Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 277976

Summary: subversion.eclass distfiles in ESVN_STORE_DIR could be writable by portage group
Product: Gentoo Linux Reporter: Maciej Mrozowski <reavertm>
Component: EclassesAssignee: Arfrever Frehtes Taifersar Arahesis (RETIRED) <arfrever>
Status: RESOLVED WONTFIX    
Severity: enhancement CC: dilfridge, jlec, kde
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: Added ESVN_UMASK with umask invocation (no chmod)
fixed typo in die message
SVN update script

Description Maciej Mrozowski gentoo-dev 2009-07-15 18:56:14 UTC 
Currently, default umask (022) is applied and it makes directories in svn-src writable by owner (which is portage).

/usr/portage/distfiles permissions already allow for files to be written/deleted by portage group, that does not apply to subdirectories however - specifically source files stored by subversion_src_unpack and other scms.

I'd propose to call umask g+w somewhere in subversion.eclass:subversion_src_unpack (with optional, but not really needed - chmod)
Comment 1 Maciej Mrozowski gentoo-dev 2009-07-15 19:01:10 UTC 
Created attachment 198089 [details, diff]
Added ESVN_UMASK with umask invocation (no chmod)

Proposed patch, with umask moved to separate eclass variable.

Also patch removes two redundant parameter substitutions.
Comment 2 Maciej Mrozowski gentoo-dev 2009-07-15 19:08:35 UTC 
Created attachment 198091 [details, diff]
fixed typo in die message
Comment 3 Maciej Mrozowski gentoo-dev 2009-07-15 21:57:07 UTC 
On the second thought, maybe giving too much freedom is not the best approach (being able to specify umask that will take away read permissions for portage itself...)
So maybe just fix it to g+w?
I'd need it anyway (along with existing ESVN_OFFLINE=1) to implement developer mode in kde4 eclass - being able to develop/patch/commit (being in portage group) directly to ESVN_STORE_DIR and utilize portage sandboxed installation and file collision prevention.
If you know better (than umask) ways to achieve this, please let me know.
Comment 4 Maciej Mrozowski gentoo-dev 2009-07-15 21:58:08 UTC 
CC-ing other folks, maybe they will have some ideas.
Comment 5 Andreas K. Hüttel archtester gentoo-dev 2010-02-21 17:49:01 UTC 
Being able to test ebuilds as normal user is a big plus, and it's a pain if you always have to remove the subversion workdir as root first. 

So: bump!!!
Comment 6 Maciej Mrozowski gentoo-dev 2010-02-21 18:00:26 UTC 
Actually there's workaround I have in practice right now:
- chown ${user}:${user} -R /usr/portage/distfiles/${scm}-src/*
- put E${SCM}_OFFLINE=1 in make.conf

This makes portage effectively unable to screw permissions there and make ${user} able to develop/patch source in distfiles directly.

With additional scripts I can update all svn distfiles in one shot (which in kde case is preferred way).
Comment 7 Maciej Mrozowski gentoo-dev 2010-02-21 18:01:30 UTC 
Created attachment 220617 [details]
SVN update script
Comment 8 Andreas K. Hüttel archtester gentoo-dev 2011-07-30 12:58:40 UTC 
As nobody really wants to do anything here, we can likely resolve this bug.