Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 212817 | Differences between
and this patch

Collapse All | Expand All

(-)./prefix-portage-2.2.01.16616/pym/portage/const.py.msb (+25 lines)
Lines 80-85 Link Here
80
BASH_BINARY              = PORTAGE_BASH
80
BASH_BINARY              = PORTAGE_BASH
81
MOVE_BINARY              = PORTAGE_MV
81
MOVE_BINARY              = PORTAGE_MV
82
PRELINK_BINARY           = "/usr/sbin/prelink"
82
PRELINK_BINARY           = "/usr/sbin/prelink"
83
MACOSSANDBOX_BINARY      = "/usr/bin/sandbox-exec"
84
MACOSSANDBOX_PROFILE     = '''(version 1)
85
86
(allow default)
87
88
(deny file-write*)
89
90
(allow file-read* file-write*
91
  (literal
92
    #"@@WRITEABLE_PREFIX@@"
93
  )
94
95
  (regex
96
    #"^@@WRITEABLE_PREFIX_RE@@/"
97
    #"^(/private)?/var/tmp"
98
    #"^(/private)?/tmp"
99
  )
100
)
101
102
(allow file-read-data file-write-data
103
  (regex
104
    #"^/dev/null$"
105
    #"^(/private)?/var/run/syslog$"
106
  )
107
)'''
83
108
84
PORTAGE_GROUPNAME        = portagegroup
109
PORTAGE_GROUPNAME        = portagegroup
85
PORTAGE_USERNAME         = portageuser
110
PORTAGE_USERNAME         = portageuser
(-)./prefix-portage-2.2.01.16616/pym/portage/package/ebuild/config.py.msb (-1 / +13 lines)
Lines 39-45 Link Here
39
from portage.exception import InvalidDependString, PortageException
39
from portage.exception import InvalidDependString, PortageException
40
from portage.localization import _
40
from portage.localization import _
41
from portage.output import colorize
41
from portage.output import colorize
42
from portage.process import fakeroot_capable, sandbox_capable
42
from portage.process import fakeroot_capable, sandbox_capable, macossandbox_capable
43
from portage.util import ensure_dirs, getconfig, grabdict, \
43
from portage.util import ensure_dirs, getconfig, grabdict, \
44
	grabdict_package, grabfile, grabfile_package, LazyItemsDict, \
44
	grabdict_package, grabfile, grabfile_package, LazyItemsDict, \
45
	normalize_path, shlex_split, stack_dictlist, stack_dicts, stack_lists, \
45
	normalize_path, shlex_split, stack_dictlist, stack_dicts, stack_lists, \
Lines 875-880 Link Here
875
				writemsg(colorize("BAD", _("!!! Problem with sandbox"
875
				writemsg(colorize("BAD", _("!!! Problem with sandbox"
876
					" binary. Disabling...\n\n")), noiselevel=-1)
876
					" binary. Disabling...\n\n")), noiselevel=-1)
877
877
878
		if not macossandbox_capable and \
879
			("macossandbox" in self.features or "macosusersandbox" in self.features):
880
			if self.profile_path is not None and \
881
				os.path.realpath(self.profile_path) == \
882
				os.path.realpath(os.path.join(
883
				self["PORTAGE_CONFIGROOT"], PROFILE_PATH)):
884
				""" Don't show this warning when running repoman and the
885
				sandbox feature came from a profile that doesn't belong to
886
				the user."""
887
				writemsg(colorize("BAD", "!!! Problem with macos sandbox" + \
888
					" binary. Disabling...\n\n"), noiselevel=-1)
889
878
		if "fakeroot" in self.features and \
890
		if "fakeroot" in self.features and \
879
			not fakeroot_capable:
891
			not fakeroot_capable:
880
			writemsg(_("!!! FEATURES=fakeroot is enabled, but the "
892
			writemsg(_("!!! FEATURES=fakeroot is enabled, but the "
(-)./prefix-portage-2.2.01.16616/pym/portage/package/ebuild/doebuild.py.msb (-5 / +43 lines)
Lines 35-41 Link Here
35
	_shell_quote, _unicode_decode, _unicode_encode
35
	_shell_quote, _unicode_decode, _unicode_encode
36
from portage.const import EBUILD_SH_ENV_FILE, EBUILD_SH_ENV_DIR, \
36
from portage.const import EBUILD_SH_ENV_FILE, EBUILD_SH_ENV_DIR, \
37
	EBUILD_SH_BINARY, INVALID_ENV_FILE, MISC_SH_BINARY, \
37
	EBUILD_SH_BINARY, INVALID_ENV_FILE, MISC_SH_BINARY, \
38
	EPREFIX, EPREFIX_LSTRIP
38
	EPREFIX, EPREFIX_LSTRIP, MACOSSANDBOX_PROFILE
39
from portage.data import portage_gid, portage_uid, secpass, \
39
from portage.data import portage_gid, portage_uid, secpass, \
40
	uid, userpriv_groups
40
	uid, userpriv_groups
41
from portage.dbapi.virtual import fakedbapi
41
from portage.dbapi.virtual import fakedbapi
Lines 941-957 Link Here
941
	restrict = settings["PORTAGE_RESTRICT"].split()
941
	restrict = settings["PORTAGE_RESTRICT"].split()
942
	nosandbox = (("userpriv" in features) and \
942
	nosandbox = (("userpriv" in features) and \
943
		("usersandbox" not in features) and \
943
		("usersandbox" not in features) and \
944
		("macosusersandbox" not in features) and \
944
		"userpriv" not in restrict and \
945
		"userpriv" not in restrict and \
945
		"nouserpriv" not in restrict)
946
		"nouserpriv" not in restrict)
946
	if nosandbox and ("userpriv" not in features or \
947
	if nosandbox and ("userpriv" not in features or \
947
		"userpriv" in restrict or \
948
		"userpriv" in restrict or \
948
		"nouserpriv" in restrict):
949
		"nouserpriv" in restrict):
949
		nosandbox = ("sandbox" not in features and \
950
		nosandbox = ("sandbox" not in features and \
950
			"usersandbox" not in features)
951
			"usersandbox" not in features and \
952
			"macosusersandbox" not in features)
951
953
952
	if not portage.process.sandbox_capable:
954
	if not portage.process.sandbox_capable:
953
		nosandbox = True
955
		nosandbox = True
954
956
957
	if not portage.process.macossandbox_capable:
958
		nosandbox = True
959
955
	sesandbox = settings.selinux_enabled() and \
960
	sesandbox = settings.selinux_enabled() and \
956
		"sesandbox" in features
961
		"sesandbox" in features
957
962
Lines 1096-1110 Link Here
1096
	# fake ownership/permissions will have to be converted to real
1101
	# fake ownership/permissions will have to be converted to real
1097
	# permissions in the merge phase.
1102
	# permissions in the merge phase.
1098
	fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable
1103
	fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable
1104
	macossandbox = ("macossandbox" in features or \
1105
		"macosusersandbox" in features)
1099
	if droppriv and not uid and portage_gid and portage_uid:
1106
	if droppriv and not uid and portage_gid and portage_uid:
1100
		keywords.update({"uid":portage_uid,"gid":portage_gid,
1107
		keywords.update({"uid":portage_uid,"gid":portage_gid,
1101
			"groups":userpriv_groups,"umask":0o02})
1108
			"groups":userpriv_groups,"umask":0o02})
1102
	if not free:
1109
	if not free:
1103
		free=((droppriv and "usersandbox" not in features) or \
1110
		free=((droppriv and "usersandbox" not in features and
1111
			"macosusersandbox" not in features) or \
1104
			(not droppriv and "sandbox" not in features and \
1112
			(not droppriv and "sandbox" not in features and \
1105
			"usersandbox" not in features and not fakeroot))
1113
			"usersandbox" not in features and not fakeroot and \
1114
			not macossandbox))
1115
1116
	# confining the process to a prefix sandbox is disabled by default, if
1117
	# a normal sandbox is requested a this point, it will be used, if no
1118
	# sandbox is requested, a prefix sandbox will be imposed if requested
1119
	# by the appropriate features
1120
	prefixsandbox = False
1121
	if free:
1122
		prefixsandbox = "macosprefixsandbox" in features
1123
		free = not prefixsandbox
1106
1124
1107
	if not free and not (fakeroot or portage.process.sandbox_capable):
1125
	if not free and not (fakeroot or portage.process.sandbox_capable or \
1126
		portage.process.macossandbox_capable):
1108
		free = True
1127
		free = True
1109
1128
1110
	if mysettings.mycpv is not None:
1129
	if mysettings.mycpv is not None:
Lines 1120-1125 Link Here
1120
		keywords["opt_name"] += " fakeroot"
1139
		keywords["opt_name"] += " fakeroot"
1121
		keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state")
1140
		keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state")
1122
		spawn_func = portage.process.spawn_fakeroot
1141
		spawn_func = portage.process.spawn_fakeroot
1142
	elif macossandbox:
1143
		keywords["opt_name"] += " macossandbox"
1144
		if prefixsandbox:
1145
			sbprefixpath = mysettings["EPREFIX"]
1146
		else:
1147
			sbprefixpath = mysettings["PORTAGE_BUILDDIR"]
1148
1149
		# escape some characters with special meaning in re's
1150
		sbprefixre = sbprefixpath.replace("+", "\+")
1151
		sbprefixre = sbprefixre.replace("*", "\*")
1152
		sbprefixre = sbprefixre.replace("[", "\[")
1153
		sbprefixre = sbprefixre.replace("[", "\[")
1154
1155
		sbprofile = MACOSSANDBOX_PROFILE
1156
		sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX@@", sbprefixpath)
1157
		sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX_RE@@", sbprefixre)
1158
1159
		keywords["profile"] = sbprofile
1160
		spawn_func = portage.process.spawn_macossandbox
1123
	else:
1161
	else:
1124
		keywords["opt_name"] += " sandbox"
1162
		keywords["opt_name"] += " sandbox"
1125
		spawn_func = portage.process.spawn_sandbox
1163
		spawn_func = portage.process.spawn_sandbox
(-)./prefix-portage-2.2.01.16616/pym/portage/process.py.msb (-1 / +17 lines)
Lines 16-22 Link Here
16
	'portage.util:dump_traceback',
16
	'portage.util:dump_traceback',
17
)
17
)
18
18
19
from portage.const import BASH_BINARY, SANDBOX_BINARY, FAKEROOT_BINARY
19
from portage.const import BASH_BINARY, SANDBOX_BINARY, MACOSSANDBOX_BINARY, FAKEROOT_BINARY
20
from portage.exception import CommandNotFound
20
from portage.exception import CommandNotFound
21
21
22
try:
22
try:
Lines 42-47 Link Here
42
fakeroot_capable = (os.path.isfile(FAKEROOT_BINARY) and
42
fakeroot_capable = (os.path.isfile(FAKEROOT_BINARY) and
43
                    os.access(FAKEROOT_BINARY, os.X_OK))
43
                    os.access(FAKEROOT_BINARY, os.X_OK))
44
44
45
macossandbox_capable = (os.path.isfile(MACOSSANDBOX_BINARY) and
46
                   os.access(MACOSSANDBOX_BINARY, os.X_OK))
47
45
def spawn_bash(mycommand, debug=False, opt_name=None, **keywords):
48
def spawn_bash(mycommand, debug=False, opt_name=None, **keywords):
46
	"""
49
	"""
47
	Spawns a bash shell running a specific commands
50
	Spawns a bash shell running a specific commands
Lines 89-94 Link Here
89
	args.append(BASH_BINARY)
92
	args.append(BASH_BINARY)
90
	args.append("-c")
93
	args.append("-c")
91
	args.append(mycommand)
94
	args.append(mycommand)
95
	return spawn(args, opt_name=opt_name, **keywords)
96
97
def spawn_macossandbox(mycommand, profile=None, opt_name=None, **keywords):
98
	if not macossandbox_capable:
99
		return spawn_bash(mycommand, opt_name=opt_name, **keywords)
100
	args=[MACOSSANDBOX_BINARY]
101
	if not opt_name:
102
		opt_name = os.path.basename(mycommand.split()[0])
103
	args.append("-p")
104
	args.append(profile)
105
	args.append(BASH_BINARY)
106
	args.append("-c")
107
	args.append(mycommand)
92
	return spawn(args, opt_name=opt_name, **keywords)
108
	return spawn(args, opt_name=opt_name, **keywords)
93
109
94
_exithandlers = []
110
_exithandlers = []
(-)./prefix-portage-2.2.01.16616/pym/portage/const.py.msb (+1 lines)
Lines 132-137 Link Here
132
                           "digest", "distcc", "distlocks",
132
                           "digest", "distcc", "distlocks",
133
                           "fakeroot", "fail-clean", "fixpackages", "getbinpkg",
133
                           "fakeroot", "fail-clean", "fixpackages", "getbinpkg",
134
                           "installsources", "keeptemp", "keepwork", "fixlafiles", "lmirror",
134
                           "installsources", "keeptemp", "keepwork", "fixlafiles", "lmirror",
135
                            "macossandbox", "macosprefixsandbox", "macosusersandbox",
135
                           "metadata-transfer", "mirror", "multilib-strict", "news",
136
                           "metadata-transfer", "mirror", "multilib-strict", "news",
136
                           "noauto", "noclean", "nodoc", "noinfo", "noman", "nostrip",
137
                           "noauto", "noclean", "nodoc", "noinfo", "noman", "nostrip",
137
                           "notitles", "parallel-fetch", "parse-eapi-ebuild-head",
138
                           "notitles", "parallel-fetch", "parse-eapi-ebuild-head",

Return to bug 212817