Related to package: ------------------- Name : smartmontools Version : 7.4 Origin : sysutils/smartmontools Architecture : FreeBSD:14:amd64 FreeBSD_version: 1400097 build_timestamp: 2023-12-11T05:28:08+0000 Error Description: ------------------ root@host:~ # update-smart-drivedb /usr/local/sbin/update-smart-drivedb: GnuPG is not available ('--no-verify' to ignore) Try '/usr/local/sbin/update-smart-drivedb -h' for help However the package security/gnupg is installed. Proposed Fix: ------------- In /usr/local/sbin/update-smart-drivedb change the following variable: gpg="" to gpg="/usr/local/bin/gpg" As an alternative, the script could check if /usr/local/bin/gpg exists and just set the gpg variable if true. if -e "/usr/local/bin/gpg" then gpg="/usr/local/bin/gpg" fi
Thank you for the report! Confirmed for me, however, the problem is a bit more complex. If smartctl is installed from package, configure sets gpg to empty value as at the build time it does not exists. Technically i can set it as a build or runtime dep, but not sure it its desired. I think we will need to change this logic to runtime detection instead.
(In reply to Oleksii Samorukov from comment #1) There's also the following issue in that as installed from the pkg servers the file /usr/local/sbin/update-smart-drivedb is r-x for root which I guess may also be part of the problem? # ls -lah /usr/local/sbin/update-smart-drivedb -r-xr-xr-x 1 root wheel 29K Dec 27 05:50 /usr/local/sbin/update-smart-drivedb
Dear Samm I agree with you, runtime detection would be the best solution. If the variable is just set when the package gets build or installed, fixing the issue will not be straight forward for the users. Runtime detection seems to be the better solution. Maybe you could also add the information, to install the gnupg package, to the error message produced by the update-smart-drivedb script. @void The file permissions -r-xr-xr-x 1 root wheel 29K Dec 27 05:50 /usr/local/sbin/update-smart-drivedb are correct! If you add the writeable permission, you could create a possible security vulnerability. An attacker could use the write permission to inject bogus code into the script.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=3cff2677eadf97a3a0460e036ef5021456b4d432 commit 3cff2677eadf97a3a0460e036ef5021456b4d432 Author: Oleksii Samorukov <samm@FreeBSD.org> AuthorDate: 2024-01-07 19:51:37 +0000 Commit: Oleksii Samorukov <samm@FreeBSD.org> CommitDate: 2024-01-07 19:57:48 +0000 sysutils/smartmontools: enable gpg check in configure This is required to ensure that if gpg tool is installed database is validated. Also added hint to pkg-install message about security/gnupg port. PR: 276180 sysutils/smartmontools/Makefile | 3 ++- sysutils/smartmontools/files/pkg-message.in | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-)
It should be fixed; I enabled gpg in configure (which adds gpg=gpg entry to the updater) and added a hint to the package install message about security/gnupg. Thank you for the report.
Looking forward to the next update of the smartmontools package. Thanks for the quick fix!