Date: Wed, 20 Jan 2016 11:16:42 -0600 From: Brandon J. Wandersee <brandon.wandersee@gmail.com> To: =?utf-8?Q?Lu=C3=ADs?= Fernando Schultz Xavier da Silveira <schultz@ime.usp.br> Cc: Polytropon <freebsd@edvax.de>, freebsd-questions@freebsd.org, kpneal@pobox.com Subject: Re: Unexpected dependencies of graphics/libGL Message-ID: <86bn8gkw79.fsf@WorkBox.Home> In-Reply-To: <20160119063438.ca57c8a3bd8ba6781a58b040@ime.usp.br> References: <20160117031923.ce1f36547351bf07b6fff9a0@ime.usp.br> <20160117070715.1c33732b.freebsd@edvax.de> <20160117162018.964db3b1f2f2133242773e78@ime.usp.br> <20160117220247.69e6774f.freebsd@edvax.de> <20160118161235.GA92637@neutralgood.org> <20160119050806.cd08ca0687e76a4b09a701e3@ime.usp.br> <20160119062345.5402e98b.freebsd@edvax.de> <20160119063438.ca57c8a3bd8ba6781a58b040@ime.usp.br>
next in thread | previous in thread | raw e-mail | index | archive | help
Luís Fernando Schultz Xavier da Silveira writes: > If the extra dependencies break the jail, the output packages can be > malformed and, when installed, break the host system. Nope. Leaving aside the fact that no package should even (ideally) affect the base system (and so shouldn't break a jail), if a Poudriere jail does break, the build fails. Not the *port build*, but the *Poudriere bulk build process.* The whole thing will crash out with an error message. And while Poudirere doesn't require ZFS, it was crafted with ZFS in mind, and if it is installed and run in a zpool then any time a jail is updated or a bulk build process executed, a snapshot is created beforehand. Should things become completely borken, the jail and/or repository can simply be rolled back. Moreover, the package repository index is not updated until the bulk build for all packages is complete. If a particular package fails to build or pass a test then all packages upon which it depends are skipped, and all builds for packages which depend up the failed package are ignored. Only successfully built packages are made available for installation/upgrades. This can easily be resolved: Poudriere is the official build system for the FreeBSD ports team. All official packages you install via pkg(8) are built with it, and have been for a couple years now. Chances are you're not the first person to think about these things. If you don't trust Poudriere, you shouldn't trust packages. Since the ports system and package manager are now bound to one another (with all ports being built into packages and installed/tracked with pkg(8)), if you don't trust packages, you probably shouldn't place too much trust in the ports system, either. If a particular port/package can be successfully built and installed, yet is causing problems on its host system then it's entirely possible that the port itself is faulty, or (perhaps more likely) that the issue stems from a bug or malicious code within the compiled software itself. Poudriere can't account for such a circumstance, but then it doesn't have to. It's a build system designed to expedite the building of customized ports, while simulatneously preventing malicious code from being executed on the build system during that build process and avoiding a port/package upgrade from failing on a host system part-way through and breaking things in the process. If a port successfully builds in Poudriere, and its package is successfully added to the repository, and then successfully installed on the receiving system, then Poudriere has successfully done its job. -- ================================================================= :: Brandon Wandersee :: :: brandon.wandersee@gmail.com :: ================================================================== 'A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.' - Douglas Adams ==================================================================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86bn8gkw79.fsf>