On 2/24/21 7:37 AM, Allan McRae wrote:
On 23/2/21 1:07 am, Erich Ericson wrote:
The following patches should enable doas support for privilege escalation in makepkg as well as document the absence thereof in binary verification. As doas gained a little traction over the last weeks and with its presence in the official repos it seems like a cheap, yet beneficial patch to the featureset of makepkg. It might not be an exhaustive patchset as I don't know all of makepkg's and libmakepkg's intricacies, but it has been tested by me and seems to work as expected. Nonetheless those patches should "point in the right direction".
My understanding was that Eli has a patch in the works that allowed configuring the command for privilege escalation in makepkg.conf. This is my preferred approach as it avoids adding the new hotness in the future.
Yes, this is just https://bugs.archlinux.org/task/68985 which was already rejected as overly specific. I have WIP stuff, the general gist of which looks like this: https://git.archlinux.org/users/eschwartz/pacman.git/log/?h=queue2&qt=grep&q=PACMAN_AUTH It will prefer: - PACMAN_AUTH=() in makepkg.conf, if defined (bring-your-own-auth, popular flavors of the day include doas, pkexec) - hardcoded sudo, if installed - hardcoded su ... Yes, I should get off my butt, finish+document it, test it, submit it etc. -- which will happen Soon™. Definitely before 6.0.0 final release. Admittedly, I started this on 2019-11-26 and still didn't get around to finishing it. But, given the opendoas fans are increasingly showing interest in it, I've already determined that it's time to dust this off and polish it up. -- Eli Schwartz Bug Wrangler and Trusted User