On Tue, Mar 04, 2014 at 01:38:17PM +1000, Allan McRae wrote:
<snip>
diff --git a/src/pacman/util.c b/src/pacman/util.c index d42e27b..d10bc7d 100644 --- a/src/pacman/util.c +++ b/src/pacman/util.c @@ -102,6 +102,9 @@ int trans_release(void)
int needs_root(void) { + if(config->noroot == 1) { + return 0; + } switch(config->op) { case PM_OP_DATABASE: return 1;
pacman -S --noroot glibc -> BOOM!
Well, boom being pacman errors out during package extraction. At a minimum, I would expect pacman to check whether I can write to all the directories in the package file.
Currently it's not doing any of that checking in order to make things somewhat simpler for me. I've barely written anything in C before, so this is basically me experimenting a little bit to get a POC. Another thing that could happen is just a check of the RootDir, DBPath... and others that pacman uses. This way --noroot would almost not even be needed, as simply setting RootDir and the other options to user-writeable paths would allow them to run this without issue. (Obviously it would still error out if it's unable to write to directories below that, though, but as root you won't have that problem and as a user you should keep a handle on that problem).
The database directory should only ever be writeable by root. It would be a major security issue otherwise (particularly as one promenant distribution can still not sign databases...). So how would a user of "--noroot" add a database? If we are restricting them to -U, there is no need for makepkg support.
It's a security issue if the database directory for a system is writeable by a non-root user, however the point of this is to allow makepkg and pacman to be used for non-system applications, similar to the way that pip can be used in a virtualenv. You would set RootDir to somewhere that you have write access to (/home/wgiokas/foo) and, get it set up for pacman (add the directories it needs) and then run it with --noroot. Pacman is going to error itself now if it can't write files.
In conclusion, I'd like to see a very well thought out plan discussed before I look at code for this.
Alright, I'll keep working on stuff. Thanks for the feedback, though. There's still a whole lot more that I've found that needs to be changed to use this to extract and work with packages as a non-root user. Thanks, -- William Giokas | KaiSforza | http://kaictl.net/ GnuPG Key: 0x73CD09CF Fingerprint: F73F 50EF BBE2 9846 8306 E6B8 6902 06D8 73CD 09CF