View Single Post
  #1   (View Single Post)  
Old 23rd March 2020
Sensucht94's Avatar
Sensucht94 Sensucht94 is offline
Real Name: Paolo Vincenzo Olivo
Shell Scout
 
Join Date: Oct 2017
Location: Rome
Posts: 104
Post share your mk.conf!: pkgsrc best practices

Greetings everybody; the idea of having a similar thread has crossed my mind a couple of times already, so I thought I'd better start one now that I have some more spare time.
Below the /etc/mk.conf I use on my Odroid C2. Replies - if ever there will be any - are very appreciated.
Code:
## GENERAL SETTINGS
# machine-specific workdirs
OBJMACHINE=yes
# sanity checks for shared libs
PKG_DEVELOPER=yes
# default pkg prefix
LOCALBASE=/usr/pkg
# build on tmpfs
WRKOBJDIR=/var/tmp/pkg
# sign pckgs with a trusted CA cert
SIGN_PACKAGES=x509
X509_CERTIFICATE=/etc/openssl/certs/pkgsrc.crt
X509_KEY=/etc/openssl/private/pkgsrc.key
# where to store generated packages
PACKAGES?=${_PKGSRCDIR}/packages/${MACHINE_ARCH}
# used to elevate privileges
.if exists(${LOCALBASE}/bin/doas)
SU_CMD=${LOCALBASE}/bin/doas /bin/sh -c
.endif
# default 'make clean' on deps
CLEANDEPENDS=YES
# use binary packages for dependencies
UPDATE_TARGET=bin-install
BINPKG_SITES=$(${LOCALBASE}/bin/gawk '{ print $2 }' FS='=' /etc/pkg_install.conf)

## FETCHING DISTFILES
# resume downloads 
PKG_RESUME_TRANSFERS=YES
# fetch using wget
.if exists(${LOCALBASE}/bin/wget)
FETCH_CMD=${LOCALBASE}/bin/wget
.endif
FETCH_BEFORE_ARGS=–passive-ftp
FETCH_RESUME_ARGS=-c
FETCH_OUTPUT_ARGS=-O
# preferred domains list
MASTER_SORT=.eu .it .ch .at .fr .de .es .nl .uk .at .be .cz .pl .se .fi .no .dk

## HARDENING
ALLOW_VULNERABLE_PACKAGES=NO
# stack protector
PKGSRC_USE_SSP?=strong
# fortify source
PKGSRC_USE_FORTIFY?=strong
# position-independent executables
PKGSRC_MKPIE?=yes
# link with RELRO
#PKGSRC_USE_RELRO?=partial
# stack boundary verification
PKGSRC_USE_STACK_CHECK?= yes

## OPTIMIZATIONS
MAKE_JOBS=4
GZIP?=--fast
CPUFLAGS+=-O3 -pipe -fomit-frame-pointer -mcpu=cortex-a53 -mtune=cortex-a53 -mfpu=neon-fp16 -mfloat-abi=hard -funsafe-math-optimizations 

## PKG_ALTERNATIVES
PYTHON_VERSION_DEFAULT=37
LUA_VERSION_DEFAULT=53
PHP_VERSION_DEFAULT=71
RUBY_VERSION_DEFAULT=24
# avoid linking against outdated libs
PREFER_PKGSRC?=MesaLib Xft2 Xrandr Xrender expat fontconfig freetype2 glu openssl pixman xcursor

## LICENSES
ACCEPTABLE_LICENSES+=erlang-public-license gnu-agpl-v3 lame-license ms-ttf-license no-commercial-use opemotif-license public-domain unrar-license ruby-license sendmail-open-source-license  sun-jdk14-license vim-license xv-license
__________________
“Mi casa tendrá dos piernas y mis sueños no tendrán fronteras„

Last edited by Sensucht94; 24th March 2020 at 09:57 AM. Reason: fix typo
Reply With Quote