Created attachment 204090 [details]
Update from 3.1.0 to 3.3.0. Obsoletes bug #236919.
Additional changes to ossec-hids-* ports:
1. Bug fixes:
- Corrected file ownership when package was created and installed by different users.
- "firewall-drop.sh" is no longer removed when package is deleted.
2. New features:
- Added LUA option. Bundled Lua support is no longer compiled in by default.
- pkgconf is now used to determine libinotify location as requested in bug #235240.
Additional changes to ossec-hids-*-config ports:
1. New features:
- Added NOFW option. This is now the default and means no "firewall-drop.sh" script is created or deleted by the port.
The ossec-hids-3.3.0.diff should be applied on ports tree root.
ossec-hids-local fails with:
====> Running Q/A tests (stage-qa)
Error: '/bin/bash' is an invalid shebang you need USES=shebangfix for 'ossec-hids/active-response/bin/ossec-pagerduty.sh'
*** Error code 1
Error: Orphaned: ossec-hids/etc/client.keys
Error: Orphaned: ossec-hids/etc/ossec.conf
Error: Orphaned: ossec-hids/logs/active-responses.log
Error: Orphaned: ossec-hids/logs/ossec.log
so pkg-plist-local is not complete ?
(In reply to Kurt Jaeger from comment #1)
This script is just a template, because it requires modification to work anyway. It is shipped this way with OSSEC.
(In reply to Kurt Jaeger from comment #2)
The list is complete.
These are configuration files and logs that are not installed intentionally. They are subject to change by the user (configuration files) or by running OSSEC (logs) so if they were included in the PLIST then the system would report wrong checksum of the files during daily report.
(In reply to Dominik Lisiak from comment #3)
BTW the PLIST file is generated automatically by the script "scripts/plist.sh" (in the port's directory) and in it is the "skip_paths" variable listing paths we don't want intentionally.
(In reply to Dominik Lisiak from comment #4)
Did you testbuild in poudriere ? The missing SHEBANG_FILES entry and those
files cause the poudriere build to abort and this would cause the package builder to fail to build the package.
If you add the four files as
then, I guess, the daily job will not complain.
(In reply to Kurt Jaeger from comment #6)
In fact I tested it with Poudriere and the build is ok. I guess it is a matter of additional setting (USE_PORTLINT=yes?).
I will not add empty files as samples (only the ossec.conf makes sense). It is pointless.
Are these missing files really cause the abort? As a port maintainer I am in no way obliged to install everything from the stage directory. That is why I created the "plist.sh" script to only select required files.
If the (In reply to Dominik Lisiak from comment #7)
The file seem to be copied to the STAGEDIR during install, and then
check-plist checks if there are files in STAGEDIR that are not listed
in pkg-plist. The problem is that an upgrade should not clobber
If user has the app installed, and an update comes in, the
clients.keys and the logs should not be removed during deinstall
and should not be overwritten on install. That's the goal here.
Is it possible to not skip those files, but to *not* install them to the
STAGEDIR ? Then it would not cause trouble in make check-plist.
Created attachment 204241 [details]
Should silent mentioned false positives of "poudriere testport".
(In reply to Kurt Jaeger from comment #8)
Hi. Any chance to commit this in near future? Anything else you need from me to be done?
(In reply to Dominik Lisiak from comment #10)
If you could please confirm the latest change passes QA (poudriere) that would be great. "should" is good, but explicit testing and confirmation is much better.
And don't forget to set the maintainer-approval attachment flag (to "+") on attachments for ports you maintain. Attachment -> Details -> maintainer-approval [+] or select the flags value during attachment.
(In reply to Kubilay Kocak from comment #11)
I confirm. Latest change passes "poudriere testport".
A commit references this bug:
Date: Sat Jun 1 19:39:13 UTC 2019
New revision: 503254
security/ossec-hids: upgrade 3.1.0 -> 3.3.0
security/ossec-hids-local: upgrade 3.1.0 -> 3.3.0
security/ossec-hids-local-config: upgrade 3.1.0 -> 3.3.0
- Added LUA option. Bundled Lua support is no longer compiled in by default
Submitted by: Dominik Lisiak <email@example.com> (maintainer)