aura icon indicating copy to clipboard operation
aura copied to clipboard

Published 20 hours ago verified publisher icon fosskers

Allow makepkg on sudo via `nobody` to fix AURA root limitations

Open ghost opened this issue 3 years ago • 14 comments

I can still able to install AUR packages manually under root...

git clone <repo>
chown -R nobody <package-dir>
cd <package-dir>
sudo -u nobody makepkg
pacman -U *.zst

Note: On missing dependencies, I could able to fix that by installing missing dependencies pacman -S --asdeps <missing-dep-list> And then trying makepkg process again with success.

This method will overcome makepkg root limitations. And I would love to see this incorporating into aura.

ghost avatar Jun 26 '22 14:06 ghost

Aura 4 no longer has limitations involving root, so this should be an auto-fix as soon as it's released.

fosskers avatar Jun 27 '22 22:06 fosskers

So... Is there any reason you're holding up 4.0 release mate?

ghost avatar Sep 05 '22 16:09 ghost

Because I moved across the world and just started a new job. It will come as soon as I'm able.

fosskers avatar Sep 05 '22 23:09 fosskers

Because I moved across the world and just started a new job. It will come as soon as I'm able.

Amazing. Offtopic, but congrats. Hope you enjoy your new job mate.

ghost avatar Sep 06 '22 06:09 ghost

Thanks for your patience :pray: Getting this out as soon as possible is obvious still big in my mind.

fosskers avatar Sep 06 '22 07:09 fosskers

Give it a shot!

cargo install aura-pm --version 4.0.0-alpha3

fosskers avatar Sep 24 '22 07:09 fosskers 

#[/home/mpk/.cargo/bin]# ./aura -A extension-manager
aura :: Resolving dependencies...
aura :: AUR packages:
 extension-manager
aura :: Proceed? [Y/n] 
aura :: Preparing build directories...
aura :: Building extension-manager...
==> ERROR: Running makepkg as root is not allowed as it can cause permanent,
catastrophic damage to your system.
aura :: Package failed to build, citing:

  makepkg failed.

aura :: Action cancelled.

Works fine outside root btw. But it still has recurring missing dependency installation issue. I still had to install missing deps myself.

(1/1) Arming ConditionNeedsUpdate...
aura :: Preparing build directories...
aura :: Building extension-manager...
==> Making package: extension-manager 0.3.2-2 (Sat 24 Sep 2022 01:18:03 AM)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Missing dependencies:
  -> appstream-glib
==> ERROR: Could not resolve all dependencies.
aura :: Package failed to build, citing:

  makepkg failed.

aura :: Continue building other packages? [Y/n] 
aura :: Done.
$[~/.cargo/bin]$

ghost avatar Sep 24 '22 07:09 ghost

Yup, -A is not expected to be ran with root.

fosskers avatar Sep 26 '22 01:09 fosskers

Yup, -A is not expected to be ran with root.

You can actually de-elivate privilege escalations through -u nobody. It should then work as it is not on root.

ghost avatar Sep 26 '22 05:09 ghost

I still need to as some "true" root detection in general.

fosskers avatar Sep 26 '22 05:09 fosskers

I still need to as some "true" root detection in general.

Welp, for pushing compiled binaries or shared libraries, ofc I can understand. But to compile from source via AUR pkgbuilds, programs like makepkg won't function, is what I'm saying. Atleast they need de-escalation of privilege.

ghost avatar Sep 26 '22 05:09 ghost

You mean when managing a system with only a root user on it, yeah?

fosskers avatar Sep 26 '22 06:09 fosskers

You mean when managing a system with only a root user on it, yeah?

Yep. My ultimate scenario / goal is to build & install AUR packages even on chrooted Arch ISO. pacstrap can install from pac repos. So why not an AUR wrapper can...✌️ Currently, I can do that manually (1st comment) & it works, but can't automate it for multiple AUR packages, unless I maintain a script.

ghost avatar Sep 26 '22 06:09 ghost

Understood, I'll make sure this is possible.

fosskers avatar Sep 26 '22 06:09 fosskers