ports/security/blocksshd

Paul Schmehl pauls at utdallas.edu
Fri Apr 6 19:35:50 UTC 2007 

--On April 6, 2007 9:40:58 PM +0300 Stefan Lambrev 
<stefan.lambrev at sun-fish.com> wrote:

> Hi list,
>
> Craig Butler wrote:
>> Stefan Lambrev wrote:
>>> Hi list,
>>>
>>> This is very annoying:
>>> pkg_delete: '/usr/local/etc/blocksshd.conf' fails original MD5
>>> checksum - deleted anyway.
>>> can someone fix please ?
>>>
>> did you edit it ?
> Of course i edit it, after all it is the configuration file, I have
> different table in my pf, I have specified e-mail
> where to send notification, I have whitelisted IPs and etc.
> And simple upgrade *destroy* my configurations which is not nice ;)
> If I have little more time tomorrow I can send patch and the config file
> will be renamed to .sample
> so upgrading won't destroy configuration, and if you prefer I can add
> and pkg-msg or *echo* to tell user to copy
> config.sample to config when installing.
> If I have time I can even *steal* from other ports and make the port
> only to create blocksshd.conf only if it does not exist :)
> Sorry for moaning without sending patches ;)

The Porters Handbook (section 7.3) is pretty clear about this:
"If your port requires some configuration files in PREFIX/etc, do not just 
install them and list them in pkg-plist. That will cause pkg_delete(1) to 
delete files carefully edited by the user and a new installation to wipe 
them out.

Instead, install sample files with a suffix (filename.sample will work 
well). Copy the sample file as the real configuration file, if it does not 
exist. On deinstall, delete the configuration file, but only if it was not 
modified by the user. You need to handle this both in the port Makefile, 
and in the pkg-plist (for installation from the package).

Example of the Makefile part:

post-install:
    @if [ ! -f ${PREFIX}/etc/orbit.conf ]; then \
        ${CP} -p ${PREFIX}/etc/orbit.conf.sample ${PREFIX}/etc/orbit.conf 
; \
    fi

Example of the pkg-plist part:

@unexec if cmp -s %D/etc/orbit.conf.sample %D/etc/orbit.conf; then rm -f 
%D/etc/orbit.conf; fi
etc/orbit.conf.sample
@exec if [ ! -f %D/etc/orbit.conf ] ; then cp -p %D/%F %B/orbit.conf; fi

Alternatively, print out a message pointing out that the user has to copy 
and edit the file before the software can be made to work."

A port should not be committed with this error, IMNSHO.

OTOH, it's always good practice to make backups......

Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

More information about the freebsd-ports mailing list