1 |
Author: zmedico |
2 |
Date: 2009-06-21 22:01:50 +0000 (Sun, 21 Jun 2009) |
3 |
New Revision: 13660 |
4 |
|
5 |
Modified: |
6 |
main/trunk/pym/portage/cache/fs_template.py |
7 |
main/trunk/pym/portage/cache/sqlite.py |
8 |
main/trunk/pym/portage/dbapi/porttree.py |
9 |
Log: |
10 |
Tweak depcache permission handling so egencache can be run by a user who's |
11 |
not in the portage group, allowing for better privilege isolation. |
12 |
|
13 |
|
14 |
Modified: main/trunk/pym/portage/cache/fs_template.py |
15 |
=================================================================== |
16 |
--- main/trunk/pym/portage/cache/fs_template.py 2009-06-21 01:51:42 UTC (rev 13659) |
17 |
+++ main/trunk/pym/portage/cache/fs_template.py 2009-06-21 22:01:50 UTC (rev 13660) |
18 |
@@ -17,7 +17,7 @@ |
19 |
gid=portage_gid |
20 |
perms=0665""" |
21 |
|
22 |
- for x,y in (("gid",portage_gid),("perms",0664)): |
23 |
+ for x, y in (("gid", -1), ("perms", -1)): |
24 |
if x in config: |
25 |
setattr(self, "_"+x, config[x]) |
26 |
del config[x] |
27 |
@@ -34,8 +34,10 @@ |
28 |
"""returns true or false if it's able to ensure that path is properly chmod'd and chowned. |
29 |
if mtime is specified, attempts to ensure that's correct also""" |
30 |
try: |
31 |
- os.chown(path, -1, self._gid) |
32 |
- os.chmod(path, self._perms) |
33 |
+ if self._gid != -1: |
34 |
+ os.chown(path, -1, self._gid) |
35 |
+ if self._perms != -1: |
36 |
+ os.chmod(path, self._perms) |
37 |
if mtime != -1: |
38 |
mtime=long(mtime) |
39 |
os.utime(path, (mtime, mtime)) |
40 |
@@ -55,12 +57,19 @@ |
41 |
for dir in path.lstrip(os.path.sep).rstrip(os.path.sep).split(os.path.sep): |
42 |
base = os.path.join(base,dir) |
43 |
if not os.path.exists(base): |
44 |
- um=os.umask(0) |
45 |
+ if self._perms != -1: |
46 |
+ um = os.umask(0) |
47 |
try: |
48 |
- os.mkdir(base, self._perms | 0111) |
49 |
- os.chown(base, -1, self._gid) |
50 |
+ perms = self._perms |
51 |
+ if perms == -1: |
52 |
+ perms = 0 |
53 |
+ perms |= 0755 |
54 |
+ os.mkdir(base, perms) |
55 |
+ if self._gid != -1: |
56 |
+ os.chown(base, -1, self._gid) |
57 |
finally: |
58 |
- os.umask(um) |
59 |
+ if self._perms != -1: |
60 |
+ os.umask(um) |
61 |
|
62 |
|
63 |
def gen_label(base, label): |
64 |
|
65 |
Modified: main/trunk/pym/portage/cache/sqlite.py |
66 |
=================================================================== |
67 |
--- main/trunk/pym/portage/cache/sqlite.py 2009-06-21 01:51:42 UTC (rev 13659) |
68 |
+++ main/trunk/pym/portage/cache/sqlite.py 2009-06-21 22:01:50 UTC (rev 13660) |
69 |
@@ -62,7 +62,7 @@ |
70 |
database=self._dbpath, **connection_kwargs) |
71 |
self._db_cursor = self._db_connection.cursor() |
72 |
self._db_cursor.execute("PRAGMA encoding = %s" % self._db_escape_string("UTF-8")) |
73 |
- if not apply_secpass_permissions(self._dbpath, gid=portage_gid, mode=070, mask=02): |
74 |
+ if not self._ensure_access(self._dbpath): |
75 |
raise cache_errors.InitializationError(self.__class__, "can't ensure perms on %s" % self._dbpath) |
76 |
self._db_init_cache_size(config["cache_bytes"]) |
77 |
self._db_init_synchronous(config["synchronous"]) |
78 |
|
79 |
Modified: main/trunk/pym/portage/dbapi/porttree.py |
80 |
=================================================================== |
81 |
--- main/trunk/pym/portage/dbapi/porttree.py 2009-06-21 01:51:42 UTC (rev 13659) |
82 |
+++ main/trunk/pym/portage/dbapi/porttree.py 2009-06-21 22:01:50 UTC (rev 13660) |
83 |
@@ -295,12 +295,23 @@ |
84 |
self.auxdb = {} |
85 |
self._pregen_auxdb = {} |
86 |
self._init_cache_dirs() |
87 |
+ depcachedir_w_ok = os.access(self.depcachedir, os.W_OK) |
88 |
+ cache_kwargs = { |
89 |
+ 'gid' : portage_gid, |
90 |
+ 'perms' : 0664 |
91 |
+ } |
92 |
+ |
93 |
+ if secpass < 1: |
94 |
+ # portage_gid is irrelevant, so just obey umask |
95 |
+ cache_kwargs['gid'] = -1 |
96 |
+ cache_kwargs['perms'] = -1 |
97 |
+ |
98 |
# XXX: REMOVE THIS ONCE UNUSED_0 IS YANKED FROM auxdbkeys |
99 |
# ~harring |
100 |
filtered_auxdbkeys = filter(lambda x: not x.startswith("UNUSED_0"), auxdbkeys) |
101 |
filtered_auxdbkeys.sort() |
102 |
from portage.cache import metadata_overlay, volatile |
103 |
- if secpass < 1: |
104 |
+ if not depcachedir_w_ok: |
105 |
for x in self.porttrees: |
106 |
db_ro = self.auxdbmodule(self.depcachedir, x, |
107 |
filtered_auxdbkeys, gid=portage_gid, readonly=True) |
108 |
@@ -314,7 +325,7 @@ |
109 |
continue |
110 |
# location, label, auxdbkeys |
111 |
self.auxdb[x] = self.auxdbmodule( |
112 |
- self.depcachedir, x, filtered_auxdbkeys, gid=portage_gid) |
113 |
+ self.depcachedir, x, filtered_auxdbkeys, **cache_kwargs) |
114 |
if self.auxdbmodule is metadata_overlay.database: |
115 |
self.auxdb[x].db_ro.ec = self._repo_info[x].eclass_db |
116 |
if "metadata-transfer" not in self.mysettings.features: |