Index: pym/portage.py =================================================================== --- pym/portage.py (revision 9161) +++ pym/portage.py (working copy) @@ -9307,6 +9307,9 @@ writemsg_stdout("--- %s/\n" % mydest) if bsd_chflags: bsd_chflags.lchflags(mydest, dflags) + if "merge-dir-perms" in self.settings.features: + os.chmod(mydest, stat.S_IMODE(mystat.st_mode)) + os.chown(mydest, mystat.st_uid, mystat.st_gid) else: # a non-directory and non-symlink-to-directory. Won't work for us. Move out of the way. if movefile(mydest,mydest+".backup", mysettings=self.settings) is None: Index: cnf/make.globals =================================================================== --- cnf/make.globals (revision 9130) +++ cnf/make.globals (working copy) @@ -33,7 +33,7 @@ RESUMECOMMAND="/usr/bin/wget -c -t 5 -T 60 --passive-ftp -O \${DISTDIR}/\${FILE} \${URI}" # Default user options -FEATURES="distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch" +FEATURES="distlocks merge-dir-perms metadata-transfer sandbox sfperms strict unmerge-orphans userfetch" # Default chunksize for binhost comms PORTAGE_BINHOST_CHUNKSIZE="3000" Index: bin/misc-functions.sh =================================================================== --- bin/misc-functions.sh (revision 9130) +++ bin/misc-functions.sh (working copy) @@ -46,12 +46,13 @@ prepall # Now we look for all world writable files. - for i in $(find "${D}/" -type f -perm -2); do + find "${D}" '(' -type f -o -type d ')' -perm -2 -print0 | \ + while read -d $'\0' i ; do vecho -ne '\a' - vecho "QA Security Notice:" - vecho "- ${i:${#D}:${#i}} will be a world writable file." - vecho "- This may or may not be a security problem, most of the time it is one." - vecho "- Please double check that $PF really needs a world writeable bit and file bugs accordingly." + eqawarn "QA Security Notice:" + eqawarn "- ${i:${#D}:${#i}} will be a world writable file." + eqawarn "- This may or may not be a security problem, most of the time it is one." + eqawarn "- Please double check that $PF really needs a world writeable bit and file bugs accordingly." sleep 1 done