Bug 213121 - security/ca_root_nss does not clean directory it installed
Summary: security/ca_root_nss does not clean directory it installed
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Ports Security Team
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-09-30 15:16 UTC by John Marino
Modified: 2016-10-09 01:11 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (ports-secteam)


Attachments
fix stage-QA check by fixing pkg-plist (353 bytes, patch)
2016-09-30 15:59 UTC, John Marino
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description John Marino freebsd_committer 2016-09-30 15:16:13 UTC
I've known about this pkg-plist omission for a long time and it keeps biting me in synth test mode, so I'm opening a PR on it:


========================< phase : deinstall       >========================
=> Checking shared library dependencies
===>  Deinstalling for ca_root_nss
===>   Deinstalling ca_root_nss-3.27
Updating database digests format: ..... done
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 1 packages (of 0 packages in the universe):

Installed packages to be REMOVED:
	ca_root_nss-3.27

Number of packages to be removed: 1
[1/1] Deinstalling ca_root_nss-3.27...
[1/1] Deleting files for ca_root_nss-3.27: ....... done

=> Checking for system changes between staging and package deinstallation

   Left over files/directories:
	etc/ssl
===========================================================================

presumably it just needs a "@dir" in the pkg-plist.
I'll try to come up with a patch soon
Comment 1 John Marino freebsd_committer 2016-09-30 15:23:55 UTC
hmm, this might be caused by another port, e.g. security/libressl
Comment 2 John Marino freebsd_committer 2016-09-30 15:59:02 UTC
Created attachment 175308 [details]
fix stage-QA check by fixing pkg-plist

It *is* this port.
I was looking at /usr/local/etc/ssl, but the issue was /etc/ssl, caused by this port.

I've submitted a patch for approval.
Comment 3 John Marino freebsd_committer 2016-10-04 20:16:49 UTC
security team, can somebody approve this patch?  This appears to be a no-brainer to me.
Comment 4 Mark Felder freebsd_committer 2016-10-09 01:03:05 UTC
Approved
Comment 5 commit-hook freebsd_committer 2016-10-09 01:10:48 UTC
A commit references this bug:

Author: marino
Date: Sun Oct  9 01:09:57 UTC 2016
New revision: 423559
URL: https://svnweb.freebsd.org/changeset/ports/423559

Log:
  security/ca_root_nss: adjust pkg-plist to address leftover directory

  The port creates /etc/ssl directory with the default option, but until now,
  did not remove it upon deinstallation.  While technically this requires
  a revbump, rebuilding this port to fix a cleanup step would cause a
  tremendous amount of fallout and it's not worth the pain IMO.

  PR:		213121
  Approved by:	feld (ports-secteam)

Changes:
  head/security/ca_root_nss/pkg-plist
Comment 6 John Marino freebsd_committer 2016-10-09 01:11:12 UTC
Thanks feld!