portupgrade regression?

Jon Noack noackjr at alumni.rice.edu
Fri Apr 22 12:25:31 PDT 2005 

On 4/22/2005 9:06 AM, Simon L. Nielsen wrote:
> On 2005.04.22 01:44:25 -0500, Jon Noack wrote:
>>Ever since the security fix for CAN-2005-0610, portupgrade and company 
>>have been behaving oddly for me.  The root cause of this seems to be 
>>that the pkgdb is being updated needlessly with every operation:
> 
> After the patch pkgdb.fixme is created in /var/db/pkg, which causes
> the portupgrade package database update check to always fail.

I get it now: portupgrade compares the /var/db/pkg timestamp to the 
pkgdb.db timestamp to figure out when to update.  Creating pkgdb.fixme 
in /var/db/pkg will bump the /var/db/pkg timestamp and make it always 
seem like pkgdb.db is old and needs to be updating.

>>Am I trying to do something that I shouldn't?  What is the correct
>>behavior here?
> 
> It is definitely a bug that the package database is rebuild every
> time, and portversion fails due to that problem.  The solution is
> probably to create pkgdb.fixme in another directory, but I haven't yet
> found a secure and reliable fix.  I am looking into it (and if anybody
> has good ideas, or patches, please contact me).

The following change (relative to the original source) leaves the 
default as the @db_dir but allows one to override it with PKG_TMPDIR or 
TMPDIR:
**********************************************************************
--- pkgdb.rb.orig       Mon Oct 18 09:59:09 2004
+++ pkgdb.rb    Fri Apr 22 13:25:20 2005
@@ -96,7 +96,7 @@
      @db_dir = File.expand_path(new_db_dir || ENV['PKG_DBDIR'] || 
'/var/db/pkg')

      @db_file = File.join(@db_dir, 'pkgdb.db')
-    @tmp_dir = ENV['PKG_TMPDIR'] || ENV['TMPDIR'] || '/var/tmp'
+    @tmp_dir = ENV['PKG_TMPDIR'] || ENV['TMPDIR'] || @db_dir
      @fixme_file = File.join(@tmp_dir, 'pkgdb.fixme')
      @db_filebase = @db_file.sub(/\.db$/, '')
      close_db
**********************************************************************

One would need to apply the same change to pkgsqldb.rb.  That change 
resolves the issue for me but preserves a secure default.  Is that an 
acceptable compromise?

Jon

More information about the freebsd-ports mailing list