macports without root?
Jordan K. Hubbard
jkh at brierdr.com
Sun Oct 15 19:30:42 PDT 2006
I think the points Paul raises are valid, however, and lead back to
the same topic we discuss at least every 3 months here: There should
be a way of flagging ports that need root. In the short-term, those
ports could then at least fail to run in a reasonable way (e.g. with
an error message) if the needs_root procedure detects a non-uid of 0.
In some later incarnation of macports, it could even try to acquire
this privilege on the fly or talk to some sort of privilege-separated
root helper.
Something along the following lines?
needs_root {
post-destroot {
install-user foo
system "rm -f /mach_kernel"
exec reboot
...
}
}
Where we've always gotten hung up in the past is on the notion of "re-
invocation", e.g. what you'd like to effectively be able to do when
you detect that root privs are detected is re-invoke the whole "port
install ..." command as "sudo port installl ...", but as we've already
established (repeatedly), that's just not viable given that you can't
just reinvoke the whole operation and expect things to work properly.
You could, however, potentially invoke another root instance of the
helper and send a serialized copy of everything in the needs_root body
after doing variable expansion on it. The hard part, of course, is
getting the behavior of eval to work such that sub-procs are not
executed but the variables are expanded so that you don't have to
worry (so much) about passing interpreter state across. If the
portfile defines its own procedures and then calls them from the body
then all bets are off, of course, but you could always explicitly
disallow that in needs_root blocks.
Just an idea. I'm sure we'll never implement it. :-)
- Jordan
On Oct 15, 2006, at 6:13 PM, Paul M. Lambert wrote:
> Thanks!
>
> Paul M. Lambert
>
> On Oct 15, 2006, at 18:09, Daniel J. Luke wrote:
>
>> On Oct 15, 2006, at 5:00 PM, Paul M. Lambert wrote:
>>> The apache2 port tries to install a startup item, so I've made a
>>> simple patch to macports to allow a startupitem type of "none"
>>> that just ignores it.
>>
>> This patch should be put into trac (with the base component) so
>> that someone with commit to base/ can review and apply it.
>>
>>> What's the best, most reasonable approach for encouraging portfile
>>> maintainers to accept my patches?
>>
>> Attach the patch to a bug/ticket in trac and assign it to the
>> maintainer. (and make sure to include that the patch enables the
>> port to be installed without being root)
>>
>> --
>> Daniel J. Luke
>> +========================================================+
>> | *---------------- dluke at geeklair.net ----------------* |
>> | *-------------- http://www.geeklair.net -------------* |
>> +========================================================+
>> | Opinions expressed are mine and do not necessarily |
>> | reflect the opinions of my employer. |
>> +========================================================+
>>
>>
>
> _______________________________________________
> macports-dev mailing list
> macports-dev at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo/macports-dev
More information about the macports-dev
mailing list