new dependency for emacs-nox11

Vick Khera vivek at khera.org
Fri Nov 7 16:55:49 UTC 2014 

On Fri, Nov 7, 2014 at 10:27 AM, Lowell Gilbert <
freebsd-ports-local at be-well.ilk.org> wrote:

> Vick Khera <vivek at khera.org> writes:
>
> > Emacs 24.4 update in ports pulls in a new dependency: desktop-file-utils.
> > This in turn pulls in a big swath of additional packages including
> python,
> > perl, pcre, glib.
>
> I don't think so. desktop-file-utils doesn't seem to pull in anything
> that isn't already required for emacs (glib being the big one, and
> libintl the only other, according to "pkg info"). What makes you say
> otherwise?
>

On one of my servers, I run "pkg install emacs-nox11" from my repo, which
is build using poudriere with these options

Options        :
ACL            : off
ALSA           : off
DBUS           : off
FILENOTIFY     : off
GNUTLS         : off
LTO            : off
OSS            : off
SOUND          : off
SOURCES        : on
XML            : on

The pkg install says it will pull in the following:

New packages to be INSTALLED:
emacs-nox11: 24.4,3
desktop-file-utils: 0.22_3
pcre: 8.35_1
glib: 2.36.3_4
python27: 2.7.8_6
libffi: 3.0.13_3

Compare old emacs 24.3 to 24.4 requirements:

% pkg info -dr emacs-nox11
emacs-nox11-24.3_14,3
Depends on     :
libxml2-2.9.2_2
indexinfo-0.2

# pkg info -dr emacs-nox11
emacs-nox11-24.4,3
Depends on     :
libxml2-2.9.2_2
indexinfo-0.2
desktop-file-utils-0.22_3


Chasing down the chain we see that desktop-file-utils is what pulled in
pcre and glib, and that glib pulled in python (which pulls in libffi). I
already had perl, gettext, and libiconv from other dependencies installed.


>
> > Is there a way that the port could be tweaked so that the desktop
> utilities
> > are not installed when there is no desktop (ie, the nox11 variant)? My
> goal
> > is to have a minimal footprint of software on my servers so I do not have
> > to security audit all this extra software.
>
> Yes, leaving that out seems fine. However, the footprint seems to be
> just a couple of command-line programs totalling 150KB, plus manuals and
> an elisp file for an editing mode. I don't currently have an
> X-library-free build environment, so unfortunately I can't make a
> definitive check on that statement.
>

Any non-zero footprint has the potential to open up security holes. The
size is not really the issue. I'm also personally unclear why glib needs
perl and python as a run-time dependency, but that's only from a cursory
look at it.

More information about the freebsd-ports mailing list