Summary: | repo git fetch and merge runs with root privileges despite FEATURE="usersync" or sync-user = portage:portage | ||
---|---|---|---|
Product: | Portage Development | Reporter: | Jan Vesely <jano.vesely> |
Component: | Unclassified | Assignee: | Portage team <dev-portage> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | esigra |
Priority: | Normal | Keywords: | InVCS |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 240187, 671498 |
Description
Jan Vesely
2018-10-24 14:03:15 UTC
Note this started with a recent portage update. It also switched from 'git pull' to 'git fetch' followed by 'git merge'. What portage version does emerge --version show? (In reply to Zac Medico from comment #2) > What portage version does emerge --version show? $ emerge --version Portage 2.3.49 (python 3.6.5-final-0, default/linux/amd64/17.0, gcc-7.3.0, glibc-2.27-r6, 4.19.0-gentoo x86_64) Still present in: $ emerge --version Portage 2.3.51 (python 3.6.5-final-0, default/linux/amd64/17.0, gcc-7.3.0, glibc-2.27-r6, 4.19.0-gentoo x86_64) The problem seems to be that 'git merge' is spawned directly with subprocess.call, which ignores the settings present in spawn_kwargs, instead of using portage.process.spawn or similar functions. True, the merge command does not drop privileges: https://gitweb.gentoo.org/proj/portage.git/commit/?id=3cd8cf93abb6410cc877381531bb662a704dffa7 > exitcode = subprocess.call(merge_cmd, > cwd=portage._unicode_encode(self.repo.location)) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=0490cfa00afcf1347e4e72528b20c93648d6871c commit 0490cfa00afcf1347e4e72528b20c93648d6871c Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2018-11-23 09:00:25 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2018-11-23 23:55:24 +0000 git: drop privileges for gc and merge (bug 669496) Use portage.process.spawn (with new cwd parameter) and self.spawn_kwargs to drop privileges for git gc and merge commands. Fixes: 3cd8cf93abb6 ("GitSync: abort checkout for signature problem (bug 660372)") Fixes: 903c4b1a6768 ("GitSync: support sync-depth (bug 552814)") Bug: https://bugs.gentoo.org/669496 Signed-off-by: Zac Medico <zmedico@gentoo.org> lib/portage/sync/modules/git/git.py | 10 ++++++---- lib/portage/tests/sync/test_sync_local.py | 22 ++++++++++++++++++++-- 2 files changed, 26 insertions(+), 6 deletions(-) This one looks fixed after recent portage update. Fixed in portage-2.3.62. |