[pacman-dev] system to obviate need for DESTDIR hacks and improve PKGBUILD security

Allan McRae allan at archlinux.org
Sun Aug 22 02:32:54 EDT 2010

On 22/08/10 12:37, James Pike wrote:
> I believe arch
> currently runs install operations as root so the above method
> would increase security as it would remove the ability for packages to
> write to the file system in any way other than to $pkgdir (any writes
> that could theoretically escape the sandbox would only be as a user
> with low privileges anyway).

Just to be clear makepkg does not package as root unless the user 
explicitly asks for that to be done (and a big warning is printed if 
they do ask).  Instead we use "fakeroot" to which as its name suggests 
provides a fake root environment.


More information about the pacman-dev mailing list