[Bug 226048] ports-mgmt/pkg: "pkg check --recompute" fails to exclude removed files

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Feb 19 17:01:14 UTC 2018 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226048

            Bug ID: 226048
           Summary: ports-mgmt/pkg: "pkg check --recompute" fails to
                    exclude removed files
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: pkg at FreeBSD.org
          Reporter: raf at rafal.net
             Flags: maintainer-feedback?(pkg at FreeBSD.org)
          Assignee: pkg at FreeBSD.org

Following installation of www/apache24 using pkg 1.10.3 on 11.1-RELEASE-p6, I
removed the unnecessary "default" web site that it creates in
/usr/local/www/apache24, as its presence extends the security perimeter
unnecessarily, and it fulfils no useful function, not to mention interfering
with the way we manage /usr/local/www.

This had the effect of throwing a lengthy, daily security run output from pkg
check. Example lines:

Checking for packages with mismatched checksums:
apache24-2.4.29: missing file /usr/local/www/apache24/cgi-bin/printenv
apache24-2.4.29: missing file /usr/local/www/apache24/cgi-bin/test-cgi
apache24-2.4.29: missing file
/usr/local/www/apache24/error/HTTP_BAD_GATEWAY.html.var
apache24-2.4.29: missing file
/usr/local/www/apache24/error/HTTP_BAD_REQUEST.html.var
...

Since the absence of those files is our intended, correct state, I run "pkg
check --recompute" with sufficient privileges. To my surprise, the daily
security output continues.

Perhaps pkg check --recompute does not properly take care of removed files, and
perhaps only focuses on the changed ones. A workaround of disabling pkg check
from validating the checksums is rather extreme. Ideally, it should be possible
to somehow "reset" its database to assume that a given change, even if it
includes removed files, is to be considered correct from that point onwards.

FYI, although removing /usr/local/www/apache24 has been our practice for well
over a year, this output from pkg check only started showing up recently, I
think since 11.1-p4 or so.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-pkg mailing list