Unexpected dependencies of graphics/libGL

Brandon J. Wandersee brandon.wandersee at gmail.com
Wed Jan 20 17:16:45 UTC 2016

Luís Fernando Schultz Xavier da Silveira writes:

> If the extra dependencies break the jail, the output packages can be
> malformed and, when installed, break the host system.

Nope. Leaving aside the fact that no package should even (ideally)
affect the base system (and so shouldn't break a jail), if a Poudriere
jail does break, the build fails. Not the *port build*, but the
*Poudriere bulk build process.* The whole thing will crash out with an
error message. And while Poudirere doesn't require ZFS, it was crafted
with ZFS in mind, and if it is installed and run in a zpool then any
time a jail is updated or a bulk build process executed, a snapshot is
created beforehand. Should things become completely borken, the jail
and/or repository can simply be rolled back.

Moreover, the package repository index is not updated until the bulk
build for all packages is complete. If a particular package fails to
build or pass a test then all packages upon which it depends are
skipped, and all builds for packages which depend up the failed package
are ignored. Only successfully built packages are made available for

This can easily be resolved: Poudriere is the official build system for
the FreeBSD ports team. All official packages you install via pkg(8) are
built with it, and have been for a couple years now. Chances are you're
not the first person to think about these things. If you don't trust
Poudriere, you shouldn't trust packages. Since the ports system and
package manager are now bound to one another (with all ports being built
into packages and installed/tracked with pkg(8)), if you don't trust
packages, you probably shouldn't place too much trust in the ports
system, either.

If a particular port/package can be successfully built and installed,
yet is causing problems on its host system then it's entirely possible
that the port itself is faulty, or (perhaps more likely) that the issue
stems from a bug or malicious code within the compiled software
itself. Poudriere can't account for such a circumstance, but then it
doesn't have to. It's a build system designed to expedite the building
of customized ports, while simulatneously preventing malicious code from
being executed on the build system during that build process and
avoiding a port/package upgrade from failing on a host system part-way
through and breaking things in the process. If a port successfully
builds in Poudriere, and its package is successfully added to the
repository, and then successfully installed on the receiving system,
then Poudriere has successfully done its job.

   		      :: Brandon Wandersee ::
                  :: brandon.wandersee at gmail.com ::
'A common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
                            			- Douglas Adams

More information about the freebsd-questions mailing list