Attachment #58219 for bug #90343




	trap SIGINT SIGQUIT
}

iw_begin() {
	export SANDBOX_DENY=""
	export SANDBOX_READ="/"
	export SANDBOX_WRITE="/"
	export SANDBOX_PREDICT=""
	export SANDBOX_DEBUG="1"
	export SANDBOX_DEBUG_LOG="$INSTALLWATCHFILE"
	export SANDBOX_ACTIVE="armedandready"
	export SANDBOX_ON="1"
}

iw_end() {
	export SANDBOX_ON="0"
	unset LD_PRELOAD SANDBOX_ACTIVE INSTALLWATCHFILE
}

dyn_preinst() {
	# set IMAGE depending if this is a binary or compile merge
	[ "${EMERGE_FROM}" == "binary" ] && IMAGE=${PKG_TMPDIR}/${PF}/bin \
					|| IMAGE=${D}
	[ -n "$INSTALLWATCHFILE" ] && iw_begin
	pkg_preinst
	[ -n "$INSTALLWATCHFILE" ] && iw_end

	# hopefully this will someday allow us to get rid of the no* feature flags
	# we don't want globbing for initial expansion, but afterwards, we do

		;;
	prerm|postrm|postinst|config)
		export SANDBOX_ON="0"
		[ -n "$INSTALLWATCHFILE" ] && iw_begin
		if [ "$PORTAGE_DEBUG" != "1" ]; then
			pkg_${myarg}
			#Allow non-zero return codes since they can be caused by &&

			#Allow non-zero return codes since they can be caused by &&
			set +x
		fi
		[ -n "$INSTALLWATCHFILE" ] && iw_end
		;;
	unpack|compile|test|clean|install)
		if [ "${SANDBOX_DISABLED="0"}" == "0" ]; then

Lines 1566-1572 Link Here

(-)portage-2.0.51.21/pym/portage.py (-14 / +30 lines)
1566		1566
1567	# XXX This would be to replace getstatusoutput completely.	1567	# XXX This would be to replace getstatusoutput completely.
1568	# XXX Issue: cannot block execution. Deadlock condition.	1568	# XXX Issue: cannot block execution. Deadlock condition.
1569	def spawn(mystring,mysettings,debug=0,free=0,droppriv=0,fd_pipes=None,**keywords):	1569	def spawn(mystring,mysettings,debug=0,free=0,droppriv=0,fd_pipes=None,iw_log=None,**keywords):
1570	"""spawn a subprocess with optional sandbox protection,	1570	"""spawn a subprocess with optional sandbox protection,
1571	depending on whether sandbox is enabled. The "free" argument,	1571	depending on whether sandbox is enabled. The "free" argument,
1572	when set to 1, will disable sandboxing. This allows us to	1572	when set to 1, will disable sandboxing. This allows us to
Lines 1600-1605 Link Here
1600	return portage_exec.spawn_sandbox(mystring,env=env,**keywords)	1600	return portage_exec.spawn_sandbox(mystring,env=env,**keywords)
1601	else:	1601	else:
1602	keywords["opt_name"] += " bash"	1602	keywords["opt_name"] += " bash"
		1603	if iw_log:
		1604	env["LD_PRELOAD"]="/lib/libsandbox.so"
		1605	env["INSTALLWATCHFILE"]=iw_log
1603	return portage_exec.spawn_bash(mystring,env=env,**keywords)	1606	return portage_exec.spawn_bash(mystring,env=env,**keywords)
1604		1607
1605		1608
Lines 2320-2326 Link Here
2320	droppriv=actionmap[mydo]["args"][1],logfile=logfile)	2323	droppriv=actionmap[mydo]["args"][1],logfile=logfile)
2321	return retval	2324	return retval
2322		2325
2323	def doebuild(myebuild,mydo,myroot,mysettings,debug=0,listonly=0,fetchonly=0,cleanup=0,dbkey=None,use_cache=1,fetchall=0,tree="porttree"):	2326	def doebuild(myebuild,mydo,myroot,mysettings,debug=0,listonly=0,fetchonly=0,cleanup=0,dbkey=None,use_cache=1,fetchall=0,tree="porttree",iw_log=None):
2324	global db	2327	global db
2325		2328
2326	ebuild_path = os.path.abspath(myebuild)	2329	ebuild_path = os.path.abspath(myebuild)
Lines 2606-2612 Link Here
2606	return spawn(EBUILD_SH_BINARY+" "+mydo,mysettings,debug=debug,free=1,logfile=logfile)	2609	return spawn(EBUILD_SH_BINARY+" "+mydo,mysettings,debug=debug,free=1,logfile=logfile)
2607	elif mydo in ["prerm","postrm","preinst","postinst","config"]:	2610	elif mydo in ["prerm","postrm","preinst","postinst","config"]:
2608	mysettings.load_infodir(pkg_dir)	2611	mysettings.load_infodir(pkg_dir)
2609	return spawn(EBUILD_SH_BINARY+" "+mydo,mysettings,debug=debug,free=1,logfile=logfile)	2612	return spawn(EBUILD_SH_BINARY+" "+mydo,mysettings,debug=debug,free=1,logfile=logfile,iw_log=iw_log)
2610		2613
2611	try:	2614	try:
2612	mysettings["SLOT"],mysettings["RESTRICT"] = db["/"]["porttree"].dbapi.aux_get(mycpv,["SLOT","RESTRICT"])	2615	mysettings["SLOT"],mysettings["RESTRICT"] = db["/"]["porttree"].dbapi.aux_get(mycpv,["SLOT","RESTRICT"])
Lines 6442-6453 Link Here
6442	print ">>> Merging",self.mycpv,"to",destroot	6445	print ">>> Merging",self.mycpv,"to",destroot
6443		6446
6444	# run preinst script	6447	# run preinst script
		6448	preinst_log=None
		6449	if "installwatch" in features:
		6450	preinst_log=self.dbtmpdir+"/PREINST"
6445	if myebuild:	6451	if myebuild:
6446	# if we are merging a new ebuild, use its pre/postinst rather than using the one in /var/db/pkg	6452	# if we are merging a new ebuild, use its pre/postinst rather than using the one in /var/db/pkg
6447	# (if any).	6453	# (if any).
6448	a=doebuild(myebuild,"preinst",root,self.settings,cleanup=cleanup,use_cache=0)	6454	a=doebuild(myebuild,"preinst",root,self.settings,cleanup=cleanup,use_cache=0,iw_log=preinst_log)
6449	else:	6455	else:
6450	a=doebuild(inforoot+"/"+self.pkg+".ebuild","preinst",root,self.settings,cleanup=cleanup,use_cache=0)	6456	a=doebuild(inforoot+"/"+self.pkg+".ebuild","preinst",root,self.settings,cleanup=cleanup,use_cache=0,iw_log=preinst_log)
6451		6457
6452	# XXX: Decide how to handle failures here.	6458	# XXX: Decide how to handle failures here.
6453	if a != 0:	6459	if a != 0:
Lines 6528-6540 Link Here
6528	self.dbdir = self.dbtmpdir	6534	self.dbdir = self.dbtmpdir
6529	print ">>> original instance of package unmerged safely."	6535	print ">>> original instance of package unmerged safely."
6530		6536
6531	# We hold both directory locks.
6532	self.dbdir = self.dbpkgdir
6533	self.delete()
6534	movefile(self.dbtmpdir, self.dbpkgdir, mysettings=self.settings)
6535
6536	self.unlockdb()
6537
6538	#write out our collection of md5sums	6537	#write out our collection of md5sums
6539	if cfgfiledict.has_key("IGNORE"):	6538	if cfgfiledict.has_key("IGNORE"):
6540	del cfgfiledict["IGNORE"]	6539	del cfgfiledict["IGNORE"]
Lines 6559-6570 Link Here
6559	portage_locks.unlockfile(mylock)	6558	portage_locks.unlockfile(mylock)
6560		6559
6561	#do postinst script	6560	#do postinst script
		6561	postinst_log=None
		6562	if "installwatch" in features:
		6563	postinst_log=self.dbtmpdir+"/POSTINST"
6562	if myebuild:	6564	if myebuild:
6563	# if we are merging a new ebuild, use its pre/postinst rather than using the one in /var/db/pkg	6565	# if we are merging a new ebuild, use its pre/postinst rather than using the one in /var/db/pkg
6564	# (if any).	6566	# (if any).
6565	a=doebuild(myebuild,"postinst",root,self.settings,use_cache=0)	6567	a=doebuild(myebuild,"postinst",root,self.settings,use_cache=0,iw_log=postinst_log)
6566	else:	6568	else:
6567	a=doebuild(inforoot+"/"+self.pkg+".ebuild","postinst",root,self.settings,use_cache=0)	6569	a=doebuild(inforoot+"/"+self.pkg+".ebuild","postinst",root,self.settings,use_cache=0,iw_log=postinst_log)
		6570	if postinst_log:
		6571	import portage_installwatch
		6572	portage_installwatch.process_iw_log(preinst_log, preinst_log, root, " ")
		6573	portage_installwatch.remove_duplicates(self.dbtmpdir+"/CONTENTS", preinst_log)
		6574	portage_installwatch.process_iw_log(postinst_log, postinst_log, root, " ")
		6575	portage_installwatch.remove_duplicates(self.dbtmpdir+"/CONTENTS", postinst_log)
		6576
		6577
		6578	# We hold both directory locks.
		6579	self.dbdir = self.dbpkgdir
		6580	self.delete()
		6581	movefile(self.dbtmpdir, self.dbpkgdir, mysettings=self.settings)
		6582
		6583	self.unlockdb()
6568		6584
6569	# XXX: Decide how to handle failures here.	6585	# XXX: Decide how to handle failures here.
6570	if a != 0:	6586	if a != 0:




import errno
import os
import stat
import portage_checksum

def file_text_description(fullpath, root, delim):
	"""Create a string similar to portage CONTENTS format"""
	mystat=os.lstat(fullpath)
	mymode=mystat[stat.ST_MODE]
	mymtime=mystat[stat.ST_MTIME]
	
	path=fullpath
	if root!="/" and path[0:len(root)] == root:
		path=path[len(root)-1:]
	
	if stat.S_ISLNK(mymode):
		myto=os.readlink(fullpath)
		if root!="/" and myto[0:len(root)] == root:
			myto=myto[len(root)-1:]
		return "sym"+delim+path+delim+"->"+delim+myto+delim+str(mymtime)
	elif stat.S_ISDIR(mymode):
		return "dir"+delim+path
	elif stat.S_ISREG(mymode):
		mymd5=portage_checksum.perform_md5(fullpath,calc_prelink=1)
		return "obj"+delim+path+delim+mymd5+delim+str(mymtime)
	elif stat.S_ISFIFO(mymode):
		return "fif"+delim+path
	else:
		return "unk"+delim+path

def process_iw_log(sandbox_debug_file, output_file, root, delim):
	"""Convert sandbox_debug_file to Portage CONTENTS format.
	The output_file can be the same file as the input sandbox_debug_file
	The output_file will be automatically removed if there is no output
	Returns 0 on success, 1 if the input file does not exist or there is no output"""
	try:
		infile=open(sandbox_debug_file,"r")
	except EnvironmentError, e:
		if e.errno == errno.ENOENT:
			return 1
		else:
			raise e
	possible_file_creation=[
		"open_wr",
		"creat",
		"creat64",
		"mkdir",
		"mknod",
		"mkfifo",
		"link",
		"symlink",
		"rename"
	]

	unique_files=[]
	try:
		for line in infile:
			for prefix in possible_file_creation:
				if line.startswith(prefix):
					fullpath=line[11:-1]
					if fullpath not in unique_files:
						unique_files.append(fullpath)
					break
	except StopIteration, si:
		pass
	infile.close()

	unique_files.sort()
	outfile=open(output_file,"w")
	ignore_list=["/dev/null","/dev/tty"]
	for fullpath in unique_files:
		if fullpath not in ignore_list:
			try:
				outfile.write(file_text_description(fullpath, root, delim)+"\n")
			except EnvironmentError, e:
				if e.errno == errno.ENOENT:
					# These files don't necessarily exist
					pass
				else:
					raise e
	outfile.flush()
	outfile.close()

	if os.path.getsize(output_file)==0:
		os.unlink(output_file);
		return 1

	return 0

def read_contents(contents_file_path):
	"""Read a portage CONTENTS file and return a list of files"""
	files=[]
	myc=open(contents_file_path,"r")
	mylines=myc.readlines()
	myc.close()
	for line in mylines:
		mydat = line.split()
		files.append(mydat[1])
	return files

def remove_duplicates(primary, secondary):
	"""remove lines from secondary which alread occur in primary
	The secondary will be automatically removed if it contains no unique files
	Return 0 upon success or 1 if secodary does not exist"""
	infile=None
	try:
		infile=open(secondary,"r")
	except EnvironmentError, e:
		if e.errno == errno.ENOENT:
			return 1
		else:
			raise e
	secondary_lines=infile.readlines()
	infile.close()
	primary_files=read_contents(primary)
	
	outfile=open(secondary,"w")
	for line in secondary_lines:
		mydat = line.split()
		if mydat[1] not in primary_files:
			# line already ends with \n
			outfile.write(line)
	outfile.close()
	
	if os.path.getsize(secondary)==0:
		os.unlink(secondary);
	
	return 0

Return to bug 90343

Lines 1123-1134 Link Here

(-)portage-2.0.51.21/bin/ebuild.sh (-1 / +20 lines)
1123	trap SIGINT SIGQUIT	1123	trap SIGINT SIGQUIT
1124	}	1124	}
1125		1125
		1126	iw_begin() {
		1127	export SANDBOX_DENY=""
		1128	export SANDBOX_READ="/"
		1129	export SANDBOX_WRITE="/"
		1130	export SANDBOX_PREDICT=""
		1131	export SANDBOX_DEBUG="1"
		1132	export SANDBOX_DEBUG_LOG="$INSTALLWATCHFILE"
		1133	export SANDBOX_ACTIVE="armedandready"
		1134	export SANDBOX_ON="1"
		1135	}
		1136
		1137	iw_end() {
		1138	export SANDBOX_ON="0"
		1139	unset LD_PRELOAD SANDBOX_ACTIVE INSTALLWATCHFILE
		1140	}
		1141
1126	dyn_preinst() {	1142	dyn_preinst() {
1127	# set IMAGE depending if this is a binary or compile merge	1143	# set IMAGE depending if this is a binary or compile merge
1128	[ "${EMERGE_FROM}" == "binary" ] && IMAGE=${PKG_TMPDIR}/${PF}/bin \	1144	[ "${EMERGE_FROM}" == "binary" ] && IMAGE=${PKG_TMPDIR}/${PF}/bin \
1129	\|\| IMAGE=${D}	1145	\|\| IMAGE=${D}
1130		1146	[ -n "$INSTALLWATCHFILE" ] && iw_begin
1131	pkg_preinst	1147	pkg_preinst
		1148	[ -n "$INSTALLWATCHFILE" ] && iw_end
1132		1149
1133	# hopefully this will someday allow us to get rid of the no* feature flags	1150	# hopefully this will someday allow us to get rid of the no* feature flags
1134	# we don't want globbing for initial expansion, but afterwards, we do	1151	# we don't want globbing for initial expansion, but afterwards, we do
Lines 1752-1757 Link Here
1752	;;	1769	;;
1753	prerm\|postrm\|postinst\|config)	1770	prerm\|postrm\|postinst\|config)
1754	export SANDBOX_ON="0"	1771	export SANDBOX_ON="0"
		1772	[ -n "$INSTALLWATCHFILE" ] && iw_begin
1755	if [ "$PORTAGE_DEBUG" != "1" ]; then	1773	if [ "$PORTAGE_DEBUG" != "1" ]; then
1756	pkg_${myarg}	1774	pkg_${myarg}
1757	#Allow non-zero return codes since they can be caused by &&	1775	#Allow non-zero return codes since they can be caused by &&
Lines 1761-1766 Link Here
1761	#Allow non-zero return codes since they can be caused by &&	1779	#Allow non-zero return codes since they can be caused by &&
1762	set +x	1780	set +x
1763	fi	1781	fi
		1782	[ -n "$INSTALLWATCHFILE" ] && iw_end
1764	;;	1783	;;
1765	unpack\|compile\|test\|clean\|install)	1784	unpack\|compile\|test\|clean\|install)
1766	if [ "${SANDBOX_DISABLED="0"}" == "0" ]; then	1785	if [ "${SANDBOX_DISABLED="0"}" == "0" ]; then

Line 0 Link Here

(-)portage-2.0.51.21/pym/portage_installwatch.py (+128 lines)
		1	import errno
		2	import os
		3	import stat
		4	import portage_checksum
		5
		6	def file_text_description(fullpath, root, delim):
		7	"""Create a string similar to portage CONTENTS format"""
		8	mystat=os.lstat(fullpath)
		9	mymode=mystat[stat.ST_MODE]
		10	mymtime=mystat[stat.ST_MTIME]
		11
		12	path=fullpath
		13	if root!="/" and path[0:len(root)] == root:
		14	path=path[len(root)-1:]
		15
		16	if stat.S_ISLNK(mymode):
		17	myto=os.readlink(fullpath)
		18	if root!="/" and myto[0:len(root)] == root:
		19	myto=myto[len(root)-1:]
		20	return "sym"+delim+path+delim+"->"+delim+myto+delim+str(mymtime)
		21	elif stat.S_ISDIR(mymode):
		22	return "dir"+delim+path
		23	elif stat.S_ISREG(mymode):
		24	mymd5=portage_checksum.perform_md5(fullpath,calc_prelink=1)
		25	return "obj"+delim+path+delim+mymd5+delim+str(mymtime)
		26	elif stat.S_ISFIFO(mymode):
		27	return "fif"+delim+path
		28	else:
		29	return "unk"+delim+path
		30
		31	def process_iw_log(sandbox_debug_file, output_file, root, delim):
		32	"""Convert sandbox_debug_file to Portage CONTENTS format.
		33	The output_file can be the same file as the input sandbox_debug_file
		34	The output_file will be automatically removed if there is no output
		35	Returns 0 on success, 1 if the input file does not exist or there is no output"""
		36	try:
		37	infile=open(sandbox_debug_file,"r")
		38	except EnvironmentError, e:
		39	if e.errno == errno.ENOENT:
		40	return 1
		41	else:
		42	raise e
		43	possible_file_creation=[
		44	"open_wr",
		45	"creat",
		46	"creat64",
		47	"mkdir",
		48	"mknod",
		49	"mkfifo",
		50	"link",
		51	"symlink",
		52	"rename"
		53	]
		54
		55	unique_files=[]
		56	try:
		57	for line in infile:
		58	for prefix in possible_file_creation:
		59	if line.startswith(prefix):
		60	fullpath=line[11:-1]
		61	if fullpath not in unique_files:
		62	unique_files.append(fullpath)
		63	break
		64	except StopIteration, si:
65	pass
66	infile.close()
67
68	unique_files.sort()
69	outfile=open(output_file,"w")
70	ignore_list=["/dev/null","/dev/tty"]
71	for fullpath in unique_files:
72	if fullpath not in ignore_list:
73	try:
74	outfile.write(file_text_description(fullpath, root, delim)+"\n")
75	except EnvironmentError, e:
76	if e.errno == errno.ENOENT:
77	# These files don't necessarily exist
78	pass
79	else:
80	raise e
81	outfile.flush()
82	outfile.close()
83
84	if os.path.getsize(output_file)==0:
85	os.unlink(output_file);
86	return 1
87
88	return 0
89
90	def read_contents(contents_file_path):
91	"""Read a portage CONTENTS file and return a list of files"""
92	files=[]
93	myc=open(contents_file_path,"r")
94	mylines=myc.readlines()
95	myc.close()
96	for line in mylines:
97	mydat = line.split()
98	files.append(mydat[1])
99	return files
100
101	def remove_duplicates(primary, secondary):
102	"""remove lines from secondary which alread occur in primary
103	The secondary will be automatically removed if it contains no unique files
104	Return 0 upon success or 1 if secodary does not exist"""
105	infile=None
106	try:
107	infile=open(secondary,"r")
108	except EnvironmentError, e:
109	if e.errno == errno.ENOENT:
110	return 1
111	else:
112	raise e
113	secondary_lines=infile.readlines()
114	infile.close()
115	primary_files=read_contents(primary)
116
117	outfile=open(secondary,"w")
118	for line in secondary_lines:
119	mydat = line.split()
120	if mydat[1] not in primary_files:
121	# line already ends with \n
122	outfile.write(line)
123	outfile.close()
124
125	if os.path.getsize(secondary)==0:
126	os.unlink(secondary);
127
128	return 0