DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 6th September 2015
comet--berkeley comet--berkeley is offline
Real Name: Richard
Package Pilot
 
Join Date: Apr 2009
Location: California
Posts: 151
Default New Regina Rexx port

For those of you interested in the Rexx programming language,
I've been working on a Regina Rexx port for a while.

Regina Rexx is maintained by Mark Hessling author of THE, the Hessling Editor, a clone of IBM's VM/CMS editor.

http://regina-rexx.sourceforge.net/index.html

Attached is a port for version 3.9.1 that runs on both OpenBSD 5.7 and on Bitrig 1.0

Untar it into the /usr/ports/lang directory.

2015-09-08 21:57 UTC: Changed attachment to latest version p2
2015-09-09 16:15 UTC: Changed attachment to version p3
2015-09-11 00:06 UTC Changed attachment to version p4
2016-09-20 19:39 UTC Added attachment for version p5 - works on i386
Attached Files
File Type: tgz regina-rexx-3.9.1-p4.tgz (3.1 KB, 40 views)
File Type: gz regina-rexx-3.9.1p5.tar.gz (3.2 KB, 32 views)
__________________
When you see a good move, look for a better one.
--Lasker

Last edited by comet--berkeley; 20th September 2016 at 07:38 PM. Reason: new version p5 - works on 32-bit i386
Reply With Quote
  #2   (View Single Post)  
Old 7th September 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,972
Default

Cool! I haven't used Rexx since the mid to late-80's, and honestly, can recall nothing about it other than I liked it at the time.

I've partially tested the port on a -current amd64 system. My comments:
  • For new ports, use an RCS tag line that contains only
    Code:
    # $OpenBSD$
  • Since the documentation distfiles are not versioned, use a DIST_SUBDIR per Section 2.2.5 of the Porter's Handbook.
  • It fails regression testing (make test), as the underlying object makefiles are missing the check target. I have not investigated the root cause.
  • It fails security testing during fake installation (make USE_SYSTRACE=Yes fake), as you can see from the excerpt from the log below. I have not tried to investigate the root cause, but I assume some patching will be needed to prevent the install step from scribbling where it isn't supposed to.
  • It's a new port, so it does not need REVISION defined.
Here's the output of $ grep systrace regina-rexx-3.9.1p1.log
Code:
systrace: deny user: josh, prog: /bin/mkdir, pid: 32168(0)[32356], policy: /usr/bin/env, filters: 249, syscall: native-fswrite(136), filename: /usr
systrace: deny user: josh, prog: /bin/mkdir, pid: 32168(0)[32356], policy: /usr/bin/env, filters: 249, syscall: native-fswrite(136), filename: /usr/ports
systrace: deny user: josh, prog: /bin/mkdir, pid: 32168(0)[32356], policy: /usr/bin/env, filters: 249, syscall: native-fswrite(136), filename: /usr/ports/pobj
systrace: deny user: josh, prog: /usr/bin/install, pid: 28217(0)[3751], policy: /usr/bin/make, filters: 249, syscall: native-fswrite(136), filename: /usr
systrace: deny user: josh, prog: /usr/bin/install, pid: 28217(0)[3751], policy: /usr/bin/make, filters: 249, syscall: native-fswrite(136), filename: /usr/ports
systrace: deny user: josh, prog: /usr/bin/install, pid: 28217(0)[3751], policy: /usr/bin/make, filters: 249, syscall: native-fswrite(136), filename: /usr/ports/pobj
systrace: deny user: josh, prog: /usr/bin/install, pid: 19070(0)[3751], policy: /usr/bin/make, filters: 249, syscall: native-fswrite(136), filename: /usr
systrace: deny user: josh, prog: /usr/bin/install, pid: 19070(0)[3751], policy: /usr/bin/make, filters: 249, syscall: native-fswrite(136), filename: /usr/ports
systrace: deny user: josh, prog: /usr/bin/install, pid: 19070(0)[3751], policy: /usr/bin/make, filters: 249, syscall: native-fswrite(136), filename: /usr/ports/pobj

Last edited by jggimi; 7th September 2015 at 02:48 PM. Reason: typo
Reply With Quote
  #3   (View Single Post)  
Old 8th September 2015
comet--berkeley comet--berkeley is offline
Real Name: Richard
Package Pilot
 
Join Date: Apr 2009
Location: California
Posts: 151
Default

Quote:
Originally Posted by jggimi View Post
Cool! I haven't used Rexx since the mid to late-80's, and honestly, can recall nothing about it other than I liked it at the time.

I've partially tested the port on a -current amd64 system. My comments:
  1. For new ports, use an RCS tag line that contains only
    Code:
    # $OpenBSD$
  2. Since the documentation distfiles are not versioned, use a DIST_SUBDIR per Section 2.2.5 of the Porter's Handbook.
  3. It fails regression testing (make test), as the underlying object makefiles are missing the check target. I have not investigated the root cause.
  4. It fails security testing during fake installation (make USE_SYSTRACE=Yes fake), as you can see from the excerpt from the log below. I have not tried to investigate the root cause, but I assume some patching will be needed to prevent the install step from scribbling where it isn't supposed to.
  5. It's a new port, so it does not need REVISION defined.
Here's the output of $ grep systrace regina-rexx-3.9.1p1.log
Code:
systrace: deny user: josh, prog: /bin/mkdir, pid: 32168(0)[32356], policy: /usr/bin/env, filters: 249, syscall: native-fswrite(136), filename: /usr
systrace: deny user: josh, prog: /bin/mkdir, pid: 32168(0)[32356], policy: /usr/bin/env, filters: 249, syscall: native-fswrite(136), filename: /usr/ports
systrace: deny user: josh, prog: /bin/mkdir, pid: 32168(0)[32356], policy: /usr/bin/env, filters: 249, syscall: native-fswrite(136), filename: /usr/ports/pobj
Thanks for checking it out. I've numbered your points so I can refer to them.

For item 1), ok I will change it.
For 2) The documentation is actually versioned and separate from the regular source code. When the source code was at version 3.9.0 the documentation was at 3.8.2
For 3) I don't think there is a test or check target in the Makefile. After doing an install I usually test with something like a simple "hello world" script::

hello.rex:
Code:
#! /usr/local/bin/rexx
/* */
  Say "Kilroy was here!"
  Exit
I will mention this to the upstream developers though as it is a good idea to have a test target.

For 4) /usr/ports/pobj is the working directory for the build. If /usr/ports is owned by root then pobj probably is too. For testing from an ordinary userid try redfining WRKOBJDIR something like this:
Code:
$WRKOBJDIR=/tmp make fake
For 5) I use the revision codes to help me keep track of my own changes.

Thanks again Jggimi
__________________
When you see a good move, look for a better one.
--Lasker
Reply With Quote
  #4   (View Single Post)  
Old 8th September 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,972
Default

You're welcome.

The documentation is stored in /usr/ports/distfiles as "regina.pdf" and "regutil.pdf" -- these are not versioned filenames as stored -- so any changes to these documents that don't change their names will cause distfile conflicts.

This is why I recommended using a versioned $DIST_SUBDIR. (OK, I just echoed the Porter's Handbook, which recommends this.)
Reply With Quote
  #5   (View Single Post)  
Old 8th September 2015
comet--berkeley comet--berkeley is offline
Real Name: Richard
Package Pilot
 
Join Date: Apr 2009
Location: California
Posts: 151
Default

Quote:
Originally Posted by jggimi View Post
The documentation is stored in /usr/ports/distfiles as "regina.pdf" and "regutil.pdf" -- these are not versioned filenames as stored -- so any changes to these documents that don't change their names will cause distfile conflicts.

This is why I recommended using a versioned $DIST_SUBDIR. (OK, I just echoed the Porter's Handbook, which recommends this.)
Thanks, I finally got what you were talking about by reading the FreeBSD documentation:

http://docs.freebsd.org/doc/4.6-RELE...ook/x1957.html

And by looking at the /usr/ports/distfiles directory.

I updated the attachment in my original posting to a newer version "p2".
__________________
When you see a good move, look for a better one.
--Lasker
Reply With Quote
  #6   (View Single Post)  
Old 9th September 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,972
Default

Thanks. I'll have to test again when I have some time.

Regarding "4," .. the installation scripts should never write outside the fake directory structure, and that is what my previous test disclosed.

http://www.openbsd.org/faq/ports/differences.html#Fake

Last edited by jggimi; 9th September 2015 at 03:17 PM. Reason: typo
Reply With Quote
  #7   (View Single Post)  
Old 9th September 2015
comet--berkeley comet--berkeley is offline
Real Name: Richard
Package Pilot
 
Join Date: Apr 2009
Location: California
Posts: 151
Default

Quote:
Originally Posted by jggimi View Post
...
This is why I recommended using a versioned $DIST_SUBDIR...
I thought about the word "versioned" and changed my DIST_SUBDIR to include the version.

There is now a new "p3" version of the port attached to my original posting.
__________________
When you see a good move, look for a better one.
--Lasker

Last edited by comet--berkeley; 9th September 2015 at 04:20 PM. Reason: missing bracket...
Reply With Quote
  #8   (View Single Post)  
Old 9th September 2015
comet--berkeley comet--berkeley is offline
Real Name: Richard
Package Pilot
 
Join Date: Apr 2009
Location: California
Posts: 151
Default

Quote:
Originally Posted by jggimi View Post
Thanks. I'll have to test again when I have some time.

Regarding "4," .. the installation scripts should never write outside the fake directory structure...
http://www.openbsd.org/faq/ports/differences.html#Fake
The "build" directory for regina-rexx is /usr/port/pobj/regina-rexx-3.9.1/Regina-REXX-3.9.1
The "fake" directory for regina-rexx is /usr/ports/pobj/regina-rexx-3.9.1/fake-amd64

/usr/ports/pobj is part of the fake directory structure. Any userid doing a "make fake" must either have write access to this directory or use another directory...

I appreciate your testing jggimi. Thanks!
__________________
When you see a good move, look for a better one.
--Lasker
Reply With Quote
  #9   (View Single Post)  
Old 9th September 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,972
Default

The USE_SYSTRACE test found policy violations, which usually means an installation script needs to be patched. It doesn't always mean there is a security problem, per se, but it does means that the installation script assumes the build machine is the install machine and installs things outside of a narrow set of directories. This may be due to hard-coded locations, or subordinate tools that write into hard coded locations.

I've been helping shep recently with a port that has this issue because it executes gtk-update-icon-cache during its installation step, which on OpenBSD is the fake step. We patched the install script to prevent it at that time, and used the x11/gnome MODULE with a modified PLIST to do it during pkg_add instead, which is when it is actually wanted. (We didn't invent the technique. We poked around the ports tree and adapted it from other ports.)

As I didn't investigate this issue when I tested your port earlier, only noted it happened, I'll do so when I test it again. I'll see if I can determine the root cause and work up a fix.

There are three goals beyond security for the fake step: 1) don't install anything by accident on on a build machine which may never actually install the package, 2) ensure the package contains everything needed by the application, and 3) ensure that pkg_delete removes the application completely, leaving nothing behind but any locally modified configuration files.

Last edited by jggimi; 9th September 2015 at 06:47 PM. Reason: typos - and a last paragraph on the fake stap
Reply With Quote
Old 10th September 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,972
Default

I added Xtrace to the install-sh script, and can see that the policy problems first occur when the script tries to manage addons.

(Unrelated, I also noticed while you have a patch to add bitrig support, you have a post-extract edit which could be a patch also.)
Reply With Quote
Old 10th September 2015
comet--berkeley comet--berkeley is offline
Real Name: Richard
Package Pilot
 
Join Date: Apr 2009
Location: California
Posts: 151
Default

Quote:
Originally Posted by jggimi View Post
I added Xtrace to the install-sh script, and can see that the policy problems first occur when the script tries to manage addons.

(Unrelated, I also noticed while you have a patch to add bitrig support, you have a post-extract edit which could be a patch also.)
Thanks, I will take a closer look at the install code for the addon libraries, libregutil, libtest1 and libtest2.
__________________
When you see a good move, look for a better one.
--Lasker
Reply With Quote
Old 11th September 2015
comet--berkeley comet--berkeley is offline
Real Name: Richard
Package Pilot
 
Join Date: Apr 2009
Location: California
Posts: 151
Default

There is a new version "p4" of the port and the systrace messages should be gone now.

I added a patch to the makefile.in and code to the post-install: to run the install-sh script to create directories.
__________________
When you see a good move, look for a better one.
--Lasker
Reply With Quote
Old 11th September 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,972
Default

Thanks! Very cool! Installs and runs on amd64 -current. I ran a simple test program; but because its been decades since I've written -- or even seen -- any Rexx programs, I had to copy/paste one from the web.

If you post this to ports@ for consideration, I'm sure someone will recommend converting your post-extract target to a patch, since its just an edit.
Reply With Quote
Old 5th November 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,972
Default

There was a discussion today on misc@ regarding $USE_SYSTRACE. As make fake can (and should) now be run as a normal user, $USE_SYSTRACE is no longer recommended -- the FAQ will be revised.

http://marc.info/?t=144663454100005&r=1&w=2
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Creating port backrow OpenBSD Packages and Ports 9 9th September 2009 11:55 AM
SSH on port 443 maxrussell General software and network 4 6th April 2009 05:16 AM
port forwarding ikevmowe OpenBSD Security 13 21st November 2008 06:03 PM
VNC port forwarding help revzalot OpenBSD Security 3 10th September 2008 06:59 AM
vlc port failing maxrussell FreeBSD Ports and Packages 11 27th May 2008 04:38 PM


All times are GMT. The time now is 06:19 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick