feature/debian

NEWS

@@ -15,6 +15,17 @@ For a list of compatibility related changes see the UPGRADE file.
 --------------------------------------------------------------------------------
 Version <stable-version> released on <releaseDate>
 
+New Features
+ * debian packages (#1066, #1067)
+
+Enhancements
+ * minor refactoring and cleanup
+ * debian support: arp binary location now configurable ([services].arp_binary)
+
+Bug Fixes
+ * debian support: radiusd is started even if disabled
+
+
 --------------------------------------------------------------------------------
 Version 3.3.2 released on 2012-04-23
 

README

@@ -55,6 +55,7 @@
 
   Maintainers
     Olivier Bilodeau
+    Fabrice Durand
     Francois Gaudreault
     Derek Wuelfrath
 

addons/logrotate

@@ -10,7 +10,7 @@
     postrotate
         # uncomment the crm statements if you are running packetfence in a corosync cluster
         #/usr/sbin/crm resource unmanage PacketFence
-        /sbin/service packetfence condrestart  >/dev/null 2>&1 || true
+        /etc/init.d/packetfence condrestart  >/dev/null 2>&1 || true
         #/usr/sbin/crm resource manage PacketFence
     endscript
 }

conf/documentation.conf

@@ -170,6 +170,13 @@ Location of the snort binary. Only necessary to change if you are not
 running the RPMed version.
 EOT
 
+[services.arp_binary]
+type=text
+description=<<EOT
+Location of the arp binary. Only necessary to change if you are not
+running the RPMed version.
+EOT
+
 [trapping.redirecturl]
 type=text
 description=<<EOT

conf/pf.conf.defaults

@@ -594,6 +594,11 @@ snmptrapd_binary=/usr/sbin/snmptrapd
 # 
 # Location of the named binary. Only necessary to change if you are not running the RPMed version.
 radiusd_binary=/usr/sbin/radiusd
+# 
+# services.arp_binary
+# 
+# Location of the arp binary. Only necessary to change if you are not running the RPMed version.
+arp_binary=/sbin/radiusd
 
 [vlan]
 #

debian/README.Debian

@@ -0,0 +1,8 @@
+PacketFence for Debian
+----------------------
+
+This is our initial attempt at packaging PacketFence for Debian-based systems.
+Please report any issues on our bug tracker under the packaging category.
+http://www.packetfence.org/bugs/
+
+ -- Durand Fabrice <[email protected]>  Thu, 19 Apr 2012 14:36:28 -0400

debian/README.source

@@ -0,0 +1,16 @@
+PacketFence for Debian
+----------------------
+
+Once inside a PacketFence git repository[1] checkout, get the source tarball with:
+
+  $ git archive <branch or tag> --prefix packetfence_<version>/ -o "packetfence_<version>.tar.gz"
+
+Into debian/:
+
+  $ dpkg-buildpackage -rfakeroot
+
+[1]: https://github.com/inverse-inc/packetfence/
+
+ -- Olivier Bilodeau <[email protected]>  Thu, 19 Apr 2012 16:36:28 -0400
+
+

debian/changelog

@@ -0,0 +1,23 @@
+packetfence (3.3.2) unstable; urgency=low
+
+  * Version 3.3.2
+
+ -- Olivier Bilodeau <[email protected]>  Mon, 23 Apr 2012 13:24:03 -0400
+
+packetfence (3.3.1-1) unstable; urgency=low
+
+  * Version 3.3.1
+
+ -- Durand fabrice <[email protected]>  Wed, 16 Apr 2012 14:41:28 -0400
+
+packetfence (3.2.0-2) unstable; urgency=low
+
+  * Change postinst
+
+ -- Durand fabrice <[email protected]>  Wed, 16 Apr 2012 14:36:28 -0400
+
+packetfence (3.2.0-1) unstable; urgency=low
+
+  * Initial release (Closes: #nnnn)  <nnnn is the bug number of your ITP>
+
+ -- Durand fabrice <[email protected]>  Wed, 04 Apr 2012 14:36:28 -0400

debian/compat

@@ -0,0 +1 @@
+7

debian/control

@@ -0,0 +1,76 @@
+Source: packetfence
+Section: main/net
+Priority: optional
+Maintainer: Durand fabrice <[email protected]>
+Build-Depends: debhelper (>= 7.0.50~)
+Standards-Version: 3.8.4
+Vcs-Git: git://github.com/inverse-inc/packetfence.git
+Vcs-browser: https://github.com/inverse-inc/packetfence/
+Homepage: http://www.packetfence.org/
+
+Package: packetfence
+Architecture: all
+Pre-Depends:  freeradius, freeradius-ldap, freeradius-postgresql,
+ freeradius-mysql, freeradius-krb5
+Depends: ${misc:Depends}, apache2, apache2.2-common, apache2-utils, 
+ openssl, openssl-blacklist, openssl-blacklist-extra, php-log, snort, 
+ mysql-server, libapache2-mod-proxy-html, libapache2-mod-php5, php-pear, 
+ php5-mysql, php5-gd, perl-suid, libapache-htpasswd-perl, libbit-vector-perl, 
+ libcgi-session-serialize-yaml-perl, libtimedate-perl, libapache-dbi-perl,
+ libdbd-mysql-perl, libfile-tail-perl, libnetwork-ipv4addr-perl,
+ libiptables-parse-perl, libiptables-chainmgr-perl, liblist-moreutils-perl,
+ liblocale-gettext-perl, liblog-log4perl-perl,
+ liblwp-useragent-determined-perl, libnet-mac-vendor-perl, libnet-mac-perl, 
+ libnet-netmask-perl, libnet-pcap-perl, libnet-snmp-perl, libsnmp-perl, 
+ libnet-telnet-cisco-perl, libparse-recdescent-perl, 
+ libregexp-common-email-address-perl, libregexp-common-time-perl, 
+ libperl-critic-perl, libreadonly-xs-perl, libhtml-template-perl, 
+ libterm-readkey-perl, libtest-perl-critic-perl, libtest-pod-perl, 
+ libtest-pod-coverage-perl, apache2-mpm-prefork, libthread-pool-simple-perl,
+ libuniversal-require-perl, libuniversal-exports-perl, libnet-rawip-perl, 
+ libwww-perl, libapache-htpasswd-perl, libbit-vector-perl, 
+ libcgi-session-perl, libconfig-inifiles-perl,
+ libdatetime-format-dateparse-perl, libdbi-perl, libdbd-mysql-perl, 
+ libfile-tail-perl, libnetwork-ipv4addr-perl, libiptables-parse-perl, 
+ libiptables-chainmgr-perl, liblist-moreutils-perl, liblocale-gettext-perl, 
+ liblog-log4perl-perl, libnet-mac-perl, libnet-mac-vendor-perl, 
+ libnet-netmask-perl, libnet-pcap-perl, libnet-write-perl, libnet-snmp-perl,
+ libnet-telnet-perl, libparse-recdescent-perl, libregexp-common-perl,
+ libreadonly-perl, libtemplate-perl, libterm-readkey-perl, 
+ libtest-perl-critic-perl, libtest-pod-perl, libtest-pod-coverage-perl, 
+ libuniversal-require-perl, libthread-serialize-perl, libload-perl,
+ libtry-tiny-perl, snmp, snmptrapfmt, libmime-lite-perl,
+ libnet-ldap-perl, libcrypt-generatepassword-perl, perl-doc, dhcp3-server,
+ bind9, librrds-perl, libnetpacket-perl, libcache-cache-perl, libcarp-perl,
+ libiptables-libiptc-perl, libload-perl, libmime-lite-tt-perl,
+ libnet-appliance-session-perl, libnet-cli-interact-perl,
+ libnet-frame-simple-perl, libnet-interface-perl, libnet-radius-perl,
+ libparse-nessus-nbe-perl, libphp-session-perl, libtest-mockdbi-perl,
+ gettext, vlan, libsoap-lite-perl
+Description: PacketFence network registration / worm mitigation system
+ PacketFence is an open source network access control (NAC) system.
+ It can be used to effectively secure networks, from small to very large
+ heterogeneous networks. PacketFence provides features such
+ as
+ * registration of new network devices
+ * detection of abnormal network activities
+ * isolation of problematic devices
+ * remediation through a captive portal
+ * registration-based and scheduled vulnerability scans.
+
+Package: packetfence-doc
+Architecture: all
+Description: documentation for packetfence
+ <insert long description, indented with spaces>
+
+Package: packetfence-remote-snort-sensor
+Architecture: all
+Depends: ${misc:Depends}, snort, libfile-tail-perl, libconfig-inifiles-perl,
+ libio-socket-ssl-perl, libxml-parser-perl, libcrypt-ssleay-perl,
+ libsoap-lite-perl
+Conflicts: packetfence
+Description: Files needed for sending snort alerts to packetfence 
+ The packetfence-remote-snort-sensor package contains the files needed
+ for sending snort alerts from a remote snort sensor to a PacketFence
+ server.
+

debian/copyright

@@ -0,0 +1,52 @@
+This work was packaged for Debian by:
+
+    Durand fabrice <[email protected]> on Wed, 04 Apr 2012 14:36:28 -0400
+
+It was downloaded from:
+
+    http://www.packetfence.org/downloads/PacketFence/src/packetfence-3.2.0.tar.gz
+
+Source code is hosted at:
+
+    https://github.com/inverse-inc/packetfence/
+
+Upstream Author(s):
+
+    Olivier Bilodeau <[email protected]>
+    Fabrice Durand <[email protected]>
+    Francois Gaudreault <[email protected]>
+    Francis Lachapelle <[email protected]>
+    Derek Wuelfrath <[email protected]>
+
+Copyright:
+
+    Copyright (C) 2006-2012 Inverse inc.
+    Copyright (C) 2005 David LaPorte
+    Copyright (C) 2005 Kevin Amorin
+
+License:
+
+    This program is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License
+    as published by the Free Software Foundation; either version 2
+    of the License, or (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
+    USA.
+
+and is licensed under the GPL version 2,
+see "/usr/share/common-licenses/GPL-2".
+
+The Debian packaging is:
+
+    Copyright (C) 2012 Inverse inc.
+
+and is licensed under the GPL version 2 or later,
+see "/usr/share/common-licenses/GPL-2".

debian/docs

@@ -0,0 +1,6 @@
+NEWS
+README
+README.network-devices
+ChangeLog
+ChangeLog.old
+UPGRADE

debian/packetfence-doc.docs

@@ -0,0 +1,2 @@
+#DOCS#
+

debian/packetfence-doc.install

@@ -0,0 +1,2 @@
+#DOCS#
+

debian/packetfence-remote-snort-sensor.conffiles

@@ -0,0 +1 @@
+/usr/local/pf/conf/pfdetect_remote.conf

debian/packetfence-remote-snort-sensor.init

@@ -0,0 +1,139 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          packetfence-remote-snort-sensor
+# Required-Start:    snort $network $local_fs
+# Required-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: <Enter a short description of the sortware>
+# Description:       <Enter a long description of the software>
+#                    <...>
+#                    <...>
+### END INIT INFO
+
+# Author: Durand fabrice <[email protected]>
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC=packetfence-remote-snort-sensor             # Introduce a short description here
+NAME=packetfence-remote-snort-sensor            # Introduce the short server's name here
+DAEMON=/usr/local/pf/sbin/pfdetect_remote # Introduce the server's location here
+PIDFILE=/usr/local/pf/var/pfdetect_remote.pid
+SCRIPTNAME=/etc/init.d/$NAME
+PROGBASE="$(basename ${DAEMON})"
+
+# Exit if the package is not installed
+[ -x $DAEMON ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+	# Return
+	#   0 if daemon has been started
+	#   1 if daemon was already running
+	#   2 if daemon could not be started
+	$DAEMON -d -p /var/log/snort/alert
+	#	|| return 0
+	# Add code here, if necessary, that waits for the process to be ready
+	# to handle requests from services started subsequently which depend
+	# on this one.  As a last resort, sleep for some time.
+	return 0
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+	# Return
+	#   0 if daemon has been stopped
+	#   1 if daemon was already stopped
+	#   2 if daemon could not be stopped
+	#   other if a failure occurred
+	killproc -p "$PIDFILE" "$DAEMON"
+	# Wait for children to finish too if this is a daemon that forks
+	# and if the daemon is only ever run from this initscript.
+	# If the above conditions are not satisfied then add some other code
+	# that waits for the process to drop all resources that could be
+	# needed by services started subsequently.  A last resort is to
+	# sleep for some time.
+	# Many daemons don't delete their pidfiles when they exit.
+	rm -f $PIDFILE
+	return 0
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+
+
+case "$1" in
+  start)
+    [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME"
+    do_start
+    case "$?" in
+		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+  ;;
+  stop)
+	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+	do_stop
+	case "$?" in
+		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+	;;
+  status)
+       status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+       ;;
+  #reload|force-reload)
+	#
+	# If do_reload() is not implemented then leave this commented out
+	# and leave 'force-reload' as an alias for 'restart'.
+	#
+	#log_daemon_msg "Reloading $DESC" "$NAME"
+	#do_reload
+	#log_end_msg $?
+	#;;
+  restart|force-reload)
+	#
+	# If the "reload" option is implemented then remove the
+	# 'force-reload' alias
+	#
+	log_daemon_msg "Restarting $DESC" "$NAME"
+	do_stop
+	case "$?" in
+	  0|1)
+		do_start
+		case "$?" in
+			0) log_end_msg 0 ;;
+			1) log_end_msg 1 ;; # Old process is still running
+			*) log_end_msg 1 ;; # Failed to start
+		esac
+		;;
+	  *)
+	  	# Failed to stop
+		log_end_msg 1
+		;;
+	esac
+	;;
+  *)
+	echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+	exit 3
+	;;
+esac
+
+: