228553 – [change request] security/ca_root_nss: allow non-root user to install

Bug 228553 - [change request] security/ca_root_nss: allow non-root user to install

Summary: [change request] security/ca_root_nss: allow non-root user to install

Status:	Closed Not Accepted

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Ports Security Team

URL:
Keywords:	patch

Depends on:
Blocks:

Reported:	2018-05-27 22:20 UTC by Jason W. Bacon
Modified:	2019-02-15 19:45 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Unified diff (594 bytes, patch) 2018-05-27 22:20 UTC, Jason W. Bacon	no flags	Details \| Diff
Unified diff (429 bytes, patch) 2018-05-28 14:25 UTC, Jason W. Bacon	no flags	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jason W. Bacon freebsd_committer

2018-05-27 22:20:05 UTC

Created attachment 193769 [details]
Unified diff

The default option to create a symlink in /etc blocks installation as a non-root user.  Attached is an example patch to have this default on only when installing as root.  There may be a better way to detect the installing user, but this patch does the trick.

I'm experimenting installing multiple ports trees as a non-privileged user both for development and testing purposes, and for deployment of static snapshots for long-term scientific studies that must use the same software version throughout.

Comment 1 Antoine Brodin freebsd_committer

2018-05-28 04:43:00 UTC

The user doing the build is unrelated to the user installing the package so the proposed patch is wrong.

Comment 2 Jason W. Bacon freebsd_committer

2018-05-28 14:25:10 UTC

Created attachment 193787 [details]
Unified diff

I wasn't expecting the first patch to fly as it stood.  It was only intended to clarify the problem and start a dialogue.  After doing a little more research, I think simply respecting INSTALL_AS_USER might be the right approach.

The user must define this variable and point point others such as LOCALBASE, PREFIX, etc. to a location where they have write access. 

From bsd.ports.mk:

#                               - Like USE_PACKAGE_DEPENDS, but do not fallback 
on source.
# INSTALL_AS_USER
#                               - Define this to install as the current user, intended
#                                 for systems where you have no root access.
# DISABLE_SIZE  - Do not check the size of a distfile even if the SIZE field

Comment 3 Jochen Neumeister freebsd_committer

2019-02-15 18:27:06 UTC

what is the current status?
Does ports-secteam have to be active here?

Comment 4 Antoine Brodin freebsd_committer

2019-02-15 19:44:14 UTC

(In reply to Jochen Neumeister from comment #3)
I don't think this is a problem,  users can change OPTIONS if they want to create the package in a different way.

I think it should be closed as rejected.