ports/188679: security/cfengine hard-coded passwords in 3.5.3

[Dewayne]

>Number:         188679
>Category:       ports
>Synopsis:       security/cfengine hard-coded passwords in 3.5.3
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr 16 03:20:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator:     Dewayne
>Release:        FreeBSD 9.2S
>Organization:
>Environment:
>Description:
I haven't had time to analyse whether or not this is a significant issue; nor do I wish to  suggest some nefarious tracking mechanism.  However in the interests of openness, I'd like to share a mechanism to replace hard-coded passwords that were found in the cfengine35 port.

>How-To-Repeat:

>Fix:
Either insert the variables into the Makefile, for example
CFE_PASSWD_PRIV='privsecret'
CFE_PASSWD_PUB='\"pubsecret\"'
or pass them via the command line.

------------
 post-patch:
# You will need to prepend each line with a tab
@${REINPLACE_CMD} -e '/\*passphrase/s/Cfengine passphrase/${CFE_PASSWD_PRIV}/' \
-e '/\*passphrase/s/\"public\"/${CFE_PASSWD_PUB}/' \
${WRKSRC}/cf-key/cf-key.c ${WRKSRC}/libpromises/crypto.c \
${WRKSRC}/cf-key/cf-key-functions.c

------------
Ideally this should be an option, but that requires greater famility with the ports system.

The source file location of the passwords has changed with some cfengine revisions, and no doubt will again. 

>Release-Note:
>Audit-Trail:
>Unformatted: