Most of the FEATURES listed in make.conf.example sound good. Which ones do you guys actually use?
- Grant -- [email protected] mailing list
FEATURES="autoaddcvs autoconfig ccache cvs distlocks maketest noclean sandbox sfperms strict test"
mostly defaults, some not usefull for everyday usage "maketest" is my preferred one
I've got a few questions on these...
What is sfperms?
http://gentoo-wiki.com/MAN_make.conf_5
[quote "man make.conf"]
sfperms
Stands for Smart Filesystem Permissions. Before merging packages to the live filesystem, automatically search for and set permissions on setuid and setgid files. Files that are setuid have the group and other read bits removed while files that are setgid have the other read bit removed. See also suidctl below.
[/quote "man make.conf"]
This is how it translates into code:
[code]
# Smart FileSystem Permissions
if hasq sfperms $FEATURES; then
for i in $(find ${IMAGE}/ -type f -perm -4000); do
ebegin ">>> SetUID: [chmod go-r] $i "
chmod go-r "$i"
eend $?
done
for i in $(find ${IMAGE}/ -type f -perm -2000); do
ebegin ">>> SetGID: [chmod o-r] $i "
chmod o-r "$i"
eend $?
done
fi
[/code]Is userpriv a good idea?
Probably, compile as user and not as root is good. Portage use a sandbox, where accesses to filesystem are monitored and catched, this is _not_ a security measure, it's more a protection against nasty Makefiles.
However I don't use "userpriv" so I don't know any drawbacks.
Are collision-protect and sandbox defaults? They seem good. Can anyone tell me more about how fixpackages works?
no and yes, have a look at "/etc/make.globals"
- Grant
-- No problem is so formidable that you can't walk away from it. ~ Charles M. Schulz But sometimes run fast is better ~ Francesco R. -- [email protected] mailing list
