[pacman-dev] [suggestion] Sandboxed package building

BlissSam m13253 at hotmail.com
Wed May 15 12:26:04 EDT 2013

It is well known that Gentoo builds packages in a sandbox environment. It protects from badly written build scripts [1] as well as some other threats.

I suggest that ArchLinux can build packages in such a sandbox, and this behavior can be easily configured via makepkg.conf.

It seems that sandbox and lib32-sandbox ported from Gentoo in AUR works fine on Arch.[2] So why don't Arch build packages in a sandbox? I admit that sandbox is not always safe, but it does protects.

scripts like this: rm -Rf ${pkgdirr}/home
since ${pkgdirr} is mistyped, it will be `rm -Rf /home`

... and https:///aur.archlinux.org/packages/lib32-sandbox/ 		 	   		  

More information about the pacman-dev mailing list