Date: Wed, 07 Oct 2015 08:01:59 -0400 From: Lowell Gilbert <freebsd-ports-local@be-well.ilk.org> To: freebsd-ports@freebsd.org Subject: Re: change ports default work directory prefix Message-ID: <44y4feubt4.fsf@lowell-desk.lan> In-Reply-To: <560ED943.4060106@erdgeist.org> (Dirk Engling's message of "Fri, 2 Oct 2015 21:21:39 %2B0200") References: <560ED943.4060106@erdgeist.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dirk Engling <erdgeist@erdgeist.org> writes: > Today in EuroBSDCon's jail working group we discussed changing the > default for WRKDIRPREFIX to /usr/obj/ports. This has the advantage of > being able to share the ports tree between host system and jails. > Another plus is that cleaning all work directories is much faster than a > recursive make clean. I set WRKDIRPREFIX in all cases (including the "real" system) for these reasons. I don't use /usr/obj/ports, but /usr/obj is the best place that exists in hier(7). > With the current default, exposing the ports tree to jails potentially > leaks information about installed programs, configured options or host > specific generated secrets (thinking of LocalSettings.php). I don't understand why any of these would be concerns. If there are work directories littering the tree, that could leak some information, and the distfiles set could leak some information, but not much and not reliably. > On the down side, developers can't by default just copy the port, hack > away and be sure to only modify files in their respective home directories. When I do that, I'm running under my own UID, so I don't have permission to write into /usr/obj. If I forget to set WRKDIRPREFIX, I'll get a quick reminder. I don't think it's a problem. > bapt@ asked me to discuss this here, also looking for potential other > pitfalls I have not thought about. People with unusual partitioning schemes might see some surprising effects, but I think it's unlikely to break anything even in those cases, and they may well set WRKDIRPREFIX already. There are no significant downsides, and although I think the benefits will turn out to mostly go to types of people who already set WRKDIRPREFIX today, they are real. In short: can't hurt, will help a bit, go ahead. Be well.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44y4feubt4.fsf>