svn commit: r40811 - head/en_US.ISO8859-1/articles/portbuild

[Mark Linimon]

Author: linimon
Date: Wed Jan 30 08:11:09 2013
New Revision: 40811
URL: http://svnweb.freebsd.org/changeset/doc/40811

Log:
  Deorbit the use of security/sudo on the master due to new security
  requirements.  The text still needs some back-fill; this is WIP.

Modified:
  head/en_US.ISO8859-1/articles/portbuild/article.xml

Modified: head/en_US.ISO8859-1/articles/portbuild/article.xml
==============================================================================
--- head/en_US.ISO8859-1/articles/portbuild/article.xml	Wed Jan 30 07:54:08 2013	(r40810)
+++ head/en_US.ISO8859-1/articles/portbuild/article.xml	Wed Jan 30 08:11:09 2013	(r40811)
@@ -1836,7 +1836,6 @@ touch /tmp/.boot_finished</programlistin
 		<filename>usr/local/etc/sudoers/sudoers.d/portbuild</filename>:</para>
 
 	      <programlisting># local changes for package building
-%wheel        ALL=(ALL) ALL
 portbuild     ALL=(ALL) NOPASSWD: ALL</programlisting>
 	    </listitem>
 	  </itemizedlist>
@@ -2272,13 +2271,13 @@ zfs destroy -r a/snap/src-<replaceable>o
       <title>Steps necessary before <application>qmanager</application> is started</title>
 
       <note>
-	<para>The initial steps need to be done using
-	  <application>sudo</application>.</para>
+	<para>The initial steps need to be done as
+	  <literal>root</literal>.</para>
       </note>
 
       <itemizedlist>
 	<listitem>
-	  <para>Create a new
+	  <para>If it has not already been done, create the
 	    <literal>portbuild</literal>
 	    user and group.</para>
 	</listitem>
@@ -2397,7 +2396,7 @@ zfs destroy -r a/snap/src-<replaceable>o
       </itemizedlist>
 
       <note>
-	<para>Once again using <application>sudo</application>:</para>
+	<para>Once again as <literal>root</literal>:</para>
       </note>
 
       <itemizedlist>
@@ -2413,14 +2412,10 @@ zfs destroy -r a/snap/src-<replaceable>o
 	</listitem>
       </itemizedlist>
 
-      <note>
-	<para>One last time using <application>sudo</application>:</para>
-      </note>
-
       <itemizedlist>
 	<listitem>
 	  <para>Add an appropriate <replaceable>arch</replaceable> entry for
-	    <filename>/var/portbuild/scripts/dologs</filename> to the root
+	    <filename>/var/portbuild/scripts/dologs</filename> to the portbuild
 	    <filename>crontab</filename>.  (This is a hack and should go away.)</para>
 	</listitem>
       </itemizedlist>
@@ -2430,7 +2425,7 @@ zfs destroy -r a/snap/src-<replaceable>o
       <title>Steps necessary after <application>qmanager</application> is started</title>
 
       <note>
-	<para>Again using <application>sudo</application>:</para>
+	<para>Again as <literal>root</literal>:</para>
       </note>
 
       <itemizedlist>
@@ -2598,11 +2593,17 @@ net/isc-dhcp41-server
 ports-mgmt/pkg
 ports-mgmt/portaudit
 ports-mgmt/portmaster
-security/sudo
 shells/bash
 shells/zsh
 sysutils/screen</programlisting>
 
+	  <note>
+	    <para>The use of <application>sudo</application> on the master,
+	      which was formerly required, is
+	      <emphasis>no longer recommended</emphasis>.
+	    </para>
+	  </note>
+
 	  <para>The following ports (or their latest successors) are handy:</para>
 
 	  <programlisting>benchmarks/bonnie++