I was scanning the error logs this morning, looking for anything unusual. I found it:


[Mon Oct 22 12:31:10 2007] [error] PHP Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 512 bytes) in display_commit.php on line 91


I have seen this before, but could not recall where. I also could not recall how I fixed it. I started tailing both the /var/log/messages file, which display cache hit and failures. I also tailed the website log. Both commands looked something like this:


tail -F /var/log/messages | grep "Cache: FAILED"
tail -F /usr/websites/log/freshports.org-error.log | grep "PHP Fatal error"


The first line looks for cache log events which failed to find something in the cache. If nothing was found in the cache, the system will create the entry, add it to the cache, and return the resulting HTML to the user. The cache in question is cached HTML so that each page is not created on the fly each time it is requested.

This information gave me an idea of what was failing, but the real test came when I looked to see if cache entries existed for those entries that initially had no cache entries. The HTML creation was failed, so any item with a cache entry might be the item that was failing. I found the failing item this way:


$ ls -l `grep " 12:37" /var/log/messages | grep FAILED | awk '{print $11}'`
ls: ports/audio/xmp/Makefile.PageSize100.PageNum1.html: No such file or directory
ls: ports/polish/gnugadu2/Makefile.PageSize100.PageNum1.html: No such file or directory
-rw-rw-r-- 1 www www 15150 Oct 22 12:37 ports/devel/linux-kmod-compat/Detail.PageSize100.PageNum1.html
-rw-rw-r-- 1 www www 11697 Oct 22 12:37 ports/devel/p5-ExtUtils-Constant/Detail.PageSize100.PageNum1.html
-rw-rw-r-- 1 www www 12248 Oct 22 12:37 ports/dns/dnsjava/Detail.PageSize100.PageNum1.html
-rw-rw-r-- 1 www www 12077 Oct 22 12:37 ports/dns/p5-Net-LibIDN/Detail.PageSize100.PageNum1.html
-rw-rw-r-- 1 www www 12359 Oct 22 12:37 ports/emulators/xpinmame/Detail.PageSize100.PageNum1.html
-rw-rw-r-- 1 www www 21150 Oct 22 12:37 ports/games/pvpgn/Detail.PageSize100.PageNum1.html
-rw-rw-r-- 1 www www 13881 Oct 22 12:37 ports/games/xminehunter/Detail.PageSize100.PageNum1.html
-rw-rw-r-- 1 www www 8255 Oct 22 12:37 ports/lang/gnat-doc-info/Detail.PageSize100.PageNum1.html
-rw-rw-r-- 1 www www 13282 Oct 22 12:37 ports/security/p5-Digest-JHash/Detail.PageSize100.PageNum1.html
-rw-rw-r-- 1 www www 6869 Oct 22 12:37 ports/security/pinentry-curses/Detail.PageSize100.PageNum1.html


Clearly, it is polish/gnugadu2/Makefile which is failing. I verified this by browsing to that web page. Sure enough, it generated the error message.

I decided to give PHP more memory by altering this line from /usr/local/etc/php.ini:

memory_limit = 40M

It was at 32M. I bumped it to 36M. Then to 40M, then to 42M. After each change, I would gracefully restart Apache:

# apachectl graceful
/usr/local/sbin/apachectl graceful: httpd gracefully restarted

But this isn’t an ideal situation. I should change the way the commits are processed for display. One day…

The previous post was based on a question from Martin Wilke, who was looking for a vuxml entry against phpMyAdmin. We eventually found it. It had the wrong dates but it was found. Martin corrected the problem with a followup commit.

This incident prompted me to make a couple of changes to FreshPorts with respect to vuxml entries. The links in the following list relate to the incident in question.

1. When you click on a vuxml icon, you will be taken to the FreshPorts page which lists details of that vuxml entry. Previously, you would be taken to the FreeBSD vuxml website. This change allows us to easily confirm that FreshPorts contains the correct information.
2. vuxml.php was altered to allow listing of vulnerabilities for a single port/package. This will allow us to confirm FreshPorts has correctly detected the affected names.
3. When a port has a present/past vulnerability, the vuxml icon at the top of the page will link to the above mentioned page. This allows you to go to the above page easily and quickly once you have identified the port in question.
4. The vuxml.php page now compares affected names by lower case. This groups all the phpMyAdmin entries into one spot. People tend to specify the port name in various ways: phpmyadmin, phpMyAdmin, etc. This changes ensures the above changes show all the vulns for a given affected name regardless of case.

These changes should make vuxml navigation easier when the next situation arises.

This isn’t about detecting vulnerabilities. It is about finding vulnerabilities that others have already reported.

Background reading:

• FreeBSD Porter’s Handbook: Keeping the community informed
• FreeBSD VuXML

Here are the various vuxml pages provided by FreshPorts:

1. The latest vulnerabilities are listed on the home page
2. A complete list of all vulnerabilities by date
3. A complete list of all vulnerabilities by package

From that page, you can review all the vuxml entries for a given package.

What I would like to do is add search for vuln id to the search page.

FreshPorts encountered its first corrupted cvs-all email today. It handled it correctly. It errored out, put the emails aside in the retry queue, and sent me a notice.

Af first, I thought the email had been corrupted on the way into my system. But after checking the above URL, I realised it was bad at the source. Then Rink Springer pointed out the followup forced commit. Apparently the first commit was a mistake which was corrected by the forced commit.

All is well. :)

Back in August, I wrote about patching the ports tree to cater for master/slave relationships. I am happy to report that this patch is no longer required. Instead of MASTERPORT, as provided by that patch, I can use MASTER_PORT, which is now part of the stock ports/Mk/bsd.port.mk.

\o/

No more patching.

Since FreshPorts started caching the HTML, the watch list count started to lag. At present, it is refreshed only when the port is updated. The BETA website has a patch for this. It should go into production soon.

To play with the patch, login at the BETA website, and add/remove a port to/from your watch list. Watch how the watch list count total changes immediately.

This will go to production soon.

New categories arise from time to time. The descriptions for all categories are held in www/en/ports/categories. There are two situations when FreshPorts needs to fetch this file from CVS:

1. When a new port is created.
2. When www/en/ports/categories is updated.

I have case #2 coded. Case #1 is not as easy to do. In case #2, I special case the filename and fetch it whenever I see a commit against it. A flag is raised to indicate that this file needs to be proceesed. If the file is not properly fetched, the commit is marked as REFRESH_NEEDED. The system monitors such commits and eventually the commit will be reprocessed and the categories updated based on a successful fetch of www/en/ports/categories.

Case #1 is more challenging. We are processing a commit. We encounter a new category, often as a secondary category within the CATEGORIES field of a Makefile. cvs-all emails are processed in two stages. First, we capture the basic information, creating any new ports as required. Later, in another transaction, we refresh that port. This ensures that the cvs-all commit is recorded, despite not having complete information. Before the port can be created, we need to create the category.

If we were to process the commit again, the category already exists, and thus we don’t go through the same code path.

Tricky.

On a related note: if you create a category which contains no ports, the CategoryStatsUpdate() function will fail with a “null value in column “last_update” violates not-null constraint” error. That’s easily fixed if you allow null for that column.

At present, master/slave relationships in FreshPorts are not stored optimally. Each port has a field, master_port, which contains the category/port of its master_port, otherwise, it is an empty string.

The ideal situation would be a table such as this:

create table master_slave
(
    master_port_id  integer               not null,
    slave_port_id   integer               not null,
    primary key (master_port_id, slave_port_id)
);

alter table master_slave
    add foreign key  (master_port_id)
       references ports (id) on update cascade on delete cascade;

alter table master_slave
    add foreign key  (slave_port_id)
       references ports (id) on update cascade on delete cascade;

This would allow me to easiliy create triggers to clear the cache for both master and slave ports. It is also the right structure to use. I think I’ve run out of time to do this today.

The tk category now has a member!

This category was added to www/en/ports/categories about six months ago.

It was this commit that did it.

The previously reported problem with virtual categories repeated in production. That is to be expected. The proposed solution exists only on my private dev server at home. Regretably, the solution has not been fixed there either. But I do have some logs to go through.

:)

MASTERPORT is a tool Mark Linimon and I have used for a while. It seems to have entered into common usage now.

freshports.org=# select master_port, category, name from ports_active
where master_port like '/%' order by category, name;
                  master_port                  |   category   |           name
-----------------------------------------------+--------------+---------------------------
 /usr/home/dan/ports/devel/ocaml-camlidl       | archivers    | ocaml-zip
 /usr/home/dan/ports/devel/ocaml-camlidl       | graphics     | ocaml-lablgl
 /usr/home/dan/ports/japanese/kinput2-freewnn/ | japanese     | kinput2-canna
 /usr/home/dan/ports/japanese/kinput2-freewnn/ | japanese     | kinput2-canna+freewnn
 /usr/home/dan/ports/japanese/kinput2-freewnn/ | japanese     | kinput2-canna+freewnn+sj3
 /usr/home/dan/ports/japanese/kinput2-freewnn/ | japanese     | kinput2-canna+sj3
 /usr/home/dan/ports/japanese/kinput2-freewnn/ | japanese     | kinput2-canna+sj3+wnn6
 /usr/home/dan/ports/japanese/kinput2-freewnn/ | japanese     | kinput2-canna+sj3+wnn7
 /usr/home/dan/ports/japanese/kinput2-freewnn/ | japanese     | kinput2-canna+wnn6
 /usr/home/dan/ports/japanese/kinput2-freewnn/ | japanese     | kinput2-canna+wnn7
 /usr/home/dan/ports/japanese/kinput2-freewnn/ | japanese     | kinput2-freewnn+sj3
 /usr/home/dan/ports/japanese/kinput2-freewnn/ | japanese     | kinput2-sj3
 /usr/home/dan/ports/japanese/kinput2-freewnn/ | japanese     | kinput2-sj3+wnn6
 /usr/home/dan/ports/japanese/kinput2-freewnn/ | japanese     | kinput2-sj3+wnn7
 /usr/home/dan/ports/japanese/kinput2-freewnn/ | japanese     | kinput2-wnn6
 /usr/home/dan/ports/japanese/kinput2-freewnn/ | japanese     | kinput2-wnn7
 /usr/home/dan/ports/math/spooles/             | math         | spooles-mpich
 /usr/home/dan/ports/science/mpqc/             | science      | mpqc-mpich
 /usr/home/dan/ports/devel/ocaml-camlidl       | security     | ocaml-cryptgps
 /usr/home/dan/ports/x11-toolkits/fltk/        | x11-toolkits | fltk-threads
 /usr/home/dan/ports/devel/ocaml-camlidl       | x11-toolkits | ocaml-lablgtk
(21 rows)

freshports.org=#

These ports appear to set MASTERPORT within themselves. This breaks some stuff in FreshPorts.