[meta-security][PATCH 8/9] aide: add native support for build time db creation
|
This will help create a aide db during build that is
then installed on the rootfs for verification at boot time. This work was inspired by: Marco Cavallini Yocto Project Ambassador Signed-off-by: Armin Kuster <akuster808@...> --- recipes-ids/aide/aide_0.17.4.bb | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/recipes-ids/aide/aide_0.17.4.bb b/recipes-ids/aide/aide_0.17.4.bb index 87b690d..7ce0729 100644 --- a/recipes-ids/aide/aide_0.17.4.bb +++ b/recipes-ids/aide/aide_0.17.4.bb @@ -10,7 +10,7 @@ SRC_URI = "https://github.com/aide/aide/releases/download/v${PV}/${BPN}-${PV}.ta SRC_URI[sha256sum] = "c81505246f3ffc2e76036d43a77212ae82895b5881d9b9e25c1361b1a9b7a846" -inherit autotools pkgconfig +inherit autotools pkgconfig aide-base PACKAGECONFIG ??=" mhash zlib e2fsattrs posix capabilities curl \ ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)} \ @@ -27,10 +27,31 @@ PACKAGECONFIG[e2fsattrs] = "--with-e2fsattrs, --without-e2fsattrs, e2fsprogs, e2 PACKAGECONFIG[capabilities] = "--with-capabilities, --without-capabilities, libcap, libcap" PACKAGECONFIG[posix] = "--with-posix-acl, --without-posix-acl, acl, acl" + +do_install[nostamp] = "1" + do_install:append () { install -d ${D}${libdir}/${PN}/logs install -d ${D}${sysconfdir} install ${WORKDIR}/aide.conf ${D}${sysconfdir}/ + + for dir in ${AIDE_INCLUDE_DIRS}; do + echo "${dir} NORMAL" >> ${D}${sysconfdir}/aide.conf + done + for dir in ${AIDE_SKIP_DIRS}; do + echo "!${dir}" >> ${D}${sysconfdir}/aide.conf + done +} + +do_install:class-native () { + install -d ${STAGING_AIDE_DIR}/bin + install -d ${STAGING_AIDE_DIR}/lib/logs + + install ${B}/aide ${STAGING_AIDE_DIR}/bin + install ${WORKDIR}/aide.conf ${STAGING_AIDE_DIR}/ + + sed -i -s "s:\@\@define DBDIR.*:\@\@define DBDIR ${STAGING_AIDE_DIR}/lib:" ${STAGING_AIDE_DIR}/aide.conf + sed -i -e "s:\@\@define LOGDIR.*:\@\@define LOGDIR ${STAGING_AIDE_DIR}/lib/logs:" ${STAGING_AIDE_DIR}/aide.conf } CONF_FILE = "${sysconfdir}/aide.conf" @@ -38,7 +59,14 @@ CONF_FILE = "${sysconfdir}/aide.conf" FILES:${PN} += "${libdir}/${PN} ${sysconfdir}/aide.conf" pkg_postinst_ontarget:${PN} () { - /usr/bin/aide -i + if [ ${AIDE_SCAN_POSTINIT} ]; then + ${bindir}/aide -i + fi + if [ ${AIDE_RESCAN_POSTINIT} && -e ${libdir}/aide/aide.db.gz ]; then + ${bindir}/aide -C + fi } RDEPENDS:${PN} = "bison libpcre" + +BBCLASSEXTEND = "native" -- 2.25.1 |
|
|