From owner-svn-ports-head@FreeBSD.ORG Wed May 14 23:33:05 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EFFD27E5; Wed, 14 May 2014 23:33:04 +0000 (UTC) Received: from prod2.absolight.net (mx3.absolight.net [IPv6:2a01:678:2:100::25]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "plouf.absolight.net", Issuer "CAcert Class 3 Root" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B08532637; Wed, 14 May 2014 23:33:04 +0000 (UTC) Received: from prod2.absolight.net (localhost [127.0.0.1]) by prod2.absolight.net (Postfix) with ESMTP id DD140BDC4C; Thu, 15 May 2014 01:33:02 +0200 (CEST) Received: from atuin.in.mat.cc (unknown [137.122.64.16]) by prod2.absolight.net (Postfix) with ESMTPA id B1C46BDC30; Thu, 15 May 2014 01:33:02 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by atuin.in.mat.cc (Postfix) with ESMTP id E2A39646FFF; Wed, 14 May 2014 19:33:01 -0400 (EDT) Date: Wed, 14 May 2014 19:33:01 -0400 From: Mathieu Arnold To: Mark Felder , Adam Weinberger Subject: Re: svn commit: r353977 - head/security/py-fail2ban Message-ID: <83CA55EF6D43506115DE9896@atuin.in.mat.cc> In-Reply-To: <5D7360F1-ABE8-417C-B666-355611AD79AB@FreeBSD.org> References: <201405131830.s4DIUNGm023128@svn.freebsd.org> <5CC317FA-F4BD-40C4-ACD8-04AB16902C4A@FreeBSD.org> <805981A4-2E52-4C2A-B2B8-B751D484279A@adamw.org> <5D7360F1-ABE8-417C-B666-355611AD79AB@FreeBSD.org> X-Mailer: Mulberry/4.0.8 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, Adam Weinberger , ports-committers@FreeBSD.org X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2014 23:33:05 -0000 +--On 13 mai 2014 20:54:09 -0500 Mark Felder wrote: | | On May 13, 2014, at 20:36, Adam Weinberger wrote: | |> On 13 May 2014, at 17:12, Mark Felder wrote: |> |>> On May 13, 2014, at 13:30, Adam Weinberger wrote: |>> |>>> |>>> post-install: |>>> - @${MKDIR} ${STAGEDIR}${FAIL2BAN_DBDIR} |>>> + @${MKDIR} ${STAGEDIR}${FAIL2BAN_DBDIR} ${STAGEDIR}/var/run/fail2ban |>>> @${MKDIR} ${STAGEDIR}${DOCSDIR} |>>> (cd ${WRKSRC}/ && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}) |>>> .for file in fail2ban-client fail2ban-regex fail2ban-server fail2ban |>>> |>> |>> |>> Pkg ignores items in ${STAGEDIR}/var (and probably all of base), so |>> this won't actually make it into a package. In fact, since the creation |>> of the stage dir it won't even make it if installed from a port (as a |>> package is created before being installed). Anything you need created |>> for the port to run that must exist in base such as /var/run/, |>> /var/db/, /var/log/, etc should be handled in the rc script |>> start_precmd so it gets created if necessary just before the daemon is |>> launched. |>> |>> Just drop something in like |>> |>> start_precmd=fail2ban_prestart |>> |>> fail2ban_prestart() |>> { |>> for i in run db; do |>> if [ ! -d /var/${i}/fail2ban ]; then |>> install -d -o fail2ban /dev/null /var/${i}/fail2ban |>> fi |>> done |>> } |>> |>> (or more verbose, but two actions -- mkdir and then chown) |>> |>> and then you can remove those MKDIRs in post-install |> |> That part about pkg ignoring /var doesn't seem right... The .keep_me |> files in /var/run/fail2ban and /var/db/fail2ban are installed by pkg, as |> expected. |> |> Putting the stuff into the rc script seems like a good idea, but I'm |> missing where the current version isn't working. |> | | You're right; my wires were crossed. I believe what I was thinking of is | that pkg won't track those dirs and tell you they are leftovers. It tracks them all right, look at dns/bind10 (well, don't look at it if you value your sanity), it's pkg_install that fails to see and use them. -- Mathieu Arnold