From owner-freebsd-ports@FreeBSD.ORG Fri Sep 1 18:37:46 2006 Return-Path: X-Original-To: ports@freebsd.org Delivered-To: freebsd-ports@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A34A816A4E5; Fri, 1 Sep 2006 18:37:46 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from sccmmhc91.asp.att.net (sccmmhc91.asp.att.net [204.127.203.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id 63BF543D4C; Fri, 1 Sep 2006 18:37:45 +0000 (GMT) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net ([12.207.12.9]) by sccmmhc91.asp.att.net (sccmmhc91) with ESMTP id <20060901183744m9100h4f94e>; Fri, 1 Sep 2006 18:37:44 +0000 Received: from lor.one-eyed-alien.net (localhost [127.0.0.1]) by lor.one-eyed-alien.net (8.13.6/8.13.6) with ESMTP id k81IbW5r017025; Fri, 1 Sep 2006 13:37:38 -0500 (CDT) (envelope-from brooks@lor.one-eyed-alien.net) Received: (from brooks@localhost) by lor.one-eyed-alien.net (8.13.6/8.13.6/Submit) id k81IbWFs017024; Fri, 1 Sep 2006 13:37:32 -0500 (CDT) (envelope-from brooks) Date: Fri, 1 Sep 2006 13:37:31 -0500 From: Brooks Davis To: Doug Barton Message-ID: <20060901183731.GC15734@lor.one-eyed-alien.net> References: <44F7C639.90905@FreeBSD.org> <20060901133519.GA14134@lor.one-eyed-alien.net> <44F87677.4000604@FreeBSD.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="oTHb8nViIGeoXxdp" Content-Disposition: inline In-Reply-To: <44F87677.4000604@FreeBSD.org> User-Agent: Mutt/1.5.11 Cc: Brooks Davis , ports@FreeBSD.org, Jiawei Ye Subject: Re: Jabberd vs PostgreSQL X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Sep 2006 18:37:46 -0000 --oTHb8nViIGeoXxdp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 01, 2006 at 11:05:43AM -0700, Doug Barton wrote: > Brooks Davis wrote: > > On Thu, Aug 31, 2006 at 10:33:45PM -0700, Doug Barton wrote: > >> Jiawei Ye wrote: > >> > >>> I can see that postgresql requires LOGIN, but jabberd is BEFORE:LOGIN, > >>> what is the proper solution? > >> If I understand correctly, pgsql runs as an unprivileged user, which m= eans > >> it needs to REQUIRE LOGIN. OTOH, there is no reason that jabberd shoul= d run > >> BEFORE LOGIN, and I suspect that is an artifact of copying and pasting= a > >> script that had that in it for no good reason. In fact, > >> ports/net-im/jabber/files/jabberd.sh.in does not have that line, so I = am > >> wondering what port you're working with here. > >=20 > > I'd agree that pgsql should REQUIRE LOGIN, but I think the reason is > > subtilly different. In my mind the key with LOGIN is that the system > > is ready security wise to allow users to interact with the machine via > > methods other than the administrative console. This should mean the > > secure level is elevated and any other security bootstrapping is done. > > IIRC this is actually not the case and should be fixed.=20 >=20 > That's an interesting idea, I'll have to give it some more thought. This is what LOGIN has to say for it self: # This is a dummy dependency to ensure user services such as xdm, # inetd, cron and kerberos are started after everything else, in case # the administrator has increased the system security level and # wants to delay user logins until the system is (almost) fully # operational. > >> In any case, the proper fix here seems to be to have jabber REQUIRE > >> postgresql. Try that, and if it works, you're golden. > >=20 > > There are a couple problems with "REQUIRE postgresql" in general: >=20 > I wasn't speaking in general. :) I probably should have > s/here/in your situation/ to make it more clear what I meant. I suspected that was the case, but wanted to insure this didn't get committed. > > I think the right thing is create a stub DATABASE provider that mysql > > and postgres can be BEFORE. Ports that want a database can just depend > > on that. It will insure that ordering is correct if the server is local > > without causing problems if it isn't or requiring script modifications > > for ports that can use more than one database from the same package. >=20 > No objections on my side, but I am not in a position to develop or test i= t, > since I'm not using any database stuff at the moment and don't have any > spare cycles. This topic came up on the -rc list a while back and no one = bit > the apple, so if there is a user (or committer) here who wants to work th= is > one out, please feel free to take this project up, and report your findin= gs > on freebsd-rc@. The big question in my mind is, do we make a port to do this or add it to the base? I think we'd need a port for compatability so we might just want to create one and always use it. -- Brooks --oTHb8nViIGeoXxdp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFE+H3rXY6L6fI4GtQRAsdmAJ9Jy0PaTyXgC8LVUW77aa7dc2q3jgCfQpUL R5Q5EWXNruAQmrE5G5rht78= =2uul -----END PGP SIGNATURE----- --oTHb8nViIGeoXxdp--