[MacPorts] #42533: [NEW] ossec
MacPorts
noreply at macports.org
Sat Mar 8 06:32:40 PST 2014
#42533: [NEW] ossec
-------------------------+--------------------------------
Reporter: jul_bsd@… | Owner: macports-tickets@…
Type: submission | Status: new
Priority: Normal | Milestone:
Component: ports | Version: 2.2.1
Resolution: | Keywords:
Port: ossec |
-------------------------+--------------------------------
Comment (by jul_bsd@…):
I got a strange behavior. As I was refining the configuration, I got
problem with some matching rules and run ossec-logtest to check for it.
Normally, there are 3 phases in it but.
from a full install as root
{{{
# strings /opt/local/var/ossec/bin/ossec-logtest |grep -i phase
**Phase 3: Completed filtering (rules).
**Phase 1: Completed pre-decoding.
}}}
from a build as common user
{{{
$ strings
~/.macports/opt/local/var/macports/build/_Volumes_Data_myports_security_ossec/ossec/work
/ossec-hids-2.7.1/src/analysisd/ossec-logtest |grep -i phase
**Phase 3: Completed filtering (rules).
**Phase 1: Completed pre-decoding.
**Phase 2: Completed decoding.
}}}
which is the normal one
if I repeat, I got
{{{
$ strings
~/.macports/opt/local/var/macports/build/_Volumes_Data_myports_security_ossec/ossec/work
/ossec-hids-2.7.1/src/analysisd/ossec-logtest |grep -i phase
**Phase 3: Completed filtering (rules).
**Phase 1: Completed pre-decoding.
}}}
=> not very consistent
with both,
{{{
# ls -l /opt/local/var/ossec/bin/ossec-logtest
/Users/u//.macports/opt/local/var/macports/build/_Volumes_Data_myports_security_ossec/ossec/work
/ossec-hids-2.7.1/src/analysisd/ossec-logtest
-rwxr-xr-x 1 u staff 528156 Mar 7 23:20
/Users/u//.macports/opt/local/var/macports/build/_Volumes_Data_myports_security_ossec/ossec/work
/ossec-hids-2.7.1/src/analysisd/ossec-logtest
-r-xr-x--- 1 root ossec 525764 Mar 7 23:12 /opt/local/var/ossec/bin
/ossec-logtest
# otool -L /opt/local/var/ossec/bin/ossec-logtest
/Users/u//.macports/opt/local/var/macports/build/_Volumes_Data_myports_security_ossec/ossec/work
/ossec-hids-2.7.1/src/analysisd/ossec-logtest
/opt/local/var/ossec/bin/ossec-logtest:
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current
version 1197.1.1)
/opt/local/lib/libgcc/libgcc_s.1.dylib (compatibility version
1.0.0, current version 1.0.0)
/Users/u//.macports/opt/local/var/macports/build/_Volumes_Data_myports_security_ossec/ossec/work
/ossec-hids-2.7.1/src/analysisd/ossec-logtest:
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current
version 1197.1.1)
/opt/local/lib/libgcc/libgcc_s.1.dylib (compatibility version
1.0.0, current version 1.0.0)
}}}
How could be??? and could be other executables with this problem???
As for other anomalies, I can also got build which fails one time and at a
second execution succeed without changing anything, mostly because of
ranlib
{{{
ranlib: archive member: cdb_make.a(cdb.o) size too large (archive member
extends past the end of the file)
}}}
update Portfile
* clang subport but current branch for that is not compiling
* some random annoying error like ranlib size too large/cant open file, or
error: expected expression before 'int' (usually, re-starting build solves
the problem but...)
* divide previous patch in two (else fails against -clang)
* tested subport -devel and each variant (hybrid,agent,server) and outside
of the two previous problems, it built and destrooted well
* is there a way to specify that a variant cancels/supersedes another
variant?
--
Ticket URL: <https://trac.macports.org/ticket/42533#comment:2>
MacPorts <http://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list