Date: Mon, 9 Nov 2020 10:47:52 +0100 From: Stefan Esser <se@freebsd.org> To: Tatsuki Makino <tatsuki_makino@hotmail.com>, Mason Loring Bliss <mason@blisses.org> Cc: freebsd-ports@freebsd.org Subject: Re: Donation to Foundation for Poudriere /opt builds! (Bounty?) Message-ID: <4c43573c-9428-98a6-1b3e-e78ba3239575@freebsd.org> In-Reply-To: <TY2PR02MB40130B63CDCE0C2AAC0E515FFAEB0@TY2PR02MB4013.apcprd02.prod.outlook.com> References: <20201101233032.GC6041@blisses.org> <20201108205008.GO31104@blisses.org> <TY2PR02MB40130B63CDCE0C2AAC0E515FFAEB0@TY2PR02MB4013.apcprd02.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--KuAUkUzbLQ0ixnY75cfFp4Nv1UpcIkkn1
Content-Type: multipart/mixed; boundary="0rokgViJB5ILxvfMcPCNWYyZu5P18xvvB";
protected-headers="v1"
From: Stefan Esser <se@freebsd.org>
To: Tatsuki Makino <tatsuki_makino@hotmail.com>,
Mason Loring Bliss <mason@blisses.org>
Cc: freebsd-ports@freebsd.org
Message-ID: <4c43573c-9428-98a6-1b3e-e78ba3239575@freebsd.org>
Subject: Re: Donation to Foundation for Poudriere /opt builds! (Bounty?)
References: <20201101233032.GC6041@blisses.org>
<20201108205008.GO31104@blisses.org>
<TY2PR02MB40130B63CDCE0C2AAC0E515FFAEB0@TY2PR02MB4013.apcprd02.prod.outlook.com>
In-Reply-To: <TY2PR02MB40130B63CDCE0C2AAC0E515FFAEB0@TY2PR02MB4013.apcprd02.prod.outlook.com>
--0rokgViJB5ILxvfMcPCNWYyZu5P18xvvB
Content-Type: multipart/mixed;
boundary="------------4CAD0198B904F85F0D946942"
Content-Language: en-US
This is a multi-part message in MIME format.
--------------4CAD0198B904F85F0D946942
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: quoted-printable
Am 09.11.20 um 00:40 schrieb Tatsuki Makino:
> I think you need to rewrite all the files under /etc that have
> /usr/local in them.
> For example, ldconfig_paths in /etc/rc.conf.
I have committed that change a few days ago, and it was heavily
disputed by those who think that there never should be a path
other than /usr/local used for LOCALBASE.
> Perhaps we need to apply it to both host and jail.
It is in -CURRENT and I could MFC to -STABLE, but it will take
some time to arrive in a release (with 12.2 just finished).
> If the shell of the user root of a jail is csh, the PATH of /root/.cshr=
c
> in jail may also be relevant.
There are a number of files that need to be adjusted if LOCALBASE
is not /usr/local, and I'm willing to put proposed patches up for
review and commit them if accepted.
> In addition, /root/.profile is another file that defines the PATH.
Yes, and there are many more.
I have added _PATH_LOCALBASE to /usr/include/paths.h in -CURRENT
to be picked up by binaries.
There already is ${LOCALBASE} in the Makefile in /usr/src and it
is used in some isolated parts of the tree to support a LOCALBASE
other than /usr/local.
But /usr/local has been hard-coded in FreeBSD for decades (not in
many files and binaries, but in some critical ones) and it takes
effort to make this a parameter that can be easily adjusted.
But there are down-sides: Making this parameter variable can lead
to security issues, since an attacker might be able to circumvent
policy restrictions and authorization checks.
I'm all for making it easy to build a system for another value of
LOCALBASE, but I'm not convinced that being able to choose another
value at run-time is worth the vulnerabilities this may create.
> However, when you do all that, it's already a different OS distribution=
> than FreeBSD, isn't it :) ?
No, I don't think so. It is still FreeBSD, but you have to understand
that it is FreeBSD without pre-built packages, since most of them can
be built for a different LOCALBASE (but not all!) but the official
packages won't run (need a re-compile).
This may change if packages start to use the proposed getlocalbase()
function to construct paths at run-time. Other files provided by a
port need to be patched at install time (may apply to configuration
files rc scripts, ...)
Making FreeBSD friendly to environments that have a need for another
LOCALBASE than /usr/local will take a lot of effort and contributions
are welcome, as long as they do not cause issues for the large majority
that will continue to use the default of /usr/local.
Regards, STefan
--------------4CAD0198B904F85F0D946942--
--0rokgViJB5ILxvfMcPCNWYyZu5P18xvvB--
--KuAUkUzbLQ0ixnY75cfFp4Nv1UpcIkkn1
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEo3HqZZwL7MgrcVMTR+u171r99UQFAl+pEEgFAwAAAAAACgkQR+u171r99US0
Cgf8C65WoIKQ5AyoC1e20HMlA9rl1ccyawojMLi99wAX1K0UMvI9gqBgEOKxRKY6L1gcqIwVOc1P
Ly/pOU3ut0z6aC4zrmU5XCrUh1cpzdnyZhjfAV6VTKIxJrRT/YSun/O0RubE1tld7sS8FpA4+Y2Y
UzOq/3UXC/PPaWgxG0YUAZe2wsAPTMRkJuMN/8yRufAbmwLUJMxO5db9kGQcxbQDzWDZHMZVksd5
iZEwnj7FtDdTjHr9akZeW12VpXxiZZVDQ6zmrw16UOtV3xRt6BPY4wgMTakkxHY7xibEi00k+7zd
a++U0OGhsU5+o7C3AMLuIoMPhmvofbSQ9+qG+IXGLw==
=VR6y
-----END PGP SIGNATURE-----
--KuAUkUzbLQ0ixnY75cfFp4Nv1UpcIkkn1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4c43573c-9428-98a6-1b3e-e78ba3239575>