Remove options from poudriere option files for ports which were removed in the port
Michelle Sullivan
michelle at sorbs.net
Fri Jul 1 13:38:37 UTC 2016
Miroslav Lachman wrote:
>
>
> I don't think it's worth the effort. The old no longer existent
> options stored in the options files are harmless and simply unused by
> the ports Makefile. The options files are not intended to be user
> editable / viewable. The old options will be removed when some changes
> will be saved.
Most of the time you are correct... however there is a gotcha.. Select a
non default option, maintainer renames the option, suddenly subsequent
packages are build without the option.. Not so much of a problem until
you're talking about something like OpenSSL from Ports and OpenLDAP
client and GSSAPI in some mix and match and one option suddently changes
and some other dependent port is fundamentally changed where a security
issue occurs and the new package is installed without the poor b******d
looking after the machine realising that on reboot, apache is going to
break, sudo is going to bread, access to postgresql is going to break
etc etc etc... (I'm quoting some random sh*te mixed with experience here
- as don't remember the exact details but I got caught - fortunately in
my dev environment rather than prod, but you can be certain some will
just deploy and get nailed... remote access only via SSH and no SU on
non console etc..)
>
> And I am not sure that this is a problem of poudriere. I think it's
> rather issue in ports options framework. Isn't it?
Correct (but also poudriere wouln't get the change either.)
--
Michelle Sullivan
http://www.mhix.org/
More information about the freebsd-ports
mailing list