-
-
Notifications
You must be signed in to change notification settings - Fork 361
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run makepkg as non-root when yay is run with sudo or as root #69
Comments
It is possible to implement this functionality in yay. This would involve allowing yay to run as root so I'll still have to go over the current logic to see what else will get broken by this. |
That would be awesome. I'm happy to test any changes and provide feedback as well. |
I really would like to have this implemented. It was really an awesome feature with apacman, and as long as I used it in those last 2 years, I never had a draw-back. |
+1 |
The hard part here is that you need to reimplement |
We already do the dep solving ourselves, so we don't user |
I'm not sure why anyone would replicate |
It's re implemented because there's no way to get makepkg to nicely respect pacman options such as
That's true but I hope a installed package getting corrupted isn't the most common of things.
For me the main hurdle is a thinking up a decent implementation. Pikaur has its dynamic users thing which is cool but I don't know if I want to add a dependency on systemd. A simpler way that could work is to, The thing is, running as root is going to change the config file and cache location from your home directory to /root. Which is good for people running in a container or whatever where there is only a root account. But the users who accidentally call |
For the last point, you could default to edit: the above suggestion assumes writing inappropriate values in the configuration file wouldn't cause |
Yeah but then that wouldn't work for real root accounts. I guess just default to nobody if |
What about using: https://wiki.archlinux.org/index.php/Systemd-nspawn ? instead of chroot directly? I think using chroot for builds is the right approach to isolate from the host environment. |
|
Is there any update related to this issue? Is there help still needed? Maybe could we integrate this pattern instead which is also suggested in the |
I haven't worked on it and I think @Morganamilo neither. Would like to see this fixed though |
The simplest way is create a new unprivileged user with It's essentially what allan's blog describes, but with a separate isolated user rather than |
As a workaround you can use pikaur to install AUR packages as root. It uses "systemd-run" to drop privileges. (cross-posting from #1026 (comment)) |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Is it possible to implement @njam suggestion on yay? It would be a great improvement. Thank you in advance. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Would still like to see this implemented |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Nope, not today. |
Best effort implementation in #1595 , some improvements should be possible after testing |
Currently in
apacman
you have the ability to install or update AUR packages as root. It gets around the inability to runmakepkg
as root by creating a new user ("aurbuild") and running makepkg as that user.Snippet from
apacman
code for reference:This has proven to be immeasurably valuable in my work, and the main reason I'm still using
apacman
instead of any other AUR package manager (despite it's apparent abandonment). This functionality allows me to completely update the systems I manage remotely without having to touch each one individually, save for the occasional manual update steps, which I'll discover and script before updating the rest of the systems.Would it be possible to add this functionality to
yay
?The text was updated successfully, but these errors were encountered: