Hi, you can already build packages in a fakeroot environment as non-root user. I I always test my packages in a fakeroot environment to protect me against "shooting myself in the foot". This doesn't help against malicious patches. This is not a technical problem, it's just about trust.
And this is nothing pacman/makepkg/abs should care about. unix-tenet: Separate policy from mechanism J�rgen On Tue, May 03, 2005 at 11:46:30AM +0200, Fabian Braennstroem wrote: > Sorry, the first one went the wrong direction... > > Hi, > > * Jason wrote 02 May 2005: > > > > > That said, I'm also of the opinion that the AUR should verify > > > > PKGBUILDs... when I first heard the idea of the AUR, I thought that it > > > > would include some checking (ala namcap) to verify a PKGBUILD. I > > > > don't know if namcap is used on an upload or not - but I feel it > > > > should be done, and that namcap can be extended to check for certain > > > > attacks... yes, this won't cover everything, but pacman should deal > > > > with the rest (i.e. the worst someone can do is overwrite some system > > > > files... in which case pacman would require a "force"). > > > > > > It becomes very difficult to do this with any degree of guaranteed > > > benefit. Consider that srcpac -S must be run as root. Then consider that > > > any command in the PKGBUILD ends up getting run as root. So if my > > > build() function contains "rm -rf /" then there goes your hard drive. > > > > > > Supposing, like you say, I have some checks for nasty things in place. > > > So then suppose I ship an additional script in my tarball that cleverly > > > builds the string "rm -rf /" and assembles it and executes it, so it's > > > impossible to check for its existence. Now I call it from the PKGBUILD. > > > It's all too easy. > > > > > > Does anyone have any ideas on how to make this safer? It wouldn't seem > > > like a good idea in general for packages to be getting built as root in > > > srcpac, so fixing this more generic problem is maybe a good idea. For > > > one, could there be a way to run the whole srcpac makepkg process in a > > > chroot jail? > > > > I don't know too much about it, but wouldn't it be possible > tell 'makepkg' that directories other than the build > directory is 'non-existent'!? At least than you are able to > find the packages with 'pacman', can adjust and/or build them with > 'makepkg' and install them using 'pacman' again. > Additional to the 'makepkg' adjustment, there should be some 'srcpac' > feature that only supported packages are build and installed; the > unsupported ones are just build. > > Hope, that doesn't sound too stupid. > > > -- > Fabian Braennstroem > Duesseldorf/Berlin > > _______________________________________________ > arch mailing list > [email protected] > http://www.archlinux.org/mailman/listinfo/arch _______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
