localpkg script changes

Mike Makonnen mtm at identd.net
Fri Jul 16 00:55:43 PDT 2004 

On Wed, Jul 14, 2004 at 01:08:13PM +0200, Oliver Eikemeier wrote:
> Mike Makonnen wrote:
> 
> >Hi folks,
> >
> >I was looking at integrating ports rc.d scripts a bit better, and the 
> >following is
> >what I came up with. I would appreciate reviews, tests, etc..
> [...]
> >Ports related rc.d cleanups:
> >[...]
> >o The rc.d ports scripts should now behave more like base system 
> >scripts.
> >  Scripts ending in .sh will be sourced into the current shell, while 
> >the
> >  rest will be executed in a subshell. Previously, all ports scripts,
> >  regardless of the .sh suffix, were executed in a subshell.
> 
> You can't do this, since it might break too many ports. See PR 56736 for 
> an alternate approach.

Yes, I noticed that this broke cups.sh on my system. I had intended to
mention that this would, at a minimum, require a HEADS UP to ports@ before
committing, but clicked "Send" to quickly...

To address some of your concerns:
1. Ports startup scripts breaking:
 Part of this was my fault. When I committed rc.d/localpkg I should have
 anticipated that ports scripts would start using rc.d style scripts, and
 should have essentially committed this patch then. But I didn't. That
 may have been short-sightedness on my part, but it would have been
 nice if ports@ could have coordinated with rc@ (or at the time
 freebsd-rc at yahoogroups.com) before starting to use rc.d style scripts.

 As I see it now, ports scripts *are* broken because, among other
 things, they expect .sh scripts to be sourced in a sub-shell. The
 only problem I see with this is that some of the scripts call
 exit, which would essentially also exit the localpkg script before
 it had a chance to run the rest of the ports scripts.

 As far as I am concerned rc.d behaviour is that .sh scripts are
 sourced in the current shell, and others in a subshell. All scripts,
 be they base or ports should follow this behaviour. To have
 inconsistent behaviour between base and ports scripts is a
 bug IMO. The PR you cited mentioned something about changing the
 suffixes, but I think that would be a gratuitous digression from
 behaviour in NetBSD.

 In short: current ports scripts behaviour is broken and should be
 changed as soon as possible instead of trying to patch rc.d/localpkg
 to accept and propagate their brokeness through 5-STABLE.

2. Starting base rc.d and ports rc.d scripts together from /etc/rc:
 The last patch in the PR seems to be a fairly practical way of doing
 this, but would require some broader discussion. I'm also a little
 uncomfortable about it because mixing in ports daemons with base system
 daemons in a way that is not deterministic at startup may have security
 implications. It's fairly
 easy for an administrator to audit the base system startup order, but
 when you start introducing ports (third party applications of varying
 quality) into the mix it becomes a lot harder to know if you are introducing
 a source of insecurity. This may or may not be a valid concern, but this
 close to 5-STABLE I think we should hold off on it. In anycase I think
 this is a separate issue and should be dealt with separately.

Cheers.
-- 
Mike Makonnen  | GPG-KEY: http://www.identd.net/~mtm/mtm.asc
mtm at identd.net | Fingerprint: AC7B 5672 2D11 F4D0 EBF8  5279 5359 2B82 7CD4 1F55
mtm at FreeBSD.Org| FreeBSD - Unleash the Daemon !

More information about the freebsd-rc mailing list