On Mon, Apr 23 2018, Klemens Nanni <k...@openbsd.org> wrote:
> On Sun, Apr 22, 2018 at 04:04:02PM +0200, Andreas Kusalananda Kähäri wrote:
>> On Sun, Apr 22, 2018 at 04:03:23PM +0200, Andreas Kusalananda Kähäri wrote:
>> > This updates sshguard from version 1.5 to 2.1.0. One of the main
>> > reasons to update to this version is that sshguard now seems to
>> > correctly parse the OpenBSD sshd logs. One can now also block an entire
>> > subnet rather than individual IP addresses, if one is so inclined.
>> >
>> > I have been running this port for a few weeks, and it seems to work as
>> > advertised.
>> >
>> > Note that the /etc/sshguard.conf file now is required (I modified the
>> > sample file so that it hopefully fits a vanilla OpenBSD system).
>> >
>> > I posted about this update in late March when I had issues getting the
>> > sshguard service to properly shut down, but that issue has since been
>> > resolved (rc_stop() needs to send it the HUP signal).
>> >
>> > Release announcements for sshguard are available at
>> > https://www.sshguard.net/litenewz/feeds/
>
>> Index: Makefile
>> ===================================================================
>> RCS file: /cvs/ports/security/sshguard/Makefile,v
>> retrieving revision 1.11
>> diff -u -p -u -r1.11 Makefile
>> --- Makefile 11 Jan 2018 19:27:09 -0000 1.11
>> +++ Makefile 22 Apr 2018 13:47:55 -0000
>> @@ -2,8 +2,7 @@
>>
>> COMMENT= protect against brute force attacks on sshd and others
>>
>> -DISTNAME= sshguard-1.5
>> -REVISION= 4
>> +DISTNAME= sshguard-2.1.0
>> CATEGORIES= security
>>
>> # BSD
>> @@ -13,11 +12,20 @@ WANTLIB+= c pthread
>>
>> HOMEPAGE= http://www.sshguard.net/
> This has TLS.
>
>> MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=sshguard/}
>> -EXTRACT_SUFX= .tar.bz2
>> +EXTRACT_SUFX= .tar.gz
> .tar.gz is the default, just drop it.
>
>> CONFIGURE_STYLE=gnu
> Upstream ships a configure script already, `simple' is enough and the
> port builds fine.
This is a proper autoconf script thus "gnu" is correct here and helps
passing sane defaults. Any reason to use "simple" here?
>> NO_TEST= Yes
>>
>> -CONFIGURE_ARGS = --with-firewall=pf
>> +pre-install:
> SUBST_CMD should usually go into post-patch. No issue with sshguard but
> that's where it's generally safe to do as some ports copy/modify sources
> during configure.
>
>> + ${SUBST_CMD} ${WRKSRC}/doc/sshguard.8
>> + ${SUBST_CMD} ${WRKSRC}/examples/sshguard.conf.sample
>> +
>> +post-install:
>> + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sshguard
>> + ${INSTALL_DATA} ${WRKSRC}/examples/sshguard.conf.sample \
>> + ${PREFIX}/share/examples/sshguard
>> + ${INSTALL_DATA} ${WRKSRC}/examples/whitelistfile.example \
>> + ${PREFIX}/share/examples/sshguard
>>
>> .include <bsd.port.mk>
>
> Manual pages are installed under share/man/ as opposed to man/ as seen
> after `make update-plist', this can be fixed by passing prefix and
> mandir through CONFIGURE_ARGS.
No need to do that with CONFIGURE_STYLE=gnu.
py-docutils can be detected at configure time if present, the build
doesn't fail if removed after configure and the manpage content doesn't
change. So there's probably no need to force-disable it.
Can't really comment on the rest of the port or the rc.d glue.
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
