On 12/22/2017 08:02 AM, Manuel Reimer wrote:
I want to autobuild a set of packages. For this process, it is not acceptable to use "sudo" as I don't want to enter some passwords and my autobuild program also has to do some other stuff with root privileges.
The help page of "makechrootpkg" suggests, that there is an option for me:
-U Run makepkg as a specified user
But I tried this several times. So far without success.
I've copied the PKGBUILD to the /tmp directory, just to be sure it is really readable by my build user.
Then my command was:
# makechrootpkg -c -U build -r /var/cache/PATH_TO_MY_CHROOT
This now seems to download the source files and also is validating them against the stored MD5 sums.
But after that I get the error
==> ERROR: Running makepkg as root is not allowed as it can cause permanent, catastrophic damage to your system.
Seems like makepkg is called once in context of my supplied "build user" and then a second time without using the build user.
Where is my mistabe? Or is this a bug in makechrootpkg?
AFAIK this should work fine, for its intended goal. Though I don't think it gets a lot of testing.
makechrootpkg elevates to root if needed, using sudo. It then has to run makepkg to update sources, *before* entering the chroot for building. Usually it does that by sudo -u $SUDO_USER makepkg --verifysource, however that relies on detecting the user that ran `sudo makechrootpkg` via the SUDO_USER variable. So the -U flag can be used to specify the user to use instead.
That is the first time the makepkg command is run. The second time, is inside the chroot, which should automatically be run as the "builduser" user inside a systemd-nspawn container (we don't actually use chroot).
Both times, makechrootpkg will drop privileges using sudo.