Remove automatic addition of security user, reintroduce deprecated rklogd, bug #415511

Package-Manager: portage-2.1.10.49/cvs/Linux x86_64

5 files changed, 122 insertions, 5 deletions

diff --git a/sys-apps/rsbac-admin/ChangeLog b/sys-apps/rsbac-admin/ChangeLog
index d3077828c66b..a4f59ea1af5c 100644
--- a/sys-apps/rsbac-admin/ChangeLog
+++ b/sys-apps/rsbac-admin/ChangeLog
@@ -1,4 +1,13 @@
+# ChangeLog for sys-apps/rsbac-admin
+# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/rsbac-admin/ChangeLog,v 1.41 2012/05/15 18:31:08 blueness Exp $
 
+*rsbac-admin-1.4.6-r1 (15 May 2012)
+
+  15 May 2012; Anthony G. Basile <blueness@gentoo.org>
+  +rsbac-admin-1.4.6-r1.ebuild, +files/rklogd:
+  Remove automatic addition of security user
+  Reintroduce deprecated rklogd, bug #415511
 
 *rsbac-admin-1.4.6 (07 Jan 2012)
 
diff --git a/sys-apps/rsbac-admin/Manifest b/sys-apps/rsbac-admin/Manifest
index 023c9dbcbbcb..e645da20d1be 100644
--- a/sys-apps/rsbac-admin/Manifest
+++ b/sys-apps/rsbac-admin/Manifest
@@ -2,15 +2,17 @@
 Hash: SHA256
 
 AUX nsswitch.conf 487 RMD160 b45ed6660f60c6b3fbee2218d250e27f7746a2d1 SHA1 ff7f331e26b5008b1665c8a1857eef924d511e76 SHA256 a92f145853fab10e1110b2ff3607a411a6fb4b4b97927d391e788e0bff019954
+AUX rklogd 735 RMD160 a152f7be25e318341890a1bf41e3a3e3b5c35fd0 SHA1 1283df83b4dd867acdec5762526b456875bd653c SHA256 e7df448f000bf79d25c28a3a9bd1a1c364b66211ecc8493790ea28e25f1c169f
 AUX rsbac.conf 209 RMD160 fb3ae78191f308ef488832eb844c6f3c7c3ccedf SHA1 82fc8195e237d749cd86650699d0ee172f7ddc18 SHA256 7ce39c310463001cffb2f8db01c8ff5154abdbede48a7e5c7b7a0252c8a80c19
 DIST rsbac-admin-1.4.6.tar.bz2 325844 RMD160 62107c09d2b824d0283b6433241085e13a34892b SHA1 7e9738a77068c01975b9dc0dc5b77b23c53c8c2e SHA256 5edde3c5f84a3ebca8ff2c1164665dd4386d8cae1e215cd0784b613867ef03c1
+EBUILD rsbac-admin-1.4.6-r1.ebuild 2436 RMD160 3c207559a138b7e5c48001537c87ecb9162233f3 SHA1 a6a86cca9157659307955ee00ea1a097c10638f2 SHA256 f87e02f3f3d0ba4412fa83140031f3d4434b4e08e29daf4c9be86fbdcfe34265
 EBUILD rsbac-admin-1.4.6.ebuild 1924 RMD160 8431289a27babc2a7d8690145da88043cd0deca4 SHA1 a7a1880e134c5c8bccc043dcaa0dcd7c8502cb3e SHA256 8fdf9d95c6ad049d2fa552d814faf93fcbfbf1992ae3355c63520ec589c9ae71
-MISC ChangeLog 202 RMD160 de115e1ca36fc1c608af101168d7af0897be6e08 SHA1 d84f31aecf2f41e302338d2b37d529833fba1fe0 SHA256 c961af11d185bace42169e3420052c0c3af7d9993f33588a894106bfd0a6eccd
-MISC metadata.xml 349 RMD160 74c5b7d98c48912b9e8114a27122085890f2b4f0 SHA1 a0bebf1fca1f7d2c2caba50e49016fb9049f4c4e SHA256 8ee9c6d3ede9f9980227d67737a2b2d5a73eaa1594aa945790566ea5703ce807
+MISC ChangeLog 646 RMD160 a5cf59b496cb4f22b8f0dac55acfb4ebb749e729 SHA1 4db94e33e6e014d1013d8d73f7d9d3252f4c429c SHA256 3ef346ad21b51647796634502fd8351ed96647a94df9a8b9309873c6327b8ff7
+MISC metadata.xml 432 RMD160 ab649699a1d8c905a2626b83695d1c994ec54835 SHA1 5f8bffc2e28b88f8bb355e1c408706ee55c84554 SHA256 bd8537d7d5e4e6b81ddcab0ad0b89d407b19869e7b437161563d3fb168989a71
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.17 (GNU/Linux)
 
-iEYEAREIAAYFAk8Ip5cACgkQl5yvQNBFVTUWKgCgjIJfq6ZrX7pahmTHZntDUXB/
-V7gAn2y51dPG5txCc0Wm8i06UVv8ZJMO
-=WM0u
+iEYEAREIAAYFAk+yoPUACgkQl5yvQNBFVTXWyQCfdJCS0kTNZlgW2aZ49uA5uc/I
+5lYAn16iGA8TFYncgXJ+zJidtDjUjJ9W
+=ltGS
 -----END PGP SIGNATURE-----
diff --git a/sys-apps/rsbac-admin/files/rklogd b/sys-apps/rsbac-admin/files/rklogd
new file mode 100644
index 000000000000..657055eb6b74
--- /dev/null
+++ b/sys-apps/rsbac-admin/files/rklogd
@@ -0,0 +1,32 @@
+#!/sbin/runscript
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/rsbac-admin/files/rklogd,v 1.1 2012/05/15 18:31:08 blueness Exp $
+
+daemon="rklogd"
+rsbac_info="/proc/rsbac-info"
+
+start() {
+	ebegin "Starting rklogd"
+
+	local ret
+	if [ -d "${rsbac_info}" ]; then
+		if [ -f $(which run-jail) ]; then
+			$(which run-jail) $deamon start-stop-daemon --start --exec $(which ${deamon})
+		else
+			start-stop-daemon --start --exec $(which ${deamon})
+		fi
+		ret = $?
+	else
+		ewarn "No rsbac-info directory avaible."
+		ret = 1
+	fi
+
+	eend $ret
+}
+
+stop() {
+	ebegin "Stopping rklogd"
+	start-stop-daemon --stop --exec $(which ${deamon})
+	eend $?
+}
diff --git a/sys-apps/rsbac-admin/metadata.xml b/sys-apps/rsbac-admin/metadata.xml
index b7f395284f49..cb485827c1ce 100644
--- a/sys-apps/rsbac-admin/metadata.xml
+++ b/sys-apps/rsbac-admin/metadata.xml
@@ -9,4 +9,7 @@
 	<longdescription lang="en">
 		Administrative tool for RSBAC system
 	</longdescription>
+	<use>
+		<flag name="rklogd">Enabled deprecated RSBAC kernel logger</flag>
+	</use>
 </pkgmetadata>
diff --git a/sys-apps/rsbac-admin/rsbac-admin-1.4.6-r1.ebuild b/sys-apps/rsbac-admin/rsbac-admin-1.4.6-r1.ebuild
new file mode 100644
index 000000000000..3d1e5264661f
--- /dev/null
+++ b/sys-apps/rsbac-admin/rsbac-admin-1.4.6-r1.ebuild
@@ -0,0 +1,71 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/rsbac-admin/rsbac-admin-1.4.6-r1.ebuild,v 1.1 2012/05/15 18:31:08 blueness Exp $
+
+EAPI="4"
+
+inherit multilib toolchain-funcs
+
+DESCRIPTION="Rule Set Based Access Control (RSBAC) Admin Tools"
+HOMEPAGE="http://www.rsbac.org/"
+SRC_URI="http://www.rsbac.org/dl.php?file=code/${PV}/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+# using rklogd is deprecated but offer the option since it is fully removed
+# from source
+IUSE="pam rklogd"
+
+DEPEND="
+	dev-util/dialog
+	pam? ( sys-libs/pam )
+	sys-apps/baselayout
+	>=sys-libs/ncurses-5.2"
+
+RDEPEND="${DEPEND}"
+
+src_compile() {
+	local rsbacmakeargs="libs tools"
+	use rklogd && rsbacmakeargs="${rsbacmakeargs} rklogd"
+	use pam && rsbacmakeargs="${rsbacmakeargs} pam nss"
+	emake PREFIX=/usr LIBDIR=/$(get_libdir) ${rsbacmakeargs}
+}
+
+src_install() {
+	local rsbacinstallargs="headers-install libs-install tools-install"
+	use rklogd && rsbacinstallargs="${rsbacinstallargs} rklogd-install"
+	use pam && rsbacinstallargs="${rsbacinstallargs} pam-install nss-install"
+	emake PREFIX=/usr LIBDIR=/$(get_libdir) DESTDIR="${D}" ${rsbacinstallargs}
+
+	use rklogd && doinitd "${FILESDIR}"/rklogd
+
+	insinto /etc
+	doins "${FILESDIR}"/rsbac.conf
+
+	#FHS compliance
+	dodir /usr/$(get_libdir)
+	mv "${D}"/$(get_libdir)/librsbac.{,l}a "${D}"/usr/$(get_libdir)
+	mv "${D}"/$(get_libdir)/libnss_rsbac.{,l}a "${D}"/usr/$(get_libdir)
+	gen_usr_ldscript librsbac.so
+	gen_usr_ldscript libnss_rsbac.so
+}
+
+pkg_postinst() {
+	einfo "********************************************************************************"
+	einfo "You have to add a security user to your system if you have not already done so."
+	einfo "The name could be 'secoff' or 'security' and, if you did not change the default"
+	einfo "uid in the RSBAC kernel configuration, then the following will work:"
+	einfo
+	einfo "    groupadd -g 400 security"
+	einfo "    useradd -g 400 -u 400 security"
+	einfo
+	einfo "We suggest you run a separate copy of syslog-ng (for example) to log RSBAC"
+	einfo "messages as user 'audit' (uid 404) instead of using the deprecated rklogd."
+	einfo "See"
+	einfo
+	einfo "    http://www.rsbac.org/documentation/administration_examples/syslog-ng"
+	einfo
+	einfo "for more information."
+	einfo "********************************************************************************"
+}