Our user forum

Back  | Message Index | Search

4.4.x: install failure in network server mode without signify or GnuPG

Posted by Greg on Tue, Jul 21, 2020, 5:16 PM.

In 4.4.x OpenBSD signify was added as an alternative to sign the database, and as a result the samhainadmin.pl script was split out into a variant for each. Functionality was added to the configure script to figure out which one was in use and copy that variant to the actual samhainadmin.pl script:

+if test "x${mysignify}" != x
+ cp -a scripts/samhainadmin-sig.pl scripts/samhainadmin.pl
+if test "x${mygpg}" != x
+ cp -a scripts/samhainadmin-gpg.pl scripts/samhainadmin.pl

However, if building in network server mode without either signify or GnuPG, the samhainadmin.pl script is not copied into place as per above, which causes the install-program make target to fail with:

make: don't know how to make scripts/samhainadmin.pl. Stop

If server without database signing is indeed a supported configuration, I'm proposing the following configure patch to handle this case:

--- configure.orig 2020-07-21 09:51:28.253298000 -0400
+++ configure 2020-07-21 09:54:19.024797000 -0400
@@ -13998,6 +13998,13 @@
cp -a scripts/samhainadmin-gpg.pl scripts/samhainadmin.pl
+# Default action if building as network server but without GPG.
+# Note in that case the provided functionality won't actually work,
+# but this will keep the install-program target from barfing...
+if test "x${mygpg}" == x && test "x${mysignify}" == x
+ cp -a scripts/samhainadmin-gpg.pl scripts/samhainadmin.pl

if test "x${cross_compiling}" = xyes

I realize that without signify or GnuPG support signing the database doesn't really do anything, but having the script in place at least keeps the install process from failing.

FYI configure options used to reproduce this case are:

./configure --localstatedir=/var --with-logserver=true --with-altlogserver=true --with-timeserver=true --with-alttimeserver=true --enable-asm --disable-db-reload --disable-debug --enable-dnmalloc --enable-encrypt --without-gpg --enable-ipv6 --with-libwrap --disable-logfile-monitor --disable-login-watch --enable-mail --disable-mounts-check --disable-port-check --disable-posix-acl --without-prelude --disable-process-check --disable-ptrace --enable-srp --disable-static --disable-suidcheck --disable-udp --disable-userfiles --disable-xml-log --enable-identity=yule --enable-network=server --prefix=/usr/local --mandir=/usr/local/man --infodir=/usr/local/share/info/ --build=amd64-portbld-freebsd11.3


(No Responses Posted)

Post a Reply

The fine print: All messages are owned by the poster. Messages express the views of the poster, not neccesarily the views of the samhain team. We reserve the right to remove material for any reason, including no reason at all. Posting of HTML links is not allowed. To protect against harvesters, email addresses will be encoded as javascript snippets upon output.