New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add portage.process.check_output() function and use it in GitSync class #818
Conversation
This allows us to utilize existing logic for changing the user id in the called process. Bug: https://bugs.gentoo.org/838223 Signed-off-by: Mike Gilbert <floppym@gentoo.org>
In testing, I found that syncing with |
lib/portage/sync/modules/git/git.py
Outdated
status = portage._unicode_decode( | ||
subprocess.check_output( | ||
portage.process.check_output( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This call is problematic. The files gnupg files generated by gemato will be owned by root, but we need to run git as non-root to avoid the "'/var/db/repos/gentoo' is owned by someone else" error.
I think we would need to invoke the gemato setup code (self._get_openpgp_env()
) as the appropriate non-root user.
This ensures that any spawned gpg or git processes will have access to files in GNUPGHOME. Bug: https://bugs.gentoo.org/838223 Signed-off-by: Mike Gilbert <floppym@gentoo.org>
This PR breaks emerge --info when a git repo is configured.
|
Lifting the uid/gid/etc grabbing functionality from controller.py, we can get something like:
Though that duplicates a bit of code and I haven't dug into trying to make it more generic to fit into its own function. |
I'm really not sure where to go with this one. I feel like some code needs to be reworked (possibly in gemato), or we need to approach this problem from a different angle. I wonder if we could just disable git's new behavior without re-introducing whatever security issue it "solves". |
We might be able to do something like |
This allows us to utilize existing logic for changing the user id in the
called process.
Bug: https://bugs.gentoo.org/838223