1 # $NetBSD: unprivileged.mk,v 1.19 2010/02/28 19:33:00 tnn Exp $
3 # This file collects definitions that are useful when using pkgsrc as an
4 # unprivileged (non-root) user. It is included automatically by the
5 # pkgsrc infrastructure.
7 # === User-settable variables ===
10 # Whether to build packages as unprivileged user.
12 # Default: (undefined)
16 # The user name (or numeric uid) that will be used to install
19 # Default: The user building the package
22 # The group name (or numeric gid) that will be used to install
25 # Default: The primary group of the user building the package
28 # The group names that can be used to install files. Where a
29 # per-package custom group is declared that matches a group name
30 # in this variable, it will be left unmodified. Any per-package
31 # custom group not in this list will be forced to the value of
34 # Default: The complete group membership of the user building
37 # === Package-settable variables ===
40 # A list of variables that hold bare user names, e.g APACHE_USER, etc.
43 # A list of variables that hold bare group names, e.g UUCP_GROUP, etc.
45 # XXX: How can the user say that some of the packages shouldn't override
46 # the user and group names?
49 # A list of phases (not stages) that are run as the privileged
50 # user. Some packages, when installed with just-in-time-su, leave
51 # temporary files in the working directory, so the "clean" phase
52 # must have enough priviledges to clean them up.
55 # Default: (undefined)
57 # === System-defined variables ===
60 # The name of an omnipotent user account on the system.
62 # XXX: Why do we have this variable when it is set to ${ROOT_USER}
63 # anyway for unprivileged builds? Shouldn't packages that require
64 # such a user just fail in unprivileged mode?
65 # (See NOT_FOR_UNPRIVILEGED.)
68 # The primary group of the REAL_ROOT_USER.
74 # The primary group of the ROOT_USER.
76 # BINOWN, BINGRP, GAMEOWN, GAMEGRP, MANOWN, MANGRP, SHAREOWN, SHAREGRP,
77 # DOCOWN, DOCGRP, BINMODE, NONBINMODE
78 # Ownership and permissions of the various types of files that are
79 # installed by the packages.
81 # XXX: What do we need all these different variables for? Wouldn't
82 # it be ok to install all files as ROOT_USER:ROOT_GROUP?
84 # PKG_CREATE_USERGROUP
85 # Since an unprivileged user normally cannot create other users
86 # and groups, this pkgsrc feature is disabled.
88 # XXX: This setting should be moved into pkg_add.
91 # Since an unprivileged user normally cannot add entries to
92 # /etc/shells, this pkgsrc feature is disabled.
94 # XXX: See PKG_CREATE_USERGROUP
96 # TOOLS_PLATFORM.chown, TOOLS_PLATFORM.chgrp
97 # These tools cannot be used in their full extent by unprivileged
100 # XXX: chgrp may work for some groups.
102 # Keywords: unprivileged root override
105 _VARGROUPS+= unprivileged
106 _USER_VARS.unprivileged= \
107 UNPRIVILEGED UNPRIVILEGED_GROUP UNPRIVILEGED_GROUPS UNPRIVILEGED_USER
108 _PKG_VARS.unprivileged= \
109 PKG_USERS_VARS PKG_GROUPS_VARS
110 _SYS_VARS.unprivileged= \
111 REAL_ROOT_USER REAL_ROOT_GROUP ROOT_USER ROOT_GROUP \
112 BINOWN BINGRP GAMEOWN GAMEGRP MANOWN MANGRP SHAREOWN SHAREGRP DOCOWN DOCGRP \
114 PKG_CREATE_USERGROUP PKG_REGISTER_SHELLS \
115 TOOLS_PLATFORM.chgrp TOOLS_PLATFORM.chown SU_CMD
117 _UNPRIVILEGED= # empty
118 .if defined(UNPRIVILEGED) && !empty(UNPRIVILEGED:M[Yy][Ee][Ss])
119 _UNPRIVILEGED+= unprivileged
121 .if (${_USE_DESTDIR} == "user-destdir")
122 _UNPRIVILEGED+= user-destdir
125 .if !empty(_UNPRIVILEGED)
127 # Guess which user/group has to be used.
128 . if !defined(UNPRIVILEGED_USER) || empty(UNPRIVILEGED_USER)
129 UNPRIVILEGED_USER!= ${ID} -n -u
131 . if !defined(UNPRIVILEGED_GROUP) || empty(UNPRIVILEGED_GROUP)
132 . if "$(OPSYS)" == "Interix" # For at least Interix 3.5 SP-8.0.1969.1
133 UNPRIVILEGED_GROUP!= ${ID} -g
135 UNPRIVILEGED_GROUP!= ${ID} -n -g
138 . if !defined(UNPRIVILEGED_GROUPS) || empty(UNPRIVILEGED_GROUPS)
139 UNPRIVILEGED_GROUPS!= ${ID} -n -G
142 . if empty(_UNPRIVILEGED:Munprivileged) && !empty(_UNPRIVILEGED:Muser-destdir)
143 # Only do following for privileged, user-destdir builds.
144 _SU_ROOT_USER:= ${ROOT_USER}
145 REAL_ROOT_USER:= ${ROOT_USER}
146 REAL_ROOT_GROUP:= ${ROOT_GROUP}
149 # Override super-user account.
150 ROOT_GROUP= ${UNPRIVILEGED_GROUP}
151 ROOT_USER= ${UNPRIVILEGED_USER}
153 . if !empty(_UNPRIVILEGED:Munprivileged)
154 # Override "games" account.
155 GAMES_GROUP= ${UNPRIVILEGED_GROUP}
156 GAMES_USER= ${UNPRIVILEGED_USER}
161 # Override user/group pairs used to install files.
162 BINGRP= ${UNPRIVILEGED_GROUP}
163 BINOWN= ${UNPRIVILEGED_USER}
164 GAMEGRP= ${UNPRIVILEGED_GROUP}
165 GAMEOWN= ${UNPRIVILEGED_USER}
166 MANGRP= ${UNPRIVILEGED_GROUP}
167 MANOWN= ${UNPRIVILEGED_USER}
168 SHAREGRP= ${UNPRIVILEGED_GROUP}
169 SHAREOWN= ${UNPRIVILEGED_USER}
170 DOCGRP= ${UNPRIVILEGED_GROUP}
171 DOCOWN= ${UNPRIVILEGED_USER}
173 # Override installation modes. As a regular user, we may have problems
174 # when overwriting files if they are not writable.
178 . if !empty(_UNPRIVILEGED:Munprivileged) && empty(_UNPRIVILEGED:Muser-destdir)
179 # Only do the following for unprivileged, normal builds.
181 PKG_USERS_VARS?= # empty
182 PKG_GROUPS_VARS?= # empty
183 BUILD_DEFS+= ${PKG_USERS_VARS} ${PKG_GROUPS_VARS}
185 # Override per-package custom users and groups, except for groups listed
186 # in UNPRIVILEGED_GROUPS.
187 . for _var_ in ${PKG_USERS_VARS}
188 ${_var_}= ${UNPRIVILEGED_USER}
190 . for _var_ in ${PKG_GROUPS_VARS}
191 . if empty(UNPRIVILEGED_GROUPS:M${${_var_}})
192 ${_var_}= ${UNPRIVILEGED_GROUP}
199 .if !empty(_UNPRIVILEGED:Munprivileged)
200 # As a regular user, creation of other users and groups won't work, so
201 # disable this step by default.
202 PKG_CREATE_USERGROUP= NO
204 # Override commands that won't work as a regular user.
205 TOOLS_PLATFORM.chgrp= ${TRUE} chgrp
206 TOOLS_PLATFORM.chown= ${TRUE} chown
209 # Do not attempt to modify /etc/shells as a regular user.
210 PKG_REGISTER_SHELLS= NO