From: Marc Espie Subject: Re: Running make in ports as a normal user To: Walter Alejandro Iglesias Cc: Stuart Henderson , j@bitminer.ca, Ports Date: Mon, 10 Nov 2025 17:01:36 +0100 On Mon, Nov 10, 2025 at 12:40:05PM +0100, Walter Alejandro Iglesias wrote: > On Mon, Nov 10, 2025 at 10:52:16AM +0000, Stuart Henderson wrote: > > I recommend making /usr/ports a separate filesystem and keep the default > > dirs for most things. > > > > Pointing WRKOBJDIR at a less important fs is a good idea for when the > > kernel crashes during a build. Then newfs is a viable and faster cleanup > > strategy than fsck. > > > > Set SUDO and PORTS_PRIVSEP in mk.conf, and run "make fix-permissions" in > > the dir for any port to create the dirs and set ownership. > > I've read man pages, handbooks, also related info in > /etc/examples/doas.conf. Depending on which doc you read, the approach > is different. With each thing I tried, things got more and more > entangled, I don't know what commands are called by bsd.ports.mk to > install, I added all pkg_* ones to /etc/doas.conf without password for > my normal user but running 'make package', doas still asked me for > passwords. I said, "Enough!" when doas asked me the password running > make as root. :-) > > Honestly, the ports system does not seem to be part of OpenBSD. I stand > by what I said last, I won't touching anything, leave the permissions as > they are and work as root. bulk(8) documents the setup for big large clusters. As far as doas/sudo goes, if you're on a somewhat isolated cluster, the simplest way to do things is to just have a line that says permit keepenv nopass :wheel doing everything as root without dropping prevs to _pbuild/_pfetch is a fairly bad idea. Especially because you never know what can happen when grabbing files from the internet, and also because a lot of stupid upstreams will happily grab things for you without checking anything. The default rules for _pbuild don't allow any internet access. As for the "ports system" not looking like OpenBSD: the default setup for boxes is for base/kernel developers. Numbers for ports, as exemplified in bulk(8), are way higher, and won't fit at all in the default partitioning scheme if you really want to rebuild everything. Building from ports is somewhat specialized... I think we do a good job of documenting it, between ports(7), dpb(1) and bulk(8). Again, the sizes do not fit and will require putting everything in a very large home or something. It's more a question of weighing the limitations of default OpenBSD installs vs 10000+ ports requirements. (BTW, someone with an account should check the current distfiles and packages and wrkdir constraints and possibly bump the numbers in bulk(8). Stuart ?)