Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 777393 - [Feature Request] sys-apps/portage: Make env-update execute post-update scripts
Summary: [Feature Request] sys-apps/portage: Make env-update execute post-update scripts
Status: UNCONFIRMED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Enhancement/Feature Requests (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Portage team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-03-20 14:56 UTC by konsolebox
Modified: 2021-10-29 06:35 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
Simple patch to make it work (make-env-update-exec-post-update-scripts.patch,1.02 KB, patch)
2021-03-20 17:27 UTC, konsolebox
Details | Diff
Working post-update script that updates secure_path (99update-secure-path,765 bytes, text/plain)
2021-03-21 10:20 UTC, konsolebox
Details
Working post-update script that updates secure_path (V2) (99update-secure-path,689 bytes, text/plain)
2021-03-21 10:45 UTC, konsolebox
Details
Working post-update script that updates secure_path (V3) (99update-secure-path,530 bytes, text/plain)
2021-03-21 11:13 UTC, konsolebox
Details
Working post-update script that updates secure_path (V4) (99update-secure-path,727 bytes, text/plain)
2021-03-21 13:49 UTC, konsolebox
Details
Working post-update script that updates secure_path (V5) (99update-secure-path,762 bytes, text/plain)
2021-03-21 14:25 UTC, konsolebox
Details
Updated to work with 3.0.28 (portage-3.0.28-env-update-post-update.patch,1.17 KB, patch)
2021-10-29 06:33 UTC, konsolebox
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description konsolebox 2021-03-20 14:56:55 UTC
In https://bugs.gentoo.org/777267 I ended up with a solution where I created a wrapper script for env-update which calls env-update and then updates the value of "secure_path" in /etc/sudoers/secure_path based on the updated value of REALPATH.

It would be nice if env-update would have an added feature where it executes +x scripts present somewhere in /etc (perhaps in /etc/env-update.d/) after updating /etc/profile.env and other stuff so I wouldn't have to use a wrapper like this.  It's also not guaranteed that the wrapper is called during emerge over the real env-update.
Comment 1 konsolebox 2021-03-20 17:27:42 UTC
Created attachment 692598 [details, diff]
Simple patch to make it work
Comment 2 Zac Medico gentoo-dev 2021-03-20 20:13:56 UTC
The solutions sounds somewhat complicated for a PATH ordering issue, so I'd like to understand why there's not a simpler way to generate an appropriate PATH setting, if that really is the case.
Comment 3 konsolebox 2021-03-21 10:07:03 UTC
If we'd like to make secure_path follow the generated [ROOT]PATH from env.d, this is the only way to make it consistent.  Also I believe this can also help with other things that has to be regenerated everytime something significant in /etc/env.d is modified.
Comment 4 konsolebox 2021-03-21 10:20:53 UTC
Created attachment 692676 [details]
Working post-update script that updates secure_path
Comment 5 konsolebox 2021-03-21 10:45:22 UTC
Created attachment 692688 [details]
Working post-update script that updates secure_path (V2)
Comment 6 konsolebox 2021-03-21 11:13:37 UTC
Created attachment 692691 [details]
Working post-update script that updates secure_path (V3)

There's no need to check if ROOTPATH has /usr/sbin since the default already has it, and secure_path should have a conservative value, so avoid including values from PATH.  A path should also be in ROOTPATH anyway if it's meant to run as EUID 0.
Comment 7 konsolebox 2021-03-21 13:49:58 UTC
Created attachment 692721 [details]
Working post-update script that updates secure_path (V4)

Avoid updating secure_path if it's already up-to-date to lessen noise and write IO
Comment 8 konsolebox 2021-03-21 14:25:32 UTC
Created attachment 692730 [details]
Working post-update script that updates secure_path (V5)

Exclude "\n" in printf assignment and use more EPREFIX
Comment 9 konsolebox 2021-10-29 06:33:46 UTC
Created attachment 747183 [details, diff]
Updated to work with 3.0.28
Comment 10 konsolebox 2021-10-29 06:35:36 UTC
I customized the official ebuild so it includes this feature.  It can be enabled with the 'unofficial' use flag.

https://github.com/konsolebox/overlay/tree/master/sys-apps/portage