On Fri, 01 Sep 2006, César Catrián Carreño wrote:
> When the following variables are set:
> 
> BINPKG_SITES=""
> DEPENDS_TARGET=bin-install
> 
> pkgsrc goes to root for installing the dependent package.
> If that package doesn't exist, tries to build it.
> Nevertheless, it doesn't drop the privileges in this situation.

This is a long-standing problem.  Once again, I offer my patches to
make bin-install become root only for the pkg_add command, not for
the entire build.

--apb (Alan Barrett)

Index: mk/install/bin-install.mk
===================================================================
--- mk/install/bin-install.mk	9 Aug 2006 15:31:01 -0000	1.4
+++ mk/install/bin-install.mk	2 Sep 2006 16:36:31 -0000
@@ -24,7 +24,7 @@
 	ftp://ftp.NetBSD.org/pub/NetBSD/packages/$${rel}/$${arch}
 
 _SU_BIN_INSTALL_TARGETS=	acquire-bin-install-lock
-_SU_BIN_INSTALL_TARGETS+=	locked-su-bin-install
+_SU_BIN_INSTALL_TARGETS+=	locked-su-bin-install-pkgadd
 _SU_BIN_INSTALL_TARGETS+=	release-bin-install-lock
 
 .PHONY: acquire-bin-install-lock release-bin-install-lock
@@ -32,34 +32,44 @@
 release-bin-install-lock: release-localbase-lock
 
 # Install binary pkg, without strict uptodate-check first
-.PHONY: su-bin-install
-su-bin-install: ${_SU_BIN_INSTALL_TARGETS}
+.PHONY: su-bin-install-pkgadd
+su-bin-install-pkgadd: ${_SU_BIN_INSTALL_TARGETS}
 
-locked-su-bin-install:
+locked-su-bin-install-pkgadd:
+	${SETENV} PKG_PATH="$$pkgpath" ${PKG_ADD} ${_BIN_INSTALL_FLAGS} ${PKGNAME_REQD:U${PKGNAME}:Q}${PKG_SUFX}
+
+# bin-install
+
+bin-install:
+	@${PHASE_MSG} "Binary install for "${PKGNAME_REQD:U${PKGNAME}:Q}
 	@found=`${PKG_BEST_EXISTS} \"${PKGWILDCARD}\" || ${TRUE}`;	\
-	if [ "$$found" != "" ]; then					\
+	if [ "$$found" = "${PKGNAME}" ]; then				\
+		: "XXX: APB" ;						\
+		${ECHO_MSG} "${_PKGSRC_IN}> $$found is already installed."; \
+		${SHCOMMENT} "This is not an error.";			\
+	elif [ "$$found" != "" ]; then					\
 		${ERROR_MSG} "$$found is already installed - perhaps an older version?"; \
 		${ERROR_MSG} "If so, you may wish to \`\`pkg_delete $$found'' and install"; \
 		${ERROR_MSG} "this package again by \`\`${MAKE} bin-install'' to upgrade it properly."; \
 		exit 1;							\
 	fi
-	@rel=${_SHORT_UNAME_R:Q};					\
+	rel=${_SHORT_UNAME_R:Q};					\
 	arch=${MACHINE_ARCH:Q};						\
 	pkgpath=${PKGREPOSITORY:Q};					\
 	for i in ${BINPKG_SITES}; do					\
 		pkgpath="$$pkgpath;$$i/All";				\
 	done;								\
+	export pkgpath;							\
 	${STEP_MSG} "Installing ${PKGNAME} from $$pkgpath";		\
-	if ${SETENV} PKG_PATH="$$pkgpath" ${PKG_ADD} ${_BIN_INSTALL_FLAGS} ${PKGNAME_REQD:U${PKGNAME}:Q}${PKG_SUFX}; then \
+	if ${RECURSIVE_MAKE} ${MAKEFLAGS} bin-install-pkgadd ; then \
 		${ECHO} "`${PKG_INFO} -e ${PKGNAME_REQD:U${PKGNAME}:Q}` successfully installed."; \
 	else 				 				\
 		${SHCOMMENT} "Cycle through some FTP server here";	\
 		${STEP_MSG} "No binary package found for ${PKGNAME} -- installing from source"; \
 		${RECURSIVE_MAKE} ${MAKEFLAGS} package			\
 			DEPENDS_TARGET=${DEPENDS_TARGET:Q}		\
-		&& ${RECURSIVE_MAKE} ${MAKEFLAGS} clean;		\
+		&& : ${RECURSIVE_MAKE} ${MAKEFLAGS} clean;		\
 	fi
 
-.PHONY: bin-install
-bin-install: su-target
-	@${PHASE_MSG} "Binary install for "${PKGNAME_REQD:U${PKGNAME}:Q}
+.PHONY: bin-install-pkgadd
+bin-install-pkgadd: su-target