[gentoo-commits] proj/portage:master commit in: pym/portage/, bin/
commit: c01fdd27473a76d1c8b6edb1b9dfb2c29645b1c2 Author: Zac Medico gentoo org> AuthorDate: Thu Feb 22 02:44:06 2018 + Commit: Zac Medico gentoo org> CommitDate: Thu Feb 22 17:30:27 2018 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=c01fdd27 emerge/ebuild: sanitize file descriptors on startup In order to ensure that any unintentionally inherited file descriptors will not be inherited by child processes, set the inheritable flag to False on startup, except for those corresponding to stdin, stdout, and stderr. This mitigates potential problems that might result from making the portage.process.spawn close_fds parameter default to False for versions of python with PEP 446 support. Bug: https://bugs.gentoo.org/648432 bin/ebuild | 2 ++ bin/emerge | 1 + pym/portage/process.py | 24 3 files changed, 27 insertions(+) diff --git a/bin/ebuild b/bin/ebuild index bda746f78..b1ef0573b 100755 --- a/bin/ebuild +++ b/bin/ebuild @@ -58,6 +58,8 @@ import portage.util from _emerge.Package import Package from _emerge.RootConfig import RootConfig +portage.process.sanitize_fds() + description = "See the ebuild(1) man page for more info" usage = "Usage: ebuild [command] ..." parser = argparse.ArgumentParser(description=description, usage=usage) diff --git a/bin/emerge b/bin/emerge index 43cfdcddb..5f08861e5 100755 --- a/bin/emerge +++ b/bin/emerge @@ -46,6 +46,7 @@ try: if __name__ == "__main__": from portage.exception import IsADirectory, ParseError, \ PermissionDenied + portage.process.sanitize_fds() try: retval = emerge_main() except PermissionDenied as e: diff --git a/pym/portage/process.py b/pym/portage/process.py index 4d96f156e..2af783e22 100644 --- a/pym/portage/process.py +++ b/pym/portage/process.py @@ -91,6 +91,30 @@ sandbox_capable = (os.path.isfile(SANDBOX_BINARY) and fakeroot_capable = (os.path.isfile(FAKEROOT_BINARY) and os.access(FAKEROOT_BINARY, os.X_OK)) + +def sanitize_fds(): + """ + Set the inheritable flag to False for all open file descriptors, + except for those corresponding to stdin, stdout, and stderr. This + ensures that any unintentionally inherited file descriptors will + not be inherited by child processes. + """ + if _set_inheritable is not None: + + whitelist = frozenset([ + sys.__stdin__.fileno(), + sys.__stdout__.fileno(), + sys.__stderr__.fileno(), + ]) + + for fd in get_open_fds(): + if fd not in whitelist: + try: + _set_inheritable(fd, False) + except OSError: + pass + + def spawn_bash(mycommand, debug=False, opt_name=None, **keywords): """ Spawns a bash shell running a specific commands
[gentoo-commits] proj/portage:master commit in: pym/portage/, bin/, pym/portage/dbapi/
commit: 3ffdbbe06fab5f3c60d03a77f5a2d08cb94b1869 Author: Arfrever Frehtes Taifersar Arahesis Apache Org> AuthorDate: Mon Nov 30 23:06:18 2015 + Commit: Arfrever Frehtes Taifersar Arahesis apache org> CommitDate: Mon Nov 30 23:06:18 2015 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=3ffdbbe0 ebuild: Do not catch unexpected KeyErrors from aux_get(). bin/ebuild| 5 +++-- pym/portage/dbapi/porttree.py | 20 ++-- pym/portage/exception.py | 5 - 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/bin/ebuild b/bin/ebuild index 59fced0..ed1231f 100755 --- a/bin/ebuild +++ b/bin/ebuild @@ -1,5 +1,5 @@ #!/usr/bin/python -bO -# Copyright 1999-2014 Gentoo Foundation +# Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 from __future__ import print_function @@ -49,6 +49,7 @@ from portage import _shell_quote from portage import _unicode_decode from portage import _unicode_encode from portage.const import VDB_PATH +from portage.exception import PortageKeyError from _emerge.Package import Package from _emerge.RootConfig import RootConfig @@ -273,7 +274,7 @@ try: metadata = dict(zip(Package.metadata_keys, portage.db[portage.settings['EROOT']][mytree].dbapi.aux_get( cpv, Package.metadata_keys, myrepo=myrepo))) -except KeyError: +except PortageKeyError: # aux_get failure, message should have been shown on stderr. sys.exit(1) diff --git a/pym/portage/dbapi/porttree.py b/pym/portage/dbapi/porttree.py index a954de5..23f3169 100644 --- a/pym/portage/dbapi/porttree.py +++ b/pym/portage/dbapi/porttree.py @@ -1,4 +1,4 @@ -# Copyright 1998-2014 Gentoo Foundation +# Copyright 1998-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 from __future__ import unicode_literals @@ -23,7 +23,7 @@ from portage.cache import volatile from portage.cache.cache_errors import CacheError from portage.cache.mappings import Mapping from portage.dbapi import dbapi -from portage.exception import PortageException, \ +from portage.exception import PortageException, PortageKeyError, \ FileNotFound, InvalidAtom, InvalidData, \ InvalidDependString, InvalidPackageName from portage.localization import _ @@ -435,7 +435,7 @@ class portdbapi(dbapi): writemsg(_("!!! aux_get(): ebuild for " \ "'%s' does not exist at:\n") % (cpv,), noiselevel=-1) writemsg("!!!%s\n" % ebuild_path, noiselevel=-1) - raise KeyError(cpv) + raise PortageKeyError(cpv) # Pull pre-generated metadata from the metadata/cache/ # directory if it exists and is valid, otherwise fall @@ -481,12 +481,12 @@ class portdbapi(dbapi): def aux_get(self, mycpv, mylist, mytree=None, myrepo=None): "stub code for returning auxilliary db information, such as SLOT, DEPEND, etc." 'input: "sys-apps/foo-1.0",["SLOT","DEPEND","HOMEPAGE"]' - 'return: ["0",">=sys-libs/bar-1.0","http://www.foo.com;] or raise KeyError if error' + 'return: ["0",">=sys-libs/bar-1.0","http://www.foo.com;] or raise PortageKeyError if error' cache_me = False if myrepo is not None: mytree = self.treemap.get(myrepo) if mytree is None: - raise KeyError(myrepo) + raise PortageKeyError(myrepo) if mytree is not None and len(self.porttrees) == 1 \ and mytree == self.porttrees[0]: @@ -507,22 +507,22 @@ class portdbapi(dbapi): try: cat, pkg = mycpv.split("/", 1) except ValueError: - # Missing slash. Can't find ebuild so raise KeyError. - raise KeyError(mycpv) + # Missing slash. Can't find ebuild so raise PortageKeyError. + raise PortageKeyError(mycpv) myebuild, mylocation = self.findname2(mycpv, mytree) if not myebuild: writemsg("!!! aux_get(): %s\n" % \ _("ebuild not found for '%s'") % mycpv, noiselevel=1) - raise KeyError(mycpv) + raise PortageKeyError(mycpv) mydata, ebuild_hash = self._pull_valid_cache(mycpv, myebuild, mylocation) doregen = mydata is None if doregen: if myebuild in self._broken_ebuilds: - raise KeyError(mycpv) + raise PortageKeyError(mycpv) proc = EbuildMetadataPhase(cpv=mycpv,
[gentoo-commits] proj/portage:master commit in: pym/portage/, bin/, pym/portage/util/
commit: b7baeeec3ab6d1e944a2d1f9ab5d4d6ccebd97e8 Author: Zac Medico gentoo org> AuthorDate: Fri Oct 2 07:09:31 2015 + Commit: Zac Medico gentoo org> CommitDate: Sat Oct 3 17:03:33 2015 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=b7baeeec unpack: use chmod-lite helper for bug 554084 Use the apply_recursive_permissions function to minimize the number of chmod calls. Also, fix an UnboundLocalError triggered in portage.data._get_global by chmod-lite. X-Gentoo-Bug: 554084 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=554084 Acked-by: Brian Dolbec gentoo.org> bin/chmod-lite | 10 + bin/chmod-lite.py| 30 ++ bin/phase-helpers.sh | 2 +- pym/portage/data.py | 2 +- pym/portage/util/__init__.py | 93 5 files changed, 92 insertions(+), 45 deletions(-) diff --git a/bin/chmod-lite b/bin/chmod-lite new file mode 100755 index 000..ffa8d4d --- /dev/null +++ b/bin/chmod-lite @@ -0,0 +1,10 @@ +#!/bin/bash +# Copyright 2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +export __PORTAGE_HELPER_CWD=${PWD} + +# Use safe cwd, avoiding unsafe import for bug #469338. +cd "${PORTAGE_PYM_PATH}" || exit 1 +PYTHONPATH=${PORTAGE_PYTHONPATH:-${PORTAGE_PYM_PATH}} \ + exec "${PORTAGE_PYTHON:-/usr/bin/python}" "$PORTAGE_BIN_PATH/chmod-lite.py" "$@" diff --git a/bin/chmod-lite.py b/bin/chmod-lite.py new file mode 100755 index 000..177be7e --- /dev/null +++ b/bin/chmod-lite.py @@ -0,0 +1,30 @@ +#!/usr/bin/python -b +# Copyright 2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +import os +import sys + +from portage.util import apply_recursive_permissions + +# Change back to original cwd _after_ all imports (bug #469338). +os.chdir(os.environ["__PORTAGE_HELPER_CWD"]) + +def main(files): + + if sys.hexversion >= 0x300: + # We can't trust that the filesystem encoding (locale dependent) + # correctly matches the arguments, so use surrogateescape to + # pass through the original argv bytes for Python 3. + fs_encoding = sys.getfilesystemencoding() + files = [x.encode(fs_encoding, 'surrogateescape') for x in files] + + for filename in files: + # Emulate 'chmod -fR a+rX,u+w,g-w,o-w' with minimal chmod calls. + apply_recursive_permissions(filename, filemode=0o644, + filemask=0o022, dirmode=0o755, dirmask=0o022) + + return os.EX_OK + +if __name__ == "__main__": + sys.exit(main(sys.argv[1:])) diff --git a/bin/phase-helpers.sh b/bin/phase-helpers.sh index efd2cfa..0c25ffe 100644 --- a/bin/phase-helpers.sh +++ b/bin/phase-helpers.sh @@ -532,7 +532,7 @@ unpack() { # Do not chmod '.' since it's probably ${WORKDIR} and PORTAGE_WORKDIR_MODE # should be preserved. find . -mindepth 1 -maxdepth 1 ! -type l -print0 | \ - ${XARGS} -0 chmod -fR a+rX,u+w,g-w,o-w + ${XARGS} -0 "${PORTAGE_BIN_PATH}/chmod-lite" } econf() { diff --git a/pym/portage/data.py b/pym/portage/data.py index 2fd287d..2c99548 100644 --- a/pym/portage/data.py +++ b/pym/portage/data.py @@ -139,7 +139,7 @@ def _get_global(k): v = 2 elif unprivileged: v = 2 - elif portage_gid in os.getgroups(): + elif _get_global('portage_gid') in os.getgroups(): v = 1 elif k in ('portage_gid', 'portage_uid'): diff --git a/pym/portage/util/__init__.py b/pym/portage/util/__init__.py index c0b509b..2b7ff8d 100644 --- a/pym/portage/util/__init__.py +++ b/pym/portage/util/__init__.py @@ -17,9 +17,9 @@ from copy import deepcopy import errno import io try: - from itertools import filterfalse + from itertools import chain, filterfalse except ImportError: - from itertools import ifilterfalse as filterfalse + from itertools import chain, ifilterfalse as filterfalse import logging import re import shlex @@ -1041,6 +1041,23 @@ def unique_everseen(iterable, key=None): seen_add(k) yield element +def _do_stat(filename, follow_links=True): + try: + if follow_links: + return os.stat(filename) + else: + return os.lstat(filename) + except OSError as oe: + func_call = "stat('%s')" % filename + if oe.errno == errno.EPERM: + raise OperationNotPermitted(func_call) + elif oe.errno == errno.EACCES: + raise PermissionDenied(func_call) + elif oe.errno == errno.ENOENT: + raise FileNotFound(filename) + else: +
[gentoo-commits] proj/portage:master commit in: pym/portage/, bin/
commit: f9a2d7025e22f5e1711f39c4740a020f6f0d2c8f Author: Zac Medico zmedico AT gentoo DOT org AuthorDate: Wed Apr 1 22:27:42 2015 + Commit: Zac Medico zmedico AT gentoo DOT org CommitDate: Wed Apr 1 23:14:52 2015 + URL:https://gitweb.gentoo.org/proj/portage.git/commit/?id=f9a2d702 dispatch-conf: fix unicode handling (bug 545270) This avoids UnicodeDecodeError problems by using UTF-8 encoding regardless of the locale. X-Gentoo-Bug: 545270 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=545270 bin/dispatch-conf| 9 + pym/portage/dispatch_conf.py | 4 +--- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/bin/dispatch-conf b/bin/dispatch-conf index b679910..678a66d 100755 --- a/bin/dispatch-conf +++ b/bin/dispatch-conf @@ -11,12 +11,11 @@ # dialog menus # -from __future__ import print_function +from __future__ import print_function, unicode_literals import atexit import io import re -import shutil import sys from stat import ST_GID, ST_MODE, ST_UID @@ -27,7 +26,7 @@ if osp.isfile(osp.join(osp.dirname(osp.dirname(osp.realpath(__file__))), .porta sys.path.insert(0, osp.join(osp.dirname(osp.dirname(osp.realpath(__file__))), pym)) import portage portage._internal_caller = True -from portage import os +from portage import os, shutil from portage import _encodings, _unicode_decode from portage.dispatch_conf import diffstatusoutput, diff_mixed_wrapper from portage.process import find_binary, spawn @@ -403,7 +402,9 @@ class dispatch: newconfigs.sort () for nconf in newconfigs: -nconf = nconf.rstrip () +# Use strict mode here, because we want to know if it fails, +# and portage only merges files with valid UTF-8 encoding. +nconf = _unicode_decode(nconf, errors='strict').rstrip() conf = re.sub (r'\._cfg\d+_', '', nconf) dirname = os.path.dirname(nconf) conf_map = { diff --git a/pym/portage/dispatch_conf.py b/pym/portage/dispatch_conf.py index 790eacb..98939fd 100644 --- a/pym/portage/dispatch_conf.py +++ b/pym/portage/dispatch_conf.py @@ -10,15 +10,13 @@ from __future__ import print_function, unicode_literals import io import functools -import os -import shutil import stat import subprocess import sys import tempfile import portage -from portage import _encodings +from portage import _encodings, os, shutil from portage.env.loaders import KeyValuePairFileLoader from portage.localization import _ from portage.util import shlex_split, varexpand
[gentoo-commits] proj/portage:master commit in: pym/portage/, bin/
commit: f17448317166bfac42dc279b8795cd581c189582 Author: Zac Medico zmedico AT gentoo DOT org AuthorDate: Sun Oct 26 09:49:02 2014 + Commit: Zac Medico zmedico AT gentoo DOT org CommitDate: Sun Nov 2 23:19:46 2014 + URL: http://sources.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=f1744831 dispatch-conf: symlink support for bug #485598 This includes numerous logic adjustments that are needed to support protected symlinks. The new diff_mixed function is used for diffs between arbitrary file types. For example, a diff between two symlinks looks like this: -SYM: /foo/bar - baz +SYM: /foo/bar - blah X-Gentoo-Bug: 485598 X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=485598 --- bin/dispatch-conf| 45 - pym/portage/dispatch_conf.py | 157 +-- 2 files changed, 164 insertions(+), 38 deletions(-) diff --git a/bin/dispatch-conf b/bin/dispatch-conf index 6d2ae94..8058d6f 100755 --- a/bin/dispatch-conf +++ b/bin/dispatch-conf @@ -13,17 +13,23 @@ from __future__ import print_function +import atexit +import io +import re +import shutil +import sys + from stat import ST_GID, ST_MODE, ST_UID from random import random -import atexit, re, shutil, stat, sys + from os import path as osp if osp.isfile(osp.join(osp.dirname(osp.dirname(osp.realpath(__file__))), .portage_not_installed)): sys.path.insert(0, osp.join(osp.dirname(osp.dirname(osp.realpath(__file__))), pym)) import portage portage._internal_caller = True from portage import os -from portage import _unicode_decode -from portage.dispatch_conf import diffstatusoutput +from portage import _encodings, _unicode_decode +from portage.dispatch_conf import diffstatusoutput, diff_mixed_wrapper from portage.process import find_binary, spawn FIND_EXTANT_CONFIGS = find '%s' %s -name '._cfg_%s' ! -name '.*~' ! -iname '.*.bak' -print @@ -72,6 +78,8 @@ def cmd_var_is_valid(cmd): return find_binary(cmd[0]) is not None +diff = diff_mixed_wrapper(diffstatusoutput, DIFF_CONTENTS) + class dispatch: options = {} @@ -89,8 +97,6 @@ class dispatch: or not os.path.exists(self.options[log-file]): open(self.options[log-file], 'w').close() # Truncate it os.chmod(self.options[log-file], 0o600) -else: -self.options[log-file] = /dev/null pager = self.options.get(pager) if pager is None or not cmd_var_is_valid(pager): @@ -148,9 +154,6 @@ class dispatch: portage.util.shlex_split( portage.settings.get('CONFIG_PROTECT_MASK', ''))) -def diff(file1, file2): -return diffstatusoutput(DIFF_CONTENTS, file1, file2) - # # Remove new configs identical to current # and @@ -166,7 +169,7 @@ class dispatch: mrgfail = portage.dispatch_conf.rcs_archive(archive, conf['current'], conf['new'], mrgconf) else: mrgfail = portage.dispatch_conf.file_archive(archive, conf['current'], conf['new'], mrgconf) -if os.path.exists(archive + '.dist'): +if os.path.lexists(archive + '.dist'): unmodified = len(diff(conf['current'], archive + '.dist')[1]) == 0 else: unmodified = 0 @@ -181,7 +184,7 @@ class dispatch: if newconf == mrgconf and \ self.options.get('ignore-previously-merged') != 'yes' and \ -os.path.exists(archive+'.dist') and \ +os.path.lexists(archive+'.dist') and \ len(diff(archive+'.dist', conf['new'])[1]) == 0: # The current update is identical to the archived .dist # version that has previously been merged. @@ -254,6 +257,13 @@ class dispatch: valid_input = qhtnmlezu +def diff_pager(file1, file2): +cmd = self.options['diff'] % (file1, file2) +cmd += pager +spawn_shell(cmd) + +diff_pager = diff_mixed_wrapper(diff_pager) + for conf in confs: count = count + 1 @@ -266,14 +276,10 @@ class dispatch: while 1: clear_screen() if show_new_diff: -cmd = self.options['diff'] % (conf['new'], mrgconf) -cmd += pager -spawn_shell(cmd) +diff_pager(conf['new'], mrgconf) show_new_diff = 0 else: -cmd = self.options['diff'] % (conf['current'], newconf) -cmd += pager -spawn_shell(cmd) +diff_pager(conf['current'], newconf) print() print(' (%i of %i) -- %s' % (count, len(confs), conf ['current'])) @@ -357,7 +363,12 @@ class dispatch: def replace (self, newconf, curconf): Replace current config