Date: Wed, 30 Apr 2003 02:33:38 +0200 (CEST) From: Dag-Erling Smørgrav <des@ofug.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/51609: [PATCH] use su(1) when installing ports as non-root Message-ID: <20030430003338.20639B80B@dwp.thinksec.com> Resent-Message-ID: <200304300300.h3U30HFM032644@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 51609 >Category: ports >Synopsis: [PATCH] use su(1) when installing ports as non-root >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Apr 29 20:00:16 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Dag-Erling Smørgrav >Release: FreeBSD 5.0-CURRENT i386 >Organization: >Environment: System: FreeBSD dwp.thinksec.com 5.0-CURRENT FreeBSD 5.0-CURRENT #24: Fri Apr 25 15:08:57 CEST 2003 des@dwp.thinksec.com:/usr/src/sys/i386/compile/dwp_smp i386 >Description: Currently, a user building ports will have to su(1) to root to install it. If the port has extract-time or build-time dependencies, they will fail to install as the user does not have the necessary privileges, and she will have to su(1) to root and install them manually before she can proceed with the dependent port. >How-To-Repeat: Try to install any port as an unprivileged user. >Fix: The attached patch uses su(1) to obtain root privileges before performing those parts of the install target which require them. It does this by splitting the _INSTALL_SEQ into _INSTALL_SEQ and _INSTALL_SUSEQ, the latter being a list of subtargets which require root privileges. The core logic has been rearranged so that if such a list exists for the current target, and ${UID} is not 0, it will first run _INSTALL_SEQ normally, then run _INSTALL_SUSEQ in a sub-make started by su(1). Since the run-depends and lib-depends subtargets are in _INSTALL_SEQ and not in _INSTALL_SUSEQ, they will run with user privileges, as one would expect (though of course they will su(1) when necessary to install the dependencies). --- ports_su.diff begins here --- Index: Mk/bsd.port.mk =================================================================== RCS file: /home/pcvs/ports/Mk/bsd.port.mk,v retrieving revision 1.447 diff -u -r1.447 bsd.port.mk --- Mk/bsd.port.mk 19 Apr 2003 22:35:28 -0000 1.447 +++ Mk/bsd.port.mk 30 Apr 2003 00:12:20 -0000 @@ -3059,10 +3059,10 @@ post-build post-build-script _INSTALL_DEP= build _INSTALL_SEQ= install-message check-categories check-already-installed \ - check-umask run-depends lib-depends install-mtree pre-install \ - pre-install-script do-install generate-plist post-install \ - post-install-script compress-man run-ldconfig fake-pkg \ - security-check + run-depends lib-depends +_INSTALL_SUSEQ= check-umask install-mtree pre-install pre-install-script \ + do-install generate-plist post-install post-install-script \ + compress-man run-ldconfig fake-pkg security-check _PACKAGE_DEP= install _PACKAGE_SEQ= package-message pre-package pre-package-script \ do-package post-package-script @@ -3071,7 +3071,7 @@ fetch: ${_FETCH_SEQ} .endif -# Main logick. The loop generates 6 main targets and using cookies +# Main logic. The loop generates 6 main targets and using cookies # ensures that those already completed are skipped. .for target in extract patch configure build install package @@ -3082,12 +3082,25 @@ .if !exists(${${target:U}_COOKIE}) -.if !defined(USE_SUBMAKE) +.if ${UID} != 0 && defined(_${target:U}_SUSEQ) +.if defined(USE_SUBMAKE) +${${target:U}_COOKIE}: ${_${target:U}_DEP} + @cd ${.CURDIR} && ${MAKE} ${__softMAKEFLAGS} ${_${target:U}_SEQ} +.else ${${target:U}_COOKIE}: ${_${target:U}_DEP} ${_${target:U}_SEQ} +.endif + @echo "===> Switching to root credentials for '${target}' target" + @cd ${.CURDIR} && \ + ${SU} root -c "${MAKE} ${__softMAKEFLAGS} ${_${target:U}_SUSEQ}" + @echo "===> Returning to user credentials" @${TOUCH} ${TOUCH_FLAGS} ${.TARGET} -.else +.elif defined(USE_SUBMAKE) ${${target:U}_COOKIE}: ${_${target:U}_DEP} - @cd ${.CURDIR} && ${MAKE} ${__softMAKEFLAGS} ${_${target:U}_SEQ} + @cd ${.CURDIR} && \ + ${MAKE} ${__softMAKEFLAGS} ${_${target:U}_SEQ} ${_${target:U}_SUSEQ} + @${TOUCH} ${TOUCH_FLAGS} ${.TARGET} +.else +${${target:U}_COOKIE}: ${_${target:U}_DEP} ${_${target:U}_SEQ} ${_${target:U}_SUSEQ} @${TOUCH} ${TOUCH_FLAGS} ${.TARGET} .endif --- ports_su.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030430003338.20639B80B>