It's possible for pkg_setup to leave behind root owned files under $HOME with troublesome permissions for FEATURES=userpriv. Portage already adjusts permissions in $T in order to prevent problems, in the _post_phase_userpriv_perms function, and it could do the same for $HOME. Hopefully this will not violate PMS, which specifies identical behavior for both $T and $HOME. The permission adjustment should only grant privileges to the UID of the userpriv user, as established by bug 519566.
Patch posted for review: https://archives.gentoo.org/gentoo-portage-dev/message/a6cb4527a2aa29c3aafccc17d91b44e5 https://github.com/gentoo/portage/pull/535
so this would fix permission issues when doing the ebuild prepare with USE=-userpriv (ie. as root) then continue ebuild compile with USE=userpriv ? (ie. as portage user)
(In reply to gentoo_eshoes from comment #2) > so this would fix permission issues when doing the ebuild prepare with > USE=-userpriv (ie. as root) then continue ebuild compile with USE=userpriv ? > (ie. as portage user) You need to have FEATURES=userpriv enabled during the ebuild prepare for that to work, since the behavior is conditional on FEATURES=userpriv and it operates immediately following execution of an ebuild phase. It will execute the setup phase as root, grant permissions to the userpriv user's UID, and then execute the next phases as the userpriv user.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=2342e77eea8e00a572623f86d20cde2dc7098aa5 commit 2342e77eea8e00a572623f86d20cde2dc7098aa5 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-03-22 01:13:22 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-03-23 01:15:04 +0000 _post_phase_userpriv_perms: handle $HOME (bug 713100) Ensure that the userpriv UID has appropriate permission for files created in $HOME during privileged phases like pkg_setup, in the same way as for $T. This prevents potential permission issues for programs invoked during unprivileged phases, and it improves alignment with PMS which specifies identical behavior for both $HOME and $T. Bug: https://bugs.gentoo.org/713100 Signed-off-by: Zac Medico <zmedico@gentoo.org> lib/portage/package/ebuild/doebuild.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a0c4eab7417a7823cabe54ace677377114b18dd commit 6a0c4eab7417a7823cabe54ace677377114b18dd Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-03-23 03:02:25 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-03-23 03:03:33 +0000 sys-apps/portage: Bump to version 2.3.95 #713100 fix FEATURES=userpriv $HOME permissions #713726 emerge --info: Filter variables for credentials #713818 eqawarn: output to build log regardless of --quiet Bug: https://bugs.gentoo.org/711148 Bug: https://bugs.gentoo.org/713100 Bug: https://bugs.gentoo.org/713726 Bug: https://bugs.gentoo.org/713818 Package-Manager: Portage-2.3.95, Repoman-2.3.21 Signed-off-by: Zac Medico <zmedico@gentoo.org> sys-apps/portage/Manifest | 1 + sys-apps/portage/portage-2.3.95.ebuild | 268 +++++++++++++++++++++++++++++++++ 2 files changed, 269 insertions(+)
