On 2021/05/02 18:50, Matthias Pressfreund wrote: > I was following Solene Rapenne's instructions on > https://dataswamp.org/~solene/2020-01-11-privsep.html > > If it was the setup, I'd also expect building the port without the flavor to > fail.
No, because building the port without a flavour doesn't involved passing a flavour through sudo/doas (which defaults to _not_ passing arbitrary environment variables) to another process. For Solene's example, check that the 'keepenv' lines really are taking effect and aren't masked by another entry in the file. (Also if you're using the 'permit keepenv nopass .. as root' line, be aware that you are turning your normal user account into a root-equivalent account).
