- upgrade to version 1.0

- the port is no longer interactive, it uses the default blocking backend (hosts)
- for pf and ipfw see the new ports sshguard-[pf|ipfw]

PR:		ports/112749
Submitted by:	Mij (maintainer)
Reviewed by:	leeym@

5 files changed, 119 insertions, 22 deletions

diff --git a/security/sshguard/Makefile b/security/sshguard/Makefile
index 7ee9ac2bdcce..8880e3d9e4a8 100644
--- a/security/sshguard/Makefile
+++ b/security/sshguard/Makefile
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	sshguard
-PORTVERSION=	0.91
-PORTREVISION=	1
+DISTVERSION=	1.0
 CATEGORIES=	security
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	${PORTNAME}
@@ -15,35 +14,46 @@ MASTER_SITE_SUBDIR=	${PORTNAME}
 MAINTAINER=	mij@bitchx.it
 COMMENT=	Protect networked hosts from brute force attacks against ssh
 
+CONFLICTS?=	sshguard-ipfw-1.0* sshguard-pf-1.0*
+
 PLIST_FILES=	sbin/sshguard
 
-IS_INTERACTIVE=	yes
+MAN8=		sshguard.8
+MANCOMPRESSED=	no
 USE_BZIP2=	yes
 HAS_CONFIGURE=	yes
 
-OPTIONS=	PF	"Use PF as firewall backend"	off \
-		IPFW	"Use IPFW as firewall backend"	off
+# sublist will be set afterward
+SUB_FILES=	pkg-message
+#SUB_LIST=
+
+# backend type in { hosts, ipfw, pf }
+SSHGUARDFW?=	hosts
 
 .include <bsd.port.pre.mk>
 
-.if ! ( (defined(WITH_PF) && !defined(WITH_IPFW)) || !defined(WITH_PF))
-# some error occurred. Configure will handle this.
+.if defined(PREFIX)
+CONFIGURE_ARGS+=	--prefix=${PREFIX}
 .endif
 
-.if defined(WITH_PF)
-# compile with PF support
-CONFIGURE_ARGS+=	--with-firewall=pf
-.elif defined(WITH_IPFW)
-# compile with IPFW support
-CONFIGURE_ARGS+=	--with-firewall=ipfw
+.if ${SSHGUARDFW} == pf
+PKGMSG_FWBLOCK="  To activate or configure PF see http://sshguard.sf.net/doc/setup/blockingpf.html"
+.elif ${SSHGUARDFW} == ipfw
+PKGMSG_FWBLOCK="  Verify that IPFW is active with \"ipfw show\"."
+.elif ${SSHGUARDFW} == hosts
+PKGMSG_FWBLOCK="  Sshguard is going to use /etc/hosts.allow, I have touched it for you."
 .endif
 
+# for substitution in subfiles
+SUB_LIST+=	PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK}
+
+CONFIGURE_ARGS+=	--with-firewall=${SSHGUARDFW}
+
 post-install:
-	# spare pkg-message
-	${ECHO_MSG} "		Sshguard installed successfully."
-	${ECHO_MSG} "Make it active by putting in /etc/syslog.conf something like:"
-	${ECHO_MSG} "	auth.info;authpriv.info     |exec ${PREFIX}/sbin/sshguard"
-	${ECHO_MSG} "Otherwise, run sshguard standalone with (as root):"
-	${ECHO_MSG} "	tail -n 0 -f /var/log/auth.log | ${PREFIX}/sbin/sshguard"
+	@PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
+	@${CAT}	${PKGMESSAGE}
+
+pre-deinstall:
+	@PKG_PREFIX=${PREFIX} ${SH} ${PKGDEINSTALL} ${PKGNAME} DEINSTALL
 
 .include <bsd.port.post.mk>
diff --git a/security/sshguard/distinfo b/security/sshguard/distinfo
index 07be1e50c899..e9ad206ad3b1 100644
--- a/security/sshguard/distinfo
+++ b/security/sshguard/distinfo
@@ -1,3 +1,3 @@
-MD5 (sshguard-0.91.tar.bz2) = e6fb218fe2450f14b38ae5c5b67f0b6a
-SHA256 (sshguard-0.91.tar.bz2) = c1e16d1d20ff192e0368bd8ddfe6acede5a90fef10ce0558655bacf62c29c42f
-SIZE (sshguard-0.91.tar.bz2) = 63751
+MD5 (sshguard-1.0.tar.bz2) = 77b5a3a9d74542c487b8d5453d53d572
+SHA256 (sshguard-1.0.tar.bz2) = 33a9fe9d2360e9a5c357e269353d4157270171ff975bcf649f5f99b1aa8dcc08
+SIZE (sshguard-1.0.tar.bz2) = 118988
diff --git a/security/sshguard/files/pkg-message.in b/security/sshguard/files/pkg-message.in
new file mode 100644
index 000000000000..635f459c5200
--- /dev/null
+++ b/security/sshguard/files/pkg-message.in
@@ -0,0 +1,10 @@
+##########################################################################
+  Sshguard installed successfully.
+
+%%PKGMSG_FWBLOCK%%
+
+  Your /etc/syslog.conf has been added a line for sshguard; uncomment it
+  and use "/etc/rc.d/syslogd reload" for activating it.
+  
+  See sshguard(8) and http://sshguard.sourceforge.net for additional info.
+##########################################################################
diff --git a/security/sshguard/pkg-deinstall b/security/sshguard/pkg-deinstall
new file mode 100644
index 000000000000..7ced4dc8540c
--- /dev/null
+++ b/security/sshguard/pkg-deinstall
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+# If:
+#   1) syslog.conf exists
+#   2) it does contain some directive for sshguard
+# then do the following:
+#   @ if the directive was the default directive (as installed by pkg-install)
+#       then remove it
+#   @ if the directive is some custom (uncommented) directive, comment it
+# and reload syslogd eventually.
+
+# real syslog.conf configuration file path
+SYSLOGCONF=/etc/syslog.conf
+# configuration line to add
+SSHGUARDCONFLINE="auth.info;authpriv.info     |exec $PKG_PREFIX/sbin/sshguard"
+
+case "$2" in
+	"DEINSTALL")
+		if (test -f "$SYSLOGCONF" && grep -q '^[^#].*sshguard' "$SYSLOGCONF")
+        then
+            TMPFILE=`mktemp -q /tmp/syslogcXX`
+            if grep -qx "$SSHGUARDCONFLINE" "$SYSLOGCONF"
+            then
+                # remove default sshguard entry from syslog.conf
+                echo "I'm removing the default sshguard syslog entry for you..."
+                grep -vx "$SSHGUARDCONFLINE" "$SYSLOGCONF" > $TMPFILE
+            else
+                # comment customized sshguard configuration line
+                echo "I'm commenting your custom sshguard syslog entry for you..."
+                sed "s/^[^#].*sshguard.*/#&/" < "$SYSLOGCONF" > $TMPFILE
+            fi
+            mv $TMPFILE "$SYSLOGCONF"
+            /etc/rc.d/syslogd reload
+		fi
+	;;
+esac
diff --git a/security/sshguard/pkg-install b/security/sshguard/pkg-install
new file mode 100644
index 000000000000..09b275c40669
--- /dev/null
+++ b/security/sshguard/pkg-install
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+# If:
+#   1) syslog.conf exists
+#   2) it doesn't already contain some (uncommented) sshguard directive
+# then add $SSHGUARDCONFLINE (commented) right at the end of the header
+# comments section in syslog.conf
+
+# real syslog.conf configuration file path
+SYSLOGCONF=/etc/syslog.conf
+# configuration line to add
+SSHGUARDCONFLINE="auth.info;authpriv.info     |exec $PKG_PREFIX/sbin/sshguard"
+
+case "$2" in
+    "POST-INSTALL")
+        if test "x$SSHGUARDFW" = xhosts
+        then
+            touch /etc/hosts.allow
+        fi
+        if (test -f "$SYSLOGCONF" && ! grep -q sshguard "$SYSLOGCONF")
+        then
+            # append default sshguard entry in syslog.conf (first line after comments header)
+	    TMPFILE=`mktemp -q /tmp/syslogcXX`
+	    # make sure our file has the same permissions as the original, since we mv it back
+	    cp -p $SYSLOGCONF ${TMPFILE}
+	    echo > ${TMPFILE}
+            inheader=1
+            cat "$SYSLOGCONF" | while read cline ;
+            do
+                if (test $inheader -eq 1 && !(echo "$cline" | grep -q "^[[:space:]]*#"))
+                then
+                    # got off of header comments
+                    inheader=0
+                    echo "#$SSHGUARDCONFLINE" >> $TMPFILE
+                fi
+                echo "$cline" >> $TMPFILE
+            done
+            mv $TMPFILE "$SYSLOGCONF"
+        fi
+;;
+esac