Suggestion: A new variable for a few Makefiles: IS_BINARY
Julian H. Stacey
jhs at berklix.com
Thu Jan 21 02:48:03 UTC 2010
Hi ports@ people,
Suggestion: A new variable for a few ports Makefiles, eg
/usr/ports/www/opera/Makefile
BINARY="To install binaries lacking sources, use RISK_BINARIES=YES"
to over-ride it one would use eg
cd /usr/ports ; make RISK_BINARIES=YES install
It could work similarly to
IS_INTERACTIVE=YES
in Makefiles that
make BATCH=YES
detects (to avoid unattended builds hanging on input).
ports/Mk. has NO_BUILD, thats not the same thingm
but good for a first quick hints where to add BINARY= in a few Makefile.
One can see untrusted binaries with
make extract ; find . -type f | sort | xargs file
Look for eg:
ELF 64-bit LSB shared object, ...
It's too easy to install BLOBs without realising, eg if one has a
hierarchy of ports/*/Makefile.local. The only warning at present
is a few ports eg opera make too fast. Some may not don't mind
installing binaries from elsewhere, but FreeSBD could protect more,
not just allow MickeySoft style blind installs of unsourced binaries.
Cheers,
Julian
--
Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com
Mail plain text not quoted-printable, HTML or Base64 http://www.asciiribbon.org
More information about the freebsd-ports
mailing list