In certain cases users should be prevented from installing
a port. To tell a user that a port should not be installed,
there are several make
variables that can
be used in a port's Makefile
. The value
of the following make
variables will be the
reason that is given back to users for why the port refuses to
install itself. Please use the correct
make
variable as each make variable conveys
radically different meanings to both users, and to automated
systems that depend on the Makefile
s,
such as the ports build
cluster, FreshPorts,
and portsmon.
BROKEN
is reserved for ports that
currently do not compile, install, or deinstall
correctly. It should be used for ports where the
problem is believed to be temporary.
If instructed, the build cluster will still attempt to try to build them to see if the underlying problem has been resolved. (However, in general, the cluster is run without this.)
For instance, use BROKEN
when a
port:
does not compile
fails its configuration or installation process
installs files outside of
${LOCALBASE}
does not remove all its files cleanly upon deinstall (however, it may be acceptable, and desirable, for the port to leave user-modified files behind)
FORBIDDEN
is used for ports that
contain a security vulnerability or induce grave concern
regarding the security of a FreeBSD system with a given
port installed (e.g., a reputably insecure program or a
program that provides easily exploitable services).
Ports should be marked as FORBIDDEN
as soon as a particular piece of software has a
vulnerability and there is no released upgrade. Ideally
ports should be upgraded as soon as possible when a
security vulnerability is discovered so as to reduce the
number of vulnerable FreeBSD hosts (we like being known
for being secure), however sometimes there is a
noticeable time gap between disclosure of a
vulnerability and an updated release of the vulnerable
software. Do not mark a port
FORBIDDEN
for any reason other than
security.
IGNORE
is reserved for ports that
should not be built for some other reason. It should be
used for ports where the problem is believed to be
structural. The build cluster will not, under any
circumstances, build ports marked as
IGNORE
. For instance, use
IGNORE
when a port:
compiles but does not run properly
does not work on the installed version of FreeBSD
requires FreeBSD kernel sources to build, but the user does not have them installed
has a distfile which may not be automatically fetched due to licensing restrictions
does not work with some other currently
installed port (for instance, the port depends on
www/apache20
but
www/apache22
is
installed)
If a port would conflict with a currently
installed port (for example, if they install a file in
the same place that performs a different function),
use
CONFLICTS
instead.
CONFLICTS
will set
IGNORE
by itself.
If a port should be marked IGNORE
only on certain architectures, there are two other
convenience variables that will automatically set
IGNORE
for you:
ONLY_FOR_ARCHS
and
NOT_FOR_ARCHS
. Examples:
A custom IGNORE
message can be
set using ONLY_FOR_ARCHS_REASON
and
NOT_FOR_ARCHS_REASON
. Per
architecture entries are possible with
ONLY_FOR_ARCHS_REASON_
and
ARCH
NOT_FOR_ARCHS_REASON_
.ARCH
If a port fetches i386 binaries and installs them,
IA32_BINARY_PORT
should be set. If
this variable is set, it will be checked whether the
/usr/lib32
directory is available
for IA32 versions of libraries and whether the kernel
has IA32 compatibility compiled in. If one of these two
dependencies is not satisfied, IGNORE
will be set automatically.
The strings should not be quoted. Also, the wording of the string should be somewhat different due to the way the information is shown to the user. Examples:
resulting in the following output from
make describe
:
All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/
Questions that are not answered by the
documentation may be
sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.