Probably related to the variable preservation stuff, but $D did not used to be set inside pkg_postinst thus it was possible to use insinto/doins etc to affect the system directly. At least 3 packages relied on this: net-nds/openldap, www-servers/nginx, net-mail/cyrus-imspd mainly so they could use doins etc in the docert function of ssl-cert.eclass. Either block usage of doins etc outright in the postinst, or make $D be empty in there. # emerge --info Portage 2.1.3.16 (default-linux/ppc/ppc64/2007.1/32bit-userland/desktop/970/pmac, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-gentoo-G5 ppc64) ================================================================= System uname: 2.6.23-gentoo-G5 ppc64 PPC970MP, altivec supported Timestamp of tree: Tue, 23 Oct 2007 17:00:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p17 dev-lang/python: 2.4.4-r5 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.9-r2 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.61-r1 sys-devel/automake: 1.6.3, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.21 ACCEPT_KEYWORDS="ppc" CBUILD="powerpc-unknown-linux-gnu" CFLAGS="-O2 -pipe -mtune=970 -mcpu=970 -mabi=altivec" CHOST="powerpc-unknown-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -pipe -mtune=970 -mcpu=970 -mabi=altivec" DISTDIR="/home/gentoo/distfiles" FEATURES="autoconfig buildpkg ccache collision-protect distlocks lmirror metadata-transfer mirror parallel-fetch sandbox sfperms splitdebug strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" MAKEOPTS="-j5" PKGDIR="/home/gentoo/packages/buck-int-2007.1/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/dev/shm" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X acl alsa altivec arts bash-completion berkdb bitmap-fonts cairo cdr cli cracklib crypt cscope cups dbus dri dvd dvdr eds emboss encode esd fam firefox fortran gcc64 gdbm gif gnome gpm gstreamer gtk hal iconv ipv6 isdnlog jpeg kde ldap mad midi mikmod mp3 mpeg mudflap ncurses nls nptl nptlonly ogg opengl openmp oss pam pcre perl png ppc pppd python qt3 qt3support qt4 quicktime readline reflection sdl session spell spl ssl sysfs tcpd truetype truetype-fonts type1-fonts unicode vim-syntax vim-with-x vorbis xml xorg xv zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="dummy fbdev mach64 mga nv r128 radeon sisusb v4l" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
A guess we can alias forbidden helpers during appropriate phases and make them die. Making ${D} point at ${ROOT} seems like a bad idea.
Wouldn't fixing bug #152474 solve this?
yeah, i think so