Welcome to the Pacman bug tracker. Please search the current bugs and feature requests before filing a new one! Use advanced search and select "Search in Comments".

* Please select the correct category and version.
* Write a descriptive summary, background info, and provide a reproducible test case whenever possible.

FS#49965 - [makepkg] Build packages in isolation

Attached to Project: Pacman
Opened by TesX (tesfabpel) - Wednesday, 06 July 2016, 06:30 GMT
Last edited by Allan McRae (Allan) - Friday, 30 December 2016, 02:41 GMT
Task Type Feature Request
Category makepkg
Status Closed
Assigned To No-one
Architecture All
Severity Medium
Priority Normal
Reported Version 5.0.1
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No


Summary and Info:
When trying to install the AUR package `itch` (, the PKGBUILD executes some actions that will affect the system and escape the package manager's control, as reported in comments by some users...

Could this be fixed by limiting write access only to the build directory of makepkg?
Is there any reason not to?

Steps to Reproduce:
Try to install some misbehaving package (for example, itch)
This task depends upon

Closed by  Allan McRae (Allan)
Friday, 30 December 2016, 02:41 GMT
Reason for closing:  Deferred
Additional comments about closing:  devtools is the current solution.
Comment by Dave Reisner (falconindy) - Wednesday, 06 July 2016, 10:50 GMT
devtools already provides this by maintaining and building in a separate chroot.
Comment by Frederik “Freso” S. Olesen (Freso) - Tuesday, 23 August 2016, 13:50 GMT
Building some packages will write to e.g., $HOME. It would be really nice if makepkg would completely sandbox its filesystem.
Comment by Doug Newgard (Scimmia) - Tuesday, 23 August 2016, 13:56 GMT
Which is what devtools does.

PKGBUILDs are Bash, they can do stupid things. The one in question does stupid things (npm install)