Date: Thu, 02 Apr 2015 11:24:55 -0500 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Tijl Coosemans <tijl@FreeBSD.org> Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org Subject: Re: svn commit: r382977 - head/security/softhsm Message-ID: <551D6D57.8020106@FreeBSD.org> In-Reply-To: <20150402131349.72ea0182@kalimero.tijl.coosemans.org> References: <201504020012.t320Cj4P097842@svn.freebsd.org> <20150402131349.72ea0182@kalimero.tijl.coosemans.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --n9g2j6kcF6tcVjTaUDqAKeqkfDWeVdf4L Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 4/2/2015 6:13 AM, Tijl Coosemans wrote: > On Thu, 2 Apr 2015 00:12:45 +0000 (UTC) Bryan Drewery <bdrewery@FreeBSD= =2Eorg> wrote: >> Author: bdrewery >> Date: Thu Apr 2 00:12:44 2015 >> New Revision: 382977 >> URL: https://svnweb.freebsd.org/changeset/ports/382977 >> >> Log: >> Thanks for breaking my domain >> >> Modified: >> head/security/softhsm/Makefile >> >> Modified: head/security/softhsm/Makefile >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D >> --- head/security/softhsm/Makefile Thu Apr 2 00:12:13 2015 (r382976) >> +++ head/security/softhsm/Makefile Thu Apr 2 00:12:44 2015 (r382977) >> @@ -16,6 +16,9 @@ LIB_DEPENDS=3D libbotan-1.10.so:${PORTSDIR >> libsqlite3.so:${PORTSDIR}/databases/sqlite3 >> =20 >> GNU_CONFIGURE=3D yes >> +# !!!!!!!!!!!! >> +# Changing the localstatedir is a huge POLA violation. Please leave i= t alone. >> +# !!!!!!!!!!!!!! >> CONFIGURE_ARGS=3D --with-botan=3D${LOCALBASE} --with-sqlite3=3D${LOCA= LBASE} \ >> --localstatedir=3D/var >=20 > But surely you agree that using PREFIX/var instead of /var is a bug and= > ports that do so need to be fixed? Probably, but I'm still too frustrated from being booted off the net from this to have a rational discussion. I updated the softhsm package months ago but because I only just rebooted yesterday I did not have the opendnssec daemons restarted to think that the location had moved. Since I had a 100% default config in /usr/local/etc/softhsm.conf it flipped the location. Once I booted back up the key signing daemon could not find the key database and flipped out. I looked everywhere but /usr/local/lib/var for the file in my backups, kept wondering how it ever worked and wrote it off to some FS corruption or something stupid I had done. I had no choice but to generate a new key and wait out the TTL. Of course I didn't remove the DS record on my registrar until minutes after generating a new key and was promptly punished by caches. It was not until I asked Peter to flush my bad DNSSEC records on the cluster that he mentioned this all pretty much happened to FreeBSD.org last year as well. Changing the location of directories needs to be done with care and UPDATING entries (I don't read those but if there had been one I would only have blamed myself). On the other hand I did not even know what softhsm was and when I saw the change I almost expected I had approved the effort. >=20 > The attached patch adds --localstatedir=3D/var to _LATE_CONFIGURE_ARGS > (like --mandir). Maybe that would be better to prevent this problem in= > the future. >=20 Mass changing this is fine with an UPDATING and ports@ mail I think. This port in particular fails have its database backed up now though as I do not do remote backups of /var/lib. For changes like this I would have expected a /var/db/softhsm rather than /var/lib/softhsm. Bryan --n9g2j6kcF6tcVjTaUDqAKeqkfDWeVdf4L Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJVHW1XAAoJEDXXcbtuRpfPbcgIANNoDQndhoCAXRNrKK4lXWji LJwPlEVQmDdZZGc8VLp5eKrnmDet7SwMssCEraU/tpugRSx6TqVmfwzLadq63k6W y0x6w8rGPmWEtOrh+AgVaOd8Fri9UCHUATco+HXUYZvYWl5MzCP5edCONEwMbH+M v9joCt7Ni+OA7r/m5yzwZ5evvHXV/l0xqqwOWAefbhtkK6asgo9hlbUhnwSftUhw 7hGJpRMpRhhxBfX6H/UGSDyDseoPaIBZePKEszXEZlbwxsW72d8o2CEBebfBOM/+ +cfVDeXUh/WBlWX9xSmA6g++GQxft0ZK/Jr8/2FrH2DTEtmWiU2dWgduMcYM5CY= =jsId -----END PGP SIGNATURE----- --n9g2j6kcF6tcVjTaUDqAKeqkfDWeVdf4L--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?551D6D57.8020106>