Date: Thu, 5 Nov 2020 11:49:51 +0100 From: Stefan Esser <se@freebsd.org> To: rgrimes@freebsd.org Cc: Emmanuel Vadot <manu@bidouilliste.com>, Oliver Pinter <oliver.pntr@gmail.com>, src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-head@freebsd.org, Baptiste Daroussin <bapt@FreeBSD.org> Subject: Re: svn commit: r367280 - head/lib/libc/gen Message-ID: <19d4e381-fa2d-8afc-dff4-502ba30041d2@freebsd.org> In-Reply-To: <20201104194058.tbrh4vvgevbnb6pd@ivaldir.net> References: <1b636b92-92e8-4abf-0771-f7232ca6d25f@freebsd.org> <202011041904.0A4J4b5k025815@gndrsh.dnsmgr.net> <20201104194058.tbrh4vvgevbnb6pd@ivaldir.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --E1E9jb925QoOWH0nv7D18x8gxyYlu55yG Content-Type: multipart/mixed; boundary="6rrfWvsfMS0eAKUOQMOC6tcT0qUL2Kdg1"; protected-headers="v1" From: Stefan Esser <se@freebsd.org> To: rgrimes@freebsd.org Cc: Emmanuel Vadot <manu@bidouilliste.com>, Oliver Pinter <oliver.pntr@gmail.com>, src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-head@freebsd.org, Baptiste Daroussin <bapt@FreeBSD.org> Message-ID: <19d4e381-fa2d-8afc-dff4-502ba30041d2@freebsd.org> Subject: Re: svn commit: r367280 - head/lib/libc/gen References: <1b636b92-92e8-4abf-0771-f7232ca6d25f@freebsd.org> <202011041904.0A4J4b5k025815@gndrsh.dnsmgr.net> <20201104194058.tbrh4vvgevbnb6pd@ivaldir.net> In-Reply-To: <20201104194058.tbrh4vvgevbnb6pd@ivaldir.net> --6rrfWvsfMS0eAKUOQMOC6tcT0qUL2Kdg1 Content-Type: multipart/mixed; boundary="------------8A06AD0A8054425142F5EA8C" Content-Language: en-US This is a multi-part message in MIME format. --------------8A06AD0A8054425142F5EA8C Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: quoted-printable Am 04.11.20 um 20:40 schrieb Baptiste Daroussin: > On Wed, Nov 04, 2020 at 11:04:37AM -0800, Rodney W. Grimes wrote: >> For 25 years PREFIX has been rigidly a part of the ports infustructure= , >> why is it that the BASE system has been allowed to de-evolve from this= >> concept as documented and REQUIRED by: >> >> https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/por= ting-prefix.html >> >> >> I again assert at one time the base system was clean of this, >> it has regressed and needs to be fixed. That fix should restore >> the independence of PREFIX. If 30k ported pieces of software can >> do it why can't the base system do it? >> >> Those ports do not require a recompile, why should the base system? >=20 > I am just reacting on that phrase, you do really think the ports do not= require > a rebuild to be able to relocate from a PREFIX to another? this is a my= th! >=20 > ports support being built with another prefix than localbase but that i= s all it > supports. >=20 > There has been a flase claim for years that relocating work, but beside= the > tools proposing the feature it never worked, or to be fait only on some= very > specific port. >=20 > But it is just an impossible goal to achieve otherwise as for example a= ll the > path which gets hardcoded at build time depending on the prefix will en= d up in > the binary looking for resources in a hardcoded prefix at runtime and s= o fail if > you relocate the package, for example its datadir. Adding to Baptiste's reply: While ports have often contained hard-coded dependencies on the PREFIX used at build time, the changes currently being applied to the base=20 system would actually ease having ports that adapt to a different prefix at run-time. See Scott Longs proposed getlocalbase() function (D27022), which could be used by ports to derive at run-time the (currently hard-coded) path in a standardized way (with fall-back to _PATH_LOCALBASE or /usr/local). There are potential security issues with a run-time configured PREFIX though, e.g. if it is used to locate files that contain an admin- configured policy meant to restrict unprivileged users. Only hard-coded paths in the respective binaries protect against attacks that manipulate a dynamic prefix at run-time in such a szenario. But as long as not all supported versions of FreeBSD support the getlocalbase() function, it cannot be assumed to be generally available for use in ports. And since it will take some time for the currently supported releases to reach EoL, ports could only conditionally include such a feature when built on and for a system known to have getlocalbase(). We are in the process of creating the infrastructure that may one day allow ports to automatically adapt to the PREFIX in use on the system they are installed on, but we are not there, yet. Regards, STefan --------------8A06AD0A8054425142F5EA8C-- --6rrfWvsfMS0eAKUOQMOC6tcT0qUL2Kdg1-- --E1E9jb925QoOWH0nv7D18x8gxyYlu55yG Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEo3HqZZwL7MgrcVMTR+u171r99UQFAl+j2M8FAwAAAAAACgkQR+u171r99URr Bgf/VMva804KdQZ3ngRhH0dKh7IH1I/pxqazFTE9oZFK5h+fC6WuRNQ/uOYkfLT2uCg1WViQY2FS xeJf5OyTEQAFeO02xqRnRv4fk+cvnECxY7llPoyVmhOm7JKOeWUQo7IwyJ8WAbzZHKDTN2ViKG3+ s73wp285a0ZyCiHyAg6TNiehDntb+74iBBaiJSwbTe/CMRmjdSGmAJdHrDliwpQn5Ixc7NyQ2I4b g2dBpBnAR8RoWCuUe0D6yEyZgyZc7ibpWCsEcAldr+2pWzFapQKlLfpGPBxdDYEv5a/saZ1CG5/9 48vwe6ejITlApnNflOPXCPM3rOnr2RcVhfHYmynQ7A== =3745 -----END PGP SIGNATURE----- --E1E9jb925QoOWH0nv7D18x8gxyYlu55yG--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19d4e381-fa2d-8afc-dff4-502ba30041d2>