diff options
author | Sam James <sam@gentoo.org> | 2024-01-02 04:00:02 +0000 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2024-01-02 04:09:56 +0000 |
commit | b071a966357a29e8450688a28ca918166b9e4eb0 (patch) | |
tree | d8e2916bd9d4e5735c38a597c54473a9d31b1c0e | |
parent | NEWS: add placeholder (diff) | |
download | portage-b071a966357a29e8450688a28ca918166b9e4eb0.tar.gz portage-b071a966357a29e8450688a28ca918166b9e4eb0.tar.bz2 portage-b071a966357a29e8450688a28ca918166b9e4eb0.zip |
bintree: don't call trust helper unless bindb is writable
Followup to 6ae45739e208b7a9d59e0b6056be72a5791aae04. My qualm there wrt
writable was whether or not doing something which mutated state (and therefore
possibly the package list) would be confusing but that doesn't make much sense
for a few reasons.
Anyway, change the test to be not just for no-pretend, but also whether the
bindb is writable too, as pretend is already a proxy for whether we may
not have privileges (I can imagine someone possibly having bindb privileges
but not /etc/portage/gnupg, so better to just head this off entirely).
Bug: https://bugs.gentoo.org/915842
Bug: https://bugs.gentoo.org/920180
Signed-off-by: Sam James <sam@gentoo.org>
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | lib/portage/dbapi/bintree.py | 2 |
2 files changed, 3 insertions, 2 deletions
@@ -9,7 +9,8 @@ Release notes take the form of the following optional categories: portage-3.0.61 (UNRELEASED) -------------- -TODO +Bug fixes: +* bintree: Don't call trust helper unless bindb is writable (bug #915842, bug #920180). portage-3.0.60 (2024-01-02) -------------- diff --git a/lib/portage/dbapi/bintree.py b/lib/portage/dbapi/bintree.py index a139e3765..d352b6fc0 100644 --- a/lib/portage/dbapi/bintree.py +++ b/lib/portage/dbapi/bintree.py @@ -1334,7 +1334,7 @@ class binarytree: # when binpackages are involved, not only when we refuse unsigned # ones. (If the keys have expired we end up refusing signed but # technically invalid packages...) - if not pretend: + if not pretend and self.dbapi.writable: self._run_trust_helper() gpkg_only = True else: |