[Fink-devel] patches to add sandboxing to fink

Thu, 03 Nov 2016 17:28:17 -0700 

    I have posted a pull request at https://github.com/fink/fink/pull/135
to add automatic sandboxing of fink builds. The patches emulate the
MacPorts approach of creating a sandboxing profile string and passing it to
'sandbox-exec -p'. The blacklisted directories are set from the list of
directories in the %p/etc/fink.sb control file. This allows users who want
to permit builds against /usr/local to simply remove it from the file or
users who want to blacklist Xquartz to simply append /opt/X11 to the file.
     I have verified that the sandboxing does prevent the gcc5 and gcc6
builds from accessing the headers in /usr/local. However, their Info files
do require the same workaround as MacPorts to allow the bootstrap to
succeed...

Index: gcc5.info

===================================================================

RCS file: /cvsroot/fink/dists/10.9-libcxx/stable/main/finkinfo/languages/
gcc5.info,v

retrieving revision 1.9

diff -u -r1.9 gcc5.info

--- gcc5.info 8 Oct 2016 11:03:42 -0000 1.9

+++ gcc5.info 4 Nov 2016 00:25:58 -0000

@@ -71,6 +71,7 @@

  --with-isl=%p \

  --with-mpc=%p \

  --with-system-zlib \

+ --with-local-prefix=%p \

  --program-suffix=-fsf-5

 <<

 InfoTest: <<

Index: gcc6.info

===================================================================

RCS file: /cvsroot/fink/dists/10.9-libcxx/stable/main/finkinfo/languages/
gcc6.info,v

retrieving revision 1.4

diff -u -r1.4 gcc6.info

--- gcc6.info 8 Oct 2016 20:26:47 -0000 1.4

+++ gcc6.info 4 Nov 2016 00:25:58 -0000

@@ -71,6 +71,7 @@

  --with-isl=%p \

  --with-mpc=%p \

  --with-system-zlib \

+ --with-local-prefix=%p \

  --program-suffix=-fsf-6

 <<

 InfoTest: <<

 I'll start building through the fink package set and look for any other
instances were we need to tweak due to the sandboxing.
           Jack

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Fink-devel mailing list
Fink-devel@lists.sourceforge.net
List archive:
http://news.gmane.org/gmane.os.apple.fink.devel
Subscription management:
https://lists.sourceforge.net/lists/listinfo/fink-devel

Reply via email to