Port Flavors

While control of the build process gives a great many possibilities for software customization, where the OpenBSD ports system really shines is in its use of flavors. A flavor is a specific customization of a port, which allows you to build a custom package in a predefined way. Many pieces of open-source software are extremely flexible, and can be built with support for many different tools. The OpenBSD ports team has integrated these build options with the ports system, so that by setting a flavor you can tell the port to build in particular ways.

Let's look at a particular example. One of my favorite tools for network management is the Snort (http://www.snort.org/) intrusion detection system. Snort can examine every packet that comes across a network interface and sends alerts if the packet appears to be part of an attack. Snort can send messages to the system logger syslogd(8), or if you compile it properly it can send alerts to databases or Windows workstations, and even attempt to kill hostile connections. These fancy options require add-on software and special compilation settings, however. OpenBSD sets these as flavors. Each port's DESCR file lists any flavors that the port supports, so let's check out /usr/ports/net/snort/pkg/DESCR. At the end of this file, you'll see:

 ... Available flavors:         postgresql - enable postgresql database logging support         mysql      - enable mysql database logging support         smbalert   - enable samba logging support         flexresp   - enable dynamic connection killing support 

If you want to know more about how these features work, you'll need to check out the documentation for the software itself. For example, to learn how to set up SMB alerts for Snort, I'll go check out the Snort home page. In this case I want to log Snort output to a Postgresql database, send alerts to help desk technicians, and cut off connections of certain types. These features are controlled by the flavors "postgresql," "smbalert," and "frexresp."

Whenever a port builds, it looks for flavors in the environment variable FLAVORS. You probably don't want to define these environment variables permanently, but they're easy enough to include on the command line when building the port.

 # env FLAVOR="postgresql smbalert flexresp" make install 

The port will make the necessary changes to the code (generally, adding flags to compilation or configure instructions) and add the appropriate dependencies to enable these functions.

The completed port and package name will include the flavors chosen. For example, this port will show up in /var/db/pkg as "snort-1.8.6-postgresql-smbalert-flexresp," and the package in /usr/ports/packages/i386/net will be called "snort-1.8.6-postgresql-smbalert-flexresp .tgz."

This makes it very simple to build many different flavors of a single package. Perhaps you have some systems where you want Snort to run without any of these add-on features or with only one or two of these. You can build many different packages on one high-powered workstation and then install the packages on the system you want it to run on.