Dear maintainer, I've prepared an NMU for snort (versioned as 2.8.5.2-2.1). The diff is attached to this message.
Regards.
diff -u snort-2.8.5.2/etc/snort.conf snort-2.8.5.2/etc/snort.conf --- snort-2.8.5.2/etc/snort.conf +++ snort-2.8.5.2/etc/snort.conf @@ -701,16 +701,11 @@ # output database: log, odbc, user=snort dbname=snort # output database: log, mssql, dbname=snort user=snort password=test # output database: log, oracle, dbname=snort user=snort password=test -# <debian> -# Keep your paws off of these (#DBSTART#) and (#DBEND#) tokens -# or you *will* break the configure process (snort-pgsql/snort-mysql only) -# Anything you put between them will be removed on (re)configure. -# -# (#DBSTART#) -# (#DBEND#) -# -# </debian> # +# On Debian Systems, the database configuration is sepperate into +# /etc/snort/database.conf. +# please edit it there, to ensure smoother upgrades of this file. +include database.conf # unified: Snort unified binary format alerting and logging diff -u snort-2.8.5.2/debian/snort-pgsql.postinst snort-2.8.5.2/debian/snort-pgsql.postinst --- snort-2.8.5.2/debian/snort-pgsql.postinst +++ snort-2.8.5.2/debian/snort-pgsql.postinst @@ -77,8 +77,7 @@ fi if [ "$STARTUP" != "manual" ]; then - if [ -f /etc/snort/snort.conf ]; then - # insert database config stuff in the configuration file, + # create database config stuff in the configuration file, # or configure it for syslog-logging. db_get snort-pgsql/configure_db if [ "$RET" = "true" ]; then @@ -87,52 +86,25 @@ db_get snort-pgsql/db_user || true; DB_USER=$RET db_get snort-pgsql/db_pass || true; DB_PASS=$RET - # Here we put the database stuff in the config file. TEMPFILE=`mktemp` - cat /etc/snort/snort.conf | while read LINE - do - if [ "$LINE" = "# (#DBSTART#)" ] - then - echo "# (#DBSTART#)" >> $TEMPFILE - echo -n "output database: log, postgresql, " >> $TEMPFILE - if [ $DB_USER ] - then - echo -n "user=$DB_USER " >> $TEMPFILE - fi - if [ $DB_PASS ] - then - echo -n "password=$DB_PASS " >> $TEMPFILE - fi - if [ $DB_DATABASE ] - then - echo -n "dbname=$DB_DATABASE " >> $TEMPFILE - fi - if [ $DB_HOST ] - then - echo -n "host=$DB_HOST " >> $TEMPFILE - fi - echo " " >> $TEMPFILE - echo "# (#DBEND#)" >> $TEMPFILE - break - else - echo $LINE >> $TEMPFILE - fi - done - - WRITE=0 - cat /etc/snort/snort.conf | while read LINE - do - if [ $WRITE -eq 1 ] - then - echo $LINE >> $TEMPFILE - fi - - if [ "$LINE" = "# (#DBEND#)" ] - then - WRITE=1 - fi - done - mv -f $TEMPFILE /etc/snort/snort.conf + echo -n "output database: log, postgresql, " >> $TEMPFILE + if [ $DB_USER ] + then + echo -n "user=$DB_USER " >> $TEMPFILE + fi + if [ $DB_PASS ] + then + echo -n "password=$DB_PASS " >> $TEMPFILE + fi + if [ $DB_DATABASE ] + then + echo -n "dbname=$DB_DATABASE " >> $TEMPFILE + fi + if [ $DB_HOST ] + then + echo -n "host=$DB_HOST " >> $TEMPFILE + fi + mv -f $TEMPFILE /etc/snort/database.conf fi # Ensure the config file is readable by root.root and mode 600 diff -u snort-2.8.5.2/debian/snort-mysql.postinst snort-2.8.5.2/debian/snort-mysql.postinst --- snort-2.8.5.2/debian/snort-mysql.postinst +++ snort-2.8.5.2/debian/snort-mysql.postinst @@ -78,63 +78,36 @@ fi if [ "$STARTUP" != "manual" ]; then - if [ -f /etc/snort/snort.conf ]; then - # insert database config stuff in the configuration file, - # or configure it for syslog-logging. - db_get snort-mysql/configure_db - if [ "$RET" = "true" ]; then - db_get snort-mysql/db_host || true; DB_HOST=$RET - db_get snort-mysql/db_database || true; DB_DATABASE=$RET - db_get snort-mysql/db_user || true; DB_USER=$RET - db_get snort-mysql/db_pass || true; DB_PASS=$RET - - # Here we put the database stuff in the config file. - TEMPFILE=`mktemp` - cat /etc/snort/snort.conf | while read LINE - do - if [ "$LINE" = "# (#DBSTART#)" ] - then - echo "# (#DBSTART#)" >> $TEMPFILE - echo -n "output database: log, mysql, " >> $TEMPFILE - if [ $DB_USER ] - then - echo -n "user=$DB_USER " >> $TEMPFILE - fi - if [ $DB_PASS ] - then - echo -n "password=$DB_PASS " >> $TEMPFILE - fi - if [ $DB_DATABASE ] - then - echo -n "dbname=$DB_DATABASE " >> $TEMPFILE - fi - if [ $DB_HOST ] - then - echo -n "host=$DB_HOST " >> $TEMPFILE - fi - echo " " >> $TEMPFILE - echo "# (#DBEND#)" >> $TEMPFILE - break - else - echo $LINE >> $TEMPFILE - fi - done - - WRITE=0 - cat /etc/snort/snort.conf | while read LINE - do - if [ $WRITE -eq 1 ] - then - echo $LINE >> $TEMPFILE - fi - - if [ "$LINE" = "# (#DBEND#)" ] - then - WRITE=1 - fi - done - mv -f $TEMPFILE /etc/snort/snort.conf + # create database config stuff in the configuration file, + # or configure it for syslog-logging. + db_get snort-mysql/configure_db + if [ "$RET" = "true" ]; then + db_get snort-mysql/db_host || true; DB_HOST=$RET + db_get snort-mysql/db_database || true; DB_DATABASE=$RET + db_get snort-mysql/db_user || true; DB_USER=$RET + db_get snort-mysql/db_pass || true; DB_PASS=$RET + + # Here we put the database stuff in the config file. + TEMPFILE=`mktemp` + echo -n "output database: log, mysql, " >> $TEMPFILE + if [ $DB_USER ] + then + echo -n "user=$DB_USER " >> $TEMPFILE + fi + if [ $DB_PASS ] + then + echo -n "password=$DB_PASS " >> $TEMPFILE + fi + if [ $DB_DATABASE ] + then + echo -n "dbname=$DB_DATABASE " >> $TEMPFILE + fi + if [ $DB_HOST ] + then + echo -n "host=$DB_HOST " >> $TEMPFILE fi + echo " " >> $TEMPFILE + mv -f $TEMPFILE /etc/snort/database.conf # Ensure the config file is readable by root.root and mode 600 if ! dpkg-statoverride --list /etc/snort/snort.conf >/dev/null @@ -142,7 +115,7 @@ chown root:snort /etc/snort/snort.conf chmod 640 /etc/snort/snort.conf fi - fi + fi fi db_stop diff -u snort-2.8.5.2/debian/snort-mysql.postrm snort-2.8.5.2/debian/snort-mysql.postrm --- snort-2.8.5.2/debian/snort-mysql.postrm +++ snort-2.8.5.2/debian/snort-mysql.postrm @@ -36,6 +36,9 @@ if [ -e /etc/snort/db-pending-config ] ; then rm /etc/snort/db-pending-config fi + if [ -e /etc/snort/database.conf ] ; then + rm /etc/snort/database.conf + fi # Remove configuration dir [ -d /etc/snort ] && rmdir --ignore-fail-on-non-empty /etc/snort diff -u snort-2.8.5.2/debian/changelog snort-2.8.5.2/debian/changelog --- snort-2.8.5.2/debian/changelog +++ snort-2.8.5.2/debian/changelog @@ -1,3 +1,16 @@ +snort (2.8.5.2-2.1) unstable; urgency=low + + * Non-maintainer upload. + * Move the DB-Configuration into a sepperate file, instead of modifying + /etc/snort/snort.conf, which causes upgrade problems (Closes: #603428) + * Adding snort-common-preinst to split off exiting config or touch the + new database config file on new installations to ensure it exists + * modify etc/snort.conf to include the new database conf file + * modify snort-{mysql,pgsql}.postinst to use new config file + * modify snort-{mysql,pgsql,common}.postrm to purge new config file + + -- Alexander Reichle-Schmehl <toli...@debian.org> Thu, 16 Dec 2010 14:30:46 +0100 + snort (2.8.5.2-2) unstable; urgency=low * Remove the reverse_order debconf option since Snort no longer supports the diff -u snort-2.8.5.2/debian/snort-pgsql.postrm snort-2.8.5.2/debian/snort-pgsql.postrm --- snort-2.8.5.2/debian/snort-pgsql.postrm +++ snort-2.8.5.2/debian/snort-pgsql.postrm @@ -36,6 +36,9 @@ if [ -e /etc/snort/db-pending-config ] ; then rm /etc/snort/db-pending-config fi + if [ -e /etc/snort/database.conf ] ; then + rm /etc/snort/database.conf + fi # Remove configuration dir [ -d /etc/snort ] && rmdir --ignore-fail-on-non-empty /etc/snort only in patch2: unchanged: --- snort-2.8.5.2.orig/debian/snort-common.postrm +++ snort-2.8.5.2/debian/snort-common.postrm @@ -0,0 +1,39 @@ +#! /bin/sh +# postrm script for snort +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postrm> `remove' +# * <postrm> `purge' +# * <old-postrm> `upgrade' <new-version> +# * <new-postrm> `failed-upgrade' <old-version> +# * <new-postrm> `abort-install' +# * <new-postrm> `abort-install' <old-version> +# * <new-postrm> `abort-upgrade' <old-version> +# * <disappearer's-postrm> `disappear' <r>overwrit>r> <new-version> +# for details, see /usr/doc/packaging-manual/ + + +case "$1" in + purge) + # on installation we touch this file to ensure it's there + # if it's still there and emmpty, we can remove it + # if it's not empty, snort-{mysql,pgsql} have added content and + # should deal with it themselve on purge + if [ -e /etc/snort/database.conf ] && [ ! -s /etc/snort/database.conf ] + then + rm -f /etc/snort/database.conf + fi + ;; + remove|upgrade|failed-upgrade|abort-install|abort-upgrade) + # nothing +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + only in patch2: unchanged: --- snort-2.8.5.2.orig/debian/snort-common.preinst +++ snort-2.8.5.2/debian/snort-common.preinst @@ -0,0 +1,70 @@ +#!/bin/sh + +set -e + +# summary of how this script can be called: +# * <new-preinst> `install' +# * <new-preinst> `install' <old-version> +# * <new-preinst> `upgrade' <old-version> +# * <old-preinst> `abort-upgrade' <new-version> + +DBCONF="/etc/snort/database.conf" +GENCONF="/etc/snort/snort.conf" + +case "$1" in + install) + # make sure database configuration file exists + touch $DBCONF + ;; + upgrade) + # earlier versions modified /etc/snort/snort.conf directly for the + # DB stuff, we splitt it off in a sepperate file, to ensure smooth + # upgrades + if dpkg --compare-versions "$2" le "2.8.5.2-2"; + then + GENCONF_TEMPFILE=`mktemp` + DBCONF_TEMPFILE=`mktemp` + WRITE_DB=0 + WRITE_GEN=1 + cat $GENCONF | while read LINE + do + if [ "$LINE" = "# (#DBEND#)" ] + then + WRITE_DB=0 + WRITE_GEN=1 + fi + if [ $WRITE_DB -eq 1 ] + then + echo $LINE >> $DBCONF_TEMPFILE + fi + if [ $WRITE_GEN -eq 1 ] + then + echo $LINE >> $GENCONF_TEMPFILE + fi + if [ "$LINE" = "# (#DBSTART#)" ] + then + WRITE_DB=1 + WRITE_GEN=0 + fi + done + mv $DBCONF_TEMPFILE $DBCONF + mv $GENCONF_TEMPFILE $DBCONF + fi + ;; + configure) + ;; + abort-upgrade) + ;; + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 +