You are not logged in.

#1 2019-01-06 21:37:39

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Is the old PKGBUILD for chkrootkit available anywhere?

Is it possible to find the old PKGBUILD for chkrootkit? According to https://bbs.archlinux.org/viewtopic.php?id=222830, it used to be in AUR but was possibly dropped due to reliance on an outdated netstat. However, I noticed that a new version of the software was released after that thread was posted (http://www.chkrootkit.org/), so I'm wondering if it might now be possible to compile the package again with current netstat.

I'd like to do this because chkrootkit, unlike current rkhunter, can be run from a live medium to check a system independently. (It's possible to check some things with rkhunter this way, but lots of tests just get run against the live medium, even when I edit the configuration file as well as I could, whereas chkrootkit offers a simple command-line switch for this purpose.)


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#2 2019-01-06 21:48:32

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,595
Website

Re: Is the old PKGBUILD for chkrootkit available anywhere?

From Aug 08, 2015:

# Maintainer: Arthur Zamarin <arthurzam@gmail.com> 

pkgname=chkrootkit
pkgver=0.50
pkgrel=2
pkgdesc="rootkit detector"
arch=(i686 x86_64)
url="http://www.chkrootkit.org/"
license=('GPL2')
source=("ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz")
sha256sums=('9548fc922b0cb8ddf055faff4a4887f140a31c45f2f5e3aa64aad91ecfa56cc7')
depends=('net-tools')

build() {
  cd "$srcdir/$pkgname-$pkgver"
  make
}

package() {
  cd "$srcdir/$pkgname-$pkgver"
  for f in check_wtmpx chkdirs chklastlog chkproc chkrootkit chkutmp chkwtmp ifpromisc; do
    install -Dm755 "$srcdir/$pkgname-$pkgver/$f" "$pkgdir/usr/bin/$f"
  done
}

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#3 2019-01-06 21:51:46

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: Is the old PKGBUILD for chkrootkit available anywhere?

Yes -- the git repository backing the package is never deleted.

If the package was removed because it depended on deprecated things and was not deemed as being useful anymore, or alternatively deleted because it had dependencies that were missing from the AUR and no one was interested in (re-)uploading/fixing them, then anyone who is willing and interested in fixing the issues with the package is welcomed to reinstate it and take up active maintainership for it (and even better if they can update it to new versions that hopefully fix these problems).

We even include an ssh interface command to make this easier, see `ssh aur@aur.archlinux.org help` for details

Disclaimer: Obviously that is never an excuse for people who know of a package and know that it was deleted for breaking the rules or something, to reupload a package in bad faith.

But for this case, where a package was seemingly deleted due to lack of interest, it seems reasonable to me to re-upload it even as-is, now that there is interest.

Last edited by eschwartz (2019-01-06 21:52:27)


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#4 2019-01-19 14:29:34

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Re: Is the old PKGBUILD for chkrootkit available anywhere?

Thanks. I've attempted to update the package from graysky's post, but I'd appreciate some feedback. Usually, when I makepkg, I get a symlink to the package in my working directory, but, when I makepkg with this one, I don't. I'm not sure why this is, but assume I'm missing something.

pkgname=chkrootkit
pkgver=0.52
pkgrel=1
pkgdesc="rootkit detector"
arch=(x86_64)
url="http://www.chkrootkit.org/"
license=('custom')
source=("ftp://ftp.pangeia.com.br/pub/seg/pac/$pkgname-$pkgver.tar.gz")
md5sums=("0c864b41cae9ef9381292b51104b0a04")

build() {  
        cd "$pkgname-$pkgver"
        make sense
}

package() {
        cd "$pkgname-$pkgver"
        for i in  \
                check_wtmpx \
                chkdirs \
                chklastlog \
                chkproc \
                chkrootkit \
                chkutmp \
                chkwtmp \
                ifpromisc \
                strings-static
        do
                install -Dm755 $i "$pkgdir/usr/bin/$i"
        done
        install -Dm644 COPYRIGHT "$pkgdir/usr/share/licenses/$pkgname/LICENCE"
        for i in README README.chklastlog README.chkwtmp
        do
                install -Dm644 $i "$pkgdir/usr/share/doc/$pkgname/$i"
        done
}

CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#5 2019-01-19 14:39:33

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: Is the old PKGBUILD for chkrootkit available anywhere?

That PKGBUILD produces a package just fine here - I've not tested the softare itself, but the package seems fine.

Makepkg shouldn't generate a symlink in the current working directory, it generates the package there.  What is the output of makepkg when run with that PKGBUILD?


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#6 2019-01-19 14:41:55

Alad
Wiki Admin/IRC Op
From: Bagelstan
Registered: 2014-05-04
Posts: 2,407
Website

Re: Is the old PKGBUILD for chkrootkit available anywhere?

makepkg has stopped creating symlinks to packages since pacman 5.1.


Mods are just community members who have the occasionally necessary option to move threads around and edit posts. -- Trilby

Offline

#7 2019-01-20 04:03:24

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: Is the old PKGBUILD for chkrootkit available anywhere?

Alad wrote:

makepkg has stopped creating symlinks to packages since pacman 5.1.

To elaborate on this: current versions of makepkg have a --packagelist option that prints the paths to the built package files, which respects PKGDEST in order to tell you where to find the packages that may or may not have been built yet.

The symlinks were ultimately considered rather gross -- they caused clutter in the current directory, and they could easily be out of date e.g. you cannot glob them to find links to the *current* packages, and you cannot glob them after parsing the fullpkgver either, since the PKGBUILD could be updated to add/remove part of a split package. All things considered, if you need to parse the PKGBUILD in order to tell which links are still valid, why not just parse the PKGBUILD to find the actual packages -- hence the new option to do so reliably and the corresponding removal of the symlinks.


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#8 2019-01-29 00:50:08

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Re: Is the old PKGBUILD for chkrootkit available anywhere?

OK, thanks. I guess I still had enough symbolic links not to have noticed the lack of new ones. Obviously not very observant.

I tested the compiled programme and it seems to work up to a point. However, it seems to need ssh, which is fine. More problematically, I could only get it to work by cd'ing into /usr/bin/ and I'm not sure how to handle this. Apparently, the main programme looks for the others in the current working directory, which seems odd. Should it still be installed in /usr/bin?


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#9 2019-01-29 01:13:45

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: Is the old PKGBUILD for chkrootkit available anywhere?

Lol, it needs to find the commands from getcwd(3) or `pwd`? That's... pretty terrible from a programming perspective.

I guess one solution would be to install them all to some other directory like /opt/chkrootkit, and replace every single executable with a small wrapper script in /usr/bin/ which would first cd into the "real" install directory, then execute the desired program and pass "$@" arguments onward.

...

Looking at the downloaded source code, I scanned the chkrootkit shellscript and it looks like it does frankly stupid things like `[ ! -x ./ifpromisc ];` and then likewise executes them via `./ifpromisc`

My recommendation is to apply a patch to the script, which replaces all of these ridiculous [ -x ... ] with the POSIX `if ! command -v ifpromisc > /dev/null; then` and simply executing `ifpromisc` directly without the leading ./

This might be enough to get it to work. There are so many other problems with the author's shell scripting, but I don't think it's worth my time to criticize someone's shellscripting from 13 years ago. big_smile In fairness to them, at least not using command -v is understandable given it was optional in POSIX 2004 and only became required in POSIX 2008... but wow, why not at least make a token effort to search based on "$(dirname "$0")/ifpromisc"?


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#10 2019-01-29 01:34:56

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: Is the old PKGBUILD for chkrootkit available anywhere?

`type` was around before `command` wasn't it?  But even before that one could just use a '||' after an attemtped use of the command for a fallback.  I'd argue this is often preferable anyways to essentially ask forgiveness later rather than permission now.  Try the command that should work, if it succeeds, good, keep going; if it fails report the error.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#11 2019-01-29 02:16:56

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: Is the old PKGBUILD for chkrootkit available anywhere?

Trilby wrote:

`type` was around before `command` wasn't it?

No -- type is, even today, an XSI extension and thus optional. And POSIX 2004 did in fact specify command -v, but only as an XSI extension. Later versions of POSIX made command -v mandatory, because they needed at least one POSIX way to perform the task of finding out whether a command exists without actually executing it. It is still, as far as I know, the only way.

But even before that one could just use a '||' after an attemtped use of the command for a fallback.  I'd argue this is often preferable anyways to essentially ask forgiveness later rather than permission now.  Try the command that should work, if it succeeds, good, keep going; if it fails report the error.

I agree that it is best to simply try to run the known program with known properties and simply log an error if it failed. Though not everyone agrees and some people seem to want to hide the informative error messages which the shell provides -- I don't know why. smile

Either way it is probably easier to patch the script to work with these minimal changes. Just fix what is needed to stop it from assuming it is run from the source directory ("To compile the C programs type: # make sense; After that it is ready to use and you can simply type: # ./chkrootkit") and move on.


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

Board footer

Powered by FluxBB