Summary: | www/ufdbguard: update to 1.33.3 | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Pavel Timofeev <timp87> | ||||||||||
Component: | Individual Port(s) | Assignee: | Richard Gallamore <ultima> | ||||||||||
Status: | Closed FIXED | ||||||||||||
Severity: | Affects Only Me | CC: | ultima | ||||||||||
Priority: | --- | ||||||||||||
Version: | Latest | ||||||||||||
Hardware: | Any | ||||||||||||
OS: | Any | ||||||||||||
See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220422 | ||||||||||||
Attachments: |
|
Description
Pavel Timofeev
2017-06-26 13:00:36 UTC
[root@vlt2 /usr/ports/www/ufdbguard]# portlint -AC WARN: Makefile: possible use of absolute pathname "/var/run/${PORTNAME}". WARN: Makefile: possible use of absolute pathname "/var/db/${PORTNAME}". WARN: Makefile: possible use of absolute pathname "/var/log/${PORTNAME}". WARN: Makefile: for new port, make $FreeBSD$ tag in comment section empty, to make SVN happy. WARN: /usr/ports/www/ufdbguard/distinfo: [1]: TIMESTAMP is over 30 days old 0 fatal errors and 5 warnings found. ====> Running Q/A tests (stage-qa) Warning: setuid files in the stage directory (are these necessary?): 837 -rwsr-sr-x 1 root wheel 66672 Jun 26 13:02:49 2017 /wrkdirs/usr/ports/www/ufdbguard/work/stage/usr/local/bin/ufdbsignal ====> Checking for pkg-plist issues (check-plist) ===> Parsing plist ===> Checking for items in STAGEDIR missing from pkg-plist ===> Checking for items in pkg-plist which are not in STAGEDIR ===> No pkg-plist issues found (check-plist) ====>> Checking for staging violations... done =======================<phase: package >============================ ===> Building package for ufdbGuard-1.33.3 =========================================================================== =======================<phase: install-mtree >============================ =========================================================================== ====>> Recording filesystem state for preinst... done =======================<phase: install >============================ ===> Installing for ufdbGuard-1.33.3 ===> ufdbGuard-1.33.3 depends on package: perl5>=5.24<5.25 - found ===> Checking if ufdbGuard already installed ===> Registering installation for ufdbGuard-1.33.3 [FreeBSD:11:amd64-default] Installing ufdbGuard-1.33.3... ===> Creating groups. Creating group 'ufdb' with gid '898'. ===> Creating users Creating user 'ufdb' with uid '898'. Please, note the following statements about ufdbGuard port: o it's decided during compilation if ufdbguardd will work through Unix or TCP socket. It's set to Unix socket by default and if you want it to work via TCP socket unset UNIXSOCKETS port option and rebuild it. o ufdbUpdate script is left in non-working state for now. The only purpose of this script is to download URLfilterDB updates using paid subscription and to run it by cron. The script implies on sysconfig configuration file which is usuall only for linux systems. To make ufdbUpdate work it should be significantly rewritten for non-linux systems. It's not worth it due to the fact ufdbUpdate can be replaced by much more simple script written by local administator. ===> SECURITY REPORT: This port has installed the following binaries which execute with increased privileges. /usr/local/bin/ufdbsignal This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/bin/ufdbguardd /usr/local/bin/ufdbhttpd This port has installed the following startup scripts which may cause these network services to be started at boot time. /usr/local/etc/rc.d/ufdbguardd If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: https://www.urlfilterdb.com/ =========================================================================== ====>> Checking shared library dependencies 0x0000000000000001 NEEDED Shared library: [libbz2.so.4] 0x0000000000000001 NEEDED Shared library: [libc.so.7] 0x0000000000000001 NEEDED Shared library: [libcrypto.so.8] 0x0000000000000001 NEEDED Shared library: [libm.so.5] 0x0000000000000001 NEEDED Shared library: [libssl.so.8] 0x0000000000000001 NEEDED Shared library: [libthr.so.3] 0x0000000000000001 NEEDED Shared library: [libz.so.6] =======================<phase: deinstall >============================ ===> Deinstalling for ufdbGuard ===> Deinstalling ufdbGuard-1.33.3 Updating database digests format: ... done Checking integrity... done (0 conflicting) Deinstallation has been requested for the following 1 packages (of 0 packages in the universe): Installed packages to be REMOVED: ufdbGuard-1.33.3 Number of packages to be removed: 1 The operation will free 1 MiB. [FreeBSD:11:amd64-default] [1/1] Deinstalling ufdbGuard-1.33.3... [FreeBSD:11:amd64-default] [1/1] Deleting files for ufdbGuard-1.33.3: .......... done ==> You should manually remove the "ufdb" user. ==> You should manually remove the "ufdb" group =========================================================================== ====>> Checking for extra files and directories [00:00:25] ====>> Installing from package [FreeBSD:11:amd64-default] Installing ufdbGuard-1.33.3... ===> Creating groups. Using existing group 'ufdb'. ===> Creating users Using existing user 'ufdb'. [FreeBSD:11:amd64-default] Extracting ufdbGuard-1.33.3: .......... done Message from ufdbGuard-1.33.3: Please, note the following statements about ufdbGuard port: o it's decided during compilation if ufdbguardd will work through Unix or TCP socket. It's set to Unix socket by default and if you want it to work via TCP socket unset UNIXSOCKETS port option and rebuild it. o ufdbUpdate script is left in non-working state for now. The only purpose of this script is to download URLfilterDB updates using paid subscription and to run it by cron. The script implies on sysconfig configuration file which is usuall only for linux systems. To make ufdbUpdate work it should be significantly rewritten for non-linux systems. It's not worth it due to the fact ufdbUpdate can be replaced by much more simple script written by local administator. [00:00:25] ====>> Cleaning up ===> Cleaning for ufdbGuard-1.33.3 [00:00:25] ====>> Deinstalling package Updating database digests format: . done Checking integrity... done (0 conflicting) Deinstallation has been requested for the following 1 packages (of 0 packages in the universe): Installed packages to be REMOVED: ufdbGuard-1.33.3 Number of packages to be removed: 1 The operation will free 1 MiB. [FreeBSD:11:amd64-default] [1/1] Deinstalling ufdbGuard-1.33.3... [FreeBSD:11:amd64-default] [1/1] Deleting files for ufdbGuard-1.33.3: .......... done ==> You should manually remove the "ufdb" user. ==> You should manually remove the "ufdb" group Can you please check these errors in the build log? The port builds successfully, but I don't think these errors should occur. usage: cp [-R [-H | -L | -P]] [-f | -i | -n] [-alpsvx] source_file target_file cp [-R [-H | -L | -P]] [-f | -i | -n] [-alpsvx] source_file ... target_directory System configuration settings file is if [ /var/run/ufdbGuard != /var/tmp ] ; then /wrkdirs/usr/ports/www/ufdbguard/work/ufdbGuard-1.33.3/install-sh -c -o root -d /wrkdirs/usr/ports/www/ufdbguard/work/stage/var/run/ufdbGuard ; fi echo "Installing SSL root certificates" Installing SSL root certificates /wrkdirs/usr/ports/www/ufdbguard/work/ufdbGuard-1.33.3/install-sh -c -m 644 security/cacerts /wrkdirs/usr/ports/www/ufdbguard/work/stage/var/db/ufdbGuard/security/cacerts.sample check_config_file: cannot read configuration file /wrkdirs/usr/ports/www/ufdbguard/work/stage/usr/local/etc/ufdbGuard/ufdbGuard.conf ***** cannot resolve hostname "updates.urlfilterdb.com" using /usr/bin/host cannot resolve hostname "cgibin.urlfilterdb.com" using /usr/bin/host ***** Check the name resolver on this system. ***** ***** ufdbGuard does not function properly if it cannot resolve public hostnames. ***** making install in src ================================================================== ufdbGuard daemon runs with user id root ufdbGuard binaries are installed in /usr/local/bin ufdbGuard configuration file is installed in /usr/local/etc/ufdbGuard ufdbGuard system configuration file is installed in /usr/local/etc/ufdbguard ================================================================== *** Error code 1 (ignored) Sure, I'm looking into it (In reply to Richard Gallamore from comment #3) Ok, it's been here since I created this port. This is copying of Linux sysconfig file. I broke it deliberately. So it's fine to ignore. MAKE_JOBS_UNSAFE= yes, Is this really required? It builds fine without it. (In reply to Richard Gallamore from comment #6) I was not me who added this https://svnweb.freebsd.org/ports?view=revision&revision=428491 (In reply to timp87 from comment #7) The .if ${SSL_DEFAULT:*} and .pre/.port.ports include could be removed by using the BROKEN_SSL=openssl-devel libressl-devel variable. UNIXSOCKETS_CONFIGURE_WITH=unix-sockets will do the equivalent of the current *_CONFIGURE_ON and _OFF. While here, is there any reason to not have this always on, as in not an option? Created attachment 183942 [details] port patch. Small fixes to prev (In reply to Richard Gallamore from comment #8) > The .if ${SSL_DEFAULT:*} and .pre/.port.ports include could be removed by using the BROKEN_SSL=openssl-devel libressl-devel variable. Done > UNIXSOCKETS_CONFIGURE_WITH=unix-sockets will do the equivalent of the current *_CONFIGURE_ON and _OFF. While here, is there any reason to not have this always on, as in not an option? It's decided at compile time if it works via unix-socket or tcp socket. There is no such config option at runtime. I know, this is weird. Also I turned off unix-socket by default as tcp socket way has more use cases. Created attachment 183952 [details] ufdbguard.diff According to [1], The BROKEN_* needs to be after the LICENSE section and before DEPENDS section. Also, I changed the UNIXSOCKETS_CONFIGURE as I said before, it is the same as _ON and _OFF as you had with a single line. Can you please look over the changes I made and approve if you agree? I already ran qa. [1] https://www.freebsd.org/doc/en/books/porters-handbook/porting-samplem.html#porting-samplem-order Created attachment 183956 [details]
ufdbguard.diff
Added missing _WITH to option.
Comment on attachment 183956 [details]
ufdbguard.diff
Thanks a lot!
(In reply to Richard Gallamore from comment #11) I don't know why but I can't set flag on your patch. Web UI works but after I push 'submit' button flag is not changed A commit references this bug: Author: ultima Date: Sun Jul 2 23:22:14 UTC 2017 New revision: 444906 URL: https://svnweb.freebsd.org/changeset/ports/444906 Log: * Updated to 1.33.3 * Changed UNIXSOCKETS default off Changelog: https://www.urlfilterdb.com/products/releases.html PR: 220286 Submitted by: <timp87@gmail.com> (maintainer) Reviewed by: matthew (mentor) Approved by: matthew (mentor) Differential Revision: https://reviews.freebsd.org/D11397 Changes: head/www/ufdbguard/Makefile head/www/ufdbguard/distinfo Committed, thanks! (In reply to timp87 from comment #13) It was my fault for not adding the "request maintainer feedback". The acknowledgement should be enough, I'll remember to set the flag. |