From owner-freebsd-pkg@freebsd.org Sat Feb 6 11:41:41 2021 Return-Path: Delivered-To: freebsd-pkg@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0BB30545E65 for ; Sat, 6 Feb 2021 11:41:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4DXr3S6lL2z4ThT for ; Sat, 6 Feb 2021 11:41:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id E792154628B; Sat, 6 Feb 2021 11:41:40 +0000 (UTC) Delivered-To: pkg@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E75C0545E64 for ; Sat, 6 Feb 2021 11:41:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DXr3S69t6z4TqQ for ; Sat, 6 Feb 2021 11:41:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C77A810CDC for ; Sat, 6 Feb 2021 11:41:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 116BfeHN076023 for ; Sat, 6 Feb 2021 11:41:40 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 116BfeBm076022 for pkg@FreeBSD.org; Sat, 6 Feb 2021 11:41:40 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" From: bugzilla-noreply@freebsd.org To: pkg@FreeBSD.org Subject: maintainer-feedback requested: [Bug 253292] regression in r550860 (@sample conversion to lua) semantic change causes leftovers in poudriere, ex: security/ca_root_nss Date: Sat, 06 Feb 2021 11:41:41 +0000 X-Bugzilla-Type: request X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Ports Framework X-Bugzilla-Version: Latest X-Bugzilla-Keywords: regression X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: portmgr@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? merge-quarterly? Message-ID: In-Reply-To: References: X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pkg@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Binary package management and package tools discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Feb 2021 11:41:41 -0000 Matthias Andree has asked freebsd-pkg (Nobody) for maintainer-feedback: Bug 253292: regression in r550860 (@sample conversion to lua) semantic chan= ge causes leftovers in poudriere, ex: security/ca_root_nss https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253292 --- Description --- Greetings, I am debugging a leftovers situation in security/ca_root_nss. Turns out that since the Lua conversion, @sample (Keywords/sample.ucl) has different seman= tic than the Shell version used to have. I am looking at pkg 1.6.2, ca_root_nss 3.5.8, and ports from SVN at r564205 (that's the ^/head ummmm... trunk I'd say). Here's how, when ca_root_nss's pre-deinstall script runs: Situation: 1. pkg-plist contains: @sample etc/ssl/cert.pem.sample 2. symlinks at deinstall time, after fresh installation of ca_root_nss pack= age $ ls -l /usr/local/etc/ssl/cert.pem.sample /usr/local/etc/ssl/cert.pem lrwxr-xr-x 1 root wheel 33 30 Jan. 02:23 /usr/local/etc/ssl/cert.pem.sam= ple -> ../../share/certs/ca-root-nss.crt -rw-r--r-- 1 root wheel 786736 17 Okt. 18:23 /usr/local/etc/ssl/cert.pem 3. tracing with gdb into lua_pkg_filecmp() (you need to "set follow-fork-mo= de child"): (gdb)=20 198 const char* file1 =3D luaL_checkstring(L, 1); (gdb)=20 199 const char* file2 =3D luaL_checkstring(L, 2); (gdb) print file1 $1 =3D 0x80109b618 "/usr/local/etc/ssl/cert.pem.sample" (gdb) print file2 $2 =3D 0x80109b758 "/usr/local/etc/ssl/cert.pem" ... 208 if (fstatat(pkg->rootfd, RELATIVE_PATH(file1), &s1, AT_SYMLINK_NOFOLLOW) =3D=3D -1) { (gdb)=20 212 if (fstatat(pkg->rootfd, RELATIVE_PATH(file2), &s2, AT_SYMLINK_NOFOLLOW) =3D=3D -1) { (gdb)=20 216 if (!S_ISREG(s1.st_mode) || !S_ISREG(s2.st_mode)) { (gdb)=20 217 lua_pushinteger(L, -1); so it errors out here because file1 isn't regular. HOW IS THIS DIFFERENT? 1) cmp -s in the earlier shell version of the script didn't care if it was looking at regular files or symlinks or whatnot but would just open and com= pare contents and exit 0 (same content) 2) the lua version now ERRORS out (-1) (and @sample ignores that and just leaves the file) because it isn't looking at two regular files. To me, it is not clear why pkg's lua_pkg_filecmp() cares so much about file type WITHOUT following symlink. If it were, as a fallback, comparing symlin= ks, that might have a selling point, but the way things are in pkg 1.6.2, it's = not clear to me. Might rather be a quick sanity check (is the output something= we can mmap()) that misfires in corner cases. such as this. OPTIONS: 1. change pkg's lua_pkg_filecmp() to follow symlinks or disregard unimporta= nt file type differences. Plus: keeps capsicum, fewer external commands. 2. revert the switch from shell to lua script made in ports r550860. Plus: reinstates former behavior. Minus: loses capsicum isolation. 3. patch ALL ports that mix symlinks with @sample. Minus: doesn't scale. I am proposing (1), i. e. bringing pkg closer to former cmp behavior.