diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2016-11-19 14:20:59 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2016-11-19 14:20:59 +0000 |
| commit | ccf229da8b6ad74b119b67a457df5ace214ff285 (patch) | |
| tree | 8d486a891162fd87fae214c24069cebbadfd30b5 /etc | |
| parent | b000445053ca3f94bebf6ddc651e5ce4e3c9ea66 (diff) | |
Enable builds with a dedicated user that cannot elevate privileges or write
to /usr/src or /usr/xenocara.
Change /usr/{,x}obj to owner build:wobj with mode 770 and install the
systemwide makefiles before starting a build. The root of the noperm fs
containing DESTDIR should also be owned by build:wobj.
Developers will need to add their users to group wobj to be able to write
to /usr/{,x}obj/.
"push forward" deraadt; testing, input & ok rpe
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/Makefile | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/Makefile b/etc/Makefile index fdada477dfa..155e4ae2c58 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.444 2016/11/05 09:14:37 rpe Exp $ +# $OpenBSD: Makefile,v 1.445 2016/11/19 14:20:58 tb Exp $ TZDIR= /usr/share/zoneinfo LOCALTIME= Canada/Mountain @@ -238,6 +238,9 @@ release: .else release: + umask ${WOBJUMASK}; exec ${MAKE} do-release + +do-release: @if [[ `id -u` -ne 0 ]]; then \ echo $@ must be called by root >&2; \ false; \ @@ -273,7 +276,7 @@ sha: .endif # DESTDIR check distrib: - cd ../distrib && \ + umask 022; cd ../distrib && \ ${MAKE} && exec ${MAKE} install .PHONY: distribution-etc-root-var distribution distrib-dirs \ |