Attachment 238679 Details for Bug 212817 – patch for current portage

[patch] patch for current portage

portage-2.2.01.15354-msb.patch (text/plain), 7.48 KB, created by Michael Weiser on 2010-07-14 07:04:51 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Michael Weiser

Created: 2010-07-14 07:04:51 UTC

Size: 7.48 KB

patch

obsolete

>--- prefix-portage-2.2.01.15354/pym/portage/const.py.msb	2010-07-02 19:14:22.000000000 +0200
>+++ prefix-portage-2.2.01.15354/pym/portage/const.py	2010-07-14 08:56:21.000000000 +0200
>@@ -78,6 +78,31 @@
> BASH_BINARY              = PORTAGE_BASH
> MOVE_BINARY              = PORTAGE_MV
> PRELINK_BINARY           = "/usr/sbin/prelink"
>+MACOSSANDBOX_BINARY      = "/usr/bin/sandbox-exec"
>+MACOSSANDBOX_PROFILE     = '''(version 1)
>+
>+(allow default)
>+
>+(deny file-write*)
>+
>+(allow file-read* file-write*
>+  (literal
>+    #"@@WRITEABLE_PREFIX@@"
>+  )
>+
>+  (regex
>+    #"^@@WRITEABLE_PREFIX_RE@@/"
>+    #"^(/private)?/var/tmp"
>+    #"^(/private)?/tmp"
>+  )
>+)
>+
>+(allow file-read-data file-write-data
>+  (regex
>+    #"^/dev/null$"
>+    #"^(/private)?/var/run/syslog$"
>+  )
>+)'''
> 
> PORTAGE_GROUPNAME        = portagegroup
> PORTAGE_USERNAME         = portageuser
>--- prefix-portage-2.2.01.15354/pym/portage/package/ebuild/config.py.msb	2010-07-02 19:14:23.000000000 +0200
>+++ prefix-portage-2.2.01.15354/pym/portage/package/ebuild/config.py	2010-07-14 08:55:50.000000000 +0200
>@@ -38,7 +38,7 @@
> 	InvalidDependString, ParseError, PortageException
> from portage.localization import _
> from portage.output import colorize
>-from portage.process import fakeroot_capable, sandbox_capable
>+from portage.process import fakeroot_capable, sandbox_capable, macossandbox_capable
> from portage.util import ensure_dirs, getconfig, grabdict, \
> 	grabdict_package, grabfile, grabfile_package, LazyItemsDict, \
> 	normalize_path, shlex_split, stack_dictlist, stack_dicts, stack_lists, \
>@@ -1157,6 +1157,18 @@
> 				writemsg(colorize("BAD", _("!!! Problem with sandbox"
> 					" binary. Disabling...\n\n")), noiselevel=-1)
> 
>+		if not macossandbox_capable and \
>+			("macossandbox" in self.features or "macosusersandbox" in self.features):
>+			if self.profile_path is not None and \
>+				os.path.realpath(self.profile_path) == \
>+				os.path.realpath(os.path.join(
>+				self["PORTAGE_CONFIGROOT"], PROFILE_PATH)):
>+				""" Don't show this warning when running repoman and the
>+				sandbox feature came from a profile that doesn't belong to
>+				the user."""
>+				writemsg(colorize("BAD", "!!! Problem with macos sandbox" + \
>+					" binary. Disabling...\n\n"), noiselevel=-1)
>+
> 		if "fakeroot" in self.features and \
> 			not fakeroot_capable:
> 			writemsg(_("!!! FEATURES=fakeroot is enabled, but the "
>--- prefix-portage-2.2.01.15354/pym/portage/package/ebuild/doebuild.py.msb	2010-07-02 19:14:23.000000000 +0200
>+++ prefix-portage-2.2.01.15354/pym/portage/package/ebuild/doebuild.py	2010-07-14 08:57:09.000000000 +0200
>@@ -34,7 +34,7 @@
> 	_shell_quote, _split_ebuild_name_glep55, _unicode_decode, _unicode_encode
> from portage.const import EBUILD_SH_ENV_FILE, EBUILD_SH_ENV_DIR, \
> 	EBUILD_SH_BINARY, INVALID_ENV_FILE, MISC_SH_BINARY, \
>-	EPREFIX, EPREFIX_LSTRIP
>+	EPREFIX, EPREFIX_LSTRIP, MACOSSANDBOX_PROFILE
> from portage.data import portage_gid, portage_uid, secpass, \
> 	uid, userpriv_groups
> from portage.dbapi.virtual import fakedbapi
>@@ -931,17 +931,22 @@
> 		restrict = mysettings["PORTAGE_RESTRICT"].split()
> 		nosandbox = (("userpriv" in features) and \
> 			("usersandbox" not in features) and \
>+			("macosusersandbox" not in features) and \
> 			"userpriv" not in restrict and \
> 			"nouserpriv" not in restrict)
> 		if nosandbox and ("userpriv" not in features or \
> 			"userpriv" in restrict or \
> 			"nouserpriv" in restrict):
> 			nosandbox = ("sandbox" not in features and \
>-				"usersandbox" not in features)
>+				"usersandbox" not in features and \
>+				"macosusersandbox" not in features)
> 
> 		if not portage.process.sandbox_capable:
> 			nosandbox = True
> 
>+		if not portage.process.macossandbox_capable:
>+			nosandbox = True
>+
> 		sesandbox = mysettings.selinux_enabled() and \
> 			"sesandbox" in mysettings.features
> 
>@@ -1221,15 +1226,29 @@
> 	# fake ownership/permissions will have to be converted to real
> 	# permissions in the merge phase.
> 	fakeroot = fakeroot and uid != 0 and portage.process.fakeroot_capable
>+	macossandbox = ("macossandbox" in features or \
>+		"macosusersandbox" in features)
> 	if droppriv and not uid and portage_gid and portage_uid:
> 		keywords.update({"uid":portage_uid,"gid":portage_gid,
> 			"groups":userpriv_groups,"umask":0o02})
> 	if not free:
>-		free=((droppriv and "usersandbox" not in features) or \
>+		free=((droppriv and "usersandbox" not in features and
>+			"macosusersandbox" not in features) or \
> 			(not droppriv and "sandbox" not in features and \
>-			"usersandbox" not in features and not fakeroot))
>+			"usersandbox" not in features and not fakeroot and \
>+			not macossandbox))
>+
>+	# confining the process to a prefix sandbox is disabled by default, if
>+	# a normal sandbox is requested a this point, it will be used, if no
>+	# sandbox is requested, a prefix sandbox will be imposed if requested
>+	# by the appropriate features
>+	prefixsandbox = False
>+	if free:
>+		prefixsandbox = "macosprefixsandbox" in features
>+		free = not prefixsandbox
> 
>-	if not free and not (fakeroot or portage.process.sandbox_capable):
>+	if not free and not (fakeroot or portage.process.sandbox_capable or \
>+		portage.process.macossandbox_capable):
> 		free = True
> 
> 	if free or "SANDBOX_ACTIVE" in os.environ:
>@@ -1239,6 +1258,25 @@
> 		keywords["opt_name"] += " fakeroot"
> 		keywords["fakeroot_state"] = os.path.join(mysettings["T"], "fakeroot.state")
> 		spawn_func = portage.process.spawn_fakeroot
>+	elif macossandbox:
>+		keywords["opt_name"] += " macossandbox"
>+		if prefixsandbox:
>+			sbprefixpath = mysettings["EPREFIX"]
>+		else:
>+			sbprefixpath = mysettings["PORTAGE_BUILDDIR"]
>+
>+		# escape some characters with special meaning in re's
>+		sbprefixre = sbprefixpath.replace("+", "\+")
>+		sbprefixre = sbprefixre.replace("*", "\*")
>+		sbprefixre = sbprefixre.replace("[", "\[")
>+		sbprefixre = sbprefixre.replace("[", "\[")
>+
>+		sbprofile = MACOSSANDBOX_PROFILE
>+		sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX@@", sbprefixpath)
>+		sbprofile = sbprofile.replace("@@WRITEABLE_PREFIX_RE@@", sbprefixre)
>+
>+		keywords["profile"] = sbprofile
>+		spawn_func = portage.process.spawn_macossandbox
> 	else:
> 		keywords["opt_name"] += " sandbox"
> 		spawn_func = portage.process.spawn_sandbox
>--- prefix-portage-2.2.01.15354/pym/portage/process.py.msb	2010-07-02 19:14:23.000000000 +0200
>+++ prefix-portage-2.2.01.15354/pym/portage/process.py	2010-07-14 08:55:50.000000000 +0200
>@@ -17,7 +17,7 @@
> 	'portage.util:dump_traceback',
> )
> 
>-from portage.const import BASH_BINARY, SANDBOX_BINARY, FAKEROOT_BINARY
>+from portage.const import BASH_BINARY, SANDBOX_BINARY, MACOSSANDBOX_BINARY, FAKEROOT_BINARY
> from portage.exception import CommandNotFound
> 
> try:
>@@ -43,6 +43,9 @@
> fakeroot_capable = (os.path.isfile(FAKEROOT_BINARY) and
>                     os.access(FAKEROOT_BINARY, os.X_OK))
> 
>+macossandbox_capable = (os.path.isfile(MACOSSANDBOX_BINARY) and
>+                   os.access(MACOSSANDBOX_BINARY, os.X_OK))
>+
> def spawn_bash(mycommand, debug=False, opt_name=None, **keywords):
> 	"""
> 	Spawns a bash shell running a specific commands
>@@ -90,6 +93,19 @@
> 	args.append(BASH_BINARY)
> 	args.append("-c")
> 	args.append(mycommand)
>+	return spawn(args, opt_name=opt_name, **keywords)
>+
>+def spawn_macossandbox(mycommand, profile=None, opt_name=None, **keywords):
>+	if not macossandbox_capable:
>+		return spawn_bash(mycommand, opt_name=opt_name, **keywords)
>+	args=[MACOSSANDBOX_BINARY]
>+	if not opt_name:
>+		opt_name = os.path.basename(mycommand.split()[0])
>+	args.append("-p")
>+	args.append(profile)
>+	args.append(BASH_BINARY)
>+	args.append("-c")
>+	args.append(mycommand)
> 	return spawn(args, opt_name=opt_name, **keywords)
> 
> _exithandlers = []

Actions: View | Diff

Attachments on bug 212817: 145637 | 146708 | 208202 | 208203 | 208569 | 225873 | 238679 | 238687 | 248497