Bug 218720

Summary: dns/bind911, security/trousers: rcorder: Circular dependency
Product: Ports & Packages Reporter: Tatsuki Makino <tatsuki_makino>
Component: Individual Port(s)Assignee: Hiroki Sato <hrs>
Status: Open ---    
Severity: Affects Only Me CC: alfred, hrs, jcfyecrayz, mat, rene, w.schwarzenfeld, woodsb02, yasu
Priority: --- Keywords: patch
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
[patch] fix rc ordering for tpmd & tcsd
none
[patch] fix rc ordering for tpmd & tcsd [v2] jcfyecrayz: maintainer-approval? (hrs)

Description Tatsuki Makino 2017-04-18 03:03:22 UTC
rc.d/tcsd requires SERVERS and asks to activate before named.
rc.d/named asks to activate before SERVERS.
Comment 1 Walter Schwarzenfeld freebsd_triage 2018-01-15 22:09:18 UTC
tcsd.in shows

# PROVIDE: tcsd
# REQUIRE: SERVERS tpmd
# BEFORE:  named hastd kerberos
# KEYWORD: shutdown

this seems solved. I think we could close.
Comment 2 Tatsuki Makino 2018-01-16 00:01:39 UTC
(In reply to w.schwarzenfeld from comment #1)

dns/bind911 has START_LATE option. I installed the option off.
When executing rcorder /etc/rc.d/* /usr/local/etc/rc.d/* under that condition, I get a message "rcorder: Circular dependency on provision `SERVERS' in file `/usr/local/etc/rc.d/tcsd'.".

There are more "rcorder: Circular dependency ..." messages now, so I don't know anymore :)
Comment 3 Walter Schwarzenfeld freebsd_triage 2018-01-16 00:18:55 UTC
You are right:
usr/local/etc/rc.d/915resolution
rcorder: Circular dependency on provision `SERVERS' in file `/usr/local/etc/rc.d/tpmd'.
/usr/local/etc/rc.d/tpmd
rcorder: Circular dependency on provision `SERVERS' in file `/usr/local/etc/rc.d/tcsd'.
Comment 4 John Hein 2018-01-16 01:00:17 UTC
Created attachment 189778 [details]
[patch] fix rc ordering for tpmd & tcsd

Here's a patch to fix ordering problems in the rc.d scripts for security/trousers (tcsd) and emulators/tpm-emulator (tpmd).  It also replaces the rc.d dependency on kerberos to be kdc instead (rc.d/kerberos was renamed to rc.d/kdc in FreeBSD 10.1).
Comment 5 John Hein 2018-01-16 01:51:42 UTC
Created attachment 189780 [details]
[patch] fix rc ordering for tpmd & tcsd [v2]

v2: Remove accidental cruft from patch.  No substantial change vs. v1.
Comment 6 John Hein 2018-01-16 02:52:58 UTC
(In reply to John Hein from comment #5)
Before this fix (attachment 189780 [details]), rcorder shows:

% rcorder /usr/local/etc/rc.d/tcsd /usr/local/etc/rc.d/tpmd /usr/local/etc/rc.d/named /etc/rc.d/* | & grep rcorder
rcorder: file `/usr/local/etc/rc.d/tcsd' is before unknown provision `kerberos'
rcorder: Circular dependency on provision `SERVERS' in file `/usr/local/etc/rc.d/tpmd'.
rcorder: Circular dependency on provision `SERVERS' in file `/usr/local/etc/rc.d/tcsd'.
Comment 7 Alfred Perlstein freebsd_committer freebsd_triage 2018-01-16 05:29:34 UTC
Should there be a post-install or some other step during portlint or such to detect this?
Comment 8 Mathieu Arnold freebsd_committer freebsd_triage 2018-01-16 09:59:53 UTC
They are two different ports, that have absolutely no relation, there cannot be any automatic way to detect this.

The trousers probably need to loose the SERVERS requirement.
Comment 9 Ben Woods freebsd_committer freebsd_triage 2018-01-16 10:03:44 UTC
Awaiting Hiroki's approval of patch as maintainer.
Comment 10 Walter Schwarzenfeld freebsd_triage 2018-01-16 10:08:34 UTC
hrs (Hiroki) seems inactive, should move it back to the pool? (I see same PR belonging to him are long time open, some since 2014).
Comment 11 Walter Schwarzenfeld freebsd_triage 2018-01-16 10:27:13 UTC
similar problem here bug #216673 .
Comment 12 John Hein 2018-01-25 21:51:06 UTC
(In reply to Alfred Perlstein from comment #7)
Re: detecting this at port install time.  I think you could do something like:

rcorder /etc/rc.d/* /usr/local/etc/rc.d/* > rcorder-before-install
install rc.d script
rcorder /etc/rc.d/* /usr/local/etc/rc.d/* > rcorder-after-install

Compare before & after, and warn about any new rcorder errors.

I don't have a patch, but it doesn't seem too hard to be able to add something to QA to help with this.
Comment 13 Yasuhiro Kimura freebsd_committer freebsd_triage 2021-05-15 20:13:09 UTC
Would you mind my asking current status of this bug report? While investigating other issue (https://lists.freebsd.org/pipermail/freebsd-ports/2021-April/120993.html), I noticed the solution of my issue doesn't work as is expected because of this circular dependency.
Comment 14 Yasuhiro Kimura freebsd_committer freebsd_triage 2021-05-16 01:56:32 UTC
I tried patch of attachment 189780 [details] with 13.0-RELEASE. While it fixes circular dependency in question and stop blocking my issue, it causes another one as following.

----------------------------------------------------------------------
root@maybe[2052]# rcorder /etc/rc.d/* /usr/local/etc/rc.d/* > /dev/null
rcorder: Circular dependency on file `/usr/local/etc/rc.d/tcsd'.
rcorder: Circular dependency on provision `SERVERS': /etc/rc.d/SERVERS -> /etc/rc.d/kdc -> /usr/local/etc/rc.d/tcsd -> /etc/rc.d/SERVERS.
rcorder: `/usr/local/etc/rc.d/tcsd' was seen in circular dependencies for 1 times.
rcorder: `/etc/rc.d/kdc' was seen in circular dependencies for 1 times.
rcorder: `/etc/rc.d/SERVERS' was seen in circular dependencies for 1 times.
rcorder: `/usr/local/etc/rc.d/tcsd' was seen in circular dependencies for 1 times.
rcorder: requirement `dovecot' in file `/usr/local/etc/rc.d/postfix' has no providers.
root@maybe[2052]#
----------------------------------------------------------------------
Comment 15 Rene Ladan freebsd_committer freebsd_triage 2021-12-31 13:15:38 UTC
Note that dns/bind911 expired today and is being removed.
Comment 16 Yasuhiro Kimura freebsd_committer freebsd_triage 2021-12-31 14:30:46 UTC
(In reply to Rene Ladan from comment #15)

IIRC EoL of BIND 9.11 is extended to March 2022.
Comment 17 Tatsuki Makino 2021-12-31 20:21:54 UTC
(In reply to Rene Ladan from comment #15)

This has nothing to do with ISC BIND, but is a problem with the script that is installed in etc/rc.d.
I'm still having this problem with dns/bind916.

> rcorder /etc/rc.d/* /usr/local/etc/rc.d/*
  ︙
rcorder: Circular dependency on provision `SERVERS': /etc/rc.d/SERVERS -> /usr/local/etc/rc.d/named -> /usr/local/etc/rc.d/tcsd -> /usr/local/etc/rc.d/tpmd -> /etc/rc.d/SERVERS.
  ︙
Comment 18 Rene Ladan freebsd_committer freebsd_triage 2022-03-31 20:20:20 UTC
Leaving this open even though dns/bind911 expired today, as it also happens with dns/bind916.
Comment 19 Tatsuki Makino 2023-01-09 03:35:43 UTC
I even reported bug 268216 without fully understanding how rcorder was used, but if I fully understood it, this may not have been a problem.

In /etc/rc, it is run through twice with ${early_late_divider} as the boundary.
It seems that even if rcscript does not take into account early_late_divider="FILESYSTEMS", it is implicitly supposed to run later than the divider when installed on ${LOCALBASE}/etc/rc.d.
Comment 20 John Hein 2023-01-10 00:33:28 UTC
(In reply to Yasuhiro Kimura from comment #14)
The output from comment 14 indicates that rc.d/tcsd still contains the SERVERS in the REQUIRE line.  And the circular dependency still exists.

===========
 .
 .
rcorder: Circular dependency on provision `SERVERS': /etc/rc.d/SERVERS -> /etc/rc.d/kdc -> /usr/local/etc/rc.d/tcsd -> /etc/rc.d/SERVERS.
 .
 .
===========

The proposed patch removes that, so I don't understand why you would still see that if the patch was applied and trousers was re-installed based on the patch.  If your installed rc.d/tcsd still has "SERVERS", then maybe the patch was not applied correctly?

It seems to me the patch is still needed and still valid, both for the circular fixes and for the kerberos->kdc rename that happened in 10.x long ago.

The name on this bug could be changes to remove 'bind911' since that port (or any later incarnation like bind916) is unrelated to the circular problem.

But this has been around a long while now with what seems to be a valid patch. Maintainer timeout is long past - the assignee should be reset at the very least, but a commit would be even better.

maintainer-feedback request removed due to unresponsive maintainer.