Date: Wed, 09 Jan 2008 18:20:39 -0800 From: Doug Barton <dougb@FreeBSD.org> To: freebsd-ports@freebsd.org Subject: Portmaster 2.0-beta2 with SU_CMD available for testing Message-ID: <478580F7.7040809@FreeBSD.org> In-Reply-To: <47819190.4030909@FreeBSD.org> References: <47819190.4030909@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok, the SU_CMD stuff is finally done! This turned out to be a little
tougher than I thought, for reasons I'll explain below. First a bug
report.
Doug Barton wrote:
> This is a long message, so if you want to jump into using the new
> version that's fine, but before you do anything else, please do this:
> cd
> mkdir backup-pkg
> cd backup-pkg
> cp -Rp /var/db/pkg .
> portmaster --check-depends # This is the new version of course
> diff -ur pkg /var/db/pkg > pkg.diff
>
> Then look at the results. The code lets you know if it updates a
> +REQUIRED_BY file or @pkgdep entry, but it also silently deletes
> duplicate pkgdep/DEPORIGIN lines from your +CONTENTS files, so if you
> see something that looks like it's been deleted inappropriately check
> the rewritten +CONTENTS file to see if there is one and only one entry
> left in it. I don't think you will, but if you have any problems with
> this feature, please let me know ASAP.
One person found a small bug, which is that DEPORIGIN names with a +
sign in them caused egrep to ignore them. This is fixed in the new
version. I also did a sweep through all the other port directory names
to see if there were any other potential metacharacter issues and did
not find any.
New Feature
===========
The SU_CMD stuff is now functional, but only for sudo. I initially
tried to do it in such a way as to also support su(1), but they want
things quoted totally differently, and then when I tried to run
actually as root, it choked for different reasons. Fortunately sudo
doesn't have that problem, so for now it is the only method supported.
If you want to try this out, put the following in ~/.portmasterrc:
PM_SU_CMD='/usr/local/bin/sudo' # and optionally:
PM_SU_VERBOSE=yes
The latter enables extra messages that tell you whenever something is
happening that requires superuser privileges. This code makes the
following assumptions:
1. You have the following set to places that the UNprivileged user has
control:
WRKDIRPREFIX usually /usr/ports/category/port/work
DISTDIR usually /usr/ports/distfiles
TMPDIR usually /tmp
2. The following directories are owned by root:
/var/db/pkg
/var/db/port
LOCALBASE usually /usr/local
PACKAGES usually /usr/ports/packages
PKGREPOSITORY usually ${PACKAGES}/All
With those caveats, and obviously assuming that you have sudo
installed, you should be able to do everything as a normal user that
you can as root, with the absolute minimum of privilege escalation. If
you run portmaster as root but have PM_SU_CMD defined, it will be
undefined to avoid potential problems.
This turned out to be a good exercise, since it allowed me to further
tighten a few areas to avoid taking actions unless they really needed
to be taken.
Reworked Feature
================
The "safety" backup feature and the -b backup feature, both of which
affect the installed port at upgrade time, have been totally
restructured. There is now a new directory,
${PACKAGES}/portmaster-backup that these two features write their
packages to. If you're not using -b those packages will be deleted on
a successful installation.
The main advantage to this is that you can now have a backup package
of the "old" version and a -g package of the new one even if they have
the same version number. It also makes post-install cleanup easier as
a byproduct. If you have PKGREPOSITORY set in your environment, but
not PACKAGES, you should set the latter and can probably delete the
former. I plan to add a compatibility shim for users who only have the
former set, but it's not done yet.
Please test this version and let me know! It's very close to what will
be committed as portmaster 2.0.
Enjoy!
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?478580F7.7040809>