how to build a MacPorts installation with current security on any system
Ken Cunningham
ken.cunningham.webuse at gmail.com
Wed Aug 21 06:14:27 UTC 2019
As this has recently come up again in the tickets and on the mailing lists, I thought I would write this process up so people can see how I do this on all my older systems (presently 10.9 and less).
It’s possible this process could be improved further, but this is the process I use at present.
Ken
1. Install a dedicated copy of MacPorts into /opt/bootstrap, and install a current curl in that prefix
disable any PATH enhancements in .profile before you begin.
tar xjvf MacPorts-2.5.4.tar.bz2
cd MacPorts-2.5.4
./configure --prefix=/opt/bootstrap --with-applications-dir=/opt/bootstrap/Applications --without-startupitems
make && sudo make install
cd ..
rm -rf MacPorts-2.5.4
sudo /opt/bootstrap/bin/port -v sync
sudo /opt/bootstrap/bin/port -v -N install curl
2. Install a standard copy of macports into /opt/local, but use the current curl in /opt/bootstrap
tar xjvf MacPorts-2.5.4.tar.bz2
cd MacPorts-2.5.4
./configure --with-curlprefix=/opt/bootstrap
make && sudo make install
cd ..
rm -rf MacPorts-2.5.4
sudo /opt/local/bin/port -v sync
when you set up your .profile, make sure you specify the correct PATH to /opt/local/bin, etc
Your macports installation will now have up-to-date security with no SSL or other issues on any sites.
3. Updating MacPorts in /opt/local
don't use "sudo port selfupdate" - it will not honor the above options if macports updates itself
instead use "sudo port -v sync" instead, which updates the ports but leaves macports alone
when a new version of macports is released, follow the instructions above to first upgrade /opt/bootstrap, and then /opt/local
4. Updating MacPorts in /opt/bootstrap
from time to time (monthly perhaps) update the curl infrastructure in /opt/bootstrap
to do this, temporarily remove /opt/local from your PATH, then
sudo /opt/bootstrap/bin/port -v sync
sudo /opt/bootstrap/bin/port -v upgrade outdated
You might need to reinstall macports in /opt/local if there is a big change in curl or SSL, but so far this has never happened to me (three years now).
5. For TIGER, you can also use the updated sqlite in /opt/bootstrap to get improved current sql commands
Follow the instructions to make an /opt/bootstrap installation as above, then for MacPorts in /opt/local, reference the sqlite3 in /opt/bootstrap as well
tar xjvf MacPorts-2.5.4.tar.bz2
cd MacPorts-2.5.4
./configure --with-curlprefix=/opt/bootstrap --with-sqlite3prefix=/opt/bootstrap
make && sudo make install
cd ..
rm -rf MacPorts-2.5.4
sudo /opt/local/bin/port -v sync
--with-sqlite3prefix
More information about the macports-dev
mailing list