FS#68506 : Allow -Fy to run without root when --dbpath points to a user-owned directory

FS#68506 - Allow -Fy to run without root when --dbpath points to a user-owned directory

Attached to Project: Pacman
Opened by Link Mauve (linkmauve) - Monday, 02 November 2020, 17:30 GMT

Task Type	Feature Request
Category	General
Status	Unconfirmed
Assigned To	No-one
Architecture	All
Severity	Low
Priority	Normal
Reported Version	5.2.1
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	3 Bézier (Hoël) (2020-11-11) Link Mauve (linkmauve) (2020-11-02) Antoine Le Gonidec (vv221) (2020-11-02)
Private	No

Details

Summary and Info:
A regular user could want to look up package names from a filename, in which case they need an up to date files database (-Fy).

This operation aborts if pacman isn’t running as root, despite no special permissions being needed if the database path is user-writable.

A workaround when pacman is built with glibc is to use fakeroot, but this isn’t available everywhere, for instance when using pacman-static: https://aur.archlinux.org/packages/pacman-static/

Steps to Reproduce:
% mkdir ~/db
% pacman -Fy --dbpath ~/db

This task depends upon

Comment by Antoine Le Gonidec (vv221) - Monday, 02 November 2020, 17:52 GMT

To give a use case, ./play.it [1] development involves tracking dependencies of binaries (without access to the sources), and translating that to package names for multiple distributions. Being able to rely on pacman-static would allow some of our developers with no access to an Arch Linux system to no longer rely on the availability of some other contributors running Arch during this dependencies tracking process.

[1]: https://www.dotslashplay.it/

Comment by Eli Schwartz (eschwartz) - Monday, 02 November 2020, 17:58 GMT

You could say the same thing about -Sy when used for a non-root dbpath. It's likewise useful, for precisely the use case employed by checkupdates. Still, we don't support this.

The thing is that dbpath will never be user writable except in edge cases where you have a custom script to rig this up. Just like checkupdates. In such cases, fakeroot is practical.

For the -Fy case I recommend invoking it with sudo, and adding a sudoers rule permitting anyone to use it without a password, given only the exact arguments "-Fy".

Perfectly secure, no prompt for passwords, even unprivileged users can update the files database.

Comment by morganamilo (morganamilo) - Wednesday, 30 December 2020, 18:29 GMT

> The thing is that dbpath will never be user writable except in edge cases where you have a custom script to rig this up

I don't think I agree with that. Pacman is a package manager, however it does not necessarily have to manage at the system level.
For example npm and pip can work per user.

I believe the Nintendo hacking group does this. They use pacman to manage and distribute all of their hacking tools using a windows
build of pacman. Where pacman and the packages arre installed just for the user instead of system wide.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#68506 - Allow -Fy to run without root when --dbpath points to a user-owned directory

Details

Loading...