In certain cases, users must be prevented from installing
a port. There are several variables that can be used in a
port's Makefile to tell the user that the
port cannot be installed. The value of
these make variables will be the
reason that is shown to users for why the port refuses to
install itself. Please use the correct make
variable. Each variable conveys radically different
meanings, both to users and to automated systems that depend on
Makefiles, such as
the ports build cluster,
FreshPorts, and
portsmon.
BROKEN is reserved for ports that
currently do not compile, install, deinstall, or run
correctly. Use it for ports where the problem
is believed to be temporary.
If instructed, the build cluster will still attempt to try to build them to see if the underlying problem has been resolved. (However, in general, the cluster is run without this.)
For instance, use BROKEN when a
port:
does not compile
fails its configuration or installation process
installs files outside of
${PREFIX}
does not remove all its files cleanly upon deinstall (however, it may be acceptable, and desirable, for the port to leave user-modified files behind)
has runtime issues on systems where it is supposed to run fine.
FORBIDDEN is used for ports that
contain a security vulnerability or induce grave concern
regarding the security of a FreeBSD system with a given port
installed (for example, a reputably insecure program or a program
that provides easily exploitable services). Mark ports
as FORBIDDEN as soon as a
particular piece of software has a vulnerability and there
is no released upgrade. Ideally upgrade ports
as soon as possible when a security vulnerability is
discovered so as to reduce the number of vulnerable FreeBSD
hosts (we like being known for being secure), however
sometimes there is a noticeable time gap between
disclosure of a vulnerability and an updated release of
the vulnerable software. Do not mark a port
FORBIDDEN for any reason other than
security.
IGNORE is reserved for ports that
must not be built for some other reason. Use it
for ports where the problem is believed to be
structural. The build cluster will not, under any
circumstances, build ports marked as
IGNORE. For instance, use
IGNORE when a port:
does not work on the installed version of FreeBSD
has a distfile which may not be automatically fetched due to licensing restrictions
does not work with some other currently installed port (for instance, the port depends on www/apache20 but www/apache22 is installed)
If a port would conflict with a currently
installed port (for example, if they install a file in
the same place that performs a different function),
use
CONFLICTS instead.
CONFLICTS will set
IGNORE by itself.
To mark a port as IGNOREd
only on certain architectures, there are two other
convenience variables that will automatically set
IGNORE:
ONLY_FOR_ARCHS and
NOT_FOR_ARCHS. Examples:
ONLY_FOR_ARCHS= i386 amd64
NOT_FOR_ARCHS= ia64 sparc64
A custom IGNORE message can be
set using ONLY_FOR_ARCHS_REASON and
NOT_FOR_ARCHS_REASON. Per
architecture entries are possible with
ONLY_FOR_ARCHS_REASON_
and
ARCHNOT_FOR_ARCHS_REASON_.ARCH
If a port fetches i386 binaries and installs them,
set IA32_BINARY_PORT. If this variable
is set, /usr/lib32 must be present
for IA32 versions of libraries and the kernel must support
IA32 compatibility. If one of these two
dependencies is not satisfied, IGNORE
will be set automatically.
Do not quote the values of BROKEN,
IGNORE, and related variables. Due to the
way the information is shown to the user, the wording of
messages for each variable differ:
BROKEN= fails to link with base -lcrypto
IGNORE= unsupported on recent versions
resulting in this output from
make describe:
===> foobar-0.1 is marked as broken: fails to link with base -lcrypto.
===> foobar-0.1 is unsupported on recent versions.
All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/
Questions that are not answered by the
documentation may be
sent to <[email protected]>.
Send questions about this document to <[email protected]>.