19.10.2015 10:53, Adrian Schröter пишет:
On Montag, 19. Oktober 2015, 10:50:11 CEST wrote Matwey V. Kornilov:
2015-10-19 10:01 GMT+03:00 Adrian Schröter
: On Samstag, 17. Oktober 2015, 12:36:21 CEST wrote Matwey V. Kornilov:
2015-10-17 12:31 GMT+03:00 Bernhard Voelker
: On 10/16/2015 07:20 PM, Matwey V. Kornilov wrote:
What is the recommended way to obtain root privileges when package is being build? A unit-test in bedup (btrfs deduplication tool) package needs to mount image using loop device and this requires sudo.
+1 I've asked this already several times for the coreutils-testsuite which also has some 'require_root' tests. There doesn't seem to a be an official way yet, but you can search for the "root4abuild" package which modifies the sudoers file (rudi_m pointed that out) ... this is clearly for test purposes only. But I'd also be interested in "the official way".
Nice, thanks. I think it is right approach.
There is not really an official way.
We do maintain a list of package names which are allowed to get root access on the server side. But that is more for historic reasons.
The main reason behind this is that the resulting source rpm might be dangerous. It can modify the system when a user is recompiling it. So we like to avoid it as much as possible.
Sure, but every source rpm can be dangerous because it is executable script by essence. rm -rf ~/* is dangerous enough and doesn't not require root access. You are in safe only if you run rpmbuild in container.
that is true, but it happened too often that packages did modify system installations to avoid to fix the Makefile* stuff and friends.
Yes, this is not something we did for security reasons. We did it to get cleaner src.rpm packages.
Please, look at https://build.opensuse.org/request/show/341831 -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org