From wefa@nxcon.nexgo.lab.arcor.de  Mon Feb 12 14:24:22 2001
Return-Path: <wefa@nxcon.nexgo.lab.arcor.de>
Received: from nxcon.nexgo.lab.arcor.de (nxcon.nexgo.lab.arcor.de [145.253.194.34])
	by hub.freebsd.org (Postfix) with ESMTP id A1AB537B491
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 12 Feb 2001 14:24:21 -0800 (PST)
Received: (from root@localhost)
	by nxcon.nexgo.lab.arcor.de (8.9.3/8.9.3) id XAA84980;
	Mon, 12 Feb 2001 23:24:20 +0100 (CET)
	(envelope-from wefa)
Message-Id: <200102122224.XAA84980@nxcon.nexgo.lab.arcor.de>
Date: Mon, 12 Feb 2001 23:24:20 +0100 (CET)
From: wefa@nxcon.nexgo.lab.arcor.de (dont use that address)
Reply-To: christoph.weber-fahr@arcor.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: bind8 port doesnt remove/rename original named
X-Send-Pr-Version: 3.2

>Number:         25045
>Category:       ports
>Synopsis:       the bind8 port leaves the original bind in place.
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 12 14:30:01 PST 2001
>Closed-Date:    Mon Feb 12 14:59:38 PST 2001
>Last-Modified:  Thu Feb 15 12:30:04 PST 2001
>Originator:     Christoph Weber-Fahr
>Release:        FreeBSD 4.1-RELEASE i386
>Organization:
Mannesmann Arcor
>Environment:

	nothing special. Ports collection cvsupped to today's 
	version

>Description:

	the bind8 port installs all its stuff in usr local, leaving 
	the original bind stuff in place.
	it should at least tell you this. else you have two named etc
	in place, probably the new one will not get used at all.

	People have come to the point expecting the ports collection
	'doing the right thing'. Here it doesn't

>How-To-Repeat:

	install bind8 port (for, ahem, obvious reasons). Start named.
 	Marvel.

>Fix:

	ideal: rename all original bind files to %s.original
	       put symlinks in their place to point to the new thing
	alternative: put some blurb into the Make install procedure
		     warning the user about that



>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: sf 
State-Changed-When: Mon Feb 12 14:59:38 PST 2001 
State-Changed-Why:  
man rc.conf 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25045 

From: Cyrille Lefevre <clefevre@poboxes.com>
To: christoph.weber-fahr@arcor.net
Cc: FreeBSD-gnats-submit@FreeBSD.ORG, DougB@FreeBSD.ORG
Subject: Re: ports/25045: bind8 port doesnt remove/rename original named
Date: 13 Feb 2001 15:28:25 +0100

 wefa@nxcon.nexgo.lab.arcor.de (dont use that address) writes:
 
 > >Description:
 > 
 > 	the bind8 port installs all its stuff in usr local, leaving 
 > 	the original bind stuff in place.
 
 well, and where is the problem !
 
 > 	it should at least tell you this. else you have two named etc
 > 	in place, probably the new one will not get used at all.
 
 the answer is :
 
 echo named_program=/usr/local/sbin/named >> /etc/rc.conf
 
 > 	People have come to the point expecting the ports collection
 > 	'doing the right thing'. Here it doesn't
 
 no, you doesn't do the right things.
 
 > 	ideal: rename all original bind files to %s.original
 > 	       put symlinks in their place to point to the new thing
 
 in any case, a port have to do something w/ system installed stuffs.
 
 > 	alternative: put some blurb into the Make install procedure
 > 		     warning the user about that
 
 maybe this could be done. also, maybe a startup script and some sample
 files could be added to the port.
 
 [CC dougb]
 
 Cyrille.
 --
 home: mailto:clefevre@poboxes.com   UNIX is user-friendly; it's just particular
 work: mailto:Cyrille.Lefevre@edf.fr   about who it chooses to be friends with.
 

From: Christoph.Weber-Fahr@arcor.net
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: ports/25045: the bind8 port leaves the original bind in place.
Date: Thu, 15 Feb 2001 13:47:12 +0100

 [re-sent to get it into the audit trail. Suggested patch follows with separate
 mail]
 
 Hello,
 
 > State-Changed-From-To: open->closed
 > State-Changed-Why:
 > man rc.conf
 
 *sigh* Yes, of course. But that's not the issue.
 
 rc.conf is one of a gazillion possibilities to tell
 your system now to use the named from /usr/local.
 Arguably it's even the canonical one.
 
 But that's not what I'm suggesting for a change. I suggest
 either the port makes itself _the_only_one_ or it tells you
 with no unlclear words that it didn't.
 
 Right now it silently installs behind the original and waits
 for better times.
 
 Just how many systems are out there _right_now_ of people that
 think they fixed the recent bind exploits but still run the old
 code ?
 
 I respectfully suggest the PR to be re-opened at least until
 someone finds the time to add some explanatory sentences
 to the end of the install routine of the bind8 port.
 
 Regards
 
 Christoph Weber-Fahr
 
 
 
 
 
 

From: Christoph Weber-Fahr <wefa@analyst.nexgo.lab.arcor.de>
To: sf@freebsd.org, freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: ports/25045: the bind8 port leaves the original bind in place
Date: Thu, 15 Feb 2001 12:54:28 +0100 (CET)

 Hello,
 
 FUJISHIMA Satsuki <sf@FreeBSD.org>
 
 > People should not run any program(particularly daemons) without
 > understanding what they are doing.
 
 Yeah, thanks, I like you, too :-)
 
 Seriously, IMO it's a documentation issue.  I had several systems to
 patch, with various versions of FreeBSD, and I had to get it done
 more or less immediately. 
 
 You don't always have the time to think and double-check
 about everything. Anticipating the very obvious sloppy mistakes
 is a good strategy, IMO. Especially when dealing with security
 matters.
 
 >> At Tue, 13 Feb 2001 01:33:13 +0100,
 >> Christoph.Weber-Fahr@arcor.net wrote:
 >> I respectfully suggest the PR to be re-opened at least until
 >> someone finds the time to add some explanatory sentences
 >> to the end of the install routine of the bind8 port.
 
 > patches appreciated.
 
 I'm afraid it wont get me the Pulitzer, but here we go:
 Regards, Christoph Weber-Fahr
 
 
 
 --- Makefile.orig	Thu Feb 15 12:06:03 2001
 +++ Makefile	Thu Feb 15 12:25:41 2001
 @@ -30,5 +30,18 @@
  	@(cd ${WRKDIR}/doc/man && ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} clean all ${INSTALL_TARGET})
  	${MKDIR} ${PREFIX}/share/doc/bind8
  	${INSTALL_DATA} ${WRKDIR}/doc/html/* ${PREFIX}/share/doc/bind8
 +	@echo  ============================================================
 +	@echo '    *** Attention ! *** Attention ! ***'
 +	@echo 
 +	@echo ' This port did NOT replace the named supplied with FreeBSD '
 +	@echo ' but installed in its own place. '
 +	@echo ' The executables reside now in ${PREFIX}/sbin  '
 +	@echo 
 +	@echo ' You MUST change /etc/rc.conf accordingly and give the full '
 +	@echo ' pathname to start named, both manually or from a config '
 +	@echo ' file. '
 +	@echo
 +	@echo ' If you dont do that, the new named version will not run ! '
 +	@echo  ============================================================
  
  .include <bsd.port.mk>
 
 

From: FUJISHIMA Satsuki <sf@FreeBSD.org>
To: Christoph Weber-Fahr <wefa@analyst.nexgo.lab.arcor.de>
Cc: dougb@freebsd.org, freebsd-gnats-submit@freebsd.org
Subject: Re: ports/25045: the bind8 port leaves the original bind in place
Date: Fri, 16 Feb 2001 01:17:04 +0900

 OK, I modified your patch a bit matching today's fashion.
 I'm going to commit it If you like.
 
 -- 
 FUJISHIMA Satsuki
 
 Index: Makefile
 ===================================================================
 RCS file: /home/ncvs/ports/net/bind8/Makefile,v
 retrieving revision 1.21
 diff -u -r1.21 Makefile
 --- Makefile	2001/01/31 07:21:18	1.21
 +++ Makefile	2001/02/15 16:09:45
 @@ -26,9 +26,13 @@
  PATCH_ARGS=	-d ${WRKDIR}
  PATCH_DIST_ARGS=	-d ${WRKDIR}
  
 +PKGMESSAGE=	${WRKDIR}/message
 +
  post-install:
  	@(cd ${WRKDIR}/doc/man && ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} clean all ${INSTALL_TARGET})
  	${MKDIR} ${PREFIX}/share/doc/bind8
  	${INSTALL_DATA} ${WRKDIR}/doc/html/* ${PREFIX}/share/doc/bind8
 +	${SED} -e 's,@PREFIX@,${PREFIX},g' ${FILESDIR}/message > ${PKGMESSAGE}
 +	@${CAT} ${PKGMESSAGE}
  
  .include <bsd.port.mk>
 Index: files/message
 ===================================================================
 RCS file: message
 diff -N message
 --- /dev/null	Fri Feb 16 01:11:02 2001
 +++ message	Fri Feb 16 01:11:13 2001
 @@ -0,0 +1,14 @@
 +============================================================
 +            *** Attention ! *** Attention ! ***
 +
 +This port did NOT replace the named supplied with FreeBSD 
 +but installed in its own place. 
 +The executables reside now in @PREFIX@
 +
 +You MUST change /etc/rc.conf accordingly and give the full 
 +pathname to start named, both manually or from a config 
 +file. 
 +
 +If you dont do that, the new named version will not run ! 
 +============================================================
 +
 

From: Doug Barton <DougB@gorean.org>
To: FUJISHIMA Satsuki <sf@FreeBSD.org>
Cc: Christoph Weber-Fahr <wefa@analyst.nexgo.lab.arcor.de>,
	<freebsd-gnats-submit@FreeBSD.org>
Subject: Re: ports/25045: the bind8 port leaves the original bind in place
Date: Thu, 15 Feb 2001 11:39:47 -0800 (PST)

 On Fri, 16 Feb 2001, FUJISHIMA Satsuki wrote:
 
 > OK, I modified your patch a bit matching today's fashion.
 > I'm going to commit it If you like.
 
 	Please do not commit this patch.
 
 Thanks,
 
 Doug
 -- 
     "Pain heals. Chicks dig scars. Glory . . . lasts forever."
         -- Keanu Reeves as Shane Falco in "The Replacements"
 
 	Do YOU Yahoo!?
 
 
 

From: Doug Barton <DougB@gorean.org>
To: Cyrille Lefevre <clefevre@poboxes.com>
Cc: <christoph.weber-fahr@arcor.net>,
	<FreeBSD-gnats-submit@FreeBSD.ORG>
Subject: Re: ports/25045: bind8 port doesnt remove/rename original named
Date: Thu, 15 Feb 2001 11:50:50 -0800 (PST)

 On 13 Feb 2001, Cyrille Lefevre wrote:
 
 > wefa@nxcon.nexgo.lab.arcor.de (dont use that address) writes:
 >
 > > >Description:
 > >
 > > 	the bind8 port installs all its stuff in usr local, leaving
 > > 	the original bind stuff in place.
 
 	As previously mentioned, that is what the ports are supposed to
 do. Use of the ports presupposes a certain small amount of knowledge of
 how they work.
 
 > the answer is :
 >
 > echo named_program=/usr/local/sbin/named >> /etc/rc.conf
 
 	That would not be a good idea at all. Many people install ports of
 software that is included in the system already for many different
 reasons. It's extremely common to install a local copy of something, spend
 time "off line" configuring and testing it, and only enabling it when it's
 ready. Your suggestion would put the sysadmin in an awful spot if the box
 rebooted unexpectedly.
 
 	Closing this PR was the appropriate action. No further action
 needs to be taken.
 
 Thanks,
 
 Doug
 -- 
     "Pain heals. Chicks dig scars. Glory . . . lasts forever."
         -- Keanu Reeves as Shane Falco in "The Replacements"
 
 	Do YOU Yahoo!?
 
 
 

From: Christoph.Weber-Fahr@arcor.net
To: Doug Barton <DougB@gorean.org>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: ports/25045: bind8 port doesnt remove/rename original named
Date: Thu, 15 Feb 2001 21:21:00 +0100

 Quoting Doug Barton <DougB@gorean.org>:
 
 > On 13 Feb 2001, Cyrille Lefevre wrote:
 
 > > wefa@nxcon.nexgo.lab.arcor.de (dont use that address) writes:
 >
 > > > >Description:
 > > >
 > > >     the bind8 port installs all its stuff in usr local, leaving
 > > >     the original bind stuff in place.
 
 > > the answer is :
 > >
 > > echo named_program=/usr/local/sbin/named >> /etc/rc.conf
 
 >    That would not be a good idea at all.
 
 I guess Cyrille meant me (and not the port) doing this.
 Which I agree to - that's not the way I would a port expect to behave.
 
 >    Closing this PR was the appropriate action. No further action
 > needs to be taken.
 
 As noted, here I disagree, having submitted a mini patch to put some
 warning blurb echoed at the end of the install process.
 
 Regards
 
 Christoph Weber-Fahr
 
 
 
>Unformatted:
