daily security run output and joomla3
Matthew Seaman
matthew at FreeBSD.org
Sun Jan 28 18:45:52 UTC 2018
On 28/01/2018 18:04, Larry Rosenman wrote:
> On Mon, Jan 29, 2018 at 02:56:51AM +0900, Yasuhiro KIMURA wrote:
>> From: Carmel NY <carmel_ny at outlook.com>
>> Subject: Re: daily security run output and joomla3
>> Date: Sun, 28 Jan 2018 17:38:10 +0000
>>
>>>> You can try "pkg check -r", see man pkg-check
>>>
>>> Unfortunately, that has no affect.
>>
>> Accoding to the messages of security periodic sript, the problrem is
>> not checksum mismatch but lost of package files. And "pkg check -r"
>> cannot recover it. So you should reinstall www/joomla3.
>>
> But as the OP notes, the joomla3 instructions *REQUIRE*
> removal of the install directory for security reasons, so
> I understand where he is coming from.
>
> As the maintainer, I'm not sure how to fix it.
>
At a minimum, the install directory parts should be moved out of the
actual package. If we had sub-packages, this would be an ideal
application -- you could make a temporary sub-package of the
installation bits. Unfortunately we don't have sub-packages yet, so...
How about installing the installation sub-directory as part of the
examples: still part of the package, but outside the web-root so
inaccessible during normal operation? Create a sym-link as required to
hook the installation parts into the web-root as needed -- perhaps use a
POST-INSTALL script for this? Or write a small script and add it to the
package as an aid to adding or removing the sym-link easily.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 992 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20180128/47e71742/attachment.sig>
More information about the freebsd-ports
mailing list