15 May
2013
15 May
'13
4:26 p.m.
It is well known that Gentoo builds packages in a sandbox environment. It protects from badly written build scripts [1] as well as some other threats. I suggest that ArchLinux can build packages in such a sandbox, and this behavior can be easily configured via makepkg.conf. It seems that sandbox and lib32-sandbox ported from Gentoo in AUR works fine on Arch.[2] So why don't Arch build packages in a sandbox? I admit that sandbox is not always safe, but it does protects. Notes: [1]: scripts like this: rm -Rf ${pkgdirr}/home since ${pkgdirr} is mistyped, it will be `rm -Rf /home` [2]: https:///aur.archlinux.org/packages/sandbox/ ... and https:///aur.archlinux.org/packages/lib32-sandbox/