[gentoo-commits] portage r13660 - in main/trunk/pym/portage: cache dbapi - gentoo-commits

From:	"Zac Medico (zmedico)" <zmedico@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] portage r13660 - in main/trunk/pym/portage: cache dbapi
Date:	Sun, 21 Jun 2009 22:01:53
Message-Id:	`E1MIV6l-0005OA-6Q@stork.gentoo.org`

1

Author: zmedico

2

Date: 2009-06-21 22:01:50 +0000 (Sun, 21 Jun 2009)

3

New Revision: 13660

4

5

Modified:

6

   main/trunk/pym/portage/cache/fs_template.py

7

   main/trunk/pym/portage/cache/sqlite.py

8

   main/trunk/pym/portage/dbapi/porttree.py

9

Log:

10

Tweak depcache permission handling so egencache can be run by a user who's

11

not in the portage group, allowing for better privilege isolation.

12

13

14

Modified: main/trunk/pym/portage/cache/fs_template.py

15

===================================================================

16

--- main/trunk/pym/portage/cache/fs_template.py	2009-06-21 01:51:42 UTC (rev 13659)

17

+++ main/trunk/pym/portage/cache/fs_template.py	2009-06-21 22:01:50 UTC (rev 13660)

18

@@ -17,7 +17,7 @@

19

 		gid=portage_gid

20

 		perms=0665"""

21

22

-		for x,y in (("gid",portage_gid),("perms",0664)):

23

+		for x, y in (("gid", -1), ("perms", -1)):

24

 			if x in config:

25

 				setattr(self, "_"+x, config[x])

26

 				del config[x]

27

@@ -34,8 +34,10 @@

28

 		"""returns true or false if it's able to ensure that path is properly chmod'd and chowned.

29

 		if mtime is specified, attempts to ensure that's correct also"""

30

 		try:

31

-			os.chown(path, -1, self._gid)

32

-			os.chmod(path, self._perms)

33

+			if self._gid != -1:

34

+				os.chown(path, -1, self._gid)

35

+			if self._perms != -1:

36

+				os.chmod(path, self._perms)

37

 			if mtime != -1:

38

 				mtime=long(mtime)

39

 				os.utime(path, (mtime, mtime))

40

@@ -55,12 +57,19 @@

41

 		for dir in path.lstrip(os.path.sep).rstrip(os.path.sep).split(os.path.sep):

42

 			base = os.path.join(base,dir)

43

 			if not os.path.exists(base):

44

-				um=os.umask(0)

45

+				if self._perms != -1:

46

+					um = os.umask(0)

47

 				try:

48

-					os.mkdir(base, self._perms | 0111)

49

-					os.chown(base, -1, self._gid)

50

+					perms = self._perms

51

+					if perms == -1:

52

+						perms = 0

53

+					perms |= 0755

54

+					os.mkdir(base, perms)

55

+					if self._gid != -1:

56

+						os.chown(base, -1, self._gid)

57

 				finally:

58

-					os.umask(um)

59

+					if self._perms != -1:

60

+						os.umask(um)

61

62

63

 def gen_label(base, label):

64

65

Modified: main/trunk/pym/portage/cache/sqlite.py

66

===================================================================

67

--- main/trunk/pym/portage/cache/sqlite.py	2009-06-21 01:51:42 UTC (rev 13659)

68

+++ main/trunk/pym/portage/cache/sqlite.py	2009-06-21 22:01:50 UTC (rev 13660)

69

@@ -62,7 +62,7 @@

70

 				database=self._dbpath, **connection_kwargs)

71

 			self._db_cursor = self._db_connection.cursor()

72

 			self._db_cursor.execute("PRAGMA encoding = %s" % self._db_escape_string("UTF-8"))

73

-			if not apply_secpass_permissions(self._dbpath, gid=portage_gid, mode=070, mask=02):

74

+			if not self._ensure_access(self._dbpath):

75

 				raise cache_errors.InitializationError(self.__class__, "can't ensure perms on %s" % self._dbpath)

76

 			self._db_init_cache_size(config["cache_bytes"])

77

 			self._db_init_synchronous(config["synchronous"])

78

79

Modified: main/trunk/pym/portage/dbapi/porttree.py

80

===================================================================

81

--- main/trunk/pym/portage/dbapi/porttree.py	2009-06-21 01:51:42 UTC (rev 13659)

82

+++ main/trunk/pym/portage/dbapi/porttree.py	2009-06-21 22:01:50 UTC (rev 13660)

83

@@ -295,12 +295,23 @@

84

 		self.auxdb = {}

85

 		self._pregen_auxdb = {}

86

 		self._init_cache_dirs()

87

+		depcachedir_w_ok = os.access(self.depcachedir, os.W_OK)

88

+		cache_kwargs = {

89

+			'gid'     : portage_gid,

90

+			'perms'   : 0664

91

+		}

92

+

93

+		if secpass < 1:

94

+			# portage_gid is irrelevant, so just obey umask

95

+			cache_kwargs['gid']   = -1

96

+			cache_kwargs['perms'] = -1

97

+

98

 		# XXX: REMOVE THIS ONCE UNUSED_0 IS YANKED FROM auxdbkeys

99

 		# ~harring

100

 		filtered_auxdbkeys = filter(lambda x: not x.startswith("UNUSED_0"), auxdbkeys)

101

 		filtered_auxdbkeys.sort()

102

 		from portage.cache import metadata_overlay, volatile

103

-		if secpass < 1:

104

+		if not depcachedir_w_ok:

105

 			for x in self.porttrees:

106

 				db_ro = self.auxdbmodule(self.depcachedir, x,

107

 					filtered_auxdbkeys, gid=portage_gid, readonly=True)

108

@@ -314,7 +325,7 @@

109

 					continue

110

 				# location, label, auxdbkeys

111

 				self.auxdb[x] = self.auxdbmodule(

112

-					self.depcachedir, x, filtered_auxdbkeys, gid=portage_gid)

113

+					self.depcachedir, x, filtered_auxdbkeys, **cache_kwargs)

114

 				if self.auxdbmodule is metadata_overlay.database:

115

 					self.auxdb[x].db_ro.ec = self._repo_info[x].eclass_db

116

 		if "metadata-transfer" not in self.mysettings.features:

1	Author: zmedico
2	Date: 2009-06-21 22:01:50 +0000 (Sun, 21 Jun 2009)
3	New Revision: 13660
4
5	Modified:
6	main/trunk/pym/portage/cache/fs_template.py
7	main/trunk/pym/portage/cache/sqlite.py
8	main/trunk/pym/portage/dbapi/porttree.py
9	Log:
10	Tweak depcache permission handling so egencache can be run by a user who's
11	not in the portage group, allowing for better privilege isolation.
12
13
14	Modified: main/trunk/pym/portage/cache/fs_template.py
15	===================================================================
16	--- main/trunk/pym/portage/cache/fs_template.py 2009-06-21 01:51:42 UTC (rev 13659)
17	+++ main/trunk/pym/portage/cache/fs_template.py 2009-06-21 22:01:50 UTC (rev 13660)
18	@@ -17,7 +17,7 @@
19	gid=portage_gid
20	perms=0665"""
21
22	- for x,y in (("gid",portage_gid),("perms",0664)):
23	+ for x, y in (("gid", -1), ("perms", -1)):
24	if x in config:
25	setattr(self, "_"+x, config[x])
26	del config[x]
27	@@ -34,8 +34,10 @@
28	"""returns true or false if it's able to ensure that path is properly chmod'd and chowned.
29	if mtime is specified, attempts to ensure that's correct also"""
30	try:
31	- os.chown(path, -1, self._gid)
32	- os.chmod(path, self._perms)
33	+ if self._gid != -1:
34	+ os.chown(path, -1, self._gid)
35	+ if self._perms != -1:
36	+ os.chmod(path, self._perms)
37	if mtime != -1:
38	mtime=long(mtime)
39	os.utime(path, (mtime, mtime))
40	@@ -55,12 +57,19 @@
41	for dir in path.lstrip(os.path.sep).rstrip(os.path.sep).split(os.path.sep):
42	base = os.path.join(base,dir)
43	if not os.path.exists(base):
44	- um=os.umask(0)
45	+ if self._perms != -1:
46	+ um = os.umask(0)
47	try:
48	- os.mkdir(base, self._perms \| 0111)
49	- os.chown(base, -1, self._gid)
50	+ perms = self._perms
51	+ if perms == -1:
52	+ perms = 0
53	+ perms \|= 0755
54	+ os.mkdir(base, perms)
55	+ if self._gid != -1:
56	+ os.chown(base, -1, self._gid)
57	finally:
58	- os.umask(um)
59	+ if self._perms != -1:
60	+ os.umask(um)
61
62
63	def gen_label(base, label):
64
65	Modified: main/trunk/pym/portage/cache/sqlite.py
66	===================================================================
67	--- main/trunk/pym/portage/cache/sqlite.py 2009-06-21 01:51:42 UTC (rev 13659)
68	+++ main/trunk/pym/portage/cache/sqlite.py 2009-06-21 22:01:50 UTC (rev 13660)
69	@@ -62,7 +62,7 @@
70	database=self._dbpath, **connection_kwargs)
71	self._db_cursor = self._db_connection.cursor()
72	self._db_cursor.execute("PRAGMA encoding = %s" % self._db_escape_string("UTF-8"))
73	- if not apply_secpass_permissions(self._dbpath, gid=portage_gid, mode=070, mask=02):
74	+ if not self._ensure_access(self._dbpath):
75	raise cache_errors.InitializationError(self.__class__, "can't ensure perms on %s" % self._dbpath)
76	self._db_init_cache_size(config["cache_bytes"])
77	self._db_init_synchronous(config["synchronous"])
78
79	Modified: main/trunk/pym/portage/dbapi/porttree.py
80	===================================================================
81	--- main/trunk/pym/portage/dbapi/porttree.py 2009-06-21 01:51:42 UTC (rev 13659)
82	+++ main/trunk/pym/portage/dbapi/porttree.py 2009-06-21 22:01:50 UTC (rev 13660)
83	@@ -295,12 +295,23 @@
84	self.auxdb = {}
85	self._pregen_auxdb = {}
86	self._init_cache_dirs()
87	+ depcachedir_w_ok = os.access(self.depcachedir, os.W_OK)
88	+ cache_kwargs = {
89	+ 'gid' : portage_gid,
90	+ 'perms' : 0664
91	+ }
92	+
93	+ if secpass < 1:
94	+ # portage_gid is irrelevant, so just obey umask
95	+ cache_kwargs['gid'] = -1
96	+ cache_kwargs['perms'] = -1
97	+
98	# XXX: REMOVE THIS ONCE UNUSED_0 IS YANKED FROM auxdbkeys
99	# ~harring
100	filtered_auxdbkeys = filter(lambda x: not x.startswith("UNUSED_0"), auxdbkeys)
101	filtered_auxdbkeys.sort()
102	from portage.cache import metadata_overlay, volatile
103	- if secpass < 1:
104	+ if not depcachedir_w_ok:
105	for x in self.porttrees:
106	db_ro = self.auxdbmodule(self.depcachedir, x,
107	filtered_auxdbkeys, gid=portage_gid, readonly=True)
108	@@ -314,7 +325,7 @@
109	continue
110	# location, label, auxdbkeys
111	self.auxdb[x] = self.auxdbmodule(
112	- self.depcachedir, x, filtered_auxdbkeys, gid=portage_gid)
113	+ self.depcachedir, x, filtered_auxdbkeys, **cache_kwargs)
114	if self.auxdbmodule is metadata_overlay.database:
115	self.auxdb[x].db_ro.ec = self._repo_info[x].eclass_db
116	if "metadata-transfer" not in self.mysettings.features:

Gentoo Archives: gentoo-commits