Message ID | 20181122133429.16838-1-arunisaac@systemreboot.net |
---|---|
State | Accepted |
Headers | show |
Series | [bug#33464] gnu: Add lynis. | expand |
Context | Check | Description |
---|---|---|
cbaines/applying patch | success | Successfully applied |
Arun Isaac <arunisaac@systemreboot.net> writes: > * gnu/packages/admin.scm (lynis): New variable. [...] > +(define-public lynis > + (package > + (name "lynis") > + (version "2.7.0") > + (source > + (origin > + (method url-fetch) > + (uri (string-append "https://github.com/CISOfy/lynis/archive/" > + version ".tar.gz")) > + (file-name (string-append name "-" version ".tar.gz")) Can you use "git-fetch" here instead? The autogenerated GitHub "archive" tarballs are not stable: their hash may change in the future. > + (sha256 > + (base32 > + "13np0bbkcz7k8336wdcq69b93wmc2vm1ryz988cr0kan11mxsr3k")) > + (modules '((guix build utils))) > + (snippet > + '(begin > + ;; Remove proprietary plugins > + (with-directory-excursion "plugins" > + (for-each delete-file (list "plugin_pam_phase1" > + "plugin_systemd_phase1"))) Only one of these files have an explicit proprietary license, but given the wording in the README it is safe to assume the other might not be free. In fact, since the README states "community plugins are available under a restriced license", I would prefer to delete everything except a whitelist here. WDYT? > + #t)))) > + (build-system gnu-build-system) > + (arguments > + `(#:tests? #f ; no tests The .travis.yml runs "cd ./lynis-sdk && sh lynis-devkit run unit-tests". Is that an option for us? > + #:phases > + (modify-phases %standard-phases > + (replace 'configure > + (lambda* (#:key outputs #:allow-other-keys) > + (substitute* "lynis" > + (("/usr/share/lynis") > + (string-append (assoc-ref outputs "out") "/share/lynis"))) > + (substitute* "include/functions" > + (("/usr/local/etc/lynis") > + (string-append (assoc-ref outputs "out") "/etc/lynis"))) > + #t)) > + (delete 'build) > + (replace 'install > + (lambda* (#:key outputs #:allow-other-keys) > + (let ((out (assoc-ref outputs "out"))) > + (install-file "lynis" (string-append out "/bin/")) > + (install-file "default.prf" (string-append out "/etc/lynis")) > + (for-each > + (lambda (dir) > + (copy-recursively dir (string-append out "/share/lynis/" dir))) > + (list "db" "include" "plugins")) > + (install-file "lynis.8" (string-append out "/share/man/man8")) > + #t)))))) > + (home-page "https://cisofy.com/lynis/") > + (synopsis "Security auditing tool") > + (description "Lynis is a security auditing tool. It performs an in-depth > +security scan and runs on the system itself. The primary goal is to test > +security defenses and provide tips for further system hardening. It will also > +scan for general system information, vulnerable software packages, and > +possible configuration issues.") > + (license license:gpl3))) The file headers only say "This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See LICENSE file for usage of this software.". The GPL3 copy in LICENSE states that: If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. So I think this should be "gpl3+". The rest LGTM, thanks!
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 28961ecf8..513d7a26b 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -2837,3 +2837,59 @@ support forum. It runs with the @code{/exec} command in most IRC clients.") (description "This package provides tools to manage clients of the Logitech Unifying Receiver.") (license license:gpl2))) + +(define-public lynis + (package + (name "lynis") + (version "2.7.0") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/CISOfy/lynis/archive/" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "13np0bbkcz7k8336wdcq69b93wmc2vm1ryz988cr0kan11mxsr3k")) + (modules '((guix build utils))) + (snippet + '(begin + ;; Remove proprietary plugins + (with-directory-excursion "plugins" + (for-each delete-file (list "plugin_pam_phase1" + "plugin_systemd_phase1"))) + #t)))) + (build-system gnu-build-system) + (arguments + `(#:tests? #f ; no tests + #:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key outputs #:allow-other-keys) + (substitute* "lynis" + (("/usr/share/lynis") + (string-append (assoc-ref outputs "out") "/share/lynis"))) + (substitute* "include/functions" + (("/usr/local/etc/lynis") + (string-append (assoc-ref outputs "out") "/etc/lynis"))) + #t)) + (delete 'build) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (install-file "lynis" (string-append out "/bin/")) + (install-file "default.prf" (string-append out "/etc/lynis")) + (for-each + (lambda (dir) + (copy-recursively dir (string-append out "/share/lynis/" dir))) + (list "db" "include" "plugins")) + (install-file "lynis.8" (string-append out "/share/man/man8")) + #t)))))) + (home-page "https://cisofy.com/lynis/") + (synopsis "Security auditing tool") + (description "Lynis is a security auditing tool. It performs an in-depth +security scan and runs on the system itself. The primary goal is to test +security defenses and provide tips for further system hardening. It will also +scan for general system information, vulnerable software packages, and +possible configuration issues.") + (license license:gpl3)))