On 2020/03/26 14:17, Lucas wrote: > I consider being asked a password a problem (we can't make unattended > builds if FETCH_PACKAGES isn't No) and I don't feel that adding
If unattended builds is your goal then really DPB is the thing to use. Start it as root and it *drops* privs as required. Any setup where you start the build as an unprivileged user and then escalate privs for certain things, either requires attendance to type passwords, or requires that you open a priv escalation hole.