Date: Wed, 23 May 2012 11:12:41 -0700 From: Jason Helfman <jgh@FreeBSD.org> To: Chris Rees <crees@FreeBSD.org> Cc: Martin Wilke <miwi@freebsd.org>, cvs-all@freebsd.org, ports-committers@freebsd.org, Pav Lucistnik <pav@freebsd.org>, cvs-ports@freebsd.org, Bernhard Froehlich <decke@freebsd.org> Subject: Re: cvs commit: ports/databases/pg_filedump Makefile Message-ID: <20120523181241.GI8317@dormouse.experts-exchange.com> In-Reply-To: <CADLo83_9j1oKTv-5dpdXXbn5WFtMKhJ-e6QPvSwsA8iGg2WqrQ@mail.gmail.com> References: <201205231334.q4NDYCMQ078804@repoman.freebsd.org> <1337780396.2024.2.camel@pav.hide.vol.cz> <9b15e44319f017bff90bc3caa1de79d9@bluelife.at> <1337781238.2024.7.camel@pav.hide.vol.cz> <1337781346.2024.8.camel@pav.hide.vol.cz> <a2ac942a73bd4575d797fc7cc250fe31@bluelife.at> <CADLo83_9j1oKTv-5dpdXXbn5WFtMKhJ-e6QPvSwsA8iGg2WqrQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 23, 2012 at 07:04:52PM +0100, Chris Rees thus spake:
>On 23 May 2012 15:39, Bernhard Froehlich <decke@freebsd.org> wrote:
>> On 23.05.2012 15:55, Pav Lucistnik wrote:
>>>
>>> Pav Lucistnik píše v st 23. 05. 2012 v 15:53 +0200:
>>>>
>>>> Bernhard Froehlich píše v st 23. 05. 2012 v 15:47 +0200:
>>>> > On 23.05.2012 15:39, Pav Lucistnik wrote:
>>>> > > Martin Wilke píše v st 23. 05. 2012 v 13:34 +0000:
>>>> > >> miwi 2012-05-23 13:34:12 UTC
>>>> > >>
>>>> > >> FreeBSD ports repository
>>>> > >>
>>>> > >> Modified files:
>>>> > >> databases/pg_filedump Makefile
>>>> > >> Log:
>>>> > >> - Switch to FETCH_DEPENDS to fix fetch during build
>>>> > >
>>>> > > How is this supposed to work? The log message makes no sense.
>>>> >
>>>> > The problem that this fixes is when you are building in jails
>>>> > and restrict internet access to the "fetch" target like
>>>> > pointyhat-west, redports.org and poudriere already do.
>>>>
>>>> Well, the restriction was put in place for a reason 1*), and now you're
>>>> working around that very reason. So just remove the restriction from
>>>> pointyhat and problem solved.
>>>
>>>
>>> On a second read, now I see what you're achieving. But still, the chosen
>>> solution seems suboptimal.
>>
>>
>> On the list of broken ports there are a handful of ports (including this
>> one) that depend on another ports code (aka working directory). Right now
>> those ports are written using a dirty hack like that:
>>
>> from databases/mysql-q4m:
>>
>> BUILD_DEPENDS=
>> ${NONEXISTENT}:${PORTSDIR}/databases/mysql${MYSQL_VER}-server:build
>> CONFIGURE_ARGS= --with-mysql="$$(cd
>> ${PORTSDIR}/databases/mysql${MYSQL_VER}-server; ${MAKE} -V WRKSRC)"
>>
>> We decided to choose the s/BUILD_DEPENDS/FETCH_DEPENDS/ solution because
>> it doesn't actually make the hack much worse than it already is. The
>> downside is that it builds during fetch which isn't nice but better than
>> fetch during build which is a security improvement.
>>
>> If someone comes up with a better solution without completely rewriting
>> all those ports I would be glad to help doing it. Right now it looks like
>> there are around 5-10 ports of that kind.
>
>I'm deeply unhappy about adding ad-hoc fixes like this.
>
>Any comments about [1]? I do think that the fixes already put in
>should be reverted in favour of a proper solution.
>
>Alternatively something like (but more hackish):
>
>.for dep in ${PKG_DEPENDS} ${EXTRACT_DEPENDS} ${PATCH_DEPENDS}
>${BUILD_DEPENDS} ${LIB_DEPENDS} ${RUN_DEPENDS}
># Check any dependencies with third tuple full, but don't duplicate.
>. if !empty(dep:M*\:*\:*) &&
>empty(FETCH_DEPENDS:M*\:${dep:C,[^:]*\:([^:]*)\:[^:]*,\1}:\*)
>FETCH_DEPENDS+= ${dep:C,[^:]*$,fetch}
>. endif
>.endfor
>
>Which is better?
>
>Chris
>
>====
>
>[1] http://www.bayofrum.net/~crees/patches/bsd.port.mk-fetch-depends.diff
When I first ported databases/jasperserver, I was told by Pav that it
couldn't be on pointyhat because it fetched post-fetch. I worked with
the vendor to provide a solution that provided the same files that
could be verified, while not compromising the build.
Is there any reason that these projects should be allowed to fetch
post-fetch?
-jgh
--
Jason Helfman
FreeBSD Committer | http://people.freebsd.org/~jgh | The Power To Serve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120523181241.GI8317>