source: trunk/samhain.spec.in@ 408

Last change on this file since 408 was 390, checked in by katerina, 13 years ago

Fix for ticket #287 (samhain-install.sh in /var which might be mounted noexec).

File size: 8.3 KB
Line 
1#
2# Accepted parameters for 'rpmbuild':
3#
4# --with tests - make tests before building
5
6Summary: File integrity and host-based IDS
7Name: @install_name@
8Version: @VERSION@
9Release: 1
10License: GPL
11Group: System Environment/Base
12Source: samhain-%{version}.tar.gz
13BuildRoot: %{_tmppath}/samhain-%{version}-root
14Packager: Andre Oliveira da Costa <brblueser@uol.com.br>
15Provides: %{name}
16
17# dummy (fix configure warning)
18# datarootdir = @datarootdir@
19
20# no quotes here - aparently will be expanded literally
21
22%define withpwd_prg x@clmytclient@
23%define withstg_prg x@stegin_prg@
24
25# disable automatic stripping of binaries upon installation
26%define __spec_install_post %{nil}
27# required because DeadRat wants to package some debug info otherwise
28# (this debug info would be created by debug_install_post called
29# from spec_install_post)
30%define debug_package %{nil}
31# Use internal dependency generator rather than external helpers?
32%define _use_internal_dependency_generator 0
33
34%description
35@install_name@ is an open source file integrity and host-based intrusion
36detection system for Linux and Unix. It can run as a daemon process, and
37and thus can remember file changes -- contrary to a tool that runs from
38cron, if a file is modified you will get only one report, while
39subsequent checks of that file will ignore the modification as it is
40already reported (unless the file is modified again).
41
42@install_name@ can optionally be used as client/server system to provide
43centralized monitoring for multiple host. Logging to a (MySQL or
44PostgreSQL) database is supported.
45
46NOTE: for security reasons, if you distribute binary executables to
47third parties you should point out the use of the --add-key option to
48modify the key material within the executable.
49This spec file is intended to facilitate installation on YOUR system.
50If you use this spec file to build a SRPM for distribution to third parties,
51make sure to remove the --enable-base configure option below.
52
53%prep
54%setup -q -n samhain-%{version}
55
56%build
57%if %{?_with_tests:1}%{!?_with_tests:0}
58# test installation (test #7 is only included if --with gpg has been
59# specified)
60for i in `seq 6` %{?_with_gpg:7}; do ./test/test.sh $i; done
61%endif
62#
63# configure with the user-supplied arguments to './configure'
64#
65./configure @mydefargs@
66make
67
68%install
69
70rm -rf ${RPM_BUILD_ROOT}
71# sstrip shouldn't be used since binaries will be stripped later
72## cat << EOF > sstrip
73## #!/bin/sh
74## echo "*** SSTRIP DISABLED ***"
75## EOF
76make DESTDIR=${RPM_BUILD_ROOT} install
77# copy script files to /var/lib/samhain so that we can use them right
78# after the package is installed
79#
80install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB ${RPM_BUILD_ROOT}@mydataroot@
81#
82# file list (helpful advice from Lars Kellogg-Stedman)
83#
84echo "@sbindir@/@install_name@" > sh_file_list
85find %{buildroot}/lib/modules \! -type d -print | \
86 sed 's,%{buildroot},,' >> sh_file_list
87
88%clean
89rm -rf ${RPM_BUILD_ROOT}
90
91%post
92if test "x@sh_lkm@" = x; then
93 :
94else
95 if test -f /sbin/depmod; then
96 /sbin/depmod -a
97 fi
98fi
99if [ "$1" -ge 1 ]; then
100 # Activate boot-time start up
101 cd @mydataroot@
102 /bin/sh ./samhain-install.sh --verbose install-boot
103 rm -f ./samhain.startLSB
104 rm -f ./samhain.startLinux
105 if [ -f @sbindir@/@install_name@_stealth ]; then
106 rm -f samhain-install.sh
107 fi
108 shkeep=yes
109 if test x"$shkeep" = xno; then
110 rm -f ./samhain-install.sh
111 rm -f @sbindir@/@install_name@_stealth
112 fi
113fi
114if [ "$1" = 1 ]; then
115 if test -f /usr/lib/lsb/install_initd; then
116 /usr/lib/lsb/install_initd /etc/init.d/@install_name@
117 fi
118fi
119
120%if "%{name}" != "yule"
121cat << EOF
122
123Samhain is installed but is NOT running yet, and the database of
124file signatures is NOT initialized yet. Read the documentation,
125review configuration files, and then (i) initialize it
126(@sbindir@/samhain -t init)
127and (ii) start it manually
128(@sbindir@/samhain start).
129
130It is configured to start automatically on the next boot for runlevels
131[2-5].
132
133EOF
134%endif
135%if "%{name}" == "yule"
136cat << EOF
137
138Yule is installed but is NOT running yet, read the documentation,
139review configuration files, and then start it
140(@sbindir@/yule)
141
142It is configured to start automatically on the next boot for runlevels
143[2-5].
144
145EOF
146%endif
147
148%preun
149# stop running instance of samhain, if any
150if [ -f @mylockdir@/%{name}.pid ]; then
151 @sbindir@/@install_name@ stop
152fi
153if [ "$1" = 0 ]; then
154 # remove boot-time scripts and links
155 cd @mydataroot@
156 if [ -f ./samhain-install.sh ]; then
157 /bin/sh ./samhain-install.sh --verbose uninstall-boot
158 else
159 if test -f /usr/lib/lsb/remove_initd; then
160 /usr/lib/lsb/remove_initd /etc/init.d/@install_name@
161 fi
162 rm -f /etc/init.d/@install_name@
163 fi
164fi
165
166%postun
167if [ "$1" = 0 ]; then
168 # remove any kernel modules that might have been installed
169 RVER=`uname -r`
170 MODFILES=`ls /lib/modules/$RVER/@install_name@* 2>/dev/null`
171 if test "x$MODFILES" = x; then
172 :
173 else
174 rm -f /lib/modules/$RVER/@install_name@*
175 fi
176fi
177
178
179%files -f sh_file_list
180%defattr(-,root,root)
181%dir @mylockdir@
182%dir @mylogdir@
183%doc docs/BUGS COPYING docs/Changelog docs/TODO
184%doc LICENSE docs/FAQ.html docs/HOWTO* docs/MANUAL-2_3.* docs/README*
185@mydataroot@
186%if "%{withstg_prg}" == "xsamhain_stealth"
187 @sbindir@/@install_name@_stealth
188%endif
189%if "%{withpwd_prg}" == "xDSH_WITH_CLIENT"
190 @sbindir@/@install_name@_setpwd
191%endif
192%if "%{withpwd_prg}" == "xDSH_WITH_SERVER"
193 @sbindir@/@install_name@ctl
194 %exclude @sbindir@/@install_name@_setpwd
195%endif
196%attr(644,root,root) @mandir@/man5/@install_name@*
197%attr(644,root,root) @mandir@/man8/@install_name@*
198%config(noreplace) @myrpmconffile@
199
200%changelog
201* Tue May 16 2006 Rainer Wichmann
202- fix manual version, noticed by Imre Gergely
203
204* Tue Apr 05 2005 Rainer Wichmann
205- disable automatic stripping, use sstrip
206
207* Thu Mar 17 2005 Rainer Wichmann
208- fixes for enable-khide
209
210* Wed Oct 20 2004 Rainer Wichmann
211- more fixes for client/server detection
212- fix for samhain_stealth
213
214* Sun Aug 15 2004 Rainer Wichmann
215- fix detection of client/server
216
217* Sat Jun 19 2004 Rainer Wichmann
218- replace ./test.sh $i with make test$i
219- add logic for rpm-light (remove some more files after install)
220- make postun posix compliant (avoid empty argument list for rm -f)
221
222* Wed Dec 31 2003 Stijn Jonker <sjcjonker@sjc.nl>
223- Fixed correctly build of yule-*-rpm
224- Fixed excluding of yule_setpwd, and including of yulectl on yule build
225- Fixed including of samhain_setpwd in samhain client build
226- Above changes required for correct build in newer rpms,
227 with defaults for abort on unpacked files due to
228 %_unpackaged_files_terminate_build 1 setting
229- Fixed installation text for yule, not to display samhain text
230- Added /sbin/chkconfig install_name on to enable the rc scripts
231
232* Thu Dec 11 2003 Christian Vanguers <cva at molis dot be>
233- Fixed typo in samhain.spec
234- Compiled on RedHat Enterprise Linux ES 3
235
236* Thu Mar 26 2003 Rainer Wichmann
237- strip REQ_FROM_SERVER in config file path (%config(noreplace) ...)
238
239* Sun Jan 12 2003 Rainer Wichmann <support at la-samhna dot de>
240- replace %configure with ./configure
241
242* Tue Dec 24 2002 Rainer Wichmann <support at la-samhna dot de>
243- backported applicable changes to samhain.spec.in
244- warn user that database must be initialized
245- fix version of MANUAL in '%files'
246- test for chkconfig, use only if found
247
248* Sun Dec 22 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.7.0
249- fixed typo with _usr macro on ./configure
250- stops running samhain before uninstall
251- implemented conditionals to allow proper uninstalls/upgrades
252- 'BuildPreReq: gpg' is considered only if '--with gpg' is provided
253- run 'chkconfig' to activate samhain after installation
254- warn user that samhain must be manually started after
255 install/upgrade
256
257* Fri Dec 20 2002 Rainer Wichmann <support at la-samhna dot de>
258- backported to samhain.spec.in (take over user's choices from configure)
259- also save samhain.startLSB and samhain.startSuSE for install-boot
260
261* Thu Dec 19 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
262- optional parameters '--with gpg' and '--with tests'
263- use of pre-defined macros whenever possible
264
265* Wed Dec 18 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
266- Fixed installation process, avoiding hardcoded paths on the binaries
267 (thks to samhain's author Rainer Wichmann)
268
269* Mon Dec 16 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
270- First attempt to build from sources
271
Note: See TracBrowser for help on using the repository browser.