misc/134714: portupgrade deletes user data without question or backup.

Stefan `Sec` Zehl sec at 42.org
Tue May 19 15:50:02 UTC 2009

>Number:         134714
>Category:       misc
>Synopsis:       portupgrade deletes user data without question or backup.
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 19 15:50:01 UTC 2009
>Originator:     Stefan `Sec` Zehl
>Release:        FreeBSD 7.2-PRERELEASE amd64
System: FreeBSD ice 7.2-PRERELEASE FreeBSD 7.2-PRERELEASE #2: Mon Mar 23 23:42:21 CET 2009 root at ice:/usr/obj/usr/src/sys/ICE amd64


This just happened to me again -- I really think it should be fixed by

Portupgrade of any port where some of the ports files have been modified
deletes these files even though these changes are detected first.

The only thing you get is a message like this scrolling by:

| pkg_delete: '/usr/local/etc/munin/templates/munin-comparison-day.tmpl'
| fails original MD5 checksum - deleted anyway.

This message makes me angry every time this happens. If it knows there
is something wrong, ask me how to proceed, or at least back up the
modified file.

Yes, I know that the underlying problem lies with pkg_delete and the
"-f" option. I think it is simply wrong for portupgrade to call
pkg_delete with "-f" and blindly assume everything is ok.


Several options come to my mind.

a) Make pkg_delete return via exit code wether changed files were
   detected and keep the backup in this case.

b) Create an option for pkg_delete to only skip dependencies, and let
   portupgrade fail/ask the user in case this doesn't work.

c) Let portupgrade check the output from pkg_delete for these messages
   and handle the cases itself.



More information about the freebsd-bugs mailing list