#64892 closed defect (fixed)
privoxy: port activation fails due to existence of '${prefix}/etc/privoxy/CA/trustedCAs.pem'
| Reported by: | mascguy (Christopher Nielsen) | Owned by: | essandess (Steve Smith) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 2.7.2 |
| Keywords: | Cc: | cooljeanius (Eric Gallager) | |
| Port: | privoxy |
Description
With the latest update - including the new default variant user_pki_bundle - the following failure occurs during activation. It occurs regardless, even when no previous version is installed.
---> Activating privoxy @3.0.33_2+https_inspection+user_pki_bundle Error: Failed to activate privoxy: Image error: /opt/local/etc/privoxy/CA/trustedCAs.pem already exists and does not belong to a registered port. Unable to activate port privoxy. Use 'port -f activate privoxy' to force the activation.
Forcing the activation does succeed, albeit with the following warning:
---> Activating privoxy @3.0.33_2+https_inspection+user_pki_bundle Warning: File /opt/local/etc/privoxy/CA/trustedCAs.pem already exists. Moving to: /opt/local/etc/privoxy/CA/trustedCAs.pem.mp_1648320311.
This should be fixed, to eliminate the need to forcibly activate the port.
Change History (8)
comment:1 Changed 2 years ago by mascguy (Christopher Nielsen)
comment:2 follow-up: 7 Changed 2 years ago by essandess (Steve Smith)
Groan, sorry. I’ll post a fix. I think there are three related issues here:
- This specific bug.
- The
tclcode that makes @mascguy’s brain hurt (mine too, evidently): https://github.com/macports/macports-ports/pull/14354#discussion_r835502075 - The necessary
depends_liboncurl-ca-bundleandapple-pki-bundleneeded to updatetrustedCAs.pemwhenever these ports are updated, but also unnecessarily rebuilds and installs theprivoxybinary.
For 2: Chris, are you able to point to a cleaner tcl implementation of essentially file output operators like >>, but in tcl, not bash?
For 3: I think the cleanest approach is to add a subport that installs trustedCAs.pem, and move the depends_lib‘s to that subport.
Comments/feedback on any of this?
comment:3 Changed 2 years ago by essandess (Steve Smith)
Please see: https://github.com/macports/macports-ports/pull/14386
Note: I don't believe that the new port privoxy-pki-bundle should be built by a buildbot and provided by MacPorts so that the CAs are guaranteed to be as recent as the latest ones provided by the dependent ports. How should this be reflected in the Portfile?
comment:4 follow-up: 6 Changed 2 years ago by essandess (Steve Smith)
Also note: installing this updated port will also require a port -f activate privoxy for anyone who has a previously-installed CA file /opt/local/etc/privoxy/CA/trustedCAs.pem. I don't know any way to avoid this.
comment:5 Changed 2 years ago by essandess (Steve Smith)
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:6 Changed 2 years ago by jmroot (Joshua Root)
Replying to essandess:
Also note: installing this updated port will also require a
port -f activate privoxyfor anyone who has a previously-installed CA file/opt/local/etc/privoxy/CA/trustedCAs.pem. I don't know any way to avoid this.
You could move it aside in pre-activate if that's always the right thing to do, or if not, detect the situation and print a more informative error message.
comment:7 Changed 2 years ago by cooljeanius (Eric Gallager)
Replying to essandess:
- The necessary
depends_liboncurl-ca-bundleandapple-pki-bundleneeded to updatetrustedCAs.pemwhenever these ports are updated, but also unnecessarily rebuilds and installs theprivoxybinary.
Reminder that people could be using certsync instead of curl-ca-bundle, so a path-style dependency should be used so either can satisfy it
comment:8 Changed 2 years ago by cooljeanius (Eric Gallager)
| Cc: | cooljeanius added |
|---|
Of note, this is also occurring for buildbot builds. So it's definitely an issue.
https://ports.macports.org/port/privoxy/builds/