On Sun, Aug 16, 2009 at 6:46 PM, Nick
Hollandn...@holland-consulting.net wrote:
Okai Mood wrote:
OpenBSD Misc,
I have installed OpenBSD 4.5 and applied the patches that have been
issued, as per FAQ 10.15 - Applying patches in OpenBSD. My only
question is, is there anything I need to do to clean up /usr/src after
the patching and compiling is over?
nope. Any needed cleanup will be taken care of at the start of the
next build cycle.
(possible exception: the patch files themselves, but I really don't
think they will be big enough to cause you any problems, and leaving
them in place might help remind you what patches have been applied
and which haven't.)
Also, is it recommended to keep
/usr/src on a separate partition?
Certainly not a bad thing.
If you look at the default install on a big disk for 4.6, you see
the following partitions and how they are mounted:
/dev/wd0a on / type ffs (rw, local)
/dev/wd0k on /home type ffs (rw, local, nodev, nosuid)
/dev/wd0d on /tmp type ffs (rw, local, nodev, nosuid)
/dev/wd0f on /usr type ffs (rw, local, nodev)
/dev/wd0g on /usr/X11R6 type ffs (rw, local, nodev)
/dev/wd0h on /usr/local type ffs (rw, local, nodev)
/dev/wd0j on /usr/obj type ffs (rw, local, nodev, nosuid)
/dev/wd0i on /usr/src type ffs (rw, local, nodev, nosuid)
/dev/wd0e on /var type ffs (rw, local, nodev, nosuid)
In addition to some logistical benefit, there is a security benefit
here. Only root has write access to anything in most of /usr, with the
exceptions of /usr/src, /usr/obj. Those two directories can, by
default, be written by anyone in the wsrc group. Note that those two
directories are nosuid, which reduces some of the mischief someone
in the wsrc group could get into. This keeps with the general theme
of, directories where users can write should be nosuid, nodev, areas
that have to be mounted to permit devices and setuid apps need to be
not writable by non-root users.
Good points. This brings up a question I have meant to ask. Since we
are giving sources their own mount point, wouldn't it makes sense to
have a different name for this mount point (other than /usrc/src) so
that both /usr/ports and /usr/xenocara can also reside there? As is,
with the layout the installer suggests/offers, you are left with
/usr/{ports,xenocara} in the /usr.
What I've done on my -current system, I have a /usr/osrc mount point
and soft-links for /usr/{ports,src,xenocara} into that mount point.
Same with object directories:
$ ls -l /usr/{obj,ports,src,xenocara,xobj}
lrwxr-xr-x 1 root wheel 9 Jul 4 13:05 /usr/obj - oobj/obj/
lrwxr-xr-x 1 root wheel 11 Jul 4 13:05 /usr/ports - osrc/ports/
lrwxr-xr-x 1 root wheel 9 Jul 4 13:04 /usr/src - osrc/src/
lrwxr-xr-x 1 root wheel 14 Jul 4 13:05 /usr/xenocara - osrc/xenocara/
lrwxr-xr-x 1 root wheel 10 Jul 4 13:05 /usr/xobj - oobj/xobj/
The only draw back with this scheme seems to be a daily security
warning about /usr/src being a link and having a different gid.
I suppose, one could have different mount points for each of the five
directories mentioned above, but that could be a bit overkill if the
soft-links accomplish the same goal(s).
--patrick
