[arch-general] resurrecting srcpac

Hussam Al-Tayeb ht990332 at gmail.com
Thu Jun 5 00:01:30 EDT 2008 

On Wed, 2008-06-04 at 20:38 -0700, Jason Chu wrote:
> On Sun, Jun 1, 2008 at 1:31 PM, Michael Klier <chi at chimeric.de> wrote:
> > Jason Chu wrote:
> >> On Sun, Jun 1, 2008 at 10:14 AM, Michael Klier <chi at chimeric.de> wrote:
> >> > Jason Chu wrote:
> >> >> Yeah, put those in your public repo too and then I'll release a new
> >> >> version of srcpac.
> >> >
> >> > Ok, almost finished, though one problem remains. Using nobody actually doesn't
> >> > work because when you su nobody -c <command> the system will enforce a
> >> > password change.
> >> >
> >> > That leaves 3 options: a) we use a dedicated srcpac user in case srcpac was
> >> > invoked by root or b) make the user configurable in /etc/srcpac.conf or c)
> >> > invoke makepkg using sudo -u nobody, that however will add sudo as dependency
> >> > to srcpac. Personally I think c) is the best of them.
> >> >
> >> > Other than that I've added the changes, but because of that missing bit the
> >> > version in my repo is not 100% functional at the moment.
> >> >
> >> > What do you think?
> >> >
> >> >    Michael
> >>
> >> I don't mind sudo as a dependency: c) is fine.
> >
> > OK then, I've applied that as well and updated the man page too. Now sudo is
> > used when invoked by root to drop privileges to nobody and su is used to drop
> > privilegs to the user who called srcpac via sudo (using su here to get the
> > environment right). From the tests I've done so far everything seems to work
> > well (though again, it wouldn't harm if someone maybe checked it too). I also
> > haven't touched the version number ;).
> >
> > Regards
> >    Michael
> >
> > --
> > Michael Klier
> 
> I'm happy with these changes.  Now the only real question that needs
> to be answered should this be srcpac 0.6 or srcpac 1.0?
> 
> Jason
> 

Can you have it run su -c '/path/to/command something'  instead of sudo?
Not all of us are willing to have to use sudo.
If sudo is that necessary, then it is still fine. This is just a small
opinion.

Thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2143 bytes
Desc: not available
URL: <http://archlinux.org/pipermail/arch-general/attachments/20080605/dc68f739/attachment.bin>

More information about the arch-general mailing list