# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4

PortSystem          1.0
PortGroup           github 1.0

github.setup        aide aide 0.18.6 v
# Change github.tarball_from to 'releases' or 'archive' next update
github.tarball_from tarball
checksums           rmd160  5cc7ea1520d7d9035390040612933a22fefe4234 \
                    sha256  ec3cff9bf42dd8dcecf74e0aef6f8d0f42e0fa332951e5c36af28182df3d3b39 \
                    size    163592
categories          security
license             GPL-2
maintainers         nomaintainer

description Advanced Intrusion Detection Environment
long_description    AIDE (Advanced Intrusion Detection Environment) \
    is a free replacement for Tripwire. It does the same things as \
    the semi-free Tripwire and more. \
    It creates a database from the regular expression rules that it \
    finds from the config file. Once this database is initialized it \
    can be used to verify the integrity of the files. It has several \
    message digest algorithms (md5,sha1,rmd160,tiger,haval,etc.) that \
    are used to check the integrity of the file. More algorithms can \
    be added with relative ease. All of the usual file attributes can \
    also be checked for inconsistencies. It can read databases from \
    older or newer versions. See the manual pages within the distribution \
    for further info. There is also a beginning of a manual.

# Fails on Lion and earlier due to use of new prototype for scandir
platforms           {darwin >= 12}

post-extract {
    system -W ${worksrcpath} "echo \"m4_define(\[AIDE_VERSION\], \[${version}\])\" > version.m4"
}

# tarball doesn't contain configure, etc
use_autoreconf      yes

configure.args      --mandir=${prefix}/share/man \
                    --sysconfdir=${prefix}/etc/aide \
                    --with-zlib \
                    --with-gcrypt \
                    --disable-static \
                    --disable-silent-rules \
                    --without-mhash

depends_build       port:autoconf \
                    port:autoconf-archive \
                    port:automake \
                    port:bison \
                    port:flex \
                    port:pkgconfig
depends_lib         port:libgcrypt \
                    port:gettext \
                    port:pcre2
depends_test        port:check

test.run            yes
test.target         check

variant universal {}
configure.cflags-append "${configure.cflags} [get_canonical_archflags cc] -DHAVE_STRNSTR"

post-destroot {
    xinstall -d ${destroot}${prefix}/share/doc/${name}
    xinstall -d ${destroot}${prefix}/share/examples/${name}
    xinstall -d ${destroot}${prefix}/etc/${name}
    xinstall -d ${destroot}${prefix}/libexec/${name}
    xinstall -d ${destroot}${prefix}/Library/LaunchDaemons
    xinstall -d ${destroot}${prefix}/var/lib/aide
    xinstall -d ${destroot}${prefix}/var/log/aide

    copy ${filespath}/aide.conf ${destroot}${prefix}/share/examples/${name}/
    reinplace "s|%%PREFIX%%|${prefix}|g" ${destroot}${prefix}/share/examples/${name}/aide.conf
    copy ${worksrcpath}/contrib ${destroot}${prefix}/share/examples/${name}/
    copy ${worksrcpath}/README ${destroot}${prefix}/share/doc/${name}/
    xinstall -m 0755 ${filespath}/aide-check.cron ${destroot}${prefix}/libexec/${name}/
    reinplace "s|%%PREFIX%%|${prefix}|g" ${destroot}${prefix}/libexec/${name}/aide-check.cron
    copy ${filespath}/org.macports.aide.plist ${destroot}${prefix}/Library/LaunchDaemons/
    reinplace "s|%%PREFIX%%|${prefix}|g" ${destroot}${prefix}/Library/LaunchDaemons/org.macports.aide.plist
    copy ${filespath}/mp-aide.conf ${destroot}${prefix}/share/examples/${name}/
    reinplace "s|%%PREFIX%%|${prefix}|g" ${destroot}${prefix}/share/examples/${name}/mp-aide.conf

    destroot.keepdirs  ${destroot}${prefix}/var/lib/aide \
        ${destroot}${prefix}/var/log/aide ${destroot}${prefix}/etc/${name}
}

post-activate {
    if {![file exists ${prefix}/etc/aide/aide.conf ]} {
        copy ${prefix}/share/examples/${name}/aide.conf ${prefix}/etc/aide/aide.conf
    }
}

platform darwin {
    # darwin doesn't have or need off64_t and friends
    configure.args-append --disable-largefile
}

notes "
If not existing, a default config has been copied to
  ${prefix}/etc/aide/aide.conf
Review it, especially adjust <myuser> to your environment.
It seems wildcard or @@var are not working there, at least on stable.

To initialize database
  # aide --init

A default scheduled task has been set up once a day in
  ${prefix}/Library/LaunchDaemons/org.macports.aide.plist
Check if it fit you and start it like
  # ln -s ${prefix}/Library/LaunchDaemons/org.macports.aide.plist /Library/LaunchDaemons/
and either one of those commands
  # launchctl load -w /Library/LaunchDaemons/org.macports.aide.plist
  # port load aide
An example config for rotating logs with system newsyslog is
    ${prefix}/share/examples/${name}/mp-aide.conf
You can install it with
  # cp ${prefix}/share/examples/${name}/mp-aide.conf /private/etc/newsyslog.d/

You may need to enable permanently postfix so the scheduled task can send email:
  Edit /System/Library/LaunchDaemons/org.postfix.master.plist
  Remove the two strings lines with '-e' '60'.
  Add a '<key>KeepAlive</key><true/>'
Also, default MacOS configuration have /var/root/.forward redirecting email to
/dev/null. Either change aide.conf or .forward to get mail report.

BUG: cron: only check mode, choice update
"