Re: bin/72138: libc.so.5 isn't installed in a safe way

From: Matthias Andree <ma_at_dt.e-technik.uni-dortmund.de>
Date: Tue, 28 Sep 2004 10:38:23 +0200
Ruslan Ermilov <ru_at_FreeBSD.org> writes:

> On Tue, Sep 28, 2004 at 12:33:51PM +0800, Xin LI wrote:
>> (-CURRENT is cc'ed for a boarder review)
>> 
>> I fell like this idea, and here is the patch for review:
>> 
>> Index: Makefile
>> ===================================================================
>> RCS file: /r/ncvs/src/lib/libc/Makefile,v
>> retrieving revision 1.52
>> diff -u -r1.52 Makefile
>> --- Makefile	14 May 2004 12:04:29 -0000	1.52
>> +++ Makefile	28 Sep 2004 04:30:26 -0000
>> _at__at_ -16,6 +16,7 _at__at_
>>  CFLAGS+=-I${.CURDIR}/include -I${.CURDIR}/../../include
>>  CFLAGS+=-I${.CURDIR}/${MACHINE_ARCH}
>>  CLEANFILES+=tags
>> +SHLINSTALLFLAGS+=	-S
>>  INSTALL_PIC_ARCHIVE=	yes
>>  PRECIOUSLIB=	yes
>>  
> I like the idea so much, that I suggest this instead:
>
> %%%
> Index: bsd.lib.mk
> ===================================================================
> RCS file: /home/ncvs/src/share/mk/bsd.lib.mk,v
> retrieving revision 1.160
> diff -u -r1.160 bsd.lib.mk
> --- bsd.lib.mk	7 May 2004 09:58:36 -0000	1.160
> +++ bsd.lib.mk	28 Sep 2004 07:13:18 -0000
> _at__at_ -187,9 +187,12 _at__at_
>  
>  .if !target(install)
>  
> -.if defined(PRECIOUSLIB) && !defined(NOFSCHG)
> +.if defined(PRECIOUSLIB)
> +.if !defined(NOFSCHG)
>  SHLINSTALLFLAGS+= -fschg
>  .endif
> +SHLINSTALLFLAGS+= -S
> +.endif
>  
>  _INSTALLFLAGS:=	${INSTALLFLAGS}
>  .for ie in ${INSTALLFLAGS_EDIT}
> %%%

I must say that although Xin's patch will certainly work well to address
my original PR, I like Ruslan's idea better, because it appears to work
for all precious libraries, not just libc. But there is more "precious"
stuff, /bin, /sbin, /boot (including kernel), /rescue (I was glad I had
the latter, otherwise my system would have been dead.)

Using -S for the whole system might be a bit slow without softupdates
(or async, which I do not favor) but would not be a bad idea from a
robustness point of view which I personally prefer.

-- 
Matthias Andree

Encrypted mail welcome: my GnuPG key ID is 0x052E7D95 (PGP/MIME preferred)
Received on Tue Sep 28 2004 - 06:38:27 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:14 UTC