Initialize for audit

.audit.metadata

@@ -0,0 +1 @@
+60ea3fa2be849b6b05a2c321e9ba1492ae1eec8317c2c7adfbc93b3acacf563a audit-3.0.6.tar.gz

.gitignore

@@ -0,0 +1 @@
+audit-3.0.6.tar.gz

README-BEFORE-ADDING-PATCHES

@@ -0,0 +1,16 @@
+All patches need to have a kernel-style patch description header.
+
+PATCHES LACKING THIS OR NOT CORRECTLY FOLLOWING DESCRIPTION BELOW WILL BE
+REJECTED OR REVERTED
+
+From: Joe Smoe <joe@smoe.com>
+Subject: Summary of fix
+Date: Date of fix
+References: Bugzilla reference [bsc#xxxx]
+References: URL of relevant discussion thread, opensuse or upstream ML etc
+Git-commit: Full SHA of upstream commit [if applicable]
+Git-repo: [if different from https://github.com/linux-audit/audit-userspace.git]
+Patch-mainline: revision of audit package or explanation if not [i.e v2.8.1 or "queued with maintainer" or "never; because ...." ]
+Signed-Off-by: Joe Smoe <joe@smoe.com>
+
+Short paragraph describing problem/fix.

audit.spec

@@ -0,0 +1,171 @@
+#
+# spec file for package audit
+#
+# Copyright (c) 2022-2023 ZhuningOS
+#
+
+
+%ifarch x86_64
+%bcond_without livepatching
+%else
+%bcond_with livepatching
+%endif
+
+Name:           audit
+Version:        3.0.6
+Release:        150400.4.13.1
+Summary:        Linux kernel audit subsystem utilities
+License:        GPL-2.0-or-later
+Group:          System/Monitoring
+URL:            https://people.redhat.com/sgrubb/audit/
+Source0:        https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
+Source1:        baselibs.conf
+Source2:        README-BEFORE-ADDING-PATCHES
+Patch0:         change-default-log_group.patch
+BuildRequires:  autoconf >= 2.12
+BuildRequires:  kernel-headers >= 2.6.30
+BuildRequires:  libtool
+BuildRequires:  pkgconfig
+BuildRequires:  tcpd-devel
+Requires:       libaudit1 = %{version}
+Requires:       libauparse0 = %{version}
+Provides:       bundled(libev) = 4.33
+
+%description
+The audit package contains the user space utilities for storing and
+processing the records generated by the audit subsystem in the
+Linux kernel.
+
+%package -n libaudit1
+Summary:        Library for interfacing with the kernel audit subsystem
+License:        LGPL-2.1-or-later
+Group:          System/Libraries
+Obsoletes:      %{name}-libs < 2.0.4
+Provides:       %{name}-libs = %{version}
+
+%description -n libaudit1
+The libaudit package contains the shared libraries needed for
+applications to use the audit framework.
+
+%package -n libauparse0
+Summary:        Library for parsing and interpreting audit events
+License:        LGPL-2.1-or-later
+Group:          System/Libraries
+
+%description -n libauparse0
+The libauparse package contains the shared libraries needed to
+parse audit records.
+
+%package -n audit-devel
+Summary:        Header files for libaudit
+License:        LGPL-2.1-or-later
+Group:          Development/Libraries/C and C++
+Requires:       libaudit1 = %{version}
+Requires:       libauparse0 = %{version}
+
+%description -n audit-devel
+The audit-devel package contains the header files
+needed for developing applications that need to use the audit framework
+libraries.
+
+%prep
+%autosetup -p1
+
+%build
+autoreconf -fi
+export CFLAGS="%{optflags} -fno-strict-aliasing"
+export CXXFLAGS="$CFLAGS"
+export LDFLAGS="-Wl,-z,relro,-z,now"
+# no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch
+%configure \
+%ifarch aarch64
+	--with-aarch64 \
+%endif
+	--enable-systemd \
+	--libexecdir=%{_libexecdir}/%{name} \
+	--with-apparmor \
+	--with-libcap-ng=no \
+	--disable-static \
+	--with-python=no \
+	--disable-zos-remote
+
+%make_build -C common
+%make_build -C lib
+%make_build -C auparse
+%make_build -C docs
+
+%if %{with livepatching}
+# Workaround bsc#1208721: remove _patchable_function_entry from static libs.
+find . -name "*.a" -exec \
+       objcopy --remove-section "__patchable_function_entries" {} \;
+
+%define tar_basename audit-livepatch-%{version}-%{release}
+%define tar_package_name %{tar_basename}.%{_arch}.tar.xz
+%define clones_dest_dir %{tar_basename}/%{_arch}
+
+# Ipa-clones are files generated by gcc which logs changes made across
+# functions, and we need to know such changes to build livepatches
+# correctly. These files are intended to be used by the livepatch
+# developers and may be retrieved by using `osc getbinaries`.
+#
+# Create ipa-clones destination folder and move clones there.
+mkdir -p ipa-clones/%{clones_dest_dir}
+find . -name "*.ipa-clones" ! -empty \
+       -exec cp -t ipa-clones/%{clones_dest_dir} --parents {} +
+
+# Create tarball with ipa-clones.
+tar -cJf %{tar_package_name} -C ipa-clones \
+    --owner root --group root --sort name %{tar_basename}
+
+# Copy tarball to the OTHER folder to store it as artifact.
+cp %{tar_package_name} %{_topdir}/OTHER
+%endif
+
+%install
+%make_install -C common
+%make_install -C lib
+%make_install -C auparse
+%make_install -C docs
+rm -rf %{buildroot}/%{_mandir}/man[578]
+mkdir -p %{buildroot}%{_sysconfdir}
+mkdir -p %{buildroot}/%{_includedir}
+mkdir -p %{buildroot}/%{_mandir}/man5
+# We manually install this since Makefile doesn't
+install -m 0644 lib/libaudit.h %{buildroot}/%{_includedir}
+install -D -m 0644 ./m4/audit.m4  %{buildroot}%{_datadir}/aclocal/audit.m4
+# Install libaudit.conf files by hand
+install -m 0644 docs/libaudit.conf.5 %{buildroot}/%{_mandir}/man5
+install -m 0644 init.d/libaudit.conf %{buildroot}%{_sysconfdir}
+
+find %{buildroot} -type f -name "*.la" -delete -print
+
+%check
+%make_build -C lib check
+%make_build -C auparse check
+
+%post -n libaudit1 -p /sbin/ldconfig
+%post -n libauparse0 -p /sbin/ldconfig
+%postun -n libaudit1 -p /sbin/ldconfig
+%postun -n libauparse0 -p /sbin/ldconfig
+
+%files -n libaudit1
+%{_libdir}/libaudit.so.*
+%config(noreplace) %attr(640,root,root) %{_sysconfdir}/libaudit.conf
+%{_mandir}/man5/libaudit.conf.5%{ext_man}
+
+%files -n libauparse0
+%{_libdir}/libauparse.so.*
+
+%files -n audit-devel
+%doc contrib/plugin
+%{_libdir}/libaudit.so
+%{_libdir}/libauparse.so
+%{_includedir}/libaudit.h
+%{_includedir}/auparse.h
+%{_includedir}/auparse-defs.h
+%{_mandir}/man3/*
+%{_datadir}/aclocal/audit.m4
+%{_libdir}/pkgconfig/audit.pc
+%{_libdir}/pkgconfig/auparse.pc
+
+%changelog

baselibs.conf

@@ -0,0 +1,7 @@
+libaudit1
+   obsoletes "audit-libs-<targettype> < 2.0.4"
+libauparse0
+audit-devel
+   requires -audit-<targettype>
+   requires "libaudit1-<targettype> = <version>"
+   requires "libauparse0-<targettype> = <version>"

change-default-log_group.patch

@@ -0,0 +1,21 @@
+From: Enzo Matsumiya <ematsumiya@suse.de>
+Date: Thu Jan 28 18:11:39 UTC 2021
+References: bsc#1178154
+Patch-mainline: Not yet, under review
+Subject: change default log_group to "audit"
+
+Change the default log_group to newly added "audit" group.
+
+Signed-Off-by: Enzo Matsumiya <ematsumiya@suse.de>
+
+--- a/init.d/auditd.conf
++++ b/init.d/auditd.conf
+@@ -5,7 +5,7 @@
+ local_events = yes
+ write_logs = yes
+ log_file = /var/log/audit/audit.log
+-log_group = root
++log_group = audit
+ log_format = ENRICHED
+ flush = INCREMENTAL_ASYNC
+ freq = 50