any comments on this change to the ngrep port?
- drop privs to a new _ngrep user rather than nobody,
- chroot to /var/empty,
- support pppoe,
- autoconf surgery (functional rather than pretty) to use a version
of pcre from the century of the fruitbat,
- fix license marker, regen plist
for those who don't know it, here's pkg/DESCR:
ngrep strives to provide most of GNU grep's common features,
applying them to the network layer. ngrep is a pcap-aware tool that
will allow you to specify extended regular expressions to match
against data payloads of packets. It currently recognizes TCP and
UDP across ethernet, ppp and slip interfaces, and understands bpf
filter logic in the same fashion as more common packet sniffing
tools, like tcpdump and snoop.
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/ngrep/Makefile,v
retrieving revision 1.27
diff -N -u -p Makefile
--- Makefile 15 Sep 2007 22:36:56 -0000 1.27
+++ Makefile 26 Mar 2009 22:32:02 -0000
@@ -3,20 +3,22 @@
COMMENT= network grep
DISTNAME= ngrep-1.45
-PKGNAME= ${DISTNAME}p0
+PKGNAME= ${DISTNAME}p1
CATEGORIES= net
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ngrep/}
EXTRACT_SUFX= .tar.bz2
HOMEPAGE= http://ngrep.sourceforge.net/
-# GPL
+# custom BSD-like
PERMIT_PACKAGE_CDROM= Yes
PERMIT_PACKAGE_FTP= Yes
PERMIT_DISTFILES_CDROM= Yes
PERMIT_DISTFILES_FTP= Yes
-WANTLIB= c pcap
+WANTLIB= c pcap
+LIB_DEPENDS= pcre::devel/pcre
+
NO_REGRESS= Yes
USE_GMAKE= Yes
@@ -24,6 +26,9 @@ USE_LIBTOOL= Yes
AUTOCONF_VERSION= 2.60
CONFIGURE_STYLE= autoconf no-autoheader
CONFIGURE_ARGS+= --enable-ipv6 \
- --enable-pcre
+ --enable-pcre \
+ --with-dropprivs-user=_ngrep
+CONFIGURE_ENV= CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \
+ LDFLAGS=-L${LOCALBASE}/lib
.include <bsd.port.mk>
Index: patches/patch-Makefile_in
===================================================================
RCS file: /cvs/ports/net/ngrep/patches/patch-Makefile_in,v
retrieving revision 1.3
diff -N -u -p patches/patch-Makefile_in
--- patches/patch-Makefile_in 23 Jul 2005 19:41:21 -0000 1.3
+++ patches/patch-Makefile_in 26 Mar 2009 22:32:02 -0000
@@ -1,7 +1,16 @@
---- Makefile.in.orig Thu Jun 30 13:08:14 2005
-+++ Makefile.in Fri Jul 22 20:20:25 2005
-@@ -25,9 +25,9 @@ exec_prefix = @exec_prefix@
+--- Makefile.in.orig Tue Nov 28 13:35:37 2006
++++ Makefile.in Thu Mar 26 22:14:15 2009
+@@ -11,7 +11,7 @@ cfla...@cflags@ -...@os@ @DEFS@ @EXTRA_DEFINES@
+ includes...@srcdir@ @PCAP_INCLUDE@ @EXTRA_INCLUDES@
+ ldfla...@ldflags@ @PCAP_LINK@
+-LIBS=-lpcap @EXTRA_LIBS@
++li...@libs@ @EXTRA_LIBS@
+
+ stripfl...@stripflag@
+
+@@ -25,14 +25,14 @@ exec_prefix = @exec_prefix@
+
bindir = $(prefix)/bin
datadir = $(prefix)/share
-mandir = $(datadir)/man
@@ -12,3 +21,29 @@
MANDIR_INSTALL = $(mandir)/man8
INSTALL = ./install-sh
+
+-regex_d...@regex_dir@
++#regex_d...@regex_dir@
+ regex_ob...@regex_objs@
+
+
+@@ -55,15 +55,15 @@ install: $(TARGET)
+ $(CC) $(CFLAGS) $(INCLUDES) -g -c $<
+
+ clean:
+- make -C $(REGEX_DIR) clean
++ #make -C $(REGEX_DIR) clean
+ rm -f *~ $(OBJS) $(REGEX_OBJS) $(TARGET) $(TARGET).static
+
+ distclean: clean
+- make -C $(REGEX_DIR) distclean
++ #make -C $(REGEX_DIR) distclean
+ rm -f config.status config.cache config.log config.h Makefile
+
+-$(REGEX_OBJS): $(REGEX_OBJS:.o=.c) $(REGEX_DIR)/*.h
+- $(MAKE) $(MAKEFLAGS) -C $(REGEX_DIR) $(notdir $(REGEX_OBJS))
++#$(REGEX_OBJS): $(REGEX_OBJS:.o=.c) $(REGEX_DIR)/*.h
++# $(MAKE) $(MAKEFLAGS) -C $(REGEX_DIR) $(notdir $(REGEX_OBJS))
+
+ $(OBJS): Makefile ngrep.c ngrep.h
+
Index: patches/patch-configure_in
===================================================================
RCS file: /cvs/ports/net/ngrep/patches/patch-configure_in,v
retrieving revision 1.2
diff -N -u -p patches/patch-configure_in
--- patches/patch-configure_in 23 Jul 2005 19:41:21 -0000 1.2
+++ patches/patch-configure_in 26 Mar 2009 22:32:02 -0000
@@ -1,9 +1,61 @@
---- configure.in.orig Thu Jun 30 13:22:15 2005
-+++ configure.in Fri Jul 22 20:01:45 2005
-@@ -196,18 +196,6 @@ unsigned short bar = foo.source;
+--- configure.in.orig Wed Nov 15 03:43:56 2006
++++ configure.in Thu Mar 26 22:07:10 2009
+@@ -111,47 +111,12 @@ else
+ fi
+
+
+-dnl
+-dnl Configure the regular expression library.
+-dnl
++AC_CHECK_LIB(pcre, pcre_compile,,echo need pcre lib; exit)
++REGEX_OBJS=''
++USE_PCRE="1"
+
+-AC_ARG_ENABLE(pcre,
+-[ --enable-pcre use PCRE instead of GNU regex],
+-[
+- use_pcre="$enableval"
+-],
+-[
+- use_pcre="no"
+-])
+-
+-if test $use_pcre = yes; then
+-
+- echo
+- echo 'Configuring Perl-Compatible Regular Expression (PCRE) library ...'
+- echo
+-
+- REGEX_DIR='pcre-5.0'
+- REGEX_OBJS="$REGEX_DIR/pcre.o $REGEX_DIR/study.o"
+- USE_PCRE="1"
+-
+-else
+-
+- echo
+- echo 'Configuring GNU Regular Expression library ...'
+- echo
+-
+- REGEX_DIR='regex-0.12'
+- REGEX_OBJS="$REGEX_DIR/regex.o"
+- USE_PCRE="0"
+-
+-fi
+-
+-( cd $REGEX_DIR && ./configure )
+-
+-AC_SUBST(REGEX_DIR)
+ AC_SUBST(REGEX_OBJS)
+
+-
+ echo
+ echo 'Configuring Network Grep (ngrep) ...'
+ echo
+@@ -193,18 +158,6 @@ unsigned short bar = foo.source;
+
*bsd*)
AC_SUBST(OS, BSD)
-
+-
- if test "$USE_PCAP_RESTART" = "0"; then
-
- AC_MSG_WARN(
@@ -15,7 +67,6 @@
- sleep 3
-
- fi
--
+
;;
- *solaris*)
Index: patches/patch-ngrep_c
===================================================================
RCS file: /cvs/ports/net/ngrep/patches/Attic/patch-ngrep_c,v
diff -N -u -p patches/patch-ngrep_c
--- /dev/null 26 Mar 2009 22:32:02 -0000
+++ patches/patch-ngrep_c 26 Mar 2009 22:32:02 -0000
@@ -0,0 +1,38 @@
+$OpenBSD$
+--- ngrep.c.orig Tue Nov 28 13:38:43 2006
++++ ngrep.c Thu Mar 26 22:31:23 2009
+@@ -92,7 +92,7 @@
+ #endif
+
+ #if USE_PCRE
+-#include "pcre-5.0/pcre.h"
++#include "pcre.h"
+ #else
+ #include "regex-0.12/regex.h"
+ #endif
+@@ -549,6 +549,10 @@ int main(int argc, char **argv) {
+ link_offset = PPPHDR_SIZE;
+ break;
+
++ case DLT_PPP_ETHER:
++ link_offset = PPPOEHDR_SIZE;
++ break;
++
+ #if HAVE_DLT_LOOP
+ case DLT_LOOP:
+ #endif
+@@ -1197,6 +1201,14 @@ void drop_privs(void) {
+ perror("attempt to drop privileges failed");
+ clean_exit(-1);
+ }
++ if (chroot("/var/empty") == -1) {
++ perror("attempt to drop privileges failed: chroot failed");
++ clean_exit(-1);
++ }
++ if (chdir("/") == -1) {
++ perror("attempt to drop privileges failed: chdir failed");
++ clean_exit(-1);
++ }
+
+ if (((getgid() != newgid) && (setgid(newgid) == -1)) ||
+ ((getegid() != newgid) && (setegid(newgid) == -1)) ||
Index: patches/patch-ngrep_h
===================================================================
RCS file: patches/patch-ngrep_h
diff -N -u -p patches/patch-ngrep_h
--- /dev/null 26 Mar 2009 22:32:02 -0000
+++ patches/patch-ngrep_h 26 Mar 2009 22:32:02 -0000
@@ -0,0 +1,11 @@
+$OpenBSD$
+--- ngrep.h.orig Mon Feb 23 17:19:58 2009
++++ ngrep.h Mon Feb 23 17:20:00 2009
+@@ -17,6 +17,7 @@
+ #define ETHHDR_SIZE 14
+ #define TOKENRING_SIZE 22
+ #define PPPHDR_SIZE 4
++#define PPPOEHDR_SIZE 8
+ #define SLIPHDR_SIZE 16
+ #define RAWHDR_SIZE 0
+ #define LOOPHDR_SIZE 4
Index: patches/patch-regex-0_12_Makefile_in
===================================================================
RCS file: /cvs/ports/net/ngrep/patches/patch-regex-0_12_Makefile_in,v
retrieving revision 1.3
diff -N -u -p patches/patch-regex-0_12_Makefile_in
--- patches/patch-regex-0_12_Makefile_in 23 Jul 2005 19:41:21 -0000
1.3
+++ /dev/null 1 Nov 2007 14:18:14 -0000
@@ -1,11 +0,0 @@
---- regex-0.12/Makefile.in.orig Sat Sep 25 13:04:26 2004
-+++ regex-0.12/Makefile.in Fri Jul 22 17:02:42 2005
-@@ -29,7 +29,7 @@ version = 0.12
- CPPFLAGS =
-
- # Likewise, you can override CFLAGS to optimize, use -Wall, etc.
--CFLAGS = -g
-+#CFLAGS = -g
-
- # Ditto for LDFLAGS and LOADLIBES.
- LDFLAGS =
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/ngrep/pkg/PLIST,v
retrieving revision 1.5
diff -N -u -p pkg/PLIST
--- pkg/PLIST 15 Sep 2004 18:17:42 -0000 1.5
+++ pkg/PLIST 26 Mar 2009 22:32:02 -0000
@@ -1,3 +1,5 @@
@comment $OpenBSD: PLIST,v 1.5 2004/09/15 18:17:42 espie Exp $
+...@newgroup _ngrep:622
+...@newuser _ngrep:622:_ngrep::ngrep user:/nonexistent:/sbin/nologin
@man man/man8/ngrep.8
-sbin/ngrep
+...@bin sbin/ngrep
