Date: Fri, 20 Jan 2012 14:31:14 -0500 (EST) From: Michael Scheidell <scheidell@secnap.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/164343: [PATCH] security/snort add SNORT_OPTIONS make.conf options. Message-ID: <20120120193114.D071B1D3E3@scanner.secnap.net> Resent-Message-ID: <201201201940.q0KJeDTo030018@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 164343 >Category: ports >Synopsis: [PATCH] security/snort add SNORT_OPTIONS make.conf options. >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Jan 20 19:40:13 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Michael Scheidell >Release: FreeBSD 7.4-RELEASE-p3 i386 >Organization: SECNAP Network Security Corp >Environment: 8.x amd64, 7.4 amd64 >Description: 1) Sometimes, you need to put conflicting options in make.conf, WITH_MYSQL for one port, WITHOUT_MYSQL for another. This takes code from mail/postfix, which had the same problem. It sets up the ability to automagically turn knobs via make.conf. This will work with make install/package (which pkgtools.conf doesn't), as well as package tools To make this work in make.conf, add a list of the conflicting knobs to make.conf: example SNORT_OPTIONS=MYSQL ZLIB PERFPROFILE This also works in tb/scripts/etc/env, but as: export SNORT_OPTIONS=MYSQL\ ZLIB\ PERFPROFILE 2) if you define NOPORTSDOCS=yes in env, or make.conf, install still installs: == Checking filesystem state after all packages deleted ================================================================ list of extra files and directories in / (not present on clean system but present after everything was deinstalled) 5555747 8 drwxr-xr-x 2 root wheel 512 Jan 20 15:42 usr/local/share/doc/snort 5555765 8 -r--r--r-- 1 root wheel 562 Jan 20 15:42 usr/local/share/doc/snort/README.u2boat I added a @${RM} in port Makefile, after spending an hour looking to try to patch ${WRKSRC}/tools/u2boat/Makefile* 3) RUN_DEPENDS should be RUN_DEPENDS:={$BUILD_DEPENDS}, makes portlint happy(er) >How-To-Repeat: 1) add WITH_MYSQL=yes to make.conf. build snort. pulls in mysql support, even if you really don't want it. 2) define NOPORTSDOCS=yes in make.conf, or env. install snort. see /usr/local/share/doc/snort/README.u2boat 3) portlint will complain if RUN_DEPENDS=${BUILD_DEPENDS}, so we (I think I did it), made duplicate entries. >Fix: - Adds ability to support conflicting options to make.conf. Common kernel options like WITH(OUT)_IP=V6 not touched. - These knobs .for o in MPLS GRE TARGETBASED DECODERPRE ZLIB PERFPROFILE MYSQL ODBC POSTGRESQL LRGPCAP - Bump PORTREVISION because of NOPORTSDOCS change - portlint, best practices for RUN_DEPENDS:= ${BUILD_DEPENDS} --- snort.patch begins here --- Index: Makefile =================================================================== RCS file: /home/pcvs/ports/security/snort/Makefile,v retrieving revision 1.144 diff -u -r1.144 Makefile --- Makefile 16 Dec 2011 14:45:39 -0000 1.144 +++ Makefile 20 Jan 2012 19:14:52 -0000 @@ -7,6 +7,7 @@ PORTNAME= snort PORTVERSION= 2.9.2 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= SF/snort/snort \ http://people.rit.edu/rpsfa/distfiles/ @@ -22,24 +23,35 @@ LIB_DEPENDS= pcre.0:${PORTSDIR}/devel/pcre BUILD_DEPENDS= daq>=0.6.2:${PORTSDIR}/net/daq \ ${LOCALBASE}/lib/libnet11/libnet.a:${PORTSDIR}/net/libnet -RUN_DEPENDS= daq>=0.6.2:${PORTSDIR}/net/daq \ - ${LOCALBASE}/lib/libnet11/libnet.a:${PORTSDIR}/net/libnet +RUN_DEPENDS:= ${BUILD_DEPENDS} + +# ported from postfix/Makefile, thanks +# back compat pull in settings from SNORT_OPTIONS for convenience when +# make config is run (happens first time port is built, too) +.for o in MPLS GRE TARGETBASED DECODERPRE ZLIB PERFPROFILE MYSQL ODBC POSTGRESQL LRGPCAP +STATUS_${o}=off +.endfor +.if defined(SNORT_OPTIONS) +. for o in ${SNORT_OPTIONS} +STATUS_${o}=on +. endfor +.endif OPTIONS= IPV6 "Enable IPv6 support" on \ - MPLS "Enable MPLS support" on \ - GRE "Enable GRE support" on \ + MPLS "Enable MPLS support" ${STATUS_MPLS} \ + GRE "Enable GRE support" ${STATUS_GRE} \ TARGETBASED "Enable Targetbased support" off \ DECODERPRE "Enable Decoded-Preprocessor-Rules" on \ - ZLIB "Enable GZIP support" on \ + ZLIB "Enable GZIP support" ${STATUS_ZLIB} \ NORMALIZER "Enable Normalizer" on \ REACT "Enable React" on \ - PERFPROFILE "Enable Performance Profiling" on \ + PERFPROFILE "Enable Performance Profiling" ${STATUS_PERFPROFILE} \ FLEXRESP3 "Flexible response to events (version 3)" on \ - MYSQL "Enable MySQL support" off \ - ODBC "Enable ODBC support" off \ - POSTGRESQL "Enable PostgreSQL support" off \ + MYSQL "Enable MySQL support" ${STATUS_MYSQL} \ + ODBC "Enable ODBC support" ${STATUS_ODBC} \ + POSTGRESQL "Enable PostgreSQL support" ${STATUS_POSTGRESQL} \ PRELUDE "Enable Prelude NIDS integration" off \ - LRGPCAP "Enable pcaps larger than 2GB" off \ + LRGPCAP "Enable pcaps larger than 2GB" ${STATUS_LRGPCAP} \ SNORTSAM "Unofficial Snortsam Patch" off \ SOURCEFIRE "Enable Sourcefire specific build options" on \ DBGSNORT "Enable debugging symbols+core dumps" off @@ -200,6 +212,7 @@ .endif .if defined(NOPORTDOCS) @${REINPLACE_CMD} '/SUBDIRS = /s/doc//' ${WRKSRC}/Makefile.in ${WRKSRC}/Makefile.am + @${REINPLACE_CMD} '/^dist_doc_DATA/s/=.*/=/' ${WRKSRC}/tools/u2boat/Makefile.am .endif pre-configure: @@ -236,6 +249,8 @@ .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DOCSDIR} +.else + @${RM} -rf ${DOCSDIR} .endif .if defined(WITH_DECODERPRE) @${MKDIR} ${PREPROC_RULE_DIR} --- snort.patch ends here --- ______________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com/ ______________________________________________________________________ >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120120193114.D071B1D3E3>