[pacman-dev] [suggestion] Sandboxed package building

Daniel Wallace danielwallace at gtmanfred.com
Wed May 15 13:14:46 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

BlissSam <m13253 at hotmail.com> wrote:

>It is well known that Gentoo builds packages in a sandbox environment.
>It protects from badly written build scripts [1] as well as some other
>threats.
>
>I suggest that ArchLinux can build packages in such a sandbox, and this
>behavior can be easily configured via makepkg.conf.
>
>It seems that sandbox and lib32-sandbox ported from Gentoo in AUR works
>fine on Arch.[2] So why don't Arch build packages in a sandbox? I admit
>that sandbox is not always safe, but it does protects.
>
>
>
>Notes:
>[1]:
>scripts like this: rm -Rf ${pkgdirr}/home
>since ${pkgdirr} is mistyped, it will be `rm -Rf /home`
>
>[2]:
>https:///aur.archlinux.org/packages/sandbox/
>... and https:///aur.archlinux.org/packages/lib32-sandbox/

Have you looked at devtools? Extra-*-build builds in a clean chroot. Besides, users should be reading pkgbuilds before running makepkg.
- --
Sent from my Android Phone.
Daniel Wallace
Arch Linux Trusted User
GTManfred
-----BEGIN PGP SIGNATURE-----
Version: APG v1.0.8

iQFUBAEBCAA+BQJRk8KGNxxEYW5pZWwgV2FsbGFjZSAoZ3RtYW5mcmVkKSA8ZGFu
aWVsLndhbGxhY2VAZ2F0ZWNoLmVkdT4ACgkQX6XlVE8BDUheWAgAl8o6DEyRLoWO
01KXSUs9OSxhJrj1gRyZdUVAASAG9s7/aeed013ebuxuzgc7aNS4EdarZE8Qdouy
22LswIWWGYEFmmLHEFCgx6CJSCEKg7BRWctKDpiIfmbsBg1EfgdmdBM4g+Yu9Dzb
jJ4lq8DtXSH9LR3E9bIitn6aaY+F0qaYu5FZou5XOIhbbXDcczT9X8GxqhfizHg3
Bji05o+DitSqGV87cIrHhNnSFZWIW1gb3bNE+9Cn0FduKFgupaMbPTubxgzvs3Tt
/sIpgOYeJadrYNEoXpWuGgYOpe7g8b/8WpZno8cGFOTsRYaZZlEo49J5iA51ySga
NxOK78/X6A==
=MfIV
-----END PGP SIGNATURE-----



More information about the pacman-dev mailing list