diff --git a/contrib/paccache.sh.in b/contrib/paccache.sh.in
index c331273..0eba69c 100644
--- a/contrib/paccache.sh.in
+++ b/contrib/paccache.sh.in
@@ -308,9 +308,9 @@ totalsaved=$(@SIZECMD@ "${candidates[@]}" | awk '{ sum += $1 } END { print sum }
# crush. kill. destroy.
(( verbose )) && cmdopts+=(-v)
if (( delete )); then
- printf '%s\0' "${candidates[@]}" | runcmd xargs -0 rm "${cmdopts[@]}"
+ runcmd xargs -a <(printf '%s\0' "${candidates[@]}") rm "${cmdopts[@]}"
elif (( move )); then
- printf '%s\0' "${candidates[@]}" | runcmd xargs -0 mv "${cmdopts[@]}" -t "$movedir"
+ runcmd xargs -a <(printf '%s\0' "${candidates[@]}") mv "${cmdopts[@]}" -t "$movedir"
fi
summarize "$pkgcount" "${candidates[@]}"
and I found that xargs is missing the option "-0", so the patch should be
diff --git a/contrib/paccache.sh.in b/contrib/paccache.sh.in
index c331273..0eba69c 100644
--- a/contrib/paccache.sh.in
+++ b/contrib/paccache.sh.in
@@ -308,9 +308,9 @@ totalsaved=$(@SIZECMD@ "${candidates[@]}" | awk '{ sum += $1 } END { print sum }
# crush. kill. destroy.
(( verbose )) && cmdopts+=(-v)
if (( delete )); then
- printf '%s\0' "${candidates[@]}" | runcmd xargs -0 rm "${cmdopts[@]}"
+ runcmd xargs -0a <(printf '%s\0' "${candidates[@]}") rm "${cmdopts[@]}"
elif (( move )); then
- printf '%s\0' "${candidates[@]}" | runcmd xargs -0 mv "${cmdopts[@]}" -t "$movedir"
+ runcmd xargs -0a <(printf '%s\0' "${candidates[@]}") mv "${cmdopts[@]}" -t "$movedir"
fi
summarize "$pkgcount" "${candidates[@]}"
Greetings
]]>KaiSforza wrote:falconindy wrote:But makepkg doing this is fine?
but it's there for convenience and security.
And here it is again for convenience. Unlike makepkg, paccache isn't going to stop you from running it directly as root if that's what you really want.
The point of makepkg's convenience is for security (yes, you can run as root fully, but it's a bad idea). Trying to make it convenient for paccache is just trying to save a few keystrokes.
]]>falconindy wrote:But makepkg doing this is fine?
but it's there for convenience and security.
And here it is again for convenience. Unlike makepkg, paccache isn't going to stop you from running it directly as root if that's what you really want.
]]>But makepkg doing this is fine?
makepkg does that for a reason. You could do everything in a fakeroot (besides -i, I guess), install all of the dependencies you need there, etc., but it's there for convenience and security.
Doing this in paccache seems to be unneeded. Yes, it makes it minimally more convenient, but what in paccache is going to be insecure when run directly as root? Is there any real reason to only do this for that single part, and not for the whole thing? I see nothing in paccache besides the removal/moving of packages that could be potentially destructive.
]]>I don't think that runcmd should even escelate to root. It just seems like a generally bad idea to me. Make the user run it as
sudo paccache ...
or
su -c "paccache..."
I don't think this should even be taken care of in paccache, but instead by the user or script calling paccache.
But makepkg doing this is fine?
]]>sudo paccache ...
or
su -c "paccache..."
I don't think this should even be taken care of in paccache, but instead by the user or script calling paccache.
]]>Ah, I forgot that part of it. With that change (pipe and xargs), I do replicate the problem you describe: my password is echoed to the screen, and nothing happens after it is entered.
I don't know if it'd be a suitable long-term solution, but you could rewrite that xargs line to just be a call to runcmd.
Which would essentially revert the patch that he linked to and reintroduce the same problem it fixed.
It seems xargs hasn't changed in a while (27 Jan here), so perhaps there was a revision in paccache that lead to this.
See above...
Regardless, this won't be fixed without a bug report. Not sure why you can't use just sudo instead. It's a far better tool than su for a huge number of reasons.
edit: just an idea...
diff --git a/contrib/paccache.sh.in b/contrib/paccache.sh.in
index c331273..0eba69c 100644
--- a/contrib/paccache.sh.in
+++ b/contrib/paccache.sh.in
@@ -308,9 +308,9 @@ totalsaved=$(@SIZECMD@ "${candidates[@]}" | awk '{ sum += $1 } END { print sum }
# crush. kill. destroy.
(( verbose )) && cmdopts+=(-v)
if (( delete )); then
- printf '%s\0' "${candidates[@]}" | runcmd xargs -0 rm "${cmdopts[@]}"
+ runcmd xargs -a <(printf '%s\0' "${candidates[@]}") rm "${cmdopts[@]}"
elif (( move )); then
- printf '%s\0' "${candidates[@]}" | runcmd xargs -0 mv "${cmdopts[@]}" -t "$movedir"
+ runcmd xargs -a <(printf '%s\0' "${candidates[@]}") mv "${cmdopts[@]}" -t "$movedir"
fi
summarize "$pkgcount" "${candidates[@]}"
This means that stdin won't be redirected from /dev/null and it should preserve the terminal for su. This really should be fixed in su so that it opens /dev/tty explicitly for input when stdin isn't a terminal. The behavior is easily shown with:
$ </dev/null su root -c bash
I don't know if it'd be a suitable long-term solution, but you could rewrite that xargs line to just be a call to runcmd.
It seems xargs hasn't changed in a while (27 Jan here), so perhaps there was a revision in paccache that lead to this.
]]>#!/bin/bash
run() {
printf '%s ' 'root'
su -c "$(printf '%s ' "$@")"
}
echo "/etc/pacman.conf\0" | run xargs -0 nano
Since this is specific to paccache, I can't replicate or fail to replicate it - but until another paccache user comes in, I'd suggest tinkering with that su line. I tried the following "unit test" and it worked as expected:
#!/bin/bash
function run() {
printf '%s ' 'root'
su -c "$(printf '%s ' "$@")"
}
run vim /etc/pacman.conf
You could try something similar to see if there is something wrong with that invocation of su, or if the problem lies elsewhere.
If the problem lies elsewhere, and I had to hunt it down, I'd look for any input/output redirection that came before those lines.
]]>the deletion command is run as
printf '%s\0' "${candidates[@]}" | runcmd xargs -0 rm "${cmdopts[@]}"
and uses the function runcmd which is defined as
runcmd() {
if (( needsroot && EUID != 0 )); then
msg "Privilege escalation required"
if sudo -v &>/dev/null && sudo -l &>/dev/null; then
sudo "$@"
else
printf '%s ' 'root'
su -c "$(printf '%q ' "$@")"
fi
else
"$@"
fi
}
cmdopts may contain "-f" and/or "-v" and candidates is the list of files that should be deleted. I am not sure about the effects of all the quoting and printf calls.
]]>i am using paccache to clear old package archives. I don't have sudo installed, so paccache uses su -c for privilege escalation. Since the upgrade to pacman 4.1 this doesn't work anymore. I can't properly type in my root passwort, because (a) it is printed to the screen and (b) won't be accepted by su anyway, because (i think) the keystrokes are not passed to the su command properly.
I have looked at the code but found no explanation. Is anyone having the same problem?
Greetings
]]>