Bug 204987 - security/p5-openxpki: Update to 1.2.0
Summary: security/p5-openxpki: Update to 1.2.0
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Martin Wilke
URL:
Keywords: patch, patch-ready
Depends on: 204814
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-03 06:50 UTC by Sergei Vyshenski
Modified: 2015-12-15 16:15 UTC (History)
3 users (show)

See Also:
svysh.fbsd: maintainer-feedback+


Attachments
patch for updating the port (55.03 KB, patch)
2015-12-03 06:50 UTC, Sergei Vyshenski
no flags Details | Diff
log from poudriere at 11.0-amd64 and perl-5.20 (249.55 KB, text/plain)
2015-12-03 06:51 UTC, Sergei Vyshenski
no flags Details
patch for updating the port (59.60 KB, patch)
2015-12-05 20:13 UTC, Sergei Vyshenski
no flags Details | Diff
patch for updating the port (60.08 KB, patch)
2015-12-07 19:33 UTC, Sergei Vyshenski
no flags Details | Diff
log from poudriere at 11.0-amd64 and perl-5.20.3 (189.55 KB, text/plain)
2015-12-07 19:34 UTC, Sergei Vyshenski
no flags Details
patch for updating the port (60.05 KB, patch)
2015-12-07 19:37 UTC, Sergei Vyshenski
no flags Details | Diff
log from poudriere at 11.0-amd64 and perl-5.20.3 (312.08 KB, text/plain)
2015-12-07 19:47 UTC, Sergei Vyshenski
no flags Details
patch for updating the port (60.28 KB, patch)
2015-12-08 21:06 UTC, Sergei Vyshenski
koobs: maintainer-approval+
Details | Diff
log from poudriere at 11.0-amd64 and perl-5.20.3 (349.78 KB, text/plain)
2015-12-08 21:07 UTC, Sergei Vyshenski
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Sergei Vyshenski 2015-12-03 06:50:38 UTC
Created attachment 163802 [details]
patch for updating the port

- Update to ver 1.2.0
Changes: https://github.com/openxpki/openxpki/commits/master

- "portlint -AC" says:
WARN: /usr/ports/security/p5-openxpki/pkg-plist: A @owner section was started but never reset.  USe @owner without any arguments to reset the owner
WARN: /usr/ports/security/p5-openxpki/pkg-plist: A @group section was started but never reset.  Use @group without any arguments to reset the group
WARN: Makefile: [129]: possible use of "${CHMOD}" found. Use @(owner,group,mode) syntax or @owner/@group operators in pkg-plist instead.
WARN: Makefile: for new port, make $FreeBSD$ tag in comment section empty, to make SVN happy.
0 fatal errors and 4 warnings found.

- Tested with poudriere (log attached) at 11.0-CURRENT-amd64,
perl5-5.20, and openssl from ports.
Comment 1 Sergei Vyshenski 2015-12-03 06:51:11 UTC
Created attachment 163803 [details]
log from poudriere at 11.0-amd64 and perl-5.20
Comment 2 Sergei Vyshenski 2015-12-05 20:13:20 UTC
Created attachment 163876 [details]
patch for updating the port

New patch differs in just one thing:
very long list of BUILD_DEPENDS is sorted now.
Comment 3 Olli Hauer freebsd_committer freebsd_triage 2015-12-06 21:01:17 UTC
Hi Sergei,

just reading the patch and find a possible issue.

The patch creates some new log files with touch, but this was existing log files will be overwritten with every update/reinstall ...

Isn't it better to let /var/log/openxpki alone with (without empty logs) and perhaps set more restrict permissions for the user/daemon running the PKI?

e.g. in case the software logs as user www
@dir(www,www,750) /var/log/openxpki
Comment 4 Sergei Vyshenski 2015-12-06 22:27:45 UTC
Hi Olli,

Yes, agreed. Thank you very much. 
Let me submit soon a new patch and a new testlog. 
Have to change pkg-message too 
to instruct a user to take care about logs himself.
Comment 5 Sergei Vyshenski 2015-12-07 19:33:34 UTC
Created attachment 163948 [details]
patch for updating the port

portlint -AC says:

WARN: Makefile: [125]: possible use of "${CHMOD}" found. Use @(owner,group,mode) syntax or @owner/@group operators in pkg-plist instead.
WARN: Makefile: for new port, make $FreeBSD$ tag in comment section empty, to make SVN happy.
WARN: Makefile: extra item placed in the *_DEPENDS section, for example, "BUILD_DEPENDSS".
0 fatal errors and 3 warnings found.

Follow advice of Olli, and this time create

@dir(openxpki,openxpki,751) /var/log/openxpki

Note that two daemons should write to this diretory: 1) openxpki and 2) web server. 
User is advised (cf. files/pkg-message.in) to create logs after fresh install as:

install -m 660 -o openxpki -g openxpki /dev/null /var/log/openxpki/openxpki.log
install -m 660 -o www -g www /dev/null /var/log/openxpki/webui.log

etc.
Comment 6 Sergei Vyshenski 2015-12-07 19:34:05 UTC
Created attachment 163949 [details]
log from poudriere at 11.0-amd64 and perl-5.20.3
Comment 7 Sergei Vyshenski 2015-12-07 19:37:47 UTC
Created attachment 163950 [details]
patch for updating the port
Comment 8 Sergei Vyshenski 2015-12-07 19:47:51 UTC
Created attachment 163951 [details]
log from poudriere at 11.0-amd64 and perl-5.20.3

For the last version of patch.

portlint -AC says:

WARN: Makefile: [125]: possible use of "${CHMOD}" found. Use @(owner,group,mode) syntax or @owner/@group operators in pkg-plist instead.
WARN: Makefile: for new port, make $FreeBSD$ tag in comment section empty, to make SVN happy.
0 fatal errors and 2 warnings found.

Follow advice of Olli, and this time create

@dir(openxpki,openxpki,751) /var/log/openxpki

Note that two daemons should write to this diretory: 1) openxpki and 2) web server. 
User is advised (cf. files/pkg-message.in) to create logs after fresh install as:

install -m 660 -o openxpki -g openxpki /dev/null /var/log/openxpki/openxpki.log
install -m 660 -o www -g www /dev/null /var/log/openxpki/webui.log

etc.
Comment 9 Sergei Vyshenski 2015-12-08 21:06:49 UTC
Created attachment 164001 [details]
patch for updating the port
Comment 10 Sergei Vyshenski 2015-12-08 21:07:18 UTC
Created attachment 164002 [details]
log from poudriere at 11.0-amd64 and perl-5.20.3
Comment 11 commit-hook freebsd_committer freebsd_triage 2015-12-15 14:36:36 UTC
A commit references this bug:

Author: miwi
Date: Tue Dec 15 14:36:16 UTC 2015
New revision: 403777
URL: https://svnweb.freebsd.org/changeset/ports/403777

Log:
  - Update to 1.2.0
  - Switch to options helper

  PR:		204987
  Submitted by:	maintainer
  Approved by:	mat (mentor)
  Differential Revision:	D4575

Changes:
  head/security/p5-openxpki/Makefile
  head/security/p5-openxpki/distinfo
  head/security/p5-openxpki/files/pkg-message.in
  head/security/p5-openxpki/pkg-plist
Comment 12 Sergei Vyshenski 2015-12-15 15:59:42 UTC
Hi Martin,

Thank you very much for taking care of this PR.

This port installs universal server building block for constructing PKI infrastructure. User has to define by hand a role of this server inside PKI.
Without provided examples this can not be done.

During old update of this port to ver 0.23.0.1, I have noted that:

- Configuration examples are essential (if not main) part of this software,
that is why I opted to install them unconditionally.

cf here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194772

This time you have permitted user to switch off installation of examples. 
But without examples this software has little sense.
Do you think this could be misleading for the user?

All the best, Sergei
Comment 13 Martin Wilke freebsd_committer freebsd_triage 2015-12-15 16:15:31 UTC
Hi Sergei,

No I don't think this will mislead, under normal circumstances user do know what there do. IF we really get problems we should consider of making a explicit note to pkg-message.

- Martin