[MacPorts] #47755: Broken symlink left by select code when selected port is deactivated causes poppler and other ports using aclocal to fail during configuration.

Lawrence Velázquez larryv at macports.org
Tue Jun 23 21:38:55 PDT 2015

On Jun 23, 2015, at 11:03 PM, Christopher D. Ramos
<chrisdavidramos at gmail.com> wrote:

> That said, I don't think it's merely incidental.

I assure you that it is.

> After all, git is, in a sense, part of the Macports ecosystem by
> virtue of a version of it being hosted by Macports. Is there not
> a policy about hosting ports -- whether version control or other types
> of software distribution mechanisms -- that may distribute projects
> that ultimately harm a Macports installation?

It would be one thing if Git were more akin to dpkg/apt or rpm/yum,
which are proper systems for distributing software. Git is closer to
rsync in this regard — basically a fancy downloader. It does far less
than you seem to think it does. The important code here is the build
system (the input to Autotools, Make, CMake, Ninja, SCons, whatever).

> My reason for bringing up "/opt/local" was because I was wondering if
> there was a chance that the makefile of some git project (or any other
> project management system!) might instruct it (implicitly or
> explicitly) to install under /opt/local.

There is a chance, yes. A makefile author can write anything, and a Make
process can do anything that the invoking user can do. You can try
searching for "/opt/local" in the relevant configure script or makefile
if you're curious.

> And if so, how could this be systematically avoided.

You can systematically avoid it by letting the operating system's
security do its thing: Don't use superuser privileges to build software,
and don't use them to install unless you know what it's going to do.


More information about the macports-users mailing list