Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 212817 | Differences between
and this patch

Collapse All | Expand All

(-)prefix-portage-2.2.00.15842/pym/portage/const.py.msb (+25 lines)
Lines 78-83 Link Here
78
BASH_BINARY              = PORTAGE_BASH
78
BASH_BINARY              = PORTAGE_BASH
79
MOVE_BINARY              = PORTAGE_MV
79
MOVE_BINARY              = PORTAGE_MV
80
PRELINK_BINARY           = EPREFIX + "/usr/sbin/prelink"
80
PRELINK_BINARY           = EPREFIX + "/usr/sbin/prelink"
81
MACOSSANDBOX_BINARY      = "/usr/bin/sandbox-exec"
82
MACOSSANDBOX_PROFILE     = '''(version 1)
83
84
(allow default)
85
86
(deny file-write*)
87
88
(allow file-read* file-write*
89
  (literal
90
    #"@@WRITEABLE_PREFIX@@"
91
  )
92
93
  (regex
94
    #"^@@WRITEABLE_PREFIX_RE@@/"
95
    #"^(/private)?/var/tmp"
96
    #"^(/private)?/tmp"
97
  )
98
)
99
100
(allow file-read-data file-write-data
101
  (regex
102
    #"^/dev/null$"
103
    #"^(/private)?/var/run/syslog$"
104
  )
105
)'''
81
106
82
INVALID_ENV_FILE         = "/etc/spork/is/not/valid/profile.env"
107
INVALID_ENV_FILE         = "/etc/spork/is/not/valid/profile.env"
83
REPO_NAME_FILE           = "repo_name"
108
REPO_NAME_FILE           = "repo_name"
(-)prefix-portage-2.2.00.15842/pym/portage/package/ebuild/config.py.msb (-1 / +13 lines)
Lines 39-45 Link Here
39
	InvalidDependString, ParseError, PortageException
39
	InvalidDependString, ParseError, PortageException
40
from portage.localization import _
40
from portage.localization import _
41
from portage.output import colorize
41
from portage.output import colorize
42
from portage.process import fakeroot_capable, sandbox_capable
42
from portage.process import fakeroot_capable, sandbox_capable, macossandbox_capable
43
from portage.util import ensure_dirs, getconfig, grabdict, \
43
from portage.util import ensure_dirs, getconfig, grabdict, \
44
	grabdict_package, grabfile, grabfile_package, LazyItemsDict, \
44
	grabdict_package, grabfile, grabfile_package, LazyItemsDict, \
45
	normalize_path, stack_dictlist, stack_dicts, stack_lists, \
45
	normalize_path, stack_dictlist, stack_dicts, stack_lists, \
Lines 1150-1155 Link Here
1150
				writemsg(colorize("BAD", _("!!! Problem with sandbox"
1150
				writemsg(colorize("BAD", _("!!! Problem with sandbox"
1151
					" binary. Disabling...\n\n")), noiselevel=-1)
1151
					" binary. Disabling...\n\n")), noiselevel=-1)
1152
1152
1153
		if not macossandbox_capable and \
1154
			("macossandbox" in self.features or "macosusersandbox" in self.features):
1155
			if self.profile_path is not None and \
1156
				os.path.realpath(self.profile_path) == \
1157
				os.path.realpath(os.path.join(
1158
				self["PORTAGE_CONFIGROOT"], PROFILE_PATH)):
1159
				""" Don't show this warning when running repoman and the
1160
				sandbox feature came from a profile that doesn't belong to
1161
				the user."""
1162
				writemsg(colorize("BAD", "!!! Problem with macos sandbox" + \
1163
					" binary. Disabling...\n\n"), noiselevel=-1)
1164
1153
		if "fakeroot" in self.features and \
1165
		if "fakeroot" in self.features and \
1154
			not fakeroot_capable:
1166
			not fakeroot_capable:
1155
			writemsg(_("!!! FEATURES=fakeroot is enabled, but the "
1167
			writemsg(_("!!! FEATURES=fakeroot is enabled, but the "
(-)prefix-portage-2.2.00.15842/pym/portage/package/ebuild/doebuild.py.msb (-5 / +44 lines)
Lines 34-40 Link Here
34
	unmerge, _encodings, _parse_eapi_ebuild_head, _os_merge, \
34
	unmerge, _encodings, _parse_eapi_ebuild_head, _os_merge, \
35
	_shell_quote, _split_ebuild_name_glep55, _unicode_decode, _unicode_encode
35
	_shell_quote, _split_ebuild_name_glep55, _unicode_decode, _unicode_encode
36
from portage.const import EBUILD_SH_ENV_FILE, EBUILD_SH_BINARY, \
36
from portage.const import EBUILD_SH_ENV_FILE, EBUILD_SH_BINARY, \
37
	INVALID_ENV_FILE, MISC_SH_BINARY, EPREFIX, EPREFIX_LSTRIP
37
	INVALID_ENV_FILE, MISC_SH_BINARY, EPREFIX, EPREFIX_LSTRIP, \
38
	MACOSSANDBOX_PROFILE
38
from portage.data import portage_gid, portage_uid, secpass, \
39
from portage.data import portage_gid, portage_uid, secpass, \
39
	uid, userpriv_groups
40
	uid, userpriv_groups
40
from portage.dbapi.virtual import fakedbapi
41
from portage.dbapi.virtual import fakedbapi
Lines 915-931 Link Here
915
		restrict = mysettings["PORTAGE_RESTRICT"].split()
916
		restrict = mysettings["PORTAGE_RESTRICT"].split()
916
		nosandbox = (("userpriv" in features) and \
917
		nosandbox = (("userpriv" in features) and \
917
			("usersandbox" not in features) and \
918
			("usersandbox" not in features) and \
919
			("macosusersandbox" not in features) and \
918
			"userpriv" not in restrict and \
920
			"userpriv" not in restrict and \
919
			"nouserpriv" not in restrict)
921
			"nouserpriv" not in restrict)
920
		if nosandbox and ("userpriv" not in features or \
922
		if nosandbox and ("userpriv" not in features or \
921
			"userpriv" in restrict or \
923
			"userpriv" in restrict or \
922
			"nouserpriv" in restrict):
924
			"nouserpriv" in restrict):
923
			nosandbox = ("sandbox" not in features and \
925
			nosandbox = ("sandbox" not in features and \
924
				"usersandbox" not in features)
926
				"usersandbox" not in features and \
927
				"macosusersandbox" not in features)
925
928
926
		if not portage.process.sandbox_capable:
929
		if not portage.process.sandbox_capable:
927
			nosandbox = True
930
			nosandbox = True
928
931
932
		if not portage.process.macossandbox_capable:
933
			nosandbox = True
934
929
		sesandbox = mysettings.selinux_enabled() and \
935
		sesandbox = mysettings.selinux_enabled() and \
930
			"sesandbox" in mysettings.features
936
			"sesandbox" in mysettings.features
931
937
Lines 1205-1219 Link Here
1205
	# fake ownership/permissions will have to be converted to real
1211
	# fake ownership/permissions will have to be converted to real
1206
	# permissions in the merge phase.
1212
	# permissions in the merge phase.
1207
	fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable
1213
	fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable
1214
	macossandbox = ("macossandbox" in features or \
1215
		"macosusersandbox" in features)
1208
	if droppriv and not uid and portage_gid and portage_uid:
1216
	if droppriv and not uid and portage_gid and portage_uid:
1209
		keywords.update({"uid":portage_uid,"gid":portage_gid,
1217
		keywords.update({"uid":portage_uid,"gid":portage_gid,
1210
			"groups":userpriv_groups,"umask":0o02})
1218
			"groups":userpriv_groups,"umask":0o02})
1211
	if not free:
1219
	if not free:
1212
		free=((droppriv and "usersandbox" not in features) or \
1220
		free=((droppriv and "usersandbox" not in features and
1221
			"macosusersandbox" not in features) or \
1213
			(not droppriv and "sandbox" not in features and \
1222
			(not droppriv and "sandbox" not in features and \
1214
			"usersandbox" not in features and not fakeroot))
1223
			"usersandbox" not in features and not fakeroot and \
1224
			not macossandbox))
1225
1226
	# confining the process to a prefix sandbox is disabled by default, if
1227
	# a normal sandbox is requested a this point, it will be used, if no
1228
	# sandbox is requested, a prefix sandbox will be imposed if requested
1229
	# by the appropriate features
1230
	prefixsandbox = False
1231
	if free:
1232
		prefixsandbox = "macosprefixsandbox" in features
1233
		free = not prefixsandbox
1215
1234
1216
	if not free and not (fakeroot or portage.process.sandbox_capable):
1235
	if not free and not (fakeroot or portage.process.sandbox_capable or \
1236
		portage.process.macossandbox_capable):
1217
		free = True
1237
		free = True
1218
1238
1219
	if free or "SANDBOX_ACTIVE" in os.environ:
1239
	if free or "SANDBOX_ACTIVE" in os.environ:
Lines 1223-1228 Link Here
1223
		keywords["opt_name"] += " fakeroot"
1243
		keywords["opt_name"] += " fakeroot"
1224
		keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state")
1244
		keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state")
1225
		spawn_func = portage.process.spawn_fakeroot
1245
		spawn_func = portage.process.spawn_fakeroot
1246
	elif macossandbox:
1247
		keywords["opt_name"] += " macossandbox"
1248
		if prefixsandbox:
1249
			sbprefixpath = mysettings["EPREFIX"]
1250
		else:
1251
			sbprefixpath = mysettings["PORTAGE_BUILDDIR"]
1252
1253
		# escape some characters with special meaning in re's
1254
		sbprefixre = sbprefixpath.replace("+", "\+")
1255
		sbprefixre = sbprefixre.replace("*", "\*")
1256
		sbprefixre = sbprefixre.replace("[", "\[")
1257
		sbprefixre = sbprefixre.replace("[", "\[")
1258
1259
		sbprofile = MACOSSANDBOX_PROFILE
1260
		sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX@@", sbprefixpath)
1261
		sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX_RE@@", sbprefixre)
1262
1263
		keywords["profile"] = sbprofile
1264
		spawn_func = portage.process.spawn_macossandbox
1226
	else:
1265
	else:
1227
		keywords["opt_name"] += " sandbox"
1266
		keywords["opt_name"] += " sandbox"
1228
		spawn_func = portage.process.spawn_sandbox
1267
		spawn_func = portage.process.spawn_sandbox
(-)prefix-portage-2.2.00.15842/pym/portage/process.py.msb (-1 / +17 lines)
Lines 18-24 Link Here
18
	'portage.util:dump_traceback',
18
	'portage.util:dump_traceback',
19
)
19
)
20
20
21
from portage.const import BASH_BINARY, SANDBOX_BINARY, FAKEROOT_BINARY
21
from portage.const import BASH_BINARY, SANDBOX_BINARY, MACOSSANDBOX_BINARY, FAKEROOT_BINARY
22
from portage.exception import CommandNotFound
22
from portage.exception import CommandNotFound
23
23
24
try:
24
try:
Lines 44-49 Link Here
44
fakeroot_capable = (os.path.isfile(FAKEROOT_BINARY) and
44
fakeroot_capable = (os.path.isfile(FAKEROOT_BINARY) and
45
                    os.access(FAKEROOT_BINARY, os.X_OK))
45
                    os.access(FAKEROOT_BINARY, os.X_OK))
46
46
47
macossandbox_capable = (os.path.isfile(MACOSSANDBOX_BINARY) and
48
                   os.access(MACOSSANDBOX_BINARY, os.X_OK))
49
47
def spawn_bash(mycommand, debug=False, opt_name=None, **keywords):
50
def spawn_bash(mycommand, debug=False, opt_name=None, **keywords):
48
	"""
51
	"""
49
	Spawns a bash shell running a specific commands
52
	Spawns a bash shell running a specific commands
Lines 93-98 Link Here
93
	args.append(mycommand)
96
	args.append(mycommand)
94
	return spawn(args, opt_name=opt_name, **keywords)
97
	return spawn(args, opt_name=opt_name, **keywords)
95
98
99
def spawn_macossandbox(mycommand, profile=None, opt_name=None, **keywords):
100
	if not macossandbox_capable:
101
		return spawn_bash(mycommand, opt_name=opt_name, **keywords)
102
	args=[MACOSSANDBOX_BINARY]
103
	if not opt_name:
104
		opt_name = os.path.basename(mycommand.split()[0])
105
	args.append("-p")
106
	args.append(profile)
107
	args.append(BASH_BINARY)
108
	args.append("-c")
109
	args.append(mycommand)
110
	return spawn(args, opt_name=opt_name, **keywords)
111
96
_exithandlers = []
112
_exithandlers = []
97
def atexit_register(func, *args, **kargs):
113
def atexit_register(func, *args, **kargs):
98
	"""Wrapper around atexit.register that is needed in order to track
114
	"""Wrapper around atexit.register that is needed in order to track

Return to bug 212817