On 2018/12/05 00:21, Andreas Kusalananda Kähäri wrote:
> Attached is a port of sshguard-2.2.0 which appears to work, sort of. It
> does not start at boot when started from pkg_scripts. It *does* start
> reliably when started manually with "rcctl start sshguard" and it shuts
> down reliably both at system shutdown and manually (and in-between, it
> runs well).
>
> Any help with possible diagnoses of the startup problem would be
> helpful. I haven't found any other port that starts a shell script as a
> daemon, but I have only looked for "/bin/sh" in the rc scripts for that.
>
> The "stop" action in the rc script is a bit unorthodox:
>
> kill -- "-$( ps -o pgid= -p "$( pgrep -o -T "${daemon_rtable}" -fx "${pexp}"
> )" )"
>
> ... and that's to send a TERM signal to all the processes in the
> relevant process group (sshguard consists of a total of seven separate
> processes). The main script does do something similar to this ("kill 0"
> in a trap), but this may require bash to work (and even then it doesn't
> seem to work reliably).
>
> I have attached a diff for the port as well as a tar archive of it.
It may be worth removing from pkg_scripts and running from rc.local
to see if it fails there. If so then run from there under ktrace e.g.
"ktrace -f /tmp/ktrace.out -i /usr/sbin/rcctl start sshguard" and
see if anything can be gleaned from running kdump on that file.
A couple of porting notes,
> +CONFIGURE_STYLE=simple
> +CONFIGURE_ARGS= --sysconfdir="${SYSCONFDIR}" \
> + --mandir="${TRUEPREFIX}/man"
This has crept back in, it should stay at CONFIGURE_STYLE=gnu and
remove the manual setting of --sysconfdir= and --mandir.
> +share/examples/sshguard/
> +share/examples/sshguard/sshguard.conf.sample
> +share/examples/sshguard/whitelistfile.example
> Index: pkg/README
> ===================================================================
> RCS file: /extra/cvs/ports/security/sshguard/pkg/README,v
> retrieving revision 1.3
> diff -u -p -r1.3 README
> --- pkg/README 4 Sep 2018 12:46:21 -0000 1.3
> +++ pkg/README 4 Dec 2018 21:10:55 -0000
> @@ -4,7 +4,13 @@ $OpenBSD: README,v 1.3 2018/09/04 12:46:
> | Running ${PKGSTEM} on OpenBSD
> +-----------------------------------------------------------------------
>
> -To use sshguard with pf(4), add the following to /etc/pf.conf:
> +Copy the example configuration file:
> +
> + cp ${PREFIX}/share/examples/sshguard/sshguard.conf.sample \
> + ${SYSCONFDIR}/sshguard.conf
Should use @sample in PLIST instead of telling people to do that by
hand, e.g.
share/examples/sshguard/
share/examples/sshguard/sshguard.conf.sample
@sample ${SYSCONFDIR}/sshguard.conf
Simpler, and helps pkg_delete -c.
> +
> +pexp="/bin/sh $pexp"
> +
> +rc_stop () {
> + # Need to send TERM to all processes in the process group not just
> + # to the ones matching "$pexp". The main sshguard shell script does
> + # set up a trap for doing this, but it relies on running under bash.
> + kill -- "-$( ps -o pgid= -p "$( pgrep -o -T "${daemon_rtable}" -fx
> "${pexp}" )" )"
> +}
>
> rc_bg=YES
> rc_reload=NO
<insert see-no-evil-monkey emoji here> ;)
