Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 57443 Details for
Bug 90343
sandbox logging of preinst and postinst file events
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
portage-2.0.51.20.installwatch.patch
portage-2.0.51.20.installwatch.patch (text/plain), 5.96 KB, created by
Zac Medico
on 2005-04-27 17:55:35 UTC
(
hide
)
Description:
portage-2.0.51.20.installwatch.patch
Filename:
MIME Type:
Creator:
Zac Medico
Created:
2005-04-27 17:55:35 UTC
Size:
5.96 KB
patch
obsolete
>diff -Nur --exclude '.*' portage-2.0.51.20.orig/bin/ebuild.sh portage-2.0.51.20.installwatch/bin/ebuild.sh >--- portage-2.0.51.20.orig/bin/ebuild.sh 2005-04-20 08:19:03.000000000 -0700 >+++ portage-2.0.51.20.installwatch/bin/ebuild.sh 2005-04-27 17:18:17.000000000 -0700 >@@ -1119,12 +1119,42 @@ > trap SIGINT SIGQUIT > } > >+iw_begin() { >+ export SANDBOX_ON="1" >+ export SANDBOX_WRITE="/" >+ export SANDBOX_DEBUG="1" >+ export SANDBOX_DEBUG_LOG="$INSTALLWATCHFILE" >+} >+ >+iw_end() { >+ export SANDBOX_ON="0" >+ unset SANDBOX_DEBUG >+ unset SANDBOX_DEBUG_LOG >+ >+ # forget read only operations >+ sed -i \ >+ -e 's/^open_rd:.*//' \ >+ -e 's/^execve:.*//' \ >+ -e 's/^opendir:.*//' \ >+ -e 's/^open_wr: *\/dev\/null$//' \ >+ $INSTALLWATCHFILE >+ >+ # remove the empty lines >+ local TMPFILE="`tempfile`" >+ egrep -v '^$' $INSTALLWATCHFILE > $TMPFILE >+ cat $TMPFILE > $INSTALLWATCHFILE >+ rm $TMPFILE >+ >+ unset INSTALLWATCHFILE >+} >+ > dyn_preinst() { > # set IMAGE depending if this is a binary or compile merge > [ "${EMERGE_FROM}" == "binary" ] && IMAGE=${PKG_TMPDIR}/${PF}/bin \ > || IMAGE=${D} >- >+ [ -n "$INSTALLWATCHFILE" ] && iw_begin > pkg_preinst >+ [ -n "$INSTALLWATCHFILE" ] && iw_end > > # hopefully this will someday allow us to get rid of the no* feature flags > # we don't want globbing for initial expansion, but afterwards, we do >@@ -1749,6 +1779,7 @@ > ;; > prerm|postrm|postinst|config) > export SANDBOX_ON="0" >+ [ -n "$INSTALLWATCHFILE" ] && iw_begin > if [ "$PORTAGE_DEBUG" != "1" ]; then > pkg_${myarg} > #Allow non-zero return codes since they can be caused by && >@@ -1758,6 +1789,7 @@ > #Allow non-zero return codes since they can be caused by && > set +x > fi >+ [ -n "$INSTALLWATCHFILE" ] && iw_end > ;; > unpack|compile|test|clean|install) > if [ "${SANDBOX_DISABLED="0"}" == "0" ]; then >diff -Nur --exclude '.*' portage-2.0.51.20.orig/pym/portage.py portage-2.0.51.20.installwatch/pym/portage.py >--- portage-2.0.51.20.orig/pym/portage.py 2005-04-23 00:39:43.000000000 -0700 >+++ portage-2.0.51.20.installwatch/pym/portage.py 2005-04-27 16:19:58.000000000 -0700 >@@ -1564,7 +1564,7 @@ > > # XXX This would be to replace getstatusoutput completely. > # XXX Issue: cannot block execution. Deadlock condition. >-def spawn(mystring,mysettings,debug=0,free=0,droppriv=0,fd_pipes=None,**keywords): >+def spawn(mystring,mysettings,debug=0,free=0,droppriv=0,fd_pipes=None,iw_log=None,**keywords): > """spawn a subprocess with optional sandbox protection, > depending on whether sandbox is enabled. The "free" argument, > when set to 1, will disable sandboxing. This allows us to >@@ -1589,7 +1589,9 @@ > > if ("sandbox" in features) and (not free): > keywords["opt_name"] += " sandbox" >- if droppriv and portage_gid and portage_uid: >+ if iw_log: >+ env["INSTALLWATCHFILE"]=iw_log >+ elif droppriv and portage_gid and portage_uid: > keywords.update({"uid":portage_uid,"gid":portage_gid,"groups":[portage_gid],"umask":002}) > return portage_exec.spawn_sandbox(mystring,env=env,**keywords) > else: >@@ -2314,7 +2316,7 @@ > droppriv=actionmap[mydo]["args"][1],logfile=logfile) > return retval > >-def doebuild(myebuild,mydo,myroot,mysettings,debug=0,listonly=0,fetchonly=0,cleanup=0,dbkey=None,use_cache=1,fetchall=0,tree="porttree"): >+def doebuild(myebuild,mydo,myroot,mysettings,debug=0,listonly=0,fetchonly=0,cleanup=0,dbkey=None,use_cache=1,fetchall=0,tree="porttree",iw_log=None): > global db > > ebuild_path = os.path.abspath(myebuild) >@@ -2595,7 +2597,10 @@ > return spawn(EBUILD_SH_BINARY+" "+mydo,mysettings,debug=debug,free=1,logfile=logfile) > elif mydo in ["prerm","postrm","preinst","postinst","config"]: > mysettings.load_infodir(pkg_dir) >- return spawn(EBUILD_SH_BINARY+" "+mydo,mysettings,debug=debug,free=1,logfile=logfile) >+ free=1 >+ if iw_log: >+ free=0 >+ return spawn(EBUILD_SH_BINARY+" "+mydo,mysettings,debug=debug,free=free,logfile=logfile,iw_log=iw_log) > > try: > mysettings["SLOT"],mysettings["RESTRICT"] = db["/"]["porttree"].dbapi.aux_get(mycpv,["SLOT","RESTRICT"]) >@@ -6428,12 +6433,15 @@ > print ">>> Merging",self.mycpv,"to",destroot > > # run preinst script >+ iw_log=None >+ if "installwatch" in features: >+ iw_log=self.dbtmpdir+"/PREINST" > if myebuild: > # if we are merging a new ebuild, use *its* pre/postinst rather than using the one in /var/db/pkg > # (if any). >- a=doebuild(myebuild,"preinst",root,self.settings,cleanup=cleanup,use_cache=0) >+ a=doebuild(myebuild,"preinst",root,self.settings,cleanup=cleanup,use_cache=0,iw_log=iw_log) > else: >- a=doebuild(inforoot+"/"+self.pkg+".ebuild","preinst",root,self.settings,cleanup=cleanup,use_cache=0) >+ a=doebuild(inforoot+"/"+self.pkg+".ebuild","preinst",root,self.settings,cleanup=cleanup,use_cache=0,iw_log=iw_log) > > # XXX: Decide how to handle failures here. > if a != 0: >@@ -6514,13 +6522,6 @@ > self.dbdir = self.dbtmpdir > print ">>> original instance of package unmerged safely." > >- # We hold both directory locks. >- self.dbdir = self.dbpkgdir >- self.delete() >- movefile(self.dbtmpdir, self.dbpkgdir, mysettings=self.settings) >- >- self.unlockdb() >- > #write out our collection of md5sums > if cfgfiledict.has_key("IGNORE"): > del cfgfiledict["IGNORE"] >@@ -6545,12 +6546,22 @@ > portage_locks.unlockfile(mylock) > > #do postinst script >+ iw_log=None >+ if "installwatch" in features: >+ iw_log=self.dbtmpdir+"/POSTINST" > if myebuild: > # if we are merging a new ebuild, use *its* pre/postinst rather than using the one in /var/db/pkg > # (if any). >- a=doebuild(myebuild,"postinst",root,self.settings,use_cache=0) >+ a=doebuild(myebuild,"postinst",root,self.settings,use_cache=0,iw_log=iw_log) > else: >- a=doebuild(inforoot+"/"+self.pkg+".ebuild","postinst",root,self.settings,use_cache=0) >+ a=doebuild(inforoot+"/"+self.pkg+".ebuild","postinst",root,self.settings,use_cache=0,iw_log=iw_log) >+ >+ # We hold both directory locks. >+ self.dbdir = self.dbpkgdir >+ self.delete() >+ movefile(self.dbtmpdir, self.dbpkgdir, mysettings=self.settings) >+ >+ self.unlockdb() > > # XXX: Decide how to handle failures here. > if a != 0:
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 90343
:
57154
|
57155
|
57201
|
57355
|
57443
|
57542
|
57669
|
58219
|
64027