Subject: Re: Firewall packages
To: John Rowan Littell <>
From: David Brownlee <>
List: tech-pkg
Date: 09/14/2000 08:57:26
	Some of the hpcmips/PocketBSD people may have similar requirements
	for packages due to the extreme space limitations on those
	platforms. I believe they may be looking at a PKG_SMALL or similar
	variable to adjust the behaviour of packages - its quite possible
	the same approach would work well for the dubbele project.

	I don't have a contact address for them at the moment - you might
	want to ask on port-hpcmips...

			       -- A pmap for every occasion --

On Wed, 13 Sep 2000, John Rowan Littell wrote:

> I suspect most here may know something about the NetBSD Firewall
> Project (  It's a pretty bare-bones system, meant
> to run on a minimum of hardware, and also meant to be run by
> non-specialists in *nix.  I bring this up here because I have created
> a couple of packages for it that are derived from the official
> NetBSD packages.  At this point, I've done openssh and openssl.
> My question is: as derived packages, what sorts of things should I
> do to avoid treading on other people's toes if I want to distribute
> these packages?  The details of the derivation can be summed up as
> follows:
>   (1) delete any development files (header files, etc.)
>   (2) delete much of the documentation to save space (and since
>       man(1) is not installed on the firewall project)
>   (3) delete files that cause major dependancy problems and we can
>       live without (e.g., openssl depends on perl, but only for its
>       documentation and a couple of certificate management scripts)
>   (4) modify the package control files to reflect these changes.
> I've done this by hand for both of the packages mentioned, and I've
> also created a couple of perl scripts that repackage a package based
> on a list of removed files and diffs for changed files (I'd be happy
> to make these scripts available).
> I'm not trying to replace any packages, merely strip some down so
> that they're better suited to the firewall project's environment.
> Also, as such, I shouldn't think they'd get integrated at all into
> the standard package tree -- they'd make their distribution home
> either at my site or the firewall project's site.  Finally, I'm not
> envisioning doing a lot of packages (although ssh-ip-tunnel and
> pty-redir come to mind as possibilities); frankly, if people are
> needing a lot more than what the firewall project has to offer, I
> think they'd be better off with a standard install of NetBSD (or
> whatever they so choose).  The folks at the firewall project are
> open to the idea, subject, of course, to the approval of the official
> package maintainers.
> So -- what do people think?
>   --rowan
> --
> John "Rowan" Littell