Building in chroot [Was: Re: Latest ruby 1.8.5_1]

Pierre Queinnec pmq at macports.org
Tue Nov 7 01:48:20 PST 2006 

[Cc'ing mp-dev, removing mp-users]

Hi Paul, Jordan,

Paul Guyot wrote:
> Le 7 nov. 06 à 07:42, Jordan K. Hubbard a écrit :
>> On Nov 6, 2006, at 2:02 PM, Paul Guyot wrote:
>>> I don't know how to turn it into a variant in such a way that without 
>>> this variant, ruby doesn't touch tk & tcl if they're available.
>>
>> Well, maybe if the trace code returned ENOENT on any attempt to 
>> satisfy non-explicit dependencies, you could use it to create a 
>> virtual chroot and then turn that virtual chroot mode on by default.   
>> Oh wait, we already went over all that in the message you cited. :-) :-)
> 
> Heh. You love to be right, don't you?
> 
> I gave more thought to the way MacPorts work recently and I believe 
> trace mode needs to be on by default. Then the problem is that it 
> generates warnings where we want errors to make sure that portfiles are 
> correct. In such a case, we want the minimum dependency set. For 
> example, many ports will use MP install or autoconf where the system one 
> would be perfectly fine. So yes, I changed my mind and I think we should 
> have a chroot-like environment like you suggested -- it has some holes 
> as ports could disable the dyld injection, but I guess it's fine for 
> what we're doing, it's not a security concern, and it's much cheaper 
> than a real chroot with union mounts, and it provides informations about 
> forbidden accesses.
I know you probably looked at it before, but here's a description of
buildlink, which is PKGSRC's way of doing this:
   http://www.netbsd.org/Documentation/pkgsrc/buildlink.html

Basically it is a way of implementing a portable chroot. It *has* some
drawbacks too, and besides we don't need that much portability since we
changed name, so we might prefer the real chroot way.


> The problem is I don't have enough time to implement all this now. I 
> toyed with ruby ports because of a work project of mine that is based on 
> ruby. I'll try to do the 1.3.3 release as asked by James, but I think 
> this will be all for 2006.
> 
> Paul
> --Ministre ultraplénipotentiaire en disponibilité.
> Mobile. Sans baignoire fixe.
> http://www.kallisys.com/
> http://www-poleia.lip6.fr/~guyot/

-- Pierre

More information about the macports-dev mailing list