From owner-svn-ports-head@FreeBSD.ORG Thu Apr 2 16:24:43 2015 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2BD4E2DB for ; Thu, 2 Apr 2015 16:24:43 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 08DABD41 for ; Thu, 2 Apr 2015 16:24:43 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.9/8.14.9) with ESMTP id t32GOgh3037742 for ; Thu, 2 Apr 2015 16:24:42 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.9/8.14.9/Submit) id t32GOgfp037737 for svn-ports-head@freebsd.org; Thu, 2 Apr 2015 16:24:42 GMT (envelope-from bdrewery) Received: (qmail 77107 invoked from network); 2 Apr 2015 11:24:39 -0500 Received: from unknown (HELO ?10.10.1.139?) (freebsd@shatow.net@10.10.1.139) by sweb.xzibition.com with ESMTPA; 2 Apr 2015 11:24:39 -0500 Message-ID: <551D6D57.8020106@FreeBSD.org> Date: Thu, 02 Apr 2015 11:24:55 -0500 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Tijl Coosemans Subject: Re: svn commit: r382977 - head/security/softhsm References: <201504020012.t320Cj4P097842@svn.freebsd.org> <20150402131349.72ea0182@kalimero.tijl.coosemans.org> In-Reply-To: <20150402131349.72ea0182@kalimero.tijl.coosemans.org> OpenPGP: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="n9g2j6kcF6tcVjTaUDqAKeqkfDWeVdf4L" Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Apr 2015 16:24:43 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --n9g2j6kcF6tcVjTaUDqAKeqkfDWeVdf4L Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 4/2/2015 6:13 AM, Tijl Coosemans wrote: > On Thu, 2 Apr 2015 00:12:45 +0000 (UTC) Bryan Drewery wrote: >> Author: bdrewery >> Date: Thu Apr 2 00:12:44 2015 >> New Revision: 382977 >> URL: https://svnweb.freebsd.org/changeset/ports/382977 >> >> Log: >> Thanks for breaking my domain >> >> Modified: >> head/security/softhsm/Makefile >> >> Modified: head/security/softhsm/Makefile >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D >> --- head/security/softhsm/Makefile Thu Apr 2 00:12:13 2015 (r382976) >> +++ head/security/softhsm/Makefile Thu Apr 2 00:12:44 2015 (r382977) >> @@ -16,6 +16,9 @@ LIB_DEPENDS=3D libbotan-1.10.so:${PORTSDIR >> libsqlite3.so:${PORTSDIR}/databases/sqlite3 >> =20 >> GNU_CONFIGURE=3D yes >> +# !!!!!!!!!!!! >> +# Changing the localstatedir is a huge POLA violation. Please leave i= t alone. >> +# !!!!!!!!!!!!!! >> CONFIGURE_ARGS=3D --with-botan=3D${LOCALBASE} --with-sqlite3=3D${LOCA= LBASE} \ >> --localstatedir=3D/var >=20 > But surely you agree that using PREFIX/var instead of /var is a bug and= > ports that do so need to be fixed? Probably, but I'm still too frustrated from being booted off the net from this to have a rational discussion. I updated the softhsm package months ago but because I only just rebooted yesterday I did not have the opendnssec daemons restarted to think that the location had moved. Since I had a 100% default config in /usr/local/etc/softhsm.conf it flipped the location. Once I booted back up the key signing daemon could not find the key database and flipped out. I looked everywhere but /usr/local/lib/var for the file in my backups, kept wondering how it ever worked and wrote it off to some FS corruption or something stupid I had done. I had no choice but to generate a new key and wait out the TTL. Of course I didn't remove the DS record on my registrar until minutes after generating a new key and was promptly punished by caches. It was not until I asked Peter to flush my bad DNSSEC records on the cluster that he mentioned this all pretty much happened to FreeBSD.org last year as well. Changing the location of directories needs to be done with care and UPDATING entries (I don't read those but if there had been one I would only have blamed myself). On the other hand I did not even know what softhsm was and when I saw the change I almost expected I had approved the effort. >=20 > The attached patch adds --localstatedir=3D/var to _LATE_CONFIGURE_ARGS > (like --mandir). Maybe that would be better to prevent this problem in= > the future. >=20 Mass changing this is fine with an UPDATING and ports@ mail I think. This port in particular fails have its database backed up now though as I do not do remote backups of /var/lib. For changes like this I would have expected a /var/db/softhsm rather than /var/lib/softhsm. Bryan --n9g2j6kcF6tcVjTaUDqAKeqkfDWeVdf4L Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJVHW1XAAoJEDXXcbtuRpfPbcgIANNoDQndhoCAXRNrKK4lXWji LJwPlEVQmDdZZGc8VLp5eKrnmDet7SwMssCEraU/tpugRSx6TqVmfwzLadq63k6W y0x6w8rGPmWEtOrh+AgVaOd8Fri9UCHUATco+HXUYZvYWl5MzCP5edCONEwMbH+M v9joCt7Ni+OA7r/m5yzwZ5evvHXV/l0xqqwOWAefbhtkK6asgo9hlbUhnwSftUhw 7hGJpRMpRhhxBfX6H/UGSDyDseoPaIBZePKEszXEZlbwxsW72d8o2CEBebfBOM/+ +cfVDeXUh/WBlWX9xSmA6g++GQxft0ZK/Jr8/2FrH2DTEtmWiU2dWgduMcYM5CY= =jsId -----END PGP SIGNATURE----- --n9g2j6kcF6tcVjTaUDqAKeqkfDWeVdf4L--