On Mon, Nov 10, 2025 at 11:56:25AM +0000, Stuart Henderson wrote:
> doas doesn't work very well with this, and "persist" intentionally does not 
> pass 'upwards'.
> 
> on systems which are mainly setup for ports development I'll use "SUDO=sudo 
> -E".
> 
> on those where I might just build something once in a while I'll allow my 
> own user to run things as _pbuild/_pfetch without adding, and just deal 
> with routing in the password a few times for installs.

In my case, for example, when compiling mplayer just now, I had to enter
the password about two hundred times. :-)

> 
> permit nopass keepenv sthen as _pfetch
> permit nopass keepenv sthen as _pbuild

I've already tried this.  I'll try once more time using "sudo" as you
recommend me.

> 
> "leave the permissions as they are and work as root" even if you choose to 
> ignore how dangerous this is (you should regard the system as potentially 
> compromised if you do this, and I wouldn't like to assume that building in 
> a guest VM would protect the hypervisor OS either),

Could you give me an example of what you mean by "dangerous", please?

> some ports will not 
> build (or not build correctly) if done as root.

I would also appreciate an example of this, if it's not too much
trouble.


> 
> 
> -- 
>   Sent from a phone, apologies for poor formatting.
> 
> On 10 November 2025 11:40:25 Walter Alejandro Iglesias <wai@roquesor.com> 
> wrote:
> 
> > On Mon, Nov 10, 2025 at 10:52:16AM +0000, Stuart Henderson wrote:
> >> I recommend making /usr/ports a separate filesystem and keep the default
> >> dirs for most things.
> >>
> >> Pointing WRKOBJDIR at a less important fs is a good idea for when the
> >> kernel crashes during a build. Then newfs is a viable and faster cleanup
> >> strategy than fsck.
> >>
> >> Set SUDO and PORTS_PRIVSEP in mk.conf, and run "make fix-permissions" in
> >> the dir for any port to create the dirs and set ownership.
> >
> > I've read man pages, handbooks, also related info in
> > /etc/examples/doas.conf.  Depending on which doc you read, the approach
> > is different.  With each thing I tried, things got more and more
> > entangled, I don't know what commands are called by bsd.ports.mk to
> > install, I added all pkg_* ones to /etc/doas.conf without password for
> > my normal user but running 'make package', doas still asked me for
> > passwords.  I said, "Enough!" when doas asked me the password running
> > make as root. :-)
> >
> > Honestly, the ports system does not seem to be part of OpenBSD.  I stand
> > by what I said last, I won't touching anything, leave the permissions as
> > they are and work as root.
> >
> >>
> >> I think the tars are fixed in 7.8, but why ftp and then cvs to get any
> >> updates, when you could just fetch via cvs anyway?
> >
> > I fetch ports directly with cvs from your server.
> >
> >>
> >> --
> >> Sent from a phone, apologies for poor formatting.
> >>
> >> On 9 November 2025 22:53:28 j@bitminer.ca wrote:
> >>
> >>> Why do it the hard way when you can script it?
> >>>
> >>> cat myports.sh
> >>> ftp https://ftp.openbsd.org/pub/OpenBSD/snapshots/ports.tar.gz
> >>> tar xzpf ports.tar.gz -C /usr
> >>>
> >>> osver=`uname -r`
> >>> mkdir -p /usr/distfiles /usr/obj/ports
> >>> mkdir -p /usr/cache/pub/OpenBSD/$osver/packages/amd64
> >>>
> >>> chown metheuser:metheuser /usr/distfiles
> >>> /usr/cache/pub/OpenBSD/$osver/packages/amd64
> >>> chown metheuser:metheuser /usr/obj/ports
> >>>
> >>> chmod 775 /usr/obj
> >>>
> >>> chown metheuser:metheuser /usr/ports
> >>> chown -R metheuser:metheuser /usr/ports
> >>>
> >>>> /etc/mk.conf
> >>> echo WRKOBJDIR=/usr/obj/ports >> /etc/mk.conf
> >>> echo DISTDIR=/usr/distfiles   >> /etc/mk.conf
> >>> echo PACKAGE_REPOSITORY=/usr/cache/pub/OpenBSD/$osver/packages >>
> >>> /etc/mk.conf
> >>>
> >>>
> >>> At this point metheuser can "cd /usr/ports/math/minisat"
> >>> and "make package" and it will work.
> >>>
> >>> Note that the original tar file creates files with group = wheel so you
> >>> can simplify by adding yourself to wheel.
> >>>
> >>> Note that the tar files are incomplete because tar and you have to
> >>> update with
> >>>
> >>> cd /usr/ports
> >>> cvs -d $YOURMIRROR:/cvs -q up -Pd
> >>>
> >>> where YOURMIRROR is one of the published ones, but probably not one of
> >>> the first two or three.
> >>>
> >>>
> >>> J
> >
> > --
> > Walter
> 

-- 
Walter