[arch-general] Why is it dangerous to run makepkg as root?
William Giokas
1007380 at gmail.com
Sat May 17 13:56:38 EDT 2014
On Sat, May 17, 2014 at 03:49:49PM +0300, Dimitris Zervas wrote:
>
>
> >The second idea is that this advice should prevent the script from
> >*accidentally* damage my system. But this could be prevented by using fakeroot
> >(which is disabled when calling makepkg with --asroot according to the
> >
> >manpage) or chroot. And actually the proper advice in this case should be to
> >execute makepkg using a user dedicated for this, as for most arch users it
> >would be worse if their personal file get deleted as if the system becomes
> >unbootable.
> I agree.
> A good idea is to automatically change to a much more restricted user, used just for building (no shells, logins, etc.).
> Chroot is too much of a hassle with, most of times, no point. You'll have to deal with dependent libs etc. etc. etc.
> A good option here could be to hardlink/copy the files of the dependencies inside the chroot temporary in order to do the job.
> But still, I think it's too much. You should check the scripts on your own...
There is already a package maintained by the Arch devs called
'devtools'¹ specifically for building packages in a chroot, among other
things.
¹: https://www.archlinux.org/packages/extra/any/devtools/
Thanks,
--
William Giokas | KaiSforza | http://kaictl.net/
GnuPG Key: 0x73CD09CF
Fingerprint: F73F 50EF BBE2 9846 8306 E6B8 6902 06D8 73CD 09CF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20140517/0bad06c5/attachment.asc>
More information about the arch-general
mailing list