- Fixed some errors introduced during the upgrade from version 0.6.1 to 0.7.0.

- Bump PORTREVISION.

PR:		ports/123613
Reported by:	pointyhat via pav
Submitted by:	Pauls Schmehl <pauls@utdallas.edu> (maintainer)
Reviewed by:	araujo (myself)

4 files changed, 508 insertions, 14 deletions

diff --git a/security/sguil-server/Makefile b/security/sguil-server/Makefile
index 1e7a93a9bf47..5c3f1b4de225 100644
--- a/security/sguil-server/Makefile
+++ b/security/sguil-server/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	sguil-server
 PORTVERSION=	0.7.0
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	SF
 MASTER_SITE_SUBDIR=	sguil
@@ -63,11 +64,12 @@ post-patch:
 	@${REINPLACE_CMD} -e 's:exec tclsh:exec ${TCLSH_CMD}:g' ${WRKSRC}/server/${f}
 .endfor
 
-pre-su-install:
+pre-install:
+.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
 	@${SETENV} ${SCRIPTS_ENV} PKG_PREFIX=${PREFIX} \
 		${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
-
-pre-install:
+.endif
+	@${MKDIR} ${PREFIX}/etc/${SGUILDIR}
 	@${MKDIR} ${PREFIX}/lib/${SGUILDIR}
 	@${MKDIR} ${PREFIX}/share/${SGUILDIR}
 	@${MKDIR} /var/run/${SGUILDIR}
@@ -88,12 +90,14 @@ do-install:
 	${INSTALL_DATA} ${WRKSRC}/server/sql_scripts/${f} ${PREFIX}/share/${SGUILDIR}/${f}
 .endfor
 post-install:
+.if !defined(BATCH) && !defined(PACKAGE_BUILDING)
+	@${SETENV} ${SCRIPTS_ENV} PKG_PREFIX=${PREFIX} \
+		${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
+.endif
 .if !defined(NOPORTDOCS)
 	@${MKDIR} ${DOCSDIR}
 	cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTDOCS} ${DOCSDIR}
 .endif
-	@${SETENV} PKG_PREFIX=${PREFIX} && PORTSDIR=${PORTSDIR} \
-		${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
 
 	@${CAT} ${PKGMESSAGE}
 
diff --git a/security/sguil-server/files/pkg-deinstall.in b/security/sguil-server/files/pkg-deinstall.in
new file mode 100644
index 000000000000..cf76f13a2dd4
--- /dev/null
+++ b/security/sguil-server/files/pkg-deinstall.in
@@ -0,0 +1,65 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+USER="sguil"
+
+# Make sure we're in the right stage of the process
+if [ "$2" = "DEINSTALL" ]; then
+	echo "Stopping sguild......"
+	%%PREFIX%%/etc/rc.d/sguild stop
+	%%PREFIX%%/etc/rc.d/sguild poll
+	if [ ! ${BATCH} ]; then
+	  echo "Would you like to remove the sguild certs?" ; read ans
+	  case "$ans" in
+	      y*|Y*)
+		  if [ -f %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.key ]; then
+			  rm %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.key
+		  fi
+		  if [ -f %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.pem ]; then
+			  rm %%PREFIX%%/etc/%%SGUILDIR%%/certs/sguild.pem
+		  fi
+		  ;;
+	      n*|N*)
+		  ;;
+	      *)
+		  exit 64
+		  ;;
+	  esac
+	  cd %%PREFIX%%/etc/%%SGUILDIR%% || exit 1
+# Remove the conf files *if* they have not been altered
+	  for f in autocat.conf sguild.access sguild.conf sguild.email \
+		  sguild.queries sguild.reports sguild.users; do
+		  cmp -s -z ${f} ${f}-sample && rm ${f}
+	  done
+# Remove the user and group if the installer chooses to
+	  echo "Would you like to remove the sguil user and group?" ; read ans
+	  case "$ans" in
+	      y*|Y*)
+		  if pw usershow "${USER}" 2>/dev/null 1>&2; then 
+			  pw userdel -n sguil
+		  fi
+		  if pw groupshow "${USER}" 2>/dev/null 1>&2; then
+			  pw groupdel -n sguil
+		  fi
+		  ;;
+	      n*|N*)
+		  ;;
+	      *)
+		  ;;
+	  esac
+        fi
+fi
+if [ "$2" = "POST-DEINSTALL" ]; then
+	# If the user exists, then display a message
+	if pw usershow "${USER}" 2>/dev/null 1>&2; then
+		echo "To delete the '${USER}' user permanently, use 'pw userdel ${USER}'"
+	fi
+	# If the group exists, then display a message
+	if pw groupshow "${USER}" 2>/dev/null 1>&2; then
+		echo "To delete the '${USER}' group permanently, use 'pw groupdel ${USER}'"
+	fi
+fi
+
+exit 0
diff --git a/security/sguil-server/files/pkg-install.in b/security/sguil-server/files/pkg-install.in
new file mode 100644
index 000000000000..1661985c7251
--- /dev/null
+++ b/security/sguil-server/files/pkg-install.in
@@ -0,0 +1,408 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# This script and its implementation borrows heavily from the www/squid port, and I owe a debt to the
+# maintainer for saving me a lot of time.  The bold font trick that I use extensively was picked up
+# at http://www.cyberciti.biz/nixcraft/linux/docs/uniqlinuxfeatures/lsst/ch08.html#q16
+# I also owe a debt to all those who have posted shell scripting tutorials to the web and to the FreeBSD
+# developers from whose OS I stole a few tricks as well.
+
+# Set up some paths and variables for later use
+PATH=/bin:/usr/bin:/usr/sbin:%%PREFIX%%/bin
+pkgname=$1
+rootpwd=''
+confdir="${PKG_PREFIX:-%%PREFIX%%}/etc"
+portdir="${CURDIR:-%%CURDIR%%}"
+scriptdir="${WRKSRC:-%%WRKSRC%%}/server/sql_scripts"
+if [ -x /usr/sbin/nologin ]; then
+	nologin=/usr/sbin/nologin
+else
+	nologin=/sbin/nologin
+fi
+# Source rc.conf for later
+if [ -z "${source_rc_confs_defined}" ]; then
+	if [ -r /etc/defaults/rc.conf ]; then
+		. /etc/defaults/rc.conf
+			source_rc_confs
+	elif [ -r /etc/rc.conf ]; then
+		. /etc/rc.conf
+	fi
+fi
+sguil_user="sguil"
+sguil_group="sguil"
+case $2 in
+PRE-INSTALL)
+echo "This sguild install script creates a \"turnkey\" install "
+echo "of sguild, including configuing the database and conf files"
+echo "and user accounts so that sguild can be started immediately."
+echo ""
+echo "You may have already done all this (especially if this is an upgrade)"
+echo "and may not be interested in iterating through cert creation and"
+echo "everything else that the script does."
+echo ""
+echo "This portion of the script creates user and group accounts named \"sguil\"."
+echo "Would you like to opt out of this portion of the install script " ; read ans
+case "$ans" in
+    y*|Y*)
+	exit 0
+	;;
+    n*|N*)
+	;;
+    *)
+	exit 64
+	;;
+esac
+	echo "==> Pre-installation configuration of ${pkgname}"
+	if ! pw groupshow ${sguil_group} -q >/dev/null ; then
+		if ! pw groupadd ${sguil_group} -q; then
+			echo "Failed to create group \"${sguil_group}\"!" >&2
+			echo "Please create it manually." >&2
+			exit 1
+		else
+			echo "Group '%{sguil-group}' created successfully."
+			pw groupshow ${sguil_group}
+		fi
+	fi
+	if ! pw usershow ${sguil_user} -q >/dev/null ; then
+		if ! pw useradd -q -n ${sguil_user} \
+		     -g ${sguil_group} -s "${nologin}" \
+		     -h - ; then
+			echo "Failed to create user '%{sguil_user}'!" >&2
+			echo "Please create it manually." >&2
+			exit 1
+		else
+			echo "User '${sguil_user}' create successfully."
+			pw usershow ${sguil_user}
+		fi
+	fi
+	for dir in %%SGUILDIR%%/certs ; do
+	if [ ! -d  ${confdir}/${dir} ]; then
+		echo "Creating ${confdir}/${dir} ...."
+		install -d -o ${sguil_user} -g ${sguil_group} \
+			-m 0750 ${confdir}/${dir}
+	fi
+	done
+	for dir in %%PREFIX%%/lib/%%SGUILDIR%% /var/run/%%SGUILDIR%% ; do
+	if [ ! -d ${dir} ]; then
+		echo "Creating ${dir} ...."
+		install -d -o ${sguil_user} -g ${sguil_group} \
+			-m 0750 ${dir}
+	fi
+	done
+	;;
+POST-INSTALL)
+echo "This sguild install script creates a \"turnkey\" install "
+echo "of sguild, including configuing the database and conf files"
+echo "and user accounts so that sguild can be started immediately."
+echo ""
+echo "You may have already done all this (especially if this is an upgrade)"
+echo "and may not be interested in iterating through cert creation and"
+echo "everything else that the script does."
+echo ""
+echo "Would you like to opt out of the entire install script "
+echo "and configure sguild manually yourself?" ;  read ans
+case "$ans" in
+    y*|Y*)
+	exit 0
+	;;
+    n*|N*)
+	;;
+    *)
+	exit 64
+	;;
+esac
+	echo -e "\033[1mThere are a few things that need to be done to complete the install."
+	echo -e "\033[0mFirst, you need to create certs so that the ssl connections between server and "
+	echo "sensors will work, you need to create the database, the account to access it and "
+	echo "the tables for the database and you need to create the directories where all the "
+	echo "data will be stored. (You will also need to edit the conf files for your setup.)"
+	echo ""
+	echo "If you haven't already done this, I can do it for you now."
+	echo "Would you like to create certs now? (y for yes, n for no)"; read ans
+	case "$ans" in
+	    y*|Y*)
+		echo -e "\033[1mFirst we need to create a password-protected CA cert."
+		echo ""
+		echo -e "\033[0m(The Common Name should be the FQHN of your squil server.)"
+		openssl req -out CA.pem -new -x509
+		echo "Now we need to create a server certificate/key pair."
+		openssl genrsa -out sguild.key 1024
+		echo -e "\033[1mNow we need to create a certificate request to be signed by the CA."
+		echo "DO NOT password protect your server key.  If you do, you will be required"
+		echo "to enter the password every time you start the server."
+		echo -e "\033[0m"
+		openssl req -key sguild.key -new -out sguild.req
+		echo "Now we need to create the actual certificate for your server."
+		echo 44 > file.sr1	
+		openssl x509 -req -in sguild.req -CA CA.pem -CAkey privkey.pem -CAserial file.sr1 -out sguild.pem
+		echo "Finally, we need to move the certs to the '${confdir}/%%SGUILDIR%%/certs}' directory "
+		echo "and clean up the port directory as well."
+		for files in sguild.key sguild.pem; do
+			mv ${portdir}/$files ${confdir}/%%SGUILDIR%%/certs/
+		done
+		for files in CA.pem privkey.pem sguild.req file.sr1; do
+			rm ${portdir}/$files
+		done
+		;;
+	    n*|N*)
+		echo -e "\033[1mSSL is now required for all connections between server, sensors and clients."
+		echo "If you haven't already created certs, you will need to do that before sguil will work."
+		echo -e "\033[0m"
+		echo ""
+		;;
+	    *)
+		exit 64
+		;;
+	esac
+	echo -e "\033[1mIs the installation of mysql brand new and unaltered?"
+	echo -e "\033[0mBy default, when mysql is installed, it creates five accounts."
+	echo "None of those accounts are protected by passwords.  That needs to be corrected."
+	echo "The five accounts are:"
+	echo "        root@localhost"
+	echo "        root@127.0.0.1"
+	echo "        root@`hostname`"
+	echo "            @localhost"
+	echo "            @`hostname`"
+	echo "I can remove all of the accounts except root@localhost (highly recommended) "
+	echo "and I can set the password for the root@localhost account. (If you get an error "
+	echo "don't worry about it.  The account may not have been created to begin with."
+	echo "Would you like me to do that now?" ; read ans
+	case "$ans" in
+	    y*|Y*)
+		echo "Enabling mysql in /etc/rc.conf and starting the server....."
+		case ${mysql_enable} in
+		    [Yy][Ee][Ss])
+			echo -e "\033[1mIt appears that mysql is already enabled!"
+			echo -e "\033[0m"
+			;;
+		    *)
+			echo "# -- Squild installed deltas -- # `date`" >> /etc/rc.conf
+			echo "mysql_enable=\"YES\"" >> /etc/rc.conf
+			;;
+		esac
+		mysql_pid=`%%PREFIX%%/etc/rc.d/mysql-server status | awk '{print $6}'`
+		echo "The mysql pid is ${mysql_pid}...."
+		if [ -z ${mysql_pid} ]; then
+			%%PREFIX%%/etc/rc.d/mysql-server start
+		fi
+		sleep 1
+		mysql_pid=`%%PREFIX%%/etc/rc.d/mysql-server status | awk '{print $6}'`
+		if [ -s ${mysql_pid} ]; then
+			echo "The mysql server did not start.  Please fix the problem "
+			echo "and run this script again."
+			exit 64
+		fi 
+		echo "Deleting users from mysql......"
+		mysql -u root -e "USE mysql; DROP USER 'root'@'127.0.0.1';"
+		mysql -u root -e "USE mysql; DROP USER 'root'@'`hostname`';"
+		mysql -u root -e "USE mysql; DROP USER ''@'localhost';"
+		mysql -u root -e "USE mysql; DROP USER ''@'`hostname`';"
+		echo "All done deleting......."
+		echo "What would you like root@localhost's password to be?" ; read rootpwd
+		mysql -u root -e "USE mysql; SET PASSWORD FOR 'root'@'localhost' = PASSWORD('$rootpwd');"
+		mysql -u root -p${rootpwd} -e "FLUSH PRIVILEGES;"
+		;;
+	    n*|N*)
+		echo "Before you use the database, you should at least set passwords"
+		echo "for all the accounts.  Otherwise anyone can login to your database."
+		echo "To remove an account, use \"drop user 'user'@'host'\"."
+		echo "To set a password for an account, use \"SET PASSWORD FOR 'user'@'host' = PASSWORD('passwd')\"."
+		;;
+	    *)
+		exit 64
+		;;
+	esac
+	echo -e "\033[1mWould you like to bind mysql to localhost so it only listens on that address?"
+	echo -e "\033[0m" ; read ans
+	case "$ans" in
+	    y*|Y*)
+		if [ ! -f /etc/my.cnf ]; then
+			echo "[mysqld]" >> /etc/my.cnf
+			echo "bind-address=127.0.0.1" >> /etc/my.cnf
+			echo "socket=/tmp/mysql.sock" >> /etc/my.cnf
+			echo "ft_min_word_len=3" >> /etc/my.cnf
+			mysql_pid=`%%PREFIX%%/etc/rc.d/mysql-server status | awk '{print $6}'`
+			echo "The mysql pid is ${mysql_pid}...."
+			if [ -z ${mysql_pid} ]; then
+				%%PREFIX%%/etc/rc.d/mysql-server start
+			else
+				%%PREFIX%%/etc/rc.d/mysql-server restart
+			fi
+		else
+			echo "/etc/my.cnf already exists!"
+			echo "add \"bind-address=127.0.0.1\" in the [mysqld] section "
+			echo "to force mysql to listen only on localhost."
+			echo "Then restart the server to accept the new settings."
+		fi
+		;;
+	    n*|N*)
+		;;
+	    *)
+		exit 64
+		;;
+	esac
+	echo -e "\033[1mWould you like to create the database to store all nsm data?"
+	echo -e "\033[0m" ; read ans
+	echo "NOTE: If you're upgrading, you do NOT want to do this!  You want to upgrade."
+	case "$ans" in
+	    y*|Y*)
+		if [ -z ${rootpwd} ]; then 
+			echo "What is the password for the mysql root user?"; read rootpwd
+		fi
+		mysql -u root -p${rootpwd} -e "create database sguildb"
+		mysql -u root -p${rootpwd} -D sguildb < ${scriptdir}/create_sguildb.sql
+		;;
+	    n*|N*)
+		echo -e "\033[1mPlease note: if you are upgrading from a previous version "
+		echo "of sguil, you need to run the upgrade_0.7.tcl script located in "
+		echo "'${scriptdir}'."
+		echo -e "\033[0mIf you've already cleaned the port directory, run "
+		echo "make extract to recover the files and access the script."
+		echo ""
+		;;
+	    *)
+		exit 64
+		;;
+	esac
+	echo -e "\033[1mWould you like to create a user \"sguild@localhost\" for database access?"
+	echo -e "\033[0m" ; read ans
+	case "$ans" in
+	    y*|Y*)
+		if [ -z ${rootpwd} ]; then
+			echo "Please enter the password for the mysql root account." ; read rootpwd
+		fi
+		echo -e "\033[1mPlease enter the password that you want to use for the sguild account."
+		echo -e "\033[0m"; read sguildpwd
+		echo "Creating account for sguild with access to sguildb....."
+		mysql -u root -p${rootpwd} -e "GRANT ALTER,CREATE,DELETE,DROP,INDEX,INSERT,SELECT,UPDATE on sguildb.* \
+			to 'sguild'@'localhost' IDENTIFIED BY '${sguildpwd}'"
+		mysql -u root -p${rootpwd} -e "GRANT FILE on *.* to 'sguild'@'localhost'"
+		mysql -u root -p${rootpwd} -e "FLUSH PRIVILEGES"
+		;;
+	    n*|N*)
+		;;
+	    *)
+		exit 64
+		;;
+	esac
+	echo -e "\033[1mWould you like to create the data directory and all its subdirectories?"
+	echo -e "\033[0m"; read ans
+	case "$ans" in
+	    y*|Y*)
+		echo "What do you want the name of the main directory to be?"
+		echo "(Be sure to include the full path to the directory - e.g. /var/nsm)" ; read maindir
+		echo "The main directory will be named '${maindir}'."
+		for dir in ${maindir} ${maindir}/archives ${maindir}/rules ${maindir}/load ; do
+			if [ ! -d  ${dir} ]; then
+				echo "Creating ${dir} ...."
+				install -d -o ${sguil_user} -g ${sguil_group} \
+					-m 0750 ${dir}
+			else
+				echo -e "\033[1mThe directory '${dir}' already exists!"
+				echo -e "\033[0m"
+			fi
+		done
+		;;
+	    n*|N*)
+		;;
+	    *)
+		exit 64
+		;;
+	esac
+	echo -e "\033[1mWould you like to enable sguild in /etc/rc.conf?"
+	echo -e "\033[0m"; read ans
+	case "$ans" in
+	    y*|Y*)
+		case ${sguild_enable} in
+		    [Yy][Ee][Ss])
+			echo -e "\033[1mIt appears that sguild is already enabled!"
+			echo -e "\033[0m"
+			;;
+		     *)
+			echo -e i"\033[1mWriting to /etc/rc.conf...."
+			echo -e "\033[0m"
+			echo "# -- Squild installed deltas -- # `date`" >> /etc/rc.conf
+			echo "sguild_enable=\"YES\"" >> /etc/rc.conf
+			;;
+		esac
+		;;
+	    n*|N*)
+		;;
+	    *)
+		exit 64
+		;;
+	esac
+	echo -e "\033[1mIf the sguild.conf file does not exist, I will create and edit it now."
+	echo -e "\033[0m"
+	if [ -f ${confdir}/%%SGUILDIR%%/sguild.conf ]; then
+		echo "The sguild.conf file already exists!"
+		echo "Do you want me to edit it anyway?" ; read ans
+		case "$ans" in
+		    y*|Y*)
+			echo -e "\033[1mPreparing to edit the sguild.conf file......"
+			if [ -z ${maindir} ]; then
+				echo "There's a couple of things I need to verify before continuing."
+				echo "What is the name of the main nsm directory that you are using?"
+				echo -e "\033[0m" ; read ans
+				maindir="$ans"
+			fi
+			if [ -z ${sguildpwd} ]; then
+				echo -e "\033[1mWhat is the password for the sguild database user?"
+				echo -e "\033[0m" ; read ans
+				sguildpwd="$ans"
+			fi
+			sed -e 's|DBPASS ""|DBPASS '"${sguildpwd}"'|' -e 's|DBUSER root|DBUSER sguild|' \
+				-e 's|sguild_data|'"${maindir}"'|' \
+		 		< ${confdir}/%%SGUILDIR%%/sguild.conf-sample > ${confdir}/%%SGUILDIR%%/sguild.conf
+			;;
+		    n*|N*)
+			;;
+		    *)
+			exit 64
+			;;
+		esac	
+	else
+		echo -e "\033[1mPreparing to edit the sguild.conf file......"
+		if [ -z ${maindir} ]; then
+			echo "There's a couple of things I need to verify before continuing."
+			echo "What is the name of the main nsm directory that you are using?"
+			echo -e "\033[0m" ; read ans
+			maindir="$ans"
+		fi
+		if [ -z ${sguildpwd} ]; then
+			echo -e "\033[1mWhat is the password for the sguild database user?"
+			echo -e "\033[0m" ; read ans
+			sguildpwd="$ans"
+		fi
+		sed -e 's|DBPASS ""|DBPASS '"${sguildpwd}"'|' -e 's|DBUSER root|DBUSER sguild|' \
+			-e 's|sguild_data|'"${maindir}"'|' \
+			< ${confdir}/%%SGUILDIR%%/sguild.conf-sample > ${confdir}/%%SGUILDIR%%/sguild.conf
+	fi
+	if [ ! -f ${confdir}/%%SGUILDIR%%/sguild.users ]; then
+		cp ${confdir}/%%SGUILDIR%%/sguild.users-sample ${confdir}/%%SGUILDIR%%/sguild.users
+	fi
+	if [ ! -f ${confdir}/%%SGUILDIR%%/sguild.access ]; then
+		cp ${confdir}/%%SGUILDIR%%/sguild.access-sample ${confdir}/%%SGUILDIR%%/sguild.access
+	fi
+	echo -e "\033[1mYou still need to review all the conf files and configure sguil "
+	echo "per your desired setup before starting sguild.  Refer to the port docs in "
+	echo "%%DOCSDIR%% before proceeding."
+	echo -e "\033[0m"
+	echo "Right now, all the conf files except sguild.conf are set to the defaults."
+	for files in archive_sguildb.tcl sguild incident_report.tcl ; do
+	if [ -f %%PREFIX%%/bin/${files} ]; then
+		chown ${sguil_user}:${sguil_group} %%PREFIX%%/bin/${files}
+	fi
+	done
+	if [ ! -f %%PREFIX%%/bin/sguild ]; then
+		echo "Sguild is missing!  Please correct the problem before continuing!"
+		exit 1
+	fi 
+	;;
+*)
+	exit 64
+	;;
+esac
+exit 0
diff --git a/security/sguil-server/files/sguild.sh.in b/security/sguil-server/files/sguild.sh.in
index 436ebd2dc87a..f54ad98d4e5a 100644
--- a/security/sguil-server/files/sguild.sh.in
+++ b/security/sguil-server/files/sguild.sh.in
@@ -9,26 +9,43 @@
 # Add the following lines to /etc/rc.conf to enable sguild:
 # sguild_enable (bool):		Set to YES to enable sguild
 # 				Default: NO
+# The following commandline arguments are available for sguild
+# "  -c <filename>: PATH to the sguild config (sguild.conf) file."
+# "  -a <filename>: PATH to the autocat config (autocat.conf) file."
+# "  -g <filename>: PATH to the sguild global queries (sguild.queries) file."
+# "  -u <filename>: PATH to the sguild users (sguild.users) file."
+# "  -P <filename>: Name of file to write the PID to."
+# "                 Default is /var/run/%%SGUILDIR%%/sguild.pid"
+# "  -l <filepath>: PATH to sguild libraries."
+# "  -O <filename>: Define PATH to tls (tcl openssl) lib (libtls1.x.so)"
+# "  -C <directory>: Directory that contains sguild.pem and sguild.key"
+# "  -D Runs sguild in daemon mode."
+# "  -A <filename>: PATH to sguild.access file."
+# "  -d <0|1|2>: Set DEBUG level"
 # sguild_flags (str):		Extra flags passed to sguild
-#				Default: -D
+#				Default: -D -P ${pid}
 # sguild_conf (str):		Sguild configuration file
 #				Default: %%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf
+# sguild_user (str):		Default: sguild
+# Note: this value MUST be set in /etc/rc.conf if you do not accept the default
+# user created by the pkg-install script
 
 . %%RC_SUBR%%
 
+load_rc_config sguild
+# set some defaults
+sguild_enable=${sguild_enable:-"NO"}
+sguild_conf=${sguild_conf:-"/%%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf"}
+pid=${pid:-"/var/run/%%SGUILDIR%%/sguild.pid"}
+sguild_flags=${sguild_flags:-"-D -P ${pid}"}
+sguild_user=${sguild_user:-"sguil"}
+
 name="sguild"
 rcvar=`set_rcvar`
-
 command="%%PREFIX%%/bin/${name}"
+command_args="-c ${sguild_conf} ${sguild_flags}"
 procname="%%TCLSH%%"
 check_process="${procname}"
 sguild_user="sguil"
-pid="/var/run/%%SGUILDIR%%/${name}.pid"
-
-sguild_enable=${sguild_enable-NO}
-sguild_conf=${sguild_conf-%%PREFIX%%/etc/%%SGUILDIR%%/sguild.conf}
-sguild_flags=${sguild_flags--D -P ${pid}}
-[ -n "$sguild_conf" ] && sguild_flags="$sguild_flags -c $sguild_conf"
 
-load_rc_config ${name}
 run_rc_command "$1"