how to build a MacPorts installation with current security on any system

Ken Cunningham ken.cunningham.webuse at gmail.com
Wed Aug 21 06:14:27 UTC 2019 

As this has recently come up again in the tickets and on the mailing lists, I thought I would write this process up so people can see how I do this on all my older systems (presently 10.9 and less).

It’s possible this process could be improved further, but this is the process I use at present.

Ken


1. Install a dedicated copy of MacPorts into /opt/bootstrap, and install a current curl in that prefix

disable any PATH enhancements in .profile before you begin.

  tar xjvf MacPorts-2.5.4.tar.bz2
  cd MacPorts-2.5.4
  ./configure --prefix=/opt/bootstrap --with-applications-dir=/opt/bootstrap/Applications --without-startupitems 
  make && sudo make install
  cd ..
  rm -rf MacPorts-2.5.4
  sudo /opt/bootstrap/bin/port -v sync
  sudo /opt/bootstrap/bin/port -v -N install curl

  
2. Install a standard copy of macports into /opt/local, but use the current curl in /opt/bootstrap
  tar xjvf MacPorts-2.5.4.tar.bz2
  cd MacPorts-2.5.4
  ./configure --with-curlprefix=/opt/bootstrap
  make && sudo make install
  cd ..
  rm -rf MacPorts-2.5.4
  sudo /opt/local/bin/port -v sync
  
when you set up your .profile, make sure you specify the correct PATH to /opt/local/bin, etc

Your macports installation will now have up-to-date security with no SSL or other issues on any sites.

3. Updating MacPorts in /opt/local
don't use "sudo port selfupdate" - it will not honor the above options if macports updates itself
instead use "sudo port -v sync" instead, which updates the ports but leaves macports alone

when a new version of macports is released, follow the instructions above to first upgrade /opt/bootstrap, and then /opt/local

4. Updating MacPorts in /opt/bootstrap
from time to time (monthly perhaps) update the curl infrastructure in /opt/bootstrap
to do this, temporarily remove /opt/local from your PATH, then
sudo /opt/bootstrap/bin/port -v sync
sudo /opt/bootstrap/bin/port -v upgrade outdated

You might need to reinstall macports in /opt/local if there is a big change in curl or SSL, but so far this has never happened to me (three years now).

5. For TIGER, you can also use the updated sqlite in /opt/bootstrap to get improved current sql commands
Follow the instructions to make an /opt/bootstrap installation as above, then for MacPorts in /opt/local, reference the sqlite3 in /opt/bootstrap as well

  tar xjvf MacPorts-2.5.4.tar.bz2
  cd MacPorts-2.5.4
  ./configure --with-curlprefix=/opt/bootstrap --with-sqlite3prefix=/opt/bootstrap
  make && sudo make install
  cd ..
  rm -rf MacPorts-2.5.4
  sudo /opt/local/bin/port -v sync
 
--with-sqlite3prefix

More information about the macports-dev mailing list