packaging/vist.spec

   1 Name: vist
   2 Version: 0.1.4
   3 Release: 0
   4 License: Apache-2.0
   5 Summary: ViST(Virtual Security Table) is an unified security API platform based virtual tables.
   6 Url: https://github.com/facebook/osquery
   7 Group: Security/Libraries
   8 Source0: file://%{name}-%{version}.tar.gz
   9 Source1: %name.manifest
  10 BuildRequires: gcc-c++
  11 BuildRequires: make
  12 BuildRequires: cmake
  13 # osquery BRs
  14 BuildRequires: glog-devel
  15 BuildRequires: boost-devel
  16 # vist BRs
  17 BuildRequires: gflags-devel
  18 BuildRequires: pkgconfig(dlog)
  19 BuildRequires: pkgconfig(sqlite3)
  20 BuildRequires: pkgconfig(libtzplatform-config)
  21 BuildRequires: pkgconfig(libsystemd-daemon)
  22 Requires: glog
  23 Requires: gflag
  24 Requires: boost-regex boost-system boost-thread boost-filesystem
  25 Requires: libsystemd
  26
  27 %global osquery_version 4.0.0
  28
  29 %global user_name   security_fw
  30 %global group_name  security_fw
  31 %global smack_label System
  32
  33 %global ro_dir %{_datadir}
  34 %global rw_dir %{TZ_SYS_DATA}
  35
  36 %global vist_ro_dir %{ro_dir}/vist
  37 %global vist_rw_dir %{rw_dir}/vist
  38
  39 %global vist_db_dir     %{vist_rw_dir}/db
  40 %global vist_plugin_dir %{vist_ro_dir}/plugin
  41 %global vist_table_dir %{vist_ro_dir}/table
  42 %global vist_script_dir %{vist_ro_dir}/script
  43
  44 %description
  45 ViST provides unified interface of security functions.
  46 ViST views security resources as virtual tables and manipulates them through SQL queries.
  47 ViST adopts a plug-in architecture and uses osquery as the query analysis engine.
  48
  49 %prep
  50 %setup -q
  51 cp %SOURCE1 .
  52
  53 %build
  54 %{!?build_type:%define build_type "RELEASE"}
  55
  56 %if %{build_type} == "DEBUG" || %{build_type} == "PROFILING" || %{build_type} == "CCOV"
  57         CFLAGS="$CFLAGS -Wp,-U_FORTIFY_SOURCE"
  58         CXXFLAGS="$CXXFLAGS -Wp,-U_FORTIFY_SOURCE"
  59 %endif
  60
  61 %if 0%{?gcov:1}
  62 export CFLAGS+=" -fprofile-arcs -ftest-coverage"
  63 export CXXFLAGS+=" -fprofile-arcs -ftest-coverage"
  64 export FFLAGS+=" -fprofile-arcs -ftest-coverage"
  65 export LDFLAGS+=" -lgcov"
  66 %endif
  67
  68 %cmake . -DCMAKE_BUILD_TYPE=%{build_type} \
  69                  -DVERSION=%{version} \
  70                  -DOSQUERY_VERSION=%{osquery_version} \
  71                  -DGBS_BUILD="TRUE" \
  72                  -DUSER_NAME=%{user_name} \
  73                  -DGROUP_NAME=%{group_name} \
  74                  -DSMACK_LABEL=%{smack_label} \
  75                  -DDEFAULT_POLICY_ADMIN=vist-cli \
  76                  -DDB_INSTALL_DIR:PATH=%{vist_db_dir} \
  77                  -DPLUGIN_INSTALL_DIR:PATH=%{vist_plugin_dir} \
  78                  -DTABLE_INSTALL_DIR:PATH=%{vist_table_dir} \
  79                  -DSCRIPT_INSTALL_DIR:PATH=%{vist_script_dir} \
  80                  -DSYSTEMD_UNIT_DIR:PATH=%{_unitdir} \
  81                  -DBUILD_GCOV=%{?gcov:1}%{!?gcov:0}
  82
  83 make %{?jobs:-j%jobs}
  84
  85 %install
  86 %make_install
  87 mkdir -p %{buildroot}/%{vist_db_dir}
  88 mkdir -p %{buildroot}/%{vist_table_dir}
  89 mkdir -p %{buildroot}/%{vist_plugin_dir}
  90 mkdir -p %{buildroot}/%{vist_script_dir}
  91
  92 cp data/script/*.sql %{buildroot}/%{vist_script_dir}
  93
  94 %install_service sockets.target.wants %{name}.socket
  95
  96 %clean
  97 rm -rf %{buildroot}
  98
  99 %post
 100 rm -f %{vist_db_dir}/.%{name}.db*
 101
 102 systemctl daemon-reload
 103 if [ $1 = 1 ]; then
 104         systemctl start %{name}.socket
 105 elif [ $1 = 2 ]; then
 106         systemctl stop %{name}.socket
 107         systemctl stop %{name}.service
 108         systemctl restart %{name}.socket
 109 fi
 110
 111 %files
 112 %manifest %{name}.manifest
 113 %license LICENSE-Apache-2.0
 114 %attr(-, %{user_name}, %{group_name}) %{_bindir}/vist-cli
 115 %attr(-, %{user_name}, %{group_name}) %{_bindir}/vistd
 116 %{_libdir}/libvist-rmi.so
 117 %{_unitdir}/vist.service
 118 %{_unitdir}/vist.socket
 119 %{_unitdir}/sockets.target.wants/vist.socket
 120 %{vist_script_dir}/*.sql
 121 %dir %attr(-, %{user_name}, %{group_name}) %{vist_db_dir}
 122 %dir %attr(-, %{user_name}, %{group_name}) %{vist_table_dir}
 123 %dir %attr(-, %{user_name}, %{group_name}) %{vist_script_dir}
 124
 125 ## Test Package ##############################################################
 126 %package test
 127 Summary: Virtaul Security Table (unit test)
 128 Group: Security/Testing
 129 BuildRequires: gtest-devel
 130 Requires: gtest
 131
 132 %description test
 133 Provides internal testcases for ViST implementation.
 134
 135 %files test
 136 %manifest packaging/%{name}-test.manifest
 137 %{_bindir}/osquery-test
 138 %attr(4755 %{user_name}, %{group_name}) %{_bindir}/vist-test
 139 %dir %attr(-, %{user_name}, %{group_name}) %{vist_table_dir}
 140 %attr(-, %{user_name}, %{group_name}) %{vist_table_dir}/libvist-table-sample.so
 141 %attr(-, %{user_name}, %{group_name}) %{vist_plugin_dir}/libtest-plugin.so
 142
 143 ## ViST Plugins #############################################################
 144 %package plugins
 145 Summary: Virtaul Security Table (policy modules)
 146 Group: Security/Other
 147 ## Bluetooth
 148 BuildRequires: pkgconfig(bluetooth-api)
 149 BuildRequires: pkgconfig(capi-network-bluetooth)
 150
 151 ## Wifi
 152 BuildRequires: pkgconfig(klay)
 153 BuildRequires: pkgconfig(capi-network-wifi-manager)
 154 BuildRequires: pkgconfig(capi-network-connection)
 155 Requires: klay
 156
 157 %description plugins
 158 Provides plugins for controlling policies.
 159
 160 %pre plugins
 161 #rm -f %{vist_plugin_dir}/bluetooth
 162 #rm -f %{vist_plugin_dir}/wifi
 163
 164 %files plugins
 165 %manifest packaging/%{name}-plugins.manifest
 166 %attr(-, %{user_name}, %{group_name}) %{vist_table_dir}/libvist-bluetooth-policy.so
 167 %attr(4755 %{user_name}, %{group_name}) %{_bindir}/vist-bluetooth-policy-test