-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 BlissSam <m13253@hotmail.com> wrote:
It is well known that Gentoo builds packages in a sandbox environment. It protects from badly written build scripts [1] as well as some other threats.
I suggest that ArchLinux can build packages in such a sandbox, and this behavior can be easily configured via makepkg.conf.
It seems that sandbox and lib32-sandbox ported from Gentoo in AUR works fine on Arch.[2] So why don't Arch build packages in a sandbox? I admit that sandbox is not always safe, but it does protects.
Notes: [1]: scripts like this: rm -Rf ${pkgdirr}/home since ${pkgdirr} is mistyped, it will be `rm -Rf /home`
[2]: https:///aur.archlinux.org/packages/sandbox/ ... and https:///aur.archlinux.org/packages/lib32-sandbox/
Have you looked at devtools? Extra-*-build builds in a clean chroot. Besides, users should be reading pkgbuilds before running makepkg. - -- Sent from my Android Phone. Daniel Wallace Arch Linux Trusted User GTManfred -----BEGIN PGP SIGNATURE----- Version: APG v1.0.8 iQFUBAEBCAA+BQJRk8KGNxxEYW5pZWwgV2FsbGFjZSAoZ3RtYW5mcmVkKSA8ZGFu aWVsLndhbGxhY2VAZ2F0ZWNoLmVkdT4ACgkQX6XlVE8BDUheWAgAl8o6DEyRLoWO 01KXSUs9OSxhJrj1gRyZdUVAASAG9s7/aeed013ebuxuzgc7aNS4EdarZE8Qdouy 22LswIWWGYEFmmLHEFCgx6CJSCEKg7BRWctKDpiIfmbsBg1EfgdmdBM4g+Yu9Dzb jJ4lq8DtXSH9LR3E9bIitn6aaY+F0qaYu5FZou5XOIhbbXDcczT9X8GxqhfizHg3 Bji05o+DitSqGV87cIrHhNnSFZWIW1gb3bNE+9Cn0FduKFgupaMbPTubxgzvs3Tt /sIpgOYeJadrYNEoXpWuGgYOpe7g8b/8WpZno8cGFOTsRYaZZlEo49J5iA51ySga NxOK78/X6A== =MfIV -----END PGP SIGNATURE-----