portmaster bombs out late in the process because it doesn't check for root-based credentials before it tries to update packages. Discovered this by accident because I accidentally forgot to run portmaster with sudo. Fix: Check for root privs sooner. How-To-Repeat: sudo -u nobody portmaster -a
Responsible Changed From-To: freebsd-ports-bugs->bdrewery Over to maintainer (via the GNATS Auto Assign Tool)
Is this PR still relevant?
(In reply to Carlo Strub from comment #2) > Is this PR still relevant? Yup. The repro still causes portmaster to bomb out later than desired :/. A simple conditional early on should be ok: if ! (cd $PORTSDIR && `make -VSU_CMD` "true"); then echo "Please run portmaster as root/a user with sufficient privileges" exit 1 fi ===> Switching to root credentials to create /var/db/ports/devel_subversion su: Sorry ===> Cannot create /var/db/ports/devel_subversion, check permissions *** Error code 1 Stop. make[1]: stopped in /scratch/freebsd-ports/devel/subversion *** Error code 1 Stop. make: stopped in /scratch/freebsd-ports/devel/subversion ===>>> Gathering dependency list for devel/subversion from ports ===>>> Initial dependency check complete for devel/subversion ===>>> Returning to update check of installed ports ===>>> Launching child to update sudo-1.8.10.p3 to sudo-1.8.10.p3_1 ===>>> All >> sudo-1.8.10.p3 (56/56) ===>>> Currently installed version: sudo-1.8.10.p3 ===>>> Port directory: /scratch/freebsd-ports/security/sudo ===>>> Launching 'make checksum' for security/sudo in background ===> Switching to root credentials to create /var/db/ports/security_sudo su: Sorry ===> Cannot create /var/db/ports/security_sudo, check permissions *** Error code 1 Stop. make[1]: stopped in /scratch/freebsd-ports/security/sudo *** Error code 1 Stop. make: stopped in /scratch/freebsd-ports/security/sudo ===>>> Gathering dependency list for security/sudo from ports ===>>> Initial dependency check complete for security/sudo ===>>> Returning to update check of installed ports ===>>> Launching child to update tmux-1.9.a_1 to tmux-1.9.a_2 ===>>> All >> tmux-1.9.a_1 (57/57) ===>>> Currently installed version: tmux-1.9.a_1 ===>>> Port directory: /scratch/freebsd-ports/sysutils/tmux ===>>> Launching 'make checksum' for sysutils/tmux in background ===> Switching to root credentials to create /var/db/ports/sysutils_tmux su: Sorry ===> Cannot create /var/db/ports/sysutils_tmux, check permissions *** Error code 1 Stop. make[1]: stopped in /scratch/freebsd-ports/sysutils/tmux *** Error code 1 Stop. make: stopped in /scratch/freebsd-ports/sysutils/tmux ===>>> Gathering dependency list for sysutils/tmux from ports ===>>> Initial dependency check complete for sysutils/tmux ===>>> Returning to update check of installed ports ===>>> All >> (57) ===>>> The following actions will be taken if you choose to proceed: Upgrade vim-lite-7.4.316 to vim-lite-7.4.398 Install devel/patch Upgrade ca_root_nss-3.16 to ca_root_nss-3.16.3 Upgrade db48-4.8.30.0 to db48-4.8.30.0_2 Upgrade expat-2.1.0 to expat-2.1.0_1 Install devel/libevent2 Upgrade mysql55-client-5.5.38 to mysql55-client-5.5.39 Install devel/cmake Install devel/cmake-modules Upgrade pcre-8.34_1 to pcre-8.35 Upgrade sqlite3-3.8.4.3 to sqlite3-3.8.6 Upgrade apr-1.5.1.1.5.3 to apr-1.5.1.1.5.3_4 Upgrade gdbm-1.11 to gdbm-1.11_2 Upgrade curl-7.37.0 to curl-7.37.1_2 Upgrade p5-IO-Socket-IP-0.29 to p5-IO-Socket-IP-0.31 Upgrade p5-Socket-2.014 to p5-Socket-2.015 Upgrade p5-IO-Socket-SSL-1.992 to p5-IO-Socket-SSL-1.997_2 Upgrade p5-Net-SSLeay-1.63 to p5-Net-SSLeay-1.65 Install www/p5-Mozilla-CA Upgrade postgresql92-client-9.2.8_1 to postgresql92-client-9.2.9 Upgrade py27-astroid-1.1.0 to py27-astroid-1.1.0_1 Upgrade py27-logilab-common-0.61.0 to py27-logilab-common-0.61.0_1 Upgrade py27-setuptools27-5.1 to py27-setuptools27-5.5.1 Upgrade python27-2.7.6_4 to python27-2.7.8_4 Upgrade python2-2_2 to python2-2_3 Upgrade serf-1.3.5 to serf-1.3.7 Install devel/scons Upgrade bash-static-4.3.18_2 to bash-static-4.3.24 Install devel/bison Upgrade gcc46-4.6.4_1,1 to gcc46-4.6.4_2,1 Install archivers/zip Upgrade git-1.9.3 to git-2.1.0 Install textproc/asciidoc Install textproc/docbook-xml Install textproc/xmlcatmgr Install textproc/xmlcharent Install textproc/xmlto Install misc/getopt Install print/libpaper Install textproc/docbook-xsl Install textproc/docbook Install textproc/docbook-sgml Install textproc/iso8879 Install textproc/sdocbook-xml Install textproc/libxslt Install security/libgcrypt Install security/libgpg-error Install www/w3m Install devel/boehm-gc Install devel/libatomic_ops Upgrade lynx-2.8.8.1_1,1 to lynx-2.8.8.2,1 Upgrade nmap-6.46 to nmap-6.47 Upgrade pylint-py27-1.2.0 to pylint-py27-1.2.0_1 Upgrade subversion-1.8.9 to subversion-1.8.10_1 Upgrade sudo-1.8.10.p3 to sudo-1.8.10.p3_1 Upgrade tmux-1.9.a_1 to tmux-1.9.a_2 ===>>> Proceed? y/n [y] ===>>> Starting build for ports that need updating <<<=== ===>>> Launching child to install editors/vim-lite ===>>> All >> editors/vim-lite (1/57) ===>>> Currently installed version: vim-lite-7.4.316 ===>>> Port directory: /scratch/freebsd-ports/editors/vim-lite ===>>> Starting check for build dependencies ===>>> Gathering dependency list for editors/vim-lite from ports ===>>> Launching child to install devel/patch ===>>> All >> vim-lite-7.4.316 >> devel/patch (2/57) ===>>> Port directory: /scratch/freebsd-ports/devel/patch ===>>> Starting check for build dependencies ===>>> Gathering dependency list for devel/patch from ports ===>>> Dependency check complete for devel/patch ===>>> All >> vim-lite-7.4.316 >> devel/patch (2/57) ===> Cleaning for patch-2.7.1 ===> License GPLv3 accepted by the user ===> patch-2.7.1 depends on file: /usr/local/sbin/pkg - found ===> Fetching all distfiles required by patch-2.7.1 for building ===> Extracting for patch-2.7.1 => SHA256 Checksum OK for patch-2.7.1.tar.xz. mkdir: /scratch/freebsd-ports/devel/patch/work: Permission denied *** Error code 1 Stop. make: stopped in /scratch/freebsd-ports/devel/patch ===>>> make build failed for devel/patch ===>>> Aborting update ===>>> Update for devel/patch failed ===>>> Aborting update ===>>> Update for editors/vim-lite failed ===>>> Aborting update ===>>> You can restart from the point of failure with this command line: portmaster <flags> editors/vim-lite devel/patch security/ca_root_nss databases/db48 textproc/expat2 devel/libevent2 databases/mysql55-client devel/cmake devel/cmake-modules devel/pcre databases/sqlite3 devel/apr1 databases/gdbm ftp/curl net/p5-IO-Socket-IP net/p5-Socket security/p5-IO-Socket-SSL security/p5-Net-SSLeay www/p5-Mozilla-CA databases/postgresql92-client devel/py-astroid devel/py-logilab-common devel/py-setuptools27 lang/python27 lang/python2 www/serf devel/scons shells/bash-static devel/bison lang/gcc46 archivers/zip devel/git textproc/asciidoc textproc/docbook-xml textproc/xmlcatmgr textproc/xmlcharent textproc/xmlto misc/getopt print/libpaper textproc/docbook-xsl textproc/docbook textproc/docbook-sgml textproc/iso8879 textproc/sdocbook-xml textproc/libxslt security/libgcrypt security/libgpg-error www/w3m devel/boehm-gc devel/libatomic_ops www/lynx security/nmap devel/pylint devel/subversion security/sudo sysutils/tmux
Thanks for the update on this. Please get back to me if Bryan does not react.
Assignee is no longer the maintainer.
(In reply to Ngie Cooper from comment #3) => if ! (cd $PORTSDIR && `make -VSU_CMD` "true"); then echo "Please run portmaster as root/a user with sufficient privileges" exit 1 fi simply this would fix it: if [ "$(id -u)" != "0" ]; then echo "This script must be run as root" 1>&2 exit 1 fi
Created attachment 166840 [details] patch-portmaster_uid_check
PM has a new maintainer, reassign PR.
Assign to new maintainer.
A commit references this bug: Author: se Date: Tue Jan 16 18:43:27 UTC 2018 New revision: 459201 URL: https://svnweb.freebsd.org/changeset/ports/459201 Log: Test privileges early and complain if privileges are insufficient. The patch is based on ideas presented in the PR, but implemented differently. Re-open the PR, if this solution has unexpected side-effects or proves insufficient. PR: 174729 Reported by: ngie Approved by: antoine (implicit) Changes: head/ports-mgmt/portmaster/files/ head/ports-mgmt/portmaster/files/patch-portmaster
Please test this version and re-open the PR, if the solution does not work for you or if it has undesirable side-effects.