[gentoo-commits] proj/portage:master commit in: bin/, lib/portage/package/ebuild/ - gentoo-commits

From:	Zac Medico <zmedico@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/portage:master commit in: bin/, lib/portage/package/ebuild/
Date:	Fri, 04 Jan 2019 03:03:43
Message-Id:	`1546503880.be2312f4f9bf854897431440734a765f5279c7d1.zmedico@gentoo`

1

commit:     be2312f4f9bf854897431440734a765f5279c7d1

2

Author:     Zac Medico <zmedico <AT> gentoo <DOT> org>

3

AuthorDate: Wed Jan  2 23:40:57 2019 +0000

4

Commit:     Zac Medico <zmedico <AT> gentoo <DOT> org>

5

CommitDate: Thu Jan  3 08:24:40 2019 +0000

6

URL:        https://gitweb.gentoo.org/proj/portage.git/commit/?id=be2312f4

7

8

ebuild.sh: sandbox write to ${PORTAGE_TMPDIR}/portage (bug 673738)

9

10

In ebuild.sh, grant sandbox write access directly to

11

${PORTAGE_TMPDIR}/portage, since write access to ${PORTAGE_TMPDIR}

12

itself is not needed. Also, remove the _check_temp_dir symlink

13

check from bug 378403, since a symlink is permissible if write

14

access is granted directly to ${PORTAGE_TMPDIR}/portage.

15

16

Bug: https://bugs.gentoo.org/673738

17

Bug: https://bugs.gentoo.org/378403

18

Signed-off-by: Zac Medico <zmedico <AT> gentoo.org>

19

20

 bin/ebuild.sh                          |  4 ++--

21

 lib/portage/package/ebuild/doebuild.py | 27 ++-------------------------

22

 2 files changed, 4 insertions(+), 27 deletions(-)

23

24

diff --git a/bin/ebuild.sh b/bin/ebuild.sh

25

index 00524d019..978643af7 100755

26

--- a/bin/ebuild.sh

27

+++ b/bin/ebuild.sh

28

@@ -161,8 +161,8 @@ addwrite()   { __sb_append_var WRITE   "$@" ; }

29

 adddeny()    { __sb_append_var DENY    "$@" ; }

30

 addpredict() { __sb_append_var PREDICT "$@" ; }

31

32

-addwrite "${PORTAGE_TMPDIR}"

33

-addread "/:${PORTAGE_TMPDIR}"

34

+addwrite "${PORTAGE_TMPDIR}/portage"

35

+addread "/:${PORTAGE_TMPDIR}/portage"

36

 [[ -n ${PORTAGE_GPG_DIR} ]] && addpredict "${PORTAGE_GPG_DIR}"

37

38

 # Avoid sandbox violations in temporary directories.

39

40

diff --git a/lib/portage/package/ebuild/doebuild.py b/lib/portage/package/ebuild/doebuild.py

41

index 2dd458835..baebb9a27 100644

42

--- a/lib/portage/package/ebuild/doebuild.py

43

+++ b/lib/portage/package/ebuild/doebuild.py

44

@@ -82,6 +82,7 @@ from portage.util import ( apply_recursive_permissions,

45

 from portage.util.cpuinfo import get_cpu_count

46

 from portage.util.lafilefixer import rewrite_lafile

47

 from portage.util.compression_probe import _compressors

48

+from portage.util.path import first_existing

49

 from portage.util.socks5 import get_socks5_proxy

50

 from portage.versions import _pkgsplit

51

 from _emerge.BinpkgEnvExtractor import BinpkgEnvExtractor

52

@@ -1296,31 +1297,7 @@ def _check_temp_dir(settings):

53

 	# as some people use a separate PORTAGE_TMPDIR mount

54

 	# we prefer that as the checks below would otherwise be pointless

55

 	# for those people.

56

-	tmpdir = os.path.realpath(settings["PORTAGE_TMPDIR"])

57

-	if os.path.exists(os.path.join(tmpdir, "portage")):

58

-		checkdir = os.path.realpath(os.path.join(tmpdir, "portage"))

59

-		if ("sandbox" in settings.features or

60

-			"usersandox" in settings.features) and \

61

-			not checkdir.startswith(tmpdir + os.sep):

62

-			msg = _("The 'portage' subdirectory of the directory "

63

-			"referenced by the PORTAGE_TMPDIR variable appears to be "

64

-			"a symlink. In order to avoid sandbox violations (see bug "

65

-			"#378403), you must adjust PORTAGE_TMPDIR instead of using "

66

-			"the symlink located at '%s'. A suitable PORTAGE_TMPDIR "

67

-			"setting would be '%s'.") % \

68

-			(os.path.join(tmpdir, "portage"), checkdir)

69

-			lines = []

70

-			lines.append("")

71

-			lines.append("")

72

-			lines.extend(wrap(msg, 72))

73

-			lines.append("")

74

-			for line in lines:

75

-				if line:

76

-					line = "!!! %s" % (line,)

77

-				writemsg("%s\n" % (line,), noiselevel=-1)

78

-			return 1

79

-	else:

80

-		checkdir = tmpdir

81

+	checkdir = first_existing(os.path.join(settings["PORTAGE_TMPDIR"], "portage"))

82

83

 	if not os.access(checkdir, os.W_OK):

84

 		writemsg(_("%s is not writable.\n"

1	commit: be2312f4f9bf854897431440734a765f5279c7d1
2	Author: Zac Medico <zmedico <AT> gentoo <DOT> org>
3	AuthorDate: Wed Jan 2 23:40:57 2019 +0000
4	Commit: Zac Medico <zmedico <AT> gentoo <DOT> org>
5	CommitDate: Thu Jan 3 08:24:40 2019 +0000
6	URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=be2312f4
7
8	ebuild.sh: sandbox write to ${PORTAGE_TMPDIR}/portage (bug 673738)
9
10	In ebuild.sh, grant sandbox write access directly to
11	${PORTAGE_TMPDIR}/portage, since write access to ${PORTAGE_TMPDIR}
12	itself is not needed. Also, remove the _check_temp_dir symlink
13	check from bug 378403, since a symlink is permissible if write
14	access is granted directly to ${PORTAGE_TMPDIR}/portage.
15
16	Bug: https://bugs.gentoo.org/673738
17	Bug: https://bugs.gentoo.org/378403
18	Signed-off-by: Zac Medico <zmedico <AT> gentoo.org>
19
20	bin/ebuild.sh \| 4 ++--
21	lib/portage/package/ebuild/doebuild.py \| 27 ++-------------------------
22	2 files changed, 4 insertions(+), 27 deletions(-)
23
24	diff --git a/bin/ebuild.sh b/bin/ebuild.sh
25	index 00524d019..978643af7 100755
26	--- a/bin/ebuild.sh
27	+++ b/bin/ebuild.sh
28	@@ -161,8 +161,8 @@ addwrite() { __sb_append_var WRITE "$@" ; }
29	adddeny() { __sb_append_var DENY "$@" ; }
30	addpredict() { __sb_append_var PREDICT "$@" ; }
31
32	-addwrite "${PORTAGE_TMPDIR}"
33	-addread "/:${PORTAGE_TMPDIR}"
34	+addwrite "${PORTAGE_TMPDIR}/portage"
35	+addread "/:${PORTAGE_TMPDIR}/portage"
36	[[ -n ${PORTAGE_GPG_DIR} ]] && addpredict "${PORTAGE_GPG_DIR}"
37
38	# Avoid sandbox violations in temporary directories.
39
40	diff --git a/lib/portage/package/ebuild/doebuild.py b/lib/portage/package/ebuild/doebuild.py
41	index 2dd458835..baebb9a27 100644
42	--- a/lib/portage/package/ebuild/doebuild.py
43	+++ b/lib/portage/package/ebuild/doebuild.py
44	@@ -82,6 +82,7 @@ from portage.util import ( apply_recursive_permissions,
45	from portage.util.cpuinfo import get_cpu_count
46	from portage.util.lafilefixer import rewrite_lafile
47	from portage.util.compression_probe import _compressors
48	+from portage.util.path import first_existing
49	from portage.util.socks5 import get_socks5_proxy
50	from portage.versions import _pkgsplit
51	from _emerge.BinpkgEnvExtractor import BinpkgEnvExtractor
52	@@ -1296,31 +1297,7 @@ def _check_temp_dir(settings):
53	# as some people use a separate PORTAGE_TMPDIR mount
54	# we prefer that as the checks below would otherwise be pointless
55	# for those people.
56	- tmpdir = os.path.realpath(settings["PORTAGE_TMPDIR"])
57	- if os.path.exists(os.path.join(tmpdir, "portage")):
58	- checkdir = os.path.realpath(os.path.join(tmpdir, "portage"))
59	- if ("sandbox" in settings.features or
60	- "usersandox" in settings.features) and \
61	- not checkdir.startswith(tmpdir + os.sep):
62	- msg = _("The 'portage' subdirectory of the directory "
63	- "referenced by the PORTAGE_TMPDIR variable appears to be "
64	- "a symlink. In order to avoid sandbox violations (see bug "
65	- "#378403), you must adjust PORTAGE_TMPDIR instead of using "
66	- "the symlink located at '%s'. A suitable PORTAGE_TMPDIR "
67	- "setting would be '%s'.") % \
68	- (os.path.join(tmpdir, "portage"), checkdir)
69	- lines = []
70	- lines.append("")
71	- lines.append("")
72	- lines.extend(wrap(msg, 72))
73	- lines.append("")
74	- for line in lines:
75	- if line:
76	- line = "!!! %s" % (line,)
77	- writemsg("%s\n" % (line,), noiselevel=-1)
78	- return 1
79	- else:
80	- checkdir = tmpdir
81	+ checkdir = first_existing(os.path.join(settings["PORTAGE_TMPDIR"], "portage"))
82
83	if not os.access(checkdir, os.W_OK):
84	writemsg(_("%s is not writable.\n"

Gentoo Archives: gentoo-commits