17.19 Marking a port BROKEN, FORBIDDEN, or otherwise not installable

In certain cases users should be prevented from installing a port. For instance, there may come a time when a particular port will contain a security vulnerability, will be radically broken and needs many hours of tender loving care, or is generally obsoleted, but for one reason or another should remain in the tree (and get fixed, right?). To tell a user that a port should not be installed, there are several make variables that can be used in a port's Makefile. The value of the following make variables will be the reason that is given back to users for why the port refuses to install itself. Please use the correct make variable as each make variable conveys radically different meanings to both users, and to automated systems that depend on the Makefiles, such as the ports build cluster, FreshPorts, and portsmon.

• BROKEN is reserved for ports that do not compile or install. This will prevent users from wasting their time trying to install the port. The build cluster will still attempt to try to build them to see if the underlying problem has been resolved.

• FORBIDDEN is used for ports that do contain a security vulnerability or induce grave concern regarding the security of a FreeBSD system with a given port installed (ex: a reputably insecure program or a program that provides easily exploitable services). Ports should be marked as FORBIDDEN as soon as a particular piece of software has a vulnerability and there is no released upgrade. Ideally ports should be upgraded as soon as possible when a security vulnerability is discovered so as to reduce the number of vulnerable FreeBSD hosts (we like being known for being secure), however sometimes there is a noticeable time gap between disclosure of a vulnerability and an updated release of the vulnerable software. Do not mark a port FORBIDDEN for any reason other than security.

• IGNORE is reserved for ports that should not be built for some other reason. The build cluster will not, under any circumstances, build ports marked as IGNORE. For instance, use IGNORE when a port:

  • compiles but does not run properly

  • does not work on the installed version of FreeBSD

  • requires FreeBSD kernel sources to build, but the user does not have them installed

  • has a distfile which may not be automatically fetched due to licensing restrictions

  • does not work with a currently installed port

  Note: If a port would conflict with a currently installed port, use CONFLICTS instead. CONFLICTS will set IGNORE by itself.

  If a port sould be marked IGNORE only on certain architectures, there are two other convenience variables that will automatically set IGNORE for you: ONLY_FOR_ARCHS and NOT_FOR_ARCHS. Examples:

  ONLY_FOR_ARCHS= i386 amd64
  

  NOT_FOR_ARCHS= alpha ia64 sparc64
  

Do remember that BROKEN and FORBIDDEN are to be used as a last resort if a port is not upgradeable. Permanently broken ports should be removed from the tree entirely.

When it makes sense to do so, users can be warned about a pending port removal with DEPRECATED and EXPIRATION_DATE. The former is simply a string stating why the port is scheduled for removal; the latter is a string in ISO 8601 format (YYYY-MM-DD). Both will be shown to the user.

It is possible to set DEPRECATED without an EXPIRATION_DATE (for instance, recommending a newer version of the port), but the converse does not make any sense.

There is no set policy on how much notice to give. Current practice seems to be one month for security-related issues and two months for build issues. This also gives any interested committers a little time to fix the problems.