Subversion Repositories svn LFS-FR


Rev 1130 | Blame | Compare with Previous | Last modification | View Log | RSS feed

# Le correctif issetugid() de Glibc n'est plus utilisé. issetugid() pouvait 
# être préchargé à partir d'une bibliothèque définie par l'utilisateur, comme 
# getuid() ou getgid(), donc issetugid() n'a aucun avantage. Dans BSD et solaris,
# issetugid() est un is syscall du noyau et est plus sûre. Avec Linux, nous
# devrions utiliser __libc_enable_secure(), qui est équivalent,
# mais qui exige des paquets pour être corrigée. On devrait rechercher la 
# fonction issetugid() de tous les paquets, laquelle devrait être remplacée par
# __libc_enable_secure().

# Object directories are used whenever possible, to support building from
# read-only sources. One day this may be usefull, such as building from source
# which were unpacked on to a cdrom, or read-only partition.

# In tools we don't let packages install to /tools/libexec/, for consistancy.

# Avoid installing docs to /tools, since we're not going to use them.

# It would be nice to optionally strip packages as they're installed.

# Bison, Flex, and M4, are needed when using snapshots of GCC (or Binutils).

# Everything in /tools is hardened so that we reboot into a hardened system.

# The --fatal-warnings linker option is used primarily for locating
# DT_TEXTREL, with --warn-shared-textrel, but also causes compiler errors
# when mktemp(3) or tmpnam(3) are used... so we have zero tolerance for these.

# Whatever bug fix patches are normally used in Chap6, we use them in /tools,
# because we're going to reboot /tools.

# When package maintainers offer a GnuPG signature, or md5/sha, file, then
# use that instead of making our own md5sum.

# Don't install anything to /tools/sbin, since only the administrator uses
# /tools there is no need to have another directory for admin applications.