Commit aaca5fa971 forgot to drop
autoreconf
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Testing buildroot 2021.05 I observed that after first
boot I was having the following folders:
/context:
/system_u:object_r:auditd_log_t
The root of this problem turned to be a difference in the
output of $(selabel_lookup -b file -k /var/log/audit) called
by S02auditd that from this version on looks like:
$ selabel_lookup -b file -k /var/log/audit
Default context: system_u:object_r:auditd_log_t
This patch will cut it to retrieve the type piece only. Unfortunately,
audit has no options to create machine-readable output that is
guaranteed not to change, so that's the best we can do.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This patch replace matchpathcon calls in the auditd init script by
calls to selabel_lookup. Indeed, matchpathcon is now deprecated, and
this causes warning during the boot process.
Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop all upstream patches as they no longer are applicable.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Tested-by: Matthew Weber <matthew.weber@collins.com>
Tested-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch adds CPE ID information for a significant number of
packages.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Added upstream patch for fixing build failure when using GCC10 as a host
compiler (-fno-common is now default).
Fixes:
http://autobuild.buildroot.net/results/c4b/c4bba80e9fc476247c7ba28850831c6a8edd559f/build-end.log
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
All these packages have an upstream-provided service, but buildroot
enabled manually the services in exactly the same way as the [Install]
section.
This is not needed anymore
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr: fix check-package errors]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Backport an upstream patch (which will be part of the next 3.0
release) that provides replacement functions for functions not
implemented in musl. This allows to re-enable audit on musl.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Fix a segfault in auditd when dns resolution isn't available. Additional
changes since 2.8.2 can be seen at
http://people.redhat.com/sgrubb/audit/ChangeLog
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
audit uses syslog(). Rename its init script to S02auditd to ensure that
it will start after syslogd. Otherwise the initial log messages will be
sent to the console (and probably lost, since almost nobody watches the
system console on embedded systems).
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
audispd is installed at /usr/sbin but the configuration file pointed
to /sbin, causing auditd to fail on startup.
This patch cannot be sent upstream because audispd does not exist
anymore on the master branch (it was merged to auditd).
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The package recipe uses a post-install hook to remove useless files from
$(TARGET_DIR)/etc/rc.d/init.d and $(TARGET_DIR)/etc/sysconfig. This may
damage packages that install useful files on those directories (such as
netplug, which installs $(TARGET_DIR)/etc/rc.d/init.d/netplugd).
In the future[1] we will reorganize the init scripts and possibly get
rid of /etc/rc.d and /etc/sysconfig but for the moment let's restrict
the file removal to those installed by audit.
1. http://lists.busybox.net/pipermail/buildroot/2018-May/221549.html
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Commit d1011f89a1 (audit: update legal info) set the libraries license
to "unclear" because of GPL license text in a few libraries source
files. Upstream audit package commit 239765162fa494 (Correct the
licensing description in lib/ and auparse/ to be LGPL as was always
intended) clarified the license in these files.
Add license files hashes.
Cc: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Cc: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
We want to use SPDX identifier for license strings as much as possible.
SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+.
This change is done by using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Based on commit c17af71d2c (package/audit: not available for musl) add a
comment that explains why audit is disabled for musl.
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Programs are released under GPLv2+. README file says libraries
libaudit.* and libauparse.* are released under LGPL but there are two
files auparse/strsplit.c and lib/strsplit.c which are released under
GPLv2+ which makes both libraries GPL. Until we review situation with
upstream, we simply mention "unclear (libraries)".
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
[Thomas: add "unclear (libraries)" as suggested by Arnout.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Commit upstream 51925b7dd6d0("package/audit: Bump to version 2.6.5")
removed patch 0002 as part of version bump. But forgot to disable
autoreconf.
Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
host-libsemanage requires host-audit to compile, therefore this patch
adds a host variant for the audit package.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[Thomas: remove libcap-ng usage for now, rework commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
- Removed 0001-lib-gen_tables.c-define-EHWPOISON-when-not-available.patch
as this was applied upstream.
- Removed 0002-Fix-usage-of-audit_status.feature_bitmap.patch as this was
applied upstream.
Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Following the removal of eglibc support, this commit replaces all
occurences of "(e)glibc" by just "glibc". Most of the occurences are in
package Config.in comments.
In addition, when the form "an (e)glibc ..." was used, it is replaced by
"a glibc ...".
[Peter: add new efi* packages, s/uclibc/uClibc as suggested by Romain,
systemd / liquid-dsp tweaks as suggested by Yann]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
install -D creates the folder, so we don't need the mkdir command
Signed-off-by: Nathaniel Roach <nroach44@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The main .service file is installed by audit.
We are using tmpfiles mechanisms to create the log directory, which
would not exists otherwise since /var/log points to /tmp
[Thomas: add explicit --disable-systemd when systemd is not used.]
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Remove patch as it was merged in this release:
https://fedorahosted.org/audit/changeset/1117
[Thomas: remove autoreconf, no longer needed.]
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
'echo -n' is not a POSIX construct (no flag support), we shoud use
'printf', especially in init script.
This patch was generated by the following command line:
git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/'
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The recommended form is without the trailing slash, and will become
mandatory in a coming commit.
This avoids the need for the $$($(2)_SITE:/=) magic in package/pkg-generic.mk
to avoid double slashes in download URLs, like
"https://mosh.mit.edu//mosh-1.2.5.tar.gz".
^^
Note: this work has already been done in b0b9606530 a few
months ago and earlier in c7f4b96471 and 4a9eb20de8,
but no check has been added at that time to avoid new slashes to slip
in, and so they did. This time a patch will follow immediately to
prevent future mistakes from being unnoticed.
Mass-replaced with the following command:
git grep -l '_SITE.*/$' | xargs sed -i '/_SITE.*=/s|/$||'
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
audit uses strndupa() which is missing from musl.
Even though the implementation of strndupa is not too complex, we won't
go as far as duplicating it in audit, and we just disable audit for the
musl C library.
Fixes;
http://autobuild.buildroot.org/results/e22/e22a70f9ff14bc52f642a6135da44c14e41b6cbb/http://autobuild.buildroot.org/results/233/2333c9b3d8f81b15602263b918d422e440f09d60/
...
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Ryan Barnett <rjbarnet@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
audit uses -fPIE/-pie, which is not compatible with static only builds
with uClibc. Since using audit in a statically linked environment is
probably not a very common use case, let's simply mark it as
non-available in such situations.
Fixes:
http://autobuild.buildroot.net/results/549492270f3f43747a96a8326aef1d7ae1d3b213/
Thanks to Waldemar for explaining the source of the problem.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
With the version bump to 2.4.3, python3 support was added for
libaudit. With host machines that have python3 installed, this will
cause build issues such as:
make[5]: Entering directory `/tmp/ryan/buildroot/output/build/audit-2.4.3/bindings/swig/python3'
swig -o audit_wrap.c -python -py3 -modern -I. -I../../.. -I../../../lib -I/usr/include/python3.4m -I/usr/include/python3.4m ./../src/auditswig.i
make[5]: swig: Command not found
Solution is to disable python3 support such as we do with python2.7.
Signed-off-by: Ryan Barnett <ryan.barnett@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bumping from version 2.4.1 to 2.4.3 to drop patches that have been
picked up by the mainline.
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The startup script for the audit package did not meet the buildroot
standards when the package was initially merged. Adding a compliant
startup script for starting the audit daemon along with rotating the
logs and other features.
[Thomas:
- Replace "Failed" by "FAIL" to be consistent with the rest of the
init script and other packages
- Use $(INSTALL) -D with a complete destination path to avoid having
to create /etc/init.d before installing the init script.]
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
After working with the audit maintainers to get patches accepted, the
following one had to be reworked to meet their standards. This patch
will be included in the next version of audit.
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>