Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Binpkg host and /usr/portage/packages/*/* permissions
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
ville.aakko
Tux's lil' helper
Tux's lil' helper


Joined: 06 Aug 2006
Posts: 103
Location: Oulu, Finland

PostPosted: Tue Jun 30, 2020 12:43 pm    Post subject: Binpkg host and /usr/portage/packages/*/* permissions Reply with quote

Hi,

I've set up a binary package host according to this page.

In /etc/profile umask is set to:
Code:
/etc/profile:19:umask 022


I access the packages via SSH. This works fine, except portage and quickpkg create the files as root:root and with permissions -rw-r---. Of course, this won't work with a regular SSH user unless I periodically set the file permissions to be world-readable.

I can not find any other place besides /etc/profile, where umask is set (I checked by grepping whole of /etc). It seems portage does not respect this setting (but uses umask 137 instead).

Any ideas how to fix / where does portage (and quickpkg) get it's umask settings?

(EDIT:) I can see (at least) two solutions:
    1. Set the package files as world-readable
    2. Change the whole directory and contents to some group (say, remotepackages) and add the SSH user to that group

I believe either one would work (the host is only used for distributing packages, so world-readable is just fine, and I don't see any harm in other users reading the files). However 2nd option would be a bit more secure. There is a 3rd option: make the SSH user be able to access root account, but I think that is by far the least secure option.

Cheers!

p.s. I've found another thread about this issue in this thread but no solutions (making a new one since that one is ancient).
_________________
- Ville
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 18489

PostPosted: Tue Jun 30, 2020 9:36 pm    Post subject: Re: Binpkg host and /usr/portage/packages/*/* permissions Reply with quote

ville.aakko wrote:
portage and quickpkg create the files as root:root and with permissions -rw-r---.
How are you using quickpkg?

I ask because I've had other problems with it, and when I stopped using it, newer binpkgs do not seem to be created with "odd" permissions, although that wasn't my concern or problem*.

Reference: buildpkg, downgrade-backup & unmerge-backup conflict?
(to clarify, those are all options to emerge and/or FEATURES in make.conf)

* As a work around for the older binpkgs with the permissions issue, I use chmod after rsync. I had hoped all of the packages would have rebuilt by now, but they have not.
_________________
The media sells it and you live the role.
Back to top
View user's profile Send private message
ville.aakko
Tux's lil' helper
Tux's lil' helper


Joined: 06 Aug 2006
Posts: 103
Location: Oulu, Finland

PostPosted: Wed Jul 01, 2020 12:05 am    Post subject: Reply with quote

pjp wrote:
ville.aakko wrote:
portage and quickpkg create the files as root:root and with permissions -rw-r---.
How are you using quickpkg?
Mostly I don't use quickpkg. I just emerge the packages and have "buildpkg" in the FEATURES. I just mentioned it in case it would be expected them to have different behavior. I'm not aware there are many ways to use quickpkg (other than options with configuration files).

What I'm currently doing, is just run chmod recursively for the package dir after I've created new packages. However, sometimes one just forgets and I believe there should be a cleaner way to do this (or something odd with my system; the article mentions nothing about permissions).
_________________
- Ville
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 18489

PostPosted: Wed Jul 01, 2020 2:42 am    Post subject: Reply with quote

As I mentioned, I didn't have a permissions problem. I noticed it appeared to be a side effect of using "downgrade-backup" and "unmerge-backup" which use quickpkg. I stopped using those features in make.conf / FEATURES and the "odd" permissions on my binpkgs stopped.

What is the output of emerge --info ?
_________________
The media sells it and you live the role.
Back to top
View user's profile Send private message
ville.aakko
Tux's lil' helper
Tux's lil' helper


Joined: 06 Aug 2006
Posts: 103
Location: Oulu, Finland

PostPosted: Wed Jul 01, 2020 4:05 pm    Post subject: Reply with quote

Of course I should have posted emerge --info:
Code:
Portage 2.3.99 (python 3.7.7-final-0, default/linux/x86/17.0, gcc-9.3.0, glibc-2.30-r8, 5.7.6-zen1-1-zen i686)
=================================================================
System uname: Linux-5.7.6-zen1-1-zen-i686-Intel-R-_Core-TM-_i7-4790K_CPU_@_4.00GHz-with-gentoo-2.6
KiB Mem:    32823784 total,    680260 free
KiB Swap:   33554420 total,  32545780 free
Timestamp of repository gentoo: Mon, 29 Jun 2020 17:00:01 +0000
Head commit of repository gentoo: d3c212df2f7002f9601f68ef6f640df0625718de
sh bash 5.0_p17
ld GNU ld (Gentoo 2.33.1 p2) 2.33.1
distcc 3.3.3 i586-pc-linux-gnu [disabled]
app-shells/bash:          5.0_p17::gentoo
dev-lang/perl:            5.30.3::gentoo
dev-lang/python:          2.7.18::gentoo, 3.7.7-r2::gentoo, 3.8.2-r2::gentoo
dev-util/cmake:           3.16.5::gentoo
sys-apps/baselayout:      2.6-r1::gentoo
sys-apps/openrc:          0.42.1::gentoo
sys-apps/sandbox:         2.18::gentoo
sys-devel/autoconf:       2.69-r4::gentoo
sys-devel/automake:       1.16.1-r1::gentoo
sys-devel/binutils:       2.33.1-r1::gentoo
sys-devel/gcc:            9.3.0::gentoo
sys-devel/gcc-config:     2.3::gentoo
sys-devel/libtool:        2.4.6-r6::gentoo
sys-devel/make:           4.2.1-r4::gentoo
sys-kernel/linux-headers: 5.4-r1::gentoo (virtual/os-headers)
sys-libs/glibc:           2.30-r8::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://RetroMonster/gentoo-portage
    priority: -1000
    sync-rsync-extra-opts:
    sync-rsync-verify-jobs: 1
    sync-rsync-verify-max-age: 24
    sync-rsync-verify-metamanifest: yes

ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="@FREE"
CBUILD="i586-pc-linux-gnu"
CFLAGS="-O2 -march=k6-3 -pipe -fomit-frame-pointer"
CHOST="i586-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -march=k6-3 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--jobs=8 --load-average=4"
ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -march=k6-3 -pipe -fomit-frame-pointer"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -march=k6-3 -pipe -fomit-frame-pointer"
GENTOO_MIRRORS="rsync://ftp.fi.muni.cz/pub/linux/gentoo/ rsync://mirror.dkm.cz/gentoo/ rsync://mirror.eu.oneandone.net/gentoo/ rsync://mirror.netcologne.de/gentoo/ rsync://ftp.halifax.rwth-aachen.de/gentoo/ rsync://ftp.fau.de/gentoo rsync://ftp-stud.hs-esslingen.de/gentoo/ rsync://mirror.leaseweb.com/gentoo/ rsync://ftp.snt.utwente.nl/gentoo ftp://mirror.mdfnet.se/gentoo http://mirror.mdfnet.se/gentoo rsync://mirror.bytemark.co.uk/gentoo/"
LANG="fi_FI.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="fi en"
MAKEOPTS="-j7"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="acl alsa bash-completion berkdb bzip2 cddb cdio cli crypt cue curl discid distcc dri flac fortran gdbm gpm iconv ipv6 libtirpc mad mikmod modplug ncurses nls nptl openmp pam pcre pulseaudio readline seccomp sid split-usr ssl tcpd timidity unicode vorbis wavpack x86 xattr zlib" ABI_X86="32" ADA_TARGET="gnat_2018" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx 3dnow 3dnowext" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput" KERNEL="linux" L10N="fi en" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-2" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_7" PYTHON_TARGETS="python2_7 python3_7" RUBY_TARGETS="ruby25" USERLAND="GNU" VIDEO_CARDS="nouveau" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

_________________
- Ville
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 18489

PostPosted: Wed Jul 01, 2020 6:51 pm    Post subject: Reply with quote

I'm not seeing anything.

Unless you're using quickpkg manually, that doesn't appear to be a factor. It does have a cli umask option and QUICKPKG_DEFAULT_OPTS where that could be included.

I don't see any umask references in in /usr/lib that look suspicious (grep -R umask). Portage related utilities seem to set it explicitly.

I wouldn't think root or user dot files would alter portage umask, but maybe something there.

The portage user doesn't have a shell, but maybe something odd in its environment? I'm not sure if this is a useful test as utilities appear to set defaultst: sudo -u portage -g portage /bin/sh -c "umask"

xattr doesn't seem likely either, but maybe worth confirming.
_________________
The media sells it and you live the role.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum