Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 669496 - repo git fetch and merge runs with root privileges despite FEATURE="usersync" or sync-user = portage:portage
Summary: repo git fetch and merge runs with root privileges despite FEATURE="usersync"...
Status: RESOLVED FIXED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Unclassified (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Portage team
URL:
Whiteboard:
Keywords: InVCS
Depends on:
Blocks: 240187 671498
  Show dependency tree
 
Reported: 2018-10-24 14:03 UTC by Jan Vesely
Modified: 2019-04-10 04:34 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Vesely 2018-10-24 14:03:15 UTC 
$ find /usr/portage -user root
$ sudo emerge --sync
...
...
...
$ find /usr/portage -user root
/usr/portage/.git/objects/66/bdfc089cc0c65cb9bae2826d2f09833edc7b6c
/usr/portage/.git/objects/73/f0d0373a2f10ad9370ac6fb9beffd5b01f9c11
/usr/portage/.git/objects/aa/477fa87c6a8de71c55d5d61af1513165c6b821
/usr/portage/.git/refs/heads/master
/usr/portage/.git/ORIG_HEAD
/usr/portage/.git/index
/usr/portage/app-crypt/argon2/argon2-20171227.ebuild
/usr/portage/app-crypt/libmd/Manifest
...

Reproducible: Always




$ grep usersync /etc/portage/make.conf
FEATURES="parallel-fetch userfetch usersync userpriv usersandbox"
Comment 1 Jan Vesely 2018-10-24 14:31:47 UTC 
Note this started with a recent portage update. It also switched from 'git pull' to 'git fetch' followed by 'git merge'.
Comment 2 Zac Medico gentoo-dev 2018-10-24 19:10:43 UTC 
What portage version does emerge --version show?
Comment 3 Jan Vesely 2018-10-24 19:12:22 UTC 
(In reply to Zac Medico from comment #2)
> What portage version does emerge --version show?

$ emerge --version
Portage 2.3.49 (python 3.6.5-final-0, default/linux/amd64/17.0, gcc-7.3.0, glibc-2.27-r6, 4.19.0-gentoo x86_64)
Comment 4 Jan Vesely 2018-11-04 17:15:39 UTC 
Still present in:
$ emerge --version
Portage 2.3.51 (python 3.6.5-final-0, default/linux/amd64/17.0, gcc-7.3.0, glibc-2.27-r6, 4.19.0-gentoo x86_64)
Comment 5 Yutao Yuan 2018-11-07 07:04:26 UTC 
The problem seems to be that 'git merge' is spawned directly with subprocess.call, which ignores the settings present in spawn_kwargs, instead of using portage.process.spawn or similar functions.
Comment 6 Zac Medico gentoo-dev 2018-11-15 21:42:45 UTC 
True, the merge command does not drop privileges:

https://gitweb.gentoo.org/proj/portage.git/commit/?id=3cd8cf93abb6410cc877381531bb662a704dffa7

>		exitcode = subprocess.call(merge_cmd,
>			cwd=portage._unicode_encode(self.repo.location))
Comment 7 Larry the Git Cow gentoo-dev 2018-11-24 21:34:29 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/portage.git/commit/?id=0490cfa00afcf1347e4e72528b20c93648d6871c

commit 0490cfa00afcf1347e4e72528b20c93648d6871c
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2018-11-23 09:00:25 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2018-11-23 23:55:24 +0000

    git: drop privileges for gc and merge (bug 669496)
    
    Use portage.process.spawn (with new cwd parameter) and self.spawn_kwargs
    to drop privileges for git gc and merge commands.
    
    Fixes: 3cd8cf93abb6 ("GitSync: abort checkout for signature problem (bug 660372)")
    Fixes: 903c4b1a6768 ("GitSync: support sync-depth (bug 552814)")
    Bug: https://bugs.gentoo.org/669496
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 lib/portage/sync/modules/git/git.py       | 10 ++++++----
 lib/portage/tests/sync/test_sync_local.py | 22 ++++++++++++++++++++--
 2 files changed, 26 insertions(+), 6 deletions(-)
Comment 8 Jan Vesely 2019-03-19 17:16:32 UTC 
This one looks fixed after recent portage update.
Comment 9 Zac Medico gentoo-dev 2019-04-10 04:34:13 UTC 
Fixed in portage-2.3.62.