[pacman-dev] [suggestion] Sandboxed package building
BlissSam
m13253 at hotmail.com
Wed May 15 12:26:04 EDT 2013
It is well known that Gentoo builds packages in a sandbox environment. It protects from badly written build scripts [1] as well as some other threats.
I suggest that ArchLinux can build packages in such a sandbox, and this behavior can be easily configured via makepkg.conf.
It seems that sandbox and lib32-sandbox ported from Gentoo in AUR works fine on Arch.[2] So why don't Arch build packages in a sandbox? I admit that sandbox is not always safe, but it does protects.
Notes:
[1]:
scripts like this: rm -Rf ${pkgdirr}/home
since ${pkgdirr} is mistyped, it will be `rm -Rf /home`
[2]:
https:///aur.archlinux.org/packages/sandbox/
... and https:///aur.archlinux.org/packages/lib32-sandbox/
More information about the pacman-dev
mailing list