Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 707930 - sys-apps/portage - set GIT_CEILING_DIRECTORIES during ebuild execution
Summary: sys-apps/portage - set GIT_CEILING_DIRECTORIES during ebuild execution
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Core - Ebuild Support (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Portage team
Depends on: 558556
  Show dependency tree
Reported: 2020-02-02 14:09 UTC by Gentookh
Modified: 2021-10-22 06:57 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Gentookh 2020-02-02 14:09:22 UTC
See examples of this issue:

Nothing above WORKDIR should affect sandbox configuration process.
Comment 1 Sergei Trofimovich (RETIRED) gentoo-dev 2020-02-02 15:48:11 UTC
It's not clear from those bugs what is your setup and why you think sandbox is not correct here. Can you elaborate?
Comment 2 Mike Gilbert gentoo-dev 2020-02-02 16:20:58 UTC
The point of sandbox is to catch processes that try to write outside of permitted directories.

By creating a git repo in the root directory, you are inviting any ebuild that calls git to write there. There is no way sandbox can reasonably prevent this from happening.

Here are some options for you:

1. Don't put a git repo in /.
2. Disable the sandbox and usersandbox portage features.
3. Add /.git to SANDBOX_PREDICT in /etc/sandbox.conf.
Comment 3 Gentookh 2020-02-02 16:46:34 UTC
>you are inviting any ebuild that calls git to write there.
Why not have WORKDIR/.git created for such ebuilds?
Comment 4 Mike Gilbert gentoo-dev 2020-02-02 17:03:23 UTC
(In reply to Gentookh from comment #3)
> >you are inviting any ebuild that calls git to write there.
> Why not have WORKDIR/.git created for such ebuilds?

That may cause problems with build systems that try to detect whether they are running in a git repo.

Also, it's an unnecessary hack on most systems.
Comment 5 Mike Gilbert gentoo-dev 2020-02-02 17:17:08 UTC
Another possible solution: add GIT_CEILING_DIRECTORIES="${PORTAGE_TMPDIR}" to make.conf.
Comment 6 Gentookh 2020-02-02 17:22:14 UTC
Why not make this default?
Comment 7 Mike Gilbert gentoo-dev 2020-02-02 17:42:58 UTC
That would require a code change in portage to set the variable after all config files have been processed.
Comment 8 Zac Medico gentoo-dev 2020-02-02 23:21:50 UTC
PMS may want to say something about this, since an implicit GIT_CEILING_DIRECTORIES setting will effectively change the interface between the package manager and ebuilds.
Comment 9 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2020-02-03 05:40:06 UTC
Technically speaking, you've just made your system a test case for ebuilds misbehaving.  I'd say Portage should not workaround it, if only not to prevent people from testing this kind of behavior.  If you don't want to test it and report bugs, work around it locally.
Comment 10 Gentookh 2020-02-03 08:28:38 UTC
I already reported this bug as one that affects a couple of ebuilds and seems to be present for a long time. I've added a link to this issue in case you WONTFIX it :-)
Comment 11 Mike Gilbert gentoo-dev 2020-02-03 22:28:33 UTC
After discussion in #gentoo-qa, it sounds like we are probably not going to implement a solution in Portage.

Please use one of the available workarounds if you absolutely insist on putting a git repo in your system root directory.