diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2016-11-19 14:20:59 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2016-11-19 14:20:59 +0000 |
| commit | ccf229da8b6ad74b119b67a457df5ace214ff285 (patch) | |
| tree | 8d486a891162fd87fae214c24069cebbadfd30b5 /share/mk | |
| parent | b000445053ca3f94bebf6ddc651e5ce4e3c9ea66 (diff) | |
Enable builds with a dedicated user that cannot elevate privileges or write
to /usr/src or /usr/xenocara.
Change /usr/{,x}obj to owner build:wobj with mode 770 and install the
systemwide makefiles before starting a build. The root of the noperm fs
containing DESTDIR should also be owned by build:wobj.
Developers will need to add their users to group wobj to be able to write
to /usr/{,x}obj/.
"push forward" deraadt; testing, input & ok rpe
Diffstat (limited to 'share/mk')
| -rw-r--r-- | share/mk/bsd.obj.mk | 24 | ||||
| -rw-r--r-- | share/mk/bsd.own.mk | 6 |
2 files changed, 19 insertions, 11 deletions
diff --git a/share/mk/bsd.obj.mk b/share/mk/bsd.obj.mk index c1414027d57..1635d7cd8d3 100644 --- a/share/mk/bsd.obj.mk +++ b/share/mk/bsd.obj.mk @@ -1,4 +1,4 @@ -# $OpenBSD: bsd.obj.mk,v 1.15 2016/10/06 15:34:18 natano Exp $ +# $OpenBSD: bsd.obj.mk,v 1.16 2016/11/19 14:20:58 tb Exp $ # $NetBSD: bsd.obj.mk,v 1.9 1996/04/10 21:08:05 thorpej Exp $ .if !target(obj) @@ -16,18 +16,23 @@ _SUBDIRUSE: obj! _SUBDIRUSE @cd ${.CURDIR}; \ + umask ${WOBJUMASK}; \ + here=`/bin/pwd`; bsdsrcdir=`cd ${BSDSRCDIR}; /bin/pwd`; \ + subdir=$${here#$${bsdsrcdir}/}; \ if [[ `id -u` -eq 0 && ${BUILDUSER} != root ]]; then \ - SETOWNER="chown -h ${BUILDUSER}"; \ - _mkdirs() { \ - su ${BUILDUSER} -c "mkdir -p $$1"; \ - }; \ - MKDIRS=_mkdirs; \ + SETOWNER="chown -h ${BUILDUSER}:${WOBJGROUP}"; \ + if [[ $$here != $$subdir ]]; then \ + _mkdirs() { \ + su ${BUILDUSER} -c "mkdir -p $$1"; \ + }; \ + MKDIRS=_mkdirs; \ + fi; \ + elif [[ $$here == $$subdir ]]; then \ + SETOWNER="chown :${WOBJGROUP}"; \ else \ - MKDIRS="mkdir -p"; \ SETOWNER=:; \ fi; \ - here=`/bin/pwd`; bsdsrcdir=`cd ${BSDSRCDIR}; /bin/pwd`; \ - subdir=$${here#$${bsdsrcdir}/}; \ + [[ -z $$MKDIRS ]] && MKDIRS="mkdir -p"; \ if test $$here != $$subdir ; then \ dest=${BSDOBJDIR}/$$subdir ; \ echo "$$here/${__objdir} -> $$dest"; \ @@ -53,6 +58,7 @@ obj! _SUBDIRUSE if test ! -d ${__objdir} ; then \ echo "making $$dest" ; \ $$MKDIRS $$dest; \ + $$SETOWNER $$dest; \ fi ; \ fi; . endif diff --git a/share/mk/bsd.own.mk b/share/mk/bsd.own.mk index 82d33d688f4..d2db1871218 100644 --- a/share/mk/bsd.own.mk +++ b/share/mk/bsd.own.mk @@ -1,4 +1,4 @@ -# $OpenBSD: bsd.own.mk,v 1.180 2016/10/05 18:00:41 natano Exp $ +# $OpenBSD: bsd.own.mk,v 1.181 2016/11/19 14:20:58 tb Exp $ # $NetBSD: bsd.own.mk,v 1.24 1996/04/13 02:08:09 thorpej Exp $ # Host-specific overrides @@ -128,7 +128,9 @@ DEFAULT_PIE_DEF=-DPIE_DEFAULT=1 NOPROFILE= .endif -BUILDUSER?= ${USER} +BUILDUSER?= build +WOBJGROUP?= wobj +WOBJUMASK?= 007 BSD_OWN_MK=Done |