On 2018-04-11 18:55, Perry E. Metzger wrote:
> Just a side note: other package building systems have dealt (in
> various ways) with being able to build things without privileges.
> 
> For example, the Debian project has a cool tool called "fakeroot"
> which uses an LD_PRELOADed library to make things being built _think_
> they have root privileges when they don't -- actions like chmods and
> chowns are recorded by the libraries and subsequent "fakerooted" calls
> that read permissions or ownership or what have you replay what was
> set earlier.
> 
> This allows the construction of installation packages that have
> arbitrary users and permissions set in them without root having been
> involved in builds.
> 
> See: https://manpages.debian.org/stretch/fakeroot-ng/fakeroot.1.en.html
> 
> I believe that "fakeroot" (or at least forks of it) have already been
> ported to MacOS for use by other projects
Note that fakeroot itself is licensed as GPL-3+ and therefore not
suitable for inclusion into MacPorts base.

We already have the functionality to hook library functions which is
used for tracemode. This could as well be used for a "fakeroot"
functionality. Especially the destroot target would benefit from this.

For destroot, this could hook file operations (chown, chmod, etc.) and
divert that to a database. This can then be used to put the correct
information into the archive that is created from the destroot directory.

Note that this should not mean you could use MacPorts without sudo, but
the isolation between Portfile execution and your user account would be
stronger.

As a side note, at the MacPorts Meeting last month we had a session on
documentation were we wrote down why MacPorts needs root privileges and
what they are used for. This information still has to find a place in
the guide or FAQ.

https://trac.macports.org/wiki/Meetings/MacPortsMeeting2018/Documentation#PrivilegeSeparationakaMacPortsrequiressudoroot

Rainer

Reply via email to