commit: 49896208f618817f83cfe9cd9a4a1afc87ac0f4a Author: Zac Medico <zmedico <AT> gentoo <DOT> org> AuthorDate: Tue Sep 9 20:29:30 2014 +0000 Commit: Zac Medico <zmedico <AT> gentoo <DOT> org> CommitDate: Wed Oct 22 23:25:39 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=49896208
Remove g+w bit from $T for TPE bug #519566 Grant permissions to the portage user instead of the group, in order to avoid TPE complaints about the g+w bit. X-Gentoo-Bug: 519566 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=519566 --- pym/portage/package/ebuild/doebuild.py | 7 ++++--- pym/portage/package/ebuild/prepare_build_dirs.py | 9 ++------- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/pym/portage/package/ebuild/doebuild.py b/pym/portage/package/ebuild/doebuild.py index 9516173..28d4f47 100644 --- a/pym/portage/package/ebuild/doebuild.py +++ b/pym/portage/package/ebuild/doebuild.py @@ -1488,7 +1488,7 @@ def spawn(mystring, mysettings, debug=False, free=False, droppriv=False, "uid": portage_uid, "gid": portage_gid, "groups": userpriv_groups, - "umask": 0o02 + "umask": 0o22 }) # Adjust pty ownership so that subprocesses @@ -1646,8 +1646,9 @@ def _post_phase_userpriv_perms(mysettings): """ Privileged phases may have left files that need to be made writable to a less privileged user.""" apply_recursive_permissions(mysettings["T"], - uid=portage_uid, gid=portage_gid, dirmode=0o70, dirmask=0, - filemode=0o60, filemask=0) + uid=portage_uid, gid=portage_gid, dirmode=0o700, dirmask=0, + filemode=0o600, filemask=0) + def _check_build_log(mysettings, out=None): """ diff --git a/pym/portage/package/ebuild/prepare_build_dirs.py b/pym/portage/package/ebuild/prepare_build_dirs.py index 6782160..ce54fdf 100644 --- a/pym/portage/package/ebuild/prepare_build_dirs.py +++ b/pym/portage/package/ebuild/prepare_build_dirs.py @@ -76,17 +76,12 @@ def prepare_build_dirs(myroot=None, settings=None, cleanup=False): ensure_dirs(mydir) try: apply_secpass_permissions(mydir, - gid=portage_gid, uid=portage_uid, mode=0o70, mask=0) + gid=portage_gid, uid=portage_uid, mode=0o700, mask=0) except PortageException: if not os.path.isdir(mydir): raise for dir_key in ("PORTAGE_BUILDDIR", "HOME", "PKG_LOGDIR", "T"): - """These directories don't necessarily need to be group writable. - However, the setup phase is commonly run as a privileged user prior - to the other phases being run by an unprivileged user. Currently, - we use the portage group to ensure that the unprivleged user still - has write access to these directories in any case.""" - ensure_dirs(mysettings[dir_key], mode=0o775) + ensure_dirs(mysettings[dir_key], mode=0o755) apply_secpass_permissions(mysettings[dir_key], uid=portage_uid, gid=portage_gid) except PermissionDenied as e: