man page possible correction for ports, bsd.port.mk

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

man page possible correction for ports, bsd.port.mk

myportslist20190323
1. man ports: In the Using a Read-Only Ports Tree section of man ports, I believe
it should read  PLIST_REPOSITORY instead of PLIST_DB.

(To support the change from PLIST_DB to PLIST_REPOSITORY,
please note that man bsd.port.mk says PLIST_DB is deprecated. Also,
make fix-permissions won't change permission if PLIST_DB is set
in /etc/mk.conf, but it does work if PLIST_REPOSITORY is set.)

2. man bsd.port.mk: in the PORTS_PRIVSEP section, where one adds
these commands to doas.conf: /usr/bin/touch, /usr/sbin/pkg_add, and
/usr/sbin/pkg_delete, I think an additional line is needed:

permit nopass setenv { TERM } solene cmd /usr/bin/env

(To support this addtion, please see these lines in /usr/ports/infrastructure/mk/bsd.port.mk:
SETENV ?= /usr/bin/env -i
and
===> Installing . . . @${SUDO} ${SETENV}  . . .)

These are in snapshots 6.5-current #19 Wed Jun 12 01:15:09 MDT 2019


Reply | Threaded
Open this post in threaded view
|

Re: man page possible correction for ports, bsd.port.mk

Jason McIntyre-2
On Wed, Jun 12, 2019 at 09:08:29AM -0500, [hidden email] wrote:

> 1. man ports: In the Using a Read-Only Ports Tree section of man ports, I believe
> it should read  PLIST_REPOSITORY instead of PLIST_DB.
>
> (To support the change from PLIST_DB to PLIST_REPOSITORY,
> please note that man bsd.port.mk says PLIST_DB is deprecated. Also,
> make fix-permissions won't change permission if PLIST_DB is set
> in /etc/mk.conf, but it does work if PLIST_REPOSITORY is set.)
>
> 2. man bsd.port.mk: in the PORTS_PRIVSEP section, where one adds
> these commands to doas.conf: /usr/bin/touch, /usr/sbin/pkg_add, and
> /usr/sbin/pkg_delete, I think an additional line is needed:
>
> permit nopass setenv { TERM } solene cmd /usr/bin/env
>
> (To support this addtion, please see these lines in /usr/ports/infrastructure/mk/bsd.port.mk:
> SETENV ?= /usr/bin/env -i
> and
> ===> Installing . . . @${SUDO} ${SETENV}  . . .)
>
> These are in snapshots 6.5-current #19 Wed Jun 12 01:15:09 MDT 2019
>
>

morning.

could you mail a diff, please? you will probably have a better chance of
feedback that way.

jmc

Reply | Threaded
Open this post in threaded view
|

Re: man page possible correction for ports, bsd.port.mk

Marc Espie-2
In reply to this post by myportslist20190323
On Wed, Jun 12, 2019 at 09:08:29AM -0500, [hidden email] wrote:
> 2. man bsd.port.mk: in the PORTS_PRIVSEP section, where one adds
> these commands to doas.conf: /usr/bin/touch, /usr/sbin/pkg_add, and
> /usr/sbin/pkg_delete, I think an additional line is needed:
>
> permit nopass setenv { TERM } solene cmd /usr/bin/env
Nope, you don't want that line.

If you allow /usr/bin/env  without passwd, you may as well allow any command.

The tree was fixed post-6.5 so that normal usage would no longer need env.