Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 212817 | Differences between
and this patch

Collapse All | Expand All

(-)pym/portage/__init__.py (-4 / +53 lines)
Lines 104-110 Link Here
104
	from portage.const import VDB_PATH, PRIVATE_PATH, CACHE_PATH, DEPCACHE_PATH, \
104
	from portage.const import VDB_PATH, PRIVATE_PATH, CACHE_PATH, DEPCACHE_PATH, \
105
		USER_CONFIG_PATH, MODULES_FILE_PATH, CUSTOM_PROFILE_PATH, PORTAGE_BASE_PATH, \
105
		USER_CONFIG_PATH, MODULES_FILE_PATH, CUSTOM_PROFILE_PATH, PORTAGE_BASE_PATH, \
106
		PORTAGE_BIN_PATH, PORTAGE_PYM_PATH, PROFILE_PATH, LOCALE_DATA_PATH, \
106
		PORTAGE_BIN_PATH, PORTAGE_PYM_PATH, PROFILE_PATH, LOCALE_DATA_PATH, \
107
		EBUILD_SH_BINARY, SANDBOX_BINARY, BASH_BINARY, \
107
		EBUILD_SH_BINARY, SANDBOX_BINARY, MACOSSANDBOX_BINARY, MACOSSANDBOX_PROFILE, BASH_BINARY, \
108
		MOVE_BINARY, PRELINK_BINARY, WORLD_FILE, MAKE_CONF_FILE, MAKE_DEFAULTS_FILE, \
108
		MOVE_BINARY, PRELINK_BINARY, WORLD_FILE, MAKE_CONF_FILE, MAKE_DEFAULTS_FILE, \
109
		DEPRECATED_PROFILE_FILE, USER_VIRTUALS_FILE, EBUILD_SH_ENV_FILE, \
109
		DEPRECATED_PROFILE_FILE, USER_VIRTUALS_FILE, EBUILD_SH_ENV_FILE, \
110
		INVALID_ENV_FILE, CUSTOM_MIRRORS_FILE, CONFIG_MEMORY_FILE,\
110
		INVALID_ENV_FILE, CUSTOM_MIRRORS_FILE, CONFIG_MEMORY_FILE,\
Lines 2215-2220 Link Here
2215
			if bsd_chflags:
2215
			if bsd_chflags:
2216
				self.features.add('chflags')
2216
				self.features.add('chflags')
2217
2217
2218
			if not portage.process.macossandbox_capable and \
2219
				("macossandbox" in self.features or "macosusersandbox" in self.features):
2220
				if self.profile_path is not None and \
2221
					os.path.realpath(self.profile_path) == \
2222
					os.path.realpath(PROFILE_PATH):
2223
					""" Don't show this warning when running repoman and the
2224
					sandbox feature came from a profile that doesn't belong to
2225
					the user."""
2226
					writemsg(colorize("BAD", "!!! Problem with macos sandbox" + \
2227
						" binary. Disabling...\n\n"), noiselevel=-1)
2228
				if "macossandbox" in self.features:
2229
					self.features.remove("macossandbox")
2230
				if "macosusersandbox" in self.features:
2231
					self.features.remove("macosusersandbox")
2232
2218
			self["FEATURES"] = " ".join(sorted(self.features))
2233
			self["FEATURES"] = " ".join(sorted(self.features))
2219
			self.backup_changes("FEATURES")
2234
			self.backup_changes("FEATURES")
2220
			global _glep_55_enabled, _validate_cache_for_unsupported_eapis
2235
			global _glep_55_enabled, _validate_cache_for_unsupported_eapis
Lines 4090-4103 Link Here
4090
	# fake ownership/permissions will have to be converted to real
4105
	# fake ownership/permissions will have to be converted to real
4091
	# permissions in the merge phase.
4106
	# permissions in the merge phase.
4092
	fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable
4107
	fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable
4108
	macossandbox = ("macossandbox" in features or \
4109
		"macosusersandbox" in features)
4093
	if droppriv and not uid and portage_gid and portage_uid:
4110
	if droppriv and not uid and portage_gid and portage_uid:
4094
		keywords.update({"uid":portage_uid,"gid":portage_gid,
4111
		keywords.update({"uid":portage_uid,"gid":portage_gid,
4095
			"groups":userpriv_groups,"umask":0o02})
4112
			"groups":userpriv_groups,"umask":0o02})
4096
	if not free:
4113
	if not free:
4097
		free=((droppriv and "usersandbox" not in features) or \
4114
		free=((droppriv and "usersandbox" not in features and
4115
			"macosusersandbox" not in features) or \
4098
			(not droppriv and "sandbox" not in features and \
4116
			(not droppriv and "sandbox" not in features and \
4099
			"usersandbox" not in features and not fakeroot))
4117
			"usersandbox" not in features and not fakeroot and \
4118
			not macossandbox))
4100
4119
4120
	# confining the process to a prefix sandbox is disabled by default, if
4121
	# a normal sandbox is requested a this point, it will be used, if no
4122
	# sandbox is requested, a prefix sandbox will be imposed if requested
4123
	# by the appropriate features
4124
	prefixsandbox = False
4125
	if free:
4126
		prefixsandbox = "macosprefixsandbox" in features
4127
		free = not prefixsandbox
4128
4101
	if free or "SANDBOX_ACTIVE" in os.environ:
4129
	if free or "SANDBOX_ACTIVE" in os.environ:
4102
		keywords["opt_name"] += " bash"
4130
		keywords["opt_name"] += " bash"
4103
		spawn_func = portage.process.spawn_bash
4131
		spawn_func = portage.process.spawn_bash
Lines 4105-4110 Link Here
4105
		keywords["opt_name"] += " fakeroot"
4133
		keywords["opt_name"] += " fakeroot"
4106
		keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state")
4134
		keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state")
4107
		spawn_func = portage.process.spawn_fakeroot
4135
		spawn_func = portage.process.spawn_fakeroot
4136
	elif macossandbox:
4137
		keywords["opt_name"] += " macossandbox"
4138
		if prefixsandbox:
4139
			sbprefixpath = mysettings["EPREFIX"]
4140
		else:
4141
			sbprefixpath = mysettings["PORTAGE_BUILDDIR"]
4142
4143
		# escape some characters with special meaning in re's
4144
		sbprefixre = sbprefixpath.replace("+", "\+")
4145
		sbprefixre = sbprefixre.replace("*", "\*")
4146
		sbprefixre = sbprefixre.replace("[", "\[")
4147
		sbprefixre = sbprefixre.replace("[", "\[")
4148
4149
		sbprofile = MACOSSANDBOX_PROFILE
4150
		sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX@@", sbprefixpath)
4151
		sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX_RE@@", sbprefixre)
4152
4153
		keywords["profile"] = sbprofile
4154
		spawn_func = portage.process.spawn_macossandbox
4108
	else:
4155
	else:
4109
		keywords["opt_name"] += " sandbox"
4156
		keywords["opt_name"] += " sandbox"
4110
		spawn_func = portage.process.spawn_sandbox
4157
		spawn_func = portage.process.spawn_sandbox
Lines 7232-7244 Link Here
7232
		restrict = mysettings["PORTAGE_RESTRICT"].split()
7279
		restrict = mysettings["PORTAGE_RESTRICT"].split()
7233
		nosandbox = (("userpriv" in features) and \
7280
		nosandbox = (("userpriv" in features) and \
7234
			("usersandbox" not in features) and \
7281
			("usersandbox" not in features) and \
7282
			("macosusersandbox" not in features) and \
7235
			"userpriv" not in restrict and \
7283
			"userpriv" not in restrict and \
7236
			"nouserpriv" not in restrict)
7284
			"nouserpriv" not in restrict)
7237
		if nosandbox and ("userpriv" not in features or \
7285
		if nosandbox and ("userpriv" not in features or \
7238
			"userpriv" in restrict or \
7286
			"userpriv" in restrict or \
7239
			"nouserpriv" in restrict):
7287
			"nouserpriv" in restrict):
7240
			nosandbox = ("sandbox" not in features and \
7288
			nosandbox = ("sandbox" not in features and \
7241
				"usersandbox" not in features)
7289
				"usersandbox" not in features and \
7290
				"macosusersandbox" not in features)
7242
7291
7243
		sesandbox = mysettings.selinux_enabled() and \
7292
		sesandbox = mysettings.selinux_enabled() and \
7244
			"sesandbox" in mysettings.features
7293
			"sesandbox" in mysettings.features
(-)pym/portage/const.py (+25 lines)
Lines 78-84 Link Here
78
BASH_BINARY              = PORTAGE_BASH
78
BASH_BINARY              = PORTAGE_BASH
79
MOVE_BINARY              = PORTAGE_MV
79
MOVE_BINARY              = PORTAGE_MV
80
PRELINK_BINARY           = EPREFIX + "/usr/sbin/prelink"
80
PRELINK_BINARY           = EPREFIX + "/usr/sbin/prelink"
81
MACOSSANDBOX_BINARY     = "/usr/bin/sandbox-exec"
82
MACOSSANDBOX_PROFILE    = '''(version 1)
81
83
84
(allow default)
85
86
(deny file-write*)
87
88
(allow file-read* file-write*
89
  (literal
90
    #"@@WRITEABLE_PREFIX@@"
91
  )
92
93
  (regex
94
    #"^@@WRITEABLE_PREFIX_RE@@/"
95
    #"^(/private)?/var/tmp"
96
    #"^(/private)?/tmp"
97
  )
98
)
99
100
(allow file-read-data file-write-data
101
  (regex
102
    #"^/dev/null$"
103
    #"^(/private)?/var/run/syslog$"
104
  )
105
)'''
106
82
INVALID_ENV_FILE         = "/etc/spork/is/not/valid/profile.env"
107
INVALID_ENV_FILE         = "/etc/spork/is/not/valid/profile.env"
83
REPO_NAME_FILE           = "repo_name"
108
REPO_NAME_FILE           = "repo_name"
84
REPO_NAME_LOC            = "profiles" + "/" + REPO_NAME_FILE
109
REPO_NAME_LOC            = "profiles" + "/" + REPO_NAME_FILE
(-)pym/portage/process.py (-1 / +17 lines)
Lines 18-24 Link Here
18
	'portage.util:dump_traceback',
18
	'portage.util:dump_traceback',
19
)
19
)
20
20
21
from portage.const import BASH_BINARY, SANDBOX_BINARY, FAKEROOT_BINARY
21
from portage.const import BASH_BINARY, SANDBOX_BINARY, MACOSSANDBOX_BINARY, FAKEROOT_BINARY
22
from portage.exception import CommandNotFound
22
from portage.exception import CommandNotFound
23
23
24
try:
24
try:
Lines 44-49 Link Here
44
fakeroot_capable = (os.path.isfile(FAKEROOT_BINARY) and
44
fakeroot_capable = (os.path.isfile(FAKEROOT_BINARY) and
45
                    os.access(FAKEROOT_BINARY, os.X_OK))
45
                    os.access(FAKEROOT_BINARY, os.X_OK))
46
46
47
macossandbox_capable = (os.path.isfile(MACOSSANDBOX_BINARY) and
48
                   os.access(MACOSSANDBOX_BINARY, os.X_OK))
49
47
def spawn_bash(mycommand, debug=False, opt_name=None, **keywords):
50
def spawn_bash(mycommand, debug=False, opt_name=None, **keywords):
48
	"""
51
	"""
49
	Spawns a bash shell running a specific commands
52
	Spawns a bash shell running a specific commands
Lines 93-98 Link Here
93
	args.append(mycommand)
96
	args.append(mycommand)
94
	return spawn(args, opt_name=opt_name, **keywords)
97
	return spawn(args, opt_name=opt_name, **keywords)
95
98
99
def spawn_macossandbox(mycommand, profile=None, opt_name=None, **keywords):
100
	if not macossandbox_capable:
101
		return spawn_bash(mycommand, opt_name=opt_name, **keywords)
102
	args=[MACOSSANDBOX_BINARY]
103
	if not opt_name:
104
		opt_name = os.path.basename(mycommand.split()[0])
105
	args.append("-p")
106
	args.append(profile)
107
	args.append(BASH_BINARY)
108
	args.append("-c")
109
	args.append(mycommand)
110
	return spawn(args, opt_name=opt_name, **keywords)
111
96
_exithandlers = []
112
_exithandlers = []
97
def atexit_register(func, *args, **kargs):
113
def atexit_register(func, *args, **kargs):
98
	"""Wrapper around atexit.register that is needed in order to track
114
	"""Wrapper around atexit.register that is needed in order to track

Return to bug 212817