NetBSD Problem Report #55471

From hf@spg.tu-darmstadt.de  Thu Jul  9 08:28:49 2020
Return-Path: <hf@spg.tu-darmstadt.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 13A9F1A9213
	for <gnats-bugs@gnats.NetBSD.org>; Thu,  9 Jul 2020 08:28:49 +0000 (UTC)
Message-Id: <202007090828.0698Sgbw001286@Petzeck.nt.e-technik.tu-darmstadt.de>
Date: Thu, 9 Jul 2020 10:28:42 +0200 (CEST)
From: Hauke Fath <hf@spg.tu-darmstadt.de>
Reply-To: Hauke Fath <hf@spg.tu-darmstadt.de>
To: gnats-bugs@NetBSD.org
Cc: Hauke Fath <hf@spg.tu-darmstadt.de>
Subject: security/racoon2 violates DESTDIR
X-Send-Pr-Version: 3.95

>Number:         55471
>Category:       pkg
>Synopsis:       security/racoon2 violates DESTDIR
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jul 09 08:30:00 +0000 2020
>Closed-Date:    
>Last-Modified:  Tue Oct 13 13:07:40 +0000 2020
>Originator:     Hauke Fath
>Release:        NetBSD 9.0_STABLE
>Organization:
Technische Universitaet Darmstadt
>Environment:


System: NetBSD Petzeck 9.0_STABLE NetBSD 9.0_STABLE (DMZ_DOMU) #1: Tue May 5 13:38:54 CEST 2020 hf@Hochstuhl:/var/obj/netbsd-builds/9/amd64/sys/arch/amd64/compile/DMZ_DOMU amd64
Architecture: x86_64
Machine: amd64
>Description:

	Late in the install phase, the package starts a script that
	does not heed DESTDIR, and tries to directly manipulate
	preference files under PKG_SYSCONFDIR:

[...]
===> Change directory to pskgen
/usr/bin/install -c -o hf -g users -d /var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/sbin
/usr/bin/install -c -o hf -g users -m 755 pskgen /var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/sbin
/usr/bin/install -c -o hf -g users -m 644 pskgen.8 /var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/man/man8
/usr/bin/install -c -o hf -g users -d /var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/etc/racoon2
sh ./autogen.spmd.pwd
mv: rename /etc/pkg/racoon2/spmd.pwd to /etc/pkg/racoon2/spmd.pwd.bak: Permission denied
can't open /etc/pkg/racoon2/spmd.pwd at /usr/pkg/sbin/pskgen line 116.
*** Error code 13

Stop.
make[1]: stopped in /var/obj/pkgsrc/security/racoon2/work/racoon2-b2a193fc9875d1fb89c0a51690745379bc135fcf/pskgen
*** Error code 1

	The config files actually existed from a previous
	installation. In addition to missing credentials, the
	autogen.spmd.pwd script should probably not even be run on an
	existing configuration.

	I patched autogen.spmd.pwd.in to respect PKG_SYSCONFDIR, but
	that is not the biggest problem. Since I do not know exactly
	what pskgen(8) is trying to accomplish, and why it has to be
	run in the install phase, I will leave the proper fix to the
	maintainer. (I don't think the pkginstall framework allows for
	inserting arbitrary filters into the copying process?)


>How-To-Repeat:

	"cd .../security/racoon2 && make package" on a machine with
	non-default SYSCONFDIR.


>Fix:

	Either run pskgen(8) on the files installed in EGDIR, or
	advise users to manually run it on the relevant config files
	in PKG_SYSCONFDIR.



>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->feedback
State-Changed-By: maya@NetBSD.org
State-Changed-When: Tue, 13 Oct 2020 01:47:49 +0000
State-Changed-Why:
Does that do the trick?
55471


From: "Maya Rashish" <maya@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/55471 CVS commit: pkgsrc/security/racoon2
Date: Tue, 13 Oct 2020 01:47:25 +0000

 Module Name:	pkgsrc
 Committed By:	maya
 Date:		Tue Oct 13 01:47:25 UTC 2020

 Modified Files:
 	pkgsrc/security/racoon2: Makefile

 Log Message:
 racoon2: respect DESTDIR/PKG_SYSCONFDIR.

 PR pkg/55471


 To generate a diff of this commit:
 cvs rdiff -u -r1.21 -r1.22 pkgsrc/security/racoon2/Makefile

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: Hauke Fath <hf@spg.tu-darmstadt.de>
To: gnats-bugs@netbsd.org
Cc: pkg-manager@netbsd.org, pkgsrc-bugs@netbsd.org, gnats-admin@netbsd.org,
        maya@NetBSD.org
Subject: Re: pkg/55471 (security/racoon2 violates DESTDIR)
Date: Tue, 13 Oct 2020 08:03:20 +0200

 On Tue, 13 Oct 2020 01:47:50 +0000 (UTC), maya@NetBSD.org wrote:
 > Does that do the trick?
 > 55471

 Nope, the subst does not address the issue:

 % make package
 [...]
 =3D=3D=3D> Change directory to pskgen
 /usr/bin/install -c -o hf -g users -d=20
 /var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/sbin
 /usr/bin/install -c -o hf -g users -m 755 pskgen=20
 /var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/sbin
 /usr/bin/install -c -o hf -g users -m 644 pskgen.8=20
 /var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/man/man8
 /usr/bin/install -c -o hf -g users -d=20
 /var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/etc/racoon2
 sh ./autogen.spmd.pwd
 can't open=20
 /var/obj/pkgsrc/security/racoon2/work/.destdir/etc/pkg/racoon2/spmd.pwd=20
 at /usr/pkg/sbin/pskgen line 116.
 *** Error code 2

 Cheerio,
 Hauke

 --=20
      The ASCII Ribbon Campaign                    Hauke Fath
 ()     No HTML/RTF in email            Institut f=FCr Nachrichtentechnik
 /\     No Word docs in email                     TU Darmstadt
      Respect for open standards              Ruf +49-6151-16-21344

From: maya@NetBSD.org
To: Hauke Fath <hf@spg.tu-darmstadt.de>
Cc: gnats-bugs@netbsd.org
Subject: Re: pkg/55471 (security/racoon2 violates DESTDIR)
Date: Tue, 13 Oct 2020 06:21:31 +0000

 On Tue, Oct 13, 2020 at 08:03:20AM +0200, Hauke Fath wrote:
 > /usr/bin/install -c -o hf -g users -d 
 > /var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/etc/racoon2
 > sh ./autogen.spmd.pwd
 > can't open 
 > /var/obj/pkgsrc/security/racoon2/work/.destdir/etc/pkg/racoon2/spmd.pwd 
 > at /usr/pkg/sbin/pskgen line 116.
 > *** Error code 2

 I wonder what I'm doing different to not be seeing this.

From: Hauke Fath <hf@spg.tu-darmstadt.de>
To: gnats-bugs@netbsd.org
Cc: pkg-manager@netbsd.org, gnats-admin@netbsd.org, maya@NetBSD.org
Subject: Re: pkg/55471 (security/racoon2 violates DESTDIR)
Date: Tue, 13 Oct 2020 09:52:41 +0200

 On Tue, 13 Oct 2020 06:25:01 +0000 (UTC), maya@NetBSD.org wrote:
 >  On Tue, Oct 13, 2020 at 08:03:20AM +0200, Hauke Fath wrote:
 >  > /usr/bin/install -c -o hf -g users -d=20
 >  > /var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/etc/racoon2
 >  > sh ./autogen.spmd.pwd
 >  > can't open=20
 >  > /var/obj/pkgsrc/security/racoon2/work/.destdir/etc/pkg/racoon2/spmd.pw=
 d=20
 >  > at /usr/pkg/sbin/pskgen line 116.
 >  > *** Error code 2
 > =20
 >  I wonder what I'm doing different to not be seeing this.

 What does your pskgen/autogen.spmd.pwd look like? Mine has

 <snip>
 #!/bin/sh

 if [ -f=20
 /var/obj/pkgsrc/security/racoon2/work/.destdir/etc/pkg/racoon2/spmd.pwd=20
 ]
 then
         mv=20
 /var/obj/pkgsrc/security/racoon2/work/.destdir/etc/pkg/racoon2/spmd.pwd=20
 /var/obj/pkgsrc/security/racoon2/work/.destdir/etc/pkg/racoon2/spmd.pwd.bak
 fi

 if [ -x /usr/pkg/sbin/pskgen ]
 then
         /usr/pkg/sbin/pskgen -r -o=20
 /var/obj/pkgsrc/security/racoon2/work/.destdir/etc/pkg/racoon2/spmd.pwd
 fi
 </snip>

 which looks very wrong. It seems to me that the pskgen key generation=20
 should be invoked conditionally from the rc.d script, similar to what=20
 the sshd one does?

 Cheerio,
 Hauke

 --=20
      The ASCII Ribbon Campaign                    Hauke Fath
 ()     No HTML/RTF in email            Institut f=FCr Nachrichtentechnik
 /\     No Word docs in email                     TU Darmstadt
      Respect for open standards              Ruf +49-6151-16-21344

State-Changed-From-To: feedback->open
State-Changed-By: maya@NetBSD.org
State-Changed-When: Tue, 13 Oct 2020 13:07:40 +0000
State-Changed-Why:
Didn't help, needs more work.


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.