NetBSD Problem Report #55471
From hf@spg.tu-darmstadt.de Thu Jul 9 08:28:49 2020
Return-Path: <hf@spg.tu-darmstadt.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 13A9F1A9213
for <gnats-bugs@gnats.NetBSD.org>; Thu, 9 Jul 2020 08:28:49 +0000 (UTC)
Message-Id: <202007090828.0698Sgbw001286@Petzeck.nt.e-technik.tu-darmstadt.de>
Date: Thu, 9 Jul 2020 10:28:42 +0200 (CEST)
From: Hauke Fath <hf@spg.tu-darmstadt.de>
Reply-To: Hauke Fath <hf@spg.tu-darmstadt.de>
To: gnats-bugs@NetBSD.org
Cc: Hauke Fath <hf@spg.tu-darmstadt.de>
Subject: security/racoon2 violates DESTDIR
X-Send-Pr-Version: 3.95
>Number: 55471
>Category: pkg
>Synopsis: security/racoon2 violates DESTDIR
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jul 09 08:30:00 +0000 2020
>Closed-Date:
>Last-Modified: Tue Oct 13 13:07:40 +0000 2020
>Originator: Hauke Fath
>Release: NetBSD 9.0_STABLE
>Organization:
Technische Universitaet Darmstadt
>Environment:
System: NetBSD Petzeck 9.0_STABLE NetBSD 9.0_STABLE (DMZ_DOMU) #1: Tue May 5 13:38:54 CEST 2020 hf@Hochstuhl:/var/obj/netbsd-builds/9/amd64/sys/arch/amd64/compile/DMZ_DOMU amd64
Architecture: x86_64
Machine: amd64
>Description:
Late in the install phase, the package starts a script that
does not heed DESTDIR, and tries to directly manipulate
preference files under PKG_SYSCONFDIR:
[...]
===> Change directory to pskgen
/usr/bin/install -c -o hf -g users -d /var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/sbin
/usr/bin/install -c -o hf -g users -m 755 pskgen /var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/sbin
/usr/bin/install -c -o hf -g users -m 644 pskgen.8 /var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/man/man8
/usr/bin/install -c -o hf -g users -d /var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/etc/racoon2
sh ./autogen.spmd.pwd
mv: rename /etc/pkg/racoon2/spmd.pwd to /etc/pkg/racoon2/spmd.pwd.bak: Permission denied
can't open /etc/pkg/racoon2/spmd.pwd at /usr/pkg/sbin/pskgen line 116.
*** Error code 13
Stop.
make[1]: stopped in /var/obj/pkgsrc/security/racoon2/work/racoon2-b2a193fc9875d1fb89c0a51690745379bc135fcf/pskgen
*** Error code 1
The config files actually existed from a previous
installation. In addition to missing credentials, the
autogen.spmd.pwd script should probably not even be run on an
existing configuration.
I patched autogen.spmd.pwd.in to respect PKG_SYSCONFDIR, but
that is not the biggest problem. Since I do not know exactly
what pskgen(8) is trying to accomplish, and why it has to be
run in the install phase, I will leave the proper fix to the
maintainer. (I don't think the pkginstall framework allows for
inserting arbitrary filters into the copying process?)
>How-To-Repeat:
"cd .../security/racoon2 && make package" on a machine with
non-default SYSCONFDIR.
>Fix:
Either run pskgen(8) on the files installed in EGDIR, or
advise users to manually run it on the relevant config files
in PKG_SYSCONFDIR.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback
State-Changed-By: maya@NetBSD.org
State-Changed-When: Tue, 13 Oct 2020 01:47:49 +0000
State-Changed-Why:
Does that do the trick?
55471
From: "Maya Rashish" <maya@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/55471 CVS commit: pkgsrc/security/racoon2
Date: Tue, 13 Oct 2020 01:47:25 +0000
Module Name: pkgsrc
Committed By: maya
Date: Tue Oct 13 01:47:25 UTC 2020
Modified Files:
pkgsrc/security/racoon2: Makefile
Log Message:
racoon2: respect DESTDIR/PKG_SYSCONFDIR.
PR pkg/55471
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 pkgsrc/security/racoon2/Makefile
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Hauke Fath <hf@spg.tu-darmstadt.de>
To: gnats-bugs@netbsd.org
Cc: pkg-manager@netbsd.org, pkgsrc-bugs@netbsd.org, gnats-admin@netbsd.org,
maya@NetBSD.org
Subject: Re: pkg/55471 (security/racoon2 violates DESTDIR)
Date: Tue, 13 Oct 2020 08:03:20 +0200
On Tue, 13 Oct 2020 01:47:50 +0000 (UTC), maya@NetBSD.org wrote:
> Does that do the trick?
> 55471
Nope, the subst does not address the issue:
% make package
[...]
=3D=3D=3D> Change directory to pskgen
/usr/bin/install -c -o hf -g users -d=20
/var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/sbin
/usr/bin/install -c -o hf -g users -m 755 pskgen=20
/var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/sbin
/usr/bin/install -c -o hf -g users -m 644 pskgen.8=20
/var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/man/man8
/usr/bin/install -c -o hf -g users -d=20
/var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/etc/racoon2
sh ./autogen.spmd.pwd
can't open=20
/var/obj/pkgsrc/security/racoon2/work/.destdir/etc/pkg/racoon2/spmd.pwd=20
at /usr/pkg/sbin/pskgen line 116.
*** Error code 2
Cheerio,
Hauke
--=20
The ASCII Ribbon Campaign Hauke Fath
() No HTML/RTF in email Institut f=FCr Nachrichtentechnik
/\ No Word docs in email TU Darmstadt
Respect for open standards Ruf +49-6151-16-21344
From: maya@NetBSD.org
To: Hauke Fath <hf@spg.tu-darmstadt.de>
Cc: gnats-bugs@netbsd.org
Subject: Re: pkg/55471 (security/racoon2 violates DESTDIR)
Date: Tue, 13 Oct 2020 06:21:31 +0000
On Tue, Oct 13, 2020 at 08:03:20AM +0200, Hauke Fath wrote:
> /usr/bin/install -c -o hf -g users -d
> /var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/etc/racoon2
> sh ./autogen.spmd.pwd
> can't open
> /var/obj/pkgsrc/security/racoon2/work/.destdir/etc/pkg/racoon2/spmd.pwd
> at /usr/pkg/sbin/pskgen line 116.
> *** Error code 2
I wonder what I'm doing different to not be seeing this.
From: Hauke Fath <hf@spg.tu-darmstadt.de>
To: gnats-bugs@netbsd.org
Cc: pkg-manager@netbsd.org, gnats-admin@netbsd.org, maya@NetBSD.org
Subject: Re: pkg/55471 (security/racoon2 violates DESTDIR)
Date: Tue, 13 Oct 2020 09:52:41 +0200
On Tue, 13 Oct 2020 06:25:01 +0000 (UTC), maya@NetBSD.org wrote:
> On Tue, Oct 13, 2020 at 08:03:20AM +0200, Hauke Fath wrote:
> > /usr/bin/install -c -o hf -g users -d=20
> > /var/obj/pkgsrc/security/racoon2/work/.destdir/usr/pkg/etc/racoon2
> > sh ./autogen.spmd.pwd
> > can't open=20
> > /var/obj/pkgsrc/security/racoon2/work/.destdir/etc/pkg/racoon2/spmd.pw=
d=20
> > at /usr/pkg/sbin/pskgen line 116.
> > *** Error code 2
> =20
> I wonder what I'm doing different to not be seeing this.
What does your pskgen/autogen.spmd.pwd look like? Mine has
<snip>
#!/bin/sh
if [ -f=20
/var/obj/pkgsrc/security/racoon2/work/.destdir/etc/pkg/racoon2/spmd.pwd=20
]
then
mv=20
/var/obj/pkgsrc/security/racoon2/work/.destdir/etc/pkg/racoon2/spmd.pwd=20
/var/obj/pkgsrc/security/racoon2/work/.destdir/etc/pkg/racoon2/spmd.pwd.bak
fi
if [ -x /usr/pkg/sbin/pskgen ]
then
/usr/pkg/sbin/pskgen -r -o=20
/var/obj/pkgsrc/security/racoon2/work/.destdir/etc/pkg/racoon2/spmd.pwd
fi
</snip>
which looks very wrong. It seems to me that the pskgen key generation=20
should be invoked conditionally from the rc.d script, similar to what=20
the sshd one does?
Cheerio,
Hauke
--=20
The ASCII Ribbon Campaign Hauke Fath
() No HTML/RTF in email Institut f=FCr Nachrichtentechnik
/\ No Word docs in email TU Darmstadt
Respect for open standards Ruf +49-6151-16-21344
State-Changed-From-To: feedback->open
State-Changed-By: maya@NetBSD.org
State-Changed-When: Tue, 13 Oct 2020 13:07:40 +0000
State-Changed-Why:
Didn't help, needs more work.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.