subject:"Request to review\: print\/texlive\-install"

Re: Request to review: print/texlive-install

2012-05-29 Thread Hiroki Sato

Chris Rees cr...@freebsd.org wrote
  in CADLo8380zGtCETzGrKzMrD_3Fwm2bZOMpEFLupaD_=mpu5k...@mail.gmail.com:

cr On 28 May 2012 18:11, Stephen Montgomery-Smith step...@missouri.edu wrote:
cr  On 05/28/2012 11:35 AM, Gábor Kövesdán wrote:
cr 
cr  On 2012.05.28. 18:16, Stephen Montgomery-Smith wrote:
cr 
cr 
cr 
cr  On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote:
cr 
cr 
cr  How about if I add lines like this:
cr 
cr  .if !defined(IGNORE_SECURITY_RISK)
cr  IGNORE= has a security risk because it downloads a file \
cr  without a checksum. Define IGNORE_SECURITY_RISK to build this port
cr  .endif
cr 
cr  Would it be considered OK to commit it then?
cr 
cr  could you host it somewhere that won't go away at missouri.edu?
cr 
cr 
cr 
cr  I could host it somewhere at missouri.edu that will stay as long as I
cr  am alive or keep my job.
cr 
cr  Better to host it on the FreeBSD mirrors. You only have to create a
cr  public_distfiles in your home directory after logging in to freefall and
cr  drop the file there. This is the usual way of doing it.
cr 
cr 
cr  Thank you for the info.  Here is my latest version:
cr 
cr  http://people.freebsd.org/~stephen/
cr 
cr 
cr I'm afraid my concerns still hold [1].
cr 
cr This port fetches $WHOKNOWSWHAT from $WHOKNOWSWHERE outside the fetch
cr stage, which isn't how ports are supposed to work.
cr 
cr I know 'having a port' is usually considered a good thing, but as I
cr said before, it's no easier or safer to install this via the port than
cr just download and run the script.
cr 
cr Also, on deinstall/upgrade the port will clobber anything that was
cr there on install (automatic plist generation also sucks in anything
cr that was there) [2].

 I also think this port is too tricky.  Although I do understand one
 big package for texlive is easy to install and it will be one which
 can satisfy many people, it should get along with the ports
 framework---I do not think defining IGNORE_SECURITY_RISK is what we
 want to do.

 I spent a lot of time for teTeX-to-texlive migration in the ports
 tree but I could not accomplish it actually so far since I could find
 only a suboptimal solution.  Importing a texlive port should replace
 the current teTeX ports at one burst because there are many ports
 which depend on TeX.  I may not be qualified to say no here because
 I have not been able to create an alternative for a long time, but
 adding a texlive port with no specific migration plan would make the
 ports tree confused.

 I have created and used a prototype which consists of modularized
 texlive ports (~200 ports) generated from macro package list in
 texlive source and metadata from texlive.tlpdb to replace
 print/teTeX* in the tree completely.  It is because strong demands
 for modularity and/or smaller configurations from TeX users who are
 using it in non-X11 environment, for example, still remain.  It has
 worked, but one big problem is that it is not compatible with tlmgr.
 If people use a tlmgr-like tool to download and install a macro
 package instead of the ports, the texmf tree will be broken easily.
 In addition, inconsistency between package database and actually
 installed files breaks our ports framework in various ways.  Trouble
 reports on print/teTeX* ports I received were mostly due to broken
 texmf trees, so I am feeling this should be mitigated in some way.

 I can post the port set with disabling some of tlmgr's capability
 (package install/removal part).  Is it still an interesting one for
 people?

-- Hiroki


pgp8H7WvvfUDW.pgp
Description: PGP signature

Re: Request to review: print/texlive-install

2012-05-28 Thread Stephen Montgomery-Smith


On 05/27/2012 09:19 PM, Eitan Adler wrote:

On 27 May 2012 18:14, Stephen Montgomery-Smithstep...@missouri.edu  wrote:

There are a number of issues.  In particular there is no checksum calculated
for install-tl-unx.tar.gz because I suspect that it changes very often.


This is a security risk and must not be committed as is.


OK, I won't commit it as it is.

___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: Request to review: print/texlive-install

2012-05-28 Thread Stephen Montgomery-Smith

On 05/27/2012 08:48 PM, Nikola Lečić wrote:

On Sun, 27 May 2012 20:32:14 -0500, Stephen Montgomery-Smith wrote:

Hi People,

I have written a simple port which is in essence a wrapper around the
texlive installation script. It also builds (almost) all of the binaries
from scratch.

Does anyone have any suggestions? Would anyone mind if this port was
committed?

There are a number of issues. In particular there is no checksum
calculated for install-tl-unx.tar.gz because I suspect that it changes
very often.

Also the install-tl- script doesn't seem to have a capability to
be run in batch mode. I hacked a way around this, but it could be easily
broken if the script were to change in some unexpected way.

But it does build and install texlive in a fairly timely manner. And the
result can be made into a (large) package using pkg_create.

Stephen, TeX Live 2011 builds fine for me with this port. Just a few
comments:

1. Biber doesn't need compat7x. It works on 7 and above without it.
Moreover, the TeX Live's configure script already takes care of the
FreeBSD version in the FreeBSD way. Please take a look:

http://www.tug.org/svn/texlive/trunk/Build/source/utils/biber/configure?revision=26215view=markup

lines 3563-3583, or just search for '__FreeBSD_version'. The binaries
distributed with the source work on FreeBSD=701000 and biber will not
be installed if older FreeBSD is detected.

(I meant that it could be possible to cover FreeBSD-6 with biber
binaries distributed over CTAN. But that's not extremely important for
now.)

2. fontconfig is a run dependency as well, xetex needs it to run.

Thanks. What about perl - is that a run dependency as well?

3. TeX Live ships with its own portable FreeBSD i386/amd64 xz and wget
binaries and install-tl/tlmgr use them. They will not work on FreeBSD7.
Therefore, it could be possible that you need to add xz and wget as
build/run dependencies on FreeBSD7 and on architectures other than
i386/amd64, although I haven't checked this.

I won't worry about FreeBSD7. They are end of line anyway.

4. Since the aim of your port is not to create portable binaries, there
is no reason not to build xindy. You can freely add '--enable-xindy
CLISP=/path to the clisp binary/', and lang/clisp as a build dependency.

I was looking at the online docs of xindy. Is the version of xindy that
comes with texlive out of date? The online docs don't match the program
that comes with xindy.

___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: Request to review: print/texlive-install

2012-05-28 Thread Stephen Montgomery-Smith


On 05/27/2012 09:19 PM, Eitan Adler wrote:

On 27 May 2012 18:14, Stephen Montgomery-Smithstep...@missouri.edu  wrote:

There are a number of issues.  In particular there is no checksum calculated
for install-tl-unx.tar.gz because I suspect that it changes very often.


This is a security risk and must not be committed as is.


How about if I add lines like this:

.if !defined(IGNORE_SECURITY_RISK)
IGNORE= has a security risk because it downloads a file \
without a checksum.  Define IGNORE_SECURITY_RISK to build this port
.endif

Would it be considered OK to commit it then?
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: Request to review: print/texlive-install

2012-05-28 Thread Michael Scheidell




On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote:


How about if I add lines like this:

.if !defined(IGNORE_SECURITY_RISK)
IGNORE= has a security risk because it downloads a file \
without a checksum.  Define IGNORE_SECURITY_RISK to build this port
.endif

Would it be considered OK to commit it then? 

 could you host it somewhere that won't go away at missouri.edu?

--
Michael Scheidell, CTO
*| * SECNAP Network Security Corporation
d: +1.561.948.2259
w: http://people.freebsd.org/~scheidell
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: Request to review: print/texlive-install

2012-05-28 Thread Nikola Lečić

On Mon, 28 May 2012 09:06:18 -0500, Stephen Montgomery-Smith wrote:
 2. fontconfig is a run dependency as well, xetex needs it to run.
 
 Thanks.  What about perl - is that a run dependency as well?

Yes, it is, install-tl and tlmgr are perl scripts.

 3. TeX Live ships with its own portable FreeBSD i386/amd64 xz and wget
 binaries and install-tl/tlmgr use them. They will not work on FreeBSD7.
 Therefore, it could be possible that you need to add xz and wget as
 build/run dependencies on FreeBSD7 and on architectures other than
 i386/amd64, although I haven't checked this.
 
 I won't worry about FreeBSD7.  They are end of line anyway.

Ok.

 4. Since the aim of your port is not to create portable binaries, there
 is no reason not to build xindy. You can freely add '--enable-xindy
 CLISP=/path to the clisp binary/', and lang/clisp as a build dependency.
 
 I was looking at the online docs of xindy.  Is the version of xindy
 that comes with texlive out of date?  The online docs don't match the
 program that comes with xindy.

Many other programs are out of date, TeX Live 2011 was released a year
ago. The versions distributed with TL releases match together well. The
safest options for TL2011 users is to use xindy distributed with TL2011.

More notes/questions:

* You could add x11-toolkits/p5-Tk as a run dependency. tlmgr has a
nice GUI; actually it's very inconvenient to use it without gui.

* Since this port leaves full TeX Live system installed, users should
use tlmgr to update their packages and scripts. Two questions in this
respect:

a) what will happen with /var/db/ports/ info?

b) it's not a good idea to run tlmgr gui as root. Maybe to offer an
option with SUID Bit, as in sysutils/xcdroast?

-- 
Nikola Lečić = Никола Лечић
fingerprint : FEF3 66AF C90E EDC3 D878  7CDC 956D F4AB A377 1C9B

___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: Request to review: print/texlive-install

2012-05-28 Thread Stephen Montgomery-Smith


On 05/28/2012 10:47 AM, Michael Scheidell wrote:



On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote:


How about if I add lines like this:

.if !defined(IGNORE_SECURITY_RISK)
IGNORE= has a security risk because it downloads a file \
without a checksum. Define IGNORE_SECURITY_RISK to build this port
.endif

Would it be considered OK to commit it then?

could you host it somewhere that won't go away at missouri.edu?




I could host it somewhere at missouri.edu that will stay as long as I am 
alive or keep my job.

___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: Request to review: print/texlive-install

2012-05-28 Thread Gábor Kövesdán


On 2012.05.28. 18:16, Stephen Montgomery-Smith wrote:



On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote:


How about if I add lines like this:

.if !defined(IGNORE_SECURITY_RISK)
IGNORE= has a security risk because it downloads a file \
without a checksum. Define IGNORE_SECURITY_RISK to build this port
.endif

Would it be considered OK to commit it then?

could you host it somewhere that won't go away at missouri.edu?




I could host it somewhere at missouri.edu that will stay as long as I 
am alive or keep my job. 
Better to host it on the FreeBSD mirrors. You only have to create a 
public_distfiles in your home directory after logging in to freefall and 
drop the file there. This is the usual way of doing it.


Gabor

___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: Request to review: print/texlive-install

2012-05-28 Thread Chris Rees

On May 28, 2012 5:23 PM, Stephen Montgomery-Smith step...@missouri.edu
wrote:

 On 05/28/2012 10:47 AM, Michael Scheidell wrote:



 On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote:


 How about if I add lines like this:

 .if !defined(IGNORE_SECURITY_RISK)
 IGNORE= has a security risk because it downloads a file \
 without a checksum. Define IGNORE_SECURITY_RISK to build this port
 .endif

 Would it be considered OK to commit it then?

 could you host it somewhere that won't go away at missouri.edu?



 I could host it somewhere at missouri.edu that will stay as long as I am
alive or keep my job.


The main problem is the fetching of random files during build-- that is an
issue faced by many ports.

This is not generally allowed to happen, since these files are not verified
either.  What needs to happen is for the port to fetch all necessary files
in the do-fetch stage.

Unfortunately this makes it more complicated, but otherwise our users are
simply better off fetching and installing the files themselves; the port
makes it no easier.

Chris
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: Request to review: print/texlive-install

2012-05-28 Thread Jason Helfman

 On 05/27/2012 09:19 PM, Eitan Adler wrote:
 On 27 May 2012 18:14, Stephen Montgomery-Smithstep...@missouri.edu
 wrote:
 There are a number of issues.  In particular there is no checksum
 calculated
 for install-tl-unx.tar.gz because I suspect that it changes very often.

 This is a security risk and must not be committed as is.

 How about if I add lines like this:

 .if !defined(IGNORE_SECURITY_RISK)
 IGNORE= has a security risk because it downloads a file \
 without a checksum.  Define IGNORE_SECURITY_RISK to build this port
 .endif

 Would it be considered OK to commit it then?

Does the code look for a particular location for this file to exist before
attempting to download it? If not, can it be patched, to do so?

If so, it can be added as a distfile, and put into a location where the
build will find it.

If this can be done, there wouldn't be a security risk, assuming no other
files are downloaded post-fetch.

-jgh



___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: Request to review: print/texlive-install

2012-05-28 Thread Stephen Montgomery-Smith


On 05/28/2012 10:44 AM, Nikola Lečić wrote:

On Mon, 28 May 2012 09:06:18 -0500, Stephen Montgomery-Smith wrote:

2. fontconfig is a run dependency as well, xetex needs it to run.


Thanks.  What about perl - is that a run dependency as well?


Yes, it is, install-tl and tlmgr are perl scripts.


3. TeX Live ships with its own portable FreeBSD i386/amd64 xz and wget
binaries and install-tl/tlmgr use them. They will not work on FreeBSD7.
Therefore, it could be possible that you need to add xz and wget as
build/run dependencies on FreeBSD7 and on architectures other than
i386/amd64, although I haven't checked this.


I won't worry about FreeBSD7.  They are end of line anyway.


Ok.



But it looks like tlmgr expects to find wget in its path.  So I'll add 
it as a run dependency.





4. Since the aim of your port is not to create portable binaries, there
is no reason not to build xindy. You can freely add '--enable-xindy
CLISP=/path to the clisp binary/', and lang/clisp as a build dependency.


I was looking at the online docs of xindy.  Is the version of xindy
that comes with texlive out of date?  The online docs don't match the
program that comes with xindy.


Many other programs are out of date, TeX Live 2011 was released a year
ago. The versions distributed with TL releases match together well. The
safest options for TL2011 users is to use xindy distributed with TL2011.



I will add an option that allows xindy to be built.


More notes/questions:

* You could add x11-toolkits/p5-Tk as a run dependency. tlmgr has a
nice GUI; actually it's very inconvenient to use it without gui.



I will add an option that will add x11-toolkits/p5-Tk as a run dependency.


* Since this port leaves full TeX Live system installed, users should
use tlmgr to update their packages and scripts. Two questions in this
respect:

a) what will happen with /var/db/ports/ info?



he info will become out of date.  But when the user tries to deinstall 
the package, he/she gets helpful messages that says it could not be 
completely deinstalled, and says where the problem is.  And since the 
only stuff that will have changed is in ${PREFIX}/texlive, the user 
should find it easy to delete the left over stuff.


Also I think one could add a pkg-deinstall message that says to apply 
rm -rf ${PREFIX}/texlive just to be sure.



b) it's not a good idea to run tlmgr gui as root. Maybe to offer an
option with SUID Bit, as in sysutils/xcdroast?


This looks non-trivial.  Simply setting the setuid bit on the tlmgr 
script doesn't work, because it is a perl script.  One way would be to 
write a wrapper.


But I would recommend the port security/super which allows you to 
create scripts that can be run with setuid.  Then let the user set this 
up as they desire.


___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: Request to review: print/texlive-install

2012-05-28 Thread Stephen Montgomery-Smith


On 05/28/2012 11:29 AM, Jason Helfman wrote:

On 05/27/2012 09:19 PM, Eitan Adler wrote:

On 27 May 2012 18:14, Stephen Montgomery-Smithstep...@missouri.edu
wrote:

There are a number of issues.  In particular there is no checksum
calculated
for install-tl-unx.tar.gz because I suspect that it changes very often.


This is a security risk and must not be committed as is.


How about if I add lines like this:

.if !defined(IGNORE_SECURITY_RISK)
IGNORE= has a security risk because it downloads a file \
without a checksum.  Define IGNORE_SECURITY_RISK to build this port
.endif

Would it be considered OK to commit it then?


Does the code look for a particular location for this file to exist before
attempting to download it? If not, can it be patched, to do so?

If so, it can be added as a distfile, and put into a location where the
build will find it.


Yes, I can do this.  But the file changes often, so one would have to 
update distinfo in the ports very often to keep up.



If this can be done, there wouldn't be a security risk, assuming no other
files are downloaded post-fetch.


And the install script downloads everything during the do-install phase.

___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: Request to review: print/texlive-install

2012-05-28 Thread Stephen Montgomery-Smith


On 05/28/2012 12:31 PM, Chris Rees wrote:

On 28 May 2012 18:11, Stephen Montgomery-Smithstep...@missouri.edu  wrote:

On 05/28/2012 11:35 AM, Gábor Kövesdán wrote:


On 2012.05.28. 18:16, Stephen Montgomery-Smith wrote:




On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote:



How about if I add lines like this:

.if !defined(IGNORE_SECURITY_RISK)
IGNORE= has a security risk because it downloads a file \
without a checksum. Define IGNORE_SECURITY_RISK to build this port
.endif

Would it be considered OK to commit it then?


could you host it somewhere that won't go away at missouri.edu?




I could host it somewhere at missouri.edu that will stay as long as I
am alive or keep my job.


Better to host it on the FreeBSD mirrors. You only have to create a
public_distfiles in your home directory after logging in to freefall and
drop the file there. This is the usual way of doing it.



Thank you for the info.  Here is my latest version:

http://people.freebsd.org/~stephen/



I'm afraid my concerns still hold [1].

This port fetches $WHOKNOWSWHAT from $WHOKNOWSWHERE outside the fetch
stage, which isn't how ports are supposed to work.

I know 'having a port' is usually considered a good thing, but as I
said before, it's no easier or safer to install this via the port than
just download and run the script.

[1] http://lists.freebsd.org/pipermail/freebsd-ports/2012-May/075236.html


Yes, this will never become part of the ports tree as it is.  I am 
merely going to offer this to people as something they can download from 
my web page.


The advantage it offers over the usual script is that the binaries are 
built for your particular system.  And /var/db/pkg is populated.  And 
links are created to ${PREFIX}/bin.




[2]
'''
Install texlive-install.
Use texlive to grab funky new package.
Upgrade texlive-install /* XXX funky new package is now added to
texlive-instal plist */
Upgrade texlive-install again

Hey, where did $FUNKY go?
'''


Hopefully $FUNKY will now be part of the complete texlive install, and 
so it will be reinstalled in the second (and first) upgrades.


Otherwise I see no way around this problem.

===

One thing I might do is to create a port called texlive-binaries with 
instructions in pkg-message on how to incorporate it into the texlive 
distribution when you use the script downloaded from their web page.  (I 
need to check that the name texlive-binaries doesn't conflict with 
http://code.google.com/p/freebsd-texlive.)

___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: Request to review: print/texlive-install

2012-05-28 Thread Nikola Lečić

On Mon, 28 May 2012 11:53:29 -0500, Stephen Montgomery-Smith wrote:
[...]
 This looks non-trivial.  Simply setting the setuid bit on the tlmgr
 script doesn't work, because it is a perl script.  One way would be to
 write a wrapper.
 
 But I would recommend the port security/super which allows you to
 create scripts that can be run with setuid.  Then let the user set
 this up as they desire.

I see. Didn't know for security/super - thanks for the info.

Yet another observation:

CONFLICTS - besides what you put in the Makefile, a quick look shows
that this port conflicts with at least these ports:

japanese/makejvf
japanese/ptex
print/detex
print/dvi2tty
print/dvipdfmx
print/dvips
print/dviselect
print/jadetex
print/latex
print/latexmk
print/lcdf-typetools
print/makeindex
print/musixtex
print/ps2eps
print/psutils*
print/t1utils
print/xdvi
print/xmltex
textproc/lacheck
textproc/teckit

-- 
Nikola Lečić = Никола Лечић
fingerprint : FEF3 66AF C90E EDC3 D878  7CDC 956D F4AB A377 1C9B

___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: Request to review: print/texlive-install

2012-05-28 Thread Doug Barton

On 5/28/2012 9:35 AM, Gábor Kövesdán wrote:
 Better to host it on the FreeBSD mirrors. 

The more we can diversify out to other sites, the better. It's fine to
have the FreeBSD mirrors as a last resort, but they shouldn't be the
first choice.

Doug

-- 

This .signature sanitized for your protection
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org

Re: Request to review: print/texlive-install

2012-05-27 Thread Nikola Lečić

On Sun, 27 May 2012 20:32:14 -0500, Stephen Montgomery-Smith wrote:
Hi People,