Summary: | sys-apps/portage: pkg_setup may leave behind root owned files under $HOME with troublesome permissions for FEATURES=userpriv | ||
---|---|---|---|
Product: | Portage Development | Reporter: | Zac Medico <zmedico> |
Component: | Core - Ebuild Support | Assignee: | Portage team <dev-portage> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | CC: | gentoo_eshoes |
Priority: | Normal | Keywords: | InVCS |
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 563798, 711148 |
Description
Zac Medico
2020-03-18 01:29:23 UTC
Patch posted for review: https://archives.gentoo.org/gentoo-portage-dev/message/a6cb4527a2aa29c3aafccc17d91b44e5 https://github.com/gentoo/portage/pull/535 so this would fix permission issues when doing the ebuild prepare with USE=-userpriv (ie. as root) then continue ebuild compile with USE=userpriv ? (ie. as portage user) (In reply to gentoo_eshoes from comment #2) > so this would fix permission issues when doing the ebuild prepare with > USE=-userpriv (ie. as root) then continue ebuild compile with USE=userpriv ? > (ie. as portage user) You need to have FEATURES=userpriv enabled during the ebuild prepare for that to work, since the behavior is conditional on FEATURES=userpriv and it operates immediately following execution of an ebuild phase. It will execute the setup phase as root, grant permissions to the userpriv user's UID, and then execute the next phases as the userpriv user. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=2342e77eea8e00a572623f86d20cde2dc7098aa5 commit 2342e77eea8e00a572623f86d20cde2dc7098aa5 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-03-22 01:13:22 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-03-23 01:15:04 +0000 _post_phase_userpriv_perms: handle $HOME (bug 713100) Ensure that the userpriv UID has appropriate permission for files created in $HOME during privileged phases like pkg_setup, in the same way as for $T. This prevents potential permission issues for programs invoked during unprivileged phases, and it improves alignment with PMS which specifies identical behavior for both $HOME and $T. Bug: https://bugs.gentoo.org/713100 Signed-off-by: Zac Medico <zmedico@gentoo.org> lib/portage/package/ebuild/doebuild.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a0c4eab7417a7823cabe54ace677377114b18dd commit 6a0c4eab7417a7823cabe54ace677377114b18dd Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-03-23 03:02:25 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-03-23 03:03:33 +0000 sys-apps/portage: Bump to version 2.3.95 #713100 fix FEATURES=userpriv $HOME permissions #713726 emerge --info: Filter variables for credentials #713818 eqawarn: output to build log regardless of --quiet Bug: https://bugs.gentoo.org/711148 Bug: https://bugs.gentoo.org/713100 Bug: https://bugs.gentoo.org/713726 Bug: https://bugs.gentoo.org/713818 Package-Manager: Portage-2.3.95, Repoman-2.3.21 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/portage/Manifest | 1 + sys-apps/portage/portage-2.3.95.ebuild | 268 +++++++++++++++++++++++++++++++++ 2 files changed, 269 insertions(+) |