From scheidell@secnap.net  Thu Jan  5 03:48:19 2012
Return-Path: <scheidell@secnap.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3C72B106564A
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  5 Jan 2012 03:48:19 +0000 (UTC)
	(envelope-from scheidell@secnap.net)
Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [204.89.241.253])
	by mx1.freebsd.org (Postfix) with ESMTP id EB4CE8FC13
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  5 Jan 2012 03:48:18 +0000 (UTC)
Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [10.70.1.253])
	by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id 7F5DB621C45
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  4 Jan 2012 22:48:18 -0500 (EST)
Received: from scanner.secnap.net (unknown [10.70.1.4])
	by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id B51E2621C05
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  4 Jan 2012 22:48:17 -0500 (EST)
Received: by scanner.secnap.net (Postfix, from userid 1001)
	id A5EE01D3D3; Wed,  4 Jan 2012 22:48:17 -0500 (EST)
Message-Id: <20120105034817.A5EE01D3D3@scanner.secnap.net>
Date: Wed,  4 Jan 2012 22:48:17 -0500 (EST)
From: Michael Scheidell <scheidell@freebsd.org>
Reply-To: Michael Scheidell <scheidell@secnap.net>
To: FreeBSD-gnats-submit@freebsd.org
Subject: security/barnyard2 won't start after db crash
X-Send-Pr-Version: 3.113
X-GNATS-Notify: pauls@utdallas.edu

>Number:         163825
>Category:       ports
>Synopsis:       security/barnyard2 won't start after db crash
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    scheidell
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 05 03:50:10 UTC 2012
>Closed-Date:    Fri Jan 06 21:54:04 UTC 2012
>Last-Modified:  Fri Jan  6 22:00:25 UTC 2012
>Originator:     Michael Scheidell
>Release:        FreeBSD 7.4-RELEASE-p3 i386
>Organization:
SECNAP Network Security
>Environment:
>Description:
	if the machine fails, or the db crashes, mysql will be in recovery mode, and barnyard2 won't start:
       (it seems to be ok if mysql-server is started pretty quickly after rc, but if mysql in recovery mode, barnyard2 won't 
start.  

I want to put mysql-server FIRST, but if you check rcorder:


rcorder /etc/rc.d/* /usr/local/etc/rc.d/*
/usr/local/etc/rc.d/barnyard2
/usr/local/etc/rc.d/snort
/etc/rc.d/LOGIN
/usr/local/etc/rc.d/mysql-server

EVEN IF YOU EDIT barnyard2 rc file and put in 'REQUIRE: DAEMON mysql' then won't help the order.
because barnyard2 has BEFORE: LOGIN, and mysql-server has REQUIRE: LOGIN.
(does barnyard2 REALLY need before login)?
>How-To-Repeat:
crash mysql pretty badly.
>Fix:

	this patch will remove BEFORE: LOGIN if you have any db option, and add the correct REQUIRE: () lines.
        if you have NO db selected, it leaves BEFORE: LOGIN.

Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/security/barnyard2/Makefile,v
retrieving revision 1.11
diff -u -r1.11 Makefile
--- Makefile	23 Sep 2011 22:25:08 -0000	1.11
+++ Makefile	5 Jan 2012 03:37:42 -0000
@@ -37,11 +37,23 @@
 CONFIGURE_ARGS+=	--with-mysql \
 			--with-mysql-includes=${LOCALBASE}/include/mysql \
 			--with-mysql-libraries=${LOCALBASE}/lib/mysql
+SUB_LIST+=		MYSQL=" mysql"
+.else
+SUB_LIST+=		MYSQL=""
 .endif
 
 .if defined(WITH_POSTGRESQL)
 USE_PGSQL=		yes
 CONFIGURE_ARGS+=	--with-postgresql
+SUB_LIST+=		PGSQL=" postgresql"
+.else
+SUB_LIST+=		PGSQL=""
+.endif
+
+.if defined(WITH_POSTGRESQL) || defined(WITH_MYSQL)
+SUB_LIST+=		LOGIN="\# KEYWORD: shutdown" KEYWORD=""
+.else
+SUB_LIST+=		LOGIN="\# BEFORE: LOGIN" KEYWORD="\# KEYWORD: shutdown"
 .endif
 
 .if defined(WITH_SNORT)
Index: files/barnyard2.sh.in
===================================================================
RCS file: /home/pcvs/ports/security/barnyard2/files/barnyard2.sh.in,v
retrieving revision 1.4
diff -u -r1.4 barnyard2.sh.in
--- files/barnyard2.sh.in	12 Oct 2011 00:48:13 -0000	1.4
+++ files/barnyard2.sh.in	5 Jan 2012 03:37:42 -0000
@@ -2,9 +2,9 @@
 # 
 
 # PROVIDE: barnyard2
-# REQUIRE: DAEMON
-# BEFORE: LOGIN
-# KEYWORD: shutdown
+# REQUIRE: DAEMON%%MYSQL%%%%PGSQL%%
+%%LOGIN%%
+%%KEYWORD%%
 
 # Add the following lines to /etc/rc.conf to enable barnyard2:
 # barnyard2_enable (bool):	Set to YES to enable barnyard2


______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com/
______________________________________________________________________  
  
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->scheidell 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Thu Jan 5 03:50:25 UTC 2012 
Responsible-Changed-Why:  
Submitter has GNATS access (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=163825 
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Thu Jan 5 03:50:29 UTC 2012 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=163825 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: pauls@utdallas.edu
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/163825: security/barnyard2 won't start after db crash
Date: Thu, 5 Jan 2012 03:50:27 UT

 Maintainer of security/barnyard2,
 
 Please note that PR ports/163825 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/163825
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org

From: Paul Schmehl <pauls@utdallas.edu>
To: bug-followup@FreeBSD.org
Cc: Edwin Groothuis <edwin@FreeBSD.org>
Subject: Re: ports/163825: security/barnyard2 won't start after db crash
Date: Wed, 04 Jan 2012 22:25:08 -0600

 --On January 4, 2012 9:50:27 PM -0600 Edwin Groothuis <edwin@FreeBSD.org> 
 wrote:
 
 > Maintainer of security/barnyard2,
 >
 > Please note that PR ports/163825 has just been submitted.
 >
 > If it contains a patch for an upgrade, an enhancement or a bug fix
 > you agree on, reply to this email stating that you approve the patch
 > and a committer will take care of it.
 >
 > The full text of the PR can be found at:
 >     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/163825
 >
 > --
 > Edwin Groothuis via the GNATS Auto Assign Tool
 > edwin@FreeBSD.org
 
 Since REQUIRE does not guarantee that the service will be running, I'm not 
 sure this is the best way to solve this problem.  It may be better to have 
 a section in the script that checks for the existence of a running 
 instance of the db in question.
 
 I'm going to need to think about this one some more before deciding if 
 this is the right approach.
 
 Paul Schmehl (pauls@utdallas.edu)
 Senior Information Security Analyst
 The University of Texas at Dallas
 http://www.utdallas.edu/ir/security/
 

From: Michael Scheidell <scheidell@freebsd.org>
To: <bug-followup@FreeBSD.org>
Cc:  
Subject: Re: ports/163825: security/barnyard2 won&#39;t start after db crash
Date: Thu, 5 Jan 2012 07:24:35 -0500

 I thought about it for a while.
 It was a matter of what is the easiest thing to do, with the most impact.
 Real solution might be to make barnyard more resilience (but I am 
 waiting for barnyard2, version .. that new one with snortsam in it to 
 become stable)
 
 So right now, this is a race condition, or chicken or eff thing.
 With barnyard2 starting first, as it is now, and mysql-server starting 
 later in the rcorder chain, it waits for (x seconds) for an sql 
 connection, retrying for a certain amount of time.  If mysql is fine, 
 the time it takes for mysql to start is small enough that barnyard 
 doesn't exit.
 If mysql crashed, and needs to rebuilt itself from logs, it take longer.
 
 This patch removes optionally the BEFORE: LOGIN, which is what prevented 
 the 'REQUIRES: *mysql' from moving this up in the start order, based on 
 option knob so that mysql-server starts first.  if mysql starts first in 
 rcorder, AND IT FAILS, this changes nothing, barnyard2 still won't 
 start, but never would.  However, if mysql-server starts first, before 
 barnyard2, then it will clean out its logs and transactions and be ready 
 for barnyard2.
 
 Not a perfect solution, but,
 1, it can't hurt (tm)
 2. it was the 'cheapest' solution.
 
 -- 
 Michael Scheidell, CTO
 o: 561-999-5000
 d: 561-948-2259
  >*| *SECNAP Network Security Corporation
 
     * Best Mobile Solutions Product of 2011
     * Best Intrusion Prevention Product
     * Hot Company Finalist 2011
     * Best Email Security Product
     * Certified SNORT Integrator
 

From: Paul Schmehl <pauls@utdallas.edu>
To: bug-followup@FreeBSD.org
Cc: Michael Scheidell <scheidell@freebsd.org>
Subject: Re: ports/163825: security/barnyard2 won't start after db crash
Date: Thu, 05 Jan 2012 21:02:02 -0600

 Michael, the mysql script has # REQUIRE: LOGIN.  I'm wondering if simply 
 removing the # BEFORE: LOGIN line from the barnyard2 script wouldn't solve 
 the problem.  Optionally, we could also add # REQUIRE: DAEMON mysql 
 postgresql, because even if they're not installed the script will still 
 start the barnyard2 daemon (if I'm reading rcorder(8) correctly.)
 
 "The ``REQUIRE'' keyword is misleading: It doesn't describe which daemons
      have to be running before a script will be started.  It describes 
 which
      scripts must be placed before it in the dependency ordering.  For 
 exam-
      ple, if your script has a ``REQUIRE'' on ``named'', it means the 
 script
      must be placed after the ``named'' script in the dependency ordering, 
 not
      necessarily that it requires named(8) to be started or enabled."
 
 It doesn't really say what happens if the script doesn't exist, so I'm not 
 sure adding the REQUIRE option would work in every case.
 
 Paul Schmehl (pauls@utdallas.edu)
 Senior Information Security Analyst
 The University of Texas at Dallas
 http://www.utdallas.edu/ir/security/
 

From: Michael Scheidell <scheidell@freebsd.org>
To: <bug-followup@FreeBSD.org>
Cc:  
Subject: Re: ports/163825: security/barnyard2 won't start after db crash
Date: Fri, 6 Jan 2012 10:07:35 -0500

 On 1/5/12 10:02 PM, Paul Schmehl wrote:
 > Michael, the mysql script has # REQUIRE: LOGIN.  I'm wondering if 
 > simply removing the # BEFORE: LOGIN line from the barnyard2 script 
 > wouldn't solve the problem.  Optionally, we could also add # REQUIRE: 
 > DAEMON mysql postgresql, because even if they're not installed the 
 > script will still start the barnyard2 daemon (if I'm reading 
 > rcorder(8) correctly.)
 removing # BEFORE: Login only allows barnyard to be considered in normal 
 alpha order in ../rc.d/*.  so, it HELPS, but without the REQUIRE: 
 (mysql), it would still be before it,
 
 one more thing, rc.shutdown does it in reverse order, so, either my 
 original patch, or as you suggested, just take our BEFORE: LOGIN, and 
 make the REQUIRE line include all the possible db's/
 
 either should work (still need to take out BEFORE: LOGIN)
 
 my patch would just keep it from complaining (warning).
 
 your port, your choice.
 
 my patch or just remove BEFORE: LOGIN and add mysql postgresql to rc file.
 (but then again, if you have BOTH mysql and postgress installed, and 
 enabled in rc.conf, barnard would need to wait for both of them, needlessly)
 
 my real time/robotics background always says 'don't like warnings, and 
 don't like starting things we dont' need' :-)
 
 -- 
 Michael Scheidell, CTO
 o: 561-999-5000
 d: 561-948-2259
  >*| *SECNAP Network Security Corporation
 
     * Best Mobile Solutions Product of 2011
     * Best Intrusion Prevention Product
     * Hot Company Finalist 2011
     * Best Email Security Product
     * Certified SNORT Integrator
 

From: Paul Schmehl <pauls@utdallas.edu>
To: bug-followup@FreeBSD.org
Cc: Michael Scheidell <scheidell@freebsd.org>
Subject: Re: ports/163825: security/barnyard2 won't start after db crash
Date: Fri, 06 Jan 2012 15:41:00 -0600

 Let's do this, then.  Retain the code you provided, but remove BEFORE: 
 LOGIN entirely.  There's really no need for it.  Then your changes would 
 simply add REQUIRE: the appropriate db based on the OPTIONS KNOBS.
 
 Sound reasonable?
 
 -- 
 Paul Schmehl (pauls@utdallas.edu)
 Senior Information Security Analyst
 The University of Texas at Dallas
 http://www.utdallas.edu/infosecurity/
 
State-Changed-From-To: feedback->closed 
State-Changed-By: scheidell 
State-Changed-When: Fri Jan 6 21:53:43 UTC 2012 
State-Changed-Why:  
Thanks Paul! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=163825 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/163825: commit references a PR
Date: Fri,  6 Jan 2012 21:53:45 +0000 (UTC)

 scheidell    2012-01-06 21:53:32 UTC
 
   FreeBSD ports repository
 
   Modified files:
     security/barnyard2   Makefile 
     security/barnyard2/files barnyard2.sh.in 
   Log:
   - Selectivly adds mysql/and/or postgresql to rc script 'REQUIRES:'
   
   PR:             ports/163825
   Submitted by:   scheidell
   Approved by:    pauls@utdallas.edu (maintainer), gabor (mentor, implicit)
   
   Revision  Changes    Path
   1.12      +6 -0      ports/security/barnyard2/Makefile
   1.5       +1 -3      ports/security/barnyard2/files/barnyard2.sh.in
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
