It is discouraged but possible to run pkg_add(1), with the -n option, as a
user other than root. However, if pkg_add(1) does not have write
permission to $PKG_CACHE, then error messages are produced. For example:
$ ls -ld $PKG_CACHE
drwxr-xr-x 2 root wheel 3072 Jul 2 12:13 /var/pkg_cache
$ pkg_add -vn gcal
pkg_add should be run as root
Update candidates: quirks-2.54 - quirks-2.54
quirks-2.54 signed on 2015-03-08T12:33:05Z
Fatal error: Ustar
[ftp://ftp.openbsd.org/pub/OpenBSD/5.7/packages/amd64/gcal-3.6.3p0.tgz][?]:
Error while reading header
at /usr/libdata/perl5/OpenBSD/Ustar.pm line 89.
These error messages are less than clear about the underlying permissions
problem, especially when -v is omitted. (-v is what produces the first
line of output: 'pkg_add should be run as root'.)
It is desirable to me (a) to run pkg_add -n as a non-root user and (b)
that non-root users are unable to write to the PKG_CACHE directory. One
solution is for pkg_add(1) to silently omit the attempt to copy the
package to an unwritable $PKG_CACHE. Below is a diff that does that, and
modifies pkg_add(1)'s man page accordingly.
I realize this should go to tech@, but I'm worried that I'm being dumb in
some kind of way, and my understanding is that dumb posts, if they must
occur, are better sent to misc@ first for vetting. :)
Index: pkg_add.1
===
RCS file: /cvs/src/usr.sbin/pkg_add/pkg_add.1,v
retrieving revision 1.132
diff -u -p -r1.132 pkg_add.1
--- pkg_add.1 16 Apr 2015 20:01:39 - 1.132
+++ pkg_add.1 2 Jul 2015 19:00:43 -
@@ -188,7 +188,8 @@ or
If the environment variable
.Ev PKG_CACHE
is set to a directory name, every package retrieved from a distant location
-will also be copied here.
+will also be copied here, provided pkg_add has write permission to that
+directory
.Pp
Some packages may depend on other packages.
When resolving dependencies
@@ -371,7 +372,7 @@ Don't actually install a package, just r
would be taken if it was.
Will still copy packages to
.Ev PKG_CACHE
-if applicable.
+if applicable and if pkg_add has write permission to that directory.
.It Fl P Ar type
Check permissions for distribution, where
.Ar type
@@ -745,7 +746,7 @@ if no
option is specified.
.It Ev PKG_CACHE
If set, any package retrieved from a distant location will be copied to
-that directory as well.
+that directory as well, if pkg_add has write permission to that directory.
.It Ev PKG_PATH
If a given package name cannot be found,
the directories named by
Index: OpenBSD/PackageRepository.pm
===
RCS file: /cvs/src/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm,v
retrieving revision 1.113
diff -u -p -r1.113 PackageRepository.pm
--- OpenBSD/PackageRepository.pm4 Mar 2015 13:55:32 - 1.113
+++ OpenBSD/PackageRepository.pm2 Jul 2015 19:00:44 -
@@ -534,7 +534,7 @@ sub open_pipe
$object-{pid2} = $pid2;
} else {
open STDERR, '', $object-{errors};
- if (defined $object-{cache_dir}) {
+ if (defined $object-{cache_dir} and -w $object-{cache_dir}) {
my $pid3 = open(my $in, -|);
$self-did_it_fork($pid3);
if ($pid3) {