mk/unprivileged.mk

   1 # $NetBSD: unprivileged.mk,v 1.21 2010/07/08 04:57:36 dholland Exp $
   2 #
   3 # This file collects definitions that are useful when using pkgsrc as an
   4 # unprivileged (non-root) user. It is included automatically by the
   5 # pkgsrc infrastructure.
   6 #
   7 # === User-settable variables ===
   8 #
   9 # UNPRIVILEGED
  10 #       Whether to build packages as unprivileged user.
  11 #
  12 #       Default: (undefined)
  13 #       Possible: yes no
  14 #
  15 # UNPRIVILEGED_USER
  16 #       The user name (or numeric uid) that will be used to install
  17 #       files.
  18 #
  19 #       Default: The user building the package
  20 #
  21 # UNPRIVILEGED_GROUP
  22 #       The group name (or numeric gid) that will be used to install
  23 #       files.
  24 #
  25 #       Default: The primary group of the user building the package
  26 #
  27 # UNPRIVILEGED_GROUPS
  28 #       The group names that can be used to install files.  Where a
  29 #       per-package custom group is declared that matches a group name
  30 #       in this variable, it will be left unmodified.  Any per-package
  31 #       custom group not in this list will be forced to the value of
  32 #       UNPRIVILEGED_GROUP.
  33 #
  34 #       Default: The complete group membership of the user building
  35 #       the package
  36 #
  37 # === Package-settable variables ===
  38 #
  39 # PKG_USERS_VARS
  40 #       A list of variables that hold bare user names, e.g APACHE_USER, etc.
  41 #
  42 # PKG_GROUPS_VARS
  43 #       A list of variables that hold bare group names, e.g UUCP_GROUP, etc.
  44 #
  45 # XXX: How can the user say that some of the packages shouldn't override
  46 # the user and group names?
  47 #
  48 # PRIVILEGED_STAGES
  49 #       A list of phases (not stages) that are run as the privileged
  50 #       user. Some packages, when installed with just-in-time-su, leave
  51 #       temporary files in the working directory, so the "clean" phase
  52 #       must have enough priviledges to clean them up.
  53 #
  54 #       Possible: clean
  55 #       Default: (undefined)
  56 #
  57 # === System-defined variables ===
  58 #
  59 # REAL_ROOT_USER
  60 #       The name of an omnipotent user account on the system.
  61 #
  62 #       XXX: Why do we have this variable when it is set to ${ROOT_USER}
  63 #       anyway for unprivileged builds? Shouldn't packages that require
  64 #       such a user just fail in unprivileged mode?
  65 #       (See NOT_FOR_UNPRIVILEGED.)
  66 #
  67 # REAL_ROOT_GROUP
  68 #       The primary group of the REAL_ROOT_USER.
  69 #
  70 # ROOT_USER
  71 #       XXX: ???
  72 #
  73 # ROOT_GROUP
  74 #       The primary group of the ROOT_USER.
  75 #
  76 # BINOWN, BINGRP, GAMEOWN, GAMEGRP, MANOWN, MANGRP, SHAREOWN, SHAREGRP,
  77 # DOCOWN, DOCGRP, BINMODE, NONBINMODE
  78 #       Ownership and permissions of the various types of files that are
  79 #       installed by the packages.
  80 #
  81 #       XXX: What do we need all these different variables for? Wouldn't
  82 #       it be ok to install all files as ROOT_USER:ROOT_GROUP?
  83 #
  84 # PKG_CREATE_USERGROUP
  85 #       Since an unprivileged user normally cannot create other users
  86 #       and groups, this pkgsrc feature is disabled.
  87 #
  88 #       XXX: This setting should be moved into pkg_add.
  89 #
  90 # PKG_REGISTER_SHELLS
  91 #       Since an unprivileged user normally cannot add entries to
  92 #       /etc/shells, this pkgsrc feature is disabled.
  93 #
  94 #       XXX: See PKG_CREATE_USERGROUP
  95 #
  96 # TOOLS_PLATFORM.chown, TOOLS_PLATFORM.chgrp
  97 #       These tools cannot be used in their full extent by unprivileged
  98 #       users.
  99 #
 100 #       XXX: chgrp may work for some groups.
 101 #
 102 # Keywords: unprivileged root override
 103 #
 104
 105 _VARGROUPS+=                    unprivileged
 106 _USER_VARS.unprivileged= \
 107         UNPRIVILEGED UNPRIVILEGED_GROUP UNPRIVILEGED_GROUPS UNPRIVILEGED_USER
 108 _PKG_VARS.unprivileged= \
 109         PKG_USERS_VARS PKG_GROUPS_VARS
 110 _SYS_VARS.unprivileged= \
 111         REAL_ROOT_USER REAL_ROOT_GROUP ROOT_USER ROOT_GROUP \
 112         BINOWN BINGRP GAMEOWN GAMEGRP MANOWN MANGRP SHAREOWN SHAREGRP DOCOWN DOCGRP \
 113         BINMODE NONBINMODE \
 114         PKG_CREATE_USERGROUP PKG_REGISTER_SHELLS \
 115         TOOLS_PLATFORM.chgrp TOOLS_PLATFORM.chown SU_CMD
 116
 117 _UNPRIVILEGED=          # empty
 118 .if defined(UNPRIVILEGED) && !empty(UNPRIVILEGED:M[Yy][Ee][Ss])
 119 _UNPRIVILEGED+=         unprivileged
 120 .endif
 121 .if (${_USE_DESTDIR} == "user-destdir")
 122 _UNPRIVILEGED+=         user-destdir
 123 .endif
 124
 125 .if !empty(_UNPRIVILEGED)
 126
 127 # Guess which user/group has to be used.
 128 .  if !defined(UNPRIVILEGED_USER) || empty(UNPRIVILEGED_USER)
 129 UNPRIVILEGED_USER!=     ${ID} -n -u
 130 .  endif
 131 .  if !defined(UNPRIVILEGED_GROUP) || empty(UNPRIVILEGED_GROUP)
 132 UNPRIVILEGED_GROUP!=    ${ID} -n -g
 133 .  endif
 134 .  if !defined(UNPRIVILEGED_GROUPS) || empty(UNPRIVILEGED_GROUPS)
 135 UNPRIVILEGED_GROUPS!=   ${ID} -n -G
 136 .  endif
 137
 138 .  if empty(_UNPRIVILEGED:Munprivileged) && !empty(_UNPRIVILEGED:Muser-destdir)
 139 # Only do following for privileged, user-destdir builds.
 140 _SU_ROOT_USER:=         ${ROOT_USER}
 141 REAL_ROOT_USER:=        ${ROOT_USER}
 142 REAL_ROOT_GROUP:=       ${ROOT_GROUP}
 143 .  endif
 144
 145 # Override super-user account.
 146 ROOT_GROUP=             ${UNPRIVILEGED_GROUP}
 147 ROOT_USER=              ${UNPRIVILEGED_USER}
 148
 149 .  if !empty(_UNPRIVILEGED:Munprivileged)
 150 # Override "games" account.
 151 GAMES_GROUP=            ${UNPRIVILEGED_GROUP}
 152 GAMES_USER=             ${UNPRIVILEGED_USER}
 153 GAMEDATAMODE=           0644
 154 GAMEDIRMODE=            0755
 155 GAMEMODE=               0755
 156 .  endif
 157
 158 # Override user/group pairs used to install files.
 159 BINGRP=                 ${UNPRIVILEGED_GROUP}
 160 BINOWN=                 ${UNPRIVILEGED_USER}
 161 GAMEGRP=                ${UNPRIVILEGED_GROUP}
 162 GAMEOWN=                ${UNPRIVILEGED_USER}
 163 MANGRP=                 ${UNPRIVILEGED_GROUP}
 164 MANOWN=                 ${UNPRIVILEGED_USER}
 165 SHAREGRP=               ${UNPRIVILEGED_GROUP}
 166 SHAREOWN=               ${UNPRIVILEGED_USER}
 167 DOCGRP=                 ${UNPRIVILEGED_GROUP}
 168 DOCOWN=                 ${UNPRIVILEGED_USER}
 169
 170 # Override installation modes.  As a regular user, we may have problems
 171 # when overwriting files if they are not writable.
 172 BINMODE=                755
 173 NONBINMODE=             644
 174
 175 .  if !empty(_UNPRIVILEGED:Munprivileged) && empty(_UNPRIVILEGED:Muser-destdir)
 176 # Only do the following for unprivileged, normal builds.
 177
 178 PKG_USERS_VARS?=        # empty
 179 PKG_GROUPS_VARS?=       # empty
 180 BUILD_DEFS+=            ${PKG_USERS_VARS} ${PKG_GROUPS_VARS}
 181
 182 # Override per-package custom users and groups, except for groups listed
 183 # in UNPRIVILEGED_GROUPS.
 184 .    for _var_ in ${PKG_USERS_VARS}
 185 ${_var_}=               ${UNPRIVILEGED_USER}
 186 .    endfor
 187 .    for _var_ in ${PKG_GROUPS_VARS}
 188 .      if empty(UNPRIVILEGED_GROUPS:M${${_var_}})
 189 ${_var_}=               ${UNPRIVILEGED_GROUP}
 190 .      endif
 191 .    endfor
 192 .  endif
 193
 194 .endif
 195
 196 .if !empty(_UNPRIVILEGED:Munprivileged)
 197 # As a regular user, creation of other users and groups won't work, so
 198 # disable this step by default.
 199 PKG_CREATE_USERGROUP=   NO
 200
 201 # Override commands that won't work as a regular user.
 202 TOOLS_PLATFORM.chgrp=   ${TRUE} chgrp
 203 TOOLS_PLATFORM.chown=   ${TRUE} chown
 204 SU_CMD=                 ${SH} -c
 205
 206 # Do not attempt to modify /etc/shells as a regular user.
 207 PKG_REGISTER_SHELLS=    NO
 208 .endif