commit: fd598766f50107544ff9b8ca7db37a24476a635a
Author: Kerin Millar <kfm <AT> plushkava <DOT> net>
AuthorDate: Mon Jun 23 02:10:12 2025 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jun 23 10:37:09 2025 +0000
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=fd598766
emerge-webrsync: purge the directory containing the ephemeral keyring
Presently, the check_file_signature_gpg() function will create an
ephemeral keyring in the case that the 'PORTAGE_GPG_DIR' variable is
unset or empty. However, should that happen, the temporary directory
that is created to contain the keyring is never destroyed. This commit
addresses the issue, while also making some adjacent changes. All of the
changes are described herewith.
As concerns the check_file_signature_gpg() function, refrain from using
the mktemp(1) utility to create the directory that is to contain the
ephemeral keyring. Instead, use mkdir(1) to create a "keyring" directory
that is a sub-directory of the path specified by the 'tmpdir' variable.
Consequently, it is guaranteed to be deleted by the cleanup() function.
As concerns the sync_local() function, if the decision is made to use
tar(1) to extract the tarball then create a "snapshot" directory that is
a sub-directory of the path specified by the 'tmpdir' variable before
switching to it. By extracting the contents of the tarball to this
distinct directory, it remains impossible for rsync(1) to inadvertently
include the contents of the keyring.
As concerns the sync_local() function, refrain from deleting the tarball
in the event that the --keep option was not specified. There is no need
to do so because, where the 'DISTDIR' variable is set to the value of
'tmpdir', it is already guaranteed that the tarball will be removed by
the cleanup() function. Nor are the tarballs particularly large.
As concerns the main() function, execute mktemp(1) in such a way that
the temporary directory is created as an immediate sub-directory of the
path specified by the 'PORTAGE_TMPDIR' variable. That way, it becomes
possible to drop the mkdir -p -- "${PORTAGE_TMPDIR}" command, whose exit
status was not being checked. Also, refrain from switching to the
temporary directory. Owing to the changes made to the sync_local()
function, there is no longer any need to do so.
Fixes: b8ab8e1c850b773dd17e503a22902b52a2d3a868
See-also: c9147587da34ecf6cd19bf1ed2d0835d3d8c1777
Signed-off-by: Kerin Millar <kfm <AT> plushkava.net>
Signed-off-by: Sam James <sam <AT> gentoo.org>
bin/emerge-webrsync | 19 ++++++++-----------
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/bin/emerge-webrsync b/bin/emerge-webrsync
index ca84d4498b..4ae1cb0c6a 100755
--- a/bin/emerge-webrsync
+++ b/bin/emerge-webrsync
@@ -55,17 +55,13 @@ main() {
die "Repository '${repo_name}' is not writable:
${repo_location}"
fi
- mkdir -p -- "${PORTAGE_TMPDIR}/portage"
-
# The cleanup function shall terminate defunct gpg-agent(1) processes
# and remove the destructable temporary directory.
unset -v GNUPGHOME tmpdir
trap cleanup EXIT
- # Create a destructable temporary directory and switch to it.
- tmpdir=$(mktemp -d -- "${PORTAGE_TMPDIR}/portage/webrsync.XXXXXX") \
- && cd -- "${tmpdir}" \
- || exit
+ # Create a destructable temporary directory.
+ tmpdir=$(mktemp -d -- "${PORTAGE_TMPDIR}/emerge-webrsync.XXXXXX") ||
exit
if (( ! opt[keep] )); then
DISTDIR=${tmpdir}
@@ -297,7 +293,8 @@ check_file_signature_gpg() {
# The PORTAGE_GPG_DIR variable is either unset or empty. Create
# a temporary directory to contain an ephemeral keyring into
# which Gentoo's distributed public key block shall be imported.
- GNUPGHOME=$(mktemp -d --
"${PORTAGE_TMPDIR}/portage/webrsync.XXXXXX") \
+ GNUPGHOME=${tmpdir:?}/keyring
+ ( umask 0077 && mkdir -- "${GNUPGHOME}" ) \
&& gpg --batch --import -- "${key}" \
|| exit
@@ -382,7 +379,7 @@ get_snapshot_timestamp() {
sync_local() {
local file=$1
- local ownership post_sync
+ local ownership snapshot_dir post_sync
local -a tarsync_opts rsync_opts
einfo "Syncing local repository ..."
@@ -408,14 +405,14 @@ sync_local() {
return 1
fi
else
+ snapshot_dir=${tmpdir:?}/snapshot
+ mkdir -- "${snapshot_dir}" && cd -- "${snapshot_dir}" || exit
+
if ! do_tar "${file}" -x --strip-components=1 -f -; then
eerror "tar failed to extract the image. tarball is
corrupt? (${file})"
return 1
fi
- # Free disk space
- (( opt[keep] )) || rm -f -- "${file}"
-
read -rd '' -a rsync_opts <<<"${PORTAGE_RSYNC_OPTS}
${PORTAGE_RSYNC_EXTRA_OPTS}"
if (( opt[quiet] )); then
rsync_opts+=( -q )
