On Wed, Jul 04, 2012 at 02:20:36PM -0400, Rick "Zero_Chaos" Farina wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 07/04/2012 01:58 PM, Michał Górny wrote: > > On Wed, 4 Jul 2012 19:46:47 +0200 > > Tobias Klausmann <klaus...@gentoo.org> wrote: > > > >> Recently, I have again bumped into the question whether one > >> should compile the kernel as root. One of the things that puzzles > >> me is why almost every HowTo, blog post and book recommends > >> building as non-root -- yet basically no distribution /helps/ the > >> user with doing that. > >> > >> I've discussed this with a few people on #gentoo-dev and they've > >> provided valuable insight (thanks AxS, Chainsaw and WilliamH), so > >> I have gathered the results so far here: > >> > >> http://blog.i-no.de/archives/2012/07/index.html#e2012-07-04T19_28_32.txt > >> > >> Feel free to comment (ideally here). Note that I'm aiming for a > >> solution that is not (overly) Gentoo-specific. > > > > There's a very simple yet custom solution I'm using. Shortly saying: > > checkout the kernel git to /usr/src/linux and chown to your user. As > > far as it goes, it's superior to having kernel sources installed by > > ebuilds. > > > > I just have to remember to do 'git fetch' from time to time and 'git > > merge' whenever a new version is tagged. > > > > Honestly I'm not certain if there is an easy way to do this.... > > Obvious easy way, make the ebuilds install the kernel sources and chown > root.users then chmod g+w. Of course, after this any user could trojan > the kernel...
There is no need to chown or chmod anything. /usr/src/linux* is always world readable. > We could allow writes in the directories but not to the kernel source > files themselves... that seems moderately sane even as the source files > don't need to be written to be compiled, only the dir's need write > permissions... Actually the directories do not need write permissions either. Take a look at the O= option documented in /usr/src/linux/README. William
pgpd90SjW3nS8.pgp
Description: PGP signature
