Enable builds with a dedicated user that cannot elevate privileges or write

to /usr/src or /usr/xenocara. Change /usr/{,x}obj to owner build:wobj with mode 770 and install the systemwide makefiles before starting a build. The root of the noperm fs containing DESTDIR should also be owned by build:wobj. Developers will need to add their users to group wobj to be able to write to /usr/{,x}obj/. "push forward" deraadt; testing, input & ok rpe
2016-11-19 14:20:58 +00:00 · 2016-11-19 14:20:58 +00:00 · 46df90c2f4
parent 0828178eb0
commit 46df90c2f4
4 changed files with 30 additions and 16 deletions
--- a/5
+++ b/5
@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.130 2016/10/18 02:47:07 tb Exp $
+#	$OpenBSD: Makefile,v 1.131 2016/11/19 14:20:58 tb Exp $

 #
 # For more information on building in tricky environments, please see
@ -71,6 +71,9 @@ build:
 	@false
 .else
 build:
+	umask ${WOBJUMASK}; exec ${MAKE} do-build
+
+do-build:
 .ifdef GLOBAL_AUTOCONF_CACHE
 	cp /dev/null ${GLOBAL_AUTOCONF_CACHE}
 .endif
--- a/etc/Makefile
+++ b/etc/Makefile
@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.444 2016/11/05 09:14:37 rpe Exp $
+#	$OpenBSD: Makefile,v 1.445 2016/11/19 14:20:58 tb Exp $

 TZDIR=		/usr/share/zoneinfo
 LOCALTIME=	Canada/Mountain
@ -238,6 +238,9 @@ release:
 .else

 release:
+	umask ${WOBJUMASK}; exec ${MAKE} do-release
+
+do-release:
 	@if [[ `id -u` -ne 0 ]]; then \
 		echo $@ must be called by root >&2; \
 		false; \
@ -273,7 +276,7 @@ sha:
 .endif	# DESTDIR check

 distrib:
-	cd ../distrib && \
+	umask 022; cd ../distrib && \
 	    ${MAKE} && exec ${MAKE} install

 .PHONY: distribution-etc-root-var distribution distrib-dirs \
--- a/share/mk/bsd.obj.mk
+++ b/share/mk/bsd.obj.mk
@ -1,4 +1,4 @@
-#	$OpenBSD: bsd.obj.mk,v 1.15 2016/10/06 15:34:18 natano Exp $
+#	$OpenBSD: bsd.obj.mk,v 1.16 2016/11/19 14:20:58 tb Exp $
 #	$NetBSD: bsd.obj.mk,v 1.9 1996/04/10 21:08:05 thorpej Exp $

 .if !target(obj)
@ -16,18 +16,23 @@ _SUBDIRUSE:

 obj! _SUBDIRUSE
 	@cd ${.CURDIR}; \
-	if [[ `id -u` -eq 0 && ${BUILDUSER} != root ]]; then \
-		SETOWNER="chown -h ${BUILDUSER}"; \
-		_mkdirs() { \
-			su ${BUILDUSER} -c "mkdir -p $$1"; \
-		}; \
-		MKDIRS=_mkdirs; \
-	else \
-		MKDIRS="mkdir -p"; \
-		SETOWNER=:; \
-	fi; \
+	umask ${WOBJUMASK}; \
 	here=`/bin/pwd`; bsdsrcdir=`cd ${BSDSRCDIR}; /bin/pwd`; \
 	subdir=$${here#$${bsdsrcdir}/}; \
+	if [[ `id -u` -eq 0 && ${BUILDUSER} != root ]]; then \
+		SETOWNER="chown -h ${BUILDUSER}:${WOBJGROUP}"; \
+		if [[ $$here != $$subdir ]]; then \
+			_mkdirs() { \
+				su ${BUILDUSER} -c "mkdir -p $$1"; \
+			}; \
+			MKDIRS=_mkdirs; \
+		fi; \
+	elif [[ $$here == $$subdir ]]; then \
+		SETOWNER="chown :${WOBJGROUP}"; \
+	else \
+		SETOWNER=:; \
+	fi; \
+	[[ -z $$MKDIRS ]] && MKDIRS="mkdir -p"; \
 	if test $$here != $$subdir ; then \
 		dest=${BSDOBJDIR}/$$subdir ; \
 		echo "$$here/${__objdir} -> $$dest"; \
@ -53,6 +58,7 @@ obj! _SUBDIRUSE
 		if test ! -d ${__objdir} ; then \
 			echo "making $$dest" ; \
 			$$MKDIRS $$dest; \
+			$$SETOWNER $$dest; \
 		fi ; \
 	fi;
 .  endif
--- a/share/mk/bsd.own.mk
+++ b/share/mk/bsd.own.mk
@ -1,4 +1,4 @@
-#	$OpenBSD: bsd.own.mk,v 1.180 2016/10/05 18:00:41 natano Exp $
+#	$OpenBSD: bsd.own.mk,v 1.181 2016/11/19 14:20:58 tb Exp $
 #	$NetBSD: bsd.own.mk,v 1.24 1996/04/13 02:08:09 thorpej Exp $

 # Host-specific overrides
@ -128,7 +128,9 @@ DEFAULT_PIE_DEF=-DPIE_DEFAULT=1
 NOPROFILE=
 .endif

-BUILDUSER?= ${USER}
+BUILDUSER?= build
+WOBJGROUP?= wobj
+WOBJUMASK?= 007

 BSD_OWN_MK=Done