* [meta-security][PATCH 0/4] samhain: fix several issues
@ 2017-09-15 7:37 jackie.huang
2017-09-15 7:37 ` [meta-security][PATCH 1/4] samhain: depends on attr when selinux is enabled jackie.huang
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: jackie.huang @ 2017-09-15 7:37 UTC (permalink / raw)
To: yocto
From: Jackie Huang <jackie.huang@windriver.com>
--
The following changes since commit b646d8fdc08f8aac896a09bda0e16bac39e87612:
nmap: update to 7.60 (2017-09-13 07:36:44 -0700)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib.git jhuang0/d_samhain_170915_0
http://git.pokylinux.org/cgit.cgi//log/?h=jhuang0/d_samhain_170915_0
Jackie Huang (4):
samhain: depends on attr when selinux is enabled
samhain: fix for the PACKAGECONFIG
samhain: avoid searching host dir for postgresql
samhain: fix QA issue for GNU_HASH
...n-add-LDFLAGS-variable-for-samhain_setpwd.patch | 28 +++++
...mhain-avoid-searching-host-for-postgresql.patch | 134 +++++++++++++++++++++
recipes-security/samhain/samhain.inc | 28 +++--
3 files changed, 178 insertions(+), 12 deletions(-)
create mode 100644 recipes-security/samhain/files/samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch
create mode 100644 recipes-security/samhain/files/samhain-avoid-searching-host-for-postgresql.patch
--
2.11.0
^ permalink raw reply [flat|nested] 6+ messages in thread
* [meta-security][PATCH 1/4] samhain: depends on attr when selinux is enabled
2017-09-15 7:37 [meta-security][PATCH 0/4] samhain: fix several issues jackie.huang
@ 2017-09-15 7:37 ` jackie.huang
2017-09-15 7:37 ` [meta-security][PATCH 2/4] samhain: fix for the PACKAGECONFIG jackie.huang
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: jackie.huang @ 2017-09-15 7:37 UTC (permalink / raw)
To: yocto
From: Jackie Huang <jackie.huang@windriver.com>
The extended attribute is required by selinux feature,
so add the dependency when selinux is enabled.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
recipes-security/samhain/samhain.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-security/samhain/samhain.inc b/recipes-security/samhain/samhain.inc
index 83b2db2..7b71d9f 100644
--- a/recipes-security/samhain/samhain.inc
+++ b/recipes-security/samhain/samhain.inc
@@ -55,7 +55,7 @@ PACKAGECONFIG[logwatch] = "--enable-login-watch,"" , "
PACKAGECONFIG[mounts] = "--enable-mounts-check","" , "
PACKAGECONFIG[userfiles] = "--enable-userfiles","" , "
PACKAGECONFIG[ipv6] = "--enable-ipv6,"--disable-ipv6","
-PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux"
+PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux attr"
PACKAGECONFIG[acl] = " --enable-posix-acl , --disable-posix-acl, acl"
PACKAGECONFIG[audit] = "ac_cv_header_auparse_h=yes,ac_cv_header_auparse_h=no,audit"
PACKAGECONFIG[ps] = "--with-ps-path=${base_bindir}/ps,,,procps"
--
2.11.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [meta-security][PATCH 2/4] samhain: fix for the PACKAGECONFIG
2017-09-15 7:37 [meta-security][PATCH 0/4] samhain: fix several issues jackie.huang
2017-09-15 7:37 ` [meta-security][PATCH 1/4] samhain: depends on attr when selinux is enabled jackie.huang
@ 2017-09-15 7:37 ` jackie.huang
2017-09-15 7:37 ` [meta-security][PATCH 3/4] samhain: avoid searching host dir for postgresql jackie.huang
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: jackie.huang @ 2017-09-15 7:37 UTC (permalink / raw)
To: yocto
From: Jackie Huang <jackie.huang@windriver.com>
* The "??=" assignment for PACKAGECONFIG is overridden by
the following "+=" assignments, which is not expected,
so combine them into one assignment with multiple lines.
* Fix a typo for postgresql.
* Remove unneeded quotation marks.
* run aotoconf to regenerate the configure, or the patch
for ps option doesn't work:
| configure: error: unrecognized option: --with-ps-path=/bin/ps
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
recipes-security/samhain/samhain.inc | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/recipes-security/samhain/samhain.inc b/recipes-security/samhain/samhain.inc
index 7b71d9f..d25f653 100644
--- a/recipes-security/samhain/samhain.inc
+++ b/recipes-security/samhain/samhain.inc
@@ -44,17 +44,18 @@ SAMHAIN_MODE = "${@oe.utils.ifelse(d.getVar('MODE_NAME') == 'standalone', 'no',
# supports mysql|postgresql|oracle|odbc but postgresql is the only one available
-PACKAGECONFIG ??= "postgresql ps"
-PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)}"
-PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)}"
-PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)}"
-
-PACKAGECONFIG[postgres] = "--with-database=postgresql --enable-xml-log, "", postgresql"
-PACKAGECONFIG[suidcheck] = "--enable-suidcheck","" , "
-PACKAGECONFIG[logwatch] = "--enable-login-watch,"" , "
-PACKAGECONFIG[mounts] = "--enable-mounts-check","" , "
-PACKAGECONFIG[userfiles] = "--enable-userfiles","" , "
-PACKAGECONFIG[ipv6] = "--enable-ipv6,"--disable-ipv6","
+PACKAGECONFIG ??= "postgresql ps \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)} \
+"
+
+PACKAGECONFIG[postgresql] = "--with-database=postgresql --enable-xml-log, , postgresql"
+PACKAGECONFIG[suidcheck] = "--enable-suidcheck, , "
+PACKAGECONFIG[logwatch] = "--enable-login-watch, , "
+PACKAGECONFIG[mounts] = "--enable-mounts-check, , "
+PACKAGECONFIG[userfiles] = "--enable-userfiles, , "
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux attr"
PACKAGECONFIG[acl] = " --enable-posix-acl , --disable-posix-acl, acl"
PACKAGECONFIG[audit] = "ac_cv_header_auparse_h=yes,ac_cv_header_auparse_h=no,audit"
@@ -90,6 +91,7 @@ EOF
}
do_configure () {
+ autoconf -f
./configure \
--build=${BUILD_SYS} \
--host=${HOST_SYS} \
--
2.11.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [meta-security][PATCH 3/4] samhain: avoid searching host dir for postgresql
2017-09-15 7:37 [meta-security][PATCH 0/4] samhain: fix several issues jackie.huang
2017-09-15 7:37 ` [meta-security][PATCH 1/4] samhain: depends on attr when selinux is enabled jackie.huang
2017-09-15 7:37 ` [meta-security][PATCH 2/4] samhain: fix for the PACKAGECONFIG jackie.huang
@ 2017-09-15 7:37 ` jackie.huang
2017-09-15 7:37 ` [meta-security][PATCH 4/4] samhain: fix QA issue for GNU_HASH jackie.huang
2017-09-15 20:44 ` [meta-security][PATCH 0/4] samhain: fix several issues akuster
4 siblings, 0 replies; 6+ messages in thread
From: jackie.huang @ 2017-09-15 7:37 UTC (permalink / raw)
To: yocto
From: Jackie Huang <jackie.huang@windriver.com>
Add a patch to avoid searching host dir for postgresql,
and set PGSQL_INC_DIR and PGSQL_LIB_DIR instead.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
...mhain-avoid-searching-host-for-postgresql.patch | 134 +++++++++++++++++++++
recipes-security/samhain/samhain.inc | 3 +-
2 files changed, 136 insertions(+), 1 deletion(-)
create mode 100644 recipes-security/samhain/files/samhain-avoid-searching-host-for-postgresql.patch
diff --git a/recipes-security/samhain/files/samhain-avoid-searching-host-for-postgresql.patch b/recipes-security/samhain/files/samhain-avoid-searching-host-for-postgresql.patch
new file mode 100644
index 0000000..6bf67e0
--- /dev/null
+++ b/recipes-security/samhain/files/samhain-avoid-searching-host-for-postgresql.patch
@@ -0,0 +1,134 @@
+From 3e2ca7e06b16ceff6d12beb5113312f6525df595 Mon Sep 17 00:00:00 2001
+From: Jackie Huang <jackie.huang@windriver.com>
+Date: Thu, 14 Sep 2017 11:02:12 +0800
+Subject: [PATCH] configure.ac: avoid searching host for postgresql
+
+Upstream-Status: Inappropriate [cross compile specific]
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ configure.ac | 101 +++--------------------------------------------------------
+ 1 file changed, 5 insertions(+), 96 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index a224c68..f658d53 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1278,90 +1278,11 @@ AC_ARG_WITH(database,
+ AC_DEFINE(WITH_POSTGRES)
+ AC_DEFINE(WITH_DATABASE)
+ #
+- PGCONF="no"
+- MY_PATH="${PATH}:/usr/local/bin:/usr/local/pgsql/bin"
+- OLD_IFS="$IFS"
+- IFS=":"
+- for ff in ${MY_PATH}
+- do
+- if test -f "$ff/pg_config"
+- then
+- PGCONF="$ff/pg_config"
+- fi
+- done
+- IFS="${OLD_IFS}"
+- #
+- #
+- if test "x${PGCONF}" = "xno"
+- then
+- AC_MSG_CHECKING(for PostgreSQL in /usr/local/pgsql /usr/pgsql /usr/local /usr PGSQL_HOME)
+- pgsql_directory="/usr/local/pgsql /usr/pgsql /usr/local /usr ${PGSQL_HOME}"
+- for i in $pgsql_directory; do
+- if test -r $i/include/pgsql/libpq-fe.h; then
+- PGSQL_INC_DIR=$i/include
+- PGSQL_DIR=$i
+- # use AC_CHECK_HEADERS to check for pgsql/libpq-fe.h
+- fi
+- done
+- if test -z "$PGSQL_DIR"; then
+- for i in $pgsql_directory; do
+- if test -r $i/include/postgresql/libpq-fe.h; then
+- PGSQL_INC_DIR=$i/include
+- PGSQL_DIR=$i
+- fi
+- done
+- fi
+- if test -z "$PGSQL_DIR"; then
+- for i in $pgsql_directory; do
+- if test -r $i/include/libpq-fe.h; then
+- PGSQL_INC_DIR=$i/include
+- PGSQL_DIR=$i
+- fi
+- done
+- fi
+-
+- if test -z "$PGSQL_DIR"; then
+- tmp=""
+- for i in $pgsql_directory; do
+- tmp="$tmp $i/include $i/include/pgsql $i/include/postgresql"
+- done
+- FAIL_MESSAGE("PostgreSQL header file (libpq-fe.h)", $tmp)
+- fi
+-
+- for i in lib lib/pgsql lib/postgresql; do
+- str="$PGSQL_DIR/$i/libpq.*"
+- for j in `echo $str`; do
+- if test -r $j; then
+- PGSQL_LIB_DIR="$PGSQL_DIR/$i"
+- break 2
+- fi
+- done
+- done
+-
+- if test -z "$PGSQL_LIB_DIR"; then
+- for ff in $pgsql_directory; do
+- for i in lib lib/pgsql lib/postgresql; do
+- str="$ff/$i/libpq.*"
+- for j in `echo $str`; do
+- if test -r $j; then
+- PGSQL_LIB_DIR="$ff/$i"
+- break 3
+- fi
+- done
+- done
+- done
+- fi
+-
+- if test -z "$PGSQL_LIB_DIR"; then
+- tmp=""
+- for i in $pgsql_directory; do
+- tmp="$i/lib $i/lib/pgsql $i/lib/postgresql"
+- done
+- FAIL_MESSAGE("postgresql library libpq", $tmp)
+- fi
+-
+- AC_MSG_RESULT(yes)
+-
++ if test -z "${PGSQL_LIB_DIR}" ; then
++ FAIL_MESSAGE("PGSQL_LIB_DIR is not set!")
++ elif test -z "${PGSQL_INC_DIR}" ; then
++ FAIL_MESSAGE("PGSQL_INC_DIR is not set!")
++ else
+ LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lm"
+ if test x"$enable_static" = xyes; then
+ LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lcrypt -lm"
+@@ -1370,18 +1291,6 @@ AC_ARG_WITH(database,
+ fi
+ # CFLAGS="$CFLAGS -I${PGSQL_INC_DIR}"
+ CPPFLAGS="$CPPFLAGS -I${PGSQL_INC_DIR}"
+- AC_CHECK_HEADERS(pgsql/libpq-fe.h)
+- AC_CHECK_HEADERS(postgresql/libpq-fe.h)
+- else
+- pg_lib_dir=`${PGCONF} --libdir`
+- if test x"$enable_static" = xyes; then
+- LIBS="$LIBS -L${pg_lib_dir} -lpq -lcrypt -lm"
+- else
+- LIBS="$LIBS -L${pg_lib_dir} -lpq -lm"
+- fi
+- pg_inc_dir=`${PGCONF} --includedir`
+- # CFLAGS="$CFLAGS -I${pg_inc_dir}"
+- CPPFLAGS="$CPPFLAGS -I${pg_inc_dir}"
+ fi
+ elif test "x${withval}" = "xodbc"; then
+ AC_MSG_CHECKING(for odbc in /usr /usr/local ODBC_HOME)
+--
+2.11.0
+
diff --git a/recipes-security/samhain/samhain.inc b/recipes-security/samhain/samhain.inc
index d25f653..a11b7d8 100644
--- a/recipes-security/samhain/samhain.inc
+++ b/recipes-security/samhain/samhain.inc
@@ -12,6 +12,7 @@ SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
file://samhain-pid-path.patch \
file://samhain-sha256-big-endian.patch \
file://samhain-configure-add-option-for-ps.patch \
+ file://samhain-avoid-searching-host-for-postgresql.patch \
file://${INITSCRIPT_NAME}.init \
file://${INITSCRIPT_NAME}.default \
file://samhain.service \
@@ -50,7 +51,7 @@ PACKAGECONFIG ??= "postgresql ps \
${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)} \
"
-PACKAGECONFIG[postgresql] = "--with-database=postgresql --enable-xml-log, , postgresql"
+PACKAGECONFIG[postgresql] = "--with-database=postgresql --enable-xml-log PGSQL_INC_DIR=${STAGING_INCDIR} PGSQL_LIB_DIR=${STAGING_LIBDIR}, , postgresql"
PACKAGECONFIG[suidcheck] = "--enable-suidcheck, , "
PACKAGECONFIG[logwatch] = "--enable-login-watch, , "
PACKAGECONFIG[mounts] = "--enable-mounts-check, , "
--
2.11.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [meta-security][PATCH 4/4] samhain: fix QA issue for GNU_HASH
2017-09-15 7:37 [meta-security][PATCH 0/4] samhain: fix several issues jackie.huang
` (2 preceding siblings ...)
2017-09-15 7:37 ` [meta-security][PATCH 3/4] samhain: avoid searching host dir for postgresql jackie.huang
@ 2017-09-15 7:37 ` jackie.huang
2017-09-15 20:44 ` [meta-security][PATCH 0/4] samhain: fix several issues akuster
4 siblings, 0 replies; 6+ messages in thread
From: jackie.huang @ 2017-09-15 7:37 UTC (permalink / raw)
To: yocto
From: Jackie Huang <jackie.huang@windriver.com>
Add LDFLAGS variable to fix QA issue for GNU_HASH:
| ERROR: samhain-client-4.2.2-r0 do_package_qa: QA Issue:
No GNU_HASH in the elf binary: '/builddir/usr/sbin/samhain_setpwd' [ldflags]
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
...n-add-LDFLAGS-variable-for-samhain_setpwd.patch | 28 ++++++++++++++++++++++
recipes-security/samhain/samhain.inc | 1 +
2 files changed, 29 insertions(+)
create mode 100644 recipes-security/samhain/files/samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch
diff --git a/recipes-security/samhain/files/samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch b/recipes-security/samhain/files/samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch
new file mode 100644
index 0000000..088a938
--- /dev/null
+++ b/recipes-security/samhain/files/samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch
@@ -0,0 +1,28 @@
+From ae79606a6745dbbd429d1d4671dfe3045d735057 Mon Sep 17 00:00:00 2001
+From: Jackie Huang <jackie.huang@windriver.com>
+Date: Thu, 14 Sep 2017 13:26:55 +0800
+Subject: [PATCH] Add LDFLAGS variable for compiling samhain_setpwd
+
+Upstream-Status: Pending
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ Makefile.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 01de987..49356cf 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -1128,7 +1128,7 @@ sh_tiger_i.o: $(srcsrc)/$(TIGER_SRC) Makefile config_xor.h
+ samhain_setpwd: encode config_xor.h $(srcsrc)/samhain_setpwd.c
+ @echo '$(COMPILE) -o samhain_setpwd $(srcsrc)/samhain_setpwd.c'; \
+ ./encode $(XOR_CODE) $(srcsrc)/samhain_setpwd.c; \
+- $(COMPILE) -o samhain_setpwd x_samhain_setpwd.c; \
++ $(COMPILE) $(LDFLAGS) -o samhain_setpwd x_samhain_setpwd.c; \
+ rm x_samhain_setpwd.c
+
+ samhain_stealth: encode config_xor.h $(srcsrc)/samhain_stealth.c
+--
+2.11.0
+
diff --git a/recipes-security/samhain/samhain.inc b/recipes-security/samhain/samhain.inc
index a11b7d8..db96264 100644
--- a/recipes-security/samhain/samhain.inc
+++ b/recipes-security/samhain/samhain.inc
@@ -13,6 +13,7 @@ SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
file://samhain-sha256-big-endian.patch \
file://samhain-configure-add-option-for-ps.patch \
file://samhain-avoid-searching-host-for-postgresql.patch \
+ file://samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch \
file://${INITSCRIPT_NAME}.init \
file://${INITSCRIPT_NAME}.default \
file://samhain.service \
--
2.11.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [meta-security][PATCH 0/4] samhain: fix several issues
2017-09-15 7:37 [meta-security][PATCH 0/4] samhain: fix several issues jackie.huang
` (3 preceding siblings ...)
2017-09-15 7:37 ` [meta-security][PATCH 4/4] samhain: fix QA issue for GNU_HASH jackie.huang
@ 2017-09-15 20:44 ` akuster
4 siblings, 0 replies; 6+ messages in thread
From: akuster @ 2017-09-15 20:44 UTC (permalink / raw)
To: jackie.huang, yocto
On 09/15/2017 12:37 AM, jackie.huang@windriver.com wrote:
> From: Jackie Huang <jackie.huang@windriver.com>
merged,
Thanks
- armin
> --
> The following changes since commit b646d8fdc08f8aac896a09bda0e16bac39e87612:
>
> nmap: update to 7.60 (2017-09-13 07:36:44 -0700)
>
> are available in the git repository at:
>
> git://git.pokylinux.org/poky-contrib.git jhuang0/d_samhain_170915_0
> http://git.pokylinux.org/cgit.cgi//log/?h=jhuang0/d_samhain_170915_0
>
> Jackie Huang (4):
> samhain: depends on attr when selinux is enabled
> samhain: fix for the PACKAGECONFIG
> samhain: avoid searching host dir for postgresql
> samhain: fix QA issue for GNU_HASH
>
> ...n-add-LDFLAGS-variable-for-samhain_setpwd.patch | 28 +++++
> ...mhain-avoid-searching-host-for-postgresql.patch | 134 +++++++++++++++++++++
> recipes-security/samhain/samhain.inc | 28 +++--
> 3 files changed, 178 insertions(+), 12 deletions(-)
> create mode 100644 recipes-security/samhain/files/samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch
> create mode 100644 recipes-security/samhain/files/samhain-avoid-searching-host-for-postgresql.patch
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-09-15 20:44 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-09-15 7:37 [meta-security][PATCH 0/4] samhain: fix several issues jackie.huang
2017-09-15 7:37 ` [meta-security][PATCH 1/4] samhain: depends on attr when selinux is enabled jackie.huang
2017-09-15 7:37 ` [meta-security][PATCH 2/4] samhain: fix for the PACKAGECONFIG jackie.huang
2017-09-15 7:37 ` [meta-security][PATCH 3/4] samhain: avoid searching host dir for postgresql jackie.huang
2017-09-15 7:37 ` [meta-security][PATCH 4/4] samhain: fix QA issue for GNU_HASH jackie.huang
2017-09-15 20:44 ` [meta-security][PATCH 0/4] samhain: fix several issues akuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.