Re: support for DESTDIR: security/openssh-portable
Brooks Davis wrote:
On Thu, Aug 10, 2006 at 03:25:38PM +0200, G?bor K?vesd?n wrote:
Brooks Davis wrote:
On Wed, Aug 09, 2006 at 05:59:18PM -0600, John E Hein wrote:
John E Hein wrote at 17:43 -0600 on Aug 9, 2006:
Well, the part that makes it annoying to duplicate in all ports is not
the two separate words (CHROOT DESTDIR), but that you have to test
defined(DESTDIR) && !empty(DESTDIR) before you can figure out whether
to use ${CHROOT} ${DESTDIR} or not.
So having that test to assign CHROOTDESTDIR or leave it empty in
bsd.port.mk allows the port writer to just always invoke it without
having to worry about testing for DESTDIR.
You could pass this var to pkg-install scripts, too (put it in the
standard *SUB* lists).
That way you don't have to do the dance that was added to
security/clamav/files/pkg-install.in:
if [ -n "%%DESTDIR%%" ]; then
PW="/usr/sbin/chroot %%DESTDIR%% pw"
CHOWN="/usr/sbin/chroot %%DESTDIR%% chown"
MKDIR="/usr/sbin/chroot %%DESTDIR%% mkdir -p"
else
PW="pw"
CHOWN="chown"
MKDIR="mkdir -p"
fi
but rather just:
PW="%%CHROOTDESTDIR%% pw"
CHOWN="%%CHROOTDESTDIR%% chown"
MKDIR="%%CHROOTDESTDIR%% mkdir -p"
This seems bogus. I can't think of any good reason why packages should
differ based on the valid of DESTDIR. Instead the pkg-install script
should be run inside the chroot.
-- Brooks
We wanted to go that way with garga when working on security/clamav, but
we realized that we can't just do chroot /foo pkg-install, since the
script is not located in the chroot itself. Do you have an another idea,
how to chroot those scripts?
My inclination would be something like:
PKG_INSTALL_TEMP=`mktemp ${DESTDIR}/tmp/pkg_install` && \
(${CAT} ${PKG_INSTALL} > ${PKG_INSTALL_TEMP}; \
${SH} ${PKG_INSTALL_TEMP}; \
${RM} ${PKG_INSTALL_TEMP})
I think we should ideally introduce a feature to allow ports to
automatically run pkg-install and stuff the code in bsd.port.mk so ports
don't have to know about DESTDIR in this case. Actually, ports where
pkg-install and the pre/post-install targets duplicate code (often
slightly differently) drive me nuts so I'd prefer a NO_AUTOPKGINSTALL,
but that would take some real work so a positive flag is probably better
initially.
-- Brooks
This is a good idea, but there's a big mess in this area as you already
said, so I think it would be a long term goal. I find John's solution
pretty good for now. An another item for automatization would be to
install PORTDOCS into DOCSDIR in post-install phase. and introduce
NO_PORTDOCSINSTALL or something like that to turn this off. But both of
them needs a lot of modification in affected ports as well.
--
Cheers,
Gabor
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: support for DESTDIR: security/openssh-portable
Brooks Davis wrote at 09:05 -0500 on Aug 10, 2006:
> My inclination would be something like:
>
> PKG_INSTALL_TEMP=`mktemp ${DESTDIR}/tmp/pkg_install` && \
> (${CAT} ${PKG_INSTALL} > ${PKG_INSTALL_TEMP}; \
> ${SH} ${PKG_INSTALL_TEMP}; \
> ${RM} ${PKG_INSTALL_TEMP})
I would just put PKG_INSTALL_TEMP in WRKDIR and not worry about mktemp
& rm. I do something similar in my local tree for a pkg-install that
is slightly different when run from the 'install' target than the
one installed in PKG_DBDIR.
> I think we should ideally introduce a feature to allow ports to
> automatically run pkg-install and stuff the code in bsd.port.mk so
> ports don't have to know about DESTDIR in this case.
Yes. That'd be nice.
> Actually, ports where pkg-install and the pre/post-install targets
> duplicate code (often slightly differently) drive me nuts so I'd
> prefer a NO_AUTOPKGINSTALL, but that would take some real work so a
> positive flag is probably better initially.
Agreed. That duplication is definitely a candidate for cleanup.
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: support for DESTDIR: security/openssh-portable
John E Hein wrote at 11:55 -0600 on Aug 10, 2006:
> Brooks Davis wrote at 09:05 -0500 on Aug 10, 2006:
> > I think we should ideally introduce a feature to allow ports to
> > automatically run pkg-install and stuff the code in bsd.port.mk so
> > ports don't have to know about DESTDIR in this case.
>
> Yes. That'd be nice.
Clarifying 'nice'...
As you know, many custom install targets do:
${INSTALL_PROGRAM} foo ${PREFIX}/bin
Those should change to
${INSTALL_PROGRAM} foo ${DESTDIR}${PREFIX}/bin
or the shorthand:
${INSTALL_PROGRAM} foo ${TARGETDIR}/bin
So those ports need to know about DESTDIR anyway.
But I can't think of any reason offhand not to have the pkg-install
scripts run in the DESTDIR chroot so they wouldn't have to know about
DESTDIR.
And standardizing (in bsd.port.mk) how pkg-install is run from custom
*install targets would make the task of getting ports properly DESTDIR
compliant much easier.
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: support for DESTDIR: security/openssh-portable
On Thu, Aug 10, 2006 at 03:25:38PM +0200, G?bor K?vesd?n wrote:
> Brooks Davis wrote:
> >On Wed, Aug 09, 2006 at 05:59:18PM -0600, John E Hein wrote:
> >
> >>John E Hein wrote at 17:43 -0600 on Aug 9, 2006:
> >> > Well, the part that makes it annoying to duplicate in all ports is not
> >> > the two separate words (CHROOT DESTDIR), but that you have to test
> >> > defined(DESTDIR) && !empty(DESTDIR) before you can figure out whether
> >> > to use ${CHROOT} ${DESTDIR} or not.
> >> >
> >> > So having that test to assign CHROOTDESTDIR or leave it empty in
> >> > bsd.port.mk allows the port writer to just always invoke it without
> >> > having to worry about testing for DESTDIR.
> >>
> >>You could pass this var to pkg-install scripts, too (put it in the
> >>standard *SUB* lists).
> >>
> >>That way you don't have to do the dance that was added to
> >>security/clamav/files/pkg-install.in:
> >>
> >>if [ -n "%%DESTDIR%%" ]; then
> >>PW="/usr/sbin/chroot %%DESTDIR%% pw"
> >>CHOWN="/usr/sbin/chroot %%DESTDIR%% chown"
> >>MKDIR="/usr/sbin/chroot %%DESTDIR%% mkdir -p"
> >>else
> >>PW="pw"
> >>CHOWN="chown"
> >>MKDIR="mkdir -p"
> >>fi
> >>
> >>but rather just:
> >>
> >>PW="%%CHROOTDESTDIR%% pw"
> >>CHOWN="%%CHROOTDESTDIR%% chown"
> >>MKDIR="%%CHROOTDESTDIR%% mkdir -p"
> >>
> >
> >This seems bogus. I can't think of any good reason why packages should
> >differ based on the valid of DESTDIR. Instead the pkg-install script
> >should be run inside the chroot.
> >
> >-- Brooks
> >
> We wanted to go that way with garga when working on security/clamav, but
> we realized that we can't just do chroot /foo pkg-install, since the
> script is not located in the chroot itself. Do you have an another idea,
> how to chroot those scripts?
My inclination would be something like:
PKG_INSTALL_TEMP=`mktemp ${DESTDIR}/tmp/pkg_install` && \
(${CAT} ${PKG_INSTALL} > ${PKG_INSTALL_TEMP}; \
${SH} ${PKG_INSTALL_TEMP}; \
${RM} ${PKG_INSTALL_TEMP})
I think we should ideally introduce a feature to allow ports to
automatically run pkg-install and stuff the code in bsd.port.mk so ports
don't have to know about DESTDIR in this case. Actually, ports where
pkg-install and the pre/post-install targets duplicate code (often
slightly differently) drive me nuts so I'd prefer a NO_AUTOPKGINSTALL,
but that would take some real work so a positive flag is probably better
initially.
-- Brooks
pgpsghQwjN56j.pgp
Description: PGP signature
Re: support for DESTDIR: security/openssh-portable
Brooks Davis wrote:
On Wed, Aug 09, 2006 at 05:59:18PM -0600, John E Hein wrote:
John E Hein wrote at 17:43 -0600 on Aug 9, 2006:
> Well, the part that makes it annoying to duplicate in all ports is not
> the two separate words (CHROOT DESTDIR), but that you have to test
> defined(DESTDIR) && !empty(DESTDIR) before you can figure out whether
> to use ${CHROOT} ${DESTDIR} or not.
>
> So having that test to assign CHROOTDESTDIR or leave it empty in
> bsd.port.mk allows the port writer to just always invoke it without
> having to worry about testing for DESTDIR.
You could pass this var to pkg-install scripts, too (put it in the
standard *SUB* lists).
That way you don't have to do the dance that was added to
security/clamav/files/pkg-install.in:
if [ -n "%%DESTDIR%%" ]; then
PW="/usr/sbin/chroot %%DESTDIR%% pw"
CHOWN="/usr/sbin/chroot %%DESTDIR%% chown"
MKDIR="/usr/sbin/chroot %%DESTDIR%% mkdir -p"
else
PW="pw"
CHOWN="chown"
MKDIR="mkdir -p"
fi
but rather just:
PW="%%CHROOTDESTDIR%% pw"
CHOWN="%%CHROOTDESTDIR%% chown"
MKDIR="%%CHROOTDESTDIR%% mkdir -p"
This seems bogus. I can't think of any good reason why packages should
differ based on the valid of DESTDIR. Instead the pkg-install script
should be run inside the chroot.
-- Brooks
We wanted to go that way with garga when working on security/clamav, but
we realized that we can't just do chroot /foo pkg-install, since the
script is not located in the chroot itself. Do you have an another idea,
how to chroot those scripts?
--
Cheers,
Gabor
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: support for DESTDIR: security/openssh-portable
On Wed, Aug 09, 2006 at 05:59:18PM -0600, John E Hein wrote:
> John E Hein wrote at 17:43 -0600 on Aug 9, 2006:
> > Well, the part that makes it annoying to duplicate in all ports is not
> > the two separate words (CHROOT DESTDIR), but that you have to test
> > defined(DESTDIR) && !empty(DESTDIR) before you can figure out whether
> > to use ${CHROOT} ${DESTDIR} or not.
> >
> > So having that test to assign CHROOTDESTDIR or leave it empty in
> > bsd.port.mk allows the port writer to just always invoke it without
> > having to worry about testing for DESTDIR.
>
> You could pass this var to pkg-install scripts, too (put it in the
> standard *SUB* lists).
>
> That way you don't have to do the dance that was added to
> security/clamav/files/pkg-install.in:
>
> if [ -n "%%DESTDIR%%" ]; then
> PW="/usr/sbin/chroot %%DESTDIR%% pw"
> CHOWN="/usr/sbin/chroot %%DESTDIR%% chown"
> MKDIR="/usr/sbin/chroot %%DESTDIR%% mkdir -p"
> else
> PW="pw"
> CHOWN="chown"
> MKDIR="mkdir -p"
> fi
>
> but rather just:
>
> PW="%%CHROOTDESTDIR%% pw"
> CHOWN="%%CHROOTDESTDIR%% chown"
> MKDIR="%%CHROOTDESTDIR%% mkdir -p"
This seems bogus. I can't think of any good reason why packages should
differ based on the valid of DESTDIR. Instead the pkg-install script
should be run inside the chroot.
-- Brooks
pgpUoot7abdHh.pgp
Description: PGP signature
Re: support for DESTDIR: security/openssh-portable
Gábor Kövesdán wrote at 01:47 +0200 on Aug 10, 2006: > Ah, you mean defining CHROOTDESTDIR only when DESTDIR is set and leave > it empty when not? It sounds reasonable then. I'll work this out after > some hours of sleeping. :) Yep... that's it. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: support for DESTDIR: security/openssh-portable
John E Hein wrote at 17:43 -0600 on Aug 9, 2006:
> Well, the part that makes it annoying to duplicate in all ports is not
> the two separate words (CHROOT DESTDIR), but that you have to test
> defined(DESTDIR) && !empty(DESTDIR) before you can figure out whether
> to use ${CHROOT} ${DESTDIR} or not.
>
> So having that test to assign CHROOTDESTDIR or leave it empty in
> bsd.port.mk allows the port writer to just always invoke it without
> having to worry about testing for DESTDIR.
You could pass this var to pkg-install scripts, too (put it in the
standard *SUB* lists).
That way you don't have to do the dance that was added to
security/clamav/files/pkg-install.in:
if [ -n "%%DESTDIR%%" ]; then
PW="/usr/sbin/chroot %%DESTDIR%% pw"
CHOWN="/usr/sbin/chroot %%DESTDIR%% chown"
MKDIR="/usr/sbin/chroot %%DESTDIR%% mkdir -p"
else
PW="pw"
CHOWN="chown"
MKDIR="mkdir -p"
fi
but rather just:
PW="%%CHROOTDESTDIR%% pw"
CHOWN="%%CHROOTDESTDIR%% chown"
MKDIR="%%CHROOTDESTDIR%% mkdir -p"
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: support for DESTDIR: security/openssh-portable
John E Hein wrote:
Gábor Kövesdán wrote at 01:29 +0200 on Aug 10, 2006:
> John E Hein wrote:
> > John E Hein wrote at 16:31 -0600 on Aug 9, 2006:
> > > Now that ports/Mk does the right thing for DESTDIR (thanks to Gábor),
> > > here's a patch that supports DESTDIR properly for
> > > security/openssh-portable:
> > >
> > [snip]
> > > @@ -171,29 +171,33 @@ post-extract:
> > > post-patch:
> > >@${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure
> > >
> > > +.if defined(DESTDIR) && !empty(DESTDIR)
> > > +CHROOTDESTDIR=${CHROOT} ${DESTDIR}
> > > +.endif
> > > +
> > [snip]
> > > .endif
> > > - if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi
> > > - if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \
> > > + if ! ${CHROOTDESTDIR} pw groupshow sshd; then ${CHROOTDESTDIR}
pw groupadd sshd -g 22; fi
> > > + if ! ${CHROOTDESTDIR} pw usershow sshd; then ${CHROOTDESTDIR} pw
useradd sshd -g sshd -u 22 \
> > >-h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege
separation"; fi
> >
> > Gabor, you may want to define CHROOTDESTDIR (or name it whatever you
> > want) as a convenience var in bsd.port.mk
> >
> > I suspect lots of ports will want to use it.
> >
> Might be good, but personally I think ${CHROOT} ${DESTDIR} is more
> trivial (easier to read and understand) and only longer with 4
> characters. One might wonder at first look what CHROOTDESTDIR is.
Well, the part that makes it annoying to duplicate in all ports is not
the two separate words (CHROOT DESTDIR), but that you have to test
defined(DESTDIR) && !empty(DESTDIR) before you can figure out whether
to use ${CHROOT} ${DESTDIR} or not.
So having that test to assign CHROOTDESTDIR or leave it empty in
bsd.port.mk allows the port writer to just always invoke it without
having to worry about testing for DESTDIR.
Ah, you mean defining CHROOTDESTDIR only when DESTDIR is set and leave
it empty when not? It sounds reasonable then. I'll work this out after
some hours of sleeping. :)
--
Cheers,
Gabor
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: support for DESTDIR: security/openssh-portable
Gábor Kövesdán wrote at 01:29 +0200 on Aug 10, 2006:
> John E Hein wrote:
> > John E Hein wrote at 16:31 -0600 on Aug 9, 2006:
> > > Now that ports/Mk does the right thing for DESTDIR (thanks to Gábor),
> > > here's a patch that supports DESTDIR properly for
> > > security/openssh-portable:
> > >
> > [snip]
> > > @@ -171,29 +171,33 @@ post-extract:
> > > post-patch:
> > > @${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure
> > >
> > > +.if defined(DESTDIR) && !empty(DESTDIR)
> > > +CHROOTDESTDIR=${CHROOT} ${DESTDIR}
> > > +.endif
> > > +
> > [snip]
> > > .endif
> > > - if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi
> > > - if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \
> > > + if ! ${CHROOTDESTDIR} pw groupshow sshd; then ${CHROOTDESTDIR}
> > pw groupadd sshd -g 22; fi
> > > + if ! ${CHROOTDESTDIR} pw usershow sshd; then ${CHROOTDESTDIR}
> > pw useradd sshd -g sshd -u 22 \
> > > -h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege
> > separation"; fi
> >
> > Gabor, you may want to define CHROOTDESTDIR (or name it whatever you
> > want) as a convenience var in bsd.port.mk
> >
> > I suspect lots of ports will want to use it.
> >
> Might be good, but personally I think ${CHROOT} ${DESTDIR} is more
> trivial (easier to read and understand) and only longer with 4
> characters. One might wonder at first look what CHROOTDESTDIR is.
Well, the part that makes it annoying to duplicate in all ports is not
the two separate words (CHROOT DESTDIR), but that you have to test
defined(DESTDIR) && !empty(DESTDIR) before you can figure out whether
to use ${CHROOT} ${DESTDIR} or not.
So having that test to assign CHROOTDESTDIR or leave it empty in
bsd.port.mk allows the port writer to just always invoke it without
having to worry about testing for DESTDIR.
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: support for DESTDIR: security/openssh-portable
John E Hein wrote:
John E Hein wrote at 16:31 -0600 on Aug 9, 2006:
> Now that ports/Mk does the right thing for DESTDIR (thanks to Gábor),
> here's a patch that supports DESTDIR properly for
> security/openssh-portable:
>
[snip]
> @@ -171,29 +171,33 @@ post-extract:
> post-patch:
> @${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure
>
> +.if defined(DESTDIR) && !empty(DESTDIR)
> +CHROOTDESTDIR=${CHROOT} ${DESTDIR}
> +.endif
> +
[snip]
> .endif
> - if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi
> - if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \
> + if ! ${CHROOTDESTDIR} pw groupshow sshd; then ${CHROOTDESTDIR} pw groupadd
sshd -g 22; fi
> + if ! ${CHROOTDESTDIR} pw usershow sshd; then ${CHROOTDESTDIR} pw useradd
sshd -g sshd -u 22 \
> -h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege
separation"; fi
Gabor, you may want to define CHROOTDESTDIR (or name it whatever you
want) as a convenience var in bsd.port.mk
I suspect lots of ports will want to use it.
Might be good, but personally I think ${CHROOT} ${DESTDIR} is more
trivial (easier to read and understand) and only longer with 4
characters. One might wonder at first look what CHROOTDESTDIR is.
CC'd to ports@ to see what others think.
--
Cheers,
Gabor
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
