From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Jun 30 20:10:11 2014 Return-Path: Delivered-To: freebsd-ports-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 06948DD3 for ; Mon, 30 Jun 2014 20:10:11 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DC7AA2F2A for ; Mon, 30 Jun 2014 20:10:10 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s5UKAA2Y098447 for ; Mon, 30 Jun 2014 21:10:10 +0100 (BST) (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 181507] [PATCH] security/pks: fix autostart Date: Mon, 30 Jun 2014 20:10:11 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports Tree X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: gtodd@opendevelopment.net X-Bugzilla-Status: In Discussion X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jun 2014 20:10:11 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=181507 --- Comment #7 from G. Todd --- Hi Sorry for the delay on this. Attached above is a somewhat rushed svn diff so this stays alive after the move to STAGE. 1. I have compiled using STAGE on 9.2 and 10.0 and everything seems to work fine. Thanks for the work on this feature of ports, and thanks for using bugzilla! 2. On two machines I am able to test on there seems to be corruption issues when using db42. I set USE_DB to 41. 3. There was a an error in the test condition of the start_postcmd which caused the postcmd to never run. If the postcmd (pks-queue-run.sh) does run, it gets stuck in a while loop and doesn't exit properly. This issue appears to be related to configuration so, rather than adding patches for the upstream source, I think it is best to disable the start_postcmd and document the required installation steps for enabling it. 4. Setting a ${pidfile} fixed a start/stop issue but I can't remember the specifics. In any case this doesn't feel like a complete solution to the reported bug since I am not sure why it changes the behavior the way it does. Beyond this patch these are the TODOs for this port: - the port needs to install its own UID/GID and run with those privileges. At one point I had this mostly done but not well tested. Feel free to take this on. - the configuration file and the rc.d script should by default disable interaction by mail and encourage the administrator (with installation messages) to correctly configure their pks installation to work with the local mail infrastructure BEFORE running rc.d scripts which rely on it. [MOSTLY DONE ?] - the port needs to be easy to set up to run chrooted using rc.conf and have a better default chroot location set in the sample configuration (but continue to default chroot to off of course). Please test! security/pks needs to use the facilities of the new improved ports system, rc.subr. rc.conf to build and install an easy to install binary pkg in a reliable way to stay useful. pks is a simple BSD licensed key management service that might fit nicely into a larger project, but to stay relevant for the longer term support for new key formats (JPEG images etc.) and/or alternative DB backends would be nice to have. pks was a very useful tool for internal key services I ran in the past. Since I do not run a key service of any kind currently, new maintainers/developers are welcome and encouraged. -- You are receiving this mail because: You are the assignee for the bug.