Bug 196921 - [maintainer update] devel/libsearpc: move python codes
Summary: [maintainer update] devel/libsearpc: move python codes
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: John Marino
URL:
Keywords:
Depends on:
Blocks: 196866 196922
  Show dependency treegraph
 
Reported: 2015-01-20 05:30 UTC by Jingfeng Yan
Modified: 2015-02-16 08:49 UTC (History)
2 users (show)

See Also:


Attachments
svn diff (2.73 KB, patch)
2015-01-20 05:30 UTC, Jingfeng Yan
no flags Details | Diff
svn diff (2.86 KB, patch)
2015-01-27 01:24 UTC, Jingfeng Yan
no flags Details | Diff
portlint result (130 bytes, text/plain)
2015-01-27 01:25 UTC, Jingfeng Yan
no flags Details
testport result (34.79 KB, text/plain)
2015-01-27 01:26 UTC, Jingfeng Yan
no flags Details
svn diff (3.52 KB, patch)
2015-02-08 20:18 UTC, Jingfeng Yan
no flags Details | Diff
testport result (34.57 KB, text/plain)
2015-02-08 20:20 UTC, Jingfeng Yan
no flags Details
unified diff (4.63 KB, patch)
2015-02-14 22:05 UTC, Jingfeng Yan
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jingfeng Yan 2015-01-20 05:30:31 UTC
Created attachment 151882 [details]
svn diff

move site-packages to install www/haiwen.... directory.
Comment 1 Jingfeng Yan 2015-01-27 01:24:30 UTC
Created attachment 152222 [details]
svn diff
Comment 2 Jingfeng Yan 2015-01-27 01:25:27 UTC
Created attachment 152223 [details]
portlint result
Comment 3 Jingfeng Yan 2015-01-27 01:26:06 UTC
Created attachment 152224 [details]
testport result
Comment 4 John Marino freebsd_committer 2015-01-27 18:06:11 UTC
Jingfeng - thanks for all the updates on all these related ports.  I have not forgotten them (indeed, the tickets have been claimed by me and are in my "to-do" box), but I'm being pulled in several different ways plus my development machine is currently switched to DragonFly to import gcc 5.0 into base.  Thus I've neither had time nor opportunity to do the tickets.

Hopefully soon though.  I'm more than 50% done with the gcc import.
Comment 5 Jingfeng Yan 2015-01-27 21:59:40 UTC
(In reply to John Marino from comment #4)
First of all, thank you for your encouragement.  I fully understand your situ.  So, you can take your time as long as it is tracked. I have provided a private copy of diffs to Chris (who is working for a lab in Vietnam for Ebola virus research).  Chris has done a quite complete deployment for seafile. So, I feel some kind of comforts for current status because there could be no big surprise in the wild.
Comment 6 John Marino freebsd_committer 2015-02-06 00:49:07 UTC
I think the pkg-plist is wrong.

You have @dir in several lines.  @dir is only used for empty directories (these aren't empty, right?) and directories with non-standard ownership/permissions.  

Plus the variable substitution between the files and directories don't match.  

Can you explain specifically why are you are using @dir here?  Is it from an attempt to make stage-qa errors go away?
Comment 7 John Marino freebsd_committer 2015-02-06 08:44:24 UTC
I'm guessing this was related to the @owner, @group keywords but surely it's not necessary to explicitly list the directories in this case?  Don't they follow the permissions of the files inside?
Comment 8 Jingfeng Yan 2015-02-06 15:34:23 UTC
(In reply to John Marino from comment #7)

Yes, the @dir lines are only for permission of owner and group.  Without the @dir, the directories's permission keep with root (0), while the files are in www/www (80).
Comment 9 John Marino freebsd_committer 2015-02-06 15:40:46 UTC
Is there a problem if only the file permissions are changed?

In other words, if the directories belong to root, does the port malfunction?
Comment 10 Jingfeng Yan 2015-02-06 16:01:53 UTC
(In reply to John Marino from comment #9)

I have not tested in that way. however, it could have potential problem is the code test open dir. I originally tried to avoid to use @dir. I do not know the other way to make them consistent. Then I remember that I once installed owncloud and they are putting the www/www for all entries.  I checked pkg-plist of owncloud, they are doing the same. I thought the way might be acceptable.
Comment 11 John Marino freebsd_committer 2015-02-06 16:44:30 UTC
I am skeptical because I've never seen another port do this.  As long as the directory has permissions that anyone can write to, I don't think it's necessary.  

The exception would be if another user needs to create a file, but this should not be happening except in directories like /usr/local/etc, /var, and so on.

I would propose to remove all the @dir in all these ports unless there's a specifically identified need for them.
Comment 12 Jingfeng Yan 2015-02-06 22:48:58 UTC
(In reply to John Marino from comment #11)

I understand your comments.  So far, I only know there is one case which needs write operation for ${LOCALBASE}/www/haiwen/seafile-server/seahub/media/avatar.  The files in this directory will be move to another user data location, and this is directory will be used to link that user data directory. 

I don't except the "Other" have any permission on the web packages. Web packages RW permission typically are given to the owner and group.   

From my point of view, if the directory permission is not as same as the files, it brings the testing more difficult.  There are so many directories, I can not verify all the components which do not hit any issue because of permission issue (because there is no deployment in such way as reference point).  For test coverage, if the front end have any problem, it is not very straight to trace the issue to pin down which directory need to have special permission.

It is an extra task for me to creating directories list.  If the task could be avoided and at the same it does not create any trouble, it would be great.  However, if this permission issue creates holes here and there, then the patch could be endless.  In such case, I will leave the owner and group to be "root".  Let end users to deal with the final user name and group name. If they can run "pkg install" in su, or sudo, they typically should be able to run "chown -R".  Could you let me know which way we should pursue?  Thank you.
Comment 13 Baptiste Daroussin freebsd_committer 2015-02-07 14:41:21 UTC
Actually only the files and directory that needs write access needs to be owner by the www user/group all others files/directories should be owned by root/wheel

For example I do not see a reason to have %%WWWDIR%%/seafile-server/seafile/%%PYTHON_SITELIBDIR%%/pysearpc/*.py* owned by the WWW user as it will only be read.

Given the package do provide the .pyc and .pyo they won't get regenerated at runtime so nothing requires write access here.

It is a good thing to cherrypick within the plist the owners as it is also sane for security, WWW will only be allowed to write where it is supposed to.
Comment 14 Jingfeng Yan 2015-02-07 15:28:20 UTC
(In reply to Baptiste Daroussin from comment #13)

I will limit the directory to make a test. I wish that there could be only one directory need to be handled separately. BTW, if the directory /x/y/z, the z need to be  www/www.  As I understand, x and y directory should be keep as it is.
Comment 15 Jingfeng Yan 2015-02-08 01:56:59 UTC
(In reply to Jingfeng Yan from comment #14)
...
@owner %%SEAFILE_USERNAME%%
@group %%SEAFILE_GROUPNAME%%
@mode 664
%%WWWDIR%%/seafile-server/runtime/seahub.conf
%%WWWDIR%%/seafile-server/seahub/media/avatars/default-non-register.jpg
%%WWWDIR%%/seafile-server/seahub/media/avatars/default.png
%%WWWDIR%%/seafile-server/seahub/media/avatars/groups/default.png
%%WWWDIR%%/seafile-server/seahub/seahub/settings.py
@owner
@group
@mode
@exec install -d -o %%SEAFILE_USERNAME%% -g %%SEAFILE_GROUPNAME%% -m 775 %%SEAFILE_SERVER%%/runtime
@exec install -d -o %%SEAFILE_USERNAME%% -g %%SEAFILE_GROUPNAME%% -m 775 %%SEAHUBDIR%%/media
@exec install -d -o %%SEAFILE_USERNAME%% -g %%SEAFILE_GROUPNAME%% -m 775 %%SEAHUBDIR%%/media/avatars
@exec install -d -o %%SEAFILE_USERNAME%% -g %%SEAFILE_GROUPNAME%% -m 775 %%SEAHUBDIR%%/media/avatars/groups
@exec install -d -o %%SEAFILE_USERNAME%% -g %%SEAFILE_GROUPNAME%% -m 775 %%SEAFILE_SERVER%%/runtime
@exec install -d -o %%SEAFILE_USERNAME%% -g %%SEAFILE_GROUPNAME%% -m 775 %%SEAHUBDIR%%
@exec install -d -o %%SEAFILE_USERNAME%% -g %%SEAFILE_GROUPNAME%% -m 775 %%WWWDIR%%
(end of file)

All the %%PATH%% are abs path within LOCALBASE.  However, this does not change the ownership of the directories.  These are min set of directories have to be set with www, otherwise, the service can not run.  Any hint?
Comment 16 Jingfeng Yan 2015-02-08 02:07:05 UTC
(In reply to Jingfeng Yan from comment #15)


Problem resolved.
Comment 17 Jingfeng Yan 2015-02-08 20:18:38 UTC
Created attachment 152767 [details]
svn diff

(1) The fix only keep the top level directory in www/www ownership.  The requirement is from other ports (net-mgmt/seafile), which writes to this top level directory.  
(2) This port update also carries on more formal fixes for using the auto tool for BSD system. 
(3) This port does NOT require further update for version 4.0 series.
Comment 18 Jingfeng Yan 2015-02-08 20:20:22 UTC
Created attachment 152768 [details]
testport result

The test port result now should include portlint result.
Comment 19 John Marino freebsd_committer 2015-02-13 22:39:40 UTC
per /usr/ports/CHANGES entry 20140922:

I think this line:

@exec install -d -o %%SEAFILE_USERNAME%% -g %%SEAFILE_GROUPNAME%% -m 755 %D/%%HAIWENDIR%%

should be

@dir(%%SEAFILE_USERNAME%%,%%SEAFILE_GROUPNAME%%,755) %%HAIWENDIR%%


Can you tell me if that works for you?
Comment 20 Jingfeng Yan 2015-02-14 21:57:56 UTC
(In reply to John Marino from comment #19)

Hi John,

It does more than what I want.  It seems all the sub-dire are in www ownership in this command.  What I originally expect is www/haiwen is www/www.  The other directory is still root/wheel. 

I expect this is fine. 

By the way, there is serious problem in the attached diff. svn diff does not catch the newly added patch file.  I should submit the file seperately, or what I can do? Similar question is for deleting file.  The "serious" means if anyone take the diff, the port can not be built. 

Thanks,
Jingfeng
Comment 21 Jingfeng Yan 2015-02-14 22:05:48 UTC
Created attachment 152987 [details]
unified diff
Comment 22 Jingfeng Yan 2015-02-14 22:08:40 UTC
(In reply to Jingfeng Yan from comment #20)

forget to run svn add.  It has been corrected.
Comment 23 John Marino freebsd_committer 2015-02-16 08:11:17 UTC
okay, I'll try this.  I have to unmask that rm -rf command in post install.  We need to see everything that happens to stage (additional and subtraction)
Comment 24 John Marino freebsd_committer 2015-02-16 08:23:50 UTC
for some reason, the Makefile.am patch does not apply.

Also, you must have used the command line "diff" to create these patches.  You should use "make makepatch" so that they are properly formatted, especially the timestamp.


I'm short on time right now, can you fix that one line on post-install and regenerated both patches with "make makepatch" and submit a hopefully final patch to the port?
Comment 25 John Marino freebsd_committer 2015-02-16 08:39:50 UTC
nevermind, I was able to repair the diff and regenerate the patches.
Comment 26 commit-hook freebsd_committer 2015-02-16 08:48:52 UTC
A commit references this bug:

Author: marino
Date: Mon Feb 16 08:48:21 UTC 2015
New revision: 379073
URL: https://svnweb.freebsd.org/changeset/ports/379073

Log:
  devel/libsearpc: relocate python files

  PR:		196921
  Submitted by:	maintainer (Jingfeng Yan)

Changes:
  head/devel/libsearpc/Makefile
  head/devel/libsearpc/files/patch-Makefile.am
  head/devel/libsearpc/files/patch-configure.ac
  head/devel/libsearpc/pkg-plist
Comment 27 John Marino freebsd_committer 2015-02-16 08:49:26 UTC
one down...