On Tue, 27 Feb 2018, Marcin Cieslak wrote: > On Sun, 25 Feb 2018, Yuri wrote: > > > On 02/25/18 05:37, Marcin Cieslak wrote: > > > Yes, this is my private port that I am using to produce FreeBSD binaries > > > for node-sass. Getting binary npm modules into our ports tree is another > > > conversation. > > > > > > The problem here is that a whole thing worked for me before for months > > > so I am aware of all those limitations for particular build phases > > > (it took me long to figure out that). > > > > > > npm is an extremely volatile technology. Some package might work now, and > > then > > break in a week due to a dependency package update. > > > > It continuously automatically updates files that are downloaded as > > dependencies. > > > > NodeJS is largely incompatible with the FreeBSD ports system because of this > > volatility. > > > > NodeJS is also a very insecure technology. It brings files directly from > > github without any vetting. So if somebody will update some github package > > with malware, it is extremely likely that next day this malware will end up > > on > > your production servers. There is nobody in between, you have to always > > trust > > hundreds of parties. > > I think I have some idea how we can tame this somewhat without allowing for > a wild fetch. > > It seems that I need to learn more about the code that checks the completness > of the distfiles, since "make checksum" insists on redoing things all again: > > # rm -rf distinfo > # make makesum >
(...) So I don't know what has changed and why but the temporary fix is to use "if" to check if the desired files are not already there, and then proceeding with "post-fetch" only if the files are not found. Marcin
smime.p7s
Description: S/MIME Cryptographic Signature
