Date: Fri, 06 Apr 2007 14:11:54 -0500 From: Paul Schmehl <pauls@utdallas.edu> To: Stefan Lambrev <stefan.lambrev@sun-fish.com> Cc: freebsd-ports@freebsd.org Subject: Re: ports/security/blocksshd Message-ID: <9DFDC8DD6734FDFEE49EF0FF@paul-schmehls-powerbook59.local> In-Reply-To: <4616943A.2010305@sun-fish.com> References: <461613B2.2050507@sun-fish.com> <46168C4A.9050809@lerwick.hopto.org> <4616943A.2010305@sun-fish.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--==========685F52AA19FF4D689C1C==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
--On April 6, 2007 9:40:58 PM +0300 Stefan Lambrev=20
<stefan.lambrev@sun-fish.com> wrote:
> Hi list,
>
> Craig Butler wrote:
>> Stefan Lambrev wrote:
>>> Hi list,
>>>
>>> This is very annoying:
>>> pkg_delete: '/usr/local/etc/blocksshd.conf' fails original MD5
>>> checksum - deleted anyway.
>>> can someone fix please ?
>>>
>> did you edit it ?
> Of course i edit it, after all it is the configuration file, I have
> different table in my pf, I have specified e-mail
> where to send notification, I have whitelisted IPs and etc.
> And simple upgrade *destroy* my configurations which is not nice ;)
> If I have little more time tomorrow I can send patch and the config file
> will be renamed to .sample
> so upgrading won't destroy configuration, and if you prefer I can add
> and pkg-msg or *echo* to tell user to copy
> config.sample to config when installing.
> If I have time I can even *steal* from other ports and make the port
> only to create blocksshd.conf only if it does not exist :)
> Sorry for moaning without sending patches ;)
The Porters Handbook (section 7.3) is pretty clear about this:
"If your port requires some configuration files in PREFIX/etc, do not just =
install them and list them in pkg-plist. That will cause pkg_delete(1) to=20
delete files carefully edited by the user and a new installation to wipe=20
them out.
Instead, install sample files with a suffix (filename.sample will work=20
well). Copy the sample file as the real configuration file, if it does not =
exist. On deinstall, delete the configuration file, but only if it was not =
modified by the user. You need to handle this both in the port Makefile,=20
and in the pkg-plist (for installation from the package).
Example of the Makefile part:
post-install:
@if [ ! -f ${PREFIX}/etc/orbit.conf ]; then \
${CP} -p ${PREFIX}/etc/orbit.conf.sample ${PREFIX}/etc/orbit.conf=20
; \
fi
Example of the pkg-plist part:
@unexec if cmp -s %D/etc/orbit.conf.sample %D/etc/orbit.conf; then rm -f=20
%D/etc/orbit.conf; fi
etc/orbit.conf.sample
@exec if [ ! -f %D/etc/orbit.conf ] ; then cp -p %D/%F %B/orbit.conf; fi
Alternatively, print out a message pointing out that the user has to copy=20
and edit the file before the software can be made to work."
A port should not be committed with this error, IMNSHO.
OTOH, it's always good practice to make backups......
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
--==========685F52AA19FF4D689C1C==========--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9DFDC8DD6734FDFEE49EF0FF>