change ports default work directory prefix

Torsten Zühlsdorff mailinglists at
Wed Oct 7 08:15:11 UTC 2015

> Today in EuroBSDCon's jail working group we discussed changing the
> default for WRKDIRPREFIX to /usr/obj/ports. This has the advantage of
> being able to share the ports tree between host system and jails.
> Another plus is that cleaning all work directories is much faster than a
> recursive make clean.

Speeding up make clean would be nice. Otherwise i've just use a simple 
find, because its much faster than the recursive make clean.

> With the current default, exposing the ports tree to jails potentially
> leaks information about installed programs, configured options or host
> specific generated secrets (thinking of LocalSettings.php).

The options are stored under /var/db/ports; therefore this should be saved.

But i believe i did not understand the change you propose. What is the 
idea behind this? Do you want the portstree to be sharable with the 
jails? In this case the distfiles must be considered. Sometime it is 
very nice to share them between the jails. Sometimes i do not want this.

Also the options should be discussed. Do i want them exposed to the 
tree? In my history there were cases i want this and sometimes not.

Next thought: why should i share the portstree to my jail? Obviously to 
save time/space if every jail use the same tree. If this is the case.

Enabling the portstree exposing optionally to a jail would be very fine. 
Therefore i support changing WRKDIRPREFIX. But we need to take care of 
the distfiles and the options. distfiles should move out of the 
portstree - otherwise the tree must be writable to the jails and this 
can case different sideeffects; for example when building the same port 
at the same time in different jails.

> On the down side, developers can't by default just copy the port, hack
> away and be sure to only modify files in their respective home directories.

Why? When i'm in a jail and build a port, whould the WRKDIRPREFIX not 
apply within the jail? Therefore it should be save to build a port (even 
with different options) in host or jail. Or did i miss something?

> bapt@ asked me to discuss this here, also looking for potential other
> pitfalls I have not thought about.

Is there a documentation about the thoughts and pitfalls you already 
found? This would be very helpful for a discussion. Otherwise its more 
like a guessing. ;)


More information about the freebsd-ports mailing list