From 47500f08e20271b786d5f090dd763f0393b68248 Mon Sep 17 00:00:00 2001
From: Zac Medico <zmedico@gentoo.org>
Date: Tue, 9 Sep 2014 13:29:30 -0700
Subject: [PATCH] Remove g+w bit from $T for TPE bug #519566

Grant permissions to the portage user instead of the group, in order
to avoid TPE complaints about the g+w bit.

X-Gentoo-Bug: 519566
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=519566
---
 pym/portage/package/ebuild/doebuild.py           | 7 ++++---
 pym/portage/package/ebuild/prepare_build_dirs.py | 9 ++-------
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py
index 01707ae..9f077b5 100644
--- a/pym/portage/package/ebuild/doebuild.py
+++ b/pym/portage/package/ebuild/doebuild.py
@@ -1486,7 +1486,7 @@ def spawn(mystring, mysettings, debug=False, free=False, droppriv=False,
 				"uid": portage_uid,
 				"gid": portage_gid,
 				"groups": userpriv_groups,
-				"umask": 0o02
+				"umask": 0o22
 			})
 
 			# Adjust pty ownership so that subprocesses
@@ -1644,8 +1644,9 @@ def _post_phase_userpriv_perms(mysettings):
 		""" Privileged phases may have left files that need to be made
 		writable to a less privileged user."""
 		apply_recursive_permissions(mysettings["T"],
-			uid=portage_uid, gid=portage_gid, dirmode=0o70, dirmask=0,
-			filemode=0o60, filemask=0)
+			uid=portage_uid, gid=portage_gid, dirmode=0o700, dirmask=0,
+			filemode=0o600, filemask=0)
+
 
 def _check_build_log(mysettings, out=None):
 	"""
diff --git a/pym/portage/package/ebuild/prepare_build_dirs.py b/pym/portage/package/ebuild/prepare_build_dirs.py
index 6782160..ce54fdf 100644
--- a/pym/portage/package/ebuild/prepare_build_dirs.py
+++ b/pym/portage/package/ebuild/prepare_build_dirs.py
@@ -76,17 +76,12 @@ def prepare_build_dirs(myroot=None, settings=None, cleanup=False):
 			ensure_dirs(mydir)
 			try:
 				apply_secpass_permissions(mydir,
-					gid=portage_gid, uid=portage_uid, mode=0o70, mask=0)
+					gid=portage_gid, uid=portage_uid, mode=0o700, mask=0)
 			except PortageException:
 				if not os.path.isdir(mydir):
 					raise
 		for dir_key in ("PORTAGE_BUILDDIR", "HOME", "PKG_LOGDIR", "T"):
-			"""These directories don't necessarily need to be group writable.
-			However, the setup phase is commonly run as a privileged user prior
-			to the other phases being run by an unprivileged user.  Currently,
-			we use the portage group to ensure that the unprivleged user still
-			has write access to these directories in any case."""
-			ensure_dirs(mysettings[dir_key], mode=0o775)
+			ensure_dirs(mysettings[dir_key], mode=0o755)
 			apply_secpass_permissions(mysettings[dir_key],
 				uid=portage_uid, gid=portage_gid)
 	except PermissionDenied as e:
-- 
1.8.5.5