From nobody@FreeBSD.org  Thu Jul 24 13:48:32 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 17C2B1065671
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 24 Jul 2008 13:48:32 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 213978FC2A
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 24 Jul 2008 13:48:32 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m6ODmVOh090622
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 24 Jul 2008 13:48:31 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m6ODmVNe090621;
	Thu, 24 Jul 2008 13:48:31 GMT
	(envelope-from nobody)
Message-Id: <200807241348.m6ODmVNe090621@www.freebsd.org>
Date: Thu, 24 Jul 2008 13:48:31 GMT
From: Bruce Cran <bruce@cran.org.uk>
To: freebsd-gnats-submit@FreeBSD.org
Subject: pkg_add(1) doesn't prompt for root credentials and then fails badly
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         125932
>Category:       bin
>Synopsis:       pkg_add(1) doesn't prompt for root credentials and then fails badly
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    portmgr
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 24 13:50:06 UTC 2008
>Closed-Date:    Wed May 28 14:58:11 UTC 2014
>Last-Modified:  Wed May 28 14:58:11 UTC 2014
>Originator:     Bruce Cran
>Release:        7.0
>Organization:
>Environment:
FreeBSD bsdbox01 7.0-RELEASE FreeBSD 7.0-RELEASE #1: Thu Feb 28 16:53:28 GMT 2008     bruccran@bsdbox01:/usr/obj/usr/src/sys/MYKERNEL  i386
>Description:
Running pkg_add as a normal user fails. It should check if it's being run under root credentials and if not either abort or prompt for the root password.  The following errors are currently displayed:

> pkg_add -r gkrellm
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.0-release/Latest/gkrellm.tbz... Done.
man/man8/gkrellmd.8.gz: Can't create 'man/man8/gkrellmd.8.gz': Permission denied
include/gkrellm2/gkrellmd.h: Failed to create dir 'include/gkrellm2': No such file or directoryCan't create 'include/gkrellm2/gkrellmd.h': No such file or directory
libdata/pkgconfig/gkrellmd.pc: Can't create 'libdata/pkgconfig/gkrellmd.pc': Permission denied
sbin/gkrellmd: Can't create 'sbin/gkrellmd': Permission denied
tar: Error exit delayed from previous errors.
pkg_add: extract_plist: can not invoke 156 byte tar pipeline: /usr/bin/tar cf - man/man8/gkrellmd.8.gz include/gkrellm2/gkrellmd.h libdata/pkgconfig/gkrellmd.pc sbin/gkrellmd|/usr/bin/tar --unlink -xpPf - -C /usr/local

>How-To-Repeat:
Run pkg_add -r as a non-root user.
>Fix:


>Release-Note:
>Audit-Trail:

From: "Garrett Cooper" <yanefbsd@gmail.com>
To: "Bruce Cran" <bruce@cran.org.uk>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: bin/125932: pkg_add(1) doesn't prompt for root credentials and then fails badly
Date: Thu, 24 Jul 2008 11:18:31 -0700

 The issue isn't the fact that you're running as non-root; it's that
 someone's not checking to see whether or not a fetch init succeeded
 (filehandle's open, writing's being done) before continuing.
 
 I'll fix this later on tonight when I get back from San Jose.
 
 Cheers,
 -Garrett

From: "Garrett Cooper" <yanefbsd@gmail.com>
To: "Bruce Cran" <bruce@cran.org.uk>
Cc: bug-followup@freebsd.org
Subject: Re: bin/125932: pkg_add(1) doesn't prompt for root credentials and then fails badly
Date: Thu, 11 Sep 2008 23:24:33 -0700

 On Tue, Sep 9, 2008 at 1:23 PM, Bruce Cran <bruce@cran.org.uk> wrote:
 > On Thu, 24 Jul 2008 11:18:31 -0700
 > "Garrett Cooper" <yanefbsd@gmail.com> wrote:
 >
 >> On Thu, Jul 24, 2008 at 6:48 AM, Bruce Cran <bruce@cran.org.uk> wrote:
 >> >>How-To-Repeat:
 >> > Run pkg_add -r as a non-root user.
 >> >>Fix:
 >>
 >> The issue isn't the fact that you're running as non-root; it's that
 >> someone's not checking to see whether or not a fetch init succeeded
 >> (filehandle's open, writing's being done) before continuing.
 >>
 >> I'll fix this later on tonight when I get back from San Jose.
 >>
 >
 > Did you make any progress with this?
 
 I thought I made a comment about this earlier, but apparently I didn't
 send it out or it wasn't recorded:
 
 Symptom:
 
 The issue is caused by tar in the PUSHOUT macro in add/extract.c as
 identified below, during the extract. If and when the tar stuff is
 replaced with libarchive, this issue will fail sooner (and this should
 be done because this would save a lot of time and resources when
 extracting large packages like openoffice):
 
 #define PUSHOUT(todir) /* push out string */ \
    if (where_count > (int)sizeof(STARTSTRING)-1) { \
        strcat(where_args, "|/usr/bin/tar --unlink -xpPf - -C "); \
        strcat(where_args, todir); \
        if (system(where_args)) { \ /*** XXX: FAILS HERE ***/
            cleanup(0); \
            errx(2, "%s: can not invoke %ld byte tar pipeline: %s", \
                 __func__, (long)strlen(where_args), where_args); \
        } \
 
 Real problem:
 
 The actual problem is that the master and slave pkg_add processes
 aren't communicating properly with one another, s.t. the slave
 instances aren't breaking the master execution at the first sign of
 failure.
 
 HTH,
 -Garrett

From: "Garrett Cooper" <yanefbsd@gmail.com>
To: "Bruce Cran" <bruce@cran.org.uk>
Cc: bug-followup@freebsd.org, freebsd-bugs@freebsd.org
Subject: Re: bin/125932: pkg_add(1) doesn't prompt for root credentials and then fails badly
Date: Sun, 14 Sep 2008 21:10:09 -0700

 On Thu, Sep 11, 2008 at 11:24 PM, Garrett Cooper <yanefbsd@gmail.com> wrote:
 > On Tue, Sep 9, 2008 at 1:23 PM, Bruce Cran <bruce@cran.org.uk> wrote:
 >> On Thu, 24 Jul 2008 11:18:31 -0700
 >> "Garrett Cooper" <yanefbsd@gmail.com> wrote:
 >>
 >>> On Thu, Jul 24, 2008 at 6:48 AM, Bruce Cran <bruce@cran.org.uk> wrote:
 >>> >>How-To-Repeat:
 >>> > Run pkg_add -r as a non-root user.
 >>> >>Fix:
 >>>
 >>> The issue isn't the fact that you're running as non-root; it's that
 >>> someone's not checking to see whether or not a fetch init succeeded
 >>> (filehandle's open, writing's being done) before continuing.
 >>>
 >>> I'll fix this later on tonight when I get back from San Jose.
 >>>
 >>
 >> Did you make any progress with this?
 >
 > I thought I made a comment about this earlier, but apparently I didn't
 > send it out or it wasn't recorded:
 >
 > Symptom:
 >
 > The issue is caused by tar in the PUSHOUT macro in add/extract.c as
 > identified below, during the extract. If and when the tar stuff is
 > replaced with libarchive, this issue will fail sooner (and this should
 > be done because this would save a lot of time and resources when
 > extracting large packages like openoffice):
 >
 > #define PUSHOUT(todir) /* push out string */ \
 >   if (where_count > (int)sizeof(STARTSTRING)-1) { \
 >       strcat(where_args, "|/usr/bin/tar --unlink -xpPf - -C "); \
 >       strcat(where_args, todir); \
 >       if (system(where_args)) { \ /*** XXX: FAILS HERE ***/
 >           cleanup(0); \
 >           errx(2, "%s: can not invoke %ld byte tar pipeline: %s", \
 >                __func__, (long)strlen(where_args), where_args); \
 >       } \
 >
 > Real problem:
 >
 > The actual problem is that the master and slave pkg_add processes
 > aren't communicating properly with one another, s.t. the slave
 > instances aren't breaking the master execution at the first sign of
 > failure.
 >
 > HTH,
 > -Garrett
 
 Here's a proposed patch for the first set of cleanup to pkg_install:
 <http://pastebin.com/f1cee71c2>, and some fixing to alleviate the
 issue in bin/125932.
 
 Rather than biting off more than I can chew with the perforce project,
 I'm going to work off the changes Anders has made and incrementally
 polish pkg_install (like I should have done last year -_-...)
 
 This patch causes pkg_install to error out at the first sign of
 install failure (which could take a while as it's still using tar(1)
 to extract archives in add/extract.c), BUT in getFileByURL I've
 completely replaced the tar requirement in lib/url.c with
 archive(3)'s, quite handy hooks for writing to files. So don't be
 alarmed when you see that the file has grown 4 times ;)...
 
 This patch hasn't gotten much mileage, other than a few failure and
 success cases, so if others could please take a look at this and
 provide comments I'd much appreciate it.
 
 Cheers,
 -Garrett
 
 PS Packages might not be dumped in the correct spot -- I just chose
 /var/tmp, but if someone could point me to the "industry standard"
 location that portupgrade uses for instance, I'd be more than happy to
 point there.

From: Bruce Cran <bruce@cran.org.uk>
To: Garrett Cooper <yanefbsd@gmail.com>
Cc: bug-followup@freebsd.org, freebsd-bugs@freebsd.org
Subject: Re: bin/125932: pkg_add(1) doesn't prompt for root credentials and
 then fails badly
Date: Sat, 11 Oct 2008 19:53:04 +0100

 Garrett Cooper wrote:
 > Here's a proposed patch for the first set of cleanup to pkg_install:
 > <http://pastebin.com/f1cee71c2>, and some fixing to alleviate the
 > issue in bin/125932.
 >
 > Rather than biting off more than I can chew with the perforce project,
 > I'm going to work off the changes Anders has made and incrementally
 > polish pkg_install (like I should have done last year -_-...)
 >
 > This patch causes pkg_install to error out at the first sign of
 > install failure (which could take a while as it's still using tar(1)
 > to extract archives in add/extract.c), BUT in getFileByURL I've
 > completely replaced the tar requirement in lib/url.c with
 > archive(3)'s, quite handy hooks for writing to files. So don't be
 > alarmed when you see that the file has grown 4 times ;)...
 >
 > This patch hasn't gotten much mileage, other than a few failure and
 > success cases, so if others could please take a look at this and
 > provide comments I'd much appreciate it.
 >
 > Cheers,
 > -Garrett
 >
 > PS Packages might not be dumped in the correct spot -- I just chose
 > /var/tmp, but if someone could point me to the "industry standard"
 > location that portupgrade uses for instance, I'd be more than happy to
 > point there.
 >   
 
 Which release is the patch against? It doesn't apply cleanly to HEAD 
 sources and I don't think it works on 7.1-PRERELEASE either - I can't 
 see a version of pkg_install/Makefile from 2008-09-08 in cvsweb.
  
 It looks like the ports infrastructure and portmaster put packages in 
 /usr/ports/packages.  From portmaster(8):
 "The directory pointed to by the PACKAGES variable (by default 
 /usr/ports/packages) will be used to store new and backup packages. When 
 using 'make package' for the -g option, the ports infrastructure will 
 store packages in /usr/ports/packages/All, aka PKGREPOSITORY. When using 
 the -b option, portmaster stores its backup packages in 
 /usr/ports/packages/portmaster-backup so that you can create both a 
 backup package of the newly installed port even if they have the same 
 version."
 
 -- 
 Bruce Cran
Responsible-Changed-From-To: freebsd-bugs->portmgr 
Responsible-Changed-By: flz 
Responsible-Changed-When: Thu Apr 1 17:20:47 UTC 2010 
Responsible-Changed-Why:  
pkg_install is maintained by portmgr. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=125932 
State-Changed-From-To: open->closed 
State-Changed-By: bapt 
State-Changed-When: Wed May 28 14:58:10 UTC 2014 
State-Changed-Why:  
pkg_install is not being worked on anymore 

http://www.freebsd.org/cgi/query-pr.cgi?pr=125932 
>Unformatted:
