Re: Request to review: print/texlive-install
Chris Rees cr...@freebsd.org wrote in CADLo8380zGtCETzGrKzMrD_3Fwm2bZOMpEFLupaD_=mpu5k...@mail.gmail.com: cr On 28 May 2012 18:11, Stephen Montgomery-Smith step...@missouri.edu wrote: cr On 05/28/2012 11:35 AM, Gábor Kövesdán wrote: cr cr On 2012.05.28. 18:16, Stephen Montgomery-Smith wrote: cr cr cr cr On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote: cr cr cr How about if I add lines like this: cr cr .if !defined(IGNORE_SECURITY_RISK) cr IGNORE= has a security risk because it downloads a file \ cr without a checksum. Define IGNORE_SECURITY_RISK to build this port cr .endif cr cr Would it be considered OK to commit it then? cr cr could you host it somewhere that won't go away at missouri.edu? cr cr cr cr I could host it somewhere at missouri.edu that will stay as long as I cr am alive or keep my job. cr cr Better to host it on the FreeBSD mirrors. You only have to create a cr public_distfiles in your home directory after logging in to freefall and cr drop the file there. This is the usual way of doing it. cr cr cr Thank you for the info. Here is my latest version: cr cr http://people.freebsd.org/~stephen/ cr cr cr I'm afraid my concerns still hold [1]. cr cr This port fetches $WHOKNOWSWHAT from $WHOKNOWSWHERE outside the fetch cr stage, which isn't how ports are supposed to work. cr cr I know 'having a port' is usually considered a good thing, but as I cr said before, it's no easier or safer to install this via the port than cr just download and run the script. cr cr Also, on deinstall/upgrade the port will clobber anything that was cr there on install (automatic plist generation also sucks in anything cr that was there) [2]. I also think this port is too tricky. Although I do understand one big package for texlive is easy to install and it will be one which can satisfy many people, it should get along with the ports framework---I do not think defining IGNORE_SECURITY_RISK is what we want to do. I spent a lot of time for teTeX-to-texlive migration in the ports tree but I could not accomplish it actually so far since I could find only a suboptimal solution. Importing a texlive port should replace the current teTeX ports at one burst because there are many ports which depend on TeX. I may not be qualified to say no here because I have not been able to create an alternative for a long time, but adding a texlive port with no specific migration plan would make the ports tree confused. I have created and used a prototype which consists of modularized texlive ports (~200 ports) generated from macro package list in texlive source and metadata from texlive.tlpdb to replace print/teTeX* in the tree completely. It is because strong demands for modularity and/or smaller configurations from TeX users who are using it in non-X11 environment, for example, still remain. It has worked, but one big problem is that it is not compatible with tlmgr. If people use a tlmgr-like tool to download and install a macro package instead of the ports, the texmf tree will be broken easily. In addition, inconsistency between package database and actually installed files breaks our ports framework in various ways. Trouble reports on print/teTeX* ports I received were mostly due to broken texmf trees, so I am feeling this should be mitigated in some way. I can post the port set with disabling some of tlmgr's capability (package install/removal part). Is it still an interesting one for people? -- Hiroki pgp8H7WvvfUDW.pgp Description: PGP signature
Re: Request to review: print/texlive-install
On 05/27/2012 09:19 PM, Eitan Adler wrote: On 27 May 2012 18:14, Stephen Montgomery-Smithstep...@missouri.edu wrote: There are a number of issues. In particular there is no checksum calculated for install-tl-unx.tar.gz because I suspect that it changes very often. This is a security risk and must not be committed as is. OK, I won't commit it as it is. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Request to review: print/texlive-install
On 05/27/2012 08:48 PM, Nikola Lečić wrote: On Sun, 27 May 2012 20:32:14 -0500, Stephen Montgomery-Smith wrote: Hi People, I have written a simple port which is in essence a wrapper around the texlive installation script. It also builds (almost) all of the binaries from scratch. Does anyone have any suggestions? Would anyone mind if this port was committed? There are a number of issues. In particular there is no checksum calculated for install-tl-unx.tar.gz because I suspect that it changes very often. Also the install-tl- script doesn't seem to have a capability to be run in batch mode. I hacked a way around this, but it could be easily broken if the script were to change in some unexpected way. But it does build and install texlive in a fairly timely manner. And the result can be made into a (large) package using pkg_create. Stephen, TeX Live 2011 builds fine for me with this port. Just a few comments: 1. Biber doesn't need compat7x. It works on 7 and above without it. Moreover, the TeX Live's configure script already takes care of the FreeBSD version in the FreeBSD way. Please take a look: http://www.tug.org/svn/texlive/trunk/Build/source/utils/biber/configure?revision=26215view=markup lines 3563-3583, or just search for '__FreeBSD_version'. The binaries distributed with the source work on FreeBSD=701000 and biber will not be installed if older FreeBSD is detected. (I meant that it could be possible to cover FreeBSD-6 with biber binaries distributed over CTAN. But that's not extremely important for now.) 2. fontconfig is a run dependency as well, xetex needs it to run. Thanks. What about perl - is that a run dependency as well? 3. TeX Live ships with its own portable FreeBSD i386/amd64 xz and wget binaries and install-tl/tlmgr use them. They will not work on FreeBSD7. Therefore, it could be possible that you need to add xz and wget as build/run dependencies on FreeBSD7 and on architectures other than i386/amd64, although I haven't checked this. I won't worry about FreeBSD7. They are end of line anyway. 4. Since the aim of your port is not to create portable binaries, there is no reason not to build xindy. You can freely add '--enable-xindy CLISP=/path to the clisp binary/', and lang/clisp as a build dependency. I was looking at the online docs of xindy. Is the version of xindy that comes with texlive out of date? The online docs don't match the program that comes with xindy. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Request to review: print/texlive-install
On 05/27/2012 09:19 PM, Eitan Adler wrote: On 27 May 2012 18:14, Stephen Montgomery-Smithstep...@missouri.edu wrote: There are a number of issues. In particular there is no checksum calculated for install-tl-unx.tar.gz because I suspect that it changes very often. This is a security risk and must not be committed as is. How about if I add lines like this: .if !defined(IGNORE_SECURITY_RISK) IGNORE= has a security risk because it downloads a file \ without a checksum. Define IGNORE_SECURITY_RISK to build this port .endif Would it be considered OK to commit it then? ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Request to review: print/texlive-install
On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote: How about if I add lines like this: .if !defined(IGNORE_SECURITY_RISK) IGNORE= has a security risk because it downloads a file \ without a checksum. Define IGNORE_SECURITY_RISK to build this port .endif Would it be considered OK to commit it then? could you host it somewhere that won't go away at missouri.edu? -- Michael Scheidell, CTO *| * SECNAP Network Security Corporation d: +1.561.948.2259 w: http://people.freebsd.org/~scheidell ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Request to review: print/texlive-install
On Mon, 28 May 2012 09:06:18 -0500, Stephen Montgomery-Smith wrote: 2. fontconfig is a run dependency as well, xetex needs it to run. Thanks. What about perl - is that a run dependency as well? Yes, it is, install-tl and tlmgr are perl scripts. 3. TeX Live ships with its own portable FreeBSD i386/amd64 xz and wget binaries and install-tl/tlmgr use them. They will not work on FreeBSD7. Therefore, it could be possible that you need to add xz and wget as build/run dependencies on FreeBSD7 and on architectures other than i386/amd64, although I haven't checked this. I won't worry about FreeBSD7. They are end of line anyway. Ok. 4. Since the aim of your port is not to create portable binaries, there is no reason not to build xindy. You can freely add '--enable-xindy CLISP=/path to the clisp binary/', and lang/clisp as a build dependency. I was looking at the online docs of xindy. Is the version of xindy that comes with texlive out of date? The online docs don't match the program that comes with xindy. Many other programs are out of date, TeX Live 2011 was released a year ago. The versions distributed with TL releases match together well. The safest options for TL2011 users is to use xindy distributed with TL2011. More notes/questions: * You could add x11-toolkits/p5-Tk as a run dependency. tlmgr has a nice GUI; actually it's very inconvenient to use it without gui. * Since this port leaves full TeX Live system installed, users should use tlmgr to update their packages and scripts. Two questions in this respect: a) what will happen with /var/db/ports/ info? b) it's not a good idea to run tlmgr gui as root. Maybe to offer an option with SUID Bit, as in sysutils/xcdroast? -- Nikola Lečić = Никола Лечић fingerprint : FEF3 66AF C90E EDC3 D878 7CDC 956D F4AB A377 1C9B ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Request to review: print/texlive-install
On 05/28/2012 10:47 AM, Michael Scheidell wrote: On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote: How about if I add lines like this: .if !defined(IGNORE_SECURITY_RISK) IGNORE= has a security risk because it downloads a file \ without a checksum. Define IGNORE_SECURITY_RISK to build this port .endif Would it be considered OK to commit it then? could you host it somewhere that won't go away at missouri.edu? I could host it somewhere at missouri.edu that will stay as long as I am alive or keep my job. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Request to review: print/texlive-install
On 2012.05.28. 18:16, Stephen Montgomery-Smith wrote: On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote: How about if I add lines like this: .if !defined(IGNORE_SECURITY_RISK) IGNORE= has a security risk because it downloads a file \ without a checksum. Define IGNORE_SECURITY_RISK to build this port .endif Would it be considered OK to commit it then? could you host it somewhere that won't go away at missouri.edu? I could host it somewhere at missouri.edu that will stay as long as I am alive or keep my job. Better to host it on the FreeBSD mirrors. You only have to create a public_distfiles in your home directory after logging in to freefall and drop the file there. This is the usual way of doing it. Gabor ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Request to review: print/texlive-install
On May 28, 2012 5:23 PM, Stephen Montgomery-Smith step...@missouri.edu wrote: On 05/28/2012 10:47 AM, Michael Scheidell wrote: On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote: How about if I add lines like this: .if !defined(IGNORE_SECURITY_RISK) IGNORE= has a security risk because it downloads a file \ without a checksum. Define IGNORE_SECURITY_RISK to build this port .endif Would it be considered OK to commit it then? could you host it somewhere that won't go away at missouri.edu? I could host it somewhere at missouri.edu that will stay as long as I am alive or keep my job. The main problem is the fetching of random files during build-- that is an issue faced by many ports. This is not generally allowed to happen, since these files are not verified either. What needs to happen is for the port to fetch all necessary files in the do-fetch stage. Unfortunately this makes it more complicated, but otherwise our users are simply better off fetching and installing the files themselves; the port makes it no easier. Chris ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Request to review: print/texlive-install
On 05/27/2012 09:19 PM, Eitan Adler wrote: On 27 May 2012 18:14, Stephen Montgomery-Smithstep...@missouri.edu wrote: There are a number of issues. In particular there is no checksum calculated for install-tl-unx.tar.gz because I suspect that it changes very often. This is a security risk and must not be committed as is. How about if I add lines like this: .if !defined(IGNORE_SECURITY_RISK) IGNORE= has a security risk because it downloads a file \ without a checksum. Define IGNORE_SECURITY_RISK to build this port .endif Would it be considered OK to commit it then? Does the code look for a particular location for this file to exist before attempting to download it? If not, can it be patched, to do so? If so, it can be added as a distfile, and put into a location where the build will find it. If this can be done, there wouldn't be a security risk, assuming no other files are downloaded post-fetch. -jgh ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Request to review: print/texlive-install
On 05/28/2012 10:44 AM, Nikola Lečić wrote: On Mon, 28 May 2012 09:06:18 -0500, Stephen Montgomery-Smith wrote: 2. fontconfig is a run dependency as well, xetex needs it to run. Thanks. What about perl - is that a run dependency as well? Yes, it is, install-tl and tlmgr are perl scripts. 3. TeX Live ships with its own portable FreeBSD i386/amd64 xz and wget binaries and install-tl/tlmgr use them. They will not work on FreeBSD7. Therefore, it could be possible that you need to add xz and wget as build/run dependencies on FreeBSD7 and on architectures other than i386/amd64, although I haven't checked this. I won't worry about FreeBSD7. They are end of line anyway. Ok. But it looks like tlmgr expects to find wget in its path. So I'll add it as a run dependency. 4. Since the aim of your port is not to create portable binaries, there is no reason not to build xindy. You can freely add '--enable-xindy CLISP=/path to the clisp binary/', and lang/clisp as a build dependency. I was looking at the online docs of xindy. Is the version of xindy that comes with texlive out of date? The online docs don't match the program that comes with xindy. Many other programs are out of date, TeX Live 2011 was released a year ago. The versions distributed with TL releases match together well. The safest options for TL2011 users is to use xindy distributed with TL2011. I will add an option that allows xindy to be built. More notes/questions: * You could add x11-toolkits/p5-Tk as a run dependency. tlmgr has a nice GUI; actually it's very inconvenient to use it without gui. I will add an option that will add x11-toolkits/p5-Tk as a run dependency. * Since this port leaves full TeX Live system installed, users should use tlmgr to update their packages and scripts. Two questions in this respect: a) what will happen with /var/db/ports/ info? he info will become out of date. But when the user tries to deinstall the package, he/she gets helpful messages that says it could not be completely deinstalled, and says where the problem is. And since the only stuff that will have changed is in ${PREFIX}/texlive, the user should find it easy to delete the left over stuff. Also I think one could add a pkg-deinstall message that says to apply rm -rf ${PREFIX}/texlive just to be sure. b) it's not a good idea to run tlmgr gui as root. Maybe to offer an option with SUID Bit, as in sysutils/xcdroast? This looks non-trivial. Simply setting the setuid bit on the tlmgr script doesn't work, because it is a perl script. One way would be to write a wrapper. But I would recommend the port security/super which allows you to create scripts that can be run with setuid. Then let the user set this up as they desire. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Request to review: print/texlive-install
On 05/28/2012 11:29 AM, Jason Helfman wrote: On 05/27/2012 09:19 PM, Eitan Adler wrote: On 27 May 2012 18:14, Stephen Montgomery-Smithstep...@missouri.edu wrote: There are a number of issues. In particular there is no checksum calculated for install-tl-unx.tar.gz because I suspect that it changes very often. This is a security risk and must not be committed as is. How about if I add lines like this: .if !defined(IGNORE_SECURITY_RISK) IGNORE= has a security risk because it downloads a file \ without a checksum. Define IGNORE_SECURITY_RISK to build this port .endif Would it be considered OK to commit it then? Does the code look for a particular location for this file to exist before attempting to download it? If not, can it be patched, to do so? If so, it can be added as a distfile, and put into a location where the build will find it. Yes, I can do this. But the file changes often, so one would have to update distinfo in the ports very often to keep up. If this can be done, there wouldn't be a security risk, assuming no other files are downloaded post-fetch. And the install script downloads everything during the do-install phase. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Request to review: print/texlive-install
On 05/28/2012 12:31 PM, Chris Rees wrote: On 28 May 2012 18:11, Stephen Montgomery-Smithstep...@missouri.edu wrote: On 05/28/2012 11:35 AM, Gábor Kövesdán wrote: On 2012.05.28. 18:16, Stephen Montgomery-Smith wrote: On 5/28/12 10:11 AM, Stephen Montgomery-Smith wrote: How about if I add lines like this: .if !defined(IGNORE_SECURITY_RISK) IGNORE= has a security risk because it downloads a file \ without a checksum. Define IGNORE_SECURITY_RISK to build this port .endif Would it be considered OK to commit it then? could you host it somewhere that won't go away at missouri.edu? I could host it somewhere at missouri.edu that will stay as long as I am alive or keep my job. Better to host it on the FreeBSD mirrors. You only have to create a public_distfiles in your home directory after logging in to freefall and drop the file there. This is the usual way of doing it. Thank you for the info. Here is my latest version: http://people.freebsd.org/~stephen/ I'm afraid my concerns still hold [1]. This port fetches $WHOKNOWSWHAT from $WHOKNOWSWHERE outside the fetch stage, which isn't how ports are supposed to work. I know 'having a port' is usually considered a good thing, but as I said before, it's no easier or safer to install this via the port than just download and run the script. [1] http://lists.freebsd.org/pipermail/freebsd-ports/2012-May/075236.html Yes, this will never become part of the ports tree as it is. I am merely going to offer this to people as something they can download from my web page. The advantage it offers over the usual script is that the binaries are built for your particular system. And /var/db/pkg is populated. And links are created to ${PREFIX}/bin. [2] ''' Install texlive-install. Use texlive to grab funky new package. Upgrade texlive-install /* XXX funky new package is now added to texlive-instal plist */ Upgrade texlive-install again Hey, where did $FUNKY go? ''' Hopefully $FUNKY will now be part of the complete texlive install, and so it will be reinstalled in the second (and first) upgrades. Otherwise I see no way around this problem. === One thing I might do is to create a port called texlive-binaries with instructions in pkg-message on how to incorporate it into the texlive distribution when you use the script downloaded from their web page. (I need to check that the name texlive-binaries doesn't conflict with http://code.google.com/p/freebsd-texlive.) ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Request to review: print/texlive-install
On Mon, 28 May 2012 11:53:29 -0500, Stephen Montgomery-Smith wrote: [...] This looks non-trivial. Simply setting the setuid bit on the tlmgr script doesn't work, because it is a perl script. One way would be to write a wrapper. But I would recommend the port security/super which allows you to create scripts that can be run with setuid. Then let the user set this up as they desire. I see. Didn't know for security/super - thanks for the info. Yet another observation: CONFLICTS - besides what you put in the Makefile, a quick look shows that this port conflicts with at least these ports: japanese/makejvf japanese/ptex print/detex print/dvi2tty print/dvipdfmx print/dvips print/dviselect print/jadetex print/latex print/latexmk print/lcdf-typetools print/makeindex print/musixtex print/ps2eps print/psutils* print/t1utils print/xdvi print/xmltex textproc/lacheck textproc/teckit -- Nikola Lečić = Никола Лечић fingerprint : FEF3 66AF C90E EDC3 D878 7CDC 956D F4AB A377 1C9B ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Request to review: print/texlive-install
On 5/28/2012 9:35 AM, Gábor Kövesdán wrote: Better to host it on the FreeBSD mirrors. The more we can diversify out to other sites, the better. It's fine to have the FreeBSD mirrors as a last resort, but they shouldn't be the first choice. Doug -- This .signature sanitized for your protection ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Request to review: print/texlive-install
On Sun, 27 May 2012 20:32:14 -0500, Stephen Montgomery-Smith wrote: Hi People, I have written a simple port which is in essence a wrapper around the texlive installation script. It also builds (almost) all of the binaries from scratch. Does anyone have any suggestions? Would anyone mind if this port was committed? There are a number of issues. In particular there is no checksum calculated for install-tl-unx.tar.gz because I suspect that it changes very often. Also the install-tl- script doesn't seem to have a capability to be run in batch mode. I hacked a way around this, but it could be easily broken if the script were to change in some unexpected way. But it does build and install texlive in a fairly timely manner. And the result can be made into a (large) package using pkg_create. Stephen, TeX Live 2011 builds fine for me with this port. Just a few comments: 1. Biber doesn't need compat7x. It works on 7 and above without it. Moreover, the TeX Live's configure script already takes care of the FreeBSD version in the FreeBSD way. Please take a look: http://www.tug.org/svn/texlive/trunk/Build/source/utils/biber/configure?revision=26215view=markup lines 3563-3583, or just search for '__FreeBSD_version'. The binaries distributed with the source work on FreeBSD=701000 and biber will not be installed if older FreeBSD is detected. (I meant that it could be possible to cover FreeBSD-6 with biber binaries distributed over CTAN. But that's not extremely important for now.) 2. fontconfig is a run dependency as well, xetex needs it to run. 3. TeX Live ships with its own portable FreeBSD i386/amd64 xz and wget binaries and install-tl/tlmgr use them. They will not work on FreeBSD7. Therefore, it could be possible that you need to add xz and wget as build/run dependencies on FreeBSD7 and on architectures other than i386/amd64, although I haven't checked this. 4. Since the aim of your port is not to create portable binaries, there is no reason not to build xindy. You can freely add '--enable-xindy CLISP=/path to the clisp binary/', and lang/clisp as a build dependency. -- Nikola Lečić = Никола Лечић fingerprint : FEF3 66AF C90E EDC3 D878 7CDC 956D F4AB A377 1C9B ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Request to review: print/texlive-install
On 27 May 2012 18:14, Stephen Montgomery-Smith step...@missouri.edu wrote: There are a number of issues. In particular there is no checksum calculated for install-tl-unx.tar.gz because I suspect that it changes very often. This is a security risk and must not be committed as is. -- Eitan Adler ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org