[pacman-dev] [PATCH] Option to enable running makepkg in root

Thu Jan 16 13:13:57 UTC 2020

On 1/16/20 7:55 AM, Saul Tigh wrote:
> Dear Pacman devs,
> 
> Although running makepkg in root is frowned upon and considered dangerous,
> there are circumstances that one might need to do so. For example, during
> the bootstrap process of building my own toy gnu/linux distro (which uses
> pacman/makepkg), I have to run makepkg in root.

Hmm, why is this though? Shouldn't the system which you are
bootstrapping from be just as capable of using a delegated build user?

> I have added an option
> called "ALLOWROOT" to makepkg which when is set to 1 enables running
> makepkg in root. This option is disable by default and wouldn't cause any
> issue for the average user of pacman and makepkg. This is my first patch
> for pacman so criticism is welcome and please let me know how to improve it.

If using this requires patching makepkg anyway, what's the advantage
over just using a custom patch for the whole thing?

> From def5a1cae3513e75aa6447a27f3f22a207ffdc61 Mon Sep 17 00:00:00 2001
> From: Saul Tigh <jemzipx at gmail.com>
> Date: Thu, 16 Jan 2020 18:58:27 +0700
> Subject: Signed-off-by: Saul Tigh <jemzipx at gmail.com>

Patches should be sent via git-send-email, BTW.

> Although running makepkg in root is frowned upon, there are
> circumstances that one might need to do so. For example, during the
> bootstrap process of building his toy gnu/linux distro, the author of
> this patch needs to run makepkg in root. This option is disable by
> default. It can be enable by setting 'ALLOWROOT' in makepkg to 1.
> ---
>  scripts/makepkg.sh.in | 15 ++++++++++++---
>  1 file changed, 12 insertions(+), 3 deletions(-)
> 
> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
> index ca3e7459..b2cd8ee4 100644
> --- a/scripts/makepkg.sh.in
> +++ b/scripts/makepkg.sh.in
> @@ -79,6 +79,7 @@ SIGNPKG=''
>  SPLITPKG=0
>  SOURCEONLY=0
>  VERIFYSOURCE=0
> +ALLOWROOT=0
> 
>  if [[ -n $SOURCE_DATE_EPOCH ]]; then
>   REPRODUCIBLE=1
> @@ -1175,9 +1176,13 @@ fi
> 
>  if (( ! INFAKEROOT )); then
>   if (( EUID == 0 )); then
> - error "$(gettext "Running %s as root is not allowed as it can cause
> permanent,\n\
> -catastrophic damage to your system.")" "makepkg"
> - exit $E_ROOT
> + if (( ALLOWROOT )); then
> + plain "Running as root is not recommended. Proceed with caution."
> + else
> + error "$(gettext "Running %s as root is not allowed as it can cause
> permanent,\n\
> + catastrophic damage to your system.")" "makepkg"
> + exit $E_ROOT
> + fi
>   fi
>  else
>   if [[ -z $FAKEROOTKEY ]]; then
> @@ -1352,6 +1357,10 @@ if (( SOURCEONLY )); then
>   check_source_integrity all
>   cd_safe "$startdir"
> 
> + # allow makepkg to run in root
> + if (( ALLOWROOT )); then
> + unset FAKEROOTKEY
> + fi
>   enter_fakeroot
> 
>   if [[ $SIGNPKG = 'y' ]]; then
> 

-- 
Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20200116/90024418/attachment.sig>