On 2018-04-11 18:55, Perry E. Metzger wrote: > Just a side note: other package building systems have dealt (in > various ways) with being able to build things without privileges. > > For example, the Debian project has a cool tool called "fakeroot" > which uses an LD_PRELOADed library to make things being built _think_ > they have root privileges when they don't -- actions like chmods and > chowns are recorded by the libraries and subsequent "fakerooted" calls > that read permissions or ownership or what have you replay what was > set earlier. > > This allows the construction of installation packages that have > arbitrary users and permissions set in them without root having been > involved in builds. > > See: https://manpages.debian.org/stretch/fakeroot-ng/fakeroot.1.en.html > > I believe that "fakeroot" (or at least forks of it) have already been > ported to MacOS for use by other projects Note that fakeroot itself is licensed as GPL-3+ and therefore not suitable for inclusion into MacPorts base.
We already have the functionality to hook library functions which is used for tracemode. This could as well be used for a "fakeroot" functionality. Especially the destroot target would benefit from this. For destroot, this could hook file operations (chown, chmod, etc.) and divert that to a database. This can then be used to put the correct information into the archive that is created from the destroot directory. Note that this should not mean you could use MacPorts without sudo, but the isolation between Portfile execution and your user account would be stronger. As a side note, at the MacPorts Meeting last month we had a session on documentation were we wrote down why MacPorts needs root privileges and what they are used for. This information still has to find a place in the guide or FAQ. https://trac.macports.org/wiki/Meetings/MacPortsMeeting2018/Documentation#PrivilegeSeparationakaMacPortsrequiressudoroot Rainer