Bug 224084 - security/rkhunter: Various pkg checksum mismatch issues in rkhunter-1.4.4
Summary: security/rkhunter: Various pkg checksum mismatch issues in rkhunter-1.4.4
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Martin Wilke
URL:
Keywords:
Depends on: 227837
Blocks:
  Show dependency treegraph
 
Reported: 2017-12-04 16:24 UTC by martin
Modified: 2019-01-11 07:43 UTC (History)
5 users (show)

See Also:
bugzilla: maintainer-feedback? (lukasz)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description martin 2017-12-04 16:24:49 UTC
I have rkhunter-1.4.4 installed from the quarterly packages build. Running "pkg check -s -g rkhunter" gives the following:

Checking rkhunter:   0%
rkhunter-1.4.4: checksum mismatch for /usr/local/var/lib/rkhunter/db/i18n/en
rkhunter-1.4.4: checksum mismatch for /usr/local/var/lib/rkhunter/db/i18n/tr
rkhunter-1.4.4: checksum mismatch for /usr/local/var/lib/rkhunter/db/i18n/tr.utf8
rkhunter-1.4.4: checksum mismatch for /usr/local/var/lib/rkhunter/tmp/group
rkhunter-1.4.4: checksum mismatch for /usr/local/var/lib/rkhunter/tmp/passwd
Checking rkhunter: 100%
Comment 1 w.schwarzenfeld freebsd_triage 2017-12-12 22:44:04 UTC
I had installed rkhunter with port. I had the same result with pkg check, but recompile rkhunter
solved this.
Comment 2 w.schwarzenfeld freebsd_triage 2017-12-15 23:45:39 UTC
No! The issue appears again.
Comment 3 SolarCatcher 2017-12-21 07:38:03 UTC
FYI: Same warnings on HardenedBSD 11.1 (v1100054) with the latest official packages from their repo.
Comment 4 Peter Putzer 2018-03-02 07:09:14 UTC
I've noticed this as well (and had hoped it would be fixed soon, but apparently it does not affect all people?). Also `rkhunter --update` now seems to fail. I already tried rebuilding the port, but to no avail.
Comment 5 Peter Putzer 2018-03-02 07:15:38 UTC
(In reply to Peter Putzer from comment #4)
OK, the update problem is due to SourceForge being down, but the checksum mismatch is still a thing :(
Comment 6 w.schwarzenfeld freebsd_triage 2018-10-12 18:20:14 UTC
Should solved with update to 1.4.6 => bug #227837.
Comment 7 martin 2018-10-15 13:38:00 UTC
(In reply to w.schwarzenfeld from comment #6)

I'm not convinced that 1.4.6 will fix this permanently, because the problems are in the port.

There are two different problems:

1) The files in /usr/local/var/lib/rkhunter/db/i18n/ can updated by the --update option.  If you want to include them in the pkg, then I think they should be handled using @sample in the pkg-plist like mirrors.dat (and renamed to *.sample in the do-install part of the Makefile).

2) The files in /usr/local/var/lib/rkhunter/tmp/passwd and /usr/local/var/lib/rkhunter/tmp/group are updated when rkhunter is run, so should not be copied into the pkg.  I think pkg-plist should be changed to replace

var/lib/rkhunter/tmp/passwd

by something like

@postexec cp /etc/passed %D/var/lib/rkhunter/tmp/passwd 2> /dev/null || true
@postunexec rm -f %D/var/lib/rkhunter/tmp/passwd 2> /dev/null || true

and ditto for var/lib/rkhunter/tmp/group.
Comment 8 w.schwarzenfeld freebsd_triage 2018-10-15 13:58:08 UTC
You are right, I change it in the other PR: