Bug 244648 - security/samhain: update to 4.4.1
Summary: security/samhain: update to 4.4.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Li-Wen Hsu
Keywords: buildisok
Depends on:
Reported: 2020-03-06 23:25 UTC by Nikola Kolev
Modified: 2020-07-21 17:07 UTC (History)
3 users (show)

See Also:

samhain 4.4.1 patch (2.74 KB, text/plain)
2020-03-06 23:25 UTC, Nikola Kolev
no flags Details
updated patch to fix build failure for server mode (3.40 KB, patch)
2020-07-21 14:15 UTC, Greg Veldman
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Nikola Kolev 2020-03-06 23:25:46 UTC
Created attachment 212211 [details]
samhain 4.4.1 patch

Update security/samhain to 4.4.1

Poudriere logs look OK.
Comment 1 Automation User 2020-03-06 23:41:14 UTC
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/124097221
Comment 2 Alexey Dokuchaev freebsd_committer 2020-07-01 16:43:20 UTC
Apparently, this update breaks security/samhain-server:

> ===>  Staging for samhain-server-4.4.1
> ===>   Generating temporary packing list
> ===> Creating groups.
> ===> Creating users
> make[2]: don't know how to make scripts/samhainadmin.pl. Stop
Could you take a closer look?
Comment 3 Greg Veldman 2020-07-21 14:14:36 UTC
This appears to be an upstream bug.  Between 4.3 and 4.4, Samhain added support for OpenBSD signify to sign the database.  Because of that, the samhainadmin.pl script was split out into two variants, one for GnuPG and one for signify.  The configure script contains logic to figure out which one is actually in use and copy it to the actual samhainadmin.pl script, which the build process expects to be present with the network server option:

+if test "x${mysignify}" != x
+       cp -a scripts/samhainadmin-sig.pl scripts/samhainadmin.pl
+if test "x${mygpg}" != x
+       cp -a scripts/samhainadmin-gpg.pl scripts/samhainadmin.pl

The problem is the default port build options don't use GnuPG.  Based on that configure logic, in this case neither variant gets copied to samhainadmin.pl, which breaks the install-program make target.

I've created an updated patch which adds a fix to the configure script to deal with this case.  I'm not sure if using server mode without either GnuPG or signify is an unsupported configuration, but I'll also submit this upstream to see if this can be fixed there.
Comment 4 Greg Veldman 2020-07-21 14:15:27 UTC
Created attachment 216629 [details]
updated patch to fix build failure for server mode
Comment 5 commit-hook freebsd_committer 2020-07-21 16:35:50 UTC
A commit references this bug:

Author: lwhsu
Date: Tue Jul 21 16:35:25 UTC 2020
New revision: 542753
URL: https://svnweb.freebsd.org/changeset/ports/542753

  Update to 4.4.1

  PR:		244648
  Submitted by:	Greg Veldman <freebsd@gregv.net> (maintainer)
  Reported by:	Nikola Kolev <koue@chaosophia.net>

Comment 6 Greg Veldman 2020-07-21 16:59:10 UTC
(In reply to commit-hook from comment #5)
Li-Wen, it appears this commit missed the files/patch-configure addition that fixes the build failure Alexey mentioned.
Comment 7 commit-hook freebsd_committer 2020-07-21 17:07:58 UTC
A commit references this bug:

Author: lwhsu
Date: Tue Jul 21 17:07:41 UTC 2020
New revision: 542758
URL: https://svnweb.freebsd.org/changeset/ports/542758

  Add the missing patch from last commit

  PR:		244648
  Reported by:	Greg Veldman <freebsd@gregv.net> (maintainer)