From owner-svn-ports-all@FreeBSD.ORG Mon Jan 20 18:29:51 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B84DD4BA; Mon, 20 Jan 2014 18:29:51 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 9815E1CC2; Mon, 20 Jan 2014 18:29:51 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id s0KITpQG008429; Mon, 20 Jan 2014 18:29:51 GMT (envelope-from mat@svn.freebsd.org) Received: (from mat@localhost) by svn.freebsd.org (8.14.7/8.14.7/Submit) id s0KITpJ0008427; Mon, 20 Jan 2014 18:29:51 GMT (envelope-from mat@svn.freebsd.org) Message-Id: <201401201829.s0KITpJ0008427@svn.freebsd.org> From: Mathieu Arnold Date: Mon, 20 Jan 2014 18:29:51 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r340439 - in head/security/snortsam: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jan 2014 18:29:51 -0000 Author: mat Date: Mon Jan 20 18:29:50 2014 New Revision: 340439 URL: http://svnweb.freebsd.org/changeset/ports/340439 QAT: https://qat.redports.org/buildarchive/r340439/ Log: * Fix build on 10 * Support staging * General cleanup Sponsored by: Absolight Modified: head/security/snortsam/Makefile head/security/snortsam/files/pkg-install.in Modified: head/security/snortsam/Makefile ============================================================================== --- head/security/snortsam/Makefile Mon Jan 20 18:28:51 2014 (r340438) +++ head/security/snortsam/Makefile Mon Jan 20 18:29:50 2014 (r340439) @@ -16,24 +16,17 @@ OPTIONS_DEFAULT= IPFW SAMTOOL IPFW_DESC= checks if configured tables are available SAMTOOL_DESC= install samtool -NO_STAGE= yes .include USE_RC_SUBR= snortsam SUB_FILES= pkg-message \ pkg-install -HAS_CONFIGURE= yes -NO_BUILD= yes -CONFIGURE_SCRIPT= src/Makefile - -CONFIG_DIR?= ${PREFIX}/etc/snortsam - PLIST_DIRS= etc/snortsam PLIST_FILES= sbin/snortsam \ - etc/snortsam/snortsam.conf.sample \ - etc/snortsam/country-rootservers.conf.sample \ - etc/snortsam/rootservers.cfg.sample + %%ETCDIR%%/snortsam.conf.sample \ + %%ETCDIR%%/country-rootservers.conf.sample \ + %%ETCDIR%%/rootservers.cfg.sample .if ${PORT_OPTIONS:MSAMTOOL} PLIST_FILES+= sbin/samtool @@ -52,40 +45,34 @@ EXTRA_PATCHES+= ${FILESDIR}/ssp_ipfw2_no DEBUG=-DDEBUG .endif +# This seems silly, but the RC file gets into ${WRKDIR}/${PORTNAME} which +# without this, would exist and be a directory. post-extract: @${MV} ${WRKDIR}/${PORTNAME} ${WRKSRC} -pre-configure: - @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/conf/snortsam.conf.sample - @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/docs/README.conf - @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/src/snortsam.h - @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${CONFIG_DIR}/snortsam.conf|g" ${WRKSRC}/contrib/snortsam-state.c +post-patch: + @${REINPLACE_CMD} -e '/^CC/d' ${WRKSRC}/src/Makefile + @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${ETCDIR}/snortsam.conf|g" ${WRKSRC}/conf/snortsam.conf.sample + @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${ETCDIR}/snortsam.conf|g" ${WRKSRC}/docs/README.conf + @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${ETCDIR}/snortsam.conf|g" ${WRKSRC}/src/snortsam.h + @${REINPLACE_CMD} -e "s|/etc/snortsam.conf|${ETCDIR}/snortsam.conf|g" ${WRKSRC}/contrib/snortsam-state.c @${CHMOD} +x ${WRKSRC}/makesnortsam.sh -do-configure: +do-build: @cd ${WRKSRC}/src && ${MAKE} ${DEBUG} @cd ${WRKSRC}/src && ${MAKE} samtool ${DEBUG} -# no access to snortsam.conf and samtool for non root users! do-install: - @${INSTALL_PROGRAM} ${WRKSRC}/snortsam ${PREFIX}/sbin -.if ${PORT_OPTIONS:MSAMTOOL} - @${INSTALL} -o root -g wheel -m 500 ${WRKSRC}/samtool ${PREFIX}/sbin -.endif - @${MKDIR} -m 700 ${CONFIG_DIR} - @${INSTALL_DATA} -m 600 ${WRKSRC}/conf/snortsam.conf.sample ${CONFIG_DIR}/snortsam.conf.sample - @${INSTALL_DATA} ${WRKSRC}/conf/rootservers.cfg ${CONFIG_DIR}/rootservers.cfg.sample - @${INSTALL_DATA} ${WRKSRC}/conf/country-rootservers.conf ${CONFIG_DIR}/country-rootservers.conf.sample + ${INSTALL_PROGRAM} ${WRKSRC}/snortsam ${STAGEDIR}${PREFIX}/sbin + ${INSTALL_PROGRAM} ${WRKSRC}/samtool ${STAGEDIR}${PREFIX}/sbin + @${MKDIR} ${STAGEDIR}${ETCDIR} + ${INSTALL_DATA} ${WRKSRC}/conf/snortsam.conf.sample ${STAGEDIR}${ETCDIR}/snortsam.conf.sample + ${INSTALL_DATA} ${WRKSRC}/conf/rootservers.cfg ${STAGEDIR}${ETCDIR}/rootservers.cfg.sample + ${INSTALL_DATA} ${WRKSRC}/conf/country-rootservers.conf ${STAGEDIR}${ETCDIR}/country-rootservers.conf.sample -.if ${PORT_OPTIONS:MDOCS} - @${MKDIR} ${DOCSDIR} + @${MKDIR} ${STAGEDIR}${DOCSDIR} .for f in ${PORTDOCS} - @${INSTALL_DATA} ${WRKSRC}/docs/${f} ${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/docs/${f} ${STAGEDIR}${DOCSDIR} .endfor -.endif - -post-install: - @${SH} ${PKGINSTALL} ${DISTNAME} POST-INSTALL - @${CAT} ${PKGMESSAGE} .include Modified: head/security/snortsam/files/pkg-install.in ============================================================================== --- head/security/snortsam/files/pkg-install.in Mon Jan 20 18:28:51 2014 (r340438) +++ head/security/snortsam/files/pkg-install.in Mon Jan 20 18:29:50 2014 (r340439) @@ -3,15 +3,22 @@ # $FreeBSD$ ETCDIR=${ETCDIR:=%%ETCDIR%%} +PREFIX=${PREFIX:=%%PREFIX%%} # snortsam config file contain sensitive data like # passwords needed to block IP's on the firewalls. # Set permission of the config dir to 700 so only # root:wheel can access this directory. +# Also, samtool shouldn't be run by non root. if [ "$2" = "POST-INSTALL" ]; then if [ -d ${ETCDIR} ]; then /usr/sbin/chown root:wheel ${ETCDIR} /bin/chmod 700 ${ETCDIR} + /bin/chmod 600 ${ETCDIR}/snortsam.conf.sample + fi + if [ -x ${PREFIX}/sbin/samtool ] + then + /bin/chmod 500 ${PREFIX}/sbin/samtool fi fi