Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 539402 - sys-apps/portage: repoman inappropriately accesses ebuilds from the master repo when checking an overlay
Summary: sys-apps/portage: repoman inappropriately accesses ebuilds from the master re...
Status: RESOLVED FIXED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Repoman (show other bugs)
Hardware: All All
: Normal normal (vote)
Assignee: Portage team
URL:
Whiteboard:
Keywords: InVCS
Depends on:
Blocks: 484436
  Show dependency tree
 
Reported: 2015-02-09 00:02 UTC by Zac Medico
Modified: 2015-02-12 06:06 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
match Atom("%s::%s" % (pkg.cp, repo_config.name)) (repoman.patch,483 bytes, patch)
2015-02-09 00:02 UTC, Zac Medico
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Zac Medico gentoo-dev 2015-02-09 00:02:36 UTC
Created attachment 395946 [details, diff]
match Atom("%s::%s" % (pkg.cp, repo_config.name))

In repoman, portdb.xmatch("match-visible", pkg.cp) is used to check the list of visible ebuilds. However, instead of pkg.cp, when checking an overlay it needs use an atom which restricts the match to the appropriate repo. Otherwise, it risks matching ebuilds from the master repo(s). The following digest verification error demonstrates the problem occuring:

jule@localhost ~/git/games-overlay/games-board/stockfish $ repoman full
 
RepoMan scours the neighborhood...
 * Digest verification failed:
 * /usr/portage/games-board/stockfish/stockfish-6.ebuild
 * Reason: Filesize does not match recorded size
 * Got: 1026
 * Expected: 1025

Note that the digest error occurs for the master repository, even though it's games-overlay that is being checked.
Comment 1 Zac Medico gentoo-dev 2015-02-09 00:46:25 UTC
This is in the master branch now:

https://github.com/gentoo/portage/commit/21b4db4b9db1ed79d0f62e9761c29acde490fbc1
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2015-02-09 07:47:42 UTC
Just guessing what it does, but wouldn't it cause dependency errors when overlays depend on packages in master?
Comment 3 Zac Medico gentoo-dev 2015-02-09 18:44:47 UTC
(In reply to Michał Górny from comment #2)
> Just guessing what it does, but wouldn't it cause dependency errors when
> overlays depend on packages in master?

The patch just fixes code that checks if the current ebuild being checked is masked, which has nothing to do with dependencies.
Comment 4 Brian Dolbec gentoo-dev 2015-02-12 06:06:56 UTC
Released in portage-2.2.17