1 |
Also, fix BinpkgExtractorAsync tar options to preserve |
2 |
security.capability attributes. |
3 |
|
4 |
X-Gentoo-Bug: 548516 |
5 |
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=548516 |
6 |
--- |
7 |
cnf/make.globals | 6 ++++-- |
8 |
pym/_emerge/BinpkgExtractorAsync.py | 3 ++- |
9 |
2 files changed, 6 insertions(+), 3 deletions(-) |
10 |
|
11 |
diff --git a/cnf/make.globals b/cnf/make.globals |
12 |
index dd99618..5698636 100644 |
13 |
--- a/cnf/make.globals |
14 |
+++ b/cnf/make.globals |
15 |
@@ -123,9 +123,11 @@ PORTAGE_ELOG_MAILFROM="portage@localhost" |
16 |
PORTAGE_GPG_SIGNING_COMMAND="gpg --sign --digest-algo SHA256 --clearsign --yes --default-key \"\${PORTAGE_GPG_KEY}\" --homedir \"\${PORTAGE_GPG_DIR}\" \"\${FILE}\"" |
17 |
|
18 |
# btrfs.* attributes are irrelevant, see bug #527636. |
19 |
-# Security labels are special, see bug #461868. |
20 |
+# security.* attributes may be special (see bug 461868), but |
21 |
+# security.capabilities is specifically not excluded (bug 548516). |
22 |
# system.nfs4_acl attributes are irrelevant, see bug #475496. |
23 |
-PORTAGE_XATTR_EXCLUDE="btrfs.* security.* system.nfs4_acl" |
24 |
+PORTAGE_XATTR_EXCLUDE="btrfs.* security.evm security.ima |
25 |
+ security.selinux system.nfs4_acl" |
26 |
|
27 |
# ***************************** |
28 |
# ** DO NOT EDIT THIS FILE ** |
29 |
diff --git a/pym/_emerge/BinpkgExtractorAsync.py b/pym/_emerge/BinpkgExtractorAsync.py |
30 |
index 6aaa448..6b5539a 100644 |
31 |
--- a/pym/_emerge/BinpkgExtractorAsync.py |
32 |
+++ b/pym/_emerge/BinpkgExtractorAsync.py |
33 |
@@ -23,7 +23,8 @@ class BinpkgExtractorAsync(SpawnProcess): |
34 |
process = subprocess.Popen(["tar", "--help"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
35 |
output = process.communicate()[0] |
36 |
if b"--xattrs" in output: |
37 |
- tar_options = "--xattrs" |
38 |
+ tar_options = ("--xattrs --xattrs-include='*' --xattrs-exclude=" |
39 |
+ "'%s'" % self.env.get("PORTAGE_XATTR_EXCLUDE", "")) |
40 |
|
41 |
decomp_cmd = _decompressors.get( |
42 |
compression_probe(self.pkg_path)) |
43 |
-- |
44 |
2.3.5 |