From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 573D615803E for ; Tue, 2 Jan 2024 04:46:19 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9A3532BC02B; Tue, 2 Jan 2024 04:46:18 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7D8EC2BC02B for ; Tue, 2 Jan 2024 04:46:18 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 8B3183406C2 for ; Tue, 2 Jan 2024 04:46:17 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 2C61FDB1 for ; Tue, 2 Jan 2024 04:46:16 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1704168596.b071a966357a29e8450688a28ca918166b9e4eb0.sam@gentoo> Subject: [gentoo-commits] proj/portage:master commit in: /, lib/portage/dbapi/ X-VCS-Repository: proj/portage X-VCS-Files: NEWS lib/portage/dbapi/bintree.py X-VCS-Directories: lib/portage/dbapi/ / X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: b071a966357a29e8450688a28ca918166b9e4eb0 X-VCS-Branch: master Date: Tue, 2 Jan 2024 04:46:16 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: dafd9595-77d4-47be-8c44-1ecd42454ee3 X-Archives-Hash: 074f485538a779b7a48859c6db14a0d3 commit: b071a966357a29e8450688a28ca918166b9e4eb0 Author: Sam James gentoo org> AuthorDate: Tue Jan 2 04:00:02 2024 +0000 Commit: Sam James gentoo org> CommitDate: Tue Jan 2 04:09:56 2024 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=b071a966 bintree: don't call trust helper unless bindb is writable Followup to 6ae45739e208b7a9d59e0b6056be72a5791aae04. My qualm there wrt writable was whether or not doing something which mutated state (and therefore possibly the package list) would be confusing but that doesn't make much sense for a few reasons. Anyway, change the test to be not just for no-pretend, but also whether the bindb is writable too, as pretend is already a proxy for whether we may not have privileges (I can imagine someone possibly having bindb privileges but not /etc/portage/gnupg, so better to just head this off entirely). Bug: https://bugs.gentoo.org/915842 Bug: https://bugs.gentoo.org/920180 Signed-off-by: Sam James gentoo.org> NEWS | 3 ++- lib/portage/dbapi/bintree.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 038a4dbf8c..2ee334f20c 100644 --- a/NEWS +++ b/NEWS @@ -9,7 +9,8 @@ Release notes take the form of the following optional categories: portage-3.0.61 (UNRELEASED) -------------- -TODO +Bug fixes: +* bintree: Don't call trust helper unless bindb is writable (bug #915842, bug #920180). portage-3.0.60 (2024-01-02) -------------- diff --git a/lib/portage/dbapi/bintree.py b/lib/portage/dbapi/bintree.py index a139e37659..d352b6fc0e 100644 --- a/lib/portage/dbapi/bintree.py +++ b/lib/portage/dbapi/bintree.py @@ -1334,7 +1334,7 @@ class binarytree: # when binpackages are involved, not only when we refuse unsigned # ones. (If the keys have expired we end up refusing signed but # technically invalid packages...) - if not pretend: + if not pretend and self.dbapi.writable: self._run_trust_helper() gpkg_only = True else: