1 |
Use the apply_recursive_permissions function to minimize the number of |
2 |
chmod calls. |
3 |
|
4 |
Also, fix an UnboundLocalError triggered in portage.data._get_global |
5 |
by chmod-lite. |
6 |
|
7 |
X-Gentoo-Bug: 554084 |
8 |
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=554084 |
9 |
--- |
10 |
[PATCH v3] fixes apply_recursive_permissions to properly separate modes |
11 |
and masks for files and directories |
12 |
|
13 |
bin/chmod-lite | 10 +++++ |
14 |
bin/chmod-lite.py | 30 +++++++++++++++ |
15 |
bin/phase-helpers.sh | 2 +- |
16 |
pym/portage/data.py | 2 +- |
17 |
pym/portage/util/__init__.py | 88 ++++++++++++++++++++++---------------------- |
18 |
5 files changed, 87 insertions(+), 45 deletions(-) |
19 |
create mode 100755 bin/chmod-lite |
20 |
create mode 100755 bin/chmod-lite.py |
21 |
|
22 |
diff --git a/bin/chmod-lite b/bin/chmod-lite |
23 |
new file mode 100755 |
24 |
index 0000000..ffa8d4d |
25 |
--- /dev/null |
26 |
+++ b/bin/chmod-lite |
27 |
@@ -0,0 +1,10 @@ |
28 |
+#!/bin/bash |
29 |
+# Copyright 2015 Gentoo Foundation |
30 |
+# Distributed under the terms of the GNU General Public License v2 |
31 |
+ |
32 |
+export __PORTAGE_HELPER_CWD=${PWD} |
33 |
+ |
34 |
+# Use safe cwd, avoiding unsafe import for bug #469338. |
35 |
+cd "${PORTAGE_PYM_PATH}" || exit 1 |
36 |
+PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \ |
37 |
+ exec "${PORTAGE_PYTHON:-/usr/bin/python}" "$PORTAGE_BIN_PATH/chmod-lite.py" "$@" |
38 |
diff --git a/bin/chmod-lite.py b/bin/chmod-lite.py |
39 |
new file mode 100755 |
40 |
index 0000000..a552b25 |
41 |
--- /dev/null |
42 |
+++ b/bin/chmod-lite.py |
43 |
@@ -0,0 +1,30 @@ |
44 |
+#!/usr/bin/python -b |
45 |
+# Copyright 2015 Gentoo Foundation |
46 |
+# Distributed under the terms of the GNU General Public License v2 |
47 |
+ |
48 |
+import os |
49 |
+import sys |
50 |
+ |
51 |
+from portage.util import apply_recursive_permissions |
52 |
+ |
53 |
+# Change back to original cwd _after_ all imports (bug #469338). |
54 |
+os.chdir(os.environ["__PORTAGE_HELPER_CWD"]) |
55 |
+ |
56 |
+def main(files): |
57 |
+ |
58 |
+ if sys.hexversion >= 0x3000000: |
59 |
+ # We can't trust that the filesystem encoding (locale dependent) |
60 |
+ # correctly matches the arguments, so use surrogateescape to |
61 |
+ # pass through the original argv bytes for Python 3. |
62 |
+ fs_encoding = sys.getfilesystemencoding() |
63 |
+ files = [x.encode(fs_encoding, 'surrogateescape') for x in files] |
64 |
+ |
65 |
+ for filename in files: |
66 |
+ # Emulate 'chmod -fR a+rX,u+w,g-w,o-w' with mininal chmod calls. |
67 |
+ apply_recursive_permissions(filename, filemode=0o644, |
68 |
+ filemask=0o022, dirmode=0o755, dirmask=0o022) |
69 |
+ |
70 |
+ return os.EX_OK |
71 |
+ |
72 |
+if __name__ == "__main__": |
73 |
+ sys.exit(main(sys.argv[1:])) |
74 |
diff --git a/bin/phase-helpers.sh b/bin/phase-helpers.sh |
75 |
index efd2cfa..0c25ffe 100644 |
76 |
--- a/bin/phase-helpers.sh |
77 |
+++ b/bin/phase-helpers.sh |
78 |
@@ -532,7 +532,7 @@ unpack() { |
79 |
# Do not chmod '.' since it's probably ${WORKDIR} and PORTAGE_WORKDIR_MODE |
80 |
# should be preserved. |
81 |
find . -mindepth 1 -maxdepth 1 ! -type l -print0 | \ |
82 |
- ${XARGS} -0 chmod -fR a+rX,u+w,g-w,o-w |
83 |
+ ${XARGS} -0 "${PORTAGE_BIN_PATH}/chmod-lite" |
84 |
} |
85 |
|
86 |
econf() { |
87 |
diff --git a/pym/portage/data.py b/pym/portage/data.py |
88 |
index 2fd287d..2c99548 100644 |
89 |
--- a/pym/portage/data.py |
90 |
+++ b/pym/portage/data.py |
91 |
@@ -139,7 +139,7 @@ def _get_global(k): |
92 |
v = 2 |
93 |
elif unprivileged: |
94 |
v = 2 |
95 |
- elif portage_gid in os.getgroups(): |
96 |
+ elif _get_global('portage_gid') in os.getgroups(): |
97 |
v = 1 |
98 |
|
99 |
elif k in ('portage_gid', 'portage_uid'): |
100 |
diff --git a/pym/portage/util/__init__.py b/pym/portage/util/__init__.py |
101 |
index c0b509b..38780a7 100644 |
102 |
--- a/pym/portage/util/__init__.py |
103 |
+++ b/pym/portage/util/__init__.py |
104 |
@@ -17,9 +17,9 @@ from copy import deepcopy |
105 |
import errno |
106 |
import io |
107 |
try: |
108 |
- from itertools import filterfalse |
109 |
+ from itertools import chain, filterfalse |
110 |
except ImportError: |
111 |
- from itertools import ifilterfalse as filterfalse |
112 |
+ from itertools import chain, ifilterfalse as filterfalse |
113 |
import logging |
114 |
import re |
115 |
import shlex |
116 |
@@ -1041,6 +1041,23 @@ def unique_everseen(iterable, key=None): |
117 |
seen_add(k) |
118 |
yield element |
119 |
|
120 |
+def _do_stat(filename, follow_links=True): |
121 |
+ try: |
122 |
+ if follow_links: |
123 |
+ return os.stat(filename) |
124 |
+ else: |
125 |
+ return os.lstat(filename) |
126 |
+ except OSError as oe: |
127 |
+ func_call = "stat('%s')" % filename |
128 |
+ if oe.errno == errno.EPERM: |
129 |
+ raise OperationNotPermitted(func_call) |
130 |
+ elif oe.errno == errno.EACCES: |
131 |
+ raise PermissionDenied(func_call) |
132 |
+ elif oe.errno == errno.ENOENT: |
133 |
+ raise FileNotFound(filename) |
134 |
+ else: |
135 |
+ raise |
136 |
+ |
137 |
def apply_permissions(filename, uid=-1, gid=-1, mode=-1, mask=-1, |
138 |
stat_cached=None, follow_links=True): |
139 |
"""Apply user, group, and mode bits to a file if the existing bits do not |
140 |
@@ -1058,21 +1075,7 @@ def apply_permissions(filename, uid=-1, gid=-1, mode=-1, mask=-1, |
141 |
gid = int(gid) |
142 |
|
143 |
if stat_cached is None: |
144 |
- try: |
145 |
- if follow_links: |
146 |
- stat_cached = os.stat(filename) |
147 |
- else: |
148 |
- stat_cached = os.lstat(filename) |
149 |
- except OSError as oe: |
150 |
- func_call = "stat('%s')" % filename |
151 |
- if oe.errno == errno.EPERM: |
152 |
- raise OperationNotPermitted(func_call) |
153 |
- elif oe.errno == errno.EACCES: |
154 |
- raise PermissionDenied(func_call) |
155 |
- elif oe.errno == errno.ENOENT: |
156 |
- raise FileNotFound(filename) |
157 |
- else: |
158 |
- raise |
159 |
+ stat_cached = _do_stat(filename, follow_links=follow_links) |
160 |
|
161 |
if (uid != -1 and uid != stat_cached.st_uid) or \ |
162 |
(gid != -1 and gid != stat_cached.st_gid): |
163 |
@@ -1177,22 +1180,35 @@ def apply_recursive_permissions(top, uid=-1, gid=-1, |
164 |
else: |
165 |
raise |
166 |
|
167 |
+ # For bug 554084, always apply permissions to a directory before |
168 |
+ # that directory is traversed. |
169 |
all_applied = True |
170 |
- for dirpath, dirnames, filenames in os.walk(top): |
171 |
- try: |
172 |
- applied = apply_secpass_permissions(dirpath, |
173 |
- uid=uid, gid=gid, mode=dirmode, mask=dirmask, |
174 |
- follow_links=follow_links) |
175 |
- if not applied: |
176 |
- all_applied = False |
177 |
- except PortageException as e: |
178 |
+ |
179 |
+ stat_cached = _do_stat(top, follow_links=follow_links) |
180 |
+ if stat.S_ISDIR(stat_cached.st_mode): |
181 |
+ mode = dirmode |
182 |
+ mask = dirmask |
183 |
+ else: |
184 |
+ mode = filemode |
185 |
+ mask = filemask |
186 |
+ |
187 |
+ try: |
188 |
+ applied = apply_secpass_permissions(top, |
189 |
+ uid=uid, gid=gid, mode=mode, mask=mask, |
190 |
+ stat_cached=stat_cached, follow_links=follow_links) |
191 |
+ if not applied: |
192 |
all_applied = False |
193 |
- onerror(e) |
194 |
+ except PortageException as e: |
195 |
+ all_applied = False |
196 |
+ onerror(e) |
197 |
|
198 |
- for name in filenames: |
199 |
+ for dirpath, dirnames, filenames in os.walk(top): |
200 |
+ for name, mode, mask in chain( |
201 |
+ ((x, filemode, filemask) for x in filenames), |
202 |
+ ((x, dirmode, dirmask) for x in dirnames)): |
203 |
try: |
204 |
applied = apply_secpass_permissions(os.path.join(dirpath, name), |
205 |
- uid=uid, gid=gid, mode=filemode, mask=filemask, |
206 |
+ uid=uid, gid=gid, mode=mode, mask=mask, |
207 |
follow_links=follow_links) |
208 |
if not applied: |
209 |
all_applied = False |
210 |
@@ -1216,21 +1232,7 @@ def apply_secpass_permissions(filename, uid=-1, gid=-1, mode=-1, mask=-1, |
211 |
unapplied.""" |
212 |
|
213 |
if stat_cached is None: |
214 |
- try: |
215 |
- if follow_links: |
216 |
- stat_cached = os.stat(filename) |
217 |
- else: |
218 |
- stat_cached = os.lstat(filename) |
219 |
- except OSError as oe: |
220 |
- func_call = "stat('%s')" % filename |
221 |
- if oe.errno == errno.EPERM: |
222 |
- raise OperationNotPermitted(func_call) |
223 |
- elif oe.errno == errno.EACCES: |
224 |
- raise PermissionDenied(func_call) |
225 |
- elif oe.errno == errno.ENOENT: |
226 |
- raise FileNotFound(filename) |
227 |
- else: |
228 |
- raise |
229 |
+ stat_cached = _do_stat(filename, follow_links=follow_links) |
230 |
|
231 |
all_applied = True |
232 |
|
233 |
-- |
234 |
2.4.6 |