Date: Sun, 11 Nov 2007 16:53:43 +0100 From: Stefan Sperling <stsp@stsp.name> To: dougb@freebsd.org Cc: ports@freebsd.org Subject: [PATCH] portmaster with SU_CMD Message-ID: <20071111155343.GC1567@ted.stsp.lan>
next in thread | raw e-mail | index | archive | help
--CblX+4bnyfN0pR09 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Doug, here is a patch to make portmaster usable together with the SU_CMD feature in /etc/make.conf. I have the following setup: * directories in /usr/obj are writable by group "wobj" * directories in /usr/ports are writable by group "wports" * my user is in both of these groups (a single group could be used for both directories as well, it would not make a difference) * my user is in group wheel and sudoers allows users in that group to run anything In /etc/make.conf, I have: SU_CMD=3D/usr/local/sbin/sucmd.sh This script contains: #!/bin/sh if [ -x /usr/local/bin/sudo ] then /usr/local/bin/sudo /bin/sh -c "$1" else /usr/bin/su root -c "$1" fi I use that script so I don't have to change the SU_CMD setting to update sudo, otherwise you get a chicken-and-egg problem. A setup like this works fine with portupgrade, because it has a -s switch that makes it run 'sudo' for all commands that need root privileges. On day, when portupgrade started segfaulting at me for no apparent reason while closing its binary port database, I looked for alternatives and found portmaster. It looked much nicer than portupgrade to me, but only supported running entirely as root. So I hacked the script and added a -S flag that users can use to specify a command that should be used to run commands that need root privileges: portmaster -S sudo -a I've been using this for a while now. I think that by now I have found all places that need a "$SU_CMD" prefix, at least with respect to my setup. This basically means any command that modifies things outside of /usr/obj and /usr/ports, i.e. those modifying things in /usr/local or /var/db/pkg. It has been working fine for me for a few weeks now, so I thought I might share it in case you or anyone else is interested. If you don't want to apply this patch upstream I have no problem maintaining it in my own tree. Note though that the patch also fixes two cases where 'command1 && command2; command3' is run, while the indention suggests 'command1 && (command2; command3)' See patch to files/portmaster.sh.in, hunk @@ -269,14 +271,13 @@ . You might want to take a look at this even if you don't care about the -S flag. Thanks for a great port management tool! Index: files/portmaster.8 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/ncvs/ports/ports-mgmt/portmaster/files/portmaster.8,v retrieving revision 1.11 diff -u -r1.11 portmaster.8 --- files/portmaster.8 27 May 2007 08:10:54 -0000 1.11 +++ files/portmaster.8 26 Oct 2007 20:27:54 -0000 @@ -35,6 +35,7 @@ .Op Fl -force-config CGgntvw [B|b] [uf|i] [D|d] .Op Fl m Ar arguments for make .Op Fl x Ar glob pattern to exclude from building +.Op Fl S Ar command to use to run commands that need root privileges .Nm .Op Common Flags .Ar full name of port directory in /var/db/pkg @@ -233,6 +234,9 @@ avoid building ports as dependencies that match this pattern .It Fl p Ar port directory in /usr/ports specify the full path to a port directory +.It Fl S Ar command +specify a command to use to run commands that need root +privileges (e.g. su or sudo) .It Fl -show-work show what dependent ports are, and are not installed (implies .Fl t ) . @@ -327,6 +331,7 @@ .Dl "portmaster -r fooport-1.23" .Dl "portmaster -o emulators/linux_base-fc4 linux_base-8-8.0_15" .Dl "portmaster -x cvsup -f -a" +.Dl "portmaster -S /usr/local/bin/sudo -a" .Pp .Dl "portmaster -L |" .Dl "egrep -B1 'ew version|Aborting|installed|dependencies' |" Index: files/portmaster.sh.in =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /usr/ncvs/ports/ports-mgmt/portmaster/files/portmaster.sh.in,v retrieving revision 1.25 diff -u -r1.25 portmaster.sh.in --- files/portmaster.sh.in 31 Oct 2007 08:57:03 -0000 1.25 +++ files/portmaster.sh.in 4 Nov 2007 12:10:30 -0000 @@ -34,6 +34,7 @@ echo "Common flags: [--force-config] [-CGgntvw B|b uf|i D|d]" echo " [-m <arguments for make>]" echo " [-x <glob pattern to exclude from building>]" + echo " [-S <command to use to run commands that need root privileges>]" echo "${0##*/} [Common flags] <full name of port directory in $pdb>" echo "${0##*/} [Common flags] <full path to $pd/foo/bar>" echo "${0##*/} [Common flags] Multiple full names/paths from $pdb|$pd" @@ -76,6 +77,7 @@ echo '-d always clean distfiles' echo "-m <arguments for the 'make' command line>" echo "-x <avoid building ports as dependencies that match this pattern>" + echo "-S <command to use to run commands that need root privileges>" echo '' echo '--show-work list what ports are and would be installed' echo '' @@ -228,7 +230,7 @@ =20 if [ -n "$RESTART" -o -n "$FORCE" ]; then if [ -z "$TRAP" ]; then - find $pdb -type f -name PM_UPGRADE_DONE_FLAG -delete + $SU_CMD find $pdb -type f -name PM_UPGRADE_DONE_FLAG -delete fi fi =20 @@ -269,14 +271,13 @@ tempfile=3D`mktemp -t tempfile-${new_port}` =20 sed "s/@pkgdep $1/@pkgdep $2/" $dep_port_contents > $tempfile && - mv $tempfile $pdb/$dep_port/+CONTENTS - chmod 644 $pdb/$dep_port/+CONTENTS + ($SU_CMD mv $tempfile $pdb/$dep_port/+CONTENTS + $SU_CMD chmod 644 $pdb/$dep_port/+CONTENTS) =20 if [ -n "$oldportdir" ]; then sed "s%N:${oldportdir}\$%N:${newportdir}%" $dep_port_contents > $tempfil= e && - mv $tempfile $pdb/$dep_port/+CONTENTS - chmod 644 $pdb/$dep_port/+CONTENTS - + ($SU_CMD mv $tempfile $pdb/$dep_port/+CONTENTS + $SU_CMD chmod 644 $pdb/$dep_port/+CONTENTS) fi } =20 @@ -875,13 +876,13 @@ pkgrep=3D`make $PM_MAKE_ARGS -f/usr/share/mk/bsd.port.mk -VPKGREPOSITORY` [ -n "$pkgrep" ] || fail 'The value of PKGREPOSITORY cannot be empty' export pkgrep - mkdir -p $pkgrep + $SU_CMD mkdir -p $pkgrep } =20 backup_package () { echo "=3D=3D=3D>>> Creating a backup package for old version $1" cd $pkgrep || fail "Cannot cd into the $pkgrep directory for backup" - if pkg_create -b $1; then + if $SU_CMD pkg_create -b $1; then echo " =3D=3D=3D>>> Package can be found in $pkgrep" else local PROCEED @@ -994,7 +995,7 @@ fi =20 # Save switches for potential child processes -while getopts 'BCDGLRabde:fghilm:nop:r:stuvwx:' COMMAND_LINE_ARGUMENT ; do +while getopts 'BCDGLRabde:fghilm:nop:r:sS:tuvwx:' COMMAND_LINE_ARGUMENT ; = do case "${COMMAND_LINE_ARGUMENT}" in B) NO_BACKUP=3Dyes; ARGS=3D"-B $ARGS" ;; C) DONT_PRE_CLEAN=3Dyes; ARGS=3D"-C $ARGS" ;; @@ -1023,6 +1024,7 @@ p) portdir=3D"${OPTARG#$pd/}" ; portdir=3D${portdir%/} ;; r) UPDATE_REQ_BYS=3Dyes; upg_port=3D$OPTARG ;; s) CLEAN_STALE=3Dyes ;; + S) SU_CMD=3D$OPTARG; ARGS=3D"-S $OPTARG $ARGS" ;; t) RECURSE_THOROUGH=3Dyes; ARGS=3D"-t $ARGS" ;; u) UNATTENDED=3Dyes; ARGS=3D"-u $ARGS" ;; v) VERBOSE=3Dyes; ARGS=3D"-v $ARGS" ;; @@ -1134,8 +1136,8 @@ =20 find_dl_distfiles $origin =20 - echo "=3D=3D=3D>>> Running pkg_delete -f $EXPUNGE" - pkg_delete -f $EXPUNGE + echo "=3D=3D=3D>>> Running $SU_CMD pkg_delete -f $EXPUNGE" + $SU_CMD pkg_delete -f $EXPUNGE delete_dist_list if [ -z "$DONT_SCRUB_DISTFILES" ]; then delete_all_distfiles $origin @@ -1184,8 +1186,8 @@ =20 find_dl_distfiles $origin =20 - echo "=3D=3D=3D>>> Running pkg_delete -f $iport" - pkg_delete -f ${iport} + echo "=3D=3D=3D>>> Running $SU_CMD pkg_delete -f $iport" + $SU_CMD pkg_delete -f ${iport} delete_dist_list if [ -z "$DONT_SCRUB_DISTFILES" ]; then delete_all_distfiles $origin @@ -1195,7 +1197,7 @@ *) echo -n " =3D=3D=3D>>> Remove empty +REQUIRED_BY file? [n] " read DELORNOT case "$DELORNOT" in - [yY]) rm -f $file ;; + [yY]) $SU_CMD rm -f $file ;; *) do_not_delete=3D"${do_not_delete}${iport}:" ;; esac ;; @@ -1743,25 +1745,25 @@ =20 if [ -n "$SAVE_SHARED" ]; then ldconfig_out=3D`mktemp -t f-${PARENT_PID}-ldconfig` - ldconfig -r | sed 's#.* ##' | - grep -v ^${PORTS_PREFIX}/lib/compat > $ldconfig_out + $SU_CMD /bin/sh -c "ldconfig -r | sed 's#.* ##' | \ + grep -v ^${PORTS_PREFIX}/lib/compat > $ldconfig_out" =20 - mkdir -p ${PORTS_PREFIX}/lib/compat/pkg + $SU_CMD mkdir -p ${PORTS_PREFIX}/lib/compat/pkg =20 for file in `pkg_info -q -L $upg_port | sort - $ldconfig_out | \ uniq -d`; do - cp -p $file ${PORTS_PREFIX}/lib/compat/pkg/ + $SU_CMD cp -p $file ${PORTS_PREFIX}/lib/compat/pkg/ done - ldconfig -m ${PORTS_PREFIX}/lib/compat/pkg + $SU_CMD ldconfig -m ${PORTS_PREFIX}/lib/compat/pkg fi =20 - pkg_delete -f $upg_port || fail 'pkg_delete failed' + $SU_CMD pkg_delete -f $upg_port || fail 'pkg_delete failed' delete_dist_list =20 if [ -n "$REPLACE_ORIGIN" ]; then installed_newport=3D`iport_from_origin ${newportdir}` if [ -n "$installed_newport" ]; then - pkg_delete -f $installed_newport + $SU_CMD pkg_delete -f $installed_newport delete_dist_list fi fi @@ -1783,11 +1785,11 @@ # Remove saved libs that match newly installed files pkg_info -q -L $new_port | while read file; do if [ -e "${PORTS_PREFIX}/lib/compat/pkg/${file##*/}" ]; then - unlink ${PORTS_PREFIX}/lib/compat/pkg/${file##*/} + $SU_CMD unlink ${PORTS_PREFIX}/lib/compat/pkg/${file##*/} fi done test -d "${PORTS_PREFIX}/lib/compat/pkg" && - ldconfig -m ${PORTS_PREFIX}/lib/compat/pkg + $SU_CMD ldconfig -m ${PORTS_PREFIX}/lib/compat/pkg =20 allfiles=3D`make $PM_MAKE_ARGS -V ALLFILES` if [ ! "$allfiles" =3D ' ' ]; then @@ -1796,16 +1798,16 @@ # See http://www.freebsd.org/cgi/query-pr.cgi?pr=3D106483 dist_list=3D`make BEFOREPORTMK=3Dyes $PM_MAKE_ARGS -V OPTIONSFILE` dist_list=3D"${dist_list%options}distfiles" - mkdir -p ${dist_list%/distfiles} + $SU_CMD mkdir -p ${dist_list%/distfiles} ds=3D`make BEFOREPORTMK=3Dyes $PM_MAKE_ARGS -V DIST_SUBDIR` test -n "$ds" && ds=3D"${ds}/" distinfo=3D`make $PM_MAKE_ARGS -V MD5_FILE` - echo '# Added by portmaster' > $dist_list + $SU_CMD /bin/sh -c "echo '# Added by portmaster' > $dist_list" for file in $allfiles; do size=3D`grep "^SIZE (${ds}${file})" $distinfo | cut -f4 -d' '` sha256=3D`grep "^SHA256 (${ds}${file})" $distinfo | cut -f4 -d' '` md5=3D`grep "^MD5 (${ds}${file})" $distinfo | cut -f4 -d' '` - echo "DISTFILE:${ds}${file}:SIZE=3D${size}:SHA256=3D${sha256}:MD5=3D${md= 5}" >> $dist_list + $SU_CMD /bin/sh -c "echo "DISTFILE:${ds}${file}:SIZE=3D${size}:SHA256=3D= ${sha256}:MD5=3D${md5}" >> $dist_list" done fi =20 @@ -1848,17 +1850,17 @@ done < $req_deps } update_dep_entries - mv $req_deps $pdb/$new_port/+REQUIRED_BY + $SU_CMD mv $req_deps $pdb/$new_port/+REQUIRED_BY unset req_deps - chmod 644 $pdb/$new_port/+REQUIRED_BY + $SU_CMD chmod 644 $pdb/$new_port/+REQUIRED_BY =20 if [ -n "$REPLACE_ORIGIN" ]; then req_deps=3D`mktemp -t req-deps-${short_port}` =20 grep -l DEPORIGIN:$newportdir$ $pdb/*/+CONTENTS | - cut -f 5 -d '/' | sort -u > $req_deps + cut -f 5 -d '/' | $SU_CMD sort -u > $req_deps update_dep_entries $new_port - cat $req_deps >> $pdb/$new_port/+REQUIRED_BY + $SU_CMD cat $req_deps >> $pdb/$new_port/+REQUIRED_BY fi fi =20 @@ -1872,7 +1874,7 @@ DISPLAY_LIST=3D"${DISPLAY_LIST}$new_port/+DISPLAY " =20 if [ -n "$URB_YES" -o -n "$UPDATE_REQ_BYS" -o -n "$FORCE" ]; then - touch $pdb/$new_port/PM_UPGRADE_DONE_FLAG + $SU_CMD touch $pdb/$new_port/PM_UPGRADE_DONE_FLAG fi =20 if [ -z "$DONT_SCRUB_DISTFILES" ]; then --=20 stefan http://stsp.name PGP Key: 0xF59D25F0 --CblX+4bnyfN0pR09 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHNyWH5dMCc/WdJfARAu8mAJ9O7nKAJzN/yMDTLQeHr8LoWNm5+QCgtoHE 6cwgjjbwPOaEfuono5Konrc= =6XJ8 -----END PGP SIGNATURE----- --CblX+4bnyfN0pR09--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071111155343.GC1567>