Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap
On Sat, Aug 25, 2012 at 06:34:43PM -0500, CyberLeo Kitsana wrote: On 08/24/2012 07:01 PM, Baptiste Daroussin wrote: Can anyone give me he details on the security related problem? Off the top of my head, it seems to represent a break in the chain of trust: how does the bootstrapper verify that the tarball it just downloaded to bootstrap pkg is genuine, and not, for example, a trojan? The source in usr.sbin/pkg/pkg.c[1] doesn't seem to suggest it cares. Indeed it does not care, and the current security features are insufficient (unless the bootstrapper can use the signed sqlite db to verify the pkg package). I think the fix is to modify 'pkg repo' so it detects the pkg package and creates a separate signature for it which can be verified by the bootstrapper, without needing sqlite. The public key for this signature will have to be distributed with base (like the public keys for freebsd-update and portsnap). -- Jilles Tjoelker ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap
On Sun, Aug 26, 2012 at 02:26:50PM +0200, Jilles Tjoelker wrote: On Sat, Aug 25, 2012 at 06:34:43PM -0500, CyberLeo Kitsana wrote: On 08/24/2012 07:01 PM, Baptiste Daroussin wrote: Can anyone give me he details on the security related problem? Off the top of my head, it seems to represent a break in the chain of trust: how does the bootstrapper verify that the tarball it just downloaded to bootstrap pkg is genuine, and not, for example, a trojan? The source in usr.sbin/pkg/pkg.c[1] doesn't seem to suggest it cares. Indeed it does not care, and the current security features are insufficient (unless the bootstrapper can use the signed sqlite db to verify the pkg package). I think the fix is to modify 'pkg repo' so it detects the pkg package and creates a separate signature for it which can be verified by the bootstrapper, without needing sqlite. The public key for this signature will have to be distributed with base (like the public keys for freebsd-update and portsnap). The is the longer plan but this with also true with pkg_add -r, and the pkg bootstrap may it be pkg-bootstrap or /usr/sbin/pkg. We have been discussing with Security officers and we are waiting for the plan being written and setup by them, so we can improved security in both pkgng and the bootstrap. This should have happen in BSDCan, but lack of time from everyone, didn't made it happen, we are now aiming at Cambridge DevSummit for that. Given that such a security issue is already in with the current pkg_* tools, it was accepting that we can still go that way until the policy is written, given that the final goal is to have the pkgng package checked against a signature. regards, Bapt pgpq7mGVszNBc.pgp Description: PGP signature
Re: less aggressive contigmalloc ?
On Fri, Aug 24, 2012 at 11:56:06AM -0500, Alan Cox wrote: On 08/24/2012 11:54, Luigi Rizzo wrote: On Fri, Aug 24, 2012 at 11:12:51AM -0500, Alan Cox wrote: On 08/24/2012 09:57, Luigi Rizzo wrote: On Fri, Aug 24, 2012 at 12:43:33AM -0500, Alan Cox wrote: On 08/23/2012 12:45, Luigi Rizzo wrote: On Thu, Aug 23, 2012 at 12:08:40PM -0500, Alan Cox wrote: ... yes i do see that. Maybe less aggressive with M_NOWAIT but still kills processes. Are you compiling world with MALLOC_PRODUCTION? The latest version of whatever the default is. But: jemalloc uses significantly more memory when debugging options are enabled. This first came up in a thread titled 10-CURRENT and swap usage back in June. Even at its most aggressive, M_WAITOK, contigmalloc() does not directly kill processes. If process death coincides with the use of contigmalloc(), then it is simply the result of earlier, successful contigmalloc() calls, or for that matter any other physical memory allocation calls, having depleted the pool of free pages to the point that the page daemon runs and invokes vm_pageout_oom(). does it mean that those previous allocations relied on memory overbooking ? Yes. Is there a way to avoid that, then ? I believe that malloc()'s default minimum allocation size is 4MB. You could reduce that. Alternatively, you can enable MALLOC_PRODUCTION. i tried this, and as others mentioned it makes life better and reduces the problem but contigmalloc still triggers random process kills. I would be curious to see a stack backtrace when vm_pageout_oom() is called. you mean a backtrace of the process(es) that get killed ? No, a backtrace showing who called vm_pageout_oom(). Simply add a kdb_backtrace() call at the start of vm_pageout_oom(). There are two possibilities. I want to know which it is. this is dmesg when I add kdb_backtrace() at the start of vm_pageout_oom() The '... netmap_finalize_obj_allocator... are from my calls to contigmalloc, each one doing one-page allocations. I get 7-8 'KDB: stack backtrace' blocks, then allocations restart successfully, then more failures... The reference to fork_exit() does not seem right, because i am in a block where i call contigmalloc, so the caller of vm_pageout_grow_cache() should be kmem_alloc_contig(). 630.004926 netmap_finalize_obj_allocator [593] cluster at 8910 ok 630.005563 netmap_finalize_obj_allocator [593] cluster at 8912 ok 630.006077 netmap_finalize_obj_allocator [593] cluster at 8914 ok KDB: stack backtrace: X_db_sym_numargs() at X_db_sym_numargs+0x1aa vm_pageout_oom() at vm_pageout_oom+0x19 vm_pageout_grow_cache() at vm_pageout_grow_cache+0xd01 fork_exit() at fork_exit+0x11c fork_trampoline() at fork_trampoline+0xe --- trap 0, rip = 0, rsp = 0xff8005f12cb0, rbp = 0 --- KDB: stack backtrace: X_db_sym_numargs() at X_db_sym_numargs+0x1aa vm_pageout_oom() at vm_pageout_oom+0x19 vm_pageout_grow_cache() at vm_pageout_grow_cache+0xd01 fork_exit() at fork_exit+0x11c fork_trampoline() at fork_trampoline+0xe --- trap 0, rip = 0, rsp = 0xff8005f12cb0, rbp = 0 --- ... Some of the processes must be 'getty' because i also find this line in dmesg: 118Aug 26 16:47:11 init: getty repeating too quickly on port /dev/ttyv7, sleep ing 30 secs cheers luigi ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap
On 08/25/2012 02:49, Julien Laffaye wrote: True. But when you create jails without the installer, you have to install pkgng by hand. Just like all the other ports you have to install in a jail. -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap
On Sun, Aug 26, 2012 at 11:34:08AM -0700, Doug Barton wrote: On 08/25/2012 02:49, Julien Laffaye wrote: True. But when you create jails without the installer, you have to install pkgng by hand. Just like all the other ports you have to install in a jail. -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) We are speaking about binary only packages, not ports. regards, Bapt pgpra0rRIbd1t.pgp Description: PGP signature
Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap
On 08/26/2012 11:37, Baptiste Daroussin wrote: On Sun, Aug 26, 2012 at 11:34:08AM -0700, Doug Barton wrote: On 08/25/2012 02:49, Julien Laffaye wrote: True. But when you create jails without the installer, you have to install pkgng by hand. Just like all the other ports you have to install in a jail. We are speaking about binary only packages, not ports. Um, duh. I have a bad habit of using the terms interchangeably, sorry if I caused confusion. Doesn't change my actual point though. -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap
On 08/26/2012 05:58, Baptiste Daroussin wrote: The is the longer plan but this with also true with pkg_add -r, and the pkg bootstrap may it be pkg-bootstrap or /usr/sbin/pkg. We have been discussing with Security officers and we are waiting for the plan being written and setup by them, so we can improved security in both pkgng and the bootstrap. This should have happen in BSDCan, but lack of time from everyone, didn't made it happen, we are now aiming at Cambridge DevSummit for that. It would be nice if this were in place before 10-current shifted to pkg by default in order to limit the number of times that we have to start testing over from scratch. Given that such a security issue is already in with the current pkg_* tools, it was accepting that we can still go that way until the policy is written, given that the final goal is to have the pkgng package checked against a signature. This isn't the security issue I was talking about by having sbin/pkg pass every command line to local/sbin/pkg. You keep saying that you have no objections to changing the name. I am asking you to do that. I don't care if it is pkg-bootstrap or something else you like better. But please change the name to not be pkg, and limit the functionality of the tool to bootstrapping the pkg package. Doug -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap
On Sun, Aug 26, 2012 at 11:39:07AM -0700, Doug Barton wrote: On 08/26/2012 05:58, Baptiste Daroussin wrote: The is the longer plan but this with also true with pkg_add -r, and the pkg bootstrap may it be pkg-bootstrap or /usr/sbin/pkg. We have been discussing with Security officers and we are waiting for the plan being written and setup by them, so we can improved security in both pkgng and the bootstrap. This should have happen in BSDCan, but lack of time from everyone, didn't made it happen, we are now aiming at Cambridge DevSummit for that. It would be nice if this were in place before 10-current shifted to pkg by default in order to limit the number of times that we have to start testing over from scratch. Given that such a security issue is already in with the current pkg_* tools, it was accepting that we can still go that way until the policy is written, given that the final goal is to have the pkgng package checked against a signature. This isn't the security issue I was talking about by having sbin/pkg pass every command line to local/sbin/pkg. You keep saying that you have no objections to changing the name. I am asking you to do that. I don't care if it is pkg-bootstrap or something else you like better. But please change the name to not be pkg, and limit the functionality of the tool to bootstrapping the pkg package. I received more feedback about keep pkg and changing it to pkg-bootstrap, so what should I do, changing it because you are asking for it? regards, Bapt pgplhRVovYXpP.pgp Description: PGP signature
Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap
On 08/26/2012 11:58, Baptiste Daroussin wrote: On Sun, Aug 26, 2012 at 11:39:07AM -0700, Doug Barton wrote: On 08/26/2012 05:58, Baptiste Daroussin wrote: The is the longer plan but this with also true with pkg_add -r, and the pkg bootstrap may it be pkg-bootstrap or /usr/sbin/pkg. We have been discussing with Security officers and we are waiting for the plan being written and setup by them, so we can improved security in both pkgng and the bootstrap. This should have happen in BSDCan, but lack of time from everyone, didn't made it happen, we are now aiming at Cambridge DevSummit for that. It would be nice if this were in place before 10-current shifted to pkg by default in order to limit the number of times that we have to start testing over from scratch. Given that such a security issue is already in with the current pkg_* tools, it was accepting that we can still go that way until the policy is written, given that the final goal is to have the pkgng package checked against a signature. This isn't the security issue I was talking about by having sbin/pkg pass every command line to local/sbin/pkg. You keep saying that you have no objections to changing the name. I am asking you to do that. I don't care if it is pkg-bootstrap or something else you like better. But please change the name to not be pkg, and limit the functionality of the tool to bootstrapping the pkg package. I received more feedback about keep pkg As far as I could tell the people who responded that way don't seem to be aware that every command to /usr/local/sbin/pkg is going to pass through /usr/sbin/pkg. On its face, that is a bad idea for many reasons, not the least of which is that it adds complexity where that complexity does not need to be. The larger problem with that approach is that gives an attacker 2 places to compromise the package installation process instead of just 1. This becomes even more important if the pkg bootstrap tool is the place that the public key for the digital signature is located. and changing it to pkg-bootstrap, so what should I do, changing it because you are asking for it? A) You said you had no objections to changing it B) I'm not the only one asking Doug -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap
On Sun, 2012-08-26 at 20:58 +0200, Baptiste Daroussin wrote: On Sun, Aug 26, 2012 at 11:39:07AM -0700, Doug Barton wrote: On 08/26/2012 05:58, Baptiste Daroussin wrote: This isn't the security issue I was talking about by having sbin/pkg pass every command line to local/sbin/pkg. You keep saying that you have no objections to changing the name. I am asking you to do that. I don't care if it is pkg-bootstrap or something else you like better. But please change the name to not be pkg, and limit the functionality of the tool to bootstrapping the pkg package. I received more feedback about keep pkg and changing it to pkg-bootstrap, so what should I do, changing it because you are asking for it? Would this get better if the bootstrap tool were named pkg and were installed on a fresh system at /usr/local/sbin, so that it in effect replaces itself with the real thing, and has no need to leave a forwarding stub in /usr/sbin ? Maybe it could rename itself to /usr/local/sbin/pkg-bootstrap as part of replacing itself, so that you could re-bootstrap your way out of a problem later. Hmmm, might have to be careful that future updates don't replace the real thing with a newer bootstrap program. -- Ian ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap
On 08/26/2012 12:08, Ian Lepore wrote: Would this get better if the bootstrap tool were named pkg and were installed on a fresh system at /usr/local/sbin, so that it in effect replaces itself with the real thing, and has no need to leave a forwarding stub in /usr/sbin ? Maybe it could rename itself to /usr/local/sbin/pkg-bootstrap as part of replacing itself, so that you could re-bootstrap your way out of a problem later. That's certainly creative thinking, but I'm still queasy about 2 commands with the same name that do 2 different things. And having it rename itself adds to the confusion down the road. Having a simple pkg bootstrapping tool in the base is a good idea. But the functionality needs to be extremely limited so that we don't increase the security exposure; and so that we don't end up in a situation where a bug fix for something in the base limits our ability to innovate with pkg in the ports tree. Doug -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap
On Thu, Aug 23, 2012 at 03:28:27PM -0700, Doug Barton wrote: On 8/23/2012 3:19 PM, Steve Wills wrote: Hi, It seems to me that renaming the pkg binary in /usr/sbin/pkg to /usr/sbin/pkg-bootstrap would make sense. From a user standpoint, it is confusing that running the command gets different results the second time it is run vs. the first time. I can imagine a user saying I ran pkg, but it didn't do what they said it would. Now I run it again, and it does do what it is supposed to. Also, it would enable setting up a pkg-bootstrap man page separate from the pkg man page, without confusion about which one you're looking at. So, opinions? There may still be time to fix it for 9.1 if we can decide quickly. Yes please. Every time in the past that we have talked about moving the pkg_* tools to the ports the corresponding change for the base was to have a pkg_bootstrap tool that was a use once and forget kind of thing. I was quite surprised when sbin/pkg was added, but since people tell me I already comment on too much, I decided to wait and see what others thought. If I understand correctly, the main concern of the pkg-name fraction is to not confuse newbies. All you write is pkg install foo and pkg will bootstrap itself if not installed. You don't have to call pkg-bootstrap first (how would you know about it anyways? read pkg(8)?) - How about his: stick with /usr/sbin/pkg-boostrap - cat /usr/sbin/pkg EOF #!/bin/sh echo To use pkg you have to bootstrap the pkgng installation first, please call /usr/sbin/pkg-bootstrap EOF - pkg-debootstrap replaces/removes /usr/sbin/pkg messenger (above) after successful installation Alternatively, just call pkg-bootstrap (but this might leave the issue of one command doing two different things..) Regards ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap
On 08/26/2012 13:02, namor wrote: On Thu, Aug 23, 2012 at 03:28:27PM -0700, Doug Barton wrote: On 8/23/2012 3:19 PM, Steve Wills wrote: Hi, It seems to me that renaming the pkg binary in /usr/sbin/pkg to /usr/sbin/pkg-bootstrap would make sense. From a user standpoint, it is confusing that running the command gets different results the second time it is run vs. the first time. I can imagine a user saying I ran pkg, but it didn't do what they said it would. Now I run it again, and it does do what it is supposed to. Also, it would enable setting up a pkg-bootstrap man page separate from the pkg man page, without confusion about which one you're looking at. So, opinions? There may still be time to fix it for 9.1 if we can decide quickly. Yes please. Every time in the past that we have talked about moving the pkg_* tools to the ports the corresponding change for the base was to have a pkg_bootstrap tool that was a use once and forget kind of thing. I was quite surprised when sbin/pkg was added, but since people tell me I already comment on too much, I decided to wait and see what others thought. If I understand correctly, the main concern of the pkg-name fraction is to not confuse newbies. All you write is pkg install foo and pkg will bootstrap itself if not installed. You don't have to call pkg-bootstrap first (how would you know about it anyways? read pkg(8)?) - How about his: stick with /usr/sbin/pkg-boostrap - cat /usr/sbin/pkg EOF #!/bin/sh echo To use pkg you have to bootstrap the pkgng installation first, please call /usr/sbin/pkg-bootstrap EOF - pkg-debootstrap replaces/removes /usr/sbin/pkg messenger (above) after successful installation Again, creative thinking, so you get points for that. :) The problem is that we don't really support the idea of things in the base magically deleting themselves. As I have said in previous messages, the bootstrapping problem is being overblown by several orders of magnitude. For newly installed systems where pkg is the default, /usr/local/bin/pkg will be installed. So there is no bootstrapping problem. For already-installed systems who wish to switch to pkg, they can install from /usr/ports, or use the pkg bootstrap tool in the base. Given that they will be intentionally making this change, and there will be instructions written up on how to do this which include the bootstrapping step, once again this is a non-issue. The whole idea of having every call to /usr/local/sbin/pkg pass through /usr/sbin/pkg in order to help a tiny minority of users with a one-time bootstrapping issue is just plain ludicrous. Doug -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap
On Sun, 26 Aug 2012, Ian Lepore wrote: On Sun, 2012-08-26 at 20:58 +0200, Baptiste Daroussin wrote: On Sun, Aug 26, 2012 at 11:39:07AM -0700, Doug Barton wrote: On 08/26/2012 05:58, Baptiste Daroussin wrote: This isn't the security issue I was talking about by having sbin/pkg pass every command line to local/sbin/pkg. You keep saying that you have no objections to changing the name. I am asking you to do that. I don't care if it is pkg-bootstrap or something else you like better. But please change the name to not be pkg, and limit the functionality of the tool to bootstrapping the pkg package. I received more feedback about keep pkg and changing it to pkg-bootstrap, so what should I do, changing it because you are asking for it? Would this get better if the bootstrap tool were named pkg and were installed on a fresh system at /usr/local/sbin, so that it in effect replaces itself with the real thing, and has no need to leave a forwarding stub in /usr/sbin ? Maybe it could rename itself to /usr/local/sbin/pkg-bootstrap as part of replacing itself, so that you could re-bootstrap your way out of a problem later. Ew. But on a similar note, an idea I just had in IRC is to have pkgng overwrite the base /usr/bin/pkg with a link to /usr/local/bin/pkg. That effectively removes that binary. We do have precedent for ports overwriting base with sendmail and openssl. Hmmm, might have to be careful that future updates don't replace the real thing with a newer bootstrap program. Yes. A link could be detected by installworld and not overwritten... although that's a hack. ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap
On 08/26/2012 13:35, Warren Block wrote: On Sun, 26 Aug 2012, Ian Lepore wrote: On Sun, 2012-08-26 at 20:58 +0200, Baptiste Daroussin wrote: On Sun, Aug 26, 2012 at 11:39:07AM -0700, Doug Barton wrote: On 08/26/2012 05:58, Baptiste Daroussin wrote: This isn't the security issue I was talking about by having sbin/pkg pass every command line to local/sbin/pkg. You keep saying that you have no objections to changing the name. I am asking you to do that. I don't care if it is pkg-bootstrap or something else you like better. But please change the name to not be pkg, and limit the functionality of the tool to bootstrapping the pkg package. I received more feedback about keep pkg and changing it to pkg-bootstrap, so what should I do, changing it because you are asking for it? Would this get better if the bootstrap tool were named pkg and were installed on a fresh system at /usr/local/sbin, so that it in effect replaces itself with the real thing, and has no need to leave a forwarding stub in /usr/sbin ? Maybe it could rename itself to /usr/local/sbin/pkg-bootstrap as part of replacing itself, so that you could re-bootstrap your way out of a problem later. Ew. But on a similar note, an idea I just had in IRC is to have pkgng overwrite the base /usr/bin/pkg with a link to /usr/local/bin/pkg. That effectively removes that binary. We do have precedent for ports overwriting base with sendmail and openssl. ... and bind, but that's a whole different category of problems. Hmmm, might have to be careful that future updates don't replace the real thing with a newer bootstrap program. Yes. A link could be detected by installworld and not overwritten... although that's a hack. Like you said above, Ew. :) There really is no need to be so clever here. The bootstrapping issue is going to be a minor annoyance that affects a small percentage of our users. Doug -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap
On 2012-Aug-26 12:27:41 -0700, Doug Barton do...@freebsd.org wrote:
On 08/26/2012 12:08, Ian Lepore wrote:
Maybe it could rename itself to /usr/local/sbin/pkg-bootstrap as part of
replacing itself, so that you could re-bootstrap your way out of a
problem later.
That's certainly creative thinking, but I'm still queasy about 2
commands with the same name that do 2 different things. And having it
rename itself adds to the confusion down the road.
I also like the idea of a pkg-bootstrap command. Possibly a symlink
from pkg to pkg-bootstrap, that gets removed as part of the bootstrap
process, would help - but it should just tell you how to run
pkg-bootstrap. I don't like the idea of pkg{-bootstrap} autonomously
installing something I didn't ask for. And I don't like the idea that
all pkg commands get bounced through a /usr/sbin/pkg once it has been
bootstrapped.
Having a simple pkg bootstrapping tool in the base is a good idea. But
the functionality needs to be extremely limited so that we don't
increase the security exposure; and so that we don't end up in a
situation where a bug fix for something in the base limits our ability
to innovate with pkg in the ports tree.
Agreed. BTW, one thing that needs to be considered is how to recover
from the embedded public key needing to be invalidated (eg due to the
private key being exposed).
--
Peter Jeremy
pgp6uilrjhsXu.pgp
Description: PGP signature
Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap
On Sun, 26 Aug 2012, Doug Barton wrote:
...
There really is no need to be so clever here. The bootstrapping issue is
going to be a minor annoyance that affects a small percentage of our users.
I think Doug's correct in this case about it being a one-time
problem as installing via bsdinstall, etc should take care of this (I
disagree with the small percentage of our users part though). There's
still a chicken and egg problem with installing packaging via bsdinstall,
etc though, as ports requires pkg* in order to function; I really hope
that some of the naysayers have considered this minor issue as this
would be a stop-gap to removing pkg(8) from base.
Rather than providing a solution for that problem because that's a
bigger architectural issue (and not my job to solve), I offer this patch I
quickly hacked up instead as my 2 cents for the discussion on how to make
users aware that pkg_install is dying/dead, as this is one case that
needs to be better handled.
Thanks,
-Garrett
PS It's really sad that no one really has been updating UPDATING in either
ports or src, as I think this would help alleviate the need for
unnecessary obfuscation.
Index: UPDATING
===
--- UPDATING(revision 239716)
+++ UPDATING(working copy)
@@ -24,6 +24,10 @@
disable the most expensive debugging functionality run
ln -s 'abort:false,junk:false' /etc/malloc.conf.)
+2014:
+ pkg_install has been replaced with pkgng; please see webpage
+ XXX/install port YYY for more details.
+
20120727:
The sparc64 ZFS loader has been changed to no longer try to auto-
detect ZFS providers based on diskN aliases but now requires these
Index: usr.sbin/pkg_install/version/main.c
===
--- usr.sbin/pkg_install/version/main.c (revision 239290)
+++ usr.sbin/pkg_install/version/main.c (working copy)
@@ -123,6 +123,8 @@
argc -= optind;
argv += optind;
+PKG_PORTS_MSG();
+
return pkg_perform(argv);
}
Index: usr.sbin/pkg_install/add/main.c
===
--- usr.sbin/pkg_install/add/main.c (revision 239290)
+++ usr.sbin/pkg_install/add/main.c (working copy)
@@ -215,6 +215,8 @@
argc -= optind;
argv += optind;
+PKG_PORTS_MSG();
+
if (AddMode != SLAVE) {
pkgs = (char **)malloc((argc+1) * sizeof(char *));
for (ch = 0; ch = argc; pkgs[ch++] = NULL) ;
Index: usr.sbin/pkg_install/info/main.c
===
--- usr.sbin/pkg_install/info/main.c(revision 239290)
+++ usr.sbin/pkg_install/info/main.c(working copy)
@@ -238,6 +238,8 @@
argc -= optind;
argv += optind;
+PKG_PORTS_MSG();
+
if (Flags SHOW_PTREV) {
if (!Quiet)
printf(Package tools revision: );
Index: usr.sbin/pkg_install/delete/main.c
===
--- usr.sbin/pkg_install/delete/main.c (revision 239290)
+++ usr.sbin/pkg_install/delete/main.c (working copy)
@@ -128,6 +128,8 @@
argc -= optind;
argv += optind;
+PKG_PORTS_MSG();
+
/* Get all the remaining package names, if any */
while (*argv) {
/* Don't try to apply heuristics if arguments are regexs */
Index: usr.sbin/pkg_install/create/main.c
===
--- usr.sbin/pkg_install/create/main.c (revision 239290)
+++ usr.sbin/pkg_install/create/main.c (working copy)
@@ -229,6 +229,8 @@
argc -= optind;
argv += optind;
+PKG_PORTS_MSG();
+
/* Get all the remaining package names, if any */
while (*argv)
*pkgs++ = *argv++;
Index: usr.sbin/pkg_install/lib/lib.h
===
--- usr.sbin/pkg_install/lib/lib.h (revision 239290)
+++ usr.sbin/pkg_install/lib/lib.h (working copy)
@@ -31,6 +31,7 @@
#include sys/utsname.h
#include ctype.h
#include dirent.h
+#include err.h
#include stdarg.h
#include stdio.h
#include stdlib.h
@@ -239,4 +240,33 @@
extern int AutoAnswer;
extern int Verbose;
+#defineEOL_VERSION 1100
+
+#definePKG_INSTALL_DEPRECATION_MSG \
+ pkg_install has been deprecated in favor of pkgng; please see UPDATING for
more details
+
+#if __FreeBSD_version EOL_VERSION
+
+#define PKG_PORTS_MSG() \
+do { \
+ if (Quiet) { \
+ exit(1); \
+ } else { \
+ warnx(PKG_INSTALL_DEPECATION_MSG); \
+ } \
+} while (0)
+
+#else
+
+#define PKG_PORTS_MSG() \
+do { \
+ if (Quiet) { \
+ exit(1); \
+ } else { \
+ errx(1, PKG_INSTALL_DEPRECATION_MSG); \
+ } \
+} while (0)
+
+#endif /* __FreeBSD_version EOL_VERSION */
+
#endif /* _INST_LIB_LIB_H_ */
Index: usr.sbin/pkg_install/updating/main.c
How to understand what `swi5' kernel thread does?
Hello, Freebsd-current.
It is shown at top -SH output as `intr{swi5: +}' and I could not find
way to understand, what is it...
--
// Black Lion AKA Lev Serebryakov l...@freebsd.org
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
