pkg/51032: www/php-owncloud's code signing broken

[Hauke Fath <hf%spg.tu-darmstadt.de@localhost>]

>Number:         51032
>Category:       pkg
>Synopsis:       www/php-owncloud's code signing broken
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 31 09:55:00 +0000 2016
>Originator:     Hauke Fath
>Release:        NetBSD 7.0_STABLE
>Organization:
Technische Universitaet Darmstadt
>Environment:
	
	
System: NetBSD Stoderzinken 7.0_STABLE NetBSD 7.0_STABLE (P4SRV) #0: Wed Mar 23 12:03:24 CET 2016 hf@Hochstuhl:/var/obj/netbsd-builds/7/i386/sys/arch/i386/compile/P4SRV i386
Architecture: i386
Machine: i386
>Description:

	With v9, owncloud introduced code signing
	<https://doc.owncloud.org/server/9.0/admin_manual/issues/code_signing.html>.

	Unfortunately, the feature appears to collide with the pkgsrc
	installation process, and the owncloud server's automatic
	upgrade process will greet the admin with reams of "invalid
	hash" messages.

	
>How-To-Repeat:

	Install or upgrade to php-owncloud v9. Log on to the web interface admin accound, be greeted with a ream of dire warnings.

	
>Fix:

	I am not sure owncloud's code signing even makes much sense,
	given the installation is not managed by its own means, but by
	pkgsrc, which has its own hashes for the files installed.

	Maybe owncloud's code signing only works with upstream's
	packaging? Or maybe there is a way of regenerating the hashes
	during the pkgsrc build?

	

>Unformatted: