On Fri, May 07, 2021 at 08:42:59PM +0100, Stuart Henderson wrote:
> On 2021/05/07 12:11, Steve Williams wrote:
> > Hi,
> >
> > pkg_add(1) needs a "-D unsigned"
> >
> > That's how I worked around it when I was playing with creating a new port.
>
> -D unsigned is for special cases only (usually only when you are testing
> a package built by somebody else who you trust, or when testing upgrade
> paths for your own packages).
>
> Installing from the ports tree does not use -D unsigned, it uses the
> TRUSTED_PKG_PATH mechanism instead. If this isn't working then there is
> something unusual in the setup which is preventing things from working
> correctly. The #1 candidate is a privilege escalation program (sudo or
> doas) that is not configured to pass environment variables through.
>
> > > > /etc/doas.conf
> > > > permit setenv { \
> > > > FTPMODE PKG_CACHE PKG_PATH SM_PATH SSH_AUTH_SOCK \
> > > > DESTDIR DISTDIR FETCH_CMD FLAVOR GROUP MAKE MAKECONF \
> > > > MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_DBDIR \
> > > > PKG_DESTDIR PKG_TMPDIR PORTSDIR RELEASEDIR SHARED_ONLY \
> > > > SUBPACKAGE WRKOBJDIR SUDO_PORT_V1 PORTS_TREE_OWNER=sls \
> > > > FAKE_TREE_OWNER=_pbuild } :wsrc
>
> Please don't try enumerating all the variables used by ports; it may
> change sometime and it's easy to miss something. Just use keepenv
> (or for sudo use "SUDO=sudo -E" in mk.conf).
>
> The other place where people often run into problems with doas is the
> order of parsing the lines, it is "last match wins".
>
Wow! sudo -E did the trick.
Yes, I was worried about the "last match wins" rule.
--
Chris
