Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 30 Apr 2003 02:33:38 +0200 (CEST)
From:      Dag-Erling Smørgrav <des@ofug.org>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/51609: [PATCH] use su(1) when installing ports as non-root
Message-ID:  <20030430003338.20639B80B@dwp.thinksec.com>
Resent-Message-ID: <200304300300.h3U30HFM032644@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         51609
>Category:       ports
>Synopsis:       [PATCH] use su(1) when installing ports as non-root
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 29 20:00:16 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Dag-Erling Smørgrav
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD dwp.thinksec.com 5.0-CURRENT FreeBSD 5.0-CURRENT #24: Fri Apr 25 15:08:57 CEST 2003 des@dwp.thinksec.com:/usr/src/sys/i386/compile/dwp_smp i386

>Description:

Currently, a user building ports will have to su(1) to root to install it.
If the port has extract-time or build-time dependencies, they will fail to
install as the user does not have the necessary privileges, and she will
have to su(1) to root and install them manually before she can proceed with
the dependent port.

>How-To-Repeat:

Try to install any port as an unprivileged user.

>Fix:

The attached patch uses su(1) to obtain root privileges before performing
those parts of the install target which require them.  It does this by
splitting the _INSTALL_SEQ into _INSTALL_SEQ and _INSTALL_SUSEQ, the latter
being a list of subtargets which require root privileges.  The core logic
has been rearranged so that if such a list exists for the current target,
and ${UID} is not 0, it will first run _INSTALL_SEQ normally, then run
_INSTALL_SUSEQ in a sub-make started by su(1).

Since the run-depends and lib-depends subtargets are in _INSTALL_SEQ and
not in _INSTALL_SUSEQ, they will run with user privileges, as one would
expect (though of course they will su(1) when necessary to install the
dependencies).

--- ports_su.diff begins here ---
Index: Mk/bsd.port.mk
===================================================================
RCS file: /home/pcvs/ports/Mk/bsd.port.mk,v
retrieving revision 1.447
diff -u -r1.447 bsd.port.mk
--- Mk/bsd.port.mk	19 Apr 2003 22:35:28 -0000	1.447
+++ Mk/bsd.port.mk	30 Apr 2003 00:12:20 -0000
@@ -3059,10 +3059,10 @@
 				post-build post-build-script
 _INSTALL_DEP=	build
 _INSTALL_SEQ=	install-message check-categories check-already-installed \
-				check-umask run-depends lib-depends install-mtree pre-install \
-				pre-install-script do-install generate-plist post-install \
-				post-install-script compress-man run-ldconfig fake-pkg \
-				security-check
+				run-depends lib-depends
+_INSTALL_SUSEQ=	check-umask install-mtree pre-install pre-install-script \
+				do-install generate-plist post-install post-install-script \
+				compress-man run-ldconfig fake-pkg security-check
 _PACKAGE_DEP=	install
 _PACKAGE_SEQ=	package-message pre-package pre-package-script \
 				do-package post-package-script
@@ -3071,7 +3071,7 @@
 fetch: ${_FETCH_SEQ}
 .endif
 
-# Main logick. The loop generates 6 main targets and using cookies
+# Main logic. The loop generates 6 main targets and using cookies
 # ensures that those already completed are skipped.
 
 .for target in extract patch configure build install package
@@ -3082,12 +3082,25 @@
 
 .if !exists(${${target:U}_COOKIE})
 
-.if !defined(USE_SUBMAKE)
+.if ${UID} != 0 && defined(_${target:U}_SUSEQ)
+.if defined(USE_SUBMAKE)
+${${target:U}_COOKIE}: ${_${target:U}_DEP}
+	@cd ${.CURDIR} && ${MAKE} ${__softMAKEFLAGS} ${_${target:U}_SEQ}
+.else
 ${${target:U}_COOKIE}: ${_${target:U}_DEP} ${_${target:U}_SEQ}
+.endif
+	@echo "===>  Switching to root credentials for '${target}' target"
+	@cd ${.CURDIR} && \
+		${SU} root -c "${MAKE} ${__softMAKEFLAGS} ${_${target:U}_SUSEQ}"
+	@echo "===>  Returning to user credentials"
 	@${TOUCH} ${TOUCH_FLAGS} ${.TARGET}
-.else
+.elif defined(USE_SUBMAKE)
 ${${target:U}_COOKIE}: ${_${target:U}_DEP}
-	@cd ${.CURDIR} && ${MAKE} ${__softMAKEFLAGS} ${_${target:U}_SEQ}
+	@cd ${.CURDIR} && \
+		${MAKE} ${__softMAKEFLAGS} ${_${target:U}_SEQ} ${_${target:U}_SUSEQ}
+	@${TOUCH} ${TOUCH_FLAGS} ${.TARGET}
+.else
+${${target:U}_COOKIE}: ${_${target:U}_DEP} ${_${target:U}_SEQ} ${_${target:U}_SUSEQ}
 	@${TOUCH} ${TOUCH_FLAGS} ${.TARGET}
 .endif
 
--- ports_su.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030430003338.20639B80B>