Re: Defaults for PKG_DEVELOPER=yes

[Jonathan Perkin <jperkin%mnx.io@localhost>]

* On 2024-12-12 at 12:24 GMT, David Brownlee wrote:

> This might be ready for the Q4 branch, but will not commit to the tree
> before that branch without confirmation :)

Just to save you some time, this will definitely not be going into Q4.

> OK, so it looks like PKG_DEVELOPER affects the following checks:
> - CHECK_INTERPRETER
> - CHECK_FAKEHOME
> - CHECK_HEADERS
> - CHECK_PERMS
> - CHECK_PIE
> - CHECK_PORTABILITY
> - CHECK_RELRO
> - CHECK_SHLIBS
> - CHECK_SSP
> - CHECK_STRIPPED
> - CHECK_WRKREF
>
> Also sets:
> - MASTER_SORT_RANDOM=NO
>
> Plus adds some extra verbosity:
> - mk/pkgformat/pkg/metadata.mk
> - mk/tools/pkg-config.mk
> - mk/license.mk
> - USE_CMAKE (warning if PKG_DEVELOPER set)
> - FONTS_VERBOSE
> - A scattering of package Makefiles
>
> So I think PKG_DEVELOPER for the non CHECK_* values still makes sense.

> I'd like to introduce a new variable - PKGSRC_SKIP_CHECKS? and replace
> PKG_DEVELOPER usage in the CHECK_* case with it (inverted)
>
> Any objections to the plan (or naming)?

My issue with simply calling it PKGSRC_SKIP_CHECKS is that it really 
understates the vast difference between some of the checks, and may lead 
to users thinking it's ok to enable.

For example CHECK_FAKEHOME is mostly superfluous, whereas CHECK_SHLIBS 
is literally "do you want your binaries to be entirely broken, and you 
won't be able to install them with the new pkg_add checks anyway?"

Some users who run public services may be perfectly happy with shell 
scripts that include "==" that aren't even shipped in the resulting 
packages, but would be absolutely distraught if suddenly their binaries 
started silently shipping without ssp/relro/pie and they don't find out 
for 2 years.

If we're going to overhaul this then I'd prefer this be made abundantly 
clear.

--
Jonathan Perkin   -   mnx.io   -   pkgsrc.smartos.org
Open Source Complete Cloud   www.tritondatacenter.com