Summary: | FEATURES="usersync" invokes git as root | ||
---|---|---|---|
Product: | Portage Development | Reporter: | Sam James <sam> |
Component: | Core | Assignee: | Portage team <dev-portage> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | correabuscar+gentoo_bugs, d, flow, gentoo |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=838223 https://bugs.gentoo.org/show_bug.cgi?id=701184 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Sam James
2022-10-16 18:27:53 UTC
Isn't 'userfetch' the one that is supposed to make git run as non-root? From man make.conf: userfetch When portage is run as root, drop privileges to portage:portage during the fetching of package sources. userpriv Allow portage to drop root privileges and compile packages as portage:portage without a sandbox (unless usersandbox is also used). usersandbox Enable the sandbox in the compile phase, when running without root privs (userpriv). usersync Drop privileges to the owner of ${repository_location} for emerge(1) --sync operations. Note that this feature assumes that all subdi‐ rectories of ${repository_location} have the same ownership as ${repository_location} itself. It is the user's responsibility to ensure correct ownership, since otherwise Portage would have to waste time validating ownership for each and every sync operation. (In reply to Emanuel Czirai from comment #1) I actually think we are talking about "usersync" here, not "userfetch" or "userpriv". flow, could I tempt you into looking at this? |