Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 Jan 2012 14:31:14 -0500 (EST)
From:      Michael Scheidell <scheidell@secnap.net>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/164343: [PATCH] security/snort add SNORT_OPTIONS make.conf options.
Message-ID:  <20120120193114.D071B1D3E3@scanner.secnap.net>
Resent-Message-ID: <201201201940.q0KJeDTo030018@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         164343
>Category:       ports
>Synopsis:       [PATCH] security/snort add SNORT_OPTIONS make.conf options.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 20 19:40:13 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Michael Scheidell
>Release:        FreeBSD 7.4-RELEASE-p3 i386
>Organization:
SECNAP Network Security Corp
>Environment:
8.x amd64, 7.4 amd64
>Description:
1)	Sometimes, you need to put conflicting options in make.conf, WITH_MYSQL for one port, WITHOUT_MYSQL for another.
        This takes code from mail/postfix, which had the same problem.  It sets up the ability to automagically turn knobs
        via make.conf.  This will work with make install/package (which pkgtools.conf doesn't), as well as package tools
        To make this work in make.conf, add a list of the conflicting knobs to make.conf:  example
	SNORT_OPTIONS=MYSQL ZLIB PERFPROFILE
	This also works in tb/scripts/etc/env, but as:
	export 	SNORT_OPTIONS=MYSQL\ ZLIB\ PERFPROFILE
2)	if you define NOPORTSDOCS=yes in env, or make.conf, install still installs:
== Checking filesystem state after all packages deleted
================================================================
list of extra files and directories in / (not present on clean system but present after everything was deinstalled)
5555747 8 drwxr-xr-x 2 root wheel 512 Jan 20 15:42 usr/local/share/doc/snort
5555765 8 -r--r--r-- 1 root wheel 562 Jan 20 15:42 usr/local/share/doc/snort/README.u2boat 

I added a @${RM} in port Makefile, after spending an hour looking to try to patch ${WRKSRC}/tools/u2boat/Makefile*
3) RUN_DEPENDS should be RUN_DEPENDS:={$BUILD_DEPENDS}, makes portlint happy(er)

>How-To-Repeat:
1)	add WITH_MYSQL=yes to make.conf.  build snort.  pulls in mysql support, even if you really don't want it.
2)	define NOPORTSDOCS=yes in make.conf, or env.  install snort. see /usr/local/share/doc/snort/README.u2boat
3) 	portlint will complain if RUN_DEPENDS=${BUILD_DEPENDS}, so we (I think I did it), made duplicate entries.

>Fix:
	- Adds ability to support conflicting options to make.conf.  Common kernel options like WITH(OUT)_IP=V6 not touched.
	- These knobs .for o in MPLS GRE TARGETBASED DECODERPRE ZLIB PERFPROFILE MYSQL ODBC POSTGRESQL LRGPCAP
        - Bump PORTREVISION because of NOPORTSDOCS change
	- portlint, best practices for RUN_DEPENDS:= ${BUILD_DEPENDS}
--- snort.patch begins here ---
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/security/snort/Makefile,v
retrieving revision 1.144
diff -u -r1.144 Makefile
--- Makefile	16 Dec 2011 14:45:39 -0000	1.144
+++ Makefile	20 Jan 2012 19:14:52 -0000
@@ -7,6 +7,7 @@
 
 PORTNAME=	snort
 PORTVERSION=	2.9.2
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	SF/snort/snort \
 		http://people.rit.edu/rpsfa/distfiles/
@@ -22,24 +23,35 @@
 LIB_DEPENDS=	pcre.0:${PORTSDIR}/devel/pcre
 BUILD_DEPENDS=	daq>=0.6.2:${PORTSDIR}/net/daq \
 		${LOCALBASE}/lib/libnet11/libnet.a:${PORTSDIR}/net/libnet
-RUN_DEPENDS=	daq>=0.6.2:${PORTSDIR}/net/daq \
-		${LOCALBASE}/lib/libnet11/libnet.a:${PORTSDIR}/net/libnet
+RUN_DEPENDS:=	${BUILD_DEPENDS}
+
+# ported from postfix/Makefile, thanks
+# back compat pull in settings from SNORT_OPTIONS for convenience when
+# make config is run (happens first time port is built, too)
+.for o in MPLS GRE TARGETBASED DECODERPRE ZLIB PERFPROFILE MYSQL ODBC POSTGRESQL LRGPCAP
+STATUS_${o}=off
+.endfor
+.if defined(SNORT_OPTIONS)
+. for o in ${SNORT_OPTIONS}
+STATUS_${o}=on
+. endfor
+.endif
 
 OPTIONS=	IPV6 "Enable IPv6 support" on \
-		MPLS "Enable MPLS support" on \
-		GRE "Enable GRE support" on \
+		MPLS "Enable MPLS support" ${STATUS_MPLS} \
+		GRE "Enable GRE support" ${STATUS_GRE} \
 		TARGETBASED "Enable Targetbased support" off \
 		DECODERPRE "Enable Decoded-Preprocessor-Rules" on \
-		ZLIB "Enable GZIP support" on \
+		ZLIB "Enable GZIP support" ${STATUS_ZLIB} \
 		NORMALIZER "Enable Normalizer" on \
 		REACT "Enable React" on \
-		PERFPROFILE "Enable Performance Profiling" on \
+		PERFPROFILE "Enable Performance Profiling" ${STATUS_PERFPROFILE} \
 		FLEXRESP3 "Flexible response to events (version 3)" on \
-		MYSQL "Enable MySQL support" off \
-		ODBC "Enable ODBC support" off \
-		POSTGRESQL "Enable PostgreSQL support" off \
+		MYSQL "Enable MySQL support" ${STATUS_MYSQL} \
+		ODBC "Enable ODBC support" ${STATUS_ODBC} \
+		POSTGRESQL "Enable PostgreSQL support" ${STATUS_POSTGRESQL} \
 		PRELUDE "Enable Prelude NIDS integration" off \
-		LRGPCAP "Enable pcaps larger than 2GB" off \
+		LRGPCAP "Enable pcaps larger than 2GB" ${STATUS_LRGPCAP} \
 		SNORTSAM "Unofficial Snortsam Patch" off \
 		SOURCEFIRE "Enable Sourcefire specific build options" on \
 		DBGSNORT "Enable debugging symbols+core dumps" off
@@ -200,6 +212,7 @@
 .endif
 .if defined(NOPORTDOCS)
 	@${REINPLACE_CMD} '/SUBDIRS = /s/doc//' ${WRKSRC}/Makefile.in ${WRKSRC}/Makefile.am
+	@${REINPLACE_CMD} '/^dist_doc_DATA/s/=.*/=/' ${WRKSRC}/tools/u2boat/Makefile.am
 .endif
 
 pre-configure:
@@ -236,6 +249,8 @@
 .if !defined(NOPORTDOCS)
 	@${MKDIR} ${DOCSDIR}
 	cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DOCSDIR}
+.else
+	@${RM} -rf ${DOCSDIR}
 .endif
 .if defined(WITH_DECODERPRE)
 	@${MKDIR} ${PREPROC_RULE_DIR}
--- snort.patch ends here ---


______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com/
______________________________________________________________________  
  
>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120120193114.D071B1D3E3>