doas doesn't work very well with this, and "persist" intentionally does not
pass 'upwards'.
on systems which are mainly setup for ports development I'll use "SUDO=sudo
-E".
on those where I might just build something once in a while I'll allow my
own user to run things as _pbuild/_pfetch without adding, and just deal
with routing in the password a few times for installs.
permit nopass keepenv sthen as _pfetch
permit nopass keepenv sthen as _pbuild
"leave the permissions as they are and work as root" even if you choose to
ignore how dangerous this is (you should regard the system as potentially
compromised if you do this, and I wouldn't like to assume that building in
a guest VM would protect the hypervisor OS either), some ports will not
build (or not build correctly) if done as root.
--
Sent from a phone, apologies for poor formatting.
On 10 November 2025 11:40:25 Walter Alejandro Iglesias <[email protected]>
wrote:
On Mon, Nov 10, 2025 at 10:52:16AM +0000, Stuart Henderson wrote:
I recommend making /usr/ports a separate filesystem and keep the default
dirs for most things.
Pointing WRKOBJDIR at a less important fs is a good idea for when the
kernel crashes during a build. Then newfs is a viable and faster cleanup
strategy than fsck.
Set SUDO and PORTS_PRIVSEP in mk.conf, and run "make fix-permissions" in
the dir for any port to create the dirs and set ownership.
I've read man pages, handbooks, also related info in
/etc/examples/doas.conf. Depending on which doc you read, the approach
is different. With each thing I tried, things got more and more
entangled, I don't know what commands are called by bsd.ports.mk to
install, I added all pkg_* ones to /etc/doas.conf without password for
my normal user but running 'make package', doas still asked me for
passwords. I said, "Enough!" when doas asked me the password running
make as root. :-)
Honestly, the ports system does not seem to be part of OpenBSD. I stand
by what I said last, I won't touching anything, leave the permissions as
they are and work as root.
I think the tars are fixed in 7.8, but why ftp and then cvs to get any
updates, when you could just fetch via cvs anyway?
I fetch ports directly with cvs from your server.
--
Sent from a phone, apologies for poor formatting.
On 9 November 2025 22:53:28 [email protected] wrote:
Why do it the hard way when you can script it?
cat myports.sh
ftp https://ftp.openbsd.org/pub/OpenBSD/snapshots/ports.tar.gz
tar xzpf ports.tar.gz -C /usr
osver=`uname -r`
mkdir -p /usr/distfiles /usr/obj/ports
mkdir -p /usr/cache/pub/OpenBSD/$osver/packages/amd64
chown metheuser:metheuser /usr/distfiles
/usr/cache/pub/OpenBSD/$osver/packages/amd64
chown metheuser:metheuser /usr/obj/ports
chmod 775 /usr/obj
chown metheuser:metheuser /usr/ports
chown -R metheuser:metheuser /usr/ports
/etc/mk.conf
echo WRKOBJDIR=/usr/obj/ports >> /etc/mk.conf
echo DISTDIR=/usr/distfiles >> /etc/mk.conf
echo PACKAGE_REPOSITORY=/usr/cache/pub/OpenBSD/$osver/packages >>
/etc/mk.conf
At this point metheuser can "cd /usr/ports/math/minisat"
and "make package" and it will work.
Note that the original tar file creates files with group = wheel so you
can simplify by adding yourself to wheel.
Note that the tar files are incomplete because tar and you have to
update with
cd /usr/ports
cvs -d $YOURMIRROR:/cvs -q up -Pd
where YOURMIRROR is one of the published ones, but probably not one of
the first two or three.
J
--
Walter
