On Thu, Jun 17, 2010 at 6:37 PM, Allan McRae <allan@archlinux.org> wrote:
On 18/06/10 09:12, Loui Chang wrote:
On Fri 18 Jun 2010 08:19 +1000, Allan McRae wrote:
On 18/06/10 01:09, Loui Chang wrote:
On Fri 18 Jun 2010 00:30 +1000, Allan McRae wrote:
I think I have found the issue here. We obviously have a NOPASSWD entry in our sudoers file so "sudo -l" does not require a password.
So the bug is confirmed. However the fix is not fully functional as if I have sudo installed but can not use it for pacman, then I can no longer fall back to using "su -c". I'd choose excess password typing over functionality loss.
Why not just take sudo and asroot out of the equation and treat makepkg as a real non-handholding executable?
What do you mean? Remove automatic dependency installation or require the entire thin to be run as root?
Enable the entire thing to be run as any user.
A user does not necessarily need to be called 'root' to have package manager privileges, nor do they need to be 'root' to have superuser privileges, so why do we need a special flag for when the user does happen to be 'root'?
I think a user should arrange those himself, rather than having makepkg assume that he wants to become root via sudo. If the user hasn't previously arranged the privs, then makepkg dependency installation should fail.
In my opinion any use of sudo, and any restrictions on root in makepkg should be removed. If you're keen to this idea I could provide some patches.
I still am not sure where you are going with this...
1) pacman requires you to be root to install packages (or at least UID=0 I think)
pacman -S pacman error: you cannot perform this operation unless you are root.
Correct. There is really no way to avoid being root here; you are going to touch everything on the system *and* you need arbitrary command execution. /* geteuid undefined in CYGWIN */ uid_t myuid = geteuid(); ...... /* check if we have sufficient permission for the requested operation */ if(myuid > 0 && needs_root()) { pm_printf(PM_LOG_ERROR, _("you cannot perform this operation unless you are root.\n")); cleanup(EXIT_FAILURE); }
2) Doing the actual packaging as root is dangerous, especially if you have "make install" by accident in your PKGBUILD. Or, as does happen, the software has a shitty Makefile and ignores DESTDIR for part of the installation (for this reason --asroot is not being removed).
+1000, Try packaging munin sometime from a blank slate as root and let me know when you un-screw your system. I have spent a long time haggling with packages like that to make sure they are actually doing their work in $pkgdest rather than my live system.
So we have conflicting needs within makepkg. root to install, non-root to build. When makepkg needs to install dependency packages, it checks if sudo is an option and if not falls back to using "su -c", and if that fails it gives up. Are you proposing that it just gives up straight away and not attempt privilege escalation?
Couldn't have said it better myself, thank you Allan. -Dan