Currently virtualsize is only defined for NetBSD, breaking builds that use it
on any other platform. Adding defaults for all other platforms should be done
at some point, this at least unbreaks package builds for now and provides a
safer default for any future additions.
Packages defined the variable BROKEN inconsistently. Some added quotes,
like they are required in PKG_FAIL_REASON, some omitted them.
Now all packages behave the same, and pkglint will flag future mistakes.
It currently tackles two problems:
- gcc(1) hard-coding full paths in debugging information (with one
caveat at the moment)
- ar(1) hard-coding user IDs in archive headers
This allows packages built from the same tree and options to produce
identical results bit by bit. This option should be combined with ASLR
and PKGSRC_MKPIE to avoid predictable address offsets for attackers
attempting to exploit security vulnerabilities.
This is still disabled by default, and only supports NetBSD so far.
As discussed on tech-pkg@
While it would be useful, the current implementation has not been
updated even to use 'cvs add' instead of 'cvs import' (policy change
in 2012). Use the import-package.sh script currently residing in wip/
instead.
If ${_USE_NEW_PKGINSTALL} is "yes", then use the new "pkgtasks",
"init", and "pkgformat/pkg"-scripts frameworks instead of the
existing "pkginstall" framework.
Only four platforms, all BSDs, need to resolve "ELF/a.out" into
either ELF or a.out. Calculate it directly in the platform file
and return the value in ${_OPSYS_SHLIB_TYPE} and export that value
in bsd.prefs.mk as ${SHLIB_TYPE}.
Instead of requiring the file(1) tool, we can expect the base
system of those BSDs to have /usr/bin/file, so make use of it
directly.
in the default environment and provide a config.site overriding the
default libdir settings. This breaks havoc with our PLISTs and expected
library paths, so kill it.
This allows setting flags for PaX on select binaries. Two new variables
are introduced for packages: NOT_PAX_ASLR_SAFE and NOT_PAX_MPROTECT_SAFE.
They both expect a list of binaries are known to not support PaX ASLR
and/or PaX MPROTECT, respectively.
"Please commit" wiz@
The find-prefix infrastructure was required in a pkgviews world where
packages installed from pkgsrc could have different installation
prefixes, and this was a way for a dependency prefix to be determined.
Now that pkgviews has been removed there is no longer any need for the
overhead of this infrastructure. Instead we use BUILDLINK_PREFIX.pkg
for dependencies pulled in via buildlink, or LOCALBASE/PREFIX where the
dependency is coming from pkgsrc.
Provides a reasonable performance win due to the reduction of `pkg_info
-qp` calls, some of which were redundant anyway as they were duplicating
the same information provided by BUILDLINK_PREFIX.pkg.
wrappers when USE_CWRAPPERS is enabled, saving a reasonable amount of
I/O during builds, mostly due to avoiding the transform/untransform sed
file generations.
WRAPPER_DIR and WRAPPER_BINDIR are used by various packages to override
or point to specific wrappers, and these now point to the cwrappers
directory when enabled, removing the need for CWRAPPERS_BIN_DIR
duplication and fixing packages which previously were using legacy
wrappers by accident.
A number of targets are now duplicated between bsd.wrapper.mk and
cwrappers.mk, the intention being that the legacy wrappers will be
deprecated once cwrappers is verified on all supported platforms. If
that turns out to take longer than expected, we will probably want to
introduce a wrapper.mk to abstract them away before loading the
appropriate back-end.
more pkgsrcesque.
1) turn _USE_GITHUB into an internal infrastructure variable
2) put back MASTER_SITES in packages' Makefiles.
3) encode the account in the master site URL, remove GH_ACCOUNT
4) rename GH_PROJECT to GITHUB_PROJECT
5) rename GH_TAGNAME to GITHUB_TAG and allow it to accept commit hash
as well as tag. GH_COMMIT is gone.
6) turn on this functionality when MASTER_SITES matches a predefined github
pattern instead of via explicit USE_GITHUB setting.
handling less painful.
See: https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/makefile-distfiles.html#makefile-master_sites-github
To use, set in Makefile:
DISTNAME= exampleproject-1.2
USE_GITHUB= YES
The following variables alter USE_GITHUB behavior:
GH_ACCOUNT defaults to PKGBASE
GH_PROJECT defaults to PKGBASE
GH_TAGNAME defaults to PKGVERSION_NOREV
(sometimes you want to override with v${PKGVERSION_NOREV})
GH_COMMIT explicit commit hash if no tag is available
GH_RELEASE default empty, may be set to ${DISTNAME} for example
GH_TYPE overrides the autodetected MASTER_SITE URL scheme
the problem is either situational (e.g. the various RESTRICTED-like
cases) or unfixable in pkgsrc (no pthreads, ipv6, etc. on platform).
Conversely, if the wrong version of mysql is installed, that's a
PKG_FAIL_REASON.
discussion on tech-pkg.
BROKEN_ON_PLATFORM and NOT_FOR_PLATFORM are the same, except that
(now) BROKEN_ON_PLATFORM sets PKG_FAIL_REASON and NOT_FOR_PLATFORM
sets PKG_SKIP_REASON. BROKEN_EXCEPT_FOR_PLATFORM and ONLY_FOR_PLATFORM
correspond in the same way.
The idea is that going forward we will distinguish unbuildable
packages that theoretically ought to be fixed (these are BROKEN) from
packages where it doesn't make sense to build (these are NOT_FOR)...
examples of the former include most non-64-bit-clean packges; examples
of the latter include OS-specific language bindings.
A general review of the uses of NOT_FOR_PLATFORM and ONLY_FOR_PLATFORM
(converting many of them to BROKEN...) is coming up.
Similarly, a general review of the uses of PKG_FAIL_REASON and
PKG_SKIP_REASON is coming up.
For this to become useful, pbulk needs to be taught to report failing
and skipped packages differently - the idea is that failing packages
should be reported up front and skipped packages don't need to be. This
has not been done yet, but one set of things at a time...
SMF is the Service Management Facility, the default init system in
Solaris and derivatives since version 10. This adds "smf" to the list
of supported INIT_SYSTEM types, and makes it the default init system on
platforms where it is available.
Packages can introduce SMF support by providing a manifest file, by
default located in ${FILESDIR}/smf/manifest.xml but manifests under
${WRKSRC} can be used too if the package source includes one.
SMF method scripts are supported too if required, using SMF_METHODS in a
similar manner to RCD_SCRIPTS.
Many parts of the SMF infrastructure are configurable, see mk/smf.mk for
the full details.
This commit introduces an INIT_SYSTEM variable which will determine the
type of init system to be used on the target system, supporting "rc.d"
at this time.
The pkginstall infrastructure is changed to only install RCD_SCRIPTS if
INIT_SYSTEM is set to "rc.d", and PLIST entries for rc.d scripts are
now handled automatically based on RCD_SCRIPTS.
Our make(1) now sets $MAKELEVEL. While this should cause no harm, gmake
detects a non-zero $MAKELEVEL and automatically sets "w" in $MAKEFLAGS
for subordinate makes, in order to print the entry and exit directories.
Our make, does not understand -w, so it prints an error message and exits.
In order to catch this everywhere (since cmake for example can invoke
either our make or gmake depending on how it feels), we reset the variable
for any top level command. This effectively reverts to the behavior of
our make not setting $MAKELEVEL.
1.) It breaks the build of "www/firefox" which gets upset if "SHELL" is
not defined in the environment. There are probably more packages
which similar problems.
2.) It breaks established use case like this one:
export ALLOW_VULNERABLE_PACKAGES=yes
cd pkgsrc/multimedia/ffmpeg2theora
bmake install
In this case the value of "ALLOW_VULNERABLE_PACKAGES" will not be
passed to the build of "pkgsrc/multimedia/ffmpeg". And the build of
this package will fail due to known vulnerabilities.
It is used in limited case, and does not exist by default on some platforms.
proposed at over 30 months ago, and no negative feedback (only one request).
