Date: Sun, 23 Feb 2014 18:25:30 -0800 From: Drew Tomlinson <drew@mykitchentable.net> To: Polytropon <freebsd@edvax.de> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: How To Install Port Marked IGNORE -- SOLVED Message-ID: <BLU0-SMTP2954F5975A7FC2B69E6842EB3860@phx.gbl> In-Reply-To: <20140224020358.efe1bf33.freebsd@edvax.de> References: <BLU0-SMTP4239BE139FDC42F1F1EFEB6B3860@phx.gbl> <20140224020358.efe1bf33.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/23/2014 5:03 PM, Polytropon wrote: > On Sun, 23 Feb 2014 16:43:03 -0800, Drew Tomlinson wrote: >> I'm trying to install net/ntp but get this message: >> >> ** Port marked as IGNORE: net/ntp: >> is forbidden: CVE-2013-5211 / VU >> >> OK, I know about the monlist issue and will address that in my conf >> file. Thus I'd like to build and install anyway. How do I override >> this? >> Google posts suggest removing the "IGNORE" from the Makefile. > A very bad suggestion. You should not mess with port Makefiles, > especially not for that kind of purpose, to fix a problem by > creating another problem. :-) > > > >> However I do not see it in either net/ntp/Makefile or >> net/ntp/Makefile.inc. Where is is? Or should I do something else? > It will be set automatically if certain criteria are met. > You'll find the mechanism and some hints why and where it is > being used in /usr/ports/Mk/bsd.port.mk. Let me quote regarding > the IGNORE mark: > > Package build should be skipped entirely (e.g. > because of serious unfixable problems in the build, > because it cannot be manually fetched, etc). > > The reason will be stored in $IGNORE so you can refer to it. > This shows: Ports marked as IGNORE probably won't build at all. > > If you still want to (try to) build the port, see what "man 7 ports" > has to offer (except it's refering to FORBIDDEN, not IGNORE): > > NO_IGNORE If defined, allow installation of ports marked as > <FORBIDDEN>. The default behavior of the Ports framework > is to abort when the installation of a forbidden port is > attempted. Of course, these ports may not work as > expected, but if you really know what you are doing and are > sure about installing a forbidden port, then NO_IGNORE lets > you do it. > > This is what you could try: > > # make -D NO_IGNORE install > > But keep in mind that IGNORE isn't there for no particular reason. :-) Thank you for the nice explanation. Your suggestion worked. I believe it is marked IGNORE only because of the security vulnerability. Because this is used on my private LAN and not available to the public, I do not believe I am at any risk. However I have followed the configuration recommendations in the alert just to be sure. -- Like card tricks? Visit The Alchemist's Warehouse to learn card magic secrets for free! http://alchemistswarehouse.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BLU0-SMTP2954F5975A7FC2B69E6842EB3860>