[arch-general] Why is it dangerous to run makepkg as root?
Dimitris Zervas
dzervas at dzervas.gr
Sat May 17 08:49:49 EDT 2014
>The second idea is that this advice should prevent the script from
>*accidentally* damage my system. But this could be prevented by using
>fakeroot
>(which is disabled when calling makepkg with --asroot according to the
>
>manpage) or chroot. And actually the proper advice in this case should
>be to
>execute makepkg using a user dedicated for this, as for most arch users
>it
>would be worse if their personal file get deleted as if the system
>becomes
>unbootable.
I agree.
A good idea is to automatically change to a much more restricted user, used just for building (no shells, logins, etc.).
Chroot is too much of a hassle with, most of times, no point. You'll have to deal with dependent libs etc. etc. etc.
A good option here could be to hardlink/copy the files of the dependencies inside the chroot temporary in order to do the job.
But still, I think it's too much. You should check the scripts on your own...
More information about the arch-general
mailing list