source: trunk/samhain.spec.in@ 551

Last change on this file since 551 was 548, checked in by katerina, 6 years ago

Update for ticket #439 (systemd support).

File size: 9.1 KB
RevLine 
[1]1#
2# Accepted parameters for 'rpmbuild':
3#
4# --with tests - make tests before building
5
6Summary: File integrity and host-based IDS
7Name: @install_name@
8Version: @VERSION@
9Release: 1
10License: GPL
11Group: System Environment/Base
12Source: samhain-%{version}.tar.gz
13BuildRoot: %{_tmppath}/samhain-%{version}-root
14Packager: Andre Oliveira da Costa <brblueser@uol.com.br>
15Provides: %{name}
[532]16%if 0%{?suse_version}
17Requires(pre): shadow
18%else
[415]19Requires(pre): shadow-utils
[532]20%endif
[1]21
[170]22# dummy (fix configure warning)
23# datarootdir = @datarootdir@
24
[1]25# no quotes here - aparently will be expanded literally
26
[415]27%define password %(echo $PASSWORD)
28
[1]29%define withpwd_prg x@clmytclient@
30%define withstg_prg x@stegin_prg@
31
32# disable automatic stripping of binaries upon installation
33%define __spec_install_post %{nil}
34# required because DeadRat wants to package some debug info otherwise
35# (this debug info would be created by debug_install_post called
36# from spec_install_post)
37%define debug_package %{nil}
38# Use internal dependency generator rather than external helpers?
39%define _use_internal_dependency_generator 0
40
41%description
42@install_name@ is an open source file integrity and host-based intrusion
43detection system for Linux and Unix. It can run as a daemon process, and
44and thus can remember file changes -- contrary to a tool that runs from
45cron, if a file is modified you will get only one report, while
46subsequent checks of that file will ignore the modification as it is
47already reported (unless the file is modified again).
48
49@install_name@ can optionally be used as client/server system to provide
50centralized monitoring for multiple host. Logging to a (MySQL or
51PostgreSQL) database is supported.
52
53NOTE: for security reasons, if you distribute binary executables to
54third parties you should point out the use of the --add-key option to
55modify the key material within the executable.
56This spec file is intended to facilitate installation on YOUR system.
57If you use this spec file to build a SRPM for distribution to third parties,
58make sure to remove the --enable-base configure option below.
59
60%prep
61%setup -q -n samhain-%{version}
62
63%build
64%if %{?_with_tests:1}%{!?_with_tests:0}
65# test installation (test #7 is only included if --with gpg has been
66# specified)
67for i in `seq 6` %{?_with_gpg:7}; do ./test/test.sh $i; done
68%endif
69#
70# configure with the user-supplied arguments to './configure'
71#
72./configure @mydefargs@
73make
[415]74%if "%{withpwd_prg}" == "xDSH_WITH_CLIENT"
[547]75%if "%{password}" != ""
[415]76 ./samhain_setpwd samhain new %{password}
77 mv samhain samhain.old
78 mv samhain.new samhain
79%endif
80%endif
[1]81
[415]82
[1]83%install
84rm -rf ${RPM_BUILD_ROOT}
85# sstrip shouldn't be used since binaries will be stripped later
86## cat << EOF > sstrip
87## #!/bin/sh
88## echo "*** SSTRIP DISABLED ***"
89## EOF
90make DESTDIR=${RPM_BUILD_ROOT} install
91# copy script files to /var/lib/samhain so that we can use them right
92# after the package is installed
93#
[548]94install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB init/samhain.startSystemd ${RPM_BUILD_ROOT}@mydataroot@
[1]95#
96# file list (helpful advice from Lars Kellogg-Stedman)
97#
98echo "@sbindir@/@install_name@" > sh_file_list
99find %{buildroot}/lib/modules \! -type d -print | \
100 sed 's,%{buildroot},,' >> sh_file_list
101
102%clean
103rm -rf ${RPM_BUILD_ROOT}
104
[415]105%pre
106if test "x@install_name@" = "xyule"
107then
108 getent group samhain >/dev/null || groupadd -r samhain
109 getent passwd yule >/dev/null || \
110 useradd -r -g samhain -d @mydataroot@ -s /sbin/nologin \
111 -c "samhain server daemon" yule
112
113fi
114exit 0
115
[1]116%post
117if [ "$1" -ge 1 ]; then
118 # Activate boot-time start up
119 cd @mydataroot@
[390]120 /bin/sh ./samhain-install.sh --verbose install-boot
[1]121 rm -f ./samhain.startLSB
122 rm -f ./samhain.startLinux
[548]123 rm -f ./samhain.startSystemd
[1]124 if [ -f @sbindir@/@install_name@_stealth ]; then
125 rm -f samhain-install.sh
126 fi
127 shkeep=yes
128 if test x"$shkeep" = xno; then
129 rm -f ./samhain-install.sh
130 rm -f @sbindir@/@install_name@_stealth
131 fi
132fi
133if [ "$1" = 1 ]; then
134 if test -f /usr/lib/lsb/install_initd; then
135 /usr/lib/lsb/install_initd /etc/init.d/@install_name@
136 fi
137fi
138
139%if "%{name}" != "yule"
140cat << EOF
141
142Samhain is installed but is NOT running yet, and the database of
143file signatures is NOT initialized yet. Read the documentation,
144review configuration files, and then (i) initialize it
145(@sbindir@/samhain -t init)
146and (ii) start it manually
147(@sbindir@/samhain start).
148
149It is configured to start automatically on the next boot for runlevels
150[2-5].
151
152EOF
153%endif
154%if "%{name}" == "yule"
155cat << EOF
156
157Yule is installed but is NOT running yet, read the documentation,
158review configuration files, and then start it
159(@sbindir@/yule)
160
161It is configured to start automatically on the next boot for runlevels
162[2-5].
163
164EOF
165%endif
166
167%preun
168# stop running instance of samhain, if any
169if [ -f @mylockdir@/%{name}.pid ]; then
170 @sbindir@/@install_name@ stop
171fi
172if [ "$1" = 0 ]; then
173 # remove boot-time scripts and links
174 cd @mydataroot@
175 if [ -f ./samhain-install.sh ]; then
[390]176 /bin/sh ./samhain-install.sh --verbose uninstall-boot
[1]177 else
178 if test -f /usr/lib/lsb/remove_initd; then
179 /usr/lib/lsb/remove_initd /etc/init.d/@install_name@
180 fi
181 rm -f /etc/init.d/@install_name@
182 fi
183fi
184
185
186
187%files -f sh_file_list
188%defattr(-,root,root)
[547]189%if "@mylockdir@" != "/run" || "@mylockdir@" != "/var/run"
190 %dir @mylockdir@
191%endif
192%if "@mylogdir@" != "/var/log"
193 %dir @mylogdir@
194%endif
[495]195%doc docs/BUGS COPYING docs/Changelog
[481]196%doc LICENSE docs/FAQ.html docs/HOWTO* docs/MANUAL-2_4.* docs/README*
[1]197@mydataroot@
198%if "%{withstg_prg}" == "xsamhain_stealth"
199 @sbindir@/@install_name@_stealth
200%endif
201%if "%{withpwd_prg}" == "xDSH_WITH_CLIENT"
202 @sbindir@/@install_name@_setpwd
203%endif
204%if "%{withpwd_prg}" == "xDSH_WITH_SERVER"
205 @sbindir@/@install_name@ctl
[532]206 @sbindir@/@install_name@admin.pl
[1]207 %exclude @sbindir@/@install_name@_setpwd
208%endif
209%attr(644,root,root) @mandir@/man5/@install_name@*
210%attr(644,root,root) @mandir@/man8/@install_name@*
[412]211%attr(644,root,root) /etc/logrotate.d/@install_name@
[415]212%if "%{name}" == "yule"
213%attr(750,root,samhain) @mydataroot@
214%attr(750,yule,samhain) @mylogdir@
215%endif
[1]216%config(noreplace) @myrpmconffile@
217
218%changelog
[547]219* Wed May 01 2019 Rainer Wichmann
220- remove obsolete part fpr sh_lkm
221- add fixes by Franky Van L. (password, directory ownership)
222
[532]223* Mon Dec 18 2017 Rainer Wichmann
224- patch for SLES12 by Pirmin
225- fix missing yuleadmin.pl file
226
[415]227* Tue Oct 23 2012 Rainer Wichmann
228- fixes for yule installation
229
[34]230* Tue May 16 2006 Rainer Wichmann
231- fix manual version, noticed by Imre Gergely
232
[1]233* Tue Apr 05 2005 Rainer Wichmann
234- disable automatic stripping, use sstrip
235
236* Thu Mar 17 2005 Rainer Wichmann
237- fixes for enable-khide
238
239* Wed Oct 20 2004 Rainer Wichmann
240- more fixes for client/server detection
241- fix for samhain_stealth
242
243* Sun Aug 15 2004 Rainer Wichmann
244- fix detection of client/server
245
246* Sat Jun 19 2004 Rainer Wichmann
247- replace ./test.sh $i with make test$i
248- add logic for rpm-light (remove some more files after install)
249- make postun posix compliant (avoid empty argument list for rm -f)
250
251* Wed Dec 31 2003 Stijn Jonker <sjcjonker@sjc.nl>
252- Fixed correctly build of yule-*-rpm
253- Fixed excluding of yule_setpwd, and including of yulectl on yule build
254- Fixed including of samhain_setpwd in samhain client build
255- Above changes required for correct build in newer rpms,
256 with defaults for abort on unpacked files due to
257 %_unpackaged_files_terminate_build 1 setting
258- Fixed installation text for yule, not to display samhain text
259- Added /sbin/chkconfig install_name on to enable the rc scripts
260
261* Thu Dec 11 2003 Christian Vanguers <cva at molis dot be>
262- Fixed typo in samhain.spec
263- Compiled on RedHat Enterprise Linux ES 3
264
265* Thu Mar 26 2003 Rainer Wichmann
266- strip REQ_FROM_SERVER in config file path (%config(noreplace) ...)
267
268* Sun Jan 12 2003 Rainer Wichmann <support at la-samhna dot de>
269- replace %configure with ./configure
270
271* Tue Dec 24 2002 Rainer Wichmann <support at la-samhna dot de>
272- backported applicable changes to samhain.spec.in
273- warn user that database must be initialized
274- fix version of MANUAL in '%files'
275- test for chkconfig, use only if found
276
277* Sun Dec 22 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.7.0
278- fixed typo with _usr macro on ./configure
279- stops running samhain before uninstall
280- implemented conditionals to allow proper uninstalls/upgrades
281- 'BuildPreReq: gpg' is considered only if '--with gpg' is provided
282- run 'chkconfig' to activate samhain after installation
283- warn user that samhain must be manually started after
284 install/upgrade
285
286* Fri Dec 20 2002 Rainer Wichmann <support at la-samhna dot de>
287- backported to samhain.spec.in (take over user's choices from configure)
288- also save samhain.startLSB and samhain.startSuSE for install-boot
289
290* Thu Dec 19 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
291- optional parameters '--with gpg' and '--with tests'
292- use of pre-defined macros whenever possible
293
294* Wed Dec 18 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
295- Fixed installation process, avoiding hardcoded paths on the binaries
296 (thks to samhain's author Rainer Wichmann)
297
298* Mon Dec 16 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
299- First attempt to build from sources
300
Note: See TracBrowser for help on using the repository browser.