Bug 217656 - [PATCH] security/bro: Update to 2.5, unbreak build with BROKER, add rc.d script
Summary: [PATCH] security/bro: Update to 2.5, unbreak build with BROKER, add rc.d script
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: FreeBSD Ports Bugs (Mailing List)
Keywords: patch
Depends on:
Reported: 2017-03-09 04:19 UTC by leres
Modified: 2017-03-12 18:16 UTC (History)
1 user (show)

See Also:

patch (36.04 KB, text/plain)
2017-03-09 04:19 UTC, leres
leres: maintainer-approval+
patch (36.14 KB, patch)
2017-03-09 18:07 UTC, leres
leres: maintainer-approval+
Details | Diff
poudriere build log (with BROKER enabled) (996.54 KB, text/plain)
2017-03-09 18:09 UTC, leres
no flags Details
patch (41.44 KB, patch)
2017-03-12 18:16 UTC, leres
leres: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description leres 2017-03-09 04:19:25 UTC
Created attachment 180661 [details]

This PR updates security/bro from 2.4.1 to 2.5. It unbreaks building with BROKER enabled and resolves PR 212433:

    security/bro: Add rc script to work with rc.conf

All existing patch files except patch-aux-broker-CMakeLists.txt should be removed.

bro 2.4.1 required devel/caf 0.13.X but devel/caf was upgraded to 0.14.X around the time bro 2.4.1 was release so at the time we used patches to bro that the developers provided.

bro 2.5 requires devel/caf 0.14.X but devel/caf was recently updated to 0.15.3 which is massively incompatible (and currently prevents security/bro 2.4.1 from compiling when the BROKER option is selected). The developers reported that patching bro to work with caf 0.15.X would be difficult so rather than chasing the caf port bro now builds caf 0.14.5 statically. Included are two new patch files from the developers for caf that clean up some sharp edges involved with using caf in this manner.

The new rc.d script was contributed by mshirk@daemon-security.com (PR 212433).

Finally, bro is now built using ninja which is what the developers use.
Comment 1 leres 2017-03-09 04:22:35 UTC
(I have a poudriere build log but apparently it's too buku to attach to this PR.)
Comment 2 leres 2017-03-09 18:07:03 UTC
Created attachment 180676 [details]

Here is a revised patchset with two improvements. Make CXXFLAGS closer to what the developers use and reduce the number of warning lines by 100X. Also only install rc.d script when BROCTL is selected.
Comment 3 leres 2017-03-09 18:09:20 UTC
Created attachment 180677 [details]
poudriere build log (with BROKER enabled)
Comment 4 Thomas Zander freebsd_committer 2017-03-12 10:04:55 UTC
(In reply to leres from comment #2)

Could you revisit the patch with regard to these two portlint findings:
FATAL: Makefile: bro listed in SUB_FILES/USE_RC_SUBR, but files/bro.in is missing.
WARN: /poudriere/ports/default/security/bro/files/patch-aux-broker-CMakeLists.txt: patch was not generated using ``make makepatch''.  It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
Comment 5 leres 2017-03-12 18:16:28 UTC
Created attachment 180753 [details]

New patchset with bro.in included and portlint makepatch warnings fixed.

Note: The patch file names have changed so please remove all old files/patch-* files before applying this patchset.