Date: Tue, 15 Jun 2004 12:40:29 +0200 From: Oliver Eikemeier <eikemeier@fillmore-labs.com> To: Dirk Meyer <dirk.meyer@dinoex.sub.org> Cc: FreeBSD-gnats-submit@FreeBSD.org Subject: Re: ports/67937: [PATCH] www/apache13-modssl,www/apache13-modssl+ipv6: sanitize version number handling Message-ID: <40CED21D.6000704@fillmore-labs.com> In-Reply-To: <A3CC02C2-BE30-11D8-9250-00039312D914@fillmore-labs.com> References: <A3CC02C2-BE30-11D8-9250-00039312D914@fillmore-labs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dirk Meyer wrote:
> Oliver Eikemeier schrieb:,
>>> Dirk Meyer wrote:
>>
>>> 1. Please give an example where pkg_version does not handle the
>>> version check.
>>> I use pkg_version, and otehr tiolls without any problems.
>>
>> Install the port with APACHE_WITH_MODDEFLATE=yes (sigh).
>> Try
>> pkg_version -v | grep apache
>> You'll get
>> apache+mod_ssl+mod_deflate-1.3.31+ > succeeds port (port has 1.3.31+2.8.18_4)
>> (note the truncated package name on -STABLE)
>
> Please set APACHE_WITH_MODDEFLATE=yes in /etc/make.conf
I expect that most users won't do this. Actually setting user
tunable variables in make.conf(5) can lead to unexpected results
when they are not specifically designed to be effective on the
whole ports tree, so I would advise against doing this.
>> bump the PORTREVISION (security fix!)
>> pkg_version -v | grep apache
>> apache+mod_ssl+mod_deflate-1.3.31+ > succeeds port (port has 1.3.31+2.8.18_5)
>
> Please set options in /etc/make.conf
>
> apache+mod_ssl-1.3.31+2.8.17_3 < needs updating (port has 1.3.31+2.8.18_4)
... which is the line you'll get when no options have been set.
>> Try
>> portupgrade -n 'apache*'
>> ** No need to upgrade
>> 'apache+mod_ssl+mod_deflate-1.3.31+2.8.18+1.0.21_4' (>= apache+mod_ssl-1.3.31+2.8.18_5). (specify -f to force)
>> You'll miss security fixes! Now, is the port broken?
>
> will work when options set in /etc/make.conf
Please, you don't do the users of your port a favour here. Besides requiring
that options are set in make.conf(5) and are not changed between upgrades, you
make it excessively expensive to add entries to the vulnerability database.
Currently 16 entries would be required, instead of two.
>>> 2. I can't reproduce that the port conficts with it self.
>>> # make -V CONFLICTS
>>> apache+ipv6-1.* apache+ssl-1.* apache-1.* apache-2.* apache_fp-1.*
>>> caudium-devel-1.* caudium10-1.* caudium12-* ru-apache+mod_ssl-1.*
>>> ru-apache-1.* thttpd-2.* w3c-httpd-3.* apache+mod_snmp*-1.*
>>> apache+mod_accel*-1.* apache+mod_deflate*-1.*
>>
>> Try
>> make APACHE_WITH_MODDEFLATE=yes -VCONFLICTS
>>
>> You'll get `apache+mod_ssl-1.*', which is *this* port, please read how
>> CONFLICTS work. Besides, you make it unnecessary hard to CONFLICT with *this* port.
>
> This is required for some options.
> IPV6 can be build from teh master port or from the Slave port.
> To avoid overwrites CONFLICTS is set.
No. Apply the patch and you'll see that exactly www/apache13-modssl and
www/apache13-modssl+ipv6 conflict, and nothing else. Also it is *much* easier
for other ports to add CONFLICTS for these ports, and to guess their names.
>>> 4. Suggested patch is a regression, it fails to build with customized
>>> slave ports.
>>
>> What are `customized slave ports'? Of course they build.
>
> e.G. ports/www/apache13-modssl+ipv6
> You removed to possiblitiy to overwrite some options.
Hmmm... I don't understand what options you are referring to.
Could you name an example?
>>> 5. Why do you drop support of Makefile.local?
>>
>> Only bsd.port.mk includes ${MASTERDIR}/Makefile.local. Slave ports never
>> include a Makefile.local in the slaves port directory. If you want to change
>> this, please submit a patch for bsd.port.mk.
>
> When Fixes will take less than 6 Month to get in ...
> INFO works just with the last revision of bsd.port.mk,
> how long since it was introduced?
>
> No reason to removes "features" that have been asked for by users.
I try not to introduce "features" in my ports that I have to describe
using double quotes. Anyway, I don't care, this was just a drive-by.
These and other issues are not a concern of this PR, so keep it the way
it is.
-Oliver
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40CED21D.6000704>