source: trunk/samhain.spec.in@ 483

Last change on this file since 483 was 481, checked in by katerina, 9 years ago

Enhancements and fixes for tickets #374, #375, #376, #377, #378, and #379.

File size: 8.7 KB
Line 
1#
2# Accepted parameters for 'rpmbuild':
3#
4# --with tests - make tests before building
5
6Summary: File integrity and host-based IDS
7Name: @install_name@
8Version: @VERSION@
9Release: 1
10License: GPL
11Group: System Environment/Base
12Source: samhain-%{version}.tar.gz
13BuildRoot: %{_tmppath}/samhain-%{version}-root
14Packager: Andre Oliveira da Costa <brblueser@uol.com.br>
15Provides: %{name}
16Requires(pre): shadow-utils
17
18# dummy (fix configure warning)
19# datarootdir = @datarootdir@
20
21# no quotes here - aparently will be expanded literally
22
23%define password %(echo $PASSWORD)
24
25%define withpwd_prg x@clmytclient@
26%define withstg_prg x@stegin_prg@
27
28# disable automatic stripping of binaries upon installation
29%define __spec_install_post %{nil}
30# required because DeadRat wants to package some debug info otherwise
31# (this debug info would be created by debug_install_post called
32# from spec_install_post)
33%define debug_package %{nil}
34# Use internal dependency generator rather than external helpers?
35%define _use_internal_dependency_generator 0
36
37%description
38@install_name@ is an open source file integrity and host-based intrusion
39detection system for Linux and Unix. It can run as a daemon process, and
40and thus can remember file changes -- contrary to a tool that runs from
41cron, if a file is modified you will get only one report, while
42subsequent checks of that file will ignore the modification as it is
43already reported (unless the file is modified again).
44
45@install_name@ can optionally be used as client/server system to provide
46centralized monitoring for multiple host. Logging to a (MySQL or
47PostgreSQL) database is supported.
48
49NOTE: for security reasons, if you distribute binary executables to
50third parties you should point out the use of the --add-key option to
51modify the key material within the executable.
52This spec file is intended to facilitate installation on YOUR system.
53If you use this spec file to build a SRPM for distribution to third parties,
54make sure to remove the --enable-base configure option below.
55
56%prep
57%setup -q -n samhain-%{version}
58
59%build
60%if %{?_with_tests:1}%{!?_with_tests:0}
61# test installation (test #7 is only included if --with gpg has been
62# specified)
63for i in `seq 6` %{?_with_gpg:7}; do ./test/test.sh $i; done
64%endif
65#
66# configure with the user-supplied arguments to './configure'
67#
68./configure @mydefargs@
69make
70%if "%{withpwd_prg}" == "xDSH_WITH_CLIENT"
71%if 0%{?password}
72 ./samhain_setpwd samhain new %{password}
73 mv samhain samhain.old
74 mv samhain.new samhain
75%endif
76%endif
77
78
79%install
80rm -rf ${RPM_BUILD_ROOT}
81# sstrip shouldn't be used since binaries will be stripped later
82## cat << EOF > sstrip
83## #!/bin/sh
84## echo "*** SSTRIP DISABLED ***"
85## EOF
86make DESTDIR=${RPM_BUILD_ROOT} install
87# copy script files to /var/lib/samhain so that we can use them right
88# after the package is installed
89#
90install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB ${RPM_BUILD_ROOT}@mydataroot@
91#
92# file list (helpful advice from Lars Kellogg-Stedman)
93#
94echo "@sbindir@/@install_name@" > sh_file_list
95find %{buildroot}/lib/modules \! -type d -print | \
96 sed 's,%{buildroot},,' >> sh_file_list
97
98%clean
99rm -rf ${RPM_BUILD_ROOT}
100
101%pre
102if test "x@install_name@" = "xyule"
103then
104 getent group samhain >/dev/null || groupadd -r samhain
105 getent passwd yule >/dev/null || \
106 useradd -r -g samhain -d @mydataroot@ -s /sbin/nologin \
107 -c "samhain server daemon" yule
108
109fi
110exit 0
111
112%post
113if test "x@sh_lkm@" = x; then
114 :
115else
116 if test -f /sbin/depmod; then
117 /sbin/depmod -a
118 fi
119fi
120if [ "$1" -ge 1 ]; then
121 # Activate boot-time start up
122 cd @mydataroot@
123 /bin/sh ./samhain-install.sh --verbose install-boot
124 rm -f ./samhain.startLSB
125 rm -f ./samhain.startLinux
126 if [ -f @sbindir@/@install_name@_stealth ]; then
127 rm -f samhain-install.sh
128 fi
129 shkeep=yes
130 if test x"$shkeep" = xno; then
131 rm -f ./samhain-install.sh
132 rm -f @sbindir@/@install_name@_stealth
133 fi
134fi
135if [ "$1" = 1 ]; then
136 if test -f /usr/lib/lsb/install_initd; then
137 /usr/lib/lsb/install_initd /etc/init.d/@install_name@
138 fi
139fi
140
141%if "%{name}" != "yule"
142cat << EOF
143
144Samhain is installed but is NOT running yet, and the database of
145file signatures is NOT initialized yet. Read the documentation,
146review configuration files, and then (i) initialize it
147(@sbindir@/samhain -t init)
148and (ii) start it manually
149(@sbindir@/samhain start).
150
151It is configured to start automatically on the next boot for runlevels
152[2-5].
153
154EOF
155%endif
156%if "%{name}" == "yule"
157cat << EOF
158
159Yule is installed but is NOT running yet, read the documentation,
160review configuration files, and then start it
161(@sbindir@/yule)
162
163It is configured to start automatically on the next boot for runlevels
164[2-5].
165
166EOF
167%endif
168
169%preun
170# stop running instance of samhain, if any
171if [ -f @mylockdir@/%{name}.pid ]; then
172 @sbindir@/@install_name@ stop
173fi
174if [ "$1" = 0 ]; then
175 # remove boot-time scripts and links
176 cd @mydataroot@
177 if [ -f ./samhain-install.sh ]; then
178 /bin/sh ./samhain-install.sh --verbose uninstall-boot
179 else
180 if test -f /usr/lib/lsb/remove_initd; then
181 /usr/lib/lsb/remove_initd /etc/init.d/@install_name@
182 fi
183 rm -f /etc/init.d/@install_name@
184 fi
185fi
186
187
188
189%files -f sh_file_list
190%defattr(-,root,root)
191%dir @mylockdir@
192%dir @mylogdir@
193%doc docs/BUGS COPYING docs/Changelog docs/TODO
194%doc LICENSE docs/FAQ.html docs/HOWTO* docs/MANUAL-2_4.* docs/README*
195@mydataroot@
196%if "%{withstg_prg}" == "xsamhain_stealth"
197 @sbindir@/@install_name@_stealth
198%endif
199%if "%{withpwd_prg}" == "xDSH_WITH_CLIENT"
200 @sbindir@/@install_name@_setpwd
201%endif
202%if "%{withpwd_prg}" == "xDSH_WITH_SERVER"
203 @sbindir@/@install_name@ctl
204 %exclude @sbindir@/@install_name@_setpwd
205%endif
206%attr(644,root,root) @mandir@/man5/@install_name@*
207%attr(644,root,root) @mandir@/man8/@install_name@*
208%attr(644,root,root) /etc/logrotate.d/@install_name@
209%if "%{name}" == "yule"
210%attr(750,root,samhain) @mydataroot@
211%attr(750,yule,samhain) @mylogdir@
212%endif
213%config(noreplace) @myrpmconffile@
214
215%changelog
216* Tue Oct 23 2012 Rainer Wichmann
217- fixes for yule installation
218
219* Tue May 16 2006 Rainer Wichmann
220- fix manual version, noticed by Imre Gergely
221
222* Tue Apr 05 2005 Rainer Wichmann
223- disable automatic stripping, use sstrip
224
225* Thu Mar 17 2005 Rainer Wichmann
226- fixes for enable-khide
227
228* Wed Oct 20 2004 Rainer Wichmann
229- more fixes for client/server detection
230- fix for samhain_stealth
231
232* Sun Aug 15 2004 Rainer Wichmann
233- fix detection of client/server
234
235* Sat Jun 19 2004 Rainer Wichmann
236- replace ./test.sh $i with make test$i
237- add logic for rpm-light (remove some more files after install)
238- make postun posix compliant (avoid empty argument list for rm -f)
239
240* Wed Dec 31 2003 Stijn Jonker <sjcjonker@sjc.nl>
241- Fixed correctly build of yule-*-rpm
242- Fixed excluding of yule_setpwd, and including of yulectl on yule build
243- Fixed including of samhain_setpwd in samhain client build
244- Above changes required for correct build in newer rpms,
245 with defaults for abort on unpacked files due to
246 %_unpackaged_files_terminate_build 1 setting
247- Fixed installation text for yule, not to display samhain text
248- Added /sbin/chkconfig install_name on to enable the rc scripts
249
250* Thu Dec 11 2003 Christian Vanguers <cva at molis dot be>
251- Fixed typo in samhain.spec
252- Compiled on RedHat Enterprise Linux ES 3
253
254* Thu Mar 26 2003 Rainer Wichmann
255- strip REQ_FROM_SERVER in config file path (%config(noreplace) ...)
256
257* Sun Jan 12 2003 Rainer Wichmann <support at la-samhna dot de>
258- replace %configure with ./configure
259
260* Tue Dec 24 2002 Rainer Wichmann <support at la-samhna dot de>
261- backported applicable changes to samhain.spec.in
262- warn user that database must be initialized
263- fix version of MANUAL in '%files'
264- test for chkconfig, use only if found
265
266* Sun Dec 22 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.7.0
267- fixed typo with _usr macro on ./configure
268- stops running samhain before uninstall
269- implemented conditionals to allow proper uninstalls/upgrades
270- 'BuildPreReq: gpg' is considered only if '--with gpg' is provided
271- run 'chkconfig' to activate samhain after installation
272- warn user that samhain must be manually started after
273 install/upgrade
274
275* Fri Dec 20 2002 Rainer Wichmann <support at la-samhna dot de>
276- backported to samhain.spec.in (take over user's choices from configure)
277- also save samhain.startLSB and samhain.startSuSE for install-boot
278
279* Thu Dec 19 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
280- optional parameters '--with gpg' and '--with tests'
281- use of pre-defined macros whenever possible
282
283* Wed Dec 18 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
284- Fixed installation process, avoiding hardcoded paths on the binaries
285 (thks to samhain's author Rainer Wichmann)
286
287* Mon Dec 16 2002 Andre Oliveira da Costa <brblueser@uol.com.br> 1.6.6
288- First attempt to build from sources
289
Note: See TracBrowser for help on using the repository browser.