Re: harden distribution
On Mon, Jul 02, 2001 at 04:44:20PM -0400, Matt Zimmerman wrote:
> On Mon, Jul 02, 2001 at 12:54:33PM -0700, Nick Jennings wrote:
> >
> > I very much like the idea of being able to easily compile my packages
> > from source, in an automated and seamless way (so that security updates
> > are just as easy). Basically you provide an /etc/makefile with a bunch
> > of compiler optimizations etc. and each package gets compiled with those
> > rulesets. When doing and update/upgrade the patches are applied to the
> > source and re-compiled with the same optimizations.
>
> Optimally, packages would support things like:
>
> - Passing in a custom CC, CFLAGS, etc.
> - Passing arbitrary flags to a ./configure script
>
> but a primitive system could be built that simply applied a set of patches to
> the tree before building. If these patches were kept in a logical place, they
> could easily be fetched and used to build updated packages as they came in.
> The hardest part of this, I think, would be automating the actual build
> process. Perhaps the autobuilder code could be split off and shared.
>
> > Having all of this automated would really add alot of power to debians
> > package management system. Basically incorporating the power of the
> > BSD ports architecture into it.
>
> I've heard a lot of praise of BSD's ports tree and its "make world", but I've
> only built simple programs with it. How does it handle build dependencies?
Very well, It has a list of libraries or applications that it relies on, and
if those files arent found in the system, theres a list of places to grab
the source, and it's compiled before the original package specified is.
for instance if I went into the gimp directory in the ports tree and
did a 'make install' it would grab gtk & glib etc and compile all of that
before it got back to gimp.
Of course, debians dependency structure is much more advanced, :) and would
still be able to be used very completely.
--
Nick Jennings
Reply to: