Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 212817 | Differences between
and this patch

Collapse All | Expand All

(-)prefix-portage-2.2.00.9380/pym/portage/__init__.py.msb (-4 / +53 lines)
Lines 91-97 Link Here
91
	from portage.const import VDB_PATH, PRIVATE_PATH, CACHE_PATH, DEPCACHE_PATH, \
91
	from portage.const import VDB_PATH, PRIVATE_PATH, CACHE_PATH, DEPCACHE_PATH, \
92
		USER_CONFIG_PATH, MODULES_FILE_PATH, CUSTOM_PROFILE_PATH, PORTAGE_BASE_PATH, \
92
		USER_CONFIG_PATH, MODULES_FILE_PATH, CUSTOM_PROFILE_PATH, PORTAGE_BASE_PATH, \
93
		PORTAGE_BIN_PATH, PORTAGE_PYM_PATH, PROFILE_PATH, LOCALE_DATA_PATH, \
93
		PORTAGE_BIN_PATH, PORTAGE_PYM_PATH, PROFILE_PATH, LOCALE_DATA_PATH, \
94
		EBUILD_SH_BINARY, SANDBOX_BINARY, BASH_BINARY, \
94
		EBUILD_SH_BINARY, SANDBOX_BINARY, MACOSSANDBOX_BINARY, MACOSSANDBOX_PROFILE, BASH_BINARY, \
95
		MOVE_BINARY, PRELINK_BINARY, WORLD_FILE, MAKE_CONF_FILE, MAKE_DEFAULTS_FILE, \
95
		MOVE_BINARY, PRELINK_BINARY, WORLD_FILE, MAKE_CONF_FILE, MAKE_DEFAULTS_FILE, \
96
		DEPRECATED_PROFILE_FILE, USER_VIRTUALS_FILE, EBUILD_SH_ENV_FILE, \
96
		DEPRECATED_PROFILE_FILE, USER_VIRTUALS_FILE, EBUILD_SH_ENV_FILE, \
97
		INVALID_ENV_FILE, CUSTOM_MIRRORS_FILE, CONFIG_MEMORY_FILE,\
97
		INVALID_ENV_FILE, CUSTOM_MIRRORS_FILE, CONFIG_MEMORY_FILE,\
Lines 1591-1596 Link Here
1591
				if "usersandbox" in self.features:
1591
				if "usersandbox" in self.features:
1592
					self.features.remove("usersandbox")
1592
					self.features.remove("usersandbox")
1593
1593
1594
			if not portage.process.macossandbox_capable and \
1595
				("macossandbox" in self.features or "macosusersandbox" in self.features):
1596
				if self.profile_path is not None and \
1597
					os.path.realpath(self.profile_path) == \
1598
					os.path.realpath(PROFILE_PATH):
1599
					""" Don't show this warning when running repoman and the
1600
					sandbox feature came from a profile that doesn't belong to
1601
					the user."""
1602
					writemsg(colorize("BAD", "!!! Problem with macos sandbox" + \
1603
						" binary. Disabling...\n\n"), noiselevel=-1)
1604
				if "macossandbox" in self.features:
1605
					self.features.remove("macossandbox")
1606
				if "macosusersandbox" in self.features:
1607
					self.features.remove("macosusersandbox")
1608
1594
			self.features.sort()
1609
			self.features.sort()
1595
			if "gpg" in self.features:
1610
			if "gpg" in self.features:
1596
				writemsg(colorize("WARN", "!!! FEATURES=gpg is unmaintained, incomplete and broken. Disabling it."), noiselevel=-1)
1611
				writemsg(colorize("WARN", "!!! FEATURES=gpg is unmaintained, incomplete and broken. Disabling it."), noiselevel=-1)
Lines 2878-2890 Link Here
2878
	# fake ownership/permissions will have to be converted to real
2893
	# fake ownership/permissions will have to be converted to real
2879
	# permissions in the merge phase.
2894
	# permissions in the merge phase.
2880
	fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable
2895
	fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable
2896
	macossandbox = ("macossandbox" in features or \
2897
		"macosusersandbox" in features)
2881
	if droppriv and not uid and portage_gid and portage_uid:
2898
	if droppriv and not uid and portage_gid and portage_uid:
2882
		keywords.update({"uid":portage_uid,"gid":portage_gid,
2899
		keywords.update({"uid":portage_uid,"gid":portage_gid,
2883
			"groups":userpriv_groups,"umask":002})
2900
			"groups":userpriv_groups,"umask":002})
2884
	if not free:
2901
	if not free:
2885
		free=((droppriv and "usersandbox" not in features) or \
2902
		free=((droppriv and "usersandbox" not in features and
2903
			"macosusersandbox" not in features) or \
2886
			(not droppriv and "sandbox" not in features and \
2904
			(not droppriv and "sandbox" not in features and \
2887
			"usersandbox" not in features))
2905
			"usersandbox" not in features and \
2906
			not macossandbox))
2907
2908
	# confining the process to a prefix sandbox is disabled by default, if
2909
	# a normal sandbox is requested a this point, it will be used, if no
2910
	# sandbox is requested, a prefix sandbox will be imposed if requested
2911
	# by the appropriate features
2912
	prefixsandbox = False
2913
	if free:
2914
		prefixsandbox = "macosprefixsandbox" in features
2915
		free = not prefixsandbox
2888
2916
2889
	if free or "SANDBOX_ACTIVE" in os.environ:
2917
	if free or "SANDBOX_ACTIVE" in os.environ:
2890
		keywords["opt_name"] += " bash"
2918
		keywords["opt_name"] += " bash"
Lines 2893-2898 Link Here
2893
		keywords["opt_name"] += " fakeroot"
2921
		keywords["opt_name"] += " fakeroot"
2894
		keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state")
2922
		keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state")
2895
		spawn_func = portage.process.spawn_fakeroot
2923
		spawn_func = portage.process.spawn_fakeroot
2924
	elif macossandbox:
2925
		keywords["opt_name"] += " macossandbox"
2926
		if prefixsandbox:
2927
			sbprefixpath = mysettings["EPREFIX"]
2928
		else:
2929
			sbprefixpath = mysettings["PORTAGE_BUILDDIR"]
2930
2931
		# escape some characters with special meaning in re's
2932
		sbprefixre = sbprefixpath.replace("+", "\+")
2933
		sbprefixre = sbprefixre.replace("*", "\*")
2934
		sbprefixre = sbprefixre.replace("[", "\[")
2935
		sbprefixre = sbprefixre.replace("[", "\[")
2936
2937
		sbprofile = MACOSSANDBOX_PROFILE
2938
		sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX@@", sbprefixpath)
2939
		sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX_RE@@", sbprefixre)
2940
2941
		keywords["profile"] = sbprofile
2942
		spawn_func = portage.process.spawn_macossandbox
2896
	else:
2943
	else:
2897
		keywords["opt_name"] += " sandbox"
2944
		keywords["opt_name"] += " sandbox"
2898
		spawn_func = portage.process.spawn_sandbox
2945
		spawn_func = portage.process.spawn_sandbox
Lines 4820-4832 Link Here
4820
		restrict = mysettings["PORTAGE_RESTRICT"].split()
4867
		restrict = mysettings["PORTAGE_RESTRICT"].split()
4821
		nosandbox = (("userpriv" in features) and \
4868
		nosandbox = (("userpriv" in features) and \
4822
			("usersandbox" not in features) and \
4869
			("usersandbox" not in features) and \
4870
			("macosusersandbox" not in features) and \
4823
			"userpriv" not in restrict and \
4871
			"userpriv" not in restrict and \
4824
			"nouserpriv" not in restrict)
4872
			"nouserpriv" not in restrict)
4825
		if nosandbox and ("userpriv" not in features or \
4873
		if nosandbox and ("userpriv" not in features or \
4826
			"userpriv" in restrict or \
4874
			"userpriv" in restrict or \
4827
			"nouserpriv" in restrict):
4875
			"nouserpriv" in restrict):
4828
			nosandbox = ("sandbox" not in features and \
4876
			nosandbox = ("sandbox" not in features and \
4829
				"usersandbox" not in features)
4877
				"usersandbox" not in features and \
4878
				"macosusersandbox" not in features)
4830
4879
4831
		sesandbox = mysettings.selinux_enabled() and \
4880
		sesandbox = mysettings.selinux_enabled() and \
4832
			"sesandbox" in mysettings.features
4881
			"sesandbox" in mysettings.features
(-)prefix-portage-2.2.00.9380/pym/portage/const.py.msb (+26 lines)
Lines 43-48 Link Here
43
MISC_SH_BINARY          = PORTAGE_BIN_PATH+"/misc-functions.sh"
43
MISC_SH_BINARY          = PORTAGE_BIN_PATH+"/misc-functions.sh"
44
SANDBOX_BINARY          = EPREFIX+"/usr/bin/sandbox"
44
SANDBOX_BINARY          = EPREFIX+"/usr/bin/sandbox"
45
FAKEROOT_BINARY         = EPREFIX+"/usr/bin/fakeroot"
45
FAKEROOT_BINARY         = EPREFIX+"/usr/bin/fakeroot"
46
MACOSSANDBOX_BINARY     = "/usr/bin/sandbox-exec"
47
MACOSSANDBOX_PROFILE    = '''(version 1)
48
49
(allow default)
50
51
(deny file-write*)
52
53
(allow file-read* file-write*
54
  (literal
55
    #"@@WRITEABLE_PREFIX@@"
56
  )
57
58
  (regex
59
    #"^@@WRITEABLE_PREFIX_RE@@/"
60
    #"^(/private)?/var/tmp"
61
    #"^(/private)?/tmp"
62
  )
63
)
64
65
(allow file-read-data file-write-data
66
  (regex
67
    #"^/dev/null$"
68
    #"^(/private)?/var/run/syslog$"
69
  )
70
)'''
71
46
BASH_BINARY             = "bash"
72
BASH_BINARY             = "bash"
47
MOVE_BINARY             = "mv"
73
MOVE_BINARY             = "mv"
48
PRELINK_BINARY          = "prelink"
74
PRELINK_BINARY          = "prelink"
(-)prefix-portage-2.2.00.9380/pym/portage/process.py.msb (-1 / +17 lines)
Lines 10-16 Link Here
10
import sys
10
import sys
11
11
12
from portage.util import dump_traceback
12
from portage.util import dump_traceback
13
from portage.const import BASH_BINARY, SANDBOX_BINARY, FAKEROOT_BINARY
13
from portage.const import BASH_BINARY, SANDBOX_BINARY, MACOSSANDBOX_BINARY, FAKEROOT_BINARY
14
from portage.exception import CommandNotFound
14
from portage.exception import CommandNotFound
15
15
16
try:
16
try:
Lines 32-37 Link Here
32
fakeroot_capable = (os.path.isfile(FAKEROOT_BINARY) and
32
fakeroot_capable = (os.path.isfile(FAKEROOT_BINARY) and
33
                    os.access(FAKEROOT_BINARY, os.X_OK))
33
                    os.access(FAKEROOT_BINARY, os.X_OK))
34
34
35
macossandbox_capable = (os.path.isfile(MACOSSANDBOX_BINARY) and
36
                   os.access(MACOSSANDBOX_BINARY, os.X_OK))
37
35
def spawn_bash(mycommand, debug=False, opt_name=None, **keywords):
38
def spawn_bash(mycommand, debug=False, opt_name=None, **keywords):
36
	"""
39
	"""
37
	Spawns a bash shell running a specific commands
40
	Spawns a bash shell running a specific commands
Lines 81-86 Link Here
81
	args.append(mycommand)
84
	args.append(mycommand)
82
	return spawn(args, opt_name=opt_name, **keywords)
85
	return spawn(args, opt_name=opt_name, **keywords)
83
86
87
def spawn_macossandbox(mycommand, profile=None, opt_name=None, **keywords):
88
	if not macossandbox_capable:
89
		return spawn_bash(mycommand, opt_name=opt_name, **keywords)
90
	args=[MACOSSANDBOX_BINARY]
91
	if not opt_name:
92
		opt_name = os.path.basename(mycommand.split()[0])
93
	args.append("-p")
94
	args.append(profile)
95
	args.append(BASH_BINARY)
96
	args.append("-c")
97
	args.append(mycommand)
98
	return spawn(args, opt_name=opt_name, **keywords)
99
84
_exithandlers = []
100
_exithandlers = []
85
def atexit_register(func, *args, **kargs):
101
def atexit_register(func, *args, **kargs):
86
	"""Wrapper around atexit.register that is needed in order to track
102
	"""Wrapper around atexit.register that is needed in order to track

Return to bug 212817