Arpwatch patch that replaces mail notification by log files

net-analyzer/arpwatch/Manifest

@@ -0,0 +1,6 @@
+AUX arpwatch.confd 270 RMD160 040c4ade1f157b38fdb66d8e8cc08e3b6484ef18 SHA1 3b590f1851cbd5d684b6e836757367446fddfaf4 SHA256 bf36f7b717291733787bd00ac22d49dafc251cd50fcc27266d56d51364fd62fa
+AUX arpwatch.initd 1106 RMD160 a9db01d5b2157742d6f9d48c157718e158017cb4 SHA1 8cafd84754f8e32a7fcec4180e79e3b62d4964ec SHA256 c336b18759d188ef6c77e2177fdfbf4ed5c488f04fc2357c556ff406d2eeea1d
+AUX arpwatch_nomail-2.1.15.patch 4407 RMD160 d3e79782edaad49f498c45a2c1f669676bd37706 SHA1 a52d47b3dd31d9754d263dc1ae73e31bc2725ee5 SHA256 1627202cb73c07f724825f9878779e4b367ece1ec56cc7d454bbc6cc0735b54d
+DIST arpwatch-2.1a15.tar.gz 202729 RMD160 a27ee53275dcec3cafb85eb3df2451d42ec32b0c SHA1 9dffaec0f132e5bb7aedfc840c5c67068bfbce69 SHA256 c1df9737e208a96a61fa92ddad83f4b4d9be66f8992f3c917e9edf4b05ff5898
+DIST arpwatch-patchset-0.4.tbz2 16350 RMD160 9e9ae77ef38591af72687fa7014b4c56fc4c4d2c SHA1 009eaa110fc93b40aa91c838b57b71a071210692 SHA256 f49deed64301078a00881fa9c27bb3a4116b9096cfe880f5a0bcc9913b439a18
+EBUILD arpwatch-2.1.15-r9999.ebuild 2126 RMD160 30b7be9bf3dddffb319b6d10931d1d51b7979cd4 SHA1 6e8100e3662aaab9a53e38f99c8154544ec63137 SHA256 2b278a8332de4246b48207092c955e343184e262777a002ac1e4002c792f5bbd

net-analyzer/arpwatch/arpwatch-2.1.15-r9999.ebuild

@@ -0,0 +1,72 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/arpwatch/arpwatch-2.1.15-r5.ebuild,v 1.7 2010/04/12 12:53:41 aballier Exp $
+
+inherit eutils versionator
+
+PATCH_VER="0.4"
+
+MY_P="${PN}-$(replace_version_separator 2 'a')"
+DESCRIPTION="An ethernet monitor program that keeps track of ethernet/ip address pairings"
+HOMEPAGE="http://www-nrg.ee.lbl.gov/"
+SRC_URI="ftp://ftp.ee.lbl.gov/${MY_P}.tar.gz
+	mirror://gentoo/arpwatch-patchset-${PATCH_VER}.tbz2"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~ppc ~sparc ~x86 ~x86-fbsd"
+IUSE="selinux"
+
+DEPEND="virtual/libpcap
+	sys-libs/ncurses"
+
+RDEPEND="${DEPEND}
+		selinux? ( sec-policy/selinux-arpwatch )"
+
+S=${WORKDIR}/${MY_P}
+
+pkg_preinst() {
+	enewuser arpwatch
+}
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	EPATCH_SOURCE="${WORKDIR}"/arpwatch-patchset/
+	EPATCH_SUFFIX="patch"
+	epatch
+	cp "${WORKDIR}"/arpwatch-patchset/*.8 . || die "Failed to get man-pages from arpwatch-patchset."
+# Pinkbyte & Rainer: adapt nomail patch to current version and all previous patches (puts log files into /var/log/arpwatch folder)
+	epatch "${FILESDIR}/arpwatch_nomail-${PV}.patch"
+#
+}
+
+src_install () {
+	dosbin arpwatch arpsnmp arp2ethers massagevendor arpfetch bihourly.sh
+	doman arpwatch.8 arpsnmp.8 arp2ethers.8 massagevendor.8 arpfetch.8 bihourly.8
+
+	insinto /usr/share/arpwatch
+	doins ethercodes.dat
+
+	insinto /usr/share/arpwatch/awk
+	doins duplicates.awk euppertolower.awk p.awk e.awk d.awk
+
+	keepdir /var/lib/arpwatch
+	dodoc README CHANGES
+
+	newinitd "${FILESDIR}"/arpwatch.initd arpwatch
+	newconfd "${FILESDIR}"/arpwatch.confd arpwatch
+# Pinkbyte: create directory /var/log/arpwatch and set it's owner to arpwatch user
+	keepdir /var/log/arpwatch
+	chown arpwatch:0 "${ROOT}var/log/arpwatch"
+#
+}
+
+pkg_postinst() {
+	# Workaround bug #141619 put this in src_install when bug'll be fixed.
+	chown arpwatch:0 "${ROOT}var/lib/arpwatch"
+
+	elog "For security reasons arpwatch by default runs as an unprivileged user."
+	ewarn "Note: some scripts require snmpwalk utility from net-analyzer/net-snmp"
+}

net-analyzer/arpwatch/files/arpwatch.confd

@@ -0,0 +1,11 @@
+# Config file for /etc/init.d/arpwatch
+# see arpwatch.8 for more information
+
+#IFACES="eth0 eth1"
+IFACES="eth0"
+
+# Additional options to pass to arpwatch.
+OPTIONS="-N -p"
+
+# Comment this line if you wish arpwatch to run as root user (not recommended)
+ARPUSER="arpwatch"

net-analyzer/arpwatch/files/arpwatch.initd

@@ -0,0 +1,37 @@
+#!/sbin/runscript
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/arpwatch/files/arpwatch.initd,v 1.1 2007/06/02 22:37:16 jokey Exp $
+
+depend() {
+	need net
+}
+
+start() {
+	for IFACE in ${IFACES}
+	do
+		ebegin "Starting arpwatch on ${IFACE}"
+		DATAFILE=/var/lib/arpwatch/${IFACE}.dat
+		[ ! -f ${DATAFILE} ] && touch ${DATAFILE}
+
+		if [ -z ${ARPUSER} ]; then
+			start-stop-daemon --start --quiet --pidfile=/var/run/arpwatch.${IFACE}.pid --exec \
+			/usr/sbin/arpwatch -- -i ${IFACE} -f ${DATAFILE} -P /var/run/arpwatch.${IFACE}.pid ${OPTIONS}
+		else
+			chown ${ARPUSER} ${DATAFILE}
+			start-stop-daemon --start --quiet --pidfile=/var/run/arpwatch.${IFACE}.pid --exec \
+			/usr/sbin/arpwatch -- -i $IFACE -u ${ARPUSER} -f ${DATAFILE} -P /var/run/arpwatch.${IFACE}.pid ${OPTIONS}
+		fi
+		eend $?
+	done
+}
+
+stop() {
+	for IFACE in ${IFACES}
+	do
+		ebegin "Stopping arpwatch on ${IFACE}"
+		start-stop-daemon --stop --quiet --pidfile=/var/run/arpwatch.${IFACE}.pid --exec \
+		/usr/sbin/arpwatch
+		eend $?
+	done
+}

net-analyzer/arpwatch/files/arpwatch_nomail-2.1.15.patch

@@ -0,0 +1,181 @@
+--- report.c.orig	2010-08-11 21:27:04.936004908 +0400
++++ report.c	2010-08-11 21:36:40.581758034 +0400
+@@ -50,9 +50,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <syslog.h>
+-#ifdef TIME_WITH_SYS_TIME
+ #include <time.h>
+-#endif
+ #include <unistd.h>
+ 
+ #include "gnuc.h"
+@@ -70,11 +68,15 @@
+ 
+ #define PLURAL(n) ((n) == 1 || (n) == -1 ? "" : "s")
+ 
+-static int cdepth;	/* number of outstanding children */
++#if !defined(REPORT_DIR)
++#define REPORT_DIR "/var/log/arpwatch"
++#endif
++#if !defined(REPORT_FMODE)
++#define REPORT_FMODE 644
++#endif
+ 
+ static char *fmtdate(time_t);
+ static char *fmtdelta(time_t);
+-RETSIGTYPE reaper(int);
+ static int32_t gmt2local(void);
+ 
+ static char *
+@@ -203,44 +205,6 @@
+ 	return (dt);
+ }
+ 
+-RETSIGTYPE
+-reaper(int signo)
+-{
+-	register pid_t pid;
+-	DECLWAITSTATUS status;
+-
+-	for (;;) {
+-		pid = waitpid((pid_t)0, &status, WNOHANG);
+-		if ((int)pid < 0) {
+-			/* ptrace foo */
+-			if (errno == EINTR)
+-				continue;
+-			/* ECHILD means no one left */
+-			if (errno != ECHILD)
+-				/* It is dangerous to call non reentrant */
+-				/* functions from callback (POSIX) */
+-				/* Next line effectively disables this as */
+-				/* we never get here in debug */
+-				if (debug)
+-					syslog(LOG_ERR, "reaper: %m");
+-			break;
+-		}
+-		/* Already got everyone who was done */
+-		if (pid == 0)
+-			break;
+-		--cdepth;
+-		if (WEXITSTATUS(status))
+-			/* It is dangerous to call non-reentrant */
+-			/* functions from callback (POSIX) */
+-			/* Next line effectively disables this as */
+-			/* we never get here in debug */
+-			if (debug)
+-			syslog(LOG_DEBUG, "reaper: pid %d, exit status %d",
+-				    pid, WEXITSTATUS(status));
+-	}
+-	return RETSIGVAL;
+-}
+-
+ void
+ report(register char *title, register u_int32_t a, register u_char *e1,
+     register u_char *e2, register time_t *t1p, register time_t *t2p,
+@@ -248,16 +212,12 @@
+ {
+ 	extern char *path_sendmail;
+ 	register char *cp, *hn;
+-	register int fd, pid;
++	register int fd;
+ 	register FILE *f;
+-	char tempfile[64], cpu[64], os[64];
++	char tempfile[512], cpu[64], os[64];
+ 	char *fmt = "%20s: %s\n";
+-	char *watcher = mailaddress;
+-	char *watchee = WATCHEE;
+-	char *sendmail = path_sendmail;
+ 	char *unknown = "<unknown>";
+ 	char buf[132];
+-	static int init = 0;
+ 
+ 	/* No report until we're initialized */
+ 	if (initializing)
+@@ -271,53 +271,34 @@
+ 		f = stdout;
+ 		(void)putc('\n', f);
+ 	} else {
+-		/* Setup child reaper if we haven't already */
+-		if (!init) {
+-			(void)setsignal(SIGCHLD, reaper);
+-			++init;
+-		}
+-		while (cdepth >= 3) {
+-			syslog(LOG_ERR, "report: pausing (cdepth %d)", cdepth);
+-			pause();
+-		}
+-
+-		/* Syslog this event too */
+-		dosyslog(LOG_NOTICE, title, a, e1, e2, interface);
+-
+ 		/* return if watcher is an empty string */
+ 		if ( quiet )
+ 			return;
+ 
+-		/* Update child depth */
+-		++cdepth;
+-
+-		/* Fork off child to send mail */
+-		pid = fork();
+-		if (pid) {
+-			/* Parent */
+-			if (pid < 0)
+-				syslog(LOG_ERR, "report: fork() 1: %m");
+-			return;
+-		}
++		time_t tt = time(NULL);
++		struct tm *t = localtime(&tt);
+ 
+ 		/* Child */
+ 		closelog();
+ 		(void)strcpy(tempfile, "/tmp/arpwatch.XXXXXX");
++		(void)snprintf(tempfile, sizeof(tempfile),
++			"%s/arpwatch-%04d%02d%02d_%02d%02d%02d.msgXXXXXX",
++			REPORT_DIR,
++			t->tm_year, t->tm_mon, t->tm_mday,
++			t->tm_hour, t->tm_min, t->tm_sec);
+ 		if ((fd = mkstemp(tempfile)) < 0) {
+ 			syslog(LOG_ERR, "mkstemp(%s) %m", tempfile);
++			return;
+-			exit(1);
+ 		}
++#if defined(REPORT_FMODE)
++		fchmod(fd, REPORT_FMODE);
++#endif
+ 		if ((f = fdopen(fd, "w+")) == NULL) {
+-			syslog(LOG_ERR, "child fdopen(%s): %m", tempfile);
+-			exit(1);
++			syslog(LOG_ERR, "fdopen(%s): %m", tempfile);
++			return;
+ 		}
+-		/* Cheap delete-on-close */
+-		if (unlink(tempfile) < 0)
+-			syslog(LOG_ERR, "unlink(%s): %m", tempfile);
+ 	}
+ 
+-	(void)fprintf(f, "From: %s\n", watchee);
+-	(void)fprintf(f, "To: %s\n", watcher);
+ 	if (interface == NULL) interface = ""; /* shouldn't happen */
+ 	hn = gethname(a);
+ 	if (!isdigit(*hn))
+@@ -354,17 +354,7 @@
+ 
+ 	if (debug) {
+ 		fflush(f);
+-		return;
++	} else {
++		fclose(f);
+ 	}
+-
+-	(void)rewind(f);
+-	if (dup2(fileno(f), fileno(stdin)) < 0) {
+-		syslog(LOG_ERR, "dup2: %m");
+-		exit(1);
+-	}
+-	/* XXX Need to freopen()? */
+-	/* Always Deliver interactively (pause when child depth gets large) */
+-	execl(sendmail, "sendmail", "-odi", watcher, NULL);
+-	syslog(LOG_ERR, "execl: %s: %m", sendmail);
+-	exit(1);
+ }