I've fixed quite a few bugs recently, and I think it's now stable.
If you've tried in the past, here's a list of significant changes.
- dpb now checks for users that should be local. If they don't exist,
it will error out.
- dpb now drops privileges correctly for distant hosts if no chroot is
used.
- dpb now switches uids AND group list correctly between various users.
- there were quite a few files that were NOT checked (for reading) with
the appropriate user, with the result that sometimes things were not
readable.
- various command line options (-DBUILD_USER) and config file contents
now work correctly. In particular, if you don't set up a DEFAULT entry,
but if you have one host with a build_user, then things should work correctly.
- there is no "round-robin" mode yet. Turns out being slightly more complex
than I hoped, so I did not do it yet.
Here's a checklist of what you need/can do to get dpb to work.
- new dpb should be started as root. That allows it to chroot AND to use
a "drop-privileges" model, where the build user no longer needs sudo.
- if you have distant hosts, connection from root to root should be setup.
- you should set up a local user which has absolutely no rights whatsoever.
dpb will spend as much time as possible as this user.
- you should set up a build user on every host that wants to build things.
That build user does NOT need sudo rights. It does NOT need network access.
In fact, I have a pf rule that says:
block out quick proto {tcp,udp} from self user pbuild0
early on in my pf.conf
- you should set up a user to specifically do fetches if you want to
restrict network access for everyone else.
- logs will be created as log_user. I haven't created a specific user for
that. In fact, for convenience, logs are owned by me.
My hosts file looks like this wrt users:
UNPRIV_USER=dpbcheck
FETCH_USER=fetchuser
LOG_USER=espie
DEFAULT build_user=pbuild0
<list of hosts>
The ports tree should be readable for your build_user.
It needs write access to the WRKOBJDIR, the LOCKDIR, the PACKAGEREPOSITORY
area, and the PLIST_DB directory.
(normally, /usr/ports/obj, /usr/ports/objs/locks, /usr/ports/packages,
/usr/ports/plist)
Log user will want read and write access to its log directory,
and also hidden in the "permanent log" section.
By default, /usr/ports/logs/<arch> and also /usr/ports/distfiles/build-stats
The fetch_user wants read and write access to the distfiles are (apart
from build-stats, which you can pre-create). Note that scanning of the ports
tree (reading distinfo) does happen as build_user.
The files created by the fetch_user must be readable by build_user.
dpb itself creates some shared directories. It does so as root and changes
ownership accordingly. In case of NFS setups where root does not have all
access, set DROPPRIV=1 in your hosts file.
In case of "shared directory" situations, there are also now knobs in
bsd.port.mk, which was switched to using install -d to
"create" common directories.
WRKOBJDIR_MODE ?=
DISTDIR_MODE ?= ${WRKOBJDIR_MODE}
PACKAGE_REPOSITORY_MODE ?= ${WRKOBJDIR_MODE}
LOCKDIR_MODE ?= ${WRKOBJDIR_MODE}
PLISTDIR_MODE ?= ${WRKOBJDIR_MODE}
You could e.g., set up WRKOBJDIR_MODE = -g wports -m 775
to have group writable directories.
A "quirk" of install -d is that it will complain when it cannot change
modes/ownership, but not error out if the given directory was indeed
created. So you may even want to
WKROBJDIR_MODE = -g wports -m 775 2>/dev/null
to shut it up, since make will still exit properly with an error code
in case of a fatal error.
If you want to setup a chroot, things are slightly more complicated.
There will probably be a script to do that in the not so distant future.
One goal is to do each distinct build in a separate chroot.
(we're about 3/4 of the way there).
Many thanks to people who gave me feedback, among others:
RD Thrush, Mark Patruck, Stuart Henderson, Antoine Jacoutot.
