Date: Fri, 20 Jan 2012 14:31:14 -0500 (EST) From: Michael Scheidell <scheidell@secnap.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/164343: [PATCH] security/snort add SNORT_OPTIONS make.conf options. Message-ID: <20120120193114.D071B1D3E3@scanner.secnap.net> Resent-Message-ID: <201201201940.q0KJeDTo030018@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 164343
>Category: ports
>Synopsis: [PATCH] security/snort add SNORT_OPTIONS make.conf options.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Jan 20 19:40:13 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Michael Scheidell
>Release: FreeBSD 7.4-RELEASE-p3 i386
>Organization:
SECNAP Network Security Corp
>Environment:
8.x amd64, 7.4 amd64
>Description:
1) Sometimes, you need to put conflicting options in make.conf, WITH_MYSQL for one port, WITHOUT_MYSQL for another.
This takes code from mail/postfix, which had the same problem. It sets up the ability to automagically turn knobs
via make.conf. This will work with make install/package (which pkgtools.conf doesn't), as well as package tools
To make this work in make.conf, add a list of the conflicting knobs to make.conf: example
SNORT_OPTIONS=MYSQL ZLIB PERFPROFILE
This also works in tb/scripts/etc/env, but as:
export SNORT_OPTIONS=MYSQL\ ZLIB\ PERFPROFILE
2) if you define NOPORTSDOCS=yes in env, or make.conf, install still installs:
== Checking filesystem state after all packages deleted
================================================================
list of extra files and directories in / (not present on clean system but present after everything was deinstalled)
5555747 8 drwxr-xr-x 2 root wheel 512 Jan 20 15:42 usr/local/share/doc/snort
5555765 8 -r--r--r-- 1 root wheel 562 Jan 20 15:42 usr/local/share/doc/snort/README.u2boat
I added a @${RM} in port Makefile, after spending an hour looking to try to patch ${WRKSRC}/tools/u2boat/Makefile*
3) RUN_DEPENDS should be RUN_DEPENDS:={$BUILD_DEPENDS}, makes portlint happy(er)
>How-To-Repeat:
1) add WITH_MYSQL=yes to make.conf. build snort. pulls in mysql support, even if you really don't want it.
2) define NOPORTSDOCS=yes in make.conf, or env. install snort. see /usr/local/share/doc/snort/README.u2boat
3) portlint will complain if RUN_DEPENDS=${BUILD_DEPENDS}, so we (I think I did it), made duplicate entries.
>Fix:
- Adds ability to support conflicting options to make.conf. Common kernel options like WITH(OUT)_IP=V6 not touched.
- These knobs .for o in MPLS GRE TARGETBASED DECODERPRE ZLIB PERFPROFILE MYSQL ODBC POSTGRESQL LRGPCAP
- Bump PORTREVISION because of NOPORTSDOCS change
- portlint, best practices for RUN_DEPENDS:= ${BUILD_DEPENDS}
--- snort.patch begins here ---
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/security/snort/Makefile,v
retrieving revision 1.144
diff -u -r1.144 Makefile
--- Makefile 16 Dec 2011 14:45:39 -0000 1.144
+++ Makefile 20 Jan 2012 19:14:52 -0000
@@ -7,6 +7,7 @@
PORTNAME= snort
PORTVERSION= 2.9.2
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= SF/snort/snort \
http://people.rit.edu/rpsfa/distfiles/
@@ -22,24 +23,35 @@
LIB_DEPENDS= pcre.0:${PORTSDIR}/devel/pcre
BUILD_DEPENDS= daq>=0.6.2:${PORTSDIR}/net/daq \
${LOCALBASE}/lib/libnet11/libnet.a:${PORTSDIR}/net/libnet
-RUN_DEPENDS= daq>=0.6.2:${PORTSDIR}/net/daq \
- ${LOCALBASE}/lib/libnet11/libnet.a:${PORTSDIR}/net/libnet
+RUN_DEPENDS:= ${BUILD_DEPENDS}
+
+# ported from postfix/Makefile, thanks
+# back compat pull in settings from SNORT_OPTIONS for convenience when
+# make config is run (happens first time port is built, too)
+.for o in MPLS GRE TARGETBASED DECODERPRE ZLIB PERFPROFILE MYSQL ODBC POSTGRESQL LRGPCAP
+STATUS_${o}=off
+.endfor
+.if defined(SNORT_OPTIONS)
+. for o in ${SNORT_OPTIONS}
+STATUS_${o}=on
+. endfor
+.endif
OPTIONS= IPV6 "Enable IPv6 support" on \
- MPLS "Enable MPLS support" on \
- GRE "Enable GRE support" on \
+ MPLS "Enable MPLS support" ${STATUS_MPLS} \
+ GRE "Enable GRE support" ${STATUS_GRE} \
TARGETBASED "Enable Targetbased support" off \
DECODERPRE "Enable Decoded-Preprocessor-Rules" on \
- ZLIB "Enable GZIP support" on \
+ ZLIB "Enable GZIP support" ${STATUS_ZLIB} \
NORMALIZER "Enable Normalizer" on \
REACT "Enable React" on \
- PERFPROFILE "Enable Performance Profiling" on \
+ PERFPROFILE "Enable Performance Profiling" ${STATUS_PERFPROFILE} \
FLEXRESP3 "Flexible response to events (version 3)" on \
- MYSQL "Enable MySQL support" off \
- ODBC "Enable ODBC support" off \
- POSTGRESQL "Enable PostgreSQL support" off \
+ MYSQL "Enable MySQL support" ${STATUS_MYSQL} \
+ ODBC "Enable ODBC support" ${STATUS_ODBC} \
+ POSTGRESQL "Enable PostgreSQL support" ${STATUS_POSTGRESQL} \
PRELUDE "Enable Prelude NIDS integration" off \
- LRGPCAP "Enable pcaps larger than 2GB" off \
+ LRGPCAP "Enable pcaps larger than 2GB" ${STATUS_LRGPCAP} \
SNORTSAM "Unofficial Snortsam Patch" off \
SOURCEFIRE "Enable Sourcefire specific build options" on \
DBGSNORT "Enable debugging symbols+core dumps" off
@@ -200,6 +212,7 @@
.endif
.if defined(NOPORTDOCS)
@${REINPLACE_CMD} '/SUBDIRS = /s/doc//' ${WRKSRC}/Makefile.in ${WRKSRC}/Makefile.am
+ @${REINPLACE_CMD} '/^dist_doc_DATA/s/=.*/=/' ${WRKSRC}/tools/u2boat/Makefile.am
.endif
pre-configure:
@@ -236,6 +249,8 @@
.if !defined(NOPORTDOCS)
@${MKDIR} ${DOCSDIR}
cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DOCSDIR}
+.else
+ @${RM} -rf ${DOCSDIR}
.endif
.if defined(WITH_DECODERPRE)
@${MKDIR} ${PREPROC_RULE_DIR}
--- snort.patch ends here ---
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com/
______________________________________________________________________
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120120193114.D071B1D3E3>