Re: support for DESTDIR: security/openssh-portable
Brooks Davis wrote: On Thu, Aug 10, 2006 at 03:25:38PM +0200, G?bor K?vesd?n wrote: Brooks Davis wrote: On Wed, Aug 09, 2006 at 05:59:18PM -0600, John E Hein wrote: John E Hein wrote at 17:43 -0600 on Aug 9, 2006: Well, the part that makes it annoying to duplicate in all ports is not the two separate words (CHROOT DESTDIR), but that you have to test defined(DESTDIR) && !empty(DESTDIR) before you can figure out whether to use ${CHROOT} ${DESTDIR} or not. So having that test to assign CHROOTDESTDIR or leave it empty in bsd.port.mk allows the port writer to just always invoke it without having to worry about testing for DESTDIR. You could pass this var to pkg-install scripts, too (put it in the standard *SUB* lists). That way you don't have to do the dance that was added to security/clamav/files/pkg-install.in: if [ -n "%%DESTDIR%%" ]; then PW="/usr/sbin/chroot %%DESTDIR%% pw" CHOWN="/usr/sbin/chroot %%DESTDIR%% chown" MKDIR="/usr/sbin/chroot %%DESTDIR%% mkdir -p" else PW="pw" CHOWN="chown" MKDIR="mkdir -p" fi but rather just: PW="%%CHROOTDESTDIR%% pw" CHOWN="%%CHROOTDESTDIR%% chown" MKDIR="%%CHROOTDESTDIR%% mkdir -p" This seems bogus. I can't think of any good reason why packages should differ based on the valid of DESTDIR. Instead the pkg-install script should be run inside the chroot. -- Brooks We wanted to go that way with garga when working on security/clamav, but we realized that we can't just do chroot /foo pkg-install, since the script is not located in the chroot itself. Do you have an another idea, how to chroot those scripts? My inclination would be something like: PKG_INSTALL_TEMP=`mktemp ${DESTDIR}/tmp/pkg_install` && \ (${CAT} ${PKG_INSTALL} > ${PKG_INSTALL_TEMP}; \ ${SH} ${PKG_INSTALL_TEMP}; \ ${RM} ${PKG_INSTALL_TEMP}) I think we should ideally introduce a feature to allow ports to automatically run pkg-install and stuff the code in bsd.port.mk so ports don't have to know about DESTDIR in this case. Actually, ports where pkg-install and the pre/post-install targets duplicate code (often slightly differently) drive me nuts so I'd prefer a NO_AUTOPKGINSTALL, but that would take some real work so a positive flag is probably better initially. -- Brooks This is a good idea, but there's a big mess in this area as you already said, so I think it would be a long term goal. I find John's solution pretty good for now. An another item for automatization would be to install PORTDOCS into DOCSDIR in post-install phase. and introduce NO_PORTDOCSINSTALL or something like that to turn this off. But both of them needs a lot of modification in affected ports as well. -- Cheers, Gabor ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: support for DESTDIR: security/openssh-portable
Brooks Davis wrote at 09:05 -0500 on Aug 10, 2006: > My inclination would be something like: > > PKG_INSTALL_TEMP=`mktemp ${DESTDIR}/tmp/pkg_install` && \ > (${CAT} ${PKG_INSTALL} > ${PKG_INSTALL_TEMP}; \ > ${SH} ${PKG_INSTALL_TEMP}; \ > ${RM} ${PKG_INSTALL_TEMP}) I would just put PKG_INSTALL_TEMP in WRKDIR and not worry about mktemp & rm. I do something similar in my local tree for a pkg-install that is slightly different when run from the 'install' target than the one installed in PKG_DBDIR. > I think we should ideally introduce a feature to allow ports to > automatically run pkg-install and stuff the code in bsd.port.mk so > ports don't have to know about DESTDIR in this case. Yes. That'd be nice. > Actually, ports where pkg-install and the pre/post-install targets > duplicate code (often slightly differently) drive me nuts so I'd > prefer a NO_AUTOPKGINSTALL, but that would take some real work so a > positive flag is probably better initially. Agreed. That duplication is definitely a candidate for cleanup. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: support for DESTDIR: security/openssh-portable
John E Hein wrote at 11:55 -0600 on Aug 10, 2006: > Brooks Davis wrote at 09:05 -0500 on Aug 10, 2006: > > I think we should ideally introduce a feature to allow ports to > > automatically run pkg-install and stuff the code in bsd.port.mk so > > ports don't have to know about DESTDIR in this case. > > Yes. That'd be nice. Clarifying 'nice'... As you know, many custom install targets do: ${INSTALL_PROGRAM} foo ${PREFIX}/bin Those should change to ${INSTALL_PROGRAM} foo ${DESTDIR}${PREFIX}/bin or the shorthand: ${INSTALL_PROGRAM} foo ${TARGETDIR}/bin So those ports need to know about DESTDIR anyway. But I can't think of any reason offhand not to have the pkg-install scripts run in the DESTDIR chroot so they wouldn't have to know about DESTDIR. And standardizing (in bsd.port.mk) how pkg-install is run from custom *install targets would make the task of getting ports properly DESTDIR compliant much easier. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: support for DESTDIR: security/openssh-portable
On Thu, Aug 10, 2006 at 03:25:38PM +0200, G?bor K?vesd?n wrote: > Brooks Davis wrote: > >On Wed, Aug 09, 2006 at 05:59:18PM -0600, John E Hein wrote: > > > >>John E Hein wrote at 17:43 -0600 on Aug 9, 2006: > >> > Well, the part that makes it annoying to duplicate in all ports is not > >> > the two separate words (CHROOT DESTDIR), but that you have to test > >> > defined(DESTDIR) && !empty(DESTDIR) before you can figure out whether > >> > to use ${CHROOT} ${DESTDIR} or not. > >> > > >> > So having that test to assign CHROOTDESTDIR or leave it empty in > >> > bsd.port.mk allows the port writer to just always invoke it without > >> > having to worry about testing for DESTDIR. > >> > >>You could pass this var to pkg-install scripts, too (put it in the > >>standard *SUB* lists). > >> > >>That way you don't have to do the dance that was added to > >>security/clamav/files/pkg-install.in: > >> > >>if [ -n "%%DESTDIR%%" ]; then > >>PW="/usr/sbin/chroot %%DESTDIR%% pw" > >>CHOWN="/usr/sbin/chroot %%DESTDIR%% chown" > >>MKDIR="/usr/sbin/chroot %%DESTDIR%% mkdir -p" > >>else > >>PW="pw" > >>CHOWN="chown" > >>MKDIR="mkdir -p" > >>fi > >> > >>but rather just: > >> > >>PW="%%CHROOTDESTDIR%% pw" > >>CHOWN="%%CHROOTDESTDIR%% chown" > >>MKDIR="%%CHROOTDESTDIR%% mkdir -p" > >> > > > >This seems bogus. I can't think of any good reason why packages should > >differ based on the valid of DESTDIR. Instead the pkg-install script > >should be run inside the chroot. > > > >-- Brooks > > > We wanted to go that way with garga when working on security/clamav, but > we realized that we can't just do chroot /foo pkg-install, since the > script is not located in the chroot itself. Do you have an another idea, > how to chroot those scripts? My inclination would be something like: PKG_INSTALL_TEMP=`mktemp ${DESTDIR}/tmp/pkg_install` && \ (${CAT} ${PKG_INSTALL} > ${PKG_INSTALL_TEMP}; \ ${SH} ${PKG_INSTALL_TEMP}; \ ${RM} ${PKG_INSTALL_TEMP}) I think we should ideally introduce a feature to allow ports to automatically run pkg-install and stuff the code in bsd.port.mk so ports don't have to know about DESTDIR in this case. Actually, ports where pkg-install and the pre/post-install targets duplicate code (often slightly differently) drive me nuts so I'd prefer a NO_AUTOPKGINSTALL, but that would take some real work so a positive flag is probably better initially. -- Brooks pgpsghQwjN56j.pgp Description: PGP signature
Re: support for DESTDIR: security/openssh-portable
Brooks Davis wrote: On Wed, Aug 09, 2006 at 05:59:18PM -0600, John E Hein wrote: John E Hein wrote at 17:43 -0600 on Aug 9, 2006: > Well, the part that makes it annoying to duplicate in all ports is not > the two separate words (CHROOT DESTDIR), but that you have to test > defined(DESTDIR) && !empty(DESTDIR) before you can figure out whether > to use ${CHROOT} ${DESTDIR} or not. > > So having that test to assign CHROOTDESTDIR or leave it empty in > bsd.port.mk allows the port writer to just always invoke it without > having to worry about testing for DESTDIR. You could pass this var to pkg-install scripts, too (put it in the standard *SUB* lists). That way you don't have to do the dance that was added to security/clamav/files/pkg-install.in: if [ -n "%%DESTDIR%%" ]; then PW="/usr/sbin/chroot %%DESTDIR%% pw" CHOWN="/usr/sbin/chroot %%DESTDIR%% chown" MKDIR="/usr/sbin/chroot %%DESTDIR%% mkdir -p" else PW="pw" CHOWN="chown" MKDIR="mkdir -p" fi but rather just: PW="%%CHROOTDESTDIR%% pw" CHOWN="%%CHROOTDESTDIR%% chown" MKDIR="%%CHROOTDESTDIR%% mkdir -p" This seems bogus. I can't think of any good reason why packages should differ based on the valid of DESTDIR. Instead the pkg-install script should be run inside the chroot. -- Brooks We wanted to go that way with garga when working on security/clamav, but we realized that we can't just do chroot /foo pkg-install, since the script is not located in the chroot itself. Do you have an another idea, how to chroot those scripts? -- Cheers, Gabor ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: support for DESTDIR: security/openssh-portable
On Wed, Aug 09, 2006 at 05:59:18PM -0600, John E Hein wrote: > John E Hein wrote at 17:43 -0600 on Aug 9, 2006: > > Well, the part that makes it annoying to duplicate in all ports is not > > the two separate words (CHROOT DESTDIR), but that you have to test > > defined(DESTDIR) && !empty(DESTDIR) before you can figure out whether > > to use ${CHROOT} ${DESTDIR} or not. > > > > So having that test to assign CHROOTDESTDIR or leave it empty in > > bsd.port.mk allows the port writer to just always invoke it without > > having to worry about testing for DESTDIR. > > You could pass this var to pkg-install scripts, too (put it in the > standard *SUB* lists). > > That way you don't have to do the dance that was added to > security/clamav/files/pkg-install.in: > > if [ -n "%%DESTDIR%%" ]; then > PW="/usr/sbin/chroot %%DESTDIR%% pw" > CHOWN="/usr/sbin/chroot %%DESTDIR%% chown" > MKDIR="/usr/sbin/chroot %%DESTDIR%% mkdir -p" > else > PW="pw" > CHOWN="chown" > MKDIR="mkdir -p" > fi > > but rather just: > > PW="%%CHROOTDESTDIR%% pw" > CHOWN="%%CHROOTDESTDIR%% chown" > MKDIR="%%CHROOTDESTDIR%% mkdir -p" This seems bogus. I can't think of any good reason why packages should differ based on the valid of DESTDIR. Instead the pkg-install script should be run inside the chroot. -- Brooks pgpUoot7abdHh.pgp Description: PGP signature
Re: support for DESTDIR: security/openssh-portable
Gábor Kövesdán wrote at 01:47 +0200 on Aug 10, 2006: > Ah, you mean defining CHROOTDESTDIR only when DESTDIR is set and leave > it empty when not? It sounds reasonable then. I'll work this out after > some hours of sleeping. :) Yep... that's it. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: support for DESTDIR: security/openssh-portable
John E Hein wrote at 17:43 -0600 on Aug 9, 2006: > Well, the part that makes it annoying to duplicate in all ports is not > the two separate words (CHROOT DESTDIR), but that you have to test > defined(DESTDIR) && !empty(DESTDIR) before you can figure out whether > to use ${CHROOT} ${DESTDIR} or not. > > So having that test to assign CHROOTDESTDIR or leave it empty in > bsd.port.mk allows the port writer to just always invoke it without > having to worry about testing for DESTDIR. You could pass this var to pkg-install scripts, too (put it in the standard *SUB* lists). That way you don't have to do the dance that was added to security/clamav/files/pkg-install.in: if [ -n "%%DESTDIR%%" ]; then PW="/usr/sbin/chroot %%DESTDIR%% pw" CHOWN="/usr/sbin/chroot %%DESTDIR%% chown" MKDIR="/usr/sbin/chroot %%DESTDIR%% mkdir -p" else PW="pw" CHOWN="chown" MKDIR="mkdir -p" fi but rather just: PW="%%CHROOTDESTDIR%% pw" CHOWN="%%CHROOTDESTDIR%% chown" MKDIR="%%CHROOTDESTDIR%% mkdir -p" ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: support for DESTDIR: security/openssh-portable
John E Hein wrote: Gábor Kövesdán wrote at 01:29 +0200 on Aug 10, 2006: > John E Hein wrote: > > John E Hein wrote at 16:31 -0600 on Aug 9, 2006: > > > Now that ports/Mk does the right thing for DESTDIR (thanks to Gábor), > > > here's a patch that supports DESTDIR properly for > > > security/openssh-portable: > > > > > [snip] > > > @@ -171,29 +171,33 @@ post-extract: > > > post-patch: > > >@${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure > > > > > > +.if defined(DESTDIR) && !empty(DESTDIR) > > > +CHROOTDESTDIR=${CHROOT} ${DESTDIR} > > > +.endif > > > + > > [snip] > > > .endif > > > - if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi > > > - if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \ > > > + if ! ${CHROOTDESTDIR} pw groupshow sshd; then ${CHROOTDESTDIR} pw groupadd sshd -g 22; fi > > > + if ! ${CHROOTDESTDIR} pw usershow sshd; then ${CHROOTDESTDIR} pw useradd sshd -g sshd -u 22 \ > > >-h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi > > > > Gabor, you may want to define CHROOTDESTDIR (or name it whatever you > > want) as a convenience var in bsd.port.mk > > > > I suspect lots of ports will want to use it. > > > Might be good, but personally I think ${CHROOT} ${DESTDIR} is more > trivial (easier to read and understand) and only longer with 4 > characters. One might wonder at first look what CHROOTDESTDIR is. Well, the part that makes it annoying to duplicate in all ports is not the two separate words (CHROOT DESTDIR), but that you have to test defined(DESTDIR) && !empty(DESTDIR) before you can figure out whether to use ${CHROOT} ${DESTDIR} or not. So having that test to assign CHROOTDESTDIR or leave it empty in bsd.port.mk allows the port writer to just always invoke it without having to worry about testing for DESTDIR. Ah, you mean defining CHROOTDESTDIR only when DESTDIR is set and leave it empty when not? It sounds reasonable then. I'll work this out after some hours of sleeping. :) -- Cheers, Gabor ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: support for DESTDIR: security/openssh-portable
Gábor Kövesdán wrote at 01:29 +0200 on Aug 10, 2006: > John E Hein wrote: > > John E Hein wrote at 16:31 -0600 on Aug 9, 2006: > > > Now that ports/Mk does the right thing for DESTDIR (thanks to Gábor), > > > here's a patch that supports DESTDIR properly for > > > security/openssh-portable: > > > > > [snip] > > > @@ -171,29 +171,33 @@ post-extract: > > > post-patch: > > > @${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure > > > > > > +.if defined(DESTDIR) && !empty(DESTDIR) > > > +CHROOTDESTDIR=${CHROOT} ${DESTDIR} > > > +.endif > > > + > > [snip] > > > .endif > > > - if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi > > > - if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \ > > > + if ! ${CHROOTDESTDIR} pw groupshow sshd; then ${CHROOTDESTDIR} > > pw groupadd sshd -g 22; fi > > > + if ! ${CHROOTDESTDIR} pw usershow sshd; then ${CHROOTDESTDIR} > > pw useradd sshd -g sshd -u 22 \ > > > -h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege > > separation"; fi > > > > Gabor, you may want to define CHROOTDESTDIR (or name it whatever you > > want) as a convenience var in bsd.port.mk > > > > I suspect lots of ports will want to use it. > > > Might be good, but personally I think ${CHROOT} ${DESTDIR} is more > trivial (easier to read and understand) and only longer with 4 > characters. One might wonder at first look what CHROOTDESTDIR is. Well, the part that makes it annoying to duplicate in all ports is not the two separate words (CHROOT DESTDIR), but that you have to test defined(DESTDIR) && !empty(DESTDIR) before you can figure out whether to use ${CHROOT} ${DESTDIR} or not. So having that test to assign CHROOTDESTDIR or leave it empty in bsd.port.mk allows the port writer to just always invoke it without having to worry about testing for DESTDIR. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: support for DESTDIR: security/openssh-portable
John E Hein wrote: John E Hein wrote at 16:31 -0600 on Aug 9, 2006: > Now that ports/Mk does the right thing for DESTDIR (thanks to Gábor), > here's a patch that supports DESTDIR properly for > security/openssh-portable: > [snip] > @@ -171,29 +171,33 @@ post-extract: > post-patch: > @${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure > > +.if defined(DESTDIR) && !empty(DESTDIR) > +CHROOTDESTDIR=${CHROOT} ${DESTDIR} > +.endif > + [snip] > .endif > - if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi > - if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \ > + if ! ${CHROOTDESTDIR} pw groupshow sshd; then ${CHROOTDESTDIR} pw groupadd sshd -g 22; fi > + if ! ${CHROOTDESTDIR} pw usershow sshd; then ${CHROOTDESTDIR} pw useradd sshd -g sshd -u 22 \ > -h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi Gabor, you may want to define CHROOTDESTDIR (or name it whatever you want) as a convenience var in bsd.port.mk I suspect lots of ports will want to use it. Might be good, but personally I think ${CHROOT} ${DESTDIR} is more trivial (easier to read and understand) and only longer with 4 characters. One might wonder at first look what CHROOTDESTDIR is. CC'd to ports@ to see what others think. -- Cheers, Gabor ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"