[gentoo-commits] portage r11289 - main/trunk/pym/portage - gentoo-commits

From:	"Zac Medico (zmedico)" <zmedico@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] portage r11289 - main/trunk/pym/portage
Date:	Thu, 31 Jul 2008 00:59:35
Message-Id:	`E1KOMVw-0002QM-8A@stork.gentoo.org`

1

Author: zmedico

2

Date: 2008-07-31 00:59:31 +0000 (Thu, 31 Jul 2008)

3

New Revision: 11289

4

5

Modified:

6

   main/trunk/pym/portage/__init__.py

7

Log:

8

Split out a _spawn_fetch() function that will be useful for implementing a

9

userpriv testcase for bug #233303.

10

11

12

Modified: main/trunk/pym/portage/__init__.py

13

===================================================================

14

--- main/trunk/pym/portage/__init__.py	2008-07-30 22:24:16 UTC (rev 11288)

15

+++ main/trunk/pym/portage/__init__.py	2008-07-31 00:59:31 UTC (rev 11289)

16

@@ -3147,6 +3147,54 @@

17

 		return retval >> 8

18

 	return retval

19

20

+_userpriv_spawn_kwargs = (

21

+	("uid",    portage_uid),

22

+	("gid",    portage_gid),

23

+	("groups", userpriv_groups),

24

+	("umask",  002),

25

+)

26

+

27

+def _spawn_fetch(settings, args, **kwargs):

28

+	"""

29

+	Spawn a process with appropriate settings for fetching, including

30

+	userfetch and selinux support.

31

+	"""

32

+

33

+	global _userpriv_spawn_kwargs

34

+

35

+	# Redirect all output to stdout since some fetchers like

36

+	# wget pollute stderr (if portage detects a problem then it

37

+	# can send it's own message to stderr).

38

+	if "fd_pipes" not in kwargs:

39

+

40

+		kwargs["fd_pipes"] = {

41

+			0 : sys.stdin.fileno(),

42

+			1 : sys.stdout.fileno(),

43

+			2 : sys.stdout.fileno(),

44

+		}

45

+

46

+	if "userfetch" in settings.features and \

47

+		os.getuid() == 0 and portage_gid and portage_uid:

48

+		kwargs.update(_userpriv_spawn_kwargs)

49

+

50

+	try:

51

+

52

+		if settings.selinux_enabled():

53

+			con = selinux.getcontext()

54

+			con = con.replace(settings["PORTAGE_T"], settings["PORTAGE_FETCH_T"])

55

+			selinux.setexec(con)

56

+			# bash is an allowed entrypoint, while most binaries are not

57

+			args = [BASH_BINARY, "-c", "exec \"$@\"", args[0]] + args

58

+

59

+		rval = portage.process.spawn(args,

60

+			env=dict(settings.iteritems()), **kwargs)

61

+

62

+	finally:

63

+		if settings.selinux_enabled():

64

+			selinux.setexec(None)

65

+

66

+	return rval

67

+

68

 def _checksum_failure_temp_file(distdir, basename):

69

"""

70

 	First try to find a duplicate temp file with the same checksum and return

71

@@ -3820,39 +3868,11 @@

72

 					lexer = shlex.shlex(StringIO.StringIO(locfetch), posix=True)

73

 					lexer.whitespace_split = True

74

 					myfetch = [varexpand(x, mydict=variables) for x in lexer]

75

-

76

-					spawn_keywords = {}

77

-					# Redirect all output to stdout since some fetchers like

78

-					# wget pollute stderr (if portage detects a problem then it

79

-					# can send it's own message to stderr).

80

-					spawn_keywords["fd_pipes"] = {

81

-						0:sys.stdin.fileno(),

82

-						1:sys.stdout.fileno(),

83

-						2:sys.stdout.fileno()

84

-					}

85

-					if "userfetch" in mysettings.features and \

86

-						os.getuid() == 0 and portage_gid and portage_uid:

87

-						spawn_keywords.update({

88

-							"uid"    : portage_uid,

89

-							"gid"    : portage_gid,

90

-							"groups" : userpriv_groups,

91

-							"umask"  : 002})

92

 					myret = -1

93

 					try:

94

95

-						if mysettings.selinux_enabled():

96

-							con = selinux.getcontext()

97

-							con = con.replace(mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"])

98

-							selinux.setexec(con)

99

-							# bash is an allowed entrypoint, while most binaries are not

100

-							myfetch = ["bash", "-c", "exec \"$@\"", myfetch[0]] + myfetch

101

+						myret = _spawn_fetch(mysettings, myfetch)

102

103

-						myret = portage.process.spawn(myfetch,

104

-							env=dict(mysettings.iteritems()), **spawn_keywords)

105

-

106

-						if mysettings.selinux_enabled():

107

-							selinux.setexec(None)

108

-

109

 					finally:

110

 						try:

111

 							apply_secpass_permissions(myfile_path,

1	Author: zmedico
2	Date: 2008-07-31 00:59:31 +0000 (Thu, 31 Jul 2008)
3	New Revision: 11289
4
5	Modified:
6	main/trunk/pym/portage/__init__.py
7	Log:
8	Split out a _spawn_fetch() function that will be useful for implementing a
9	userpriv testcase for bug #233303.
10
11
12	Modified: main/trunk/pym/portage/__init__.py
13	===================================================================
14	--- main/trunk/pym/portage/__init__.py 2008-07-30 22:24:16 UTC (rev 11288)
15	+++ main/trunk/pym/portage/__init__.py 2008-07-31 00:59:31 UTC (rev 11289)
16	@@ -3147,6 +3147,54 @@
17	return retval >> 8
18	return retval
19
20	+_userpriv_spawn_kwargs = (
21	+ ("uid", portage_uid),
22	+ ("gid", portage_gid),
23	+ ("groups", userpriv_groups),
24	+ ("umask", 002),
25	+)
26	+
27	+def _spawn_fetch(settings, args, **kwargs):
28	+ """
29	+ Spawn a process with appropriate settings for fetching, including
30	+ userfetch and selinux support.
31	+ """
32	+
33	+ global _userpriv_spawn_kwargs
34	+
35	+ # Redirect all output to stdout since some fetchers like
36	+ # wget pollute stderr (if portage detects a problem then it
37	+ # can send it's own message to stderr).
38	+ if "fd_pipes" not in kwargs:
39	+
40	+ kwargs["fd_pipes"] = {
41	+ 0 : sys.stdin.fileno(),
42	+ 1 : sys.stdout.fileno(),
43	+ 2 : sys.stdout.fileno(),
44	+ }
45	+
46	+ if "userfetch" in settings.features and \
47	+ os.getuid() == 0 and portage_gid and portage_uid:
48	+ kwargs.update(_userpriv_spawn_kwargs)
49	+
50	+ try:
51	+
52	+ if settings.selinux_enabled():
53	+ con = selinux.getcontext()
54	+ con = con.replace(settings["PORTAGE_T"], settings["PORTAGE_FETCH_T"])
55	+ selinux.setexec(con)
56	+ # bash is an allowed entrypoint, while most binaries are not
57	+ args = [BASH_BINARY, "-c", "exec \"$@\"", args[0]] + args
58	+
59	+ rval = portage.process.spawn(args,
60	+ env=dict(settings.iteritems()), **kwargs)
61	+
62	+ finally:
63	+ if settings.selinux_enabled():
64	+ selinux.setexec(None)
65	+
66	+ return rval
67	+
68	def _checksum_failure_temp_file(distdir, basename):
69	"""
70	First try to find a duplicate temp file with the same checksum and return
71	@@ -3820,39 +3868,11 @@
72	lexer = shlex.shlex(StringIO.StringIO(locfetch), posix=True)
73	lexer.whitespace_split = True
74	myfetch = [varexpand(x, mydict=variables) for x in lexer]
75	-
76	- spawn_keywords = {}
77	- # Redirect all output to stdout since some fetchers like
78	- # wget pollute stderr (if portage detects a problem then it
79	- # can send it's own message to stderr).
80	- spawn_keywords["fd_pipes"] = {
81	- 0:sys.stdin.fileno(),
82	- 1:sys.stdout.fileno(),
83	- 2:sys.stdout.fileno()
84	- }
85	- if "userfetch" in mysettings.features and \
86	- os.getuid() == 0 and portage_gid and portage_uid:
87	- spawn_keywords.update({
88	- "uid" : portage_uid,
89	- "gid" : portage_gid,
90	- "groups" : userpriv_groups,
91	- "umask" : 002})
92	myret = -1
93	try:
94
95	- if mysettings.selinux_enabled():
96	- con = selinux.getcontext()
97	- con = con.replace(mysettings["PORTAGE_T"], mysettings["PORTAGE_FETCH_T"])
98	- selinux.setexec(con)
99	- # bash is an allowed entrypoint, while most binaries are not
100	- myfetch = ["bash", "-c", "exec \"$@\"", myfetch[0]] + myfetch
101	+ myret = _spawn_fetch(mysettings, myfetch)
102
103	- myret = portage.process.spawn(myfetch,
104	- env=dict(mysettings.iteritems()), **spawn_keywords)
105	-
106	- if mysettings.selinux_enabled():
107	- selinux.setexec(None)
108	-
109	finally:
110	try:
111	apply_secpass_permissions(myfile_path,

Gentoo Archives: gentoo-commits