DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 1st November 2017
nukey nukey is offline
New User
 
Join Date: Oct 2017
Posts: 2
Default Avoiding password while compiling ports

Is there a secure and simple way to prevent the compilation process from asking for my password more than once? The documentation suggests avoiding root for compilation, which makes sense, so I set up to compile as my regular user. However, the "persist" option in doas.conf seems more like a "pester" option because it asks for my password incessantly. I usually end up resorting to the "nopass" option but that just seems terribly insecure. What is the best way to work around this problem?
Reply With Quote
  #2   (View Single Post)  
Old 1st November 2017
ibara's Avatar
ibara ibara is offline
GNU gold linker
 
Join Date: Jan 2014
Posts: 603
Default

"persist" is only for a limited time (5 minutes, IIRC). With persist off, it's at every doas issuance, even if they're only a microsecond apart.

Some options:
1. Set your PREFIX, LOCALBASE, and TRUEPREFIX to directories that you have write access to, and add it LOCALBASE/bin directory to your PATH. That seems like a bad option.
2. Set nopass and use strong passwords locally and ssh keys only remotely. That sounds wise.
3. Use packages instead of ports. How many ports are you building anyway? Why? You almost certainly don't need to be building packages yourself.
Reply With Quote
  #3   (View Single Post)  
Old 1st November 2017
nukey nukey is offline
New User
 
Join Date: Oct 2017
Posts: 2
Default

While compiling ports, the "persist" option makes no difference, it still asks for my password even if they are a microsecond apart. I suppose I will stick with option 2 for now.

I'm compiling ports listed by out-of-date, because -release and -stable packages do not receive security updates. I'm not ready for -current yet.

What about a possible option 4) Create a dedicated build user with the bare minimum permissions necessary to build/install ports? I'm not experienced enough to know how to do that correctly, I'm just thinking aloud.
Reply With Quote
  #4   (View Single Post)  
Old 1st November 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,292
Default

Hello and welcome!
Quote:
... -release and -stable packages do not receive security updates.
Port maintainers will produce -stable patches for CVEs. That is the primary purpose of the -stable branch of the ports tree. But the Project does not build -stable packages. M:Tier (https://stable.mtier.org) does, as a service.
Quote:
4) Create a dedicated build user with the bare minimum permissions necessary to build/install ports?
The Distributed Ports Builder dpb(1) may be helpful. It is started as root; it drops privileges for fetch, build, and log operations.

Last edited by jggimi; 1st November 2017 at 10:25 AM. Reason: clarity, one typo
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Got my ports tree deleted after attempting ports update bsdnotbdsm FreeBSD Ports and Packages 2 18th May 2014 01:58 PM
FreeBSD Complete ports thaw after ports freeze for 7.3 Release J65nko News 0 24th March 2010 11:46 PM
4.5 on macppc: emacs package, compiling ports moosejaw OpenBSD Packages and Ports 16 19th October 2009 08:25 PM
c++ compiling hello world Gates Programming 3 26th July 2008 12:48 PM
Compiling Nagios 3.02 roundkat Solaris 1 2nd June 2008 09:09 PM


All times are GMT. The time now is 03:42 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick