Created attachment 204090 [details] ossec-hids-3.3.0.diff Update from 3.1.0 to 3.3.0. Obsoletes bug #236919. Additional changes to ossec-hids-* ports: 1. Bug fixes: - Corrected file ownership when package was created and installed by different users. - "firewall-drop.sh" is no longer removed when package is deleted. 2. New features: - Added LUA option. Bundled Lua support is no longer compiled in by default. - pkgconf is now used to determine libinotify location as requested in bug #235240. Additional changes to ossec-hids-*-config ports: 1. New features: - Added NOFW option. This is now the default and means no "firewall-drop.sh" script is created or deleted by the port. The ossec-hids-3.3.0.diff should be applied on ports tree root.
ossec-hids-local fails with: ====> Running Q/A tests (stage-qa) Error: '/bin/bash' is an invalid shebang you need USES=shebangfix for 'ossec-hids/active-response/bin/ossec-pagerduty.sh' *** Error code 1
adding active-response/ossec-pagerduty.sh to SHEBANG_FILES causes this: Error: Orphaned: ossec-hids/etc/client.keys Error: Orphaned: ossec-hids/etc/ossec.conf Error: Orphaned: ossec-hids/logs/active-responses.log Error: Orphaned: ossec-hids/logs/ossec.log so pkg-plist-local is not complete ?
(In reply to Kurt Jaeger from comment #1) This script is just a template, because it requires modification to work anyway. It is shipped this way with OSSEC.
(In reply to Kurt Jaeger from comment #2) The list is complete. ossec-hids/etc/client.keys ossec-hids/etc/ossec.conf ossec-hids/logs/active-responses.log ossec-hids/logs/ossec.log These are configuration files and logs that are not installed intentionally. They are subject to change by the user (configuration files) or by running OSSEC (logs) so if they were included in the PLIST then the system would report wrong checksum of the files during daily report.
(In reply to Dominik Lisiak from comment #3) BTW the PLIST file is generated automatically by the script "scripts/plist.sh" (in the port's directory) and in it is the "skip_paths" variable listing paths we don't want intentionally.
(In reply to Dominik Lisiak from comment #4) Did you testbuild in poudriere ? The missing SHEBANG_FILES entry and those files cause the poudriere build to abort and this would cause the package builder to fail to build the package. If you add the four files as @sample(,ossec,0640) then, I guess, the daily job will not complain.
(In reply to Kurt Jaeger from comment #6) In fact I tested it with Poudriere and the build is ok. I guess it is a matter of additional setting (USE_PORTLINT=yes?). I will not add empty files as samples (only the ossec.conf makes sense). It is pointless. Are these missing files really cause the abort? As a port maintainer I am in no way obliged to install everything from the stage directory. That is why I created the "plist.sh" script to only select required files.
If the (In reply to Dominik Lisiak from comment #7) The file seem to be copied to the STAGEDIR during install, and then check-plist checks if there are files in STAGEDIR that are not listed in pkg-plist. The problem is that an upgrade should not clobber the files. If user has the app installed, and an update comes in, the clients.keys and the logs should not be removed during deinstall and should not be overwritten on install. That's the goal here. Is it possible to not skip those files, but to *not* install them to the STAGEDIR ? Then it would not cause trouble in make check-plist.
Created attachment 204241 [details] ossec-hids-3.3.0.diff Should silent mentioned false positives of "poudriere testport".
(In reply to Kurt Jaeger from comment #8) Hi. Any chance to commit this in near future? Anything else you need from me to be done?
(In reply to Dominik Lisiak from comment #10) If you could please confirm the latest change passes QA (poudriere) that would be great. "should" is good, but explicit testing and confirmation is much better. And don't forget to set the maintainer-approval attachment flag (to "+") on attachments for ports you maintain. Attachment -> Details -> maintainer-approval [+] or select the flags value during attachment. Thanks!
(In reply to Kubilay Kocak from comment #11) I confirm. Latest change passes "poudriere testport".
testbuilds@work
Committed, thanks!
A commit references this bug: Author: pi Date: Sat Jun 1 19:39:13 UTC 2019 New revision: 503254 URL: https://svnweb.freebsd.org/changeset/ports/503254 Log: security/ossec-hids: upgrade 3.1.0 -> 3.3.0 security/ossec-hids-local: upgrade 3.1.0 -> 3.3.0 security/ossec-hids-local-config: upgrade 3.1.0 -> 3.3.0 - Added LUA option. Bundled Lua support is no longer compiled in by default PR: 237632 Submitted by: Dominik Lisiak <dominik.lisiak@bemsoft.pl> (maintainer) Relnotes: https://github.com/ossec/ossec-hids/releases/tag/3.3.0 https://github.com/ossec/ossec-hids/releases/tag/3.2.0 Changes: head/security/ossec-hids/Makefile head/security/ossec-hids-local/Makefile head/security/ossec-hids-local/distinfo head/security/ossec-hids-local/files/ossec-hids.in head/security/ossec-hids-local/files/patch-src_Makefile head/security/ossec-hids-local/files/pkg-deinstall.in head/security/ossec-hids-local/files/pkg-install.in head/security/ossec-hids-local/pkg-plist-agent head/security/ossec-hids-local/pkg-plist-local head/security/ossec-hids-local/pkg-plist-server head/security/ossec-hids-local/scripts/plist.conf head/security/ossec-hids-local/scripts/plist.sh head/security/ossec-hids-local/scripts/sanitize-stage.sh head/security/ossec-hids-local-config/Makefile head/security/ossec-hids-local-config/distinfo head/security/ossec-hids-local-config/files/pkg-deinstall.in head/security/ossec-hids-local-config/files/pkg-install.in head/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in head/security/ossec-hids-local-config/files/template-rules-default.xml.in head/security/ossec-hids-local-config/scripts/plist.conf head/security/ossec-hids-local-config/scripts/plist.sh