search

essandess / macOS-Fortress

Firewall and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers with Anti-Virus On-Demand and On-Access Scanning (PF, squid, privoxy, hphosts, dshield, emergingthreats, hostsfile, PAC file, clamav)
MIT License
421 stars 51 forks source link

have you considered homebrew? #3

Closed arronmabrey closed 5 years ago

arronmabrey commented 7 years ago

Hello,

Thanks for putting this together!

I was reading through the readme-and-install.sh and noticed the use of macports? Is there a technical reason for this choice over homebrew? Or is it a personal choice?

In trying to understand some of the pros/cons of macports vs homebrew. One of the issues I found is it seems that macports requires the use of sudo, and homebrew does not.

It seems like homebrew could be considered marginally safer in that regard, do you have any thoughts on this?

Thanks, -- Arron

essandess commented 7 years ago

Homebrew is great.

My personal preference is MacPorts because I prefer to run natively compiled binaries, especially for computationally intensive applications. I have observed significant performance differences between native and pre-built binaries, so I almost always go native.

But everything here will work with homebrew installs too.

My recommendation would be to choose the option that best suits your setup and stick with it. And if you have real concerns about sudo security, this would be a much bigger issue for you than homebrew versus macports.

Moscarda commented 7 years ago

I wouldn't call myself a developer, but I do dabble enough to know about package managers and that I prefer Homebrew to MacPorts. I know you said that everything here will work with brew, but where in the installation process is it invoked and how?

essandess commented 7 years ago

where in the installation process is it invoked and how?

readme-and-install.sh. I'm not a brew expert, but it's a simply a matter if replacing port install with brew install, and replacing the necessary install directories with the ones that brew install. Macports goes in /opt/local. Not sure about brew.

savyajha commented 7 years ago

Homebrew allows for local compilation as well. You can simply export HOMEBREW_BUILD_FROM_SOURCE (set it to any value).

essandess commented 7 years ago

Thanks.

It should not take much work or time to fork this repo and edit readme-and-install.sh to use brew rather than port.

The only reason I haven’t tackled this myself are that brew and port don’t play nicely together on the same box, and I’m not familiar with homebrew package install specifics.

All the work in this repo is in the configuration files, which will be the same for either package manager.

ourway commented 6 years ago

Any updates for brew?

noyannus commented 6 years ago

Homebrew may not have the same tool versions, and some not at all. You can get the missing ones with pip3, but the version compatibility is unclear to me.

After getting the complete history for homebrew with ..

git -C "$(brew --repo homebrew/core)" fetch --unshallow

.. and searching homebrew for the tools to install in the script's line..

$SUDO $PORT install wget gnupg p7zip pcre squid3 privoxy nginx nmap python36 py36-scikit-learn py36-matplotlib py36-numpy

with

brew info wget gnupg p7zip pcre squid3 privoxy nginx nmap python36 py36-scikit-learn py36-matplotlib py36-numpy | grep Error

we find the missing:

Error: No available formula with the name "squid3" Error: No previously deleted formula found. Error: No available formula with the name "python36" Error: No previously deleted formula found. Error: No available formula with the name "py36-scikit-learn" Error: No previously deleted formula found. Error: No available formula with the name "py36-matplotlib" Error: No previously deleted formula found. Error: No available formula with the name "py36-numpy" Error: No previously deleted formula found.

Disregarding versions, we can get from homebrew:

squid: stable 3.5.27 python: stable 3.6.5 numpy: stable 1.14.3

and from pip3:

scikit-learn (0.19.1) matplotlib (2.2.2)

After replacing Macports with Homebrew and Pip3 we also need fixing the differing installation and symlink directories.

Who's gonna try?

genevera commented 6 years ago

@noyannus @essandess have a look at my PR (https://github.com/essandess/macOS-Fortress/pull/6) - it should do the trick though tbh I don't have a VM to test this on.

essandess commented 5 years ago

I’ve looked more into Homebrew and see that its security model is incompatible with this repo. I cannot personally recommend Homebrew’s approach, especially for a repo that does its best to keep things locked down.

All of the tools in this repo should be installed and controlled securely at the system level with sudo. Homebrew avoids sudo by taking over permissions in /usr/local. This won’t work here.

For more details on the issues that can arise with Homebrew’s approach, I agree with much of the criticism in this post: https://saagarjha.com/blog/2019/04/26/thoughts-on-macos-package-managers/.