From 99f46803b96b2e126efdc3c7e033e8bb3a474b6d Mon Sep 17 00:00:00 2001
From: natano <>
Date: Sun, 9 Oct 2016 14:23:10 +0000
Subject: [PATCH] Check that DESTDIR is on a noperm filesystem that's properly
 locked down and enforce reasonable permissions for RELEASEDIR.

prodded by and ok deraadt
ok tb
---
 src/etc/Makefile | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/etc/Makefile b/src/etc/Makefile
index 0a57bc7a..1fd72912 100644
--- a/src/etc/Makefile
+++ b/src/etc/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.440 2016/10/06 20:20:41 reyk Exp $
+#	$OpenBSD: Makefile,v 1.441 2016/10/09 14:23:10 natano Exp $
 
 TZDIR=		/usr/share/zoneinfo
 LOCALTIME=	Canada/Mountain
@@ -252,6 +252,19 @@ release:
 		echo $@ must be called by root >&2; \
 		false; \
 	fi
+	@destmp=`df -P ${DESTDIR} | awk 'END { print $$6 }'`; \
+	if ! mount | grep -q " $${destmp} .*noperm"; then \
+		echo ${DESTDIR} must be on a noperm filesystem >&2; \
+		false; \
+	fi; \
+	if [[ `stat -f '%Su %Lp' $${destmp}` != '${BUILDUSER} 700' ]]; then \
+		echo $${destmp} must have owner BUILDUSER and mode 700 >&2; \
+		false; \
+	fi
+	@if [[ `stat -f '%Su %Lp' ${RELEASEDIR}` != '${BUILDUSER} 700' ]]; then \
+		echo ${RELEASEDIR} must have owner BUILDUSER and mode 700 >&2; \
+		false; \
+	fi
 	${MAKE} release-sets
 	${MAKE} distrib
 	su ${BUILDUSER} -c 'exec ${MAKE} sha'