Lines 91-97
Link Here
|
91 |
from portage.const import VDB_PATH, PRIVATE_PATH, CACHE_PATH, DEPCACHE_PATH, \ |
91 |
from portage.const import VDB_PATH, PRIVATE_PATH, CACHE_PATH, DEPCACHE_PATH, \ |
92 |
USER_CONFIG_PATH, MODULES_FILE_PATH, CUSTOM_PROFILE_PATH, PORTAGE_BASE_PATH, \ |
92 |
USER_CONFIG_PATH, MODULES_FILE_PATH, CUSTOM_PROFILE_PATH, PORTAGE_BASE_PATH, \ |
93 |
PORTAGE_BIN_PATH, PORTAGE_PYM_PATH, PROFILE_PATH, LOCALE_DATA_PATH, \ |
93 |
PORTAGE_BIN_PATH, PORTAGE_PYM_PATH, PROFILE_PATH, LOCALE_DATA_PATH, \ |
94 |
EBUILD_SH_BINARY, SANDBOX_BINARY, BASH_BINARY, \ |
94 |
EBUILD_SH_BINARY, SANDBOX_BINARY, MACOSSANDBOX_BINARY, MACOSSANDBOX_PROFILE, BASH_BINARY, \ |
95 |
MOVE_BINARY, PRELINK_BINARY, WORLD_FILE, MAKE_CONF_FILE, MAKE_DEFAULTS_FILE, \ |
95 |
MOVE_BINARY, PRELINK_BINARY, WORLD_FILE, MAKE_CONF_FILE, MAKE_DEFAULTS_FILE, \ |
96 |
DEPRECATED_PROFILE_FILE, USER_VIRTUALS_FILE, EBUILD_SH_ENV_FILE, \ |
96 |
DEPRECATED_PROFILE_FILE, USER_VIRTUALS_FILE, EBUILD_SH_ENV_FILE, \ |
97 |
INVALID_ENV_FILE, CUSTOM_MIRRORS_FILE, CONFIG_MEMORY_FILE,\ |
97 |
INVALID_ENV_FILE, CUSTOM_MIRRORS_FILE, CONFIG_MEMORY_FILE,\ |
Lines 1591-1596
Link Here
|
1591 |
if "usersandbox" in self.features: |
1591 |
if "usersandbox" in self.features: |
1592 |
self.features.remove("usersandbox") |
1592 |
self.features.remove("usersandbox") |
1593 |
|
1593 |
|
|
|
1594 |
if not portage.process.macossandbox_capable and \ |
1595 |
("macossandbox" in self.features or "macosusersandbox" in self.features): |
1596 |
if self.profile_path is not None and \ |
1597 |
os.path.realpath(self.profile_path) == \ |
1598 |
os.path.realpath(PROFILE_PATH): |
1599 |
""" Don't show this warning when running repoman and the |
1600 |
sandbox feature came from a profile that doesn't belong to |
1601 |
the user.""" |
1602 |
writemsg(colorize("BAD", "!!! Problem with macos sandbox" + \ |
1603 |
" binary. Disabling...\n\n"), noiselevel=-1) |
1604 |
if "macossandbox" in self.features: |
1605 |
self.features.remove("macossandbox") |
1606 |
if "macosusersandbox" in self.features: |
1607 |
self.features.remove("macosusersandbox") |
1608 |
|
1594 |
self.features.sort() |
1609 |
self.features.sort() |
1595 |
if "gpg" in self.features: |
1610 |
if "gpg" in self.features: |
1596 |
writemsg(colorize("WARN", "!!! FEATURES=gpg is unmaintained, incomplete and broken. Disabling it."), noiselevel=-1) |
1611 |
writemsg(colorize("WARN", "!!! FEATURES=gpg is unmaintained, incomplete and broken. Disabling it."), noiselevel=-1) |
Lines 2878-2890
Link Here
|
2878 |
# fake ownership/permissions will have to be converted to real |
2893 |
# fake ownership/permissions will have to be converted to real |
2879 |
# permissions in the merge phase. |
2894 |
# permissions in the merge phase. |
2880 |
fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable |
2895 |
fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable |
|
|
2896 |
macossandbox = ("macossandbox" in features or \ |
2897 |
"macosusersandbox" in features) |
2881 |
if droppriv and not uid and portage_gid and portage_uid: |
2898 |
if droppriv and not uid and portage_gid and portage_uid: |
2882 |
keywords.update({"uid":portage_uid,"gid":portage_gid, |
2899 |
keywords.update({"uid":portage_uid,"gid":portage_gid, |
2883 |
"groups":userpriv_groups,"umask":002}) |
2900 |
"groups":userpriv_groups,"umask":002}) |
2884 |
if not free: |
2901 |
if not free: |
2885 |
free=((droppriv and "usersandbox" not in features) or \ |
2902 |
free=((droppriv and "usersandbox" not in features and |
|
|
2903 |
"macosusersandbox" not in features) or \ |
2886 |
(not droppriv and "sandbox" not in features and \ |
2904 |
(not droppriv and "sandbox" not in features and \ |
2887 |
"usersandbox" not in features)) |
2905 |
"usersandbox" not in features and \ |
|
|
2906 |
not macossandbox)) |
2907 |
|
2908 |
# confining the process to a prefix sandbox is disabled by default, if |
2909 |
# a normal sandbox is requested a this point, it will be used, if no |
2910 |
# sandbox is requested, a prefix sandbox will be imposed if requested |
2911 |
# by the appropriate features |
2912 |
prefixsandbox = False |
2913 |
if free: |
2914 |
prefixsandbox = "macosprefixsandbox" in features |
2915 |
free = not prefixsandbox |
2888 |
|
2916 |
|
2889 |
if free or "SANDBOX_ACTIVE" in os.environ: |
2917 |
if free or "SANDBOX_ACTIVE" in os.environ: |
2890 |
keywords["opt_name"] += " bash" |
2918 |
keywords["opt_name"] += " bash" |
Lines 2893-2898
Link Here
|
2893 |
keywords["opt_name"] += " fakeroot" |
2921 |
keywords["opt_name"] += " fakeroot" |
2894 |
keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state") |
2922 |
keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state") |
2895 |
spawn_func = portage.process.spawn_fakeroot |
2923 |
spawn_func = portage.process.spawn_fakeroot |
|
|
2924 |
elif macossandbox: |
2925 |
keywords["opt_name"] += " macossandbox" |
2926 |
if prefixsandbox: |
2927 |
sbprefixpath = mysettings["EPREFIX"] |
2928 |
else: |
2929 |
sbprefixpath = mysettings["PORTAGE_BUILDDIR"] |
2930 |
|
2931 |
# escape some characters with special meaning in re's |
2932 |
sbprefixre = sbprefixpath.replace("+", "\+") |
2933 |
sbprefixre = sbprefixre.replace("*", "\*") |
2934 |
sbprefixre = sbprefixre.replace("[", "\[") |
2935 |
sbprefixre = sbprefixre.replace("[", "\[") |
2936 |
|
2937 |
sbprofile = MACOSSANDBOX_PROFILE |
2938 |
sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX@@", sbprefixpath) |
2939 |
sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX_RE@@", sbprefixre) |
2940 |
|
2941 |
keywords["profile"] = sbprofile |
2942 |
spawn_func = portage.process.spawn_macossandbox |
2896 |
else: |
2943 |
else: |
2897 |
keywords["opt_name"] += " sandbox" |
2944 |
keywords["opt_name"] += " sandbox" |
2898 |
spawn_func = portage.process.spawn_sandbox |
2945 |
spawn_func = portage.process.spawn_sandbox |
Lines 4820-4832
Link Here
|
4820 |
restrict = mysettings["PORTAGE_RESTRICT"].split() |
4867 |
restrict = mysettings["PORTAGE_RESTRICT"].split() |
4821 |
nosandbox = (("userpriv" in features) and \ |
4868 |
nosandbox = (("userpriv" in features) and \ |
4822 |
("usersandbox" not in features) and \ |
4869 |
("usersandbox" not in features) and \ |
|
|
4870 |
("macosusersandbox" not in features) and \ |
4823 |
"userpriv" not in restrict and \ |
4871 |
"userpriv" not in restrict and \ |
4824 |
"nouserpriv" not in restrict) |
4872 |
"nouserpriv" not in restrict) |
4825 |
if nosandbox and ("userpriv" not in features or \ |
4873 |
if nosandbox and ("userpriv" not in features or \ |
4826 |
"userpriv" in restrict or \ |
4874 |
"userpriv" in restrict or \ |
4827 |
"nouserpriv" in restrict): |
4875 |
"nouserpriv" in restrict): |
4828 |
nosandbox = ("sandbox" not in features and \ |
4876 |
nosandbox = ("sandbox" not in features and \ |
4829 |
"usersandbox" not in features) |
4877 |
"usersandbox" not in features and \ |
|
|
4878 |
"macosusersandbox" not in features) |
4830 |
|
4879 |
|
4831 |
sesandbox = mysettings.selinux_enabled() and \ |
4880 |
sesandbox = mysettings.selinux_enabled() and \ |
4832 |
"sesandbox" in mysettings.features |
4881 |
"sesandbox" in mysettings.features |