Bug 255009 - www/gitea: do not chown existing directories
Summary: www/gitea: do not chown existing directories
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Adam Weinberger
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-12 17:03 UTC by Martin Birgmeier
Modified: 2021-04-26 08:31 UTC (History)
2 users (show)

See Also:
koobs: maintainer-feedback+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Birgmeier 2021-04-12 17:03:04 UTC
Scenario:
- gitea installed
- setting gitea_user="gitea" in /etc/rc.conf (i.e., running gitea not as user git, but as user gitea)
- use /var/run/gitea/gitea.sock for communication
- upgrade gitea using a package created using portmaster

Result:
- on startup, gitea cannot create /var/run/gitea/gitea.sock anymore, and therefore cannot be interacted with
- /var/db/gitea, /var/run/gitea, and /var/log/gitea are all owned by git instead of gitea

Expected result:
- If the directories /var/db/gitea, /var/run/gitea, and /var/log/gitea already exist when installing their ownership shall not be changed.

-- Martin
Comment 1 stb 2021-04-13 08:24:49 UTC
The ownership of these directories is encoded in the manifest at package build time (pkg-plist), and pkg does not take rc.conf settings into account when installing a package. AFAIK this is current practice for many ports, not just gitea.

I've posted the question on freebsd-ports@ to get some guidance on what to do in this situation.
Comment 2 Adam Weinberger freebsd_committer 2021-04-18 15:23:42 UTC
There's no clear rule on what to do there, so there's no wrong way to do it.

I addressed this idea in a different way www/caddy in the rc(8) script:

  caddy_precmd()
  {
          # Create required directories and set permissions
          /usr/bin/install -d -m 755 -o "${caddy_user}" -g "${caddy_group}" ${caddy_directory}
          /usr/bin/install -d -m 700 -o "${caddy_user}" -g "${caddy_group}" ${caddy_directory}/config
          /usr/bin/install -d -m 700 -o "${caddy_user}" -g "${caddy_group}" ${caddy_directory}/data
          /usr/bin/install -d -m 755 -o "${caddy_user}" -g "${caddy_group}" ${caddy_logdir}
          /usr/bin/install -d -m 700 -o "${caddy_user}" -g "${caddy_group}" /var/run/caddy
  }

The benefit there is that changes in the rc.conf are reflected the next time it spins up. The drawback there is that it only changes the permissions on the directory itself; if you change from root:wheel (the default) to www:www, for example, the existing files can't be modified.

Another approach could be to simply check whether those dirs are owned by gitea_user in the rc(8) script and spit out an error message with instructions for what to chown -R.

Another option is to just do nothing, and there is plenty of precedent for that. It's my least favorite option, but my guess is that the majority of ports don't bother with it.

Stefan, it's your show. Do you have a feel for what approach you'd like to take?
Comment 3 stb 2021-04-26 07:45:48 UTC
At this point, I'd rather do nothing. I feel that modifying ownership/permissions in the rc script is a bandaid at best, and the wrong kind of "magic".

I think any solution should go into the plumbing, instead of individual ports.
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2021-04-26 08:31:56 UTC
^Triage: feedback provided, set flag (+) accordingly. There's no patch to set maintainer-approval to "-" on.

(In reply to stb from comment #3)

Any relevent replies to your post yet? Can you link the thread too please