It is discouraged but possible to run pkg_add(1), with the -n option, as a user other than root. However, if pkg_add(1) does not have write permission to $PKG_CACHE, then error messages are produced. For example:
$ ls -ld $PKG_CACHE drwxr-xr-x 2 root wheel 3072 Jul 2 12:13 /var/pkg_cache $ pkg_add -vn gcal pkg_add should be run as root Update candidates: quirks-2.54 -> quirks-2.54 quirks-2.54 signed on 2015-03-08T12:33:05Z Fatal error: Ustar [ftp://ftp.openbsd.org/pub/OpenBSD/5.7/packages/amd64/gcal-3.6.3p0.tgz][?]: Error while reading header at /usr/libdata/perl5/OpenBSD/Ustar.pm line 89. These error messages are less than clear about the underlying permissions problem, especially when -v is omitted. (-v is what produces the first line of output: 'pkg_add should be run as root'.) It is desirable to me (a) to run pkg_add -n as a non-root user and (b) that non-root users are unable to write to the PKG_CACHE directory. One solution is for pkg_add(1) to silently omit the attempt to copy the package to an unwritable $PKG_CACHE. Below is a diff that does that, and modifies pkg_add(1)'s man page accordingly. I realize this should go to tech@, but I'm worried that I'm being dumb in some kind of way, and my understanding is that dumb posts, if they must occur, are better sent to misc@ first for vetting. :) Index: pkg_add.1 =================================================================== RCS file: /cvs/src/usr.sbin/pkg_add/pkg_add.1,v retrieving revision 1.132 diff -u -p -r1.132 pkg_add.1 --- pkg_add.1 16 Apr 2015 20:01:39 -0000 1.132 +++ pkg_add.1 2 Jul 2015 19:00:43 -0000 @@ -188,7 +188,8 @@ or If the environment variable .Ev PKG_CACHE is set to a directory name, every package retrieved from a distant location -will also be copied here. +will also be copied here, provided pkg_add has write permission to that +directory .Pp Some packages may depend on other packages. When resolving dependencies @@ -371,7 +372,7 @@ Don't actually install a package, just r would be taken if it was. Will still copy packages to .Ev PKG_CACHE -if applicable. +if applicable and if pkg_add has write permission to that directory. .It Fl P Ar type Check permissions for distribution, where .Ar type @@ -745,7 +746,7 @@ if no option is specified. .It Ev PKG_CACHE If set, any package retrieved from a distant location will be copied to -that directory as well. +that directory as well, if pkg_add has write permission to that directory. .It Ev PKG_PATH If a given package name cannot be found, the directories named by Index: OpenBSD/PackageRepository.pm =================================================================== RCS file: /cvs/src/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm,v retrieving revision 1.113 diff -u -p -r1.113 PackageRepository.pm --- OpenBSD/PackageRepository.pm 4 Mar 2015 13:55:32 -0000 1.113 +++ OpenBSD/PackageRepository.pm 2 Jul 2015 19:00:44 -0000 @@ -534,7 +534,7 @@ sub open_pipe $object->{pid2} = $pid2; } else { open STDERR, '>', $object->{errors}; - if (defined $object->{cache_dir}) { + if (defined $object->{cache_dir} and -w $object->{cache_dir}) { my $pid3 = open(my $in, "-|"); $self->did_it_fork($pid3); if ($pid3) {
