From owner-freebsd-ports@FreeBSD.ORG  Thu Jan 21 17:49:27 2010
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: ports@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1AD6F106566B;
	Thu, 21 Jan 2010 17:49:27 +0000 (UTC) (envelope-from jhs@berklix.com)
Received: from tower.berklix.org (tower.berklix.org [83.236.223.114])
	by mx1.freebsd.org (Postfix) with ESMTP id A88498FC16;
	Thu, 21 Jan 2010 17:49:26 +0000 (UTC)
Received: from park.js.berklix.net (p549A5118.dip.t-dialin.net [84.154.81.24])
	(authenticated bits=0)
	by tower.berklix.org (8.14.2/8.14.2) with ESMTP id o0LHnOWI064933;
	Thu, 21 Jan 2010 17:49:24 GMT (envelope-from jhs@berklix.com)
Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41])
	by park.js.berklix.net (8.13.8/8.13.8) with ESMTP id o0LHnFHV049590;
	Thu, 21 Jan 2010 18:49:15 +0100 (CET) (envelope-from jhs@berklix.com)
Received: from fire.js.berklix.net (localhost [127.0.0.1])
	by fire.js.berklix.net (8.14.3/8.14.3) with ESMTP id o0LHn5gh033380;
	Thu, 21 Jan 2010 18:49:10 +0100 (CET)
	(envelope-from jhs@fire.js.berklix.net)
Message-Id: <201001211749.o0LHn5gh033380@fire.js.berklix.net>
To: gary.jennejohn@freenet.de
From: "Julian H. Stacey" <jhs@berklix.com>
Organization: http://www.berklix.com BSD Unix Linux Consultancy, Munich Germany
User-agent: EXMH on FreeBSD http://www.berklix.com/free/
X-URL: http://www.berklix.com
In-reply-to: Your message "Thu, 21 Jan 2010 17:01:46 +0100."
	<20100121170146.672acbbd@ernst.jennejohn.org> 
Date: Thu, 21 Jan 2010 18:49:05 +0100
Sender: jhs@berklix.com
Cc: ports@FreeBSD.org, Doug Barton <dougb@FreeBSD.org>
Subject: Re: Suggestion: A new variable for a few Makefiles: IS_BINARY 
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2010 17:49:27 -0000

Hi,
Reference:
> From:		Gary Jennejohn <gary.jennejohn@freenet.de> 
> Reply-to:	gary.jennejohn@freenet.de 
> Date:		Thu, 21 Jan 2010 17:01:46 +0100 
> Message-id:	<20100121170146.672acbbd@ernst.jennejohn.org> 

Gary Jennejohn wrote:
> On Thu, 21 Jan 2010 07:34:02 -0800
> Doug Barton <dougb@FreeBSD.org> wrote:
> 
> > On 1/20/2010 6:47 PM, Julian H. Stacey wrote:
> > > Some may not don't mind
> > > installing binaries from elsewhere, but FreeSBD could protect more,
> > 
> > What is it that you're trying to protect people from? In other words, 
> > what bad thing do you think is going to happen if someone installs a 
> > binary, and why do you think that we would allow something dangerous 
> > into the ports collection in the first place?
> > 
> 
> I know Julian very well and he's, umm, very cautious.
> 
> I assume he wants a knob he can turn on to avoid installing binaries while
> doing unattended installations, i.e. with BATCH set to yes.

Thanks, Yes, sort of, 
Mechanism would be similar to implemenation methoid of BATCH,
	(Except we could improve on it by not having different strings eg 
		Makefile:	IS_INTERACTIVE=YES
		Mk/*:		BATCH=
	but perhaps
		Makefile:	IS_BINARY=YES
		Mk/*:		SKIP_BINARY_INSTALL=YES	# (or NO)
	)

It could be use with BATCH (but doesnt have to be), eg
personally I do a multi pass build on my ports,
 cd /usr/ports ; make BERKLIX_CLIENTS=YES BATCH=YES	# overnight
 cd /usr/ports ; make BERKLIX_CLIENTS=YES # later build of interactives next day

Usage of SKIP_BINARY_INSTALL would be personaly choosable I'd specify
SKIP_BINARY_INSTALL=YES (if  not default in Mk/*.mk) but others
could equally choose Not to assert it.

Example:
I just did an upgrade (to 8.0) & compiled & installed 694 ports
(inc. dependencies), from my set of */Makefile.local Manually
scanning Makefiles each remake (inc changing dependencies), looking
for binary rogue software sneaking through, is pointless, when
binaries without source could so easily be marked in Makefiles.

The mechanism would help people & companies that have a policy:
	Install No software without matching sources.
Others could ignore occasional declarative markers in a few ports like
	www/opera/Makefile
		IS_BINARY=YES

One could debate whether default make install behaviour from Mk/
should be to continue to install (as now), or exit 1, on the few ports
needing IS_BINARY=YES; Default would be over-ridable by an env var
to make command.

There is a spectrum of usage, no one preference fits all, No point
trying to convince each other 1 policy is best for all :-)

   Some run binaries ie BLOBs, drivers, opera, mega ports (openoffice),
   & flash binaries under linux emulators etc, & maybe havent source,
   enthusiasm, time, space or interest to build their own.

   Some (by temperament, employer, or market sector, eg security
   companies, firewall manufacturers, military development support,
   government security etc), may want to No software tools installed
   without matching sources.

Not everyone needs the hook, but that's no reason not implement it;
it is simple, helps some, & will not harm others who can ignore it.

Cheers,
Julian
-- 
Julian Stacey: BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com
Mail plain text not quoted-printable, HTML or Base64 http://www.asciiribbon.org