On 2013-4-21 12:46 , Marcelo Galvão Póvoa wrote: > On Mon, Apr 15, 2013 at 9:29 AM, Joshua Root <[email protected]> wrote: >> As for what you could do with binaries, there are a few enhancements >> that could be made to the current MPAB system, but I don't know if they >> would constitute a reasonably big project for GSoC. The chroot thing >> mentioned on the wiki is (a) really hard given the way modern OS X >> works, and (b) a lot less relevant with sandboxing in the picture. >> Current trunk sandboxes a lot of stuff, but more can be done. >> > > What do you mean by "more can be done"? These improvements would > accomplish what, exactly?
Trunk currently sandboxes only commands run with the 'system' proc. This covers a large percentage of what goes on when building a port, but not everything. A portfile can also modify the filesystem by running programs using 'exec', and by using the native Tcl file commands. What improvements would accomplish is a greater assurance that a buggy or malicious portfile can't mess up your system. >> Another idea, enabled by automatic builds, is to maintain a list of >> ports known to build and pass their test phase (if any) on each >> platform, and allow users to choose to only see those in the list for >> their platform. If what we have at the moment is analogous to Debian >> unstable, this would be like Debian testing. This could easily be >> extended to only make visible ports for which a binary archive is available. > > Are there ports which are unstable or can't be built by MPAB for some reason? No doubt some ports are just plain broken. The more interesting case is ports that only work on a subset of the OS versions and/or architectures that base works on. - Josh _______________________________________________ macports-dev mailing list [email protected] https://lists.macosforge.org/mailman/listinfo/macports-dev
