Steps to USE_DESTDIR=yes as default
DESTDIR support is one of the biggest internal changes since the introduction of package barrier and it has some user visible consequences.
What is left to do before it can be made the default to keep the impact as small as possible?
- Do another pass to ensure that the unprivileged user doesn't leak into the binary package in a functional role. This is hard to enforce automatically as a large number of packages leak it e.g. to annotate who build the package (compiled Emacs modules for example).
- Make it possible for USERGROUP_PHASE to be set to install, so that it is invoked as su-target from pre-install. I'm not sure how to best hunt down the packages that need this. Building a list of packages that use PKG_USERS or PKG_GROUPS is not difficult, but how to check which of those fail? The best idea so far is a modified client-clean script for pbulk, that sets /etc/passwd and /etc/group to a prestine state and see what fails.
- Add an option for pbulk to allow unprivileged bulk builds without calling su. At the same time, make su actually configurable. An idea is to add a check in pbulk.conf for `whoami` = "root" and set su to "shift; exec $SHELL $*" .
- Add a warning about DEPENDS_TARGET=package / UPDATE_TARGET=package. This is something where I am definitely willing to break the interface.