source: trunk/samhain.spec.in@ 544

Last change on this file since 544 was 532, checked in by katerina, 7 years ago

Fix for ticket #426 (SLES12 spec file). Also fixes yule RPM and RPMTOPDIR detection.

File size: 8.9 KB
RevLine 
[1]1#
2# Accepted parameters for 'rpmbuild':
3#
4# --with tests - make tests before building
5
6Summary: File integrity and host-based IDS
7Name: @install_name@
8Version: @VERSION@
9Release: 1
10License: GPL
11Group: System Environment/Base
12Source: samhain-%{version}.tar.gz
13BuildRoot: %{_tmppath}/samhain-%{version}-root
14Packager: Andre Oliveira da Costa <brblueser@uol.com.br>
15Provides: %{name}
[532]16%if 0%{?suse_version}
17Requires(pre): shadow
18%else
[415]19Requires(pre): shadow-utils
[532]20%endif
[1]21
[170]22# dummy (fix configure warning)
23# datarootdir = @datarootdir@
24
[1]25# no quotes here - aparently will be expanded literally
26
[415]27%define password %(echo $PASSWORD)
28
[1]29%define withpwd_prg x@clmytclient@
30%define withstg_prg x@stegin_prg@
31
32# disable automatic stripping of binaries upon installation
33%define __spec_install_post %{nil}
34# required because DeadRat wants to package some debug info otherwise
35# (this debug info would be created by debug_install_post called
36# from spec_install_post)
37%define debug_package %{nil}
38# Use internal dependency generator rather than external helpers?
39%define _use_internal_dependency_generator 0
40
41%description
42@install_name@ is an open source file integrity and host-based intrusion
43detection system for Linux and Unix. It can run as a daemon process, and
44and thus can remember file changes -- contrary to a tool that runs from
45cron, if a file is modified you will get only one report, while
46subsequent checks of that file will ignore the modification as it is
47already reported (unless the file is modified again).
48
49@install_name@ can optionally be used as client/server system to provide
50centralized monitoring for multiple host. Logging to a (MySQL or
51PostgreSQL) database is supported.
52
53NOTE: for security reasons, if you distribute binary executables to
54third parties you should point out the use of the --add-key option to
55modify the key material within the executable.
56This spec file is intended to facilitate installation on YOUR system.
57If you use this spec file to build a SRPM for distribution to third parties,
58make sure to remove the --enable-base configure option below.
59
60%prep
61%setup -q -n samhain-%{version}
62
63%build
64%if %{?_with_tests:1}%{!?_with_tests:0}
65# test installation (test #7 is only included if --with gpg has been
66# specified)
67for i in `seq 6` %{?_with_gpg:7}; do ./test/test.sh $i; done
68%endif
69#
70# configure with the user-supplied arguments to './configure'
71#
72./configure @mydefargs@
73make
[415]74%if "%{withpwd_prg}" == "xDSH_WITH_CLIENT"
[418]75%if 0%{?password}
[415]76 ./samhain_setpwd samhain new %{password}
77 mv samhain samhain.old
78 mv samhain.new samhain
79%endif
80%endif
[1]81
[415]82
[1]83%install
84rm -rf ${RPM_BUILD_ROOT}
85# sstrip shouldn't be used since binaries will be stripped later
86## cat << EOF > sstrip
87## #!/bin/sh
88## echo "*** SSTRIP DISABLED ***"
89## EOF
90make DESTDIR=${RPM_BUILD_ROOT} install
91# copy script files to /var/lib/samhain so that we can use them right
92# after the package is installed
93#
94install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB ${RPM_BUILD_ROOT}@mydataroot@
95#
96# file list (helpful advice from Lars Kellogg-Stedman)
97#
98echo "@sbindir@/@install_name@" > sh_file_list
99find %{buildroot}/lib/modules \! -type d -print | \
100 sed 's,%{buildroot},,' >> sh_file_list
101
102%clean
103rm -rf ${RPM_BUILD_ROOT}
104
[415]105%pre
106if test "x@install_name@" = "xyule"
107then
108 getent group samhain >/dev/null || groupadd -r samhain
109 getent passwd yule >/dev/null || \
110 useradd -r -g samhain -d @mydataroot@ -s /sbin/nologin \
111 -c "samhain server daemon" yule
112
113fi
114exit 0
115
[1]116%post
117if test "x@sh_lkm@" = x; then
118 :
119else
120 if test -f /sbin/depmod; then
121 /sbin/depmod -a
122 fi
123fi
124if [ "$1" -ge 1 ]; then
125 # Activate boot-time start up
126 cd @mydataroot@
[390]127 /bin/sh ./samhain-install.sh --verbose install-boot
[1]128 rm -f ./samhain.startLSB
129 rm -f ./samhain.startLinux
130 if [ -f @sbindir@/@install_name@_stealth ]; then
131 rm -f samhain-install.sh
132 fi
133 shkeep=yes
134 if test x"$shkeep" = xno; then
135 rm -f ./samhain-install.sh
136 rm -f @sbindir@/@install_name@_stealth
137 fi
138fi
139if [ "$1" = 1 ]; then
140 if test -f /usr/lib/lsb/install_initd; then
141 /usr/lib/lsb/install_initd /etc/init.d/@install_name@
142 fi
143fi
144
145%if "%{name}" != "yule"
146cat << EOF
147
148Samhain is installed but is NOT running yet, and the database of
149file signatures is NOT initialized yet. Read the documentation,
150review configuration files, and then (i) initialize it
151(@sbindir@/samhain -t init)
152and (ii) start it manually
153(@sbindir@/samhain start).
154
155It is configured to start automatically on the next boot for runlevels
156[2-5].
157
158EOF
159%endif
160%if "%{name}" == "yule"
161cat << EOF
162
163Yule is installed but is NOT running yet, read the documentation,
164review configuration files, and then start it
165(@sbindir@/yule)
166
167It is configured to start automatically on the next boot for runlevels
168[2-5].
169
170EOF
171%endif
172
173%preun
174# stop running instance of samhain, if any
175if [ -f @mylockdir@/%{name}.pid ]; then
176 @sbindir@/@install_name@ stop
177fi
178if [ "$1" = 0 ]; then
179 # remove boot-time scripts and links
180 cd @mydataroot@
181 if [ -f ./samhain-install.sh ]; then
[390]182 /bin/sh ./samhain-install.sh --verbose uninstall-boot
[1]183 else
184 if test -f /usr/lib/lsb/remove_initd; then
185 /usr/lib/lsb/remove_initd /etc/init.d/@install_name@
186 fi
187 rm -f /etc/init.d/@install_name@
188 fi
189fi
190
191
192
193%files -f sh_file_list
194%defattr(-,root,root)
195%dir @mylockdir@
196%dir @mylogdir@
[495]197%doc docs/BUGS COPYING docs/Changelog
[481]198%doc LICENSE docs/FAQ.html docs/HOWTO* docs/MANUAL-2_4.* docs/README*
[1]199@mydataroot@
200%if "%{withstg_prg}" == "xsamhain_stealth"
201 @sbindir@/@install_name@_stealth
202%endif
203%if "%{withpwd_prg}" == "xDSH_WITH_CLIENT"
204 @sbindir@/@install_name@_setpwd
205%endif
206%if "%{withpwd_prg}" == "xDSH_WITH_SERVER"
207 @sbindir@/@install_name@ctl
[532]208 @sbindir@/@install_name@admin.pl
[1]209 %exclude @sbindir@/@install_name@_setpwd
210%endif
211%attr(644,root,root) @mandir@/man5/@install_name@*
212%attr(644,root,root) @mandir@/man8/@install_name@*
[412]213%attr(644,root,root) /etc/logrotate.d/@install_name@
[415]214%if "%{name}" == "yule"
215%attr(750,root,samhain) @mydataroot@
216%attr(750,yule,samhain) @mylogdir@
217%endif
[1]218%config(noreplace) @myrpmconffile@
219
220%changelog
[532]221* Mon Dec 18 2017 Rainer Wichmann
222- patch for SLES12 by Pirmin
223- fix missing yuleadmin.pl file
224
[415]225* Tue Oct 23 2012 Rainer Wichmann
226- fixes for yule installation
227
[34]228* Tue May 16 2006 Rainer Wichmann
229- fix manual version, noticed by Imre Gergely
230
[1]231* Tue Apr 05 2005 Rainer Wichmann
232- disable automatic stripping, use sstrip
233
234* Thu Mar 17 2005 Rainer Wichmann
235- fixes for enable-khide
236
237* Wed Oct 20 2004 Rainer Wichmann
238- more fixes for client/server detection
239- fix for samhain_stealth
240
241* Sun Aug 15 2004 Rainer Wichmann
242- fix detection of client/server
243
244* Sat Jun 19 2004 Rainer Wichmann
245- replace ./test.sh $i with make test$i
246- add logic for rpm-light (remove some more files after install)
247- make postun posix compliant (avoid empty argument list for rm -f)
248
249* Wed Dec 31 2003 Stijn Jonker <sjcjonker@sjc.nl>
250- Fixed correctly build of yule-*-rpm
251- Fixed excluding of yule_setpwd, and including of yulectl on yule build
252- Fixed including of samhain_setpwd in samhain client build
253- Above changes required for correct build in newer rpms,
254 with defaults for abort on unpacked files due to
255 %_unpackaged_files_terminate_build 1 setting
256- Fixed installation text for yule, not to display samhain text
257- Added /sbin/chkconfig install_name on to enable the rc scripts
258
259* Thu Dec 11 2003 Christian Vanguers <cva at molis dot be>
260- Fixed typo in samhain.spec
261- Compiled on RedHat Enterprise Linux ES 3
262
263* Thu Mar 26 2003 Rainer Wichmann
264- strip REQ_FROM_SERVER in config file path (%config(noreplace) ...)
265
266* Sun Jan 12 2003 Rainer Wichmann <support at la-samhna dot de>
267- replace %configure with ./configure
268
269* Tue Dec 24 2002 Rainer Wichmann <support at la-samhna dot de>
270- backported applicable changes to samhain.spec.in
271- warn user that database must be initialized
272- fix version of MANUAL in '%files'
273- test for chkconfig, use only if found
274
275* Sun Dec 22 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.7.0
276- fixed typo with _usr macro on ./configure
277- stops running samhain before uninstall
278- implemented conditionals to allow proper uninstalls/upgrades
279- 'BuildPreReq: gpg' is considered only if '--with gpg' is provided
280- run 'chkconfig' to activate samhain after installation
281- warn user that samhain must be manually started after
282 install/upgrade
283
284* Fri Dec 20 2002 Rainer Wichmann <support at la-samhna dot de>
285- backported to samhain.spec.in (take over user's choices from configure)
286- also save samhain.startLSB and samhain.startSuSE for install-boot
287
288* Thu Dec 19 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
289- optional parameters '--with gpg' and '--with tests'
290- use of pre-defined macros whenever possible
291
292* Wed Dec 18 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
293- Fixed installation process, avoiding hardcoded paths on the binaries
294 (thks to samhain's author Rainer Wichmann)
295
296* Mon Dec 16 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
297- First attempt to build from sources
298
Note: See TracBrowser for help on using the repository browser.