[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Aleksey Cheusov wrote:
One reason for this is that USE_DESTDIR=full works by overriding the
file system permissions and nothing currently tags the permissions
and ownership in the PLIST. This should be changed and one positive
side effect is that auditing for s[ug]id binaries can be done much
easier. SPECIAL_PERMS is another workaround for that.
Ok, specifying permissions in PLIST or somewhere else may be better
than METALOG approach for a number of reasons.
Is format of pkgsrc packages documented somewhere?
The format is described in the man pages for pkg_create(1), pkg_add(1)
and pkg_delete(1) and you can also find information in
pkgsrc/mk/flavor/pkg/metadata.mk. A lot of this is legacy from the
original FreeBSD pkg_install code -- we're still using largely the exact
same tar.gz archive format as 10 years ago.
>> Unprivileged build and "prefixed" packaging is big step
>> forward for pkgsrc but it is not enough.
If all packages would be able to work with user-destdir, a bulk build
can be easily done unprivileged. Testing the installation is important
though and you will see a number of install scripts fail if they can't
run as root.
Of course DESTDIR support in its current form is good _start_ for
I even tried to run partial _test_ bulk build
with USE_DESTDIR variable set.
Note that this was just a test. Not all things were done accurately.
But I hope to see pkgsrc ready for fully unprivileged bulk builds in
future (including 'make bin-install|package-install' and 'make depends'
phases). And... without need to set PKG_DESTDIR_SUPPORT
variable for each package, that is, without PKG_DESTDIR_SUPPORT
variable at all.
I know that some folks are looking into alternative solutions for staged
installation that are separate from the current idea of teaching
packages to honor DESTDIR. The generally involve some level of wrapping
the installation tools or installing a specially-crafted shell, but
those ideas are not fully fleshed out, though they have been tested to
work in limited cases. <jmmv> and <agc> may have more to share on this.
The benefits of the current approach of teaching packages to honor
(1) No "magic" is involved. The tools just do exactly what you tell
them to do, so the steps are very clear to both developers and users.
(2) DESTDIR-style support is already prevalent because it's used by
Debian .deb as well as OpenBSD's FAKE support in its package system.
This is at least a well-understood method that many packages already
support and that many developers know how to apply.
The downside to this DESTDIR approach is that you potentially have to
patch many files, and because programmers are lazy in general, it's nice
to try to find ways to avoid potentially having to make so many changes.
I'm definitely open to different approaches to staged installations if
you'd like to brainstorm other ideas on this list.
-- Johnny C. Lam
Main Index |
Thread Index |