Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-portage-dev

From: "Michał Górny" <mgorny@g.o>
To: Zac Medico <zmedico@g.o>
Cc: gentoo-portage-dev@l.g.o
Subject: Re: [gentoo-portage-dev] [PATCH v2] Support escaping network-sandbox through SOCKSv5 proxy
Date: Sun, 25 Jan 2015 22:02:38
Message-Id: 20150125230128.12b61f69@pomiot.lan
In Reply to: Re: [gentoo-portage-dev] [PATCH v2] Support escaping network-sandbox through SOCKSv5 proxy by Zac Medico
1 Dnia 2015-01-25, o godz. 13:43:14
2 Zac Medico <zmedico@g.o> napisał(a):
3
4 > On 01/25/2015 06:00 AM, Michał Górny wrote:
5 > > diff --git a/bin/socks5-server.py b/bin/socks5-server.py
6 > > new file mode 100644
7 > > index 0000000..c079018
8 > > --- /dev/null
9 > > +++ b/bin/socks5-server.py
10 > > @@ -0,0 +1,218 @@
11 > > +#!/usr/bin/env python
12 > > +# SOCKSv5 proxy server for network-sandbox
13 > > +# Copyright 2015 Gentoo Foundation
14 > > +# Distributed under the terms of the GNU General Public License v2
15 > > +
16 > > +import asyncore
17 > > +import errno
18 > > +import socket
19 > > +import struct
20 > > +import sys
21 > > +
22 > > +
23 > > +class ProxyConnection(asyncore.dispatcher_with_send):
24 > > + _addr = None
25 > > + _connected = False
26 > > + _family = socket.AF_INET
27 > > + _proxy_conn = None
28 > > +
29 > > + def __init__(self, proxy_conn):
30 > > + self._proxy_conn = proxy_conn
31 > > + asyncore.dispatcher_with_send.__init__(self)
32 > > + self.create_socket(self._family, socket.SOCK_STREAM)
33 > > +
34 > > + def start_connection(self, host, port):
35 > > + try:
36 > > + self.connect((host, port))
37 > > + except:
38 > > + self.handle_error()
39 >
40 > This except handler should at least allow SystemExit and
41 > KeyboardInterrupt to raise.
42
43 handle_error() has conditional exception reraising code.
44
45 > > diff --git a/pym/portage/package/ebuild/_config/special_env_vars.py b/pym/portage/package/ebuild/_config/special_env_vars.py
46 > > index 6bb3c95..905d5e7 100644
47 > > --- a/pym/portage/package/ebuild/_config/special_env_vars.py
48 > > +++ b/pym/portage/package/ebuild/_config/special_env_vars.py
49 > > @@ -71,7 +71,7 @@ environ_whitelist += [
50 > > "PORTAGE_PYM_PATH", "PORTAGE_PYTHON",
51 > > "PORTAGE_PYTHONPATH", "PORTAGE_QUIET",
52 > > "PORTAGE_REPO_NAME", "PORTAGE_REPOSITORIES", "PORTAGE_RESTRICT",
53 > > - "PORTAGE_SIGPIPE_STATUS",
54 > > + "PORTAGE_SIGPIPE_STATUS", "PORTAGE_SOCKS5_PROXY",
55 > > "PORTAGE_TMPDIR", "PORTAGE_UPDATE_ENV", "PORTAGE_USERNAME",
56 > > "PORTAGE_VERBOSE", "PORTAGE_WORKDIR_MODE", "PORTAGE_XATTR_EXCLUDE",
57 > > "PORTDIR", "PORTDIR_OVERLAY", "PREROOTPATH",
58 >
59 > The DISTCC_SOCKS_PROXY variable should also be added to the whitelist.
60
61 There's a regexp for DISTCC_* below.
62
63 > Other than these 2 minor issues, the patch looks to me. I guess there's
64 > no point in using portage's event loop instead of asyncore, since we
65 > want the proxy to drop privileges, and therefore it can't run in the
66 > main portage process.
67
68 To be honest, I didn't even think about it. Asyncore seemed like
69 the Python way of doing non-blocking socket I/O.
70
71 --
72 Best regards,
73 Michał Górny
Report Message
Find on MARC Find on Google Groups