summary refs log tree commit diff
path: root/pkgs/os-specific/linux/audit
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific/linux/audit')
-rw-r--r--pkgs/os-specific/linux/audit/default.nix105
-rw-r--r--pkgs/os-specific/linux/audit/patches/weak-symbols.patch147
2 files changed, 52 insertions, 200 deletions
diff --git a/pkgs/os-specific/linux/audit/default.nix b/pkgs/os-specific/linux/audit/default.nix
index 30327fb1082..1e941a13767 100644
--- a/pkgs/os-specific/linux/audit/default.nix
+++ b/pkgs/os-specific/linux/audit/default.nix
@@ -1,74 +1,73 @@
-{
-  lib, stdenv, buildPackages, fetchurl, fetchpatch,
-  runCommand,
-  autoconf, automake, libtool,
-  enablePython ? false, python ? null,
-}:
+{ lib
+, stdenv
+, fetchurl
+, fetchpatch
+, autoreconfHook
+, bash
+, buildPackages
+, libtool
+, linuxHeaders
+, python3
+, swig
 
-assert enablePython -> python != null;
+# Enabling python support while cross compiling would be possible, but the
+# configure script tries executing python to gather info instead of relying on
+# python3-config exclusively
+, enablePython ? stdenv.hostPlatform == stdenv.buildPlatform,
+}:
 
-stdenv.mkDerivation rec {
-  name = "audit-2.8.5"; # at the next release, remove the patches below!
+stdenv.mkDerivation (finalAttrs: {
+  pname = "audit";
+  version = "3.1.2";
 
   src = fetchurl {
-    url = "https://people.redhat.com/sgrubb/audit/${name}.tar.gz";
-    sha256 = "1dzcwb2q78q7x41shcachn7f4aksxbxd470yk38zh03fch1l2p8f";
+    url = "https://people.redhat.com/sgrubb/audit/audit-${finalAttrs.version}.tar.gz";
+    hash = "sha256-wLF5LR8KiMbxgocQUJy7mHBZ/GhxLJdmnKkOrhA9KH0=";
   };
 
+  postPatch = ''
+    substituteInPlace bindings/swig/src/auditswig.i \
+      --replace "/usr/include/linux/audit.h" \
+                "${linuxHeaders}/include/linux/audit.h"
+  '';
+
   outputs = [ "bin" "dev" "out" "man" ];
 
-  depsBuildBuild = [ buildPackages.stdenv.cc ];
-  nativeBuildInputs = lib.optionals stdenv.hostPlatform.isMusl
-    [ autoconf automake libtool ];
-  buildInputs = lib.optional enablePython python;
+  strictDeps = true;
+
+  depsBuildBuild = [
+    buildPackages.stdenv.cc
+  ];
+
+  nativeBuildInputs = [
+    autoreconfHook
+  ]
+  ++ lib.optionals enablePython [
+    python3
+    swig
+  ];
+
+  buildInputs = [
+    bash
+  ];
 
   configureFlags = [
-    # z/OS plugin is not useful on Linux,
-    # and pulls in an extra openldap dependency otherwise
+    # z/OS plugin is not useful on Linux, and pulls in an extra openldap
+    # dependency otherwise
     "--disable-zos-remote"
-    (if enablePython then "--with-python" else "--without-python")
     "--with-arm"
     "--with-aarch64"
+    (if enablePython then "--with-python" else "--without-python")
   ];
 
   enableParallelBuilding = true;
 
-  # TODO: Remove the musl patches when
-  #         https://github.com/linux-audit/audit-userspace/pull/25
-  #       is available with the next release.
-  patches = [ ./patches/weak-symbols.patch ]
-  ++ lib.optional stdenv.hostPlatform.isMusl [
-    (
-      let patch = fetchpatch {
-            url = "https://github.com/linux-audit/audit-userspace/commit/d579a08bb1cde71f939c13ac6b2261052ae9f77e.patch";
-            name = "Add-substitue-functions-for-strndupa-rawmemchr.patch";
-            sha256 = "015bvzflg1s1k5viap30nznlpjj44a66khyc8yq0waa68qwvdlsd";
-          };
-      in
-        runCommand "Add-substitue-functions-for-strndupa-rawmemchr.patch-fix-copyright-merge-conflict" {} ''
-          cp ${patch} $out
-          substituteInPlace $out --replace \
-              '-* Copyright (c) 2007-09,2011-16,2018 Red Hat Inc., Durham, North Carolina.' \
-              '-* Copyright (c) 2007-09,2011-16 Red Hat Inc., Durham, North Carolina.'
-        ''
-    )
-  ];
-
-  prePatch = ''
-    sed -i 's,#include <sys/poll.h>,#include <poll.h>\n#include <limits.h>,' audisp/audispd.c
-  ''
-  # According to https://stackoverflow.com/questions/13089166
-  # --whole-archive linker flag is required to be sure that linker
-  # correctly chooses strong version of symbol regardless of order of
-  # object files at command line.
-  + lib.optionalString stdenv.hostPlatform.isStatic ''
-    export LDFLAGS=-Wl,--whole-archive
-  '';
   meta = {
-    description = "Audit Library";
     homepage = "https://people.redhat.com/sgrubb/audit/";
-    license = lib.licenses.gpl2;
+    description = "Audit Library";
+    changelog = "https://github.com/linux-audit/audit-userspace/releases/tag/v${finalAttrs.version}";
+    license = lib.licenses.gpl2Plus;
+    maintainers = with lib.maintainers; [ AndersonTorres ];
     platforms = lib.platforms.linux;
-    maintainers = with lib.maintainers; [ ];
   };
-}
+})
diff --git a/pkgs/os-specific/linux/audit/patches/weak-symbols.patch b/pkgs/os-specific/linux/audit/patches/weak-symbols.patch
deleted file mode 100644
index 301ea9a5476..00000000000
--- a/pkgs/os-specific/linux/audit/patches/weak-symbols.patch
+++ /dev/null
@@ -1,147 +0,0 @@
-Executables in src/ directory are built from source files in src/
-and are linked to libauparse, with both src/auditd-config.c and
-auparse/auditd-config.c defining "free_config" function.
-
-It is known (although obscure) behaviour of shared libraries that
-symbol defined in binary itself overrides symbol in shared library;
-with static linkage it expectedly results in multiple definition
-error.
-
-This set of fixes explicitly marks libauparse versions of
-conflicting functions as weak to have behaviour coherent with
-dynamic linkage version -- definitions in src/ overriding definition
-in auparse/.
-
-Still, this architecture is very strange and confusing.
-
-diff -r -U5 audit-2.8.5-orig/auparse/auditd-config.c audit-2.8.5/auparse/auditd-config.c
---- audit-2.8.5-orig/auparse/auditd-config.c	2019-03-01 20:19:13.000000000 +0000
-+++ audit-2.8.5/auparse/auditd-config.c	2021-01-13 11:36:12.716226498 +0000
-@@ -68,10 +68,11 @@
- };
- 
- /*
-  * Set everything to its default value
- */
-+#pragma weak clear_config
- void clear_config(struct daemon_conf *config)
- {
- 	config->local_events = 1;
- 	config->qos = QOS_NON_BLOCKING;
- 	config->sender_uid = 0;
-@@ -322,10 +323,11 @@
- 	if (config->log_file == NULL)
- 		return 1;
- 	return 0;
- }
- 
-+#pragma weak free_config
- void free_config(struct daemon_conf *config)
- {
- 	free((void*)config->log_file);
- }
- 
-diff -r -U5 audit-2.8.5-orig/auparse/interpret.c audit-2.8.5/auparse/interpret.c
---- audit-2.8.5-orig/auparse/interpret.c	2019-03-01 20:19:13.000000000 +0000
-+++ audit-2.8.5/auparse/interpret.c	2021-01-13 11:39:42.107217224 +0000
-@@ -545,10 +545,11 @@
- 	else
- 		snprintf(buf, size, "unknown(%d)", uid);
- 	return buf;
- }
- 
-+#pragma weak aulookup_destroy_uid_list
- void aulookup_destroy_uid_list(void)
- {
- 	if (uid_cache_created == 0)
- 		return;
- 
-@@ -2810,10 +2811,11 @@
- 
- /*
-  * This is the main entry point for the auparse library. Call chain is:
-  * auparse_interpret_field -> nvlist_interp_cur_val -> interpret
-  */
-+#pragma weak interpret
- const char *interpret(const rnode *r, auparse_esc_t escape_mode)
- {
- 	const nvlist *nv = &r->nv;
- 	int type;
- 	idata id;
-diff -r -U5 audit-2.8.5-orig/auparse/nvlist.c audit-2.8.5/auparse/nvlist.c
---- audit-2.8.5-orig/auparse/nvlist.c	2019-02-04 14:26:52.000000000 +0000
-+++ audit-2.8.5/auparse/nvlist.c	2021-01-13 11:37:37.190222757 +0000
-@@ -27,10 +27,11 @@
- #include "nvlist.h"
- #include "interpret.h"
- #include "auparse-idata.h"
- 
- 
-+#pragma weak nvlist_create
- void nvlist_create(nvlist *l)
- {
- 	l->head = NULL;
- 	l->cur = NULL;
- 	l->cnt = 0;
-@@ -47,17 +48,19 @@
- 	while (node->next)
- 		node = node->next;
- 	l->cur = node;
- }
- 
-+#pragma weak nvlist_next
- nvnode *nvlist_next(nvlist *l)
- {
- 	if (l->cur)
- 		l->cur = l->cur->next;
- 	return l->cur;
- }
- 
-+#pragma weak nvlist_append
- void nvlist_append(nvlist *l, nvnode *node)
- {
- 	nvnode* newnode = malloc(sizeof(nvnode));
- 
- 	newnode->name = node->name;
-@@ -141,10 +144,11 @@
- 	if (l->cur->interp_val)
- 		return l->cur->interp_val;
- 	return interpret(r, escape_mode);
- }
- 
-+#pragma weak nvlist_clear
- void nvlist_clear(nvlist* l)
- {
- 	nvnode* nextnode;
- 	register nvnode* current;
- 
-diff -r -U5 audit-2.8.5-orig/auparse/strsplit.c audit-2.8.5/auparse/strsplit.c
---- audit-2.8.5-orig/auparse/strsplit.c	2019-03-01 21:15:30.000000000 +0000
-+++ audit-2.8.5/auparse/strsplit.c	2021-01-13 11:38:04.306221556 +0000
-@@ -54,10 +54,11 @@
- 			return NULL;
- 		return s;
- 	}
- }
- 
-+#pragma weak audit_strsplit
- char *audit_strsplit(char *s)
- {
- 	static char *str = NULL;
- 	char *ptr;
- 
-diff -r -U5 audit-2.8.5-orig/lib/strsplit.c audit-2.8.5/lib/strsplit.c
---- audit-2.8.5-orig/lib/strsplit.c	2019-03-01 20:19:13.000000000 +0000
-+++ audit-2.8.5/lib/strsplit.c	2021-01-13 11:38:29.444220443 +0000
-@@ -23,10 +23,11 @@
- 
- #include <string.h>
- #include "libaudit.h"
- #include "private.h"
- 
-+#pragma weak audit_strsplit_r
- char *audit_strsplit_r(char *s, char **savedpp)
- {
- 	char *ptr;
- 
- 	if (s)
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-13 08:08:52 +0000