On Fri, Mar 04, 2011 at 04:40:39PM +0100, Matthias Kilian wrote:
> On Fri, Mar 04, 2011 at 03:42:17PM +0100, Pascal Stumpf wrote:
> > diff -urN -x CVS parrot.orig/Makefile parrot/Makefile
> > --- parrot.orig/Makefile Wed Nov 17 09:05:18 2010
> > +++ parrot/Makefile Fri Mar 4 15:26:07 2011
> [...]
> > +pre-build:
> > + chown nobody ${WRKSRC}/docs
> [...]
> > diff -urN -x CVS parrot.orig/patches/patch-config_gen_makefiles_docs_in
> > parrot/patches/patch-config_gen_makefiles_docs_in
> > --- parrot.orig/patches/patch-config_gen_makefiles_docs_in Thu Jan 1
> > 01:00:00 1970
> > +++ parrot/patches/patch-config_gen_makefiles_docs_in Fri Mar 4
> > 15:26:15 2011
> > @@ -0,0 +1,11 @@
> > +$OpenBSD$
> > +--- config/gen/makefiles/docs.in.orig Fri Mar 4 15:25:03 2011
> > ++++ config/gen/makefiles/docs.in Fri Mar 4 15:25:55 2011
> > +@@ -43,6 +43,7 @@ $(POD): doc-prep
> > + doc-prep:
> > + $(MKPATH) ops
> > + $(TOUCH) doc-prep
> > ++ chown nobody ops
> > +
> > + packfile-c.pod: ../src/packfile/api.c
> > + #IF(new_perldoc): $(PERLDOC_BIN) -ud packfile-c.pod ../src/packfile/api.c
>
> Those chown calls are wrong, for two reasons:
>
> 1. It doesn't build when you're not root (using SUDO instead)>
> 2. Nothing should belong the user nobody. (and I don't see the point in
> chowning the doc stuff, anyway, but I may missing something)
It's required for building POD documentation with perldoc as root. (Ofc,
it's still *installed* as belonging to root).
perldoc(1):
SECURITY
Because perldoc does not run properly tainted, and is known to
have
security issues, when run as the superuser it will attempt to
drop
privileges by setting the effective and real IDs to nobody's or
nouser's account, or -2 if unavailable. If it cannot relinquish
its
privileges, it will not run.
Using sudo would require to make assumptions about its configuration. I
could try to check the UID however to make it build as non-root.
>
> Ciao,
> Kili
>
> ps: I'm trying to build it on arm and mips64el now.
>
>
