Bug 156172 - security/barnyard2 does not need security/snort to run
Summary: security/barnyard2 does not need security/snort to run
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Olli Hauer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-04-04 14:50 UTC by Nikolay Denev
Modified: 2011-04-04 23:48 UTC (History)
0 users

See Also:

Attachments
file.diff (375 bytes, patch)
2011-04-04 14:50 UTC, Nikolay Denev 		no flags Details | Diff
patch-Makefile (354 bytes, application/octet-stream)
2011-04-04 15:19 UTC, pauls 		no flags Details
patch-Makefile (687 bytes, application/octet-stream)
2011-04-04 17:33 UTC, pauls 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nikolay Denev 2011-04-04 14:50:08 UTC 
security/barnyard2 tries to pull in security/snort when it's installed, as snort is listed as runtime dependency. But this is not true, and there are scenarios where one might not want snort on the same machine e.g. :
1. Barnyard running on a dedicated host processing snort/suricata logs shipped via some other mechanism like rsync/sftp.
2. Using baryard2 with security/suricata

Fix: Simple patch to the port makefile removes the runtime dependency of snort.
How-To-Repeat: Try to install security/barnyard2 on a host running security/suricata to handle the logging, and it will pull security/snort as dependency.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2011-04-04 14:50:16 UTC 
Maintainer of security/barnyard2,

Please note that PR ports/156172 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/156172

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 2 Edwin Groothuis freebsd_committer freebsd_triage 2011-04-04 14:50:18 UTC 
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 3 pauls 2011-04-04 15:19:56 UTC 
--On April 4, 2011 8:50:16 AM -0500 Edwin Groothuis <edwin@FreeBSD.org> 
wrote:

> Maintainer of security/barnyard2,
>
> Please note that PR ports/156172 has just been submitted.
>
> If it contains a patch for an upgrade, an enhancement or a bug fix
> you agree on, reply to this email stating that you approve the patch
> and a committer will take care of it.
>
> The full text of the PR can be found at:
>     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/156172

This is the wrong approach to take if the goal is to decouple the snort 
install from the barnyard install.  Snort is an OPTION which is toggled on. 
The right fix is to toggle it off and let the user decide whether or not to 
install snort.

Patch attached.

-- 
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
Comment 4 pauls 2011-04-04 17:27:40 UTC 
--On April 4, 2011 8:50:16 AM -0500 Edwin Groothuis <edwin@FreeBSD.org> 
wrote:

> Maintainer of security/barnyard2,
>
> Please note that PR ports/156172 has just been submitted.
>
> If it contains a patch for an upgrade, an enhancement or a bug fix
> you agree on, reply to this email stating that you approve the patch
> and a committer will take care of it.
>
> The full text of the PR can be found at:
>     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/156172

Sheesh.  Sound the idiot alarm.

The patch I sent doesn't accomplish what the OP requested at all.  His 
patch works fine by removing the RUN_DEPENDS for snort.  I need to decide 
if I want to add snort to the OPTIONS (as well as suricata), so put this on 
hold while I think this through more carefully.

-- 
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
Comment 5 pauls 2011-04-04 17:33:03 UTC 
--On April 4, 2011 8:50:16 AM -0500 Edwin Groothuis <edwin@FreeBSD.org> 
wrote:

> Maintainer of security/barnyard2,
>
> Please note that PR ports/156172 has just been submitted.
>
> If it contains a patch for an upgrade, an enhancement or a bug fix
> you agree on, reply to this email stating that you approve the patch
> and a committer will take care of it.
>
> The full text of the PR can be found at:
>     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/156172

The attached patch bumps PORTREVISION from 1 to 2, removes the RUN_DEPENDS 
for snort and adds suricata to the COMMENT line.

-- 
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
Comment 6 Olli Hauer freebsd_committer freebsd_triage 2011-04-04 19:12:08 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->ohauer

I'll take it
Comment 7 dfilter service freebsd_committer freebsd_triage 2011-04-04 22:28:24 UTC 
ohauer      2011-04-04 21:28:15 UTC

  FreeBSD ports repository

  Modified files:
    security/barnyard2   Makefile 
  Log:
   - make snort and suricata optional
   - bump portrevision
  
  PR:             ports/156172
  Submitted by:   Nikolay Denev <ndenev _at_ gmail.com>
  Approved by:    Paul Schmehl <pauls _at_ utdallas.edu> (maintainer)
  
  Revision  Changes    Path
  1.7       +13 -5     ports/security/barnyard2/Makefile
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 8 Olli Hauer freebsd_committer freebsd_triage 2011-04-04 23:48:00 UTC 
State Changed
From-To: feedback->closed

Comitted, with minor changes