[ports/net/isc-dhcp*] Don't stop DHCP related daemons

Tue Sep 14 07:15:25 UTC 2010

On Sat, Sep 11, 2010 at 9:33 AM, Ion-Mihai Tetcu <itetcu at freebsd.org> wrote:
> On Sat, 11 Sep 2010 22:29:02 +0900
> Norikatsu Shigemura <nork at FreeBSD.org> wrote:
>
>> Hi wxs and jpaetzel.
>>
>>       I noticed that dhcpd server stoped after portupgrade,
>> sometimes. It's a painful accident on my network.  Because I didn't
>> notice some troubles:-(.
>>
>>       Why do you stop the daemons? Is it really absolutely necessary
>>       to stop a service before it's files go away?
>>
>>       SEE ALSO:
>>       http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/rc-scripts.html#AEN5402
>>
>> $ grep forcestop isc-dhcp*/pkg-plist
>> isc-dhcp31-relay/pkg-plist:@unexec %D/etc/rc.d/isc-dhcrelay.sh
>> forcestop 2>/dev/null || true isc-dhcp31-relay/pkg-plist:@unexec
>> %D/etc/rc.d/isc-dhcrelay forcestop 2>/dev/null || true
>> isc-dhcp31-server/pkg-plist:@unexec %D/etc/rc.d/isc-dhcpd.sh
>> forcestop 2>/dev/null || true isc-dhcp31-server/pkg-plist:@unexec
>> %D/etc/rc.d/isc-dhcpd forcestop 2>/dev/null || true
>> isc-dhcp41-relay/pkg-plist:@unexec %D/etc/rc.d/isc-dhcrelay.sh
>> forcestop 2>/dev/null || true isc-dhcp41-relay/pkg-plist:@unexec
>> %D/etc/rc.d/isc-dhcrelay forcestop 2>/dev/null || true
>> isc-dhcp41-server/pkg-plist:@unexec %D/etc/rc.d/isc-dhcpd forcestop
>> 2>/dev/null || true
>>
>>       I want to remove these lines in pkg-plist.

These lines are needed to ensure that the daemon has been stopped upon
uninstalling the port

> This 'stop the service before we install' seems to be a new fashion,
> usually unneeded/disruptive.

The service is not stopped before the install, it is stopped before
uninstalling the service during a pkg_delete.

This ensures that the service has stopped running when the package is
pkg_deleted.

> IMO this should only happen when it's really needed, and with some big
> warning printed.
>

The problem is that your using tools such as portupgrade, or
portmaster, etc..  These tools don't check if the service was running
when it started the upgrade process.   Instead they just pkg_delete
the old port and then build or pkg_install the newest version of the
port.

Consider thess senarios:

1. A system admin installs package foo-1.3, adds the appropriate
foo_enable to /etc/rc.conf, and then executes ${PREFIX}/etc/rc.d/foo
start.  He tests the foo package and decides that it doesn't meet his
requirements and wants to use bar-1.7 instead.  So he goes to
uninstall foo-1.3 without stopping the service (pkg_delete foo-1.3)
and installs bar-1.7.  Now, if the pkg-plist didn't have the @unexec
%D/etc/rc.d/foo forcestop, the foo daemon would still be running until
the system was rebooted.  So when he goes to starts the bar service,
he gets a suprise because he is connecting to the foo daemon, and the
bar daemon failed to start.

2. A system admin installs package foo-1.3, after running the service
for a while a security hole is found in foo-1.3.  So he uses his
favorite ports management tool (pkg_delete/pkg_install, portupgrade,
or portmaster, ...) to upgrade to foo-1.4.  If the pkg-plist didn't
have the @unexec %D/etc/rc.d/foo forcestop, the security vulnerable
foo-1.3 daemon would still be running, even though the latest version
has been installed.  This would cause the system to still be
vulnerable to the security risk.

The main problem with upgrading ports that install daemon startup
scripts is that the ports management tools are not checking if the
service is running before they start the upgrade process.  These tools
should print a warning at the end of the upgrade process that states
which daemons were stopped due to the upgrade process.

The ports management tools should not automatically restart the
daemons that it had stopped.  The reason is that there could be a
configuration change in the new ports sample config files that should
be migrated to the old modified config files before restarting the
service.

Scot