<pre style='margin:0'>
Perry E. Metzger (pmetzger) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/8ba09df0d5c777b1eeee8e9cc888fbb2a6ae0ce6">https://github.com/macports/macports-ports/commit/8ba09df0d5c777b1eeee8e9cc888fbb2a6ae0ce6</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 8ba09df0d5c macos-fortress: Bugfix
</span>8ba09df0d5c is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 8ba09df0d5c777b1eeee8e9cc888fbb2a6ae0ce6
</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>
AuthorDate: Thu Nov 4 13:07:11 2021 -0400
<span style='display:block; white-space:pre;color:#404040;'> macos-fortress: Bugfix
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> * Fixes: https://trac.macports.org/ticket/63796
</span>---
net/macos-fortress/Portfile | 84 +++++++++++++++++++++++----------------------
1 file changed, 43 insertions(+), 41 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-fortress/Portfile b/net/macos-fortress/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 63b3569b7d5..e3be1484af4 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/macos-fortress/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-fortress/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -5,7 +5,7 @@ PortGroup active_variants 1.1
</span>
name macos-fortress
version 2021.10.23
<span style='display:block; white-space:pre;background:#ffe0e0;'>-revision 0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+revision 1
</span>
categories net security
platforms darwin
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -124,9 +124,9 @@ proc plutil_startup {plcmds label} {
</span> }
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>-set notes_pf "The PF configuration provides an adaptive firewall \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- that blocks brute force attacks, and connections from IP addresses \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- provided by the crowd-sourced lists dshield and emergingthreats. PF \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set notes_pf "The PF configuration provides an adaptive firewall\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ that blocks brute force attacks, and connections from IP addresses\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ provided by the crowd-sourced lists dshield and emergingthreats. PF\
</span> uses this environment variable (with default value):
\t\${PF_CONF:-${pf_conf}}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -136,35 +136,35 @@ set notes_pf "The PF configuration provides an adaptive firewall \
</span> \t${prefix}/share/${name}/private.myserver.launchctl-setenv.plist"
set notes_proxy_privoxy \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- "The proxy uses a privoxy (port 8118) along with \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- CSS blocking using an nginx webserver (port 8119). Clients may be \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "The proxy uses a privoxy (port 8118) along with\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ CSS blocking using an nginx webserver (port 8119). Clients may be\
</span> configured to use this proxy by either host:port or the PAC file:
\t${proxy_hostname}:8118
\thttp://${proxy_hostname}/proxy.pac"
set notes_proxy_squid \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- "The proxy uses a chain of squid (port 3128) and \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- privoxy (port 8118) along with a blackhole and CSS blocking using \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- an nginx webserver (port 8119). Please note that this approach \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- may not work on several browsers, including iOS Safari 15. See \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- https://github.com/essandess/easylist-pac-privoxy/issues/21. The \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "The proxy uses a chain of squid (port 3128) and\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ privoxy (port 8118) along with a blackhole and CSS blocking using\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ an nginx webserver (port 8119). Please note that this approach\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ may not work on several browsers, including iOS Safari 15. See\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ https://github.com/essandess/easylist-pac-privoxy/issues/21. The\
</span> port ${name}-proxy with HTTPS inspection is recommended.
<span style='display:block; white-space:pre;background:#ffe0e0;'>- Clients may be configured to use this proxy by either host:port \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Clients may be configured to use this proxy by either host:port\
</span> or the PAC file:
\t${proxy_hostname}:3128
\thttp://${proxy_hostname}/proxy.pac"
<span style='display:block; white-space:pre;background:#ffe0e0;'>-set notes_proxy "Domain names and a blacklist file are blocked, excluding \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set notes_proxy "Domain names and a blacklist file are blocked, excluding\
</span> whitelisted domain names. These are provised in the files:
\t${prefix}/etc/${name}/blacklist.txt
\t${prefix}/etc/${name}/whitelist.txt
<span style='display:block; white-space:pre;background:#ffe0e0;'>- The proxy also provides a proxy autoconfiguration (PAC) file with \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- blocking rules generated from easylist ad and tracker blocks. The \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ The proxy also provides a proxy autoconfiguration (PAC) file with\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ blocking rules generated from easylist ad and tracker blocks. The\
</span> proxy uses these environment variables (with default values):
\t\${PROXY_HOSTNAME:-${proxy_hostname}}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -175,7 +175,7 @@ set notes_proxy "Domain names and a blacklist file are blocked, excluding \
</span>
\t${prefix}/share/${name}/private.myserver.launchctl-setenv.plist
<span style='display:block; white-space:pre;background:#ffe0e0;'>- The native macOS web server is used by default to host the PAC file. \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ The native macOS web server is used by default to host the PAC file.\
</span> This web server must be launched independently with the command
sudo apachectl start"
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -224,7 +224,7 @@ if {${name} eq ${subport}} {
</span> if { [catch {set result [registry_active ${name}-proxy]}]
|| [lindex [lindex ${result} 0] 3] \
ne "+https_inspection" } {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ui_error "${name}-proxy not installed with https_inspection. \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_error "${name}-proxy not installed with https_inspection.\
</span> Please install:
sudo port -pN install ${name}-proxy +https_inspection"
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -295,20 +295,20 @@ if {${name} eq ${subport}} {
</span> org.macports.${startupitem.name}
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- notes "The port ${name} is comprised of two independent. \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- configurable components: the PF firewall and the proxy chain, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes "The port ${name} is comprised of two independent.\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ configurable components: the PF firewall and the proxy chain,\
</span> provided by the ports:
\t${name}-pf
\t${proxy_subport}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- To check the status of all the dependent daemons and to see \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ To check the status of all the dependent daemons and to see\
</span> a count of the number of firewall attacks, run:
sudo macosfortress_setup_check.sh
sudo pf_attacks.sh
<span style='display:block; white-space:pre;background:#ffe0e0;'>- After initial installation, it is necessary to kickstart these \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ After initial installation, it is necessary to kickstart these\
</span> launch daemons, which do not run at load:
sudo port load ${name}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -522,7 +522,7 @@ subport ${name}-dshield {
</span> }
notes \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- "The launch daemon org.macports.${subport} is configured with \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "The launch daemon org.macports.${subport} is configured with\
</span> RunAtLoad false. To initialize this service at its first load, run:
sudo port load ${subport}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -574,7 +574,7 @@ subport ${name}-emergingthreats {
</span> org.macports.${startupitem.name}
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- notes "The launch daemon org.macports.${subport} is configured with \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes "The launch daemon org.macports.${subport} is configured with\
</span> RunAtLoad false. To initialize this service at its first load, run:
sudo port load ${subport}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -626,16 +626,17 @@ subport ${name}-proxy {
</span> ## diff -NaurdwB -I '^ *#' ./privoxy-orig/config ./privoxy-new/config | sed -E -e 's/\.\/privoxy-(orig|new)\/(config)(\.[[:alnum:]]+)*/\.\/config/' | sed -E -e 's|/opt/local|@PREFIX@|g' > ~/Downloads/privoxy-config.patch
## diff -NaurdwB -I '^ *#' ./privoxy-orig/match-all.action ./privoxy-new/match-all.action | sed -E -e 's/\.\/privoxy-(orig|new)\/(config)(\.[[:alnum:]]+)*/\.\/config/' | sed -E -e 's|/opt/local|@PREFIX@|g' > ~/Downloads/privoxy-match-all.action.patch
destroot {
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d ${destroot}${prefix}/share/${name}
</span> xinstall -m 0644 \
${filespath}/privoxy-config.patch \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ${workpath}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/share/${name}
</span> foreach cmd [list \
"s|@PREFIX@|${prefix}|g" \
"s|@PROXY_HOSTNAME@|${proxy_hostname}|g" \
"s|@PROXY_SERVER@|${proxy_server}|g" \
] {
reinplace -q ${cmd} \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ${workpath}/privoxy-config.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/share/${name}/privoxy-config.patch
</span> }
}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -656,7 +657,7 @@ subport ${name}-proxy {
</span>
post-activate {
patch_configuration \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ${workpath}/privoxy-config.patch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/share/${name}/privoxy-config.patch \
</span> ${prefix}/etc/privoxy/config \
${prefix}/etc/privoxy/config.new
file attributes ${prefix}/etc/privoxy/config \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -712,18 +713,19 @@ subport ${name}-proxy-squid {
</span> ## diff -NaurdwB -I '^ *#' ./privoxy-orig/config ./privoxy-new/config | sed -E -e 's/\.\/privoxy-(orig|new)\/(config)(\.[[:alnum:]]+)*/\.\/config/' | sed -E -e 's|/opt/local|@PREFIX@|g' > ~/Downloads/privoxy-config.patch
## diff -NaurdwB -I '^ *#' ./privoxy-orig/match-all.action ./privoxy-new/match-all.action | sed -E -e 's/\.\/privoxy-(orig|new)\/(config)(\.[[:alnum:]]+)*/\.\/config/' | sed -E -e 's|/opt/local|@PREFIX@|g' > ~/Downloads/privoxy-match-all.action.patch
destroot {
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d ${destroot}${prefix}/share/${name}
</span> xinstall -m 0644 \
${filespath}/squid-squid.conf.patch \
${filespath}/privoxy-config.patch \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ${workpath}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/share/${name}
</span> foreach cmd [list \
"s|@PREFIX@|${prefix}|g" \
"s|@PROXY_HOSTNAME@|${proxy_hostname}|g" \
"s|@PROXY_SERVER@|${proxy_server}|g" \
] {
reinplace -q ${cmd} \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ${workpath}/squid-squid.conf.patch \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${workpath}/privoxy-config.patch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/share/${name}/squid-squid.conf.patch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/share/${name}/privoxy-config.patch
</span> }
}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -747,11 +749,11 @@ subport ${name}-proxy-squid {
</span>
post-activate {
patch_configuration \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ${workpath}/squid-squid.conf.patch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/share/${name}/squid-squid.conf.patch \
</span> ${prefix}/etc/squid/squid.conf \
${prefix}/etc/squid/squid.conf.documented
patch_configuration \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ${workpath}/privoxy-config.patch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/share/${name}/privoxy-config.patch \
</span> ${prefix}/etc/privoxy/config \
${prefix}/etc/privoxy/config.new
file attributes ${prefix}/etc/privoxy/config \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -812,14 +814,14 @@ subport ${name}-proxypac {
</span> }
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- notes "The location of the proxy autoconfiguration (PAC) \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file and the web server IP address are specified by the \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes "The location of the proxy autoconfiguration (PAC)\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file and the web server IP address are specified by the\
</span> environment variables (with default values):
\t\${PROXY_PAC_DIRECTORY:-${proxy_pac_directory}}
\t\${PROXY_PAC_SERVER:-${proxy_pac_server}}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- To change site-specific launchd environment variables, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ To change site-specific launchd environment variables,\
</span> use the launchd plist:
\t${prefix}/share/${name}/private.myserver.launchctl-setenv.plist
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -929,14 +931,14 @@ test -f \"\${PROXY_PAC_DIRECTORY}/proxy.pac.orig\" \\
</span> org.macports.${startupitem.name}
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- notes "The location of the proxy autoconfiguration (PAC) \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- file and the web server IP address are specified by the \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes "The location of the proxy autoconfiguration (PAC)\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ file and the web server IP address are specified by the\
</span> environment variables (with default values):
\t\${PROXY_PAC_DIRECTORY:-${proxy_pac_directory}}
\t\${PROXY_PAC_SERVER:-${proxy_pac_server}}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- To change site-specific launchd environment variables, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ To change site-specific launchd environment variables,\
</span> use the launchd plist:
\t${prefix}/share/${name}/private.myserver.launchctl-setenv.plist
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -945,7 +947,7 @@ test -f \"\${PROXY_PAC_DIRECTORY}/proxy.pac.orig\" \\
</span>
sudo apachectl start
<span style='display:block; white-space:pre;background:#ffe0e0;'>- The launch daemon org.macports.${subport} is configured with \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ The launch daemon org.macports.${subport} is configured with\
</span> RunAtLoad false. To initialize this service at its first load, run:
sudo port load ${subport}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1108,7 +1110,7 @@ function hosts_block_wget_and_add () {
</span> org.macports.${startupitem.name}
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>- notes "The launch daemon org.macports.${subport} is configured with \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes "The launch daemon org.macports.${subport} is configured with\
</span> RunAtLoad false. To initialize this service at its first load, run:
sudo port load ${subport}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1121,7 +1123,7 @@ if { [variant_isset "initialize_always"] } {
</span> notes-append ""
}
notes-append \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- "The variant +initialize_always is set, which initializes \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- all configuration files. Please disable this variant for \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "The variant +initialize_always is set, which initializes\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ all configuration files. Please disable this variant for\
</span> working deployments."
}
</pre><pre style='margin:0'>
</pre>