While setting up the ports tree on my system with PORTS_PRIVSEP enabled,
and after running 'doas make fix-permissions', I noticed that out of the
six affected directories under /usr/ports/ (bulk, distfiles, packages,
plist, pobj, update), both bulk and update were still owned by root.
Looking at infrastructure/mk/bsd.port.mk, I can see that BULK_COOKIES_DIR
and UPDATE_COOKIES_DIR are given to the _pbuild user, but their parent
directories (bulk and update) are not.
Since these two are the only root-owned directories in my ports tree, I
was wondering if giving them to the _pbuild user has been considered, or
perhaps there's a reason for doing it this way that I've overlooked. For
now I've set my user as the owner, but I feel setting them up like the
other four might make more sense.
I'm including a tested diff just in case I'm not completely off target
here.
Index: bsd.port.mk
===================================================================
RCS file: /cvs/ports/infrastructure/mk/bsd.port.mk,v
retrieving revision 1.1542
diff -u -p -u -r1.1542 bsd.port.mk
--- bsd.port.mk 26 Jun 2020 11:51:16 -0000 1.1542
+++ bsd.port.mk 28 Oct 2020 19:58:33 -0000
@@ -158,8 +158,10 @@ PORTSDIR ?= /usr/ports
X11BASE ?= /usr/X11R6
VARBASE ?= /var
DISTDIR ?= ${PORTSDIR}/distfiles
-BULK_COOKIES_DIR ?= ${PORTSDIR}/bulk/${MACHINE_ARCH}
-UPDATE_COOKIES_DIR ?= ${PORTSDIR}/update/${MACHINE_ARCH}
+BULKDIR ?= ${PORTSDIR}/bulk
+BULK_COOKIES_DIR ?= ${BULKDIR}/${MACHINE_ARCH}
+UPDATEDIR ?= ${PORTSDIR}/update
+UPDATE_COOKIES_DIR ?= ${UPDATEDIR}/${MACHINE_ARCH}
PLIST_REPOSITORY ?= ${PORTSDIR}/plist
.if !empty(PLIST_REPOSITORY)
@@ -2075,7 +2077,8 @@ fix-permissions:
fi
. for d in ${LOCKDIR} ${PACKAGE_REPOSITORY} \
${PACKAGE_REPOSITORY}/${MACHINE_ARCH} \
- ${BULK_COOKIES_DIR} ${UPDATE_COOKIES_DIR} \
+ ${BULKDIR} ${BULK_COOKIES_DIR} \
+ ${UPDATEDIR} ${UPDATE_COOKIES_DIR} \
${PLIST_REPOSITORY} ${WRKOBJDIR}
@b=`id -gn ${BUILD_USER}`; \
echo "give $d to ${BUILD_USER}:$$b"; \
