Date: Mon, 15 Oct 2007 00:51:09 +0400 (MSD) From: Anton Karpov <toxa@toxahost.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/117194: NEW PORT: security/openfwtk Message-ID: <20071014205109.4314278F41@mail.ank-pki.ru> Resent-Message-ID: <200710142100.l9EL03lL033857@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 117194
>Category: ports
>Synopsis: NEW PORT: security/openfwtk
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun Oct 14 21:00:02 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator: Anton Karpov
>Release: FreeBSD 6.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD mercury.ank-pki.ru 6.2-STABLE FreeBSD 6.2-STABLE #0: Tue Jan 23 18:26:58 MSK 2007 root@mercury.ank-pki.ru:/usr/obj/usr/src/sys/MERCURY i386
>Description:
OpenFWTK is an application proxy toolkit which inherits the ideology of TIS fwtk
and maintains API backwards compatibility. The design goal is to make it simple yet
powerful; no performance hacks allowed in the code and library dependencies are reduced to minimum
>How-To-Repeat:
>Fix:
Please see the patch below. Due to the fwtk's nature, this port is a little bit... uncommon,
but I've tried my best to make it sensible.
I'm planning to add rcNG in the nearest future.
--- openfwtk.patch begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# .
# ./files
# ./files/patch-configs-FreeBSD
# ./files/patch-Makefile.config
# ./files/patch-Makefile.common
# ./files/pkg-message.in
# ./files/patch-reports-Makefile
# ./files/patch-reports-frequentcheck.sh
# ./files/patch-squid-gw-squid-gw.restart
# ./Makefile
# ./distinfo
# ./pkg-descr
# ./pkg-plist
# ./Makefile.man
#
echo c - .
mkdir -p . > /dev/null 2>&1
echo c - ./files
mkdir -p ./files > /dev/null 2>&1
echo x - ./files/patch-configs-FreeBSD
sed 's/^X//' >./files/patch-configs-FreeBSD << 'END-of-./files/patch-configs-FreeBSD'
X--- configs/FreeBSD.orig 2007-10-12 02:53:28.000000000 +0400
X+++ configs/FreeBSD 2007-10-12 03:03:56.000000000 +0400
X@@ -2,25 +2,25 @@
X CC = cc
X CP = cp
X MAKE = make
X-PREFIX = /usr/firewall
X+PREFIX = /usr/local
X
X # Defines path where to find ncurses libraries
X-NCURSES_LIBDIR=/usr/local/lib
X+NCURSES_LIBDIR=/usr/lib
X
X # Defines path where to find ncurses headers
X-NCURSES_INCDIR=/usr/local/include/ncurses
X+NCURSES_INCDIR=/usr/include/ncurses
X
X # Defines path where to find SSL libraries
X-SSL_LIBDIR=/usr/local/ssl/lib
X+SSL_LIBDIR=/usr/lib
X
X # Defines path where to find SSL headers
X-SSL_INCDIR=/usr/local/ssl/include
X+SSL_INCDIR=/usr/include/openssl
X
X # Defines path where to find GNU Magic/File libraries
X-MAGIC_LIBDIR=/usr/local/lib
X+MAGIC_LIBDIR=/usr/lib
X
X # Defines path where to find GNU Magic/File headers
X-MAGIC_INCDIR=/usr/local/include
X+MAGIC_INCDIR=/usr/include
X
X # Defines path where to find Milter client library (libci_milter)
X MILTER_LIBDIR=../../libci_milter
X@@ -29,7 +29,7 @@
X MILTER_INCDIR=../../libci_milter/include
X
X # Defines path where to find berkeley bd headers
X-DBM_INCDIR=/usr/include/gdbm
X+DBM_INCDIR=/usr/include
X
X # Defines for your operating system
X DEFINES=-DPREFIX=\"$(PREFIX)\"
X@@ -70,16 +70,16 @@
X FWTKSRCDIR=$(PREFIX)/src/fwtk
X
X # Location of X libraries for X-gw
X-XLIBDIR=/usr/X11R6/lib
X+XLIBDIR=${X11BASE}lib/X11
X
X # X Libraries
X XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 -lSM -lICE -lXext
X
X # Location of X include files
X-XINCLUDE=/usr/X11R6/include
X+XINCLUDE=${X11BASE}/include/X11
X
X # IPFilter location
X #IPFILTER=$(PREFIX)/development/src/ipfilter/ip_fil3.2.9
X
X # authsrv agent communication socket
X-AUTHSRV_SOCK_PATH=$(PREFIX)/var/
X+AUTHSRV_SOCK_PATH=/var/run/openfwtk
END-of-./files/patch-configs-FreeBSD
echo x - ./files/patch-Makefile.config
sed 's/^X//' >./files/patch-Makefile.config << 'END-of-./files/patch-Makefile.config'
X--- Makefile.config.orig 2007-10-12 02:30:32.000000000 +0400
X+++ Makefile.config 2007-10-12 02:30:52.000000000 +0400
X@@ -1,6 +1,6 @@
X # Define here one of the supported OS-es:
X # Linux, FreeBSD, OpenBSD, Solaris, Solaris64, HP-UX, MacOSX
X-OSTYPE = Linux
X+OSTYPE = FreeBSD
X
X include $(GMKPATH)/configs/$(OSTYPE)
X include $(GMKPATH)/Makefile.common
END-of-./files/patch-Makefile.config
echo x - ./files/patch-Makefile.common
sed 's/^X//' >./files/patch-Makefile.common << 'END-of-./files/patch-Makefile.common'
X--- Makefile.common.orig 2007-09-25 06:26:36.000000000 +0400
X+++ Makefile.common 2007-10-12 04:55:16.000000000 +0400
X@@ -34,11 +34,11 @@
X install-etc: $(ETCOBJS)
X @for CETC in $(ETCOBJS) ""; do \
X if [ "$$CETC" = "" ]; then continue; fi; \
X- if [ -f $(PREFIX)/etc/$$CETC ]; then \
X- echo "NOT installing $(PREFIX)/$$CETC: exists, skipped"; \
X+ if [ -f $(PREFIX)/etc/openfwtk/$$CETC ]; then \
X+ echo "NOT installing $(PREFIX)/openfwtk/$$CETC: exists, skipped"; \
X else \
X- echo "Installing ETC: $$CETC -> $(PREFIX)/etc"; \
X- cp $$CETC $(PREFIX)/etc; \
X+ echo "Installing ETC: $$CETC -> $(PREFIX)/etc/openfwtk"; \
X+ cp $$CETC $(PREFIX)/etc/openfwtk; \
X fi; \
X done; \
X
X@@ -57,8 +57,7 @@
X echo "Creating/updating directory: $$CDIR"; \
X mkdir -p $$CDIR; \
X done; \
X- echo "Installing OpenFWTK base path: OFWTKPATH -> /etc/openfwtk.conf"; \
X- echo "OFWTKPATH=\"$(PREFIX)\"" > /etc/openfwtk.conf
X+ echo "Installing OpenFWTK base path: OFWTKPATH -> ${PREFIX}/etc/openfwtk.conf"; \
X+ echo "OFWTKPATH=\"$(PREFIX)\"" > ${PREFIX}/etc/openfwtk.conf
X
X install: all install-common install-bin install-man install-etc
X- $(INSTALLADD)
END-of-./files/patch-Makefile.common
echo x - ./files/pkg-message.in
sed 's/^X//' >./files/pkg-message.in << 'END-of-./files/pkg-message.in'
X=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
X* NOTE:
X
X* In order to use OpenFWTK proxies you need to have
Xprocfs(5) filesystem mounted.
X
X* You are advised to add following to /etc/crontab:
X
X59 * * * * root %%LOCALBASE%%/bin/frequentcheck
X58 23 * * * root %%LOCALBASE%%/bin/daily_report
X
X* In order to get this reports, run:
Xecho "admin@email.addr" > %%LOCALBASE%%/etc/openfwtk/admin
X
X* fw_check installed in %%LOCALBASE%%/share/fw_watch.
X
X* In order to user openfwtk, you need to create
X%%LOCALBASE%%/etc/netperm-table, there is no predefined
Xexample for now!
X
X* netperm-table(5) is a good place to start read about
Xvarious configuration options
X
X=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
END-of-./files/pkg-message.in
echo x - ./files/patch-reports-Makefile
sed 's/^X//' >./files/patch-reports-Makefile << 'END-of-./files/patch-reports-Makefile'
X--- reports/Makefile.orig 2007-09-25 00:20:36.000000000 +0400
X+++ reports/Makefile 2007-10-12 04:54:53.000000000 +0400
X@@ -16,10 +16,3 @@
X logtail: $(LTLOBJS)
X $(OFWTKLINK) $(LTLOBJS)
X
X-INSTALLADD = \
X- if ! grep -q frequentcheck /etc/crontab; then \
X- echo "59 * * * * root $(DEST)/frequentcheck">>/etc/crontab ;\
X- fi; \
X- if ! grep -q daily_report /etc/crontab; then \
X- echo "58 23 * * * root $(DEST)/daily_report">>/etc/crontab ; \
X- fi
END-of-./files/patch-reports-Makefile
echo x - ./files/patch-reports-frequentcheck.sh
sed 's/^X//' >./files/patch-reports-frequentcheck.sh << 'END-of-./files/patch-reports-frequentcheck.sh'
X--- reports/frequentcheck.sh.orig 2007-10-12 04:42:16.000000000 +0400
X+++ reports/frequentcheck.sh 2007-10-12 04:42:45.000000000 +0400
X@@ -43,10 +43,10 @@
X
X PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
X
X-PATFILE=$OFWTKPATH/etc/frequentcheck.ignore
X-ALERTFILE=$OFWTKPATH/etc/securityalerts.ignore
X-WARNFILE=$OFWTKPATH/etc/securitywarnings.ignore
X-ERRFILE=$OFWTKPATH/etc/syserr.ignore
X+PATFILE=$OFWTKPATH/etc/openfwtk/frequentcheck.ignore
X+ALERTFILE=$OFWTKPATH/etc/openfwtk/securityalerts.ignore
X+WARNFILE=$OFWTKPATH/etc/openfwtk/securitywarnings.ignore
X+ERRFILE=$OFWTKPATH/etc/openfwtk/syserr.ignore
X
X # Set the flag variables
X FOUND=0
END-of-./files/patch-reports-frequentcheck.sh
echo x - ./files/patch-squid-gw-squid-gw.restart
sed 's/^X//' >./files/patch-squid-gw-squid-gw.restart << 'END-of-./files/patch-squid-gw-squid-gw.restart'
X--- squid-gw/squid-gw.restart.orig 2007-10-12 18:09:43.000000000 +0400
X+++ squid-gw/squid-gw.restart 2007-10-12 18:10:12.000000000 +0400
X@@ -9,4 +9,4 @@
X exit 1
X fi
X
X-kill -HUP `cat $OFWTKPATH/var/pid/squid-gw.pid`
X+kill -HUP `cat /var/run/openfwtk/squid-gw.pid`
END-of-./files/patch-squid-gw-squid-gw.restart
echo x - ./Makefile
sed 's/^X//' >./Makefile << 'END-of-./Makefile'
X# New ports collection makefile for: openfwtk
X# Date created: 12 Oct 2007
X# Whom: Anton Karpov <toxa@toxahost.ru>
X#
X# $FreeBSD$
X
XPORTNAME= openfwtk
XPORTVERSION= 2.0
XCATEGORIES= security
XMASTER_SITES= SF
XMASTER_SITE_SUBDIR= ${PORTNAME}
XDISTNAME=${PORTNAME}${PORTVERSION}
X
XMAINTAINER= toxa@toxahost.ru
XCOMMENT= Application proxy toolkit which inherits the ideology of TIS fwtk
X
XWRKSRC= ${WRKDIR}/fwtk
XWRKSRC_WATCH= ${WRKDIR}/fw_watch
XWRKSRC_MILTER= ${WRKDIR}/libci_milter
X
XOPTIONS= WATCH "Install fw-watch GUI (require TCL/TK!)" off
X
XSUB_FILES= pkg-message
XMANCOMPRESSED= no
X
X.include <bsd.port.pre.mk>
X
X.if defined(WITH_WATCH)
XPLIST_SUB+= WATCH=""
XRUN_DEPENDS+= wish8.4:${PORTSDIR}/x11-toolkits/tk84
X.else
XPLIST_SUB+= WATCH="@comment "
X.endif
X
XBUILD_DIRS= ${WRKSRC_MILTER} ${WRKSRC}
X
Xdo-build:
X.for i in ${BUILD_DIRS}
X (cd ${WRKDIR}/${i}; ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} ${ALL_TARGET})
X.endfor
X
Xpost-build:
X @${REINPLACE_CMD} -e 's|/etc/openfwtk.conf|${PREFIX}/etc/openfwtk.conf|g' \
X ${WRKSRC}/reports/summ_resources.sh ${WRKSRC}/reports/daily_report \
X ${WRKSRC}/reports/frequentcheck.sh ${WRKSRC}/reports/frequentcheck \
X ${WRKSRC}/auth/authadduser.sh ${WRKSRC}/squid-gw/squid-gw.restart \
X ${WRKSRC}/reports/daily_report ${WRKSRC}/reports/frequentcheck
Xpre-install:
X ${MKDIR} ${ETCDIR}
Xpost-install:
X.if defined(WITH_WATCH)
X ${MKDIR} ${PREFIX}/share/fw_watch
X @${REINPLACE_CMD} -e 's|/usr/bin/wish|${PREFIX}/bin/wish8.4|g' \
X ${WRKSRC_WATCH}/fileselect.tcl \
X ${WRKSRC_WATCH}/fw_watch \
X ${WRKSRC_WATCH}/newsb.tcl \
X ${WRKSRC_WATCH}/searchbox.tcl \
X ${WRKSRC_WATCH}/taputils.tcl
X ${CP} ${WRKSRC_WATCH}/fileselect.tcl ${PREFIX}/share/fw_watch/
X ${CP} ${WRKSRC_WATCH}/fw_watch ${PREFIX}/share/fw_watch/
X ${CP} ${WRKSRC_WATCH}/newsb.tcl ${PREFIX}/share/fw_watch/
X ${CP} ${WRKSRC_WATCH}/searchbox.tcl ${PREFIX}/share/fw_watch/
X ${CP} ${WRKSRC_WATCH}/taputils.tcl ${PREFIX}/share/fw_watch/
X.endif
X ${ECHO} "root@`hostname`" > ${ETCDIR}/admin
X @${CAT} ${PKGMESSAGE}
X
X.include "Makefile.man"
X.include <bsd.port.post.mk>
END-of-./Makefile
echo x - ./distinfo
sed 's/^X//' >./distinfo << 'END-of-./distinfo'
XMD5 (openfwtk2.0.tar.gz) = 512501bbdcf4fc8bd7527b3cb5958dfb
XSHA256 (openfwtk2.0.tar.gz) = e0da648b5d7c2a84876e79a524872774155076410a4cb513ef9e50f34c78a703
XSIZE (openfwtk2.0.tar.gz) = 615377
END-of-./distinfo
echo x - ./pkg-descr
sed 's/^X//' >./pkg-descr << 'END-of-./pkg-descr'
XOpenFWTK is an application proxy toolkit which inherits the ideology
Xof TIS fwtk and maintains API backwards compatibility. The design goal
Xis to make it simple yet powerful; no performance hacks allowed in the
Xcode and library dependencies are reduced to minimum.
X
XWWW: http://sourceforge.net/projects/openfwtk
END-of-./pkg-descr
echo x - ./pkg-plist
sed 's/^X//' >./pkg-plist << 'END-of-./pkg-plist'
Xbin/auth_cons
Xbin/auth_telnetd
Xbin/authadduser.sh
Xbin/authdump
Xbin/authload
Xbin/authmgr
Xbin/authsrv
Xbin/chart.pl
Xbin/cmd-gw
Xbin/cmd-tn
Xbin/cvs-gw
Xbin/daily_report
Xbin/dnsctl
Xbin/frequentcheck
Xbin/frequentcheck.sh
Xbin/ftp-gw
Xbin/get_today
Xbin/hqdaemon
Xbin/ident-spoofer
Xbin/logtail
Xbin/lp-gw
Xbin/netacl
Xbin/nntp-gw
Xbin/nntp-top
Xbin/plug-gw
Xbin/pop3-gw
Xbin/rexec-gw
Xbin/rsh-gw
Xbin/smtpd
Xbin/smtpfwdd
Xbin/squid-gw
Xbin/squid-gw.restart
Xbin/squid-log
Xbin/squid-top
Xbin/ssl-gw
Xbin/ssmtp
Xbin/summ_complete.pl
Xbin/summ_resources.sh
Xetc/openfwtk/alerts.add
Xetc/openfwtk/frequentcheck.ignore
Xetc/openfwtk/securityalerts.ignore
Xetc/openfwtk/securitywarnings.ignore
Xetc/openfwtk/syserr.ignore
Xetc/openfwtk/warnings.add
Xetc/openfwtk/admin
Xetc/openfwtk.conf
X%%WATCH%%share/fw_watch/fileselect.tcl
X%%WATCH%%share/fw_watch/fw_watch
X%%WATCH%%share/fw_watch/newsb.tcl
X%%WATCH%%share/fw_watch/searchbox.tcl
X%%WATCH%%share/fw_watch/taputils.tcl
X%%WATCH%%@dirrm share/fw_watch
X@dirrm etc/openfwtk
END-of-./pkg-plist
echo x - ./Makefile.man
sed 's/^X//' >./Makefile.man << 'END-of-./Makefile.man'
X# $FreeBSD$
X
XMAN3= \
X cfg_append.3 \
X cfg_free.3 \
X cfg_get.3 \
X cfg_read.3 \
X cfg_setpfile.3 \
X conn_server.3 \
X daemonize.3 \
X do_daemon.3 \
X enargv.3 \
X getpassword.3 \
X hostmatch.3 \
X hup_exit.3 \
X isalldigits.3 \
X lock_fd.3 \
X locktest_fd.3 \
X lockun_fd.3 \
X mapgid.3 \
X maphostname.3 \
X mapuid.3 \
X nacasematch.3 \
X namatch.3 \
X peername.3 \
X randomnumber.3 \
X set_oob_notification.3 \
X str_to_port.3 \
X waitwaitwait.3 \
X xmalloc.3 \
X xrealloc.3 \
X xstrdup.3
X
XMAN5= netperm-table.5
X
XMAN8= \
X auth_telnetd.8 \
X authdump.8 \
X authmgr.8 \
X authsrv.8 \
X cmd-gw.8 \
X cvs-gw.8 \
X dnsctl.8 \
X ftp-gw.8 \
X hqdaemon.8 \
X ident-spoofer.8 \
X lp-gw.8 \
X netacl.8 \
X nntp-gw.8 \
X plug-gw.8 \
X pop3-gw.8 \
X rexec-gw.8 \
X rsh-gw.8 \
X smtpd.8 \
X smtpfwdd.8 \
X squid-gw.8 \
X ssmtp.8
X
END-of-./Makefile.man
exit
--- openfwtk.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071014205109.4314278F41>