svn commit: r219181 - head/release
gcooper at FreeBSD.org
Thu Mar 3 20:04:02 UTC 2011
On Thu, Mar 3, 2011 at 11:37 AM, Matthew Jacob <mj at feral.com> wrote:
>> I think it is a very important feature to ensure release builds are not
>> polluted by local changes in /etc/src.conf, etc. I think it would be good
>> to support both models perhaps, but for our official release builds I
>> we need the clean environment. I certainly use 'make release' now for my
>> own custom FooBSD builds to get a clean environment.
> While not disagreeing with you on this, one should really always do 'env -i
> PATH=/usr/bin:/bin make release' if you want to ensure non-pollution.
It's more in-depth than that. The only way to ensure that the release
builds are non-tainted without doing a ton of hacks is to create an
untainted chroot/jail for the release build, or do the previous
incantation in release/Makefile, as a number of components can taint
the environment outside of PATH (see nanobsd's build scripts for a
start on this).
My personal preference is to have the scripts and infrastructure exist
within release to do this instead of within release/Makefile, but this
would require changes to any existing infrastructure that anyone
depending on release/Makefile is employing out in the field; on the
bright side maybe release/Makefile and nanobsd could converge because
they'd be using more of the same logic to run things and the things
that would truly differ are just the payload content.
More information about the svn-src-head