| # Copyright 1999-2014 Gentoo Foundation |
| # Distributed under the terms of the GNU General Public License v2 |
| # $Id$ |
| |
| EAPI=5 |
| |
| inherit multilib toolchain-funcs |
| |
| DESCRIPTION="Rule Set Based Access Control (RSBAC) Admin Tools" |
| HOMEPAGE="http://www.rsbac.org/" |
| SRC_URI="http://download.rsbac.org/code/${PV}/${P}.tar.xz" |
| |
| LICENSE="GPL-2" |
| SLOT="0" |
| KEYWORDS="~amd64 ~x86" |
| # using rklogd is deprecated but offer the option since it is fully removed |
| # from source |
| IUSE="pam rklogd" |
| |
| DEPEND=" |
| dev-util/dialog |
| pam? ( sys-libs/pam ) |
| sys-apps/baselayout |
| >=sys-libs/ncurses-5.2" |
| |
| RDEPEND="${DEPEND}" |
| |
| src_compile() { |
| local rsbacmakeargs="libs tools" |
| use rklogd && rsbacmakeargs="${rsbacmakeargs} rklogd" |
| use pam && rsbacmakeargs="${rsbacmakeargs} pam nss" |
| emake PREFIX=/usr LIBDIR=/$(get_libdir) ${rsbacmakeargs} |
| } |
| |
| src_install() { |
| local rsbacinstallargs="headers-install libs-install tools-install" |
| use rklogd && rsbacinstallargs="${rsbacinstallargs} rklogd-install" |
| use pam && rsbacinstallargs="${rsbacinstallargs} pam-install nss-install" |
| emake PREFIX=/usr LIBDIR=/$(get_libdir) DESTDIR="${D}" ${rsbacinstallargs} |
| |
| use rklogd && doinitd "${FILESDIR}"/rklogd |
| |
| insinto /etc |
| doins "${FILESDIR}"/rsbac.conf |
| |
| #FHS compliance |
| dodir /usr/$(get_libdir) |
| mv "${D}"/$(get_libdir)/librsbac.{,l}a "${D}"/usr/$(get_libdir) |
| mv "${D}"/$(get_libdir)/libnss_rsbac.{,l}a "${D}"/usr/$(get_libdir) |
| gen_usr_ldscript librsbac.so |
| gen_usr_ldscript libnss_rsbac.so |
| } |
| |
| pkg_postinst() { |
| einfo "********************************************************************************" |
| einfo "You have to add a security user to your system if you have not already done so." |
| einfo "The name could be 'secoff' or 'security' and, if you did not change the default" |
| einfo "uid in the RSBAC kernel configuration, then the following will work:" |
| einfo |
| einfo " groupadd -g 400 security" |
| einfo " useradd -g 400 -u 400 security" |
| einfo |
| einfo "We suggest you run a separate copy of syslog-ng (for example) to log RSBAC" |
| einfo "messages as user 'audit' (uid 404) instead of using the deprecated rklogd." |
| einfo "See" |
| einfo |
| einfo " http://www.rsbac.org/documentation/administration_examples/syslog-ng" |
| einfo |
| einfo "for more information." |
| einfo "********************************************************************************" |
| } |