* [meta-security][PATCH 1/4] samhain: depends on attr when selinux is enabled
2017-09-15 7:37 [meta-security][PATCH 0/4] samhain: fix several issues jackie.huang
@ 2017-09-15 7:37 ` jackie.huang
2017-09-15 7:37 ` [meta-security][PATCH 2/4] samhain: fix for the PACKAGECONFIG jackie.huang
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: jackie.huang @ 2017-09-15 7:37 UTC (permalink / raw)
To: yocto
From: Jackie Huang <jackie.huang@windriver.com>
The extended attribute is required by selinux feature,
so add the dependency when selinux is enabled.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
recipes-security/samhain/samhain.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-security/samhain/samhain.inc b/recipes-security/samhain/samhain.inc
index 83b2db2..7b71d9f 100644
--- a/recipes-security/samhain/samhain.inc
+++ b/recipes-security/samhain/samhain.inc
@@ -55,7 +55,7 @@ PACKAGECONFIG[logwatch] = "--enable-login-watch,"" , "
PACKAGECONFIG[mounts] = "--enable-mounts-check","" , "
PACKAGECONFIG[userfiles] = "--enable-userfiles","" , "
PACKAGECONFIG[ipv6] = "--enable-ipv6,"--disable-ipv6","
-PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux"
+PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux attr"
PACKAGECONFIG[acl] = " --enable-posix-acl , --disable-posix-acl, acl"
PACKAGECONFIG[audit] = "ac_cv_header_auparse_h=yes,ac_cv_header_auparse_h=no,audit"
PACKAGECONFIG[ps] = "--with-ps-path=${base_bindir}/ps,,,procps"
--
2.11.0
^ permalink raw reply related [flat|nested] 6+ messages in thread* [meta-security][PATCH 2/4] samhain: fix for the PACKAGECONFIG
2017-09-15 7:37 [meta-security][PATCH 0/4] samhain: fix several issues jackie.huang
2017-09-15 7:37 ` [meta-security][PATCH 1/4] samhain: depends on attr when selinux is enabled jackie.huang
@ 2017-09-15 7:37 ` jackie.huang
2017-09-15 7:37 ` [meta-security][PATCH 3/4] samhain: avoid searching host dir for postgresql jackie.huang
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: jackie.huang @ 2017-09-15 7:37 UTC (permalink / raw)
To: yocto
From: Jackie Huang <jackie.huang@windriver.com>
* The "??=" assignment for PACKAGECONFIG is overridden by
the following "+=" assignments, which is not expected,
so combine them into one assignment with multiple lines.
* Fix a typo for postgresql.
* Remove unneeded quotation marks.
* run aotoconf to regenerate the configure, or the patch
for ps option doesn't work:
| configure: error: unrecognized option: --with-ps-path=/bin/ps
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
recipes-security/samhain/samhain.inc | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/recipes-security/samhain/samhain.inc b/recipes-security/samhain/samhain.inc
index 7b71d9f..d25f653 100644
--- a/recipes-security/samhain/samhain.inc
+++ b/recipes-security/samhain/samhain.inc
@@ -44,17 +44,18 @@ SAMHAIN_MODE = "${@oe.utils.ifelse(d.getVar('MODE_NAME') == 'standalone', 'no',
# supports mysql|postgresql|oracle|odbc but postgresql is the only one available
-PACKAGECONFIG ??= "postgresql ps"
-PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)}"
-PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)}"
-PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)}"
-
-PACKAGECONFIG[postgres] = "--with-database=postgresql --enable-xml-log, "", postgresql"
-PACKAGECONFIG[suidcheck] = "--enable-suidcheck","" , "
-PACKAGECONFIG[logwatch] = "--enable-login-watch,"" , "
-PACKAGECONFIG[mounts] = "--enable-mounts-check","" , "
-PACKAGECONFIG[userfiles] = "--enable-userfiles","" , "
-PACKAGECONFIG[ipv6] = "--enable-ipv6,"--disable-ipv6","
+PACKAGECONFIG ??= "postgresql ps \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)} \
+"
+
+PACKAGECONFIG[postgresql] = "--with-database=postgresql --enable-xml-log, , postgresql"
+PACKAGECONFIG[suidcheck] = "--enable-suidcheck, , "
+PACKAGECONFIG[logwatch] = "--enable-login-watch, , "
+PACKAGECONFIG[mounts] = "--enable-mounts-check, , "
+PACKAGECONFIG[userfiles] = "--enable-userfiles, , "
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
PACKAGECONFIG[selinux] = "--enable-selinux, --disable-selinux, libselinux attr"
PACKAGECONFIG[acl] = " --enable-posix-acl , --disable-posix-acl, acl"
PACKAGECONFIG[audit] = "ac_cv_header_auparse_h=yes,ac_cv_header_auparse_h=no,audit"
@@ -90,6 +91,7 @@ EOF
}
do_configure () {
+ autoconf -f
./configure \
--build=${BUILD_SYS} \
--host=${HOST_SYS} \
--
2.11.0
^ permalink raw reply related [flat|nested] 6+ messages in thread* [meta-security][PATCH 3/4] samhain: avoid searching host dir for postgresql
2017-09-15 7:37 [meta-security][PATCH 0/4] samhain: fix several issues jackie.huang
2017-09-15 7:37 ` [meta-security][PATCH 1/4] samhain: depends on attr when selinux is enabled jackie.huang
2017-09-15 7:37 ` [meta-security][PATCH 2/4] samhain: fix for the PACKAGECONFIG jackie.huang
@ 2017-09-15 7:37 ` jackie.huang
2017-09-15 7:37 ` [meta-security][PATCH 4/4] samhain: fix QA issue for GNU_HASH jackie.huang
2017-09-15 20:44 ` [meta-security][PATCH 0/4] samhain: fix several issues akuster
4 siblings, 0 replies; 6+ messages in thread
From: jackie.huang @ 2017-09-15 7:37 UTC (permalink / raw)
To: yocto
From: Jackie Huang <jackie.huang@windriver.com>
Add a patch to avoid searching host dir for postgresql,
and set PGSQL_INC_DIR and PGSQL_LIB_DIR instead.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
...mhain-avoid-searching-host-for-postgresql.patch | 134 +++++++++++++++++++++
recipes-security/samhain/samhain.inc | 3 +-
2 files changed, 136 insertions(+), 1 deletion(-)
create mode 100644 recipes-security/samhain/files/samhain-avoid-searching-host-for-postgresql.patch
diff --git a/recipes-security/samhain/files/samhain-avoid-searching-host-for-postgresql.patch b/recipes-security/samhain/files/samhain-avoid-searching-host-for-postgresql.patch
new file mode 100644
index 0000000..6bf67e0
--- /dev/null
+++ b/recipes-security/samhain/files/samhain-avoid-searching-host-for-postgresql.patch
@@ -0,0 +1,134 @@
+From 3e2ca7e06b16ceff6d12beb5113312f6525df595 Mon Sep 17 00:00:00 2001
+From: Jackie Huang <jackie.huang@windriver.com>
+Date: Thu, 14 Sep 2017 11:02:12 +0800
+Subject: [PATCH] configure.ac: avoid searching host for postgresql
+
+Upstream-Status: Inappropriate [cross compile specific]
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ configure.ac | 101 +++--------------------------------------------------------
+ 1 file changed, 5 insertions(+), 96 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index a224c68..f658d53 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1278,90 +1278,11 @@ AC_ARG_WITH(database,
+ AC_DEFINE(WITH_POSTGRES)
+ AC_DEFINE(WITH_DATABASE)
+ #
+- PGCONF="no"
+- MY_PATH="${PATH}:/usr/local/bin:/usr/local/pgsql/bin"
+- OLD_IFS="$IFS"
+- IFS=":"
+- for ff in ${MY_PATH}
+- do
+- if test -f "$ff/pg_config"
+- then
+- PGCONF="$ff/pg_config"
+- fi
+- done
+- IFS="${OLD_IFS}"
+- #
+- #
+- if test "x${PGCONF}" = "xno"
+- then
+- AC_MSG_CHECKING(for PostgreSQL in /usr/local/pgsql /usr/pgsql /usr/local /usr PGSQL_HOME)
+- pgsql_directory="/usr/local/pgsql /usr/pgsql /usr/local /usr ${PGSQL_HOME}"
+- for i in $pgsql_directory; do
+- if test -r $i/include/pgsql/libpq-fe.h; then
+- PGSQL_INC_DIR=$i/include
+- PGSQL_DIR=$i
+- # use AC_CHECK_HEADERS to check for pgsql/libpq-fe.h
+- fi
+- done
+- if test -z "$PGSQL_DIR"; then
+- for i in $pgsql_directory; do
+- if test -r $i/include/postgresql/libpq-fe.h; then
+- PGSQL_INC_DIR=$i/include
+- PGSQL_DIR=$i
+- fi
+- done
+- fi
+- if test -z "$PGSQL_DIR"; then
+- for i in $pgsql_directory; do
+- if test -r $i/include/libpq-fe.h; then
+- PGSQL_INC_DIR=$i/include
+- PGSQL_DIR=$i
+- fi
+- done
+- fi
+-
+- if test -z "$PGSQL_DIR"; then
+- tmp=""
+- for i in $pgsql_directory; do
+- tmp="$tmp $i/include $i/include/pgsql $i/include/postgresql"
+- done
+- FAIL_MESSAGE("PostgreSQL header file (libpq-fe.h)", $tmp)
+- fi
+-
+- for i in lib lib/pgsql lib/postgresql; do
+- str="$PGSQL_DIR/$i/libpq.*"
+- for j in `echo $str`; do
+- if test -r $j; then
+- PGSQL_LIB_DIR="$PGSQL_DIR/$i"
+- break 2
+- fi
+- done
+- done
+-
+- if test -z "$PGSQL_LIB_DIR"; then
+- for ff in $pgsql_directory; do
+- for i in lib lib/pgsql lib/postgresql; do
+- str="$ff/$i/libpq.*"
+- for j in `echo $str`; do
+- if test -r $j; then
+- PGSQL_LIB_DIR="$ff/$i"
+- break 3
+- fi
+- done
+- done
+- done
+- fi
+-
+- if test -z "$PGSQL_LIB_DIR"; then
+- tmp=""
+- for i in $pgsql_directory; do
+- tmp="$i/lib $i/lib/pgsql $i/lib/postgresql"
+- done
+- FAIL_MESSAGE("postgresql library libpq", $tmp)
+- fi
+-
+- AC_MSG_RESULT(yes)
+-
++ if test -z "${PGSQL_LIB_DIR}" ; then
++ FAIL_MESSAGE("PGSQL_LIB_DIR is not set!")
++ elif test -z "${PGSQL_INC_DIR}" ; then
++ FAIL_MESSAGE("PGSQL_INC_DIR is not set!")
++ else
+ LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lm"
+ if test x"$enable_static" = xyes; then
+ LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lcrypt -lm"
+@@ -1370,18 +1291,6 @@ AC_ARG_WITH(database,
+ fi
+ # CFLAGS="$CFLAGS -I${PGSQL_INC_DIR}"
+ CPPFLAGS="$CPPFLAGS -I${PGSQL_INC_DIR}"
+- AC_CHECK_HEADERS(pgsql/libpq-fe.h)
+- AC_CHECK_HEADERS(postgresql/libpq-fe.h)
+- else
+- pg_lib_dir=`${PGCONF} --libdir`
+- if test x"$enable_static" = xyes; then
+- LIBS="$LIBS -L${pg_lib_dir} -lpq -lcrypt -lm"
+- else
+- LIBS="$LIBS -L${pg_lib_dir} -lpq -lm"
+- fi
+- pg_inc_dir=`${PGCONF} --includedir`
+- # CFLAGS="$CFLAGS -I${pg_inc_dir}"
+- CPPFLAGS="$CPPFLAGS -I${pg_inc_dir}"
+ fi
+ elif test "x${withval}" = "xodbc"; then
+ AC_MSG_CHECKING(for odbc in /usr /usr/local ODBC_HOME)
+--
+2.11.0
+
diff --git a/recipes-security/samhain/samhain.inc b/recipes-security/samhain/samhain.inc
index d25f653..a11b7d8 100644
--- a/recipes-security/samhain/samhain.inc
+++ b/recipes-security/samhain/samhain.inc
@@ -12,6 +12,7 @@ SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
file://samhain-pid-path.patch \
file://samhain-sha256-big-endian.patch \
file://samhain-configure-add-option-for-ps.patch \
+ file://samhain-avoid-searching-host-for-postgresql.patch \
file://${INITSCRIPT_NAME}.init \
file://${INITSCRIPT_NAME}.default \
file://samhain.service \
@@ -50,7 +51,7 @@ PACKAGECONFIG ??= "postgresql ps \
${@bb.utils.contains('DISTRO_FEATURES', 'acl', 'acl', '', d)} \
"
-PACKAGECONFIG[postgresql] = "--with-database=postgresql --enable-xml-log, , postgresql"
+PACKAGECONFIG[postgresql] = "--with-database=postgresql --enable-xml-log PGSQL_INC_DIR=${STAGING_INCDIR} PGSQL_LIB_DIR=${STAGING_LIBDIR}, , postgresql"
PACKAGECONFIG[suidcheck] = "--enable-suidcheck, , "
PACKAGECONFIG[logwatch] = "--enable-login-watch, , "
PACKAGECONFIG[mounts] = "--enable-mounts-check, , "
--
2.11.0
^ permalink raw reply related [flat|nested] 6+ messages in thread* [meta-security][PATCH 4/4] samhain: fix QA issue for GNU_HASH
2017-09-15 7:37 [meta-security][PATCH 0/4] samhain: fix several issues jackie.huang
` (2 preceding siblings ...)
2017-09-15 7:37 ` [meta-security][PATCH 3/4] samhain: avoid searching host dir for postgresql jackie.huang
@ 2017-09-15 7:37 ` jackie.huang
2017-09-15 20:44 ` [meta-security][PATCH 0/4] samhain: fix several issues akuster
4 siblings, 0 replies; 6+ messages in thread
From: jackie.huang @ 2017-09-15 7:37 UTC (permalink / raw)
To: yocto
From: Jackie Huang <jackie.huang@windriver.com>
Add LDFLAGS variable to fix QA issue for GNU_HASH:
| ERROR: samhain-client-4.2.2-r0 do_package_qa: QA Issue:
No GNU_HASH in the elf binary: '/builddir/usr/sbin/samhain_setpwd' [ldflags]
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
...n-add-LDFLAGS-variable-for-samhain_setpwd.patch | 28 ++++++++++++++++++++++
recipes-security/samhain/samhain.inc | 1 +
2 files changed, 29 insertions(+)
create mode 100644 recipes-security/samhain/files/samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch
diff --git a/recipes-security/samhain/files/samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch b/recipes-security/samhain/files/samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch
new file mode 100644
index 0000000..088a938
--- /dev/null
+++ b/recipes-security/samhain/files/samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch
@@ -0,0 +1,28 @@
+From ae79606a6745dbbd429d1d4671dfe3045d735057 Mon Sep 17 00:00:00 2001
+From: Jackie Huang <jackie.huang@windriver.com>
+Date: Thu, 14 Sep 2017 13:26:55 +0800
+Subject: [PATCH] Add LDFLAGS variable for compiling samhain_setpwd
+
+Upstream-Status: Pending
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ Makefile.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 01de987..49356cf 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -1128,7 +1128,7 @@ sh_tiger_i.o: $(srcsrc)/$(TIGER_SRC) Makefile config_xor.h
+ samhain_setpwd: encode config_xor.h $(srcsrc)/samhain_setpwd.c
+ @echo '$(COMPILE) -o samhain_setpwd $(srcsrc)/samhain_setpwd.c'; \
+ ./encode $(XOR_CODE) $(srcsrc)/samhain_setpwd.c; \
+- $(COMPILE) -o samhain_setpwd x_samhain_setpwd.c; \
++ $(COMPILE) $(LDFLAGS) -o samhain_setpwd x_samhain_setpwd.c; \
+ rm x_samhain_setpwd.c
+
+ samhain_stealth: encode config_xor.h $(srcsrc)/samhain_stealth.c
+--
+2.11.0
+
diff --git a/recipes-security/samhain/samhain.inc b/recipes-security/samhain/samhain.inc
index a11b7d8..db96264 100644
--- a/recipes-security/samhain/samhain.inc
+++ b/recipes-security/samhain/samhain.inc
@@ -13,6 +13,7 @@ SRC_URI = "http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz \
file://samhain-sha256-big-endian.patch \
file://samhain-configure-add-option-for-ps.patch \
file://samhain-avoid-searching-host-for-postgresql.patch \
+ file://samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch \
file://${INITSCRIPT_NAME}.init \
file://${INITSCRIPT_NAME}.default \
file://samhain.service \
--
2.11.0
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [meta-security][PATCH 0/4] samhain: fix several issues
2017-09-15 7:37 [meta-security][PATCH 0/4] samhain: fix several issues jackie.huang
` (3 preceding siblings ...)
2017-09-15 7:37 ` [meta-security][PATCH 4/4] samhain: fix QA issue for GNU_HASH jackie.huang
@ 2017-09-15 20:44 ` akuster
4 siblings, 0 replies; 6+ messages in thread
From: akuster @ 2017-09-15 20:44 UTC (permalink / raw)
To: jackie.huang, yocto
On 09/15/2017 12:37 AM, jackie.huang@windriver.com wrote:
> From: Jackie Huang <jackie.huang@windriver.com>
merged,
Thanks
- armin
> --
> The following changes since commit b646d8fdc08f8aac896a09bda0e16bac39e87612:
>
> nmap: update to 7.60 (2017-09-13 07:36:44 -0700)
>
> are available in the git repository at:
>
> git://git.pokylinux.org/poky-contrib.git jhuang0/d_samhain_170915_0
> http://git.pokylinux.org/cgit.cgi//log/?h=jhuang0/d_samhain_170915_0
>
> Jackie Huang (4):
> samhain: depends on attr when selinux is enabled
> samhain: fix for the PACKAGECONFIG
> samhain: avoid searching host dir for postgresql
> samhain: fix QA issue for GNU_HASH
>
> ...n-add-LDFLAGS-variable-for-samhain_setpwd.patch | 28 +++++
> ...mhain-avoid-searching-host-for-postgresql.patch | 134 +++++++++++++++++++++
> recipes-security/samhain/samhain.inc | 28 +++--
> 3 files changed, 178 insertions(+), 12 deletions(-)
> create mode 100644 recipes-security/samhain/files/samhain-add-LDFLAGS-variable-for-samhain_setpwd.patch
> create mode 100644 recipes-security/samhain/files/samhain-avoid-searching-host-for-postgresql.patch
>
^ permalink raw reply [flat|nested] 6+ messages in thread