[gentoo-commits] repo/gentoo:master commit in: net-analyzer/arpwatch/, net-analyzer/arpwatch/files/
commit: e2b221825348c4264fc6cb7420d391d1d0110a09
Author: Sam James gentoo org>
AuthorDate: Tue Dec 5 08:50:06 2023 +
Commit: Sam James gentoo org>
CommitDate: Tue Dec 5 10:32:04 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2b22182
net-analyzer/arpwatch: add 3.5
Closes: https://bugs.gentoo.org/829633
Signed-off-by: Sam James gentoo.org>
net-analyzer/arpwatch/Manifest | 1 +
net-analyzer/arpwatch/arpwatch-3.5.ebuild | 83 ++
.../0001-Fix-configure-check-for-time.h.patch | 36 ++
...void-using-undocumented-internals-for-DNS.patch | 35 +
4 files changed, 155 insertions(+)
diff --git a/net-analyzer/arpwatch/Manifest b/net-analyzer/arpwatch/Manifest
index 088fa9a89b1b..53e3f2db8fe8 100644
--- a/net-analyzer/arpwatch/Manifest
+++ b/net-analyzer/arpwatch/Manifest
@@ -1,2 +1,3 @@
DIST arpwatch-3.1.tar.gz 117196 BLAKE2B
35afd3dc563ebbc8136000d5c2d53da85b9615df5cbe8a3da5b77f20da7cbee706f6fd404c2bda6f3626aaa496d9ec9439596acbdfd559c01b8c0d01d6703e46
SHA512
2e6f6e388e1828e34626e36356a89f3bc95d268b9242955d6636ac05041bcf533e7625ed73b37b6ea5eab8cfed54b8c483547556c98664efff63c18639efa282
+DIST arpwatch-3.5.tar.gz 117594 BLAKE2B
73b979ec279e5bf5baaeac05949e1bddf08cd9c3c7afcd29b37991ba55ba2bb8968b57b407eb571ec52871017372f479e586ba84b0f1aee67331ce7617309fb8
SHA512
e46b350c483f0e7c873eb177be337f238b2db3d859d8b305df5a74d9d97ca449750f9ed50a99c5d4c51618e22747731d70ceb3f13aae39c39d258b960258fb88
DIST ethercodes.dat-20200628.xz 239028 BLAKE2B
e702b9109ef3ccce73e2637f96126bf19e7dfa533774c0bd623042b3609f147981263b84397ec155a65ae12fa57247c32644e1e7e57c2c749ef768156d853027
SHA512
2edc05d384f387e6b43d07da99038625f9c55c8044b5a48d1bcf9f657df691bf413a97fb9ca915f04dbdafab23f919edd15d906c4ce8bff12be0b255a6717f07
diff --git a/net-analyzer/arpwatch/arpwatch-3.5.ebuild
b/net-analyzer/arpwatch/arpwatch-3.5.ebuild
new file mode 100644
index ..3f5e19029ce9
--- /dev/null
+++ b/net-analyzer/arpwatch/arpwatch-3.5.ebuild
@@ -0,0 +1,83 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools systemd
+
+ETHERCODES_DATE=20200628
+DESCRIPTION="An ethernet monitor program that keeps track of ethernet/IP
address pairings"
+HOMEPAGE="https://ee.lbl.gov/;
+SRC_URI="
+ https://ee.lbl.gov/downloads/${PN}/${P}.tar.gz
+
https://dev.gentoo.org/~jsmolic/distfiles/ethercodes.dat-${ETHERCODES_DATE}.xz
+"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~ppc ~riscv ~sparc ~x86"
+IUSE="selinux"
+
+DEPEND="
+ acct-group/arpwatch
+ net-libs/libpcap
+ sys-libs/ncurses:=
+"
+RDEPEND="
+ ${DEPEND}
+ acct-user/arpwatch
+ virtual/mta
+ selinux? ( sec-policy/selinux-arpwatch )
+"
+
+PATCHES=(
+ # sent upstream on 2023-12-05
+ "${FILESDIR}"/0001-Fix-configure-check-for-time.h.patch
+ "${FILESDIR}"/0002-Avoid-using-undocumented-internals-for-DNS.patch
+)
+
+src_prepare() {
+ default
+
+ # Temporary for 0001-Fix-configure-check-for-time.h.patch
+ eautoreconf
+}
+
+src_install() {
+ dosbin arp2ethers arpfetch arpsnmp arpwatch bihourly.sh
massagevendor.py update-ethercodes.sh
+ doman arpsnmp.8 arpwatch.8
+
+ insinto /usr/share/arpwatch
+ newins "${WORKDIR}"/ethercodes.dat-${ETHERCODES_DATE} ethercodes.dat
+
+ insinto /usr/share/arpwatch/awk
+ doins d.awk duplicates.awk e.awk euppertolower.awk p.awk
+
+ diropts --group=arpwatch --mode=770
+ keepdir /var/lib/arpwatch
+ dodoc README CHANGES
+
+ newconfd "${FILESDIR}"/arpwatch.confd-r2 arpwatch
+ newinitd "${FILESDIR}"/arpwatch.initd-r2 arpwatch
+
+ systemd_dounit "${FILESDIR}/arpwatch.service"
+ systemd_install_serviced "${FILESDIR}/arpwatch.conf"
+}
+
+pkg_postinst() {
+ # Previous revisions installed /var/lib/arpwatch with the wrong
+ # ownership. Instead of the intended arpwatch:root, it was left as
+ # root:root. If we find any such mis-owned directories, we fix them,
+ # and then set the permission bits how we want them in *this*
+ # revision.
+ #
+ # The "--from" flag ensures that we only fix directories that need
+ # fixing, and the "&& chmod" ensures that we only adjust the
+ # permissions if the owner also needed fixing.
+ chown \
+ --from=root:root \
+ --no-dereference \
+ :arpwatch \
+ "${ROOT}"/var/lib/arpwatch && \
+ chmod 770 "${ROOT}"/var/lib/arpwatch
+}
diff --git
a/net-analyzer/arpwatch/files/0001-Fix-configure-check-for-time.h.patch
b/net-analyzer/arpwatch/files/0001-Fix-configure-check-for-time.h.patch
new file mode 100644
index ..4c6b1466a452
--- /dev/null
+++ b/net-analyzer/arpwatch/files/0001-Fix-configure-check-for-time.h.patch
@@ -0,0 +1,36 @@
+sent upstream
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/arpwatch/, net-analyzer/arpwatch/files/
commit: 1c8b5ee4a597632da6f3c60409aa278eed849d7f
Author: Sam James gentoo org>
AuthorDate: Fri Mar 26 16:57:38 2021 +
Commit: Sam James gentoo org>
CommitDate: Fri Mar 26 16:57:38 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c8b5ee4
net-analyzer/arpwatch: drop 2.1.15-r11
Closes: https://bugs.gentoo.org/776511
Signed-off-by: Sam James gentoo.org>
net-analyzer/arpwatch/Manifest | 2 -
net-analyzer/arpwatch/arpwatch-2.1.15-r11.ebuild | 86
net-analyzer/arpwatch/files/arpwatch.confd-r1| 17 -
net-analyzer/arpwatch/files/arpwatch.initd-r1| 27
4 files changed, 132 deletions(-)
diff --git a/net-analyzer/arpwatch/Manifest b/net-analyzer/arpwatch/Manifest
index 11122304499..088fa9a89b1 100644
--- a/net-analyzer/arpwatch/Manifest
+++ b/net-analyzer/arpwatch/Manifest
@@ -1,4 +1,2 @@
-DIST arpwatch-2.1a15.tar.gz 202729 BLAKE2B
b583dea83c57a55b8705f0265c1324de270571468dc9f2e1d5351fd53340f7636f1d00e3de24caa9747384697721e6227e5e6de4b3827e5ac7adef4ce524fffd
SHA512
f770b5b7954afe910dafb016e6e886a4e785564bcdc0ea0de9d7b1ca6a9a0b219a9d1b50b6f42a67afc2f836e782e8ff85ba5780583015d62c9694ac53f0bf90
DIST arpwatch-3.1.tar.gz 117196 BLAKE2B
35afd3dc563ebbc8136000d5c2d53da85b9615df5cbe8a3da5b77f20da7cbee706f6fd404c2bda6f3626aaa496d9ec9439596acbdfd559c01b8c0d01d6703e46
SHA512
2e6f6e388e1828e34626e36356a89f3bc95d268b9242955d6636ac05041bcf533e7625ed73b37b6ea5eab8cfed54b8c483547556c98664efff63c18639efa282
-DIST arpwatch-patchset-0.8.tar.xz 131692 BLAKE2B
8db242f7c74c8fee0700e12e8ff028fcaa336e5feb61514b44a892a132779c11d1ca3ce2fabee3cbcbbdcb0dae0ed470daa786a91619c18e24066f11da126bc4
SHA512
3e8f1c043f09fbeacadb40c1db47fb907314ed18bb3fb506c6c510977fd0e6dd9950becc830cf7c10911a7eec97e56e0af8c8c3d7df811e8ab820290973ea0b0
DIST ethercodes.dat-20200628.xz 239028 BLAKE2B
e702b9109ef3ccce73e2637f96126bf19e7dfa533774c0bd623042b3609f147981263b84397ec155a65ae12fa57247c32644e1e7e57c2c749ef768156d853027
SHA512
2edc05d384f387e6b43d07da99038625f9c55c8044b5a48d1bcf9f657df691bf413a97fb9ca915f04dbdafab23f919edd15d906c4ce8bff12be0b255a6717f07
diff --git a/net-analyzer/arpwatch/arpwatch-2.1.15-r11.ebuild
b/net-analyzer/arpwatch/arpwatch-2.1.15-r11.ebuild
deleted file mode 100644
index b11099a9314..000
--- a/net-analyzer/arpwatch/arpwatch-2.1.15-r11.ebuild
+++ /dev/null
@@ -1,86 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-inherit user versionator
-
-PATCH_VER="0.8"
-MY_P="${PN}-$(replace_version_separator 2 'a')"
-
-DESCRIPTION="An ethernet monitor program that keeps track of ethernet/IP
address pairings"
-HOMEPAGE="https://ee.lbl.gov/;
-SRC_URI="
- https://ee.lbl.gov/downloads/arpwatch/${MY_P}.tar.gz
- https://dev.gentoo.org/~jer/arpwatch-patchset-${PATCH_VER}.tar.xz
-"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-KEYWORDS="amd64 ~hppa ppc sparc x86"
-IUSE="selinux"
-
-DEPEND="
- net-libs/libpcap
- sys-libs/ncurses:*
-"
-RDEPEND="
- ${DEPEND}
- selinux? ( sec-policy/selinux-arpwatch )
-"
-
-S="${WORKDIR}/${MY_P}"
-
-pkg_setup() {
- # We need to create /var/lib/arpwatch with this group, so it must
- # exist during src_install.
- enewgroup arpwatch
-}
-
-pkg_postinst() {
- # The user, however, is not needed until runtime.
- enewuser arpwatch -1 -1 -1 arpwatch
-}
-
-src_prepare() {
- local patchdir="${WORKDIR}/arpwatch-patchset"
-
- eapply "${patchdir}"/*.patch
- eapply_user
-
- cp "${patchdir}"/*.8 ./ || die "failed to copy man pages from
${patchdir}"
-}
-
-src_install() {
- dosbin arpwatch arpsnmp arp2ethers massagevendor arpfetch bihourly.sh
- doman arpwatch.8 arpsnmp.8 arp2ethers.8 massagevendor.8 arpfetch.8
bihourly.8
-
- insinto /usr/share/arpwatch
- doins ethercodes.dat
-
- insinto /usr/share/arpwatch/awk
- doins duplicates.awk euppertolower.awk p.awk e.awk d.awk
-
- diropts --group=arpwatch --mode=770
- keepdir /var/lib/arpwatch
- dodoc README CHANGES
-
- newinitd "${FILESDIR}"/arpwatch.initd-r1 arpwatch
- newconfd "${FILESDIR}"/arpwatch.confd-r1 arpwatch
-}
-
-pkg_postinst() {
- # Previous revisions installed /var/lib/arpwatch with the wrong
- # ownership. Instead of the intended arpwatch:root, it was left as
- # root:root. If we find any such mis-owned directories, we fix them,
- # and then set the permission bits how we want them in *this*
- # revision.
- #
- # The "--from" flag ensures that we only fix directories that need
- # fixing, and the "&& chmod" ensures that we only adjust the
- # permissions if the owner also needed fixing.
- chown --from=root:root \
- --no-dereference \
- :arpwatch \
- "${ROOT}"/var/lib/arpwatch && \
- chmod 770
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/arpwatch/, net-analyzer/arpwatch/files/
commit: 8245121a7b25edc276225f09c134fe85da61b089
Author: Sam James gentoo org>
AuthorDate: Mon Mar 15 20:19:46 2021 +
Commit: Sam James gentoo org>
CommitDate: Mon Mar 15 20:19:46 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8245121a
net-analyzer/arpwatch: install systemd unit
Thanks-to: Ryan James gmail.com>
Closes: https://bugs.gentoo.org/648572
Package-Manager: Portage-3.0.14-prefix, Repoman-3.0.2
Signed-off-by: Sam James gentoo.org>
.../{arpwatch-3.1.ebuild => arpwatch-3.1-r1.ebuild} | 8 ++--
net-analyzer/arpwatch/files/arpwatch.conf| 16
net-analyzer/arpwatch/files/arpwatch.service | 16
3 files changed, 38 insertions(+), 2 deletions(-)
diff --git a/net-analyzer/arpwatch/arpwatch-3.1.ebuild
b/net-analyzer/arpwatch/arpwatch-3.1-r1.ebuild
similarity index 92%
rename from net-analyzer/arpwatch/arpwatch-3.1.ebuild
rename to net-analyzer/arpwatch/arpwatch-3.1-r1.ebuild
index 64ae0f6ef45..bca29a3a678 100644
--- a/net-analyzer/arpwatch/arpwatch-3.1.ebuild
+++ b/net-analyzer/arpwatch/arpwatch-3.1-r1.ebuild
@@ -1,8 +1,9 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
-inherit user
+
+inherit systemd user
DESCRIPTION="An ethernet monitor program that keeps track of ethernet/IP
address pairings"
HOMEPAGE="https://ee.lbl.gov/;
@@ -60,6 +61,9 @@ src_install() {
newconfd "${FILESDIR}"/arpwatch.confd-r2 arpwatch
newinitd "${FILESDIR}"/arpwatch.initd-r2 arpwatch
+
+ systemd_dounit "${FILESDIR}/arpwatch.service"
+ systemd_install_serviced "${FILESDIR}/arpwatch.conf"
}
pkg_postinst() {
diff --git a/net-analyzer/arpwatch/files/arpwatch.conf
b/net-analyzer/arpwatch/files/arpwatch.conf
new file mode 100644
index 000..070f0edad80
--- /dev/null
+++ b/net-analyzer/arpwatch/files/arpwatch.conf
@@ -0,0 +1,16 @@
+# Config file for /etc/systemd/system/arpwatch
+# see arpwatch.8 for more information
+
+IFACES=-i eno1
+
+# Location of the PID file
+PIDFILE=-P /run/arpwatch.pid
+
+# Additional options to pass to arpwatch.
+OPTIONS=-N -p -Q -D
+
+# Where to store the data (default is /usr/share/arpwatch)
+DATA=-f /var/log/arpwatch/eno1.dat
+
+# Comment this line if you wish arpwatch to run as root user (not recommended)
+RUNUSER=-u arpwatch
diff --git a/net-analyzer/arpwatch/files/arpwatch.service
b/net-analyzer/arpwatch/files/arpwatch.service
new file mode 100644
index 000..943e3146f8d
--- /dev/null
+++ b/net-analyzer/arpwatch/files/arpwatch.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Ethernet monitoring program that tracks net/IP pairings
+Documentation=man:arpwatch(8)
+Conflicts=
+After=systemd-networkd.service
+
+PIDFILE=/run/arpwatch.pid
+
+[Service]
+Type=forking
+ExecStartPre=/bin/rm -f /run/arpwatch.pid
+ExecStart=/usr/sbin/arpwatch $IFACES $PIDFILE $RUNUSER $OPTIONS $DATA
+Restart=on-abort
+
+[Install]
+Alias=arpwatchd.service
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/arpwatch/, net-analyzer/arpwatch/files/
commit: 9207fdd5442a659ef9e18c75bad1eb277bb62ea5
Author: Jeroen Roovers gentoo org>
AuthorDate: Sun Jun 28 12:04:44 2020 +
Commit: Jeroen Roovers gentoo org>
CommitDate: Sun Jun 28 12:05:37 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9207fdd5
net-analyzer/arpwatch: Install new conf.d/init.d scripts
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Bug: https://bugs.gentoo.org/602552
Closes: https://bugs.gentoo.org/727220
Signed-off-by: Jeroen Roovers gentoo.org>
net-analyzer/arpwatch/arpwatch-3.1.ebuild | 6 ++---
net-analyzer/arpwatch/files/arpwatch.confd-r2 | 18 +++
net-analyzer/arpwatch/files/arpwatch.initd-r2 | 33 +++
3 files changed, 54 insertions(+), 3 deletions(-)
diff --git a/net-analyzer/arpwatch/arpwatch-3.1.ebuild
b/net-analyzer/arpwatch/arpwatch-3.1.ebuild
index 92a1c502738..76be0e590a0 100644
--- a/net-analyzer/arpwatch/arpwatch-3.1.ebuild
+++ b/net-analyzer/arpwatch/arpwatch-3.1.ebuild
@@ -46,14 +46,14 @@ src_install() {
newins "${WORKDIR}"/ethercodes.dat-${ETHERCODES_DATE} ethercodes.dat
insinto /usr/share/arpwatch/awk
- doins duplicates.awk euppertolower.awk p.awk e.awk d.awk
+ doins d.awk duplicates.awk e.awk euppertolower.awk p.awk
diropts --group=arpwatch --mode=770
keepdir /var/lib/arpwatch
dodoc README CHANGES
- newinitd "${FILESDIR}"/arpwatch.initd-r1 arpwatch
- newconfd "${FILESDIR}"/arpwatch.confd-r1 arpwatch
+ newconfd "${FILESDIR}"/arpwatch.confd-r2 arpwatch
+ newinitd "${FILESDIR}"/arpwatch.initd-r2 arpwatch
}
pkg_postinst() {
diff --git a/net-analyzer/arpwatch/files/arpwatch.confd-r2
b/net-analyzer/arpwatch/files/arpwatch.confd-r2
new file mode 100644
index 000..2937349cdc8
--- /dev/null
+++ b/net-analyzer/arpwatch/files/arpwatch.confd-r2
@@ -0,0 +1,18 @@
+# See arpwatch.8 for more information
+
+# Specify the interface for arpwatch to listen on here (default: lo).
+# If you need to listen on more than one interface, you should
+# run multiple arpwatch services; for example "arpwatch" and
+# "arpwatch.eth1". These additional services can be configured by
+# symlinking to the "arpwatch" service script, and by creating a new
+# conf.d file whose name matches the new service (symlink) name.
+#
+# Example:
+#
+# ARPWATCH_IFACE="eth0"
+#
+ARPWATCH_IFACE="lo"
+
+# Additional options to pass to arpwatch.
+# See arpwatch(8)
+ARPWATCH_OPTS="-N -p"
diff --git a/net-analyzer/arpwatch/files/arpwatch.initd-r2
b/net-analyzer/arpwatch/files/arpwatch.initd-r2
new file mode 100644
index 000..93438209e1f
--- /dev/null
+++ b/net-analyzer/arpwatch/files/arpwatch.initd-r2
@@ -0,0 +1,33 @@
+#!/sbin/openrc-run
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Default to "lo" for the interface, so that the init script will work
+# out-of-the-box.
+: ${ARPWATCH_IFACE:=lo}
+
+ARPWATCH_DATAFILE="/var/lib/arpwatch/${RC_SVCNAME}.dat"
+
+command="/usr/sbin/arpwatch"
+pidfile="/run/${RC_SVCNAME}.pid"
+command_args="
+ -i ${ARPWATCH_IFACE}
+ -f ${ARPWATCH_DATAFILE}
+ -P ${pidfile}
+ ${ARPWATCH_OPTS}
+"
+
+depend() {
+ if [ -f "/proc/net/vlan/${ARPWATCH_IFACE}" ]; then
+ _if=$(grep -i "device" /proc/net/vlan/${ARPWATCH_IFACE} |awk
'{print $2;}')
+ else
+ _if=${ARPWATCH_IFACE}
+ fi
+ need "net.${_if}"
+}
+
+start_pre() {
+ # The "arpwatch" user must be a member of the "arpwatch" group for
+ # this to work.
+ checkpath --file --owner root:arpwatch --mode 0660
"${ARPWATCH_DATAFILE}"
+}
[gentoo-commits] repo/gentoo:master commit in: net-analyzer/arpwatch/, net-analyzer/arpwatch/files/
commit: 6739ee69e69a954bc27a3040ab59d46b82582229
Author: Michael Orlitzky gentoo org>
AuthorDate: Sun Oct 22 17:22:30 2017 +
Commit: Michael Orlitzky gentoo org>
CommitDate: Sun Oct 22 17:40:01 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6739ee69
net-analyzer/arpwatch: new revision to fix privilege escalation.
In previous revisions, the init script for arpwatch called "chown" as
root on a location under /var/lib/arpwatch -- a path that is controlled
by the "arpwatch" user per its ebuild. That could be exploited by the
"arpwatch" user to take control of root-owned files.
This new revision comes with a new init script and conf.d file that
completely rework the way instances are created and run. The
"arpwatch" user is hard-coded, because as was mentioned, the ebuild
sets some important permissions for that user. Since it is not
possible to change that user, the need for "chown" is eliminated.
Separate instances are now created by symlinking the init script (like
our network interface scripts), rather than by enumerating them in a
single arpwatch init script. Upgraders will want to review their
configurations.
Bug: https://bugs.gentoo.org/602552
Package-Manager: Portage-2.3.8, Repoman-2.3.3
net-analyzer/arpwatch/arpwatch-2.1.15-r10.ebuild | 69
net-analyzer/arpwatch/files/arpwatch.confd-r1| 17 ++
net-analyzer/arpwatch/files/arpwatch.initd-r1| 27 ++
3 files changed, 113 insertions(+)
diff --git a/net-analyzer/arpwatch/arpwatch-2.1.15-r10.ebuild
b/net-analyzer/arpwatch/arpwatch-2.1.15-r10.ebuild
new file mode 100644
index 000..986da0386f7
--- /dev/null
+++ b/net-analyzer/arpwatch/arpwatch-2.1.15-r10.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit user versionator
+
+PATCH_VER="0.8"
+MY_P="${PN}-$(replace_version_separator 2 'a')"
+
+DESCRIPTION="An ethernet monitor program that keeps track of ethernet/IP
address pairings"
+HOMEPAGE="http://ee.lbl.gov/;
+SRC_URI="
+ ftp://ftp.ee.lbl.gov/${MY_P}.tar.gz
+ https://dev.gentoo.org/~jer/arpwatch-patchset-${PATCH_VER}.tar.xz
+"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~ppc ~sparc ~x86 ~x86-fbsd"
+IUSE="selinux"
+
+DEPEND="
+ net-libs/libpcap
+ sys-libs/ncurses:*
+"
+RDEPEND="
+ ${DEPEND}
+ selinux? ( sec-policy/selinux-arpwatch )
+"
+
+S="${WORKDIR}/${MY_P}"
+
+pkg_setup() {
+ # We need to create /var/lib/arpwatch with this group, so it must
+ # exist during src_install.
+ enewgroup arpwatch
+}
+
+pkg_postinst() {
+ # The user, however, is not needed until runtime.
+ enewuser arpwatch -1 -1 -1 arpwatch
+}
+
+src_prepare() {
+ local patchdir="${WORKDIR}/arpwatch-patchset"
+
+ eapply "${patchdir}"/*.patch
+ eapply_user
+
+ cp "${patchdir}"/*.8 ./ || die "failed to copy man pages from
${patchdir}"
+}
+
+src_install () {
+ dosbin arpwatch arpsnmp arp2ethers massagevendor arpfetch bihourly.sh
+ doman arpwatch.8 arpsnmp.8 arp2ethers.8 massagevendor.8 arpfetch.8
bihourly.8
+
+ insinto /usr/share/arpwatch
+ doins ethercodes.dat
+
+ insinto /usr/share/arpwatch/awk
+ doins duplicates.awk euppertolower.awk p.awk e.awk d.awk
+
+ diropts --group=arpwatch --mode=770
+ dodir /var/lib/arpwatch
+ dodoc README CHANGES
+
+ newinitd "${FILESDIR}"/arpwatch.initd-r1 arpwatch
+ newconfd "${FILESDIR}"/arpwatch.confd-r1 arpwatch
+}
diff --git a/net-analyzer/arpwatch/files/arpwatch.confd-r1
b/net-analyzer/arpwatch/files/arpwatch.confd-r1
new file mode 100644
index 000..a4da503406a
--- /dev/null
+++ b/net-analyzer/arpwatch/files/arpwatch.confd-r1
@@ -0,0 +1,17 @@
+# See arpwatch.8 for more information
+
+# Specify the interface for arpwatch to listen on here (default: lo).
+# If you need to listen on more than one interface, you should
+# run multiple arpwatch services; for example "arpwatch" and
+# "arpwatch.eth1". These additional services can be configured by
+# symlinking to the "arpwatch" service script, and by creating a new
+# conf.d file whose name matches the new service (symlink) name.
+#
+# Example:
+#
+# ARPWATCH_IFACE="eth0"
+#
+ARPWATCH_IFACE="lo"
+
+# Additional options to pass to arpwatch.
+ARPWATCH_OPTS="-N -p"
diff --git a/net-analyzer/arpwatch/files/arpwatch.initd-r1
b/net-analyzer/arpwatch/files/arpwatch.initd-r1
new file mode 100644
index 000..ffe165205c6
--- /dev/null
+++ b/net-analyzer/arpwatch/files/arpwatch.initd-r1
@@ -0,0 +1,27 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Default to "lo" for the interface, so that the init script will work
+# out-of-the-box.
+: ${ARPWATCH_IFACE:=lo}
+
+ARPWATCH_DATAFILE="/var/lib/arpwatch/${RC_SVCNAME}.dat"
+
+command="/usr/sbin/arpwatch"
