From: Stuart Henderson Subject: Re: Running make in ports as a normal user To: Walter Alejandro Iglesias Cc: , Ports Date: Mon, 10 Nov 2025 11:56:25 +0000 doas doesn't work very well with this, and "persist" intentionally does not pass 'upwards'. on systems which are mainly setup for ports development I'll use "SUDO=sudo -E". on those where I might just build something once in a while I'll allow my own user to run things as _pbuild/_pfetch without adding, and just deal with routing in the password a few times for installs. permit nopass keepenv sthen as _pfetch permit nopass keepenv sthen as _pbuild "leave the permissions as they are and work as root" even if you choose to ignore how dangerous this is (you should regard the system as potentially compromised if you do this, and I wouldn't like to assume that building in a guest VM would protect the hypervisor OS either), some ports will not build (or not build correctly) if done as root. -- Sent from a phone, apologies for poor formatting. On 10 November 2025 11:40:25 Walter Alejandro Iglesias wrote: > On Mon, Nov 10, 2025 at 10:52:16AM +0000, Stuart Henderson wrote: >> I recommend making /usr/ports a separate filesystem and keep the default >> dirs for most things. >> >> Pointing WRKOBJDIR at a less important fs is a good idea for when the >> kernel crashes during a build. Then newfs is a viable and faster cleanup >> strategy than fsck. >> >> Set SUDO and PORTS_PRIVSEP in mk.conf, and run "make fix-permissions" in >> the dir for any port to create the dirs and set ownership. > > I've read man pages, handbooks, also related info in > /etc/examples/doas.conf. Depending on which doc you read, the approach > is different. With each thing I tried, things got more and more > entangled, I don't know what commands are called by bsd.ports.mk to > install, I added all pkg_* ones to /etc/doas.conf without password for > my normal user but running 'make package', doas still asked me for > passwords. I said, "Enough!" when doas asked me the password running > make as root. :-) > > Honestly, the ports system does not seem to be part of OpenBSD. I stand > by what I said last, I won't touching anything, leave the permissions as > they are and work as root. > >> >> I think the tars are fixed in 7.8, but why ftp and then cvs to get any >> updates, when you could just fetch via cvs anyway? > > I fetch ports directly with cvs from your server. > >> >> -- >> Sent from a phone, apologies for poor formatting. >> >> On 9 November 2025 22:53:28 j@bitminer.ca wrote: >> >>> Why do it the hard way when you can script it? >>> >>> cat myports.sh >>> ftp https://ftp.openbsd.org/pub/OpenBSD/snapshots/ports.tar.gz >>> tar xzpf ports.tar.gz -C /usr >>> >>> osver=`uname -r` >>> mkdir -p /usr/distfiles /usr/obj/ports >>> mkdir -p /usr/cache/pub/OpenBSD/$osver/packages/amd64 >>> >>> chown metheuser:metheuser /usr/distfiles >>> /usr/cache/pub/OpenBSD/$osver/packages/amd64 >>> chown metheuser:metheuser /usr/obj/ports >>> >>> chmod 775 /usr/obj >>> >>> chown metheuser:metheuser /usr/ports >>> chown -R metheuser:metheuser /usr/ports >>> >>>> /etc/mk.conf >>> echo WRKOBJDIR=/usr/obj/ports >> /etc/mk.conf >>> echo DISTDIR=/usr/distfiles >> /etc/mk.conf >>> echo PACKAGE_REPOSITORY=/usr/cache/pub/OpenBSD/$osver/packages >> >>> /etc/mk.conf >>> >>> >>> At this point metheuser can "cd /usr/ports/math/minisat" >>> and "make package" and it will work. >>> >>> Note that the original tar file creates files with group = wheel so you >>> can simplify by adding yourself to wheel. >>> >>> Note that the tar files are incomplete because tar and you have to >>> update with >>> >>> cd /usr/ports >>> cvs -d $YOURMIRROR:/cvs -q up -Pd >>> >>> where YOURMIRROR is one of the published ones, but probably not one of >>> the first two or three. >>> >>> >>> J > > -- > Walter