overlays are a way to help users to integrate their own ports tree
with the official ports tree without having to maintain clone of the
official tree and remerge on regular basis.
The ports tree will lookup in the overlays (in the order the are listed in
OVERLAY variable) for the dependencies and the USES. It will use the first
found.
in order to use it the user have to declare his overlays that way in their
make.conf:
OVERLAYS= overlay1 overlay2 overlay3
Reviewed by: manu
Approved by: swills
Differential Revision: https://reviews.freebsd.org/D21468
This prevents an improbable MITM attack on dependencies where the target
is "fetch" and the port is built manuallt. (Which means a port depends
on a dependency being fetched, but not built or anything else.) In this
case, as the target is only "fetch", the distribution files of the
dependency are not checked against the dependency's distinfo file. One
could, in theory, impersonate the dependency's master site and provide a
malicious distribution file.
The ports that could in theory be affected are russian/gd, ukrainian/gd,
and ukrainian/webalizer. They are only affected when building manually,
as when building with poudriere, the *-depends target do not have
network access, and the build would fail if the distribution files are
not already present. (From the dependencies being built normally, where
checksum would have ran.)
The detail is described here:
https://www.reddit.com/r/BSD/comments/br62hm/freebsd_cryptographic_bypass_and_mitmbased/
Reported by: emaste (on IRC)
Reviewed by: swills emaste antoine
MFH: 2019Q3
Differential Revision: https://reviews.freebsd.org/D21230
For example, in audio/spotifyd some crates have their sources on
GitHub instead of crates.io and share the same repository and commit
in Cargo.lock like
[[package]]
name = "librespot"
source = "git+https://github.com/librespot-org/librespot.git#4e3576ba7c6146cf68e1953daeec929d619b26b1"
[[package]]
name = "librespot-audio"
source = "git+https://github.com/librespot-org/librespot.git#4e3576ba7c6146cf68e1953daeec929d619b26b1"
Based on this cargo-crates.awk would naively generate multiple
identical entries like
librespot-org:librespot:4e3576ba7c6146cf68e1953daeec929d619b26b1:librespot
librespot-org:librespot:4e3576ba7c6146cf68e1953daeec929d619b26b1:librespotaudio
This adds a lot of extra noise to the port and distinfo and is not
really needed for anything.
The fetch-list target is used to generate a shell script that will more
or less replicates what do-fetch does. It allows one to do most things
as a regular user, and generate that script to run, say, on another
machine, if the one where you build things does not have access to the
internet, or has much slower access.
It was failing when DISTDIR was not writable by the current user, and
the port had a distribution file with a path in it. (Not using
DIST_SUBDIR, something else, like lang/rust does.) It was failing
because it was trying to create that subdirectory unconditionally,
instead of only creating the subdirectory if actually had to. This also
fixes the bug that the generated script did not have the appropriate
mkdirs for those directories.
PR: 239293
Submitted by: tobik (earlier version)
Reported by: Ruslan Garipov
Differential Revision: https://reviews.freebsd.org/D21112
This file originated from Isilon's codebase. When I upstreamed it
originally I refactored it to a broken version. This is now the
working version.
Debug files are purposely moved to LOCALBASE/lib/debug regardless
of what PREFIX is.
Sponsored by: DellEMC
This uses the same pattern we have in qa.sh. Rather than using file(1),
which reads the whole file and does too much magic, use readelf(1) which
bails out if the file lacks the proper ELF headers.
(This file is not yet used by anything)
Sponsored by: DellEMC
Remain backward compatible but use ucl for the pkg-messages, which allows to:
- append messages one after the other
- only print message on delete, install, upgrade from a version to another
If pkg-message starts with a [ we consider it should be a valid ucl file
The format is the following:
[
{ message: "Always print" },
{ message: "package being removed", type: remove },
{ message: "package being installed", type: install },
{ message: "package is being upgraded", type: upgrade },
{ message: "Upgrading from lower than 1.0", maximum_version: "1.0", type: upgrade },
{ message: "Upgrading from higher than 1.0", minimum_version: "1.0", type: upgrade },
{ message: "Upgrading from >1.0 < 3.0", maximum_version: "3.0", minimum_version: "1.0",
]
Because it is ucl one can use some sugar like:
[
{ message = <<EOD
formatted
message 'with fancy things'
EOD
},
}
Submitted by: bapt
Reviewed by: bapt, mat
Differential Revision: https://reviews.freebsd.org/D19310
Use the return value of the pkg audit command instead of parsing its output
The output will change in the next version of pkg
Approved by: mat (portmgr)
Reviewed by: mat (portmgr)
Differential Revision: https://reviews.freebsd.org/D20376
- synchronize the list of components
- update the comment on how to generate the components for the now kde- prefixed names
- remove the now unnecessary part about Qt4
Reviewed by: yuri
Approved by: portmgr (rene)
Differential Revision: https://reviews.freebsd.org/D19894
Those ports are meta ports, and are only there to improve the user's
experience, in which, if they want, say, python or gcc, they do not have
to figure out what version they should be installing, they simply
install python or gcc.
Reviewed by: antoine
Approved by: adamw
Differential Revision: https://reviews.freebsd.org/D19562
Previously it would do this:
$ pkg which -q -o /usr/local/lib/libphonon4qt5.so
multimedia/phonon
$ pkg pkg annotate -q -S multimedia/phonon flavor
qt4
qt5
And that would break things in an interesting way.
This changes makes it use the package name of the required file, which
is unique.
Note that this problem would probably only ever happen on a live system.
I was not able to find a single port that would trigger this it in a
clean environment (poudriere testport).
PR: 231332
Submitted by: dbn
for orphans, i.e., files in STAGEDIR that are not covered by plist.
This is a follow-up to revision 484628 after which texinfo files are
now installed into ${PREFIX}/share/info. (A file "dir" is then created
and maintained by the tooling.)
Approved by: portmgr (antoine)
This fixes PLIST_SUB being too big and PLIST_SUB_SED getting bigger than
_POSIX2_LINE_MAX.
PR: 222355
Reported by: asomers
Reviewed by: asomers, mfechner
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D14014
objdump is being removed from HEAD, make sure everything still works
when this happens.
PR: 229049
Reported by: emaste
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D15904
From now on, ports that depend on Qt4 will have to set
USES= qt:4
USE_QT= foo bar
ports depending on Qt5 will use
USES= qt:5
USE_QT= foo bar
PR: 229225
Exp-run by: antoine
Reviewed by: mat
Approved by: portmgr (antoine)
Differential Revision: →https://reviews.freebsd.org/D15540
You have a single quoted string containing a backslash followed by a
linefeed (newline). Unlike double quotes or unquoted strings, this has
no special meaning. The string will contain a literal backslash and a
linefeed.
If you wanted to break the line but not add a linefeed to the string,
stop the single quote, break the line, and reopen it.
PR: 227109
Submitted by: mat
Sponsored by: Absolight
Since files and arguments are strings passed the same way, programs
can't properly determine which is which, and rely on dashes to determine
what's what.
A file named -f (touch -- -f) will not be deleted by the problematic
code. It will instead be interpreted as a command line option, and rm
will even report success.
Using ./* will instead cause the glob to be expanded into ./-f, which no
program will treat as an option.
It is not possible to use `-f *` because -f only forces the next
argument to be a directory, a later directory named -delete would mess
things up.
PR: 227109
Submitted by: mat
Sponsored by: Absolight
By default, read will interpret backslashes before spaces and line
feeds, and otherwise strip them. This is rarely expected or desired.
Normally you just want to read data, which is what read -r does. You
should always use -r unless you have a good reason not to.
PR: 227109
Submitted by: mat
Sponsored by: Absolight
It's common to use A && B to run B when A is true, and A || C to run C
when A is false.
However, combining them into A && B || C is not the same as if A then B
else C.
In this case, if A is true but B is false, C will run.
If an if clause is used instead, this problem is avoided.
PR: 227109
Submitted by: mat
Sponsored by: Absolight
