macports without root?

Jordan K. Hubbard jkh at brierdr.com
Sun Oct 15 19:30:42 PDT 2006 

I think the points Paul raises are valid, however, and lead back to  
the same topic we discuss at least every 3 months here:  There should  
be a way of flagging ports that need root.  In the short-term, those  
ports could then at least fail to run in a reasonable way (e.g. with  
an error message) if the needs_root procedure detects a non-uid of 0.   
In some later incarnation of macports, it could even try to acquire  
this privilege on the fly or talk to some sort of privilege-separated  
root helper.

Something along the following lines?

needs_root {
	post-destroot {
		install-user foo
		system "rm -f /mach_kernel"
		exec reboot
		...
	}
}

Where we've always gotten hung up in the past is on the notion of "re- 
invocation", e.g. what you'd like to effectively be able to do when  
you detect that root privs are detected is re-invoke the whole "port  
install ..." command as "sudo port installl ...", but as we've already  
established (repeatedly), that's just not viable given that you can't  
just reinvoke the whole operation and expect things to work properly.   
You could, however, potentially invoke another root instance of the  
helper and send a serialized copy of everything in the needs_root body  
after doing variable expansion on it.  The hard part, of course, is  
getting the behavior of eval to work such that sub-procs are not  
executed but the variables are expanded so that you don't have to  
worry (so much) about passing interpreter state across.  If the  
portfile defines its own procedures and then calls them from the body  
then all bets are off, of course, but you could always explicitly  
disallow that in needs_root blocks.

Just an idea.  I'm sure we'll never implement it. :-)

- Jordan

On Oct 15, 2006, at 6:13 PM, Paul M. Lambert wrote:

> Thanks!
>
> Paul M. Lambert
>
> On Oct 15, 2006, at 18:09, Daniel J. Luke wrote:
>
>> On Oct 15, 2006, at 5:00 PM, Paul M. Lambert wrote:
>>> The apache2 port tries to install a startup item, so I've made a  
>>> simple patch to macports to allow a startupitem type of "none"  
>>> that just ignores it.
>>
>> This patch should be put into trac (with the base component) so  
>> that someone with commit to base/ can review and apply it.
>>
>>> What's the best, most reasonable approach for encouraging portfile  
>>> maintainers to accept my patches?
>>
>> Attach the patch to a bug/ticket in trac and assign it to the  
>> maintainer. (and make sure to include that the patch enables the  
>> port to be installed without being root)
>>
>> --
>> Daniel J. Luke
>> +========================================================+
>> | *---------------- dluke at geeklair.net ----------------* |
>> | *-------------- http://www.geeklair.net -------------* |
>> +========================================================+
>> |   Opinions expressed are mine and do not necessarily   |
>> |          reflect the opinions of my employer.          |
>> +========================================================+
>>
>>
>
> _______________________________________________
> macports-dev mailing list
> macports-dev at lists.macosforge.org
> http://lists.macosforge.org/mailman/listinfo/macports-dev

More information about the macports-dev mailing list