Dear maintainer,
I've prepared an NMU for snort (versioned as 2.8.5.2-2.1). The diff
is attached to this message.
Regards.
diff -u snort-2.8.5.2/etc/snort.conf snort-2.8.5.2/etc/snort.conf
--- snort-2.8.5.2/etc/snort.conf
+++ snort-2.8.5.2/etc/snort.conf
@@ -701,16 +701,11 @@
# output database: log, odbc, user=snort dbname=snort
# output database: log, mssql, dbname=snort user=snort password=test
# output database: log, oracle, dbname=snort user=snort password=test
-# <debian>
-# Keep your paws off of these (#DBSTART#) and (#DBEND#) tokens
-# or you *will* break the configure process (snort-pgsql/snort-mysql only)
-# Anything you put between them will be removed on (re)configure.
-#
-# (#DBSTART#)
-# (#DBEND#)
-#
-# </debian>
#
+# On Debian Systems, the database configuration is sepperate into
+# /etc/snort/database.conf.
+# please edit it there, to ensure smoother upgrades of this file.
+include database.conf
# unified: Snort unified binary format alerting and logging
diff -u snort-2.8.5.2/debian/snort-pgsql.postinst snort-2.8.5.2/debian/snort-pgsql.postinst
--- snort-2.8.5.2/debian/snort-pgsql.postinst
+++ snort-2.8.5.2/debian/snort-pgsql.postinst
@@ -77,8 +77,7 @@
fi
if [ "$STARTUP" != "manual" ]; then
- if [ -f /etc/snort/snort.conf ]; then
- # insert database config stuff in the configuration file,
+ # create database config stuff in the configuration file,
# or configure it for syslog-logging.
db_get snort-pgsql/configure_db
if [ "$RET" = "true" ]; then
@@ -87,52 +86,25 @@
db_get snort-pgsql/db_user || true; DB_USER=$RET
db_get snort-pgsql/db_pass || true; DB_PASS=$RET
- # Here we put the database stuff in the config file.
TEMPFILE=`mktemp`
- cat /etc/snort/snort.conf | while read LINE
- do
- if [ "$LINE" = "# (#DBSTART#)" ]
- then
- echo "# (#DBSTART#)" >> $TEMPFILE
- echo -n "output database: log, postgresql, " >> $TEMPFILE
- if [ $DB_USER ]
- then
- echo -n "user=$DB_USER " >> $TEMPFILE
- fi
- if [ $DB_PASS ]
- then
- echo -n "password=$DB_PASS " >> $TEMPFILE
- fi
- if [ $DB_DATABASE ]
- then
- echo -n "dbname=$DB_DATABASE " >> $TEMPFILE
- fi
- if [ $DB_HOST ]
- then
- echo -n "host=$DB_HOST " >> $TEMPFILE
- fi
- echo " " >> $TEMPFILE
- echo "# (#DBEND#)" >> $TEMPFILE
- break
- else
- echo $LINE >> $TEMPFILE
- fi
- done
-
- WRITE=0
- cat /etc/snort/snort.conf | while read LINE
- do
- if [ $WRITE -eq 1 ]
- then
- echo $LINE >> $TEMPFILE
- fi
-
- if [ "$LINE" = "# (#DBEND#)" ]
- then
- WRITE=1
- fi
- done
- mv -f $TEMPFILE /etc/snort/snort.conf
+ echo -n "output database: log, postgresql, " >> $TEMPFILE
+ if [ $DB_USER ]
+ then
+ echo -n "user=$DB_USER " >> $TEMPFILE
+ fi
+ if [ $DB_PASS ]
+ then
+ echo -n "password=$DB_PASS " >> $TEMPFILE
+ fi
+ if [ $DB_DATABASE ]
+ then
+ echo -n "dbname=$DB_DATABASE " >> $TEMPFILE
+ fi
+ if [ $DB_HOST ]
+ then
+ echo -n "host=$DB_HOST " >> $TEMPFILE
+ fi
+ mv -f $TEMPFILE /etc/snort/database.conf
fi
# Ensure the config file is readable by root.root and mode 600
diff -u snort-2.8.5.2/debian/snort-mysql.postinst snort-2.8.5.2/debian/snort-mysql.postinst
--- snort-2.8.5.2/debian/snort-mysql.postinst
+++ snort-2.8.5.2/debian/snort-mysql.postinst
@@ -78,63 +78,36 @@
fi
if [ "$STARTUP" != "manual" ]; then
- if [ -f /etc/snort/snort.conf ]; then
- # insert database config stuff in the configuration file,
- # or configure it for syslog-logging.
- db_get snort-mysql/configure_db
- if [ "$RET" = "true" ]; then
- db_get snort-mysql/db_host || true; DB_HOST=$RET
- db_get snort-mysql/db_database || true; DB_DATABASE=$RET
- db_get snort-mysql/db_user || true; DB_USER=$RET
- db_get snort-mysql/db_pass || true; DB_PASS=$RET
-
- # Here we put the database stuff in the config file.
- TEMPFILE=`mktemp`
- cat /etc/snort/snort.conf | while read LINE
- do
- if [ "$LINE" = "# (#DBSTART#)" ]
- then
- echo "# (#DBSTART#)" >> $TEMPFILE
- echo -n "output database: log, mysql, " >> $TEMPFILE
- if [ $DB_USER ]
- then
- echo -n "user=$DB_USER " >> $TEMPFILE
- fi
- if [ $DB_PASS ]
- then
- echo -n "password=$DB_PASS " >> $TEMPFILE
- fi
- if [ $DB_DATABASE ]
- then
- echo -n "dbname=$DB_DATABASE " >> $TEMPFILE
- fi
- if [ $DB_HOST ]
- then
- echo -n "host=$DB_HOST " >> $TEMPFILE
- fi
- echo " " >> $TEMPFILE
- echo "# (#DBEND#)" >> $TEMPFILE
- break
- else
- echo $LINE >> $TEMPFILE
- fi
- done
-
- WRITE=0
- cat /etc/snort/snort.conf | while read LINE
- do
- if [ $WRITE -eq 1 ]
- then
- echo $LINE >> $TEMPFILE
- fi
-
- if [ "$LINE" = "# (#DBEND#)" ]
- then
- WRITE=1
- fi
- done
- mv -f $TEMPFILE /etc/snort/snort.conf
+ # create database config stuff in the configuration file,
+ # or configure it for syslog-logging.
+ db_get snort-mysql/configure_db
+ if [ "$RET" = "true" ]; then
+ db_get snort-mysql/db_host || true; DB_HOST=$RET
+ db_get snort-mysql/db_database || true; DB_DATABASE=$RET
+ db_get snort-mysql/db_user || true; DB_USER=$RET
+ db_get snort-mysql/db_pass || true; DB_PASS=$RET
+
+ # Here we put the database stuff in the config file.
+ TEMPFILE=`mktemp`
+ echo -n "output database: log, mysql, " >> $TEMPFILE
+ if [ $DB_USER ]
+ then
+ echo -n "user=$DB_USER " >> $TEMPFILE
+ fi
+ if [ $DB_PASS ]
+ then
+ echo -n "password=$DB_PASS " >> $TEMPFILE
+ fi
+ if [ $DB_DATABASE ]
+ then
+ echo -n "dbname=$DB_DATABASE " >> $TEMPFILE
+ fi
+ if [ $DB_HOST ]
+ then
+ echo -n "host=$DB_HOST " >> $TEMPFILE
fi
+ echo " " >> $TEMPFILE
+ mv -f $TEMPFILE /etc/snort/database.conf
# Ensure the config file is readable by root.root and mode 600
if ! dpkg-statoverride --list /etc/snort/snort.conf >/dev/null
@@ -142,7 +115,7 @@
chown root:snort /etc/snort/snort.conf
chmod 640 /etc/snort/snort.conf
fi
- fi
+ fi
fi
db_stop
diff -u snort-2.8.5.2/debian/snort-mysql.postrm snort-2.8.5.2/debian/snort-mysql.postrm
--- snort-2.8.5.2/debian/snort-mysql.postrm
+++ snort-2.8.5.2/debian/snort-mysql.postrm
@@ -36,6 +36,9 @@
if [ -e /etc/snort/db-pending-config ] ; then
rm /etc/snort/db-pending-config
fi
+ if [ -e /etc/snort/database.conf ] ; then
+ rm /etc/snort/database.conf
+ fi
# Remove configuration dir
[ -d /etc/snort ] && rmdir --ignore-fail-on-non-empty /etc/snort
diff -u snort-2.8.5.2/debian/changelog snort-2.8.5.2/debian/changelog
--- snort-2.8.5.2/debian/changelog
+++ snort-2.8.5.2/debian/changelog
@@ -1,3 +1,16 @@
+snort (2.8.5.2-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Move the DB-Configuration into a sepperate file, instead of modifying
+ /etc/snort/snort.conf, which causes upgrade problems (Closes: #603428)
+ * Adding snort-common-preinst to split off exiting config or touch the
+ new database config file on new installations to ensure it exists
+ * modify etc/snort.conf to include the new database conf file
+ * modify snort-{mysql,pgsql}.postinst to use new config file
+ * modify snort-{mysql,pgsql,common}.postrm to purge new config file
+
+ -- Alexander Reichle-Schmehl <[email protected]> Thu, 16 Dec 2010 14:30:46 +0100
+
snort (2.8.5.2-2) unstable; urgency=low
* Remove the reverse_order debconf option since Snort no longer supports the
diff -u snort-2.8.5.2/debian/snort-pgsql.postrm snort-2.8.5.2/debian/snort-pgsql.postrm
--- snort-2.8.5.2/debian/snort-pgsql.postrm
+++ snort-2.8.5.2/debian/snort-pgsql.postrm
@@ -36,6 +36,9 @@
if [ -e /etc/snort/db-pending-config ] ; then
rm /etc/snort/db-pending-config
fi
+ if [ -e /etc/snort/database.conf ] ; then
+ rm /etc/snort/database.conf
+ fi
# Remove configuration dir
[ -d /etc/snort ] && rmdir --ignore-fail-on-non-empty /etc/snort
only in patch2:
unchanged:
--- snort-2.8.5.2.orig/debian/snort-common.postrm
+++ snort-2.8.5.2/debian/snort-common.postrm
@@ -0,0 +1,39 @@
+#! /bin/sh
+# postrm script for snort
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postrm> `remove'
+# * <postrm> `purge'
+# * <old-postrm> `upgrade' <new-version>
+# * <new-postrm> `failed-upgrade' <old-version>
+# * <new-postrm> `abort-install'
+# * <new-postrm> `abort-install' <old-version>
+# * <new-postrm> `abort-upgrade' <old-version>
+# * <disappearer's-postrm> `disappear' <r>overwrit>r> <new-version>
+# for details, see /usr/doc/packaging-manual/
+
+
+case "$1" in
+ purge)
+ # on installation we touch this file to ensure it's there
+ # if it's still there and emmpty, we can remove it
+ # if it's not empty, snort-{mysql,pgsql} have added content and
+ # should deal with it themselve on purge
+ if [ -e /etc/snort/database.conf ] && [ ! -s /etc/snort/database.conf ]
+ then
+ rm -f /etc/snort/database.conf
+ fi
+ ;;
+ remove|upgrade|failed-upgrade|abort-install|abort-upgrade)
+ # nothing
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
only in patch2:
unchanged:
--- snort-2.8.5.2.orig/debian/snort-common.preinst
+++ snort-2.8.5.2/debian/snort-common.preinst
@@ -0,0 +1,70 @@
+#!/bin/sh
+
+set -e
+
+# summary of how this script can be called:
+# * <new-preinst> `install'
+# * <new-preinst> `install' <old-version>
+# * <new-preinst> `upgrade' <old-version>
+# * <old-preinst> `abort-upgrade' <new-version>
+
+DBCONF="/etc/snort/database.conf"
+GENCONF="/etc/snort/snort.conf"
+
+case "$1" in
+ install)
+ # make sure database configuration file exists
+ touch $DBCONF
+ ;;
+ upgrade)
+ # earlier versions modified /etc/snort/snort.conf directly for the
+ # DB stuff, we splitt it off in a sepperate file, to ensure smooth
+ # upgrades
+ if dpkg --compare-versions "$2" le "2.8.5.2-2";
+ then
+ GENCONF_TEMPFILE=`mktemp`
+ DBCONF_TEMPFILE=`mktemp`
+ WRITE_DB=0
+ WRITE_GEN=1
+ cat $GENCONF | while read LINE
+ do
+ if [ "$LINE" = "# (#DBEND#)" ]
+ then
+ WRITE_DB=0
+ WRITE_GEN=1
+ fi
+ if [ $WRITE_DB -eq 1 ]
+ then
+ echo $LINE >> $DBCONF_TEMPFILE
+ fi
+ if [ $WRITE_GEN -eq 1 ]
+ then
+ echo $LINE >> $GENCONF_TEMPFILE
+ fi
+ if [ "$LINE" = "# (#DBSTART#)" ]
+ then
+ WRITE_DB=1
+ WRITE_GEN=0
+ fi
+ done
+ mv $DBCONF_TEMPFILE $DBCONF
+ mv $GENCONF_TEMPFILE $DBCONF
+ fi
+ ;;
+ configure)
+ ;;
+ abort-upgrade)
+ ;;
+ *)
+ echo "preinst called with unknown argument \`$1'" >&2
+ exit 0
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
