The ebuild install the bitcoin.conf in /etc/bitcoin and creates a symlink from /var/lib/bitcoin/.bitcoin/bitcoinf → /etc/bitcoin/bitcoin.conf Later in the init script there is checkpath -f -o ${bitcoind_user} -m 0400 ${conffile} || return 1 which failes with + checkpath -f -o bitcoin -m 0400 /var/lib/bitcoin/.bitcoin/bitcoin.conf * checkpath: chmod: /var/lib/bitcoin/.bitcoin/bitcoin.conf is a symbolic link the line should be changed to checkpath -f -o ${bitcoind_user} -m 0400 $(readlink -f ${conffile}) || return 1 Reproducible: Always Steps to Reproduce: 1.emerge =net-p2p/bitcoind-0.10.0 2. /etc/init.d/bitcoind start
Related OpenRC bug and change: https://bugs.gentoo.org/show_bug.cgi?id=540006
Doesn't your proposed fix merely reintroduce the security problems in bug 540006? Is there a better way we could/should do this?
Well, I think the sound solution would be to reverse the direction of the symlink.
The (current) init script doesn't appear to ever call checkpath, and upstream's init script seems to use it safely. Not sure how you're getting this problem, but can you test 0.10.0-r1 from the overlay, which now uses upstream's (patched for backward compatibility)?
It does use 'checkpath', see http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-p2p/bitcoind/files/bitcoin.initd-r1?revision=1.1&view=markup Line 22
(In reply to Florian Schmaus from comment #5) > It does use 'checkpath', see > http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-p2p/bitcoind/ > files/bitcoin.initd-r1?revision=1.1&view=markup Line 22 Strange, looks like that file missed a number of updates somehow. Can you confirm the overlay/upstream version(s) work okay?
please check the tree version which i just added.
Assuming this is fixed. Reopen if its still a problem.
