Pull up following revision(s) (requested by riastradh in ticket #1604):

etc/ssh/Makefile: revision 1.4 usr.bin/mail/Makefile: revision 1.41 external/ibm-public/postfix/etc/Makefile: revision 1.2 etc/bluetooth/Makefile: revision 1.6 crypto/external/bsd/openssh/bin/Makefile: revision 1.5 etc/root/Makefile: revision 1.5 etc/iscsi/Makefile: revision 1.4 /root: Install .cshrc and .profile links with the same mode. Previously we would: 1. Install /root/.cshrc and /root/.profile with mode FILESMODE=644 as requested in src/etc/root/Makefile and as echoed in /etc/mtree/special. 2. Create hard links at /.cshrc and /.profile through CONFIGLINKS. 3. Because LINKSMODE was unset and defaults to NOBINMODE=444, change the mode to 444. This scenario is confusing, and mtree objects to it, which is bad for warning fatigue in a security-relevant mechanism. (There are also several other files mtree objects to out of the box -- we should fix those too.) With this change we install the links with the same mode as the original files, in agreement with the mtree. The files, .cshrc and .profile, are intended to be editable configuration files, so 644 makes sense while 444 makes no sense and gets in the way of editors like vi. Discussed on tech-userlevel: https://mail-index.netbsd.org/tech-userlevel/2022/08/29/msg013498.html etc: Fix permissions of various editable configuration files. This way they match the mtree and make sense and don't cause editors to ask to override read-only files when editing them. Exception: Not sure /etc/bluetooth/protocols makes as much sense to edit, but the mtree says 644, so if you want to change it, make sure to change it in both places -- Makefile and mtree. /etc/ssh: Install ssh_known_hosts with mode 644. Makes it agree with the mtree and more convenient for admin to edit.
2023-02-22 19:30:50 +00:00 · 2023-02-22 19:30:50 +00:00 · 65696e46ef
parent de765e5dd2
commit 65696e46ef
7 changed files with 17 additions and 7 deletions
--- a/crypto/external/bsd/openssh/bin/Makefile
+++ b/crypto/external/bsd/openssh/bin/Makefile
@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.4 2019/06/01 13:21:27 jmcneill Exp $
+#	$NetBSD: Makefile,v 1.4.2.1 2023/02/22 19:30:50 martin Exp $

 .include <bsd.own.mk>

@ -11,7 +11,9 @@ SUBDIR=	ssh sshd ssh-add ssh-copy-id ssh-keygen ssh-agent scp \
 .MADE: moduli
 CONFIGFILES=	ssh_config sshd_config moduli
 FILESDIR=	/etc/ssh
+FILESMODE=	644
 FILESDIR_moduli=/etc
+FILESMODE_moduli=444

 .include <bsd.files.mk>
 .include <bsd.subdir.mk>
--- a/etc/bluetooth/Makefile
+++ b/etc/bluetooth/Makefile
@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.5 2008/04/15 11:17:47 plunky Exp $
+# $NetBSD: Makefile,v 1.5.68.1 2023/02/22 19:30:50 martin Exp $

 CONFIGFILES=	btattach.conf btdevctl.conf hosts protocols
 FILESDIR=	/etc/bluetooth
+FILESMODE=	644

 .include <bsd.prog.mk>
--- a/etc/iscsi/Makefile
+++ b/etc/iscsi/Makefile
@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.3 2006/06/24 05:14:01 mrg Exp $
+#	$NetBSD: Makefile,v 1.3.90.1 2023/02/22 19:30:51 martin Exp $

 .include <bsd.own.mk>

@ -7,6 +7,7 @@
 CONFIGFILES=    	auths targets
 FILESDIR=       	/etc/iscsi
 FILESMODE_auths=	0600
+FILESMODE_targets=	0644

 .endif

--- a/etc/root/Makefile
+++ b/etc/root/Makefile
@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.4 2012/11/17 23:08:38 uwe Exp $
+#	$NetBSD: Makefile,v 1.4.34.1 2023/02/22 19:30:50 martin Exp $

 CONFIGFILES=		dot.cshrc dot.klogin dot.login dot.profile dot.shrc

@ -12,5 +12,7 @@ FILESNAME_${F}=		${F:S/dot//}
 CONFIGLINKS=		/root/.cshrc	/.cshrc \
 			/root/.profile	/.profile

+LINKSMODE=		${FILESMODE}
+
 .include <bsd.files.mk>
 .include <bsd.links.mk>
--- a/etc/ssh/Makefile
+++ b/etc/ssh/Makefile
@ -1,8 +1,9 @@
-#	$NetBSD: Makefile,v 1.3 2017/05/21 15:28:38 riastradh Exp $
+#	$NetBSD: Makefile,v 1.3.12.1 2023/02/22 19:30:50 martin Exp $

 .include <bsd.own.mk>

 CONFIGFILES=	ssh_known_hosts
 FILESDIR=	/etc/ssh
+FILESMODE=	644

 .include <bsd.prog.mk>
--- a/external/ibm-public/postfix/etc/Makefile
+++ b/external/ibm-public/postfix/etc/Makefile
@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.1 2009/06/25 18:21:51 tron Exp $
+#	$NetBSD: Makefile,v 1.1.52.1 2023/02/22 19:30:50 martin Exp $

 .include <bsd.own.mk>

@ -14,5 +14,7 @@ FILESDIR=	${PFIX_ETCDIR}
 # needed by default.
 #
 CONFIGFILES=	main.cf master.cf README
+FILESMODE=	644
+FILESMODE_README=444

 .include <bsd.prog.mk>
--- a/usr.bin/mail/Makefile
+++ b/usr.bin/mail/Makefile
@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.38 2018/06/10 17:55:11 christos Exp $
+#	$NetBSD: Makefile,v 1.38.4.1 2023/02/22 19:30:50 martin Exp $
 #	@(#)Makefile	8.3 (Berkeley) 4/20/95

 .include <bsd.own.mk>
@ -75,6 +75,7 @@ SUBDIR.roff+= USD.doc

 CONFIGFILES=		mail.rc
 FILESDIR_mail.rc=	/etc
+FILESMODE_mail.rc=	644

 COPTS.format.c += -Wno-format-nonliteral