Hi ports@,
Summary: I suggest the section at
https://www.openbsd.org/faq/ports/ports.html#PortsConfig
should include some additional text like the following:
You will need to configure doas to pass the TRUSTED_PKG_PATH variable
when running /usr/sbin/pkg_add. Adding the "nopass" option for
certain commands can help reduce the number of times a password needs
to be entered. For example, add the following to doas.conf(5),
replacing "myuser" with your username:
permit nopass myuser cmd /usr/bin/touch
permit nopass setenv { TRUSTED_PKG_PATH TERM } myuser cmd /usr/sbin/pkg_add
permit nopass setenv { TERM } myuser cmd /usr/sbin/pkg_delete
and also updating the section on the PORTS_PRIVSEP variable in
bsd.ports.mk(5) to replace
If the regular user is not allowed to run privileged commands
without entering a password, you may want these additional rules
in doas.conf(5), to reduce the amount of times the password needs
to be entered during ports work:
with
You will need to configure doas to pass the TRUSTED_PKG_PATH variable
when the regular user runs /usr/sbin/pkg_add. You can also reduce the
number of times the password needs to be entered by permitting
certain commands without a password. For example:
Happy to turn this into a patch if it looks good.
Reasoning:
I'm surprised this requirement isn't documented. "make install" as
non-root fails if TRUSTED_PKG_PATH isn't set. Am I missing something?
Or does every new ports user run into this problem, and quietly figure
out the solution on their own? Or do people just run everything as
root?
I just fixed the problem for myself after scratching my head for a
while and finally finding this email thread:
http://openbsd-archive.7691.n7.nabble.com/signify-error-when-installing-ports-on-current-td366895.html
To be fair, I did see the documentation for the PORTS_PRIVSEP variable,
which an example with TRUSTED_PKG_PATH. But I didn't add the suggested
lines, because the phrasing implies it's not actually needed:
"you may want these additional rules ...".
--
James
