Building in chroot [Was: Re: Latest ruby 1.8.5_1]
pmq at macports.org
Tue Nov 7 01:48:20 PST 2006
[Cc'ing mp-dev, removing mp-users]
Hi Paul, Jordan,
Paul Guyot wrote:
> Le 7 nov. 06 à 07:42, Jordan K. Hubbard a écrit :
>> On Nov 6, 2006, at 2:02 PM, Paul Guyot wrote:
>>> I don't know how to turn it into a variant in such a way that without
>>> this variant, ruby doesn't touch tk & tcl if they're available.
>> Well, maybe if the trace code returned ENOENT on any attempt to
>> satisfy non-explicit dependencies, you could use it to create a
>> virtual chroot and then turn that virtual chroot mode on by default.
>> Oh wait, we already went over all that in the message you cited. :-) :-)
> Heh. You love to be right, don't you?
> I gave more thought to the way MacPorts work recently and I believe
> trace mode needs to be on by default. Then the problem is that it
> generates warnings where we want errors to make sure that portfiles are
> correct. In such a case, we want the minimum dependency set. For
> example, many ports will use MP install or autoconf where the system one
> would be perfectly fine. So yes, I changed my mind and I think we should
> have a chroot-like environment like you suggested -- it has some holes
> as ports could disable the dyld injection, but I guess it's fine for
> what we're doing, it's not a security concern, and it's much cheaper
> than a real chroot with union mounts, and it provides informations about
> forbidden accesses.
I know you probably looked at it before, but here's a description of
buildlink, which is PKGSRC's way of doing this:
Basically it is a way of implementing a portable chroot. It *has* some
drawbacks too, and besides we don't need that much portability since we
changed name, so we might prefer the real chroot way.
> The problem is I don't have enough time to implement all this now. I
> toyed with ruby ports because of a work project of mine that is based on
> ruby. I'll try to do the 1.3.3 release as asked by James, but I think
> this will be all for 2006.
> --Ministre ultraplénipotentiaire en disponibilité.
> Mobile. Sans baignoire fixe.
More information about the macports-dev