| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 07/04/2012 01:58 PM, Michał Górny wrote: |
| 5 |
> On Wed, 4 Jul 2012 19:46:47 +0200 |
| 6 |
> Tobias Klausmann <klausman@g.o> wrote: |
| 7 |
> |
| 8 |
>> Recently, I have again bumped into the question whether one |
| 9 |
>> should compile the kernel as root. One of the things that puzzles |
| 10 |
>> me is why almost every HowTo, blog post and book recommends |
| 11 |
>> building as non-root -- yet basically no distribution /helps/ the |
| 12 |
>> user with doing that. |
| 13 |
>> |
| 14 |
>> I've discussed this with a few people on #gentoo-dev and they've |
| 15 |
>> provided valuable insight (thanks AxS, Chainsaw and WilliamH), so |
| 16 |
>> I have gathered the results so far here: |
| 17 |
>> |
| 18 |
>> http://blog.i-no.de/archives/2012/07/index.html#e2012-07-04T19_28_32.txt |
| 19 |
>> |
| 20 |
>> Feel free to comment (ideally here). Note that I'm aiming for a |
| 21 |
>> solution that is not (overly) Gentoo-specific. |
| 22 |
> |
| 23 |
> There's a very simple yet custom solution I'm using. Shortly saying: |
| 24 |
> checkout the kernel git to /usr/src/linux and chown to your user. As |
| 25 |
> far as it goes, it's superior to having kernel sources installed by |
| 26 |
> ebuilds. |
| 27 |
> |
| 28 |
> I just have to remember to do 'git fetch' from time to time and 'git |
| 29 |
> merge' whenever a new version is tagged. |
| 30 |
> |
| 31 |
|
| 32 |
Honestly I'm not certain if there is an easy way to do this.... |
| 33 |
|
| 34 |
Obvious easy way, make the ebuilds install the kernel sources and chown |
| 35 |
root.users then chmod g+w. Of course, after this any user could trojan |
| 36 |
the kernel... |
| 37 |
|
| 38 |
We could allow writes in the directories but not to the kernel source |
| 39 |
files themselves... that seems moderately sane even as the source files |
| 40 |
don't need to be written to be compiled, only the dir's need write |
| 41 |
permissions... |
| 42 |
|
| 43 |
Thoughts? |
| 44 |
|
| 45 |
- -Zero |
| 46 |
-----BEGIN PGP SIGNATURE----- |
| 47 |
Version: GnuPG v2.0.19 (GNU/Linux) |
| 48 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
| 49 |
|
| 50 |
iQIcBAEBAgAGBQJP9IlzAAoJEKXdFCfdEflK2r0P/1vM8la8nR6ZmZ4jkvMwSTnL |
| 51 |
pEdbHKtYB3BbwBySpGPDWslxZ+CGAAlpsTTXDKhSnIB73IKZL1zzWylD7VVrIt/s |
| 52 |
ezpB2LDnZx2uae46CBMYh7fIzt3d4/so4Yprfpx45H89lcoTkfKai3xVkb2T/cQC |
| 53 |
uP8XmeM0CO5wcwOEJD1FADmkThkOa1tunphr+jWZ3S09hJ9UZ/Zbk+zZr7+XTHG8 |
| 54 |
xJui8G6cdOsLOXdcQALIJzGDvUID++hJ4LVMr+JIGwfvrjQkwrGikB8WMH61Ftcs |
| 55 |
Qvc1cidsTQEw4UZeGtYBy8BELpJaH00PTtoupCcOxq7luIz6F4QYQm8X2nIBliHX |
| 56 |
rpnwll08tbAZl5Dt1XsndHWiEevn8VWUIQrJSeeV/McayCjTUJAV9gcbksKASS6V |
| 57 |
XXaJfUpeinUbOzjTIXscBOyd5HM60lU0IdprvczXop/q8nOUovQt04u69J3v6Fkc |
| 58 |
W9Z8mugrRLTGr5XP6pMpfeLGzrmMYNRzPVx6eZb3a2+b/vi1gS0KlDeMbaed7CPI |
| 59 |
BIBZbrn7rUWjnOv8bifcJZ6FIRhTpqG4azcLrb9RXyR7OxO+1rA82uc1+GLMhBHI |
| 60 |
YYFVWUijIIE8lgcremmEYSqHpyGUWUNYBz7M+7MHA9I1hG7VMvbuPpnlXPZxuvqI |
| 61 |
5nyGGNnZtPtf1Pc+csKC |
| 62 |
=8V1a |
| 63 |
-----END PGP SIGNATURE----- |
Archives