Could you test the attached pkgmk?

Patch attached.

frinnst, I've attached the program instead of a patch thinking that the most interested person, Erich, will find time to test it.

Thanks, fun.

However, now it's a little too liberate:

- check_file should test if it can create a file if it does not exist yet (this bug seems to have been hidden until now)
- and I was wrong regarding "-uf": it does a touch on the package, so it needs write permission on this file

As I can tell from the code, the touch is not really needed, since "build_needed()" only looks at the date of source files (not .footprint, .md5sum, .signature) and I can't imagine a different reason to touch the package after changing the footprint.

The attached patch should take care of both points, too.

Erich, in case you still need this fix, you can have it without patching /usr/bin/pkgmk, but /etc/pkgmk.conf

https://github.com/therealfun/crux-ports/blob/master/pkgmk.conf/FS1382.orig

thanks, fun

I'll give it a try, when I have some time.
Currently I'm using the patch I posted for pkgmk

cheers,
Erich

@CRUX devs: Any opinions on this one?

I support the proposed changes. Because pkgmk has had at least one major feature addition since this ticket was first posted, the line numbers and surrounding context in Erich's patch are no longer accurate (see attachment for a patch that applies to today's pkgmk).

I think it's instructive to compare this ticket with a similar request to loosen the permissions test in /usr/bin/ports ( FS#1852 ). In that discussion I raised the point that /usr/bin/ports only considers the test `id -u` = 0 when performing a sync of the ports tree (--update); it skips the test when another operation (--list or --diff) is requested. The present ticket is asking for pkgmk to apply a similar distinction among its modes of operation, rather than doing a one-size-fits-all permissions test before proceeding with the requested action.

Testing `id -u` = 0 in /usr/bin/ports was regarded by stenur as too restrictive, because a common use-case is to have the ports tree writable by a non-root user. stenur would have preferred to eliminate the test entirely, but then the update might fail when encountering a subdirectory with no write permissions. stenur could have offered the more modest proposal of replacing `id -u` = 0 with a test of the file and directory permissions, but such a test would entail too much recursion into the ports tree. In fact, ports -u cannot know in advance how many directories and files it might need to touch; this number depends on the active syncfiles /etc/ports/*.{httpup,git,rsync} and so it was deemed simpler to restrict the update operation to the root user.

In contrast to ports -u, the number of directories to which the pkgmk user might need write access is always the same and can be enumerated before sourcing any files:
1. the port directory where pkgmk is called (if the footprint or signature is being updated)
2. the directory where sources are downloaded
3a. the directory where sources are extracted and the build occurs
3b. the DESTDIR of the `make install` command or its cmake/meson equivalent
4. the directory where the built package is saved
After sourcing pkgmk.conf and the Pkgfile, the real path of these directories is known, and pkgmk can test permissions for only those directories affected by the requested action (as demonstrated by Erich's patch). This improvement would reduce the incentive to implement clumsy workarounds when building ports as a non-root user, thereby achieving for /usr/bin/pkgmk what  FS#1852  wanted to achieve for /usr/bin/ports.