Changes between Version 14 and Version 15 of pmagrath


Ignore:
Timestamp:
Aug 16, 2008, 1:56:01 PM (16 years ago)
Author:
pmagrath@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • pmagrath

    v14 v15  
    66I'm a student of Computer Science at Trinity College Dublin and one of the Google Summer of Code 2008 participants working on improving MacPorts.
    77
    8 My GSoC mentor is [wiki:raimue Rainer Müller].
     8My GSoC mentor is [wiki:raimue Rainer Müller]. I'm working on my GSoC project in the [wiki:gsoc08-privileges] branch.
    99
    1010I'm available in #macports on FreeNode as '''pmagrath'''.
    1111
    12 
    13 == branches/gsoc08-privileges ==
    14 
    15 === Summary ===
    16 To implement facility to reduce need to execute MacPorts as root.
    17 
    18 
    19 === The Plan ===
    20 The proposal is to implement a number of improvements to the MacPorts code base in order to reduce the need to execute MacPorts with root privileges.
    21 
    22 
    23 ==== Reduce need for actions to run as root ====
    24 MacPorts operations which do not explicitly need root privileges will be re-coded so that they will run with normal user privileges. Examples would include fetching, extracting and building the port.
    25 
    26 ''Pretty much done. fetch, checksum, extract, patch, configure and build should now work fine. Operations are executed in ~/.macports/opt/.''
    27 
    28 ==== Portfile Format ====
    29 The portfile format shall be extended with an additional attribute to mark those ports that can not be installed without root privileges, such as those requiring StartupItems.
    30 
    31 ''I've added the following new options to the Portfile format: patch.asroot, build.asroot, configure.asroot, destroot.asroot, and install.asroot. These take a boolean (yes/no) value. The default for all but install.asroot is no. install.asroot's default value is yes.''
    32 
    33 ==== Privilege Escaltion ====
    34 I would feel that the best behavior for if MacPorts is requested to perform a privileged operation for a port, if it currently has no privileged access would be for the user to be given the choice of elevating privileges (by evoking sudo), or aborting.
    35 
    36 ''This has now been largely implemented. A special flag is now thrown ($errorisprivileges) when a port install (or other action) fails due to insufficient privileges. MacPorts will then assemble a sudo command to complete the action with and execute it, prompting the user to enter his/her password to do so.''
    37 
    38 ==== MacPorts Group ====
    39 It would be a good idea to create an additional group macports which users are allowed to run any port command. So /opt/local would be owned by the group macports with g+rw. (Gentoo's portage does something like this.)
    40 
    41 This will allow users who are members of the new macports group to have full write permissions to /opt and its subfolders, and hence to install ports which only affect that hierarchy to install those ports without requiring root privileges.
    42 
    43 ''I have added a "make group" command to the Makefile and a "--with-shared-directory" switch to the configure script. Running "make group" will create a macports group. "--with-shared-directory" will let let the group specified by "--with-install-group" have full read write access to the /opt/local hierarchy.''
    44 
    45 ==== Privilege Dropping ====
    46 Examine how we could drop root privileges for building. So we still run port using sudo, but for the actual building root privileges are dropped and the configure/build phase runs with the privileges of the current user only (or of some new unprivileged macports user?). Of course this needs investigation how the permissions inside the workpath need to be set to accomplish this.
    47 
    48 ''Most actions are now performed using user privileges, up to and including the destroot stage. For install, the original root privileges are recovered and the install takes place as per usual. To the user, this is seamless and the only difference is that the build files get put in ~/.macports/opt rather than /opt. The user account to use when privileges are dropped can be set in macports.conf post-install or with the --with-macports-user=USER option on the ./configure switch. The default value is the user who installs MacPorts.''
    49 
    50 ==== Install MacPorts in your home directory easily ====
    51 Modify some of the configure scripts. Currently, if you want to install a MacPorts tree into your home, you need to configure it like this manually:
    52 
    53 ./configure \
    54 --prefix=~/macports \
    55 --with-install-user=foo \
    56 --with-install-group=foo \
    57 --with-tclpackage=~/Library/Tcl
    58 
    59 It'd be great if this could be done with one switch only. For example:
    60 
    61 ./configure \
    62 --prefix=~/macports \
    63 --without-root-privileges
    64 
    65 This will allow users to install packages into their own ~/.macports/opt instead of /opt when non root users wish to install ports for their own use only.
    66 
    67 ''Done.  A switch called "--with-no-root-privileges" has been added. Note that --prefix is a built in Autoconf macro that requires an absolute path. As such an example would be "./configure --prefix=/Users/{your-user-name-here}/.macports --with-no-root-privileges"''
    68 
    69 
    70 === Goals ===
    71 1) Implementation of the improvements outlined above.[[BR]]
    72 2) Ability to easily install common packages without root privileges.[[BR]]
    73 3) (Stretch) Easy use of MacPorts without root user account activation.[[BR]]
    74 
    75 === Related Resources ===
    76 [http://thread.gmane.org/gmane.os.opendarwin.darwinports/16973/focus=17026]
    77 
    78 === Use Cases ===
    79 Use Case 1:
    80 Current Situation with privilege descalation. Prefix is /opt/local. Root owns prefix. Root privileges needed to fetch, compile, build and install. Drop privileges when not needed.
    81 
    82 Use Case 2:
    83 --with-no-root-privileges. Prefix is usually ~/.macports/opt/local (must be specified with --prefix). User owns prefix. No root privileges needed. Ports requiring root privileges (new user accounts, daemons etc.) cannot be installed without a sudo. It is necessary to use a --prefix with --with-no-root-privileges as the default --prefix isn't modified from /opt/local when --with-no-root-privileges is specified.
    84 
    85 Use Case 3:
    86 --with-shared-directory. Prefix is /opt/local. Root owns prefix but shares full read write with a macports group. All members of macports group can install all packages that only effect the /opt/local hierarchy. Root privileges only needed for installs that effect directories outside the prefix. Drop privileges when not needed.
    87 
    88 
    8912[wiki:MacPortsDevelopers Back to the MacPorts developers page]