891863 – sys-apps/portage should not install tmpfiles snippet to create /tmp/portage

Bug 891863 - sys-apps/portage should not install tmpfiles snippet to create /tmp/portage

Summary: sys-apps/portage should not install tmpfiles snippet to create /tmp/portage

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Portage Development
Classification:	Unclassified
Component:	Unclassified (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Portage team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-01-23 18:07 UTC by pa4wdh
Modified:	2023-05-26 13:52 UTC (History)
CC List:	0 users

See Also:	853283 603222
Package list:
Runtime testing required:	---

Attachments
Patch to split portage-tmpdir.conf (split-portage-tmpdir.conf.patch,2.27 KB, patch) 2023-01-25 11:07 UTC, pa4wdh	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description pa4wdh 2023-01-23 18:07:43 UTC

I recently noticed that /tmp/portage has been added to /usr/lib/tmpfiles.d/portage-tmpdir.conf which in my opinion doesn't make sense. It is not used by portage by default, and anyone who wishes to defer from defaults should take their own responsibility to make sure it works well and securely.
I recently updated to portage 3.0.41 which shows this behavior, i have not noticed it before but i'm not sure which version started this behavior.

Related forum discussion:
https://forums.gentoo.org/viewtopic-t-1160919.html

Reproducible: Always

Steps to Reproduce:
1. ls -l /tmp
2. See /tmp/protage exists with owner and group "portage"
3. cat /usr/lib/tmpfiles.d/portage-tmpdir.conf
4. See /tmp/portage listed
Actual Results:  
Directory is created at boot.

Expected Results:  
Directories not used by the default configuration should not be created by supplied configuration files.

Seems like a misconfiguration in /usr/lib/tmpfiles.d/portage-tmpdir.conf

Comment 1 Mike Gilbert gentoo-dev

2023-01-23 18:27:46 UTC

It is very common for users to set PORTAGE_TMPDIR="/tmp".

The extra directory in /tmp wont hurt you.

Comment 2 pa4wdh 2023-01-24 18:23:45 UTC

Thanks for the link to bug 853283.

I understand the directory won't hurt me :-). I do think it's existence is a sign tmpfiles is not the right tool for the job.

Quote from my forum post:
I think the main problem is that tmpfiles is not the right tool for the job:
Job at hand: Create a directory with given name and permissions where the location is stored in a variable.
What tmpfiles can do: Create a directory with a given name and permissions at a fixed location.

Comment 3 Mike Gilbert gentoo-dev

2023-01-24 18:54:09 UTC

I don't care that it is not a perfect solution. It's good enough for 99.9% of users, with no significant downside.

Comment 4 Mike Gilbert gentoo-dev

2023-01-24 19:03:34 UTC

If you would like to submit a patch to make Portage handle PORTAGE_TMPDIR in a secure manner, we can reconsider dropping the tmpfiles snippet after said patch is merged. Until then, this stays as WONTFIX.

Comment 5 pa4wdh 2023-01-25 11:07:22 UTC

Created attachment 849181 [details, diff]
Patch to split portage-tmpdir.conf

Sure, will take some while as i have to familiarize myself with the portage code (and potentially systemd's tmpfiles implementation since that seems to be considered secure).

As a quick fix proposal I made a small patch the for the ebuild (since portage-tmpdir.conf is supplied with the ebuild) to split the tmpfiles entries into two files so users can INSTALL_MASK the one they don't need without affecting the other.

Comment 6 Mike Gilbert gentoo-dev

2023-01-25 14:23:39 UTC

(In reply to pa4wdh from comment #5)

INSTALL_MASK is the wrong approach. I would suggest copying the file to /etc/tmpfiles.d/portage-tmpdir.conf and removing the line you do not want.

Comment 7 pa4wdh 2023-01-25 15:43:43 UTC

Thanks for the suggestion for using /etc/tmpfiles.d/portage-tmpdir.conf, that works. I keep forgetting that silly systemd way of working :-)