Re: update lang/parrot to 3.0.0; new: lang/rakudo

Fri, 04 Mar 2011 13:04:19 -0800 

On Fri, Mar 04, 2011 at 05:28:08PM +0100, Pascal Stumpf wrote:
> On Fri, Mar 04, 2011 at 04:40:39PM +0100, Matthias Kilian wrote:
> > On Fri, Mar 04, 2011 at 03:42:17PM +0100, Pascal Stumpf wrote:
> > > diff -urN -x CVS parrot.orig/Makefile parrot/Makefile
> > > --- parrot.orig/Makefile  Wed Nov 17 09:05:18 2010
> > > +++ parrot/Makefile       Fri Mar  4 15:26:07 2011
> > [...]
> > > +pre-build:
> > > + chown nobody ${WRKSRC}/docs
> > [...]
> > > diff -urN -x CVS parrot.orig/patches/patch-config_gen_makefiles_docs_in 
> > > parrot/patches/patch-config_gen_makefiles_docs_in
> > > --- parrot.orig/patches/patch-config_gen_makefiles_docs_in        Thu Jan 
> > >  1 01:00:00 1970
> > > +++ parrot/patches/patch-config_gen_makefiles_docs_in     Fri Mar  4 
> > > 15:26:15 2011
> > > @@ -0,0 +1,11 @@
> > > +$OpenBSD$
> > > +--- config/gen/makefiles/docs.in.orig    Fri Mar  4 15:25:03 2011
> > > ++++ config/gen/makefiles/docs.in Fri Mar  4 15:25:55 2011
> > > +@@ -43,6 +43,7 @@ $(POD): doc-prep
> > > + doc-prep:
> > > +         $(MKPATH) ops
> > > +         $(TOUCH) doc-prep
> > > ++        chown nobody ops
> > > + 
> > > + packfile-c.pod: ../src/packfile/api.c
> > > + #IF(new_perldoc):       $(PERLDOC_BIN) -ud packfile-c.pod 
> > > ../src/packfile/api.c
> > 
> > Those chown calls are wrong, for two reasons:
> > 
> > 1. It doesn't build when you're not root (using SUDO instead)>
> > 2. Nothing should belong the user nobody. (and I don't see the point in
> >    chowning the doc stuff, anyway, but I may missing something)
> It's required for building POD documentation with perldoc as root. (Ofc,
> it's still *installed* as belonging to root).
> 
> perldoc(1):
> 
> SECURITY
>        Because perldoc does not run properly tainted, and is known to
> have
>        security issues, when run as the superuser it will attempt to
> drop
>        privileges by setting the effective and real IDs to nobody's or
>        nouser's account, or -2 if unavailable.  If it cannot relinquish
> its
>        privileges, it will not run.
> 
> Using sudo would require to make assumptions about its configuration. I
> could try to check the UID however to make it build as non-root.

Regular ports build should be done as user w/ SUDO set, yes. Oh, and you
diff has some /usr/local hardcoded which should use LOCALBASE+SUBST_CMD.
Is the -lpthread patch still valid ?

Landry

Reply via email to