manatee
n00b
Joined: 09 Mar 2025
Posts: 1
|
 Posted: Sat Apr 12, 2025 7:28 pm Post subject: [Portage Sandbox] gpg pinentry issues from sandbox |
 |
|
I use the secureboot global use flag which causes some packages like GRUB to consume a db.key during ebuild. I keep this key secured by gpg and need to decrypt it before emerging.
I had been providing this key to packages through a function hook pre_src_install in /etc/portage/bashrc.
In the past this worked. I would get a pinentry-qt popup when GRUB needed the key and decrypt fine. Now I get errors like:
| Code: |
* ERROR: gpg failed during provide_db_key:
* gpg: encrypted with <<KEYINFO>> gpg: public key decryption failed: Inappropriate ioctl for device gpg: decryption failed: Inappropriate ioctl for device
* ERROR: sys-boot/grub-2.12-r6::gentoo failed (setup phase):
* (no error message)
*
* Call stack:
* ebuild.sh, line 136: Called pre_pkg_setup
* bashrc, line 3: Called provide_db_key
* bashrc, line 35: Called die
|
If I set the pinentry to pinentry-tty:
| Code: |
gpg: connection to the agent established gpg: pinentry launched (185 tty 1.3.1-unknown - xterm-256color - - 0/0 0) gpg: public key decryption failed: Operation cancelled gpg: decryption failed: Operation cancelled
|
The script:
| Code: |
function pre_pkg_setup() {
# If this package uses the secureboot use flag provide the decrypted key at $SECUREBOOT_SIGN_KEY
package_uses_flag secureboot && register_die_hook clean_db_key && provide_db_key
}
function post_src_install() {
# No point in looping over each package's IUSE to conditionally clean_db_key. Just do it.
clean_db_key
}
# Decrypt and write db.key.gpg to $SECUREBOOT_SIGN_KEY
function provide_db_key() {
source "/root/secure_boot/secrets.env"
# Create the temporary file with root only access
touch $SECUREBOOT_SIGN_KEY
chmod 600 $SECUREBOOT_SIGN_KEY
# Run the gpg command to decrypt the key
# Stderr goes to stdout, which ends up in a variable
# Stdout goes to $SECUREBOOT_SIGN_KEY
STDERR=$(gpg --verbose --homedir "/root/.gnupg" --decrypt $ENCRYPTED_SIGNING_KEY 2>&1 > $SECUREBOOT_SIGN_KEY)
# If the gpg command failed print to eerror and die
if [ $? -ne 0 ]; then
local a="ERROR: gpg failed during provide_db_key:\n"
local b="$(sed 's/^/\ \ /' <<< $STDERR)"
eerror $a$b
die
fi
}
function clean_db_key() {
test -f $SECUREBOOT_SIGN_KEY && rm $SECUREBOOT_SIGN_KEY
}
# Helper function for determining if a package has a specific use flag
# The provided Gentoo helper "use" calls the "die" helper without the -n argument which prevents the use of "nofatal"
function package_uses_flag() {
for i in $IUSE; do
if [ "$i" == "$1" ]; then return 0; fi
done
return 1
}
|
emerge --info '=sys-boot/grub-2.12-r6::gentoo'
| Code: |
Portage 3.0.67 (python 3.12.10-final-0, default/linux/amd64/23.0/hardened, gcc-14, glibc-2.41-r1, 6.14.0-gentoo x86_64)
=================================================================
System Settings
=================================================================
System uname: Linux-6.14.0-gentoo-x86_64-12th_Gen_Intel-R-_Core-TM-_i5-12600K-with-glibc2.41
KiB Mem: 32651644 total, 27872752 free
KiB Swap: 16617468 total, 16617468 free
Timestamp of repository gentoo: Fri, 11 Apr 2025 00:00:00 +0000
Head commit of repository gentoo: b7174b58acae7f89833644d337240b61dd34d2ff
Timestamp of repository steam-overlay: Thu, 10 Apr 2025 14:37:59 +0000
Head commit of repository steam-overlay: 394c889d0d01a424c248acfa91f458151ceae390
sh bash 5.2_p37
ld GNU ld (Gentoo 2.44 p1) 2.44.0
app-misc/pax-utils: 1.3.8::gentoo
app-shells/bash: 5.2_p37::gentoo
dev-build/autoconf: 2.72-r1::gentoo
dev-build/automake: 1.17-r2::gentoo
dev-build/cmake: 3.31.6-r1::gentoo
dev-build/libtool: 2.5.4::gentoo
dev-build/make: 4.4.1-r100::gentoo
dev-build/meson: 1.7.2::gentoo
dev-lang/perl: 5.40.1::gentoo
dev-lang/python: 3.12.10::gentoo, 3.13.3::gentoo
dev-lang/rust-bin: 1.85.1::gentoo
llvm-core/clang: 19.1.7::gentoo, 20.1.2::gentoo
llvm-core/lld: 19.1.7::gentoo
llvm-core/llvm: 19.1.7::gentoo, 20.1.2::gentoo
sys-apps/baselayout: 2.17::gentoo
sys-apps/openrc: 0.61::gentoo
sys-apps/sandbox: 2.46::gentoo
sys-devel/binutils: 2.44::gentoo
sys-devel/binutils-config: 5.5.2::gentoo
sys-devel/gcc: 13.3.1_p20250301::gentoo, 14.2.1_p20250301::gentoo
sys-devel/gcc-config: 2.12.1::gentoo
sys-kernel/linux-headers: 6.14::gentoo (virtual/os-headers)
sys-libs/glibc: 2.41-r1::gentoo
Repositories:
gentoo
location: /var/db/repos/gentoo
sync-type: rsync
sync-uri: rsync://rsync.gentoo.org/gentoo-portage
priority: -1000
volatile: False
sync-rsync-verify-max-age: 3
sync-rsync-verify-metamanifest: yes
sync-rsync-extra-opts:
sync-rsync-verify-jobs: 1
local
location: /var/db/repos/local
masters: gentoo
volatile: False
steam-overlay
location: /var/db/repos/steam-overlay
sync-type: git
sync-uri: https://github.com/gentoo-mirror/steam-overlay.git
masters: gentoo
volatile: False
Binary Repositories:
gentoobinhost
priority: 1
sync-uri: https://distfiles.gentoo.org/releases/amd64/binpackages/23.0/x86-64
ABI="amd64"
ABI_X86="64"
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="@FREE"
ACCEPT_PROPERTIES="*"
ACCEPT_RESTRICT="*"
ADA_TARGET="gcc_14"
APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host
authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config
logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias"
ARCH="amd64"
AUTOCLEAN="no"
BINPKG_COMPRESS="zstd"
BINPKG_FORMAT="gpkg"
BINPKG_GPG_SIGNING_BASE_COMMAND="/usr/bin/flock /run/lock/portage-binpkg-gpg.lock /usr/bin/gpg --sign --armor [PORTAGE_CONFIG]"
BINPKG_GPG_SIGNING_DIGEST="SHA512"
BINPKG_GPG_VERIFY_BASE_COMMAND="/usr/bin/gpg --verify --batch --no-tty --no-auto-check-trustdb --status-fd 2 [PORTAGE_CONFIG] [SIGNATURE]"
BINPKG_GPG_VERIFY_GPG_HOME="/etc/portage/gnupg"
BOOTSTRAP_USE="unicode pkg-config split-usr xml python_targets_python3_12 python_single_target_python3_12 multilib zstd cet hardened pic xtpax -jit -orc"
BROOT=""
CALLIGRA_FEATURES="karbon sheets words"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=alderlake -mabm -mno-cldemote -mno-kl -mno-sgx -mno-widekl -mshstk --param=l1-cache-line-size=64 --param=l1-cache-size=48 --param=l2-cache-size=20480 -O2 -pipe"
CFLAGS_amd64="-m64"
CFLAGS_x32="-mx32"
CFLAGS_x86="-m32 -mfpmath=sse"
CHOST="x86_64-pc-linux-gnu"
CHOST_amd64="x86_64-pc-linux-gnu"
CHOST_x32="x86_64-pc-linux-gnux32"
CHOST_x86="i686-pc-linux-gnu"
CLEAN_DELAY="5"
COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog"
COLLISION_IGNORE="/boot/dtbs/* /lib/modules/*"
COLORFGBG="15;0"
COLORTERM="truecolor"
COMMON_FLAGS="-march=alderlake -mabm -mno-cldemote -mno-kl -mno-sgx -mno-widekl -mshstk --param=l1-cache-line-size=64 --param=l1-cache-size=48 --param=l2-cache-size=20480 -O2 -pipe"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d"
CPU_FLAGS_X86="mmx mmxext sse sse2"
CXXFLAGS="-march=alderlake -mabm -mno-cldemote -mno-kl -mno-sgx -mno-widekl -mshstk --param=l1-cache-line-size=64 --param=l1-cache-size=48 --param=l2-cache-size=20480 -O2 -pipe"
DBUS_SESSION_BUS_ADDRESS="unix:path=/tmp/dbus-Iryk4Ae9Yf,guid=f39afd0de718f49da8dd7c6b67fab4a7"
DEFAULT_ABI="amd64"
DESKTOP_SESSION="plasma"
DISPLAY=":0"
DISTDIR="/var/cache/distfiles"
EDITOR="vim"
ELIBC="glibc"
EMERGE_DEFAULT_OPTS="--ask --verbose --jobs=4"
EMERGE_WARNING_DELAY="10"
ENCRYPTED_SIGNING_KEY="/root/secure_boot/custom_config/db.key.gpg"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT
XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
EPREFIX=""
EROOT="/"
ESYSROOT="/"
FCFLAGS="-march=alderlake -mabm -mno-cldemote -mno-kl -mno-sgx -mno-widekl -mshstk --param=l1-cache-line-size=64 --param=l1-cache-size=48 --param=l2-cache-size=20480 -O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync
merge-wait multilib-strict network-sandbox news parallel-fetch pid-sandbox pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox strict unknown-features-warn
unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FETCHCOMMAND="wget -t 3 -T 60 --passive-ftp -O "${DISTDIR}/${FILE}" "${URI}""
FETCHCOMMAND_RSYNC="rsync -LtvP "${URI}" "${DISTDIR}/${FILE}""
FETCHCOMMAND_SFTP="bash -c "x=\${2#sftp://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port= ; eval \"declare -a ssh_opts=(\${3})\" ;
exec sftp \${port:+-P \${port}} \"\${ssh_opts[@]}\" \"\${host}:/\${x#*/}\" \"\$1\"" sftp "${DISTDIR}/${FILE}" "${URI}" "${PORTAGE_SSH_OPTS}""
FETCHCOMMAND_SSH="bash -c "x=\${2#ssh://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port= ; exec rsync --rsh=\"ssh \${port:+-p\${port}} \${3}\"
-avP \"\${host}:/\${x#*/}\" \"\$1\"" rsync "${DISTDIR}/${FILE}" "${URI}" "${PORTAGE_SSH_OPTS}""
FFLAGS="-march=alderlake -mabm -mno-cldemote -mno-kl -mno-sgx -mno-widekl -mshstk --param=l1-cache-line-size=64 --param=l1-cache-size=48 --param=l2-cache-size=20480 -O2 -pipe"
GCC_SPECS=""
GENTOO_MIRRORS="http://www.gtlib.gatech.edu/pub/gentoo https://gentoo.osuosl.org/ http://gentoo.osuosl.org/"
GPG_VERIFY_GROUP_DROP="nogroup"
GPG_VERIFY_USER_DROP="nobody"
GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox"
GRUB_PLATFORMS="efi-64"
GSETTINGS_BACKEND="dconf"
GTK2_RC_FILES="/etc/gtk-2.0/gtkrc:/home/jeremy/.gtkrc-2.0:/home/jeremy/.config/gtkrc-2.0"
GTK_RC_FILES="/etc/gtk/gtkrc:/home/jeremy/.gtkrc:/home/jeremy/.config/gtkrc"
GUILE_SINGLE_TARGET="3-0"
GUILE_TARGETS="3-0"
HISTCONTROL="ignoreboth:erasedups"
HOME="/home/jeremy"
ICEAUTHORITY="/run/user/1000/iceauth_SZKAca"
INFOPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/14/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.44/info:/usr/share/autoconf-2.72/info:/usr/share/automake-1.17/info:/usr/share/info"
INPUT_DEVICES="evdev keyboard mouse wacom joystick"
IUSE_IMPLICIT="abi_x86_64 prefix prefix-guest prefix-stack"
KDE_APPLICATIONS_AS_SCOPE="1"
KDE_FULL_SESSION="true"
KDE_SESSION_UID="1000"
KDE_SESSION_VERSION="6"
KERNEL="linux"
KONSOLE_DBUS_SERVICE=":1.35"
KONSOLE_DBUS_SESSION="/Sessions/1"
KONSOLE_DBUS_WINDOW="/Windows/1"
KONSOLE_VERSION="241203"
LANG="en_US.utf8"
LANGUAGE=""
LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text"
LC_MESSAGES="C.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-z,pack-relative-relocs"
LDFLAGS_amd64="-m elf_x86_64"
LDFLAGS_x32="-m elf32_x86_64"
LDFLAGS_x86="-m elf_i386"
LESS="-R -M --shift 5"
LESSOPEN="|lesspipe %s"
LEX="flex"
LIBDIR_amd64="lib64"
LIBDIR_x32="libx32"
LIBDIR_x86="lib"
LOGNAME="jeremy"
LS_COLORS="rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:su=37;41:sg=30;43:ca=00:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.7z=01;31:*.
ace=01;31:*.alz=01;31:*.apk=01;31:*.arc=01;31:*.arj=01;31:*.bz=01;31:*.bz2=01;31:*.cab=01;31:*.cpio=01;31:*.crate=01;31:*.deb=01;31:*.drpm=01;31:*.dwm=01;31:*.dz=01;31:*.ear=01;31:*.egg=01;31:*
.esd=01;31:*.gz=01;31:*.jar=01;31:*.lha=01;31:*.lrz=01;31:*.lz=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.lzo=01;31:*.pyz=01;31:*.rar=01;31:*.rpm=01;31:*.rz=01;31:*.sar=01;31:*.swm=01;31:*.t7z=01;31:*.
tar=01;31:*.taz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tgz=01;31:*.tlz=01;31:*.txz=01;31:*.tz=01;31:*.tzo=01;31:*.tzst=01;31:*.udeb=01;31:*.war=01;31:*.whl=01;31:*.wim=01;31:*.xz=01;31:*.z=01;31:*.zip=01;31:*.zoo=01;31:
*.zst=01;31:*.avif=01;35:*.jpg=01;35:*.jpeg=01;35:*.jxl=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*
.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.
qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.
cfg=00;32:*.conf=00;32:*.diff=00;32:*.doc=00;32:*.ini=00;32:*.log=00;32:*.patch=00;32:*.pdf=00;32:*.ps=00;32:*.tex=00;32:*.txt=00;32:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.
mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:*~=00;90:*#=00;90:*.bak=00;90:*.crdownload=00;90:*.dpkg-dist=00;90:*.dpkg-new=00;90:*.dpkg-old=00;90:*.dpkg-tmp=00;90:*.old=00;90:
*.orig=00;90:*.part=00;90:*.rej=00;90:*.rpmnew=00;90:*.rpmorig=00;90:*.rpmsave=00;90:*.swp=00;90:*.tmp=00;90:*.ucf-dist=00;90:*.ucf-new=00;90:*.ucf-old=00;90:"
LUA_SINGLE_TARGET="lua5-1"
LUA_TARGETS="lua5-1"
MAIL="/var/mail/jeremy"
MAKEOPTS="-j15 -l15"
MANPAGER="manpager"
MANPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/14/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.44/man:/usr/local/share/man:/usr/share/man:/usr/lib/rust/man-bin-1.85.1:/usr/lib/llvm/20/share/man:/usr/lib/llvm/19/share/man"
MOTD_SHOWN="pam"
MULTILIB_ABIS="amd64 x86"
MULTILIB_STRICT_DENY="64-bit.*shared object"
MULTILIB_STRICT_DIRS="/lib32 /lib /usr/lib32 /usr/lib /usr/kde/*/lib32 /usr/kde/*/lib /usr/qt/*/lib32 /usr/qt/*/lib /usr/X11R6/lib32 /usr/X11R6/lib"
MULTILIB_STRICT_EXEMPT="(perl5|gcc|binutils|eclipse-3|debug|portage|udev|systemd|clang|python-exec|llvm)"
OFFICE_IMPLEMENTATION="libreoffice"
PAGER="/usr/bin/less"
PAM_KWALLET5_LOGIN="/run/user/1000/kwallet5.socket"
PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:/opt/bin:/usr/lib/llvm/20/bin:/usr/lib/llvm/19/bin:/opt/cuda/bin"
PAX_MARKINGS="none"
PHP_TARGETS="php8-2"
PKGDIR="/var/cache/binpkgs"
PKG_CONFIG_PATH="/opt/cuda/pkgconfig"
PORTAGE_ARCHLIST="alpha amd64 amd64-linux arm arm-linux arm64 arm64-linux arm64-macos hppa loong m68k mips ppc ppc-macos ppc64 ppc64-linux riscv riscv-linux s390 sparc x64-macos x64-solaris x86 x86-linux x86-macos"
PORTAGE_BIN_PATH="/usr/lib/portage/python3.12"
PORTAGE_COMPRESS_EXCLUDE_SUFFIXES="css gif htm[l]? jp[e]?g js pdf png"
PORTAGE_CONFIGROOT="/"
PORTAGE_DEBUG="0"
PORTAGE_DEPCACHEDIR="/var/cache/edb/dep"
PORTAGE_ELOG_CLASSES="log warn error"
PORTAGE_ELOG_MAILFROM="portage@localhost"
PORTAGE_ELOG_MAILSUBJECT="[portage] ebuild log for ${PACKAGE} on ${HOST}"
PORTAGE_ELOG_MAILURI="root"
PORTAGE_ELOG_SYSTEM="save_summary:log,warn,error,qa echo"
PORTAGE_FETCH_CHECKSUM_TRY_MIRRORS="5"
PORTAGE_FETCH_RESUME_MIN_SIZE="350K"
PORTAGE_GID="250"
PORTAGE_GPG_SIGNING_COMMAND="gpg --sign --digest-algo SHA256 --clearsign --yes --default-key "${PORTAGE_GPG_KEY}" --homedir "${PORTAGE_GPG_DIR}" "${FILE}""
PORTAGE_GRPNAME="portage"
PORTAGE_INST_GID="0"
PORTAGE_INST_UID="0"
PORTAGE_INTERNAL_CALLER="1"
PORTAGE_LOGDIR="/var/log/portage"
PORTAGE_LOGDIR_CLEAN="find "${PORTAGE_LOGDIR}" -type f ! -name "summary.log*" -mtime +7 -delete"
PORTAGE_NICENESS="1"
PORTAGE_OVERRIDE_EPREFIX=""
PORTAGE_PYM_PATH="/usr/lib/python3.12/site-packages"
PORTAGE_PYTHONPATH="/usr/lib/python3.12/site-packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_RSYNC_RETRIES="-1"
PORTAGE_SYNC_STALE="30"
PORTAGE_TMPDIR="/var/tmp"
PORTAGE_TRUST_HELPER="/usr/bin/getuto"
PORTAGE_USERNAME="portage"
PORTAGE_VERBOSE="1"
PORTAGE_WORKDIR_MODE="0700"
PORTAGE_XATTR_EXCLUDE="bcachefs.* bcachefs_effective.* btrfs.* security.evm security.ima security.selinux system.nfs4_acl user.apache_handler user.Beagle.* user.dublincore.* user.mime_encoding user.xdg.*"
POSTGRES_TARGETS="postgres17"
PROFILEHOME=""
PROFILE_IS_HARDENED="1"
PROFILE_ONLY_VARIABLES="ARCH ELIBC IUSE_IMPLICIT KERNEL USE_EXPAND_IMPLICIT USE_EXPAND_UNPREFIXED USE_EXPAND_VALUES_ARCH USE_EXPAND_VALUES_ELIBC USE_EXPAND_VALUES_KERNEL"
PWD="/home/jeremy"
PYTHONDONTWRITEBYTECODE="1"
PYTHON_SINGLE_TARGET="python3_12"
PYTHON_TARGETS="python3_12"
QT_AUTO_SCREEN_SCALE_FACTOR="0"
QT_WAYLAND_RECONNECT="1"
RESUMECOMMAND="wget -c -t 3 -T 60 --passive-ftp -O "${DISTDIR}/${FILE}" "${URI}""
RESUMECOMMAND_RSYNC="rsync -LtvP "${URI}" "${DISTDIR}/${FILE}""
RESUMECOMMAND_SSH="bash -c "x=\${2#ssh://} ; host=\${x%%/*} ; port=\${host##*:} ; host=\${host%:*} ; [[ \${host} = \${port} ]] && port= ; exec rsync --rsh=\"ssh \${port:+-p\${port}} \${3}\" -avP \"\${host}:/\${x#*/}\" \"\$1\"" rsync "${DISTDIR}/${FILE}" "${URI}" "${PORTAGE_SSH_OPTS}""
ROOT="/"
ROOTPATH="/usr/local/sbin:/usr/local/bin:/usr/bin:/opt/bin:/usr/lib/llvm/20/bin:/usr/lib/llvm/19/bin"
RPMDIR="/var/cache/rpm"
RUBY_TARGETS="ruby32"
RUSTFLAGS="-C target-cpu=native"
SECUREBOOT_SIGN_CERT="/root/secure_boot/custom_config/db.crt"
SECUREBOOT_SIGN_KEY="/dev/shm/temp_secure_boot_key"
SESSION_MANAGER="local/Gentoo:@/tmp/.ICE-unix/2590,unix/Gentoo:/tmp/.ICE-unix/2590"
SHELL="/bin/bash"
SHELL_SESSION_ID="f03a09357a724cba8beef4eb44c5d65c"
SHELL_SETS_TITLE="0"
SHLVL="1"
SIGNING_CERT="/root/secure_boot/custom_config/db.crt"
SIGNING_KEY="/dev/shm/temp_secure_boot_key"
SIGNING_KEY_PRIVATE_KEY_ID="C7CC6570EB6810E3"
SSH_ASKPASS="/usr/bin/ksshaskpass"
SYMLINK_LIB="no"
SYSROOT="/"
TERM="xterm-256color"
TWISTED_DISABLE_WRITING_OF_PLUGIN_CACHE="1"
UNINSTALL_IGNORE="/boot/dtbs/* /lib/modules/* /var/run /var/lock /bin /lib /lib32 /lib64 /libx32 /sbin /usr/sbin /usr/lib/modules/*"
USE="X aac acl acpi activities alsa amd64 branding bzip2 cairo cdda cdr cet crypt cups dbus declarative dri dts dvd dvdr elogind encode exif flac gdbm gif gpm gui hardened iconv icu ipv6 jpeg kde kf6compat kwallet lcms libnotify libtirpc mad mng modules-sign mp3 mp4 mpeg multilib ncurses networkmanager nls nvidia ogg opengl openmp pam pango pcre pdf pic pie pipewire plasma png policykit ppds pulseaudio qml qt5 qt6 readline screencast sdl seccomp secureboot semantic-desktop sound spell ssl ssp startup-notification svg test-rust tiff truetype udev udisks unicode upower usb vorbis vulkan wayland widgets wxwidgets x264 xattr xcb xft xml xtpax xv xvid zlib" ABI_X86="64" ADA_TARGET="gcc_14" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" GRUB_PLATFORMS="efi-64" GUILE_SINGLE_TARGET="3-0" GUILE_TARGETS="3-0" INPUT_DEVICES="evdev keyboard mouse wacom joystick" KERNEL="linux" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-2" POSTGRES_TARGETS="postgres17" PYTHON_SINGLE_TARGET="python3_12" PYTHON_TARGETS="python3_12" RUBY_TARGETS="ruby32" VIDEO_CARDS="intel i915 iris nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account"
USER="jeremy"
USERLAND="GNU"
USE_EXPAND="ABI_MIPS ABI_S390 ABI_X86 ADA_TARGET ALSA_CARDS AMDGPU_TARGETS APACHE2_MODULES APACHE2_MPMS CALLIGRA_FEATURES CAMERAS COLLECTD_PLUGINS CPU_FLAGS_ARM CPU_FLAGS_PPC CPU_FLAGS_X86 CURL_QUIC CURL_SSL ELIBC FFTOOLS GPSD_PROTOCOLS GRUB_PLATFORMS GUILE_SINGLE_TARGET GUILE_TARGETS INPUT_DEVICES KERNEL L10N LCD_DEVICES LIBREOFFICE_EXTENSIONS LLVM_SLOT LLVM_TARGETS LUA_SINGLE_TARGET LUA_TARGETS NGINX_MODULES_HTTP NGINX_MODULES_MAIL NGINX_MODULES_STREAM OFFICE_IMPLEMENTATION OPENMPI_FABRICS OPENMPI_OFED_FEATURES OPENMPI_RM PERL_FEATURES PHP_TARGETS POSTGRES_TARGETS PYTHON_SINGLE_TARGET PYTHON_TARGETS QEMU_SOFTMMU_TARGETS QEMU_USER_TARGETS RUBY_TARGETS SANE_BACKENDS UWSGI_PLUGINS VIDEO_CARDS VOICEMAIL_STORAGE XTABLES_ADDONS"
USE_EXPAND_HIDDEN="ABI_MIPS ABI_S390 CPU_FLAGS_ARM CPU_FLAGS_PPC ELIBC KERNEL"
USE_EXPAND_IMPLICIT="ARCH ELIBC KERNEL"
USE_EXPAND_UNPREFIXED="ARCH"
USE_EXPAND_VALUES_ARCH="alpha amd64 amd64-linux arm arm64 arm64-macos hppa loong m68k mips ppc ppc64 ppc64-linux ppc-macos riscv s390 sparc x64-macos x64-solaris x86 x86-linux"
USE_EXPAND_VALUES_ELIBC="bionic Darwin glibc mingw musl SunOS"
USE_EXPAND_VALUES_KERNEL="Darwin linux SunOS"
USE_ORDER="env:pkg:conf:defaults:pkginternal:features:repo:env.d"
VIDEO_CARDS="intel i915 iris nvidia"
WAYLAND_DISPLAY="wayland-0"
WINDOWID="1"
XAUTHLOCALHOSTNAME="Gentoo"
XAUTHORITY="/run/user/1000/xauth_bhsqwV"
XDG_CONFIG_DIRS="/home/jeremy/.config/kdedefaults:/etc/xdg"
XDG_CURRENT_DESKTOP="KDE"
XDG_DATA_DIRS="/usr/local/share:/usr/share"
XDG_MENU_PREFIX="plasma-"
XDG_RUNTIME_DIR="/run/user/1000"
XDG_SEAT="seat0"
XDG_SEAT_PATH="/org/freedesktop/DisplayManager/Seat0"
XDG_SESSION_CLASS="user"
XDG_SESSION_ID="1"
XDG_SESSION_PATH="/org/freedesktop/DisplayManager/Session1"
XDG_SESSION_TYPE="wayland"
XDG_VTNR="7"
XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account"
ac_cv_c_undeclared_builtin_options="none needed"
enable_year2038="no"
gl_cv_compiler_check_decl_option="-Werror=implicit-function-declaration"
gl_cv_func_getcwd_path_max="yes"
|
I'd like to run the script to provide the key at the start of emerge, but that would require wrapping emerge, parsing the output package information, and then running emerge again (no cache!). It gets slow with lots of packages. So this had been an acceptable solution since I desire to avoid keeping the key or password for it on the disk unsecured.
Any suggestions on how to restore the previous functionality of the script, or improvements for the process? |
|
Portage & Programming
