On 2012/04/08 22:51, Richard Brooks wrote: > Recently I discovered that in order to build a port (specifically > the syslog-ng port) that my OpenBSD would need to have X11 installed. > Other than for this requirement I had no desire for X11 on my build of > OpenBSD. > > When building/installing an OpenBSD system one is given the options of > including several X11 components. > > My first question is, if one is installing X11 purely to facilitate > the building of ports. What are the minimum X11 components one is > required to install?
Typically you won't need more than xbase (libs and most binaries) and xshare (headers etc) to build ports. > The second question I would like to ask is how far off would a full > blown X11 system be from this minimum? size-wise? ~65MB of gzipped files (fonts, servers, config files). > Finally, security wise, to what extent does the installing X11 weaken > security or make the system more vulnerable to attack? Xorg binary installed setuid root, note that this is a privilege-separated process on OpenBSD and most of the code runs as an unprivileged user. Also see xf86(4) about the aperture driver if you're actually going to be running X. Xlock binary installed setgid auth. xterm binary installed setgid utmp. You could always mount /usr/X11R6 nosuid if you aren't going to actually run X11. Some ports which require X to build don't actually need it to run, so depending on what you're after, installing packages might avoid the need to install X. However a lot of non-GUI software does depend on things that are provided with X (notably, fontconfig). > Thanking you in anticipation. > > Regards > Richard > >
