Summary: | sys-apps/portage should warn/abort when make.conf is unreadable | ||
---|---|---|---|
Product: | Portage Development | Reporter: | Jimmy.Jazz |
Component: | Core - Configuration | Assignee: | Portage team <dev-portage> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | esigra |
Priority: | High | Keywords: | InVCS |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 335925 |
Description
Jimmy.Jazz
2010-04-16 15:11:42 UTC
portage merely needs read access. no reason to require ownership. also, how exactly does userpriv get into FEATURES if portage cant read its original make.conf file ? :p (In reply to comment #1) > portage merely needs read access. no reason to require ownership. Indeed, portage make.conf is world readable. I have changed it to 0640 to increase security. I missed it when I opened the bug report. Someone else on the forum had the same issue because he wanted to protect his proxy password. See http://forums.gentoo.org/viewtopic-p-6092656.html (Also, I dropped eix-sync privileges as well.) > also, how exactly does userpriv get into FEATURES if portage cant read its > original make.conf file ? :p > I run portage emerge as root :). I expected portage to drop root privileges to user portage after reading make.conf userpriv feature and let user portage read make.conf straight afterwards. Anyway, portageq exit code 13 is quite difficult to understand because /etc/portage/profile/packages neither exists nor is declared in /etc/make.conf Moreover, the message isn't reported in /var/log/ebuild/ log file I forgot to mention /etc/portage in the list of directories in my first comment. I hope the above points help clarify things. I plan to fix this by making the portageq process use pipe or socket IPC to delegate the query to the parent python process which hasn't dropped privileges (we have a poll/select loop in emerge's scheduler which can be used handle the IPC). (In reply to comment #3) > I plan to fix this by making the portageq process use pipe or socket IPC to > delegate the query to the parent python process which hasn't dropped privileges > (we have a poll/select loop in emerge's scheduler which can be used handle the > IPC). This is in git now: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=612a8abf9995c593101b8344fda15acd8267c5e3 This is in 2.2_rc68, but I'll leave this bug open until it's in an unmasked version. This is fixed in 2.1.9. NOTE: The fix for this bug only works when USE=ipc is enabled (it is enabled automatically by IUSE default). (In reply to comment #7) > NOTE: The fix for this bug only works when USE=ipc is enabled (it is > enabled automatically by IUSE default). > It works with the last portage 2.2_rc98. USE='ipc' flag is enabled Thx Jj |