Subject: Firewall packages
To: None <>
From: John Rowan Littell <>
List: tech-pkg
Date: 09/13/2000 22:12:08
I suspect most here may know something about the NetBSD Firewall
Project (  It's a pretty bare-bones system, meant
to run on a minimum of hardware, and also meant to be run by
non-specialists in *nix.  I bring this up here because I have created
a couple of packages for it that are derived from the official
NetBSD packages.  At this point, I've done openssh and openssl.

My question is: as derived packages, what sorts of things should I
do to avoid treading on other people's toes if I want to distribute
these packages?  The details of the derivation can be summed up as

  (1) delete any development files (header files, etc.)
  (2) delete much of the documentation to save space (and since
      man(1) is not installed on the firewall project)
  (3) delete files that cause major dependancy problems and we can
      live without (e.g., openssl depends on perl, but only for its
      documentation and a couple of certificate management scripts)
  (4) modify the package control files to reflect these changes.

I've done this by hand for both of the packages mentioned, and I've
also created a couple of perl scripts that repackage a package based
on a list of removed files and diffs for changed files (I'd be happy
to make these scripts available).

I'm not trying to replace any packages, merely strip some down so
that they're better suited to the firewall project's environment.
Also, as such, I shouldn't think they'd get integrated at all into
the standard package tree -- they'd make their distribution home
either at my site or the firewall project's site.  Finally, I'm not
envisioning doing a lot of packages (although ssh-ip-tunnel and
pty-redir come to mind as possibilities); frankly, if people are
needing a lot more than what the firewall project has to offer, I
think they'd be better off with a standard install of NetBSD (or
whatever they so choose).  The folks at the firewall project are
open to the idea, subject, of course, to the approval of the official
package maintainers.

So -- what do people think?


John "Rowan" Littell