On 2022/09/08 10:29:27 +0200, prx <p...@si3t.ch> wrote:
> * Omar Polo <o...@omarpolo.com> le [07-09-2022 17:19:02 +0200]:
> > some nits:
> >
> > - don't start COMMENT with "an"
> > - double empty line before .include <bsd.port.mk>
> > - in @newuser drop :daemon: so that it reads:
> >
> > @newuser _iblock:884:884::iblock inetd user:/nonexistent:/sbin/nologin
> >
> > (yep, with the double ::)
> >
> > - the sample commands in the README could use '#' instead of '$' as
> > prompt. it's probably not done consistenly across all READMEs, but
> > I think it's better to use '#' for commands that needs to be
> > executed as super-user and '$' otherwise. rcctl(8) falls in the
> > first category.
> >
> > - the build doesn't respect CC and CFLAGS. For ${CC} the makefile
> > just needs an
> >
> > MAKE_FLAGS = CC="${CC}"
> >
> > for CFLAGS other than your latest patch upstream we usually drop
> > optimizations flags like -Os, so after it is updated that should be
> > taken care of.
> >
>
> Thank you for checking this.
imported with an ok from solene@ :)
> > regarding the port itself I think it's a nice idea but i don't
> > particularly like how it "shells out" to pfctl. it helps that the
> > code is very, very short (56 lines counting blanks and #includes), but
> > i'd probably prefer it if used pf(4)' ioctls. that's just me tho :)
> >
>
> I understand.
> I guess doas was preffered for privileges separation.
> I'll look into pf(4) and see where it leads.
nah, scratch that, I didn't noticed that DIOCRADDADDRS isn't covered
by the `pf' pledge ^^' (and even if it were, running this with root
privileges is not that great either)
