Date: Fri, 06 Apr 2007 14:11:54 -0500 From: Paul Schmehl <pauls@utdallas.edu> To: Stefan Lambrev <stefan.lambrev@sun-fish.com> Cc: freebsd-ports@freebsd.org Subject: Re: ports/security/blocksshd Message-ID: <9DFDC8DD6734FDFEE49EF0FF@paul-schmehls-powerbook59.local> In-Reply-To: <4616943A.2010305@sun-fish.com> References: <461613B2.2050507@sun-fish.com> <46168C4A.9050809@lerwick.hopto.org> <4616943A.2010305@sun-fish.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--==========685F52AA19FF4D689C1C========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On April 6, 2007 9:40:58 PM +0300 Stefan Lambrev=20 <stefan.lambrev@sun-fish.com> wrote: > Hi list, > > Craig Butler wrote: >> Stefan Lambrev wrote: >>> Hi list, >>> >>> This is very annoying: >>> pkg_delete: '/usr/local/etc/blocksshd.conf' fails original MD5 >>> checksum - deleted anyway. >>> can someone fix please ? >>> >> did you edit it ? > Of course i edit it, after all it is the configuration file, I have > different table in my pf, I have specified e-mail > where to send notification, I have whitelisted IPs and etc. > And simple upgrade *destroy* my configurations which is not nice ;) > If I have little more time tomorrow I can send patch and the config file > will be renamed to .sample > so upgrading won't destroy configuration, and if you prefer I can add > and pkg-msg or *echo* to tell user to copy > config.sample to config when installing. > If I have time I can even *steal* from other ports and make the port > only to create blocksshd.conf only if it does not exist :) > Sorry for moaning without sending patches ;) The Porters Handbook (section 7.3) is pretty clear about this: "If your port requires some configuration files in PREFIX/etc, do not just = install them and list them in pkg-plist. That will cause pkg_delete(1) to=20 delete files carefully edited by the user and a new installation to wipe=20 them out. Instead, install sample files with a suffix (filename.sample will work=20 well). Copy the sample file as the real configuration file, if it does not = exist. On deinstall, delete the configuration file, but only if it was not = modified by the user. You need to handle this both in the port Makefile,=20 and in the pkg-plist (for installation from the package). Example of the Makefile part: post-install: @if [ ! -f ${PREFIX}/etc/orbit.conf ]; then \ ${CP} -p ${PREFIX}/etc/orbit.conf.sample ${PREFIX}/etc/orbit.conf=20 ; \ fi Example of the pkg-plist part: @unexec if cmp -s %D/etc/orbit.conf.sample %D/etc/orbit.conf; then rm -f=20 %D/etc/orbit.conf; fi etc/orbit.conf.sample @exec if [ ! -f %D/etc/orbit.conf ] ; then cp -p %D/%F %B/orbit.conf; fi Alternatively, print out a message pointing out that the user has to copy=20 and edit the file before the software can be made to work." A port should not be committed with this error, IMNSHO. OTOH, it's always good practice to make backups...... Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ --==========685F52AA19FF4D689C1C==========--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9DFDC8DD6734FDFEE49EF0FF>