926428 – Binary package signature verification trouble with sys-auth/pambase mktemp

Bug 926428 - Binary package signature verification trouble with sys-auth/pambase mktemp

Summary: Binary package signature verification trouble with sys-auth/pambase mktemp

Status:	RESOLVED DUPLICATE of bug 925422

Alias:	None

Product:	Portage Development
Classification:	Unclassified
Component:	Binary packages support (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Linux bug wranglers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-03-08 07:22 UTC by Luigi 'Comio' Mantellini
Modified:	2024-03-08 17:42 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Luigi 'Comio' Mantellini 2024-03-08 07:22:46 UTC

Dear all,

I'm trying the binary package on my home server (gentoo since 2016).

On this machine I enabled the sys-auth/pambase mktemp support in order to have a user private temp directory (/tmp/.private/$USER) that is readable and writeable only by the logged user. pam mktemp will configure TMP/TMPDIR accordantly.

The private tmp directory has very reduced rights with sticky bit also.

When I try to install a binary package, the gpg signature verification fails because the used user (nobody?) is not allowed to read/write files into /tmp/.private/root as pointed by TMP/TMPDIR environments.

Disabling the mktemp feature solves because the TMP/TMPDIR variables will be unset point to /tmp (world writable) directory.

I'm unable to provide a fix, but I think that unset the TMP/TMPDIR before to switch user should solve.

ciao

luigi

Comment 1 Sam James archtester

2024-03-08 17:42:45 UTC

Duplicate of bug 925422, I think?

*** This bug has been marked as a duplicate of bug 925422 ***