Ticket #46087: patch-logsentry-Portfile.diff

security/logsentry/Portfile

@@ -1 +1 @@
 # -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
-# $Id: Portfile 128369 2014-11-20 04:10:57Z khindenburg@macports.org $
+# $Id: Portfile 50984 2009-05-14 21:08:43Z and.damore@macports.org $
 
 PortSystem          1.0
 
 name                logsentry
 version             1.1.1
+revision            1
 distname            logcheck-${version}
 categories          security
-maintainers         touche.fr.st:julien.touche
-description         logfile auditing tool
-long_description \
-    Logsentry is a scheduled auditing tool that scans system log files \
-    for security violations and unusual activity. Reports of suspicious \
-    log entries are mailed to a specified user (usually root). \
-    \
-    Logsentry was formerly known as logcheck.
-
+maintainers         yahoo.fr:jul_bsd openmaintainer
+description         logfile auditing tool (previously logcheck)
+long_description  \
+          Logsentry is a scheduled auditing tool that scans system log files \
+          for security violations and unusual activity. Reports of suspicious \
+          log entries are mailed to a specified user (usually root). \
+          \
+          Logsentry was formerly known as logcheck.
 homepage            http://sourceforge.net/projects/sentrytools
-master_sites        sourceforge:sentrytools
-
 platforms           darwin
-checksums           md5 e97c2f096e219e20310c1b80e9e1bc29
+license             GPL-2
 
-configure {}
-build.target        build
+use_configure       no
+#post-configure {
+#    addgroup logcheck
+#    add_users logcheck gid=[existsgroup logcheck] home=${prefix}/var/db/logcheck shell=/sbin/nologin realname=logcheck\ user
+#}
+add_users logcheck group=logcheck home=${prefix}/var/db/logcheck shell=/sbin/nologin realname=logcheck\ user
+
+
+## original tool but unmaintained since 2003
+if {${subport} eq ${name}} {
+    checksums           rmd160  1865f598b4bf32af466d4aec5e0803249a61c442 \
+                        sha256  dfe4cb29305c619dc0a0aca5b11b2bd397baccf3076b48f03457f66f299ab42e
+    master_sites        sourceforge:sentrytools
+    patchfiles          patch-Makefile.diff
+    post-patch {
+        reinplace "s|^TMPDIR = /usr/local/etc/tmp|TMPDIR = /var/tmp|" ${worksrcpath}/Makefile
+        reinplace "s|^TMPDIR=/usr/local/etc/tmp|TMPDIR=/var/tmp|" ${worksrcpath}/systems/generic/logcheck.sh
+        reinplace "s|/usr/local/etc/logcheck.|${prefix}/etc/${name}/logcheck.|" ${worksrcpath}/systems/generic/logcheck.sh
+        reinplace "s|/usr/local/|${prefix}/|" ${worksrcpath}/systems/generic/logcheck.sh
+    }
+    build.target        build
+    destroot.target     install
+    variant universal {}
+    build.args          CC=${configure.cc}
+    configure.cflags-append "${configure.cflags} [get_canonical_archflags cc]"
+
+    destroot {
+        xinstall -d ${destroot}${prefix}/etc/${name}
+        xinstall -d ${destroot}${prefix}/share/doc/${name}
+        foreach doc_file { CREDITS INSTALL README README.how.to.interpret README.keywords } {
+            xinstall -m 644 ${worksrcpath}/$doc_file ${destroot}${prefix}/share/doc/${name}/
+        }
+        foreach file { logcheck.violations logcheck.violations.ignore \
+             logcheck.ignore logcheck.hacking } {
+            xinstall -m 644 ${worksrcpath}/systems/generic/$file ${destroot}${prefix}/etc/${name}/
+        }
+        xinstall -m 755 ${worksrcpath}/src/logtail ${destroot}${prefix}/bin/
+        xinstall -m 755 ${worksrcpath}/systems/generic/logcheck.sh ${destroot}${prefix}/bin/
+
+        xinstall -d ${destroot}${prefix}/share/examples/logcheck
+        xinstall ${filespath}/org.macports.logsentry.plist ${destroot}${prefix}/share/examples/logcheck/
+        reinplace "s|%%PREFIX%%|${prefix}|" ${destroot}${prefix}/share/examples/logcheck/org.macports.logsentry.plist
+    }
+
+    livecheck.type      regex
+    livecheck.url       http://sourceforge.net/projects/sentrytools/files/logcheck%201.x/
+    livecheck.regex     "logcheck-(\\d+(?:\\.\\d+)*)"
 
-patchfiles          patch-Makefile
-destroot.target     install
-
-post-patch {
-    reinplace "s|^TMPDIR = /usr/local/etc/tmp|TMPDIR = ${prefix}/var/tmp|" ${worksrcpath}/Makefile
+    conflicts ${name}-debian
 }
 
-destroot {
-    file mkdir ${destroot}${prefix}/etc/${name}
-    file mkdir ${destroot}${prefix}/share/doc/${name}
-    foreach doc_file {
-        CREDITS INSTALL README README.how.to.interpret README.keywords
-    } { system "install -m 644 ${worksrcpath}/$doc_file ${destroot}${prefix}/share/doc/${name}" }
-    foreach file {
-        logcheck.violations logcheck.violations.ignore \
-        logcheck.ignore logcheck.hacking
-    } { system "install -m 644 ${worksrcpath}/systems/generic/$file ${destroot}${prefix}/etc/${name}" }
-    system "install -m 755 ${worksrcpath}/src/logtail ${destroot}${prefix}/bin/"
-    system "install -m 755 ${worksrcpath}/systems/generic/logcheck.sh ${destroot}${prefix}/bin/"
-}
+## currently maintained tool by debian team, both install are not conflicting except for new plist
+## FIXME! debian logcheck need lockfile-progs/liblockfile OK, syslog-summary?
+subport ${name}-debian {
+    homepage            https://packages.debian.org/fr/sid/logcheck
+    version             1.3.17
+    ## any mirror/keyword for debian?
+    master_sites        http://ftp.de.debian.org/debian/pool/main/l/logcheck/
+    distname            logcheck_${version}
+    use_xz              yes
+    checksums           rmd160  7fd13a3b41c97fe8458925031737c9e2d79c0afc \
+                        sha256  c2d3fc323e8c6555e91d956385dbfd0f67b55872ed0f6a7ad8ad2526a9faf03a
+    worksrcdir          logcheck-${version}
+
+    depends_run         port:lockfile-progs port:p5.16-mime-construct
+
+    ## All executable are now scripts: shell or perl
+    build {}
+    supported_archs     noarch
+    destroot.destdir    DESTDIR=${destroot}${prefix}
+
+    post-patch {
+        reinplace "s|DIR = usr/|DIR = |" ${worksrcpath}/Makefile
+        reinplace "s|PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin|PATH=${prefix}/sbin:${prefix}/bin:/sbin:/bin:/usr/sbin:/usr/bin|" ${worksrcpath}/debian/logcheck.cron.d
+        reinplace "s|/usr/bin/lockfile-|${prefix}/bin/lockfile-|" ${worksrcpath}/src/logcheck
+        reinplace "s|=\"/etc|=\"${prefix}/etc|" ${worksrcpath}/src/logcheck
+        reinplace "s|=\"/var|=\"${prefix}/var|" ${worksrcpath}/src/logcheck
+        reinplace "s|=/var/lock|=${prefix}/var/lock|" ${worksrcpath}/src/logcheck
+        reinplace "s|/usr/sbin/logtail2|${prefix}/sbin/logtail2|" ${worksrcpath}/src/logcheck
+        reinplace "s|mktemp -d -p \"\$\{TMP:-/tmp\}\" |mktemp -d \${TMP:-/tmp}/|" ${worksrcpath}/src/logcheck
+        reinplace "s|mime-construct|mime-construct-5.16|" ${worksrcpath}/src/logcheck
+
+        ## review install permissions, nothing sensitive
+        reinplace "s|-m 750 |-m 755 |;s|-m 2750 |-m 2755 |;s|-m 640 |-m 644|;" ${worksrcpath}/Makefile
+    }
+    pre-destroot {
+        xinstall -d -m 755 ${destroot}${prefix}/etc/logcheck
+    }
+    post-destroot {
+        xinstall -d ${destroot}${prefix}/share/examples/logcheck
+        xinstall ${worksrcpath}/debian/logcheck.cron.d ${destroot}${prefix}/share/examples/logcheck/
+        xinstall ${filespath}/org.macports.logsentry.plist ${destroot}${prefix}/share/examples/logcheck/
+        reinplace "s|%%PREFIX%%|${prefix}|" ${destroot}${prefix}/share/examples/logcheck/org.macports.logsentry.plist
+        xinstall -d -o logcheck ${destroot}${prefix}/var/lib/logcheck
+        xinstall -d ${destroot}${prefix}/share/docs/logcheck
+        xinstall ${worksrcpath}/debian/README.Debian ${destroot}${prefix}/share/docs/logcheck/
+        foreach f { README-psionic README.how.to.interpret README.keywords README.logcheck README.logcheck-database README.logtail } {
+            xinstall ${worksrcpath}/docs/${f} ${destroot}${prefix}/share/docs/logcheck/
+        }
+        xinstall ${worksrcpath}/debian/header.txt ${destroot}${prefix}/etc/logcheck/
+
+        reinplace "s|/var/log/syslog|/private/var/log/system.log|;s|/var/log/auth.log|/var/log/authd.log|;" ${destroot}${prefix}/etc/logcheck/logcheck.logfiles
+
+        xinstall -o logcheck -d ${destroot}${prefix}/var/lock/logcheck
+        destroot.keepdirs ${destroot}${prefix}/var/lib/logcheck ${destroot}${prefix}/var/lock/logcheck
+    }
+    test.run            yes
+    test.target         system-test
+
+    livecheck.type      regex
+    livecheck.url       ${homepage}
+    livecheck.regex     "logcheck \\((\\d+(?:\\.\\d+)*)\\)"
+
+    ## FIXME! on run
+    ## /opt/local/sbin/logcheck : ligne 426 : 47161 Segmentation fault: 11  $LOGTAIL $LOGTAIL_OPTS -f "$file" -o "$offsetfile" >> "$TMPDIR/logoutput/$(basename "$file")" 2>&1
+
+    notes "
+This package contains Debian version of logcheck as original project is currently unmaintained since 2003.
+You have an example cron and launchd configuration files in examples dir which are fit to run as the dedicated logcheck user.
+
+In order for logcheck user to read system log files, you have to include it in admin group
+    # dseditgroup -o edit -a logcheck -t user admin
+
+You are also advised to check that local or remote mail delivery is enabled. You may need to adjust files
+    /System/Library/LaunchDaemons/org.postfix.master.plist
+    /etc/aliases
 
-post-destroot {
-    file mkdir ${destroot}${prefix}/var/tmp
-    system "touch ${destroot}${prefix}/var/tmp/.turd"
-    system "chmod 700 ${destroot}${prefix}/var/tmp"
+Please adapt to your environment before using in production.
+"
+
+    conflicts ${name}
 }
+
+## FIXME! cron/launchd conf
+