diff options
| author | jlam <jlam@pkgsrc.org> | 2007-07-04 20:54:31 +0000 |
|---|---|---|
| committer | jlam <jlam@pkgsrc.org> | 2007-07-04 20:54:31 +0000 |
| commit | 4390d56940778d6ab856866401c0690f1c28c724 (patch) | |
| tree | 651c1d29a5b557efafa04d2bb6f2cb512a979f64 /mk/unprivileged.mk | |
| parent | a6f8cbe795a03d65965cf24d3c410970c17f620e (diff) | |
| download | pkgsrc-4390d56940778d6ab856866401c0690f1c28c724.tar.gz | |
Make it easier to build and install packages "unprivileged", where
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
Diffstat (limited to 'mk/unprivileged.mk')
| -rw-r--r-- | mk/unprivileged.mk | 41 |
1 files changed, 36 insertions, 5 deletions
diff --git a/mk/unprivileged.mk b/mk/unprivileged.mk index 0b3685566b7..f12d19bd3dd 100644 --- a/mk/unprivileged.mk +++ b/mk/unprivileged.mk @@ -1,4 +1,4 @@ -# $NetBSD: unprivileged.mk,v 1.11 2007/06/06 12:41:53 rillig Exp $ +# $NetBSD: unprivileged.mk,v 1.12 2007/07/04 20:54:48 jlam Exp $ # # This file collects definitions that are useful when using pkgsrc as an # unprivileged (non-root) user. It is included automatically by the @@ -17,7 +17,15 @@ # Specifies the user name (or uid) that will be used to install # files. -.if (defined(UNPRIVILEGED) && !empty(UNPRIVILEGED:M[Yy][Ee][Ss])) || ${_USE_DESTDIR} == "user-destdir" +_UNPRIVILEGED= # empty +.if defined(UNPRIVILEGED) && !empty(UNPRIVILEGED:M[Yy][Ee][Ss]) +_UNPRIVILEGED+= unprivileged +.endif +.if (${_USE_DESTDIR} == "user-destdir") +_UNPRIVILEGED+= user-destdir +.endif + +.if !empty(_UNPRIVILEGED) # Guess which user/group has to be used. . if !defined(UNPRIVILEGED_USER) || empty(UNPRIVILEGED_USER) @@ -27,7 +35,8 @@ UNPRIVILEGED_USER!= ${ID} -n -u UNPRIVILEGED_GROUP!= ${ID} -n -g . endif -. if ${_USE_DESTDIR} == "user-destdir" && (!defined(UNPRIVILEGED) || empty(UNPRIVILEGED:M[Yy][Ee][Ss])) +. if empty(_UNPRIVILEGED:Munprivileged) && !empty(_UNPRIVILEGED:Muser-destdir) +# Only do following for privileged, user-destdir builds. _SU_ROOT_USER:= ${ROOT_USER} REAL_ROOT_USER:= ${ROOT_USER} REAL_ROOT_GROUP:= ${ROOT_GROUP} @@ -53,9 +62,32 @@ DOCOWN= ${UNPRIVILEGED_USER} # when overwriting files if they are not writable. BINMODE= 755 NONBINMODE= 644 + +. if !empty(_UNPRIVILEGED:Munprivileged) && empty(_UNPRIVILEGED:Muser-destdir) +# Only do the following for unprivileged, normal builds. + +# PKG_USERS_VARS is a list of variables that hold bare user names, e.g +# APACHE_USER, etc. +# +# PKG_GROUPS_VARS is a list of variables that hold bare group names, e.g +# UUCP_GROUP, etc. +# +PKG_USERS_VARS?= # empty +PKG_GROUPS_VARS?= # empty +BUILD_DEFS+= ${PKG_USERS_VARS} ${PKG_GROUPS_VARS} + +# Override per-package, custom users and groups. +. for _var_ in ${PKG_USERS_VARS} +${_var_}= ${UNPRIVILEGED_USER} +. endfor +. for _var_ in ${PKG_GROUPS_VARS} +${_var_}= ${UNPRIVILEGED_GROUP} +. endfor +. endif + .endif -.if (defined(UNPRIVILEGED) && !empty(UNPRIVILEGED:M[Yy][Ee][Ss])) +.if !empty(_UNPRIVILEGED:Munprivileged) # As a regular user, creation of other users and groups won't work, so # disable this step by default. PKG_CREATE_USERGROUP= NO @@ -67,5 +99,4 @@ SU_CMD= ${SH} -c # Do not attempt to modify /etc/shells as a regular user. PKG_REGISTER_SHELLS= NO - .endif |