@@ -, +, @@ --- pym/portage/package/ebuild/doebuild.py | 7 ++++--- pym/portage/package/ebuild/prepare_build_dirs.py | 9 ++------- 2 files changed, 6 insertions(+), 10 deletions(-) --- a/pym/portage/package/ebuild/doebuild.py +++ a/pym/portage/package/ebuild/doebuild.py @@ -1486,7 +1486,7 @@ def spawn(mystring, mysettings, debug=False, free=False, droppriv=False, "uid": portage_uid, "gid": portage_gid, "groups": userpriv_groups, - "umask": 0o02 + "umask": 0o22 }) # Adjust pty ownership so that subprocesses @@ -1644,8 +1644,9 @@ def _post_phase_userpriv_perms(mysettings): """ Privileged phases may have left files that need to be made writable to a less privileged user.""" apply_recursive_permissions(mysettings["T"], - uid=portage_uid, gid=portage_gid, dirmode=0o70, dirmask=0, - filemode=0o60, filemask=0) + uid=portage_uid, gid=portage_gid, dirmode=0o700, dirmask=0, + filemode=0o600, filemask=0) + def _check_build_log(mysettings, out=None): """ --- a/pym/portage/package/ebuild/prepare_build_dirs.py +++ a/pym/portage/package/ebuild/prepare_build_dirs.py @@ -76,17 +76,12 @@ def prepare_build_dirs(myroot=None, settings=None, cleanup=False): ensure_dirs(mydir) try: apply_secpass_permissions(mydir, - gid=portage_gid, uid=portage_uid, mode=0o70, mask=0) + gid=portage_gid, uid=portage_uid, mode=0o700, mask=0) except PortageException: if not os.path.isdir(mydir): raise for dir_key in ("PORTAGE_BUILDDIR", "HOME", "PKG_LOGDIR", "T"): - """These directories don't necessarily need to be group writable. - However, the setup phase is commonly run as a privileged user prior - to the other phases being run by an unprivileged user. Currently, - we use the portage group to ensure that the unprivleged user still - has write access to these directories in any case.""" - ensure_dirs(mysettings[dir_key], mode=0o775) + ensure_dirs(mysettings[dir_key], mode=0o755) apply_secpass_permissions(mysettings[dir_key], uid=portage_uid, gid=portage_gid) except PermissionDenied as e: --