From nobody@FreeBSD.org  Mon Apr  4 13:42:14 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B8EAE106566C
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  4 Apr 2011 13:42:14 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id A71B48FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  4 Apr 2011 13:42:14 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p34DgEXk024441
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 4 Apr 2011 13:42:14 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p34DgEgK024440;
	Mon, 4 Apr 2011 13:42:14 GMT
	(envelope-from nobody)
Message-Id: <201104041342.p34DgEgK024440@red.freebsd.org>
Date: Mon, 4 Apr 2011 13:42:14 GMT
From: Nikolay Denev <ndenev@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: security/barnyard2 does not need security/snort to run
X-Send-Pr-Version: www-3.1
X-GNATS-Notify: pauls@utdallas.edu

>Number:         156172
>Category:       ports
>Synopsis:       security/barnyard2 does not need security/snort to run
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    ohauer
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 04 13:50:08 UTC 2011
>Closed-Date:    Mon Apr 04 22:48:41 UTC 2011
>Last-Modified:  Mon Apr 04 22:48:41 UTC 2011
>Originator:     Nikolay Denev
>Release:        RELENG_8
>Organization:
>Environment:
FreeBSD nas.totalterror.net 8.2-STABLE FreeBSD 8.2-STABLE #120: Wed Mar 30 10:26:07 EEST 2011     ndenev@nas.totalterror.net:/usr/obj/usr/src/sys/NAS  amd64

>Description:
security/barnyard2 tries to pull in security/snort when it's installed, as snort is listed as runtime dependency. But this is not true, and there are scenarios where one might not want snort on the same machine e.g. :
1. Barnyard running on a dedicated host processing snort/suricata logs shipped via some other mechanism like rsync/sftp.
2. Using baryard2 with security/suricata

>How-To-Repeat:
Try to install security/barnyard2 on a host running security/suricata to handle the logging, and it will pull security/snort as dependency.
>Fix:
Simple patch to the port makefile removes the runtime dependency of snort.

--- Makefile.orig	2011-04-04 16:36:46.093102555 +0300
+++ Makefile	2011-04-04 16:37:07.481745290 +0300
@@ -14,8 +14,6 @@
 MAINTAINER=	pauls@utdallas.edu
 COMMENT=	An output system for Snort that parses unified2 files
 
-RUN_DEPENDS+=	${LOCALBASE}/bin/snort:${PORTSDIR}/security/snort
-
 OPTIONS=	MYSQL "Enable MySQL support" on \
 		POSTGRESQL "Enable PostgreSQL support" off
 


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Mon Apr 4 13:50:18 UTC 2011 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=156172 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: pauls@utdallas.edu
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/156172: security/barnyard2 does not need security/snort to run
Date: Mon, 4 Apr 2011 13:50:16 UT

 Maintainer of security/barnyard2,
 
 Please note that PR ports/156172 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/156172
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org

From: Paul Schmehl <pauls@utdallas.edu>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/156172: security/barnyard2 does not need security/snort
 to run
Date: Mon, 04 Apr 2011 09:19:56 -0500

 --==========5CF83373671BCBB3C871==========
 Content-Type: text/plain; charset=us-ascii; format=flowed
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 --On April 4, 2011 8:50:16 AM -0500 Edwin Groothuis <edwin@FreeBSD.org> 
 wrote:
 
 > Maintainer of security/barnyard2,
 >
 > Please note that PR ports/156172 has just been submitted.
 >
 > If it contains a patch for an upgrade, an enhancement or a bug fix
 > you agree on, reply to this email stating that you approve the patch
 > and a committer will take care of it.
 >
 > The full text of the PR can be found at:
 >     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/156172
 
 This is the wrong approach to take if the goal is to decouple the snort 
 install from the barnyard install.  Snort is an OPTION which is toggled on. 
 The right fix is to toggle it off and let the user decide whether or not to 
 install snort.
 
 Patch attached.
 
 -- 
 Paul Schmehl (pauls@utdallas.edu)
 Senior Information Security Analyst
 The University of Texas at Dallas
 http://www.utdallas.edu/ir/security/
 
 --==========5CF83373671BCBB3C871==========
 Content-Type: application/octet-stream; name=patch-Makefile
 Content-Transfer-Encoding: base64
 Content-Disposition: attachment; filename=patch-Makefile; size=354
 
 LS0tIE1ha2VmaWxlLm9yaWcJMjAxMS0wNC0wNCAxNDoxNzozNC4wMDAwMDAwMDAgKzAwMDAKKysr
 IE1ha2VmaWxlCTIwMTEtMDQtMDQgMTQ6MTc6NTguMDAwMDAwMDAwICswMDAwCkBAIC0xNiw3ICsx
 Niw3IEBACiAKIFJVTl9ERVBFTkRTKz0JJHtMT0NBTEJBU0V9L2Jpbi9zbm9ydDoke1BPUlRTRElS
 fS9zZWN1cml0eS9zbm9ydAogCi1PUFRJT05TPQlNWVNRTCAiRW5hYmxlIE15U1FMIHN1cHBvcnQi
 IG9uIFwKK09QVElPTlM9CU1ZU1FMICJFbmFibGUgTXlTUUwgc3VwcG9ydCIgb2ZmIFwKIAkJUE9T
 VEdSRVNRTCAiRW5hYmxlIFBvc3RncmVTUUwgc3VwcG9ydCIgb2ZmCiAKIFVTRV9SQ19TVUJSPQli
 YXJueWFyZDIuc2gK
 
 --==========5CF83373671BCBB3C871==========--
 

From: Paul Schmehl <pauls@utdallas.edu>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/156172: security/barnyard2 does not need security/snort
 to run
Date: Mon, 04 Apr 2011 11:27:40 -0500

 --On April 4, 2011 8:50:16 AM -0500 Edwin Groothuis <edwin@FreeBSD.org> 
 wrote:
 
 > Maintainer of security/barnyard2,
 >
 > Please note that PR ports/156172 has just been submitted.
 >
 > If it contains a patch for an upgrade, an enhancement or a bug fix
 > you agree on, reply to this email stating that you approve the patch
 > and a committer will take care of it.
 >
 > The full text of the PR can be found at:
 >     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/156172
 
 Sheesh.  Sound the idiot alarm.
 
 The patch I sent doesn't accomplish what the OP requested at all.  His 
 patch works fine by removing the RUN_DEPENDS for snort.  I need to decide 
 if I want to add snort to the OPTIONS (as well as suricata), so put this on 
 hold while I think this through more carefully.
 
 -- 
 Paul Schmehl (pauls@utdallas.edu)
 Senior Information Security Analyst
 The University of Texas at Dallas
 http://www.utdallas.edu/ir/security/
 

From: Paul Schmehl <pauls@utdallas.edu>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/156172: security/barnyard2 does not need security/snort
 to run
Date: Mon, 04 Apr 2011 11:33:03 -0500

 --==========AEF792D8B0F469A98921==========
 Content-Type: text/plain; charset=us-ascii; format=flowed
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 --On April 4, 2011 8:50:16 AM -0500 Edwin Groothuis <edwin@FreeBSD.org> 
 wrote:
 
 > Maintainer of security/barnyard2,
 >
 > Please note that PR ports/156172 has just been submitted.
 >
 > If it contains a patch for an upgrade, an enhancement or a bug fix
 > you agree on, reply to this email stating that you approve the patch
 > and a committer will take care of it.
 >
 > The full text of the PR can be found at:
 >     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/156172
 
 The attached patch bumps PORTREVISION from 1 to 2, removes the RUN_DEPENDS 
 for snort and adds suricata to the COMMENT line.
 
 -- 
 Paul Schmehl (pauls@utdallas.edu)
 Senior Information Security Analyst
 The University of Texas at Dallas
 http://www.utdallas.edu/ir/security/
 
 --==========AEF792D8B0F469A98921==========
 Content-Type: application/octet-stream; name=patch-Makefile
 Content-Transfer-Encoding: base64
 Content-Disposition: attachment; filename=patch-Makefile; size=687
 
 LS0tIE1ha2VmaWxlLm9yaWcJMjAxMS0wNC0wNCAxNDoxNzozNC4wMDAwMDAwMDAgKzAwMDAKKysr
 IE1ha2VmaWxlCTIwMTEtMDQtMDQgMTY6Mjk6NTEuMDAwMDAwMDAwICswMDAwCkBAIC03LDE2ICs3
 LDE0IEBACiAKIFBPUlROQU1FPQliYXJueWFyZDIKIFBPUlRWRVJTSU9OPQkxLjkKLVBPUlRSRVZJ
 U0lPTj0JMQorUE9SVFJFVklTSU9OPQkyCiBDQVRFR09SSUVTPQlzZWN1cml0eQogTUFTVEVSX1NJ
 VEVTPQlodHRwOi8vd3d3LnNlY3VyaXhsaXZlLmNvbS9kb3dubG9hZC9iYXJueWFyZDIvCiAKIE1B
 SU5UQUlORVI9CXBhdWxzQHV0ZGFsbGFzLmVkdQotQ09NTUVOVD0JQW4gb3V0cHV0IHN5c3RlbSBm
 b3IgU25vcnQgdGhhdCBwYXJzZXMgdW5pZmllZDIgZmlsZXMKK0NPTU1FTlQ9CUFuIG91dHB1dCBz
 eXN0ZW0gZm9yIFNub3J0IG9yIFN1cmljYXRhIHRoYXQgcGFyc2VzIHVuaWZpZWQyIGZpbGVzCiAK
 LVJVTl9ERVBFTkRTKz0JJHtMT0NBTEJBU0V9L2Jpbi9zbm9ydDoke1BPUlRTRElSfS9zZWN1cml0
 eS9zbm9ydAotCi1PUFRJT05TPQlNWVNRTCAiRW5hYmxlIE15U1FMIHN1cHBvcnQiIG9uIFwKK09Q
 VElPTlM9CU1ZU1FMICJFbmFibGUgTXlTUUwgc3VwcG9ydCIgb2ZmIFwKIAkJUE9TVEdSRVNRTCAi
 RW5hYmxlIFBvc3RncmVTUUwgc3VwcG9ydCIgb2ZmCiAKIFVTRV9SQ19TVUJSPQliYXJueWFyZDIu
 c2gK
 
 --==========AEF792D8B0F469A98921==========--
 
Responsible-Changed-From-To: freebsd-ports-bugs->ohauer 
Responsible-Changed-By: ohauer 
Responsible-Changed-When: Mon Apr 4 18:12:08 UTC 2011 
Responsible-Changed-Why:  
I'll take it 

http://www.freebsd.org/cgi/query-pr.cgi?pr=156172 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/156172: commit references a PR
Date: Mon,  4 Apr 2011 21:28:24 +0000 (UTC)

 ohauer      2011-04-04 21:28:15 UTC
 
   FreeBSD ports repository
 
   Modified files:
     security/barnyard2   Makefile 
   Log:
    - make snort and suricata optional
    - bump portrevision
   
   PR:             ports/156172
   Submitted by:   Nikolay Denev <ndenev _at_ gmail.com>
   Approved by:    Paul Schmehl <pauls _at_ utdallas.edu> (maintainer)
   
   Revision  Changes    Path
   1.7       +13 -5     ports/security/barnyard2/Makefile
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: feedback->closed 
State-Changed-By: ohauer 
State-Changed-When: Mon Apr 4 22:48:00 UTC 2011 
State-Changed-Why:  
Comitted, with minor changes 

http://www.freebsd.org/cgi/query-pr.cgi?pr=156172 
>Unformatted:
