From owner-freebsd-ports@freebsd.org Wed Oct 7 08:15:11 2015 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 52FD69B6C2C for ; Wed, 7 Oct 2015 08:15:11 +0000 (UTC) (envelope-from mailinglists@toco-domains.de) Received: from toco-domains.de (mail.toco-domains.de [IPv6:2a01:4f8:150:50a5::6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 198B3237 for ; Wed, 7 Oct 2015 08:15:11 +0000 (UTC) (envelope-from mailinglists@toco-domains.de) Received: from [192.168.0.119] (port-212-202-156-99.static.qsc.de [212.202.156.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by toco-domains.de (Postfix) with ESMTPSA id EEAD41B227E2; Wed, 7 Oct 2015 10:15:07 +0200 (CEST) Subject: Re: change ports default work directory prefix To: Dirk Engling , freebsd-ports@freebsd.org References: <560ED943.4060106@erdgeist.org> From: =?UTF-8?Q?Torsten_Z=c3=bchlsdorff?= Message-ID: <5614C1D2.6010307@toco-domains.de> Date: Wed, 7 Oct 2015 08:55:14 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <560ED943.4060106@erdgeist.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Oct 2015 08:15:11 -0000 > Today in EuroBSDCon's jail working group we discussed changing the > default for WRKDIRPREFIX to /usr/obj/ports. This has the advantage of > being able to share the ports tree between host system and jails. > Another plus is that cleaning all work directories is much faster than a > recursive make clean. Speeding up make clean would be nice. Otherwise i've just use a simple find, because its much faster than the recursive make clean. > With the current default, exposing the ports tree to jails potentially > leaks information about installed programs, configured options or host > specific generated secrets (thinking of LocalSettings.php). The options are stored under /var/db/ports; therefore this should be saved. But i believe i did not understand the change you propose. What is the idea behind this? Do you want the portstree to be sharable with the jails? In this case the distfiles must be considered. Sometime it is very nice to share them between the jails. Sometimes i do not want this. Also the options should be discussed. Do i want them exposed to the tree? In my history there were cases i want this and sometimes not. Next thought: why should i share the portstree to my jail? Obviously to save time/space if every jail use the same tree. If this is the case. Enabling the portstree exposing optionally to a jail would be very fine. Therefore i support changing WRKDIRPREFIX. But we need to take care of the distfiles and the options. distfiles should move out of the portstree - otherwise the tree must be writable to the jails and this can case different sideeffects; for example when building the same port at the same time in different jails. > On the down side, developers can't by default just copy the port, hack > away and be sure to only modify files in their respective home directories. Why? When i'm in a jail and build a port, whould the WRKDIRPREFIX not apply within the jail? Therefore it should be save to build a port (even with different options) in host or jail. Or did i miss something? > bapt@ asked me to discuss this here, also looking for potential other > pitfalls I have not thought about. Is there a documentation about the thoughts and pitfalls you already found? This would be very helpful for a discussion. Otherwise its more like a guessing. ;) Greetings, Torsten