On 28/01/2018 18:04, Larry Rosenman wrote: > On Mon, Jan 29, 2018 at 02:56:51AM +0900, Yasuhiro KIMURA wrote: >> From: Carmel NY <carmel...@outlook.com> >> Subject: Re: daily security run output and joomla3 >> Date: Sun, 28 Jan 2018 17:38:10 +0000 >> >>>> You can try "pkg check -r", see man pkg-check >>> >>> Unfortunately, that has no affect. >> >> Accoding to the messages of security periodic sript, the problrem is >> not checksum mismatch but lost of package files. And "pkg check -r" >> cannot recover it. So you should reinstall www/joomla3. >> > But as the OP notes, the joomla3 instructions *REQUIRE* > removal of the install directory for security reasons, so > I understand where he is coming from. > > As the maintainer, I'm not sure how to fix it. >
At a minimum, the install directory parts should be moved out of the
actual package. If we had sub-packages, this would be an ideal
application -- you could make a temporary sub-package of the
installation bits. Unfortunately we don't have sub-packages yet, so...
How about installing the installation sub-directory as part of the
examples: still part of the package, but outside the web-root so
inaccessible during normal operation? Create a sym-link as required to
hook the installation parts into the web-root as needed -- perhaps use a
POST-INSTALL script for this? Or write a small script and add it to the
package as an aid to adding or removing the sym-link easily.
Cheers,
Matthew
signature.asc
Description: OpenPGP digital signature
