• Status New
  • Percent Complete
  • Task Type Improvement
  • Category ports → core/opt
  • Assigned To
  • Operating System CRUX
  • Severity Low
  • Priority Very Low
  • Reported Version 3.2
  • Due in Version Undecided
  • Due Date Undecided
  • Votes 1
    • fun (14.04.2017)
  • Private
Attached to Project: CRUX
Opened by deepthought - 26.02.2017
Last edited by tb - 09.09.2023

FS#1382 - pkgmk checks of directory permissions are too strict

The checks of directory permissions of pkgmk are too strict.

what I've stumbled upon so far:
-uf -um -us only need read permission on source directory and write permission on port directory
-rs only needs write permission on port directory
-do needs write permission on source directory and read permission on port directory

regards, deepthought

P.S. The user building my own ports is not the one who owns the ports tree. So I have to "pkgmk -uf", "pkgmk -um" and "pkgmk -us" as root and chown the files afterwards.

fun commented on 28.02.2017 04:26

Could you test the attached pkgmk?

   pkgmk (21.3 KiB)
fun commented on 28.02.2017 11:39

Patch attached.

fun commented on 28.02.2017 16:44

frinnst, I've attached the program instead of a patch thinking that the most interested person, Erich, will find time to test it.

Thanks, fun.

However, now it's a little too liberate:

- check_file should test if it can create a file if it does not exist yet (this bug seems to have been hidden until now)
- and I was wrong regarding "-uf": it does a touch on the package, so it needs write permission on this file

As I can tell from the code, the touch is not really needed, since "build_needed()" only looks at the date of source files (not .footprint, .md5sum, .signature) and I can't imagine a different reason to touch the package after changing the footprint.

The attached patch should take care of both points, too.

fun commented on 17.05.2017 20:41

Erich, in case you still need this fix, you can have it without patching /usr/bin/pkgmk, but /etc/pkgmk.conf


thanks, fun

I'll give it a try, when I have some time.
Currently I'm using the patch I posted for pkgmk


tb commented on 09.09.2023 12:41

@CRUX devs: Any opinions on this one?

I support the proposed changes. Because pkgmk has had at least one major feature addition since this ticket was first posted, the line numbers and surrounding context in Erich's patch are no longer accurate (see attachment for a patch that applies to today's pkgmk).

I think it's instructive to compare this ticket with a similar request to loosen the permissions test in /usr/bin/ports ( FS#1852 ). In that discussion I raised the point that /usr/bin/ports only considers the test `id -u` = 0 when performing a sync of the ports tree (--update); it skips the test when another operation (--list or --diff) is requested. The present ticket is asking for pkgmk to apply a similar distinction among its modes of operation, rather than doing a one-size-fits-all permissions test before proceeding with the requested action.

Testing `id -u` = 0 in /usr/bin/ports was regarded by stenur as too restrictive, because a common use-case is to have the ports tree writable by a non-root user. stenur would have preferred to eliminate the test entirely, but then the update might fail when encountering a subdirectory with no write permissions. stenur could have offered the more modest proposal of replacing `id -u` = 0 with a test of the file and directory permissions, but such a test would entail too much recursion into the ports tree. In fact, ports -u cannot know in advance how many directories and files it might need to touch; this number depends on the active syncfiles /etc/ports/*.{httpup,git,rsync} and so it was deemed simpler to restrict the update operation to the root user.

In contrast to ports -u, the number of directories to which the pkgmk user might need write access is always the same and can be enumerated before sourcing any files:
1. the port directory where pkgmk is called (if the footprint or signature is being updated)
2. the directory where sources are downloaded
3a. the directory where sources are extracted and the build occurs
3b. the DESTDIR of the `make install` command or its cmake/meson equivalent
4. the directory where the built package is saved
After sourcing pkgmk.conf and the Pkgfile, the real path of these directories is known, and pkgmk can test permissions for only those directories affected by the requested action (as demonstrated by Erich's patch). This improvement would reduce the incentive to implement clumsy workarounds when building ports as a non-root user, thereby achieving for /usr/bin/pkgmk what  FS#1852  wanted to achieve for /usr/bin/ports.


Available keyboard shortcuts


Task Details

Task Editing