GitLab

Since HardenedBSD uses filesystem extended attributes to toggle exploit mitigations on a per-application basis, teach pkg how to work with filesystem extended attributes.

Multiple solutions can solve this problem. The tar file format, which pkg uses, supports filesystem extended attributes. If libarchive has that same support, pkg could probably tell libarchive to include filesystem extended attributes in the build artifact (.txz).

Another method would be to include metadata in the package's +MANIFEST file that would instruct pkg to set filesystem extended attributes post-extraction.

Ideally, I would prefer the first solution (libarchive integration) as that seems the most straight-forward. The second option is acceptable iff the first solution doesn't pan out.