original idea from jsyn@, discussed and first tests at c2k3
Warning!
- this commit is different from all patches sent around, please remove
them before updating
- due to a few bugs in systrace this is currently not ready for the casual
porter and several ports will fail to build, you've been warned
The idea of this patch is to help a porter when developing a new port.
With systrace the configure, build and fake stages are not allowed to
open network connections or write outside some well defined directories.
This way misbehaving programs will be noticed due to logfile entries in
/var/log/messages and the port can be fixed. There is generally no need
for endusers to use this, as the checksum ensures that ports in the
future will behave the same as they did when porting. :)
To activate systrace'd port building, set USE_SYSTRACE=Yes (e.g. in
/etc/mk.conf)
tested by some people, ok espie@
by ports have to have a leading '_' and a fixed id. They have also to
be added to db/user.list.
user.db and createuser are not used and are superfluous now.
I shouldn't have to do this. This should have been spotted by the loser
who changed tcsh's Makefile. Brad should have noticed it no longer builds
and fixed this, along with mtree/BSD.local.dist...
if a port sets FAKE=Yes, this means it can be `pre'-installed elsewhere,
with DESTDIR set to WRKINST (=work/fake-${ARCH} by default).
the infrastructure takes care of pre-install/do-install/post-install targets,
assuming those install stuff under PREFIX.
To help ports to cope with DESTDIR, you can set FAKE_FLAGS and FAKE_TARGET
(used for the fake installation).
Ports with FAKE=Yes are the way to go: they can be packaged directly without
a real installation, and the installation proceeds from the package, thus
forcing porters to check the package.
