tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: DESTDIR=full?



> On Wed, Apr 02, 2008 at 09:14:21PM +0300, Aleksey Cheusov wrote:
 >> This is how I see it and I expect DESTDIR=full means FULLY unprivilegged
 >> building. But this doesn't work because real-package-install target
 >> uses su-real-package-install which in turn tries to use SU_CMD.

> Sure, the building itself is fully unprivileged. But how could it
> *install* the package without being root? So it builds the package and
> installs it via pkg_add as root, otherwise it couldn't write to
> /usr/pkg...
Packages mentioned in BUILD_DEPENDS do not need to be installed as
root and do not need s[ug]id permission or special ownerships. So,
/usr/pkg made for bulk builds (not for actual work, of course) can
be 'chown -R pkgsrc /usr/pkg' before building bootstrap tarball.  This
(+ METALOG) gives a way to to run bulk builds in *FULLY* unprivileged
mode.

Though, METALOG and removing PKG_DESTDIR_SUPPORT is more important.

 >> It is ok if not all things are implemented yet (what exactly things
 >> are missed).  But what PKG_DESTDIR_SUPPORT variable is for?  Why
 >> should it be settable from package's Makefile?  The approach described
 >> above (METALOG) doesn't need anything like this.

> (a) METALOG is not portable as most install programs don't have the
> backend.
BSD install + chmod + chown is enough. It is easy to write a wrapper
for them that should create METALOG instead of setting actual
permission and ownerships just like build.sh does.

> (b) You would have to change all programs to not use cp, pax and random
> other tools for installing. Installation would also fail for anything
> doing direct system calls (e.g. from python interpreters).
This is not a problem at all, because many programs do not use
DESTDIR variable too. So, all these packages should be patched
either for supporting DESTDIR variable of for using BSD install.

For packages that use unusual tools for installation such as tar, pax,
something python|ruby|...-based an installation can be made in
do-install target, i.e. by packager.

Anyway using PKG_DESTDIR_SUPPORT variable is REALLY UGLY approach and
IMHO USE_DESTDIR=full in its current form looks like USE_DESTDIR=fake :(
If it needs root privileges for installation
it should NOT be named as FULL. It doesn't give any advantages
over normal unprivileged building with SU_CMD set.

P.S
Either of the following should be fixed:
 - pkgsrc.txt
  * Full DESTDIR support can run the complete build, installation and packaging
    as normal user. Root privileges are only needed to add packages.
 - help/destdir.help:
  # PKG_DESTDIR_SUPPORT
    ...
  #       * "destdir" means that some of the installed files need special
  #         ownership or permissions. The installation is done by the
  #         privileged user.

-- 
Best regards, Aleksey Cheusov.


Home | Main Index | Thread Index | Old Index