Re: [gentoo-portage-dev] precisions on installed packages' dependencies
On 3/22/20 5:38 PM, michael.lienha...@laposte.net wrote: > Dear all, > > Still in the process of improving my solver (and make it a usable tool), I > need to have a better idea on how installed packages should be managed. Great! > I didn't find anything on that topic in the PMS (if I've missed it, I'm > sorry). > Could you confirm/correct my following understanding: > 1. installed packages that are still in the portage tree can be > unmerged/updated without any restriction (as specified in their .ebuild) True. > 2. installed packages that are not in the portage tree can only be kept as > is or unmerged Installed packages may also implement pkg_config and pkg_info phases that can be executed via emerge --config and emerge --info. > 3. before removing a library, "ebuild unmerge" always checks if it is used > by another package: this means that installed packages' dependencies are > never broken. That's true if the package is removed via emerge --depclean, but emerge --unmerge does not account for dependencies. Also, it's possible for dependencies of installed packages to be temporarily broken by upgrades. In cases like this, the breakage will eventually be resolved by a rebuild (which occurs automatically for slot operator := deps), upgraded, or by emerge --depclean (which removes unneeded packages). > > Many thanks! > Michael > -- Thanks, Zac signature.asc Description: OpenPGP digital signature
[gentoo-portage-dev] precisions on installed packages' dependencies
Dear all, Still in the process of improving my solver (and make it a usable tool), I need to have a better idea on how installed packages should be managed. I didn't find anything on that topic in the PMS (if I've missed it, I'm sorry). Could you confirm/correct my following understanding: 1. installed packages that are still in the portage tree can be unmerged/updated without any restriction (as specified in their .ebuild) 2. installed packages that are not in the portage tree can only be kept as is or unmerged 3. before removing a library, "ebuild unmerge" always checks if it is used by another package: this means that installed packages' dependencies are never broken. Many thanks! Michael
[gentoo-portage-dev] [PATCH] _hide_url_passwd: replace all occurrences (bug 713726)
Adjust the regular expression to avoid overly-greedy .+ groups, so that is will properly replace all occurrences, as necessary for the purposes of bug 713726 since PORTAGE_BINHOST may contain multiple values. Bug: https://bugs.gentoo.org/713726 Signed-off-by: Zac Medico --- lib/portage/package/ebuild/fetch.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/portage/package/ebuild/fetch.py b/lib/portage/package/ebuild/fetch.py index f7984130f..28e7caf53 100644 --- a/lib/portage/package/ebuild/fetch.py +++ b/lib/portage/package/ebuild/fetch.py @@ -67,7 +67,7 @@ _userpriv_spawn_kwargs = ( ) def _hide_url_passwd(url): - return re.sub(r'//(.+):.+@(.+)', r'//\1:*password*@\2', url) + return re.sub(r'//([^:\s]+):[^@\s]+@', r'//\1:*password*@', url) def _want_userfetch(settings): -- 2.24.1
[gentoo-portage-dev] Re: [PATCH] _post_phase_userpriv_perms: handle $HOME (bug 713100)
Please ignor this accidental re-send, it is identical to this previous send: https://archives.gentoo.org/gentoo-portage-dev/message/a6cb4527a2aa29c3aafccc17d91b44e5 On 3/22/20 12:56 PM, Zac Medico wrote: > Ensure that the userpriv UID has appropriate permission for files > created in $HOME during privileged phases like pkg_setup, in the > same way as for $T. This prevents potential permission issues for > programs invoked during unprivileged phases, and it improves > alignment with PMS which specifies identical behavior for both > $HOME and $T. > > Bug: https://bugs.gentoo.org/713100 > Signed-off-by: Zac Medico > --- > lib/portage/package/ebuild/doebuild.py | 7 --- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/lib/portage/package/ebuild/doebuild.py > b/lib/portage/package/ebuild/doebuild.py > index 75fcb8a51..2bff94cb1 100644 > --- a/lib/portage/package/ebuild/doebuild.py > +++ b/lib/portage/package/ebuild/doebuild.py > @@ -1765,9 +1765,10 @@ def _post_phase_userpriv_perms(mysettings): > if "userpriv" in mysettings.features and secpass >= 2: > """ Privileged phases may have left files that need to be made > writable to a less privileged user.""" > - apply_recursive_permissions(mysettings["T"], > - uid=portage_uid, gid=portage_gid, dirmode=0o700, > dirmask=0, > - filemode=0o600, filemask=0) > + for path in (mysettings["HOME"], mysettings["T"]): > + apply_recursive_permissions(path, > + uid=portage_uid, gid=portage_gid, > dirmode=0o700, dirmask=0, > + filemode=0o600, filemask=0) > > > def _check_build_log(mysettings, out=None): > -- Thanks, Zac signature.asc Description: OpenPGP digital signature
[gentoo-portage-dev] [PATCH] emerge --info: Filter variables for credentials
From: "Sam James (sam_c)" Closes: https://bugs.gentoo.org/713726 Signed-off-by: Sam James (sam_c) Signed-off-by: Zac Medico --- lib/_emerge/actions.py | 4 1 file changed, 4 insertions(+) diff --git a/lib/_emerge/actions.py b/lib/_emerge/actions.py index 7a39d5ec7..392f98d4d 100644 --- a/lib/_emerge/actions.py +++ b/lib/_emerge/actions.py @@ -56,6 +56,7 @@ bad = create_color_func("BAD") warn = create_color_func("WARN") from portage.package.ebuild._ipc.QueryCommand import QueryCommand from portage.package.ebuild.doebuild import _check_temp_dir +from portage.package.ebuild.fetch import _hide_url_passwd from portage._sets import load_default_config, SETPREFIX from portage._sets.base import InternalPackageSet from portage.util import cmp_sort_key, writemsg, varexpand, \ @@ -1899,6 +1900,9 @@ def action_info(settings, trees, myopts, myfiles): if default is not None and \ default == v: continue + + v = _hide_url_passwd(v) + append('%s="%s"' % (k, v)) else: use = set(v.split()) -- 2.24.1
[gentoo-portage-dev] [PATCH] _post_phase_userpriv_perms: handle $HOME (bug 713100)
Ensure that the userpriv UID has appropriate permission for files created in $HOME during privileged phases like pkg_setup, in the same way as for $T. This prevents potential permission issues for programs invoked during unprivileged phases, and it improves alignment with PMS which specifies identical behavior for both $HOME and $T. Bug: https://bugs.gentoo.org/713100 Signed-off-by: Zac Medico --- lib/portage/package/ebuild/doebuild.py | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/portage/package/ebuild/doebuild.py b/lib/portage/package/ebuild/doebuild.py index 75fcb8a51..2bff94cb1 100644 --- a/lib/portage/package/ebuild/doebuild.py +++ b/lib/portage/package/ebuild/doebuild.py @@ -1765,9 +1765,10 @@ def _post_phase_userpriv_perms(mysettings): if "userpriv" in mysettings.features and secpass >= 2: """ Privileged phases may have left files that need to be made writable to a less privileged user.""" - apply_recursive_permissions(mysettings["T"], - uid=portage_uid, gid=portage_gid, dirmode=0o700, dirmask=0, - filemode=0o600, filemask=0) + for path in (mysettings["HOME"], mysettings["T"]): + apply_recursive_permissions(path, + uid=portage_uid, gid=portage_gid, dirmode=0o700, dirmask=0, + filemode=0o600, filemask=0) def _check_build_log(mysettings, out=None): -- 2.24.1