Lines 104-110
Link Here
|
104 |
from portage.const import VDB_PATH, PRIVATE_PATH, CACHE_PATH, DEPCACHE_PATH, \ |
104 |
from portage.const import VDB_PATH, PRIVATE_PATH, CACHE_PATH, DEPCACHE_PATH, \ |
105 |
USER_CONFIG_PATH, MODULES_FILE_PATH, CUSTOM_PROFILE_PATH, PORTAGE_BASE_PATH, \ |
105 |
USER_CONFIG_PATH, MODULES_FILE_PATH, CUSTOM_PROFILE_PATH, PORTAGE_BASE_PATH, \ |
106 |
PORTAGE_BIN_PATH, PORTAGE_PYM_PATH, PROFILE_PATH, LOCALE_DATA_PATH, \ |
106 |
PORTAGE_BIN_PATH, PORTAGE_PYM_PATH, PROFILE_PATH, LOCALE_DATA_PATH, \ |
107 |
EBUILD_SH_BINARY, SANDBOX_BINARY, BASH_BINARY, \ |
107 |
EBUILD_SH_BINARY, SANDBOX_BINARY, MACOSSANDBOX_BINARY, MACOSSANDBOX_PROFILE, BASH_BINARY, \ |
108 |
MOVE_BINARY, PRELINK_BINARY, WORLD_FILE, MAKE_CONF_FILE, MAKE_DEFAULTS_FILE, \ |
108 |
MOVE_BINARY, PRELINK_BINARY, WORLD_FILE, MAKE_CONF_FILE, MAKE_DEFAULTS_FILE, \ |
109 |
DEPRECATED_PROFILE_FILE, USER_VIRTUALS_FILE, EBUILD_SH_ENV_FILE, \ |
109 |
DEPRECATED_PROFILE_FILE, USER_VIRTUALS_FILE, EBUILD_SH_ENV_FILE, \ |
110 |
INVALID_ENV_FILE, CUSTOM_MIRRORS_FILE, CONFIG_MEMORY_FILE,\ |
110 |
INVALID_ENV_FILE, CUSTOM_MIRRORS_FILE, CONFIG_MEMORY_FILE,\ |
Lines 2215-2220
Link Here
|
2215 |
if bsd_chflags: |
2215 |
if bsd_chflags: |
2216 |
self.features.add('chflags') |
2216 |
self.features.add('chflags') |
2217 |
|
2217 |
|
|
|
2218 |
if not portage.process.macossandbox_capable and \ |
2219 |
("macossandbox" in self.features or "macosusersandbox" in self.features): |
2220 |
if self.profile_path is not None and \ |
2221 |
os.path.realpath(self.profile_path) == \ |
2222 |
os.path.realpath(PROFILE_PATH): |
2223 |
""" Don't show this warning when running repoman and the |
2224 |
sandbox feature came from a profile that doesn't belong to |
2225 |
the user.""" |
2226 |
writemsg(colorize("BAD", "!!! Problem with macos sandbox" + \ |
2227 |
" binary. Disabling...\n\n"), noiselevel=-1) |
2228 |
if "macossandbox" in self.features: |
2229 |
self.features.remove("macossandbox") |
2230 |
if "macosusersandbox" in self.features: |
2231 |
self.features.remove("macosusersandbox") |
2232 |
|
2218 |
self["FEATURES"] = " ".join(sorted(self.features)) |
2233 |
self["FEATURES"] = " ".join(sorted(self.features)) |
2219 |
self.backup_changes("FEATURES") |
2234 |
self.backup_changes("FEATURES") |
2220 |
global _glep_55_enabled, _validate_cache_for_unsupported_eapis |
2235 |
global _glep_55_enabled, _validate_cache_for_unsupported_eapis |
Lines 4090-4103
Link Here
|
4090 |
# fake ownership/permissions will have to be converted to real |
4105 |
# fake ownership/permissions will have to be converted to real |
4091 |
# permissions in the merge phase. |
4106 |
# permissions in the merge phase. |
4092 |
fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable |
4107 |
fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable |
|
|
4108 |
macossandbox = ("macossandbox" in features or \ |
4109 |
"macosusersandbox" in features) |
4093 |
if droppriv and not uid and portage_gid and portage_uid: |
4110 |
if droppriv and not uid and portage_gid and portage_uid: |
4094 |
keywords.update({"uid":portage_uid,"gid":portage_gid, |
4111 |
keywords.update({"uid":portage_uid,"gid":portage_gid, |
4095 |
"groups":userpriv_groups,"umask":0o02}) |
4112 |
"groups":userpriv_groups,"umask":0o02}) |
4096 |
if not free: |
4113 |
if not free: |
4097 |
free=((droppriv and "usersandbox" not in features) or \ |
4114 |
free=((droppriv and "usersandbox" not in features and |
|
|
4115 |
"macosusersandbox" not in features) or \ |
4098 |
(not droppriv and "sandbox" not in features and \ |
4116 |
(not droppriv and "sandbox" not in features and \ |
4099 |
"usersandbox" not in features and not fakeroot)) |
4117 |
"usersandbox" not in features and not fakeroot and \ |
|
|
4118 |
not macossandbox)) |
4100 |
|
4119 |
|
|
|
4120 |
# confining the process to a prefix sandbox is disabled by default, if |
4121 |
# a normal sandbox is requested a this point, it will be used, if no |
4122 |
# sandbox is requested, a prefix sandbox will be imposed if requested |
4123 |
# by the appropriate features |
4124 |
prefixsandbox = False |
4125 |
if free: |
4126 |
prefixsandbox = "macosprefixsandbox" in features |
4127 |
free = not prefixsandbox |
4128 |
|
4101 |
if free or "SANDBOX_ACTIVE" in os.environ: |
4129 |
if free or "SANDBOX_ACTIVE" in os.environ: |
4102 |
keywords["opt_name"] += " bash" |
4130 |
keywords["opt_name"] += " bash" |
4103 |
spawn_func = portage.process.spawn_bash |
4131 |
spawn_func = portage.process.spawn_bash |
Lines 4105-4110
Link Here
|
4105 |
keywords["opt_name"] += " fakeroot" |
4133 |
keywords["opt_name"] += " fakeroot" |
4106 |
keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state") |
4134 |
keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state") |
4107 |
spawn_func = portage.process.spawn_fakeroot |
4135 |
spawn_func = portage.process.spawn_fakeroot |
|
|
4136 |
elif macossandbox: |
4137 |
keywords["opt_name"] += " macossandbox" |
4138 |
if prefixsandbox: |
4139 |
sbprefixpath = mysettings["EPREFIX"] |
4140 |
else: |
4141 |
sbprefixpath = mysettings["PORTAGE_BUILDDIR"] |
4142 |
|
4143 |
# escape some characters with special meaning in re's |
4144 |
sbprefixre = sbprefixpath.replace("+", "\+") |
4145 |
sbprefixre = sbprefixre.replace("*", "\*") |
4146 |
sbprefixre = sbprefixre.replace("[", "\[") |
4147 |
sbprefixre = sbprefixre.replace("[", "\[") |
4148 |
|
4149 |
sbprofile = MACOSSANDBOX_PROFILE |
4150 |
sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX@@", sbprefixpath) |
4151 |
sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX_RE@@", sbprefixre) |
4152 |
|
4153 |
keywords["profile"] = sbprofile |
4154 |
spawn_func = portage.process.spawn_macossandbox |
4108 |
else: |
4155 |
else: |
4109 |
keywords["opt_name"] += " sandbox" |
4156 |
keywords["opt_name"] += " sandbox" |
4110 |
spawn_func = portage.process.spawn_sandbox |
4157 |
spawn_func = portage.process.spawn_sandbox |
Lines 7232-7244
Link Here
|
7232 |
restrict = mysettings["PORTAGE_RESTRICT"].split() |
7279 |
restrict = mysettings["PORTAGE_RESTRICT"].split() |
7233 |
nosandbox = (("userpriv" in features) and \ |
7280 |
nosandbox = (("userpriv" in features) and \ |
7234 |
("usersandbox" not in features) and \ |
7281 |
("usersandbox" not in features) and \ |
|
|
7282 |
("macosusersandbox" not in features) and \ |
7235 |
"userpriv" not in restrict and \ |
7283 |
"userpriv" not in restrict and \ |
7236 |
"nouserpriv" not in restrict) |
7284 |
"nouserpriv" not in restrict) |
7237 |
if nosandbox and ("userpriv" not in features or \ |
7285 |
if nosandbox and ("userpriv" not in features or \ |
7238 |
"userpriv" in restrict or \ |
7286 |
"userpriv" in restrict or \ |
7239 |
"nouserpriv" in restrict): |
7287 |
"nouserpriv" in restrict): |
7240 |
nosandbox = ("sandbox" not in features and \ |
7288 |
nosandbox = ("sandbox" not in features and \ |
7241 |
"usersandbox" not in features) |
7289 |
"usersandbox" not in features and \ |
|
|
7290 |
"macosusersandbox" not in features) |
7242 |
|
7291 |
|
7243 |
sesandbox = mysettings.selinux_enabled() and \ |
7292 |
sesandbox = mysettings.selinux_enabled() and \ |
7244 |
"sesandbox" in mysettings.features |
7293 |
"sesandbox" in mysettings.features |