Date: Tue, 19 Feb 2002 15:39:02 -0800 (PST) From: "Crist J. Clark" <cjc@freebsd.org> To: FreeBSD-gnats-submit@freebsd.org Cc: jgreco@ns.sol.net Subject: ports/35126: [PATCH] Tripwire 1.2 install should be more configurable Message-ID: <200202192339.g1JNd2T98988@blossom.cjclark.org>
next in thread | raw e-mail | index | archive | help
>Number: 35126
>Category: ports
>Synopsis: [PATCH] Tripwire 1.2 install should be more configurable
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Feb 19 15:40:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Crist J. Clark
>Release: FreeBSD 4.5-RELEASE i386
>Organization:
>Environment:
FreeBSD ports.
>Description:
Presently the Tripwire 1.2 port(s), ports/security/tripwire{,12},
automatically generate(s) a tripwire database using the sample
configuration file provided with the port(s). There is no mechanism for
the user to (a) provided his own configuration file or (b) disable the
database build at the 'make install.'
Building a tripwire database can take a considerable amount of
time. It is very possible, perhaps even likely, that the administrator
may wish to customize the tripwire configuration file for his site
before taking the time to build a database. If the admin interupts the
database build (say with an intr-character), he will not have a
properly installed port (e.g. nothing in /var/db/pkg). I am not aware
of a way to disable the build using the port-system's available knobs
(like something to disable 'post-install' targets in the Makefile).
>How-To-Repeat:
# cd /usr/ports/security/tripwire
# make install
>Fix:
The following simple patch provides examples for how to
correct both of these issues.
The administrator may specify a custom tripwire configuration
file for use in the automatic database build by doing the following,
# make TWCONFIG=/path/to/tw.config install
Or the admin may totally disable the database build at install time,
# make -DNO_DB_BUILD install
Here's the patch,
Index: security/tripwire/Makefile
===================================================================
RCS file: /export/ncvs/ports/security/tripwire/Makefile,v
retrieving revision 1.11
diff -u -r1.11 Makefile
--- security/tripwire/Makefile 2 Jun 2000 03:18:52 -0000 1.11
+++ security/tripwire/Makefile 19 Feb 2002 23:16:53 -0000
@@ -19,6 +19,8 @@
NO_PACKAGE= "requires local database to be built"
RESTRICTED= "contains crypto class algorithms"
+TWCONFIG?= ${FILESDIR}/tw.conf.freebsd2
+
post-extract:
@ (cd ${WRKDIR}; tar xpf T1.2.tar)
@@ -29,13 +31,14 @@
pre-configure:
@ ${CP} ${FILESDIR}/conf-freebsd2.h ${WRKSRC}/configs
@ ${SED} s%/kernel%`sysctl -bn kern.bootfile`% \
- < ${FILESDIR}/tw.conf.freebsd2 \
+ < ${TWCONFIG} \
> ${WRKSRC}/configs/tw.conf.freebsd2
post-install:
@ ${MKDIR} /var/adm/tcheck
- @ ${CP} ${FILESDIR}/tw.conf.freebsd2 /var/adm/tcheck/tw.config
+ @ ${CP} ${TWCONFIG} /var/adm/tcheck/tw.config
# Creating tripwire database
+.ifndef NO_DB_BUILD
@ (cd /var/adm/tcheck; tripwire -initialize)
.if defined(TRIPWIRE_FLOPPY) && ${TRIPWIRE_FLOPPY} == YES
# preparing the floppy
@@ -52,6 +55,7 @@
@ ${CHMOD} 555 /mnt/tripwire /mnt/gunzip /mnt/twcheck
@ umount /mnt
# Do not forget to remove and write-protect the floppy.
+.endif
.endif
.include <bsd.port.mk>
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202192339.g1JNd2T98988>