You are not logged in.
I am having trouble building https://aur.archlinux.org/packages/cockpit-file-sharing. My build user is limited on what commands it can call with sudo because of this security vulnerability: https://gitlab.archlinux.org/archlinux/ … 0e05308965
The cockpit-file-sharing AUR package calls `sudo make install RESTART_COCKPIT=1` which seems fishy to me. When I remove the sudo part, it crashes. I cannot understand the make file (https://github.com/45Drives/cockpit-fil … n/Makefile) well enough to understand where it crashes or why it needs root permissions.
Is this AUR package safe to build on a remote machine and then copy and install the package on a different machine?
Last edited by daniel_shub (2024-05-09 19:57:12)
Offline
Using sudo in a PKGBUILD is completely and totally wrong. Generally it's used to install things into the actual filesystem instead of staging them in $pkgdir, which means they're now untracked and the package isn't valid.
With a valid package, yes, building on one machine and installing on another is safe and normal. That's what's done with all packages in the repos.
Online
Thanks. That is what I thought, but wanted some confirmation before leaving a comment on the package page.
Offline
This is what it tries but fails to do without the use of sudo
==> Starting package()...
cp -af system_files/* /
Installing file-sharing
Creating install directory
mkdir -p /usr/share/cockpit/file-sharing
cp: cannot stat 'system_files/*'mkdir: : No such file or directory cannot create directory ‘/usr/share/cockpit/file-sharing’
: Permission denied
make: [Makefile:124: system-files-install] Error 1 (ignored)
make: *** [Makefile:104: plugin-install-file-sharing] Error 1
==> ERROR: A failure occurred in package().
Offline
That's what happens when make tries to install into /usr instead of $pkgdir/usr.
I believe the make call should be replaced with:
make DESTDIR="$pkgdir" install
Restarting the service after update should probably be left to the user. If it really needs to be done automatically, I'd say the relevant systemctl calls should be placed in the 'install' file.
Offline
If it really needs to be done automatically, I'd say the relevant systemctl calls should be placed in the 'install' file.
That can easily end up with an install script that does everything for the user the maintainer thinks should be done such as https://aur.archlinux.org/cgit/aur.git/ … ll?h=aegir
Last edited by loqs (2024-05-08 18:41:18)
Offline
@stanczew and @loqs thanks. I kindda threw up my hands and walked away when it would not build without sudo. The make file is not that complicated and seeing the error and the fix made me realize I could have provided a more helpful comment to the maintainer. Hopefully, they will update the package soon. I also saw someone make a comment on the makechrootpkg bug, so hopefully that will get resolved also.
As always, thank you everyone for your patience and help.
Offline