Differential D12428

chef via @dir directive
ClosedPublic
Actions

Authored by ngie on Sep 20 2017, 10:25 PM.

Details

Reviewers

matthew

Summary

Create and manage /var/chef via the @dir directive

This allows me to install rubygem-chef and run chef-solo out of the box
as shown in the Test Plan section.

PR: 222481

Test Plan

$ ls -ld /var/chef
ls: /var/chef: No such file or directory
$ pkg add /usr/obj/usr/ports/sysutils/rubygem-chef/work/pkg/rubygem-chef-13.2.20_1.txz
Installing rubygem-chef-13.2.20_1...
Extracting rubygem-chef-13.2.20_1: 100%
$ ls -ld /var/chef
drwxr-xr-x  2 root  wheel  512 Sep 20 15:24 /var/chef
$ pkg delete -y rubygem-chef
Updating database digests format: 100%            
Checking integrity... done (0 conflicting)        
Deinstallation has been requested for the following 1 packages (of 0 packages in the universe):      

Installed packages to be REMOVED:                 
        rubygem-chef-13.2.20_1                   

Number of packages to be removed: 1

The operation will free 33 MiB.
[1/1] Deinstalling rubygem-chef-13.2.20_1...
[1/1] Deleting files for rubygem-chef-13.2.20_1: 100%
$ ls -ld /var/chef
ls: /var/chef: No such file or directory
$

Diff Detail

Repository

rP FreeBSD ports repository

Lint

No Lint Coverage

Unit

No Test Coverage

Build Status

Buildable 12161
Build 12462: arc lint + arc unit

Event Timeline

ngie created this revision.Sep 20 2017, 10:25 PM

Herald added a subscriber: mat. · View Herald TranscriptSep 20 2017, 10:25 PM

ngie edited the summary of this revision. (Show Details)Sep 20 2017, 10:25 PM

matthew added a subscriber: matthew.Sep 24 2017, 6:28 AM

Manage the ownership and mode for /var/chef in the plist instead of assuming
that what was done in post-install "was enough".

ngie edited the summary of this revision. (Show Details)Sep 24 2017, 8:58 PM

ngie edited the test plan for this revision. (Show Details)

mat added inline comments.Sep 25 2017, 8:12 PM

sysutils/rubygem-chef/pkg-plist
41	root, wheel and 0755 are the default, you do not need to set them.

ngie marked an inline comment as done.Sep 26 2017, 9:01 PM

ngie added inline comments.

sysutils/rubygem-chef/pkg-plist
41	This seems to rely on undocumented behavior from getmode/setmode and the predefined umask for whoever is building the package (which might not be 0022?). I would much rather make this explicit as the implicitness could result in a security hole being introduced into a chef install. % umask 0022 Example (both with and without the explicit user/group/mode): # With explicit user/group/mode % umask 0000 % make -C /usr/ports/sysutils/rubygem-chef install ... % ls -ld /var/chef/ drwxr-xr-x 2 root wheel 512 Sep 26 13:55 /var/chef/ # Without explicit mode/user/group in pkg-plist % ls -ld /var/chef/ drwxrwxrwx 2 root wheel 512 Sep 26 13:59 /var/chef/ % Not setting an explicit mode is ripe for failure when dealing with determinism and opens the door to potential security holes..