Bug 173366
| Summary: | FIB in Apache RC script vs. rc.subr | ||
|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Stefan Eßer <se> |
| Component: | Individual Port(s) | Assignee: | Hiroki Sato <hrs> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | Latest | ||
| Hardware: | Any | ||
| OS: | Any | ||
Hi Stefan, I have no current system, so I cannot do some testing. I found the following additional rc-scripts where I suspect they will also fail on 10-current. net/sslh/files/sslh.in sysutils/jailrc/files/jailrc.in www/apache22/files/apache22.in www/cblog/files/cblog.in www/fcgiwrap/files/fcgiwrap.in www/shellinabox/files/shellinaboxd.in www/squid/files/squid.in www/squid31/files/squid.in www/squid32/files/squid.in I've added Hiroki Sato since he implemented the rc.subr setfib part. @Hiroki Sato would you please look into this PR -- Regards, olli ----Security_Multipart(Tue_Nov__6_05_55_52_2012_745)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Olli Hauer <ohauer@FreeBSD.org> wrote in <509824BB.8050904@FreeBSD.org>: oh> Hi Stefan, oh> oh> I have no current system, so I cannot do some testing. oh> oh> I found the following additional rc-scripts where I suspect oh> they will also fail on 10-current. oh> oh> net/sslh/files/sslh.in oh> sysutils/jailrc/files/jailrc.in oh> www/apache22/files/apache22.in oh> www/cblog/files/cblog.in oh> www/fcgiwrap/files/fcgiwrap.in oh> www/shellinabox/files/shellinaboxd.in oh> www/squid/files/squid.in oh> www/squid31/files/squid.in oh> www/squid32/files/squid.in oh> oh> oh> I've added Hiroki Sato since he implemented the rc.subr setfib part. oh> oh> @Hiroki Sato oh> would you please look into this PR Gr, sorry, I didn't notice them. I will take a look at the affected ports and create a patch. -- Hiroki ----Security_Multipart(Tue_Nov__6_05_55_52_2012_745)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEABECAAYFAlCYJ9gACgkQTyzT2CeTzy3m+QCgwS7FYCzqbAZtsELIo+I664pL p5gAnjG7Z+ajkXu1zVnAj3IKo6JzjoBu =uLl7 -----END PGP SIGNATURE----- ----Security_Multipart(Tue_Nov__6_05_55_52_2012_745)---- State Changed From-To: open->patched All of the affected ports have been patched. Please try them and let me know if the problem persists. Responsible Changed From-To: freebsd-ports-bugs->hrs All of the affected ports have been patched. Please try them and let me know if the problem persists. State Changed From-To: patched->closed This problem has been fixed. |
r242184 added setfib(1) support to rc.subr and assumes, that any non-blank value is a FIB number. But the RC script for apache sets "apache_fib" to "NO" if it does not contain a FIB number. This leads to a comamnd "setfib -F NO apache" and setfib complains about the non-zero value. I assume that the apache RC script should be modified to not pass apache22_fib="NO" for the case of no FIB. OTOH, the code in rc.subr could be changed to accept "NO" as equivalent to an empty value of the FIB variable. Setting "apache22_fib=0" just hides the problem. It does not harm, but the default of not specifying a FIB should just work. Fix: The following patch lets rc.subr accept "NO" as equivalent to an empty xxx_fib variable. This patch is sufficient, but does not try to detect any permitted spelling of "NO" (vs. [Nn][Oo]). + if [ "x$_fib" = "xNO" ]; then + _fib= + fi + if [ -n "$_user" ]; then # unset $_user if running as that user if [ "$_user" = "$(eval $IDCMD)" ]; then unset _user--1h7e2PoPnYXA5DIiOsA6C2eTKGZR6OtL9CopJXu0UHPVi975 Content-Type: text/plain; name="file.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="file.diff" --- /usr/src/etc/rc.subr 2012-10-27 23:15:46.554124610 +0200 +++ /etc/rc.subr 2012-11-04 21:46:29.109476560 +0100 @@ -645,6 +645,10 @@ _group=\$${name}_group _groups=\$${name}_groups \ _fib=\$${name}_fib How-To-Repeat: On a -CURRENT system with Apache try to start it wothout setting a FIB: # service apache22 start