1 |
On 01/25/2015 06:00 AM, Michał Górny wrote: |
2 |
> diff --git a/bin/socks5-server.py b/bin/socks5-server.py |
3 |
> new file mode 100644 |
4 |
> index 0000000..c079018 |
5 |
> --- /dev/null |
6 |
> +++ b/bin/socks5-server.py |
7 |
> @@ -0,0 +1,218 @@ |
8 |
> +#!/usr/bin/env python |
9 |
> +# SOCKSv5 proxy server for network-sandbox |
10 |
> +# Copyright 2015 Gentoo Foundation |
11 |
> +# Distributed under the terms of the GNU General Public License v2 |
12 |
> + |
13 |
> +import asyncore |
14 |
> +import errno |
15 |
> +import socket |
16 |
> +import struct |
17 |
> +import sys |
18 |
> + |
19 |
> + |
20 |
> +class ProxyConnection(asyncore.dispatcher_with_send): |
21 |
> + _addr = None |
22 |
> + _connected = False |
23 |
> + _family = socket.AF_INET |
24 |
> + _proxy_conn = None |
25 |
> + |
26 |
> + def __init__(self, proxy_conn): |
27 |
> + self._proxy_conn = proxy_conn |
28 |
> + asyncore.dispatcher_with_send.__init__(self) |
29 |
> + self.create_socket(self._family, socket.SOCK_STREAM) |
30 |
> + |
31 |
> + def start_connection(self, host, port): |
32 |
> + try: |
33 |
> + self.connect((host, port)) |
34 |
> + except: |
35 |
> + self.handle_error() |
36 |
|
37 |
This except handler should at least allow SystemExit and |
38 |
KeyboardInterrupt to raise. |
39 |
|
40 |
> diff --git a/pym/portage/package/ebuild/_config/special_env_vars.py b/pym/portage/package/ebuild/_config/special_env_vars.py |
41 |
> index 6bb3c95..905d5e7 100644 |
42 |
> --- a/pym/portage/package/ebuild/_config/special_env_vars.py |
43 |
> +++ b/pym/portage/package/ebuild/_config/special_env_vars.py |
44 |
> @@ -71,7 +71,7 @@ environ_whitelist += [ |
45 |
> "PORTAGE_PYM_PATH", "PORTAGE_PYTHON", |
46 |
> "PORTAGE_PYTHONPATH", "PORTAGE_QUIET", |
47 |
> "PORTAGE_REPO_NAME", "PORTAGE_REPOSITORIES", "PORTAGE_RESTRICT", |
48 |
> - "PORTAGE_SIGPIPE_STATUS", |
49 |
> + "PORTAGE_SIGPIPE_STATUS", "PORTAGE_SOCKS5_PROXY", |
50 |
> "PORTAGE_TMPDIR", "PORTAGE_UPDATE_ENV", "PORTAGE_USERNAME", |
51 |
> "PORTAGE_VERBOSE", "PORTAGE_WORKDIR_MODE", "PORTAGE_XATTR_EXCLUDE", |
52 |
> "PORTDIR", "PORTDIR_OVERLAY", "PREROOTPATH", |
53 |
|
54 |
The DISTCC_SOCKS_PROXY variable should also be added to the whitelist. |
55 |
|
56 |
Other than these 2 minor issues, the patch looks to me. I guess there's |
57 |
no point in using portage's event loop instead of asyncore, since we |
58 |
want the proxy to drop privileges, and therefore it can't run in the |
59 |
main portage process. |
60 |
-- |
61 |
Thanks, |
62 |
Zac |