git-version-get, which is used in build system for checking tarball origin under certain conditions can report that tarball is dirty and trying to git clone from upstream git repository of a package. it should check if tarball is a release and stop. This gives sandbox violation during emerge. Reproducible: Always Steps to Reproduce: 1. have .git in / Any repository 2. emerge speech-dispatcher 3. notice a sandbox violation Actual Results: ... checking for xgettext... (cached) /usr/bin/xgettext * ACCESS DENIED: open_wr: /.git/index.lock * ACCESS DENIED: open_wr: /.git/index.lock * ACCESS DENIED: open_wr: /.git/index.lock checking for x86_64-pc-linux-gnu-gcc... (cached) x86_64-pc-linux-gnu-gcc ...
Created attachment 424512 [details, diff] patch
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=adc72bb8a7dcdd0866e9030ff4610e9c13cce08b commit adc72bb8a7dcdd0866e9030ff4610e9c13cce08b Author: Michael Weber <xmw@gentoo.org> AuthorDate: 2018-01-28 20:21:05 +0000 Commit: Michael Weber <xmw@gentoo.org> CommitDate: 2018-01-28 20:21:05 +0000 app-accessibility/speech-dispatcher: Limit errornous git invocation to ${WORKDIR} by exporting GIT_CEILING_DIRECTORIES. Closes: https://bugs.gentoo.org/573732 Bug: https://bugs.gentoo.org/558556 Package-Manager: Portage-2.3.20, Repoman-2.3.6 app-accessibility/speech-dispatcher/speech-dispatcher-0.8.3.ebuild | 5 ++++- app-accessibility/speech-dispatcher/speech-dispatcher-0.8.7.ebuild | 3 +++ 2 files changed, 7 insertions(+), 1 deletion(-)
