# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4

PortSystem          1.0
PortGroup           bitbucket 1.0

bitbucket.setup     sshguard sshguard 2.4.3 v
revision            0

categories          net security
platforms           darwin
maintainers         {mps @Schamschula} openmaintainer
license             BSD

description         Sshguard protects networked hosts from brute force attacks.

long_description    Sshguard monitors servers from their logging activity. When logs convey \
                    that someone is doing a Bad Thing, sshguard reacts by blocking he/she/it \
                    for a bit. Sshguard has a touchy personality: when a naughty tyke \
                    insists disturbing your host, it reacts firmer and firmer.

homepage            http://www.sshguard.net/

checksums           rmd160  fc71ef6fe489854614ebd5d472f9a5a67320cbb3 \
                    sha256  27914ae59249d2fb488249015d68188bb986ab8b6771936105d3ca9ec78339db \
                    size    71548

use_autoreconf      yes

depends_build-append \
                    port:py312-docutils

# we need to add the path to rst2man.py
set path $::env(PATH):${frameworks_dir}/Python.framework/Versions/3.12/bin/
configure.env-append \
                    PATH=${path}
build.env-append    PATH=${path}

post-extract {

    copy ${filespath}/sshguard-options-wrapper \
        ${worksrcpath}/sshguard-options-wrapper
    copy ${filespath}/options.example \
        ${worksrcpath}/options.example
    reinplace "s|@PREFIX@|${prefix}|" \
        ${worksrcpath}/sshguard-options-wrapper \
        ${worksrcpath}/options.example
    reinplace "s|@NAME@|${name}|" \
        ${worksrcpath}/options.example
}

post-destroot {

    xinstall -d ${destroot}${prefix}/etc/${name}
    xinstall -d ${destroot}${prefix}/libexec/${name}
    xinstall -d ${destroot}${prefix}/share/${name}
    xinstall -d ${destroot}${prefix}/var/db/${name}
    xinstall -m 644 ${worksrcpath}/options.example \
        ${destroot}${prefix}/etc/${name}/options.example
    xinstall -m 755 ${worksrcpath}/sshguard-options-wrapper \
        ${destroot}${prefix}/libexec/${name}/sshguard-options-wrapper
    xinstall -m 544 ${worksrcpath}/README.rst \
        ${destroot}${prefix}/share/${name}/README.rst
    touch ${destroot}${prefix}/var/db/${name}/keepdir
}

post-activate {

    if {![file exists ${prefix}/etc/${name}/options]} {
        xinstall -m 644 ${prefix}/etc/${name}/options.example \
            ${prefix}/etc/${name}/options
    }
    if {![file exists ${prefix}/etc/${name}/whitelist]} {
        touch ${prefix}/etc/${name}/whitelist
    }
}

startupitem.create      yes
startupitem.executable  "${prefix}/libexec/${name}/sshguard-options-wrapper"

livecheck.type      regex
livecheck.url       http://sourceforge.net/projects/sshguard/files/sshguard/
livecheck.regex     "/sshguard-(\\d+(?:\\.\\d+)*)"

notes "

* This port installs a wrapper script \"sshguard-options-wrapper\" to
facilitate the use of an options file with launchd.

* You can add log files to monitor by adding '-l /path/to/file.log'
lines to ${prefix}/etc/${name}/options.

* You can white list ip addresses and hostnames by editing
${prefix}/etc/${name}/whitelist.
Example:
    # comment line (a '#' as very first character)
    #   a single ip address
    1.2.3.4
    #   address blocks in CIDR notation
    127.0.0.0/8
    10.11.128.0/17
    192.168.0.0/24
    #   hostnames
    rome-fw.enterprise.com
    hosts.friends.com

* You can load ${name} with this command:
$ sudo port load ${name}

"
