From: Walter Alejandro Iglesias Subject: Re: Running make in ports as a normal user To: Stuart Henderson Cc: j@bitminer.ca, Ports Date: Mon, 10 Nov 2025 13:29:22 +0100 On Mon, Nov 10, 2025 at 11:56:25AM +0000, Stuart Henderson wrote: > doas doesn't work very well with this, and "persist" intentionally does not > pass 'upwards'. > > on systems which are mainly setup for ports development I'll use "SUDO=sudo > -E". > > on those where I might just build something once in a while I'll allow my > own user to run things as _pbuild/_pfetch without adding, and just deal > with routing in the password a few times for installs. In my case, for example, when compiling mplayer just now, I had to enter the password about two hundred times. :-) > > permit nopass keepenv sthen as _pfetch > permit nopass keepenv sthen as _pbuild I've already tried this. I'll try once more time using "sudo" as you recommend me. > > "leave the permissions as they are and work as root" even if you choose to > ignore how dangerous this is (you should regard the system as potentially > compromised if you do this, and I wouldn't like to assume that building in > a guest VM would protect the hypervisor OS either), Could you give me an example of what you mean by "dangerous", please? > some ports will not > build (or not build correctly) if done as root. I would also appreciate an example of this, if it's not too much trouble. > > > -- > Sent from a phone, apologies for poor formatting. > > On 10 November 2025 11:40:25 Walter Alejandro Iglesias > wrote: > > > On Mon, Nov 10, 2025 at 10:52:16AM +0000, Stuart Henderson wrote: > >> I recommend making /usr/ports a separate filesystem and keep the default > >> dirs for most things. > >> > >> Pointing WRKOBJDIR at a less important fs is a good idea for when the > >> kernel crashes during a build. Then newfs is a viable and faster cleanup > >> strategy than fsck. > >> > >> Set SUDO and PORTS_PRIVSEP in mk.conf, and run "make fix-permissions" in > >> the dir for any port to create the dirs and set ownership. > > > > I've read man pages, handbooks, also related info in > > /etc/examples/doas.conf. Depending on which doc you read, the approach > > is different. With each thing I tried, things got more and more > > entangled, I don't know what commands are called by bsd.ports.mk to > > install, I added all pkg_* ones to /etc/doas.conf without password for > > my normal user but running 'make package', doas still asked me for > > passwords. I said, "Enough!" when doas asked me the password running > > make as root. :-) > > > > Honestly, the ports system does not seem to be part of OpenBSD. I stand > > by what I said last, I won't touching anything, leave the permissions as > > they are and work as root. > > > >> > >> I think the tars are fixed in 7.8, but why ftp and then cvs to get any > >> updates, when you could just fetch via cvs anyway? > > > > I fetch ports directly with cvs from your server. > > > >> > >> -- > >> Sent from a phone, apologies for poor formatting. > >> > >> On 9 November 2025 22:53:28 j@bitminer.ca wrote: > >> > >>> Why do it the hard way when you can script it? > >>> > >>> cat myports.sh > >>> ftp https://ftp.openbsd.org/pub/OpenBSD/snapshots/ports.tar.gz > >>> tar xzpf ports.tar.gz -C /usr > >>> > >>> osver=`uname -r` > >>> mkdir -p /usr/distfiles /usr/obj/ports > >>> mkdir -p /usr/cache/pub/OpenBSD/$osver/packages/amd64 > >>> > >>> chown metheuser:metheuser /usr/distfiles > >>> /usr/cache/pub/OpenBSD/$osver/packages/amd64 > >>> chown metheuser:metheuser /usr/obj/ports > >>> > >>> chmod 775 /usr/obj > >>> > >>> chown metheuser:metheuser /usr/ports > >>> chown -R metheuser:metheuser /usr/ports > >>> > >>>> /etc/mk.conf > >>> echo WRKOBJDIR=/usr/obj/ports >> /etc/mk.conf > >>> echo DISTDIR=/usr/distfiles >> /etc/mk.conf > >>> echo PACKAGE_REPOSITORY=/usr/cache/pub/OpenBSD/$osver/packages >> > >>> /etc/mk.conf > >>> > >>> > >>> At this point metheuser can "cd /usr/ports/math/minisat" > >>> and "make package" and it will work. > >>> > >>> Note that the original tar file creates files with group = wheel so you > >>> can simplify by adding yourself to wheel. > >>> > >>> Note that the tar files are incomplete because tar and you have to > >>> update with > >>> > >>> cd /usr/ports > >>> cvs -d $YOURMIRROR:/cvs -q up -Pd > >>> > >>> where YOURMIRROR is one of the published ones, but probably not one of > >>> the first two or three. > >>> > >>> > >>> J > > > > -- > > Walter > -- Walter