In a few places, bsd.port.mk does
doas /usr/bin/env -i ${_TERM_ENV} TRUSTED_PKG_PATH=... /usr/sbin/pkg_add
On the one hand, env allows virtually everything to execute;
on the other hand, swapping things around means keepenv has to be used
correctly.
Looking closer at the actual usage pattern, the env variables concerned
are:
- TERM: necessary for correct progressmeter
- TERMCAP: good for people with bad terminal configuration. Definitely not
something to trust in doas.conf
- ftp_proxy/http_proxy: useful in general, but those pkg_add invocations are
actually local
- TRUSTED_PKG_PATH: *TOTALLY* necessary. This prevents pkg_add from looking
in other locations, and replaces a former -Dunsigned which did remove
signature handling from everywhere and not just the correct directory.
Inspired by Charlene's idea of fixing the path to touch, I think we
want the patch that follows.
Plus: people will have a full list of what's needed to run as root for
ports work.
Minus: if you don't keepenv TRUSTED_PKG_PATH, things will stop working.
If you don't keepenv TERM, pkg_add will lose its progressmeter.
(that said, pkg_delete already has the same issue and it doesn't look like
people protest)
okay, objections ?
Index: bsd.port.mk
===================================================================
RCS file: /cvs/ports/infrastructure/mk/bsd.port.mk,v
retrieving revision 1.1462
diff -u -p -r1.1462 bsd.port.mk
--- bsd.port.mk 4 Apr 2019 02:28:06 -0000 1.1462
+++ bsd.port.mk 8 May 2019 18:57:48 -0000
@@ -211,7 +211,7 @@ PKG_DELETE ?= /usr/sbin/pkg_delete
_PKG_ADD = ${PKG_ADD} ${_PROGRESS} -I
_PKG_CREATE = ${PKG_CREATE} ${_PROGRESS}
-_PKG_ADD_LOCAL = TRUSTED_PKG_PATH=${_PKG_REPO} ${_PKG_ADD}
+_SUDO_PKG_ADD_LOCAL = TRUSTED_PKG_PATH=${_PKG_REPO} ${SUDO} ${_PKG_ADD}
_PKG_DELETE = ${PKG_DELETE} ${_PROGRESS}
.if defined(PKG_PATH)
@@ -724,7 +724,7 @@ _ALL_COOKIES = ${_EXTRACT_COOKIE} ${_PAT
${_DEPBUILDLIB_COOKIES} ${_DEPRUNLIB_COOKIES} \
${_DEPBUILDWANTLIB_COOKIE} ${_DEPRUNWANTLIB_COOKIE}
${_DEPLIBSPECS_COOKIES}
-_MAKE_COOKIE = touch
+_MAKE_COOKIE = /usr/bin/touch
_PMAKE_COOKIE = ${_PBUILD} ${_MAKE_COOKIE}
GMAKE ?= gmake
@@ -2064,7 +2064,7 @@ ${_INSTALL_COOKIE${_S}}:
@cd ${.CURDIR} && SUBPACKAGE=${_S} _DEPENDS_TARGET=install
PKGPATH=${PKGPATH} \
exec ${MAKE} _internal-install-depends
@${ECHO_MSG} "===> Installing ${FULLPKGNAME${_S}} from ${_PKG_REPO}"
- @${SUDO} ${SETENV} ${_TERM_ENV} ${_PKG_ADD_LOCAL} ${_PKG_ADD_AUTO}
${PKGFILE${_S}};
+ @${SETENV} ${_TERM_ENV} ${_SUDO_PKG_ADD_LOCAL} ${_PKG_ADD_AUTO}
${PKGFILE${_S}};
@-${SUDO} ${_MAKE_COOKIE} $@
@@ -2083,7 +2083,7 @@ ${_UPDATE_COOKIE${_S}}:
*) cd ${.CURDIR} && SUBPACKAGE=${_S} _DEPENDS_TARGET=package
PKGPATH=${PKGPATH} \
${MAKE} _internal-install-depends; \
${ECHO_MSG} "Upgrading from $$a"; \
- ${SUDO} ${SETENV} ${_TERM_ENV} ${_PKG_ADD_LOCAL}
${_PKG_ADD_AUTO} -r ${_PKG_ADD_FORCE} ${PKGFILE${_S}};; \
+ ${SETENV} ${_TERM_ENV} ${_SUDO_PKG_ADD_LOCAL}
${_PKG_ADD_AUTO} -r ${_PKG_ADD_FORCE} ${PKGFILE${_S}};; \
esac
@${_MAKE_COOKIE} $@
@@ -2097,7 +2097,7 @@ ${_FUPDATE_COOKIE${_S}}:
@mkdir -p ${UPDATE_COOKIES_DIR}
. endif
@${ECHO_MSG} "===> Updating/installing for ${FULLPKGNAME${_S}}"
- @${SUDO} ${SETENV} ${_TERM_ENV} ${_PKG_ADD_LOCAL} ${_PKG_ADD_AUTO} -r
${_PKG_ADD_FORCE} ${PKGFILE${_S}}
+ @${SETENV} ${_TERM_ENV} ${_SUDO_PKG_ADD_LOCAL} ${_PKG_ADD_AUTO} -r
${_PKG_ADD_FORCE} ${PKGFILE${_S}}
@${_MAKE_COOKIE} $@
.endfor
