#!/bin/sh
# $Id$
# Copyright 2013  Eric Hameleers, Eindhoven, NL
# All rights reserved.
#
#   Permission to use, copy, modify, and distribute this software for
#   any purpose with or without fee is hereby granted, provided that
#   the above copyright notice and this permission notice appear in all
#   copies.
#
#   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
#   WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#   MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
#   IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
#   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
#   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
#   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
#   USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
#   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
#   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
#   OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
#   SUCH DAMAGE.
# -----------------------------------------------------------------------------
#
# Slackware SlackBuild script 
# ===========================
# By:          Eric Hameleers <alien@slackware.com>
# For:         lynis
# Descr:       Security and system auditing tool for Linux
# URL:         http://www.rootkit.nl/
# Build needs: 
# Needs:       
# Changelog:   
# 1.3.4-1:     18/Nov/2013 by Eric Hameleers <alien@slackware.com>
#              * Initial build.
# 
# Run 'sh lynis.SlackBuild' to build a Slackware package.
# The package (.tgz) and .txt file as well as build logs are created in /tmp .
# Install it using 'installpkg'. 
#
# -----------------------------------------------------------------------------

PRGNAM=lynis
VERSION=${VERSION:-1.3.4}
BUILD=${BUILD:-1}
ARCH=noarch
NUMJOBS=${NUMJOBS:" -j4 "}
TAG=${TAG:-alien}

DOCS="CHANGELOG FAQ INSTALL LICENSE README"

# Where do we look for sources?
SRCDIR=$(cd $(dirname $0); pwd)

# Place to build (TMP) package (PKG) and output (OUTPUT) the program:
TMP=${TMP:-/tmp/build}
PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp}

LYNIS_URL="http://www.rootkit.nl/download/lynis.html"
LYNIS_INCL="/usr/share/lynis/include"
LYNIS_PLUGINS="/usr/share/lynis/plugins"
LYNIS_DB="/usr/share/lynis/db"

SOURCE[0]="$SRCDIR/${PRGNAM}-${VERSION}.tar.gz"
SRCURL[0]="http://cisofy.com/files/${PRGNAM}-${VERSION}.tar.gz"

##
## --- with a little luck, you won't have to edit below this point --- ##
##

# Exit the script on errors:
set -e
trap 'echo "$0 FAILED at line ${LINENO}" | tee $OUTPUT/error-${PRGNAM}.log' ERR
# Catch unitialized variables:
set -u
P1=${1:-1}

# Save old umask and set to 0022:
_UMASK_=$(umask)
umask 0022

# Create working directories:
mkdir -p $OUTPUT          # place for the package to be saved
mkdir -p $TMP/tmp-$PRGNAM # location to build the source
mkdir -p $PKG             # place for the package to be built
rm -rf $PKG/*             # always erase old package's contents
rm -rf $TMP/tmp-$PRGNAM/* # remove the remnants of previous build
rm -rf $OUTPUT/{configure,make,install,error,makepkg,patch}-$PRGNAM.log
                          # remove old log files

# Source file availability:
for (( i = 0; i < ${#SOURCE[*]}; i++ )) ; do
  if ! [ -f ${SOURCE[$i]} ]; then
    echo "Source '$(basename ${SOURCE[$i]})' not available yet..."
    # Check if the $SRCDIR is writable at all - if not, download to $OUTPUT
    [ -w "$SRCDIR" ] || SOURCE[$i]="$OUTPUT/$(basename ${SOURCE[$i]})"
    if [ -f ${SOURCE[$i]} ]; then echo "Ah, found it!"; continue; fi
    if ! [ "x${SRCURL[$i]}" == "x" ]; then
      echo "Will download file to $(dirname $SOURCE[$i])"
      wget -nv -T 20 -O "${SOURCE[$i]}" "${SRCURL[$i]}" || true
      if [ $? -ne 0 -o ! -s "${SOURCE[$i]}" ]; then
        echo "Fail to download '$(basename ${SOURCE[$i]})'. Aborting the build."
        mv -f "${SOURCE[$i]}" "${SOURCE[$i]}".FAIL
        exit 1
      fi
    else
      echo "File '$(basename ${SOURCE[$i]})' not available. Aborting the build."
      exit 1
    fi
  fi
done

if [ "$P1" == "--download" ]; then
  echo "Download complete."
  exit 0
fi

# --- PACKAGE BUILDING ---

echo "++"
echo "|| $PRGNAM-$VERSION"
echo "++"

cd $TMP/tmp-$PRGNAM
echo "Retrieving sha1sum for the source archive:"
REMOTE_SHA1SUM=$(lynx -dump ${LYNIS_URL} |grep '(SHA1)' |grep -w ${VERSION} |tr -d ' '|cut -d: -f2)
LOCAL_SHA1SUM=$(sha1sum ${SOURCE[0]} | cut -f1 -d' ')
if [ "$REMOTE_SHA1SUM" != "$LOCAL_SHA1SUM" ]; then
  echo ""
  echo "The sha1sum of the source tarball ($LOCAL_SHA1SUM) does not match the sha1sum as recorded on the home page ($REMOTE_SHA1SUM)."
  echo "** Continue at your own risk **"
  echo ""
  sleep 10
else
  echo "Archive sha1sum is valid."
fi

echo "Extracting the source archive(s) for $PRGNAM..."
tar -xf ${SOURCE[0]}
cd ${PRGNAM}-${VERSION}
chown -R root:root .
chmod -R u+w,go+r-w,a+X-s .

# Install profile
install -d ${PKG}/etc/lynis
install default.prf ${PKG}/etc/lynis
# Install binary
install -d ${PKG}/usr/bin
install lynis ${PKG}/usr/bin
# Install man page
install -d ${PKG}/usr/man/man8
install lynis.8 ${PKG}/usr/man/man8
# Install functions/includes
install -d ${PKG}/${LYNIS_INCL}
install include/* ${PKG}/${LYNIS_INCL}
# Install plugins
install -d ${PKG}/${LYNIS_PLUGINS}
install plugins/* ${PKG}/${LYNIS_PLUGINS}
# Install database files
install -d ${PKG}/${LYNIS_DB}
install db/* ${PKG}/${LYNIS_DB}

# Do not clobber the default profile:
mv ${PKG}/etc/lynis/default.prf{,.new}

# Add this to the doinst.sh:
mkdir -p $PKG/install
cat <<EOINS >> $PKG/install/doinst.sh
# Handle the incoming configuration files:
config() {
  for infile in \$1; do
    NEW="\$infile"
    OLD="\`dirname \$NEW\`/\`basename \$NEW .new\`"
    # If there's no config file by that name, mv it over:
    if [ ! -r \$OLD ]; then
      mv \$NEW \$OLD
    elif [ "\`cat \$OLD | md5sum\`" = "\`cat \$NEW | md5sum\`" ]; then
      # toss the redundant copy
      rm \$NEW
    fi
    # Otherwise, we leave the .new copy for the admin to consider...
  done
}

config etc/lynis/default.prf.new

EOINS

# Add documentation:
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
cp -a $DOCS $PKG/usr/doc/$PRGNAM-$VERSION || true
cat $SRCDIR/$(basename $0) > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
chown -R root:root $PKG/usr/doc/$PRGNAM-$VERSION
find $PKG/usr/doc -type f -exec chmod 644 {} \;

# Compress the man page:
find $PKG/usr/man -type f -name "*.?" -exec gzip -9f {} \;

# Add a package description:
mkdir -p $PKG/install
cat $SRCDIR/slack-desc > $PKG/install/slack-desc

# Build the package:
cd $PKG
makepkg --linkadd y --chown n $OUTPUT/${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.${PKGTYPE:-tgz} 2>&1 | tee $OUTPUT/makepkg-${PRGNAM}.log
cd $OUTPUT
md5sum ${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.${PKGTYPE:-tgz} > ${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.${PKGTYPE:-tgz}.md5
cd -
cat $PKG/install/slack-desc | grep "^${PRGNAM}" > $OUTPUT/${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.txt

# Restore the original umask:
umask ${_UMASK_}