GSoC 2013: Binaries Idea

Joshua Root jmr at
Sun Apr 21 04:28:07 PDT 2013

On 2013-4-21 12:46 , Marcelo Galvão Póvoa wrote:
> On Mon, Apr 15, 2013 at 9:29 AM, Joshua Root <jmr at> wrote:
>> As for what you could do with binaries, there are a few enhancements
>> that could be made to the current MPAB system, but I don't know if they
>> would constitute a reasonably big project for GSoC. The chroot thing
>> mentioned on the wiki is (a) really hard given the way modern OS X
>> works, and (b) a lot less relevant with sandboxing in the picture.
>> Current trunk sandboxes a lot of stuff, but more can be done.
> What do you mean by "more can be done"? These improvements would
> accomplish what, exactly?

Trunk currently sandboxes only commands run with the 'system' proc. This
covers a large percentage of what goes on when building a port, but not
everything. A portfile can also modify the filesystem by running
programs using 'exec', and by using the native Tcl file commands.

What improvements would accomplish is a greater assurance that a buggy
or malicious portfile can't mess up your system.

>> Another idea, enabled by automatic builds, is to maintain a list of
>> ports known to build and pass their test phase (if any) on each
>> platform, and allow users to choose to only see those in the list for
>> their platform. If what we have at the moment is analogous to Debian
>> unstable, this would be like Debian testing. This could easily be
>> extended to only make visible ports for which a binary archive is available.
> Are there ports which are unstable or can't be built by MPAB for some reason?

No doubt some ports are just plain broken. The more interesting case is
ports that only work on a subset of the OS versions and/or architectures
that base works on.

- Josh

More information about the macports-dev mailing list