1. I have privilege separation enabled in /etc/mk.conf: PORTS_PRIVSEP=Yes SUDO=doas
2. doas is configured to let my user run as the ports users: permit keepenv nopass dsilva as _pbuild permit keepenv nopass dsilva as _pfetch 3. Permissions in the ports directory were fixed with the make target "fix-permissions" 4. cd to a port (e.g. net/tor) and run all the make targets from "fetch" to "extract". $ cd /usr/ports/net/tor $ make fetch $ make checksum $ make extract Most make targets use the privilege separation as expected, and I get no authentication prompts. The "extract" target doesn't. I wonder if it's safe to run it as root? I'm not sure. I'm still trying to learn how this works. But if that's a requirement, I think it would be best to make it exit with an error when it's not root — to make that clear. It seems to require authentication once for every dependency it has to build. For the net/tor port, I get approximately 7 doas prompts — maybe more... I didn't count. What am I doing wrong?
