diff mbox series

[meta-security,8/9] aide: add native support for build time db creation

Message ID 20220618134435.2370878-8-akuster808@gmail.com
State Accepted, archived
Delegated to: Armin Kuster
Headers show
Series [meta-security,1/9] security-test-image: auto include layers if present. | expand

Commit Message

akuster808 June 18, 2022, 1:44 p.m. UTC 
This will help create a aide db during build that is
then installed on the rootfs for verification at boot time.

This work was inspired by:
Marco Cavallini
Yocto Project Ambassador

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 recipes-ids/aide/aide_0.17.4.bb | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/recipes-ids/aide/aide_0.17.4.bb b/recipes-ids/aide/aide_0.17.4.bb
index 87b690d..7ce0729 100644
--- a/recipes-ids/aide/aide_0.17.4.bb
+++ b/recipes-ids/aide/aide_0.17.4.bb
@@ -10,7 +10,7 @@  SRC_URI = "https://github.com/aide/aide/releases/download/v${PV}/${BPN}-${PV}.ta
 
 SRC_URI[sha256sum] = "c81505246f3ffc2e76036d43a77212ae82895b5881d9b9e25c1361b1a9b7a846"
 
-inherit autotools pkgconfig
+inherit autotools pkgconfig aide-base
 
 PACKAGECONFIG ??=" mhash zlib e2fsattrs posix capabilities curl \
                  ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)} \
@@ -27,10 +27,31 @@  PACKAGECONFIG[e2fsattrs] = "--with-e2fsattrs, --without-e2fsattrs, e2fsprogs, e2
 PACKAGECONFIG[capabilities] = "--with-capabilities, --without-capabilities, libcap, libcap"
 PACKAGECONFIG[posix] = "--with-posix-acl, --without-posix-acl, acl, acl"
 
+
+do_install[nostamp] = "1"
+
 do_install:append () {
     install -d ${D}${libdir}/${PN}/logs   
     install -d ${D}${sysconfdir}   
     install ${WORKDIR}/aide.conf ${D}${sysconfdir}/
+
+    for dir in ${AIDE_INCLUDE_DIRS}; do
+        echo "${dir} NORMAL" >> ${D}${sysconfdir}/aide.conf
+    done
+    for dir in ${AIDE_SKIP_DIRS}; do
+        echo "!${dir}" >> ${D}${sysconfdir}/aide.conf
+    done
+}
+
+do_install:class-native () {
+    install -d ${STAGING_AIDE_DIR}/bin
+    install -d ${STAGING_AIDE_DIR}/lib/logs
+
+    install ${B}/aide ${STAGING_AIDE_DIR}/bin
+    install ${WORKDIR}/aide.conf ${STAGING_AIDE_DIR}/
+
+    sed -i -s "s:\@\@define DBDIR.*:\@\@define DBDIR ${STAGING_AIDE_DIR}/lib:" ${STAGING_AIDE_DIR}/aide.conf
+    sed -i -e "s:\@\@define LOGDIR.*:\@\@define LOGDIR ${STAGING_AIDE_DIR}/lib/logs:" ${STAGING_AIDE_DIR}/aide.conf
 }
 
 CONF_FILE = "${sysconfdir}/aide.conf"
@@ -38,7 +59,14 @@  CONF_FILE = "${sysconfdir}/aide.conf"
 FILES:${PN} += "${libdir}/${PN} ${sysconfdir}/aide.conf"
 
 pkg_postinst_ontarget:${PN} () {
-    /usr/bin/aide -i
+    if [ ${AIDE_SCAN_POSTINIT} ]; then
+        ${bindir}/aide -i
+    fi
+    if [ ${AIDE_RESCAN_POSTINIT}  && -e ${libdir}/aide/aide.db.gz ]; then
+        ${bindir}/aide -C
+    fi
 }
 
 RDEPENDS:${PN} = "bison libpcre"
+
+BBCLASSEXTEND = "native"