On Wed, May 15, 2013 at 6:26 PM, BlissSam <m13253@hotmail.com> wrote:
It is well known that Gentoo builds packages in a sandbox environment. It protects from badly written build scripts [1] as well as some other threats.
I suggest that ArchLinux can build packages in such a sandbox, and this behavior can be easily configured via makepkg.conf.
It seems that sandbox and lib32-sandbox ported from Gentoo in AUR works fine on Arch.[2] So why don't Arch build packages in a sandbox? I admit that sandbox is not always safe, but it does protects.
Notes: [1]: scripts like this: rm -Rf ${pkgdirr}/home since ${pkgdirr} is mistyped, it will be `rm -Rf /home`
Seriously, but isn't that why makepkg shouldn't be executed as root user? Arch's build system essentially does this by implementing the temporary root dir in $pkgdir. This is a terrible example, since I'm fairly sure pkgdir is not available in *.install functions, and you're not supposed to meddle with installed files in that part. Please first read about abs and how it comes with its own safeties. cheers! mar77i