| @@ -211,30 +211,29 @@ builds) | | | @@ -211,30 +211,29 @@ builds) |
211 | <dt><span class="sect1"><a href="#build.wrapper">13.10. The <span class="emphasis"><em>wrapper</em></span> phase</a></span></dt> | | 211 | <dt><span class="sect1"><a href="#build.wrapper">13.10. The <span class="emphasis"><em>wrapper</em></span> phase</a></span></dt> |
212 | <dt><span class="sect1"><a href="#build.configure">13.11. The <span class="emphasis"><em>configure</em></span> phase</a></span></dt> | | 212 | <dt><span class="sect1"><a href="#build.configure">13.11. The <span class="emphasis"><em>configure</em></span> phase</a></span></dt> |
213 | <dt><span class="sect1"><a href="#build.build">13.12. The <span class="emphasis"><em>build</em></span> phase</a></span></dt> | | 213 | <dt><span class="sect1"><a href="#build.build">13.12. The <span class="emphasis"><em>build</em></span> phase</a></span></dt> |
214 | <dt><span class="sect1"><a href="#build.test">13.13. The <span class="emphasis"><em>test</em></span> phase</a></span></dt> | | 214 | <dt><span class="sect1"><a href="#build.test">13.13. The <span class="emphasis"><em>test</em></span> phase</a></span></dt> |
215 | <dt><span class="sect1"><a href="#build.install">13.14. The <span class="emphasis"><em>install</em></span> phase</a></span></dt> | | 215 | <dt><span class="sect1"><a href="#build.install">13.14. The <span class="emphasis"><em>install</em></span> phase</a></span></dt> |
216 | <dt><span class="sect1"><a href="#build.package">13.15. The <span class="emphasis"><em>package</em></span> phase</a></span></dt> | | 216 | <dt><span class="sect1"><a href="#build.package">13.15. The <span class="emphasis"><em>package</em></span> phase</a></span></dt> |
217 | <dt><span class="sect1"><a href="#build.clean">13.16. Cleaning up</a></span></dt> | | 217 | <dt><span class="sect1"><a href="#build.clean">13.16. Cleaning up</a></span></dt> |
218 | <dt><span class="sect1"><a href="#build.helpful-targets">13.17. Other helpful targets</a></span></dt> | | 218 | <dt><span class="sect1"><a href="#build.helpful-targets">13.17. Other helpful targets</a></span></dt> |
219 | </dl></dd> | | 219 | </dl></dd> |
220 | <dt><span class="chapter"><a href="#creating">14. Creating a new pkgsrc package from scratch</a></span></dt> | | 220 | <dt><span class="chapter"><a href="#creating">14. Creating a new pkgsrc package from scratch</a></span></dt> |
221 | <dd><dl> | | 221 | <dd><dl> |
222 | <dt><span class="sect1"><a href="#creating.common">14.1. Common types of packages</a></span></dt> | | 222 | <dt><span class="sect1"><a href="#creating.common">14.1. Common types of packages</a></span></dt> |
223 | <dd><dl> | | 223 | <dd><dl> |
224 | <dt><span class="sect2"><a href="#creating.perl-module">14.1.1. Perl modules</a></span></dt> | | 224 | <dt><span class="sect2"><a href="#creating.python-module">14.1.1. Python modules and programs</a></span></dt> |
225 | <dt><span class="sect2"><a href="#creating.python-module">14.1.2. Python modules and programs</a></span></dt> | | 225 | <dt><span class="sect2"><a href="#creating.R-package">14.1.2. R packages</a></span></dt> |
226 | <dt><span class="sect2"><a href="#creating.R-package">14.1.3. R packages</a></span></dt> | | 226 | <dt><span class="sect2"><a href="#creating.TeX-package">14.1.3. TeXlive packages</a></span></dt> |
227 | <dt><span class="sect2"><a href="#creating.TeX-package">14.1.4. TeXlive packages</a></span></dt> | | | |
228 | </dl></dd> | | 227 | </dl></dd> |
229 | <dt><span class="sect1"><a href="#creating.examples">14.2. Examples</a></span></dt> | | 228 | <dt><span class="sect1"><a href="#creating.examples">14.2. Examples</a></span></dt> |
230 | <dd><dl><dt><span class="sect2"><a href="#creating.nvu">14.2.1. How the www/nvu package came into pkgsrc</a></span></dt></dl></dd> | | 229 | <dd><dl><dt><span class="sect2"><a href="#creating.nvu">14.2.1. How the www/nvu package came into pkgsrc</a></span></dt></dl></dd> |
231 | </dl></dd> | | 230 | </dl></dd> |
232 | <dt><span class="chapter"><a href="#makefile">15. Programming in <code class="filename">Makefile</code>s</a></span></dt> | | 231 | <dt><span class="chapter"><a href="#makefile">15. Programming in <code class="filename">Makefile</code>s</a></span></dt> |
233 | <dd><dl> | | 232 | <dd><dl> |
234 | <dt><span class="sect1"><a href="#makefile.style">15.1. Caveats</a></span></dt> | | 233 | <dt><span class="sect1"><a href="#makefile.style">15.1. Caveats</a></span></dt> |
235 | <dt><span class="sect1"><a href="#makefile.variables">15.2. <code class="filename">Makefile</code> variables</a></span></dt> | | 234 | <dt><span class="sect1"><a href="#makefile.variables">15.2. <code class="filename">Makefile</code> variables</a></span></dt> |
236 | <dd><dl><dt><span class="sect2"><a href="#makefile.variables.names">15.2.1. Naming conventions</a></span></dt></dl></dd> | | 235 | <dd><dl><dt><span class="sect2"><a href="#makefile.variables.names">15.2.1. Naming conventions</a></span></dt></dl></dd> |
237 | <dt><span class="sect1"><a href="#makefile.code">15.3. Code snippets</a></span></dt> | | 236 | <dt><span class="sect1"><a href="#makefile.code">15.3. Code snippets</a></span></dt> |
238 | <dd><dl> | | 237 | <dd><dl> |
239 | <dt><span class="sect2"><a href="#adding-to-list">15.3.1. Adding things to a list</a></span></dt> | | 238 | <dt><span class="sect2"><a href="#adding-to-list">15.3.1. Adding things to a list</a></span></dt> |
240 | <dt><span class="sect2"><a href="#echo-literal">15.3.2. Echoing a string exactly as-is</a></span></dt> | | 239 | <dt><span class="sect2"><a href="#echo-literal">15.3.2. Echoing a string exactly as-is</a></span></dt> |
| @@ -3179,30 +3178,29 @@ anymore, you can remove that file and ru | | | @@ -3179,30 +3178,29 @@ anymore, you can remove that file and ru |
3179 | <dt><span class="sect1"><a href="#build.wrapper">13.10. The <span class="emphasis"><em>wrapper</em></span> phase</a></span></dt> | | 3178 | <dt><span class="sect1"><a href="#build.wrapper">13.10. The <span class="emphasis"><em>wrapper</em></span> phase</a></span></dt> |
3180 | <dt><span class="sect1"><a href="#build.configure">13.11. The <span class="emphasis"><em>configure</em></span> phase</a></span></dt> | | 3179 | <dt><span class="sect1"><a href="#build.configure">13.11. The <span class="emphasis"><em>configure</em></span> phase</a></span></dt> |
3181 | <dt><span class="sect1"><a href="#build.build">13.12. The <span class="emphasis"><em>build</em></span> phase</a></span></dt> | | 3180 | <dt><span class="sect1"><a href="#build.build">13.12. The <span class="emphasis"><em>build</em></span> phase</a></span></dt> |
3182 | <dt><span class="sect1"><a href="#build.test">13.13. The <span class="emphasis"><em>test</em></span> phase</a></span></dt> | | 3181 | <dt><span class="sect1"><a href="#build.test">13.13. The <span class="emphasis"><em>test</em></span> phase</a></span></dt> |
3183 | <dt><span class="sect1"><a href="#build.install">13.14. The <span class="emphasis"><em>install</em></span> phase</a></span></dt> | | 3182 | <dt><span class="sect1"><a href="#build.install">13.14. The <span class="emphasis"><em>install</em></span> phase</a></span></dt> |
3184 | <dt><span class="sect1"><a href="#build.package">13.15. The <span class="emphasis"><em>package</em></span> phase</a></span></dt> | | 3183 | <dt><span class="sect1"><a href="#build.package">13.15. The <span class="emphasis"><em>package</em></span> phase</a></span></dt> |
3185 | <dt><span class="sect1"><a href="#build.clean">13.16. Cleaning up</a></span></dt> | | 3184 | <dt><span class="sect1"><a href="#build.clean">13.16. Cleaning up</a></span></dt> |
3186 | <dt><span class="sect1"><a href="#build.helpful-targets">13.17. Other helpful targets</a></span></dt> | | 3185 | <dt><span class="sect1"><a href="#build.helpful-targets">13.17. Other helpful targets</a></span></dt> |
3187 | </dl></dd> | | 3186 | </dl></dd> |
3188 | <dt><span class="chapter"><a href="#creating">14. Creating a new pkgsrc package from scratch</a></span></dt> | | 3187 | <dt><span class="chapter"><a href="#creating">14. Creating a new pkgsrc package from scratch</a></span></dt> |
3189 | <dd><dl> | | 3188 | <dd><dl> |
3190 | <dt><span class="sect1"><a href="#creating.common">14.1. Common types of packages</a></span></dt> | | 3189 | <dt><span class="sect1"><a href="#creating.common">14.1. Common types of packages</a></span></dt> |
3191 | <dd><dl> | | 3190 | <dd><dl> |
3192 | <dt><span class="sect2"><a href="#creating.perl-module">14.1.1. Perl modules</a></span></dt> | | 3191 | <dt><span class="sect2"><a href="#creating.python-module">14.1.1. Python modules and programs</a></span></dt> |
3193 | <dt><span class="sect2"><a href="#creating.python-module">14.1.2. Python modules and programs</a></span></dt> | | 3192 | <dt><span class="sect2"><a href="#creating.R-package">14.1.2. R packages</a></span></dt> |
3194 | <dt><span class="sect2"><a href="#creating.R-package">14.1.3. R packages</a></span></dt> | | 3193 | <dt><span class="sect2"><a href="#creating.TeX-package">14.1.3. TeXlive packages</a></span></dt> |
3195 | <dt><span class="sect2"><a href="#creating.TeX-package">14.1.4. TeXlive packages</a></span></dt> | | | |
3196 | </dl></dd> | | 3194 | </dl></dd> |
3197 | <dt><span class="sect1"><a href="#creating.examples">14.2. Examples</a></span></dt> | | 3195 | <dt><span class="sect1"><a href="#creating.examples">14.2. Examples</a></span></dt> |
3198 | <dd><dl><dt><span class="sect2"><a href="#creating.nvu">14.2.1. How the www/nvu package came into pkgsrc</a></span></dt></dl></dd> | | 3196 | <dd><dl><dt><span class="sect2"><a href="#creating.nvu">14.2.1. How the www/nvu package came into pkgsrc</a></span></dt></dl></dd> |
3199 | </dl></dd> | | 3197 | </dl></dd> |
3200 | <dt><span class="chapter"><a href="#makefile">15. Programming in <code class="filename">Makefile</code>s</a></span></dt> | | 3198 | <dt><span class="chapter"><a href="#makefile">15. Programming in <code class="filename">Makefile</code>s</a></span></dt> |
3201 | <dd><dl> | | 3199 | <dd><dl> |
3202 | <dt><span class="sect1"><a href="#makefile.style">15.1. Caveats</a></span></dt> | | 3200 | <dt><span class="sect1"><a href="#makefile.style">15.1. Caveats</a></span></dt> |
3203 | <dt><span class="sect1"><a href="#makefile.variables">15.2. <code class="filename">Makefile</code> variables</a></span></dt> | | 3201 | <dt><span class="sect1"><a href="#makefile.variables">15.2. <code class="filename">Makefile</code> variables</a></span></dt> |
3204 | <dd><dl><dt><span class="sect2"><a href="#makefile.variables.names">15.2.1. Naming conventions</a></span></dt></dl></dd> | | 3202 | <dd><dl><dt><span class="sect2"><a href="#makefile.variables.names">15.2.1. Naming conventions</a></span></dt></dl></dd> |
3205 | <dt><span class="sect1"><a href="#makefile.code">15.3. Code snippets</a></span></dt> | | 3203 | <dt><span class="sect1"><a href="#makefile.code">15.3. Code snippets</a></span></dt> |
3206 | <dd><dl> | | 3204 | <dd><dl> |
3207 | <dt><span class="sect2"><a href="#adding-to-list">15.3.1. Adding things to a list</a></span></dt> | | 3205 | <dt><span class="sect2"><a href="#adding-to-list">15.3.1. Adding things to a list</a></span></dt> |
3208 | <dt><span class="sect2"><a href="#echo-literal">15.3.2. Echoing a string exactly as-is</a></span></dt> | | 3206 | <dt><span class="sect2"><a href="#echo-literal">15.3.2. Echoing a string exactly as-is</a></span></dt> |
| @@ -5056,172 +5054,161 @@ ${FETCH_CMD} ${FETCH_BEFORE_ARGS} ${site | | | @@ -5056,172 +5054,161 @@ ${FETCH_CMD} ${FETCH_BEFORE_ARGS} ${site |
5056 | information on this target.</p> | | 5054 | information on this target.</p> |
5057 | </dd> | | 5055 | </dd> |
5058 | </dl></div> | | 5056 | </dl></div> |
5059 | </div> | | 5057 | </div> |
5060 | </div> | | 5058 | </div> |
5061 | <div class="chapter"> | | 5059 | <div class="chapter"> |
5062 | <div class="titlepage"><div><div><h2 class="title"> | | 5060 | <div class="titlepage"><div><div><h2 class="title"> |
5063 | <a name="creating"></a>Chapter 14. Creating a new pkgsrc package from scratch</h2></div></div></div> | | 5061 | <a name="creating"></a>Chapter 14. Creating a new pkgsrc package from scratch</h2></div></div></div> |
5064 | <div class="toc"> | | 5062 | <div class="toc"> |
5065 | <p><b>Table of Contents</b></p> | | 5063 | <p><b>Table of Contents</b></p> |
5066 | <dl class="toc"> | | 5064 | <dl class="toc"> |
5067 | <dt><span class="sect1"><a href="#creating.common">14.1. Common types of packages</a></span></dt> | | 5065 | <dt><span class="sect1"><a href="#creating.common">14.1. Common types of packages</a></span></dt> |
5068 | <dd><dl> | | 5066 | <dd><dl> |
5069 | <dt><span class="sect2"><a href="#creating.perl-module">14.1.1. Perl modules</a></span></dt> | | 5067 | <dt><span class="sect2"><a href="#creating.python-module">14.1.1. Python modules and programs</a></span></dt> |
5070 | <dt><span class="sect2"><a href="#creating.python-module">14.1.2. Python modules and programs</a></span></dt> | | 5068 | <dt><span class="sect2"><a href="#creating.R-package">14.1.2. R packages</a></span></dt> |
5071 | <dt><span class="sect2"><a href="#creating.R-package">14.1.3. R packages</a></span></dt> | | 5069 | <dt><span class="sect2"><a href="#creating.TeX-package">14.1.3. TeXlive packages</a></span></dt> |
5072 | <dt><span class="sect2"><a href="#creating.TeX-package">14.1.4. TeXlive packages</a></span></dt> | | | |
5073 | </dl></dd> | | 5070 | </dl></dd> |
5074 | <dt><span class="sect1"><a href="#creating.examples">14.2. Examples</a></span></dt> | | 5071 | <dt><span class="sect1"><a href="#creating.examples">14.2. Examples</a></span></dt> |
5075 | <dd><dl><dt><span class="sect2"><a href="#creating.nvu">14.2.1. How the www/nvu package came into pkgsrc</a></span></dt></dl></dd> | | 5072 | <dd><dl><dt><span class="sect2"><a href="#creating.nvu">14.2.1. How the www/nvu package came into pkgsrc</a></span></dt></dl></dd> |
5076 | </dl> | | 5073 | </dl> |
5077 | </div> | | 5074 | </div> |
5078 | <p>When you find a package that is not yet in pkgsrc, you | | 5075 | <p>When you find a package that is not yet in pkgsrc, you |
5079 | most likely have a URL from where you can download the source | | 5076 | most likely have a URL from where you can download the source |
5080 | code. Starting with this URL, creating a package involves only a | | 5077 | code. Starting with this URL, creating a package involves only a |
5081 | few steps.</p> | | 5078 | few steps.</p> |
5082 | <div class="procedure"><ol class="procedure" type="1"> | | 5079 | <div class="procedure"><ol class="procedure" type="1"> |
5083 | <li class="step"><p>In your <a class="link" href="#mk.conf"><code class="filename">mk.conf</code></a>, set <code class="code">PKG_DEVELOPER=yes</code> to | | 5080 | <li class="step"><p>In your <a class="link" href="#mk.conf"><code class="filename">mk.conf</code></a>, set <code class="code">PKG_DEVELOPER=yes</code> to |
5084 | enable the basic quality checks.</p></li> | | 5081 | enable the basic quality checks.</p></li> |
5085 | <li class="step"> | | 5082 | <li class="step"> |
5086 | <p>Install the package <a href="https://cdn.NetBSD.org/pub/pkgsrc/current/pkgsrc/meta-pkgs/pkg_developer/index.html" target="_top"><code class="filename">meta-pkgs/pkg_developer</code></a>, which among others will | | 5083 | <p>Install the package <a href="https://cdn.NetBSD.org/pub/pkgsrc/current/pkgsrc/meta-pkgs/pkg_developer/index.html" target="_top"><code class="filename">meta-pkgs/pkg_developer</code></a>, which among others will |
5087 | install the utilities <span class="command"><strong>url2pkg</strong></span>, | | 5084 | install the utilities <span class="command"><strong>url2pkg</strong></span>, |
5088 | <span class="command"><strong>pkglint</strong></span>, <span class="command"><strong>pkgvi</strong></span> and | | 5085 | <span class="command"><strong>pkglint</strong></span>, <span class="command"><strong>pkgvi</strong></span> and |
5089 | <span class="command"><strong>mkpatches</strong></span>:</p> | | 5086 | <span class="command"><strong>mkpatches</strong></span>:</p> |
5090 | <pre class="screen"><code class="prompt">$</code> <strong class="userinput"><code>cd /usr/pkgsrc</code></strong> | | 5087 | <pre class="screen"><code class="prompt">$</code> <strong class="userinput"><code>cd /usr/pkgsrc</code></strong> |
5091 | <code class="prompt">$</code> <strong class="userinput"><code>(cd meta-pkgs/pkg_developer && bmake update)</code></strong></pre> | | 5088 | <code class="prompt">$</code> <strong class="userinput"><code>(cd meta-pkgs/pkg_developer && bmake update)</code></strong></pre> |
5092 | </li> | | 5089 | </li> |
5093 | <li class="step"> | | 5090 | <li class="step"> |
5094 | <p>Choose one of the top-level directories as the category in | | 5091 | <p>Choose one of the top-level directories as the category in |
5095 | which you want to place your package. You can also create a directory of | | 5092 | which you want to place your package. You can also create a directory of |
5096 | your own (maybe called <code class="filename">local</code>). In that category | | 5093 | your own (maybe called <code class="filename">local</code>). Change into that |
5097 | directory, create another directory for your package and change into | | 5094 | category directory:</p> |
5098 | it:</p> | | 5095 | <pre class="screen"><code class="prompt">$</code> <strong class="userinput"><code>cd <em class="replaceable"><code>category</code></em></code></strong></pre> |
5099 | <pre class="screen"><code class="prompt">$</code> <strong class="userinput"><code>mkdir <em class="replaceable"><code>category</code></em>/<em class="replaceable"><code>package</code></em></code></strong> | | | |
5100 | <code class="prompt">$</code> <strong class="userinput"><code>cd <em class="replaceable"><code>category</code></em>/<em class="replaceable"><code>package</code></em></code></strong></pre> | | | |
5101 | </li> | | 5096 | </li> |
5102 | <li class="step"> | | 5097 | <li class="step"> |
5103 | <p>Run the program <span class="command"><strong>url2pkg</strong></span>, which will ask | | 5098 | <p>Run the program <span class="command"><strong>url2pkg</strong></span>, passing as |
5104 | you for a URL. Enter the URL of the distribution file (in most cases a | | 5099 | argument the URL of the distribution file (in most cases a |
5105 | <code class="filename">.tar.gz</code> file) and watch how the basic ingredients | | 5100 | <code class="filename">.tar.gz</code> file). This will download the distribution |
5106 | of your package are created automatically. The distribution file is | | 5101 | file and create the necessary files of the package, based on what's in |
5107 | extracted automatically to fill in some details in the | | 5102 | the distribution file:</p> |
5108 | <code class="filename">Makefile</code> that would otherwise have to be done | | | |
5109 | manually:</p> | | | |
5110 | <pre class="screen"><code class="prompt">$</code> <strong class="userinput"><code>url2pkg <em class="replaceable"><code>https://www.example.org/packages/package-1.0.tar.gz</code></em></code></strong></pre> | | 5103 | <pre class="screen"><code class="prompt">$</code> <strong class="userinput"><code>url2pkg <em class="replaceable"><code>https://www.example.org/packages/package-1.0.tar.gz</code></em></code></strong></pre> |
5111 | </li> | | 5104 | </li> |
5112 | <li class="step"> | | 5105 | <li class="step"> |
5113 | <p>Examine the extracted files to determine the dependencies of | | 5106 | <p>Examine the extracted files to determine the dependencies of |
5114 | your package. Ideally, this is mentioned in some | | 5107 | your package. Ideally, this is mentioned in some |
5115 | <code class="filename">README</code> file, but things may differ. For each of | | 5108 | <code class="filename">README</code> file, but things may differ. For each of |
5116 | these dependencies, look where it exists in pkgsrc, and if there is a | | 5109 | these dependencies, look where it exists in pkgsrc, and if there is a |
5117 | file called <code class="filename">buildlink3.mk</code> in that directory, add a | | 5110 | file called <code class="filename">buildlink3.mk</code> in that directory, add a |
5118 | line to your package <code class="filename">Makefile</code> which includes that | | 5111 | line to your package <code class="filename">Makefile</code> which includes that |
5119 | file just before the last line. If the | | 5112 | file just before the last line. If the |
5120 | <code class="filename">buildlink3.mk</code> file does not exist, it must be | | 5113 | <code class="filename">buildlink3.mk</code> file does not exist, it must be |
5121 | created first. The <code class="filename">buildlink3.mk</code> file makes sure | | 5114 | created first. The <code class="filename">buildlink3.mk</code> file makes sure |
5122 | that the package's include files and libraries are provided.</p> | | 5115 | that the package's include files and libraries are provided.</p> |
5123 | <p>If you just need binaries from a package, add a | | 5116 | <p>If you just need binaries from a dependent package, add a |
5124 | <code class="varname">DEPENDS</code> line to the Makefile, which specifies the | | 5117 | <code class="varname">DEPENDS</code> line to the Makefile, which specifies the |
5125 | version of the dependency and where it can be found in pkgsrc. This line | | 5118 | version of the dependency and where it can be found in pkgsrc. This line |
5126 | should be placed in the third paragraph. If the dependency is only | | 5119 | should be placed in the third paragraph. If the dependency is only |
5127 | needed for building the package, but not when using it, use | | 5120 | needed for building the package, but not when using it, use |
5128 | <code class="varname">TOOL_DEPENDS</code> or <code class="varname">BUILD_DEPENDS</code> | | 5121 | <code class="varname">TOOL_DEPENDS</code> or <code class="varname">BUILD_DEPENDS</code> |
5129 | instead of <code class="varname">DEPENDS</code>. | | 5122 | instead of <code class="varname">DEPENDS</code>. |
5130 | The difference between <code class="varname">TOOL_DEPENDS</code> and | | 5123 | The difference between <code class="varname">TOOL_DEPENDS</code> and |
5131 | <code class="varname">BUILD_DEPENDS</code> occurs when cross-compiling: | | 5124 | <code class="varname">BUILD_DEPENDS</code> occurs when cross-compiling: |
5132 | <code class="varname">TOOL_DEPENDS</code> are <span class="emphasis"><em>native</em></span> | | 5125 | <code class="varname">TOOL_DEPENDS</code> are <span class="emphasis"><em>native</em></span> |
5133 | packages, i.e. packages for the architecture where the package | | 5126 | packages, i.e. packages for the platform where the package is built; |
5134 | is built; | | | |
5135 | <code class="varname">BUILD_DEPENDS</code> are <span class="emphasis"><em>target</em></span> | | 5127 | <code class="varname">BUILD_DEPENDS</code> are <span class="emphasis"><em>target</em></span> |
5136 | packages, i.e. packages for the architecture for which the package | | 5128 | packages, i.e. packages for the platform for which the package |
5137 | is built. There is also <code class="varname">TEST_DEPENDS</code>, which is used | | 5129 | is built. There is also <code class="varname">TEST_DEPENDS</code>, which |
5138 | to specify a dependency used only for testing the resulting package | | 5130 | specifies a dependency used only for testing the resulting package |
5139 | built, using the upstream project's included test suite. | | 5131 | built, using the upstream project's included test suite, on the native |
| | | 5132 | platform. |
5140 | Your package may then look like this:</p> | | 5133 | Your package may then look like this:</p> |
5141 | <pre class="programlisting"> | | 5134 | <pre class="programlisting"> |
5142 | [...] | | 5135 | [...] |
5143 | | | 5136 | |
5144 | TOOL_DEPENDS+= libxslt-[0-9]*:../../textproc/libxslt | | 5137 | TOOL_DEPENDS+= libxslt-[0-9]*:../../textproc/libxslt |
5145 | DEPENDS+= screen-[0-9]*:../../misc/screen | | 5138 | DEPENDS+= screen-[0-9]*:../../misc/screen |
5146 | DEPENDS+= screen>=4.0:../../misc/screen | | 5139 | DEPENDS+= screen>=4.0:../../misc/screen |
5147 | | | 5140 | |
5148 | [...] | | 5141 | [...] |
5149 | | | 5142 | |
5150 | .include "../../<em class="replaceable"><code>category</code></em>/<em class="replaceable"><code>package</code></em>/buildlink3.mk" | | 5143 | .include "../../<em class="replaceable"><code>category</code></em>/<em class="replaceable"><code>package</code></em>/buildlink3.mk" |
5151 | .include "../../devel/glib2/buildlink3.mk" | | 5144 | .include "../../devel/glib2/buildlink3.mk" |
5152 | .include "../../mk/bsd.pkg.mk" | | 5145 | .include "../../mk/bsd.pkg.mk" |
5153 | </pre> | | 5146 | </pre> |
5154 | </li> | | 5147 | </li> |
5155 | <li class="step"><p>Run <span class="command"><strong>pkglint</strong></span> to see what things still need | | 5148 | <li class="step"><p>Run <span class="command"><strong>pkglint</strong></span> to see what things still need |
5156 | to be done to make your package a <span class="quote">“<span class="quote">good</span>”</span> one. If you don't | | 5149 | to be done to make your package a <span class="quote">“<span class="quote">good</span>”</span> one. If you don't |
5157 | know what pkglint's warnings want to tell you, try <span class="command"><strong>pkglint | | 5150 | know what pkglint's warnings want to tell you, try <span class="command"><strong>pkglint |
5158 | --explain</strong></span> or <span class="command"><strong>pkglint -e</strong></span>, which outputs | | 5151 | --explain</strong></span> or <span class="command"><strong>pkglint -e</strong></span>, which outputs |
5159 | additional explanations.</p></li> | | 5152 | additional explanations.</p></li> |
5160 | <li class="step"><p>In many cases the package is not yet ready to build. You can | | 5153 | <li class="step"><p>In many cases the package is not yet ready to build. You can |
5161 | find instructions for the most common cases in the next section, <a class="xref" href="#creating.common" title="14.1. Common types of packages">Section 14.1, “Common types of packages”</a>. After you have followed the instructions | | 5154 | find instructions for the most common cases in the next section, <a class="xref" href="#creating.common" title="14.1. Common types of packages">Section 14.1, “Common types of packages”</a>. After you have followed the instructions |
5162 | over there, you can hopefully continue here.</p></li> | | 5155 | over there, you can hopefully continue here.</p></li> |
5163 | <li class="step"><p>Run <span class="command"><strong>bmake clean</strong></span> to clean the working | | 5156 | <li class="step"><p>Run <span class="command"><strong>bmake clean</strong></span> to clean the working |
5164 | directory from the extracted files. Besides these files, a lot of cache | | 5157 | directory from the extracted files. Besides these files, a lot of cache |
5165 | files and other system information has been saved in the working | | 5158 | files and other system information have been saved in the working |
5166 | directory, which may become wrong after you edited the | | 5159 | directory, which may have become outdated after you edited the |
5167 | <code class="filename">Makefile</code>.</p></li> | | 5160 | <code class="filename">Makefile</code>.</p></li> |
5168 | <li class="step"> | | 5161 | <li class="step"> |
5169 | <p>Now, run <span class="command"><strong>bmake</strong></span> to build the package. For | | 5162 | <p>Now, run <span class="command"><strong>bmake</strong></span> to build the package. For |
5170 | the various things that can go wrong in this phase, consult <a class="xref" href="#fixes" title="Chapter 21. Making your package work">Chapter 21, <i>Making your package work</i></a>.</p> | | 5163 | the various things that can go wrong in this phase, consult <a class="xref" href="#fixes" title="Chapter 21. Making your package work">Chapter 21, <i>Making your package work</i></a>.</p> |
5171 | <p>If the extracted files from the package need to be fixed, run multiple rounds of these commands:</p> | | 5164 | <p>If the extracted files from the package need to be fixed, run |
5172 | <pre class="screen"><code class="prompt">$</code> <strong class="userinput"><code>make</code></strong> | | 5165 | multiple rounds of these commands:</p> |
| | | 5166 | <pre class="screen"><code class="prompt">$</code> <strong class="userinput"><code>bmake</code></strong> |
5173 | <code class="prompt">$</code> <strong class="userinput"><code>pkgvi ${WRKSRC}/some/file/that/does/not/compile</code></strong> | | 5167 | <code class="prompt">$</code> <strong class="userinput"><code>pkgvi ${WRKSRC}/some/file/that/does/not/compile</code></strong> |
5174 | <code class="prompt">$</code> <strong class="userinput"><code>mkpatches</code></strong> | | 5168 | <code class="prompt">$</code> <strong class="userinput"><code>mkpatches</code></strong> |
5175 | <code class="prompt">$</code> <strong class="userinput"><code>make mps</code></strong> | | 5169 | <code class="prompt">$</code> <strong class="userinput"><code>bmake mps</code></strong> |
5176 | <code class="prompt">$</code> <strong class="userinput"><code>make clean</code></strong></pre> | | 5170 | <code class="prompt">$</code> <strong class="userinput"><code>bmake clean</code></strong></pre> |
5177 | </li> | | 5171 | </li> |
5178 | <li class="step"><p>When the package builds fine, the next step is to install | | 5172 | <li class="step"><p>When the package builds fine, the next step is to install |
5179 | the package. Run <span class="command"><strong>bmake install</strong></span> and hope that | | 5173 | the package. Run <span class="command"><strong>bmake install</strong></span> and hope that |
5180 | everything works.</p></li> | | 5174 | everything works.</p></li> |
5181 | <li class="step"><p>Up to now, the file <code class="filename">PLIST</code>, which | | 5175 | <li class="step"><p>Up to now, the file <code class="filename">PLIST</code>, which |
5182 | contains a list of the files that are installed by the package, is | | 5176 | contains a list of the files that are installed by the package, is |
5183 | nearly empty. Run <span class="command"><strong>bmake print-PLIST | | 5177 | nearly empty. Run <span class="command"><strong>bmake print-PLIST |
5184 | >PLIST</strong></span> to generate a probably correct list. Check | | 5178 | >PLIST</strong></span> to generate a probably correct list. Check |
5185 | the file using your preferred text editor to see if the list of | | 5179 | the file using your preferred text editor to see if the list of |
5186 | files looks plausible.</p></li> | | 5180 | files looks plausible.</p></li> |
5187 | <li class="step"><p>Run <span class="command"><strong>pkglint</strong></span> again to see if the generated | | 5181 | <li class="step"><p>Run <span class="command"><strong>pkglint</strong></span> again to see if the generated |
5188 | <code class="filename">PLIST</code> contains garbage or not.</p></li> | | 5182 | <code class="filename">PLIST</code> contains garbage or not.</p></li> |
5189 | <li class="step"><p>When you ran <span class="command"><strong>bmake install</strong></span>, the package | | 5183 | <li class="step"><p>When you ran <span class="command"><strong>bmake install</strong></span>, the package |
5190 | had been registered in the database of installed files, but with an | | 5184 | had been registered in the database of installed files, but with an |
5191 | empty list of files. To fix this, run <span class="command"><strong>bmake deinstall</strong></span> | | 5185 | empty list of files. To fix this, run <span class="command"><strong>bmake deinstall</strong></span> |
5192 | and <span class="command"><strong>bmake install</strong></span> again. Now the package is | | 5186 | and <span class="command"><strong>bmake install</strong></span> again. Now the package is |
5193 | registered with the list of files from | | 5187 | registered with the list of files from |
5194 | <code class="filename">PLIST</code>.</p></li> | | 5188 | <code class="filename">PLIST</code>.</p></li> |
5195 | <li class="step"><p>Run <span class="command"><strong>bmake package</strong></span> to create a binary | | | |
5196 | package from the set of installed files.</p></li> | | | |
5197 | <li class="step"><p>Run <span class="command"><strong>bmake clean update</strong></span> to run everything | | 5189 | <li class="step"><p>Run <span class="command"><strong>bmake clean update</strong></span> to run everything |
5198 | from above again in a single step, making sure that the PLIST is correct | | 5190 | from above again in a single step, making sure that the PLIST is correct |
5199 | and the whole package is created as intended.</p></li> | | 5191 | and the whole package is created as intended.</p></li> |
5200 | <li class="step"><p>Run <span class="command"><strong>pkglint</strong></span> to see if there's anything left to do.</p></li> | | 5192 | <li class="step"><p>Run <span class="command"><strong>pkglint</strong></span> to see if there's anything |
| | | 5193 | left to do.</p></li> |
5201 | <li class="step"><p>Commit the package to pkgsrc-wip or main pkgsrc; see <a class="xref" href="#submit" title="Chapter 23. Submitting and Committing">Chapter 23, <i>Submitting and Committing</i></a>.</p></li> | | 5194 | <li class="step"><p>Commit the package to pkgsrc-wip or main pkgsrc; see <a class="xref" href="#submit" title="Chapter 23. Submitting and Committing">Chapter 23, <i>Submitting and Committing</i></a>.</p></li> |
5202 | </ol></div> | | 5195 | </ol></div> |
5203 | <div class="sect1"> | | 5196 | <div class="sect1"> |
5204 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> | | 5197 | <div class="titlepage"><div><div><h2 class="title" style="clear: both"> |
5205 | <a name="creating.common"></a>14.1. Common types of packages</h2></div></div></div> | | 5198 | <a name="creating.common"></a>14.1. Common types of packages</h2></div></div></div> |
5206 | <div class="sect2"> | | 5199 | <div class="sect2"> |
5207 | <div class="titlepage"><div><div><h3 class="title"> | | 5200 | <div class="titlepage"><div><div><h3 class="title"> |
5208 | <a name="creating.perl-module"></a>14.1.1. Perl modules</h3></div></div></div> | | 5201 | <a name="creating.python-module"></a>14.1.1. Python modules and programs</h3></div></div></div> |
5209 | <p>Simple Perl modules are handled automatically by | | | |
5210 | <span class="command"><strong>url2pkg</strong></span>, including dependencies.</p> | | | |
5211 | </div> | | | |
5212 | <div class="sect2"> | | | |
5213 | <div class="titlepage"><div><div><h3 class="title"> | | | |
5214 | <a name="creating.python-module"></a>14.1.2. Python modules and programs</h3></div></div></div> | | | |
5215 | <p>Python modules and programs packages are easily created using a | | 5202 | <p>Python modules and programs packages are easily created using a |
5216 | set of predefined variables.</p> | | 5203 | set of predefined variables.</p> |
5217 | <p> | | 5204 | <p> |
5218 | If some Python versions are not supported by the software, set the | | 5205 | If some Python versions are not supported by the software, set the |
5219 | <code class="varname">PYTHON_VERSIONS_INCOMPATIBLE</code> variable to the Python versions | | 5206 | <code class="varname">PYTHON_VERSIONS_INCOMPATIBLE</code> variable to the Python versions |
5220 | that are not supported, e.g. | | 5207 | that are not supported, e.g. |
5221 | </p> | | 5208 | </p> |
5222 | <pre class="programlisting"> | | 5209 | <pre class="programlisting"> |
5223 | PYTHON_VERSIONS_INCOMPATIBLE= 27 | | 5210 | PYTHON_VERSIONS_INCOMPATIBLE= 27 |
5224 | </pre> | | 5211 | </pre> |
5225 | <p> | | 5212 | <p> |
5226 | If the packaged software is a Python module, include one of | | 5213 | If the packaged software is a Python module, include one of |
5227 | <code class="filename">../../lang/python/egg.mk</code> or | | 5214 | <code class="filename">../../lang/python/egg.mk</code> or |
| @@ -5256,42 +5243,42 @@ packages that should be depended upon an | | | @@ -5256,42 +5243,42 @@ packages that should be depended upon an |
5256 | <span class="quote">“<span class="quote"><code class="filename">../../lang/python/versioned_dependencies.mk</code></span>”</span>, | | 5243 | <span class="quote">“<span class="quote"><code class="filename">../../lang/python/versioned_dependencies.mk</code></span>”</span>, |
5257 | then the pkgsrc infrastructure will depend on the appropriate package | | 5244 | then the pkgsrc infrastructure will depend on the appropriate package |
5258 | version. For example: | | 5245 | version. For example: |
5259 | </p> | | 5246 | </p> |
5260 | <pre class="programlisting"> | | 5247 | <pre class="programlisting"> |
5261 | PYTHON_VERSIONED_DEPENDENCIES=dialog | | 5248 | PYTHON_VERSIONED_DEPENDENCIES=dialog |
5262 | </pre> | | 5249 | </pre> |
5263 | <p> | | 5250 | <p> |
5264 | Look inside <code class="filename">versioned_dependencies.mk</code> for a list | | 5251 | Look inside <code class="filename">versioned_dependencies.mk</code> for a list |
5265 | of supported packages.</p> | | 5252 | of supported packages.</p> |
5266 | </div> | | 5253 | </div> |
5267 | <div class="sect2"> | | 5254 | <div class="sect2"> |
5268 | <div class="titlepage"><div><div><h3 class="title"> | | 5255 | <div class="titlepage"><div><div><h3 class="title"> |
5269 | <a name="creating.R-package"></a>14.1.3. R packages</h3></div></div></div> | | 5256 | <a name="creating.R-package"></a>14.1.2. R packages</h3></div></div></div> |
5270 | <p>Simple R packages from <a class="ulink" href="https://cran.r-project.org/web/packages/available_packages_by_name.html" target="_top">CRAN</a> | | 5257 | <p>Simple R packages from <a class="ulink" href="https://cran.r-project.org/web/packages/available_packages_by_name.html" target="_top">CRAN</a> |
5271 | are handled automatically by <span class="command"><strong>R2pkg</strong></span>, which is | | 5258 | are handled automatically by <span class="command"><strong>R2pkg</strong></span>, which is |
5272 | available in <a href="https://cdn.NetBSD.org/pub/pkgsrc/current/pkgsrc/pkgtools/R2pkg/index.html" target="_top"><code class="filename">pkgtools/R2pkg</code></a>. | | 5259 | available in <a href="https://cdn.NetBSD.org/pub/pkgsrc/current/pkgsrc/pkgtools/R2pkg/index.html" target="_top"><code class="filename">pkgtools/R2pkg</code></a>. |
5273 | Individual packages (and optionally their dependencies) may be created | | 5260 | Individual packages (and optionally their dependencies) may be created |
5274 | and updated. R packages generally follow the same form, and most of | | 5261 | and updated. R packages generally follow the same form, and most of |
5275 | the relevant information needed is contained in a | | 5262 | the relevant information needed is contained in a |
5276 | <code class="filename">DESCRIPTION</code> file as part of each R package on | | 5263 | <code class="filename">DESCRIPTION</code> file as part of each R package on |
5277 | <a class="ulink" href="https://cran.r-project.org/web/packages/available_packages_by_name.html" target="_top">CRAN</a>. | | 5264 | <a class="ulink" href="https://cran.r-project.org/web/packages/available_packages_by_name.html" target="_top">CRAN</a>. |
5278 | Consequently, <span class="command"><strong>R2pkg</strong></span> downloads that information and | | 5265 | Consequently, <span class="command"><strong>R2pkg</strong></span> downloads that information and |
5279 | creates or updates a package in the canonical form. The resulting | | 5266 | creates or updates a package in the canonical form. The resulting |
5280 | package should be reviewed for correctness.</p> | | 5267 | package should be reviewed for correctness.</p> |
5281 | </div> | | 5268 | </div> |
5282 | <div class="sect2"> | | 5269 | <div class="sect2"> |
5283 | <div class="titlepage"><div><div><h3 class="title"> | | 5270 | <div class="titlepage"><div><div><h3 class="title"> |
5284 | <a name="creating.TeX-package"></a>14.1.4. TeXlive packages</h3></div></div></div> | | 5271 | <a name="creating.TeX-package"></a>14.1.3. TeXlive packages</h3></div></div></div> |
5285 | <p>TeXlive packages from <a class="ulink" href="https://www.ctan.org/" target="_top">CTAN</a> are handled automatically by | | 5272 | <p>TeXlive packages from <a class="ulink" href="https://www.ctan.org/" target="_top">CTAN</a> are handled automatically by |
5286 | <span class="command"><strong>texlive2pkg</strong></span>, which is available in <a href="https://cdn.NetBSD.org/pub/pkgsrc/current/pkgsrc/pkgtools/texlive2pkg/index.html" target="_top"><code class="filename">pkgtools/texlive2pkg</code></a>.</p> | | 5273 | <span class="command"><strong>texlive2pkg</strong></span>, which is available in <a href="https://cdn.NetBSD.org/pub/pkgsrc/current/pkgsrc/pkgtools/texlive2pkg/index.html" target="_top"><code class="filename">pkgtools/texlive2pkg</code></a>.</p> |
5287 | <p>If the TeXlive package name is not known, it may be useful to | | 5274 | <p>If the TeXlive package name is not known, it may be useful to |
5288 | search <a class="ulink" href="https://www.ctan.org/" target="_top">CTAN</a>. A | | 5275 | search <a class="ulink" href="https://www.ctan.org/" target="_top">CTAN</a>. A |
5289 | <span class="quote">“<span class="quote">Contained in</span>”</span> field on the package page typically | | 5276 | <span class="quote">“<span class="quote">Contained in</span>”</span> field on the package page typically |
5290 | identifies the basename of the package file in the <a class="ulink" href="https://www.ctan.org/tex-archive/systems/texlive/tlnet/archive" target="_top">TeXlive | | 5277 | identifies the basename of the package file in the <a class="ulink" href="https://www.ctan.org/tex-archive/systems/texlive/tlnet/archive" target="_top">TeXlive |
5291 | archive</a>.</p> | | 5278 | archive</a>.</p> |
5292 | <p>If the TeXlive package name is known, download the files from | | 5279 | <p>If the TeXlive package name is known, download the files from |
5293 | the <a class="ulink" href="https://www.ctan.org/tex-archive/systems/texlive/tlnet/archive" target="_top">TeXlive | | 5280 | the <a class="ulink" href="https://www.ctan.org/tex-archive/systems/texlive/tlnet/archive" target="_top">TeXlive |
5294 | archive</a>. For package <code class="filename">foo</code>, you will need | | 5281 | archive</a>. For package <code class="filename">foo</code>, you will need |
5295 | to download <code class="filename">foo.tar.xz</code>. Most TeXlive packages | | 5282 | to download <code class="filename">foo.tar.xz</code>. Most TeXlive packages |
5296 | also have associated documentation packages, so download | | 5283 | also have associated documentation packages, so download |
5297 | <code class="filename">foo.doc.tar.xz</code> at the same time. These files | | 5284 | <code class="filename">foo.doc.tar.xz</code> at the same time. These files |
| @@ -11025,84 +11012,84 @@ such as ASLR. Some operating systems su | | | @@ -11025,84 +11012,84 @@ such as ASLR. Some operating systems su |
11025 | (ASLR), which causes different addresses to be used each time a program is run. | | 11012 | (ASLR), which causes different addresses to be used each time a program is run. |
11026 | This makes it more difficult for an attacker to guess addresses and thus makes | | 11013 | This makes it more difficult for an attacker to guess addresses and thus makes |
11027 | exploits harder to construct. With PIE, ASLR can really be applied to the entire | | 11014 | exploits harder to construct. With PIE, ASLR can really be applied to the entire |
11028 | program, instead of the stack and heap only. | | 11015 | program, instead of the stack and heap only. |
11029 | </p> | | 11016 | </p> |
11030 | <p> | | 11017 | <p> |
11031 | PIE executables will only be built for toolchains that are known to support PIE. | | 11018 | PIE executables will only be built for toolchains that are known to support PIE. |
11032 | Currently, this means NetBSD on x86, ARM, SPARC64, m68k, and MIPS. | | 11019 | Currently, this means NetBSD on x86, ARM, SPARC64, m68k, and MIPS. |
11033 | </p> | | 11020 | </p> |
11034 | <p> | | 11021 | <p> |
11035 | <code class="varname">PKGSRC_MKPIE</code> was enabled by default after the pkgsrc-2021Q3 branch. | | 11022 | <code class="varname">PKGSRC_MKPIE</code> was enabled by default after the pkgsrc-2021Q3 branch. |
11036 | </p> | | 11023 | </p> |
11037 | </div> | | 11024 | </div> |
11038 | </div> | | | |
11039 | <div class="sect2"> | | | |
11040 | <div class="titlepage"><div><div><h3 class="title"> | | | |
11041 | <a name="hardening.mechanisms.disabled"></a>B.1.2. Not enabled by default</h3></div></div></div> | | | |
11042 | <div class="sect3"> | | 11025 | <div class="sect3"> |
11043 | <div class="titlepage"><div><div><h4 class="title"> | | 11026 | <div class="titlepage"><div><div><h4 class="title"> |
11044 | <a name="hardening.mechanisms.disabled.repro"></a>B.1.2.1. PKGSRC_MKREPRO</h4></div></div></div> | | 11027 | <a name="hardening.mechanisms.enabled.relro"></a>B.1.1.4. PKGSRC_USE_RELRO</h4></div></div></div> |
11045 | <p> | | | |
11046 | With this option, pkgsrc will try to build packages reproducibly. This allows | | | |
11047 | packages built from the same tree and with the same options, to produce | | | |
11048 | identical results bit by bit. This option should be combined with ASLR and | | | |
11049 | <code class="varname">PKGSRC_MKPIE</code> to avoid predictable address offsets for | | | |
11050 | attackers attempting to exploit security vulnerabilities. | | | |
11051 | </p> | | | |
11052 | <p> | | | |
11053 | More details can be found here: | | | |
11054 | </p> | | | |
11055 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> | | | |
11056 | <a class="ulink" href="https://reproducible-builds.org/" target="_top">Reproducible Builds - a set of software development practices that create an independently-verifiable path from source to binary code</a> | | | |
11057 | </p></li></ul></div> | | | |
11058 | <p> | | | |
11059 | More work likely needs to be done before pkgsrc is fully reproducible. | | | |
11060 | </p> | | | |
11061 | </div> | | | |
11062 | <div class="sect3"> | | | |
11063 | <div class="titlepage"><div><div><h4 class="title"> | | | |
11064 | <a name="hardening.mechanisms.enabled.relro"></a>B.1.2.2. PKGSRC_USE_RELRO</h4></div></div></div> | | | |
11065 | <p> | | 11028 | <p> |
11066 | This also makes the exploitation of some security vulnerabilities more | | 11029 | This also makes the exploitation of some security vulnerabilities more |
11067 | difficult in some cases. | | 11030 | difficult in some cases. |
11068 | </p> | | 11031 | </p> |
11069 | <p>Two different mitigation levels are available:</p> | | 11032 | <p>Two different mitigation levels are available:</p> |
11070 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> | | 11033 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "> |
11071 | <li class="listitem"><p> | | 11034 | <li class="listitem"><p> |
11072 | partial: the ELF sections are reordered so that internal data sections | | 11035 | partial (the default): the ELF sections are reordered so that internal data sections |
11073 | precede the program's own data sections, and non-PLT GOT is read-only; | | 11036 | precede the program's own data sections, and non-PLT GOT is read-only; |
11074 | </p></li> | | 11037 | </p></li> |
11075 | <li class="listitem"><p> | | 11038 | <li class="listitem"><p> |
11076 | full: in addition to partial RELRO, every relocation is performed immediately | | 11039 | full: in addition to partial RELRO, every relocation is performed immediately |
11077 | when starting the program, allowing the entire GOT to be read-only. This | | 11040 | when starting the program, allowing the entire GOT to be read-only. This |
11078 | can greatly slow down startup of large programs. | | 11041 | can greatly slow down startup of large programs. |
11079 | </p></li> | | 11042 | </p></li> |
11080 | </ul></div> | | 11043 | </ul></div> |
11081 | <p> | | 11044 | <p> |
11082 | This is currently supported by GCC. Many software distributions now enable this | | 11045 | This is currently supported by GCC. Many software distributions now enable this |
11083 | feature by default, at the "partial" level. However, it cannot yet be enforced | | 11046 | feature by default, at the "partial" level. However, it cannot yet be enforced |
11084 | globally in pkgsrc through cwrappers. | | 11047 | globally in pkgsrc through cwrappers. |
11085 | </p> | | 11048 | </p> |
11086 | <p> | | 11049 | <p> |
11087 | More details can be found here: | | 11050 | More details can be found here: |
11088 | </p> | | 11051 | </p> |
11089 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> | | 11052 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> |
11090 | <a class="ulink" href="https://www.redhat.com/en/blog/hardening-elf-binaries-using-relocation-read-only-relro" target="_top">Hardening ELF binaries using Relocation Read-Only (RELRO)</a> | | 11053 | <a class="ulink" href="https://www.redhat.com/en/blog/hardening-elf-binaries-using-relocation-read-only-relro" target="_top">Hardening ELF binaries using Relocation Read-Only (RELRO)</a> |
11091 | </p></li></ul></div> | | 11054 | </p></li></ul></div> |
11092 | </div> | | 11055 | </div> |
| | | 11056 | </div> |
| | | 11057 | <div class="sect2"> |
| | | 11058 | <div class="titlepage"><div><div><h3 class="title"> |
| | | 11059 | <a name="hardening.mechanisms.disabled"></a>B.1.2. Not enabled by default</h3></div></div></div> |
| | | 11060 | <div class="sect3"> |
| | | 11061 | <div class="titlepage"><div><div><h4 class="title"> |
| | | 11062 | <a name="hardening.mechanisms.disabled.repro"></a>B.1.2.1. PKGSRC_MKREPRO</h4></div></div></div> |
| | | 11063 | <p> |
| | | 11064 | With this option, pkgsrc will try to build packages reproducibly. This allows |
| | | 11065 | packages built from the same tree and with the same options, to produce |
| | | 11066 | identical results bit by bit. This option should be combined with ASLR and |
| | | 11067 | <code class="varname">PKGSRC_MKPIE</code> to avoid predictable address offsets for |
| | | 11068 | attackers attempting to exploit security vulnerabilities. |
| | | 11069 | </p> |
| | | 11070 | <p> |
| | | 11071 | More details can be found here: |
| | | 11072 | </p> |
| | | 11073 | <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> |
| | | 11074 | <a class="ulink" href="https://reproducible-builds.org/" target="_top">Reproducible Builds - a set of software development practices that create an independently-verifiable path from source to binary code</a> |
| | | 11075 | </p></li></ul></div> |
| | | 11076 | <p> |
| | | 11077 | More work likely needs to be done before pkgsrc is fully reproducible. |
| | | 11078 | </p> |
| | | 11079 | </div> |
11093 | <div class="sect3"> | | 11080 | <div class="sect3"> |
11094 | <div class="titlepage"><div><div><h4 class="title"> | | 11081 | <div class="titlepage"><div><div><h4 class="title"> |
11095 | <a name="hardening.mechanisms.disabled.stackcheck"></a>B.1.2.3. PKGSRC_USE_STACK_CHECK</h4></div></div></div> | | 11082 | <a name="hardening.mechanisms.disabled.stackcheck"></a>B.1.2.2. PKGSRC_USE_STACK_CHECK</h4></div></div></div> |
11096 | <p> | | 11083 | <p> |
11097 | This uses <code class="literal">-fstack-check</code> with GCC for | | 11084 | This uses <code class="literal">-fstack-check</code> with GCC for |
11098 | another stack protection mitigation. | | 11085 | another stack protection mitigation. |
11099 | </p> | | 11086 | </p> |
11100 | <p> | | 11087 | <p> |
11101 | It asks the compiler to generate code verifying that it does not corrupt the | | 11088 | It asks the compiler to generate code verifying that it does not corrupt the |
11102 | stack. According to GCC's manual page, this is really only useful for | | 11089 | stack. According to GCC's manual page, this is really only useful for |
11103 | multi-threaded programs. | | 11090 | multi-threaded programs. |
11104 | </p> | | 11091 | </p> |
11105 | </div> | | 11092 | </div> |
11106 | </div> | | 11093 | </div> |
11107 | </div> | | 11094 | </div> |
11108 | <div class="sect1"> | | 11095 | <div class="sect1"> |