On Mon, 24 Jan 2000, Brian J. Murrell wrote:
> from the quill of "Thomas M. Beaudry" <[EMAIL PROTECTED]> on scroll
> <000701bf66da$7f83a1e0$4ba080d8@mosehern>
> > You really should see a doctor about prescribing something to calm
> > your
> > tendencies towards hysteria...
>
> What hysteria?
>
> > Never said install and build are the same thing.
>
> But you equated that being able to install requiring root means that
> build should be done as root. To that I disagree. I did not see an
> answer to my question as to why the iBCS nodes needed to be created at
> build time rather than package time, so I am still of the opinion that
> root should not be needed to build a kernel package if the spec file is
> right. Please somebody correct me if I am wrong.
Seems a matter of choice to make them %post or before the rpmbuild's, I
can't come up with a reason todo it either way, so everybody feel free to
take a swing at it :)
> > But does not matter
> > whether the build environment is restricted or not, as long as it's
> > set up
> > properly for the build.
>
> But it does, because sooner or later you are going get a "make install"
> for some package you are trying to build a spec file doing something
> completely unpredicted and hose something. If you don't build as root
> the chances that it's going to do something that is system damaging is
> very little (to none).
or worse(for me atleast), install that one d*mn file not useing the $DEST
somewhere outside of the buildroot and render and rpm that runs great here
bnut no one else seems to be able to run. I really hate that. building as
non root always catchs this, yay unix permissions :)
> > If the build is good,
>
> But that is my point. While building packages the build might not be
> good. Why give it the permissions it needs to do damage if you don't
> have to.
>
> Remember, on any UNIX system "be root only for as long as you really
> need to" and you will prevent at least one nasty accident in your stint
> as System Administrator.
>
> > the install will be good.
>
> The install can be inspected much easier than the build, so doing it as
> root is easier to audit and prevent nasties.
um uh, didn;t you just contradict your self? or i misread...
> > If
> > you mess up the build in a "contained" environment, the install can
> > still
> > royally hose your system.
>
> It can, but
>
> $ rpm -ql
> $ rpm -q --scripts
>
> is a lot easier to audit than trying to figure out what a mess of
> Makefiles is going to do when you do a:
>
> # make install
Gotta understand it to patch it out seems doubled work to me..
> > You seem to be a bit of a paradox.
>
> Thanks!
Ah i'm not the only one :)
> > Very knowledgeable in lots of things but
> > then you go and say some very weird stuff.
>
> What's weird about what I said? There is 10 years of SysAdmin
> experience behind "be root only when you really need to be root".
>
> > Some people (such as myself) do
> > all builds as root with no problems hosing the system.
Kind of helps that we screen it all for you first ;)
> It will come. :-)
but he's right It will come, the original message is a prime warning
> > It's other people's
> > builds that...
>
> Bing! Yesserrie! In the case of a kernel build, I have to trust
> Mandrake, Linus, the ALSA guys, the list goes on. Auditing the results
> of all of those "make install"s would be horrendous. I would just
> rather prevent them from damaging my system with permissions.
>
> b.
>
>
> --
> Brian J. Murrell InterLinx Support Services, Inc.
> North Vancouver, B.C. 604 983 UNIX
> Platform and Brand Independent UNIX Support - R3.2 - R4 - BSD
>
--
MandrakeSoft http://www.mandrakesoft.com/
--Axalon
