netbsd-users: Re: a question about updating

Subject: Re: a question about updating
To: Thierry Lacoste <lacoste@univ-paris12.fr>
From: Greg A. Woods <woods@planix.com>
List: netbsd-users
Date: 03/20/2007 16:56:43
--pgp-sign-Multipart_Tue_Mar_20_16:56:39_2007-1
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

At Tue, 20 Mar 2007 21:35:15 +0100,
Thierry Lacoste wrote:
> 
> Now I'm just curious.
> With FreeBSD I use "make buildworld" on a machine
> which nfs-exports /usr/src and /usr/obj read-only.
> On other machines I mount those directories and "make installworld".
> 
> I thought that "build.sh distribution" and "build.sh install" was the
> equivalent on NetBSD but apparently I'm wrong.
> Why does "build.sh install" need write access to obj?

The simple answer is because you are not supposed to ever run "build.sh
install" on anything but the build host alone.  :-)


NetBSD's build system is designed to be entirely hosted on a non-native
machine.

That means that all the build tools, right from the MAKE to the CC and
everything in between and beyond, is built by the "build.sh tools" for
execution and use on the build host and only with the various *DIR
settings chosen at build time.

Those tools are not expected to be usable on any target host -- they are
for use entirely on the build host alone.

Now in theory if the build host and the target host are very similar
then it _could_ be possible to do what you suggest.  However in practice
even with identical build and target host environments getting all the
right settings to be identical on both hosts is still too complex to do
as a matter of course.

Also in theory you could avoid "build.sh" and the tools it builds and to
an entirely native host build in the same way FreeBSD does (and in the
same way NetBSD did before build.sh came along), and then you could
mount src and obj on an identical target machine and do a "make install"

However given that NetBSD's developers don't support, and probably never
test, the old self-hosted builds, it just may not work any more.


Now, as for security, the other _HUGE_ win with build.sh is that you can
do entirely unprivileged (and in theory also even fully chrooted) builds.


The idea is you should be able to do a full NetBSD build, right to the
bootable ISO image, on any decent POSIX-compatible host, regardless of
the architecture, CPU, or OS of the build host.

I think if you wrap your head around those ideas then you'll quickly
appreciate the benefits of at least building the "sets" files (and a
kernel) on your build host and then installing those on your target
machine(s) after rebooting the new kernel.

IMNSHO NetBSD's build.sh and its cross-build toolchain are the way OS
builds should always and only have been done.  :-)

-- 
						Greg A. Woods

H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack <woods@robohack.ca>
Planix, Inc. <woods@planix.com>       Secrets of the Weird <woods@weird.com>

--pgp-sign-Multipart_Tue_Mar_20_16:56:39_2007-1
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: eqPSnB00c+RTddCJPvsdQGDCgEpQQ3mj

iQA/AwUBRgBKi2Z9cbd4v/R/EQK9hgCeKXbviqDHOToq3mbsajvI48WIxWcAoPQJ
7EWusIP8oiUzRF4fEda9bmNT
=Clvh
-----END PGP SIGNATURE-----

--pgp-sign-Multipart_Tue_Mar_20_16:56:39_2007-1--