Hitchhiker's Guide to Openbsd
- Configuration of the ports system
Download 1.27 Mb. Pdf ko'rish
|
obsd-faq49
|
15.3.3 - Configuration of the ports system
NOTE: This section introduces some additional global settings for building applications from ports. You can skip this section, but then you will be required to perform many of the make(1) statements in the examples as root. Because the OpenBSD project does not have the resources to fully review the source code of all software in the ports tree, you can configure the ports system to take a few safety precautions. The ports infrastructure is able to perform all building as a regular user, and perform only those steps that require superuser privileges as root. Examples are the fake and install make targets. However, because root privileges are always required at some point, the ports system will not save you when you decide to build a malicious application. ● You can set up sudo(8) and have the ports system use it for tasks requiring superuser permissions. Just add a line to /etc/mk.conf containing SUDO=/usr/bin/sudo ● You can modify the ownerships of the ports tree so that you can write there as a regular user. In this case, the regular user has been added to the wsrc group, and the underlying directories are made group writable. # chgrp -R wsrc /usr/ports # find /usr/ports -type d -exec chmod g+w {} \; ● You can have the ports system use systrace(1) by adding the following to /etc/mk.conf http://www.openbsd.org/faq/faq15.html (13 of 27)9/4/2011 10:02:29 AM 15 - The OpenBSD packages and ports system USE_SYSTRACE=Yes This enforces the build procedure to stay inside allowed directories, and prohibits writing in illegal places, thereby considerably reducing the risk of a damaged system. Note that the use of systrace(1) adds about 20% overhead in build time. It is possible to use a read-only ports tree by separating directories that are written to during port building: ● The working directory of ports. This is controlled by the WRKOBJDIR variable, which specifies the directory which will contain the working directories. ● The directory containing distribution files. This is controlled by the DISTDIR variable. ● The directory containing newly built binary packages. This is controlled by the PACKAGE_REPOSITORY variable. For example, you could add the following lines to /etc/mk.conf WRKOBJDIR=/usr/obj/ports DISTDIR=/usr/distfiles PACKAGE_REPOSITORY=/usr/packages If desired, you can also change the ownership of these directories to your local username and group, so that the ports system can create underlying working directories as a regular user. Download 1.27 Mb. Do'stlaringiz bilan baham: 
|