Context Navigation

Back to Ticket #43011

Ticket #43011: Portfile

File Portfile, 20.1 KB (added by jul_bsd@…, 9 years ago)

Line
1	# -- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
2	# $Id$
3
4	PortSystem 1.0
5
6	PortGroup github 1.0
7
8	github.setup csirtgagdgets massive-octo-spice 2.00.00-alpha.16
9	name cif
10	categories security
11	platforms darwin
12	maintainers yahoo.fr:jul_bsd openmaintainer
13	license LGPL-3+
14	homepage https://code.google.com/p/collective-intelligence-framework/
15	description The Intelligence Layer
16	long_description Cyber threat intelligence management system. CIF \
17	allows you to combine known malicious threat \
18	information from many sources and use that \
19	information for identification (incident response), \
20	detection (IDS) and mitigation (null route). The \
21	most common types of threat intelligence warehoused \
22	in CIF are IP addresses, domains and urls that are \
23	observed to be related to malicious activity.
24
25	conflicts ${name}1 ${name}1-client
26
27	depends_lib port:ossp-uuid
28	depends_build port:autogen port:automake
29
30	add_users cif group=cif home=${prefix}/var/db/cif shell=/sbin/nologin realname=cif\ user
31
32	## v1: install doesn't respect DESTDIR: https://guide.macports.org/#reference.phases.introduction
33	pre-destroot {
34	if {${subport} ne "${name}"} {
35	reinplace "s\|^prefix = \|prefix = ${destroot}\|" ${worksrcpath}/Makefile
36	}
37	}
38
39	post-destroot {
40
41	if {${subport} eq "${name}"} {
42	xinstall -m 755 -d ${destroot}${prefix}/share/doc
43	xinstall -m 755 -d ${destroot}${prefix}/share/examples/${name}
44	xinstall -m 644 ${worksrcpath}/hacking/platforms/ubuntu/named.conf.local ${destroot}${prefix}/share/examples/${name}/
45	xinstall -m 644 ${worksrcpath}/hacking/platforms/ubuntu/named.conf.options ${destroot}${prefix}/share/examples/${name}/
46	xinstall -m 644 ${worksrcpath}/hacking/platforms/ubuntu/cif.conf ${destroot}${prefix}/share/examples/${name}/apache-cif.conf
47	copy ${worksrcpath}/docs ${destroot}${prefix}/share/doc/${name}
48	copy ${worksrcpath}/contrib ${destroot}${prefix}/share/${name}/
49
50	xinstall -m 755 -d -o cif -g cif ${destroot}${prefix}/var/smrt
51	}
52
53	if {${subport} eq "${name}1"} {
54	## change perl exec for all script (how to do it per variant?)
55	foreach file [glob -directory ${destroot}${prefix}/bin cif*] {
56	reinplace "s\|/usr/bin/perl\|${prefix}/bin/perl${perl5.major}\|" ${file}
57	}
58	reinplace "s\|/usr/bin/env perl\|${prefix}/bin/perl${perl5.major}\|" ${destroot}${prefix}/bin/cif
59	reinplace "s\|/opt/cif\|${prefix}\|" ${destroot}${prefix}/bin/cif_crontool
60	reinplace "s\|/opt/cif/etc\|${prefix}/etc/cif\|" ${destroot}${prefix}/bin/cif_smrt
61	xinstall -m 755 -d ${destroot}${prefix}/etc/cif
62	# foreach f { 00_alexa_whitelist.cfg 00_mirc_whitelist.cfg 00_whitelist.cfg alienvault.cfg aper.cfg cifwhitelist_domains cifwhitelist_infrastructure cifwhitelist_urls cleanmx.cfg custom.cfg.example drg.cfg feodotracker.cfg malc0de.cfg malwaredomainlist.cfg malwaredomains.cfg misc.cfg mpatrol.cfg.example pastebin.cfg.example phishtank.cfg shadowserver.cfg spamhaus.cfg spyeyetracker.cfg zeustracker.cfg }
63	foreach f [glob -directory ${destroot}${prefix}/etc *] {
64	if { ${f} ne "${destroot}${prefix}/etc/cif" } {
65	move ${f} ${destroot}${prefix}/etc/cif/
66	}
67	}
68
69	# miss examples config, examples, man pages?
70	xinstall -d ${destroot}${prefix}/share/doc/${name}
71	copy ${worksrcpath}/README ${destroot}${prefix}/share/doc/${name}/
72	copy ${worksrcpath}/INSTALL ${destroot}${prefix}/share/doc/${name}/
73	xinstall -d ${destroot}${prefix}/share/examples/${name}
74	copy ${filespath}/org.macports.cif-hourly.plist ${destroot}${prefix}/share/examples/${name}/
75	copy ${filespath}/org.macports.cif-daily.plist ${destroot}${prefix}/share/examples/${name}/
76	copy ${filespath}/org.macports.cif-feed.plist ${destroot}${prefix}/share/examples/${name}/
77
78	xinstall -d ${destroot}${prefix}/share/examples/${name}
79	copy ${filespath}/named-cif.conf ${destroot}${prefix}/share/examples/${name}/
80	copy ${filespath}/cif-server ${destroot}${prefix}/share/examples/${name}/
81	copy ${filespath}/cif-client ${destroot}${prefix}/share/examples/${name}/
82	copy ${filespath}/apache-cif.conf ${destroot}${prefix}/share/examples/${name}/
83	copy ${filespath}/nginx-cif.conf ${destroot}${prefix}/share/examples/${name}/
84	reinplace "s\|%%PREFIX%%\|${prefix}\|" ${destroot}${prefix}/share/examples/${name}/nginx-cif.conf
85
86	## why not a sql file??? adaptation to be user post-install
87	## "find: illegal option -- t" => need a path
88	if {${subport} eq "${name}-server"} {
89	copy ${worksrcpath}/libcif-dbi/Makefile ${destroot}${prefix}/share/examples/${name}/
90	reinplace "s\|cd schemas/\|cd ${prefix}/share/examples/${name}/schemas/\|" \
91	${destroot}${prefix}/share/examples/${name}/Makefile
92	reinplace "s\|< \"schemas/\|< \"${prefix}/share/examples/${name}/schemas/\|" \
93	${destroot}${prefix}/share/examples/${name}/Makefile
94	reinplace "s\|find -type f -print\|find . -type f -print\|" \
95	${destroot}${prefix}/share/examples/${name}/Makefile
96	copy ${worksrcpath}/libcif-dbi/schemas ${destroot}${prefix}/share/examples/${name}/
97
98	#xinstall -d ${destroot}${prefix}/www/${name}/
99	#move ${destroot}${prefix}/bin/http_api.pl ${destroot}${prefix}/www/${name}/
100
101	xinstall -d -u cif -g cif ${destroot}${prefix}/var/db/${name}
102	xinstall -d -u cif -g cif ${destroot}${prefix}/var/log/${name}
103	xinstall -d ${destroot}${prefix}/var/db/${name}/archive
104	xinstall -d ${destroot}${prefix}/var/db/${name}/index
105	destroot.keepdirs ${destroot}${prefix}/var/db/${name} \
106	${destroot}${prefix}/var/log/${name} \
107	${destroot}${prefix}/var/db/${name}/archive \
108	${destroot}${prefix}/var/db/${name}/index
109	}
110	}
111	}
112
113	if {${subport} ne ${name}} {
114
115	notes "
116
117	For both v1 client and server
118	1) setup database (Postgresql only)
119	$ sudo port select --set postgresql postgresql93
120	(need to build client or server)
121
122	2) Configure cif: if not existing, you have a base file to customize after
123	$ sudo cp ${prefix}/share/examples/${name}/cif-client \$HOME/.cif
124
125	Example query:
126	$ cif -q 130.201.0.0/16
127	Or with debug
128	$ cif -q www.google.com -d
129
130
131	"
132
133	}
134
135	if {${subport} eq ${name}} {
136
137	# master_sites https://github.com/csirtgadgets/massive-octo-spice/archive/
138	# distname ${version}
139	# checksums rmd160 5337e88a2ca09d38ca0a0706a2a1d9077d9e35cd \
140	# sha256 a1c83c022ca0ef12ce709fd82cd274526ece656c218aeb6f7e8148c68118e996
141	## FIXME! "fatal: Not a git repository (or any of the parent directories): .git"
142	## => ok if fetch.type git, https://github.com/csirtgadgets/massive-octo-spice/issues/169
143	fetch.type git
144	git.url https://github.com/csirtgadgets/massive-octo-spice.git
145	git.branch ${version}
146
147	worksrcdir massive-octo-spice-${version}
148	conflicts ${name}1 ${name}1-client
149
150	depends_build port:autogen port:libtool port:pkgconfig
151	## MISS? mailutils openjdk-7/planned/uncomplete starman
152	# cpanm git://github.com/csirtgadgets/p5-cif-sdk.git
153	# cpanm https://cpan.metacpan.org/authors/id/D/DR/DROLSKY/MaxMind-DB-Reader-0.050005.tar.gz
154	# cpanm git://github.com/maxmind/GeoIP2-perl.git@v0.040005
155
156	depends_lib port:elasticsearch port:zmq \
157	port:openssl \
158	port:expat \
159	port:libgeoip \
160	port:libxml2 \
161	port:curl \
162	port:p5.18-app-cpanminus \
163	port:p5.18-module-build \
164	port:p5.18-moose \
165	port:p5.18-mouse \
166	port:p5.18-anyevent \
167	port:p5.18-lwp-protocol-https \
168	port:p5.18-regexp-common \
169	port:p5.18-test-exception \
170	port:mod_perl2 \
171	port:git \
172	port:libffi
173	depends_run \
174	port:htop \
175	port:apache2 \
176	port:bind9
177
178
179	use_automake yes
180	pre-configure {
181	system -W ${worksrcpath} "./autogen.sh"
182	}
183	## FIXME! still need to define multiple perl releases...
184	#configure.env PERL=...
185	configure.args-delete --with-db-index-location=${prefix}/var/db/${name}/index \
186	--with-db-archive-location=${prefix}/var/db/${name}/archive \
187	--with-sysconfdir=${prefix}/etc/cif
188	configure.args-delete --prefix=${prefix}/var/${name} --sysconfdir=${prefix}/etc/cif \
189	--localstatedir=${prefix}/var \
190	--enable-geoip \
191	--with-perl --with-perl-compat
192
193	# post-build {
194	# system -W ${worksrcpath} "make deps NOTEST=-n"
195	# }
196
197	test.run yes
198	# also make fixperms, make elasticsearch
199
200	notes "
201	To finish setup, you have configure named and apache2
202	You have examples config in ${prefix}/share/examples/${name}
203	Enable modules in apache2
204	$ a2enmod ssl proxy proxy_http
205
206	Test your setup with
207	$ sudo /opt/cif/bin/cif-smrt --testmode -M
208
209	FIXME! launchd script for cif-smrt, cif-router, cif-starman, cif-worker
210
211	As an optional component, you can install kabana to interface with cif/elasticsearch.
212	"
213
214	variant geoip description { support geoip } {
215	configure.args-append --enable-geoip
216	}
217
218	livecheck.type regex
219	livecheck.url https://github.com/csirtgadgets/massive-octo-spice/releases
220	livecheck.regex "<span class=\"css-truncate-target\">(.*)</span>"
221	}
222
223
224	subport ${name}1 {
225	PortGroup perl5 1.0
226
227	github.setup collectiveintel cif-v1 1.0.3-FINAL v
228	checksums rmd160 3cc85f6f9a6293a393da9af8335269334c095241 \
229	sha256 7fb154637a2c46c899e52e830c819212d6e88c0d7431fdedfcff3f5fc8b67206
230	livecheck.type none
231
232	## FIXME! v1: sysconfdir not respected
233	configure.args --with-db-index-location=${prefix}/var/db/${name}/index \
234	--with-db-archive-location=${prefix}/var/db/${name}/archive \
235	--with-sysconfdir=${prefix}/etc/cif
236	conflicts ${name} ${name}1-client
237
238	depends_run-append port:bind9
239	## server variant
240	depends_lib-append port:postgresql93
241	configure.env-append PSQL=${prefix}/bin/psql93 PGDUMP=${prefix}/lib/postgresql93/bin/pg_dump
242	distname ${name}-v1-v${version}
243	checksums rmd160 ca35f860db5556f449f1cfff681d8cc4572218fa \
244	sha256 1f0649f8bd3df976e9f944a68379ecca2de0ece785e824a814894eeeb048a969
245
246	post-configure {
247
248	## configure.args not respected, still some manual in cif-smrt
249	reinplace "s\|^sysconfdir = \${prefix}/etc \|sysconfdir = \${prefix}/etc/cif\|" ${worksrcpath}/Makefile \
250	${worksrcpath}/libcif/Makefile ${worksrcpath}/libcif-dbi/Makefile \
251	${worksrcpath}/cif-router/Makefile ${worksrcpath}/cif-smrt/Makefile
252
253	## We don't want to chown whole prefix or put a symlink in /etc
254	reinplace "s\|^install: files-install etc-install local-whitelist fixperms etc-link\|install: files-install etc-install local-whitelist\|" \
255	${worksrcpath}/cif-smrt/Makefile
256	#reinplace "s\|\$(prefix)/etc/\|\$(prefix)/etc/cif\|g;" \
257
258	reinplace "s\|(prefix)/etc/\|(prefix)/etc/cif\|g;" \
259	${worksrcpath}/cif-smrt/Makefile
260	}
261
262	## install doesn't respect DESTDIR: https://guide.macports.org/#reference.phases.introduction
263	pre-destroot {
264	reinplace "s\|^prefix = \|prefix = ${destroot}\|" ${worksrcpath}/Makefile \
265	${worksrcpath}/libcif/Makefile ${worksrcpath}/libcif-dbi/Makefile \
266	${worksrcpath}/cif-router/Makefile ${worksrcpath}/cif-smrt/Makefile \
267
268	}
269	## install: files-install fixperms
270	## fixperms does a chown/chmod on prefix ...
271	destroot.target files-install
272	build {}
273
274	post-activate {
275	if ![file exists ${prefix}/var/db/${name}/.cif ] {
276	copy ${prefix}/share/examples/${name}/cif-server ${prefix}/var/db/${name}/.cif
277	}
278	if ![file exists ${prefix}/apache2/conf/extra/apache-cif.conf ] {
279	copy ${prefix}/share/examples/${name}/apache-cif.conf ${prefix}/apache2/conf/extra/apache-cif.conf
280	}
281	}
282
283	notes-append "
284
285	https://code.google.com/p/collective-intelligence-framework/wiki/ServerInstall_v1
286
287	1) You have to configure beforehand
288	- check that ossp-uuid port installed WITH perl variant corresponding to your setup!
289	- bind9
290	https://code.google.com/p/collective-intelligence-framework/wiki/BindSetup_v1
291	Basically, copy contents of ${prefix}/share/examples/${name}/named-cif.conf inside your named.conf
292	$ sudo port load bind9
293	(is it possible to use alternate dns server like unbound?)
294	- postgresql*-server
295	https://code.google.com/p/collective-intelligence-framework/wiki/PostgresInstall_v1
296	# chown postgres:postgres ${prefix}/var/db/${name}/index
297	# chown postgres:postgres ${prefix}/var/db/${name}/archive
298	Follow 'port notes postgresql93-server' and start the daemon
299	$ sudo port load postgresql93-server
300	$ sudo make -f ${prefix}/share/examples/${name}/Makefile initdb tables
301	- Webserver (Apache, Nginx, ...)
302
303	If Apache, add to your ssl server
304	(apache2 mod_perl2 p5.16-apache2-rest p5.16-libapreq2. Note: double check you don't
305	have too many perl5 installation because it can mix things up between ports)
306	inside ${prefix}/apache2/conf/httpd.conf:
307	PerlModule Apache2::REST
308	PerlRequire ${prefix}/www/cif/http_api.pl
309	Include ${prefix}/apache2/conf/extra/apache-cif.conf
310	An example configuration is in ${prefix}/share/examples/${name}/apache-cif.conf
311	If not already done:
312	Enable Apache SSL: https://trac.macports.org/wiki/howto/MAMP
313	$ sudo ${prefix}/apache2/bin/apxs -a -e -n 'apreq' mod_apreq2.so
314	$ sudo perl -pi -e 's@^Listen 80@#Listen 80@;s@^#Include conf/extra/httpd-ssl.conf@Include conf/extra/httpd-ssl.conf@;' ${prefix}/apache2/conf/httpd.conf
315
316	FIXME! add cif user to _www group... alternate/better way?
317	$ sudo dscl . append /Groups/_www GroupMembership cif
318
319	If Nginx w ngx_http_perl_module and ssl (nginx +perl5 +ssl)\[NOT FUNCTIONAL! REST API?\]
320	An example configuration is in ${prefix}/share/examples/${name}/nginx-cif.conf
321
322	2) Configure cif: if not existing, you have a base file to customize after
323	$ sudo install -m 644 -o cif ${prefix}/share/examples/${name}/cif-server ${prefix}/var/db/${name}/.cif
324	Generate API key for each client
325	$ sudo -H -u cif cif_apikeys -u <myuser@example.com> -a -g everyone -G everyone
326	$ sudo -H -u cif cif_apikeys -u cif_smrt -G everyone -g everyone -a -w
327	Replace the \"apikey = XXXX\" in your config .cif with the client and cif_smrt keys respectively
328
329	3) Configure cif router
330	a) web server
331	b) $ sudo -H -u cif cif -d -q example.com
332	FIXME! error_logs: Cannot find AppAuth class CIF::WebAPI::AppAuth (from conf Apache2RESTAppAuth)
333
334	4) Some scheduled tasks have script in ${prefix}/share/examples/${name} and initialized
335	$ time sudo -H -u cif cif_crontool -p hourly -d -P
336	$ time sudo -H -u cif cif_crontool -p daily -d -P
337	To enable scheduled tasks cif-daily, cif-hourly, cif-feed:
338	$ sudo ln -s ${prefix}/Library/LaunchDaemons/org.macports.<task>.plist /Library/LaunchDaemons/
339	$ sudo launchctl load -w /Library/LaunchDaemons/org.macports.<task>.plist
340
341	5) You can test your feeds
342	$ sudo -H -u cif cif_smrt -d -v 2 -r ${prefix}/etc/cif/alienvault.cfg -f botnet -T low
343
344	6) Don't forget backups
345	https://code.google.com/p/collective-intelligence-framework/wiki/ServerBackup_v1
346	"
347
348	if {![variant_isset perl5_16] && ![variant_isset perl5_18] && ![variant_isset perl5_20]} {
349	default_variants-append +perl5_16
350	## FIXME! have unfound perl dependencies when trying 5.18
351	}
352	if {![variant_isset pgsql93] && ![variant_isset pgsql92] && ![variant_isset pgsql91] && ![variant_isset pgsql90] && ![variant_isset pgsql84]} {
353	default_variants-append +pgsql93
354	}
355
356	## choice: 5.8 -> 5.18
357	## http://search.cpan.org/~jkutej/Test-Environment-0.06/ Apache2::RequestRec UNAUTHORIZED
358	## Linux::Cpuinfo Linux only?
359	## FIXME! ZeroMQ deps on v2 (zmq22) or v3
360
361	perl5.branches 5.16 5.18 5.20
362	perl5.default_branch 5.20
363	perl5.create_variants ${perl5.branches}
364
365	## miss ossp::uuid but pulled off in cpan, maybe replaced by UUID::Tiny
366	## MISS (from linux): Test::SharedFork, Test::TCP, snort-rule, parse-range
367	## https://groups.google.com/forum/#!searchin/ci-framework/ossp$3A$3Auuid/ci-framework/21J3oGwLka4/NvpEESG7pwQJ
368	depends_lib-append port:perl${perl5.major} \
369	port:p${perl5.major}-digest-sha \
370	port:p${perl5.major}-digest-sha1 \
371	port:p${perl5.major}-log-dispatch \
372	port:p${perl5.major}-list-moreutils \
373	port:p${perl5.major}-datetime \
374	port:p${perl5.major}-net-ssleay \
375	port:p${perl5.major}-config-simple \
376	port:p${perl5.major}-encode-locale \
377	port:p${perl5.major}-compress-snappy \
378	port:p${perl5.major}-net-patricia \
379	port:p${perl5.major}-iodef-pb-simple \
380	port:p${perl5.major}-datetime-format-dateparse \
381	port:p${perl5.major}-google-protocolbuffers \
382	port:p${perl5.major}-class-accessor \
383	port:p${perl5.major}-parse-recdescent \
384	port:p${perl5.major}-mime-lite port:p${perl5.major}-dbi \
385	port:p${perl5.major}-dbd-pg \
386	port:p${perl5.major}-class-dbi \
387	port:p${perl5.major}-zeromq \
388	port:p${perl5.major}-lwpx-paranoidagent \
389	port:p${perl5.major}-net-abuse-utils \
390	port:p${perl5.major}-uri \
391	port:p${perl5.major}-xml-rss \
392	port:p${perl5.major}-net-dns-match \
393	port:p${perl5.major}-regexp-common \
394	port:p${perl5.major}-lwp-protocol-https \
395	port:p${perl5.major}-net-abuse-utils-spamhaus \
396	port:p${perl5.major}-sys-meminfo \
397	port:p${perl5.major}-file-type \
398	port:p${perl5.major}-libwww-perl \
399	port:p${perl5.major}-class-trigger \
400	port:p${perl5.major}-regexp-common-net-cidr \
401	port:p${perl5.major}-text-table \
402	port:p${perl5.major}-text-aligner \
403	port:p${perl5.major}-net-dns \
404	port:p${perl5.major}-net-whois-ip \
405	port:p${perl5.major}-regexp-ipv6 \
406	port:p${perl5.major}-email-address \
407	port:p${perl5.major}-linux-cpuinfo \
408	port:p${perl5.major}-apache2-rest \
409	port:p${perl5.major}-class-autoaccess \
410	port:p${perl5.major}-module-pluggable
411	configure.args-append --with-perl --with-perl-compat
412	configure.env-append PERL=${prefix}/bin/perl${perl5.major}
413
414	## choice: 7 80 81 82 83 84 90 91 92 93
415	variant pgsql84 description { use PostgreSQL 8.4 bindings } conflicts pgsql90 pgsql91 pgsql93 pgsql90 {
416	depends_lib-append port:postgresql84
417	}
418
419	variant pgsql90 description { use PostgreSQL 9.0 bindings } conflicts pgsql91 pgsql92 pgsql93 pgsql84 {
420	depends_lib-append port:postgresql90
421	}
422
423	variant pgsql91 description { use PostgreSQL 9.1 bindings } conflicts pgsql90 pgsql92 pgsql93 pgsql84 {
424	depends_lib-append port:postgresql91
425	}
426
427	variant pgsql92 description { use PostgreSQL 9.2 bindings } conflicts pgsql90 pgsql91 pgsql93 pgsql84 {
428	depends_lib-append port:postgresql92
429	}
430
431	variant pgsql93 description { use PostgreSQL 9.3 bindings } conflicts pgsql90 pgsql91 pgsql92 pgsql84 {
432	depends_lib-append port:postgresql93
433	}
434
435
436	}
437
438	subport ${name}1-client {
439
440	version 1.0.3-FINAL
441	master_sites https://github.com/collectiveintel/cif-v1/releases/download/v${version}/
442	distname lib${name}-v${version}
443	checksums rmd160 7e7586dad164c38d6fd7d735637252112856f4f2 \
444	sha256 30da0ca256d03f3b70d00c4e3e268fad2a210d67efe1a822fe3307445d0e8bd1
445
446	livecheck.type none
447	# livecheck.type regex
448	# livecheck.url https://github.com/collectiveintel/cif-v1/releases
449	# ## FIXME! multiline regexp NOK
450	# livecheck.regex "<a href=\"/collectiveintel/cif-v1/releases/latest\">Latest release</a>\s+</span>\s+<ul class=\"tag-references\">\s+<li>\s+<a href=\"/collectiveintel/cif-v1/tree/v(.*)\" class=\"css-truncate\">"
451	}
452

Download in other formats:

Original Format