Date: Fri, 7 Nov 2014 11:55:47 -0500 From: Vick Khera <vivek@khera.org> To: Lowell Gilbert <freebsd-ports-local@be-well.ilk.org> Cc: FreeBSD Ports List <ports@freebsd.org>, Ashish SHUKLA <ashish@freebsd.org> Subject: Re: new dependency for emacs-nox11 Message-ID: <CALd%2Bdcf7Zg4Agz%2BxC=pJ2yf6bD5c04yp0u1BrdZ0cdN8g2hnkQ@mail.gmail.com> In-Reply-To: <444mub6nf8.fsf@lowell-desk.lan> References: <CALd%2Bdceru0a626ea185EFM_ErH1uJkj_iUgkZCxKpz7wLpOJzA@mail.gmail.com> <444mub6nf8.fsf@lowell-desk.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 7, 2014 at 10:27 AM, Lowell Gilbert < freebsd-ports-local@be-well.ilk.org> wrote: > Vick Khera <vivek@khera.org> writes: > > > Emacs 24.4 update in ports pulls in a new dependency: desktop-file-utils. > > This in turn pulls in a big swath of additional packages including > python, > > perl, pcre, glib. > > I don't think so. desktop-file-utils doesn't seem to pull in anything > that isn't already required for emacs (glib being the big one, and > libintl the only other, according to "pkg info"). What makes you say > otherwise? > On one of my servers, I run "pkg install emacs-nox11" from my repo, which is build using poudriere with these options Options : ACL : off ALSA : off DBUS : off FILENOTIFY : off GNUTLS : off LTO : off OSS : off SOUND : off SOURCES : on XML : on The pkg install says it will pull in the following: New packages to be INSTALLED: emacs-nox11: 24.4,3 desktop-file-utils: 0.22_3 pcre: 8.35_1 glib: 2.36.3_4 python27: 2.7.8_6 libffi: 3.0.13_3 Compare old emacs 24.3 to 24.4 requirements: % pkg info -dr emacs-nox11 emacs-nox11-24.3_14,3 Depends on : libxml2-2.9.2_2 indexinfo-0.2 # pkg info -dr emacs-nox11 emacs-nox11-24.4,3 Depends on : libxml2-2.9.2_2 indexinfo-0.2 desktop-file-utils-0.22_3 Chasing down the chain we see that desktop-file-utils is what pulled in pcre and glib, and that glib pulled in python (which pulls in libffi). I already had perl, gettext, and libiconv from other dependencies installed. > > > Is there a way that the port could be tweaked so that the desktop > utilities > > are not installed when there is no desktop (ie, the nox11 variant)? My > goal > > is to have a minimal footprint of software on my servers so I do not have > > to security audit all this extra software. > > Yes, leaving that out seems fine. However, the footprint seems to be > just a couple of command-line programs totalling 150KB, plus manuals and > an elisp file for an editing mode. I don't currently have an > X-library-free build environment, so unfortunately I can't make a > definitive check on that statement. > Any non-zero footprint has the potential to open up security holes. The size is not really the issue. I'm also personally unclear why glib needs perl and python as a run-time dependency, but that's only from a cursory look at it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALd%2Bdcf7Zg4Agz%2BxC=pJ2yf6bD5c04yp0u1BrdZ0cdN8g2hnkQ>