makepkg support for running as root.

theonlylawislove · 2018-01-08 03:39:29

I get why it was disabled. You don't want random PKGBUILDs to run on your machine and cause havoc.

However, this leaves me in a weird place when installing Arch via scripts.

Everything is run as root. Only after the machine is finally booted, will the end user add a normal non-root user.

The base image contains some AUR packages.

As it stands, I have to create a temporary user, su to run makepkg, and when install script it completed, delete the temporary user. I don't like doing that. So ugly, that during install, I patch the makepkg script to remove the requirement for root (https://github.com/pauldotknopf/darch-i … epkg.patch).

What do you guys think about having an environment variable that can override the root check, and if running as root, output a "WARNING" text?

Otherwise, I have to create a temporary user, or patch the makepkg script.

fsckd · 2018-01-08 03:56:17

Run makepkg as the user "nobody".

theonlylawislove · 2018-01-08 04:42:40

Good idea.

This brings up another issue though.

Let's say I have manually ran makepkg for trizen, to install other packages from the aur.

trizen will prompt for sudo password when doing the installation, allowing you to run the command as a normal user.

For this two work, I need to run trizen as "nobody", but then it will attempt to access sudo. This is a scripted install, so I would have to give sudo access to nobody with nopasswd to work seamlessly with trizen. Giving a user "nobody" sudo access def not a good idea, so there doesn't seem to be a clean way to work with trizen.

So, for me to work with trizen (or any AUR helper), I'd have to do something like:

su nobody -c "trizen -S  some-package --noinstall"
cd /.cache/trizen/some-package && makepkg -i

I'd have to be aware of the dependencies that "some-package" needs from AUR, and be sure to also makepkg -i them as well.

I suppose this method is better than patching makepkg to support root.

Last edited by theonlylawislove (2018-01-08 04:43:26)

fsckd · 2018-01-08 04:54:23

pacman -U *.pkg.tar.*

theonlylawislove · 2018-01-08 05:34:36

That doesn't take care of dependency order though, correct?

eschwartz · 2018-01-08 07:18:24

theonlylawislove wrote:

What do you guys think about having an environment variable that can override the root check, and if running as root, output a "WARNING" text?
Otherwise, I have to create a temporary user, or patch the makepkg script.

Right, we *used* to have that and it was called --asroot.

...

If you are doing a scripted install, I see no reason why you should be afraid of giving the "nobody" user access to pacman via NOPASSWD.

Of course, you could also use our official makechrootpkg tool for building packages in a clean chroot, which automates all of this and comes with wrapper flags for e.g. installing dependency packages into the chroot.

aurutils is an AUR helper with seamless native understanding of makechrootpkg.

ayekat · 2018-01-08 07:19:30

pacman takes care of dependency order when installing packages.

But if it can't find the required packages in any repository, it will fail, yes. It is up to you to build and install the missing packages beforehand in such a case (tip: use --asdeps, to keep things sane).

--edit: oops, ninja'd

Last edited by ayekat (2018-01-08 07:19:45)

Slithery · 2018-01-08 10:29:04

You could create a custom repo with all of the AUR packages you want to install.

es20490446e · 2019-01-16 16:07:43

makepkg could automatically detect if it's being run as superuser, and if that was the case spawn a new instance as a non privileged user. Then do its operation.

This way running makepkg or its dependent tools would work safely independently if they are run as root or not. This would save a lot of pain when using these commands along with more complex operations, like scripts or pipes.

eschwartz · 2019-01-16 16:21:20

es20490446e wrote:

makepkg could automatically detect if it's being run as superuser, and if that was the case spawn a new instance as a non privileged user. Then do its operation.

Which user that may or may not exist on any of the various Linux distributions that pacman supports?

How do we know which user has write permissions for the working directory and/or SRCDEST, PKGDEST, BUILDDIR, etc?

This way running makepkg or its dependent tools would work safely independently if they are run as root or not. This would save a lot of pain when using these commands along with more complex operations, like scripts or pipes.

How exactly is this superior to just using `runuser -u $nonprivilegeduser makepkg` within the script or pipe you're referring to, which is something you can actually control? Why does this trivial-yet-site-specific functionality need to be in makepkg? How would you reliably set SRCDIR, PKGDEST, BUILDDIR, etc. such that the site-specific user has site-specific directories it can write to?

How do you handle -s and -r if makepkg is re-executing as the common "nobody" user that has no permissions, including the lack of permissions represented by sudo?

Because guess what -- I'm fairly sure none of this is ever going to be in makepkg. It is extraordinarily easy to do properly in your script, and much, much, much harder to do in makepkg itself for something that we explicitly refused to support in the first place.

bluetechgirl · 2019-01-16 23:40:43

During the install why can't you just make your main user (the one you plan on actually using) and using that account for the build. You do not have to wait until after the install to add it. I do that when installing aur packages during the install. For example after I make my user and installed and set up sudo:

sudo -u [my username] makepkg -si

theonlylawislove wrote:

However, this leaves me in a weird place when installing Arch via scripts.

This is unsupported and not recommended. If this is your own script that you wrote, there is no reason you cannot modify it to add your main user during the install versus after. If this isn't your script I would suggest you stop using it.

WorMzy · 2019-01-16 23:52:13

Please don't necrobump, es20490446e.

Closing.

Arch Linux

#1 2018-01-08 03:39:29

makepkg support for running as root.

#2 2018-01-08 03:56:17

Re: makepkg support for running as root.

#3 2018-01-08 04:42:40

Re: makepkg support for running as root.

#4 2018-01-08 04:54:23

Re: makepkg support for running as root.

#5 2018-01-08 05:34:36

Re: makepkg support for running as root.

#6 2018-01-08 07:18:24

Re: makepkg support for running as root.

#7 2018-01-08 07:19:30

Re: makepkg support for running as root.

#8 2018-01-08 10:29:04

Re: makepkg support for running as root.

#9 2019-01-16 16:07:43

Re: makepkg support for running as root.

#10 2019-01-16 16:21:20

Re: makepkg support for running as root.

#11 2019-01-16 23:40:43

Re: makepkg support for running as root.

#12 2019-01-16 23:52:13

Re: makepkg support for running as root.

Board footer