Hi,
I'm using arch for about half a year on a few systems, but every time I
install something from aur I'm asking myself one question:
Why is it considered dangerous to run makepkg as root?
My first guess was that the PKGBUILD usually comes from an untrusted source and
may contain code to
The second idea is that this advice should prevent the script from
*accidentally* damage my system. But this could be prevented by using
fakeroot
(which is disabled when calling makepkg with --asroot according to the
manpage) or chroot. And actually the proper advice in this case should
be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am 17.05.2014 14:40, schrieb Roland Tapken:
Hi,
I'm using arch for about half a year on a few systems, but every
time I install something from aur I'm asking myself one question:
Why is it considered dangerous to run makepkg as root?
My
On Sat, May 17, 2014 at 2:40 PM, Roland Tapken m...@lalamuhkuh.de wrote:
Hi,
I'm using arch for about half a year on a few systems, but every time I
install something from aur I'm asking myself one question:
Why is it considered dangerous to run makepkg as root?
My first guess was that the
On 05/17/2014 08:40 AM, Bartłomiej Piotrowski wrote:
Hi guys,
New MariaDB is sitting in [testing] for a while now. It's temporarily
This does trigger this warning in postfix's postmap program:
postmap: /usr/lib/libmysqlclient.so.18: no version information available
(required by postmap)
Hi,
I would really like to help patching, but my time is extremely limited
(finals in 2 weeks).
Good luck! :)
I'll think I'll have a try, also my time is very limited, too :-)
Regards,
Roland
signature.asc
Description: This is a digitally signed message part.
On 05/17, Dimitris Zervas wrote:
On May 17, 2014 5:22:32 PM EEST, Roland Tapken m...@lalamuhkuh.de wrote:
BTW: Another good idea that would be helpful is add comments on installed
packages on pacman. e.g. why did you install them. But that's another thread
No offense, but if you need to
On Sat, May 17, 2014 at 03:49:49PM +0300, Dimitris Zervas wrote:
The second idea is that this advice should prevent the script from
*accidentally* damage my system. But this could be prevented by using
fakeroot
(which is disabled when calling makepkg with --asroot according to the
'--asroot' option has recently been removed.
https://projects.archlinux.org/pacman.git/commit/?id=61ba5c961e4a3536c4bbf41edb348987a9993fdb
Need to check if arch-install-media runs as root, know of course you
could add user but it might make things a little difficult if you need
an aur application
On Sun, May 18, 2014 at 12:57 AM, Bigby James bigby.ja...@crepcran.com wrote:
On 05/17, Dimitris Zervas wrote:
On May 17, 2014 5:22:32 PM EEST, Roland Tapken m...@lalamuhkuh.de wrote:
BTW: Another good idea that would be helpful is add comments on installed
packages on pacman. e.g. why did
On 2014-05-17 14:40, Roland Tapken wrote:
Hi,
I'm using arch for about half a year on a few systems, but every time I
install something from aur I'm asking myself one question:
Why is it considered dangerous to run makepkg as root?
My first guess was that the PKGBUILD usually comes
Hi Bardur,
Maybe I've missed something reading through this thread, but *assuming*
(yeah, I know) that packages can't run arbitrary scripts at install time
(which I think is a valid assumption for pacman),
Is this so? I don't know since I've only scratched the surface of arch until
now. But
On 2014-05-17 21:50, Roland Tapken wrote:
Hi Bardur,
Maybe I've missed something reading through this thread, but *assuming*
(yeah, I know) that packages can't run arbitrary scripts at install time
(which I think is a valid assumption for pacman),
Is this so? I don't know since I've only
On 2014-05-17 22:08, Bardur Arantsson wrote:
On 2014-05-17 21:50, Roland Tapken wrote:
Hi Bardur,
Even if your assumption about pacman is correct: Just let the malicious
PKGBUILD write a file into /etc/cron.d/, /etc/systemd or something like that
and you're doomed. No need for privilege
Am 17.05.2014 22:08, schrieb Bardur Arantsson:
On 2014-05-17 21:50, Roland Tapken wrote:
Hi Bardur,
Maybe I've missed something reading through this thread, but *assuming*
(yeah, I know) that packages can't run arbitrary scripts at install time
(which I think is a valid assumption for
Following up on installing Archlinux
Preface to the Appendix of this thread, with thanks and deference to those
who have helped so far: I am definitely not up to speed on the nuts and
bolts of GNU/Linux, I am a user, needing to get this tool working. That
being said, I have Archlinux working
On 2014-05-17 22:55, ushi wrote:
Am 17.05.2014 22:08, schrieb Bardur Arantsson:
On 2014-05-17 21:50, Roland Tapken wrote:
Hi Bardur,
Maybe I've missed something reading through this thread, but *assuming*
(yeah, I know) that packages can't run arbitrary scripts at install time
(which I
On 17/05/14 03:12 PM, Bardur Arantsson wrote:
On 2014-05-17 14:40, Roland Tapken wrote:
Hi,
I'm using arch for about half a year on a few systems, but every time I
install something from aur I'm asking myself one question:
Why is it considered dangerous to run makepkg as root?
My first
在 2014-5-18,4:49,Bardur Arantsson s...@scientician.net 写道:
Hm. Rethinking this I was going to say something about listing (and
screening) all the files that a package *would* install, but it seems
that it's not possible to list files installed by a package before
installing it...?
(pacman
On 2014-05-17 15:49, Bardur Arantsson wrote:
On 2014-05-17 22:08, Bardur Arantsson wrote:
On 2014-05-17 21:50, Roland Tapken wrote:
Hi Bardur,
Even if your assumption about pacman is correct: Just let the
malicious
PKGBUILD write a file into /etc/cron.d/, /etc/systemd or something
like that
20 matches
Mail list logo