Context Navigation

← Previous Ticket
Next Ticket →

#68043 closed defect (invalid)

MacPorts 2.8.0 in non-sudo mode, creates source files as `root` and work files as `macports` on M1 Mac

Reported by:	lukaso (Lukas Oberhuber)	Owned by:
Priority:	Normal	Milestone:
Component:	base	Version:	2.8.1
Keywords:		Cc:	mascguy (Christopher Nielsen)
Port:

Description

This is problematic as it interferes with building GIMP on arm, as the files have inappropriate sudo settings. It only appears to be happening on the circleci runner (not my local Mac).

What I'm seeing is sources set with user root (everything inside is also root):

% ls -las ~/macports-gimp3-arm64/var/macports
total 8
0 drwxr-xr-x@  11 circleci  staff   352 25 Aug 00:43 .
0 drwxr-xr-x    8 circleci  staff   256 25 Aug 00:42 ..
0 drwxr-xr-x  173 circleci  staff  5536 26 Aug 15:54 build
0 drwxr-xr-x   98 circleci  staff  3136 25 Aug 02:15 distfiles
0 drwxr-xr-x    3 circleci  staff    96 25 Aug 00:42 home
0 drwxr-xr-x  173 circleci  staff  5536 26 Aug 15:54 logs
8 -rw-r--r--    1 circleci  staff   874 26 Aug 15:54 pingtimes
0 drwxr-xr-x    8 circleci  staff   256 25 Aug 00:43 registry
0 drwxrwxrwt    2 circleci  staff    64 25 Aug 00:42 sip-workaround
0 drwxr-xr-x  202 circleci  staff  6464 26 Aug 15:54 software
0 drwxr-xr-x    3 root      staff    96 25 Aug 00:42 sources

The knock on effect appears to be that build folders are then set up as having user root at the top level and then everything inside is user macports.

% ls -las ~/macports-gimp3-arm64/var/macports/build
total 0
0 drwxr-xr-x  173 circleci  staff  5536 26 Aug 15:54 .
0 drwxr-xr-x@  11 circleci  staff   352 25 Aug 00:43 ..
0 drwxr-xr-x    3 root      staff    96 25 Aug 00:45 _Users_circleci_macports-gimp3-arm64_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_archivers_brotli
0 drwxr-xr-x    3 root      staff    96 26 Aug 15:51 _Users_circleci_macports-gimp3-arm64_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_archivers_bzip2

...

% ls -las ~/macports-gimp3-arm64/var/macports/build/_Users_circleci_macports-gimp3-arm64_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_archivers_brotli
total 0
0 drwxr-xr-x    3 root      staff    96 25 Aug 00:45 .
0 drwxr-xr-x  173 circleci  staff  5536 26 Aug 15:54 ..
0 drwxr-xr-x    3 macports  staff    96 25 Aug 00:45 brotli

It's very strange and I'm not sure how it can be happening.

Change History (8)

comment:1 Changed 9 months ago by lukaso (Lukas Oberhuber)

the config shows this: command_prefix : ["sudo", "-niHu", "circleci", "--"]

comment:2 Changed 9 months ago by ryandesign (Ryan Carsten Schmidt)

Version:	→ 2.8.0

MacPorts 2.8.0 is outdated; please update to 2.8.1.

When you say "in non-sudo mode" what do you mean exactly? Do you mean that you built MacPorts base from source using the --with-no-root-privileges flag and that you are not using sudo when running the port command? If so, everything MacPorts does would happen within the abilities of the current user. Files and directories created by the user would be owned by that user and unless the user has the permission to do this (and that would be unusual), it's not possible to change the ownership of files or directories to someone else. Therefore, the symptoms you're reporting suggest that you are using MacPorts in the normal way using sudo and not in non-sudo mode.

comment:3 Changed 9 months ago by lukaso (Lukas Oberhuber)

Thanks.

MacPorts 2.8.0 is outdated; please update to 2.8.1.

Sorry, I'm actually using 2.8.1. I wrote incorrectly.

base from source using the --with-no-root-privileges flag

I am building from source, but I was not aware of that flag. And I'm not using sudo anywhere, though you are right, how would it magically get those privileges?

This is my current build command:

$PREFIX is PREFIX="${HOME}/macports-gimp3-arm64"

./configure --prefix=$PREFIX --with-applications-dir=$PREFIX/Applications --without-startupitems --with-install-user=${USER} --with-install-group=staff
    make
    make install

I'll try the --with-no-root-privileges flag and see if that works.

comment:4 Changed 9 months ago by lukaso (Lukas Oberhuber)

Having tried with the --with-no-root-privileges flag; it is still creating the sources directory as root. I'm thinking somewhere in the code base there's a sudo that shouldn't trigger (I have sudo enabled without passwords since it's a CI build machine).

Last edited 9 months ago by lukaso (Lukas Oberhuber) (previous) (diff)

comment:5 Changed 9 months ago by mascguy (Christopher Nielsen)

Cc:	mascguy added

comment:6 Changed 9 months ago by ryandesign (Ryan Carsten Schmidt)

MacPorts base doesn't use sudo. Instead, it uses the opposite approach of privilege dropping and elevation.

If you start MacPorts with sudo or as root, it immediately drops privileges to those of the macports user so that most operations have no more access than they need. Then, only for those steps that actually need root access (like install or sync or selfupdate), it elevates privileges back to the root user.

If you start MacPorts as a regular user, MacPorts only has the abilities of the regular user so it's impossible for it to change the owner of anything to any other user, including root.

Trying it myself:

% cd /tmp
% mv ~/Downloads/MacPorts-2.8.1.tar.bz2 .
% tar xjf MacPorts-2.8.1.tar.bz2
% cd MacPorts-2.8.1
% export PATH=/usr/bin:/bin:/usr/sbin:/sbin
% PREFIX=/tmp/prefix
% ./configure --prefix=$PREFIX --with-applications-dir=$PREFIX/Applications --without-startupitems --with-install-user=${USER} --with-install-group=staff --with-no-root-privileges
...
% make -j8
...
% make install
...
% ls -l $PREFIX/var/macports/
total 0
drwxr-xr-x  2 rschmidt  staff   64 Aug 26 22:26 build
drwxr-xr-x  2 rschmidt  staff   64 Aug 26 22:26 distfiles
drwxr-xr-x  3 rschmidt  staff   96 Aug 26 22:26 home
drwxr-xr-x  2 rschmidt  staff   64 Aug 26 22:26 logs
drwxr-xr-x  5 rschmidt  staff  160 Aug 26 22:26 registry
drwxrwxrwt  2 rschmidt  staff   64 Aug 26 22:26 sip-workaround
drwxr-xr-x  2 rschmidt  staff   64 Aug 26 22:26 software
% $PREFIX/bin/port sync
--->  Updating the ports tree
% ls -l $PREFIX/var/macports/
total 0
drwxr-xr-x  2 rschmidt  staff   64 Aug 26 22:26 build
drwxr-xr-x  2 rschmidt  staff   64 Aug 26 22:26 distfiles
drwxr-xr-x  3 rschmidt  staff   96 Aug 26 22:26 home
drwxr-xr-x  2 rschmidt  staff   64 Aug 26 22:26 logs
-rw-r--r--  1 rschmidt  staff    0 Aug 26 22:27 pingtimes
drwxr-xr-x  5 rschmidt  staff  160 Aug 26 22:26 registry
drwxrwxrwt  2 rschmidt  staff   64 Aug 26 22:26 sip-workaround
drwxr-xr-x  2 rschmidt  staff   64 Aug 26 22:26 software
drwxr-xr-x  3 rschmidt  staff   96 Aug 26 22:27 sources

Note that a source install of MacPorts does not create the sources directory; it's created when you first sync or selfupdate. Are you inadvertently using sudo when you're running port sync?

comment:7 Changed 9 months ago by lukaso (Lukas Oberhuber)

OK, I cleared out all my sudo and it was definitely my fault. I did have a lingering sudo in my scripts. Sorry for the bother! And thank you so much for pointing me to the solution!

comment:8 Changed 9 months ago by ryandesign (Ryan Carsten Schmidt)

Resolution:	→ invalid
Status:	new → closed
Version:	2.8.0 → 2.8.1

Glad we got it figured out!

Note: See TracTickets for help on using tickets.

Download in other formats: