May nuke /usr/local

[Keith-S-Thompson]

According to a post by the author on comp.lang.ada:

Be careful as the default install directory is /usr/local and things like "make release" will clear that (sudo rm -rf /usr/local/*) before building, installing, and tar'ing up a release. "make -n release | less" will let you see what is happening.

I haven't verified this, but if true this is a serious bug.

[steve-cs]

Yes, this is a significant limitation. It turns out the targets that clean $(prefix) are release, bootstrap-clean, and prefix-clean. It would be trivial to remove prefix-clean as an automatic release dependency and hide it in a shell script or YAML file. Would that satisfy your concern? If not, what
might?

Cleaning (clearing) $(prefix) when bootstrapping (i.e. building a release) into $(prefix) is intentional. Currently there are things that break and/or need to be papered over with environment variables if $(prefix) is not /usr/local. The simpler answer (at least currently for me) is to run in a VM.

[Keith-S-Thompson]

I wouldn't call this a "limitation". A limitation would be something that it fails to do. This can seriously damage a system. It is practically malware. If I were you, the first thing I would do is commit a change to Makefile so it immediately dies with an error message, pending a fix.

I think I'd recommend not invoking sudo from a Makefile. Instead, for anything that requires root access, check whether the user is running as root and abort if not. Make the user run sudo make ....

I'm not planning to use this, so I don't have any advice on how to make it useful. But it must not delete anything that it doesn't "own".

There are plenty of installation scripts that install things in a given location, defaulting to /usr/local. I've never heard of one that will nuke the entire /usr/local directory tree.

[Keith-S-Thompson]

I'm curious why this was closed. Was the problem corrected?