On Wed, Oct 14, 2015 at 02:57:33AM +0200, Jose V Beneyto wrote: [...]
I successfully installed the ISO on a new laptop but I think I found an issue with xorg-server and harfbuzz. xorg-server is linked against harfbuzz and also glib (harfbuzz requires cairo which requires glib)
[...]
I rebuild freetype, fontconfig and xorg-libxft from ports with harfbuzz not installed but when I tried to compile xorg-server again I got this error message:
make[5]: Leaving directory '/usr/ports/xorg/xorg-server/work/src/xorg-server-1.17.2/hw/xfree86/dixmods' CCLD Xorg libtool: link: cannot find the library `/usr/lib/libharfbuzz.la' or unhandled argument `/usr/lib/libharfbuzz.la' Makefile:794: recipe for target 'Xorg' failed make[4]: *** [Xorg] Error 1
Many thanks for testing and the detailed report. Indeed you found a issue with missing dependencies in our ports. Actually we have a cyclic dependency between freetype and harfbuzz, both depends on each other, so it's not possible to add harfbuzz to the deps of freetype or fontconfig. To solve the issue I'd suggest to add harfbuzz to the deps of xorg-libxft.
Is there a way to compile xorg-server without harfbuzz, or should it be added to the ISO?
It's part of the ISO but not installed if you select the xorg meta port.
Any idea?
Another thing I would like to comment is about the fact that tcp_wrappers was removed. I've never needed to use tcp wrappers but I have to admit I do not want to lose the protection they provided. So with tcp_wrappers, by default in CRUX is to deny all TCP traffic.
But only for services that works with libwrap, which are only a few. Lately libwrap support got removed from openssh, I guess other will follow.
Are there any plans to add somewhere a iptables script with the chains (and/or policies) defaulting to DROP, or at least for the INPUT chain?
Not yet. Let's see if we get some ideas from our users ;) best regards Juergen