Mailing List Archive | ports@openbsd.org

From:: Stuart Henderson <stu@spacehopper.org>
Subject:: Re: Running make in ports as a normal user
To:: Walter Alejandro Iglesias <wai@roquesor.com>
Cc:: j@bitminer.ca, Ports <ports@openbsd.org>
Date:: Mon, 10 Nov 2025 13:01:02 +0000

Download raw body.

Thread

2025-11-10 12:43 Stuart Henderson:
Running make in ports as a normal user
- 2025-11-10 12:57 Walter Alejandro Iglesias:
  Running make in ports as a normal user
- - 2025-11-10 13:01 Stuart Henderson:
    Running make in ports as a normal user
  - - 2025-11-10 13:01 Stuart Henderson:
      Running make in ports as a normal user
    - - 2025-11-10 13:17 Walter Alejandro Iglesias:
        Running make in ports as a normal user

keepenv

On 2025/11/10 13:57, Walter Alejandro Iglesias wrote:
> On Mon, Nov 10, 2025 at 12:43:55PM +0000, Stuart Henderson wrote:
> > On 2025/11/10 13:29, Walter Alejandro Iglesias wrote:
> > > On Mon, Nov 10, 2025 at 11:56:25AM +0000, Stuart Henderson wrote:
> > > > doas doesn't work very well with this, and "persist" intentionally does not 
> > > > pass 'upwards'.
> > > > 
> > > > on systems which are mainly setup for ports development I'll use "SUDO=sudo 
> > > > -E".
> > > > 
> > > > on those where I might just build something once in a while I'll allow my 
> > > > own user to run things as _pbuild/_pfetch without adding, and just deal 
> > > > with routing in the password a few times for installs.
> > > 
> > > In my case, for example, when compiling mplayer just now, I had to enter
> > > the password about two hundred times. :-)
> > > 
> > > > 
> > > > permit nopass keepenv sthen as _pfetch
> > > > permit nopass keepenv sthen as _pbuild
> > > 
> > > I've already tried this.  I'll try once more time using "sudo" as you
> > > recommend me.
> 
> With sudo I get this:
> 
>   sudo: sorry, you are not allowed to preserve the environment
> 
> I don't expect you to tell me what to do, I'll figure it out on my own
> someday.
> 
> > > 
> > > > 
> > > > "leave the permissions as they are and work as root" even if you choose to 
> > > > ignore how dangerous this is (you should regard the system as potentially 
> > > > compromised if you do this, and I wouldn't like to assume that building in 
> > > > a guest VM would protect the hypervisor OS either),
> > > 
> > > Could you give me an example of what you mean by "dangerous", please?
> > 
> > You are running at least hundreds of thousands of lines of code, which
> > nobody is looking at all that carefully, as root.
> > 
> > Even just the average autoconf script is 20k lines.
> > 
> > > > some ports will not 
> > > > build (or not build correctly) if done as root.
> > > 
> > > I would also appreciate an example of this, if it's not too much
> > > trouble.
> > 
> > I don't remember.
> > 
> 
> -- 
> Walter
>

2025-11-10 12:43 Stuart Henderson:
Running make in ports as a normal user
- 2025-11-10 12:57 Walter Alejandro Iglesias:
  Running make in ports as a normal user
- - 2025-11-10 13:01 Stuart Henderson:
    Running make in ports as a normal user
  - - 2025-11-10 13:01 Stuart Henderson:
      Running make in ports as a normal user
    - - 2025-11-10 13:17 Walter Alejandro Iglesias:
        Running make in ports as a normal user