Please reconsider the way the autotools are used in the audit package. It has always struck me as odd that the RPM spec and the README-install file specify that some autotool program be run. My understanding is the autotool programs are to be run in preparation for generating a source distribution, and that the RPM builder simply builds a binary version of the distribution, just as someone builds using the sources.
Another trick I suggest is to organize the sources so that the one source for all version numbers in the package is the AC_INIT call in configure.ac. The RPM spec is built by running the ./configure command, and audit.spec.in starts like this: Name: @PACKAGE@ Version: @VERSION@ I have enclosed a patch for audit version 1.5.5 that implements the changes I just described. John
diff -urN --exclude='*~' oaudit-1.5.5/audit.spec.in audit-1.5.5/audit.spec.in --- oaudit-1.5.5/audit.spec.in 1969-12-31 19:00:00.000000000 -0500 +++ audit-1.5.5/audit.spec.in 2007-07-11 08:04:55.000000000 -0400 @@ -0,0 +1,441 @@ +%define sca_version 0.4.2 + +Summary: User space tools for 2.6 kernel auditing +Name: @PACKAGE@ +Version: @VERSION@ +Release: 1 +License: GPL +Group: System Environment/Daemons +URL: http://people.redhat.com/sgrubb/audit/ +Source: %{name}-%{version}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-root +BuildRequires: gettext-devel intltool libtool swig python-devel +BuildRequires: kernel-headers >= 2.6.18 +BuildRequires: automake >= 1.9 +BuildRequires: autoconf >= 2.59 +Requires: %{name}-libs = %{version}-%{release} +Requires: %{name}-libs-python = %{version}-%{release} +Requires: chkconfig +Prereq: coreutils + +%description +The audit package contains the user space utilities for +storing and searching the audit records generate by +the audit subsystem in the Linux 2.6 kernel. + +%package libs +Summary: Dynamic library for libaudit +License: LGPL +Group: Development/Libraries + +%description libs +The audit-libs package contains the dynamic libraries needed for +applications to use the audit framework. + +%package libs-devel +Summary: Header files and static library for libaudit +License: LGPL +Group: Development/Libraries +Requires: %{name}-libs = %{version}-%{release} +Requires: kernel-headers >= 2.6.18 + +%description libs-devel +The audit-libs-devel package contains the static libraries and header +files needed for developing applications that need to use the audit +framework libraries. + +%package libs-python +Summary: Python bindings for libaudit +License: LGPL +Group: Development/Libraries +Requires: %{name}-libs = %{version}-%{release} + +%description libs-python +The audit-libs-python package contains the bindings so that libaudit +and libauparse can be used by python. + +%package audispd-plugins +Summary: Default plugins for the audit dispatcher +License: LGPL +Group: System Environment/Daemons + +%description audispd-plugins +The audispd-plugins package contains plugins for the audit dispatcher. + +%package -n system-config-audit +Summary: Utility for editing audit configuration +Version: %{sca_version} +License: GPL +Group: Applications/System +Requires: pygtk2-libglade usermode usermode-gtk + +%description -n system-config-audit +An utility for editing audit configuration. + +%prep +%setup -q + +%build +%configure --sbindir=/sbin --libdir=/%{_lib} +make + +%install +rm -rf $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT/{sbin,etc/{sysconfig,audispd/plugins.d,rc.d/init.d}} +mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8 +mkdir -p $RPM_BUILD_ROOT/%{_lib} +mkdir -p $RPM_BUILD_ROOT/%{_libdir}/audit +mkdir -p $RPM_BUILD_ROOT/%{_var}/log/audit +make DESTDIR=$RPM_BUILD_ROOT install +make -C system-config-audit DESTDIR=$RPM_BUILD_ROOT install-fedora + +mkdir -p $RPM_BUILD_ROOT/%{_libdir} +# This winds up in the wrong place when libtool is involved +mv $RPM_BUILD_ROOT/%{_lib}/libaudit.a $RPM_BUILD_ROOT%{_libdir} +mv $RPM_BUILD_ROOT/%{_lib}/libauparse.a $RPM_BUILD_ROOT%{_libdir} +curdir=`pwd` +cd $RPM_BUILD_ROOT/%{_libdir} +LIBNAME=`basename \`ls $RPM_BUILD_ROOT/%{_lib}/libaudit.so.*.*.*\`` +ln -s ../../%{_lib}/$LIBNAME libaudit.so +LIBNAME=`basename \`ls $RPM_BUILD_ROOT/%{_lib}/libauparse.so.*.*.*\`` +ln -s ../../%{_lib}/$LIBNAME libauparse.so +cd $curdir +# Remove these items so they don't get picked up. +rm -f $RPM_BUILD_ROOT/%{_lib}/libaudit.so +rm -f $RPM_BUILD_ROOT/%{_lib}/libauparse.so +rm -f $RPM_BUILD_ROOT/%{_lib}/libaudit.la +rm -f $RPM_BUILD_ROOT/%{_lib}/libauparse.la +rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_audit.a +rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_audit.la +rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_auparse.a +rm -f $RPM_BUILD_ROOT/%{_libdir}/python?.?/site-packages/_auparse.la + +# On platforms with 32 & 64 bit libs, we need to coordinate the timestamp +touch -r ./audit.spec $RPM_BUILD_ROOT/etc/libaudit.conf + +%find_lang system-config-audit + +%clean +rm -rf $RPM_BUILD_ROOT + +%post libs -p /sbin/ldconfig + +%post +/sbin/chkconfig --add auditd +if [ -f /etc/auditd.conf ]; then + mv /etc/auditd.conf /etc/audit/auditd.conf +fi +if [ -f /etc/audit.rules ]; then + mv /etc/audit.rules /etc/audit/audit.rules +fi +if [ -f /etc/audit/auditd.conf ]; then + tmp=`mktemp /etc/audit/auditd-post.XXXXXX` + if [ -n $tmp ]; then + sed 's|^#dispatcher|dispatcher|g' /etc/audit/auditd.conf > $tmp && \ + cat $tmp > /etc/audit/auditd.conf + rm -f $tmp + fi +fi + +%preun +if [ $1 -eq 0 ]; then + /sbin/service auditd stop > /dev/null 2>&1 + /sbin/chkconfig --del auditd +fi + +%postun libs +/sbin/ldconfig 2>/dev/null + +%postun +if [ $1 -ge 1 ]; then + /sbin/service auditd condrestart > /dev/null 2>&1 || : +fi + +%files libs +%defattr(-,root,root) +%attr(755,root,root) /%{_lib}/libaudit.* +%attr(755,root,root) /%{_lib}/libauparse.* +%config(noreplace) %attr(640,root,root) /etc/libaudit.conf + +%files libs-devel +%defattr(-,root,root) +%{_libdir}/libaudit.a +%{_libdir}/libauparse.a +%{_libdir}/libaudit.so +%{_libdir}/libauparse.so +%{_includedir}/libaudit.h +%{_includedir}/auparse.h +%{_includedir}/auparse-defs.h +%{_mandir}/man3/* + +%files libs-python +%defattr(-,root,root) +%{_libdir}/python?.?/site-packages/_audit.so +%{_libdir}/python?.?/site-packages/auparse.so +/usr/lib/python?.?/site-packages/audit.py* + +%files +%defattr(-,root,root,-) +%doc README COPYING ChangeLog sample.rules contrib/capp.rules contrib/nispom.rules contrib/lspp.rules contrib/skeleton.c init.d/auditd.cron +%attr(0644,root,root) %{_mandir}/man8/* +%attr(0644,root,root) %{_mandir}/man5/* +%attr(750,root,root) /sbin/auditctl +%attr(750,root,root) /sbin/auditd +%attr(755,root,root) /sbin/ausearch +%attr(755,root,root) /sbin/aureport +%attr(750,root,root) /sbin/autrace +%attr(750,root,root) /sbin/audispd +%attr(755,root,root) /etc/rc.d/init.d/auditd +%attr(750,root,root) %{_var}/log/audit +%attr(750,root,root) %dir /etc/audit +%attr(750,root,root) %dir /etc/audispd +%attr(750,root,root) %dir /etc/audispd/plugins.d +%attr(750,root,root) %dir %{_libdir}/audit +%config(noreplace) %attr(640,root,root) /etc/audit/auditd.conf +%config(noreplace) %attr(640,root,root) /etc/audit/audit.rules +%config(noreplace) %attr(640,root,root) /etc/sysconfig/auditd + +%files -n system-config-audit -f system-config-audit.lang +%defattr(-,root,root,-) +%doc system-config-audit/AUTHORS +%doc system-config-audit/COPYING +%doc system-config-audit/ChangeLog +%doc system-config-audit/NEWS +%doc system-config-audit/README +%{_bindir}/system-config-audit +%{_datadir}/applications/system-config-audit.desktop +%{_datadir}/system-config-audit +%{_libexecdir}/system-config-audit-server-real +%{_libexecdir}/system-config-audit-server +%config(noreplace) %{_sysconfdir}/pam.d/system-config-audit-server +%config(noreplace) %{_sysconfdir}/security/console.apps/system-config-audit-server + +%changelog +* Tue Jul 10 2007 Steve Grubb <[EMAIL PROTECTED]> 1.5.5-1 +- Add system-config-audit (Miloslav Trmac) +- Correct bug in audit_make_equivalent function (Al Viro) + +* Tue Jun 26 2007 Steve Grubb <[EMAIL PROTECTED]> 1.5.4-1 +- Add feed interface to auparse library (John Dennis) +- Apply patch to libauparse for unresolved symbols (#241178) +- Apply patch to add line numbers for file events in libauparse (John Dennis) +- Change seresults to seresult in libauparse (John Dennis) +- Add unit32_t definition to swig (#244210) +- Add support for directory auditing +- Update acct field to be escaped + +* Tue May 01 2007 Steve Grubb <[EMAIL PROTECTED]> 1.5.3-1 +- Change buffer size to prevent truncation of DAEMON events with large labels +- Fix memory leaks in auparse (John Dennis) +- Update syscall tables for 2.6.21 kernel +- Update capp & lspp rules +- New python bindings for libauparse (John Dennis) + +* Thu Apr 04 2007 Steve Grubb <[EMAIL PROTECTED]> 1.5.2-1 +- New event dispatcher (James Antill) +- Apply patches fixing man pages and Makefile.am (Philipp Hahn) +- Apply patch correcting python libs permissions (Philipp Hahn) +- Fix auditd segfault on reload +- Add support for segfault anomaly message type +- Fix bug in auparse library for file pointers and descriptors +- Extract subject information out of daemon events for ausearch + +* Tue Mar 20 2007 Steve Grubb <[EMAIL PROTECTED]> 1.5.1-1 +- Updated autrace to monitor *at syscalls +- Add support in libaudit for AUDIT_BIT_TEST(^) and AUDIT_MASK_TEST (&) +- Finish reworking auditd config parser +- In auparse, interpret open, fcntl, and clone flags +- In auparse, when interpreting execve record types, run args through unencode +- Add support for OBJ_PID message type +- Event dispatcher updates + +* Fri Mar 2 2007 Steve Grubb <[EMAIL PROTECTED]> 1.5-1 +- NEW audit dispatcher program & plugin framework +- Correct hidden variables in libauparse +- Added NISPOM sample rules +- Verify accessibility of files passed in auparse_init +- Fix bug in parser library interpreting socketcalls +- Add support for stdio FILE pointer in auparse_init +- Adjust init script to allow anyone to status auditd (#230626) + +* Tue Feb 20 2007 Steve Grubb <[EMAIL PROTECTED]> 1.4.2-1 +- Add man pages +- Reduce text relocations in parser library +- Add -n option to auditd for no fork +- Add exec option to space_left, admin_space_left, disk_full, + and disk_error - eg EXEC /usr/local/script + +* Fri Feb 16 2007 Steve Grubb <[EMAIL PROTECTED]> 1.4.1-1 +- updated audit_rule_fieldpair_data to handle perm correctly (#226780) +- Finished search options for audit parsing library +- Fix ausearch -se to work correctly +- Fix auditd init script for /usr on netdev (#228528) +- Parse avc seperms better when there are more than one + +* Sun Feb 04 2007 Steve Grubb <[EMAIL PROTECTED]> 1.4-1 +- New report about authentication attempts +- Updates for python 2.5 +- update autrace to have resource usage mode +- update auditctl to support immutable config +- added audit_log_user_command function to libaudit api +- interpret capabilities +- added audit event parsing library +- updates for 2.6.20 kernel + +* Sun Dec 10 2006 Steve Grubb <[EMAIL PROTECTED]> 1.3.1-1 +- Fix a couple parsing problems (#217952) +- Add tgkill to S390* syscall tables (#218484) +- Fix error messages in ausearch/aureport +- Fix timestamp for libaudit.conf (#218053) + +* Tue Nov 28 2006 Steve Grubb <[EMAIL PROTECTED]> 1.3-1 +- ausearch & aureport implement uid/gid caching +- In ausearch & aureport, extract addr when hostname is unknown +- In ausearch & aureport, test audit log presence O_RDONLY +- New ausearch/aureport time keywords: recent, this-week, this-month, this-year +- Added --add & --delete option to aureport +- Update res parsing in config change events +- Increase the size on audit daemon buffers +- Parse avc_path records in ausearch/aureport +- ausearch has new output mode, raw, for extracting events +- ausearch/aureport can now read stdin +- Rework AVC processing in ausearch/aureport +- Added long options to ausearch and aureport + +* Tue Oct 24 2006 Steve Grubb <[EMAIL PROTECTED]> 1.2.9-1 +- In auditd if num_logs is zero, don't rotate on SIGUSR1 (#208834) +- Fix some defines in libaudit.h +- Some auditd config strings were not initialized in aureport (#211443) +- Updated man pages +- Add Netlabel event types to libaudit +- Update aureports to current audit event types +- Update autrace a little +- Deprecated all the old audit_rule functions from public API +- Drop auparse library for the moment + +* Fri Sep 29 2006 Steve Grubb <[EMAIL PROTECTED]> 1.2.8-1 +- Make internal auditd buffers bigger for context info +- Correct address resolving of hostname in logging functions +- Do not allow multiple msgtypes in same audit rule in auditctl (#207666) +- Only =, != operators for arch & inode fields in auditctl (#206427) +- Add disp_qos & dispatcher to auditd reconfigure +- Send sighup to child when no change in dispatcher during auditd reconfigure +- Cleanup file descriptor handling in auditd +- Updated audit message type table +- Remove watches from aureport since FS_WATCH is deprecated +- Add audit_log_avc back temporarily (#208152) + +* Mon Sep 18 2006 Steve Grubb <[EMAIL PROTECTED]> 1.2.7-1 +- Fix logging messages to use addr if passed. +- Apply patches from Tony Jones correcting no kernel support messages +- Updated syscall tables for 2.6.18 kernel +- Remove deprecated functions: audit_log, audit_log_avc, audit_log_if_enabled +- Disallow syscall auditing on exclude list +- Improve time handling in ausearch and aureport (#191394) +- Attempt to reconstruct full path from relative for searching + +* Sat Aug 26 2006 Steve Grubb <[EMAIL PROTECTED]> 1.2.6-1 +- Apply updates to dispatcher +- Fix a couple bugs regarding MLS labels +- Resurrect -p option +- Tighten rules with exclude filter +- Fix parsing issue which lead to segfault in some cases +- Fix option parsing to ignore malformed lines + +* Thu Jul 13 2006 Steve Grubb <[EMAIL PROTECTED]> 1.2.5-1 +- Switch out dispatcher +- Fix bug upgrading rule types + +* Fri Jun 30 2006 Steve Grubb <[EMAIL PROTECTED]> 1.2.4-1 +- Add support for the new filter key +- Update syscall tables for 2.6.17 +- Add audit failure query function +- Switch out gethostbyname call with getaddrinfo +- Add audit by obj capability for 2.6.18 kernel +- Ausearch & aureport now fail if no args to -te +- New auditd.conf option to choose blocking/non-blocking dispatcher comm +- Ausearch improved search by label + +* Fri May 25 2006 Steve Grubb <[EMAIL PROTECTED]> 1.2.3-1 +- Apply patch to ensure watches only associate with exit filter +- Apply patch to correctly show new operators when new listing format is used +- Apply patch to pull kernel's audit.h into python bindings +- Collect signal sender's context + +* Fri May 12 2006 Steve Grubb <[EMAIL PROTECTED]> 1.2.2-1 +- Updates for new glibc-kernheaders +- Change auditctl to collect list of rules then delete them on -D +- Update capp.rules and lspp.rules to comment out rules for the possible list +- Add new message types +- Support sigusr1 sender identity of newer kernels +- Add support for ppid in auditctl and ausearch +- fix auditctl to trim the '/' from watches +- Move audit daemon config files to /etc/audit for better SE Linux protection + +* Sun Apr 16 2006 Steve Grubb <[EMAIL PROTECTED]> 1.2.1-1 +- New message type for trusted apps +- Add new keywords today, yesterday, now for ausearch and aureport +- Make audit_log_user_avc_message really send to syslog on error +- Updated syscall tables in auditctl +- Deprecated the 'possible' action for syscall rules in auditctl +- Update watch code to use file syscalls instead of 'all' in auditctl + +* Fri Apr 7 2006 Steve Grubb <[EMAIL PROTECTED]> 1.2-1 +- Add support for new file system auditing kernel subsystem + +* Thu Apr 6 2006 Steve Grubb <[EMAIL PROTECTED]> 1.1.6-1 +- New message types +- Support new rule format found in 2.6.17 and later kernels +- Add support for audit by role, clearance, type, sensitivity + +* Wed Mar 6 2006 Steve Grubb <[EMAIL PROTECTED]> 1.1.5-1 +- Changed audit_log_semanage_message to take new params +- In aureport, add class between syscall and permission in avc report +- Fix bug where fsync is called in debug mode +- Add optional support for tty in SYSCALL records for ausearch/aureport +- Reinstate legacy rule operator support +- Add man pages +- Auditd ignore most signals + +* Wed Feb 8 2006 Steve Grubb <[EMAIL PROTECTED]> 1.1.4-1 +- Fix bug in autrace where it didn't run on kernels without file watch support +- Add syslog message to auditd saying what program was started for dispatcher +- Remove audit_send_user from public api +- Fix bug in USER_LOGIN messages where ausearch does not translate + msg='uid=500: into acct name (#178102). +- Change comm with dispatcher to socketpair from pipe +- Change auditd to use custom daemonize to avoid race in init scripts +- Update error message when deleting a rule that doesn't exist (#176239) +- Call shutdown_dispatcher when auditd stops +- Add new logging function audit_log_semanage_message + +* Thu Jan 5 2006 Steve Grubb <[EMAIL PROTECTED]> 1.1.3-1 +- Add timestamp to daemon_config messages (#174865) +- Add error checking of year for aureport & ausearch +- Treat af_unix sockets as files for searching and reporting +- Update capp & lspp rules to combine syscalls for higher performance +- Adjusted the chkconfig line for auditd to start a little earlier +- Added skeleton program to docs for people to write their own dispatcher with +- Apply patch from Ulrich Drepper that optimizes resource utilization +- Change ausearch and aureport to unlocked IO + +* Thu Dec 5 2005 Steve Grubb <[EMAIL PROTECTED]> 1.1.2-1 +- Add more message types + +* Wed Nov 30 2005 Steve Grubb <[EMAIL PROTECTED]> 1.1.1-1 +- Add support for alpha processors +- Update the audisp code +- Add locale code in ausearch and aureport +- Add new rule operator patch +- Add exclude filter patch +- Cleanup make files +- Add python bindings + +* Wed Nov 9 2005 Steve Grubb <[EMAIL PROTECTED]> 1.1-1 +- Add initial version of audisp. Just a placeholder at this point +- Remove -t from auditctl + +* Mon Nov 7 2005 Steve Grubb <[EMAIL PROTECTED]> 1.0.12-1 +- Add 2 more summary reports +- Add 2 more message types + diff -urN --exclude='*~' oaudit-1.5.5/bindings/python/Makefile.am audit-1.5.5/bindings/python/Makefile.am --- oaudit-1.5.5/bindings/python/Makefile.am 2007-05-01 17:28:55.000000000 -0400 +++ audit-1.5.5/bindings/python/Makefile.am 2007-07-11 08:02:13.000000000 -0400 @@ -27,7 +27,7 @@ $(PYTHON) setup.py build install: - $(PYTHON) setup.py install --prefix=$(DESTDIR)/usr + $(PYTHON) setup.py install --prefix=$(PYTHON_PREFIX) clean-generic: rm -rf build diff -urN --exclude='*~' oaudit-1.5.5/configure.ac audit-1.5.5/configure.ac --- oaudit-1.5.5/configure.ac 2007-06-27 06:22:02.000000000 -0400 +++ audit-1.5.5/configure.ac 2007-07-11 08:05:29.000000000 -0400 @@ -109,7 +109,7 @@ AC_DEFINE(WITH_APPARMOR,1,[Define if you want to enable AppArmor events.])fi AC_CONFIG_SUBDIRS([system-config-audit]) -AC_OUTPUT(Makefile lib/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile bindings/Makefile bindings/python/Makefile) +AC_OUTPUT(Makefile audit.spec lib/Makefile auparse/Makefile auparse/test/Makefile src/Makefile src/mt/Makefile swig/Makefile docs/Makefile init.d/Makefile audisp/Makefile bindings/Makefile bindings/python/Makefile) echo . echo " diff -urN --exclude='*~' oaudit-1.5.5/README-install audit-1.5.5/README-install --- oaudit-1.5.5/README-install 2007-04-09 17:50:01.000000000 -0400 +++ audit-1.5.5/README-install 2007-07-11 08:02:53.000000000 -0400 @@ -3,8 +3,7 @@ If you insist on doing it the hard way... -autoreconf -fv --install -./configure --sbindir=/sbin --mandir=/usr/share/man --libdir=/lib +./configure --prefix=/usr --sbindir=/sbin --libdir=/lib --sysconfdir=/etc make make install
-- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
