Bug 253843 - security/p11-kit: default options EXTREMELY inconvenient to users
Summary: security/p11-kit: default options EXTREMELY inconvenient to users
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Roman Bogorodskiy
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2021-02-25 10:31 UTC by Andras Farkas
Modified: 2021-02-25 15:57 UTC (History)
2 users (show)

See Also:
novel: maintainer-feedback-


Attachments
diff -u that fixes the problem (387 bytes, patch)
2021-02-25 10:31 UTC, Andras Farkas
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andras Farkas 2021-02-25 10:31:34 UTC
Created attachment 222817 [details]
diff -u that fixes the problem

Hi!  A few months ago, I found that bash was unfortunately installed on my computer, when it used to not be.
Recently, I found the culprit is a bad default in the p11-kit options.  The BASH option should be opt-in, not opt-out, as I have never needed bash.  If I wanted GNU software, I'd be using GNU/Linux, not FreeBSD.
The bash option is perhaps useful for people who use bash, and they can still opt into it after the application of this diff which fixes the problem.

Many packages require p11-kit, and they do not require bash.
I now have to do
pkg delete -f bash bash-completion
after updating my packages, as things currently are.  Very inconvenient.
Comment 1 Roman Bogorodskiy freebsd_committer 2021-02-25 10:59:06 UTC
> The BASH option should be opt-in, not opt-out, as I have never needed bash.

And people who use bash (which is fairly popular) would say that option should be opt-out, not opt-in.

> The bash option is perhaps useful for people who use bash, and they can still opt into it after the application of this diff which fixes the problem.

And you can still opt out, even without this diff.

Would you mind elaborating why your scenario is more important (not forgetting that you're not the only user of packages, and there are plenty of users who prefer bash as a shell)?
Comment 2 Andras Farkas 2021-02-25 12:36:56 UTC
I'd say the main reason it should be opt-in is that bash does not come with FreeBSD by default. (thankfully)

As for my own specific use case, when I work with shell scripts and other programs, it's important that bash not be installed, since some scripts behave differently when bash is available versus when it's not.  I often catch bashisms and fix them when working with open-source software.
That's why I manually need to remove bash each time pkg reinstalls bash.

In general, if I don't use something, and nothing I use uses that something, it shouldn't be installed.
This is a case where no program or package on my computer uses bash, yet it forcibly gets installed just because the bash-completion option is enabled by default in p11-kit.
It doesn't make sense.

> And people who use bash (which is fairly popular) would say that option should be opt-out, not opt-in.
If someone opts into bash I don't see an issue with having them also opt into bash-completion, on FreeBSD.

Perhaps there could be flavored packages for p11-kit.
p11-kit and p11-kit-bash.
Comment 3 Roman Bogorodskiy freebsd_committer 2021-02-25 12:51:28 UTC
(In reply to Andras Farkas from comment #2)

Ok, I see your point, but it doesn't convince me BASH should be disabled by default.

I usually enable features by default (unless it's something super-heavy and not very exotic at the same time) so new or less experienced users don't need to figure out why a certain thing is not working or rebuild packages.

In this specific case, I think bash is a very popular shell, and bash + bash-completion are just around 10MiB, I don't think it's worth the hassle to create a flavored port.

You, as an experienced user (which I assume you are as you can provide a patch) might for example use poudriere with OPTIONS_UNSET= BASH.
Comment 4 Andras Farkas 2021-02-25 12:55:45 UTC
This is still a defect and has not been fixed.  Do not close it until it is fixed.
Comment 5 olevole 2021-02-25 14:09:17 UTC
(In reply to Andras Farkas from comment #2)
> In general, if I don't use something, and nothing I use uses that something, it shouldn't be installed.


I think there are many more options and ports that you don't personally use. Please take a look at the port overlay ( + poudriere + synth ) instead of deleting these parameters and ports:

grep -A16 ^20190903 /usr/ports/CHANGES
Comment 6 Andras Farkas 2021-02-25 14:20:52 UTC
The patch does not delete any ports or parameters, it simply changes a default to something that makes far more sense.
Comment 7 commit-hook freebsd_committer 2021-02-25 15:46:05 UTC
A commit references this bug:

Author: novel
Date: Thu Feb 25 15:45:26 UTC 2021
New revision: 566543
URL: https://svnweb.freebsd.org/changeset/ports/566543

Log:
  security/p11-kit: drop BASH option

   - Drop BASH option and install bash completion files unconditionally,
     but only add shells/bash-completion to BUILD_DEPENDS, not RUN_DEPENDS,
   - Improve formatting with portfmt(1),
   - Bump PORTREVISION for dependency changes.

  PR:		253843
  Submitted by:	swills
  Reported by:	Andras Farkas

Changes:
  head/security/p11-kit/Makefile
  head/security/p11-kit/pkg-plist
Comment 8 Andras Farkas 2021-02-25 15:57:14 UTC
Thanks so much, Steve Wills!
:D
This looks like a good fix to me: I'll confirm this when the changes propagate to the quarterly pkg updates.