From b432410716031653d976893fecc4e697949c2a9a Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 5 Aug 2017 16:13:43 +0100
Subject: [PATCH] Fixing tripwire policy

---
 src/freedombone-base-tripwire | 40 +++--------------------------------
 1 file changed, 3 insertions(+), 37 deletions(-)

diff --git a/src/freedombone-base-tripwire b/src/freedombone-base-tripwire
index 0ab02ba1..fa7500b1 100755
--- a/src/freedombone-base-tripwire
+++ b/src/freedombone-base-tripwire
@@ -120,43 +120,9 @@ function install_tripwire {
     if ! grep -q '!/etc/share/tt-rss/lock' /etc/tripwire/twpol.txt; then
         sed -i '\|/etc\t\t->.*|a\    !/etc/share/tt-rss/lock ;' /etc/tripwire/twpol.txt
     fi
-    # Ignore additional install files
-    if ! grep -q '!/usr/local/bin/freedombone' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/freedombone* ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!=/usr/local/bin' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !=/usr/local/bin ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/addremove' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/addremove ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/backup' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/backup ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/backup2friends' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/backup2friends ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/batman' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/batman ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/control' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/control ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/controluser' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/controluser ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/cronic' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/cronic ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/meshavahi' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/meshavahi ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/restore' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/restore ;' /etc/tripwire/twpol.txt
-    fi
-    if ! grep -q '!/usr/local/bin/restorefromfriend' /etc/tripwire/twpol.txt; then
-        sed -i '\|/usr/local/sbin.*|a\    !/usr/local/bin/restorefromfriend ;' /etc/tripwire/twpol.txt
-    fi
+    # Not much is in /usr/local/bin other than project commands and avoiding it removes
+    # problems with updates. This is a tradeoff, but not by much.
+    sed -i '/\/usr\/local\/bin/d' /etc/tripwire/twpol.txt
 
     # Avoid logging the changed database
     sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt