1 |
commit: be2312f4f9bf854897431440734a765f5279c7d1 |
2 |
Author: Zac Medico <zmedico <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Jan 2 23:40:57 2019 +0000 |
4 |
Commit: Zac Medico <zmedico <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Jan 3 08:24:40 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=be2312f4 |
7 |
|
8 |
ebuild.sh: sandbox write to ${PORTAGE_TMPDIR}/portage (bug 673738) |
9 |
|
10 |
In ebuild.sh, grant sandbox write access directly to |
11 |
${PORTAGE_TMPDIR}/portage, since write access to ${PORTAGE_TMPDIR} |
12 |
itself is not needed. Also, remove the _check_temp_dir symlink |
13 |
check from bug 378403, since a symlink is permissible if write |
14 |
access is granted directly to ${PORTAGE_TMPDIR}/portage. |
15 |
|
16 |
Bug: https://bugs.gentoo.org/673738 |
17 |
Bug: https://bugs.gentoo.org/378403 |
18 |
Signed-off-by: Zac Medico <zmedico <AT> gentoo.org> |
19 |
|
20 |
bin/ebuild.sh | 4 ++-- |
21 |
lib/portage/package/ebuild/doebuild.py | 27 ++------------------------- |
22 |
2 files changed, 4 insertions(+), 27 deletions(-) |
23 |
|
24 |
diff --git a/bin/ebuild.sh b/bin/ebuild.sh |
25 |
index 00524d019..978643af7 100755 |
26 |
--- a/bin/ebuild.sh |
27 |
+++ b/bin/ebuild.sh |
28 |
@@ -161,8 +161,8 @@ addwrite() { __sb_append_var WRITE "$@" ; } |
29 |
adddeny() { __sb_append_var DENY "$@" ; } |
30 |
addpredict() { __sb_append_var PREDICT "$@" ; } |
31 |
|
32 |
-addwrite "${PORTAGE_TMPDIR}" |
33 |
-addread "/:${PORTAGE_TMPDIR}" |
34 |
+addwrite "${PORTAGE_TMPDIR}/portage" |
35 |
+addread "/:${PORTAGE_TMPDIR}/portage" |
36 |
[[ -n ${PORTAGE_GPG_DIR} ]] && addpredict "${PORTAGE_GPG_DIR}" |
37 |
|
38 |
# Avoid sandbox violations in temporary directories. |
39 |
|
40 |
diff --git a/lib/portage/package/ebuild/doebuild.py b/lib/portage/package/ebuild/doebuild.py |
41 |
index 2dd458835..baebb9a27 100644 |
42 |
--- a/lib/portage/package/ebuild/doebuild.py |
43 |
+++ b/lib/portage/package/ebuild/doebuild.py |
44 |
@@ -82,6 +82,7 @@ from portage.util import ( apply_recursive_permissions, |
45 |
from portage.util.cpuinfo import get_cpu_count |
46 |
from portage.util.lafilefixer import rewrite_lafile |
47 |
from portage.util.compression_probe import _compressors |
48 |
+from portage.util.path import first_existing |
49 |
from portage.util.socks5 import get_socks5_proxy |
50 |
from portage.versions import _pkgsplit |
51 |
from _emerge.BinpkgEnvExtractor import BinpkgEnvExtractor |
52 |
@@ -1296,31 +1297,7 @@ def _check_temp_dir(settings): |
53 |
# as some people use a separate PORTAGE_TMPDIR mount |
54 |
# we prefer that as the checks below would otherwise be pointless |
55 |
# for those people. |
56 |
- tmpdir = os.path.realpath(settings["PORTAGE_TMPDIR"]) |
57 |
- if os.path.exists(os.path.join(tmpdir, "portage")): |
58 |
- checkdir = os.path.realpath(os.path.join(tmpdir, "portage")) |
59 |
- if ("sandbox" in settings.features or |
60 |
- "usersandox" in settings.features) and \ |
61 |
- not checkdir.startswith(tmpdir + os.sep): |
62 |
- msg = _("The 'portage' subdirectory of the directory " |
63 |
- "referenced by the PORTAGE_TMPDIR variable appears to be " |
64 |
- "a symlink. In order to avoid sandbox violations (see bug " |
65 |
- "#378403), you must adjust PORTAGE_TMPDIR instead of using " |
66 |
- "the symlink located at '%s'. A suitable PORTAGE_TMPDIR " |
67 |
- "setting would be '%s'.") % \ |
68 |
- (os.path.join(tmpdir, "portage"), checkdir) |
69 |
- lines = [] |
70 |
- lines.append("") |
71 |
- lines.append("") |
72 |
- lines.extend(wrap(msg, 72)) |
73 |
- lines.append("") |
74 |
- for line in lines: |
75 |
- if line: |
76 |
- line = "!!! %s" % (line,) |
77 |
- writemsg("%s\n" % (line,), noiselevel=-1) |
78 |
- return 1 |
79 |
- else: |
80 |
- checkdir = tmpdir |
81 |
+ checkdir = first_existing(os.path.join(settings["PORTAGE_TMPDIR"], "portage")) |
82 |
|
83 |
if not os.access(checkdir, os.W_OK): |
84 |
writemsg(_("%s is not writable.\n" |