Date: Tue, 28 Sep 2004 10:38:23 +0200 From: Matthias Andree <ma@dt.e-technik.uni-dortmund.de> To: Ruslan Ermilov <ru@FreeBSD.org> Cc: Matthias Andree <matthias.andree@web.de> Subject: Re: bin/72138: libc.so.5 isn't installed in a safe way Message-ID: <m31xgmzt34.fsf@merlin.emma.line.org> In-Reply-To: <20040928071758.GB14942@ip.net.ua> (Ruslan Ermilov's message of "Tue, 28 Sep 2004 10:17:58 %2B0300") References: <20040927224353.845381B217@merlin.emma.line.org> <20040928043351.GA2400@frontfree.net> <20040928071758.GB14942@ip.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Ruslan Ermilov <ru@FreeBSD.org> writes:
> On Tue, Sep 28, 2004 at 12:33:51PM +0800, Xin LI wrote:
>> (-CURRENT is cc'ed for a boarder review)
>>
>> I fell like this idea, and here is the patch for review:
>>
>> Index: Makefile
>> ===================================================================
>> RCS file: /r/ncvs/src/lib/libc/Makefile,v
>> retrieving revision 1.52
>> diff -u -r1.52 Makefile
>> --- Makefile 14 May 2004 12:04:29 -0000 1.52
>> +++ Makefile 28 Sep 2004 04:30:26 -0000
>> @@ -16,6 +16,7 @@
>> CFLAGS+=-I${.CURDIR}/include -I${.CURDIR}/../../include
>> CFLAGS+=-I${.CURDIR}/${MACHINE_ARCH}
>> CLEANFILES+=tags
>> +SHLINSTALLFLAGS+= -S
>> INSTALL_PIC_ARCHIVE= yes
>> PRECIOUSLIB= yes
>>
> I like the idea so much, that I suggest this instead:
>
> %%%
> Index: bsd.lib.mk
> ===================================================================
> RCS file: /home/ncvs/src/share/mk/bsd.lib.mk,v
> retrieving revision 1.160
> diff -u -r1.160 bsd.lib.mk
> --- bsd.lib.mk 7 May 2004 09:58:36 -0000 1.160
> +++ bsd.lib.mk 28 Sep 2004 07:13:18 -0000
> @@ -187,9 +187,12 @@
>
> .if !target(install)
>
> -.if defined(PRECIOUSLIB) && !defined(NOFSCHG)
> +.if defined(PRECIOUSLIB)
> +.if !defined(NOFSCHG)
> SHLINSTALLFLAGS+= -fschg
> .endif
> +SHLINSTALLFLAGS+= -S
> +.endif
>
> _INSTALLFLAGS:= ${INSTALLFLAGS}
> .for ie in ${INSTALLFLAGS_EDIT}
> %%%
I must say that although Xin's patch will certainly work well to address
my original PR, I like Ruslan's idea better, because it appears to work
for all precious libraries, not just libc. But there is more "precious"
stuff, /bin, /sbin, /boot (including kernel), /rescue (I was glad I had
the latter, otherwise my system would have been dead.)
Using -S for the whole system might be a bit slow without softupdates
(or async, which I do not favor) but would not be a bad idea from a
robustness point of view which I personally prefer.
--
Matthias Andree
Encrypted mail welcome: my GnuPG key ID is 0x052E7D95 (PGP/MIME preferred)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m31xgmzt34.fsf>