[pacman-dev] [PATCH] Option to enable running makepkg in root
Saul Tigh
jemzipx at gmail.com
Thu Jan 16 15:51:59 UTC 2020
> Hmm, why is this though? Shouldn't the system which you are
> bootstrapping from be just as capable of using a delegated build user?
The bootstrap process has two stages. The first stage is done with a
delegated build user on the host system and the second stage is done inside
chroot and has to be done as root user (very similar to chapter six of the
lfs book). It is while inside this chroot as root user that makepg has to
compile and build the packages. As I understand it, the bootstrap process
is quite different than the way arch linux is constructed.
> If using this requires patching makepkg anyway, what's the advantage
> over just using a custom patch for the whole thing?
I believe it is better to have more options available to the power user. I
do realize that pacman is mainly designed for archlinux/derivatives which
might not benefit from this feature but it is good to cover corner cases
such as this that might benefit other users as well. Personally, I really
benefit from this feature and would appreciate it if it is included in the
mainstream version of pacman. This feature does not change the default
behavior of makepkg/pacman and is only enabled if the ALLOWROOT option is
enabled.
> Patches should be sent via git-send-email, BTW.
I apologize for this. Just part of being a noob really. I can resubmit
using git-send-email.
On Thu, Jan 16, 2020 at 8:14 PM Eli Schwartz <eschwartz at archlinux.org>
wrote:
> On 1/16/20 7:55 AM, Saul Tigh wrote:
> > Dear Pacman devs,
> >
> > Although running makepkg in root is frowned upon and considered
> dangerous,
> > there are circumstances that one might need to do so. For example, during
> > the bootstrap process of building my own toy gnu/linux distro (which uses
> > pacman/makepkg), I have to run makepkg in root.
>
> Hmm, why is this though? Shouldn't the system which you are
> bootstrapping from be just as capable of using a delegated build user?
>
> > I have added an option
> > called "ALLOWROOT" to makepkg which when is set to 1 enables running
> > makepkg in root. This option is disable by default and wouldn't cause any
> > issue for the average user of pacman and makepkg. This is my first patch
> > for pacman so criticism is welcome and please let me know how to improve
> it.
>
> If using this requires patching makepkg anyway, what's the advantage
> over just using a custom patch for the whole thing?
>
>
> > From def5a1cae3513e75aa6447a27f3f22a207ffdc61 Mon Sep 17 00:00:00 2001
> > From: Saul Tigh <jemzipx at gmail.com>
> > Date: Thu, 16 Jan 2020 18:58:27 +0700
> > Subject: Signed-off-by: Saul Tigh <jemzipx at gmail.com>
>
> Patches should be sent via git-send-email, BTW.
>
> > Although running makepkg in root is frowned upon, there are
> > circumstances that one might need to do so. For example, during the
> > bootstrap process of building his toy gnu/linux distro, the author of
> > this patch needs to run makepkg in root. This option is disable by
> > default. It can be enable by setting 'ALLOWROOT' in makepkg to 1.
> > ---
> > scripts/makepkg.sh.in | 15 ++++++++++++---
> > 1 file changed, 12 insertions(+), 3 deletions(-)
> >
> > diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
> > index ca3e7459..b2cd8ee4 100644
> > --- a/scripts/makepkg.sh.in
> > +++ b/scripts/makepkg.sh.in
> > @@ -79,6 +79,7 @@ SIGNPKG=''
> > SPLITPKG=0
> > SOURCEONLY=0
> > VERIFYSOURCE=0
> > +ALLOWROOT=0
> >
> > if [[ -n $SOURCE_DATE_EPOCH ]]; then
> > REPRODUCIBLE=1
> > @@ -1175,9 +1176,13 @@ fi
> >
> > if (( ! INFAKEROOT )); then
> > if (( EUID == 0 )); then
> > - error "$(gettext "Running %s as root is not allowed as it can cause
> > permanent,\n\
> > -catastrophic damage to your system.")" "makepkg"
> > - exit $E_ROOT
> > + if (( ALLOWROOT )); then
> > + plain "Running as root is not recommended. Proceed with caution."
> > + else
> > + error "$(gettext "Running %s as root is not allowed as it can cause
> > permanent,\n\
> > + catastrophic damage to your system.")" "makepkg"
> > + exit $E_ROOT
> > + fi
> > fi
> > else
> > if [[ -z $FAKEROOTKEY ]]; then
> > @@ -1352,6 +1357,10 @@ if (( SOURCEONLY )); then
> > check_source_integrity all
> > cd_safe "$startdir"
> >
> > + # allow makepkg to run in root
> > + if (( ALLOWROOT )); then
> > + unset FAKEROOTKEY
> > + fi
> > enter_fakeroot
> >
> > if [[ $SIGNPKG = 'y' ]]; then
> >
>
>
> --
> Eli Schwartz
> Bug Wrangler and Trusted User
>
>
More information about the pacman-dev
mailing list