* Messages for package app-portage/gentoolkit-9999: * QA Notice: This ebuild installs into paths that should be created at runtime. * To fix, simply do not install into these directories. Instead, your package * should create dirs on the fly at runtime as needed via init scripts/etc... * * var/cache * var/cache/revdep-rebuild * var/cache/revdep-rebuild/.keep_app-portage_gentoolkit-0
This was purposely done this way due to Security bug 203414. Before I make changes to the ebuild and revdep-rebuild, I would like consensus from the QA and Security teams on the best way to move forward. Please note, I am not against making changes, I just want to ensure that we don't reintroduce a security bug.
Interesting... Never thought that gentoolkit was usable under unprivileged user(which belongs to portage group). Anyway, from both of security and QA positions, i do not see the problem - create them via tmpfiles.d, like we do with /var/run and others.
With the following commits, this issue is resolved. revdep-rebuild: add tmpfiles.d file https://gitweb.gentoo.org/proj/gentoolkit.git/commit/?id=f584990c08fc5a400277acfeaf01297f1d3b995b app-portage/gentoolkit: Create /var/cache/revdep-rebuild in pkg_postinst https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ae76143a26660f4b4a2b94fe7ab6c2f305aaf48
