microsoft · anphel31 · Mar 10, 2022 · Mar 5, 2022 · Mar 5, 2022 · Mar 5, 2022
@@ -1,7 +1,7 @@
 Summary:        Kernel Audit Tool
 Name:           audit
 Version:        3.0.6
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -10,12 +10,9 @@ URL:            https://people.redhat.com/sgrubb/audit/
 Source0:        https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
 Patch0:         refuse-manual-stop.patch
 BuildRequires:  e2fsprogs-devel
-BuildRequires:  golang
 BuildRequires:  krb5-devel
-BuildRequires:  libcap-ng-devel
-BuildRequires:  openldap
 BuildRequires:  swig
-BuildRequires:  systemd
+BuildRequires:  systemd-bootstrap
 Requires:       %{name}-libs = %{version}-%{release}
 Requires:       gawk
 Requires:       krb5
@@ -71,10 +68,8 @@ and libauparse.
     --sysconfdir=%{_sysconfdir} \
     --with-python3=yes \
     --enable-gssapi-krb5=yes \
-    --with-libcap-ng=yes \
     --with-aarch64 \
-    --enable-zos-remote \
-    --with-golang \
+    --disable-zos-remote \
     --enable-systemd \
     --disable-static
 
@@ -124,8 +119,6 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %ghost %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audit-stop.rules
 %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/af_unix.conf
 %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/syslog.conf
-%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/audispd-zos-remote.conf
-%config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/zos-remote.conf
 %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/audisp-remote.conf
 %config(noreplace) %attr(640,root,root) %{_sysconfdir}/audit/plugins.d/au-remote.conf
 %config(noreplace) %attr(640,root,root) %{_sysconfdir}/libaudit.conf
@@ -139,7 +132,6 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %defattr(-,root,root)
 %{_libdir}/*.so
 %{_libdir}/pkgconfig/*.pc
-%{_libdir}/golang/*
 %{_includedir}/*.h
 %{_mandir}/man3/*
 %{_datadir}/aclocal/audit.m4
@@ -149,7 +141,10 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{python3_sitelib}/*
 
 %changelog
-* Mon Jan 31 2022 Chris PeBenito <chpebeni@microsoft.com> - 3.0.6.2
+* Fri Mar 04 2022 Andrew Phelps <anphel@microsoft.com> - 3.0.6-3
+- Reduce build requirements to build in toolchain environment
+
+* Mon Jan 31 2022 Chris PeBenito <chpebeni@microsoft.com> - 3.0.6-2
 - Remove override so auditd starts by default.
 
 * Fri Dec 10 2021 Chris Co <chrco@microsoft.com> - 3.0.6-1

@@ -7,7 +7,7 @@
 Summary:        Free version of the SSH connectivity tools
 Name:           openssh
 Version:        %{openssh_ver}
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -40,6 +40,7 @@ Patch306: pam_ssh_agent_auth-0.10.2-compat.patch
 # https://sourceforge.net/p/pamsshagentauth/bugs/22/
 Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch
 
+BuildRequires:  audit-devel
 BuildRequires:  e2fsprogs-devel
 BuildRequires:  groff
 BuildRequires:  krb5-devel
@@ -51,6 +52,7 @@ BuildRequires:  shadow-utils
 BuildRequires:  sudo
 %endif
 BuildRequires:  libselinux-devel
+Requires:       audit-libs
 Requires:       openssh-clients = %{openssh_ver}-%{release}
 Requires:       openssh-server = %{openssh_ver}-%{release}
 
@@ -124,6 +126,7 @@ export LDFLAGS="$LDFLAGS -pie -z relro -z now"
     --with-pam \
     --with-pie=no \
     --with-selinux \
+    --with-audit=linux \
     --with-maintype=man \
     --without-hardening `# The hardening flags are configured by system` \
     --enable-strip=no \
@@ -256,6 +259,9 @@ fi
 %{_mandir}/man8/ssh-sk-helper.8.gz
 
 %changelog
+* Fri Mar 04 2022 Andrew Phelps <anphel@microsoft.com> - 8.8p1-4
+- Build with audit support
+
 * Thu Dec 16 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 8.8p1-3
 - Removing the explicit %%clean stage.
 

@@ -1,7 +1,7 @@
 Summary:        Linux Pluggable Authentication Modules
 Name:           pam
 Version:        1.5.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        BSD and GPLv2+
 URL:            https://github.com/linux-pam/linux-pam
 Source0:        https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz
@@ -10,6 +10,7 @@ Vendor:         Microsoft Corporation
 Distribution:   Mariner
 BuildRequires:  cracklib-devel
 BuildRequires:  libselinux-devel
+BuildRequires:  audit-devel
 Requires:       cracklib
 
 %description
@@ -96,6 +97,9 @@ EOF
 %{_docdir}/%{name}-%{version}/*
 
 %changelog
+* Fri Mar 04 2022 Andrew Phelps <anphel@microsoft.com> - 1.5.1-3
+- Build with audit support
+
 * Tue Oct 19 2021 Jon Slobodzian <joslobo@microsoft.com> - 1.5.1-2
 - Remove libdb dependency
 

@@ -1,7 +1,7 @@
 Summary:        Programs for handling passwords in a secure way
 Name:           shadow-utils
 Version:        4.9
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -25,6 +25,7 @@ Patch0:         chkname-allowcase.patch
 Patch1:         libsubid-pam-link.patch
 BuildRequires:  %{_bindir}/xsltproc
 BuildRequires:  autoconf
+BuildRequires:  audit-devel
 BuildRequires:  automake
 BuildRequires:  cracklib
 BuildRequires:  cracklib-devel
@@ -33,6 +34,7 @@ BuildRequires:  libsemanage-devel
 BuildRequires:  libtool
 BuildRequires:  libxslt
 BuildRequires:  pam-devel
+Requires:       audit-libs
 Requires:       cracklib
 Requires:       libselinux
 Requires:       libsemanage
@@ -84,6 +86,7 @@ sed -i 's@DICTPATH.*@DICTPATH\t/usr/share/cracklib/pw_dict@' \
     --with-libcrack \
     --with-group-name-max-length=32 \
     --with-selinux \
+    --with-audit \
     --enable-man
 %make_build
 
@@ -167,6 +170,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_libdir}/libsubid.so
 
 %changelog
+* Fri Mar 04 2022 Andrew Phelps <anphel@microsoft.com> - 4.9-7
+- Build with audit-libs
+
 * Fri Nov 12 2021 Andrew Phelps <anphel@microsoft.com> - 4.9-6
 - Add provides to resolve dynamic dependencies
 

@@ -1,21 +1,23 @@
 Summary:        Utilities for file systems, consoles, partitions, and messages
 Name:           util-linux
 Version:        2.37.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          Applications/System
 URL:            https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/about/
 Source0:        https://mirrors.edge.kernel.org/pub/linux/utils/%{name}/v2.37/%{name}-%{version}.tar.xz
 
+BuildRequires:  audit-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  ncurses-devel
 %if %{with_check}
 BuildRequires:  ncurses-term
 %endif
 
 Requires:       %{name}-devel = %{version}-%{release}
+Requires:       audit-libs
 
 Conflicts:      toybox
 
@@ -66,7 +68,8 @@ autoreconf -fi
     --disable-static \
     --disable-use-tty-group \
     --without-python \
-    --with-selinux
+    --with-selinux \
+    --with-audit
 make %{?_smp_mflags}
 
 %install
@@ -123,6 +126,9 @@ rm -rf %{buildroot}/lib/systemd/system
 %{_mandir}/man3/*
 
 %changelog
+* Fri Mar 04 2022 Andrew Phelps <anphel@microsoft.com> - 2.37.2-3
+- Build with audit support
+
 * Fri Feb 04 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 2.37.2-2
 - Removing epoch
 

@@ -64,8 +64,8 @@ gzip-1.11-1.cm2.aarch64.rpm
 make-4.3-2.cm2.aarch64.rpm
 mariner-release-2.0-7.cm2.noarch.rpm
 patch-2.7.6-7.cm2.aarch64.rpm
-util-linux-2.37.2-2.cm2.aarch64.rpm
-util-linux-devel-2.37.2-2.cm2.aarch64.rpm
+util-linux-2.37.2-3.cm2.aarch64.rpm
+util-linux-devel-2.37.2-3.cm2.aarch64.rpm
 tar-1.34-1.cm2.aarch64.rpm
 xz-5.2.5-1.cm2.aarch64.rpm
 xz-devel-5.2.5-1.cm2.aarch64.rpm
@@ -241,3 +241,5 @@ newt-0.52.21-3.cm2.aarch64.rpm
 chkconfig-1.20-2.cm2.aarch64.rpm
 msopenjdk-11-11.0.13+8-LTS-4.aarch64.rpm
 pyproject-rpm-macros-1.0.0~rc1-2.cm2.noarch.rpm
+audit-3.0.6-3.cm2.aarch64.rpm
+audit-libs-3.0.6-3.cm2.aarch64.rpm
@@ -64,8 +64,8 @@ gzip-1.11-1.cm2.x86_64.rpm
 make-4.3-2.cm2.x86_64.rpm
 mariner-release-2.0-7.cm2.noarch.rpm
 patch-2.7.6-7.cm2.x86_64.rpm
-util-linux-2.37.2-2.cm2.x86_64.rpm
-util-linux-devel-2.37.2-2.cm2.x86_64.rpm
+util-linux-2.37.2-3.cm2.x86_64.rpm
+util-linux-devel-2.37.2-3.cm2.x86_64.rpm
 tar-1.34-1.cm2.x86_64.rpm
 xz-5.2.5-1.cm2.x86_64.rpm
 xz-devel-5.2.5-1.cm2.x86_64.rpm
@@ -241,3 +241,5 @@ newt-0.52.21-3.cm2.x86_64.rpm
 chkconfig-1.20-2.cm2.x86_64.rpm
 msopenjdk-11-11.0.13+8-LTS-4.x86_64.rpm
 pyproject-rpm-macros-1.0.0~rc1-2.cm2.noarch.rpm
+audit-3.0.6-3.cm2.x86_64.rpm
+audit-libs-3.0.6-3.cm2.x86_64.rpm
@@ -2,6 +2,10 @@ alsa-lib-1.2.6.1-1.cm2.aarch64.rpm
 alsa-lib-debuginfo-1.2.6.1-1.cm2.aarch64.rpm
 alsa-lib-devel-1.2.6.1-1.cm2.aarch64.rpm
 asciidoc-9.1.0-1.cm2.noarch.rpm
+audit-3.0.6-3.cm2.aarch64.rpm
+audit-debuginfo-3.0.6-3.cm2.aarch64.rpm
+audit-devel-3.0.6-3.cm2.aarch64.rpm
+audit-libs-3.0.6-3.cm2.aarch64.rpm
 autoconf-2.71-1.cm2.noarch.rpm
 automake-1.16.5-1.cm2.noarch.rpm
 bash-5.1.8-1.cm2.aarch64.rpm
@@ -262,10 +266,10 @@ p11-kit-debuginfo-0.24.1-1.cm2.aarch64.rpm
 p11-kit-devel-0.24.1-1.cm2.aarch64.rpm
 p11-kit-server-0.24.1-1.cm2.aarch64.rpm
 p11-kit-trust-0.24.1-1.cm2.aarch64.rpm
-pam-1.5.1-2.cm2.aarch64.rpm
-pam-debuginfo-1.5.1-2.cm2.aarch64.rpm
-pam-devel-1.5.1-2.cm2.aarch64.rpm
-pam-lang-1.5.1-2.cm2.aarch64.rpm
+pam-1.5.1-3.cm2.aarch64.rpm
+pam-debuginfo-1.5.1-3.cm2.aarch64.rpm
+pam-devel-1.5.1-3.cm2.aarch64.rpm
+pam-lang-1.5.1-3.cm2.aarch64.rpm
 patch-2.7.6-7.cm2.aarch64.rpm
 patch-debuginfo-2.7.6-7.cm2.aarch64.rpm
 pcre-8.45-1.cm2.aarch64.rpm
@@ -490,6 +494,7 @@ procps-ng-lang-3.3.17-1.cm2.aarch64.rpm
 pyproject-rpm-macros-1.0.0~rc1-2.cm2.noarch.rpm
 python-markupsafe-debuginfo-1.1.1-4.cm2.aarch64.rpm
 python3-3.9.10-1.cm2.aarch64.rpm
+python3-audit-3.0.6-3.cm2.aarch64.rpm
 python3-cracklib-2.9.7-4.cm2.aarch64.rpm
 python3-curses-3.9.10-1.cm2.aarch64.rpm
 python3-debuginfo-3.9.10-1.cm2.aarch64.rpm
@@ -544,10 +549,10 @@ texinfo-6.8-1.cm2.aarch64.rpm
 texinfo-debuginfo-6.8-1.cm2.aarch64.rpm
 unzip-6.0-19.cm2.aarch64.rpm
 unzip-debuginfo-6.0-19.cm2.aarch64.rpm
-util-linux-2.37.2-2.cm2.aarch64.rpm
-util-linux-debuginfo-2.37.2-2.cm2.aarch64.rpm
-util-linux-devel-2.37.2-2.cm2.aarch64.rpm
-util-linux-lang-2.37.2-2.cm2.aarch64.rpm
+util-linux-2.37.2-3.cm2.aarch64.rpm
+util-linux-debuginfo-2.37.2-3.cm2.aarch64.rpm
+util-linux-devel-2.37.2-3.cm2.aarch64.rpm
+util-linux-lang-2.37.2-3.cm2.aarch64.rpm
 wget-1.21.2-1.cm2.aarch64.rpm
 wget-debuginfo-1.21.2-1.cm2.aarch64.rpm
 which-2.21-8.cm2.aarch64.rpm

@@ -2,6 +2,10 @@ alsa-lib-1.2.6.1-1.cm2.x86_64.rpm
 alsa-lib-debuginfo-1.2.6.1-1.cm2.x86_64.rpm
 alsa-lib-devel-1.2.6.1-1.cm2.x86_64.rpm
 asciidoc-9.1.0-1.cm2.noarch.rpm
+audit-3.0.6-3.cm2.x86_64.rpm
+audit-debuginfo-3.0.6-3.cm2.x86_64.rpm
+audit-devel-3.0.6-3.cm2.x86_64.rpm
+audit-libs-3.0.6-3.cm2.x86_64.rpm
 autoconf-2.71-1.cm2.noarch.rpm
 automake-1.16.5-1.cm2.noarch.rpm
 bash-5.1.8-1.cm2.x86_64.rpm
@@ -262,10 +266,10 @@ p11-kit-debuginfo-0.24.1-1.cm2.x86_64.rpm
 p11-kit-devel-0.24.1-1.cm2.x86_64.rpm
 p11-kit-server-0.24.1-1.cm2.x86_64.rpm
 p11-kit-trust-0.24.1-1.cm2.x86_64.rpm
-pam-1.5.1-2.cm2.x86_64.rpm
-pam-debuginfo-1.5.1-2.cm2.x86_64.rpm
-pam-devel-1.5.1-2.cm2.x86_64.rpm
-pam-lang-1.5.1-2.cm2.x86_64.rpm
+pam-1.5.1-3.cm2.x86_64.rpm
+pam-debuginfo-1.5.1-3.cm2.x86_64.rpm
+pam-devel-1.5.1-3.cm2.x86_64.rpm
+pam-lang-1.5.1-3.cm2.x86_64.rpm
 patch-2.7.6-7.cm2.x86_64.rpm
 patch-debuginfo-2.7.6-7.cm2.x86_64.rpm
 pcre-8.45-1.cm2.x86_64.rpm
@@ -490,6 +494,7 @@ procps-ng-lang-3.3.17-1.cm2.x86_64.rpm
 pyproject-rpm-macros-1.0.0~rc1-2.cm2.noarch.rpm
 python-markupsafe-debuginfo-1.1.1-4.cm2.x86_64.rpm
 python3-3.9.10-1.cm2.x86_64.rpm
+python3-audit-3.0.6-3.cm2.x86_64.rpm
 python3-cracklib-2.9.7-4.cm2.x86_64.rpm
 python3-curses-3.9.10-1.cm2.x86_64.rpm
 python3-debuginfo-3.9.10-1.cm2.x86_64.rpm
@@ -544,10 +549,10 @@ texinfo-6.8-1.cm2.x86_64.rpm
 texinfo-debuginfo-6.8-1.cm2.x86_64.rpm
 unzip-6.0-19.cm2.x86_64.rpm
 unzip-debuginfo-6.0-19.cm2.x86_64.rpm
-util-linux-2.37.2-2.cm2.x86_64.rpm
-util-linux-debuginfo-2.37.2-2.cm2.x86_64.rpm
-util-linux-devel-2.37.2-2.cm2.x86_64.rpm
-util-linux-lang-2.37.2-2.cm2.x86_64.rpm
+util-linux-2.37.2-3.cm2.x86_64.rpm
+util-linux-debuginfo-2.37.2-3.cm2.x86_64.rpm
+util-linux-devel-2.37.2-3.cm2.x86_64.rpm
+util-linux-lang-2.37.2-3.cm2.x86_64.rpm
 wget-1.21.2-1.cm2.x86_64.rpm
 wget-debuginfo-1.21.2-1.cm2.x86_64.rpm
 which-2.21-8.cm2.x86_64.rpm

@@ -42,6 +42,7 @@ generate_toolchain () {
 # Remove specific packages that are not needed in pkggen_core
 remove_packages_for_pkggen_core () {
     sed -i '/alsa-lib-/d' $TmpPkgGen
+    sed -i '/audit-devel/d' $TmpPkgGen
     sed -i '/ca-certificates-legacy/d' $TmpPkgGen
     sed -i '/libtasn1-d/d' $TmpPkgGen
     sed -i '/libpkgconf-devel/d' $TmpPkgGen
@@ -299,6 +300,7 @@ generate_pkggen_core () {
         grep "^chkconfig-[0-9]" $TmpPkgGen
         grep "^msopenjdk-" $TmpPkgGen
         grep "^pyproject-" $TmpPkgGen
+        grep "^audit-" $TmpPkgGen
     } > "$1"
 }
 

@@ -468,6 +468,13 @@ build_rpm_in_chroot_no_install createrepo_c
 
 build_rpm_in_chroot_no_install libsepol
 
+audit needs: systemd-bootstrap?, python3, krb5, swig, e2fsprogs
+build_rpm_in_chroot_no_install audit
+
+# rebuild pam with selinux and audit support
+chroot_and_install_rpms audit
+build_rpm_in_chroot_no_install pam
+
 # libselinux requires libsepol
 chroot_and_install_rpms libsepol
 build_rpm_in_chroot_no_install libselinux
@@ -479,9 +486,6 @@ build_rpm_in_chroot_no_install debugedit
 chroot_and_install_rpms debugedit
 build_rpm_in_chroot_no_install rpm
 
-# rebuild pam with selinux support
-build_rpm_in_chroot_no_install pam
-
 # python-jinja2 needs python3-markupsafe
 # python3-setuptools, python3-xml are also needed but already installed
 build_rpm_in_chroot_no_install python-markupsafe