1 |
On Sun, 3 May 2015 16:10:58 -0700 |
2 |
Zac Medico <zmedico@g.o> wrote: |
3 |
|
4 |
> Also, fix BinpkgExtractorAsync tar options to preserve |
5 |
> security.capability attributes. |
6 |
> |
7 |
> X-Gentoo-Bug: 548516 |
8 |
> X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=548516 |
9 |
> --- |
10 |
> [PATCH v2] fixes BinpkgExtractorAsync tar --xattrs-exclude arguments |
11 |
> to work correcty (each token must be passed as a separate argument) |
12 |
> |
13 |
> cnf/make.globals | 6 ++++-- |
14 |
> pym/_emerge/BinpkgExtractorAsync.py | 5 ++++- |
15 |
> 2 files changed, 8 insertions(+), 3 deletions(-) |
16 |
> |
17 |
> diff --git a/cnf/make.globals b/cnf/make.globals |
18 |
> index dd99618..5698636 100644 |
19 |
> --- a/cnf/make.globals |
20 |
> +++ b/cnf/make.globals |
21 |
> @@ -123,9 +123,11 @@ PORTAGE_ELOG_MAILFROM="portage@localhost" |
22 |
> PORTAGE_GPG_SIGNING_COMMAND="gpg --sign --digest-algo SHA256 |
23 |
> --clearsign --yes --default-key \"\${PORTAGE_GPG_KEY}\" --homedir |
24 |
> \"\${PORTAGE_GPG_DIR}\" \"\${FILE}\"" # btrfs.* attributes are |
25 |
> irrelevant, see bug #527636. -# Security labels are special, see bug |
26 |
> #461868. +# security.* attributes may be special (see bug 461868), but |
27 |
> +# security.capabilities is specifically not excluded (bug 548516). |
28 |
> # system.nfs4_acl attributes are irrelevant, see bug #475496. |
29 |
> -PORTAGE_XATTR_EXCLUDE="btrfs.* security.* system.nfs4_acl" |
30 |
> +PORTAGE_XATTR_EXCLUDE="btrfs.* security.evm security.ima |
31 |
> + security.selinux system.nfs4_acl" |
32 |
> |
33 |
> # ***************************** |
34 |
> # ** DO NOT EDIT THIS FILE ** |
35 |
> diff --git a/pym/_emerge/BinpkgExtractorAsync.py |
36 |
> b/pym/_emerge/BinpkgExtractorAsync.py index 6aaa448..0bf3c74 100644 |
37 |
> --- a/pym/_emerge/BinpkgExtractorAsync.py |
38 |
> +++ b/pym/_emerge/BinpkgExtractorAsync.py |
39 |
> @@ -23,7 +23,10 @@ class BinpkgExtractorAsync(SpawnProcess): |
40 |
> process = subprocess.Popen(["tar", |
41 |
> "--help"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) output = |
42 |
> process.communicate()[0] if b"--xattrs" in output: |
43 |
> - tar_options = "--xattrs" |
44 |
> + tar_options = ["--xattrs", |
45 |
> "--xattrs-include='*'"] |
46 |
> + for x in |
47 |
> portage.util.shlex_split(self.env.get("PORTAGE_XATTR_EXCLUDE", "")): |
48 |
> + |
49 |
> tar_options.append(portage._shell_quote("--xattrs-exclude=%s" % x)) |
50 |
> + tar_options = " ".join(tar_options) |
51 |
> |
52 |
> decomp_cmd = _decompressors.get( |
53 |
> compression_probe(self.pkg_path)) |
54 |
|
55 |
Merge please :) |
56 |
|
57 |
-- |
58 |
Brian Dolbec <dolsen> |