[pacman-dev] [PATCH 10/11] makepkg: do not ask sudo password twice

Allan McRae allan at archlinux.org
Thu Jun 17 19:37:24 EDT 2010

On 18/06/10 09:12, Loui Chang wrote:
> On Fri 18 Jun 2010 08:19 +1000, Allan McRae wrote:
>> On 18/06/10 01:09, Loui Chang wrote:
>>> On Fri 18 Jun 2010 00:30 +1000, Allan McRae wrote:
>>>> I think I have found the issue here.   We obviously have a NOPASSWD
>>>> entry in our sudoers file so "sudo -l" does not require a password.
>>>> So the bug is confirmed.  However the fix is not fully functional as
>>>> if I have sudo installed but can not use it for pacman, then I can
>>>> no longer fall back to using "su -c".  I'd choose excess password
>>>> typing over functionality loss.
>>> Why not just take sudo and asroot out of the equation and treat makepkg
>>> as a real non-handholding executable?
>> What do you mean?   Remove automatic dependency installation or
>> require the entire thin to be run as root?
> Enable the entire thing to be run as any user.
> A user does not necessarily need to be called 'root' to have package
> manager privileges, nor do they need to be 'root' to have superuser
> privileges, so why do we need a special flag for when the user does
> happen to be 'root'?
> I think a user should arrange those himself, rather than having makepkg
> assume that he wants to become root via sudo. If the user hasn't
> previously arranged the privs, then makepkg dependency installation
> should fail.
> In my opinion any use of sudo, and any restrictions on root in makepkg
> should be removed. If you're keen to this idea I could provide some
> patches.

I still am not sure where you are going with this...

1) pacman requires you to be root to install packages (or at least UID=0 
I think)
 > pacman -S pacman
error: you cannot perform this operation unless you are root.

2) Doing the actual packaging as root is dangerous, especially if you 
have "make install" by accident in your PKGBUILD.  Or, as does happen, 
the software has a shitty Makefile and ignores DESTDIR for part of the 
installation (for this reason --asroot is not being removed).

So we have conflicting needs within makepkg.  root to install, non-root 
to build.  When makepkg needs to install dependency packages, it checks 
if sudo is an option and if not falls back to using "su -c", and if that 
fails it gives up.  Are you proposing that it just gives up straight 
away and not attempt privilege escalation?


More information about the pacman-dev mailing list