[Buildroot] [PATCH v2] package/sshguard: new package

Peter Korsgaard peter at korsgaard.com
Sat Aug 3 09:06:24 UTC 2019


>>>>> "Angelo" == Angelo Compagnucci <angelo at amarulasolutions.com> writes:

 > sshguard protects hosts from brute-force attacks against SSH and other
 > services.

 > Signed-off-by: Angelo Compagnucci <angelo at amarulasolutions.com>
 > ---
 > CHANGELOG:
 > v1-> v2:
 > * Fixed license (suggested by Thomas)
 > * Fixed sysv script (suggested by Thomas)
 > * Moved from using git to use tarball

 >  DEVELOPERS                     |  1 +
 >  package/Config.in              |  1 +
 >  package/sshguard/Config.in     | 10 +++++++++
 >  package/sshguard/S39sshguard   | 50 ++++++++++++++++++++++++++++++++++++++++++
 >  package/sshguard/sshguard.hash |  3 +++
 >  package/sshguard/sshguard.mk   | 34 ++++++++++++++++++++++++++++
 >  6 files changed, 99 insertions(+)

This had a number of check-package warnings, please consider running
check-package before submitting in the future, thanks.

> diff --git a/package/sshguard/Config.in b/package/sshguard/Config.in
 > new file mode 100644
 > index 0000000..6bf1800
 > --- /dev/null
 > +++ b/package/sshguard/Config.in
 > @@ -0,0 +1,10 @@
 > +config BR2_PACKAGE_SSHGUARD
 > +	bool "sshguard"
 > +	depends on BR2_PACKAGE_IPTABLES

Iptables doesn't have a lot of strange dependencies, so I think it makes
more sense to use a select here. We also normally add a # runtime
comment to explain why we don't need to add it to _DEPENDENCIES.


 > +++ b/package/sshguard/S39sshguard
 > @@ -0,0 +1,50 @@
 > +#!/bin/sh
 > +
 > +DAEMON="sshguard"
 > +PIDFILE="/var/run/$DAEMON.pid"
 > +
 > +start() {
 > +	printf 'Starting %s: ' "$DAEMON"
 > +	iptables -L sshguard > /dev/null 2>&1 || \
 > +	(iptables -N sshguard && \
> +	iptables -A INPUT -j sshguard)

Indentation / wrapping looks a bit odd here.

 > +++ b/package/sshguard/sshguard.mk
 > @@ -0,0 +1,34 @@
 > +################################################################################
 > +#
 > +# sshguard
 > +#
 > +################################################################################
 > +
 > +SSHGUARD_VERSION = 2.4.0
 > +SSHGUARD_SOURCE = sshguard-$(SSHGUARD_VERSION).tar.gz

It is the default, so can be dropped.

> +SSHGUARD_SITE = https://sourceforge.net/projects/sshguard/files/sshguard/$(SSHGUARD_VERSION)
 > +SSHGUARD_LICENSE = MIT, X11, GPL-2.0+, Public Domain, ISC

That is quite creative ;) The main license seems to be ISC, with the
hash functions public domain and the SimCList code BSD-3-Clause. I do
not see MIT or X11 code anywhere (except for the oneliner reference in
install-sh, but that isn't used on the target). The only GPL reference I
see is in the parser generated by bison, but that has an exception
saying:

As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
under terms of your choice

So I simply made this:

SSHGUARD_LICENSE = ISC, Public Domain (fnv hash), BSD-3-Clause (SimCList)

 > +define SSHGUARD_INSTALL_CONFIG
 > +	$(INSTALL) -D -m 0644 $(@D)/examples/sshguard.conf.sample \
 > +		$(TARGET_DIR)/etc/sshguard.conf
 > +	$(SED) '/^#BACKEND/c\BACKEND="/usr/libexec/sshg-fw-iptables"' $(TARGET_DIR)/etc/sshguard.conf
 > +	$(SED) '/^#FILES/c\FILES="/var/log/messages"' $(TARGET_DIR)/etc/sshguard.conf

NIT: This could be done in a single sed invocationm which would also
shorten the very long line.

 > +endef
 > +SSHGUARD_POST_INSTALL_TARGET_HOOKS += SSHGUARD_INSTALL_CONFIG
 > +
 > +define SSHGUARD_INSTALL_INIT_SYSV
 > +	$(INSTALL) -D -m 755 package/sshguard/S39sshguard \
 > +		$(TARGET_DIR)/etc/init.d/S39sshguard
 > +endef

I don't see why this should be S39 when we only bring up the network in
S40 and start ssh servers at S50, so I've changed this to S49.

Committed with these fixes, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list