Re: Should debhelper's dh_md5sums and dh_makeshlibs use chown?
On Tue, 24 Feb 1998, Joey Hess wrote:
> Jean Pierre LeJacq wrote:
> > It comes down to an interpertation of what is the difference between
> > "build" and "binary" targets. The predominant interpertation is the
> > build is compile the source and binary to construct debian/tmp. My
> > interpertation is that build compiles the source AND constructs as
> > much of debian/tmp as possible without root privileges. binary then
> > completes the debian/tmp construction by executing commands that only
> > root can do (i.e. chown).
>
> Hmm, let's take a look at the debian packaging manual, section 3.2.1:
>
> ... excellent discription of debian manuals ...
>
> I do understand where you're coming from - before fakeroot, my debian/rules
> files had a binary-root section, that contained all the things needed to be
> run by root. It su'd to root if you wern't already root; this allowed me to
> build the package as a normal user, and only become root for as few commands
> as possible.
>
> With fakeroot, though, I was able to ditch all that, and the result is
> really much cleaner, and safer.
I believe super works as well but I don't believe that either super or
fakeroot are safer. I'm concerned that too much may be done in the
binary target causing a poorly constructed package to possibly damage
the builders system (I've done this to myself). It seems that a
reasonable policy should restrict super user access to only where its
required.
--
Jean Pierre
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: