Bug 144264

Summary: installing misc/compat5x (or other compats) is broken when kernel security level is > 0
Product: Ports & Packages Reporter: Youssef Ghorbal <djo>
Component: Individual Port(s)Assignee: Dmitry Marakasov <amdmi3>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Youssef Ghorbal 2010-02-24 13:20:02 UTC 
compat5x libraries files delivered by the port have the schg flag set.
In the post-extract phase a chflags -R noschg ${WRKSRC} is executed in order to remove this flag. 
This works fine when kernel security level is 0 but chflags are not permitted if the security level is >= 1 (FreeBSD disallows changing system flags at security levels greater than 0) So the chflags is ignored.

In the do-install section if the OSVERSION is higher then 800105 (which is my case) the file libpthread.so.1 has to be removed. This action fails since the libpthread.so.1 has the schg set and the install fails.
The make clean fails too, since it's not able to remove work directory for the same reasons. 

Is there any reason why the compat lib files delivered by the port have the schg flag set ? especially when the first action taken after the extract is to remove it ? It's not even reset after the install phase.

Fix: 

- Deliver the compat files without the schg flag set.

Or (if the above is not possible)

- In the Makefile, test the kernel security level and abort the whole process at the beginning when this value is >=1
How-To-Repeat: 0 - FreeBSD 8.0 >= 800105 (on other FreeBSDs only the clean will fail)
1 - rise the kernel security level to a value higher or equal to 1.
2 - cd to the misc/compat5x ports directory and run make install clean.
Comment 1 Dmitry Marakasov freebsd_committer freebsd_triage 2010-08-24 00:35:11 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->amdmi3

I'll take it.
Comment 2 dfilter service freebsd_committer freebsd_triage 2010-08-24 20:32:27 UTC 
amdmi3      2010-08-24 19:32:18 UTC

  FreeBSD ports repository

  Modified files:
    misc/compat5x        Makefile distinfo 
  Log:
  - Reroll compat5x distfiles to clean schg flag, which makes it possible to install compat5x with securelevel > 0
  
  PR:             144264
  Submitted by:   Youssef Ghorbal <djo@pasteur.fr>
  Discussed on:   freebsd-ports@
  
  Revision  Changes    Path
  1.24      +2 -8      ports/misc/compat5x/Makefile
  1.4       +12 -12    ports/misc/compat5x/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Dmitry Marakasov freebsd_committer freebsd_triage 2010-08-24 20:32:29 UTC 
State Changed
From-To: open->closed

Committed. Thanks!