On 1/4/21 9:45 PM, Levente Polyak via pacman-dev wrote:
I agree with the first parts, but a simple sorted execution before dropping won't be sufficient, you will have separate user action before root privileged action for first syncing the database and downloading packages before installing them like a simple -Syu.
There are multiple ways to achieve this, like with separated binary offloading or multiple forked execution with lower privileges. But it's certainly required to be able to execute lower privileged context before having a higher privileged context at the end like package installation. Even for a single action you want to have a non root context to download the packages.
As far as I can tell, the idea here is to: - run those dedicated tasks using e.g. separated binary offloading, - resume the main root flow for package installation, - then and only then consider the issue of "-Syi does not need root for the -i part", and then permanently, irrecoverably, drop permissions in order to do purely informational terminal output. -- Eli Schwartz Bug Wrangler and Trusted User