From: Stuart Henderson Subject: Re: roadmap for more privsep in pkgland To: ports@openbsd.org Date: Fri, 16 Aug 2024 11:16:51 +0100 On 2024/08/15 18:33, Marc Espie wrote: > Enter @extraglob > ---------------- > > basically: stuff like @extraglob /var/tomcat/conf/ > will remove the tomcat dir with everything inside it > > or stuff like > @extraglob /var/db/gconf/gconf.xml.defaults/ It would be really nice to have a way to do this / @extra without triggering "you should also remove X" during (some?) package updates. I stopped using @extra and friends in most of my ports becausesometimes people (understandably) believe that they should follow those messages and end up removing important files. > Enter ownership > --------------- > The idea is to be able to annotate @extraglob, @tag, @exec*, @unexec* > with owner=... group=... annotations (optional and prepended) > > For any keyword that runs anything, that keyword would be run as the > user/group indicated (note that by this point, all @owner/@group > annotations have been handled, so the users do exist) > AND for @extraglob stuff, the ownership would have been adjusted > > so say you have a tag that generates > @extraglob somefile.tag > > with those annotations, on installation/update, the tag is given the > right ownership, and when @tag * at-end triggers, the command is > run with the right owner -> correct privsep. > > Plan for deployment: > - @extraglob is already recognized and won't cause any issue > - pkg_add changes first, so that rm -> extraglob can happen later in packages > - extraglob in packages... if the tools are not there yet, you may end with > remnant files on your installation after deleting stuff > - ownership for remaining tags/exec/unexec/extraglobs > > - assessing the few @exec/@unexec that remain. That sounds sensible.