 fox
II/IDEC networks :: obsd.info.14 :: / g2k14: Christian Weisgerber on Package Building without sudo **
|
Login |
[#]
g2k14: Christian Weisgerber on Package Building without sudo **
undeadly.org(obsdave,1) — All
2014-08-03 16:55:05
http://undeadly.org/cgi?action=article&sid=20140803122705
Contributed by [tbert](http://bsdly.blogspot.com/) on Sun Aug 3 05:54:09 2014 (GMT)
from the sandwich makes itself dept.
Christian Weisgerber wrote in with this report from g2k14:
> I updated the gettext port, of course. What'd you think I'd do at a hackathon?
The most interesting thing I worked on at g2k14 started out with a question: Why exactly do we run the fake step as root? (Hint: FreeBSD's corresponding stage infrastructure does not.)
> Because ports want to install with "install -o root -g bin"? But they only do so because we tell them to. We pass those flags to configure. We just need to stop doing this.
>
> Because some ports want to set a special user/group and chmod to suid/sgid? The vast majority of ports do not and the few that do already require corresponding annotations in the PLIST. Why not just use this metadata for the package, instead of the actual file modes?
>
> Really, most ports could be built just fine without sudo. Those that do not can be annotated, FAKE_AS_ROOT=Yes, and fixed eventually. (You will still need sudo for installing dependencies, though.) All that is required is a little bit of support in our infrastructure.
>
> To this end I came up with patches to bsd.port.mk and pkg_add that accomplish this. Initial testing revealed a number of ports modules that would also require minor tweaking, but as expected it became clear that rather few changes would go a long way to handling most of the ports tree.
>
> At this stage this is merely a proof of concept, showing that the approach is workable. To be revisited once the 5.6 release is out the door.
undeadly.org(obsdave,1) — All
2014-08-03 16:55:05
http://undeadly.org/cgi?action=article&sid=20140803122705
Contributed by [tbert](http://bsdly.blogspot.com/) on Sun Aug 3 05:54:09 2014 (GMT)
from the sandwich makes itself dept.
Christian Weisgerber wrote in with this report from g2k14:
> I updated the gettext port, of course. What'd you think I'd do at a hackathon?
The most interesting thing I worked on at g2k14 started out with a question: Why exactly do we run the fake step as root? (Hint: FreeBSD's corresponding stage infrastructure does not.)
> Because ports want to install with "install -o root -g bin"? But they only do so because we tell them to. We pass those flags to configure. We just need to stop doing this.
>
> Because some ports want to set a special user/group and chmod to suid/sgid? The vast majority of ports do not and the few that do already require corresponding annotations in the PLIST. Why not just use this metadata for the package, instead of the actual file modes?
>
> Really, most ports could be built just fine without sudo. Those that do not can be annotated, FAKE_AS_ROOT=Yes, and fixed eventually. (You will still need sudo for installing dependencies, though.) All that is required is a little bit of support in our infrastructure.
>
> To this end I came up with patches to bsd.port.mk and pkg_add that accomplish this. Initial testing revealed a number of ports modules that would also require minor tweaking, but as expected it became clear that rather few changes would go a long way to handling most of the ports tree.
>
> At this stage this is merely a proof of concept, showing that the approach is workable. To be revisited once the 5.6 release is out the door.