PATCH: Makefile.inc1 r1.411 jams make installworld

I've sent this PR - unfortunately from the wrong address, so the posting
was held. I've cancelled it and am forwarding it so it appears earlier,
to avoid the problem from being reported again.

This has been assigned PR misc/64073 in the meanwhile,
see http://www.freebsd.org/cgi/query-pr.cgi?pr=64073

Matthias

attached mail follows:

>Submitter-Id:	current-users
>Originator:	Matthias Andree
>Organization:	
>Confidential:	no 
>Synopsis:	PATCH: Makefile.inc1 r1.411 jams make installworld 
>Severity:	critical 
>Priority:	low 
>Category:	misc 
>Class:		sw-bug 
>Release:	FreeBSD 5.2-CURRENT i386
>Environment:
System: FreeBSD sigma.emma.line.org 5.2-CURRENT FreeBSD 5.2-CURRENT #3: Wed Mar 10 22:29:45 CET 2004 root_at_sigma.emma.line.org:/usr/src/sys/i386/compile/SIGMA i386


	
>Description:
"make installworld" fails, complaining the required authpf group was missing:

-bash-2.05b# grep -w authpf /etc/group
authpf:*:63:
-bash-2.05b# make installworld
id: authpf: no such user
ERROR: Required authpf group is missing, see /usr/src/UPDATING.
*** Error code 1

Cause: The recent Makefile.inc1 change in rev. 1.411 of that file is
bogus, it is a copy of a bogus line further up in the file that was
shadowed by a mandatory user account with the same name as the group
that was supposed to be checked.

"id -g authpf" does not check if a *group* "authpf" exists but returns the
primary group ID of the *user* "authpf". Result as above.

Looking closer, the same problem applies to the "id -g smmsp" check that used
to be fine (albeit inefficient) but was repaired broken in revision 1.376 on
2003-07-06 by gshapiro after suggestion from peter.

I am suggesting the patch below that checks /etc/group with grep and then NIS
with ypmatch. This is a bit ugly but will serve for now.

A more complex but nsswitch-proof alternative would be to create a dummy
file, for instance:
echo "delete me" >${DECENTPATH}/dummy$$
chgrp smmsp ${DECENTPATH}/dummy$$

DECENTPATH should be somewhere writable below the installation location,
it won't hurt there, or in a temporary directory that is not prone to
symlink attacks (i. e. that is not world writable).

	
>How-To-Repeat:
Update the FreeBSD -CURRENT base system as usual.
	
>Fix:

	
Patch /usr/src/Makefile.inc1 as follows:

--- Makefile.inc1~	Wed Mar 10 22:10:11 2004
+++ Makefile.inc1	Thu Mar 11 00:35:58 2004
_at__at_ -409,25 +409,28 _at__at_
 #
 installcheck: ${SPECIAL_INSTALLCHECKS}
 .if !defined(NO_SENDMAIL)
-	_at_if ! `id -u smmsp > /dev/null`; then \
+	_at_if ! id -u smmsp > /dev/null; then \
 		echo "ERROR: Required smmsp user is missing, see /usr/src/UPDATING."; \
 		false; \
 	fi
-	_at_if ! `id -g smmsp > /dev/null`; then \
+	_at_if ! grep '^smmsp:' /etc/group > /dev/null \
+	 && ! ypmatch smmsp group >/dev/null ; then \
 		echo "ERROR: Required smmsp group is missing, see /usr/src/UPDATING."; \
 		false; \
 	fi
 .endif
 .if !defined(NO_PF)
-	_at_if ! `id -u proxy > /dev/null`; then \
+	_at_if ! id -u proxy > /dev/null; then \
 		echo "ERROR: Required proxy user is missing, see /usr/src/UPDATING."; \
 		false; \
 	fi
-	_at_if ! `id -g proxy > /dev/null`; then \
+	_at_if ! grep '^proxy:' /etc/group > /dev/null \
+	 && ! ypmatch proxy group >/dev/null ; then \
 		echo "ERROR: Required proxy group is missing, see /usr/src/UPDATING."; \
 		false; \
 	fi
-	_at_if ! `id -g authpf > /dev/null`; then \
+	_at_if ! grep '^authpf:' /etc/group > /dev/null \
+	 && ! ypmatch authpf group >/dev/null ; then \
 		echo "ERROR: Required authpf group is missing, see /usr/src/UPDATING."; \
 		false; \
 	fi