From patchwork Wed Feb 22 12:16:03 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Levente Polyak <anthraxx@archlinux.org>
X-Patchwork-Id: 17
Return-Path: <arch-projects-bounces@archlinux.org>
Delivered-To: patchwork@archlinux.org
Received: from nymeria.archlinux.org
	by nymeria.archlinux.org (Dovecot) with LMTP id 0azHHB2BrVjTWwAAtiB/HQ
	for <patchwork@archlinux.org>; Wed, 22 Feb 2017 13:16:29 +0100
Received: from nymeria.archlinux.org (localhost.localdomain [127.0.0.1])
	by nymeria.archlinux.org (Postfix) with ESMTP id A32A840338;
	Wed, 22 Feb 2017 13:16:27 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
	nymeria.archlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.3 required=2.5 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_MED shortcircuit=no
	autolearn=unavailable autolearn_force=no version=3.4.1
Received: from luna.archlinux.org (luna.archlinux.org
 [IPv6:2a01:4f8:160:3033::2])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by nymeria.archlinux.org (Postfix) with ESMTPS;
	Wed, 22 Feb 2017 13:16:27 +0100 (CET)
Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1])
	by luna.archlinux.org (Postfix) with ESMTP id 6C65D2CCAF;
	Wed, 22 Feb 2017 12:16:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=archlinux.org;
	s=luna2; t=1487765787;
	bh=Zja4krRhq2Jui3MaQe80xboXXvyZjaCSpz7awiZ3ipk=;
	h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:
	 List-Post:List-Help:List-Subscribe:Reply-To;
	b=iw4N0wIvWKKy3mbf44Xk+jXKEkjfep1l93gO6+9HKAHMYRRBlRjAz7ppg7Y5qECtx
	 +ArzbXvLS62VkIZvfta+SB9CvdIJrPlDE4qYk+JMtvyFqyrojof5p+4FARNrIGBg3W
	 XRe4buSbf2WdbKJ5nImCstbKR8DB+5+sNgXbA2mTRAseFy+imgFg4wWy4hR7i/UjVO
	 g8gQlIboBkxD7yeWDT2zeTPNdu66JOdnkWKoRaxOG3/MZK6JYCdaBft23X+YflLvO8
	 y111ocj4ZJssfBezVdh5QfEbrQY1yjygY/sO8tcZFkIox7saendAsRBzA7ybCIU/qT
	 mCJ4L6VkRYs2NiEwLOef5gTpFEvWn/bcbxulJj2hf+dAWiAGcdaSIFalchS+XW8WvI
	 UZUIqVSmdbiAxq4HG6HUygOkxWKD4DD7lOUCNHA7wXyFQL20KsNucHdisAM0Zi7oaG
	 VhOsfpIL39LV9T00ajD6Ps2cSqPe0rSaTjCJ1hq/VKhcw3vdfhidCVMryQrwDeg7KP
	 o/R02IEw+xaasNuc5Y1O5SfVcpdi/STRy7KNdeDHBySyV8hTjvPvEB4tUsBx7C7N6x
	 zYg0DGQ0Kfm1Bhpl/nsG/HfuccZ4NfYOLrXq+mGCe17/jba2amkqbJD9xpNCa1ObPf
	 qTAi6mjMI8cpj6uTNtMXbNoQ=
Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1])
 by luna.archlinux.org (Postfix) with ESMTP id D101C2CCAB
 for <arch-projects@lists.archlinux.org>;
 Wed, 22 Feb 2017 12:16:24 +0000 (UTC)
Received: from nymeria.archlinux.org (nymeria.archlinux.org
 [IPv6:2a00:1828:2000:547::2])
 by luna.archlinux.org (Postfix) with ESMTPS
 for <arch-projects@lists.archlinux.org>;
 Wed, 22 Feb 2017 12:16:24 +0000 (UTC)
Received: from nymeria.archlinux.org (localhost.localdomain [127.0.0.1])
 by nymeria.archlinux.org (Postfix) with ESMTP id 80FA6402B5
 for <arch-projects@archlinux.org>; Wed, 22 Feb 2017 13:16:23 +0100 (CET)
Received: from wp016.webpack.hosteurope.de (wp016.webpack.hosteurope.de
 [IPv6:2a01:488:42:1000:50ed:8417::])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by nymeria.archlinux.org (Postfix) with ESMTPS
 for <arch-projects@archlinux.org>; Wed, 22 Feb 2017 13:16:23 +0100 (CET)
Received: from [46.189.78.184] (helo=localhost.localdomain); authenticated
 by wp016.webpack.hosteurope.de running ExIM with esmtpsa
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 id 1cgVqE-00059F-6r; Wed, 22 Feb 2017 13:16:18 +0100
From: Levente Polyak <anthraxx@archlinux.org>
To: arch-projects@archlinux.org
Date: Wed, 22 Feb 2017 13:16:03 +0100
Message-Id: <20170222121603.13516-1-anthraxx@archlinux.org>
X-Mailer: git-send-email 2.11.1
X-bounce-key: webpack.hosteurope.de; anthraxx@archlinux.org; 1487765783;
 6a4b2c1a;
X-HE-SMSGID: 1cgVqE-00059F-6r
Subject: [arch-projects] [devtools] [PATCH] fix potential non-writable
 directories of builduser in /build
X-BeenThere: arch-projects@archlinux.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Arch Linux projects development discussion
 <arch-projects.archlinux.org>
List-Unsubscribe: <https://lists.archlinux.org/options/arch-projects>,
 <mailto:arch-projects-request@archlinux.org?subject=unsubscribe>
List-Archive: <https://lists.archlinux.org/pipermail/arch-projects/>
List-Post: <mailto:arch-projects@archlinux.org>
List-Help: <mailto:arch-projects-request@archlinux.org?subject=help>
List-Subscribe: <https://lists.archlinux.org/listinfo/arch-projects>,
 <mailto:arch-projects-request@archlinux.org?subject=subscribe>
Reply-To: Arch Linux projects development discussion
 <arch-projects@archlinux.org>
Errors-To: arch-projects-bounces@archlinux.org
Sender: "arch-projects" <arch-projects-bounces@archlinux.org>
X-UID: 54
Status: 
X-Keywords: 
Content-Length: 789

This removes the preservation of HOME being /build just for the pacman
sudo call. Former leads to unbuildable packages when an to be installed
dependency writes something into the HOME dir (f.e. .config). The
resulting directories won't be writable by the builduser as they are
owned by root:root and ultimately will fail to build anything that
requires so.
---
 makechrootpkg.in | 1 -
 1 file changed, 1 deletion(-)

diff --git a/makechrootpkg.in b/makechrootpkg.in
index 284d444..0336640 100644
--- a/makechrootpkg.in
+++ b/makechrootpkg.in
@@ -173,7 +173,6 @@ prepare_chroot() {
 	done
 
 	cat > "$copydir/etc/sudoers.d/builduser-pacman" <<EOF
-Defaults env_keep += "HOME"
 builduser ALL = NOPASSWD: /usr/bin/pacman
 EOF
 	chmod 440 "$copydir/etc/sudoers.d/builduser-pacman"