[pacman-dev] [PATCH] doas makepkg support
Eli Schwartz
eschwartz at archlinux.org
Fri Feb 26 19:17:56 UTC 2021
On 2/24/21 7:37 AM, Allan McRae wrote:
> On 23/2/21 1:07 am, Erich Ericson wrote:
>> The following patches should enable doas support for privilege
>> escalation in makepkg as well as document the absence thereof in
>> binary verification. As doas gained a little traction over the last
>> weeks and with its presence in the official repos it seems like a
>> cheap, yet beneficial patch to the featureset of makepkg. It might not
>> be an exhaustive patchset as I don't know all of makepkg's and
>> libmakepkg's intricacies, but it has been tested by me and seems to
>> work as expected. Nonetheless those patches should "point in the right
>> direction".
>>
>
> My understanding was that Eli has a patch in the works that allowed
> configuring the command for privilege escalation in makepkg.conf. This
> is my preferred approach as it avoids adding the new hotness in the future.
Yes, this is just https://bugs.archlinux.org/task/68985 which was
already rejected as overly specific.
I have WIP stuff, the general gist of which looks like this:
https://git.archlinux.org/users/eschwartz/pacman.git/log/?h=queue2&qt=grep&q=PACMAN_AUTH
It will prefer:
- PACMAN_AUTH=() in makepkg.conf, if defined
(bring-your-own-auth, popular flavors of the day include doas, pkexec)
- hardcoded sudo, if installed
- hardcoded su
...
Yes, I should get off my butt, finish+document it, test it, submit it
etc. -- which will happen Soon™. Definitely before 6.0.0 final release.
Admittedly, I started this on 2019-11-26 and still didn't get around to
finishing it. But, given the opendoas fans are increasingly showing
interest in it, I've already determined that it's time to dust this off
and polish it up.
--
Eli Schwartz
Bug Wrangler and Trusted User
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20210226/1b3ae204/attachment.sig>
More information about the pacman-dev
mailing list