I'm one of the people regularly bitten by build systems searching for VCS files outside the build directory, as I have directories above the build directories under version control, resulting in a sandbox violation error. Error or not, the gentoo build does not run in a git checkout by default, so the VCS search will always leave the sandbox and will always be a security risk. In response to https://bugs.gentoo.org/836261 "-buildvcs=false" was added to default GOFLAGS in go-module.eclass. The kitty ebuild uses go-env.eclass however without default GOFLAGS. It works for me to just add "-buildvcs=false" on line 135: local -x GOFLAGS="-p=$(makeopts_jobs) -v -x -buildvcs=false" Reproducible: Always
Sure Note odds are will switch to go-module.eclass sometime after bug #926841, so these defaults will sync up -- but no harm in adding this meanwhile.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=322e5186606b64ef16907668bc914e65c2ab951a commit 322e5186606b64ef16907668bc914e65c2ab951a Author: Ionen Wolkens <ionen@gentoo.org> AuthorDate: 2024-03-14 09:58:11 +0000 Commit: Ionen Wolkens <ionen@gentoo.org> CommitDate: 2024-03-14 09:59:04 +0000 x11-terms/kitty: pass -buildvcs=false Closes: https://bugs.gentoo.org/927012 Signed-off-by: Ionen Wolkens <ionen@gentoo.org> x11-terms/kitty/kitty-0.32.2.ebuild | 2 +- x11-terms/kitty/kitty-0.33.0.ebuild | 2 +- x11-terms/kitty/kitty-9999.ebuild | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-)
