Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 713100

Summary: sys-apps/portage: pkg_setup may leave behind root owned files under $HOME with troublesome permissions for FEATURES=userpriv
Product: Portage Development Reporter: Zac Medico <zmedico>
Component: Core - Ebuild SupportAssignee: Portage team <dev-portage>
Status: RESOLVED FIXED    
Severity: enhancement CC: gentoo_eshoes
Priority: Normal Keywords: InVCS
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 563798, 711148    

Description Zac Medico gentoo-dev 2020-03-18 01:29:23 UTC
It's possible for pkg_setup to leave behind root owned files under $HOME with troublesome permissions for FEATURES=userpriv. Portage already adjusts permissions in $T in order to prevent problems, in the _post_phase_userpriv_perms function, and it could do the same for $HOME. Hopefully this will not violate PMS, which specifies identical behavior for both $T and $HOME. The permission adjustment should only grant privileges to the UID of the userpriv user, as established by bug 519566.
Comment 2 inactive 2020-03-22 03:06:24 UTC
so this would fix permission issues when doing the ebuild prepare with USE=-userpriv (ie. as root) then continue ebuild compile with USE=userpriv ? (ie. as portage user)
Comment 3 Zac Medico gentoo-dev 2020-03-22 03:22:01 UTC
(In reply to gentoo_eshoes from comment #2)
> so this would fix permission issues when doing the ebuild prepare with
> USE=-userpriv (ie. as root) then continue ebuild compile with USE=userpriv ?
> (ie. as portage user)

You need to have FEATURES=userpriv enabled during the ebuild prepare for that to work, since the behavior is conditional on FEATURES=userpriv and it operates immediately following execution of an ebuild phase. It will execute the setup phase as root, grant permissions to the userpriv user's UID, and then execute the next phases as the userpriv user.
Comment 4 Larry the Git Cow gentoo-dev 2020-03-23 01:40:50 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/portage.git/commit/?id=2342e77eea8e00a572623f86d20cde2dc7098aa5

commit 2342e77eea8e00a572623f86d20cde2dc7098aa5
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2020-03-22 01:13:22 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2020-03-23 01:15:04 +0000

    _post_phase_userpriv_perms: handle $HOME (bug 713100)
    
    Ensure that the userpriv UID has appropriate permission for files
    created in $HOME during privileged phases like pkg_setup, in the
    same way as for $T. This prevents potential permission issues for
    programs invoked during unprivileged phases, and it improves
    alignment with PMS which specifies identical behavior for both
    $HOME and $T.
    
    Bug: https://bugs.gentoo.org/713100
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 lib/portage/package/ebuild/doebuild.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
Comment 5 Larry the Git Cow gentoo-dev 2020-03-23 03:13:56 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a0c4eab7417a7823cabe54ace677377114b18dd

commit 6a0c4eab7417a7823cabe54ace677377114b18dd
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2020-03-23 03:02:25 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2020-03-23 03:03:33 +0000

    sys-apps/portage: Bump to version 2.3.95
    
     #713100 fix FEATURES=userpriv $HOME permissions
     #713726 emerge --info: Filter variables for credentials
     #713818 eqawarn: output to build log regardless of --quiet
    
    Bug: https://bugs.gentoo.org/711148
    Bug: https://bugs.gentoo.org/713100
    Bug: https://bugs.gentoo.org/713726
    Bug: https://bugs.gentoo.org/713818
    Package-Manager: Portage-2.3.95, Repoman-2.3.21
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 sys-apps/portage/Manifest              |   1 +
 sys-apps/portage/portage-2.3.95.ebuild | 268 +++++++++++++++++++++++++++++++++
 2 files changed, 269 insertions(+)