Ever since I added privilege separation to dpb, working with both dpb and normal ports tools has become cumbersome.
Various ports directories must be owned by _pbuild/_pfetch for dpb to work, and by joe average user for normal ports work. Prompted by pirofti@, I added some modicum of privilege separation to normal ports work, as an option, after p2k17. Namely, if you define PORTS_PRIVSEP=Yes, normal ports work will work a bit better with privilege separated dpb. Most specifically: - fetch operations will use doas -u _pfetch, so that stuff under distfiles has the correct ownership for privsep'd dpb. - package creation operations will yield packages owned by _pbuild, as should be expected (and register-plist will work correctly as well). - proot now spews BUILD_USER and FETCH_USER lines in mk.conf if it's been used with users different from the standard _pfetch/_pbuild users. - dpb has its own privsep mechanisms, so it overrides the user settings with PORTS_PRIVSEP=No. This is not documented yet, because there is a somewhat larger change brewing, namely, also doing the build as _pbuild, so that ports work and dpb runs work together (there are a lot of small changes involved before everything runs smoothly) This would make ports work "safer", because _pbuild does not need any kind of doas privileges, and it can also be configured to shun the network entirely (block rules in pf). To summarize: - if you don't change anything, business should be as usual (ports as normal user, requiring doas for root during dependency installations) - if you use dpb privsep'd, you may like PORTS_PRIVSEP=Yes, as it will allow you to interact with distfiles, packages, plists without changing their ownership between ports and dpb. - of course, this does require that the user working on ports is allowed to doas to _pbuild/_pfetch as well as root.
