2015-10-19 10:53 GMT+03:00 Adrian Schröter
On Montag, 19. Oktober 2015, 10:50:11 CEST wrote Matwey V. Kornilov:
2015-10-19 10:01 GMT+03:00 Adrian Schröter
: On Samstag, 17. Oktober 2015, 12:36:21 CEST wrote Matwey V. Kornilov:
2015-10-17 12:31 GMT+03:00 Bernhard Voelker
: On 10/16/2015 07:20 PM, Matwey V. Kornilov wrote:
What is the recommended way to obtain root privileges when package is being build? A unit-test in bedup (btrfs deduplication tool) package needs to mount image using loop device and this requires sudo.
+1 I've asked this already several times for the coreutils-testsuite which also has some 'require_root' tests. There doesn't seem to a be an official way yet, but you can search for the "root4abuild" package which modifies the sudoers file (rudi_m pointed that out) ... this is clearly for test purposes only. But I'd also be interested in "the official way".
Nice, thanks. I think it is right approach.
There is not really an official way.
We do maintain a list of package names which are allowed to get root access on the server side. But that is more for historic reasons.
The main reason behind this is that the resulting source rpm might be dangerous. It can modify the system when a user is recompiling it. So we like to avoid it as much as possible.
Sure, but every source rpm can be dangerous because it is executable script by essence. rm -rf ~/* is dangerous enough and doesn't not require root access. You are in safe only if you run rpmbuild in container.
that is true, but it happened too often that packages did modify system installations to avoid to fix the Makefile* stuff and friends.
Yes, this is not something we did for security reasons. We did it to get cleaner src.rpm packages.
Then I see the following benefits of using sudo: 1. It is explicit in spec-file. Only commands starting with sudo require root. 2. It requires explicit action from user either in form of entering password or configuring sudo.
--
Adrian Schroeter email: adrian@suse.de
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
Maxfeldstraße 5 90409 Nürnberg Germany
-- With best regards, Matwey V. Kornilov http://blog.matwey.name xmpp://0x2207@jabber.ru -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org