From owner-freebsd-pkg@freebsd.org Mon May 11 18:04:15 2020 Return-Path: Delivered-To: freebsd-pkg@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9E4B32E6EF9 for ; Mon, 11 May 2020 18:04:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 49LTMz3kpNz3MF5 for ; Mon, 11 May 2020 18:04:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 7E3ED2E6EF8; Mon, 11 May 2020 18:04:15 +0000 (UTC) Delivered-To: pkg@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7DFE12E6EF7 for ; Mon, 11 May 2020 18:04:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49LTMz2S6Nz3MF4 for ; Mon, 11 May 2020 18:04:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4F497226A8 for ; Mon, 11 May 2020 18:04:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 04BI4F57018784 for ; Mon, 11 May 2020 18:04:15 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 04BI4Fn5018768 for pkg@FreeBSD.org; Mon, 11 May 2020 18:04:15 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pkg@FreeBSD.org Subject: [Bug 218159] ports-mgmt/pkg: pkg -r fails to run post install script. Date: Mon, 11 May 2020 18:04:15 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: jeff+freebsd@wagsky.com X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pkg@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pkg@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Binary package management and package tools discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 May 2020 18:04:15 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D218159 Jeff Kletsky changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jeff+freebsd@wagsky.com --- Comment #4 from Jeff Kletsky --- Confirming that -r / --rotdir does not appear to run the package scripts in= a "sae" manner, resulting in failures and potentially corruption of the syste= m, in general. Expected behavior: * Running `pkg -r /path/to/jail/root` would only impact files under /path/to/jail/root * With the possible exception of the pkg cache on the host file system Observed behavior: * Package scripts attempt to modify files relative to the host file system = that are outside of the specified root Impact: * Host file system can be put into an inconsistent state Steps to replicate at the end of this comment. --- Observed that, as a repeatable example, `php74-xmlwriter-7.4.5` results in /bin/sh: cannot create /usr/local/include/php/ext/php_config.h: No such fil= e or directory pkg: POST-INSTALL script failed This appears to be due to the post-install script using absolute path names. >From `+MANIFEST` "scripts":{"post-install":"echo \\#include \\\"ext/xmlwriter/config.h\\\" >> /usr/local/include/php/ext/php_config.h","pre-deinstall":"cp /usr/local/include/php/ext/php_config.h /usr/local/include/php/ext/php_config.h.orig\ngrep -v ext/xmlwriter/config.h /usr/local/include/php/ext/php_config.h.orig > /usr/local/include/php/ext/php_config.h || true\n/bin/rm -f /usr/local/include/php/ext/php_config.h.orig"} Thankfully, my host system does not have /usr/local/include/php/ or I suspe= ct the script would have corrupted the host system. While one can argue that this is also an error in the packages, installing a package to a target filesystem shouldn't overwrite the host system's data (= with the potential exception of the package caches). There does not seem to be a workaround that I can find as the application is installing ports on jail filesystems for jails that intentionally do not ha= ve general network access. `pkg -j` is not an option as the jail needs to be running and the jail does= not have access to the repos over the network. Running `pkg` from within the ja= il with `jexec` has the same issues. `pkg -c` first fails due to lack of `/etc/resolv.conf`. While `/etc/resolv.conf` could be overwritten, this would then allow a running ja= il access to DNS records that it ordinarily would not have (the jails also hav= e no DNS access or restricted DNS views). Even adding an "unrestricted" `/etc/resolv.conf` still results in problems, with a lack of `/dev/null` be= ing the next problem. TO REPLICATE =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # create an empty file system, extract the base system sudo zfs create zroot-js-front-2020-05/var/jail/pkg-r cd /var/jail/pkg-r/ sudo tar xvf ~/FreeBSD/12.1/base.txz=20 # Update it to current sudo freebsd-update -b /var/jail/pkg-c fetch sudo freebsd-update -b /var/jail/pkg-c install # Update the package data sudo pkg -r /var/jail/pkg-r update # Install a package that brings in some php modules sudo pkg -r /var/jail/pkg-r install nextcloud-php74 # It looks like php74 alone would work # Observe that the POST-INSTALL scripts are trying to access paths outside = of the specified root # and that, had the directories and files been present on the host, # would have resulted the "wrong" files being copied, as well as changing t= he host's configuration [14/55] Extracting php74-7.4.5: 100% cp: /usr/local/etc/php-fpm.conf.default: No such file or directory cp: /usr/local/etc/php-fpm.d/www.conf.default: No such file or directory touch: /usr/local/include/php/ext/php_config.h: No such file or directory pkg: POST-INSTALL script failed --=20 You are receiving this mail because: You are the assignee for the bug.=