On Wed, 02 Jan 2019 at 10:56:39 +0100, Andreas Kusalananda Kähäri wrote: > On Tue, Jan 01, 2019 at 07:03:36PM +0100, Remi Pointel wrote: > > On 12/24/18 8:24 PM, Andreas Kusalananda Kähäri wrote: > > > Just resending this. > > > > > > I got some comments from Stuart Henderson on a previous iteration of > > > this, and the issues that he mentioned (unorthodox HUP for terminating > > > the service, and various other fixes to the Makefile) have all been > > > resolved. The weird does-not-start-on-boot issue that the 1.5 release > > > apparently also has (according to some that followed up earlier, and > > > that I spent some time debugging when I packaged 2.2.0) has been > > > resolved by ignoring HUP in a couple of places. > > > > > > Regards > > > > Hi, > > > > sounds good to me, just remove the "NO_TEST = Yes" because there are > > regression tests. > > > > Cheers, > > > > Remi. > > I enabled the tests. The 147 supplied tests runs and passes (no fails). > The tests do not require any additional dependencies. > > New diff attached. Thanks! > > > -- > Andreas Kusalananda Kähäri, > National Bioinformatics Infrastructure Sweden (NBIS), > Uppsala University, Sweden.
> Index: Makefile > =================================================================== > RCS file: /extra/cvs/ports/security/sshguard/Makefile,v > retrieving revision 1.13 > diff -u -p -r1.13 Makefile > --- Makefile 4 Sep 2018 12:46:21 -0000 1.13 > +++ Makefile 2 Jan 2019 09:37:46 -0000 > @@ -2,22 +2,29 @@ > > COMMENT= protect against brute force attacks on sshd and others > > -DISTNAME= sshguard-1.5 > -REVISION= 6 > +DISTNAME= sshguard-2.3.0 > CATEGORIES= security > > +HOMEPAGE= https://www.sshguard.net/ > + > +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=sshguard/} > + > +MAINTAINER= Andreas Kusalananda Kahari <andreas.kah...@abc.se> > + > # BSD > PERMIT_PACKAGE_CDROM= Yes > > WANTLIB+= c pthread > > -HOMEPAGE= https://www.sshguard.net/ > -MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=sshguard/} > -EXTRACT_SUFX= .tar.bz2 > - > CONFIGURE_STYLE=gnu > -CONFIGURE_ARGS= --with-firewall=pf > > -NO_TEST= Yes > +post-patch: > + ${SUBST_CMD} ${WRKSRC}/doc/sshguard.8 \ > + ${WRKSRC}/examples/sshguard.conf.sample > + > +post-install: > + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sshguard > + ${INSTALL_DATA} ${WRKSRC}/examples/*.{example,sample} \ > + ${PREFIX}/share/examples/sshguard > > .include <bsd.port.mk> > Index: distinfo > =================================================================== > RCS file: /extra/cvs/ports/security/sshguard/distinfo,v > retrieving revision 1.3 > diff -u -p -r1.3 distinfo > --- distinfo 27 Jan 2014 15:49:15 -0000 1.3 > +++ distinfo 18 Dec 2018 16:31:02 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (sshguard-1.5.tar.bz2) = tTf4dlRV/fhCT4fUvWleW2dbiOXRZIZUUhN5Rwk+fhk= > -SIZE (sshguard-1.5.tar.bz2) = 303767 > +SHA256 (sshguard-2.3.0.tar.gz) = 1LU/h6PCZlLloombFlBrgV+lajaq9b3pwnBL+xoMoGg= > +SIZE (sshguard-2.3.0.tar.gz) = 755702 > Index: patches/patch-configure > =================================================================== > RCS file: patches/patch-configure > diff -N patches/patch-configure > --- patches/patch-configure 24 Jun 2018 10:54:19 -0000 1.1 > +++ /dev/null 1 Jan 1970 00:00:00 -0000 > @@ -1,13 +0,0 @@ > -$OpenBSD: patch-configure,v 1.1 2018/06/24 10:54:19 kn Exp $ > - > -Index: configure > ---- configure.orig > -+++ configure > -@@ -5949,7 +5949,6 @@ then > - STD99_CFLAGS="-xc99" > - else > - # other compiler (assume gcc-compatibile :( ) > -- OPTIMIZER_CFLAGS="-O2" > - WARNING_CFLAGS="-Wall" > - STD99_CFLAGS="-std=c99" > - fi > Index: patches/patch-doc_sshguard_8 > =================================================================== > RCS file: patches/patch-doc_sshguard_8 > diff -N patches/patch-doc_sshguard_8 > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-doc_sshguard_8 4 Dec 2018 21:52:04 -0000 > @@ -0,0 +1,16 @@ > +$OpenBSD$ > + > +Index: doc/sshguard.8 > +--- doc/sshguard.8.orig > ++++ doc/sshguard.8 > +@@ -119,8 +119,8 @@ Set to enable verbose output from sshg\-blocker. > + .SH FILES > + .INDENT 0.0 > + .TP > +-.B %PREFIX%/etc/sshguard.conf > +-See sample configuration file. > ++.B ${SYSCONFDIR}/sshguard.conf > ++See sample configuration file in > ${PREFIX}/share/examples/sshguard/sshguard.conf.sample > + .UNINDENT > + .SH WHITELISTING > + .sp > Index: patches/patch-examples_sshguard_conf_sample > =================================================================== > RCS file: patches/patch-examples_sshguard_conf_sample > diff -N patches/patch-examples_sshguard_conf_sample > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-examples_sshguard_conf_sample 4 Dec 2018 16:14:34 > -0000 > @@ -0,0 +1,17 @@ > +$OpenBSD$ > + > +Index: examples/sshguard.conf.sample > +--- examples/sshguard.conf.sample.orig > ++++ examples/sshguard.conf.sample > +@@ -7,9 +7,11 @@ > + #### REQUIRED CONFIGURATION #### > + # Full path to backend executable (required, no default) > + #BACKEND="/usr/local/libexec/sshg-fw-iptables" > ++BACKEND="${TRUEPREFIX}/libexec/sshg-fw-pf" > + > + # Space-separated list of log files to monitor. (optional, no default) > + #FILES="/var/log/auth.log /var/log/authlog /var/log/maillog" > ++FILES=/var/log/authlog > + > + # Shell command that provides logs on standard output. (optional, no > default) > + # Example 1: ssh and sendmail from systemd journal: > Index: patches/patch-src_blocker_blocker_c > =================================================================== > RCS file: patches/patch-src_blocker_blocker_c > diff -N patches/patch-src_blocker_blocker_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_blocker_blocker_c 6 Dec 2018 10:37:47 -0000 > @@ -0,0 +1,15 @@ > +$OpenBSD$ > + > +Index: src/blocker/blocker.c > +--- src/blocker/blocker.c.orig > ++++ src/blocker/blocker.c > +@@ -139,7 +139,8 @@ int main(int argc, char *argv[]) { > + > + /* termination signals */ > + signal(SIGTERM, sigfin_handler); > +- signal(SIGHUP, sigfin_handler); > ++ /* Don't install handler for HUP */ > ++ /* signal(SIGHUP, sigfin_handler); */ > + signal(SIGINT, sigfin_handler); > + atexit(finishup); > + > Index: patches/patch-src_fwalls_command_c > =================================================================== > RCS file: patches/patch-src_fwalls_command_c > diff -N patches/patch-src_fwalls_command_c > --- patches/patch-src_fwalls_command_c 9 Sep 2011 20:13:28 -0000 > 1.1 > +++ /dev/null 1 Jan 1970 00:00:00 -0000 > @@ -1,15 +0,0 @@ > -$OpenBSD: patch-src_fwalls_command_c,v 1.1 2011/09/09 20:13:28 naddy Exp $ > - > -Allow building with gcc3. > - > ---- src/fwalls/command.c.orig Fri Sep 9 22:07:56 2011 > -+++ src/fwalls/command.c Fri Sep 9 22:08:12 2011 > -@@ -59,7 +59,7 @@ int fw_block(const char *restrict addr, int addrkind, > - return (run_command(COMMAND_BLOCK, addr, addrkind, service) == 0 ? > FWALL_OK : FWALL_ERR); > - } > - > --int fw_block_list(const char *restrict addresses[], int addrkind, const int > service_codes[]) { > -+int fw_block_list(const char *restrict *addresses, int addrkind, const int > service_codes[]) { > - /* block each address individually */ > - int i; > - > Index: patches/patch-src_sshguard_fw_h > =================================================================== > RCS file: patches/patch-src_sshguard_fw_h > diff -N patches/patch-src_sshguard_fw_h > --- patches/patch-src_sshguard_fw_h 9 Sep 2011 20:13:28 -0000 1.1 > +++ /dev/null 1 Jan 1970 00:00:00 -0000 > @@ -1,15 +0,0 @@ > -$OpenBSD: patch-src_sshguard_fw_h,v 1.1 2011/09/09 20:13:28 naddy Exp $ > - > -Allow building with gcc3. > - > ---- src/sshguard_fw.h.orig Fri Sep 9 22:07:03 2011 > -+++ src/sshguard_fw.h Fri Sep 9 22:07:20 2011 > -@@ -85,7 +85,7 @@ int fw_block(const char *restrict addr, int addrkind, > - * > - * @return FWALL_OK or FWALL_ERR > - */ > --int fw_block_list(const char *restrict addresses[], int addrkind, const int > service_codes[]); > -+int fw_block_list(const char *restrict *addresses, int addrkind, const int > service_codes[]); > - > - > - /** > Index: patches/patch-src_sshguard_in > =================================================================== > RCS file: patches/patch-src_sshguard_in > diff -N patches/patch-src_sshguard_in > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_sshguard_in 6 Dec 2018 10:35:54 -0000 > @@ -0,0 +1,15 @@ > +$OpenBSD$ > + > +Index: src/sshguard.in > +--- src/sshguard.in.orig > ++++ src/sshguard.in > +@@ -5,6 +5,9 @@ > + # entire process group (subshell) on exit/interrupts. > + trap "trap - TERM && kill 0" INT TERM EXIT > + > ++# Ignore HUP > ++trap "" HUP > ++ > + libexec="@libexecdir@" > + version="@sshguardversion@" > + > Index: patches/patch-src_sshguard_logsuck_c > =================================================================== > RCS file: patches/patch-src_sshguard_logsuck_c > diff -N patches/patch-src_sshguard_logsuck_c > --- patches/patch-src_sshguard_logsuck_c 7 Mar 2011 17:44:16 -0000 > 1.2 > +++ /dev/null 1 Jan 1970 00:00:00 -0000 > @@ -1,12 +0,0 @@ > -$OpenBSD: patch-src_sshguard_logsuck_c,v 1.2 2011/03/07 17:44:16 rpointel > Exp $ > ---- src/sshguard_logsuck.c.orig Wed Feb 9 13:01:47 2011 > -+++ src/sshguard_logsuck.c Sat Mar 5 19:27:53 2011 > -@@ -242,7 +242,7 @@ int logsuck_getline(char *restrict buf, size_t buflen, > - if (ret > 0) { > - if (kevs[0].filter == EVFILT_READ) { > - /* got data on this one. Read from it */ > -- sshguard_log(LOG_DEBUG, "Searching for fd %lu in list.", > kevs[0].ident); > -+ sshguard_log(LOG_DEBUG, "Searching for fd %u in list.", > kevs[0].ident); > - readentry = list_seek(& sources_list, & kevs[0].ident); > - assert(readentry != NULL); > - assert(readentry->active); > Index: patches/patch-src_sshguard_procauth_c > =================================================================== > RCS file: patches/patch-src_sshguard_procauth_c > diff -N patches/patch-src_sshguard_procauth_c > --- patches/patch-src_sshguard_procauth_c 7 Sep 2010 12:23:43 -0000 > 1.1.1.1 > +++ /dev/null 1 Jan 1970 00:00:00 -0000 > @@ -1,12 +0,0 @@ > -$OpenBSD: patch-src_sshguard_procauth_c,v 1.1.1.1 2010/09/07 12:23:43 > millert Exp $ > ---- src/sshguard_procauth.c.orig Mon Aug 9 02:44:15 2010 > -+++ src/sshguard_procauth.c Mon Aug 30 13:05:40 2010 > -@@ -192,7 +192,7 @@ static int procauth_ischildof(pid_t child, pid_t paren > - dup2(ps2me[1], 1); > - > - sshguard_log(LOG_DEBUG, "Running 'ps axo pid,ppid'."); > -- execlp("ps", "ps", "axo", "pid,ppid", NULL); > -+ execlp("ps", "ps", "axo", "pid,ppid", (char *)0); > - > - sshguard_log(LOG_ERR, "Unable to run 'ps axo pid,ppid': %s.", > strerror(errno)); > - exit(-1); > Index: pkg/PLIST > =================================================================== > RCS file: /extra/cvs/ports/security/sshguard/pkg/PLIST,v > retrieving revision 1.5 > diff -u -p -r1.5 PLIST > --- pkg/PLIST 4 Sep 2018 12:46:21 -0000 1.5 > +++ pkg/PLIST 5 Dec 2018 08:15:56 -0000 > @@ -1,6 +1,23 @@ > @comment $OpenBSD: PLIST,v 1.5 2018/09/04 12:46:21 espie Exp $ > @pkgpath security/sshguard,tcpd > +@rcscript ${RCDIR}/sshguard > +@bin libexec/sshg-blocker > +libexec/sshg-fw-firewalld > +@bin libexec/sshg-fw-hosts > +libexec/sshg-fw-ipfilter > +libexec/sshg-fw-ipfw > +libexec/sshg-fw-ipset > +libexec/sshg-fw-iptables > +libexec/sshg-fw-nft-sets > +libexec/sshg-fw-null > +libexec/sshg-fw-pf > +libexec/sshg-logtail > +@bin libexec/sshg-parser > +@man man/man7/sshguard-setup.7 > @man man/man8/sshguard.8 > -@bin sbin/sshguard > +sbin/sshguard > share/doc/pkg-readmes/${PKGSTEM} > -@rcscript ${RCDIR}/sshguard > +share/examples/sshguard/ > +share/examples/sshguard/sshguard.conf.sample > +@sample ${SYSCONFDIR}/sshguard.conf > +share/examples/sshguard/whitelistfile.example > Index: pkg/README > =================================================================== > RCS file: /extra/cvs/ports/security/sshguard/pkg/README,v > retrieving revision 1.3 > diff -u -p -r1.3 README > --- pkg/README 4 Sep 2018 12:46:21 -0000 1.3 > +++ pkg/README 5 Dec 2018 08:16:29 -0000 > @@ -4,7 +4,8 @@ $OpenBSD: README,v 1.3 2018/09/04 12:46: > | Running ${PKGSTEM} on OpenBSD > +----------------------------------------------------------------------- > > -To use sshguard with pf(4), add the following to /etc/pf.conf: > +To use ${PKGSTEM} with pf(4), add something similar to the following to > +${SYSCONFDIR}/pf.conf: > > table <sshguard> persist > > Index: pkg/sshguard.rc > =================================================================== > RCS file: /extra/cvs/ports/security/sshguard/pkg/sshguard.rc,v > retrieving revision 1.4 > diff -u -p -r1.4 sshguard.rc > --- pkg/sshguard.rc 11 Jan 2018 19:27:09 -0000 1.4 > +++ pkg/sshguard.rc 6 Dec 2018 11:44:46 -0000 > @@ -3,9 +3,10 @@ > # $OpenBSD: sshguard.rc,v 1.4 2018/01/11 19:27:09 rpe Exp $ > > daemon="${TRUEPREFIX}/sbin/sshguard" > -daemon_flags="-l /var/log/authlog" > > . /etc/rc.d/rc.subr > + > +pexp="${TRUEPREFIX}/libexec/sshg-blocker .*" > > rc_bg=YES > rc_reload=NO I am kinda OK with this, after the: /etc/rc.d/sshguard -fd stop $ ps auwx | grep sshguard root 37238 0.0 0.1 840 664 p1 Ip 12:19PM 0:00.01 /bin/sh /usr/local/sbin/sshguard Not quite dead, you have the same on your setup? -- Sending from my toaster.
