svn commit: r434215 - in head/net/ntopng: . files

Guido Falsi madpilot at FreeBSD.org
Thu Feb 16 14:51:07 UTC 2017 

Author: madpilot
Date: Thu Feb 16 14:51:05 2017
New Revision: 434215
URL: https://svnweb.freebsd.org/changeset/ports/434215

Log:
  - Correct GeoIP update script
  - Install GeoIP update script only when GEOIP option is enabled
  - Add deinstall script to cleanup GeoIP dat file downloaded with
    the  provided script
  - Fix startup script REQUIREs
  - Move -e argument to end of command line as suggested by upstream
    to avoid conflicts with other user provided options
  - Remove reference to unspecified security vulnerabilities in
    pkg-message, leaving a generic suggestion to protect public services
  - While here reword pkg-message and add suggestion on how to provide
    a configuration file to ntopng
  
  Thanks to Simone Mainardi <mainardi at ntop.org> (upstream developer)
  for his suggesting most of the above changes and his help.

Added:
  head/net/ntopng/files/pkg-deinstall.in   (contents, props changed)
Modified:
  head/net/ntopng/Makefile
  head/net/ntopng/files/ntopng-geoipupdate.sh.in
  head/net/ntopng/files/ntopng.in
  head/net/ntopng/pkg-message
  head/net/ntopng/pkg-plist

Modified: head/net/ntopng/Makefile
==============================================================================
--- head/net/ntopng/Makefile	Thu Feb 16 14:34:06 2017	(r434214)
+++ head/net/ntopng/Makefile	Thu Feb 16 14:51:05 2017	(r434215)
@@ -3,6 +3,7 @@
 
 PORTNAME=	ntopng
 PORTVERSION=	2.4.2017.01.20
+PORTREVISION=	1
 CATEGORIES=	net
 
 MAINTAINER=	madpilot at FreeBSD.org
@@ -21,7 +22,7 @@ LIB_DEPENDS=	librrd.so:databases/rrdtool
 GNU_CONFIGURE=	yes
 USE_LDCONFIG=	yes
 USES=	 	autoreconf cpe gmake libtool localbase mysql pathfix pkgconfig sqlite
-SUB_FILES=	ntopng-geoipupdate.sh
+SUB_FILES=	ntopng-geoipupdate.sh pkg-deinstall
 
 USERS=		ntopng
 GROUPS=		ntopng
@@ -34,6 +35,9 @@ CPE_VENDOR=	ntop
 
 OPTIONS_DEFINE=		GEOIP NLS
 OPTIONS_DEFAULT=	GEOIP
+
+OPTIONS_SUB=	yes
+
 GEOIP_LIB_DEPENDS=	libGeoIP.so:net/GeoIP
 
 NLS_USES=	gettext
@@ -45,6 +49,8 @@ post-patch:
 
 post-install:
 	${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/ntopng
+
+post-install-GEOIP-on:
 	${INSTALL_SCRIPT} ${WRKDIR}/ntopng-geoipupdate.sh ${STAGEDIR}${PREFIX}/bin
 
 .include <bsd.port.mk>

Modified: head/net/ntopng/files/ntopng-geoipupdate.sh.in
==============================================================================
--- head/net/ntopng/files/ntopng-geoipupdate.sh.in	Thu Feb 16 14:34:06 2017	(r434214)
+++ head/net/ntopng/files/ntopng-geoipupdate.sh.in	Thu Feb 16 14:51:05 2017	(r434215)
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 set -eu
-mkdir -p %%DATADIR%%/httpdocs/geoip
+mkdir -p "%%DATADIR%%/httpdocs/geoip"
 
 # arguments:
 # $1 URL
@@ -9,11 +9,11 @@ mkdir -p %%DATADIR%%/httpdocs/geoip
 _fetch() {
     url="$1"
     out="$2"
-    TEMPFILE="$(mktemp "%%DATADIR%%"/httpdocs/geoip/GeoIP.dat-XXXXXX)"
+    TEMPFILE="$(mktemp "%%DATADIR%%/httpdocs/geoip/GeoIP.dat-XXXXXX")"
     trap 'rc=$? ; set +e ; rm -f "'"$TEMPFILE"'" ; exit $rc' 0
     if fetch -o - "$url" | gunzip >> "$TEMPFILE" ; then
 	chmod 444 "$TEMPFILE"
-	if ! mv -f "$TEMPFILE" "%%DATADIR%%"/"$2" ; then
+	if ! mv -f "$TEMPFILE" "%%DATADIR%%/$2" ; then
 	    echo "Unable to replace %%DATADIR%%/$2"
 	    return 2
 	fi

Modified: head/net/ntopng/files/ntopng.in
==============================================================================
--- head/net/ntopng/files/ntopng.in	Thu Feb 16 14:34:06 2017	(r434214)
+++ head/net/ntopng/files/ntopng.in	Thu Feb 16 14:51:05 2017	(r434215)
@@ -3,7 +3,7 @@
 # $FreeBSD$
 #
 # PROVIDE: ntopng
-# REQUIRE: DAEMON
+# REQUIRE: LOGIN netif
 # KEYWORD: shutdown
 #
 # Add the following lines to /etc/rc.conf to enable ntopng:
@@ -34,7 +34,7 @@ user_path=%%PREFIX%%/etc/ntopng-users.co
 
 start_precmd=ntopng_precmd
 command=%%PREFIX%%/bin/ntopng
-command_args="-e -U ntopng -G ${ntopng_pidfile} -1 ${httpdocs_path} -2 ${scripts_path} -3 ${callbacks_path}"
+command_args="-U ntopng -G ${ntopng_pidfile} -1 ${httpdocs_path} -2 ${scripts_path} -3 ${callbacks_path} -e"
 
 ntopng_precmd()
 {

Added: head/net/ntopng/files/pkg-deinstall.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/net/ntopng/files/pkg-deinstall.in	Thu Feb 16 14:51:05 2017	(r434215)
@@ -0,0 +1,11 @@
+#!/bin/sh
+#
+# $FreeBSD$
+
+[ "$2" != "DEINSTALL" ] && exit 0
+
+[ -f "%%DATADIR%%/GeoLiteCity.dat" ] && /bin/rm "%%DATADIR%%/GeoLiteCity.dat"
+[ -f "%%DATADIR%%/GeoLiteCityv6.dat" ] && /bin/rm "%%DATADIR%%/GeoLiteCityv6.dat"
+[ -f "%%DATADIR%%/GeoIPASNum.dat.gz" ] && /bin/rm "%%DATADIR%%/GeoIPASNum.dat.gz"
+[ -f "%%DATADIR%%/GeoIPASNumv6.dat.gz" ] && /bin/rm "%%DATADIR%%/GeoIPASNumv6.dat.gz"
+[ -d "%%DATADIR%%/httpdocs/geoip" ] && /usr/bin/find "%%DATADIR%%/httpdocs/geoip" -type d -empty -delete

Modified: head/net/ntopng/pkg-message
==============================================================================
--- head/net/ntopng/pkg-message	Thu Feb 16 14:34:06 2017	(r434214)
+++ head/net/ntopng/pkg-message	Thu Feb 16 14:51:05 2017	(r434215)
@@ -1,14 +1,18 @@
 ----------------------------------------------------------------------------
 WARNING:
 
-In the past, ntop has been the subject of repeated security vulner-
-abilities, particularly relating to its web interface.  It is strongly
-suggested that you protect your ntop web interface via packet filters
-or TCP wrappers.
+ntopng runs a web interface service by default, it is suggested to protect
+such network accessible services with packet filters or TCP wrappers.
 
-Please install redis server from databases/redis or use -r to specify
-a remote one.
+ntopng requires to connect to a redis server to work. Please install redis
+server from databases/redis or use -r option via ntopng_flags to specify a
+remote one.
 
-Please use ntopng-geoipupdate.sh to update GeoIP database to the
-latest.
+If you enabled GeoIP support(the default), please use ntopng-geoipupdate.sh
+to update GeoIP database to the latest available data.
+
+To pass a configuration file to ntopng, which overrides any command
+line arguments, add something like the following to rc.conf:
+
+ntopng_flags="/path/to/file.conf"
 ----------------------------------------------------------------------------

Modified: head/net/ntopng/pkg-plist
==============================================================================
--- head/net/ntopng/pkg-plist	Thu Feb 16 14:34:06 2017	(r434214)
+++ head/net/ntopng/pkg-plist	Thu Feb 16 14:51:05 2017	(r434215)
@@ -1,5 +1,5 @@
 bin/ntopng
-bin/ntopng-geoipupdate.sh
+%%GEOIP%%bin/ntopng-geoipupdate.sh
 man/man8/ntopng.8.gz
 %%DATADIR%%/httpdocs/bootstrap/css/bootstrap-theme.css
 %%DATADIR%%/httpdocs/bootstrap/css/bootstrap-theme.css.map

More information about the svn-ports-all mailing list