pkg/34470: pkgsrc 'make replace' broken

[Hauke Fath <hf%spg.tu-darmstadt.de@localhost>]

>Number:         34470
>Category:       pkg
>Synopsis:       pkgsrc 'make replace' broken
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Sep 04 13:55:00 +0000 2006
>Originator:     Hauke Fath <hf%spg.tu-darmstadt.de@localhost>
>Release:        NetBSD 2.1_STABLE
>Organization:
-- 
/~\  The ASCII Ribbon Campaign                      Hauke Fath
\ /    No HTML/RTF in email               Institut für Nachrichtentechnik
 X     No Word docs in email                        TU Darmstadt
/ \  Respect for open standards                Ruf +49-6151-16-3281
>Environment:
        
        
System: NetBSD bounce 2.1_STABLE NetBSD 2.1_STABLE (BOUNCE) #0: Fri Jun 16 
15:32:44 CEST 2006 
hf%Gstoder.nt.e-technik.tu-darmstadt.de@localhost:/var/obj/netbsd-builds/2_0/i386/sys/arch/i386/compile/BOUNCE
 i386
Architecture: i386
Machine: i386
>Description:

        For a few weeks now, a 'make replace' on a package builds,
        then removes and tars up the old package, but after that
        silently ends without installing the just-built package. A
        'make install' issued after the incomplete 'make replace' will
        install the package and (apparently) update the pkgsrc
        database. But when you are not aware of the failure, you may
        already have done serious damage to your system by that time.

        See also
        http://mail-index.netbsd.org/pkgsrc-users/2006/08/09/0003.html
        and follow-ups.
        
>How-To-Repeat:

E.g., update graphics/tiff because of the usual security issue:

% cd {pkgsrc}/graphics/tiff && make

[...]

=> Unwrapping files-to-be-installed.
[hf@bounce] /<3>graphics/tiff > make replace
=> Required installed package digest>=20010302: digest-20060302 found
===> Checking for vulnerabilities in tiff-3.8.2nb3
=> Checksum SHA1 OK for tiff-3.8.2.tar.gz
=> Checksum RMD160 OK for tiff-3.8.2.tar.gz
===> Replacing for tiff-3.8.2nb3
=> Becoming ``root'' to make su-replace (/usr/bin/su)
Password:
Erase is backspace.                                                             
                                                
Terminal type is xterm.                                                         
                                                
No match.
Creating binary package: tiff-3.8.2nb3
Creating package /usr/src/pkgsrc/graphics/tiff/work/tiff-3.8.2nb3.tgz
Registering depends: jpeg>=6b.
Registering conflicts:.
=> Preserving existing +REQUIRED_BY file.
===> Deinstalling for tiff-3.8.2nb3
Running /usr/bin/env  /usr/sbin/pkg_delete -K /var/db/pkg  tiff-3.8.2nb3
=> Required installed package digest>=20010302: digest-20060302 found
===> Checking for vulnerabilities in tiff-3.8.2nb3
=> Checksum SHA1 OK for tiff-3.8.2.tar.gz
=> Checksum RMD160 OK for tiff-3.8.2.tar.gz
=> Fixing @pkgdep entries in dependent packages.
=> Dropping ``root'' privileges.
[hf@bounce] /<3>graphics/tiff > pkg_info | grep tiff

        >>>>>> tiff is gone! <<<<<<<

[hf@bounce] /<3>graphics/tiff > make install
=> Required installed package digest>=20010302: digest-20060302 found
===> Checking for vulnerabilities in tiff-3.8.2nb3
=> Checksum SHA1 OK for tiff-3.8.2.tar.gz
=> Checksum RMD160 OK for tiff-3.8.2.tar.gz
===> Installing for tiff-3.8.2nb3
=> Becoming ``root'' to make su-install-all (/usr/bin/su)
Password:

[...]

=> Registering installation for tiff-3.8.2nb3
tiff-3.8.2nb3 requires installed package jpeg-6bnb3
=> Dropping ``root'' privileges.
[hf@bounce] /<3>graphics/tiff > pkg_info | grep tiff
tiff-3.8.2nb3       Library and tools for reading and writing TIFF data files
[hf@bounce] /<3>graphics/tiff > pkg_info | grep pkg_install
pkg_install-20060720 Package management and administration tools for pkgsrc
[hf@bounce] /<3>graphics/tiff > 

>Fix:
        None known. 
        Workaround seems to be a 'make install' after the 'make replace'.

>Unformatted: