[Bug 218159] ports-mgmt/pkg: pkg -r fails to run post install script.
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon May 11 18:04:15 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218159
Jeff Kletsky <jeff+freebsd at wagsky.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jeff+freebsd at wagsky.com
--- Comment #4 from Jeff Kletsky <jeff+freebsd at wagsky.com> ---
Confirming that -r / --rotdir does not appear to run the package scripts in a
"sae" manner, resulting in failures and potentially corruption of the system,
in general.
Expected behavior:
* Running `pkg -r /path/to/jail/root` would only impact files under
/path/to/jail/root
* With the possible exception of the pkg cache on the host file system
Observed behavior:
* Package scripts attempt to modify files relative to the host file system that
are outside of the specified root
Impact:
* Host file system can be put into an inconsistent state
Steps to replicate at the end of this comment.
---
Observed that, as a repeatable example, `php74-xmlwriter-7.4.5` results in
/bin/sh: cannot create /usr/local/include/php/ext/php_config.h: No such file or
directory
pkg: POST-INSTALL script failed
This appears to be due to the post-install script using absolute path names.
>From `+MANIFEST`
"scripts":{"post-install":"echo \\#include \\\"ext/xmlwriter/config.h\\\" >>
/usr/local/include/php/ext/php_config.h","pre-deinstall":"cp
/usr/local/include/php/ext/php_config.h
/usr/local/include/php/ext/php_config.h.orig\ngrep -v ext/xmlwriter/config.h
/usr/local/include/php/ext/php_config.h.orig >
/usr/local/include/php/ext/php_config.h || true\n/bin/rm -f
/usr/local/include/php/ext/php_config.h.orig"}
Thankfully, my host system does not have /usr/local/include/php/ or I suspect
the script would have corrupted the host system.
While one can argue that this is also an error in the packages, installing a
package to a target filesystem shouldn't overwrite the host system's data (with
the potential exception of the package caches).
There does not seem to be a workaround that I can find as the application is
installing ports on jail filesystems for jails that intentionally do not have
general network access.
`pkg -j` is not an option as the jail needs to be running and the jail does not
have access to the repos over the network. Running `pkg` from within the jail
with `jexec` has the same issues.
`pkg -c` first fails due to lack of `/etc/resolv.conf`. While
`/etc/resolv.conf` could be overwritten, this would then allow a running jail
access to DNS records that it ordinarily would not have (the jails also have no
DNS access or restricted DNS views). Even adding an "unrestricted"
`/etc/resolv.conf` still results in problems, with a lack of `/dev/null` being
the next problem.
TO REPLICATE
============
# create an empty file system, extract the base system
sudo zfs create zroot-js-front-2020-05/var/jail/pkg-r
cd /var/jail/pkg-r/
sudo tar xvf ~/FreeBSD/12.1/base.txz
# Update it to current
sudo freebsd-update -b /var/jail/pkg-c fetch
sudo freebsd-update -b /var/jail/pkg-c install
# Update the package data
sudo pkg -r /var/jail/pkg-r update
# Install a package that brings in some php modules
sudo pkg -r /var/jail/pkg-r install nextcloud-php74 # It looks like php74
alone would work
# Observe that the POST-INSTALL scripts are trying to access paths outside of
the specified root
# and that, had the directories and files been present on the host,
# would have resulted the "wrong" files being copied, as well as changing the
host's configuration
[14/55] Extracting php74-7.4.5: 100%
cp: /usr/local/etc/php-fpm.conf.default: No such file or directory
cp: /usr/local/etc/php-fpm.d/www.conf.default: No such file or directory
touch: /usr/local/include/php/ext/php_config.h: No such file or directory
pkg: POST-INSTALL script failed
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-pkg
mailing list