From owner-freebsd-stable@FreeBSD.ORG  Tue Jul  8 14:43:46 2003
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E9F9E37B401
	for <freebsd-stable@freebsd.org>;
	Tue,  8 Jul 2003 14:43:46 -0700 (PDT)
Received: from postal3.es.net (postal3.es.net [198.128.3.207])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 387BF43F85
	for <freebsd-stable@freebsd.org>;
	Tue,  8 Jul 2003 14:43:46 -0700 (PDT)	(envelope-from oberman@es.net)
Received: from ptavv.es.net ([198.128.4.29])
        by postal3.es.net (Postal Node 3) with ESMTP (SSL) id MUA74016;
        Tue, 08 Jul 2003 14:43:44 -0700
Received: from ptavv (localhost [127.0.0.1])
	by ptavv.es.net (Tachyon Server) with ESMTP
	id A6BA45D07; Tue,  8 Jul 2003 14:43:43 -0700 (PDT)
To: me@farid-hajji.de
In-Reply-To: Message from Farid Hajji <me@farid-hajji.de> 
	<200307082250.03189.me@farid-hajji.de> 
Date: Tue, 08 Jul 2003 14:43:43 -0700
From: "Kevin Oberman" <oberman@es.net>
Message-Id: <20030708214343.A6BA45D07@ptavv.es.net>
cc: freebsd-stable@freebsd.org
cc: paul@cnt.org
Subject: Re: Hardening production servers 
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jul 2003 21:43:47 -0000

> From: Farid Hajji <me@farid-hajji.de>
> Date: Tue, 8 Jul 2003 22:50:03 +0200
> Sender: owner-freebsd-stable@freebsd.org
> 
> > If you do a "make package" for each port that you install, you can copy of
> > using network filesharing (NFS, Samba, etc) to distribute the
> > /usr/ports/packages directory.  Create that directory if it doesn't exist,
> > and "make package" will save the .tgz there rather than under each
> > individual port directory.
> 
> Beware of ports that try to detect the CPU while compiling.
> mplayer (IIRC) or some CPU intensive ports _may_ detect
> a P4 on the compling machine and use it, so the binary
> may not work on vanilla i586s. /etc/make.conf is your friend.

If the port is done correctly (and it likely is for the package
builder to work correctly), it will turn off such features. 

The mplayer port does exactly this. You need to build with
"WITHOUT_RUNTIME_CPUDETECTION" for it to test your CPU type and build
for it. By default, the port built will be CPU independent. Of course,
this does impact performance a bit, so you might want to build
packages for each type of CPU you use. :-(
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net			Phone: +1 510 486-8634