From owner-freebsd-ports@freebsd.org Mon Nov 9 09:47:56 2020 Return-Path: Delivered-To: freebsd-ports@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 957222ECF4F for ; Mon, 9 Nov 2020 09:47:56 +0000 (UTC) (envelope-from se@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CV5lJ3gD5z4Yb9; Mon, 9 Nov 2020 09:47:56 +0000 (UTC) (envelope-from se@freebsd.org) Received: from Stefans-MBP-WLAN.fritz.box (p200300cd5f0bbc001986ed6a007fa56d.dip0.t-ipconnect.de [IPv6:2003:cd:5f0b:bc00:1986:ed6a:7f:a56d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: se/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 0A9F822EDB; Mon, 9 Nov 2020 09:47:55 +0000 (UTC) (envelope-from se@freebsd.org) To: Tatsuki Makino , Mason Loring Bliss References: <20201101233032.GC6041@blisses.org> <20201108205008.GO31104@blisses.org> Cc: freebsd-ports@freebsd.org From: Stefan Esser Subject: Re: Donation to Foundation for Poudriere /opt builds! (Bounty?) Message-ID: <4c43573c-9428-98a6-1b3e-e78ba3239575@freebsd.org> Date: Mon, 9 Nov 2020 10:47:52 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:78.0) Gecko/20100101 Thunderbird/78.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="KuAUkUzbLQ0ixnY75cfFp4Nv1UpcIkkn1" X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Nov 2020 09:47:56 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --KuAUkUzbLQ0ixnY75cfFp4Nv1UpcIkkn1 Content-Type: multipart/mixed; boundary="0rokgViJB5ILxvfMcPCNWYyZu5P18xvvB"; protected-headers="v1" From: Stefan Esser To: Tatsuki Makino , Mason Loring Bliss Cc: freebsd-ports@freebsd.org Message-ID: <4c43573c-9428-98a6-1b3e-e78ba3239575@freebsd.org> Subject: Re: Donation to Foundation for Poudriere /opt builds! (Bounty?) References: <20201101233032.GC6041@blisses.org> <20201108205008.GO31104@blisses.org> In-Reply-To: --0rokgViJB5ILxvfMcPCNWYyZu5P18xvvB Content-Type: multipart/mixed; boundary="------------4CAD0198B904F85F0D946942" Content-Language: en-US This is a multi-part message in MIME format. --------------4CAD0198B904F85F0D946942 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: quoted-printable Am 09.11.20 um 00:40 schrieb Tatsuki Makino: > I think you need to rewrite all the files under /etc that have > /usr/local in them. > For example, ldconfig_paths in /etc/rc.conf. I have committed that change a few days ago, and it was heavily disputed by those who think that there never should be a path other than /usr/local used for LOCALBASE. > Perhaps we need to apply it to both host and jail. It is in -CURRENT and I could MFC to -STABLE, but it will take some time to arrive in a release (with 12.2 just finished). > If the shell of the user root of a jail is csh, the PATH of /root/.cshr= c > in jail may also be relevant. There are a number of files that need to be adjusted if LOCALBASE is not /usr/local, and I'm willing to put proposed patches up for review and commit them if accepted. > In addition, /root/.profile is another file that defines the PATH. Yes, and there are many more. I have added _PATH_LOCALBASE to /usr/include/paths.h in -CURRENT to be picked up by binaries. There already is ${LOCALBASE} in the Makefile in /usr/src and it is used in some isolated parts of the tree to support a LOCALBASE other than /usr/local. But /usr/local has been hard-coded in FreeBSD for decades (not in many files and binaries, but in some critical ones) and it takes effort to make this a parameter that can be easily adjusted. But there are down-sides: Making this parameter variable can lead to security issues, since an attacker might be able to circumvent policy restrictions and authorization checks. I'm all for making it easy to build a system for another value of LOCALBASE, but I'm not convinced that being able to choose another value at run-time is worth the vulnerabilities this may create. > However, when you do all that, it's already a different OS distribution= > than FreeBSD, isn't it :) ? No, I don't think so. It is still FreeBSD, but you have to understand that it is FreeBSD without pre-built packages, since most of them can be built for a different LOCALBASE (but not all!) but the official packages won't run (need a re-compile). This may change if packages start to use the proposed getlocalbase() function to construct paths at run-time. Other files provided by a port need to be patched at install time (may apply to configuration files rc scripts, ...) Making FreeBSD friendly to environments that have a need for another LOCALBASE than /usr/local will take a lot of effort and contributions are welcome, as long as they do not cause issues for the large majority that will continue to use the default of /usr/local. Regards, STefan --------------4CAD0198B904F85F0D946942-- --0rokgViJB5ILxvfMcPCNWYyZu5P18xvvB-- --KuAUkUzbLQ0ixnY75cfFp4Nv1UpcIkkn1 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEo3HqZZwL7MgrcVMTR+u171r99UQFAl+pEEgFAwAAAAAACgkQR+u171r99US0 Cgf8C65WoIKQ5AyoC1e20HMlA9rl1ccyawojMLi99wAX1K0UMvI9gqBgEOKxRKY6L1gcqIwVOc1P Ly/pOU3ut0z6aC4zrmU5XCrUh1cpzdnyZhjfAV6VTKIxJrRT/YSun/O0RubE1tld7sS8FpA4+Y2Y UzOq/3UXC/PPaWgxG0YUAZe2wsAPTMRkJuMN/8yRufAbmwLUJMxO5db9kGQcxbQDzWDZHMZVksd5 iZEwnj7FtDdTjHr9akZeW12VpXxiZZVDQ6zmrw16UOtV3xRt6BPY4wgMTakkxHY7xibEi00k+7zd a++U0OGhsU5+o7C3AMLuIoMPhmvofbSQ9+qG+IXGLw== =VR6y -----END PGP SIGNATURE----- --KuAUkUzbLQ0ixnY75cfFp4Nv1UpcIkkn1--