[Bug 181507] [PATCH] security/pks: fix autostart
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jun 30 20:10:11 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=181507
--- Comment #7 from G. Todd <gtodd at opendevelopment.net> ---
Hi Sorry for the delay on this. Attached above is a somewhat rushed svn diff so
this stays alive after the move to STAGE.
1. I have compiled using STAGE on 9.2 and 10.0 and everything seems to work
fine. Thanks for the work on this feature of ports, and thanks for using
bugzilla!
2. On two machines I am able to test on there seems to be corruption issues
when using db42. I set USE_DB to 41.
3. There was a an error in the test condition of the start_postcmd which
caused the postcmd to never run. If the postcmd (pks-queue-run.sh) does
run, it gets stuck in a while loop and doesn't exit properly. This issue
appears to be related to configuration so, rather than adding patches for
the upstream source, I think it is best to disable the start_postcmd and
document the required installation steps for enabling it.
4. Setting a ${pidfile} fixed a start/stop issue but I can't remember the
specifics. In any case this doesn't feel like a complete solution to the
reported bug since I am not sure why it changes the behavior the way it does.
Beyond this patch these are the TODOs for this port:
- the port needs to install its own UID/GID and run with those privileges. At
one point I had this mostly done but not well tested. Feel free to take this
on.
- the configuration file and the rc.d script should by default disable
interaction by mail and encourage the administrator (with installation
messages) to correctly configure their pks installation to work with the
local mail infrastructure BEFORE running rc.d scripts which rely on it. [MOSTLY
DONE ?]
- the port needs to be easy to set up to run chrooted using rc.conf
and have a better default chroot location set in the sample configuration (but
continue to default chroot to off of course).
Please test! security/pks needs to use the facilities of the new improved ports
system, rc.subr. rc.conf to build and install an easy to install binary pkg in
a reliable way to stay useful. pks is a simple BSD licensed key management
service that might fit nicely into a larger project, but to stay relevant for
the longer term support for new key formats (JPEG images etc.) and/or
alternative DB backends would be nice to have. pks was a very useful tool for
internal key services I ran in the past. Since I do not run a key service of
any kind currently, new maintainers/developers are welcome and encouraged.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list