From lx@redundancy.redundancy.org  Wed Jul 21 18:11:24 2004
Return-Path: <lx@redundancy.redundancy.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 72EA016A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 21 Jul 2004 18:11:24 +0000 (GMT)
Received: from redundancy.redundancy.org (redundancy.redundancy.org [198.144.201.242])
	by mx1.FreeBSD.org (Postfix) with SMTP id 0803843D31
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 21 Jul 2004 18:11:24 +0000 (GMT)
	(envelope-from lx@redundancy.redundancy.org)
Received: (qmail 93312 invoked by uid 1000); 21 Jul 2004 18:11:41 -0000
Message-Id: <20040721181141.93311.qmail@redundancy.redundancy.org>
Date: 21 Jul 2004 18:11:41 -0000
From: David Thiel <lx@redundancy.redundancy.org>
Reply-To: David Thiel <lx@redundancy.redundancy.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: krion@freebsd.org
Subject: Update: security/samhain 1.8.9 -> 1.8.10b
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         69387
>Category:       ports
>Synopsis:       Update: security/samhain 1.8.9 -> 1.8.10b
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 21 18:20:23 GMT 2004
>Closed-Date:    Wed Aug 11 23:00:36 GMT 2004
>Last-Modified:  Wed Aug 11 23:00:36 GMT 2004
>Originator:     David Thiel
>Release:        FreeBSD 4.9-STABLE i386
>Organization:
>Environment:
System: FreeBSD redundancy.redundancy.org 4.9-STABLE FreeBSD 4.9-STABLE #15: Wed Nov 19 21:41:32 PST 2003 lx@redundancy.redundancy.org:/usr/obj/usr/src/sys/REDUNDANCY i386


>Description:

Port changes:

Add OPTIONS menu, remove most tunable info from comments. Change variable
names to use the "WITH_*" standard.

1.8.10b info:

Fixed FreeBSD make issue in the 1.8.10 release, fixes for default
GrowingLogFiles policy, bugfixes in signal handling and kernel
checking. See docs/Changelog for details.

>How-To-Repeat:
>Fix:


diff -ruN samhain.old/Makefile samhain/Makefile
--- samhain.old/Makefile	Tue Jul 20 11:01:17 2004
+++ samhain/Makefile	Wed Jul 21 10:27:21 2004
@@ -5,40 +5,19 @@
 # $FreeBSD: ports/security/samhain/Makefile,v 1.16 2004/06/21 19:09:14 pav Exp $
 #
 #
-# This port recognizes the following tunables:
+# This port recognizes the following non-binary tunables:
 #
-# RUNAS_USER:
-#	The username of the account Yule will run as. Usually just "yule".
-#
-# WITH_GPG:
-#	Instructs the port to sign configuration files using the
-# 	GNU Privacy Guard.
-#
-# WITH_KCHECK:
-#	Enable support for rogue kernel module detection.
-#
-# WITH_MYSQL:
-#	Enable support for logging to a MySQL database.  Due to there
-#	being multiple current versions of MySQL, dependency for this
-#	is NOT checked.
-#
-# WITH_POSTGRESQL:
-#	Enable support for logging to a Postgres database.  Untested.
-#
-# WITH_LIBWRAP:
-#	Enable support for TCP wrappers.
-#
-# SERVER:
-#	Builds as Yule, Samhain's central logging server.  Mutually exclusive
-#	with CLIENT.
-#
-# CLIENT:
-# 	Builds as a client to Yule.  Fetches configuration files
-#	and signature database from LOG_SERVER, and optionally, ALT_LOG_SERVER.
+# WITH_RUNAS_USER:
+#	Whe building with "WITH_SERVER" defined, the username of the 
+#	account Yule will run as. Defaults to "yule".
+#
+# WITH_LOG_SERVER, WITH_ALT_LOG_SERVER. When "WITH_CLIENT" is defined,
+# 	these specify what server the client will fetch configuration
+#	and database files from. This can also be defined at runtime.
 #
 
 PORTNAME=	samhain
-PORTVERSION=	1.8.9
+PORTVERSION=	1.8.10b
 CATEGORIES=	security
 MASTER_SITES=	http://la-samhna.de/archive/ \
 		http://cold.darkambient.net/
@@ -47,6 +26,15 @@
 MAINTAINER=	lx@redundancy.redundancy.org
 COMMENT=	The Samhain Intrusion Detection System
 
+OPTIONS=	KCHECK "Enable rogue KLD detection" on \
+		GPG "Enable GnuPG support" off \
+		MYSQL "Enable MySQL logging" off \
+		POSTGRESQL "Enable PostgreSQL logging" off \
+		LIBWRAP "Enable TCP wrapper support" on \
+		CLIENT "Build as Samhain network client" off \
+		SERVER "Build as Yule network server" off
+
+.include <bsd.port.pre.mk>
 .if defined(WITH_GPG)
 BUILD_DEPENDS=	gpg:${PORTSDIR}/security/gnupg
 .endif
@@ -55,8 +43,8 @@
 CONFIGURE_ARGS=	--enable-login-watch --localstatedir=/var \
 		--mandir=${PREFIX}/man --enable-suidcheck
 
-.if defined(RUNAS_USER)
-CONFIGURE_ARGS+=	--enable-identity=${RUNAS_USER}
+.if defined(WITH_RUNAS_USER)
+CONFIGURE_ARGS+=	--enable-identity=${WITH_RUNAS_USER}
 .endif
 .if defined(WITH_KCHECK)
 CONFIGURE_ARGS+=	--with-kcheck
@@ -75,7 +63,7 @@
 .if defined(WITH_LIBWRAP)
 CONFIGURE_ARGS+=	--with-libwrap
 .endif
-.if defined(CLIENT)
+.if defined(WITH_CLIENT)
 CONFIGURE_ARGS+=	--enable-network=client \
 		--with-data-file=REQ_FROM_SERVER/var/lib/samhain/data.samhain \
 		--with-config-file=REQ_FROM_SERVER
@@ -83,7 +71,7 @@
 EXTRA_PATCHES+=	${FILESDIR}/fixsamhainrc.patch
 MAN5=	samhainrc.5
 MAN8=	samhain.8
-.elif defined(SERVER)
+.elif defined(WITH_SERVER)
 CONFIGURE_ARGS+=	--enable-network=server
 PLIST_SUB+=	YULE="" SAMHAIN="@comment " SETPWD="@comment "
 EXTRA_PATCHES+=	${FILESDIR}/fixyulerc.patch
@@ -95,24 +83,25 @@
 MAN5=	samhainrc.5
 MAN8=	samhain.8
 .endif
-.if defined(LOG_SERVER)
-CONFIGURE_ARGS+=	--with-logserver=${LOG_SERVER}
+.if defined(WITH_LOG_SERVER)
+CONFIGURE_ARGS+=	--with-logserver=${WITH_LOG_SERVER}
 .endif
-.if defined(ALT_LOG_SERVER)
-CONFIGURE_ARGS+=	--with-altlogserver=${ALT_LOG_SERVER}
+.if defined(WITH_ALT_LOG_SERVER)
+CONFIGURE_ARGS+=	--with-altlogserver=${WITH_ALT_LOG_SERVER}
 .endif
 
 pre-everything::
 
-.if !defined(CLIENT) && !defined(SERVER)
+.if !defined(WITH_CLIENT) && !defined(WITH_SERVER)
 	@${ECHO_MSG}
 	@${ECHO_MSG} "Building in standalone mode."
 	@${ECHO_MSG} "If you wish to enable networked mode, please hit CTRL-C"
-	@${ECHO_MSG} "now and make with SERVER=yes or CLIENT=yes."
+	@${ECHO_MSG} "now, review the options in the Makefile, and make"
+	@${ECHO_MSG} "with WITH_SERVER=yes or WITH_CLIENT=yes."
 	@${ECHO_MSG}
 .endif
 
-.if defined(CLIENT) && defined(SERVER)
+.if defined(WITH_CLIENT) && defined(WITH_SERVER)
 	@${ECHO_MSG}
 	@${ECHO_MSG} "Can't build client and server at once!"
 	@${ECHO_MSG}
@@ -132,7 +121,7 @@
 	@${RM} ${WRKSRC}.tar.gz ${WRKSRC}.tar.gz.asc
 
 post-install:
-.if !defined(SERVER)
+.if !defined(WITH_SERVER)
 	@${CP} ${WRKSRC}/init/samhain.startFreeBSD ${PREFIX}/etc/rc.d/samhain.sh.sample
 .else
 	@${CP} ${WRKSRC}/init/samhain.startFreeBSD ${PREFIX}/etc/rc.d/yule.sh.sample
@@ -148,4 +137,4 @@
 install-user:
 	@(cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${MAKE} install-user)
 
-.include <bsd.port.mk>
+.include <bsd.port.post.mk>
diff -ruN samhain.old/distinfo samhain/distinfo
--- samhain.old/distinfo	Tue Jul 20 11:01:17 2004
+++ samhain/distinfo	Wed Jul 21 10:15:49 2004
@@ -1,2 +1,2 @@
-MD5 (samhain_signed-1.8.9.tar.gz) = 042b5bbee89d219dd9ac1f0043e29a64
-SIZE (samhain_signed-1.8.9.tar.gz) = 929295
+MD5 (samhain_signed-1.8.10b.tar.gz) = f7c638e6989cb44287e814cf008877cd
+SIZE (samhain_signed-1.8.10b.tar.gz) = 972170
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: vs 
State-Changed-When: Thu Jul 22 07:38:50 GMT 2004 
State-Changed-Why:  
Please note that due to a bug, the automatic packages will be build 
with all options set to OFF! You can work around this by e.g. using 
.if undefined(WITHOUT_FOO) || defined(WITH_FOO) 
-- Volker 

http://www.freebsd.org/cgi/query-pr.cgi?pr=69387 

From: David Thiel <lx@redundancy.redundancy.org>
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: ports/69387: Update: security/samhain 1.8.9 -> 1.8.10b
Date: Thu, 22 Jul 2004 12:02:47 -0700

 On Thu, Jul 22, 2004 at 07:40:20AM +0000, Volker Stolz wrote:
 > Please note that due to a bug, the automatic packages will be build
 > with all options set to OFF! You can work around this by e.g. using
 >   .if undefined(WITHOUT_FOO) || defined(WITH_FOO)
 
 For this port, all options off should be fine, and probably desirable.
 
 Thanks!
 david
 
State-Changed-From-To: feedback->closed 
State-Changed-By: pav 
State-Changed-When: Wed Aug 11 23:00:23 GMT 2004 
State-Changed-Why:  
Committed, with OPTIONS handling fixed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=69387 
>Unformatted:
