LGTM
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Oct 3 2016
Looks good to me in principle; see inline comment above.
Sep 30 2016
Sep 27 2016
Sep 26 2016
I think that these are all fine to make readable, for the same reason that the hostname is ok: allowing information to "leak" in a way that enables more software to use Capsicum sandboxing is a net win. If we wanted to obscure the host UUID then we should also be hiding anything that could be used to identify the machine, which seems distinctly unhelpful in our overall goal of World Domination (tm).
In D8000#165698, @rwatson wrote:I'm fine with exposing the hostname here -- the goal of Capsicum has always been to be pragmatic about getting software running where it doesn't violate isolation properties. You could argue that this is an information leak and/or might cause problems for deterministic replay-style applications of Capsicum -- but I'd rather we had more code working in a sandboxing. :-)
Sep 22 2016
Sep 21 2016
Agreed: this change makes perfect sense to me after rS305756.
- Simplify {BUILD,RUN}_DEPENDS.
- Remove superfluous GH_PROJECT variable.
- Move GitHub details to below LIB_DEPENDS.
- Clean up COMMENT to satisfy portlint -A.
- Change pkg-plist to PLIST_FILES.
Sep 19 2016
I think I'd be more comfortable if the bug fixes were committed separately from the Capsicum changes (making everything easier to upstream?) and if the Capsicum-specific stuff could be refactored out as much as possible to reduce the in-line #ifdef content. In particular, it would be nice if there could be struct sandbox or the like to capture all of the additional state required by Capsicum, and the contents of that structure could be different on FreeBSD, OpenBSD, etc. If there were a function called start_sandbox(struct sandbox *sbp) or the like, possibly together with a set_flags(int fd, struct sandbox *) or something, it would allow a nice, fair comparison between the Capsicum and Pledge LoC.
In D7773#164148, @cem wrote:I'm not a fan of introducing additional forks into otherwise straightforward programs. I think we might introduce more bugs that way than we mitigate with capsicum. I'd rather just allocate a list or array and preopen all inputs.
Updated port to Fix All The Things (TM)
- Remove PREFIX hack from libpolou-avr.
- Add RUN_DEPENDS to libpololu-avr.
Sep 13 2016
Sep 1 2016
Works for me.
Aug 26 2016
Works for me with a variant of 11-STABLE when I use nvidia-modeset. If I just try to use kldload nvidia by itself, however, I get strange artifacts and no visible X.
Jul 28 2016
Address @mjg 's point about EPERM.
- MFC r303406
- Treat EPERM slightly less specially.
Jul 27 2016
This seems to have been obviated by rS303274.
Jul 22 2016
Of course, if we wanted to ignore the --no-fatal-warnings flag altogether, we could just do:
Jul 19 2016
- switch to Makefile-based patching with OSVERSION
Jun 17 2016
- Extract suffix rules into bsd.suffixes[-posix].mk.
- Add bsd.suffixes[-posix].mk to share/mk/Makefile.
- Don't clear suffix rules in bsd.lib.mk.
Jun 16 2016
- Move .SUFFIXES definitions into suffix rule files, too.
Thanks, I've added those to share/mk/Makefile and will request an exp-run.
- Add bsd.suffixes[-posix].mk to share/mk/Makefile.
Jun 11 2016
Jun 8 2016
- Generalize the metadata we can look for.
- Don't output None attributes.
- Normalize paths.
- Give re-definitions a different shape from definitions.
- Add more filename sanitizing.
- Add flags to filter singletons and unconnected components.
- Print the total number of files being parsed.
May 31 2016
May 28 2016
Obviated by rS300226.
May 15 2016
May 14 2016
Sorry, I slightly let the ball drop here. How do I create a patch that only applies on one major version?
Ping?
So, I can't not approve... :)
- Update to v2.6.
- Add PyQt RUN_DEPENDS
May 13 2016
I suppose that's what I get for updating the port. :)
May 1 2016
Mar 4 2016
- Updating D5547: Fix shebang lines in DTrace Toolkit scripts.
Dec 3 2015
On the MAKE_JOBS_UNSAFE thing: I see what you mean now that I try to build with make -j12. Sorry, I'm still pretty new to porting... do I just set MAKE_JOBS_UNSAFE=yes in the Makefile?
libdistance uses pkg-config --cflags tcl as part of its build configuration, which works fine on 10 and 11, but not on 9:
Dec 2 2015
Thanks, all, for the comments! It sounds like there might be some rationalization of suffix rules in the works? If so, perhaps I should hold off so that we only have to add a single set of rules rather than adding the same thing twice in bsd.lib.mk and sys.mk...
Dec 1 2015
Nov 30 2015
Nov 27 2015
Closed by rP402448.
Nov 17 2015
Nov 3 2015
Oct 29 2015
Thanks: I've moved the LIBDIR stuff to the port Makefile rather than patches. It's currently not that much nicer, but I'm hoping to upstream a bunch of the other changes and reduce the number of patches required in the ports tree.
- Move LIBDIR, etc., to port Makefile when possible.
Thanks again for all of your help... hopefully this is the last newbie question!
- Oops: also install header file.
- Drop PREFIX?= from patches.
Oct 28 2015
Oct 27 2015
- Add USES=tcl rather than tcl BUILD_DEPENDS.
- Add URL to pkg-descr.
- Apply changes suggested by reviewers.
- Add new port: devel/myrepos.
- Minor changes suggested by portlint -A.