Summary: | sys-apps/portage: doexe preserves all xattrs, including ACL, from source file | ||
---|---|---|---|
Product: | Portage Development | Reporter: | Piotr Karbowski (RETIRED) <slashbeast> |
Component: | Core | Assignee: | Portage team <dev-portage> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | atoth, mgorny, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/gentoo/portage/pull/755 https://bugs.gentoo.org/show_bug.cgi?id=815220 https://bugs.gentoo.org/show_bug.cgi?id=465000 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 815196, 815871, 816291 | ||
Bug Blocks: | 193766, 563798 |
Description
Piotr Karbowski (RETIRED)
2021-09-25 22:38:08 UTC
Introduced with https://bugs.gentoo.org/465000 extending the default PORTAGE_XATTR_EXCLUDE with system.posix_acl_access and trusted.SGI_ACL_FILE might be the best way to hnadle it. I think the simplest solution would be to actually copy (or hardlink) files into a temporary FILESDIR, resetting their mode and so on. This shouldn't be a big deal since the files are supposed to be small. I'm afraid though that a similar problem applies to DISTDIR and copying everything there is not really an option. +1 for the changes you propose in your pull request. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=2fa008aae8571d525af1f5ca7cf4cce90d835826 commit 2fa008aae8571d525af1f5ca7cf4cce90d835826 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-09-26 07:07:32 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-09-26 10:19:39 +0000 Copy files/* into the work tree instead of symlinking it Symlinking FILESDIR into the work tree has the unintended consequence of preserving all original file metadata, including system-specific ACLs and so on. When these files are installed, this could lead to unintentionally copying this metadata to the system and/or binary packages. Let's copy all files instead and drop metadata in the process. Since FILESDIR is expected to be small by design, this shouldn't cause any major trouble. It is also easier and less likely to cause regressions than making sure stuff is not preserved when installing. Unfortunately, a similar problem applies to DISTDIR. However, installing files from DISTDIR is rarer than from FILESDIR, so I guess we'll cross that bridge when we get to it. Bug: https://bugs.gentoo.org/814857 Signed-off-by: Michał Górny <mgorny@gentoo.org> bin/phase-functions.sh | 2 +- lib/portage/package/ebuild/prepare_build_dirs.py | 19 +++++++++---------- 2 files changed, 10 insertions(+), 11 deletions(-) Final fix was, I think: From 773ba1701f94bdd46086d294efcf97985b67841d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org> Date: Tue, 28 Sep 2021 13:23:16 +0200 Subject: [PATCH] Attempt to fix creating FILESDIR properly MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since we perform a mode fixup on FILESDIR anyway, just let copytree() create it. This should finally fix all the problems: have the directory created without errors and work with Python < 3.8. Signed-off-by: Michał Górny <mgorny@gentoo.org> --- lib/portage/package/ebuild/prepare_build_dirs.py | 1 - 1 file changed, 1 deletion(-) Still need to handle DISTDIR somehow. The state of this is unclear. It reads like FILESDIR is fixed, but the fix was reverted, so we're back to where we were originally. |