A Plea to Reduce Dependences (e.g., for swig)

Joshua Root jmr at macports.org
Tue Aug 16 17:04:13 PDT 2011


On 2011-8-17 09:46 , M.E. O'Neill wrote:
> Joshua Root wrote:
>> The buildslave uses a MacPorts install with mostly default settings, which means the build phase is run as the 'macports' user.
> 
> I suppose I should junk my much-upgraded MacPorts install and start over if that's the way it's supposed to work, because on my system, despite code that talks about dropping privileges etc., it still aways seems to build things as root unless I take clumsy interventions. (?)

You might just have 'macportsuser root' in your macports.conf.

> Does the install part still run as root?  (That would be a bit dangerous on a buildbot trusted by many.)

It has to in many cases. There's code for running in a chroot, but that
breaks DNS lookups (and probably more) on 10.6+.

Using something along the lines of fakeroot would no doubt be safer;
someone just has to implement it. I don't think there's a security
regression here though, as the portfiles and upstream sources are not
audited in the first place.

- Josh


More information about the macports-dev mailing list