6 files changed, 100 insertions, 32 deletions

diff --git a/pcr/samhain/.gitignore b/pcr/samhain/.gitignore
new file mode 100644
index 000000000..8c2a40b2f
--- /dev/null
+++ b/pcr/samhain/.gitignore
@@ -0,0 +1,3 @@
+!PKGBUILD
+!*.install
+!*.service
diff --git a/pcr/samhain/PKGBUILD b/pcr/samhain/PKGBUILD
index 4dfdc1ee7..849c6afa3 100644
--- a/pcr/samhain/PKGBUILD
+++ b/pcr/samhain/PKGBUILD
@@ -1,44 +1,83 @@
-# Maintainer: Luke R. <g4jc@openmailbox.org> GPG: rsa4096/3EAE8697
+# Contributor: Luke R. <g4jc@openmailbox.org>
+# Maintainer: David P. <megver83@parabola.nu>
 
-pkgname=samhain
-pkgver=4.2.0
+pkgbase=samhain
+pkgname=(samhain-client samhain-server)
+pkgver=4.3.2
 pkgrel=1
-pkgdesc="file integrity / intrusion detection system"
-arch=(i686 x86_64)
-url="http://www.la-samhna.de/"
-license=('GPL')
-makedepends=('gcc' 'openssl' 'procps-ng')
-source=("http://www.la-samhna.de/samhain/${pkgname}-current.tar.gz" 
-'PKGBUILD.sig'
-'PKGBUILD')
+arch=(armv7h i686 x86_64)
+url='http://www.la-samhna.de/'
+license=(GPL)
+makedepends=(openssl procps-ng)
+source=("https://www.la-samhna.de/archive/${pkgbase}_signed-$pkgver.tar.gz"
+        samhain.service
+        yule.service)
 options=(!emptydirs)
-validpgpkeys=('CB6E213A349B8DF9E96B622AC3F4FFCF3EAE8697' # PKGBUILD Maintainer's key
-'EF6CEF54701A0AFDB86AF4C31AAD26C80F571F6C') # Rainer Wichmann
-sha512sums=('bacb82f87d7e6c7bad49f99454279e19c6d1cfa2e353de4f2346cee78f9761173aed5fc26dd956f1c88928d28d25e98c07bc8f74f2984bddae64f96ad1e6b4b2'
-            'SKIP'
+validpgpkeys=('EF6CEF54701A0AFDB86AF4C31AAD26C80F571F6C') # Rainer Wichmann
+sha512sums=('aaa4c9e384715fffaa55d3d5838bf137f199bd7a8da2f2005e165ead03f82c401de74806c4a2687eaa217927d50c5400417805ac37dfd36c4b0ad959c3bf2d1e'
+            '736b6077c680afd2cbb25065207e671dd63d329ce9c1b8d11aa02e835550bdcbf72be6cba8fe67079c3823c805d8fdaf17e5238371c679b5ff8c7dbee56bdc9d'
+            'd005c19efd164ea86e06860aae0bac18432636c3b9763c4e5584e1a4c17610d5092984c5e946450beaa515d683b5b0e9364d28c55d28fcab28c928d7bcf71031'
+            'a6b25f878f0adb1dbdb0c19feea7e325d400bbb2834604a675ce3e47204089dd92dbb51c23889883b28e028fa7f1d8c0e0c7559c27497dd9a56f365d6155e9a2'
             'SKIP')
 
-pkgver() {
-tar -ztvf samhain-current.tar.gz | head -n1 | awk '{print $6}' | sed "s/samhain-//" | sed "s/.tar.gz//" # get latest version number
-}
+# Hack to allow having samhain-$pkgver.tar.gz in source=(),
+# since it is inside samhain_signed-$pkgver.tar.gz
+[ -e ${pkgbase}_signed-$pkgver.tar.gz ] || curl -fLC - --retry 3 --retry-delay 3 -O ${source[0]}
+[[ -e samhain-$pkgver.tar.gz{,.asc} ]] || tar -zxf ${pkgbase}_signed-$pkgver.tar.gz &&
+source+=("samhain-$pkgver.tar.gz"{,.asc})
 
 build() {
-  gpg --verify PKGBUILD.sig PKGBUILD
-  echo "Note: If the GPG verification fails, import the PKGBUILD maintainer's GPG key. See: https://wiki.parabola.nu/GnuPG#Import_key"
-  gpg --verify samhain-${pkgver}.tar.gz.asc samhain-${pkgver}.tar.gz
-  echo "Note: If the GPG verification fails, import the Samhain GPG key: http://www.la-samhna.de/samhain/s_rkey.html"
-  tar -zxvf "${srcdir}/${pkgname}-current.tar.gz" -C "${srcdir}"/.
-  cd "${srcdir}"
-  tar -zxvf ${pkgname}-${pkgver}.tar.gz
-  cd "${pkgname}-${pkgver}"
-  ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc --with-trusted=0 --sbindir=/usr/bin 
-  # see samhain documentation, lots of other options available. e.g. use --enable-network=server to run in server mode.
+  cp -r "$pkgbase-$pkgver" "$pkgbase-server-$pkgver"
+
+  cd "$pkgbase-$pkgver"
+  ./configure --prefix=/usr \
+              --localstatedir=/var \
+              --sysconfdir=/etc \
+              --with-trusted=0 \
+              --sbindir=/usr/bin
+
+  cd "../$pkgbase-server-$pkgver"
+  ./configure --prefix=/usr \
+              --localstatedir=/var \
+              --sysconfdir=/etc \
+              --sbindir=/usr/bin \
+              --enable-network=server
 }
 
-package() {
-  cd "${pkgname}-${pkgver}"
-  make || return 1
-  make DESTDIR="$pkgdir/" install
+package_samhain-client() {
+  pkgdesc='File integrity/intrusion detection system'
+  install=samhain.install
+  provides=($pkgbase)
+  replaces=(${provides[@]})
+  conflicts=(${provides[@]})
+
+  cd "$pkgbase-$pkgver"
+
+  make DESTDIR="$pkgdir" install
+
   chmod 755 $pkgdir/usr/bin/samhain
   chmod 644 $pkgdir/etc/samhainrc
+  install -m755 -d "$pkgdir/usr/lib/systemd/system"
+  install -m644 "$srcdir/samhain.service" "$pkgdir/usr/lib/systemd/system/samhain.service"
+
+  rmdir $pkgdir/run
+  rmdir $pkgdir/var/log
+}
+
+package_samhain-server() {
+  pkgdesc='Server of file integrity/intrusion detection system'
+
+  cd "$pkgbase-server-$pkgver"
+
+  make DESTDIR="$pkgdir/" install
+
+  for f in yule{,admin.pl,_setpwd,ctl}; do
+    chmod 755 $pkgdir/usr/bin/$f
+  done
+  chmod 644 $pkgdir/etc/yulerc
+  install -m755 -d "$pkgdir/usr/lib/systemd/system"
+  install -m644 "$srcdir/yule.service" "$pkgdir/usr/lib/systemd/system/yule.service"
+
+  rmdir $pkgdir/run
+  rm -r $pkgdir/var/log
 }
diff --git a/pcr/samhain/PKGBUILD.sig b/pcr/samhain/PKGBUILD.sig
deleted file mode 100644
index b0495029a..000000000
--- a/pcr/samhain/PKGBUILD.sig
+++ /dev/null
diff --git a/pcr/samhain/samhain.install b/pcr/samhain/samhain.install
new file mode 100644
index 000000000..6c08e223f
--- /dev/null
+++ b/pcr/samhain/samhain.install
@@ -0,0 +1,6 @@
+post_install() {
+  echo "NOTE: samhain works by comparing the present state of the filesystem agains a"
+  echo "baseline database. If this is the first time that you are using samhain you"
+  echo "will need to perform the initialization (i.e. create the baseline database)"
+  echo "type the following command: samhain -t init"
+}
diff --git a/pcr/samhain/samhain.service b/pcr/samhain/samhain.service
new file mode 100644
index 000000000..711b98772
--- /dev/null
+++ b/pcr/samhain/samhain.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Samhain HIDS
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/samhain start
+ExecStop=/usr/bin/samhain stop
+
+[Install]
+WantedBy=multi-user.target
diff --git a/pcr/samhain/yule.service b/pcr/samhain/yule.service
new file mode 100644
index 000000000..90dbdb514
--- /dev/null
+++ b/pcr/samhain/yule.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Samhain HIDS
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/yule start
+ExecStop=/usr/sbin/yule stop
+
+[Install]
+WantedBy=multi-user.target