pkgname}-${pkgver}.tar.gz - cd "${pkgname}-${pkgver}" - # see samhain documentation, lots of other options available. e.g. use --enable-network=server to run in server mode. - ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc --sbindir=/usr/bin --disable-asm + local CONFIGURE_OPTS=( + --prefix=/usr + --sbindir=/usr/bin + --libexecdir=/usr/lib + --localstatedir=/var + --sysconfdir=/etc + ) + + # samhain-standalone + cd "samhain-standalone-$pkgver" + ./configure \ + "${CONFIGURE_OPTS[@]}" \ + --with-pid-file=/run/samhain/samhain.pid + make + + # samhain-client + cd "$srcdir/samhain-client-$pkgver" + ./configure \ + "${CONFIGURE_OPTS[@]}" \ + --with-pid-file=/run/samhain/samhain.pid \ + --enable-network=client make + + # samhain-server + cd "$srcdir/samhain-server-$pkgver" + ./configure \ + "${CONFIGURE_OPTS[@]}" \ + --with-pid-file=/run/yule/yule.pid \ + --enable-network=server + make +} + +package_samhain-standalone() { + pkgdesc+=" (standalone)" + conflicts=('samhain-client') + backup=('etc/samhainrc') + + # systemd integration + install -vDm644 client-sysusers.conf "$pkgdir/usr/lib/sysusers.d/$pkgname.conf" + install -vDm644 client-tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf" + install -vDm644 samhain.service -t "$pkgdir/usr/lib/systemd/system" + + cd "$pkgname-$pkgver" + make DESTDIR="$pkgdir" install + + # remove unnecessary directories + rm -rf "$pkgdir/"{var,run} } -package() { - cd "${pkgname}-${pkgver}" - make DESTDIR="$pkgdir/" install - chmod 755 ${pkgdir}/usr/bin/samhain - chmod 644 ${pkgdir}/etc/samhainrc - install -m755 -d "${pkgdir}/usr/lib/systemd/system" - install -m644 "${srcdir}/samhain.service" "${pkgdir}/usr/lib/systemd/system/samhain.service" - rmdir ${pkgdir}/run - rmdir ${pkgdir}/var/log +package_samhain-client() { + pkgdesc+=" (client)" + conflicts=('samhain-standalone') + backup=('etc/samhainrc') + + # systemd integration + install -vDm644 client-sysusers.conf "$pkgdir/usr/lib/sysusers.d/$pkgname.conf" + install -vDm644 client-tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf" + install -vDm644 samhain.service -t "$pkgdir/usr/lib/systemd/system" + + cd "$pkgname-$pkgver" + make DESTDIR="$pkgdir" install + + # remove unnecessary directories + rm -rf "$pkgdir/"{var,run} +} + +package_samhain-server() { + pkgdesc+=" (server)" + optdepends=('perl: for signing scripts') + backup=('etc/yulerc') + + # systemd integration + install -vDm644 server-sysusers.conf "$pkgdir/usr/lib/sysusers.d/$pkgname.conf" + install -vDm644 server-tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf" + install -vDm644 yule.service -t "$pkgdir/usr/lib/systemd/system" + + cd "$pkgname-$pkgver" + make DESTDIR="$pkgdir" install + + # fix incorrect permissions + chown root:root "$pkgdir/etc/yulerc" + + # remove unnecessary directories + rm -rf "$pkgdir/"{var,run} } |