Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-portage-dev

From: Zac Medico <zmedico@g.o>
To: gentoo-portage-dev@l.g.o
Subject: Re: [gentoo-portage-dev] [PATCH v2] Support escaping network-sandbox through SOCKSv5 proxy
Date: Sun, 25 Jan 2015 21:43:20
Message-Id: 54C56372.2060502@gentoo.org
In Reply to: [gentoo-portage-dev] [PATCH v2] Support escaping network-sandbox through SOCKSv5 proxy by "Michał Górny"
1 On 01/25/2015 06:00 AM, Michał Górny wrote:
2 > diff --git a/bin/socks5-server.py b/bin/socks5-server.py
3 > new file mode 100644
4 > index 0000000..c079018
5 > --- /dev/null
6 > +++ b/bin/socks5-server.py
7 > @@ -0,0 +1,218 @@
8 > +#!/usr/bin/env python
9 > +# SOCKSv5 proxy server for network-sandbox
10 > +# Copyright 2015 Gentoo Foundation
11 > +# Distributed under the terms of the GNU General Public License v2
12 > +
13 > +import asyncore
14 > +import errno
15 > +import socket
16 > +import struct
17 > +import sys
18 > +
19 > +
20 > +class ProxyConnection(asyncore.dispatcher_with_send):
21 > + _addr = None
22 > + _connected = False
23 > + _family = socket.AF_INET
24 > + _proxy_conn = None
25 > +
26 > + def __init__(self, proxy_conn):
27 > + self._proxy_conn = proxy_conn
28 > + asyncore.dispatcher_with_send.__init__(self)
29 > + self.create_socket(self._family, socket.SOCK_STREAM)
30 > +
31 > + def start_connection(self, host, port):
32 > + try:
33 > + self.connect((host, port))
34 > + except:
35 > + self.handle_error()
36
37 This except handler should at least allow SystemExit and
38 KeyboardInterrupt to raise.
39
40 > diff --git a/pym/portage/package/ebuild/_config/special_env_vars.py b/pym/portage/package/ebuild/_config/special_env_vars.py
41 > index 6bb3c95..905d5e7 100644
42 > --- a/pym/portage/package/ebuild/_config/special_env_vars.py
43 > +++ b/pym/portage/package/ebuild/_config/special_env_vars.py
44 > @@ -71,7 +71,7 @@ environ_whitelist += [
45 > "PORTAGE_PYM_PATH", "PORTAGE_PYTHON",
46 > "PORTAGE_PYTHONPATH", "PORTAGE_QUIET",
47 > "PORTAGE_REPO_NAME", "PORTAGE_REPOSITORIES", "PORTAGE_RESTRICT",
48 > - "PORTAGE_SIGPIPE_STATUS",
49 > + "PORTAGE_SIGPIPE_STATUS", "PORTAGE_SOCKS5_PROXY",
50 > "PORTAGE_TMPDIR", "PORTAGE_UPDATE_ENV", "PORTAGE_USERNAME",
51 > "PORTAGE_VERBOSE", "PORTAGE_WORKDIR_MODE", "PORTAGE_XATTR_EXCLUDE",
52 > "PORTDIR", "PORTDIR_OVERLAY", "PREROOTPATH",
53
54 The DISTCC_SOCKS_PROXY variable should also be added to the whitelist.
55
56 Other than these 2 minor issues, the patch looks to me. I guess there's
57 no point in using portage's event loop instead of asyncore, since we
58 want the proxy to drop privileges, and therefore it can't run in the
59 main portage process.
60 --
61 Thanks,
62 Zac

Replies

Subject Author
Re: [gentoo-portage-dev] [PATCH v2] Support escaping network-sandbox through SOCKSv5 proxy "Michał Górny" <mgorny@g.o>
Report Message
Find on MARC Find on Google Groups