From owner-freebsd-ports@freebsd.org Wed Oct 7 12:02:12 2015 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AD0DE9B63CA for ; Wed, 7 Oct 2015 12:02:12 +0000 (UTC) (envelope-from freebsd-ports-local@be-well.ilk.org) Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173]) by mx1.freebsd.org (Postfix) with ESMTP id 8A4BFC4E for ; Wed, 7 Oct 2015 12:02:12 +0000 (UTC) (envelope-from freebsd-ports-local@be-well.ilk.org) Received: from lowell-desk.lan (router.lan [172.30.250.2]) by be-well.ilk.org (Postfix) with ESMTP id 12C3633C1E for ; Wed, 7 Oct 2015 08:02:00 -0400 (EDT) Received: by lowell-desk.lan (Postfix, from userid 1147) id 7C65839819; Wed, 7 Oct 2015 08:01:59 -0400 (EDT) From: Lowell Gilbert To: freebsd-ports@freebsd.org Subject: Re: change ports default work directory prefix References: <560ED943.4060106@erdgeist.org> Date: Wed, 07 Oct 2015 08:01:59 -0400 In-Reply-To: <560ED943.4060106@erdgeist.org> (Dirk Engling's message of "Fri, 2 Oct 2015 21:21:39 +0200") Message-ID: <44y4feubt4.fsf@lowell-desk.lan> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2015 12:02:12 -0000 Dirk Engling writes: > Today in EuroBSDCon's jail working group we discussed changing the > default for WRKDIRPREFIX to /usr/obj/ports. This has the advantage of > being able to share the ports tree between host system and jails. > Another plus is that cleaning all work directories is much faster than a > recursive make clean. I set WRKDIRPREFIX in all cases (including the "real" system) for these reasons. I don't use /usr/obj/ports, but /usr/obj is the best place that exists in hier(7). > With the current default, exposing the ports tree to jails potentially > leaks information about installed programs, configured options or host > specific generated secrets (thinking of LocalSettings.php). I don't understand why any of these would be concerns. If there are work directories littering the tree, that could leak some information, and the distfiles set could leak some information, but not much and not reliably. > On the down side, developers can't by default just copy the port, hack > away and be sure to only modify files in their respective home directories. When I do that, I'm running under my own UID, so I don't have permission to write into /usr/obj. If I forget to set WRKDIRPREFIX, I'll get a quick reminder. I don't think it's a problem. > bapt@ asked me to discuss this here, also looking for potential other > pitfalls I have not thought about. People with unusual partitioning schemes might see some surprising effects, but I think it's unlikely to break anything even in those cases, and they may well set WRKDIRPREFIX already. There are no significant downsides, and although I think the benefits will turn out to mostly go to types of people who already set WRKDIRPREFIX today, they are real. In short: can't hurt, will help a bit, go ahead. Be well.