Re: [pacman-dev] [PATCH] Option to enable running makepkg in root

Hmm, why is this though? Shouldn't the system which you are bootstrapping from be just as capable of using a delegated build user?

The bootstrap process has two stages. The first stage is done with a delegated build user on the host system and the second stage is done inside chroot and has to be done as root user (very similar to chapter six of the lfs book). It is while inside this chroot as root user that makepg has to compile and build the packages. As I understand it, the bootstrap process is quite different than the way arch linux is constructed.

If using this requires patching makepkg anyway, what's the advantage over just using a custom patch for the whole thing?

I believe it is better to have more options available to the power user. I do realize that pacman is mainly designed for archlinux/derivatives which might not benefit from this feature but it is good to cover corner cases such as this that might benefit other users as well. Personally, I really benefit from this feature and would appreciate it if it is included in the mainstream version of pacman. This feature does not change the default behavior of makepkg/pacman and is only enabled if the ALLOWROOT option is enabled.

Patches should be sent via git-send-email, BTW. I apologize for this. Just part of being a noob really. I can resubmit using git-send-email.

On Thu, Jan 16, 2020 at 8:14 PM Eli Schwartz wrote:

On 1/16/20 7:55 AM, Saul Tigh wrote:

...

Dear Pacman devs,

Although running makepkg in root is frowned upon and considered dangerous, there are circumstances that one might need to do so. For example, during the bootstrap process of building my own toy gnu/linux distro (which uses pacman/makepkg), I have to run makepkg in root.

Hmm, why is this though? Shouldn't the system which you are bootstrapping from be just as capable of using a delegated build user?

...

I have added an option called "ALLOWROOT" to makepkg which when is set to 1 enables running makepkg in root. This option is disable by default and wouldn't cause any issue for the average user of pacman and makepkg. This is my first patch for pacman so criticism is welcome and please let me know how to improve it.

If using this requires patching makepkg anyway, what's the advantage over just using a custom patch for the whole thing?

...

From def5a1cae3513e75aa6447a27f3f22a207ffdc61 Mon Sep 17 00:00:00 2001 From: Saul Tigh Date: Thu, 16 Jan 2020 18:58:27 +0700 Subject: Signed-off-by: Saul Tigh

Patches should be sent via git-send-email, BTW.

...

Although running makepkg in root is frowned upon, there are circumstances that one might need to do so. For example, during the bootstrap process of building his toy gnu/linux distro, the author of this patch needs to run makepkg in root. This option is disable by default. It can be enable by setting 'ALLOWROOT' in makepkg to 1. --- scripts/makepkg.sh.in | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index ca3e7459..b2cd8ee4 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -79,6 +79,7 @@ SIGNPKG='' SPLITPKG=0 SOURCEONLY=0 VERIFYSOURCE=0 +ALLOWROOT=0

if [[ -n $SOURCE_DATE_EPOCH ]]; then REPRODUCIBLE=1 @@ -1175,9 +1176,13 @@ fi

if (( ! INFAKEROOT )); then if (( EUID == 0 )); then - error "$(gettext "Running %s as root is not allowed as it can cause permanent,\n\ -catastrophic damage to your system.")" "makepkg" - exit $E_ROOT + if (( ALLOWROOT )); then + plain "Running as root is not recommended. Proceed with caution." + else + error "$(gettext "Running %s as root is not allowed as it can cause permanent,\n\ + catastrophic damage to your system.")" "makepkg" + exit $E_ROOT + fi fi else if [[ -z $FAKEROOTKEY ]]; then @@ -1352,6 +1357,10 @@ if (( SOURCEONLY )); then check_source_integrity all cd_safe "$startdir"

+ # allow makepkg to run in root + if (( ALLOWROOT )); then + unset FAKEROOTKEY + fi enter_fakeroot

if [[ $SIGNPKG = 'y' ]]; then

-- Eli Schwartz Bug Wrangler and Trusted User