commit: 85f802845a7ed449b1cedea3cf7c26af5f6f6d7a parent 5ebd76c08b77de35c5277fda3adebef150ed66e1 Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me> Date: Fri, 18 Jul 2025 11:45:23 +0200 sys-apps/portage-3.0.68: fix mktemp usage in etc-update(1)Diffstat:
| A | patches/sys-apps/portage-3.0.68/portage-3.0.68-consistent_mktemp.patch | 166 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
1 file changed, 166 insertions(+), 0 deletions(-)diff --git a/patches/sys-apps/portage-3.0.68/portage-3.0.68-consistent_mktemp.patch b/patches/sys-apps/portage-3.0.68/portage-3.0.68-consistent_mktemp.patch@@ -0,0 +1,166 @@ +Reduced to bin/etc-update + +commit 9b95224283b2ed992c482956df952fada2fd41ef +Author: Kerin Millar <kfm@plushkava.net> +Date: 2025-06-10 10:54:10 +0100 + + Use mktemp(1) in a consistent and dependable fashion + + Though mktemp(1) is not a standard utility in the de jure sense, it is + already being employed by the following units. + + - bin/ebuild-helpers/doexe + - bin/ebuild-helpers/newins + - bin/ecompress + - bin/emerge-webrsync + - bin/estrip + - bin/etc-update + - bin/helper-functions.sh + - misc/emerge-delta-webrsync + + The motivation for this commit is to use mktemp(1) in a consistent way, + known to be compatible with the majority of popular implementations and + resulting in broadly predictable behaviour. Such is accomplished by + adhering to the following set of recommendations. + + - DO specify the -d or -u options, where appropriate + - DO specify the template in full, including the intended parent directory + - DO use -- to separate the template operand from the options + - DON'T specify any options other than -d or -u (for reasons of portability) + - DON'T specify more than six <X> chars in the template (for busybox support) + - DON'T assume TMPDIR will influence mktemp(1) on account of being an env var + + Accordingly, this commit adjusts all eight of the aforementioned units. + + In many cases, the parent directory of the temporary file is the value + of the 'T' variable, the expansion of which has been adjusted so as to + permit "/tmp" as a fallback value. The reason for this is to gradually + render various components of portage easier to test in isolation. + + Some of the units merit additional commentary, which is as below. + + # bin/ebuild-helpers/doexe + + Define an EXIT trap to guarantee the subsequent destruction of the + temporary directory. + + Check the exit status of mktemp(1). + + Assign the output of mktemp(1) to a variable whose name is in lowercase, + thereby reducing the probability of a namespace conflict and clarifying + that the variable is not expected to be defined by the parent process. + + # bin/ebuild-helpers/newins + + Assign the output of mktemp(1) to a variable whose name is in lowercase + + Set up the EXIT trap safely by ensuring that the 'tmpdir' variable is + assigned the null string beforehand (rather than trust the environment). + + # bin/emerge-webrsync + + Assign the output of mktemp(1) to a variable whose name is in lowercase. + To name the variable 'TMPDIR' was asburd, since its value can influence + the behaviour of other programs (if exportable). + + Define the EXIT trap safely by ensuring that the 'tmpdir' variable is + assigned the null string beforehand. + + Have the trap execute neither of the "set -u" nor "cd /" commands, for + both are unnecessary. + + Don't issue needless test -w commands after executing mktemp(1). Rather, + check whether mktemp(1) succeeds. + + # bin/estrip + + Define an EXIT trap to guarantee the subsequent destruction of the + temporary directory. + + # bin/etc-update + + Define an EXIT trap to guarantee the subsequent destruction of the + temporary directory. + + Have the show_diff() function define a RETURN trap to guarantee the + subsequent destruction of its localised temporary directory. + + # bin/helper-functions.sh + + Specify the -u option, thereby preventing mktemp(1) from creating an + unwanted regular file. + + # misc/emerge-delta-webrsync + + Assign the output of mktemp(1) to a variable whose name is in lowercase. + Again, 'TMPDIR' was an absurd choice. + + Define the EXIT trap safely by guaranteeing that the 'tmpdir' variable + is assigned the null string beforehand. + + Don't issue needless test -w commands after executing mktemp(1). Rather, + check whether mktemp(1) succeeds. + + See-also: e32009dfab8f4d22e3fb29817cd493ef1ff40768 + Signed-off-by: Kerin Millar <kfm@plushkava.net> + Signed-off-by: Sam James <sam@gentoo.org> + +diff --git a/bin/etc-update b/bin/etc-update +index 274bc6f7b..567fc6c74 100755 +--- a/bin/etc-update ++++ b/bin/etc-update +@@ -469,6 +469,8 @@ show_diff() { + local file1=$1 file2=$2 files=("$1" "$2") \ + diff_files=() file i tmpdir + ++ trap '[[ ${tmpdir} ]] && rm -r -- "${tmpdir}"' RETURN ++ + if [[ -L ${file1} && ! -L ${file2} && + -f ${file1} && -f ${file2} ]] ; then + # If a regular file replaces a symlink to a regular file, then +@@ -480,8 +482,9 @@ show_diff() { + diff_files[$i]=${files[$i]} + continue + fi +- [[ -n ${tmpdir} ]] || \ +- tmpdir=$(mktemp -d "${TMP}/symdiff-XXX") ++ if [[ ! ${tmpdir} ]]; then ++ tmpdir=$(mktemp -d -- "${TMP}/symdiff.XXXXXX") || exit ++ fi + diff_files[$i]=${tmpdir}/${i} + if [[ ! -L ${files[$i]} && ! -e ${files[$i]} ]] ; then + echo "/dev/null" > "${diff_files[$i]}" +@@ -508,8 +511,6 @@ show_diff() { + diff_command "${diff_files[0]}" "${diff_files[1]}" + echo "End of differences between ${file1} and ${file2}" + fi +- +- [[ -n ${tmpdir} ]] && rm -rf "${tmpdir}" + } + + do_cfg() { +@@ -819,17 +820,16 @@ SCAN_PATHS=${*:-${CONFIG_PROTECT}} + [[ " ${FEATURES} " == *" selinux "* ]] && \ + selinux=true || selinux=false + +-TMP="${PORTAGE_TMPDIR}/etc-update-$$" ++# Create a temporary directory whose subsequent removal is guaranteed. ++TMP= ++trap 'rm -rf -- "${TMP}"' EXIT ++TMP=$(mktemp -d -- "${PORTAGE_TMPDIR}/etc-update.XXXXXX") \ ++&& chown "${PORTAGE_INST_UID:-0}:${PORTAGE_INST_GID:-0}" -- "${TMP}" \ ++|| exit ++ + trap "die terminated" SIGTERM + trap "die interrupted" SIGINT + +-rm -rf "${TMP}" 2>/dev/null +-mkdir "${TMP}" || die "failed to create temp dir" +-# make sure we have a secure directory to work in +-chmod 0700 "${TMP}" || die "failed to set perms on temp dir" +-chown ${PORTAGE_INST_UID:-0}:${PORTAGE_INST_GID:-0} "${TMP}" || \ +- die "failed to set ownership on temp dir" +- + # Get all the user settings from etc-update.conf + cfg_vars=( + clear_term