Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 19 Jan 2016 23:22:31 -0500
From:      "Michael B. Eichorn" <ike@michaeleichorn.com>
To:        =?ISO-8859-1?Q?Lu=EDs?= Fernando Schultz Xavier da Silveira <schultz@ime.usp.br>, kpneal@pobox.com
Cc:        Polytropon <freebsd@edvax.de>, freebsd-questions@freebsd.org
Subject:   Re: Unexpected dependencies of graphics/libGL
Message-ID:  <1453263751.6711.61.camel@michaeleichorn.com>
In-Reply-To: <20160120031432.cd8793f3626c07fc803ee308@ime.usp.br>
References:  <20160117031923.ce1f36547351bf07b6fff9a0@ime.usp.br> <20160117070715.1c33732b.freebsd@edvax.de> <20160117162018.964db3b1f2f2133242773e78@ime.usp.br> <20160117220247.69e6774f.freebsd@edvax.de> <20160118161235.GA92637@neutralgood.org> <20160119050806.cd08ca0687e76a4b09a701e3@ime.usp.br> <20160119062345.5402e98b.freebsd@edvax.de> <20160119063438.ca57c8a3bd8ba6781a58b040@ime.usp.br> <20160119141257.GA64358@neutralgood.org> <20160120031432.cd8793f3626c07fc803ee308@ime.usp.br>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
On Wed, 2016-01-20 at 03:14 +0000, Luís Fernando Schultz Xavier da
Silveira wrote:
> Hi,
> 
> In a nutshell, the point is that the build dependencies should not be
> there at all. Keeping them in a jail is not a proper solution because
> they can still influence the host system (since the packages
> resulting
> from computations done in the jail will be installed in the host).

There is nothing inherently wrong about this. The jail is not insecure,
it runs no external services. In the case of poudriere we trust the
build jails in the exact same way we trust software built on the the
host from ports.

The jails are used not so much for security as for isolating the build
from the host environment. Do recall that jails are in a way secure
extensions of the chroot concept; and that chroot was developed not for
security, but for compling software in a controlled environment. This
is what poudriere does, complie software in a controlled environment.

Further the complied packages are not 'kept' in a jail, after running
poudriere all jails are stopped and compliation jails are destroyed.
Poudriere creates a package repository on the host system where built
packages are kept.

One big advantage to poudriere is that since you are building this repo
you can confirm the whole build went well before installing any new
package on a production system. For a complex build like x11/gnome3
this can be a major advantage.

TLDR: Poudriere is at least as secure as building from ports. (Exactly
as kpneal and Polytropon said.)

> 
> On Tue, 19 Jan 2016 09:12:57 -0500
> kpneal@pobox.com wrote:
> 
> > On Tue, Jan 19, 2016 at 06:34:38AM +0000, Luís Fernando Schultz
> > Xavier da Silveira wrote:
> > > Hello,
> > > 
> > > > But this is not different from how ports are being built in
> > > > the regular ports tree: Compilation tools could be compromized
> > > > or package content could be affected. The typical "make
> > > > install"
> > > > will generate a package which is then installed via pkg.
> > > 
> > > Indeed, it is not different, and that is my point.
> > 
> > Huh? When did this turn into a discussion about security?
> > 
> > You can do a small amount of work and have security concerns or you
> > can
> > do much more work and have the exact same security concerns. I
> > really don't
> > see how this reflects badly on Poudriere.
> > 
> > I thought this was a discussion about how to avoid having build
> > dependencies
> > installed when all you wanted was the run-time dependencies.
> > Poudriere
> > handles this nicely without all that mucking about with locking
> > packages,
> > keeping your ports tree in sync with the one checked out at
> > freebsd.org,
> > etc.
> > 
[-- Attachment #2 --]
0	*H
010
	`He0	*H
000]0
	*H
010	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H10Uike@michaeleichorn.com1%0#	*H
	ike@michaeleichorn.com0"0
	*H
0
UՀ,k9D %Z|Y6J<rrK
g;&|uNlUE9)V.[ט̊:qS](#vSYDz*CpugYݔ,v<`j(waS#ڒ6n(K5'KVLåErv<J=[}W
bLA%gޭnVb|	I?M7D:$׃bM_T[,ƃ\00	U00U0U%0++0Ujj:	γ+39啖0U#0Sr풜\|~5NԸQ0!U0ike@michaeleichorn.com0LU C0?0;+70*0.+"http://www.startssl.com/policy.pdf0+00' StartCom Certification Authority0This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+)'%http://crl.startssl.com/crtu1-crl.crl0+009+0-http://ocsp.startssl.com/sub/class1/client/ca0B+06http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0http://www.startssl.com/0
	*H
x+ȐF}pw.XvF?rg
P]EOp)L˻yA
;hi0u2]m [Sbp$_
gr
Xm*YP3#H>mKAǠt)HO|=@}3ӝ'iO81>03	v'h5U
"H;ECZtpҗ4rWHu^6+i*kJL8shAV|5;?HMc\	j[j|+000]0
	*H
010	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H10Uike@michaeleichorn.com1%0#	*H
	ike@michaeleichorn.com0"0
	*H
0
UՀ,k9D %Z|Y6J<rrK
g;&|uNlUE9)V.[ט̊:qS](#vSYDz*CpugYݔ,v<`j(waS#ڒ6n(K5'KVLåErv<J=[}W
bLA%gޭnVb|	I?M7D:$׃bM_T[,ƃ\00	U00U0U%0++0Ujj:	γ+39啖0U#0Sr풜\|~5NԸQ0!U0ike@michaeleichorn.com0LU C0?0;+70*0.+"http://www.startssl.com/policy.pdf0+00' StartCom Certification Authority0This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+)'%http://crl.startssl.com/crtu1-crl.crl0+009+0-http://ocsp.startssl.com/sub/class1/client/ca0B+06http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0http://www.startssl.com/0
	*H
x+ȐF}pw.XvF?rg
P]EOp)L˻yA
;hi0u2]m [Sbp$_
gr
Xm*YP3#H>mKAǠt)HO|=@}3ӝ'iO81>03	v'h5U
"H;ECZtpҗ4rWHu^6+i*kJL8shAV|5;?HMc\	j[j|+0400
	*H
0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
071024210155Z
171024210155Z010	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0"0
	*H
0
	-).2AUGo#G
B|NDRpM-B=o-we5JQpa>O.#._<V
[~**pz~3WG.ᘟMlr[<Ce6fqO"uxfWN#uicgkv$Lb%y`_{`xK'GN00U00U0USr풜\|~5NԸQ0U#0N@[i04hCA0f+Z0X0'+0http://ocsp.startssl.com/ca0-+0!http://www.startssl.com/sfsca.crt0[UT0R0'%#!http://www.startssl.com/sfsca.crl0'%#!http://crl.startssl.com/sfsca.crl0U y0w0u+70f0.+"http://www.startssl.com/policy.pdf04+(http://www.startssl.com/intermediate.pdf0
	*H

}x,\c^#wMq}>UK/^yX֏y	frMIŲB61ymQ󸟆ҨݬZ0&;@#13qۑ&	̢o	6r_;GO>*I(	74XS1r3)!LJy6Kotˆ#
_wSr
;B
ADp(fs䰷6%.W0J3:bC<8t X1<Cn=t==wST~\wkBf|15zUP)(IjVB!OfI=bb\4-*em/нSJm7N[]'@ڽD9Kr>R7/|o^I@ټ'Pa$ z9a'L)(
I}vcH]۸D*W}
m>Q|C.(,lQ10{0010	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]0
	`He0	*H
	1	*H
0	*H
	1
160120042231Z0/	*H
	1" XYC/qoh\LUb㻻vP0	+710010	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]0*H
	1010	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]0
	*H
YS?9ߊVaí4%)?r2]fd[EߤcUmwW)M??v`hɲu7Iw,9Vmd]1AٛEddq$[{r^`
*8G;(
z+ @Ǭ.Q*ə:E"J'ueTIVͬ㇃,D;`ќQ%tXZ<ଆ(É]8F&2|$o.ø1XW=b

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1453263751.6711.61.camel>