Recently I've been using prefix on some awkward platforms (read: Android) that don't have /etc/group or /etc/passwd portage actually works fine if I can create an /etc/passwd and /etc/group, however, on certain devices this simply isn't possible (/ isn't writable and doesn't save changes) Please add a --no-srsly-i-am-root or some other arcane flag to disable these checks. without /etc/group it does this: mysettings["PORTAGE_BUILD_GROUP"] = grp.getgrgid(portage_build_gid).gr_name KeyError: 'getgrgid(): gid not found: 0' without /etc/passwd it does this: mysettings["PORTAGE_BUILD_USER"] = pwd.getpwuid(portage_build_uid).pw_name KeyError: 'getpwuid(): uid not found: 0' if either is missing it loudly complains at start of build: portage: 'root' user or 'root' group missing. In Prefix Portage this is quite dramatic since it means you have thrown away yourself. Re-add yourself or re-bootstrap Gentoo Prefix. *** WARNING *** For security reasons, only system administrators should be *** WARNING *** allowed in the portage group. Untrusted users or processes *** WARNING *** can potentially exploit the portage group for attacks such as *** WARNING *** local privilege escalation.
Test please: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=f8aeff8f33eaf6b9f634a45278f9eaef11633427
(In reply to comment #0) > *** WARNING *** For security reasons, only system administrators should be > *** WARNING *** allowed in the portage group. Untrusted users or processes > *** WARNING *** can potentially exploit the portage group for attacks such > as > *** WARNING *** local privilege escalation. I guess we'll need another patch to silence this. Maybe we could have you set both PORTAGE_GRPNAME and PORTAGE_USERNAME to 'root', and silently use 0 for uid and gid if getpwnam and getgrnam throw KeyError.
(In reply to comment #1) > Test please: > > http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit; > h=f8aeff8f33eaf6b9f634a45278f9eaef11633427 flawless, fantastic
(In reply to comment #2) > (In reply to comment #0) > > *** WARNING *** For security reasons, only system administrators should be > > *** WARNING *** allowed in the portage group. Untrusted users or processes > > *** WARNING *** can potentially exploit the portage group for attacks such > > as > > *** WARNING *** local privilege escalation. > > I guess we'll need another patch to silence this. Maybe we could have you > set both PORTAGE_GRPNAME and PORTAGE_USERNAME to 'root', and silently use 0 > for uid and gid if getpwnam and getgrnam throw KeyError. setting those two env variables didn't change anything. if it helps: localhost portage # whoami whoami: cannot find name for user ID 0
also of note: chgrp: invalid group: 'root' chgrp: invalid group: 'root' chgrp: invalid group: 'root' chgrp: invalid group: 'root' chgrp: invalid group: 'root' portage: 'root' user or 'root' group missing. In Prefix Portage this is quite dramatic since it means you have thrown away yourself. Re-add yourself or re-bootstrap Gentoo Prefix. *** WARNING *** For security reasons, only system administrators should be *** WARNING *** allowed in the portage group. Untrusted users or processes *** WARNING *** can potentially exploit the portage group for attacks such as *** WARNING *** local privilege escalation.
(In reply to comment #4) > setting those two env variables didn't change anything. You'll need this patch: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=b1e27de54c2ff4b383e5efe62b0ddb785c0573e8
This is fixed in 2.1.11.51 and 2.2.0_alpha162.
