From owner-soc-status@freebsd.org Tue May 28 22:51:16 2019 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2EFC015AEFC2; Tue, 28 May 2019 22:51:16 +0000 (UTC) (envelope-from theron.tarigo@gmail.com) Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0B5096EB2B; Tue, 28 May 2019 22:51:12 +0000 (UTC) (envelope-from theron.tarigo@gmail.com) Received: by mail-pl1-x634.google.com with SMTP id g9so148474plm.6; Tue, 28 May 2019 15:51:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:subject:cc:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=PewRgrcLsE1Pkei/lgF1JJ6vDiNsSrMmPO1yiU/aQjs=; b=iL0T2W8s1kjtUXURJb66Q7K/MGTKczXDzrRiRBwUrvsjmq8XoFV54gslV8yj/XmSet Ipv+W6h4Zy1zNZAMYYDAZfBG4Wma7+P89B9zx4D/728QzfKc7vtlFOrFAV65dBAUJ27m h30rEvicRBPOf0hPoSqYc6oXjkhSYN5/pQBxc3/8gP/3qZ0z6r0NFTc7Tgnt0VqKFB8w vEq1PHKqI9ZGYhjZpAxlY2ruBT0HeK/Jaf0CorlYUHfH5xT8DfQpOhLFG1ppN9mIdHDg Wi1SOpDUx8A2F6L/5U0qXZfbQzeRKpYK70S0Z0zvJtPj7xUimsLn3zOZTcm01zyMgO1p 27Vg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:subject:cc:message-id:date :user-agent:mime-version:content-transfer-encoding:content-language; bh=PewRgrcLsE1Pkei/lgF1JJ6vDiNsSrMmPO1yiU/aQjs=; b=owFFWQY2gb/1GcsrGVQp8regk79ML2SYMfjNMAwdvDUzONsmncvpkMmHvUiwW9L5ls Bi8N0WFu93xtel+R1Gc00Bnd9yapnmNJu+NDQkn8+E7LIO9/zcBOJa+14C7n36iDJFON qK6sF3p9Obbje5OGxzLlneiLJIFy8+dZjKqQzCGE382seIDT+gyFBlHgX/UK72lAt3gz fabfRtJ9MjjqHyBAd1NPrtXO+WnFp6y22Lht2B7untssYbFAA4OU4rCD72qb9bxz2g6P glykeTmzdoCM3a2YTj1mdbHkPxzKiyEuAWbHd5ebt3tlHi20anYfytYLzFQRJkotHCXr DPng== X-Gm-Message-State: APjAAAVMHCaqRvMAJi/r+Yjn3/jZ0Pg94JbhqF8Bqr95AJeZKJzatmGS 7V5w0q8NCgmY0Rdc6x4KAVAI2ulGGXM= X-Google-Smtp-Source: APXvYqwn8/j5XXByWa5wXFvKsJh4WMM/WIM4ldI04smmGtg/PygW9S3pqFqy0J+K6AVk2ZJZKcSfMg== X-Received: by 2002:a17:902:9a9:: with SMTP id 38mr95809372pln.10.1559083870762; Tue, 28 May 2019 15:51:10 -0700 (PDT) Received: from [192.168.1.25] (c-73-170-47-221.hsd1.ca.comcast.net. [73.170.47.221]) by smtp.gmail.com with ESMTPSA id t25sm29608488pfq.91.2019.05.28.15.51.09 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Tue, 28 May 2019 15:51:10 -0700 (PDT) Sender: Theron Tarigo From: Theron To: soc-status@freebsd.org Subject: GSoC: Separation of Ports Build Process from Local Installation Cc: freebsd-ports@freebsd.org, freebsd-hackers@freebsd.org, Bakul Shah Message-ID: <5cdb1c0b-a2dd-c754-daa3-187330ad9ad6@gmail.com> Date: Tue, 28 May 2019 18:51:08 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 0B5096EB2B X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=iL0T2W8s; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of therontarigo@gmail.com designates 2607:f8b0:4864:20::634 as permitted sender) smtp.mailfrom=therontarigo@gmail.com X-Spamd-Result: default: False [-6.89 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.97)[-0.975,0]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-2.90)[ip: (-8.88), ipnet: 2607:f8b0::/32(-3.30), asn: 15169(-2.29), country: US(-0.06)]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[4.3.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0] X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 May 2019 22:51:16 -0000 Hello All, For Google Summer of Code 2019 I am working on FreeBSD's ports tree makefiles towards eliminating the dependency of the ports building process on the local system's installed packages.  Currently this level of separation can only be accomplished in practice through chroot or Jail.  The project will eliminate the need for cooperation of the root user since /usr/local will not need to be touched. The major technical obstacle to be overcome is that ports expect to find files of their dependencies installed in /usr/local.  To support this without touching that location on the installed system, file accesses will be redirected to a location controlled by the ports build process through use of a library to intercept file accesses. Once I have that working (well enough to build one port at a time) I will move on to modify bsd.port.mk itself (and related files) to utilize this mechanism for virtual installation of port dependencies during builds. The full project proposal can be seen at https://docs.google.com/document/d/1B30U9csgY299W59tNraSX1LYjzsba2i04OrYAUpdIZs/edit . My goal is that this work can be integrated well enough into /usr/ports/Mk so that unlike Jail, no set up work should be required for using ports tree to build a set of installable packages. Please let me know if you are interested in this project; feedback is appreciated.  If someone would like to provide ongoing feedback or mentorship that would be especially helpful.  Bakul Shah is my mentor officially for GSoC but I would be happy to have additional support from someone who is experienced with internals of the port infrastructure makefiles. Theron Tarigo From owner-soc-status@freebsd.org Wed May 29 03:28:55 2019 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6807615B4D35; Wed, 29 May 2019 03:28:55 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CC62F7713D; Wed, 29 May 2019 03:28:54 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1]) by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id x4T3SgeG018874; Tue, 28 May 2019 20:28:42 -0700 (PDT) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: (from freebsd-rwg@localhost) by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id x4T3Sfep018873; Tue, 28 May 2019 20:28:41 -0700 (PDT) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <201905290328.x4T3Sfep018873@gndrsh.dnsmgr.net> Subject: Re: GSoC: Separation of Ports Build Process from Local Installation In-Reply-To: <5cdb1c0b-a2dd-c754-daa3-187330ad9ad6@gmail.com> To: Theron Date: Tue, 28 May 2019 20:28:41 -0700 (PDT) CC: soc-status@freebsd.org, Bakul Shah , freebsd-hackers@freebsd.org, freebsd-ports@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Rspamd-Queue-Id: CC62F7713D X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.99 / 15.00]; TAGGED_RCPT(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.99)[-0.988,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 May 2019 03:28:55 -0000 [ Charset UTF-8 unsupported, converting... ] > Hello All, > > For Google Summer of Code 2019 I am working on FreeBSD's ports tree > makefiles towards eliminating the dependency of the ports building > process on the local system's installed packages.? Currently this level > of separation can only be accomplished in practice through chroot or > Jail.? The project will eliminate the need for cooperation of the root > user since /usr/local will not need to be touched. > > The major technical obstacle to be overcome is that ports expect to find > files of their dependencies installed in /usr/local.? To support this > without touching that location on the installed system, file accesses > will be redirected to a location controlled by the ports build process > through use of a library to intercept file accesses. Assumption of /usr/local was considered wrong long long ago and it should always be ${PREFIX}. Any place that actually assumes this value to be /usr/local should be fixed. Had this policy been properly maintained it would simply be a mater of changing ${PREFIX} to a new and empty place before starting a ports build and things should of just worked. Restoration to this ancient and functional behavior is desirable at least on my part. > Once I have that working (well enough to build one port at a time) I > will move on to modify bsd.port.mk itself (and related files) to utilize > this mechanism for virtual installation of port dependencies during builds. > > The full project proposal can be seen at > https://docs.google.com/document/d/1B30U9csgY299W59tNraSX1LYjzsba2i04OrYAUpdIZs/edit > . > > My goal is that this work can be integrated well enough into > /usr/ports/Mk so that unlike Jail, no set up work should be required for > using ports tree to build a set of installable packages. > > Please let me know if you are interested in this project; feedback is > appreciated.? If someone would like to provide ongoing feedback or > mentorship that would be especially helpful.? Bakul Shah is my mentor > officially for GSoC but I would be happy to have additional support from > someone who is experienced with internals of the port infrastructure > makefiles. > > Theron Tarigo Regards, -- Rod Grimes rgrimes@freebsd.org From owner-soc-status@freebsd.org Wed May 29 09:57:06 2019 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4EB1D15BD70B for ; Wed, 29 May 2019 09:57:06 +0000 (UTC) (envelope-from roam@ringlet.net) Received: from nimbus.fccf.net (nimbus.fccf.net [185.117.82.79]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C037B8B4C0 for ; Wed, 29 May 2019 09:57:05 +0000 (UTC) (envelope-from roam@ringlet.net) Received: from straylight.m.ringlet.net (office.storpool.com [185.117.80.129]) by nimbus.fccf.net (Postfix) with ESMTPSA id 2FC6D3EB for ; Wed, 29 May 2019 12:56:55 +0300 (EEST) Received: from roam (uid 1000) (envelope-from roam@ringlet.net) id 6213d7 by straylight.m.ringlet.net (DragonFly Mail Agent v0.11); Wed, 29 May 2019 12:56:54 +0300 Date: Wed, 29 May 2019 12:56:53 +0300 From: Peter Pentchev To: "Rodney W. Grimes" Cc: Theron , Bakul Shah , freebsd-hackers@freebsd.org, soc-status@freebsd.org, freebsd-ports@freebsd.org Subject: Re: GSoC: Separation of Ports Build Process from Local Installation Message-ID: <20190529095653.GN18665@straylight.m.ringlet.net> Mail-Followup-To: "Rodney W. Grimes" , Theron , Bakul Shah , freebsd-hackers@freebsd.org, soc-status@freebsd.org, freebsd-ports@freebsd.org References: <5cdb1c0b-a2dd-c754-daa3-187330ad9ad6@gmail.com> <201905290328.x4T3Sfep018873@gndrsh.dnsmgr.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="citGix+cyBYE+lqp" Content-Disposition: inline In-Reply-To: <201905290328.x4T3Sfep018873@gndrsh.dnsmgr.net> User-Agent: Mutt/1.10.1 (2018-07-13) X-Rspamd-Queue-Id: C037B8B4C0 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.99)[-0.988,0] X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 May 2019 09:57:06 -0000 --citGix+cyBYE+lqp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, May 28, 2019 at 08:28:41PM -0700, Rodney W. Grimes wrote: > [ Charset UTF-8 unsupported, converting... ] > > Hello All, > >=20 > > For Google Summer of Code 2019 I am working on FreeBSD's ports tree=20 > > makefiles towards eliminating the dependency of the ports building=20 > > process on the local system's installed packages.? Currently this level= =20 > > of separation can only be accomplished in practice through chroot or=20 > > Jail.? The project will eliminate the need for cooperation of the root= =20 > > user since /usr/local will not need to be touched. > >=20 > > The major technical obstacle to be overcome is that ports expect to fin= d=20 > > files of their dependencies installed in /usr/local.? To support this= =20 > > without touching that location on the installed system, file accesses= =20 > > will be redirected to a location controlled by the ports build process= =20 > > through use of a library to intercept file accesses. >=20 > Assumption of /usr/local was considered wrong long long ago and it > should always be ${PREFIX}. Any place that actually assumes this > value to be /usr/local should be fixed. >=20 > Had this policy been properly maintained it would simply be a mater > of changing ${PREFIX} to a new and empty place before starting > a ports build and things should of just worked. >=20 > Restoration to this ancient and functional behavior is desirable > at least on my part. Hmm, I could be wrong, but isn't ${LOCALBASE} supposed to be where ports find stuff *during the build*, and ${PREFIX} where they install the built files? Of course, I haven't actually touched a FreeBSD ports build in years, so I might very likely be wrong. I also seem to remember a series of test port builds done a long time ago with a different value for LOCALBASE, specifically to catch ports that do not honor the policy in this regard. > > Once I have that working (well enough to build one port at a time) I=20 > > will move on to modify bsd.port.mk itself (and related files) to utiliz= e=20 > > this mechanism for virtual installation of port dependencies during bui= lds. > >=20 > > The full project proposal can be seen at=20 > > https://docs.google.com/document/d/1B30U9csgY299W59tNraSX1LYjzsba2i04Or= YAUpdIZs/edit=20 > > . > >=20 > > My goal is that this work can be integrated well enough into=20 > > /usr/ports/Mk so that unlike Jail, no set up work should be required fo= r=20 > > using ports tree to build a set of installable packages. > >=20 > > Please let me know if you are interested in this project; feedback is= =20 > > appreciated.? If someone would like to provide ongoing feedback or=20 > > mentorship that would be especially helpful.? Bakul Shah is my mentor= =20 > > officially for GSoC but I would be happy to have additional support fro= m=20 > > someone who is experienced with internals of the port infrastructure=20 > > makefiles. G'luck, Peter --=20 Peter Pentchev roam@{ringlet.net,debian.org,FreeBSD.org} pp@storpool.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 --citGix+cyBYE+lqp Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAlzuV2AACgkQZR7vsCUn 3xOGrA/5AZxeLDyWUBJaBzzZZqXkZ4bl4jOLlFqyTQIu9/ABsHQnhrTZxP13nijI gfO2YYHi56+Ubeh6uPay91EqgOf7AaSzWUFDzJvoonrYvCnjcZNIPjG88clKq2nW 3if3JS+XEArUoTisoHFeSpcjVvbmhFxArRAYBrTUfFIx7BvtbcSjsrXaEd3hpePJ 7Gx77gZrS0mOyIsXpRJOgfvtvw4rmtD/+dJnTx/zCXGNI5cyVW6e9BepFCYcu8Ko fuaBIsEVum+ihruO52R3SrcmlpW+ZctaMnijpyrTBUXkGheDNg3SnoVp9mugbtn+ dvFB+lmR4eEOce8BrEnLPpZkV2EpzP6EVrfZ2a3uNOSpXX+oOxcQ4+3culGTtwf9 ctiIWFK1iT+VYKbOr9Oe/7FihgDZW6LFBdVt6FZPCRpcnDyt4YGCYpKB+OYE8qDU COHlc7z6EvzwGJpozZweRHvu6bPnsLC0jU+ktISzj2a9GYsGJWGT99MJcEihuJdO F11VZCem9x9ZfdzqiVviitgpur4CGKgbIPLuT9NEVDxnIdkBxAnGdmxuRs36sAuK QYj9W80p6acaWGyktFhT4MRKTcYT33IZ0DJ0CY6+yiat4N3YkQ7SoSixFnRFA2u3 PBUwA+cNyngvgomx+oVJNhXNvC1ap2xtGC/q5tRN8HpYzZQEP84= =UFym -----END PGP SIGNATURE----- --citGix+cyBYE+lqp-- From owner-soc-status@freebsd.org Wed May 29 11:31:47 2019 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A6ED015BFCD7; Wed, 29 May 2019 11:31:47 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 36C9C8EA79; Wed, 29 May 2019 11:31:47 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1]) by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id x4TBVaLP020569; Wed, 29 May 2019 04:31:36 -0700 (PDT) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: (from freebsd-rwg@localhost) by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id x4TBVaVD020568; Wed, 29 May 2019 04:31:36 -0700 (PDT) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <201905291131.x4TBVaVD020568@gndrsh.dnsmgr.net> Subject: Re: GSoC: Separation of Ports Build Process from Local Installation In-Reply-To: <20190529095653.GN18665@straylight.m.ringlet.net> To: Peter Pentchev Date: Wed, 29 May 2019 04:31:36 -0700 (PDT) CC: "Rodney W. Grimes" , Theron , Bakul Shah , freebsd-hackers@freebsd.org, soc-status@freebsd.org, freebsd-ports@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Rspamd-Queue-Id: 36C9C8EA79 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.99 / 15.00]; TAGGED_RCPT(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.99)[-0.994,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 May 2019 11:31:47 -0000 -- Start of PGP signed section. > On Tue, May 28, 2019 at 08:28:41PM -0700, Rodney W. Grimes wrote: > > [ Charset UTF-8 unsupported, converting... ] > > > Hello All, > > > > > > For Google Summer of Code 2019 I am working on FreeBSD's ports tree > > > makefiles towards eliminating the dependency of the ports building > > > process on the local system's installed packages.? Currently this level > > > of separation can only be accomplished in practice through chroot or > > > Jail.? The project will eliminate the need for cooperation of the root > > > user since /usr/local will not need to be touched. > > > > > > The major technical obstacle to be overcome is that ports expect to find > > > files of their dependencies installed in /usr/local.? To support this > > > without touching that location on the installed system, file accesses > > > will be redirected to a location controlled by the ports build process > > > through use of a library to intercept file accesses. > > > > Assumption of /usr/local was considered wrong long long ago and it > > should always be ${PREFIX}. Any place that actually assumes this > > value to be /usr/local should be fixed. > > > > Had this policy been properly maintained it would simply be a mater > > of changing ${PREFIX} to a new and empty place before starting > > a ports build and things should of just worked. > > > > Restoration to this ancient and functional behavior is desirable > > at least on my part. > > Hmm, I could be wrong, but isn't ${LOCALBASE} supposed to be where > ports find stuff *during the build*, and ${PREFIX} where they > install the built files? Of course, I haven't actually touched > a FreeBSD ports build in years, so I might very likely be wrong. > I also seem to remember a series of test port builds done a long > time ago with a different value for LOCALBASE, specifically to catch > ports that do not honor the policy in this regard. ${LOCALBASE} came along after the time frame I am speaking of, but yes, that is the present place that ports can find stuff. I think the default is that LOCALBASE=PREFIX=/usr/local which is fine, but there are things that just assume these values to be /usr/local and that is broken. For a list, with a lot of false positives: find /usr/src -type f | xargs grep "/usr/local" I have no idea how to do the same for all of ports, but given prior and not to long ago history, we have ports that break if you are not installing in /usr/local/ > > > Once I have that working (well enough to build one port at a time) I > > > will move on to modify bsd.port.mk itself (and related files) to utilize > > > this mechanism for virtual installation of port dependencies during builds. > > > > > > The full project proposal can be seen at > > > https://docs.google.com/document/d/1B30U9csgY299W59tNraSX1LYjzsba2i04OrYAUpdIZs/edit > > > . > > > > > > My goal is that this work can be integrated well enough into > > > /usr/ports/Mk so that unlike Jail, no set up work should be required for > > > using ports tree to build a set of installable packages. > > > > > > Please let me know if you are interested in this project; feedback is > > > appreciated.? If someone would like to provide ongoing feedback or > > > mentorship that would be especially helpful.? Bakul Shah is my mentor > > > officially for GSoC but I would be happy to have additional support from > > > someone who is experienced with internals of the port infrastructure > > > makefiles. > > G'luck, > Peter > > -- > Peter Pentchev roam@{ringlet.net,debian.org,FreeBSD.org} pp@storpool.com > PGP key: http://people.FreeBSD.org/~roam/roam.key.asc > Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 -- End of PGP section, PGP failed! -- Rod Grimes rgrimes@freebsd.org From owner-soc-status@freebsd.org Wed May 29 14:32:29 2019 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DE9E215C4817; Wed, 29 May 2019 14:32:28 +0000 (UTC) (envelope-from se@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 819306F2CD; Wed, 29 May 2019 14:32:28 +0000 (UTC) (envelope-from se@freebsd.org) Received: from Stefans-MBP-402.fritz.box (p200300CD5F0B620098C1EFFA06128F6D.dip0.t-ipconnect.de [IPv6:2003:cd:5f0b:6200:98c1:effa:612:8f6d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "st_esser@t-online.de", Issuer "WISeKey CertifyID Standard Services CA 2" (verified OK)) (Authenticated sender: se/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 8BC321E01A; Wed, 29 May 2019 14:32:27 +0000 (UTC) (envelope-from se@freebsd.org) Subject: Re: GSoC: Separation of Ports Build Process from Local Installation To: Theron , soc-status@freebsd.org Cc: Bakul Shah , freebsd-hackers@freebsd.org, freebsd-ports@freebsd.org References: <5cdb1c0b-a2dd-c754-daa3-187330ad9ad6@gmail.com> From: Stefan Esser Openpgp: preference=signencrypt Autocrypt: addr=se@freebsd.org; prefer-encrypt=mutual; keydata= mQENBFVxiRIBCADOLNOZBsqlplHUQ3tG782FNtVT33rQli9EjNt2fhFERHIo4NxHlWBpHLnU b0s4L/eItx7au0i7Gegv01A9LUMwOnAc9EFAm4EW3Wmoa6MYrcP7xDClohg/Y69f7SNpEs3x YATBy+L6NzWZbJjZXD4vqPgZSDuMcLU7BEdJf0f+6h1BJPnGuwHpsSdnnMrZeIM8xQ8PPUVQ L0GZkVojHgNUngJH6e21qDrud0BkdiBcij0M3TCP4GQrJ/YMdurfc8mhueLpwGR2U1W8TYB7 4UY+NLw0McThOCLCxXflIeF/Y7jSB0zxzvb/H3LWkodUTkV57yX9IbUAGA5RKRg9zsUtABEB AAG0J1N0ZWZhbiBFw59lciAoRnJlZUJTRCkgPHNlQGZyZWVic2Qub3JnPokBVAQTAQoAPgIb AwULCQgHAwUVCgkICwUWAwIBAAIeAQIXgBYhBKNx6mWcC+zIK3FTE0frte9a/fVEBQJa8u+q BQkLJQETAAoJEEfrte9a/fVEOeMH/icmdK1eZQvB3U8quJo9VMaZsaTuCMbUE4NThyfsIvIm MCd+rb/yULmMYwqNfjyKB1x4ikR4x+94l+yJoz7K0Usks+eNKDmMGJM6pWWssTigaJubFdVd hVVC+C1QJi7JshYSib08uONoPmO4lv5Az0TDYGtsMzsES2sIlc62c9go5WPGYhQFRbX3Lk6y V6m8OHh+G9XGSj3oPO4UteRwu+SzTdOLunZBWG1wu34+IeZm663D+2gOppQLWpLa2qaTerqw THu377ayZ2B2LPJ5JkvkZeHYPkwDQ+b5PGn0UhfkxPnDVYki5F7qKxvQ5uq1/q9YaCX7mmOl H2yO7tgVsrW5AQ0EVXGJEgEIALEj9qCXMZVucjpcd3QxM/TlUr98m5viEd1z4tCnPUyRWcIC EVtj2h5xMH+2iB0q1+KWhq+NsWtvScmEmfHnsr7dJ1K677OdpDhKVaJk61eeRulFY1R4yb6C 1MMxK+WgYB+vvpG0UeyR0M4uBewcPvRsq4yGUHFQKtLAbMdoPTSryJA+ElnmK1vdY+rPcHgi OIMBZM7ahsPXC0C9K4e5SP9clGyIoMpbfHXdx9q+Rp3zVtlbhyk3BS/xccu/+9pk9ICXL6GR js2sNnJ0wxdU1DsAlC59a5MnSruwiZFwRnkQhr3x6wk97Lg7sLS9jjTnCN7LGlVmSmpOEMy6 uq1AWfUAEQEAAYkBPAQYAQoAJgIbDBYhBKNx6mWcC+zIK3FTE0frte9a/fVEBQJa8u+rBQkL JQEZAAoJEEfrte9a/fVEuesH/2DNxGWnHvWwMyiyhlQtafvDKwEn/wAgR8gHJFodB7emf8rA TnukH7MVttCoHtjN5lvv9RSBHjNTZls5wR/ANlwdRuPQHd8ZGxLe3S6IuUB3zDSwFltLGurO N2kOMhs5mTGyypSa+uw3rtQbUAVYf1oPbiR4FLtiM8FLyEvE95hX5fPq9Qvx9FmN79kmCIEw jDKPqDaUf/OR2fEF0LSIbXHEk4tNqCEwx5DIJ0fp5/z5UzICUAmwxyRs5O/Hre1jzPsMVyud Ml9t7UTOJGKVWwRory1PMnOFxN+iz5/d4FhYSKXF7kfMiFgol4LuWaxJRwbBrr71VGBrRy2a L1nw6Bc= Message-ID: Date: Wed, 29 May 2019 16:32:22 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 MIME-Version: 1.0 In-Reply-To: <5cdb1c0b-a2dd-c754-daa3-187330ad9ad6@gmail.com> Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 819306F2CD X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.97 / 15.00]; TAGGED_RCPT(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.97)[-0.969,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 May 2019 14:32:29 -0000 Am 29.05.19 um 00:51 schrieb Theron: > Hello All, > > For Google Summer of Code 2019 I am working on FreeBSD's ports tree makefiles > towards eliminating the dependency of the ports building process on the local > system's installed packages.  Currently this level of separation can only be > accomplished in practice through chroot or Jail.  The project will eliminate > the need for cooperation of the root user since /usr/local will not need to be > touched. > > The major technical obstacle to be overcome is that ports expect to find files > of their dependencies installed in /usr/local.  To support this without > touching that location on the installed system, file accesses will be > redirected to a location controlled by the ports build process through use of > a library to intercept file accesses. > > Once I have that working (well enough to build one port at a time) I will move > on to modify bsd.port.mk itself (and related files) to utilize this mechanism > for virtual installation of port dependencies during builds. > > The full project proposal can be seen at > https://docs.google.com/document/d/1B30U9csgY299W59tNraSX1LYjzsba2i04OrYAUpdIZs/edit > . What's wrong with using chroot to provide a clean build environment? That is what synth does, and I have been using my re-implementation of portmaster for this purpose for some time, which uses a chroot jail with read-only null-mounts of all relevant file systems and a clean copy of some files and directories in /etc and /var that can be written without root privileges. The jail is set up in not measurable time (irrelevant compared to the time required to build the port). The only problem with this approach is that it requires extra disk space for the build environment (e.g., the specific C compiler required by some port) plus the work space for the actual port build process. I'm using tmpfs file systems within the jail for the work directory and the copies of parts of /etc and /var that need to be written to. Is there a risk of mis-use of the interception library to attack the system, BTW? [Its use is not restricted to root and it might be used to re-map file system paths for commands that check e.g. policy files to decide whether some operation is authorized ... SUID programs should not be vulnerable to such an attack (since they do not allow the library pre-load required to intercept the file operations), but there might be application programs that are restricted by non-writable files in hard-coded directories that could be subverted this way ... (such a command would be ill-designed, since any user could compile her own interception library, but providing such a library with the system and possibly having hooks for it in libc might simplify such an attack, especially if there is no compiler and easy way to install such a library on a host).] > My goal is that this work can be integrated well enough into /usr/ports/Mk so > that unlike Jail, no set up work should be required for using ports tree to > build a set of installable packages. Yes, this might be beneficial. But there will be huge differences compared to the current build process. And in the end you'll probably have to put the logic used by, e.g., portmaster to track dependencies and determine the availability of up-to-date packages (to use as build dependencies) into the ports system. > Please let me know if you are interested in this project; feedback is > appreciated.  If someone would like to provide ongoing feedback or mentorship > that would be especially helpful.  Bakul Shah is my mentor officially for GSoC > but I would be happy to have additional support from someone who is > experienced with internals of the port infrastructure makefiles. I'd be interested to get further information about your approach and the progress you make and my experience working on a somewhat similar project with portmaster might allow me to answer questions or provide some help ... Regards, STefan From owner-soc-status@freebsd.org Wed May 29 16:01:35 2019 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A52FC15A5F68; Wed, 29 May 2019 16:01:35 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 776AD72C56; Wed, 29 May 2019 16:01:34 +0000 (UTC) (envelope-from shivankgarg98@gmail.com) Received: by mail-ed1-x52b.google.com with SMTP id m4so4548157edd.8; Wed, 29 May 2019 09:01:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=KV1XjMcpQSdjFAtWqYlehBgHXhAVRGjX22KBjbzIdUc=; b=g0pPYRvvcVSV9QhhBrqgK2JI4B7Bh1mzUJc6xVKnncRDQT6Zy4lNYS52BOZ7nEDm8+ MYXOnWuRYXVH1y77xqgjO74d9eJEqc+mO7JvZNfDGhtMxgVrsdVbfF24msQZVzAWgXZJ CIHpeEVORUxPb9JfoK8blu39dnUrPcixWR59YDh6ae7IYBArDTSVw6cX+aAzgmVA9Vop c4j+k3FHrC/RdROZ4o4v6K37OzJ9nBlLV4ICimiRylRR/V5DCPv7VWi7CFHm5Ones6OY hKCOJ6Nddx848+hQeWvZWPIUSyM/XqcovLUh31THocsRNrUm7zXu3wMdaz/26BQ5JPz5 vCvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=KV1XjMcpQSdjFAtWqYlehBgHXhAVRGjX22KBjbzIdUc=; b=YkEYyX07rtaBcfBn+3YCADY91wsr6QYTK+g/H7i2di7Qejm4iF2P7Lnha3MPtQCM7Z QQjIVk08CFMO8ydgvz0ur7I1e4r3+uC6gcbFqIuR+D/q91AfzOUtSY239y8yD6RAUZ2I Y5giOKHuAJWe7jnH1KOZPI3W3w9i3F5o0jnFdbiZmd6O8vS8+H6peb+6Tf+YG4QPbph2 64g8v4/lbr0f+buUBbTOZjDu8QOEXwzSt+SpdxE3wDS3ICdRvQy9QHQteyGit4Wi83eG kS0ZGCqkwJ6abAZ+M+z+x4eN005wBaiZf//rW/3NnSk8zRzjZXH3SgdEzRZFdlTByCH2 ZhUA== X-Gm-Message-State: APjAAAV6qSPeRTg5EusNCH78kf8k6d5+1UKKb8uUIMty7H3Ef302FGNz QSnN9c/jA9Ycn273pIpfr9aPZgFfwt8J4nNEBPv/pMLXCRI= X-Google-Smtp-Source: APXvYqzwPZpQ+E4b9JtOTHNYC7f/1lZ5F+NOVzbv8xmOe3/1H+SOlY4dm5Y6AIJWGQmFv8TyVNCujBEvUKhvXS4OzSg= X-Received: by 2002:a50:add7:: with SMTP id b23mr136708524edd.215.1559145693041; Wed, 29 May 2019 09:01:33 -0700 (PDT) MIME-Version: 1.0 From: Shivank Garg Date: Wed, 29 May 2019 21:31:22 +0530 Message-ID: Subject: [GSoC'19 Introduction] MAC policy on IP addresses in Jail To: soc-status@freebsd.org, freebsd-hackers@freebsd.org Cc: "Bjoern A. Zeeb" X-Rspamd-Queue-Id: 776AD72C56 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=g0pPYRvv; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of shivankgarg98@gmail.com designates 2a00:1450:4864:20::52b as permitted sender) smtp.mailfrom=shivankgarg98@gmail.com X-Spamd-Result: default: False [-6.60 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_SOME(0.00)[]; RCVD_TLS_LAST(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[b.2.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; IP_SCORE(-2.70)[ip: (-8.97), ipnet: 2a00:1450::/32(-2.18), asn: 15169(-2.29), country: US(-0.06)]; NEURAL_HAM_SHORT(-0.89)[-0.891,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 May 2019 16:01:36 -0000 Hi, This project is aimed at developing a loadable MAC module with the "The TrustedBSD MAC Framework" to limit the set of IP addresses a VNET-enabled Jail can choose from. I am a fourth-year undergraduate student in the Department of EE at IIT Kanpur, India. I am an open-source enthusiast and interested in Operating Systems, Computer Networks, and system security. My mentor for the project is Bjoern A. Zeeb (bz@FreeBSD.org) *About the project:* Using VNET in FreeBSD jails, the root of the jail can set IP addresses of their will, however, sysadmins may need to limit these privileges for different purposes. With a MAC framework, the root of the host can restrict root of the jail to set the desired IP address. Currently, there is no MAC policy module for such restriction, implying these rules are written in the kernel itself. The project is focused on writing a MAC module for "The TrustedBSD MAC framework " to enable easy management of privilege(configuring the network stack) restriction of jail. Features this new MAC policy module should include are- Host be able to define the list(multiple lists) of IP(both IPv4 and IPv6) addresses/subnets for the jail to choose from. Host be able to restrict the jail from setting the certain IP addresses(both IPv4 and IPv6) or prefixes(subnets). Nested Jails should also follow the access control policy. *Approach:* Currently, my approach is to write a loadable kernel module which has checks on IP addresses using various syscalls. Using SIOCAIFADDR(for IPv4) and SIOCAIFADDR_IN6(for IPv6) code and ioctl system call, these checks can be implemented to allow/disallow a particular IP address. *Test Plan:* For testing this module, I will write simple test cases for checking the validity of the module. For generating a test report, I will use Kyua Testing framework. Do Check this project on Github: https://github.com/shivankgarg98/freebsd/tree/shivank_MACPolicyIPAddressJail/sys/security/mac_ipacl FreeBSD wiki: https://wiki.freebsd.org/SummerOfCode2019Projects/MACPolicyIPAddressJail Please feel free to share your ideas and feedback on this project. Regards, Shivank Garg From owner-soc-status@freebsd.org Wed May 29 20:24:22 2019 Return-Path: Delivered-To: soc-status@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE89F15AC488; Wed, 29 May 2019 20:24:21 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ED3E8562D; Wed, 29 May 2019 20:24:21 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id W57Lh1r5lGusjW57MhIWeJ; Wed, 29 May 2019 14:24:13 -0600 X-Authority-Analysis: v=2.3 cv=fOdHIqSe c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=IkcTkHD0fZMA:10 a=E5NmQfObTbMA:10 a=pGLkceISAAAA:8 a=B6KMzFptAAAA:20 a=6I5d2MoRAAAA:8 a=YxBL1-UpAAAA:8 a=GO1jMW3m-7Bypqi-ZcwA:9 a=QEXdDO2ut3YA:10 a=IjZwj45LgO3ly-622nXo:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from android-9b917f0ce39da6e6.esitwifi.local (S0106788a207e2972.gv.shawcable.net [70.66.154.233]) by spqr.komquats.com (Postfix) with ESMTPSA id 2A4E8684; Wed, 29 May 2019 13:24:10 -0700 (PDT) Date: Tue, 28 May 2019 21:01:58 -0700 User-Agent: K-9 Mail for Android In-Reply-To: <5cdb1c0b-a2dd-c754-daa3-187330ad9ad6@gmail.com> References: <5cdb1c0b-a2dd-c754-daa3-187330ad9ad6@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: GSoC: Separation of Ports Build Process from Local Installation To: freebsd-hackers@freebsd.org, Theron , soc-status@freebsd.org CC: Bakul Shah ,freebsd-ports@freebsd.org From: Cy Schubert Message-ID: X-CMAE-Envelope: MS4wfD+zeNXpfJYG7N80YyKmFssDsZPSfFf5YwQHDnX3KW+8t+JdlPw14HOtAtL6HQGotyE2CZrqQBQcBeE/FWYKyJRt9hMywpieTe2q762fPpyZJ7IMRa+j 0iOyuCCJK6W9AvP45aZXeR/UH58y/qEMardwp4MM+KmAwOW6ZF3e8o3+WN47VSvM1dcN64LD0DFwp/uSTnKTf3ysQRiogqwLuLYP+HDwCC+TLh56LGovqQR4 Qku7zLUzQGFNxdr6xeFyg0DvzLEQJOrYUjblcfFUjzJe9UFEW0e4pSWb9fGBDqsTTluNJs35qCYmaP/eMSnxp7u4aFZrpAss3+/8YR5Fgns= X-Rspamd-Queue-Id: 4ED3E8562D X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.95 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.95)[-0.952,0] X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 May 2019 20:24:22 -0000 On May 28, 2019 3:51:08 PM PDT, Theron wrote: >Hello All, > >For Google Summer of Code 2019 I am working on FreeBSD's ports tree=20 >makefiles towards eliminating the dependency of the ports building=20 >process on the local system's installed packages=2E=C2=A0 Currently this = level > >of separation can only be accomplished in practice through chroot or=20 >Jail=2E=C2=A0 The project will eliminate the need for cooperation of the = root=20 >user since /usr/local will not need to be touched=2E > >The major technical obstacle to be overcome is that ports expect to >find=20 >files of their dependencies installed in /usr/local=2E=C2=A0 To support t= his=20 >without touching that location on the installed system, file accesses=20 >will be redirected to a location controlled by the ports build process=20 >through use of a library to intercept file accesses=2E > >Once I have that working (well enough to build one port at a time) I=20 >will move on to modify bsd=2Eport=2Emk itself (and related files) to >utilize=20 >this mechanism for virtual installation of port dependencies during >builds=2E > >The full project proposal can be seen at=20 >https://docs=2Egoogle=2Ecom/document/d/1B30U9csgY299W59tNraSX1LYjzsba2i04= OrYAUpdIZs/edit > >=2E > >My goal is that this work can be integrated well enough into=20 >/usr/ports/Mk so that unlike Jail, no set up work should be required >for=20 >using ports tree to build a set of installable packages=2E > >Please let me know if you are interested in this project; feedback is=20 >appreciated=2E=C2=A0 If someone would like to provide ongoing feedback or= =20 >mentorship that would be especially helpful=2E=C2=A0 Bakul Shah is my men= tor=20 >officially for GSoC but I would be happy to have additional support >from=20 >someone who is experienced with internals of the port infrastructure=20 >makefiles=2E > >Theron Tarigo >_______________________________________________ >freebsd-hackers@freebsd=2Eorg mailing list >https://lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-hackers >To unsubscribe, send any mail to >"freebsd-hackers-unsubscribe@freebsd=2Eorg" How is this different from what poudriiere already does? --=20 Pardon the typos and autocorrect, small keyboard in use=2E Cheers, Cy Schubert FreeBSD UNIX: Web: http://www=2EFreeBSD=2Eorg The need of the many outweighs the greed of the few=2E