Obtaining 2.6.8-1.541 source code

Gregory G Carter gcarter at aesgi.com
Tue Sep 14 20:47:01 UTC 2004 

I am not sure I agree with that notion of non root security locality 
when dealing with OS source code.

For one thing, it makes no sense to have any OS code running outside of 
a primary security or root zone.  With the possible exception of 
virtualizing the kernel source/binaries under a execution context.  
(i.e. vmware, UML...etc).

I would be OK with that as long as user space edits of the kernel where 
only distributed as binaries in root space.

But, having as you suggest a user space kernel tree from which to 
maintain system intergrity, binary or otherwise in building a system I 
think is fool hardy.

You should have a source tree that is in root space that is seperate 
from user space.

The root space is a reference point for compiling system software, in a 
predictable security context.  (i.e. root.)

Developers or users should not be permitted into that space, only sysadmins.

I think this is for obvious reasons so I won't spell them out unless 
asked too.

:-)

-gc

Matthew Miller wrote:

>On Mon, Sep 13, 2004 at 10:42:29PM -0700, Nick Coghlan wrote:
>  
>
>>The 541 src RPM from fedora.redhat.com drops a vanilla tarball, and a 
>>collection of patch & config files into /usr/src/redhat/SOURCES, but 
>>doesn't seem to give any guidance on combining those into a given kernel 
>>version. I would assume it is important to at least apply the patches in 
>>the correct order (which may or may not be alphabetical order).
>>Am I missing something obvious here?
>>    
>>
>
>I dunno if it's obvious if you're not expecting it, but: source RPMs don't
>work like binary RPMs. They contain the files from which binary RPMs are
>generated, and when you "install" one, instead of putting files into the
>system's RPM database, it just dumps them into your RPM build area. And
>since you haven't configured it otherwise, it uses the systemwide default.
>
>The default, it turns out is bad (and basically there due to a long
>legacy). What you want to do is set up a buildtree in your own home
>directory -- there's excellent instructions here:
><http://www.rpm.org/hintskinks/buildtree/>. Then, install the source RPM
>*not as root*, and edit the spec file to include your local patches, and
>rebuild. Voila, a new binary RPM kernel package which you can install.
>
>
>  
>

More information about the fedora-test-list mailing list